[***]            Summary:            [***]

4 new OPEN, 24 new PRO (4 + 20). APT29, Joker, Remcos, PSWORM, Masad Stealer, Various Phishing.

Many rules in the Suricata 5 ruleset have been updated with Suricata 5 rule syntax/keywords. A complete list of rules that were  changed can be found via the changelog here:
https://rules.emergingthreats.net/changelogs/suricata-5.0-enhanced.open-nogpl.2020-09-08T22:16:34.txt

Please share issues, feedback, and requests at https://feedback.emergingthreats.net/feedback

[+++]          Added rules:          [+++]

Open:

  2030846 - ET TROJAN APT29/Wellness CnC Host Checkin (trojan.rules)
  2030847 - ET USER_AGENTS Microsoft Windows Vista UA - Commonly
Abused (user_agents.rules)
  2030848 - ET TROJAN Win32/Spy.Agent.PZE Variant CnC Activity (trojan.rules)
  2030849 - ET MOBILE_MALWARE Android Joker CnC Configuration
Retrieval (mobile_malware.rules)

Pro:

  2844308 - ETPRO TROJAN Win32/Stealer.tnf CnC Exfil (trojan.rules)
  2844309 - ETPRO INFO Suspicious Zipped Filename in Outbound POST
Request (systeminfo.txt) (info.rules)
  2844310 - ETPRO INFO Suspicious Zipped Filename in Outbound POST
Request (systeminfo.txt) M2 (info.rules)
  2844311 - ETPRO TROJAN Win64/Spy.Agent.CL CnC Activity (trojan.rules)
  2844312 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL
2020-09-08) (trojan.rules)
  2844313 - ETPRO CURRENT_EVENTS Successful Generic Credit Card
Information Phish 2020-09-08 (current_events.rules)
  2844314 - ETPRO CURRENT_EVENTS Successful Generic Credit Card
Information Phish 2020-09-08 (current_events.rules)
  2844315 - ETPRO CURRENT_EVENTS Successful Generic Credit Card
Information Phish 2020-09-08 (current_events.rules)
  2844316 - ETPRO CURRENT_EVENTS Successful Generic Credit Card
Information Phish 2020-09-08 (current_events.rules)
  2844317 - ETPRO CURRENT_EVENTS Successful Netflix Phish 2020-09-08
(current_events.rules)
  2844318 - ETPRO CURRENT_EVENTS Successful Huntington Phish
2020-09-08 (current_events.rules)
  2844319 - ETPRO CURRENT_EVENTS Successful Ruralvia Phish 2020-09-08
(current_events.rules)
  2844320 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-09-05 1) (trojan.rules)
  2844321 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-09-05 2) (trojan.rules)
  2844322 - ETPRO TROJAN Observed MSIL/MythBot CnC Domain in TLS SNI
(trojan.rules)
  2844323 - ETPRO TROJAN Masad Stealer Exfil Via Telegram M2 (trojan.rules)
  2844324 - ETPRO TROJAN Win32/Remcos RAT Checkin 532 (trojan.rules)
  2844325 - ETPRO TROJAN Win32/Remcos RAT Checkin 533 (trojan.rules)
  2844326 - ETPRO TROJAN Observed IcedID CnC Domain in TLS SNI (trojan.rules)
  2844327 - ETPRO TROJAN PSWORM CnC Activity (trojan.rules)

[///]     Modified active rules:     [///]

  2001197 - ET WEB_SPECIFIC_APPS PHPNuke SQL injection attempt
(web_specific_apps.rules)
  2004041 - ET WEB_SPECIFIC_APPS PHPEcho CMS SQL Injection Attempt --
gallery.php id SELECT (web_specific_apps.rules)
  2004042 - ET WEB_SPECIFIC_APPS PHPEcho CMS SQL Injection Attempt --
gallery.php id UNION SELECT (web_specific_apps.rules)
  2840550 - ETPRO TROJAN Masad Stealer Exfil Via Telegram M1 (trojan.rules)
  2843120 - ETPRO TROJAN Win32.Staser.dspk (trojan.rules)
  2844275 - ETPRO TROJAN MassLogger Client Exfil via FTP M2 (trojan.rules)

[---]         Removed rules:         [---]

  2844300 - ETPRO POLICY Observed DNS Query to Dynamic DNS Service
(policy.rules)

Date:
Summary title:
4 new OPEN, 24 new PRO (4 + 20). APT29, Joker, Remcos, PSWORM, Masad Stealer, Various Phishing.