[***] Summary: [***]
3 new OPEN, 22 new PRO (3 + 19). Win32/Randrew.A!bit CnC, DownLoadAdmin, Various Phishing.
Many rules in the Suricata 5 ruleset have been updated with Suricata 5 rule syntax/keywords. A complete list of rules that were changed can be found via the changelog here:
https://rules.emergingthreats.net/changelogs/suricata-5.0-enhanced.etpro.2020-08-07T22:58:54.txt
Please share issues, feedback, and requests at https://feedback.emergingthreats.net/feedback
[+++] Added rules: [+++]
Open:
2030663 - ET MALWARE DownLoadAdmin Activity (malware.rules)
2030664 - ET TROJAN AutoHotKey offthewall Downloader Requesting
Payload (trojan.rules)
2030665 - ET TROJAN Suspected Lockscreen Ransomware Activity (trojan.rules)
Pro:
2843895 - ETPRO TROJAN Win32/Randrew.A!bit CnC Checkin (trojan.rules)
2843896 - ETPRO INFO Suspicious Zipped Filename in Outbound POST
Request (UserAgents.txt) M2 (info.rules)
2843897 - ETPRO INFO Suspicious Zipped Filename in Outbound POST
Request (Browsers.log) M2 (info.rules)
2843898 - ETPRO INFO Suspicious Zipped Filename in Outbound POST
Request (Domains.log) M2 (info.rules)
2843899 - ETPRO INFO Suspicious Zipped Filename in Outbound POST
Request (information.log) M2 (info.rules)
2843900 - ETPRO TROJAN Suspicious Zipped Filename in Outbound POST
Request (Passwords.log) M2 (trojan.rules)
2843901 - ETPRO INFO Suspicious Zipped Filename in Outbound POST
Request (Chrome_Default_Cookies) M2 (info.rules)
2843902 - ETPRO INFO Suspicious Zipped Filename in Outbound POST
Request (Chrome_Default_Autocomplete) M2 (info.rules)
2843903 - ETPRO TROJAN Suspicious Zipped Filename in Outbound POST
Request (Chrome_Default_Credit_Cards) M2 (trojan.rules)
2843904 - ETPRO INFO Suspicious Zipped Filename in Outbound POST
Request (Chrome_Default_History) M2 (info.rules)
2843905 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-08-07 1) (trojan.rules)
2843906 - ETPRO CURRENT_EVENTS Successful BCP Phish 2020-08-07
(current_events.rules)
2843907 - ETPRO CURRENT_EVENTS Successful Outlook Web App Phish
2020-08-07 (current_events.rules)
2843908 - ETPRO CURRENT_EVENTS Possible Successful Generic Phish to
XYZ TLD 2020-08-07 (current_events.rules)
2843909 - ETPRO CURRENT_EVENTS Successful Fifth Third Bank Phish
2020-08-07 (current_events.rules)
2843910 - ETPRO CURRENT_EVENTS Possible Successful Generic Need
Phish 2020-08-07 (current_events.rules)
2843911 - ETPRO CURRENT_EVENTS Successful IRS Phish 2020-08-07
(current_events.rules)
2843912 - ETPRO CURRENT_EVENTS Successful Generic Phish (set)
2020-08-07 (current_events.rules)
2843913 - ETPRO MALWARE MSIL/CoinMiner Checkin (malware.rules)
[///] Modified active rules: [///]
2024019 - ET CURRENT_EVENTS Paypal Phishing Landing Feb 24 2017
(current_events.rules)
2025338 - ET CURRENT_EVENTS LinkedIn Phishing Landing 2018-02-09 M2
(current_events.rules)
2025660 - ET CURRENT_EVENTS Paypal Phishing Landing Jun 28 2017
(current_events.rules)
2025666 - ET CURRENT_EVENTS Bank of America Phishing Landing Aug 19
2015 (current_events.rules)
2026040 - ET TROJAN CobaltStrike DNS Beacon Response (trojan.rules)
2028605 - ET TROJAN Magecart CnC Domain Observed in DNS Query (trojan.rules)