[***] Summary: [***]
6 new Open, 37 new Pro (6 + 31). Fallout EK, Win32/1xxbot, Various Mirai, Remcos, CoinMiners, Various Phishing.
Suricata 5.0 Support blog:
https://www.proofpoint.com/us/corporate-blog/post/emerging-threats-announcing-support-suricata-50
Suricata 2/3 EOL information:
https://lists.emergingthreats.net/pipermail/emerging-updates/2019-October/004655.html
Please share issues, feedback, and requests at https://feedback.emergingthreats.net/feedback
[+++] Added rules: [+++]
Open:
2028983 - ET USER_AGENTS Observed Suspicious UA (system_file/2.0) (user_agents.rules)
2028984 - ET TROJAN Win32/1xxbot CnC Checkin (trojan.rules)
2028985 - ET CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL 2019-11-15) (current_events.rules)
2028986 - ET TROJAN Observed Malicious SSL Cert (Sidewinder APT CnC) (trojan.rules)
2028987 - ET TROJAN Observed CobInt CnC Domain in TLS SNI (trojan.rules)
2028988 - ET TROJAN Observed CobInt CnC Domain in TLS SNI (trojan.rules)
Pro:
2839362 - ETPRO INFO Inbound Doc Containing WScript Shell (info.rules)
2839363 - ETPRO INFO Inbound Doc Containing WScript Network (info.rules)
2839365 - ETPRO INFO Inbound Doc Containing OS Shutdown Functionality (info.rules)
2839438 - ETPRO MOBILE_MALWARE Trojan.Ewind.Android.19 Checkin (mobile_malware.rules)
2839439 - ETPRO TROJAN Observed Mirai Variant UA (system_file/2.0) (trojan.rules)
2839440 - ETPRO TROJAN Observed DNS Query for MalDoc Payload Domain 2019-11-15 (trojan.rules)
2839441 - ETPRO TROJAN Observed DNS Query to Known Queu Downloader Domain (trojan.rules)
2839442 - ETPRO TROJAN Observed DNS Query to Known Queu Downloader Sub Domain (trojan.rules)
2839443 - ETPRO TROJAN Observed DNS Query to Known Queu Downloader Sub Domain (trojan.rules)
2839444 - ETPRO TROJAN Observed DNS Query to Known Queu Downloader Sub Domain (trojan.rules)
2839445 - ETPRO TROJAN Observed DNS Query to Known Queu Downloader Sub Domain (trojan.rules)
2839446 - ETPRO TROJAN Observed DNS Query to Known Queu Downloader Domain (trojan.rules)
2839447 - ETPRO TROJAN SSL/TLS Certificate Observed (Fallout EK) (trojan.rules)
2839448 - ETPRO CURRENT_EVENTS Fallout EK JS Landing (current_events.rules)
2839449 - ETPRO CURRENT_EVENTS Fallout EK Adobe Flash JS (current_events.rules)
2839450 - ETPRO CURRENT_EVENTS Fallout EK Powershell (current_events.rules)
2839451 - ETPRO CURRENT_EVENTS Fallout EK Payload (current_events.rules)
2839452 - ETPRO CURRENT_EVENTS Spelevo EK Landing 2019-11-15 (current_events.rules)
2839453 - ETPRO MALWARE Mirai Variant Exploit Scanner User-Agent (malware.rules)
2839454 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-11-14 1) (trojan.rules)
2839455 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-11-14 2) (trojan.rules)
2839456 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-11-14 3) (trojan.rules)
2839457 - ETPRO CURRENT_EVENTS Successful Bank of America Phish 2019-11-15 (current_events.rules)
2839458 - ETPRO CURRENT_EVENTS Successful TD Bank Phish 2019-11-15 (current_events.rules)
2839459 - ETPRO CURRENT_EVENTS Successful Apple Phish 2019-11-15 (current_events.rules)
2839460 - ETPRO CURRENT_EVENTS Successful Apple Phish 2019-11-15 (current_events.rules)
2839461 - ETPRO CURRENT_EVENTS Successful Apple Phish 2019-11-15 (current_events.rules)
2839462 - ETPRO CURRENT_EVENTS Successful Nedbank Phish 2019-11-15 (current_events.rules)
2839463 - ETPRO CURRENT_EVENTS Successful Onedrive Phish 2019-11-15 (current_events.rules)
2839464 - ETPRO CURRENT_EVENTS Successful Update Personal Information Phish 2019-11-15 (current_events.rules)
2839465 - ETPRO TROJAN Win32/Remcos RAT Checkin 249 (trojan.rules)
[///] Modified active rules: [///]
2028865 - ET CURRENT_EVENTS Spelevo VBS Payload Downloaded (current_events.rules)
2028866 - ET CURRENT_EVENTS Spelevo Download Payload Landing (current_events.rules)
2838994 - ETPRO CURRENT_EVENTS Spelevo VBS Cookie (current_events.rules)
[---] Removed rules: [---]
2837900 - ETPRO MOBILE_MALWARE Android Spy MoqHao CnC Beacon (mobile_malware.rules)