Daily Ruleset Update Summary
Daily Ruleset Update Summary 2018/12/17

[***]            Summary:            [***]

3 new Open, 32 new Pro (3 + 29). Various Android, AveMaria, EverydayRAT, various certs.

Thanks: James Lay

[+++]          Added rules:          [+++]

Open:

2026734 - ET MALWARE Fake Adobe Update Download (malware.rules)
2026735 - ET MALWARE Fake Adobe Update Request (malware.rules)
2026736 - ET TROJAN AveMaria Initial CnC Checkin (trojan.rules)

Pro:

2833937 - ETPRO MOBILE_MALWARE Android/Yihao Device Location Exfil (mobile_malware.rules)
2833938 - ETPRO MOBILE_MALWARE Android-PUP/Malctvu.84ea8 Device Location Exfil (mobile_malware.rules)
2833939 - ETPRO MOBILE_MALWARE Android.Gmobi.A Checkin (mobile_malware.rules)
2833940 - ETPRO MOBILE_MALWARE Android.Gmobi.A Checkin 2 (mobile_malware.rules)
2833941 - ETPRO MOBILE_MALWARE AndroidOS.Secneo Device Info Exfil (mobile_malware.rules)
2833942 - ETPRO MOBILE_MALWARE PUA.AndroidOS.Reporo Device Info Exfil (mobile_malware.rules)
2833943 - ETPRO MOBILE_MALWARE Android.Wapron.GEN24505 CnC Beacon (mobile_malware.rules)
2833944 - ETPRO MOBILE_MALWARE Android.Wapron.GEN24505 CnC Beacon 2 (mobile_malware.rules)
2833945 - ETPRO MOBILE_MALWARE Android.Wapron.GEN24505 Reporting Click (mobile_malware.rules)
2833946 - ETPRO MOBILE_MALWARE AndroidOS.Lotoor Checkin (mobile_malware.rules)
2833947 - ETPRO MOBILE_MALWARE AndroidOS.Lotoor Checkin 2 (mobile_malware.rules)
2833948 - ETPRO MOBILE_MALWARE Android/SMSBomber CnC Beacon (mobile_malware.rules)
2833949 - ETPRO MOBILE_MALWARE Android/Spy.Agent.VN <http://spy.agent.vn/> Contact Exfil (mobile_malware.rules)
2833950 - ETPRO MOBILE_MALWARE Trojan-PSW.AndroidOS.MyVk.e CnC Beacon (mobile_malware.rules)
2833951 - ETPRO MOBILE_MALWARE Android.Wapron.GEN24505 Device Info Exfil (mobile_malware.rules)
2833952 - ETPRO MOBILE_MALWARE Android.Riskware.SMSReg.NN CnC Beacon (mobile_malware.rules)
2833953 - ETPRO MOBILE_MALWARE Android/Spy.Banker.AKB DNS Lookup (mobile_malware.rules)
2833954 - ETPRO MOBILE_MALWARE Android/Spy.Banker.AKB DNS Lookup 2 (mobile_malware.rules)
2833955 - ETPRO MOBILE_MALWARE Android/Spy.Banker.AKB TLS SNI (mobile_malware.rules)
2833956 - ETPRO MOBILE_MALWARE Android/Clicker.JV CnC Beacon 3 (mobile_malware.rules)
2833957 - ETPRO TROJAN MSIL.EverydayRAT User-Agent (trojan.rules)
2833958 - ETPRO TROJAN MSIL.EverydayRAT CnC (getFile) (trojan.rules)
2833959 - ETPRO TROJAN MSIL.EverydayRAT CnC (Checkin) (trojan.rules)
2833960 - ETPRO TROJAN MSIL.Lisfon.A Checkin (trojan.rules)
2833961 - ETPRO TROJAN Observed Malicious SSL Cert (More_eggs CnC) (trojan.rules)
2833962 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif Payload DL) (trojan.rules)
2833963 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC) (trojan.rules)
2833964 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (CobInt CnC) (current_events.rules)
2833965 - ETPRO TROJAN Observed Malicious SSL Cert (FIN7 GRIFFON CnC) (trojan.rules)

[///]     Modified active rules:     [///]

2828024 - ETPRO MOBILE_MALWARE Trojan-Dropper.AndroidOS.Rootnik.ab App List Exfil (mobile_malware.rules)
2832606 - ETPRO TROJAN Spytector PWS FTP Exfil (trojan.rules)

Date:
Summary title:
3 new Open, 32 new Pro (3 + 29). Various Android, AveMaria, EverydayRAT, various certs.