Daily Ruleset Update Summary
Daily Ruleset Update Summary 2019/12/30

[***]            Summary:            [***]

9 new Open, 30 new Pro (9 + 21). CVE-2019-19781, Dark Nexus, Win32/Namoo, Remcos and Various Phish.

Please share issues, feedback, and requests at https://feedback.emergingthreats.net/feedback

[+++]          Added rules:          [+++]

Open:

2029203 - ET TROJAN Magecart CnC Domain Observed in DNS Query (trojan.rules)
2029204 - ET TROJAN Observed Magecart CnC Domain in TLS SNI (trojan.rules)
2029205 - ET TROJAN Malicious SSL Cert (Magecart) (trojan.rules)
2029206 - ET EXPLOIT Possible Citrix Application Delivery Controller Arbitrary Code Execution Attempt (CVE-2019-19781) (exploit.rules)
2029207 - ET EXPLOIT Linear eMerge E3 Unauthenticated Command Injection (CVE-2019-7256) (exploit.rules)
2029208 - ET SCAN Dark Nexus IoT Variant User-Agent (Inbound) (scan.rules)
2029209 - ET TROJAN Dark Nexus IoT Variant User-Agent (Outbound) (trojan.rules)
2029210 - ET MALWARE Win32/DownloadAssistant.Q Variant Checkin (malware.rules)
2029211 - ET MALWARE Win32/DownloadAssistant.G Variant Error Report (malware.rules)

Pro:

2840142 - ETPRO TROJAN Win32/BlackNET CnC Checkin M2 (trojan.rules)
2840143 - ETPRO TROJAN Win32/Hawkeye ReBorn Stealer Style Screenshot Upload (trojan.rules)
2840144 - ETPRO CURRENT_EVENTS MalDoc Retrieving Evil exe/msi/doc M2 (current_events.rules)
2840145 - ETPRO TROJAN Win32/Unk.Stealer Browser Passwords Exfil (trojan.rules)
2840146 - ETPRO TROJAN Win32/Unk.Stealer Screenshot Exfil (trojan.rules)
2840147 - ETPRO TROJAN Win32/Unk.Stealer Clipboard Data Exfil (trojan.rules)
2840148 - ETPRO TROJAN Win32/Namoo CnC Initial Host Checkin (trojan.rules)
2840149 - ETPRO TROJAN Win32/Namoo CnC Activity (trojan.rules)
2840150 - ETPRO TROJAN Possible Win32/Namoo CnC Activity Response (trojan.rules)
2840151 - ETPRO TROJAN Win32/Unk.Spambot (trojan.rules)
2840152 - ETPRO CURRENT_EVENTS Successful M&T Bank Phish 2019-12-30 (current_events.rules)
2840153 - ETPRO CURRENT_EVENTS Successful AT&T Phish 2019-12-30 (current_events.rules)
2840154 - ETPRO CURRENT_EVENTS Successful American Express Phish 2019-12-30 (current_events.rules)
2840155 - ETPRO CURRENT_EVENTS Successful American Express Phish 2019-12-30 (current_events.rules)
2840156 - ETPRO CURRENT_EVENTS Successful Adobe PDF Online Phish 2019-12-30 (current_events.rules)
2840157 - ETPRO CURRENT_EVENTS Possible Successful Generic Phish 2019-12-30 (current_events.rules)
2840158 - ETPRO CURRENT_EVENTS Successful Fidelity Phish 2019-12-30 (current_events.rules)
2840159 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2019-12-30 (current_events.rules)
2840160 - ETPRO TROJAN Shasaizi CnC Host Checkin (trojan.rules)
2840161 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information Phish 2019-12-30 (current_events.rules)
2840162 - ETPRO TROJAN Win32/Remcos RAT Checkin 294 (trojan.rules)

Date:
Summary title:
9 new Open, 30 new Pro (9 + 21). CVE-2019-19781, Dark Nexus, Win32/Namoo, Remcos and Various Phish.