Daily Ruleset Update Summary 2017/04/28

[***]            Summary:            [***]

21 new Pro. Carbanak XOR Encoded Meterpreter, Various Phishing, Various Mobile

[+++]          Added rules:          [+++]

Pro:

2826160 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-04-28 1) (trojan.rules)
2826161 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-04-28 2) (trojan.rules)
2826162 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-04-28 3) (trojan.rules)
2826163 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-04-28 4) (trojan.rules)
2826164 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-04-28 5) (trojan.rules)
2826165 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-04-28 6) (trojan.rules)
2826166 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-04-28 7) (trojan.rules)
2826167 - ETPRO TROJAN Possible Carbanak XOR Encoded Meterpreter (metsrv.dll) (trojan.rules)
2826168 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 83 (mobile_malware.rules)
2826169 - ETPRO TROJAN DNS Query to Sage Domain (xcvkjet . com) (trojan.rules)
2826170 - ETPRO TROJAN DNS Query to Cerber Domain (1nprob . top) (trojan.rules)
2826171 - ETPRO TROJAN DNS Query to Cerber Domain (1fygsg . top) (trojan.rules)
2826172 - ETPRO TROJAN DNS Query to Cerber Domain (1kyjw7 . top) (trojan.rules)
2826173 - ETPRO TROJAN DNS Query to Cerber Domain (1mwvgh . top) (trojan.rules)
2826176 - ETPRO MOBILE_MALWARE Android Unknown Trojan-Spy CnC Beacon (mobile_malware.rules)
2826177 - ETPRO MOBILE_MALWARE Android Unknown Trojan-Spy Contact Exfil (mobile_malware.rules)
2826178 - ETPRO TROJAN Cobalt Strike Malleable C2 Amazon Profile (trojan.rules)
2826179 - ETPRO CURRENT_EVENTS Successful Office 365 Phish Apr 28 2017 (current_events.rules)
2826180 - ETPRO CURRENT_EVENTS Successful DHL Phish Apr 28 2017 (current_events.rules)
2826181 - ETPRO CURRENT_EVENTS Successful UK Gov Tax Refund Phish Apr 28 2017 (current_events.rules)
2826182 - ETPRO CURRENT_EVENTS Successful Verified by VISA Phish Apr 28 2017 (current_events.rules)

[///]     Modified active rules:     [///]

2009949 - ET WEB_SERVER Tilde in URI - potential .pl source disclosure vulnerability (web_server.rules)
2009950 - ET WEB_SERVER Tilde in URI - potential .inc source disclosure vulnerability (web_server.rules)
2009951 - ET WEB_SERVER Tilde in URI - potential .conf source disclosure vulnerability (web_server.rules)
2009952 - ET WEB_SERVER Tilde in URI - potential .asp source disclosure vulnerability (web_server.rules)
2009953 - ET WEB_SERVER Tilde in URI - potential .aspx source disclosure vulnerability (web_server.rules)
2009955 - ET WEB_SERVER Tilde in URI - potential .php~ source disclosure vulnerability (web_server.rules)
2010820 - ET WEB_SERVER Tilde in URI - potential .cgi source disclosure vulnerability (web_server.rules)
2012312 - ET TROJAN Generic Trojan with /? and Indy Library User-Agent (trojan.rules)
