[***] Summary: [***] 17 new Open signatures, 24 new Pro (17 + 7). CVE-2014-6321, Centreon vuln, Dyre, Upatre. Thanks: Kevin Ross. [+++] Added rules: [+++] Open: 2019821 - ET INFO WinHttpRequest (flowbits no alert) (info.rules)
2019822 - ET CURRENT_EVENTS WinHttpRequest Downloading EXE (current_events.rules)
2019823 - ET CURRENT_EVENTS WinHttpRequest Downloading EXE Non-Port 80 (Likely Exploit Kit) (current_events.rules)
2019824 - ET TROJAN W32/Hyteod.Downloader CnC Beacon (trojan.rules)
2019825 - ET POLICY Cryptexplorer API Check - Potential CoinMiner Traffic (policy.rules)
2019826 - ET TROJAN W32/Coinminer.Backdoor CnC Beacon (trojan.rules)
2019827 - ET TROJAN W32/Wadolin.Downloader CnC Beacon (trojan.rules)
2019828 - ET TROJAN Trojan/W32.KRBanker.60928.C Checkin (trojan.rules)
2019829 - ET TROJAN W32/Fin4.InfoStealer Uploading User Credentials CnC Beacon (trojan.rules)
2019830 - ET TROJAN Dridex v2 POST Checkin (trojan.rules)
2019831 - ET TROJAN W32/Syndicasec.Backdoor CnC Beacon (trojan.rules)
2019832 - ET TROJAN Possible Dyre SSL Cert (fake org name) (trojan.rules)
2019833 - ET TROJAN Possible Dyre SSL Cert (fake state) (trojan.rules)
2019834 - ET INFO Microsoft Compact Office Document Format File Download (info.rules)
2019835 - ET WEB_CLIENT SUSPICIOUS Possible Office Doc with Embedded VBA Project (web_client.rules)
2019836 - ET WEB_CLIENT SUSPICIOUS Possible Office Doc with Embedded VBA Project (web_client.rules)
2019837 - ET WEB_CLIENT SUSPICIOUS Possible Office Doc with Embedded VBA Project (Wide) (web_client.rules) Pro: 2809252 - ETPRO TROJAN W32/Tepfer.InfoStealer Dropping Files (trojan.rules)
2809253 - ETPRO WEB_SPECIFIC_APPS Centreon 2.5.3 and Below RCE (web_specific_apps.rules)
2809254 - ETPRO TROJAN Upatre Common URI Struct Dec 01 2014 (trojan.rules)
2809255 - ETPRO EXPLOIT SChannel Possible Heap Overflow CVE-2014-6321 SSLv3 (exploit.rules)
2809256 - ETPRO EXPLOIT SChannel Possible Heap Overflow CVE-2014-6321 TLSv1.0 (exploit.rules)
2809257 - ETPRO EXPLOIT SChannel Possible Heap Overflow CVE-2014-6321 TLSv1.2 (exploit.rules)
2809258 - ETPRO EXPLOIT SChannel Possible Heap Overflow CVE-2014-6321 TLSv1.2 (exploit.rules)
[///] Modified active rules: [///] 2011334 - ET MALWARE User-Agent (C\\WINDOWS\\system32\\NetLogom.exe) (malware.rules)
2019761 - ET CURRENT_EVENTS Job314/Neutrino Reboot EK Landing Nov 20 2014 (current_events.rules)
2019763 - ET CURRENT_EVENTS Job314/Neutrino Reboot EK Flash Exploit Nov 20 2014 (current_events.rules)
2809207 - ETPRO TROJAN Backdoor.W32/OnionDuke.A Checkin (trojan.rules)
[---] Removed rules: [---] 2015677 - ET CURRENT_EVENTS Sakura exploit kit binary download request /out.php (current_events.rules)
2808095 - ETPRO TROJAN Trojan/W32.KRBanker.60928.C Checkin (trojan.rules)
2809250 - ETPRO TROJAN Possible Dyre SSL Cert (fake org name) (trojan.rules)
Date: 
Sunday, November 30, 2014 - 22:00