Daily Ruleset Update Summary
Daily Ruleset Update Summary 2020/09/09

[***]            Summary:            [***]

1 new OPEN, 24 new PRO (1 + 23). AlienCrypter, XStealer, Remcos, EvilNum, DCRat, Various Phishing.

Many rules in the Suricata 5 ruleset have been updated with Suricata 5 rule syntax/keywords. A complete list of rules that were  changed can be found via the changelog here:
https://rules.emergingthreats.net/changelogs/suricata-5.0-enhanced.open-nogpl.2020-09-09T23:01:39.txt

Please share issues, feedback, and requests at https://feedback.emergingthreats.net/feedback

[+++]          Added rules:          [+++]

Open:

  2030850 - ET INFO Microsoft Malware Protection User-Agent Observed
to Non-Microsoft Domain (info.rules)

Pro:

  2844328 - ETPRO TROJAN MSIL/AlienCrypter Activity (Outbound) (trojan.rules)
  2844329 - ETPRO TROJAN MSIL/AlienCrypter Activity (Inbound) (trojan.rules)
  2844330 - ETPRO INFO Observed SSL Cert (Kubernetes Default Fake SSL
Cert) (info.rules)
  2844331 - ETPRO TROJAN Observed Malicious SSL Cert (Get2 CnC) (trojan.rules)
  2844332 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-09-09 1) (trojan.rules)
  2844333 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-09-09 2) (trojan.rules)
  2844334 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-09-09 3) (trojan.rules)
  2844335 - ETPRO CURRENT_EVENTS Successful Generic Credit Card
Information Phish 2020-09-09 (current_events.rules)
  2844336 - ETPRO CURRENT_EVENTS Successful Dropbox Business Phish
2020-09-09 (current_events.rules)
  2844337 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2020-09-09
(current_events.rules)
  2844338 - ETPRO TROJAN XStealer CnC Host Checkin (trojan.rules)
  2844339 - ETPRO TROJAN XStealer CnC Credential Exfil (trojan.rules)
  2844340 - ETPRO CURRENT_EVENTS Successful BMO Phish 2020-09-09
(current_events.rules)
  2844341 - ETPRO CURRENT_EVENTS Successful American Express Phish
2020-09-09 (current_events.rules)
  2844342 - ETPRO CURRENT_EVENTS Successful American Express Phish
2020-09-09 (current_events.rules)
  2844343 - ETPRO CURRENT_EVENTS Successful Bank of America Phish
2020-09-09 (current_events.rules)
  2844344 - ETPRO CURRENT_EVENTS Successful Generic Phish 2020-09-09
(current_events.rules)
  2844345 - ETPRO CURRENT_EVENTS Successful Generic Credit Card
Information Phish 2020-09-09 (current_events.rules)
  2844346 - ETPRO TROJAN Observed DCRat CnC Domain in TLS SNI (trojan.rules)
  2844347 - ETPRO TROJAN Win32/Remcos RAT Checkin 534 (trojan.rules)
  2844348 - ETPRO TROJAN Win32/Remcos RAT Checkin 535 (trojan.rules)
  2844349 - ETPRO TROJAN EvilNum CnC Activity M2 (trojan.rules)
  2844350 - ETPRO CURRENT_EVENTS Successful Dropbox Phish 2020-09-09
(current_events.rules)

[///]     Modified active rules:     [///]

  2002663 - ET WEB_SPECIFIC_APPS e107 resetcore.php SQL Injection
attempt (web_specific_apps.rules)
  2004053 - ET WEB_SPECIFIC_APPS cpCommerce SQL Injection Attempt --
category.php id_category SELECT (web_specific_apps.rules)
  2004054 - ET WEB_SPECIFIC_APPS cpCommerce SQL Injection Attempt --
category.php id_category UNION

[---]  Disabled and modified rules:  [---]

  2030835 - ET USER_AGENTS Microsoft Malware Protection User-Agent
Observed (user_agents.rules)

[---]         Disabled rules:        [---]

  2020860 - ET TROJAN Malicious Office Doc CnC Beacon (trojan.rules)

[---]         Removed rules:         [---]

  2030845 - ET TROJAN Win32/NixScare Stealer CnC Checkin (trojan.rules)

Date:
Summary title:
1 new OPEN, 24 new PRO (1 + 23). AlienCrypter, XStealer, Remcos, EvilNum, DCRat, Various Phishing.