[***] Summary: [***]

43 new Open signatures, 57 new Pro (43 + 14). DustySky, (?:Quasar|nj)RAT, CryptoShield, Kaandsona.

[+++]          Added rules:          [+++]

2023775 - ET CURRENT_EVENTS Possible Ebay Phishing Domain Jan 30 2017 (current_events.rules)
2023776 - ET CURRENT_EVENTS Possible Successful Ebay Phish Jan 30 2017 (current_events.rules)
2023777 - ET TROJAN DustySky Downeks/Quasar/other DNS Lookup (webfile .myq-see. com) (trojan.rules)
2023778 - ET TROJAN DustySky Downeks/Quasar/other DNS Lookup (downloadmyhost .zapto. org) (trojan.rules)
2023779 - ET TROJAN DustySky Downeks/Quasar/other DNS Lookup (help2014 .linkpc. net) (trojan.rules)
2023780 - ET TROJAN DustySky Downeks/Quasar/other DNS Lookup (safara .sytes. net) (trojan.rules)
2023781 - ET TROJAN DustySky Downeks/Quasar/other DNS Lookup (exportball .servegame. org) (trojan.rules)
2023782 - ET TROJAN DustySky Downeks/Quasar/other DNS Lookup (viewnet .better-than.tv) (trojan.rules)
2023783 - ET TROJAN DustySky Downeks/Quasar/other DNS Lookup (down .downloadoneyoutube. co.vu) (trojan.rules)
2023784 - ET TROJAN DustySky Downeks/Quasar/other DNS Lookup (netstreamag .publicvm. com) (trojan.rules)
2023785 - ET TROJAN DustySky Downeks/Quasar/other DNS Lookup (hostgatero .ddns. net) (trojan.rules)
2023786 - ET TROJAN DustySky Downeks/Quasar/other DNS Lookup (subsidiaryohio .linkpc. net) (trojan.rules)
2023787 - ET TROJAN DustySky Downeks/Quasar/other DNS Lookup (helpyoume .linkpc. net) (trojan.rules)
2023788 - ET TROJAN DustySky Downeks/Quasar/other DNS Lookup (downloadtesting . com) (trojan.rules)
2023789 - ET TROJAN DustySky Downeks/Quasar/other DNS Lookup (gameoolines . com) (trojan.rules)
2023790 - ET TROJAN DustySky Downeks/Quasar/other DNS Lookup (onlinesoft .space) (trojan.rules)
2023791 - ET TROJAN DustySky Downeks/Quasar/other DNS Lookup (newphoneapp . com) (trojan.rules)
2023792 - ET TROJAN DustySky Downeks/Quasar/other DNS Lookup (gamestoplay .bid) (trojan.rules)
2023793 - ET TROJAN DustySky Downeks/Quasar/QuasarRATother DNS Lookup (smartsftp .pw) (trojan.rules)
2023794 - ET TROJAN DustySky Downeks/Quasar/other DNS Lookup (galaxysupdates . com) (trojan.rules)
2023795 - ET TROJAN DustySky Downeks/Quasar/other DNS Lookup (galaxy-s . com) (trojan.rules)
2023796 - ET TROJAN DustySky Downeks/Quasar/other DNS Lookup (datasamsung . com) (trojan.rules)
2023797 - ET TROJAN DustySky Downeks/Quasar/other DNS Lookup (progsupdate . com) (trojan.rules)
2023798 - ET TROJAN DustySky Downeks/Quasar/other DNS Lookup (topgamse . com) (trojan.rules)
2023799 - ET TROJAN DustySky Downeks/Quasar/other DNS Lookup (bandtester . com) (trojan.rules)
2023800 - ET TROJAN DustySky Downeks/Quasar/other DNS Lookup (speedbind . com) (trojan.rules)
2023801 - ET TROJAN DustySky Downeks/Quasar/other DNS Lookup (ukgames .tech) (trojan.rules)
2023802 - ET TROJAN DustySky Downeks/Quasar/other DNS Lookup (wallanews .publicvm. com) (trojan.rules)
2023803 - ET TROJAN DustySky Downeks/Quasar/other DNS Lookup (wallanews .sytes. net) (trojan.rules)
2023804 - ET TROJAN DustySky Downeks/Quasar/other DNS Lookup (noredirecto .redirectme. net) (trojan.rules)
2023805 - ET TROJAN DustySky Downeks/Quasar/other DNS Lookup (dynamicipaddress .linkpc. net) (trojan.rules)
2023806 - ET TROJAN DustySky Downeks/Quasar/other DNS Lookup (downloadlog .linkpc. net) (trojan.rules)
2023807 - ET TROJAN DustySky Downeks/Quasar/other DNS Lookup (havan .qhigh. com) (trojan.rules)
2023808 - ET TROJAN DustySky Downeks/Quasar/other DNS Lookup (kolabdown .sytes. net) (trojan.rules)
2023809 - ET TROJAN DustySky Downeks/Quasar/other DNS Lookup (rotter2 .publicvm. com) (trojan.rules)
2023810 - ET TROJAN DustySky Downeks/Quasar/other DNS Lookup (ftpserverit .otzo. com) (trojan.rules)
2023811 - ET TROJAN Downeks Variant CnC Beacon (trojan.rules)
2023812 - ET TROJAN Possible DustySky PoisonIvy CnC Beacon (trojan.rules)
2023813 - ET TROJAN DustySky QuasarRAT CnC Beacon (trojan.rules)
2023814 - ET TROJAN CryptoShield 1.0 Ransomware Checkin (trojan.rules)
2023815 - ET TROJAN Shafttt MySQL Bruteforce Bot CnC Beacon (trojan.rules)
2023816 - ET TROJAN WSF/JS Downloader Jan 30 2017 M1 (trojan.rules)
2023817 - ET CURRENT_EVENTS EITest SocEng Inject Jan 15 2017 EXE Download (current_events.rules)

