Daily Ruleset Update Summary
Daily Ruleset Update Summary 2019/11/08

[***]            Summary:            [***]

2 new Open, 42 new Pro (2 + 40).  Various User-Agents, Win32/IcedID, Remcos, Various Phishing.

Suricata 5.0 Support blog:
https://www.proofpoint.com/us/corporate-blog/post/emerging-threats-announcing-support-suricata-50
Suricata 2/3 EOL information:
https://lists.emergingthreats.net/pipermail/emerging-updates/2019-October/004655.html

Please share issues, feedback, and requests at https://feedback.emergingthreats.net/feedback

[+++]          Added rules:          [+++]

Open:

2028955 - ET TROJAN Win32/IcedID WebSocket Request M2 (trojan.rules)
2028956 - ET TROJAN Observed AHK Downloader Request Structure (trojan.rules)

Pro:

2839309 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-11-07 1) (trojan.rules)
2839310 - ETPRO CURRENT_EVENTS Successful Mercado Livre Phish 2019-11-08 (current_events.rules)
2839311 - ETPRO CURRENT_EVENTS Successful CIBC Phish 2019-11-08 (current_events.rules)
2839312 - ETPRO CURRENT_EVENTS Successful CIBC Phish 2019-11-08 (current_events.rules)
2839313 - ETPRO CURRENT_EVENTS Successful BBVA Phish 2019-11-08 (current_events.rules)
2839314 - ETPRO CURRENT_EVENTS Successful Linkedin Phish 2019-11-08 (current_events.rules)
2839315 - ETPRO CURRENT_EVENTS Successful Microsoft Office Phish 2019-11-08 (current_events.rules)
2839316 - ETPRO CURRENT_EVENTS Successful Bankia Phish 2019-11-08 (current_events.rules)
2839317 - ETPRO CURRENT_EVENTS Successful Espace Phish 2019-11-08 (current_events.rules)
2839318 - ETPRO CURRENT_EVENTS Successful Webmail Mini Phish 2019-11-08 (current_events.rules)
2839319 - ETPRO CURRENT_EVENTS Successful Facebook Phish 2019-11-08 (current_events.rules)
2839320 - ETPRO CURRENT_EVENTS Successful Microsoft Outlook Phish 2019-11-08 (current_events.rules)
2839321 - ETPRO CURRENT_EVENTS Successful Apple Phish 2019-11-08 (current_events.rules)
2839322 - ETPRO CURRENT_EVENTS Successful Microsoft Excel Online Phish 2019-11-08 (current_events.rules)
2839323 - ETPRO CURRENT_EVENTS Successful Generic View Product Sample Phish 2019-11-08 (current_events.rules)
2839324 - ETPRO CURRENT_EVENTS Successful Turkey Gov TR Phish 2019-11-08 (current_events.rules)
2839325 - ETPRO CURRENT_EVENTS Successful Turkey Gov TR Phish 2019-11-08 (current_events.rules)
2839326 - ETPRO CURRENT_EVENTS Successful AlaskaUSA Federal Credit Union Phish 2019-11-08 (current_events.rules)
2839327 - ETPRO USER_AGENTS Suspicious HTTP/1. User-Agent Observed (user_agents.rules)
2839328 - ETPRO USER_AGENTS Suspicious XXXX User-Agent Observed (user_agents.rules)
2839329 - ETPRO USER_AGENTS Suspicious IP User-Agent Observed (user_agents.rules)
2839330 - ETPRO USER_AGENTS Suspicious AutoIt3Script User-Agent Observed (user_agents.rules)
2839331 - ETPRO INFO Suspicious User-Agent containing Loader Observed (info.rules)
2839332 - ETPRO MALWARE iolo Download Manager User-Agent Observed (malware.rules)
2839333 - ETPRO MALWARE Appcelerator Titanium User-Agent Observed (malware.rules)
2839334 - ETPRO MALWARE Installer Doctor User-Agent Observed (malware.rules)
2839335 - ETPRO MALWARE Install Machine User-Agent Observed (malware.rules)
2839336 - ETPRO MALWARE WidgiToolbar User-Agent Observed (malware.rules)
2839337 - ETPRO MALWARE DriverUpdate Installer User-Agent Observed (malware.rules)
2839338 - ETPRO MALWARE Weather Buddy User-Agent Observed (malware.rules)
2839339 - ETPRO MALWARE AnVir Task Manager Free User-Agent Observed (malware.rules)
2839340 - ETPRO MALWARE SlimCleaner Plus Installer User-Agent Observed (malware.rules)
2839341 - ETPRO MALWARE AccelPCPro User-Agent Observed (malware.rules)
2839342 - ETPRO MALWARE RunBooster-Updater User-Agent Observed (malware.rules)
2839343 - ETPRO MALWARE InnoDownloadPlugin User-Agent Observed (malware.rules)
2839344 - ETPRO MALWARE CCleaner Update Agent User-Agent Observed (malware.rules)
2839345 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-11-08 1) (trojan.rules)
2839346 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-11-08 2) (trojan.rules)
2839347 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-11-08 3) (trojan.rules)
2839348 - ETPRO TROJAN Win32/Remcos RAT Checkin 243 (trojan.rules)

[---]         Removed rules:         [---]

2028943 - ET TROJAN Ryuk Wake-on-LAN Packet Observed (trojan.rules)

Date:
Summary title:
2 new Open, 42 new Pro (2 + 40). Various User-Agents, Win32/IcedID, Remcos, Various Phishing.