Daily Ruleset Update Summary 2017/12/13

[***]            Summary:            [***]

2 new Open, 18 new Pro (2 + 16). Bot.Sezin, DarkKomet, Mera Keylogger, Various Phishing, Various Mobile.

Thanks: Arvind Kumar

[+++]          Added rules:          [+++]

Open:

2025147 - ET TROJAN Win32/Downloader.Small.BIL CnC Checkin (trojan.rules)
2025148 - ET TROJAN Win32/Bot.Sezin CnC Checkin (trojan.rules)

Pro:

2828875 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher.a Checkin 2 (mobile_malware.rules)
2828876 - ETPRO TROJAN Win32/DarkKomet Host Reply 1 (flowbit set) (trojan.rules)
2828877 - ETPRO TROJAN Win32/DarkKomet CnC Communicating with Infected Host (trojan.rules)
2828878 - ETPRO MOBILE_MALWARE Android/DroidDream.D Checkin 2 (mobile_malware.rules)
2828879 - ETPRO MOBILE_MALWARE Android/DroidDream.D Checkin 3 (mobile_malware.rules)
2828880 - ETPRO MOBILE_MALWARE Android/DroidDream.D Checkin 4 (mobile_malware.rules)
2828881 - ETPRO INFO Suspicious HEAD Request for Terse Filename from Doc (info.rules)
2828882 - ETPRO INFO Suspicious GET Request for Terse Filename from Doc (info.rules)
2828883 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 255 (mobile_malware.rules)
2828884 - ETPRO TROJAN Mera Keylogger CnC Heartbeat (trojan.rules)
2828885 - ETPRO TROJAN Mera Keylogger CnC DATA POST (trojan.rules)
2828886 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-12-08 1) (trojan.rules)
2828887 - ETPRO CURRENT_EVENTS Successful Facebook Account Recovery Phish 2017-12-13 (current_events.rules)
2828888 - ETPRO CURRENT_EVENTS Successful Chase Phish 2017-12-13 (current_events.rules)
2828889 - ETPRO CURRENT_EVENTS Successful Generic L33bo Phish - URI Contents (set) (current_events.rules)
2828890 - ETPRO TROJAN SmartMiner Reporting Via GoogleAnalytics (trojan.rules)

[///]     Modified active rules:     [///]

2828748 - ETPRO TROJAN Win32/DarkKomet Server Reply 1 (flowbit set) (trojan.rules)
2828866 - ETPRO CURRENT_EVENTS MalDoc Retrieving Payload 2017-12-12 (current_events.rules)

Date: 
Wednesday, December 13, 2017 - 00:00