Daily Ruleset Update Summary
Daily Ruleset Update Summary 2020/08/28

[***]            Summary:            [***]

6 new OPEN, 23 new PRO (6 + 17). CaptainCha, MSIL/PSW.Agent.RXY, DonotGroup, and VARIOUS PHISHING

Thanks: @James_inthe_box.

Many rules in the Suricata 5 ruleset have been updated with Suricata 5 rule syntax/keywords. A complete list of rules that were  changed can be found via the changelog here:
https://rules.emergingthreats.net/changelogs/suricata-5.0-enhanced.etpro.2020-08-28T22:05:15.txt

Please share issues, feedback, and requests at https://feedback.emergingthreats.net/feedback

[+++]          Added rules:          [+++]

Open:

  2030809 - ET TROJAN MassLogger Client Data Exfil SMTP (trojan.rules)
  2030810 - ET CURRENT_EVENTS Fedex Phishing Landing on Appspot Hosting
(current_events.rules)
  2030811 - ET CURRENT_EVENTS GET Request to Googleapis Hosting (set)
(current_events.rules)
  2030812 - ET TROJAN MSIL/CoinMiner Performing System Checkin
(trojan.rules)
  2030813 - ET TROJAN C3Pool CoinMiner Setup Script Download (trojan.rules)
  2030814 - ET USER_AGENTS Suspicious User-Agent (boostsoftware-urlexists)
(user_agents.rules)

Pro:

  2844182 - ETPRO CURRENT_EVENTS Successful Fidelity Phish 2020-08-28
(current_events.rules)
  2844183 - ETPRO CURRENT_EVENTS Successful Union Bank Phish 2020-08-28
(current_events.rules)
  2844184 - ETPRO TROJAN MSIL/PSW.Agent.RXY CnC Host Checkin (trojan.rules)
  2844185 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-08-28 1) (trojan.rules)
  2844186 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-08-28 2) (trojan.rules)
  2844187 - ETPRO MOBILE_MALWARE Android DonotGroup Payload - CnC Checkin
(mobile_malware.rules)
  2844188 - ETPRO TROJAN Observed IcedID CnC Domain in TLS SNI
(trojan.rules)
  2844189 - ETPRO TROJAN CaptainCha CnC in DNS Lookup (trojan.rules)
  2844190 - ETPRO TROJAN CaptainCha CnC in DNS Lookup (trojan.rules)
  2844191 - ETPRO TROJAN CaptainCha CnC in DNS Lookup (trojan.rules)
  2844192 - ETPRO TROJAN CaptainCha CnC in DNS Lookup (trojan.rules)
  2844193 - ETPRO TROJAN CaptainCha CnC in DNS Lookup (trojan.rules)
  2844194 - ETPRO TROJAN CaptainCha CnC in DNS Lookup (trojan.rules)
  2844195 - ETPRO TROJAN CaptainCha CnC in DNS Lookup (trojan.rules)
  2844196 - ETPRO TROJAN CaptainCha CnC in DNS Lookup (trojan.rules)
  2844197 - ETPRO TROJAN CaptainCha CnC in DNS Lookup (trojan.rules)
  2844198 - ETPRO TROJAN CaptainCha CnC in DNS Lookup (trojan.rules)

[---]         Disabled rules:        [---]

  2812015 - ETPRO TROJAN Python/FBook.B CnC Beacon 2 (trojan.rules)

[---]         Removed rules:         [---]

  2843702 - ETPRO TROJAN MassLogger Client Data Exfil SMTP (trojan.rules)

Date:
Summary title:
6 new OPEN, 23 new PRO (6 + 17). CaptainCha, MSIL/PSW.Agent.RXY, DonotGroup, and VARIOUS PHISHING