[***] Summary: [***]

2 new Open signatures, 39 new Pro (2 + 37). Zeus Panda, GhostAdmin, PadCrypt.

[+++]          Added rules:          [+++]

Open:

2023746 - ET TROJAN User-Agent (Xmaker) (trojan.rules)
2023747 - ET TROJAN Evil JS Ransomware (trojan.rules)

Pro:

2824478 - ETPRO TROJAN Zeus Panda Banker Malicious SSL Certificate Detected (trojan.rules)
2824479 - ETPRO TROJAN Win32/Filecoder.Philadelphia.E .onion Proxy Domain (trojan.rules)
2824480 - ETPRO TROJAN Win32/Filecoder.Philadelphia.E .onion Proxy Domain (trojan.rules)
2824481 - ETPRO TROJAN GhostAdmin Bot USER Command (trojan.rules)
2824482 - ETPRO TROJAN GhostAdmin Bot JOIN Command (trojan.rules)
2824483 - ETPRO TROJAN GhostAdmin Bot FTP Login (trojan.rules)
2824484 - ETPRO TROJAN GhostAdmin Bot Keylogger FTP Upload (trojan.rules)
2824485 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher DNS Lookup (mobile_malware.rules)
2824486 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher DNS Lookup (mobile_malware.rules)
2824487 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher DNS Lookup (mobile_malware.rules)
2824488 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher DNS Lookup (mobile_malware.rules)
2824489 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Ecobatry.a Checkin (mobile_malware.rules)
2824490 - ETPRO TROJAN DNS Query to Cerber Domain (19ob95 . top) (trojan.rules)
2824491 - ETPRO TROJAN DNS Query to Cerber Domain (16gjpm . top) (trojan.rules)
2824492 - ETPRO TROJAN DNS Query to Cerber Domain (12gzrv . top) (trojan.rules)
2824493 - ETPRO TROJAN DNS Query to Cerber Domain (156vkx . top) (trojan.rules)
2824494 - ETPRO TROJAN DNS Query to Cerber Domain (17ldrv . top) (trojan.rules)
2824495 - ETPRO TROJAN DNS Query to Cerber Domain (15rnwa . top) (trojan.rules)
2824496 - ETPRO TROJAN DNS Query to Cerber Domain (1cqoww . top) (trojan.rules)
2824497 - ETPRO TROJAN DNS Query to Cerber Domain (15l2ub . top) (trojan.rules)
2824498 - ETPRO TROJAN DNS Query to Cerber Domain (1pbu64 . top) (trojan.rules)
2824499 - ETPRO TROJAN DNS Query to Cerber Domain (191jcq . top) (trojan.rules)
2824500 - ETPRO TROJAN DNS Query to Cerber Domain (1kdfj8 . top) (trojan.rules)
2824502 - ETPRO MOBILE_MALWARE Trojan-Ransom.AndroidOS.Pletor.b Checkin (mobile_malware.rules)
2824503 - ETPRO MOBILE_MALWARE Android/Simplocker.R DNS Lookup (mobile_malware.rules)
2824504 - ETPRO TROJAN PadCrypt Ransomware DGA Checkin (trojan.rules)
2824505 - ETPRO TROJAN Ransomware Domain Detected (Padcrypt) (trojan.rules)
2824506 - ETPRO EXPLOIT Grandstream IP Phone Password Disclosure (exploit.rules)
2824507 - ETPRO TROJAN Unknown MalDoc CnC Beacon (trojan.rules)
2824508 - ETPRO CURRENT_EVENTS Successful Adobe Shared PDF Phish M1 Jan 18 2017 (current_events.rules)
2824509 - ETPRO CURRENT_EVENTS Successful Adobe Shared PDF Phish M2 Jan 18 2017 (current_events.rules)
2824510 - ETPRO CURRENT_EVENTS Successful MBNA Phish M1 Jan 18 2017 (current_events.rules)
2824511 - ETPRO CURRENT_EVENTS Successful MBNA Phish M2 Jan 18 2017 (current_events.rules)
2824512 - ETPRO CURRENT_EVENTS Successful MBNA Phish M3 Jan 18 2017 (current_events.rules)
2824513 - ETPRO CURRENT_EVENTS Successful Poste Italiane Phish Jan 18 2016 (current_events.rules)
2824514 - ETPRO CURRENT_EVENTS Successful LinkedIn Phish Jan 18 2017 (current_events.rules)
2824515 - ETPRO CURRENT_EVENTS Successful Netflix Phish Jan 18 2017 (current_events.rules)

[///]     Modified active rules:     [///]

2011582 - ET POLICY Vulnerable Java Version 1.6.x Detected (policy.rules)
2013808 - ET TROJAN Dooptroop Dropper Checkin (trojan.rules)
2014112 - ET TROJAN Dooptroop CnC Beacon (trojan.rules)
2014297 - ET POLICY Vulnerable Java Version 1.7.x Detected (policy.rules)
2019401 - ET POLICY Vulnerable Java Version 1.8.x Detected (policy.rules)
2806032 - ETPRO TROJAN Win32.Scar.hhrw POST (trojan.rules)
2812810 - ETPRO MALWARE Win32/Adware.FileTour Variant PUP Checkin 3 (malware.rules)
2821937 - ETPRO CURRENT_EVENTS Successful Bank of America Phish M1 Aug 31 2016 (current_events.rules)
2822899 - ETPRO CURRENT_EVENTS Successful Windows Live Account Phish Oct 26 2016 (current_events.rules)

[---]         Removed rules:         [---]

2014398 - ET TROJAN Generic.KD.291903/Win32.TrojanClicker.Agent.NII Nconfirm Checkin (trojan.rules)
2805761 - ETPRO TROJAN Trojan-Ransom.Win32.Foreign.vcs Checkin (trojan.rules)
2824461 - ETPRO TROJAN User-Agent (Xmaker) (trojan.rules)
 

Date: 
Tuesday, January 17, 2017 - 22:00