Daily Ruleset Update Summary 2017/05/02

[***]            Summary:            [***]

12 new Pro. AutoIT RMS Dropper, Various Mobile.

[+++]          Added rules:          [+++]

2826203 - ETPRO TROJAN Trojan/AutoIT RMS Dropper Checkin (trojan.rules)
2826204 - ETPRO MOBILE_MALWARE Monitor.AndroidOS.Hellospy.a CnC Beacon (mobile_malware.rules)
2826205 - ETPRO TROJAN Possible Linux.Shishiga HTTP Fake 404 Response (trojan.rules)
2826206 - ETPRO TROJAN Unknown Stealer Checkin (trojan.rules)
2826207 - ETPRO TROJAN SMSDocu SSL Cert (trojan.rules)
2826208 - ETPRO MOBILE_MALWARE Android.Riskware.SMSReg.FS CnC Beacon 2 (mobile_malware.rules)
2826209 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmsThief.mk Reporting via SMTP (mobile_malware.rules)
2826210 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmsThief.ey Reporting via SMTP (mobile_malware.rules)
2826211 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmsThief.dj Reporting via SMTP (mobile_malware.rules)
2826212 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmsThief.dj SMS Exfil via SMTP 5 (mobile_malware.rules)
2826213 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmsThief.es SMS/Contact Exfil via SMTP (mobile_malware.rules)
2826214 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmsThief.es Reporting via SMTP (mobile_malware.rules)

[///]     Modified active rules:     [///]

2018321 - ET TROJAN Saker UA (trojan.rules)
2022506 - ET EXPLOIT Possible CVE-2016-1287 Invalid Fragment Size Inbound (exploit.rules)
2022515 - ET EXPLOIT Possible CVE-2016-1287 Invalid Fragment Size Inbound 2 (exploit.rules)
2022516 - ET EXPLOIT Possible CVE-2016-1287 Invalid Fragment Size Inbound 3 (exploit.rules)

[---]         Disabled rules:        [---]

