Daily Ruleset Update Summary 2022/06/15

Daily Ruleset Update Summary

[***] Summary: [***]

11 new OPEN, 19 new PRO (11 + 8). Gamaredon APT, Bitter APT, Various
Miners and Various Phishing.

Thanks @ShadowChasing1, @RedDrip7, @akamai_research

Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++] Added rules: [+++]

Open:

2036993 - ET MALWARE Win32/Upgilf CnC Beacon (malware.rules)
2036994 - ET MALWARE Suspected Gamaredon APT Related Activity (GET)
(malware.rules)
2036995 - ET MALWARE Loxes/Mongall Related CnC Beacon M4 (GET) (malware.rules)
2036996 - ET MALWARE APT/Bitter CnC Exfiltration via TCP (malware.rules)
2036997 - ET COINMINER Panchan Mining Rig CnC Activity (Outbound)
(coinminer.rules)
2036998 - ET MALWARE Panchan Mining Rig CnC Activity (Inbound) (malware.rules)
2036999 - ET MALWARE Maldoc Retrieving Payload 2022-06-15 (malware.rules)
2037000 - ET MALWARE Maldoc Retrieving Payload 2022-06-15 (malware.rules)
2037001 - ET MALWARE Maldoc Retrieving Payload 2022-06-15 (malware.rules)
2037002 - ET MALWARE Win32/Wacapew.C!ml Checkin (malware.rules)
2037003 - ET MALWARE Win32/Tiggre!rfn Zipped Exfil (malware.rules)

Pro:

2851780 - ETPRO PHISHING Observed Malicious SSL/TLS Certificate
(Phish Related) (phishing.rules)
2851781 - ETPRO PHISHING Observed Malicious SSL/TLS Certificate
(Phish Related) (phishing.rules)
2851782 - ETPRO PHISHING Observed Malicious SSL/TLS Certificate
(Phish Related) (phishing.rules)
2851783 - ETPRO PHISHING Observed Malicious SSL/TLS Certificate
(Phish Related) (phishing.rules)
2851784 - ETPRO INFO Observed SSL/TLS Certificate (Free SMS Service)
(info.rules)
2851785 - ETPRO INFO Observed SSL/TLS Certificate (Free SMS Service)
(info.rules)
2851786 - ETPRO INFO Observed SSL/TLS Certificate (Free SMS Service)
(info.rules)

[///] Modified active rules: [///]

2036982 - ET MALWARE Loxes/Mongall Related CnC Beacon M3 (GET) (malware.rules)

[---] Disabled and modified rules: [---]

2806214 - ETPRO EXPLOIT MongoDB nativeHelper.apply Remote Code
Execution (CVE-2013-1892) (exploit.rules)
2806234 - ETPRO WEB_CLIENT Windows Live Essentials Insecure URI
Handler (CVE-2013-0096) (web_client.rules)
2806485 - ETPRO WEB_CLIENT Internet Explorer Double Free
(CVE-2013-3118) (web_client.rules)
2806489 - ETPRO WEB_CLIENT Internet Explorer onscroll
(CVE-2013-3123) (web_client.rules)
2806625 - ETPRO WEB_CLIENT Microsoft Internet Explorer
Use-After-Free 1 (CVE-2013-3115) (web_client.rules)
2806626 - ETPRO WEB_CLIENT Microsoft Internet Explorer
Use-After-Free 2 (CVE-2013-3115) (web_client.rules)
2806629 - ETPRO WEB_CLIENT Microsoft Internet Explorer
Use-After-Free 5 (CVE-2013-3115) (web_client.rules)
2806630 - ETPRO WEB_CLIENT Microsoft Internet Explorer
Use-After-Free 6 (CVE-2013-3115) (web_client.rules)
2806631 - ETPRO WEB_CLIENT Microsoft Internet Explorer
Use-After-Free 1 (CVE-2013-3143) (web_client.rules)
2806632 - ETPRO WEB_CLIENT Microsoft Internet Explorer
Use-After-Free 2 (CVE-2013-3143) (web_client.rules)
2806633 - ETPRO WEB_CLIENT Microsoft Internet Explorer
Use-After-Free (CVE-2013-1346) (web_client.rules)
2806636 - ETPRO WEB_CLIENT Microsoft Internet Explorer
Use-After-Free 1 (CVE-2013-1348) (web_client.rules)
2806638 - ETPRO WEB_CLIENT Microsoft Internet Explorer
Use-After-Free 1 (CVE-2013-3150) (web_client.rules)
2806639 - ETPRO WEB_CLIENT Microsoft Internet Explorer
Use-After-Free 2 (CVE-2013-3150) (web_client.rules)
2806640 - ETPRO WEB_CLIENT Microsoft Internet Explorer
Use-After-Free 1 (CVE-2013-3152) (web_client.rules)
2806644 - ETPRO WEB_CLIENT Microsoft Internet Explorer
Use-After-Free (CVE-2013-3153) (web_client.rules)

[---] Removed rules: [---]

2017006 - ET EXPLOIT CVE-2013-1331 Microsoft Office PNG Exploit
plugin-detect script access (exploit.rules)
2820073 - ETPRO MALWARE Win32/Upgilf CnC Beacon (malware.rules)

Date:

Wednesday, June 15, 2022

Summary title:

11 new OPEN, 19 new PRO (11 + 8). Gamaredon APT, Bitter APT, Various Miners and Various Phishing.