Kevin Ross | 5 Mar 12:41 2015

SIGS: ET MALWARE W32/WinWrapper.Adware

Hi,

Here is a piece of adware I found coming in.

alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE W32/WinWrapper.Adware Initial Install Beacon"; flow:established,to_server; content:"/advplatform/api.cgi?act="; http_uri; content:"&appid="; http_uri; content:"&ts="; http_uri; content:"&dlip="; http_uri; content:"&dlid="; http_uri; content:"&proto="; http_uri; content:"User-Agent|3A| NSIS_Inetc (Mozilla)"; http_header; fast_pattern:12,20; classtype:trojan-activity; reference:md5,2d71e44c02784d579fb4af18bbbeae6c; sid:156911; rev:1;)

alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE W32/WinWrapper.Adware POST CnC Beacon"; flow:established,to_server; content:"POST"; http_method; content:"User-Agent|3A| NSIS_Inetc (Mozilla)"; http_header; fast_pattern:12,20; content:"{|22|uuId|22 3A 22|; http_client_body; depth:9; content:"|22|cid|22 3A 22|"; http_client_body; distance:0; content:"|22|appId|22 3A 22|"; http_client_body; distance:0; content:"|22|dlts|22 3A 22|"; http_client_body; distance:0; content:"|22|env|22 3A 22|"; http_client_body; distance:0; content:"|22|dlip|22 3A 22|"; http_client_body; distance:0; classtype:trojan-activity; reference:md5,2d71e44c02784d579fb4af18bbbeae6c; sid:156912; rev:1;)

Kind Regards,
Kevin Ross
<div><div dir="ltr"><div>Hi,<br><br>Here is a piece of adware I found coming in.<br><br>alert http $HOME_NET any -&gt; $EXTERNAL_NET any (msg:"ET MALWARE W32/WinWrapper.Adware Initial Install Beacon"; flow:established,to_server; content:"/advplatform/api.cgi?act="; http_uri; content:"&amp;appid="; http_uri; content:"&amp;ts="; http_uri; content:"&amp;dlip="; http_uri; content:"&amp;dlid="; http_uri; content:"&amp;proto="; http_uri; content:"User-Agent|3A| NSIS_Inetc (Mozilla)"; http_header; fast_pattern:12,20; classtype:trojan-activity; reference:md5,2d71e44c02784d579fb4af18bbbeae6c; sid:156911; rev:1;)<br><br>alert http $HOME_NET any -&gt; $EXTERNAL_NET any (msg:"ET MALWARE W32/WinWrapper.Adware POST CnC Beacon"; flow:established,to_server; content:"POST"; http_method; content:"User-Agent|3A| NSIS_Inetc (Mozilla)"; http_header; fast_pattern:12,20; content:"{|22|uuId|22 3A 22|; http_client_body; depth:9; content:"|22|cid|22 3A 22|"; http_client_body; distance:0; content:"|22|appId|22 3A 22|"; http_client_body; distance:0; content:"|22|dlts|22 3A 22|"; http_client_body; distance:0; content:"|22|env|22 3A 22|"; http_client_body; distance:0; content:"|22|dlip|22 3A 22|"; http_client_body; distance:0; classtype:trojan-activity; reference:md5,2d71e44c02784d579fb4af18bbbeae6c; sid:156912; rev:1;)<br><br>Kind Regards,<br>Kevin Ross<br>
</div></div></div>
Francis Trudeau | 5 Mar 02:17 2015
Picon

Daily Ruleset Update Summary 2015/03/04

 [***] Summary: [***]

 16 new Open signatures, 30 new Pro (16 + 14).  CryptoFortress,
PCRat/Gh0st, CryptoWall.

 Thanks:  tdzmont, Kevin Ross,  <at> malwaresigs and  <at> kafeine.

 [+++]          Added rules:          [+++]

 Open:

  2020605 - ET CURRENT_EVENTS - WindowBase64.atob Function In Edwards
Packed JavaScript, Possible iFrame Injection Detected
(current_events.rules)
  2020606 - ET TROJAN Backdoor family PCRat/Gh0st CnC traffic
(OUTBOUND) 47 (trojan.rules)
  2020607 - ET TROJAN Backdoor family PCRat/Gh0st CnC traffic
(OUTBOUND) 48 (trojan.rules)
  2020608 - ET TROJAN Backdoor family PCRat/Gh0st CnC traffic
(OUTBOUND) 49 (trojan.rules)
  2020609 - ET TROJAN Backdoor family PCRat/Gh0st CnC traffic
(OUTBOUND) 50 (trojan.rules)
  2020610 - ET TROJAN Backdoor family PCRat/Gh0st CnC traffic
(OUTBOUND) 51 (trojan.rules)
  2020611 - ET TROJAN Backdoor family PCRat/Gh0st CnC traffic
(OUTBOUND) 52 (trojan.rules)
  2020612 - ET TROJAN Backdoor family PCRat/Gh0st CnC traffic
(OUTBOUND) 53 (trojan.rules)
  2020613 - ET TROJAN Backdoor family PCRat/Gh0st CnC traffic
(OUTBOUND) 54 (trojan.rules)
  2020614 - ET TROJAN Backdoor family PCRat/Gh0st CnC traffic
(OUTBOUND) 55 (trojan.rules)
  2020615 - ET TROJAN Teerac/CryptoFortress .onion Proxy Domain
(3v6e2oe5y5ruimpe) (trojan.rules)
  2020616 - ET TROJAN Teerac/CryptoFortress .onion Proxy Domain
(h63rbx7gkd3gygag) (trojan.rules)
  2020617 - ET POLICY DNS Query to .onion Proxy Domain
(connect2tor.org) (policy.rules)
  2020618 - ET POLICY DNS Query to .onion proxy Domain (torstorm.org)
(policy.rules)
  2020619 - ET POLICY DNS Query to .onion proxy Domain
(bolistatapay.com) (policy.rules)
  2020620 - ET POLICY DNS Query to .onion proxy Domain
(sshowmethemoney.com) (policy.rules)

 Pro:

  2809929 - ETPRO TROJAN Win32/Delf Variant CnC Beacon (trojan.rules)
  2809930 - ETPRO WEB_SPECIFIC_APPS WP Photocrati Theme 4.x.x SQLi
Attempt (web_specific_apps.rules)
  2809931 - ETPRO TROJAN Wqlspy-A CnC Beacon 1 (trojan.rules)
  2809932 - ETPRO TROJAN Wqlspy-A CnC Beacon 2 (trojan.rules)
  2809933 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.FakeDoc.a Checkin
(mobile_malware.rules)
  2809934 - ETPRO CURRENT_EVENTS Possible CryptoWall Redirect Campaign
March 4 2015 (current_events.rules)
  2809935 - ETPRO MOBILE_MALWARE Android.Adware.Adwo.A Checkin
(mobile_malware.rules)
  2809936 - ETPRO MOBILE_MALWARE Android.Adware.Wapsx.A Checkin 4
(mobile_malware.rules)
  2809937 - ETPRO WEB_SPECIFIC_APPS WP Calculated Fields Plugin 1.0.10
SQLi Attempt (web_specific_apps.rules)
  2809938 - ETPRO MOBILE_MALWARE RiskTool.AndroidOS.SMSreg.hc Checkin
(mobile_malware.rules)
  2809939 - ETPRO TROJAN Teerac/CryptoFortress .onion Proxy Domain
(tisoyhcp2y52ioyk) (trojan.rules)
  2809940 - ETPRO TROJAN Teerac/CryptoFortress .onion Proxy Domain
(4ptyziqllh5iyhx4) (trojan.rules)
  2809941 - ETPRO MOBILE_MALWARE Android.Trojan.Ewalls.C Checkin
(mobile_malware.rules)
  2809942 - ETPRO TROJAN Win32/TrojanDownloader.Hancitor.B .onion
Proxy Domain (trojan.rules)

 [///]     Modified active rules:     [///]

  2018604 - ET TROJAN Andromeda Downloading Module (trojan.rules)
  2018951 - ET TROJAN Tor Based Locker Page (Torrentlocker) (trojan.rules)
  2019378 - ET TROJAN Rovnix Checkin (trojan.rules)
  2019457 - ET TROJAN Vawtrak/NeverQuest Posting Data (trojan.rules)
  2019693 - ET TROJAN Emotet Checkin (trojan.rules)
  2808853 - ETPRO TROJAN W32/Banker.GAJ!tr Checkin via SMTP (trojan.rules)

 [///]    Modified inactive rules:    [///]

  2020520 - ET ATTACK_RESPONSE Microsoft SQL error in HTTP response,
possible SQL injection point (attack_response.rules)

 [---]         Removed rules:         [---]

  2000905 - ET MALWARE FlashPoint Agent Retrieving New Code (malware.rules)
  2809707 - ETPRO TROJAN Win32/Filecoder.EM .onion Proxy Domain (trojan.rules)
Kevin Ross | 4 Mar 21:55 2015

SIG: Dridex Sigs

Just reading from a Cisco blog on this. I haven't seen these patterns in Dridex traffic or this download EXE in my encounters with the macro documents or Dridex (and and FYI if you are using oletools to extract the download patterns from the office document this modified cuckoobox now has oletools added into the static analysis to support office documents https://github.com/brad-accuvant/cuckoo-modified as shown in screenshot).

alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET CURRENT_EVENTS Dridex EXE Download Request dhoei.exe"; flow:established,to_server; content:"/dhoei.exe"; http_uri; fast_pattern:only; classtype:trojan-activity; reference:url,blogs.cisco.com/security/dridex-attacks-target-corporate-accounting; sid:156991; rev:1;)

alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Dridex Malformed Image Accept Header Detected"; flow:established,to_server; content:"Accept|3A| image/**"; http_header; fast_pattern:only; classtype:trojan-activity; reference:url,blogs.cisco.com/security/dridex-attacks-target-corporate-accounting; sid:156992; rev:1;)


Kind Regards,
Kevin Ross
<div><div dir="ltr">
<div>
<div>
<div>Just reading from a Cisco blog on this. I haven't seen these patterns in Dridex traffic or this download EXE in my encounters with the macro documents or Dridex (and and FYI if you are using oletools to extract the download patterns from the office document this modified cuckoobox now has oletools added into the static analysis to support office documents <a href="https://github.com/brad-accuvant/cuckoo-modified">https://github.com/brad-accuvant/cuckoo-modified</a> as shown in screenshot).<br>
</div>
<div>
<br>alert http $HOME_NET any -&gt; $EXTERNAL_NET any (msg:"ET CURRENT_EVENTS Dridex EXE Download Request dhoei.exe"; flow:established,to_server; content:"/dhoei.exe"; http_uri; fast_pattern:only; classtype:trojan-activity; reference:url,<a href="http://blogs.cisco.com/security/dridex-attacks-target-corporate-accounting">blogs.cisco.com/security/dridex-attacks-target-corporate-accounting</a>; sid:156991; rev:1;)<br><br>
</div>alert http $HOME_NET any -&gt; $EXTERNAL_NET any (msg:"ET TROJAN Dridex Malformed Image Accept Header Detected"; flow:established,to_server; content:"Accept|3A| image/**"; http_header; fast_pattern:only; classtype:trojan-activity; reference:url,<a href="http://blogs.cisco.com/security/dridex-attacks-target-corporate-accounting">blogs.cisco.com/security/dridex-attacks-target-corporate-accounting</a>; sid:156992; rev:1;)<br><br><br>
</div>Kind Regards,<br>
</div>Kevin Ross<br>
</div></div>
Francis Trudeau | 4 Mar 01:16 2015
Picon

Daily Ruleset Update Summary 2015/03/03

 [***] Summary: [***]

 19 new Open signatures, 27 new Pro (19 + 8).  Angler, PCRat/GhOst,
Spy.Shiz, Banload.

 Thanks:   <at> malwaresigs,  <at> ekwatcher and  <at> rmkml

 [+++]          Added rules:          [+++]

 Open:

  2020586 - ET TROJAN Backdoor family PCRat/Gh0st CnC traffic
(OUTBOUND) 46 (trojan.rules)
  2020587 - ET CURRENT_EVENTS Possible Scam - FakeAV Alert Request
March 2 2015 (current_events.rules)
  2020588 - ET CURRENT_EVENTS Possible Scam - FakeAV Alert Landing
March 2 2015 (current_events.rules)
  2020589 - ET CURRENT_EVENTS Possible Scam - FakeAV Alert Landing
March 2 2015 (current_events.rules)
  2020590 - ET EXPLOIT D-Link and TRENDnet ncc2 Service Vulnerability
(ping.ccp) 2015-1187 (exploit.rules)
  2020591 - ET CURRENT_EVENTS Angler EK XTEA encrypted binary (12)
(current_events.rules)
  2020592 - ET CURRENT_EVENTS Angler EK XTEA encrypted binary (13)
(current_events.rules)
  2020593 - ET CURRENT_EVENTS Angler EK XTEA encrypted binary (14)
(current_events.rules)
  2020594 - ET CURRENT_EVENTS Angler EK XTEA encrypted binary (15)
(current_events.rules)
  2020595 - ET CURRENT_EVENTS Angler EK XTEA encrypted binary (16)
(current_events.rules)
  2020596 - ET CURRENT_EVENTS Angler EK XTEA encrypted binary (17)
(current_events.rules)
  2020597 - ET CURRENT_EVENTS Angler EK XTEA encrypted binary (18)
(current_events.rules)
  2020598 - ET CURRENT_EVENTS Angler EK XTEA encrypted binary (19)
(current_events.rules)
  2020599 - ET CURRENT_EVENTS Angler EK XTEA encrypted binary (20)
(current_events.rules)
  2020600 - ET CURRENT_EVENTS Angler EK XTEA encrypted binary (21)
(current_events.rules)
  2020601 - ET TROJAN Agent.bnrb Retrieving DLL (trojan.rules)
  2020602 - ET TROJAN LogPOS Sending Data (trojan.rules)
  2020603 - ET EXPLOIT D-Link and TRENDnet ncc2 Service Vulnerability
(fwupdate.cpp) 2015-1187 (exploit.rules)
  2020604 - ET CURRENT_EVENTS Likely Blackhole eval haha (current_events.rules)

 Pro:

  2809921 - ETPRO WEB_SPECIFIC_APPS WP Holding Pattern 0.6 Shell
Upload Attempt (web_specific_apps.rules)
  2809922 - ETPRO EXPLOIT Samba >= 3.5 CVE 2015-0240 Request (exploit.rules)
  2809923 - ETPRO TROJAN Win32/Spy.Shiz.NCO SSL Cert (trojan.rules)
  2809924 - ETPRO TROJAN Win32/Spy.Shiz.NCO SSL Cert (trojan.rules)
  2809925 - ETPRO TROJAN Win32/Spy.Shiz.NCO SSL Cert (trojan.rules)
  2809926 - ETPRO TROJAN Win32/TrojanProxy.Agent.AU Checkin (trojan.rules)
  2809927 - ETPRO TROJAN Win32.Banload.cwca Download Request (trojan.rules)
  2809928 - ETPRO TROJAN PCRat/Gh0st CnC Beacon Request (A1CEA) (trojan.rules)

 [///]     Modified active rules:     [///]

  2020583 - ET EXPLOIT Seagate Business NAS Unauthenticated Remote
Command Execution (exploit.rules)
  2809849 - ETPRO TROJAN Win32/Swrort.A Covert DNS CnC Channel TXT
Response (tcp) (trojan.rules)

 [---]         Removed rules:         [---]

  2001529 - ET MALWARE Casalemedia Access, Likely Spyware (malware.rules)
  2104469 - ET CURRENT_EVENTS Likely Blackhole eval haha (current_events.rules)
Francis Trudeau | 3 Mar 00:18 2015
Picon

Daily Ruleset Update Summary 2015/03/02

 [***] Summary: [***]

 4 new Open signatures, 15 new Pro.  Seagate Business NAS RCE, Sweet
Orange, Chanitor, PCMan FTP RCE.

