Daily Ruleset Update Summary
Daily Ruleset Update Summary 2019/12/12

[***]            Summary:            [***]

28 new Open, 46 new Pro (28 + 18). Dreambot CnC SSL Certs, BottleEK, AZORult v3.X, CrownAdPro CnC Activity, Cyborg Keylogger, Coinminers, Various Phish.

Thanks to: Travis Green (via @401TRG), @nao_sec, @ViriBack

Suricata 2/3 EOL information:
https://lists.emergingthreats.net/pipermail/emerging-updates/2019-October/004655.html

Please share issues, feedback, and requests at https://feedback.emergingthreats.net/feedback

[+++]          Added rules:          [+++]

Open:

2029116 - ET TROJAN [401TRG] Malicious SSL Cert (Dreambot CnC) (trojan.rules)
2029117 - ET TROJAN [401TRG] Malicious SSL Cert (Dreambot CnC) (trojan.rules)
2029118 - ET TROJAN [401TRG] Malicious SSL Cert (Dreambot CnC) (trojan.rules)
2029119 - ET TROJAN [401TRG] Malicious SSL Cert (Dreambot CnC) (trojan.rules)
2029120 - ET TROJAN [401TRG] Malicious SSL Cert (Dreambot CnC) (trojan.rules)
2029130 - ET TROJAN [401TRG] Malicious SSL Cert (Dreambot CnC) (trojan.rules)
2029131 - ET TROJAN [401TRG] Malicious SSL Cert (Dreambot CnC) (trojan.rules)
2029132 - ET TROJAN [401TRG] Malicious SSL Cert (Dreambot CnC) (trojan.rules)
2029133 - ET TROJAN [401TRG] Malicious SSL Cert (Dreambot CnC) (trojan.rules)
2029134 - ET TROJAN [401TRG] Malicious SSL Cert (Dreambot CnC) (trojan.rules)
2029135 - ET TROJAN [401TRG] Malicious SSL Cert (Dreambot CnC) (trojan.rules)
2029121 - ET TROJAN [401TRG] Malicious SSL Cert (Dreambot CnC) (trojan.rules)
2029122 - ET WEB_CLIENT BottleEK Landing (web_client.rules)
2029123 - ET WEB_CLIENT BottleEK Plugin Check JS (web_client.rules)
2029124 - ET CURRENT_EVENTS BottleEK Plugin Check Response (current_events.rules)
2029125 - ET WEB_CLIENT Suspicious VBS Encoding Observed in BottleEK (web_client.rules)
2029126 - ET WEB_CLIENT BottleEK Payload Request (web_client.rules)
2029127 - ET CURRENT_EVENTS Successful Generic Phish (set) 2019-12-12 (current_events.rules)
2029128 - ET TROJAN Malicious SSL Cert (Magecart) (trojan.rules)
2029136 - ET TROJAN AZORult v3.3 Server Response M1 (trojan.rules)
2029137 - ET TROJAN AZORult v3.3 Server Response M2 (trojan.rules)
2029138 - ET TROJAN AZORult v3.3 Server Response M3 (trojan.rules)
2029139 - ET TROJAN AZORult v3.2 Server Response M1 (trojan.rules)
2029140 - ET TROJAN AZORult v3.2 Server Response M2 (trojan.rules)
2029141 - ET TROJAN AZORult v3.2 Server Response M3 (trojan.rules)
2029142 - ET TROJAN MalDoc Exfil (2019-12-12) (trojan.rules)
2029143 - ET TROJAN CrownAdPro CnC Activity M1 (trojan.rules)
2029144 - ET TROJAN DiamondFox HTTP Post CnC Checkin M3 (trojan.rules)

Pro:

2839876 - ETPRO TROJAN Win32/Cyborg Keylogger FTP STOR Command (trojan.rules)
2839877 - ETPRO TROJAN Win32/Cyborg Keylogger Data Exfil via FTP (trojan.rules)
2839878 - ETPRO TROJAN Win32/AgentTesla FTP STOR Command M2 (trojan.rules)
2839879 - ETPRO TROJAN Observed Malicious SSL Cert (Get2 CnC) (trojan.rules)
2839881 - ETPRO TROJAN 404 Keylogger Exfil (trojan.rules)
2839886 - ETPRO TROJAN Observed Magecart CnC Domain in TLS SNI (trojan.rules)
2839882 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-12-11 1) (trojan.rules)
2839883 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-12-11 2) (trojan.rules)
2839880 - ETPRO CURRENT_EVENTS Evil Keitaro Set-Cookie Inbound (eaebe) (current_events.rules)
2839884 - ETPRO CURRENT_EVENTS Successful Apple iCloud Phish 2019-12-12 (current_events.rules)
2839885 - ETPRO CURRENT_EVENTS Successful Adobe PDF Online Phish 2019-12-12 (current_events.rules)
2839887 - ETPRO CURRENT_EVENTS Successful Bank of America Phish 2019-12-12 (current_events.rules)
2839888 - ETPRO CURRENT_EVENTS Successful US Bank Phish 2019-12-12 (current_events.rules)
2839889 - ETPRO CURRENT_EVENTS Successful Chase Phish 2019-12-12 (current_events.rules)
2839890 - ETPRO CURRENT_EVENTS Successful Chase Phish 2019-12-12 (current_events.rules)
2839891 - ETPRO CURRENT_EVENTS Successful Mobile DE Phish 2019-12-12 (current_events.rules)
2839892 - ETPRO CURRENT_EVENTS Successful Banco Itau Phish 2019-12-12 (current_events.rules)
2839893 - ETPRO TROJAN Win32/Remcos RAT Checkin 277 (trojan.rules)

[///]     Modified active rules:     [///]

2822801 - ETPRO TROJAN DiamondFox HTTP POST CnC Checkin M1 (trojan.rules)
2839790 - ETPRO INFO Windows BITS UA Retreiving EXE (info.rules)

 [---]         Removed rules:         [---]

2839854 - ETPRO TROJAN Observed Malicious SSL Cert (SDBbot CnC) (trojan.rules)

Date:
Summary title:
28 new Open, 46 new Pro (28 + 18). Dreambot CnC SSL Certs, BottleEK, AZORult v3.X, CrownAdPro CnC Activity, Cyborg Keylogger, Coinminers, Various Phish.