[***] Summary: [***] 15 new Open signatures, 27 new Pro (15 + 12). Angler, RIG, Annuak, Obsecure360 SQLi. These updates were posted throughout the holidays. Thanks: @kafeine, @jaimeblascob, @EKwatcher and @abuse_ch. [+++] Added rules: [+++] Open: Dec 24: 2020068 - ET CURRENT_EVENTS Angler EK Dec 24 2014 (current_events.rules) Dec 26: 2020069 - ET TROJAN TROJ_WHAIM.A message (trojan.rules)
2020070 - ET TROJAN Unknown Dropped by RIG EK (trojan.rules) Dec 29: 2020071 - ET CURRENT_EVENTS Angler EK XTEA encrypted binary (6) (current_events.rules)
2020072 - ET CURRENT_EVENTS Angler EK XTEA encrypted binary (7) (current_events.rules)
2020073 - ET TROJAN DNS query for known Anunak APT Domain (ddnservice11.ru) (trojan.rules)
2020074 - ET TROJAN DNS query for known Anunak APT Domain (financialnewsonline.pw) (trojan.rules)
2020075 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (KINS CnC) (trojan.rules)
2020076 - ET TROJAN Andromeda Checkin Dec 29 2014 (trojan.rules)
2020077 - ET TROJAN Kronos Checkin M2 (trojan.rules)
2020078 - ET TROJAN RocketKitten APT Checkin (trojan.rules)
2020079 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (KINS CnC) (trojan.rules)
2020080 - ET TROJAN Kronos Checkin (trojan.rules)
2020081 - ET TROJAN Win32.Akdoor Reporting MAC Address (trojan.rules) Pro: Dec 29: 2809385 - ETPRO TROJAN Win32/Injector.BOVV .onion Proxy Domain (trojan.rules)
2809386 - ETPRO TROJAN PWS.Win32.Mujormel.A Reporting Infection via SMTP (trojan.rules)
2809387 - ETPRO TROJAN Win32/PSW.Papras.DS Checkin (trojan.rules)
2809388 - ETPRO MOBILE_MALWARE Android Unknown Trojan Checkin (mobile_malware.rules)
2809389 - ETPRO MOBILE_MALWARE Android/TrojanSMS.Agent.AHS Checkin (mobile_malware.rules)
2809390 - ETPRO TROJAN Win32/Filecoder.DA .onion Proxy Domain (trojan.rules)
2809391 - ETPRO MOBILE_MALWARE Android/TrojanSMS.Agent.AHS Checkin (mobile_malware.rules)
2809392 - ETPRO TROJAN Win32/TrojanDownloader.Agent.ART Checkin (trojan.rules)
2809393 - ETPRO TROJAN Win32/TrojanDownloader.Agent.ART Checkin Response (trojan.rules)
2809394 - ETPRO TROJAN Win32/Tikuffed.U Checkin (trojan.rules)
2809395 - ETPRO WEB_SPECIFIC_APPS Obsecure360 SQLi Attempt (web_specific_apps.rules)
2809396 - ETPRO MOBILE_MALWARE Android/Smsir.B Checkin via FTP (mobile_malware.rules)
[///] Modified active rules: [///] 2013511 - ET TROJAN Win32/CazinoSilver Checkin (trojan.rules)
2809278 - ETPRO MALWARE Win32/Adware.Adpeak.Q Checkin (malware.rules)
[---] Disabled and modified rules: [---] 2010341 - ET WEB_SPECIFIC_APPS OS Commerce 2.2 RC2 Potential Anonymous Remote Code Execution (web_specific_apps.rules)
Date: 
Sunday, December 28, 2014 - 22:00