2014934 - ET CURRENT_EVENTS FoxxySoftware - Landing Page (current_events.rules)
2024173 - ET TROJAN Red Leaves magic packet detected (APT10 implant) (trojan.rules)
2024174 - ET TROJAN Red Leaves magic packet response detected (APT10 implant) (trojan.rules)

[---]         Disabled rules:        [---]

2800006 - ETPRO EXPLOIT CVS Argumentx Command Double Free Vulnerability (exploit.rules)
2800028 - ETPRO EXPLOIT MySQL CREATE FUNCTION libc Arbitrary Code Execution (exploit.rules)
2800035 - ETPRO EXPLOIT CA BrightStor ARCserve Backup Universal Agent Buffer Overflow (exploit.rules)
2800037 - ETPRO EXPLOIT CVS Annotate Command Long Revision String Buffer Overflow (exploit.rules)
2800041 - ETPRO NETBIOS Microsoft Windows Message Queuing Buffer Overflow 1 (netbios.rules)
2800042 - ETPRO NETBIOS Microsoft Windows Message Queuing Buffer Overflow 2 (netbios.rules)
2800043 - ETPRO NETBIOS Microsoft Windows Message Queuing Buffer Overflow 3 (netbios.rules)
2800044 - ETPRO NETBIOS Microsoft Windows Message Queuing Buffer Overflow 4 (netbios.rules)
2800045 - ETPRO NETBIOS Microsoft Windows Message Queuing Buffer Overflow 5 (netbios.rules)
2800046 - ETPRO NETBIOS Microsoft Windows Message Queuing Buffer Overflow 6 (netbios.rules)
2800047 - ETPRO NETBIOS Microsoft Windows Message Queuing Buffer Overflow 7 (netbios.rules)
2800048 - ETPRO NETBIOS Microsoft Windows Message Queuing Buffer Overflow 8 (netbios.rules)
2800049 - ETPRO NETBIOS Microsoft Windows Message Queuing Buffer Overflow 9 (netbios.rules)
2800050 - ETPRO NETBIOS Microsoft Windows Message Queuing Buffer Overflow 10 (netbios.rules)
2800051 - ETPRO NETBIOS Microsoft Windows Message Queuing Buffer Overflow 11 (netbios.rules)
2800054 - ETPRO EXPLOIT Novell ZENworks Remote Management Buffer Overflow (exploit.rules)
2800059 - ETPRO EXPLOIT Veritas Backup Exec Agent CONNECT_CLIENT_AUTH Buffer Overflow (exploit.rules)
2800060 - ETPRO EXPLOIT Veritas Backup Exec Server Remote Registry Access (exploit.rules)
2800061 - ETPRO EXPLOIT Veritas Backup Exec Server Remote Registry Access (exploit.rules)
2800067 - ETPRO EXPLOIT CA Multiple Products Console Server Login Credentials Handling Buffer Overflow 1 (exploit.rules)
2800068 - ETPRO EXPLOIT CA Multiple Products Console Server Login Credentials Handling Buffer Overflow 2 (exploit.rules)
2800069 - ETPRO EXPLOIT CA Multiple Products Console Server Login Credentials Handling Buffer Overflow 3 (exploit.rules)
2800070 - ETPRO EXPLOIT CA Multiple Products Console Server Login Credentials Handling Buffer Overflow 4 (exploit.rules)
2800072 - ETPRO DOS Linux Kernel NetFilter SCTP Unknown Chunk Types Denial of Service 1 (dos.rules)
2800073 - ETPRO DOS Linux Kernel NetFilter SCTP Unknown Chunk Types Denial of Service 2 (dos.rules)
2800104 - ETPRO IMAP Ipswitch IMail Server IMAP SEARCH Command Date String Stack Overflow (imap.rules)
2800125 - ETPRO EXPLOIT Trend Micro ServerProtect RPC NTF_SetPagerNotifyConfig Buffer Overflow 1 (exploit.rules)
