Daily Ruleset Update Summary
Daily Ruleset Update Summary 2019/11/11

[***]            Summary:            [***]

6 new Open, 23 new Pro (6 + 17). Various User-Agents, Win32/IcedID, Remcos, Various Phishing.

Suricata 5.0 Support blog:
https://www.proofpoint.com/us/corporate-blog/post/emerging-threats-announcing-support-suricata-50
Suricata 2/3 EOL information:
https://lists.emergingthreats.net/pipermail/emerging-updates/2019-October/004655.html

Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++]          Added rules:          [+++]

Open:

2028957 - ET TROJAN Platinum APT - Titanium Payload CnC Checkin (x86) (trojan.rules)
2028958 - ET TROJAN Platinum APT - Titanium Payload CnC Checkin (x64) (trojan.rules)
2028959 - ET TROJAN Platinum APT Activity (trojan.rules)
2028960 - ET TROJAN Platinum APT - Titanium Hardcoded String Observed (trojan.rules)
2028961 - ET TROJAN Gamaredon CnC Domain Observed in DNS Query (trojan.rules)
2028962 - ET TROJAN Gamaredon CnC Domain Observed in DNS Query (trojan.rules)

Pro:

2839344 - ETPRO POLICY CCleaner Update Agent User-Agent Observed (policy.rules)
2839349 - ETPRO POLICY External Geo IP Lookup - www. ip123 .pw (policy.rules)
2839350 - ETPRO CURRENT_EVENTS Successful Spectrum Phish 2019-11-11 (current_events.rules)
2839351 - ETPRO CURRENT_EVENTS Successful Netflix Phish 2019-11-11 (current_events.rules)
2839352 - ETPRO CURRENT_EVENTS Successful WeTransfer Phish 2019-11-11 (current_events.rules)
2839353 - ETPRO CURRENT_EVENTS Successful Scotiabank Phish 2019-11-11 (current_events.rules)
2839354 - ETPRO CURRENT_EVENTS Successful Snapchat Phish 2019-11-11 (current_events.rules)
2839355 - ETPRO CURRENT_EVENTS Successful Maersk Phish 2019-11-11 (current_events.rules)
2839356 - ETPRO CURRENT_EVENTS Successful WeTransfer Phish 2019-11-11 (current_events.rules)
2839357 - ETPRO CURRENT_EVENTS Successful Bank of America Phish 2019-11-11 (current_events.rules)
2839358 - ETPRO CURRENT_EVENTS Successful Facebook Messenger Phish 2019-11-11 (current_events.rules)
2839359 - ETPRO CURRENT_EVENTS Successful Apple iCloud Phish 2019-11-11 (current_events.rules)
2839360 - ETPRO CURRENT_EVENTS Successful WhatsApp Phish 2019-11-11 (current_events.rules)
2839361 - ETPRO TROJAN Buran Ransomware Activity M3 (trojan.rules)
2839366 - ETPRO MALWARE Win32/MailRu.E Checkin (malware.rules)
2839367 - ETPRO TROJAN Win32/Remcos RAT Checkin 244 (trojan.rules)
2839368 - ETPRO TROJAN Upatre CnC Domain in DNS Lookup (2019-11-11) (trojan.rules)

[///]     Modified active rules:     [///]

2018302 - ET INFO Possible Phish - Mirrored Website Comment Observed (info.rules)
2018334 - ET INFO Possible Phish - Saved Website Comment Observed (info.rules)
2021128 - ET TROJAN Blue Bot DDoS Proxy Request (trojan.rules)
2022729 - ET INFO PhishMe.com Phishing Exercise - Client Plugins (info.rules)
2023139 - ET INFO Form Data Submitted to yolasite.com - Possible Phishing (info.rules)
2027353 - ET TROJAN MSIL/Almashreq CnC Checkin (trojan.rules)
2814850 - ETPRO INFO Data Submitted to Weebly.com - Possible Phishing (info.rules)
2820816 - ETPRO INFO Data Submitted to my-free.website - Possible Phishing (info.rules)
2820905 - ETPRO INFO Data Submitted to MyFreeSites.com - Possible Phishing (info.rules)
2821967 - ETPRO INFO Data Submitted to Webeden.co.uk - Possible Phishing (info.rules)
2821968 - ETPRO INFO Data Submitted to Weebly.com - Possible Phishing (info.rules)
2822038 - ETPRO INFO Suspicious Minimal HTTP Refresh to Googledrive.com - Possible Phishing (info.rules)
2838362 - ETPRO CURRENT_EVENTS Successful Office 365 Phish 2019-09-09 (current_events.rules)
2839092 - ETPRO CURRENT_EVENTS Successful Generic Verify Email Phish 2019-10-23 (current_events.rules)

Date:
Summary title:
6 new Open, 23 new Pro (6 + 17). Various User-Agents, Win32/IcedID, Remcos, Various Phishing.