[***] Summary: [***]

4 new Open signatures, 23 new Pro (4 + 19). Sa(?:ge|tan) Ransomware, Greenbug Ismdoor, Ursnif.

Thanks: @malware_traffic

[+++]          Added rules:          [+++]

Open:

2023764 - ET TROJAN Unknown Trojan Checkin Jan 24 2017 (trojan.rules)
2023765 - ET TROJAN Unknown Trojan Checkin Jan 24 2017 (trojan.rules)
2023766 - ET TROJAN Sage Ransomware Checkin Primer (trojan.rules)
2023767 - ET TROJAN Sage Ransomware Checkin (trojan.rules)

Pro:

2824616 - ETPRO TROJAN ZeuS Variant .onion Proxy Domain (trojan.rules)
2824617 - ETPRO TROJAN Greenbug Ismdoor Checkin (trojan.rules)
2824618 - ETPRO TROJAN Greenbug Ismdoor CnC Beacon (trojan.rules)
2824619 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-01-24 1) (trojan.rules)
2824620 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-01-24 2) (trojan.rules)
2824621 - ETPRO TROJAN Satan Ransomware .onion Proxy Domain (trojan.rules)
2824622 - ETPRO TROJAN Ursnif Connectivity Check to ietf.org (trojan.rules)
2824623 - ETPRO TROJAN JS.Downloader.HLD Checkin M2 (trojan.rules)
2824624 - ETPRO TROJAN JS.Downloader.HLD CnC Reporting Dropped PE (trojan.rules)
2824625 - ETPRO TROJAN Win32.Androm.mgtq DNS Lookup (trojan.rules)
2824627 - ETPRO TROJAN Winnti-related Win32/Barlaiy DNS Lookup (trojan.rules)
2824628 - ETPRO TROJAN Winnti-related Win32/Barlaiy DNS Lookup (trojan.rules)
2824629 - ETPRO TROJAN Likely Winnti-related Win32/Barlaiy DNS Lookup (trojan.rules)
2824630 - ETPRO TROJAN Winnti-related Win32/Barlaiy CnC Beacon (trojan.rules)
2824631 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher DNS Lookup (mobile_malware.rules)
2824632 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher DNS Lookup (mobile_malware.rules)
2824633 - ETPRO TROJAN Malicious SSL Certificate Detected (Gootkit C2) (trojan.rules)
2824634 - ETPRO MOBILE_MALWARE Trojan-SMS.AndroidOS.Opfake.san DNS Lookup (mobile_malware.rules)
2824635 - ETPRO MOBILE_MALWARE Trojan-SMS.AndroidOS.Opfake.san DNS Lookup (mobile_malware.rules)

[///]     Modified active rules:     [///]

2008116 - ET TFTP Outbound TFTP Write Request (tftp.rules)
2013739 - ET TROJAN Zeus P2P CnC (trojan.rules)
2023485 - ET TROJAN JS.Downloader.HLD Checkin M1 (trojan.rules)
2823855 - ETPRO CURRENT_EVENTS SunDown EK Flash Exploit Dec 13 2016 (current_events.rules)
 

Date: 
Tuesday, January 24, 2017 - 22:00