[***] Summary: [***]

1 new Open signature, 19 new Pro (1 + 18). Unk Keylogger, Satan Ransomware, Retefe Banker.

[+++]          Added rules:          [+++]

2023818 - ET INFO Windows Update/Microsoft FP Flowbit (info.rules)

Pro:

2824723 - ETPRO CURRENT_EVENTS Successful Discover Phish M1 Jan 31 2017 (current_events.rules)
2824724 - ETPRO CURRENT_EVENTS Successful Discover Phish M2 Jan 31 2017 (current_events.rules)
2824725 - ETPRO CURRENT_EVENTS Successful Discover Phish M3 Jan 31 2017 (current_events.rules)
2824726 - ETPRO CURRENT_EVENTS Successful Generic Mailbox Update Phish Jan 31 2017 (current_events.rules)
2824727 - ETPRO CURRENT_EVENTS Successful Santander Phish M1 Jan 31 2017 (current_events.rules)
2824728 - ETPRO CURRENT_EVENTS Successful Santander Phish M2 Jan 31 2017 (current_events.rules)
2824729 - ETPRO TROJAN MSIL/Unk.Keylogger Checkin via SMTP (trojan.rules)
2824730 - ETPRO MOBILE_MALWARE Android.Trojan.SMSSend.NE Checkin (mobile_malware.rules)
2824731 - ETPRO MOBILE_MALWARE Android.Trojan.SMSSend.NE DNS Lookup (mobile_malware.rules)
2824734 - ETPRO TROJAN Satan Ransomware .onion Proxy Domain (trojan.rules)
2824735 - ETPRO TROJAN Satan Ransomware .onion Proxy Domain (trojan.rules)
2824736 - ETPRO TROJAN Retefe Banker .onion Domain (trojan.rules)
2824737 - ETPRO TROJAN W32.Dorma Variant Downloader Checkin (trojan.rules)
2824738 - ETPRO TROJAN W32.Dorma Variant Executable Request (trojan.rules)
2824739 - ETPRO TROJAN W32.Dorma Variant Downloaded (trojan.rules)
2824740 - ETPRO WEB_SERVER Possible WP REST API Type Juggling Vuln Exploit Attempt (web_server.rules)
2824741 - ETPRO MOBILE_MALWARE Android/Locker.Q DNS Lookup (mobile_malware.rules)
2824742 - ETPRO MOBILE_MALWARE Android/Locker.Q DNS Lookup (mobile_malware.rules)

[///]     Modified active rules:     [///]

2018959 - ET POLICY PE EXE or DLL Windows file download HTTP (policy.rules)
2019378 - ET TROJAN Gozi Checkin (trojan.rules)
2815781 - ETPRO CURRENT_EVENTS Possible Successful Generic Phish Jan 14 (current_events.rules)
2820364 - ETPRO CURRENT_EVENTS Possible Successful Generic Phish May 26 (current_events.rules)
2820803 - ETPRO CURRENT_EVENTS Possible Successful Generic Phish Jun 22 (current_events.rules)
2821753 - ETPRO CURRENT_EVENTS Possible Successful Generic Phish Aug 16 2016 (current_events.rules)
2822483 - ETPRO CURRENT_EVENTS Possible Successful Generic Phish Oct 07 2016 (current_events.rules)
2823782 - ETPRO CURRENT_EVENTS Successful Chase Phishing Dec 12 2016 (current_events.rules)
2824722 - ETPRO CURRENT_EVENTS EITest SocEng Successful Inject HTTP Request Jan 15 2017 M1 (current_events.rules)

[///]    Modified inactive rules:    [///]

2001979 - ET POLICY SSH Server Banner Detected on Unusual Port (policy.rules)
2800694 - ETPRO EXPLOIT Microsoft Excel Embedded Shockwave Flash Object Code Execution (exploit.rules)

[---]  Disabled and modified rules:  [---]

2019343 - ET CURRENT_EVENTS FAKEIE 11.0 Minimal Headers (flowbit set) (current_events.rules)
2019344 - ET CURRENT_EVENTS FAKEIE Minimal Headers (flowbit set) (current_events.rules)
2023197 - ET USER_AGENTS Microsoft Edge on Windows 10 SET (user_agents.rules)

[---]         Removed rules:         [---]

2819896 - ETPRO CURRENT_EVENTS Successful Zoom Phish Apr 21 (current_events.rules)
2820612 - ETPRO CURRENT_EVENTS Successful Webmail Credential Phish Jun 14 M1 (current_events.rules)
 

Date: 
Tuesday, January 31, 2017 - 22:00