Daily Ruleset Update Summary
Daily Ruleset Update Summary 2020/11/17

[***]            Summary:            [***]

2 new OPEN, 32 new PRO (2 + 30). Win32/Phorpiex, NanoCore, MuddyWater, Remcos, SnakeKeylogger, Various Phish.

Many rules in the Suricata 5 ruleset have been updated with Suricata 5 rule syntax/keywords. A complete list of rules that were changed can be found via the changelog here:
https://rules.emergingthreats.net/changelogs/suricata-5.0-enhanced.open-nogpl.2020-11-17T23:02:48.txt

Please share issues, feedback, and requests at https://feedback.emergingthreats.net/feedback

[+++]          Added rules:          [+++]

Open:

  2031147 - ET WEB_SPECIFIC_APPS Oracle WebLogic RCE Shell Inbound M2
(CVE-2020-14882) (web_specific_apps.rules)
  2031210 - ET TROJAN Win32/Phorpiex Template 6 Active - Outbound
Malicious Email Spam (trojan.rules)

Pro:

  2845509 - ETPRO TROJAN NanoCore RAT CnC 28 (trojan.rules)
  2845510 - ETPRO USER_AGENTS non-standard curl User-Agent (user_agents.rules)
  2845511 - ETPRO TROJAN MuddyWater/SHARPSTATS System Info Exfil (trojan.rules)
  2845512 - ETPRO TROJAN MuddyWater Request for .dat (trojan.rules)
  2845513 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-11-17 1) (trojan.rules)
  2845514 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-11-17 2) (trojan.rules)
  2845515 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-11-17 3) (trojan.rules)
  2845516 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-11-17 4) (trojan.rules)
  2845517 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-11-17 5) (trojan.rules)
  2845518 - ETPRO CURRENT_EVENTS Successful PSN Phish 2020-11-17
(current_events.rules)
  2845519 - ETPRO CURRENT_EVENTS Successful AT&T Phish 2020-11-17
(current_events.rules)
  2845520 - ETPRO CURRENT_EVENTS Successful Banco Falabella Phish
2020-11-17 (current_events.rules)
  2845521 - ETPRO CURRENT_EVENTS Successful Wells Fargo Phish
2020-11-17 (current_events.rules)
  2845522 - ETPRO CURRENT_EVENTS Successful Wells Fargo Phish
2020-11-17 (current_events.rules)
  2845523 - ETPRO CURRENT_EVENTS Successful Generic Secure Invoice
Phish 2020-11-17 (current_events.rules)
  2845524 - ETPRO CURRENT_EVENTS Successful Generic Phish 2020-11-17
(current_events.rules)
  2845525 - ETPRO CURRENT_EVENTS Successful Navy Federal Credit Union
Phish 2020-11-17 (current_events.rules)
  2845526 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish
2020-11-17 (current_events.rules)
  2845527 - ETPRO CURRENT_EVENTS Successful Dropbox Phish 2020-11-17
(current_events.rules)
  2845528 - ETPRO TROJAN W32/Downloader.Llgergop Activity (trojan.rules)
  2845529 - ETPRO TROJAN W32/Gxwxt CnC Host Checkin (trojan.rules)
  2845530 - ETPRO TROJAN W32/Gxwxt CnC Activity (trojan.rules)
  2845531 - ETPRO TROJAN iSpy/HawkSpy Keylogger Reporting Infection
via SMTP M4 (trojan.rules)
  2845532 - ETPRO TROJAN SnakeKeylogger Exfil via FTP M1 (trojan.rules)
  2845533 - ETPRO TROJAN SnakeKeylogger Exfil via FTP M2 (trojan.rules)
  2845534 - ETPRO TROJAN SnakeKeylogger Exfil via FTP M3 (trojan.rules)
  2845535 - ETPRO TROJAN SnakeKeylogger Exfil via FTP M4 (trojan.rules)
  2845536 - ETPRO TROJAN SnakeKeylogger Exfil via FTP M5 (trojan.rules)
  2845537 - ETPRO TROJAN Win32/Remcos RAT Checkin 610 (trojan.rules)
  2845538 - ETPRO TROJAN Win32/Remcos RAT Checkin 611 (trojan.rules)

[///]     Modified active rules:     [///]

  2007994 - ET INFO Suspicious User-Agent (1 space) (info.rules)
  2009549 - ET TROJAN Generic Downloader - HTTP POST (trojan.rules)
  2014726 - ET POLICY Outdated Flash Version M1 (policy.rules)
  2014803 - ET TROJAN VBS/Wimmie.A Set (trojan.rules)
  2017045 - ET TROJAN Possible Drive DDoS Check-in (trojan.rules)
  2017305 - ET TROJAN Win32/Cridex Checkin (trojan.rules)
  2020027 - ET TROJAN Win32/Spy.Agent.OHT - AnunakAPT HTTP Checkin 1
(trojan.rules)
  2020172 - ET TROJAN Known Sinkhole Response Header CERT.PL (trojan.rules)
  2023466 - ET EXPLOIT D-Link DSL-2740R Remote DNS Change Attempt
(exploit.rules)
  2024019 - ET CURRENT_EVENTS Paypal Phishing Landing Feb 24 2017
(current_events.rules)
  2024379 - ET POLICY Outdated Flash Version M2 (policy.rules)

[---]  Disabled and modified rules:  [---]

  2020157 - ET TROJAN Win32/Emotet.C Variant Checkin (trojan.rules)
  2806308 - ETPRO MOBILE_MALWARE Trojan-SMS.AndroidOS.FakeInst.a
Checkin (mobile_malware.rules)
  2809518 - ETPRO MOBILE_MALWARE Trojan-SMS.AndroidOS.Agent.az Checkin
2 (mobile_malware.rules)
  2828478 - ETPRO TROJAN VB.BadPatch Checkin (trojan.rules)

[---]         Removed rules:         [---]

  2031147 - ET EXPLOIT Oracle WebLogic RCE Shell Inbound
(CVE-2020-14882) M2 (exploit.rules)

Date:
Summary title:
2 new OPEN, 32 new PRO (2 + 30). Win32/Phorpiex, NanoCore, MuddyWater, Remcos, SnakeKeylogger, Various Phish.