 Thanks:   <at> abuse_ch

 [+++]          Added rules:          [+++]

 Open:

  2020582 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (CryptoLocker CnC) (trojan.rules)
  2020583 - ET EXPLOIT Seagate Business NAS Unauthenticated Remote
Command Execution (exploit.rules)
  2020584 - ET CURRENT_EVENTS Sweet Orange EK Flash Exploit IE March
03 2015 (current_events.rules)
  2020585 - ET EXPLOIT PCMan FTP Server 2.0.7 Remote Command Execution
(exploit.rules)

 Pro:

  2809910 - ETPRO MOBILE_MALWARE Android/TrojanSMS.Agent.AIS Checkin
(mobile_malware.rules)
  2809911 - ETPRO TROJAN Ransom.Win32/Teerac.A DNS Lookup
(bizdocassist.ru) (trojan.rules)
  2809912 - ETPRO MOBILE_MALWARE Android.Trojan.Gfs.A Checkin 2
(mobile_malware.rules)
  2809913 - ETPRO TROJAN MSIL/SPY.AGENT.ACY Checkin (trojan.rules)
  2809914 - ETPRO TROJAN Chanitor .onion Proxy Domain (trojan.rules)
  2809915 - ETPRO TROJAN Win32/Laziok.A Checkin (trojan.rules)
  2809916 - ETPRO MOBILE_MALWARE Android.Trojan.SMSSend.CP Checkin
(mobile_malware.rules)
  2809917 - ETPRO MOBILE_MALWARE Android/Ozotshielder.A Checkin 2
(mobile_malware.rules)
  2809918 - ETPRO MOBILE_MALWARE Android SMSreg-XP Checkin
(mobile_malware.rules)
  2809919 - ETPRO TROJAN Win32/Emudbot Checkin (trojan.rules)
  2809920 - ETPRO TROJAN Win32/Expiro.Q Checkin (trojan.rules)

 [///]     Modified active rules:     [///]

  2809810 - ETPRO CURRENT_EVENTS Angler EK Landing T1 Feb 16 2015 M2
(current_events.rules)
  2809811 - ETPRO CURRENT_EVENTS Angler EK Landing T1 Feb 16 2015 M2
(current_events.rules)
  2809812 - ETPRO CURRENT_EVENTS Angler EK Flash T1 Feb 16 2015 M2
(current_events.rules)
  2809813 - ETPRO CURRENT_EVENTS Angler EK Flash T1 Feb 16 2015 M3
(current_events.rules)
  2809814 - ETPRO CURRENT_EVENTS Angler EK SilverLight T1 Feb 16 2015
M2 (current_events.rules)
  2809815 - ETPRO CURRENT_EVENTS Angler EK Payload T1 Feb 16 2015 M2
(current_events.rules)
  2809849 - ETPRO TROJAN Win32/Swrort.A Covert DNS CnC Channel TXT
Response (tcp) (trojan.rules)
  2809861 - ETPRO TROJAN Sharik CnC Beacon (trojan.rules)
Kevin Ross | 2 Mar 21:59 2015

SIG: ET CURRENT_EVENTS Malvertising Campaign SWF Flash Request

alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET CURRENT_EVENTS Malvertising Campaign SWF Flash Request"; flow:established,to_server; content:"/user_"; http_uri; content:"_camp_"; http_uri; content:".swf"; http_uri; pcre:"/^\x2Fuser\x5F\d{4}\x5Fcamp\x5F\d{4}\x5F[a-f0-9]{10,}\x2Eswf$/U"; classtype:trojan-activity; reference:url,www.fireeye.com/blog/threat-research/2015/03/ads_gone_bad.html; reference:cve,2014-0569; sid:169991; rev:1;)

Kind Regards,
Kevin Ross
<div><div dir="ltr">
<div>
<div>alert http $HOME_NET any -&gt; $EXTERNAL_NET any (msg:"ET CURRENT_EVENTS Malvertising Campaign SWF Flash Request"; flow:established,to_server; content:"/user_"; http_uri; content:"_camp_"; http_uri; content:".swf"; http_uri; pcre:"/^\x2Fuser\x5F\d{4}\x5Fcamp\x5F\d{4}\x5F[a-f0-9]{10,}\x2Eswf$/U"; classtype:trojan-activity; reference:url,<a href="http://www.fireeye.com/blog/threat-research/2015/03/ads_gone_bad.html">www.fireeye.com/blog/threat-research/2015/03/ads_gone_bad.html</a>; reference:cve,2014-0569; sid:169991; rev:1;)<br><br>
</div>Kind Regards,<br>
</div>Kevin Ross<br>
</div></div>
Matt Jonkman | 2 Mar 14:47 2015
Picon

Emerging Threats is now part of Proofpoint

On March 2, 2015, Proofpoint Inc. (NASDAQ:PFPT) announced it entered into a definitive agreement to acquire Emerging Threats. We are extremely excited for what this means to our vision and for our customers. While operating as a small company provided a number of important benefits to customers, our ability to address many of your product requests was limited simply due to the scale of our organization. As part of a much larger company, we will be in a much better position to address your needs and fulfill our vision for our products.
                       
                       

 

To our Valued Open Source Community

On March 2, 2015, Proofpoint announced it entered into a definitive agreement to acquire Emerging Threats.

Some of you may be wondering whether, with this acquisition, Emerging Threats (Proofpoint) will continue to support the Emerging Threats open community, the ET Open ruleset, and the OISF.

The answer is a definite yes! 

As you know, the open source community is a major part of Emerging Threats and has been a huge contributor to its success. The community started approximately 13 years ago, sharing ideas in an effort to develop an open IDS ruleset. About 5 years ago Emerging Threats created a commercial ruleset with a dedicated team of researchers that built upon the open ruleset and added support for the Suricata platform. Emerging Threats still provides the quality assurance and distribution infrastructure for the ET Open IPS/IDS ruleset, which is distributed to more than 20,000 organizations and individuals daily at no cost.

In addition, Emerging Threats has been a significant contributor to the Open Information Security Foundation (OISF) and Suricata, the next generation open source IPS/IDS engine. Emerging Threats’ founder Matt Jonkman is also president of the OISF.

Proofpoint Inc. (NASDAQ:PFPT) is a highly complementary partner, from both a technology and cultural perspective. Proofpoint is leading security-as-a-service provider that focuses on solutions for email, threat protection, compliance, archiving & governance, and secure communications. Organizations around the world depend on Proofpoint’s expertise, patented technologies and on-demand delivery system to protect against phishing, malware and spam, safeguard privacy, encrypt sensitive information, and archive and govern messages and critical enterprise information.

Like Emerging Threats, Proofpoint also has a history of using, contributing to and generally supporting various open source initiatives since their inception as a company.  As a recent example, consider Proofpoint’s 2013 acquisition of Sendmail as a testament to how Proofpoint continues to emphatically contribute to and support related open source communities on a corporate and individual engineering level post-acquisition. 

Again, we’re committed to the community, and invested for the long term. We welcome any questions, concerns, and comments about the future of the Emerging Threats open community and our involvement in the OISF.

Please reach out to either of us if you wish to discuss further. Thank you for continuing to allow us to enthusiastically support and be a part of this vibrant group.

Sincerely yours, 

Matt Jonkman, CTO and Founder, Emerging Threats

Gary Steele, CEO, Proofpoint

Learn More

   
 
   
   
 

 

Share the News
    
<at> media print{#_hs { background-image: url('<a href="http://t.hsms03.com/e1t/o/*W7Gytl98MnjlFVF6_5L82n2YG0/*VvLj9d6QnxBXW7p8MrB7wW9FM0/5/f18dQhb0SkX45gqmBLN6Hvt4pHzhkrW6vdHYy4LRT6BW2mp9f_4-tC2kW4Pw4J12sbPxnVg-RRY2Hy3N-W41Xj0l6tMNfxW3VNRyW3sqfGCW2-FxKJ1QjcLtW24ZpG653r51_VWWbfX2WdH7mW4jMwnZ5-6348W5nhy-N6SmN6vW5_6_YL1sj6b1V7WxHX4C6nKx102'" class="">http://t.hsms03.com/e1t/o/*W7Gytl98MnjlFVF6_5L82n2YG0/*VvLj9d6QnxBXW7p8MrB7wW9FM0/5/f18dQhb0SkX45gqmBLN6Hvt4pHzhkrW6vdHYy4LRT6BW2mp9f_4-tC2kW4Pw4J12sbPxnVg-RRY2Hy3N-W41Xj0l6tMNfxW3VNRyW3sqfGCW2-FxKJ1QjcLtW24ZpG653r51_VWWbfX2WdH7mW4jMwnZ5-6348W5nhy-N6SmN6vW5_6_YL1sj6b1V7WxHX4C6nKx102');}} div.OutlookMessageHeader {background-image:url('<a href="http://t.hsms03.com/e1t/o/*W7Gytl98MnjlFVF6_5L82n2YG0/*W385KzY6WRmDWV1RC4X4RB9qM0/5/f18dQhb0SkX35gpxFtN6Hvt4pHzhkrW6vdHYy4LRT83W5HQHpl3FsfphW4PFxqB5ZH4gdW448fPL3C9P49W2_hwGc3MbPR3W3V_TWX4twg6KW2HB86z3BY0jWN3mVXG1T8qz8W2cyH2G5KtzP2W86_ws24t7QT8W89skq77CnJL5W8dpl9z8gcNNxN8LdJg8KTGYVf44_bnM04'" class="">http://t.hsms03.com/e1t/o/*W7Gytl98MnjlFVF6_5L82n2YG0/*W385KzY6WRmDWV1RC4X4RB9qM0/5/f18dQhb0SkX35gpxFtN6Hvt4pHzhkrW6vdHYy4LRT83W5HQHpl3FsfphW4PFxqB5ZH4gdW448fPL3C9P49W2_hwGc3MbPR3W3V_TWX4twg6KW2HB86z3BY0jWN3mVXG1T8qz8W2cyH2G5KtzP2W86_ws24t7QT8W89skq77CnJL5W8dpl9z8gcNNxN8LdJg8KTGYVf44_bnM04')} table.moz-email-headers-table {background-image:url('<a href="http://t.hsms03.com/e1t/o/*W7Gytl98MnjlFVF6_5L82n2YG0/*W385KzY6WRmDWV1RC4X4RB9qM0/5/f18dQhb0SkX35gpxFtN6Hvt4pHzhkrW6vdHYy4LRT83W5HQHpl3FsfphW4PFxqB5ZH4gdW448fPL3C9P49W2_hwGc3MbPR3W3V_TWX4twg6KW2HB86z3BY0jWN3mVXG1T8qz8W2cyH2G5KtzP2W86_ws24t7QT8W89skq77CnJL5W8dpl9z8gcNNxN8LdJg8KTGYVf44_bnM04'" class="">http://t.hsms03.com/e1t/o/*W7Gytl98MnjlFVF6_5L82n2YG0/*W385KzY6WRmDWV1RC4X4RB9qM0/5/f18dQhb0SkX35gpxFtN6Hvt4pHzhkrW6vdHYy4LRT83W5HQHpl3FsfphW4PFxqB5ZH4gdW448fPL3C9P49W2_hwGc3MbPR3W3V_TWX4twg6KW2HB86z3BY0jWN3mVXG1T8qz8W2cyH2G5KtzP2W86_ws24t7QT8W89skq77CnJL5W8dpl9z8gcNNxN8LdJg8KTGYVf44_bnM04')} blockquote #_hs {background-image:url('<a href="http://t.hsms03.com/e1t/o/*W7Gytl98MnjlFVF6_5L82n2YG0/*W385KzY6WRmDWV1RC4X4RB9qM0/5/f18dQhb0SkX35gpxFtN6Hvt4pHzhkrW6vdHYy4LRT83W5HQHpl3FsfphW4PFxqB5ZH4gdW448fPL3C9P49W2_hwGc3MbPR3W3V_TWX4twg6KW2HB86z3BY0jWN3mVXG1T8qz8W2cyH2G5KtzP2W86_ws24t7QT8W89skq77CnJL5W8dpl9z8gcNNxN8LdJg8KTGYVf44_bnM04'" class="">http://t.hsms03.com/e1t/o/*W7Gytl98MnjlFVF6_5L82n2YG0/*W385KzY6WRmDWV1RC4X4RB9qM0/5/f18dQhb0SkX35gpxFtN6Hvt4pHzhkrW6vdHYy4LRT83W5HQHpl3FsfphW4PFxqB5ZH4gdW448fPL3C9P49W2_hwGc3MbPR3W3V_TWX4twg6KW2HB86z3BY0jWN3mVXG1T8qz8W2cyH2G5KtzP2W86_ws24t7QT8W89skq77CnJL5W8dpl9z8gcNNxN8LdJg8KTGYVf44_bnM04')} #MailContainerBody #_hs {background-image:url('<a href="http://t.hsms03.com/e1t/o/*W7Gytl98MnjlFVF6_5L82n2YG0/*W385KzY6WRmDWV1RC4X4RB9qM0/5/f18dQhb0SkX35gpxFtN6Hvt4pHzhkrW6vdHYy4LRT83W5HQHpl3FsfphW4PFxqB5ZH4gdW448fPL3C9P49W2_hwGc3MbPR3W3V_TWX4twg6KW2HB86z3BY0jWN3mVXG1T8qz8W2cyH2G5KtzP2W86_ws24t7QT8W89skq77CnJL5W8dpl9z8gcNNxN8LdJg8KTGYVf44_bnM04'" class="">http://t.hsms03.com/e1t/o/*W7Gytl98MnjlFVF6_5L82n2YG0/*W385KzY6WRmDWV1RC4X4RB9qM0/5/f18dQhb0SkX35gpxFtN6Hvt4pHzhkrW6vdHYy4LRT83W5HQHpl3FsfphW4PFxqB5ZH4gdW448fPL3C9P49W2_hwGc3MbPR3W3V_TWX4twg6KW2HB86z3BY0jWN3mVXG1T8qz8W2cyH2G5KtzP2W86_ws24t7QT8W89skq77CnJL5W8dpl9z8gcNNxN8LdJg8KTGYVf44_bnM04')}
_______________________________________________
Etpro-sigs mailing list
Etpro-sigs-QLpEr2logwxONy2houXFdO9NwHtMwxe5XqFh9Ls21Oc@public.gmane.org
https://lists.emergingthreats.net/mailman/listinfo/etpro-sigs
<div>

