Daily Ruleset Update Summary 2017/04/24

[***]            Summary:            [***]

3 new Open, 18 new Pro (3 + 15). HoeflerText DriveBy, Edge SOP UXSS, Docm File Autolaunch from PDF, Various Phishing, Various Mobile

Thanks: Kevin Ross, Jeff H

[+++]          Added rules:          [+++]

Open:

2024236 - ET INFO SMTP PDF Attachment Flowbit Set (info.rules)
2024237 - ET CURRENT_EVENTS ElTest Exploit Kit Redirection Script (current_events.rules)
2024238 - ET CURRENT_EVENTS HoeflerText Chrome Popup DriveBy Download Attempt (current_events.rules)

Pro:

2826083 - ETPRO TROJAN Docm File Autolaunching from PDF via JS - Possible Locky/Dridex M1 (trojan.rules)
2826084 - ETPRO TROJAN Docm File Autolaunching from PDF via JS - Possible Locky/Dridex M2 (trojan.rules)
2826085 - ETPRO TROJAN Docm File Autolaunching from PDF via JS - Possible Locky/Dridex M3 (trojan.rules)
2826086 - ETPRO CURRENT_EVENTS Successful Navy Federal Phish Apr 21 2017 (current_events.rules)
2826087 - ETPRO CURRENT_EVENTS Evil Redirector Leading to Malicious Download Apr 19 2017 (current_events.rules)
2826088 - ETPRO CURRENT_EVENTS Successful Orange.fr Phish Apr 24 2017 (current_events.rules)
2826089 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 78 (mobile_malware.rules)
2826090 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 79 (mobile_malware.rules)
2826091 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 80 (mobile_malware.rules)
2826092 - ETPRO EXPLOIT Possible Edge SOP Bypass UXSS (exploit.rules)
2826093 - ETPRO MOBILE_MALWARE Android/TrojanDropper.Agent.AXD CnC Beacon (mobile_malware.rules)
2826094 - ETPRO TROJAN Unknown MalDoc Drop CnC Callback (trojan.rules)
2826095 - ETPRO CURRENT_EVENTS Successful Paypal Phish M1 Apr 24 2017 (current_events.rules)
2826096 - ETPRO CURRENT_EVENTS Successful Paypal Phish M2 Apr 24 2017 (current_events.rules)
2826097 - ETPRO CURRENT_EVENTS Successful Paypal Phish M3 Apr 24 2017 (current_events.rules)

[///]     Modified active rules:     [///]

2020786 - ET TROJAN Backdoor family PCRat/Gh0st CnC traffic (OUTBOUND) 85 (trojan.rules)
2023576 - ET TROJAN Locky CnC Checkin Dec 5 M1 (trojan.rules)
2815189 - ETPRO MOBILE_MALWARE Android/Agent.OS Checkin (mobile_malware.rules)
2826055 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Boogr.gsh DNS Lookup (mobile_malware.rules)
 

Date: 
Monday, April 24, 2017 - 00:00