[***] Summary: [***]
1 new OPEN, 24 new PRO (1 + 23). AlienCrypter, XStealer, Remcos, EvilNum, DCRat, Various Phishing.
Many rules in the Suricata 5 ruleset have been updated with Suricata 5 rule syntax/keywords. A complete list of rules that were changed can be found via the changelog here:
https://rules.emergingthreats.net/changelogs/suricata-5.0-enhanced.open-nogpl.2020-09-09T23:01:39.txt
Please share issues, feedback, and requests at https://feedback.emergingthreats.net/feedback
[+++] Added rules: [+++]
Open:
2030850 - ET INFO Microsoft Malware Protection User-Agent Observed
to Non-Microsoft Domain (info.rules)
Pro:
2844328 - ETPRO TROJAN MSIL/AlienCrypter Activity (Outbound) (trojan.rules)
2844329 - ETPRO TROJAN MSIL/AlienCrypter Activity (Inbound) (trojan.rules)
2844330 - ETPRO INFO Observed SSL Cert (Kubernetes Default Fake SSL
Cert) (info.rules)
2844331 - ETPRO TROJAN Observed Malicious SSL Cert (Get2 CnC) (trojan.rules)
2844332 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-09-09 1) (trojan.rules)
2844333 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-09-09 2) (trojan.rules)
2844334 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-09-09 3) (trojan.rules)
2844335 - ETPRO CURRENT_EVENTS Successful Generic Credit Card
Information Phish 2020-09-09 (current_events.rules)
2844336 - ETPRO CURRENT_EVENTS Successful Dropbox Business Phish
2020-09-09 (current_events.rules)
2844337 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2020-09-09
(current_events.rules)
2844338 - ETPRO TROJAN XStealer CnC Host Checkin (trojan.rules)
2844339 - ETPRO TROJAN XStealer CnC Credential Exfil (trojan.rules)
2844340 - ETPRO CURRENT_EVENTS Successful BMO Phish 2020-09-09
(current_events.rules)
2844341 - ETPRO CURRENT_EVENTS Successful American Express Phish
2020-09-09 (current_events.rules)
2844342 - ETPRO CURRENT_EVENTS Successful American Express Phish
2020-09-09 (current_events.rules)
2844343 - ETPRO CURRENT_EVENTS Successful Bank of America Phish
2020-09-09 (current_events.rules)
2844344 - ETPRO CURRENT_EVENTS Successful Generic Phish 2020-09-09
(current_events.rules)
2844345 - ETPRO CURRENT_EVENTS Successful Generic Credit Card
Information Phish 2020-09-09 (current_events.rules)
2844346 - ETPRO TROJAN Observed DCRat CnC Domain in TLS SNI (trojan.rules)
2844347 - ETPRO TROJAN Win32/Remcos RAT Checkin 534 (trojan.rules)
2844348 - ETPRO TROJAN Win32/Remcos RAT Checkin 535 (trojan.rules)
2844349 - ETPRO TROJAN EvilNum CnC Activity M2 (trojan.rules)
2844350 - ETPRO CURRENT_EVENTS Successful Dropbox Phish 2020-09-09
(current_events.rules)
[///] Modified active rules: [///]
2002663 - ET WEB_SPECIFIC_APPS e107 resetcore.php SQL Injection
attempt (web_specific_apps.rules)
2004053 - ET WEB_SPECIFIC_APPS cpCommerce SQL Injection Attempt --
category.php id_category SELECT (web_specific_apps.rules)
2004054 - ET WEB_SPECIFIC_APPS cpCommerce SQL Injection Attempt --
category.php id_category UNION
[---] Disabled and modified rules: [---]
2030835 - ET USER_AGENTS Microsoft Malware Protection User-Agent
Observed (user_agents.rules)
[---] Disabled rules: [---]
2020860 - ET TROJAN Malicious Office Doc CnC Beacon (trojan.rules)
[---] Removed rules: [---]
2030845 - ET TROJAN Win32/NixScare Stealer CnC Checkin (trojan.rules)