Daily Ruleset Update Summary
Daily Ruleset Update Summary 2021/11/23

[***] Summary: [***]

10 new OPEN, 27 new PRO (10 + 17). Dridex, CobaltStrike, TeamBot,
Various Others.

Thanks @ankit_anubhav, @TheDFIRReport, @h2jazi, @Unit42_Intel and
@malware_traffic

Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++] Added rules: [+++]

Open:

2034532 - ET TROJAN Dridex CnC Request - Spam/Worm Component
(trojan.rules)
2034533 - ET TROJAN Dridex Dotted Quad CnC Request (flowbit set)
(trojan.rules)
2034534 - ET TROJAN Dridex CnC Returning Email Addresses - Possible Spam
Module (trojan.rules)
2034535 - ET EXPLOIT Nagios XI <= 5.6.5 Privesc (CVE-2019-15949)
(exploit.rules)
2034536 - ET TROJAN W32/Snojan.BNQKZQH User-Agent (trojan.rules)
2034537 - ET TROJAN W32/Snojan.BNQKZQH CnC Activity (trojan.rules)
2034538 - ET TROJAN SideCopy Related Domain in DNS Lookup (securedesk
.one) (trojan.rules)
2034539 - ET TROJAN Cobalt Strike CnC Domain in DNS Lookup (a .pwn-t .tk)
(trojan.rules)
2034540 - ET TROJAN Cobalt Strike Activity (GET) (trojan.rules)
2034541 - ET TROJAN Cobalt Strike CnC Domain in DNS Lookup (zuppohealth
.com) (trojan.rules)

Pro:

2850539 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-11-22 1) (trojan.rules)
2850540 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-11-22 2) (trojan.rules)
2850541 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-11-22 3) (trojan.rules)
2850542 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-11-22 4) (trojan.rules)
2850543 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-11-22 5) (trojan.rules)
2850544 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-11-22 6) (trojan.rules)
2850545 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-11-22 7) (trojan.rules)
2850546 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-11-22 8) (trojan.rules)
2850547 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-11-22 9) (trojan.rules)
2850548 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-11-22 10) (trojan.rules)
2850549 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-11-22 11) (trojan.rules)
2850550 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-11-22 12) (trojan.rules)
2850551 - ETPRO TROJAN TeerDl CnC Exfil (trojan.rules)
2850552 - ETPRO TROJAN Observed Malicious SSL Cert (TeerD1) (trojan.rules)
2850553 - ETPRO CURRENT_EVENTS Antibomber Phish Kit (current_events.rules)
2850554 - ETPRO CURRENT_EVENTS Antibomber Phish Kit (current_events.rules)
2850555 - ETPRO TROJAN TeamBot CnC Activity (trojan.rules)

[///] Modified active rules: [///]

2020292 - ET TROJAN Generic DNS Query for Suspicious CryptoWall (crpt)
Domains (trojan.rules)

---------------------------------------

James Emery-Callcott
Security Researcher | ProofPoint Inc | Emerging Threats Team

Date:
Summary title:
10 new OPEN, 27 new PRO (10 + 17). Dridex, CobaltStrike, TeamBot, Various Others.