Daily Ruleset Update Summary 2017/06/29

[***]            Summary:            [***]

2 new Open, 30 new Pro (2 + 28). Suspicious FTP RETR to .hta, Possible WINS Server Remote Memory Corruption Vulnerability, Various Phishing, Various Mobile.

Thanks: @lowson

[+++]          Added rules:          [+++]

Open:

2024434 - ET CURRENT_EVENTS Suspicious FTP RETR to .hta file possible exploit (CVE-2017-0199) (current_events.rules)
2024435 - ET EXPLOIT Possible WINS Server Remote Memory Corruption Vulnerability (exploit.rules)

Pro:

2826846 - ETPRO MALWARE Win32/Mail.ru Downloader PUA (malware.rules)
2826928 - ETPRO TROJAN MSIL/SprRapty CnC Checkin (trojan.rules)
2826929 - ETPRO TROJAN MSIL/SprRapty Sending Screenshots (trojan.rules)
2826930 - ETPRO POLICY XMRig CoinMiner Usage (policy.rules)
2826931 - ETPRO TROJAN Idicaf CnC Beacon (trojan.rules)
2826932 - ETPRO MOBILE_MALWARE Android/Fobus.BD Checkin (mobile_malware.rules)
2826933 - ETPRO MOBILE_MALWARE Android/Fobus.BD Retrieving IP (mobile_malware.rules)
2826934 - ETPRO CURRENT_EVENTS Successful Stanford Phish Jun 29 2017 (current_events.rules)
2826935 - ETPRO CURRENT_EVENTS Successful 1&1 Phish Jun 29 2017 (current_events.rules)
2826936 - ETPRO CURRENT_EVENTS Successful Navy Federal Phish Jun 29 2017 (current_events.rules)
2826937 - ETPRO CURRENT_EVENTS Successful Adobe PDF Phish Jun 29 2017 (current_events.rules)
2826938 - ETPRO CURRENT_EVENTS Successful Comerica Bank Phish M1 Jun 29 2017 (current_events.rules)
2826939 - ETPRO CURRENT_EVENTS Successful Comerica Bank Phish M2 Jun 29 2017 (current_events.rules)
2826940 - ETPRO TROJAN AgentTesla Reporting Infection via FTP (trojan.rules)
2826941 - ETPRO TROJAN AgentTesla Sending Screenshot via FTP (trojan.rules)
2826942 - ETPRO CURRENT_EVENTS Successful Royal Bank of Scotland Phish M1 Jun 29 2017 (current_events.rules)
2826943 - ETPRO CURRENT_EVENTS Successful Royal Bank of Scotland Phish M2 Jun 29 2017 (current_events.rules)
2826944 - ETPRO CURRENT_EVENTS Successful Royal Bank of Scotland Phish M3 Jun 29 2017 (current_events.rules)
2826945 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmForw.aa Contact Exfil via SMTP 2 (mobile_malware.rules)
2826946 - ETPRO CURRENT_EVENTS Successful UPS Phish Jun 29 2017 (current_events.rules)
2826947 - ETPRO CURRENT_EVENTS Successful TD Bank Phish Jun 29 2017 (current_events.rules)
2826948 - ETPRO CURRENT_EVENTS Possible Netflix Phishing Landing - Title over non SSL (current_events.rules)
2826949 - ETPRO CURRENT_EVENTS Successful Netflix Phish M1 Jun 29 2017 (current_events.rules)
2826950 - ETPRO CURRENT_EVENTS Successful Netflix Phish M2 Jun 29 2017 (current_events.rules)
2826951 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmsThief.hs SMS/Contact via SMTP 2 (mobile_malware.rules)
2826952 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmsThief.hs SMS/Contact via SMTP 3 (mobile_malware.rules)
2826953 - ETPRO CURRENT_EVENTS Successful Chase Phish Jun 29 2017 (current_events.rules)
2826954 - ETPRO MOBILE_MALWARE Android Unknown Trojan Reporting via SMTP (mobile_malware.rules)

[///]     Modified active rules:     [///]

2825239 - ETPRO TROJAN Lets Encrypt Free SSL Cert Observed in Possible Apple Phishing (trojan.rules)

[---]         Removed rules:         [---]

2826846 - ETPRO TROJAN Win32/Mail.ru Downloader PUA (trojan.rules)

Date: 
Thursday, June 29, 2017 - 00:00