Daily Ruleset Update Summary 2017/09/06

[***]            Summary:            [***]

5 new Open, 17 new Pro (5 + 12). Apache Struts 2 REST Plugin XStream RCE, KONNI, Various Mobile.

Thanks: Nathan Fowler, @MalwrHunterTeam

[+++]          Added rules:          [+++]

Open:

2024663 - ET EXPLOIT Apache Struts 2 REST Plugin XStream RCE (ProcessBuilder) (exploit.rules)
2024664 - ET EXPLOIT Apache Struts 2 REST Plugin XStream RCE (Runtime.Exec) (exploit.rules)
2024665 - ET POLICY  DNS Query to .onion proxy Domain (onion.top) (policy.rules)
2024666 - ET TROJAN ApolloLocker Ransomware CnC Checkin (trojan.rules)
2024667 - ET TROJAN ApolloLocker Ransomware CnC Checkin 2 (trojan.rules)

Pro:

2827803 - ETPRO TROJAN KONNI-related FTP Variant CnC Beacon (trojan.rules)
2827804 - ETPRO TROJAN MSIL/G3 Stealer CnC Activity (trojan.rules)
2827805 - ETPRO MALWARE MSIL/Adware.Dotdo PUA CnC Checkin 2 (malware.rules)
2827806 - ETPRO TROJAN Observed Inbound Pye2Exe/LaZange Executable (trojan.rules)
2827807 - ETPRO TROJAN Backdoor Unknown Checkin (trojan.rules)
2827808 - ETPRO TROJAN Backdoor Unknown Checkin (trojan.rules)
2827809 - ETPRO MOBILE_MALWARE Android.Riskware.SmsPay.IT CnC Beacon (mobile_malware.rules)
2827810 - ETPRO MOBILE_MALWARE Android.Trojan.SMSSend.IA SMS/Contact Exfil via SMTP (mobile_malware.rules)
2827811 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmForw.iz SMS/Contact Exfil via SMTP 20 (mobile_malware.rules)
2827812 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmsThief.fh SMS/Contact Exfil via SMTP 3 (mobile_malware.rules)
2827813 - ETPRO TROJAN Observed Malicious Domain SSL Cert in SNI (Ultimo Ransomware) (trojan.rules)
2827814 - ETPRO TROJAN Win32/Unknown CnC Checkin (trojan.rules)

[///]     Modified active rules:     [///]

2020116 - ET POLICY DNS Query to .onion proxy Domain (onion.to) (policy.rules)
2020126 - ET POLICY DNS Query to .onion proxy Domain (tor4pay.com) (policy.rules)
2020133 - ET POLICY DNS Query to .onion proxy Domain (torminater.com) (policy.rules)
2020430 - ET POLICY DNS Query to .onion proxy Domain (onion.city) (policy.rules)
2022332 - ET POLICY DNS Query to .onion proxy Domain (onion.link) (policy.rules)
2022644 - ET POLICY DNS Query to .onion proxy Domain (torgate.es) (policy.rules)
2827109 - ETPRO TROJAN Dragonfly Backdoor.Goodor Go Implant CnC Beacon 1 (trojan.rules)
2827279 - ETPRO TROJAN W32/Emotet.v4 Checkin (trojan.rules)
2827414 - ETPRO MALWARE MSIL/AdWare.Dotdo PUA CnC Checkin 1 (malware.rules)

[---]         Disabled rules:        [---]

