Daily Ruleset Update Summary 2021/08/23

Daily Ruleset Update Summary

[***] Summary: [***]

18 new OPEN, 29 new PRO (18 + 11). Multiple CVE, SiameseKitten,
Cinobi, Various Ransomware, RedLine Stealer.

thanks @fbgwls245

Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++] Added rules: [+++]

Open:

2033757 - ET EXPLOIT eMerge E3 Command Injection Inbound
(CVE-2019-7256) (exploit.rules)
2033758 - ET EXPLOIT Genexis PLATINUM 4410 Command Injection Inbound
(CVE-2021-29003) (exploit.rules)
2033759 - ET EXPLOIT Unknown Target Application Command Injection
Inbound (exploit.rules)
2033760 - ET TROJAN SiameseKitten/Lyceum/Hexane MSIL/Shark CnC
Checkin (trojan.rules)
2033761 - ET TROJAN SiameseKitten/Lyceum/Hexane MSIL/Shark Response
- 1 Byte XOR Key (trojan.rules)
2033762 - ET TROJAN SiameseKitten/Lyceum/Hexane MSIL/Shark Uploading
to CnC (trojan.rules)
2033763 - ET TROJAN Cinobi Banking Trojan Domain in DNS Lookup (www
.magicalgirlonlive .com) (trojan.rules)
2033764 - ET TROJAN Cinobi Banking Trojan Domain in DNS Lookup (www
.getkiplayer .com) (trojan.rules)
2033765 - ET TROJAN Cinobi Banking Trojan Domain in DNS Lookup (www
.supapureigemu .com) (trojan.rules)
2033766 - ET TROJAN Cinobi Banking Trojan Domain in DNS Lookup (www
.chirigame .com) (trojan.rules)
2033767 - ET MOBILE_MALWARE Android/FlyTrap Activity (POST)
(mobile_malware.rules)
2033768 - ET TROJAN Win32/Kryptik.HMCH Dropper User-Agent M1 (trojan.rules)
2033769 - ET TROJAN Win32/Kryptik.HMCH Dropper User-Agent M2 (trojan.rules)
2033770 - ET TROJAN Win32/Kryptik.HMCH Dropper User-Agent M3 (trojan.rules)
2033771 - ET TROJAN Win32/Kryptik.HMCH Dropper User-Agent M4 (trojan.rules)
2033772 - ET TROJAN Observed Karen Ransomware CnC Checkin (trojan.rules)
2033773 - ET TROJAN Observed Karen Ransomware Powershell Loader (trojan.rules)
2033774 - ET TROJAN Observed Karen Ransomware Domain (karen .h07
.wlh .io in TLS SNI) (trojan.rules)

Pro:

2849728 - ETPRO TROJAN Win32/ShadowPad CnC Checkin (trojan.rules)
2849729 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-08-21 1) (trojan.rules)
2849730 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-08-21 2) (trojan.rules)
2849731 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-08-21 3) (trojan.rules)
2849732 - ETPRO EXPLOIT D-Link DNS-320 FW Command Injection Outbound
(CVE-2020-25506) (exploit.rules)
2849733 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT) (trojan.rules)
2849734 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT) (trojan.rules)
2849735 - ETPRO CURRENT_EVENTS Successful Generic Phish 2021-08-23
(current_events.rules)
2849736 - ETPRO TROJAN Suspected Magniber Ransomware Activity (GET)
M2 (trojan.rules)
2849737 - ETPRO TROJAN Suspected Magniber Ransomware Activity (GET)
M3 (trojan.rules)
2849738 - ETPRO TROJAN RedLine - VerifyUpdate Request (trojan.rules)

[///] Modified active rules: [///]

2021813 - ET TROJAN Ursnif Variant CnC Beacon (trojan.rules)
2031535 - ET EXPLOIT Possible TerraMaster TOS RCE Inbound
(CVE-2020-28188 CVE-2020-35665) (exploit.rules)
2830665 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-05-03 3) (trojan.rules)
2831186 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-06-07 2) (trojan.rules)
2834979 - ETPRO TROJAN Ave Maria/Warzone RAT Encrypted CnC Checkin
(trojan.rules)
2841903 - ETPRO TROJAN Ave Maria/Warzone RAT Encrypted CnC Checkin
(Inbound) (trojan.rules)
2848961 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-04-03 2) (trojan.rules)
2849726 - ETPRO TROJAN Observed RustyBeur CnC Domain in TLS SNI (trojan.rules)

Date:

Monday, August 23, 2021

Summary title:

18 new OPEN, 29 new PRO (18 + 11). Multiple CVE, SiameseKitten, Cinobi, Various Ransomware, RedLine Stealer.