Daily Ruleset Update Summary 2017/06/01

[***] Summary: [***]

1 new Open signature, 36 new Pro (1 + 35). CVE-2017-8917, Carbanak, Hidden-Tear, VARIOUS PHISHING.

[+++]          Added rules:          [+++]

Open:

2024342 - ET WEB_SPECIFIC_APPS Joomla 3.7.0 - Sql Injection (CVE-2017-8917) (web_specific_apps.rules)

Pro:

2826558 - ETPRO CURRENT_EVENTS Obfuscated Phishing Landing - Observed in Office 365 Phish May 31 2017 (current_events.rules)
2826559 - ETPRO CURRENT_EVENTS Outlook 365 Phishing Landing Request May 31 2017 (current_events.rules)
2826560 - ETPRO CURRENT_EVENTS Successful Santander Phish May 31 2017 (current_events.rules)
2826561 - ETPRO CURRENT_EVENTS Successful Orange.fr Phish May 31 2017 (current_events.rules)
2826562 - ETPRO TROJAN Hidden-Tear Ransomware Variant CnC Checkin (trojan.rules)
2826563 - ETPRO CURRENT_EVENTS Successful Chase Phish M1 May 31 2017 (current_events.rules)
2826564 - ETPRO CURRENT_EVENTS Successful Chase Phish M2 May 31 2017 (current_events.rules)
2826565 - ETPRO CURRENT_EVENTS Possible Successful Generic Phish (set) May 31 2017 (current_events.rules)
2826566 - ETPRO CURRENT_EVENTS Successful Office 365 Phish May 31 2017 (current_events.rules)
2826567 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 134 (mobile_malware.rules)
2826568 - ETPRO MOBILE_MALWARE Android.Adware.Vsaas.A Checkin (mobile_malware.rules)
2826569 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 135 (mobile_malware.rules)
2826570 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 136 (mobile_malware.rules)
2826571 - ETPRO MOBILE_MALWARE Trojan-SMS.AndroidOS.FakeInst.fb CnC Beacon (mobile_malware.rules)
2826572 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmsThief.ey SMS Exfil via SMTP 2 (mobile_malware.rules)
2826573 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmsThief.ey Contact Exfil via SMTP 2 (mobile_malware.rules)
2826574 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmsThief.ju Contact/SMS Exfil via SMTP (mobile_malware.rules)
2826575 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmsThief.ju Contact/SMS Exfil via SMTP 2 (mobile_malware.rules)
2826576 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmsThief.ju Contact/SMS Exfil via SMTP 3 (mobile_malware.rules)
2826577 - ETPRO TROJAN DNS Query to Cerber Domain (1fgywm . top) (trojan.rules)
2826578 - ETPRO TROJAN DNS Query to Cerber Domain (1kraqn . top) (trojan.rules)
2826579 - ETPRO TROJAN DNS Query to Cerber Domain (fgfid6 . win) (trojan.rules)
2826580 - ETPRO TROJAN DNS Query to Cerber Domain (1dq6nd . top) (trojan.rules)
2826581 - ETPRO TROJAN DNS Query to Cerber Domain (13qgdd . top) (trojan.rules)
2826582 - ETPRO TROJAN DNS Query to Cerber Domain (1bu9xu . top) (trojan.rules)
2826583 - ETPRO TROJAN DNS Query to Cerber Domain (to6maq . win) (trojan.rules)
2826584 - ETPRO TROJAN DNS Query to Cerber Domain (1lfyy4 . top) (trojan.rules)
2826585 - ETPRO TROJAN DNS Query to Cerber Domain (metpast . site) (trojan.rules)
2826586 - ETPRO TROJAN DNS Query to Cerber Domain (lfotp5 . win) (trojan.rules)
2826587 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmForw.iz Contact Exfil via SMTP 7 (mobile_malware.rules)
2826588 - ETPRO CURRENT_EVENTS Possible Ransom Payment Page Request (local .hta Referer) (current_events.rules)
2826589 - ETPRO MALWARE MSIL/TrojanDropper.Agent Download Request (malware.rules)
2826590 - ETPRO TROJAN Malicious JS Downloader Domain in SNI (trojan.rules)
2826591 - ETPRO TROJAN APT.Debbocs CnC Beacon (trojan.rules)
2826592 - ETPRO TROJAN Carbanak VBS/GGLDR v3 CnC Beacon (trojan.rules)

[///]     Modified active rules:     [///]

2017584 - ET TROJAN Chthonic Checkin (trojan.rules)
2018543 - ET CURRENT_EVENTS Neverquest/Vawtrak Posting Data (current_events.rules)
2810016 - ETPRO MOBILE_MALWARE Trojan-SMS.AndroidOS.FakeInst.fb Checkin 4 (mobile_malware.rules)
2822329 - ETPRO TROJAN MSIL/Eskimo.A Steam PWS CnC Activity (trojan.rules)
2822890 - ETPRO TROJAN W32.Cerber Ransomware README.hta HTTP Referer (trojan.rules)
2823311 - ETPRO CURRENT_EVENTS Successful Linkedin Phish Nov 16 2016 (current_events.rules)
2823722 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmForw Checkin via SMTP (mobile_malware.rules)
2826546 - ETPRO INFO Observed DNS Query for DDNS domain (camerakeeper .tv) (info.rules)
2826555 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmsThief.hs Reporting via SMTP (mobile_malware.rules)

[---]  Disabled and modified rules:  [---]

2015561 - ET INFO PDF Using CCITTFax Filter (info.rules)

[---]         Removed rules:         [---]

2826548 - ETPRO TROJAN Observed Malicious JS Downloader SSL Cert (trojan.rules)
 

Date: 
Thursday, June 1, 2017 - 00:00