Daily Ruleset Update Summary
Daily Ruleset Update Summary 2022/04/05

[***] Summary: [***]

23 new OPEN, 30 new PRO (23 + 7). CVE-2022-1162, CVE-2022-26210,
CVE-2022-26186, CVE-2022-25075, FIN7 JSSLoader, Others.

Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++] Added rules: [+++]

Open:

2035744 - ET EXPLOIT Totolink - Command Injection Attempt Inbound
(CVE-2022-26210) (exploit.rules)
2035745 - ET EXPLOIT Totolink - Command Injection Attempt Inbound
(CVE-2022-26186) (exploit.rules)
2035746 - ET EXPLOIT Totolink - Command Injection Attempt Inbound
(CVE-2022-25075) (exploit.rules)
2035747 - ET EXPLOIT D-Link - RCE Attempt Inbound (CVE-2021-45382)
(exploit.rules)
2035748 - ET MALWARE ELF/Mirai Variant UA Inbound (b3astmode)
(malware.rules)
2035749 - ET MALWARE ELF/Mirai Variant UA Outbound (b3astmode)
(malware.rules)
2035750 - ET EXPLOIT Gitlab Login Attempt with hard-coded password
(CVE-2022-1162) (exploit.rules)
2035751 - ET EXPLOIT Gitlab Login Attempt with hard-coded password
(CVE-2022-1162) (exploit.rules)
2035752 - ET MALWARE Win32/Agent.USB Variant CnC Activity (malware.rules)
2035753 - ET MALWARE MSIL/Unk.CoinMiner Downloader (malware.rules)
2035754 - ET MALWARE SSL/TLS Certificate Observed (FIN7 JSSLoader)
(malware.rules)
2035755 - ET MALWARE SSL/TLS Certificate Observed (FIN7 JSSLoader)
(malware.rules)
2035756 - ET MALWARE SSL/TLS Certificate Observed (FIN7 JSSLoader)
(malware.rules)
2035757 - ET INFO Proxy Domain in DNS Lookup (proxynet .io) (info.rules)
2035758 - ET INFO Observed Proxy Domain (proxynet .io in TLS SNI)
(info.rules)
2035759 - ET PHISHING Generic Credential Phish Landing Page M1 2022-04-05
(phishing.rules)
2035760 - ET PHISHING Generic Credential Phish Landing Page M2 2022-04-05
(phishing.rules)
2035761 - ET PHISHING Generic Credential Phish Landing Page M3 2022-04-05
(phishing.rules)
2035762 - ET INFO Splashtop Domain in DNS Lookup (splashtop .com)
(info.rules)
2035763 - ET INFO Splashtop Domain (splashtop .com) in TLS SNI
(info.rules)
2035764 - ET INFO Splashtop Domain in DNS Lookup (splashtop .eu)
(info.rules)
2035765 - ET INFO Splashtop Domain (splashtop .eu) in TLS SNI (info.rules)
2035766 - ET MALWARE Suspected Lazarus APT Related Backdoor Activity
(POST) M2 (malware.rules)

[///] Modified active rules: [///]

2035692 - ET MALWARE Suspected Lazarus APT Related Backdoor Activity
(POST) M1 (malware.rules)
2836590 - ETPRO ADWARE_PUP Win32/Adware.VrBrothers.AF Variant PUP
Activity (adware_pup.rules)
2850600 - ETPRO MALWARE Win32/TrojanDownloader.Agent.FTV Variant Server
Response (malware.rules)

---------------------------------------

James Emery-Callcott
Security Researcher | ProofPoint Inc | Emerging Threats Team

Date:
Summary title:
23 new OPEN, 30 new PRO (23 + 7). CVE-2022-1162, CVE-2022-26210, CVE-2022-26186, CVE-2022-25075, FIN7 JSSLoader, Others.