[***] Summary: [***]
6 new OPEN, 26 new PRO (6 + 20). Multiple CVE, Mokes, AsyncRAT, Various Phish.
Thanks Kevin!
Many rules in the Suricata 5 ruleset have been updated with Suricata 5 rule syntax/keywords. A complete list of rules that were changed can be found via the changelog here:
https://rules.emergingthreats.net/changelogs/suricata-5.0-enhanced.open-nogpl.2020-11-19T23:14:06.txt
Please share issues, feedback, and requests at https://feedback.emergingthreats.net/feedback
[+++] Added rules: [+++]
Open:
2031217 - ET TROJAN Win32/SDBbot CnC Checkin (trojan.rules)
2031218 - ET CURRENT_EVENTS Possible Successful Generic Phish (set)
2020-11-19 (current_events.rules)
2031219 - ET WEB_SPECIFIC_APPS Possible Apache Unomi MVEL Eval RCE
Inbound M1 (CVE-2020-13942) (web_specific_apps.rules)
2031220 - ET WEB_SPECIFIC_APPS Possible Apache Unomi OGNL Eval RCE
Inbound M2 (CVE-2020-13942) (web_specific_apps.rules)
2031221 - ET WEB_SPECIFIC_APPS Citrix XenMobile Server Directory
Traversal Attempt Inbound (CVE-2020-8209) (web_specific_apps.rules)
2031222 - ET WEB_SPECIFIC_APPS Nette Command Injection Attempt
Inbound (CVE-2020-15227) (web_specific_apps.rules)
Pro:
2845570 - ETPRO TROJAN Mokes CnC Activity (trojan.rules)
2845571 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT) (trojan.rules)
2845572 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT) (trojan.rules)
2845573 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-11-19 1) (trojan.rules)
2845574 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-11-19 2) (trojan.rules)
2845575 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-11-19 3) (trojan.rules)
2845576 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-11-19 4) (trojan.rules)
2845577 - ETPRO CURRENT_EVENTS Successful SMBC JP Phish 2020-11-19
(current_events.rules)
2845578 - ETPRO CURRENT_EVENTS Successful Etisalat Phish 2020-11-19
(current_events.rules)
2845579 - ETPRO CURRENT_EVENTS Successful GTBank Phish 2020-11-19
(current_events.rules)
2845580 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2020-11-19
(current_events.rules)
2845581 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2020-11-19
(current_events.rules)
2845582 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2020-11-19
(current_events.rules)
2845583 - ETPRO CURRENT_EVENTS Successful Gov UK Tax Refund Phish
2020-11-19 (current_events.rules)
2845584 - ETPRO WEB_SPECIFIC_APPS Possible Apache Solr ConfigSet RCE
Inbound (CVE-2020-13957) (web_specific_apps.rules)
2845586 - ETPRO TROJAN Win32/Remcos RAT Checkin 614 (trojan.rules)
2845587 - ETPRO CURRENT_EVENTS Successful Facebook Credential Phish
2020-11-19 (current_events.rules)
2845588 - ETPRO CURRENT_EVENTS Successful Mechanics Bank Credential
Phish 2020-11-19 (current_events.rules)
2845589 - ETPRO CURRENT_EVENTS Successful Deutsche Bank Credential
Phish 2020-11-19 (current_events.rules)
[///] Modified active rules: [///]
2002080 - ET MALWARE MySearch Products Spyware User-Agent (MySearch)
(malware.rules)
2004168 - ET WEB_SPECIFIC_APPS Minerva mod SQL Injection Attempt --
forum.php c ASCII (web_specific_apps.rules)
2006353 - ET WEB_SPECIFIC_APPS ProNews SQL Injection Attempt --
lire-avis.php aa INSERT (web_specific_apps.rules)
2007885 - ET MALWARE Suspicious User-Agent (downloader) (malware.rules)
2008100 - ET TROJAN PRG/wnspoem/Zeus InfoStealer Trojan Config
