[***] Summary: [***]
9 new Open, 37 new Pro (9 + 28). DeadlyKiss APT, Remcos RAT, Various SSL/TLS, Various Phish.
Slides from the ETPRO Suricata 5.0 webinar are now available here -
https://www.slideshare.net/JasonWilliams288/proofpoint-emerging-threats-suricata-50-webinar
Please share issues, feedback, and requests at https://feedback.emergingthreats.net/feedback
[+++] Added rules: [+++]
Open:
2028622 - ET MOBILE_MALWARE MOONSHINE payload C2 activity (mobile_malware.rules)
2028623 - ET POLICY Observed Suspicious SSL Cert (Minerpool - CoinMining) (policy.rules)
2028624 - ET TROJAN Observed Malicious SSL Cert (DonotGroup CnC) (trojan.rules)
2028625 - ET TROJAN DonotGroup CnC Domain Observed in DNS Query (trojan.rules)
2028626 - ET TROJAN Observed Malicious SSL Cert (DeadlyKiss APT) (trojan.rules)
2028627 - ET TROJAN Possible DeadlyKiss APT CnC Domain Observed in DNS Query (trojan.rules)
2028628 - ET TROJAN Possible DeadlyKiss APT CnC Domain Observed in DNS Query (trojan.rules)
2028629 - ET WEB_SPECIFIC_APPS PHPStudy Remote Code Execution Backdoor (web_specific_apps.rules)
2028630 - ET TROJAN PHPStudy CnC Domain in DNS Lookup (trojan.rules)
Pro:
2838556 - ETPRO TROJAN Win32/Unk.Zebrocy Downloader CnC Checkin (trojan.rules)
2838557 - ETPRO CURRENT_EVENTS Likely MalDoc Retrieving Payload 2019-09-25 (current_events.rules)
2838558 - ETPRO CURRENT_EVENTS Successful Microsoft Office 365 Phish 2019-09-25 (current_events.rules)
2838559 - ETPRO CURRENT_EVENTS Successful Comcast/Xfinity Phish 2019-09-25 (current_events.rules)
2838560 - ETPRO CURRENT_EVENTS Successful DHL Express Phish 2019-09-25 (current_events.rules)
2838561 - ETPRO CURRENT_EVENTS Successful Christian Mingle Phish 2019-09-25 (current_events.rules)
2838562 - ETPRO CURRENT_EVENTS Successful Generic Webmail Phish 2019-09-25 (current_events.rules)
2838563 - ETPRO CURRENT_EVENTS Successful Gmail Phish 2019-09-25 (current_events.rules)
2838564 - ETPRO CURRENT_EVENTS Successful Banco do Brasil Phish 2019-09-25 (current_events.rules)
2838565 - ETPRO CURRENT_EVENTS Successful DHL Phish 2019-09-25 (current_events.rules)
2838566 - ETPRO CURRENT_EVENTS Successful Generic Webmail Validation Phish 2019-09-25 (current_events.rules)
2838567 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2019-09-25 (current_events.rules)
2838568 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information Phish 2019-09-25 (current_events.rules)
2838569 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information Phish 2019-09-25 (current_events.rules)
2838570 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information Phish 2019-09-25 (current_events.rules)
2838571 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information Phish 2019-09-25 (current_events.rules)
2838572 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information Phish 2019-09-25 (current_events.rules)
2838573 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information Phish 2019-09-25 (current_events.rules)
2838574 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information Phish 2019-09-25 (current_events.rules)
2838575 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information Phish 2019-09-25 (current_events.rules)
2838576 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information Phish 2019-09-25 (current_events.rules)
2838577 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information Phish 2019-09-25 (current_events.rules)
2838578 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information Phish 2019-09-25 (current_events.rules)
2838579 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information Phish 2019-09-25 (current_events.rules)
2838580 - ETPRO TROJAN DonotGroup YTY Framework CnC Checkin (trojan.rules)
2838581 - ETPRO TROJAN Win32/Remcos RAT Checkin 178 (trojan.rules)
2838582 - ETPRO TROJAN Win32/Remcos RAT Checkin 179 (trojan.rules)
2838583 - ETPRO TROJAN Win32/Remcos RAT Checkin 180 (trojan.rules)
[///] Modified active rules: [///]
2833690 - ETPRO CURRENT_EVENTS MalDoc Retrieving Evil exe/msi/doc (current_events.rules)