[Emerging-updates] Daily Ruleset Update Summary 2017/05/11

Travis Green tgreen at emergingthreats.net
Thu May 11 18:14:34 EDT 2017


[***]            Summary:            [***]

3 new Open, 10 new Pro (3 + 7). Jaff Ransomware, FrozrLock Ransomware,
Babylon RAT, Various Mobile.


[+++]          Added rules:          [+++]

Open:

 2024288 - ET TROJAN Jaff Ransomware Checkin (trojan.rules)
 2024289 - ET TROJAN DNS Query to Jaff Domain (fkksjobnn43 . org)
(trojan.rules)
 2024290 - ET TROJAN Jaff Ransomware Checkin M1 (trojan.rules)

Pro:

 2826363 - ETPRO TROJAN MSIL/FrozrLock Ransomware CnC Checkin (trojan.rules)
 2826364 - ETPRO TROJAN Babylon RAT C2 Client Request M2 (trojan.rules)
 2826365 - ETPRO TROJAN Babylon RAT C2 Server Response M2 (trojan.rules)
 2826366 - ETPRO TROJAN Win32/Slingup.A Checkin (trojan.rules)
 2826367 - ETPRO TROJAN Win32/Slingup.A Module Download Request
(trojan.rules)
 2826368 - ETPRO MOBILE_MALWARE Android.Trojan.InfoStealer.JZ SMS/Contact
Exfil (mobile_malware.rules)
 2826369 - ETPRO SCAN IPMI Get Authentication Request (null seq number -
null sessionID) (scan.rules)


[///]     Modified active rules:     [///]

 2821738 - ETPRO TROJAN Babylon RAT C2 Server Response (trojan.rules)


[---]         Disabled rules:        [---]

