[Emerging-Sigs] Daily Ruleset Update Summary 2017/12/21

Travis Green tgreen at emergingthreats.net
Thu Dec 21 13:10:08 HST 2017


[***]            Summary:            [***]

12 new Open, 25 new Pro (12 + 13). Newuser CnC, WooSIP Downloader,
W32/Teamspy Variant, Various Phishing.

Thanks: @securitydoggo


[+++]          Added rules:          [+++]

Open:

 2008438 - ET TROJAN Possible Windows executable sent when remote host
claims to send a Text File (trojan.rules)
 2009897 - ET TROJAN Possible Windows executable sent when remote host
claims to send html content (trojan.rules)
 2022874 - ET TROJAN Windows Executable Sent When Remote Host Claims to
Send a RAR Archive (trojan.rules)
 2025161 - ET TROJAN Windows executable sent when remote host claims to
send an image M4 (trojan.rules)
 2025162 - ET INFO Suspicious Request for Doc to IP Address with Terse
Headers (info.rules)
 2025163 - ET TROJAN Unknown Newuser CnC Check-in M1 (trojan.rules)
 2025164 - ET TROJAN Unknown Newuser CnC Check-in M2 (trojan.rules)
 2025165 - ET TROJAN WooSIP Downloader CnC CreateFolderOnServer
(trojan.rules)
 2025166 - ET TROJAN WooSIP Downloader CnC DeleteFileOnServer (trojan.rules)
 2025167 - ET TROJAN WooSIP Downloader CnC WriteMetadataOnServer
(trojan.rules)
 2025168 - ET TROJAN Smurf2 CnC Checkin (trojan.rules)
 2025169 - ET TROJAN Windows Executable Downloaded With Image Content-Type
Header (trojan.rules)

Pro:

 2829008 - ETPRO TROJAN W32/Teamspy Variant Checkin (trojan.rules)
 2829009 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2017-12-19 1) (trojan.rules)
 2829010 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2017-12-19 2) (trojan.rules)
 2829011 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2017-12-19 3) (trojan.rules)
 2829012 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2017-12-19 4) (trojan.rules)
 2829013 - ETPRO CURRENT_EVENTS Successful Banco do Brazil Phish 2017-12-21
(current_events.rules)
 2829014 - ETPRO CURRENT_EVENTS Successful Wells Fargo Phish 2017-12-21
(current_events.rules)
 2829015 - ETPRO CURRENT_EVENTS Successful Amazon Phish 2017-12-21
(current_events.rules)
 2829016 - ETPRO CURRENT_EVENTS Successful Adobe Phish 2017-12-21
(current_events.rules)
 2829017 - ETPRO CURRENT_EVENTS Successful AOL Phish 2017-12-21
(current_events.rules)
 2829018 - ETPRO CURRENT_EVENTS Generic Financial Phish Landing 2017-12-21
(current_events.rules)
 2829019 - ETPRO TROJAN Win32.Blocker.BR Checkin M1 (trojan.rules)
 2829020 - ETPRO TROJAN Win32.Blocker.BR Checkin M2 (trojan.rules)


[///]     Modified active rules:     [///]

 2024846 - ET CURRENT_EVENTS Successful Paypal Phish Oct 16 2017
(current_events.rules)
 2827572 - ETPRO CURRENT_EVENTS Successful Generic .EDU Phish Aug 17 2017
(current_events.rules)
 2829000 - ETPRO TROJAN FormBook CnC Checkin (GET) (trojan.rules)
 2829004 - ETPRO TROJAN FormBook CnC Checkin (POST) (trojan.rules)


[---]  Disabled and modified rules:  [---]

 2020757 - ET MALWARE Windows executable sent when remote host claims to
send an image M2 (malware.rules)
 2023750 - ET MALWARE Windows executable sent when remote host claims to
send an image M3 (malware.rules)


[---]         Disabled rules:        [---]

