Daily Ruleset Update Summary
Daily Ruleset Update Summary 2021/11/30

[***] Summary: [***]

10 new OPEN, 25 new PRO (10 + 15) Raccoon Stealer, Kimsuky,
Chinotto, Apache HTTTPD CVE-2021-40438 and various CoinMiners.

Using the signature set? Writing your own rules too? Come write them
with us! Apply here: https://t.co/rqnzCGdo7B

Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++] Added rules: [+++]

Open:

2034557 - ET TROJAN W32.DarkVNC Variant Checkin (trojan.rules)
2034558 - ET TROJAN Observed Win32.Raccoon Stealer CnC Domain
(stanculinaryblog .top in TLS SNI) (trojan.rules)
2034559 - ET POLICY NetSupport GeoLocation Lookup Request (policy.rules)
2034560 - ET TROJAN Kimsuky Related Activity Sending Windows
Information (POST) (trojan.rules)
2034561 - ET INFO Observed DNS Query to Commonly Abused Preview
Domain (preview-domain .com) (info.rules)
2034562 - ET TROJAN Chinotto CnC Activity (hello) (trojan.rules)
2034563 - ET TROJAN Chinotto CnC Activity (command) (trojan.rules)
2034564 - ET TROJAN Chinotto CnC Activity (result) (trojan.rules)
2034565 - ET TROJAN Chinotto CnC Activity (file) (trojan.rules)
2034566 - ET EXPLOIT Apache HTTP Server SSRF (CVE-2021-40438) (exploit.rules)

Pro:

2850580 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-11-29 1) (trojan.rules)
2850581 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-11-29 2) (trojan.rules)
2850582 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-11-29 3) (trojan.rules)
2850583 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-11-29 4) (trojan.rules)
2850584 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-11-29 5) (trojan.rules)
2850585 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-11-29 6) (trojan.rules)
2850586 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-11-29 7) (trojan.rules)

[///] Modified active rules: [///]

2023349 - ET TROJAN Backdoor family PCRat/Gh0st CnC traffic
(OUTBOUND) 106 (trojan.rules)
2034552 - ET POLICY Observed DNS Query to Commonly Abused Cloudflare
Domain (trycloudflare .com) (policy.rules)
2850558 - ETPRO TROJAN PowerShell/MSF Stager Inbound (trojan.rules)

Date:
Summary title:
10 new OPEN, 25 new PRO (10 + 15) Raccoon Stealer, Kimsuky, Chinotto, Apache HTTTPD CVE-2021-40438 and various CoinMiners.