Daily Ruleset Update Summary 2018/09/11

[***]            Summary:            [***]

1 new Open, 28 new Pro (1 + 27). Tor/Noscript JS Bypass, More_Eggs SSL, W32.PowerPool, Various Mobile.

Thanks: @rmkml

[+++]          Added rules:          [+++]

Open:

2026109 - ET CURRENT_EVENTS Possible Tor/Noscript JS Bypass (current_events.rules)

Pro:

2832512 - ETPRO TROJAN More_Eggs SSL/TLS Certificate Observed (trojan.rules)
2832513 - ETPRO TROJAN More_Eggs SSL/TLS Certificate Observed (trojan.rules)
2832514 - ETPRO CURRENT_EVENTS MalDoc Retrieving Ursnif Payload 2018-09-11 (current_events.rules)
2832515 - ETPRO MALWARE Observed Malicious SSL Cert (Win32/Downloader.Agent.BH CnC Domain) (malware.rules)
2832516 - ETPRO MALWARE Observed Malicious SSL Cert (Win32/Downloader.Agent.BH CnC Domain) (malware.rules)
2832517 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 388 (mobile_malware.rules)
2832518 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 389 (mobile_malware.rules)
2832519 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 390 (mobile_malware.rules)
2832520 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 391 (mobile_malware.rules)
2832521 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 392 (mobile_malware.rules)
2832522 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 393 (mobile_malware.rules)
2832523 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 394 (mobile_malware.rules)
2832524 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 395 (mobile_malware.rules)
2832525 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 396 (mobile_malware.rules)
2832526 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 397 (mobile_malware.rules)
2832527 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 398 (mobile_malware.rules)
2832528 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 399 (mobile_malware.rules)
2832529 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 400 (mobile_malware.rules)
2832530 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 401 (mobile_malware.rules)
2832531 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 402 (mobile_malware.rules)
2832532 - ETPRO TROJAN W32.PowerPool IP Check (trojan.rules)
2832533 - ETPRO TROJAN Possible AIRBREAK Module Download (trojan.rules)
2832534 - ETPRO TROJAN Possible AIRBREAK Beacon (trojan.rules)
2832535 - ETPRO TROJAN Possible AIRBREAK Command Received (trojan.rules)
2832536 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-09-11 1) (trojan.rules)
2832537 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-09-11 2) (trojan.rules)
2832538 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-09-11 3) (trojan.rules)

[///]     Modified active rules:     [///]

2014726 - ET POLICY Outdated Flash Version M1 (policy.rules)
2024379 - ET POLICY Outdated Flash Version M2 (policy.rules)
2025972 - ET EXPLOIT Mikrotik Winbox RCE Attempt (CVE-2018-14847) (exploit.rules)
2026023 - ET EXPLOIT SonicWall Global Management System - XMLRPC set_time_zone Command Injection (CVE-2018-9866) (exploit.rules)
2826782 - ETPRO EXPLOIT CVE-2017-8543 SMB2 CPMGetRows (exploit.rules)
2828244 - ETPRO TROJAN Win32.PowerPool CnC Checkin (trojan.rules)
2832501 - ETPRO TROJAN Win32/TrickBot Anchor Variant CnC Checkin (trojan.rules)

[---]         Removed rules:         [---]

2801204 - ETPRO WEB_CLIENT Apple Safari WebKit Menu OnChange Memory Corruption (web_client.rules)
2803341 - ETPRO WEB_CLIENT Apple Safari WebKit innerHTML Double Free Memory Corruption (web_client.rules)
2803342 - ETPRO WEB_CLIENT Apple Safari WebKit innerHTML Double Free Memory Corruption (Published Exploit) (web_client.rules)
2803348 - ETPRO WEB_CLIENT Apple Safari WebKit SVG Memory Corruption (web_client.rules)
2803349 - ETPRO WEB_CLIENT Apple Safari WebKit SVG Memory Corruption (Published Exploit) (web_client.rules)
2803351 - ETPRO WEB_CLIENT Apple Safari WebKit SVG Markers Use-After-Free Memory Corruption (Published Exploit) (web_client.rules)

Date: 
Tuesday, September 11, 2018 - 00:00