Daily Ruleset Update Summary
Daily Ruleset Update Summary 2018/10/19

[***]            Summary:            [***]

2 new Open, 17 new Pro (2 + 15). CVE-2018-10933, Zebrocy Backdoor, StrongPity, PowerUrsa, Various Phishing.

[+++]          Added rules:          [+++]

Open:

2026526 - ET POLICY Potentially Vulnerable LibSSH Server Observed - Possible Authentication Bypass (CVE-2018-10933) (policy.rules)
2026527 - ET TROJAN Zebrocy Backdoor CnC Activity (trojan.rules)

Pro:

2833199 - ETPRO TROJAN Observed Malicious SSL Cert (Cobalt Strike CnC) (trojan.rules)
2833200 - ETPRO TROJAN Win32/BR.Banload CnC Checkin Activity (trojan.rules)
2833201 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information Phish 2018-10-19 (current_events.rules)
2833202 - ETPRO CURRENT_EVENTS Successful US Bank Phish 2018-10-19 (current_events.rules)
2833203 - ETPRO CURRENT_EVENTS Successful American Express Phish 2018-10-19 (current_events.rules)
2833204 - ETPRO CURRENT_EVENTS Successful CIBC Phish 2018-10-19 (current_events.rules)
2833205 - ETPRO CURRENT_EVENTS Successful M&T Bank Phish 2018-10-19 (current_events.rules)
2833206 - ETPRO TROJAN Observed Malicious SSL Cert (StrongPity Stage 1 CnC Domain) (trojan.rules)
2833207 - ETPRO TROJAN Observed StrongPity Stage 1 CnC Domain in SNI (trojan.rules)
2833208 - ETPRO CURRENT_EVENTS Inbound PowerShell Enumerating System - Possible AntiVirtualization (Win32_ComputerSystem) 2018-10-19 (current_events.rules)
2833209 - ETPRO CURRENT_EVENTS Inbound PowerShell Enumerating System - Possible AntiVirtualization (Win32_OperatingSystem OSlanguage) 2018-10-19 (current_events.rules)
2833210 - ETPRO INFO Suspicious Inbound PowerShell when Remote Host claims image/jpeg (info.rules)
2833211 - ETPRO CURRENT_EVENTS Inbound PowerShell Executing rundll32 with Persistence Registry Location 2018-10-19 (current_events.rules)
2833212 - ETPRO TROJAN PS/PowerUrsa Payload Inbound (trojan.rules)
2833213 - ETPRO TROJAN PowerUrsa Stage 1 CnC Domain DNS Lookup (w4z1systems .online) (trojan.rules)

[///]     Modified active rules:     [///]

2823671 - ETPRO TROJAN LatentBot HTTP POST Checkin 2 (trojan.rules)
2823672 - ETPRO TROJAN LatentBot HTTP POST CnC (trojan.rules)
2832491 - ETPRO CURRENT_EVENTS Successful Apple Phish 2018-09-07 (current_events.rules)

Date:
Summary title:
2 new Open, 17 new Pro (2 + 15). CVE-2018-10933, Zebrocy Backdoor, StrongPity, PowerUrsa, Various Phishing.