[***]            Summary:            [***]

6 new Open, 33 new Pro (6 + 27).  Beapy, FCScanner, SageRunex, Various Phish.

Suricata 2/3 EOL information:
https://lists.emergingthreats.net/pipermail/emerging-updates/2019-October/004655.html

Please share issues, feedback, and requests at https://feedback.emergingthreats.net/feedback

[+++]          Added rules:          [+++]

Open:

2029053 - ET TROJAN SSL/TLS Certificate Observed (Various Crimeware) (trojan.rules)
2029054 - ET SCAN Zmap User-Agent (zgrab) (scan.rules)
2029055 - ET MALWARE Win32/Adware.Adposhel.A Checkin M6 (malware.rules)
2029056 - ET TROJAN Win32/Beapy CnC Domain in DNS Lookup (trojan.rules)
2029057 - ET TROJAN Win32/Beapy CnC Domain in DNS Lookup (trojan.rules)
2029058 - ET TROJAN Win32/Beapy CnC Domain in DNS Lookup (trojan.rules)

Pro:

2835191 - ETPRO INFO Suspicious Pomf Filesharing Domain in DNS Lookup (info.rules)
2839626 - ETPRO TROJAN Win32/SageRunex CnC Activity (trojan.rules)
2839627 - ETPRO TROJAN Observed Malicious SSL Cert (PoshAdvisor CnC) (trojan.rules)
2839628 - ETPRO TROJAN ELF/FCScanner CnC Checkin (trojan.rules)
2839629 - ETPRO TROJAN ELF/FCScanner CnC Response (trojan.rules)
2839630 - ETPRO TROJAN Observed Get2 CnC Domain in DNS Query (trojan.rules)
2839631 - ETPRO TROJAN Observed Get2 CnC Domain in TLS SNI (trojan.rules)
2839632 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2019-11-26) (trojan.rules)
2839633 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-11-25 1) (trojan.rules)
2839634 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-11-25 2) (trojan.rules)
2839635 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-11-25 3) (trojan.rules)
2839636 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-11-25 4) (trojan.rules)
2839637 - ETPRO CURRENT_EVENTS Successful Excel Online Phish 2019-11-26 (current_events.rules)
2839639 - ETPRO CURRENT_EVENTS Successful Pagseguro UOL Phish 2019-11-26 (current_events.rules)
2839640 - ETPRO CURRENT_EVENTS Successful Pagseguro UOL Phish 2019-11-26 (current_events.rules)
2839641 - ETPRO CURRENT_EVENTS Successful BCP Phish 2019-11-26 (current_events.rules)
2839642 - ETPRO CURRENT_EVENTS Successful Facebook Phish 2019-11-26 (current_events.rules)
2839643 - ETPRO CURRENT_EVENTS Successful Snapchat Phish 2019-11-26 (current_events.rules)
2839644 - ETPRO CURRENT_EVENTS Successful Santander Phish 2019-11-26 (current_events.rules)
2839645 - ETPRO TROJAN ELF/Mirai User-Agent Observed (Outbound) (trojan.rules)
2839646 - ETPRO TROJAN ELF/Mirai User-Agent Observed (Inbound) (trojan.rules)
2839647 - ETPRO TROJAN ELF/Mirai User-Agent Observed (Outbound) (trojan.rules)
2839648 - ETPRO TROJAN ELF/Mirai User-Agent Observed (Inbound) (trojan.rules)
2839649 - ETPRO TROJAN Win32/Chapak Downloader Activity (trojan.rules)
2839651 - ETPRO TROJAN Win32/Remcos RAT Checkin 262 (trojan.rules)
2839652 - ETPRO TROJAN Win32/Remcos RAT Checkin 263 (trojan.rules)
2839653 - ETPRO TROJAN Zeropadypt/Limbo/Ouroboros Ransomware CnC Checkin M3 (trojan.rules)

[---]         Removed rules:         [---]

2835191 - ETPRO TROJAN Orcus RAT Dropper Domain in DNS Lookup (trojan.rules)

Date: 
Monday, November 25, 2019 - 22:00