Daily Ruleset Update Summary 2021/09/20

Daily Ruleset Update Summary

[***] Summary: [***]

4 new OPEN, 15 new PRO (4 + 11). APT/Bitter, W32/Bingoml.CFSE!tr,
Cobalt Strike, Powershell.WC Octopus.

Thanks @ShadowChasing1

Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++] Added rules: [+++]

Open:

2033986 - ET TROJAN APT/Bitter Related CnC Domain in DNS Lookup (trojan.rules)
2033987 - ET TROJAN APT/Bitter Maldoc Activity (trojan.rules)
2033988 - ET TROJAN Observed Malicious SSL Cert (CobaltStrike CnC)
(trojan.rules)
2033989 - ET EXPLOIT WP Download From Files Plugin <= 1.48 Arbitrary
File Upload Attempt (exploit.rules)

Pro:

2850008 - ETPRO TROJAN W32/Bingoml.CFSE!tr CnC Activity M1 (trojan.rules)
2850009 - ETPRO TROJAN W32/Bingoml.CFSE!tr CnC Activity M2 (trojan.rules)
2850010 - ETPRO TROJAN W32/Bingoml.CFSE!tr PAC File Download (trojan.rules)
2850011 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-09-18 1) (trojan.rules)
2850012 - ETPRO TROJAN Powershell.WC Octopus Backdoor Activity
(Update) (trojan.rules)
2850013 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-09-18 2) (trojan.rules)
2850014 - ETPRO TROJAN Win32/Unk.HRESQ! MultiDownloader Checkin (trojan.rules)
2850015 - ETPRO TROJAN Powershell.WC Octopus Backdoor Sending
Windows Information (POST) (trojan.rules)
2850016 - ETPRO TROJAN Powershell.WC Octopus Backdoor Activity
(ExportImages) (trojan.rules)
2850017 - ETPRO TROJAN Powershell.WC Octopus Backdoor Activity
(View) (trojan.rules)

[///] Modified active rules: [///]

2032095 - ET EXPLOIT Yealink RCE Attempt (CVE-2021-27561) (exploit.rules)
2033782 - ET EXPLOIT Microsoft Edge Chakra - InlineArrayPush Type
Confusion Inbound M1 (CVE-2018-8617) (exploit.rules)

Date:

Monday, September 20, 2021

Summary title:

4 new OPEN, 15 new PRO (4 + 11). APT/Bitter, W32/Bingoml.CFSE!tr, Cobalt Strike, Powershell.WC Octopus.