Daily Ruleset Update Summary
Daily Ruleset Update Summary 2021/11/12

[***] Summary: [***]

13 new OPEN, 20 new PRO (13 + 7). Nymeria, CoinMiners, MSIL/GenKryptik

Thanks: @twinwave

Proofpoint is looking to hire a Product Manager to oversee the Emerging Threats products group. Interested? Check out the posting here<https://proofpoint.wd5.myworkdayjobs.com/ProofpointCareers/job/Sunnyval…;, and reach out with any questions.

Please share issues, feedback, and requests at https://feedback.emergingthreats.net/feedback

[+++] Added rules: [+++]

Open:

2034439 - ET WEB_CLIENT Generic Webshell Accessed on External Compromised Server (web_client.rules)

2034440 - ET WEB_SERVER Generic Webshell Accessed on Internal Compromised Server (web_server.rules)

2034441 - ET TROJAN Observed Compromised Domain (cryptoarenastore .com in TLS SNI) (2021-11-12) (trojan.rules)

2034442 - ET TROJAN Win32/Trojan.Nymeria CnC Activity (GET) M1 (trojan.rules)

2034443 - ET TROJAN Win32/Trojan.Nymeria CnC Activity (GET) M2 (trojan.rules)

2034444 - ET TROJAN Win32/Trojan.Nymeria CnC Activity (GET) M3 (trojan.rules)

2034445 - ET TROJAN Win32/Trojan.Nymeria CnC Activity (GET) M4 (trojan.rules)

2034446 - ET TROJAN Win32/Trojan.Nymeria CnC Activity (GET) M5 (trojan.rules)

2034447 - ET TROJAN Win32/Trojan.Nymeria CnC Activity (GET) M6 (trojan.rules)

2034448 - ET MALWARE Win32/Trojan.Nymeria CnC Activity (GET) M7 (malware.rules)

2034449 - ET TROJAN Win32/Trojan.Nymeria CnC Activity (GET) M8 (trojan.rules)

2034450 - ET TROJAN Win32/Trojan.Nymeria CnC Activity (GET) M9 (trojan.rules)

2034451 - ET TROJAN Win32/Trojan.Nymeria CnC Activity (GET) M10 (trojan.rules)

Pro:

2850444 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.ze Reporting Contacts (mobile_malware.rules)

2850445 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2021-11-12 1) (trojan.rules)

2850446 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2021-11-12 2) (trojan.rules)

2850447 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2021-11-12 3) (trojan.rules)

2850450 - ETPRO TROJAN MSIL/GenKryptik.FMFN CnC Exfil M2 (trojan.rules)

[///] Modified active rules: [///]

2018784 - ET TROJAN Win32/Neurevt.A/Betabot Check-in 4 (trojan.rules)

2832623 - ETPRO SCAN Internal Machine Scanning VNC - Outbound Traffic (scan.rules)

2850433 - ETPRO INFO Suspicious Domain Status Check to changeip .com (info.rules)

2850434 - ETPRO INFO Suspicious LinkedIn Login M1 (info.rules)

2850435 - ETPRO INFO Suspicious LinkedIn Login M2 (info.rules)

2850436 - ETPRO INFO Suspicious LinkedIn Login M3 (info.rules)

Date:
Summary title:
13 new OPEN, 20 new PRO (13 + 7). Nymeria, CoinMiners, MSIL/GenKryptik