2801487 - ETPRO NETBIOS Microsoft Windows Backup Manager fveapi.dll Insecure Library Loading - SMB-DS ASCII (netbios.rules)
2801488 - ETPRO NETBIOS Microsoft Windows Backup Manager fveapi.dll Insecure Library Loading - SMB Unicode (netbios.rules)
2801489 - ETPRO NETBIOS Microsoft Windows Backup Manager fveapi.dll Insecure Library Loading - SMB ASCII (netbios.rules)
2801490 - ETPRO WEB_CLIENT Microsoft Windows Backup Manager fveapi.dll Insecure Library Loading fveapi.dll (web_client.rules)
2801492 - ETPRO NETBIOS Microsoft Internet Connection Signup Wizard smmscrpt.dll Insecure Library Loading  - SMB-DS Unicode (netbios.rules)
2801493 - ETPRO NETBIOS Microsoft Internet Connection Signup Wizard smmscrpt.dll Insecure Library Loading - SMB-DS ASCII (netbios.rules)
2801494 - ETPRO NETBIOS Microsoft Internet Connection Signup Wizard smmscrpt.dll Insecure Library Loading - SMB Unicode (netbios.rules)
2801495 - ETPRO NETBIOS Microsoft Internet Connection Signup Wizard smmscrpt.dll Insecure Library Loading - SMB ASCII (netbios.rules)
2801496 - ETPRO WEB_CLIENT Microsoft Internet Connection Signup Wizard smmscrpt.dll Insecure Library Loading (web_client.rules)
2801498 - ETPRO NETBIOS Microsoft Windows Media Encoder PRX File msxml.dll Insecure Library Loading  - SMB-DS Unicode (netbios.rules)
2801499 - ETPRO NETBIOS Microsoft Windows Media Encoder PRX File msxml.dll Insecure Library Loading - SMB-DS ASCII (netbios.rules)
2801500 - ETPRO NETBIOS Microsoft Windows Media Encoder PRX File msxml.dll Insecure Library Loading - SMB Unicode (netbios.rules)
2801501 - ETPRO NETBIOS Microsoft Windows Media Encoder PRX File msxml.dll Insecure Library Loading - SMB ASCII (netbios.rules)
2801502 - ETPRO WEB_CLIENT Microsoft Windows Media Encoder PRX File msxml.dll Insecure Library Loading (web_client.rules)
2801504 - ETPRO NETBIOS Multiple Load Library Vulns wintab32.dll  - SMB-DS ASCII (netbios.rules)
2801505 - ETPRO NETBIOS Multiple Load Library Vulns wintab32.dll - SMB-DS Unicode (netbios.rules)
2801506 - ETPRO NETBIOS Multiple Load Library Vulns wintab32.dll - SMB ASCII (netbios.rules)
2801507 - ETPRO NETBIOS Multiple Load Library Vulns wintab32.dll - SMB Unicode (netbios.rules)
2801508 - ETPRO WEB_CLIENT Multiple Load Library Vulns wintab32.dll Insecure Library Loading (web_client.rules)
2801510 - ETPRO NETBIOS Multiple Load Library Vulns dwmapi.dll - SMB-DS ASCII (netbios.rules)
2801511 - ETPRO NETBIOS Multiple Load Library Vulns dwmapi.dll - SMB-DS Unicode (netbios.rules)
2801512 - ETPRO NETBIOS Multiple Load Library Vulns dwmapi.dll - SMB ASCII (netbios.rules)
2801513 - ETPRO NETBIOS Multiple Load Library Vulns dwmapi.dll - SMB Unicode (netbios.rules)
2801514 - ETPRO WEB_CLIENT Multiple Load Library Vulns dwmapi.dll Insecure Library Loading (web_client.rules)
2801516 - ETPRO NETBIOS Adobe Illustrator Insecure Library Loading aires.dll  - SMB-DS Unicode (netbios.rules)
2801517 - ETPRO NETBIOS Adobe Illustrator Insecure Library Loading aires.dll - SMB-DS ASCII (netbios.rules)
2801518 - ETPRO NETBIOS Adobe Illustrator Insecure Library Loading aires.dll - SMB Unicode (netbios.rules)
2801519 - ETPRO NETBIOS Adobe Illustrator Insecure Library Loading aires.dll - SMB ASCII (netbios.rules)
2801520 - ETPRO WEB_CLIENT Adobe Illustrator aires.dll Insecure Library Loading (web_client.rules)
2801522 - ETPRO NETBIOS Microsoft Powerpoint pp7x32.dll Insecure Library Loading - SMB-DS Unicode (netbios.rules)
