Daily Ruleset Update Summary
Daily Ruleset Update Summary 2020/02/17

[***]            Summary:            [***]

5 new Open, 18 new Pro (5 + 13).  AZORult, Parallax, Kimsuky, Various SSL/TLS, Various Phish, Others.

Thanks @james_inthe_box.

Please share issues, feedback, and requests at https://feedback.emergingthreats.net/feedback

[+++]          Added rules:          [+++]

Open:

2029471 - ET TROJAN Win32/Sarwent Variant CnC Activity (trojan.rules)
2029472 - ET TROJAN ELF/Mirai User-Agent Observed (Outbound) (trojan.rules)
2029473 - ET SCAN ELF/Mirai User-Agent Observed (Inbound) (scan.rules)
2029474 - ET TROJAN Win32/Sarwent Initial Checkin (trojan.rules)
2029475 - ET TROJAN Win32/Sarwent Initial Checkin CnC Response (trojan.rules)

Pro:

2841060 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2020-02-15 1) (trojan.rules)
2841061 - ETPRO CURRENT_EVENTS Successful Outlook Web App Phish 2020-02-17 (current_events.rules)
2841062 - ETPRO CURRENT_EVENTS Successful Zimbra Phish 2020-02-17 (current_events.rules)
2841063 - ETPRO CURRENT_EVENTS Successful Google Drive Phish 2020-02-17 (current_events.rules)
2841064 - ETPRO CURRENT_EVENTS Successful Office 365 Phish 2020-02-17 (current_events.rules)
2841065 - ETPRO TROJAN ELF/Mirai User-Agent Observed (Outbound) (trojan.rules)
2841066 - ETPRO SCAN ELF/Mirai User-Agent Observed (Inbound) (scan.rules)
2841067 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information Phish 2020-02-17 (current_events.rules)
2841068 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information Phish 2020-02-17 (current_events.rules)
2841069 - ETPRO CURRENT_EVENTS Successful Facebook Phish 2020-02-17 (current_events.rules)
2841070 - ETPRO TROJAN Win32/Presenoker Requesting Batch File M5 (trojan.rules)
2841071 - ETPRO TROJAN Win32/Presenoker Requesting Batch File M6 (trojan.rules)
2841072 - ETPRO TROJAN Win32/Remcos RAT Checkin 347 (trojan.rules)

[///]     Modified active rules:     [///]

2029236 - ET TROJAN Vidar/Arkei/Megumin/Oski Stealer Data Exfil (trojan.rules)

[---]         Disabled rules:        [---]

2014471 - ET POLICY DRIVEBY Generic - EXE Download by Java (policy.rules)

Date:
Summary title:
5 new Open, 18 new Pro (5 + 13). AZORult, Parallax, Kimsuky, Various SSL/TLS, Various Phish, Others.