[***] Summary: [***]
12 new Open rules. 26 new Pro rules (12/14). GoonEK,HeHe.Spy,Browlock,Updatre,etc. Thanks to @EKwatcher, Kevin Ross, Eoin Miller, all.
There is a new signature set for BOTCC "rulesemerging-botcc.portgrouped.rules" that includes ports along with IP's. This will reduce FP's at the cost of performance. As a reminder we will no longer be updating snort 2.4.x rules as of Feb 10 2014. [+++] Added rules: [+++]
Open:
2017995 - ET CURRENT_EVENTS GoonEK Landing Jan 21 2013 SilverLight 1 (current_events.rules)
2017996 - ET CURRENT_EVENTS GoonEK Landing Jan 21 2013 SilverLight 2 (current_events.rules)
2017997 - ET CURRENT_EVENTS GoonEK Landing Jan 21 2013 SilverLight 3 (current_events.rules)
2017998 - ET CURRENT_EVENTS Possible IE/SilverLight GoonEK Payload Download (current_events.rules)
2017999 - ET MOBILE_MALWARE Android/HeHe.Spy getLastVersion CnC Beacon (mobile_malware.rules)
2018000 - ET MOBILE_MALWARE Android/HeHe.Spy RegisterRequest CnC Beacon (mobile_malware.rules)
2018001 - ET MOBILE_MALWARE Android/HeHe.Spy LoginRequest CnC Beacon (mobile_malware.rules)
2018002 - ET MOBILE_MALWARE Android/HeHe.Spy ReportRequest CnC Beacon (mobile_malware.rules)
2018003 - ET MOBILE_MALWARE Android/HeHe.Spy GetTaskRequest CnC Beacon (mobile_malware.rules)
2018004 - ET MOBILE_MALWARE Android/HeHe.Spy ReportMessageRequest CnC Beacon (mobile_malware.rules)
2018005 - ET TROJAN Possible Upatre Downloader SSL certificate (fake org) (trojan.rules)
2018006 - ET CURRENT_EVENTS Possible Browlock Hostname Format US (current_events.rules)
Pro: 2807505 - ETPRO TROJAN Trojan.Win32.Vehidis Checkin (trojan.rules)
2807506 - ETPRO TROJAN Win32.Foreign.jowy 1 (trojan.rules)
2807507 - ETPRO TROJAN Win32.Foreign.jowy 2 (trojan.rules)
2807508 - ETPRO TROJAN Win32/Kryptik.BSYO Checkin 2 (trojan.rules)
2807510 - ETPRO TROJAN MSIL/Injector.BTM Checkin (trojan.rules)
2807511 - ETPRO WEB_CLIENT PDF use after free (CVE-2014-0496) 1 (web_client.rules)
2807512 - ETPRO WEB_CLIENT PDF use after free (CVE-2014-0496) 2 (web_client.rules)
2807513 - ETPRO TROJAN Chifrax.akz Checkin (trojan.rules)
2807514 - ETPRO TROJAN win32.Kaliox.A (trojan.rules)
2807515 - ETPRO TROJAN Minirem (trojan.rules)
2807516 - ETPRO TROJAN Ponmocup (newinstall.ru) (trojan.rules)
2807517 - ETPRO MALWARE Win.Adware.Agent-1150 (malware.rules)
2807518 - ETPRO MALWARE AdWare/Sushi.aj (malware.rules)
2807519 - ETPRO MALWARE AdWare/Sushi.aj Suspicious User-Agent (ps 114) (malware.rules)
[///] Modified active rules: [///] 2807460 - ETPRO TROJAN DDoS.Win32/Nitol.gen!A Checkin (trojan.rules) [---] Disabled and modified rules: [---] 2803105 - ETPRO DNS ISC BIND RRSIG RRsets Denial of Service UDP 1 (dns.rules)
2803106 - ETPRO DNS ISC BIND RRSIG RRsets Denial of Service TCP 1 (dns.rules) [---] Disabled rules: [---] 2807193 - ETPRO TROJAN Trojan-Ransom.Win32.Foreign. jcov Checkin (trojan.rules)
[---] Removed rules: [---] 2011863 - ET TROJAN Feodo Banking Trojan Receiving Configuration File (trojan.rules)
Date: 
Tuesday, January 21, 2014 - 22:00