Daily Ruleset Update Summary
Daily Ruleset Update Summary 2021/08/20

[***] Summary: [***]

10 new OPEN, 26 new PRO (10 + 16). Aslan, AsyncRAT, RustyBeur, Various
CVEs.

Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++] Added rules: [+++]

Open:

2020705 - ET INFO Generic - Mozilla 4.0 EXE Request (info.rules)
2033748 - ET CURRENT_EVENTS Observed OWA Phishing Landing Page 2021-08-20
(current_events.rules)
2033749 - ET INFO Pulse Secure VPN Version Disclosure Attempt (info.rules)
2033750 - ET EXPLOIT Possible Pulse Secure VPN RCE Chain Stage 1 Inbound
- Request Config Backup (CVE-2020-8260) (exploit.rules)
2033751 - ET EXPLOIT Possible Pulse Secure VPN RCE Chain Stage 2 Inbound
- Upload Malicious Config (CVE-2020-8260) (exploit.rules)
2033752 - ET EXPLOIT Possible Pulse Secure VPN RCE Chain Stage 3 Inbound
- Execute Mal Config Trigger (CVE-2020-8260) (exploit.rules)
2033753 - ET EXPLOIT Pulse Secure VPN RCE Chain Stage 3 Inbound - Execute
Mal Config Trigger, PoC Based (CVE-2020-8260) (exploit.rules)
2033754 - ET EXPLOIT Possible Microsoft Exchange ProxyLogon Activity -
OABVirtualDirectory SetObject (CVE-2021-27065) (exploit.rules)
2033755 - ET EXPLOIT vCenter Server RCE Chain Initial Stage Inbound
(CVE-2021-21985) (exploit.rules)
2033756 - ET EXPLOIT vCenter Server RCE Chain Final Stage Inbound
(CVE-2021-21985) (exploit.rules)

Pro:

2849712 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT)
(trojan.rules)
2849713 - ETPRO TROJAN Aslan Payload CnC Activity M1 (trojan.rules)
2849714 - ETPRO TROJAN Aslan Payload CnC Activity M2 (trojan.rules)
2849715 - ETPRO TROJAN Aslan MalDoc Checkin M1 (trojan.rules)
2849716 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT)
(trojan.rules)
2849717 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT)
(trojan.rules)
2849718 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT)
(trojan.rules)
2849719 - ETPRO TROJAN Aslan HTA Loader Checkin M1 (trojan.rules)
2849720 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-08-20 1) (trojan.rules)
2849721 - ETPRO TROJAN Aslan CnC Domain in DNS Lookup (trojan.rules)
2849722 - ETPRO TROJAN Aslan CnC Domain in DNS Lookup (trojan.rules)
2849723 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-08-20 2) (trojan.rules)
2849724 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT)
(trojan.rules)
2849725 - ETPRO TROJAN Win32/StormKitty/a310Logger Exfil via SMTP
(trojan.rules)
2849726 - ETPRO TROJAN Observed RustyBeur CnC Domain in TLS SNI
(trojan.rules)
2849727 - ETPRO TROJAN Win32/Remcos RAT Checkin 743 (trojan.rules)

[///] Modified active rules: [///]

2020019 - ET TROJAN US-CERT TA14-353A Proxy Tool 3 (trojan.rules)
2022566 - ET TROJAN Possible Malicious Macro EXE DL AlphaNumL
(trojan.rules)
2809587 - ETPRO TROJAN Win32/Spy.Agent.OLV Checkin (trojan.rules)
2831290 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-06-15 4) (trojan.rules)
2849661 - ETPRO TROJAN Observed Middle East Threat Group CnC Domain in
DNS Lookup (trojan.rules)

[---] Removed rules: [---]

2020705 - ET TROJAN Generic - Mozilla 4.0 EXE Request (trojan.rules)
2849026 - ETPRO MOBILE_MALWARE Android/Agent.BQX (TLS SNI) 122
(mobile_malware.rules)
2849064 - ETPRO MOBILE_MALWARE Android/Agent.BQX (TLS SNI) 127
(mobile_malware.rules)

---------------------------------------

James Emery-Callcott
Security Researcher | ProofPoint Inc | Emerging Threats Team

Date:
Summary title:
10 new OPEN, 26 new PRO (10 + 16). Aslan, AsyncRAT, RustyBeur, Various CVEs.