Daily Ruleset Update Summary 2018/03/12

[***]            Summary:            [***]

13 new Open, 48 new Pro (13 + 35). MAPP, StrongPity APT, APT15, Various Phishing.

March MAPP Coverage:
2829969 => CVE-2017-4920
2829970 => CVE-2017-4919

Thanks: @AttackDetection, @rmkml, @illegalfawn

[+++]          Added rules:          [+++]

Open:

2025412 - ET TROJAN [PTsecurity] Fake SSL Certificate Observed (Yahoo) (trojan.rules)
2025413 - ET TROJAN [PTsecurity] Fake SSL Certificate Observed (Oracle America) (trojan.rules)
2025414 - ET TROJAN [PTsecurity] Fake SSL Certificate Observed (Google) (trojan.rules)
2025415 - ET TROJAN [PTsecurity] Fake SSL Certificate Observed (Oracle canada) (trojan.rules)
2025416 - ET TROJAN StrongPity APT SSL Certificate Detected (trojan.rules)
2025417 - ET CURRENT_EVENTS Successful Generic Phish (set) 2018-03-12 (current_events.rules)
2025418 - ET CURRENT_EVENTS Chalbhai Phishing Landing 2018-03-12 (current_events.rules)
2025419 - ET CURRENT_EVENTS Successful O2 Phish 2018-03-12 (current_events.rules)
2025420 - ET CURRENT_EVENTS Successful Wells Fargo Phish 2018-03-12 (current_events.rules)
2025421 - ET CURRENT_EVENTS Upgrade Email Account Phishing Landing 2018-03-12 (current_events.rules)
2025422 - ET CURRENT_EVENTS Retrieve Pending Emails Phishing Landing 2018-03-12 (current_events.rules)
2025423 - ET CURRENT_EVENTS Ourtime Phishing Landing 2018-03-12 (current_events.rules)
2025424 - ET MALWARE Observed Malicious SSL Cert (OSX/Calender 2 Mining) (malware.rules)

Pro:

2829954 - ETPRO TROJAN Win32/Configer CnC Beacon (trojan.rules)
2829955 - ETPRO TROJAN qRAT DNS Lookup (trojan.rules)
2829956 - ETPRO TROJAN StrongPity APT DNS Lookup 1 (trojan.rules)
2829957 - ETPRO TROJAN StrongPity APT DNS Lookup 2 (trojan.rules)
2829958 - ETPRO TROJAN StrongPity APT DNS Lookup 3 (trojan.rules)
2829959 - ETPRO TROJAN StrongPity APT SSL Certificate Detected (trojan.rules)
2829960 - ETPRO TROJAN StrongPity APT DNS Lookup 4 (trojan.rules)
2829961 - ETPRO TROJAN RoyalAPT BS2005 CnC Checkin (trojan.rules)
2829962 - ETPRO TROJAN APT15 RoyalDNS DNS Lookup 1 (trojan.rules)
2829963 - ETPRO TROJAN APT15 RoyalCLI DNS Lookup 1 (trojan.rules)
2829964 - ETPRO TROJAN APT15 RoyalCLI DNS Lookup 2 (trojan.rules)
2829965 - ETPRO TROJAN APT15 BS2005 DNS Lookup 1 (trojan.rules)
2829966 - ETPRO TROJAN APT15 BS2005 DNS Lookup 2 (trojan.rules)
2829967 - ETPRO TROJAN APT15 BS2005 DNS Lookup 3 (trojan.rules)
2829968 - ETPRO CURRENT_EVENTS Suspicious infection.exe Download (current_events.rules)
2829969 - ETPRO EXPLOIT Adobe Flash Type Confusion (CVE-2017-4920) (exploit.rules)
2829970 - ETPRO EXPLOIT Adobe Flash Use After Free (CVE-2017-4919) (exploit.rules)
2829971 - ETPRO CURRENT_EVENTS Successful Google Docs Phish 2018-03-12 (current_events.rules)
2829972 - ETPRO CURRENT_EVENTS Successful Amazon Phish 2018-03-12 M1 (current_events.rules)
2829973 - ETPRO CURRENT_EVENTS Successful Amazon Phish 2018-03-12 M2 (current_events.rules)
2829974 - ETPRO CURRENT_EVENTS Successful Halkbank Phish 2018-03-12 (current_events.rules)
2829975 - ETPRO CURRENT_EVENTS Successful Telstra Phish 2018-03-12 (current_events.rules)
2829976 - ETPRO CURRENT_EVENTS Successful Citibanamex BancaNet Phish 2018-03-12 (current_events.rules)
2829977 - ETPRO CURRENT_EVENTS Successful Citibank Phish 2018-03-12 (current_events.rules)
2829978 - ETPRO CURRENT_EVENTS Successful Email Verification Phish 2018-03-12 (current_events.rules)
2829979 - ETPRO CURRENT_EVENTS Successful AT&T Phish 2018-03-12 (current_events.rules)
2829980 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-03-12 2) (trojan.rules)
2829981 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-03-12 3) (trojan.rules)
2829982 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-03-12 4) (trojan.rules)
2829983 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-03-12 5) (trojan.rules)
2829984 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-03-12 6) (trojan.rules)
2829985 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-03-12 1) (trojan.rules)
2829986 - ETPRO MALWARE Observed Malicious SSL Cert (ApolloClicker) (malware.rules)
2829987 - ETPRO MALWARE Observed Malicious SSL Cert (Steam GameHack) (malware.rules)
2829988 - ETPRO POLICY Observed MS Certutil User-Agent in HTTP Request (policy.rules)

[///]     Modified active rules:     [///]

2025354 - ET CURRENT_EVENTS Possible Successful Generic Phish (set) 2018-02-13 (current_events.rules)
2829939 - ETPRO TROJAN MSIL/JanHof RAT Checkin 1 (trojan.rules)

Date: 
Monday, March 12, 2018 - 00:00