[***] Summary: [***]
5 new OPEN, 9 new PRO (5 + 4). SilentLibrarian, Misc PowerShell,
CoinMiners
Thanks @TeamDreier
Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback
[+++] Added rules: [+++]
Open:
2037256 - ET MALWARE Observed Malicious SSL/TLS Certificate
(SilentLibrarian) (malware.rules)
2037257 - ET MALWARE Observed Malicious SSL/TLS Certificate
(SilentLibrarian) (malware.rules)
2037258 - ET MALWARE Observed Malicious SSL/TLS Certificate
(SilentLibrarian) (malware.rules)
2037259 - ET MALWARE Observed Malicious SSL/TLS Certificate
(SilentLibrarian) (malware.rules)
2037260 - ET MALWARE Observed Malicious SSL/TLS Certificate
(SilentLibrarian) (malware.rules)
Pro:
2851853 - ETPRO COINMINER CoinMiner Known Malicious Stratum Authline
(2022-07-02 1) (coinminer.rules)
2851854 - ETPRO COINMINER CoinMiner Known Malicious Stratum Authline
(2022-07-02 2) (coinminer.rules)
2851855 - ETPRO ATTACK_RESPONSE Possible PowerShell/MSF Stager Inbound
(attack_response.rules)
2851856 - ETPRO HUNTING PowerShell Script Writing File with New
exe/dll/sys Extension Inbound (hunting.rules)
[///] Modified active rules: [///]
2037253 - ET ATTACK_RESPONSE PowerShell Geo Check Before Execution
(attack_response.rules)
[---] Disabled and modified rules: [---]
2017479 - ET WEB_CLIENT Internet Explorer Memory Corruption Inbound
(CVE-2013-3893) (web_client.rules)
2017510 - ET EXPLOIT Metasploit Exploit Specific Function Naming
(exploit.rules)
2806976 - ETPRO WEB_CLIENT Microsoft Internet Explorer Use-After-Free
CVE-2013-3205 (web_client.rules)
2807098 - ETPRO WEB_CLIENT Microsoft Internet Explorer Use-After-Free
CVE-2013-3871 1 (web_client.rules)
2807099 - ETPRO WEB_CLIENT Microsoft Internet Explorer Use-After-Free
CVE-2013-3871 2 (web_client.rules)
[---] Removed rules: [---]
2017477 - ET WEB_CLIENT CVE-2013-3893 Possible IE Memory Corruption
Vulnerability with HXDS ASLR Bypass (web_client.rules)
---------------------------------------
James Emery-Callcott
Security Researcher | ProofPoint Inc | Emerging Threats Team