[***] Summary: [***]

54 new Open signatures, 77 new Pro (54+23). Lots of Upatre SSL, NullHole EK, Various Android.

Thanks: Nathan Fowler and @kafeine

[+++] Added rules: [+++]

2019025 - ET CURRENT_EVENTS Possible Upatre SSL Cert freeb4u.com (current_events.rules)
2019026 - ET CURRENT_EVENTS Possible Upatre SSL Cert developmentinn.com (current_events.rules)
2019027 - ET CURRENT_EVENTS Possible Upatre SSL Cert directory92.com (current_events.rules)
2019028 - ET CURRENT_EVENTS Possible Upatre SSL Cert epr-co.ch (current_events.rules)
2019029 - ET CURRENT_EVENTS Possible Upatre SSL Cert pouyasazan.org (current_events.rules)
2019030 - ET CURRENT_EVENTS Possible Upatre SSL Cert ara-photos.net (current_events.rules)
2019031 - ET CURRENT_EVENTS Possible Upatre SSL Cert tecktalk.com (current_events.rules)
2019032 - ET CURRENT_EVENTS Possible Upatre SSL Cert cyclivate.com (current_events.rules)
2019033 - ET CURRENT_EVENTS Possible Upatre SSL Cert mentoringgroup.com (current_events.rules)
2019034 - ET CURRENT_EVENTS Possible Upatre SSL Cert dineshuthayakumar.in (current_events.rules)
2019035 - ET CURRENT_EVENTS Possible Upatre SSL Cert ssshosting.net (current_events.rules)
2019036 - ET CURRENT_EVENTS Possible Upatre SSL Cert erotikturk.com (current_events.rules)
2019037 - ET CURRENT_EVENTS Possible Upatre SSL Cert mtnoutfitters.com (current_events.rules)
2019038 - ET CURRENT_EVENTS Possible Upatre SSL Cert jojik-international.com (current_events.rules)
2019039 - ET CURRENT_EVENTS Possible Upatre SSL Cert abarsolutions.com (current_events.rules)
2019040 - ET CURRENT_EVENTS Possible Upatre SSL Cert eastwoodvalley.com (current_events.rules)
2019041 - ET CURRENT_EVENTS Possible Upatre SSL Cert ara-photos.net (current_events.rules)
2019042 - ET CURRENT_EVENTS Possible Upatre SSL Cert pejlain.se (current_events.rules)
2019043 - ET CURRENT_EVENTS Possible Upatre SSL Cert dominionthe.com (current_events.rules)
2019044 - ET CURRENT_EVENTS Possible Upatre SSL Cert delanecanada.ca (current_events.rules)
2019045 - ET CURRENT_EVENTS Possible Upatre SSL Cert hebergement-solutions.com (current_events.rules)
2019046 - ET CURRENT_EVENTS Possible Upatre SSL Cert sportofteniq.com (current_events.rules)
2019047 - ET CURRENT_EVENTS Possible Upatre SSL Cert adoraacc.com (current_events.rules)
2019048 - ET CURRENT_EVENTS Possible Upatre SSL Cert tristacey.com (current_events.rules)
2019049 - ET CURRENT_EVENTS Possible Upatre SSL Cert nbc-mail.com (current_events.rules)
2019050 - ET CURRENT_EVENTS Possible Upatre SSL Cert tridayacipta.com (current_events.rules)
2019051 - ET CURRENT_EVENTS Possible Upatre SSL Cert trainthetrainerinternational.com (current_events.rules)
2019052 - ET CURRENT_EVENTS Possible Upatre SSL Cert lingayasuniversity.edu.in (current_events.rules)
2019053 - ET CURRENT_EVENTS Possible Upatre SSL Cert uleideargan.com (current_events.rules)
2019054 - ET CURRENT_EVENTS Possible Upatre SSL Cert picklingtank.com (current_events.rules)
2019055 - ET CURRENT_EVENTS Possible Upatre SSL Cert vcomdesign.com (current_events.rules)
2019056 - ET CURRENT_EVENTS Possible Upatre SSL Cert technosysuk.com (current_events.rules)
2019057 - ET CURRENT_EVENTS Possible Upatre SSL Cert slmp-550-105.slc.westdc.net (current_events.rules)
2019058 - ET CURRENT_EVENTS Possible Upatre SSL Cert itiltrainingcertworkshop.com (current_events.rules)
2019059 - ET CURRENT_EVENTS Possible Upatre SSL Cert udderperfection.com (current_events.rules)
2019060 - ET CURRENT_EVENTS Possible Upatre SSL Cert efind.co.il (current_events.rules)
2019061 - ET CURRENT_EVENTS Possible Upatre SSL Cert bloodsoft.com (current_events.rules)
2019062 - ET CURRENT_EVENTS Possible Upatre SSL Cert walletmix.com (current_events.rules)
2019063 - ET CURRENT_EVENTS Possible Upatre SSL Cert turnaliinsaat.com (current_events.rules)
2019064 - ET CURRENT_EVENTS Possible Upatre SSL Cert mdus-pp-wb12.webhostbox.net (current_events.rules)
2019065 - ET CURRENT_EVENTS Possible Upatre SSL Cert plastics-technology.com (current_events.rules)
2019066 - ET CURRENT_EVENTS Possible Upatre SSL Cert slmp-550-105.slc.westdc.net (current_events.rules)
2019067 - ET CURRENT_EVENTS Possible Upatre SSL Cert deserve.org.uk (current_events.rules)
2019068 - ET CURRENT_EVENTS Possible Upatre SSL Cert worldbuy.biz (current_events.rules)
2019069 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (KINS C2) (trojan.rules)
2019070 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (KINS C2) (trojan.rules)
2019071 - ET CURRENT_EVENTS NullHole EK Landing Aug 27 2014 (current_events.rules)
2019072 - ET CURRENT_EVENTS RIG EK Landing URI Struct (current_events.rules)
2019073 - ET CURRENT_EVENTS NullHole EK Landing Redirect Aug 27 2014 (current_events.rules)
2019074 - ET TROJAN Vawtrak/NeverQuest Posting Data (trojan.rules)
2019075 - ET CURRENT_EVENTS Possible Upatre SSL Cert paydaypedro.co.uk (current_events.rules)
2019076 - ET CURRENT_EVENTS Possible Upatre SSL Cert chatso.com (current_events.rules)
2019077 - ET CURRENT_EVENTS Possible Upatre SSL Cert ventureonsite.com (current_events.rules)
2019078 - ET CURRENT_EVENTS DRIVEBY Nuclear EK Landing Aug 27 2014 (current_events.rules)