 2002996 - ET WEB_SPECIFIC_APPS GeekLog Remote File Include Vulnerability
(web_specific_apps.rules)
 2003132 - ET TROJAN BOT - potential DDoS command (2) (trojan.rules)
 2004022 - ET WEB_SPECIFIC_APPS AlstraSoft E-Friends SQL Injection Attempt
-- index.php pack UPDATE (web_specific_apps.rules)
 2004089 - ET WEB_SPECIFIC_APPS Phil-a-Form SQL Injection Attempt --
index.php form_id SELECT (web_specific_apps.rules)
 2004090 - ET WEB_SPECIFIC_APPS Phil-a-Form SQL Injection Attempt --
index.php form_id UNION SELECT (web_specific_apps.rules)
 2004091 - ET WEB_SPECIFIC_APPS Phil-a-Form SQL Injection Attempt --
index.php form_id INSERT (web_specific_apps.rules)
 2004092 - ET WEB_SPECIFIC_APPS Phil-a-Form SQL Injection Attempt --
index.php form_id DELETE (web_specific_apps.rules)
 2004093 - ET WEB_SPECIFIC_APPS Phil-a-Form SQL Injection Attempt --
index.php form_id ASCII (web_specific_apps.rules)
 2004094 - ET WEB_SPECIFIC_APPS Phil-a-Form SQL Injection Attempt --
index.php form_id UPDATE (web_specific_apps.rules)
 2004116 - ET WEB_SPECIFIC_APPS ScriptMagix Jokes SQL Injection Attempt --
index.php catid SELECT (web_specific_apps.rules)
 2004117 - ET WEB_SPECIFIC_APPS ScriptMagix Jokes SQL Injection Attempt --
index.php catid UNION SELECT (web_specific_apps.rules)
 2004118 - ET WEB_SPECIFIC_APPS ScriptMagix Jokes SQL Injection Attempt --
index.php catid INSERT (web_specific_apps.rules)
 2004119 - ET WEB_SPECIFIC_APPS ScriptMagix Jokes SQL Injection Attempt --
index.php catid DELETE (web_specific_apps.rules)
 2004120 - ET WEB_SPECIFIC_APPS ScriptMagix Jokes SQL Injection Attempt --
index.php catid ASCII (web_specific_apps.rules)
 2004121 - ET WEB_SPECIFIC_APPS ScriptMagix Jokes SQL Injection Attempt --
index.php catid UPDATE (web_specific_apps.rules)
 2004122 - ET WEB_SPECIFIC_APPS Katalog Plyt Audio SQL Injection Attempt --
index.php kolumna SELECT (web_specific_apps.rules)
 2004123 - ET WEB_SPECIFIC_APPS Katalog Plyt Audio SQL Injection Attempt --
index.php kolumna UNION SELECT (web_specific_apps.rules)
 2004124 - ET WEB_SPECIFIC_APPS Katalog Plyt Audio SQL Injection Attempt --
index.php kolumna INSERT (web_specific_apps.rules)
 2004125 - ET WEB_SPECIFIC_APPS Katalog Plyt Audio SQL Injection Attempt --
index.php kolumna DELETE (web_specific_apps.rules)
 2004126 - ET WEB_SPECIFIC_APPS Katalog Plyt Audio SQL Injection Attempt --
index.php kolumna ASCII (web_specific_apps.rules)
 2004127 - ET WEB_SPECIFIC_APPS Katalog Plyt Audio SQL Injection Attempt --
index.php kolumna UPDATE (web_specific_apps.rules)
 2004409 - ET WEB_SPECIFIC_APPS Links Management Application SQL Injection
Attempt -- index.php lcnt SELECT (web_specific_apps.rules)
 2004410 - ET WEB_SPECIFIC_APPS Links Management Application SQL Injection
Attempt -- index.php lcnt UNION SELECT (web_specific_apps.rules)
 2004411 - ET WEB_SPECIFIC_APPS Links Management Application SQL Injection
Attempt -- index.php lcnt INSERT (web_specific_apps.rules)
 2004412 - ET WEB_SPECIFIC_APPS Links Management Application SQL Injection
Attempt -- index.php lcnt DELETE (web_specific_apps.rules)
