Daily Ruleset Update Summary 2017/09/14

[***]            Summary:            [***]

3 new Open, 18 new Pro (3 + 15). APT.Cmstar, CVE-2017-8570 Unknown Payload SSL Cert, Various Phishing, Mobile.

I apologize for missing this in Tuesday's daily email, SID to CVE map for MS Tuesday (MAPP) rules:

2827896 -> CVE-2017-8759
2827897 -> CVE-2017-11281
2827898 -> CVE-2017-11281

[+++]          Added rules:          [+++]

Open:

2024703 - ET CURRENT_EVENTS Apple Phishing Landing M1 Sep 14 2017 (current_events.rules)
2024704 - ET CURRENT_EVENTS Apple Phishing Landing M2 Sep 14 2017 (current_events.rules)
2024705 - ET CURRENT_EVENTS Apple Phishing Landing M3 Sep 14 2017 (current_events.rules)

Pro:

2827944 - ETPRO TROJAN APT.Cmstar Requesting Payload (trojan.rules)
2827945 - ETPRO TROJAN APT.Cmstar Receiving Payload (trojan.rules)
2827946 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 208 (mobile_malware.rules)
2827947 - ETPRO TROJAN Win32/Remcos RAT Checkin 6 (trojan.rules)
2827948 - ETPRO CURRENT_EVENTS Successful Alibaba Phish Sep 14 2017 (current_events.rules)
2827949 - ETPRO CURRENT_EVENTS Successful Dropbox Phish Sep 14 2017 (current_events.rules)
2827950 - ETPRO TROJAN CVE-2017-8570 Unknown Payload SSL Cert (trojan.rules)
2827951 - ETPRO CURRENT_EVENTS Successful Paypal Phish Sep 14 2017 (current_events.rules)
2827952 - ETPRO CURRENT_EVENTS Successful CIBC Phish Sep 14 2017 (current_events.rules)
2827953 - ETPRO CURRENT_EVENTS Successful Chase Phish Sep 14 2017 (current_events.rules)
2827954 - ETPRO CURRENT_EVENTS Successful Square Phish Sep 14 2017 (current_events.rules)
2827955 - ETPRO TROJAN Malicious Domain in SNI (Meterpreter) (trojan.rules)
2827956 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmForw.iz SMS/Contact Exfil via SMTP 25 (mobile_malware.rules)
2827957 - ETPRO TROJAN Malicious Domain in SNI (Meterpreter) (trojan.rules)
2827958 - ETPRO CURRENT_EVENTS Paypal Phishing Landing Sep 14 2017 (current_events.rules)

[///]     Modified active rules:     [///]

2007991 - ET USER_AGENTS User-Agent (Unknown) (user_agents.rules)
2019158 - ET TROJAN Possible Malicious Invoice EXE (trojan.rules)
2022800 - ET TROJAN ABUSE.CH Cryptolocker Payment Page (de2nuvwegoo32oqv) (trojan.rules)
2821875 - ETPRO TROJAN Win32/Remcos RAT Checkin 1 (trojan.rules)
2825583 - ETPRO TROJAN Win32/Remcos RAT Checkin 2 (trojan.rules)
2825651 - ETPRO TROJAN Win32/Remcos RAT Checkin 3 (trojan.rules)
2825753 - ETPRO TROJAN Win32/Remcos RAT Checkin 5 (trojan.rules)
2825754 - ETPRO TROJAN Win32/Remcos RAT Checkin 4 (trojan.rules)
2826082 - ETPRO TROJAN Gh0st RAT Backdoor Checkin (trojan.rules)
2827753 - ETPRO CURRENT_EVENTS Successful AKBank Direkt (TR) Phish Aug 30 2017 (current_events.rules)

[---]  Disabled and modified rules:  [---]

2827631 - ETPRO CURRENT_EVENTS Successful AKBank Direkt (TR) M1 Phish Aug 23 2017 (current_events.rules)
2827632 - ETPRO CURRENT_EVENTS Successful AKBank Direkt (TR) M2 Phish Aug 23 2017 (current_events.rules)

Date: 
Thursday, September 14, 2017 - 00:00