Daily Ruleset Update Summary
Daily Ruleset Update Summary 2019/07/15

[***]            Summary:            [***]

5 new Open, 33 new Pro (5 + 28). Atlassian Jira CVE-2019-11581, APT Sarhurst/Husar/Hussarini/Hassar, Various Phishing.

[+++]          Added rules:          [+++]

Open:

2027707 - ET TROJAN Possible APT Sarhurst/Husar/Hussarini/Hassar CnC Check Response (trojan.rules)
2027708 - ET TROJAN Possible APT Sarhurst/Husar/Hussarini/Hassar CnC Command Response (trojan.rules)
2027709 - ET TROJAN Possible APT Sarhurst/Husar/Hussarini/Hassar CnC POST (trojan.rules)
2027710 - ET TROJAN Possible APT Sarhurst/Husar/Hussarini/Hassar CnC GET (trojan.rules)
2027711 - ET WEB_SPECIFIC_APPS Atlassian JIRA Template Injection RCE (CVE-2019-11581) (web_specific_apps.rules)

Pro:

2837496 - ETPRO POLICY External IP Address Lookup via uc .cn (policy.rules)
2837497 - ETPRO POLICY Empty User-Agent Header (policy.rules)
2837498 - ETPRO MALWARE Win32/Spddubi Checking in System Information (malware.rules)
2837499 - ETPRO CURRENT_EVENTS Successful Generic Webmail Session Expired Phish 2019-07-15 (current_events.rules)
2837500 - ETPRO CURRENT_EVENTS Successful DHL Phish 2019-07-15 (current_events.rules)
2837501 - ETPRO CURRENT_EVENTS Successful Microsoft Account Voicemail Phish 2019-07-15 (current_events.rules)
2837502 - ETPRO CURRENT_EVENTS Successful Yahoo Phish 2019-07-15 (current_events.rules)
2837503 - ETPRO CURRENT_EVENTS Successful Banca Sella Phish 2019-07-15 (current_events.rules)
2837504 - ETPRO CURRENT_EVENTS Successful Generic Mail Error Report Phish 2019-07-15 (current_events.rules)
2837505 - ETPRO CURRENT_EVENTS Successful Banca Sella Phish 2019-07-15 (current_events.rules)
2837506 - ETPRO CURRENT_EVENTS Successful Commonwealth Bank Phish 2019-07-15 (current_events.rules)
2837507 - ETPRO CURRENT_EVENTS Successful Barclays Phish 2019-07-15 (current_events.rules)
2837508 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-07-15 1) (trojan.rules)
2837509 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-07-15 2) (trojan.rules)
2837510 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-07-15 3) (trojan.rules)
2837511 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-07-15 4) (trojan.rules)
2837512 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-07-15 5) (trojan.rules)
2837513 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-07-15 6) (trojan.rules)
2837514 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-07-15 7) (trojan.rules)
2837515 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-07-15 8) (trojan.rules)
2837516 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-07-15 9) (trojan.rules)
2837517 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-07-15 10) (trojan.rules)
2837518 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-07-15 11) (trojan.rules)
2837519 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-07-15 12) (trojan.rules)
2837520 - ETPRO CURRENT_EVENTS Successful SF Express Phish 2019-07-15 (current_events.rules)
2837521 - ETPRO CURRENT_EVENTS Successful ASB Phish 2019-07-15 (current_events.rules)
2837522 - ETPRO CURRENT_EVENTS Successful Yahoo Phish 2019-07-15 (current_events.rules)
2837523 - ETPRO CURRENT_EVENTS Successful Bank of America Phish 2019-07-15 (current_events.rules)

[///]     Modified active rules:     [///]

2027677 - ET TROJAN Godlua Backdoor Downloading Encrypted Lua (trojan.rules)
2027694 - ET MALWARE Observed OSX/PremierOpinionD Collection Domain in TLS SNI (malware.rules)
2837219 - ETPRO MALWARE InstallPortal Glority User-Agent (malware.rules)
2837434 - ETPRO CURRENT_EVENTS Successful BB&T Phish 2019-07-10 (current_events.rules)

Date:
Summary title:
5 new Open, 33 new Pro (5 + 28). Atlassian Jira CVE-2019-11581, APT Sarhurst/Husar/Hussarini/Hassar, Various Phishing.