Daily Ruleset Update Summary
Daily Ruleset Update Summary 2020/01/14

[***]            Summary:            [***]

5 new Open, 20 new Pro (5 + 15).  Emotet, MustangPanda, Various Phish, Various SSL/TLS.

Thanks gmcirt.

Please share issues, feedback, and requests at https://feedback.emergingthreats.net/feedback

[+++]          Added rules:          [+++]

Open:

2029275 - ET TROJAN Observed Possible PowerSploit/PowerView .ps1 Inbound (trojan.rules)
2029276 - ET TROJAN PowerSploit/PowerView SMTP Data Exfil (trojan.rules)
2029277 - ET TROJAN Observed Certificate Containing Double Base64 Encoded Executable Inbound (trojan.rules)
2029278 - ET TROJAN Observed Certificate Containing Possible Base64 Encoded Powershell Inbound (trojan.rules)
2029279 - ET TROJAN Win32/Emotet CnC Activity (POST) M7 (trojan.rules)

Pro:

2840420 - ETPRO TROJAN Icefrog/Temp.Trident Domain Observed (trojan.rules)
2840418 - ETPRO TROJAN Observed Certificate Containing Base64 Encoded AutoIt Script Inbound (trojan.rules)
2840419 - ETPRO TROJAN Observed Malicious SSL Cert (APT/MustangPanda Stager) (trojan.rules)
2840421 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2020-01-14 1) (trojan.rules)
2840422 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2020-01-14 2) (trojan.rules)
2840423 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2020-01-14 3) (trojan.rules)
2840424 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2020-01-14 4) (trojan.rules)
2840425 - ETPRO CURRENT_EVENTS Successful Cpanel Update Password Phish 2020-01-14 (current_events.rules)
2840426 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish 2020-01-14 (current_events.rules)
2840427 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information Phish 2020-01-14 (current_events.rules)
2840428 - ETPRO CURRENT_EVENTS Successful Bank of America Phish 2020-01-14 (current_events.rules)
2840429 - ETPRO CURRENT_EVENTS Successful American Express Phish 2020-01-14 (current_events.rules)
2840430 - ETPRO CURRENT_EVENTS Successful American Express Phish 2020-01-14 (current_events.rules)
2840431 - ETPRO CURRENT_EVENTS Successful American Express Phish 2020-01-14 (current_events.rules)
2840432 - ETPRO TROJAN Observed Malicious SSL Cert (Phishing) (trojan.rules)

[///]     Modified active rules:     [///]

2016795 - ET TROJAN TROJ_NAIKON.A SSL Cert (trojan.rules)
2840274 - ETPRO TROJAN BlackRouter/BlackRoot Ransomware Variant CnC Checkin (trojan.rules)
2840355 - ETPRO MALWARE Win32/Adposhel.gen CnC Activity (malware.rules)
2827897 - ETPRO EXPLOIT MP4 Atom Parser Vulnerability Inbound M1 (CVE-2017-11281) (exploit.rules)
2827898 - ETPRO EXPLOIT MP4 Atom Parser Vulnerability Inbound M2 (CVE-2017-11281) (exploit.rules)
2840274 - ETPRO TROJAN BlackRouter/BlackRoot Ransomware Variant CnC Checkin (trojan.rules)
2840355 - ETPRO MALWARE Win32/Adposhel.gen CnC Activity (malware.rules)

[///]    Modified inactive rules:    [///]

2014577 - ET CURRENT_EVENTS Italian Spam Campaign ZIP with EXE Containing Many Underscores (current_events.rules)

Date:
Summary title:
5 new Open, 20 new Pro (5 + 15). Emotet, MustangPanda, Various Phish, Various SSL/TLS.