Daily Ruleset Update Summary
Daily Ruleset Update Summary 2020/09/04

[***]            Summary:            [***]

8 new OPEN, 32 new PRO (8 + 24). TaskPerformer, vBulletin, Juliens Botnet, Various Phishing.

Tks @James_inthe_box

Many rules in the Suricata 5 ruleset have been updated with Suricata 5 rule syntax/keywords. A complete list of rules that were  changed can be found via the changelog here:
https://rules.emergingthreats.net/changelogs/suricata-5.0-enhanced.open.2020-09-04T22:34:08.txt

Please share issues, feedback, and requests at https://feedback.emergingthreats.net/feedback

[+++]          Added rules:          [+++]

Open:

  2011391 - ET MALWARE Win32/Agent.PMS Variant CnC Activity (malware.rules)
  2030014 - ET MALWARE Observed DNS Query to Malvertising Related Domain
(malware.rules)
  2030831 - ET TROJAN Win32/TaskPerformer Downloader CnC Activity
(trojan.rules)
  2030832 - ET EXPLOIT vBulletin 5.6.2 widget_tabbedContainer_tab_panel
Remote Code Execution (Outbound) (exploit.rules)
  2030833 - ET EXPLOIT vBulletin 5.6.2 widget_tabbedContainer_tab_panel
Remote Code Execution (Inbound) (exploit.rules)
  2030834 - ET TROJAN MSIL/Juliens Botnet CnC Activity M1 (trojan.rules)
  2030835 - ET USER_AGENTS Microsoft Malware Protection User-Agent Observed
(user_agents.rules)
  2030836 - ET MALWARE Haken Clicker CnC Activity (malware.rules)

Pro:

  2843172 - ETPRO MALWARE Win32/Ditertag.A Download Activity (malware.rules)
  2843300 - ETPRO MALWARE Win32/StartSurf Activity (malware.rules)
  2844278 - ETPRO TROJAN Win32/Fsysna.hpqj Keep-Alive (Inbound)
(trojan.rules)
  2844279 - ETPRO TROJAN Win32/Fsysna.hpqj Keep-Alive (Outbound)
(trojan.rules)
  2844280 - ETPRO CURRENT_EVENTS Successful Banco do Brasil Phish
2020-09-04 (current_events.rules)
  2844281 - ETPRO CURRENT_EVENTS Successful Banco do Brasil Phish
2020-09-04 (current_events.rules)
  2844282 - ETPRO CURRENT_EVENTS Successful Banco do Brasil Phish
2020-09-04 (current_events.rules)
  2844283 - ETPRO CURRENT_EVENTS Successful Facebook Phish 2020-09-04
(current_events.rules)
  2844284 - ETPRO CURRENT_EVENTS Successful Zimbra Phish 2020-09-04
(current_events.rules)
  2844285 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2020-09-04
(current_events.rules)
  2844286 - ETPRO CURRENT_EVENTS Successful Instagram Phish 2020-09-04
(current_events.rules)
  2844287 - ETPRO CURRENT_EVENTS Successful Alterna Savings Bank Phish
2020-09-04 (current_events.rules)
  2844288 - ETPRO CURRENT_EVENTS Successful Alterna Savings Bank Phish
2020-09-04 (current_events.rules)
  2844289 - ETPRO CURRENT_EVENTS Successful Vmware Phish 2020-09-04
(current_events.rules)
  2844290 - ETPRO CURRENT_EVENTS Successful QNB Finansbank Phish 2020-09-04
(current_events.rules)
  2844291 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-09-04 1) (trojan.rules)
  2844292 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-09-04 2) (trojan.rules)
  2844293 - ETPRO TROJAN MSIL/Juliens Botnet Data Exfil (trojan.rules)
  2844294 - ETPRO TROJAN MSIL/Juliens Botnet Checkin (trojan.rules)
  2844295 - ETPRO TROJAN MSIL/Juliens Botnet Keylogger Upload (trojan.rules)
  2844296 - ETPRO TROJAN MSIL/Juliens Botnet Screenshot Upload
(trojan.rules)
  2844297 - ETPRO TROJAN Observed MSIL/Juliens Botnet CnC Domain in TLS SNI
(trojan.rules)
  2844298 - ETPRO TROJAN Win32/Remcos RAT Checkin 531 (trojan.rules)
  2844299 - ETPRO TROJAN MSIL/Juliens Botnet User-Agent (trojan.rules)

Date:
Summary title:
8 new OPEN, 32 new PRO (8 + 24). TaskPerformer, vBulletin, Juliens Botnet, Various Phishing.