Daily Ruleset Update Summary
Daily Ruleset Update Summary 2019/12/04

[***]            Summary:            [***]

17 new Open, 48 new Pro (17 + 31).  TickGroup, Parallax, Various Android, Various Phish.

Suricata 2/3 EOL information:
https://lists.emergingthreats.net/pipermail/emerging-updates/2019-October/004655.html

Please share issues, feedback, and requests at https://feedback.emergingthreats.net/feedback

[+++]          Added rules:          [+++]

Open:

2029015 - ET SCAN Mirai Variant User-Agent (Inbound) (scan.rules)
2029016 - ET SCAN Mirai Variant User-Agent (Inbound) (scan.rules)
2029017 - ET SCAN Mirai Variant User-Agent (Inbound) (scan.rules)
2029018 - ET SCAN Mirai Variant User-Agent (Inbound) (scan.rules)
2029019 - ET SCAN Mirai Variant User-Agent (Inbound) (scan.rules)
2029020 - ET SCAN Mirai Variant User-Agent (Inbound) (scan.rules)
2029021 - ET SCAN Mirai Variant User-Agent (Inbound) (scan.rules)
2029022 - ET SCAN Mirai Variant User-Agent (Inbound) (scan.rules)
2029023 - ET SCAN Mirai Variant User-Agent (Inbound) (scan.rules)
2029024 - ET SCAN Mirai Variant User-Agent (Inbound) (scan.rules)
2029025 - ET SCAN Mirai Variant User-Agent (Inbound) (scan.rules)
2029026 - ET SCAN Mirai Variant User-Agent (Inbound) (scan.rules)
2029092 - ET TROJAN TickGroup BROLER.F CnC Check-in (trojan.rules)
2029093 - ET TROJAN TickGroup ABK Backdoor CnC Check-in (trojan.rules)
2029094 - ET TROJAN Possible TickGroup Snack CnC Activity (trojan.rules)
2029095 - ET TROJAN Possible TickGroup Coolbee/Avenger CnC Activity (trojan.rules)
2029096 - ET TROJAN Possible TickGroup Casper CnC Activity (trojan.rules)

Pro:

2839515 - ETPRO SCAN Mirai Variant User-Agent (Inbound) (scan.rules)
2839516 - ETPRO SCAN Mirai Variant User-Agent (Inbound) (scan.rules)
2839517 - ETPRO SCAN Mirai Variant User-Agent (Inbound) (scan.rules)
2839518 - ETPRO SCAN Mirai Variant User-Agent (Inbound) (scan.rules)
2839519 - ETPRO SCAN Mirai Variant User-Agent (Inbound) (scan.rules)
2839725 - ETPRO MOBILE_MALWARE Android/Hiddad.AHN Checkin (mobile_malware.rules)
2839726 - ETPRO MOBILE_MALWARE Riskware.Android.Irajah Reporting Device Info/App list (mobile_malware.rules)
2839727 - ETPRO MOBILE_MALWARE Android/Spy.Agent.ASR Contact/Device Info Exfil (mobile_malware.rules)
2839728 - ETPRO MOBILE_MALWARE Android/Datacollector.A CnC Beacon (mobile_malware.rules)
2839729 - ETPRO MOBILE_MALWARE Riskware.Android.Gexin.fivxlh Reporting Device Info (mobile_malware.rules)
2839730 - ETPRO MOBILE_MALWARE AndroidOS/Trojan.LZUS-5 CnC Beacon (mobile_malware.rules)
2839731 - ETPRO TROJAN HawkeyeReborn Keylogger SMTP Exfil (trojan.rules)
2839732 - ETPRO TROJAN Unk.MalDoc Payload CnC Checkin (trojan.rules)
2839733 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC) (trojan.rules)
2839734 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-12-03 1) (trojan.rules)
2839735 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-12-03 2) (trojan.rules)
2839736 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information Phish 2019-12-04 (current_events.rules)
2839737 - ETPRO CURRENT_EVENTS Successful Chase Phish 2019-12-04 (current_events.rules)
2839738 - ETPRO CURRENT_EVENTS Successful Chase Phish 2019-12-04 (current_events.rules)
2839739 - ETPRO CURRENT_EVENTS Successful Wells Fargo Phish 2019-12-04 (current_events.rules)
2839740 - ETPRO CURRENT_EVENTS Successful Adobe Secured PDF Phish 2019-12-04 (current_events.rules)
2839741 - ETPRO CURRENT_EVENTS Successful DHL Phish 2019-12-04 (current_events.rules)
2839742 - ETPRO CURRENT_EVENTS Successful Banco Itau Phish 2019-12-04 (current_events.rules)
2839743 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish 2019-12-04 (current_events.rules)
2839744 - ETPRO CURRENT_EVENTS Successful La Banque Postale Phish 2019-12-04 (current_events.rules)
2839745 - ETPRO TROJAN Parallax CnC Activity M2 (set) (trojan.rules)
2839746 - ETPRO TROJAN Parallax CnC Response Activity M2 (trojan.rules)
2839747 - ETPRO TROJAN Parallax CnC Activity M3 (set) (trojan.rules)
2839748 - ETPRO TROJAN Parallax CnC Response Activity M3 (trojan.rules)
2839749 - ETPRO TROJAN Win32/Unk Stealer - FTP Exfil (trojan.rules)
2839750 - ETPRO TROJAN Win32/Remcos RAT Checkin 272 (trojan.rules)

[///]     Modified active rules:     [///]

2803810 - ETPRO TROJAN Win32/Unruy.R Checkin (trojan.rules)
2829849 - ETPRO MOBILE_MALWARE Trojan-Ransom.AndroidOS.Egat.d Checkin (mobile_malware.rules)
2839262 - ETPRO CURRENT_EVENTS Possible GreenFlash Sundown EK Flash Artifact (current_events.rules)

Date:
Summary title:
17 new Open, 48 new Pro (17 + 31). TickGroup, Parallax, Various Android, Various Phish.