[***] Summary: [***]

8 new Open signatures, 34 new Pro (8 + 26). Oilrig, CVE-2016-720[0-1], Locky, TorrentLocker.

Thanks: @abuse_ch.

[+++]          Added rules:          [+++]

Open:

2023699 - ET EXPLOIT Possible Microsoft Edge Chakra.dll Type Confusion (CVE-2016-7200 CVE-2016-7201) Observed in SunDown EK 3 (exploit.rules)
2023700 - ET EXPLOIT Possible Microsoft Edge Chakra.dll Type Confusion (CVE-2016-7200 CVE-2016-7201) Observed in SunDown EK 1 (exploit.rules)
2023701 - ET EXPLOIT Possible Microsoft Edge Chakra.dll Type Confusion (CVE-2016-7200 CVE-2016-7201) Observed in SunDown EK 2 (exploit.rules)
2023702 - ET EXPLOIT Possible Microsoft Edge Chakra.dll Type Confusion (CVE-2016-7200 CVE-2016-7201) B641 (exploit.rules)
2023703 - ET EXPLOIT Possible Microsoft Edge Chakra.dll Type Confusion (CVE-2016-7200 CVE-2016-7201) B642 (exploit.rules)
2023704 - ET EXPLOIT Possible Microsoft Edge Chakra.dll Type Confusion (CVE-2016-7200 CVE-2016-7201) B643 (exploit.rules)
2023705 - ET TROJAN ABUSE.CH Ransomware Domain Detected (Locky C2) (trojan.rules)
2023706 - ET TROJAN ABUSE.CH Ransomware Domain Detected (TorrentLocker Payment) (trojan.rules)

Pro:

2824244 - ETPRO TROJAN Observed Malicious SSL Certificate (Orcus RAT) (trojan.rules)
2824245 - ETPRO CURRENT_EVENTS Let s Encrypt Certificate Used in Paypal Phishing (current_events.rules)
2824246 - ETPRO CURRENT_EVENTS Phishing Landing Checking Browser/OS/Platform Jan 05 2017 (current_events.rules)
2824247 - ETPRO CURRENT_EVENTS Successful Paypal Phish Jan 06 2017 (current_events.rules)
2824248 - ETPRO TROJAN Zeus Panda Banker Malicious SSL Certificate Detected (trojan.rules)
2824249 - ETPRO MOBILE_MALWARE Android.Riskware.SmsPay.ED Checkin (mobile_malware.rules)
2824250 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-01-06 1) (trojan.rules)
2824251 - ETPRO TROJAN MSIL/Peppy CnC Beacon (Ping) (trojan.rules)
2824252 - ETPRO TROJAN MSIL/Peppy CnC Beacon (POST) (trojan.rules)
2824253 - ETPRO TROJAN MSIL/Peppy CnC Beacon (User-Agent) (trojan.rules)
2824254 - ETPRO TROJAN MSIL/Peppy Retrieving Payload (trojan.rules)
2824255 - ETPRO TROJAN Oilrig Powershell DL Request (trojan.rules)
2824256 - ETPRO TROJAN Oilrig update.vbs Upload Request (trojan.rules)
2824257 - ETPRO TROJAN MM Core Retrieving Payload (trojan.rules)
2824258 - ETPRO TROJAN MM Core CnC Beacon (trojan.rules)
2824259 - ETPRO TROJAN DNS Query to Cerber Domain (uunmkj . top) (trojan.rules)
2824260 - ETPRO TROJAN DNS Query to Cerber Domain (reu88i . top) (trojan.rules)
2824261 - ETPRO TROJAN DNS Query to Cerber Domain (prbuoi . top) (trojan.rules)
2824262 - ETPRO TROJAN DNS Query to Cerber Domain (gyciiz . top) (trojan.rules)
2824263 - ETPRO TROJAN DNS Query to Cerber Domain (72z4vw . top) (trojan.rules)
2824264 - ETPRO TROJAN DNS Query to Cerber Domain (1m3exl . top) (trojan.rules)
2824265 - ETPRO TROJAN DNS Query to Cerber Domain (gzxtez . top) (trojan.rules)
2824266 - ETPRO TROJAN DNS Query to Cerber Domain (13jukv . top) (trojan.rules)
2824267 - ETPRO TROJAN DNS Query to Cerber Domain (ozwwt1 . top) (trojan.rules)
2824268 - ETPRO TROJAN DNS Query to Cerber Domain (17kuzd . top) (trojan.rules)
2824269 - ETPRO MOBILE_MALWARE Trojan-SMS.AndroidOS.Agent.w CnC Beacon (mobile_malware.rules)

[///]     Modified active rules:     [///]

2013964 - ET TROJAN Suspicious UA Mozilla / 4.0 (trojan.rules)
2014154 - ET CURRENT_EVENTS DRIVEBY PDF Containing Subform with JavaScript (current_events.rules)
2019490 - ET EXPLOIT Possible Malicious NAT-PMP Response to External Network (exploit.rules)
2811866 - ETPRO MOBILE_MALWARE Android/SMSreg.TD Checkin (mobile_malware.rules)
2814022 - ETPRO MOBILE_MALWARE Trojan-Downloader.AndroidOS.Leech.a Checkin (mobile_malware.rules)
2822601 - ETPRO TROJAN Backdoor.Win32.Mocker CnC Beacon (GET) (trojan.rules)
2824220 - ETPRO CURRENT_EVENTS Possible SunDown EK Landing URI Struct Jan 05 2017 (current_events.rules)

[---]         Removed rules:         [---]

2008352 - ET TROJAN CoreFlooder.Q Data Posting (trojan.rules)
2016394 - ET WEB_CLIENT Adobe Flash Uncompressed (web_client.rules)
 

Date: 
Thursday, January 5, 2017 - 22:00