[***] Summary: [***]
27 new Open, 64 new Pro (27 + 37). Cyborg Keylogger, Win32/Tdata Stealer, Various Exploits, ELF/Mirai UA and Phish
Suricata 2/3 EOL information:
https://lists.emergingthreats.net/pipermail/emerging-updates/2019-October/004655.html
Please share issues, feedback, and requests at https://feedback.emergingthreats.net/feedback
[+++] Added rules: [+++]
Open:
2029151 - ET TROJAN Observed DNS Query for APT40 Possible DADSTACHE CnC Domain (trojan.rules)
2029152 - ET EXPLOIT Yachtcontrol Webservers RCE CVE-2019-17270 (Outbound) (exploit.rules)
2029153 - ET EXPLOIT Yachtcontrol Webservers RCE CVE-2019-17270 (Inbound) (exploit.rules)
2029154 - ET EXPLOIT Technicolor TD5130v2/TD5336 Router RCE CVE-2019-118396/CVE-2017-14127 (Outbound) (exploit.rules)
2029155 - ET EXPLOIT Technicolor TD5130v2/TD5336 Router RCE CVE-2019-118396/CVE-2017-14127 (Inbound) (exploit.rules)
2029156 - ET EXPLOIT Possible AVCON6 Video Conferencing System RCE (Outbound) (exploit.rules)
2029157 - ET EXPLOIT Possible AVCON6 Video Conferencing System RCE (Inbound) (exploit.rules)
2029158 - ET EXPLOIT Enigma Network Management Systems v65.0.0 CVE-2019-16072 (Outbound) (exploit.rules)
2029159 - ET EXPLOIT Enigma Network Management Systems v65.0.0 CVE-2019-16072 (Inbound) (exploit.rules)
2029160 - ET EXPLOIT Possible Sar2HTML plotting tool for Linux servers v3.2.1 (Outbound) (exploit.rules)
2029161 - ET EXPLOIT Possible Sar2HTML plotting tool for Linux servers v3.2.1 (Inbound) (exploit.rules)
2029162 - ET EXPLOIT NetGain Systems Enterprise Manager CVE-2017-16602 (Outbound) (exploit.rules)
2029163 - ET EXPLOIT NetGain Systems Enterprise Manager CVE-2017-16602 (Inbound) (exploit.rules)
2029164 - ET EXPLOIT Citrix NetScaler SD-WAN 9.1.2.26.561201 Devices CVE-2017-6316 (Outbound) (exploit.rules)
2029165 - ET EXPLOIT Citrix NetScaler SD-WAN 9.1.2.26.561201 Devices CVE-2017-6316 (Inbound) (exploit.rules)
2029166 - ET EXPLOIT Thomson Reuters Velocity Analytics Vhayu Analytic Servers 6.94 build 2995 CVE-2013-5912 (Outbound) (exploit.rules)
2029167 - ET EXPLOIT Thomson Reuters Velocity Analytics Vhayu Analytic Servers 6.94 build 2995 CVE-2013-5912 (Inbound) (exploit.rules)
2029168 - ET EXPLOIT ACTi ASOC 2200 Web Configurators versions <2.6 RCE (Outbound) (exploit.rules)
2029169 - ET EXPLOIT ACTi ASOC 2200 Web Configurators versions <2.6 RCE (Inbound) (exploit.rules)
2029170 - ET EXPLOIT 3Com Office Connect Remote Code Execution (Outbound) (exploit.rules)
2029171 - ET EXPLOIT 3Com Office Connect Remote Code Execution (Inbound) (exploit.rules)
2029172 - ET EXPLOIT Barracuda Spam Firewall 3.3.x RCE 2006-4000 (Outbound) (exploit.rules)
2029173 - ET EXPLOIT Barracuda Spam Firewall 3.3.x RCE 2006-4000 (Inbound) (exploit.rules)
2029174 - ET EXPLOIT CCBill Online Payment Systems RCE (Outbound) (exploit.rules)
2029175 - ET EXPLOIT CCBill Online Payment Systems RCE (Inbound) (exploit.rules)
2029176 - ET TROJAN Observed Buran Ransomware UA (trojan.rules)
Pro:
2839917 - ETPRO MOBILE_MALWARE AndroidOS/Trojan.ZUGE-6 Checkin (mobile_malware.rules)
