[Emerging-updates] Daily Ruleset Update Summary 2017/04/28

Travis Green tgreen at emergingthreats.net
Fri Apr 28 17:41:29 EDT 2017


[***]            Summary:            [***]

21 new Pro. Carbanak XOR Encoded Meterpreter, Various Phishing, Various
Mobile


[+++]          Added rules:          [+++]

Pro:

 2826160 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2017-04-28 1) (trojan.rules)
 2826161 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2017-04-28 2) (trojan.rules)
 2826162 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2017-04-28 3) (trojan.rules)
 2826163 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2017-04-28 4) (trojan.rules)
 2826164 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2017-04-28 5) (trojan.rules)
 2826165 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2017-04-28 6) (trojan.rules)
 2826166 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2017-04-28 7) (trojan.rules)
 2826167 - ETPRO TROJAN Possible Carbanak XOR Encoded Meterpreter
(metsrv.dll) (trojan.rules)
 2826168 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 83
(mobile_malware.rules)
 2826169 - ETPRO TROJAN DNS Query to Sage Domain (xcvkjet . com)
(trojan.rules)
 2826170 - ETPRO TROJAN DNS Query to Cerber Domain (1nprob . top)
(trojan.rules)
 2826171 - ETPRO TROJAN DNS Query to Cerber Domain (1fygsg . top)
(trojan.rules)
 2826172 - ETPRO TROJAN DNS Query to Cerber Domain (1kyjw7 . top)
(trojan.rules)
 2826173 - ETPRO TROJAN DNS Query to Cerber Domain (1mwvgh . top)
(trojan.rules)
 2826176 - ETPRO MOBILE_MALWARE Android Unknown Trojan-Spy CnC Beacon
(mobile_malware.rules)
 2826177 - ETPRO MOBILE_MALWARE Android Unknown Trojan-Spy Contact Exfil
(mobile_malware.rules)
 2826178 - ETPRO TROJAN Cobalt Strike Malleable C2 Amazon Profile
(trojan.rules)
 2826179 - ETPRO CURRENT_EVENTS Successful Office 365 Phish Apr 28 2017
(current_events.rules)
 2826180 - ETPRO CURRENT_EVENTS Successful DHL Phish Apr 28 2017
(current_events.rules)
 2826181 - ETPRO CURRENT_EVENTS Successful UK Gov Tax Refund Phish Apr 28
2017 (current_events.rules)
 2826182 - ETPRO CURRENT_EVENTS Successful Verified by VISA Phish Apr 28
2017 (current_events.rules)


[///]     Modified active rules:     [///]

 2009949 - ET WEB_SERVER Tilde in URI - potential .pl source disclosure
vulnerability (web_server.rules)
 2009950 - ET WEB_SERVER Tilde in URI - potential .inc source disclosure
vulnerability (web_server.rules)
 2009951 - ET WEB_SERVER Tilde in URI - potential .conf source disclosure
vulnerability (web_server.rules)
 2009952 - ET WEB_SERVER Tilde in URI - potential .asp source disclosure
vulnerability (web_server.rules)
 2009953 - ET WEB_SERVER Tilde in URI - potential .aspx source disclosure
vulnerability (web_server.rules)
 2009955 - ET WEB_SERVER Tilde in URI - potential .php~ source disclosure
vulnerability (web_server.rules)
 2010820 - ET WEB_SERVER Tilde in URI - potential .cgi source disclosure
vulnerability (web_server.rules)
 2012312 - ET TROJAN Generic Trojan with /? and Indy Library User-Agent
(trojan.rules)
 2014934 - ET CURRENT_EVENTS FoxxySoftware - Landing Page
(current_events.rules)
 2024173 - ET TROJAN Red Leaves magic packet detected (APT10 implant)
(trojan.rules)
 2024174 - ET TROJAN Red Leaves magic packet response detected (APT10
implant) (trojan.rules)


[---]         Disabled rules:        [---]

