[***] Summary: [***] 8 new Open rules, 16 new Pro (8/8). PCRat/Gh0st, AnglerEK, njRAT, ghstnet, Updatre SSL certs. Thanks to @kafeine, @EKWatcher, and @rmkml for all their help. [+++] Added rules: [+++] Open: 2017974 - ET TROJAN Backdoor family PCRat/Gh0st CnC traffic (OUTBOUND) 15 (trojan.rules)
2017975 - ET CURRENT_EVENTS Possible AnglerEK Landing URI Struct (current_events.rules)
2017976 - ET CURRENT_EVENTS Possible AnglerEK Java Exploit/Payload Structure Jan 16 2014 (current_events.rules)
2017977 - ET CURRENT_EVENTS Possible Updatre SSL Certificate cardiffpower (current_events.rules)
2017978 - ET CURRENT_EVENTS Possible Updatre Compromised SSL Certificate marchsf (current_events.rules)
2017979 - ET CURRENT_EVENTS Possible Updatre Compromised SSL Certificate california89 (current_events.rules)
2017980 - ET INFO InformationCardSigninHelper ClassID (Vulnerable ActiveX Control in CVE-2013-3918) (info.rules)
2017981 - ET CURRENT_EVENTS Possible Updatre Compromised SSL Certificate thebostonshaker (current_events.rules) Pro: 2807478 - ETPRO TROJAN Bladabindi/njRAT CnC Command (ll) (trojan.rules)
2807479 - ETPRO TROJAN Neglemir.A Checkin (trojan.rules)
2807480 - ETPRO TROJAN ghstnet Bot User Joining IRC (trojan.rules)
2807481 - ETPRO TROJAN Win32.Viking.j Checkin (trojan.rules)
2807482 - ETPRO TROJAN Win32/Startpage.JT Checkin (trojan.rules)
2807483 - ETPRO TROJAN Win32/Hostil.B Checkin (trojan.rules)
2807484 - ETPRO TROJAN SHeur4.BHUE Checkin (trojan.rules)
2807485 - ETPRO TROJAN Win32/Bervod.A 2 (trojan.rules)
[///] Modified active rules: [///] 2017729 - ET CURRENT_EVENTS Angler Landing Nov 18 2013 (current_events.rules)
2017732 - ET CURRENT_EVENTS Possible Styx/Angler SilverLight Exploit (current_events.rules)
2017972 - ET TROJAN ICEFOG JAVAFOG JAR checkin (trojan.rules)
2802828 - ETPRO TROJAN Win32.Fibbit.ax Checkin 1 (trojan.rules)
2804175 - ETPRO INFO DYNAMIC_DNS Query to a *.ddns.me.uk Domain (info.rules)
2806502 - ETPRO TROJAN Win32.Jorik.Agent.ppv GET (trojan.rules)
2807472 - ETPRO TROJAN Win32/Bervod.A (trojan.rules)
[---] Disabled and modified rules: [---] 2801190 - ETPRO EXPLOIT Apple CUPS IPP Use-after-free Memory Corruption byte 0x3E (exploit.rules)
2801195 - ETPRO EXPLOIT Apple CUPS IPP Use-after-free Memory Corruption byte 0x36 (exploit.rules)
Date: 
Wednesday, January 15, 2014 - 22:00