Daily Ruleset Update Summary
Daily Ruleset Update Summary 2021/12/03

[***] Summary: [***]

5 new OPEN, 12 new PRO (5 + 7) CVE-2021-44077, AgentTesla,
Win64/Agent.NL, Lowzones and VARIOUS Phishing and CoinMiners.

Want to come with Emerging Threats? Consider applying https://t.co/rqnzCGdo7B

Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++] Added rules: [+++]

Open:

2034577 - ET EXPLOIT [CISA AA21-336A] Suspicious POST Request -
Possible Exploitation Activity (CVE-2021-44077) (exploit.rules)
2034578 - ET EXPLOIT IE Scripting Engine Memory Corruption
Vulnerability M2 (CVE-2019-0752) (exploit.rules)
2034579 - ET TROJAN AgentTesla Communicating with CnC Server (trojan.rules)
2034580 - ET TROJAN Win64/Agent.NL Variant CnC Activity (trojan.rules)
2034581 - ET INFO Terse Request for .txt - Likely Hostile (info.rules)

Pro:

2850625 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-12-03 1) (trojan.rules)
2850626 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-12-03 2) (trojan.rules)
2850627 - ETPRO CURRENT_EVENTS Successful Generic Phish 2021-12-03
(current_events.rules)
2850628 - ETPRO CURRENT_EVENTS Successful Generic Phish 2021-12-03
(current_events.rules)
2850629 - ETPRO TROJAN Possible Lowzones Trojan Activity (trojan.rules)
2850630 - ETPRO CURRENT_EVENTS Successful Generic Phish 2021-12-03
(current_events.rules)
2850631 - ETPRO CURRENT_EVENTS Generic Phish Landing Page 2021-12-03
(current_events.rules)

[///] Modified active rules: [///]

2027721 - ET EXPLOIT IE Scripting Engine Memory Corruption
Vulnerability M1 (CVE-2019-0752) (exploit.rules)
2034576 - ET EXPLOIT Netgear DGN Remote Code Execution (exploit.rules)
2850555 - ETPRO TROJAN TeamBot CnC Activity (trojan.rules)

[---] Removed rules: [---]

2034007 - ET WEB_SERVER Possible WebShell Access Inbound [exec] M2
(CISA AA21-259A) (web_server.rules)
2034008 - ET WEB_SERVER Possible WebShell Access Inbound [exec] M3
(CISA AA21-259A) (web_server.rules)
2034010 - ET WEB_SERVER Possible WebShell Access Inbound [upload] M2
(CISA AA21-259A) (web_server.rules)
2034011 - ET WEB_SERVER Possible WebShell Access Inbound [upload] M3
(CISA AA21-259A) (web_server.rules)
2828212 - ETPRO TROJAN AgentTesla Communicating with CnC Server (trojan.rules)

Date:
Summary title:
5 new OPEN, 12 new PRO (5 + 7) CVE-2021-44077, AgentTesla, Win64/Agent.NL, Lowzones and VARIOUS Phishing and CoinMiners.