[***] Summary: [***]

5 new Open signatures, 27 new Pro (5 + 23). Various Phishing, Parite, SureRansom, Gootkit, Retefe Banker.

Thanks: @illegalFawn.

[+++]          Added rules:          [+++]

Open:

2023770 - ET CURRENT_EVENTS Successful RBC Royal Bank Phish Jan 30 2017 (current_events.rules)
2023771 - ET CURRENT_EVENTS Successful Wells Fargo Phish Jan 30 2017 (current_events.rules)
2023772 - ET CURRENT_EVENTS Successful Find My iPhone Phish (SP) Jan 30 2017 (current_events.rules)
2023773 - ET CURRENT_EVENTS Successful Tangerine Bank Phish M1 Jan 30 2017 (current_events.rules)
2023774 - ET CURRENT_EVENTS Successful Tangerine Bank Phish M2 Jan 30 2017 (current_events.rules)

Pro:

2824684 - ETPRO POLICY External IP Lookup localize.pdfforge.org (policy.rules)
2824685 - ETPRO TROJAN DNS Query to Cerber Domain (1jw2lx . top) (trojan.rules)
2824686 - ETPRO TROJAN DNS Query to Cerber Domain (1plugt . top) (trojan.rules)
2824687 - ETPRO TROJAN Win32/Parite phpMyAdmin Scanning (trojan.rules)
2824688 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-01-30 1) (trojan.rules)
2824689 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-01-30 2) (trojan.rules)
2824690 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL) (current_events.rules)
2824691 - ETPRO TROJAN SureRansom Ransomware Checkin (trojan.rules)
2824692 - ETPRO TROJAN Gootkit Malicious SSL Cert Observed (trojan.rules)
2824693 - ETPRO TROJAN Gootkit Malicious SSL Cert Observed (trojan.rules)
2824694 - ETPRO TROJAN Malicious SSL Certificate Detected (Gootkit C2) (trojan.rules)
2824695 - ETPRO TROJAN Unknown KeyLogger FTP CnC Beacon - set (trojan.rules)
2824696 - ETPRO TROJAN Unknown KeyLogger FTP CnC Beacon (trojan.rules)
2824697 - ETPRO TROJAN Win32/Nagram/Rakhni IP Check (trojan.rules)
2824698 - ETPRO TROJAN Satan Ransomware .onion Proxy Domain (trojan.rules)
2824699 - ETPRO TROJAN Satan Ransomware .onion Proxy Domain (trojan.rules)
2824700 - ETPRO TROJAN Satan Ransomware .onion Proxy Domain (trojan.rules)
2824701 - ETPRO TROJAN Satan Ransomware .onion Proxy Domain (trojan.rules)
2824702 - ETPRO TROJAN Unknown Trojan .onion Proxy Domain (trojan.rules)
2824703 - ETPRO TROJAN Zeus Panda Banker Malicious SSL Certificate Detected (trojan.rules)
2824704 - ETPRO TROJAN Win32/Aimbot.D (trojan.rules)
2824705 - ETPRO TROJAN Retefe Banker .onion Domain (trojan.rules)
2824706 - ETPRO TROJAN Retefe Banker .onion Domain (trojan.rules)

[///]     Modified active rules:     [///]

2021982 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Retefe CnC) (trojan.rules)
2022129 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Retefe CnC) (trojan.rules)
2022130 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Retefe CnC) (trojan.rules)
2022764 - ET TROJAN Retefe Banker .onion Domain (trojan.rules)
2022765 - ET TROJAN Retefe Banker .onion Domain (trojan.rules)
2022766 - ET TROJAN Retefe Banker .onion Domain (trojan.rules)
2022767 - ET TROJAN Retefe Banker .onion Domain (trojan.rules)
2022768 - ET TROJAN Retefe Banker .onion Domain (trojan.rules)
2819987 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Hqwar.q Checkin (mobile_malware.rules)
2821315 - ETPRO TROJAN Retefe Banker .onion Domain (trojan.rules)
 

Date: 
Sunday, January 29, 2017 - 22:00