Daily Ruleset Update Summary
Daily Ruleset Update Summary 2022/07/04

[***] Summary: [***]

5 new OPEN, 9 new PRO (5 + 4). SilentLibrarian, Misc PowerShell,
CoinMiners

Thanks @TeamDreier

Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++] Added rules: [+++]

Open:

2037256 - ET MALWARE Observed Malicious SSL/TLS Certificate
(SilentLibrarian) (malware.rules)
2037257 - ET MALWARE Observed Malicious SSL/TLS Certificate
(SilentLibrarian) (malware.rules)
2037258 - ET MALWARE Observed Malicious SSL/TLS Certificate
(SilentLibrarian) (malware.rules)
2037259 - ET MALWARE Observed Malicious SSL/TLS Certificate
(SilentLibrarian) (malware.rules)
2037260 - ET MALWARE Observed Malicious SSL/TLS Certificate
(SilentLibrarian) (malware.rules)

Pro:

2851853 - ETPRO COINMINER CoinMiner Known Malicious Stratum Authline
(2022-07-02 1) (coinminer.rules)
2851854 - ETPRO COINMINER CoinMiner Known Malicious Stratum Authline
(2022-07-02 2) (coinminer.rules)
2851855 - ETPRO ATTACK_RESPONSE Possible PowerShell/MSF Stager Inbound
(attack_response.rules)
2851856 - ETPRO HUNTING PowerShell Script Writing File with New
exe/dll/sys Extension Inbound (hunting.rules)

[///] Modified active rules: [///]

2037253 - ET ATTACK_RESPONSE PowerShell Geo Check Before Execution
(attack_response.rules)

[---] Disabled and modified rules: [---]

2017479 - ET WEB_CLIENT Internet Explorer Memory Corruption Inbound
(CVE-2013-3893) (web_client.rules)
2017510 - ET EXPLOIT Metasploit Exploit Specific Function Naming
(exploit.rules)
2806976 - ETPRO WEB_CLIENT Microsoft Internet Explorer Use-After-Free
CVE-2013-3205 (web_client.rules)
2807098 - ETPRO WEB_CLIENT Microsoft Internet Explorer Use-After-Free
CVE-2013-3871 1 (web_client.rules)
2807099 - ETPRO WEB_CLIENT Microsoft Internet Explorer Use-After-Free
CVE-2013-3871 2 (web_client.rules)

[---] Removed rules: [---]

2017477 - ET WEB_CLIENT CVE-2013-3893 Possible IE Memory Corruption
Vulnerability with HXDS ASLR Bypass (web_client.rules)

---------------------------------------

James Emery-Callcott
Security Researcher | ProofPoint Inc | Emerging Threats Team

Date:
Summary title:
5 new OPEN, 9 new PRO (5 + 4). SilentLibrarian, Misc PowerShell, CoinMiners