Daily Ruleset Update Summary 2017/02/03

[***] Summary: [***]

39 new Open signatures, 43 new Pro (39 + 4). NilePhish, Turla, CVE-2017-0016, WordPress Vuln.

[+++]          Added rules:          [+++]

Open:

2023831 - ET DOS Excessive Large Tree Connect Response (dos.rules)
2023832 - ET DOS SMB Tree_Connect Stack Overflow Attempt (CVE-2017-0016) (dos.rules)
2023833 - ET CURRENT_EVENTS DNS Request to NilePhish Domain 01 (current_events.rules)
2023834 - ET CURRENT_EVENTS DNS Request to NilePhish Domain 02 (current_events.rules)
2023835 - ET CURRENT_EVENTS DNS Request to NilePhish Domain 03 (current_events.rules)
2023836 - ET CURRENT_EVENTS DNS Request to NilePhish Domain 04 (current_events.rules)
2023837 - ET CURRENT_EVENTS DNS Request to NilePhish Domain 05 (current_events.rules)
2023838 - ET CURRENT_EVENTS DNS Request to NilePhish Domain 06 (current_events.rules)
2023839 - ET CURRENT_EVENTS DNS Request to NilePhish Domain 07 (current_events.rules)
2023840 - ET CURRENT_EVENTS DNS Request to NilePhish Domain 08 (current_events.rules)
2023841 - ET CURRENT_EVENTS DNS Request to NilePhish Domain 09 (current_events.rules)
2023842 - ET CURRENT_EVENTS DNS Request to NilePhish Domain 10 (current_events.rules)
2023843 - ET CURRENT_EVENTS DNS Request to NilePhish Domain 11 (current_events.rules)
2023844 - ET CURRENT_EVENTS DNS Request to NilePhish Domain 12 (current_events.rules)
2023845 - ET CURRENT_EVENTS DNS Request to NilePhish Domain 13 (current_events.rules)
2023846 - ET CURRENT_EVENTS DNS Request to NilePhish Domain 14 (current_events.rules)
2023847 - ET CURRENT_EVENTS DNS Request to NilePhish Domain 15 (current_events.rules)
2023848 - ET CURRENT_EVENTS DNS Request to NilePhish Domain 16 (current_events.rules)
2023849 - ET CURRENT_EVENTS DNS Request to NilePhish Domain 17 (current_events.rules)
2023850 - ET CURRENT_EVENTS DNS Request to NilePhish Domain 18 (current_events.rules)
2023851 - ET CURRENT_EVENTS DNS Request to NilePhish Domain 19 (current_events.rules)
2023852 - ET CURRENT_EVENTS DNS Request to NilePhish Domain 20 (current_events.rules)
2023853 - ET CURRENT_EVENTS DNS Request to NilePhish Domain 21 (current_events.rules)
2023854 - ET CURRENT_EVENTS DNS Request to NilePhish Domain 22 (current_events.rules)
2023855 - ET CURRENT_EVENTS DNS Request to NilePhish Domain 23 (current_events.rules)
2023856 - ET CURRENT_EVENTS DNS Request to NilePhish Domain 24 (current_events.rules)
2023857 - ET CURRENT_EVENTS DNS Request to NilePhish Domain 25 (current_events.rules)
2023858 - ET CURRENT_EVENTS DNS Request to NilePhish Domain 26 (current_events.rules)
2023859 - ET CURRENT_EVENTS DNS Request to NilePhish Domain 27 (current_events.rules)
2023860 - ET CURRENT_EVENTS DNS Request to NilePhish Domain 28 (current_events.rules)
2023861 - ET CURRENT_EVENTS DNS Request to NilePhish Domain 29 (current_events.rules)
2023862 - ET CURRENT_EVENTS DNS Request to NilePhish Domain 30 (current_events.rules)
2023863 - ET CURRENT_EVENTS DNS Request to NilePhish Domain 31 (current_events.rules)
2023864 - ET CURRENT_EVENTS DNS Request to NilePhish Domain 32 (current_events.rules)
2023865 - ET CURRENT_EVENTS DNS Request to NilePhish Domain 33 (current_events.rules)
2023866 - ET CURRENT_EVENTS DNS Request to NilePhish Domain 34 (current_events.rules)
2023867 - ET CURRENT_EVENTS DNS Request to NilePhish Domain 35 (current_events.rules)
2023868 - ET TROJAN Turla Kopiluwak User-Agent (trojan.rules)
2023869 - ET CURRENT_EVENTS Fake AV Phone Scam Landing Feb 2 (current_events.rules)

