Daily Ruleset Update Summary 2017/09/07

[***]            Summary:            [***]

10 new Open, 36 new Pro (14 + 26). Apache Struts 2 REST Plugin RCE, CVE-2016-0189, Various Phishing, Mobile.

[+++]          Added rules:          [+++]

Open:

2024668 - ET EXPLOIT Apache Struts 2 REST Plugin ysoserial Usage (B64) 1 (exploit.rules)
2024669 - ET EXPLOIT Apache Struts 2 REST Plugin ysoserial Usage (B64) 2 (exploit.rules)
2024670 - ET EXPLOIT Apache Struts 2 REST Plugin ysoserial Usage (B64) 3 (exploit.rules)
2024671 - ET EXPLOIT Apache Struts 2 REST Plugin (B64) 4 (exploit.rules)
2024672 - ET EXPLOIT Apache Struts 2 REST Plugin (B64) 5 (exploit.rules)
2024673 - ET EXPLOIT Apache Struts 2 REST Plugin (B64) 6 (exploit.rules)
2024674 - ET EXPLOIT Apache Struts 2 REST Plugin (Runtime.Exec) (exploit.rules)
2024675 - ET EXPLOIT Apache Struts 2 REST Plugin (ProcessBuilder) (exploit.rules)
2024676 - ET CURRENT_EVENTS CVE-2016-0189 Exploit (current_events.rules)
2024677 - ET CURRENT_EVENTS CVE-2016-0189 Exploit HFS Actor (current_events.rules)

Pro:

2827815 - ETPRO TROJAN MSIL/Zaepk Bot CnC Checkin (trojan.rules)
2827816 - ETPRO TROJAN MSIL/Zaepk Bot CMD Request (trojan.rules)
2827817 - ETPRO TROJAN MSIL/Zaepk Bot CMD Report (trojan.rules)
2827818 - ETPRO TROJAN Fake Flash Update Watering Hole Attack Domain in SNI (trojan.rules)
2827819 - ETPRO TROJAN Win32/Unk Sending Screenshot to CnC (trojan.rules)
2827820 - ETPRO MOBILE_MALWARE Android.Trojan.SMSSend.H SMS/Contact Exfil via SMTP (mobile_malware.rules)
2827821 - ETPRO CURRENT_EVENTS Malicious SSL Certificate Detected (CredPhishing) (current_events.rules)
2827822 - ETPRO CURRENT_EVENTS Malicious SSL Certificate Detected (CredPhishing) (current_events.rules)
2827823 - ETPRO CURRENT_EVENTS Malicious SSL Certificate Detected (CredPhishing) (current_events.rules)
2827824 - ETPRO CURRENT_EVENTS Credphish Domain in SNI (current_events.rules)
2827825 - ETPRO CURRENT_EVENTS Credphish Domain in SNI (current_events.rules)
2827826 - ETPRO CURRENT_EVENTS Credphish Domain in SNI (current_events.rules)
2827827 - ETPRO CURRENT_EVENTS Credphish Domain in SNI (current_events.rules)
2827828 - ETPRO CURRENT_EVENTS Credphish Domain in SNI (current_events.rules)
2827829 - ETPRO CURRENT_EVENTS Credphish Domain in SNI (current_events.rules)
2827830 - ETPRO CURRENT_EVENTS Credphish Domain in SNI (current_events.rules)
2827831 - ETPRO CURRENT_EVENTS Credphish Domain in SNI (current_events.rules)
2827832 - ETPRO CURRENT_EVENTS Credphish Domain in SNI (current_events.rules)
2827833 - ETPRO CURRENT_EVENTS Credphish Domain in SNI (current_events.rules)
2827834 - ETPRO CURRENT_EVENTS Credphish Domain in SNI (current_events.rules)
2827835 - ETPRO CURRENT_EVENTS Credphish Domain in SNI (current_events.rules)
2827836 - ETPRO CURRENT_EVENTS Credphish Domain in SNI (current_events.rules)
2827837 - ETPRO CURRENT_EVENTS Credphish Domain in SNI (current_events.rules)
2827838 - ETPRO CURRENT_EVENTS Credphish Domain in SNI (current_events.rules)
2827839 - ETPRO CURRENT_EVENTS Credphish Domain in SNI (current_events.rules)
