Daily Ruleset Update Summary 2018/04/26

[***]            Summary:            [***]

13 new Open, 22 new Pro (13 + 19). Drupalgeddon, GravityRAT, MSIL/Opprysr, Various Mobile, Various Phishing.

Thanks: @esentire

[+++]          Added rules:          [+++]

Open:

2025532 - ET CURRENT_EVENTS Outlook Web App Phishing Landing 2018-04-26 (current_events.rules)
2025533 - ET WEB_SPECIFIC_APPS Drupal RCE (CVE-2018-7602) (web_specific_apps.rules)
2025534 - ET WEB_SPECIFIC_APPS Drupalgeddon2 <8.3.9 <8.4.6 <8.5.1 RCE Through Registration Form (CVE-2018-7600) (web_specific_apps.rules)
2025535 - ET CURRENT_EVENTS Observed Coin-Hive In Browser Mining Domain (coin-hive .com in TLS SNI) (current_events.rules)
2025536 - ET CURRENT_EVENTS Observed Malicious SSL Cert (Coin-Hive In Browser Mining) (current_events.rules)
2025537 - ET MALWARE Lavasoft PUA/Adware Client Install (malware.rules)
2025538 - ET TROJAN MSIL/G1 Stealer/GravityRAT Uploading File (trojan.rules)
2025539 - ET TROJAN MSIL/G1 Stealer/GravityRAT Requesting Payload (trojan.rules)
2025540 - ET TROJAN MSIL/G2 Stealer/GravityRAT CnC Checkin (trojan.rules)
2025541 - ET TROJAN MSIL/GX Stealer/GravityRAT Uploading File (trojan.rules)
2025542 - ET TROJAN MSIL/GravityRAT CnC Domain (msoftupdates .com in DNS Lookup) (trojan.rules)
2025543 - ET TROJAN MSIL/GravityRAT CnC Domain (msoftupdates .eu in DNS Lookup) (trojan.rules)
2025544 - ET TROJAN MSIL/GravityRAT CnC Domain (mylogisoft .com in DNS Lookup) (trojan.rules)

Pro:

2830571 - ETPRO CURRENT_EVENTS Successful Fedex Phish 2018-04-26 (current_events.rules)
2830572 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2018-04-26 (current_events.rules)
2830573 - ETPRO CURRENT_EVENTS Successful ABSA Bank Phish 2018-04-26 (current_events.rules)
2830574 - ETPRO TROJAN W32/Pterodo.CL CnC Checkin (trojan.rules)
2830575 - ETPRO TROJAN MSIL/G1 Stealer/GravityRAT CnC Activity (trojan.rules)
2830576 - ETPRO TROJAN Win32/InnaputRAT CnC Domain (worlwidesupport .top in DNS Lookup) (trojan.rules)
2830577 - ETPRO TROJAN W32.Innaput RAT Checkin (trojan.rules)
2830578 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmForw.iz SMS/Contact Exfil via SMTP 37 (mobile_malware.rules)
2830579 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-04-25 1) (trojan.rules)
2830580 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-04-25 2) (trojan.rules)
2830581 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-04-25 3) (trojan.rules)
2830582 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-04-25 4) (trojan.rules)
2830583 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-04-25 5) (trojan.rules)
2830584 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-04-25 6) (trojan.rules)
2830585 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-04-25 7) (trojan.rules)
2830586 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-04-25 8) (trojan.rules)
2830587 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-04-25 9) (trojan.rules)
2830588 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-04-25 10) (trojan.rules)
2830589 - ETPRO TROJAN MSIL/Opprysr Backdoor CnC Checkin (trojan.rules)

[///]     Modified active rules:     [///]

2806920 - ETPRO TROJAN Trojan.Rontokbro Checkin (trojan.rules)
2816313 - ETPRO CURRENT_EVENTS Chalbhai Phishing Landing Feb 18 2016 (current_events.rules)
2827804 - ETPRO TROJAN MSIL/G3 Stealer/GravityRAT CnC Activity (trojan.rules)
2828858 - ETPRO CURRENT_EVENTS Malicious VBScript Inbound (seen dropping Ursnif) (current_events.rules)

Date: 
Thursday, April 26, 2018 - 00:00