[***]            Summary:            [***]

4 new Open, 23 new Pro (4 + 19). InfoBot, URLZone, Various Phishing, Various Mobile.

April MAPP Coverage Round 2:
2830892 => CVE-2018-4952
2830893 => CVE-2018-4954
2830894 => CVE-2018-4993
2827448 => CVE-2018-4965

[+++]          Added rules:          [+++]

2025577 - ET TROJAN InfoBot Sending Machine Details (trojan.rules)
2025578 - ET TROJAN InfoBot Sending LAN Details (trojan.rules)
2025579 - ET CURRENT_EVENTS Successful Generic Phish 2018-05-16 (set) (current_events.rules)
2025580 - ET TROJAN Win32/Unk.Stealer CnC Activity (trojan.rules)
2830874 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 340 (mobile_malware.rules)
2830875 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-05-16 1) (trojan.rules)
2830876 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-05-16 2) (trojan.rules)
2830877 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-05-16 3) (trojan.rules)
2830878 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-05-16 4) (trojan.rules)
2830879 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-05-16 5) (trojan.rules)
2830880 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-05-16 6) (trojan.rules)
2830881 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-05-16 7) (trojan.rules)
2830882 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-05-16 8) (trojan.rules)
2830883 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-05-16 9) (trojan.rules)
2830884 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL 2018-05-16) (current_events.rules)
2830885 - ETPRO TROJAN URLZone C2 Domain (minotaris .com in TLS SNI) (trojan.rules)
2830886 - ETPRO TROJAN Observed Malicious SSL Cert (URLZone CnC Domain) (trojan.rules)
2830888 - ETPRO POLICY ISL Remote Desktop Session UA (policy.rules) 
2830889 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmForw/SlemBunk/SLocker SMS Exfil (mobile_malware.rules)
2830890 - ETPRO CURRENT_EVENTS Successful Chase Phish 2018-05-16 (current_events.rules)
2830892 - ETPRO EXPLOIT Acrobat Use After Free (CVE-2018-4952) (exploit.rules)
2830893 - ETPRO EXPLOIT Acrobat Use After Free (CVE-2018-4954) (exploit.rules)
2830894 - ETPRO EXPLOIT Acrobat Information Disclosure (CVE-2018-4993) (exploit.rules)

[///]     Modified active rules:     [///]

2011276 - ET USER_AGENTS Suspicious User-Agent (InfoBot) (user_agents.rules)
2011868 - ET WEB_CLIENT Possible Javascript obfuscation using app.setTimeOut in PDF in Order to Run Code (web_client.rules)
2013995 - ET WEB_CLIENT PDF With Embedded U3D (web_client.rules)
2014545 - ET CURRENT_EVENTS TDS Sutra - page redirecting to a SutraTDS (current_events.rules)
2025576 - ET EXPLOIT HackingTrio UA (Hello, World) (exploit.rules)
2803027 - ETPRO WEB_CLIENT Microsoft Excel Malformed Selection (type 0x1D) BIFF record (web_client.rules)
2803653 - ETPRO WEB_CLIENT Microsoft Excel DataFormat Record Parsing Vulnerability (web_client.rules)
2803657 - ETPRO WEB_CLIENT Microsoft Excel SHRFMLA Biff Record Vulnerability Attempt (web_client.rules)
2821712 - ETPRO TROJAN LatentBot HTTP POST Checkin (trojan.rules)
2823937 - ETPRO CURRENT_EVENTS Successful Generic Phish (302) Dec 16 2016 (current_events.rules)
2827448 - ETPRO WEB_CLIENT Adobe Reader Memory Corruption (CVE-2017-3122, CVE-2018-4965) (web_client.rules)
2828958 - ETPRO TROJAN Win32/Satan Cryptor 2.0 Ransomware CnC Activity (trojan.rules)

[---]  Disabled and modified rules:  [---]

2830806 - ETPRO TROJAN JS/Javaxs.Loader CnC Checkin (trojan.rules)

Date: 
Tuesday, May 15, 2018 - 22:00