Daily Ruleset Update Summary 2017/12/15

[***]            Summary:            [***]

3 new Open, 18 new Pro (3 + 15). Win32/Downloader.op17, Evil TeamViewer, PAN Firewall CVE-2017-15944, Various Mobile.

Thanks: @AttackDetection

[+++]          Added rules:          [+++]

Open:

2025151 - ET CURRENT_EVENTS Malicious Fake JS Lib Inject (current_events.rules)
2025152 - ET TROJAN [PTsecurity] Win32/Downloader.op17 CnC Response (trojan.rules)
2025153 - ET TROJAN [PTsecurity] Win32/Downloader.op17 CnC Beacon (trojan.rules)

Pro:

2828907 - ETPRO TROJAN Evil TeamViewer CnC Checkin 3 (trojan.rules)
2828908 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-12-15 1) (trojan.rules)
2828909 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-12-15 2) (trojan.rules)
2828910 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-12-15 3) (trojan.rules)
2828911 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-12-15 4) (trojan.rules)
2828912 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-12-15 5) (trojan.rules)
2828913 - ETPRO TROJAN WIN32/KOVTER.B Checkin 2 M3 (trojan.rules)
2828914 - ETPRO TROJAN MSIL/Hon.DoS.Tool CnC Checkin (trojan.rules)
2828915 - ETPRO MALWARE Win32/Hao123.K Checkin 3 (malware.rules)
2828916 - ETPRO TROJAN MSIL/TrojanClicker.Agent.NSJ Activity (trojan.rules)
2828917 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmForw.at Contact Exfil via SMTP (mobile_malware.rules)
2828918 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmForw.at Reporting Infection via SMTP (mobile_malware.rules)
2828919 - ETPRO WEB_SERVER PAN Firewall CVE-2017-15944 Authentication Bypass Attempt (web_server.rules)
2828920 - ETPRO WEB_SERVER PAN Firewall CVE-2017-15944 XML Injection Attempt (web_server.rules)
2828954 - ETPRO WEB_SPECIFIC_APPS Apache Tomcat CVE-2016-6816 Security Bypass Attempt (web_specific_apps.rules)

[///]     Modified active rules:     [///]

2025119 - ET TROJAN Sharik/Smoke CnC Beacon 7 (trojan.rules)
2025149 - ET POLICY IP Check (rl. ammyy. com) (policy.rules)
2810607 - ETPRO TROJAN Upatre Retrieving encoded payload (Common Header Struct) (trojan.rules)

Date: 
Friday, December 15, 2017 - 00:00