Daily Ruleset Update Summary 2017/04/21

[***]            Summary:            [***]

6 new Open, 23 new Pro (6 + 17). Bluecoat CAS, Unknown RIG Drop, Various Phishing, Various Mobile

Thanks: rmkml, eSentire, @illegalFawn

[+++]          Added rules:          [+++]

Open:

2003055 - ET POLICY Suspicious FTP 220 Banner on Local Port (-) (policy.rules)
2024231 - ET CURRENT_EVENTS Successful iCloud Phish Apr 20 2017 (current_events.rules)
2024232 - ET CURRENT_EVENTS Successful Alitalia Airline Phish Apr 20 2017 (current_events.rules)
2024233 - ET TROJAN Unknown Possibly Ransomware (Dropped by RIG) CnC Beacon (trojan.rules)
2024234 - ET EXPLOIT BlueCoat CAS v1.3.7.1 Report Email Command Injection attempt (exploit.rules)
2024235 - ET INFO DNS Query to Free Hosting Domain (freevnn . com) (info.rules)

Pro:

2826066 - ETPRO TROJAN Ransomware/Cerber Onion Domain Lookup (trojan.rules)
2826067 - ETPRO MALWARE Win32/MyCleanPC.A PUP Checkin (malware.rules)
2826068 - ETPRO MALWARE Win32/PUP User-Agent (USTechsupportStub) (malware.rules)
2826069 - ETPRO TROJAN Ipdlacsing Checkin (trojan.rules)
2826070 - ETPRO TROJAN Unknown Downloader Dropped by CVE-2017-0199 (trojan.rules)
2826071 - ETPRO MOBILE_MALWARE RiskTool.AndroidOS.SmsPay.ek CnC Beacon (mobile_malware.rules)
2826072 - ETPRO MOBILE_MALWARE Android/Adware.Kuguo.C Checkin 2 (mobile_malware.rules)
2826073 - ETPRO TROJAN ZLoader Malicious SSL Cert Observed (trojan.rules)
2826074 - ETPRO TROJAN ZLoader Malicious SSL Cert Observed (trojan.rules)
2826075 - ETPRO TROJAN Zloader Domain in SNI (trojan.rules)
2826076 - ETPRO TROJAN DNS Query to Cerber Domain (1m3xsy . top) (trojan.rules)
2826077 - ETPRO TROJAN DNS Query to Cerber Domain (12bxp9 . top) (trojan.rules)
2826078 - ETPRO TROJAN DNS Query to Cerber Domain (1jpb8w . top) (trojan.rules)
2826079 - ETPRO TROJAN DNS Query to Cerber Domain (19hj4f . top) (trojan.rules)
2826080 - ETPRO CURRENT_EVENTS Successful TD Bank Phish M1 Apr 21 2017 (current_events.rules)
2826081 - ETPRO CURRENT_EVENTS Successful TD Bank Phish M2 Apr 21 2017 (current_events.rules)
2826082 - ETPRO TROJAN Unknown Backdoor Checkin (trojan.rules)

[+++]  Enabled and modified rules:   [+++]

2003466 - ET WEB_SERVER PHP Attack Tool Morfeus F Scanner (web_server.rules)
2003479 - ET POLICY Radmin Remote Control Session Setup Initiate (policy.rules)
2003481 - ET POLICY Radmin Remote Control Session Authentication Initiate (policy.rules)
2003482 - ET POLICY Radmin Remote Control Session Authentication Response (policy.rules)
2003869 - ET SCAN ProxyReconBot CONNECT method to Mail (scan.rules)

[///]     Modified active rules:     [///]

2011582 - ET POLICY Vulnerable Java Version 1.6.x Detected (policy.rules)
2014297 - ET POLICY Vulnerable Java Version 1.7.x Detected (policy.rules)
2019401 - ET POLICY Vulnerable Java Version 1.8.x Detected (policy.rules)
2024224 - ET WEB_CLIENT Office Requesting .HTA File Likely CVE-2017-0199 Request (web_client.rules)
2809063 - ETPRO MOBILE_MALWARE DroidKungFu Checkin 5 (mobile_malware.rules)

[///]    Modified inactive rules:    [///]

2003870 - ET SCAN ProxyReconBot POST method to Mail (scan.rules)

[---]  Disabled and modified rules:  [---]

