Daily Ruleset Update Summary
Daily Ruleset Update Summary 2021/08/02

[***] Summary: [***]

15 new OPEN, 34 new PRO (15 + 19) TA421/YTTRIUM/APT29 TLS Certs,
BlackMatter Ransomware, Cobalt Strike, AsyncRAT, Jupyter Stealer, Magix,
and Various Exploits,

Thanks @mojoesec

Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++] Added rules: [+++]

Open:

2033632 - ET TROJAN TA421/YTTRIUM/APT29 TLS Certificate M1 (trojan.rules)
2033633 - ET TROJAN TA421/YTTRIUM/APT29 TLS Certificate M2 (trojan.rules)
2033634 - ET TROJAN TA421/YTTRIUM/APT29 TLS Certificate M3 (trojan.rules)
2033635 - ET TROJAN BlackMatter CnC Domain in DNS Lookup (paymenthacks
.com) (trojan.rules)
2033636 - ET TROJAN BlackMatter CnC Domain in DNS Lookup (mojobiden .com)
(trojan.rules)
2033637 - ET EXPLOIT Smart Google Code Inserter < 3.5 Auth Bypass
(CVE-2018-3810) (exploit.rules)
2033638 - ET EXPLOIT Smart Google Code Inserter < 3.5 SQLi
(CVE-2018-3811) (exploit.rules)
2033639 - ET EXPLOIT rConfig < 3.9.7 SQLi (CVE-2020-10546) (exploit.rules)
2033640 - ET EXPLOIT phpMyAdmin setup.php Local File Include
(exploit.rules)
2033641 - ET EXPLOIT Apache Cocoon <= 2.1.x LFI (CVE-2020-11991)
(exploit.rules)
2033642 - ET EXPLOIT Paypal Pro < 1.1.65 SQLi (CVE-2020-14092)
(exploit.rules)
2033643 - ET TROJAN BlackMatter CnC Activity (trojan.rules)
2033644 - ET TROJAN Observed Cobalt Strike CnC Domain (www .msfthelpdesk
.com in TLS SNI) (trojan.rules)
2033645 - ET TROJAN Suspected Jupyter Stealer Related Activity (GET)
(trojan.rules)
2033646 - ET TROJAN Jupyter Stealer Reporting System Information M2
(trojan.rules)

Pro:

2849523 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-07-31 1) (trojan.rules)
2849524 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-07-31 2) (trojan.rules)
2849525 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-07-31 3) (trojan.rules)
2849526 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-07-31 4) (trojan.rules)
2849527 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-08-01 1) (trojan.rules)
2849528 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-08-01 2) (trojan.rules)
2849529 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-08-01 3) (trojan.rules)
2849530 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-08-01 4) (trojan.rules)
2849531 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-08-01 5) (trojan.rules)
2849532 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-08-01 6) (trojan.rules)
2849533 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-08-01 7) (trojan.rules)
2849534 - ETPRO POLICY Magix Installer Activity (POST) (policy.rules)
2849535 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT)
(trojan.rules)
2849536 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT)
(trojan.rules)
2849537 - ETPRO TROJAN Maldoc Activity (GET) (trojan.rules)
2849538 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT)
(trojan.rules)
2849539 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT)
(trojan.rules)
2849540 - ETPRO TROJAN Win32/Unk.PALLAS.H CnC Activity (trojan.rules)
2849541 - ETPRO TROJAN Backdoor.Win32.PcClient.bal CnC Activity (POST)
(trojan.rules)

[///] Modified active rules: [///]

2019204 - ET TROJAN Backdoor.Win32.PcClient.bal CnC (OUTBOUND)
(trojan.rules)
2021992 - ET WEB_SPECIFIC_APPS Possible Joomla SQLi Attempt
(CVE-2015-7297 CVE-2015-7857 CVE-2015-7858) (web_specific_apps.rules)
2811568 - ETPRO TROJAN Possible Win32/Heloag.AM CnC Beacon 1
(trojan.rules)
2826562 - ETPRO TROJAN Hidden-Tear Ransomware Variant CnC Checkin
(trojan.rules)
2842536 - ETPRO TROJAN 404/Snake/Matiex Keylogger Style External IP Check
(trojan.rules)

Date:
Summary title:
15 new OPEN, 34 new PRO (15 + 19) TA421/YTTRIUM/APT29 TLS Certs, BlackMatter Ransomware, Cobalt Strike, AsyncRAT, Jupyter Stealer, Magix, and Various Exploits,