Daily Ruleset Update Summary 2018/11/01

[***]            Summary:            [***]

4 new Open, 34 new Pro (4 + 30). BlackTech/PLEAD TSCookie, Possible CVE-2018-4407, Various Phishing, Various Mobile.

[+++]          Added rules:          [+++]

Open:

2026565 - ET TROJAN BlackTech/PLEAD TSCookie CnC Checkin M1 (trojan.rules)
2026566 - ET MOBILE_MALWARE Android/GPlayed (sub1 .tdsworker .ru in DNS Lookup) (mobile_malware.rules)
2026567 - ET EXPLOIT Possible CVE-2018-4407 - Apple ICMP DoS PoC (exploit.rules)
2026568 - ET TROJAN BlackTech/PLEAD TSCookie CnC Checkin M2 (trojan.rules)

Pro:

2833391 - ETPRO MOBILE_MALWARE Trojan-Ransom.AndroidOS.Congur.y Reporting Infection via SMTP (mobile_malware.rules)
2833392 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmForw.ar Reporting Infection via SMTP (mobile_malware.rules)
2833393 - ETPRO MOBILE_MALWARE Android/GoldenTouch.A!tr Reporting Infection via SMTP (mobile_malware.rules)
2833394 - ETPRO TROJAN Win32/Banload.Downloader Variant CnC via IRC (trojan.rules)
2833395 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-11-01 1) (trojan.rules)
2833396 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-11-01 2) (trojan.rules)
2833397 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-11-01 3) (trojan.rules)
2833398 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-11-01 4) (trojan.rules)
2833399 - ETPRO TROJAN MSIL/TPA02 Process Listing (trojan.rules)
2833400 - ETPRO TROJAN EvilVNC Backdoor CnC Checkin (trojan.rules)
2833401 - ETPRO CURRENT_EVENTS MalDoc Retrieving Payload 2018-11-01 (current_events.rules)
2833402 - ETPRO TROJAN Observed Malicious SSL Cert (Qbot CnC) (trojan.rules)
2833403 - ETPRO CURRENT_EVENTS Successful Vodafone Phish 2018-11-01 (current_events.rules)
2833404 - ETPRO CURRENT_EVENTS Successful Stripe Phish 2018-11-01 (current_events.rules)
2833405 - ETPRO CURRENT_EVENTS Successful AT&T Phish 2018-11-01 (current_events.rules)
2833406 - ETPRO CURRENT_EVENTS Successful Bank of America Phish 2018-11-01 (current_events.rules)
2833407 - ETPRO CURRENT_EVENTS Successful Banque Populaire Phish 2018-11-01 (current_events.rules)
2833408 - ETPRO CURRENT_EVENTS Successful Credit Card Information Phish 2018-11-01 (current_events.rules)
2833409 - ETPRO CURRENT_EVENTS Successful Generic Phish 2018-11-01 (current_events.rules)
2833410 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information Phish 2018-11-01 (current_events.rules)
2833411 - ETPRO TROJAN MSIL/Agent.QUC/Koi.Stealer Communicating with CnC M1 (trojan.rules)
2833413 - ETPRO CURRENT_EVENTS Invoke Obfuscated PowerShell Inbound M1 2018-11-01 (current_events.rules)
2833414 - ETPRO TROJAN Observed Malicious SSL Cert (RizzoRAT CnC Domain) (trojan.rules)
2833415 - ETPRO TROJAN MSIL/SCBP.Stealer Uploading Keylog File (trojan.rules)
2833416 - ETPRO TROJAN MSIL/SCBP.Stealer Uploading Passwords File (trojan.rules)
2833417 - ETPRO TROJAN MSIL/SCBP.Stealer Reporting Successful Password Upload (trojan.rules)
2833418 - ETPRO TROJAN MSIL/SCBP.Stealer CnC Checkin (trojan.rules)
2833419 - ETPRO TROJAN MSIL/SCBP.Stealer Sending Errors to CnC (Debug Enabled) (trojan.rules)
2833420 - ETPRO CURRENT_EVENTS Malicious Memory Inject PowerShell Inbound 2018-11-01 (current_events.rules)
2833421 - ETPRO CURRENT_EVENTS GreenFlash Sundown EK Landing Nov 2018 M1 (current_events.rules)

[///]     Modified active rules:     [///]

[---]  Disabled and modified rules:  [---]

2021749 - ET CURRENT_EVENTS Possible Upatre/Dyre/Kegotip SSL Cert Sept 8 2015 (current_events.rules)

[---]         Removed rules:         [---]

2829891 - ETPRO TROJAN PLEAD TScookie CnC Checkin (trojan.rules)

Date: 
Thursday, November 1, 2018 - 00:00