[***] Summary: [***]
25 new OPEN, 47 new PRO (25 + 22). Get2, Fifteencande, Grandoreiro Downloader and Various Phish
Many rules in the Suricata 5 ruleset have been updated with Suricata 5 rule syntax/keywords. A complete list of rules that were changed can be found via the changelog here:
https://rules.emergingthreats.net/changelogs/suricata-5.0-enhanced.etpro.2020-08-26T22:00:04.txt
Please share issues, feedback, and requests at https://feedback.emergingthreats.net/feedback
[+++] Added rules: [+++]
Open:
2030795 - ET TROJAN Observed Get2 CnC Domain in TLS SNI (trojan.rules)
2030796 - ET TROJAN Observed Get2 CnC Domain in TLS SNI (trojan.rules)
2030797 - ET TROJAN W32/Downloader_x.EJK!tr CnC Activity (trojan.rules)
2030798 - ET MALWARE Win32/InstallCore.GF CnC Activity (malware.rules)
2030799 - ET POLICY Observed Packity Proxy Domain in TLS SNI
(policy.rules)
2030800 - ET POLICY Packity Proxy Connection (policy.rules)
2030801 - ET TROJAN Grandoreiro Downloader Activity (trojan.rules)
Pro:
2844156 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-08-26 1) (trojan.rules)
2844157 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-08-26 2) (trojan.rules)
2844158 - ETPRO TROJAN Fifteencandle DynDNS Domain Observed (trojan.rules)
2844159 - ETPRO CURRENT_EVENTS Successful Chase Phish 2020-08-26
(current_events.rules)
2844160 - ETPRO CURRENT_EVENTS Successful Bell Email Phish 2020-08-26
(current_events.rules)
2844161 - ETPRO CURRENT_EVENTS Successful KBC Phish 2020-08-26
(current_events.rules)
2844162 - ETPRO TROJAN Win32/Remcos RAT Checkin 525 (trojan.rules)
2844163 - ETPRO TROJAN Win32/Remcos RAT Checkin 526 (trojan.rules)
2844164 - ETPRO TROJAN Win32/Remcos RAT Checkin 527 (trojan.rules)
2844165 - ETPRO TROJAN Observed IcedID CnC Domain in TLS SNI
(trojan.rules)
2844166 - ETPRO TROJAN Observed IcedID CnC Domain in TLS SNI
(trojan.rules)