        
        <div class="">On March 2, 2015, Proofpoint Inc. (NASDAQ:PFPT) announced it entered into a definitive agreement to acquire Emerging Threats.  We are extremely excited for what this means to our vision and for our customers.  While operating as a small company provided a number of important benefits to customers, our ability to address many of your product requests was limited simply due to the scale of our organization. As part of a much larger company, we will be in a much better position to address your needs and fulfill our vision for our products.</div>

        
        <table bgcolor="#f2f2f2" cellpadding="0" cellspacing="0" border="0" width="100%" class="">
<tr class="">
<td bgcolor="#f2f2f2" class="">
                    <div align="center" class="">
                        <table cellpadding="0" width="600" cellspacing="0" border="0" class=""><tr class="">
<td align="center" bgcolor="#f2f2f2" class="">

                                    <div class="header-container-wrapper">
    <table class="wrappertable" cellpadding="0" cellspacing="0" border="0" width="600">
<tr class="scaffold" height="0">
<td colspan="1" height="0" width="8.33%" class="">&nbsp;</td>
<td colspan="1" height="0" width="8.33%" class="">&nbsp;</td>
<td colspan="1" height="0" width="8.33%" class="">&nbsp;</td>
<td colspan="1" height="0" width="8.33%" class="">&nbsp;</td>
<td colspan="1" height="0" width="8.33%" class="">&nbsp;</td>
<td colspan="1" height="0" width="8.33%" class="">&nbsp;</td>
<td colspan="1" height="0" width="8.33%" class="">&nbsp;</td>
<td colspan="1" height="0" width="8.33%" class="">&nbsp;</td>
<td colspan="1" height="0" width="8.33%" class="">&nbsp;</td>
<td colspan="1" height="0" width="8.33%" class="">&nbsp;</td>
<td colspan="1" height="0" width="8.33%" class="">&nbsp;</td>
<td colspan="1" height="0" width="8.33%" class="">&nbsp;</td>
</tr>
<tr class="">
<td valign="top" colspan="12" width="100.0%" class="">
                <div class=" widget-type-email_view_as_web_page widget-span" data-widget-type="email_view_as_web_page">

                </div>
            </td>
        </tr>
</table>
</div>

                                </td>
                            </tr></table>
</div>
                </td>
            </tr>
<tr class="">
<td bgcolor="#f2f2f2" class="">
                    <div align="center" class="">
                        <table cellpadding="0" width="600" cellspacing="0" border="0" class=""><tr class="">
<td width="600" bgcolor="#ffffff" class="">
                                    <div align="center" class="">
                                        <table cellpadding="0" width="600" cellspacing="0" border="0" class=""><tr class="">
<td class="">
                                                    <div align="center" class="">
                                                        <table cellpadding="0" cellspacing="0" border="0" width="100%" class=""><tr class="">
<td class="">
                                                                    <div align="center" class="">

                                                                        <div class="body-container-wrapper">
    <table class="wrappertable" cellpadding="0" cellspacing="0" border="0" width="600">
<tr class="scaffold" height="0">
<td colspan="1" height="0" width="8.33%" class="">&nbsp;</td>
<td colspan="1" height="0" width="8.33%" class="">&nbsp;</td>
<td colspan="1" height="0" width="8.33%" class="">&nbsp;</td>
<td colspan="1" height="0" width="8.33%" class="">&nbsp;</td>
<td colspan="1" height="0" width="8.33%" class="">&nbsp;</td>
<td colspan="1" height="0" width="8.33%" class="">&nbsp;</td>
<td colspan="1" height="0" width="8.33%" class="">&nbsp;</td>
<td colspan="1" height="0" width="8.33%" class="">&nbsp;</td>
<td colspan="1" height="0" width="8.33%" class="">&nbsp;</td>
<td colspan="1" height="0" width="8.33%" class="">&nbsp;</td>
<td colspan="1" height="0" width="8.33%" class="">&nbsp;</td>
<td colspan="1" height="0" width="8.33%" class="">&nbsp;</td>
</tr>
<tr class="">
<td valign="top" colspan="12" width="100.0%" class="">
                <div class="widget-type-logo  widget-span" data-widget-type="logo">
                    <div class="layout-widget-wrapper">
                        <div class="hs_cos_wrapper hs_cos_wrapper_type_logo hs_cos_wrapper_widget" data-hs-cos-general-type="widget" data-hs-cos-type="logo"></div>
                    </div>
                </div>
            </td>
        </tr>
<tr class="">
<td valign="top" colspan="12" width="100.0%" class="">
                <div class="widget-type-rich_text  widget-span" data-widget-type="rich_text">
                    <div class="layout-widget-wrapper">
                        <div class="hs_cos_wrapper hs_cos_wrapper_type_rich_text hs_cos_wrapper_widget" data-hs-cos-general-type="widget" data-hs-cos-type="rich_text"></div>
                    </div>
                </div>
            </td>
        </tr>
<tr class="">
<td valign="top" colspan="12" width="100.0%" class="">
                <div class=" widget-type-email_body widget-span" data-widget-type="email_body">

<div class="hs_cos_wrapper hs_cos_wrapper_type_rich_text hs_cos_wrapper_widget" data-hs-cos-general-type="widget" data-hs-cos-type="rich_text">
<p class=""></p>
<p class="">&nbsp;</p>
<p class="">To our Valued Open Source Community</p>
<p class=""><span class="">On March 2, 2015, Proofpoint announced it entered into a <a href="http://t.hsms03.com/e1t/c/*W1Gk_lb2p0BzJW4N3FpY39s0Fs0/*W7xLr_X1Mr4gmM94bs19R9CP0/5/f18dQhb0S8326VsMZ9W3_VtN01m689fN3Dmv_J6zfTgW5_3SrZ1mhDJwW39DrWD2z3LQZVcPD9h1mZkg9W6PZply98psZJW8Tp7Bp7MbFKtW32pRfd8VSJG-W7r9dpf7LpgqVW4cyNFY4f1xkyW2Mnrbv558SX2W5Zxpld4gBC8nW5Zh3rn3DjlZsW83_Pyq834qtYW3MZ4BC9dyDbdVHmyLd7t8wgCW2PRM_w2-J-SLW2z_tPY41Q2SWW3c-v1L1nnQd3W1_c0Yd1pqBNSV8JNYJ8cfvZwW3X0g0y6bp1cMVbq5fx4TKc2lW8S03z56mQ0bKW4rlPLG2-VpgPW2J57X42q9qvvW8KlzLh8r2Xj5W1wcHT9513r5RW69Mg-k64kpt3W5CbRMD2V9D1rVR7srL25xmphW4D4XwB4L790JW2y4n7w4KSM5ZW3yYvBR3ScBJZW1cKKl15c84CNW5sxFZ-2HkHhBW7dGnHN8JPN2XW8n4s8-3MYtL0W46lCzd3ygvH8W8c3fNX30nwjpW4XyWVH2XdYJHW6mC-v750CK1tW2FjXTc4J35SnW2N3p-b6fJJJJW6Zl82k5HsGzhW87B9PV9jV0dCW5MpG975nbmMcW3V8Mkh3gt9dH111" class="">definitive agreement to acquire Emerging Threats</a>.</span></p>
<p class=""><span class="">Some of you may be wondering whether, with this acquisition, Emerging Threats (Proofpoint) will continue to support the Emerging Threats open community, the ET Open ruleset, and the OISF.</span></p>
<p class=""><span class="">The answer is a definite yes!</span>&nbsp;</p>
<p class=""><span class="">As you know, the open source community is a major part of Emerging Threats and has been a huge contributor to its success. The community started approximately 13 years ago, sharing ideas in an effort to develop an open IDS ruleset. About 5 years ago Emerging Threats created a commercial ruleset with a dedicated team of researchers that built upon the open ruleset and added support for the Suricata platform. Emerging Threats still provides the quality assurance and distribution infrastructure for the ET Open IPS/IDS ruleset, which is distributed to more than 20,000 organizations and individuals daily at no cost.</span></p>
<p class=""><span class="">In addition, Emerging Threats has been a significant contributor to the Open Information Security Foundation (OISF) and Suricata, the next generation open source IPS/IDS engine. Emerging Threats&rsquo; founder Matt Jonkman is also president of the OISF.</span></p>
<p class=""><span class="">Proofpoint Inc. (NASDAQ:PFPT) is a highly complementary partner, from both a technology and cultural perspective. Proofpoint is leading security-as-a-service provider that focuses on solutions for email, threat protection, compliance, archiving &amp; governance, and secure communications. Organizations around the world depend on Proofpoint&rsquo;s expertise, patented technologies and on-demand delivery system to protect against phishing, malware and spam, safeguard privacy, encrypt sensitive information, and archive and govern messages and critical enterprise information.</span></p>
<p class=""><span class="">Like Emerging Threats, Proofpoint also has a history of using, contributing to and generally supporting various open source initiatives since their inception as a company. &nbsp;As a recent example, consider Proofpoint&rsquo;s 2013 acquisition of Sendmail as a testament to how Proofpoint continues to emphatically contribute to and support related open source communities on a corporate and individual engineering level post-acquisition.</span>&nbsp;</p>
<p class=""><span class="">Again, we&rsquo;re committed to the community, and invested for the long term. We welcome any questions, concerns, and comments about the future of the Emerging Threats open community and our involvement in the OISF.</span></p>
<p class=""><span class="">Please reach out to either of us if you wish to discuss further. Thank you for continuing to allow us to enthusiastically support and be a part of this vibrant group.<br class=""><br class=""></span></p>
<p class=""><span class="">Sincerely yours,</span>&nbsp;</p>
<p class=""></p>
<p class=""><span class="">Matt Jonkman, CTO and Founder, Emerging Threats</span></p>
<p class=""><span class=""></span>Gary Steele, CEO, Proofpoint</p>
<p class="">Learn More</p>
<table width="625" class="">
<tr class="">
<td class=""><a href="http://t.hsms03.com/e1t/c/*W1Gk_lb2p0BzJW4N3FpY39s0Fs0/*Ml5DcTKKgVRW3NtXvb7lvDVp0/5/f18dQhb0SnGV9jW37PW8J1xx45VQHw7W5DftqD6P12c4W4R4Mcn57mvC2W1BQYgz8Tm-CxW83KJHM7t-5pCW57vg2C5lRTHdW7MrLxq5ZBQlHN4Psf1lJd7dWW76pLjg7N2-HdN3rzQv_H6F4xW9bTNXY954KlMW4P0Yt62d47rRN9dyDbdHmyLdW7t8wfd1w-DybW7JCxGl81bhDKW7N_KqM11X6stW83KHrF7J39pBW2przrY6W3RDgVHd1cG18T0S-W1VJryk5lX8fqW13bD4h6dkdD4W7JqLSl4yz60cW4yMFmN2t4fT5W7w05yC4CfPYXW57f4qr1BQphfW2Lcytk7rDP9fN6Y6XRVJ4LDQW4Bdyr46Yv4zqW1Bf1qF1f9jv6W2sK4kq9gWb1RW5LqMQ11V7VgcVqr38T4hs0bkW30YplG7vTRgBW7nRJTF2dJMq0W5MWNDN6ypsJcMy9d1KPFr2NW7dr9qW72YqDyW8pmPQ63hCpM7W41Xj0l6vftnyW8j1zGp1L9wgVW4J35Sn2N3p-bW6fJJJJ6Zl82kW5HsGzh87B9PVW9jV0dC5MpG97W5nbmMc3V8Mkhf46SXKQ11" class=""></a></td>
<td class="">&nbsp;</td>
<td class="">&nbsp;</td>
<td class=""><a href="http://t.hsms03.com/e1t/c/*W1Gk_lb2p0BzJW4N3FpY39s0Fs0/*W79fjVw7CGMyVN423Jr0FP0Qr0/5/f18dQhb0SbTW8XJ8HCW80Zbfw2qwv27W1Vp3ZS4bYcDwMf5kBqXD6prW7cmS1s8pCQ6vVbpTcr3ScT7VW4r1KfQ96LrQVW1nrCGB51LTg5N5DHNj22wH7LW6c02Qj6mT1S7W3Vpv3j9dSlS6W35rgCl94-4T0W7sLfyr5DBw5FW7v70xc34mKvyW8mQMYT7NM5zGW74yxRy3X0g0yN6bp1cMbq5fxW4TKc2l8S2fyLW7yJC3d3TNtS7W5ttZ0b3rLwlXW8RQ5cZ6nPyJ7W648zgS6-MwdPW2-r2c72pz4LHW1wTWP52h9WxtW5s2ccj7yslnqW4syf1442jYLxVFFrG04TZFSMW8y1FD35D5v7nW2JNy6p5Q188KW42g8J325vG78W8pCQVM2yBg-tW7ns8s98n4s8-W3MYtL03dnmdRW72zrXT712wFTW62Lz5-8YNX6kW3MbPR33V_TWXW4twg6K2HB86zW3BY0jW3n8gdGW4J35Sn2N3p-bW6fJJJJ6Zl82kW5HsGzh87B9PVW9jV0dC5MpG97W5nbmMc3V8Mptf1R6-hQ11" target="_blank" data-mce-target="_blank" class=""></a></td>
</tr>
<tr class="">
<td class="">
<table class=""><tr class="">
<td class="">&nbsp;</td>
<td class=""> 
<span class="hs-cta-wrapper" data-hs-img-pg="676265b1-41ef-4d51-a31d-419a8d39027a"> <span class="hs-cta-676265b1-41ef-4d51-a31d-419a8d39027a hs-cta-node"> <a href="http://t.hsms03.com/e1t/c/*W1Gk_lb2p0BzJW4N3FpY39s0Fs0/*W5fQfxT4pNjK0W70M29q7C-r0j0/5/f18dQhb0S2C929gNYCV11pJQ2qVvVbW2vHWjF1kgmVhW2m78B-31lKZhW8kzjj31lmHZZW5wMXGH7_CjpkW8HkYn31pZRFSVlW-Tf8NPnz-W3ypcTt4gTcWYW5NgSbs2GL_prW6JhStp7C60KJW9k11PT8rFbQCW5_XNdg50151RW4D_nlf5vQVqGN5g753pBRWkRW2QH7Pb1LjX_nVb0NP53fNLJsW5ns2hG2tmFLZW5n46nY4LNtVHW1k1Pgg3c2V-qN6Zw-DL7NC5CW2RBBqy2tZxtgW8nV71c6Bt9ttW5xydFg2pMP1fW7XSKf07sbx7gW8NfrJ_92nV74W929gtQ5LDwdlW4tkxVr2yGjT3N66ffxGx6xg3N7NPrYTs14SNVXx9mb30PpddW8Gg4RP1b4S_XW58brZz7lW_GjW5r5zXQ94lwJZW6LCk154cGHqKW6c85SL7t74CHW8yqr1m2kpCwvW2sC41p2WHc85W7MstdN92BCp3W5W331X2tTgb5N8Jv3zyJFtXrW4FZHK_84ZWPTW7q0jB_4pgRRgVgZyGp5cYHmcW6KzJwl41tMxNMFdb1ctDX6MW7KfKlN11YYYVW2q6Yq1414rF2W5btJlL8NGBkkN294pS81vvFkW3-NHSC4kg1kkW3pM0rS8JTSH6W2wKB2j8GV0ZgN5050V3LtFzTW5zDJDh8qGQtGW6MtYRg8VdFnBW7qWSSy2LP4WBW2jjqDR937s49W3V2Xtw67lNdZW9hb2d97QFSrm102" target="_blank" class=""> </a> </span> </span> 
</td>
</tr></table>
</td>
<td class="">
<table class=""><tr class="">
<td class="">&nbsp;</td>
<td class="">&nbsp;</td>
</tr></table>
</td>
<td class="">
<table class=""><tr class="">
<td class="">&nbsp;</td>
<td class="">&nbsp;</td>
</tr></table>
</td>
<td class="">
<table width="242" class=""><tr class="">
<td class="">&nbsp;</td>
<td class=""> 
<span class="hs-cta-wrapper" data-hs-img-pg="17ed6171-e6c2-4222-8ef7-a3f459ce58e7"> <span class="hs-cta-17ed6171-e6c2-4222-8ef7-a3f459ce58e7 hs-cta-node"> <a href="http://t.hsms03.com/e1t/c/*W1Gk_lb2p0BzJW4N3FpY39s0Fs0/*Vjmpj490_37ZW5BBbwY1zm6qM0/5/f18dQhb0S2C96v3gBLW12P8cM2_V3RqW1fDwCq2sJDgbW6TxQHb1w67JGW6pTg414mXqZQW1HxCDL1LWNGWW85vVCw1K7c1yW11hdWm6MZSYjW6PS7PW19mWyrW3338cT53DMR7W2hWBv792ZsNxW5tXrlm918wQWN6QGvnjbs1N_W65qlf53DGxhcN4xWmjsCFhndW1MVn8T22Jdd8W7mrwTW16glmdW96S2N23XhDHXW7x5rFM3C4kR8W3q97DK6wmKvdVY68dQ3fDxy1W5pxjWx2tChfYW8cy1lk53s_TVW3HPrZt7jc2Q5W853B835cFd_FW5LqWl27MpTWXW70ntFq61TFYnW1-f_Tw8VX2nFW1JKdBT6gSnH4W5m7ymV1TzdDBW3hYyXb4HJdW9Vl1Ss93Z5_3CW49mQnG2wxDp1N6sQ7GvMBs6FW4CnSMD4HSg7xW5GrRnD1DYRVhW3l_SBH5C5377W2wShjk7pZ668N1yVwnV2PM-5W164nKC6G4kjtW1D88vD38TVk9N7QlzhYnkJnTW21GNvX7QtpLNW6dtpmz7FNtPmW1-db5L2pFb0kW74kYnN7678xKW5Xv13J4kBP5QW8zdYNJ3TzYbvW8Qpmr755GG9yN62TFHNHMMh4W5Q4W2B6c8smQW8nzFBS20nNx0W255JrZ7c2X5TW1d98sk8qQjBZW2w4sxV1pVF4ZW8kH8t5567g6wW1Kdt5c2KQssLW9cbr4r89dhr1W8yk1mt5Sb8qsW8NGKWt44BYqS102" target="_blank" class=""> </a> </span> </span> 
</td>
</tr></table>
</td>
</tr>
</table>
<p class="">&nbsp;</p>
</div>

