Daily Ruleset Update Summary
Daily Ruleset Update Summary 2019/03/18

[***]            Summary:            [***]

11 new Open, 43 new Pro (11 + 32). Router Vulns, GoldenAxe, Dorv Stealer, Coinminers, Various Phish.

[+++]          Added rules:          [+++]

Open:

2027085 - ET TROJAN Possible Inbound PowerShell via Invoke-PSImage Stego (trojan.rules)
2027086 - ET TROJAN Observed Malicious SSL Cert (Gozi CnC) (trojan.rules)
2027087 - ET TROJAN Win32/Dorv Stealer Exfiltrating Data to CnC (trojan.rules)
2027088 - ET TROJAN Win32/Dorv InfoStealer CnC DNS Query (trojan.rules)
2027089 - ET EXPLOIT Possible LG SuperSign EZ CMS 2.5 RCE (CVE-2018-17173) (exploit.rules)
2027090 - ET EXPLOIT Possible WePresent WIPG1000 OS Command Injection (exploit.rules)
2027091 - ET EXPLOIT Possible WePresent WIPG1000 File Inclusion (exploit.rules)
2027092 - ET EXPLOIT Possible ZyXEL P660HN-T v1 RCE (exploit.rules)
2027093 - ET EXPLOIT Possible Netgear DGN2200 RCE (CVE-2017-6077) (exploit.rules)
2027094 - ET EXPLOIT Possible Netgear DGN2200 RCE (CVE-2017-6334) (exploit.rules)
2027095 - ET EXPLOIT Possible Linksys WAP54Gv3 Remote Debug Root Shell Exploitation Attempt (exploit.rules)

Pro:

2835402 - ETPRO MOBILE_MALWARE Android/SMSreg.AMO Device Info Exfil (mobile_malware.rules)
2835404 - ETPRO TROJAN GoldenAxe Ransomware C2 (Encryption Start) (trojan.rules)
2835405 - ETPRO TROJAN GoldenAxe Ransomware C2 (Encryption Finish) (trojan.rules)
2835406 - ETPRO TROJAN MSIL.Shockk73 Flooder Checkin (trojan.rules)
2835407 - ETPRO TROJAN MSIL.Shockk73 Flooder C2 (trojan.rules)
2835408 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-03-18 1) (trojan.rules)
2835409 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-03-18 2) (trojan.rules)
2835410 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-03-18 3) (trojan.rules)
2835411 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-03-18 4) (trojan.rules)
2835412 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-03-18 5) (trojan.rules)
2835413 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-03-18 6) (trojan.rules)
2835414 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-03-18 7) (trojan.rules)
2835415 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-03-18 8) (trojan.rules)
2835416 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC) (trojan.rules)
2835418 - ETPRO CURRENT_EVENTS Successful Banco do Brasil Phish 2019-03-18 (current_events.rules)
2835419 - ETPRO CURRENT_EVENTS Successful Yahoo Phish 2019-03-18 (current_events.rules)
2835420 - ETPRO CURRENT_EVENTS Successful ICS Phish 2019-03-18 (current_events.rules)
2835421 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information Phish 2019-03-18 (current_events.rules)
2835422 - ETPRO CURRENT_EVENTS Successful Linkedin Phish 2019-03-18 (current_events.rules)
2835423 - ETPRO CURRENT_EVENTS Successful Emirates NBD Phish 2019-03-18 (current_events.rules)
2835424 - ETPRO CURRENT_EVENTS Successful Amegy Bank Phish 2019-03-18 (current_events.rules)
2835425 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information Phish 2019-03-18 (current_events.rules)
2835426 - ETPRO CURRENT_EVENTS Successful Facebook Phish 2019-03-18 (current_events.rules)
2835427 - ETPRO CURRENT_EVENTS Successful OTPbank Phish 2019-03-18 (current_events.rules)
2835428 - ETPRO CURRENT_EVENTS Successful WeTransfer Phish 2019-03-18 (current_events.rules)
2835429 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2019-03-18 (current_events.rules)
2835430 - ETPRO CURRENT_EVENTS Successful US Bank Phish 2019-03-18 (current_events.rules)
2835431 - ETPRO CURRENT_EVENTS Successful Apple Phish 2019-03-18 (current_events.rules)
2835432 - ETPRO CURRENT_EVENTS Successful Adobe Phish 2019-03-18 (current_events.rules)
2835433 - ETPRO TROJAN Parasite HTTP CnC Checkin (trojan.rules)
2835434 - ETPRO INFO Inbound Batch File Creating Scheduled Task as System (info.rules)
2835435 - ETPRO TROJAN Win32/Emotet CnC Activity (POST) (trojan.rules)

[///]     Modified active rules:     [///]

2006380 - ET POLICY Outgoing Basic Auth Base64 HTTP Password detected unencrypted (policy.rules)
2006402 - ET POLICY Incoming Basic Auth Base64 HTTP Password detected unencrypted (policy.rules)
2010019 - ET SCAN Tomcat Web Application Manager scanning (scan.rules)
2834916 - ETPRO TROJAN Observed Malicious SSL Cert (DonotGroup/APT-C-35 CnC) (trojan.rules)
2835360 - ETPRO CURRENT_EVENTS Observed EXE Request for Ursnif Payload 2019-03-14 (current_events.rules)
2835362 - ETPRO CURRENT_EVENTS MalDoc Requesting EXE Payload 2019-03-14 (current_events.rules)
2835400 - ETPRO TROJAN Win32/Emotet CnC Checkin (POST) M2 (trojan.rules)

[---]         Disabled rules:        [---]

2835356 - ETPRO EXPLOIT Possible CVE-2019-0703 Request SMBv2 (exploit.rules)
2835357 - ETPRO EXPLOIT Possible CVE-2019-0703 Response SMBv2 (exploit.rules)

[---]         Removed rules:         [---]

2833802 - ETPRO TROJAN Win32/Remcos RAT Checkin 79 (trojan.rules)

Date:
Summary title:
11 new Open, 43 new Pro (11 + 32). Router Vulns, GoldenAxe, Dorv Stealer, Coinminers, Various Phish.