Daily Ruleset Update Summary
Daily Ruleset Update Summary 2022/04/12

[***] Summary: [***]

11 new OPEN, 17 new PRO (11 + 6) Backdoor.Ratenjay, NGINX
Reference LDAP Query Injection Attack, Colibri,
Win32/TrojanDownloader.Agent.GEM.

Thanks @avast, @malwarebytes, @h2jazi, @0xrb

Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++] Added rules: [+++]

Open:

2035892 - ET INFO NetSupport Remote Admin Checkin (info.rules)
2035893 - ET MALWARE Possible Ursnif/Gamaredon Related VNC Module
CnC Beacon (malware.rules)
2035894 - ET MALWARE Backdoor.Ratenjay POST with System Information
(malware.rules)
2035895 - ET INFO NetSupport Remote Admin Response (info.rules)
2035896 - ET MALWARE Observed SocGholish Domain in TLS SNI (malware.rules)
2035897 - ET EXPLOIT Possible NGINX Reference LDAP Query Injection
Attack (exploit.rules)
2035898 - ET MALWARE Snatch Ransomware Checkin (POST) (malware.rules)
2035899 - ET MALWARE Colibri Loader Domain in DNS Lookup
(securetunnel .co) (malware.rules)
2035900 - ET MALWARE Win32/Farfli.CUY Downloader (malware.rules)
2035901 - ET MALWARE Win32/TrojanDownloader.Agent.GEM Maldoc Remote
Template Request M1 (malware.rules)
2035902 - ET MALWARE Win32/TrojanDownloader.Agent.GEM Maldoc Remote
Template Request M2 (malware.rules)

Pro:

2851425 - ETPRO COINMINER CoinMiner Known Malicious Stratum Authline
(2022-04-12 1) (coinminer.rules)
2851426 - ETPRO COINMINER CoinMiner Known Malicious Stratum Authline
(2022-04-12 2) (coinminer.rules)
2851427 - ETPRO COINMINER CoinMiner Known Malicious Stratum Authline
(2022-04-12 3) (coinminer.rules)
2851428 - ETPRO COINMINER CoinMiner Known Malicious Stratum Authline
(2022-04-12 4) (coinminer.rules)
2851429 - ETPRO COINMINER CoinMiner Known Malicious Stratum Authline
(2022-04-12 5) (coinminer.rules)
2851430 - ETPRO COINMINER CoinMiner Known Malicious Stratum Authline
(2022-04-12 6) (coinminer.rules)

[///] Modified active rules: [///]

2035604 - ET MALWARE Observed DNS Query to
Win32/TrojanDownloader.Agent.GEM Domain (malware.rules)
2810291 - ETPRO MALWARE NanoCore RAT Keepalive Response 2 (malware.rules)
2851336 - ETPRO MALWARE Win32/TrojanDownloader.Agent.GEM Maldoc
Payload Request (malware.rule

Date:
Summary title:
11 new OPEN, 17 new PRO (11 + 6) Backdoor.Ratenjay, NGINX Reference LDAP Query Injection Attack, Colibri, Win32/TrojanDownloader.Agent.GEM.