[***]            Summary:            [***]

3 new Open, 37 new Pro (3 + 34). Buran, Various SSL Certs, Win32/Snojan Variant, Remcos, Various Phish.

Suricata 2/3 EOL information:
https://lists.emergingthreats.net/pipermail/emerging-updates/2019-October/004655.html

Please share issues, feedback, and requests at https://feedback.emergingthreats.net/feedback

[+++]          Added rules:          [+++]

Open:

2029100 - ET TROJAN Magecart CnC Domain Observed in DNS Query (trojan.rules)
2029101 - ET TROJAN Observed Buran Ransomware UA (trojan.rules)
2029102 - ET TROJAN Observed Malicious SSL Cert (MageCart) (trojan.rules)

Pro:

2839786 - ETPRO INFO Observed SSL Cert (Suspicious CN Value) (info.rules)
2839787 - ETPRO TROJAN Win32/Unk.Ransomware Retrieving External IP Address (trojan.rules)
2839788 - ETPRO USER_AGENTS Observed Suspicious UA (WebParser) (user_agents.rules)
2839789 - ETPRO POLICY External IP Lookup - 126 .net (policy.rules)
2839790 - ETPRO INFO Windows BITS UA Retreiving EXE (info.rules)
2839791 - ETPRO TROJAN Observed Malicious SSL Cert (Cobalt Strike CnC) (trojan.rules)
2839792 - ETPRO TROJAN Observed Malicious SSL Cert (CobInt CnC) (trojan.rules)
2839793 - ETPRO TROJAN Observed Malicious SSL Cert (SDBbot CnC) (trojan.rules)
2839794 - ETPRO TROJAN Observed Malicious SSL Cert (Get2 CnC) (trojan.rules)
2839795 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2019-12-09) (trojan.rules)
2839796 - ETPRO TROJAN Observed Malicious SSL Cert (GRIFFON CnC) (trojan.rules)
2839797 - ETPRO CURRENT_EVENTS Successful Adobe PDF Online Phish 2019-12-09 (current_events.rules)
2839798 - ETPRO CURRENT_EVENTS Successful Paylocity Phish 2019-12-09 (current_events.rules)
2839799 - ETPRO CURRENT_EVENTS Successful Paylocity Phish 2019-12-09 (current_events.rules)
2839800 - ETPRO INFO Suspicious Obfuscated Executable Downloaded from Paste.ee (info.rules)
2839801 - ETPRO INFO Suspicious Powershell Downloaded from Paste.ee (info.rules)
2839802 - ETPRO TROJAN Win32/Snojan Variant CnC Checkin (trojan.rules)
2839803 - ETPRO CURRENT_EVENTS Successful PKO Bank PL Phish 2019-12-09 (current_events.rules)
2839804 - ETPRO CURRENT_EVENTS Successful Gov TR TK Phish 2019-12-09 (current_events.rules)
2839805 - ETPRO CURRENT_EVENTS Successful Instagram Phish 2019-12-09 (current_events.rules)
2839806 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information Phish 2019-12-09 (current_events.rules)
2839807 - ETPRO CURRENT_EVENTS Successful Rakuten Phish 2019-12-09 (current_events.rules)
2839808 - ETPRO CURRENT_EVENTS Successful Netease 163 Phish 2019-12-09 (current_events.rules)
2839809 - ETPRO CURRENT_EVENTS Successful Americanas Phish 2019-12-09 (current_events.rules)
2839810 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information Phish 2019-12-09 (current_events.rules)
2839811 - ETPRO CURRENT_EVENTS Successful Generic Webmail Phish 2019-12-09 (current_events.rules)
2839812 - ETPRO CURRENT_EVENTS Successful Amazon Seller Central Phish 2019-12-09 (current_events.rules)
2839813 - ETPRO CURRENT_EVENTS Successful Amazon Seller Central OTP Phish 2019-12-09 (current_events.rules)
2839814 - ETPRO TROJAN Observed Malicious SSL Cert (Gozi CnC) (trojan.rules)
2839815 - ETPRO TROJAN Win32/Trojan.GQJP-7779 CnC Activity M1 (trojan.rules)
2839816 - ETPRO TROJAN Win32/Trojan.GQJP-7779 CnC Activity M2 (trojan.rules)
2839817 - ETPRO TROJAN Win32/Snojan CnC Activity (trojan.rules)
2839818 - ETPRO TROJAN Win32/Remcos RAT Checkin 275 (trojan.rules)
2839819 - ETPRO TROJAN Observed Malicious SSL Cert (IcedID CnC) 2019-12-09 (trojan.rules)

[///]     Modified active rules:     [///]

2001562 - ET INFO Suspected PUP/PUA User-Agent (OSSProxy) (info.rules)
2001564 - ET INFO PUP/PUA OSSProxy HTTP Header (info.rules)
2014726 - ET POLICY Outdated Flash Version M1 (policy.rules)
2807144 - ETPRO POLICY PUP DomainIQ (policy.rules)
2807178 - ETPRO POLICY PUP DomainIQ 2 (policy.rules)
2809705 - ETPRO POLICY PUP SilenceInstaller Checkin (policy.rules)
2812129 - ETPRO POLICY SpyHunter Spyware Removal Tool PUP Checkin (policy.rules)
2812130 - ETPRO POLICY SpyHunter Spyware Removal Tool PUP User-Agent (SpyHunter) (policy.rules)
2814542 - ETPRO POLICY WebBar PUA IP Lookup (policy.rules)
2821364 - ETPRO TROJAN Trojan.Win32.Agentb.jwp CnC Beacon (trojan.rules)
2835931 - ETPRO POLICY SuperAntiSpyware PUA/PUP Install Phone Home (policy.rules)
2839262 - ETPRO CURRENT_EVENTS Possible GreenFlash Sundown EK Flash Artifact (current_events.rules)

Date: 
Sunday, December 8, 2019 - 22:00