Daily Ruleset Update Summary
Daily Ruleset Update Summary 2019/08/21

[***]            Summary:            [***]

4 new Open, 19 new Pro (4 + 15).  MyKings Bootloader, Smokeloader, Various Phishing, Coinminers.

Please share issues, feedback, and requests at https://feedback.emergingthreats.net/feedback

[+++]          Added rules:          [+++]

Open:

2027899 - ET CURRENT_EVENTS Possible Phishing Landing Obfuscation Mar 17 (current_events.rules)
2027900 - ET TROJAN MyKings Bootloader Variant Requesting Payload M1 (trojan.rules)
2027901 - ET TROJAN MyKings Bootloader Variant Requesting Payload M2 (trojan.rules)
2027902 - ET TROJAN MyKings Bootloader Variant Requesting Payload M3 (trojan.rules)

Pro:

2838106 - ETPRO TROJAN Sharik/Smokeloader CnC Beacon 16 (trojan.rules)
2838107 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL 2019-08-20) (current_events.rules)
2838108 - ETPRO TROJAN Observed Malicious SSL Cert (PsiXBot CnC) (trojan.rules)
2838109 - ETPRO POLICY Google DNS Over HTTPS Certificate Inbound (policy.rules)
2838110 - ETPRO POLICY Observed Google DNS over HTTPS Domain (dns .google .com in TLS SNI) (policy.rules)
2838111 - ETPRO CURRENT_EVENTS Successful Microsoft Office 365 Phish 2019-08-21 (current_events.rules)
2838112 - ETPRO CURRENT_EVENTS Successful Banco Estado Phish 2019-08-21 (current_events.rules)
2838113 - ETPRO CURRENT_EVENTS Successful myGov Phish 2019-08-21 (current_events.rules)
2838114 - ETPRO CURRENT_EVENTS Successful Mobile.de Phish 2019-08-21 (current_events.rules)
2838115 - ETPRO CURRENT_EVENTS Successful HiNet Phish 2019-08-21 (current_events.rules)
2838116 - ETPRO CURRENT_EVENTS Successful Impots Gouv FR Phish 2019-08-21 (current_events.rules)
2838117 - ETPRO CURRENT_EVENTS Successful Sparkasse Phish 2019-08-21 (current_events.rules)
2838118 - ETPRO CURRENT_EVENTS Successful Generic Webmail Phish 2019-08-21 (current_events.rules)
2838119 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-08-21 1) (trojan.rules)
2838120 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-08-21 2) (trojan.rules)

[///]     Modified active rules:     [///]

2821655 - ETPRO TROJAN JSP WebShell Backdoor.Hadmad Command 1 (GET) (trojan.rules)
2821669 - ETPRO TROJAN JSP WebShell Backdoor.Hadmad Command 1 (POST) (trojan.rules)
2837704 - ETPRO CURRENT_EVENTS Successful OneDrive Phish 2019-07-25 (current_events.rules)

Date:
Summary title:
4 new Open, 19 new Pro (4 + 15). MyKings Bootloader, Smokeloader, Various Phishing, Coinminers.