[Emerging-updates] Daily Ruleset Update Summary 2017/05/02

Travis Green tgreen at emergingthreats.net
Tue May 2 18:17:20 EDT 2017


[***]            Summary:            [***]

12 new Pro. AutoIT RMS Dropper, Various Mobile.


[+++]          Added rules:          [+++]

 2826203 - ETPRO TROJAN Trojan/AutoIT RMS Dropper Checkin (trojan.rules)
 2826204 - ETPRO MOBILE_MALWARE Monitor.AndroidOS.Hellospy.a CnC Beacon
(mobile_malware.rules)
 2826205 - ETPRO TROJAN Possible Linux.Shishiga HTTP Fake 404 Response
(trojan.rules)
 2826206 - ETPRO TROJAN Unknown Stealer Checkin (trojan.rules)
 2826207 - ETPRO TROJAN SMSDocu SSL Cert (trojan.rules)
 2826208 - ETPRO MOBILE_MALWARE Android.Riskware.SMSReg.FS CnC Beacon 2
(mobile_malware.rules)
 2826209 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmsThief.mk Reporting
via SMTP (mobile_malware.rules)
 2826210 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmsThief.ey Reporting
via SMTP (mobile_malware.rules)
 2826211 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmsThief.dj Reporting
via SMTP (mobile_malware.rules)
 2826212 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmsThief.dj SMS Exfil
via SMTP 5 (mobile_malware.rules)
 2826213 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmsThief.es
SMS/Contact Exfil via SMTP (mobile_malware.rules)
 2826214 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmsThief.es Reporting
via SMTP (mobile_malware.rules)


[///]     Modified active rules:     [///]

 2018321 - ET TROJAN Saker UA (trojan.rules)
 2022506 - ET EXPLOIT Possible CVE-2016-1287 Invalid Fragment Size Inbound
(exploit.rules)
 2022515 - ET EXPLOIT Possible CVE-2016-1287 Invalid Fragment Size Inbound
2 (exploit.rules)
 2022516 - ET EXPLOIT Possible CVE-2016-1287 Invalid Fragment Size Inbound
3 (exploit.rules)


[---]         Disabled rules:        [---]

