[***] Summary: [***]
1 new Open, 14 new Pro (1 + 13). Loki Bot Fake 404, MSIL/UA-Loader, Various Mobile, Various Phishing.
April MAPP Coverage:
2830336 => CVE-2018-4934
2830337 => CVE-2018-4936
[+++] Added rules: [+++]
Open:
2025483 - ET TROJAN Loki Bot Fake 404 Response (trojan.rules)
Pro:
2830325 - ETPRO TROJAN Remcos RAT Checkin 14 (trojan.rules)
2830326 - ETPRO CURRENT_EVENTS Observed MalDoc DL 2018-04-10 Domain (securitymyinfo .me in TLS SNI) (current_events.rules)
2830327 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL 2018-04-10 2) (current_events.rules)
2830328 - ETPRO TROJAN MSIL/UA-Loader Request (trojan.rules)
2830329 - ETPRO CURRENT_EVENTS Gotham Font SocEng Template Inbound (current_events.rules)
2830330 - ETPRO CURRENT_EVENTS Successful Adobe Document Cloud Phish 2018-04-10 (current_events.rules)
2830331 - ETPRO CURRENT_EVENTS Successful Blockchain Phish 2018-04-10 (current_events.rules)
2830332 - ETPRO MOBILE_MALWARE Android Backdoor Lazarus CnC Beacon (mobile_malware.rules)
2830333 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-04-10 1) (trojan.rules)
2830334 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-04-10 2) (trojan.rules)
2830335 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-04-10 3) (trojan.rules)
2830336 - ETPRO EXPLOIT Flash Player Out-of-Bounds Vuln (CVE-2018-4934) (exploit.rules)
2830337 - ETPRO EXPLOIT Flash Player Heap Overflow Vuln (CVE-2018-4936) (exploit.rules)
[///] Modified active rules: [///]
2014726 - ET POLICY Outdated Flash Version M1 (policy.rules)
2024313 - ET TROJAN Loki Bot Request for C2 Commands Detected M1 (trojan.rules)
2024379 - ET POLICY Outdated Flash Version M2 (policy.rules)
2025392 - ET TROJAN QRat.Java.RAT Checkin Response (trojan.rules)
2025393 - ET TROJAN QRat.Java.RAT Post-Checkin Request (trojan.rules)
2025455 - ET TROJAN Win32/GandCrab Ransomware CnC Activity M2 (trojan.rules)
2830317 - ETPRO TROJAN Urausy CnC (trojan.rules)