[***] Summary: [***]
8 new OPEN, 32 new PRO (8 + 24). TaskPerformer, vBulletin, Juliens Botnet, Various Phishing.
Tks @James_inthe_box
Many rules in the Suricata 5 ruleset have been updated with Suricata 5 rule syntax/keywords. A complete list of rules that were changed can be found via the changelog here:
https://rules.emergingthreats.net/changelogs/suricata-5.0-enhanced.open.2020-09-04T22:34:08.txt
Please share issues, feedback, and requests at https://feedback.emergingthreats.net/feedback
[+++] Added rules: [+++]
Open:
2011391 - ET MALWARE Win32/Agent.PMS Variant CnC Activity (malware.rules)
2030014 - ET MALWARE Observed DNS Query to Malvertising Related Domain
(malware.rules)
2030831 - ET TROJAN Win32/TaskPerformer Downloader CnC Activity
(trojan.rules)
2030832 - ET EXPLOIT vBulletin 5.6.2 widget_tabbedContainer_tab_panel
Remote Code Execution (Outbound) (exploit.rules)
2030833 - ET EXPLOIT vBulletin 5.6.2 widget_tabbedContainer_tab_panel
Remote Code Execution (Inbound) (exploit.rules)
2030834 - ET TROJAN MSIL/Juliens Botnet CnC Activity M1 (trojan.rules)
2030835 - ET USER_AGENTS Microsoft Malware Protection User-Agent Observed
(user_agents.rules)
2030836 - ET MALWARE Haken Clicker CnC Activity (malware.rules)
Pro:
2843172 - ETPRO MALWARE Win32/Ditertag.A Download Activity (malware.rules)
2843300 - ETPRO MALWARE Win32/StartSurf Activity (malware.rules)
2844278 - ETPRO TROJAN Win32/Fsysna.hpqj Keep-Alive (Inbound)
(trojan.rules)
2844279 - ETPRO TROJAN Win32/Fsysna.hpqj Keep-Alive (Outbound)
(trojan.rules)
2844280 - ETPRO CURRENT_EVENTS Successful Banco do Brasil Phish
2020-09-04 (current_events.rules)
2844281 - ETPRO CURRENT_EVENTS Successful Banco do Brasil Phish
2020-09-04 (current_events.rules)
2844282 - ETPRO CURRENT_EVENTS Successful Banco do Brasil Phish
2020-09-04 (current_events.rules)
2844283 - ETPRO CURRENT_EVENTS Successful Facebook Phish 2020-09-04
(current_events.rules)
2844284 - ETPRO CURRENT_EVENTS Successful Zimbra Phish 2020-09-04
(current_events.rules)
2844285 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2020-09-04
(current_events.rules)
2844286 - ETPRO CURRENT_EVENTS Successful Instagram Phish 2020-09-04
(current_events.rules)
2844287 - ETPRO CURRENT_EVENTS Successful Alterna Savings Bank Phish
2020-09-04 (current_events.rules)
2844288 - ETPRO CURRENT_EVENTS Successful Alterna Savings Bank Phish
2020-09-04 (current_events.rules)
2844289 - ETPRO CURRENT_EVENTS Successful Vmware Phish 2020-09-04
(current_events.rules)
2844290 - ETPRO CURRENT_EVENTS Successful QNB Finansbank Phish 2020-09-04
(current_events.rules)
2844291 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-09-04 1) (trojan.rules)
2844292 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-09-04 2) (trojan.rules)
2844293 - ETPRO TROJAN MSIL/Juliens Botnet Data Exfil (trojan.rules)
2844294 - ETPRO TROJAN MSIL/Juliens Botnet Checkin (trojan.rules)
2844295 - ETPRO TROJAN MSIL/Juliens Botnet Keylogger Upload (trojan.rules)
2844296 - ETPRO TROJAN MSIL/Juliens Botnet Screenshot Upload
(trojan.rules)
2844297 - ETPRO TROJAN Observed MSIL/Juliens Botnet CnC Domain in TLS SNI
(trojan.rules)
2844298 - ETPRO TROJAN Win32/Remcos RAT Checkin 531 (trojan.rules)
2844299 - ETPRO TROJAN MSIL/Juliens Botnet User-Agent (trojan.rules)