2003340 - ET MALWARE Baidu.com Spyware Bar Reporting (malware.rules)
2003341 - ET MALWARE Baidu.com Spyware Bar Pulling Content (malware.rules)
2003578 - ET MALWARE Baidu.com Spyware Bar Pulling Data (malware.rules)
2003604 - ET POLICY Baidu.com Agent User-Agent (Desktop Web System) (policy.rules)
2003608 - ET POLICY Baidu.com Related Agent User-Agent (iexp) (policy.rules)

[---]         Disabled rules:        [---]

2000335 - ET P2P Overnet (Edonkey) Server Announce (p2p.rules)
2001296 - ET P2P eDonkey File Status (p2p.rules)
2001297 - ET P2P eDonkey File Status Request (p2p.rules)
2001299 - ET P2P eDonkey Server Status (p2p.rules)
2003196 - ET EXPLOIT FTP .message file write (exploit.rules)
2003197 - ET EXPLOIT ProFTPD .message file overflow attempt (exploit.rules)
2008826 - ET WEB_SPECIFIC_APPS Way Of The Warrior crea.php plancia Remote File Inclusion (web_specific_apps.rules)
2008871 - ET WEB_SPECIFIC_APPS phpFan init.php Remote File Inclusion (web_specific_apps.rules)
2008879 - ET WEB_SPECIFIC_APPS Free Directory Script 1.1.1 API_HOME_DIR parameter Remote File Inclusion (web_specific_apps.rules)
2008899 - ET WEB_SPECIFIC_APPS Pie RSS module lib parameter remote file inclusion (web_specific_apps.rules)
2008900 - ET WEB_SPECIFIC_APPS ModernBill export_batch.inc.php DIR Parameter Remote File Inclusion (web_specific_apps.rules)
2008901 - ET WEB_SPECIFIC_APPS ModernBill run_auto_suspend.cron.php DIR Parameter Remote File Inclusion (web_specific_apps.rules)
2008902 - ET WEB_SPECIFIC_APPS ModernBill send_email_cache.php DIR Parameter Remote File Inclusion (web_specific_apps.rules)
2008903 - ET WEB_SPECIFIC_APPS ModernBill 2checkout_return.inc.php DIR Parameter Remote File Inclusion (web_specific_apps.rules)
2008904 - ET WEB_SPECIFIC_APPS ModernBill nettools.popup.php DIR Parameter Remote File Inclusion (web_specific_apps.rules)
2008922 - ET WEB_SPECIFIC_APPS Nitrotech common.php root Parameter Remote File Inclusion (web_specific_apps.rules)
2008935 - ET WEB_SPECIFIC_APPS Werner Hilversum FAQ Manager header.php config_path parameter Remote File Inclusion (web_specific_apps.rules)
2008962 - ET WEB_SPECIFIC_APPS PHPmyGallery confdir parameter Remote File Inclusion (web_specific_apps.rules)
2008964 - ET WEB_SPECIFIC_APPS lcxBBportal Alpha portal_block.php phpbb_root_path parameter Remote File Inclusion (web_specific_apps.rules)
2008965 - ET WEB_SPECIFIC_APPS lcxBBportal Alpha acp_lcxbbportal.php phpbb_root_path parameter Remote File Inclusion (web_specific_apps.rules)
2008966 - ET WEB_SPECIFIC_APPS ccTiddly index.php cct_base parameter Remote File Inclusion (web_specific_apps.rules)
2008967 - ET WEB_SPECIFIC_APPS ccTiddly proxy.php cct_base parameter Remote File Inclusion (web_specific_apps.rules)
2008968 - ET WEB_SPECIFIC_APPS ccTiddly header.php cct_base parameter Remote File Inclusion (web_specific_apps.rules)
2008969 - ET WEB_SPECIFIC_APPS ccTiddly include.php cct_base parameter Remote File Inclusion (web_specific_apps.rules)
2008970 - ET WEB_SPECIFIC_APPS ccTiddly workspace.php cct_base parameter Remote File Inclusion (web_specific_apps.rules)
2008996 - ET WEB_SPECIFIC_APPS Simple Text-File Login script slogin_path parameter remote file inclusion (web_specific_apps.rules)
2009018 - ET WEB_SPECIFIC_APPS Text Lines Rearrange Script filename parameter File Disclosure (web_specific_apps.rules)
2009059 - ET WEB_SPECIFIC_APPS Recly Feederator add_tmsp.php mosConfig_absolute_path parameter remote file inclusion (web_specific_apps.rules)
