Daily Ruleset Update Summary 2021/12/13

[***] Summary: [***]

24 new OPEN, 31 new PRO (24 + 7). More log4j, SideCopy, Kimsuky and Miners.

Thanks @h2jazi

Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

Please welcome to our ET Open community Cobalt Strike c2 block rules
generated from the wonderful research by the http://Threatview.io Team
(@Malwar3Ninja)! https://rules.emergingthreatspro.com/blockrules/
threatview_CS_c2

[+++] Added rules: [+++]

Open:

2034675 - ET TROJAN Ransomware.Hidden-Tear Variant CnC Checkin (trojan.rules)
2034676 - ET EXPLOIT Possible Apache log4j RCE Attempt - 2021/12/13
Obfuscation Observed (CVE-2021-44228) (exploit.rules)
2034677 - ET EXPLOIT TP-Link TL-WR840N EU v5 RCE Attempt
(CVE-2021-41653) (exploit.rules)
2034678 - ET TROJAN Win32/Gasti.tm Checkin Activity (trojan.rules)
2034679 - ET TROJAN Maldoc Retrieving Remote Template (GET) (trojan.rules)
2034680 - ET TROJAN SideCopy APT Related Activity (GET) (trojan.rules)
2034681 - ET POLICY File Sharing Site in DNS Lookup (satoshidisk
.com) (policy.rules)
2034682 - ET TROJAN Kimsuky Related Domain in DNS Lookup (trojan.rules)
2034683 - ET TROJAN Linux/Tsunami Downloader (trojan.rules)
2034684 - ET TROJAN Linux/Tsunami Remote Shell M1 (trojan.rules)
2034685 - ET TROJAN Linux/Tsunami Downloader (trojan.rules)
2034686 - ET TROJAN Linux/Tsunami Remote Shell M2 (trojan.rules)
2034687 - ET TROJAN Kimsuky Related Domain in DNS Lookup (trojan.rules)
2034688 - ET TROJAN Kimsuky Related Domain in DNS Lookup (trojan.rules)
2034689 - ET TROJAN Kimsuky Related Domain in DNS Lookup (trojan.rules)
2034690 - ET TROJAN Kimsuky Related FTP File Download (trojan.rules)
2034691 - ET TROJAN Kimsuky Related CnC Activity (trojan.rules)
2034692 - ET TROJAN Kimsuky Related CnC Activity (trojan.rules)
2034693 - ET TROJAN Kimsuky Related Malicious VBScript Inbound M3
(trojan.rules)
2034694 - ET TROJAN Kimsuky Related Malicious VBScript Inbound M4
(trojan.rules)
2034695 - ET INFO Possible Kimsuky Related Malicious VBScript
Inbound (info.rules)
2034696 - ET TROJAN Kimsuky Related CnC Activity (trojan.rules)
2034697 - ET TROJAN Possible Kimsuky Related Malicious VBScript (trojan.rules)
2034698 - ET TROJAN Kimsuky Related CnC Activity (trojan.rules)

Pro:

2850673 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-12-10 2) (trojan.rules)2850674 - ETPRO TROJAN CoinMiner Known
Malicious Stratum Authline (2021-12-10 3) (trojan.rules)
2850675 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-12-10 4) (trojan.rules)
2850676 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-12-10 5) (trojan.rules)
2850677 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-12-10 6) (trojan.rules)
2850678 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-12-10 7) (trojan.rules)
2850679 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-12-10 8) (trojan.rules)

[///] Modified active rules: [///]

2023611 - ET TROJAN Backdoor family PCRat/Gh0st CnC traffic
(OUTBOUND) 107 (trojan.rules)
2023672 - ET TROJAN JS/WSF Downloader Dec 08 2016 M4 (trojan.rules)

[---] Disabled rules: [---]

2034671 - ET EXPLOIT Apache log4j RCE Attempt - 2021/12/12
Obfuscation Observed M1 (CVE-2021-44228) (exploit.rules)
2034672 - ET EXPLOIT Apache log4j RCE Attempt - 2021/12/12
Obfuscation Observed M1 (CVE-2021-44228) (exploit.rules)

[---] Removed rules: [---]

2816788 - ETPRO TROJAN Ransomware.Hidden-Tear Variant CnC Checkin
(trojan.rules)

Date:

Monday, December 13, 2021

Summary title:

24 new OPEN, 31 new PRO (24 + 7). More log4j, SideCopy, Kimsuky and Miners.