2801523 - ETPRO NETBIOS Microsoft Powerpoint pp7x32.dll Insecure Library Loading - SMB-DS ASCII (netbios.rules)
2801524 - ETPRO NETBIOS Microsoft Powerpoint pp7x32.dll Insecure Library Loading - SMB Unicode (netbios.rules)
2801525 - ETPRO NETBIOS Microsoft Powerpoint pp7x32.dll Insecure Library Loading - SMB ASCII (netbios.rules)
2801526 - ETPRO WEB_CLIENT Microsoft Powerpoint pp7x32.dll Insecure Library Loading (web_client.rules)
2801528 - ETPRO NETBIOS Microsoft Powerpoint pp4x322.dll Insecure Library Loading - SMB-DS Unicode (netbios.rules)
2801529 - ETPRO NETBIOS Microsoft Powerpoint pp4x322.dll Insecure Library Loading - SMB-DS ASCII (netbios.rules)
2801530 - ETPRO NETBIOS Microsoft Powerpoint pp4x322.dll Insecure Library Loading - SMB Unicode (netbios.rules)
2801531 - ETPRO NETBIOS Microsoft Powerpoint pp4x322.dll Insecure Library Loading - SMB ASCII (netbios.rules)
2801532 - ETPRO WEB_CLIENT Microsoft Powerpoint pp4x322.dll Insecure Library Loading (web_client.rules)
2801534 - ETPRO NETBIOS Microsoft Powerpoint msapsspc.dll Insecure Library Loading - SMB-DS Unicode (netbios.rules)
2801535 - ETPRO NETBIOS Microsoft Powerpoint msapsspc.dll Insecure Library Loading - SMB-DS ASCII (netbios.rules)
2801536 - ETPRO NETBIOS Microsoft Powerpoint msapsspc.dll Insecure Library Loading - SMB Unicode (netbios.rules)
2801537 - ETPRO NETBIOS Microsoft Powerpoint msapsspc.dll Insecure Library Loading - SMB ASCII (netbios.rules)
2801538 - ETPRO WEB_CLIENT Microsoft Powerpoint msapsspc.dll Insecure Library Loading (web_client.rules)
2801540 - ETPRO NETBIOS Microsoft Powerpoint schannel.dll Insecure Library Loading - SMB-DS Unicode (netbios.rules)
2801541 - ETPRO NETBIOS Microsoft Powerpoint schannel.dll Insecure Library Loading - SMB-DS ASCII  (netbios.rules)
2801542 - ETPRO NETBIOS Microsoft Powerpoint schannel.dll Insecure Library Loading - SMB Unicode (netbios.rules)
2801543 - ETPRO NETBIOS Microsoft Powerpoint schannel.dll Insecure Library Loading - SMB ASCII (netbios.rules)
2801544 - ETPRO WEB_CLIENT Microsoft Powerpoint schannel.dll Insecure Library Loading (web_client.rules)
2801546 - ETPRO NETBIOS Microsoft Powerpoint digest.dll Insecure Library Loading - SMB-DS Unicode (netbios.rules)
2801547 - ETPRO NETBIOS Microsoft Powerpoint digest.dll Insecure Library Loading - SMB-DS ASCII  (netbios.rules)
2801548 - ETPRO NETBIOS Microsoft Powerpoint digest.dll Insecure Library Loading - SMB Unicode (netbios.rules)
2801549 - ETPRO NETBIOS Microsoft Powerpoint digest.dll Insecure Library Loading - SMB ASCII (netbios.rules)
2801550 - ETPRO WEB_CLIENT Microsoft Powerpoint digest.dll Insecure Library Loading (web_client.rules)
2801552 - ETPRO NETBIOS Microsoft Powerpoint msnsspc.dll Insecure Library - SMB-DS Unicode (netbios.rules)
2801553 - ETPRO NETBIOS Microsoft Powerpoint msnsspc.dll Insecure Library - SMB-DS ASCII (netbios.rules)
2801554 - ETPRO NETBIOS Microsoft Powerpoint msnsspc.dll Insecure Library - SMB Unicode (netbios.rules)
2801555 - ETPRO NETBIOS Microsoft Powerpoint msnsspc.dll Insecure Library - SMB ASCII (netbios.rules)
2801556 - ETPRO WEB_CLIENT Microsoft Powerpoint msnsspc.dll Insecure Library (web_client.rules)
2801564 - ETPRO NETBIOS Microsoft Windows SDK for Windows 7 and NET Framework 4 GraphEdit measure.dll Insecure Library Loading - SMB-DS Unicode (netbios.rules)
