[***]            Summary:            [***]

0 new OPEN, 13 new PRO (0 + 13). MalDoc, BazaLoader, IcedID, AZORult, Various Phishing.

Many rules in the Suricata 5 ruleset have been updated with Suricata 5 rule syntax/keywords. A complete list of rules that were  changed can be found via the changelog here:
https://rules.emergingthreats.net/changelogs/suricata-5.0-enhanced.open-nogpl.2020-09-10T22:25:03.txt

Please share issues, feedback, and requests at https://feedback.emergingthreats.net/feedback

[+++]          Added rules:          [+++]

Pro:

  2844351 - ETPRO TROJAN MalDoc Retrieving Payload 2020-09-10 (trojan.rules)
  2844352 - ETPRO TROJAN MalDoc Retrieving Payload 2020-09-10 M2 (trojan.rules)
  2844353 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT CnC)
(trojan.rules)
  2844354 - ETPRO MALWARE Observed Suspicious SSL Cert (WhatsApp Spam
Tool) (malware.rules)
  2844355 - ETPRO TROJAN Observed BazaLoader User-Agent (trojan.rules)
  2844356 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-09-10 1) (trojan.rules)
  2844357 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-09-10 2) (trojan.rules)
  2844358 - ETPRO TROJAN Backdoor.Win32.Hupigon.skwx Checkin M2 (trojan.rules)
  2844359 - ETPRO TROJAN Observed IcedID CnC Domain in TLS SNI (trojan.rules)
  2844360 - ETPRO TROJAN Observed Malicious SSL Cert (AZORult CnC)
(trojan.rules)
  2844362 - ETPRO TROJAN Win32/Dynamer Variant Checkin (trojan.rules)
  2844363 - ETPRO MALWARE Tibia Helper Tool (malware.rules)
  2844364 - ETPRO CURRENT_EVENTS Successful USAA Credential Phish
2020-09-10 (current_events.rules)

[///]     Modified active rules:     [///]

  2002879 - ET WEB_SPECIFIC_APPS PHP phpMyAgenda rootagenda Remote
File Include Attempt (web_specific_apps.rules)
  2002901 - ET WEB_SPECIFIC_APPS PHP Aardvark Topsites PHP CONFIG PATH
Remote File Include Attempt (web_specific_apps.rules)
  2004005 - ET WEB_SPECIFIC_APPS ol bookmarks SQL Injection Attempt --
index.php id SELECT (web_specific_apps.rules)