[Emerging-Sigs] Daily Ruleset Update Summary 09/25/2014 - Part Two

Francis Trudeau ftrudeau at emergingthreats.net
Thu Sep 25 19:20:28 EDT 2014


 [***] Summary: [***]

 32 new Open signatures 36 new Pro (32 + 4).  CVE-2014-6271, Arris
Cable Modem Backdoor, Android.Trojan.Magwei.A, W32/Banker.

 Please note that the generic HTTP URLENCODE sids 2019244 - 2019273
are disabled by default.

 [+++]          Added rules:          [+++]

  2019241 - ET WEB_SERVER Possible CVE-2014-6271 Attempt in Client
Body 3 (web_server.rules)
  2019243 - ET TROJAN Infostealer.Boleteiro checking stoled boleto
payment information (trojan.rules)
  2019244 - ET WEB_SERVER Possible CVE-2014-6271 Attempt in HTTP
URLENCODE Generic 1 (web_server.rules)
  2019245 - ET WEB_SERVER Possible CVE-2014-6271 Attempt in HTTP
URLENCODE Generic 2 (web_server.rules)
  2019246 - ET WEB_SERVER Possible CVE-2014-6271 Attempt in HTTP
URLENCODE Generic 3 (web_server.rules)
  2019247 - ET WEB_SERVER Possible CVE-2014-6271 Attempt in HTTP
URLENCODE Generic 4 (web_server.rules)
  2019248 - ET WEB_SERVER Possible CVE-2014-6271 Attempt in HTTP
URLENCODE Generic 5 (web_server.rules)
  2019249 - ET WEB_SERVER Possible CVE-2014-6271 Attempt in HTTP
URLENCODE Generic 6 (web_server.rules)
  2019250 - ET WEB_SERVER Possible CVE-2014-6271 Attempt in HTTP
URLENCODE Generic 7 (web_server.rules)
  2019251 - ET WEB_SERVER Possible CVE-2014-6271 Attempt in HTTP
URLENCODE Generic 8 (web_server.rules)
  2019252 - ET WEB_SERVER Possible CVE-2014-6271 Attempt in HTTP
URLENCODE Generic 9 (web_server.rules)
  2019253 - ET WEB_SERVER Possible CVE-2014-6271 Attempt in HTTP
URLENCODE Generic 10 (web_server.rules)
  2019254 - ET WEB_SERVER Possible CVE-2014-6271 Attempt in HTTP
URLENCODE Generic 11 (web_server.rules)
  2019255 - ET WEB_SERVER Possible CVE-2014-6271 Attempt in HTTP
URLENCODE Generic 12 (web_server.rules)
  2019256 - ET WEB_SERVER Possible CVE-2014-6271 Attempt in HTTP
URLENCODE Generic 13 (web_server.rules)
  2019257 - ET WEB_SERVER Possible CVE-2014-6271 Attempt in HTTP
URLENCODE Generic 14 (web_server.rules)
  2019258 - ET WEB_SERVER Possible CVE-2014-6271 Attempt in HTTP
URLENCODE Generic 15 (web_server.rules)
  2019259 - ET WEB_SERVER Possible CVE-2014-6271 Attempt in HTTP
URLENCODE Generic 16 (web_server.rules)
  2019260 - ET WEB_SERVER Possible CVE-2014-6271 Attempt in HTTP
URLENCODE Generic 17 (web_server.rules)
  2019261 - ET WEB_SERVER Possible CVE-2014-6271 Attempt in HTTP
URLENCODE Generic 18 (web_server.rules)
  2019262 - ET WEB_SERVER Possible CVE-2014-6271 Attempt in HTTP
URLENCODE Generic 19 (web_server.rules)
  2019263 - ET WEB_SERVER Possible CVE-2014-6271 Attempt in HTTP
URLENCODE Generic 20 (web_server.rules)
  2019264 - ET WEB_SERVER Possible CVE-2014-6271 Attempt in HTTP
URLENCODE Generic 21 (web_server.rules)
  2019265 - ET WEB_SERVER Possible CVE-2014-6271 Attempt in HTTP
URLENCODE Generic 22 (web_server.rules)
  2019266 - ET WEB_SERVER Possible CVE-2014-6271 Attempt in HTTP
URLENCODE Generic 23 (web_server.rules)
  2019267 - ET WEB_SERVER Possible CVE-2014-6271 Attempt in HTTP
URLENCODE Generic 24 (web_server.rules)
  2019268 - ET WEB_SERVER Possible CVE-2014-6271 Attempt in HTTP
URLENCODE Generic 25 (web_server.rules)
  2019269 - ET WEB_SERVER Possible CVE-2014-6271 Attempt in HTTP
URLENCODE Generic 26 (web_server.rules)
  2019270 - ET WEB_SERVER Possible CVE-2014-6271 Attempt in HTTP
URLENCODE Generic 27 (web_server.rules)
  2019271 - ET WEB_SERVER Possible CVE-2014-6271 Attempt in HTTP
URLENCODE Generic 28 (web_server.rules)
  2019272 - ET WEB_SERVER Possible CVE-2014-6271 Attempt in HTTP
URLENCODE Generic 29 (web_server.rules)
  2019273 - ET WEB_SERVER Possible CVE-2014-6271 Attempt in HTTP
URLENCODE Generic 30 (web_server.rules)

 Pro:

  2808892 - ETPRO EXPLOIT Arris Cable Modem Backdoor GET request (exploit.rules)
  2808893 - ETPRO TROJAN W32/Banker.AAUS!tr.spy Checkin (trojan.rules)
  2808894 - ETPRO MOBILE_MALWARE Android.Trojan.Magwei.A Checkin
(mobile_malware.rules)
  2808895 - ETPRO MOBILE_MALWARE Android.Trojan.Magwei.A Checkin 2
(mobile_malware.rules)


 [///]     Modified active rules:     [///]

  2019234 - ET WEB_SERVER Possible CVE-2014-6271 Attempt in Client
Body 2 (web_server.rules)
  2019237 - ET EXPLOIT Possible CVE-2014-6271 exploit attempt via
malicious DHCP ACK (exploit.rules)
  2808178 - ETPRO MOBILE_MALWARE Android.Monitor.Spyera.A Checkin
(mobile_malware.rules)


 [---]         Removed rules:         [---]

  2019238 - ET EXPLOIT Possible CVE-2014-6271 exploit attempt via
malicious DHCP ACK - option 67 (exploit.rules)
0


More information about the Emerging-sigs mailing list