2827840 - ETPRO CURRENT_EVENTS Credphish Domain in SNI (current_events.rules)

[///]     Modified active rules:     [///]

2020116 - ET POLICY DNS Query to .onion proxy Domain (onion.to) (policy.rules)
2020126 - ET POLICY DNS Query to .onion proxy Domain (tor4pay.com) (policy.rules)
2020133 - ET POLICY DNS Query to .onion proxy Domain (torminater.com) (policy.rules)
2020430 - ET POLICY DNS Query to .onion proxy Domain (onion.city) (policy.rules)
2022332 - ET POLICY DNS Query to .onion proxy Domain (onion.link) (policy.rules)
2022644 - ET POLICY DNS Query to .onion proxy Domain (torgate.es) (policy.rules)
2826289 - ETPRO TROJAN IsmDoor DNS C2 Domain Name (trojan.rules)
2827109 - ETPRO TROJAN Dragonfly Backdoor.Goodor Go Implant CnC Beacon 1 (trojan.rules)
2827414 - ETPRO MALWARE MSIL/AdWare.Dotdo PUA CnC Checkin 1 (malware.rules)

[---]         Disabled rules:        [---]

2802885 - ETPRO TROJAN Trojan.Win32.Dcbavict.A Checkin 1 (trojan.rules)
2802886 - ETPRO TROJAN Trojan.Win32.Dcbavict.A Checkin 2 (trojan.rules)
2802887 - ETPRO TROJAN Trojan.Win32.Dcbavict.A Checkin 3 (trojan.rules)
2802888 - ETPRO WEB_SPECIFIC_APPS AWStats Totals awstatstotals.php sort Parameter Code Execution (web_specific_apps.rules)
2802889 - ETPRO WEB_SPECIFIC_APPS HP OpenView NNM nnmRptconfig.exe schdParams and nameParams Buffer Overflow (web_specific_apps.rules)
2802890 - ETPRO EXPLOIT McAfee Firewall Reporter isValidClient Remote Code Execution (exploit.rules)
2802891 - ETPRO EXPLOIT Novell ZENworks Asset Management File Upload Directory Traversal (exploit.rules)
2802898 - ETPRO TROJAN Win32/IRCBrute/Floder.ej Command Report (trojan.rules)
2802901 - ETPRO TROJAN Generic Dropper/Kryptic Checkin (trojan.rules)
2802904 - ETPRO SCADA 7T Interactive Graphical SCADA System Arbitrary File Read And Overwrite (scada.rules)
2802907 - ETPRO EXPLOIT HP Data Protector Client EXEC_CMD Command Execution (ASCII) (exploit.rules)
2802910 - ETPRO TROJAN Backdoor.Win32.Dorkbot.B Join IRC channel (trojan.rules)
2802913 - ETPRO TROJAN Backdoor.Nervos.A Response from Server (trojan.rules)
2802914 - ETPRO TROJAN Backdoor.Nervos.A Keepalive to Server (trojan.rules)
2802917 - ETPRO TROJAN Trojan.Win32.Osmakudan.A Sending info (trojan.rules)
2802919 - ETPRO TROJAN Win32.Banker.bkvg Checkin (trojan.rules)
2802920 - ETPRO TROJAN Trojan-Downloader.Win32.Lataa.B Checkin (trojan.rules)
2802924 - ETPRO TROJAN Win32.Buzus.dxxe Checkin (trojan.rules)
2802929 - ETPRO TROJAN RogueSoftware.MacOS.MacProtector.A Checkin 2 (trojan.rules)
2802930 - ETPRO EXPLOIT HP Intelligent Management Center dbman Buffer Overflow (exploit.rules)
2802932 - ETPRO TROJAN PSW.Win32.Qbot.aem Checkin (trojan.rules)
2802934 - ETPRO TROJAN Win32.VBKrypt.gen Checkin (trojan.rules)
2802957 - ETPRO TROJAN Trojan.Win32.Carberp.D Checkin 3 (trojan.rules)
2802959 - ETPRO TROJAN Win32.Vaubeg.A Checkin (trojan.rules)
2802961 - ETPRO TROJAN Win32.SpyEye.cuk Checkin (trojan.rules)
2802962 - ETPRO TROJAN Win32.Qvod Checkin 2 (trojan.rules)
2802964 - ETPRO TROJAN Dropper.Agent.dosf Checkin (trojan.rules)
2802966 - ETPRO TROJAN Win32.Banker.IC Checkin (trojan.rules)
