Daily Ruleset Update Summary 2017/10/30

[***]            Summary:            [***]

1 new Open, 12 new Pro (1 + 11). W32.MDFSMiner, MSIL/Mario.Keylogger, Various Phishing, Various Mobile.

[+++]          Added rules:          [+++]

Open:

2018174 - ET INFO RelevantKnowledge Adware CnC Beacon (info.rules)

Pro:

2828464 - ETPRO TROJAN W32.MDFSMiner Domain (strak .xyz in DNS Lookup) (trojan.rules)
2828465 - ETPRO TROJAN W32.MDFSMiner Domain (strak .xyz in TLS SNI) (trojan.rules)
2828466 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmsThief.ju SMS/Contact Exfil via SMTP 4 (mobile_malware.rules)
2828467 - ETPRO TROJAN MSIL/Mario.Keylogger Sending Screenshot to CnC (trojan.rules)
2828468 - ETPRO POLICY IP Check Domain (howtofindmyipaddress .com in TLS SNI) (policy.rules)
2828469 - ETPRO MOBILE_MALWARE AdWare.AndroidOS.Dowgin.d CnC Beacon 4 (mobile_malware.rules)
2828470 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 240 (mobile_malware.rules)
2828471 - ETPRO CURRENT_EVENTS Secured Connection Phishing Landing Redirect Oct 30 2017 (current_events.rules)
2828472 - ETPRO CURRENT_EVENTS Successful Fedex Phish Oct 30 2017 (current_events.rules)
2828473 - ETPRO CURRENT_EVENTS Successful Generic Phish (set) Oct 30 2017 (current_events.rules)
2828474 - ETPRO CURRENT_EVENTS Successful Paypal Phish Oct 30 2017 (current_events.rules)

[///]     Modified active rules:     [///]

2812403 - ETPRO CURRENT_EVENTS Successful Wells Fargo Account Phish Aug 13 2015 (current_events.rules)
2812489 - ETPRO CURRENT_EVENTS Successful Outlook Phish Aug 17 2015 (current_events.rules)
2812493 - ETPRO CURRENT_EVENTS Successful Apple ID Phish Aug 17 2015 (current_events.rules)
2812494 - ETPRO CURRENT_EVENTS Successful Wells Fargo Account Phish Aug 17 2015 (current_events.rules)
2812510 - ETPRO CURRENT_EVENTS Apple ID Phishing Landing Aug 18 2015 (current_events.rules)
2812533 - ETPRO CURRENT_EVENTS Successful Key Bank Phish M1 Aug 19 2015 (current_events.rules)
2812534 - ETPRO CURRENT_EVENTS Successful Key Bank Phish M2 Aug 19 2015 (current_events.rules)
2812548 - ETPRO CURRENT_EVENTS Successful Amazon Account Phish M3 Aug 20 2015 (current_events.rules)
2812605 - ETPRO CURRENT_EVENTS Horde Webmail Phishing Landing Aug 21 2015 (current_events.rules)
2812606 - ETPRO CURRENT_EVENTS Successful Horde Webmail Phish Aug 21 2015 (current_events.rules)
2812607 - ETPRO CURRENT_EVENTS Successful Horde Webmail Phish Aug 21 2015 (current_events.rules)
2812797 - ETPRO CURRENT_EVENTS Successful Woodforest Bank Phish M1 Aug 28 2015 (current_events.rules)
2816165 - ETPRO TROJAN Win32/Neutrino checkin 4 (trojan.rules)
2816172 - ETPRO CURRENT_EVENTS Possible Phishing Redirect Feb 09 2016 (current_events.rules)
2821311 - ETPRO CURRENT_EVENTS Successful Intuit Phish Jul 21 2016 (current_events.rules)
2823940 - ETPRO TROJAN Google Docs Phishing Landing Dec 18 2016 (trojan.rules)
2825964 - ETPRO CURRENT_EVENTS Successful Fedex Phish Apr 14 2017 (current_events.rules)
2826037 - ETPRO CURRENT_EVENTS Successful Dropbox Phish Apr 19 2017 (current_events.rules)
2828454 - ETPRO CURRENT_EVENTS Successful Generic 000webhostapp.com Phish Oct 27 2017 (current_events.rules)