 2004413 - ET WEB_SPECIFIC_APPS Links Management Application SQL Injection
Attempt -- index.php lcnt ASCII (web_specific_apps.rules)
 2004414 - ET WEB_SPECIFIC_APPS Links Management Application SQL Injection
Attempt -- index.php lcnt UPDATE (web_specific_apps.rules)
 2004606 - ET WEB_SPECIFIC_APPS PNphpBB2 SQL Injection Attempt -- index.php
c SELECT (web_specific_apps.rules)
 2004607 - ET WEB_SPECIFIC_APPS PNphpBB2 SQL Injection Attempt -- index.php
c UNION SELECT (web_specific_apps.rules)
 2004608 - ET WEB_SPECIFIC_APPS PNphpBB2 SQL Injection Attempt -- index.php
c INSERT (web_specific_apps.rules)
 2004609 - ET WEB_SPECIFIC_APPS PNphpBB2 SQL Injection Attempt -- index.php
c DELETE (web_specific_apps.rules)
 2004610 - ET WEB_SPECIFIC_APPS PNphpBB2 SQL Injection Attempt -- index.php
c ASCII (web_specific_apps.rules)
 2004611 - ET WEB_SPECIFIC_APPS PNphpBB2 SQL Injection Attempt -- index.php
c UPDATE (web_specific_apps.rules)
 2004660 - ET WEB_SPECIFIC_APPS Rigter Portal System (RPS) SQL Injection
Attempt -- index.php categoria SELECT (web_specific_apps.rules)
 2004661 - ET WEB_SPECIFIC_APPS Rigter Portal System (RPS) SQL Injection
Attempt -- index.php categoria UNION SELECT (web_specific_apps.rules)
 2004662 - ET WEB_SPECIFIC_APPS Rigter Portal System (RPS) SQL Injection
Attempt -- index.php categoria INSERT (web_specific_apps.rules)
 2004663 - ET WEB_SPECIFIC_APPS Rigter Portal System (RPS) SQL Injection
Attempt -- index.php categoria DELETE (web_specific_apps.rules)
 2004664 - ET WEB_SPECIFIC_APPS Rigter Portal System (RPS) SQL Injection
Attempt -- index.php categoria ASCII (web_specific_apps.rules)
 2004665 - ET WEB_SPECIFIC_APPS Rigter Portal System (RPS) SQL Injection
Attempt -- index.php categoria UPDATE (web_specific_apps.rules)
 2004689 - ET WEB_SPECIFIC_APPS Kubix SQL Injection Attempt -- index.php
member_id SELECT (web_specific_apps.rules)
 2004690 - ET WEB_SPECIFIC_APPS Kubix SQL Injection Attempt -- index.php
member_id UNION SELECT (web_specific_apps.rules)
 2004691 - ET WEB_SPECIFIC_APPS Kubix SQL Injection Attempt -- index.php
member_id INSERT (web_specific_apps.rules)
 2004692 - ET WEB_SPECIFIC_APPS Kubix SQL Injection Attempt -- index.php
member_id DELETE (web_specific_apps.rules)
 2004693 - ET WEB_SPECIFIC_APPS Kubix SQL Injection Attempt -- index.php
member_id ASCII (web_specific_apps.rules)
 2004694 - ET WEB_SPECIFIC_APPS Kubix SQL Injection Attempt -- index.php
member_id UPDATE (web_specific_apps.rules)
 2004713 - ET WEB_SPECIFIC_APPS Connectix Boards SQL Injection Attempt --
index.php p_skin INSERT (web_specific_apps.rules)
 2005087 - ET WEB_SPECIFIC_APPS Eclectic Designs CascadianFAQ SQL Injection
Attempt -- index.php qid SELECT (web_specific_apps.rules)
 2005111 - ET WEB_SPECIFIC_APPS Eclectic Designs CascadianFAQ SQL Injection
Attempt -- index.php catid SELECT (web_specific_apps.rules)
 2005135 - ET WEB_SPECIFIC_APPS MAXdev MDPro SQL Injection Attempt --
index.php startrow SELECT (web_specific_apps.rules)
 2005136 - ET WEB_SPECIFIC_APPS MAXdev MDPro SQL Injection Attempt --
index.php startrow UNION SELECT (web_specific_apps.rules)
