[***]            Summary:            [***]

3 new Open, 33 new Pro (3 + 30). Snatch Ransomware, JsOutProx, Various ELF/Mirai, Various SSL Certs, Coinminers, Various Phish.

Suricata 2/3 EOL information:
https://lists.emergingthreats.net/pipermail/emerging-updates/2019-October/004655.html

Please share issues, feedback, and requests at https://feedback.emergingthreats.net/feedback

[+++]          Added rules:          [+++]

Open:

2029103 - ET TROJAN Win32/Snatch Ransomware - Encryption Started (trojan.rules)
2029104 - ET TROJAN Win32/Snatch Ransomware - Encryption Finished (trojan.rules)
2029105 - ET CURRENT_EVENTS Successful Generic Email Account Phish 2019-12-10 (current_events.rules)

Pro:

2839820 - ETPRO POLICY External Geo IP Lookup - addr .cx (policy.rules)
2839821 - ETPRO TROJAN Observed Malicious SSL Cert (FastLoader CnC) (trojan.rules)
2839822 - ETPRO CURRENT_EVENTS Successful Swedbank Phish 2019-12-10 (current_events.rules)
2839823 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-12-09 1) (trojan.rules)
2839824 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-12-09 2) (trojan.rules)
2839825 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-12-09 3) (trojan.rules)
2839826 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-12-09 4) (trojan.rules)
2839827 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-12-09 5) (trojan.rules)
2839828 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-12-09 6) (trojan.rules)
2839829 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-12-09 7) (trojan.rules)
2839830 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-12-09 8) (trojan.rules)
2839831 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish 2019-12-10 (current_events.rules)
2839832 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2019-12-10 (current_events.rules)
2839833 - ETPRO CURRENT_EVENTS Successful NAB Phish 2019-12-10 (current_events.rules)
2839834 - ETPRO CURRENT_EVENTS Successful NAB Phish 2019-12-10 (current_events.rules)
2839835 - ETPRO CURRENT_EVENTS Successful NAB Phish 2019-12-10 (current_events.rules)
2839836 - ETPRO TROJAN ELF/Mirai User-Agent Observed (Outbound) (trojan.rules)
2839837 - ETPRO TROJAN ELF/Mirai User-Agent Observed (Inbound) (trojan.rules)
2839838 - ETPRO TROJAN ELF/Mirai User-Agent Observed (Outbound) (trojan.rules)
2839839 - ETPRO TROJAN ELF/Mirai User-Agent Observed (Inbound) (trojan.rules)
2839840 - ETPRO TROJAN Generic Downloader Activity with Suspicious User-Agent (64) (trojan.rules)
2839841 - ETPRO TROJAN Generic Downloader Activity with Suspicious User-Agent (32) (trojan.rules)
2839842 - ETPRO TROJAN Observed Malicious SSL Cert (Gozi CnC) (trojan.rules)
2839843 - ETPRO TROJAN Observed Malicious SSL Cert (Snowbot CnC) (trojan.rules)
2839844 - ETPRO TROJAN Observed Malicious SSL Cert (PowerEnum CnC) (trojan.rules)
2839845 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC) (trojan.rules)
2839846 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC) (trojan.rules)
2839847 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC) (trojan.rules)
2839848 - ETPRO TROJAN JsOutProx CnC Activity - Outbound (trojan.rules)
2839849 - ETPRO MALWARE JsOutProx CnC Activity - Inbound (malware.rules)

[///]     Modified active rules:     [///]

2804089 - ETPRO TROJAN User-Agent with Compatible Typo (trojan.rules)

[---]         Disabled rules:        [---]

2028883 - ET TROJAN APT 41 LOWKEY Backdoor - Ping Command Inbound (trojan.rules)

Date: 
Monday, December 9, 2019 - 22:00