[---]  Disabled and modified rules:  [---]

2801760 - ETPRO EXPLOIT Novell Netware FTP Server DELE Command Stack Buffer Overflow (exploit.rules)
2812491 - ETPRO CURRENT_EVENTS Successful United Airlines Phish Aug 17 (current_events.rules)
2812532 - ETPRO CURRENT_EVENTS Successful Poste Italiane Phish Aug 19 (current_events.rules)
2812558 - ETPRO CURRENT_EVENTS Successful NY Saves Account Phish Aug 20 (current_events.rules)
2812798 - ETPRO CURRENT_EVENTS Successful Woodforest Bank Phish Aug 28 2 (current_events.rules)
2827821 - ETPRO CURRENT_EVENTS Malicious SSL Certificate Detected (CredPhishing) (current_events.rules)
2827822 - ETPRO CURRENT_EVENTS Malicious SSL Certificate Detected (CredPhishing) (current_events.rules)
2827823 - ETPRO CURRENT_EVENTS Malicious SSL Certificate Detected (CredPhishing) (current_events.rules)

[---]         Disabled rules:        [---]

2007584 - ET EXPLOIT TrendMicro ServerProtect Exploit possible worma(little-endian DCERPC Request) (exploit.rules)
2007593 - ET MALWARE SpyShredder Fake Anti-Spyware Install Download (malware.rules)
2007601 - ET MALWARE Advertisementserver.com Spyware Initial Checkin (malware.rules)
2007602 - ET MALWARE Advertisementserver.com Spyware Checkin (malware.rules)
2007642 - ET MALWARE Viruscheck.co.kr Related Fake Anti-Spyware Post (chkvs) (malware.rules)
2007664 - ET MALWARE AVSystemcare.com.com Fake Anti-Virus Product (malware.rules)
2007696 - ET MALWARE Softwarereferral.com Adware Checkin (malware.rules)
2007744 - ET MALWARE Guard-Center.com Fake AntiVirus Post-Install Checkin (malware.rules)
2007749 - ET MALWARE host-domain-lookup.com spyware related Checkin (malware.rules)
2007820 - ET MALWARE Rabio Spyware/Adware Initial Registration (malware.rules)
2007855 - ET MALWARE OneStepSearch Host Activity (malware.rules)
2007861 - ET MALWARE Softcashier.com Spyware Install Checkin (malware.rules)
2007870 - ET MALWARE Vombanetworks.com Spyware Installer Checkin (malware.rules)
2007874 - ET EXPLOIT Now SMS/MMS Gateway HTTP BOF Vulnerability (exploit.rules)
2007876 - ET EXPLOIT ExtremeZ-IP File and Print Server Multiple Vulnerabilities - udp (exploit.rules)
2007877 - ET EXPLOIT ExtremeZ-IP File and Print Server Multiple Vulnerabilities - tcp (exploit.rules)
2007937 - ET EXPLOIT Borland VisiBroker Smart Agent Heap Overflow (exploit.rules)
2007945 - ET MALWARE SysVenFak Fake AV Package Victim Checkin (victim.php) (malware.rules)
2007978 - ET MALWARE Direct-web.co.kr Related Spyware Checkin (malware.rules)
2007995 - ET MALWARE Vaccine-program.co.kr Related Spyware Checkin (malware.rules)
2007996 - ET MALWARE Sears.com/Kmart.com My SHC Community spyware download (malware.rules)
2008016 - ET MALWARE Servicepack.kr Fake Patch Software Checkin (malware.rules)
2008063 - ET EXPLOIT MDAEMON (Post Auth) Remote Root IMAP FETCH Command Universal Exploit (exploit.rules)
2008067 - ET MALWARE Kwsearchguide.com Related Spyware Checkin (malware.rules)
