Daily Ruleset Update Summary
Daily Ruleset Update Summary 2020/03/30

[***]            Summary:            [***]

15 new Open, 45 new Pro (15 + 30). Various Possible COVID-19 Based
Phish/Scam, Telerik UI CVE-2019-18935, Android/Lightspy, Nanocore, Various
User-Agents, VARIOUS PHISHING.

Suricata 2/3 Support from Emerging Threats will be become End-Of-Life on
April 15th, 2020.

Suricata 2/3 EOL information:
https://lists.emergingthreats.net/pipermail/emerging-updates/2019-October/004655.html

[+++]          Added rules:          [+++]

Open:

  2029751 - ET TROJAN Observed Glupteba CnC Domain in TLS SNI (trojan.rules)
  2029752 - ET USER_AGENTS Observed Suspicious UA (Http-connect)
(user_agents.rules)
  2029753 - ET HUNTING Suspicious GET Request with Possible COVID-19 URI M1
(hunting.rules)
  2029754 - ET INFO Suspicious GET Request with Possible COVID-19 URI M2
(info.rules)
  2029755 - ET INFO Suspicious POST Request with Possible COVID-19 URI M1
(info.rules)
  2029756 - ET INFO Suspicious POST Request with Possible COVID-19 URI M2
(info.rules)
  2029757 - ET CURRENT_EVENTS Possible Successful COVID-19 Related Phish M1
(current_events.rules)
  2029758 - ET CURRENT_EVENTS Possible Successful COVID-19 Related Phish M2
(current_events.rules)
  2029759 - ET SCAN ELF/Mirai Variant User-Agent (Inbound) (scan.rules)
  2029760 - ET TROJAN ELF/Mirai Variant User-Agent (Outbound) (trojan.rules)
  2029761 - ET EXPLOIT Possible Telerik UI CVE-2019-18935 File Upload
Attempt M1 (exploit.rules)
  2029762 - ET EXPLOIT Possible Telerik UI CVE-2019-18935 File Upload
Attempt M2 (exploit.rules)
  2029763 - ET SCAN ELF/Mirai Variant User-Agent (Inbound) (scan.rules)
  2029764 - ET TROJAN ELF/Mirai Variant User-Agent (Outbound) (trojan.rules)
  2029765 - ET MOBILE_MALWARE Android Lightspy Implant CnC
(mobile_malware.rules)

Pro:

  2841748 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Cerberus Checkin
(mobile_malware.rules)
  2841749 - ETPRO MOBILE_MALWARE Android/Triada.JH Checkin
(mobile_malware.rules)
  2841750 - ETPRO TROJAN Observed Malicious User-Agent (POWERDOOD)
(trojan.rules)
  2841751 - ETPRO TROJAN Win32/NixBot Checkin via IRC (trojan.rules)
  2841752 - ETPRO TROJAN Possible MalDoc/Loader Retrieving dll
(trojan.rules)
  2841753 - ETPRO TROJAN NanoCore RAT Keep-Alive Beacon (Inbound)
(trojan.rules)
  2841754 - ETPRO TROJAN Observed Malicious SSL Cert (Cobalt Strike CnC)
(trojan.rules)
  2841755 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-03-27 1) (trojan.rules)
  2841756 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-03-27 2) (trojan.rules)
  2841757 - ETPRO CURRENT_EVENTS Successful Chase Phish 2020-03-29
(current_events.rules)
  2841758 - ETPRO CURRENT_EVENTS Successful BBVA Phish 2020-03-29
(current_events.rules)
  2841759 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2020-03-29 (current_events.rules)
  2841760 - ETPRO CURRENT_EVENTS Successful Generic Phish 2020-03-29
(current_events.rules)
  2841761 - ETPRO CURRENT_EVENTS Successful Facebook Phish 2020-03-29
(current_events.rules)
  2841762 - ETPRO CURRENT_EVENTS Successful Adobe Shared Document Phish
2020-03-29 (current_events.rules)
  2841763 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-03-30 1) (trojan.rules)
  2841764 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-03-30 2) (trojan.rules)
  2841765 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-03-30 3) (trojan.rules)
  2841766 - ETPRO CURRENT_EVENTS Successful ABSA Phish 2020-03-30
(current_events.rules)
  2841767 - ETPRO CURRENT_EVENTS Successful Societe Generale Phish
2020-03-30 (current_events.rules)
  2841768 - ETPRO CURRENT_EVENTS Successful Generic Webmail Settings Phish
2020-03-30 (current_events.rules)
  2841769 - ETPRO CURRENT_EVENTS Successful Generic TR Bank Phish
2020-03-30 (current_events.rules)
  2841770 - ETPRO CURRENT_EVENTS Successful SunTrust Phish 2020-03-30
(current_events.rules)
  2841771 - ETPRO CURRENT_EVENTS Successful Facebook Phish 2020-03-30
(current_events.rules)
  2841772 - ETPRO CURRENT_EVENTS Successful Chase Phish 2020-03-30
(current_events.rules)
  2841773 - ETPRO CURRENT_EVENTS Successful Rakuten Phish 2020-03-30
(current_events.rules)
  2841774 - ETPRO TROJAN W32/Injector.jwcqy CnC Activity M1 (trojan.rules)
  2841775 - ETPRO TROJAN W32/Injector.jwcqy CnC Activity M2 (trojan.rules)
  2841776 - ETPRO CURRENT_EVENTS Successful Canada Tax Return Phish
2020-03-30 (current_events.rules)
  2841777 - ETPRO CURRENT_EVENTS Successful Generic Phish 2020-03-30
(current_events.rules)

[///]     Modified active rules:     [///]

  2804834 - ETPRO MALWARE Installmate Installer Checkin (malware.rules)
  2805068 - ETPRO TROJAN Backdoor.Win32.Poison Checkin (trojan.rules)
  2806286 - ETPRO MALWARE Spyware/Win32.KeyMatch Checkin (malware.rules)
  2806685 - ETPRO TROJAN Netdevil.1_5 reporting via ICQ WWW script
(trojan.rules)
  2806873 - ETPRO TROJAN Rogue.Win32/FakeRean Checkin 3 (trojan.rules)
  2808251 - ETPRO TROJAN Win32/Spy.Banker.AAYY CnC (OUTBOUND) (trojan.rules)
  2809086 - ETPRO WEB_SPECIFIC_APPS CreativeContact Plugin Arbitrary File
Upload (web_specific_apps.rules)
  2809167 - ETPRO TROJAN Gozi Downloader Checkin (trojan.rules)
  2809240 - ETPRO MOBILE_MALWARE Android.Trojan.FakeInst.IS Checkin
(mobile_malware.rules)
  2809269 - ETPRO TROJAN Rovnix CnC Beacon (trojan.rules)
  2827296 - ETPRO MOBILE_MALWARE Android.Trojan.SmsSpy.GI CnC Beacon
(mobile_malware.rules)
  2827378 - ETPRO MOBILE_MALWARE Android/Triada.DX Checkin
(mobile_malware.rules)
  2827379 - ETPRO MOBILE_MALWARE Android/Triada.DX Checkin 2
(mobile_malware.rules)
  2840472 - ETPRO CURRENT_EVENTS Successful Adobe PDF Cloud Phish
2020-01-16 (current_events.rules)

Date:
Summary title:
15 new Open, 45 new Pro (15 + 30). Various Possible COVID-19 Based Phish/Scam, Telerik UI CVE-2019-18935, Android/Lightspy, Nanocore, Various User-Agents, VARIOUS PHISHING.