Daily Ruleset Update Summary 2022/01/26

[***] Summary: [***]

10 new OPEN, 24 new PRO (10 + 14) Gh0stRAT CnC, Win32/ClipBanker,
SonicWall CVE-2021-20038 and CVE-2021-20039 sigs, Win32/GCleaner and
LinkedIn Phishing.

Thanks @3xp0rtblog

Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++] Added rules: [+++]

Open:

2034977 - ET TROJAN Backdoor family PCRat/Gh0st CnC traffic
(OUTBOUND) 109 (trojan.rules)
2034978 - ET POLICY Pastebin-style Service (paste .ee) in TLS SNI
(policy.rules)
2034979 - ET INFO Powershell Request for paste .ee Page (info.rules)
2034980 - ET TROJAN Powershell with Decimal Encoded RUNPE Downloaded
(trojan.rules)
2034981 - ET POLICY File Shared via Zoom (policy.rules)
2034982 - ET TROJAN Win32/ClipBanker.OC CnC Activity M1 (trojan.rules)
2034983 - ET TROJAN Win32/ClipBanker.OC CnC Activity M2 (trojan.rules)
2034984 - ET EXPLOIT SonicWall SMA Stack-Based Buffer Overflow
CVE-2021-20038 M1 (exploit.rules)
2034985 - ET EXPLOIT SonicWall SMA Stack-Based Buffer Overflow
CVE-2021-20038 M2 (exploit.rules)
2034986 - ET EXPLOIT SonicWall SMA Authenticated Command Injection
Attempt CVE-2021-20039 (exploit.rules)

Pro:

2850932 - ETPRO MALWARE RiskTool.AndroidOS.SMSreg Activity (GET)
(malware.rules)
2850933 - ETPRO INFO Double Extension VBS Download from Google Drive
(info.rules)
2850934 - ETPRO INFO Double Extension PIF Download from Google Drive
(info.rules)
2850935 - ETPRO POLICY Attempted Download of an Infected File from
Google Drive (policy.rules)
2850936 - ETPRO INFO VBS Download from Google Drive (info.rules)
2850937 - ETPRO MALWARE Win32/PCSpeedCat Activity (GET) (malware.rules)
2850938 - ETPRO TROJAN Win32/GCleaner Downloader Activity M6 (trojan.rules)
2850939 - ETPRO CURRENT_EVENTS Successful Navy Federal Credit Union
Phish 2022-01-26 (current_events.rules)
2850940 - ETPRO TROJAN Win32/TrojanDownloader.Agent.DSF CnC Activity
(trojan.rules)
2850941 - ETPRO TROJAN Win32/TrojanDownloader.Agent.DSF CnC Activity
(trojan.rules)
2850942 - ETPRO CURRENT_EVENTS LinkedIn Phish Landing Page
2022-01-26 (current_events.rules)
2850943 - ETPRO CURRENT_EVENTS LinkedIn Phish Landing Page
2022-01-26 (current_events.rules)
2850944 - ETPRO CURRENT_EVENTS Successful LinkedIn Phish 2022-01-26
(current_events.rules)
2850945 - ETPRO CURRENT_EVENTS Successful Generic Phish 2022-01-26
(current_events.rules)