Daily Ruleset Update Summary
Daily Ruleset Update Summary 2019/05/20

[***]            Summary:            [***]

4 new Open, 39 new Pro (4 + 35). SSL Cert (FIN7), Astaroth, MSIL/Kryptik.RIK, CVE-2019-1821, Various Phishing.

[+++]          Added rules:          [+++]

Open:

2027365 - ET TROJAN HTA.BabyShark Checkin (trojan.rules)
2027366 - ET TROJAN Mirai Variant Checkin Response (trojan.rules)
2027367 - ET DNS Query for Suspicious shell .now .sh Domain (dns.rules)
2027368 - ET WEB_SPECIFIC_APPS Cisco Prime Infrastruture RCE - CVE-2019-1821 (web_specific_apps.rules)

Pro:

2836372 - ETPRO TROJAN Observed Malicious SSL Cert (FIN7 GRIFFON CnC) (trojan.rules)
2836373 - ETPRO TROJAN FIN7 GRIFFON CnC Domain in DNS Lookup (trojan.rules)
2836374 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-05-20 1) (trojan.rules)
2836375 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-05-20 2) (trojan.rules)
2836376 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-05-20 3) (trojan.rules)
2836377 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-05-20 4) (trojan.rules)
2836378 - ETPRO TROJAN Zipped LNK Download - Likely Astaroth (trojan.rules)
2836379 - ETPRO CURRENT_EVENTS Successful Google Account Phish 2019-05-20 (current_events.rules)
2836380 - ETPRO CURRENT_EVENTS Successful UniCredit Bank Phish 2019-05-20 (current_events.rules)
2836381 - ETPRO CURRENT_EVENTS Successful Vodafone Phish 2019-05-20 (current_events.rules)
2836382 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish 2019-05-20 (current_events.rules)
2836383 - ETPRO CURRENT_EVENTS Successful Desjardins Phish 2019-05-20 (current_events.rules)
2836384 - ETPRO CURRENT_EVENTS Successful Desjardins Phish 2019-05-20 (current_events.rules)
2836385 - ETPRO CURRENT_EVENTS Successful Verizon Phish 2019-05-20 (current_events.rules)
2836386 - ETPRO CURRENT_EVENTS Successful Verified by VISA Phish 2019-05-20 (current_events.rules)
2836387 - ETPRO CURRENT_EVENTS Successful TD Bank Phish 2019-05-20 (current_events.rules)
2836388 - ETPRO CURRENT_EVENTS Successful Amazon Phish 2019-05-20 (current_events.rules)
2836389 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information Phish 2019-05-20 (current_events.rules)
2836390 - ETPRO CURRENT_EVENTS Successful Bethpage Federal Credit Union Phish 2019-05-20 (current_events.rules)
2836391 - ETPRO CURRENT_EVENTS Successful Sparkasse Phish 2019-05-20 (current_events.rules)
2836392 - ETPRO CURRENT_EVENTS Successful Caixa Phish 2019-05-20 (current_events.rules)
2836393 - ETPRO CURRENT_EVENTS Successful Santander Phish 2019-05-20 (current_events.rules)
2836394 - ETPRO CURRENT_EVENTS Successful Santander Phish 2019-05-20 (current_events.rules)
2836395 - ETPRO CURRENT_EVENTS Successful TCF Bank Phish 2019-05-20 (current_events.rules)
2836396 - ETPRO CURRENT_EVENTS Successful TCF Bank Phish 2019-05-20 (current_events.rules)
2836397 - ETPRO CURRENT_EVENTS Successful Bank of America Phish 2019-05-20 (current_events.rules)
2836398 - ETPRO CURRENT_EVENTS Successful Bank of America Phish 2019-05-20 (current_events.rules)
2836399 - ETPRO CURRENT_EVENTS Successful Capital One Phish 2019-05-20 (current_events.rules)
2836400 - ETPRO CURRENT_EVENTS Possible SilentLibrarian University Phishing Landing M1 2019-05-20 (current_events.rules)
2836401 - ETPRO CURRENT_EVENTS Possible SilentLibrarian University Phishing Landing M2 2019-05-20 (current_events.rules)
2836402 - ETPRO MALWARE ElementsBrowser PUA Checkin (malware.rules)
2836403 - ETPRO TROJAN MSIL/Kryptik.RIK CnC Checkin (trojan.rules)
2836404 - ETPRO TROJAN Unusual Content-Type (urlenc1oded) on Post (trojan.rules)
2836405 - ETPRO USER_AGENTS Invalid Mac OS X User-Agent (Mac OS X x.y) (user_agents.rules)
2836406 - ETPRO TROJAN MSIL/Agent.BSY Variant Initial Check-in (trojan.rules)

[///]     Modified active rules:     [///]

2026859 - ET TROJAN Observed Malicious SSL Cert (Donot Group/APT-C-35 CnC) (trojan.rules)
2027298 - ET TROJAN Observed Malicious SSL Cert (DonotGroup CnC) (trojan.rules)
2835266 - ETPRO MOBILE_MALWARE Observed Malicious SSL Cert (DonotGroup Android CnC) (mobile_malware.rules)
2836062 - ETPRO TROJAN Observed Malicious SSL Cert (FIN7 GRIFFON CnC) (trojan.rules)
2836129 - ETPRO TROJAN Observed Malicious SSL Cert (Possible DonotGroup CnC) (trojan.rules)

Date:
Summary title:
4 new Open, 39 new Pro (4 + 35). SSL Cert (FIN7), Astaroth, MSIL/Kryptik.RIK, CVE-2019-1821, Various Phishing.