Daily Ruleset Update Summary 2020/04/01

[***] Summary: [***]

6 new Open, 29 new Pro (6 + 23). Various COVID-19 Phish/Scam,
Linux/Agent.HX CnC, Win32/Vendetta Backdoor, Win32/Remcos, Various
Phishing.

Thanks: @michalmalik

Suricata 2/3 Support from Emerging Threats will be become End-Of-Life on
April 15th, 2020.

Suricata 2/3 EOL information:
https://lists.emergingthreats.net/pipermail/emerging-updates/2019-Octob…

[+++] Added rules: [+++]

Open:

2029782 - ET CURRENT_EVENTS Successful Canada Revenue Agency COVID-19
Assistance Eligibility Phish 2020-04-01 (current_events.rules)
2029783 - ET CURRENT_EVENTS Successful Canada Revenue Agency COVID-19
Assistance Eligibility (FR) Phish 2020-04-01 (current_events.rules)
2029784 - ET GAMES Growtopia Hack - WrongGrow CnC Activity (games.rules)
2029785 - ET TROJAN Linux/Agent.HX CnC Activity (set) (trojan.rules)
2029786 - ET TROJAN Linux/Agent.HX CnC Activity M1 (trojan.rules)
2029787 - ET TROJAN Linux/Agent.HX CnC Activity M2 (trojan.rules)

Pro:

2841804 - ETPRO TROJAN Win32/Vendetta Backdoor CnC Command (Hidden
Updates) (trojan.rules)
2841805 - ETPRO TROJAN Win32/Vendetta Backdoor CnC Response (userlist)
(trojan.rules)
2841807 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-04-01 1) (trojan.rules)
2841808 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-04-01 2) (trojan.rules)
2841809 - ETPRO CURRENT_EVENTS Successful Shaw Webmail Phish 2020-04-01
(current_events.rules)
2841810 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2020-04-01 (current_events.rules)
2841811 - ETPRO CURRENT_EVENTS Successful Microsoft Sharepoint Phish
2020-04-01 (current_events.rules)
2841812 - ETPRO CURRENT_EVENTS Successful Chase Phish 2020-04-01
(current_events.rules)
2841813 - ETPRO CURRENT_EVENTS Successful IRS Tax Refund Phish 2020-04-01
(current_events.rules)
2841814 - ETPRO TROJAN W32/TrojanDownloader.Agent.FBF Variant CnC Host
Checkin (trojan.rules)
2841815 - ETPRO TROJAN W32/TrojanDownloader.Agent.FBF Variant CnC
Activity (trojan.rules)
2841816 - ETPRO CURRENT_EVENTS Successful Outlook Web App Phish
2020-04-01 (current_events.rules)
2841817 - ETPRO CURRENT_EVENTS Successful Santander Phish 2020-04-01
(current_events.rules)
2841818 - ETPRO TROJAN Possible W32/Unk Iplogger Host Checkin
(trojan.rules)
2841819 - ETPRO CURRENT_EVENTS Successful Linkedin Phish 2020-04-01
(current_events.rules)
2841820 - ETPRO CURRENT_EVENTS Successful Telestra Phish 2020-04-01
(current_events.rules)
2841821 - ETPRO TROJAN Win32/PSW.Agent.OIN CnC Activity (trojan.rules)
2841823 - ETPRO TROJAN Win32/Remcos RAT Checkin 380 (trojan.rules)
2841824 - ETPRO TROJAN Win32/Remcos RAT Checkin 381 (trojan.rules)
2841825 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
2841826 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)

[///] Modified active rules: [///]

2827391 - ETPRO TROJAN MSIL/FriendlyBot CnC Checkin (trojan.rules)
2827456 - ETPRO MOBILE_MALWARE Android.Trojan.DDLight.E Checkin
(mobile_malware.rules)
2827509 - ETPRO TROJAN Win32/Downloader.Banload.YAZ CnC Activity
(trojan.rules)
2827605 - ETPRO TROJAN Win32/1ms0rry CoinMiner Botnet CnC Checkin
(trojan.rules)
2827607 - ETPRO TROJAN MSIL/HookUp Bot CnC Checkin (trojan.rules)
2827629 - ETPRO MOBILE_MALWARE Anubis Android Loader / BankBot Checkin 13
(mobile_malware.rules)
2827630 - ETPRO MOBILE_MALWARE Anubis Android Loader / BankBot Checkin 14
(mobile_malware.rules)
2827633 - ETPRO MOBILE_MALWARE Android.Trojan.InfoStealer.GV CnC Beacon
(mobile_malware.rules)
2827695 - ETPRO TROJAN Win32/Banload.Downloader POST request CnC Checkin
(trojan.rules)
2827700 - ETPRO MOBILE_MALWARE PUP Android/SMSFlooder.Agent.BN
CnC Beacon 3 (mobile_malware.rules)
2827718 - ETPRO TROJAN W32.PooLen Coinminer Requesting Commands
(trojan.rules)
2827762 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Triada.am
CnC Beacon (mobile_malware.rules)
2827809 - ETPRO MOBILE_MALWARE Android.Riskware.SmsPay.IT
CnC Beacon (mobile_malware.rules)
2827913 - ETPRO TROJAN Win32/Virut.NBP Checkin (trojan.rules)
2841781 - ETPRO TROJAN Win32/Vendetta Backdoor CnC Command (userlist)
(trojan.rules)

[---] Disabled rules: [---]

2827760 - ETPRO WEB_CLIENT FakeAV/TechSupport Scam Aug 30 2017
(web_client.rules)
2827775 - ETPRO TROJAN MSIL/CA MacroBot CnC Activity (trojan.rules)

Date:

Wednesday, April 1, 2020

Summary title:

6 new Open, 29 new Pro (6 + 23). Various COVID-19 Phish/Scam, Linux/Agent.HX CnC, Win32/Vendetta Backdoor, Win32/Remcos, Various Phishing.