[***]            Summary:            [***]

1 new Open, 31 new Pro (1 + 30).  Cyborg, DustSquad, Remcos, Various Phish.

Suricata 2/3 EOL information:
https://lists.emergingthreats.net/pipermail/emerging-updates/2019-October/004655.html

Please share issues, feedback, and requests at https://feedback.emergingthreats.net/feedback

[+++]          Added rules:          [+++]

Open:

2029052 - ET TROJAN Cyborg Ransomware - Downloading Desktop Background (trojan.rules)

Pro:

2839596 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2019-11-25) (trojan.rules)
2839597 - ETPRO TROJAN Malicious Request for .bin (trojan.rules)
2839598 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-11-22 1) (trojan.rules)
2839599 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-11-22 2) (trojan.rules)
2839600 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-11-22 3) (trojan.rules)
2839601 - ETPRO CURRENT_EVENTS Evil Keitaro Set-Cookie Inbound (eccc8) (current_events.rules)
2839602 - ETPRO CURRENT_EVENTS Successful Plenty of Fish Phish 2019-11-25 (current_events.rules)
2839603 - ETPRO CURRENT_EVENTS Successful Office 365 Phish 2019-11-25 (current_events.rules)
2839604 - ETPRO CURRENT_EVENTS Successful Bank of America Phish 2019-11-25 (current_events.rules)
2839605 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish 2019-11-25 (current_events.rules)
2839606 - ETPRO CURRENT_EVENTS Successful BECU Phish 2019-11-25 (current_events.rules)
2839607 - ETPRO CURRENT_EVENTS Successful WeTransfer Phish 2019-11-25 (current_events.rules)
2839608 - ETPRO CURRENT_EVENTS Successful EMS High Speed Mail Phish 2019-11-25 (current_events.rules)
2839609 - ETPRO CURRENT_EVENTS Successful Generic Account Recovery Phish 2019-11-25 (current_events.rules)
2839610 - ETPRO CURRENT_EVENTS Successful Commonwealth Bank Phish 2019-11-25 (current_events.rules)
2839611 - ETPRO CURRENT_EVENTS Successful Commonwealth Bank Phish 2019-11-25 (current_events.rules)
2839612 - ETPRO CURRENT_EVENTS Successful Commonwealth Bank Phish 2019-11-25 (current_events.rules)
2839613 - ETPRO TROJAN DustSquad/Octopus CnC Initial Check M1 (trojan.rules)
2839614 - ETPRO TROJAN DustSquad/Octopus CnC Initial Check M2 (trojan.rules)
2839615 - ETPRO TROJAN DustSquad/Octopus CnC Initial Server Request M1 (trojan.rules)
2839616 - ETPRO TROJAN DustSquad/Octopus CnC Initial Server Request M2 (trojan.rules)
2839617 - ETPRO TROJAN DustSquad/Octopus CnC Host Checkin M2 (trojan.rules)
2839618 - ETPRO TROJAN DustSquad/Octopus CnC Host Checkin M1 (trojan.rules)
2839619 - ETPRO TROJAN DustSquad/Octopus CnC Download (trojan.rules)
2839620 - ETPRO TROJAN DustSquad/Octopus CnC Activity (trojan.rules)
2839621 - ETPRO POLICY Suspicious Request for .bin with Terse Headers (policy.rules)
2839622 - ETPRO CURRENT_EVENTS Observed MalDoc DL 2019-11-25 2 Domain in TLS SNI (current_events.rules)
2839623 - ETPRO TROJAN Win32/Remcos RAT Checkin 259 (trojan.rules)
2839624 - ETPRO TROJAN Win32/Remcos RAT Checkin 260 (trojan.rules)
2839625 - ETPRO TROJAN Win32/Remcos RAT Checkin 261 (trojan.rules)

[///]     Modified active rules:     [///]

2825085 - ETPRO TROJAN Loda Logger Screenshot Request (trojan.rules)

Date: 
Sunday, November 24, 2019 - 22:00