Daily Ruleset Update Summary 2017/12/21

[***]            Summary:            [***]

12 new Open, 25 new Pro (12 + 13). Newuser CnC, WooSIP Downloader, W32/Teamspy Variant, Various Phishing.

Thanks: @securitydoggo

[+++]          Added rules:          [+++]

Open:

2008438 - ET TROJAN Possible Windows executable sent when remote host claims to send a Text File (trojan.rules)
2009897 - ET TROJAN Possible Windows executable sent when remote host claims to send html content (trojan.rules)
2022874 - ET TROJAN Windows Executable Sent When Remote Host Claims to Send a RAR Archive (trojan.rules)
2025161 - ET TROJAN Windows executable sent when remote host claims to send an image M4 (trojan.rules)
2025162 - ET INFO Suspicious Request for Doc to IP Address with Terse Headers (info.rules)
2025163 - ET TROJAN Unknown Newuser CnC Check-in M1 (trojan.rules)
2025164 - ET TROJAN Unknown Newuser CnC Check-in M2 (trojan.rules)
2025165 - ET TROJAN WooSIP Downloader CnC CreateFolderOnServer (trojan.rules)
2025166 - ET TROJAN WooSIP Downloader CnC DeleteFileOnServer (trojan.rules)
2025167 - ET TROJAN WooSIP Downloader CnC WriteMetadataOnServer (trojan.rules)
2025168 - ET TROJAN Smurf2 CnC Checkin (trojan.rules)
2025169 - ET TROJAN Windows Executable Downloaded With Image Content-Type Header (trojan.rules)

Pro:

2829008 - ETPRO TROJAN W32/Teamspy Variant Checkin (trojan.rules)
2829009 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-12-19 1) (trojan.rules)
2829010 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-12-19 2) (trojan.rules)
2829011 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-12-19 3) (trojan.rules)
2829012 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-12-19 4) (trojan.rules)
2829013 - ETPRO CURRENT_EVENTS Successful Banco do Brazil Phish 2017-12-21 (current_events.rules)
2829014 - ETPRO CURRENT_EVENTS Successful Wells Fargo Phish 2017-12-21 (current_events.rules)
2829015 - ETPRO CURRENT_EVENTS Successful Amazon Phish 2017-12-21 (current_events.rules)
2829016 - ETPRO CURRENT_EVENTS Successful Adobe Phish 2017-12-21 (current_events.rules)
2829017 - ETPRO CURRENT_EVENTS Successful AOL Phish 2017-12-21 (current_events.rules)
2829018 - ETPRO CURRENT_EVENTS Generic Financial Phish Landing 2017-12-21 (current_events.rules)
2829019 - ETPRO TROJAN Win32.Blocker.BR Checkin M1 (trojan.rules)
2829020 - ETPRO TROJAN Win32.Blocker.BR Checkin M2 (trojan.rules)

[///]     Modified active rules:     [///]

2024846 - ET CURRENT_EVENTS Successful Paypal Phish Oct 16 2017 (current_events.rules)
2827572 - ETPRO CURRENT_EVENTS Successful Generic .EDU Phish Aug 17 2017 (current_events.rules)
2829000 - ETPRO TROJAN FormBook CnC Checkin (GET) (trojan.rules)
2829004 - ETPRO TROJAN FormBook CnC Checkin (POST) (trojan.rules)

[---]  Disabled and modified rules:  [---]

2020757 - ET MALWARE Windows executable sent when remote host claims to send an image M2 (malware.rules)
2023750 - ET MALWARE Windows executable sent when remote host claims to send an image M3 (malware.rules)

[---]         Disabled rules:        [---]

