[***]            Summary:            [***]

2 new Open,20 new Pro (2 + 18).  Usnif, AZoRult, IcedID TLS Certs, Remcos, Various CoinMiner, Various Phish.

Suricata 2/3 EOL information:
https://lists.emergingthreats.net/pipermail/emerging-updates/2019-October/004655.html

Please share issues, feedback, and requests at https://feedback.emergingthreats.net/feedback

[+++]          Added rules:          [+++]

Open:

2029098 - ET MALWARE PrivaZer Checkin (malware.rules)
2029099 - ET MALWARE Win32/GameHack.COG Variant CnC Activity (malware.rules)

Pro:

2839768 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-12-05 1) (trojan.rules)
2839769 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-12-05 2) (trojan.rules)
2839770 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-12-05 3) (trojan.rules)
2839771 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-12-05 4) (trojan.rules)
2839772 - ETPRO CURRENT_EVENTS Successful Paypal Manager Phish 2019-12-06 (current_events.rules)
2839773 - ETPRO CURRENT_EVENTS Successful Banco Itau Phish 2019-12-06 (current_events.rules)
2839774 - ETPRO CURRENT_EVENTS Successful AOL Phish 2019-12-06 (current_events.rules)
2839775 - ETPRO CURRENT_EVENTS Successful BNP Paribas Phish 2019-12-06 (current_events.rules)
2839776 - ETPRO CURRENT_EVENTS Successful Generic Email Account Update Phish 2019-12-06 (current_events.rules)
2839777 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information Phish 2019-12-06 (current_events.rules)
2839778 - ETPRO CURRENT_EVENTS Successful Banco Itau Phish 2019-12-06 (current_events.rules)
2839779 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC) (trojan.rules)
2839780 - ETPRO TROJAN Win32/Unknown CnC Checkin (trojan.rules)
2839781 - ETPRO TROJAN Win32/TrojanDownloader.Zlob CnC Activity (trojan.rules)
2839782 - ETPRO TROJAN Win32/Remcos RAT Checkin 273 (trojan.rules)
2839783 - ETPRO TROJAN Win32/Remcos RAT Checkin 274 (trojan.rules)
2839784 - ETPRO TROJAN Observed Malicious SSL Cert (AZORult CnC) 2019-12-05 (trojan.rules)
2839785 - ETPRO TROJAN Observed Malicious SSL Cert (IcedID CnC) 2019-12-06 (trojan.rules)

[///]     Modified active rules:     [///]

2811175 - ETPRO TROJAN Luminosity Link RAT CnC Beacon Inbound (trojan.rules)
2839153 - ETPRO POLICY Suspicious Double Accept HTTP Header Value (policy.rules)
2839683 - ETPRO POLICY Inbound PowerShell Querying Processor Arch (policy.rules)

Date: 
Thursday, December 5, 2019 - 22:00