Daily Ruleset Update Summary 2017/03/15

[***]            Summary:            [***]

8 new Open signatures, 20 new Pro (8 + 12). Cryptfile2, Various Phishing, Various Android

[+++]          Added rules:          [+++]

2024056 - ET TROJAN Win32/CryptFile2 Ransomware Checkin M3 (trojan.rules)
2024057 - ET SHELLCODE Linux/x86-64 - Polymorphic Flush IPTables Shellcode (shellcode.rules)
2024058 - ET SHELLCODE Linux/x86-64 - Polymorphic Setuid(0) & Execve(/bin/sh) Shellcode (shellcode.rules)
2024059 - ET CURRENT_EVENTS Successful iCloud Phish Mar 15 2017 (current_events.rules)
2024060 - ET CURRENT_EVENTS Successful Apple Phish M1 Mar 15 2017 (current_events.rules)
2024061 - ET CURRENT_EVENTS Successful Apple Phish M2 Mar 15 2017 (current_events.rules)
2024062 - ET EXPLOIT IBM WebSphere - RCE Java Deserialization (exploit.rules)
2024063 - ET EXPLOIT HP Smart Storage Administrator Remote Command Injection (exploit.rules)
2825462 - ETPRO TROJAN MSIL/Karmen Ransomware CnC Activity (trojan.rules)
2825463 - ETPRO CURRENT_EVENTS Successful Facebook Phish Mar 15 2017 (current_events.rules)
2825464 - ETPRO CURRENT_EVENTS Successful Orange.fr Webmail Phish Mar 15 2017 (current_events.rules)
2825465 - ETPRO TROJAN Unknown MalDoc DNS Lookup (trojan.rules)
2825466 - ETPRO CURRENT_EVENTS Successful Free.fr Phish M1 Mar 15 2017 (current_events.rules)
2825467 - ETPRO CURRENT_EVENTS Successful Free.fr Phish M2 Mar 15 2017 (current_events.rules)
2825468 - ETPRO CURRENT_EVENTS Successful Free.fr Phish M3 Mar 15 2017 (current_events.rules)
2825469 - ETPRO MOBILE_MALWARE Android.Trojan.SmsSpy.T Checkin (mobile_malware.rules)
2825470 - ETPRO TROJAN Win32/Acronym Checkin (trojan.rules)
2825471 - ETPRO MOBILE_MALWARE AdWare.AndroidOS.Ewind.bc Checkin (mobile_malware.rules)
2825472 - ETPRO MOBILE_MALWARE Android.Riskware.SMSReg.OD CnC Beacon (mobile_malware.rules)
2825473 - ETPRO MOBILE_MALWARE Android.KorBanker CnC Beacon 4 (mobile_malware.rules)

[///]     Modified active rules:     [///]

2810582 - ETPRO TROJAN WIN32/KOVTER.B Checkin 2 (trojan.rules)
2822908 - ETPRO CURRENT_EVENTS Possible Successful Generic Phish (set) Oct 25 (current_events.rules)

[---]         Removed rules:         [---]

2825433 - ETPRO EXPLOIT Possible Edge OOB Read Vulnerability (CVE-2017-0131) (exploit.rules)
 

Date: 
Wednesday, March 15, 2017 - 00:00