Daily Ruleset Update Summary 2022/02/16

Daily Ruleset Update Summary

[***] Summary: [***]

5 new OPEN, 17 new PRO (5 + 12). Kimsuky, CVE-2015-4852 T3, Coin Miners,
Others.

Thanks @ShadowChasing1, @c_APT_ure

Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++] Added rules: [+++]

Open:

2035204 - ET EXPLOIT Oracle Weblogic Server Deserialization RCE T3
(CVE-2015-4852) (exploit.rules)
2035205 - ET MALWARE Win32/2144FlashPlayer.E Checkin (malware.rules)
2035206 - ET TROJAN Kimsuky APT Related Activity (GET) (trojan.rules)
2035207 - ET TROJAN MSIL/GenKryptik.FQRH Download Request (trojan.rules)
2035208 - ET INFO Namecheap URL Forward (info.rules)

Pro:

2851117 - ETPRO ATTACK_RESPONSE Suspicious PowerShell File Inbound -
Win32_Processor Queries (attack_response.rules)
2851118 - ETPRO ATTACK_RESPONSE Suspicious PowerShell File Inbound -
ExecutionPolicy Bypass (attack_response.rules)
2851119 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2022-02-16 1) (trojan.rules)
2851120 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2022-02-16 2) (trojan.rules)
2851121 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2022-02-16 3) (trojan.rules)
2851122 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2022-02-16 4) (trojan.rules)
2851123 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2022-02-16 5) (trojan.rules)
2851124 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2022-02-16 6) (trojan.rules)
2851125 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2022-02-16 7) (trojan.rules)
2851126 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2022-02-16 8) (trojan.rules)

---------------------------------------

James Emery-Callcott
Security Researcher | ProofPoint Inc | Emerging Threats Team

Date:

Wednesday, February 16, 2022

Summary title:

5 new OPEN, 17 new PRO (5 + 12). Kimsuky, CVE-2015-4852 T3, Coin Miners, Others.