[***] Summary: [***]

6 new Open signatures, 34 new Pro (6 + 28). TorrenLocker, SunDown EK, Locky, Kostya Ransomware.

Thanks: @abuse_ch

[+++]          Added rules:          [+++]

Open:

2023327 - ET TROJAN ABUSE.CH TorrenLocker Payment Domain Detected (trojan.rules)
2023328 - ET TROJAN ABUSE.CH TorrenLocker Payment Domain Detected (trojan.rules)
2023329 - ET TROJAN ABUSE.CH Locky Payment Domain Detected (trojan.rules)
2023330 - ET TROJAN CryptoWall/TeslaCrypt Payment Domain (trojan.rules)
2023331 - ET TROJAN CryptoWall/TeslaCrypt Payment Domain (trojan.rules)
2023332 - ET TROJAN CryptoWall/TeslaCrypt Payment Domain (trojan.rules)

Pro:

2822472 - ETPRO MOBILE_MALWARE Android.Adware.Airpush.3D9C Checkin (mobile_malware.rules)
2822473 - ETPRO TROJAN Ransomware Locky CnC Beacon Oct 3 (trojan.rules)
2822474 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2016-10-07 1) (trojan.rules)
2822475 - ETPRO TROJAN Bitcoin Miner Known Malicious Basic Auth (Y3Zja2N2Y0B5YW5kZXgucnVfdjo3Nzc=) (trojan.rules)
2822476 - ETPRO CURRENT_EVENTS Bizarro SunDown EK Landing Oct 07 2016 M1 (current_events.rules)
2822477 - ETPRO CURRENT_EVENTS Bizarro SunDown EK Landing Oct 07 2016 M2 (current_events.rules)
2822478 - ETPRO CURRENT_EVENTS Bizarro SunDown EK Landing Oct 07 2016 M3 (current_events.rules)
2822479 - ETPRO CURRENT_EVENTS Bizarro SunDown EK Landing Oct 07 2016 M4 (current_events.rules)
2822480 - ETPRO CURRENT_EVENTS Bizarro SunDown EK Landing Oct 07 2016 M5 (current_events.rules)
2822481 - ETPRO CURRENT_EVENTS Bizarro SunDown EK Landing Oct 07 2016 M6 (current_events.rules)
2822482 - ETPRO CURRENT_EVENTS SunDown/Xer Payload (URL Primer) (current_events.rules)
2822483 - ETPRO CURRENT_EVENTS Possible Successful Generic Phish Oct 07 2016 (current_events.rules)
2822484 - ETPRO TROJAN Kostya Ransomware CnC Checkin (trojan.rules)
2822485 - ETPRO TROJAN Automated Tor EXE Download, Possibly Raum Trojan (trojan.rules)
2822486 - ETPRO TROJAN W32.Raum Checkin (trojan.rules)
2822487 - ETPRO TROJAN W32.Raum Update Config HTTP Request (trojan.rules)
2822488 - ETPRO TROJAN W32.Raum Update Config HTTP Request (trojan.rules)
2822489 - ETPRO CURRENT_EVENTS Successful Supplier Portal Phish Oct 07 2016 (current_events.rules)
2822490 - ETPRO CURRENT_EVENTS Successful DHL Phish Oct 07 2016 (current_events.rules)
2822491 - ETPRO CURRENT_EVENTS Successful Cpanel Phish Oct 07 2016 (current_events.rules)
2822492 - ETPRO CURRENT_EVENTS Successful Dynamic Folder Phish Oct 07 2016 (current_events.rules)
2822493 - ETPRO CURRENT_EVENTS Successful Apple Phish M1 Oct 07 2016 (current_events.rules)
2822494 - ETPRO CURRENT_EVENTS Successful Apple Phish (FR) M1 Oct 07 2016 (current_events.rules)
2822495 - ETPRO CURRENT_EVENTS Successful Apple Phish (FR) M2 Oct 07 2016 (current_events.rules)
2822496 - ETPRO CURRENT_EVENTS Successful Dynamic Folder Phish M2 Oct 07 2016 (current_events.rules)
2822497 - ETPRO CURRENT_EVENTS Successful BT Phish Oct 07 2016 (current_events.rules)
2822498 - ETPRO CURRENT_EVENTS Successful Chase Phish Oct 07 2016 (current_events.rules)
2822499 - ETPRO CURRENT_EVENTS Successful Apple Phish M2 Oct 07 2016 (current_events.rules)

[///]     Modified active rules:     [///]

2821569 - ETPRO TROJAN Locky CnC checkin Aug 03 2016 M2 (trojan.rules)
 

Date: 
Thursday, October 6, 2016 - 22:00