[***] Summary: [***] 52 New Open signatures, 59 new Pro (52+7). OLDBAIT, Sofacy, SweetOrange EK. Thanks: @rmkml, @jaimeblascob, @PwC_LLC and @kafeine. [+++] Added rules: [+++] Open: 2019524 - ET WEB_SPECIFIC_APPS BASE base_stat_common.php remote file include (web_specific_apps.rules)
2019526 - ET WEB_SERVER WEB-PHP phpinfo access (web_server.rules)
2019534 - ET TROJAN OLDBAIT Checkin (trojan.rules)
2019535 - ET TROJAN OLDBAIT Checkin sptr (trojan.rules)
2019536 - ET TROJAN OLDBAIT Checkin 2 brvc (trojan.rules)
2019537 - ET TROJAN Win32/Chopstick Checkin (APT28 Related) (trojan.rules)
2019538 - ET TROJAN Ransom.Win32.Blocker.fwlm Checkin (trojan.rules)
2019539 - ET TROJAN Win32/Coreshell Checkin (APT28 Related) (trojan.rules)
2019540 - ET CURRENT_EVENTS Potential Sofacy Phishing Redirect (current_events.rules)
2019541 - ET CURRENT_EVENTS Potential Sofacy Phishing Redirect (current_events.rules)
2019542 - ET CURRENT_EVENTS Likely SweetOrange EK Java Exploit Struct (JAR) (current_events.rules)
2019543 - ET CURRENT_EVENTS Likely SweetOrange EK Flash Exploit URI Struct (current_events.rules)
2019544 - ET CURRENT_EVENTS Possible Sweet Orange Flash/IE Payload Request (current_events.rules)
2019545 - ET TROJAN Sofacy Request Outbound (trojan.rules)
2019546 - ET TROJAN Sofacy HTTP Request adawareblock .com (trojan.rules)
2019547 - ET TROJAN Sofacy HTTP Request adobeincorp .com (trojan.rules)
2019548 - ET TROJAN Sofacy HTTP Request azureon-line .com (trojan.rules)
2019549 - ET TROJAN Sofacy HTTP Request checkmalware .info (trojan.rules)
2019550 - ET TROJAN Sofacy HTTP Request checkwinframe .com (trojan.rules)
2019551 - ET TROJAN Sofacy HTTP Request check-fix .com (trojan.rules)
2019552 - ET TROJAN Sofacy HTTP Request hotfix-update .com (trojan.rules)
2019553 - ET TROJAN Sofacy HTTP Request microsofi .org (trojan.rules)
2019554 - ET TROJAN Sofacy HTTP Request microsof-update .com (trojan.rules)
2019555 - ET TROJAN Sofacy HTTP Request scanmalware .info (trojan.rules)
2019556 - ET TROJAN Sofacy HTTP Request secnetcontrol .com (trojan.rules)
2019557 - ET TROJAN Sofacy HTTP Request securitypractic .com (trojan.rules)
2019558 - ET TROJAN Sofacy HTTP Request testservice24 .net (trojan.rules)
2019559 - ET TROJAN Sofacy HTTP Request testsnetcontrol .com (trojan.rules)
2019560 - ET TROJAN Sofacy HTTP Request updatepc .org (trojan.rules)
2019561 - ET TROJAN Sofacy HTTP Request updatesoftware24 .com (trojan.rules)
2019562 - ET TROJAN Sofacy HTTP Request windows-updater .com (trojan.rules)
2019563 - ET TROJAN Sofacy HTTP Request checkmalware .org (trojan.rules)
2019564 - ET TROJAN Sofacy DNS Lookup adawareblock .com (trojan.rules)
2019565 - ET TROJAN Sofacy DNS Lookup adobeincorp .com (trojan.rules)
2019566 - ET TROJAN Sofacy DNS Lookup azureon-line .com (trojan.rules)
2019567 - ET TROJAN Sofacy DNS Lookup checkmalware .info (trojan.rules)
2019568 - ET TROJAN Sofacy DNS Lookup checkwinframe .com (trojan.rules)
2019569 - ET TROJAN Sofacy DNS Lookup check-fix .com (trojan.rules)
2019570 - ET TROJAN Sofacy DNS Lookup hotfix-update .com (trojan.rules)
2019571 - ET TROJAN Sofacy DNS Lookup microsofi .org (trojan.rules)
2019572 - ET TROJAN Sofacy DNS Lookup microsof-update .com (trojan.rules)
2019573 - ET TROJAN Sofacy DNS Lookup scanmalware .info (trojan.rules)
2019574 - ET TROJAN Sofacy DNS Lookup secnetcontrol .com (trojan.rules)
2019575 - ET TROJAN Sofacy DNS Lookup securitypractic .com (trojan.rules)
2019576 - ET TROJAN Sofacy DNS Lookup symanttec .org (trojan.rules)
2019577 - ET TROJAN Sofacy DNS Lookup testservice24 .net (trojan.rules)
2019578 - ET TROJAN Sofacy DNS Lookup testsnetcontrol .com (trojan.rules)
2019579 - ET TROJAN Sofacy DNS Lookup updatepc .org (trojan.rules)
2019580 - ET TROJAN Sofacy DNS Lookup updatesoftware24 .com (trojan.rules)
2019581 - ET TROJAN Sofacy DNS Lookup windows-updater .com (trojan.rules)
2019582 - ET TROJAN Sofacy DNS Lookup checkmalware .org (trojan.rules)
2019583 - ET TROJAN Sofacy HTTP Request symanttec .org (trojan.rules) Pro: 2809080 - ETPRO EXPLOIT DotNetNuke DNNspot Store 3.0.0 File Upload (exploit.rules)
2809081 - ETPRO MOBILE_MALWARE Android/Lxsj.A Checkin (mobile_malware.rules)
2809082 - ETPRO EXPLOIT Mulesoft ESB Runtime 3.5.1 Privilege Escalation (exploit.rules)
2809084 - ETPRO TROJAN Infostealer.Limitail Stealing Info Via HTTP (trojan.rules)
2809085 - ETPRO TROJAN Trojan.Win32.Sefnit.C Install (trojan.rules)
2809086 - ETPRO WEB_SPECIFIC_APPS CreativeContact Plugin Arbitrary File Upload (web_specific_apps.rules)
2809087 - ETPRO TROJAN Trojan.Alnaddy Checkin (trojan.rules)
[///] Modified active rules: [///] 2011488 - ET FTP Suspicious Quotation Mark Usage in FTP Username (ftp.rules)
2017648 - ET CURRENT_EVENTS Possible Sweet Orange payload Request (current_events.rules)
2019418 - ET CURRENT_EVENTS SSL excessive fatal alerts (possible POODLE attack against server) (current_events.rules)
2806561 - ETPRO POLICY Ultrasurf Proxy Anonymizer TLS ClientHello Attempt (policy.rules)
2809030 - ETPRO TROJAN Possibly Malicious DNS TXT Response Contains URL (trojan.rules)
[///] Modified inactive rules: [///] 2008547 - ET TROJAN PECompact2 Packed Binary - Sometimes Hostile (trojan.rules)
[---] Removed rules: [---] 2805844 - ETPRO TROJAN Cryp_Xin2/Clicker.Win32.Small.zy Checkin 1 sptr (trojan.rules)
2805845 - ETPRO TROJAN Cryp_Xin2/Clicker.Win32.Small.zy Checkin 2 brvc (trojan.rules)
2809067 - ETPRO TROJAN Win32/Sednit.L Checkin (trojan.rules)
Date: 
Monday, October 27, 2014 - 22:00