[Emerging-Sigs] Daily Ruleset Update Summary 2018/01/11

Travis Green tgreen at emergingthreats.net
Thu Jan 11 12:20:41 HST 2018


[***]            Summary:            [***]

1 new Open, 21 new Pro (1 + 12). MSIL/AdFraudClicker, Bitter RAT, Various
Phishing.


[+++]          Added rules:          [+++]

Open:

 2025198 - ET TROJAN Bitter RAT HTTP CnC Beacon M2 (trojan.rules)

Pro:

 2829248 - ETPRO TROJAN Possible Meterpreter SSL Certificate (trojan.rules)
 2829249 - ETPRO CURRENT_EVENTS Observed Malicious Windows Installer UA jpg
DL (current_events.rules)
 2829250 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2018-01-11
(current_events.rules)
 2829251 - ETPRO CURRENT_EVENTS Successful Google Drive Phish 2018-01-11
(current_events.rules)
 2829252 - ETPRO TROJAN Observed Malicious SSL Cert (Zeus Panda CnC)
(trojan.rules)
 2829253 - ETPRO TROJAN Zeus Panda Domain (disithedtse .com in DNS Lookup)
(trojan.rules)
 2829254 - ETPRO TROJAN Zeus Panda Domain (disithedtse .com in TLS SNI)
(trojan.rules)
 2829255 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-01-11 1) (trojan.rules)
 2829256 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-01-11 2) (trojan.rules)
 2829257 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-01-11 3) (trojan.rules)
 2829258 - ETPRO MALWARE Win32/PCKeeper PUP Activity M2 (malware.rules)
 2829259 - ETPRO MALWARE MSIL/AdFraudClicker Activity (malware.rules)


[///]     Modified active rules:     [///]

 2820482 - ETPRO TROJAN Malicious SSL Certificate Detected (Gootkit C2)
(trojan.rules)
 2829182 - ETPRO WEB_CLIENT Weblogic XMLDecoder RCE (CVE-2017-10271)
(web_client.rules)


[---]         Disabled rules:        [---]