Pro:

2824707 - ETPRO TROJAN Possible CoreImpact CnC Beacon (Fake Safe Browsing) (trojan.rules)
2824708 - ETPRO CURRENT_EVENTS Successful Adobe Shared Document Phish Jan 31 2017 (current_events.rules)
2824709 - ETPRO CURRENT_EVENTS Successful IRS Phish M1 Jan 31 2017 (current_events.rules)
2824710 - ETPRO CURRENT_EVENTS Successful IRS Phish M2 Jan 31 2017 (current_events.rules)
2824711 - ETPRO CURRENT_EVENTS Successful IRS Phish M3 Jan 31 2017 (current_events.rules)
2824712 - ETPRO CURRENT_EVENTS Successful IRS Phish M4 Jan 31 2017 (current_events.rules)
2824713 - ETPRO CURRENT_EVENTS Successful Turbotax Phish Jan 31 2017 (current_events.rules)
2824716 - ETPRO TROJAN Kaandsona Ransomware Checkin (trojan.rules)
2824717 - ETPRO TROJAN W32/njRAT Variant (Comet/TunisiaRat) CnC Beacon (Start) (trojan.rules)
2824718 - ETPRO MOBILE_MALWARE Android.Trojan.InfoStealer.BS Checkin (mobile_malware.rules)
2824719 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-01-31 1) (trojan.rules)
2824720 - ETPRO TROJAN Ursnif JS Downloader Payload Request - Set (trojan.rules)
2824721 - ETPRO TROJAN Ursnif JS Downloader Payload Response (trojan.rules)
2824722 - ETPRO CURRENT_EVENTS EITest SocEng Successful Inject HTTP Request Jan 15 2017 M1 (current_events.rules)

[///]     Modified active rules:     [///]

2017969 - ET CURRENT_EVENTS Netgear passwordrecovered.cgi attempt (current_events.rules)
2814642 - ETPRO TROJAN W32/njRAT Variant (Comet/TunisiaRat) CnC Beacon (trojan.rules)
2821745 - ETPRO CURRENT_EVENTS Successful Google Drive Phish Aug 18 2016 (current_events.rules)
 

Date: 
Monday, January 30, 2017 - 22:00