Daily Ruleset Update Summary 2018/05/08

[***]            Summary:            [***]

7 new Open, 32 new Pro (7 + 25). W32/JbossMiner, MSIL/Vega Stealer, Various Phishing, Various Mobile.

April MAPP Coverage:
2830754 => CVE-2018-8174
2830755 => CVE-2018-4944

[+++]          Added rules:          [+++]

Open:

2025561 - ET CURRENT_EVENTS IRS Phishing Landing 2018-05-07 (current_events.rules)
2025562 - ET CURRENT_EVENTS Successful IRS Phish 2018-05-07 (current_events.rules)
2025563 - ET CURRENT_EVENTS Possible TSB Bank Phishing Landing 2018-05-07 (current_events.rules)
2025564 - ET CURRENT_EVENTS Possible Successful TSB Bank Phish 2018-05-07 (current_events.rules)
2025565 - ET CURRENT_EVENTS Successful Generic Phish 2018-05-08 (set) (current_events.rules)
2025566 - ET CURRENT_EVENTS Successful Generic Phish 2018-05-08 (set) (current_events.rules)
2025567 - ET TROJAN Iron Ransomware Domain (y5mogzal2w25p6bn .ml in DNS Lookup) (trojan.rules)

Pro:

2830731 - ETPRO MALWARE W32/JbossMiner Checkin (malware.rules)
2830732 - ETPRO TROJAN Observed Malicious SSL Cert (Win32/c4tger CnC Domain) (trojan.rules)
2830733 - ETPRO TROJAN Observed Win32/c4tger CnC Domain (investments-advisors .bid in TLS SNI) (trojan.rules)
2830734 - ETPRO TROJAN W32/Agent.TAQ Requesting Config (trojan.rules)
2830735 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL 2018-05-08) (current_events.rules)
2830736 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 322 (mobile_malware.rules)
2830737 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 323 (mobile_malware.rules)
2830738 - ETPRO TROJAN MSIL/Vega Stealer Screenshot Upload (trojan.rules)
2830739 - ETPRO TROJAN MSIL/Vega Stealer Passwords Upload (trojan.rules)
2830740 - ETPRO CURRENT_EVENTS In-Browser Miner JS Inject Detected (current_events.rules)
2830741 - ETPRO POLICY Observed Malicious SSL Cert (External IP Address Lookup Domain (iptrackeronline .com) (policy.rules)
2830742 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 324 (mobile_malware.rules)
2830743 - ETPRO CURRENT_EVENTS Successful NAB Phish 2018-05-08 (current_events.rules)
2830744 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 325 (mobile_malware.rules)
2830745 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 326 (mobile_malware.rules)
2830746 - ETPRO TROJAN DarkHotel Stealer Plugin Communicating with CnC (trojan.rules)
2830747 - ETPRO CURRENT_EVENTS Successful Wells Fargo Phish 2018-05-08 (current_events.rules)
2830748 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-05-08 1) (trojan.rules)
2830749 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-05-08 2) (trojan.rules)
2830750 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-05-08 3) (trojan.rules)
2830751 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-05-08 4) (trojan.rules)
2830752 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-05-08 5) (trojan.rules)
2830753 - ETPRO EXPLOIT Possible Microsoft Office RCE Vulnerability (CVE-2018-8161) (exploit.rules)
2830754 - ETPRO WEB_CLIENT Possible Windows VBScript Engine RCE Vulnerability (CVE-2018-8174) (web_client.rules)
2830755 - ETPRO EXPLOIT Adobe Flash Player Type Confusion (CVE-2018-4944) (exploit.rules)

[///]     Modified active rules:     [///]

2014726 - ET POLICY Outdated Flash Version M1 (policy.rules)
2024379 - ET POLICY Outdated Flash Version M2 (policy.rules)
2024721 - ET CURRENT_EVENTS CoinHive In-Browser Miner Detected (current_events.rules)
2025455 - ET TROJAN Win32/GandCrab Ransomware CnC Activity M2 (trojan.rules)
2815398 - ETPRO TROJAN Linux/Fysbis or Sofacy/CHOPSTICK CnC Beacon M5 (trojan.rules)
2821712 - ETPRO TROJAN LatentBot HTTP POST Checkin (trojan.rules)

[---]         Removed rules:         [---]

2015581 - ET TROJAN Atadommoc.C - HTTP CnC (trojan.rules)
2807241 - ETPRO WEB_CLIENT Adobe PDF file corrupted download (CVE-2013-3351) 3 (web_client.rules)

Date: 
Tuesday, May 8, 2018 - 00:00