Daily Ruleset Update Summary
Daily Ruleset Update Summary 2022/01/28

[***] Summary: [***]

21 new OPEN, 25 new PRO (21 + 4) My2022/Beijing2022 App, Apache
Spark CVE-2020-9480, Gamaredon Maldoc, Struts CVE-2020-17530,Cisco IOS
XE CVE-2019-12643, JNDI Injection CVE-2020-14841, MuddyWater and
VARIOUS PHISHING.

Thanks @500mk500

A large amount of MOBILE_MALWARE signatures were modified to fix a
casing issue with the MITRE ATT&CK tags.

Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++] Added rules: [+++]

Open:

2034994 - ET POLICY My2022/Beijing2022 App (DNS Lookup) 1 (policy.rules)
2034995 - ET POLICY My2022/Beijing2022 App (TLS SNI) 1 (policy.rules)
2034996 - ET POLICY My2022/Beijing2022 App (DNS Lookup) 2 (policy.rules)
2034997 - ET POLICY My2022/Beijing2022 App (TLS SNI) 2 (policy.rules)
2034998 - ET POLICY My2022/Beijing2022 App (DNS Lookup) 3 (policy.rules)
2034999 - ET POLICY My2022/Beijing2022 App (TLS SNI) 3 (policy.rules)
2035000 - ET TROJAN PowerShell Script Downloading Emotet DLL (trojan.rules)
2035001 - ET INFO Apache Spark RPC - CheckExistence Request (set) (info.rules)
2035002 - ET INFO Apache Spark RPC - Auth Request (set) (info.rules)
2035003 - ET EXPLOIT Apache Spark RPC - Unauthenticated
RegisterApplication Request (CVE-2020-9480) (exploit.rules)
2035004 - ET ATTACK_RESPONSE Apache Spark RPC - Unauthenticated
RegisterApplication - Successfully Registered (CVE-2020-9480)
(attack_response.rules)
2035005 - ET EXPLOIT Apache Spark RPC - Unauthenticated
RegisterApplication Request - RCE Attempt (CVE-2020-9480)
(exploit.rules)
2035006 - ET TROJAN Gamaredon Related Maldoc Activity (GET) (trojan.rules)
2035007 - ET TROJAN Gamaredon Related Maldoc Activity (GET) (trojan.rules)
2035008 - ET EXPLOIT Possible Apache ShardingSphere RCE Attempt
(CVE-2020-1947) (PoC Based) (exploit.rules)
2035009 - ET EXPLOIT Apache Struts RCE Attempt (CVE-2020-17530)
(exploit.rules)
2035010 - ET EXPLOIT Possible Cisco REST API Container for Cisco IOS
XE Software Authentication Bypass Attempt (CVE-2019-12643)
(exploit.rules)
2035011 - ET EXPLOIT Cisco REST API Container for Cisco IOS XE
Software Authentication Bypass - Successful Exploit (CVE-2019-12643)
(exploit.rules)
2035012 - ET EXPLOIT Cisco REST API Container for Cisco IOS XE
Software Authentication Bypass - Token Usage (CVE-2019-12643)
(exploit.rules)
2035013 - ET EXPLOIT Oracle WebLogic IIOP JNDI Injection
(CVE-2020-14841) (exploit.rules)
2035014 - ET EXPLOIT Sangoma Asterisk Originate AMI RCE
(CVE-2019-18610) (PoC Based) (exploit.rules)

Pro:

2850959 - ETPRO INFO Suspected Office Template Retrieved (dotm) (info.rules)
2850960 - ETPRO TROJAN MuddyWater APT Related Maldoc Activity (POST)
(trojan.rules)
2850961 - ETPRO CURRENT_EVENTS Successful Generic Phish 2022-01-28
(current_events.rules)
2850962 - ETPRO CURRENT_EVENTS Successful Generic Phish 2022-01-28
(current_events.rules)

Date:
Summary title:
21 new OPEN, 25 new PRO (21 + 4) My2022/Beijing2022 App, Apache Spark CVE-2020-9480, Gamaredon Maldoc, Struts CVE-2020-17530,Cisco IOS XE CVE-2019-12643, JNDI Injection CVE-2020-14841, MuddyWater and VARIOUS PHISHING.