Daily Ruleset Update Summary 2018/09/17

[***]            Summary:            [***]

31 new Pro. Win32/ZeroEvil Stealer, Various Mobile, Various Phishing.

[+++]          Added rules:          [+++]

2832621 - ETPRO TROJAN Win32/ZeroEvil Stealer CnC Checkin (trojan.rules)
2832622 - ETPRO CURRENT_EVENTS Invoke Obfuscated PowerShell Inbound 2018-09-17 (current_events.rules)
2832623 - ETPRO SCAN Internal Machine Scanning VNC - Outbound Traffic (scan.rules)
2832624 - ETPRO SCAN Potential VNC Scanning - Inbound Traffic (scan.rules)
2832625 - ETPRO MALWARE Observed Malicious SSL Cert (Win32/Downloader.Agent.BH CnC Domain) (malware.rules)
2832626 - ETPRO CURRENT_EVENTS Successful Netflix Phish 2018-09-17 (current_events.rules)
2832627 - ETPRO MALWARE Observed Malicious SSL Cert (Win32/Downloader.Agent.BH CnC Domain) (malware.rules)
2832628 - ETPRO CURRENT_EVENTS Successful Gumtree Credit Card Information Phish 2018-09-17 (current_events.rules)
2832629 - ETPRO CURRENT_EVENTS Successful Generic VBV 3D Secure Phish 2018-09-17 M1 (current_events.rules)
2832630 - ETPRO CURRENT_EVENTS Successful Generic VBV 3D Secure Phish 2018-09-17 M2 (current_events.rules)
2832631 - ETPRO CURRENT_EVENTS Successful Fedex Phish 2018-09-17 (current_events.rules)
2832632 - ETPRO CURRENT_EVENTS MalDoc Requesting Ursnif Payload 2018-09-17 (current_events.rules)
2832633 - ETPRO CURRENT_EVENTS Successful ABSA Phish 2018-09-17 (current_events.rules)
2832634 - ETPRO CURRENT_EVENTS Successful Adobe Phish 2018-09-17 (current_events.rules)
2832635 - ETPRO CURRENT_EVENTS Successful Chase Phish 2018-09-17 (current_events.rules)
2832636 - ETPRO USER_AGENTS Suspicious UA (sjd32DSKJF9Ssf) (user_agents.rules)
2832637 - ETPRO INFO External IP Lookup Domain (ww2 .58qn .com) (info.rules)
2832638 - ETPRO MOBILE_MALWARE Trojan-Downloader.AndroidOS.Agent.fj Checkin (mobile_malware.rules)
2832639 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (CoinHive Mining Domain) (current_events.rules)
2832640 - ETPRO MOBILE_MALWARE Android/Triada.IHM Checkin (mobile_malware.rules)
2832641 - ETPRO MOBILE_MALWARE Android/Triada.IHM Checkin 2 (mobile_malware.rules)
2832642 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-09-17 1) (trojan.rules)
2832643 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-09-17 2) (trojan.rules)
2832644 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-09-17 3) (trojan.rules)
2832645 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-09-17 4) (trojan.rules)
2832646 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-09-17 5) (trojan.rules)
2832647 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-09-17 6) (trojan.rules)
2832648 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-09-17 7) (trojan.rules)
2832649 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-09-17 8) (trojan.rules)
2832650 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-09-17 9) (trojan.rules)
2832651 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-09-17 10) (trojan.rules)

[///]     Modified active rules:     [///]

2025638 - ET TROJAN [eSentire] Win32/GandCrab v4 Ransomware CnC Activity (trojan.rules)
2026040 - ET TROJAN CobaltStrike DNS Beacon Response (trojan.rules)
2812067 - ETPRO TROJAN SOGU DNS CnC Channel TXT Lookup (trojan.rules)
2823937 - ETPRO CURRENT_EVENTS Successful Generic Phish (302) Dec 16 2016 (current_events.rules)
2832428 - ETPRO CURRENT_EVENTS Invoke Obfuscated PowerShell Inbound 2018-09-03 (current_events.rules)
2832506 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-09-10 2) (trojan.rules)
2832515 - ETPRO MALWARE Observed Malicious SSL Cert (Win32/Downloader.Agent.BH CnC Domain) (malware.rules)
2832516 - ETPRO MALWARE Observed Malicious SSL Cert (Win32/Downloader.Agent.BH CnC Domain) (malware.rules)
2832606 - ETPRO TROJAN Parasite/Spytector PWS FTP Exfil (trojan.rules)
2832612 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information Phish 2018-09-14 (current_events.rules)

Date: 
Monday, September 17, 2018 - 00:00