[Emerging-updates] Daily Ruleset Update Summary 2017/04/11

Travis Green tgreen at emergingthreats.net
Tue Apr 11 19:55:39 EDT 2017


[***]            Summary:            [***]

6 new Open, 60 new Pro (6 + 54). April MAPP, EITest, Various Android,
Various Phishing

Thanks: MS_ISAC


[+++]          Added rules:          [+++]

 Open:

  2024197 - ET CURRENT_EVENTS SUSPICIOUS MSXMLHTTP DL of HTA (Observed in
RTF 0-day ) (current_events.rules)
  2024198 - ET CURRENT_EVENTS EITest SocENG Payload DL
(current_events.rules)
  2024199 - ET CURRENT_EVENTS EITest SocENG Inject M2 (current_events.rules)
  2024200 - ET CURRENT_EVENTS EITest SocENG Inject M3 (current_events.rules)
  2024201 - ET MOBILE_MALWARE AdWare.AndroidOS.Ewind.cd Checkin
(mobile_malware.rules)
  2024202 - ET MOBILE_MALWARE AdWare.AndroidOS.Ewind.cd Response
(mobile_malware.rules)

 Pro:

  2825844 - ETPRO MOBILE_MALWARE Android/Agent.ST Checkin
(mobile_malware.rules)
  2825845 - ETPRO MOBILE_MALWARE Android/Spy.SmsSpy.IT CnC Beacon
(mobile_malware.rules)
  2825846 - ETPRO MOBILE_MALWARE Android/Spy.SmsSpy.IT CnC Beacon 2
(mobile_malware.rules)
  2825847 - ETPRO MOBILE_MALWARE Android/Spy.SmsSpy.IT CnC Beacon 3
(mobile_malware.rules)
  2825848 - ETPRO EXPLOIT Windows Graphics Elevation of Privilege
Vulnerability Inbound (CVE-2017-0155) (exploit.rules)
  2825849 - ETPRO WEB_CLIENT Possible IE UAF (CVE-2017-0158)
(web_client.rules)
  2825850 - ETPRO EXPLOIT Windows Kernel Information Disclosure
Vulnerability Inbound (CVE-2017-0167) (exploit.rules)
  2825851 - ETPRO EXPLOIT Win32k Elevation of Privilege Vulnerability
Inbound (CVE-2017-0189) (exploit.rules)
  2825852 - ETPRO EXPLOIT Possible Microsoft Office 2007 DLL Sideloading
(CVE-2017-0197) (exploit.rules)
  2825853 - ETPRO EXPLOIT Microsoft Outlook Remote Code Execution
Vulnerability Inbound (CVE-2017-0199) (exploit.rules)
  2825854 - ETPRO WEB_CLIENT Possible Microsoft Edge Type Confusion
(CVE-2017-0200) (web_client.rules)
  2825855 - ETPRO EXPLOIT Internet Explorer Memory Corruption Vulnerability
(CVE-2017-0202) (exploit.rules)
  2825856 - ETPRO WEB_CLIENT Possible Edge Render Format Type Confusion
(CVE-2017-0205) (web_client.rules)
  2825857 - ETPRO WEB_CLIENT Possible Windows Scripting Engine Information
Disclosure Vulnerability (CVE-2017-0208) (web_client.rules)
  2825858 - ETPRO WEB_CLIENT Internet Explorer EOP Vulnerability
(CVE-2017-0210) (web_client.rules)
  2825859 - ETPRO WEB_CLIENT Possible Adobe Reader CVE-2017-3014 Use After
Free (web_client.rules)
  2825860 - ETPRO WEB_CLIENT Possible Adobe Reader Memory Corruption
CVE-2017-3017 (web_client.rules)
  2825861 - ETPRO WEB_CLIENT Possible Adobe Reader Memory Corruption
CVE-2017-3019 (web_client.rules)
  2825862 - ETPRO WEB_CLIENT Possible Adobe Reader Information Disclosure
CVE-2017-3020 (web_client.rules)
  2825863 - ETPRO WEB_CLIENT Possible Adobe Reader Information Disclosure
CVE-2017-3022 (web_client.rules)
  2825864 - ETPRO WEB_CLIENT Possible Adobe Reader Memory Corruption
CVE-2017-3024 (web_client.rules)
  2825865 - ETPRO WEB_CLIENT Possible Adobe Reader Use After Free
CVE-2017-3027 (web_client.rules)
  2825866 - ETPRO WEB_CLIENT Possible Adobe Reader Information Disclosure
CVE-2017-3023 (web_client.rules)
  2825867 - ETPRO WEB_CLIENT Possible Adobe Reader Information Disclosure
CVE-2017-3029 (web_client.rules)
  2825868 - ETPRO WEB_CLIENT Possible Adobe Reader Memory Corruption
CVE-2017-3030 (web_client.rules)
  2825869 - ETPRO WEB_CLIENT Possible Adobe Reader Information Disclosure
