Daily Ruleset Update Summary 2017/08/16

[***]            Summary:            [***]

2 new Open, 16 new Pro (2 + 14). CLDAP DDoS, CVE-2017-0037, Disdain EK, Various Phishing, Various Mobile.

Thanks: MS-iSAC (@CISecurity)

[+++]          Added rules:          [+++]

Open:

2024584 - ET DOS CLDAP Amplification Reflection (PoC based) (dos.rules)
2024585 - ET DOS Potential CLDAP Amplification Reflection (dos.rules)

Pro:

2827550 - ETPRO WEB_CLIENT MSIE/Edge Browser Type Confusion Vuln (CVE-2017-0037) (web_client.rules)
2827551 - ETPRO CURRENT_EVENTS Disdain EK Landing 2017-08-15 (current_events.rules)
2827552 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmForw.ic SMS/Contact Exfil via SMTP 11 (mobile_malware.rules)
2827553 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmForw.ic SMS/Contact Exfil via SMTP 12 (mobile_malware.rules)
2827554 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmsThief.eu SMS/Contact Exfil via SMTP (mobile_malware.rules)
2827555 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmsThief.eu SMS/Contact Exfil via SMTP 2 (mobile_malware.rules)
2827556 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmsThief.eu Reporting Infection via SMTP (mobile_malware.rules)
2827557 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmsThief.ac SMS/Contact Exfil via SMTP 3 (mobile_malware.rules)
2827558 - ETPRO CURRENT_EVENTS Successful Chase Phish M1 Aug 16 2017 (current_events.rules)
2827559 - ETPRO CURRENT_EVENTS Successful Chase Phish M2 Aug 16 2017 (current_events.rules)
2827560 - ETPRO TROJAN Cobalt Strike Malleable C2 Custom Profile (trojan.rules)
2827561 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.SmsThief.ac SMS/Contact Exfil via SMTP 4 (mobile_malware.rules)
2827562 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.ij / SmsThief SMS/Contact Exfil via SMTP (mobile_malware.rules)
2827563 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.ij / SmsThief SMS/Contact Exfil via SMTP 2 (mobile_malware.rules)

[///]     Modified active rules:     [///]

