[***] Summary: [***]

11 new Open rules. 24 Pro rules (11/13). Turla/SPL2, Lurk, KINS ssl, etc. Tks Jake Warren, @rmkml, @Regiteric, @abuse_ch.

[+++] Added rules: [+++]

Open:

2018917 - ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL certificate detected (KINS C2) (trojan.rules)
2018918 - ET POLICY possible Xiaomi phone data leakage DNS (policy.rules)
2018919 - ET POLICY possible Xiaomi phone data leakage HTTP (policy.rules)
2018920 - ET CURRENT_EVENTS DRIVEBY Malicious Plugin Detect URI struct (current_events.rules)
2018921 - ET TROJAN Trojan-Spy.Win32.HavexSysinfo Response (trojan.rules)
2018922 - ET CURRENT_EVENTS Turla/SPL EK Java Applet (current_events.rules)
2018923 - ET CURRENT_EVENTS Turla/SPL EK Java Exploit (current_events.rules)
2018924 - ET CURRENT_EVENTS Turla/SPL EK Java Exploit (current_events.rules)
2018925 - ET CURRENT_EVENTS Turla/SPL EK Java Exploit Requested - /spl/ (current_events.rules)
2018926 - ET TROJAN Lurk Downloader Check-in (trojan.rules)
2018927 - ET TROJAN Lurk Click fraud Template Request (trojan.rules)

Pro:

2808526 - ETPRO TROJAN Win32.Comune.A checkin (trojan.rules)
2808527 - ETPRO USER_AGENTS Suspicious User Agent Get HTML Source Code Program (user_agents.rules)
2808528 - ETPRO MOBILE_MALWARE Android FakeInst-OG Checkin (mobile_malware.rules)
2808529 - ETPRO MOBILE_MALWARE Backdoor.AndroidOS.Carej.b Checkin (mobile_malware.rules)
2808530 - ETPRO MOBILE_MALWARE Backdoor.AndroidOS.Univert.a Checkin (mobile_malware.rules)
2808531 - ETPRO TROJAN Trojan-Downloader.Autoit.gen Checkin 2 (trojan.rules)
2808532 - ETPRO TROJAN Win32/Steroope.B checkin (trojan.rules)
2808533 - ETPRO TROJAN TROJAN.WIN32.SYSMAIN.C Checkin (trojan.rules)
2808534 - ETPRO MOBILE_MALWARE Android.Trojan.SMSSend.Y (mobile_malware.rules)
2808535 - ETPRO TROJAN Win32.Symmi.dagurw Checkin (trojan.rules)
2808536 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Recal.a Checkin (mobile_malware.rules)
2808537 - ETPRO TROJAN Win32/PSW.Papras.CK file upload (trojan.rules)
2808538 - ETPRO MOBILE_MALWARE Android/Koler.C Checkin (mobile_malware.rules)

[///] Modified active rules: [///]

Open:

2006435 - ET SCAN LibSSH Based SSH Connection - Often used as a BruteForce Tool (scan.rules)
2018689 - ET SCAN LibSSH2 Based SSH Connection - Often used as a BruteForce Tool (scan.rules)
2018703 - ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL certificate detected (KINS C2) (trojan.rules)

Pro:

2804487 - ETPRO ACTIVEX IBM Rational Rhapsody Blueberry Flashback SDK FBRecorder ActiveX Control Multiple Remote Code Execution (activex.rules)
2808518 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.MisoSMS.a Response (mobile_malware.rules)

[---] Removed rules: [---]

Open:

2017795 - ET CURRENT_EVENTS HiMan EK - Payload Downloaded - EXE in ZIP Downloaded by Java (current_events.rules)

Pro:

2808132 - ETPRO CURRENT_EVENTS DRIVEBY Malicious Plugin Detect URI struct (current_events.rules)
Date: 
Sunday, August 10, 2014 - 22:00