[***] Summary: [***]
1 new OPEN, 15 new PRO (1 + 14) Lorenz Ransomware, TeamTNT DNS Sig,
Qbot SNI sigs, and NaxoProjects Game Cheats sigs.
Thanks @TalosSecurity
There were several hundred rules that had minor syntax corrections.
For a complete list of changes please see the follow change log:
https://rules.emergingthreatspro.com/changelogs/suricata-5.0-enhanced.o…
Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback
[+++] Added rules: [+++]
Open:
2036455 - ET MALWARE TeamTNT Related Domain in DNS Lookup (chimaera
.cc) (malware.rules)
Pro:
2851563 - ETPRO MALWARE Lorenz Ransomware CnC Activity M1 (malware.rules)
2851564 - ETPRO MALWARE Lorenz Ransomware CnC Activity M2 (malware.rules)
2851565 - ETPRO GAMES Observed NaxoProjects Game Cheat Domain in
TLS SNI (games.rules)
2851566 - ETPRO GAMES NaxoProjects Game Cheat Activity (games.rules)
2851567 - ETPRO ADWARE_PUP Win32/Funshion Adware Install Checkin M3
(adware_pup.rules)
2851572 - ETPRO MALWARE MalDoc Retrieving Qbot Payload 2022-05-03
(malware.rules)
2851573 - ETPRO MALWARE Downloaded .PNG Contains Reversed Executable
(malware.rules)
2851574 - ETPRO MALWARE Observed Qbot Domain (multiconstruction .net
in TLS SNI) (malware.rules)
2851575 - ETPRO MALWARE Observed Qbot Domain (psmyanmar .com in TLS
SNI) (malware.rules)
2851576 - ETPRO MALWARE Observed Qbot Domain (fastesol .com in TLS
SNI) (malware.rules)
[///] Modified active rules: [///]
2035611 - ET MALWARE Kimsuky APT Related Host Data Exfil M5 (malware.rules)