[Emerging-updates] Daily Ruleset Update Summary 11/11/2014

Francis Trudeau ftrudeau at emergingthreats.net
Tue Nov 11 17:21:38 EST 2014


 [***] Summary: [***]

 11 new Open signatures, 35 new Pro (11 + 24).  MS Patch Tuesday,
Dridex, Dyre, BillGates.

 Thanks:  Kevin Ross, Russell Fulton, tdzmont, @malwaresigs,
@EKwatcher, @rmkml, @abuse_ch and @c_APT_ure.

 [+++]          Added rules:          [+++]

  2019691 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (Dyre CnC) (trojan.rules)
  2019692 - ET TROJAN Possible Emotet DGA NXDOMAIN Responses (trojan.rules)
  2019693 - ET TROJAN Emotet Checkin (trojan.rules)
  2019696 - ET CURRENT_EVENTS Possible Dridex Campaign Download Nov 11
2014 (current_events.rules)
  2019697 - ET CURRENT_EVENTS Possible Dridex Campaign Download Nov 11
2014 (current_events.rules)
  2019698 - ET CURRENT_EVENTS Win32/Zbot SSL Cert Nov 11 2014
(current_events.rules)
  2019699 - ET CURRENT_EVENTS Possible Dyre SSL Cert Nov 11 2014
(current_events.rules)
  2019700 - ET CURRENT_EVENTS Possible Dyre SSL Cert Nov 11 2014
(current_events.rules)
  2019701 - ET CURRENT_EVENTS Possible Dyre SSL Cert Nov 11 2014
(current_events.rules)
  2019702 - ET CURRENT_EVENTS Possible Dyre SSL Cert Nov 11 2014
(current_events.rules)
  2019703 - ET CURRENT_EVENTS Possible Dyre SSL Cert Nov 11 2014
(current_events.rules)

 Pro:

  2809140 - ETPRO MOBILE_MALWARE Android.Trojan.InfoStealer.BZ Checkin
(mobile_malware.rules)
  2809142 - ETPRO WEB_SERVER Microsoft Sharepoint XSS attempt
(2014-4116) (web_server.rules)
  2809143 - ETPRO WEB_CLIENT Possible Internet Explorer
CSecurityContext Use-After-Free CVE-2014-4143 (web_client.rules)
  2809144 - ETPRO WEB_CLIENT Possible Internet Explorer
IE_AudioSrv_SandboxEscape (CVE-2014-6322) (web_client.rules)
  2809145 - ETPRO WEB_CLIENT Possible Internet Explorer clipboardData
Use-After-Free CVE-2014-6323 (web_client.rules)
  2809147 - ETPRO WEB_CLIENT Possible Internet Explorer VBscript
failure to handle error case information disclosure CVE-2014-6332
(web_client.rules)
  2809148 - ETPRO WEB_CLIENT Microsoft Word RCE (CVE-2014-6333)
(web_client.rules)
  2809149 - ETPRO WEB_CLIENT Microsoft Word RCE (CVE-2014-6334)
(web_client.rules)
  2809152 - ETPRO WEB_CLIENT Microsoft Internet Explorer Memory
Corruption Vulnerability CVE-2014-6337 (web_client.rules)
  2809153 - ETPRO WEB_CLIENT Microsoft Internet Explorer ASLR Bypass
CVE-2014-6339 (web_client.rules)
  2809154 - ETPRO WEB_CLIENT Possible Internet Explorer Cross-domain
Information Disclosure CVE-2014-6340 (web_client.rules)
  2809155 - ETPRO WEB_CLIENT Possible Internet Explorer CStyleSheet
Use-After-Free CVE-2014-6341 (web_client.rules)
  2809156 - ETPRO WEB_CLIENT Possible Internet Explorer out of bounds
write RCE CVE-2014-6342 (web_client.rules)
  2809157 - ETPRO WEB_CLIENT Possible Internet Explorer  JavaScript
parsing error Information Disclosure CVE-2014-6345 (web_client.rules)
  2809158 - ETPRO WEB_CLIENT IE Memory Corruption Vulnerability
CVE-2014-6347 (web_client.rules)
  2809159 - ETPRO WEB_CLIENT IE Memory Corruption Vulnerability
CVE-2014-6347 (web_client.rules)
  2809160 - ETPRO WEB_CLIENT IE Memory Corruption Vulnerability
CVE-2014-6347 (web_client.rules)
  2809161 - ETPRO WEB_CLIENT Possible IE Memory Corruption
Vulnerability CVE-2014-6351 (web_client.rules)
  2809162 - ETPRO WEB_CLIENT IE Memory Corruption Vulnerability
CVE-2014-6353 (web_client.rules)
  2809163 - ETPRO CURRENT_EVENTS Win32 common ROP chain (current_events.rules)
  2809164 - ETPRO MOBILE_MALWARE AndroidOS/Aks.B Checkin (mobile_malware.rules)
  2809165 - ETPRO TROJAN BillGates Variant CnC (trojan.rules)
  2809166 - ETPRO TROJAN W32/Ransom.JD Checkin (trojan.rules)
  2809167 - ETPRO TROJAN Win32/Injector.BOIK Downloader Checkin (trojan.rules)


 [///]     Modified active rules:     [///]

  2019689 - ET CURRENT_EVENTS Job314 EK Landing Nov 10 2014
(current_events.rules)
  2019690 - ET CURRENT_EVENTS Archie EK Landing Nov 10 2014
(current_events.rules)
  2808199 - ETPRO MOBILE_MALWARE Android.Trojan.FakeInst.DZ Checkin
(mobile_malware.rules)
  2809079 - ETPRO TROJAN Win32/Zemot Requesting PE (trojan.rules)


More information about the Emerging-updates mailing list