[Emerging-updates] Daily Ruleset Update Summary 06/12/2013

Will Metcalf wmetcalf at emergingthreatspro.com
Wed Jun 12 18:26:44 HADT 2013


 [***]          Summary:          [***]

10 new Open. 18 new Pro (10/8). KimJongRAT, SQLi, Unknown EK, altjvm
2012-1533,  Glazunov, FlimKit, Unknown EK, Dropbox SSL download.
CVE-2013-1331 moved from Pro to Open.


 [+++]          Added rules:          [+++]

  Open:
  2017009 - ET TROJAN KimJongRAT cnc exe pull (trojan.rules)
  2017010 - ET WEB_SERVER Possible SQLi xp_cmdshell POST body
(web_server.rules)
  2017011 - ET CURRENT_EVENTS Glazunov EK Downloading Jar
(current_events.rules)
  2017012 - ET CURRENT_EVENTS Possible 2012-1533 altjvm (jvm.dll) Requested
Over WeBDAV (current_events.rules)
  2017013 - ET CURRENT_EVENTS Possible 2012-1533 altjvm RCE via JNLP
command injection (current_events.rules)
  2017014 - ET CURRENT_EVENTS Unknown EK Landing (Payload Downloaded Via
Dropbox) (current_events.rules)
  2017015 - ET POLICY DropBox User Content Access over SSL (policy.rules)
  2017016 - ET CURRENT_EVENTS Unknown EK Jar 1 June 12 2013
(current_events.rules)
  2017017 - ET CURRENT_EVENTS Unknown EK Jar 2 June 12 2013
(current_events.rules)
  2017018 - ET CURRENT_EVENTS Unknown EK Jar 3 June 12 2013
(current_events.rules)

  Pro:
  2806499 - ETPRO WEB_CLIENT Microsoft Internet Explorer Use-After-Free
(web_client.rules)
  2806500 - ETPRO WEB_CLIENT Microsoft Internet Explorer Use-After-Free
(web_client.rules)
  2806501 - ETPRO TROJAN Win32.Jorik.Agent.ppv POST (trojan.rules)
  2806502 - ETPRO TROJAN Win32.Jorik.Agent.ppv GET (trojan.rules)
  2806503 - ETPRO TROJAN Win32/Injector.Autoit.P Checkin (trojan.rules)
  2806504 - ETPRO TROJAN Trojan-Dropper.Win32.FriJoiner.awr Checkin
(trojan.rules)
  2806505 - ETPRO MALWARE AdWare.Win32.Barogo.br Checkin (malware.rules)
  2806506 - ETPRO TROJAN Trojan.Win32.Autoit variant download request
(trojan.rules)


 [///]     Modified active rules:     [///]

  Open:
  2016368 - ET TROJAN Win32/Toby.N Multilocker Checkin (trojan.rules)
  2016840 - ET CURRENT_EVENTS FlimKit Landing (current_events.rules)

  Pro:
  2804607 - ETPRO TROJAN Net-Worm.Win32.Kolab.gen Checkin (trojan.rules)


 [---]         Removed rules:         [---]

  Open:
  2006425 - ET MALWARE Doctorpro.co.kr Related Fake Anti-Spyware Install
Checkin (malware.rules)
  2006426 - ET MALWARE Doctorpro.co.kr Related Fake Anti-Spyware Checkin
(malware.rules)

  Pro:
  2804050 - ETPRO TROJAN Win32/Malushka.A Checkin (trojan.rules)

 [-+-]         Moved rules:         [-+-]

  New:
  2017005 - ET CURRENT_EVENTS Possible Microsoft Office PNG overflow
attempt invalid tEXt chunk length (current_events.rules)
  2017006 - ET EXPLOIT CVE-2013-1331 Microft Office PNG Exploit
plugin-detect script access (exploit.rules)
  2017007 - ET EXPLOIT CVE-2013-1331 Microft Office PNG Exploit
plugin-detect script access (exploit.rules)
  2017008 - ET EXPLOIT CVE-2013-1331 Microft Office PNG Exploit Specific
(exploit.rules)

  Old:
  2806477 - ETPRO CURRENT_EVENTS Possible Microsoft Office PNG overflow
attempt invalid tEXt chunk length (current_events.rules)
  2806478 - ETPRO EXPLOIT CVE-2013-1331 Microft Office PNG Exploit
plugin-detect script access (exploit.rules)
  2806479 - ETPRO EXPLOIT CVE-2013-1331 Microft Office PNG Exploit
plugin-detect script access (exploit.rules)
  2806480 - ETPRO EXPLOIT CVE-2013-1331 Microft Office PNG Exploit Specific
(exploit.rules)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20130612/88bcf52f/attachment.html>


More information about the Emerging-updates mailing list