Daily Ruleset Update Summary 2017/12/06

[***]            Summary:            [***]

20 new Open, 26 new Pro (20 + 6). Various INFO File Downloads, Various Mobile, Various Phishing.

Thanks: @AttackDetection

[+++]          Added rules:          [+++]

Open:

2025122 - ET INFO MIPSEL File Download Request from IP Address (info.rules)
2025123 - ET INFO MIPS File Download Request from IP Address (info.rules)
2025124 - ET INFO ARM File Download Request from IP Address (info.rules)
2025125 - ET INFO ARM7 File Download Request from IP Address (info.rules)
2025126 - ET INFO x86 File Download Request from IP Address (info.rules)
2025127 - ET INFO m68k File Download Request from IP Address (info.rules)
2025128 - ET INFO SPARC File Download Request from IP Address (info.rules)
2025129 - ET INFO POWERPC File Download Request from IP Address (info.rules)
2025130 - ET INFO X86_64 File Download Request from IP Address (info.rules)
2025131 - ET INFO SUPERH File Download Request from IP Address (info.rules)
2025132 - ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 (exploit.rules)
2025133 - ET POLICY possible OnePlus phone data leakage DNS (policy.rules)
2025134 - ET POLICY OnePlus phone data leakage (policy.rules)
2025135 - ET TROJAN [PTsecurity] Botnet Nitol.B Checkin (trojan.rules)
2025136 - ET TROJAN njRAT/Bladabindi Variant (Lime) CnC Checkin (trojan.rules)
2025137 - ET CURRENT_EVENTS Possible Facebook Phishing Landing - Title over non SSL (current_events.rules)
2025138 - ET POLICY localtunnel Reverse Proxy Domain (localtunnel .me in DNS Lookup) (policy.rules)
2025139 - ET POLICY localtunnel Reverse Proxy Domain (localtunnel .me in TLS SNI) (policy.rules)
2025140 - ET CURRENT_EVENTS Possible MyEtherWallet Phishing Landing - Title over non SSL (current_events.rules)

Pro:

2828803 - ETPRO TROJAN StorageCrypt Downloading SambaCry (trojan.rules)
2828804 - ETPRO CURRENT_EVENTS Successful Banque Postale (FR) Phish 2017-12-06 M1 (current_events.rules)
2828805 - ETPRO CURRENT_EVENTS Successful Banque Postale (FR) Phish 2017-12-06 M2 (current_events.rules)
2828806 - ETPRO CURRENT_EVENTS Successful Generic Multi Email Account Phish 2017-12-06 (current_events.rules)
2828807 - ETPRO CURRENT_EVENTS Successful Banco do Brasil Phish 2017-12-06 (current_events.rules)
2828808 - ETPRO TROJAN Observed Malicious IP Check (W32/MewsSpy) (trojan.rules)

[///]     Modified active rules:     [///]

2025120 - ET TROJAN Possible Sharik/Smoke Loader Microsoft Connectivity check (trojan.rules)
2820991 - ETPRO TROJAN Win32/TrojanDownloader.Agent.CIV Initial CnC Checkin (trojan.rules)
2822712 - ETPRO CURRENT_EVENTS Successful Banco de la Nacion Phish Oct 18 2016 (current_events.rules)
2825562 - ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (ll) (trojan.rules)

[---]  Disabled and modified rules:  [---]

2820385 - ETPRO TROJAN APT.Fimlis CnC Beacon (trojan.rules)

Date: 
Wednesday, December 6, 2017 - 00:00