Daily Ruleset Update Summary 2017/04/10

[***]            Summary:            [***]

5 new Open, 18 new Pro (5 + 13). CVE-2017-3881, RTF 0-day, Various Android

Thanks: MS_ISAC, @rmkml

[+++]          Added rules:          [+++]

2024192 - ET EXPLOIT Possible RTF 0-day HTA (exploit.rules)
2024193 - ET EXPLOIT Possible RTF 0-day HTA M2 (exploit.rules)
2024194 - ET EXPLOIT Cisco Catalyst Remote Code Execution (CVE-2017-3881) (exploit.rules)
2024195 - ET WEB_CLIENT HTA File Download Flowbit Set (web_client.rules)
2024196 - ET WEB_CLIENT HTA File containing Wscript.Shell Call - Potential Office Exploit Attempt (web_client.rules)
2825831 - ETPRO CURRENT_EVENTS RIG EK Landing Apr 04 2017 (current_events.rules)
2825832 - ETPRO MALWARE PUP Adware/Kraddare HTTP Request (malware.rules)
2825833 - ETPRO TROJAN Possible Win32/PSWTool.WebBrowserPassView.B Download From Free Hosting Service (trojan.rules)
2825834 - ETPRO MOBILE_MALWARE Android/SMForw.AC SMS Exfil (mobile_malware.rules)
2825835 - ETPRO MOBILE_MALWARE Android/Styricka.A CnC Beacon (mobile_malware.rules)
2825836 - ETPRO MOBILE_MALWARE Android/Koler.AS DNS Lookup (mobile_malware.rules)
2825837 - ETPRO MOBILE_MALWARE Android/Koler.AS DNS Lookup 2 (mobile_malware.rules)
2825838 - ETPRO MOBILE_MALWARE Android/Koler.AS DNS Lookup 3 (mobile_malware.rules)
2825839 - ETPRO MOBILE_MALWARE Android/Koler.AS DNS Lookup 4 (mobile_malware.rules)
2825840 - ETPRO MOBILE_MALWARE Android/Koler.AS DNS Lookup 5 (mobile_malware.rules)
2825841 - ETPRO MOBILE_MALWARE Android/Koler.AS DNS Lookup 6 (mobile_malware.rules)
2825842 - ETPRO MOBILE_MALWARE Android/Koler.AS DNS Lookup 7 (mobile_malware.rules)
2825843 - ETPRO MOBILE_MALWARE Android/SMForw.RI CnC Beacon (mobile_malware.rules)

[///]     Modified active rules:     [///]

2011341 - ET TROJAN Suspicious POST With Reference to WINDOWS Folder Possible Malware Infection (trojan.rules)
2017627 - ET TROJAN W32/Kegotip CnC Beacon (trojan.rules)
2023583 - ET TROJAN Known Malicious Doc Downloading Payload Dec 06 2016 (trojan.rules)
2825826 - ETPRO TROJAN Bitcoin Miner Known Malicious Basic Auth (trojan.rules)

[---]         Disabled rules:        [---]

2012941 - ET CURRENT_EVENTS Phoenix Exploit Kit Newplayer.pdf (current_events.rules)
2024083 - ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL Certificate Detected (Gozi MITM) (trojan.rules)
 

Date: 
Monday, April 10, 2017 - 00:00