2009060 - ET WEB_SPECIFIC_APPS Recly Feederator edit_tmsp.php mosConfig_absolute_path parameter remote file inclusion (web_specific_apps.rules)
2009061 - ET WEB_SPECIFIC_APPS Recly Feederator subscription.php GLOBALS mosConfig_absolute_path parameter remote file inclusion (web_specific_apps.rules)
2009062 - ET WEB_SPECIFIC_APPS Recly Feederator tmsp.php mosConfig_absolute_path parameter remote file inclusion (web_specific_apps.rules)
2009086 - ET WEB_SPECIFIC_APPS playSMS init.php apps_path themes parameter remote file inclusion (web_specific_apps.rules)
2009088 - ET WEB_SPECIFIC_APPS playSMS function.php apps_path libs parameter remote file inclusion (web_specific_apps.rules)
2009101 - ET WEB_SPECIFIC_APPS REALTOR define.php Remote File Inclusion (web_specific_apps.rules)
2009123 - ET WEB_SPECIFIC_APPS SezHoo SezHooTabsAndActions.php IP Parameter Remote File Inclusion (web_specific_apps.rules)
2009141 - ET WEB_SPECIFIC_APPS MiNBank utdb_access.php minsoft_path Parameter Remote File Inclusion (web_specific_apps.rules)
2009142 - ET WEB_SPECIFIC_APPS MiNBank utgn_message.php minsoft_path Parameter Remote File Inclusion (web_specific_apps.rules)
2009163 - ET WEB_SPECIFIC_APPS GBook header.php abspath Parameter Remote File Inclusion (web_specific_apps.rules)
2009164 - ET WEB_SPECIFIC_APPS openEngine filepool.php oe_classpath parameter Remote File Inclusion (web_specific_apps.rules)
2009165 - ET WEB_SPECIFIC_APPS Barcode Generator LSTable.php class_dir parameter Remote File Inclusion (web_specific_apps.rules)
2009166 - ET WEB_SPECIFIC_APPS Concord Consortium CoAST header.php sections_file parameter remote file inclusion (web_specific_apps.rules)
2009167 - ET WEB_SPECIFIC_APPS AdaptCMS Lite rss_importer_functions.php sitepath Parameter Remote File Inclusion (web_specific_apps.rules)
2009179 - ET WEB_SPECIFIC_APPS SnippetMaster vars.inc.php _SESSION Parameter Remote File Inclusion (web_specific_apps.rules)
2009180 - ET WEB_SPECIFIC_APPS SnippetMaster pcltar.lib.php g_pcltar_lib_dir Parameter Remote File Inclusion (web_specific_apps.rules)
2009188 - ET WEB_SPECIFIC_APPS gapicms toolbar.php dirDepth Parameter Remote File Inclusion (web_specific_apps.rules)
2009190 - ET WEB_SPECIFIC_APPS YACS update_trailer.php context Parameter Remote File Inclusion (web_specific_apps.rules)
2009196 - ET WEB_SPECIFIC_APPS Basebuilder main.inc.php mj_config Parameter Remote File inclusion (web_specific_apps.rules)
2009225 - ET WEB_SPECIFIC_APPS ea-gBook index_inc.php inc_ordner parameter remote file inclusion (web_specific_apps.rules)
2009307 - ET WEB_SPECIFIC_APPS WeBid cron.php include_path Parameter Remote File Inclusion (web_specific_apps.rules)
2009309 - ET WEB_SPECIFIC_APPS WeBid ST_browsers.php include_path Parameter Remote File Inclusion (web_specific_apps.rules)
2009311 - ET WEB_SPECIFIC_APPS WeBid ST_countries.php include_path Parameter Remote File Inclusion (web_specific_apps.rules)
2009313 - ET WEB_SPECIFIC_APPS WeBid ST_platforms.php include_path Parameter Remote File Inclusion (web_specific_apps.rules)
2009321 - ET WEB_SPECIFIC_APPS rgboard footer.php _path parameter remote file inclusion (web_specific_apps.rules)
2009333 - ET WEB_SPECIFIC_APPS ODARS resource_categories_view.php CLASSES_ROOT parameter Remote file inclusion (web_specific_apps.rules)
2009354 - ET TROJAN Bredolab Downloader Communicating With Controller (2) (trojan.rules)
