Daily Ruleset Update Summary
Daily Ruleset Update Summary 2021/08/31

[***] Summary: [***]

9 new OPEN, 23 new PRO (9 + 14). AsyncRAT, Remcos, Various CVEs, others.

Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++] Added rules: [+++]

Open:

2033849 - ET EXPLOIT WebSVN 2.6.0 OS Command Injection Inbound
(CVE-2021-32305) (exploit.rules)
2033850 - ET EXPLOIT Possible JNBridge Java Deserialization Attempt
(Wide) M1 (exploit.rules)
2033851 - ET EXPLOIT Possible JNBridge Java Deserialization Attempt M1
(exploit.rules)
2033852 - ET EXPLOIT Possible JNBridge Java Deserialization Attempt
(Wide) M2 (exploit.rules)
2033853 - ET EXPLOIT Possible JNBridge Java Deserialization Attempt M2
(exploit.rules)
2033854 - ET EXPLOIT Possible JNBridge Java Deserialization Attempt
(Wide) M3 (exploit.rules)
2033855 - ET EXPLOIT Possible JNBridge Java Deserialization Attempt M3
(exploit.rules)
2033856 - ET TROJAN Possible Mirai Infection Attempt via OS Command
Injection Outbound (CVE-2021-32305) (trojan.rules)
2033857 - ET TROJAN Possible Mirai Infection Attempt via OS Command
Injection Inbound (CVE-2021-32305) (trojan.rules)

Pro:

2849798 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-08-30 1) (trojan.rules)
2849799 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-08-30 2) (trojan.rules)
2849800 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-08-30 3) (trojan.rules)
2849801 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-08-30 4) (trojan.rules)
2849802 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-08-30 5) (trojan.rules)
2849803 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-08-30 6) (trojan.rules)
2849804 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-08-30 7) (trojan.rules)
2849805 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-08-30 8) (trojan.rules)
2849806 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-08-30 9) (trojan.rules)
2849807 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-08-30 10) (trojan.rules)
2849808 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT)
(trojan.rules)
2849810 - ETPRO TROJAN Win32/Remcos RAT Checkin 746 (trojan.rules)
2849811 - ETPRO EXPLOIT Possible Confluence OGNL Injection Inbound
(CVE-2021-26084) (exploit.rules)

[+++] Enabled and modified rules: [+++]

2018617 - ET MALWARE Downloader.NSIS.OutBrowse.b Checkin (malware.rules)

[///] Modified active rules: [///]

2017916 - ET TROJAN Backdoor family PCRat/Gh0st CnC traffic (OUTBOUND) 10
(trojan.rules)
2018166 - ET TROJAN Backdoor family PCRat/Gh0st CnC traffic (OUTBOUND) 28
(trojan.rules)
2018880 - ET TROJAN Backdoor family PCRat/Gh0st CnC traffic (OUTBOUND) 40
(trojan.rules)
2019083 - ET TROJAN Backdoor family PCRat/Gh0st CnC traffic (OUTBOUND) 41
(trojan.rules)
2020770 - ET TROJAN Backdoor family PCRat/Gh0st CnC traffic (OUTBOUND) 69
(trojan.rules)
2020773 - ET TROJAN Backdoor family PCRat/Gh0st CnC traffic (OUTBOUND) 72
(trojan.rules)
2020780 - ET TROJAN Backdoor family PCRat/Gh0st CnC traffic (OUTBOUND) 79
(trojan.rules)
2020786 - ET TROJAN Backdoor family PCRat/Gh0st CnC traffic (OUTBOUND) 85
(trojan.rules)
2020789 - ET TROJAN Backdoor family PCRat/Gh0st CnC traffic (OUTBOUND) 88
(trojan.rules)
2020791 - ET TROJAN Backdoor family PCRat/Gh0st CnC traffic (OUTBOUND) 90
(trojan.rules)
2025338 - ET CURRENT_EVENTS LinkedIn Phishing Landing 2018-02-09 M2
(current_events.rules)
2032351 - ET TROJAN GCleaner Downloader Activity M3 (trojan.rules)
2839361 - ETPRO TROJAN Buran/Zeppelin Ransomware Activity M3
(trojan.rules)
2849610 - ETPRO TROJAN Win32/Vodkagats Loader Requesting Payload
(trojan.rules)
2849774 - ETPRO TROJAN MSIL/SysNt Corp DotNetRAT CnC Activity
(trojan.rules)

---------------------------------------

James Emery-Callcott
Security Researcher | ProofPoint Inc | Emerging Threats Team

Date:
Summary title:
9 new OPEN, 23 new PRO (9 + 14). AsyncRAT, Remcos, Various CVEs, others.