 2000017 - ET NETBIOS NII Microsoft ASN.1 Library Buffer Overflow Exploit
(netbios.rules)
 2000025 - ET MALWARE Gator Cookie (malware.rules)
 2000032 - ET NETBIOS LSA exploit (netbios.rules)
 2000033 - ET NETBIOS MS04011 Lsasrv.dll RPC exploit (WinXP) (netbios.rules)
 2000046 - ET NETBIOS MS04011 Lsasrv.dll RPC exploit (Win2k) (netbios.rules)
 2000466 - ET MALWARE User-Agent (iexplore) (malware.rules)
 2000514 - ET MALWARE IE homepage hijacking (malware.rules)
 2000520 - ET MALWARE shell browser vulnerability NT/2K (malware.rules)
 2000559 - ET WEB_SERVER THCIISLame IIS SSL Exploit Attempt
(web_server.rules)
 2000580 - ET MALWARE Shop At Home Select.com Install Attempt
(malware.rules)
 2000581 - ET MALWARE Shop At Home Select.com Install Download
(malware.rules)
 2000582 - ET MALWARE F1Organizer Reporting (malware.rules)
 2000583 - ET MALWARE Mindset Interactive Install (1) (malware.rules)
 2000584 - ET MALWARE Mindset Interactive Install (2) (malware.rules)
 2000585 - ET MALWARE F1Organizer Install Attempt (malware.rules)
 2000597 - ET MALWARE Gator New Code Download (malware.rules)
 2000599 - ET MALWARE Fun Web Products Install (malware.rules)
 2000600 - ET MALWARE MyWebSearch Toolbar Receiving Configuration
(malware.rules)
 2000601 - ET MALWARE Salongas Infection (malware.rules)
 2000902 - ET MALWARE MarketScore.com Spyware Configuration Access
(malware.rules)
 2000920 - ET MALWARE Hotbar Install (1) (malware.rules)
 2000921 - ET MALWARE Hotbar Install (2) (malware.rules)
 2000922 - ET MALWARE Hotbar Install (3) (malware.rules)
 2000923 - ET MALWARE Hotbar Agent Reporting Information (malware.rules)
 2000924 - ET MALWARE Hotbar Agent Upgrading (malware.rules)
 2000925 - ET MALWARE Hotbar Agent Partner Checkin (malware.rules)
 2000927 - ET MALWARE ISearchTech.com XXXPornToolbar Reporting
(malware.rules)
 2000929 - ET MALWARE Hotbar Agent Activity (malware.rules)
 2000936 - ET MALWARE FlashTrack Agent Retrieving New App Code
(malware.rules)
 2001013 - ET MALWARE Fun Web Products SmileyCentral (malware.rules)
 2001016 - ET MALWARE SideStep Bar Install (malware.rules)
 2001017 - ET MALWARE SideStep Bar Reporting Data (malware.rules)
 2001038 - ET MALWARE Ebates Install (malware.rules)
 2001055 - ET MISC HP Web JetAdmin ExecuteFile admin access (misc.rules)
 2001066 - ET TROJAN IE Ilookup Trojan (trojan.rules)
 2001218 - ET WEB_SPECIFIC_APPS PHPNuke general XSS attempt
(web_specific_apps.rules)
 2001221 - ET MALWARE F1Organizer Config Download (malware.rules)
 2001224 - ET MALWARE Regnow.com Gamehouse.com Access (malware.rules)
 2001238 - ET WEB_SPECIFIC_APPS Possible Xedus Webserver Directory
Traversal Attempt (web_specific_apps.rules)
 2001307 - ET MALWARE Wild Tangent Agent Installation (malware.rules)
 2001308 - ET MALWARE Internet Optomizer Reporting Data (malware.rules)
 2001309 - ET MALWARE Wild Tangent Agent Checking In (malware.rules)
 2001310 - ET MALWARE Wild Tangent Agent Traffic (malware.rules)
 2001311 - ET MALWARE Rdxrp.com Traffic (malware.rules)
 2001313 - ET MALWARE Traffic Syndicate Add/Remove (malware.rules)
 2001314 - ET MALWARE Wild Tangent Agent (malware.rules)
 2001316 - ET MALWARE Traffic Syndicate Agent Updating (2) (malware.rules)
 2001321 - ET MALWARE Speedera Agent (Specific) (malware.rules)
 2001322 - ET MALWARE Wild Tangent New Install (malware.rules)
