[***] Summary: [***]

11 new Open signatures, 35 new Pro. MS Patch Tuesday, Dridex, Dyre, BillGates.

Thanks: Kevin Ross, Russell Fulton, tdzmont, @malwaresigs, @EKwatcher, @rmkml, @abuse_ch and @c_APT_ure.

[+++] Added rules: [+++]

2019691 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dyre CnC) (trojan.rules)
2019692 - ET TROJAN Possible Emotet DGA NXDOMAIN Responses (trojan.rules)
2019693 - ET TROJAN Emotet Checkin (trojan.rules)
2019696 - ET CURRENT_EVENTS Possible Dridex Campaign Download Nov 11 2014 (current_events.rules)
2019697 - ET CURRENT_EVENTS Possible Dridex Campaign Download Nov 11 2014 (current_events.rules)
2019698 - ET CURRENT_EVENTS Win32/Zbot SSL Cert Nov 11 2014 (current_events.rules)
2019699 - ET CURRENT_EVENTS Possible Dyre SSL Cert Nov 11 2014 (current_events.rules)
2019700 - ET CURRENT_EVENTS Possible Dyre SSL Cert Nov 11 2014 (current_events.rules)
2019701 - ET CURRENT_EVENTS Possible Dyre SSL Cert Nov 11 2014 (current_events.rules)
2019702 - ET CURRENT_EVENTS Possible Dyre SSL Cert Nov 11 2014 (current_events.rules)
2019703 - ET CURRENT_EVENTS Possible Dyre SSL Cert Nov 11 2014 (current_events.rules)

Pro:

2809140 - ETPRO MOBILE_MALWARE Android.Trojan.InfoStealer.BZ Checkin (mobile_malware.rules)
2809142 - ETPRO WEB_SERVER Microsoft Sharepoint XSS attempt (2014-4116) (web_server.rules)
2809143 - ETPRO WEB_CLIENT Possible Internet Explorer CSecurityContext Use-After-Free CVE-2014-4143 (web_client.rules)
2809144 - ETPRO WEB_CLIENT Possible Internet Explorer IE_AudioSrv_SandboxEscape (CVE-2014-6322) (web_client.rules)
2809145 - ETPRO WEB_CLIENT Possible Internet Explorer clipboardData Use-After-Free CVE-2014-6323 (web_client.rules)
2809147 - ETPRO WEB_CLIENT Possible Internet Explorer VBscript failure to handle error case information disclosure CVE-2014-6332 (web_client.rules)
2809148 - ETPRO WEB_CLIENT Microsoft Word RCE (CVE-2014-6333) (web_client.rules)
2809149 - ETPRO WEB_CLIENT Microsoft Word RCE (CVE-2014-6334) (web_client.rules)
2809152 - ETPRO WEB_CLIENT Microsoft Internet Explorer Memory Corruption Vulnerability CVE-2014-6337 (web_client.rules)
2809153 - ETPRO WEB_CLIENT Microsoft Internet Explorer ASLR Bypass CVE-2014-6339 (web_client.rules)
2809154 - ETPRO WEB_CLIENT Possible Internet Explorer Cross-domain Information Disclosure CVE-2014-6340 (web_client.rules)
2809155 - ETPRO WEB_CLIENT Possible Internet Explorer CStyleSheet Use-After-Free CVE-2014-6341 (web_client.rules)
2809156 - ETPRO WEB_CLIENT Possible Internet Explorer out of bounds write RCE CVE-2014-6342 (web_client.rules)
2809157 - ETPRO WEB_CLIENT Possible Internet Explorer JavaScript parsing error Information Disclosure CVE-2014-6345 (web_client.rules)
2809158 - ETPRO WEB_CLIENT IE Memory Corruption Vulnerability CVE-2014-6347 (web_client.rules)
2809159 - ETPRO WEB_CLIENT IE Memory Corruption Vulnerability CVE-2014-6347 (web_client.rules)
2809160 - ETPRO WEB_CLIENT IE Memory Corruption Vulnerability CVE-2014-6347 (web_client.rules)
2809161 - ETPRO WEB_CLIENT Possible IE Memory Corruption Vulnerability CVE-2014-6351 (web_client.rules)
2809162 - ETPRO WEB_CLIENT IE Memory Corruption Vulnerability CVE-2014-6353 (web_client.rules)
2809163 - ETPRO CURRENT_EVENTS Win32 common ROP chain (current_events.rules)
2809164 - ETPRO MOBILE_MALWARE AndroidOS/Aks.B Checkin (mobile_malware.rules)
2809165 - ETPRO TROJAN BillGates Variant CnC (trojan.rules)
2809166 - ETPRO TROJAN W32/Ransom.JD Checkin (trojan.rules)
2809167 - ETPRO TROJAN Win32/Injector.BOIK Downloader Checkin (trojan.rules)
[///] Modified active rules: [///]

2019689 - ET CURRENT_EVENTS Job314 EK Landing Nov 10 2014 (current_events.rules)
2019690 - ET CURRENT_EVENTS Archie EK Landing Nov 10 2014 (current_events.rules)
2808199 - ETPRO MOBILE_MALWARE Android.Trojan.FakeInst.DZ Checkin (mobile_malware.rules)
2809079 - ETPRO TROJAN Win32/Zemot Requesting PE (trojan.rules)

Date:
Summary title:
11 new Open signatures, 35 new Pro. MS Patch Tuesday, Dridex, Dyre, BillGates.