Daily Ruleset Update Summary 2022/10/20

Daily Ruleset Update Summary

[***] Summary: [***]

25 new OPEN, 29 new PRO (25 + 4) FortiOS Auth Bypass, Various Phish,
Win32/Nymaim

Thanks @AWNetworks

Due to the observation of an internal holiday, there will be no release
Tomorrow, October 21, 2022.

Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++] Added rules: [+++]

Open:

2039485 - ET WEB_SERVER Successful FortiOS Auth Bypass Attempt - Config
Leaked (CVE-2022-40684) (web_server.rules)
2039486 - ET INFO e-utp DNS Over HTTPS Certificate Inbound (info.rules)
2039487 - ET INFO Edgy DNS Over HTTPS Certificate Inbound (info.rules)
2039488 - ET INFO Faelix DNS Over HTTPS Certificate Inbound (info.rules)
2039489 - ET INFO ffmuc DNS Over HTTPS Certificate Inbound (info.rules)
2039490 - ET INFO FutaDNS DNS Over HTTPS Certificate Inbound (info.rules)
2039491 - ET INFO Hitian .me DNS Over HTTPS Certificate Inbound
(info.rules)
2039492 - ET INFO Ibksturm DNS Over HTTPS Certificate Inbound (info.rules)
2039493 - ET INFO Internet Initiative Japan DNS Over HTTPS Certificate
Inbound (info.rules)
2039494 - ET INFO Infotek DNS Over HTTPS Certificate Inbound (info.rules)
2039495 - ET INFO IQDNS DNS Over HTTPS Certificate Inbound (info.rules)
2039496 - ET INFO jp.tiar DNS Over HTTPS Certificate Inbound (info.rules)
2039497 - ET INFO jp.tiar DNS Over HTTPS Certificate Inbound (info.rules)
2039498 - ET INFO La Contre-Voie DNS Over HTTPS Certificate Inbound
(info.rules)
2039499 - ET INFO Lars Lehmn DNS Over HTTPS Certificate Inbound
(info.rules)
2039500 - ET INFO LavaDNS DNS Over HTTPS Certificate Inbound (info.rules)
2039501 - ET INFO LibreDNS DNS Over HTTPS Certificate Inbound (info.rules)
2039502 - ET INFO Limo Telu DNS Over HTTPS Certificate Inbound
(info.rules)
2039504 - ET INFO QR Code Generator Domain in DNS Lookup (qrco .de)
(info.rules)
2039505 - ET INFO QR Code Generator Domain in DNS Lookup
(qr-code-generator .com) (info.rules)
2039506 - ET PHISHING Successful Generic Credential Phish 2022-10-20
(phishing.rules)
2039507 - ET PHISHING Successful Generic Credential Phish 2022-10-20
(phishing.rules)
2039508 - ET PHISHING Generic Credential Phish Landing Page 2022-10-20
(phishing.rules)
2039509 - ET PHISHING Successful Luno Credential Phish 2022-10-20
(phishing.rules)
2039510 - ET MALWARE SocGholish Domain in DNS Lookup (chess
.north-atlantic .com) (malware.rules)

Pro:

2852642 - ETPRO MALWARE Possible Havoc Framework SSL Certificate Observed
(malware.rules)
2852643 - ETPRO MALWARE WinGo/Agent.IE Exfil (malware.rules)
2852644 - ETPRO PHISHING Successful Instagram Phish 2022-10-20
(phishing.rules)
2852645 - ETPRO MALWARE Win32/Nymaim Variant Checkin (POST)
(malware.rules)

[///] Modified active rules: [///]

2016757 - ET MALWARE W32/Nymaim Checkin M2 (malware.rules)
2039173 - ET WEB_SERVER [Cluster25] FortiOS Auth Bypass Attempt
(CVE-2022-40684) (web_server.rules)
2039419 - ET WEB_SERVER Successful FortiOS Auth Bypass Attempt - SSH Key
Upload (CVE-2022-40684) (web_server.rules)
2039420 - ET WEB_SERVER Successful FortiOS Auth Bypass Attempt -
Administrative Details Leaked (CVE-2022-40684) (web_server.rules)
2039470 - ET EXPLOIT Possible Apache Text4shell RCE Attempt JEXL Path
(CVE-2022-42889) (Inbound) (exploit.rules)
2039471 - ET EXPLOIT Possible Apache Text4shell RCE Attempt JEXL Path
(CVE-2022-42889) (Outbound) (exploit.rules)

[---] Removed rules: [---]

