Daily Ruleset Update Summary 2018/11/16

[***]            Summary:            [***]

5 new Open, 13 new Pro (5 + 8). CVE-2018-15981, Various Malicious SSL Certs, Various APT.

[+++]          Added rules:          [+++]

2026616 - ET CURRENT_EVENTS Observed Malicious SSL Cert (HuadhServHelper CnC) (current_events.rules)
2026617 - ET TROJAN APT29 Domain in DNS Lookup (pandorasong .com) (trojan.rules)
2026618 - ET CURRENT_EVENTS Observed Malicious SSL Cert (APT29) (current_events.rules)
2026619 - ET TROJAN Hades APT Downloader Attempting to Retrieve Stage 2 Payload (trojan.rules)
2026620 - ET TROJAN Hades APT Domain in DNS Lookup (findupdatems .com) (trojan.rules)
2833575 - ETPRO MOBILE_MALWARE Android.Monitor.Puma.C (mobilegate .net in DNS Lookup) (mobile_malware.rules)
2833576 - ETPRO TROJAN WEB_CLIENT Possible Adobe Flash Type Confusion Vulnerability (CVE-2018-15981) (trojan.rules)
2833577 - ETPRO TROJAN Banload Variant CnC Activity (trojan.rules)
2833578 - ETPRO CURRENT_EVENTS PowerShell with Base64 Encoded Wide Strings Inbound (Anti-VM Related) (current_events.rules)
2833579 - ETPRO CURRENT_EVENTS PowerShell Downloader with Base64 Encoded Wscript.Shell Wide String Inbound (current_events.rules)
2833580 - ETPRO TROJAN ExtremeDownloader CnC Checkin (trojan.rules)
2833581 - ETPRO MALWARE Win32/InstallMonster Requesting File M1 (malware.rules)
2833582 - ETPRO MALWARE Win32/InstallMonster Requesting File M2 (malware.rules)

 [///]     Modified active rules:     [///]

2026611 - ET TROJAN TEMP.Periscope APT Domain in DNS Lookup (trojan.rules)
2026612 - ET TROJAN TEMP.Periscope APT Domain in DNS Lookup (trojan.rules)
2824248 - ETPRO TROJAN Zeus Panda Banker / Ursnif Malicious SSL Certificate Detected (trojan.rules)

Date: 
Friday, November 16, 2018 - 00:00