Daily Ruleset Update Summary 2017/03/20

[***]            Summary:            [***]

4 new Open signatures, 22 new Pro (4 + 18). Struts2 Vuln, Snow RAT, Various Phishing, Various Android

[+++]          Added rules:          [+++]

Open:

2024094 - ET WEB_SPECIFIC_APPS Possible Apache Struts OGNL Expression Injection (CVE-2017-5638) (Content-Length) M1 (web_specific_apps.rules)
2024095 - ET WEB_SPECIFIC_APPS Possible Apache Struts OGNL Expression Injection (CVE-2017-5638) (Content-Length) M2 (web_specific_apps.rules)
2024096 - ET WEB_SPECIFIC_APPS Possible Apache Struts OGNL Expression Injection (CVE-2017-5638) (Content-Disposition) M1 (web_specific_apps.rules)
2024097 - ET WEB_SPECIFIC_APPS Possible Apache Struts OGNL Expression Injection (CVE-2017-5638) (Content-Disposition) M2 (web_specific_apps.rules)

Pro:

2825506 - ETPRO CURRENT_EVENTS GreenFlash SunDown EK Payload Mar 19 2017 (current_events.rules)
2825507 - ETPRO TROJAN Observed Malicious SSL Cert (Gozi ISFB/Dreambot) (trojan.rules)
2825508 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Triada.e CnC Beacon (mobile_malware.rules)
2825509 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Triada.e CnC Beacon 2 (mobile_malware.rules)
2825510 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Triada.e CnC Beacon 3 (mobile_malware.rules)
2825511 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Triada.bd Checkin (mobile_malware.rules)
2825512 - ETPRO TROJAN Ursnif Module Download (trojan.rules)
2825513 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Triada.bz CnC Beacon (mobile_malware.rules)
2825514 - ETPRO MOBILE_MALWARE Android.Trojan.Triada.J Checkin (mobile_malware.rules)
2825515 - ETPRO TROJAN MSIL/Snow RAT CnC (Update) (trojan.rules)
2825516 - ETPRO TROJAN MSIL/Snow RAT CnC (ID) (trojan.rules)
2825517 - ETPRO TROJAN MSIL/Snow RAT CnC (LS) (trojan.rules)
2825520 - ETPRO TROJAN MSIL/TrojanDownloader.Agent.PLJ Download (trojan.rules)
2825521 - ETPRO TROJAN Win32/TrojanDownloader.Perkesh.J CnC Beacon (trojan.rules)
2825522 - ETPRO MOBILE_MALWARE Android/TrojanDropper.Agent.SO Checkin (mobile_malware.rules)
2825523 - ETPRO MOBILE_MALWARE Android/TrojanDropper.Agent.SO Checkin 2 (mobile_malware.rules)
2825524 - ETPRO MOBILE_MALWARE Android/TrojanDropper.Agent.SO Checkin 3 (mobile_malware.rules)
2825525 - ETPRO MOBILE_MALWARE Android.Trojan.Triada.J Checkin 2 (mobile_malware.rules)

[///]     Modified active rules:     [///]

2016932 - ET TROJAN Spy/Infostealer.Win32.Embed.A Client Traffic (trojan.rules)
2821479 - ETPRO MOBILE_MALWARE Android/Agent.YF Checkin (mobile_malware.rules)
2824449 - ETPRO CURRENT_EVENTS GreenFlash SunDown EK Flash Exploit Jan 17 (current_events.rules)
2825458 - ETPRO TROJAN Banload Variant Checkin (trojan.rules)
 

Date: 
Monday, March 20, 2017 - 00:00