Daily Ruleset Update Summary 2018/05/04

[***]            Summary:            [***]

15 new Pro. W32/Bloop.A, SocEng/Gholish, W32/Emotet, Various Phishing.

[+++]          Added rules:          [+++]

2830691 - ETPRO TROJAN W32/Bloop.A Checkin (trojan.rules)
2830692 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-05-04 1) (trojan.rules)
2830693 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-05-04 2) (trojan.rules)
2830694 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-05-04 3) (trojan.rules)
2830695 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-05-04 4) (trojan.rules)
2830696 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-05-04 5) (trojan.rules)
2830697 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-05-04 6) (trojan.rules)
2830698 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-05-04 7) (trojan.rules)
2830699 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-05-04 8) (trojan.rules)
2830700 - ETPRO TROJAN Observed Malicious SSL Cert (Cobalt Group CnC) (trojan.rules)
2830701 - ETPRO TROJAN W32/Emotet CnC Checkin (trojan.rules)
2830702 - ETPRO CURRENT_EVENTS Successful Alibaba Phish 2018-05-04 (current_events.rules)
2830703 - ETPRO CURRENT_EVENTS SocEng/Gholish JS Web Inject Inbound (current_events.rules)
2830704 - ETPRO CURRENT_EVENTS SocEng/Gholish Fake Update Template Inbound (current_events.rules)
2830705 - ETPRO CURRENT_EVENTS Successful BT Phish 2018-05-04 (current_events.rules)

[///]     Modified active rules:     [///]

2011868 - ET WEB_CLIENT Possible Javascript obfuscation using app.setTimeOut in PDF in Order to Run Code (web_client.rules)
2015671 - ET INFO Adobe PDF in HTTP Flowbit Set (info.rules)
2803027 - ETPRO WEB_CLIENT Microsoft Excel Malformed Selection (type 0x1D) BIFF record (web_client.rules)
2803653 - ETPRO WEB_CLIENT Microsoft Excel DataFormat Record Parsing Vulnerability (web_client.rules)
2816666 - ETPRO TROJAN Win32/TrojanDownloader.Banload.XAK Downloading PE (trojan.rules)
2827448 - ETPRO WEB_CLIENT Adobe Reader Memory Corruption (CVE-2017-3122, CVE-2018-4965) (web_client.rules)

[///]    Modified inactive rules:    [///]

2830661 - ETPRO MALWARE Win32/InstallCore Reporting Successful Install (malware.rules)
2830662 - ETPRO CURRENT_EVENTS JS.SocGholish POST Request (current_events.rules)

Date: 
Friday, May 4, 2018 - 00:00