Daily Ruleset Update Summary 2018/12/05

[***]            Summary:            [***]

16 new Open, 42 new Pro (16 + 26). WeChat, STOLENPENCIL, PowerEnum CnC, CVE-2015-7768.

Thanks: @AttackDetection

[+++]          Added rules:          [+++]

Open:

2026687 - ET TROJAN [PTsecurity] WeChat (Ransomware/Stealer) Config (trojan.rules)
2026688 - ET TROJAN [PTsecurity] WeChat (Ransomware/Stealer) HttpHeader (trojan.rules)
2026689 - ET TROJAN STOLENPENCIL CnC Domain in DNS Lookup (trojan.rules)
2026690 - ET TROJAN STOLENPENCIL CnC Domain in DNS Lookup (trojan.rules)
2026691 - ET TROJAN STOLENPENCIL CnC Domain in DNS Lookup (trojan.rules)
2026692 - ET TROJAN STOLENPENCIL CnC Domain in DNS Lookup (trojan.rules)
2026693 - ET TROJAN STOLENPENCIL CnC Domain in DNS Lookup (trojan.rules)
2026694 - ET TROJAN STOLENPENCIL CnC Domain in DNS Lookup (trojan.rules)
2026695 - ET TROJAN STOLENPENCIL CnC Domain in DNS Lookup (trojan.rules)
2026696 - ET TROJAN STOLENPENCIL CnC Domain in DNS Lookup (trojan.rules)
2026697 - ET TROJAN STOLENPENCIL CnC Domain in DNS Lookup (trojan.rules)
2026698 - ET TROJAN STOLENPENCIL CnC Domain in DNS Lookup (trojan.rules)
2026699 - ET TROJAN STOLENPENCIL CnC Domain in DNS Lookup (trojan.rules)
2026700 - ET TROJAN STOLENPENCIL CnC Domain in DNS Lookup (trojan.rules)
2026701 - ET TROJAN STOLENPENCIL CnC Domain in DNS Lookup (trojan.rules)
2026702 - ET TROJAN STOLENPENCIL CnC Domain in DNS Lookup (trojan.rules)

Pro:

2833787 - ETPRO TROJAN Observed Malicious SSL Cert (PowerEnum CnC) (trojan.rules)
2833788 - ETPRO TROJAN Observed Malicious SSL Cert (PowerEnum CnC) (trojan.rules)
2833789 - ETPRO TROJAN Observed Malicious SSL Cert (PowerEnum CnC) (trojan.rules)
2833790 - ETPRO TROJAN Observed Malicious SSL Cert (PowerEnum CnC) (trojan.rules)
2833810 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 452 (mobile_malware.rules)
2833811 - ETPRO EXPLOIT Konica Minolta FTP Buffer Overflow Attempt (CVE-2015-7768) (exploit.rules)
2833812 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-12-05 1) (trojan.rules)
2833813 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-12-05 2) (trojan.rules)
2833814 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-12-05 3) (trojan.rules)
2833815 - ETPRO TROJAN Win32/Remcos RAT Checkin 80 (trojan.rules)
2833816 - ETPRO TROJAN Observed Malicious SSL Cert (Meterpreter CnC) (trojan.rules)
2833817 - ETPRO MALWARE Win32/Unruy Rogue Search Host Observed 1 (malware.rules)
2833818 - ETPRO MALWARE Win32/Unruy Rogue Search Host Observed 2 (malware.rules)
2833819 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL 2018-12-05) (current_events.rules)
2833820 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (Ursnif CnC) (current_events.rules)
2833821 - ETPRO TROJAN STOLENPENCIL CnC Domain in DNS Lookup (trojan.rules)
2833822 - ETPRO TROJAN STOLENPENCIL CnC Domain in DNS Lookup (trojan.rules)
2833823 - ETPRO TROJAN STOLENPENCIL CnC Domain in DNS Lookup (trojan.rules)
2833824 - ETPRO TROJAN STOLENPENCIL CnC Domain in DNS Lookup (trojan.rules)
2833825 - ETPRO TROJAN STOLENPENCIL CnC Domain in DNS Lookup (trojan.rules)
2833826 - ETPRO TROJAN STOLENPENCIL CnC Domain in DNS Lookup (trojan.rules)
2833827 - ETPRO TROJAN STOLENPENCIL CnC Domain in DNS Lookup (trojan.rules)
2833828 - ETPRO TROJAN STOLENPENCIL CnC Domain in DNS Lookup (trojan.rules)
2833829 - ETPRO TROJAN STOLENPENCIL CnC Domain in DNS Lookup (trojan.rules)
2833830 - ETPRO TROJAN STOLENPENCIL CnC Domain in DNS Lookup (trojan.rules)
2833831 - ETPRO TROJAN STOLENPENCIL CnC Domain in DNS Lookup (trojan.rules)

[///]     Modified active rules:     [///]

2014726 - ET POLICY Outdated Flash Version M1 (policy.rules)
2019627 - ET WEB_SERVER Possible Cookie Based BackDoor Used in Drupal Attacks (web_server.rules)
2024379 - ET POLICY Outdated Flash Version M2 (policy.rules)

[---]         Removed rules:         [---]

2833787 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (PowerEnum CnC) (current_events.rules)
2833788 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (PowerEnum CnC) (current_events.rules)
2833789 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (PowerEnum CnC) (current_events.rules)
2833790 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (PowerEnum CnC) (current_events.rules)

Date: 
Wednesday, December 5, 2018 - 00:00