[***]            Summary:            [***]

9 new Open, 29 new Pro (9 + 20).  Ursnif, Get2, and AZOrult SSL certs, CASHY200 DNS Sigs, Remcos, Various Phish.

Many signatures in the Suricata 4 and Suricata 5 ruleset had modifications to remove the use of http_headers when matching against a User-Agent.
Content matches were migrated to the http_user_agent keyword

Please share issues, feedback, and requests at https://feedback.emergingthreats.net/feedback

[+++]          Added rules:          [+++]

Pro:

2028666 - ET TROJAN CASHY200 Style DNS Query - Initial Hello Beacon (trojan.rules)
2028667 - ET TROJAN CASHY200 Style DNS Query - Sending Hostname (trojan.rules)
2028668 - ET TROJAN CASHY200 Style DNS Query - Sending Number of Queries (trojan.rules)
2028669 - ET TROJAN CASHY200 Style DNS Query - Finished Sending Results (trojan.rules)
2028670 - ET TROJAN CASHY200 Style DNS Query - Getting CnC Data (trojan.rules)
2028671 - ET TROJAN CASHY200 Style DNS Query - Sending Command Results (trojan.rules)
2028672 - ET TROJAN Observed Malicious SSL Cert (AZORult CnC Server) 2019-10-08 (trojan.rules)
2028673 - ET TROJAN Observed Malicious SSL Cert (AZORult CnC Server) 2019-10-08 (trojan.rules)
2028674 - ET TROJAN CASHY200 Style DNS Query - Request Command Beacon (trojan.rules)

Open:

2838881 - ETPRO TROJAN Observed Malicious SSL Cert (Get2 CnC) (trojan.rules)
2838882 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC) (trojan.rules)
2838883 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2019-10-11 (current_events.rules)
2838884 - ETPRO CURRENT_EVENTS Successful ING Phish 2019-10-11 (current_events.rules)
2838885 - ETPRO CURRENT_EVENTS Successful ING Phish 2019-10-11 (current_events.rules)
2838886 - ETPRO CURRENT_EVENTS Successful Bank of America Phish 2019-10-11 (current_events.rules)
2838887 - ETPRO CURRENT_EVENTS Successful Bank of America Phish 2019-10-11 (current_events.rules)
2838888 - ETPRO CURRENT_EVENTS Successful Bank of America Phish 2019-10-11 (current_events.rules)
2838889 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-10-11 1) (trojan.rules)
2838890 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-10-11 2) (trojan.rules)
2838891 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-10-11 3) (trojan.rules)
2838892 - ETPRO CURRENT_EVENTS Successful Godaddy Phish 2019-10-11 (current_events.rules)
2838893 - ETPRO CURRENT_EVENTS Successful CIBC Phish 2019-10-11 (current_events.rules)
2838894 - ETPRO CURRENT_EVENTS Successful Adobe PDF Cloud Phish 2019-10-11 (current_events.rules)
2838895 - ETPRO CURRENT_EVENTS Successful Adobe PDF Cloud Phish 2019-10-11 (current_events.rules)
2838896 - ETPRO CURRENT_EVENTS Successful ASB Phish 2019-10-11 (current_events.rules)
2838897 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information Phish 2019-10-11 (current_events.rules)
2838898 - ETPRO TROJAN Win32/Remcos RAT Checkin 199 (trojan.rules)
2838899 - ETPRO TROJAN Win32/Remcos RAT Checkin 200 (trojan.rules)
2838900 - ETPRO TROJAN Win32/Remcos RAT Checkin 201 (trojan.rules)

Date: 
Thursday, October 10, 2019 - 22:00