[***] Summary: [***]

23 new Open signatures, 58 new Pro (23 + 35). Linux/Venom, PadCrypt, CrypMIC, Oilrig, Gozi.

Thanks: @abuse_ch & @DeepEndResearch

[+++]          Added rules:          [+++]

Open:

2023716 - ET TROJAN Linux/Venom CnC Beacon (trojan.rules)
2023717 - ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL Certificate Detected (Gozi MITM) (trojan.rules)
2023718 - ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL Certificate Detected (Gozi MITM) (trojan.rules)
2023719 - ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL Certificate Detected (Gozi MITM) (trojan.rules)
2023720 - ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL Certificate Detected (Gozi MITM) (trojan.rules)
2023721 - ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL Certificate Detected (Gozi MITM) (trojan.rules)
2023722 - ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL Certificate Detected (Quakbot CnC) (trojan.rules)
2023723 - ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL Certificate Detected (Gozi CnC) (trojan.rules)
2023724 - ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL Certificate Detected (Gozi MITM) (trojan.rules)
2023725 - ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL Certificate Detected (Malware CnC) (trojan.rules)
2023726 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Chthonic CnC) (trojan.rules)
2023727 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (TrickBot CnC) (trojan.rules)
2023728 - ET TROJAN Spora Ransomware DNS Query (trojan.rules)
2023729 - ET TROJAN DeepEnd Research Ransomware PadCrypt .onion Proxy Domain (trojan.rules)
2023730 - ET TROJAN DeepEnd Research Ransomware CrypMIC Payment Onion Domain (trojan.rules)
2023731 - ET TROJAN DeepEnd Research Ransomware CrypMIC Payment Onion Domain (trojan.rules)
2023732 - ET TROJAN DeepEnd Research Ransomware CrypMIC Payment Onion Domain (trojan.rules)
2023733 - ET TROJAN DeepEnd Research Ransomware PadCrypt .onion Proxy Domain (trojan.rules)
2023734 - ET TROJAN DeepEnd Research Ransomware PadCrypt .onion Proxy Domain (trojan.rules)
2023735 - ET TROJAN DeepEnd Research Ransomware CrypMIC Payment Onion Domain (trojan.rules)
2023736 - ET TROJAN DeepEnd Research Ransomware CryptoWall .onion Proxy Domain (trojan.rules)
2023737 - ET TROJAN Ransomware CrypMIC Payment Onion Domain (trojan.rules)
2023738 - ET TROJAN Ransomware CrypMIC Payment Onion Domain (trojan.rules)

Pro:

2824352 - ETPRO TROJAN Possible Remcos/Remvio DNS Lookup (trojan.rules)
2824353 - ETPRO CURRENT_EVENTS Successful Scotiabank Phish Jan 11 2017 (current_events.rules)
2824354 - ETPRO CURRENT_EVENTS Successful Fidelity Phish M1 Jan 11 2017 (current_events.rules)
2824355 - ETPRO CURRENT_EVENTS Successful Fidelity Phish M2 Jan 11 2017 (current_events.rules)
2824356 - ETPRO CURRENT_EVENTS Successful Generic Webmail Phish Jan 11 2017 (current_events.rules)
2824357 - ETPRO TROJAN Malicious SSL Certificate Detected (Gootkit CnC) (trojan.rules)
2824358 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.GlodEagl.a Checkin (mobile_malware.rules)
2824359 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher DNS Lookup (mobile_malware.rules)
2824360 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher DNS Lookup (mobile_malware.rules)
2824361 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher DNS Lookup (mobile_malware.rules)
2824362 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher DNS Lookup (mobile_malware.rules)
2824363 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher DNS Lookup (mobile_malware.rules)
2824364 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher DNS Lookup (mobile_malware.rules)
2824365 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher DNS Lookup (mobile_malware.rules)
2824366 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-01-11 1) (trojan.rules)
2824367 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-01-11 2) (trojan.rules)
2824368 - ETPRO TROJAN Oilrig Dev VBS Checkin (trojan.rules)
2824369 - ETPRO TROJAN Oilrig DNS TXT Response (trojan.rules)
2824370 - ETPRO TROJAN Cerber Blockchain Query (trojan.rules)
2824371 - ETPRO TROJAN DNS Query to Cerber Domain (1ja4no . top) (trojan.rules)
2824372 - ETPRO TROJAN DNS Query to Cerber Domain (16jpgp . top) (trojan.rules)
2824373 - ETPRO TROJAN DNS Query to Cerber Domain (1lseoi . top) (trojan.rules)
2824374 - ETPRO TROJAN DNS Query to Cerber Domain (1bwh8a . top) (trojan.rules)
2824375 - ETPRO TROJAN DNS Query to Cerber Domain (12nypw . top) (trojan.rules)
2824376 - ETPRO TROJAN DNS Query to Cerber Domain (1fpeer . top) (trojan.rules)
2824377 - ETPRO TROJAN DNS Query to Cerber Domain (1cngub . top) (trojan.rules)
2824378 - ETPRO CURRENT_EVENTS Successful SmarterMail Phish Jan 11 2017 (current_events.rules)
2824379 - ETPRO CURRENT_EVENTS Successful Banque Et Assurances (FR) Phish Jan 11 2017 (current_events.rules)
2824380 - ETPRO CURRENT_EVENTS Successful HM Revenue Phish M1 Jan 11 2017 (current_events.rules)
2824381 - ETPRO CURRENT_EVENTS Successful HM Revenue Phish M2 Jan 11 2017 (current_events.rules)
2824382 - ETPRO CURRENT_EVENTS Successful Blockchain.info Phish Jan 11 2017 (current_events.rules)
2824383 - ETPRO CURRENT_EVENTS Successful Personalized Excel Online Phish Jan 11 2017 (current_events.rules)
2824384 - ETPRO CURRENT_EVENTS Successful Personalized Generic Webmail Phish M1 Jan 11 2017 (current_events.rules)
2824385 - ETPRO CURRENT_EVENTS Successful Personalized Generic Webmail Phish M2 Jan 11 2017 (current_events.rules)
2824386 - ETPRO CURRENT_EVENTS Successful Personalized Yahoo Phish Jan 11 2017 (current_events.rules)

[///]     Modified active rules:     [///]

2810582 - ETPRO TROJAN WIN32/KOVTER.B Checkin 2 (trojan.rules)
2821130 - ETPRO TROJAN Win32/Unknown Fake SSL CnC Beacon 2 (trojan.rules)
2823978 - ETPRO TROJAN Aaron Remote Keylogger Checkin (trojan.rules)

[---]         Removed rules:         [---]

2017998 - ET CURRENT_EVENTS Possible IE/SilverLight GoonEK Payload Download (current_events.rules)

Date: 
Tuesday, January 10, 2017 - 22:00