[***]            Summary:            [***]

5 new Open, 32 new Pro (5 + 27). OSX/Bundalore, Win32/AgentTesla, Zeropadypt/Limbo/Ouroboros Ransomware, Various SSL Certs, Coinminers, Various Phish.

Suricata 2/3 EOL information:
https://lists.emergingthreats.net/pipermail/emerging-updates/2019-October/004655.html

Please share issues, feedback, and requests at    https://feedback.emergingthreats.net/feedback

[+++]          Added rules:          [+++]

Open:

2029106 - ET MALWARE OSX/Bundalore Loader Activity (malware.rules)
2029107 - ET MALWARE Observed DNS Query to OSX/Bundalore Domain (malware.rules)
2029108 - ET TROJAN SSL/TLS Certificate Observed (Get2 CnC) (trojan.rules)
2029114 - ET TROJAN Possible APT38 CnC Domain Observed in DNS Query (trojan.rules)
2029115 - ET TROJAN Possible APT38 CnC Domain Observed in DNS Query (trojan.rules)

Pro:

2839849 - ETPRO TROJAN JsOutProx CnC Activity - Inbound (trojan.rules)
2839850 - ETPRO TROJAN Observed Malicious SSL Cert (PsiXBot CnC) (trojan.rules)
2839851 - ETPRO TROJAN Win32/AgentTesla FTP STOR Command (trojan.rules)
2839852 - ETPRO TROJAN Win32/AgentTesla Data Exfil via FTP (trojan.rules)
2839853 - ETPRO TROJAN Win32/AgentTesla/OriginLogger Data Exfil via SMTP (trojan.rules)
2839854 - ETPRO TROJAN Observed Malicious SSL Cert (SDBbot CnC) (trojan.rules)
2839855 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-12-10 1) (trojan.rules)
2839856 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-12-10 2) (trojan.rules)
2839857 - ETPRO CURRENT_EVENTS Successful Chase Phish 2019-12-11 (current_events.rules)
2839858 - ETPRO CURRENT_EVENTS Successful Ebay Phish 2019-12-11 (current_events.rules)
2839859 - ETPRO CURRENT_EVENTS Successful Caixa Phish 2019-12-11 (current_events.rules)
2839860 - ETPRO CURRENT_EVENTS Successful Caixa Phish 2019-12-11 (current_events.rules)
2839861 - ETPRO CURRENT_EVENTS Successful Davivienda Phish 2019-12-11 (current_events.rules)
2839862 - ETPRO CURRENT_EVENTS Successful Davivienda Phish 2019-12-11 (current_events.rules)
2839863 - ETPRO CURRENT_EVENTS Successful Generic Voicemail Phish 2019-12-11 (current_events.rules)
2839864 - ETPRO CURRENT_EVENTS Successful Generic Voicemail Phish 2019-12-11 (current_events.rules)
2839865 - ETPRO CURRENT_EVENTS Successful Banco Itau Phish 2019-12-11 (current_events.rules)
2839866 - ETPRO CURRENT_EVENTS Successful Snapchat Phish 2019-12-11 (current_events.rules)
2839867 - ETPRO CURRENT_EVENTS Successful My3  Phish 2019-12-11 (current_events.rules)
2839868 - ETPRO CURRENT_EVENTS Successful My3 Phish 2019-12-11 (current_events.rules)
2839869 - ETPRO CURRENT_EVENTS Successful Generic Multi-Email Phish 2019-12-11 (current_events.rules)
2839870 - ETPRO CURRENT_EVENTS Successful Santander Phish 2019-12-11 (current_events.rules)
2839871 - ETPRO CURRENT_EVENTS Successful Instagram Phish 2019-12-11 (current_events.rules)
2839872 - ETPRO CURRENT_EVENTS Successful Clydesdale Bank Phish 2019-12-11 (current_events.rules)
2839873 - ETPRO TROJAN Zeropadypt/Limbo/Ouroboros Ransomware CnC Checkin M4 (trojan.rules)
2839874 - ETPRO TROJAN Win32/Remcos RAT Checkin 276 (trojan.rules)
2839875 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC) (trojan.rules)

[///]     Modified active rules:     [///]

2009897 - ET TROJAN Possible Windows executable sent when remote host claims to send html content (trojan.rules)
2822492 - ETPRO CURRENT_EVENTS Successful Dynamic Folder Phish Oct 07 2016 (current_events.rules)

Date: 
Tuesday, December 10, 2019 - 22:00