[***]            Summary:            [***]

4 new Open, 11 new Pro (4 + 7).  TortoiseShell, OSX/GMERA.B, Remcos, Various SSL/TLS.

The Proofpoint Emerging Threats Detection team is proud to announce ETPro support for Suricata 5.0--along with additional new features. 11am EDT Wednesday, September 25th, please join us for a webinar to discuss where we've been, where we're going, and where we are.

Link: https://proofpoint.zoom.us/j/347998498  Phone: +1 646 558 8656 or +1 669 900 6833 (US Toll) Meeting ID: 347 998 498
International numbers available: https://zoom.us/u/acddrvsUVN
Or Mobile Phone one-tap:  +16465588656,347998498# or +16699006833,347998498#

Please share issues, feedback, and requests at https://feedback.emergingthreats.net/feedback

[+++]          Added rules:          [+++]

Open:

2028617 - ET TROJAN Tortoiseshell/HMH Download Request (trojan.rules)
2028618 - ET TROJAN Tortoiseshell/HMH CnC Activity (trojan.rules)
2028619 - ET TROJAN Observed OSX/GMERA.A CnC Domain (appstockfolio .com in TLS SNI) (trojan.rules)
2028620 - ET TROJAN OSX/GMERA.B CnC Checkin (trojan.rules)

Pro:

2838549 - ETPRO MALWARE Observed Malicious SSL Cert (MalDoc DL 2019-09-24) (malware.rules)
2838550 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL 2019-09-24 2) (current_events.rules)
2838551 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL 2019-09-24 3) (current_events.rules)
2838552 - ETPRO TROJAN SSL/TLS Certificate Observed (Unknown CnC) (trojan.rules)
2838553 - ETPRO TROJAN Gh0stCringe CnC Activity M5 (trojan.rules)
2838554 - ETPRO TROJAN Win32/Remcos RAT Checkin 176 (trojan.rules)
2838555 - ETPRO TROJAN Win32/Remcos RAT Checkin 177 (trojan.rules)

[///]     Modified active rules:     [///]

2838106 - ETPRO TROJAN Sharik/Smokeloader CnC Beacon 16 (trojan.rules)
2838387 - ETPRO TROJAN Win32/Zegost Variant CnC Checkin (trojan.rules)
2838492 - ETPRO TROJAN MSIL/SpyGate CnC Activity (trojan.rules)