Daily Ruleset Update Summary
Daily Ruleset Update Summary 2018/07/11

[***]            Summary:            [***]

4 new Open, 41 new Pro (5 + 36). Danabot HTTP Checkin, CVE-2018-5008, Various Phish, Various Mobile.

Thanks: @eSentire

[+++]          Added rules:          [+++]

Open:

2025649 - ET EXPLOIT Possible ETERNALBLUE MSF Probe MS17-010 (exploit.rules)
2025650 - ET EXPLOIT Possible ETERNALBLUE MSF Probe Vulnerable System Response MS17-010 (exploit.rules)
2025651 - ET TROJAN [eSentire] Unknown Banker CnC Command (DOWNLOAD) (trojan.rules)
2025652 - ET TROJAN [eSentire] Unknown Banker CnC Checkin (trojan.rules)

Pro:

2831689 - ETPRO EXPLOIT Flash Player OOB Read (CVE-2018-5008) (exploit.rules)
2831690 - ETPRO TROJAN Danabot HTTP Checkin (trojan.rules)
2831691 - ETPRO MOBILE_MALWARE Android.SMSReg.AIP Variant CnC Checkin (mobile_malware.rules)
2831692 - ETPRO POLICY Base64 Encoded EXE Inbound M1 (policy.rules)
2831693 - ETPRO CURRENT_EVENTS Successful DHL Phish 2018-07-11 (current_events.rules)
2831694 - ETPRO POLICY Base64 Encoded EXE Inbound M2 (policy.rules)
2831695 - ETPRO POLICY Base64 Encoded EXE Inbound M3 (policy.rules)
2831696 - ETPRO POLICY Base64 Encoded EXE Inbound M4 (policy.rules)
2831697 - ETPRO POLICY Base64 Encoded EXE Inbound M5 (policy.rules)
2831698 - ETPRO POLICY Base64 Encoded EXE Inbound M6 (policy.rules)
2831699 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish 2018-07-11 (current_events.rules)
2831700 - ETPRO CURRENT_EVENTS Successful OneDrive Phish 2018-07-11 (current_events.rules)
2831701 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2018-07-11 (current_events.rules)
2831702 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2018-07-11 (current_events.rules)
2831703 - ETPRO NETBIOS Microsoft Windows RRAS SMB Remote Code Execution (netbios.rules)
2831704 - ETPRO CURRENT_EVENTS Successful Caisse d'Epargne Phish M1 2018-07-11 (current_events.rules)
2831705 - ETPRO CURRENT_EVENTS Successful Caisse d'Epargne Phish M2 2018-07-11 (current_events.rules)
2831706 - ETPRO MOBILE_MALWARE Android.Trojan.MisoSMS.A Reporting Infection via SMTP (mobile_malware.rules)
2831707 - ETPRO WEB_SPECIFIC_APPS Dicoogle PACS 2.5.0 - Directory Traversal (web_specific_apps.rules)
2831708 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-07-11 1) (trojan.rules)
2831709 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-07-11 2) (trojan.rules)
2831710 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-07-11 3) (trojan.rules)
2831711 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-07-11 4) (trojan.rules)
2831712 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-07-11 5) (trojan.rules)
2831713 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-07-11 6) (trojan.rules)
2831714 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-07-11 7) (trojan.rules)
2831715 - ETPRO EXPLOIT IBM QRadar SIEM Unauthenticated Remote Code Execution (exploit.rules)
2831716 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-07-11 8) (trojan.rules)
2831717 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-07-11 9) (trojan.rules)
2831718 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-07-11 10) (trojan.rules)
2831719 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-07-11 11) (trojan.rules)
2831720 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-07-11 12) (trojan.rules)
2831721 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-07-11 13) (trojan.rules)
2831722 - ETPRO TROJAN Korozya Miner CnC Activity (trojan.rules)
2831723 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-07-11) (trojan.rules)
2831724 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-07-11 2) (trojan.rules)

[///]     Modified active rules:     [///]

2021747 - ET TROJAN Win32.Spy/TVRat Checkin (trojan.rules)
2024217 - ET EXPLOIT Possible ETERNALBLUE MS17-010 Heap Spray (exploit.rules)
2025648 - ET CURRENT_EVENTS [eSentire] Adobe Phishing Landing 2018-07-04 (current_events.rules)
2821591 - ETPRO TROJAN Win32.Spy/TVRat Checkin 2 (trojan.rules)
2827448 - ETPRO WEB_CLIENT Adobe Reader Memory Corruption (CVE-2017-3122, CVE-2018-4965) (web_client.rules)
2829620 - ETPRO TROJAN Chthonic CnC Beacon Generic M1 (trojan.rules)
2830344 - ETPRO TROJAN LokiBot PowerShell Downloader User-Agent (USR-KL) (trojan.rules)
2831193 - ETPRO EXPLOIT Flash Player Integer Overflow Inbound (CVE-2018-5000) (exploit.rules)

Date:
Summary title:
4 new Open, 41 new Pro (5 + 36). Danabot HTTP Checkin, CVE-2018-5008, Various Phish, Various Mobile.