[***] Summary: [***]
12 new OPEN, 21 new PRO (12 + 9) CNRarypt Ransomware, Laravel Remote
Code Execution (CVE-2021-3129), ZiggyStealer, and SharpPanda APT.
Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback
[+++] Added rules: [+++]
Open:
2033075 - ET TROJAN CNRarypt Ransomware CnC Activity (trojan.rules)
2033076 - ET POLICY Observed File Transfer Service SSL/TLS
Certificate (transfer .sh) (policy.rules)
2033077 - ET INFO Session Traversal Utilities for NAT (STUN Binding
Request On Non-Standard Low Port) (info.rules)
2033078 - ET INFO Session Traversal Utilities for NAT (STUN Binding
Request On Non-Standard High Port) (info.rules)
2033079 - ET EXPLOIT Laravel Remote Code Execution (CVE-2021-3129)
Inbound - Attempt to clear logs (exploit.rules)
2033080 - ET EXPLOIT Laravel Remote Code Execution (CVE-2021-3129)
Inbound - Payload Execution Attempt (exploit.rules)
2033081 - ET EXPLOIT Laravel Remote Code Execution (CVE-2021-3129)
Outbound - Attempt to clear logs (exploit.rules)
2033082 - ET EXPLOIT Laravel Remote Code Execution (CVE-2021-3129)
Outbound - Payload Execution Attempt (exploit.rules)
2033083 - ET TROJAN Unknown Middle East Threat Group Activity (GET)
(trojan.rules)
2033084 - ET TROJAN Unknown Middle East Threat Group Activity (DNS)
(trojan.rules)
2033085 - ET TROJAN Unknown Middle East Threat Group Activity (DNS)
(trojan.rules)
2033086 - ET TROJAN SharpPanda APT Maldoc Activity (trojan.rules)
Pro:
2848807 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT) (trojan.rules)
2848808 - ETPRO TROJAN ZiggyStealer CnC Activity (trojan.rules)
2848809 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-06-02 1) (trojan.rules)
2848810 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-06-02 2) (trojan.rules)
2848811 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-06-02 3) (trojan.rules)
2848812 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-06-02 4) (trojan.rules)
2848813 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-06-02 5) (trojan.rules)
2848814 - ETPRO CURRENT_EVENTS Successful Navy Federal Credit Union
Phish 2021-06-03 (current_events.rules)
2848815 - ETPRO CURRENT_EVENTS Successful Generic Credential Phish
2021-06-03 (current_events.rules)
[///] Modified active rules: [///]
2017871 - ET POLICY W32/BitCoinMiner.MultiThreat Subscribe/Authorize
Stratum Protocol Message (policy.rules)
2017872 - ET POLICY W32/BitCoinMiner.MultiThreat Stratum Protocol
Mining.Notify Initial Connection Server Response (policy.rules)
2017873 - ET POLICY W32/BitCoinMiner.MultiThreat Stratum Protocol
Mining.Notify Work Server Response (policy.rules)
2033054 - ET TROJAN SharpPanda APT Downloader Activity (GET) (trojan.rules)
2824801 - ETPRO TROJAN Lets Encrypt Free SSL Cert Observed in
Possible Paypal Phishing (trojan.rules)
[///] Modified inactive rules: [///]
2815626 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(2016-01-06 1) (trojan.rules)
2815627 - ETPRO TROJAN CoinMiner Known malicious stratum authline
(2016-01-06 2) (trojan.rules)