 2800006 - ETPRO EXPLOIT CVS Argumentx Command Double Free Vulnerability
(exploit.rules)
 2800028 - ETPRO EXPLOIT MySQL CREATE FUNCTION libc Arbitrary Code
Execution (exploit.rules)
 2800035 - ETPRO EXPLOIT CA BrightStor ARCserve Backup Universal Agent
Buffer Overflow (exploit.rules)
 2800037 - ETPRO EXPLOIT CVS Annotate Command Long Revision String Buffer
Overflow (exploit.rules)
 2800041 - ETPRO NETBIOS Microsoft Windows Message Queuing Buffer Overflow
1 (netbios.rules)
 2800042 - ETPRO NETBIOS Microsoft Windows Message Queuing Buffer Overflow
2 (netbios.rules)
 2800043 - ETPRO NETBIOS Microsoft Windows Message Queuing Buffer Overflow
3 (netbios.rules)
 2800044 - ETPRO NETBIOS Microsoft Windows Message Queuing Buffer Overflow
4 (netbios.rules)
 2800045 - ETPRO NETBIOS Microsoft Windows Message Queuing Buffer Overflow
5 (netbios.rules)
 2800046 - ETPRO NETBIOS Microsoft Windows Message Queuing Buffer Overflow
6 (netbios.rules)
 2800047 - ETPRO NETBIOS Microsoft Windows Message Queuing Buffer Overflow
7 (netbios.rules)
 2800048 - ETPRO NETBIOS Microsoft Windows Message Queuing Buffer Overflow
8 (netbios.rules)
 2800049 - ETPRO NETBIOS Microsoft Windows Message Queuing Buffer Overflow
9 (netbios.rules)
 2800050 - ETPRO NETBIOS Microsoft Windows Message Queuing Buffer Overflow
10 (netbios.rules)
 2800051 - ETPRO NETBIOS Microsoft Windows Message Queuing Buffer Overflow
11 (netbios.rules)
 2800054 - ETPRO EXPLOIT Novell ZENworks Remote Management Buffer Overflow
(exploit.rules)
 2800059 - ETPRO EXPLOIT Veritas Backup Exec Agent CONNECT_CLIENT_AUTH
Buffer Overflow (exploit.rules)
 2800060 - ETPRO EXPLOIT Veritas Backup Exec Server Remote Registry Access
(exploit.rules)
 2800061 - ETPRO EXPLOIT Veritas Backup Exec Server Remote Registry Access
(exploit.rules)
 2800067 - ETPRO EXPLOIT CA Multiple Products Console Server Login
Credentials Handling Buffer Overflow 1 (exploit.rules)
 2800068 - ETPRO EXPLOIT CA Multiple Products Console Server Login
Credentials Handling Buffer Overflow 2 (exploit.rules)
 2800069 - ETPRO EXPLOIT CA Multiple Products Console Server Login
Credentials Handling Buffer Overflow 3 (exploit.rules)
 2800070 - ETPRO EXPLOIT CA Multiple Products Console Server Login
Credentials Handling Buffer Overflow 4 (exploit.rules)
 2800072 - ETPRO DOS Linux Kernel NetFilter SCTP Unknown Chunk Types Denial
of Service 1 (dos.rules)
 2800073 - ETPRO DOS Linux Kernel NetFilter SCTP Unknown Chunk Types Denial
of Service 2 (dos.rules)
 2800104 - ETPRO IMAP Ipswitch IMail Server IMAP SEARCH Command Date String
Stack Overflow (imap.rules)
 2800125 - ETPRO EXPLOIT Trend Micro ServerProtect RPC
NTF_SetPagerNotifyConfig Buffer Overflow 1 (exploit.rules)
 2800126 - ETPRO EXPLOIT Trend Micro ServerProtect RPC
NTF_SetPagerNotifyConfig Buffer Overflow (exploit.rules)
 2800127 - ETPRO EXPLOIT Trend Micro ServerProtect RPCFN Engine RPC Buffer
Overflows 1 (exploit.rules)
 2800128 - ETPRO EXPLOIT Trend Micro ServerProtect RPCFN Engine RPC Buffer
