Login  |  Register
Emerging Threats

Daily Ruleset Update Summary 09/19/2013

[***] Summary: [***]

16 new Open rules. 19 new Pro rules (16/3). Rawin, Unknown EK, Neutrino, Cool, Possible JavaFX click2play bypass, Suri LuaJIT. Thanks to Chris Wakelin, Eoin Miller, Kevin Ross, @kafeine, @urlquery, all.

[+++] Added rules: [+++]

Open:
2016507 – ET TROJAN W32/Caphaw Requesting Additional Modules From CnC (trojan.rules)
2017483 – ET CURRENT_EVENTS Unknown EK Using Office/.Net ROP/ASLR Bypass (current_events.rules)
2017484 – ET CURRENT_EVENTS Unknown EK Using Office/.Net ROP/ASLR Bypass (current_events.rules)
2017485 – ET CURRENT_EVENTS Unknown EK Using Office/.Net ROP/ASLR Bypass (current_events.rules)
2017486 – ET CURRENT_EVENTS Unknown EK Using Office/.Net ROP/ASLR Bypass (current_events.rules)
2017487 – ET CURRENT_EVENTS Unknown EK Using Office/.Net ROP/ASLR Bypass (current_events.rules)
2017488 – ET CURRENT_EVENTS Unknown EK Using Office/.Net ROP/ASLR Bypass (current_events.rules)
2017489 – ET TROJAN W32/Zzinfor.A Retrieving Instructions From CnC Server (trojan.rules)
2017490 – ET TROJAN W32/Downloader.Mevade.FBV CnC Beacon (trojan.rules)
2017491 – ET CURRENT_EVENTS Neutrino EK Landing URI Format Sep 19 2013 (current_events.rules)
2017492 – ET CURRENT_EVENTS Possible Neutrino EK Java Exploit Download Sep 19 2013 (current_events.rules)
2017493 – ET CURRENT_EVENTS Possible Neutrino EK Java Payload Download Sep 19 2013 (current_events.rules)
2017494 – ET CURRENT_EVENTS Possible JavaFX Click To Run Bypass 1 (current_events.rules)
2017495 – ET CURRENT_EVENTS Possible JavaFX Click To Run Bypass 2 (current_events.rules)
2017496 – ET CURRENT_EVENTS Possible JavaFX Click To Run Bypass 3 (current_events.rules)
2017497 – ET CURRENT_EVENTS Rawin EK – Java Exploit – bona.jar (current_events.rules)

Pro:
2807048 – ETPRO TROJAN Trojan-GameThief.Win32.WOW Checkin (trojan.rules)
2807049 – ETPRO MALWARE AdWare.Win32.BetterInternet.a Checkin (malware.rules)
2807050 – ETPRO MALWARE Win32/Adware.Lollipop Checkin 2 (malware.rules)

[///] Modified active rules: [///]

2014601 – ET TROJAN Win32/Nitol.B Checkin (trojan.rules)
2016348 – ET CURRENT_EVENTS WhiteHole Exploit Landing Page (current_events.rules)
2016349 – ET CURRENT_EVENTS WhiteHole Exploit Kit Jar Request (current_events.rules)
2017140 – ET CURRENT_EVENTS Possible Blackhole EK Jar Download URI Struct (current_events.rules)
2017474 – ET CURRENT_EVENTS CoolEK Variant Landing Page – Applet Sep 16 2013 (current_events.rules)
2017477 – ET WEB_CLIENT CVE-2013-3893 Possible IE Memory Corruption Vulnerability with HXDS ASLR Bypass (web_client.rules)

[---] Removed rules: [---]

2017414 – ET TROJAN Unknown Malware CnC response with exe file (trojan.rules)