[Emerging-updates] Daily Ruleset Update Summary 2017/02/03

Francis Trudeau ftrudeau at emergingthreats.net
Fri Feb 3 17:27:18 EST 2017


 [***] Summary: [***]

 39 new Open signatures, 43 new Pro (39 + 4).  NilePhish, Turla,
CVE-2017-0016, WordPress Vuln.

 [+++]          Added rules:          [+++]

 Open:

  2023831 - ET DOS Excessive Large Tree Connect Response (dos.rules)
  2023832 - ET DOS SMB Tree_Connect Stack Overflow Attempt
(CVE-2017-0016) (dos.rules)
  2023833 - ET CURRENT_EVENTS DNS Request to NilePhish Domain 01
(current_events.rules)
  2023834 - ET CURRENT_EVENTS DNS Request to NilePhish Domain 02
(current_events.rules)
  2023835 - ET CURRENT_EVENTS DNS Request to NilePhish Domain 03
(current_events.rules)
  2023836 - ET CURRENT_EVENTS DNS Request to NilePhish Domain 04
(current_events.rules)
  2023837 - ET CURRENT_EVENTS DNS Request to NilePhish Domain 05
(current_events.rules)
  2023838 - ET CURRENT_EVENTS DNS Request to NilePhish Domain 06
(current_events.rules)
  2023839 - ET CURRENT_EVENTS DNS Request to NilePhish Domain 07
(current_events.rules)
  2023840 - ET CURRENT_EVENTS DNS Request to NilePhish Domain 08
(current_events.rules)
  2023841 - ET CURRENT_EVENTS DNS Request to NilePhish Domain 09
(current_events.rules)
  2023842 - ET CURRENT_EVENTS DNS Request to NilePhish Domain 10
(current_events.rules)
  2023843 - ET CURRENT_EVENTS DNS Request to NilePhish Domain 11
(current_events.rules)
  2023844 - ET CURRENT_EVENTS DNS Request to NilePhish Domain 12
(current_events.rules)
  2023845 - ET CURRENT_EVENTS DNS Request to NilePhish Domain 13
(current_events.rules)
  2023846 - ET CURRENT_EVENTS DNS Request to NilePhish Domain 14
(current_events.rules)
  2023847 - ET CURRENT_EVENTS DNS Request to NilePhish Domain 15
(current_events.rules)
  2023848 - ET CURRENT_EVENTS DNS Request to NilePhish Domain 16
(current_events.rules)
  2023849 - ET CURRENT_EVENTS DNS Request to NilePhish Domain 17
(current_events.rules)
  2023850 - ET CURRENT_EVENTS DNS Request to NilePhish Domain 18
(current_events.rules)
  2023851 - ET CURRENT_EVENTS DNS Request to NilePhish Domain 19
(current_events.rules)
  2023852 - ET CURRENT_EVENTS DNS Request to NilePhish Domain 20
(current_events.rules)
  2023853 - ET CURRENT_EVENTS DNS Request to NilePhish Domain 21
(current_events.rules)
  2023854 - ET CURRENT_EVENTS DNS Request to NilePhish Domain 22
(current_events.rules)
  2023855 - ET CURRENT_EVENTS DNS Request to NilePhish Domain 23
(current_events.rules)
  2023856 - ET CURRENT_EVENTS DNS Request to NilePhish Domain 24
(current_events.rules)
  2023857 - ET CURRENT_EVENTS DNS Request to NilePhish Domain 25
(current_events.rules)
  2023858 - ET CURRENT_EVENTS DNS Request to NilePhish Domain 26
(current_events.rules)
  2023859 - ET CURRENT_EVENTS DNS Request to NilePhish Domain 27
(current_events.rules)
  2023860 - ET CURRENT_EVENTS DNS Request to NilePhish Domain 28
(current_events.rules)
  2023861 - ET CURRENT_EVENTS DNS Request to NilePhish Domain 29
(current_events.rules)
  2023862 - ET CURRENT_EVENTS DNS Request to NilePhish Domain 30
(current_events.rules)
  2023863 - ET CURRENT_EVENTS DNS Request to NilePhish Domain 31
(current_events.rules)
  2023864 - ET CURRENT_EVENTS DNS Request to NilePhish Domain 32
(current_events.rules)
  2023865 - ET CURRENT_EVENTS DNS Request to NilePhish Domain 33
(current_events.rules)
  2023866 - ET CURRENT_EVENTS DNS Request to NilePhish Domain 34
(current_events.rules)
  2023867 - ET CURRENT_EVENTS DNS Request to NilePhish Domain 35
(current_events.rules)
  2023868 - ET TROJAN Turla Kopiluwak User-Agent (trojan.rules)
  2023869 - ET CURRENT_EVENTS Fake AV Phone Scam Landing Feb 2
(current_events.rules)