Overflows 2 (exploit.rules)
 2800129 - ETPRO EXPLOIT Trend Micro ServerProtect RPCFN Engine RPC Buffer
Overflows 3 (exploit.rules)
 2800130 - ETPRO EXPLOIT Trend Micro ServerProtect RPCFN Engine RPC Buffer
Overflows 4 (exploit.rules)
 2800131 - ETPRO EXPLOIT Trend Micro ServerProtect RPCFN Engine RPC Buffer
Overflows 5 (exploit.rules)
 2800132 - ETPRO EXPLOIT Trend Micro ServerProtect RPCFN Engine RPC Buffer
Overflows 6 (exploit.rules)
 2800133 - ETPRO EXPLOIT Trend Micro ServerProtect RPC
RPCFN_CMON_SetSvcImpersonateUser Buffer Overflow (exploit.rules)
 2800134 - ETPRO EXPLOIT Trend Micro ServerProtect RPC
RPCFN_CMON_SetSvcImpersonateUser Buffer Overflow 2 (exploit.rules)
 2800135 - ETPRO EXPLOIT Trend Micro ServerProtect SPNT Engine RPC Buffer
Overflows 1 (exploit.rules)
 2800136 - ETPRO EXPLOIT Trend Micro ServerProtect SPNT Engine RPC Buffer
Overflows 2 (exploit.rules)
 2800137 - ETPRO EXPLOIT Trend Micro ServerProtect SPNT Engine RPC Buffer
Overflows 3 (exploit.rules)
 2800138 - ETPRO EXPLOIT Trend Micro ServerProtect SPNT Engine RPC Buffer
Overflows 4 (exploit.rules)
 2800139 - ETPRO EXPLOIT Trend Micro ServerProtect EarthAgent RPC
RPCFN_CopyAUSrc Buffer Overflow 1 (exploit.rules)
 2800140 - ETPRO EXPLOIT Trend Micro ServerProtect EarthAgent RPC
RPCFN_CopyAUSrc Buffer Overflow 2 (exploit.rules)
 2800142 - ETPRO EXPLOIT Motorola Timbuktu Crafted Login Request Buffer
Overflow 1 (exploit.rules)
 2800143 - ETPRO EXPLOIT Motorola Timbuktu Crafted Login Request Buffer
Overflow 2 (exploit.rules)
 2800149 - ETPRO EXPLOIT Trend Micro ServerProtect TMregChange Stack
Overflow (exploit.rules)
 2800154 - ETPRO EXPLOIT CA ARCserve Backup for Laptops and Desktops
LGServer Multiple Buffer Overflows 1 (exploit.rules)
 2800155 - ETPRO EXPLOIT CA ARCserve Backup for Laptops and Desktops
LGServer Multiple Buffer Overflows 2 (exploit.rules)
 2800156 - ETPRO EXPLOIT CA ARCserve Backup for Laptops and Desktops
LGServer Multiple Buffer Overflows 3 (exploit.rules)
 2800157 - ETPRO EXPLOIT CA ARCserve Backup for Laptops and Desktops
LGServer Multiple Buffer Overflows 4 (exploit.rules)
 2800158 - ETPRO EXPLOIT CA ARCserve Backup for Laptops and Desktops
LGServer Multiple Buffer Overflows 5 (exploit.rules)
 2800159 - ETPRO EXPLOIT CA ARCserve Backup for Laptops and Desktops
LGServer Multiple Buffer Overflows 6 (exploit.rules)
 2800160 - ETPRO EXPLOIT CA ARCserve Backup for Laptops and Desktops
LGServer Multiple Buffer Overflows 7 (exploit.rules)
 2800161 - ETPRO EXPLOIT CA ARCserve Backup for Laptops and Desktops
LGServer Multiple Buffer Overflows 8 (exploit.rules)
 2800162 - ETPRO EXPLOIT CA ARCserve Backup for Laptops and Desktops
LGServer Multiple Buffer Overflows 9 (exploit.rules)
 2800163 - ETPRO EXPLOIT CA ARCserve Backup for Laptops and Desktops
LGServer Multiple Buffer Overflows 10 (exploit.rules)
 2800164 - ETPRO EXPLOIT CA BrightStor ARCServe Backup LGServer
Authentication Password Buffer Overflow (exploit.rules)
