Daily Ruleset Update Summary
Daily Ruleset Update Summary 2019/12/18

[***]            Summary:            [***]

2 new Open, 37 new Pro (2 + 35). Win32/BlackNET, ShivaGood Ransomware, Win32/Aspire, and Various Phish

Thanks @james_inthe_box

Suricata 2/3 EOL information:
https://lists.emergingthreats.net/pipermail/emerging-updates/2019-October/004655.html

Please share issues, feedback, and requests at https://feedback.emergingthreats.net/feedback

[+++]          Added rules:          [+++]

Open:

2029182 - ET TROJAN Observed Malicious SSL Cert (Sidewinder APT CnC) (trojan.rules)
2029183 - ET TROJAN Win32/MailerBot CnC Activity (trojan.rules)

Pro:

2839971 - ETPRO TROJAN Win32/njRAT Variant CnC Checkin (INF) (trojan.rules)
2839972 - ETPRO TROJAN Win32/njRAT Variant CnC Activity (GPL) (trojan.rules)
2839973 - ETPRO TROJAN Win32/njRAT Variant CnC Keep-Alive M1 (Outbound) (trojan.rules)
2839974 - ETPRO TROJAN Win32/njRAT Variant CnC Keep-Alive M2 (Outbound) (trojan.rules)
2839975 - ETPRO TROJAN Win32/njRAT Variant CnC Response (IE) (trojan.rules)
2839976 - ETPRO TROJAN Win32/njRAT Variant CnC Keep-Alive M1 (Inbound) (trojan.rules)
2839977 - ETPRO TROJAN Win32/njRAT Variant CnC Keep-Alive M2 (Inbound) (trojan.rules)
2839978 - ETPRO TROJAN Win32/njRAT Variant CnC Activity (OpenPasswords) (trojan.rules)
2839979 - ETPRO TROJAN Win32/njRAT Variant CnC Activity (PasswordsResult) (trojan.rules)
2839980 - ETPRO TROJAN Win32/njRAT Variant CnC Activity (KE) (trojan.rules)
2839981 - ETPRO TROJAN Win32/njRAT Variant CnC Activity (KE Logs) (trojan.rules)
2839982 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-12-17 1) (trojan.rules)
2839983 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-12-17 2) (trojan.rules)
2839984 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-12-17 3) (trojan.rules)
2839985 - ETPRO CURRENT_EVENTS Successful SF Express CN Phish 2019-12-18 (current_events.rules)
2839986 - ETPRO CURRENT_EVENTS Successful Godaddy Phish 2019-12-18 (current_events.rules)
2839987 - ETPRO CURRENT_EVENTS Successful Facebook Phish 2019-12-18 (current_events.rules)
2839988 - ETPRO CURRENT_EVENTS Successful Instagram Phish 2019-12-18 (current_events.rules)
2839989 - ETPRO CURRENT_EVENTS Successful Natwest Phish 2019-12-18 (current_events.rules)
2839990 - ETPRO CURRENT_EVENTS Successful WeTransfer Phish 2019-12-18 (current_events.rules)
2839991 - ETPRO CURRENT_EVENTS Successful Fifth Third Bank Phish 2019-12-18 (current_events.rules)
2839992 - ETPRO CURRENT_EVENTS Successful Square Phish 2019-12-18 (current_events.rules)
2839993 - ETPRO CURRENT_EVENTS Successful Apple Phish 2019-12-18 (current_events.rules)
2839994 - ETPRO CURRENT_EVENTS Successful Bank of America Phish 2019-12-18 (current_events.rules)
2839995 - ETPRO CURRENT_EVENTS Successful CIBC Phish 2019-12-18 (current_events.rules)
2839996 - ETPRO CURRENT_EVENTS Successful Office 365 Phish 2019-12-18 (current_events.rules)
2839997 - ETPRO CURRENT_EVENTS Successful MKB Bank Phish 2019-12-18 (current_events.rules)
2839998 - ETPRO CURRENT_EVENTS Successful MKB Bank Phish 2019-12-18 (current_events.rules)
2839999 - ETPRO CURRENT_EVENTS Successful Banco Itau Phish 2019-12-18 (current_events.rules)
2840000 - ETPRO TROJAN DiamondFox HTTP POSTing JPEG M2 (trojan.rules)
2840001 - ETPRO TROJAN DiamondFox HTTP POSTing PW (trojan.rules)
2840002 - ETPRO TROJAN DiamondFox HTTP GET CnC Activity (trojan.rules)
2840003 - ETPRO MALWARE Generic Clipper via User-Agent (malware.rules)
2840004 - ETPRO TROJAN Win32/Remcos RAT Checkin 282 (trojan.rules)
2840005 - ETPRO TROJAN Win32/Remcos RAT Checkin 283 (trojan.rules)

[///]     Modified active rules:     [///]

2029144 - ET TROJAN DiamondFox HTTP Post CnC Checkin M3 (trojan.rules)

[---]         Disabled rules:        [---]

2828314 - ETPRO TROJAN Magniber Ransomware Checkin 1 (trojan.rules)
2828315 - ETPRO TROJAN Magniber Ransomware Checkin 2 (trojan.rules)

Date:
Summary title:
2 new Open, 37 new Pro (2 + 35). Win32/BlackNET, ShivaGood Ransomware, Win32/Aspire, and Various Phish