2800126 - ETPRO EXPLOIT Trend Micro ServerProtect RPC NTF_SetPagerNotifyConfig Buffer Overflow (exploit.rules)
2800127 - ETPRO EXPLOIT Trend Micro ServerProtect RPCFN Engine RPC Buffer Overflows 1 (exploit.rules)
2800128 - ETPRO EXPLOIT Trend Micro ServerProtect RPCFN Engine RPC Buffer Overflows 2 (exploit.rules)
2800129 - ETPRO EXPLOIT Trend Micro ServerProtect RPCFN Engine RPC Buffer Overflows 3 (exploit.rules)
2800130 - ETPRO EXPLOIT Trend Micro ServerProtect RPCFN Engine RPC Buffer Overflows 4 (exploit.rules)
2800131 - ETPRO EXPLOIT Trend Micro ServerProtect RPCFN Engine RPC Buffer Overflows 5 (exploit.rules)
2800132 - ETPRO EXPLOIT Trend Micro ServerProtect RPCFN Engine RPC Buffer Overflows 6 (exploit.rules)
2800133 - ETPRO EXPLOIT Trend Micro ServerProtect RPC RPCFN_CMON_SetSvcImpersonateUser Buffer Overflow (exploit.rules)
2800134 - ETPRO EXPLOIT Trend Micro ServerProtect RPC RPCFN_CMON_SetSvcImpersonateUser Buffer Overflow 2 (exploit.rules)
2800135 - ETPRO EXPLOIT Trend Micro ServerProtect SPNT Engine RPC Buffer Overflows 1 (exploit.rules)
2800136 - ETPRO EXPLOIT Trend Micro ServerProtect SPNT Engine RPC Buffer Overflows 2 (exploit.rules)
2800137 - ETPRO EXPLOIT Trend Micro ServerProtect SPNT Engine RPC Buffer Overflows 3 (exploit.rules)
2800138 - ETPRO EXPLOIT Trend Micro ServerProtect SPNT Engine RPC Buffer Overflows 4 (exploit.rules)
2800139 - ETPRO EXPLOIT Trend Micro ServerProtect EarthAgent RPC RPCFN_CopyAUSrc Buffer Overflow 1 (exploit.rules)
2800140 - ETPRO EXPLOIT Trend Micro ServerProtect EarthAgent RPC RPCFN_CopyAUSrc Buffer Overflow 2 (exploit.rules)
2800142 - ETPRO EXPLOIT Motorola Timbuktu Crafted Login Request Buffer Overflow 1 (exploit.rules)
2800143 - ETPRO EXPLOIT Motorola Timbuktu Crafted Login Request Buffer Overflow 2 (exploit.rules)
2800149 - ETPRO EXPLOIT Trend Micro ServerProtect TMregChange Stack Overflow (exploit.rules)
2800154 - ETPRO EXPLOIT CA ARCserve Backup for Laptops and Desktops LGServer Multiple Buffer Overflows 1 (exploit.rules)
2800155 - ETPRO EXPLOIT CA ARCserve Backup for Laptops and Desktops LGServer Multiple Buffer Overflows 2 (exploit.rules)
2800156 - ETPRO EXPLOIT CA ARCserve Backup for Laptops and Desktops LGServer Multiple Buffer Overflows 3 (exploit.rules)
2800157 - ETPRO EXPLOIT CA ARCserve Backup for Laptops and Desktops LGServer Multiple Buffer Overflows 4 (exploit.rules)
2800158 - ETPRO EXPLOIT CA ARCserve Backup for Laptops and Desktops LGServer Multiple Buffer Overflows 5 (exploit.rules)
2800159 - ETPRO EXPLOIT CA ARCserve Backup for Laptops and Desktops LGServer Multiple Buffer Overflows 6 (exploit.rules)
2800160 - ETPRO EXPLOIT CA ARCserve Backup for Laptops and Desktops LGServer Multiple Buffer Overflows 7 (exploit.rules)
2800161 - ETPRO EXPLOIT CA ARCserve Backup for Laptops and Desktops LGServer Multiple Buffer Overflows 8 (exploit.rules)
2800162 - ETPRO EXPLOIT CA ARCserve Backup for Laptops and Desktops LGServer Multiple Buffer Overflows 9 (exploit.rules)
