Daily Ruleset Update Summary
Daily Ruleset Update Summary 2019/09/30

[***]            Summary:            [***]

1 new Open, 38 new Pro (1 + 37).  Tobinload, Remcos RAT, BitcoinDNS, Various Phish.

Delayed rule email from yesterday. Please share issues, feedback, and requests at https://feedback.emergingthreats.net/feedback

[+++]          Added rules:          [+++]

Open:

2028636 - ET EXPLOIT Possible EXIM DoS (CVE-2019-16928) (exploit.rules)

Pro:

2830177 - ETPRO POLICY Observed Suspicious SSL Cert (BitcoinDNS Resolver) (policy.rules)
2838631 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL 2019-09-30) (current_events.rules)
2838632 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL 2019-09-30 2) (current_events.rules)
2838633 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL 2019-09-30 3) (current_events.rules)
2838634 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL 2019-09-30 4) (current_events.rules)
2838635 - ETPRO CURRENT_EVENTS Successful Facebook Phish 2019-09-30 (current_events.rules)
2838636 - ETPRO CURRENT_EVENTS Successful Yahoo Phish 2019-09-30 (current_events.rules)
2838637 - ETPRO CURRENT_EVENTS Successful OneDrive Phish 2019-09-30 (current_events.rules)
2838638 - ETPRO CURRENT_EVENTS Successful N26 Phish 2019-09-30 (current_events.rules)
2838639 - ETPRO CURRENT_EVENTS Successful N26 Phish 2019-09-30 (current_events.rules)
2838640 - ETPRO CURRENT_EVENTS Successful Target Phish 2019-09-30 (current_events.rules)
2838641 - ETPRO CURRENT_EVENTS Successful Target Phish 2019-09-30 (current_events.rules)
2838642 - ETPRO CURRENT_EVENTS Successful Suncorp Phish 2019-09-30 (current_events.rules)
2838643 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2019-09-30 (current_events.rules)
2838644 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish 2019-09-30 (current_events.rules)
2838645 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information Phish 2019-09-30 (current_events.rules)
2838646 - ETPRO CURRENT_EVENTS Successful TD Bank Phish 2019-09-30 (current_events.rules)
2838647 - ETPRO CURRENT_EVENTS Successful Facebook Phish 2019-09-30 (current_events.rules)
2838648 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information Phish 2019-09-30 (current_events.rules)
2838649 - ETPRO TROJAN Win32/Presenoker Requesting Batch File M3 (trojan.rules)
2838650 - ETPRO TROJAN Win32/Presenoker Requesting Batch File M4 (trojan.rules)
2838651 - ETPRO USER_AGENTS Win32/Presenoker UA Observed (user_agents.rules)
2838652 - ETPRO USER_AGENTS Win32/Presenoker UA Observed (user_agents.rules)
2838653 - ETPRO TROJAN Observed Malicious SSL Cert (LNK/Agent.DK CnC) (trojan.rules)
2838655 - ETPRO POLICY BitcoinDNS Resolver Service Domain Observed in DNS Query (policy.rules)
2838656 - ETPRO TROJAN Agent.DK CnC Domain Observed in DNS Query (trojan.rules)
2838657 - ETPRO TROJAN Win32/Tobinload Submitting Proc List to CnC (trojan.rules)
2838658 - ETPRO TROJAN Win32/Tobinload Submitting Stolen Data to CnC (trojan.rules)
2838659 - ETPRO MALWARE Win32/Tobinload Submitting Compromised Saved Browser Logins to CnC (malware.rules)
2838660 - ETPRO TROJAN Win32/Injector.DGXX Variant CnC Activity M1 (trojan.rules)
2838661 - ETPRO TROJAN Win32/Injector.DGXX Variant CnC Activity M2 (trojan.rules)
2838662 - ETPRO TROJAN Win32/Remcos RAT Checkin 184 (trojan.rules)
2838663 - ETPRO TROJAN Win32/Remcos RAT Checkin 185 (trojan.rules)
2838664 - ETPRO TROJAN Win32/Remcos RAT Checkin 186 (trojan.rules)
2838665 - ETPRO TROJAN Win32/Remcos RAT Checkin 187 (trojan.rules)
2838666 - ETPRO TROJAN Win32/Remcos RAT Checkin 188 (trojan.rules)

Date:
Summary title:
1 new Open, 38 new Pro (1 + 37). Tobinload, Remcos RAT, BitcoinDNS, Various Phish.