Daily Ruleset Update Summary 2017/03/21

[***]            Summary:            [***]

1 new Open signatures, 27 new Pro (1 + 26). Various Phishing, Various Android

Thanks: @malwrhunterteam, Jeff H

[+++]          Added rules:          [+++]

Open:

2024098 - ET CURRENT_EVENTS Windows Settings Phishing Landing Jul 22 (current_events.rules)

Pro:

2825526 - ETPRO CURRENT_EVENTS Evil Redirector Leading to EK Keitaro TDS Mar 17 2017 (current_events.rules)
2825527 - ETPRO TROJAN Hiloti Checkin (trojan.rules)
2825528 - ETPRO CURRENT_EVENTS Successful Gmail Phish M1 Mar 20 2017 (current_events.rules)
2825529 - ETPRO CURRENT_EVENTS Successful Gmail Phish M2 Mar 20 2017 (current_events.rules)
2825530 - ETPRO CURRENT_EVENTS Successful Gmail Phish M3 Mar 20 2017 (current_events.rules)
2825531 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Wahom.a CnC Beacon (mobile_malware.rules)
2825532 - ETPRO CURRENT_EVENTS Successful VBV Phish Mar 20 2017 (current_events.rules)
2825533 - ETPRO CURRENT_EVENTS Successful Steam Phish Mar 20 2017 (current_events.rules)
2825534 - ETPRO CURRENT_EVENTS Successful Discover Phish Mar 20 2017 (current_events.rules)
2825535 - ETPRO CURRENT_EVENTS Successful Microsoft Verify Email Phish Mar 20 2017 (current_events.rules)
2825536 - ETPRO TROJAN TorrentLocker C2 Domain (trojan.rules)
2825537 - ETPRO TROJAN TorrentLocker C2 Domain (trojan.rules)
2825538 - ETPRO TROJAN TorrentLocker C2 Domain (trojan.rules)
2825539 - ETPRO TROJAN TorrentLocker C2 Domain (trojan.rules)
2825540 - ETPRO TROJAN TorrentLocker C2 Domain (trojan.rules)
2825541 - ETPRO TROJAN TorrentLocker C2 Domain (trojan.rules)
2825542 - ETPRO MOBILE_MALWARE Trojan-SMS.AndroidOS.Agent.ol Checkin (mobile_malware.rules)
2825543 - ETPRO TROJAN MSIL/LLTP Locker Ransomware CnC Activity (trojan.rules)
2825544 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Triada.bh Checkin (mobile_malware.rules)
2825545 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Triada.bh Checkin 2 (mobile_malware.rules)
2825546 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Agent.jb CnC Beacon (mobile_malware.rules)
2825547 - ETPRO TROJAN DustySky SSL Certificate Detected (trojan.rules)
2825548 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Triada.v Checkin (mobile_malware.rules)
2825549 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Triada.v Checkin 2 (mobile_malware.rules)
2825550 - ETPRO TROJAN DustySky Downeks/Quasar/other DNS Lookup (space .support-reg.space) (trojan.rules)
2825551 - ETPRO TROJAN DustySky Downeks/Quasar/other DNS Lookup (news . net-freaks.com) (trojan.rules)

[///]     Modified active rules:     [///]

2011338 - ET TROJAN Sality Variant Downloader Activity (3) (trojan.rules)
2013942 - ET WEB_SERVER Weevely PHP backdoor detected (python_eval() function used) (web_server.rules)
2013943 - ET WEB_SERVER Weevely PHP backdoor detected (pcntl_exec() function used) (web_server.rules)
2023748 - ET CURRENT_EVENTS Evil Redirector Leading to EK EITest Inject Oct 17 2016 M4 (current_events.rules)
2024096 - ET WEB_SPECIFIC_APPS Possible Apache Struts OGNL Expression Injection (CVE-2017-5638) (Content-Disposition) M1 (web_specific_apps.rules)
2811967 - ETPRO TROJAN ReactorBot CnC Beacon (trojan.rules)
2819864 - ETPRO MOBILE_MALWARE AdWare.AndroidOS.Batmob.b Checkin (mobile_malware.rules)
2821725 - ETPRO TROJAN Win32/Agent.WTE HTTP CnC Beacon (trojan.rules)
2824934 - ETPRO WEB_CLIENT Possible Adobe Flash MP4 parsing OOB Memory Access M2 (CVE-2017-2984) (web_client.rules)
2824935 - ETPRO WEB_CLIENT Possible Adobe Flash MP4 parsing OOB Memory Access M3 (CVE-2017-2984) (web_client.rules)
2825131 - ETPRO POLICY PUP/MiPony HTTP Request (policy.rules)
2825511 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Triada.bd Checkin (mobile_malware.rules)

[---]         Removed rules:         [---]

2021918 - ET TROJAN DustySky Checkin (trojan.rules)
2024094 - ET WEB_SPECIFIC_APPS Possible Apache Struts OGNL Expression Injection (CVE-2017-5638) (Content-Length) M1 (web_specific_apps.rules)
2024095 - ET WEB_SPECIFIC_APPS Possible Apache Struts OGNL Expression Injection (CVE-2017-5638) (Content-Length) M2 (web_specific_apps.rules)
2024097 - ET WEB_SPECIFIC_APPS Possible Apache Struts OGNL Expression Injection (CVE-2017-5638) (Content-Disposition) M2 (web_specific_apps.rules)
2815336 - ETPRO TROJAN Unknown CnC Upload (trojan.rules)
2821335 - ETPRO CURRENT_EVENTS Windows Settings Phishing Landing Jul 22 (current_events.rules)
 

Date: 
Tuesday, March 21, 2017 - 00:00