Daily Ruleset Update Summary
Daily Ruleset Update Summary 2020/08/07

[***]            Summary:            [***]

3 new OPEN, 22 new PRO (3 + 19). Win32/Randrew.A!bit CnC, DownLoadAdmin, Various Phishing.

Many rules in the Suricata 5 ruleset have been updated with Suricata 5 rule syntax/keywords. A complete list of rules that were  changed can be found via the changelog here:
https://rules.emergingthreats.net/changelogs/suricata-5.0-enhanced.etpro.2020-08-07T22:58:54.txt

Please share issues, feedback, and requests at https://feedback.emergingthreats.net/feedback

[+++]          Added rules:          [+++]

Open:

  2030663 - ET MALWARE DownLoadAdmin Activity (malware.rules)
  2030664 - ET TROJAN AutoHotKey offthewall Downloader Requesting
Payload (trojan.rules)
  2030665 - ET TROJAN Suspected Lockscreen Ransomware Activity (trojan.rules)

Pro:

  2843895 - ETPRO TROJAN Win32/Randrew.A!bit CnC Checkin (trojan.rules)
  2843896 - ETPRO INFO Suspicious Zipped Filename in Outbound POST
Request (UserAgents.txt) M2 (info.rules)
  2843897 - ETPRO INFO Suspicious Zipped Filename in Outbound POST
Request (Browsers.log) M2 (info.rules)
  2843898 - ETPRO INFO Suspicious Zipped Filename in Outbound POST
Request (Domains.log) M2 (info.rules)
  2843899 - ETPRO INFO Suspicious Zipped Filename in Outbound POST
Request (information.log) M2 (info.rules)
  2843900 - ETPRO TROJAN Suspicious Zipped Filename in Outbound POST
Request (Passwords.log) M2 (trojan.rules)
  2843901 - ETPRO INFO Suspicious Zipped Filename in Outbound POST
Request (Chrome_Default_Cookies) M2 (info.rules)
  2843902 - ETPRO INFO Suspicious Zipped Filename in Outbound POST
Request (Chrome_Default_Autocomplete) M2 (info.rules)
  2843903 - ETPRO TROJAN Suspicious Zipped Filename in Outbound POST
Request (Chrome_Default_Credit_Cards) M2 (trojan.rules)
  2843904 - ETPRO INFO Suspicious Zipped Filename in Outbound POST
Request (Chrome_Default_History) M2 (info.rules)
  2843905 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-08-07 1) (trojan.rules)
  2843906 - ETPRO CURRENT_EVENTS Successful BCP Phish 2020-08-07
(current_events.rules)
  2843907 - ETPRO CURRENT_EVENTS Successful Outlook Web App Phish
2020-08-07 (current_events.rules)
  2843908 - ETPRO CURRENT_EVENTS Possible Successful Generic Phish to
XYZ TLD 2020-08-07 (current_events.rules)
  2843909 - ETPRO CURRENT_EVENTS Successful Fifth Third Bank Phish
2020-08-07 (current_events.rules)
  2843910 - ETPRO CURRENT_EVENTS Possible Successful Generic Need
Phish 2020-08-07 (current_events.rules)
  2843911 - ETPRO CURRENT_EVENTS Successful IRS Phish 2020-08-07
(current_events.rules)
  2843912 - ETPRO CURRENT_EVENTS Successful Generic Phish (set)
2020-08-07 (current_events.rules)
  2843913 - ETPRO MALWARE MSIL/CoinMiner Checkin (malware.rules)

[///]     Modified active rules:     [///]

  2024019 - ET CURRENT_EVENTS Paypal Phishing Landing Feb 24 2017
(current_events.rules)
  2025338 - ET CURRENT_EVENTS LinkedIn Phishing Landing 2018-02-09 M2
(current_events.rules)
  2025660 - ET CURRENT_EVENTS Paypal Phishing Landing Jun 28 2017
(current_events.rules)
  2025666 - ET CURRENT_EVENTS Bank of America Phishing Landing Aug 19
2015 (current_events.rules)
  2026040 - ET TROJAN CobaltStrike DNS Beacon Response (trojan.rules)
  2028605 - ET TROJAN Magecart CnC Domain Observed in DNS Query (trojan.rules)
 

Date:
Summary title:
3 new OPEN, 22 new PRO (3 + 19). Win32/Randrew.A!bit CnC, DownLoadAdmin, Various Phishing.