[***]            Summary:            [***]

3 new OPEN, 12 new PRO (3 + 9). Reimageplus Ransomware, Win32/Valak, Cobalt Strike, IcedID

Thanks: @malwrhunterteam.

Many rules in the Suricata 5 ruleset have been updated with Suricata 5 rule syntax/keywords. A complete list of rules that were  changed can be found via the changelog here:
https://rules.emergingthreats.net/changelogs/suricata-5.0-enhanced.open-nogpl.2020-09-11T22:35:57.txt

Please share issues, feedback, and requests at https://feedback.emergingthreats.net/feedback

[+++]          Added rules:          [+++]

Open:

  2030851 - ET TROJAN Observed Reimageplus Ransomware Domain in TLS
SNI (trojan.rules)
  2030852 - ET TROJAN Reimageplus Ransomware Checkin (trojan.rules)
  2030853 - ET TROJAN Win32/Valak Variant CnC (trojan.rules)

Pro:

  2844365 - ETPRO MOBILE_MALWARE Android/KCPro Spyware CnC Activity
(mobile_malware.rules)
  2844366 - ETPRO TROJAN APT/TontoTeam Dropper Activity (trojan.rules)
  2844367 - ETPRO TROJAN Observed Malicious SSL Cert (Get2 CnC) (trojan.rules)
  2844368 - ETPRO TROJAN Cobalt Strike Malleable C2 (QiHoo Profile)
(trojan.rules)
  2844369 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-09-11 1) (trojan.rules)
  2844370 - ETPRO TROJAN Observed IcedID CnC Domain in TLS SNI (trojan.rules)
  2844371 - ETPRO TROJAN Observed IcedID CnC Domain in TLS SNI (trojan.rules)
  2844372 - ETPRO TROJAN Observed Win64/Kryptik.BTT Domain in TLS SNI
(trojan.rules)
  2844373 - ETPRO MALWARE Win32/Agent.xxcydg CnC (malware.rules)

[///]     Modified active rules:     [///]

  2004000 - ET WEB_SPECIFIC_APPS Gazi Download Portal SQL Injection
Attempt -- down_indir.asp id UNION SELECT (web_specific_apps.rules)
  2004001 - ET WEB_SPECIFIC_APPS Gazi Download Portal SQL Injection
Attempt -- down_indir.asp id INSERT (web_specific_apps.rules)
  2004002 - ET WEB_SPECIFIC_APPS Gazi Download Portal SQL Injection
Attempt -- down_indir.asp id DELETE (web_specific_apps.rules)