2022925 - ET CURRENT_EVENTS Tech Support Phone Scam Landing M1 Jun 29 2016 (current_events.rules)
2024547 - ET CURRENT_EVENTS Successful Square Phish Nov 16 2015 (current_events.rules)
2816347 - ETPRO CURRENT_EVENTS Successful Apple Phish Feb 22 M1 2016 (current_events.rules)
2820684 - ETPRO CURRENT_EVENTS Successful Apple Phish Jun 15 2016 (current_events.rules)
2821938 - ETPRO CURRENT_EVENTS Successful Bank of America Phish M2 Aug 31 2016 (current_events.rules)
2822710 - ETPRO CURRENT_EVENTS Successful BancoPosta Click Phish Oct 18 2016 (current_events.rules)
2822945 - ETPRO CURRENT_EVENTS Successful Bank of America Phish M1 Oct 26 2016 (current_events.rules)
2823438 - ETPRO CURRENT_EVENTS Successful Bank of America Phish M1 Nov 22 2016 (current_events.rules)
2823641 - ETPRO CURRENT_EVENTS Successful Bank of America Phish Dec 05 2016 (current_events.rules)
2823692 - ETPRO CURRENT_EVENTS Successful Banco Itau (BR) Phish M2 Dec 08 2016 (current_events.rules)
2824235 - ETPRO CURRENT_EVENTS Successful Bank of America Phish M1 Jan 05 2017 (current_events.rules)
2824404 - ETPRO CURRENT_EVENTS Successful Bank of America Phish Jan 12 2017 (current_events.rules)
2824468 - ETPRO CURRENT_EVENTS Successful Lloyds Bank Phish Jan 17 2017 (current_events.rules)
2825132 - ETPRO TROJAN Win32/TinyNuke CnC Checkin (trojan.rules)
2827010 - ETPRO TROJAN Win32/Vortex Ransomware Domain in SNI (trojan.rules)
2827442 - ETPRO EXPLOIT Microsoft JET Database Engine RCE Inbound (CVE-2017-0250) (exploit.rules)
2827511 - ETPRO TROJAN MSIL/XnxxAgent Spam Bot Version Check (trojan.rules) 
2827519 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-08-15 1) (trojan.rules)
2827520 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-08-15 2) (trojan.rules)
2827521 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-08-15 3) (trojan.rules)
2827545 - ETPRO TROJAN W32.Defray Ransomware Checkin (trojan.rules)
2024554 - ET CURRENT_EVENTS Possible Successful Generic Phish (set) Feb 26 (current_events.rules)
2024555 - ET CURRENT_EVENTS Possible Successful Generic Phish (set) Feb 26 (current_events.rules)
2024556 - ET CURRENT_EVENTS Possible Successful Generic Phish (set) Feb 26 (current_events.rules)
2024557 - ET CURRENT_EVENTS Possible Successful Generic Phish (set) Jun 8 (current_events.rules)
2024558 - ET CURRENT_EVENTS Possible Successful Generic Phish (set) Jul 13 (current_events.rules)
2024559 - ET CURRENT_EVENTS Successful Adobe Online Phish Aug 16 2016 (current_events.rules)
2024560 - ET CURRENT_EVENTS Possible Successful Generic Phish (set) Aug 19 2016 (current_events.rules)
2024561 - ET CURRENT_EVENTS Possible Successful Generic Phish (set) Sept 2 (current_events.rules)
2024562 - ET CURRENT_EVENTS Possible Successful Generic Phish (set) Oct 13 (current_events.rules)
2024563 - ET CURRENT_EVENTS Possible Successful Generic Phish (set) Oct 25 (current_events.rules)
2024564 - ET CURRENT_EVENTS Possible Successful Generic Phish (set) Oct 26 (current_events.rules)
2024565 - ET CURRENT_EVENTS Possible Successful Generic Phish (set) Nov 15 2016 (current_events.rules)
2024566 - ET CURRENT_EVENTS Possible Successful Generic Phish (set) Nov 16 2016 (current_events.rules)
2024567 - ET CURRENT_EVENTS Possible Successful Generic Phish (set) Nov 22 2016 (current_events.rules)
2024568 - ET CURRENT_EVENTS Possible Successful Generic Phish (set) Dec 07 2016 (current_events.rules)
2024569 - ET CURRENT_EVENTS Possible Successful Generic Phish (set) Dec 13 2016 (current_events.rules)
2024570 - ET CURRENT_EVENTS Possible Successful Generic Phish (set) Dec 20 2016 (current_events.rules)
2024571 - ET CURRENT_EVENTS Possible Successful Generic Phish (set) Dec 27 2016 (current_events.rules)
2024572 - ET CURRENT_EVENTS Possible Successful Generic Phish (set) Jan 03 2017 (current_events.rules)
2024573 - ET CURRENT_EVENTS Possible Successful Generic Phish (set) Jan 12 2017 (current_events.rules)
2024574 - ET CURRENT_EVENTS Possible Successful Generic Phish (set) Jan 17 2017 (current_events.rules)
2024575 - ET CURRENT_EVENTS Possible Successful Generic Phish (set) Jan 17 2017 (current_events.rules)
2024576 - ET CURRENT_EVENTS Possible Successful Generic Phish (set) May 24 2017 (current_events.rules)
2024577 - ET CURRENT_EVENTS Possible Successful Generic Phish (set) May 25 2017 (current_events.rules)
2024578 - ET CURRENT_EVENTS Possible Successful Generic Phish (set) May 31 2017 (current_events.rules)
2024579 - ET CURRENT_EVENTS Possible Successful Generic Phish (set) Jun 08 2017 (current_events.rules)
2024580 - ET CURRENT_EVENTS Possible Successful Generic Phish (set) Jul 06 2017 (current_events.rules)
2024581 - ET CURRENT_EVENTS Possible Successful Generic Phish (set) Jul 10 2017 (current_events.rules)
2024582 - ET CURRENT_EVENTS Possible Successful Generic Phish (set) Jul 11 2017 (current_events.rules)
2024583 - ET CURRENT_EVENTS Possible YapiKredi Bank (TR) Phish - Landing Page - Title over non SSL (current_events.rules)

[---]  Disabled and modified rules:  [---]

