Daily Ruleset Update Summary
Daily Ruleset Update Summary 2019/07/02

[***]            Summary:            [***]

18 new Open, 47 new Pro (18 + 29).  APT32, Godlua, Ratsnif, Various Phish.

Please share issues, feedback, and requests at https://feedback.emergingthreats.net/feedback

[+++]          Added rules:          [+++]

Open:

2027651 - ET TROJAN Win32/Unk HeavensGate Loader CnC in DNS Lookup (trojan.rules)
2027652 - ET TROJAN Win32/Unk HeavensGate Loader CnC in DNS Lookup (trojan.rules)
2027653 - ET TROJAN Win32/Unk HeavensGate Loader CnC in DNS Lookup (trojan.rules)
2027654 - ET TROJAN APT32 CnC in DNS Lookup (trojan.rules)
2027655 - ET TROJAN APT32 CnC in DNS Lookup (trojan.rules)
2027656 - ET TROJAN APT32 Win32/Ratsnif POSTing Log Message to CnC (trojan.rules)
2027657 - ET TROJAN APT32 Win32/Ratsnif Submitting Output of Command to CnC (trojan.rules)
2027658 - ET TROJAN APT32 Win32/Ratsnif Requesting Command from CnC (trojan.rules)
2027659 - ET TROJAN APT32 Win32/Ratsnif CnC Checkin (trojan.rules)
2027660 - ET TROJAN Win32/Remcos RAT Checkin 109 (trojan.rules)
2027661 - ET TROJAN Operation Tripoli Related CnC Checkin (trojan.rules)
2027662 - ET TROJAN Observed Godlua Backdoor Domain (helegedada .github .io in TLS SNI) (trojan.rules)
2027663 - ET TROJAN Observed Godlua Backdoor Domain (dd .heheda .tk in TLS SNI) (trojan.rules)
2027664 - ET TROJAN Observed Godlua Backdoor Domain (d .heheda .tk in TLS SNI) (trojan.rules)
2027665 - ET TROJAN Observed Godlua Backdoor Domain (c .heheda .tk in TLS SNI) (trojan.rules)
2027666 - ET TROJAN Observed Godlua Backdoor Domain (dd .cloudappconfig .com in TLS SNI) (trojan.rules)
2027667 - ET TROJAN Observed Godlua Backdoor Domain (d .cloudappconfig .com in TLS SNI) (trojan.rules)
2027668 - ET TROJAN Observed Godlua Backdoor Domain (c .cloudappconfig .com in TLS SNI) (trojan.rules)

Pro:

2837167 - ETPRO TROJAN Hancitor-fknmo Loader Checkin (trojan.rules)
2837168 - ETPRO TROJAN QCRAT CnC Activity (trojan.rules)
2837169 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL 2019-07-01) (current_events.rules)
2837170 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL 2019-07-01 2) (current_events.rules)
2837171 - ETPRO TROJAN SSL/TLS Certificate Observed (Cobalt) (trojan.rules)
2837172 - ETPRO CURRENT_EVENTS Successful HSBC FR Phish 2019-07-02 (current_events.rules)
2837173 - ETPRO CURRENT_EVENTS Successful Ebay DE Phish 2019-07-02 (current_events.rules)
2837174 - ETPRO CURRENT_EVENTS Successful Netflix Phish 2019-07-02 (current_events.rules)
2837175 - ETPRO CURRENT_EVENTS Successful Bank of America Phish 2019-07-02 (current_events.rules)
2837176 - ETPRO CURRENT_EVENTS Successful Visa Phish 2019-07-02 (current_events.rules)
2837177 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish 2019-07-02 (current_events.rules)
2837178 - ETPRO CURRENT_EVENTS Successful Banco Original Phish 2019-07-02 (current_events.rules)
2837179 - ETPRO CURRENT_EVENTS Successful CIBC Phish 2019-07-02 (current_events.rules)
2837180 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information Phish 2019-07-02 (current_events.rules)
2837181 - ETPRO CURRENT_EVENTS Successful Magalu Phish 2019-07-02 (current_events.rules)
2837182 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-07-02 1) (trojan.rules)
2837183 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-07-02 2) (trojan.rules)
2837184 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-07-02 3) (trojan.rules)
2837185 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-07-02 4) (trojan.rules)
2837186 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-07-02 5) (trojan.rules)
2837187 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-07-02 6) (trojan.rules)
2837188 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-07-02 7) (trojan.rules)
2837189 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-07-02 8) (trojan.rules)
2837190 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-07-02 9) (trojan.rules)
2837191 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-07-02 10) (trojan.rules)
2837192 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-07-02 11) (trojan.rules)
2837193 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-07-02 12) (trojan.rules)
2837194 - ETPRO INFO Outbound HTTP Request to Web4Africa VPS (info.rules)
2837195 - ETPRO TROJAN Observed Malicious SSL Cert (Variety Staging CnC) (trojan.rules)

[///]     Modified active rules:     [///]

2836975 - ETPRO TROJAN AndroMut Checkin (trojan.rules)
2837093 - ETPRO TROJAN Inbound DDE PowerShell String - Likely MalDoc Related (trojan.rules)

Date:
Summary title:
18 new Open, 47 new Pro (18 + 29). APT32, Godlua, Ratsnif, Various Phish.