Daily Ruleset Update Summary
Daily Ruleset Update Summary 2021/08/25

[***] Summary: [***]

14 new OPEN, 21 new PRO (14 + 7). Multiple CVE, SparklingGoblin,
FerociousKitten, SLIGHTPULSE, Konni RAT, Redline Stealer, Matanbuchus.

Thanks @Timele9527 and @ESETresearch

Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++] Added rules: [+++]

Open:

2033781 - ET EXPLOIT Use-After-Free in QuickTimePluginReplacement
(CVE-2021-1879) (exploit.rules)
2033782 - ET EXPLOIT Microsoft Edge Chakra - InlineArrayPush Type
Confusion Inbound (CVE-2018-8617) (exploit.rules)
2033783 - ET EXPLOIT Microsoft Edge Chakra - NewScObjectNoCtor
InitProtoType Confusion Inbound (CVE-2019-0567) (exploit.rules)
2033784 - ET TROJAN SparklingGoblin/Winnti Group SideWalk Domain in
DNS Lookup (trojan.rules)
2033785 - ET TROJAN SparklingGoblin/Winnti Group SideWalk Domain in
DNS Lookup (trojan.rules)
2033786 - ET TROJAN FerociousKitten CnC Domain in DNS Lookup
(microsoft .microcaft .xyz) (trojan.rules)
2033787 - ET TROJAN FerociousKitten CnC Domain in DNS Lookup
(microsoft .com-view .space) (trojan.rules)
2033788 - ET WEB_SERVER SLIGHTPULSE WebShell Access Inbound M1
(web_server.rules)
2033789 - ET WEB_SERVER SLIGHTPULSE WebShell Access Inbound M2
(web_server.rules)
2033790 - ET WEB_SERVER SLIGHTPULSE WebShell Access Inbound M3
(web_server.rules)
2033791 - ET TROJAN Konni RAT Exfiltrating Data (trojan.rules)
2033792 - ET TROJAN Win32/Sinresby.B Downloader CnC Activity M1 (trojan.rules)
2033793 - ET TROJAN Win32/Sinresby.B Downloader CnC Activity M2 (trojan.rules)
2033794 - ET TROJAN Konni RAT Querying CnC for Commands (trojan.rules)

Pro:

2847695 - ETPRO INFO Generic HTTP Header Buffer Overflow Check -
http.accept_enc (info.rules)
2849751 - ETPRO CURRENT_EVENTS Successful Generic Phish 2021-08-25
(current_events.rules)
2849752 - ETPRO TROJAN Redline Stealer TCP CnC - CheckConnect (trojan.rules)
2849753 - ETPRO TROJAN Redline Stealer TCP CnC - EnvironmentSettings
(trojan.rules)
2849754 - ETPRO TROJAN Redline Stealer TCP CnC - Init (trojan.rules)
2849755 - ETPRO TROJAN Redline Stealer TCP CnC - PartBrowsers (trojan.rules)
2849756 - ETPRO TROJAN Matanbuchus Download Activity (trojan.rules)

[///] Modified active rules: [///]

2849676 - ETPRO TROJAN Win32/Ratfishes Checkin (trojan.rules)

[---] Removed rules: [---]

2849739 - ETPRO EXPLOIT Use-After-Free in QuickTimePluginReplacement
(CVE-2021-1879) (exploit.rules)

Date:
Summary title:
14 new OPEN, 21 new PRO (14 + 7). Multiple CVE, SparklingGoblin, FerociousKitten, SLIGHTPULSE, Konni RAT, Redline Stealer, Matanbuchus.