Daily Ruleset Update Summary 2017/12/18

[***]            Summary:            [***]

1 new Open, 17 new Pro (1 + 16). M2Soft ActiveX Vulnerability, Win32/Satan Cryptor 2.0 Ransomware, MSIL/ISU System CnC, Various Mobile, Various Phishing.

[+++]          Added rules:          [+++]

Open:

2025154 - ET POLICY External IP Lookup Domain (curlmyip .net in DNS lookup) (policy.rules)

Pro:

2828955 - ETPRO TROJAN W32/Nymaim Checkin 8 (trojan.rules)
2828956 - ETPRO WEB_CLIENT M2Soft ActiveX Vulnerability M1 (web_client.rules)
2828957 - ETPRO WEB_CLIENT M2Soft ActiveX Vulnerability M1 (web_client.rules)
2828958 - ETPRO TROJAN Win32/Satan Cryptor 2.0 Ransomware CnC Activity (trojan.rules)
2828959 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 256 (mobile_malware.rules)
2828960 - ETPRO TROJAN Ursnif v3 SSL Certificate Observed (trojan.rules)
2828961 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL) (current_events.rules)
2828962 - ETPRO CURRENT_EVENTS Successful Deutschlandcard Phish 2017-12-18 (current_events.rules)
2828963 - ETPRO CURRENT_EVENTS Successful Impots.Gouv.fr Phish 2017-12-18 (current_events.rules)
2828964 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL) (current_events.rules)
2828965 - ETPRO WEB_CLIENT MS Edge Memory Corruption Vulnerability (CVE-2017-11845) (web_client.rules)
2828966 - ETPRO CURRENT_EVENTS Successful Generic Phish - HTTP POST to HTML Decimal Obfuscated Title 2017-12-18 (current_events.rules)
2828967 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 257 (mobile_malware.rules)
2828968 - ETPRO CURRENT_EVENTS Successful Generic Financial Phish - 2017-12-18 (current_events.rules)
2828969 - ETPRO CURRENT_EVENTS Successful Bank of America Phish 2017-12-18 (current_events.rules)
2828970 - ETPRO TROJAN MSIL/ISU System CnC Checkin (trojan.rules)

[///]     Modified active rules:     [///]

2024908 - ET CURRENT_EVENTS Qtloader encrypted check-in Oct 19 M1 (current_events.rules)
2025137 - ET CURRENT_EVENTS Possible Facebook Phishing Landing - Title over non SSL (current_events.rules)
2025146 - ET DNS Query for Suspicious .gr.com Domain (gr .com in DNS Lookup) (dns.rules)
2827384 - ETPRO CURRENT_EVENTS Possible Successful Generic Multi Step Phish Aug 03 2017 (current_events.rules)
2828444 - ETPRO TROJAN Observed Malicious SSL Cert (W32.MDFSMiner Downloader) (trojan.rules)

Date: 
Monday, December 18, 2017 - 00:00