[***] Summary: [***] 35 new Open signatures, 39 new Pro (35 + 4). TorrentLocker, Anunak, Codiad LFI, CVE-2014-6332. Thanks: @foxit and @EKWatcher. [+++] Added rules: [+++] Open: 2020031 - ET TROJAN Trojan.Nurjax Retrieving Domains via JS (trojan.rules)
2020032 - ET TROJAN Trojan.Nurjax Downloading PE (trojan.rules)
2020033 - ET TROJAN Possible Trojan.Nurjax SSL Cert (trojan.rules)
2020034 - ET TROJAN Trojan.Nurjax Checkin (trojan.rules)
2020035 - ET TROJAN DNS query for known Anunak APT Domain (great-codes.com) (trojan.rules)
2020036 - ET TROJAN DNS query for known Anunak APT Domain (adguard.name) (trojan.rules)
2020037 - ET TROJAN DNS query for known Anunak APT Domain (coral-trevel.com) (trojan.rules)
2020038 - ET TROJAN DNS query for known Anunak APT Domain (ddnservice10.ru) (trojan.rules)
2020039 - ET TROJAN DNS query for known Anunak APT Domain (paradise-plaza.com) (trojan.rules)
2020040 - ET TROJAN DNS query for known Anunak APT Domain (worldnewsonline.pw) (trojan.rules)
2020041 - ET TROJAN DNS query for known Anunak APT Domain (update-java.net) (trojan.rules)
2020044 - ET TROJAN TorrentLocker DNS Lookup (allwayshappy.ru) (trojan.rules)
2020045 - ET TROJAN TorrentLocker DNS Lookup (casinoroyal7.ru) (trojan.rules)
2020046 - ET TROJAN TorrentLocker DNS Lookup (cryptdomain.dp.ua) (trojan.rules)
2020047 - ET TROJAN TorrentLocker DNS Lookup (deadwalk32.ru) (trojan.rules)
2020048 - ET TROJAN TorrentLocker DNS Lookup (doubleclickads.net) (trojan.rules)
2020049 - ET TROJAN TorrentLocker DNS Lookup (it-newsblog.ru) (trojan.rules)
2020050 - ET TROJAN TorrentLocker DNS Lookup (js-static.ru) (trojan.rules)
2020051 - ET TROJAN TorrentLocker DNS Lookup (lagosadventures.com) (trojan.rules)
2020052 - ET TROJAN TorrentLocker DNS Lookup (lebanonwarrior.ru) (trojan.rules)
2020053 - ET TROJAN TorrentLocker DNS Lookup (nigerianbrothers.net) (trojan.rules)
2020054 - ET TROJAN TorrentLocker DNS Lookup (octoberpics.ru) (trojan.rules)
2020055 - ET TROJAN TorrentLocker DNS Lookup (princeofnigeria.net) (trojan.rules)
2020056 - ET TROJAN TorrentLocker DNS Lookup (royalgourp.org) (trojan.rules)
2020057 - ET TROJAN TorrentLocker DNS Lookup (server38.info) (trojan.rules)
2020058 - ET TROJAN TorrentLocker DNS Lookup (ssl-server24.ru) (trojan.rules)
2020059 - ET TROJAN TorrentLocker DNS Lookup (tweeterplanet.ru) (trojan.rules)
2020060 - ET TROJAN TorrentLocker DNS Lookup (tweeter-stat.ru) (trojan.rules)
2020061 - ET TROJAN TorrentLocker DNS Lookup (updatemyhost.ru) (trojan.rules)
2020062 - ET TROJAN TorrentLocker DNS Lookup (walkingdead32.ru) (trojan.rules)
2020063 - ET TROJAN TorrentLocker DNS Lookup (worldnews247.net) (trojan.rules)
2020064 - ET TROJAN Dridex Post Check-in Activity (trojan.rules)
2020065 - ET TROJAN DNS query for known Anunak APT Domain (ddnservice11.ru) (trojan.rules)
2020066 - ET TROJAN DNS query for known Anunak APT Domain (financialnewsonline.pw) (trojan.rules)
2020067 - ET CURRENT_EVENTS Possible CVE-2014-6332 Arrays with Offset Dec 23 (current_events.rules) Pro: 2809381 - ETPRO WEB_SPECIFIC_APPS Codiad LFI Attempt (web_specific_apps.rules)
2809382 - ETPRO TROJAN PWS.Win32.Mujormel.B Reporting Infection via SMTP (trojan.rules)
2809383 - ETPRO TROJAN Win32/Teerac.A .onion Proxy Domain (humapzcmz744fe7y) (trojan.rules)
2809384 - ETPRO POLICY DNS Query to .onion Proxy Domain (gate2tor.org) (policy.rules)
[///] Modified active rules: [///] 2019881 - ET TROJAN Chthonic Check-in (trojan.rules)
2020027 - ET TROJAN Win32/Spy.Agent.OHT - AnunakAPT HTTP Checkin 1 (trojan.rules)
[---] Removed rules: [---] 2809330 - ETPRO TROJAN Trojan.Nurjax CnC (trojan.rules)
Date: 
Monday, December 22, 2014 - 22:00