2802968 - ETPRO ACTIVEX Tom Sawyer GET Extension Factory COM Object Instantiation Memory Corruption 1 (activex.rules)
2802969 - ETPRO ACTIVEX Tom Sawyer GET Extension Factory COM Object Instantiation Memory Corruption 2 (activex.rules)
2802970 - ETPRO ACTIVEX Tom Sawyer GET Extension Factory COM Object Instantiation Memory Corruption 3 (activex.rules)
2802978 - ETPRO WEB_SPECIFIC_APPS Cisco Network Registrar Default Credentials Authentication Bypass (web_specific_apps.rules)
2802979 - ETPRO EXPLOIT HP OpenView NNM nnmRptconfig.exe schdParams and nameParams Buffer Overflow (exploit.rules)
2802982 - ETPRO TROJAN Win32.Arsinfoder.A Checkin 1 (trojan.rules)
2802983 - ETPRO TROJAN Win32.Arsinfoder.A Checkin 2 (trojan.rules)
2802986 - ETPRO TROJAN Win32/Banload.YE Checkin (trojan.rules)
2802988 - ETPRO NETBIOS Malformed Distributed File System (DFS) Response Attack (netbios.rules)
2802996 - ETPRO TROJAN Trojan.Win32.Zboter.E Checkin (trojan.rules)
2803001 - ETPRO NETBIOS Microsoft SMBv2 0-Length Write Request Parsing Vulnerability Attack (netbios.rules)
2803002 - ETPRO NETBIOS Microsoft SMBv2-DS 0-Length Write Request Parsing Vulnerability Attack (netbios.rules)
2803003 - ETPRO NETBIOS Microsoft SMBv2 Negative EOF Create Response Parsing Vulnerability Attack (netbios.rules)
2803004 - ETPRO NETBIOS Microsoft SMBv2-DS Negative EOF Create Response Parsing Vulnerability Attack (netbios.rules)
2803007 - ETPRO TROJAN Proxy.Win32.Agent.ckb Checkin (trojan.rules)
2803010 - ETPRO TROJAN Generic.KDV.88207 Checkin (trojan.rules)
2803012 - ETPRO TROJAN PSW.Agent.wve Checkin (trojan.rules)
2803013 - ETPRO TROJAN Suspicious user agent(hunter) (trojan.rules)
2803016 - ETPRO TROJAN Gen.Trojan.Heur.MGW at t9!CAPci Checkin (trojan.rules)
2803017 - ETPRO TROJAN Backdoor.Win32.Babmote.A Checkin (trojan.rules)
2803020 - ETPRO TROJAN Backdoor.Win32.Ferabsa.A Checkin 1 (trojan.rules)
2803021 - ETPRO TROJAN Backdoor.Win32.Ferabsa.A Checkin 2 (trojan.rules)
2803025 - ETPRO MALWARE Gabpath.com Adware Toolbar Installer User-Agent (malware.rules)
2803032 - ETPRO MALWARE Backdoor.Win32.PDFMarca.A Checkin (malware.rules)
2803039 - ETPRO TROJAN Trojan.Win32.Micstus.A Checkin (trojan.rules)
2803041 - ETPRO EXPLOIT IBM Web Application Firewall Bypass (exploit.rules)
2803043 - ETPRO TROJAN Generic.5526376 Checkin (trojan.rules)
2803045 - ETPRO TROJAN Downloader.ZAccess.ar Checkin (trojan.rules)
2803046 - ETPRO TROJAN alzb Checkin (trojan.rules)
2803047 - ETPRO WEB_SPECIFIC_APPS ManageEngine Service Desk Plus 8.0 Directory Traversal attempt (web_specific_apps.rules)
2803048 - ETPRO TROJAN Win32.Agent.ndau Checkin (trojan.rules)
2803049 - ETPRO TROJAN Backdoor.Win32.Xlahlah.A Checkin 1 (trojan.rules)
2803050 - ETPRO TROJAN Backdoor.Win32.Xlahlah.A Checkin 2 (trojan.rules)
2803055 - ETPRO NETBIOS Microsoft Windows OLE Automation Remote Code Execution (netbios.rules)
2803061 - ETPRO EXPLOIT EMC NetWorker librpc.dll Security Check Bypass 1 (exploit.rules)
2803062 - ETPRO EXPLOIT EMC NetWorker librpc.dll Security Check Bypass 2 (exploit.rules)
