[***] Summary: [***]

1 new Open signature, 35 new Pro (1 + 34). (?:Satan|Go|Cry|Sage|Cerber) Ransomware, Various Phishing, Sality, Linux.Rex.b, Zyklon.

Thanks: James Lay.

[+++]          Added rules:          [+++]

Open:

2023753 - ET SCAN MS Terminal Server taffic on Non-standard Port (scan.rules)

Pro:

2824557 - ETPRO TROJAN Go/Ransomware Variant CnC Beacon (trojan.rules)
2824558 - ETPRO CURRENT_EVENTS Successful Barclaycard Phish Jan 20 2017 (current_events.rules)
2824559 - ETPRO CURRENT_EVENTS Successful Adobe PDF Online Phish Jan 20 2017 (current_events.rules)
2824560 - ETPRO CURRENT_EVENTS Successful Credit Suisse Bank Phish M1 Jan 20 2017 (current_events.rules)
2824561 - ETPRO CURRENT_EVENTS Successful Credit Suisse Bank Phish M2 Jan 20 2017 (current_events.rules)
2824562 - ETPRO CURRENT_EVENTS Successful Scotiabank Phish M1 Jan 20 2017 (current_events.rules)
2824563 - ETPRO CURRENT_EVENTS Successful Scotiabank Phish M2 Jan 20 2017 (current_events.rules)
2824564 - ETPRO CURRENT_EVENTS Successful Scotiabank Phish M3 Jan 20 2017 (current_events.rules)
2824565 - ETPRO CURRENT_EVENTS DHL Phishing Landing Jan 20 2017 (current_events.rules)
2824566 - ETPRO CURRENT_EVENTS Successful DHL Phish Jan 20 2017 (current_events.rules)
2824567 - ETPRO CURRENT_EVENTS Successful Paypal Phish M1 Jan 20 2017 (current_events.rules)
2824568 - ETPRO CURRENT_EVENTS Successful Paypal Phish M2 Jan 20 2017 (current_events.rules)
2824569 - ETPRO CURRENT_EVENTS Successful Paypal Phish M3 Jan 20 2017 (current_events.rules)
2824570 - ETPRO CURRENT_EVENTS Successful IRS Phish Jan 20 2017 (current_events.rules)
2824571 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-01-23 1) (trojan.rules)
2824572 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-01-23 2) (trojan.rules)
2824573 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-01-23 3) (trojan.rules)
2824574 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-01-23 4) (trojan.rules)
2824575 - ETPRO TROJAN Satan Ransomware .onion Proxy Domain (trojan.rules)
2824576 - ETPRO TROJAN Satan Ransomware .onion Proxy Domain (trojan.rules)
2824577 - ETPRO TROJAN Win32/Sality Reporting Infection via SMTP (trojan.rules)
2824578 - ETPRO TROJAN Sage Ransomware Onion Domain (trojan.rules)
2824579 - ETPRO TROJAN Sage Ransomware Onion Domain (trojan.rules)
2824580 - ETPRO MOBILE_MALWARE Android.Trojan.Qiflo.A Checkin (mobile_malware.rules)
2824581 - ETPRO TROJAN Cry Ransomware Onion Domain (trojan.rules)
2824582 - ETPRO MOBILE_MALWARE Android/TrojanSMS.Agent.AAT File Download (mobile_malware.rules)
2824583 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Geinimi.a Checkin (mobile_malware.rules)
2824584 - ETPRO TROJAN Linux.Rex.b Retrieving C2 Address (trojan.rules)
2824585 - ETPRO TROJAN DNS Query to Cerber Domain (16fohp . top) (trojan.rules)
2824586 - ETPRO TROJAN DNS Query to Cerber Domain (1em2j4 . top) (trojan.rules)
2824587 - ETPRO TROJAN DNS Query to Cerber Domain (1bniyw . top) (trojan.rules)
2824588 - ETPRO TROJAN Win32.Banbra.tpst CnC Beacon (trojan.rules)
2824589 - ETPRO TROJAN Zyklon Botnet IP Check (trojan.rules)
2824590 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmsThief.dj SMS Exfil via SMTP (mobile_malware.rules)

[///]     Modified active rules:     [///]

2017640 - ET WEB_SERVER Possible Encrypted Webshell Download (web_server.rules)
2815529 - ETPRO TROJAN MSIL/Zyklon CnC (getkey) (trojan.rules)
2815530 - ETPRO TROJAN MSIL/Zyklon CnC (key) (trojan.rules)
2815531 - ETPRO TROJAN MSIL/Zyklon CnC (get plugin) (trojan.rules)
2820512 - ETPRO TROJAN MSIL/Zyklon/Censer Plugin DL (trojan.rules)
2823914 - ETPRO TROJAN Carbanak VBS/GGLDR Sending Info (trojan.rules)
2823915 - ETPRO TROJAN Carbanak VBS/GGLDR CnC Beacon (trojan.rules)
 

Date: 
Sunday, January 22, 2017 - 22:00