[Emerging-updates] Daily Ruleset Update Summary 2017/04/26

Travis Green tgreen at emergingthreats.net
Wed Apr 26 18:16:39 EDT 2017


[***]            Summary:            [***]

2 new Open, 24 new Pro (2 + 22). DANDERSPRITZ, Linux.Shishiga, Various
Phishing, Various Mobile

Thanks: Kevin Branch, MS-ISAC

[+++]          Added rules:          [+++]

Open:

 2024247 - ET TROJAN Possible DANDERSPRITZ Default HTTP Headers
(trojan.rules)
 2024248 - ET TROJAN Possible DANDERSPRITZ HTTP Beacon (trojan.rules)

Pro:

 2826111 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 82
(mobile_malware.rules)
 2826112 - ETPRO MOBILE_MALWARE Android/SMForw.RL Contact Exfil
(mobile_malware.rules)
 2826113 - ETPRO CURRENT_EVENTS Successful Administrator Password Reset
Phish Apr 26 2017 (current_events.rules)
 2826114 - ETPRO CURRENT_EVENTS Successful Netflix Payment Information
Phish Apr 26 2017 (current_events.rules)
 2826115 - ETPRO CURRENT_EVENTS Successful National Australia Bank Phish M1
Apr 26 2017 (current_events.rules)
 2826116 - ETPRO CURRENT_EVENTS Successful National Australia Bank Phish M2
Apr 26 2017 (current_events.rules)
 2826117 - ETPRO TROJAN Linux.Shishiga HTTP Checkin (trojan.rules)
 2826118 - ETPRO CURRENT_EVENTS Successful Paypal Phish Apr 26 2017
(current_events.rules)
 2826119 - ETPRO POLICY DeskShare Desktop Sharing Tool Checkin
(policy.rules)
 2826120 - ETPRO TROJAN DNS Query to Sage Domain (qlkrwn . com)
(trojan.rules)
 2826121 - ETPRO TROJAN DNS Query to Cerber Domain (1c1ajf . top)
(trojan.rules)
 2826122 - ETPRO TROJAN DNS Query to Cerber Domain (1nkkem . top)
(trojan.rules)
 2826123 - ETPRO TROJAN MSIL/Unk.CoinMiner CnC Install Activity
(trojan.rules)
 2826124 - ETPRO TROJAN DNS Query to Cerber Domain (17u2yg . top)
(trojan.rules)
 2826125 - ETPRO TROJAN DNS Query to Cerber Domain (17m14u . top)
(trojan.rules)
 2826126 - ETPRO TROJAN DNS Query to Cerber Domain (1mee2x . top)
(trojan.rules)
 2826127 - ETPRO TROJAN DNS Query to Cerber Domain (1g6evx . top)
(trojan.rules)
 2826128 - ETPRO TROJAN DNS Query to Cerber Domain (13bi2c . top)
(trojan.rules)
 2826129 - ETPRO TROJAN DNS Query to Cerber Domain (1j43kf . top)
(trojan.rules)
 2826130 - ETPRO TROJAN DNS Query to Cerber Domain (1evjph . top)
(trojan.rules)
 2826131 - ETPRO TROJAN DNS Query to Cerber Domain (1fnjrj . top)
(trojan.rules)
 2826132 - ETPRO TROJAN DNS Query to Cerber Domain (14szpx . top)
(trojan.rules)


[///]     Modified active rules:     [///]

 2020962 - ET TROJAN CozyDuke APT HTTP Checkin (trojan.rules)
 2814860 - ETPRO TROJAN njRAT/Bladabindi CnC Callback (act) (trojan.rules)
 2815563 - ETPRO CURRENT_EVENTS Base64 Javascript URL Refresh - Common
Phish Landing Obfuscation Dec 31 (current_events.rules)


[---]         Disabled rules:        [---]

