Daily Ruleset Update Summary
Daily Ruleset Update Summary 2020/10/15

[***]            Summary:            [***]

0 new OPEN, 25 new PRO (0 + 25). Android/Xinglin, Cobalt Strike, HiddenTear, RevengeRAT, Remcos, Various Phishing.

Many rules in the Suricata 5 ruleset have been updated with Suricata 5 rule syntax/keywords. A complete list of rules that were changed can be found via the changelog here:
https://rules.emergingthreats.net/changelogs/suricata-5.0-enhanced.open-nogpl.2020-10-15T22:07:34.txt

Please share issues, feedback, and requests at https://feedback.emergingthreats.net/feedback

[+++]          Added rules:          [+++]

Pro:

  2844956 - ETPRO MOBILE_MALWARE Android/Xinglin Checkin (mobile_malware.rules)
  2844957 - ETPRO MOBILE_MALWARE Trojan.Android.Agent.dsnack Reporting
Geolocation (mobile_malware.rules)
  2844958 - ETPRO MALWARE MSIL/Adware.TekhNetvork.D Activity (malware.rules)
  2844959 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL
2020-10-15) (trojan.rules)
  2844960 - ETPRO TROJAN Observed DNS Query to MalDoc DL Domain
2020-10-15 (trojan.rules)
  2844961 - ETPRO TROJAN Cobalt Strike Malleable C2 (MS Azure Backup
Profile) (trojan.rules)
  2844962 - ETPRO CURRENT_EVENTS Successful Nedbank Phish 2020-10-15
(current_events.rules)
  2844963 - ETPRO CURRENT_EVENTS Successful ANZ Bank Phish 2020-10-15
(current_events.rules)
  2844964 - ETPRO CURRENT_EVENTS Successful Generic Credit Card
Information Phish 2020-10-15 (current_events.rules)
  2844965 - ETPRO CURRENT_EVENTS Successful Excel Phish 2020-10-15
(current_events.rules)
  2844966 - ETPRO CURRENT_EVENTS Successful WeTransfer Phish
2020-10-15 (current_events.rules)
  2844967 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-10-15 1) (trojan.rules)
  2844968 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-10-15 2) (trojan.rules)
  2844969 - ETPRO CURRENT_EVENTS Successful Generic Webmail Phish
2020-10-15 (current_events.rules)
  2844970 - ETPRO CURRENT_EVENTS Successful Generic Credit Card
Information Phish 2020-10-15 (current_events.rules)
  2844971 - ETPRO TROJAN Ransomware HiddenTear Variant CnC Initial
Checkin (trojan.rules)
  2844972 - ETPRO TROJAN Ransomware HiddenTear Variant CnC Host
Checkin (trojan.rules)
  2844973 - ETPRO TROJAN Ransomware HiddenTear Variant CnC Activity
(trojan.rules)
  2844974 - ETPRO TROJAN RevengeRAT CnC Logging Activity (trojan.rules)
  2844975 - ETPRO TROJAN Casbaneiro CnC Host Checkin (trojan.rules)
  2844976 - ETPRO TROJAN Win32/TrojanDownloader.Agent.FGZ CnC Host
Checkin (trojan.rules)
  2844977 - ETPRO CURRENT_EVENTS Successful Sparkasse Phish 2020-10-15
(current_events.rules)
  2844978 - ETPRO TROJAN MSIL/Keylogger Vaper Data Exfil (trojan.rules)
  2844979 - ETPRO TROJAN Win32/Remcos RAT Checkin 563 (trojan.rules)
  2844980 - ETPRO GAMES MyGames Loader Activity (Checkin) (games.rules)

[///]     Modified active rules:     [///]

  2011285 - ET WEB_SERVER Bot Search RFI Scan (Casper-Like Jcomers Bot
scan) (web_server.rules)
  2013964 - ET TROJAN Suspicious UA Mozilla / 4.0 (trojan.rules)
  2014116 - ET TROJAN Suspicious User-Agent build - possibly
Delf/Troxen/Zema (trojan.rules)
  2019841 - ET TROJAN Win32/Swrort.A Checkin 2 (trojan.rules)
  2020380 - ET TROJAN Possible Deep Panda User-Agent (trojan.rules)

[---]  Disabled and modified rules:  [---]

  2800957 - ETPRO MALWARE RogueSoftware.Win32.RClean User-Agent (malware.rules)
  2803310 - ETPRO MALWARE SmartCleaner Related FakeAV User-Agent (malware.rules)
  2803703 - ETPRO USER_AGENTS Win32/Joiner.A User-Agent (Microsoft
Windows - Output Audio Director) (user_agents.rules)
  2808357 - ETPRO MOBILE_MALWARE Android/TelMan.A Checkin (mobile_malware.rules)
  2816479 - ETPRO TROJAN Win32.Diple.O Checkin (trojan.rules)
  2820048 - ETPRO TROJAN Win32/Barkiofork CnC Beacon 2 (trojan.rules)

Date:
Summary title:
0 new OPEN, 25 new PRO (0 + 25). Android/Xinglin, Cobalt Strike, HiddenTear, RevengeRAT, Remcos, Various Phishing.