[***] Summary: [***]
1 new Open, 26 new Pro (1 + 25). AgentTesla, Android/Gustuff, CoinMiners, Various Phish.
Suricata 2/3 EOL information:
https://lists.emergingthreats.net/pipermail/emerging-updates/2019-October/004655.html
Please share issues, feedback, and requests at https://feedback.emergingthreats.net/feedback
[+++] Added rules: [+++]
Open:
2029091 - ET EXPLOIT Observed Orange LiveBox Router Information Leakage Attempt (CVE-2018-20377) (exploit.rules)
Pro:
2839700 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Rootnik.k CnC Beacon (mobile_malware.rules)
2839701 - ETPRO MOBILE_MALWARE Android/TrojanSMS.FakeInst.RA Checkin (mobile_malware.rules)
2839702 - ETPRO MOBILE_MALWARE Android Gustuff Header (mobile_malware.rules)
2839703 - ETPRO INFO Observed GET for .txt with Minimal Headers (info.rules)
2839704 - ETPRO INFO Observed EXE with Content-Type Mismatch (text/plain) (info.rules)
2839705 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-11-27 1) (trojan.rules)
2839706 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-11-27 2) (trojan.rules)
2839707 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-12-02 1) (trojan.rules)
2839708 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-12-02 2) (trojan.rules)
2839709 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-12-02 3) (trojan.rules)
2839710 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-12-02 4) (trojan.rules)
2839711 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-12-02 5) (trojan.rules)
2839712 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-12-02 6) (trojan.rules)
2839713 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-12-02 7) (trojan.rules)
2839714 - ETPRO CURRENT_EVENTS Successful Bank of America Phish 2019-12-03 (current_events.rules)
2839715 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information Phish 2019-12-03 (current_events.rules)
2839716 - ETPRO CURRENT_EVENTS Successful Banco do Brasil Phish 2019-12-03 (current_events.rules)
2839717 - ETPRO CURRENT_EVENTS Successful Adobe Reader Phish 2019-12-03 (current_events.rules)
2839718 - ETPRO CURRENT_EVENTS Successful Microsoft File Received Phish 2019-12-03 (current_events.rules)
2839719 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish 2019-12-03 (current_events.rules)
2839720 - ETPRO CURRENT_EVENTS Successful WeChat Phish 2019-12-03 (current_events.rules)
2839721 - ETPRO CURRENT_EVENTS Successful WeChat Phish 2019-12-03 (current_events.rules)
2839722 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish 2019-12-03 (current_events.rules)
2839723 - ETPRO TROJAN Win32/Agent Tesla SMTP Activity (trojan.rules)
2839724 - ETPRO TROJAN Win32/Delf.BBD Variant CnC Activity (trojan.rules)
[///] Modified active rules: [///]
2833021 - ETPRO CURRENT_EVENTS Possible Trickbot MalDoc DL 2018-09-26 (set) (current_events.rules)
2836271 - ETPRO TROJAN Win32/QULAB Telegram Exfiltration via Proxy (trojan.rules)
2839684 - ETPRO TROJAN Buer Loader Response (trojan.rules)