Daily Ruleset Update Summary
Daily Ruleset Update Summary 2020/04/07

[***] Summary: [***]

4 Open, 27 Pro (4 + 23). Sidewinder APT, Android Hiddad, Burp Collector,
Various Phish.

Suricata 2/3 Support from Emerging Threats will become End-Of-Life on
April 15th, 2020.

Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++] Added rules: [+++]

Open:

2029825 - ET TROJAN Observed Sidewinder APT User-Agent (trojan.rules)
2029826 - ET POLICY Observed DNS Query to .burpcollector .net Domain
(policy.rules)
2029827 - ET CURRENT_EVENTS Possible Successful CDC Coronavirus Related
Phish 2020-04-07 (current_events.rules)
2029828 - ET CURRENT_EVENTS CDC Coronavirus Related Phishing Landing
2020-04-07 (current_events.rules)

Pro:

2841908 - ETPRO MOBILE_MALWARE Android/Hiddad.AIO DNS Lookup 1
(mobile_malware.rules)
2841909 - ETPRO MOBILE_MALWARE Android/Hiddad.AIO DNS Lookup 2
(mobile_malware.rules)
2841910 - ETPRO MOBILE_MALWARE Android/Hiddad.AIO DNS Lookup 3
(mobile_malware.rules)
2841911 - ETPRO MOBILE_MALWARE Android/Hiddad.AIO DNS Lookup 4
(mobile_malware.rules)
2841912 - ETPRO MOBILE_MALWARE Android/Hiddad.AIO DNS Lookup 5
(mobile_malware.rules)
2841913 - ETPRO MOBILE_MALWARE Android/Hiddad.AIO DNS Lookup 6
(mobile_malware.rules)
2841914 - ETPRO MOBILE_MALWARE Android/Hiddad.AIO DNS Lookup 7
(mobile_malware.rules)
2841915 - ETPRO MOBILE_MALWARE Android/Hiddad.AIO Checkin
(mobile_malware.rules)
2841916 - ETPRO MALWARE Burp Collector Reporting Group Information
(malware.rules)
2841917 - ETPRO POLICY Observed Burp Collaborator Server Header
(policy.rules)
2841918 - ETPRO INFO Observed Suspicious Reversed String Inbound
($env:APPDATA) (info.rules)
2841919 - ETPRO INFO Observed Suspicious Reversed String Inbound
(start-process) (info.rules)
2841920 - ETPRO TROJAN Observed Suspicious Reversed String Inbound (IEX)
(trojan.rules)
2841921 - ETPRO INFO Observed Suspicious Reversed String Inbound
(New-Object -Com) (info.rules)
2841922 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-04-06 1) (trojan.rules)
2841923 - ETPRO CURRENT_EVENTS Successful Wells Fargo Phish 2020-04-07
(current_events.rules)
2841924 - ETPRO CURRENT_EVENTS Successful BNP Paribas Phish 2020-04-07
(current_events.rules)
2841925 - ETPRO CURRENT_EVENTS Successful Chase Phish 2020-04-07
(current_events.rules)
2841926 - ETPRO CURRENT_EVENTS Successful BCP Phish 2020-04-07
(current_events.rules)
2841927 - ETPRO CURRENT_EVENTS Successful USAA Phish 2020-04-07
(current_events.rules)
2841928 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2020-04-07 (current_events.rules)
2841932 - ETPRO TROJAN Win32/Miancha.iua CnC Activity (trojan.rules)
2841933 - ETPRO MALWARE AD.QjwMonkey CnC Activity (malware.rules)

[---] Disabled rules: [---]

2815364 - ETPRO TROJAN Win32/Qbot/Quakbot Checkin via HTTP GET
(trojan.rules)

Date:
Summary title:
4 Open, 27 Pro (4 + 23). Sidewinder APT, Android Hiddad, Burp Collector, Various Phish. Suricata 2/3 Support from Emerging Threats will become End-Of-Life on April 15th, 2020.