Daily Ruleset Update Summary
Daily Ruleset Update Summary 2021/09/07

[***] Summary: [***]

7 new OPEN, 24 new PRO (7 + 17). AsyncRAT, BleachGap Ransomware,
Win32/Syndicasec, Others.

Thanks @ShadowChasing1

Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++] Added rules: [+++]

Open:

2032327 - ET MALWARE Win32/Adware.Agent.NSU CnC Activity M2
(malware.rules)
2033902 - ET TROJAN BleachGap Ransomware Checkin (POST) (trojan.rules)
2033903 - ET TROJAN Observed Lazarus Related Domain (share .bloomcloud
.org in TLS SNI) (trojan.rules)
2033904 - ET TROJAN Win32/Syndicasec Encoded Response Embedded in XML
HTML Title Tags Inbound (trojan.rules)
2033905 - ET TROJAN Win32/Syndicasec Encoded Response Embedded in HTML
Title Tags Inbound (trojan.rules)
2033906 - ET TROJAN Win32/Unk.Coinminer Checkin (trojan.rules)
2033907 - ET EXPLOIT Cisco HyperFlex HX Data Platform Pre-Auth RCE
Inbound (CVE-2021-1499) (exploit.rules)

Pro:

2849856 - ETPRO TROJAN Win32/Injector.EPKJ Variant Checkin (trojan.rules)
2849857 - ETPRO TROJAN Win32/Injector.EPKJ Variant CnC Activity
(trojan.rules)
2849858 - ETPRO TROJAN Win32/Syndicasec CnC Activity - JavaScript Command
Decoder Observed (trojan.rules)
2849859 - ETPRO MALWARE Win32/SystemCleaner CnC Checkin (malware.rules)
2849860 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-09-06 1) (trojan.rules)
2849861 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-09-06 2) (trojan.rules)
2849862 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-09-06 3) (trojan.rules)
2849863 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-09-06 4) (trojan.rules)
2849864 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-09-06 5) (trojan.rules)
2849865 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-09-06 6) (trojan.rules)
2849866 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-09-06 7) (trojan.rules)
2849867 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT)
(trojan.rules)
2849868 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT)
(trojan.rules)
2849869 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT)
(trojan.rules)
2849870 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT)
(trojan.rules)
2849871 - ETPRO TROJAN Likely Mirai Related Shell Script Inbound
(trojan.rules)

[---] Removed rules: [---]

2032327 - ET TROJAN Win32/Adware.Agent.NSU CnC Activity M2 (trojan.rules)
2833190 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2018-10-18
2) (trojan.rules)

---------------------------------------

James Emery-Callcott
Security Researcher | ProofPoint Inc | Emerging Threats Team

Date:
Summary title:
7 new OPEN, 24 new PRO (7 + 17). AsyncRAT, BleachGap Ransomware, Win32/Syndicasec, Others.