Daily Ruleset Update Summary
Daily Ruleset Update Summary 2019/10/18

[***]            Summary:            [***]

14 new Open, 45 new Pro (14 + 31).  Spelevo EK, APT-C-27, JS/BrushaLoader, ChadWorker, Win32/Remcos RAT, Various Phishing. TIIF.

We have a blog up now outlining the new Suricata 5.0 ruleset information as well information regarding our upcoming plans to EOL rule support for Suricata 2.0/3.0 Rulesets.

Suricata 5.0 Support blog:
https://www.proofpoint.com/us/corporate-blog/post/emerging-threats-announcing-support-suricata-50
Suricata 2/3 EOL information:
https://lists.emergingthreats.net/pipermail/emerging-updates/2019-October/004655.html

Please share issues, feedback, and requests at https://feedback.emergingthreats.net/feedback

[+++]          Added rules:          [+++]

Open:

2028865 - ET CURRENT_EVENTS Spelevo VBS Payload Downloaded (current_events.rules)
2028866 - ET CURRENT_EVENTS Spelevo Download Payload Landing (current_events.rules)
2028867 - ET POLICY Vulnerable Java Version 11.0.x Detected (policy.rules)
2028868 - ET POLICY Vulnerable Java Version 12.0.x Detected (policy.rules)
2028869 - ET POLICY Vulnerable Java Version 12.0.x Detected (policy.rules)
2028870 - ET TROJAN APT-C-27 CnC Domain Observed in DNS Query (trojan.rules)
2028871 - ET TROJAN APT-C-27 CnC Domain Observed in DNS Query (trojan.rules)
2028872 - ET TROJAN APT-C-27 CnC Domain Observed in DNS Query (trojan.rules)
2028873 - ET TROJAN APT-C-27 CnC Domain Observed in DNS Query (trojan.rules)
2028874 - ET TROJAN APT-C-27 CnC Domain Observed in DNS Query (trojan.rules)
2028875 - ET TROJAN APT-C-27 CnC Domain Observed in DNS Query (trojan.rules)
2028876 - ET TROJAN Steganographic Encoded WAV File Inbound via HTTP M1 (trojan.rules)
2028877 - ET TROJAN Steganographic Encoded WAV File Inbound via HTTP M2 (trojan.rules)
2028878 - ET MALWARE SoftwareTracking Site - Install Report (malware.rules)

Pro:

2838987 - ETPRO TROJAN JS/BrushaLoader Activity (trojan.rules)
2838988 - ETPRO TROJAN Observed Malicious SSL Cert (CobInt CnC) (trojan.rules)
2838989 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC) (trojan.rules)
2838990 - ETPRO TROJAN Observed Malicious SSL Cert (BrushaLoader CnC) (trojan.rules)
2838991 - ETPRO TROJAN Observed Malicious SSL Cert (BrushaLoader CnC) (trojan.rules)
2838992 - ETPRO TROJAN Observed Malicious SSL Cert (Get2 CnC) (trojan.rules)
2838993 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL 2019-10-18) (current_events.rules)
2838994 - ETPRO CURRENT_EVENTS Spelevo VBS Cookie (current_events.rules)
2838995 - ETPRO TROJAN ChadWorker DNS CnC Observed (trojan.rules)
2838996 - ETPRO CURRENT_EVENTS Successful Charles Schwab Phish 2019-10-18 (current_events.rules)
2838997 - ETPRO CURRENT_EVENTS Successful DHL Phish 2019-10-18 (current_events.rules)
2838998 - ETPRO CURRENT_EVENTS Successful Generic Personalized Phish 2019-10-18 (current_events.rules)
2838999 - ETPRO CURRENT_EVENTS Successful Posteitaliane Phish 2019-10-18 (current_events.rules)
2839000 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish 2019-10-18 (current_events.rules)
2839001 - ETPRO CURRENT_EVENTS Successful Simplii Phish 2019-10-18 (current_events.rules)
2839002 - ETPRO CURRENT_EVENTS Successful Bank of America Phish 2019-10-18 (current_events.rules)
2839003 - ETPRO CURRENT_EVENTS Successful Paypal FR Phish 2019-10-18 (current_events.rules)
2839004 - ETPRO CURRENT_EVENTS Successful Instagram Phish 2019-10-18 (current_events.rules)
2839005 - ETPRO CURRENT_EVENTS Successful CIBC Phish 2019-10-18 (current_events.rules)
2839006 - ETPRO CURRENT_EVENTS Successful Generic Phish 2019-10-18 (current_events.rules)
2839007 - ETPRO CURRENT_EVENTS Successful Bank of America Phish 2019-10-18 (current_events.rules)
2839008 - ETPRO CURRENT_EVENTS Successful Google Account Phish 2019-10-18 (current_events.rules)
2839009 - ETPRO CURRENT_EVENTS Successful Facebook Pages Copyright Content Phish 2019-10-18 (current_events.rules)
2839010 - ETPRO CURRENT_EVENTS Successful Facebook Phish 2019-10-18 (current_events.rules)
2839011 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish 2019-10-18 (current_events.rules)
2839012 - ETPRO TROJAN Possible APT-C-27 Payload CnC Checkin (trojan.rules)
2839013 - ETPRO TROJAN Upatre CnC Domain in DNS Lookup (trojan.rules)
2839014 - ETPRO TROJAN Win32/TrojanDownloader.Agent.KW CnC Activity (trojan.rules)
2839015 - ETPRO TROJAN Win32/Remcos RAT Checkin 207 (trojan.rules)
2839016 - ETPRO TROJAN Win32/Remcos RAT Checkin 208 (trojan.rules)
2839017 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-10-17 1) (trojan.rules)

[///]     Modified active rules:     [///]

2014297 - ET POLICY Vulnerable Java Version 1.7.x Detected (policy.rules)
2019401 - ET POLICY Vulnerable Java Version 1.8.x Detected (policy.rules)
2025518 - ET POLICY Vulnerable Java Version 10.0.x Detected (policy.rules)

Date:
Summary title:
14 new Open, 45 new Pro (14 + 31). Spelevo EK, APT-C-27, JS/BrushaLoader, ChadWorker, Win32/Remcos RAT, Various Phishing. TIIF.