Daily Ruleset Update Summary
Daily Ruleset Update Summary 2022/01/31

[***] Summary: [***]

9 new OPEN, 21 new PRO (9 + 12). MetInfo SQL Injection, LinkedIn Phish, CoinMiners

Thanks @ViriBack

Please share issues, feedback, and requests at https://feedback.emergingthreats.net/feedback.

[+++] Added rules: [+++]

Open:

2035015 - ET TROJAN Suspicious Zipped Filename in Outbound POST Request (passwords.txt) M2 (trojan.rules)

2035016 - ET TROJAN Suspicious Zipped Filename in Outbound POST Request (Passwords.txt) M2 (trojan.rules)

2035017 - ET TROJAN Win32.SpyEyes.bllw CnC Exfil (trojan.rules)

2035018 - ET EXPLOIT MetInfo 7.0 SQL Injection (CVE-2019-17418) (exploit.rules)

2035019 - ET EXPLOIT MetInfo 7.0 SQL Injection (CVE-2019-16997) (exploit.rules)

2035020 - ET POLICY 3proxy Domain Domain in DNS Lookup (3proxy .ru) (policy.rules)

2035021 - ET POLICY 3proxy Domain Domain in DNS Lookup (3proxy .org) (policy.rules)

2035022 - ET CURRENT_EVENTS LinkedIn Phish Landing Page 2022-01-31 (current_events.rules)

2035023 - ET INFO URL Shortener Service Domain in DNS Lookup (yourls .org) (info.rules)

Pro:

2850963 - ETPRO INFO Active Directory IdP SSO Signin Request (info.rules)

2850964 - ETPRO USER_AGENTS Suspicious User-Agent (UA3) (user_agents.rules)

2850965 - ETPRO USER_AGENTS Suspicious User-Agent (UA4) (user_agents.rules)

2850967 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2022-01-29 1) (trojan.rules)

2850968 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2022-01-29 2) (trojan.rules)

2850969 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2022-01-29 3) (trojan.rules)

2850970 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2022-01-29 4) (trojan.rules)

2850971 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2022-01-29 5) (trojan.rules)

2850972 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2022-01-29 6) (trojan.rules)

2850973 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2022-01-29 7) (trojan.rules)

2850974 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2022-01-29 8) (trojan.rules)

2850975 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2022-01-29 9) (trojan.rules)

[---] Removed rules: [---]

2843854 - ETPRO TROJAN Suspicious Zipped Filename in Outbound POST Request (passwords.txt) M2 (trojan.rules)

2843956 - ETPRO TROJAN Suspicious Zipped Filename in Outbound POST Request (Passwords.txt) M2 (trojan.rules)

2848327 - ETPRO TROJAN Win32.SpyEyes.bllw CnC Exfil (trojan.rules)

Date:
Summary title:
9 new OPEN, 21 new PRO (9 + 12). MetInfo SQL Injection, LinkedIn Phish, CoinMiners