                </div>
            </td>
        </tr>
<tr class="">
<td valign="top" colspan="12" width="100.0%" class="">
                <div class="widget-type-text  widget-span" data-widget-type="text">
                    <div class="layout-widget-wrapper">
                        <div class="hs_cos_wrapper hs_cos_wrapper_type_text hs_cos_wrapper_widget" data-hs-cos-general-type="widget" data-hs-cos-type="text">Share the News</div>
                    </div>
                </div>
            </td>
        </tr>
<tr class="">
<td valign="top" colspan="12" width="100.0%" class="">
                <div class="widget-type-social_sharing  widget-span" data-widget-type="social_sharing">
                    <div class="layout-widget-wrapper">
                        <div class="hs_cos_wrapper hs_cos_wrapper_type_social_sharing hs_cos_wrapper_widget" data-hs-cos-general-type="widget" data-hs-cos-type="social_sharing">
<a href="http://t.hsms03.com/e1t/c/*W1Gk_lb2p0BzJW4N3FpY39s0Fs0/*W6G7JFy2ZGdbYW6QGJV43c_BLT0/5/f18dQhb0S1Wd2MQT9PV11nTz2FNdWzN19NW40P4jtnW5ClYJL73q8TlW6GvPDJ3Tv1MFW6MtKBt5HK5ZYW4wyzDY9cd7pMW7NF2Pr9fj1wqW8Cb9Dw4g6CgLW6nMMQN5xJj6YW8qNrNt48XPD7W1JL-NG4cSnyDW3sR2PT3jMh_1W5LH6K21VPBL-W8pnYvz8SvkSdW11LBSh22S2mPVj5Xdn4rVVyPN6XzMdJqNHQSW3vXsGg2wHMBMW5RtsvR5-VM7hW4xPTJn5pcBbFW51cnsF5XLGKpW4lxH5P5FwD_lW4pLKKs1vzL2WW1XXH2x39D3BqW10h1Gq1FFtWnW18rsFd8z5KfmVVrpmB2zYbN-N4_d07DP8PkfW9cLBHq1MKS-GN3SlMkXk8tbQN1kxxdfbHzVDN6CbFvxrNv7RW11T3C54d-h0pW2sl1pF1C0HzmW4tW9Ps3WcgSsW2CXQNR5bq0c6W5z-mwN3z9qksW1X_dXw4DVsxwVhKhnF7w60qgW1dtk9t4lvhStW6vV6vc8qtTVrW17TdG845QBkkW3KvYFN8yJ1GbW4jjJm14yB_-5W1kp5JY5JWWCWW7LL5Dq6XHGzdW8QNQDP47qdrwW1VDFb45vzHz2W6L86wf6zxjTlN8g7TMFHBNHRW8xgGQH8NrQ6ZW6-rkSl3sXK4rW8rz7fD6qmydGW1MGgh16KjB1bW9h5r0W56-dHhW9j-8zm9ccgwDf6NtBd211" target="_blank" class=""></a>&nbsp;<a href="http://t.hsms03.com/e1t/c/*W1Gk_lb2p0BzJW4N3FpY39s0Fs0/*VPJN_m1BqVvpW601r4Y7xJmdM0/5/f18dQhb0S1Wf7wjzHDV1x4mK5W0K6fN6964-j22JztW7mzqS16S-9KTW6HlGQR32Bx3hW1mC0G_29yQg4W41RKPV7g6b-CW60zH6H5SVpT1W44LrQP8btFp2W6YQB3S9cgXplW87PX5_4PKPbGW5xLs4Y3wp-LbW10-Vvz11RQN-W4gR2V-4F1xPjW2Kl9Mg3GJwJHW5q7hzM4qVwldW1k5scz1y1nJQW4F9QRw6Z1mQMW5_T7Zt5pvJNmW5JdkbF86mY1KN55ngC8Fyd-lN2yf7Ws22_-MVR1rN757SXzsVCq7ZV5NSbftW5J3FhJ98MBHtVTz4Hp2mC9XzW7kvhc81Gsf91W8p_KSS3mdZ94VM0f_k3gT-3dVcmTZ29223pvN15CtPnm1dlZW5H4VS65_RtJKW53sBZN8XV-kZW3r3Nv_5wjGqnN1YzGrsRtMVCW3pscYS7Z-tDSW2GFtT75Bz11gW6WZhyh26K5fcW29mwtT53NyCLW8jRt9r2VttF3W1F21J95jX8ccW5d0YFW4kV02qW44Dr6R23YRd8W4t4GsW8LFylSVQv3t64fF0RtW37ZPNv6l7BbjW92VKzd8qWs6WW8W5LHj91hdtfMlzN3_pK6NBW82Zwsz3_V-F6W8W1S9H4sWwn0W79d3wF41K32TW7M0XyR7krNJfW3c0s2G6SpW7ZW4lJ7P-2RdhXHW9h5lp19llKBfW3HZQq64HxgmwW9j80dy5ct1BQ102" target="_blank" class=""></a>&nbsp;<a href="http://t.hsms03.com/e1t/c/*W1Gk_lb2p0BzJW4N3FpY39s0Fs0/*W8RMszW5ryxtdV9krS-5NSGKr0/5/f18dQhb0S1Wf2RMFfcVMvN7H2lBF_nN2Z8s2hhYw2QW2S3Bbn2QZxM_W7TS6mK2RkW2BW202_QT7zcNn8W83F8Pw5B9knZW1K1LrX1bSSrMN6X6HYZpM6v5W2qYXbL3q3b6hW7bNtNt8WXpDCW12Sl0s3n5Pw9W47SPP61LZwwjW6B5GKn8fq3lLW58jZKL3dzFM_Vg_gPs1TXTK2W6vQrfN2tc_jmN2lBXf7rdSy3MRGGZ-Fv3jWN7t9N_BpN-dCW4PJlgV53TYF0W2pSkWF8gGT0sW49pmHp5LPhlgW409JQ82Bt1qBV3mCQ64LhhD2W2Y-vyB19_KNHW1P34lg3MCc9nW1ZQdn64PxqQfN79HZj_K_RH8VSznH95RX1KnW2crJn960yjy0W1LSqfY3YGqsqW1gncyc1s5vX9W8s_rw35csRn_W4KfcyL5pwtKnW1NSz0Y2Fj4XqW1gfl-P4S6PTfW8M8kxY6BMm5gVDg9hd8yS0kwW7NxsSr7SpKLZW1cwvsZ8QZ9hVW46w3gs86K7CVW79krWZ7N_PcrW8WCrXl7k1tkSN6p5GqK8-t-9N6TpL45Njk10W5MKHP36hbBZ4W91tnK-4Xv32BW80PgHL6NcFKGN2SBz6w-jTVfW3kfsRD2WLvsMW3sMZnB85W6sZW20dHtk5fSBZMW2lLR455cPH9YW2RWmqJ75Nk2qW2YDgyx5cGL5nN4CkmBCRgXMqW4byN0V3m2MYHW3kqpwJ2Jyz8vV1wfmS1yyrTHMlQqY7K_tTfN63nlPGV8TCrN3qsx8wF5-LvW9h49dh8prwvZW7lr2sZ5fV2qCW9k8LBY83CGW6102" target="_blank" class=""></a>&nbsp;<a href="http://t.hsms03.com/e1t/c/*W1Gk_lb2p0BzJW4N3FpY39s0Fs0/*W91yhwc9cky8zW3WPDLy17tztL0/5/f18dQhb0S3j52RMFdXV11TtT3BHDBcW2xSbmY74RDXRN5p_LDy6_Dh6W7LKwVC5FsrCsW3H_l4q92TmLGW85dzL197kCsjW30f_-38ZRZ3pW6mm_mD30j8QGN7MYtwZJFjykN8nQpFG7NtBGW18HZs36pFwzcVqBC8_68jmhLN5cqt_8q7Tz5W6l2YGt5KmDhcW2ngp-m5T4fg_VpBjBY6tk7Z1W43yGxY1zsrLjW8kfJFN604V07W15RWr81pLsPmV8N17x2qYTsNW1FmJRx6THR2CVZvD0q6Q0MqhW9kg16F412qMdN6gM6HNP2rRWW6FjMXg1bY8tGVJ8wkn6Wv4m2W620rBZ7mW93XW8CJ_xB1T-wCnN8t1-Sr4PdyPW51z9YB42GwQjW39ktyR7jS7_vW1v5P0H1YzH_FN38SJQy8PgCkW1mLSS_3slXdbW6v1Swd4B3y_fV1HfZv2Xpq4xW7QlT1k8QL_P5W5B6MQx1X_50jW2kCQG76kQL4cVk2Dqq1hXgSBN90lVMwfjlBxW19-LsL1jLq2ZW7s4hJ87b9DT5W7Z26zX9hYJ1LW5SP_QF16Vl-qW523GGT3jVtwkW5GmwDm83gL8-W7kjRwd7NjZK1W1mWzLy1WP8TyN5PnsH0MRBb2W7LRrn55Cm60nW6p1CMH6y3yyFW8Z6SRr1L1_jgW7cTGCY9m3mBDW7W3W3r970pMZN8LQGTLhm_QMf1MmXmY03" target="_blank" class=""></a>&nbsp;<a href="mailto:?subject=Check%20out%20http%3A%2F%2Fwww.emergingthreats.net%2F-temporary-slug-1ac71bb8-e952-4fdf-8258-2956a34d0c18%3Futm_medium%3Dsocial%26utm_source%3Demail%20&amp;body=Check%20out%20http%3A%2F%2Fwww.emergingthreats.net%2F-temporary-slug-1ac71bb8-e952-4fdf-8258-2956a34d0c18%3Futm_medium%3Dsocial%26utm_source%3Demail" target="_blank" class=""></a>
</div>
                    </div>
                </div>
            </td>
        </tr>
</table>
</div>

