Daily Ruleset Update Summary
Daily Ruleset Update Summary 2022/05/23

[***] Summary: [***]

15 new OPEN, 17 new PRO (15 + 2) Telesquare CVE-2021-46422SolarView
CVE-2022-29303, CouchDB CVE-2022-24706, Vidar, ArtraDownloader, and
TWISTEDPANDA DNS and TLS sigs.

Thanks @CheckpointSW, @momika233, and @X__junior

Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++] Added rules: [+++]

Open:

2036649 - ET EXPLOIT SolarView Compact Command Injection Inbound
(CVE-2022-29303) (exploit.rules)
2036650 - ET EXPLOIT Default Apache CouchDB Erlang Cookie Observed
(CVE-2022-24706) (exploit.rules)
2036651 - ET INFO External Host Querying Erlang Port Mapper Daemon
(info.rules)
2036652 - ET MALWARE Win32/ArtraDownloader CnC Activity (GET) (malware.rules)
2036653 - ET MALWARE Sidewinder APT Related Domain in DNS Lookup
(malware.rules)
2036654 - ET MALWARE Win32/Vidar Variant/Mars Stealer Resources
Download (malware.rules)
2036655 - ET MALWARE TWISTEDPANDA CnC Domain in DNS Lookup (img
.elliotterusties .com) (malware.rules)
2036656 - ET MALWARE TWISTEDPANDA CnC Domain in DNS Lookup (www
.miniboxmail .com) (malware.rules)
2036657 - ET MALWARE TWISTEDPANDA CnC Domain in DNS Lookup (www
.microtreely .com) (malware.rules)
2036658 - ET MALWARE TWISTEDPANDA CnC Domain in DNS Lookup (www
.minzdravros .com) (malware.rules)
2036659 - ET MALWARE Observed TWISTEDPANDA Domain in TLS SNI (www
.miniboxmail .com) (malware.rules)
2036660 - ET MALWARE Observed TWISTEDPANDA Domain in TLS SNI (www
.microtreely .com) (malware.rules)
2036661 - ET MALWARE Observed TWISTEDPANDA Domain in TLS SNI (www
.minzdravros .com) (malware.rules)
2036662 - ET MALWARE Observed TWISTEDPANDA Domain in TLS SNI (img
.elliotterusties .com) (malware.rules)
2036663 - ET EXPLOIT Telesquare SDT-CW3B1 1.1.0 - OS Command
Injection (CVE-2021-46422) (exploit.rules)

Pro:

2851678 - ETPRO MALWARE Win32/TrojanDropper.Agent.OQE CnC Activity
(malware.rules)
2851679 - ETPRO MALWARE Win32/Fusing.CP CnC Activity (malware.rules)

[///] Modified active rules: [///]

2018635 - ET MALWARE Common Upatre Header Structure 2 (malware.rules)
2035476 - ET HUNTING PNG image exfiltration over raw TCP (hunting.rules)

[---] Removed rules: [---]

2848215 - ETPRO MALWARE Win32/ArtraDownloader CnC Activity (GET)
(malware.rules)

Date:
Summary title:
15 new OPEN, 17 new PRO (15 + 2) Telesquare CVE-2021-46422SolarView CVE-2022-29303, CouchDB CVE-2022-24706, Vidar, ArtraDownloader, and TWISTEDPANDA DNS and TLS sigs.