2008069 - ET MALWARE Kwsearchguide.com Related Spyware Keepalive (malware.rules)
2008135 - ET MALWARE Soft-Show.cn Related Fake AV Install (malware.rules)
2008148 - ET MALWARE Soft-Show.cn Related Fake AV Install Ad Pull (malware.rules)
2008157 - ET MALWARE Sidelinker.com-Upspider.com Spyware Checkin (malware.rules)
2008158 - ET MALWARE Sidelinker.com-Upspider.com Spyware Count (malware.rules)
2008180 - ET MALWARE V-Clean.com Fake AV Checkin (malware.rules)
2008197 - ET MALWARE Winxdefender.com Fake AV Package Post Install Checkin (malware.rules)
2008356 - ET MALWARE Seekmo.com Spyware Data Upload (malware.rules)
2008370 - ET MALWARE Shopcenter.co.kr Spyware Install Report (malware.rules)
2008375 - ET MALWARE Gooochi Related Spyware Ad pull (malware.rules)
2008419 - ET MALWARE Advert-network.com Related Spyware Updating (malware.rules)
2008425 - ET MALWARE Advert-network.com Related Spyware Checking for Updates (malware.rules)
2008426 - ET EXPLOIT SecurityGateway 1.0.1 Remote Buffer Overflow (exploit.rules)
2008456 - ET MALWARE EMO/PCPrivacyCleaner Rougue Secuirty App GET Checkin (malware.rules)
2008474 - ET MALWARE Adware.Look2Me Activity (malware.rules)
2008476 - ET EXPLOIT Foofus.net Password dumping dll injection (exploit.rules)
2008776 - ET EXPLOIT GuildFTPd CWD and LIST Command Heap Overflow - POC-1 (exploit.rules)
2008777 - ET EXPLOIT GuildFTPd CWD and LIST Command Heap Overflow - POC-2 (exploit.rules)
2008915 - ET MALWARE MySideSearch.com Spyware Install (malware.rules)
2008917 - ET MALWARE Hotbar.com Related Spyware Install Report (malware.rules)
2008918 - ET MALWARE Hotbar.com Related Spyware Activity Report (malware.rules)
2009091 - ET MALWARE Adware/Spyware Trymedia.com EXE download (malware.rules)
2009234 - ET MALWARE Adware-Mirar Reporting (BAR) (malware.rules)
2009511 - ET EXPLOIT VLC web interface buffer overflow attempt (exploit.rules)
2009880 - ET MALWARE Casalemedia Spyware Reporting URL Visited 3 (malware.rules)
2010156 - ET GAMES Alien Arena 7.30 Remote Code Execution Attempt (games.rules)
2010438 - ET MALWARE Possible Malicious Applet Access (justexploit kit) (malware.rules)
2010486 - ET DOS Potential Inbound NTP denial-of-service attempt (repeated mode 7 request) (dos.rules)
2010487 - ET DOS Potential Inbound NTP denial-of-service attempt (repeated mode 7 reply) (dos.rules)
2010491 - ET DOS Possible MYSQL GeomFromWKB() function Denial Of Service Attempt (dos.rules)
2010546 - ET EXPLOIT HP Open View Data Protector Buffer Overflow Attempt (exploit.rules)
2010554 - ET DOS Netgear DG632 Web Management Denial Of Service Attempt (dos.rules)
2010674 - ET DOS Cisco 4200 Wireless Lan Controller Long Authorisation Denial of Service Attempt (dos.rules)
2010755 - ET DOS IBM DB2 kuddb2 Remote Denial of Service Attempt (dos.rules)
2010759 - ET EXPLOIT Xerox WorkCentre PJL Daemon Buffer Overflow Attempt (exploit.rules)
2010783 - ET EXPLOIT GsecDump executed (exploit.rules)
