Daily Ruleset Update Summary
Daily Ruleset Update Summary 2019/06/13

[***]            Summary:            [***]

8 new Open, 31 new Pro (8 + 23).  FIN8, Smoke CnC, Vools CnC, Various Phish.

[+++]          Added rules:          [+++]

Open:

2027463 - ET TROJAN Observed Malicious SSL Cert (FIN8 ShellTea CnC) (trojan.rules)
2027464 - ET TROJAN Observed Malicious SSL Cert (FIN8 ShellTea CnC) (trojan.rules)
2027465 - ET TROJAN FIN8 ShellTea CnC in DNS Lookup (trojan.rules)
2027466 - ET TROJAN FIN8 ShellTea CnC in DNS Lookup (trojan.rules)
2027467 - ET TROJAN FIN8 ShellTea CnC in DNS Lookup (trojan.rules)
2027468 - ET TROJAN FIN8 ShellTea CnC in DNS Lookup (trojan.rules)
2027469 - ET TROJAN FIN8 ShellTea CnC in DNS Lookup (trojan.rules)
2027470 - ET TROJAN Win32/Vools Variant CnC Checkin (trojan.rules)

Pro:

2836814 - ETPRO TROJAN Observed Malicious SSL Cert (Win32/CoinMiner.BW) (trojan.rules)
2836815 - ETPRO POLICY Observed Valve/Steam Client Keep-Alive Outbound (policy.rules)
2836816 - ETPRO TROJAN Unk.MalDoc CnC Activity (trojan.rules)
2836817 - ETPRO TROJAN Unk.MalDoc CnC Activity M2 (trojan.rules)
2836818 - ETPRO CURRENT_EVENTS Successful Intuit Phish 2019-06-13 (current_events.rules)
2836819 - ETPRO CURRENT_EVENTS Successful BNP Paribas Phish 2019-06-13 (current_events.rules)
2836820 - ETPRO CURRENT_EVENTS Successful Banco Falabella Phish 2019-06-13 (current_events.rules)
2836821 - ETPRO CURRENT_EVENTS Successful ICS Phish 2019-06-13 (current_events.rules)
2836822 - ETPRO CURRENT_EVENTS Successful DHL Phish 2019-06-13 (current_events.rules)
2836823 - ETPRO CURRENT_EVENTS Successful Made in China Phish 2019-06-13 (current_events.rules)
2836824 - ETPRO CURRENT_EVENTS Successful Rabobank Phish 2019-06-13 (current_events.rules)
2836825 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information Phish 2019-06-13 (current_events.rules)
2836826 - ETPRO CURRENT_EVENTS Successful Linkedin Phish 2019-06-13 (current_events.rules)
2836827 - ETPRO CURRENT_EVENTS Successful Kiwi Bank Phish 2019-06-13 (current_events.rules)
2836828 - ETPRO CURRENT_EVENTS Successful CIBC Phish 2019-06-13 (current_events.rules)
2836829 - ETPRO CURRENT_EVENTS Successful CIBC Phish 2019-06-13 (current_events.rules)
2836830 - ETPRO CURRENT_EVENTS Successful Facebook Phish 2019-06-13 (current_events.rules)
2836831 - ETPRO CURRENT_EVENTS Successful Microsoft Office Account Phish 2019-06-13 (current_events.rules)
2836832 - ETPRO CURRENT_EVENTS Successful Generic Download Payment Receipt Phish 2019-06-13 (current_events.rules)
2836833 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-06-13 1) (trojan.rules)
2836834 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-06-13 2) (trojan.rules)
2836835 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-06-13 3) (trojan.rules)
2836836 - ETPRO TROJAN Sharik/Smoke CnC Beacon 14 (trojan.rules)

[///]     Modified active rules:     [///]

2022986 - ET TROJAN Likely Zbot Generic Request to gate.php Dotted-Quad (trojan.rules)
2027442 - ET EXPLOIT Possible Exim 4.87-4.91 RCE Attempt Inbound (CVE-2019-10149) (exploit.rules)
2836097 - ETPRO WEB_SPECIFIC_APPS Possible Oracle Weblogic wls9-async Deserialization RCE M1 (web_specific_apps.rules)
2836098 - ETPRO WEB_SPECIFIC_APPS Possible Oracle Weblogic wls9-async Deserialization RCE M2 (web_specific_apps.rules)
2836498 - ETPRO WEB_SPECIFIC_APPS Sonatype Nexus Repository Manager 3 - CVE-2019-7238 (web_specific_apps.rules)

Date:
Summary title:
8 new Open, 31 new Pro (8 + 23). FIN8, Smoke CnC, Vools CnC, Various Phish.