Daily Ruleset Update Summary
Daily Ruleset Update Summary 2019/12/20

[***]            Summary:            [***]

3 new Open, 22 new Pro (3 + 19). Win32/AgentTesla, Sifrelendi Ransomware, RuntimeB, and Various Phish

Suricata 2/3 EOL information:
https://lists.emergingthreats.net/pipermail/emerging-updates/2019-October/004655.html

Please share issues, feedback, and requests at https://feedback.emergingthreats.net/feedback

[+++]          Added rules:          [+++]

Open:

2029184 - ET TROJAN Observed Malicious SSL Cert (DonotGroup CnC) (trojan.rules)
2029185 - ET POLICY External IP Lookup - free .ipwhois .io  (policy.rules)
2029186 - ET TROJAN Win32/Unknown SMTP Checkin (trojan.rules)

Pro:

2840028 - ETPRO TROJAN Observed Malicious SSL Cert (CobInt CnC) (trojan.rules)
2840029 - ETPRO TROJAN Win32/Borr CnC Checkin (trojan.rules)
2840030 - ETPRO TROJAN Sifrelendi Ransomware Checkin via FTP (trojan.rules)
2840031 - ETPRO TROJAN Observed Malicious SSL Cert (Get2 CnC) (trojan.rules)
2840032 - ETPRO TROJAN Win32/AgentTesla/OriginLogger Data Exfil via SMTP M2 (trojan.rules)
2840033 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-12-19 1) (trojan.rules)
2840034 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-12-19 2) (trojan.rules)
2840035 - ETPRO CURRENT_EVENTS Successful Adobe Shared Document Phish 2019-12-20 (current_events.rules)
2840036 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2019-12-20 (current_events.rules)
2840037 - ETPRO CURRENT_EVENTS Successful Chase Phish 2019-12-20 (current_events.rules)
2840038 - ETPRO CURRENT_EVENTS Successful Docusign Phish 2019-12-20 (current_events.rules)
2840039 - ETPRO CURRENT_EVENTS Successful WeTransfer Phish 2019-12-20 (current_events.rules)
2840040 - ETPRO CURRENT_EVENTS Successful Facebook Phish 2019-12-20 (current_events.rules)
2840041 - ETPRO TROJAN RuntimeB CnC Initial Checkin (trojan.rules)
2840042 - ETPRO TROJAN RuntimeB CnC Heartbeat (trojan.rules)
2840043 - ETPRO TROJAN Win32.Unwaders.C CnC Activity (trojan.rules)
2840044 - ETPRO TROJAN Win32/Remcos RAT Checkin 286 (trojan.rules)
2840045 - ETPRO TROJAN Win32/Remcos RAT Checkin 287 (trojan.rules)
2840046 - ETPRO TROJAN Observed Malicious SSL Cert (IcedID CnC) (trojan.rules)

[---]         Removed rules:         [---]

2024759 - ET WEB_SERVER Possible OptionsBleed (CVE-2017-9798) (web_server.rules)

Date:
Summary title:
3 new Open, 22 new Pro (3 + 19). Win32/AgentTesla, Sifrelendi Ransomware, RuntimeB, and Various Phish