 2800165 - ETPRO EXPLOIT CA BrightStor ARCServe Backup LGServer
Authentication Password Buffer Overflow (exploit.rules)
 2800166 - ETPRO EXPLOIT CA BrightStor ARCServe Backup LGServer
Authentication Username Overflow (exploit.rules)
 2800167 - ETPRO EXPLOIT CA BrightStor ARCServe Backup LGServer Arbitrary
File Upload (exploit.rules)
 2800168 - ETPRO EXPLOIT CA BrightStor ARCserve Backup Message Engine Stack
Overflow 1 (exploit.rules)
 2800169 - ETPRO EXPLOIT CA BrightStor ARCserve Backup Message Engine Stack
Overflow 2 (exploit.rules)
 2800170 - ETPRO EXPLOIT CA BrightStor ARCserve Backup Message Engine Stack
Overflow 3 (exploit.rules)
 2800171 - ETPRO EXPLOIT CA BrightStor ARCserve Backup Message Engine Stack
Overflow 4 (exploit.rules)
 2800172 - ETPRO EXPLOIT CA Multiple Products DBASVR RPC Server Crafted
Pointer Buffer Overflow 1 (exploit.rules)
 2800173 - ETPRO EXPLOIT CA Multiple Products DBASVR RPC Server Crafted
Pointer Buffer Overflow 2 (exploit.rules)
 2800174 - ETPRO EXPLOIT CA Multiple Products DBASVR RPC Server Crafted
Pointer Buffer Overflow 3 (exploit.rules)
 2800175 - ETPRO EXPLOIT CA Multiple Products DBASVR RPC Server Crafted
Pointer Buffer Overflow 4 (exploit.rules)
 2800176 - ETPRO EXPLOIT CA Multiple Products DBASVR RPC Server Crafted
Pointer Buffer Overflow 5 (exploit.rules)
 2800177 - ETPRO EXPLOIT CA Multiple Products DBASVR RPC Server Crafted
Pointer Buffer Overflow 6 (exploit.rules)
 2800178 - ETPRO EXPLOIT CA Multiple Products DBASVR RPC Server Crafted
Pointer Buffer Overflow 7 (exploit.rules)
 2800179 - ETPRO EXPLOIT CA Multiple Products DBASVR RPC Server Crafted
Pointer Buffer Overflow 8 (exploit.rules)
 2800180 - ETPRO EXPLOIT CA Multiple Products DBASVR RPC Server Crafted
Pointer Buffer Overflow 9 (exploit.rules)
 2800181 - ETPRO EXPLOIT CA Multiple Products DBASVR RPC Server Crafted
Pointer Buffer Overflow 10 (exploit.rules)
 2800182 - ETPRO EXPLOIT CA BrightStor ARCserve Backup Message Engine
Insecure Method Exposure 1 (exploit.rules)
 2800183 - ETPRO EXPLOIT CA BrightStor ARCserve Backup Message Engine
Insecure Method Exposure 2 (exploit.rules)
 2800234 - ETPRO EXPLOIT HP OpenView Network Node Manager CGI Application
Buffer Overflow (exploit.rules)
 2800236 - ETPRO NETBIOS Samba Domain Controller Service Crafted Mailslot
Name Buffer Overflow (netbios.rules)
 2800244 - ETPRO NETBIOS Microsoft Windows Message Queuing Service RPC Bind
Little (netbios.rules)
 2800245 - ETPRO NETBIOS Microsoft Windows Message Queuing Service String
Buffer Overflow 1 (netbios.rules)
 2800246 - ETPRO NETBIOS Microsoft Windows Message Queuing Service String
Buffer Overflow 2 (netbios.rules)
 2800247 - ETPRO NETBIOS Microsoft Windows Message Queuing Service String
Buffer Overflow 3 (netbios.rules)
 2800281 - ETPRO EXPLOIT Citrix Systems Multiple Products IMA Service
Buffer Overflow (exploit.rules)
 2800282 - ETPRO EXPLOIT Nullsoft Winamp Ultravox Streaming Metadata
Parsing Stack Buffer Overflow 1 (exploit.rules)
