Daily Ruleset Update Summary
Daily Ruleset Update Summary 2018/02/13

[***]            Summary:            [***]

9 new Open, 28 new Pro (9 + 19). Evrial Stealer, MAPP, Win32/CoinBit Stealer, Various Phishing.

Feburary MAPP coverage:
2829653 => CVE-2018-4903
2829654 => CVE-2018-4906
2829655 => CVE-2018-4906
2829656 => CVE-2018-4912

[+++]          Added rules:          [+++]

Open:

2025346 - ET TROJAN Evrial Stealer Retrieving CnC Information (trojan.rules)
2025347 - ET CURRENT_EVENTS Facebook Phishing Landing 2018-02-13 M1 (current_events.rules)
2025348 - ET CURRENT_EVENTS Facebook Phishing Landing 2018-02-13 M2 (current_events.rules)
2025349 - ET CURRENT_EVENTS LinkedIn Phishing Landing 2018-02-13 (current_events.rules)
2025350 - ET CURRENT_EVENTS Capital One Phishing Landing 2018-02-13 M1 (current_events.rules)
2025351 - ET CURRENT_EVENTS Wells Fargo Phishing Landing 2018-02-13 (current_events.rules)
2025352 - ET CURRENT_EVENTS Capital One Phishing Landing 2018-02-13 M2 (current_events.rules)
2025353 - ET CURRENT_EVENTS Generic Email Validation Phishing Landing 2018-02-13 (current_events.rules)
2025354 - ET CURRENT_EVENTS Possible Successful Generic Phish (set) 2018-02-13 (current_events.rules)

Pro:

2829638 - ETPRO POLICY External IP Address Lookup via ident .me (policy.rules)
2829639 - ETPRO POLICY External IP Address Lookup via www. sensum .inf .br (policy.rules)
2829640 - ETPRO CURRENT_EVENTS Successful Apple Phish 2018-02-13 (current_events.rules)
2829641 - ETPRO TROJAN Gozi/Ursnif DNS Lookup (trojan.rules)
2829642 - ETPRO TROJAN Observed Gozi/Ursnif Domain in SNI (trojan.rules)
2829643 - ETPRO TROJAN Gozi/Ursnif Malicious SSL Certificate Detected (trojan.rules)
2829644 - ETPRO TROJAN MSIL/KyoznikMiner CnC Checkin M2 (trojan.rules)
2829645 - ETPRO CURRENT_EVENTS Successful OneDrive Phish 2018-02-13 (current_events.rules)
2829646 - ETPRO CURRENT_EVENTS Successful Microsoft Online Phish 2018-02-13 (current_events.rules)
2829647 - ETPRO CURRENT_EVENTS Successful Shared PDF Phish 2018-02-13 (current_events.rules)
2829648 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-02-13 1) (trojan.rules)
2829649 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-02-13 2) (trojan.rules)
2829650 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-02-13 3) (trojan.rules)
2829651 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-02-13 4) (trojan.rules)
2829652 - ETPRO TROJAN Win32/CoinBit Stealer CnC Checkin (trojan.rules)
2829653 - ETPRO WEB_CLIENT Possible Adobe Reader TIFF Memory Corruption (CVE-2018-4903) (web_client.rules)
2829654 - ETPRO WEB_CLIENT Possible Adobe Reader EMF Memory Corruption M1 (CVE-2018-4906) (web_client.rules)
2829655 - ETPRO WEB_CLIENT Possible Adobe Reader EMF Memory Corruption M2 (CVE-2018-4906) (web_client.rules)
2829656 - ETPRO EXPLOIT Adobe Acrobat JP2 OOB (CVE-2018-4912) (exploit.rules)

[///]     Modified active rules:     [///]

2025327 - ET CURRENT_EVENTS Dropbox/OneDrive Phishing Landing 2018-02-07 (current_events.rules)
2025331 - ET POLICY Possible External IP Lookup Domain Observed in SNI (ipinfo. io) (policy.rules)
2827605 - ETPRO TROJAN Win32/1ms0rry CoinMiner Botnet CnC Checkin (trojan.rules)
2828467 - ETPRO TROJAN MSIL/MarioRAT Sending Screenshot to CnC (trojan.rules)
2828722 - ETPRO TROJAN Win32/1ms0rry CoinMiner Botnet CnC Checkin M2 (trojan.rules)
2829407 - ETPRO TROJAN Mirai Variant DNS Lookup M1 (trojan.rules)
2829408 - ETPRO TROJAN Mirai Variant DNS Lookup M2 (trojan.rules)
2829409 - ETPRO TROJAN Mirai Variant DNS Lookup M3 (trojan.rules)
2829410 - ETPRO TROJAN Mirai Variant DNS Lookup M4 (trojan.rules)
2829411 - ETPRO TROJAN Mirai Variant DNS Lookup M5 (trojan.rules)
2829412 - ETPRO TROJAN Mirai Variant DNS Lookup M6 (trojan.rules)
2829413 - ETPRO TROJAN Mirai Variant DNS Lookup M7 (trojan.rules)
2829414 - ETPRO TROJAN Mirai Variant DNS Lookup M8 (trojan.rules)
2829415 - ETPRO TROJAN Mirai Variant DNS Lookup M9 (trojan.rules)
2829416 - ETPRO TROJAN Mirai Variant DNS Lookup M10 (trojan.rules)
2829417 - ETPRO TROJAN Mirai Variant DNS Lookup M11 (trojan.rules)
2829418 - ETPRO TROJAN Mirai Variant DNS Lookup M12 (trojan.rules)
2829419 - ETPRO TROJAN Mirai Variant DNS Lookup M13 (trojan.rules)
2829420 - ETPRO TROJAN Mirai Variant DNS Lookup M14 (trojan.rules)
2829421 - ETPRO TROJAN Mirai Variant DNS Lookup M15 (trojan.rules)
2829422 - ETPRO TROJAN Mirai Variant DNS Lookup M16 (trojan.rules)

[---]  Disabled and modified rules:  [---]

2828189 - ETPRO TROJAN WIN32/KOVTER.B Checkin 2 M2 (trojan.rules)

Date:
Summary title:
9 new Open, 28 new Pro (9 + 19). Evrial Stealer, MAPP, Win32/CoinBit Stealer, Various Phishing.