[Emerging-updates] Daily Ruleset Update Summary 01/16/2014

Francis Trudeau ftrudeau at emergingthreats.net
Thu Jan 16 13:44:57 HAST 2014


 [***] Summary: [***]

 8 new Open rules, 16 new Pro (8/8).  PCRat/Gh0st, AnglerEK, njRAT,
ghstnet/ Updatre SSL certs.

 Thanks to @kafeine, @EKWatcher, and @rmkml for all their help.

 [+++]          Added rules:          [+++]

 Open:

  2017974 - ET TROJAN Backdoor family PCRat/Gh0st CnC traffic (OUTBOUND) 15
(trojan.rules)
  2017975 - ET CURRENT_EVENTS Possible AnglerEK Landing URI Struct
(current_events.rules)
  2017976 - ET CURRENT_EVENTS Possible AnglerEK Java Exploit/Payload
Structure Jan 16 2014 (current_events.rules)
  2017977 - ET CURRENT_EVENTS Possible Updatre SSL Certificate cardiffpower
(current_events.rules)
  2017978 - ET CURRENT_EVENTS Possible Updatre Compromised SSL Certificate
marchsf (current_events.rules)
  2017979 - ET CURRENT_EVENTS Possible Updatre Compromised SSL Certificate
california89 (current_events.rules)
  2017980 - ET INFO InformationCardSigninHelper ClassID (Vulnerable ActiveX
Control in CVE-2013-3918) (info.rules)
  2017981 - ET CURRENT_EVENTS Possible Updatre Compromised SSL Certificate
thebostonshaker (current_events.rules)

 Pro:

  2807478 - ETPRO TROJAN Bladabindi/njRAT CnC Command (ll) (trojan.rules)
  2807479 - ETPRO TROJAN Neglemir.A Checkin (trojan.rules)
  2807480 - ETPRO TROJAN ghstnet Bot User Joining IRC (trojan.rules)
  2807481 - ETPRO TROJAN Win32.Viking.j Checkin (trojan.rules)
  2807482 - ETPRO TROJAN Win32/Startpage.JT Checkin (trojan.rules)
  2807483 - ETPRO TROJAN Win32/Hostil.B Checkin (trojan.rules)
  2807484 - ETPRO TROJAN SHeur4.BHUE Checkin (trojan.rules)
  2807485 - ETPRO TROJAN Win32/Bervod.A 2 (trojan.rules)


 [///]     Modified active rules:     [///]

  2017729 - ET CURRENT_EVENTS Angler Landing Nov 18 2013
(current_events.rules)
  2017732 - ET CURRENT_EVENTS Possible Styx/Angler SilverLight Exploit
(current_events.rules)
  2017972 - ET TROJAN ICEFOG JAVAFOG JAR checkin (trojan.rules)
  2802828 - ETPRO TROJAN Win32.Fibbit.ax Checkin 1 (trojan.rules)
  2804175 - ETPRO INFO DYNAMIC_DNS Query to a *.ddns.me.uk Domain
(info.rules)
  2806502 - ETPRO TROJAN Win32.Jorik.Agent.ppv GET (trojan.rules)
  2807472 - ETPRO TROJAN Win32/Bervod.A (trojan.rules)


 [---]  Disabled and modified rules:  [---]

  2801190 - ETPRO EXPLOIT Apple CUPS IPP Use-after-free Memory Corruption
byte 0x3E  (exploit.rules)
  2801195 - ETPRO EXPLOIT Apple CUPS IPP Use-after-free Memory Corruption
byte 0x36  (exploit.rules)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20140116/8e0fd869/attachment.html>


More information about the Emerging-updates mailing list