 2001335 - ET MALWARE Ezula Installer Download (malware.rules)
 2001340 - ET MALWARE LocalNRD Spyware Checkin (malware.rules)
 2001341 - ET MALWARE OfferOptimizer.com Spyware (malware.rules)
 2001343 - ET WEB_SERVER IIS ASP.net Auth Bypass / Canonicalization % 5 C
(web_server.rules)
 2001359 - ET MALWARE MarketScore.com Spyware Access (malware.rules)
 2001365 - ET WEB_SERVER Alternate Data Stream source view attempt
(web_server.rules)
 2001396 - ET MALWARE Internet Optimizer Spyware Install (malware.rules)
 2001416 - ET MALWARE E2give Related Reporting Install (malware.rules)
 2001417 - ET MALWARE E2give Related Receiving Config (malware.rules)
 2001423 - ET MALWARE E2give Related Reporting (malware.rules)
 2001442 - ET MALWARE Statblaster.MemoryWatcher Download (malware.rules)
 2001453 - ET MALWARE Couponage Download (malware.rules)
 2001454 - ET MALWARE Couponage Configure (malware.rules)
 2001456 - ET MALWARE ContextPanel Reporting (malware.rules)
 2001460 - ET MALWARE Sexmaniack Install Tracking (malware.rules)
 2001461 - ET MALWARE Xpire.info Multiple Spyware Installs (1)
(malware.rules)
 2001462 - ET MALWARE Xpire.info Multiple Spyware Installs Occuring
(malware.rules)
 2001463 - ET MALWARE Xpire.info Multiple Spyware Installs (2)
(malware.rules)
 2001464 - ET MALWARE Xpire.info Multiple Spyware Installs (3)
(malware.rules)
 2001466 - ET MALWARE Xpire.info Multiple Spyware Installs (4)
(malware.rules)
 2001467 - ET MALWARE Xpire.info Multiple Spyware Installs (5)
(malware.rules)
 2001468 - ET MALWARE Xpire.info Multiple Spyware Installs CHM Exploit
(malware.rules)
 2001469 - ET MALWARE Xpire.info Multiple Spyware Installs (6)
(malware.rules)
 2001470 - ET MALWARE Xpire.info Multiple Spyware Installs (7)
(malware.rules)
 2001471 - ET MALWARE Xpire.info Spyware Exploit (malware.rules)
 2001479 - ET MALWARE Coolsearch Spyware Install (malware.rules)
 2001482 - ET MALWARE thebestsoft4u.com Spyware Install (1) (malware.rules)
 2001484 - ET MALWARE Searchmeup Spyware Install (d.exe) (malware.rules)
 2001485 - ET MALWARE thebestsoft4u.com Spyware Install (2) (malware.rules)
 2001489 - ET MALWARE Spygalaxy.ws Spyware Checkin (malware.rules)
 2001490 - ET MALWARE ICQ-Update.biz Reporting Install (malware.rules)
 2001491 - ET MALWARE Xpire.info Spyware Checkin (malware.rules)
 2001495 - ET MALWARE Outerinfo.com Spyware Install (malware.rules)
 2001503 - ET MALWARE Medialoads.com Spyware Config (malware.rules)
 2001505 - ET MALWARE Smartpops.com Spyware Install rh.exe (malware.rules)
 2001507 - ET MALWARE Medialoads.com Spyware Identifying Country of Origin
(malware.rules)
 2001509 - ET MALWARE Medialoads.com Spyware Reporting (register.cgi)
(malware.rules)
 2001510 - ET MALWARE SurfAssistant.com Spyware Install (malware.rules)
 2001513 - ET MALWARE Smartpops.com Spyware Update (malware.rules)
 2001514 - ET MALWARE SurfAssistant.com Spyware Reporting (malware.rules)
 2001516 - ET MALWARE Smartpops.com Spyware Install (malware.rules)
 2001517 - ET MALWARE Websearch.com Outbound Dialer Retrieval
(malware.rules)
 2001520 - ET MALWARE Spywaremover Activity (malware.rules)
 2001522 - ET MALWARE SpywareLabs Application Install (malware.rules)
 2001525 - ET MALWARE Virtumonde Spyware Code Download mmdom.exe
(malware.rules)
 2001526 - ET MALWARE Virtumonde Spyware Code Download bkinst.exe
(malware.rules)