2002996 - ET WEB_SPECIFIC_APPS GeekLog Remote File Include Vulnerability (web_specific_apps.rules)
2003132 - ET TROJAN BOT - potential DDoS command (2) (trojan.rules)
2004022 - ET WEB_SPECIFIC_APPS AlstraSoft E-Friends SQL Injection Attempt -- index.php pack UPDATE (web_specific_apps.rules)
2004089 - ET WEB_SPECIFIC_APPS Phil-a-Form SQL Injection Attempt -- index.php form_id SELECT (web_specific_apps.rules)
2004090 - ET WEB_SPECIFIC_APPS Phil-a-Form SQL Injection Attempt -- index.php form_id UNION SELECT (web_specific_apps.rules)
2004091 - ET WEB_SPECIFIC_APPS Phil-a-Form SQL Injection Attempt -- index.php form_id INSERT (web_specific_apps.rules)
2004092 - ET WEB_SPECIFIC_APPS Phil-a-Form SQL Injection Attempt -- index.php form_id DELETE (web_specific_apps.rules)
2004093 - ET WEB_SPECIFIC_APPS Phil-a-Form SQL Injection Attempt -- index.php form_id ASCII (web_specific_apps.rules)
2004094 - ET WEB_SPECIFIC_APPS Phil-a-Form SQL Injection Attempt -- index.php form_id UPDATE (web_specific_apps.rules)
2004116 - ET WEB_SPECIFIC_APPS ScriptMagix Jokes SQL Injection Attempt -- index.php catid SELECT (web_specific_apps.rules)
2004117 - ET WEB_SPECIFIC_APPS ScriptMagix Jokes SQL Injection Attempt -- index.php catid UNION SELECT (web_specific_apps.rules)
2004118 - ET WEB_SPECIFIC_APPS ScriptMagix Jokes SQL Injection Attempt -- index.php catid INSERT (web_specific_apps.rules)
2004119 - ET WEB_SPECIFIC_APPS ScriptMagix Jokes SQL Injection Attempt -- index.php catid DELETE (web_specific_apps.rules)
2004120 - ET WEB_SPECIFIC_APPS ScriptMagix Jokes SQL Injection Attempt -- index.php catid ASCII (web_specific_apps.rules)
2004121 - ET WEB_SPECIFIC_APPS ScriptMagix Jokes SQL Injection Attempt -- index.php catid UPDATE (web_specific_apps.rules)
2004122 - ET WEB_SPECIFIC_APPS Katalog Plyt Audio SQL Injection Attempt -- index.php kolumna SELECT (web_specific_apps.rules)
2004123 - ET WEB_SPECIFIC_APPS Katalog Plyt Audio SQL Injection Attempt -- index.php kolumna UNION SELECT (web_specific_apps.rules)
2004124 - ET WEB_SPECIFIC_APPS Katalog Plyt Audio SQL Injection Attempt -- index.php kolumna INSERT (web_specific_apps.rules)
2004125 - ET WEB_SPECIFIC_APPS Katalog Plyt Audio SQL Injection Attempt -- index.php kolumna DELETE (web_specific_apps.rules)
2004126 - ET WEB_SPECIFIC_APPS Katalog Plyt Audio SQL Injection Attempt -- index.php kolumna ASCII (web_specific_apps.rules)
2004127 - ET WEB_SPECIFIC_APPS Katalog Plyt Audio SQL Injection Attempt -- index.php kolumna UPDATE (web_specific_apps.rules)
2004409 - ET WEB_SPECIFIC_APPS Links Management Application SQL Injection Attempt -- index.php lcnt SELECT (web_specific_apps.rules)
2004410 - ET WEB_SPECIFIC_APPS Links Management Application SQL Injection Attempt -- index.php lcnt UNION SELECT (web_specific_apps.rules)
2004411 - ET WEB_SPECIFIC_APPS Links Management Application SQL Injection Attempt -- index.php lcnt INSERT (web_specific_apps.rules)
2004412 - ET WEB_SPECIFIC_APPS Links Management Application SQL Injection Attempt -- index.php lcnt DELETE (web_specific_apps.rules)
