[***] Summary: [***]
15 new Open, 45 new Pro (15 + 30). Various Possible COVID-19 Based
Phish/Scam, Telerik UI CVE-2019-18935, Android/Lightspy, Nanocore, Various
User-Agents, VARIOUS PHISHING.
Suricata 2/3 Support from Emerging Threats will be become End-Of-Life on
April 15th, 2020.
Suricata 2/3 EOL information:
https://lists.emergingthreats.net/pipermail/emerging-updates/2019-October/004655.html
[+++] Added rules: [+++]
Open:
2029751 - ET TROJAN Observed Glupteba CnC Domain in TLS SNI (trojan.rules)
2029752 - ET USER_AGENTS Observed Suspicious UA (Http-connect)
(user_agents.rules)
2029753 - ET HUNTING Suspicious GET Request with Possible COVID-19 URI M1
(hunting.rules)
2029754 - ET INFO Suspicious GET Request with Possible COVID-19 URI M2
(info.rules)
2029755 - ET INFO Suspicious POST Request with Possible COVID-19 URI M1
(info.rules)
2029756 - ET INFO Suspicious POST Request with Possible COVID-19 URI M2
(info.rules)
2029757 - ET CURRENT_EVENTS Possible Successful COVID-19 Related Phish M1
(current_events.rules)
2029758 - ET CURRENT_EVENTS Possible Successful COVID-19 Related Phish M2
(current_events.rules)
2029759 - ET SCAN ELF/Mirai Variant User-Agent (Inbound) (scan.rules)
2029760 - ET TROJAN ELF/Mirai Variant User-Agent (Outbound) (trojan.rules)
2029761 - ET EXPLOIT Possible Telerik UI CVE-2019-18935 File Upload
Attempt M1 (exploit.rules)
2029762 - ET EXPLOIT Possible Telerik UI CVE-2019-18935 File Upload
Attempt M2 (exploit.rules)
2029763 - ET SCAN ELF/Mirai Variant User-Agent (Inbound) (scan.rules)
2029764 - ET TROJAN ELF/Mirai Variant User-Agent (Outbound) (trojan.rules)
2029765 - ET MOBILE_MALWARE Android Lightspy Implant CnC
(mobile_malware.rules)
Pro:
2841748 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Cerberus Checkin
(mobile_malware.rules)
2841749 - ETPRO MOBILE_MALWARE Android/Triada.JH Checkin
(mobile_malware.rules)
2841750 - ETPRO TROJAN Observed Malicious User-Agent (POWERDOOD)
(trojan.rules)
2841751 - ETPRO TROJAN Win32/NixBot Checkin via IRC (trojan.rules)
2841752 - ETPRO TROJAN Possible MalDoc/Loader Retrieving dll
(trojan.rules)
2841753 - ETPRO TROJAN NanoCore RAT Keep-Alive Beacon (Inbound)
(trojan.rules)
2841754 - ETPRO TROJAN Observed Malicious SSL Cert (Cobalt Strike CnC)
(trojan.rules)
2841755 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-03-27 1) (trojan.rules)
2841756 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-03-27 2) (trojan.rules)
2841757 - ETPRO CURRENT_EVENTS Successful Chase Phish 2020-03-29
(current_events.rules)
2841758 - ETPRO CURRENT_EVENTS Successful BBVA Phish 2020-03-29
(current_events.rules)
2841759 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2020-03-29 (current_events.rules)
2841760 - ETPRO CURRENT_EVENTS Successful Generic Phish 2020-03-29
(current_events.rules)
2841761 - ETPRO CURRENT_EVENTS Successful Facebook Phish 2020-03-29
(current_events.rules)
2841762 - ETPRO CURRENT_EVENTS Successful Adobe Shared Document Phish
2020-03-29 (current_events.rules)
2841763 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-03-30 1) (trojan.rules)
2841764 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-03-30 2) (trojan.rules)
2841765 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-03-30 3) (trojan.rules)
2841766 - ETPRO CURRENT_EVENTS Successful ABSA Phish 2020-03-30
(current_events.rules)
2841767 - ETPRO CURRENT_EVENTS Successful Societe Generale Phish
2020-03-30 (current_events.rules)
2841768 - ETPRO CURRENT_EVENTS Successful Generic Webmail Settings Phish
2020-03-30 (current_events.rules)
2841769 - ETPRO CURRENT_EVENTS Successful Generic TR Bank Phish
2020-03-30 (current_events.rules)
2841770 - ETPRO CURRENT_EVENTS Successful SunTrust Phish 2020-03-30
(current_events.rules)
2841771 - ETPRO CURRENT_EVENTS Successful Facebook Phish 2020-03-30
(current_events.rules)
2841772 - ETPRO CURRENT_EVENTS Successful Chase Phish 2020-03-30
(current_events.rules)
2841773 - ETPRO CURRENT_EVENTS Successful Rakuten Phish 2020-03-30
(current_events.rules)
2841774 - ETPRO TROJAN W32/Injector.jwcqy CnC Activity M1 (trojan.rules)
2841775 - ETPRO TROJAN W32/Injector.jwcqy CnC Activity M2 (trojan.rules)
2841776 - ETPRO CURRENT_EVENTS Successful Canada Tax Return Phish
2020-03-30 (current_events.rules)
2841777 - ETPRO CURRENT_EVENTS Successful Generic Phish 2020-03-30
(current_events.rules)
[///] Modified active rules: [///]
2804834 - ETPRO MALWARE Installmate Installer Checkin (malware.rules)
2805068 - ETPRO TROJAN Backdoor.Win32.Poison Checkin (trojan.rules)
2806286 - ETPRO MALWARE Spyware/Win32.KeyMatch Checkin (malware.rules)
2806685 - ETPRO TROJAN Netdevil.1_5 reporting via ICQ WWW script
(trojan.rules)
2806873 - ETPRO TROJAN Rogue.Win32/FakeRean Checkin 3 (trojan.rules)
2808251 - ETPRO TROJAN Win32/Spy.Banker.AAYY CnC (OUTBOUND) (trojan.rules)
2809086 - ETPRO WEB_SPECIFIC_APPS CreativeContact Plugin Arbitrary File
Upload (web_specific_apps.rules)
2809167 - ETPRO TROJAN Gozi Downloader Checkin (trojan.rules)
2809240 - ETPRO MOBILE_MALWARE Android.Trojan.FakeInst.IS Checkin
(mobile_malware.rules)
2809269 - ETPRO TROJAN Rovnix CnC Beacon (trojan.rules)
2827296 - ETPRO MOBILE_MALWARE Android.Trojan.SmsSpy.GI CnC Beacon
(mobile_malware.rules)
2827378 - ETPRO MOBILE_MALWARE Android/Triada.DX Checkin
(mobile_malware.rules)
2827379 - ETPRO MOBILE_MALWARE Android/Triada.DX Checkin 2
(mobile_malware.rules)
2840472 - ETPRO CURRENT_EVENTS Successful Adobe PDF Cloud Phish
2020-01-16 (current_events.rules)