Daily Ruleset Update Summary 2021/08/17

[***] Summary: [***]

1 new OPEN, 19 new PRO (1 + 18). DarkWay Client, MSIL/Spy.Agent,
Win32/Ratfishes, Android/Agent.BQX, Danaboit Injects, Coinminers.

Thanks: @_jsoo_

Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++] Added rules: [+++]

Open:

2033737 - ET TROJAN DarkWay Client Checkin (trojan.rules)

Pro:

2849665 - ETPRO INFO Observed Suspicious URI Structure with Common Escape
Character - Possible Exploit (info.rules)
2849666 - ETPRO INFO Observed Suspicious Raw URI Structure with Common
Escape Character - Possible Exploit (info.rules)
2849667 - ETPRO TROJAN MSIL/Spy.Agent CnC Checkin 2021-08-17
(trojan.rules)
2849668 - ETPRO INFO Suspicious Request For pom.xml File (info.rules)
2849669 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-08-16 1) (trojan.rules)
2849670 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-08-16 2) (trojan.rules)
2849671 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-08-16 3) (trojan.rules)
2849672 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-08-16 4) (trojan.rules)
2849673 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-08-16 5) (trojan.rules)
2849674 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-08-16 6) (trojan.rules)
2849675 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-08-16 7) (trojan.rules)
2849676 - ETPRO TROJAN Win32/Ratfishes Checkin (trojan.rules)
2849677 - ETPRO TROJAN Likey Evil Obfuscated RTF With Fake Version /
objdata Inbound (trojan.rules)
2849678 - ETPRO MOBILE_MALWARE Android/Agent.BQX (TLS SNI) 179
(mobile_malware.rules)
2849679 - ETPRO MOBILE_MALWARE Android/Agent.BQX (TLS SNI) 180
(mobile_malware.rules)
2849680 - ETPRO TROJAN Likely Evil Reversed Obfuscated Powershell Inbound
(trojan.rules)
2849681 - ETPRO INFO Suspicious Reversed String Inbound (kernel32.dll)
(info.rules)
2849682 - ETPRO TROJAN Observed Danabot Injects Domain in TLS SNI
(trojan.rules)

[///] Modified inactive rules: [///]

2849513 - ETPRO EXPLOIT Lighttpd url-path-2f-decode Denial of Service
Inbound (CVE-2019-11072) (exploit.rules)

Date:

Tuesday, August 17, 2021

Summary title:

1 new OPEN, 19 new PRO (1 + 18). DarkWay Client, MSIL/Spy.Agent, Win32/Ratfishes, Android/Agent.BQX, Danaboit Injects, Coinminers.