Daily Ruleset Update Summary 2018/05/03

[***]            Summary:            [***]

2 new Open, 32 new Pro (2 + 30). Malicious (HTA-VBS-PowerShell), RedLeaves HOGFISH APT Implant, CVE-2018-10561, Various Mobile, Various Phishing.

Thanks: @AttackDetection

[+++]          Added rules:          [+++]

2025557 - ET TROJAN RedLeaves HOGFISH APT Implant CnC (trojan.rules)
2025558 - ET CURRENT_EVENTS [PTsecurity] Possible Malicious (HTA-VBS-PowerShell) obfuscated command (current_events.rules)
2830661 - ETPRO MALWARE Win32/InstallCore Reporting Successful Install (malware.rules)
2830662 - ETPRO CURRENT_EVENTS JS.SocGholish POST Request (current_events.rules)
2830663 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-05-03 1) (trojan.rules)
2830664 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-05-03 2) (trojan.rules)
2830665 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-05-03 3) (trojan.rules)
2830666 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-05-03 4) (trojan.rules)
2830667 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-05-03 5) (trojan.rules)
2830668 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-05-03 6) (trojan.rules)
2830669 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-05-03 7) (trojan.rules)
2830670 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-05-03 8) (trojan.rules)
2830671 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-05-03 9) (trojan.rules)
2830672 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-05-03 10) (trojan.rules)
2830673 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-05-03 11) (trojan.rules)
2830674 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-05-03 12) (trojan.rules)
2830675 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-05-03 13) (trojan.rules)
2830676 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-05-03 14) (trojan.rules)
2830677 - ETPRO CURRENT_EVENTS Successful Bell Phish 2018-05-03 (current_events.rules)
2830678 - ETPRO TROJAN Cobalt Group CnC DNS Lookup (trojan.rules)
2830679 - ETPRO TROJAN Cobalt Group CnC DNS Lookup (trojan.rules)
2830680 - ETPRO TROJAN Cobalt Group CnC Domain in SNI (trojan.rules)
2830681 - ETPRO TROJAN Observed Malicious SSL Cert (Cobalt Group CnC) (trojan.rules)
2830682 - ETPRO TROJAN Cobalt Group CnC Domain in SNI (trojan.rules)
2830683 - ETPRO TROJAN Observed Malicious SSL Cert (Cobalt Group CnC) (trojan.rules)
2830684 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.ZooPark CnC Beacon (mobile_malware.rules)
2830685 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.ZooPark CnC Beacon 2 (mobile_malware.rules)
2830686 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.ZooPark Checkin (mobile_malware.rules)
2830687 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.ZooPark Checkin 2 (mobile_malware.rules)
2830688 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.ZooPark CnC Beacon 3 (mobile_malware.rules)
2830689 - ETPRO TROJAN Caminho Powershell Downloader (trojan.rules)
2830690 - ETPRO EXPLOIT GPON Authentication Bypass Attempt (CVE-2018-10561) (exploit.rules)

[///]     Modified active rules:     [///]

2828858 - ETPRO CURRENT_EVENTS Malicious VBScript Inbound (seen dropping Ursnif) (current_events.rules)
2830613 - ETPRO TROJAN W32/Chthonic CnC Activity (trojan.rules)
2830646 - ETPRO TROJAN Possible Zeus Panda SSL/TLS Certificate Observed (trojan.rules)

Date: 
Thursday, May 3, 2018 - 00:00