Daily Ruleset Update Summary
Daily Ruleset Update Summary 2021/08/11

[***] Summary: [***]

8 new OPEN, 22 new PRO (8 + 14). IIStealer, Remcos, CVE-2021-26432,
Others.

Thanks @AhnLab_SecuInfo

Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++] Added rules: [+++]

Open:

2033101 - ET SCAN OpenVASVT RCE Test String in HTTP Request Inbound
(scan.rules)
2033102 - ET SCAN OpenVASVT RCE Test String in HTTP Request Outbound
(scan.rules)
2033705 - ET TROJAN IIStealer CnC Domain in DNS Lookup (xinxx .allsoulu
.com) (trojan.rules)
2033706 - ET TROJAN IIStealer Inbound Exfil Request (trojan.rules)
2033707 - ET TROJAN IIStealer Inbound Exfil Request M2 (trojan.rules)
2033708 - ET TROJAN Unknown DPRK Threat Actor Activity (GET)
(trojan.rules)
2033709 - ET TROJAN Win32/DownloadAdmin Activity (trojan.rules)
2033710 - ET TROJAN Suspected Praying Mantis Threat Actor Activity
(trojan.rules)

Pro:

2849585 - ETPRO EXPLOIT Windows NFS ONCRPC XDR Driver Remote Code
Execution Inbound (CVE-2021-26432) (exploit.rules)
2849586 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-08-11 1) (trojan.rules)
2849587 - ETPRO TROJAN Win32/Unk.Loader.IPL User-Agent Observed
(trojan.rules)
2849588 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-08-11 2) (trojan.rules)
2849589 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-08-11 3) (trojan.rules)
2849590 - ETPRO TROJAN Win32/Unk.Loader.msxyz Activity (trojan.rules)
2849591 - ETPRO TROJAN DarkCloudBot Stealer Exfil via Telegram
(trojan.rules)
2849593 - ETPRO TROJAN Win32/Remcos RAT Checkin 738 (trojan.rules)
2849594 - ETPRO TROJAN Win32/Remcos RAT Checkin 739 (trojan.rules)
2849595 - ETPRO TROJAN Win32/Remcos RAT Checkin 740 (trojan.rules)
2849597 - ETPRO CURRENT_EVENTS Successful Generic Phish 2021-08-11
(current_events.rules)

[---] Removed rules: [---]

2033101 - ET ATTACK_RESPONSE OpenVASVT RCE Test String in HTTP Request
Inbound (attack_response.rules)
2033102 - ET ATTACK_RESPONSE OpenVASVT RCE Test String in HTTP Request
Outbound (attack_response.rules)

---------------------------------------

James Emery-Callcott
Security Researcher | ProofPoint Inc | Emerging Threats Team

Date:
Summary title:
8 new OPEN, 22 new PRO (8 + 14). IIStealer, Remcos, CVE-2021-26432, Others.