Pro:

2808649 - ETPRO TROJAN Backdoor.Win32.Stantinko.A Checkin 3 (trojan.rules)
2808661 - ETPRO MALWARE Adware.Win32.Midia.A Checkin (malware.rules)
2808662 - ETPRO TROJAN Win32.Boaxxe Variant Callback (trojan.rules)
2808663 - ETPRO MOBILE_MALWARE Android/Adware.MobWin.A Checkin (mobile_malware.rules)
2808664 - ETPRO MALWARE Win32/ExpressDownloader Callback (malware.rules)
2808665 - ETPRO MALWARE KopHack Checkin (malware.rules)
2808666 - ETPRO MALWARE Adware.Winner Uploading Host Info (malware.rules)
2808667 - ETPRO TROJAN Win32/ProxyChanger.RD Checkin (trojan.rules)
2808668 - ETPRO TROJAN TROJAN.WIN32.DIZTAKUN.ATK Checkin FTP (trojan.rules)
2808669 - ETPRO TROJAN TROJANSPY.MSIL/GOLROTED.A Checkin FTP (trojan.rules)
2808670 - ETPRO TROJAN POSCARDSTEALER.Q Checkin (trojan.rules)
2808671 - ETPRO TROJAN MONITOR.MSIL.KEYLOGGER Checkin (trojan.rules)
2808672 - ETPRO TROJAN Win32/Spy.Agent.OKH Checkin (trojan.rules)
2808673 - ETPRO MOBILE_MALWARE Android/Spyoo.I Checkin (mobile_malware.rules)
2808674 - ETPRO MOBILE_MALWARE Android/Spyoo.I Checkin 2 (mobile_malware.rules)
2808675 - ETPRO MOBILE_MALWARE Android/Spyoo.I Checkin 3 (mobile_malware.rules)
2808676 - ETPRO MALWARE Win32/GameHack.CSO Checkin (malware.rules)
2808677 - ETPRO MOBILE_MALWARE Android/SMForw.AT Checkin (mobile_malware.rules)
2808678 - ETPRO MOBILE_MALWARE Android/SMForw.AT Checkin 2 (mobile_malware.rules)
2808679 - ETPRO MOBILE_MALWARE Android.Trojan.SmsSpy.BK Checkin (mobile_malware.rules)
2808680 - ETPRO MOBILE_MALWARE Adware.Youmi.A Checkin (mobile_malware.rules)
2808681 - ETPRO MALWARE Win32/InstallRex.Adware Checkin (malware.rules)
2808682 - ETPRO MOBILE_MALWARE AndroidOS/UUPay.B Checkin 2 (mobile_malware.rules)

