[***] Summary: [***] 15 new Open rules, 28 new Pro rules (15/13). KAPTOXA, PCRat, Morix, D-Link DIR-100 exploit. Thanks to: rmkml, @EKWatcher and mex for their contributions. [+++] Added rules: [+++] Open: 2018054 - ET TROJAN Backdoor family PCRat/Gh0st CnC traffic (OUTBOUND) 20 (trojan.rules)
2018055 - ET TROJAN Uprate Binary Download Jan 02 2014 (trojan.rules)
2018056 - ET WEB_SERVER Possible XXE SYSTEM ENTITY in POST BODY. (web_server.rules)
2018057 - ET TROJAN Backdoor family PCRat/Gh0st CnC traffic (OUTBOUND) 21 (trojan.rules)
2018058 - ET TROJAN Possible KAPTOXA SMB Naming Format (trojan.rules)
2018059 - ET TROJAN Possible KAPTOXA Encoded Data Transfered Over SMB 1 (trojan.rules)
2018060 - ET TROJAN Possible KAPTOXA Encoded Data Transfered Over SMB 2 (trojan.rules)
2018061 - ET TROJAN Possible KAPTOXA Encoded Data Transfered Over SMB 3 (trojan.rules)
2018062 - ET TROJAN Possible KAPTOXA Encoded Data Transfered Over SMB 4 (trojan.rules)
2018063 - ET TROJAN Possible KAPTOXA Encoded Data Transfered Over SMB 5 (trojan.rules)
2018064 - ET TROJAN Possible KAPTOXA Encoded Data Transfered Over SMB 6 (trojan.rules)
2018065 - ET TROJAN Possible KAPTOXA Encoded Data Transfered Over SMB 7 (trojan.rules)
2018066 - ET TROJAN Possible KAPTOXA Encoded Data Transfered Over SMB 8 (trojan.rules)
2018067 - ET TROJAN Possible KAPTOXA Encoded Data Transfered Over SMB 9 (trojan.rules)
2018068 - ET TROJAN Possible KAPTOXA Encoded Data Transfered Over SMB 10 (trojan.rules) Pro: 2807587 - ETPRO TROJAN Win32/Redosdru.C CnC (OUTBOUND) (trojan.rules)
2807588 - ETPRO TROJAN Trojan.Win32.Staser.unn CnC (OUTBOUND) (trojan.rules)
2807589 - ETPRO TROJAN Win32/ServStart.gen!A Checkin (trojan.rules)
2807590 - ETPRO TROJAN Backdoor.Win32/Morix.B CnC traffic (trojan.rules)
2807591 - ETPRO TROJAN Win32/Beaugrit.gen!AAA Checkin (trojan.rules)
2807592 - ETPRO MALWARE Trojan.Script.BAT.Agent.db!159552 (malware.rules)
2807593 - ETPRO MALWARE Adware.Downware.918 Checkin (malware.rules)
2807594 - ETPRO EXPLOIT D-Link DIR-100 admin password disclosure attempt (exploit.rules)
2807595 - ETPRO EXPLOIT D-Link DIR-100 admin password disclosure success (exploit.rules)
2807596 - ETPRO EXPLOIT D-Link DIR-100 information disclosure attempt (exploit.rules)
2807597 - ETPRO TROJAN Win32/ServStart.gen!A Checkin 2 (trojan.rules)
2807598 - ETPRO TROJAN Trojan-Dropper.Win32.Injector.ijtz Checkin (trojan.rules)
2807599 - ETPRO TROJAN Unknown Trojan Checkin (trojan.rules)
[///] Modified active rules: [///] 2002677 - ET SCAN Nikto Web App Scan in Progress (scan.rules)
2016688 - ET FTP Outbound Java Downloading jar over FTP (ftp.rules)
2017548 - ET TROJAN Backdoor family PCRat/Gh0st CnC traffic (OUTBOUND) 3 (trojan.rules)
2017974 - ET TROJAN Backdoor family PCRat/Gh0st CnC traffic (OUTBOUND) 15 (trojan.rules) [---] Removed rules: [---] 2804966 - ETPRO TROJAN Backdoor Win32/Morix.B CnC Traffic (trojan.rules)
2807454 - ETPRO TROJAN Rincux Checkin (trojan.rules)
Date: 
Sunday, February 2, 2014 - 22:00