2803063 - ETPRO WEB_SPECIFIC_APPS BLOG CMS Input Validation Cross-Site Scripting (web_specific_apps.rules)
2803064 - ETPRO WEB_SPECIFIC_APPS ManageEngine Service Desk Plus 8.0 Directory Traversal attempt 2 (web_specific_apps.rules)
2803066 - ETPRO TROJAN Downloader.Win32.VBDetaColt.A Checkin (trojan.rules)
2803073 - ETPRO WEB_SERVER Oracle Web Server Expect Header Cross-Site Scripting (web_server.rules)
2803074 - ETPRO TROJAN Backdoor.Win32.IRCBot.AAQ Checkin (trojan.rules)
2803075 - ETPRO TROJAN Trojan.Win32.Clemag.A Checkin (trojan.rules)
2803077 - ETPRO EXPLOIT Novell ZENworks Handheld Management Upload Directory Traversal (exploit.rules)
2803080 - ETPRO EXPLOIT HP Performance Manager arbitrary file deletion (exploit.rules)
2803081 - ETPRO EXPLOIT Microsoft Forefront Threat Management Gateway Client Remote Code Execution (exploit.rules)
2803082 - ETPRO EXPLOIT IBM Lotus Notes LZH Attachment Viewer Stack Buffer Overflow(Published Exploit) (exploit.rules)
2803085 - ETPRO DNS Revdns.pl DNS Covert Channel Request XG (dns.rules)
2803086 - ETPRO DNS Revdns.pl DNS Covert Channel Request XR (dns.rules)
2803087 - ETPRO DNS Revdns.pl DNS Covert Channel Request XE (dns.rules)
2803090 - ETPRO TROJAN Win32.Chebri.A Checkin (trojan.rules)
2803091 - ETPRO TROJAN Backdoor.Win32.Showjiao.A Checkin 1 (trojan.rules)
2803092 - ETPRO TROJAN Backdoor.Win32.Showjiao.A Checkin 2 (trojan.rules)
2803093 - ETPRO TROJAN Backdoor.Win32.Showjiao.A Checkin 3 (trojan.rules)
2803096 - ETPRO EXPLOIT Sybase Adaptive Server Enterprise Backup Database Log Messages format string attempt (exploit.rules)
2803097 - ETPRO TROJAN Win32.Cossta.ntv Checkin (trojan.rules)
2803099 - ETPRO TROJAN Win32.Rorpian.A Checkin 2 (trojan.rules)
2803107 - ETPRO EXPLOIT HP OpenView Storage Data Protector EXEC_CMD Buffer Overflow (exploit.rules)
2803112 - ETPRO EXPLOIT Citrix Provisioning Services Opcode 40020010 Stack Buffer Overflow (exploit.rules)
2803116 - ETPRO TROJAN Buzus.hhhs Checkin (trojan.rules)
2803118 - ETPRO TROJAN Pagesinxt Malicious Redirect (trojan.rules)
2803120 - ETPRO TROJAN Generic.KDV.235925 Checkin (trojan.rules)
2803123 - ETPRO EXPLOIT IBM Lotus Domino HPRAgentName Parameter Stack Buffer Overflow (exploit.rules)
2803132 - ETPRO TROJAN Startpage.A Checkin (trojan.rules)
2803149 - ETPRO TROJAN Win32.Otran/VBKrypt.cugx Checkin (trojan.rules)
2803151 - ETPRO TROJAN TDSS.aifh/Alureon Checkin (trojan.rules)
2803156 - ETPRO TROJAN Ocibit.A/FakeAlert Checkin 2nd stage (trojan.rules)
2803159 - ETPRO TROJAN PWS.Win32/Prast.rts Checkin (trojan.rules)
2803163 - ETPRO TROJAN Win32.Nekill-Style Invalid Accept Header (trojan.rules)
2803171 - ETPRO TROJAN Tnega.WQD Checkin (trojan.rules)
2803175 - ETPRO TROJAN Win32.TRDldr.Sogo Checkin (trojan.rules)
2803179 - ETPRO TROJAN Win32.Dusta.br Checkin (trojan.rules)
2803182 - ETPRO TROJAN Win32/Sirefef.C Checkin (trojan.rules)
2803184 - ETPRO TROJAN Win32.ToolHdnf.A Checkin (trojan.rules)
2803185 - ETPRO TFTP READ Request Directory Traversal attempt (tftp.rules)
2803186 - ETPRO TFTP WRITE Request Directory Traversal attempt (tftp.rules)
2803193 - ETPRO TROJAN Win32.Agent.grdm Checkin 1 (trojan.rules)
