Daily Ruleset Update Summary 2022/05/16

Daily Ruleset Update Summary

[***] Summary: [***]

4 new OPEN, 7 new PRO (4 + 3). Win32/Borr, CVE-2022-30525, PennyWise,
Others.

Thanks @rapid7, @3xp0rtblog, @james_inthe_box

Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++] Added rules: [+++]

Open:

2036594 - ET JA3 Hash - Remcos 3.x TLS Connection (ja3.rules)
2036595 - ET MALWARE Win32/Borr Stealer Variant Sending System
Information (malware.rules)
2036596 - ET EXPLOIT [Rapid7] Zyxel ZTP setWanPortSt mtu Parameter
Exploit Attempt (CVE 2022-30525) (exploit.rules)
2036597 - ET MALWARE PennyWise Stealer Data Exfiltration (malware.rules)

Pro:

2851655 - ETPRO COINMINER CoinMiner Known Malicious Stratum Authline
(2022-05-13 1) (coinminer.rules)
2851656 - ETPRO MALWARE Win32/Remcos RAT Checkin 792 (malware.rules)
2851657 - ETPRO MALWARE Win32/Remcos RAT Checkin 793 (malware.rules)

[///] Modified active rules: [///]

2035564 - ET MALWARE Kimsuky APT Related Host Data Exfil M4
(malware.rules)
2836503 - ETPRO EXPLOIT Attempted THINKPHP < 5.2.x RCE Inbound
(CVE-2018-20062) (exploit.rules)
2836504 - ETPRO EXPLOIT Attempted THINKPHP < 5.2.x RCE Outbound
(CVE-2018-20062) (exploit.rules)
2844069 - ETPRO PHISHING Possible Successful Facebook/Instagram Phish
2020-08-18 (phishing.rules)

[---] Removed rules: [---]

2848231 - ETPRO JA3 Hash - Suspected Remcos 3.x TLS Connection (ja3.rules)

---------------------------------------

James Emery-Callcott
Security Researcher | ProofPoint Inc | Emerging Threats Team

Date:

Monday, May 16, 2022

Summary title:

4 new OPEN, 7 new PRO (4 + 3). Win32/Borr, CVE-2022-30525, PennyWise, Others.