[***] Summary: [***]
66 new OPEN, 82 new PRO (66 + 16). Phorpiex, AnubisStealer, MythBot and Various Phish
Thanks: @3xp0rtblog.
Many rules in the Suricata 5 ruleset have been updated with Suricata 5 rule syntax/keywords. A complete list of rules that were changed can be found via the changelog here:
https://rules.emergingthreats.net/changelogs/suricata-5.0-enhanced.etpro.2020-08-25T22:32:12.txt
Please share issues, feedback, and requests at https://feedback.emergingthreats.net/feedback
[+++] Added rules: [+++]
Open:
2030729 - ET TROJAN Observed Malicious SSL Cert (AnubisStealer CnC)
(trojan.rules)
2030730 - ET TROJAN Observed Malicious SSL Cert (AnubisStealer CnC)
(trojan.rules)
2030731 - ET CURRENT_EVENTS Possible Webmail Phishing Landing Utilizing
Clearbit (current_events.rules)
2030732 - ET INFO Suspicious Request to Image with User-Agent Ending in
.exe (info.rules)
2030733 - ET TROJAN Phorpiex CnC Domain in DNS Query (trojan.rules)
2030734 - ET TROJAN Phorpiex CnC Domain in DNS Query (trojan.rules)
2030735 - ET TROJAN Phorpiex CnC Domain in DNS Query (trojan.rules)
2030736 - ET TROJAN Phorpiex CnC Domain in DNS Query (trojan.rules)
2030737 - ET TROJAN Phorpiex CnC Domain in DNS Query (trojan.rules)
2030738 - ET TROJAN Phorpiex CnC Domain in DNS Query (trojan.rules)
2030739 - ET TROJAN Phorpiex CnC Domain in DNS Query (trojan.rules)
2030740 - ET TROJAN Phorpiex CnC Domain in DNS Query (trojan.rules)
2030741 - ET TROJAN Phorpiex CnC Domain in DNS Query (trojan.rules)
2030742 - ET TROJAN Phorpiex CnC Domain in DNS Query (trojan.rules)
2030743 - ET TROJAN Phorpiex CnC Domain in DNS Query (trojan.rules)
2030744 - ET TROJAN Phorpiex CnC Domain in DNS Query (trojan.rules)
2030745 - ET TROJAN Phorpiex CnC Domain in DNS Query (trojan.rules)
2030746 - ET TROJAN Phorpiex CnC Domain in DNS Query (trojan.rules)
2030747 - ET TROJAN Phorpiex CnC Domain in DNS Query (trojan.rules)
2030748 - ET TROJAN Phorpiex CnC Domain in DNS Query (trojan.rules)
2030749 - ET TROJAN Phorpiex CnC Domain in DNS Query (trojan.rules)
2030750 - ET TROJAN Phorpiex CnC Domain in DNS Query (trojan.rules)
2030751 - ET TROJAN Phorpiex CnC Domain in DNS Query (trojan.rules)
2030752 - ET TROJAN Phorpiex CnC Domain in DNS Query (trojan.rules)
2030753 - ET TROJAN Phorpiex CnC Domain in DNS Query (trojan.rules)
2030754 - ET TROJAN Phorpiex CnC Domain in DNS Query (trojan.rules)
2030755 - ET TROJAN Phorpiex CnC Domain in DNS Query (trojan.rules)
2030756 - ET TROJAN Phorpiex CnC Domain in DNS Query (trojan.rules)
2030757 - ET TROJAN Phorpiex CnC Domain in DNS Query (trojan.rules)
2030758 - ET TROJAN Phorpiex CnC Domain in DNS Query (trojan.rules)
2030759 - ET TROJAN Phorpiex CnC Domain in DNS Query (trojan.rules)
2030760 - ET TROJAN Phorpiex CnC Domain in DNS Query (trojan.rules)
2030761 - ET TROJAN Phorpiex CnC Domain in DNS Query (trojan.rules)
2030762 - ET TROJAN Phorpiex CnC Domain in DNS Query (trojan.rules)
2030763 - ET TROJAN Phorpiex CnC Domain in DNS Query (trojan.rules)
2030764 - ET TROJAN Phorpiex CnC Domain in DNS Query (trojan.rules)
2030765 - ET TROJAN Phorpiex CnC Domain in DNS Query (trojan.rules)
2030766 - ET TROJAN Phorpiex CnC Domain in DNS Query (trojan.rules)
2030767 - ET TROJAN Phorpiex CnC Domain in DNS Query (trojan.rules)
2030768 - ET TROJAN Phorpiex CnC Domain in DNS Query (trojan.rules)
2030769 - ET TROJAN Phorpiex CnC Domain in DNS Query (trojan.rules)
