[***] Summary: [***]
11 new Open, 16 new Pro (11 + 5). Unk/LNKR, MSIL.L4L, StrongPity, Various Android.
Thanks Travis Green and the 2019 Suricon Threat Hunting Class.
We have a blog up now outlining the new Suricata 5.0 ruleset information as well information regarding our upcoming plans to EOL rule support for Suricata 2.0/3.0 Rulesets.
Suricata 5.0 Support blog:
https://www.proofpoint.com/us/corporate-blog/post/emerging-threats-announcing-support-suricata-50
Suricata 2/3 EOL information:
https://lists.emergingthreats.net/pipermail/emerging-updates/2019-October/004655.html
Please share issues, feedback, and requests at https://feedback.emergingthreats.net/feedback
[+++] Added rules: [+++]
Open:
2028921 - ET TROJAN Kimsuky CnC Domain Observed in DNS Query (trojan.rules)
2028922 - ET TROJAN Kimsuky CnC Domain Observed in DNS Query (trojan.rules)
2028923 - ET TROJAN Unk/LNKR CnC Domain Observed in DNS Query (trojan.rules)
2028924 - ET TROJAN Unk/LNKR CnC Domain Observed in DNS Query (trojan.rules)
2028925 - ET TROJAN Unk/LNKR CnC Domain Observed in DNS Query (trojan.rules)
2028926 - ET TROJAN Observed Malicious SSL Cert (StrongPity CnC) (trojan.rules)
2028927 - ET MALWARE StrongPity CnC Domain Observed in DNS Query (malware.rules)
2028928 - ET EXPLOIT VMware VeloCloud Authorization Bypass (CVE-2019-5533) (exploit.rules)
2028929 - ET TROJAN MSIL.L4L Stealer IP Check (trojan.rules)
2028930 - ET TROJAN MSIL.L4L Stealer Screenshot Exfiltration (trojan.rules)
2028931 - ET TROJAN MSIL.L4L Stealer Systeminfo Exfiltration (trojan.rules)
Pro:
2839153 - ETPRO POLICY Suspicious Double Accept HTTP Header Value (policy.rules)
2839154 - ETPRO MOBILE_MALWARE Riskware.Android.Wooboo.cthjxd Reporting Device Details (mobile_malware.rules)
2839155 - ETPRO MOBILE_MALWARE Android/TrojanDownloader.Agent.LV CnC Beacon (mobile_malware.rules)
2839156 - ETPRO MOBILE_MALWARE Trojan.Android.SystemMonitor.eeirqa CnC Beacon (mobile_malware.rules)
2839157 - ETPRO MOBILE_MALWARE Android/Triada.GY Checkin (mobile_malware.rules)