Daily Ruleset Update Summary 2017/01/10

[***] Summary: [***]

3 new Open signatures, 54 new Pro (3 + 51). Maktub, Zeus Panda, Cerber, VARIOUS PHISHING.

CVE to SID mapping for Adobe MAPP CVEs:

CVE-2017-2926 -> 2824302
CVE-2017-2927 -> 2824303
CVE-2017-2928 -> 2824304
CVE-2017-2931 -> 2824305
CVE-2017-2932 -> 2824306
CVE-2017-2933 -> 2824307
CVE-2017-2934 -> 2824308
CVE-2017-2935 -> 2824309
CVE-2017-2936 -> 2824310
CVE-2017-2937 -> 2824311
CVE-2017-2941 -> 2824312
CVE-2017-2947 -> 2824313
CVE-2017-2948 -> 2824314
CVE-2017-2949 -> 2824315
CVE-2017-2946 -> 2824316
CVE-2017-2950 -> 2824317
CVE-2017-2955 -> 2824318
CVE-2017-2957 -> 2824319
CVE-2017-2958 -> 2824320
CVE-2017-2960 -> 2824321
CVE-2017-2961 -> 2824322
CVE-2017-2963 -> 2824323
CVE-2017-2964 -> 2824324
CVE-2017-2965 -> 2824325
CVE-2017-2966 -> 2824326
CVE-2017-2967 -> 2824327

[+++]          Added rules:          [+++]

Open:

2023713 - ET INFO MP4 in HTTP Flowbit Set (info.rules)
2023714 - ET INFO ATF file in HTTP Flowbit Set (info.rules)
2023715 - ET INFO Adobe FDF in HTTP Flowbit Set (info.rules)

Pro:

