[***] Summary: [***]
2 new OPEN, 30 new PRO (2 + 28). Molerats, Win32/Kerber0sB0t, Omega, Various Phishing.
Many rules in the Suricata 5 ruleset have been updated with Suricata 5 rule syntax/keywords.
A complete list of rules that were changed can be found via the changelog here: https://rules.emergingthreats.net/changelogs/suricata-5.0-enhanced.etpro.2020-08-04T22:22:34.txt
Please share issues, feedback, and requests at https://feedback.emergingthreats.net/feedback
[+++] Added rules: [+++]
Open:
2030644 - ET WEB_SPECIFIC_APPS LifterLMS Arbitrary File Write
Attempt Inbound (CVE-2020-6008) (web_specific_apps.rules)
2030646 - ET CURRENT_EVENTS Possible Sucessful Generic Phish (set)
2020-08-04 (current_events.rules)
Pro:
2843794 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Cerberus /
Anubis Checkin (mobile_malware.rules)
2843795 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Molerats Checkin
(mobile_malware.rules)
2843796 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Molerats CnC
Beacon (mobile_malware.rules)
2843797 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Molerats CnC
Beacon 2 (mobile_malware.rules)
2843798 - ETPRO TROJAN Win32/Fareit.L!MTB CnC Activity (trojan.rules)
2843799 - ETPRO TROJAN Observed Kerber0sB0t User-Agent (trojan.rules)
2843800 - ETPRO TROJAN Win32/Kerber0sB0t CnC Activity (trojan.rules)
2843801 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT CnC)
(trojan.rules)
2843802 - ETPRO INFO Possible Process List Dump in HTTP URI (info.rules)
2843803 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-08-04 1) (trojan.rules)
2843804 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-08-04 2) (trojan.rules)
2843805 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-08-04 3) (trojan.rules)
2843806 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-08-04 4) (trojan.rules)
2843807 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-08-04 5) (trojan.rules)
2843808 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-08-04 6) (trojan.rules)
2843809 - ETPRO CURRENT_EVENTS Successful Outlook Voicemail Phish
2020-08-04 (current_events.rules)
2843810 - ETPRO CURRENT_EVENTS Successful Tesco Phish 2020-08-04
(current_events.rules)
2843811 - ETPRO CURRENT_EVENTS Successful Fedex Phish 2020-08-04
(current_events.rules)
2843812 - ETPRO CURRENT_EVENTS Successful Lloyds Bank Phish
2020-08-04 (current_events.rules)
2843813 - ETPRO CURRENT_EVENTS Successful My3 Phish 2020-08-04
(current_events.rules)
2843814 - ETPRO TROJAN Omega CnC Download Request (trojan.rules)
2843815 - ETPRO TROJAN Omega CnC Request (trojan.rules)
2843816 - ETPRO INFO Generic Inbound URI Directory Traversal (info.rules)
2843817 - ETPRO TROJAN Win32/Autoit.DZ CnC Activity (trojan.rules)
2843818 - ETPRO POLICY External IP Lookup Domain Observed in SNI
(v2. api .iphub .info) (policy.rules)
2843819 - ETPRO TROJAN Observed Python Stealer Domain in TLS SNI
(trojan.rules)
2843820 - ETPRO CURRENT_EVENTS Successful myGov (AUS) Phish
2020-08-04 (current_events.rules)
2843821 - ETPRO CURRENT_EVENTS Successful Vietcombank Phish
2020-08-04 (current_events.rules)
[///] Modified active rules: [///]
2023653 - ET TROJAN TeleBots BCS-server User-Agent (trojan.rules)
2023654 - ET TROJAN TeleBots VBS Backdoor CnC Beacon 1 (trojan.rules)
2023811 - ET TROJAN Downeks Variant CnC Beacon (trojan.rules)
2023814 - ET TROJAN CryptoShield Ransomware Checkin (trojan.rules)
2023815 - ET TROJAN Shafttt MySQL Bruteforce Bot CnC Beacon (trojan.rules)
2023818 - ET INFO Windows Update/Microsoft FP Flowbit (info.rules)