Daily Ruleset Update Summary
Daily Ruleset Update Summary 2019/09/09

[***]            Summary:            [***]

10 new Open, 46 new Pro (10 + 36). PHP.MAILER WebShell, LiLocked Ransomware, Win32/InfinityLock, Various Phishing.

[+++]          Added rules:          [+++]

Open:

2027965 - ET MOBILE_MALWARE Trojan-Spy.AndroidOS.Joker Checkin (mobile_malware.rules)
2027966 - ET CURRENT_EVENTS Generic XBALTI Phishing Landing (current_events.rules)
2027967 - ET INFO HTTP Request for Possible ELF/LiLocked Ransomware Note (info.rules)
2027968 - ET INFO ELF/LiLocked Ransom Note in HTTP Response (info.rules)
2027969 - ET TROJAN Possible PHP.MAILER WebShell Generic Request Inbound (trojan.rules)
2027970 - ET MALWARE Possible PHP.MAILER WebShell Register Shutdown Function Request Inbound (malware.rules)
2027971 - ET EXPLOIT HiSilicon DVR - Application Credential Disclosure (CVE-2018-9995) (exploit.rules)
2027972 - ET EXPLOIT HiSilicon DVR - Buffer Overflow in Builtin Web Server (exploit.rules)
2027973 - ET EXPLOIT HiSilicon DVR - Default Telnet Root Password Inbound (exploit.rules)
2027974 - ET EXPLOIT HiSilicon DVR - Default Application Backdoor Password (exploit.rules)

Pro:

2838349 - ETPRO TROJAN Win32/TrickBot CnC Initial Checkin (trojan.rules)
2838350 - ETPRO TROJAN Win32/DonotGroup CnC Activity (trojan.rules)
2838351 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL 2019-09-09) (current_events.rules)
2838352 - ETPRO TROJAN Observed Malicious SSL Cert (PsiXBot CnC) (trojan.rules)
2838353 - ETPRO TROJAN Win32/Unk.BR Stealer CnC Checkin (trojan.rules)
2838354 - ETPRO TROJAN Win32/InfinityLock/Crypt Ransomware CnC Checkin (trojan.rules)
2838355 - ETPRO WEB_CLIENT Evil Keitaro Set-Cookie Inbound (e0514) (web_client.rules)
2838356 - ETPRO CURRENT_EVENTS Successful Apple iCloud Phish 2019-09-09 (current_events.rules)
2838357 - ETPRO CURRENT_EVENTS Successful Paxful Phish 2019-09-09 (current_events.rules)
2838358 - ETPRO CURRENT_EVENTS Successful Generic Shared Document Phish 2019-09-09 (current_events.rules)
2838359 - ETPRO CURRENT_EVENTS Successful Adobe Document Cloud Phish 2019-09-09 (current_events.rules)
2838360 - ETPRO CURRENT_EVENTS Successful Generic Phish Phish 2019-09-09 (current_events.rules)
2838361 - ETPRO CURRENT_EVENTS Successful EC21 Phish 2019-09-09 (current_events.rules)
2838362 - ETPRO CURRENT_EVENTS Successful Office 365 Phish 2019-09-09 (current_events.rules)
2838363 - ETPRO CURRENT_EVENTS Successful Alibaba Phish 2019-09-09 (current_events.rules)
2838364 - ETPRO CURRENT_EVENTS Successful Mastercard Phish 2019-09-09 (current_events.rules)
2838365 - ETPRO CURRENT_EVENTS Successful Instagram Phish 2019-09-09 (current_events.rules)
2838367 - ETPRO TROJAN Possible Quasar RAT Websocket Usage (trojan.rules)
2838368 - ETPRO CURRENT_EVENTS Successful DHL Phish 2019-09-09 (current_events.rules)
2838369 - ETPRO CURRENT_EVENTS Successful RBC Royal Bank Phish 2019-09-09 (current_events.rules)
2838370 - ETPRO CURRENT_EVENTS Successful BMO Phish 2019-09-09 (current_events.rules)
2838371 - ETPRO CURRENT_EVENTS Successful Outlook Web App Phish 2019-09-09 (current_events.rules)
2838372 - ETPRO CURRENT_EVENTS Successful Wells Fargo Phish 2019-09-09 (current_events.rules)
2838373 - ETPRO CURRENT_EVENTS Successful Wells Fargo Phish 2019-09-09 (current_events.rules)
2838374 - ETPRO CURRENT_EVENTS Successful WeTransfer Phish 2019-09-09 (current_events.rules)
2838375 - ETPRO CURRENT_EVENTS Successful Personalized Email Verification Phish 2019-09-09 (current_events.rules)
2838376 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information Phish 2019-09-09 (current_events.rules)
2838377 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information Phish 2019-09-09 (current_events.rules)
2838378 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information Phish 2019-09-09 (current_events.rules)
2838379 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information Phish 2019-09-09 (current_events.rules)
2838380 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information Phish 2019-09-09 (current_events.rules)
2838381 - ETPRO CURRENT_EVENTS Successful Generic Microsoft Account 2019-09-09 (current_events.rules)
2838382 - ETPRO TROJAN SSL/TLS Certificate Observed (Underminer EK) (trojan.rules)
2838383 - ETPRO TROJAN Win32/Remcos RAT Checkin 155 (trojan.rules)
2838384 - ETPRO TROJAN Win32/Remcos RAT Checkin 156 (trojan.rules)
2838385 - ETPRO TROJAN Win32/Remcos RAT Checkin 157 (trojan.rules)

