Daily Ruleset Update Summary 2021/10/12

[***] Summary: [***]

7 new OPEN, 31 new PRO (7 + 24). CVE-2021-42013, Win32.Perinet, FIN12,
CVE-2019-7111, Redline Stealer, COINMINERS.

tks: @ShadowChasing1, @Mandiant

Proofpoint is looking to hire a Product Manager to oversee the Emerging
Threats products. Interested? Check out the posting here
<https://proofpoint.wd5.myworkdayjobs.com/ProofpointCareers/job/Sunnyval…;,
and reach out with any questions:

Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++] Added rules: [+++]

Open:

2034172 - ET EXPLOIT Apache HTTP Server - Path Traversal Attempt
(CVE-2021-42013) M1 (exploit.rules)
2034173 - ET EXPLOIT Apache HTTP Server - Path Traversal Attempt
(CVE-2021-42013) M2 (exploit.rules)
2034174 - ET EXPLOIT Apache HTTP Server - Path Traversal Attempt
(Unassigned CVE) (exploit.rules)
2034175 - ET MALWARE Win32.Perinet CnC Checkin (malware.rules)
2034176 - ET TROJAN Observed Lazarus Related Domain (docs .gsheetpage
.com in TLS SNI) (trojan.rules)
2034177 - ET TROJAN Observed Malicious FIN12 Related SSL Cert
(trojan.rules)
2034178 - ET POLICY NSecSoft Remote Monitoring Update/Download Activity
M2 (policy.rules)

Pro:

2850159 - ETPRO EXPLOIT Possible Adobe Acrobat JOBOPTIONS File Parsing
Out of Bounds Write Inbound M1 (CVE-2019-7111) (exploit.rules)
2850160 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-10-08 1) (trojan.rules)
2850161 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-10-08 2) (trojan.rules)
2850162 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-10-08 3) (trojan.rules)
2850163 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-10-08 4) (trojan.rules)
2850164 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-10-08 5) (trojan.rules)
2850165 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-10-08 6) (trojan.rules)
2850166 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-10-08 7) (trojan.rules)
2850167 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-10-08 8) (trojan.rules)
2850168 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-10-08 9) (trojan.rules)
2850169 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-10-08 10) (trojan.rules)
2850170 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-10-08 11) (trojan.rules)
2850171 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-10-08 12) (trojan.rules)
2850172 - ETPRO TROJAN Redline Stealer TCP CnC - ExtensionOpenVPN
(trojan.rules)
2850173 - ETPRO TROJAN Redline Stealer TCP CnC - ExtensionNordVPN
(trojan.rules)
2850174 - ETPRO TROJAN Redline Stealer TCP CnC - ExtensionSteamFiles
(trojan.rules)
2850175 - ETPRO TROJAN Redline Stealer TCP CnC - ExtensionLanguages
(trojan.rules)
2850176 - ETPRO TROJAN Redline Stealer TCP CnC - ExtensionScannedFiles
(trojan.rules)
2850177 - ETPRO TROJAN Redline Stealer TCP CnC - ExtensionFtpConnections
(trojan.rules)
2850178 - ETPRO TROJAN Redline Stealer TCP CnC -
ExtensionInstalledBrowsers (trojan.rules)
2850179 - ETPRO TROJAN Redline Stealer TCP CnC - ExtensionDefenders
(trojan.rules)
2850180 - ETPRO TROJAN Redline Stealer TCP CnC - ExtensionHardwares
(trojan.rules)
2850181 - ETPRO TROJAN Redline Stealer TCP CnC - InitDisplay (Sending
Screenshot) (trojan.rules)
2850182 - ETPRO TROJAN Redline Stealer TCP CnC - ExtensionTelegramFiles
(trojan.rules)

[///] Modified active rules: [///]

2034092 - ET EXPLOIT File Sharing Wizard 1.5.0 - SEH Overflow Inbound
(CVE-2019-16724) (exploit.rules)
2034163 - ET TROJAN Observed Malicious FIN12 Related SSL Cert
(serviceswork .net) (trojan.rules)
2828212 - ETPRO TROJAN AgentTesla Communicating with CnC Server
(trojan.rules)
2850119 - ETPRO TROJAN YoreKey Keylogger Activity (POST) (trojan.rules)

Date:

Tuesday, October 12, 2021

Summary title:

7 new OPEN, 31 new PRO (7 + 24). CVE-2021-42013, Win32.Perinet, FIN12, CVE-2019-7111, Redline Stealer, COINMINERS.