                                                                    </div>
                                                                </td>
                                                            </tr></table>
</div>
                                                </td>
                                            </tr></table>
</div>
                                </td>
                            </tr></table>
</div>
                </td>
            </tr>
<tr class="">
<td bgcolor="#f2f2f2" class="">
                    <div align="center" class="">
                        <table cellpadding="0" width="600" cellspacing="0" border="0" class="">
<tr class="">
<td align="center" bgcolor="#f2f2f2" class="">

                                    <div class="footer-container-wrapper">
    <table class="wrappertable" cellpadding="0" cellspacing="0" border="0" width="600">
<tr class="scaffold" height="0">
<td colspan="1" height="0" width="8.33%" class="">&nbsp;</td>
<td colspan="1" height="0" width="8.33%" class="">&nbsp;</td>
<td colspan="1" height="0" width="8.33%" class="">&nbsp;</td>
<td colspan="1" height="0" width="8.33%" class="">&nbsp;</td>
<td colspan="1" height="0" width="8.33%" class="">&nbsp;</td>
<td colspan="1" height="0" width="8.33%" class="">&nbsp;</td>
<td colspan="1" height="0" width="8.33%" class="">&nbsp;</td>
<td colspan="1" height="0" width="8.33%" class="">&nbsp;</td>
<td colspan="1" height="0" width="8.33%" class="">&nbsp;</td>
<td colspan="1" height="0" width="8.33%" class="">&nbsp;</td>
<td colspan="1" height="0" width="8.33%" class="">&nbsp;</td>
<td colspan="1" height="0" width="8.33%" class="">&nbsp;</td>
</tr>
<tr class="">
<td valign="top" colspan="12" width="100.0%" class="">
                <div class="widget-type-email_can_spam  widget-span" data-widget-type="email_can_spam">
                    <p class="">
Emerging Threats
&nbsp;&nbsp;450 East 96th Street
&nbsp;
&nbsp;Indianapolis,
&nbsp;IN
&nbsp;&nbsp;46240
&nbsp;&nbsp;U.S.A.
<br class=""><br class="">
You received this email because you are subscribed to Daily Ruleset Updates from Emerging Threats.
<br class=""><br class="">
Update your <a class="hubspot-mergetag" data-unsubscribe="true" href="http://t.hsms03.com/e1t/c/*W1Gk_lb2p0BzJW4N3FpY39s0Fs0/*W4_bnNM4S8J_9W2gPrxc7lXLM80/5/f18dQhb0S2C97Bf-yvM1x-tWXn057W5klrVp3wXNJkN7Kdwp39yTp0W2JLj9f97yl2ZW8fSgHy4s5T41W88Z84y9k7MjNW4lHS7n4qDZ0dW8qxpfs15-1gfW6HLnDJ2ck96wW6p2cJf8QvRdJW6z5jj39h8m0kW5b730D69Lyq2W3fZjc18lCpcmW5KSwS02Y8pfYW6xFcQH12Mw8_W3_fzLL3Jj0WTW45Czsd3RgksgW1cTX_Y6y_pwYW7bSYF438ZxhQW5VscKd7NYCkHVYnpby7b3lXQW5bZVMK1_RcK4N4kfRYYkqSMhW2c4pcx3CVmkHW7flhdG4sdtfDW7Kwg541JSPw0W2t79rc86sCYrW2dvG9m68jwM-W81LxHG69QqFgW4pktHc2Bkk0HW5gfvBy39NxLTW1dGGyf5XRG6lVQYm6l7ctK30V1CrYX6gBZ4fW22MNcR5DsDDgW93yz1K5jLnZ_W6zlz8z5H-mxcW1-lVPk4xqS06W48gmV12yxFFZW6RcGx763gqR_W5T11fk4zKSZRW4G6Wwm5PSK7YW8m6Fl64lMTF-W82qs1w6CGmjVN7jzVxQgKHwqW59jdGC7wjcyYVybWSR46s2pgW1FC64K5zvTCBW6BRR-t6YX_tcW4FC0Vc7v3mN3W79z-JV11-sXtW60_nm53TxXPDW3zS2y28zs917W1Jj3c5379XzgW3g2-2k39vLBnW6hgTbw2kWHyDW2gZ1jZ6WWRJSW7sfNNJ6736XkW3Ntvnp6M_16Sd8RD1-11">email preferences</a> to choose the types of emails you receive.
<br class=""><br class="">
&nbsp;<a class="hubspot-mergetag" data-unsubscribe="true" href="http://t.hsms03.com/e1t/c/*W1Gk_lb2p0BzJW4N3FpY39s0Fs0/*W7F9Tg04x3YhhW8Z8WcH3FhbMZ0/5/f18dQhb0S2C92fcTYHV11QjD69P1lFMl_YV6nhy9CW8mpcjB8npZmLW5V1PCH2T5-2gW3Mk4wy55dfG9W4lGTxX8NP9_gN2qZ05vrHlYNW13gq9r2lwfh7W3337wQ36-SV1W8s0FB57C446gW3wcZV19c3jWhW6g1JRF8nWJyMW5vhFmK47pJz6W8Vq0Hk1tB-b9W5x0gnG797KSvN8SSJvwBzMHkVF43pP2ZRhlmN7gGmWtd8FwrT-1jD2wkl_5VQ0_dm7kssZ9W5_XCPN5Syf3MW7NsWQs6_8_B2VrZngj2ynmFZW37_x6J79WJQWW4PRKng76ShtRW7VpTjY22W_gDW4XgJGf4MVrlKW3pxB4D1_vXtTW8J0Vp93SNmcnW93T0dS54JKflW2lykF_2lMDgNW4YDhmM2sBjkGW1DWncY6d_nwgV1RCmC4m1xMdW795D2t7mnkn-W1Prx3K6dkmx5W1--BbD8TG5PyW3WHzJD4PmkmvW1jFgkB2vxvT1N9fX4MkYMBJtW6c6JDL55GCKHW4543dg8qLHFKW75xw3N5jFmzdW3ZdNGT51CdXdW5LsbLB60rCDYW3FT6Jx47DhGXW7pDzhc7G4Dk2W6NMtJK4h5cmBW4hY9zR3RH4P2VfYNfH2W2K4fW7Nc3fN14XPFGW6mPzmF5ZnvRJW788k3w7NPmKZW3qzfm17sv7-bW1pY-dQ8JsXVNW7rD2WV5xr34mW61ZNgV4CCDQ4W8_lJwq6YVnFzW81K4V_9k8T3rf5378DZ02">Unsubscribe from all future emails</a>&nbsp;
</p>

                </div>
            </td>
        </tr>
</table>
</div>

                                </td>
                            </tr>
<tr class="">
<td class=""></td>
                            </tr>
</table>
</div>
                </td>
            </tr>
</table> <at> media print{#_hs { background-image: url('&lt;a href="http://t.hsms03.com/e1t/o/*W7Gytl98MnjlFVF6_5L82n2YG0/*VvLj9d6QnxBXW7p8MrB7wW9FM0/5/f18dQhb0SkX45gqmBLN6Hvt4pHzhkrW6vdHYy4LRT6BW2mp9f_4-tC2kW4Pw4J12sbPxnVg-RRY2Hy3N-W41Xj0l6tMNfxW3VNRyW3sqfGCW2-FxKJ1QjcLtW24ZpG653r51_VWWbfX2WdH7mW4jMwnZ5-6348W5nhy-N6SmN6vW5_6_YL1sj6b1V7WxHX4C6nKx102'" class=""&gt;http://t.hsms03.com/e1t/o/*W7Gytl98MnjlFVF6_5L82n2YG0/*VvLj9d6QnxBXW7p8MrB7wW9FM0/5/f18dQhb0SkX45gqmBLN6Hvt4pHzhkrW6vdHYy4LRT6BW2mp9f_4-tC2kW4Pw4J12sbPxnVg-RRY2Hy3N-W41Xj0l6tMNfxW3VNRyW3sqfGCW2-FxKJ1QjcLtW24ZpG653r51_VWWbfX2WdH7mW4jMwnZ5-6348W5nhy-N6SmN6vW5_6_YL1sj6b1V7WxHX4C6nKx102');}} div.OutlookMessageHeader {background-image:url('&lt;a href="http://t.hsms03.com/e1t/o/*W7Gytl98MnjlFVF6_5L82n2YG0/*W385KzY6WRmDWV1RC4X4RB9qM0/5/f18dQhb0SkX35gpxFtN6Hvt4pHzhkrW6vdHYy4LRT83W5HQHpl3FsfphW4PFxqB5ZH4gdW448fPL3C9P49W2_hwGc3MbPR3W3V_TWX4twg6KW2HB86z3BY0jWN3mVXG1T8qz8W2cyH2G5KtzP2W86_ws24t7QT8W89skq77CnJL5W8dpl9z8gcNNxN8LdJg8KTGYVf44_bnM04'" class=""&gt;http://t.hsms03.com/e1t/o/*W7Gytl98MnjlFVF6_5L82n2YG0/*W385KzY6WRmDWV1RC4X4RB9qM0/5/f18dQhb0SkX35gpxFtN6Hvt4pHzhkrW6vdHYy4LRT83W5HQHpl3FsfphW4PFxqB5ZH4gdW448fPL3C9P49W2_hwGc3MbPR3W3V_TWX4twg6KW2HB86z3BY0jWN3mVXG1T8qz8W2cyH2G5KtzP2W86_ws24t7QT8W89skq77CnJL5W8dpl9z8gcNNxN8LdJg8KTGYVf44_bnM04')} table.moz-email-headers-table {background-image:url('&lt;a href="http://t.hsms03.com/e1t/o/*W7Gytl98MnjlFVF6_5L82n2YG0/*W385KzY6WRmDWV1RC4X4RB9qM0/5/f18dQhb0SkX35gpxFtN6Hvt4pHzhkrW6vdHYy4LRT83W5HQHpl3FsfphW4PFxqB5ZH4gdW448fPL3C9P49W2_hwGc3MbPR3W3V_TWX4twg6KW2HB86z3BY0jWN3mVXG1T8qz8W2cyH2G5KtzP2W86_ws24t7QT8W89skq77CnJL5W8dpl9z8gcNNxN8LdJg8KTGYVf44_bnM04'" class=""&gt;http://t.hsms03.com/e1t/o/*W7Gytl98MnjlFVF6_5L82n2YG0/*W385KzY6WRmDWV1RC4X4RB9qM0/5/f18dQhb0SkX35gpxFtN6Hvt4pHzhkrW6vdHYy4LRT83W5HQHpl3FsfphW4PFxqB5ZH4gdW448fPL3C9P49W2_hwGc3MbPR3W3V_TWX4twg6KW2HB86z3BY0jWN3mVXG1T8qz8W2cyH2G5KtzP2W86_ws24t7QT8W89skq77CnJL5W8dpl9z8gcNNxN8LdJg8KTGYVf44_bnM04')} blockquote #_hs {background-image:url('&lt;a href="http://t.hsms03.com/e1t/o/*W7Gytl98MnjlFVF6_5L82n2YG0/*W385KzY6WRmDWV1RC4X4RB9qM0/5/f18dQhb0SkX35gpxFtN6Hvt4pHzhkrW6vdHYy4LRT83W5HQHpl3FsfphW4PFxqB5ZH4gdW448fPL3C9P49W2_hwGc3MbPR3W3V_TWX4twg6KW2HB86z3BY0jWN3mVXG1T8qz8W2cyH2G5KtzP2W86_ws24t7QT8W89skq77CnJL5W8dpl9z8gcNNxN8LdJg8KTGYVf44_bnM04'" class=""&gt;http://t.hsms03.com/e1t/o/*W7Gytl98MnjlFVF6_5L82n2YG0/*W385KzY6WRmDWV1RC4X4RB9qM0/5/f18dQhb0SkX35gpxFtN6Hvt4pHzhkrW6vdHYy4LRT83W5HQHpl3FsfphW4PFxqB5ZH4gdW448fPL3C9P49W2_hwGc3MbPR3W3V_TWX4twg6KW2HB86z3BY0jWN3mVXG1T8qz8W2cyH2G5KtzP2W86_ws24t7QT8W89skq77CnJL5W8dpl9z8gcNNxN8LdJg8KTGYVf44_bnM04')} #MailContainerBody #_hs {background-image:url('&lt;a href="http://t.hsms03.com/e1t/o/*W7Gytl98MnjlFVF6_5L82n2YG0/*W385KzY6WRmDWV1RC4X4RB9qM0/5/f18dQhb0SkX35gpxFtN6Hvt4pHzhkrW6vdHYy4LRT83W5HQHpl3FsfphW4PFxqB5ZH4gdW448fPL3C9P49W2_hwGc3MbPR3W3V_TWX4twg6KW2HB86z3BY0jWN3mVXG1T8qz8W2cyH2G5KtzP2W86_ws24t7QT8W89skq77CnJL5W8dpl9z8gcNNxN8LdJg8KTGYVf44_bnM04'" class=""&gt;http://t.hsms03.com/e1t/o/*W7Gytl98MnjlFVF6_5L82n2YG0/*W385KzY6WRmDWV1RC4X4RB9qM0/5/f18dQhb0SkX35gpxFtN6Hvt4pHzhkrW6vdHYy4LRT83W5HQHpl3FsfphW4PFxqB5ZH4gdW448fPL3C9P49W2_hwGc3MbPR3W3V_TWX4twg6KW2HB86z3BY0jWN3mVXG1T8qz8W2cyH2G5KtzP2W86_ws24t7QT8W89skq77CnJL5W8dpl9z8gcNNxN8LdJg8KTGYVf44_bnM04')}<div class=""></div>

_______________________________________________<br class="">Etpro-sigs mailing list<br class=""><a href="mailto:Etpro-sigs@..." class="">Etpro-sigs@...</a><br class="">https://lists.emergingthreats.net/mailman/listinfo/etpro-sigs<br class="">
</div>
Matt Jonkman | 2 Mar 14:23 2015
Picon

Big news!

