[***] Summary: [***]

12 new Open rules, 22 new Pro. NjRAT, Angler EK, Various Android, Cryptolocker C2.

Thanks: Patrick Olsen, Kevin Ross, @kafeine and @abuse_ch

[+++] Added rules: [+++]

Open:

2019214 - ET TROJAN njrat ver 0.7d Malware CnC Callback (Capture) (trojan.rules)
2019215 - ET TROJAN njrat ver 0.7d Malware CnC Callback (Microphone) (trojan.rules)
2019216 - ET TROJAN njrat ver 0.7d Malware CnC Callback (Message) (trojan.rules)
2019217 - ET TROJAN njrat ver 0.7d Malware CnC Callback (Remote Shell) (trojan.rules)
2019218 - ET TROJAN njrat ver 0.7d Malware CnC Callback (Services Listing) (trojan.rules)
2019219 - ET TROJAN njrat ver 0.7d Malware CnC Callback (Registry Listing) (trojan.rules)
2019220 - ET TROJAN njrat ver 0.7d Malware CnC Callback (Process Listing) (trojan.rules)
2019221 - ET TROJAN njrat ver 0.7d Malware CnC Callback (File Manager Actions) (trojan.rules)
2019222 - ET TROJAN njrat ver 0.7d Malware CnC Callback (Keylogging) (trojan.rules)
2019223 - ET TROJAN njrat ver 0.7d Malware CnC Callback (trojan.rules)
2019224 - ET CURRENT_EVENTS DRIVEBY Angler EK Apr 01 2014 (current_events.rules)
2019225 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (UPATRE CnC) (trojan.rules)

Pro:

2808869 - ETPRO MALWARE Riskware.Chindo Checkin 2 (malware.rules)
2808870 - ETPRO MOBILE_MALWARE Android/MMarketPay.C Checkin (mobile_malware.rules)
2808871 - ETPRO MOBILE_MALWARE Android/MMarketPay.C Checkin 2 (mobile_malware.rules)
2808872 - ETPRO TROJAN Trojan.StoleCert.SPK CnC (trojan.rules)
2808873 - ETPRO TROJAN Win32.Themida Variant CnC (trojan.rules)
2808874 - ETPRO TROJAN Trojan.Win32.Kilva Checkin (trojan.rules)
2808875 - ETPRO TROJAN FakeAV.Malwaredoctor Checkin (trojan.rules)
2808876 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmForw.u Checkin 4 (mobile_malware.rules)
2808877 - ETPRO TROJAN Win32/Yeltminky.A Checkin (trojan.rules)
2808878 - ETPRO TROJAN Cryptographic Locker C2 (trojan.rules)

[///] Modified active rules: [///]

2006546 - ET SCAN LibSSH Based Frequent SSH Connections Likely BruteForce Attack! (scan.rules)
2017430 - ET TROJAN Bladabindi/njrat CnC Command (Keylogger) (trojan.rules)
2017817 - ET CURRENT_EVENTS Sweet Orange Landing Page Dec 09 2013 (current_events.rules)
2019074 - ET TROJAN Vawtrak/NeverQuest Posting Data (trojan.rules)
2019078 - ET CURRENT_EVENTS DRIVEBY Nuclear EK Landing Aug 27 2014 (current_events.rules)
2019146 - ET CURRENT_EVENTS Sweet Orange CDN Gate Sept 09 2014 Method 2 (current_events.rules)
2807427 - ETPRO TROJAN Cryp_Banker14 Checkin (trojan.rules)
2807767 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Wroba.c Checkin (mobile_malware.rules)
2807768 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Wroba.c Checkin 2 (mobile_malware.rules)
2808846 - ETPRO TROJAN Win32.Banload Variant Checkin (trojan.rules)
2808859 - ETPRO TROJAN W32/Scribble-B CnC via IRC (trojan.rules)

[---] Removed rules: [---]

2006435 - ET SCAN LibSSH Based SSH Connection - Often used as a BruteForce Tool (scan.rules)
2018689 - ET SCAN LibSSH2 Based SSH Connection - Often used as a BruteForce Tool (scan.rules)
2807913 - ETPRO CURRENT_EVENTS DRIVEBY Angler EK Apr 01 2014 (current_events.rules)
Date: 
Monday, September 22, 2014 - 22:00