[///]     Modified active rules:     [///]

2027369 - ET EXPLOIT [NCC GROUP] Possible Bluekeep Inbound RDP Exploitation Attempt (CVE-2019-0708) (exploit.rules)
2027961 - ET WEB_CLIENT Great Cannon DDoS JS M1 (web_client.rules)
2027962 - ET WEB_CLIENT Great Cannon DDoS JS M2 (web_client.rules)
2027963 - ET WEB_CLIENT Great Cannon DDoS JS M3 (web_client.rules)
2027964 - ET WEB_CLIENT Great Cannon DDoS JS M4 (web_client.rules)
2836767 - ETPRO TROJAN Redkeeper/Bluekeep CVE-2019-0708 Probing (trojan.rules)
2837551 - ETPRO TROJAN Observed Trickbot Style SSL Cert (Default Company LTD) (trojan.rules)

[---]         Removed rules:         [---]

2014334 - ET CURRENT_EVENTS Compromised Wordpress Redirect (current_events.rules)
2014337 - ET CURRENT_EVENTS RogueAV Wordpress Injection Campaign Compromised Page Served to Local Client (current_events.rules)
2014338 - ET CURRENT_EVENTS RougeAV Wordpress Injection Campaign Compromised Page Served From Local Compromised Server (current_events.rules)
2016391 - ET CURRENT_EVENTS Adobe Flash Zero Day LadyBoyle Infection Campaign (current_events.rules)
2016779 - ET CURRENT_EVENTS Fake DHL Kuluoz.B URI (current_events.rules)
2016919 - ET CURRENT_EVENTS Malicious Redirect URL (current_events.rules)
2017002 - ET CURRENT_EVENTS Kuluoz.B Shipping Label Spam Campaign (current_events.rules)
2017003 - ET CURRENT_EVENTS Kuluoz.B Spam Campaign Shipment_Label.exe in Zip (current_events.rules)
2017107 - ET CURRENT_EVENTS FlashPlayerSetup.x86.exe pull (current_events.rules)
2017108 - ET CURRENT_EVENTS FlashPlayerSetup.x86.exe checkin UA (current_events.rules)
2017109 - ET CURRENT_EVENTS FlashPlayerSetup.x86.exe checkin response 2 (current_events.rules)
2804883 - ETPRO CURRENT_EVENTS mass SQL Injection campaigns targeting Microsoft IIS web server (ASP/ASP.Net/CFM/MS-SQL) sites (current_events.rules)

Date:
Summary title:
10 new Open, 46 new Pro (10 + 36). PHP.MAILER WebShell, LiLocked Ransomware, Win32/InfinityLock, Various Phishing.