2009360 - ET TROJAN Bredolab Check In (trojan.rules)
2009364 - ET WEB_SPECIFIC_APPS Beerwins PHPLinkAdmin linkadmin.php page Parameter Remote File Inclusion (web_specific_apps.rules)
2009367 - ET WEB_SPECIFIC_APPS cmsWorks lib.module.php mod_root Parameter Remote File Inclusion (web_specific_apps.rules)
2009370 - ET WEB_SPECIFIC_APPS Boonex Dolphin HTMLSax3.php Remote File Inclusion (web_specific_apps.rules)
2009371 - ET WEB_SPECIFIC_APPS Boonex Dolphin safehtml.php Remote File Inclusion (web_specific_apps.rules)
2009372 - ET WEB_SPECIFIC_APPS Boonex Dolphin content.inc.php Remote File Inclusion (web_specific_apps.rules)
2009378 - ET WEB_SPECIFIC_APPS Acute Control Panel container.php theme_directory parameter remote file inclusion (web_specific_apps.rules)
2009379 - ET WEB_SPECIFIC_APPS Acute Control Panel header.php theme_directory parameter remote file inclusion (web_specific_apps.rules)
2009381 - ET WEB_SPECIFIC_APPS Interact embedforum.php Remote File Inclusion (web_specific_apps.rules)
2009382 - ET WEB_SPECIFIC_APPS Agares Media ThemeSiteScript frontpage_right.php Remote File Inclusion (web_specific_apps.rules)
2009386 - ET WEB_SPECIFIC_APPS Interact lib.inc.php Remote File Inclusion (web_specific_apps.rules)
2009388 - ET TROJAN Bredolab Downloader Response Binaries from Controller (trojan.rules)
2009397 - ET WEB_SPECIFIC_APPS phpProfiles body_comm.inc.php content parameter remote file inclusion (web_specific_apps.rules)
2009398 - ET WEB_SPECIFIC_APPS HoMaP plugin_admin.php _settings Parameter Remote File Inclusion (web_specific_apps.rules)
2009415 - ET WEB_SPECIFIC_APPS PhpBlock basicfogfactory.class.php PATH_TO_CODE Parameter Remote File Inclusion (web_specific_apps.rules)
2009416 - ET WEB_SPECIFIC_APPS txtSQL startup.php CFG Parameter Remote File Inclusion (web_specific_apps.rules)
2009427 - ET WEB_SPECIFIC_APPS Grape Web Statistics functions.php location Parameter Remote File Inclusion (web_specific_apps.rules)
2009435 - ET WEB_SPECIFIC_APPS e107 123 FlashChat Module 123flashchat.php e107path Parameter Remote File Inclusion (web_specific_apps.rules)
2009459 - ET WEB_SPECIFIC_APPS Orlando CMS classes init.php GLOBALS Parameter Remote File Inclusion (web_specific_apps.rules)
2009460 - ET WEB_SPECIFIC_APPS Orlando CMS newscat.php GLOBALS Parameter Remote File Inclusion (web_specific_apps.rules)
2009466 - ET WEB_SPECIFIC_APPS Recly Competitions Component add.php GLOBALS Parameter Remote File Inclusion (web_specific_apps.rules)
2009467 - ET WEB_SPECIFIC_APPS Recly Competitions Component competitions.php GLOBALS Parameter Remote File Inclusion (web_specific_apps.rules)
2009468 - ET WEB_SPECIFIC_APPS Recly Competitions Component settings.php mosConfig_absolute_path Parameter Remote File Inclusion (web_specific_apps.rules)
2009484 - ET WEB_SERVER Cpanel lastvisit.html Arbitary file disclosure (web_server.rules)
2009501 - ET WEB_SPECIFIC_APPS nweb2fax viewrq.php var_filename Parameter Directory Traversal (web_specific_apps.rules)
2009502 - ET WEB_SPECIFIC_APPS Quantum Game Library server_request.php CONFIG Parameter Remote File Inclusion (web_specific_apps.rules)
2009504 - ET WEB_SPECIFIC_APPS Quantum Game Library smarty.inc.php CONFIG Parameter Remote File Inclusion (web_specific_apps.rules)
2009506 - ET WEB_SPECIFIC_APPS Falcon Series One sitemap.xml.php dir Parameter Remote File Inclusion (web_specific_apps.rules)
2009587 - ET WEB_SPECIFIC_APPS Virtualmin left.cgi XSS attempt (web_specific_apps.rules)
