[***]            Summary:            [***]

3 new OPEN, 28 new PRO (3 + 25). Bazar Backdoor, Zonebac, Coinminers, Various Phishing.

Tks @bryceabdo

Many rules in the Suricata 5 ruleset have been updated with Suricata 5 rule syntax/keywords. A complete list of rules that were  changed can be found via the changelog here:
https://rules.emergingthreats.net/changelogs/suricata-5.0-enhanced.open.2020-09-01T21:59:43.txt

Please share issues, feedback, and requests at https://feedback.emergingthreats.net/feedback

[+++]          Added rules:          [+++]

Open:

  2030819 - ET INFO Suspicious HTTP POST to 404.php (info.rules)
  2030820 - ET TROJAN Observed Malicious SSL Cert (Bazar Backdoor)
(trojan.rules)
  2030821 - ET MALWARE Win32/Zonebac Traffic Redirect (malware.rules)

Pro:

  2844227 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-09-01 1) (trojan.rules)
  2844228 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-09-01 2) (trojan.rules)
  2844229 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-09-01 3) (trojan.rules)
  2844230 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-09-01 4) (trojan.rules)
  2844231 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-09-01 5) (trojan.rules)
  2844232 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-09-01 6) (trojan.rules)
  2844233 - ETPRO CURRENT_EVENTS Successful Instagram Phish 2020-09-01
(current_events.rules)
  2844234 - ETPRO CURRENT_EVENTS Successful Sparkasse Phish 2020-09-01
(current_events.rules)
  2844235 - ETPRO CURRENT_EVENTS Successful Citibank Phish 2020-09-01
(current_events.rules)
  2844236 - ETPRO CURRENT_EVENTS Successful Bank of America Phish
2020-09-01 (current_events.rules)
  2844237 - ETPRO CURRENT_EVENTS Successful Bank of America Phish
2020-09-01 (current_events.rules)
  2844238 - ETPRO CURRENT_EVENTS Successful Bank of America Phish
2020-09-01 (current_events.rules)
  2844239 - ETPRO CURRENT_EVENTS Successful Bank of America Phish
2020-09-01 (current_events.rules)
  2844240 - ETPRO CURRENT_EVENTS Successful NatWest Phish 2020-09-01
(current_events.rules)
  2844241 - ETPRO CURRENT_EVENTS Successful Amazon DE Phish 2020-09-01
(current_events.rules)
  2844242 - ETPRO CURRENT_EVENTS Successful Lloyds Bank Phish 2020-09-01
(current_events.rules)
  2844243 - ETPRO CURRENT_EVENTS Successful Generic Phish 2020-09-01
(current_events.rules)
  2844244 - ETPRO TROJAN Win32/TrojanDropper.VB.OJU CnC Activity
(trojan.rules)
  2844245 - ETPRO TROJAN Win32/TrojanDownloader.CWS Variant CnC Activity
(trojan.rules)
  2844246 - ETPRO MALWARE Bazar Backdoor CnC Activity (malware.rules)
  2844247 - ETPRO TROJAN Win32/Kryptik.DNFZ Checkin (trojan.rules)
  2844248 - ETPRO TROJAN Win32/Kryptik.DNFZ Exfiltration (trojan.rules)
  2844249 - ETPRO TROJAN Observed IcedID CnC Domain in TLS SNI
(trojan.rules)
  2844250 - ETPRO TROJAN Observed AZORult CnC Domain in TLS SNI
(trojan.rules)
  2844251 - ETPRO CURRENT_EVENTS Successful Generic Credential Phish
2020-09-01 (current_events.rules)

Date:
Summary title:
3 new OPEN, 28 new PRO (3 + 25). Bazar Backdoor, Zonebac, Coinminers, Various Phishing.