[***]            Summary:            [***]

8 new OPEN, 16 new PRO (8 + 8). Zyklon, Xetapp, Lemon Duck, Turla, Magecart.

Tks @500mk500 and @SeraphimDomain

Many rules in the Suricata 5 ruleset have been updated with Suricata 5 rule syntax/keywords. A complete list of rules that were  changed can be found via the changelog here:
https://rules.emergingthreats.net/changelogs/suricata-5.0-enhanced.open.2020-09-02T21:45:05.txt

Please share issues, feedback, and requests at https://feedback.emergingthreats.net/feedback

[+++]          Added rules:          [+++]

Open:

  2030822 - ET MOBILE_MALWARE Backdoor.AndroidOS.Ahmyth.f (DNS Lookup)
(mobile_malware.rules)
  2030823 - ET TROJAN Zyklon CnC Activity (trojan.rules)
  2030824 - ET TROJAN Observed IcedID CnC Domain in TLS SNI (trojan.rules)
  2030825 - ET MALWARE Win32/Xetapp Installer Checkin (malware.rules)
  2030826 - ET TROJAN Lemon_Duck Linux Shell Script CnC Activity
(trojan.rules)
  2030827 - ET TROJAN Lemon_Duck CnC Activity (trojan.rules)
  2030828 - ET TROJAN Observed MageCart CnC Domain in TLS SNI (trojan.rules)
  2030829 - ET TROJAN TURLA APT CnC Activity (trojan.rules)

Pro:

  2844252 - ETPRO MOBILE_MALWARE Backdoor.AndroidOS.Ahmyth.f Checkin
(mobile_malware.rules)
  2844253 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-09-02 1) (trojan.rules)
  2844254 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-09-02 2) (trojan.rules)
  2844255 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-09-02 3) (trojan.rules)
  2844256 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2020-09-02 (current_events.rules)
  2844257 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2020-09-02 (current_events.rules)
  2844258 - ETPRO CURRENT_EVENTS Successful Gov UK Tax Refund Phish
2020-09-02 (current_events.rules)
  2844259 - ETPRO CURRENT_EVENTS Successful Gov UK Tax Refund Phish
2020-09-02 (current_events.rules)