[***] Summary: [***] 16 new Open signatures, 20 new Pro (16 + 4). CryptoPHP Shell C2, Bamital, Sweet Orange. Thanks: Kevin Ross, @foxit, @rmkml and @kafeine [+++] Added rules: [+++] Open: 2019748 - ET WEB_SERVER FOX-SRT - Backdoor - CryptoPHP Shell C2 POST (web_server.rules)
2019749 - ET WEB_SERVER FOX-SRT - Backdoor - CryptoPHP Shell C2 POST (fsockopen) (web_server.rules)
2019751 - ET CURRENT_EVENTS SweetOrange EK Landing Nov 19 2014 (current_events.rules)
2019752 - ET CURRENT_EVENTS Possible Sweet Orange CVE-2014-6332 Payload Request (current_events.rules)
2019753 - ET CURRENT_EVENTS Possible FlashPack (FlashOnly) Payload Struct Nov 19 2014 (current_events.rules)
2019754 - ET TROJAN Bamital Connectivity Check (trojan.rules)
2019755 - ET TROJAN Bamital Headers - Likely CnC Beacon (trojan.rules)
2019756 - ET TROJAN Bamital Checkin (trojan.rules)
2019757 - ET TROJAN Bamital Checkin Response 1 (trojan.rules)
2019758 - ET TROJAN Bamital Checkin Response 2 (trojan.rules)
2019759 - ET TROJAN Win32/Zemot Requesting PE (trojan.rules)
2019760 - ET TROJAN Rerdom/Asprox CnC Beacon (trojan.rules)
2019761 - ET CURRENT_EVENTS Job314/Neutrino Reboot EK Landing Nov 20 2014 (current_events.rules)
2019762 - ET CURRENT_EVENTS Job314/Neutrino Reboot EK Landing Nov 20 2014 (current_events.rules)
2019763 - ET CURRENT_EVENTS Job314/Neutrino Reboot EK Flash Exploit Nov 20 2014 (current_events.rules)
2019764 - ET CURRENT_EVENTS Job314/Neutrino Reboot EK Payload Nov 20 2014 (current_events.rules) Pro: 2809224 - ETPRO WEB_SPECIFIC_APPS Paid Memberships Pro 1.7.14.2 Path Traversal Attempt (web_specific_apps.rules)
2809225 - ETPRO TROJAN Win32/Garveep.E Checkin (trojan.rules)
2809226 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmForw.ak Checkin (mobile_malware.rules)
2809227 - ETPRO TROJAN Win32/Joviddy.A Checkin via IRC (trojan.rules)
[///] Modified active rules: [///] 2808289 - ETPRO TROJAN Win32/Necurs Common POST Header Structure (trojan.rules)
2808986 - ETPRO WEB_CLIENT Possible malformed disk image transfer CVE-2014-4115 (web_client.rules)
[---] Removed rules: [---] 2809079 - ETPRO TROJAN Win32/Zemot Requesting PE (trojan.rules)
Date: 
Wednesday, November 19, 2014 - 22:00