Daily Ruleset Update Summary 2017/08/08

[***] Summary: [***]

13 new Open signatures, 33 new Pro (13 + 20).  CryptON/Nemesis/X3M, Upatre, VARIOUS PHISHING.

Here is our SID to CVE map for MS Tuesday (MAPP) rules:

2827442 -> CVE-2017-2050
2827443 -> CVE-2017-3106
2827444 -> CVE-2017-3113
2827445 -> CVE-2017-3115
2827446 -> CVE-2017-3118
2827447 -> CVE-2017-3121
2827448 -> CVE-2017-3122
2827449 -> CVE-2017-3123
2827450 -> CVE-2017-11241
2827451 -> CVE-2017-11259

[+++]          Added rules:          [+++]

Open:

2024516 - ET TROJAN CryptON/Nemesis/X3M Ransomware Onion Domain (trojan.rules)
2024517 - ET TROJAN CryptON/Nemesis/X3M Ransomware Onion Domain (trojan.rules)
2024518 - ET TROJAN CryptON/Nemesis/X3M Ransomware Onion Domain (trojan.rules)
2024519 - ET TROJAN CryptON/Nemesis/X3M Ransomware Onion Domain (trojan.rules)
2024520 - ET TROJAN CryptON/Nemesis/X3M Ransomware Onion Domain (trojan.rules)
2024521 - ET TROJAN CryptON/Nemesis/X3M Ransomware Onion Domain (trojan.rules)
2024522 - ET TROJAN CryptON/Nemesis/X3M Ransomware Onion Domain (trojan.rules)
2024523 - ET TROJAN CryptON/Nemesis/X3M Ransomware Onion Domain (trojan.rules)
2024524 - ET TROJAN CryptON/Nemesis/X3M Ransomware Onion Domain (trojan.rules)
2024525 - ET TROJAN CryptON/Nemesis/X3M Ransomware Onion Domain (trojan.rules)
2024526 - ET POLICY Internal Host Retrieving External IP Address (monip.outils-rezo. info) (policy.rules)
2024527 - ET POLICY Observed Dns Query to IP Lookup Domain (ipapi .co) (policy.rules)
2024528 - ET TROJAN MSIL/Agent.ATS CnC Activity (trojan.rules)

Pro:

2827442 - ETPRO EXPLOIT Microsoft JET Database Engine RCE Inbound (CVE-2017-2050) (exploit.rules)
2827443 - ETPRO EXPLOIT Adobe Flash Type Confusion (CVE-2017-3106) (exploit.rules)
2827444 - ETPRO WEB_CLIENT Adobe Reader Use After Free CVE-2017-3113 (web_client.rules)
2827445 - ETPRO WEB_CLIENT Adobe Reader Information Disclosure (CVE-2017-3115) (web_client.rules)
2827446 - ETPRO WEB_CLIENT Adobe Reader Security Bypass (CVE-2017-3118) (web_client.rules)
2827447 - ETPRO EXPLOIT Adobe EMF File Heap Overflow Vulnerability Inbound (CVE-2017-3121) (exploit.rules)
2827448 - ETPRO WEB_CLIENT Adobe Reader Memory Corruption (CVE-2017-3122) (web_client.rules)
2827449 - ETPRO EXPLOIT Adobe EMF File Memory Corrpution Vulnerability Inbound (CVE-2017-3123) (exploit.rules)
2827450 - ETPRO EXPLOIT Adobe EMF File Memory Corrpution Vulnerability Inbound (CVE-2017-11241) (exploit.rules)
2827451 - ETPRO EXPLOIT Adobe EMF File Memory Corrpution Vulnerability Inbound (CVE-2017-11259) (exploit.rules)
2827452 - ETPRO CURRENT_EVENTS Successful UBS Phish Aug 08 2017 (current_events.rules)
2827453 - ETPRO MALWARE PUP/PUA WeatherBuddy Install Checkin (malware.rules)
2827454 - ETPRO TROJAN DNS Query For Known Upatre Downloader Domain (maitikio . com) (trojan.rules)
2827455 - ETPRO TROJAN DNS Query For Known Upatre Downloader Domain (cry-havok . org) (trojan.rules)
2827456 - ETPRO MOBILE_MALWARE Android.Trojan.DDLight.E Checkin (mobile_malware.rules)
2827457 - ETPRO CURRENT_EVENTS Successful Fidelity Phish M1 Aug 08 2017 (current_events.rules)
2827458 - ETPRO CURRENT_EVENTS Successful Fidelity Phish M2 Aug 08 2017 (current_events.rules)
2827459 - ETPRO CURRENT_EVENTS Successful Landesbank Berlin (DE) Phish Aug 08 2017 (current_events.rules)
2827460 - ETPRO TROJAN Win32/CoinMiner.ALH CnC Checkin Attempt (trojan.rules)
2827461 - ETPRO MALWARE Win32/Funshion Adware Install Checkin (malware.rules)

[///]     Modified active rules:     [///]

2014726 - ET POLICY Outdated Flash Version M1 (policy.rules)
2024379 - ET POLICY Outdated Flash Version M2 (policy.rules)

Date: 
Tuesday, August 8, 2017 - 00:00