Daily Ruleset Update Summary
Daily Ruleset Update Summary 2022/01/27

[***] Summary: [***]

7 new OPEN, 12 new PRO (7 + 5) GrandaMisha, Lazarus DNS sigs, Nagios
Command Injection Attempts, and Remcos.

Thanks @benkow_ , @h2jazi, and @ShadowChasing1

Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++] Added rules: [+++]

Open:

2034987 - ET POLICY Suspicious File Sharing Domain in DNS Lookup
(drive .cloudplus .one) (policy.rules)
2034988 - ET TROJAN Win32/GrandaMisha Sending System Information
(POST) (trojan.rules)
2034989 - ET TROJAN Lazarus APT Related Domain in DNS Lookup
(yourblogcenter .com) (trojan.rules)
2034990 - ET TROJAN Lazarus APT Related Domain in DNS Lookup
(allinfostudio .com) (trojan.rules)
2034991 - ET TROJAN Lazarus APT Related Domain in DNS Lookup
(docusign .agency) (trojan.rules)
2034992 - ET EXPLOIT Nagios XI OS Command Injection (CVE-2021-25296)
(exploit.rules)
2034993 - ET EXPLOIT Nagios XI OS Command Injection (CVE-2021-25297
& CVE-2021-25298) (exploit.rules)

Pro:

2850950 - ETPRO TROJAN Win32/Remcos RAT Checkin 768 (trojan.rules)

[///] Modified active rules: [///]

2032096 - ET INFO Possible Phishing Landing via MoonFruit.com (set)
(info.rules)
2849378 - ETPRO TROJAN Suspected DonotGroup Pult Downloader Activity
M2 (trojan.rules)

Date:
Summary title:
7 new OPEN, 12 new PRO (7 + 5) GrandaMisha, Lazarus DNS sigs, Nagios Command Injection Attempts, and Remcos.