Daily Ruleset Update Summary
Daily Ruleset Update Summary 2021/08/16

[***] Summary: [***]

3 new OPEN, 25 new PRO (3 + 22).
Win32/Nitol.B, Android.Monitor.Truthspy.A, Red-Line, Middle East Threat
Group, Coinminers.

Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++] Added rules: [+++]

Open:

2033734 - ET INFO Base64 Encoded Windows IP Configuration Output in HTTP
POST M1 (info.rules)
2033735 - ET INFO Base64 Encoded Windows IP Configuration Output in HTTP
POST M2 (info.rules)
2033736 - ET INFO Base64 Encoded Windows IP Configuration Output in HTTP
POST M3 (info.rules)

Pro:

2849643 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-08-14 1) (trojan.rules)
2849644 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-08-14 2) (trojan.rules)
2849645 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-08-14 3) (trojan.rules)
2849646 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-08-14 4) (trojan.rules)
2849647 - ETPRO INFO Generic Buffer Overflow - HTTP Host Field
(info.rules)
2849648 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT)
(trojan.rules)
2849649 - ETPRO TROJAN Observed Malicious SSL Cert (OrcusRAT)
(trojan.rules)
2849650 - ETPRO TROJAN Win32/Nitol.B Retrieving Config (trojan.rules)
2849656 - ETPRO MOBILE_MALWARE Android.Monitor.Truthspy.A Checkin
(mobile_malware.rules)
2849657 - ETPRO MOBILE_MALWARE Android.Monitor.Truthspy.A CnC Beacon
(mobile_malware.rules)
2849658 - ETPRO MOBILE_MALWARE AndroidOS/Clicker.B!MTB Checkin
(mobile_malware.rules)
2849659 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Agent.vw Checkin
(mobile_malware.rules)
2849660 - ETPRO MOBILE_MALWARE Android.Telerat.GEN43179 Checkin
(mobile_malware.rules)
2849661 - ETPRO TROJAN Observed Middle East Threat Group CnC CnC Domain
in DNS Lookup (trojan.rules)
2849662 - ETPRO TROJAN RedLine - CheckConnect Request (trojan.rules)
2849663 - ETPRO TROJAN Middle East Threat Group Checkin Activity
(trojan.rules)
2849664 - ETPRO TROJAN Middle East Threat Group Server Response
(trojan.rules)

[///] Modified active rules: [///]

2033403 - ET WEB_SPECIFIC_APPS Apache SkyWalking GraphQL SQL Injection
Inbound (CVE-2020-13921) (web_specific_apps.rules)
2033424 - ET WEB_SPECIFIC_APPS rConfig ajaxArchiveFiles.php Command
Injection Inbound (CVE-2019-19509) (web_specific_apps.rules)
2849411 - ETPRO WEB_CLIENT IE JScript Use-After-Free Inbound
(CVE-2019-1429) (web_client.rules)
2849507 - ETPRO EXPLOIT Possible dotCMS CMSFilter assets Access Control
Weakness Exploitation Inbound (CVE-2020-6754) (exploit.rules)

Date:
Summary title:
3 new OPEN, 25 new PRO (3 + 22). Win32/Nitol.B, Android.Monitor.Truthspy.A, Red-Line, Middle East Threat Group, Coinminers.