[***] Summary: [***]

4 new Open signatures, 45 new Pro (4 + 41). EITest, Magnitude, CrimeScene Mailer, StrongPity.

Thanks: Mike Worth and @jonny55555.

[+++]          Added rules:          [+++]

2023742 - ET CURRENT_EVENTS EITest SocEng Inject Jan 15 2017 M2 (current_events.rules)
2023743 - ET CURRENT_EVENTS EITest SocEng Inject Jan 15 2017 M1 (current_events.rules)
2023744 - ET CURRENT_EVENTS EITest SocEng Inject Jan 15 2017 M2 (current_events.rules)
2023745 - ET CURRENT_EVENTS EITest SocEng Inject Jan 15 2017 EXE Download (current_events.rules)

Pro:

2819782 - ETPRO TROJAN CrimeScene Mailer Requesting Config (trojan.rules)
2824438 - ETPRO CURRENT_EVENTS Magnitude EK Landing Jan 15 2017 M1 (current_events.rules)
2824439 - ETPRO CURRENT_EVENTS Magnitude EK Landing Jan 15 2017 M2 (current_events.rules)
2824440 - ETPRO CURRENT_EVENTS Magnitude EK Redirect Jan 15 2017 (current_events.rules)
2824441 - ETPRO CURRENT_EVENTS Natwest Phishing Landing Jan 17 2016 (current_events.rules)
2824442 - ETPRO CURRENT_EVENTS Successful Natwest Phish Jan 17 2016 (current_events.rules)
2824443 - ETPRO CURRENT_EVENTS Successful ING Direct Phish Jan 17 2017 (current_events.rules)
2824444 - ETPRO CURRENT_EVENTS Possible Successful Generic Phish (set) Jan 17 2017 (current_events.rules)
2824445 - ETPRO CURRENT_EVENTS Possible Successful Generic Phish (set) Jan 17 2017 (current_events.rules)
2824446 - ETPRO CURRENT_EVENTS Successful Mailbox Account Upgrade Phish Jan 17 2017 (current_events.rules)
2824447 - ETPRO CURRENT_EVENTS Successful Sparkasse (DE) Phish Jan 17 2017 (current_events.rules)
2824448 - ETPRO TROJAN Observed Malicious SSL Cert (Gootkit) (trojan.rules)
2824449 - ETPRO CURRENT_EVENTS GreenFlash SunDown EK Flash Exploit Jan 17 (current_events.rules)
2824450 - ETPRO TROJAN NanoBot .onion Proxy Domain (trojan.rules)
2824451 - ETPRO TROJAN DNS Query to Cerber Domain (19ob95 . top) (trojan.rules)
2824452 - ETPRO TROJAN DNS Query to Cerber Domain (16gjpm . top) (trojan.rules)
2824453 - ETPRO TROJAN DNS Query to Cerber Domain (12gzrv . top) (trojan.rules)
2824454 - ETPRO TROJAN DNS Query to Cerber Domain (17ldrv . top) (trojan.rules)
2824455 - ETPRO TROJAN DNS Query to Cerber Domain (15rnwa . top) (trojan.rules)
2824456 - ETPRO TROJAN DNS Query to Cerber Domain (1pbu64 . top) (trojan.rules)
2824457 - ETPRO TROJAN DNS Query to Cerber Domain (191jcq . top) (trojan.rules)
2824458 - ETPRO TROJAN DNS Query to Cerber Domain (1kdfj8 . top) (trojan.rules)
2824459 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.SmsBlock.a SMS Exfil via SMTP (mobile_malware.rules)
2824460 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.SmsBlock.a SMS Exfil via SMTP 2 (mobile_malware.rules)
2824461 - ETPRO TROJAN User-Agent (Xmaker) (trojan.rules)
2824462 - ETPRO TROJAN Madness DDOS SSL Cert (trojan.rules)
2824463 - ETPRO TROJAN Observed Malicious Domain SSL Cert in SNI (Unknown) (trojan.rules)
2824464 - ETPRO TROJAN Unknown CnC Checkin (trojan.rules)
2824465 - ETPRO TROJAN StrongPity SSL Cert (trojan.rules)
2824466 - ETPRO TROJAN StrongPity SSL Cert (trojan.rules)
2824467 - ETPRO CURRENT_EVENTS Successful Apple Phish M1 Jan 17 2017 (current_events.rules)
2824468 - ETPRO CURRENT_EVENTS Successful Apple Phish M2 Jan 17 2017 (current_events.rules)
2824469 - ETPRO CURRENT_EVENTS Successful Generic Mailbox Validation Phish Jan 17 2017 (current_events.rules)
2824470 - ETPRO CURRENT_EVENTS Successful Excel Phish M1 Jan 17 2017 (current_events.rules)
2824471 - ETPRO CURRENT_EVENTS Successful Excel Phish M2 Jan 17 2017 (current_events.rules)
2824472 - ETPRO CURRENT_EVENTS Successful Dynamic Folder Phish Jan 17 2017 (current_events.rules)
2824473 - ETPRO CURRENT_EVENTS Successful USAA Phish Jan 17 2017 (current_events.rules)
2824474 - ETPRO CURRENT_EVENTS Successful Capital One Phish Jan 17 2017 (current_events.rules)
2824475 - ETPRO CURRENT_EVENTS Successful Paypal Phish Jan 17 2016 (current_events.rules)
2824476 - ETPRO TROJAN GhostAdmin Sending Configs (trojan.rules)
2824477 - ETPRO MOBILE_MALWARE Trojan-Ransom.AndroidOS.Congur.a Checkin via SMTP (mobile_malware.rules)

[///]     Modified active rules:     [///]

2017131 - ET CURRENT_EVENTS Potential Internet Explorer Use After Free CVE-2013-3163 Exploit URI Struct 1 (current_events.rules)
2020116 - ET POLICY DNS Query for .onion proxy Domain (onion.to) (policy.rules)
2020126 - ET POLICY DNS Query for .onion proxy Domain (tor4pay.com) (policy.rules)
2020133 - ET POLICY DNS Query for .onion proxy Domain (torminater.com) (policy.rules)
2020430 - ET POLICY DNS Query for .onion proxy Domain (onion.city) (policy.rules)
2022332 - ET POLICY DNS Query for .onion proxy Domain (onion.link) (policy.rules)
2022644 - ET POLICY DNS Query for .onion proxy Domain (torgate.es) (policy.rules)
2822482 - ETPRO CURRENT_EVENTS SunDown/Xer Payload (URL Primer) (current_events.rules)
2822942 - ETPRO CURRENT_EVENTS Successful Yahoo Phish Oct 27 2016 (current_events.rules)
2824241 - ETPRO CURRENT_EVENTS Successful Paypal Phish M4 Jan 05 2017 (current_events.rules)
2824242 - ETPRO CURRENT_EVENTS Successful Paypal Phish M5 Jan 05 2017 (current_events.rules)
2824243 - ETPRO CURRENT_EVENTS Successful Paypal Phish M6 Jan 05 2017 (current_events.rules)

[---]  Disabled and modified rules:  [---]

2823832 - ETPRO WEB_CLIENT Windows Graphics RCE (CVE-2016-7272) 1 (web_client.rules)
2823833 - ETPRO WEB_CLIENT Windows Graphics RCE (CVE-2016-7272) 2 (web_client.rules)
2823900 - ETPRO WEB_CLIENT Windows Graphics RCE (CVE-2016-7272) 1 (web_client.rules)
 

Date: 
Monday, January 16, 2017 - 22:00