 2800075 - ETPRO ACTIVEX Microsoft Internet Explorer COM Object
Instantiation Memory Corruption (activex.rules)
 2800076 - ETPRO ACTIVEX Microsoft Internet Explorer COM Object
Instantiation Memory Corruption (activex.rules)
 2800077 - ETPRO ACTIVEX Microsoft Internet Explorer COM Object
Instantiation Memory Corruption (activex.rules)
 2800078 - ETPRO ACTIVEX Microsoft Internet Explorer COM Object
Instantiation Memory Corruption (activex.rules)
 2800079 - ETPRO ACTIVEX Microsoft Internet Explorer COM Object
Instantiation Memory Corruption (activex.rules)
 2800080 - ETPRO ACTIVEX Microsoft Internet Explorer COM Object
Instantiation Memory Corruption (activex.rules)
 2800081 - ETPRO ACTIVEX Microsoft Internet Explorer COM Object
Instantiation Memory Corruption (activex.rules)
 2800082 - ETPRO ACTIVEX Microsoft Internet Explorer COM Object
Instantiation Memory Corruption (activex.rules)
 2800083 - ETPRO ACTIVEX Microsoft Internet Explorer COM Object
Instantiation Memory Corruption (activex.rules)
 2800084 - ETPRO ACTIVEX Microsoft Internet Explorer COM Object
Instantiation Memory Corruption (activex.rules)
 2800085 - ETPRO ACTIVEX Microsoft Internet Explorer COM Object
Instantiation Memory Corruption (activex.rules)
 2800086 - ETPRO ACTIVEX Microsoft Internet Explorer COM Object
Instantiation Memory Corruption (activex.rules)
 2800087 - ETPRO ACTIVEX Microsoft Internet Explorer COM Object
Instantiation Memory Corruption (activex.rules)
 2800088 - ETPRO ACTIVEX Microsoft Internet Explorer COM Object
Instantiation Memory Corruption (activex.rules)
 2800101 - ETPRO ACTIVEX CA eTrust Intrusion Detection CallCode ActiveX
Control Code Execution (activex.rules)
 2800102 - ETPRO ACTIVEX CA eTrust Intrusion Detection CallCode ActiveX
Control Code Execution (activex.rules)
 2800117 - ETPRO ACTIVEX Microsoft Internet Explorer ActiveX Object
 Objectsafety Implementation Code Execution clsid Attempt (activex.rules)
 2800119 - ETPRO ACTIVEX Microsoft Internet Explorer Pdwizard.ocx ActiveX
Object Memory Corruption clsid (activex.rules)
 2800120 - ETPRO ACTIVEX Microsoft Internet Explorer Pdwizard.ocx ActiveX
Object Memory Corruption activex (activex.rules)
 2800121 - ETPRO ACTIVEX Microsoft Internet Explorer Pdwizard.ocx ActiveX
Object Memory Corruption (activex.rules)
 2800141 - ETPRO EXPLOIT RealNetworks Helix DNA Server RTSP Service Heap
Overflow (exploit.rules)
 2800148 - ETPRO ACTIVEX Microsoft SQL Server Distributed Management
Objects Buffer Overflow (activex.rules)
 2800152 - ETPRO ACTIVEX Microsoft Windows MFC Library FileFind Class Heap
Overflow (activex.rules)
 2800190 - ETPRO SMTP IBM Lotus Notes MIF Attachment Viewer Buffer Overflow
1 (smtp.rules)
 2800191 - ETPRO SMTP IBM Lotus Notes MIF Attachment Viewer Buffer Overflow
2 (smtp.rules)
 2800216 - ETPRO ACTIVEX BitDefender Online Scanner ActiveX Control Buffer
Overflow 1 (activex.rules)
 2800217 - ETPRO ACTIVEX BitDefender Online Scanner ActiveX Control Buffer
Overflow 2 (activex.rules)
 2800218 - ETPRO ACTIVEX BitDefender Online Scanner ActiveX Control Buffer
Overflow 3 (activex.rules)
 2800219 - ETPRO ACTIVEX BitDefender Online Scanner ActiveX Control Buffer
Overflow 4 (activex.rules)
 2800220 - ETPRO ACTIVEX BitDefender Online Scanner ActiveX Control Buffer
Overflow 5 (activex.rules)
 2800221 - ETPRO ACTIVEX BitDefender Online Scanner ActiveX Control Buffer
Overflow 6 (activex.rules)
 2800231 - ETPRO EXPLOIT Apple QuickTime RTSP Response Crafted Content-Type
Header Buffer Overflow 2 (exploit.rules)
 2800258 - ETPRO ACTIVEX HP Software Update Tool ActiveX Control File
Overwrite (activex.rules)
 2800259 - ETPRO ACTIVEX HP Software Update Tool ActiveX Control File
Overwrite (activex.rules)
 2800271 - ETPRO ACTIVEX Microsoft Visual FoxPro vfp6r.dll DoCmd ActiveX
Control Command Execution 1 (activex.rules)
 2800272 - ETPRO ACTIVEX Microsoft Visual FoxPro vfp6r.dll DoCmd ActiveX
Control Command Execution 2 (activex.rules)
