Daily Ruleset Update Summary 2018/09/27

[***]            Summary:            [***]

5 new Open, 27 new Pro (5 + 22). DNS Tunneling, Ursnif, Remcos, Various Phish.

[+++]          Added rules:          [+++]

Open:

2026416 - ET TROJAN Suspected DNS2TCP Auth (trojan.rules)
2026417 - ET TROJAN Suspected DNS2TCP Connect (trojan.rules)
2026418 - ET TROJAN Suspected fraud-bridge DNS Tunnel (trojan.rules)
2026419 - ET CURRENT_EVENTS Generic MRxJoker Phishing Landing 2018-09-27 (current_events.rules)
2026420 - ET INFO Generic 000webhostapp.com POST 2018-09-27 (set) (info.rules)

Pro:

2832827 - ETPRO MALWARE WebSearchy Browser Hijack Activity (malware.rules)
2832828 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (Malicious VBS DL 2018-09-27) (current_events.rules)
2832829 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL 2018-09-27) (current_events.rules)
2832830 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC) (trojan.rules)
2832831 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (Ursnif DL 2018-09-27) (current_events.rules)
2832832 - ETPRO TROJAN Observed Malicious SSL Cert (Meterpreter CnC) (trojan.rules)
2832833 - ETPRO TROJAN Observed Malicious SSL Cert (Cobalt Strike CnC) (trojan.rules)
2832834 - ETPRO CURRENT_EVENTS Successful ANZ Phish 2018-09-27 (current_events.rules)
2832835 - ETPRO CURRENT_EVENTS Successful Simplii Phish 2018-09-27 (current_events.rules)
2832836 - ETPRO CURRENT_EVENTS Successful Generic Personalized Phish 2018-09-27 M1 (current_events.rules)
2832837 - ETPRO CURRENT_EVENTS Successful Office 365 Phish 2018-09-27 (current_events.rules)
2832838 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information Phish 2018-09-27 (current_events.rules)
2832839 - ETPRO CURRENT_EVENTS Successful Bank of America Phish 2018-09-27 (current_events.rules)
2832840 - ETPRO CURRENT_EVENTS Successful Generic SpamEgy Phish 2018-09-27 (current_events.rules)
2832841 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish 2018-09-27 (current_events.rules)
2832842 - ETPRO CURRENT_EVENTS Successful Generic Personalized Phish 2018-09-27 M2 (current_events.rules)
2832843 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish 2018-09-27 M1 (current_events.rules)
2832844 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish 2018-09-27 M2 (current_events.rules)
2832845 - ETPRO CURRENT_EVENTS Successful Generic Shared Document Phish 2018-09-27 (current_events.rules)
2832846 - ETPRO CURRENT_EVENTS Successful Generic 000webhost Phish 2018-09-27 (current_events.rules)
2832847 - ETPRO TROJAN Win32/Remcos RAT Checkin 49 (trojan.rules)
2832848 - ETPRO TROJAN Win32/Remcos RAT Checkin 50 (trojan.rules)

[///]     Modified active rules:     [///]

2823937 - ETPRO CURRENT_EVENTS Successful Generic Phish (302) Dec 16 2016 (current_events.rules)
2830346 - ETPRO TROJAN MSIL/Sentinel Keylogger Style IP Check (trojan.rules)
2831895 - ETPRO CURRENT_EVENTS Successful Adobe PDF Phish 2018-07-19 (current_events.rules)
2832774 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MageCart Group 4 Staging Domain) (current_events.rules)
2832775 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MageCart Group 4 Staging Domain) (current_events.rules)
2832776 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MageCart Group 4 Staging Domain) (current_events.rules)
2832777 - ETPRO TROJAN Observed Malicious SSL Cert (MageCart Group 4 Staging Domain) (trojan.rules)
2832778 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MageCart Group 4 Staging Domain) (current_events.rules)
2832779 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MageCart Group 4 Staging Domain) (current_events.rules)
2832780 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MageCart Group 4 Staging Domain) (current_events.rules)
2832781 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MageCart Group 4 Staging Domain) (current_events.rules)
2832782 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MageCart Group 4 Staging Domain) (current_events.rules)

[---]  Disabled and modified rules:  [---]

2829095 - ETPRO CURRENT_EVENTS Possible Successful Generic Phish (set) 2017-12-27 (current_events.rules)

Date: 
Thursday, September 27, 2018 - 00:00