Daily Ruleset Update Summary 2018/01/18

[***]            Summary:            [***]

16 new Open, 34 new Pro (16 + 18).  Malicious Chrome Extension, MSIL/Zyklon, Various Mobile, Various Phishing.

[+++]          Added rules:          [+++]

Open:

2025206 - ET CURRENT_EVENTS Dropbox Phishing Landing 2018-01-18 (current_events.rules)
2025207 - ET CURRENT_EVENTS Chase Phishing Landing 2018-01-18 (current_events.rules)
2025208 - ET CURRENT_EVENTS Office 365 Phishing Landing 2018-01-18 (current_events.rules)
2025209 - ET TROJAN [PTsecurity] Adwind SSL Certificate Observed (trojan.rules)
2025210 - ET CURRENT_EVENTS Chase Phishing Landing 2018-01-18 (current_events.rules)
2025211 - ET CURRENT_EVENTS Bank of America Phishing Landing 2018-01-18 M1 (current_events.rules)
2025212 - ET CURRENT_EVENTS Bank of America Phishing Landing 2018-01-18 M2 (current_events.rules)
2025213 - ET CURRENT_EVENTS Possible Chase Phishing Landing - Title over non SSL (current_events.rules)
2025214 - ET CURRENT_EVENTS Paypal Phishing Landing 2018-01-18 M1 (current_events.rules)
2025215 - ET CURRENT_EVENTS Paypal Phishing Landing 2018-01-18 M2 (current_events.rules)
2025216 - ET CURRENT_EVENTS Malicious Chrome Extension Domain Request (change-request .info in DNS Lookup) (current_events.rules)
2025217 - ET CURRENT_EVENTS Malicious Chrome Extension Domain Request (nyoogle .info in DNS Lookup) (current_events.rules)
2025218 - ET CURRENT_EVENTS Malicious Chrome Extension Domain Request (stickies .pro in DNS Lookup) (current_events.rules)
2025219 - ET CURRENT_EVENTS Malicious Chrome Extension Domain Request (lite-bookmarks .info in DNS Lookup) (current_events.rules)
2025220 - ET TROJAN Malicious Chrome Extension Requesting Websocket (trojan.rules)
2025221 - ET TROJAN Malicious Chrome Extension Click Fraud Activity via Websocket (trojan.rules)

Pro:

2829334 - ETPRO TROJAN Ransomware/Zyklon Onion Domain (nguyavr7weofo5t4 in DNS Lookup) (trojan.rules)
2829335 - ETPRO TROJAN MSIL/Zyklon CnC M2 (trojan.rules)
2829336 - ETPRO INFO Commonly Abused File Sharing Site Domain Observed (mixtape .moe in DNS Lookup) (info.rules)
2829337 - ETPRO INFO Commonly Abused File Sharing Site Domain Observed (mixtape .moe in TLS SNI) (info.rules)
2829338 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Skygofree.a Checkin (mobile_malware.rules)
2829339 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Skygofree.a Checkin 2 (mobile_malware.rules)
2829340 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Skygofree.a Checkin 3 (mobile_malware.rules)
2829341 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-01-18 1) (trojan.rules)
2829342 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-01-18 2) (trojan.rules)
2829343 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-01-18 3) (trojan.rules)
2829344 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-01-18 4) (trojan.rules)
2829345 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-01-18 5) (trojan.rules)
2829346 - ETPRO CURRENT_EVENTS Successful Chase Phish 2018-01-18 (current_events.rules)
2829347 - ETPRO EXPLOIT Master IP CAM 01 Hardcoded Password for Root Account (CVE-2018-5723) (exploit.rules)
2829348 - ETPRO EXPLOIT Master IP CAM 01 Unauthenticated Configuration Download and Upload (CVE-2018-5724) (exploit.rules)
2829349 - ETPRO EXPLOIT Master IP CAM 01 Unauthenticated Configuration Download and Upload (CVE-2018-5724) (exploit.rules)
2829350 - ETPRO EXPLOIT Master IP CAM 01 Unauthenticated Configuration Change (CVE-2018-5725) (exploit.rules)
2829351 - ETPRO TROJAN Win32/Downloader.Ursa.29157 CnC Checkin (trojan.rules)

[///]     Modified active rules:     [///]

2820350 - ETPRO CURRENT_EVENTS Suspicious Redirect - Possible Phishing May 25 2016 (current_events.rules)
2826884 - ETPRO MOBILE_MALWARE Anubis Android Loader / BankBot Checkin 12 (mobile_malware.rules)

[---]         Disabled rules:        [---]

