Daily Ruleset Update Summary 2022/06/21

Daily Ruleset Update Summary

[***] Summary: [***]

13 new OPEN, 21 new PRO (13 + 8) Win32/IceXLoader, Log4j RCE,
Win64/Agent.BP, GCleaner, Remcos and Various Phishing.

Thanks @Fortinet

Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++] Added rules: [+++]

Open:

2037042 - ET INFO External IP Lookup Domain in DNS Lookup (ipwho
.is) (info.rules)
2037043 - ET MALWARE Win32/IceXLoader Sending Initial Checkin (POST)
(malware.rules)
2037044 - ET MALWARE Win32/IceXLoader Sending Command
Acknowledgement (POST) (malware.rules)
2037045 - ET MALWARE Win32/IceXLoader Sending System Information
(POST) (malware.rules)
2037046 - ET EXPLOIT Possible Apache log4j RCE Attempt - HTTP URI
Obfuscation (CVE-2021-44228) (Inbound) (exploit.rules)
2037047 - ET EXPLOIT Possible Apache log4j RCE Attempt - HTTP URI
Obfuscation (CVE-2021-44228) (Outbound) (exploit.rules)
2037048 - ET PHISHING Generic Credential Phish Landing Page
2022-06-21 (phishing.rules)
2037049 - ET PHISHING Apple Credential Phish Landing Page M1
2022-06-21 (phishing.rules)
2037050 - ET PHISHING Apple Credential Phish Landing Page M2
2022-06-21 (phishing.rules)
2037051 - ET PHISHING Facebook Credential Phish Landing Page
2022-06-21 (phishing.rules)
2037052 - ET PHISHING Successful Adobe Credential Phish 2022-06-21
(phishing.rules)
2037053 - ET MALWARE Win64/Agent.BP Checkin (malware.rules)
2037054 - ET MALWARE Win64/Agent.BP System Info Exfil (malware.rules)

Pro:

2851807 - ETPRO COINMINER CoinMiner Known Malicious Stratum Authline
(2022-06-21 1) (coinminer.rules)
2851808 - ETPRO COINMINER CoinMiner Known Malicious Stratum Authline
(2022-06-21 2) (coinminer.rules)
2851809 - ETPRO COINMINER CoinMiner Known Malicious Stratum Authline
(2022-06-21 3) (coinminer.rules)
2851810 - ETPRO COINMINER CoinMiner Known Malicious Stratum Authline
(2022-06-21 4) (coinminer.rules)
2851811 - ETPRO MALWARE GCleaner Downloader Activity M6 (malware.rules)
2851812 - ETPRO HUNTING Suspicious Zipped Filename in Outbound POST
Request (Exceptions.log) (hunting.rules)
2851813 - ETPRO MALWARE Win32/Remcos RAT Checkin 802 (malware.rules)
2851814 - ETPRO MALWARE Win32/Remcos RAT Checkin 803 (malware.rules)

[///] Modified active rules: [///]

2849172 - ETPRO MALWARE TontoTeam APT Related Bisonal CnC Activity
(malware.rules)

Date:

Tuesday, June 21, 2022

Summary title:

13 new OPEN, 21 new PRO (13 + 8) Win32/IceXLoader, Log4j RCE, Win64/Agent.BP, GCleaner, Remcos and Various Phishing.