 2800030 - ETPRO TELNET Multiple Vendor Telnet Client LINEMODE Buffer
Overflow (telnet.rules)
 2800031 - ETPRO TELNET Multiple Vendor Telnet Client env_opt_add Buffer
Overflow (telnet.rules)
 2800040 - ETPRO WEB_SPECIFIC_APPS MailEnable HTTP Authorization Header
Buffer Overflow (web_specific_apps.rules)
 2800055 - ETPRO SMTP Ipswitch IMail IMAP LOGIN Command Buffer Overflow
(smtp.rules)
 2800056 - ETPRO SMTP MailEnable SMTP Authentication Buffer Overflow
(smtp.rules)
 2800058 - ETPRO TELNET Microsoft Telnet Client Information Disclosure
(telnet.rules)
 2800062 - ETPRO SMTP Microsoft Exchange Server iCal Properties Handling
Denial of Service (smtp.rules)
 2800074 - ETPRO WEB_CLIENT Microsoft Visio Version Number Handling Code
Execution Vulnerability (web_client.rules)
 2800091 - ETPRO RPC MIT Kerberos kadmind RPC Library Uninitialized Pointer
Code Execution (rpc.rules)
 2800115 - ETPRO WEB_CLIENT Microsoft OLE Automation String Manipulation
Heap Overflow (web_client.rules)
 2800116 - ETPRO WEB_CLIENT Microsoft OLE Automation String Manipulation
Heap Overflow (web_client.rules)
 2800145 - ETPRO RPC MIT Kerberos kadmind RPC Library RPCSEC_GSS
Authentication Buffer Overflow (rpc.rules)
 2800146 - ETPRO WEB_CLIENT Microsoft Visual Basic 6.0 VBP Project File
request (vbp) (web_client.rules)
 2800147 - ETPRO WEB_CLIENT Microsoft Visual Basic 6.0 VBP Project File
Handling Buffer Overflow Attempt (web_client.rules)
 2800150 - ETPRO WEB_CLIENT Microsoft Visual Studio Crystal Reports RPT
File Download HTTP (web_client.rules)
 2800151 - ETPRO WEB_CLIENT Microsoft Visual Studio Crystal Reports RPT
File Handling Code Execution (web_client.rules)
 2800192 - ETPRO WEB_CLIENT RealNetworks RealPlayer MP3 Files Processing
Buffer Overflow (web_client.rules)
 2800193 - ETPRO WEB_CLIENT RealPlayer RA file processing overflow attempt
(web_client.rules)
 2800194 - ETPRO WEB_CLIENT RealPlayer RealMedia file format heap
corruption attempt (web_client.rules)
 2800195 - ETPRO SQL Oracle Database SYS.LT.FINDRICSET SQL Injection
(sql.rules)
 2800196 - ETPRO WEB_CLIENT Apple QuickTime mov Download (web_client.rules)
 2800197 - ETPRO WEB_CLIENT Apple QuickTime moov Download (web_client.rules)
 2800198 - ETPRO WEB_CLIENT Apple QuickTime STSD Atoms Handling Heap
Overflow (web_client.rules)
 2800207 - ETPRO WEB_CLIENT Apple QuickTime qt Download (web_client.rules)
 2800208 - ETPRO WEB_CLIENT Apple QuickTime Panorama Sample Atoms Movie
File Handling Buffer Overflow (web_client.rules)
 2800209 - ETPRO SQL Oracle Database Server XDB PITRIG_DROPMETADATA
Procedure Buffer Overflow (sql.rules)
 2800210 - ETPRO WEB_CLIENT FLAC Project libFLAC VORBIS Comment String Size
Buffer Overflow 1 (web_client.rules)
 2800211 - ETPRO WEB_CLIENT FLAC Project libFLAC VORBIS Comment String Size
Buffer Overflow 2 (web_client.rules)
 2800212 - ETPRO WEB_CLIENT FLAC Project libFLAC VORBIS Comment String Size
Buffer Overflow 3 (web_client.rules)
 2800213 - ETPRO WEB_CLIENT FLAC Project libFLAC VORBIS Comment String Size
Buffer Overflow 4 (web_client.rules)
 2800214 - ETPRO WEB_CLIENT FLAC Project libFLAC VORBIS Comment String Size
Buffer Overflow 5 (web_client.rules)
 2800215 - ETPRO WEB_CLIENT FLAC Project libFLAC VORBIS Comment String Size
Buffer Overflow 6 (web_client.rules)
 2800222 - ETPRO WEB_CLIENT FLAC Project libFLAC Picture Metadata MIME-Type
Size Buffer Overflow 1 (web_client.rules)
 2800223 - ETPRO WEB_CLIENT FLAC Project libFLAC Picture Metadata MIME-Type
Size Buffer Overflow 2 (web_client.rules)
 2800224 - ETPRO WEB_CLIENT FLAC Project libFLAC Picture Metadata MIME-Type
Size Buffer Overflow 3  (web_client.rules)
 2800226 - ETPRO WEB_CLIENT FLAC Project libFLAC Picture Metadata Picture
Description Size Buffer Overflow 1 (web_client.rules)
 2800227 - ETPRO WEB_CLIENT FLAC Project libFLAC Picture Metadata Picture
Description Size Buffer Overflow 2 (web_client.rules)
 2800228 - ETPRO WEB_CLIENT FLAC Project libFLAC Picture Metadata Picture
Description Size Buffer Overflow 3 (web_client.rules)
 2800229 - ETPRO WEB_CLIENT FLAC Project libFLAC Picture Metadata Picture
Description Size Buffer Overflow 4 (web_client.rules)
 2800232 - ETPRO WEB_CLIENT ACD Systems ACDSee Products XPM Values Section
Buffer Overflow (web_client.rules)
 2800233 - ETPRO WEB_CLIENT ACD Systems ACDSee Products XPM Values Section
Buffer Overflow (web_client.rules)
 2800235 - ETPRO WEB_CLIENT Skype skype4com URI Handler Remote Heap
Corruption (web_client.rules)
 2800237 - ETPRO WEB_CLIENT Microsoft Windows Media Format ASF Parsing Code
Execution 1 (web_client.rules)
 2800238 - ETPRO WEB_CLIENT Microsoft Windows Media Format ASF Parsing Code
Execution 2 (web_client.rules)
 2800239 - ETPRO WEB_CLIENT Microsoft Windows Media Format ASF Parsing Code
Execution 3 (web_client.rules)
 2800240 - ETPRO WEB_CLIENT Microsoft DirectX SAMI File Parsing Code