 2001536 - ET MALWARE Spyspotter.com Install (malware.rules)
 2001537 - ET MALWARE Spyspotter.com Access (malware.rules)
 2001538 - ET MALWARE Oenji.com Install (malware.rules)
 2001539 - ET MALWARE Spyspotter.com Access, Likely Spyware (malware.rules)
 2001541 - ET MALWARE Xpire.info Install Report (malware.rules)
 2001562 - ET MALWARE MarketScore.com Spyware User Configuration and Setup
Access User-Agent (OSSProxy) (malware.rules)
 2001563 - ET MALWARE MarketScore.com Spyware SSL Access (malware.rules)
 2001564 - ET MALWARE MarketScore.com Spyware Proxied Traffic
(malware.rules)
 2001570 - ET MALWARE Spyware Stormer Reporting Data (malware.rules)
 2001571 - ET MALWARE Spyware Stormer/Error Guard Activity (malware.rules)
 2001587 - ET MALWARE MarketScore.com Spyware Upgrading (malware.rules)
 2001588 - ET MALWARE MarketScore.com Spyware Activity (1) (malware.rules)
 2001589 - ET MALWARE MarketScore.com Spyware Activity (2) (malware.rules)
 2001641 - ET MALWARE Microgaming.com Spyware Installation (dlhelper)
(malware.rules)
 2001643 - ET MALWARE Microgaming.com Spyware Installation (2)
(malware.rules)
 2001644 - ET MALWARE Microgaming.com Spyware Reporting Installation
(malware.rules)
 2001645 - ET MALWARE Microgaming.com Spyware Casino App Install
(malware.rules)
 2001646 - ET MALWARE Toprebates.com Install (1) (malware.rules)
 2001647 - ET MALWARE Toprebates.com Install (2) (malware.rules)
 2001648 - ET MALWARE Toprebates.com User Confirming Membership
(malware.rules)
 2001650 - ET MALWARE Search Scout Related Spyware (content) (malware.rules)
 2001653 - ET MALWARE Search Scout Related Spyware (results) (malware.rules)
 2001656 - ET MALWARE GlobalPhon.com Dialer (malware.rules)
 2001657 - ET MALWARE GlobalPhon.com Dialer Download (malware.rules)
 2001659 - ET MALWARE GlobalPhon.com Dialer (no_pop) (malware.rules)
 2001660 - ET MALWARE GlobalPhon.com Dialer (add_ocx) (malware.rules)
 2001666 - ET MALWARE Metarewards Spyware Activity (malware.rules)
 2001686 - ET WEB_SPECIFIC_APPS Awstats Remote Code Execution Attempt
(web_specific_apps.rules)
 2001696 - ET MALWARE Search Relevancy Spyware (malware.rules)
 2001697 - ET MALWARE ISearchTech Toolbar Data Submission (malware.rules)
 2001700 - ET MALWARE Windupdates.com Spyware Install (malware.rules)
 2001701 - ET MALWARE Windupdates.com Spyware Loggin Data (malware.rules)
 2001705 - ET MALWARE Flingstone Spyware Install (sportsinteraction)
(malware.rules)
 2001708 - ET MALWARE Shop at Home Select Spyware Heartbeat (malware.rules)
 2001710 - ET MALWARE Flingstone Spyware Install (cxtpls) (malware.rules)
 2001711 - ET USER_AGENTS Likely Spambot Web-based Control Traffic
(user_agents.rules)
 2001729 - ET MALWARE Tibsystems Spyware Install (1) (malware.rules)
 2001734 - ET MALWARE Tibsystems Spyware Install (2) (malware.rules)
 2001747 - ET MALWARE My-Stats.com Spyware Checkin (malware.rules)
 2001748 - ET MALWARE Pynix.dll BHO Activity (malware.rules)
 2001793 - ET MALWARE Incredisearch.com Spyware Ping (malware.rules)
 2001794 - ET MALWARE Incredisearch.com Spyware Activity (malware.rules)
 2001895 - ET MALWARE ToolbarPartner Spyware Spambot Retrieving Target
Emails (malware.rules)
 2001901 - ET TROJAN Possible Bobax trojan infection (trojan.rules)
 2001933 - ET TROJAN PWS Banker Trojan Sending Report of Infection
(trojan.rules)
 2001944 - ET NETBIOS MS04-007 Kill-Bill ASN1 exploit attempt
