Daily Ruleset Update Summary
Daily Ruleset Update Summary 2022/04/08

[***] Summary: [***]

11 new OPEN, 17 new PRO (11 + 6). CVE-2022-22954, Winnti, Miners, Others.

Thanks 0xrb, @Malwarebytes

Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++] Added rules: [+++]

Open:

2035874 - ET EXPLOIT VMWare Server-side Template Injection RCE
(CVE-2022-22954) (exploit.rules)
2035875 - ET EXPLOIT VMWare Server-side Template Injection RCE
(CVE-2022-22954) (exploit.rules)
2035876 - ET EXPLOIT VMWare Server-side Template Injection RCE
(CVE-2022-22954) (exploit.rules)
2035877 - ET MALWARE Observed DNS Query to Winnti Domain (malware.rules)
2035878 - ET MALWARE Observed DNS Query to Winnti Domain (malware.rules)
2035879 - ET MALWARE Win32/Farfli.CUY CnC Server Response (malware.rules)
2035880 - ET MALWARE Win32/Farfli.CUY KeepAlive M2 (malware.rules)
2035881 - ET MALWARE Base64 Encoded Stealer Config from Server -
%APPDATA% M1 (malware.rules)
2035882 - ET MALWARE Base64 Encoded Stealer Config from Server -
%APPDATA% M2 (malware.rules)
2035883 - ET MALWARE Base64 Encoded Stealer Config from Server -
%APPDATA% M3 (malware.rules)
2035884 - ET MALWARE Base64 Encoded Stealer Config from Server -
%APPDATA% M4 (malware.rules)

Pro:

2851418 - ETPRO COINMINER CoinMiner Known Malicious Stratum Authline
(2022-04-07 1) (coinminer.rules)
2851419 - ETPRO COINMINER CoinMiner Known Malicious Stratum Authline
(2022-04-07 2) (coinminer.rules)
2851420 - ETPRO COINMINER CoinMiner Known Malicious Stratum Authline
(2022-04-07 3) (coinminer.rules)
2851421 - ETPRO COINMINER CoinMiner Known Malicious Stratum Authline
(2022-04-07 4) (coinminer.rules)
2851422 - ETPRO COINMINER CoinMiner Known Malicious Stratum Authline
(2022-04-07 5) (coinminer.rules)
2851423 - ETPRO MALWARE Trojan.Win32.Scar.DSUU CnC Exfil (malware.rules)

[///] Modified active rules: [///]

2018244 - ET MALWARE Havex RAT CnC Server Response HTML Tag
(malware.rules)
2035632 - ET MALWARE Win32/Farfli.CUY KeepAlive M1 (malware.rules)
2809527 - ETPRO MALWARE Infostealer.Gamania Checkin (malware.rules)
2851417 - ETPRO PHISHING Successful Sidewinder Credential Phish
2022-04-07 (phishing.rules)

---------------------------------------

James Emery-Callcott
Security Researcher | ProofPoint Inc | Emerging Threats Team

Date:
Summary title:
11 new OPEN, 17 new PRO (11 + 6). CVE-2022-22954, Winnti, Miners, Others.