Daily Ruleset Update Summary
Daily Ruleset Update Summary 2022/02/04

[***] Summary: [***]

19 new OPEN, 19 new PRO (19 + 0). Subterranean Crimson Rat, TinyNuke, Various Phish and CVEs

Thanks @james_inthe_box, @unit42

Please share issues, feedback, and requests at https://feedback.emergingthreats.net/feedback.

It's FREE SIG FRIDAY! Today, all our signatures are released in the OPEN free community ruleset.

[+++] Added rules: [+++]

Open:

2035069 - ET TROJAN Subterranean Crimson Rat - GetInfo Command (trojan.rules)

2035070 - ET TROJAN Subterranean Crimson Rat - AssignID Command (trojan.rules)

2035071 - ET TROJAN Subterranean Crimson Rat - FileManager List Command (trojan.rules)

2035072 - ET TROJAN Subterranean Crimson Rat - FileManager pwd Command (trojan.rules)

2035073 - ET TROJAN Subterranean Crimson Rat - GetClientLog Command (trojan.rules)

2035074 - ET TROJAN Subterranean Crimson Rat - Client Traffic (trojan.rules)

2035094 - ET TROJAN TinyNuke VNC Checkin M2 (trojan.rules)

2035095 - ET TROJAN TinyNuke VNC Checkin M3 (trojan.rules)

2035096 - ET TROJAN Suspected Win32/Hancitor Checkin (trojan.rules)

2035097 - ET MALWARE Win32/GameHack.ADW CnC Activity (malware.rules)

2035098 - ET TROJAN Win32/Trojan.Agent.FSTT CnC Activity (trojan.rules)

2035099 - ET TROJAN Win32/Pteranodon CnC Exfil (POST) (trojan.rules)

2035100 - ET CURRENT_EVENTS Generic Landing Page 2022-02-04 (current_events.rules)

2035101 - ET CURRENT_EVENTS Generic Phish 2022-02-04 (current_events.rules)

2035102 - ET EXPLOIT VMware SD-WAN Orchestrator Authentication Bypass (CVE-2020-4001) (exploit.rules)

2035103 - ET EXPLOIT VMware SD-WAN Orchestrator Path Traversal (CVE-2020-4000) (exploit.rules)

2035104 - ET EXPLOIT VMware SD-WAN Orchestrator SQL Injection (CVE-2020-3984) (exploit.rules)

2035105 - ET EXPLOIT Cisco Security Manager Path Traversal - athena (CVE-2020-27130) (exploit.rules)

2035106 - ET EXPLOIT Cisco Security Manager Path Traversal - cwhp (CVE-2020-27130) (exploit.rules)

[///] Modified active rules: [///]

2029206 - ET EXPLOIT Possible Citrix Application Delivery Controller Arbitrary Code Execution Attempt (CVE-2019-19781) (exploit.rules)

2033163 - ET TROJAN Win32/Vidar Variant/Mars Stealer CnC Exfil (trojan.rules)

2034279 - ET EXPLOIT Citrix App Delivery Controller and Citrix Gateway M1 (CVE-2019-19781) (exploit.rules)

[---] Removed rules: [---]

2035069 - ET MALWARE Subterranean Crimson Rat - GetInfo Command (malware.rules)

2035070 - ET MALWARE Subterranean Crimson Rat - AssignID Command (malware.rules)

2035071 - ET MALWARE Subterranean Crimson Rat - FileManager List Command (malware.rules)

2035072 - ET MALWARE Subterranean Crimson Rat - FileManager pwd Command (malware.rules)

2035073 - ET MALWARE Subterranean Crimson Rat - GetClientLog Command (malware.rules)

2035074 - ET MALWARE Subterranean Crimson Rat - Client Traffic (malware.rules)

Date:
Summary title:
19 new OPEN, 19 new PRO (19 + 0). Subterranean Crimson Rat, TinyNuke, Various Phish and CVEs