2800163 - ETPRO EXPLOIT CA ARCserve Backup for Laptops and Desktops LGServer Multiple Buffer Overflows 10 (exploit.rules)
2800164 - ETPRO EXPLOIT CA BrightStor ARCServe Backup LGServer Authentication Password Buffer Overflow (exploit.rules)
2800165 - ETPRO EXPLOIT CA BrightStor ARCServe Backup LGServer Authentication Password Buffer Overflow (exploit.rules)
2800166 - ETPRO EXPLOIT CA BrightStor ARCServe Backup LGServer Authentication Username Overflow (exploit.rules)
2800167 - ETPRO EXPLOIT CA BrightStor ARCServe Backup LGServer Arbitrary File Upload (exploit.rules)
2800168 - ETPRO EXPLOIT CA BrightStor ARCserve Backup Message Engine Stack Overflow 1 (exploit.rules)
2800169 - ETPRO EXPLOIT CA BrightStor ARCserve Backup Message Engine Stack Overflow 2 (exploit.rules)
2800170 - ETPRO EXPLOIT CA BrightStor ARCserve Backup Message Engine Stack Overflow 3 (exploit.rules)
2800171 - ETPRO EXPLOIT CA BrightStor ARCserve Backup Message Engine Stack Overflow 4 (exploit.rules)
2800172 - ETPRO EXPLOIT CA Multiple Products DBASVR RPC Server Crafted Pointer Buffer Overflow 1 (exploit.rules)
2800173 - ETPRO EXPLOIT CA Multiple Products DBASVR RPC Server Crafted Pointer Buffer Overflow 2 (exploit.rules)
2800174 - ETPRO EXPLOIT CA Multiple Products DBASVR RPC Server Crafted Pointer Buffer Overflow 3 (exploit.rules)
2800175 - ETPRO EXPLOIT CA Multiple Products DBASVR RPC Server Crafted Pointer Buffer Overflow 4 (exploit.rules)
2800176 - ETPRO EXPLOIT CA Multiple Products DBASVR RPC Server Crafted Pointer Buffer Overflow 5 (exploit.rules)
2800177 - ETPRO EXPLOIT CA Multiple Products DBASVR RPC Server Crafted Pointer Buffer Overflow 6 (exploit.rules)
2800178 - ETPRO EXPLOIT CA Multiple Products DBASVR RPC Server Crafted Pointer Buffer Overflow 7 (exploit.rules)
2800179 - ETPRO EXPLOIT CA Multiple Products DBASVR RPC Server Crafted Pointer Buffer Overflow 8 (exploit.rules)
2800180 - ETPRO EXPLOIT CA Multiple Products DBASVR RPC Server Crafted Pointer Buffer Overflow 9 (exploit.rules)
2800181 - ETPRO EXPLOIT CA Multiple Products DBASVR RPC Server Crafted Pointer Buffer Overflow 10 (exploit.rules)
2800182 - ETPRO EXPLOIT CA BrightStor ARCserve Backup Message Engine Insecure Method Exposure 1 (exploit.rules)
2800183 - ETPRO EXPLOIT CA BrightStor ARCserve Backup Message Engine Insecure Method Exposure 2 (exploit.rules)
2800234 - ETPRO EXPLOIT HP OpenView Network Node Manager CGI Application Buffer Overflow (exploit.rules)
2800236 - ETPRO NETBIOS Samba Domain Controller Service Crafted Mailslot Name Buffer Overflow (netbios.rules)
2800244 - ETPRO NETBIOS Microsoft Windows Message Queuing Service RPC Bind Little (netbios.rules)
2800245 - ETPRO NETBIOS Microsoft Windows Message Queuing Service String Buffer Overflow 1 (netbios.rules)
2800246 - ETPRO NETBIOS Microsoft Windows Message Queuing Service String Buffer Overflow 2 (netbios.rules)
2800247 - ETPRO NETBIOS Microsoft Windows Message Queuing Service String Buffer Overflow 3 (netbios.rules)