 2011328 - ET EXPLOIT HP OpenView Network Node Manager OvJavaLocale Cookie
Value Buffer Overflow Attempt (exploit.rules)
 2011478 - ET EXPLOIT Possible Microsoft Office Word 2007 sprmCMajority
Buffer Overflow Attempt (exploit.rules)
 2011503 - ET EXPLOIT Successful Etrust Secure Transaction Platform
Identification and Entitlements Server File Disclosure Attempt
(exploit.rules)
 2012045 - ET EXPLOIT VMware Tools Update OS Command Injection Attempt
(exploit.rules)
 2012055 - ET EXPLOIT JDownloader Webinterface Source Code Disclosure
(exploit.rules)
 2012057 - ET EXPLOIT VMware 2 Web Server Directory Traversal
(exploit.rules)
 2012058 - ET EXPLOIT HP LaserJet PLJ Interface Directory Traversal
(exploit.rules)
 2012101 - ET EXPLOIT Oracle Virtual Server Agent Command Injection Attempt
(exploit.rules)
 2012103 - ET EXPLOIT D-Link bsc_wlan.php Security Bypass (exploit.rules)
 2012154 - ET EXPLOIT Wireshark ENTTEC DMX Data Processing Code Execution
Attempt 1 (exploit.rules)
 2012155 - ET EXPLOIT Wireshark ENTTEC DMX Data Processing Code Execution
Attempt 2 (exploit.rules)
 2012174 - ET EXPLOIT Microsoft Windows Common Control Library Heap Buffer
Overflow (exploit.rules)
 2800768 - ETPRO EXPLOIT Alt-N MDaemon IMAP Server Authentication Routines
Buffer Overflow (LOGIN) (exploit.rules)
 2800779 - ETPRO EXPLOIT VERITAS Backup Exec Agent Arbitrary File Download
(exploit.rules)
 2800781 - ETPRO EXPLOIT Microsoft Windows Shell Buffer Overflow
(exploit.rules)
 2800782 - ETPRO EXPLOIT Microsoft Windows Shell Buffer Overflow (no Item
ID list) (exploit.rules)
 2800788 - ETPRO EXPLOIT CA Messaging Queuing Buffer Overflow
(exploit.rules)
 2800790 - ETPRO EXPLOIT Alt-N MDaemon IMAP Server Authentication Routines
Buffer Overflow CRAM-MD5 (exploit.rules)
 2800842 - ETPRO EXPLOIT IBM Rational Quality Manager and Test Lab Manager
Policy Bypass (exploit.rules)
 2800856 - ETPRO EXPLOIT Oracle Java Runtime CMM readMabCurveData Buffer
Overflow (exploit.rules)
 2800859 - ETPRO EXPLOIT HP Data Protector Media Operations Null Pointer
Deference Denial of Service Request (exploit.rules)
 2800862 - ETPRO EXPLOIT IBM Informix Dynamic Server DBINFO Stack Buffer
Overflow (exploit.rules)
 2800870 - ETPRO EXPLOIT Microsoft Office PowerPoint Integer Underflow
(exploit.rules)
 2800880 - ETPRO EXPLOIT Adobe Shockwave Player Lnam Chunk Processing
Buffer Overflow Big Endian (exploit.rules)
 2800882 - ETPRO EXPLOIT Adobe Shockwave Player Lnam Chunk offset 24
Processing Buffer Overflow Little Endian (exploit.rules)
 2800942 - ETPRO EXPLOIT Microsoft Forefront Unified Access Gateway
Signurl.asp Cross-Site Scripting (exploit.rules)
 2800956 - ETPRO EXPLOIT HP Data Protector Manager MMD Service Stack Buffer
Overflow (exploit.rules)
 2800960 - ETPRO EXPLOIT HP Data Protector OmniInet Service NULL
Dereference Denial of Service (exploit.rules)
 2800961 - ETPRO EXPLOIT HP Data Protector OmniInet Service NULL
Dereference Denial of Service (exploit.rules)
 2801178 - ETPRO EXPLOIT Microsoft IIS FTP Server Telnet IAC Buffer
Overflow (exploit.rules)
 2801242 - ETPRO EXPLOIT CA ARCserve D2D Axis2 Default Credentials
(exploit.rules)
 2801244 - ETPRO EXPLOIT CA ARCserve D2D Axis2 Default Credentials Remote
Code Execution (exploit.rules)
 2801257 - ETPRO EXPLOIT Microsoft Sharepoint Document Conversions Launcher
Code Execution (exploit.rules)
 2801272 - ETPRO EXPLOIT CA BrightStor ARCserve Backup Media Server SUN RPC
Service Buffer Overflow (exploit.rules)
 2801276 - ETPRO EXPLOIT HP OpenView Network Node Manager nnmRptConfig.exe
nameParams text1 Buffer Overflow (exploit.rules)
 2801278 - ETPRO EXPLOIT HP OpenView Network Node Manager nnmRptConfig.exe
