Daily Ruleset Update Summary
Daily Ruleset Update Summary 2019/11/05

[***]            Summary:            [***]

8 new Open, 26 new Pro (8 + 18). Capesand EK, Ryuk, Satan Ransomware Variant, VARIOUS Phish.

Suricata 5.0 Support blog:
https://www.proofpoint.com/us/corporate-blog/post/emerging-threats-announcing-support-suricata-50
Suricata 2/3 EOL information:
https://lists.emergingthreats.net/pipermail/emerging-updates/2019-October/004655.html

Please share issues, feedback, and requests at https://feedback.emergingthreats.net/feedback

[+++]          Added rules:          [+++]

Open:

2028937 - ET CURRENT_EVENTS Capesand EK Landing (current_events.rules)
2028938 - ET CURRENT_EVENTS PluginDetect Observed - Possible EK Activity (current_events.rules)
2028939 - ET CURRENT_EVENTS Capesand EK Visitor Tracking (current_events.rules)
2028940 - ET CURRENT_EVENTS Possible MSFVenom Exploit via Browser (current_events.rules)
2028941 - ET CURRENT_EVENTS Powershell Download Command Observed within Flash File - Probable EK Activity (current_events.rules)
2028942 - ET P2P FFTorrent P2P Client User-Agent (FFTorrent/x.x.x) (p2p.rules)
2028943 - ET TROJAN Ryuk Wake-on-LAN Packet Observed (trojan.rules)
2028944 - ET TROJAN Observed Malicious SSL Cert (Turla CnC) (trojan.rules)

Pro:

2839224 - ETPRO CURRENT_EVENTS Successful Sparda Bank Phish 2019-11-05 (current_events.rules)
2839225 - ETPRO CURRENT_EVENTS Successful Outlook Web App Phish 2019-11-05 (current_events.rules)
2839226 - ETPRO CURRENT_EVENTS Successful AT&T Phish 2019-11-05 (current_events.rules)
2839227 - ETPRO CURRENT_EVENTS Successful Apple iCloud Phish 2019-11-05 (current_events.rules)
2839228 - ETPRO CURRENT_EVENTS Successful BB&T Phish 2019-11-05 (current_events.rules)
2839229 - ETPRO CURRENT_EVENTS Successful HSBC Phish 2019-11-05 (current_events.rules)
2839230 - ETPRO CURRENT_EVENTS Successful Navy Federal Credit Union Phish 2019-11-05 (current_events.rules)
2839231 - ETPRO CURRENT_EVENTS Successful Generic Phish 2019-11-05 (current_events.rules)
2839232 - ETPRO CURRENT_EVENTS Successful Outlook  Phish 2019-11-05 (current_events.rules)
2839233 - ETPRO CURRENT_EVENTS Successful Generic Email Validation Phish 2019-11-05 (current_events.rules)
2839234 - ETPRO CURRENT_EVENTS Successful Standard Bank Phish 2019-11-05 (current_events.rules)
2839235 - ETPRO TROJAN Cryptor Client Satan Variant Ransomware Encryption Process Start (trojan.rules)
2839236 - ETPRO TROJAN Cryptor Client Satan Variant Ransomware Encryption Bak Status (trojan.rules)
2839237 - ETPRO TROJAN Cryptor Client Satan Variant Ransomware Encryption DB Status (trojan.rules)
2839238 - ETPRO TROJAN Blackmoon CnC Activity (trojan.rules)
2839239 - ETPRO TROJAN ELF/Mirai User-Agent Observed (Inbound) (trojan.rules)
2839240 - ETPRO TROJAN ELF/Mirai User-Agent Observed (Outbound) (trojan.rules)
2839241 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-11-05) (trojan.rules)

[---]         Removed rules:         [---]

2028923 - ET TROJAN Unk/LNKR CnC Domain Observed in DNS Query (trojan.rules)

Date:
Summary title:
8 new Open, 26 new Pro (8 + 18). Capesand EK, Ryuk, Satan Ransomware Variant, VARIOUS Phish.