Daily Ruleset Update Summary
Daily Ruleset Update Summary 2019/05/22

[***]            Summary:            [***]

2 new Open, 21 new Pro (2 + 19). Win32/Nitol.DDoS Variant, Skull Stealer, Various Phishing.

[+++]          Added rules:          [+++]

Open:

2027372 - ET POLICY External IP Lookup - iplocation .truevue .org (policy.rules)
2027373 - ET POLICY Observed DNS Query to External IP Lookup Domain (iplocation .truevue .org) (policy.rules)

Pro:

2836429 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-05-22 1) (trojan.rules)
2836430 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-05-22 2) (trojan.rules)
2836431 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL 2019-05-22) (current_events.rules)
2836432 - ETPRO TROJAN Win32/Nitol.DDoS Variant CnC Checkin (trojan.rules)
2836433 - ETPRO TROJAN Win32/Unk.Various Service Bruter CnC Activity (trojan.rules)
2836434 - ETPRO TROJAN ELF/Unk.Various Service Bruter CnC Checkin (trojan.rules)
2836435 - ETPRO CURRENT_EVENTS Successful Docusign Phish 2019-05-22 (current_events.rules)
2836436 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish 2019-05-22 (current_events.rules)
2836437 - ETPRO CURRENT_EVENTS Successful Vat-Unionbank Phish 2019-05-22 (current_events.rules)
2836438 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish 2019-05-22 (current_events.rules)
2836439 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish 2019-05-22 (current_events.rules)
2836440 - ETPRO CURRENT_EVENTS Successful Bank of America Phish 2019-05-22 (current_events.rules)
2836441 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish 2019-05-22 (current_events.rules)
2836442 - ETPRO CURRENT_EVENTS Successful BMO Phish 2019-05-22 (current_events.rules)
2836443 - ETPRO CURRENT_EVENTS Successful BMO Phish 2019-05-22 (current_events.rules)
2836444 - ETPRO CURRENT_EVENTS Successful Aruba.it Webmail Phish 2019-05-22 (current_events.rules)
2836445 - ETPRO CURRENT_EVENTS Successful Banco Inter Phish 2019-05-22 (current_events.rules)
2836446 - ETPRO CURRENT_EVENTS Successful Generic Email Deactivation Phish 2019-05-22 (current_events.rules)
2836448 - ETPRO TROJAN Skull Stealer Exfil via SMTP (trojan.rules)

[///]     Modified active rules:     [///]

2014380 - ET POLICY HTTP POST invalid method case outbound (policy.rules)
2018358 - ET INFO GENERIC SUSPICIOUS POST to Dotted Quad with Fake Browser 1 (info.rules)
2018452 - ET TROJAN CryptoWall Check-in (trojan.rules)
2018496 - ET TROJAN Win32/Geodo Checkin (trojan.rules)
2018958 - ET TROJAN Worm.Win32.Vobfus Checkin 3 (trojan.rules)
2018981 - ET TROJAN Probable OneLouder downloader (Zeus P2P) (trojan.rules)
2018983 - ET TROJAN Probable OneLouder downloader (Zeus P2P) (trojan.rules)
2019344 - ET CURRENT_EVENTS FAKEIE Minimal Headers (flowbit set) (current_events.rules)
2019728 - ET WEB_SPECIFIC_APPS Wordpress Slideshow Gallery 1.4.6 - Shell Upload (web_specific_apps.rules)
2019881 - ET TROJAN Chthonic Check-in (trojan.rules)
2022609 - ET TROJAN Panda Banker CnC (trojan.rules)
2026461 - ET CURRENT_EVENTS Possible Locky Payload DL Sept 26 2017 M3 (current_events.rules)
2027370 - ET TROJAN Suspected ExtraPulsar Backdoor (trojan.rules)
2804626 - ETPRO MALWARE Rogue.Win32/FakeRean Checkin (malware.rules)
2809859 - ETPRO TROJAN Win32/Injector.BUVU CnC Beacon (trojan.rules)
2815817 - ETPRO CURRENT_EVENTS Possible Nuclear EK Flash URI Struct Jan 14 M1 (current_events.rules)
2816356 - ETPRO TROJAN W32/Carbanak.A CnC Beacon (trojan.rules)
2816895 - ETPRO CURRENT_EVENTS Possible Nuclear EK Payload URI Struct Apr 04 (current_events.rules)
2816909 - ETPRO CURRENT_EVENTS Possible Nuclear EK Flash URI Struct Apr 05 M1 (current_events.rules)
2816910 - ETPRO CURRENT_EVENTS Possible Nuclear EK Flash URI Struct Apr 05 M1 (current_events.rules)
2821615 - ETPRO CURRENT_EVENTS Possible MalDoc Download Request (set) (current_events.rules)
2828060 - ETPRO TROJAN W32/Emotet.v4 Checkin Fake 404 Payload Response (trojan.rules)

[---]  Disabled and modified rules:  [---]

2020865 - ET CURRENT_EVENTS Nuclear EK Landing Apr 08 2015 (current_events.rules)
2806357 - ETPRO WEB_CLIENT Microsoft Internet Explorer Use-After-Free (web_client.rules)

[---]         Disabled rules:        [---]

2828865 - ETPRO WEB_CLIENT MS IE 11 OOB Write Vulnerability (CVE-2017-11907) (web_client.rules)

Date:
Summary title:
2 new Open, 21 new Pro (2 + 19). Win32/Nitol.DDoS Variant, Skull Stealer, Various Phishing.