Daily Ruleset Update Summary
Daily Ruleset Update Summary 2019/06/27

[***]            Summary:            [***]

55 new Open, 88 new Pro (55 + 33). Gift Cardshark, Inbound DDE PowerShell String, Embedded .wmf RTF Downloader,  Win32/Remcos RAT Checkin 100(!), Various Phishing.

Please share issues, feedback, and requests at: https://feedback.emergingthreats.net/feedback

[+++]          Added rules:          [+++]

Open:

2027567 - ET TROJAN Gift Cardshark CnC Domain in DNS Lookup (trojan.rules)
2027568 - ET TROJAN Gift Cardshark CnC Domain in DNS Lookup (trojan.rules)
2027569 - ET TROJAN Gift Cardshark CnC Domain in DNS Lookup (trojan.rules)
2027570 - ET TROJAN Gift Cardshark CnC Domain in DNS Lookup (trojan.rules)
2027571 - ET TROJAN Gift Cardshark CnC Domain in DNS Lookup (trojan.rules)
2027572 - ET TROJAN Gift Cardshark CnC Domain in DNS Lookup (trojan.rules)
2027573 - ET TROJAN Gift Cardshark CnC Domain in DNS Lookup (trojan.rules)
2027574 - ET TROJAN Gift Cardshark CnC Domain in DNS Lookup (trojan.rules)
2027575 - ET TROJAN Gift Cardshark CnC Domain in DNS Lookup (trojan.rules)
2027576 - ET TROJAN Gift Cardshark CnC Domain in DNS Lookup (trojan.rules)
2027577 - ET TROJAN Gift Cardshark CnC Domain in DNS Lookup (trojan.rules)
2027578 - ET TROJAN Gift Cardshark CnC Domain in DNS Lookup (trojan.rules)
2027579 - ET TROJAN Gift Cardshark CnC Domain in DNS Lookup (trojan.rules)
2027580 - ET TROJAN Gift Cardshark CnC Domain in DNS Lookup (trojan.rules)
2027581 - ET TROJAN Gift Cardshark CnC Domain in DNS Lookup (trojan.rules)
2027582 - ET TROJAN Gift Cardshark CnC Domain in DNS Lookup (trojan.rules)
2027583 - ET TROJAN Gift Cardshark CnC Domain in DNS Lookup (trojan.rules)
2027584 - ET TROJAN Gift Cardshark CnC Domain in DNS Lookup (trojan.rules)
2027585 - ET TROJAN Gift Cardshark CnC Domain in DNS Lookup (trojan.rules)
2027586 - ET TROJAN Gift Cardshark CnC Domain in DNS Lookup (trojan.rules)
2027587 - ET TROJAN Gift Cardshark CnC Domain in DNS Lookup (trojan.rules)
2027588 - ET TROJAN Gift Cardshark CnC Domain in DNS Lookup (trojan.rules)
2027589 - ET TROJAN Gift Cardshark CnC Domain in DNS Lookup (trojan.rules)
2027590 - ET TROJAN Gift Cardshark CnC Domain in DNS Lookup (trojan.rules)
2027591 - ET TROJAN Gift Cardshark CnC Domain in DNS Lookup (trojan.rules)
2027592 - ET TROJAN Gift Cardshark CnC Domain in DNS Lookup (trojan.rules)
2027593 - ET TROJAN Gift Cardshark CnC Domain in DNS Lookup (trojan.rules)
2027594 - ET TROJAN Gift Cardshark CnC Domain in DNS Lookup (trojan.rules)
2027595 - ET TROJAN Gift Cardshark CnC Domain in DNS Lookup (trojan.rules)
2027596 - ET TROJAN Gift Cardshark CnC Domain in DNS Lookup (trojan.rules)
2027597 - ET TROJAN Gift Cardshark CnC Domain in DNS Lookup (trojan.rules)
2027598 - ET TROJAN Gift Cardshark CnC Domain in DNS Lookup (trojan.rules)
2027599 - ET TROJAN Gift Cardshark CnC Domain in DNS Lookup (trojan.rules)
2027600 - ET TROJAN Gift Cardshark CnC Domain in DNS Lookup (trojan.rules)
2027601 - ET TROJAN Gift Cardshark CnC Domain in DNS Lookup (trojan.rules)
2027602 - ET TROJAN Gift Cardshark CnC Domain in DNS Lookup (trojan.rules)
2027603 - ET TROJAN Gift Cardshark CnC Domain in DNS Lookup (trojan.rules)
2027604 - ET TROJAN Gift Cardshark CnC Domain in DNS Lookup (trojan.rules)
2027605 - ET TROJAN Gift Cardshark CnC Domain in DNS Lookup (trojan.rules)
2027606 - ET TROJAN Gift Cardshark CnC Domain in DNS Lookup (trojan.rules)
2027607 - ET TROJAN Gift Cardshark CnC Domain in DNS Lookup (trojan.rules)
2027608 - ET TROJAN Gift Cardshark CnC Domain in DNS Lookup (trojan.rules)
2027609 - ET TROJAN Gift Cardshark CnC Domain in DNS Lookup (trojan.rules)
2027610 - ET TROJAN Gift Cardshark CnC Domain in DNS Lookup (trojan.rules)
2027611 - ET TROJAN Gift Cardshark CnC Domain in DNS Lookup (trojan.rules)
2027612 - ET TROJAN Gift Cardshark CnC Domain in DNS Lookup (trojan.rules)
2027613 - ET TROJAN Gift Cardshark CnC Domain in DNS Lookup (trojan.rules)
2027614 - ET TROJAN Gift Cardshark CnC Domain in DNS Lookup (trojan.rules)
2027615 - ET TROJAN Gift Cardshark CnC Domain in DNS Lookup (trojan.rules)
2027616 - ET TROJAN Gift Cardshark CnC Domain in DNS Lookup (trojan.rules)
2027617 - ET TROJAN Gift Cardshark CnC Domain in DNS Lookup (trojan.rules)
2027618 - ET TROJAN Gift Cardshark CnC Domain in DNS Lookup (trojan.rules)
2027619 - ET TROJAN Observed Malicious SSL Cert (Quasar CnC) (trojan.rules)
2027620 - ET TROJAN Observed Malicious SSL Cert (Ursnif CnC) (trojan.rules)
2027621 - ET INFO SSL/TLS Certificate Observed (Lucy Phishing Awareness Default Certificate) (info.rules)

