[Emerging-updates] Daily Ruleset Update Summary 06/13/2014

Will Metcalf wmetcalf at emergingthreatspro.com
Fri Jun 13 17:12:26 EDT 2014


[***]          Summary:          [***]

7 new Open, 10 new Pro (7/3) Ramnit, DTLS Fragmented Client Hello,
BleedingLife EK, Thanks Kevin Ross.

[+++]          Added rules:          [+++]

  Open:
  2018558 - ET TROJAN Win32/Ramnit Checkin (trojan.rules)
  2018559 - ET CURRENT_EVENTS SUSPICIOUS DTLS Pre 1.0 Fragmented Client
Hello Possible CVE-2014-0195 (current_events.rules)
  2018560 - ET CURRENT_EVENTS SUSPICIOUS DTLS 1.0 Fragmented Client Hello
Possible CVE-2014-0195 (current_events.rules)
  2018561 - ET CURRENT_EVENTS SUSPICIOUS DTLS 1.2 Fragmented Client Hello
Possible CVE-2014-0195 (current_events.rules)
  2018562 - ET CURRENT_EVENTS BleedingLife Exploit Kit Landing Page
Requested (current_events.rules)
  2018563 - ET CURRENT_EVENTS BleedingLife Exploit Kit SWF Exploit Request
(current_events.rules)
  2018564 - ET CURRENT_EVENTS BleedingLife Exploit Kit JAR Exploit Request
(current_events.rules)

  Pro:
  2808183 - ETPRO TROJAN Backdoor.Win32.Androm.dtrv Ex-filtrating Data
(trojan.rules)
  2808184 - ETPRO TROJAN Win32/Agent.QJH Checkin (trojan.rules)
  2808185 - ETPRO MALWARE Win32/BrowseFox.H Checkin (malware.rules)


 [///]     Modified active rules:     [///]

  Open:
  2017398 - ET POLICY Internal Host Retrieving External IP via icanhazip.com
- Possible Infection (policy.rules)

  Pro:
  2807798 - ETPRO TROJAN Sasfis CnC (trojan.rules)


 [---]         Removed rules:         [---]

  Open:
  2014131 - ET TROJAN W32/Ramnit Initial CnC Connection (trojan.rules)

  Pro:
  2803880 - ETPRO TROJAN Win32/Sality.AT Checkin (trojan.rules)
  2806456 - ETPRO TROJAN Win32/Ramnit Checkin (trojan.rules)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20140613/9a4b6cfc/attachment.html>


More information about the Emerging-updates mailing list