Daily Ruleset Update Summary
Daily Ruleset Update Summary 2020/10/12

[***]            Summary:            [***]

8 new OPEN, 29 new PRO (8 + 21). PowerGhost, PoetRAT, Remcos, Various Phishing.

Many rules in the Suricata 5 ruleset have been updated with Suricata 5 rule syntax/keywords. A complete list of rules that were  changed can be found via the changelog here:
https://rules.emergingthreats.net/changelogs/suricata-5.0-enhanced.open-nogpl.2020-10-12T22:13:40.txt

Please share issues, feedback, and requests at https://feedback.emergingthreats.net/feedback

[+++]          Added rules:          [+++]

Open:

  2030995 - ET SCAN ELF/Mirai Variant User-Agent (Inbound) (scan.rules)
  2030996 - ET TROJAN ELF/Mirai Variant User-Agent (Outbound) (trojan.rules)
  2030997 - ET EXPLOIT Possible MobileIron RCE Attempt Inbound
(CVE-2020-15505) (exploit.rules)
  2030998 - ET TROJAN PowerGhost Staging CnC in DNS Query (trojan.rules)
  2030999 - ET TROJAN PowerGhost Checkin CnC in DNS Query (trojan.rules)
  2031000 - ET POLICY Observed SSL Cert (Pastebin-style Service
nrecom) (policy.rules)
  2031001 - ET POLICY Pastebin-style Service nrecom in DNS Query (policy.rules)
  2031002 - ET TROJAN PoetRAT Upload via HTTP (trojan.rules)

Pro:

  2844884 - ETPRO TROJAN MSIL/Kryptik.YAP CnC Checkin (trojan.rules)
  2844885 - ETPRO TROJAN Win32/Zpevdo.B Variant CnC Checkin (trojan.rules)
  2844886 - ETPRO POLICY External IP Lookup via api. wipmania .com
(policy.rules)
  2844887 - ETPRO TROJAN Observed Malicious SSL Cert (CobaltStrike
CnC) (trojan.rules)
  2844888 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-10-10 1) (trojan.rules)
  2844889 - ETPRO CURRENT_EVENTS Successful Generic Credit Card
Information Phish 2020-10-12 (current_events.rules)
  2844890 - ETPRO CURRENT_EVENTS Successful Generic Credit Card
Information Phish 2020-10-12 (current_events.rules)
  2844891 - ETPRO CURRENT_EVENTS Successful Generic Phish 2020-10-12
(current_events.rules)
  2844892 - ETPRO CURRENT_EVENTS Successful Generic Phish 2020-10-12
(current_events.rules)
  2844893 - ETPRO CURRENT_EVENTS Successful Outlook Web App Phish
2020-10-12 (current_events.rules)
  2844894 - ETPRO CURRENT_EVENTS Successful AOL Phish 2020-10-12
(current_events.rules)
  2844895 - ETPRO CURRENT_EVENTS Successful Facebook Phish 2020-10-12
(current_events.rules)
  2844896 - ETPRO CURRENT_EVENTS Successful Generic Credit Card
Information Phish 2020-10-12 (current_events.rules)
  2844897 - ETPRO CURRENT_EVENTS Successful Dropbox Phish 2020-10-12
(current_events.rules)
  2844898 - ETPRO CURRENT_EVENTS Successful Facebook FR Phish
2020-10-12 (current_events.rules)
  2844899 - ETPRO TROJAN PowerGhost RAT XORed (0x86) CnC Checkin M1
(trojan.rules)
  2844900 - ETPRO TROJAN PowerGhost RAT XORed (0x86) CnC Checkin M2
(trojan.rules)
  2844901 - ETPRO TROJAN PowerGhost RAT XORed (0x86) CnC Checkin M3
(trojan.rules)
  2844902 - ETPRO TROJAN Win32/Remcos RAT Checkin 559 (trojan.rules)
  2844903 - ETPRO TROJAN Observed IcedID CnC Domain in TLS SNI (trojan.rules)
  2844904 - ETPRO CURRENT_EVENTS Successful Banco Galicia Phish
2020-10-12 (current_events.rules)

