Daily Ruleset Update Summary 2017/06/13

[***]            Summary:            [***]

4 new Open, 36 new Pro (4 + 32). MAPP, Various Phishing, Various Mobile.

Thanks: @nao_sec

CVE to ET Sid mapping for MAPP:

2826724->CVE-2017-8464
2826725->CVE-2017-0215
2826726->CVE-2017-8496
2826727->CVE-2017-8497
2826728->CVE-2017-8524
2826729->CVE-2017-8529
2826730->CVE-2017-8547
2826731->CVE-2017-3078
2826732->CVE-2017-3079
2826733->CVE-2017-3079
2826734->CVE-2017-3081
2826735->CVE-2017-3081
2826736->CVE-2017-3081
2826737->CVE-2017-3082
2826738->CVE-2017-3083
2826739->CVE-2017-3084
2826740->CVE-2009-2526
2826741->CVE-2017-7269

Remember, you can manage your mailing list preferences here:
https://lists.emergingthreats.net/mailman/listinfo/emerging-sigs


[+++]          Added rules:          [+++]

Open:

2024378 - ET TROJAN X-Malware-Sinkhole Header in HTTP Response (trojan.rules)
2024379 - ET POLICY Outdated Flash Version M2 (policy.rules)
2024380 - ET CURRENT_EVENTS Nemucod JS Downloader June 122017 (current_events.rules)
2024381 - ET CURRENT_EVENTS RIG EK URI Struct Jun 132017 (current_events.rules)

Pro:

2826710 - ETPRO CURRENT_EVENTS Successful OWA Phish Jun 122017 (current_events.rules)
2826711 - ETPRO CURRENT_EVENTS Successful Navy Federal Credit Union Phish M1 Jun 122017 (current_events.rules)
2826712 - ETPRO CURRENT_EVENTS Successful Navy Federal Credit Union Phish M2 Jun 122017 (current_events.rules)
2826713 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 147 (mobile_malware.rules)
2826714 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 148 (mobile_malware.rules)
2826715 - ETPRO MOBILE_MALWARE Android GhostPush Checkin 8 (mobile_malware.rules)
2826716 - ETPRO MOBILE_MALWARE Trojan-Clicker.AndroidOS.Simpo.bq CnC Beacon (mobile_malware.rules)
2826717 - ETPRO MOBILE_MALWARE Trojan-Clicker.AndroidOS.Simpo.az CnC Beacon (mobile_malware.rules)
2826718 - ETPRO MOBILE_MALWARE Trojan-Clicker.AndroidOS.Simpo.az CnC Beacon 2 (mobile_malware.rules)
2826719 - ETPRO TROJAN Andromeda CnC 3 (trojan.rules)
2826720 - ETPRO MOBILE_MALWARE Android BankBot Checkin 11 (mobile_malware.rules)
2826721 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmsThief.dj SMS Exfil via SMTP 7 (mobile_malware.rules)
2826722 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmsThief.dj Contact Exfil via SMTP 5 (mobile_malware.rules)
2826723 - ETPRO TROJAN Win32/Filecoder CnC Beacon (trojan.rules)
2826724 - ETPRO EXPLOIT Windows 10 LNK RCE (CVE-2017-8464) (exploit.rules)
2826725 - ETPRO EXPLOIT Windows Device Guard Code Integrity Policy Security Feature Bypass Vulnerability (CVE-2017-0215) (exploit.rules)
2826726 - ETPRO WEB_CLIENT MS Edge UAF (CVE-2017-8496) (web_client.rules)
2826727 - ETPRO WEB_CLIENT Edge Type Confusion RCE Vuln (CVE-2017-8497) (web_client.rules)
2826728 - ETPRO WEB_CLIENT Edge Type Confusion Vuln (CVE-2017-8524) (web_client.rules)
2826729 - ETPRO WEB_CLIENT Print Preview Info Disclosure Vuln (CVE-2017-8529) (web_client.rules)
2826730 - ETPRO WEB_CLIENT Print Preview Info Disclosure Vuln (CVE-2017-8547) (web_client.rules)
2826731 - ETPRO EXPLOIT Adobe ATF Memory Corruption (CVE-2017-3078) (exploit.rules)
2826732 - ETPRO EXPLOIT Adobe Flash Raster OOB M1 (CVE-2017-3079) (exploit.rules)
2826733 - ETPRO EXPLOIT Adobe Flash Raster OOB M2 (CVE-2017-3079) (exploit.rules)
2826734 - ETPRO EXPLOIT Adobe Flash Display List Structure UAF M1 (CVE-2017-3081) (exploit.rules)
2826735 - ETPRO EXPLOIT Adobe Flash Display List Structure UAF M2 (CVE-2017-3081) (exploit.rules)
2826736 - ETPRO EXPLOIT Adobe Flash Display List Structure UAF M3 (CVE-2017-3081) (exploit.rules)
2826737 - ETPRO EXPLOIT Adobe Flash Memory Corruption (CVE-2017-3082) (exploit.rules)
2826738 - ETPRO EXPLOIT Adobe Flash Primtime SDK UAF (CVE-2017-3083) (exploit.rules)
2826739 - ETPRO EXPLOIT Adobe Flash AdvertisingMetadata UAF (CVE-2017-3084) (exploit.rules)
2826740 - ETPRO DOS SMB2 CPU exhaustion (CVE-2009-2526) (dos.rules)
2826741 - ETPRO EXPLOIT Windows IIS Webdav RCE (CVE-2017-7269) (exploit.rules)

[///]     Modified active rules:     [///]

2014726 - ET POLICY Outdated Flash Version M1 (policy.rules)
2018028 - ET TROJAN W32/Madness Checkin (trojan.rules)
2024364 - ET SCAN Possible Nmap User-Agent Observed (scan.rules)
2826677 - ETPRO MOBILE_MALWARE Android BankBot Checkin 9 (mobile_malware.rules)
2826678 - ETPRO MOBILE_MALWARE Android BankBot Checkin 10 (mobile_malware.rules)
2826704 - ETPRO TROJAN OSX/Spy.MacSpy DNS Query (trojan.rules)

[---]         Removed rules:         [---]

2024083 - ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL Certificate Detected (Gozi MITM) (trojan.rules)
 

Date: 
Tuesday, June 13, 2017 - 00:00