nameParams text1 Buffer Overflow (exploit.rules)
 2801279 - ETPRO EXPLOIT HP OpenView Network Node Manager nnmRptConfig.exe
Template Format String Code Execution (exploit.rules)
 2801307 - ETPRO EXPLOIT HP OpenView Network Node Manager jovgraph.exe
displayWidth Buffer Overflow (exploit.rules)
 2801310 - ETPRO EXPLOIT Oracle GoldenGate Veridata Server XML SOAP Request
Buffer Overflow (exploit.rules)
 2801328 - ETPRO EXPLOIT Symantec Alert Management System Pin Number Stack
Buffer Overflow (exploit.rules)
 2801337 - ETPRO EXPLOIT Symantec Alert Management System Modem String
Stack Buffer Overflow (exploit.rules)
 2801344 - ETPRO EXPLOIT HP OpenView Performance Insight Server Backdoor
Account Code Execution (exploit.rules)
 2801345 - ETPRO EXPLOIT HP OpenView Performance Insight Server Backdoor
Account Code Execution (exploit.rules)
 2801346 - ETPRO EXPLOIT HP OpenView Performance Insight Server Backdoor
Account Code Execution (exploit.rules)
 2801353 - ETPRO EXPLOIT HP OpenView Network Node Manager ovutil.dll
stringToSeconds Buffer Overflow (exploit.rules)
 2801391 - ETPRO EXPLOIT IBM Informix Dynamic Server SET ENVIRONMENT Stack
Buffer Overflow (exploit.rules)
 2801392 - ETPRO EXPLOIT IBM Informix Dynamic Server SET ENVIRONMENT Stack
Buffer Overflow (exploit.rules)
 2801443 - ETPRO EXPLOIT Novell Netware XNFS.NLM Stack Buffer Overflow 1
(exploit.rules)
 2801444 - ETPRO EXPLOIT Novell Netware XNFS.NLM Stack Buffer Overflow 2
(exploit.rules)
 2801445 - ETPRO EXPLOIT RedHat JBoss Enterprise Application Platform JMX
Console Authentication Bypass (exploit.rules)
 2801622 - ETPRO EXPLOIT Citrix Provisioning Services streamprocess.exe
Stack Buffer Overflow (exploit.rules)
 2801679 - ETPRO EXPLOIT EnterpriseDB PostgreSQL Plus Advanced Server DBA
Management Server Authentication Bypass (exploit.rules)
 2801877 - ETPRO EXPLOIT Oracle Secure Backup Admin Server index.php
preauth Parameter Arbitrary Code Execution (exploit.rules)
 2801878 - ETPRO EXPLOIT Oracle Secure Backup Admin Server property_box.php
other Parameter Arbitrary Code Execution (exploit.rules)
 2801879 - ETPRO EXPLOIT Oracle Secure Backup Admin Server property_box.php
objectname Parameter Arbitrary Command Execution (exploit.rules)
 2801886 - ETPRO EXPLOIT HP OpenView Network Node Manager nnmRptConfig.exe
schd_select1 Remote Code Execution (exploit.rules)
 2801904 - ETPRO EXPLOIT Novell iManager ClassName Remote Buffer Overflow
(exploit.rules)
 2801952 - ETPRO EXPLOIT Zend Zend Server Java Bridge Remote Code Execution
(exploit.rules)
 2801970 - ETPRO EXPLOIT HP OpenView Network Node Manager ovwebsnmpsrv.exe
OVwSelection Buffer Overflow (exploit.rules)
 2802005 - ETPRO EXPLOIT IBM solidDB solid.exe Authentication Bypass Little
Endian 1 (exploit.rules)
 2802006 - ETPRO EXPLOIT IBM solidDB solid.exe Authentication Bypass Little
Endian 2 (exploit.rules)
 2802007 - ETPRO EXPLOIT IBM solidDB solid.exe Authentication Bypass Little
Endian 3 (exploit.rules)
 2802008 - ETPRO EXPLOIT IBM solidDB solid.exe Authentication Bypass Big
Endian 1 (exploit.rules)
 2802009 - ETPRO EXPLOIT IBM solidDB solid.exe Authentication Bypass Big
Endian 2 (exploit.rules)
 2802010 - ETPRO EXPLOIT IBM solidDB solid.exe Authentication Bypass Big
Endian 3 (exploit.rules)
 2802089 - ETPRO EXPLOIT IBM Tivoli Directory Server ibmslapd.exe Integer
Overflow (exploit.rules)


-- 
PGP: 0xBED7B297
<https://pgp.mit.edu/pks/lookup?op=get&search=0x6B68453CBED7B297>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-sigs/attachments/20180111/081f5eb8/attachment.html>


More information about the Emerging-sigs mailing list