2800281 - ETPRO EXPLOIT Citrix Systems Multiple Products IMA Service Buffer Overflow (exploit.rules)
2800282 - ETPRO EXPLOIT Nullsoft Winamp Ultravox Streaming Metadata Parsing Stack Buffer Overflow 1 (exploit.rules)
2800283 - ETPRO EXPLOIT Nullsoft Winamp Ultravox Streaming Metadata Parsing Stack Buffer Overflow 2 (exploit.rules)
2800284 - ETPRO EXPLOIT Firebird Database Server Username Handling Buffer Overflow (exploit.rules)
2800295 - ETPRO EXPLOIT Symantec VERITAS Storage Foundation Administrator Service Buffer Overflow (exploit.rules)
2800313 - ETPRO EXPLOIT McAfee ePolicy Orchestrator Framework Services Log Handling Format String Vulnerability 1 (exploit.rules)
2800314 - ETPRO EXPLOIT McAfee ePolicy Orchestrator Framework Services Log Handling Format String Vulnerability 2 (exploit.rules)
2800315 - ETPRO EXPLOIT McAfee ePolicy Orchestrator Framework Services Log Handling Format String Vulnerability 3 (exploit.rules)
2800316 - ETPRO IMAP Alt-N MDaemon IMAP Server FETCH Command Buffer Overflow (imap.rules)
2800325 - ETPRO EXPLOIT GNOME Project libxslt Library RC4 Key String Buffer Overflow 1 (exploit.rules)
2800326 - ETPRO EXPLOIT GNOME Project libxslt Library RC4 Key String Buffer Overflow 2 (exploit.rules)
2800327 - ETPRO EXPLOIT GNOME Project libxslt Library RC4 Key String Buffer Overflow 3 (exploit.rules)
2800343 - ETPRO EXPLOIT Symantec Veritas Storage Foundation Scheduler Service NULL Session Authentication Bypass (exploit.rules)
2800356 - ETPRO EXPLOIT Trend Micro OfficeScan Server cgiRecvFile Buffer Overflow (exploit.rules)
2800357 - ETPRO EXPLOIT IBM DB2 Universal Database XML Query Buffer Overflow (exploit.rules)
2800379 - ETPRO EXPLOIT Sun Solstice AdminSuite sadmind service adm_build_path Buffer Overflow high ports (exploit.rules)
2800382 - ETPRO EXPLOIT Trend Micro OfficeScan Multiple CGI Modules HTTP Form Processing Buffer Overflow (exploit.rules)
2800394 - ETPRO EXPLOIT Apple CUPS PNG Filter Overly Large Image Height Integer Overflow 1 (exploit.rules)
2800395 - ETPRO EXPLOIT Apple CUPS PNG Filter Overly Large Image Height Integer Overflow 2 (exploit.rules)
2800396 - ETPRO CHAT Cerulean Studios Trillian Image Filename XML Tag Stack Buffer Overflow (chat.rules)
2800397 - ETPRO CHAT Cerulean Studios Trillian AIM XML Tag Handling Heap Buffer Overflow (chat.rules)
2800412 - ETPRO EXPLOIT Oracle Secure Backup NDMP Packet Handling Multiple Memory Corruption 1 (exploit.rules)
2800413 - ETPRO EXPLOIT Oracle Secure Backup NDMP Packet Handling Multiple Memory Corruption 2 (exploit.rules)
2800415 - ETPRO ACTIVEX AXIS Communications Camera Control image_pan_tilt Buffer Overflow 2 (activex.rules)
2800420 - ETPRO EXPLOIT UltraVNC VNCViewer Authenticate Buffer Overflow 1 (exploit.rules)
2800421 - ETPRO EXPLOIT UltraVNC VNCViewer Authenticate Buffer Overflow 2 (exploit.rules)
2800423 - ETPRO EXPLOIT HP OpenView Network Node Manager ovlaunch HTTP Request Buffer Overflow (exploit.rules)