 2800283 - ETPRO EXPLOIT Nullsoft Winamp Ultravox Streaming Metadata
Parsing Stack Buffer Overflow 2 (exploit.rules)
 2800284 - ETPRO EXPLOIT Firebird Database Server Username Handling Buffer
Overflow (exploit.rules)
 2800295 - ETPRO EXPLOIT Symantec VERITAS Storage Foundation Administrator
Service Buffer Overflow (exploit.rules)
 2800313 - ETPRO EXPLOIT McAfee ePolicy Orchestrator Framework Services Log
Handling Format String Vulnerability 1 (exploit.rules)
 2800314 - ETPRO EXPLOIT McAfee ePolicy Orchestrator Framework Services Log
Handling Format String Vulnerability 2 (exploit.rules)
 2800315 - ETPRO EXPLOIT McAfee ePolicy Orchestrator Framework Services Log
Handling Format String Vulnerability 3 (exploit.rules)
 2800316 - ETPRO IMAP Alt-N MDaemon IMAP Server FETCH Command Buffer
Overflow (imap.rules)
 2800325 - ETPRO EXPLOIT GNOME Project libxslt Library RC4 Key String
Buffer Overflow 1 (exploit.rules)
 2800326 - ETPRO EXPLOIT GNOME Project libxslt Library RC4 Key String
Buffer Overflow 2 (exploit.rules)
 2800327 - ETPRO EXPLOIT GNOME Project libxslt Library RC4 Key String
Buffer Overflow 3 (exploit.rules)
 2800343 - ETPRO EXPLOIT Symantec Veritas Storage Foundation Scheduler
Service NULL Session Authentication Bypass (exploit.rules)
 2800356 - ETPRO EXPLOIT Trend Micro OfficeScan Server cgiRecvFile Buffer
Overflow (exploit.rules)
 2800357 - ETPRO EXPLOIT IBM DB2 Universal Database XML Query Buffer
Overflow (exploit.rules)
 2800379 - ETPRO EXPLOIT Sun Solstice AdminSuite sadmind service
adm_build_path Buffer Overflow high ports (exploit.rules)
 2800382 - ETPRO EXPLOIT Trend Micro OfficeScan Multiple CGI Modules HTTP
Form Processing Buffer Overflow (exploit.rules)
 2800394 - ETPRO EXPLOIT Apple CUPS PNG Filter Overly Large Image Height
Integer Overflow 1 (exploit.rules)
 2800395 - ETPRO EXPLOIT Apple CUPS PNG Filter Overly Large Image Height
Integer Overflow 2 (exploit.rules)
 2800396 - ETPRO CHAT Cerulean Studios Trillian Image Filename XML Tag
Stack Buffer Overflow (chat.rules)
 2800397 - ETPRO CHAT Cerulean Studios Trillian AIM XML Tag Handling Heap
Buffer Overflow (chat.rules)
 2800412 - ETPRO EXPLOIT Oracle Secure Backup NDMP Packet Handling Multiple
Memory Corruption 1 (exploit.rules)
 2800413 - ETPRO EXPLOIT Oracle Secure Backup NDMP Packet Handling Multiple
Memory Corruption 2 (exploit.rules)
 2800415 - ETPRO ACTIVEX AXIS Communications Camera Control image_pan_tilt
Buffer Overflow 2 (activex.rules)
 2800420 - ETPRO EXPLOIT UltraVNC VNCViewer Authenticate Buffer Overflow 1
(exploit.rules)
 2800421 - ETPRO EXPLOIT UltraVNC VNCViewer Authenticate Buffer Overflow 2
(exploit.rules)
 2800423 - ETPRO EXPLOIT HP OpenView Network Node Manager ovlaunch HTTP
Request Buffer Overflow (exploit.rules)
 2800425 - ETPRO ACTIVEX Research In Motion BlackBerry Application Web
Loader ActiveX Control Buffer Overflow 2 (activex.rules)
 2800426 - ETPRO ACTIVEX Research In Motion BlackBerry Application Web