Pro:

2824767 - ETPRO TROJAN Satan Ransomware .onion Proxy Domain (trojan.rules)
2824768 - ETPRO TROJAN MSIL/Bladabindi/njRAT Variant CnC Checkin (op-s8) (trojan.rules)
2824769 - ETPRO TROJAN MSIL/TrojanDownloader.Small.ASE Downloading DLL (trojan.rules)
2824770 - ETPRO WEB_SERVER Possible WP REST API Type Juggling Vuln Exploit Attempt 2 (web_server.rules)

[///]     Modified active rules:     [///]

2000418 - ET POLICY Executable and linking format (ELF) file download (policy.rules)
2008500 - ET MALWARE Sogou.com Spyware User-Agent (SogouIMEMiniSetup) (malware.rules)
2019240 - ET POLICY Executable and linking format (ELF) file download Over HTTP (policy.rules)
2019714 - ET CURRENT_EVENTS Terse alphanumeric executable downloader high likelihood of being hostile (current_events.rules)
2023819 - ET CURRENT_EVENTS Possible Discover Phishing Domain Feb 02 2017 (current_events.rules)
2023829 - ET CURRENT_EVENTS Possible Successful Discover Phish Feb 02 2017 (current_events.rules)
2815778 - ETPRO CURRENT_EVENTS Possible Successful Generic Phish (set) Feb 26 (current_events.rules)
2815780 - ETPRO CURRENT_EVENTS Possible Successful Generic Phish (set) Feb 26 (current_events.rules)
2816419 - ETPRO CURRENT_EVENTS Possible Successful Generic Phish (set) Feb 26 (current_events.rules)
2820535 - ETPRO CURRENT_EVENTS Possible Successful Generic Phish (set) Jun 8 (current_events.rules)
2821142 - ETPRO CURRENT_EVENTS Possible Successful Generic Phish (set) Jul 13 (current_events.rules)
2821765 - ETPRO CURRENT_EVENTS Possible Successful Generic Phish (set) Aug 19 2016 (current_events.rules)
2821985 - ETPRO CURRENT_EVENTS Possible Successful Generic Phish (set) Sept 2 (current_events.rules)
2822659 - ETPRO CURRENT_EVENTS Possible Successful Generic Phish (set) Oct 13 (current_events.rules)
2822908 - ETPRO CURRENT_EVENTS Possible Successful Generic Phish (set) Oct 25 (current_events.rules)
2823300 - ETPRO CURRENT_EVENTS Possible Successful Generic Phish (set) Nov 16 2016 (current_events.rules)
2823419 - ETPRO CURRENT_EVENTS Possible Successful Generic Phish (set) Nov 22 2016 (current_events.rules)
2823697 - ETPRO CURRENT_EVENTS Possible Successful Generic Phish (set) Dec 07 2016 (current_events.rules)
2823823 - ETPRO CURRENT_EVENTS Possible Successful Generic Phish (set) Dec 13 2016 (current_events.rules)
2823974 - ETPRO CURRENT_EVENTS Possible Successful Generic Phish (set) Dec 20 2016 (current_events.rules)
2824125 - ETPRO CURRENT_EVENTS Possible Successful Generic Phish (set) Dec 27 2016 (current_events.rules)
2824680 - ETPRO TROJAN MultiPasswordRecovery Stealer Server Response (trojan.rules)
2824740 - ETPRO WEB_SERVER Possible WP REST API Type Juggling Vuln Exploit Attempt (web_server.rules)
 

Date: 
Friday, February 3, 2017 - 00:00