2001216 - ET MALWARE Twaintec Reporting Data (malware.rules)
2001540 - ET MALWARE Searchmiracle.com Spyware Install (v3cab) (malware.rules)
2009712 - ET MALWARE Adware PlusDream - GET Config Download/Update (malware.rules)
2011293 - ET MALWARE Suspicious User Agent (GabPath) (malware.rules)
2011297 - ET MALWARE User-Agent (KRMAK) Butterfly Bot download (malware.rules)
2011517 - ET MALWARE Inbound AlphaServer User-Agent (Powered By 64-Bit Alpha Processor) (malware.rules)
2011518 - ET MALWARE Outbound AlphaServer User-Agent (Powered By 64-Bit Alpha Processor) (malware.rules)
2011856 - ET MALWARE HTML.Psyme.Gen Reporting (malware.rules)
2011938 - ET MALWARE CryptMEN HTTP library purporting to be MSIE to PHP HTTP 1.0 (malware.rules)
2011939 - ET MALWARE CryptMEN HTTP library purporting to be MSIE to PHP HTTP 1.1 (malware.rules)
2012172 - ET MALWARE User-Agent (mrgud) (malware.rules)
2012615 - ET MALWARE Unknown Malware PUTLINK Command Message (malware.rules)
2012804 - ET MALWARE Possible Windows executable sent ASCII-hex-encoded (malware.rules)
2012866 - ET EXPLOIT RXS-3211 IP Camera Password Information Disclosure Attempt (exploit.rules)
2013165 - ET EXPLOIT 2Wire Password Reset Vulnerability via GET (exploit.rules)
2013166 - ET EXPLOIT 2Wire Password Reset Vulnerability via POST (exploit.rules)
2013188 - ET EXPLOIT VSFTPD Backdoor User Login Smiley (exploit.rules)
2013288 - ET EXPLOIT HP OpenView Network Node Manager Toolbar.exe CGI Buffer Overflow Attempt (exploit.rules)
2013389 - ET MALWARE Adware/CommonName Reporting (malware.rules)
2013405 - ET MALWARE W32/Baigoo User Agent (malware.rules)
2013448 - ET MALWARE SurfSideKick Activity (iinfo) (malware.rules)
2013658 - ET MALWARE Zugo Toolbar Spyware/Adware download request (malware.rules)
2013729 - ET MALWARE Adware/Helpexpress User Agent HXLogOnly (malware.rules)
2013918 - ET EXPLOIT Possible BSNL Router DNS Change Attempt (exploit.rules)
2013999 - ET MALWARE W32/Adware.Ibryte User-Agent (ic Windows NT 5.1 MSIE 6.0 Firefox/ Def) (malware.rules)
2014069 - ET MALWARE Win32-Adware.Hotclip.A Reporting (malware.rules)
2014117 - ET MALWARE Win32/SmartTab PUP Install Activity (malware.rules)
2014120 - ET MALWARE Win32/Eorezo-B Adware Checkin (malware.rules)
2014183 - ET MALWARE Malicious ad_track.php file Reporting (malware.rules)
2014383 - ET EXPLOIT Microsoft RDP Server targetParams Exploit Attempt (exploit.rules)
2014403 - ET MALWARE W32/PaPaPaEdge.Adware/Gambling Poker-Edge Checkin (malware.rules)
2014584 - ET MALWARE Win32/Pdfjsc.XD Related Checkin (microsoft_predator_client header field) (malware.rules)
2014605 - ET MALWARE W32/GameVance Adware Server Reponse To Client Checkin (malware.rules)
2014606 - ET MALWARE W32/GameVance User-Agent (aw v3) (malware.rules)
2014735 - ET MALWARE Malicious file bitdefender_isecurity.exe download (malware.rules)
2014798 - ET MALWARE PCMightyMax Agent PCMM.Installer (malware.rules)
2014810 - ET MALWARE Malicious pusk.exe download (malware.rules)
2015018 - ET MALWARE W32/OnlineGames User Agent loadMM (malware.rules)
2015513 - ET EXPLOIT Potential RoaringBeast ProFTPd Exploit Specific config files upload (exploit.rules)
2015514 - ET EXPLOIT Potential RoaringBeast ProFTPd Exploit nsswitch.conf Upload (exploit.rules)
2015515 - ET EXPLOIT Potential RoaringBeast ProFTPd Exploit Specific (CHMOD 777) (exploit.rules)
2015975 - ET EXPLOIT MySQL Stack based buffer overrun Exploit Specific (exploit.rules)
2015992 - ET EXPLOIT MySQL (Linux) Database Privilege Elevation (Exploit Specific) (exploit.rules)
