Daily Ruleset Update Summary 2017/05/08

[***]            Summary:            [***]

3 new Open, 19 new Pro (3 + 16). NewHT Ransomware, IsmDoor, Intel AMT, Various Mobile.

Thanks: @esentire

[+++]          Added rules:          [+++]

Open:

2024280 - ET TROJAN MSIL/NewHT Ransomware CnC Checkin (trojan.rules)
2024281 - ET TROJAN Known Hostile Domain ant.trenz .pl Lookup (trojan.rules)
2024282 - ET EXPLOIT Intel AMT Login Attempt Detected (CVE 2017-5689) (exploit.rules)

Pro:

2826282 - ETPRO TROJAN IsmDoor DNS C2 Domain Name (trojan.rules)
2826283 - ETPRO TROJAN IsmDoor DNS C2 Domain Name (trojan.rules)
2826284 - ETPRO TROJAN IsmDoor DNS C2 Initial Data Sent (trojan.rules)
2826285 - ETPRO TROJAN IsmDoor DNS C2 Checkin Stage 3 (trojan.rules)
2826286 - ETPRO TROJAN IsmDoor DNS C2 Checkin Stage 4 (trojan.rules)
2826287 - ETPRO TROJAN IsmDoor DNS C2 Checkin Stage 5 (trojan.rules)
2826288 - ETPRO TROJAN IsmDoor DNS C2 Domain Name (trojan.rules)
2826289 - ETPRO TROJAN IsmDoor DNS C2 Domain Name (trojan.rules)
2826290 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmsThief.mk Reporting via SMTP 4 (mobile_malware.rules)
2826291 - ETPRO CURRENT_EVENTS Successful Dropbox Phish May 08 2017 (current_events.rules)
2826292 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmsThief.ac Contact Exfil via SMTP 3 (mobile_malware.rules)
2826293 - ETPRO TROJAN Win32/Bondnet Checkin (trojan.rules)
2826294 - ETPRO MOBILE_MALWARE Android.Trojan.Lotus.A GPS Location Exfil via SMTP (mobile_malware.rules)
2826295 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmsThief.dj SMS/Contact Exfil via SMTP (mobile_malware.rules)
2826296 - ETPRO TROJAN PowerShell/TrojanDownloader.Agent.AP Checkin (trojan.rules)
2826297 - ETPRO TROJAN PowerShell/TrojanDownloader.Agent.AP Checkin (trojan.rules)

[///]     Modified active rules:     [///]

2001622 - ET ACTIVEX winhlp32 ActiveX control attack - phase 1 (activex.rules)
2001623 - ET ACTIVEX winhlp32 ActiveX control attack - phase 2 (activex.rules)
2001624 - ET ACTIVEX winhlp32 ActiveX control attack - phase 3 (activex.rules)
2012730 - ET TROJAN Known Hostile Domain ilo.brenz .pl Lookup (trojan.rules)
2015559 - ET CURRENT_EVENTS Cridex Self Signed SSL Certificate (TR Some-State Internet Widgits) (current_events.rules)
2826233 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmForw.iz Contact Exfil via SMTP 2 (mobile_malware.rules)
2826281 - ETPRO TROJAN IsmDoor DNS C2 Initial Checkin (trojan.rules)

[---]         Disabled rules:        [---]

2024277 - ET WEB_SPECIFIC_APPS Wordpress Host Header Injection (CVE-2016-10033) M1 (web_specific_apps.rules)

[---]         Removed rules:         [---]

2826235 - ETPRO SCAN Possible Intel AMT Login Attempt Detected (scan.rules)
2826250 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmsThief.mk Reporting via SMTP 2 (mobile_malware.rules)
 

Date: 
Monday, May 8, 2017 - 00:00