[Emerging-updates] Daily Ruleset Update Summary 2020/04/22

Brandon Murphy bmurphy at emergingthreats.net
Wed Apr 22 14:11:09 HDT 2020


[***]            Summary:            [***]

 3 new Open, 19 new Pro (3 + 16). PROJECTSPY, Win32/Kryptik.GGXP.UNKRAT,
Remcos, Various Phishing.

 Many rules in the Suricata 5 ruleset have been updated with Suricata 5
rule syntax/keywords. A complete list of rules that were changed can be
found via the changelog here:

https://rules.emergingthreats.net/changelogs/suricata-5.0-enhanced.etpro.2020-04-22T22:54:35.txt

 Please be aware that after the deprecation of our Suricata 2/3 support
(April 15th 2020), the path for downloading the last pushed production
Suricata 2/3 rulesets have changed.  Deprecated rulesets are available at
https://rules.emergingthreatspro.com/OINK/old for ETPro and
https://rules.emergingthreatspro.com/open/old/ for ETOpen.  All requests
for the Suricata 2/3 at their previous locations will now lead to the
Suricata 4.0 production rules for ETPro and the rule download instructions
for ETOpen.

 Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback


[+++]          Added rules:          [+++]

Open:

  2029993 - ET MOBILE_MALWARE Suspected PROJECTSPY Cookie
(mobile_malware.rules)
  2029994 - ET INFO Suspicious NULL DNS Request (info.rules)
  2029995 - ET TROJAN Suspicious Long NULL DNS Request - Possible DNS
Tunneling (trojan.rules)

Pro:

  2842132 - ETPRO TROJAN Win32/Kryptik.GGXP.UNKRAT CnC Keep-Alive (Inbound)
(trojan.rules)
  2842133 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-04-22 1) (trojan.rules)
  2842134 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-04-22 2) (trojan.rules)
  2842135 - ETPRO CURRENT_EVENTS Successful Microsoft Sharepoint Phish
2020-04-22 (current_events.rules)
  2842136 - ETPRO CURRENT_EVENTS Successful Adobe Connect Phish 2020-04-22
(current_events.rules)
  2842137 - ETPRO CURRENT_EVENTS Successful AU ID Phish 2020-04-22
(current_events.rules)
  2842138 - ETPRO CURRENT_EVENTS Successful Skandia Sparbanken Phish
2020-04-22 (current_events.rules)
  2842139 - ETPRO CURRENT_EVENTS Successful GOV UK Universal Credit Phish
2020-04-22 (current_events.rules)
  2842140 - ETPRO CURRENT_EVENTS Successful Banco Itau Phish 2020-04-22
(current_events.rules)
  2842141 - ETPRO CURRENT_EVENTS Successful Microsoft Voicemail Phish
2020-04-22 (current_events.rules)
  2842142 - ETPRO CURRENT_EVENTS Successful Wells Fargo Phish 2020-04-22
(current_events.rules)
  2842143 - ETPRO TROJAN Win32/Remcos RAT Checkin 404 (trojan.rules)
  2842144 - ETPRO TROJAN Win32/Remcos RAT Checkin 405 (trojan.rules)
  2842145 - ETPRO TROJAN Win32/Remcos RAT Checkin 406 (trojan.rules)
  2842146 - ETPRO TROJAN PowerShell Backdoor Checkin M1 (trojan.rules)
  2842147 - ETPRO TROJAN PowerShell Backdoor Checkin M2 (trojan.rules)


 [///]     Modified active rules:     [///]

  2029576 - ET TROJAN Kimsuky Related Host Data Exfil (trojan.rules)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20200422/a151a585/attachment.html>


More information about the Emerging-updates mailing list