Daily Ruleset Update Summary
Daily Ruleset Update Summary 2020/11/19

[***]            Summary:            [***]

6 new OPEN, 26 new PRO (6 + 20). Multiple CVE, Mokes, AsyncRAT, Various Phish.

Thanks Kevin!

Many rules in the Suricata 5 ruleset have been updated with Suricata 5 rule syntax/keywords. A complete list of rules that were changed can be found via the changelog here:
https://rules.emergingthreats.net/changelogs/suricata-5.0-enhanced.open-nogpl.2020-11-19T23:14:06.txt

Please share issues, feedback, and requests at https://feedback.emergingthreats.net/feedback

[+++]          Added rules:          [+++]

Open:

  2031217 - ET TROJAN Win32/SDBbot CnC Checkin (trojan.rules)
  2031218 - ET CURRENT_EVENTS Possible Successful Generic Phish (set)
2020-11-19 (current_events.rules)
  2031219 - ET WEB_SPECIFIC_APPS Possible Apache Unomi MVEL Eval RCE
Inbound M1 (CVE-2020-13942) (web_specific_apps.rules)
  2031220 - ET WEB_SPECIFIC_APPS Possible Apache Unomi OGNL Eval RCE
Inbound M2 (CVE-2020-13942) (web_specific_apps.rules)
  2031221 - ET WEB_SPECIFIC_APPS Citrix XenMobile Server Directory
Traversal Attempt Inbound (CVE-2020-8209) (web_specific_apps.rules)
  2031222 - ET WEB_SPECIFIC_APPS Nette Command Injection Attempt
Inbound (CVE-2020-15227) (web_specific_apps.rules)

Pro:

  2845570 - ETPRO TROJAN Mokes CnC Activity (trojan.rules)
  2845571 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT) (trojan.rules)
  2845572 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT) (trojan.rules)
  2845573 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-11-19 1) (trojan.rules)
  2845574 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-11-19 2) (trojan.rules)
  2845575 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-11-19 3) (trojan.rules)
  2845576 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-11-19 4) (trojan.rules)
  2845577 - ETPRO CURRENT_EVENTS Successful SMBC JP Phish 2020-11-19
(current_events.rules)
  2845578 - ETPRO CURRENT_EVENTS Successful Etisalat Phish 2020-11-19
(current_events.rules)
  2845579 - ETPRO CURRENT_EVENTS Successful GTBank Phish 2020-11-19
(current_events.rules)
  2845580 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2020-11-19
(current_events.rules)
  2845581 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2020-11-19
(current_events.rules)
  2845582 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2020-11-19
(current_events.rules)
  2845583 - ETPRO CURRENT_EVENTS Successful Gov UK Tax Refund Phish
2020-11-19 (current_events.rules)
  2845584 - ETPRO WEB_SPECIFIC_APPS Possible Apache Solr ConfigSet RCE
Inbound (CVE-2020-13957) (web_specific_apps.rules)
  2845586 - ETPRO TROJAN Win32/Remcos RAT Checkin 614 (trojan.rules)
  2845587 - ETPRO CURRENT_EVENTS Successful Facebook Credential Phish
2020-11-19 (current_events.rules)
  2845588 - ETPRO CURRENT_EVENTS Successful Mechanics Bank Credential
Phish 2020-11-19 (current_events.rules)
  2845589 - ETPRO CURRENT_EVENTS Successful Deutsche Bank Credential
Phish 2020-11-19 (current_events.rules)

[///]     Modified active rules:     [///]

  2002080 - ET MALWARE MySearch Products Spyware User-Agent (MySearch)
(malware.rules)
  2004168 - ET WEB_SPECIFIC_APPS Minerva mod SQL Injection Attempt --
forum.php c ASCII (web_specific_apps.rules)
  2006353 - ET WEB_SPECIFIC_APPS ProNews SQL Injection Attempt --
lire-avis.php aa INSERT (web_specific_apps.rules)
  2007885 - ET MALWARE Suspicious User-Agent (downloader) (malware.rules)
  2008100 - ET TROJAN PRG/wnspoem/Zeus InfoStealer Trojan Config
Download (trojan.rules)
  2008472 - ET POLICY Netviewer.com Remote Control Proxy Test (policy.rules)
  2009156 - ET TROJAN Koobface Checkin via POST (trojan.rules)
  2009375 - ET CHAT General MSN Chat Activity (chat.rules)

[---]  Disabled and modified rules:  [---]

