Daily Ruleset Update Summary
Daily Ruleset Update Summary 2018/08/24

[***]            Summary:            [***]

10 new Open, 32 new Pro (10 + 22). Apache Struts, SocketPlayer, MSIL/Hapvida, Various Mobile.

[+++]          Added rules:          [+++]

Open:

2026028 - ET EXPLOIT HP Enterprise VAN SDN Controller Root Command Injection (Unix) (exploit.rules)
2026029 - ET EXPLOIT HP Enterprise VAN SDN Controller Root Command Injection (Linux) (exploit.rules)
2026030 - ET EXPLOIT HP Enterprise VAN SDN Controller Upload Backdoor 2 (exploit.rules)
2026031 - ET WEB_SPECIFIC_APPS Apache Struts ognl inbound OGNL injection remote code execution attempt (web_specific_apps.rules)
2026032 - ET WEB_SPECIFIC_APPS Apache Struts inbound .getWriter OGNL injection remote code execution attempt (web_specific_apps.rules)
2026033 - ET WEB_SPECIFIC_APPS Apache Struts java.lang inbound OGNL injection remote code execution attempt (web_specific_apps.rules)
2026034 - ET WEB_SPECIFIC_APPS Apache Struts inbound .getClass OGNL injection remote code execution attempt (web_specific_apps.rules)
2026035 - ET WEB_SPECIFIC_APPS Apache Struts memberAccess inbound OGNL injection remote code execution attempt (web_specific_apps.rules)
2026036 - ET WEB_SPECIFIC_APPS MicroFocus Secure Messaging Gateway SQL Injection (web_specific_apps.rules)
2026037 - ET WEB_SPECIFIC_APPS MicroFocus Secure Messaging Gateway Remote Code Execution (web_specific_apps.rules)

Pro:

2832310 - ETPRO TROJAN SocketPlayer Netflix Killswitch DNS Lookup 2 (asdkaaskdlaksdjjkjsdnasjkdddasakjasdnkkkaksjdjndkjansdkswda) (trojan.rules)
2832311 - ETPRO TROJAN SocketPlayer Netflix Killswitch DNS Lookup 3 (asdkaaskdlaksdjjkjsdnddasakkkaksjdjndkjansdkswda) (trojan.rules)
2832312 - ETPRO TROJAN Win32/Remcos RAT Checkin 41 (trojan.rules)
2832313 - ETPRO TROJAN Win32/Remcos RAT Checkin 42 (trojan.rules)
2832314 - ETPRO TROJAN Win32/Remcos RAT Checkin 43 (trojan.rules)
2832315 - ETPRO TROJAN Win32/Remcos RAT Checkin 44 (trojan.rules)
2832316 - ETPRO TROJAN VBS.Caminho/N40 Domain in DNS Lookup (trojan.rules)
2832317 - ETPRO TROJAN VBS.Caminho/N40 Domain TLS SNI (trojan.rules)
2832318 - ETPRO TROJAN Zeus Panda C2 Domain in DNS Lookup (trojan.rules)
2832319 - ETPRO TROJAN Zeus Panda C2 Domain TLS SNI (trojan.rules)
2832320 - ETPRO TROJAN Zeus Panda C2 Domain in DNS Lookup (trojan.rules)
2832321 - ETPRO TROJAN Zeus Panda C2 Domain in TLS SNI (trojan.rules)
2832322 - ETPRO TROJAN Zeus Panda C2 Domain in DNS Lookup (trojan.rules)
2832323 - ETPRO TROJAN Zeus Panda C2 Domain in TLS SNI (trojan.rules)
2832324 - ETPRO TROJAN MSIL/Hapvida CnC Checkin (trojan.rules)
2832325 - ETPRO TROJAN NewcoreRAT HTTP CnC Pattern (trojan.rules)
2832326 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 375 (mobile_malware.rules)
2832327 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 376 (mobile_malware.rules)
2832328 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 377 (mobile_malware.rules)
2832329 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Rotex.b DNS Lookup (mobile_malware.rules)
2832330 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-08-24 1) (trojan.rules)
2832331 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-08-24 2) (trojan.rules)

[///]     Modified active rules:     [///]

2832225 - ETPRO TROJAN SocketPlayer Netflix Killswitch DNS Lookup 1 (asasdasdaskdlakalksdmlkasdnddasakkkaksjdjnsadlwda) (trojan.rules)

Date:
Summary title:
10 new Open, 32 new Pro (10 + 22). Apache Struts, SocketPlayer, MSIL/Hapvida, Various Mobile.