[Emerging-updates] Daily Ruleset Update Summary 09/19/2013

Will Metcalf wmetcalf at emergingthreatspro.com
Thu Sep 19 16:38:03 HADT 2013


[***]          Summary:          [***]

16 new Open rules. 19 new Pro rules (16/3). Rawin, Unknown EK, Neutrino,
Cool, Possible JavaFX click2play bypass, Suri LuaJIT. Thanks to Chris
Wakelin, Eoin Miller, Kevin Ross, @kafeine, @urlquery, all.

[+++]          Added rules:          [+++]

  Open:
  2016507 - ET TROJAN W32/Caphaw Requesting Additional Modules From CnC
(trojan.rules)
  2017483 - ET CURRENT_EVENTS Unknown EK Using Office/.Net ROP/ASLR Bypass
(current_events.rules)
  2017484 - ET CURRENT_EVENTS Unknown EK Using Office/.Net ROP/ASLR Bypass
(current_events.rules)
  2017485 - ET CURRENT_EVENTS Unknown EK Using Office/.Net ROP/ASLR Bypass
(current_events.rules)
  2017486 - ET CURRENT_EVENTS Unknown EK Using Office/.Net ROP/ASLR Bypass
(current_events.rules)
  2017487 - ET CURRENT_EVENTS Unknown EK Using Office/.Net ROP/ASLR Bypass
(current_events.rules)
  2017488 - ET CURRENT_EVENTS Unknown EK Using Office/.Net ROP/ASLR Bypass
(current_events.rules)
  2017489 - ET TROJAN W32/Zzinfor.A Retrieving Instructions From CnC Server
(trojan.rules)
  2017490 - ET TROJAN W32/Downloader.Mevade.FBV CnC Beacon (trojan.rules)
  2017491 - ET CURRENT_EVENTS Neutrino EK Landing URI Format Sep 19 2013
 (current_events.rules)
  2017492 - ET CURRENT_EVENTS Possible Neutrino EK Java Exploit Download Sep
19 2013 (current_events.rules)
  2017493 - ET CURRENT_EVENTS Possible Neutrino EK Java Payload Download Sep
19 2013 (current_events.rules)
  2017494 - ET CURRENT_EVENTS Possible JavaFX Click To Run Bypass 1
(current_events.rules)
  2017495 - ET CURRENT_EVENTS Possible JavaFX Click To Run Bypass 2
(current_events.rules)
  2017496 - ET CURRENT_EVENTS Possible JavaFX Click To Run Bypass 3
(current_events.rules)
  2017497 - ET CURRENT_EVENTS Rawin EK - Java Exploit - bona.jar
(current_events.rules)

  Pro:
  2807048 - ETPRO TROJAN Trojan-GameThief.Win32.WOW Checkin (trojan.rules)
  2807049 - ETPRO MALWARE AdWare.Win32.BetterInternet.a Checkin
(malware.rules)
  2807050 - ETPRO MALWARE Win32/Adware.Lollipop Checkin 2 (malware.rules)


 [///]     Modified active rules:     [///]

  2014601 - ET TROJAN Win32/Nitol.B Checkin (trojan.rules)
  2016348 - ET CURRENT_EVENTS WhiteHole Exploit Landing Page
(current_events.rules)
  2016349 - ET CURRENT_EVENTS WhiteHole Exploit Kit Jar Request
(current_events.rules)
  2017140 - ET CURRENT_EVENTS Possible Blackhole EK Jar Download URI Struct
(current_events.rules)
  2017474 - ET CURRENT_EVENTS CoolEK Variant Landing Page - Applet Sep 16
2013 (current_events.rules)
  2017477 - ET WEB_CLIENT CVE-2013-3893 Possible IE Memory Corruption
Vulnerability with HXDS ASLR Bypass (web_client.rules)

 [---]         Removed rules:         [---]

  2017414 - ET TROJAN Unknown Malware CnC response with exe file
(trojan.rules)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20130919/b478d272/attachment.html>


More information about the Emerging-updates mailing list