[***] Summary: [***]

4 new Open signatures, 37 new Pro (4 + 33). Cerber, Zeus Panda, Sundown EK.

Thanks: Kevin Ross, @illegalFawn and @douglasmun

[+++]          Added rules:          [+++]

Open:

2023695 - ET TROJAN W32/Cerber.Ransomware CnC Checkin M4 (trojan.rules)
2023696 - ET CURRENT_EVENTS Successful Bradesco Bank Phish M1 Jan 05 2017 (current_events.rules)
2023697 - ET CURRENT_EVENTS Successful Bradesco Bank Phish M2 Jan 05 2017 (current_events.rules)
2023698 - ET CURRENT_EVENTS Successful National Bank Phish Jan 05 2017 (current_events.rules)

Pro:

2824211 - ETPRO CURRENT_EVENTS Successful IRS Phish Jan 04 2017 (current_events.rules)
2824212 - ETPRO CURRENT_EVENTS Successful Turbotax Phish Jan 04 2017 (current_events.rules)
2824213 - ETPRO CURRENT_EVENTS Successful Netflix Payment Phish M1 Jan 04 2017 (current_events.rules)
2824214 - ETPRO CURRENT_EVENTS Successful Netflix Payment Phish M2 Jan 04 2017 (current_events.rules)
2824215 - ETPRO CURRENT_EVENTS Successful PostFinance (DE) Phish Jan 04 2017 (current_events.rules)
2824216 - ETPRO TROJAN Rerdom Variant CnC (trojan.rules)
2824217 - ETPRO CURRENT_EVENTS Successful Paypal Phish M1 Jan 05 2017 (current_events.rules)
2824218 - ETPRO CURRENT_EVENTS Successful Paypal Phish M2 Jan 05 2017 (current_events.rules)
2824219 - ETPRO CURRENT_EVENTS Successful Paypal Phish M3 Jan 05 2017 (current_events.rules)
2824220 - ETPRO CURRENT_EVENTS Possible SunDown EK Landing URI Struct Jan 05 2017 (current_events.rules)
2824221 - ETPRO TROJAN DNS Query to Cerber Domain (1hzgre . top) (trojan.rules)
2824222 - ETPRO TROJAN DNS Query to Cerber Domain (1hkmxu . top) (trojan.rules)
2824223 - ETPRO TROJAN DNS Query to Cerber Domain (1cuxcy . top) (trojan.rules)
2824224 - ETPRO TROJAN DNS Query to Cerber Domain (j3aad9 . top) (trojan.rules)
2824225 - ETPRO TROJAN DNS Query to Cerber Domain (ewg6uf . bid) (trojan.rules)
2824226 - ETPRO TROJAN DNS Query to Cerber Domain (pa5z2s . top) (trojan.rules)
2824227 - ETPRO TROJAN DNS Query to Cerber Domain (1pgtzf . top) (trojan.rules)
2824228 - ETPRO TROJAN DNS Query to Cerber Domain (pxluvi . top) (trojan.rules)
2824229 - ETPRO TROJAN DNS Query to Cerber Domain (jl1hkd . top) (trojan.rules)
2824230 - ETPRO TROJAN DNS Query to Cerber Domain (2msuuj . top) (trojan.rules)
2824231 - ETPRO TROJAN Zeus Panda Banker Malicious SSL Certificate Detected (trojan.rules)
2824232 - ETPRO TROJAN Unknown PowerShell Downloader .onion Proxy Domain (trojan.rules)
2824233 - ETPRO CURRENT_EVENTS Evil Redirect to Magnitude EK Jan 05 2017 (current_events.rules)
2824234 - ETPRO CURRENT_EVENTS Successful IRS Phish Jan 05 2017 (current_events.rules)
2824235 - ETPRO CURRENT_EVENTS Successful Bank of America Phish M1 Jan 05 2017 (current_events.rules)
2824236 - ETPRO CURRENT_EVENTS Successful Bank of America Phish M2 Jan 05 2017 (current_events.rules)
2824237 - ETPRO CURRENT_EVENTS Successful Apple Phish M1 Jan 05 2017 (current_events.rules)
2824238 - ETPRO CURRENT_EVENTS Successful Apple Phish M2 Jan 05 2017 (current_events.rules)
2824239 - ETPRO CURRENT_EVENTS Successful Apple Phish M3 Jan 05 2017 (current_events.rules)
2824240 - ETPRO CURRENT_EVENTS Successful Apple Phish M4 Jan 05 2017 (current_events.rules)
2824241 - ETPRO CURRENT_EVENTS Successful Paypal Phish M4 Jan 05 2017 (current_events.rules)
2824242 - ETPRO CURRENT_EVENTS Successful Paypal Phish M5 Jan 05 2017 (current_events.rules)
2824243 - ETPRO CURRENT_EVENTS Successful Paypal Phish M6 Jan 05 2017 (current_events.rules)

[///]     Modified active rules:     [///]

2003337 - ET MALWARE Suspicious User Agent (Autoupdate) (malware.rules)
2003492 - ET MALWARE Suspicious Mozilla User-Agent - Likely Fake (Mozilla/4.0) (malware.rules)
2006357 - ET MALWARE User Agent (TEST) - Likely Webhancer Related Spyware (malware.rules)
2008259 - ET TROJAN Suspicious User-Agent (AutoHotkey) (trojan.rules)
2823535 - ETPRO CURRENT_EVENTS RIG EK Landing Nov 30 2016 (RIG-v) (current_events.rules)
2823855 - ETPRO CURRENT_EVENTS SunDown EK Flash Exploit Dec 13 2016 (current_events.rules)
2823894 - ETPRO CURRENT_EVENTS Magnitude EK Landing Dec 14 2016 (current_events.rules)

[---]         Removed rules:         [---]

2822597 - ETPRO MOBILE_MALWARE Android.Trojan.SLocker.IE Checkin 2 (mobile_malware.rules)
 

Date: 
Wednesday, January 4, 2017 - 22:00