Daily Ruleset Update Summary 2017/01/09

[***] Summary: [***]

6 new Open signatures, 37 new Pro. MultiPlug, Zeus Panda, NanoCore, DarkShell PHP Shell.

[+++]          Added rules:          [+++]

Open:

2023707 - ET MALWARE MultiPlug.J Checkin (malware.rules)
2023708 - ET MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher SSL CnC Cert (mobile_malware.rules)
2023709 - ET MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher DNS Lookup (mobile_malware.rules)
2023710 - ET MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher DNS Lookup (mobile_malware.rules)
2023711 - ET TROJAN JS/WSF Downloader Dec 08 2016 M7 (trojan.rules)
2023712 - ET CURRENT_EVENTS Paypal Phishing Landing Jan 09 2017 (current_events.rules)

Pro:

2824270 - ETPRO TROJAN Banking PowerShell .onion Proxy Domain (trojan.rules)
2824271 - ETPRO TROJAN Banking PowerShell .onion Proxy Domain (trojan.rules)
2824272 - ETPRO TROJAN Banking PowerShell .onion Proxy Domain (trojan.rules)
2824273 - ETPRO TROJAN Zeus Panda Banker Malicious SSL Certificate Detected (trojan.rules)
2824274 - ETPRO TROJAN Zeus Panda Injects Domain in SNI (trojan.rules)
2824275 - ETPRO TROJAN MSIL/Unk.Stealer Sending Screenshots (trojan.rules)
2824276 - ETPRO CURRENT_EVENTS Successful Navy Federal Credit Union Phish Jan 09 2017 (current_events.rules)
2824277 - ETPRO CURRENT_EVENTS Successful Banque Populaire Phish Jan 09 2017 (current_events.rules)
2824278 - ETPRO CURRENT_EVENTS Successful UBS Financial Services Phish Jan 09 2017 (current_events.rules)
2824279 - ETPRO CURRENT_EVENTS Successful AirBnB Phish Jan 09 2017 (current_events.rules)
2824280 - ETPRO CURRENT_EVENTS Successful Paypal Phish M1 Jan 09 2017 (current_events.rules)
2824281 - ETPRO CURRENT_EVENTS Successful Paypal Phish M2 Jan 09 2017 (current_events.rules)
2824282 - ETPRO CURRENT_EVENTS Successful USAA Phish Jan 09 2017 (current_events.rules)
2824283 - ETPRO CURRENT_EVENTS Successful HM Revenue Phish Jan 09 2017 (current_events.rules)
2824284 - ETPRO CURRENT_EVENTS Phishing Landing Checking Browser/OS/Platform Phish Jan 09 2017 (current_events.rules)
2824285 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-01-09 1) (trojan.rules)
2824286 - ETPRO TROJAN NanoCore RAT CnC 23 (trojan.rules)
2824287 - ETPRO WEB_SERVER DarkShell PHP Shell Access (web_server.rules)
2824288 - ETPRO WEB_SERVER DarkShell PHP Shell Upload (web_server.rules)
2824289 - ETPRO TROJAN VertexNet .onion Proxy Domain (trojan.rules)
2824290 - ETPRO TROJAN DNS Query to Cerber Domain (162egg . top) (trojan.rules)
2824291 - ETPRO TROJAN DNS Query to Cerber Domain (4bzlfh . top) (trojan.rules)
2824292 - ETPRO TROJAN DNS Query to Cerber Domain (lxvmhm . top) (trojan.rules)
2824293 - ETPRO TROJAN DNS Query to Cerber Domain (1nsnuh . top) (trojan.rules)
2824294 - ETPRO TROJAN DNS Query to Cerber Domain (14xmig . top) (trojan.rules)
2824295 - ETPRO TROJAN DNS Query to Cerber Domain (r1sjrp . top) (trojan.rules)
2824296 - ETPRO TROJAN DNS Query to Cerber Domain (16iqt6 . top) (trojan.rules)
2824297 - ETPRO TROJAN DNS Query to Cerber Domain (w5hilw . top) (trojan.rules)
2824298 - ETPRO TROJAN DNS Query to Cerber Domain (momg04 . top) (trojan.rules)
2824299 - ETPRO TROJAN DNS Query to Cerber Domain (79j8fm . top) (trojan.rules)
2824300 - ETPRO TROJAN MalDoc Downloader SSL Cert Jan 09 2017 (trojan.rules)

[///]     Modified active rules:     [///]

2023679 - ET TROJAN JS/WSF Downloader Dec 08 2016 M6 (trojan.rules)
2809636 - ETPRO MOBILE_MALWARE Android/Locker.Q Checkin (mobile_malware.rules)
2823400 - ETPRO CURRENT_EVENTS Successful USAA Phish Nov 21 2016 (current_events.rules)
2824154 - ETPRO CURRENT_EVENTS Successful Paypal Phish Dec 30 2016 (current_events.rules)

[---]         Removed rules:         [---]

2815807 - ETPRO CURRENT_EVENTS Possible Nuclear Landing with URI Primer (current_events.rules)
 

Date: 
Monday, January 9, 2017 - 00:00