Daily Ruleset Update Summary 2017/08/02

[***]            Summary:            [***]

4 new Open, 12 new Pro (4 + 9). SMBLoris, JS_POWMET, Foudre, Various Mobile.

[+++]          Added rules:          [+++]

Open:

2024509 - ET MOBILE_MALWARE ANDROIDOS_LEAKERLOCKER.HRX DNS Lookup (mobile_malware.rules)
2024510 - ET DOS Possible SMBLoris NBSS Length Mem Exhaustion Vuln Inbound (dos.rules)
2024511 - ET DOS SMBLoris NBSS Length Mem Exhaustion Attempt (PoC Based) (dos.rules)
2024512 - ET TROJAN Observed Malicious Domain SSL Cert in SNI (JS_POWMET) (trojan.rules)

Pro:

2827371 - ETPRO TROJAN MSIL/TbhBot CnC Checkin (trojan.rules)
2827372 - ETPRO TROJAN Observed Malicious SSL Cert (Orcus RAT CnC) (trojan.rules)
2827373 - ETPRO TROJAN Win32 Unknown CnC Activity (trojan.rules)
2827374 - ETPRO TROJAN Win32/CoinMiner.ALH CnC Checkin Attempt (trojan.rules)
2827375 - ETPRO TROJAN Foudre Checkin 2 (trojan.rules)
2827376 - ETPRO TROJAN Foudre Checkin 1 (trojan.rules)
2827377 - ETPRO MOBILE_MALWARE Trojan-Downloader.AndroidOS.Agent.dj / ANDROIDOS_LEAKERLOCKER.HRX CnC Beacon (mobile_malware.rules)
2827378 - ETPRO MOBILE_MALWARE Android/Triada.DX Checkin (mobile_malware.rules)
2827379 - ETPRO MOBILE_MALWARE Android/Triada.DX Checkin 2 (mobile_malware.rules)

[///]     Modified active rules:     [///]

2019842 - ET WEB_CLIENT Possible Internet Explorer VBscript CVE-2014-6332 multiple redim preserve (web_client.rules)
2022484 - ET CURRENT_EVENTS RIG encrypted payload M1 Feb 02 2016 (current_events.rules)
2806798 - ETPRO POLICY securityxploded malware retrieval UA (policy.rules)
2806799 - ETPRO POLICY securityxploded malware retrieval URI (policy.rules)
2814466 - ETPRO TROJAN ZxShell FileMG Command (trojan.rules)
2820876 - ETPRO TROJAN W32/FusionCoreDownldr.A2 Checkin (trojan.rules)
2821893 - ETPRO MOBILE_MALWARE Trojan-Downloader.AndroidOS.Agent.dj Checkin (mobile_malware.rules)
2821894 - ETPRO MOBILE_MALWARE Trojan-Downloader.AndroidOS.Agent.dj Checkin 2 (mobile_malware.rules)

Date: 
Wednesday, August 2, 2017 - 00:00