Daily Ruleset Update Summary 2021/09/13

[***] Summary: [***]

12 new OPEN, 69 new PRO (12 + 57). Cobalt Strike, Win32/Vermilion,
MSIL/Black Hat Worm, CVE-2021-32706, Sidewalk CnC,
CVE-2021-40444, SQUIRRELWAFFLE Loader, TeamTNT, a lot of CoinMiners.

Multiple rules were given updates to better the references within the
rule.

Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++] Added rules: [+++]

Open:

2033927 - ET TROJAN Cobalt Strike Beacon Activity (GET) (trojan.rules)
2033928 - ET TROJAN Cobalt Strike Beacon Activity (GET) (trojan.rules)
2033929 - ET TROJAN Cobalt Strike Beacon Activity (GET) (trojan.rules)
2033930 - ET TROJAN Win32/Vermilion Stager Activity (GET) (trojan.rules)
2033931 - ET TROJAN Win32/Vermilion Stager Activity (GET) (trojan.rules)
2033932 - ET TROJAN MSIL/Black Hat Worm Server Response (trojan.rules)
2033933 - ET EXPLOIT Possible ImageMagick Malformed SVG Upload Leading to
RCE (exploit.rules)
2033934 - ET EXPLOIT PiHole Web Interface Regex Escape Leading to RCE
Inbound M1 (CVE-2021-32706) (exploit.rules)
2033935 - ET EXPLOIT PiHole Web Interface Regex Escape Leading to RCE
Inbound M2 (CVE-2021-32706) (exploit.rules)
2033936 - ET TROJAN Win32/GenKryptik.FKJZ CnC Exfil (trojan.rules)
2033937 - ET TROJAN Sidewalk CnC Checkin (trojan.rules)
2033938 - ET TROJAN Bladabindi/njrat CnC Checkin (trojan.rules)

Pro:

2849574 - ETPRO TROJAN ELF/Mirai User-Agent Observed (Inbound)
(trojan.rules)
2849901 - ETPRO EXPLOIT Possible Microsoft MSHTML Remote Code Execution
Inbound M4 (CVE-2021-40444 Related) (exploit.rules)
2849902 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-09-11 1) (trojan.rules)
2849903 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-09-11 2) (trojan.rules)
2849904 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-09-11 3) (trojan.rules)
2849905 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-09-11 4) (trojan.rules)
2849906 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-09-11 5) (trojan.rules)
2849907 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-09-11 6) (trojan.rules)
2849908 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-09-11 7) (trojan.rules)
2849909 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-09-11 8) (trojan.rules)
2849910 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-09-11 9) (trojan.rules)
2849911 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-09-11 10) (trojan.rules)
2849912 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-09-11 11) (trojan.rules)
2849913 - ETPRO TROJAN Generic AsyncRAT Style SSL Cert (trojan.rules)
2849914 - ETPRO TROJAN Observed Malicious SSL Cert (CobaltStrike CnC)
(trojan.rules)
2849915 - ETPRO TROJAN Observed Malicious SSL Cert (CobaltStrike CnC)
(trojan.rules)
2849916 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-09-11 13) (trojan.rules)
2849917 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-09-11 14) (trojan.rules)
2849918 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-09-11 16) (trojan.rules)
2849919 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-09-11 18) (trojan.rules)
2849920 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-09-11 19) (trojan.rules)
2849921 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-09-11 20) (trojan.rules)
2849922 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-09-11 21) (trojan.rules)
2849923 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-09-11 23) (trojan.rules)
2849924 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-09-11 24) (trojan.rules)
2849925 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-09-11 25) (trojan.rules)
2849926 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-09-11 26) (trojan.rules)
2849927 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-09-11 27) (trojan.rules)
2849928 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-09-11 28) (trojan.rules)
2849929 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-09-11 29) (trojan.rules)
2849930 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-09-11 30) (trojan.rules)
2849931 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-09-11 31) (trojan.rules)
2849932 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-09-11 32) (trojan.rules)
2849933 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-09-11 33) (trojan.rules)
2849934 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-09-11 34) (trojan.rules)
2849935 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-09-11 35) (trojan.rules)
2849936 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-09-11 36) (trojan.rules)
2849937 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-09-11 37) (trojan.rules)
2849938 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-09-11 38) (trojan.rules)
2849939 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-09-11 39) (trojan.rules)
2849940 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-09-11 40) (trojan.rules)
2849941 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-09-11 41) (trojan.rules)
2849942 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-09-11 42) (trojan.rules)
2849943 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-09-11 43) (trojan.rules)
2849944 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-09-11 44) (trojan.rules)
2849945 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-09-11 45) (trojan.rules)
2849946 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-09-11 46) (trojan.rules)
2849947 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-09-11 48) (trojan.rules)
2849948 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-09-11 49) (trojan.rules)
2849949 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-09-11 50) (trojan.rules)
2849950 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-09-11 51) (trojan.rules)
2849951 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-09-11 52) (trojan.rules)
2849952 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-09-11 53) (trojan.rules)
2849953 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-09-11 54) (trojan.rules)
2849954 - ETPRO TROJAN Suspicious Terse Request to sharetext .me -
Possible Download (trojan.rules)
2849955 - ETPRO TROJAN SQUIRRELWAFFLE Loader Activity (POST)
(trojan.rules)
2849956 - ETPRO TROJAN TeamTNT Chimaera Checkin (trojan.rules)

Date:

Monday, September 13, 2021

Summary title:

12 new OPEN, 69 new PRO (12 + 57). Cobalt Strike, Win32/Vermilion, MSIL/Black Hat Worm, CVE-2021-32706, Sidewalk CnC, CVE-2021-40444, SQUIRRELWAFFLE Loader, TeamTNT, a lot of CoinMiners.