Daily Ruleset Update Summary 2017/02/06

[***] Summary: [***]

6 new Open signatures, 33 new Pro (6 + 27). Ursnif, (?:Satan|Cancer) Ransomware, Sundown EK,

[+++]          Added rules:          [+++]

Open:

2023870 - ET TROJAN Ursnif Variant CnC Beacon (trojan.rules)
2023871 - ET TROJAN Ursnif Variant Retrieving Payload (x32) (trojan.rules)
2023872 - ET TROJAN Ursnif Variant Retrieving Payload (x64) (trojan.rules)
2023873 - ET POLICY DNS Query to Hamas Terrorist Propaganda TV Channel (alqsatv.ps) (policy.rules)
2023874 - ET POLICY Hamas Terrorist Propaganda TV Channel (alqsatv.ps) (policy.rules)
2023875 - ET TROJAN JS/Nemucod requesting EXE payload 2016-02-06 (trojan.rules)

Pro:

2824771 - ETPRO TROJAN Satan Ransomware .onion Proxy Domain (trojan.rules)
2824772 - ETPRO TROJAN Satan Ransomware .onion Proxy Domain (trojan.rules)
2824773 - ETPRO TROJAN Satan Ransomware .onion Proxy Domain (trojan.rules)
2824774 - ETPRO TROJAN Satan Ransomware .onion Proxy Domain (trojan.rules)
2824775 - ETPRO TROJAN Satan Ransomware .onion Proxy Domain (trojan.rules)
2824776 - ETPRO CURRENT_EVENTS SunDown EK Flash Exploit Dec 13 2016 M2 (current_events.rules)
2824777 - ETPRO CURRENT_EVENTS EITest SocEng Chrome Fonts DL Feb 06 M1 (current_events.rules)
2824778 - ETPRO CURRENT_EVENTS Possible EITest SocEng Chrome Fonts DL Feb 06 M2 (current_events.rules)
2824779 - ETPRO TROJAN Cancer Ransomware CnC Activity (trojan.rules)
2824780 - ETPRO TROJAN Possible Win32/KeyLogger.HomeKeyLogger Retrieving Netcat (trojan.rules)
2824781 - ETPRO TROJAN Win32/Necurs Checkin 3 (trojan.rules)
2824782 - ETPRO TROJAN DNS Query to Cerber Domain (1cq7gd . top) (trojan.rules)
2824783 - ETPRO TROJAN DNS Query to Cerber Domain (1lt2pn . top) (trojan.rules)
2824784 - ETPRO TROJAN DNS Query to Cerber Domain (15jznv . top) (trojan.rules)
2824785 - ETPRO TROJAN DNS Query to Cerber Domain (1cauz3 . top) (trojan.rules)
2824786 - ETPRO TROJAN DNS Query to Cerber Domain (jb4uh0 . top) (trojan.rules)
2824787 - ETPRO TROJAN DNS Query to Cerber Domain (4ucg2l . bid) (trojan.rules)
2824788 - ETPRO TROJAN DNS Query to Cerber Domain (rzvhne . top) (trojan.rules)
2824789 - ETPRO TROJAN DNS Query to Cerber Domain (1eeb86 . top) (trojan.rules)
2824790 - ETPRO CURRENT_EVENTS Successful Banco do Brasil Phish M1 Feb 06 2017 (current_events.rules)
2824791 - ETPRO CURRENT_EVENTS Successful Banco do Brasil Phish M2 Feb 06 2017 (current_events.rules)
2824792 - ETPRO CURRENT_EVENTS Banco Itau Phishing Landing Javascript Feb 06 2017 (current_events.rules)
2824793 - ETPRO CURRENT_EVENTS Successful Banco Itau Phish Feb 06 2017 (current_events.rules)
2824794 - ETPRO CURRENT_EVENTS Successful Paypal Phish M1 Feb 06 2017 (current_events.rules)
2824795 - ETPRO CURRENT_EVENTS Successful Paypal Phish M2 Feb 06 2017 (current_events.rules)
2824796 - ETPRO CURRENT_EVENTS Successful Paypal Phish M3 Feb 06 2017 (current_events.rules)
2824797 - ETPRO CURRENT_EVENTS Successful Apple Phish Feb 06 2017 (current_events.rules)

[///]     Modified active rules:     [///]

2023754 - ET CURRENT_EVENTS Malicious JS.Nemucod to PS Dropping PE Nov 14 M2 (current_events.rules)
2808546 - ETPRO TROJAN ZeroAccess3 Checkin (trojan.rules)
2814350 - ETPRO MALWARE Win32/Adware.Ymeta.A CnC (malware.rules)
2819987 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Hqwar.q Checkin (mobile_malware.rules)
2823251 - ETPRO CURRENT_EVENTS Malicious JS to PS Dropping PE Nov 14 (current_events.rules)
 

Date: 
Monday, February 6, 2017 - 00:00