2803194 - ETPRO TROJAN Win32.Agent.grdm Checkin 2 (trojan.rules)
2803207 - ETPRO TROJAN Win32.Swisyn.aqis Reporting System Info (trojan.rules)
2803208 - ETPRO TROJAN Win32/FakeRean Checkin 2 (trojan.rules)
2803210 - ETPRO TROJAN Trojan.Win32.Orsam Receiving CnC Config (trojan.rules)
2803214 - ETPRO TROJAN Win32.Poshtroper.A Checkin (trojan.rules)
2803215 - ETPRO TROJAN Win32.Agent.cer Checkin (trojan.rules)
2803221 - ETPRO CHAT mig33 Client Register (chat.rules)
2803222 - ETPRO CHAT mig33 Client Get Contact List (chat.rules)
2803223 - ETPRO CHAT mig33 Client Send Message (chat.rules)
2803227 - ETPRO CHAT mig33 Server Login Fail (chat.rules)
2803228 - ETPRO CHAT mig33 Server Registered OK (chat.rules)
2803229 - ETPRO CHAT mig33 Server Login Success (chat.rules)
2803230 - ETPRO CHAT mig33 Server Receive Message (chat.rules)
2803233 - ETPRO TROJAN Variant.Kazy.15105 Checkin (trojan.rules)
2803237 - ETPRO TROJAN Backdoor.Win32.Riern.K Checkin (trojan.rules)
2803238 - ETPRO TROJAN Trojan.Win32.Agent.dhy Checkin (trojan.rules)
2803239 - ETPRO TROJAN MimimiBot.f Checkin (trojan.rules)
2803240 - ETPRO TROJAN Backdoor.Win32.Soleseq.A Checkin (trojan.rules)
2803250 - ETPRO TROJAN Variant.TDss.24 Checkin (trojan.rules)
2803252 - ETPRO EXPLOIT Oracle Java RMI Services Default Configuration Remote Code Execution (exploit.rules)
2803254 - ETPRO NETBIOS Microsoft Windows LNK File Code Execution SMB-DS (netbios.rules)
2803255 - ETPRO NETBIOS Microsoft Windows LNK File Code Execution SMB (netbios.rules)
2803257 - ETPRO TROJAN Backdoor.Win32.RDPdoor.AE Checkin 2 (trojan.rules)
2803260 - ETPRO TROJAN Filecodi.net Related Trojan Checkin (trojan.rules)
2803262 - ETPRO CHAT Windows Live Messenger User-Agent (chat.rules)
2803268 - ETPRO TROJAN Dynamer.dtc/Keylog.km0/Uaneskeylogger.pl Keylogger Version Check (trojan.rules)
2803269 - ETPRO TROJAN Dynamer.dtc/Keylog.km0/Uaneskeylogger.pl Keylogger User-Agent Oddity (trojan.rules)
2803276 - ETPRO TROJAN Win32/Ramnit.A PING INBOUND (trojan.rules)
2803280 - ETPRO TROJAN TDSS.xcn Checkin (trojan.rules)
2803281 - ETPRO NETBIOS Oracle Java Runtime Environment Insecure File Loading (hotspot_compiler)  - SMB-DS ASCII (netbios.rules)
2803282 - ETPRO NETBIOS Oracle Java Runtime Environment Insecure File Loading (hotspot_compiler) - SMB-DS Unicode (netbios.rules)
2803283 - ETPRO NETBIOS Oracle Java Runtime Environment Insecure File Loading (hotspot_compiler) - SMB ASCII (netbios.rules)
2803284 - ETPRO NETBIOS Oracle Java Runtime Environment Insecure File Loading (hotspot_compiler) - SMB Unicode (netbios.rules)
2803285 - ETPRO NETBIOS Oracle Java Runtime Environment Insecure File Loading (hotspotrc)  - SMB-DS ASCII (netbios.rules)
2803286 - ETPRO NETBIOS Oracle Java Runtime Environment Insecure File Loading (hotspotrc) - SMB-DS Unicode (netbios.rules)
2803287 - ETPRO NETBIOS Oracle Java Runtime Environment Insecure File Loading (hotspotrc) - SMB Unicode (netbios.rules)
2803288 - ETPRO NETBIOS Oracle Java Runtime Environment Insecure File Loading (hotspotrc) - SMB ASCII (netbios.rules)
