[***] Summary: [***]
0 new Open, 22 new Pro (0 + 22). Android/Hiddad.AIX, Powershell.WC, Win32/Remcos, and Various Phish
Suricata 2/3 EOL information:
https://lists.emergingthreats.net/pipermail/emerging-updates/2019-October/004655.html
Please share issues, feedback, and requests at https://feedback.emergingthreats.net/feedback
[+++] Added rules: [+++]
Pro:
2840006 - ETPRO MOBILE_MALWARE Android/Hiddad.AIX CnC Beacon (mobile_malware.rules)
2840007 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-12-18 1) (trojan.rules)
2840008 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-12-18 2) (trojan.rules)
2840009 - ETPRO CURRENT_EVENTS Successful Chase Phish 2019-12-19 (current_events.rules)
2840010 - ETPRO CURRENT_EVENTS Successful Netflix Phish 2019-12-19 (current_events.rules)
2840011 - ETPRO CURRENT_EVENTS Successful Spotify Phish 2019-12-19 (current_events.rules)
2840012 - ETPRO CURRENT_EVENTS Successful WeTransfer Phish 2019-12-19 (current_events.rules)
2840013 - ETPRO CURRENT_EVENTS Successful KBC Bank Phish 2019-12-19 (current_events.rules)
2840014 - ETPRO CURRENT_EVENTS Successful Chase Phish 2019-12-19 (current_events.rules)
2840015 - ETPRO CURRENT_EVENTS Successful Chase Phish 2019-12-19 (current_events.rules)
2840016 - ETPRO CURRENT_EVENTS Successful ING Phish 2019-12-19 (current_events.rules)
2840017 - ETPRO TROJAN Powershell.WC CnC Initial Checkin (trojan.rules)
2840018 - ETPRO TROJAN Powershell.WC CnC - Heartbeat (trojan.rules)
2840019 - ETPRO TROJAN Powershell.WC CnC - Report (trojan.rules)
2840020 - ETPRO TROJAN Powershell.WC CnC - Upload (trojan.rules)
2840021 - ETPRO TROJAN Powershell.WC CnC Activity (trojan.rules)
2840022 - ETPRO TROJAN ELF/Mirai User-Agent Observed (Outbound) (trojan.rules)
2840023 - ETPRO TROJAN ELF/Mirai User-Agent Observed (Inbound) (trojan.rules)
2840024 - ETPRO TROJAN Win32/Remcos RAT Checkin 284 (trojan.rules)
2840025 - ETPRO TROJAN Win32/Remcos RAT Checkin 285 (trojan.rules)
2840026 - ETPRO TROJAN Observed Malicious SSL Cert (IcedID CnC) (trojan.rules)
2840027 - ETPRO TROJAN Observed Malicious SSL Cert (AZORult CnC) 2019-12-19 (trojan.rules)
[///] Modified active rules: [///]
2008311 - ET SCAN Watchfire AppScan Web App Vulnerability Scanner (scan.rules)
2024991 - ET TROJAN Win32/TinyNuke CnC Checkin (trojan.rules)
2832577 - ETPRO TROJAN Win32/TinyNuke CnC Checkin (trojan.rules)
2833514 - ETPRO TROJAN Win32/TinyNuke CnC Checkin M2 (trojan.rules)
[---] Removed rules: [---]
2811507 - ETPRO CURRENT_EVENTS Angler or Nuclear EK Flash Exploit (IE) Jun 16 M1 (current_events.rules)
2811829 - ETPRO CURRENT_EVENTS Angler or Nuclear EK Flash Exploit (IE) Jun 16 M1 T2 (current_events.rules)
2811871 - ETPRO CURRENT_EVENTS Angler Possible EK Landing URI Struct Jul 09 M3 T3 (current_events.rules)
2811937 - ETPRO CURRENT_EVENTS Angler Possible EK Landing URI Struct Jul 14 M3 T3 (current_events.rules)
2811987 - ETPRO CURRENT_EVENTS Angler Possible EK Landing URI Struct Jul 15 M3 T3 (current_events.rules)