[***]            Summary:            [***]

25 new OPEN, 47 new PRO (25 + 22). Get2, Fifteencande, Grandoreiro Downloader and Various Phish

Many rules in the Suricata 5 ruleset have been updated with Suricata 5 rule syntax/keywords. A complete list of rules that were  changed can be found via the changelog here:
https://rules.emergingthreats.net/changelogs/suricata-5.0-enhanced.etpro.2020-08-26T22:00:04.txt

Please share issues, feedback, and requests at https://feedback.emergingthreats.net/feedback

[+++]          Added rules:          [+++]

Open:

  2030795 - ET TROJAN Observed Get2 CnC Domain in TLS SNI (trojan.rules)
  2030796 - ET TROJAN Observed Get2 CnC Domain in TLS SNI (trojan.rules)
  2030797 - ET TROJAN W32/Downloader_x.EJK!tr CnC Activity (trojan.rules)
  2030798 - ET MALWARE Win32/InstallCore.GF CnC Activity (malware.rules)
  2030799 - ET POLICY Observed Packity Proxy Domain in TLS SNI
(policy.rules)
  2030800 - ET POLICY Packity Proxy Connection (policy.rules)
  2030801 - ET TROJAN Grandoreiro Downloader Activity (trojan.rules)

Pro:

  2844156 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-08-26 1) (trojan.rules)
  2844157 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-08-26 2) (trojan.rules)
  2844158 - ETPRO TROJAN Fifteencandle DynDNS Domain Observed (trojan.rules)
  2844159 - ETPRO CURRENT_EVENTS Successful Chase Phish 2020-08-26
(current_events.rules)
  2844160 - ETPRO CURRENT_EVENTS Successful Bell Email Phish 2020-08-26
(current_events.rules)
  2844161 - ETPRO CURRENT_EVENTS Successful KBC Phish 2020-08-26
(current_events.rules)
  2844162 - ETPRO TROJAN Win32/Remcos RAT Checkin 525 (trojan.rules)
  2844163 - ETPRO TROJAN Win32/Remcos RAT Checkin 526 (trojan.rules)
  2844164 - ETPRO TROJAN Win32/Remcos RAT Checkin 527 (trojan.rules)
  2844165 - ETPRO TROJAN Observed IcedID CnC Domain in TLS SNI
(trojan.rules)
  2844166 - ETPRO TROJAN Observed IcedID CnC Domain in TLS SNI
(trojan.rules)

Date:
Summary title:
25 new OPEN, 47 new PRO (25 + 22). Get2, Fifteencande, Grandoreiro Downloader and Various Phish