Daily Ruleset Update Summary
Daily Ruleset Update Summary 2019/11/18

[***]            Summary:            [***]

13 new Open, 36 new Pro (13 + 23).  Pipka, Mirai, Remcos RAT, Various Phish.

Suricata 5.0 Support blog:
https://www.proofpoint.com/us/corporate-blog/post/emerging-threats-announcing-support-suricata-50
Suricata 2/3 EOL information:
https://lists.emergingthreats.net/pipermail/emerging-updates/2019-October/004655.html

Please share issues, feedback, and requests at https://feedback.emergingthreats.net/feedback

[+++]          Added rules:          [+++]

Open:

2028989 - ET TROJAN ELF/Mirai Variant UA Outbound (ph0ne) (trojan.rules)
2028990 - ET TROJAN ELF/Mirai Variant UA Outbound (Ouija_x.86) (trojan.rules)
2028991 - ET TROJAN Observed Buran Ransomware UA (trojan.rules)
2028992 - ET TROJAN SuperSocialat Plugin Backdoor Code Execution Attempt (trojan.rules)
2028993 - ET CURRENT_EVENTS Possible Pipka JS Skimmer CnC Request (current_events.rules)
2028994 - ET CURRENT_EVENTS Possible Pipka JS Skimmer - Skimmer Payload Observed M1 (current_events.rules)
2028995 - ET CURRENT_EVENTS Possible Pipka JS Skimmer - Skimmer Payload Observed M2 (current_events.rules)
2028996 - ET CURRENT_EVENTS Possible Pipka JS Skimmer - Skimmer Payload Observed M3 (current_events.rules)
2028997 - ET CURRENT_EVENTS Possible Pipka JS Skimmer - Skimmer Payload Observed M4 (current_events.rules)
2028998 - ET CURRENT_EVENTS Possible Pipka JS Skimmer - Skimmer Payload Observed M5 (current_events.rules)
2028999 - ET CURRENT_EVENTS Possible Pipka JS Skimmer - Skimmer Payload Observed M6 (current_events.rules)
2029000 - ET CURRENT_EVENTS Possible Pipka JS Skimmer - Skimmer Payload Observed M7 (current_events.rules)
2029001 - ET TROJAN Observed Malicious SSL Cert (AZORult CnC) 2019-11-18 (trojan.rules)

Pro:

2835192 - ETPRO INFO Suspicious Pomf Filesharing Domain in TLS SNI (info.rules)
2839453 - ETPRO TROJAN Mirai Variant Exploit Scanner User-Agent (trojan.rules)
2839466 - ETPRO TROJAN Observed DNS Query to Get2 Domain (trojan.rules)
2839467 - ETPRO TROJAN Observed DNS Query to Get2 Domain (trojan.rules)
2839468 - ETPRO TROJAN Observed ELF/Mirai Variant UA Inbound (ph0ne) (trojan.rules)
2839469 - ETPRO TROJAN Observed ELF/Mirai Variant UA Inbound (Ouija_x.86) (trojan.rules)
2839470 - ETPRO TROJAN Win32/Agent Tesla SMTP Clipboard Exfil (trojan.rules)
2839471 - ETPRO TROJAN Mirai Variant User-Agent (trojan.rules)
2839472 - ETPRO TROJAN Mirai Variant User-Agent (trojan.rules)
2839473 - ETPRO TROJAN Mirai Variant User-Agent (trojan.rules)
2839474 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-11-15 1) (trojan.rules)
2839475 - ETPRO CURRENT_EVENTS Successful Microsoft VoiceNote Phish 2019-11-18 (current_events.rules)
2839476 - ETPRO CURRENT_EVENTS Successful Alibaba Phish 2019-11-18 (current_events.rules)
2839477 - ETPRO CURRENT_EVENTS Successful Volksbank Phish 2019-11-18 (current_events.rules)
2839478 - ETPRO CURRENT_EVENTS Successful American Express Phish 2019-11-18 (current_events.rules)
2839479 - ETPRO CURRENT_EVENTS Successful My3 Phish 2019-11-18 (current_events.rules)
2839480 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information Phish 2019-11-18 (current_events.rules)
2839481 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information Phish 2019-11-18 (current_events.rules)
2839482 - ETPRO TROJAN Observed Malicious SSL Cert (AZORult CnC) 2019-11-18 (trojan.rules)
2839483 - ETPRO TROJAN Win32/Zpevdo.A CnC Activity (trojan.rules)
2839484 - ETPRO TROJAN Win32/Remcos RAT Checkin 250 (trojan.rules)
2839485 - ETPRO TROJAN Win32/Remcos RAT Checkin 251 (trojan.rules)
2839486 - ETPRO TROJAN Win32/Remcos RAT Checkin 252 (trojan.rules)

Date:
Summary title:
13 new Open, 36 new Pro (13 + 23). Pipka, Mirai, Remcos RAT, Various Phish.