[***] Summary: [***]

13 new Open signatures, 22 new Pro (13+9). Antifulai.APT, PCRat/Gh0st, CosmicDuke/MiniDuke.

Thanks: Kevin Ross, Jaime Blasco, pckthck.

[+++] Added rules: [+++]

Open:

2018630 - ET MOBILE_MALWARE Android/Comll.Banker RAT CnC Beacon (mobile_malware.rules)
2018631 - ET TROJAN W32/Antifulai.APT CnC Beacon 1 (trojan.rules)
2018632 - ET TROJAN W32/Antifulai.APT CnC Beacon 2 (trojan.rules)
2018633 - ET TROJAN W32/Antifulai.APT CnC Beacon 3 (trojan.rules)
2018634 - ET TROJAN W32/Antifulai.APT CnC Beacon 4 (trojan.rules)
2018635 - ET TROJAN Common Upatre Header Structure 2 (trojan.rules)
2018636 - ET TROJAN Backdoor family PCRat/Gh0st CnC traffic (OUTBOUND) 36 (trojan.rules)
2018637 - ET TROJAN Backdoor family PCRat/Gh0st CnC traffic (OUTBOUND) 37 (trojan.rules)
2018638 - ET TROJAN Backdoor family PCRat/Gh0st CnC traffic (OUTBOUND) 38 (trojan.rules)
2018639 - ET TROJAN Backdoor family PCRat/Gh0st CnC traffic (OUTBOUND) 39 (trojan.rules)
2018640 - ET TROJAN Unknown Trojan with Fake Java User-Agent (trojan.rules)
2018641 - ET TROJAN BANKER.WIN32.BANBRA.BEEC Checkin (trojan.rules)
2018642 - ET TROJAN DNS Reply Sinkhole Microsoft NO-IP Domain (trojan.rules)

Pro:

2808271 - ETPRO TROJAN Trojan.Win32.Sharik.syz Checkin (trojan.rules)
2808272 - ETPRO TROJAN MiniDuke variant FTP upload (trojan.rules)
2808273 - ETPRO TROJAN MiniDuke variant C&C activity (trojan.rules)
2808274 - ETPRO TROJAN Win32/Delf.W Checkin (trojan.rules)
2808275 - ETPRO MALWARE Win32/BundleInstaller.D Checkin (malware.rules)
2808276 - ETPRO MALWARE Win32/DownWare.G Checkin (malware.rules)
2808277 - ETPRO TROJAN Possible Win32/Wkysol.B SSL certificate (trojan.rules)
2808278 - ETPRO EXPLOIT HP autopass license traversal (exploit.rules)
2808279 - ETPRO EXPLOIT Cogent DataHub Command Injection (exploit.rules)

[///] Modified active rules: [///]

2018505 - ET CURRENT_EVENTS food.com compromise hostile JavaScript gate (current_events.rules)
2806956 - ETPRO TROJAN Generic.Mitglied.E3CF7B34 Checkin (trojan.rules)
2808208 - ETPRO CURRENT_EVENTS Safe/Critx/FlashPack URI Struct June 18, 2014 2 (current_events.rules)

[---] Removed rules: [---]

2808062 - ETPRO TROJAN Win32/Cueisfry.A Checkin (trojan.rules)
Date: 
Wednesday, July 2, 2014 - 22:00