Daily Ruleset Update Summary
Daily Ruleset Update Summary 2020/08/25

[***]            Summary:            [***]

66 new OPEN, 82 new PRO (66 + 16). Phorpiex, AnubisStealer, MythBot and Various Phish

Thanks: @3xp0rtblog.

Many rules in the Suricata 5 ruleset have been updated with Suricata 5 rule syntax/keywords. A complete list of rules that were  changed can be found via the changelog here:
https://rules.emergingthreats.net/changelogs/suricata-5.0-enhanced.etpro.2020-08-25T22:32:12.txt

Please share issues, feedback, and requests at https://feedback.emergingthreats.net/feedback

[+++]          Added rules:          [+++]

Open:

  2030729 - ET TROJAN Observed Malicious SSL Cert (AnubisStealer CnC)
(trojan.rules)
  2030730 - ET TROJAN Observed Malicious SSL Cert (AnubisStealer CnC)
(trojan.rules)
  2030731 - ET CURRENT_EVENTS Possible Webmail Phishing Landing Utilizing
Clearbit (current_events.rules)
  2030732 - ET INFO Suspicious Request to Image with User-Agent Ending in
.exe (info.rules)
  2030733 - ET TROJAN Phorpiex CnC Domain in DNS Query (trojan.rules)
  2030734 - ET TROJAN Phorpiex CnC Domain in DNS Query (trojan.rules)
  2030735 - ET TROJAN Phorpiex CnC Domain in DNS Query (trojan.rules)
  2030736 - ET TROJAN Phorpiex CnC Domain in DNS Query (trojan.rules)
  2030737 - ET TROJAN Phorpiex CnC Domain in DNS Query (trojan.rules)
  2030738 - ET TROJAN Phorpiex CnC Domain in DNS Query (trojan.rules)
  2030739 - ET TROJAN Phorpiex CnC Domain in DNS Query (trojan.rules)
  2030740 - ET TROJAN Phorpiex CnC Domain in DNS Query (trojan.rules)
  2030741 - ET TROJAN Phorpiex CnC Domain in DNS Query (trojan.rules)
  2030742 - ET TROJAN Phorpiex CnC Domain in DNS Query (trojan.rules)
  2030743 - ET TROJAN Phorpiex CnC Domain in DNS Query (trojan.rules)
  2030744 - ET TROJAN Phorpiex CnC Domain in DNS Query (trojan.rules)
  2030745 - ET TROJAN Phorpiex CnC Domain in DNS Query (trojan.rules)
  2030746 - ET TROJAN Phorpiex CnC Domain in DNS Query (trojan.rules)
  2030747 - ET TROJAN Phorpiex CnC Domain in DNS Query (trojan.rules)
  2030748 - ET TROJAN Phorpiex CnC Domain in DNS Query (trojan.rules)
  2030749 - ET TROJAN Phorpiex CnC Domain in DNS Query (trojan.rules)
  2030750 - ET TROJAN Phorpiex CnC Domain in DNS Query (trojan.rules)
  2030751 - ET TROJAN Phorpiex CnC Domain in DNS Query (trojan.rules)
  2030752 - ET TROJAN Phorpiex CnC Domain in DNS Query (trojan.rules)
  2030753 - ET TROJAN Phorpiex CnC Domain in DNS Query (trojan.rules)
  2030754 - ET TROJAN Phorpiex CnC Domain in DNS Query (trojan.rules)
  2030755 - ET TROJAN Phorpiex CnC Domain in DNS Query (trojan.rules)
  2030756 - ET TROJAN Phorpiex CnC Domain in DNS Query (trojan.rules)
  2030757 - ET TROJAN Phorpiex CnC Domain in DNS Query (trojan.rules)
  2030758 - ET TROJAN Phorpiex CnC Domain in DNS Query (trojan.rules)
  2030759 - ET TROJAN Phorpiex CnC Domain in DNS Query (trojan.rules)
  2030760 - ET TROJAN Phorpiex CnC Domain in DNS Query (trojan.rules)
  2030761 - ET TROJAN Phorpiex CnC Domain in DNS Query (trojan.rules)
  2030762 - ET TROJAN Phorpiex CnC Domain in DNS Query (trojan.rules)
  2030763 - ET TROJAN Phorpiex CnC Domain in DNS Query (trojan.rules)
  2030764 - ET TROJAN Phorpiex CnC Domain in DNS Query (trojan.rules)
  2030765 - ET TROJAN Phorpiex CnC Domain in DNS Query (trojan.rules)
  2030766 - ET TROJAN Phorpiex CnC Domain in DNS Query (trojan.rules)
  2030767 - ET TROJAN Phorpiex CnC Domain in DNS Query (trojan.rules)
  2030768 - ET TROJAN Phorpiex CnC Domain in DNS Query (trojan.rules)
  2030769 - ET TROJAN Phorpiex CnC Domain in DNS Query (trojan.rules)
  2030770 - ET TROJAN Phorpiex CnC Domain in DNS Query (trojan.rules)
  2030771 - ET TROJAN Phorpiex CnC Domain in DNS Query (trojan.rules)
  2030772 - ET TROJAN Phorpiex CnC Domain in DNS Query (trojan.rules)
  2030773 - ET TROJAN Phorpiex CnC Domain in DNS Query (trojan.rules)
  2030774 - ET TROJAN Phorpiex CnC Domain in DNS Query (trojan.rules)
  2030775 - ET TROJAN Phorpiex CnC Domain in DNS Query (trojan.rules)
  2030776 - ET TROJAN Phorpiex CnC Domain in DNS Query (trojan.rules)
  2030777 - ET TROJAN Phorpiex CnC Domain in DNS Query (trojan.rules)
  2030778 - ET TROJAN Phorpiex CnC Domain in DNS Query (trojan.rules)
  2030779 - ET TROJAN Phorpiex CnC Domain in DNS Query (trojan.rules)
  2030780 - ET TROJAN Phorpiex CnC Domain in DNS Query (trojan.rules)
  2030781 - ET TROJAN Phorpiex CnC Domain in DNS Query (trojan.rules)
  2030782 - ET TROJAN Phorpiex CnC Domain in DNS Query (trojan.rules)
  2030783 - ET TROJAN Phorpiex CnC Domain in DNS Query (trojan.rules)
  2030784 - ET TROJAN Phorpiex CnC Domain in DNS Query (trojan.rules)
  2030785 - ET TROJAN Phorpiex CnC Domain in DNS Query (trojan.rules)
  2030786 - ET TROJAN Phorpiex CnC Domain in DNS Query (trojan.rules)
  2030787 - ET TROJAN Phorpiex CnC Domain in DNS Query (trojan.rules)
  2030788 - ET TROJAN Phorpiex CnC Domain in DNS Query (trojan.rules)
  2030789 - ET TROJAN Phorpiex CnC Domain in DNS Query (trojan.rules)
  2030790 - ET TROJAN Phorpiex CnC Domain in DNS Query (trojan.rules)
  2030791 - ET TROJAN Phorpiex CnC Domain in DNS Query (trojan.rules)
  2030792 - ET TROJAN Phorpiex CnC Domain in DNS Query (trojan.rules)
  2030793 - ET TROJAN Phorpiex CnC Domain in DNS Query (trojan.rules)
  2030794 - ET TROJAN Phorpiex CnC Domain in DNS Query (trojan.rules)

