[***] Summary: [***]
8 new Open, 23 new Pro (8 + 15). ROJAN Cobalt Strike Malleable Profiles
W32/Codiby.oow, LuciferHTTP Botnet, Various Phishing.
Suricata 2/3 Support from Emerging Threats will be become End-Of-Life on
April 15th, 2020.
Suricata 2/3 EOL information:
https://lists.emergingthreats.net/pipermail/emerging-updates/2019-October/004655.html
[+++] Added rules: [+++]
Open:
2029740 - ET TROJAN Cobalt Strike Malleable C2 (Havex APT) (trojan.rules)
2029741 - ET TROJAN Cobalt Strike Malleable C2 (Magnitude EK)
(trojan.rules)
2029742 - ET TROJAN Cobalt Strike Malleable C2 (Meterpreter)
(trojan.rules)
2029743 - ET TROJAN Cobalt Strike Malleable C2 (OneDrive) (trojan.rules)
2029744 - ET TROJAN Cobalt Strike Malleable C2 (Adobe RTMP) (trojan.rules)
2029745 - ET POLICY File Downloaded via ge.tt Filesharing Service
(policy.rules)
2029746 - ET POLICY File Uploaded to ge.tt Filesharing Service
(policy.rules)
2029747 - ET CURRENT_EVENTS Successful Airbnb COVID-19 Phish 2020-03-26
(current_events.rules)
Pro:
2815658 - ETPRO MALWARE W32/Codiby.oow WebToolbar (malware.rules)
2841719 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-03-26 1) (trojan.rules)
2841720 - ETPRO CURRENT_EVENTS Successful Wells Fargo Phish 2020-03-26
(current_events.rules)
2841721 - ETPRO CURRENT_EVENTS Successful Wells Fargo Phish 2020-03-26
(current_events.rules)
2841722 - ETPRO CURRENT_EVENTS Successful Generic Phish 2020-03-26
(current_events.rules)
2841723 - ETPRO CURRENT_EVENTS Successful M&T Bank Phish 2020-03-26
(current_events.rules)
2841724 - ETPRO CURRENT_EVENTS Successful Chase Phish 2020-03-26
(current_events.rules)
2841725 - ETPRO CURRENT_EVENTS Successful Wells Fargo Phish 2020-03-26
(current_events.rules)
2841726 - ETPRO CURRENT_EVENTS Successful Adobe Shared Document Phish
2020-03-26 (current_events.rules)
2841727 - ETPRO CURRENT_EVENTS Successful DHL Phish 2020-03-26
(current_events.rules)
2841728 - ETPRO CURRENT_EVENTS Successful Generic Phish 2020-03-26
(current_events.rules)
2841730 - ETPRO TROJAN MSIL/Agent.TNL Variant CnC Checkin (trojan.rules)
2841731 - ETPRO CURRENT_EVENTS Successful CIBC Phish 2020-03-26
(current_events.rules)
2841732 - ETPRO TROJAN LuciferHTTP Botnet CnC - Uploading File
(trojan.rules)
2841733 - ETPRO TROJAN LuciferHTTP Botnet CnC - Uploading Screenshot
(trojan.rules)
[///] Modified active rules: [///]
2022127 - ET TROJAN MegalodonHTTP/LuciferHTTP Client Action (trojan.rules)
2804182 - ETPRO TROJAN Win32/Kryptik.WPE DDoS Bot Checkin (trojan.rules)
2804246 - ETPRO WEB_SPECIFIC_APPS SugarCRM SQL Injection Attempt --
index.php SELECT (web_specific_apps.rules)
2804247 - ETPRO WEB_SPECIFIC_APPS SugarCRM SQL Injection Attempt --
index.php UNION SELECT (web_specific_apps.rules)
2804248 - ETPRO WEB_SPECIFIC_APPS SugarCRM SQL Injection Attempt --
index.php INSERT (web_specific_apps.rules)
2804249 - ETPRO WEB_SPECIFIC_APPS SugarCRM SQL Injection Attempt --
index.php DELETE (web_specific_apps.rules)
2804250 - ETPRO WEB_SPECIFIC_APPS SugarCRM SQL Injection Attempt --
index.php ASCII (web_specific_apps.rules)