2009588 - ET WEB_SPECIFIC_APPS Virtualmin link.cgi XSS attempt (web_specific_apps.rules)
2009589 - ET WEB_SPECIFIC_APPS Virtualmin Anonymous Proxy attempt (web_specific_apps.rules)
2009590 - ET WEB_SPECIFIC_APPS Citrix XenCenterWeb edituser.php XSS attempt (web_specific_apps.rules)
2009591 - ET WEB_SPECIFIC_APPS Citrix XenCenterWeb console.php XSS attempt (web_specific_apps.rules)
2009592 - ET WEB_SPECIFIC_APPS Citrix XenCenterWeb forcesd.php XSS attempt (web_specific_apps.rules)
2009593 - ET WEB_SPECIFIC_APPS Citrix XenCenterWeb forcerestart.php XSS attempt (web_specific_apps.rules)
2009594 - ET WEB_SPECIFIC_APPS Citrix XenCenterWeb changepw.php CSRF attempt (web_specific_apps.rules)
2009595 - ET WEB_SPECIFIC_APPS Citrix XenCenterWeb hardstopvm.php CSRF attempt (web_specific_apps.rules)
2009596 - ET WEB_SPECIFIC_APPS Citrix XenCenterWeb writeconfig.php Remote Command Execution attempt (web_specific_apps.rules)
2009653 - ET WEB_SPECIFIC_APPS SMA-DB format.php _page_css Parameter Remote File Inclusion (web_specific_apps.rules)
2009654 - ET WEB_SPECIFIC_APPS SMA-DB format.php _page_javascript Parameter Remote File Inclusion (web_specific_apps.rules)
2009656 - ET WEB_SPECIFIC_APPS SMA-DB format.php _page_content Parameter Remote File Inclusion (web_specific_apps.rules)
2009663 - ET WEB_SPECIFIC_APPS TotalCalendar config.php inc_dir Parameter Remote File Inclusion (web_specific_apps.rules)
2009693 - ET WEB_SPECIFIC_APPS Zen Cart Remote Code Execution (web_specific_apps.rules)
2009717 - ET WEB_SPECIFIC_APPS 1024 CMS standard.php page_include Parameter Remote File Inclusion (web_specific_apps.rules)
2009723 - ET WEB_SPECIFIC_APPS QuickTeam qte_web.php qte_web_path Parameter Remote File Inclusion (web_specific_apps.rules)
2009733 - ET WEB_SPECIFIC_APPS Golabi index_logged.php cur_module Parameter Remote File Inclusion (web_specific_apps.rules)
2009736 - ET WEB_SPECIFIC_APPS ProjectCMS select_image.php dir Parameter Directory Traversal (web_specific_apps.rules)
2009737 - ET WEB_SPECIFIC_APPS ProjectCMS admin_theme_remove.php file Parameter Remote Directory Delete (web_specific_apps.rules)
2009754 - ET WEB_SPECIFIC_APPS Clickheat install.clickheat.php mosConfig_absolute_path Remote File Inclusion (web_specific_apps.rules)
2009755 - ET WEB_SPECIFIC_APPS Clickheat _main.php mosConfig_absolute_path Parameter Remote File Inclusion - 1 (web_specific_apps.rules)
2009756 - ET WEB_SPECIFIC_APPS Clickheat main.php mosConfig_absolute_path Parameter Remote File Inclusion - 2 (web_specific_apps.rules)
2009757 - ET WEB_SPECIFIC_APPS Clickheat Cache.php mosConfig_absolute_path Remote File Inclusion (web_specific_apps.rules)
2009758 - ET WEB_SPECIFIC_APPS Clickheat Clickheat_Heatmap.php mosConfig_absolute_path Remote File Inclusion (web_specific_apps.rules)
2009759 - ET WEB_SPECIFIC_APPS Clickheat GlobalVariables.php mosConfig_absolute_path Remote File Inclusion - 1 (web_specific_apps.rules)
2009760 - ET WEB_SPECIFIC_APPS Clickheat main.php mosConfig_absolute_path Parameter Remote File Inclusion -2 (web_specific_apps.rules)
2009788 - ET WEB_SPECIFIC_APPS RSS-aggregator display.php path Parameter Remote File Inclusion (web_specific_apps.rules)
2009793 - ET WEB_SPECIFIC_APPS PHP Crawler footer.php footer_file Parameter Remote File Inclusion (web_specific_apps.rules)
2009846 - ET WEB_SPECIFIC_APPS WB News global.php config Parameter Remote File Inclusion (web_specific_apps.rules)
