Daily Ruleset Update Summary 2017/07/11

[***]            Summary:            [***]

3 new Open, 38 new Pro (3 + 35). MAPP, Andromeda HTA Downloader, Various Phishing, Various Mobile.

Thanks: @malwrhunterteam

CVE to ET Sid mapping for MAPP:

2827087 -> CVE-2017-3099
2827088 -> CVE-2017-3099
2827089 -> CVE-2017-3100
2827090 -> CVE-2017-0243
2827091 -> CVE-2017-8577
2827092 -> CVE-2017-8578
2827093 -> CVE-2017-8524
2827094 -> CVE-2017-8598
2827095 -> CVE-2017-8601
2827096 -> CVE-2017-8605
2827097 -> CVE-2017-8617
2827098 -> CVE-2017-8618
2827099 -> CVE-2017-8619

[+++]          Added rules:          [+++]

Open:

2024453 - ET CURRENT_EVENTS Possible Capitech Internet Banking Phishing Landing - Title over non SSL (current_events.rules)
2024454 - ET TROJAN CoinMiner Known Malicious Stratum Authline (2017-07-11) (trojan.rules)
2024455 - ET TROJAN MSIL/Unk.Stealer Data Exfil Via HTTP (trojan.rules)

Pro:

2827072 - ETPRO TROJAN Cerber Blockchain Query 2 (trojan.rules)
2827073 - ETPRO CURRENT_EVENTS Successful Norton Email Scan Phish Jul 11 2017 (current_events.rules)
2827074 - ETPRO CURRENT_EVENTS Successful Norton Email Scan Phish - Payment Information Submitted Jul 11 2017 (current_events.rules)
2827075 - ETPRO CURRENT_EVENTS Successful Blockchain Phish Jul 11 2017 (current_events.rules)
2827076 - ETPRO CURRENT_EVENTS Successful Capitec Internet Banking Phish Jul 11 2017 (current_events.rules)
2827077 - ETPRO CURRENT_EVENTS Successful Banco do Brasil Phish M1 Jul 11 2017 (current_events.rules)
2827078 - ETPRO CURRENT_EVENTS Successful Banco do Brasil Phish M2 Jul 11 2017 (current_events.rules)
2827079 - ETPRO CURRENT_EVENTS Successful Banco do Brasil Phish M3 Jul 11 2017 (current_events.rules)
2827080 - ETPRO CURRENT_EVENTS Successful Blockchain Phish - POST to Title over non SSL (current_events.rules)
2827081 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 174 (mobile_malware.rules)
2827082 - ETPRO CURRENT_EVENTS Possible Successful Generic Phish (set) Jul 11 2017 (current_events.rules)
2827083 - ETPRO CURRENT_EVENTS Successful OWA Phish Jul 11 2017 (current_events.rules)
2827084 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmForw.iz SMS/Contact Exfil via SMTP 3 (mobile_malware.rules)
2827085 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmsThief.ic SMS/Contact Exfil via SMTP 3 (mobile_malware.rules)
2827086 - ETPRO CURRENT_EVENTS Possible Watering Hole Targeting Energy Industry Jul 11 2017 (current_events.rules)
2827087 - ETPRO EXPLOIT Adobe Flash Action Script 3 OOB flowbits set (CVE-2017-3099) (exploit.rules)
2827088 - ETPRO EXPLOIT Adobe Flash Action Script 3 OOB (CVE-2017-3099) (exploit.rules)
2827089 - ETPRO EXPLOIT Action Script 2 BitmapData OOB (CVE-2017-3100) (exploit.rules)
2827090 - ETPRO EXPLOIT MS Word Memory Corruption Vuln (CVE-2017-0243) (exploit.rules)
2827091 - ETPRO WEB_CLIENT MS Windows Unsane Memory Access Vuln (CVE-2017-8577) (web_client.rules)
2827092 - ETPRO WEB_CLIENT MS Windows Unsane Memory Access Vuln (CVE-2017-8578) (web_client.rules)
2827093 - ETPRO WEB_CLIENT IE11 Type Confusion Vuln (CVE-2017-8524) (web_client.rules)
2827094 - ETPRO WEB_CLIENT MS Edge Uninitialized Memory Vuln (CVE-2017-8598) (web_client.rules)
2827095 - ETPRO WEB_CLIENT MS Edge Chakra Core Type Confusion Vuln (CVE-2017-8601) (web_client.rules)
2827096 - ETPRO WEB_CLIENT MS Edge Use-After-Free Vuln (CVE-2017-8605) (web_client.rules)
2827097 - ETPRO WEB_CLIENT MS Edge Type Confusion Vuln (CVE-2017-8617) (web_client.rules)
2827098 - ETPRO WEB_CLIENT MS Edge Out-of-Bounds Vuln (CVE-2017-8618) (web_client.rules)
2827099 - ETPRO WEB_CLIENT MS Edge Out-of-Bounds Write Vuln (CVE-2017-8619) (web_client.rules)
2827100 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmForw.ic SMS/Contact Exfil via SMTP 4 (mobile_malware.rules)
2827101 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmForw.iz SMS/Contact Exfil via SMTP 4 (mobile_malware.rules)
2827102 - ETPRO CURRENT_EVENTS Successful Schoolmessenger Phish Jul 11 2017 (current_events.rules)
2827103 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmForw.ic SMS/Contact Exfil via SMTP 5 (mobile_malware.rules)
2827104 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmForw.ic SMS/Contact Exfil via SMTP 6 (mobile_malware.rules)
2827105 - ETPRO TROJAN Andromeda HTA Downloader Stage 1 (trojan.rules)
2827106 - ETPRO TROJAN Andromeda HTA Downloader Stage 3 (trojan.rules)

[///]     Modified active rules:     [///]

2823624 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmForw.iz Contacts Exfil via SMTP (mobile_malware.rules)
2826518 - ETPRO TROJAN DNS Query matching Cerber Domain Format (trojan.rules)
2827005 - ETPRO MALWARE W32.DriverPack PUP Checkin (malware.rules)

[---]         Disabled rules:        [---]

2013289 - ET POLICY MOBILE Apple device leaking UDID from SpringBoard (policy.rules)

[---]         Removed rules:         [---]

2023676 - ET TROJAN Cerber Bitcoin Address Check (trojan.rules)
2822804 - ETPRO TROJAN DiamondFox HTTP POST CnC Checkin 2 (trojan.rules)

Date: 
Tuesday, July 11, 2017 - 00:00