2800873 - ETPRO MALWARE Adware.Win32.FlvTube (auto search) (malware.rules)
2800928 - ETPRO IMAP Possible Novell GroupWise Internet Agent RRULE Parsing Buffer Overflow Attempt (imap.rules)
2800949 - ETPRO MALWARE RogueSoftware.Win32.Winwebsec Activity (malware.rules)
2801206 - ETPRO MALWARE Cloudweb Spyware Updating (malware.rules)
2801209 - ETPRO MALWARE Generic Trojan with ludilo UA (malware.rules)
2801247 - ETPRO MALWARE Zango Spyware Install Checkin (malware.rules)
2801273 - ETPRO MALWARE Gabpath.com Toolbar Tracker Update (malware.rules)
2801274 - ETPRO MALWARE Gabpath.com Toolbar Tracker Recover (malware.rules)
2801338 - ETPRO MALWARE RogueSoftware.Win32.McAVG2011 Checkin (malware.rules)
2801366 - ETPRO MALWARE Trojan.Win32.Biter.g Checkin (malware.rules)
2801396 - ETPRO MALWARE Hotbar Checkin and Report (malware.rules)
2801418 - ETPRO MALWARE RogueSoftware.Win32.AVGAntivirus2011 Checkin 1 (malware.rules)
2801419 - ETPRO MALWARE RogueSoftware.Win32.AVGAntivirus2011 Checkin 2 (malware.rules)
2801421 - ETPRO MALWARE RogueSoftware.Win32.AVGAntivirus2011 Checkin 4 (malware.rules)
2801425 - ETPRO MALWARE Adware.Win32.OpenCandy Checkin 2 (malware.rules)
2801606 - ETPRO MALWARE Bonuscash/Comame Trojan Checkin (malware.rules)
2801607 - ETPRO MALWARE Generic Adware/Win32.Chowspy.A Checkin (malware.rules)
2802100 - ETPRO MALWARE Zango Toolbar User-Agent (BAR) (malware.rules)
2802109 - ETPRO EXPLOIT CA Total Defense Suite UNCWS getDBConfigSettings Credential Information Disclosure (exploit.rules)
2802150 - ETPRO EXPLOIT HP Data Protector Backup Client Service GET_FILE Buffer Overflow (UTF-16 Little-Endian ) (exploit.rules)
2802151 - ETPRO EXPLOIT HP Data Protector Backup Client Service GET_FILE Buffer Overflow (UTF-16 Big-Endian) (exploit.rules)
2802164 - ETPRO EXPLOIT Embarcadero InterBase Connect Request Multiple Stack Buffer Overflows 1 (exploit.rules)
2802165 - ETPRO EXPLOIT Embarcadero InterBase Connect Request Multiple Stack Buffer Overflows 2 (exploit.rules)
2802166 - ETPRO EXPLOIT Embarcadero InterBase Connect Request Multiple Stack Buffer Overflows 3 (exploit.rules)
2802167 - ETPRO EXPLOIT Embarcadero InterBase Connect Request Multiple Stack Buffer Overflows 4 (exploit.rules)
2802168 - ETPRO EXPLOIT Embarcadero InterBase Connect Request Multiple Stack Buffer Overflows 5 (exploit.rules)
2802201 - ETPRO EXPLOIT HP Data Protector Backup Client Service GET_FILE Directory Traversal (UTF-16 Little-Endian) 3 (exploit.rules)
2802202 - ETPRO EXPLOIT HP Data Protector Backup Client Service GET_FILE Directory Traversal (UTF-16 Big-Endian) 4 (exploit.rules)
2802203 - ETPRO EXPLOIT HP Data Protector Backup Client Service GET_FILE Directory Traversal (UTF-16 Little-Endian) 5 (exploit.rules)
2802204 - ETPRO EXPLOIT HP Data Protector Backup Client Service GET_FILE Directory Traversal (UTF-16 Big-Endian) 6 (exploit.rules)
2802210 - ETPRO EXPLOIT Sybase M-Business Anywhere agSoap.exe Closing Tag Buffer Overflow (exploit.rules)
2803023 - ETPRO MALWARE Gabpath.com Toolbar Checkin 2 (malware.rules)
2803211 - ETPRO MALWARE AdWare.Win32.AdMedia Checkin (malware.rules)
2803323 - ETPRO MALWARE GabPath Adware User-Agent (Minoral) (malware.rules)
2804321 - ETPRO MALWARE Adware DL.Fosniw!lhp5vDLfRus Checkin (malware.rules)
2804580 - ETPRO EXPLOIT HP Data Protector Client EXEC_CMD Command Execution (ASCII) on Linux (exploit.rules)
2804725 - ETPRO MALWARE Adware.GreenIO Checkin (malware.rules)
2805275 - ETPRO MALWARE Win32/Adware.Hebogo Checkin (malware.rules)

Date: 
Thursday, January 18, 2018 - 00:00