[Emerging-Sigs] Out-of-Band Ruleset Update Summary 2021/12/12

James Emery-Callcott jcallcott at emergingthreats.net
Sun Dec 12 16:19:28 HST 2021


[***]            Summary:            [***]

  We are releasing several new signatures to further assist with the
detection of CVE-2021-44228 activity.

  This update includes detection for new obfuscation techniques observed
ITW.  It is important to note that 2034671 and 2034672 are disabled by
default due to performance. These signatures are now live in the OPEN & PRO
production rulesets across all of our supported IDS engines.

  Let us know if you have any questions about the vulnerability or
out-of-band signatures in this release.

[+++]          Added rules:          [+++]

Open:

 2034671 - ET EXPLOIT Apache log4j RCE Attempt - 2021/12/12 Obfuscation
Observed M1 (CVE-2021-44228) (exploit.rules)
 2034672 - ET EXPLOIT Apache log4j RCE Attempt - 2021/12/12 Obfuscation
Observed M1 (CVE-2021-44228) (exploit.rules)
 2034673 - ET EXPLOIT Possible Apache log4j RCE Attempt - 2021/12/12
Obfuscation Observed M2 (CVE-2021-44228) (exploit.rules)
 2034674 - ET EXPLOIT Possible Apache log4j RCE Attempt - 2021/12/12
Obfuscation Observed M2 (CVE-2021-44228) (exploit.rules)


---------------------------------------

James Emery-Callcott
Security Researcher | ProofPoint Inc | Emerging Threats Team
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-sigs/attachments/20211213/f4c3f190/attachment.html>


More information about the Emerging-sigs mailing list