2803293 - ETPRO TROJAN Spy.Barely.A Checkin (trojan.rules)
2803294 - ETPRO TROJAN Generic.1246C1DD Checkin (trojan.rules)
2803299 - ETPRO TROJAN Generic.1775831 Checkin (trojan.rules)
2803300 - ETPRO TROJAN Win32.StripDance.b Checkin (trojan.rules)
2803301 - ETPRO TROJAN Backdoor.Win32.Quejob.evl Checkin 3 (trojan.rules)
2803302 - ETPRO TROJAN VirTool.Win32/DelfInject Checkin (trojan.rules)
2803303 - ETPRO TROJAN Win32.Pincav.bgzr Checkin (trojan.rules)
2803309 - ETPRO TROJAN Win32.Bancos.QSPN Checkin (trojan.rules)
2803310 - ETPRO TROJAN SmartCleaner Related FakeAV User-Agent (trojan.rules)
2803324 - ETPRO MALWARE GabPath Adware User-Agent (MNRecover) (malware.rules)
2803325 - ETPRO MALWARE GabPath Adware User-Agent (MNUpdater) (malware.rules)
2803326 - ETPRO TROJAN Win32.Autoit.ap Checkin (trojan.rules)
2803327 - ETPRO TROJAN Win32/Thutani.A Checkin (trojan.rules)
2803331 - ETPRO TROJAN GWorld.512000 Checkin (trojan.rules)
2803332 - ETPRO TROJAN Backdoor.Win32.Yayih.A Checkin (trojan.rules)
2803336 - ETPRO TROJAN Downloader Autoit.C.gen Checkin (trojan.rules)
2803347 - ETPRO EXPLOIT CA ARCserve D2D GWT RPC Request Credentials Disclosure attempt (exploit.rules)
2803353 - ETPRO TROJAN Backdoor.Win32.Murcy.A Checkin (trojan.rules)
2803354 - ETPRO TROJAN Backdoor.Win32.Sogu.A Checkin (trojan.rules)
2803360 - ETPRO MALWARE Flipopia Adware User-Agent (FPRecover) (malware.rules)
2803365 - ETPRO TROJAN Backdoor.Win32.Idicaf.B Checkin 1 (trojan.rules)
2803366 - ETPRO TROJAN Backdoor.Win32.Idicaf.B Checkin 2 (trojan.rules)
2803368 - ETPRO EXPLOIT Trend Micro Control Manager CasLogDirectInsertHandler.cs Remote Code Execution (exploit.rules)
2803369 - ETPRO TROJAN Downloader.Agent.TF Checkin (trojan.rules)
2803370 - ETPRO TROJAN Suspicious User Agent (_Converter_) (trojan.rules)
2803375 - ETPRO WEB_SERVER Microsoft Remote Desktop Web Access ReturnUrl XSS Attempt (web_server.rules)
2803376 - ETPRO WEB_SERVER Microsoft .NET Framework ChartControl Information Disclosure Attempt (web_server.rules)
2803377 - ETPRO WEB_SERVER Microsoft Report Viewer control Cross-Site Scripting (web_server.rules)
2803379 - ETPRO TROJAN Sus/VB-CHMB Checkin (trojan.rules)
2803381 - ETPRO MALWARE Adware Win32/EliteBar Checkin (malware.rules)
2803385 - ETPRO EXPLOIT Sybase Open Server Null Byte Stack Memory Corruption (exploit.rules)
2803389 - ETPRO TROJAN Backdoor.Agent.AAXM Checkin (trojan.rules)
2803390 - ETPRO TROJAN Suspicious user agent (TEN) (trojan.rules)
2803392 - ETPRO TROJAN Variant.Buzy.641 Checkin 2 (trojan.rules)
2803393 - ETPRO TROJAN Variant.Buzy.641 Checkin (trojan.rules)
2803394 - ETPRO TROJAN Trojan.Win32.Banker.BXF Checkin (trojan.rules)
2803404 - ETPRO WORM Worm.Win32.Autorun.hi Checkin (worm.rules)
2803407 - ETPRO NETBIOS Microsoft Internet Explorer url.dll Telnet Handler Insecure Exe Loading - SMB ASCII (netbios.rules)
2803408 - ETPRO NETBIOS Microsoft Internet Explorer url.dll Telnet Handler Insecure Exe Loading - SMB-DS ASCII (netbios.rules)
2803409 - ETPRO NETBIOS Microsoft Internet Explorer url.dll Telnet Handler Insecure Exe Loading - SMB Unicode (netbios.rules)