2852554 - ETPRO MALWARE Possible Havoc Framework SSL Certificate Observed
(malware.rules)
2852555 - ETPRO MALWARE Possible Havoc Framework SSL Certificate Observed
(malware.rules)
2852556 - ETPRO MALWARE Possible Havoc Framework SSL Certificate Observed
(malware.rules)
2852557 - ETPRO MALWARE Possible Havoc Framework SSL Certificate Observed
(malware.rules)
2852558 - ETPRO MALWARE Possible Havoc Framework SSL Certificate Observed
(malware.rules)
2852559 - ETPRO MALWARE Possible Havoc Framework SSL Certificate Observed
(malware.rules)
2852560 - ETPRO MALWARE Possible Havoc Framework SSL Certificate Observed
(malware.rules)
2852561 - ETPRO MALWARE Possible Havoc Framework SSL Certificate Observed
(malware.rules)
2852562 - ETPRO MALWARE Possible Havoc Framework SSL Certificate Observed
(malware.rules)
2852563 - ETPRO MALWARE Possible Havoc Framework SSL Certificate Observed
(malware.rules)
2852564 - ETPRO MALWARE Possible Havoc Framework SSL Certificate Observed
(malware.rules)
2852565 - ETPRO MALWARE Possible Havoc Framework SSL Certificate Observed
(malware.rules)
2852566 - ETPRO MALWARE Possible Havoc Framework SSL Certificate Observed
(malware.rules)
2852567 - ETPRO MALWARE Possible Havoc Framework SSL Certificate Observed
(malware.rules)
2852568 - ETPRO MALWARE Possible Havoc Framework SSL Certificate Observed
(malware.rules)
2852569 - ETPRO MALWARE Possible Havoc Framework SSL Certificate Observed
(malware.rules)
2852570 - ETPRO MALWARE Possible Havoc Framework SSL Certificate Observed
(malware.rules)
2852571 - ETPRO MALWARE Possible Havoc Framework SSL Certificate Observed
(malware.rules)
2852572 - ETPRO MALWARE Possible Havoc Framework SSL Certificate Observed
(malware.rules)
2852573 - ETPRO MALWARE Possible Havoc Framework SSL Certificate Observed
(malware.rules)
2852574 - ETPRO MALWARE Possible Havoc Framework SSL Certificate Observed
(malware.rules)
2852575 - ETPRO MALWARE Possible Havoc Framework SSL Certificate Observed
(malware.rules)
2852576 - ETPRO MALWARE Possible Havoc Framework SSL Certificate Observed
(malware.rules)
2852577 - ETPRO MALWARE Possible Havoc Framework SSL Certificate Observed
(malware.rules)
2852578 - ETPRO MALWARE Possible Havoc Framework SSL Certificate Observed
(malware.rules)
2852579 - ETPRO MALWARE Possible Havoc Framework SSL Certificate Observed
(malware.rules)
2852580 - ETPRO MALWARE Possible Havoc Framework SSL Certificate Observed
(malware.rules)
2852581 - ETPRO MALWARE Possible Havoc Framework SSL Certificate Observed
(malware.rules)
2852582 - ETPRO MALWARE Possible Havoc Framework SSL Certificate Observed
(malware.rules)
2852583 - ETPRO MALWARE Possible Havoc Framework SSL Certificate Observed
(malware.rules)
2852584 - ETPRO MALWARE Possible Havoc Framework SSL Certificate Observed
(malware.rules)
2852585 - ETPRO MALWARE Possible Havoc Framework SSL Certificate Observed
(malware.rules)
2852586 - ETPRO MALWARE Possible Havoc Framework SSL Certificate Observed
(malware.rules)
2852587 - ETPRO MALWARE Possible Havoc Framework SSL Certificate Observed
(malware.rules)
2852588 - ETPRO MALWARE Possible Havoc Framework SSL Certificate Observed
(malware.rules)
2852589 - ETPRO MALWARE Possible Havoc Framework SSL Certificate Observed
(malware.rules)
2852590 - ETPRO MALWARE Possible Havoc Framework SSL Certificate Observed
(malware.rules)
2852591 - ETPRO MALWARE Possible Havoc Framework SSL Certificate Observed
(malware.rules)
2852592 - ETPRO MALWARE Possible Havoc Framework SSL Certificate Observed
(malware.rules)

Date:

Thursday, October 20, 2022

Summary title:

25 new OPEN, 29 new PRO (25 + 4) FortiOS Auth Bypass, Various Phish, Win32/Nymaim