Daily Ruleset Update Summary 2015/06/25

[***] Summary: [***]

2 new Open, 19 new Pro (2 + 17). b374k Shell, Win32/Delf, Flash CVE-2015-3113, ES CVE-2015-1427 Exploit Campaign.

Thanks: @kafeine and @MalwareMustDie.

[+++] Added rules: [+++]

Open:

2021351 - ET CURRENT_EVENTS Possible Elasticsearch CVE-2015-1427 Exploit Campaign SSL Certificate (current_events.rules)
2021352 - ET TROJAN ELF.DES.Downloader Request (trojan.rules)

Pro:

2811692 - ETPRO WEB_SERVER Possible b374k 2.2/8 Shell Upload (web_server.rules)
2811693 - ETPRO WEB_SERVER Possible b374k 2.2/8 Shell Access (phpinfo) (web_server.rules)
2811694 - ETPRO WEB_SERVER Possible b374k 2.2/8 Shell Access (eval) (web_server.rules)
2811695 - ETPRO TROJAN Win32/Delf.SPE Downloader CnC Beacon (trojan.rules)
2811696 - ETPRO TROJAN Win32/Delf.SPE Downloader Requesting File (trojan.rules)
2811697 - ETPRO TROJAN Win32/Delf.SPE Downloader CnC Beacon Response (trojan.rules)
2811698 - ETPRO TROJAN Win32/Delf.SPE Downloader CnC (trojan.rules)
2811699 - ETPRO WEB_CLIENT Possible Adobe Flash CVE-2015-3113 in FLV 1 (web_client.rules)
2811700 - ETPRO WEB_CLIENT Possible Adobe Flash CVE-2015-3113 in FLV 2 (web_client.rules)
2811701 - ETPRO WEB_CLIENT Possible Adobe Flash CVE-2015-3113 in FLV 3 (web_client.rules)
2811702 - ETPRO WEB_SERVER b374k 3.x Shell Upload (web_server.rules)
2811703 - ETPRO WEB_SERVER b374k 3.x Shell Access (web_server.rules)
2811704 - ETPRO TROJAN CoinMiner Known malicious stratum authline (3c1b0c00) (trojan.rules)
2811705 - ETPRO TROJAN CoinMiner Known malicious stratum authline (50ceb800) (trojan.rules)
2811706 - ETPRO TROJAN CoinMiner Known malicious stratum authline (4f614000) (trojan.rules)
2811707 - ETPRO TROJAN CoinMiner Known malicious stratum authline (4faa1a03) (trojan.rules)
2811708 - ETPRO MALWARE W32.Adware.Wuword.Auto Checkin (malware.rules)


[///] Modified active rules: [///]

2811175 - ETPRO TROJAN Luminosity Link RAT CnC Beacon Inbound (trojan.rules)
2811688 - ETPRO TROJAN Win32/Zegost.DG CnC traffic (OUTBOUND) (trojan.rules)


[---] Removed rules: [---]

2811343 - ETPRO TROJAN Win32/Delf.SPE Downloader CnC Beacon (trojan.rules)
Date: 
Thursday, June 25, 2015 - 00:00