Daily Ruleset Update Summary 2018/09/03

[***]            Summary:            [***]

0 new Open, 10 new Pro (0 + 10). Go/EmeraldRabbit, Win32/Remcos RAT, PowerShell/Agent.AUW.

[+++]          Added rules:          [+++]

Pro:

2832426 - ETPRO TROJAN Go/EmeraldRabbit CnC Beacon (trojan.rules)
2832427 - ETPRO TROJAN PowerShell/Agent.AUW CnC Checkin (trojan.rules)
2832428 - ETPRO CURRENT_EVENTS Obfuscated Out of Order PowerShell Inbound 2018-09-03 (current_events.rules)
2832429 - ETPRO CURRENT_EVENTS Batch Set Obfuscation Inbound 2018-09-03 (current_events.rules)
2832430 - ETPRO INFO HTTP Request for Single Char BAT (info.rules)
2832431 - ETPRO TROJAN Win32/Remcos RAT Checkin 46 (trojan.rules)
2832432 - ETPRO TROJAN Win32/Remcos RAT Checkin 47 (trojan.rules)
2832433 - ETPRO TROJAN Win32/Urelas.BG Variant Responding to CnC Checkin (trojan.rules)
2832434 - ETPRO MALWARE Win32/Chinbo.A PUA CnC Checkin (malware.rules)
2832435 - ETPRO MALWARE Observed Malicious SSL Cert (Ursnif CnC Domain) (malware.rules)

[///]     Modified active rules:     [///]

2003626 - ET MALWARE Double User-Agent (User-Agent User-Agent) (malware.rules)
2019378 - ET TROJAN Gozi Checkin (trojan.rules)
2831460 - ETPRO TROJAN Win32/CeidPageLock Rootkit CnC Checkin M1 (trojan.rules)
2831489 - ETPRO TROJAN Win32/CeidPageLock Rootkit CnC Checkin M2 (trojan.rules)
2831730 - ETPRO TROJAN Win32/CeidPageLock Rootkit Checkin M3 (trojan.rules)

Date: 
Monday, September 3, 2018 - 00:00