Daily Ruleset Update Summary 2021/08/18

[***] Summary: [***]

5 new OPEN, 16 new PRO (5 + 11). CVE-2021-22123, Win32/BLUELIGHT,
CVE-2019-1867, CVE-2019-11469, OrcusRAT, MSIL/Atlas Server, Coinminers.

Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++] Added rules: [+++]

Open:

2033738 - ET EXPLOIT Fortinet FortiWeb OS Command Injection Inbound M1
(CVE-2021-22123) (exploit.rules)
2033739 - ET TROJAN Observed BLUELIGHT Payload Domain (storage .jquery
.services in TLS SNI) (trojan.rules)
2033740 - ET TROJAN Win32/BLUELIGHT OAuth Login Attempt (trojan.rules)
2033741 - ET TROJAN Win32/BLUELIGHT OAuth Login Attempt M2 (trojan.rules)
2033742 - ET EXPLOIT Fortinet FortiWeb OS Command Injection Inbound M2
(CVE-2021-22123) (exploit.rules)

Pro:

2849087 - ETPRO TROJAN ELF/Likely Evil Shell Script Content Inbound
(trojan.rules)
2849684 - ETPRO EXPLOIT Cisco Elastic Services Controller REST API
Authentication Bypass (CVE-2019-1867) (exploit.rules)
2849685 - ETPRO EXPLOIT Zoho ManageEngine Applications Manager
FaultTemplateOptions.jsp resourceid SQL Injection (CVE-2019-11469)
(exploit.rules)
2849688 - ETPRO WEB_CLIENT Possible Microsoft Windows MSHTML Engine
Remote Code Execution Inbound (CVE-2019-0541) (web_client.rules)
2849689 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-08-18 1) (trojan.rules)
2849690 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-08-18 2) (trojan.rules)
2849691 - ETPRO TROJAN MSIL/Atlas Server Response (trojan.rules)
2849692 - ETPRO TROJAN Observed Malicious SSL Cert (OrcusRAT)
(trojan.rules)
2849694 - ETPRO TROJAN Win32/MixDownloader Requesting Payload
(trojan.rules)

[///] Modified active rules: [///]

2830104 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-03-23 2) (trojan.rules)
2830385 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-04-13 2) (trojan.rules)
2830416 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-04-16 6) (trojan.rules)
2830480 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-04-19 3) (trojan.rules)
2830525 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-04-23 4) (trojan.rules)
2830583 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-04-25 5) (trojan.rules)
2830663 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-05-03 1) (trojan.rules)
2830675 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-05-03 13) (trojan.rules)
2830719 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-05-07 9) (trojan.rules)
2830878 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-05-16 4) (trojan.rules)
2831066 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-05-29 3) (trojan.rules)
2831198 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-06-08 2) (trojan.rules)

[---] Removed rules: [---]

2849087 - ETPRO INFO ELF/Suspicious Shell Script Content Inbound
(info.rules)

Date:

Wednesday, August 18, 2021

Summary title:

5 new OPEN, 16 new PRO (5 + 11). CVE-2021-22123, Win32/BLUELIGHT, CVE-2019-1867, CVE-2019-11469, OrcusRAT, MSIL/Atlas Server, Coinminers.