Daily Ruleset Update Summary 2018/10/01

[***]            Summary:            [***]

5 new Open, 49 new Pro (5 + 44). VPNFilter, PoshAdvisor, MakLoader, Various Phish, Various Mobile.

[+++]          Added rules:          [+++]

Open:

2026428 - ET USER_AGENTS VPNFilter Related UA (user_agents.rules)
2026429 - ET TROJAN VPNFilter htpx Module C2 Request (trojan.rules)
2026430 - ET CURRENT_EVENTS Successful Generic .EDU.TW Phish (Legit Set) (current_events.rules)
2026431 - ET TROJAN Win32/Final1stspy CnC Checkin (Reaper/APT37 Stage 1 Payload) (trojan.rules)
2026432 - ET TROJAN Reaper (APT37) DNS Lookup (kmbr1 .nitesbr1 .org) (trojan.rules)

Pro:

2832863 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 434 (mobile_malware.rules)
2832864 - ETPRO TROJAN PoshAdvisor SSL/TLS Certificate Observed (trojan.rules)
2832865 - ETPRO POLICY KnowB4 Phish Training HTTP Request (policy.rules)
2832866 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-10-01 1) (trojan.rules)
2832867 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-10-01 2) (trojan.rules)
2832868 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-10-01 3) (trojan.rules)
2832869 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-10-01 4) (trojan.rules)
2832870 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-10-01 5) (trojan.rules)
2832871 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-10-01 6) (trojan.rules)
2832872 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-10-01 7) (trojan.rules)
2832873 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-10-01 8) (trojan.rules)
2832874 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-10-01 9) (trojan.rules)
2832875 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-10-01 10) (trojan.rules)
2832876 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-10-01 11) (trojan.rules)
2832877 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-10-01 12) (trojan.rules)
2832878 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-10-01 13) (trojan.rules)
2832879 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-10-01 14) (trojan.rules)
2832880 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-10-01 15) (trojan.rules)
2832881 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-10-01 16) (trojan.rules)
2832882 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-10-01 17) (trojan.rules)
2832883 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-10-01 18) (trojan.rules)
2832884 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-10-01 19) (trojan.rules)
2832885 - ETPRO TROJAN MakLoader Activity 1 (trojan.rules)
2832886 - ETPRO TROJAN MakLoader Activity 2 (trojan.rules)
2832887 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (sLoad DL/CnC 2018-09-28) (current_events.rules)
2832888 - ETPRO TROJAN Observed Malicious SSL Cert (RevCode CnC) (trojan.rules)
2832889 - ETPRO CURRENT_EVENTS Successful ASB Bank Phish 2018-10-01 (current_events.rules)
2832890 - ETPRO CURRENT_EVENTS Successful CIBC Bank Phish 2018-10-01 (current_events.rules)
2832891 - ETPRO CURRENT_EVENTS Successful Docusign Phish 2018-10-01 (current_events.rules)
2832892 - ETPRO CURRENT_EVENTS Successful ATB Bank Phish 2018-10-01 (current_events.rules)
2832893 - ETPRO CURRENT_EVENTS Successful BNZ Bank Phish 2018-10-01 (current_events.rules)
2832894 - ETPRO CURRENT_EVENTS Successful ASB Bank Phish 2018-10-01 (current_events.rules)
2832895 - ETPRO CURRENT_EVENTS Successful Apple Phish 2018-10-01 (current_events.rules)
2832896 - ETPRO CURRENT_EVENTS Successful Impots Gouv Phish 2018-10-01 (current_events.rules)
2832897 - ETPRO CURRENT_EVENTS Successful Scotiabank Phish 2018-10-01 (current_events.rules)
2832898 - ETPRO CURRENT_EVENTS Successful Commonwealth Bank Phish 2018-10-01 (current_events.rules)
2832899 - ETPRO CURRENT_EVENTS Successful Tangerine Phish 2018-10-01 (current_events.rules)
2832900 - ETPRO CURRENT_EVENTS Successful Impots Gouv Phish 2018-10-01 (current_events.rules)
2832901 - ETPRO CURRENT_EVENTS Successful ING Phish 2018-10-01 (current_events.rules)
2832902 - ETPRO USER_AGENTS GetRight Download Manager UA (GetRight) (user_agents.rules)
2832903 - ETPRO MALWARE Observed Malicious SSL Cert (Win32/Downloader.Agent.BH CnC Domain) (malware.rules)
2832904 - ETPRO MALWARE Observed Malicious SSL Cert (Win32/Downloader.Agent.BH CnC Domain) (malware.rules)
2832905 - ETPRO TROJAN Observed Malicious SSL Cert (APT32 CnC Domain) (trojan.rules)
2832906 - ETPRO TROJAN Win32/Agent.ZXI CnC Checkin (trojan.rules)

[///]     Modified active rules:     [///]

2827921 - ETPRO TROJAN Salsa Ransomware Checkin (trojan.rules)
2827983 - ETPRO CURRENT_EVENTS Successful Generic Phish Sep 18 2017 (current_events.rules)
2832665 - ETPRO TROJAN RektBot Check-In (trojan.rules)

Date: 
Monday, October 1, 2018 - 00:00