Daily Ruleset Update Summary 2021/12/01

[***] Summary: [***]

9 new OPEN, 32 new PRO (9 + 23) SpyAgent, Lazarus, Magecart,
Gamaredon, TrojanDownloader.Agent.FTV, Win32/Lmbmiad Downloader, and
Various CoinMiners.

Thanks @rootprivilege and @ShadowChasing1

Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++] Added rules: [+++]

Open:

2034567 - ET INFO curl User-Agent to Dotted Quad (info.rules)
2034568 - ET TROJAN Magecart Exfil Domain in DNS Lookup
(convert-server .com) (trojan.rules)
2034569 - ET TROJAN Suspected Sidewinder APT Maldoc Activity (trojan.rules)
2034570 - ET TROJAN Lazarus APT Related Domain in DNS Lookup (ny
.silvergatehr .com) (trojan.rules)
2034571 - ET TROJAN Gamaredon Related Maldoc Activity (GET) (trojan.rules)
2034572 - ET TROJAN Gamaredon Related Maldoc Activity (GET) (trojan.rules)
2034573 - ET TROJAN SpyAgent C&C Activity (Request) (trojan.rules)
2034574 - ET TROJAN SpyAgent C&C Activity (Response) (trojan.rules)
2034575 - ET EXPLOIT Possible Edgewater Networks Edgemarc Blind
Command Injection Attempt (CVE-2017-6079) (exploit.rules)

Pro:

2850595 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-12-01 1) (trojan.rules)
2850596 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-12-01 2) (trojan.rules)
2850597 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-12-01 3) (trojan.rules)
2850598 - ETPRO TROJAN Ettersilent MalDoc C2 Beacon (trojan.rules)
2850599 - ETPRO TROJAN Win32/TrojanDownloader.Agent.FTV Variant
Checkin (trojan.rules)
2850600 - ETPRO TROJAN Win32/TrojanDownloader.Agent.FTV Variant
Server Respone (trojan.rules)
2850601 - ETPRO TROJAN Win32/TrojanDownloader.Agent.FTV Variant
Download Request (trojan.rules)
2850602 - ETPRO TROJAN Win32/TrojanDownloader.Agent.FTV Variant CnC
Traffic (trojan.rules)
2850603 - ETPRO TROJAN Win32/Remcos RAT Checkin 763 (trojan.rules)
2850604 - ETPRO TROJAN Win32/Remcos RAT Checkin 764 (trojan.rules)
2850605 - ETPRO TROJAN Gamaredon Related Maldoc Activity (GET) (trojan.rules)
2850606 - ETPRO TROJAN Gamaredon Related Maldoc Activity (GET) (trojan.rules)
2850607 - ETPRO TROJAN Gamaredon Related Maldoc Activity (GET) (trojan.rules)
2850608 - ETPRO TROJAN Gamaredon Related Maldoc Activity (GET) (trojan.rules)
2850609 - ETPRO TROJAN Gamaredon Related Maldoc Activity (GET) (trojan.rules)
2850610 - ETPRO TROJAN Gamaredon Related Maldoc Activity (GET) (trojan.rules)
2850611 - ETPRO TROJAN Gamaredon Related Maldoc Activity (GET) (trojan.rules)
2850612 - ETPRO TROJAN Gamaredon Related Maldoc Activity (GET) (trojan.rules)
2850613 - ETPRO TROJAN Win32/Lmbmiad CnC User-Agent (ve3xtest) (trojan.rules)
2850614 - ETPRO TROJAN Win32/Lmbmiad Downloader (.cmd) (trojan.rules)
2850615 - ETPRO TROJAN Win32/Lmbmiad Downloader (.dll) (trojan.rules)
2850616 - ETPRO TROJAN Win32/Lmbmiad CnC User-Agent (noandk) (trojan.rules)
2850617 - ETPRO TROJAN Win32/Lmbmiad Downloader (.ps1) (trojan.rules)

[///] Modified active rules: [///]

2013028 - ET POLICY curl User-Agent Outbound (policy.rules)

Date:

Wednesday, December 1, 2021

Summary title:

9 new OPEN, 32 new PRO (9 + 23) SpyAgent, Lazarus, Magecart, Gamaredon, TrojanDownloader.Agent.FTV, Win32/Lmbmiad Downloader, and Various CoinMiners.