Daily Ruleset Update Summary
Daily Ruleset Update Summary 2018/11/29

[***]            Summary:            [***]

9 new Open, 29 new Pro (9 + 20). Powerstats, SYSCON, Apoxas Stealer, Various Phishing.

[+++]          Added rules:          [+++]

Open:

2026673 - ET TROJAN IcedID WebSocket Request (trojan.rules)
2026674 - ET INFO Minimal HTTP GET Request to Bit.ly (info.rules)
2026675 - ET CURRENT_EVENTS Inbound PowerShell Saving Base64 Decoded Payload to Temp M1 2018-11-29 (current_events.rules)
2026676 - ET CURRENT_EVENTS Inbound PowerShell Saving Base64 Decoded Payload to Temp M2 2018-11-29 (current_events.rules)
2026677 - ET CURRENT_EVENTS Inbound PowerShell Executing Base64 Decoded VBE from Temp 2018-11-29 (current_events.rules)
2026678 - ET CURRENT_EVENTS Observed Malicious SSL Cert (POWERSTATS Proxy CnC) (current_events.rules)
2026679 - ET CURRENT_EVENTS Observed Malicious SSL Cert (POWERSTATS Proxy CnC) (current_events.rules)
2026680 - ET TROJAN DNS Query for DNSpionage CnC Domain (trojan.rules)
2026681 - ET TROJAN DNSpionage Requesting Config (trojan.rules)

Pro:

2833702 - ETPRO TROJAN Zebrocy CnC Checkin M3 (trojan.rules)
2833703 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-11-29 1) (trojan.rules)
2833704 - ETPRO TROJAN Observed Malicious SSL Cert (Zebrocy CnC) (trojan.rules)
2833705 - ETPRO TROJAN SYSCON FTP Retrieving Config (trojan.rules)
2833706 - ETPRO TROJAN SYSCON FTP Config Inbound (trojan.rules)
2833707 - ETPRO TROJAN SYSCON FTP Windows Log Exfil (trojan.rules)
2833708 - ETPRO TROJAN SYSCON FTP Process Log Exfil (trojan.rules)
2833709 - ETPRO TROJAN SYSCON FTP Screenshot Exfil (trojan.rules)
2833710 - ETPRO TROJAN Apoxas Stealer Exfil via FTP (trojan.rules)
2833711 - ETPRO CURRENT_EVENTS Successful Santander Phish 2018-11-29 (current_events.rules)
2833712 - ETPRO CURRENT_EVENTS Successful Discover Phish 2018-11-29 (current_events.rules)
2833713 - ETPRO CURRENT_EVENTS Successful BBVA Phish 2018-11-29 (current_events.rules)
2833714 - ETPRO CURRENT_EVENTS Successful Apple Phish 2018-11-29 (current_events.rules)
2833715 - ETPRO CURRENT_EVENTS Successful Linkedin Phish 2018-11-29 (current_events.rules)
2833716 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2018-11-29 (current_events.rules)
2833717 - ETPRO CURRENT_EVENTS Possible Successful Generic Phish 2018-11-29 (current_events.rules)
2833718 - ETPRO CURRENT_EVENTS Successful Credit Card Information Phish 2018-11-29 (current_events.rules)
2833719 - ETPRO CURRENT_EVENTS Successful Apple Credit Card Information Phish 2018-11-29 (current_events.rules)
2833720 - ETPRO CURRENT_EVENTS Successful Credit Card Information Phish 2018-11-29 (current_events.rules)
2833721 - ETPRO CURRENT_EVENTS Successful Facebook Credit Card Information Phish 2018-11-29 (current_events.rules)

[///]     Modified active rules:     [///]

2026557 - ET TROJAN DNS Query for DNSpionage CnC Domain (trojan.rules)
2829988 - ETPRO POLICY Observed MS Certutil User-Agent in HTTP Request (policy.rules)
2832030 - ETPRO TROJAN SYSCON Data Exfil via FTP (trojan.rules)

Date:
Summary title:
9 new Open, 29 new Pro (9 + 20). Powerstats, SYSCON, Apoxas Stealer, Various Phishing.