Daily Ruleset Update Summary
Daily Ruleset Update Summary 2022/06/20

[***] Summary: [***]

2 new OPEN, 5 new PRO (2 + 3). Win32/GarboLowIQStealer, Win32/Blocapi,
Others.

Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++] Added rules: [+++]

Open:

2037040 - ET EXPLOIT Possible Zimbra Autodiscover Servlet XXE
(CVE-2019-9670) (exploit.rules)
2037041 - ET EXPLOIT Apache Tommcat/JBoss RCE Inbound (CVE-2013-4810)
(exploit.rules)

Pro:

2851804 - ETPRO COINMINER CoinMiner Known Malicious Stratum Authline
(2022-06-18 1) (coinminer.rules)
2851805 - ETPRO MALWARE Win32/Blocapi CnC Checkin via SMTP (malware.rules)
2851806 - ETPRO MALWARE Win32/GarboLowIQStealer CnC Checkin via SMTP
(malware.rules)

[///] Modified active rules: [///]

2031143 - ET WEB_SPECIFIC_APPS Possible Oracle WebLogic RCE Inbound M1
(CVE-2020-14882) (web_specific_apps.rules)
2031147 - ET WEB_SPECIFIC_APPS Oracle WebLogic RCE Shell Inbound M2
(CVE-2020-14882) (web_specific_apps.rules)
2031184 - ET WEB_SPECIFIC_APPS Possible Oracle WebLogic RCE Inbound M2
(CVE-2020-14882) (web_specific_apps.rules)
2031185 - ET WEB_SPECIFIC_APPS Possible Oracle WebLogic RCE Inbound M3
(CVE-2020-14882) (web_specific_apps.rules)
2031186 - ET WEB_SPECIFIC_APPS Possible Oracle WebLogic RCE Inbound M4
(CVE-2020-14882) (web_specific_apps.rules)
2031187 - ET WEB_SPECIFIC_APPS Possible Oracle WebLogic RCE Inbound M5
(CVE-2020-14882) (web_specific_apps.rules)
2031245 - ET WEB_SPECIFIC_APPS Possible Oracle WebLogic RCE Inbound M6
(CVE-2020-14882) (web_specific_apps.rules)
2036598 - ET EXPLOIT Attempted ThinkPHP < 5.2.x RCE Inbound
(CVE-2018-20062) (exploit.rules)
2036599 - ET EXPLOIT Attempted ThinkPHP < 5.2.x RCE Outbound
(CVE-2018-20062) (exploit.rules)
2834775 - ETPRO EXPLOIT Observed NoneCMS Code Execution Attempt
(CVE-2018-20062) M1 (exploit.rules)
2834776 - ETPRO EXPLOIT Observed NoneCMS Code Execution Attempt
(CVE-2018-20062) M2 (exploit.rules)
2834795 - ETPRO EXPLOIT Observed NoneCMS Code Execution Attempt
(CVE-2018-20062) M3 (exploit.rules)
2836503 - ETPRO EXPLOIT Attempted THINKPHP < 5.2.x RCE Inbound
(CVE-2018-20062) (exploit.rules)
2836504 - ETPRO EXPLOIT Attempted THINKPHP < 5.2.x RCE Outbound
(CVE-2018-20062) (exploit.rules)

---------------------------------------

James Emery-Callcott
Security Researcher | ProofPoint Inc | Emerging Threats Team

Date:
Summary title:
2 new OPEN, 5 new PRO (2 + 3). Win32/GarboLowIQStealer, Win32/Blocapi, Others.