Daily Ruleset Update Summary
Daily Ruleset Update Summary 2019/07/09

[***]            Summary:            [***]

2 new Open, 27 new Pro (2 + 25).  Smokeloader, Doney, Ursnif, Various Phish.

Please share issues, feedback, and requests at https://feedback.emergingthreats.net/feedback

[+++]          Added rules:          [+++]

Open:

2027694 - ET MALWARE Observed OSX/PremierOpinionD Collection Domain in TLS SNI (malware.rules)
2027695 - ET POLICY Observed Cloudflare DNS over HTTPS Domain (cloudflare-dns .com in TLS SNI) (policy.rules)

Pro:

2837329 - ETPRO MOBILE_MALWARE AdWare.AndroidOS.Ewind.jg GPS/Device Info Exfil (mobile_malware.rules)
2837330 - ETPRO TROJAN Observed Ursnif CnC Domain in TLS SNI (trojan.rules)
2837331 - ETPRO TROJAN Win32/Unk.Doney CnC Checkin (trojan.rules)
2837332 - ETPRO TROJAN Win32/Unk.Doney CnC Keep-Alive (trojan.rules)
2837333 - ETPRO CURRENT_EVENTS Successful Godaddy Phish 2019-07-09 (current_events.rules)
2837334 - ETPRO CURRENT_EVENTS Successful Zimbra Phish 2019-07-09 (current_events.rules)
2837335 - ETPRO CURRENT_EVENTS Successful Banco do Brazil Phish 2019-07-09 (current_events.rules)
2837336 - ETPRO CURRENT_EVENTS Successful Banco do Brazil Phish 2019-07-09 (current_events.rules)
2837337 - ETPRO CURRENT_EVENTS Successful Wells Fargo Phish 2019-07-09 (current_events.rules)
2837338 - ETPRO CURRENT_EVENTS Successful Wells Fargo Phish 2019-07-09 (current_events.rules)
2837339 - ETPRO CURRENT_EVENTS Successful Bank of America Phish 2019-07-09 (current_events.rules)
2837340 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information Phish 2019-07-09 (current_events.rules)
2837341 - ETPRO CURRENT_EVENTS Successful Santander Phish 2019-07-09 (current_events.rules)
2837342 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information Phish 2019-07-09 (current_events.rules)
2837343 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-07-09 1) (trojan.rules)
2837344 - ETPRO CURRENT_EVENTS Successful Banco Galicia Phish 2019-07-09 (current_events.rules)
2837345 - ETPRO CURRENT_EVENTS Successful Generic Phish (set) 2019-07-09 (current_events.rules)
2837346 - ETPRO CURRENT_EVENTS Successful SF Express Phish 2019-07-09 (current_events.rules)
2837347 - ETPRO CURRENT_EVENTS Successful Scotiabank Phish 2019-07-09 (current_events.rules)
2837348 - ETPRO CURRENT_EVENTS Successful Chase Phish 2019-07-09 (current_events.rules)
2837349 - ETPRO CURRENT_EVENTS Successful Chase Phish 2019-07-09 (current_events.rules)
2837350 - ETPRO CURRENT_EVENTS Successful Bank of America Phish 2019-07-09 (current_events.rules)
2837351 - ETPRO CURRENT_EVENTS Successful Santander Phish 2019-07-09 (current_events.rules)
2837352 - ETPRO CURRENT_EVENTS Successful Banco Itau Phish 2019-07-09 (current_events.rules)
2837353 - ETPRO TROJAN Sharik/Smokeloader CnC Beacon 15 (trojan.rules)

[---]  Disabled and modified rules:  [---]

2022868 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Quakbot CnC) (trojan.rules)

Date:
Summary title:
2 new Open, 27 new Pro (2 + 25). Smokeloader, Doney, Ursnif, Various Phish.