2004413 - ET WEB_SPECIFIC_APPS Links Management Application SQL Injection Attempt -- index.php lcnt ASCII (web_specific_apps.rules)
2004414 - ET WEB_SPECIFIC_APPS Links Management Application SQL Injection Attempt -- index.php lcnt UPDATE (web_specific_apps.rules)
2004606 - ET WEB_SPECIFIC_APPS PNphpBB2 SQL Injection Attempt -- index.php c SELECT (web_specific_apps.rules)
2004607 - ET WEB_SPECIFIC_APPS PNphpBB2 SQL Injection Attempt -- index.php c UNION SELECT (web_specific_apps.rules)
2004608 - ET WEB_SPECIFIC_APPS PNphpBB2 SQL Injection Attempt -- index.php c INSERT (web_specific_apps.rules)
2004609 - ET WEB_SPECIFIC_APPS PNphpBB2 SQL Injection Attempt -- index.php c DELETE (web_specific_apps.rules)
2004610 - ET WEB_SPECIFIC_APPS PNphpBB2 SQL Injection Attempt -- index.php c ASCII (web_specific_apps.rules)
2004611 - ET WEB_SPECIFIC_APPS PNphpBB2 SQL Injection Attempt -- index.php c UPDATE (web_specific_apps.rules)
2004660 - ET WEB_SPECIFIC_APPS Rigter Portal System (RPS) SQL Injection Attempt -- index.php categoria SELECT (web_specific_apps.rules)
2004661 - ET WEB_SPECIFIC_APPS Rigter Portal System (RPS) SQL Injection Attempt -- index.php categoria UNION SELECT (web_specific_apps.rules)
2004662 - ET WEB_SPECIFIC_APPS Rigter Portal System (RPS) SQL Injection Attempt -- index.php categoria INSERT (web_specific_apps.rules)
2004663 - ET WEB_SPECIFIC_APPS Rigter Portal System (RPS) SQL Injection Attempt -- index.php categoria DELETE (web_specific_apps.rules)
2004664 - ET WEB_SPECIFIC_APPS Rigter Portal System (RPS) SQL Injection Attempt -- index.php categoria ASCII (web_specific_apps.rules)
2004665 - ET WEB_SPECIFIC_APPS Rigter Portal System (RPS) SQL Injection Attempt -- index.php categoria UPDATE (web_specific_apps.rules)
2004689 - ET WEB_SPECIFIC_APPS Kubix SQL Injection Attempt -- index.php member_id SELECT (web_specific_apps.rules)
2004690 - ET WEB_SPECIFIC_APPS Kubix SQL Injection Attempt -- index.php member_id UNION SELECT (web_specific_apps.rules)
2004691 - ET WEB_SPECIFIC_APPS Kubix SQL Injection Attempt -- index.php member_id INSERT (web_specific_apps.rules)
2004692 - ET WEB_SPECIFIC_APPS Kubix SQL Injection Attempt -- index.php member_id DELETE (web_specific_apps.rules)
2004693 - ET WEB_SPECIFIC_APPS Kubix SQL Injection Attempt -- index.php member_id ASCII (web_specific_apps.rules)
2004694 - ET WEB_SPECIFIC_APPS Kubix SQL Injection Attempt -- index.php member_id UPDATE (web_specific_apps.rules)
2004713 - ET WEB_SPECIFIC_APPS Connectix Boards SQL Injection Attempt -- index.php p_skin INSERT (web_specific_apps.rules)
2005087 - ET WEB_SPECIFIC_APPS Eclectic Designs CascadianFAQ SQL Injection Attempt -- index.php qid SELECT (web_specific_apps.rules)
2005111 - ET WEB_SPECIFIC_APPS Eclectic Designs CascadianFAQ SQL Injection Attempt -- index.php catid SELECT (web_specific_apps.rules)
2005135 - ET WEB_SPECIFIC_APPS MAXdev MDPro SQL Injection Attempt -- index.php startrow SELECT (web_specific_apps.rules)
