Daily Ruleset Update Summary
Daily Ruleset Update Summary 2022/01/11

[***] Summary: [***]

14 new OPEN, 18 new PRO (14 + 4). Multiple TA453/APT35, Emotet,
Cobalt Strike, Zloader, DCRAT and Various PHISH.

Thanks @_CPResearch_ and @sysopfb

Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++] Added rules: [+++]

Open:

2034882 - ET TROJAN Win32/Emotet HTML Template Response (trojan.rules)
2034883 - ET TROJAN TA453 ClumsyCover Maldoc Activity (GET) (trojan.rules)
2034884 - ET TROJAN TA453 ClumsyCover Maldoc Activity (GET) (trojan.rules)
2034885 - ET EXPLOIT Qianxin Netcom NGFW Command Injection (exploit.rules)
2034886 - ET TROJAN TA453 Related CnC Domain in DNS Lookup
(0standavalue0 .xyz) (trojan.rules)
2034887 - ET TROJAN TA453 Related CnC Domain in DNS Lookup
(0storageatools0 .xyz) (trojan.rules)
2034888 - ET TROJAN TA453 Related CnC Domain in DNS Lookup
(0brandaeyes0 .xyz) (trojan.rules)
2034889 - ET TROJAN TA453 Related Activity (POST) (trojan.rules)
2034890 - ET TROJAN TA453 Related Activity (FTP) (trojan.rules)
2034891 - ET TROJAN Cobalt Strike Related Domain in DNS Lookup
(jersydok .com) (trojan.rules)
2034892 - ET TROJAN Zloader Related Download Activity (GET) (trojan.rules)
2034893 - ET CURRENT_EVENTS Generic Banking Phish Landing Page
2022-01-11 (current_events.rules)
2034894 - ET CURRENT_EVENTS Successful Generic Banking Phish
2022-01-11 (current_events.rules)
2034895 - ET CURRENT_EVENTS Successful Generic Banking Phish
2022-01-11 (current_events.rules)

Pro:

2850836 - ETPRO CURRENT_EVENTS Successful Mountain America Credit
Union Phish 2022-01-11 (current_events.rules)
2850837 - ETPRO CURRENT_EVENTS Successful Navy Federal Credit Union
Phish 2022-01-11 (current_events.rules)
2850838 - ETPRO TROJAN DCRAT CnC Activity (GET) (trojan.rules)
2850839 - ETPRO TROJAN DCRAT CnC Response (trojan.rules)

[///] Modified active rules: [///]

2034673 - ET EXPLOIT Possible Apache log4j RCE Attempt - 2021/12/12
Obfuscation Observed M2 (tcp) (CVE-2021-44228) (exploit.rules)
2034674 - ET EXPLOIT Possible Apache log4j RCE Attempt - 2021/12/12
Obfuscation Observed M2 (udp) (CVE-2021-44228) (exploit.rules)
2034786 - ET EXPLOIT Possible Apache log4j RCE Attempt - 2021/12/12
Obfuscation Observed M2 (tcp) (Outbound) (CVE-2021-44228)
(exploit.rules)
2034805 - ET EXPLOIT Possible Apache log4j RCE Attempt - 2021/12/12
Obfuscation Observed M2 (udp) (Outbound) (CVE-2021-44228)
(exploit.rules)

[---] Disabled and modified rules: [---]

2034857 - ET INFO RDP Authentication Bypass Attempt (info.rules)

[---] Removed rules: [---]

2850079 - ETPRO TROJAN TA453 ClumsyCover Maldoc Activity (GET) (trojan.rules)
2850290 - ETPRO TROJAN TA453 ClumsyCover Maldoc Activity (GET) (trojan.rules)

Date:
Summary title:
14 new OPEN, 18 new PRO (14 + 4). Multiple TA453/APT35, Emotet, Cobalt Strike, Zloader, DCRAT and Various PHISH.