[***] Summary: [***]
13 new Open, 30 new Pro (13 + 17). PurpleFox EK, MomentumBot, CopperStealer, Remcos, CoinMiners, Various Phishing.
Suricata 5.0 Support blog:
https://www.proofpoint.com/us/corporate-blog/post/emerging-threats-announcing-support-suricata-50
Suricata 2/3 EOL information:
https://lists.emergingthreats.net/pipermail/emerging-updates/2019-October/004655.html
Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback
[+++] Added rules: [+++]
Open:
2028970 - ET WEB_CLIENT Tech Support Scam 2019-11-14 (web_client.rules)
2028971 - ET WEB_CLIENT Tech Support Scam 2019-11-14 (web_client.rules)
2028972 - ET CURRENT_EVENTS Possible PurpleFox/RIG EK Flash Request M1 (current_events.rules)
2028973 - ET CURRENT_EVENTS Possible PurpleFox/RIG EK Flash Request M2 (current_events.rules)
2028974 - ET CURRENT_EVENTS Possible PurpleFox EK Framework Landing (current_events.rules)
2028975 - ET CURRENT_EVENTS Possible PurpleFox EK Framework Landing - Various Exploits (current_events.rules)
2028976 - ET CURRENT_EVENTS Possible PurpleFox EK Framework Payload (current_events.rules)
2028977 - ET CURRENT_EVENTS Possible PurpleFox EK Framework Flash HEAD Request (current_events.rules)
2028978 - ET CURRENT_EVENTS Possible PurpleFox EK Framework Flash GET Request (current_events.rules)
2028979 - ET CURRENT_EVENTS Possible PurpleFox EK Framework URI Struct Landing Request (current_events.rules)
2028980 - ET CURRENT_EVENTS Possible PurpleFox EK Framework URI Struct Flash Request (current_events.rules)
2028981 - ET CURRENT_EVENTS Possible PurpleFox EK Framework Payload (current_events.rules)
2028982 - ET CURRENT_EVENTS Possible PurpleFox EK Framework Payload (current_events.rules)
Pro:
2839421 - ETPRO TROJAN ELF/MomentumBot IRC Checkin (trojan.rules)
2839422 - ETPRO TROJAN Win32/CopperStealer CnC Activity (trojan.rules)
2839423 - ETPRO CURRENT_EVENTS PurpleFox EK Framework Certificate Observed (current_events.rules)
2839424 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-11-13 1) (trojan.rules)
2839425 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-11-13 2) (trojan.rules)
2839426 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-11-13 3) (trojan.rules)
2839427 - ETPRO CURRENT_EVENTS Successful Wells Fargo Phish 2019-11-14 (current_events.rules)
2839428 - ETPRO CURRENT_EVENTS Successful University of Iowa Phish 2019-11-14 (current_events.rules)
2839429 - ETPRO CURRENT_EVENTS Successful Chase Phish 2019-11-14 (current_events.rules)
2839430 - ETPRO CURRENT_EVENTS Successful Facebook Phish 2019-11-14 (current_events.rules)
2839431 - ETPRO CURRENT_EVENTS Successful Desjardins Phish 2019-11-14 (current_events.rules)
2839432 - ETPRO CURRENT_EVENTS Successful Desjardins Phish 2019-11-14 (current_events.rules)
2839433 - ETPRO CURRENT_EVENTS Successful QNB Finansbank Phish 2019-11-14 (current_events.rules)
2839434 - ETPRO CURRENT_EVENTS Successful Skype Phish 2019-11-14 (current_events.rules)
2839435 - ETPRO TROJAN Observed Malicious SSL Cert (IcedID CnC) (trojan.rules)
2839436 - ETPRO TROJAN Win32/Remcos RAT Checkin 247 (trojan.rules)
2839437 - ETPRO TROJAN Win32/Remcos RAT Checkin 248 (trojan.rules)
[///] Modified active rules: [///]
2832226 - ETPRO MOBILE_MALWARE Android.Riskware.Drolock.BK CnC Beacon