Daily Ruleset Update Summary 2021/09/06

[***] Summary: [***]

0 new OPEN, 6 new PRO (0 + 6). Coinminers, Various PowerShell.

Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++] Added rules: [+++]

Pro:

2849848 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-09-04 1) (trojan.rules)
2849849 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-09-04 2) (trojan.rules)
2849850 - ETPRO ATTACK_RESPONSE Obfuscated Char/Byte Concatenation
PowerShell Inbound M1 (attack_response.rules)
2849851 - ETPRO ATTACK_RESPONSE Obfuscated Char/Byte Concatenation
PowerShell Inbound M2 (attack_response.rules)
2849852 - ETPRO ATTACK_RESPONSE Obfuscated PowerShell AMSI Bypass Inbound
(AMSI-Scan-Buffer Patch) (attack_response.rules)
2849853 - ETPRO ATTACK_RESPONSE AMSI Fail Encoded PowerShell Payload
Inbound (attack_response.rules)

---------------------------------------

James Emery-Callcott
Security Researcher | ProofPoint Inc | Emerging Threats Team

Date:

Monday, September 6, 2021

Summary title:

0 new OPEN, 6 new PRO (0 + 6). Coinminers, Various PowerShell.