2801565 - ETPRO NETBIOS Microsoft Windows SDK for Windows 7 and NET Framework 4 GraphEdit measure.dll Insecure Library Loading - SMB-DS ASCII (netbios.rules)
2801566 - ETPRO NETBIOS Microsoft Windows SDK for Windows 7 and NET Framework 4 GraphEdit measure.dll Insecure Library Loading - SMB Unicode (netbios.rules)
2801567 - ETPRO NETBIOS Microsoft Windows SDK for Windows 7 and NET Framework 4 GraphEdit measure.dll Insecure Library Loading - SMB ASCII (netbios.rules)
2801568 - ETPRO WEB_CLIENT Microsoft Windows SDK for Windows 7 and NET Framework 4 GraphEdit measure.dll Insecure Library Loading (web_client.rules)
2801570 - ETPRO NETBIOS IBM Lotus Notes nnoteswc.dll Insecure Library Loading - SMB-DS Unicode (netbios.rules)
2801571 - ETPRO NETBIOS IBM Lotus Notes nnoteswc.dll Insecure Library Loading - SMB-DS ASCII (netbios.rules)
2801572 - ETPRO NETBIOS IBM Lotus Notes nnoteswc.dll Insecure Library Loading - SMB Unicode (netbios.rules)
2801573 - ETPRO NETBIOS IBM Lotus Notes nnoteswc.dll Insecure Library Loading - SMB ASCII (netbios.rules)
2801574 - ETPRO WEB_CLIENT IBM Lotus Notes nnoteswc.dll Insecure Library Loading (web_client.rules)
2801576 - ETPRO NETBIOS IBM Lotus Notes nlsxbe.dll Insecure Library Loading - SMB-DS Unicode (netbios.rules)
2801577 - ETPRO NETBIOS IBM Lotus Notes nlsxbe.dll Insecure Library Loading - SMB-DS ASCII (netbios.rules)
2801578 - ETPRO NETBIOS IBM Lotus Notes nlsxbe.dll Insecure Library Loading - SMB Unicode (netbios.rules)
2801579 - ETPRO NETBIOS IBM Lotus Notes nlsxbe.dll Insecure Library Loading - SMB ASCII (netbios.rules)
2801580 - ETPRO WEB_CLIENT IBM Lotus Notes nlsxbe.dll Insecure Library Loading (web_client.rules)
2801582 - ETPRO NETBIOS Multiple Load Library Vulns ibfs32.dll - SMB-DS ASCII (netbios.rules)
2801583 - ETPRO NETBIOS Multiple Load Library Vulns ibfs32.dll - SMB-DS Unicode (netbios.rules)
2801584 - ETPRO NETBIOS Multiple Load Library Vulns ibfs32.dll - SMB ASCII (netbios.rules)
2801585 - ETPRO NETBIOS Multiple Load Library Vulns ibfs32.dll - SMB Unicode (netbios.rules)
2801586 - ETPRO WEB_CLIENT Multiple Load Library Vulns ibfs32.dll (web_client.rules)
2801588 - ETPRO NETBIOS Apple QuickTime PictureViewer CoreGraphics.dll Insecure Library Loading - SMB-DS Unicode (netbios.rules)
2801589 - ETPRO NETBIOS Apple QuickTime PictureViewer CoreGraphics.dll Insecure Library Loading - SMB-DS ASCII (netbios.rules)
2801590 - ETPRO NETBIOS Apple QuickTime PictureViewer CoreGraphics.dll Insecure Library Loading - SMB Unicode (netbios.rules)
2801591 - ETPRO NETBIOS Apple QuickTime PictureViewer CoreGraphics.dll Insecure Library Loading - SMB ASCII (netbios.rules)
2801592 - ETPRO WEB_CLIENT Apple QuickTime PictureViewer CoreGraphics.dll Insecure Library Loading (web_client.rules)
2801600 - ETPRO NETBIOS Microsoft Windows Indeo Filter iacenc.dll Insecure Library Loading - SMB-DS Unicode (netbios.rules)
2801601 - ETPRO NETBIOS Microsoft Windows Indeo Filter iacenc.dll Insecure Library Loading - SMB-DS ASCII (netbios.rules)
2801602 - ETPRO NETBIOS Microsoft Windows Indeo Filter iacenc.dll Insecure Library Loading - SMB Unicode (netbios.rules)
2801603 - ETPRO NETBIOS Microsoft Windows Indeo Filter iacenc.dll Insecure Library Loading - SMB ASCII (netbios.rules)
2801604 - ETPRO WEB_CLIENT Microsoft Windows Indeo Filter iacenc.dll Insecure Library Loading (web_client.rules)

Date: 
Wednesday, September 6, 2017 - 00:00