Daily Ruleset Update Summary
Daily Ruleset Update Summary 2020/08/04

[***]            Summary:            [***]

2 new OPEN, 30 new PRO (2 + 28). Molerats, Win32/Kerber0sB0t, Omega, Various Phishing.

Many rules in the Suricata 5 ruleset have been updated with Suricata 5 rule syntax/keywords.
A complete list of rules that were changed can be found via the changelog here: https://rules.emergingthreats.net/changelogs/suricata-5.0-enhanced.etpro.2020-08-04T22:22:34.txt

Please share issues, feedback, and requests at https://feedback.emergingthreats.net/feedback

[+++]          Added rules:          [+++]

Open:

  2030644 - ET WEB_SPECIFIC_APPS LifterLMS Arbitrary File Write
Attempt Inbound (CVE-2020-6008) (web_specific_apps.rules)
  2030646 - ET CURRENT_EVENTS Possible Sucessful Generic Phish (set)
2020-08-04 (current_events.rules)

Pro:

  2843794 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Cerberus /
Anubis Checkin (mobile_malware.rules)
  2843795 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Molerats Checkin
(mobile_malware.rules)
  2843796 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Molerats CnC
Beacon (mobile_malware.rules)
  2843797 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Molerats CnC
Beacon 2 (mobile_malware.rules)
  2843798 - ETPRO TROJAN Win32/Fareit.L!MTB CnC Activity (trojan.rules)
  2843799 - ETPRO TROJAN Observed Kerber0sB0t User-Agent (trojan.rules)
  2843800 - ETPRO TROJAN Win32/Kerber0sB0t CnC Activity (trojan.rules)
  2843801 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT CnC)
(trojan.rules)
  2843802 - ETPRO INFO Possible Process List Dump in HTTP URI (info.rules)
  2843803 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-08-04 1) (trojan.rules)
  2843804 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-08-04 2) (trojan.rules)
  2843805 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-08-04 3) (trojan.rules)
  2843806 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-08-04 4) (trojan.rules)
  2843807 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-08-04 5) (trojan.rules)
  2843808 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-08-04 6) (trojan.rules)
  2843809 - ETPRO CURRENT_EVENTS Successful Outlook Voicemail Phish
2020-08-04 (current_events.rules)
  2843810 - ETPRO CURRENT_EVENTS Successful Tesco Phish 2020-08-04
(current_events.rules)
  2843811 - ETPRO CURRENT_EVENTS Successful Fedex Phish 2020-08-04
(current_events.rules)
  2843812 - ETPRO CURRENT_EVENTS Successful Lloyds Bank Phish
2020-08-04 (current_events.rules)
  2843813 - ETPRO CURRENT_EVENTS Successful My3 Phish 2020-08-04
(current_events.rules)
  2843814 - ETPRO TROJAN Omega CnC Download Request (trojan.rules)
  2843815 - ETPRO TROJAN Omega CnC Request (trojan.rules)
  2843816 - ETPRO INFO Generic Inbound URI Directory Traversal (info.rules)
  2843817 - ETPRO TROJAN Win32/Autoit.DZ CnC Activity (trojan.rules)
  2843818 - ETPRO POLICY External IP Lookup Domain Observed in SNI
(v2. api .iphub .info) (policy.rules)
  2843819 - ETPRO TROJAN Observed Python Stealer Domain in TLS SNI
(trojan.rules)
  2843820 - ETPRO CURRENT_EVENTS Successful myGov (AUS) Phish
2020-08-04 (current_events.rules)
  2843821 - ETPRO CURRENT_EVENTS Successful Vietcombank Phish
2020-08-04 (current_events.rules)

[///]     Modified active rules:     [///]

  2023653 - ET TROJAN TeleBots BCS-server User-Agent (trojan.rules)
  2023654 - ET TROJAN TeleBots VBS Backdoor CnC Beacon 1 (trojan.rules)
  2023811 - ET TROJAN Downeks Variant CnC Beacon (trojan.rules)
  2023814 - ET TROJAN CryptoShield Ransomware Checkin (trojan.rules)
  2023815 - ET TROJAN Shafttt MySQL Bruteforce Bot CnC Beacon (trojan.rules)
  2023818 - ET INFO Windows Update/Microsoft FP Flowbit (info.rules)

Date:
Summary title:
2 new OPEN, 30 new PRO (2 + 28). Molerats, Win32/Kerber0sB0t, Omega, Various Phishing.