[***] Summary: [***]

29 new Open signatures, 42 new Pro (29+13). Archie EK, NTP DDOS, FlashPack EK, Abuse.ch SSL Blacklist.

Thanks: Jake Warren, ABUSE.CH and @kafeine

[+++] Added rules: [+++]

Open:

2018994 - ET TROJAN Win32/Xema dropping file (trojan.rules)
2018995 - ET CURRENT_EVENTS Archie EK CVE-2014-0515 Aug 24 2014 (current_events.rules)
2018996 - ET CURRENT_EVENTS Archie EK CVE-2014-0497 Aug 24 2014 (current_events.rules)
2018997 - ET CURRENT_EVENTS Archie EK Secondary Landing Aug 24 2014 (current_events.rules)
2018998 - ET CURRENT_EVENTS Archie EK Landing Aug 24 2014 (current_events.rules)
2018999 - ET TROJAN Win32/Spy.Tuscas (trojan.rules)
2019000 - ET TROJAN Windows ipconfig Microsoft Windows DOS prompt command exit OUTBOUND (trojan.rules)
2019001 - ET TROJAN Windows net start Microsoft Windows DOS prompt command exit OUTBOUND (trojan.rules)
2019002 - ET TROJAN Windows systeminfo Microsoft Windows DOS prompt command exit OUTBOUND (trojan.rules)
2019003 - ET TROJAN Windows netstat Microsoft Windows DOS prompt command exit OUTBOUND (trojan.rules)
2019004 - ET CURRENT_EVENTS FlashPack EK Exploit Flash Post Aug 25 2014 (current_events.rules)
2019005 - ET CURRENT_EVENTS FlashPack EK Redirect Aug 25 2014 (current_events.rules)
2019006 - ET CURRENT_EVENTS FlashPack EK Exploit Landing Aug 25 2014 (current_events.rules)
2019007 - ET CURRENT_EVENTS FlashPack EK JS Include Aug 25 2014 (current_events.rules)
2019008 - ET CURRENT_EVENTS Safe/CritX/FlashPack Java Payload (current_events.rules)
2019009 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (KINS C2) (trojan.rules)
2019010 - ET DOS Likely NTP DDoS In Progress PEER_LIST Response to Non-Ephemeral Port IMPL 0x02 (dos.rules)
2019011 - ET DOS Likely NTP DDoS In Progress PEER_LIST Response to Non-Ephemeral Port IMPL 0x03 (dos.rules)
2019012 - ET DOS Likely NTP DDoS In Progress PEER_LIST_SUM Response to Non-Ephemeral Port IMPL 0x02 (dos.rules)
2019013 - ET DOS Likely NTP DDoS In Progress PEER_LIST_SUM Response to Non-Ephemeral Port IMPL 0x03 (dos.rules)
2019014 - ET DOS Likely NTP DDoS In Progress GET_RESTRICT Response to Non-Ephemeral Port IMPL 0x03 (dos.rules)
2019015 - ET DOS Likely NTP DDoS In Progress GET_RESTRICT Response to Non-Ephemeral Port IMPL 0x02 (dos.rules)
2019016 - ET DOS Possible NTP DDoS Inbound Frequent Un-Authed PEER_LIST Requests IMPL 0x03 (dos.rules)
2019017 - ET DOS Possible NTP DDoS Inbound Frequent Un-Authed PEER_LIST Requests IMPL 0x02 (dos.rules)
2019018 - ET DOS Possible NTP DDoS Inbound Frequent Un-Authed PEER_LIST_SUM Requests IMPL 0x03 (dos.rules)
2019019 - ET DOS Possible NTP DDoS Inbound Frequent Un-Authed PEER_LIST_SUM Requests IMPL 0x02 (dos.rules)
2019020 - ET DOS Possible NTP DDoS Inbound Frequent Un-Authed GET_RESTRICT Requests IMPL 0x03 (dos.rules)
2019021 - ET DOS Possible NTP DDoS Inbound Frequent Un-Authed GET_RESTRICT Requests IMPL 0x02 (dos.rules)
2019022 - ET DOS Likely NTP DDoS In Progress Multiple UNSETTRAP Mode 6 Responses (dos.rules)

Pro:

2808626 - ETPRO TROJAN Win32.Dapato.Ang Checkin (trojan.rules)
2808627 - ETPRO MALWARE PUP/MultiToolbar.A Checkin (malware.rules)
2808628 - ETPRO TROJAN Win32/Asper.O Checkin (trojan.rules)
2808629 - ETPRO MALWARE PUP Win32/bmMedia.D Checkin (malware.rules)
2808630 - ETPRO MALWARE Adware Win32/IEMao.A Checkin (malware.rules)
2808631 - ETPRO TROJAN Variant.Kazy.365193(B) Checkin (trojan.rules)
2808632 - ETPRO TROJAN Win32.Sinresby C2 (trojan.rules)
2808633 - ETPRO MALWARE Win32.Conducent Checkin (malware.rules)
2808634 - ETPRO TROJAN MSIL/Injector.P Checkin (trojan.rules)
2808635 - ETPRO MALWARE Riskware.Chindo Checkin (malware.rules)
2808636 - ETPRO MOBILE_MALWARE Android.Trojan.SmsSpy.DO Checkin (mobile_malware.rules)
2808637 - ETPRO MOBILE_MALWARE Adware.Android.AppLovin.A Checkin (mobile_malware.rules)
2808638 - ETPRO MALWARE Win32/InstallBrain.BH Retrieving info (malware.rules)

[///] Modified active rules: [///]

2017813 - ET CURRENT_EVENTS Safe/CritX/FlashPack Payload (current_events.rules)
2018983 - ET CURRENT_EVENTS Probable OneLouder downloader (Zeus P2P) (current_events.rules)
2807086 - ETPRO MOBILE_MALWARE Backdoor.AndroidOS.Obad.a Checkin 2 (mobile_malware.rules)

[---] Removed rules: [---]

2807750 - ETPRO TROJAN Trojan-Dropper.Win32.Dinwod.rbd Checkin (trojan.rules)

Date:
Summary title:
29 new Open signatures, 42 new Pro (29+13). Archie EK, NTP DDOS, FlashPack EK, Abuse.ch SSL Blacklist.