(netbios.rules)
 2001947 - ET MALWARE Zenotecnico Adware (malware.rules)
 2001949 - ET WEB_SPECIFIC_APPS Athena Web Registration Remote Command
Execution Attempt (web_specific_apps.rules)
 2001994 - ET MALWARE SurfSidekick Activity (ipixel) (malware.rules)
 2001997 - ET MALWARE TargetNetworks.net Spyware Reporting (req)
(malware.rules)
 2002000 - ET MALWARE Shopnav Spyware Install (malware.rules)
 2002004 - ET MALWARE Topconverting Spyware Install (malware.rules)
 2002008 - ET MALWARE Wild Tangent Install (malware.rules)
 2002009 - ET MALWARE ESyndicate Spyware Install (esyndicateinst.exe)
(malware.rules)
 2002010 - ET MALWARE ESyndicate Spyware Install (sepinst.exe)
(malware.rules)
 2002012 - ET MALWARE GrandstreetInteractive.com Install (malware.rules)
 2002013 - ET MALWARE GrandstreetInteractive.com Update (malware.rules)
 2002015 - ET MALWARE Internet Fuel.com Install (malware.rules)
 2002016 - ET MALWARE jmnad1.com Spyware Install (2) (malware.rules)
 2002036 - ET MALWARE Weird on the Web /180 Solutions Checkin
(malware.rules)
 2002037 - ET MALWARE Shop at Home Select Spyware Install (malware.rules)
 2002040 - ET MALWARE Topconverting Spyware Reporting (malware.rules)
 2002046 - ET MALWARE TargetNetworks.net Spyware Reporting (tn)
(malware.rules)
 2002066 - ET WEB_SPECIFIC_APPS CSV-DB CSV_DB.CGI Remote Command Execution
Attempt (web_specific_apps.rules)
 2002069 - ET WEB_SPECIFIC_APPS Blog Spam Insert Attempt
(web_specific_apps.rules)
 2002090 - ET MALWARE IEHelp.net Spyware Installer (malware.rules)
 2002091 - ET MALWARE Searchmiracle.com Spyware Install - silent.exe
(malware.rules)
 2002096 - ET MALWARE IEHelp.net Spyware checkin (malware.rules)
 2002100 - ET WEB_SPECIFIC_APPS WPS wps_shop.cgi Remote Command Execution
Attempt (web_specific_apps.rules)
 2002131 - ET WEB_SERVER Oracle Reports XML Information Disclosure
(web_server.rules)
 2002132 - ET WEB_SERVER Oracle Reports DESFORMAT Information Disclosure
(web_server.rules)
 2002133 - ET WEB_SERVER Oracle Reports OS Command Injection Attempt
(web_server.rules)
 2002169 - ET MALWARE iWon Spyware (iWonSearchAssistant) (malware.rules)
 2002175 - ET TROJAN Srv.SSA-KeyLogger Checkin Traffic (trojan.rules)
 2002199 - ET NETBIOS SMB-DS DCERPC PnP HOD bind attempt (netbios.rules)
 2002200 - ET NETBIOS SMB-DS DCERPC PnP bind attempt (netbios.rules)
 2002201 - ET NETBIOS SMB-DS DCERPC PnP QueryResConfList exploit attempt
(netbios.rules)
 2002202 - ET NETBIOS SMB DCERPC PnP bind attempt (netbios.rules)
 2002203 - ET NETBIOS SMB DCERPC PnP QueryResConfList exploit attempt
(netbios.rules)
 2002296 - ET MALWARE Searchfeed.com Spyware 1 (malware.rules)
 2002297 - ET MALWARE Searchfeed.com Spyware 2 (malware.rules)
 2002298 - ET MALWARE Searchfeed.com Spyware 3 (malware.rules)
 2002299 - ET MALWARE Searchfeed.com Spyware 4 (malware.rules)
 2002300 - ET MALWARE Searchfeed.com Spyware 5 (malware.rules)
 2002301 - ET MALWARE Searchfeed.com Spyware 6 (malware.rules)
 2002302 - ET MALWARE Searchfeed.com Spyware 7 (malware.rules)
 2002303 - ET MALWARE Searchfeed.com Spyware 8 (malware.rules)
 2002305 - ET MALWARE Fun Web Products Smileychooser Spyware (malware.rules)
 2002306 - ET MALWARE Fun Web Products Cursorchooser Spyware (malware.rules)
 2002313 - ET WEB_SPECIFIC_APPS Cacti graph_image.php Remote Command
Execution Attempt (web_specific_apps.rules)
