Daily Ruleset Update Summary
Daily Ruleset Update Summary 2019/10/24

[***]            Summary:            [***]

9 new Open, 23 new Pro (9 + 14).  Remcos, Win32/Orion, Various SSL/TLS, Various Phish.

Thanks James Lay (@james_inthe_box).

We have a blog up now outlining the new Suricata 5.0 ruleset information as well information regarding our upcoming plans to EOL rule support for Suricata 2.0/3.0 Rulesets.

Suricata 5.0 Support blog:
https://www.proofpoint.com/us/corporate-blog/post/emerging-threats-announcing-support-suricata-50
Suricata 2/3 EOL information:
https://lists.emergingthreats.net/pipermail/emerging-updates/2019-October/004655.html

Please share issues, feedback, and requests at https://feedback.emergingthreats.net/feedback

[+++]          Added rules:          [+++]

Open:

2028896 - ET TROJAN Observed Win32/Orion Logger SMTP Exfil Subject Line (trojan.rules)
2028897 - ET TROJAN Win32/Orion Logger SMTP Base64 Exfil (trojan.rules)
2028898 - ET TROJAN Observed Malicious SSL Cert (APT32 CnC) (trojan.rules)
2028899 - ET TROJAN Lazarus CnC Domain Observed in DNS Query (trojan.rules)
2028900 - ET TROJAN Lazarus CnC Domain Observed in DNS Query (trojan.rules)
2028901 - ET TROJAN Lazarus CnC Domain Observed in DNS Query (trojan.rules)
2028902 - ET TROJAN Lazarus CnC Domain Observed in DNS Query (trojan.rules)
2028903 - ET TROJAN Lazarus CnC Domain Observed in DNS Query (trojan.rules)
2028904 - ET TROJAN Lazarus CnC Domain Observed in DNS Query (trojan.rules)

Pro:

2839110 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Anubis.p CnC Beacon (mobile_malware.rules)
2839111 - ETPRO MOBILE_MALWARE Trojan-SMS.AndroidOS.Agent.acl Checkin (mobile_malware.rules)
2839112 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC) (trojan.rules)
2839113 - ETPRO TROJAN Observed Malicious SSL Cert (Get2 CnC) (trojan.rules)
2839114 - ETPRO TROJAN Observed Malicious SSL Cert (Get2 CnC) (trojan.rules)
2839115 - ETPRO CURRENT_EVENTS Successful Naver Phish 2019-10-24 (current_events.rules)
2839116 - ETPRO CURRENT_EVENTS Successful Bank of America Phish 2019-10-24 (current_events.rules)
2839117 - ETPRO CURRENT_EVENTS Successful Softbank JP Phish 2019-10-24 (current_events.rules)
2839118 - ETPRO CURRENT_EVENTS Successful OneDrive Phish 2019-10-24 (current_events.rules)
2839119 - ETPRO TROJAN Win32/Spy.Socelars.S CnC Activity M1 (trojan.rules)
2839120 - ETPRO TROJAN Win32/Spy.Socelars.S CnC Activity M2 (trojan.rules)
2839121 - ETPRO MALWARE VKontakteDJ PUP Activity M2 (malware.rules)
2839122 - ETPRO MALWARE VKontakteDJ PUP Activity M3 (malware.rules)
2839123 - ETPRO TROJAN Win32/Remcos RAT Checkin 227 (trojan.rules)

[///]     Modified active rules:     [///]

2022977 - ET TROJAN Cknife Shell Command Struct Inbound (aspx) (trojan.rules)
2023035 - ET TROJAN Linux/Lady CnC Beacon 2 (trojan.rules)
2027364 - ET TROJAN BlackTech Plead Encrypted Payload Inbound (trojan.rules)
2028883 - ET TROJAN APT 41 LOWKEY Backdoor - Ping Command Inbound (trojan.rules)
2816369 - ETPRO MOBILE_MALWARE Android.Trojan.HiddenApp.AW Checkin (mobile_malware.rules)
2822031 - ETPRO TROJAN Win32.Unknown Updateinfo Command (trojan.rules)

Date:
Summary title:
9 new Open, 23 new Pro (9 + 14). Remcos, Win32/Orion, Various SSL/TLS, Various Phish.