Daily Ruleset Update Summary
Daily Ruleset Update Summary 2019/02/01

[***]            Summary:            [***]

9 new Open, 19 new Pro (9 + 10). Skypool, Nimiq Miner, Various Phishing.

[+++]          Added rules:          [+++]

Open:

2026867 - ET POLICY Skypool Coin Mining Pool DNS Lookup (policy.rules)
2026868 - ET POLICY Nimiq Miner Initiating Mining Session with Skypool (policy.rules)
2026869 - ET TROJAN Observed Malicious SSL Cert (APT32 CnC) (trojan.rules)
2026870 - ET TROJAN Observed Malicious SSL Cert (APT32 CnC) (trojan.rules)
2026871 - ET TROJAN Observed Malicious SSL Cert (APT32 CnC) (trojan.rules)
2026872 - ET TROJAN Observed Malicious SSL Cert (APT32 CnC) (trojan.rules)
2026873 - ET TROJAN Observed Malicious SSL Cert (APT32 CnC) (trojan.rules)
2026874 - ET TROJAN Observed Malicious SSL Cert (APT32 CnC) (trojan.rules)
2026875 - ET TROJAN Observed Malicious SSL Cert (APT32 CnC) (trojan.rules)

Pro:

2834685 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (FIN7 GRIFFON) (current_events.rules)
2834686 - ETPRO CURRENT_EVENTS Observed FIN7 GRIFFON Domain in DNS Lookup (current_events.rules)
2834687 - ETPRO CURRENT_EVENTS Observed FIN7 GRIFFON Domain in TLS SNI (current_events.rules)
2834688 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-02-01 1) (trojan.rules)
2834689 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-02-01 2) (trojan.rules)
2834690 - ETPRO CURRENT_EVENTS Successful SunTrust Bank Phish 2019-02-01 (current_events.rules)
2834691 - ETPRO CURRENT_EVENTS Successful CapitalOne Phish 2019-02-01 (current_events.rules)
2834692 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information Phish 2019-02-01 (current_events.rules)
2834693 - ETPRO CURRENT_EVENTS Successful Scotiabank Phish 2019-02-01 (current_events.rules)
2834694 - ETPRO CURRENT_EVENTS Concat Base64 Encoded EXE within PowerShell Inbound 2019-02-01 (current_events.rules)

[///]     Modified active rules:     [///]

2820695 - ETPRO CURRENT_EVENTS Terse POST to Wordpress Folder - Probable Successful Phishing M2 (current_events.rules)
2820696 - ETPRO CURRENT_EVENTS Terse POST to Wordpress Folder - Probable Successful Phishing M3 (current_events.rules)
2832155 - ETPRO TROJAN Observed Malicious SSL Cert (APT32/Cobalt Strike CnC) (trojan.rules)
2833860 - ETPRO TROJAN Observed Malicious SSL Cert (APT32 CnC Domain) (trojan.rules)

Date:
Summary title:
9 new Open, 19 new Pro (9 + 10). Skypool, Nimiq Miner, Various Phishing.