Daily Ruleset Update Summary
Daily Ruleset Update Summary 2019/07/29

[***]            Summary:            [***]

3 new Open, 21 new Pro (3 + 18). Phorpiex, ICMP Tunneling, W32/Azden, Various Phish.

Please share issues, feedback, and requests at https://feedback.emergingthreats.net/feedback

[+++]          Added rules:          [+++]

Open:

2027763 - ET TROJAN Possible ICMP Backdoor Tunnel Command - whoami (trojan.rules)
2027764 - ET CURRENT_EVENTS Successful Generic Adobe Phish 2019-07-29 (current_events.rules)
2027765 - ET POLICY External IP Lookup (extreme-ip-lookup .com) (policy.rules)

Pro:

2837733 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information Phish 2019-07-27 (current_events.rules)
2837735 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-07-29 1) (trojan.rules)
2837736 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-07-29 2) (trojan.rules)
2837737 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-07-29 3) (trojan.rules)
2837738 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-07-29 4) (trojan.rules)
2837739 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-07-29 5) (trojan.rules)
2837740 - ETPRO CURRENT_EVENTS Successful ING Phish 2019-07-29 (current_events.rules)
2837741 - ETPRO CURRENT_EVENTS Successful Orange FR Phish 2019-07-29 (current_events.rules)
2837742 - ETPRO CURRENT_EVENTS Successful Generic Phish 2019-07-29 (current_events.rules)
2837743 - ETPRO CURRENT_EVENTS Successful GMX Phish 2019-07-29 (current_events.rules)
2837744 - ETPRO CURRENT_EVENTS Successful Generic 000webhost Phish 2019-07-29 (current_events.rules)
2837745 - ETPRO INFO Suspicious SSL Cert with Repeated Generic Values in Cert Subject (info.rules)
2837746 - ETPRO INFO Suspicious SSL Cert with Repeated Generic Values in Cert Issuer (info.rules)
2837747 - ETPRO TROJAN Observed Malicious SSL Cert (PoshAdvisor CnC) (trojan.rules)
2837748 - ETPRO TROJAN Phorpiex RC4 Encrypted Payload Inbound via HTTP (1024 signature) (trojan.rules)
2837749 - ETPRO TROJAN Phorpiex RC4 Encrypted Payload Inbound via HTTP (2048 signature) (trojan.rules)
2837750 - ETPRO TROJAN Win32/Azden.A CnC Checkin (trojan.rules)
2837751 - ETPRO MALWARE Win32/Adposhel Adware Activity (malware.rules)

[///]     Modified active rules:     [///]

2801300 - ETPRO USER_AGENTS SUSPICIOUS UA Starting With IE6 (user_agents.rules)
2837677 - ETPRO TROJAN Phorpiex RC4 Encrypted Payload Inbound via HTTP (512 signature) (trojan.rules)

[---]         Disabled rules:        [---]

2027759 - ET DNS Query for .co TLD (dns.rules)

Date:
Summary title:
3 new Open, 21 new Pro (3 + 18). Phorpiex, ICMP Tunneling, W32/Azden, Various Phish.