[***]            Summary:            [***]

4 new Open, 36 new Pro (4 + 32). DADJOKE/Rail Tycoon, Ursnif, VNCStartServer, Wacatac, Various Phishing.

Suricata 5.0 Support blog:
https://www.proofpoint.com/us/corporate-blog/post/emerging-threats-announcing-support-suricata-50
Suricata 2/3 EOL information:
https://lists.emergingthreats.net/pipermail/emerging-updates/2019-October/004655.html

Please share issues, feedback, and requests at https://feedback.emergingthreats.net/feedback

[+++]          Added rules:          [+++]

Open:

2009545 - ET USER_AGENTS User-Agent (_TEST_) (user_agents.rules)
2028963 - ET TROJAN DADJOKE/Rail Tycoon Initial Macro Execution (trojan.rules)
2028964 - ET TROJAN DADJOKE/Rail Tycoon Payload Extraction (trojan.rules)
2028965 - ET TROJAN DADJOKE/Rail Tycoon Payload Execution (trojan.rules)

Pro:

2839364 - ETPRO POLICY Inbound Doc Dropping Suspect Filetype (exe/dll/vbs/bat) to Persistence Registry Location (policy.rules)
2839369 - ETPRO TROJAN Win32/Snojan Variant Uploading EXE (trojan.rules)
2839370 - ETPRO TROJAN ELF/Mirai Variant CnC Activity (trojan.rules)
2839372 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC) (trojan.rules)
2839373 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC) (trojan.rules)
2839374 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-11-11 1) (trojan.rules)
2839375 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-11-11 2) (trojan.rules)
2839376 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-11-11 3) (trojan.rules)
2839377 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-11-11 4) (trojan.rules)
2839378 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-11-11 5) (trojan.rules)
2839379 - ETPRO CURRENT_EVENTS Successful Bank of America Phish 2019-11-12 (current_events.rules)
2839380 - ETPRO CURRENT_EVENTS Successful Bank of America Phish 2019-11-12 (current_events.rules)
2839381 - ETPRO CURRENT_EVENTS Successful Bank of America Phish 2019-11-12 (current_events.rules)
2839382 - ETPRO CURRENT_EVENTS Successful Bank of America Phish 2019-11-12 (current_events.rules)
2839383 - ETPRO CURRENT_EVENTS Successful Xfinity/Comcast Phish 2019-11-12 (current_events.rules)
2839384 - ETPRO CURRENT_EVENTS Successful Prima Banka Phish 2019-11-12 (current_events.rules)
2839385 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish 2019-11-12 (current_events.rules)
2839386 - ETPRO CURRENT_EVENTS Successful Linkedin Phish 2019-11-12 (current_events.rules)
2839387 - ETPRO CURRENT_EVENTS Successful Facebook Phish 2019-11-12 (current_events.rules)
2839388 - ETPRO CURRENT_EVENTS Successful Stripe Phish 2019-11-12 (current_events.rules)
2839389 - ETPRO CURRENT_EVENTS Successful Bank of America Phish 2019-11-12 (current_events.rules)
2839390 - ETPRO CURRENT_EVENTS Successful Commbank Phish 2019-11-12 (current_events.rules)
2839391 - ETPRO CURRENT_EVENTS Successful Instagram TK Phish 2019-11-12 (current_events.rules)
2839392 - ETPRO TROJAN VNCStartServer USR Variant CnC Beacon (trojan.rules)
2839393 - ETPRO TROJAN VNCStartServer BOT Variant CnC Beacon (trojan.rules)
2839395 - ETPRO TROJAN Win32/Wacatac.B Variant Update Request (trojan.rules)
2839396 - ETPRO TROJAN Win32/Wacatac.B Variant Download Request (trojan.rules)
2839397 - ETPRO TROJAN Win32/Wacatac.B Variant Response (trojan.rules)
2839398 - ETPRO TROJAN Win32/Wacatac.B Variant Successful Payload Download (trojan.rules)
2839399 - ETPRO TROJAN MSIL/Gen.Downloader - CnC Checkin via MySQL (trojan.rules)
2839400 - ETPRO TROJAN MSIL/Gen.Downloader Receiving Hex Encoded Payload List M1 (trojan.rules)
2839401 - ETPRO TROJAN MSIL/Gen.Downloader Receiving Hex Encoded Payload List M2 (trojan.rules)

[///]     Modified active rules:     [///]

2027325 - ET TROJAN CobaltStrike SMB P2P Default Msagent Named Pipe Interaction (trojan.rules)

Date: 
Monday, November 11, 2019 - 22:00