2839918 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Jocker.snt (1001frivjuegos .info in TLS SNI) (mobile_malware.rules)
2839919 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Jocker.snt (owbe .com in TLS SNI) (mobile_malware.rules)
2839920 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Jocker.snt (dailymahjonggames .com in TLS SNI) (mobile_malware.rules)
2839921 - ETPRO TROJAN Cyborg Keylogger Checkin via FTP (trojan.rules)
2839922 - ETPRO TROJAN Cyborg Keylogger FTP STOR Command (trojan.rules)
2839923 - ETPRO TROJAN Win32/Tdata Stealer CnC Checkin (trojan.rules)
2839924 - ETPRO TROJAN Win32/Tdata Stealer FTP STOR Command (trojan.rules)
2839925 - ETPRO TROJAN Banload Variant Request (trojan.rules)
2839926 - ETPRO TROJAN Banload Variant Credential Theft (trojan.rules)
2839927 - ETPRO TROJAN Banload Variant Checkin (trojan.rules)
2839928 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-12-13 1) (trojan.rules)
2839929 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-12-13 2) (trojan.rules)
2839930 - ETPRO CURRENT_EVENTS Successful Generic Fix Email Account Phish 2019-12-16 (current_events.rules)
2839931 - ETPRO CURRENT_EVENTS Successful Bank of America Phish 2019-12-16 (current_events.rules)
2839932 - ETPRO CURRENT_EVENTS Successful Apple Phish 2019-12-16 (current_events.rules)
2839933 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information Phish 2019-12-16 (current_events.rules)
2839934 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information Phish 2019-12-16 (current_events.rules)
2839935 - ETPRO CURRENT_EVENTS Successful Bank of America Phish 2019-12-16 (current_events.rules)
2839936 - ETPRO CURRENT_EVENTS Successful Instagram Phish 2019-12-16 (current_events.rules)
2839937 - ETPRO CURRENT_EVENTS Successful Western Union Phish 2019-12-16 (current_events.rules)
2839938 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information Phish 2019-12-16 (current_events.rules)
2839939 - ETPRO TROJAN ELF/Mirai User-Agent Observed (Outbound) (trojan.rules)
2839940 - ETPRO TROJAN ELF/Mirai User-Agent Observed (Inbound) (trojan.rules)
2839941 - ETPRO TROJAN ELF/Mirai User-Agent Observed (Outbound) (trojan.rules)
2839942 - ETPRO TROJAN ELF/Mirai User-Agent Observed (Inbound) (trojan.rules)
2839943 - ETPRO TROJAN ELF/Mirai User-Agent Observed (Outbound) (trojan.rules)
2839944 - ETPRO TROJAN ELF/Mirai User-Agent Observed (Inbound) (trojan.rules)
2839945 - ETPRO TROJAN ELF/Mirai User-Agent Observed (Outbound) (trojan.rules)
2839946 - ETPRO TROJAN ELF/Mirai User-Agent Observed (Inbound) (trojan.rules)
2839947 - ETPRO TROJAN Cliper Stealer UA (trojan.rules)
2839948 - ETPRO TROJAN Win32/Agima.o CnC Activity (trojan.rules)
2839949 - ETPRO MALWARE Bandook v0.5FM TCP CnC Beacon (malware.rules)
2839950 - ETPRO TROJAN Win32/Remcos RAT Checkin 278 (trojan.rules)
2839951 - ETPRO TROJAN Win32/Remcos RAT Checkin 279 (trojan.rules)
2839952 - ETPRO TROJAN Win32/Remcos RAT Checkin 280 (trojan.rules)
2839953 - ETPRO TROJAN Win32/Remcos RAT Checkin 281 (trojan.rules)