Daily Ruleset Update Summary
Daily Ruleset Update Summary 2019/11/21

[***]            Summary:            [***]

37 new Open, 64 new Pro (37 + 27).  ELF/Roboto, Ursnif, Dreambot, ServHelper, Various Phish.

Suricata 5.0 Support blog:
https://www.proofpoint.com/us/corporate-blog/post/emerging-threats-announcing-support-suricata-50
Suricata 2/3 EOL information:
https://lists.emergingthreats.net/pipermail/emerging-updates/2019-October/004655.html

Please share issues, feedback, and requests at https://feedback.emergingthreats.net/feedback

[+++]          Added rules:          [+++]

Open:

2029015 - ET TROJAN Mirai Variant User-Agent (Inbound) (trojan.rules)
2029016 - ET TROJAN Mirai Variant User-Agent (Inbound) (trojan.rules)
2029017 - ET TROJAN Mirai Variant User-Agent (Inbound) (trojan.rules)
2029018 - ET TROJAN Mirai Variant User-Agent (Inbound) (trojan.rules)
2029019 - ET TROJAN Mirai Variant User-Agent (Inbound) (trojan.rules)
2029020 - ET TROJAN Mirai Variant User-Agent (Inbound) (trojan.rules)
2029021 - ET TROJAN Mirai Variant User-Agent (Inbound) (trojan.rules)
2029022 - ET TROJAN Mirai Variant User-Agent (Inbound) (trojan.rules)
2029023 - ET TROJAN Mirai Variant User-Agent (Inbound) (trojan.rules)
2029024 - ET TROJAN Mirai Variant User-Agent (Inbound) (trojan.rules)
2029025 - ET TROJAN Mirai Variant User-Agent (Inbound) (trojan.rules)
2029026 - ET TROJAN Mirai Variant User-Agent (Inbound) (trojan.rules)
2029027 - ET TROJAN Mirai Variant User-Agent (Outbound) (trojan.rules)
2029028 - ET TROJAN Mirai Variant User-Agent (Outbound) (trojan.rules)
2029029 - ET TROJAN Mirai Variant User-Agent (Outbound) (trojan.rules)
2029030 - ET TROJAN Mirai Variant User-Agent (Outbound) (trojan.rules)
2029031 - ET TROJAN Mirai Variant User-Agent (Outbound) (trojan.rules)
2029032 - ET TROJAN Mirai Variant User-Agent (Outbound) (trojan.rules)
2029033 - ET TROJAN Mirai Variant User-Agent (Outbound) (trojan.rules)
2029034 - ET TROJAN Mirai Variant User-Agent (Outbound) (trojan.rules)
2029035 - ET TROJAN Mirai Variant User-Agent (Outbound) (trojan.rules)
2029036 - ET TROJAN Mirai Variant User-Agent (Outbound) (trojan.rules)
2029037 - ET TROJAN Mirai Variant User-Agent (Outbound) (trojan.rules)
2029038 - ET TROJAN Mirai Variant User-Agent (Outbound) (trojan.rules)
2029039 - ET TROJAN MuddyWater Payload - CnC Checkin (trojan.rules)
2029040 - ET TROJAN ELF/Roboto - Possible Encrypted Roboto P2P Payload Requested M1 (trojan.rules)
2029041 - ET TROJAN ELF/Roboto - Possible Encrypted Roboto P2P Payload Requested M2 (trojan.rules)
2029042 - ET TROJAN ELF/Roboto - Communicating with Hardcoded Peer 1 (trojan.rules)
2029043 - ET TROJAN ELF/Roboto - Communicating with Hardcoded Peer 2 (trojan.rules)
2029044 - ET TROJAN ELF/Roboto - Communicating with Hardcoded Peer 3 (trojan.rules)
2029045 - ET TROJAN ELF/Roboto - Communicating with Hardcoded Peer 4 (trojan.rules)
2029046 - ET TROJAN ELF/Roboto - Communicating with Hardcoded Peer 5 (trojan.rules)
2029047 - ET TROJAN Observed Malicious SSL Cert (Ursnif CnC) (trojan.rules)
2029048 - ET TROJAN Observed Malicious SSL Cert (ACBackdoor CnC) (trojan.rules)
2029049 - ET TROJAN Observed Malicious SSL Cert (ACBackdoor CnC) (trojan.rules)
2029050 - ET TROJAN Observed Malicious SSL Cert (Possible Godlua CnC) (trojan.rules)
2029051 - ET POLICY Observed SSL Cert (DoH Service) (policy.rules)

Pro:

