Daily Ruleset Update Summary
Daily Ruleset Update Summary 2018/02/06

[***]            Summary:            [***]

4 new Open, 22 new Pro (4 + 18). Andariel Rifdoor/RIFLE, up.pzchao, Abnormal x509v3 SubjectKeyIdentifier, Huawei RCE CVE-2017-17215, Various Mobile, Various Phishing.

[+++]          Added rules:          [+++]

Open:

2025315 - ET POLICY Possible Windows Binary Observed in SSL/TLS Certificate (policy.rules)
2025316 - ET CURRENT_EVENTS Office 365 Phishing Landing 2018-02-06 (current_events.rules)
2025319 - ET POLICY [Fidelis] Abnormal x509v3 SubjectKeyIdentifier extension (policy.rules)
2025320 - ET POLICY [Fidelis] Abnormal Very Long x509v3 SubjectKeyIdentifier Extension (policy.rules)

Pro:

2829562 - ETPRO TROJAN Andariel Rifdoor/RIFLE CnC Beacon (trojan.rules)
2829563 - ETPRO CURRENT_EVENTS Successful Ebay Phish 2018-02-06 (DE) (current_events.rules)
2829564 - ETPRO TROJAN up.pzchao Checkin via HTTP POST (trojan.rules)
2829565 - ETPRO TROJAN up.pzchao Checkin via HTTP POST M2 (trojan.rules)
2829566 - ETPRO TROJAN DustySky Downeks/Quasar/other DNS Lookup (fulltext .yourtrap .com in DNS Lookup) (trojan.rules)
2829567 - ETPRO TROJAN DustySky Downeks/Quasar/other DNS Lookup (fulltext .yourtrap .com in TLS SNI) (trojan.rules)
2829568 - ETPRO TROJAN DustySky Downeks/Quasar/other DNS Lookup (checktest .www1 .biz in DNS Lookup) (trojan.rules)
2829569 - ETPRO TROJAN DustySky Downeks/Quasar/other DNS Lookup (checktest .www1 .biz in TLS SNI) (trojan.rules)
2829570 - ETPRO TROJAN DDoS Win32.Macri Checkin (trojan.rules)
2829573 - ETPRO TROJAN Win32/GandCrab Ransomware IP Address Check M1 (trojan.rules)
2829574 - ETPRO TROJAN Win32/GandCrab Ransomware IP Address Check M2 (trojan.rules)
2829575 - ETPRO TROJAN Win32/Scote Checkin (trojan.rules)
2829576 - ETPRO TROJAN Win32/Scote Keepalive (trojan.rules)
2829577 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 277 (mobile_malware.rules)
2829578 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 278 (mobile_malware.rules)
2829579 - ETPRO EXPLOIT Huawei Remote Command Execution (CVE-2017-17215) (exploit.rules)
2829580 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 279 (mobile_malware.rules)
2829581 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 280 (mobile_malware.rules)

[///]     Modified active rules:     [///]

2014726 - ET POLICY Outdated Flash Version M1 (policy.rules)
2024228 - ET INFO Suspicious HTML Decimal Obfuscated Title - Possible Phishing Landing Apr 19 2017 (info.rules)
2024379 - ET POLICY Outdated Flash Version M2 (policy.rules)
2024850 - ET CURRENT_EVENTS Successful HMRC Phish Oct 18 2017 (current_events.rules)
2025184 - ET WEB_CLIENT Spectre Kernel Memory Leakage JavaScript (POC Based) (web_client.rules)
2025185 - ET WEB_CLIENT Spectre Kernel Memory Leakage JavaScript (web_client.rules)
2025188 - ET WEB_CLIENT Spectre Exploit Javascript (web_client.rules)
2025195 - ET EXPLOIT Possible MeltDown PoC Download In Progress (exploit.rules)
2824863 - ETPRO TROJAN Win32/Fadok.A Checkin (trojan.rules)

Date:
Summary title:
4 new Open, 22 new Pro (4 + 18). Andariel Rifdoor/RIFLE, up.pzchao, Abnormal x509v3 SubjectKeyIdentifier, Huawei RCE CVE-2017-17215, Various Mobile, Various Phishing.