Daily Ruleset Update Summary 2018/01/11

[***]            Summary:            [***]

1 new Open, 21 new Pro (1 + 12). MSIL/AdFraudClicker, Bitter RAT, Various Phishing.

[+++]          Added rules:          [+++]

Open:

2025198 - ET TROJAN Bitter RAT HTTP CnC Beacon M2 (trojan.rules)

Pro:

2829248 - ETPRO TROJAN Possible Meterpreter SSL Certificate (trojan.rules)
2829249 - ETPRO CURRENT_EVENTS Observed Malicious Windows Installer UA jpg DL (current_events.rules)
2829250 - ETPRO CURRENT_EVENTS Successful Paypal Phish2018-01-11 (current_events.rules)
2829251 - ETPRO CURRENT_EVENTS Successful Google Drive Phish2018-01-11 (current_events.rules)
2829252 - ETPRO TROJAN Observed Malicious SSL Cert (Zeus Panda CnC) (trojan.rules)
2829253 - ETPRO TROJAN Zeus Panda Domain (disithedtse .com in DNS Lookup) (trojan.rules)
2829254 - ETPRO TROJAN Zeus Panda Domain (disithedtse .com in TLS SNI) (trojan.rules)
2829255 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-01-11 1) (trojan.rules)
2829256 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-01-11 2) (trojan.rules)
2829257 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-01-11 3) (trojan.rules)
2829258 - ETPRO MALWARE Win32/PCKeeper PUP Activity M2 (malware.rules)
2829259 - ETPRO MALWARE MSIL/AdFraudClicker Activity (malware.rules)

[///]     Modified active rules:     [///]

2820482 - ETPRO TROJAN Malicious SSL Certificate Detected (Gootkit C2) (trojan.rules)
2829182 - ETPRO WEB_CLIENT Weblogic XMLDecoder RCE (CVE-2017-10271) (web_client.rules)

[---]         Disabled rules:        [---]