2839539 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-11-20 1) (trojan.rules)
2839540 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-11-20 2) (trojan.rules)
2839541 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-11-20 3) (trojan.rules)
2839542 - ETPRO CURRENT_EVENTS Successful SMBC Phish 2019-11-21 (current_events.rules)
2839543 - ETPRO CURRENT_EVENTS Successful Office 365 Phish 2019-11-21 (current_events.rules)
2839544 - ETPRO CURRENT_EVENTS Successful Binance Phish 2019-11-21 (current_events.rules)
2839545 - ETPRO CURRENT_EVENTS Successful Caixa Bank Phish 2019-11-21 (current_events.rules)
2839546 - ETPRO CURRENT_EVENTS Successful Caixa Bank Phish 2019-11-21 (current_events.rules)
2839547 - ETPRO CURRENT_EVENTS Successful Caixa Bank Phish 2019-11-21 (current_events.rules)
2839548 - ETPRO CURRENT_EVENTS Successful Adobe PDF Cloud Phish 2019-11-21 (current_events.rules)
2839549 - ETPRO CURRENT_EVENTS Evil Keitaro Set-Cookie Inbound (aef4f) (current_events.rules)
2839550 - ETPRO TROJAN Observed Malicious SSL Cert (Dreambot CnC) (trojan.rules)
2839551 - ETPRO TROJAN Observed Malicious SSL Cert (Dreambot CnC) (trojan.rules)
2839552 - ETPRO TROJAN Observed Malicious SSL Cert (Dreambot CnC) (trojan.rules)
2839553 - ETPRO POLICY Observed SSL Cert (VPN Related) (policy.rules)
2839554 - ETPRO POLICY Observed SSL Cert (VPN Related) (policy.rules)
2839555 - ETPRO POLICY Observed SSL Cert (VPN Related) (policy.rules)
2839556 - ETPRO TROJAN Observed Malicious SSL Cert (ServHelper CnC) (trojan.rules)
2839557 - ETPRO TROJAN Observed Malicious SSL Cert (ServHelper CnC) (trojan.rules)
2839558 - ETPRO TROJAN Observed Malicious SSL Cert (ServHelper CnC) (trojan.rules)
2839559 - ETPRO TROJAN Observed Malicious SSL Cert (ServHelper CnC) (trojan.rules)
2839560 - ETPRO TROJAN Observed Malicious SSL Cert (ServHelper CnC) (trojan.rules)
2839561 - ETPRO TROJAN Observed Malicious SSL Cert (ServHelper CnC) (trojan.rules)
2839562 - ETPRO TROJAN Observed Malicious SSL Cert (SmokeLoader CnC) (trojan.rules)
2839563 - ETPRO TROJAN Win32/AD.CoinLoader CnC Checkin (trojan.rules)
2839564 - ETPRO MALWARE Win32/ZetaGames.A Checkin (malware.rules)
2839571 - ETPRO TROJAN Win32/Remcos RAT Checkin 256 (trojan.rules)

[///]     Modified active rules:     [///]

2011588 - ET TROJAN Zeus Bot Connectivity Check (trojan.rules)
2017938 - ET TROJAN Backdoor family PCRat/Gh0st CnC traffic (OUTBOUND) 13 (trojan.rules)
2027120 - ET TROJAN ELF/Mirai Variant UA Inbound (Rift) (trojan.rules)
2027122 - ET TROJAN ELF/Mirai Variant UA Inbound (Tsunami) (trojan.rules)
2027124 - ET TROJAN ELF/Mirai Variant UA Inbound (Yowai) (trojan.rules)
2027126 - ET TROJAN ELF/Mirai Variant UA Inbound (Yakuza) (trojan.rules)
2027128 - ET TROJAN ELF/Mirai Variant UA Inbound (Hentai) (trojan.rules)
2027130 - ET TROJAN ELF/Mirai Variant UA Inbound (lessie) (trojan.rules)
2027132 - ET TROJAN ELF/Mirai Variant UA Inbound (Cakle) (trojan.rules)
2027134 - ET TROJAN ELF/Mirai Variant UA Inbound (Damien) (trojan.rules)
2027136 - ET TROJAN ELF/Mirai Variant UA Inbound (Solar) (trojan.rules)
2027138 - ET TROJAN ELF/Mirai Variant UA Inbound (muhstik) (trojan.rules)
2027140 - ET TROJAN ELF/Mirai Variant UA Inbound (Shaolin) (trojan.rules)
2028989 - ET TROJAN ELF/Mirai Variant UA Outbound (ph0ne) (trojan.rules)
2028990 - ET TROJAN ELF/Mirai Variant UA Outbound (Ouija_x.86) (trojan.rules)
2029013 - ET TROJAN Lemon_Duck Powershell - Install Tracking (trojan.rules)
2807685 - ETPRO TROJAN Win32/Meredrop CnC (OUTBOUND) (trojan.rules)
2839239 - ETPRO TROJAN ELF/Mirai User-Agent Observed (Inbound) (trojan.rules)
2839240 - ETPRO TROJAN ELF/Mirai User-Agent Observed (Outbound) (trojan.rules)
2839468 - ETPRO TROJAN Observed ELF/Mirai Variant UA Inbound (ph0ne) (trojan.rules)
2839469 - ETPRO TROJAN Observed ELF/Mirai Variant UA Inbound (Ouija_x.86) (trojan.rules)
2839514 - ETPRO TROJAN W32/Kanatara CnC Activity (trojan.rules)

[///]    Modified inactive rules:    [///]

2804953 - ETPRO TROJAN Hupigon.68562 Checkin (trojan.rules)

[---]         Disabled rules:        [---]

2007917 - ET TROJAN Dropper-497 (Yumato) Initial Checkin (trojan.rules)

Date:
Summary title:
37 new Open, 64 new Pro (37 + 27). ELF/Roboto, Ursnif, Dreambot, ServHelper, Various Phish.