Daily Ruleset Update Summary
Daily Ruleset Update Summary 2019/07/04

[***]            Summary:            [***]

11 new Open, 52 new Pro (11 + 41).  MuddyWater, Ursnif, TRIPLESHOT, Win32/Hirina, Various DNS.

Please share issues, feedback, and requests at https://feedback.emergingthreats.net/feedback

[+++]          Added rules:          [+++]

Open:

2027678 - ET TROJAN Known Malicious Server in DNS Lookup (updatecache .com) (trojan.rules)
2027679 - ET CURRENT_EVENTS Successful France Ministry of Action and Public Accounts Phish 2019-07-04 (current_events.rules)
2027680 - ET CURRENT_EVENTS France Ministry of Action and Public Accounts Phish Landing (current_events.rules)
2027681 - ET TROJAN MuddyWater Payload Sending Screenshot to CnC (trojan.rules)
2027682 - ET TROJAN MuddyWater Payload Sending Command Output to CnC (trojan.rules)
2027683 - ET TROJAN MuddyWater Payload Registering with CnC (trojan.rules)
2027684 - ET TROJAN MuddyWater Payload Requesting Command from CnC (trojan.rules)
2027685 - ET TROJAN MuddyWater Payload CnC Checkin (trojan.rules)
2027686 - ET USER_AGENTS Suspicious Custom Firefox UA Observed (Firefox...) (user_agents.rules)
2027687 - ET TROJAN Observed Malicious SSL Cert (Ursnif CnC) (trojan.rules)
2027688 - ET TROJAN Observed Malicious SSL Cert (Ursnif CnC) (trojan.rules)

Pro:

2837235 - ETPRO CURRENT_EVENTS Suspicious Base64 Encoded ZIP Concat Technique in Batch Inbound (current_events.rules)
2837236 - ETPRO CURRENT_EVENTS Suspicious Base64 Encoded EXE Concat Technique in Batch Inbound (current_events.rules)
2837237 - ETPRO MOBILE_MALWARE Android/SmsReg.ZI CnC Response (mobile_malware.rules)
2837238 - ETPRO MALWARE Win32/DownloadAssistant.G Variant Checkin (malware.rules)
2837239 - ETPRO MALWARE Win32/OxyPumper Adware CnC Checkin (malware.rules)
2837240 - ETPRO INFO Suspicious HTTP 448 Response (info.rules)
2837241 - ETPRO MALWARE Win32/OxyPumper Adware Related Header Observed (malware.rules)
2837242 - ETPRO MALWARE Win32/OxyPumper Adware Related Header Observed (malware.rules)
2837243 - ETPRO USER_AGENTS Win32/OxyPumper Adware Related User-Agent Observed (user_agents.rules)
2837244 - ETPRO TROJAN Observed Malicious SSL Cert (Coinminer JS Host) (trojan.rules)
2837245 - ETPRO MALWARE Win32/Vopak Adware CnC Checkin (malware.rules)
2837246 - ETPRO POLICY Observed SSL Cert (Torrent Tracker) (policy.rules)
2837247 - ETPRO POLICY Observed SSL Cert (Torrent Tracker) (policy.rules)
2837248 - ETPRO TROJAN Win32/Hirina Loader CnC Checkin (trojan.rules)
2837249 - ETPRO TROJAN Win32/Remcos RAT Checkin 110 (trojan.rules)
2837250 - ETPRO MALWARE Win32/InstallCore.Gen.A Requesting Install Files (FlvPlayerSilent) (malware.rules)
2837251 - ETPRO MALWARE Win32 SoftwareBundler Reporting to CnC (malware.rules)
2837253 - ETPRO TROJAN PS/AveCaesar Stealer CnC in DNS Lookup (trojan.rules)
2837252 - ETPRO MALWARE Observed SSL Cert (Chistilka PUA) (malware.rules)
2837254 - ETPRO TROJAN Possible PS/AveCaesar Stage 2 Stealer Inbound (trojan.rules)
2837255 - ETPRO TROJAN PS/AveCaesar CnC Checkin (trojan.rules)
2837256 - ETPRO TROJAN PowerShell Coinminer Downloader Inbound (trojan.rules)
2837257 - ETPRO TROJAN Win32/Inno5Head CnC Checkin (trojan.rules)
2837258 - ETPRO TROJAN Win32/Inno5Head Dead CnC Response (trojan.rules)
2837259 - ETPRO TROJAN SILENTTRINITY PowerShell Stage 1 Reflective Loader Inbound M1 (trojan.rules)
2837260 - ETPRO TROJAN SILENTTRINITY PowerShell Stage 1 Reflective Loader Inbound M2 (trojan.rules)
2837261 - ETPRO TROJAN Win32/PsDownload.DFY CnC Checkin (trojan.rules)
2837262 - ETPRO TROJAN Win32/PsDownload.DFY Requesting Stage 2 Payload (trojan.rules)
2837263 - ETPRO CURRENT_EVENTS PowerShell Registry Reflective Loader Inbound (current_events.rules)
2837264 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC) (trojan.rules)
2837265 - ETPRO TROJAN Possible TRIPLESHOT CnC in DNS Query (trojan.rules)
2837266 - ETPRO TROJAN Possible TRIPLESHOT CnC in DNS Query (trojan.rules)
2837267 - ETPRO TROJAN Possible TRIPLESHOT CnC in DNS Query (trojan.rules)
2837268 - ETPRO TROJAN Possible TRIPLESHOT CnC in DNS Query (trojan.rules)
2837269 - ETPRO TROJAN TRIPLESHOT CnC in DNS Query (trojan.rules)
2837270 - ETPRO TROJAN TRIPLESHOT CnC in DNS Query (trojan.rules)
2837271 - ETPRO TROJAN TRIPLESHOT CnC in DNS Query (trojan.rules)
2837272 - ETPRO TROJAN TRIPLESHOT CnC in DNS Query (trojan.rules)
2837273 - ETPRO TROJAN TRIPLESHOT CnC in DNS Query (trojan.rules)
2837274 - ETPRO TROJAN TRIPLESHOT CnC in DNS Query (trojan.rules)
2837275 - ETPRO TROJAN TRIPLESHOT CnC in DNS Query (trojan.rules)

[///]     Modified active rules:     [///]

2836402 - ETPRO MALWARE ElementsBrowser PUA Checkin (malware.rules)

Date:
Summary title:
11 new Open, 52 new Pro (11 + 41). MuddyWater, Ursnif, TRIPLESHOT, Win32/Hirina, Various DNS.