2800425 - ETPRO ACTIVEX Research In Motion BlackBerry Application Web Loader ActiveX Control Buffer Overflow 2 (activex.rules)
2800426 - ETPRO ACTIVEX Research In Motion BlackBerry Application Web Loader ActiveX Control Buffer Overflow 3 (activex.rules)
2800427 - ETPRO ACTIVEX Research In Motion BlackBerry Application Web Loader ActiveX Control Buffer Overflow 5 (activex.rules)
2800433 - ETPRO EXPLOIT IBM Tivoli Storage Manager Express Backup Heap Corruption 1 (exploit.rules)
2800434 - ETPRO EXPLOIT IBM Tivoli Storage Manager Express Backup Heap Corruption 2 (exploit.rules)
2800437 - ETPRO EXPLOIT IBM Director CIM Server Consumer Name Handling Denial of Service 1 (exploit.rules)
2800438 - ETPRO EXPLOIT IBM Director CIM Server Consumer Name Handling Denial of Service 2 (exploit.rules)
2800439 - ETPRO EXPLOIT HP OpenView Network Node Manager OvAcceptLang Parameter Buffer Overflow (exploit.rules)
2800440 - ETPRO EXPLOIT HP OpenView Network Node Manager OvOSLocale Parameter Buffer Overflow (exploit.rules)
2800444 - ETPRO DOS IBM DB2 Database Server CONNECT Request Denial of Service (dos.rules)
2800445 - ETPRO DOS IBM DB2 Database Server Invalid Data Stream Denial of Service (Published Exploit) (dos.rules)
2800455 - ETPRO EXPLOIT HP OpenView Network Node Manager ovalarmsrv Integer Overflow 1 (exploit.rules)
2800456 - ETPRO EXPLOIT HP OpenView Network Node Manager ovalarmsrv Integer Overflow 2 (exploit.rules)
2800457 - ETPRO EXPLOIT HP OpenView Network Node Manager ovalarmsrv Integer Overflow 3 (exploit.rules)
2800458 - ETPRO EXPLOIT HP OpenView Network Node Manager ovalarmsrv Integer Overflow 4 (exploit.rules)
2800459 - ETPRO EXPLOIT HP OpenView Network Node Manager ovalarmsrv Integer Overflow 5 (exploit.rules)
2800460 - ETPRO EXPLOIT HP OpenView Network Node Manager ovalarmsrv Integer Overflow 6 (exploit.rules)
2800465 - ETPRO EXPLOIT IBM Tivoli Storage Manager Client dsmagent.exe NodeName Buffer Overflow 1 (exploit.rules)
2800466 - ETPRO EXPLOIT IBM Tivoli Storage Manager Client dsmagent.exe NodeName Buffer Overflow 2 (exploit.rules)
2800467 - ETPRO EXPLOIT IBM Tivoli Storage Manager Agent Client Generic String Handling Buffer Overflow (exploit.rules)
2800486 - ETPRO EXPLOIT Unisys Business Information Server Stack Buffer Overflow (exploit.rules)
2800487 - ETPRO EXPLOIT HP OpenView Network Node Manager rping Stack Buffer Overflow 1 (exploit.rules)
2800488 - ETPRO EXPLOIT HP OpenView Network Node Manager rping Stack Buffer Overflow 2 (exploit.rules)
2800491 - ETPRO DOS Firebird SQL op_connect_request Denial of Service (dos.rules)
2800496 - ETPRO ACTIVEX Microsoft Windows DHTML Editing Component ActiveX Control Code Execution (activex.rules)
2800497 - ETPRO ACTIVEX Microsoft Windows DHTML Editing Component ActiveX Control Code Execution (activex.rules)
2800499 - ETPRO DOS FreeRADIUS RADIUS Server rad_decode Remote Denial of Service (dos.rules)
 

Date: 
Friday, April 28, 2017 - 00:00