[***]            Summary:            [***]

2 new Open, 26 new Pro (2 + 24).  ZxShell, Android/Geost, DonotGroup, Various Certs, Various Phish.

Many signatures in the Suricata 4 and Suricata 5 ruleset had modifications to remove the use of fast_pattern:only; which does not change
or impact the detection logic.
The references to fast_pattern:only; were replaced with fast_pattern;

See https://suricata.readthedocs.io/en/suricata-4.1.0/rules/prefilter-keywords.html#fast-pattern-only for more details.

Please share issues, feedback, and requests at https://feedback.emergingthreats.net/feedback

[+++]          Added rules:          [+++]

Open:

2028660 - ET TROJAN DonotGroup CnC Domain Observed in DNS Query (trojan.rules)
2028661 - ET MOBILE_MALWARE Android/Geost CnC Checkin (mobile_malware.rules)

Pro:

2838808 - ETPRO TROJAN Win32/SDBbot CnC Checkin (trojan.rules)
2838809 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC) (trojan.rules)
2838810 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC) (trojan.rules)
2838811 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2019-10-08) (trojan.rules)
2838812 - ETPRO CURRENT_EVENTS Successful Bank of America Phish 2019-10-08 (current_events.rules)
2838813 - ETPRO CURRENT_EVENTS Successful Banco Itau Phish 2019-10-08 (current_events.rules)
2838814 - ETPRO CURRENT_EVENTS Successful Banco Itau Phish 2019-10-08 (current_events.rules)
2838815 - ETPRO CURRENT_EVENTS Successful Santander Phish 2019-10-08 (current_events.rules)
2838816 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information Phish 2019-10-08 (current_events.rules)
2838817 - ETPRO CURRENT_EVENTS Successful Scotiabank Phish 2019-10-08 (current_events.rules)
2838818 - ETPRO CURRENT_EVENTS Successful Linkedin Phish 2019-10-08 (current_events.rules)
2838819 - ETPRO CURRENT_EVENTS Successful Manulife Bank Phish 2019-10-08 (current_events.rules)
2838820 - ETPRO CURRENT_EVENTS Successful Citi Phish 2019-10-08 (current_events.rules)
2838821 - ETPRO CURRENT_EVENTS Successful Citi Phish 2019-10-08 (current_events.rules)
2838822 - ETPRO CURRENT_EVENTS Successful Citi Phish 2019-10-08 (current_events.rules)
2838823 - ETPRO CURRENT_EVENTS Successful Microsoft Teams Phish 2019-10-08 (current_events.rules)
2838824 - ETPRO CURRENT_EVENTS Successful US Bank Phish 2019-10-08 (current_events.rules)
2838825 - ETPRO CURRENT_EVENTS Successful DHL Phish 2019-10-08 (current_events.rules)
2838826 - ETPRO CURRENT_EVENTS Successful AlaskaUSA Federal Credit Union Phish 2019-10-08 (current_events.rules)
2838827 - ETPRO CURRENT_EVENTS Successful Banco Safra Phish 2019-10-08 (current_events.rules)
2838828 - ETPRO TROJAN Observed Malicious SSL Cert (DonotGroup CnC) (trojan.rules)
2838829 - ETPRO TROJAN Observed Malicious SSL Cert (TickGroup CnC) (trojan.rules)
2838830 - ETPRO TROJAN Possible ZxShell CnC Checkin (trojan.rules)
2838831 - ETPRO TROJAN Win32/Remcos RAT Checkin 198 (trojan.rules)

Date: 
Monday, October 7, 2019 - 22:00