[+++] Enabled and modified rules: [+++]

2010463 - ET WEB_SERVER RFI Scanner Success (Fx29ID) (web_server.rules)

[///] Modified active rules: [///]

2001616 - ET ATTACK_RESPONSE Zone-H.org defacement notification (attack_response.rules)
2009029 - ET WEB_SERVER SQL Injection Attempt (Agent NV32ts) (web_server.rules)
2009038 - ET SCAN SQLNinja MSSQL Version Scan (scan.rules)
2009039 - ET SCAN SQLNinja MSSQL XPCmdShell Scan (scan.rules)
2009158 - ET SCAN WebShag Web Application Scan Detected (scan.rules)
2009359 - ET SCAN Nmap Scripting Engine User-Agent Detected (Nmap NSE) (scan.rules)
2009480 - ET SCAN Grendel Web Scan - Default User Agent Detected (scan.rules)
2009799 - ET WEB_SERVER PHP Attack Tool Morfeus F Scanner - M (web_server.rules)
2009827 - ET SCAN Pavuk User Agent Detected - Website Mirroring Tool for Off-line Analysis (scan.rules)
2009833 - ET SCAN WITOOL SQL Injection Scan (scan.rules)
2009882 - ET SCAN Default Mysqloit User Agent Detected - Mysql Injection Takover Tool (scan.rules)
2009883 - ET SCAN Possible Mysqloit Operating System Fingerprint/SQL Injection Test Scan Detected (scan.rules)
2010004 - ET WEB_SERVER SQL sp_start_job attempt (web_server.rules)
2010037 - ET WEB_SERVER Possible SQL Injection INTO OUTFILE Arbitrary File Write Attempt (web_server.rules)
2010215 - ET SCAN SQL Injection Attempt (Agent uil2pn) (scan.rules)
2010267 - ET TROJAN Sinowal/Torpig Checkin (trojan.rules)
2010268 - ET TROJAN W32.SillyFDC Checkin (trojan.rules)
2806067 - ETPRO MALWARE Casino.E Install (malware.rules)

[///] Modified inactive rules: [///]

2010231 - ET CURRENT_EVENTS FakeAlert/FraudPack/FakeAV/Guzz/Dload/Vobfus/ZPack Encrypted GIF download 1 (current_events.rules)
2010281 - ET WEB_SERVER Apache mod_perl Apache Status and Apache2 Status Cross Site Scripting Attempt (web_server.rules)
2010343 - ET SCAN pangolin SQL injection tool (scan.rules)

[---] Removed rules: [---]

2009036 - ET TROJAN Armitage Loader Check-in (trojan.rules)
2009797 - ET TROJAN Bifrose Response from victim (trojan.rules)
2010289 - ET TROJAN Clod/Sereki Communication with C&C (trojan.rules)
2010290 - ET TROJAN Clod/Sereki Checkin with C&C (noalert) (trojan.rules)
2010291 - ET TROJAN Clod/Sereki Checkin Response (trojan.rules)
2101377 - GPL FTP wu-ftp bad file completion attempt (ftp.rules)
2101378 - GPL FTP wu-ftp bad file completion attempt with brace (ftp.rules)

Date:
Summary title:
54 new Open signatures, 77 new Pro (54+23). Lots of Upatre SSL, NullHole EK, Various Android.