Daily Ruleset Update Summary
Daily Ruleset Update Summary 2019/02/13

[***]            Summary:            [***]

6 new Open, 18 new Pro (6 + 12). Suspicious Nameservers, Mendigos Stealer, Various SSL Certs, Various Phish.

[+++]          Added rules:          [+++]

Open:

2026902 - ET CURRENT_EVENTS Possible Successful Generic Phish (set) 2019-02-13 (current_events.rules)
2026903 - ET CURRENT_EVENTS Possible Successful Generic Phish (set) 2019-02-13 (current_events.rules)
2026904 - ET CURRENT_EVENTS Possible Successful Generic Phish (set) 2019-02-13 (current_events.rules)
2026905 - ET CURRENT_EVENTS Possible Successful Generic Phish (set) 2019-02-13 (current_events.rules)
2026906 - ET TROJAN Possible Astaroth User-Agent Observed (trojan.rules)
2026907 - ET MOBILE_MALWARE Android/Xnore Fake Facebook Login Credentials Collected (mobile_malware.rules)

Pro:

2834868 - ETPRO TROJAN MSIL.Mendigos Stealer (trojan.rules)
2834869 - ETPRO MALWARE Win32/Zpevdo.B PUP/PUA Reporting System Info (malware.rules)
2834870 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif Injects) (trojan.rules)
2834871 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL 2019-02-13) (current_events.rules)
2834872 - ETPRO CURRENT_EVENTS Observed MalDoc DL 2019-02-13 Domain (customsservices .xyz in TLS SNI) (current_events.rules)
2834873 - ETPRO CURRENT_EVENTS Successful Bank of America Phish 2019-02-13 (current_events.rules)
2834874 - ETPRO CURRENT_EVENTS Successful CIBC Phish 2019-02-13 (current_events.rules)
2834875 - ETPRO CURRENT_EVENTS Successful USAA Phish 2019-02-13 (current_events.rules)
2834876 - ETPRO CURRENT_EVENTS Successful Generic Personalized Phish 2019-02-13 (current_events.rules)
2834877 - ETPRO INFO Suspicious Registrar Nameservers in DNS Response (internet .bs) (info.rules)
2834878 - ETPRO INFO Suspicious Registrar Nameservers in DNS Response (internet .bs) (info.rules)
2834879 - ETPRO INFO Suspicious Registrar Nameservers in DNS Response (internet .bs) (info.rules)

[///]     Modified active rules:     [///]

2834793 - ETPRO CURRENT_EVENTS Inbound JScript Executing Obfuscated Bitsadmin Job (current_events.rules)
2834849 - ETPRO TROJAN El Profiler CnC Checkin (trojan.rules)
2026901 - ET TROJAN Win32/Remcos RAT Checkin 84 (trojan.rules)

Date:
Summary title:
6 new Open, 18 new Pro (6 + 12). Suspicious Nameservers, Mendigos Stealer, Various SSL Certs, Various Phish.