[***] Summary: [***]

10 new Open signatures, 35 new Pro (10 + 25). Quimitchin, APT28/DealersChoice, Lots o' Phishing, Satan Ransomware.

Thanks: @illegalFawn

[+++]          Added rules:          [+++]

Open:

2023754 - ET CURRENT_EVENTS Malicious JS.Nemucod to PS Dropping PE Nov 14 M2 (current_events.rules)
2023755 - ET CURRENT_EVENTS Possible Microsoft RDP Client for Mac RCE (current_events.rules)
2023756 - ET WEB_CLIENT Possible Chrome WebEx Extension RCE Attempt (web_client.rules)
2023757 - ET CURRENT_EVENTS Fake AV Phone Scam Landing Jan 24 (current_events.rules)
2023758 - ET CURRENT_EVENTS Successful Apple iCloud Phish Jan 23 2017 (current_events.rules)
2023759 - ET CURRENT_EVENTS Possible Successful Generic Paypal Phish Jan 23 2016 (current_events.rules)
2023760 - ET CURRENT_EVENTS Successful Paypal Phish Jan 23 2017 (current_events.rules)
2023761 - ET TROJAN APT28 DealersChoice DNS Lookup (gtranm .com) (trojan.rules)
2023762 - ET TROJAN APT28 DealersChoice DNS Lookup (zpfgr .com) (trojan.rules)
2023763 - ET TROJAN OSX Backdoor Quimitchin DNS Lookup (trojan.rules)

Pro:

2824591 - ETPRO TROJAN Gorynych CnC Checkin (trojan.rules)
2824592 - ETPRO POLICY SSL Cert Free File Hosting Site (f.lewd .se) (policy.rules)
2824593 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmForw.f Checkin (mobile_malware.rules)
2824594 - ETPRO CURRENT_EVENTS Successful Paypal Phish Jan 24 M1 2016 (current_events.rules)
2824595 - ETPRO CURRENT_EVENTS Successful Paypal Phish Jan 24 M2 2016 (current_events.rules)
2824596 - ETPRO CURRENT_EVENTS Successful Paypal Phish Jan 24 M3 2017 (current_events.rules)
2824597 - ETPRO CURRENT_EVENTS Successful Paypal Phish Jan 24 M4 2016 (current_events.rules)
2824598 - ETPRO CURRENT_EVENTS Successful Paypal Phish Jan 24 M5 2017 (current_events.rules)
2824599 - ETPRO CURRENT_EVENTS Successful Paypal Phish Jan 24 M6 2017 (current_events.rules)
2824600 - ETPRO CURRENT_EVENTS Successful Paypal Phish Jan 24 M7 2016 (current_events.rules)
2824601 - ETPRO CURRENT_EVENTS Successful Paypal Phish Jan 24 M8 2017 (current_events.rules)
2824602 - ETPRO CURRENT_EVENTS Successful Paypal Phish Jan 24 M9 2017 (current_events.rules)
2824603 - ETPRO TROJAN Satan Ransomware .onion Signup Domain (trojan.rules)
2824604 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Boogr.gsh / BankBot Checkin (mobile_malware.rules)
2824605 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmForw.hn SMS Exfil (mobile_malware.rules)
2824606 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmForw.hn CnC Beacon (mobile_malware.rules)
2824607 - ETPRO CURRENT_EVENTS Successful Paypal Phish Jan 24 M10 2017 (current_events.rules)
2824608 - ETPRO CURRENT_EVENTS Successful Paypal Phish Jan 24 M11 2017 (current_events.rules)
2824609 - ETPRO CURRENT_EVENTS Successful Paypal Phish Jan 24 M12 2017 (current_events.rules)
2824610 - ETPRO CURRENT_EVENTS Successful Paypal Phish Jan 24 M13 2017 (current_events.rules)
2824611 - ETPRO CURRENT_EVENTS Successful Google Drive Phish Jan 24 2017 (current_events.rules)
2824612 - ETPRO CURRENT_EVENTS Successful Desjardins Bank Phish M1 Jan 24 2017 (current_events.rules)
2824613 - ETPRO CURRENT_EVENTS Successful Desjardins Bank Phish M2 Jan 24 2017 (current_events.rules)
2824614 - ETPRO CURRENT_EVENTS Paypal Phishing Landing Jan 24 2017 (current_events.rules)
2824615 - ETPRO CURRENT_EVENTS Successful Excel Online Phish Jan 24 2017 (current_events.rules)

[///]     Modified active rules:     [///]

2007854 - ET MALWARE User-Agent (Mozilla) - Possible Spyware Related (malware.rules)
2008974 - ET MALWARE User-Agent (Mozilla/4.0 (compatible)) (malware.rules)
2017516 - ET TROJAN Worm.VBS.Dunihi Checkin 1 (trojan.rules)
2017994 - ET CURRENT_EVENTS VBS.Dunihi Check-in UA (current_events.rules)
2808754 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Krosec.a Checkin (mobile_malware.rules)

[---]         Removed rules:         [---]

2023318 - ET CURRENT_EVENTS Nemucod Downloader Oct 04 (current_events.rules)
2023738 - ET TROJAN Ransomware CrypMIC Payment Onion Domain (trojan.rules)
2823479 - ETPRO CURRENT_EVENTS Malicious JS to PS Dropping PE Nov 14 M2 (current_events.rules)

 

Date: 
Monday, January 23, 2017 - 22:00