[Emerging-updates] Daily Ruleset Update Summary 2017/12/06

Travis Green tgreen at emergingthreats.net
Wed Dec 6 12:00:22 HST 2017


[***]            Summary:            [***]

20 new Open, 26 new Pro (20 + 6). Various INFO File Downloads, Various
Mobile, Various Phishing.

Thanks: @AttackDetection


[+++]          Added rules:          [+++]

Open:

 2025122 - ET INFO MIPSEL File Download Request from IP Address (info.rules)
 2025123 - ET INFO MIPS File Download Request from IP Address (info.rules)
 2025124 - ET INFO ARM File Download Request from IP Address (info.rules)
 2025125 - ET INFO ARM7 File Download Request from IP Address (info.rules)
 2025126 - ET INFO x86 File Download Request from IP Address (info.rules)
 2025127 - ET INFO m68k File Download Request from IP Address (info.rules)
 2025128 - ET INFO SPARC File Download Request from IP Address (info.rules)
 2025129 - ET INFO POWERPC File Download Request from IP Address
(info.rules)
 2025130 - ET INFO X86_64 File Download Request from IP Address (info.rules)
 2025131 - ET INFO SUPERH File Download Request from IP Address (info.rules)
 2025132 - ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution
CVE-2014-8361 (exploit.rules)
 2025133 - ET POLICY possible OnePlus phone data leakage DNS (policy.rules)
 2025134 - ET POLICY OnePlus phone data leakage (policy.rules)
 2025135 - ET TROJAN [PTsecurity] Botnet Nitol.B Checkin (trojan.rules)
 2025136 - ET TROJAN njRAT/Bladabindi Variant (Lime) CnC Checkin
(trojan.rules)
 2025137 - ET CURRENT_EVENTS Possible Facebook Phishing Landing - Title
over non SSL (current_events.rules)
 2025138 - ET POLICY localtunnel Reverse Proxy Domain (localtunnel .me in
DNS Lookup) (policy.rules)
 2025139 - ET POLICY localtunnel Reverse Proxy Domain (localtunnel .me in
TLS SNI) (policy.rules)
 2025140 - ET CURRENT_EVENTS Possible MyEtherWallet Phishing Landing -
Title over non SSL (current_events.rules)

Pro:

 2828803 - ETPRO TROJAN StorageCrypt Downloading SambaCry (trojan.rules)
 2828804 - ETPRO CURRENT_EVENTS Successful Banque Postale (FR) Phish
2017-12-06 M1 (current_events.rules)
 2828805 - ETPRO CURRENT_EVENTS Successful Banque Postale (FR) Phish
2017-12-06 M2 (current_events.rules)
 2828806 - ETPRO CURRENT_EVENTS Successful Generic Multi Email Account
Phish 2017-12-06 (current_events.rules)
 2828807 - ETPRO CURRENT_EVENTS Successful Banco do Brasil Phish 2017-12-06
(current_events.rules)
 2828808 - ETPRO TROJAN Observed Malicious IP Check (W32/MewsSpy)
(trojan.rules)


[///]     Modified active rules:     [///]

 2025120 - ET TROJAN Possible Sharik/Smoke Loader Microsoft Connectivity
check (trojan.rules)
 2820991 - ETPRO TROJAN Win32/TrojanDownloader.Agent.CIV Initial CnC
Checkin (trojan.rules)
 2822712 - ETPRO CURRENT_EVENTS Successful Banco de la Nacion Phish Oct 18
2016 (current_events.rules)
 2825562 - ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (ll)
(trojan.rules)


[---]  Disabled and modified rules:  [---]

 2820385 - ETPRO TROJAN APT.Fimlis CnC Beacon (trojan.rules)


-- 
PGP: 0xBED7B297
<https://pgp.mit.edu/pks/lookup?op=get&search=0x6B68453CBED7B297>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20171206/4d7c5b21/attachment.html>


More information about the Emerging-updates mailing list