Daily Ruleset Update Summary 2017/03/03

[***] Summary: [***]

26 new Pro signatures. Phishing, Helminth/Oilrig, Win32/Unk.

[+++]          Added rules:          [+++]

2825210 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-03-02 1) (trojan.rules)
2825211 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-03-02 2) (trojan.rules)
2825212 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-03-02 3) (trojan.rules)
2825213 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-03-02 4) (trojan.rules)
2825214 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-03-02 5) (trojan.rules)
2825215 - ETPRO CURRENT_EVENTS Successful Amazon Phish M1 Mar 02 2017 (current_events.rules)
2825216 - ETPRO CURRENT_EVENTS Successful Amazon Phish M2 Mar 02 2017 (current_events.rules)
2825217 - ETPRO CURRENT_EVENTS Successful Generic Webmail Signin Phish Mar 02 2017 (current_events.rules)
2825218 - ETPRO CURRENT_EVENTS Successful Natwest Phish M1 Mar 02 2017 (current_events.rules)
2825219 - ETPRO CURRENT_EVENTS Successful Natwest Phish M2 Mar 02 2017 (current_events.rules)
2825220 - ETPRO CURRENT_EVENTS Successful Natwest Phish M3 Mar 02 2017 (current_events.rules)
2825221 - ETPRO CURRENT_EVENTS Successful RBC Royal Bank Phish Mar 02 2017 (current_events.rules)
2825222 - ETPRO MOBILE_MALWARE AndroidOS/Agent.UG Checkin (mobile_malware.rules)
2825223 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmsThief.eo SMS/Contacts Exfil via SMTP (mobile_malware.rules)
2825224 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmsThief.eo SMS/Contacts Exfil via SMTP 2 (mobile_malware.rules)
2825225 - ETPRO MOBILE_MALWARE Android/SMSreg.RA Checkin 2 (mobile_malware.rules)
2825226 - ETPRO TROJAN Helminth/Oilrig CnC Beacon 2 (trojan.rules)
2825227 - ETPRO TROJAN Helminth/Oilrig CnC Beacon POST (trojan.rules)
2825228 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmForw.em CnC Beacon (mobile_malware.rules)
2825229 - ETPRO TROJAN MalDoc Downloader .onion Proxy Domain (trojan.rules)
2825230 - ETPRO MOBILE_MALWARE Android/TrojanDropper.Shedun.E CnC Beacon (mobile_malware.rules)
2825231 - ETPRO CURRENT_EVENTS Successful Google Spain Phish Mar 03 2017 (current_events.rules)
2825232 - ETPRO CURRENT_EVENTS Successful Chase Phish Mar 03 2017 (current_events.rules)
2825233 - ETPRO CURRENT_EVENTS Successful Banco Itau (BR) Phish M1 Mar 03 2017 (current_events.rules)
2825234 - ETPRO CURRENT_EVENTS Successful Banco Itau (BR) Phish M2 Mar 03 2017 (current_events.rules)
2825235 - ETPRO CURRENT_EVENTS Win32/Unk.Downloader Retrieving Payload Mar 3 2017 (current_events.rules)

[///]     Modified active rules:     [///]

2020826 - ET CURRENT_EVENTS Potential Dridex.Maldoc Minimal Executable Request (current_events.rules)

[///]    Modified inactive rules:    [///]

2023997 - ET INFO Potentially unsafe SMBv1 protocol in use (info.rules)

[---]  Disabled and modified rules:  [---]

2011891 - ET WEB_CLIENT Possible Microsoft Internet Explorer CSS Tags Remote Code Execution Attempt (web_client.rules)
2822536 - ETPRO WEB_CLIENT Possible Microsoft Edge Memory Corruption Vulnerability M2 (CVE-2016-7190) (web_client.rules)
2824933 - ETPRO WEB_CLIENT Possible Adobe Flash MP4 parsing OOB Memory Access M1 (CVE-2017-2984) (web_client.rules)
2824939 - ETPRO EXPLOIT Flash Player Heap Overflow (CVE-2017-2992) (exploit.rules)

[---]         Removed rules:         [---]

2816352 - ETPRO CURRENT_EVENTS Possible Angler EK Landing Feb 23 M3 (current_events.rules)
2822983 - ETPRO CURRENT_EVENTS Successful Bank of America Phish M1 Oct 28 2016 (current_events.rules)
 

Date: 
Friday, March 3, 2017 - 00:00