2009848 - ET WEB_SPECIFIC_APPS Dragoon header.inc.php root Parameter Remote File Inclusion (web_specific_apps.rules)
2009871 - ET WEB_SPECIFIC_APPS PHPauction GPL converter.inc.php include_path Parameter Remote File Inclusion (web_specific_apps.rules)
2009872 - ET WEB_SPECIFIC_APPS PHPauction GPL messages.inc.php include_path Parameter Remote File Inclusion (web_specific_apps.rules)
2009873 - ET WEB_SPECIFIC_APPS PHPauction GPL settings.inc.php include_path Parameter Remote File Inclusion (web_specific_apps.rules)
2009874 - ET WEB_SPECIFIC_APPS cpCommerce _functions.php GLOBALS Parameter Remote File Inclusion (web_specific_apps.rules)
2009877 - ET WEB_SPECIFIC_APPS VirtueMart Google Base Component admin.googlebase.php Remote File Inclusion (web_specific_apps.rules)
2009898 - ET WEB_SPECIFIC_APPS Pragyan CMS form.lib.php sourceFolder Parameter Remote File Inclusion (web_specific_apps.rules)
2009903 - ET WEB_SPECIFIC_APPS AdaptBB latestposts.php forumspath Parameter Remote File Inclusion (web_specific_apps.rules)
2009925 - ET WEB_SPECIFIC_APPS x10 Automatic MP3 Script function_core.php web_root Parameter Remote File Inclusion (web_specific_apps.rules)
2009927 - ET WEB_SPECIFIC_APPS x10 Automatic MP3 Script layout_lyrics.php web_root Parameter Remote File Inclusion (web_specific_apps.rules)
2010027 - ET WEB_SPECIFIC_APPS DM Albums album.php SECURITY_FILE Parameter Remote File Inclusion (web_specific_apps.rules)
2010072 - ET TROJAN Bredolab Infection - Windows Key (trojan.rules)
2010092 - ET WEB_SPECIFIC_APPS Webradev Download Protect EmailTemplates.class.php Remote File Inclusion (web_specific_apps.rules)
2010093 - ET WEB_SPECIFIC_APPS Webradev Download Protect PDPEmailReplaceConstants.class.php Remote File Inclusion (web_specific_apps.rules)
2010094 - ET WEB_SPECIFIC_APPS Webradev Download Protect ResellersManager.class.php Remote File Inclusion (web_specific_apps.rules)
2010095 - ET WEB_SPECIFIC_APPS PHPGenealogy CoupleDB.php DataDirectory Parameter Remote File Inclusion (web_specific_apps.rules)
2010096 - ET WEB_SPECIFIC_APPS GROUP-E head_auth.php CFG Parameter Remote File Inclusion (web_specific_apps.rules)
2010099 - ET WEB_SPECIFIC_APPS News Manager ch_readalso.php read_xml_include Parameter Remote File Inclusion (web_specific_apps.rules)
2010126 - ET WEB_SPECIFIC_APPS Ultrize TimeSheet timesheet.php include_dir Parameter Remote File Inclusion (web_specific_apps.rules)
2010191 - ET WEB_SPECIFIC_APPS justVisual contact.php fs_jVroot Parameter Remote File Inclusion (web_specific_apps.rules)
2010192 - ET WEB_SPECIFIC_APPS justVisual pageTemplate.php fs_jVroot Parameter Remote File Inclusion (web_specific_apps.rules)
2010193 - ET WEB_SPECIFIC_APPS justVisual utilities.php fs_jVroot Parameter Remote File Inclusion (web_specific_apps.rules)
2010252 - ET WEB_SPECIFIC_APPS Datalife Engine api.class.php dle_config_api Parameter Remote File Inclusion (web_specific_apps.rules)
2010359 - ET WEB_SPECIFIC_APPS FSphp FSphp.php FSPHP_LIB Parameter Remote File Inclusion Attempt (web_specific_apps.rules)
2010360 - ET WEB_SPECIFIC_APPS FSphp navigation.php FSPHP_LIB Parameter Remote File Inclusion Attempt (web_specific_apps.rules)
2010361 - ET WEB_SPECIFIC_APPS FSphp pathwirte.php FSPHP_LIB Parameter Remote File Inclusion Attempt (web_specific_apps.rules)

[---]         Removed rules:         [---]

2003055 - ET MALWARE Suspicious FTP 220 Banner on Local Port (-) (malware.rules)
 

Date: 
Friday, April 21, 2017 - 00:00