Daily Ruleset Update Summary 2018/09/12

[***]            Summary:            [***]

2 new Open, 29 new Pro (2 + 27). MageCart Exfil Domain, Win32/Agent.SZW, CVE-2018-8459, Various Mobile.

[+++]          Added rules:          [+++]

Open:

2026110 - ET TROJAN Observed Malicious SSL Cert (MageCart Exfil Domain) (trojan.rules)
2026111 - ET CURRENT_EVENTS Microsoft Tech Support Phone Scam Landing 2018-09-12 (current_events.rules)

Pro:

2832539 - ETPRO CURRENT_EVENTS PowerShell EP Bypass and String Download - Possible Stage 2  (current_events.rules)
2832540 - ETPRO TROJAN Win32/Agent.SZW CnC Checkin (trojan.rules)
2832541 - ETPRO TROJAN Win32/Agent.SZW Requesting Stage 2 (trojan.rules)
2832542 - ETPRO TROJAN Win32/DanaBot CnC Checkin M2 (trojan.rules)
2832543 - ETPRO TROJAN Win32/DanaBot Payloads Inbound from CnC (FF Variant) M2 (trojan.rules)
2832544 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 403 (mobile_malware.rules)
2832545 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 404 (mobile_malware.rules)
2832546 - ETPRO WEB_CLIENT Microsoft Edge Type Confusion Attempt (CVE-2018-8459) (web_client.rules)
2832547 - ETPRO CURRENT_EVENTS Successful Linkedin Phish 2018-09-12 (current_events.rules)
2832548 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 405 (mobile_malware.rules)
2832549 - ETPRO CURRENT_EVENTS Successful American Express Phish 2018-09-12 (current_events.rules)
2832550 - ETPRO CURRENT_EVENTS Successful Amazon Phish 2018-09-12 (current_events.rules)
2832551 - ETPRO MOBILE_MALWARE Android/SMSreg.NK Checkin (mobile_malware.rules)
2832552 - ETPRO MOBILE_MALWARE Trojan.Android.Agent.dinaxx CnC Beacon (mobile_malware.rules)
2832553 - ETPRO MOBILE_MALWARE Android/Obfus.IQ CnC Beacon (mobile_malware.rules)
2832554 - ETPRO MOBILE_MALWARE Android/Rootnik-AI Checkin (mobile_malware.rules)
2832555 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL 2018-09-12) (current_events.rules)
2832556 - ETPRO TROJAN Possible Win32/Zpevdo.A Desktop Exfiltration (trojan.rules)
2832557 - ETPRO CURRENT_EVENTS Possible Win32/Zpevdo.A Firefox Exfiltration (current_events.rules)
2832558 - ETPRO CURRENT_EVENTS Possible MiniRat Websocket Init (current_events.rules)
2832559 - ETPRO TROJAN Win32/Zpevdo.A Checkin (trojan.rules)
2832560 - ETPRO TROJAN Win32/Zpevdo.A Requesting Payload (trojan.rules)
2832561 - ETPRO TROJAN Win32/Zpevdo.A Retrieving Payload (trojan.rules)
2832562 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-09-12 1) (trojan.rules)
2832563 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-09-12 2) (trojan.rules)
2832564 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-09-12 3) (trojan.rules)
2832565 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-09-12 4) (trojan.rules)

[///]     Modified active rules:     [///]

2025972 - ET EXPLOIT Mikrotik Winbox RCE Attempt (CVE-2018-14847) (exploit.rules)
2828244 - ETPRO TROJAN Win32.PowerPool CnC Checkin (trojan.rules)

Date: 
Wednesday, September 12, 2018 - 00:00