[***] Summary: [***]
0 new OPEN, 25 new PRO (0 + 25). Android/Xinglin, Cobalt Strike, HiddenTear, RevengeRAT, Remcos, Various Phishing.
Many rules in the Suricata 5 ruleset have been updated with Suricata 5 rule syntax/keywords. A complete list of rules that were changed can be found via the changelog here:
https://rules.emergingthreats.net/changelogs/suricata-5.0-enhanced.open-nogpl.2020-10-15T22:07:34.txt
Please share issues, feedback, and requests at https://feedback.emergingthreats.net/feedback
[+++] Added rules: [+++]
Pro:
2844956 - ETPRO MOBILE_MALWARE Android/Xinglin Checkin (mobile_malware.rules)
2844957 - ETPRO MOBILE_MALWARE Trojan.Android.Agent.dsnack Reporting
Geolocation (mobile_malware.rules)
2844958 - ETPRO MALWARE MSIL/Adware.TekhNetvork.D Activity (malware.rules)
2844959 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL
2020-10-15) (trojan.rules)
2844960 - ETPRO TROJAN Observed DNS Query to MalDoc DL Domain
2020-10-15 (trojan.rules)
2844961 - ETPRO TROJAN Cobalt Strike Malleable C2 (MS Azure Backup
Profile) (trojan.rules)
2844962 - ETPRO CURRENT_EVENTS Successful Nedbank Phish 2020-10-15
(current_events.rules)
2844963 - ETPRO CURRENT_EVENTS Successful ANZ Bank Phish 2020-10-15
(current_events.rules)
2844964 - ETPRO CURRENT_EVENTS Successful Generic Credit Card
Information Phish 2020-10-15 (current_events.rules)
2844965 - ETPRO CURRENT_EVENTS Successful Excel Phish 2020-10-15
(current_events.rules)
2844966 - ETPRO CURRENT_EVENTS Successful WeTransfer Phish
2020-10-15 (current_events.rules)
2844967 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-10-15 1) (trojan.rules)
2844968 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-10-15 2) (trojan.rules)
2844969 - ETPRO CURRENT_EVENTS Successful Generic Webmail Phish
2020-10-15 (current_events.rules)
2844970 - ETPRO CURRENT_EVENTS Successful Generic Credit Card
Information Phish 2020-10-15 (current_events.rules)
2844971 - ETPRO TROJAN Ransomware HiddenTear Variant CnC Initial
Checkin (trojan.rules)
2844972 - ETPRO TROJAN Ransomware HiddenTear Variant CnC Host
Checkin (trojan.rules)
2844973 - ETPRO TROJAN Ransomware HiddenTear Variant CnC Activity
(trojan.rules)
2844974 - ETPRO TROJAN RevengeRAT CnC Logging Activity (trojan.rules)
2844975 - ETPRO TROJAN Casbaneiro CnC Host Checkin (trojan.rules)
2844976 - ETPRO TROJAN Win32/TrojanDownloader.Agent.FGZ CnC Host
Checkin (trojan.rules)
2844977 - ETPRO CURRENT_EVENTS Successful Sparkasse Phish 2020-10-15
(current_events.rules)
2844978 - ETPRO TROJAN MSIL/Keylogger Vaper Data Exfil (trojan.rules)
2844979 - ETPRO TROJAN Win32/Remcos RAT Checkin 563 (trojan.rules)
2844980 - ETPRO GAMES MyGames Loader Activity (Checkin) (games.rules)
[///] Modified active rules: [///]
2011285 - ET WEB_SERVER Bot Search RFI Scan (Casper-Like Jcomers Bot
scan) (web_server.rules)
2013964 - ET TROJAN Suspicious UA Mozilla / 4.0 (trojan.rules)
2014116 - ET TROJAN Suspicious User-Agent build - possibly
Delf/Troxen/Zema (trojan.rules)
2019841 - ET TROJAN Win32/Swrort.A Checkin 2 (trojan.rules)
2020380 - ET TROJAN Possible Deep Panda User-Agent (trojan.rules)
[---] Disabled and modified rules: [---]
2800957 - ETPRO MALWARE RogueSoftware.Win32.RClean User-Agent (malware.rules)
2803310 - ETPRO MALWARE SmartCleaner Related FakeAV User-Agent (malware.rules)
2803703 - ETPRO USER_AGENTS Win32/Joiner.A User-Agent (Microsoft
Windows - Output Audio Director) (user_agents.rules)
2808357 - ETPRO MOBILE_MALWARE Android/TelMan.A Checkin (mobile_malware.rules)
2816479 - ETPRO TROJAN Win32.Diple.O Checkin (trojan.rules)
2820048 - ETPRO TROJAN Win32/Barkiofork CnC Beacon 2 (trojan.rules)