Daily Ruleset Update Summary 2017/11/21

[***] Summary: [***]

25 new Pro signatures.  Lazarus, Various MalDocs.

[+++]          Added rules:          [+++]

2828652 - ETPRO POLICY LabTechAgent PUA CnC Checkin (policy.rules)
2828665 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc HTA Download) (trojan.rules)
2828666 - ETPRO TROJAN Observed Malicious MalDoc HTA DL Domain In SNI (fbcom .review) (trojan.rules)
2828667 - ETPRO TROJAN MSIL/Agent.ATK POST to CnC (trojan.rules)
2828668 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL) (current_events.rules)
2828669 - ETPRO TROJAN Observed Malicious MalDoc DL Domain In SNI (temizlikhizmetleri .net) (trojan.rules)
2828670 - ETPRO INFO Dynamic DNS Domain (*.punkdns .top in DNS Lookup) (info.rules)
2828671 - ETPRO MOBILE_MALWARE Android Backdoor Lazarus Domain Request in SNI SET 1 (mobile_malware.rules)
2828672 - ETPRO MOBILE_MALWARE Android Backdoor Lazarus Domain Request in SNI SET 2 (mobile_malware.rules)
2828673 - ETPRO MOBILE_MALWARE Android Backdoor Lazarus Domain Request in SNI SET 3 (mobile_malware.rules)
2828674 - ETPRO MOBILE_MALWARE Android Backdoor Lazarus Domain Request in SNI SET 4 (mobile_malware.rules)
2828675 - ETPRO MOBILE_MALWARE Android Backdoor Lazarus Domain Request in SNI SET 5 (mobile_malware.rules)
2828676 - ETPRO MOBILE_MALWARE Android Backdoor Lazarus Domain Request in SNI SET 6 (mobile_malware.rules)
2828677 - ETPRO MOBILE_MALWARE Android Backdoor Lazarus Domain Request in SNI SET 7 (mobile_malware.rules)
2828678 - ETPRO MOBILE_MALWARE Android Backdoor Lazarus Domain Request in SNI SET 8 (mobile_malware.rules)
2828679 - ETPRO MOBILE_MALWARE Android Backdoor Lazarus Domain Request in SNI SET 9 (mobile_malware.rules)
2828680 - ETPRO MOBILE_MALWARE Android Backdoor Lazarus Domain Request in SNI SET 10 (mobile_malware.rules)
2828681 - ETPRO MOBILE_MALWARE Android Backdoor Lazarus Domain Request in SNI SET 11 (mobile_malware.rules)
2828682 - ETPRO MOBILE_MALWARE Android Backdoor Lazarus Domain Request in SNI SET 12 (mobile_malware.rules)
2828683 - ETPRO MOBILE_MALWARE Android Backdoor Lazarus Domain Request in SNI SET 13 (mobile_malware.rules)
2828684 - ETPRO MOBILE_MALWARE Android Backdoor Lazarus Domain Request in SNI SET 14 (mobile_malware.rules)
2828685 - ETPRO MOBILE_MALWARE Android Backdoor Lazarus Domain Request in SNI SET 15 (mobile_malware.rules)
2828686 - ETPRO MOBILE_MALWARE Android Backdoor Lazarus Domain Request in SNI SET 16 (mobile_malware.rules)
2828687 - ETPRO MOBILE_MALWARE Android Backdoor Lazarus SSL CnC Cert (mobile_malware.rules)
2828688 - ETPRO USER_AGENTS IoT FamilyHub UA (Tizen) (user_agents.rules)

[///]     Modified active rules:     [///]

2011582 - ET POLICY Vulnerable Java Version 1.6.x Detected (policy.rules)
2014297 - ET POLICY Vulnerable Java Version 1.7.x Detected (policy.rules)
2019401 - ET POLICY Vulnerable Java Version 1.8.x Detected (policy.rules)
2826995 - ETPRO MALWARE PUA Win32/SlimCleaner Checkin (malware.rules)

Date: 
Tuesday, November 21, 2017 - 00:00