Daily Ruleset Update Summary
Daily Ruleset Update Summary 2018/12/04

[***]            Summary:            [***]

3 new Open, 21 new Pro (3 + 18). MageCart, Win32.Black.eoxqwe, Ursnif SSL, sLoad SSL.

[+++]          Added rules:          [+++]

Open:

2026684 - ET INFO Certificate with Unknown Content M2 (info.rules)
2026685 - ET CURRENT_EVENTS Observed DNS Query for MageCart Data Exfil Domain (current_events.rules)
2026686 - ET CURRENT_EVENTS Observed DNS Query for MageCart Data Exfil Domain (current_events.rules)

Pro:

2833792 - ETPRO TROJAN Win32.Black.eoxqwe Checkin (trojan.rules)
2833793 - ETPRO TROJAN Win32.Black.eoxqwe Checkin 2 (trojan.rules)
2833794 - ETPRO TROJAN PS.APT.PhishDoc.TR Checkin 2 Response (trojan.rules)
2833795 - ETPRO TROJAN Base64 Encoded Powershell Inbound via CertUtil Request M1 (trojan.rules)
2833796 - ETPRO TROJAN Base64 Encoded Powershell Inbound via CertUtil Request M2 (trojan.rules)
2833797 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (Ursnif CnC) (current_events.rules)
2833798 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (Ursnif CnC) (current_events.rules)
2833799 - ETPRO TROJAN Win32/GodNet CnC Checkin (trojan.rules)
2833800 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (Ursnif CnC) (current_events.rules)
2833801 - ETPRO TROJAN GO/Zebrocy Downloader CnC Checkin (trojan.rules)
2833802 - ETPRO TROJAN Win32/Remcos RAT Checkin 79 (trojan.rules)
2833803 - ETPRO TROJAN PS.APT.PhishDoc.TR Checkin (trojan.rules)
2833804 - ETPRO TROJAN PS.APT.PhishDoc.TR Checkin 2 (trojan.rules)
2833805 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-12-04 1) (trojan.rules)
2833806 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-12-04 2) (trojan.rules)
2833807 - ETPRO TROJAN Astaroth Checkin (trojan.rules)
2833808 - ETPRO TROJAN Observed Malicious SSL Cert (sLoad CnC) (trojan.rules)
2833809 - ETPRO TROJAN Observed Malicious SSL Cert (sLoad CnC) (trojan.rules)

[///]     Modified active rules:     [///]

2026649 - ET INFO Certificate with Unknown Content M1 (info.rules)
2827808 - ETPRO TROJAN Backdoor/MSM Stealer Checkin (trojan.rules)
2828254 - ETPRO TROJAN MSIL/SCCracker CnC Check-in (trojan.rules)
2832364 - ETPRO TROJAN MSIL/Lendme Stealer Checkin (trojan.rules)

Date:
Summary title:
3 new Open, 21 new Pro (3 + 18). MageCart, Win32.Black.eoxqwe, Ursnif SSL, sLoad SSL.