Daily Ruleset Update Summary 2018/01/04

[***]            Summary:            [***]

5 new Open, 15 new Pro (5 + 10). Spectre Kernel Memory Leakage JavaScript, Oilrig DNS, Various Phishing.

[+++]          Added rules:          [+++]

Open:

2025182 - ET TROJAN Oilrig Stealer CnC Checkin (trojan.rules)
2025183 - ET TROJAN Python Monero Miner CnC DNS Query (trojan.rules)
2025184 - ET WEB_CLIENT Spectre Kernel Memory Leakage JavaScript (POC Based) (web_client.rules)
2025185 - ET WEB_CLIENT Spectre Kernel Memory Leakage JavaScript (web_client.rules)
2025186 - ET CURRENT_EVENTS CoinMiner Malicious Authline Seen After CVE-2017-10271 Exploit (current_events.rules)

Pro:

2829167 - ETPRO POLICY TDS SQL Batch Outbound (policy.rules)
2829168 - ETPRO TROJAN Oilrig DNS Tunneling Domain (trojan.rules)
2829169 - ETPRO POLICY Windows Executable Inbound via TDS (policy.rules)
2829170 - ETPRO CURRENT_EVENTS Successful Paypal Phish2018-01-04 (current_events.rules)
2829171 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-01-04 1) (trojan.rules)
2829172 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-01-04 3) (trojan.rules)
2829173 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-01-04 4) (trojan.rules)
2829174 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-01-04 5) (trojan.rules)
2829175 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-01-04 6) (trojan.rules)
2829176 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-01-04 7) (trojan.rules)

[///]     Modified active rules:     [///]

2816393 - ETPRO CURRENT_EVENTS Possible Phishing Landing Obfuscation2016-02-26 (current_events.rules)
2828463 - ETPRO CURRENT_EVENTS Successful Generic Phish Oct 272017 (current_events.rules)

Date: 
Thursday, January 4, 2018 - 00:00