Daily Ruleset Update Summary 2017/09/22

[***] Summary: [***]

4 new Open signatures, 20 new Pro (4 + 16).  GrandSoft EK, CoinMiners, VARIOUS PHISHING.

Thanks:  @attackdetection

[+++]          Added rules:          [+++]

Open:

2024759 - ET WEB_SERVER Possible OptionsBleed (CVE-2017-9798) (web_server.rules)
2024760 - ET WEB_SERVER OptionsBleed (CVE-2017-9798) (web_server.rules)
2024761 - ET MALWARE [PTsecurity] WebToolbar.Win32.Searchbar.k HTTP JSON Artifact (malware.rules)
2024762 - ET MALWARE [PTsecurity] Adware.SearchGo (start_page) (malware.rules)

Pro:

2828025 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 220 (mobile_malware.rules)
2828026 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 221 (mobile_malware.rules)
2828027 - ETPRO CURRENT_EVENTS GrandSoft EK Exploit Usage Sep 22 2017 (current_events.rules)
2828028 - ETPRO CURRENT_EVENTS Grandsoft EK Exploit Request Sep 22 2017 (current_events.rules)
2828029 - ETPRO CURRENT_EVENTS GrandSoft EK Possible CVE-2016-0198 Exploit Usage Sep 22 2017 (current_events.rules)
2828030 - ETPRO CURRENT_EVENTS GrandSoft EK Exploit Usage M2 Sep 22 2017 (current_events.rules)
2828031 - ETPRO CURRENT_EVENTS Grandsoft EK Landing Plugin Detect Sept 22 2017 (current_events.rules)
2828032 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-09-22 1) (trojan.rules)
2828034 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-09-22 2) (trojan.rules)
2828035 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-09-22 3) (trojan.rules)
2828036 - ETPRO TROJAN Mangled PNG Header Inbound - Potential PNG Downloader (trojan.rules)
2828037 - ETPRO CURRENT_EVENTS Grandsoft EK Payload Request Sep 22 2017 (current_events.rules)
2828038 - ETPRO CURRENT_EVENTS Successful US Bank Phish Sep 22 2017 (current_events.rules)
2828039 - ETPRO CURRENT_EVENTS Successful Orange (FR) Phish Sep 22 2017 (current_events.rules)
2828040 - ETPRO CURRENT_EVENTS Successful TD Bank Phish Sep 22 2017 (current_events.rules)
2828041 - ETPRO CURRENT_EVENTS Successful Charles Schwab Phish Sep 22 2017 (current_events.rules)

[///]     Modified active rules:     [///]

2008752 - ET MALWARE AdWare.Win32.Yokbar User-Agent Detected (YOK Agent) (malware.rules)
2009526 - ET MALWARE Downloader Checkin - Downloads Rogue Adware (malware.rules)
2011492 - ET MALWARE Adware.Kraddare Checkin (malware.rules)
2013017 - ET MALWARE Known Malicious User-Agent (x) Win32/Tracur.A or OneStep Adware Related (malware.rules)
2013556 - ET MALWARE UBar Trojan/Adware Checkin 1 (malware.rules)
2013557 - ET MALWARE UBar Trojan/Adware Checkin 2 (malware.rules)
2013558 - ET MALWARE UBar Trojan/Adware Checkin 3 (malware.rules)
2013956 - ET MALWARE W32/SmartPops Adware Outbound Off-Port MSSQL Communication (malware.rules)
2014583 - ET MALWARE Adware/FakeAV.Kraddare Checkin UA (malware.rules)
2024722 - ET MALWARE Malicious Chrome Ext. DNS Query For Adware CnC (startupfraction) (malware.rules)
2024723 - ET MALWARE Malicious Chrome Ext. DNS Query For Adware CnC (search.feedvertizus) (malware.rules)
2024724 - ET MALWARE Malicious Chrome Ext. DNS Query For Adware CnC (go.querymo) (malware.rules)
2024725 - ET MALWARE Malicious Chrome Ext. DNS Query For Adware CnC (opurie) (malware.rules)
2024726 - ET MALWARE Malicious Adware Chrome Extension Detected (1) (malware.rules)
2024727 - ET MALWARE Malicious Adware Chrome Extension Detected (2) (malware.rules)
2024758 - ET TROJAN Win32/Trojan.Inject.BDM Communicating with CnC (trojan.rules)
2803731 - ETPRO USER_AGENTS Win32/Obfuscator.XZ User-Agent (myInternet) (user_agents.rules)
2804467 - ETPRO MALWARE Win-Adware/KorAdware.389120 Checkin (malware.rules)
2804606 - ETPRO MALWARE Win32/Adware.Kraddare.AI Checkin (malware.rules)
2805644 - ETPRO MALWARE Variant.Adware.SMSHoax.72 Checkin (malware.rules)
2807394 - ETPRO MALWARE Adware-NS.dldr Checkin (malware.rules)
2809804 - ETPRO MALWARE FakeAdwareCleaner.A Checkin (malware.rules)
2811015 - ETPRO MALWARE Adware.SMSHoax Install (malware.rules)
2813045 - ETPRO MALWARE Adware.Ymeta CnC Checkin (malware.rules)
2814203 - ETPRO MALWARE Adware.Win32/Bayads Activity (malware.rules)
2819949 - ETPRO MALWARE Win32/Adware.Offtoup.A Checkin (malware.rules)
2821750 - ETPRO MALWARE Win32/Adware.FileTour.BPL Checkin (malware.rules)
2822035 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL) (current_events.rules)
2823673 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL) (current_events.rules)
2823952 - ETPRO MALWARE MSIL/PUP.Linkury Toolbar Adware (malware.rules)
2825000 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL) (current_events.rules)
2827395 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL) (current_events.rules)
2827757 - ETPRO TROJAN Win32.Denes CnC Beacon (trojan.rules)
2827807 - ETPRO TROJAN W32/DOTHETUK CNC Checkin (trojan.rules)
2827814 - ETPRO TROJAN Win32/Banload variant CnC (trojan.rules)
2827858 - ETPRO TROJAN VB:Trojan.Valyria Downloader DNS Query (kekeoffer . com) (trojan.rules)
2828001 - ETPRO WEB_SERVER Possible OptionsBleed (CVE-2017-9798) (web_server.rules)
2828023 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 219 (mobile_malware.rules)

[---]         Removed rules:         [---]

2828001 - ETPRO WEB_SERVER Possible OptionsBleed (CVE-2017-9798) (web_server.rules)
2828003 - ETPRO WEB_SERVER OptionsBleed (CVE-2017-9798) (web_server.rules)

Date: 
Friday, September 22, 2017 - 00:00