 2002314 - ET WEB_SPECIFIC_APPS PHPOutsourcing Zorum prod.php Remote
Command Execution Attempt (web_specific_apps.rules)
 2002317 - ET MALWARE EZSearch Spyware Reporting Search Strings
(malware.rules)
 2002318 - ET MALWARE EZSearch Spyware Reporting Search Category
(malware.rules)
 2002319 - ET MALWARE EZSearch Spyware Reporting 2 (malware.rules)
 2002320 - ET MALWARE Transponder Spyware Activity (malware.rules)
 2002331 - ET WEB_SPECIFIC_APPS Piranha default passwd attempt
(web_specific_apps.rules)
 2002348 - ET MALWARE VPP Technologies Spyware (malware.rules)
 2002350 - ET MALWARE VPP Technologies Spyware Reporting URL (malware.rules)
 2002362 - ET WEB_SERVER Barracuda Spam Firewall img.pl Remote Command
Execution Attempt (web_server.rules)
 2002365 - ET WEB_SERVER HP OpenView Network Node Manager Remote Command
Execution Attempt (web_server.rules)
 2002376 - ET WEB_SERVER IBM Lotus Domino BaseTarget XSS attempt
(web_server.rules)
 2002377 - ET WEB_SERVER IBM Lotus Domino Src XSS attempt (web_server.rules)
 2002394 - ET MALWARE Adwave/MarketScore User-Agent (WTA) (malware.rules)
 2002404 - ET MALWARE Movies-etc User-Agent (IOInstall) (malware.rules)
 2002662 - ET WEB_SPECIFIC_APPS TWiki INCLUDE remote command execution
attempt (web_specific_apps.rules)
 2002667 - ET WEB_SERVER sumthin scan (web_server.rules)
 2002668 - ET WEB_SPECIFIC_APPS CutePHP CuteNews directory traversal
vulnerability - show_news (web_specific_apps.rules)
 2002673 - ET P2P MS Foldershare Login Detected (p2p.rules)
 2002681 - ET WEB_SPECIFIC_APPS Mambo Exploit (web_specific_apps.rules)
 2002685 - ET WEB_SERVER Barracuda Spam Firewall img.pl Remote Directory
Traversal Attempt (web_server.rules)
 2002702 - ET WEB_SPECIFIC_APPS OSTicket Remote Code Execution Attempt
(web_specific_apps.rules)
 2002708 - ET MALWARE iframebiz - sploit.anr (malware.rules)
 2002709 - ET MALWARE iframebiz - loaderadv***.jar (malware.rules)
 2002721 - ET WEB_SERVER Cisco IOS HTTP set enable password attack
(web_server.rules)
 2002731 - ET WEB_SPECIFIC_APPS Generic phpbb arbitrary command attempt
(web_specific_apps.rules)
 2002736 - ET MALWARE Trafficsector.com Spyware Install (malware.rules)
 2002775 - ET TROJAN Goldun Reporting User Activity (trojan.rules)
 2002781 - ET TROJAN w32agent.dsi Posting Info (trojan.rules)
 2002782 - ET TROJAN w32agent.dsi Domain Update (trojan.rules)
 2002800 - ET WEB_SPECIFIC_APPS PHP PHPNuke Remote File Inclusion Attempt
(web_specific_apps.rules)
 2002804 - ET MALWARE Spyaxe Spyware DB Update (malware.rules)
 2002805 - ET MALWARE Spyaxe Spyware DB Version Check (malware.rules)
 2002806 - ET MALWARE Spyaxe Spyware Checkin (malware.rules)
 2002815 - ET WEB_SPECIFIC_APPS Plume CMS prepend.php Remote File Inclusion
attempt (web_specific_apps.rules)
 2002816 - ET MALWARE DelFin Project Spyware (payload) (malware.rules)
 2002817 - ET MALWARE DelFin Project Spyware (setup) (malware.rules)
 2002820 - ET MALWARE Hotbar Agent Subscription POST (malware.rules)
 2002821 - ET MALWARE SideStep Bar Reporting Data (sbstart) (malware.rules)
 2002836 - ET MALWARE MyWebSearch Toolbar Traffic (bar config download)
(malware.rules)
 2002837 - ET WEB_SPECIFIC_APPS PmWiki Globals Variables Overwrite Attempt
(web_specific_apps.rules)
 2002844 - ET WEB_SERVER WebDAV search overflow (web_server.rules)
 2002848 - ET VOIP SIP UDP Softphone INVITE overflow (voip.rules)
