[***] Summary: [***] 15 new Open signatures, 19 new Pro (15+4). Sofacy, PoisonIvy, W32/ZxShell. Thanks: Kevin Ross, Eoin Miller and @rmkml [+++] Added rules: [+++] Open: 2019585 - ET TROJAN Sofacy HTTP Request msonlinelive.com (trojan.rules)
2019586 - ET TROJAN Sofacy DNS Lookup msonlinelive.com (trojan.rules)
2019587 - ET TROJAN W32/ZxShell Server Checkin Response (trojan.rules)
2019588 - ET TROJAN W32/ZxShell Checkin (trojan.rules)
2019589 - ET TROJAN PoisonIvy Keepalive to CnC (Operation SMN Variant) (trojan.rules)
2019590 - ET TROJAN PoisonIvy Keepalive to CnC (Operation SMN Variant) (trojan.rules)
2019591 - ET TROJAN PoisonIvy Keepalive to CnC (Operation SMN Variant) (trojan.rules)
2019592 - ET TROJAN PoisonIvy Keepalive to CnC (Operation SMN Variant) (trojan.rules)
2019593 - ET TROJAN PoisonIvy Keepalive to CnC (Operation SMN Variant) (trojan.rules)
2019594 - ET CURRENT_EVENTS FlashPack EK Plugin-Detect Post (current_events.rules)
2019595 - ET CURRENT_EVENTS FlashPack Payload Download Oct 29 (current_events.rules)
2019596 - ET CURRENT_EVENTS FlashPack Secondary Landing Oct 29 (current_events.rules)
2019597 - ET CURRENT_EVENTS DRIVEBY FakeSupport - Landing Page - Windows Firewall Warning (current_events.rules)
2019598 - ET CURRENT_EVENTS DRIVEBY FakeSupport - URI - windows-firewall.png (current_events.rules)
2019599 - ET CURRENT_EVENTS DRIVEBY FakeSupport - Landing Page - Operating System Check (current_events.rules) Pro: 2809090 - ETPRO TROJAN Win32/Critroni Tor DNS Proxy lookup (trojan.rules)
2809091 - ETPRO TROJAN Win32/RpcBrute.A CnC (trojan.rules)
2809092 - ETPRO DOS Possible XMLRPC DoS in Progress (dos.rules)
2809093 - ETPRO MOBILE_MALWARE Android/TrojanSMS.FakeInst.FO Checkin (mobile_malware.rules) [///] Modified active rules: [///] 2019539 - ET TROJAN Win32/Coreshell Checkin (APT28 Related) (trojan.rules)
2019542 - ET CURRENT_EVENTS Likely SweetOrange EK Java Exploit Struct (JAR) (current_events.rules)
2019545 - ET TROJAN Sofacy Request Outbound (trojan.rules)
2806662 - ETPRO DOS UDP Based DOS LOIC Low Orbit Ion Cannon Attack Default String (dos.rules)
2806663 - ETPRO DOS UDP Based D0S LOIC Low Orbit Ion Cannon Attack OUTBOUND Default String (dos.rules)
2806664 - ETPRO DOS TCP Based DOS LOIC Low Orbit Ion Cannon Attack Default String (dos.rules)
2806665 - ETPRO DOS TCP Based DOS LOIC Low Orbit Ion Cannon Attack OUTBOUND Default String (dos.rules)
2807856 - ETPRO TROJAN Possible Win32/Zbot.AHJ CnC Traffic (trojan.rules)
2808522 - ETPRO MALWARE PUP Win32/ELEX Checkin (malware.rules)
2808814 - ETPRO TROJAN Backdoor family PCRat/Gh0st CnC Response (trojan.rules) [---] Removed rules: [---] 2003621 - ET MALWARE MyWay Spyware Posting Activity Report - Dell Related (malware.rules)
2806579 - ETPRO TROJAN DarkComet-RAT init connection 3 (trojan.rules)
Date: 
Tuesday, October 28, 2014 - 22:00