Daily Ruleset Update Summary 2018/10/29

[***]            Summary:            [***]

6 new Open, 30 new Pro (6 + 24). MSIL/KeyRedirEx, TrueBot/Silence.Downloader, MSIL/Ubiquity Stealer, Various Phishing, Various Mobile.

[+++]          Added rules:          [+++]

Open:

2026559 - ET TROJAN TrueBot/Silence.Downloader CnC Checkin (trojan.rules)
2026560 - ET TROJAN TrueBot/Silence.Downloader Keep-Alive (trojan.rules)
2026561 - ET POLICY External Host Creating Docker Container (policy.rules)
2026562 - ET TROJAN MSIL/KeyRedirEx Banker Requesting Redirect/Inject List (trojan.rules)
2026563 - ET TROJAN MSIL/KeyRedirEx Banker Receiving Redirect/Inject List (trojan.rules)
2026564 - ET TROJAN MSIL/KeyRedirEx Banker Receiving Exit Instruction (trojan.rules)

Pro:

2833315 - ETPRO TROJAN AZORult Variant.5 Checkin M1 (trojan.rules)
2833316 - ETPRO TROJAN AZORult Variant.5 Checkin M2 (trojan.rules)
2833317 - ETPRO TROJAN AZORult Variant.5 Checkin Response (trojan.rules)
2833318 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-10-29 1) (trojan.rules)
2833319 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-10-29 2) (trojan.rules)
2833320 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-10-29 3) (trojan.rules)
2833321 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-10-29 4) (trojan.rules)
2833322 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-10-29 5) (trojan.rules)
2833323 - ETPRO TROJAN MSIL/Ubiquity Stealer Exfil via FTP (trojan.rules)
2833324 - ETPRO TROJAN SuckLoader Requesting Payload (trojan.rules)
2833325 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL 2018-10-29) (current_events.rules)
2833326 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL 2018-10-29 2) (current_events.rules)
2833327 - ETPRO TROJAN Observed Malicious SSL Cert (AZORult CnC) (trojan.rules)
2833328 - ETPRO TROJAN Ursnif Variant CnC Beacon 10 M1 (trojan.rules)
2833329 - ETPRO TROJAN Ursnif Variant CnC Beacon 10 M1 (trojan.rules)
2833330 - ETPRO CURRENT_EVENTS Successful Netflix Phish 2018-10-29 (current_events.rules)
2833331 - ETPRO CURRENT_EVENTS Successful Google Docs Phish 2018-10-29 (current_events.rules)
2833332 - ETPRO CURRENT_EVENTS Successful Stripe Phish 2018-10-29 (current_events.rules)
2833333 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information Phish 2018-10-29 (current_events.rules)
2833334 - ETPRO CURRENT_EVENTS Invoke Obfuscated PowerShell Inbound M1 2018-10-29 (current_events.rules)
2833335 - ETPRO CURRENT_EVENTS Invoke Obfuscated PowerShell Inbound M2 2018-10-29 (current_events.rules)
2833336 - ETPRO POLICY External IP Lookup Domain (installtotal .com) (policy.rules)
2833337 - ETPRO TROJAN VBS/Agent.Y CnC Checkin (trojan.rules)
2833338 - ETPRO USER_AGENTS VBS/Agent.Y UA Observed (Cactus/1.6) (user_agents.rules)

[///]     Modified active rules:     [///]

2013031 - ET POLICY Python-urllib/ Suspicious User Agent (policy.rules)
2830741 - ETPRO POLICY Observed SSL Cert (External IP Address Lookup Domain (iptrackeronline .com) (policy.rules)
2833270 - ETPRO USER_AGENTS SuckLoader User-Agent Observed 2 (user_agents.rules)

Date: 
Monday, October 29, 2018 - 00:00