 2005137 - ET WEB_SPECIFIC_APPS MAXdev MDPro SQL Injection Attempt --
index.php startrow INSERT (web_specific_apps.rules)
 2005138 - ET WEB_SPECIFIC_APPS MAXdev MDPro SQL Injection Attempt --
index.php startrow DELETE (web_specific_apps.rules)
 2005139 - ET WEB_SPECIFIC_APPS MAXdev MDPro SQL Injection Attempt --
index.php startrow ASCII (web_specific_apps.rules)
 2005140 - ET WEB_SPECIFIC_APPS MAXdev MDPro SQL Injection Attempt --
index.php startrow UPDATE (web_specific_apps.rules)
 2005518 - ET WEB_SPECIFIC_APPS SmE FileMailer SQL Injection Attempt --
index.php ps SELECT (web_specific_apps.rules)
 2005519 - ET WEB_SPECIFIC_APPS SmE FileMailer SQL Injection Attempt --
index.php ps UNION SELECT (web_specific_apps.rules)
 2005520 - ET WEB_SPECIFIC_APPS SmE FileMailer SQL Injection Attempt --
index.php ps INSERT (web_specific_apps.rules)
 2005521 - ET WEB_SPECIFIC_APPS SmE FileMailer SQL Injection Attempt --
index.php ps DELETE (web_specific_apps.rules)
 2005522 - ET WEB_SPECIFIC_APPS SmE FileMailer SQL Injection Attempt --
index.php ps ASCII (web_specific_apps.rules)
 2005523 - ET WEB_SPECIFIC_APPS SmE FileMailer SQL Injection Attempt --
index.php ps UPDATE (web_specific_apps.rules)
 2005524 - ET WEB_SPECIFIC_APPS SmE FileMailer SQL Injection Attempt --
index.php us SELECT (web_specific_apps.rules)
 2005525 - ET WEB_SPECIFIC_APPS SmE FileMailer SQL Injection Attempt --
index.php us UNION SELECT (web_specific_apps.rules)
 2005526 - ET WEB_SPECIFIC_APPS SmE FileMailer SQL Injection Attempt --
index.php us INSERT (web_specific_apps.rules)
 2005527 - ET WEB_SPECIFIC_APPS SmE FileMailer SQL Injection Attempt --
index.php us DELETE (web_specific_apps.rules)
 2005528 - ET WEB_SPECIFIC_APPS SmE FileMailer SQL Injection Attempt --
index.php us ASCII (web_specific_apps.rules)
 2005529 - ET WEB_SPECIFIC_APPS SmE FileMailer SQL Injection Attempt --
index.php us UPDATE (web_specific_apps.rules)
 2005530 - ET WEB_SPECIFIC_APPS SmE FileMailer SQL Injection Attempt --
index.php f SELECT (web_specific_apps.rules)
 2005531 - ET WEB_SPECIFIC_APPS SmE FileMailer SQL Injection Attempt --
index.php f UNION SELECT (web_specific_apps.rules)
 2005532 - ET WEB_SPECIFIC_APPS SmE FileMailer SQL Injection Attempt --
index.php f INSERT (web_specific_apps.rules)
 2005772 - ET WEB_SPECIFIC_APPS @lex Guestbook SQL Injection Attempt --
index.php lang SELECT (web_specific_apps.rules)
 2005773 - ET WEB_SPECIFIC_APPS @lex Guestbook SQL Injection Attempt --
index.php lang UNION SELECT (web_specific_apps.rules)
 2005774 - ET WEB_SPECIFIC_APPS @lex Guestbook SQL Injection Attempt --
index.php lang INSERT (web_specific_apps.rules)
 2005775 - ET WEB_SPECIFIC_APPS @lex Guestbook SQL Injection Attempt --
index.php lang DELETE (web_specific_apps.rules)
 2005776 - ET WEB_SPECIFIC_APPS @lex Guestbook SQL Injection Attempt --
index.php lang ASCII (web_specific_apps.rules)
 2005777 - ET WEB_SPECIFIC_APPS @lex Guestbook SQL Injection Attempt --
index.php lang UPDATE (web_specific_apps.rules)
 2006400 - ET TROJAN Downloader.26001 Url Pattern Detected (trojan.rules)
