[***] Summary: [***]

15 new Open signatures, 30 new Pro (15+15). ScanBox, iBryte, BIG-IP rsync vuln, Archie EK.

Thanks: @jaimeblascob and @kafeine

[+++] Added rules: [+++]

2019084 - ET TROJAN Syrian Malware Checkin (trojan.rules)
2019085 - ET EXPLOIT Metasploit FireFox WebIDL Privileged Javascript Injection (exploit.rules)
2019086 - ET CURRENT_EVENTS Unknown Trojan Dropped by Angler Aug 29 2014 (current_events.rules)
2019087 - ET TROJAN F5 BIG-IP rsync cmi access attempt (trojan.rules)
2019088 - ET TROJAN F5 BIG-IP rsync cmi authorized_keys access attempt (trojan.rules)
2019089 - ET TROJAN F5 BIG-IP rsync cmi authorized_keys successful exfiltration (trojan.rules)
2019090 - ET TROJAN F5 BIG-IP rsync cmi authorized_keys successful upload (trojan.rules)
2019091 - ET EXPLOIT Metasploit Random Base CharCode JS Encoded String (exploit.rules)
2019093 - ET CURRENT_EVENTS ScanBox Framework used in WateringHole Attacks (current_events.rules)
2019094 - ET CURRENT_EVENTS ScanBox Framework used in WateringHole Attacks Intial (POST) (current_events.rules)
2019095 - ET CURRENT_EVENTS ScanBox Framework used in WateringHole Attacks (POST) PluginData (current_events.rules)
2019096 - ET CURRENT_EVENTS ScanBox Framework used in WateringHole Attacks KeepAlive (current_events.rules)
2019097 - ET CURRENT_EVENTS Archie EK SilverLight URI Struct (current_events.rules)
2019098 - ET CURRENT_EVENTS Archie EK Sending Plugin-Detect Data (current_events.rules)
2019099 - ET CURRENT_EVENTS Possible Archie/Metasploit SilverLight Exploit (current_events.rules)

Pro:

2808696 - ETPRO MALWARE W32/iBryte.Adware Installer Download (malware.rules)
2808697 - ETPRO MOBILE_MALWARE Android/AndroRAT.B Checkin (mobile_malware.rules)
2808698 - ETPRO TROJAN Win32/Paskod.B Downloading Files (trojan.rules)
2808699 - ETPRO TROJAN Win32/KFTC.Downloader Checkin (trojan.rules)
2808700 - ETPRO TROJAN Win32/KFTC.Downloader Checkin 2 (trojan.rules)
2808701 - ETPRO TROJAN Win32.Farfli.gq Requesting data (trojan.rules)
2808702 - ETPRO MOBILE_MALWARE Android.Trojan.SMSSend.IW Checkin (mobile_malware.rules)
2808703 - ETPRO MOBILE_MALWARE Android/DDLight.A Checkin (mobile_malware.rules)
2808704 - ETPRO MALWARE PUP Win32/Adware.MediaFinder Checkin 2 (malware.rules)
2808705 - ETPRO MOBILE_MALWARE Android/SmsSpy.AH Checkin (mobile_malware.rules)
2808706 - ETPRO TROJAN Win32/CoinMiner.SO .exe download 2 (trojan.rules)
2808707 - ETPRO TROJAN Trojan.Keylog!1.9946 Checkin (trojan.rules)
2808708 - ETPRO TROJAN Win32.Farfli Requesting data 2 (trojan.rules)
2808709 - ETPRO TROJAN suspicious X-Mailer (Blat v2) (trojan.rules)
2808710 - ETPRO TROJAN Win32/BrowserPassview sending passwords via SMTP (trojan.rules)

[///] Modified active rules: [///]

2018362 - ET CURRENT_EVENTS DRIVEBY Nuclear EK SWF (current_events.rules)
2018873 - ET TROJAN Tor based locker Ransom Page (trojan.rules)
2019034 - ET CURRENT_EVENTS Possible Upatre SSL Cert dineshuthayakumar.in (current_events.rules)
2801865 - ETPRO TROJAN Backdoor Darkshell Reporting to CnC (trojan.rules)
2805820 - ETPRO MOBILE_MALWARE Android/FkToken.A Checkin (mobile_malware.rules)
2806210 - ETPRO MOBILE_MALWARE AndroidOS/Gappusin.A Checkin (mobile_malware.rules)
2808138 - ETPRO MOBILE_MALWARE Android/Battpatch.A Checkin (mobile_malware.rules)
2808677 - ETPRO MOBILE_MALWARE Android/SMForw.AT Checkin (mobile_malware.rules)
2808678 - ETPRO MOBILE_MALWARE Android/SMForw.AT Checkin 2 (mobile_malware.rules)

[---] Removed rules: [---]

2014153 - ET CURRENT_EVENTS High Orbit Ion Cannon (HOIC) Attack Inbound Generic Detection Double Spaced UA (current_events.rules)
2018976 - ET MALWARE Hoic.zip retrieval (malware.rules)
2018977 - ET MALWARE HOIC with booster outbound (malware.rules)
2018978 - ET WEB_SERVER HOIC with booster inbound (web_server.rules)

Date:
Summary title:
15 new Open signatures, 30 new Pro (15+15). ScanBox, iBryte, BIG-IP rsync vuln, Archie EK.