Daily Ruleset Update Summary
Daily Ruleset Update Summary 2019/04/22

[***]            Summary:            [***]

7 new Open, 29 new Pro (7 + 22). Windows SCM DLL Hijack, Win32.Raccoon Stealer, Mirai stuff, Various Phishing.

[+++]          Added rules:          [+++]

Open:

2027232 - ET ATTACK_RESPONSE Windows SCM DLL Hijack Command Inbound via HTTP M1 (attack_response.rules)
2027233 - ET ATTACK_RESPONSE Windows SCM DLL Hijack Command Inbound via HTTP M2 (attack_response.rules)
2027234 - ET ATTACK_RESPONSE Windows SCM DLL Hijack Command (UTF-16) Inbound via HTTP M1 (attack_response.rules)
2027235 - ET ATTACK_RESPONSE Windows SCM DLL Hijack Command (UTF-16) Inbound via HTTP M2 (attack_response.rules)
2027236 - ET ATTACK_RESPONSE Windows SCM DLL Hijack Command Inbound via HTTP M3 (attack_response.rules)
2027237 - ET NETBIOS DCERPC SVCCTL - Remote Service Control Manager Access (netbios.rules)
2027238 - ET ATTACK_RESPONSE Windows SCM DLL Hijack Script (UTF-16) Inbound via HTTP M3 (attack_response.rules)

Pro:

2835973 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-04-22 1) (trojan.rules)
2835974 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-04-22 2) (trojan.rules)
2835975 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-04-22 3) (trojan.rules)
2835976 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-04-22 4) (trojan.rules)
2835977 - ETPRO TROJAN Win32.Raccoon Stealer Checkin (trojan.rules)
2835978 - ETPRO TROJAN Win32.Raccoon Stealer Password Exfil (trojan.rules)
2835979 - ETPRO TROJAN Unk.CoinMiner Requesting Inf (trojan.rules)
2835980 - ETPRO TROJAN ELF/Mirari Variant Momentum User-Agent (trojan.rules)
2835981 - ETPRO USER_AGENTS ELF/Mirari Variant Momentum User-Agent Observed Inbound (user_agents.rules)
2835982 - ETPRO TROJAN ELF/Mirai Variant TheEnd Botnet IRC Checkin (trojan.rules)
2835983 - ETPRO CURRENT_EVENTS Successful DHL Phish 2019-04-22 (current_events.rules)
2835984 - ETPRO CURRENT_EVENTS Successful AOL Phish 2019-04-22 (current_events.rules)
2835985 - ETPRO CURRENT_EVENTS Successful 1&1 Webhosting Phish 2019-04-22 (current_events.rules)
2835986 - ETPRO CURRENT_EVENTS Successful WeTransfer Phish 2019-04-22 (current_events.rules)
2835987 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2019-04-22 (current_events.rules)
2835988 - ETPRO CURRENT_EVENTS Successful USAA Phish 2019-04-22 (current_events.rules)
2835989 - ETPRO CURRENT_EVENTS Successful USAA Phish 2019-04-22 (current_events.rules)
2835990 - ETPRO CURRENT_EVENTS Successful Natwest Phish 2019-04-22 (current_events.rules)
2835991 - ETPRO CURRENT_EVENTS Successful Linkedin Phish 2019-04-22 (current_events.rules)
2835992 - ETPRO CURRENT_EVENTS Successful Dropbox Phish 2019-04-22 (current_events.rules)
2835993 - ETPRO CURRENT_EVENTS Successful Adobe Phish 2018-04-22 (current_events.rules)
2835994 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information Phish 2019-04-22 (current_events.rules)

[///]     Modified active rules:     [///]

2026904 - ET CURRENT_EVENTS Possible Successful Generic Phish (set) 2019-02-13 (current_events.rules)

Date:
Summary title:
7 new Open, 29 new Pro (7 + 22). Windows SCM DLL Hijack, Win32.Raccoon Stealer, Mirai stuff, Various Phishing.