Daily Ruleset Update Summary 2022/05/03

[***] Summary: [***]

1 new OPEN, 15 new PRO (1 + 14) Lorenz Ransomware, TeamTNT DNS Sig,
Qbot SNI sigs, and NaxoProjects Game Cheats sigs.

Thanks @TalosSecurity

There were several hundred rules that had minor syntax corrections.
For a complete list of changes please see the follow change log:

https://rules.emergingthreatspro.com/changelogs/suricata-5.0-enhanced.o…

Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++] Added rules: [+++]

Open:

2036455 - ET MALWARE TeamTNT Related Domain in DNS Lookup (chimaera
.cc) (malware.rules)

Pro:

2851563 - ETPRO MALWARE Lorenz Ransomware CnC Activity M1 (malware.rules)
2851564 - ETPRO MALWARE Lorenz Ransomware CnC Activity M2 (malware.rules)
2851565 - ETPRO GAMES Observed NaxoProjects Game Cheat Domain in
TLS SNI (games.rules)
2851566 - ETPRO GAMES NaxoProjects Game Cheat Activity (games.rules)
2851567 - ETPRO ADWARE_PUP Win32/Funshion Adware Install Checkin M3
(adware_pup.rules)
2851572 - ETPRO MALWARE MalDoc Retrieving Qbot Payload 2022-05-03
(malware.rules)
2851573 - ETPRO MALWARE Downloaded .PNG Contains Reversed Executable
(malware.rules)
2851574 - ETPRO MALWARE Observed Qbot Domain (multiconstruction .net
in TLS SNI) (malware.rules)
2851575 - ETPRO MALWARE Observed Qbot Domain (psmyanmar .com in TLS
SNI) (malware.rules)
2851576 - ETPRO MALWARE Observed Qbot Domain (fastesol .com in TLS
SNI) (malware.rules)

[///] Modified active rules: [///]

2035611 - ET MALWARE Kimsuky APT Related Host Data Exfil M5 (malware.rules)

Date:

Tuesday, May 3, 2022

Summary title:

1 new OPEN, 15 new PRO (1 + 14) Lorenz Ransomware, TeamTNT DNS Sig, Qbot SNI sigs, and NaxoProjects Game Cheats sigs.