Pro:

  2844140 - ETPRO TROJAN Win32/ASteal/Loki Variant CnC Activity
(trojan.rules)
  2844141 - ETPRO TROJAN Win32/AnubisStealer Variant CnC Activity
(trojan.rules)
  2844142 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-08-25 1) (trojan.rules)
  2844143 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-08-25 2) (trojan.rules)
  2844144 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-08-25 3) (trojan.rules)
  2844145 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-08-25 4) (trojan.rules)
  2844146 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2020-08-25 (current_events.rules)
  2844147 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2020-08-25 (current_events.rules)
  2844148 - ETPRO CURRENT_EVENTS Successful Keybank Phish 2020-08-25
(current_events.rules)
  2844149 - ETPRO CURRENT_EVENTS Successful Wells Fargo Phish 2020-08-25
(current_events.rules)
  2844150 - ETPRO CURRENT_EVENTS Successful Gmail Phish 2020-08-25
(current_events.rules)
  2844151 - ETPRO CURRENT_EVENTS Successful Outlook Web App Phish
2020-08-25 (current_events.rules)
  2844152 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish
2020-08-25 (current_events.rules)
  2844153 - ETPRO CURRENT_EVENTS Successful Generic Webmail Phish
2020-08-25 (current_events.rules)
  2844154 - ETPRO TROJAN Observed DCRat CnC Domain in TLS SNI (trojan.rules)
  2844155 - ETPRO TROJAN Observed MythBot CnC Domain in TLS SNI
(trojan.rules)

[///]     Modified active rules:     [///]

  2842317 - ETPRO TROJAN Win32/Emotet CnC Activity (POST) M9 (trojan.rules)
  2842883 - ETPRO TROJAN Win32/Sality.NBA Variant Downloader Activity
(trojan.rules)
  2030664 - ET TROJAN AutoHotKey offthewall Downloader Requesting Payload
(trojan.rules)

Date:
Summary title:
66 new OPEN, 82 new PRO (66 + 16). Phorpiex, AnubisStealer, MythBot and Various Phish