[***] Summary: [***]

1 new Open signature, 21 new Pro (1 + 20). ARIK/Aaron Keylogger, Marlboro/Wicked Ransomware, Bluerid.

Thanks: @jonny55555

[+++]          Added rules:          [+++]

Open:

2023739 - ET TROJAN Maldoc Second Stage VBS Downloader with URL Padding (trojan.rules)

Pro:

2824387 - ETPRO TROJAN ARIK/Aaron Keylogger Download Request (trojan.rules)
2824388 - ETPRO TROJAN DNS Query to Cerber Domain (1fete1 . top) (trojan.rules)
2824389 - ETPRO TROJAN DNS Query to Cerber Domain (1nounl . top) (trojan.rules)
2824390 - ETPRO TROJAN DNS Query to Cerber Domain (wiaikl . top) (trojan.rules)
2824391 - ETPRO TROJAN DNS Query to Cerber Domain (ut1k1z . top) (trojan.rules)
2824392 - ETPRO TROJAN DNS Query to Cerber Domain (h4lu4i . bid) (trojan.rules)
2824393 - ETPRO TROJAN DNS Query to Cerber Domain (da34zi . bid) (trojan.rules)
2824394 - ETPRO TROJAN DNS Query to Cerber Domain (5p76tw . top) (trojan.rules)
2824395 - ETPRO TROJAN Marlboro/Wicked Ransomware CnC Checkin (trojan.rules)
2824396 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Dalik.a Checkin (mobile_malware.rules)
2824397 - ETPRO TROJAN Bluerid Stealer sending pass user via FTP (trojan.rules)
2824398 - ETPRO CURRENT_EVENTS Possible Successful Generic Phish (set) Jan 12 2017 (current_events.rules)
2824399 - ETPRO CURRENT_EVENTS Successful Paypal Phish M1 Jan 12 2017 (current_events.rules)
2824400 - ETPRO CURRENT_EVENTS Successful Netflix Phish M1 Jan 12 2017 (current_events.rules)
2824401 - ETPRO CURRENT_EVENTS Successful Netflix Phish M2 Jan 12 2017 (current_events.rules)
2824402 - ETPRO CURRENT_EVENTS Successful Paypal Phish M2 Jan 12 2017 (current_events.rules)
2824403 - ETPRO CURRENT_EVENTS Successful Apple (CA) Phish Jan 12 2017 (current_events.rules)
2824404 - ETPRO CURRENT_EVENTS Successful Bank of America Phish Jan 12 2017 (current_events.rules)
2824405 - ETPRO CURRENT_EVENTS Adobe Phishing Landing Jan 12 2017 (current_events.rules)

[///]     Modified active rules:     [///]

2003492 - ET MALWARE Suspicious Mozilla User-Agent - Likely Fake (Mozilla/4.0) (malware.rules)
2007994 - ET MALWARE Suspicious User-Agent (1 space) (malware.rules)
2008120 - ET TFTP Outbound TFTP Read Request (tftp.rules)
2013964 - ET TROJAN Suspicious UA Mozilla / 4.0 (trojan.rules)
2023497 - ET DOS Microsoft Windows LSASS Remote Memory Corruption (CVE-2017-0004) (dos.rules)
2806671 - ETPRO TROJAN TeamRat Stealer sending pass user via FTP (trojan.rules)
2814597 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SaveMe.a Checkin (mobile_malware.rules)
2822224 - ETPRO CURRENT_EVENTS Successful Western Union/Paypal Phish Sept 26 2016 (current_events.rules)

[---]         Removed rules:         [---]

2823017 - ETPRO CURRENT_EVENTS Successful Generic Phish Oct 31 2016 (current_events.rules)
2823783 - ETPRO CURRENT_EVENTS Successful Generic Phish Dec 12 2016 (current_events.rules)
2823877 - ETPRO CURRENT_EVENTS Successful Discover Phish M1 Dec 14 2016 (current_events.rules)
2823902 - ETPRO CURRENT_EVENTS Successful Generic Phish Dec 15 2016 (current_events.rules)
2823919 - ETPRO CURRENT_EVENTS Successful Generic Phish Dec 16 2016 (current_events.rules)
 

Date: 
Wednesday, January 11, 2017 - 22:00