Daily Ruleset Update Summary
Daily Ruleset Update Summary 2019/10/23

[***]            Summary:            [***]

1 new Open, 32 new Pro (1 + 31).  Remcos, Ave Maria, Various SSL/TLS, Various Phish.

We have a blog up now outlining the new Suricata 5.0 ruleset information as well information regarding our upcoming plans to EOL rule support for Suricata 2.0/3.0 Rulesets.

Suricata 5.0 Support blog:
https://www.proofpoint.com/us/corporate-blog/post/emerging-threats-announcing-support-suricata-50
Suricata 2/3 EOL information:
https://lists.emergingthreats.net/pipermail/emerging-updates/2019-October/004655.html

Please share issues, feedback, and requests at https://feedback.emergingthreats.net/feedback

[+++]          Added rules:          [+++]

Open:

2028895 - ET WEB_SERVER Possible PHP Remote Code Execution CVE-2019-11043 PoC (Inbound) (web_server.rules)

Pro:

2839072 - ETPRO TROJAN Win32/Bancteian.A Variant CnC Activity (trojan.rules)
2839080 - ETPRO MALWARE Win32/Adload.B!MSR Install Checkin (malware.rules)
2839081 - ETPRO POLICY External IP Lookup - myip ipip .net  (policy.rules)
2839082 - ETPRO TROJAN Orion Logger Exfil via SMTP (trojan.rules)
2839083 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC) (trojan.rules)
2839084 - ETPRO TROJAN Observed Malicious SSL Cert (More_eggs CnC) (trojan.rules)
2839085 - ETPRO TROJAN Observed Malicious SSL Cert (SONE CnC) (trojan.rules)
2839086 - ETPRO TROJAN Observed Malicious SSL Cert (CobInt CnC) (trojan.rules)
2839087 - ETPRO TROJAN Ave Maria RAT Encrypted CnC KeepAlive Inbound (2) (trojan.rules)
2839088 - ETPRO TROJAN Ave Maria RAT Encrypted CnC KeepAlive Outbound (2) (trojan.rules)
2839089 - ETPRO TROJAN Ave Maria RAT Encrypted CnC Checkin (2) (trojan.rules)
2839090 - ETPRO TROJAN Observed Malicious SSL Certificate (IcedID CnC) (trojan.rules)
2839091 - ETPRO CURRENT_EVENTS Successful Bank of America Phish 2019-10-23 (current_events.rules)
2839092 - ETPRO CURRENT_EVENTS Successful Generic Verify Email Phish 2019-10-23 (current_events.rules)
2839093 - ETPRO CURRENT_EVENTS Successful Facebook Phish 2019-10-23 (current_events.rules)
2839094 - ETPRO CURRENT_EVENTS Successful M&T Bank Phish 2019-10-23 (current_events.rules)
2839095 - ETPRO CURRENT_EVENTS Successful OneDrive Phish 2019-10-23 (current_events.rules)
2839096 - ETPRO CURRENT_EVENTS Successful Postbank Phish 2019-10-23 (current_events.rules)
2839097 - ETPRO CURRENT_EVENTS Successful Postbank Phish 2019-10-23 (current_events.rules)
2839098 - ETPRO CURRENT_EVENTS Successful Postbank Phish 2019-10-23 (current_events.rules)
2839099 - ETPRO CURRENT_EVENTS Successful Instagram Phish 2019-10-23 (current_events.rules)
2839100 - ETPRO CURRENT_EVENTS Successful Aruba IT Phish 2019-10-23 (current_events.rules)
2839101 - ETPRO CURRENT_EVENTS Successful MWeb Webmail Phish 2019-10-23 (current_events.rules)
2839102 - ETPRO CURRENT_EVENTS Successful Adobe PDF Online Phish 2019-10-23 (current_events.rules)
2839103 - ETPRO CURRENT_EVENTS Successful Banco Itau Phish 2019-10-23 (current_events.rules)
2839104 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-10-23 1) (trojan.rules)
2839105 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-10-23 2) (trojan.rules)
2839106 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-10-23 3) (trojan.rules)
2839107 - ETPRO TROJAN Win32/Phoenix Keylogger - Telegram Exfiltration (trojan.rules)
2839108 - ETPRO TROJAN Win32/Remcos RAT Checkin 225 (trojan.rules)
2839109 - ETPRO TROJAN Win32/Remcos RAT Checkin 226 (trojan.rules)

Date:
Summary title:
1 new Open, 32 new Pro (1 + 31). Remcos, Ave Maria, Various SSL/TLS, Various Phish.