Daily Ruleset Update Summary
Daily Ruleset Update Summary 2020/01/06

[***]            Summary:            [***]

9 new Open, 32 new Pro (9 + 23). Magecart, DonotGroup, Zeoticus Ransomware, BlackRouter/BlackRoot Ransomware Variants, Win32/KPOT Stealer, Win32/Remcos, Coinminers and Various Phish.

Please share issues, feedback, and requests at https://feedback.emergingthreats.net/feedback

[+++]          Added rules:          [+++]

Open:

2029224 - ET TROJAN Magecart CnC Domain Observed in DNS Query (trojan.rules)
2029225 - ET TROJAN Observed Magecart CnC Domain in TLS SNI (trojan.rules)
2029226 - ET TROJAN Malicious SSL Cert (Magecart) (trojan.rules)
2029227 - ET TROJAN Magecart CnC Domain Observed in DNS Query (trojan.rules)
2029228 - ET TROJAN Observed Magecart CnC Domain in TLS SNI (trojan.rules)
2029229 - ET TROJAN Malicious SSL Cert (Magecart) (trojan.rules)
2029230 - ET TROJAN DonotGroup CnC Domain Observed in DNS Query (trojan.rules)
2029231 - ET TROJAN Zeoticus Ransomware CnC Activity (trojan.rules)
2029232 - ET USER_AGENTS Observed Suspicious UA (DxD) (user_agents.rules)

Pro:

2840274 - ETPRO TROJAN BlackRouter/BlackRoot Ransomware Variant CnC Checkin (trojan.rules)
2840259 - ETPRO TROJAN BlackRouter/BlackRoot Ransomware Variant CnC Checkin M2 (trojan.rules)
2840260 - ETPRO CURRENT_EVENTS Successful Minha BV Bank Phish 2020-01-06 (current_events.rules)
2840261 - ETPRO CURRENT_EVENTS CoinMiner Known Malicious Stratum Authline (2020-01-04 1) (current_events.rules)
2840262 - ETPRO CURRENT_EVENTS CoinMiner Known Malicious Stratum Authline (2020-01-04 2) (current_events.rules)
2840263 - ETPRO CURRENT_EVENTS CoinMiner Known Malicious Stratum Authline (2020-01-04 3) (current_events.rules)
2840264 - ETPRO CURRENT_EVENTS Successful Generic Phish 2020-01-06 (current_events.rules)
2840265 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish 2020-01-06 (current_events.rules)
2840266 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish 2020-01-06 (current_events.rules)
2840267 - ETPRO CURRENT_EVENTS Successful M&T Bank Phish 2020-01-06 (current_events.rules)
2840268 - ETPRO CURRENT_EVENTS Successful USAA Phish 2020-01-06 (current_events.rules)
2840269 - ETPRO CURRENT_EVENTS Successful Microsoft Outlook Phish 2020-01-06 (current_events.rules)
2840270 - ETPRO TROJAN Win32/KPOT Stealer Initial CnC Activity M3 (trojan.rules)
2840271 - ETPRO TROJAN Unk.JS/Downloader Activity (trojan.rules)
2840272 - ETPRO TROJAN Win32/Zpevdo.A CnC Host Checkin (trojan.rules)
2840273 - ETPRO CURRENT_EVENTS Successful Telstra Phish 2020-01-06 (current_events.rules)
2840275 - ETPRO TROJAN Observed Malicious SSL Cert (DonotGroup CnC) (trojan.rules)
2840276 - ETPRO TROJAN Observed Malicious SSL Cert (DonotGroup CnC) (trojan.rules)
2840279 - ETPRO TROJAN Win32/Remcos RAT Checkin 298 (trojan.rules)
2840280 - ETPRO TROJAN Win32/Remcos RAT Checkin 299 (trojan.rules)
2840281 - ETPRO TROJAN Win32/Remcos RAT Checkin 300 (trojan.rules)

Date:
Summary title:
9 new Open, 32 new Pro (9 + 23). Magecart, DonotGroup, Zeoticus Ransomware, BlackRouter/BlackRoot Ransomware Variants, Win32/KPOT Stealer, Win32/Remcos, Coinminers and Various Phish.