Daily Ruleset Update Summary
Daily Ruleset Update Summary 2020/01/28

[***]            Summary:            [***]

1 new Open, 29 new Pro (1 + 28). Various Suspicious Zipped Filenames, Win32/Spatet.I, Slimrat CnC, Win32/Ronefen, Win32/Remcos.

Please share issues, feedback, and requests at https://feedback.emergingthreats.net/feedback

[+++]          Added rules:          [+++]

Open:

2029324 - ET POLICY GeoIP Lookup (nydus. battle .net) (policy.rules)

Pro:

2840698 - ETPRO POLICY Observed DNS Query to api .imgbb .com (Possible Image Upload) (policy.rules)
2840699 - ETPRO TROJAN Observed Malicious SSL Cert (Eyxa Stealer CnC) (trojan.rules)
2840700 - ETPRO POLICY Observed Free Image Hosting Domain SSL Cert (*. imgbb .com) (policy.rules)
2840701 - ETPRO TROJAN Suspicious Zipped Filename in Outbound POST Request (Firefox_Autocomplete) (trojan.rules)
2840702 - ETPRO TROJAN Suspicious Zipped Filename in Outbound POST Request (default_Cookies.txt) (trojan.rules)
2840703 - ETPRO TROJAN Suspicious Zipped Filename in Outbound POST Request (Browsers/History/Firefox_) (trojan.rules)
2840704 - ETPRO TROJAN Suspicious Zipped Filename in Outbound POST Request (Browsers/Cookies/Thunderbird_) (trojan.rules)
2840705 - ETPRO TROJAN Suspicious Zipped Filename in Outbound POST Request (General/forms.txt) (trojan.rules)
2840706 - ETPRO TROJAN Suspicious Zipped Filename in Outbound POST Request (History/Mozilla.txt) (trojan.rules)
2840707 - ETPRO TROJAN Suspicious Zipped Filename in Outbound POST Request (History/Edge.txt) (trojan.rules)
2840708 - ETPRO TROJAN Suspicious Zipped Filename in Outbound POST Request (History/Chrome.txt) (trojan.rules)
2840709 - ETPRO TROJAN Suspicious Zipped Filename in Outbound POST Request (Wallets/Bitcoin.dat) (trojan.rules)
2840710 - ETPRO TROJAN Suspicious Zipped Filename in Outbound POST Request (Other/Actions.txt) (trojan.rules)
2840711 - ETPRO TROJAN Suspicious Zipped Filename in Outbound POST Request (Wallets/Documents.dat) (trojan.rules)
2840712 - ETPRO TROJAN Suspicious Zipped Filename in Outbound POST Request (FileForms.txt) (trojan.rules)
2840713 - ETPRO TROJAN Suspicious Zipped Filename in Outbound POST Request (FileCookies.txt) (trojan.rules)
2840714 - ETPRO TROJAN Suspicious Zipped Filename in Outbound POST Request (FilePasswords.txt) (trojan.rules)
2840717 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2020-01-28 1) (trojan.rules)
2840718 - ETPRO TROJAN Win32/Spatet.I Host Checkin (trojan.rules)
2840719 - ETPRO TROJAN Slimrat CnC Activity (trojan.rules)
2840720 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2020-01-28 (current_events.rules)
2840721 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2020-01-28 (current_events.rules)
2840722 - ETPRO TROJAN Win32/Ronefen CnC (trojan.rules)
2840723 - ETPRO TROJAN Win32/Agent.TIG Variant Checkin (trojan.rules)
2840724 - ETPRO USER_AGENTS Suspicious User-Agent (Bootstrapper/) (user_agents.rules)
2840725 - ETPRO TROJAN Win32/Remcos RAT Checkin 321 (trojan.rules)

[///]     Modified active rules:     [///]

2027941 - ET POLICY DNS Query to a Reverse Proxy Service Observed (policy.rules)

Date:
Summary title:
1 new Open, 29 new Pro (1 + 28). Various Suspicious Zipped Filenames, Win32/Spatet.I, Slimrat CnC, Win32/Ronefen, Win32/Remcos.