[***] Summary: [***]
8 new OPEN, 16 new PRO (8 + 8). Zyklon, Xetapp, Lemon Duck, Turla, Magecart.
Tks @500mk500 and @SeraphimDomain
Many rules in the Suricata 5 ruleset have been updated with Suricata 5 rule syntax/keywords. A complete list of rules that were changed can be found via the changelog here:
https://rules.emergingthreats.net/changelogs/suricata-5.0-enhanced.open.2020-09-02T21:45:05.txt
Please share issues, feedback, and requests at https://feedback.emergingthreats.net/feedback
[+++] Added rules: [+++]
Open:
2030822 - ET MOBILE_MALWARE Backdoor.AndroidOS.Ahmyth.f (DNS Lookup)
(mobile_malware.rules)
2030823 - ET TROJAN Zyklon CnC Activity (trojan.rules)
2030824 - ET TROJAN Observed IcedID CnC Domain in TLS SNI (trojan.rules)
2030825 - ET MALWARE Win32/Xetapp Installer Checkin (malware.rules)
2030826 - ET TROJAN Lemon_Duck Linux Shell Script CnC Activity
(trojan.rules)
2030827 - ET TROJAN Lemon_Duck CnC Activity (trojan.rules)
2030828 - ET TROJAN Observed MageCart CnC Domain in TLS SNI (trojan.rules)
2030829 - ET TROJAN TURLA APT CnC Activity (trojan.rules)
Pro:
2844252 - ETPRO MOBILE_MALWARE Backdoor.AndroidOS.Ahmyth.f Checkin
(mobile_malware.rules)
2844253 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-09-02 1) (trojan.rules)
2844254 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-09-02 2) (trojan.rules)
2844255 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-09-02 3) (trojan.rules)
2844256 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2020-09-02 (current_events.rules)
2844257 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2020-09-02 (current_events.rules)
2844258 - ETPRO CURRENT_EVENTS Successful Gov UK Tax Refund Phish
2020-09-02 (current_events.rules)
2844259 - ETPRO CURRENT_EVENTS Successful Gov UK Tax Refund Phish
2020-09-02 (current_events.rules)