[***] Summary: [***] 46 new Open signatures, 53 new Pro. US-CERT TA14-353A, Anunak, Angler, CVE-2014-6324. Emerging Threats had multiple requests to add the signatures in US-Cert alert TA14-353A. It should be noted that ET did very little validation of these signatures due to lack of available samples. Thanks: Kevin Ross, @USCERT_gov, @kafeine, @EKWatcher, @foxit, @GroupIB. [+++] Added rules: [+++] 2019985 - ET TROJAN Tendrit CnC Beacon 1 (trojan.rules)
2019986 - ET TROJAN Tendrit CnC Beacon 2 (trojan.rules)
2019987 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (KINS CnC) (trojan.rules)
2019988 - ET POLICY DNS Query for Invisible Internet Project Domain (I2P) (policy.rules)
2019989 - ET CURRENT_EVENTS Evil Redirector Leading to EK Dec 22 2014 Video (current_events.rules)
2019990 - ET CURRENT_EVENTS Evil Redirector Leading to EK Dec 22 2014 Player (current_events.rules)
2019991 - ET CURRENT_EVENTS Evil Redirector Leading to EK Dec 22 2014 Search (current_events.rules)
2019992 - ET CURRENT_EVENTS Angler EK XTEA encrypted binary (4) (current_events.rules)
2019993 - ET CURRENT_EVENTS Angler EK XTEA encrypted binary (5) (current_events.rules)
2019994 - ET TROJAN US-CERT TA14-353A Wiper 2 (trojan.rules)
2019995 - ET TROJAN US-CERT TA14-353A Listening Implant 1 (trojan.rules)
2019996 - ET TROJAN US-CERT TA14-353A Listening Implant 2 (trojan.rules)
2019997 - ET TROJAN US-CERT TA14-353A Listening Implant 3 (trojan.rules)
2019998 - ET TROJAN US-CERT TA14-353A Listening Implant 4 (trojan.rules)
2019999 - ET TROJAN US-CERT TA14-353A Listening Implant 5 (trojan.rules)
2020000 - ET TROJAN US-CERT TA14-353A Listening Implant 6 (trojan.rules)
2020001 - ET TROJAN US-CERT TA14-353A Listening Implant 7 (trojan.rules)
2020002 - ET TROJAN US-CERT TA14-353A Listening Implant 8 (trojan.rules)
2020003 - ET TROJAN US-CERT TA14-353A Listening Implant 9 (trojan.rules)
2020004 - ET TROJAN US-CERT TA14-353A Listening Implant 10 (trojan.rules)
2020005 - ET TROJAN US-CERT TA14-353A Listening Implant 11 (trojan.rules)
2020006 - ET TROJAN US-CERT TA14-353A Listening Implant 12 (trojan.rules)
2020007 - ET TROJAN US-CERT TA14-353A Lightweight Backdoor 1 (trojan.rules)
2020008 - ET TROJAN US-CERT TA14-353A Lightweight Backdoor 2 (trojan.rules)
2020009 - ET TROJAN US-CERT TA14-353A Lightweight Backdoor 3 (trojan.rules)
2020010 - ET TROJAN US-CERT TA14-353A Lightweight Backdoor 4 (trojan.rules)
2020011 - ET TROJAN US-CERT TA14-353A Lightweight Backdoor 5 (trojan.rules)
2020012 - ET TROJAN US-CERT TA14-353A Lightweight Backdoor 6 (trojan.rules)
2020013 - ET TROJAN US-CERT TA14-353A Lightweight Backdoor 7 (trojan.rules)
2020014 - ET TROJAN US-CERT TA14-353A Lightweight Backdoor 8 (trojan.rules)
2020015 - ET TROJAN US-CERT TA14-353A Lightweight Backdoor 9 (trojan.rules)
2020016 - ET TROJAN US-CERT TA14-353A Lightweight Backdoor 10 (trojan.rules)
2020017 - ET TROJAN US-CERT TA14-353A Proxy Tool 1 (trojan.rules)
2020018 - ET TROJAN US-CERT TA14-353A Proxy Tool 2 (trojan.rules)
2020019 - ET TROJAN US-CERT TA14-353A Proxy Tool 3 (trojan.rules)
2020020 - ET TROJAN US-CERT TA14-353A WIPER4 (trojan.rules)
2020021 - ET TROJAN Possible Operation Poisoned Helmand jar download (trojan.rules)
2020022 - ET TROJAN Possible VirLock Connectivity Check (trojan.rules)
2020023 - ET TROJAN US-CERT TA14-353A Network Propagation Wiper (trojan.rules)
2020024 - ET TROJAN Win32/Spy.Agent.OHT - AnunakAPT TCP Checkin 1 (trojan.rules)
2020025 - ET TROJAN Win32/Spy.Agent.OHT - AnunakAPT TCP Checkin 2 (trojan.rules)
2020026 - ET TROJAN Win32/Spy.Agent.OHT - AnunakAPT TCP Keep-Alive (trojan.rules)
2020027 - ET TROJAN Win32/Spy.Agent.OHT - AnunakAPT HTTP Checkin 1 (trojan.rules)
2020028 - ET TROJAN Win32/Spy.Agent.OHT - AnunakAPT HTTP Checkin Response 1 (trojan.rules)
2020029 - ET TROJAN Win32/Spy.Agent.OHT - AnunakAPT HTTP Checkin 2 (trojan.rules)
2020030 - ET TROJAN Win32/Spy.Agent.OHT - AnunakAPT HTTP Checkin Response 2 (trojan.rules) Pro: 2809374 - ETPRO MOBILE_MALWARE RiskTool.AndroidOS.SMSreg.fz Checkin (mobile_malware.rules)
2809375 - ETPRO MOBILE_MALWARE AndroidOS.Riskware.DroidCoupon Checkin 2 (mobile_malware.rules)
2809376 - ETPRO MOBILE_MALWARE Trojan-SMS.AndroidOS.Agent.lt Checkin (mobile_malware.rules)
2809377 - ETPRO TROJAN Win32/Darkddoser.C Checkin (trojan.rules)
2809378 - ETPRO TROJAN Autoit.F Checkin (trojan.rules)
2809379 - ETPRO TROJAN Win32/Laimfin.A Checkin (trojan.rules)
2809380 - ETPRO EXPLOIT Possible CVE-2014-6324 Priv escalation attempt (exploit.rules)
[///] Modified active rules: [///] 2019163 - ET TROJAN W32/Alina.POS-Trojan Checkin (trojan.rules)
2806027 - ETPRO TROJAN Win32/Aybo.A Checkin (trojan.rules)
2807995 - ETPRO MOBILE_MALWARE Android.Trojan.SmsSpy.BS Checkin (mobile_malware.rules)
2809240 - ETPRO MOBILE_MALWARE Android.Trojan.FakeInst.IS Checkin (mobile_malware.rules)
[---] Removed rules: [---] 2018473 - ET TROJAN W32/Alina.POS-Trojan CnC Beacon (trojan.rules)
Date: 
Sunday, December 21, 2014 - 22:00