Daily Ruleset Update Summary
Daily Ruleset Update Summary 2019/10/28

[***]            Summary:            [***]

6 new Open, 22 new Pro (6 + 16).  Remcos, AZORult, BadPatch, Various Phish.

We have a blog up now outlining the new Suricata 5.0 ruleset information as well information regarding our upcoming plans to EOL rule support for Suricata 2.0/3.0 Rulesets.

Suricata 5.0 Support blog:
https://www.proofpoint.com/us/corporate-blog/post/emerging-threats-announcing-support-suricata-50
Suricata 2/3 EOL information:
https://lists.emergingthreats.net/pipermail/emerging-updates/2019-October/004655.html

Please share issues, feedback, and requests at https://feedback.emergingthreats.net/feedback

[+++]          Added rules:          [+++]

Open:

2028912 - ET USER_AGENTS Observed Suspicious UA (Client) (user_agents.rules)
2028913 - ET TROJAN BadPatch CnC Activity (trojan.rules)
2028914 - ET POLICY TOR Consensus Data Requested (policy.rules)
2028915 - ET TROJAN Instagram Like Bot (like4u) CnC Activity M1 (trojan.rules)
2028916 - ET TROJAN Instagram Like Bot (like4u) CnC Activity M2 (trojan.rules)
2028917 - ET TROJAN Instagram Like Bot (like4u) CnC Domain in DNS Lookup (trojan.rules)

Pro:

2839128 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-10-25 1) (trojan.rules)
2839129 - ETPRO CURRENT_EVENTS Successful Citibank Loan Phish 2019-10-28 (current_events.rules)
2839130 - ETPRO CURRENT_EVENTS Successful CIBC Phish 2019-10-28 (current_events.rules)
2839131 - ETPRO CURRENT_EVENTS Successful Generic Email Account Update Phish 2019-10-28 (current_events.rules)
2839132 - ETPRO CURRENT_EVENTS Successful AT&T Phish 2019-10-28 (current_events.rules)
2839133 - ETPRO TROJAN Win32/Presenoker Requesting Batch File M6 (trojan.rules)
2839134 - ETPRO USER_AGENTS Win32/Presenoker UA Observed (user_agents.rules)
2839135 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT CnC) (trojan.rules)
2839136 - ETPRO TROJAN Zeropadypt/Limbo/Ouroboros Ransomware CnC Checkin M2 (trojan.rules)
2839137 - ETPRO TROJAN Observed Malicious SSL Cert (AZORult CnC Server) 2019-10-28 (trojan.rules)
2839138 - ETPRO TROJAN Observed Malicious SSL Cert (AZORult CnC Server) 2019-10-22 (trojan.rules)
2839139 - ETPRO TROJAN Win32/Remcos RAT Checkin 229 (trojan.rules)
2839140 - ETPRO TROJAN Win32/Remcos RAT Checkin 230 (trojan.rules)
2839141 - ETPRO TROJAN Win32/Remcos RAT Checkin 231 (trojan.rules)
2839142 - ETPRO TROJAN Win32/Remcos RAT Checkin 232 (trojan.rules)
2839143 - ETPRO TROJAN Win32/Remcos RAT Checkin 233 (trojan.rules)

[///]     Modified active rules:     [///]

2838020 - ETPRO TROJAN Zeropadypt/Limbo/Ouroboros Ransomware CnC Checkin (trojan.rules)

Date:
Summary title:
6 new Open, 22 new Pro (6 + 16). Remcos, AZORult, BadPatch, Various Phish.