Daily Ruleset Update Summary 2018/04/06

[***]            Summary:            [***]

4 new Open, 20 new Pro (4 + 16). Win32/DanijBot, CVE-2018-0171, Adderall Loader, Various Phishing.

Thanks: Jake Warren

[+++]          Added rules:          [+++]

Open:

2025469 - ET TROJAN Win32/DanijBot User-Agent (trojan.rules)
2025470 - ET TROJAN Win32/DanijBot CnC Checkin (trojan.rules)
2025471 - ET TROJAN Win32/DanijBot CnC Task Status (trojan.rules)
2025472 - ET EXPLOIT Possible CVE-2018-0171 Exploit (PoC based) (exploit.rules)

Pro:

2830284 - ETPRO TROJAN Adderall Loader CnC Checkin (trojan.rules)
2830285 - ETPRO TROJAN Adderall Loader IP Check (trojan.rules)
2830286 - ETPRO TROJAN Win32/Tiggre Checkin (trojan.rules)
2830287 - ETPRO TROJAN RubberDucky Logging Activity (trojan.rules)
2830288 - ETPRO CURRENT_EVENTS Successful WeTransfer Phish 2018-04-06 (current_events.rules)
2830289 - ETPRO CURRENT_EVENTS Possible Successful Assurance Maladie Phish (FR) M1 2018-04-06 (current_events.rules)
2830290 - ETPRO CURRENT_EVENTS Possible Successful Assurance Maladie Phish (FR) M2 2018-04-06 (current_events.rules)
2830291 - ETPRO CURRENT_EVENTS Successful Chalbhai (Multibrand) M1 Phish 2018-04-06 (current_events.rules)
2830292 - ETPRO CURRENT_EVENTS Successful Chalbhai (Multibrand) M2 Phish 2018-04-06 (current_events.rules)
2830293 - ETPRO CURRENT_EVENTS Successful Chalbhai (Multibrand) M3 Phish 2018-04-06 (current_events.rules)
2830294 - ETPRO CURRENT_EVENTS Successful Chalbhai (Multibrand) M4 Phish 2018-04-06 (current_events.rules)
2830295 - ETPRO CURRENT_EVENTS Successful AT&T Phish 2018-04-06 (current_events.rules)
2830296 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-04-06 1) (trojan.rules)
2830297 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-04-06 2) (trojan.rules)
2830298 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-04-06 3) (trojan.rules)
2830299 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-04-06 4) (trojan.rules)

[///]    Modified inactive rules:    [///]

2830245 - ETPRO POLICY Request for CSS File Returning Executable (policy.rules)

Date: 
Friday, April 6, 2018 - 00:00