[***] Summary: [***]
6 new OPEN, 23 new PRO (6 + 17). CaptainCha, MSIL/PSW.Agent.RXY, DonotGroup, and VARIOUS PHISHING
Thanks: @James_inthe_box.
Many rules in the Suricata 5 ruleset have been updated with Suricata 5 rule syntax/keywords. A complete list of rules that were changed can be found via the changelog here:
https://rules.emergingthreats.net/changelogs/suricata-5.0-enhanced.etpro.2020-08-28T22:05:15.txt
Please share issues, feedback, and requests at https://feedback.emergingthreats.net/feedback
[+++] Added rules: [+++]
Open:
2030809 - ET TROJAN MassLogger Client Data Exfil SMTP (trojan.rules)
2030810 - ET CURRENT_EVENTS Fedex Phishing Landing on Appspot Hosting
(current_events.rules)
2030811 - ET CURRENT_EVENTS GET Request to Googleapis Hosting (set)
(current_events.rules)
2030812 - ET TROJAN MSIL/CoinMiner Performing System Checkin
(trojan.rules)
2030813 - ET TROJAN C3Pool CoinMiner Setup Script Download (trojan.rules)
2030814 - ET USER_AGENTS Suspicious User-Agent (boostsoftware-urlexists)
(user_agents.rules)
Pro:
2844182 - ETPRO CURRENT_EVENTS Successful Fidelity Phish 2020-08-28
(current_events.rules)
2844183 - ETPRO CURRENT_EVENTS Successful Union Bank Phish 2020-08-28
(current_events.rules)
2844184 - ETPRO TROJAN MSIL/PSW.Agent.RXY CnC Host Checkin (trojan.rules)
2844185 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-08-28 1) (trojan.rules)
2844186 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-08-28 2) (trojan.rules)
2844187 - ETPRO MOBILE_MALWARE Android DonotGroup Payload - CnC Checkin
(mobile_malware.rules)
2844188 - ETPRO TROJAN Observed IcedID CnC Domain in TLS SNI
(trojan.rules)
2844189 - ETPRO TROJAN CaptainCha CnC in DNS Lookup (trojan.rules)
2844190 - ETPRO TROJAN CaptainCha CnC in DNS Lookup (trojan.rules)
2844191 - ETPRO TROJAN CaptainCha CnC in DNS Lookup (trojan.rules)
2844192 - ETPRO TROJAN CaptainCha CnC in DNS Lookup (trojan.rules)
2844193 - ETPRO TROJAN CaptainCha CnC in DNS Lookup (trojan.rules)
2844194 - ETPRO TROJAN CaptainCha CnC in DNS Lookup (trojan.rules)
2844195 - ETPRO TROJAN CaptainCha CnC in DNS Lookup (trojan.rules)
2844196 - ETPRO TROJAN CaptainCha CnC in DNS Lookup (trojan.rules)
2844197 - ETPRO TROJAN CaptainCha CnC in DNS Lookup (trojan.rules)
2844198 - ETPRO TROJAN CaptainCha CnC in DNS Lookup (trojan.rules)
[---] Disabled rules: [---]
2812015 - ETPRO TROJAN Python/FBook.B CnC Beacon 2 (trojan.rules)
[---] Removed rules: [---]
2843702 - ETPRO TROJAN MassLogger Client Data Exfil SMTP (trojan.rules)