[***]            Summary:            [***]

2 new Open, 21 new Pro (2 + 19).  WhiteShadow, Various Android, Various SSL/TLS.

Slides from the ETPRO Suricata 5.0 webinar are now available here -
https://www.slideshare.net/JasonWilliams288/proofpoint-emerging-threats-suricata-50-webinar

Please share issues, feedback, and requests at https://feedback.emergingthreats.net/feedback

[+++]          Added rules:          [+++]

Open:

2028633 - ET MALWARE Win32/Adware.iBryte.BO CnC Activity (malware.rules)
2028632 - ET TROJAN Win32/Flooder.Agent.NAS CnC Domain in DNS Lookup (trojan.rules)

Pro:

2838584 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmsThief.cy Reporting Infection via SMTP (mobile_malware.rules)
2838585 - ETPRO MOBILE_MALWARE Android/Spy.Banker.DB Reporting Infection via SMTP (mobile_malware.rules)
2838586 - ETPRO MOBILE_MALWARE Android/Spy.Banker.DB Reporting Infection via SMTP 2 (mobile_malware.rules)
2838587 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Gidix.a Reporting Infection via SMTP (mobile_malware.rules)
2838588 - ETPRO MOBILE_MALWARE Android/Lendia Reporting Infection via SMTP (mobile_malware.rules)
2838589 - ETPRO MOBILE_MALWARE Android.SmsThief.GEN28135 Reporting Infection via SMTP (mobile_malware.rules)
2838598 - ETPRO TROJAN Upatre CnC Domain in DNS Lookup (trojan.rules)
2838599 - ETPRO TROJAN Upatre CnC Domain in DNS Lookup (trojan.rules)
2838600 - ETPRO TROJAN Win32/Remcos RAT Checkin 181 (trojan.rules)
2838601 - ETPRO TROJAN Upatre CnC Domain in DNS Lookup (trojan.rules)
2838590 - ETPRO TROJAN Observed Malicious SSL Cert (HerpesNet Variant CnC) (trojan.rules)
2838591 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL 2019-09-26) (current_events.rules)
2838592 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL 2019-09-26 2) (current_events.rules)
2838602 - ETPRO TROJAN Upatre CnC Domain in DNS Lookup (trojan.rules)
2838593 - ETPRO TROJAN Observed Malicious SSL Cert (GRIFFON CnC) (trojan.rules)
2838594 - ETPRO TROJAN Observed DNS Query to GRIFFON CnC Domain (trojan.rules)
2838595 - ETPRO TROJAN Possible WhiteShadow MySQL Activity Observed Outbound (trojan.rules)
2838596 - ETPRO TROJAN Possible WhiteShadow MySQL Activity Observed Inbound M1 (trojan.rules)
2838597 - ETPRO TROJAN Possible WhiteShadow MySQL Activity Observed Inbound M2 (trojan.rules)

Date: 
Wednesday, September 25, 2019 - 22:00