[***] Summary: [***]

11 new Open rules, 24 new Pro (11+13). Abuse.ch SSL Blacklist, Various Android, Win32/Rovnix, Tofsee.

Thanks: @kaffeine and @abuse_ch

[+++] Added rules: [+++]

Open:

2018942 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (KINS MITM) (trojan.rules)
2018943 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Vawtrak MITM) (trojan.rules)
2018944 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Vawtrak MITM) (trojan.rules)
2018945 - ET MOBILE_MALWARE Android/Locker.B Checkin 1 (mobile_malware.rules)
2018946 - ET MOBILE_MALWARE Android/Locker.B Checkin 2 (mobile_malware.rules)
2018947 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (KINS C2) (trojan.rules)
2018948 - ET TROJAN Likely Synolocker .onion DNS lookup (trojan.rules)
2018949 - ET TROJAN Win32/PSW.Steam.NBP Checkin (trojan.rules)
2018950 - ET CURRENT_EVENTS DRIVEBY Angler EK Landing Aug 16 2014 (current_events.rules)
2018951 - ET TROJAN Tor Based Locker Page (Zerolocker) (trojan.rules)
2018953 - ET TROJAN ShellBot.C retrieval (trojan.rules)

Pro:

2808571 - ETPRO TROJAN Win.Trojan.Chewbacca connectivity check (trojan.rules)
2808572 - ETPRO MALWARE Win32/AdWare.Laban.G Checkin (malware.rules)
2808573 - ETPRO MALWARE PUP Win32/HiddenStart.B Checkin (malware.rules)
2808574 - ETPRO TROJAN Win32/Emogen-F Checkin (trojan.rules)
2808575 - ETPRO TROJAN Trojan.Graybird IP Check (trojan.rules)
2808576 - ETPRO TROJAN Win32/Rovnix.H GET (trojan.rules)
2808577 - ETPRO TROJAN Win32/Tofsee Loader Config Download (trojan.rules)
2808578 - ETPRO TROJAN Win32/PSW.Papras.CK Checkin (trojan.rules)
2808579 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.AVPass.a Checkin (mobile_malware.rules)
2808580 - ETPRO TROJAN BKDR_QULKONWI.GHR Checkin (trojan.rules)
2808581 - ETPRO EXPLOIT VMTurbo Ops Manager Remote Command Execution (exploit.rules)
2808582 - ETPRO MOBILE_MALWARE Android.Trojan.Joye.D Checkin (mobile_malware.rules)
2808583 - ETPRO MOBILE_MALWARE Android.Gabas.A Checkin (mobile_malware.rules)

[///] Modified active rules: [///]

2018367 - ET MALWARE W32/iBryte.Adware Affiliate Campaign Executable Download (malware.rules)
2804473 - ETPRO MALWARE Win32/Adware.Gamevance.BE Checkin 2 (malware.rules)
2806324 - ETPRO TROJAN Trojan-Downloader.Win32.Agent.gzfw Checkin (trojan.rules)
2807850 - ETPRO TROJAN Trojan/MSIL.bfsx Checkin (trojan.rules)
2808008 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Ackposts.a Checkin (mobile_malware.rules)
2808270 - ETPRO TROJAN Win32.Trojan.Hijacker.Akym Checkin (trojan.rules)
2808565 - ETPRO TROJAN Win32/Banjori.A Checkin (trojan.rules)

[---] Removed rules: [---]

2806557 - ETPRO TROJAN Trojan-Downloader.Win32.VB.gznp Checkin (trojan.rules)

Date:
Summary title:
11 new Open rules, 24 new Pro (11+13). Abuse.ch SSL Blacklist, Various Android, Win32/Rovnix, Tofsee.