2005136 - ET WEB_SPECIFIC_APPS MAXdev MDPro SQL Injection Attempt -- index.php startrow UNION SELECT (web_specific_apps.rules)
2005137 - ET WEB_SPECIFIC_APPS MAXdev MDPro SQL Injection Attempt -- index.php startrow INSERT (web_specific_apps.rules)
2005138 - ET WEB_SPECIFIC_APPS MAXdev MDPro SQL Injection Attempt -- index.php startrow DELETE (web_specific_apps.rules)
2005139 - ET WEB_SPECIFIC_APPS MAXdev MDPro SQL Injection Attempt -- index.php startrow ASCII (web_specific_apps.rules)
2005140 - ET WEB_SPECIFIC_APPS MAXdev MDPro SQL Injection Attempt -- index.php startrow UPDATE (web_specific_apps.rules)
2005518 - ET WEB_SPECIFIC_APPS SmE FileMailer SQL Injection Attempt -- index.php ps SELECT (web_specific_apps.rules)
2005519 - ET WEB_SPECIFIC_APPS SmE FileMailer SQL Injection Attempt -- index.php ps UNION SELECT (web_specific_apps.rules)
2005520 - ET WEB_SPECIFIC_APPS SmE FileMailer SQL Injection Attempt -- index.php ps INSERT (web_specific_apps.rules)
2005521 - ET WEB_SPECIFIC_APPS SmE FileMailer SQL Injection Attempt -- index.php ps DELETE (web_specific_apps.rules)
2005522 - ET WEB_SPECIFIC_APPS SmE FileMailer SQL Injection Attempt -- index.php ps ASCII (web_specific_apps.rules)
2005523 - ET WEB_SPECIFIC_APPS SmE FileMailer SQL Injection Attempt -- index.php ps UPDATE (web_specific_apps.rules)
2005524 - ET WEB_SPECIFIC_APPS SmE FileMailer SQL Injection Attempt -- index.php us SELECT (web_specific_apps.rules)
2005525 - ET WEB_SPECIFIC_APPS SmE FileMailer SQL Injection Attempt -- index.php us UNION SELECT (web_specific_apps.rules)
2005526 - ET WEB_SPECIFIC_APPS SmE FileMailer SQL Injection Attempt -- index.php us INSERT (web_specific_apps.rules)
2005527 - ET WEB_SPECIFIC_APPS SmE FileMailer SQL Injection Attempt -- index.php us DELETE (web_specific_apps.rules)
2005528 - ET WEB_SPECIFIC_APPS SmE FileMailer SQL Injection Attempt -- index.php us ASCII (web_specific_apps.rules)
2005529 - ET WEB_SPECIFIC_APPS SmE FileMailer SQL Injection Attempt -- index.php us UPDATE (web_specific_apps.rules)
2005530 - ET WEB_SPECIFIC_APPS SmE FileMailer SQL Injection Attempt -- index.php f SELECT (web_specific_apps.rules)
2005531 - ET WEB_SPECIFIC_APPS SmE FileMailer SQL Injection Attempt -- index.php f UNION SELECT (web_specific_apps.rules)
2005532 - ET WEB_SPECIFIC_APPS SmE FileMailer SQL Injection Attempt -- index.php f INSERT (web_specific_apps.rules)
2005772 - ET WEB_SPECIFIC_APPS @lex Guestbook SQL Injection Attempt -- index.php lang SELECT (web_specific_apps.rules)
2005773 - ET WEB_SPECIFIC_APPS @lex Guestbook SQL Injection Attempt -- index.php lang UNION SELECT (web_specific_apps.rules)
2005774 - ET WEB_SPECIFIC_APPS @lex Guestbook SQL Injection Attempt -- index.php lang INSERT (web_specific_apps.rules)
2005775 - ET WEB_SPECIFIC_APPS @lex Guestbook SQL Injection Attempt -- index.php lang DELETE (web_specific_apps.rules)
2005776 - ET WEB_SPECIFIC_APPS @lex Guestbook SQL Injection Attempt -- index.php lang ASCII (web_specific_apps.rules)
2005777 - ET WEB_SPECIFIC_APPS @lex Guestbook SQL Injection Attempt -- index.php lang UPDATE (web_specific_apps.rules)