2804251 - ETPRO WEB_SPECIFIC_APPS SugarCRM SQL Injection Attempt --
index.php UPDATE (web_specific_apps.rules)
2804668 - ETPRO WEB_SPECIFIC_APPS CISCO CiscoWorks Directory Traversal
(web_specific_apps.rules)
2809367 - ETPRO TROJAN Rovnix Variant Checkin (trojan.rules)
2809395 - ETPRO WEB_SPECIFIC_APPS Obsecure360 SQLi Attempt
(web_specific_apps.rules)
2809466 - ETPRO WEB_SPECIFIC_APPS Pandora FMS Authentication Bypass
Attempt (web_specific_apps.rules)
2809485 - ETPRO TROJAN Blitz CMS Community SQLi Request (trojan.rules)
2809519 - ETPRO WEB_SPECIFIC_APPS WP PhotoGallery Plugin SQLi Attempt
(web_specific_apps.rules)
2809566 - ETPRO WEB_SPECIFIC_APPS ArticleFR CMS SQLi Attempt
(web_specific_apps.rules)
2810167 - ETPRO WEB_SPECIFIC_APPS Joomla ECommerce-WD Plugin SQLi Attempt
(web_specific_apps.rules)
2810276 - ETPRO TROJAN AZORult CnC Beacon M1 (trojan.rules)
2810814 - ETPRO TROJAN Win32/Zlader.H Checkin (trojan.rules)
2814888 - ETPRO TROJAN Banload.WRI Requesting Zip Archive (trojan.rules)
2815614 - ETPRO TROJAN APT.T9000 Requesting Payload M1 (trojan.rules)
2815647 - ETPRO MALWARE PUP.SimplyInstaller Checkin (malware.rules)
2815835 - ETPRO TROJAN Derusbi Variant CnC Beacon (trojan.rules)
2825293 - ETPRO TROJAN StoneDrill CnC Server Selection Request
(trojan.rules)
2825309 - ETPRO TROJAN Win32.Emdivi CnC Beacon (trojan.rules)
2825460 - ETPRO MOBILE_MALWARE Android.Adware.Iadpush.C Checkin
(mobile_malware.rules)
2825577 - ETPRO TROJAN MSIL/Unk.DDoS Bot CnC Checkin (trojan.rules)
2825675 - ETPRO TROJAN Win32/HappyDayzz Ransomware CnC Checkin
(trojan.rules)
2825679 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmForw.k CnC Beacon
(mobile_malware.rules)
2825704 - ETPRO MOBILE_MALWARE Android/Spy.SmsSpy.IT Checkin
(mobile_malware.rules)
2825766 - ETPRO TROJAN LokiBot Checkin M2 (trojan.rules)
2827189 - ETPRO TROJAN MSIL/TeslaWare Ransomware Requesting Image
(trojan.rules)
2827241 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Hqwar.jck Contact
Exfil (mobile_malware.rules)
2827242 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Hqwar.jck CnC
Beacon (mobile_malware.rules)
2827291 - ETPRO MOBILE_MALWARE Android Unknown Trojan CnC Beacon
(mobile_malware.rules)
[---] Disabled and modified rules: [---]
2810169 - ETPRO TROJAN Win32/TrojanDownloader.Blocrypt Conn Check
(trojan.rules)
2810409 - ETPRO POLICY ge.tt file download (policy.rules)
2812428 - ETPRO MOBILE_MALWARE Android-Trojan/Infostealer.da87 Checkin
(mobile_malware.rules)
2825698 - ETPRO TROJAN MSIL/Downloader Downloading NetwireRAT
(trojan.rules)
[---] Disabled rules: [---]
2803272 - ETPRO TROJAN W32/Koobface.hcy Checkin (trojan.rules)
2805879 - ETPRO TROJAN W32/Koobface.hcy CnC response (trojan.rules)
2809703 - ETPRO TROJAN INFOSTEALER.LIMITAIL Checkin (trojan.rules)
2812528 - ETPRO TROJAN Win32/Misdat.A CnC Checkin (trojan.rules)
2812540 - ETPRO TROJAN Win32/Setaclod.A Checkin (trojan.rules)
2827264 - ETPRO TROJAN MSIL/CoinMiner.WS Variant CnC Checkin
(trojan.rules)
[---] Removed rules: [---]
2815658 - ETPRO TROJAN W32.Unknown Checkin (trojan.rules)