[***]            Summary:            [***]

1 new Open, 10 new Pro (1 + 9).  Netwire, PowerVBS, Iobon Ichi, Various CoinMiners.

We have a blog up now outlining the new Suricata 5.0 ruleset information as well information regarding our upcoming plans to EOL rule support for Suricata 2.0/3.0 Rulesets.

Suricata 5.0 Support blog:
https://www.proofpoint.com/us/corporate-blog/post/emerging-threats-announcing-support-suricata-50
Suricata 2/3 EOL information:
https://lists.emergingthreats.net/pipermail/emerging-updates/2019-October/004655.html

Please share issues, feedback, and requests at https://feedback.emergingthreats.net/feedback

[+++]          Added rules:          [+++]

Open:

2028918 - ET TROJAN Netwire RAT Client Check-in (socket created) (trojan.rules)

Pro:

2839134 - ETPRO TROJAN Win32/Presenoker UA Observed (trojan.rules)
2839144 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-10-28 1) (trojan.rules)
2839145 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-10-28 2) (trojan.rules)
2839146 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-10-28 3) (trojan.rules)
2839147 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-10-28 4) (trojan.rules)
2839148 - ETPRO TROJAN Iobon Ichi Bot CnC Checkin (trojan.rules)
2839149 - ETPRO TROJAN Win32/PowerVBS Uploading Screenshot to CnC (trojan.rules)
2839150 - ETPRO POLICY Possible Android App Using Fake iPhone User-Agent (policy.rules)

[///]     Modified active rules:     [///]

2838879 - ETPRO TROJAN GrandSteal Server Response via WebSocket (trojan.rules)

Date: 
Monday, October 28, 2019 - 22:00