[***] Summary: [***]
10 new Open, 25 new Pro (10 + 15). Lemon_Duck, OSX/Nukesped, Remcos, Various Phish.
Suricata 5.0 Support blog:
https://www.proofpoint.com/us/corporate-blog/post/emerging-threats-announcing-support-suricata-50
Suricata 2/3 EOL information:
https://lists.emergingthreats.net/pipermail/emerging-updates/2019-October/004655.html
Please share issues, feedback, and requests at https://feedback.emergingthreats.net/feedback
[+++] Added rules: [+++]
Open:
2029005 - ET TROJAN Observed Malicious SSL Cert (OSX/Nukesped CnC) (trojan.rules)
2029006 - ET TROJAN Observed Malicious SSL Cert (OSX/Nukesped CnC) (trojan.rules)
2029007 - ET TROJAN Observed Malicious SSL Cert (OSX/Nukesped CnC) (trojan.rules)
2029008 - ET WEB_SERVER JAWS Webserver Unauthenticated Shell Command Execution (web_server.rules)
2029009 - ET INFO Generic IOT Downloader Malware in POST (Outbound) (info.rules)
2029010 - ET INFO Generic IOT Downloader Malware in GET (Outbound) (info.rules)
2029011 - ET INFO Generic IOT Downloader Malware in POST (Inbound) (info.rules)
2029012 - ET INFO Generic IOT Downloader Malware in GET (Inbound) (info.rules)
2029013 - ET TROJAN Lemon_Duck Powershell - Install Tracking (trojan.rules)
2029014 - ET TROJAN Lemon_Duck Powershell - RDP Credential Exfil (trojan.rules)
Pro:
2812183 - ETPRO INFO ZIP file embedded in JPG (info.rules)
2839523 - ETPRO TROJAN Win32/Metamorfo Style CnC Activity (trojan.rules)
2839524 - ETPRO TROJAN Observed Ursnif CnC Domain in TLS SNI (trojan.rules)
2839525 - ETPRO MALWARE Win32/Weiduan.E Reporting System Information (malware.rules)
2839526 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-11-19 1) (trojan.rules)
2839527 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-11-19 2) (trojan.rules)
2839528 - ETPRO CURRENT_EVENTS Successful BCP Phish 2019-11-20 (current_events.rules)
2839529 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information Phish 2019-11-20 (current_events.rules)
2839530 - ETPRO CURRENT_EVENTS Successful ADP Phish 2019-11-20 (current_events.rules)
2839531 - ETPRO CURRENT_EVENTS Successful ADP Phish 2019-11-20 (current_events.rules)
2839532 - ETPRO CURRENT_EVENTS Successful Facebook Phish 2019-11-20 (current_events.rules)
2839533 - ETPRO TROJAN Lemon_Duck Powershell - Malware Checkin (trojan.rules)
2839534 - ETPRO TROJAN Lemon_Duck Powershell - Observed User-Agent (trojan.rules)
2839535 - ETPRO TROJAN Win32/Remcos RAT Checkin 254 (trojan.rules)
2839536 - ETPRO TROJAN Win32/Remcos RAT Checkin 255 (trojan.rules)
[///] Modified active rules: [///]
2003492 - ET INFO Suspicious Mozilla User-Agent - Likely Fake (Mozilla/4.0) (info.rules)
2832502 - ETPRO CURRENT_EVENTS PowerShell Decoding Potential Stage 2 (current_events.rules)
2839245 - ETPRO CURRENT_EVENTS Successful Wayne State University Phish 2019-11-06 (current_events.rules)