[***] Summary: [***]

12 new Open signatures, 31 new Pro (12 + 19). VARIOUS PHISHING, Cerber, GearInformer Keylogger.

Thanks: @rmkml and @MalwareKiwi

[+++]          Added rules:          [+++]

Open:

2023819 - ET CURRENT_EVENTS Possible Discover Phishing Domain Feb 02 2017 (current_events.rules)
2023820 - ET CURRENT_EVENTS Possible Successful Chase Phish Feb 02 2017 (current_events.rules)
2023821 - ET CURRENT_EVENTS Possible Successful Apple Phishing Domain Feb 02 2017 (current_events.rules)
2023822 - ET CURRENT_EVENTS Possible Successful USAA Phishing Domain Feb 02 2017 (current_events.rules)
2023823 - ET CURRENT_EVENTS Possible Successful Paypal Phishing Domain Feb 02 2017 (current_events.rules)
2023824 - ET CURRENT_EVENTS Possible Successful Bank of America Phishing Domain Feb 02 2017 (current_events.rules)
2023825 - ET CURRENT_EVENTS Possible Successful Google Drive Phishing Domain Feb 02 2017 (current_events.rules)
2023826 - ET CURRENT_EVENTS Possible Successful Cartasi Phishing Domain Feb 02 2017 (current_events.rules)
2023827 - ET CURRENT_EVENTS Possible Successful Linkedin Phishing Domain Feb 02 2017 (current_events.rules)
2023828 - ET CURRENT_EVENTS Possible Successful Ebay Phishing Domain Feb 02 2017 (current_events.rules)
2023829 - ET CURRENT_EVENTS Possible Successful Discover Phish Feb 02 2017 (current_events.rules)
2023830 - ET WEB_SPECIFIC_APPS Netgear WNR2000v5 Possible Serial Number Leak (web_specific_apps.rules)

Pro:

2824744 - ETPRO MOBILE_MALWARE Android.Trojan.AndroRAT.G Checkin (mobile_malware.rules)
2824745 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmForw/SlemBunk/SLocker Checkin (mobile_malware.rules)
2824746 - ETPRO TROJAN GearInformer Keylogger CnC Checkin (trojan.rules)
2824747 - ETPRO CURRENT_EVENTS Successful Orange (FR) Phish Feb 02 2017 (current_events.rules)
2824748 - ETPRO CURRENT_EVENTS Successful Apple iCloud Phish M1 Feb 02 2017 (current_events.rules)
2824749 - ETPRO CURRENT_EVENTS Successful Apple iCloud Phish M2 Feb 02 2017 (current_events.rules)
2824750 - ETPRO CURRENT_EVENTS Successful Discover Phish Feb 02 2017 (current_events.rules)
2824751 - ETPRO TROJAN DNS Query to Cerber Domain (13gmvm . top) (trojan.rules)
2824752 - ETPRO TROJAN DNS Query to Cerber Domain (bd7tlu . top) (trojan.rules)
2824753 - ETPRO TROJAN DNS Query to Cerber Domain (gcwggs . top) (trojan.rules)
2824754 - ETPRO TROJAN DNS Query to Cerber Domain (bxsn3z . top) (trojan.rules)
2824755 - ETPRO TROJAN DNS Query to Cerber Domain (h82on2 . top) (trojan.rules)
2824756 - ETPRO TROJAN DNS Query to Cerber Domain (kecz2c . top) (trojan.rules)
2824757 - ETPRO TROJAN DNS Query to Cerber Domain (zk95b8 . bid) (trojan.rules)
2824758 - ETPRO TROJAN DNS Query to Cerber Domain (ibar8s . top) (trojan.rules)
2824759 - ETPRO TROJAN DNS Query to Cerber Domain (g0lpn5 . bid) (trojan.rules)
2824760 - ETPRO TROJAN DNS Query to Cerber Domain (twyjdx . bid) (trojan.rules)
2824761 - ETPRO TROJAN Unknown CoinMiner CnC Activity (trojan.rules)
2824763 - ETPRO POLICY LabTech Remote Control Session Activity (policy.rules)

[///]     Modified active rules:     [///]

2022271 - ET INFO SUSPICIOUS Possible Evil Download wsf Double Ext No Referer (info.rules)
2808044 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.ao / Cardbuyer Checkin 2 (mobile_malware.rules)
2823334 - ETPRO TROJAN Nanocore Checkin Pattern (set) 1 (trojan.rules)

[---]  Disabled and modified rules:  [---]

2802993 - ETPRO WEB_CLIENT Microsoft Excel Excel Improper Record Parsing Vulnerability Flowbit SET (web_client.rules)
2815804 - ETPRO CURRENT_EVENTS Possible Nuclear EK Landing URI Struct Jan 14 M1 (current_events.rules)
2815805 - ETPRO CURRENT_EVENTS Possible Nuclear EK Landing URI Struct Jan 14 M2 (current_events.rules)
2815806 - ETPRO CURRENT_EVENTS Possible Nuclear EK Landing URI Struct Jan 14 M3 (current_events.rules)
2816337 - ETPRO CURRENT_EVENTS Angler EK Slight Feb 19 Primer M1 (current_events.rules)
 

Date: 
Wednesday, February 1, 2017 - 22:00