[***] Summary: [***]
5 new Open rules. 16 new Pro rules. (5/11). Sweet Orange, CVE-2013-3893, Gh0st Rat, etc.
[+++] Added rules: [+++]
Open:
2017476 – ET CURRENT_EVENTS DRIVEBY SweetOrange – Jave Exploit Downloaded (current_events.rules)
2017477 – ET WEB_CLIENT CVE-2013-3893 Possible IE Memory Corruption Vulnerability with HXDS ASLR Bypass (web_client.rules)
2017478 – ET WEB_CLIENT CVE-2013-3893 IE Memory Corruption Vulnerability (web_client.rules)
2017479 – ET WEB_CLIENT CVE-2013-3893 IE Memory Corruption Vulnerability (web_client.rules)
2017480 – ET WEB_CLIENT CVE-2013-3893 IE Memory Corruption Vulnerability (web_client.rules)
Pro:
2807030 – ETPRO TROJAN TrojanDropper.Agent.axkq Response 1 (trojan.rules)
2807031 – ETPRO TROJAN TrojanDropper.Agent.axkq Response 2 (trojan.rules)
2807032 – ETPRO TROJAN Win32.Mudrop.rsj (trojan.rules)
2807033 – ETPRO TROJAN Win32.BKDR_DELF.QBZ (trojan.rules)
2807034 – ETPRO TROJAN Begseabug variant Checkin (trojan.rules)
2807035 – ETPRO TROJAN Trojan.Win32.Delf Variant Checkin (trojan.rules)
2807036 – ETPRO TROJAN Win32.Clicker.AFKJ (trojan.rules)
2807037 – ETPRO TROJAN Trojan.Win32.Swisyn.auua Checkin (trojan.rules)
2807038 – ETPRO TROJAN Win32/Genome.I Checkin (trojan.rules)
2807039 – ETPRO TROJAN Win32/Agent.UPL Checkin (trojan.rules)
2807040 – ETPRO MOBILE_MALWARE Andr/DroidRt-A Checkin (mobile_malware.rules)
[///] Modified active rules: [///]
Open:
2016922 – ET TROJAN Backdoor family PCRat/Gh0st CnC traffic (trojan.rules)
2017469 – ET CURRENT_EVENTS Possible SNET EK VBS Download (current_events.rules)
Pro:
2804577 – ETPRO CURRENT_EVENTS TrojanDownloader.Win32/Waledac.C Checkin (current_events.rules)
2805004 – ETPRO TROJAN Trojan-Ransom.Win32.Rannoh.b Checkin (trojan.rules)
2805304 – ETPRO TROJAN TrojanDropper.Agent.axkq Checkin (trojan.rules)
[---] Removed rules: [---]
2016962 – ET TROJAN Backdoor family PCRat/Gh0st CnC traffic (OUTBOUND) 2 (trojan.rules)