[Emerging-updates] Daily Ruleset Update Summary 08/06/2014

Will Metcalf wmetcalf at emergingthreatspro.com
Wed Aug 6 17:56:28 EDT 2014


[***]          Summary:          [***]

  9 new Open rules. 12 new Pro (9/3). BITTERBUG, Dyre, BrowseFox, STUN,
etc. Tks Nathan Fowler.

[+++]          Added rules:          [+++]

  Open:
  2018899 - ET MALWARE Win32/BrowseFox.H Checkin 2 (malware.rules)
  2018900 - ET TROJAN BITTERBUG Checkin (trojan.rules)
  2018901 - ET TROJAN  BITTERBUG Checkin 2 (trojan.rules)
  2018902 - ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL
certificate detected (KINS C2) (trojan.rules)
  2018903 - ET TROJAN Dyre SSL Self-Signed Cert Aug 06 2014 (trojan.rules)
  2018904 - ET INFO Session Traversal Utilities for NAT (STUN Binding
Request obsolete rfc 3489 CHANGE-REQUEST attribute change IP flag false
change port flag false) (info.rules)
  2018905 - ET INFO Session Traversal Utilities for NAT (STUN Binding
Request obsolete rfc 3489 CHANGE-REQUEST attribute change IP flag false
change port flag true) (info.rules)
  2018906 - ET INFO Session Traversal Utilities for NAT (STUN Binding
Request obsolete rfc 3489 CHANGE-REQUEST attribute change IP flag true
change port flag false) (info.rules)
  2018907 - ET INFO Session Traversal Utilities for NAT (STUN Binding
Request obsolete rfc 3489 CHANGE-REQUEST attribute change IP flag true
change port flag true) (info.rules)

  Pro:
  2808516 - ETPRO MOBILE_MALWARE SMSPay.D Checkin (mobile_malware.rules)
  2808517 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.MisoSMS.a Response
SET (mobile_malware.rules)
  2808518 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.MisoSMS.a Response
(mobile_malware.rules)


 [///]     Modified active rules:     [///]

  Open:
  2015556 - ET WEB_CLIENT Potential MSXML2.DOMDocument ActiveXObject
Uninitialized Memory Corruption Attempt (web_client.rules)

  Pro:
  2806155 - ETPRO TROJAN Worm.Win32.Vobfus Checkin 3 (trojan.rules)
  2808012 - ETPRO TROJAN Win32/Tofsee.AX google.com connectivity check
(trojan.rules)
  2808395 - ETPRO TROJAN Win32/Rovnix.H checkin (trojan.rules)


 [---]  Disabled and modified rules:  [---]

  Open:
  2001058 - ET EXPLOIT libpng tRNS overflow attempt (exploit.rules)
  2012134 - ET ACTIVEX SigPlus Pro 3.74 ActiveX LCDWriteString Method
Remote Buffer Overflow (activex.rules)
  2017169 - ET CURRENT_EVENTS FlimKit Landing 07/22/13 2
(current_events.rules)
  2017346 - ET CURRENT_EVENTS Blackhole/Cool obfuscated plugindetect in
charcodes w/o sep Jul 10 2013 (current_events.rules)
  2017463 - ET WEB_CLIENT MS13-055 CAnchorElement Use-After-Free
(web_client.rules)
  2017474 - ET CURRENT_EVENTS CoolEK Variant Landing Page - Applet Sep 16
2013 (current_events.rules)
  2017487 - ET CURRENT_EVENTS Unknown EK Using Office/.Net ROP/ASLR Bypass
(current_events.rules)

  Pro:
  2806355 - ETPRO WEB_CLIENT Microsoft Internet Explorer cross-domain JSON
file content disclosure (web_client.rules)
  2806356 - ETPRO WEB_CLIENT Microsoft Internet Explorer Use-After-Free
(web_client.rules)
  2806487 - ETPRO WEB_CLIENT Interent Explorer Use-After-Free CVE-2013-3120
(web_client.rules)
  2806491 - ETPRO WEB_CLIENT Microsoft Internet Explorer Use-After-Free
(web_client.rules)
  2807203 - ETPRO WEB_CLIENT Microsoft Internet Explorer Use-After-Free
(CVE-2013-3871) 3 (web_client.rules)
  2807642 - ETPRO WEB_CLIENT Microsoft Internet Explorer Use After free
(CVE-2014-0271) (web_client.rules)
  2807660 - ETPRO WEB_CLIENT Possible Microsoft Internet Explorer Use After
free (CVE-2014-0289) (web_client.rules)
  2807924 - ETPRO CURRENT_EVENTS DRIVEBY Goon/Infinity EK Landing Apr 02
2014 (current_events.rules)
  2808151 - ETPRO WEB_CLIENT Microsoft Internet Explorer Use After free
(CVE-2014-1800) (web_client.rules)


 [---]         Removed rules:         [---]

  2808461 - ETPRO MALWARE Win32/BrowseFox.H Checkin 2 (malware.rules)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20140806/847a0578/attachment.html>


More information about the Emerging-updates mailing list