Daily Ruleset Update Summary
Daily Ruleset Update Summary 2021/07/30

[***] Summary: [***]

11 new OPEN, 46 new PRO (11 + 35). FIN8, Multiple Exploit/CVE, AsyncRAT.

Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++] Added rules: [+++]

Open:

2033621 - ET POLICY Observed SSL Cert (DNS Service) (policy.rules)
2033622 - ET TROJAN Observed Malicious SSL Cert (FIN8 Staging CnC)
(trojan.rules)
2033623 - ET TROJAN Observed Malicious SSL Cert (FIN8 CnC) (trojan.rules)
2033624 - ET TROJAN Observed Malicious SSL Cert (FIN8 CnC) (trojan.rules)
2033625 - ET TROJAN Observed Malicious SSL Cert (FIN8 CnC) (trojan.rules)
2033626 - ET TROJAN Observed Malicious SSL Cert (Meterpreter
Paranoid Mode CnC) (trojan.rules)
2033627 - ET TROJAN Gamaredon Maldoc Activity (GET) (trojan.rules)
2033628 - ET TROJAN Observed Win32.Raccoon Stealer Domain
(hellowoodie .top in TLS SNI) (trojan.rules)
2033629 - ET TROJAN Win32/CandyOpen/UniClient Activity (POST) (trojan.rules)
2033630 - ET POLICY External IP Lookup via 3322 .org (policy.rules)
2033631 - ET TROJAN Win32/CandyOpen/UniClient Activity (GET) (trojan.rules)

Pro:

2849488 - ETPRO TROJAN Bandook v0.5FM TCP CnC Beacon M2 (trojan.rules)
2849489 - ETPRO CURRENT_EVENTS Magnitude EK Obfuscated Landing Page
Inbound (current_events.rules)
2849490 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT) (trojan.rules)
2849491 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT) (trojan.rules)
2849492 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT) (trojan.rules)
2849493 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-07-29 1) (trojan.rules)
2849494 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-07-29 2) (trojan.rules)
2849495 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-07-29 3) (trojan.rules)
2849496 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-07-29 4) (trojan.rules)
2849497 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-07-29 5) (trojan.rules)
2849498 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-07-29 6) (trojan.rules)
2849499 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-07-29 7) (trojan.rules)
2849500 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-07-29 8) (trojan.rules)
2849501 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-07-29 10) (trojan.rules)
2849502 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-07-29 9) (trojan.rules)
2849503 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-07-29 11) (trojan.rules)
2849504 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-07-29 12) (trojan.rules)
2849505 - ETPRO EXPLOIT Zoho ManageEngine DataSecurity Plus
Directory Traversal Inbound (CVE-2020-11531) (exploit.rules)
2849506 - ETPRO EXPLOIT Zoho ManageEngine DataSecurity Plus
Authentication Bypass Inbound (CVE-2020-11532) (exploit.rules)
2849507 - ETPRO EXPLOIT Possible dotCMS CMSFilter assets Access
Control Weakness Exploitation Inbound (CVE-2020-6754) (exploit.rules)
2849508 - ETPRO EXPLOIT Possible Java Deserialization Attempt
Inbound (exploit.rules)
2849510 - ETPRO EXPLOIT Possible Cisco Webex Teams URI Handler
Remote Code Execution (CVE-2019-1636) (exploit.rules)
2849511 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT) (trojan.rules)
2849512 - ETPRO DOS HPE Intelligent Management Center dbman Opcode
10003 Filename Denial of Service (CVE-2019-5355) (dos.rules)
2849513 - ETPRO EXPLOIT Lighttpd url-path-2f-decode Denial of
Service Inbound (CVE-2019-11072) (exploit.rules)
2849514 - ETPRO TROJAN Observed Decimal Encoded EXE Content Inbound
(trojan.rules)
2849515 - ETPRO EXPLOIT Possible SolarWinds Orion NPM
OrionModuleEngine Remote Code Execution (CVE-2019-8917)
(exploit.rules)
2849516 - ETPRO TROJAN Win32/ZXRMCTROL CnC Activity (trojan.rules)
2849517 - ETPRO INFO Observed Suspicious SSL Cert (Some-Default
Cert) (info.rules)
2849518 - ETPRO TROJAN Observed Meterpreter Powershell Shellcode
Stager Inbound (trojan.rules)
2849519 - ETPRO MOBILE_MALWARE Android/Agent.BQX (TLS SNI) 173
(mobile_malware.rules)
2849520 - ETPRO TROJAN Win32/Remcos RAT Checkin 737 (trojan.rules)
2849521 - ETPRO MOBILE_MALWARE Android/Agent.BQX (TLS SNI) 174
(mobile_malware.rules)
2849522 - ETPRO MOBILE_MALWARE Android/Agent.BQX (TLS SNI) 175
(mobile_malware.rules)

[///] Modified active rules: [///]

2845893 - ETPRO TROJAN MSIL/Apocalypse Stealer CnC Exfil (trojan.rules)

Date:
Summary title:
11 new OPEN, 46 new PRO (11 + 35). FIN8, Multiple Exploit/CVE, AsyncRAT.