[***]            Summary:            [***]

3 new Open, 38 new Pro (3 + 35).  Ursnif, DonotGroup, Mirai, Various Phish.

Suricata 5.0 Support blog:
https://www.proofpoint.com/us/corporate-blog/post/emerging-threats-announcing-support-suricata-50
Suricata 2/3 EOL information:
https://lists.emergingthreats.net/pipermail/emerging-updates/2019-October/004655.html

Please share issues, feedback, and requests at https://feedback.emergingthreats.net/feedback

[+++]          Added rules:          [+++]

Open:

2029002 - ET TROJAN Win32/Agent Tesla SMTP Clipboard Exfil (trojan.rules)
2029003 - ET TROJAN SSL/TLS Certificate Observed (Wacatac.B) (trojan.rules)
2029004 - ET TROJAN Observed Malicious SSL Cert (DonotGroup CnC) (trojan.rules)

Pro:

2839488 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL 2019-11-19) (current_events.rules)
2839489 - ETPRO TROJAN ELF/Gafygt Variant CnC Server Response (trojan.rules)
2839490 - ETPRO TROJAN ELF/Gafygt Variant CnC Checkin M1 (trojan.rules)
2839491 - ETPRO TROJAN ELF/Gafygt Variant CnC Checkin M2 (trojan.rules)
2839492 - ETPRO TROJAN ELF/Gafygt Variant CnC Checkin M3 (trojan.rules)
2839493 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC) (trojan.rules)
2839494 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC) (trojan.rules)
2839495 - ETPRO TROJAN Mirai Variant User-Agent (Outbound) (trojan.rules)
2839496 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-11-18 1) (trojan.rules)
2839497 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-11-18 2) (trojan.rules)
2839498 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-11-18 3) (trojan.rules)
2839499 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-11-18 4) (trojan.rules)
2839500 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-11-18 5) (trojan.rules)
2839501 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-11-18 6) (trojan.rules)
2839502 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-11-18 7) (trojan.rules)
2839503 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-11-18 8) (trojan.rules)
2839504 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-11-18 9) (trojan.rules)
2839505 - ETPRO CURRENT_EVENTS Successful Microsoft Onedrive Phish 2019-11-19 (current_events.rules)
2839506 - ETPRO CURRENT_EVENTS Successful American Express Phish 2019-11-19 (current_events.rules)
2839507 - ETPRO CURRENT_EVENTS Successful Yahoo Phish 2019-11-19 (current_events.rules)
2839508 - ETPRO CURRENT_EVENTS Successful Banco Itau Phish 2019-11-19 (current_events.rules)
2839509 - ETPRO CURRENT_EVENTS Successful Microsoft Excel Phish 2019-11-19 (current_events.rules)
2839510 - ETPRO CURRENT_EVENTS Successful Generic Account Update Phish 2019-11-19 (current_events.rules)
2839511 - ETPRO CURRENT_EVENTS Successful Outlook Web Access Phish 2019-11-19 (current_events.rules)
2839512 - ETPRO CURRENT_EVENTS Successful Charles Schwab Phish 2019-11-19 (current_events.rules)
2839513 - ETPRO TROJAN Win32/Erjan Loader CnC Activity (trojan.rules)
2839514 - ETPRO TROJAN W32/Kanatara CnC Activity (trojan.rules)
2839515 - ETPRO TROJAN Mirai Variant User-Agent (Inbound) (trojan.rules)
2839516 - ETPRO TROJAN Mirai Variant User-Agent (Inbound) (trojan.rules)
2839517 - ETPRO TROJAN Mirai Variant User-Agent (Inbound) (trojan.rules)
2839518 - ETPRO TROJAN Mirai Variant User-Agent (Inbound) (trojan.rules)
2839519 - ETPRO TROJAN Mirai Variant User-Agent (Inbound) (trojan.rules)
2839520 - ETPRO TROJAN DonotGroup YTY 2.0 URI Observed (trojan.rules)
2839521 - ETPRO TROJAN DonotGroup YTY 2.0 CnC Checkin (trojan.rules)
2839522 - ETPRO TROJAN Win32/Remcos RAT Checkin 253 (trojan.rules)

[///]     Modified active rules:     [///]

2839453 - ETPRO TROJAN Mirai Variant Exploit Scanner User-Agent (Outbound) (trojan.rules)
2839471 - ETPRO TROJAN Mirai Variant User-Agent (Outbound) (trojan.rules)
2839473 - ETPRO TROJAN Mirai Variant User-Agent (Outbound) (trojan.rules)

Date: 
Monday, November 18, 2019 - 22:00