Daily Ruleset Update Summary 2018/03/26

[***]            Summary:            [***]

1 new Open, 18 new Pro 1 + 17). Cobalt Group, Win32/Glupteba, Win32/APosT.cxt, Various Mobile.

[+++]          Added rules:          [+++]

Open:

2025438 - ET TROJAN Cobalt Group SSL Certificate Detected (trojan.rules)

Pro:

2830114 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.nz Exfil via FTP (mobile_malware.rules)
2830115 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.nz Exfil via FTP 2 (mobile_malware.rules)
2830116 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.nz Exfil via FTP 3 (mobile_malware.rules)
2830117 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.nz Exfil via FTP 4 (mobile_malware.rules)
2830118 - ETPRO TROJAN Cobalt Group C2 DNS Lookup (trojan.rules)
2830119 - ETPRO TROJAN Cobalt Group C2 DNS Lookup (trojan.rules)
2830120 - ETPRO TROJAN Cobalt Group C2 DNS Lookup (trojan.rules)
2830121 - ETPRO TROJAN Observed Cobalt Group Domain in SNI (trojan.rules)
2830122 - ETPRO INFO Suspicious AutoIT User-Agent Requesting .file with minimal headers (info.rules)
2830123 - ETPRO MOBILE_MALWARE Trojan-Dropper.AndroidOS.Mwiam.e Checkin (mobile_malware.rules)
2830124 - ETPRO CURRENT_EVENTS Possible MalDoc Payload Request 2018-03-26 (current_events.rules)
2830125 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Triada.bh Checkin 3 (mobile_malware.rules)
2830126 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Triada.bh Checkin 4 (mobile_malware.rules)
2830127 - ETPRO MOBILE_MALWARE Trojan-Dropper.AndroidOS.Hqwar.ba Checkin (mobile_malware.rules)
2830128 - ETPRO TROJAN Win32/Glupteba Communicating with CnC (trojan.rules)
2830129 - ETPRO TROJAN Win32/Glupteba IP Lookup (trojan.rules)
2830130 - ETPRO TROJAN Win32/APosT.cxt CnC Beacon (trojan.rules)

[///]     Modified active rules:     [///]

2018516 - ET TROJAN Win32/Spy.Banker.AAQD Checkin (trojan.rules)

[---]         Removed rules:         [---]

2807718 - ETPRO WEB_CLIENT Adobe Reader Double Free CVE-2014-0493 2 (web_client.rules)

Date: 
Monday, March 26, 2018 - 00:00