[Emerging-updates] Daily Ruleset Update Summary 2016/05/06

Francis Trudeau ftrudeau at emergingthreats.net
Sat May 7 15:52:17 EDT 2016


 [***] Summary: [***]

 2 new Open signatures, 16 new Pro (2 + 14).  Sundown/Xer EK, PoisonIvy,
CVE-2014-6332.

 Thanks: @malware_traffic and Jeff H.

 [+++]          Added rules:          [+++]

 Open:

  2022797 - ET EXPLOIT Possible Internet Explorer VBscript failure to
handle error case information disclosure CVE-2014-6332 Common Construct M2
(exploit.rules)
  2022798 - ET TROJAN Unknown Chinese Ransomware Possible Payment Page
(trojan.rules)

 Pro:

  2820081 - ETPRO TROJAN PoisonIvy Keepalive to CnC 330 (trojan.rules)
  2820082 - ETPRO TROJAN PoisonIvy Keepalive to CnC 331 (trojan.rules)
  2820083 - ETPRO CURRENT_EVENTS CVE-2013-2551 M1 (b641) Observed in
Sundown/Xer EK (current_events.rules)
  2820084 - ETPRO CURRENT_EVENTS CVE-2013-2551 M1 (b642) Observed in
Sundown/Xer EK (current_events.rules)
  2820085 - ETPRO CURRENT_EVENTS CVE-2013-2551 M1 (b643) Observed in
Sundown/Xer EK (current_events.rules)
  2820086 - ETPRO CURRENT_EVENTS CVE-2015-2419 M1 (b641) Observed in
Sundown/Xer EK (current_events.rules)
  2820087 - ETPRO CURRENT_EVENTS CVE-2015-2419 M1 (b642) Observed in
Sundown/Xer EK (current_events.rules)
  2820088 - ETPRO CURRENT_EVENTS CVE-2015-2419 M1 (b643) Observed in
Sundown/Xer EK (current_events.rules)
  2820089 - ETPRO CURRENT_EVENTS Sundown/Xer EK Landing May 05 2016 (b641)
(current_events.rules)
  2820090 - ETPRO CURRENT_EVENTS Sundown/Xer EK Landing May 05 2016 (b642)
(current_events.rules)
  2820091 - ETPRO CURRENT_EVENTS Sundown/Xer EK Landing May 05 2016 (b642)
(current_events.rules)
  2820092 - ETPRO MOBILE_MALWARE Android/Spy.Agent.US Checkin
(mobile_malware.rules)
  2820093 - ETPRO CURRENT_EVENTS Sundown/Xer EK Landing May 05 2016 M2
(b641) (current_events.rules)
  2820094 - ETPRO CURRENT_EVENTS Sundown/Xer EK Landing May 05 2016 M2
(b642) (current_events.rules)


 [///]     Modified active rules:     [///]

  2020422 - ET MALWARE MultiPlug.J Checkin (malware.rules)
  2022789 - ET WEB_SERVER ImageMagick CVE-2016-3714 Inbound (mvg)
(web_server.rules)
  2022790 - ET WEB_SERVER ImageMagick CVE-2016-3714 Inbound (svg)
(web_server.rules)
  2022791 - ET WEB_SERVER ImageMagick CVE-2016-3718 SSRF Inbound (mvg +
fill + url) (web_server.rules)
  2022792 - ET WEB_SERVER ImageMagick CVE-2016-3715 File Deletion Inbound
(ephermeral:+ mvg) (web_server.rules)
  2022793 - ET WEB_SERVER ImageMagick CVE-2016-3716 Move File Inbound (msl:
+ mvg) (web_server.rules)
  2022794 - ET WEB_SERVER ImageMagick CVE-2016-3717 Local File Read Inbound
(label: + mvg) (web_server.rules)
  2808577 - ETPRO TROJAN Win32/Tofsee Loader Config Download (trojan.rules)
  2812067 - ETPRO TROJAN SOGU DNS CnC Channel TXT Lookup (trojan.rules)
  2814810 - ETPRO TROJAN TinyDownloader Retrieving PE (trojan.rules)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20160507/29860fb9/attachment.html>


More information about the Emerging-updates mailing list