[***] Summary: [***]

15 new Open signatures, 27 new Pro (15 + 12). Angler, RIG, Annuak, Obsecure360 SQLi.

These updates were posted throughout the holidays.

Thanks: @kafeine, @jaimeblascob, @EKwatcher and @abuse_ch.

[+++] Added rules: [+++]

Open:

Dec 24:

2020068 - ET CURRENT_EVENTS Angler EK Dec 24 2014 (current_events.rules)

Dec 26:

2020069 - ET TROJAN TROJ_WHAIM.A message (trojan.rules)
2020070 - ET TROJAN Unknown Dropped by RIG EK (trojan.rules)

Dec 29:

2020071 - ET CURRENT_EVENTS Angler EK XTEA encrypted binary (6) (current_events.rules)
2020072 - ET CURRENT_EVENTS Angler EK XTEA encrypted binary (7) (current_events.rules)
2020073 - ET TROJAN DNS query for known Anunak APT Domain (ddnservice11.ru) (trojan.rules)
2020074 - ET TROJAN DNS query for known Anunak APT Domain (financialnewsonline.pw) (trojan.rules)
2020075 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (KINS CnC) (trojan.rules)
2020076 - ET TROJAN Andromeda Checkin Dec 29 2014 (trojan.rules)
2020077 - ET TROJAN Kronos Checkin M2 (trojan.rules)
2020078 - ET TROJAN RocketKitten APT Checkin (trojan.rules)
2020079 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (KINS CnC) (trojan.rules)
2020080 - ET TROJAN Kronos Checkin (trojan.rules)
2020081 - ET TROJAN Win32.Akdoor Reporting MAC Address (trojan.rules)

Pro:

Dec 29:

2809385 - ETPRO TROJAN Win32/Injector.BOVV .onion Proxy Domain (trojan.rules)
2809386 - ETPRO TROJAN PWS.Win32.Mujormel.A Reporting Infection via SMTP (trojan.rules)
2809387 - ETPRO TROJAN Win32/PSW.Papras.DS Checkin (trojan.rules)
2809388 - ETPRO MOBILE_MALWARE Android Unknown Trojan Checkin (mobile_malware.rules)
2809389 - ETPRO MOBILE_MALWARE Android/TrojanSMS.Agent.AHS Checkin (mobile_malware.rules)
2809390 - ETPRO TROJAN Win32/Filecoder.DA .onion Proxy Domain (trojan.rules)
2809391 - ETPRO MOBILE_MALWARE Android/TrojanSMS.Agent.AHS Checkin (mobile_malware.rules)
2809392 - ETPRO TROJAN Win32/TrojanDownloader.Agent.ART Checkin (trojan.rules)
2809393 - ETPRO TROJAN Win32/TrojanDownloader.Agent.ART Checkin Response (trojan.rules)
2809394 - ETPRO TROJAN Win32/Tikuffed.U Checkin (trojan.rules)
2809395 - ETPRO WEB_SPECIFIC_APPS Obsecure360 SQLi Attempt (web_specific_apps.rules)
2809396 - ETPRO MOBILE_MALWARE Android/Smsir.B Checkin via FTP (mobile_malware.rules)
[///] Modified active rules: [///]

2013511 - ET TROJAN Win32/CazinoSilver Checkin (trojan.rules)
2809278 - ETPRO MALWARE Win32/Adware.Adpeak.Q Checkin (malware.rules)
[---] Disabled and modified rules: [---]

2010341 - ET WEB_SPECIFIC_APPS OS Commerce 2.2 RC2 Potential Anonymous Remote Code Execution (web_specific_apps.rules)

Date:
Summary title:
15 new Open signatures, 27 new Pro (15 + 12). Angler, RIG, Annuak, Obsecure360 SQLi.