2800030 - ETPRO TELNET Multiple Vendor Telnet Client LINEMODE Buffer Overflow (telnet.rules)
2800031 - ETPRO TELNET Multiple Vendor Telnet Client env_opt_add Buffer Overflow (telnet.rules)
2800040 - ETPRO WEB_SPECIFIC_APPS MailEnable HTTP Authorization Header Buffer Overflow (web_specific_apps.rules)
2800055 - ETPRO SMTP Ipswitch IMail IMAP LOGIN Command Buffer Overflow (smtp.rules)
2800056 - ETPRO SMTP MailEnable SMTP Authentication Buffer Overflow (smtp.rules)
2800058 - ETPRO TELNET Microsoft Telnet Client Information Disclosure (telnet.rules)
2800062 - ETPRO SMTP Microsoft Exchange Server iCal Properties Handling Denial of Service (smtp.rules)
2800074 - ETPRO WEB_CLIENT Microsoft Visio Version Number Handling Code Execution Vulnerability (web_client.rules)
2800091 - ETPRO RPC MIT Kerberos kadmind RPC Library Uninitialized Pointer Code Execution (rpc.rules)
2800115 - ETPRO WEB_CLIENT Microsoft OLE Automation String Manipulation Heap Overflow (web_client.rules)
2800116 - ETPRO WEB_CLIENT Microsoft OLE Automation String Manipulation Heap Overflow (web_client.rules)
2800145 - ETPRO RPC MIT Kerberos kadmind RPC Library RPCSEC_GSS Authentication Buffer Overflow (rpc.rules)
2800146 - ETPRO WEB_CLIENT Microsoft Visual Basic 6.0 VBP Project File request (vbp) (web_client.rules)
2800147 - ETPRO WEB_CLIENT Microsoft Visual Basic 6.0 VBP Project File Handling Buffer Overflow Attempt (web_client.rules)
2800150 - ETPRO WEB_CLIENT Microsoft Visual Studio Crystal Reports RPT File Download HTTP (web_client.rules)
2800151 - ETPRO WEB_CLIENT Microsoft Visual Studio Crystal Reports RPT File Handling Code Execution (web_client.rules)
2800192 - ETPRO WEB_CLIENT RealNetworks RealPlayer MP3 Files Processing Buffer Overflow (web_client.rules)
2800193 - ETPRO WEB_CLIENT RealPlayer RA file processing overflow attempt (web_client.rules)
2800194 - ETPRO WEB_CLIENT RealPlayer RealMedia file format heap corruption attempt (web_client.rules)
2800195 - ETPRO SQL Oracle Database SYS.LT.FINDRICSET SQL Injection (sql.rules)
2800196 - ETPRO WEB_CLIENT Apple QuickTime mov Download (web_client.rules)
2800197 - ETPRO WEB_CLIENT Apple QuickTime moov Download (web_client.rules)
2800198 - ETPRO WEB_CLIENT Apple QuickTime STSD Atoms Handling Heap Overflow (web_client.rules)
2800207 - ETPRO WEB_CLIENT Apple QuickTime qt Download (web_client.rules)
2800208 - ETPRO WEB_CLIENT Apple QuickTime Panorama Sample Atoms Movie File Handling Buffer Overflow (web_client.rules)
2800209 - ETPRO SQL Oracle Database Server XDB PITRIG_DROPMETADATA Procedure Buffer Overflow (sql.rules)
2800210 - ETPRO WEB_CLIENT FLAC Project libFLAC VORBIS Comment String Size Buffer Overflow 1 (web_client.rules)
2800211 - ETPRO WEB_CLIENT FLAC Project libFLAC VORBIS Comment String Size Buffer Overflow 2 (web_client.rules)
2800212 - ETPRO WEB_CLIENT FLAC Project libFLAC VORBIS Comment String Size Buffer Overflow 3 (web_client.rules)
2800213 - ETPRO WEB_CLIENT FLAC Project libFLAC VORBIS Comment String Size Buffer Overflow 4 (web_client.rules)
2800214 - ETPRO WEB_CLIENT FLAC Project libFLAC VORBIS Comment String Size Buffer Overflow 5 (web_client.rules)
2800215 - ETPRO WEB_CLIENT FLAC Project libFLAC VORBIS Comment String Size Buffer Overflow 6 (web_client.rules)
2800222 - ETPRO WEB_CLIENT FLAC Project libFLAC Picture Metadata MIME-Type Size Buffer Overflow 1 (web_client.rules)
2800223 - ETPRO WEB_CLIENT FLAC Project libFLAC Picture Metadata MIME-Type Size Buffer Overflow 2 (web_client.rules)
2800224 - ETPRO WEB_CLIENT FLAC Project libFLAC Picture Metadata MIME-Type Size Buffer Overflow 3  (web_client.rules)
2800226 - ETPRO WEB_CLIENT FLAC Project libFLAC Picture Metadata Picture Description Size Buffer Overflow 1 (web_client.rules)
2800227 - ETPRO WEB_CLIENT FLAC Project libFLAC Picture Metadata Picture Description Size Buffer Overflow 2 (web_client.rules)
2800228 - ETPRO WEB_CLIENT FLAC Project libFLAC Picture Metadata Picture Description Size Buffer Overflow 3 (web_client.rules)
2800229 - ETPRO WEB_CLIENT FLAC Project libFLAC Picture Metadata Picture Description Size Buffer Overflow 4 (web_client.rules)
2800232 - ETPRO WEB_CLIENT ACD Systems ACDSee Products XPM Values Section Buffer Overflow (web_client.rules)
2800233 - ETPRO WEB_CLIENT ACD Systems ACDSee Products XPM Values Section Buffer Overflow (web_client.rules)
2800235 - ETPRO WEB_CLIENT Skype skype4com URI Handler Remote Heap Corruption (web_client.rules)
2800237 - ETPRO WEB_CLIENT Microsoft Windows Media Format ASF Parsing Code Execution 1 (web_client.rules)
2800238 - ETPRO WEB_CLIENT Microsoft Windows Media Format ASF Parsing Code Execution 2 (web_client.rules)
2800239 - ETPRO WEB_CLIENT Microsoft Windows Media Format ASF Parsing Code Execution 3 (web_client.rules)
