Daily Ruleset Update Summary 2022/10/17

Daily Ruleset Update Summary

[***] Summary: [***]

9 new OPEN, 14 new PRO (9 + 5) Lumma Stealer, FortiOS Auth Bypass,
Hawkeye Keylogger

Thanks @MalGamy12 @DLL_Cool_J

Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++] Added rules: [+++]

Open:

2039419 - ET WEB_SERVER Successful FortiOS Auth Bypass Attempt - SSH Key
Upload (CVE-2022-40684) (web_server.rules)
2039420 - ET WEB_SERVER Successful FortiOS Auth Bypass Attempt - Admin
Details Leaked (CVE-2022-40684) (web_server.rules)
2039421 - ET MALWARE Observed DNS Query to Cryptojacking Domain (a-dog
.top) (malware.rules)
2039422 - ET USER_AGENTS Supicious User-Agent (RT/1.0) (user_agents.rules)
2039423 - ET MALWARE Win32/Lumma Stealer Data Exfiltration Attempt
(malware.rules)
2039424 - ET MALWARE Win32/Lumma Stealer CnC Domain (evetesttech .net) in
DNS Lookup (malware.rules)
2039425 - ET MALWARE Win32/Lumma Stealer CnC Domain (765mm .xyz) in DNS
Lookup (malware.rules)
2039426 - ET MALWARE Win32/Lumma Stealer CnC Domain (safe-car .ru) in DNS
Lookup (malware.rules)
2039427 - ET MALWARE SocGholish Domain in DNS Lookup (festival
.robingaster .com) (malware.rules)

Pro:

2852595 - ETPRO COINMINER CoinMiner Known Malicious Stratum Authline
(2022-10-14 1) (coinminer.rules)
2852596 - ETPRO PHISHING Successful Wells Fargo Phish 2022-10-17
(phishing.rules)
2852597 - ETPRO MALWARE MSIL/Hawkeye Keylogger Activity (malware.rules)

[///] Modified active rules: [///]

2039173 - ET WEB_SERVER [Cluster25] FortiOS Auth Bypass Attempt
(CVE-2022-40684) (web_server.rules)

Date:

Monday, October 17, 2022

Summary title:

9 new OPEN, 14 new PRO (9 + 5) Lumma Stealer, FortiOS Auth Bypass, Hawkeye Keylogger