 2006405 - ET TROJAN Proxy.Win32.Agent.mx CnC Beacon (trojan.rules)
 2006406 - ET TROJAN Proxy.Win32.Agent.mx (2) (trojan.rules)
 2006528 - ET WEB_SPECIFIC_APPS PHPAccounts SQL Injection Attempt --
index.php Client_ID SELECT (web_specific_apps.rules)
 2006529 - ET WEB_SPECIFIC_APPS PHPAccounts SQL Injection Attempt --
index.php Client_ID UNION SELECT (web_specific_apps.rules)
 2006530 - ET WEB_SPECIFIC_APPS PHPAccounts SQL Injection Attempt --
index.php Client_ID INSERT (web_specific_apps.rules)
 2006531 - ET WEB_SPECIFIC_APPS PHPAccounts SQL Injection Attempt --
index.php Client_ID DELETE (web_specific_apps.rules)
 2006532 - ET WEB_SPECIFIC_APPS PHPAccounts SQL Injection Attempt --
index.php Client_ID ASCII (web_specific_apps.rules)
 2006533 - ET WEB_SPECIFIC_APPS PHPAccounts SQL Injection Attempt --
index.php Client_ID UPDATE (web_specific_apps.rules)
 2006534 - ET WEB_SPECIFIC_APPS PHPAccounts SQL Injection Attempt --
index.php Invoice_ID SELECT (web_specific_apps.rules)
 2006535 - ET WEB_SPECIFIC_APPS PHPAccounts SQL Injection Attempt --
index.php Invoice_ID UNION SELECT (web_specific_apps.rules)
 2006536 - ET WEB_SPECIFIC_APPS PHPAccounts SQL Injection Attempt --
index.php Invoice_ID INSERT (web_specific_apps.rules)
 2006537 - ET WEB_SPECIFIC_APPS PHPAccounts SQL Injection Attempt --
index.php Invoice_ID DELETE (web_specific_apps.rules)
 2006538 - ET WEB_SPECIFIC_APPS PHPAccounts SQL Injection Attempt --
index.php Invoice_ID ASCII (web_specific_apps.rules)
 2006539 - ET WEB_SPECIFIC_APPS PHPAccounts SQL Injection Attempt --
index.php Invoice_ID UPDATE (web_specific_apps.rules)
 2006540 - ET WEB_SPECIFIC_APPS PHPAccounts SQL Injection Attempt --
index.php Vendor_ID SELECT (web_specific_apps.rules)
 2006541 - ET WEB_SPECIFIC_APPS PHPAccounts SQL Injection Attempt --
index.php Vendor_ID UNION SELECT (web_specific_apps.rules)
 2006542 - ET WEB_SPECIFIC_APPS PHPAccounts SQL Injection Attempt --
index.php Vendor_ID INSERT (web_specific_apps.rules)
 2006543 - ET WEB_SPECIFIC_APPS PHPAccounts SQL Injection Attempt --
index.php Vendor_ID DELETE (web_specific_apps.rules)
 2006544 - ET WEB_SPECIFIC_APPS PHPAccounts SQL Injection Attempt --
index.php Vendor_ID ASCII (web_specific_apps.rules)
 2006545 - ET WEB_SPECIFIC_APPS PHPAccounts SQL Injection Attempt --
index.php Vendor_ID UPDATE (web_specific_apps.rules)
 2006675 - ET WEB_SPECIFIC_APPS Invision Gallery SQL Injection Attempt --
index.php img SELECT (web_specific_apps.rules)
 2006676 - ET WEB_SPECIFIC_APPS Invision Gallery SQL Injection Attempt --
index.php img UNION SELECT (web_specific_apps.rules)
 2006677 - ET WEB_SPECIFIC_APPS Invision Gallery SQL Injection Attempt --
index.php img INSERT (web_specific_apps.rules)
 2006678 - ET WEB_SPECIFIC_APPS Invision Gallery SQL Injection Attempt --
index.php img DELETE (web_specific_apps.rules)
 2006679 - ET WEB_SPECIFIC_APPS Invision Gallery SQL Injection Attempt --
index.php img ASCII (web_specific_apps.rules)
 2006680 - ET WEB_SPECIFIC_APPS Invision Gallery SQL Injection Attempt --
index.php img UPDATE (web_specific_apps.rules)
 2007703 - ET WEB_CLIENT Apple Quicktime RTSP Content-Type overflow attempt