2800240 - ETPRO WEB_CLIENT Microsoft DirectX SAMI File Parsing Code Execution (web_client.rules)
2800248 - ETPRO NETBIOS Microsoft Windows Message Queuing Service String Buffer Overflow 4 (netbios.rules)
2800249 - ETPRO NETBIOS Microsoft Windows Message Queuing Service RPC Bind Big (netbios.rules)
2800250 - ETPRO NETBIOS Microsoft Windows Message Queuing Service String Buffer Overflow 5 (netbios.rules)
2800251 - ETPRO NETBIOS Microsoft Windows Message Queuing Service String Buffer Overflow 6 (netbios.rules)
2800252 - ETPRO NETBIOS Microsoft Windows Message Queuing Service String Buffer Overflow 7 (netbios.rules)
2800253 - ETPRO NETBIOS Microsoft Windows Message Queuing Service String Buffer Overflow 8 (netbios.rules)
2800254 - ETPRO WEB_SERVER Apache mod_imap and mod_imagemap Module Cross-Site Scripting (web_server.rules)
2800267 - ETPRO SQL MySQL yaSSL SSL Hello Message Buffer Overflow 2 (sql.rules)
2800270 - ETPRO SQL SAP MaxDB Remote Arbitrary Commands Execution (sql.rules)
2800285 - ETPRO WEB_CLIENT Microsoft Internet Explorer HTML Rendering Memory Corruption (web_client.rules)
2800289 - ETPRO WEB_CLIENT Microsoft Internet Explorer ANIMATEMOTION Properties Assignment Memory Corruption 1 (web_client.rules)
2800290 - ETPRO WEB_CLIENT Microsoft Internet Explorer ANIMATEMOTION Properties Assignment Memory Corruption 2 (web_client.rules)
2800291 - ETPRO WEB_CLIENT Microsoft Internet Explorer ANIMATEMOTION Properties Assignment Memory Corruption 3 (web_client.rules)
2800302 - ETPRO WEB_CLIENT Sun Java Web Start Request (web_client.rules)
2800303 - ETPRO WEB_CLIENT Sun Java Web Start Charset Encoding Stack Buffer Overflow (web_client.rules)
2800312 - ETPRO WEB_SERVER Cisco Secure Access Control Server UCP Application CSuserCGI.exe Buffer Overflow (web_server.rules)
2800321 - ETPRO VOIP Asterisk Invalid RTP Payload Type Number Memory Corruption 1 (voip.rules)
2800322 - ETPRO VOIP Asterisk Invalid RTP Payload Type Number Memory Corruption 2 (voip.rules)
2800362 - ETPRO SCADA DATAC Control RealWin SCADA System Crafted Packet Handling Buffer Overflow (scada.rules)
2800373 - ETPRO NETBIOS Microsoft Windows Internet Printing Service Bind (netbios.rules)
2800374 - ETPRO NETBIOS Microsoft Windows Internet Printing Service Request (netbios.rules)
2800375 - ETPRO NETBIOS Microsoft Windows Internet Printing Service Integer Overflow (netbios.rules)
2800376 - ETPRO NETBIOS Microsoft Windows SMB Search Request Buffer Overflow 1 (netbios.rules)
2800377 - ETPRO NETBIOS Microsoft Windows SMB Search Request Buffer Overflow 2 (netbios.rules)
2800385 - ETPRO WEB_CLIENT Adobe Reader and Acrobat util.printf Stack Buffer Overflow 1 (web_client.rules)
2800386 - ETPRO WEB_CLIENT Adobe Reader and Acrobat util.printf Stack Buffer Overflow 2 (web_client.rules)
2800390 - ETPRO WEB_CLIENT VideoLAN VLC Media Player RealText File Buffer Overflow 1 (web_client.rules)
2800400 - ETPRO WEB_CLIENT Adobe Flash Player for Linux ActionScript ASnative Command Execution (web_client.rules)
2800401 - ETPRO NETBIOS Samba Root File System Access Security Bypass 1 (netbios.rules)
2800402 - ETPRO NETBIOS Samba Root File System Access Security Bypass 2 (netbios.rules)
2800408 - ETPRO WEB_SERVER HP OpenView Network Node Manager Toolbar.exe HTTP Request Buffer Overflow (web_server.rules)
2800416 - ETPRO WEB_CLIENT FFmpeg 4xm Request (web_client.rules)
2800417 - ETPRO WEB_CLIENT FFmpeg 4xm Processing Memory Corruption (web_client.rules)
2800429 - ETPRO WEB_CLIENT Adobe Multiple Products Embedded JBIG2 Stream Buffer Overflow (web_client.rules)
2800447 - ETPRO SQL Oracle Application Server 10g OPMN Service Format String Vulnerability (sql.rules)
2800473 - ETPRO WEB_CLIENT Apple iTunes Protocol Handler Stack Buffer Overflow 1 (web_client.rules)
2800474 - ETPRO WEB_CLIENT Apple iTunes Protocol Handler Stack Buffer Overflow 2 (web_client.rules)
2800475 - ETPRO WEB_CLIENT Apple iTunes Protocol Handler Stack Buffer Overflow 3 (web_client.rules)
2800476 - ETPRO WEB_CLIENT Apple iTunes Protocol Handler Stack Buffer Overflow 4 (web_client.rules)
2800477 - ETPRO WEB_CLIENT Apple iTunes Protocol Handler Stack Buffer Overflow 5 (web_client.rules)
2800478 - ETPRO WEB_CLIENT Adobe Acrobat and Adobe Reader FlateDecode Integer Overflow 1 (web_client.rules)
2800479 - ETPRO WEB_CLIENT Adobe Acrobat and Adobe Reader FlateDecode Integer Overflow 2 (web_client.rules)
2800494 - ETPRO NETBIOS Microsoft Windows SMB Negotiate Request Remote Code Execution 1 (netbios.rules)
2800495 - ETPRO NETBIOS Microsoft Windows SMB Negotiate Request Remote Code Execution 2 (netbios.rules)
2800498 - ETPRO VOIP Digium Asterisk IAX2 Call Number Denial Of Service (voip.rules)
 

Date: 
Tuesday, May 2, 2017 - 00:00