[***]            Summary:            [***]

18 new Open, 40 new Pro (18 + 22).  Emotet, Legion Loader, Magecart, Various Phish.

Suricata 2/3 EOL information:
https://lists.emergingthreats.net/pipermail/emerging-updates/2019-October/004655.html

Please share issues, feedback, and requests at https://feedback.emergingthreats.net/feedback

[+++]          Added rules:          [+++]

Open:

2029059 - ET TROJAN Win32/Emotet CnC Activity (POST) M5 (trojan.rules)
2029060 - ET TROJAN Win32/Emotet CnC Activity (POST) M6 (trojan.rules)
2029061 - ET TROJAN Legion Loader Activity Observed (Mylegion666) (trojan.rules)
2029062 - ET TROJAN Legion Loader Activity Observed (YourUserAgent) (trojan.rules)
2029063 - ET TROJAN Legion Loader Activity Observed (salmonella-symptome) (trojan.rules)
2029064 - ET TROJAN Legion Loader Activity Observed (suspira) (trojan.rules)
2029065 - ET TROJAN Legion Loader Activity Observed (lilith) (trojan.rules)
2029066 - ET TROJAN Legion Loader Activity Observed (legion) (trojan.rules)
2029067 - ET TROJAN Legion Loader Activity Observed (the devil) (trojan.rules)
2029068 - ET TROJAN Legion Loader Activity Observed (trojan.rules)
2029069 - ET TROJAN Legion Loader Activity Observed (Amen) (trojan.rules)
2029070 - ET TROJAN Legion Loader Activity Observed (satan) (trojan.rules)
2029071 - ET TROJAN Legion Loader Activity Observed (neva-project) (trojan.rules)
2029072 - ET TROJAN SSL/TLS Certificate Observed (Magecart) (trojan.rules)
2029073 - ET WEB_CLIENT Possible Magecart Credit Card Information JS Script (web_client.rules)
2029074 - ET TROJAN Magecart CnC Domain Observed in DNS Query (trojan.rules)
2029075 - ET MALWARE Win32/Adware.Bang5mai.BB CnC Activity M1 (malware.rules)
2029076 - ET MALWARE Win32/Adware.Bang5mai.BB CnC Activity M2 (malware.rules)

Pro:

2839654 - ETPRO MOBILE_MALWARE Android/Agent.BNX Checkin (mobile_malware.rules)
2839655 - ETPRO TROJAN Observed Malicious SSL Cert (Get2 CnC) (trojan.rules)
2839656 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL 2019-11-27) (current_events.rules)
2839657 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-11-26 1) (trojan.rules)
2839658 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-11-26 2) (trojan.rules)
2839659 - ETPRO CURRENT_EVENTS Successful Minha BV Phish 2019-11-27 (current_events.rules)
2839660 - ETPRO CURRENT_EVENTS Successful Minha BV Phish 2019-11-27 (current_events.rules)
2839661 - ETPRO CURRENT_EVENTS Successful Caixa Phish 2019-11-27 (current_events.rules)
2839662 - ETPRO CURRENT_EVENTS Successful Microsoft OneCall Phish 2019-11-27 (current_events.rules)
2839663 - ETPRO CURRENT_EVENTS Successful 1&1 Hosting Phish 2019-11-27 (current_events.rules)
2839664 - ETPRO CURRENT_EVENTS Successful State Employees Credit Union Phish 2019-11-27 (current_events.rules)
2839665 - ETPRO CURRENT_EVENTS Successful Generic Session Expired Phish 2019-11-27 (current_events.rules)
2839666 - ETPRO TROJAN Win32/Chapak Payload Request (trojan.rules)
2839667 - ETPRO TROJAN Win32/Chapak Initial Response (trojan.rules)
2839668 - ETPRO TROJAN Win32/Chapak Payload Downloaded (trojan.rules)
2839669 - ETPRO TROJAN HorseHours Powershell Request (trojan.rules)
2839670 - ETPRO TROJAN ELF/Mirai User-Agent Observed (Outbound) (trojan.rules)
2839671 - ETPRO TROJAN ELF/Mirai User-Agent Observed (Inbound) (trojan.rules)
2839672 - ETPRO TROJAN JS/Agent.AP CnC Activity - Sending Knock (trojan.rules)
2839673 - ETPRO TROJAN Win32/Remcos RAT Checkin 264 (trojan.rules)
2839674 - ETPRO TROJAN Win32/Remcos RAT Checkin 265 (trojan.rules)
2839675 - ETPRO TROJAN Win32/Remcos RAT Checkin 266 (trojan.rules)

[///]     Modified active rules:     [///]

2014726 - ET POLICY Outdated Flash Version M1 (policy.rules)
2024379 - ET POLICY Outdated Flash Version M2 (policy.rules

Date: 
Tuesday, November 26, 2019 - 22:00