Daily Ruleset Update Summary
Daily Ruleset Update Summary 2020/08/27

[***]            Summary:            [***]

7 new OPEN, 22 new PRO (7 + 15). GoldenSpy, Babex Stealer, Kotya, AgentTesla Variant and Various Phish

Thanks: @pyhoma07 and @james_inthe_box

Many rules in the Suricata 5 ruleset have been updated with Suricata 5 rule syntax/keywords. A complete list of rules that were  changed can be found via the changelog here:
https://rules.emergingthreats.net/changelogs/suricata-5.0-enhanced.etpro.2020-08-27T22:27:48.txt

Please share issues, feedback, and requests at https://feedback.emergingthreats.net/feedback

[+++]          Added rules:          [+++]

Open:

  2030802 - ET INFO Suspicious GET To gate.php with no Referer (info.rules)
  2030803 - ET TROJAN GoldenSpy Domain Observed (trojan.rules)
  2030804 - ET EXPLOIT Possible Pulse Secure VPN RCE Inbound
(CVE-2020-8218) (exploit.rules)
  2030805 - ET TROJAN Babax Stealer Exfil via Telegram (trojan.rules)
  2030806 - ET TROJAN Win32/AgentTesla Variant Exfil via Telegram
(trojan.rules)
  2030807 - ET TROJAN Grandoreiro CnC Activity (vbs) (trojan.rules)
  2030808 - ET TROJAN Grandoreiro CnC Activity (iso) (trojan.rules)

Pro:

  2844167 - ETPRO TROJAN Observed MSIL/AntiWD.YA!MTB CnC Domain in TLS SNI
(trojan.rules)
  2844168 - ETPRO TROJAN MSIL/AntiWD.YA!MTB Stealer CnC Exfil (trojan.rules)
  2844169 - ETPRO TROJAN Win32/Kotya Stealer CnC Exfil (trojan.rules)
  2844170 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2020-08-27 (current_events.rules)
  2844171 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2020-08-27 (current_events.rules)
  2844172 - ETPRO CURRENT_EVENTS Successful Office 365 Phish 2020-08-27
(current_events.rules)
  2844173 - ETPRO CURRENT_EVENTS Successful Shaw Phish 2020-08-27
(current_events.rules)
  2844174 - ETPRO CURRENT_EVENTS Successful Generic Phish 2020-08-27
(current_events.rules)
  2844175 - ETPRO SCAN ELF/Mirai User-Agent Observed (Inbound) (scan.rules)
  2844176 - ETPRO TROJAN ELF/Mirai User-Agent Observed (Outbound)
(trojan.rules)
  2844177 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-08-27 1) (trojan.rules)
  2844178 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-08-27 2) (trojan.rules)
  2844179 - ETPRO TROJAN Win32/Remcos RAT Checkin 528 (trojan.rules)
  2844180 - ETPRO TROJAN Win32/Remcos RAT Checkin 529 (trojan.rules)
  2844181 - ETPRO TROJAN PoshAdvisor CnC Activity (trojan.rules)

Date:
Summary title:
7 new OPEN, 22 new PRO (7 + 15). GoldenSpy, Babex Stealer, Kotya, AgentTesla Variant and Various Phish