You've probably seen the announcements that Emerging Threats has been acquired by Proofpoint. We're excited about the future, and I'd like to answer any questions you have right away. Please ask anything on the list or privately.

ET has been incredibly fortunate to be part of the emerging-sigs community and the open ruleset over the years. I want to reassure you that we will continue to be committed to this community. We will continue to keep the open rules licensed as they are (BSD), and continue to do everything we have done in the past to contribute and grow this group.

Proofpoint intends to keep us going as we are. We will keep this list going, keep the ruleset going, and continue to contribute pro sigs to open when we have dupes, do the QA, add platforms and versions, etc. You'll still see the same guys on the list, the entire ET research and engineering team is staying on and excited to do more!

If you're a customer of ET you can expect things only to improve. We'll continue the ruleset as is, continue hiring new guys on the research team, and continue to grow as a group. But we'll also have access to some incredible new data sources for the team to write sigs to and build intel feeds. 

For me personally, I'm of course staying around, and I can't wait to get back to writing sigs instead of running a company. I've enjoyed the last 4 or 5 years doing so, but I really can't wait to get back to hanging out more with you all, writing sigs, and building new stuff. But don't worry, Will Metcalf will still be running the research team. My sigs will have to make it by him to get into the ruleset.

We hadn't been looking to get acquired this early, but for ET we had a small group of companies that we know we could work with that wouldn't need us to cut off our support of the open ruleset, suricata and the OISF, and our partners in the industry. Proofpoint is an ideal suitor for us. Massive amounts of new data for the research team, access to resources and tools, and the ability to continue on the paths we're on. We're excited about the future!

I have no idea exactly how the future will unfold for us all. But I make the same commitment I made to you when we started ETPro 5 years ago: If things go wrong here, let me know. I'll fix it if I can. 

Finally, thank you all for all the years of contribution and participation in the community. We have done a LOT of good for a LOT of people in every country in the world. ETPro would never have happened without you all, and this acquisition would never have happened without you all. And I have a great many very good friends in this group that I'd have never had otherwise. 

Anytime you see me or Will, or anyone on the research team: Beers are on us! It’s the least we can do, and it’s what we all do when we meet up anyway!

Matt

--

----------------------------------------------------
Matt Jonkman
Emerging Threats
Phone 866-504-2523 x7110
http://www.emergingthreats.net
----------------------------------------------------
<div><div dir="ltr">
<div>You've probably seen the announcements that Emerging Threats has been acquired by Proofpoint. We're excited about the future, and I'd like to answer any questions you have right away. Please ask anything on the list or privately.</div>
<div><br></div>
<div>ET has been incredibly fortunate to be part of the emerging-sigs community and the open ruleset over the years. I want to reassure you that we will continue to be committed to this community. We will continue to keep the open rules licensed as they are (BSD), and continue to do everything we have done in the past to contribute and grow this group.</div>
<div><br></div>
<div>Proofpoint intends to keep us going as we are. We will keep this list going, keep the ruleset going, and continue to contribute pro sigs to open when we have dupes, do the QA, add platforms and versions, etc. You'll still see the same guys on the list, the entire ET research and engineering team is staying on and excited to do more!</div>
<div><br></div>
<div>If you're a customer of ET you can expect things only to improve. We'll continue the ruleset as is, continue hiring new guys on the research team, and continue to grow as a group. But we'll also have access to some incredible new data sources for the team to write sigs to and build intel feeds.&nbsp;</div>
<div><br></div>
<div>For me personally, I'm of course staying around, and I can't wait to get back to writing sigs instead of running a company. I've enjoyed the last 4 or 5 years doing so, but I really can't wait to get back to hanging out more with you all, writing sigs, and building new stuff. But don't worry, Will Metcalf will still be running the research team. My sigs will have to make it by him to get into the ruleset.</div>
<div><br></div>
<div>We hadn't been looking to get acquired this early, but for ET we had a small group of companies that we know we could work with that wouldn't need us to cut off our support of the open ruleset, suricata and the OISF, and our partners in the industry. Proofpoint is an ideal suitor for us. Massive amounts of new data for the research team, access to resources and tools, and the ability to continue on the paths we're on. We're excited about the future!</div>
<div><br></div>
<div>I have no idea exactly how the future will unfold for us all. But I make the same commitment I made to you when we started ETPro 5 years ago: If things go wrong here, let me know. I'll fix it if I can.&nbsp;</div>
<div><br></div>
<div>Finally, thank you all for all the years of contribution and participation in the community. We have done a LOT of good for a LOT of people in every country in the world. ETPro would never have happened without you all, and this acquisition would never have happened without you all. And I have a great many very good friends in this group that I'd have never had otherwise.&nbsp;</div>
<div><br></div>
<div>Anytime you see me or Will, or anyone on the research team: Beers are on us! It&rsquo;s the least we can do, and it&rsquo;s what we all do when we meet up anyway!</div>
<div><br></div>
<div>Matt</div>
<div><br></div>-- <br><div class="gmail_signature"><div dir="ltr"><div><div dir="ltr">
<br>----------------------------------------------------<br>Matt Jonkman<br>Emerging Threats<br>Phone 866-504-2523 x7110<br><a href="http://www.emergingthreats.net" target="_blank">http://www.emergingthreats.net</a><br>----------------------------------------------------</div></div></div></div>
</div></div>
Mark Durrett | 1 Mar 22:00 2015
Picon

Daily Ruleset Email Test - Please Ignore

This is a test of an automated email from the Emerging Threats Daily Ruleset Updates - please ignore
                       
                       

Hi There, 

This is a test of an automated email from  Emerging Threats Daily Ruleset Updates.

Please ignore.

Regards,

The Emerging Threats Team

Share the Update
    
<at> media print{#_hs { background-image: url('http://t.hsms03.com/e1t/o/*W10p1cT4Z5v4bW9fJHVS2_9H-Y0/*W7RWVCN5CB-XNVkvYhk1HgVTh0/5/f18dQhb0J6F1b52bN7jMdk__sXXsVj8T2g24WxThW1Q0g3K30mjQvW1RGqgd2lhw0RN2XZgm_m_mCtW3K8Q1L41S2fJN3S-qTHDG9MMW3R4rmG4fNk30W3K9t0P4xTDpMVNw0NF5Ls5sQN8pLMj9CW-CJW98v_vv6JXQw1W75VpmV1x9bzcf7W-t8d03');}} div.OutlookMessageHeader {background-image:url('http://t.hsms03.com/e1t/o/*W10p1cT4Z5v4bW9fJHVS2_9H-Y0/*W7S9l1p42VSkQW2SMykH5DwkVw0/5/f18dQhb0J6H19g4-N7CxCmt_sXXsVj8T2g24WxThW1Q0gf02WwrlXW30k9Z226rPR9W2F3tgS3j6LWpW3K6Kvg3P28nBW1GHDvr4cpvNsW1tRjmC3K1M5SN1JD4gM2xKzTW15gBJz4Mf-1rW4XV4jg5wYYZGW59CNWc53tPH6VWFYqY6PtQwbf8jpz8801')} table.moz-email-headers-table {background-image:url('http://t.hsms03.com/e1t/o/*W10p1cT4Z5v4bW9fJHVS2_9H-Y0/*W7S9l1p42VSkQW2SMykH5DwkVw0/5/f18dQhb0J6H19g4-N7CxCmt_sXXsVj8T2g24WxThW1Q0gf02WwrlXW30k9Z226rPR9W2F3tgS3j6LWpW3K6Kvg3P28nBW1GHDvr4cpvNsW1tRjmC3K1M5SN1JD4gM2xKzTW15gBJz4Mf-1rW4XV4jg5wYYZGW59CNWc53tPH6VWFYqY6PtQwbf8jpz8801')} blockquote #_hs {background-image:url('http://t.hsms03.com/e1t/o/*W10p1cT4Z5v4bW9fJHVS2_9H-Y0/*W7S9l1p42VSkQW2SMykH5DwkVw0/5/f18dQhb0J6H19g4-N7CxCmt_sXXsVj8T2g24WxThW1Q0gf02WwrlXW30k9Z226rPR9W2F3tgS3j6LWpW3K6Kvg3P28nBW1GHDvr4cpvNsW1tRjmC3K1M5SN1JD4gM2xKzTW15gBJz4Mf-1rW4XV4jg5wYYZGW59CNWc53tPH6VWFYqY6PtQwbf8jpz8801')} #MailContainerBody #_hs {background-image:url('http://t.hsms03.com/e1t/o/*W10p1cT4Z5v4bW9fJHVS2_9H-Y0/*W7S9l1p42VSkQW2SMykH5DwkVw0/5/f18dQhb0J6H19g4-N7CxCmt_sXXsVj8T2g24WxThW1Q0gf02WwrlXW30k9Z226rPR9W2F3tgS3j6LWpW3K6Kvg3P28nBW1GHDvr4cpvNsW1tRjmC3K1M5SN1JD4gM2xKzTW15gBJz4Mf-1rW4XV4jg5wYYZGW59CNWc53tPH6VWFYqY6PtQwbf8jpz8801')}
<div>

        
        <div>This is a test of an automated email from the Emerging Threats Daily Ruleset Updates - please ignore</div>

        
        <table bgcolor="#f2f2f2" cellpadding="0" cellspacing="0" border="0" width="100%">
<tr>
<td bgcolor="#f2f2f2">
                    <div align="center">
                        <table cellpadding="0" width="600" cellspacing="0" border="0"><tr>
<td align="center" bgcolor="#f2f2f2">

                                    <div class="header-container-wrapper">
    <table class="wrappertable" cellpadding="0" cellspacing="0" border="0" width="600">
<tr class="scaffold" height="0">
<td colspan="1" height="0" width="8.33%">&nbsp;</td>
<td colspan="1" height="0" width="8.33%">&nbsp;</td>
<td colspan="1" height="0" width="8.33%">&nbsp;</td>
<td colspan="1" height="0" width="8.33%">&nbsp;</td>
<td colspan="1" height="0" width="8.33%">&nbsp;</td>
<td colspan="1" height="0" width="8.33%">&nbsp;</td>
<td colspan="1" height="0" width="8.33%">&nbsp;</td>
<td colspan="1" height="0" width="8.33%">&nbsp;</td>
<td colspan="1" height="0" width="8.33%">&nbsp;</td>
<td colspan="1" height="0" width="8.33%">&nbsp;</td>
<td colspan="1" height="0" width="8.33%">&nbsp;</td>
<td colspan="1" height="0" width="8.33%">&nbsp;</td>
</tr>
<tr>
<td valign="top" colspan="12" width="100.0%" class="">
                <div class="widget-span widget-type-email_view_as_web_page " data-widget-type="email_view_as_web_page">

                </div>
            </td>
        </tr>
</table>
</div>

                                </td>
                            </tr></table>
</div>
                </td>
            </tr>
<tr>
<td bgcolor="#f2f2f2">
                    <div align="center">
                        <table cellpadding="0" width="600" cellspacing="0" border="0"><tr>
<td width="600" bgcolor="#ffffff">
                                    <div align="center">
                                        <table cellpadding="0" width="600" cellspacing="0" border="0"><tr>
<td>
                                                    <div align="center">
                                                        <table cellpadding="0" cellspacing="0" border="0" width="100%"><tr>
<td>
                                                                    <div align="center">