Execution (web_client.rules)
 2800248 - ETPRO NETBIOS Microsoft Windows Message Queuing Service String
Buffer Overflow 4 (netbios.rules)
 2800249 - ETPRO NETBIOS Microsoft Windows Message Queuing Service RPC Bind
Big (netbios.rules)
 2800250 - ETPRO NETBIOS Microsoft Windows Message Queuing Service String
Buffer Overflow 5 (netbios.rules)
 2800251 - ETPRO NETBIOS Microsoft Windows Message Queuing Service String
Buffer Overflow 6 (netbios.rules)
 2800252 - ETPRO NETBIOS Microsoft Windows Message Queuing Service String
Buffer Overflow 7 (netbios.rules)
 2800253 - ETPRO NETBIOS Microsoft Windows Message Queuing Service String
Buffer Overflow 8 (netbios.rules)
 2800254 - ETPRO WEB_SERVER Apache mod_imap and mod_imagemap Module
Cross-Site Scripting (web_server.rules)
 2800267 - ETPRO SQL MySQL yaSSL SSL Hello Message Buffer Overflow 2
(sql.rules)
 2800270 - ETPRO SQL SAP MaxDB Remote Arbitrary Commands Execution
(sql.rules)
 2800285 - ETPRO WEB_CLIENT Microsoft Internet Explorer HTML Rendering
Memory Corruption (web_client.rules)
 2800289 - ETPRO WEB_CLIENT Microsoft Internet Explorer ANIMATEMOTION
Properties Assignment Memory Corruption 1 (web_client.rules)
 2800290 - ETPRO WEB_CLIENT Microsoft Internet Explorer ANIMATEMOTION
Properties Assignment Memory Corruption 2 (web_client.rules)
 2800291 - ETPRO WEB_CLIENT Microsoft Internet Explorer ANIMATEMOTION
Properties Assignment Memory Corruption 3 (web_client.rules)
 2800302 - ETPRO WEB_CLIENT Sun Java Web Start Request (web_client.rules)
 2800303 - ETPRO WEB_CLIENT Sun Java Web Start Charset Encoding Stack
Buffer Overflow (web_client.rules)
 2800312 - ETPRO WEB_SERVER Cisco Secure Access Control Server UCP
Application CSuserCGI.exe Buffer Overflow (web_server.rules)
 2800321 - ETPRO VOIP Asterisk Invalid RTP Payload Type Number Memory
Corruption 1 (voip.rules)
 2800322 - ETPRO VOIP Asterisk Invalid RTP Payload Type Number Memory
Corruption 2 (voip.rules)
 2800362 - ETPRO SCADA DATAC Control RealWin SCADA System Crafted Packet
Handling Buffer Overflow (scada.rules)
 2800373 - ETPRO NETBIOS Microsoft Windows Internet Printing Service Bind
(netbios.rules)
 2800374 - ETPRO NETBIOS Microsoft Windows Internet Printing Service
Request (netbios.rules)
 2800375 - ETPRO NETBIOS Microsoft Windows Internet Printing Service
Integer Overflow (netbios.rules)
 2800376 - ETPRO NETBIOS Microsoft Windows SMB Search Request Buffer
Overflow 1 (netbios.rules)
 2800377 - ETPRO NETBIOS Microsoft Windows SMB Search Request Buffer
Overflow 2 (netbios.rules)
 2800385 - ETPRO WEB_CLIENT Adobe Reader and Acrobat util.printf Stack
Buffer Overflow 1 (web_client.rules)
 2800386 - ETPRO WEB_CLIENT Adobe Reader and Acrobat util.printf Stack
Buffer Overflow 2 (web_client.rules)
 2800390 - ETPRO WEB_CLIENT VideoLAN VLC Media Player RealText File Buffer
Overflow 1 (web_client.rules)
 2800400 - ETPRO WEB_CLIENT Adobe Flash Player for Linux ActionScript
ASnative Command Execution (web_client.rules)
 2800401 - ETPRO NETBIOS Samba Root File System Access Security Bypass 1
(netbios.rules)
 2800402 - ETPRO NETBIOS Samba Root File System Access Security Bypass 2
(netbios.rules)
 2800408 - ETPRO WEB_SERVER HP OpenView Network Node Manager Toolbar.exe
HTTP Request Buffer Overflow (web_server.rules)
 2800416 - ETPRO WEB_CLIENT FFmpeg 4xm Request (web_client.rules)
 2800417 - ETPRO WEB_CLIENT FFmpeg 4xm Processing Memory Corruption
(web_client.rules)
 2800429 - ETPRO WEB_CLIENT Adobe Multiple Products Embedded JBIG2 Stream
Buffer Overflow (web_client.rules)
 2800447 - ETPRO SQL Oracle Application Server 10g OPMN Service Format
String Vulnerability (sql.rules)
 2800473 - ETPRO WEB_CLIENT Apple iTunes Protocol Handler Stack Buffer
Overflow 1 (web_client.rules)
 2800474 - ETPRO WEB_CLIENT Apple iTunes Protocol Handler Stack Buffer
Overflow 2 (web_client.rules)
 2800475 - ETPRO WEB_CLIENT Apple iTunes Protocol Handler Stack Buffer
Overflow 3 (web_client.rules)
 2800476 - ETPRO WEB_CLIENT Apple iTunes Protocol Handler Stack Buffer
Overflow 4 (web_client.rules)
 2800477 - ETPRO WEB_CLIENT Apple iTunes Protocol Handler Stack Buffer
Overflow 5 (web_client.rules)
 2800478 - ETPRO WEB_CLIENT Adobe Acrobat and Adobe Reader FlateDecode
Integer Overflow 1 (web_client.rules)
 2800479 - ETPRO WEB_CLIENT Adobe Acrobat and Adobe Reader FlateDecode
Integer Overflow 2 (web_client.rules)
 2800494 - ETPRO NETBIOS Microsoft Windows SMB Negotiate Request Remote
Code Execution 1 (netbios.rules)
 2800495 - ETPRO NETBIOS Microsoft Windows SMB Negotiate Request Remote
Code Execution 2 (netbios.rules)
 2800498 - ETPRO VOIP Digium Asterisk IAX2 Call Number Denial Of Service
(voip.rules)


-- 
PGP: 0xBED7B297
<https://pgp.mit.edu/pks/lookup?op=get&search=0x6B68453CBED7B297>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20170502/4782f3cd/attachment.html>


More information about the Emerging-updates mailing list