Daily Ruleset Update Summary
Daily Ruleset Update Summary 2019/02/20

[***]            Summary:            [***]

4 new Open, 42 new Pro (4 + 38). Suspicious UA's, Datper, Coinminers, Various Phish

[+++]          Added rules:          [+++]

Open:

2026946 - ET TROJAN Unk.GanDownloader CnC Checkin (trojan.rules)
2026947 - ET TROJAN TickGroup Datper CnC Checkin M1 (trojan.rules)
2026948 - ET TROJAN TickGroup Datper CnC Checkin M2 (trojan.rules)
2026949 - ET TROJAN TickGroup Datper CnC Checkin M3 (trojan.rules)

Pro:

2834918 - ETPRO POLICY OpenSoft RDP Session Init (policy.rules)
2834919 - ETPRO TROJAN W32.FangYu.CN Miner Checkin (trojan.rules)
2834920 - ETPRO CURRENT_EVENTS Brushaloader Domain in DNS Lookup (current_events.rules)
2834921 - ETPRO CURRENT_EVENTS Brushaloader Domain in TLS SNI (current_events.rules)
2834922 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-02-20 1) (trojan.rules)
2834923 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-02-20 2) (trojan.rules)
2834924 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-02-20 3) (trojan.rules)
2834925 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-02-29 4) (trojan.rules)
2834926 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-02-20 5) (trojan.rules)
2834927 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-02-20 6) (trojan.rules)
2834928 - ETPRO USER_AGENTS Observed Suspicious UA (AdvancedInstaller) (user_agents.rules)
2834929 - ETPRO USER_AGENTS Observed Suspicious UA (Inno Setup Downloader) (user_agents.rules)
2834930 - ETPRO USER_AGENTS Observed Suspicious UA (InnoTools_Downloader) (user_agents.rules)
2834931 - ETPRO USER_AGENTS Observed Suspicious UA (InstallMaker) (user_agents.rules)
2834932 - ETPRO USER_AGENTS Observed Suspicious UA (NSIS_INETC) (user_agents.rules)
2834933 - ETPRO USER_AGENTS Observed Suspicious UA (NSIS_Inetc (Mozilla)) (user_agents.rules)
2834934 - ETPRO USER_AGENTS Observed Suspicious UA (NSIS_InetLoad (Mozilla)) (user_agents.rules)
2834935 - ETPRO USER_AGENTS Observed Suspicious UA (NSISDL/1.2 (Mozilla)) (user_agents.rules)
2834936 - ETPRO TROJAN Observed DNS Query to Abused DDNS (ddnsgeek .com) (trojan.rules)
2834937 - ETPRO TROJAN Observed DNS Query to Abused DDNS (loseyourip .com) (trojan.rules)
2834938 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC) (trojan.rules)
2834939 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC) (trojan.rules)
2834940 - ETPRO CURRENT_EVENTS Successful Bank of America Phish 2019-02-20 (current_events.rules)
2834941 - ETPRO CURRENT_EVENTS Successful Bank of America Phish 2019-02-20 (current_events.rules)
2834942 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information Phish 2019-02-20 (current_events.rules)
2834943 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information Phish 2019-02-20 (current_events.rules)
2834944 - ETPRO CURRENT_EVENTS Successful DBA Bank Phish 2019-02-20 (current_events.rules)
2834945 - ETPRO CURRENT_EVENTS Successful ABN AMRO Phish 2019-02-20 (current_events.rules)
2834946 - ETPRO CURRENT_EVENTS Successful Itscom Phish 2019-02-20 (current_events.rules)
2834947 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information Phish 2019-02-20 (current_events.rules)
2834948 - ETPRO CURRENT_EVENTS Successful Generic Bank Account Information Phish 2019-02-20 (current_events.rules)
2834949 - ETPRO CURRENT_EVENTS Successful Adobe PDF Online Phish 2019-02-20 (current_events.rules)
2834950 - ETPRO CURRENT_EVENTS Successful Adobe Phish 2019-02-20 (current_events.rules)
2834951 - ETPRO CURRENT_EVENTS Successful CIBC Phish 2019-02-20 (current_events.rules)
2834952 - ETPRO CURRENT_EVENTS Successful UOB Phish 2019-02-20 (current_events.rules)
2834953 - ETPRO CURRENT_EVENTS Successful Apple Phish 2019-02-20 (current_events.rules)
2834954 - ETPRO CURRENT_EVENTS Successful Netbank Phish 2019-02-20 (current_events.rules)
2834955 - ETPRO TROJAN Known Malicious Host (Various Payloads) DNS Lookup (trojan.rules)

[///]     Modified active rules:     [///]

2834830 - ETPRO CURRENT_EVENTS Successful Indodax Exchange Phish 2019-02-11 (current_events.rules)
2834906 - ETPRO MOBILE_MALWARE AndroidOS.DroidJack Checkin (mobile_malware.rules)

Date:
Summary title:
4 new Open, 42 new Pro (4 + 38). Suspicious UA's, Datper, Coinminers, Various Phish