                                                                        <div class="body-container-wrapper">
    <table class="wrappertable" cellpadding="0" cellspacing="0" border="0" width="600">
<tr class="scaffold" height="0">
<td colspan="1" height="0" width="8.33%">&nbsp;</td>
<td colspan="1" height="0" width="8.33%">&nbsp;</td>
<td colspan="1" height="0" width="8.33%">&nbsp;</td>
<td colspan="1" height="0" width="8.33%">&nbsp;</td>
<td colspan="1" height="0" width="8.33%">&nbsp;</td>
<td colspan="1" height="0" width="8.33%">&nbsp;</td>
<td colspan="1" height="0" width="8.33%">&nbsp;</td>
<td colspan="1" height="0" width="8.33%">&nbsp;</td>
<td colspan="1" height="0" width="8.33%">&nbsp;</td>
<td colspan="1" height="0" width="8.33%">&nbsp;</td>
<td colspan="1" height="0" width="8.33%">&nbsp;</td>
<td colspan="1" height="0" width="8.33%">&nbsp;</td>
</tr>
<tr>
<td valign="top" colspan="12" width="100.0%" class="">
                <div class="widget-span widget-type-logo " data-widget-type="logo">
                    <div class="layout-widget-wrapper">
                        <div class="hs_cos_wrapper hs_cos_wrapper_widget hs_cos_wrapper_type_logo" data-hs-cos-general-type="widget" data-hs-cos-type="logo"><a href="http://t.hsms03.com/e1t/c/*W7_vSx56B2yDLW8tsYbG5xCtHK0/*W86T_7d4dHd1YW78B0h117xRGd0/5/f18dQhb0SbTS8XJ888W80Zbfw2qwv27N1TWyVfKfJskVf5f_x57mvC2W1BQYg083KJHMW7t-5pC57vg2CW5lRTHd7MrxkSW7JtTqn8mnw90W7bjnYC3lKVMWW5Knqx07Jz0slW7MrvWr5LMjltW2z8Bj69dSlS6W35rgCl94ZVCxV4mgjX520N2HW7v70tS2Hyb60W9dH8_66V4mf7W6cywys8QKpyrW4sj3hV2BcyM9N1mGWmCDWKJsVfgCXW4VLgRfW8Lm-5H51P0dTW1dPLwQ1wl9GsW7y1jBn4Wlrg5W15Fw5c4LnkxbN41PVLmc0Wv_W8R6wyV50CFMgVR1SCf2y7CmHW3zXK3-36MBbNW15s90F4MgspCW7YJqwB2gwdlyN74mdLZXTWllW3sKLdf6-GnYvW9jtmcc19bNv6W7-cpqj6t_HvdW8Ph58-594Td2W1Yml2p1Hns6cW4jZw2G1vhN9qVFhtQ-8j1VZYW4y25xg823FykW63XYKs8JkVbcW4FgCGw4qVYhpN8_dTbLkNjR1f5CdrVw02"></a></div>
                    </div>
                </div>
            </td>
        </tr>
<tr>
<td valign="top" colspan="12" width="100.0%" class="">
                <div class="widget-span widget-type-rich_text " data-widget-type="rich_text">
                    <div class="layout-widget-wrapper">
                        <div class="hs_cos_wrapper hs_cos_wrapper_widget hs_cos_wrapper_type_rich_text" data-hs-cos-general-type="widget" data-hs-cos-type="rich_text"></div>
                    </div>
                </div>
            </td>
        </tr>
<tr>
<td valign="top" colspan="12" width="100.0%" class="">
                <div class="widget-span widget-type-email_body " data-widget-type="email_body">

<div class="hs_cos_wrapper hs_cos_wrapper_widget hs_cos_wrapper_type_rich_text" data-hs-cos-general-type="widget" data-hs-cos-type="rich_text">
<p>Hi There,&nbsp;</p>
<p>This is a test of an automated email from &nbsp;<a href="http://t.hsms03.com/e1t/c/*W7_vSx56B2yDLW8tsYbG5xCtHK0/*W1r0GVW5m9C4zW6Ng2q46zGc-h0/5/f18dQhb0S82-9ctx9FW80Zbfw2qwv27N1TWyVfKfJskMf5cNlXD6prW39Dr-N8pCDM5W6Pkxv55CRkXQVXTGcQ1nxpVwW69M7BV2z3pz_W7lVy7469LSk4W41G_3C3VxrGPW1mnJqB30ZWf9W4Nl-Wk2KNldFW41Xjgl41Q137W4Bs6cn4yym9nW2p0tdz5Q4lFHW5sWG2X6gr0cxN32n0Yg-zfW1W47YlYy4bfcHbW47Xx3n2Z1YT0W1fwyVV6yBPJMW30q8CN2kGjZwW6qQkKC8jYpNQW94q7cq6VKJl2W1hC_8g5lppF5W5yfDmY8jRcz0W3CSq1v8VS1yPW12StRZ3ZcvtxW8Tdyl-1jlT1HW3qj5589202zLN79fLv4pPHjmW542lBp7bC1xMW4g5LNN2GJrX8W5VB43f35xpSbW9cSXHZ3DLygnW8rX2Fr8k1Ws8W9lJwMB4Hr9C0W3wbwQk6ylx_TW18H87_66rs0sW5g85YZ3_5JMxW3d0zvx4p7yDTN2Byr3G-_8MCVRc8yk28tZN7N5qJJ2Bj8tbNW480YYC2hwkwLW4121t57KwJCvW90dChc6_JdQRW2cs9nw98b4RSV7Wkr83kVQYk102">Emerging Threats Daily Ruleset Updates</a>.</p>
<p>Please ignore.</p>
<p>Regards,</p>
<p>The Emerging Threats Team</p>
</div>

                </div>
            </td>
        </tr>
<tr>
<td valign="top" colspan="12" width="100.0%" class="">
                <div class="widget-span widget-type-text " data-widget-type="text">
                    <div class="layout-widget-wrapper">
                        <div class="hs_cos_wrapper hs_cos_wrapper_widget hs_cos_wrapper_type_text" data-hs-cos-general-type="widget" data-hs-cos-type="text">Share the Update</div>
                    </div>
                </div>
            </td>
        </tr>
<tr>
<td valign="top" colspan="12" width="100.0%" class="">
                <div class="widget-span widget-type-social_sharing " data-widget-type="social_sharing">
                    <div class="layout-widget-wrapper">
                        <div class="hs_cos_wrapper hs_cos_wrapper_widget hs_cos_wrapper_type_social_sharing" data-hs-cos-general-type="widget" data-hs-cos-type="social_sharing">
<a href="http://t.hsms03.com/e1t/c/*W7_vSx56B2yDLW8tsYbG5xCtHK0/*W2SH9nf6yxJJvW1F04pm5-N0p-0/5/f18dQhb0Sq5D9cKtM7W3_VtN01m689fW1hFmbc3DT2B-W5-jrcQ1mhDGsW99c0JB8nP3syW7mWgWk96-z6SN96Ls9rYnPL7W4sMN_m90Gn9TW1xZnVH5cvsmdW2mPR331cx9GBW1tpkBt6Xbwz8W1ZYW6n1L5xTsW1tyJGq5RmfwTW2_VZQW5t-2BsW2yqt617d0bMvW1fpTGr25DsQFM46T79ql93pW30JL2c4cPLbmW1yxyYS2KBRYBW4cywB-2MT-SVW3qzFJS1TNZR8W59P2t-7dDxTNW7mWg2y74dt34W56HJNh51LTg5W5DHNj21JSr5PN7-Fr7KXlSJRN26p8p6mRP4xW3Llb4t7dzcsSW2mlZYS22Fym6W1m2sXx8Xl1blW8W1LYS95Pz6hW7cvxVf8q5qBxVVQf4X5vDhTYW4WXCHb7hrWh3N5tqT68_k1wwW96vTbr5w7d0ZW3NVFF928BQ3HMbVPmMhLv_qW8wbnQ42yXd7KW93NVHP6PYT2CN5HP6TM8Yt33W4Yxm1J4Zz3ZcW6P28b85G6BX2W2DgfKV2zFKkxVfNk2V3mt1KPW4T-fZ46RgVtYN97tmTXYmk7-W4MKXrf3SwmccW7hKtH573R1h2W224mH77GLzQ2W6Jwnfr7WJjhfW5X9RNC2y74cWW5bN2798S0fHVW410h0l5JqvnjW6H1lPZ9612gFW8slGRw7NK9LXW1n_2fc1N5mh3102" target="_blank"></a>&nbsp;<a href="http://t.hsms03.com/e1t/c/*W7_vSx56B2yDLW8tsYbG5xCtHK0/*Vy7TM45bnWWCW6bKp-_1CSfkG0/5/f18dQhb0S1V07Bf-yvTCQjq13QCY4W1NXP_c64NrxzN5pp17r9yWWyW5W8xCx14DSfgW5pcxMy4r5_X9N1KSsfV8wXVjW862_9l53xm5wN7cK97CbBZrQN8SfYBfzR4hLW29mZ9g94PSp1W7jBwpJ3vN7RSW7cZl9H6m6nShW6-nDmN2VX31wW81w75-3KXTqTW1wN3MP26B2gfN716-NrWfv-sW13KXx92zMwccW2JkVsq3CRh0gN2zdnG32c-m2W4_jmLv3wQRwcW4KklTs1fwGw2W7vQd8k5gHHZjVpG1w43YDQgqW1FVgs-1XwJMPW1lcRdH5ptsyXW30RFPW4G7BTWW7V1y6028zC4fN8fzptcy9fs6W29M-mf3sl-XzW81KyvP7z9rxYW5zKQg01-_QjCVV1L9W2ZwvfFW3hByry4WhGJtW5KKFz8874n__W5zL7Hz8RG4cQW2YS1BL39mYjHW13PKKS7pqqhyW7v0B1w8LbL90N77tRC6r4hzVW8VMLSv2PPVhJVKnDYx75Bms1VB4qzJ4d9xVLW1TWcjg3FbFkcW3r7M8K5Gz2XhW3fQWYv4mGn3hW93f3x73xbrk7W8vGfRs82tdksN4DtcDF7j0WMW4JPG-q6-k7xXW45qnQt7shMphVqBBWl1vQPr4W8y6DpT5kBnYLW3k__H895gjMBW7jmZq44C6FBfW5dFlMZ9h48k1W6WQQPc6yywN_W9kbB2g2GrlZB102" target="_blank"></a>&nbsp;<a href="http://t.hsms03.com/e1t/c/*W7_vSx56B2yDLW8tsYbG5xCtHK0/*W77hGtG5MNJ7wV-9rHH8hzfdK0/5/f18dQhb0S1Wb2p37FjVWW4Y94TQDg9W3zVY5H38f62PW6BMtDX3hFPrsW4l8L8L1H6Yk-W4RPD_c89b9H8W8N1jZD422gC0W2KTSm28htn8qW34c4KH4qHLwwMB2q24rPT8vW3Bqm1193jGLNW4zFgvJ772M-zW81CQxC3ncPPBW5yfnl64f6bg3W5nkc2d3hX5HJW4-xwqn3xmxrqW3mzXl61zX9xDW5dpvD34XG4wzW4RtQZh1dZWp-W5MYVkV3yB18-W4WHwhv7ZcgsGW7GnjXm5LKNwyV54D8-4RPBD2MGZnllQSGvWW2V2BHP4_l9s5VsM49b7Wrmt_N1WDVpZs1kb8W3t4Djm1gC5v_W8TCS942lTFtyN7tl3xQC6J_5Dbflt3q2bTW6bRzJL6Bk8VnW6NZs755Dbq06W1q0wdg1Qdvz-W94y9Hh5q4V3lW8drP9d5WwFcxW4Msrp_7LCBntM7C7cVsthS6W5PZNbZ4LX21HN77gYFDg9ZFYW8BfHMY8Z7dCBW5Tgkc818Ydl5W4VNmt049WwN0W90W8cp3CNdt4W8qnwwt4W-DHjN39KzFw-tyd_W8zQ0td1z6hLjW8KR4qB40M_3PN4nLP4VqR1DTW63xgh38QlR5fW82WpHM54-93hW7Sz1qG97TWY6W4x1tlH1zbkr6VJjN9w3smvCwW5wDM1s63FbB9W2-tk0T4JHxR_W3sNvqD7Cqx4DW2p0P6w6c2KmvW7Z2YlL9dQG35W11HP_08qln50W9jyzgZ2jyk6vW5mQ84S4vC96kW782rvn96t7_xW70RNKW17nVb4f6X14-j03" target="_blank"></a>&nbsp;<a href="http://t.hsms03.com/e1t/c/*W7_vSx56B2yDLW8tsYbG5xCtHK0/*W6s603f84-T8mW1Xsbbw12Ck5h0/5/f18dQhb0Sq5N4y9PLkW3_VtN01m689fW1hFmbc3DT2B-W5_hJ-p1mhDJwW39DrWD25M7lFW8yGlqJ25NHJ3N96Ls9rYnPL7W90GbdD6H9RzZW34RDPp59WQJzW6Wp5-c1Z07JgW2dMF5L1lhB0XW6vw5J51M70YnW32nVQk30_2tRDsss6Ys1pZW62081h6j_nskW51vDFJ4MwX6RN4fsC_nH59WtN54SlKhKzjfLW59X7pt4bHZfNW328h7y36QgX-W8WC1BJ4cz1cqW2mxKvp625bx1W2lWWG98gqQYcW3F-t6D2VtC3zW7t5r0h4hCxglN7FvnNKS1bJRW7mbSmf34tXpxW6DP7wB1v14y7VbzwQx75-0d8W1B8DH75L1yJ8W5FxwsV1vNWDWW3jxWlJ3VVkFJW4LG55J3yZDDxW2y6rXr4405kTW2TNthp4q2npdW4Sdlgy3zk3dPW68xZrW3Hfy7qW5qSB-z47t1D7W5DdyL25DkxWKW2Wqr904cz4-yW51Gx2f51GTS2W47DdHl2m3zW-W5rpx9Q45Fj6gW5RNmYZ4VgBf7W3TxNfj3KpgyYW6Zv-5N374nScW3K8kcj6R17lkVcp-C15DhDYMW6JRZwl8Ph58-N594Td27YylFW51k-k33MbPR3W1ydzbB5151f1V10N9F5xfgjZW4PXrKG8_V1-FW5MpFZc8NcQjVW6SMQbr5nL7W4F44PYQ3z6j9f55X0Fd03" target="_blank"></a>&nbsp;<a href="mailto:?subject=Check%20out%20http%3A%2F%2Fwww.emergingthreats.net%2Fproducts%2Fetpro-ruleset%2Fdaily-ruleset-update-summary%3Futm_medium%3Dsocial%26utm_source%3Demail%20&amp;body=Check%20out%20http%3A%2F%2Fwww.emergingthreats.net%2Fproducts%2Fetpro-ruleset%2Fdaily-ruleset-update-summary%3Futm_medium%3Dsocial%26utm_source%3Demail" target="_blank"></a>
</div>
                    </div>
                </div>
            </td>
        </tr>
</table>
</div>

                                                                    </div>
                                                                </td>
                                                            </tr></table>
</div>
                                                </td>
                                            </tr></table>
</div>
                                </td>
                            </tr></table>
</div>
                </td>
            </tr>
<tr>
<td bgcolor="#f2f2f2">
                    <div align="center">
                        <table cellpadding="0" width="600" cellspacing="0" border="0">
<tr>
<td align="center" bgcolor="#f2f2f2">

