[***] Summary: [***]
0 new OPEN, 13 new PRO (0 + 13). MalDoc, BazaLoader, IcedID, AZORult, Various Phishing.
Many rules in the Suricata 5 ruleset have been updated with Suricata 5 rule syntax/keywords. A complete list of rules that were changed can be found via the changelog here:
https://rules.emergingthreats.net/changelogs/suricata-5.0-enhanced.open-nogpl.2020-09-10T22:25:03.txt
Please share issues, feedback, and requests at https://feedback.emergingthreats.net/feedback
[+++] Added rules: [+++]
Pro:
2844351 - ETPRO TROJAN MalDoc Retrieving Payload 2020-09-10 (trojan.rules)
2844352 - ETPRO TROJAN MalDoc Retrieving Payload 2020-09-10 M2 (trojan.rules)
2844353 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT CnC)
(trojan.rules)
2844354 - ETPRO MALWARE Observed Suspicious SSL Cert (WhatsApp Spam
Tool) (malware.rules)
2844355 - ETPRO TROJAN Observed BazaLoader User-Agent (trojan.rules)
2844356 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-09-10 1) (trojan.rules)
2844357 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-09-10 2) (trojan.rules)
2844358 - ETPRO TROJAN Backdoor.Win32.Hupigon.skwx Checkin M2 (trojan.rules)
2844359 - ETPRO TROJAN Observed IcedID CnC Domain in TLS SNI (trojan.rules)
2844360 - ETPRO TROJAN Observed Malicious SSL Cert (AZORult CnC)
(trojan.rules)
2844362 - ETPRO TROJAN Win32/Dynamer Variant Checkin (trojan.rules)
2844363 - ETPRO MALWARE Tibia Helper Tool (malware.rules)
2844364 - ETPRO CURRENT_EVENTS Successful USAA Credential Phish
2020-09-10 (current_events.rules)
[///] Modified active rules: [///]
2002879 - ET WEB_SPECIFIC_APPS PHP phpMyAgenda rootagenda Remote
File Include Attempt (web_specific_apps.rules)
2002901 - ET WEB_SPECIFIC_APPS PHP Aardvark Topsites PHP CONFIG PATH
Remote File Include Attempt (web_specific_apps.rules)
2004005 - ET WEB_SPECIFIC_APPS ol bookmarks SQL Injection Attempt --
index.php id SELECT (web_specific_apps.rules)