2030770 - ET TROJAN Phorpiex CnC Domain in DNS Query (trojan.rules)
2030771 - ET TROJAN Phorpiex CnC Domain in DNS Query (trojan.rules)
2030772 - ET TROJAN Phorpiex CnC Domain in DNS Query (trojan.rules)
2030773 - ET TROJAN Phorpiex CnC Domain in DNS Query (trojan.rules)
2030774 - ET TROJAN Phorpiex CnC Domain in DNS Query (trojan.rules)
2030775 - ET TROJAN Phorpiex CnC Domain in DNS Query (trojan.rules)
2030776 - ET TROJAN Phorpiex CnC Domain in DNS Query (trojan.rules)
2030777 - ET TROJAN Phorpiex CnC Domain in DNS Query (trojan.rules)
2030778 - ET TROJAN Phorpiex CnC Domain in DNS Query (trojan.rules)
2030779 - ET TROJAN Phorpiex CnC Domain in DNS Query (trojan.rules)
2030780 - ET TROJAN Phorpiex CnC Domain in DNS Query (trojan.rules)
2030781 - ET TROJAN Phorpiex CnC Domain in DNS Query (trojan.rules)
2030782 - ET TROJAN Phorpiex CnC Domain in DNS Query (trojan.rules)
2030783 - ET TROJAN Phorpiex CnC Domain in DNS Query (trojan.rules)
2030784 - ET TROJAN Phorpiex CnC Domain in DNS Query (trojan.rules)
2030785 - ET TROJAN Phorpiex CnC Domain in DNS Query (trojan.rules)
2030786 - ET TROJAN Phorpiex CnC Domain in DNS Query (trojan.rules)
2030787 - ET TROJAN Phorpiex CnC Domain in DNS Query (trojan.rules)
2030788 - ET TROJAN Phorpiex CnC Domain in DNS Query (trojan.rules)
2030789 - ET TROJAN Phorpiex CnC Domain in DNS Query (trojan.rules)
2030790 - ET TROJAN Phorpiex CnC Domain in DNS Query (trojan.rules)
2030791 - ET TROJAN Phorpiex CnC Domain in DNS Query (trojan.rules)
2030792 - ET TROJAN Phorpiex CnC Domain in DNS Query (trojan.rules)
2030793 - ET TROJAN Phorpiex CnC Domain in DNS Query (trojan.rules)
2030794 - ET TROJAN Phorpiex CnC Domain in DNS Query (trojan.rules)
Pro:
2844140 - ETPRO TROJAN Win32/ASteal/Loki Variant CnC Activity
(trojan.rules)
2844141 - ETPRO TROJAN Win32/AnubisStealer Variant CnC Activity
(trojan.rules)
2844142 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-08-25 1) (trojan.rules)
2844143 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-08-25 2) (trojan.rules)
2844144 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-08-25 3) (trojan.rules)
2844145 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-08-25 4) (trojan.rules)
2844146 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2020-08-25 (current_events.rules)
2844147 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2020-08-25 (current_events.rules)
2844148 - ETPRO CURRENT_EVENTS Successful Keybank Phish 2020-08-25
(current_events.rules)
2844149 - ETPRO CURRENT_EVENTS Successful Wells Fargo Phish 2020-08-25
(current_events.rules)
2844150 - ETPRO CURRENT_EVENTS Successful Gmail Phish 2020-08-25
(current_events.rules)
2844151 - ETPRO CURRENT_EVENTS Successful Outlook Web App Phish
2020-08-25 (current_events.rules)
2844152 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish
2020-08-25 (current_events.rules)
2844153 - ETPRO CURRENT_EVENTS Successful Generic Webmail Phish
2020-08-25 (current_events.rules)
2844154 - ETPRO TROJAN Observed DCRat CnC Domain in TLS SNI (trojan.rules)
2844155 - ETPRO TROJAN Observed MythBot CnC Domain in TLS SNI
(trojan.rules)
[///] Modified active rules: [///]
2842317 - ETPRO TROJAN Win32/Emotet CnC Activity (POST) M9 (trojan.rules)
2842883 - ETPRO TROJAN Win32/Sality.NBA Variant Downloader Activity
(trojan.rules)
2030664 - ET TROJAN AutoHotKey offthewall Downloader Requesting Payload
(trojan.rules)