2006400 - ET TROJAN Downloader.26001 Url Pattern Detected (trojan.rules)
2006405 - ET TROJAN Proxy.Win32.Agent.mx CnC Beacon (trojan.rules)
2006406 - ET TROJAN Proxy.Win32.Agent.mx (2) (trojan.rules)
2006528 - ET WEB_SPECIFIC_APPS PHPAccounts SQL Injection Attempt -- index.php Client_ID SELECT (web_specific_apps.rules)
2006529 - ET WEB_SPECIFIC_APPS PHPAccounts SQL Injection Attempt -- index.php Client_ID UNION SELECT (web_specific_apps.rules)
2006530 - ET WEB_SPECIFIC_APPS PHPAccounts SQL Injection Attempt -- index.php Client_ID INSERT (web_specific_apps.rules)
2006531 - ET WEB_SPECIFIC_APPS PHPAccounts SQL Injection Attempt -- index.php Client_ID DELETE (web_specific_apps.rules)
2006532 - ET WEB_SPECIFIC_APPS PHPAccounts SQL Injection Attempt -- index.php Client_ID ASCII (web_specific_apps.rules)
2006533 - ET WEB_SPECIFIC_APPS PHPAccounts SQL Injection Attempt -- index.php Client_ID UPDATE (web_specific_apps.rules)
2006534 - ET WEB_SPECIFIC_APPS PHPAccounts SQL Injection Attempt -- index.php Invoice_ID SELECT (web_specific_apps.rules)
2006535 - ET WEB_SPECIFIC_APPS PHPAccounts SQL Injection Attempt -- index.php Invoice_ID UNION SELECT (web_specific_apps.rules)
2006536 - ET WEB_SPECIFIC_APPS PHPAccounts SQL Injection Attempt -- index.php Invoice_ID INSERT (web_specific_apps.rules)
2006537 - ET WEB_SPECIFIC_APPS PHPAccounts SQL Injection Attempt -- index.php Invoice_ID DELETE (web_specific_apps.rules)
2006538 - ET WEB_SPECIFIC_APPS PHPAccounts SQL Injection Attempt -- index.php Invoice_ID ASCII (web_specific_apps.rules)
2006539 - ET WEB_SPECIFIC_APPS PHPAccounts SQL Injection Attempt -- index.php Invoice_ID UPDATE (web_specific_apps.rules)
2006540 - ET WEB_SPECIFIC_APPS PHPAccounts SQL Injection Attempt -- index.php Vendor_ID SELECT (web_specific_apps.rules)
2006541 - ET WEB_SPECIFIC_APPS PHPAccounts SQL Injection Attempt -- index.php Vendor_ID UNION SELECT (web_specific_apps.rules)
2006542 - ET WEB_SPECIFIC_APPS PHPAccounts SQL Injection Attempt -- index.php Vendor_ID INSERT (web_specific_apps.rules)
2006543 - ET WEB_SPECIFIC_APPS PHPAccounts SQL Injection Attempt -- index.php Vendor_ID DELETE (web_specific_apps.rules)
2006544 - ET WEB_SPECIFIC_APPS PHPAccounts SQL Injection Attempt -- index.php Vendor_ID ASCII (web_specific_apps.rules)
2006545 - ET WEB_SPECIFIC_APPS PHPAccounts SQL Injection Attempt -- index.php Vendor_ID UPDATE (web_specific_apps.rules)
2006675 - ET WEB_SPECIFIC_APPS Invision Gallery SQL Injection Attempt -- index.php img SELECT (web_specific_apps.rules)
2006676 - ET WEB_SPECIFIC_APPS Invision Gallery SQL Injection Attempt -- index.php img UNION SELECT (web_specific_apps.rules)
2006677 - ET WEB_SPECIFIC_APPS Invision Gallery SQL Injection Attempt -- index.php img INSERT (web_specific_apps.rules)
2006678 - ET WEB_SPECIFIC_APPS Invision Gallery SQL Injection Attempt -- index.php img DELETE (web_specific_apps.rules)
2006679 - ET WEB_SPECIFIC_APPS Invision Gallery SQL Injection Attempt -- index.php img ASCII (web_specific_apps.rules)
