Daily Ruleset Update Summary 2021/09/17

[***] Summary: [***]

8 new OPEN, 25 new PRO (8 + 17). APT-C-23, Gamaredon, SQUIRRELWAFFLE,
CVE-2017-7504, Win32/Voltron Stealer, MSIL/ClipBanker.QS, Win32/Snowdrop,
Various Phish, CoinMiners.

Thanks: @AuCyble, @malwrhunterteam, @s1ckb017, and @ESETresearch

Today it is Friday.

Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++] Added rules: [+++]

Open:

2033978 - ET MOBILE_MALWARE Observed APT-C-23 Related Domain
(linda-gaytan .website in TLS SNI) (mobile_malware.rules)
2033979 - ET MOBILE_MALWARE APT-C-23 Related CnC Domain in DNS Lookup
(linda-gaytan .website) (mobile_malware.rules)
2033980 - ET MOBILE_MALWARE APT-C-23 Related CnC Domain in DNS Lookup
(javan-demsky .website) (mobile_malware.rules)
2033981 - ET TROJAN Gamaredon Maldoc Activity (GET) (trojan.rules)
2033982 - ET TROJAN SQUIRRELWAFFLE Server Response (trojan.rules)
2033983 - ET TROJAN Win32/Numando Banker CnC Activity (trojan.rules)
2033984 - ET TROJAN Possible SQUIRRELWAFFLE Server Response (trojan.rules)
2033985 - ET EXPLOIT JBOSS Deserialization Attempt Inbound
(CVE-2017-7504) (exploit.rules)

Pro:

2849990 - ETPRO CURRENT_EVENTS Successful Generic Phish (DE) 2021-09-17
(current_events.rules)
2849991 - ETPRO TROJAN Win32/Voltron Stealer Checkin Activity (GET)
(trojan.rules)
2849992 - ETPRO TROJAN Win32/Voltron Stealer Download Activity (GET)
(trojan.rules)
2849993 - ETPRO TROJAN Win32/Voltron Stealer Sending OS Information
(POST) (trojan.rules)
2849994 - ETPRO TROJAN Win32/Voltron Stealer CnC Activity (POST)
(trojan.rules)
2849995 - ETPRO TROJAN Win32/Stelega.cgm SysInfo Exfil via Telegram
(trojan.rules)
2849996 - ETPRO TROJAN Win32/Stelega.cgm Files Exfil via Telegram
(trojan.rules)
2849997 - ETPRO TROJAN MSIL/ClipBanker.QS CnC Server Response
(trojan.rules)
2849998 - ETPRO CURRENT_EVENTS Successful SMBC Phish 2021-09-17
(current_events.rules)
2849999 - ETPRO TROJAN MSIL/Agent.CFW CnC Exfil via Telegram M1
(trojan.rules)
2850000 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-09-17 1) (trojan.rules)
2850001 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-09-17 2) (trojan.rules)
2850002 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-09-17 3) (trojan.rules)
2850003 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-09-17 4) (trojan.rules)
2850004 - ETPRO TROJAN Win32/Snowdrop CnC Activity via UDP (trojan.rules)
2850005 - ETPRO TROJAN Win32/Remcos RAT Checkin 750 (trojan.rules)
2850006 - ETPRO TROJAN MSIL/ClipBanker.QS CnC Checkin (trojan.rules)

[///] Modified active rules: [///]

2033939 - ET TROJAN SQUIRRELWAFFLE Loader Activity (POST) (trojan.rules)
2033969 - ET EXPLOIT Netgear Seventh Inferno CVE-2021-41314 (new line
injection) (exploit.rules)

Date:

Friday, September 17, 2021

Summary title:

8 new OPEN, 25 new PRO (8 + 17). APT-C-23, Gamaredon, SQUIRRELWAFFLE, CVE-2017-7504, Win32/Voltron Stealer, MSIL/ClipBanker.QS, Win32/Snowdrop, Various Phish, CoinMiners.