Loader ActiveX Control Buffer Overflow 3 (activex.rules)
 2800427 - ETPRO ACTIVEX Research In Motion BlackBerry Application Web
Loader ActiveX Control Buffer Overflow 5 (activex.rules)
 2800433 - ETPRO EXPLOIT IBM Tivoli Storage Manager Express Backup Heap
Corruption 1 (exploit.rules)
 2800434 - ETPRO EXPLOIT IBM Tivoli Storage Manager Express Backup Heap
Corruption 2 (exploit.rules)
 2800437 - ETPRO EXPLOIT IBM Director CIM Server Consumer Name Handling
Denial of Service 1 (exploit.rules)
 2800438 - ETPRO EXPLOIT IBM Director CIM Server Consumer Name Handling
Denial of Service 2 (exploit.rules)
 2800439 - ETPRO EXPLOIT HP OpenView Network Node Manager OvAcceptLang
Parameter Buffer Overflow (exploit.rules)
 2800440 - ETPRO EXPLOIT HP OpenView Network Node Manager OvOSLocale
Parameter Buffer Overflow (exploit.rules)
 2800444 - ETPRO DOS IBM DB2 Database Server CONNECT Request Denial of
Service (dos.rules)
 2800445 - ETPRO DOS IBM DB2 Database Server Invalid Data Stream Denial of
Service (Published Exploit) (dos.rules)
 2800455 - ETPRO EXPLOIT HP OpenView Network Node Manager ovalarmsrv
Integer Overflow 1 (exploit.rules)
 2800456 - ETPRO EXPLOIT HP OpenView Network Node Manager ovalarmsrv
Integer Overflow 2 (exploit.rules)
 2800457 - ETPRO EXPLOIT HP OpenView Network Node Manager ovalarmsrv
Integer Overflow 3 (exploit.rules)
 2800458 - ETPRO EXPLOIT HP OpenView Network Node Manager ovalarmsrv
Integer Overflow 4 (exploit.rules)
 2800459 - ETPRO EXPLOIT HP OpenView Network Node Manager ovalarmsrv
Integer Overflow 5 (exploit.rules)
 2800460 - ETPRO EXPLOIT HP OpenView Network Node Manager ovalarmsrv
Integer Overflow 6 (exploit.rules)
 2800465 - ETPRO EXPLOIT IBM Tivoli Storage Manager Client dsmagent.exe
NodeName Buffer Overflow 1 (exploit.rules)
 2800466 - ETPRO EXPLOIT IBM Tivoli Storage Manager Client dsmagent.exe
NodeName Buffer Overflow 2 (exploit.rules)
 2800467 - ETPRO EXPLOIT IBM Tivoli Storage Manager Agent Client Generic
String Handling Buffer Overflow (exploit.rules)
 2800486 - ETPRO EXPLOIT Unisys Business Information Server Stack Buffer
Overflow (exploit.rules)
 2800487 - ETPRO EXPLOIT HP OpenView Network Node Manager rping Stack
Buffer Overflow 1 (exploit.rules)
 2800488 - ETPRO EXPLOIT HP OpenView Network Node Manager rping Stack
Buffer Overflow 2 (exploit.rules)
 2800491 - ETPRO DOS Firebird SQL op_connect_request Denial of Service
(dos.rules)
 2800496 - ETPRO ACTIVEX Microsoft Windows DHTML Editing Component ActiveX
Control Code Execution (activex.rules)
 2800497 - ETPRO ACTIVEX Microsoft Windows DHTML Editing Component ActiveX
Control Code Execution (activex.rules)
 2800499 - ETPRO DOS FreeRADIUS RADIUS Server rad_decode Remote Denial of
Service (dos.rules)


-- 
PGP: 0xBED7B297
<https://pgp.mit.edu/pks/lookup?op=get&search=0x6B68453CBED7B297>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20170428/95e6585e/attachment-0001.html>


More information about the Emerging-updates mailing list