2006680 - ET WEB_SPECIFIC_APPS Invision Gallery SQL Injection Attempt -- index.php img UPDATE (web_specific_apps.rules)
2007703 - ET WEB_CLIENT Apple Quicktime RTSP Content-Type overflow attempt (web_client.rules)
2007776 - ET TROJAN Krunchy/BZub HTTP POST Update (trojan.rules)
2007889 - ET WEB_SPECIFIC_APPS Cacti SQL Injection Vulnerability graph_view graph_list UNION SELECT (web_specific_apps.rules)
2007890 - ET WEB_SPECIFIC_APPS Cacti SQL Injection Vulnerability graph_view graph_list INSERT (web_specific_apps.rules)
2007891 - ET WEB_SPECIFIC_APPS Cacti SQL Injection Vulnerability graph_view graph_list DELETE (web_specific_apps.rules)
2007892 - ET WEB_SPECIFIC_APPS Cacti SQL Injection Vulnerability graph_view graph_list UPDATE (web_specific_apps.rules)
2007966 - ET TROJAN Win32.Inject.zy Checkin Post (trojan.rules)
2008220 - ET TROJAN Looked.P/Gamania/Delf #109/! Style CnC Checkin Response from Server (trojan.rules)
2008366 - ET TROJAN LD Pinch Checkin (HTTP POST on port 82) (trojan.rules)
2008412 - ET TROJAN Trojan-Dropper.Win32.Small.avu HTTP Checkin (trojan.rules)
2008434 - ET TROJAN Coreflood/AFcore Trojan Infection (trojan.rules)
2008439 - ET WEB_SPECIFIC_APPS AlstraSoft Affiliate Network Pro (pgm) Parameter SQL Injection (web_specific_apps.rules)
2008661 - ET TROJAN Zbot/Zeus HTTP POST (trojan.rules)
2008874 - ET WEB_SPECIFIC_APPS PHPStore Yahoo Answers id parameter SQL Injection (web_specific_apps.rules)
2008891 - ET TROJAN MEREDROP/micr0s0fts.cn Related Checkin (trojan.rules)
2009553 - ET TROJAN FAKE/ROGUE AV Encoded data= HTTP POST (trojan.rules)
2009977 - ET WEB_SPECIFIC_APPS CMScontrol 7.x (index.php id_menu) SQL Injection Vulnerability (web_specific_apps.rules)
2009979 - ET WEB_SPECIFIC_APPS CMScontrol 7.x (index.php id_menu) SQL Injection Vulnerability (web_specific_apps.rules)
2010223 - ET WEB_SPECIFIC_APPS Possible Mambo Cache_Lite Class mosConfig_absolute_path Remote File Inclusion Attempt (web_specific_apps.rules)
2010337 - ET TROJAN FakeAV Reporting - POST often to resolution|borders.php (trojan.rules)
2010687 - ET WEB_SERVER HP OpenView Network Node Manager Snmp.exe CGI Buffer Overflow Attempt (web_server.rules)
2010881 - ET WEB_CLIENT PDF With Unescape Method Defined Possible Hostile Obfuscation Attempt (web_client.rules)
2010970 - ET WEB_SERVER HP OpenView Network Node Manager OvWebHelp.exe Heap Buffer Overflow Attempt (web_server.rules)
2011012 - ET SNMP Attempted TCP Access Attempt to Cisco IOS 12.1 Hidden Read/Write Community String ILMI (snmp.rules)
2011015 - ET WEB_SERVER Possible Sun Microsystems Sun Java System Web Server Remote File Disclosure Attempt (web_server.rules)
2011196 - ET WEB_SPECIFIC_APPS Possible HP OpenView Network Node Manager Getnnmdata.exe Invalid ICount Remote Code Execution Attempt (web_specific_apps.rules)
2011197 - ET WEB_SPECIFIC_APPS Possible HP OpenView Network Node Manager Getnnmdata.exe Invalid MaxAge Remote Code Execution Attempt (web_specific_apps.rules)
2011198 - ET WEB_SPECIFIC_APPS Possible HP OpenView Network Node Manager Getnnmdata.exe Invalid Hostname Remote Code Execution Attempt (web_specific_apps.rules)
