Daily Ruleset Update Summary
Daily Ruleset Update Summary 2020/08/31

[***]            Summary:            [***]

4 new OPEN, 32 new PRO (4 + 28). Upatre, IDDRAT, IcedID, Various Phishing.

Many rules in the Suricata 5 ruleset have been updated with Suricata 5 rule syntax/keywords. A complete list of rules that were  changed can be found via the changelog here:
https://rules.emergingthreats.net/changelogs/suricata-5.0-enhanced.open.2020-08-31T22:01:39.txt

Please share issues, feedback, and requests at https://feedback.emergingthreats.net/feedback

[+++]          Added rules:          [+++]

Open:

  2030815 - ET CURRENT_EVENTS Generic Phishing Panel Accessed on External
Server (current_events.rules)
  2030816 - ET CURRENT_EVENTS Generic Phishing Panel Accessed on Internal
Server (current_events.rules)
  2030817 - ET CURRENT_EVENTS Caixa Phishing Landing (current_events.rules)
  2030818 - ET TROJAN Upatre User-Agent (trojan.rules)

Pro:

  2844199 - ETPRO CURRENT_EVENTS MalDoc Retrieving Payload 2020-08-31
(current_events.rules)
  2844200 - ETPRO TROJAN Win32/IDDRAT CnC Server Command Inbound (GETID)
(trojan.rules)
  2844201 - ETPRO TROJAN Win32/IDDRAT CnC Checkin (trojan.rules)
  2844202 - ETPRO TROJAN Win32/IDDRAT CnC Server Command Inbound (SRDV)
(trojan.rules)
  2844203 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2020-08-31)
(trojan.rules)
  2844204 - ETPRO CURRENT_EVENTS Successful Navy Federal Credit Union Phish
2020-08-28 (current_events.rules)
  2844205 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-08-29 1) (trojan.rules)
  2844206 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-08-29 2) (trojan.rules)
  2844207 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-08-29 3) (trojan.rules)
  2844208 - ETPRO TROJAN Win32/VB.NVR CnC Host Checkin (trojan.rules)
  2844209 - ETPRO TROJAN Win32/Spy.Agent.PVI Variant CnC Host Checkin
(trojan.rules)
  2844210 - ETPRO CURRENT_EVENTS Successful Bank of Guam Phish 2020-08-31
(current_events.rules)
  2844211 - ETPRO CURRENT_EVENTS Successful Caixa Phish 2020-08-31
(current_events.rules)
  2844212 - ETPRO CURRENT_EVENTS Successful Caixa Phish 2020-08-31
(current_events.rules)
  2844213 - ETPRO CURRENT_EVENTS Successful Generic Multibank Phish
2020-08-31 (current_events.rules)
  2844214 - ETPRO CURRENT_EVENTS Successful Generic Multibank Phish
2020-08-31 (current_events.rules)
  2844215 - ETPRO CURRENT_EVENTS Successful Chase Phish 2020-08-31
(current_events.rules)
  2844216 - ETPRO CURRENT_EVENTS Successful Dynamic DNS Hosted Generic
Phish 2020-08-31 (sytes.net) (current_events.rules)
  2844217 - ETPRO CURRENT_EVENTS Successful Instagram Phish 2020-08-31
(current_events.rules)
  2844218 - ETPRO CURRENT_EVENTS Successful Bank of America Phish
2020-08-31 (current_events.rules)
  2844219 - ETPRO TROJAN Win32/Agent.ZJL CnC Activity (trojan.rules)
  2844220 - ETPRO TROJAN Win32/Remcos RAT Checkin 530 (trojan.rules)
  2844221 - ETPRO TROJAN Observed IcedID CnC Domain in TLS SNI
(trojan.rules)
  2844222 - ETPRO TROJAN Observed IcedID CnC Domain in TLS SNI
(trojan.rules)
  2844223 - ETPRO TROJAN Observed IcedID CnC Domain in TLS SNI
(trojan.rules)
  2844224 - ETPRO TROJAN Observed IcedID CnC Domain in TLS SNI
(trojan.rules)
  2844225 - ETPRO WEB_CLIENT Malicious WebInject Panel Accesssed on
Internally Compromised Server (web_client.rules)
  2844226 - ETPRO WEB_CLIENT Malicious Webinject Panel Accesssed on
Externally Compromised Server (web_client.rules)

[///]    Modified inactive rules:    [///]

  2017250 - ET CURRENT_EVENTS %Hex Encoded jnlp_embedded (Observed in
Sakura) (current_events.rules)

Date:
Summary title:
4 new OPEN, 32 new PRO (4 + 28). Upatre, IDDRAT, IcedID, Various Phishing.