Daily Ruleset Update Summary 2022/01/12

[***] Summary: [***]

11 new OPEN, 22 new PRO (11 + 11). Multiple Exploit, TellYouThePass
Randomware, Multiple Trojan-Spy.AndroidOS.Realtor, njRAT and Various
Phishing.

Thanks @CrowdStrike and @s1ckb017

There are a lot of modified signatures today as metadata updates
were made to a number of mobile rules.

Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++] Added rules: [+++]

Open:

2034896 - ET EXPLOIT SonicWall SMA 100 Series - Unauthenticated File
Upload Path Traversal (CVE-2021-20040) (exploit.rules)
2034897 - ET EXPLOIT SonicWall SMA 100 Series - Possible Heap-Based
Overflow Activity (CVE-2021-20043) (exploit.rules)
2034898 - ET INFO External IP Lookup Domain DNS Lookup (ip .dnsexit
.com) (info.rules)
2034899 - ET INFO External IP Lookup HTTP Request (ip .dnsexit .com)
(info.rules)
2034900 - ET TROJAN Win32/Delf.TJJ Variant CnC Activity (trojan.rules)
2034901 - ET GAMES UnknownApps Game Cheat Service Checkin (auth
.hwidspoof .me) (games.rules)
2034902 - ET GAMES UnknownApps Game Cheat Service Checkin (auth
.unknownp .one) (games.rules)
2034903 - ET MALWARE Win32/DownWare.V Checkin (malware.rules)
2034904 - ET TROJAN TellYouThePass Ransomware Checkin Activity (GET)
(trojan.rules)
2034905 - ET CURRENT_EVENTS Successful Adobe Phish 2022-01-12
(current_events.rules)
2034906 - ET CURRENT_EVENTS Adobe Phish Landing Page 2022-01-12
(current_events.rules)

Pro:

2850840 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Realrat.b (DNS
Lookup) (mobile_malware.rules)
2850841 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Realrat.b (TLS
SNI) (mobile_malware.rules)
2850842 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Realrat.b (DNS
Lookup) 2 (mobile_malware.rules)
2850843 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Realrat.b (TLS
SNI) 2 (mobile_malware.rules)
2850844 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Realrat.b (DNS
Lookup) 3 (mobile_malware.rules)
2850845 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Realrat.b (TLS
SNI) 3 (mobile_malware.rules)
2850846 - ETPRO TROJAN Valyria Maldoc Activity (GET) (trojan.rules)
2850847 - ETPRO TROJAN Valyria Maldoc Activity (GET) (trojan.rules)
2850848 - ETPRO TROJAN Valyria Maldoc Activity (GET) (trojan.rules)
2850849 - ETPRO TROJAN Win32/Trojan.MSILZilla CnC Exfil (POST) (trojan.rules)
2850850 - ETPRO TROJAN Win32/njRAT Variant CnC Activity (trojan.rules)

[///] Modified active rules: [///]

2012452 - ET MOBILE_MALWARE Android Trojan MSO.PJApps checkin 2
(mobile_malware.rules)
2012455 - ET MOBILE_MALWARE Android Trojan Fake10086 checkin 2
(mobile_malware.rules)
2013072 - ET MOBILE_MALWARE Android.HongTouTou Checkin (mobile_malware.rules)
2013966 - ET MOBILE_MALWARE Android/Ozotshielder.A Checkin
(mobile_malware.rules)

Date:

Wednesday, January 12, 2022

Summary title:

11 new OPEN, 22 new PRO (11 + 11). Multiple Exploit, TellYouThePass Randomware, Multiple Trojan-Spy.AndroidOS.Realtor, njRAT and Various Phishing.