Daily Ruleset Update Summary
Daily Ruleset Update Summary 2019/10/07

[***]            Summary:            [***]

10 new Open, 47 new Pro (10 + 37).  FTCode, Various CoinMiner, Various Certs, Various Phish.

Please share issues, feedback, and requests at https://feedback.emergingthreats.net/feedback

[+++]          Added rules:          [+++]

Open:

2028650 - ET USER_AGENTS Steam HTTP Client User-Agent (user_agents.rules)
2028651 - ET USER_AGENTS Steam HTTP Client User-Agent (user_agents.rules)
2028652 - ET TROJAN Observed Malicious SSL Cert (AZORult CnC Server) 2019-10-07 (trojan.rules)
2028653 - ET TROJAN Observed Malicious SSL Cert (AZORult CnC Server) 2019-10-03 (trojan.rules)
2028654 - ET TROJAN Observed Malicious SSL Cert (AZORult CnC Server) 2019-10-03 (trojan.rules)
2028655 - ET TROJAN Observed Malicious SSL Cert (AZORult CnC Server) 2019-10-02 (trojan.rules)
2028656 - ET TROJAN Observed Malicious SSL Cert (AZORult CnC Server) 2019-10-01 (trojan.rules)
2028657 - ET TROJAN Observed Malicious SSL Cert (AZORult CnC Server) 2019-09-30 (trojan.rules)
2028658 - ET TROJAN Observed Malicious SSL Cert (AZORult Cnc Server) 2019-09-27 (trojan.rules)
2028659 - ET TROJAN Observed Malicious SSL Cert (AZORult CnC Server) in SNI 2019-09-27 (trojan.rules)

Pro:

2838770 - ETPRO TROJAN MalDoc Requesting FTCode Ransomware Payload (trojan.rules)
2838771 - ETPRO TROJAN FTCode Ransomware VBS Inbound (trojan.rules)
2838772 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (Maldoc DL 2019-10-07) (current_events.rules)
2838773 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-10-04 1) (trojan.rules)
2838774 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-10-04 2) (trojan.rules)
2838775 - ETPRO CURRENT_EVENTS Successful Outlook Web App Phish 2019-10-07 (current_events.rules)
2838776 - ETPRO CURRENT_EVENTS Successful Generic Phish 2019-10-07 (current_events.rules)
2838777 - ETPRO CURRENT_EVENTS Successful Excel Online Phish 2019-10-07 (current_events.rules)
2838778 - ETPRO CURRENT_EVENTS Successful USAA Phish 2019-10-07 (current_events.rules)
2838779 - ETPRO CURRENT_EVENTS Successful Generic Security Questions Phish 2019-10-07 (current_events.rules)
2838780 - ETPRO CURRENT_EVENTS Successful Banorte Phish 2019-10-07 (current_events.rules)
2838781 - ETPRO CURRENT_EVENTS Successful Knab Phish 2019-10-07 (current_events.rules)
2838782 - ETPRO CURRENT_EVENTS Successful Lloyds Bank Phish 2019-10-07 (current_events.rules)
2838783 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish 2019-10-07 (current_events.rules)
2838784 - ETPRO CURRENT_EVENTS Successful DHL Phish 2019-10-07 (current_events.rules)
2838785 - ETPRO CURRENT_EVENTS Successful PostFinance Phish 2019-10-07 (current_events.rules)
2838786 - ETPRO CURRENT_EVENTS Successful Chase Phish 2019-10-07 (current_events.rules)
2838787 - ETPRO CURRENT_EVENTS Successful Ebay DE Phish 2019-10-07 (current_events.rules)
2838788 - ETPRO CURRENT_EVENTS Successful Banco do Brasil Phish 2019-10-07 (current_events.rules)
2838789 - ETPRO CURRENT_EVENTS Successful Banco do Brasil Phish 2019-10-07 (current_events.rules)
2838790 - ETPRO CURRENT_EVENTS Successful Etisalat Phish 2019-10-07 (current_events.rules)
2838791 - ETPRO CURRENT_EVENTS Successful AuOne Phish 2019-10-07 (current_events.rules)
2838792 - ETPRO CURRENT_EVENTS Successful Bank of America Phish 2019-10-07 (current_events.rules)
2838793 - ETPRO CURRENT_EVENTS Successful SMBC Phish 2019-10-07 (current_events.rules)
2838794 - ETPRO CURRENT_EVENTS Successful Desjardins/CIBC Phish 2019-10-07 (current_events.rules)
2838795 - ETPRO CURRENT_EVENTS Successful PostFinance Phish 2019-10-07 (current_events.rules)
2838796 - ETPRO CURRENT_EVENTS Successful Desjardins Phish 2019-10-07 (current_events.rules)
2838798 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-10-07 1) (trojan.rules)
2838799 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-10-07 2) (trojan.rules)
2838800 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-10-07 3) (trojan.rules)
2838801 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-10-07 4) (trojan.rules)
2838802 - ETPRO TROJAN Inbound PowerShell - Reflective PE Loader Script (trojan.rules)
2838803 - ETPRO CURRENT_EVENTS Successful Spotify Phish 2019-10-07 (current_events.rules)
2838804 - ETPRO TROJAN Win32/Remcos RAT Checkin 194 (trojan.rules)
2838805 - ETPRO TROJAN Win32/Remcos RAT Checkin 195 (trojan.rules)
2838806 - ETPRO TROJAN Win32/Remcos RAT Checkin 196 (trojan.rules)
2838807 - ETPRO TROJAN Win32/Remcos RAT Checkin 197 (trojan.rules)

[///]     Modified active rules:     [///]

2008628 - ET SCAN WSFuzzer Web Application Fuzzing (scan.rules)

Date:
Summary title:
10 new Open, 47 new Pro (10 + 37). FTCode, Various CoinMiner, Various Certs, Various Phish.