Daily Ruleset Update Summary
Daily Ruleset Update Summary 2018/07/10

[***]            Summary:            [***]

5 new Open, 45 new Pro (5 + 40). Drupalgeddon2, LokiBot PowerShell Downloader, MAPP, Various Phish, Various Mobile.

Thanks: @eSentire

July MAPP Coverage:
2831659 => CVE-2018-5028
2831660 => CVE-2018-5040
2831661 => CVE-2018-5052
2831669 => CVE-2018-12756
2831670 =>  CVE-2018-12789

[+++]          Added rules:          [+++]

Open:

2025644 - ET TROJAN Possible Metasploit Payload Common Construct Bind_API (from server) (trojan.rules)
2025645 - ET MALWARE [eSentire] Win32/Adware.Adposhel.lgvk CnC Checkin (malware.rules)
2025646 - ET WEB_SPECIFIC_APPS [eSentire] Drupalgeddon2 <8.3.9 <8.4.6 <8.5.1 RCE Through Registration Form (CVE-2018-7600) (web_specific_apps.rules)
2025647 - ET CURRENT_EVENTS [eSentire] Fake Flash Update 2018-07-09 (current_events.rules)
2025648 - ET CURRENT_EVENTS [eSentire] Adobe Landing 2018-07-04 (current_events.rules)

Pro:

2830344 - ETPRO TROJAN LokiBot PowerShell Downloader User-Agent (USR-KL) (trojan.rules)
2831650 - ETPRO TROJAN Win32/Agent.TDK Variant CnC Checkin (trojan.rules)
2831651 - ETPRO EXPLOIT D-Link DIR601 2.02 Credential Disclosure (exploit.rules)
2831652 - ETPRO WEB_SPECIFIC_APPS Elektronischer Leitz-Ordner 10 - SQL Injection (web_specific_apps.rules)
2831653 - ETPRO TROJAN Powerstats/Muddywater CnC Checkin (trojan.rules)
2831654 - ETPRO TROJAN Observed Cobalt Strike CnC Domain in TLS SNI (trojan.rules)
2831655 - ETPRO TROJAN Observed Cobalt Strike CnC M2 Domain (wsus .azureedge .net in TLS SNI) (trojan.rules)
2831656 - ETPRO TROJAN Powerstats/Muddywater CnC Activity (trojan.rules)
2831657 - ETPRO EXPLOIT HID VertX and Edge door controllers command_blink_on Remote Command Execution (exploit.rules)
2831658 - ETPRO SCAN HID VertX and Edge door controllers discover (scan.rules)
2831659 - ETPRO EXPLOIT Acrobat Pro XPS Heap Overflow Attempt (CVE-2018-5028) (exploit.rules)
2831660 - ETPRO WEB_CLIENT Possible Adobe PDF Acrobat Reader Heap Overflow (CVE-2018-5040) (web_client.rules)
2831661 - ETPRO WEB_CLIENT Possible Adobe PDF Acrobat Reader Heap Overflow (CVE-2018-5052) (web_client.rules)
2831662 - ETPRO CURRENT_EVENTS Successful Bank of America Phish M1 2018-07-10 (current_events.rules)
2831663 - ETPRO EXPLOIT Adobe EMF File Memory Corrpution Vulnerability Inbound (CVE-2018-5061) (exploit.rules)
2831664 - ETPRO CURRENT_EVENTS Successful Bank of America Phish M2 2018-07-10 (current_events.rules)
2831665 - ETPRO CURRENT_EVENTS Successful Wells Fargo Phish 2018-07-10 (current_events.rules)
2831666 - ETPRO CURRENT_EVENTS Successful NatWest Phish M1 2018-07-10 (current_events.rules)
2831667 - ETPRO CURRENT_EVENTS Successful NatWest Phish M2 2018-07-10 (current_events.rules)
2831668 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2018-07-10 (current_events.rules)
2831669 - ETPRO EXPLOIT Adobe Reader UAF (CVE-2018-12756) (exploit.rules)
2831670 - ETPRO EXPLOIT Adobe EMF File Memory Corrpution Vulnerability Inbound (CVE-2018-12789) (exploit.rules)
2831671 - ETPRO CURRENT_EVENTS MalDoc Retrieving Ursnif Payload 2018-07-10 (current_events.rules)
2831672 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-07-10 1) (trojan.rules)
2831673 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-07-10 2) (trojan.rules)
2831674 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-07-10 3) (trojan.rules)
2831675 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-07-10 4) (trojan.rules)
2831676 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-07-10 5) (trojan.rules)
2831677 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-07-10 6) (trojan.rules)
2831678 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-07-10 7) (trojan.rules)
2831679 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-07-10 8) (trojan.rules)
2831680 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-07-10 9) (trojan.rules)
2831681 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-07-10 10) (trojan.rules)
2831682 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-07-10 11) (trojan.rules)
2831683 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-07-10 12) (trojan.rules)
2831684 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-07-10 13) (trojan.rules)
2831685 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-07-10 14) (trojan.rules)
2831686 - ETPRO MOBILE_MALWARE Android/Hiddad.QO CnC Beacon (mobile_malware.rules)
2831687 - ETPRO MOBILE_MALWARE Android/Hiddad.QO CnC Beacon 2 (mobile_malware.rules)
2831688 - ETPRO WEB_SPECIFIC_APPS GitList Argument Injection (web_specific_apps.rules)

[///]     Modified active rules:     [///]

2014726 - ET POLICY Outdated Flash Version M1 (policy.rules)
2018667 - ET TROJAN Possible Zeus P2P Variant Check-in (trojan.rules)
2024379 - ET POLICY Outdated Flash Version M2 (policy.rules)
2025583 - ET TROJAN [PTsecurity] PS/TrojanDownloader.Agent.NNR XORed Zip payload (key 0x91) (trojan.rules)
2827448 - ETPRO WEB_CLIENT Adobe Reader Memory Corruption (CVE-2017-3122, CVE-2018-4965) (web_client.rules)

[---]         Removed rules:         [---]

2820244 - ETPRO TROJAN Possible Metasploit Payload Common Construct Bind_API (from server) (trojan.rules)
2830344 - ETPRO USER_AGENTS LokiBot PowerShell Downloader User-Agent (USR-KL) (user_agents.rules)

Date:
Summary title:
5 new Open, 45 new Pro (5 + 40). Drupalgeddon2, LokiBot PowerShell Downloader, MAPP, Various Phish, Various Mobile.