[Emerging-updates] Daily Ruleset Update Summary 2016/02/09

Will Metcalf wmetcalf at emergingthreatspro.com
Tue Feb 9 19:07:07 EST 2016


 [***]          Summary:              [***]

 49 new Rules MS Tuesday, Mizzmo, HydraCrypt, Ironhalo, etc.

 https://www.proofpoint.com/us/patch-tuesday-summary-20160209

 [+++]          Added rules:          [+++]

  2816123 - ETPRO WEB_CLIENT Microsoft Rich Text File download with
malformed drawing objects (CVE-2016-0022) (web_client.rules)
  2816124 - ETPRO WEB_CLIENT Possible Malformed XSLT Payload Inbound
(CVE-2016-0033) M1 (web_client.rules)
  2816125 - ETPRO WEB_CLIENT Possible Malformed XSLT Payload Inbound
(CVE-2016-0033) M2 (web_client.rules)
  2816126 - ETPRO EXPLOIT MS41-009 Office DLL Loading RCE M01
(CVE-2016-0041) (exploit.rules)
  2816127 - ETPRO EXPLOIT MS41-009 Office DLL Loading RCE M02
(CVE-2016-0041) (exploit.rules)
  2816128 - ETPRO EXPLOIT MS41-009 Office DLL Loading RCE M03
(CVE-2016-0041) (exploit.rules)
  2816129 - ETPRO EXPLOIT MS41-009 Office DLL Loading RCE M04
(CVE-2016-0041) (exploit.rules)
  2816130 - ETPRO EXPLOIT MS41-009 Office DLL Loading RCE M05
(CVE-2016-0041) (exploit.rules)
  2816131 - ETPRO EXPLOIT MS41-009 Office DLL Loading RCE M06
(CVE-2016-0041) (exploit.rules)
  2816132 - ETPRO WEB_CLIENT Microsoft Rich Text File download with
vulnerable clsid (CVE-2016-0042) (web_client.rules)
  2816133 - ETPRO NETBIOS Microsoft Office Insecure Library Loading - SMB
ASCII (CVE-2016-0042) (netbios.rules)
  2816134 - ETPRO NETBIOS Microsoft Office Insecure Library Loading - SMB
Unicode (CVE-2016-0042) (netbios.rules)
  2816135 - ETPRO WEB_CLIENT Microsoft Office Insecure Library Loading
WebDAV GET (CVE-2016-0042) (web_client.rules)
  2816136 - ETPRO NETBIOS Microsoft Office Insecure Library Loading - SMB
ASCII (CVE-2016-0042) 2 (netbios.rules)
  2816137 - ETPRO NETBIOS Microsoft Office Insecure Library Loading - SMB
Unicode (CVE-2016-0042) 2 (netbios.rules)
  2816138 - ETPRO WEB_CLIENT Microsoft Office Insecure Library Loading
WebDAV GET (CVE-2016-0042) 2 (web_client.rules)
  2816139 - ETPRO EXPLOIT Microsoft Office Memory Corruption Vulnerability
(CVE-2016-0053) (exploit.rules)
  2816140 - ETPRO WEB_CLIENT Internet Explorer Memory Corruption
Vulnerability (CVE-2016-0060) (web_client.rules)
  2816141 - ETPRO WEB_CLIENT Internet Explorer Memory Corruption
Vulnerability (CVE-2016-0063) (web_client.rules)
  2816142 - ETPRO WEB_CLIENT Possible Internet Explorer Memory Corruption
Vulnerability CVE-2016-0067 (web_client.rules)
  2816143 - ETPRO WEB_CLIENT Possible Internet Explorer Memory Corruption
Vulnerability CVE-2016-0072 (web_client.rules)
  2816144 - ETPRO TROJAN Win32/VertexNet CnC Checkin (trojan.rules)
  2816145 - ETPRO MOBILE_MALWARE Android.Riskware.Abloshec.A Checkin
(mobile_malware.rules)
  2816146 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(2016-02-09 1) (trojan.rules)
  2816147 - ETPRO TROJAN Backdoor.Mizzmo Checkin 5 (trojan.rules)
  2816148 - ETPRO TROJAN Malicious SSL certificate detected
(Backdoor.Mizzmo) (trojan.rules)
  2816149 - ETPRO MOBILE_MALWARE Android.Trojan.InfoStealer.FY Checkin
(mobile_malware.rules)
  2816150 - ETPRO MALWARE MSIL/Adware.PullUpdate Application Activity
(malware.rules)
  2816151 - ETPRO TROJAN Backdoor.Mizzmo Checkin 3 (trojan.rules)
  2816152 - ETPRO TROJAN Backdoor.Mizzmo CnC Beacon 2 (trojan.rules)
  2816153 - ETPRO TROJAN Chute CnC Beacon (trojan.rules)
  2816154 - ETPRO TROJAN Backdoor.Mizzmo Checkin 1 (trojan.rules)
  2816155 - ETPRO TROJAN Backdoor.Mizzmo Checkin 2 (trojan.rules)
  2816156 - ETPRO TROJAN Backdoor.Mizzmo CnC Beacon (trojan.rules)
  2816157 - ETPRO TROJAN Backdoor.Mizzmo Generic CnC Beacon (trojan.rules)
  2816158 - ETPRO MALWARE W32/Unknown Checkin (Dropped by Neutrino EK)
(malware.rules)
  2816159 - ETPRO MALWARE W32/Unknown Checkin 2 (Dropped by Neutrino EK)
(malware.rules)
  2816160 - ETPRO TROJAN Qadars CnC SSL Cert (trojan.rules)
  2816161 - ETPRO TROJAN Possible Ironhalo Receiving Encoded Payload M1
(trojan.rules)
  2816162 - ETPRO TROJAN Possible Ironhalo Receiving Encoded Payload M2
(trojan.rules)
  2816163 - ETPRO TROJAN Possible Ironhalo Receiving Encoded Payload M3
(trojan.rules)
  2816164 - ETPRO TROJAN Ursnif Variant Retrieving DGA Seed (trojan.rules)
  2816165 - ETPRO TROJAN Win32/HydraCrypt CnC Beacon 2 (trojan.rules)
  2816166 - ETPRO TROJAN Backdoor.Mizzmo CnC Beacon Response (trojan.rules)
  2816167 - ETPRO MOBILE_MALWARE Trojan-Downloader.AndroidOS.Kloncer.a
Checkin (mobile_malware.rules)
  2816168 - ETPRO MOBILE_MALWARE Android.Trojan.HiddenApp.XXS Checkin
(mobile_malware.rules)
  2816169 - ETPRO MOBILE_MALWARE Backdoor.AndroidOS.Agent.cb Checkin
(mobile_malware.rules)
  2816170 - ETPRO MOBILE_MALWARE Backdoor.AndroidOS.Agent.cb Checkin 2
(mobile_malware.rules)
  2816171 - ETPRO TROJAN Smoke/Sharik HTTP 404 Containing EXE (trojan.rules)


 [///]     Modified active rules:     [///]

  2815720 - ETPRO EXPLOIT MS16-007 Office DLL Loading RCE M11
(CVE-2016-0016) (exploit.rules)
  2816057 - ETPRO TROJAN Win32/iSpySoft PWS Asset Download (trojan.rules)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20160209/d2add9c7/attachment.html>


More information about the Emerging-updates mailing list