Daily Ruleset Update Summary
Daily Ruleset Update Summary 2019/11/20

[***]            Summary:            [***]

10 new Open, 25 new Pro (10 + 15).  Lemon_Duck, OSX/Nukesped, Remcos, Various Phish.

Suricata 5.0 Support blog:
https://www.proofpoint.com/us/corporate-blog/post/emerging-threats-announcing-support-suricata-50
Suricata 2/3 EOL information:
https://lists.emergingthreats.net/pipermail/emerging-updates/2019-October/004655.html

Please share issues, feedback, and requests at https://feedback.emergingthreats.net/feedback

[+++]          Added rules:          [+++]

Open:

2029005 - ET TROJAN Observed Malicious SSL Cert (OSX/Nukesped CnC) (trojan.rules)
2029006 - ET TROJAN Observed Malicious SSL Cert (OSX/Nukesped CnC) (trojan.rules)
2029007 - ET TROJAN Observed Malicious SSL Cert (OSX/Nukesped CnC) (trojan.rules)
2029008 - ET WEB_SERVER JAWS Webserver Unauthenticated Shell Command Execution (web_server.rules)
2029009 - ET INFO Generic IOT Downloader Malware in POST (Outbound) (info.rules)
2029010 - ET INFO Generic IOT Downloader Malware in GET (Outbound) (info.rules)
2029011 - ET INFO Generic IOT Downloader Malware in POST (Inbound) (info.rules)
2029012 - ET INFO Generic IOT Downloader Malware in GET (Inbound) (info.rules)
2029013 - ET TROJAN Lemon_Duck Powershell - Install Tracking (trojan.rules)
2029014 - ET TROJAN Lemon_Duck Powershell - RDP Credential Exfil (trojan.rules)

Pro:

2812183 - ETPRO INFO ZIP file embedded in JPG (info.rules)
2839523 - ETPRO TROJAN Win32/Metamorfo Style CnC Activity (trojan.rules)
2839524 - ETPRO TROJAN Observed Ursnif CnC Domain in TLS SNI (trojan.rules)
2839525 - ETPRO MALWARE Win32/Weiduan.E Reporting System Information (malware.rules)
2839526 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-11-19 1) (trojan.rules)
2839527 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-11-19 2) (trojan.rules)
2839528 - ETPRO CURRENT_EVENTS Successful BCP Phish 2019-11-20 (current_events.rules)
2839529 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information Phish 2019-11-20 (current_events.rules)
2839530 - ETPRO CURRENT_EVENTS Successful ADP Phish 2019-11-20 (current_events.rules)
2839531 - ETPRO CURRENT_EVENTS Successful ADP Phish 2019-11-20 (current_events.rules)
2839532 - ETPRO CURRENT_EVENTS Successful Facebook Phish 2019-11-20 (current_events.rules)
2839533 - ETPRO TROJAN Lemon_Duck Powershell - Malware Checkin (trojan.rules)
2839534 - ETPRO TROJAN Lemon_Duck Powershell - Observed User-Agent (trojan.rules)
2839535 - ETPRO TROJAN Win32/Remcos RAT Checkin 254 (trojan.rules)
2839536 - ETPRO TROJAN Win32/Remcos RAT Checkin 255 (trojan.rules)

[///]     Modified active rules:     [///]

2003492 - ET INFO Suspicious Mozilla User-Agent - Likely Fake (Mozilla/4.0) (info.rules)
2832502 - ETPRO CURRENT_EVENTS PowerShell Decoding Potential Stage 2 (current_events.rules)
2839245 - ETPRO CURRENT_EVENTS Successful Wayne State University Phish 2019-11-06 (current_events.rules)

Date:
Summary title:
10 new Open, 25 new Pro (10 + 15). Lemon_Duck, OSX/Nukesped, Remcos, Various Phish.