2803410 - ETPRO NETBIOS Microsoft Internet Explorer url.dll Telnet Handler Insecure Exe Loading - SMB-DS Unicode (netbios.rules)
2803420 - ETPRO TROJAN Backdoor.Win32.Msposer.A Checkin (trojan.rules)
2803422 - ETPRO WORM Worm.Win32.Ganelp.B Checkin 1 (worm.rules)
2803423 - ETPRO WORM Worm.Win32.Ganelp.B Checkin 2 (worm.rules)
2803426 - ETPRO TROJAN TrojanDownloader.VBS/Badiseso.H Checkin (trojan.rules)
2803432 - ETPRO MALWARE Adware Torangcomz or Related Install Checkin (malware.rules)
2803438 - ETPRO TROJAN Win32.Puprlehzae.A Checkin (trojan.rules)
2803441 - ETPRO TROJAN E-Surveiller.com Checkin (trojan.rules)
2803446 - ETPRO TROJAN Generic.6109394 Checkin (trojan.rules)
2803447 - ETPRO TROJAN Plusline.co.kr FakeAV Checkin (trojan.rules)
2803449 - ETPRO TROJAN Generic.6214699 Checkin (trojan.rules)
2803450 - ETPRO TROJAN Ghost/Win32.Spidern.A Checkin 1 (trojan.rules)
2803451 - ETPRO TROJAN Trojan.Win32.Spidern.A Checkin 2 (trojan.rules)
2803454 - ETPRO TROJAN PSWTool.Win32.PassView.b FTP Push of User Data (trojan.rules)
2803458 - ETPRO TROJAN Trojan.Win32.Zatvex.A Checkin 2 (trojan.rules)
2803459 - ETPRO TROJAN Siscos.btd Checkin (trojan.rules)
2803465 - ETPRO TROJAN Backdoor.Win32.Jetilms.A Checkin (trojan.rules)
2803468 - ETPRO EXPLOIT Symantec Veritas Enterprise Administrator Service vxsvc Buffer Overflow 1 (exploit.rules)
2803469 - ETPRO EXPLOIT Symantec Veritas Enterprise Administrator Service vxsvc Buffer Overflow 2 (exploit.rules)
2803470 - ETPRO EXPLOIT Symantec Veritas Enterprise Administrator Service vxsvc Buffer Overflow 3 (exploit.rules)
2803471 - ETPRO EXPLOIT Symantec Veritas Enterprise Administrator Service vxsvc Buffer Overflow 4 (exploit.rules)
2803472 - ETPRO EXPLOIT Symantec Veritas Enterprise Administrator Service vxsvc Buffer Overflow 5 (exploit.rules)
2803473 - ETPRO EXPLOIT Symantec Veritas Enterprise Administrator Service vxsvc Buffer Overflow 6 (exploit.rules)
2803474 - ETPRO EXPLOIT Symantec Veritas Enterprise Administrator Service vxsvc Buffer Overflow 7 (exploit.rules)
2803475 - ETPRO EXPLOIT Symantec Veritas Enterprise Administrator Service vxsvc Buffer Overflow 8 (exploit.rules)
2803476 - ETPRO EXPLOIT Symantec Veritas Enterprise Administrator Service vxsvc Buffer Overflow 9 (exploit.rules)
2803477 - ETPRO EXPLOIT Symantec Veritas Enterprise Administrator Service vxsvc Buffer Overflow 10 (exploit.rules)
2803478 - ETPRO TROJAN Trojan.Win32.VB.alhq Checkin 1 (trojan.rules)
2803479 - ETPRO TROJAN Trojan.Win32.VB.alhq Checkin 2 (trojan.rules)
2803480 - ETPRO TROJAN Trojan.Win32.Agent.cve Checkin (trojan.rules)
2803484 - ETPRO TROJAN Trojan-Dropper.Win32.Agent.eydk Checkin (trojan.rules)
2803487 - ETPRO TROJAN Genome.cnqp Checkin (trojan.rules)
2803489 - ETPRO TROJAN Downloader.JNXM Checkin (trojan.rules)
2803499 - ETPRO TROJAN Known Banload User-Agent (PR3) (trojan.rules)
2803500 - ETPRO TROJAN Trojan-Dropper.Win32.Mudrop.asj Checkin (trojan.rules)
2803510 - ETPRO TROJAN Win32/Bumat!rts Checkin (trojan.rules)
2803511 - ETPRO TROJAN Suspicious user agent(MakeByLc) (trojan.rules)
2803513 - ETPRO TROJAN Win32/VB.AED Checkin off-ports (trojan.rules)