[///]     Modified active rules:     [///]

  2001706 - ET MALWARE Context Plus Spyware User-Agent (Envolo) (malware.rules)
  2001707 - ET MALWARE Shop at Home Select Spyware User-Agent (SAH)
(malware.rules)
  2001864 - ET MALWARE Fun Web Products Spyware User-Agent (MyWay)
(malware.rules)
  2001865 - ET MALWARE MyWebSearch Spyware User-Agent (MyWebSearch)
(malware.rules)
  2001868 - ET MALWARE Spyware User-Agent (sureseeker) (malware.rules)
  2003346 - ET MALWARE Errorsafe.com Fake antispyware User-Agent
(ErrorSafe) (malware.rules)

[---]  Disabled and modified rules:  [---]

  2001867 - ET MALWARE Search Engine 2000 Spyware User-Agent
(searchengine) (malware.rules)
  2001870 - ET MALWARE Surfplayer Spyware User-Agent (SurferPlugin)
(malware.rules)
  2002002 - ET MALWARE Better Internet Spyware User-Agent (thnall)
(malware.rules)
  2002071 - ET MALWARE XupiterToolbar Spyware User-Agent
(XupiterToolbar) (malware.rules)
  2002808 - ET MALWARE Spyaxe Spyware User-Agent (spywareaxe) (malware.rules)
  2003406 - ET MALWARE Mysearch.com Spyware User-Agent (iMeshBar)
(malware.rules)
  2003468 - ET MALWARE Oemji Spyware User-Agent (Oemji) (malware.rules)
  2019156 - ET MALWARE W32/Kyle Malvertising.Dropper CnC Beacon (malware.rules)
  2805909 - ETPRO MALWARE drspyzero Checkin (malware.rules)
  2806047 - ETPRO MALWARE Win32/Adware.Kraddare.CX Checkin (malware.rules)
  2806051 - ETPRO MALWARE Adware.Statblaster.T Checkin (malware.rules)
  2806199 - ETPRO MALWARE Win32/Cinmus.N Checkin (malware.rules)
  2806709 - ETPRO MALWARE Server-Web.Win32.NetBox.c Checkin (malware.rules)
  2806891 - ETPRO MALWARE Downloader/Win32.Adload Checkin (malware.rules)
  2807163 - ETPRO MALWARE Adware/AccesMembre Checkin (malware.rules)
  2807334 - ETPRO MALWARE Win32/Adware.VrBrothers.AA Checkin (malware.rules)
  2807337 - ETPRO MALWARE Adware.Agent.NRL Checkin (malware.rules)
  2808333 - ETPRO MALWARE W32/OnlineGames.HI.gen!Eldorado Checkin
(malware.rules)
  2808440 - ETPRO MALWARE AdWare.Filcout Install (malware.rules)
  2808573 - ETPRO MALWARE PUP Win32/HiddenStart.B Checkin (malware.rules)
  2808580 - ETPRO TROJAN BKDR_QULKONWI.GHR Checkin (trojan.rules)
  2808591 - ETPRO MALWARE PUP.Optional.OneMoreGame.A checkin (malware.rules)
  2808623 - ETPRO MALWARE Adware C2 via Twitter (malware.rules)
  2808704 - ETPRO MALWARE PUP Win32/Adware.MediaFinder Checkin 2 (malware.rules)
  2809128 - ETPRO MALWARE SUSPICIOUS GEO IP Check (Optimizer Pro)
(malware.rules)
  2809558 - ETPRO MALWARE PUP.Win32.Spigot Checkin (malware.rules)
  2810833 - ETPRO MALWARE Win32.SoftPulse Downloading Components (malware.rules)
  2810953 - ETPRO MALWARE Unknown Malware Checkin (malware.rules)

Date:
Summary title:
8 new OPEN, 29 new PRO (8 + 21). PowerGhost, PoetRAT, Remcos, Various Phishing.