Daily Ruleset Update Summary 2017/06/19

[***]            Summary:            [***]

11 new Open, 28 new Pro (11 + 17). Pegasus DNS Lookups, CVE-2017-8514, Various Mobile.

[+++]          Added rules:          [+++]

Open:

2024405 - ET TROJAN Possible Pegasus Related DNS Lookup (secure-access10 .mx) (trojan.rules)
2024406 - ET TROJAN Possible Pegasus Related DNS Lookup (network190 .com) (trojan.rules)
2024407 - ET TROJAN Possible Pegasus Related DNS Lookup (mymensaje-sms .com) (trojan.rules)
2024408 - ET TROJAN Possible Pegasus Related DNS Lookup (smscentro .com) (trojan.rules)
2024409 - ET TROJAN Possible Pegasus Related DNS Lookup (ideas-telcel . com.mx) (trojan.rules)
2024410 - ET TROJAN Possible Pegasus Related DNS Lookup (twiitter .com.mx) (trojan.rules)
2024411 - ET MOBILE_MALWARE Android.Dropper.Abd Checkin (mobile_malware.rules)
2024412 - ET EXPLOIT Possible SharePoint XSS (CVE-2017-8514) Inbound (exploit.rules)
2024413 - ET CURRENT_EVENTS CVE-2017-0199 Common Obfus Stage 2 DL (current_events.rules)
2024414 - ET CURRENT_EVENTS RIG EK Broken/Filtered Payload Download Jun 19 2017 (current_events.rules)
2024415 - ET WEB_CLIENT Possible BeEF Module in use (web_client.rules)

Pro:

2826783 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 152 (mobile_malware.rules)
2826784 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 153 (mobile_malware.rules)
2826785 - ETPRO MOBILE_MALWARE Trojan-PSW.AndroidOS.Inazun.h CnC Beacon (mobile_malware.rules)
2826786 - ETPRO MOBILE_MALWARE Trojan-PSW.AndroidOS.Inazun.h CnC Beacon 2 (mobile_malware.rules)
2826787 - ETPRO TROJAN Unknown Targeted MSIL Payload CnC Beacon (trojan.rules)
2826788 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmsThief.fh Contact Exfil via SMTP (mobile_malware.rules)
2826789 - ETPRO TROJAN DNS Query to Cerber Domain (1p5fwl . top) (trojan.rules)
2826790 - ETPRO TROJAN DNS Query to Cerber Domain (086ux2 . top) (trojan.rules)
2826791 - ETPRO TROJAN DNS Query to Cerber Domain (12nwsv . top) (trojan.rules)
2826792 - ETPRO TROJAN DNS Query to Cerber Domain (1gqrpq . top) (trojan.rules)
2826793 - ETPRO TROJAN DNS Query to Cerber Domain (15u3kg . top) (trojan.rules)
2826794 - ETPRO TROJAN DNS Query to Cerber Domain (11bwgu . top) (trojan.rules)
2826795 - ETPRO TROJAN DNS Query to Cerber Domain (bcjl1h . top) (trojan.rules)
2826796 - ETPRO TROJAN DNS Query to Cerber Domain (uwckha . top) (trojan.rules)
2826797 - ETPRO TROJAN DNS Query to Cerber Domain (1gredn . top) (trojan.rules)
2826798 - ETPRO TROJAN DNS Query to Cerber Domain (1aqq5k . top) (trojan.rules)
2826799 - ETPRO TROJAN Win32/TrojanDownloader.Blocrypt Checkin 2 (trojan.rules)

[///]     Modified active rules:     [///]

2018303 - ET CURRENT_EVENTS Possible iTunes Phishing Landing - Title over non SSL (current_events.rules)
2020332 - ET CURRENT_EVENTS Possible Dropbox Phishing Landing - Title over non SSL (current_events.rules)
2815145 - ETPRO CURRENT_EVENTS Possible Chase Phishing Landing - Title over non SSL (current_events.rules)
 

Date: 
Monday, June 19, 2017 - 00:00