2821917 - ETPRO CURRENT_EVENTS Successful Bank of America Phish M1 Aug 30 2016 (current_events.rules)
2821918 - ETPRO CURRENT_EVENTS Successful Bank of America Phish M2 Aug 30 2016 (current_events.rules)
2822807 - ETPRO CURRENT_EVENTS Successful Bank of America Phish M1 Oct 21 2016 (current_events.rules)
2822939 - ETPRO CURRENT_EVENTS Successful Banco Itau (BR) Phish Oct 27 2016 (current_events.rules)
2824793 - ETPRO CURRENT_EVENTS Successful Banco Itau Phish Feb 06 2017 (current_events.rules)

[---]         Removed rules:         [---]

2815778 - ETPRO CURRENT_EVENTS Possible Successful Generic Phish (set) Feb 26 (current_events.rules)
2815780 - ETPRO CURRENT_EVENTS Possible Successful Generic Phish (set) Feb 26 (current_events.rules)
2816419 - ETPRO CURRENT_EVENTS Possible Successful Generic Phish (set) Feb 26 (current_events.rules)
2820535 - ETPRO CURRENT_EVENTS Possible Successful Generic Phish (set) Jun 8 (current_events.rules)
2821142 - ETPRO CURRENT_EVENTS Possible Successful Generic Phish (set) Jul 13 (current_events.rules)
2821704 - ETPRO CURRENT_EVENTS Successful Adobe Online Phish Aug 16 2016 (current_events.rules)
2821765 - ETPRO CURRENT_EVENTS Possible Successful Generic Phish (set) Aug 19 2016 (current_events.rules)
2821985 - ETPRO CURRENT_EVENTS Possible Successful Generic Phish (set) Sept 2 (current_events.rules)
2822659 - ETPRO CURRENT_EVENTS Possible Successful Generic Phish (set) Oct 13 (current_events.rules)
2822908 - ETPRO CURRENT_EVENTS Possible Successful Generic Phish (set) Oct 25 (current_events.rules)
2822915 - ETPRO CURRENT_EVENTS Possible Successful Generic Phish (set) Oct 26 (current_events.rules)
2823263 - ETPRO CURRENT_EVENTS Possible Successful Generic Phish (set) Nov 15 2016 (current_events.rules)
2823300 - ETPRO CURRENT_EVENTS Possible Successful Generic Phish (set) Nov 16 2016 (current_events.rules)
2823419 - ETPRO CURRENT_EVENTS Possible Successful Generic Phish (set) Nov 22 2016 (current_events.rules)
2823697 - ETPRO CURRENT_EVENTS Possible Successful Generic Phish (set) Dec 07 2016 (current_events.rules)
2823823 - ETPRO CURRENT_EVENTS Possible Successful Generic Phish (set) Dec 13 2016 (current_events.rules)
2823974 - ETPRO CURRENT_EVENTS Possible Successful Generic Phish (set) Dec 20 2016 (current_events.rules)
2824125 - ETPRO CURRENT_EVENTS Possible Successful Generic Phish (set) Dec 27 2016 (current_events.rules)
2824174 - ETPRO CURRENT_EVENTS Possible Successful Generic Phish (set) Jan 03 2017 (current_events.rules)
2824398 - ETPRO CURRENT_EVENTS Possible Successful Generic Phish (set) Jan 12 2017 (current_events.rules)
2824444 - ETPRO CURRENT_EVENTS Possible Successful Generic Phish (set) Jan 17 2017 (current_events.rules)
2824445 - ETPRO CURRENT_EVENTS Possible Successful Generic Phish (set) Jan 17 2017 (current_events.rules)
2826503 - ETPRO CURRENT_EVENTS Possible Successful Generic Phish (set) May 24 2017 (current_events.rules)
2826525 - ETPRO CURRENT_EVENTS Possible Successful Generic Phish (set) May 25 2017 (current_events.rules)
2826565 - ETPRO CURRENT_EVENTS Possible Successful Generic Phish (set) May 31 2017 (current_events.rules)
2826663 - ETPRO CURRENT_EVENTS Possible Successful Generic Phish (set) Jun 08 2017 (current_events.rules)
2827034 - ETPRO CURRENT_EVENTS Possible Successful Generic Phish (set) Jul 06 2017 (current_events.rules)
2827069 - ETPRO CURRENT_EVENTS Possible Successful Generic Phish (set) Jul 10 2017 (current_events.rules)
2827082 - ETPRO CURRENT_EVENTS Possible Successful Generic Phish (set) Jul 11 2017 (current_events.rules)

Date: 
Wednesday, August 16, 2017 - 00:00