2824301 - ETPRO CURRENT_EVENTS Possible Successful Paypal Phish Jan 09 2017 (current_events.rules)
2824302 - ETPRO WEB_CLIENT Possible Adobe Flash mp4 parsing OOB Memory Access (CVE-2017-2926) (web_client.rules)
2824303 - ETPRO WEB_CLIENT Possible Adobe Flash ATF parsing OOB Memory Access (CVE-2017-2927) (web_client.rules)
2824304 - ETPRO WEB_CLIENT Possible Adobe Flash OOB Memory Access (CVE-2017-2928) (web_client.rules)
2824305 - ETPRO WEB_CLIENT Possible Adobe Flash OOB Memory Access (CVE-2017-2931) (web_client.rules)
2824306 - ETPRO WEB_CLIENT Possible Adobe Flash UAF (CVE-2017-2932) (web_client.rules)
2824307 - ETPRO WEB_CLIENT Possible Adobe Flash ATF parsing OOB Memory Access (CVE-2017-2933) (web_client.rules)
2824308 - ETPRO WEB_CLIENT Possible Adobe Flash ATF parsing OOB Memory Access (CVE-2017-2934) (web_client.rules)
2824309 - ETPRO WEB_CLIENT Possible Adobe Flash FLV parsing OOB Memory Access (CVE-2017-2935) (web_client.rules)
2824310 - ETPRO WEB_CLIENT Possible Adobe Flash UAF (CVE-2017-2936) (web_client.rules)
2824311 - ETPRO WEB_CLIENT Possible Adobe Flash UAF (CVE-2017-2937) (web_client.rules)
2824312 - ETPRO WEB_CLIENT Possible Adobe Reader (CVE-2017-2941) (web_client.rules)
2824313 - ETPRO WEB_CLIENT Possible Adobe Reader (CVE-2017-2947) (web_client.rules)
2824314 - ETPRO WEB_CLIENT Possible Adobe Reader (CVE-2017-2948) (web_client.rules)
2824315 - ETPRO WEB_CLIENT Possible Adobe Reader (CVE-2017-2949) (web_client.rules)
2824316 - ETPRO WEB_CLIENT Possible Adobe Reader (CVE-2017-2946) (web_client.rules)
2824317 - ETPRO WEB_CLIENT Possible Adobe Reader (CVE-2017-2950) (web_client.rules)
2824318 - ETPRO WEB_CLIENT Possible Acrobat Reader JS Use After Free (CVE-2017-2955) (web_client.rules)
2824319 - ETPRO WEB_CLIENT Possible Acrobat Reader JS Use After Free (CVE-2017-2957) (web_client.rules)
2824320 - ETPRO WEB_CLIENT Possible Acrobat Reader JS Use After Free (CVE-2017-2958) (web_client.rules)
2824321 - ETPRO WEB_CLIENT Possible Adobe Reader Memory Corruption Attempt (CVE-2017-2960) (web_client.rules)
2824322 - ETPRO WEB_CLIENT Possible Adobe Reader (CVE-2017-2961) (web_client.rules)
2824323 - ETPRO WEB_CLIENT Possible Adobe Reader TIFF Memory Corruption (CVE-2017-2963) (web_client.rules)
2824324 - ETPRO WEB_CLIENT Possible Adobe Reader Memory Corruption Attempt (CVE-2017-2964) (web_client.rules)
2824325 - ETPRO WEB_CLIENT Possible Adobe Reader TIFF OOB Memory Access (CVE-2017-2965) (web_client.rules)
2824326 - ETPRO WEB_CLIENT Possible Adobe Reader TIFF Memory Corruption (CVE-2017-2966) (web_client.rules)
2824327 - ETPRO WEB_CLIENT Possible Adobe Reader (CVE-2017-2967) (web_client.rules)
2824328 - ETPRO TROJAN DNS Query to Cerber Domain (3p2gx6 . top) (trojan.rules)
2824329 - ETPRO TROJAN DNS Query to Cerber Domain (bds4sn . top) (trojan.rules)
2824330 - ETPRO TROJAN DNS Query to Cerber Domain (ac7zvz . top) (trojan.rules)
2824331 - ETPRO TROJAN DNS Query to Cerber Domain (5a5vmh . top) (trojan.rules)
2824332 - ETPRO TROJAN DNS Query to Cerber Domain (hzrekn . top) (trojan.rules)
2824333 - ETPRO TROJAN DNS Query to Cerber Domain (sz209n . bid) (trojan.rules)
2824334 - ETPRO TROJAN DNS Query to Cerber Domain (iyv3uw . top) (trojan.rules)
2824335 - ETPRO TROJAN DNS Query to Cerber Domain (1nc6uc . top) (trojan.rules)
2824336 - ETPRO TROJAN DNS Query to Cerber Domain (6x202r . top) (trojan.rules)
2824337 - ETPRO TROJAN DNS Query to Cerber Domain (2gayao . bid) (trojan.rules)
2824338 - ETPRO CURRENT_EVENTS Successful Paypal Phish M1 Jan 10 2017 (current_events.rules)
2824339 - ETPRO CURRENT_EVENTS Successful Paypal Phish M2 Jan 10 2017 (current_events.rules)
2824340 - ETPRO CURRENT_EVENTS Successful Free Mobile (FR) Phish Jan 10 2017 (current_events.rules)
2824341 - ETPRO CURRENT_EVENTS Successful Paypal Phish M3 Jan 10 2017 (current_events.rules)
2824342 - ETPRO CURRENT_EVENTS Successful Paypal Phish M4 Jan 10 2017 (current_events.rules)
2824343 - ETPRO CURRENT_EVENTS Successful Paypal Phish M5 Jan 10 2017 (current_events.rules)
2824344 - ETPRO CURRENT_EVENTS Successful Paypal Phish M6 Jan 10 2017 (current_events.rules)
2824345 - ETPRO CURRENT_EVENTS Successful Vodafone Phish M1 Jan 10 2017 (current_events.rules)
2824346 - ETPRO CURRENT_EVENTS Successful Vodafone Phish M2 Jan 10 2017 (current_events.rules)
2824347 - ETPRO CURRENT_EVENTS Successful Vodafone Phish M3 Jan 10 2017 (current_events.rules)
2824348 - ETPRO CURRENT_EVENTS Successful Bank of America Phish Jan 10 2017 (current_events.rules)
2824349 - ETPRO CURRENT_EVENTS Successful RBC Phish Jan 10 2017 (current_events.rules)
2824350 - ETPRO TROJAN Maktub Locker TOR Status Check (trojan.rules)
2824351 - ETPRO TROJAN Zeus Panda Injects Domain in SNI (trojan.rules)

[///]     Modified active rules:     [///]

2014726 - ET POLICY Outdated Windows Flash Version IE (policy.rules)
2022639 - ET TROJAN Possible Locky Ransomware Writing Encrypted File over - SMB and SMB-DS v2 (trojan.rules)
2822633 - ETPRO TROJAN Win32/Zacom.I CnC Checkin (trojan.rules)
2823263 - ETPRO CURRENT_EVENTS Possible Successful Generic Phish (set) Nov 15 2016 (current_events.rules)

[---]         Removed rules:         [---]

2822671 - ETPRO CURRENT_EVENTS Possible Successful Generic Phish (set) Oct 17 (current_events.rules)
2822915 - ETPRO CURRENT_EVENTS Possible Successful Generic Phish (set) Oct 26 (current_events.rules)
 

Date: 
Tuesday, January 10, 2017 - 00:00