2011400 - ET TROJAN Yoyo-DDoS Bot Execute SYN Flood Command Message From CnC Server (trojan.rules)
2011506 - ET WEB_CLIENT PDF With eval Function - Possibly Hostile (web_client.rules)
2011994 - ET FTP ProFTPD Backdoor Inbound Backdoor Open Request (ACIDBITCHEZ) (ftp.rules)
2012051 - ET TFTP TFTPGUI Long Transport Mode Buffer Overflow (tftp.rules)
2012063 - ET EXPLOIT Microsoft SRV2.SYS SMB Negotiate ProcessID Function Table Dereference (CVE-2009-3103) (exploit.rules)
2012682 - ET EXPLOIT HP OpenView NNM snmpviewer.exe CGI Stack Buffer Overflow 1 (exploit.rules)
2012683 - ET EXPLOIT HP OpenView NNM snmpviewer.exe CGI Stack Buffer Overflow 2 (exploit.rules)
2100258 - GPL DNS EXPLOIT named 8.2->8.2.1 (dns.rules)
2101199 - GPL WEB_SERVER Compaq Insight directory traversal (web_server.rules)
2101941 - GPL TFTP GET filename overflow attempt (tftp.rules)
2101945 - GPL WEB_SERVER unicode directory traversal attempt (web_server.rules)
2101987 - GPL EXPLOIT xfs overflow attempt (exploit.rules)
2102092 - GPL EXPLOIT portmap proxy integer overflow attempt UDP (exploit.rules)
2800607 - ETPRO EXPLOIT Novell NetMail IMAP Command Parsing Buffer Overflow (exploit.rules)
2800612 - ETPRO EXPLOIT Ipswitch WS_FTP Server FTP Commands Buffer Overflow (exploit.rules)
2800613 - ETPRO EXPLOIT Ipswitch WS_FTP Server FTP Commands Buffer Overflow (XMD5) (exploit.rules)
2800628 - ETPRO EXPLOIT 3Com TFTP Server Transporting Mode Remote Buffer Overflow Metasploit Exploit Detected against XPSP2  (exploit.rules)
2800635 - ETPRO DOS CA eTrust Intrusion Detection Encryption Key Handling Denial of Service (dos.rules)
2800636 - ETPRO DOS CA eTrust Intrusion Detection Encryption Key Handling Denial of Service - 2 (dos.rules)
2800777 - ETPRO MISC MDaemon Content Filter Directory Traversal Vulnerability (misc.rules)
2800799 - ETPRO DOS OpenLDAP Modrdn RDN NULL String Denial of Service Attempt (dos.rules)
2800823 - ETPRO TROJAN Backdoor.Win32.Mexbank.A Checkin Response (trojan.rules)
2800841 - ETPRO WEB_CLIENT Adobe Shockwave Director pamm Chunk Memory Corruption (web_client.rules)
2800845 - ETPRO WEB_CLIENT RealNetworks RealPlayer CDDA URI Uninitialized Pointer Code Execution (web_client.rules)
2800909 - ETPRO WEB_CLIENT Adobe Reader printSeps Memory Corruption (web_client.rules)
2800930 - ETPRO EXPLOIT IBM Informix Dynamic Server DBINFO Stack Buffer Overflow (exploit.rules)
2800931 - ETPRO EXPLOIT IBM Informix Dynamic Server DBINFO Stack Buffer Overflow (exploit.rules)
2800977 - ETPRO SMTP Exim string_format Remote Code Execution Attempt (smtp.rules)

[---]         Removed rules:         [---]

2008438 - ET INFO Possible Windows executable sent when remote host claims to send a Text File (info.rules)
2009897 - ET MALWARE Possible Windows executable sent when remote host claims to send html content (malware.rules)
2022874 - ET INFO Windows Executable Sent When Remote Host Claims to Send a RAR Archive (info.rules)

Date: 
Thursday, December 21, 2017 - 00:00