Daily Ruleset Update Summary 2017/03/13

[***]            Summary:            [***]

5 new Open signatures, 16 new Pro (5 + 11). Rig updates, APT.ZeroT update, Various Phishing

Thanks: @illegalFawn

[+++]          Added rules:          [+++]

2024045 - ET WEB_SPECIFIC_APPS Possible Apache Struts OGNL Expression Injection (CVE-2017-5638) M3 (web_specific_apps.rules)
2024046 - ET CURRENT_EVENTS Successful Paypal Phish Mar 13 2017 (current_events.rules)
2024047 - ET CURRENT_EVENTS Successful National Bank Phish Mar 13 2017 (current_events.rules)
2024048 - ET CURRENT_EVENTS RIG EK URI Struct Mar 13 2017 (current_events.rules)
2024049 - ET CURRENT_EVENTS RIG EK URI Struct Mar 13 2017 M2 (current_events.rules)
2825363 - ETPRO CURRENT_EVENTS Successful Banco Bradesco Phish Mar 13 2017 (current_events.rules)
2825364 - ETPRO CURRENT_EVENTS Successful Banco Itau (BR) Phish Mar 13 2017 (current_events.rules)
2825365 - ETPRO TROJAN APT.ZeroT CnC Beacon Fake User-Agent (trojan.rules)
2825366 - ETPRO CURRENT_EVENTS Adobe Shared Document Phishing Landing Mar 13 2017 (current_events.rules)
2825367 - ETPRO CURRENT_EVENTS Successful Adobe Shared Document Phish Mar 13 2017 (current_events.rules)
2825368 - ETPRO CURRENT_EVENTS Successful Instagram Phish Mar 13 2017 (current_events.rules)
2825369 - ETPRO CURRENT_EVENTS Successful Amazon Phish Mar 13 2017 (current_events.rules)
2825370 - ETPRO CURRENT_EVENTS Successful American Express Phish Mar 13 2017 (current_events.rules)
2825371 - ETPRO MOBILE_MALWARE Android.Adware.Adwo.A CNC Beacon (mobile_malware.rules)
2825372 - ETPRO MOBILE_MALWARE Android.KorBanker CnC Beacon 2 (mobile_malware.rules)
2825373 - ETPRO MOBILE_MALWARE Android.KorBanker CnC Beacon 3 (mobile_malware.rules)

[///]     Modified active rules:     [///]

2023476 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) (trojan.rules)
2023697 - ET CURRENT_EVENTS Successful Bradesco Bank Phish M2 Jan 05 2017 (current_events.rules)
2023740 - ET TROJAN Possible Pony Payload DL (trojan.rules)
2024044 - ET WEB_SPECIFIC_APPS Possible Apache Struts OGNL Expression Injection (CVE-2017-5638) M2 (web_specific_apps.rules)
2821028 - ETPRO TROJAN APT.ZeroT CnC Beacon HTTP POST (trojan.rules)
2825339 - ETPRO TROJAN Downloader/Stengol CnC Beacon (trojan.rules)
2825357 - ETPRO TROJAN DroppingElephant MSIL/Druixey CnC Beacon 1 (trojan.rules)
 

Date: 
Monday, March 13, 2017 - 00:00