Daily Ruleset Update Summary 2022/05/17

Daily Ruleset Update Summary

[***] Summary: [***]

13 new OPEN, 20 new PRO (13 + 7). CVE-2018-20062, Win32/SiMay,
BlueShtorm, Others.

Thanks @GlobalNTT, @CrowdStrike, @StuDontPlay, @3xp0rtblog, @travisbgreen

Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++] Added rules: [+++]

Open:

2036598 - ET EXPLOIT Attempted ThinkPHP < 5.2.x RCE Inbound
(CVE-2018-20062) (exploit.rules)
2036599 - ET EXPLOIT Attempted ThinkPHP < 5.2.x RCE Outbound
(CVE-2018-20062) (exploit.rules)
2036600 - ET MALWARE Win32/SiMay RAT Activity (GET) (malware.rules)
2036601 - ET PHISHING Possible Cryptowallet Mining Pool Scam Landing Page
(phishing.rules)
2036602 - ET MALWARE IceApple User-Agent observed (malware.rules)
2036603 - ET MALWARE Restylink Domain in DNS Lookup ( .differentfor .com)
(malware.rules)
2036604 - ET MALWARE Restylink Domain in DNS Lookup ( .mbusabc .com)
(malware.rules)
2036605 - ET MALWARE Restylink Domain in DNS Lookup ( .disknxt .com)
(malware.rules)
2036606 - ET MALWARE Restylink Domain in DNS Lookup ( .officehoster .com)
(malware.rules)
2036607 - ET MALWARE Restylink Domain in DNS Lookup ( .spffusa .org)
(malware.rules)
2036608 - ET MALWARE Restylink Domain in DNS Lookup ( .sseekk .xyz)
(malware.rules)
2036609 - ET MALWARE Restylink Domain in DNS Lookup ( .youmiuri .com)
(malware.rules)
2036610 - ET MALWARE BlueShtorm Infostealer Data Exfiltration
(malware.rules)

Pro:

2851664 - ETPRO MALWARE Win32/Remcos RAT Checkin 794 (malware.rules)

[///] Modified active rules: [///]

2849219 - ETPRO MALWARE PCShare RAT Heartbeat from CnC (malware.rules)

---------------------------------------

James Emery-Callcott
Security Researcher | ProofPoint Inc | Emerging Threats Team

Date:

Tuesday, May 17, 2022

Summary title:

13 new OPEN, 20 new PRO (13 + 7). CVE-2018-20062, Win32/SiMay, BlueShtorm, Others.