Daily Ruleset Update Summary
Daily Ruleset Update Summary 2018/10/15

[***]            Summary:            [***]

13 new Open, 44 new Pro (13 + 31). Android APT-C-23, CVE-2018-8453, Various Maldoc, Various Mobile, Various Phishing.

[+++]          Added rules:          [+++]

Open:

2026476 - ET MOBILE_MALWARE Android APT-C-23 (chat-often .com in DNS Lookup) (mobile_malware.rules)
2026477 - ET MOBILE_MALWARE Android APT-C-23 (chat-often .com in TLS SNI) (mobile_malware.rules)
2026478 - ET MOBILE_MALWARE Android APT-C-23 (harvey-ross .info in DNS Lookup) (mobile_malware.rules)
2026479 - ET MOBILE_MALWARE Android APT-C-23 (harvey-ross .info in TLS SNI) (mobile_malware.rules)
2026480 - ET MOBILE_MALWARE Android APT-C-23 (mail-goog1e .com in DNS Lookup) (mobile_malware.rules)
2026481 - ET MOBILE_MALWARE Android APT-C-23 (mail-goog1e .com in TLS SNI) (mobile_malware.rules)
2026482 - ET MOBILE_MALWARE Android APT-C-23 (pml-help .site in DNS Lookup) (mobile_malware.rules)
2026483 - ET MOBILE_MALWARE Android APT-C-23 (pml-help .site in TLS SNI) (mobile_malware.rules)
2026484 - ET MOBILE_MALWARE Android APT-C-23 (christopher .fun in DNS Lookup) (mobile_malware.rules)
2026485 - ET MOBILE_MALWARE Android APT-C-23 (christopher .fun in TLS SNI) (mobile_malware.rules)
2026486 - ET POLICY DNS Lookup for Possible Common Brand Phishing Hosted on Legitimate Windows Service (policy.rules)
2026487 - ET POLICY Request for Possible Common Brand Phishing Hosted on Legitimate Windows Service (policy.rules)
2026488 - ET WEB_CLIENT Possible Microsoft Edge Remote Command Execution PoC (CVE-2018-8495) (web_client.rules)

Pro:

2833092 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 439 (mobile_malware.rules)
2833093 - ETPRO POLICY Designerware RentalPC Agent Checkin (policy.rules)
2833094 - ETPRO INFO SOAP Request Outbound (info.rules)
2833095 - ETPRO EXPLOIT Win32K UAF PrivEsc Inbound (CVE-2018-8453) (exploit.rules)
2833096 - ETPRO TROJAN Win32.Unk TVRAT Variant Checkin (trojan.rules)
2833097 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-10-15 1) (trojan.rules)
2833098 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-10-15 2) (trojan.rules)
2833099 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-10-15 3) (trojan.rules)
2833100 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-10-15 4) (trojan.rules)
2833101 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-10-15 5) (trojan.rules)
2833102 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-10-15 6) (trojan.rules)
2833103 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-10-15 7) (trojan.rules)
2833104 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-10-15 8) (trojan.rules)
2833105 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-10-15 9) (trojan.rules)
2833106 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-10-15 10) (trojan.rules)
2833107 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-10-15 11) (trojan.rules)
2833108 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-10-15 12) (trojan.rules)
2833109 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-10-15 13) (trojan.rules)
2833110 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-10-15 14) (trojan.rules)
2833111 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-10-15 15) (trojan.rules)
2833112 - ETPRO TROJAN Various Reporting json Client Info via User-Agent (trojan.rules)
2833113 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC) (trojan.rules)
2833114 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (Ursnif DL 2018-10-15) (current_events.rules)
2833115 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (Malicious LNK DL 2018-10-15) (current_events.rules)
2833116 - ETPRO CURRENT_EVENTS Observed MalDoc DL 2018-10-15 Domain (www .kum .net in TLS SNI) (current_events.rules)
2833117 - ETPRO CURRENT_EVENTS Successful Bank of America Phish 2018-10-15 (current_events.rules)
2833118 - ETPRO CURRENT_EVENTS Successful Battlenet Phish 2018-10-15 (current_events.rules)
2833119 - ETPRO CURRENT_EVENTS Successful HM Revenue & Customs Phish 2018-10-15 (current_events.rules)
2833120 - ETPRO CURRENT_EVENTS Successful Bank of America Phish 2018-10-15 (current_events.rules)
2833121 - ETPRO CURRENT_EVENTS Successful Paypal Credit Card Information Phish 2018-10-15 (current_events.rules)
2833122 - ETPRO CURRENT_EVENTS Successful Skat DK Tax Phish 2018-10-15 (current_events.rules)

[///]     Modified active rules:     [///]

2826959 - ETPRO TROJAN Unknown Checkin (trojan.rules)
2828106 - ETPRO TROJAN Win32/Unknown CnC Checkin (trojan.rules)
2831834 - ETPRO TROJAN Parasite HTTP Checkin (trojan.rules)
2833022 - ETPRO CURRENT_EVENTS Trickbot MalDoc DL 2018-09-26 (current_events.rules)

Date:
Summary title:
13 new Open, 44 new Pro (13 + 31). Android APT-C-23, CVE-2018-8453, Various Maldoc, Various Mobile, Various Phishing.