[***] Summary: [***]

11 new Open signatures, 13 new Pro (11+2). Nuclear EK, Archie EK, Miuref/Boaxxe.

Thanks: Jake Warren, FoxIT, @kafeine, @EKWatcher and @abuse_ch.

[+++] Added rules: [+++]

2019670 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dyre CnC) (trojan.rules)
2019671 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dyre CnC) (trojan.rules)
2019676 - ET CURRENT_EVENTS Nuclear EK Payload URI Struct Nov 07 2014 (current_events.rules)
2019677 - ET CURRENT_EVENTS Archie EK Exploit Flash URI Struct (current_events.rules)
2019678 - ET TROJAN Ursnif Checkin (trojan.rules)
2019679 - ET TROJAN Archie EK Payload Checkin POST (trojan.rules)
2019680 - ET TROJAN Possible Archie EK Payload Checkin GET (trojan.rules)
2019681 - ET CURRENT_EVENTS Operation Huyao Landing Page Nov 07 2014 (current_events.rules)
2019682 - ET CURRENT_EVENTS Operation Huyao Phishing Page Nov 07 2014 (current_events.rules)
2019683 - ET TROJAN Miuref/Boaxxe Checkin (trojan.rules)
2019684 - ET CURRENT_EVENTS Evil EK Redirector Cookie Nov 07 2014 (current_events.rules)

Pro:

2809131 - ETPRO MALWARE PUP Optimizer Pro Checkin (malware.rules)
2809132 - ETPRO TROJAN Win32.Yakes.hamc Checkin (trojan.rules)
[///] Modified active rules: [///]

2018998 - ET CURRENT_EVENTS Archie EK Landing Aug 24 2014 (current_events.rules)
2019666 - ET TROJAN OSX/WireLurker HTTP Request for www.comeinbaby.com (trojan.rules)
2019667 - ET TROJAN OSX/WireLurker DNS Query Domain www.comeinbaby.com (trojan.rules)
2808988 - ETPRO WEB_CLIENT Possible Internet Explorer Buffer use after free CVE-2014-4127 (web_client.rules)
[///] Modified inactive rules: [///]

2001407 - ET POLICY hidden zip extension .pif (policy.rules)
2001408 - ET POLICY hidden zip extension .scr (policy.rules)
[---] Removed rules: [---]

2807930 - ETPRO TROJAN Win32.Boaxxe Trojan Checkin (trojan.rules)

Date:
Summary title:
11 new Open signatures, 13 new Pro (11+2). Nuclear EK, Archie EK, Miuref/Boaxxe.