Daily Ruleset Update Summary
Daily Ruleset Update Summary 2019/06/17

[***]            Summary:            [***]

7 new Open, 42 new Pro (7 + 35). TrustViewer, DCRS/DarkCrystal, Asustor NAS, ASUS N300, Various Phishing.

[+++]          Added rules:          [+++]

Open:

2027479 - ET TROJAN Chafer Win32/TREKX Uploading to CnC (trojan.rules)
2027480 - ET TROJAN Chafer Win32/TREKX Uploading to CnC (Modified CAB) (trojan.rules)
2027481 - ET TROJAN Chafer CnC Domain in DNS Lookup (trojan.rules)
2027482 - ET TROJAN Chafer CnC Domain in DNS Lookup (trojan.rules)
2027483 - ET TROJAN Chafer CnC Domain in DNS Lookup (trojan.rules)
2027484 - ET USER_AGENTS Suspicious UA Observed (YourUserAgent) (user_agents.rules)
2027485 - ET TROJAN Observed Malicious SSL Cert (IcedID CnC) (trojan.rules)

Pro:

2836860 - ETPRO TROJAN Win32/Unk.SEE_N02 CnC Keep-Alive (Outbound) (trojan.rules)
2836862 - ETPRO TROJAN ELF/HITTA Bot CnC Checkin (trojan.rules)
2836863 - ETPRO TROJAN ELF/HITTA Bot Infection Status Inbound (trojan.rules)
2836864 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL 2019-06-17) (current_events.rules)
2836865 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information Phish 2019-06-17 (current_events.rules)
2836866 - ETPRO CURRENT_EVENTS Successful Virgin Money Phish 2019-06-17 (current_events.rules)
2836867 - ETPRO CURRENT_EVENTS Successful OneDrive Phish 2019-06-17 (current_events.rules)
2836868 - ETPRO CURRENT_EVENTS Successful Bank of America Phish 2019-06-17 (current_events.rules)
2836869 - ETPRO CURRENT_EVENTS Successful Facebook Phish 2019-06-17 (current_events.rules)
2836870 - ETPRO CURRENT_EVENTS Successful LandesBank Berlin Phish 2019-06-17 (current_events.rules)
2836871 - ETPRO CURRENT_EVENTS Successful Generic Multiwebmail Phish 2019-06-17 (current_events.rules)
2836872 - ETPRO CURRENT_EVENTS Successful Santander Phish 2019-06-17 (current_events.rules)
2836873 - ETPRO CURRENT_EVENTS Successful Generic SSN Phish 2019-06-17 (current_events.rules)
2836874 - ETPRO CURRENT_EVENTS Successful Snapchat Phish 2019-06-17 (current_events.rules)
2836875 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information Phish 2019-06-17 (current_events.rules)
2836876 - ETPRO CURRENT_EVENTS Successful Generic Facebook Phish 2019-06-17 (current_events.rules)
2836877 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish 2019-06-17 (current_events.rules)
2836878 - ETPRO CURRENT_EVENTS Successful AT&T Phish 2019-06-17 (current_events.rules)
2836879 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-06-17 1) (trojan.rules)
2836880 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-06-17 2) (trojan.rules)
2836881 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-06-17 3) (trojan.rules)
2836882 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-06-17 4) (trojan.rules)
2836883 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-06-17 5) (trojan.rules)
2836884 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-06-17 6) (trojan.rules)
2836885 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-06-17 7) (trojan.rules)
2836886 - ETPRO POLICY TrustViewer Remote Access Initial Response (policy.rules)
2836887 - ETPRO POLICY TrustViewer Remote Access Request (policy.rules)
2836888 - ETPRO MOBILE_MALWARE Android/RogueUrl PUA Checkin (mobile_malware.rules)
2836889 - ETPRO TROJAN MSIL/Agent.SZ CnC checkin (trojan.rules)
2836890 - ETPRO TROJAN Observed Malicious SSL Cert (DCRS/DarkCrystal RAT CnC) (trojan.rules)
2836891 - ETPRO TROJAN DCRS/DarkCrystal RAT Requesting Additional Modules (trojan.rules)
2836892 - ETPRO EXPLOIT Asustor NAS Appliance Unauthenticated OS Command Injection Inbound (CVE-2018-11510) (exploit.rules)
2836893 - ETPRO EXPLOIT Asustor NAS appliance Unauthenticated OS Command Injection Outbound (CVE-2018-11510) (exploit.rules)
2836894 - ETPRO EXPLOIT ASUS Wireless-N300 ADSL Modem Router Authenticated Remote Command Execution Inbound (CVE-2018-15887) (exploit.rules)
2836895 - ETPRO EXPLOIT ASUS Wireless-N300 ADSL Modem Router Authenticated Remote Command Execution Outbound (CVE-2018-15887) (exploit.rules)

[///]     Modified active rules:     [///]

2834306 - ETPRO CURRENT_EVENTS Successful CIBC Phish 2019-01-09 (current_events.rules)
2836787 - ETPRO CURRENT_EVENTS Successful Dropbox Multiwebmail Phish 2019-06-11


[---]  Disabled and modified rules:  [---]

2835770 - ETPRO CURRENT_EVENTS Successful CIBC Phish 2019-04-07 (current_events.rules)
2835771 - ETPRO CURRENT_EVENTS Successful CIBC Phish 2019-04-07 (current_events.rules)

Date:
Summary title:
7 new Open, 42 new Pro (7 + 35). TrustViewer, DCRS/DarkCrystal, Asustor NAS, ASUS N300, Various Phishing.