Daily Ruleset Update Summary 2022/06/01

Daily Ruleset Update Summary

[***] Summary: [***]

12 new OPEN, 18 new PRO (12 + 6). Various CVE, Ave Maria/Warzone
RAT, Win32/Pandorahvnc RAT and Various Phishing.

Thanks @FortiGuardLabs and @twinwavesec

Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++] Added rules: [+++]

Open:

2036734 - ET MALWARE Ave Maria/Warzone RAT Encrypted CnC Checkin
(malware.rules)
2036735 - ET MALWARE Ave Maria/Warzone RAT Encrypted CnC Checkin
(Inbound) (malware.rules)
2036736 - ET EXPLOIT Scriptcase 9.7 Arbitrary File Upload Attempt
(exploit.rules)
2036737 - ET EXPLOIT Zyxel NWA-1100-NH Command Injection Attempt
(CVE-2021-4039) (exploit.rules)
2036738 - ET EXPLOIT Kramer VIAware Remote Code Execution
(CVE-2021-35064 CVE-2021-36356) (exploit.rules)
2036739 - ET EXPLOIT WordPress Plugin cab-fare-calculator 1.0.3 -
Local File Inclusion (exploit.rules)
2036740 - ET EXPLOIT Archeevo 5.0 - Local File Inclusion (exploit.rules)
2036741 - ET MALWARE Win32/Pandorahvnc RAT Checkin Activity (malware.rules)
2036742 - ET PHISHING Facebook Credential Phish Landing Page M1
2022-06-01 (phishing.rules)
2036743 - ET PHISHING Successful Generic Credential Phish 2022-06-01
(phishing.rules)
2036744 - ET HUNTING [TW] Uri Contains Likely Urlpages Web Hosting
Technique (hunting.rules)
2036745 - ET HUNTING [TW] Page Contains Redirect to Likely Urlpages
Web Hosting Technique (hunting.rules)

Pro:

2851732 - ETPRO COINMINER CoinMiner Known Malicious Stratum Authline
(2022-05-31 1) (coinminer.rules)
2851733 - ETPRO MALWARE Win32/Remcos RAT Checkin 799 (malware.rules)
2851734 - ETPRO ATTACK_RESPONSE PowerShell Uint16 Encoding
Obfuscation Inbound (attack_response.rules)
2851735 - ETPRO MALWARE Njrat Payload Request (PE.txt) (malware.rules)
2851736 - ETPRO INFO Observed DNS Query to Pastebin-style Service
(www .kpaste .net) (info.rules)
2851737 - ETPRO INFO Observed Pastebin-style Service (www .kpaste
.net) in TLS SNI (info.rules)

[///] Modified active rules: [///]

2035695 - ET MALWARE MSIL/Unk.CoinMiner Downloader (malware.rules)
2035753 - ET MALWARE MSIL/Unk.CoinMiner Downloader (malware.rules)
2036729 - ET EXPLOIT DBltek GoIP GoIP-1 GSM Gateway - Local File
Inclusion (exploit.rules)
2851132 - ETPRO MALWARE Win32/Njrat Payload Request (DLL.txt) (malware.rules)

[---] Removed rules: [---]

2036728 - ET USER_AGENTS PHP Code in User-Agent (Inbound) - Possible
Command Injections (user_agents.rules)
2834979 - ETPRO MALWARE Ave Maria/Warzone RAT Encrypted CnC Checkin
(malware.rules)
2841903 - ETPRO MALWARE Ave Maria/Warzone RAT Encrypted CnC Checkin
(Inbound) (malware.rules)

Date:

Wednesday, June 1, 2022

Summary title:

12 new OPEN, 18 new PRO (12 + 6). Various CVE, Ave Maria/Warzone RAT, Win32/Pandorahvnc RAT and Various Phishing.