Daily Ruleset Update Summary
Daily Ruleset Update Summary 2019/08/05

[***]            Summary:            [***]

11 new Open, 43 new Pro (11 + 32).  Covenant Framework, Agent Tesla Exfil, Various SSL/TLS, Various Phish.

Thanks Kevin Ross and @401TRG.

Please share issues, feedback, and requests at https://feedback.emergingthreats.net/feedback

[+++]          Added rules:          [+++]

Open:

2027792 - ET TROJAN Covenant Framework Default HTTP Beacon (trojan.rules)
2027793 - ET TROJAN Covenant Framework HTTP Beacon (trojan.rules)
2027794 - ET TROJAN Covenant Framework HTTP Hello World Server Response (trojan.rules)
2027795 - ET TROJAN Possible Covenant Framework Grunt Stager HTTP Download (Grunt.GruntStager) (trojan.rules)
2027796 - ET TROJAN Possible Covenant Framework Grunt Stager HTTP Download (DynamicInvoke) (trojan.rules)
2027797 - ET TROJAN Possible Covenant Framework Grunt PowerShell Stager HTTP Download (trojan.rules)
2027798 - ET TROJAN Possible Covenant Framework Grunt MSBuild Stager HTTP Download (trojan.rules)
2027799 - ET TROJAN Observed Malicious SSL Cert (AZORult CnC) (trojan.rules)
2027800 - ET TROJAN Observed Malicious SSL Cert (Various CnC) (trojan.rules)
2027801 - ET TROJAN Observed Malicious SSL Cert (Various CnC) (trojan.rules)
2027802 - ET TROJAN Win32/Eris Ransomware CnC Checkin (trojan.rules)

Pro:

2804853 - ETPRO USER_AGENTS User-Agent (MyIE2) (user_agents.rules)
2837843 - ETPRO MALWARE Win32/MaxRev Adware Installer Activity (malware.rules)
2837844 - ETPRO TROJAN Win32/Agent Tesla/Origin Logger SMTP Keystroke Exfil (trojan.rules)
2837845 - ETPRO TROJAN Observed Malicious SSL Cert (The Trick CnC) (trojan.rules)
2837846 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (EvilJS Retrieving Payload) (current_events.rules)
2837847 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc Retrieving Payload) (current_events.rules)
2837848 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information Phish 2019-08-04 (current_events.rules)
2837849 - ETPRO CURRENT_EVENTS Successful BBVA Phish 2019-08-04 (current_events.rules)
2837850 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information Phish 2019-08-04 (current_events.rules)
2837851 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information Phish 2019-08-04 (current_events.rules)
2837852 - ETPRO CURRENT_EVENTS Successful Bank of America Phish 2019-08-04 (current_events.rules)
2837853 - ETPRO CURRENT_EVENTS Successful Wells Fargo Phish 2019-08-04 (current_events.rules)
2837854 - ETPRO CURRENT_EVENTS Successful Wells Fargo Phish 2019-08-04 (current_events.rules)
2837855 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-08-05 1) (trojan.rules)
2837856 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-08-05 2) (trojan.rules)
2837857 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-08-05 3) (trojan.rules)
2837858 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-08-05 4) (trojan.rules)
2837859 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-08-05 5) (trojan.rules)
2837860 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-08-05 6) (trojan.rules)
2837861 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-08-05 7) (trojan.rules)
2837862 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information Phish 2019-08-05 (current_events.rules)
2837863 - ETPRO CURRENT_EVENTS Successful TalkTalk Phish 2019-08-05 (current_events.rules)
2837864 - ETPRO CURRENT_EVENTS Successful Generic Online Virus Scanner Phish 2019-08-05 (current_events.rules)
2837865 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif Loader CnC) (trojan.rules)
2837866 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif Loader CnC) (trojan.rules)
2837867 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif Loader CnC) (trojan.rules)
2837868 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif Worker CnC) (trojan.rules)
2837869 - ETPRO TROJAN Observed Malicious SSL Cert (sLoad CnC) (trojan.rules)
2837870 - ETPRO TROJAN Observed Malicious SSL Cert (sLoad CnC) (trojan.rules)
2837871 - ETPRO TROJAN Variant.Strictor.141352 Payload Details in Server Reponse (trojan.rules)
2837872 - ETPRO TROJAN Variant.Strictor.141352 Client Request for Payload (set) (trojan.rules)
2837873 - ETPRO TROJAN Variant.Strictor.141352 Payload Download (trojan.rules)

[///]     Modified active rules:     [///]

2001891 - ET USER_AGENTS Suspicious User Agent (agent) (user_agents.rules)
2012612 - ET INFO Hiloti Style GET to PHP with invalid terse MSIE headers (info.rules)
2013315 - ET TROJAN Suspicious User-Agent (Agent and 5 or 6 digits) (trojan.rules)

[---]         Removed rules:         [---]

2804853 - ETPRO TROJAN User-Agent (MyIE2) (trojan.rules)

Date:
Summary title:
11 new Open, 43 new Pro (11 + 32). Covenant Framework, Agent Tesla Exfil, Various SSL/TLS, Various Phish.