2011328 - ET EXPLOIT HP OpenView Network Node Manager OvJavaLocale Cookie Value Buffer Overflow Attempt (exploit.rules)
2011478 - ET EXPLOIT Possible Microsoft Office Word 2007 sprmCMajority Buffer Overflow Attempt (exploit.rules)
2011503 - ET EXPLOIT Successful Etrust Secure Transaction Platform Identification and Entitlements Server File Disclosure Attempt (exploit.rules)
2012045 - ET EXPLOIT VMware Tools Update OS Command Injection Attempt (exploit.rules)
2012055 - ET EXPLOIT JDownloader Webinterface Source Code Disclosure (exploit.rules)
2012057 - ET EXPLOIT VMware 2 Web Server Directory Traversal (exploit.rules)
2012058 - ET EXPLOIT HP LaserJet PLJ Interface Directory Traversal (exploit.rules)
2012101 - ET EXPLOIT Oracle Virtual Server Agent Command Injection Attempt (exploit.rules)
2012103 - ET EXPLOIT D-Link bsc_wlan.php Security Bypass (exploit.rules)
2012154 - ET EXPLOIT Wireshark ENTTEC DMX Data Processing Code Execution Attempt 1 (exploit.rules)
2012155 - ET EXPLOIT Wireshark ENTTEC DMX Data Processing Code Execution Attempt 2 (exploit.rules)
2012174 - ET EXPLOIT Microsoft Windows Common Control Library Heap Buffer Overflow (exploit.rules)
2800768 - ETPRO EXPLOIT Alt-N MDaemon IMAP Server Authentication Routines Buffer Overflow (LOGIN) (exploit.rules)
2800779 - ETPRO EXPLOIT VERITAS Backup Exec Agent Arbitrary File Download (exploit.rules)
2800781 - ETPRO EXPLOIT Microsoft Windows Shell Buffer Overflow (exploit.rules)
2800782 - ETPRO EXPLOIT Microsoft Windows Shell Buffer Overflow (no Item ID list) (exploit.rules)
2800788 - ETPRO EXPLOIT CA Messaging Queuing Buffer Overflow (exploit.rules)
2800790 - ETPRO EXPLOIT Alt-N MDaemon IMAP Server Authentication Routines Buffer Overflow CRAM-MD5 (exploit.rules)
2800842 - ETPRO EXPLOIT IBM Rational Quality Manager and Test Lab Manager Policy Bypass (exploit.rules)
2800856 - ETPRO EXPLOIT Oracle Java Runtime CMM readMabCurveData Buffer Overflow (exploit.rules)
2800859 - ETPRO EXPLOIT HP Data Protector Media Operations Null Pointer Deference Denial of Service Request (exploit.rules)
2800862 - ETPRO EXPLOIT IBM Informix Dynamic Server DBINFO Stack Buffer Overflow (exploit.rules)
2800870 - ETPRO EXPLOIT Microsoft Office PowerPoint Integer Underflow (exploit.rules)
2800880 - ETPRO EXPLOIT Adobe Shockwave Player Lnam Chunk Processing Buffer Overflow Big Endian (exploit.rules)
2800882 - ETPRO EXPLOIT Adobe Shockwave Player Lnam Chunk offset 24 Processing Buffer Overflow Little Endian (exploit.rules)
2800942 - ETPRO EXPLOIT Microsoft Forefront Unified Access Gateway Signurl.asp Cross-Site Scripting (exploit.rules)
2800956 - ETPRO EXPLOIT HP Data Protector Manager MMD Service Stack Buffer Overflow (exploit.rules)
2800960 - ETPRO EXPLOIT HP Data Protector OmniInet Service NULL Dereference Denial of Service (exploit.rules)
2800961 - ETPRO EXPLOIT HP Data Protector OmniInet Service NULL Dereference Denial of Service (exploit.rules)
2801178 - ETPRO EXPLOIT Microsoft IIS FTP Server Telnet IAC Buffer Overflow (exploit.rules)
2801242 - ETPRO EXPLOIT CA ARCserve D2D Axis2 Default Credentials (exploit.rules)
2801244 - ETPRO EXPLOIT CA ARCserve D2D Axis2 Default Credentials Remote Code Execution (exploit.rules)
2801257 - ETPRO EXPLOIT Microsoft Sharepoint Document Conversions Launcher Code Execution (exploit.rules)
2801272 - ETPRO EXPLOIT CA BrightStor ARCserve Backup Media Server SUN RPC Service Buffer Overflow (exploit.rules)
2801276 - ETPRO EXPLOIT HP OpenView Network Node Manager nnmRptConfig.exe nameParams text1 Buffer Overflow (exploit.rules)
2801278 - ETPRO EXPLOIT HP OpenView Network Node Manager nnmRptConfig.exe nameParams text1 Buffer Overflow (exploit.rules)
2801279 - ETPRO EXPLOIT HP OpenView Network Node Manager nnmRptConfig.exe Template Format String Code Execution (exploit.rules)
2801307 - ETPRO EXPLOIT HP OpenView Network Node Manager jovgraph.exe displayWidth Buffer Overflow (exploit.rules)
2801310 - ETPRO EXPLOIT Oracle GoldenGate Veridata Server XML SOAP Request Buffer Overflow (exploit.rules)
2801328 - ETPRO EXPLOIT Symantec Alert Management System Pin Number Stack Buffer Overflow (exploit.rules)
2801337 - ETPRO EXPLOIT Symantec Alert Management System Modem String Stack Buffer Overflow (exploit.rules)
2801344 - ETPRO EXPLOIT HP OpenView Performance Insight Server Backdoor Account Code Execution (exploit.rules)
2801345 - ETPRO EXPLOIT HP OpenView Performance Insight Server Backdoor Account Code Execution (exploit.rules)
2801346 - ETPRO EXPLOIT HP OpenView Performance Insight Server Backdoor Account Code Execution (exploit.rules)
2801353 - ETPRO EXPLOIT HP OpenView Network Node Manager ovutil.dll stringToSeconds Buffer Overflow (exploit.rules)
2801391 - ETPRO EXPLOIT IBM Informix Dynamic Server SET ENVIRONMENT Stack Buffer Overflow (exploit.rules)
2801392 - ETPRO EXPLOIT IBM Informix Dynamic Server SET ENVIRONMENT Stack Buffer Overflow (exploit.rules)
2801443 - ETPRO EXPLOIT Novell Netware XNFS.NLM Stack Buffer Overflow 1 (exploit.rules)
2801444 - ETPRO EXPLOIT Novell Netware XNFS.NLM Stack Buffer Overflow 2 (exploit.rules)
2801445 - ETPRO EXPLOIT RedHat JBoss Enterprise Application Platform JMX Console Authentication Bypass (exploit.rules)
2801622 - ETPRO EXPLOIT Citrix Provisioning Services streamprocess.exe Stack Buffer Overflow (exploit.rules)
2801679 - ETPRO EXPLOIT EnterpriseDB PostgreSQL Plus Advanced Server DBA Management Server Authentication Bypass (exploit.rules)
2801877 - ETPRO EXPLOIT Oracle Secure Backup Admin Server index.php preauth Parameter Arbitrary Code Execution (exploit.rules)
2801878 - ETPRO EXPLOIT Oracle Secure Backup Admin Server property_box.php other Parameter Arbitrary Code Execution (exploit.rules)
2801879 - ETPRO EXPLOIT Oracle Secure Backup Admin Server property_box.php objectname Parameter Arbitrary Command Execution (exploit.rules)
2801886 - ETPRO EXPLOIT HP OpenView Network Node Manager nnmRptConfig.exe schd_select1 Remote Code Execution (exploit.rules)
2801904 - ETPRO EXPLOIT Novell iManager ClassName Remote Buffer Overflow (exploit.rules)
2801952 - ETPRO EXPLOIT Zend Zend Server Java Bridge Remote Code Execution (exploit.rules)
2801970 - ETPRO EXPLOIT HP OpenView Network Node Manager ovwebsnmpsrv.exe OVwSelection Buffer Overflow (exploit.rules)
2802005 - ETPRO EXPLOIT IBM solidDB solid.exe Authentication Bypass Little Endian 1 (exploit.rules)
2802006 - ETPRO EXPLOIT IBM solidDB solid.exe Authentication Bypass Little Endian 2 (exploit.rules)
2802007 - ETPRO EXPLOIT IBM solidDB solid.exe Authentication Bypass Little Endian 3 (exploit.rules)
2802008 - ETPRO EXPLOIT IBM solidDB solid.exe Authentication Bypass Big Endian 1 (exploit.rules)
2802009 - ETPRO EXPLOIT IBM solidDB solid.exe Authentication Bypass Big Endian 2 (exploit.rules)
2802010 - ETPRO EXPLOIT IBM solidDB solid.exe Authentication Bypass Big Endian 3 (exploit.rules)
2802089 - ETPRO EXPLOIT IBM Tivoli Directory Server ibmslapd.exe Integer Overflow (exploit.rules)

Date: 
Thursday, January 11, 2018 - 00:00