[Emerging-updates] Daily Ruleset Update Summary 6/14/2013

Matt Jonkman jonkman at emergingthreats.net
Fri Jun 14 15:07:54 HADT 2013


3 new Open rules, 5 new pro for 8 total.

Important new exploit kit in there, thanks to the usual suspects!


 [+++]          Added rules:          [+++]

  2017019 - ET CURRENT_EVENTS Dotka Chef EK .cache request
(current_events.rules)
  2017020 - ET CURRENT_EVENTS Dotka Chef EK exploit/payload URI request
(current_events.rules)
  2017021 - ET TROJAN TripleNine RAT Checkin (trojan.rules)

Pro sigs:
  2806512 - ETPRO TROJAN Uptime.RAT Checkin (trojan.rules)
  2806513 - ETPRO TROJAN Win32.Jadtre Checkin/exe Request (trojan.rules)
  2806514 - ETPRO TROJAN Post_show RAT checkin (trojan.rules)
  2806515 - ETPRO TROJAN Win32.Kazy variant Checkin 1 (trojan.rules)
  2806516 - ETPRO TROJAN Win32/Kazy variant Checkin 2 (trojan.rules)


 [///]     Modified active rules:     [///]

  2002955 - ET MALWARE Win32/Tibs Checkin (malware.rules)
  2017002 - ET CURRENT_EVENTS Kuluoz.B Shipping Label Spam Campaign
(current_events.rules)

Pro:
  2805906 - ETPRO TROJAN Win32/Tedroo.A/Grum Checkin (trojan.rules)


 [---]  Disabled and modified rules:  [---]

  2002853 - ET DOS FreeBSD NFS RPC Kernel Panic (dos.rules)
  2103043 - GPL NETBIOS SMB NT Trans NT CREATE andx invalid SACL ace size
dos attempt (netbios.rules)
  2800103 - ETPRO EXPLOIT Borland Interbase Database Service Create-Request
Buffer Overflow (exploit.rules)
  2800464 - ETPRO EXPLOIT Symantec Alert Management System Intel File
Transfer Service Arbitrary Program Execution (exploit.rules)
  2800726 - ETPRO DOS Microsoft Windows MSDTC Denial of Service
Vulnerability (dos.rules)
  2800727 - ETPRO DOS Microsoft Windows MSDTC Denial of Service
Vulnerability (dos.rules)


 [---]         Removed rules:         [---]

  2003408 - ET TROJAN Zhelatin Variant Checkin (trojan.rules)
  2007842 - ET MALWARE Softspydelete.com Fake Anti-Spyware Checkin
(malware.rules)
  2802931 - ETPRO TROJAN Drstwex.A Checkin (trojan.rules)



-- 

----------------------------------------------------
Matt Jonkman
Emerging Threats Pro
Open Information Security Foundation (OISF)
Phone 866-504-2523 x110
http://www.emergingthreatspro.com
http://www.openinfosecfoundation.org
----------------------------------------------------
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20130614/b1527bea/attachment.html>


More information about the Emerging-updates mailing list