Daily Ruleset Update Summary
Daily Ruleset Update Summary 2018/06/27

[***]            Summary:            [***]

1 new Open, 19 new Pro (1 + 18). TP-Link Auth Bypass, Android Hiddad APK, Various Phish

[+++]          Added rules:          [+++]

Open:

2025630 - ET CURRENT_EVENTS Successful Generic Phish 2018-06-27 (set) (current_events.rules)

Pro:

2831439 - ETPRO EXPLOIT TP-Link TL-WR840N/TL-WR841N - Authentication Bypass (GET conf.bin) (exploit.rules)
2831440 - ETPRO EXPLOIT TP-Link TL-WR840N/TL-WR841N - Authentication Bypass (Add Port Forwarding) (exploit.rules)
2831441 - ETPRO EXPLOIT TP-Link TL-WR840N/TL-WR841N - Authentication Bypass (Reboot Router) (exploit.rules)
2831442 - ETPRO EXPLOIT TP-Link TL-WR840N/TL-WR841N - Authentication Bypass (Enable Guest Network) (exploit.rules)
2831443 - ETPRO EXPLOIT TP-Link TL-WR840N/TL-WR841N - Authentication Bypass (DMZ enable and Disable) (exploit.rules)
2831444 - ETPRO EXPLOIT TP-Link TL-WR840N/TL-WR841N - Authentication Bypass (WiFi Password Change) (exploit.rules)
2831445 - ETPRO CURRENT_EVENTS Evil Keitaro Cookie Flowbit Set (current_events.rules)
2831446 - ETPRO CURRENT_EVENTS SocEng Redirect Chain - Evil Keitaro Set-Cookie Inbound (529a0) (current_events.rules)
2831447 - ETPRO MOBILE_MALWARE Android/Hiddad.OG Requesting APK (mobile_malware.rules)
2831448 - ETPRO MOBILE_MALWARE Android/Hiddad.OG Requesting APK 2 (mobile_malware.rules)
2831449 - ETPRO MOBILE_MALWARE Android/Hiddad.OG Requesting APK 3 (mobile_malware.rules)
2831450 - ETPRO MOBILE_MALWARE Android/Clicker.JV CnC Beacon 2 (mobile_malware.rules)
2831451 - ETPRO EXPLOIT D-Link DSL-2750B - OS Command Injection (exploit.rules)
2831452 - ETPRO WEB_SPECIFIC_APPS Wordpress Arbitrary File Deletion 1 (web_specific_apps.rules)
2831453 - ETPRO WEB_SPECIFIC_APPS Wordpress Arbitrary File Deletion 2 (web_specific_apps.rules)
2831454 - ETPRO CURRENT_EVENTS Successful Office 365 Phish 2018-06-27 (current_events.rules)
2831456 - ETPRO WEB_SPECIFIC_APPS Blind Server-Side Request Forgery (web_specific_apps.rules)
2831457 - ETPRO CURRENT_EVENTS Successful Generic Personalized Phish 2018-06-27 (current_events.rules)

[///]     Modified active rules:     [///]

Open:

2014381 - ET POLICY HTTP HEAD invalid method case outbound (policy.rules)
2022647 - ET TROJAN Cryptolocker Payment Domain (3qbyaoohkcqkzrz6) (trojan.rules)

Pro:

2804850 - ETPRO TROJAN Trojan.Win32.Scar.fgcf CnC Traffic (trojan.rules)
2826185 - ETPRO TROJAN ABUSE.CH TorrentLocker Payment Domain (2ymh2gnnbg6pgq2r) (trojan.rules)
2829105 - ETPRO TROJAN NSIS/Unk.Dropper Downloading Monero Coinminer EXE (trojan.rules)
2831037 - ETPRO MOBILE_MALWARE Android/TeleRAT Info Exfil via Telegram API 1 (mobile_malware.rules)
2831038 - ETPRO MOBILE_MALWARE Android/TeleRAT Info Exfil via Telegram API 2 (mobile_malware.rules)
2831039 - ETPRO MOBILE_MALWARE Android/TeleRAT Info Exfil via Telegram API 3 (mobile_malware.rules)
2831040 - ETPRO MOBILE_MALWARE Android/TeleRAT Info Exfil via Telegram API 4 (mobile_malware.rules)
2831041 - ETPRO MOBILE_MALWARE Android/TeleRAT Info Exfil via Telegram API 5 (mobile_malware.rules)
2831042 - ETPRO MOBILE_MALWARE Android/TeleRAT Info Exfil via Telegram API 6 (mobile_malware.rules)
2831043 - ETPRO MOBILE_MALWARE Android/TeleRAT Info Exfil via Telegram API 7 (mobile_malware.rules)
2831327 - ETPRO MOBILE_MALWARE Android/TeleRAT Info Exfil via Telegram API 8 (mobile_malware.rules)
2831328 - ETPRO MOBILE_MALWARE Android/TeleRAT Info Exfil via Telegram API 9 (mobile_malware.rules)
2831425 - ETPRO WEB_SPECIFIC_APPS Joomla Component Ek rishta 2.10 - SQL Injection 1 (web_specific_apps.rules)
2831429 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL 2018-06-26 1) (current_events.rules)

[---]         Removed rules:         [---]

2820687 - ETPRO MOBILE_MALWARE Android Unknown Trojan SMS Exfiltration (mobile_malware.rules)

Date:
Summary title:
1 new Open, 19 new Pro (1 + 18). TP-Link Auth Bypass, Android Hiddad APK, Various Phish