 2002849 - ET WEB_SPECIFIC_APPS Google Appliance External Proxy Stylesheet
(web_specific_apps.rules)
 2002857 - ET TROJAN Win32.VB.aie Reporting User Activity (trojan.rules)
 2002858 - ET MALWARE Fun Web Products StationaryChooser Spyware
(malware.rules)
 2002859 - ET TROJAN PassSickle Reporting User Activity (trojan.rules)
 2002864 - ET WEB_SERVER osCommerce extras/update.php disclosure
(web_server.rules)
 2002867 - ET WEB_SPECIFIC_APPS Horde 3.0.9-3.1.0 Help Viewer Remote PHP
Exploit (web_specific_apps.rules)
 2002868 - ET WEB_SPECIFIC_APPS Horde Web Mail Help Access
(web_specific_apps.rules)
 2002877 - ET TROJAN TROJAN BankSnif/Nethelper User-Agent (nethelper)
(trojan.rules)
 2002880 - ET SNMP Cisco Non-Trap PDU request on SNMPv1 trap port
(snmp.rules)
 2002881 - ET SNMP Cisco Non-Trap PDU request on SNMPv2 trap port
(snmp.rules)
 2002882 - ET SNMP Cisco Non-Trap PDU request on SNMPv3 trap port
(snmp.rules)
 2002897 - ET WEB_SPECIFIC_APPS Horde README access probe
(web_specific_apps.rules)
 2002898 - ET WEB_SPECIFIC_APPS PHP Web Calendar Remote File Inclusion
Attempt (web_specific_apps.rules)
 2002899 - ET WEB_SPECIFIC_APPS PHP VWar Remote File Inclusion
get_header.php (web_specific_apps.rules)
 2002900 - ET WEB_SERVER CGI AWstats Migrate Command Attempt
(web_server.rules)
 2002902 - ET WEB_SPECIFIC_APPS PHP VWar Remote File Inclusion
functions_install.php (web_specific_apps.rules)
 2002926 - ET SNMP Cisco Non-Trap PDU request on SNMPv1 random port
(snmp.rules)
 2002927 - ET SNMP Cisco Non-Trap PDU request on SNMPv2 random port
(snmp.rules)
 2002928 - ET SNMP Cisco Non-Trap PDU request on SNMPv3 random port
(snmp.rules)
 2002938 - ET TROJAN elitekeylogger v1.0 reporting - Inbound (trojan.rules)
 2002940 - ET TROJAN XP keylogger v2.1 mail report - Inbound (trojan.rules)
 2002941 - ET TROJAN elitekeylogger v1.0 reporting - Outbound (trojan.rules)
 2002942 - ET TROJAN XP keylogger v2.1 mail report - Outbound (trojan.rules)
 2002961 - ET TROJAN Tibs Checkin 2 (trojan.rules)
 2002964 - ET TROJAN Generic Spyware Update Download (trojan.rules)
 2002978 - ET TROJAN Banker.Delf Infection variant 2 - Sending Initial
Email to Owner (trojan.rules)
 2002980 - ET TROJAN Banker.Delf Infection variant 3 - Sending Initial
Email to Owner (trojan.rules)
 2002982 - ET TROJAN GENERAL Possible Trojan Sending Initial Email to Owner
- INFECTADO (trojan.rules)
 2002983 - ET TROJAN GENERAL Possible Trojan Sending Initial Email to Owner
- SUCCESSO (trojan.rules)
 2002984 - ET MALWARE SpySherriff Spyware Activity (malware.rules)
 2002987 - ET MALWARE Jupitersatellites.biz Spyware Download (malware.rules)
 2002988 - ET MALWARE Possible Spambot Checking in to Spam (malware.rules)
 2002990 - ET MALWARE Possible Spambot Pulling IP List to Spam
(malware.rules)
 2002991 - ET MALWARE Possible Spambot getting new exe (malware.rules)
 2002999 - ET MALWARE /jk/exp.wmf Exploit Code Load Attempt (malware.rules)
 2804730 - ETPRO TROJAN Trojan-Downloader.Win32.Hacyayu.ep Checkin
(trojan.rules)
 2816640 - ETPRO TROJAN Win32/TrojanDownloader.Banload Downloading Module
(trojan.rules)


-- 
PGP: 0xBED7B297
<https://pgp.mit.edu/pks/lookup?op=get&search=0x6B68453CBED7B297>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20170511/bc6e4d98/attachment-0001.html>


More information about the Emerging-updates mailing list