 2800292 - ETPRO EXPLOIT Sybase SQL Anywhere MobiLink Crafted Strings
Buffer Overflow 1 (exploit.rules)
 2800293 - ETPRO EXPLOIT Sybase SQL Anywhere MobiLink Crafted Strings
Buffer Overflow 2 (exploit.rules)
 2800294 - ETPRO EXPLOIT Sybase SQL Anywhere MobiLink Crafted Strings
Buffer Overflow 3 (exploit.rules)
 2800305 - ETPRO ACTIVEX Microsoft Office Web Components URL Parsing Buffer
Overflow (activex.rules)
 2800309 - ETPRO ACTIVEX Microsoft Office Web Components DateSource Code
Execution 1 (activex.rules)
 2800310 - ETPRO ACTIVEX Microsoft Office Web Components DateSource Code
Execution 2 (activex.rules)
 2800317 - ETPRO ACTIVEX CA Multiple Products ActiveX Control Use
(activex.rules)
 2800318 - ETPRO ACTIVEX CA Multiple Products ActiveX Control ListCtrl Use
(activex.rules)
 2800319 - ETPRO ACTIVEX CA Multiple Products ActiveX Control ListCtrl
AddColumn Buffer Overflow 1 (activex.rules)
 2800320 - ETPRO ACTIVEX CA Multiple Products ActiveX Control ListCtrl
AddColumn Buffer Overflow 4 (activex.rules)
 2800345 - ETPRO MALWARE BugsPrey (Init Connection) (malware.rules)
 2800346 - ETPRO MALWARE BugsPrey (Init Connection Reply) (malware.rules)
 2800353 - ETPRO ACTIVEX Microsoft SQL Server 2000 Client Components
ActiveX Control Buffer Overflow 1 (activex.rules)
 2800354 - ETPRO ACTIVEX Microsoft SQL Server 2000 Client Components
ActiveX Control Buffer Overflow 2 (activex.rules)
 2800358 - ETPRO ACTIVEX Macrovision InstallShield Update Service Agent
ActiveX 1 (activex.rules)
 2800359 - ETPRO ACTIVEX Macrovision InstallShield Update Service Agent
ActiveX 2 (activex.rules)
 2800360 - ETPRO ACTIVEX Macrovision InstallShield Update Service Agent
ActiveX Memory Corruption (activex.rules)
 2800361 - ETPRO TROJAN aSpy v2.12 (trojan.rules)
 2800363 - ETPRO ACTIVEX Autodesk Multiple Products LiveUpdate ActiveX
Control Code Execution 1 (activex.rules)
 2800364 - ETPRO ACTIVEX Autodesk Multiple Products LiveUpdate ActiveX
Control Code Execution 2 (activex.rules)
 2800383 - ETPRO MALWARE LOST DOOR 3.0 (init connection) (malware.rules)
 2800391 - ETPRO TROJAN SRaT 1.6 Checkin (trojan.rules)
 2800404 - ETPRO ACTIVEX SAP GUI TabOne ActiveX Control Caption List Buffer
Overflow 1 (activex.rules)
 2800405 - ETPRO ACTIVEX SAP GUI TabOne ActiveX Control Caption List Buffer
Overflow 2 (activex.rules)
 2800406 - ETPRO ACTIVEX SAP GUI TabOne ActiveX Control Caption List Buffer
Overflow 3 (activex.rules)
 2800407 - ETPRO ACTIVEX SAP GUI TabOne ActiveX Control Caption List Buffer
Overflow 4 (activex.rules)
 2800418 - ETPRO SMTP Novell Groupwise Internet Agent RCPT Command Buffer
Overflow (smtp.rules)
 2800419 - ETPRO EXPLOIT Oracle Application Server Portal Cross Site
Scripting (exploit.rules)
 2800430 - ETPRO SQL MySQL XML Functions Scalar XPath Denial of Service
(sql.rules)
 2800431 - ETPRO SQL MySQL XML Functions Scalar XPath Denial of Service
(sql.rules)
 2800461 - ETPRO WEB_CLIENT Adobe Reader JavaScript getAnnots Method Memory
Corruption (web_client.rules)
 2800493 - ETPRO FTP Microsoft Internet Information Services FTP Server
Remote Buffer Overflow (ftp.rules)
 2800501 - ETPRO WEB_CLIENT FFmpeg OGV File Format Memory Corruption
(web_client.rules)
 2800502 - ETPRO ACTIVEX SAP GUI WebViewer3D ActiveX Control Arbitrary File
Overwrite 1 (activex.rules)
 2800503 - ETPRO ACTIVEX SAP GUI WebViewer3D ActiveX Control Arbitrary File
Overwrite 2 (activex.rules)
 2800504 - ETPRO ACTIVEX SAP GUI WebViewer3D ActiveX Control Arbitrary File
Overwrite 3 (activex.rules)
 2800505 - ETPRO ACTIVEX SAP GUI WebViewer3D ActiveX Control Arbitrary File
Overwrite 4 (activex.rules)
 2800506 - ETPRO ACTIVEX EMC Captiva QuickScan Pro KeyHelp ActiveX Control
Buffer Overflow (activex.rules)


-- 
PGP: 0xBED7B297
<https://pgp.mit.edu/pks/lookup?op=get&search=0x6B68453CBED7B297>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20170426/ddbf9daf/attachment.html>


More information about the Emerging-updates mailing list