[***] Summary: [***]

8 new Open signatures, 23 new Pro (8 = 15). Pegasus/Trident, HawkEye Keylogger, VARIOUS PHISHING.

Thanks:  tdzmont.

[+++]          Added rules:          [+++]

Open:

2023131 - ET TROJAN Possible Pegasus/Trident Related HTTP Beacon 1 (trojan.rules)
2023132 - ET TROJAN Possible Pegasus/Trident Related HTTP Beacon 2 (trojan.rules)
2023133 - ET TROJAN Possible Pegasus/Trident Related HTTP Beacon 3 (trojan.rules)
2023134 - ET TROJAN Possible Pegasus/Trident Related HTTP Beacon 4 (trojan.rules)
2023136 - ET TROJAN Possible Pegasus/Trident Related HTTP Beacon 5 (trojan.rules)
2023137 - ET INFO Suspicious POST to .tk domain with Password (info.rules)
2023138 - ET CURRENT_EVENTS Suspicious Proxifier DL (non-browser observed in maldoc campaigns) (current_events.rules)
2023139 - ET INFO Form Data Submitted to yolasite.com - Possible Phishing (info.rules)

Pro:

2821859 - ETPRO TROJAN PoisonIvy Keepalive to CnC 489 (trojan.rules)
2821860 - ETPRO TROJAN PoisonIvy Keepalive to CnC 490 (trojan.rules)
2821861 - ETPRO TROJAN PoisonIvy Keepalive to CnC 491 (trojan.rules)
2821862 - ETPRO TROJAN HawkEye Keylogger Reporting via SMTP (trojan.rules)
2821863 - ETPRO CURRENT_EVENTS Successful Chase Phish M1 Aug 26 2016 (current_events.rules)
2821864 - ETPRO CURRENT_EVENTS Successful Chase Phish M2 Aug 26 2016 (current_events.rules)
2821865 - ETPRO CURRENT_EVENTS Successful Chase Phish M3 Aug 26 2016 (current_events.rules)
2821866 - ETPRO CURRENT_EVENTS Successful Chase Phish M4 Aug 26 2016 (current_events.rules)
2821867 - ETPRO CURRENT_EVENTS Successful Chase Phish M5 Aug 26 2016 (current_events.rules)
2821868 - ETPRO CURRENT_EVENTS Successful Chase Phish M6 Aug 26 2016 (current_events.rules)
2821869 - ETPRO CURRENT_EVENTS Successful HSBC Phish Aug 26 2016 (current_events.rules)
2821870 - ETPRO CURRENT_EVENTS Successful Adobe Shared Document Phish Aug 26 2016 (current_events.rules)
2821871 - ETPRO CURRENT_EVENTS Successful Google Drive Phish Aug 26 2016 (current_events.rules)
2821872 - ETPRO CURRENT_EVENTS Successful Google Drive Phish - Redirect to PDF Aug 26 2016 (current_events.rules)
2821873 - ETPRO CURRENT_EVENTS Google Drive Phish Landing Aug 26 2016 (current_events.rules)

[///]     Modified active rules:     [///]

2012612 - ET TROJAN Hiloti Style GET to PHP with invalid terse MSIE headers (trojan.rules)
2018231 - ET INFO SUSPICIOUS .scr file download (info.rules)
2023089 - ET TROJAN PNScan.2 CnC Beacon (trojan.rules)
2821375 - ETPRO TROJAN Win32/Unknown TViewer RAT Checkin (trojan.rules)
2821818 - ETPRO TROJAN Ransomware.MarsJoke Checkin (trojan.rules)
2821819 - ETPRO TROJAN Ransomware.MarsJoke CnC beacon (trojan.rules)
2821821 - ETPRO TROJAN Godzilla CnC Beacon (trojan.rules)

[---]  Disabled and modified rules:  [---]

2022574 - ET CURRENT_EVENTS Possible Fake AV Phone Scam Landing Feb 26 (current_events.rules)

[---]         Removed rules:         [---]

2806790 - ETPRO TROJAN Livesearchnow browser hijack 2 (trojan.rules)
 

Date: 
Thursday, August 25, 2016 - 22:00