Daily Ruleset Update Summary 2017/10/05

[***]            Summary:            [***]

11 new Open, 29 new Pro (11 + 18). Lazarus Decafett, CVE-2017-12617 JSP Upload Bypass Attempt, Various Phishing, Mobile.

Thanks: @ryancmoon

[+++]          Added rules:          [+++]

Open:

2024803 - ET TROJAN Lazarus Decafett DNS Lookup 1 (trojan.rules)
2024804 - ET TROJAN Lazarus Decafett DNS Lookup 2 (trojan.rules)
2024805 - ET TROJAN Lazarus Decafett DNS Lookup 3 (trojan.rules)
2024806 - ET TROJAN Lazarus Decafett DNS Lookup 4 (trojan.rules)
2024807 - ET CURRENT_EVENTS Possible Facebook Phishing Landing - Title over non SSL (current_events.rules)
2024808 - ET WEB_SPECIFIC_APPS Apache Tomcat Possible CVE-2017-12617 JSP Upload Bypass Attempt (web_specific_apps.rules)
2024809 - ET WEB_SPECIFIC_APPS Apache Tomcat Possible CVE-2017-12617 JSP Upload Bypass Attempt (web_specific_apps.rules)
2024810 - ET WEB_SPECIFIC_APPS Apache Tomcat Possible CVE-2017-12617 JSP Upload Bypass Attempt (web_specific_apps.rules)
2024811 - ET WEB_SPECIFIC_APPS Apache Tomcat Possible CVE-2017-12617 JSP Upload Bypass Attempt (web_specific_apps.rules)
2024812 - ET WEB_SPECIFIC_APPS Apache Tomcat Possible CVE-2017-12617 JSP Upload Bypass Attempt (web_specific_apps.rules)
2024813 - ET WEB_SPECIFIC_APPS Apache Tomcat Possible CVE-2017-12617 JSP Upload Bypass Attempt (web_specific_apps.rules)

Pro:

2828153 - ETPRO TROJAN StrongPity Download SSL Cert (trojan.rules)
2828154 - ETPRO MOBILE_MALWARE Android/TrojanDropper.Agent.KG DNS Lookup (mobile_malware.rules)
2828155 - ETPRO MOBILE_MALWARE Android/FakeApp.DR DNS Lookup (mobile_malware.rules)
2828156 - ETPRO MOBILE_MALWARE Android/FakeApp.DR DNS Lookup 2 (mobile_malware.rules)
2828157 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Triada.am Checkin (mobile_malware.rules)
2828158 - ETPRO TROJAN JS Cryxos Downloader M2 Oct 05 2017 (trojan.rules)
2828159 - ETPRO TROJAN APT28 XAgent DNS Lookup (trojan.rules)
2828160 - ETPRO TROJAN MSIL/Spy.Agent.UM CnC Checkin (trojan.rules)
2828161 - ETPRO TROJAN APT28 XAgent DNS Lookup (trojan.rules)
2828162 - ETPRO MOBILE_MALWARE Android/HiddenApp.CE Checkin (mobile_malware.rules)
2828163 - ETPRO TROJAN APT28 Uploader DNS Lookup (trojan.rules)
2828164 - ETPRO MOBILE_MALWARE ANDROIDOS_HIDDENAPP.HRXZ Checkin (mobile_malware.rules)
2828165 - ETPRO TROJAN Evil TeamViewer Controller CnC Activity 1 (trojan.rules)
2828166 - ETPRO TROJAN Evil TeamViewer Controller CnC Activity 2 (trojan.rules)
2828167 - ETPRO TROJAN Evil TeamViewer Controller CnC Checkin (trojan.rules)
2828168 - ETPRO TROJAN APT.Cmstar Requesting Payload M2 (trojan.rules)
2828169 - ETPRO CURRENT_EVENTS Successful Paypal Phish M1 Oct 05 2017 (current_events.rules)
2828170 - ETPRO CURRENT_EVENTS Successful Paypal Phish M2 Oct 05 2017 (current_events.rules)

[///]     Modified active rules:     [///]

2013739 - ET TROJAN Zeus P2P CnC (trojan.rules)
2024767 - ET CURRENT_EVENTS Possible Locky Payload DL Sept 26 2017 M1 (current_events.rules)
2024768 - ET CURRENT_EVENTS Possible Locky Payload DL Sept 26 2017 M2 (current_events.rules)
2814773 - ETPRO CURRENT_EVENTS Google Drive Phishing Landing Nov 5 2015 (current_events.rules)
2826551 - ETPRO CURRENT_EVENTS Successful Banking Phish M1 May 31 2017 (current_events.rules)
2826593 - ETPRO TROJAN TCP DNS Query Domain .bit (trojan.rules)
2827594 - ETPRO TROJAN Formbook Stealer Checkin (trojan.rules)

Date: 
Thursday, October 5, 2017 - 00:00