[***] Summary: [***]
7 new OPEN, 22 new PRO (7 + 15). GoldenSpy, Babex Stealer, Kotya, AgentTesla Variant and Various Phish
Thanks: @pyhoma07 and @james_inthe_box
Many rules in the Suricata 5 ruleset have been updated with Suricata 5 rule syntax/keywords. A complete list of rules that were changed can be found via the changelog here:
https://rules.emergingthreats.net/changelogs/suricata-5.0-enhanced.etpro.2020-08-27T22:27:48.txt
Please share issues, feedback, and requests at https://feedback.emergingthreats.net/feedback
[+++] Added rules: [+++]
Open:
2030802 - ET INFO Suspicious GET To gate.php with no Referer (info.rules)
2030803 - ET TROJAN GoldenSpy Domain Observed (trojan.rules)
2030804 - ET EXPLOIT Possible Pulse Secure VPN RCE Inbound
(CVE-2020-8218) (exploit.rules)
2030805 - ET TROJAN Babax Stealer Exfil via Telegram (trojan.rules)
2030806 - ET TROJAN Win32/AgentTesla Variant Exfil via Telegram
(trojan.rules)
2030807 - ET TROJAN Grandoreiro CnC Activity (vbs) (trojan.rules)
2030808 - ET TROJAN Grandoreiro CnC Activity (iso) (trojan.rules)
Pro:
2844167 - ETPRO TROJAN Observed MSIL/AntiWD.YA!MTB CnC Domain in TLS SNI
(trojan.rules)
2844168 - ETPRO TROJAN MSIL/AntiWD.YA!MTB Stealer CnC Exfil (trojan.rules)
2844169 - ETPRO TROJAN Win32/Kotya Stealer CnC Exfil (trojan.rules)
2844170 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2020-08-27 (current_events.rules)
2844171 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2020-08-27 (current_events.rules)
2844172 - ETPRO CURRENT_EVENTS Successful Office 365 Phish 2020-08-27
(current_events.rules)
2844173 - ETPRO CURRENT_EVENTS Successful Shaw Phish 2020-08-27
(current_events.rules)
2844174 - ETPRO CURRENT_EVENTS Successful Generic Phish 2020-08-27
(current_events.rules)
2844175 - ETPRO SCAN ELF/Mirai User-Agent Observed (Inbound) (scan.rules)
2844176 - ETPRO TROJAN ELF/Mirai User-Agent Observed (Outbound)
(trojan.rules)
2844177 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-08-27 1) (trojan.rules)
2844178 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-08-27 2) (trojan.rules)
2844179 - ETPRO TROJAN Win32/Remcos RAT Checkin 528 (trojan.rules)
2844180 - ETPRO TROJAN Win32/Remcos RAT Checkin 529 (trojan.rules)
2844181 - ETPRO TROJAN PoshAdvisor CnC Activity (trojan.rules)