Download (trojan.rules)
2008472 - ET POLICY Netviewer.com Remote Control Proxy Test (policy.rules)
2009156 - ET TROJAN Koobface Checkin via POST (trojan.rules)
2009375 - ET CHAT General MSN Chat Activity (chat.rules)
[---] Disabled and modified rules: [---]
2010786 - ET CHAT Facebook Chat (settings) (chat.rules)
2014954 - ET INFO Vulnerable iTunes Version 10.6.x (info.rules)
2016136 - ET EXPLOIT Metasploit CVE-2012-4792 EIP in URI IE 8 (exploit.rules)
2016318 - ET MOBILE_MALWARE Android/Ksapp.A Checkin (mobile_malware.rules)
2019538 - ET TROJAN Ransom.Win32.Blocker.fwlm Checkin (trojan.rules)
2023468 - ET EXPLOIT Unknown Router Remote DNS Change Attempt (exploit.rules)
2805099 - ETPRO WEB_CLIENT Apple iTunes 10.6.1.7 M3U Playlist File
Walking Heap Buffer Overflow (web_client.rules)
2805810 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.GingerMaster.a
Checkin 1 (mobile_malware.rules)
2805811 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.GingerMaster.a
Checkin 2 (mobile_malware.rules)
2807753 - ETPRO TROJAN Trojan.Win32.Agentb.aoii Checkin (trojan.rules)
2808007 - ETPRO MOBILE_MALWARE Android/DroidRooter.B Checkin
(mobile_malware.rules)
2808089 - ETPRO MOBILE_MALWARE Backdoor.AndroidOS.Cynos.b Checkin 3
(mobile_malware.rules)
2808187 - ETPRO MALWARE .exe and suspicious User-Agent
Win32/FakeVimes (malware.rules)
2808293 - ETPRO MOBILE_MALWARE Android/RedMobile.B Checkin
(mobile_malware.rules)
2808566 - ETPRO TROJAN Win32/Rovnix.H Retrieving Fake User-Agent
(trojan.rules)
2808776 - ETPRO TROJAN Win32/ProxyChanger.EO Checkin 2 (trojan.rules)
2808825 - ETPRO MOBILE_MALWARE Android/Agent.CI!tr Checkin
(mobile_malware.rules)
2808827 - ETPRO MOBILE_MALWARE Trojan-SMS.AndroidOS.Agent.bz Checkin
(mobile_malware.rules)
2808838 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Wroba.o
Checkin (mobile_malware.rules)
2808847 - ETPRO MALWARE Win32.Chifrax.Wuhc Checkin (malware.rules)
2808894 - ETPRO MOBILE_MALWARE Android.Trojan.Magwei.A Checkin
(mobile_malware.rules)
2808920 - ETPRO MOBILE_MALWARE Trojan-SMS.AndroidOS.Agent.mj Checkin
(mobile_malware.rules)
2809357 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Wroba.b
Checkin 2 (mobile_malware.rules)
2809486 - ETPRO TROJAN Win32.Sysn Variant Checkin (trojan.rules)
2809633 - ETPRO TROJAN Win32/ProxyChanger.EO Receiving Proxy.pac
(trojan.rules)
2809883 - ETPRO TROJAN Dridex Post Checkin Activity 4 (trojan.rules)
2810071 - ETPRO MOBILE_MALWARE Android/AdDisplay.Dowgin.C Checkin
(mobile_malware.rules)
2810415 - ETPRO MALWARE Win32/FlyStudio CnC Beacon (malware.rules)
2810508 - ETPRO TROJAN MSIL/ClickFraud Variant Retrieving URLs (trojan.rules)
2811896 - ETPRO TROJAN Plat1 CnC Beacon GET (trojan.rules)
2811974 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmForw.ay
Checkin (mobile_malware.rules)
2814816 - ETPRO MOBILE_MALWARE Android.Trojan.AutoSMS.BH Checkin
(mobile_malware.rules)
2815487 - ETPRO MOBILE_MALWARE Android OIMobi Checkin 5 (mobile_malware.rules)
2820309 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmsThief.kx
Checkin (mobile_malware.rules)
2825472 - ETPRO MOBILE_MALWARE Android.Riskware.SMSReg.OD CnC Beacon
(mobile_malware.rules)
[---] Disabled rules: [---]
2022477 - ET TROJAN Mokes CnC Keep-Alive (trojan.rules)
[---] Removed rules: [---]
2838808 - ETPRO TROJAN Win32/SDBbot CnC Checkin (trojan.rules)