(web_client.rules)
 2007776 - ET TROJAN Krunchy/BZub HTTP POST Update (trojan.rules)
 2007889 - ET WEB_SPECIFIC_APPS Cacti SQL Injection Vulnerability
graph_view graph_list UNION SELECT (web_specific_apps.rules)
 2007890 - ET WEB_SPECIFIC_APPS Cacti SQL Injection Vulnerability
graph_view graph_list INSERT (web_specific_apps.rules)
 2007891 - ET WEB_SPECIFIC_APPS Cacti SQL Injection Vulnerability
graph_view graph_list DELETE (web_specific_apps.rules)
 2007892 - ET WEB_SPECIFIC_APPS Cacti SQL Injection Vulnerability
graph_view graph_list UPDATE (web_specific_apps.rules)
 2007966 - ET TROJAN Win32.Inject.zy Checkin Post (trojan.rules)
 2008220 - ET TROJAN Looked.P/Gamania/Delf #109/! Style CnC Checkin
Response from Server (trojan.rules)
 2008366 - ET TROJAN LD Pinch Checkin (HTTP POST on port 82) (trojan.rules)
 2008412 - ET TROJAN Trojan-Dropper.Win32.Small.avu HTTP Checkin
(trojan.rules)
 2008434 - ET TROJAN Coreflood/AFcore Trojan Infection (trojan.rules)
 2008439 - ET WEB_SPECIFIC_APPS AlstraSoft Affiliate Network Pro (pgm)
Parameter SQL Injection (web_specific_apps.rules)
 2008661 - ET TROJAN Zbot/Zeus HTTP POST (trojan.rules)
 2008874 - ET WEB_SPECIFIC_APPS PHPStore Yahoo Answers id parameter SQL
Injection (web_specific_apps.rules)
 2008891 - ET TROJAN MEREDROP/micr0s0fts.cn Related Checkin (trojan.rules)
 2009553 - ET TROJAN FAKE/ROGUE AV Encoded data= HTTP POST (trojan.rules)
 2009977 - ET WEB_SPECIFIC_APPS CMScontrol 7.x (index.php id_menu) SQL
Injection Vulnerability (web_specific_apps.rules)
 2009979 - ET WEB_SPECIFIC_APPS CMScontrol 7.x (index.php id_menu) SQL
Injection Vulnerability (web_specific_apps.rules)
 2010223 - ET WEB_SPECIFIC_APPS Possible Mambo Cache_Lite Class
mosConfig_absolute_path Remote File Inclusion Attempt
(web_specific_apps.rules)
 2010337 - ET TROJAN FakeAV Reporting - POST often to
resolution|borders.php (trojan.rules)
 2010687 - ET WEB_SERVER HP OpenView Network Node Manager Snmp.exe CGI
Buffer Overflow Attempt (web_server.rules)
 2010881 - ET WEB_CLIENT PDF With Unescape Method Defined Possible Hostile
Obfuscation Attempt (web_client.rules)
 2010970 - ET WEB_SERVER HP OpenView Network Node Manager OvWebHelp.exe
Heap Buffer Overflow Attempt (web_server.rules)
 2011012 - ET SNMP Attempted TCP Access Attempt to Cisco IOS 12.1 Hidden
Read/Write Community String ILMI (snmp.rules)
 2011015 - ET WEB_SERVER Possible Sun Microsystems Sun Java System Web
Server Remote File Disclosure Attempt (web_server.rules)
 2011196 - ET WEB_SPECIFIC_APPS Possible HP OpenView Network Node Manager
Getnnmdata.exe Invalid ICount Remote Code Execution Attempt
(web_specific_apps.rules)
 2011197 - ET WEB_SPECIFIC_APPS Possible HP OpenView Network Node Manager
Getnnmdata.exe Invalid MaxAge Remote Code Execution Attempt
(web_specific_apps.rules)
 2011198 - ET WEB_SPECIFIC_APPS Possible HP OpenView Network Node Manager
Getnnmdata.exe Invalid Hostname Remote Code Execution Attempt
(web_specific_apps.rules)
 2011400 - ET TROJAN Yoyo-DDoS Bot Execute SYN Flood Command Message From
CnC Server (trojan.rules)
