Daily Ruleset Update Summary
Daily Ruleset Update Summary 2019/06/11

[***]            Summary:            [***]

12 new Open, 34 new Pro (12 + 22).  Muddywater, Canary Tokens, Various Remote Command Injection, Various Phish.

[+++]          Added rules:          [+++]

Open:

2027450 - ET EXPLOIT Attempted Remote Command Injection Outbound (CVE-2019-3929) (exploit.rules)
2027451 - ET EXPLOIT Attempted Remote Command Injection Inbound (CVE-2019-3929) (exploit.rules)
2027452 - ET EXPLOIT Possible OpenDreamBox Attempted Remote Command Injection Outbound (exploit.rules)
2027453 - ET EXPLOIT Possible OpenDreamBox Attempted Remote Command Injection Inbound (exploit.rules)
2027454 - ET EXPLOIT Attempted Remote Command Injection Outbound (CVE-2018-7841) (exploit.rules)
2027455 - ET EXPLOIT Attempted Remote Command Injection Inbound (CVE-2018-7841) (exploit.rules)
2027456 - ET EXPLOIT Dell KACE Attempted Remote Command Injection Outbound (exploit.rules)
2027457 - ET EXPLOIT Dell KACE Attempted Remote Command Injection Inbound (exploit.rules)
2027458 - ET EXPLOIT Geutebruck Attempted Remote Command Injection Outbound (exploit.rules)
2027459 - ET EXPLOIT Geutebruck Attempted Remote Command Injection Inbound (exploit.rules)
2027460 - ET EXPLOIT Hootoo TripMate Attempted Remote Command Injection Outbound (exploit.rules)
2027461 - ET EXPLOIT Hootoo TripMate Attempted Remote Command Injection Inbound (exploit.rules)

Pro:

2836771 - ETPRO POLICY External IP Address Lookup via www .ip138 .com (policy.rules)
2836772 - ETPRO POLICY Observed SSL Cert (External IP Address Lookup - ip2location .com) (policy.rules)
2836773 - ETPRO TROJAN Win32/Fuery.B CnC Activity (trojan.rules)
2836774 - ETPRO CURRENT_EVENTS Successful Telus Phish 2019-06-11 (current_events.rules)
2836775 - ETPRO CURRENT_EVENTS Successful Verizon Phish 2019-06-11 (current_events.rules)
2836776 - ETPRO CURRENT_EVENTS Successful N26 Phish 2019-06-11 (current_events.rules)
2836777 - ETPRO CURRENT_EVENTS Successful Bank of America Phish 2019-06-11 (current_events.rules)
2836778 - ETPRO CURRENT_EVENTS Successful Adobe Phish 2019-06-11 (current_events.rules)
2836779 - ETPRO CURRENT_EVENTS Successful 1&1 Ionos Phish 2019-06-11 (current_events.rules)
2836780 - ETPRO CURRENT_EVENTS Successful Suntrust Bank Phish 2019-06-11 (current_events.rules)
2836781 - ETPRO CURRENT_EVENTS Successful Suntrust Phish 2019-06-11 (current_events.rules)
2836782 - ETPRO CURRENT_EVENTS Successful Linkedin Phish 2019-06-11 (current_events.rules)
2836783 - ETPRO CURRENT_EVENTS Successful Twitter Phish 2019-06-11 (current_events.rules)
2836784 - ETPRO CURRENT_EVENTS Successful OTP Mobil Simplepay Phish 2019-06-11 (current_events.rules)
2836785 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information Phish 2019-06-11 (current_events.rules)
2836786 - ETPRO CURRENT_EVENTS Successful Natwest Phish 2019-06-11 (current_events.rules)
2836787 - ETPRO CURRENT_EVENTS Successful Dropobox Multiwebmail Phish 2019-06-11 (current_events.rules)
2836788 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-06-11 1) (trojan.rules)
2836789 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-06-11 2) (trojan.rules)
2836790 - ETPRO POLICY Observed SSL Cert (Canarytokens) (policy.rules)
2836791 - ETPRO POLICY Observed HTTP Request to Canary Token Service (policy.rules)
2836792 - ETPRO TROJAN DELPHSTATS/Muddywater 2nd Stage Downloader Activity (trojan.rules)

[///]     Modified active rules:     [///]

2836309 - ETPRO CURRENT_EVENTS Successful Generic Phish (set) 2019-05-14 (current_events.rules)
2836743 - ETPRO TROJAN MuddyWaters PowerShell RAT Check-in (trojan.rules)
2836770 - ETPRO TROJAN Powerstats/Muddywater CnC 2nd Stage Activity M2 (trojan.rules)

[---]  Disabled and modified rules:  [---]

2821018 - ETPRO TROJAN CryptXXX Jul 07 2016 request for key (trojan.rules)

Date:
Summary title:
12 new Open, 34 new Pro (12 + 22). Muddywater, Canary Tokens, Various Remote Command Injection, Various Phish.