[Emerging-updates] Daily Ruleset Update Summary 01/17/2014

Francis Trudeau ftrudeau at emergingthreats.net
Fri Jan 17 10:37:57 HAST 2014


 [***] Summary: [***]

 6 new Open rules, 16 new Pro (6/10).  Kraddare, Mamianune, Autoit,
AnglerEK, Java/Jacksbot.

 Thanks to:  @EKwatcher and @c_APT_ure

 [+++]          Added rules:          [+++]

 Open:

  2017982 - ET MALWARE Suspicious User-Agent 100 non-printable char
(malware.rules)
  2017983 - ET TROJAN Java/Jacksbot Check-in (trojan.rules)
  2017984 - ET CURRENT_EVENTS Angler EK encrypted binary (1) Jan 17 2013
(current_events.rules)
  2017985 - ET CURRENT_EVENTS Angler EK encrypted binary (2) Jan 17 2013
(current_events.rules)
  2017986 - ET CURRENT_EVENTS Angler EK encrypted binary (3) Jan 17 2013
(current_events.rules)
  2017987 - ET CURRENT_EVENTS Upatre SSL Compromised site appsredeeem
(current_events.rules)

 Pro:

  2807486 - ETPRO TROJAN Worm.Win32/Mamianune.gen spreading via SMTP
(trojan.rules)
  2807487 - ETPRO MALWARE Win32.Kraddare.FZ Checkin (malware.rules)
  2807488 - ETPRO MALWARE Win32.Kraddare.FZ Update (malware.rules)
  2807489 - ETPRO TROJAN Win32/Layrui.A Checkin (trojan.rules)
  2807490 - ETPRO TROJAN Trojan-Dropper.Win32.Sysn.aajj Checkin
(trojan.rules)
  2807491 - ETPRO SCADA IntegraXor Stack Buffer Overflow (scada.rules)
  2807492 - ETPRO MALWARE Adware.NetBoad User-Agent (Netboan)
(malware.rules)
  2807493 - ETPRO MALWARE Adware.NetBoad Checkin (malware.rules)
  2807494 - ETPRO TROJAN Trojan-Dropper.Win32.Sysn.aajj Checkin 2
(trojan.rules)
  2807495 - ETPRO TROJAN Trojan.Win32.Autoit.zk Checkin (trojan.rules)


 [///]     Modified active rules:     [///]

  2017191 - ET TROJAN Win32/Kelihos.F Checkin (trojan.rules)
  2017569 - ET CURRENT_EVENTS Angler EK Landing Page (current_events.rules)
  2017729 - ET CURRENT_EVENTS Angler Landing Nov 18 2013
(current_events.rules)
  2017732 - ET CURRENT_EVENTS Possible Styx/Angler SilverLight Exploit
(current_events.rules)
  2017975 - ET CURRENT_EVENTS Possible AnglerEK Landing URI Struct
(current_events.rules)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20140117/f8e1b0ac/attachment.html>


More information about the Emerging-updates mailing list