[Emerging-updates] Daily Ruleset Update Summary 01/15/2014

Francis Trudeau ftrudeau at emergingthreats.net
Wed Jan 15 10:35:30 HAST 2014


 [***] Summary: [***]

 3 new Open rules and 6 new Pro (3/3).  Neutrino, ICEFROG, Nuclear EK,
Sefnit.

 Thanks to:  @kafeine, @malforsec, @EKWatcher

 [+++]          Added rules:          [+++]

 Open:

  2017971 - ET CURRENT_EVENTS Possible Neutrino IE/Silverlight Payload
Download (current_events.rules)
  2017972 - ET TROJAN ICEFROG JAR checkin (trojan.rules)
  2017973 - ET CURRENT_EVENTS Nuclear EK CVE-2013-3918
(current_events.rules)

 Pro:

  2807475 - ETPRO TROJAN Win32.Sefnit (trojan.rules)
  2807476 - ETPRO TROJAN Win32/TrojanDownloader.Onkods.V Download
(trojan.rules)
  2807477 - ETPRO TROJAN Trojan-Downloader.Win32.Agent.bofr Checkin
(trojan.rules)


 [+++]  Enabled and modified rules:   [+++]

  2017962 - ET TROJAN PE EXE or DLL Windows file download disguised as
ASCII (trojan.rules)


 [///]     Modified active rules:     [///]

  2013795 - ET TROJAN Bifrose/Cycbot Checkin (trojan.rules)
  2014163 - ET TROJAN Bifrose/Cycbot Checkin 2 (trojan.rules)
  2801190 - ETPRO EXPLOIT Apple CUPS IPP Use-after-free Memory Corruption
byte 0x3E  (exploit.rules)
  2801195 - ETPRO EXPLOIT Apple CUPS IPP Use-after-free Memory Corruption
byte 0x36  (exploit.rules)
  2806112 - ETPRO WEB_CLIENT CVE-2013-0092 GetMarkUpPtr Use After free 1
(web_client.rules)


 [---]  Disabled and modified rules:  [---]

  2801183 - ETPRO EXPLOIT Apple CUPS IPP Use-after-free Memory Corruption
byte 0x37  (exploit.rules)
  2801184 - ETPRO EXPLOIT Apple CUPS IPP Use-after-free Memory Corruption
byte 0x38  (exploit.rules)
  2801185 - ETPRO EXPLOIT Apple CUPS IPP Use-after-free Memory Corruption
byte 0x39  (exploit.rules)
  2801186 - ETPRO EXPLOIT Apple CUPS IPP Use-after-free Memory Corruption
byte 0x3A  (exploit.rules)
  2801187 - ETPRO EXPLOIT Apple CUPS IPP Use-after-free Memory Corruption
byte 0x3B  (exploit.rules)
  2801188 - ETPRO EXPLOIT Apple CUPS IPP Use-after-free Memory Corruption
byte 0x3C  (exploit.rules)
  2801189 - ETPRO EXPLOIT Apple CUPS IPP Use-after-free Memory Corruption
byte 0x3D  (exploit.rules)
  2801191 - ETPRO EXPLOIT Apple CUPS IPP Use-after-free Memory Corruption
byte 0x3F  (exploit.rules)
  2801192 - ETPRO EXPLOIT Apple CUPS IPP Use-after-free Memory Corruption
byte 0x40  (exploit.rules)
  2801193 - ETPRO EXPLOIT Apple CUPS IPP Use-after-free Memory Corruption
byte 0x43  (exploit.rules)
  2801194 - ETPRO EXPLOIT Apple CUPS IPP Use-after-free Memory Corruption
byte 0x35  (exploit.rules)
  2801196 - ETPRO EXPLOIT Apple CUPS IPP Use-after-free Memory Corruption
byte 0x41  (exploit.rules)
  2801197 - ETPRO EXPLOIT Apple CUPS IPP Use-after-free Memory Corruption
byte 0x42  (exploit.rules)
  2801198 - ETPRO EXPLOIT Apple CUPS IPP Use-after-free Memory Corruption
byte 0x44  (exploit.rules)
  2801199 - ETPRO EXPLOIT Apple CUPS IPP Use-after-free Memory Corruption
byte 0x45  (exploit.rules)
  2801200 - ETPRO EXPLOIT Apple CUPS IPP Use-after-free Memory Corruption
byte 0x46  (exploit.rules)
  2801201 - ETPRO EXPLOIT Apple CUPS IPP Use-after-free Memory Corruption
byte 0x47  (exploit.rules)
  2801202 - ETPRO EXPLOIT Apple CUPS IPP Use-after-free Memory Corruption
byte 0x48  (exploit.rules)
  2801203 - ETPRO EXPLOIT Apple CUPS IPP Use-after-free Memory Corruption
byte 0x49  (exploit.rules)


 [---]         Removed rules:         [---]

  2017961 - ET TROJAN PE EXE or DLL Windows file download disguised as
ASCII - SET (trojan.rules)
  2804318 - ETPRO TROJAN Trojan.Win32.Jorik.Gbot.roa Checkin (trojan.rules)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20140115/e1074d77/attachment.html>


More information about the Emerging-updates mailing list