2803522 - ETPRO TROJAN Win32.Rorpian Checkin (trojan.rules)
2803527 - ETPRO TROJAN Backdoor.Win32.Yunsip.A Checkin 1 (trojan.rules)
2803528 - ETPRO TROJAN Backdoor.Win32.Yunsip.A Checkin off-ports (trojan.rules)
2803539 - ETPRO TROJAN Win32/Dumaru at mm Checkin (trojan.rules)
2803541 - ETPRO TROJAN Virus.Downloader.Rozena Checkin (trojan.rules)
2803543 - ETPRO TROJAN Generic.5258925 Checkin (trojan.rules)
2803544 - ETPRO MALWARE Adware Bargainbuddy.BD Checkin (malware.rules)
2803546 - ETPRO TROJAN Trojan.Win32.Fucobha.A Checkin 1 (trojan.rules)
2803547 - ETPRO TROJAN Trojan.Win32.Fucobha.A Checkin 2 (trojan.rules)
2803548 - ETPRO TROJAN Win32/Bedobot.A Checkin (trojan.rules)
2803551 - ETPRO TROJAN Trojan.Generic.5475169 Checkin (trojan.rules)
2803554 - ETPRO TROJAN Win32/Fosniw.B Dropper Checkin (trojan.rules)
2803555 - ETPRO TROJAN Trojan.Win32.Scar.dhnx Checkin off-ports (trojan.rules)
2803556 - ETPRO TROJAN Trojan.Win32.Scar.dhnx Checkin (trojan.rules)
2803564 - ETPRO WORM Worm.Win32.Morto.A Propagating via Windows Remote Desktop Protocol (worm.rules)
2803568 - ETPRO TROJAN Trojan.Win32.Banload.ABY Checkin 1 (trojan.rules)
2803571 - ETPRO MALWARE Adware.Websearch Checkin (malware.rules)
2803583 - ETPRO TROJAN Win32.Sality.At Checkin (trojan.rules)
2803589 - ETPRO TROJAN Win32.Banker.FGU Checkin 2 (trojan.rules)
2803590 - ETPRO MALWARE Adware Win32/Webnexus Checkin (malware.rules)
2803593 - ETPRO TROJAN Backdoor.Win32.Veebuu.BX Checkin (trojan.rules)
2803595 - ETPRO WEB_SERVER Microsoft Report Viewer control Cross-Site Scripting 2 (web_server.rules)
2803598 - ETPRO MALWARE Zugo Spyware Related Searchbar Installer (LogiaInstaller) (malware.rules)
2803604 - ETPRO TROJAN Trojan.Win32.Agent.dcir Checkin Response (trojan.rules)
2803606 - ETPRO TROJAN Invalid Accept-Encode Header - Likely Hostile Request (trojan.rules)
2803609 - ETPRO TROJAN Trojan.Win32.KeyLogger.wav Checkin (trojan.rules)
2803613 - ETPRO TROJAN Trojan.Generic.6200998 User-Agent (WT) (trojan.rules)
2803614 - ETPRO TROJAN TrojanDropper.Agent.dpah Checkin (trojan.rules)
2803618 - ETPRO TROJAN Trojan.Win32.Buzus.hond Checkin 2 (trojan.rules)
2803623 - ETPRO TROJAN Backdoor.Win32.Doschald.A Checkin (trojan.rules)
2803624 - ETPRO TROJAN Backdoor.Win32.Doschald.A Checkin Response (trojan.rules)
2803625 - ETPRO EXPLOIT HP SiteScope integrationViewer Default Credentials 1 (exploit.rules)
2803626 - ETPRO EXPLOIT HP SiteScope integrationViewer Default Credentials 2 (exploit.rules)
2803627 - ETPRO EXPLOIT HP SiteScope integrationViewer Default Credentials 3 (exploit.rules)
2803628 - ETPRO EXPLOIT HP SiteScope integrationViewer Default Credentials 4 (exploit.rules)
2803629 - ETPRO EXPLOIT HP SiteScope integrationViewer Default Credentials 5 (exploit.rules)
2803630 - ETPRO EXPLOIT HP SiteScope integrationViewer Default Credentials 6 (exploit.rules)
2803632 - ETPRO TROJAN Trojan.Win32.FresctSpy.A Checkin (trojan.rules)
2803645 - ETPRO WEB_SERVER Microsoft SharePoint Remote File Disclosure Upload Inbound (web_server.rules)

Date: 
Thursday, September 7, 2017 - 00:00