 2011506 - ET WEB_CLIENT PDF With eval Function - Possibly Hostile
(web_client.rules)
 2011994 - ET FTP ProFTPD Backdoor Inbound Backdoor Open Request
(ACIDBITCHEZ) (ftp.rules)
 2012051 - ET TFTP TFTPGUI Long Transport Mode Buffer Overflow (tftp.rules)
 2012063 - ET EXPLOIT Microsoft SRV2.SYS SMB Negotiate ProcessID Function
Table Dereference (CVE-2009-3103) (exploit.rules)
 2012682 - ET EXPLOIT HP OpenView NNM snmpviewer.exe CGI Stack Buffer
Overflow 1 (exploit.rules)
 2012683 - ET EXPLOIT HP OpenView NNM snmpviewer.exe CGI Stack Buffer
Overflow 2 (exploit.rules)
 2100258 - GPL DNS EXPLOIT named 8.2->8.2.1 (dns.rules)
 2101199 - GPL WEB_SERVER Compaq Insight directory traversal
(web_server.rules)
 2101941 - GPL TFTP GET filename overflow attempt (tftp.rules)
 2101945 - GPL WEB_SERVER unicode directory traversal attempt
(web_server.rules)
 2101987 - GPL EXPLOIT xfs overflow attempt (exploit.rules)
 2102092 - GPL EXPLOIT portmap proxy integer overflow attempt UDP
(exploit.rules)
 2800607 - ETPRO EXPLOIT Novell NetMail IMAP Command Parsing Buffer
Overflow (exploit.rules)
 2800612 - ETPRO EXPLOIT Ipswitch WS_FTP Server FTP Commands Buffer
Overflow (exploit.rules)
 2800613 - ETPRO EXPLOIT Ipswitch WS_FTP Server FTP Commands Buffer
Overflow (XMD5) (exploit.rules)
 2800628 - ETPRO EXPLOIT 3Com TFTP Server Transporting Mode Remote Buffer
Overflow Metasploit Exploit Detected against XPSP2  (exploit.rules)
 2800635 - ETPRO DOS CA eTrust Intrusion Detection Encryption Key Handling
Denial of Service (dos.rules)
 2800636 - ETPRO DOS CA eTrust Intrusion Detection Encryption Key Handling
Denial of Service - 2 (dos.rules)
 2800777 - ETPRO MISC MDaemon Content Filter Directory Traversal
Vulnerability (misc.rules)
 2800799 - ETPRO DOS OpenLDAP Modrdn RDN NULL String Denial of Service
Attempt (dos.rules)
 2800823 - ETPRO TROJAN Backdoor.Win32.Mexbank.A Checkin Response
(trojan.rules)
 2800841 - ETPRO WEB_CLIENT Adobe Shockwave Director pamm Chunk Memory
Corruption (web_client.rules)
 2800845 - ETPRO WEB_CLIENT RealNetworks RealPlayer CDDA URI Uninitialized
Pointer Code Execution (web_client.rules)
 2800909 - ETPRO WEB_CLIENT Adobe Reader printSeps Memory Corruption
(web_client.rules)
 2800930 - ETPRO EXPLOIT IBM Informix Dynamic Server DBINFO Stack Buffer
Overflow (exploit.rules)
 2800931 - ETPRO EXPLOIT IBM Informix Dynamic Server DBINFO Stack Buffer
Overflow (exploit.rules)
 2800977 - ETPRO SMTP Exim string_format Remote Code Execution Attempt
(smtp.rules)


[---]         Removed rules:         [---]

 2008438 - ET INFO Possible Windows executable sent when remote host claims
to send a Text File (info.rules)
 2009897 - ET MALWARE Possible Windows executable sent when remote host
claims to send html content (malware.rules)
 2022874 - ET INFO Windows Executable Sent When Remote Host Claims to Send
a RAR Archive (info.rules)


-- 
PGP: 0xBED7B297
<https://pgp.mit.edu/pks/lookup?op=get&search=0x6B68453CBED7B297>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-sigs/attachments/20171221/735039f9/attachment-0001.html>


More information about the Emerging-sigs mailing list