                                    <div class="footer-container-wrapper">
    <table class="wrappertable" cellpadding="0" cellspacing="0" border="0" width="600">
<tr class="scaffold" height="0">
<td colspan="1" height="0" width="8.33%">&nbsp;</td>
<td colspan="1" height="0" width="8.33%">&nbsp;</td>
<td colspan="1" height="0" width="8.33%">&nbsp;</td>
<td colspan="1" height="0" width="8.33%">&nbsp;</td>
<td colspan="1" height="0" width="8.33%">&nbsp;</td>
<td colspan="1" height="0" width="8.33%">&nbsp;</td>
<td colspan="1" height="0" width="8.33%">&nbsp;</td>
<td colspan="1" height="0" width="8.33%">&nbsp;</td>
<td colspan="1" height="0" width="8.33%">&nbsp;</td>
<td colspan="1" height="0" width="8.33%">&nbsp;</td>
<td colspan="1" height="0" width="8.33%">&nbsp;</td>
<td colspan="1" height="0" width="8.33%">&nbsp;</td>
</tr>
<tr>
<td valign="top" colspan="12" width="100.0%" class="">
                <div class="widget-span widget-type-email_can_spam " data-widget-type="email_can_spam">
                    <p>
Emerging Threats
&nbsp;&nbsp;450 East 96th Street
&nbsp;
&nbsp;Indianapolis,
&nbsp;IN
&nbsp;&nbsp;46240
&nbsp;&nbsp;U.S.A.
<br><br>
You received this email because you are subscribed to Marketing Information from Emerging Threats.
<br><br>
Update your <a class="hubspot-mergetag" data-unsubscribe="true" href="http://t.hsms03.com/e1t/c/*W7_vSx56B2yDLW8tsYbG5xCtHK0/*W5J_lm07FHkC2W1W73vk5fqlKn0/5/f18dQhb0S65Q6vjWF4V1xz0624B9Z0W2qSQ4s1FCS0FN3TmKSwjwVGnW81_yz42JryJwVm5ZhX5mLBq3W2JX9p-1q9vZ1W5V0SQd5-Mwb2W4Pyk2L2TX1b0W29t2Q97SfN61W9bKBbM4BC5ZjW4DNvVQ6JQCjBW5yC3Tp3L-M8pW5hpCsS997ZD6W8Wp0nK3Xr71LW2DqnYj3xBNB0W8ZH7HL3dKNdgW4xZ2K_26-SgvW15Ztz46x5TR4V9vHJh32mHg-VvryNT3RxvTtW1Tp2vQ2XmDQmW4X8LSN7Y_Sz6W31BnWj7zvVg1W44C3d2418RgjMgg66LqH3qyW7ty55F80Nyx4W89xXCM73xYfqW4JYwzF6bFGJyVQFBm87Yqh7XW3LTXmM6JpZ83W6mn5fb6rVl0qW71BzKt65N7nRW44TlcL4GM5TjW2RpjFD7t2lfLW5KLClf5JZ5ZkW8dtW1p7n-ygCN9h5C0N7krBvW7dBSJh8mhYh4W5r-KSV7NFxGKVY-6RR5b_txgW1wYTM62d1y4hW6FqGj082HPglN16P78DVNqrqW5tncwS4lQzp2W5MT_7P4jCddDW5ZpTN85_LCTgW918JHV2CfY6nW4NbcKC2vYx41W6kCc108zYvKCW99XyXT8JzDJcN75wnr_W43CNN6HrXdTGMV5JW9ghfyx7xDj_RV8kNFb79jDBSW3c3mfR2jfvC2W8W-8wS4G2SW2W3rZPmX9c0KpkW8MngD765QTBJN83_rvtcDP8D121">email preferences</a> to choose the types of emails you receive.
<br><br>
&nbsp;<a class="hubspot-mergetag" data-unsubscribe="true" href="http://t.hsms03.com/e1t/c/*W7_vSx56B2yDLW8tsYbG5xCtHK0/*W617f_s7qJZ6TW7lH2HD22J-gN0/5/f18dQhb0S65Q29v6n1V11nT83cQtLYVnQy9z3wXk_hN8qZNbkX2_19W7YYz-n5nD-PbW8KjJSh82x_LcW4mcM2J2vPtH8VN-6S06rpRGvW1DlLwX3fjMkYW3lCy4N488r4QW8VDVDq16q7V7W1ZPK7z9gMFq6W7fRWlc5w1HGbW82HVV13P3yy8W9g7_vq7lzbTlN3NV2LCthBP4N48HpTXrM9hYMTpVDnmTMtFN8q4lfybWlSfW2lw0FM6SwZ0dW1YLLtf6YBJy3W33DTNm7KLM_4W4Lr1Cz3w-ztQW7CrMrC1VjFXJVh831J13wKcvW8Q6jCb21_pYYW9hTqMS2rz_2MW6RfK4w62D9nkN1FSr1CBtVB6W7HpNZX8J8fMWW3jpP74649_hjMtgNfz2SdBjW7NhttG6TtGgQVMRZxq8sv7Y1W8-GL6v7c-X5FW222tx77kwCPsW5JRrTm4WsHyqW8LlnsL7ZBHRLW1jcd-x3XJXHdW2xvfZv7G709XVnfcLZ1YlNNBN3x07Sk-Q3D2W3xpgjc7Qvm4zMGYsHRjJhBSW36pm041m8NMrW5Mh-0l1YJmLcW12Cv622ZbZhfW1lKxnH2B_H2vW5lh6L85694c4W30c93c3G7mMNF7YSCfNsPbRW7_RQ5Z60hlbYW25LhPf13-fqYVx_pV13fw_SsN96cWMqFhkKrVD7vR73w7mwzW8_g3P3446tCMW9f4VdN4sHZSZW89MBHQ2krrQXW3vHhxq4ztCMgf2TLpXN11">Unsubscribe from all future emails</a>&nbsp;
</p>

                </div>
            </td>
        </tr>
</table>
</div>

                                </td>
                            </tr>
<tr>
<td></td>
                            </tr>
</table>
</div>
                </td>
            </tr>
</table> <at> media print{#_hs { background-image: url('http://t.hsms03.com/e1t/o/*W10p1cT4Z5v4bW9fJHVS2_9H-Y0/*W7RWVCN5CB-XNVkvYhk1HgVTh0/5/f18dQhb0J6F1b52bN7jMdk__sXXsVj8T2g24WxThW1Q0g3K30mjQvW1RGqgd2lhw0RN2XZgm_m_mCtW3K8Q1L41S2fJN3S-qTHDG9MMW3R4rmG4fNk30W3K9t0P4xTDpMVNw0NF5Ls5sQN8pLMj9CW-CJW98v_vv6JXQw1W75VpmV1x9bzcf7W-t8d03');}} div.OutlookMessageHeader {background-image:url('http://t.hsms03.com/e1t/o/*W10p1cT4Z5v4bW9fJHVS2_9H-Y0/*W7S9l1p42VSkQW2SMykH5DwkVw0/5/f18dQhb0J6H19g4-N7CxCmt_sXXsVj8T2g24WxThW1Q0gf02WwrlXW30k9Z226rPR9W2F3tgS3j6LWpW3K6Kvg3P28nBW1GHDvr4cpvNsW1tRjmC3K1M5SN1JD4gM2xKzTW15gBJz4Mf-1rW4XV4jg5wYYZGW59CNWc53tPH6VWFYqY6PtQwbf8jpz8801')} table.moz-email-headers-table {background-image:url('http://t.hsms03.com/e1t/o/*W10p1cT4Z5v4bW9fJHVS2_9H-Y0/*W7S9l1p42VSkQW2SMykH5DwkVw0/5/f18dQhb0J6H19g4-N7CxCmt_sXXsVj8T2g24WxThW1Q0gf02WwrlXW30k9Z226rPR9W2F3tgS3j6LWpW3K6Kvg3P28nBW1GHDvr4cpvNsW1tRjmC3K1M5SN1JD4gM2xKzTW15gBJz4Mf-1rW4XV4jg5wYYZGW59CNWc53tPH6VWFYqY6PtQwbf8jpz8801')} blockquote #_hs {background-image:url('http://t.hsms03.com/e1t/o/*W10p1cT4Z5v4bW9fJHVS2_9H-Y0/*W7S9l1p42VSkQW2SMykH5DwkVw0/5/f18dQhb0J6H19g4-N7CxCmt_sXXsVj8T2g24WxThW1Q0gf02WwrlXW30k9Z226rPR9W2F3tgS3j6LWpW3K6Kvg3P28nBW1GHDvr4cpvNsW1tRjmC3K1M5SN1JD4gM2xKzTW15gBJz4Mf-1rW4XV4jg5wYYZGW59CNWc53tPH6VWFYqY6PtQwbf8jpz8801')} #MailContainerBody #_hs {background-image:url('http://t.hsms03.com/e1t/o/*W10p1cT4Z5v4bW9fJHVS2_9H-Y0/*W7S9l1p42VSkQW2SMykH5DwkVw0/5/f18dQhb0J6H19g4-N7CxCmt_sXXsVj8T2g24WxThW1Q0gf02WwrlXW30k9Z226rPR9W2F3tgS3j6LWpW3K6Kvg3P28nBW1GHDvr4cpvNsW1tRjmC3K1M5SN1JD4gM2xKzTW15gBJz4Mf-1rW4XV4jg5wYYZGW59CNWc53tPH6VWFYqY6PtQwbf8jpz8801')}<div></div>
</div>
Francis Trudeau | 27 Feb 20:25 2015
Picon

Daily Ruleset Update Summary 2015/02/27

 [***] Summary: [***]

 4 new Open signatures, 17 new Pro.  Chanitor, MSIL.Small.ee, Dridex.

 Thanks:  Jeremy MountainJohnson.

 [+++]          Added rules:          [+++]

 Open:

  2020578 - ET POLICY Privdog Activation (policy.rules)
  2020579 - ET POLICY Privdog Checkin (policy.rules)
  2020580 - ET POLICY Privdog Update check (policy.rules)
  2020581 - ET TROJAN Chanitor .onion Proxy Domain (trojan.rules)

 Pro:

  2809895 - ETPRO TROJAN MSIL.Small.ee CnC Beacon (IN) (trojan.rules)
  2809896 - ETPRO TROJAN MSIL.Small.ee CnC Beacon 1 (OUT) (trojan.rules)
  2809897 - ETPRO TROJAN MSIL.Small.ee CnC Beacon 2 (OUT) (trojan.rules)
  2809898 - ETPRO TROJAN MSIL.Small.ee CnC Beacon 3 (OUT) (trojan.rules)
  2809899 - ETPRO TROJAN Trojan-Ransom.Win32.Foreign.lrov SSL
Certificate (trojan.rules)
  2809900 - ETPRO EXPLOIT Possible Jetty Web Server Information Leak
Attempt (exploit.rules)
  2809901 - ETPRO WEB_SPECIFIC_APPS WP Plugin Gravity Forms Possible
Shell Upload (web_specific_apps.rules)
  2809902 - ETPRO MOBILE_MALWARE Android/Tekwon.A Checkin 5
(mobile_malware.rules)
  2809903 - ETPRO TROJAN Win32/Jinupd.B Cnc Beacon 2 (trojan.rules)
  2809904 - ETPRO TROJAN Dridex Post Checkin Activity 5 (trojan.rules)
  2809905 - ETPRO TROJAN Dridex Post Checkin Activity 6 (trojan.rules)
  2809906 - ETPRO TROJAN Dridex Post Checkin Activity 7 (trojan.rules)
  2809907 - ETPRO TROJAN Win32/Jinupd.B Cnc Beacon (trojan.rules)

 [///]     Modified active rules:     [///]

  2007920 - ET TROJAN Dropper-497 (Yumato) Status Reply from server
(trojan.rules)
  2020159 - ET CURRENT_EVENTS Upatre Redirector Jan 9 2015
(current_events.rules)
  2808248 - ETPRO TROJAN Win32/Poweliks.A Checkin (trojan.rules)
Kevin Ross | 27 Feb 11:11 2015

SIG: ET INFO Executable Download Content Type But No EXE Identifiers - Potentially Obfuscated EXE

Hi,

When looking at various exploit kits which delivery encrypted binaries I noticed many of them do set the header as application/x-msdownload but there is no identifying characteristics of an executable (obviously as it is encrypted).

So I thought perhaps this could be used as an minor informational indicator and have run it in my network and it seems fine and tested it against some EK PCAPs too. The other one I see set is octet-stream but that is too generic to do this with unfortunately even though it is probably more common.

Tested against PCAP here: http://www.malware-traffic-analysis.net/2015/02/06/index.html

alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET INFO Executable Download Content Type But No EXE Identifiers - Potentially Obfuscated EXE"; flow:established,to_client; content:"Content-Type|3A| application/x-msdownload"; http_header; fast_pattern:25,13; file_data; content:!"MZ"; within:2; content:!"This program "; distance:0; content:!"PE|00 00|"; distance:0; classtype:bad-unknown; sid:1895231; rev:1;)




Kind Regards,
Kevin Ross
<div><div dir="ltr"><div>Hi,<br><br>When looking at various exploit kits which delivery encrypted binaries I noticed many of them do set the header as application/x-msdownload but there is no identifying characteristics of an executable (obviously as it is encrypted). <br><br>So I thought perhaps this could be used as an minor informational indicator and have run it in my network and it seems fine and tested it against some EK PCAPs too. The other one I see set is octet-stream but that is too generic to do this with unfortunately even though it is probably more common.<br><br>Tested against PCAP here: <a href="http://www.malware-traffic-analysis.net/2015/02/06/index.html">http://www.malware-traffic-analysis.net/2015/02/06/index.html</a><br><br>alert http $EXTERNAL_NET any -&gt; $HOME_NET any (msg:"ET INFO Executable Download Content Type But No EXE Identifiers - Potentially Obfuscated EXE"; flow:established,to_client; content:"Content-Type|3A| application/x-msdownload"; http_header; fast_pattern:25,13; file_data; content:!"MZ"; within:2; content:!"This program "; distance:0; content:!"PE|00 00|"; distance:0; classtype:bad-unknown; sid:1895231; rev:1;)<br><br><br><br><br>Kind Regards,<br>Kevin Ross<br>
</div></div></div>

Gmane