  2010786 - ET CHAT Facebook Chat (settings) (chat.rules)
  2014954 - ET INFO Vulnerable iTunes Version 10.6.x (info.rules)
  2016136 - ET EXPLOIT Metasploit CVE-2012-4792 EIP in URI IE 8 (exploit.rules)
  2016318 - ET MOBILE_MALWARE Android/Ksapp.A Checkin (mobile_malware.rules)
  2019538 - ET TROJAN Ransom.Win32.Blocker.fwlm Checkin (trojan.rules)
  2023468 - ET EXPLOIT Unknown Router Remote DNS Change Attempt (exploit.rules)
  2805099 - ETPRO WEB_CLIENT Apple iTunes 10.6.1.7 M3U Playlist File
Walking Heap Buffer Overflow (web_client.rules)
  2805810 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.GingerMaster.a
Checkin 1 (mobile_malware.rules)
  2805811 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.GingerMaster.a
Checkin 2 (mobile_malware.rules)
  2807753 - ETPRO TROJAN Trojan.Win32.Agentb.aoii Checkin (trojan.rules)
  2808007 - ETPRO MOBILE_MALWARE Android/DroidRooter.B Checkin
(mobile_malware.rules)
  2808089 - ETPRO MOBILE_MALWARE Backdoor.AndroidOS.Cynos.b Checkin 3
(mobile_malware.rules)
  2808187 - ETPRO MALWARE .exe and suspicious User-Agent
Win32/FakeVimes (malware.rules)
  2808293 - ETPRO MOBILE_MALWARE Android/RedMobile.B Checkin
(mobile_malware.rules)
  2808566 - ETPRO TROJAN Win32/Rovnix.H Retrieving Fake User-Agent
(trojan.rules)
  2808776 - ETPRO TROJAN Win32/ProxyChanger.EO Checkin 2 (trojan.rules)
  2808825 - ETPRO MOBILE_MALWARE Android/Agent.CI!tr Checkin
(mobile_malware.rules)
  2808827 - ETPRO MOBILE_MALWARE Trojan-SMS.AndroidOS.Agent.bz Checkin
(mobile_malware.rules)
  2808838 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Wroba.o
Checkin (mobile_malware.rules)
  2808847 - ETPRO MALWARE Win32.Chifrax.Wuhc Checkin (malware.rules)
  2808894 - ETPRO MOBILE_MALWARE Android.Trojan.Magwei.A Checkin
(mobile_malware.rules)
  2808920 - ETPRO MOBILE_MALWARE Trojan-SMS.AndroidOS.Agent.mj Checkin
(mobile_malware.rules)
  2809357 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Wroba.b
Checkin 2 (mobile_malware.rules)
  2809486 - ETPRO TROJAN Win32.Sysn Variant Checkin (trojan.rules)
  2809633 - ETPRO TROJAN Win32/ProxyChanger.EO Receiving Proxy.pac
(trojan.rules)
  2809883 - ETPRO TROJAN Dridex Post Checkin Activity 4 (trojan.rules)
  2810071 - ETPRO MOBILE_MALWARE Android/AdDisplay.Dowgin.C Checkin
(mobile_malware.rules)
  2810415 - ETPRO MALWARE Win32/FlyStudio CnC Beacon (malware.rules)
  2810508 - ETPRO TROJAN MSIL/ClickFraud Variant Retrieving URLs (trojan.rules)
  2811896 - ETPRO TROJAN Plat1 CnC Beacon GET (trojan.rules)
  2811974 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmForw.ay
Checkin (mobile_malware.rules)
  2814816 - ETPRO MOBILE_MALWARE Android.Trojan.AutoSMS.BH Checkin
(mobile_malware.rules)
  2815487 - ETPRO MOBILE_MALWARE Android OIMobi Checkin 5 (mobile_malware.rules)
  2820309 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmsThief.kx
Checkin (mobile_malware.rules)
  2825472 - ETPRO MOBILE_MALWARE Android.Riskware.SMSReg.OD CnC Beacon
(mobile_malware.rules)

[---]         Disabled rules:        [---]

  2022477 - ET TROJAN Mokes CnC Keep-Alive (trojan.rules)

[---]         Removed rules:         [---]

  2838808 - ETPRO TROJAN Win32/SDBbot CnC Checkin (trojan.rules)

Date:
Summary title:
6 new OPEN, 26 new PRO (6 + 20). Multiple CVE, Mokes, AsyncRAT, Various Phish.