Daily Ruleset Update Summary
Daily Ruleset Update Summary 2019/07/03

[***]            Summary:            [***]

9 new Open, 48 new Pro (9 + 38).  APT34, Godlua, Android.Hiddad.FCD, Various SSL/TLS, Various Phish.

Please share issues, feedback, and requests at https://feedback.emergingthreats.net/feedback

[+++]          Added rules:          [+++]

Open:

2027669 - ET TROJAN Observed Turla/APT34 CnC Domain Domain (dubaiexpo2020 .cf in TLS SNI) (trojan.rules)
2027670 - ET TROJAN Observed Malicious SSL Cert (Turla/APT34 CnC Domain) (trojan.rules)
2027671 - ET POLICY Cloudflare DNS Over HTTPS Certificate Inbound (policy.rules)
2027672 - ET TROJAN Godlua Backdoor Stage-3 Client Heartbeat (Jun 2019- Dec 2019) (set) (trojan.rules)
2027673 - ET TROJAN Godlua Backdoor Stage-3 Client Heartbeat (Dec 2019- Jul 2020) (set) (trojan.rules)
2027674 - ET TROJAN Godlua Backdoor Stage-3 Client Heartbeat (Jul 2020- Jan 2021) (set) (trojan.rules)
2027675 - ET TROJAN Godlua Backdoor Stage-3 Server Heartbeat Reply (Jun 2019 - Sep 2020) (trojan.rules)
2027676 - ET TROJAN Godlua Backdoor Stage-3 Server Heartbeat Reply (Sep 2020 - Nov 2023) (trojan.rules)
2027677 - ET TROJAN Godlua Backdoor Downloading Encrypted Lua (trojan.rules)

Pro:

2837196 - ETPRO MOBILE_MALWARE Android/Hiddad.FCD Checkin 2 (mobile_malware.rules)
2837197 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (EvilVBS DL 2019-07-03) (current_events.rules)
2837198 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC) (trojan.rules)
2837199 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL 2019-07-03) (current_events.rules)
2837200 - ETPRO CURRENT_EVENTS Successful Argenta Phish 2019-07-03 (current_events.rules)
2837201 - ETPRO CURRENT_EVENTS Successful Generic T.Goe Phish 2019-07-03 (current_events.rules)
2837202 - ETPRO CURRENT_EVENTS Successful Generic Banking Phish 2019-07-03 (current_events.rules)
2837203 - ETPRO CURRENT_EVENTS Successful Gmail Phish 2019-07-03 (current_events.rules)
2837204 - ETPRO CURRENT_EVENTS Successful Paypal DE Phish 2019-07-03 (current_events.rules)
2837205 - ETPRO CURRENT_EVENTS Successful Instagram Phish 2019-07-03 (current_events.rules)
2837206 - ETPRO CURRENT_EVENTS Successful Outlook Web App Phish 2019-07-03 (current_events.rules)
2837207 - ETPRO CURRENT_EVENTS Successful TD Bank Phish 2019-07-03 (current_events.rules)
2837208 - ETPRO CURRENT_EVENTS Successful Banco Nacional Phish 2019-07-03 (current_events.rules)
2837209 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information Phish 2019-07-03 (current_events.rules)
2837210 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information Phish 2019-07-03 (current_events.rules)
2837211 - ETPRO CURRENT_EVENTS Successful Simplii Phish 2019-07-03 (current_events.rules)
2837212 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information Phish 2019-07-03 (current_events.rules)
2837213 - ETPRO CURRENT_EVENTS Successful Netflix Phish 2019-07-03 (current_events.rules)
2837214 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information Phish 2019-07-03 (current_events.rules)
2837215 - ETPRO CURRENT_EVENTS Successful Chase Phish 2019-07-03 (current_events.rules)
2837216 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information Phish 2019-07-03 (current_events.rules)
2837217 - ETPRO CURRENT_EVENTS Successful USAA Phish 2019-07-03 (current_events.rules)
2837218 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information Phish 2019-07-03 (current_events.rules)
2837219 - ETPRO MALWARE InstallPortal Glority User-Agent (malware.rules)
2837220 - ETPRO MALWARE PPI Download Assistant User-Agent (malware.rules)
2837221 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-07-03 1) (trojan.rules)
2837222 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-07-03 2) (trojan.rules)
2837223 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-07-03 3) (trojan.rules)
2837224 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-07-03 4) (trojan.rules)
2837225 - ETPRO TROJAN Win32/AgentBypass Variant Check-in (trojan.rules)
2837226 - ETPRO TROJAN PowerPho Powershell Activity M1 (trojan.rules)
2837227 - ETPRO TROJAN PowerPho Powershell Activity M2 (trojan.rules)
2837228 - ETPRO EXPLOIT Unk JSP WebShell - Possible Upload M1 (exploit.rules)
2837229 - ETPRO EXPLOIT Unk JSP WebShell - Possible Upload M2 (exploit.rules)
2837230 - ETPRO TROJAN Possible Unk JSP WebShell Access M1 (trojan.rules)
2837231 - ETPRO TROJAN Possible Unk JSP WebShell Access M2 (trojan.rules)
2837232 - ETPRO TROJAN Possible Unk JSP WebShell Access M3 (trojan.rules)
2837233 - ETPRO TROJAN Possible Unk JSP WebShell Access M4 (trojan.rules)
2837234 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC) (trojan.rules)

[///]     Modified active rules:     [///]

2816720 - ETPRO MOBILE_MALWARE Android/AdDisplay.Kuguo.V Checkin (mobile_malware.rules)

Date:
Summary title:
9 new Open, 48 new Pro (9 + 38). APT34, Godlua, Android.Hiddad.FCD, Various SSL/TLS, Various Phish.