CVE-2017-3032 (web_client.rules)
  2825870 - ETPRO WEB_CLIENT Possible Adobe Reader Information Disclosure
CVE-2017-3033 (web_client.rules)
  2825871 - ETPRO WEB_CLIENT Possible Adobe Reader Integer Overflow
CVE-2017-3034 (web_client.rules)
  2825872 - ETPRO WEB_CLIENT Possible Adobe Reader Integer Overflow
CVE-2017-3035 (web_client.rules)
  2825873 - ETPRO WEB_CLIENT Possible Adobe Reader Memory Corruption
CVE-2017-3039 (web_client.rules)
  2825874 - ETPRO WEB_CLIENT Possible Adobe Reader Information Disclosure
CVE-2017-3044 (web_client.rules)
  2825875 - ETPRO WEB_CLIENT Possible Adobe Reader Information Disclosure
CVE-2017-3045 (web_client.rules)
  2825876 - ETPRO WEB_CLIENT Possible Adobe Reader Information Disclosure
CVE-2017-3046 (web_client.rules)
  2825877 - ETPRO WEB_CLIENT Adobe Reader Use After Free CVE-2017-3047
(web_client.rules)
  2825878 - ETPRO WEB_CLIENT Possible Adobe Reader TIFF Heap Overflow
(CVE-2017-3048) (web_client.rules)
  2825879 - ETPRO WEB_CLIENT Possible Adobe Reader TIFF Heap Overflow
(CVE-2017-3049) (web_client.rules)
  2825880 - ETPRO WEB_CLIENT Possible Adobe Reader Memory Corruption
CVE-2017-3056 (web_client.rules)
  2825881 - ETPRO WEB_CLIENT Adobe Reader Use After Free CVE-2017-3057
(web_client.rules)
  2825882 - ETPRO CURRENT_EVENTS Successful Email Shutdown/Verification
Phish Apr 11 2017 (current_events.rules)
  2825883 - ETPRO TROJAN Malicious SSL Certificate Observed (Blue Lambert
Implant) (trojan.rules)
  2825884 - ETPRO CURRENT_EVENTS Successful Office 365 Phish M1 Apr 11 2017
(current_events.rules)
  2825885 - ETPRO CURRENT_EVENTS Successful Office 365 Phish M2 Apr 11 2017
(current_events.rules)
  2825886 - ETPRO CURRENT_EVENTS Successful Credit Agricole Bank (FR) Phish
Apr 11 2017 (current_events.rules)
  2825887 - ETPRO MOBILE_MALWARE Android/Styricka.A CnC Beacon 2
(mobile_malware.rules)
  2825888 - ETPRO CURRENT_EVENTS Successful American Express Phish Apr 11
2017 (current_events.rules)
  2825889 - ETPRO CURRENT_EVENTS Successful Chase Phish Apr 11 2017
(current_events.rules)
  2825890 - ETPRO CURRENT_EVENTS Successful Santander Phish Apr 11 2017
(current_events.rules)
  2825891 - ETPRO CURRENT_EVENTS Successful ZIX Message Center Phish Apr 11
2017 (current_events.rules)
  2825892 - ETPRO TROJAN Unknown MalDoc VBS Downloader Requesting Payload
(trojan.rules)
  2825893 - ETPRO TROJAN BlueNoroff/Lazarus Variant CnC Beacon
(trojan.rules)
  2825894 - ETPRO CURRENT_EVENTS Successful UBS Phish M1 Mar 13 2017
(current_events.rules)
  2825895 - ETPRO CURRENT_EVENTS Successful UBS Phish M2 Mar 13 2017
(current_events.rules)
  2825896 - ETPRO CURRENT_EVENTS Possible Magnitude EK Apr 04 2017
(current_events.rules)
  2825897 - ETPRO CURRENT_EVENTS Possible Magnitude EK First Stage Landing
Apr 04 2017 (current_events.rules)


 [///]     Modified active rules:     [///]

  2013091 - ET TROJAN Backdoor.Win32.DarkComet Keepalive Inbound
(trojan.rules)
  2014726 - ET POLICY Outdated Windows Flash Version IE (policy.rules)
  2022836 - ET TROJAN PowerShell/Agent.A DNS Checkin (trojan.rules)
  2815637 - ETPRO TROJAN Win32/Agent.XOA Checkin (APT-C-23) (trojan.rules)
  2825769 - ETPRO CURRENT_EVENTS RIG EK Landing Apr 04 2017
(current_events.rules)
  2825831 - ETPRO CURRENT_EVENTS RIG EK Landing Apr 04 2017
(current_events.rules)


-- 
PGP: 0xBED7B297
<https://pgp.mit.edu/pks/lookup?op=get&search=0x6B68453CBED7B297>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20170411/a28c6d5e/attachment.html>


More information about the Emerging-updates mailing list