Daily Ruleset Update Summary
Daily Ruleset Update Summary 2022/11/16

[***] Summary: [***]

6 new OPEN, 10 new PRO (6 + 4). Cobalt Strike, Various CVE and Win32/VB.PNU

Thanks @malware_traffic

The Emerging Threats mailing list is migrating to Discourse. Please
visit us at https://community.emergingthreats.net

We will announce the mailing list retirement date in the near future.

[+++] Added rules: [+++]

Open:

2039793 - ET MALWARE Observed Malicious SSL/TLS Certificate
(CobaltStrike C2) (malware.rules)
2039794 - ET EXPLOIT GL iNet MTN300n Command Injection Attempt
Inbound (CVE-2022-31898) (exploit.rules)
2039795 - ET INFO GameHouse License Check (info.rules)
2039796 - ET INFO External File Sharing Service in DNS Lookup
(sharefile .com) (info.rules)
2039797 - ET MALWARE Win32/VB.PNU CnC Checkin (malware.rules)
2039798 - ET MALWARE SocGholish Domain in DNS Lookup (factors .djbel
.com) (malware.rules)

Pro:

2852822 - ETPRO MALWARE Win32/Remcos RAT Checkin 848 (malware.rules)
2852823 - ETPRO MALWARE Win32/Remcos RAT Checkin 849 (malware.rules)
2852824 - ETPRO MALWARE Maldoc Related Domain in DNS Lookup (malware.rules)
2852825 - ETPRO MALWARE Maldoc Related Domain in DNS Lookup (malware.rules)

[///] Modified active rules: [///]

2827990 - ETPRO MALWARE Malicious Miner Downloading CoinMiner
Configuration M2 (malware.rules)
2843641 - ETPRO MALWARE Win32/Alyak.G Variant CnC Activity (malware.rules)

[---] Disabled and modified rules: [---]

2807998 - ETPRO EXPLOIT Possible CVE-2014-0515 Flash Buffer Overflow
(exploit.rules)
2808038 - ETPRO WEB_CLIENT Microsoft Internet Explorer Use After
free (CVE-2014-0310) (web_client.rules)
2808144 - ETPRO WEB_CLIENT Microsoft Internet Explorer Use After
free (CVE-2014-1766) (web_client.rules)
2808145 - ETPRO WEB_CLIENT Microsoft Internet Explorer Use After
free 1 (CVE-2014-1785) (web_client.rules)
2808146 - ETPRO WEB_CLIENT Microsoft Internet Explorer Use After
free 2 (CVE-2014-1785) (web_client.rules)
2808148 - ETPRO WEB_CLIENT Microsoft Internet Explorer Use After
free (CVE-2014-1791) (web_client.rules)
2808231 - ETPRO WEB_CLIENT Possible Acrobat Reader Privilaged API
Acess CVE-2014-0521 (web_client.rules)

Date:
Summary title:
6 new OPEN, 10 new PRO (6 + 4). Cobalt Strike, Various CVE and Win32/VB.PNU