[***] Summary: [***]
25 Open, 38 Pro (25 + 13). DACLS RAT, Lemon Duck, Various Webshells,
Various Phish.
Suricata 2/3 Support from Emerging Threats will become End-Of-Life on
April 15th, 2020.
Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback
[+++] Added rules: [+++]
Open:
2029856 - ET TROJAN Possible DACLS RAT CnC (Log Check) (trojan.rules)
2029857 - ET WEB_CLIENT Tech Support Scam 2020-04-10 (web_client.rules)
2029858 - ET CURRENT_EVENTS OneDrive Phishing Landing 2020-04-10
(current_events.rules)
2029859 - ET WEB_CLIENT WSO 2.6 Webshell Accessed on External Compromised
Server (web_client.rules)
2029860 - ET WEB_SERVER WSO 2.6 Webshell Accessed on Internal Compromised
Server (web_server.rules)
2029861 - ET WEB_CLIENT WSO 2.5 Webshell Accessed on External Compromised
Server (web_client.rules)
2029862 - ET WEB_SERVER WSO 2.5 Webshell Accessed on Internal Compromised
Server (web_server.rules)
2029863 - ET WEB_CLIENT X-Sec Webshell Accessed on External Compromised
Server (web_client.rules)
2029864 - ET WEB_SERVER X-Sec Webshell Accessed on Internal Compromised
Server (web_server.rules)
2029865 - ET WEB_CLIENT ALFA TEaM Webshell Accessed on External
Compromised Server (web_client.rules)
2029866 - ET WEB_SERVER ALFA TEaM Webshell Accessed on Internal
Compromised Server (web_server.rules)
2029867 - ET WEB_CLIENT WSO 4.2.5 Webshell Accessed on External
Compromised Server (web_client.rules)
2029868 - ET WEB_SERVER WSO 4.2.5 Webshell Accessed on Internal
Compromised Server (web_server.rules)
2029869 - ET WEB_CLIENT WSO 4.2.6 Webshell Accessed on External
Compromised Server (web_client.rules)
2029870 - ET WEB_SERVER WSO 4.2.6 Webshell Accessed on Internal
Compromised Server (web_server.rules)
2029871 - ET WEB_CLIENT Kageyama Webshell Accessed on External
Compromised Server (web_client.rules)
2029872 - ET WEB_SERVER Kageyama Webshell Accessed on Internal
Compromised Server (web_server.rules)
2029873 - ET WEB_CLIENT Generic WSO Webshell Accessed on External
Compromised Server (web_client.rules)
2029874 - ET WEB_SERVER Generic WSO Webshell Accessed on Internal
Compromised Server (web_server.rules)
2029875 - ET WEB_CLIENT MINI MO Webshell Accessed on External Compromised
Server (web_client.rules)
2029876 - ET WEB_SERVER MINI MO Webshell Accessed on Internal Compromised
Server (web_server.rules)
2029877 - ET CURRENT_EVENTS OneDrive Phishing Landing 2020-04-10
(current_events.rules)
2029878 - ET CURRENT_EVENTS Instagram Phishing Landing 2020-04-10
(current_events.rules)
2029879 - ET TROJAN Possible DACLS RAT CnC (Log Server Reporting)
(trojan.rules)
2029880 - ET TROJAN Possible DACLS RAT Log Collector Download
(trojan.rules)
Pro:
2841976 - ETPRO TROJAN Lemon_Duck Powershell CnC Checkin M3 (trojan.rules)
2841977 - ETPRO TROJAN Lemon_Duck Powershell Requesting Payload M1
(trojan.rules)
2841978 - ETPRO TROJAN Lemon_Duck Powershell Requesting Payload M2
(trojan.rules)
2841979 - ETPRO CURRENT_EVENTS Successful OneDrive Phish 2020-04-10
(current_events.rules)
2841980 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-04-10 1) (trojan.rules)
2841981 - ETPRO CURRENT_EVENTS Successful UniCredit Phish 2020-04-10
(current_events.rules)
2841982 - ETPRO CURRENT_EVENTS Successful American Express Phish
2020-04-10 (current_events.rules)
2841983 - ETPRO CURRENT_EVENTS Successful UBI Banca Phish 2020-04-10
(current_events.rules)
2841984 - ETPRO CURRENT_EVENTS Successful Turbotax Phish 2020-04-10
(current_events.rules)
2841985 - ETPRO CURRENT_EVENTS Successful CIBC Phish 2020-04-10
(current_events.rules)
2841986 - ETPRO CURRENT_EVENTS Successful Godaddy Phish 2020-04-10
(current_events.rules)
2841987 - ETPRO CURRENT_EVENTS Successful ABN AMRO Phish 2020-04-10
(current_events.rules)
2841988 - ETPRO CURRENT_EVENTS Successful Camden National Bank Phish
2020-04-10 (current_events.rules)
[///] Modified active rules: [///]
2027762 - ET USER_AGENTS AnyDesk Remote Desktop Software User-Agent
(user_agents.rules)