Daily Ruleset Update Summary
Daily Ruleset Update Summary 2020/04/22

[***]            Summary:            [***]

3 new Open, 19 new Pro (3 + 16). PROJECTSPY, Win32/Kryptik.GGXP.UNKRAT, Remcos, Various Phishing.

Many rules in the Suricata 5 ruleset have been updated with Suricata 5 rule syntax/keywords. A complete list of rules that were changed can be found via the changelog here:
https://rules.emergingthreats.net/changelogs/suricata-5.0-enhanced.etpro.2020-04-22T22:54:35.txt

Please be aware that after the deprecation of our Suricata 2/3 support (April 15th 2020), the path for downloading the last pushed production Suricata 2/3 rulesets have changed.  Deprecated rulesets are available at https://rules.emergingthreatspro.com/OINK/old for ETPro and https://rules.emergingthreatspro.com/open/old/ for ETOpen.  All requests for the Suricata 2/3 at their previous locations will now lead to the Suricata 4.0 production rules for ETPro and the rule download instructions for ETOpen.

Please share issues, feedback, and requests at https://feedback.emergingthreats.net/feedback

[+++]          Added rules:          [+++]

Open:

  2029993 - ET MOBILE_MALWARE Suspected PROJECTSPY Cookie
(mobile_malware.rules)
  2029994 - ET INFO Suspicious NULL DNS Request (info.rules)
  2029995 - ET TROJAN Suspicious Long NULL DNS Request - Possible DNS
Tunneling (trojan.rules)

Pro:

  2842132 - ETPRO TROJAN Win32/Kryptik.GGXP.UNKRAT CnC Keep-Alive (Inbound)
(trojan.rules)
  2842133 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-04-22 1) (trojan.rules)
  2842134 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-04-22 2) (trojan.rules)
  2842135 - ETPRO CURRENT_EVENTS Successful Microsoft Sharepoint Phish
2020-04-22 (current_events.rules)
  2842136 - ETPRO CURRENT_EVENTS Successful Adobe Connect Phish 2020-04-22
(current_events.rules)
  2842137 - ETPRO CURRENT_EVENTS Successful AU ID Phish 2020-04-22
(current_events.rules)
  2842138 - ETPRO CURRENT_EVENTS Successful Skandia Sparbanken Phish
2020-04-22 (current_events.rules)
  2842139 - ETPRO CURRENT_EVENTS Successful GOV UK Universal Credit Phish
2020-04-22 (current_events.rules)
  2842140 - ETPRO CURRENT_EVENTS Successful Banco Itau Phish 2020-04-22
(current_events.rules)
  2842141 - ETPRO CURRENT_EVENTS Successful Microsoft Voicemail Phish
2020-04-22 (current_events.rules)
  2842142 - ETPRO CURRENT_EVENTS Successful Wells Fargo Phish 2020-04-22
(current_events.rules)
  2842143 - ETPRO TROJAN Win32/Remcos RAT Checkin 404 (trojan.rules)
  2842144 - ETPRO TROJAN Win32/Remcos RAT Checkin 405 (trojan.rules)
  2842145 - ETPRO TROJAN Win32/Remcos RAT Checkin 406 (trojan.rules)
  2842146 - ETPRO TROJAN PowerShell Backdoor Checkin M1 (trojan.rules)
  2842147 - ETPRO TROJAN PowerShell Backdoor Checkin M2 (trojan.rules)

 [///]     Modified active rules:     [///]

  2029576 - ET TROJAN Kimsuky Related Host Data Exfil (trojan.rules)

Date:
Summary title:
3 new Open, 19 new Pro (3 + 16). PROJECTSPY, Win32/Kryptik.GGXP.UNKRAT, Remcos, Various Phishing.