2010814 - ET ACTIVEX Possible AOL 9.5 BindToFile Heap Overflow Attempt (activex.rules)
2010877 - ET EXPLOIT Possible SpamAssassin Milter Plugin Remote Arbitrary Command Injection Attempt (exploit.rules)
2010878 - ET EXPLOIT Possible Foxit PDF Reader Authentication Bypass Attempt (exploit.rules)
2010941 - ET EXPLOIT Possible Sendmail SpamAssassin Milter Plugin Remote Arbitrary Command Injection Attempt (exploit.rules)
2011010 - ET ACTIVEX Possible Java Deployment Toolkit CSLID Command Execution Attempt (activex.rules)
2011173 - ET ACTIVEX Windows Help Center Arbitrary Command Execution Exploit Attempt (activex.rules)
2011235 - ET EXPLOIT Possible Novell Groupwise Internet Agent CREATE Verb Stack Overflow Attempt (exploit.rules)
2011242 - ET EXPLOIT Possible VLC Media Player M3U File FTP URL Processing Stack Buffer Overflow Attempt (exploit.rules)
2011732 - ET DOS Possible VNC ClientCutText Message Denial of Service/Memory Corruption Attempt (dos.rules)
2011733 - ET GAMES TeamSpeak3 Connect (games.rules)
2011734 - ET GAMES TeamSpeak2 Connection/Login (games.rules)
2011735 - ET GAMES TeamSpeak2 Connection/Login Replay (games.rules)
2011736 - ET GAMES TeamSpeak2 Connection/Ping (games.rules)
2011737 - ET GAMES TeamSpeak2 Connection/Ping Reply (games.rules)
2011738 - ET GAMES TeamSpeak2 Standard/Login Part 2 (games.rules)
2011739 - ET GAMES TeamSpeak2 Standard/Channel List (games.rules)
2011740 - ET GAMES TeamSpeak2 Standard/Player List (games.rules)
2011741 - ET GAMES TeamSpeak2 Standard/Login End (games.rules)
2011742 - ET GAMES TeamSpeak2 Standard/New Player Joined (games.rules)
2011743 - ET GAMES TeamSpeak2 Standard/Player Left (games.rules)
2011744 - ET GAMES TeamSpeak2 Standard/Change Status (games.rules)
2011745 - ET GAMES TeamSpeak2 Standard/Known Player Update (games.rules)
2011746 - ET GAMES TeamSpeak2 Standard/Disconnect (games.rules)
2011747 - ET GAMES TeamSpeak2 ACK (games.rules)
2011748 - ET GAMES TrackMania Game Launch (games.rules)
2011749 - ET GAMES TrackMania Game Check for Patch (games.rules)
2011750 - ET GAMES TrackMania Request GetConnectionAndGameParams (games.rules)
2011751 - ET GAMES TrackMania Request OpenSession (games.rules)
2011752 - ET GAMES TrackMania Request Connect (games.rules)
2011753 - ET GAMES TrackMania Request Disconnect (games.rules)
2011754 - ET GAMES TrackMania Request GetOnlineProfile (games.rules)
2011755 - ET GAMES TrackMania Request GetBuddies (games.rules)
2011756 - ET GAMES TrackMania Request SearchNew (games.rules)
2011757 - ET GAMES TrackMania Request LiveUpdate (games.rules)
2011758 - ET GAMES TrackMania Ad Report (games.rules)
2011761 - ET DOS Possible MySQL ALTER DATABASE Denial Of Service Attempt (dos.rules)

[---]         Removed rules:         [---]

2007778 - ET TROJAN User-agent DownloadNetFile Win32.small.hsh downloader (trojan.rules)
2018174 - ET MALWARE RelevantKnowledge Adware CnC Beacon (malware.rules)

Date: 
Monday, October 30, 2017 - 00:00