[***] Summary: [***] 3 new Open rules and 6 new Pro (3/3). Neutrino, ICEFROG, Nuclear EK, Sefnit. Thanks to: @kafeine, @malforsec, @EKWatcher [+++] Added rules: [+++] Open: 2017971 - ET CURRENT_EVENTS Possible Neutrino IE/Silverlight Payload Download (current_events.rules)
2017972 - ET TROJAN ICEFROG JAR checkin (trojan.rules)
2017973 - ET CURRENT_EVENTS Nuclear EK CVE-2013-3918 (current_events.rules) Pro: 2807475 - ETPRO TROJAN Win32.Sefnit (trojan.rules)
2807476 - ETPRO TROJAN Win32/TrojanDownloader.Onkods.V Download (trojan.rules)
2807477 - ETPRO TROJAN Trojan-Downloader.Win32.Agent.bofr Checkin (trojan.rules)
[+++] Enabled and modified rules: [+++] 2017962 - ET TROJAN PE EXE or DLL Windows file download disguised as ASCII (trojan.rules)
[///] Modified active rules: [///] 2013795 - ET TROJAN Bifrose/Cycbot Checkin (trojan.rules)
2014163 - ET TROJAN Bifrose/Cycbot Checkin 2 (trojan.rules)
2801190 - ETPRO EXPLOIT Apple CUPS IPP Use-after-free Memory Corruption byte 0x3E (exploit.rules)
2801195 - ETPRO EXPLOIT Apple CUPS IPP Use-after-free Memory Corruption byte 0x36 (exploit.rules)
2806112 - ETPRO WEB_CLIENT CVE-2013-0092 GetMarkUpPtr Use After free 1 (web_client.rules)
[---] Disabled and modified rules: [---] 2801183 - ETPRO EXPLOIT Apple CUPS IPP Use-after-free Memory Corruption byte 0x37 (exploit.rules)
2801184 - ETPRO EXPLOIT Apple CUPS IPP Use-after-free Memory Corruption byte 0x38 (exploit.rules)
2801185 - ETPRO EXPLOIT Apple CUPS IPP Use-after-free Memory Corruption byte 0x39 (exploit.rules)
2801186 - ETPRO EXPLOIT Apple CUPS IPP Use-after-free Memory Corruption byte 0x3A (exploit.rules)
2801187 - ETPRO EXPLOIT Apple CUPS IPP Use-after-free Memory Corruption byte 0x3B (exploit.rules)
2801188 - ETPRO EXPLOIT Apple CUPS IPP Use-after-free Memory Corruption byte 0x3C (exploit.rules)
2801189 - ETPRO EXPLOIT Apple CUPS IPP Use-after-free Memory Corruption byte 0x3D (exploit.rules)
2801191 - ETPRO EXPLOIT Apple CUPS IPP Use-after-free Memory Corruption byte 0x3F (exploit.rules)
2801192 - ETPRO EXPLOIT Apple CUPS IPP Use-after-free Memory Corruption byte 0x40 (exploit.rules)
2801193 - ETPRO EXPLOIT Apple CUPS IPP Use-after-free Memory Corruption byte 0x43 (exploit.rules)
2801194 - ETPRO EXPLOIT Apple CUPS IPP Use-after-free Memory Corruption byte 0x35 (exploit.rules)
2801196 - ETPRO EXPLOIT Apple CUPS IPP Use-after-free Memory Corruption byte 0x41 (exploit.rules)
2801197 - ETPRO EXPLOIT Apple CUPS IPP Use-after-free Memory Corruption byte 0x42 (exploit.rules)
2801198 - ETPRO EXPLOIT Apple CUPS IPP Use-after-free Memory Corruption byte 0x44 (exploit.rules)
2801199 - ETPRO EXPLOIT Apple CUPS IPP Use-after-free Memory Corruption byte 0x45 (exploit.rules)
2801200 - ETPRO EXPLOIT Apple CUPS IPP Use-after-free Memory Corruption byte 0x46 (exploit.rules)
2801201 - ETPRO EXPLOIT Apple CUPS IPP Use-after-free Memory Corruption byte 0x47 (exploit.rules)
2801202 - ETPRO EXPLOIT Apple CUPS IPP Use-after-free Memory Corruption byte 0x48 (exploit.rules)
2801203 - ETPRO EXPLOIT Apple CUPS IPP Use-after-free Memory Corruption byte 0x49 (exploit.rules)
[---] Removed rules: [---] 2017961 - ET TROJAN PE EXE or DLL Windows file download disguised as ASCII - SET (trojan.rules)
2804318 - ETPRO TROJAN Trojan.Win32.Jorik.Gbot.roa Checkin (trojan.rules)
Date: 
Tuesday, January 14, 2014 - 22:00