Daily Ruleset Update Summary
Daily Ruleset Update Summary 2019/10/17

[***]            Summary:            [***]

22 new Open, 35 new Pro (22 + 13).  Various Duke DNS Domains, APT 41, TinyNuke, CoinMiners, Various Phishing.

We have a blog up now outlining the new Suricata 5.0 ruleset information as well information regarding our upcoming plans to EOL rule support for Suricata 2.0/3.0 Rulesets.

Suricata 5.0 Support blog:
https://www.proofpoint.com/us/corporate-blog/post/emerging-threats-announcing-support-suricata-50
Suricata 2/3 EOL information:
https://lists.emergingthreats.net/pipermail/emerging-updates/2019-October/004655.html

Please share issues, feedback, and requests at https://feedback.emergingthreats.net/feedback

[+++]          Added rules:          [+++]

Open:

2028843 - ET TROJAN PolyglotDuke Domain Observed (trojan.rules)
2028844 - ET TROJAN PolyglotDuke Domain Observed (trojan.rules)
2028845 - ET TROJAN PolyglotDuke Domain Observed (trojan.rules)
2028846 - ET TROJAN PolyglotDuke Domain Observed (trojan.rules)
2028847 - ET TROJAN PolyglotDuke Domain Observed (trojan.rules)
2028848 - ET TROJAN PolyglotDuke Domain Observed (trojan.rules)
2028849 - ET TROJAN PolyglotDuke Domain Observed (trojan.rules)
2028850 - ET TROJAN PolyglotDuke Domain Observed (trojan.rules)
2028851 - ET TROJAN PolyglotDuke Domain Observed (trojan.rules)
2028852 - ET TROJAN PolyglotDuke Domain Observed (trojan.rules)
2028853 - ET TROJAN PolyglotDuke Domain Observed (trojan.rules)
2028854 - ET TROJAN PolyglotDuke Domain Observed (trojan.rules)
2028855 - ET TROJAN MiniDuke Domain Observed (trojan.rules)
2028856 - ET TROJAN MiniDuke Domain Observed (trojan.rules)
2028857 - ET TROJAN FatDuke Domain Observed (trojan.rules)
2028858 - ET TROJAN FatDuke Domain Observed (trojan.rules)
2028859 - ET TROJAN FatDuke Domain Observed (trojan.rules)
2028860 - ET TROJAN FatDuke Domain Observed (trojan.rules)
2028861 - ET TROJAN FatDuke Domain Observed (trojan.rules)
2028862 - ET TROJAN LiteDuke Domain Observed (trojan.rules)
2028863 - ET TROJAN APT 41 LOWKEY Backdoor - Initalisation Bytes Received from CnC (trojan.rules)

Pro:

2028864 - ET MALWARE SoftwareTracking Site - Download Report (malware.rules)
2838973 - ETPRO TROJAN HeavenWard Keylogger Domain in DNS Lookup (trojan.rules)
2838975 - ETPRO TROJAN Win32/TinyNuke CnC Checkin M2 (trojan.rules)
2838976 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-10-16 1) (trojan.rules)
2838977 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-10-16 2) (trojan.rules)
2838978 - ETPRO CURRENT_EVENTS Successful Simplii Phish 2019-10-17 (current_events.rules)
2838979 - ETPRO CURRENT_EVENTS Successful BBVA Phish 2019-10-17 (current_events.rules)
2838980 - ETPRO CURRENT_EVENTS Successful National Bank Phish 2019-10-17 (current_events.rules)
2838981 - ETPRO CURRENT_EVENTS Successful Woodforest National Bank Phish 2019-10-17 (current_events.rules)
2838982 - ETPRO CURRENT_EVENTS Successful Simplii Phish 2019-10-17 (current_events.rules)
2838983 - ETPRO CURRENT_EVENTS Successful Facebook Phish 2019-10-17 (current_events.rules)
2838984 - ETPRO CURRENT_EVENTS Successful Naver Phish 2019-10-17 (current_events.rules)
2838985 - ETPRO CURRENT_EVENTS Successful Caja Madrid Phish 2019-10-17 (current_events.rules)
2838986 - ETPRO CURRENT_EVENTS Successful Simplii Phish 2019-10-17 (current_events.rules)

[///]     Modified active rules:     [///]

2836271 - ETPRO TROJAN Win32/QULAB Telegram Exfiltration via Proxy (trojan.rules)

 [---]         Removed rules:         [---]

2807385 - ETPRO TROJAN Win32.Hupigon Variant Payload Delivery (trojan.rules)
2838973 - ETPRO MALWARE HeavenWard Keylogger Domain in DNS Lookup (malware.rules)

Date:
Summary title:
22 new Open, 35 new Pro (22 + 13). Various Duke DNS Domains, APT 41, TinyNuke, CoinMiners, Various Phishing.