 Pro:

  2824767 - ETPRO TROJAN Satan Ransomware .onion Proxy Domain (trojan.rules)
  2824768 - ETPRO TROJAN MSIL/Bladabindi/njRAT Variant CnC Checkin
(op-s8) (trojan.rules)
  2824769 - ETPRO TROJAN MSIL/TrojanDownloader.Small.ASE Downloading
DLL (trojan.rules)
  2824770 - ETPRO WEB_SERVER Possible WP REST API Type Juggling Vuln
Exploit Attempt 2 (web_server.rules)


 [///]     Modified active rules:     [///]

  2000418 - ET POLICY Executable and linking format (ELF) file
download (policy.rules)
  2008500 - ET MALWARE Sogou.com Spyware User-Agent
(SogouIMEMiniSetup) (malware.rules)
  2019240 - ET POLICY Executable and linking format (ELF) file
download Over HTTP (policy.rules)
  2019714 - ET CURRENT_EVENTS Terse alphanumeric executable downloader
high likelihood of being hostile (current_events.rules)
  2023819 - ET CURRENT_EVENTS Possible Discover Phishing Domain Feb 02
2017 (current_events.rules)
  2023829 - ET CURRENT_EVENTS Possible Successful Discover Phish Feb
02 2017 (current_events.rules)
  2815778 - ETPRO CURRENT_EVENTS Possible Successful Generic Phish
(set) Feb 26 (current_events.rules)
  2815780 - ETPRO CURRENT_EVENTS Possible Successful Generic Phish
(set) Feb 26 (current_events.rules)
  2816419 - ETPRO CURRENT_EVENTS Possible Successful Generic Phish
(set) Feb 26 (current_events.rules)
  2820535 - ETPRO CURRENT_EVENTS Possible Successful Generic Phish
(set) Jun 8 (current_events.rules)
  2821142 - ETPRO CURRENT_EVENTS Possible Successful Generic Phish
(set) Jul 13 (current_events.rules)
  2821765 - ETPRO CURRENT_EVENTS Possible Successful Generic Phish
(set) Aug 19 2016 (current_events.rules)
  2821985 - ETPRO CURRENT_EVENTS Possible Successful Generic Phish
(set) Sept 2 (current_events.rules)
  2822659 - ETPRO CURRENT_EVENTS Possible Successful Generic Phish
(set) Oct 13 (current_events.rules)
  2822908 - ETPRO CURRENT_EVENTS Possible Successful Generic Phish
(set) Oct 25 (current_events.rules)
  2823300 - ETPRO CURRENT_EVENTS Possible Successful Generic Phish
(set) Nov 16 2016 (current_events.rules)
  2823419 - ETPRO CURRENT_EVENTS Possible Successful Generic Phish
(set) Nov 22 2016 (current_events.rules)
  2823697 - ETPRO CURRENT_EVENTS Possible Successful Generic Phish
(set) Dec 07 2016 (current_events.rules)
  2823823 - ETPRO CURRENT_EVENTS Possible Successful Generic Phish
(set) Dec 13 2016 (current_events.rules)
  2823974 - ETPRO CURRENT_EVENTS Possible Successful Generic Phish
(set) Dec 20 2016 (current_events.rules)
  2824125 - ETPRO CURRENT_EVENTS Possible Successful Generic Phish
(set) Dec 27 2016 (current_events.rules)
  2824680 - ETPRO TROJAN MultiPasswordRecovery Stealer Server Response
(trojan.rules)
  2824740 - ETPRO WEB_SERVER Possible WP REST API Type Juggling Vuln
Exploit Attempt (web_server.rules)


More information about the Emerging-updates mailing list