[***] Summary: [***]

2 new Open signatures, 15 new Pro (2 + 13). SunDown EK, Cerber, Gootkit.

Thanks: Balasubramaniam Natarajan

[+++]          Added rules:          [+++]

Open:

2023751 - ET CURRENT_EVENTS Tech Support Phone Scam Landing M1 Jan 20 2017 (current_events.rules)
2023752 - ET CURRENT_EVENTS Tech Support Phone Scam Landing M2 Jan 20 2017 (current_events.rules)

Pro:

2824544 - ETPRO TROJAN Malicious SSL Certificate Detected (Gootkit CnC) (trojan.rules)
2824545 - ETPRO TROJAN Observed Malicious SSL Cert (Gootkit) (trojan.rules)
2824546 - ETPRO TROJAN Observed Malicious SSL Cert (Gootkit) (trojan.rules)
2824547 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmForw.g Contact Exfil (mobile_malware.rules)
2824548 - ETPRO TROJAN Malicious SSL Certificate Detected (Gootkit C2) (trojan.rules)
2824549 - ETPRO CURRENT_EVENTS Hancitor encrypted payload Jan 17 (1) (current_events.rules)
2824550 - ETPRO CURRENT_EVENTS SunDown EK Landing Jan 20 2016 M1 (current_events.rules)
2824551 - ETPRO CURRENT_EVENTS SunDown EK Landing Jan 20 2016 M2 (current_events.rules)
2824552 - ETPRO TROJAN DNS Query to Cerber Domain (1grrxe . top) (trojan.rules)
2824553 - ETPRO TROJAN DNS Query to Cerber Domain (1dlcbk . top) (trojan.rules)
2824554 - ETPRO TROJAN DNS Query to Cerber Domain (1kja1j . top) (trojan.rules)
2824555 - ETPRO TROJAN DNS Query to Cerber Domain (1egwye . top) (trojan.rules)
2824556 - ETPRO TROJAN DNS Query to Cerber Domain (1chy1m . top) (trojan.rules)

[///]     Modified active rules:     [///]

2021178 - ET ATTACK_RESPONSE Metasploit Meterpreter Reverse HTTPS certificate (attack_response.rules)
2823855 - ETPRO CURRENT_EVENTS SunDown EK Flash Exploit Dec 13 2016 (current_events.rules)
 

Date: 
Thursday, January 19, 2017 - 22:00