[Emerging-updates] Daily Ruleset Update Summary 09/03/2013

Will Metcalf wmetcalf at emergingthreatspro.com
Tue Sep 3 14:05:43 HADT 2013


[***]         Summary:          [***]

10 new Open rules. 15 new Pro rules (10/5). Various EK's, CVE-2012-0158 in
mhtml and associated Trojan Activity. Tks  @kahusecurity @snowflow @kafeine.

[+++]          Added rules:          [+++]

  Open:
  2017405 - ET CURRENT_EVENTS Sweet Orange Landing with Applet Aug 30 2013
(current_events.rules)
  2017406 - ET CURRENT_EVENTS Rawin EK Java /victoria.jar
(current_events.rules)
  2017407 - ET CURRENT_EVENTS Sakura Landing with Applet Aug 30 2013
(current_events.rules)
  2017408 - ET CURRENT_EVENTS GondadEK Landing Sept 03 2013
(current_events.rules)
  2017409 - ET CURRENT_EVENTS Possible MHTML CVE-2012-0158 Vulnerable
CLSID+b64 Office Doc Magic 1 (current_events.rules)
  2017410 - ET CURRENT_EVENTS Possible MHTML CVE-2012-0158 Vulnerable
CLSID+b64 Office Doc Magic 2 (current_events.rules)
  2017411 - ET CURRENT_EVENTS Possible MHTML CVE-2012-0158 Vulnerable
CLSID+b64 Office Doc Magic 3 (current_events.rules)
  2017412 - ET TROJAN Gh0st_Apple Checkin (trojan.rules)
  2017413 - ET TROJAN NJRat-backdoor Checkin (trojan.rules)
  2017415 - ET TROJAN Taidoor Checkin (trojan.rules)

  Pro:
  2806944 - ETPRO MOBILE_MALWARE Android/CruseWind.B Checkin
(mobile_malware.rules)
  2806945 - ETPRO MOBILE_MALWARE Android/YZHCSMS.B Checkin
(mobile_malware.rules)
  2806946 - ETPRO TROJAN Trojan-Dropper.Win32.Dapato.cvia Checkin 1
(trojan.rules)
  2806947 - ETPRO TROJAN Variant.Zusy.24405 Checkin (trojan.rules)
  2806948 - ETPRO TROJAN Trojan-Dropper.Win32.Dapato.cvia Checkin 2
(trojan.rules)


 [///]     Modified active rules:     [///]

  2017076 - ET CURRENT_EVENTS BlackHole EK Variant Payload Download
(current_events.rules)

 [---]         Removed rules:         [---]

  2003471 - ET MALWARE Winsoftware.com Spyware Activity (malware.rules)
  2805166 - ETPRO TROJAN Dropper.Injector.lvn Checkin (trojan.rules)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20130903/a7f4c3e6/attachment.html>


More information about the Emerging-updates mailing list