Pro:

2837092 - ETPRO TROJAN Win32/Various Unusual POST to ip-api .com (trojan.rules)
2837093 - ETPRO TROJAN Inbound DDE PowerShell String - Likely MalDoc Related (trojan.rules)
2837094 - ETPRO CURRENT_EVENTS Successful Bet365 Phish 2019-06-27 (current_events.rules)
2837095 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information Phish 2019-06-27 (current_events.rules)
2837096 - ETPRO TROJAN Embedded .wmf RTF Downloader with Minimal Headers (trojan.rules)
2837097 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information Phish 2019-06-27 (current_events.rules)
2837098 - ETPRO CURRENT_EVENTS Successful Standard Chartered Phish 2019-06-27 (current_events.rules)
2837099 - ETPRO CURRENT_EVENTS Successful Adobe ID Phish 2019-06-27 (current_events.rules)
2837100 - ETPRO CURRENT_EVENTS Successful Apple Phish 2019-06-27 (current_events.rules)
2837101 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-06-27 1) (trojan.rules)
2837102 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-06-27 2) (trojan.rules)
2837103 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-06-27 3) (trojan.rules)
2837104 - ETPRO CURRENT_EVENTS Successful AT&T Global Logon Phish 2019-06-27 (current_events.rules)
2837105 - ETPRO CURRENT_EVENTS Successful Netflix BR Phish 2019-06-27 (current_events.rules)
2837106 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information Phish 2019-06-27 (current_events.rules)
2837107 - ETPRO CURRENT_EVENTS Successful NatWest Phish 2019-06-27 (current_events.rules)
2837108 - ETPRO TROJAN PsiXBot CnC in DNS Lookup (trojan.rules)
2837109 - ETPRO TROJAN PsiXBot CnC in DNS Lookup (trojan.rules)
2837110 - ETPRO TROJAN PsiXBot CnC in DNS Lookup (trojan.rules)
2837111 - ETPRO TROJAN PsiXBot CnC in DNS Lookup (trojan.rules)
2837112 - ETPRO TROJAN Observed Malicious SSL Cert (CobInt CnC) (trojan.rules)
2837113 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif Worker CnC) (trojan.rules)
2837114 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif Worker CnC) (trojan.rules)
2837115 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif Worker CnC) (trojan.rules)
2837116 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif Loader CnC) (trojan.rules)
2837117 - ETPRO TROJAN Observed Malicious SSL Cert (ServHelper CnC) (trojan.rules)
2837118 - ETPRO TROJAN Observed Malicious SSL Cert (ServHelper CnC) (trojan.rules)
2837119 - ETPRO TROJAN Observed Malicious SSL Cert (ServHelper CnC) (trojan.rules)
2837120 - ETPRO TROJAN Observed Malicious SSL Cert (ServHelper CnC) (trojan.rules)
2837121 - ETPRO TROJAN Win32/Remcos RAT Checkin 100 (trojan.rules)

[///]     Modified active rules:     [///]

2018283 - ET TROJAN Possible Netwire RAT Client HeartBeat C2 (trojan.rules)
2825226 - ETPRO TROJAN Helminth/Oilrig CnC Beacon 2 (trojan.rules)
2837086 - ETPRO TROJAN Likely Evil - ScreenConnect Remote Admin Session Startup to DynDNS Host (trojan.rules)

Date:
Summary title:
55 new Open, 88 new Pro (55 + 33). Gift Cardshark, Inbound DDE PowerShell String, Embedded .wmf RTF Downloader, Win32/Remcos RAT Checkin 100(!), Various Phishing.