Daily Ruleset Update Summary
Daily Ruleset Update Summary 2022/05/31

[***] Summary: [***]

8 new OPEN, 20 new PRO (8 + 12). Various CVE, Remcos, BitRAT and
Android Trojan-Spy.AndroidOS.SmsThief.sf.

Thanks @h2jazi

Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++] Added rules: [+++]

Open:

2022642 - ET INFO DNS Query to a *.ngrok domain (ngrok.io) (info.rules)
2036727 - ET EXPLOIT WordPress Plugin video-synchro-pdf 1.7.4 -
Local File Inclusion (exploit.rules)
2036728 - ET USER_AGENTS PHP Code in User-Agent (Inbound) - Possible
Command Injections (user_agents.rules)
2036729 - ET EXPLOIT DBltek GoIP GoIP-1 GSM Gateway - Local File
Inclusion (exploit.rules)
2036730 - ET EXPLOIT Local File Inclusion with Shell Execution via
proc/self/environ (exploit.rules)
2036731 - ET EXPLOIT Adobe ColdFusion 11 - LDAP Java Object
Deserialization RCE (GET) CVE-2018-15957 (exploit.rules)
2036732 - ET EXPLOIT Adobe ColdFusion 11 - LDAP Java Object
Deserialization RCE (POST) CVE-2018-15957 (exploit.rules)
2036733 - ET MALWARE Nim Based Downloader Activity (GET) (malware.rules)

Pro:

2851720 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmsThief.sf CnC
Domain in DNS Lookup (mobile_malware.rules)
2851721 - ETPRO MOBILE_MALWARE Android.Trojan.Banker.ZX Checkin
(mobile_malware.rules)
2851722 - ETPRO MOBILE_MALWARE Trojan-Dropper.AndroidOS.Agent.sm CnC
Domain in DNS Lookup (mobile_malware.rules)
2851723 - ETPRO EXPLOIT Possible Chromium v8 0-day Inbound -
2022-05-31 (exploit.rules)
2851724 - ETPRO MALWARE Win32/Remcos RAT Checkin 795 (malware.rules)
2851725 - ETPRO MALWARE Win32/Remcos RAT Checkin 796 (malware.rules)
2851726 - ETPRO MALWARE Win32/Remcos RAT Checkin 797 (malware.rules)
2851727 - ETPRO MALWARE Win32/Remcos RAT Checkin 798 (malware.rules)
2851728 - ETPRO ATTACK_RESPONSE Invoke-Obfuscation Concatenate
String (DownloadString) (attack_response.rules)
2851729 - ETPRO JA3 Hash - Possible Malware - BitRAT (ja3.rules)
2851730 - ETPRO MALWARE Observed Malicious SSL Cert (BitRAT CnC)
(malware.rules)
2851731 - ETPRO PHISHING DNS Query to Phishing Domain
(inspiring-moser 172-93-188-73 .plesk .page) (phishing.rules)

[///] Modified active rules: [///]

2036726 - ET EXPLOIT Possible Microsoft Support Diagnostic Tool
Exploitation Inbound (CVE-2022-30190) (exploit.rules)
2843932 - ETPRO PHISHING Possible Successful Appspot Hosted Generic
Phish 2020-08-10 (phishing.rules)
2845590 - ETPRO MALWARE Observed Possible Malicious SSL Cert
(AsyncRAT) (malware.rules)

[---] Removed rules: [---]

2022642 - ET POLICY DNS Query to a *.ngrok domain (ngrok.io) (policy.rules)

Date:
Summary title:
8 new OPEN, 20 new PRO (8 + 12). Various CVE, Remcos, BitRAT and Android Trojan-Spy.AndroidOS.SmsThief.sf.