Daily Ruleset Update Summary 2021/10/11

Daily Ruleset Update Summary

[***] Summary: [***]

13 new OPEN, 26 new PRO (13 + 13). CVE-2021-40870, CVE-2021-27513, Fin12,
Various Android/AhMyth RAT, Various PHISH.

Thanks: @ThingzEye

Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++] Added rules: [+++]

Open:

2034159 - ET EXPLOIT Aviatrix Controller Unrestricted File Upload with
Path Traversal Inbound (CVE-2021-40870) (exploit.rules)
2034160 - ET EXPLOIT Possible EyesOfNetwork Remote File Upload with PHP
WebShell Inbound (CVE-2021-27513) (exploit.rules)
2034161 - ET EXPLOIT RUIJIE NBR/RGNBR Command Injection Attempt Inbound
M1 (exploit.rules)
2034162 - ET EXPLOIT RUIJIE NBR/RGNBR Command Injection Attempt Inbound
M2 (exploit.rules)
2034163 - ET TROJAN Observed Malicious Fin12 Related SSL Cert
(serviceswork .net) (trojan.rules)
2034164 - ET TROJAN Android/AhMyth RAT Init Checkin (trojan.rules)
2034165 - ET TROJAN Android/AhMyth RAT WebSocket Session (trojan.rules)
2034166 - ET TROJAN Android/AhMyth RAT Command Inbound (Location Manager)
(trojan.rules)
2034167 - ET TROJAN Android/AhMyth RAT Command Inbound (Contacts Manager)
(trojan.rules)
2034168 - ET TROJAN Android/AhMyth RAT Command Inbound (SMS Manager)
(trojan.rules)
2034169 - ET TROJAN Android/AhMyth RAT Command Inbound (Call Manager)
(trojan.rules)
2034170 - ET TROJAN Android/AhMyth RAT Command Inbound (Files Manager)
(trojan.rules)
2034171 - ET TROJAN Android/AhMyth RAT Command Inbound (Camera Manager)
(trojan.rules)

Pro:

2850145 - ETPRO CURRENT_EVENTS Successful Generic Submission of Email
(current_events.rules)
2850146 - ETPRO CURRENT_EVENTS Generic Redirect to Password Form
(current_events.rules)
2850147 - ETPRO CURRENT_EVENTS Generic Password Form M1
(current_events.rules)
2850148 - ETPRO CURRENT_EVENTS Successful Generic Credential Phish POST
M1 (current_events.rules)
2850149 - ETPRO CURRENT_EVENTS Generic Redirect to Phone Number Form
(current_events.rules)
2850150 - ETPRO CURRENT_EVENTS Successful Generic Credential Phish POST
M2 (current_events.rules)
2850151 - ETPRO CURRENT_EVENTS Generic Password Form M2
(current_events.rules)
2850152 - ETPRO CURRENT_EVENTS Successful Generic Submission of Phone
Number (current_events.rules)
2850153 - ETPRO CURRENT_EVENTS Succesful Snapchat Phish 2021-10-11
(current_events.rules)
2850154 - ETPRO INFO Observed ActivTrak Monitoring Software SSL Cert
(info.rules)
2850155 - ETPRO INFO ActivTrak Monitoring Software Checkin (POST)
(info.rules)
2850156 - ETPRO CURRENT_EVENTS Successful Generic Phish (DE) 2021-10-11
(current_events.rules)
2850157 - ETPRO CURRENT_EVENTS Successful Generic Phish 2021-10-11
(current_events.rules)

[///] Modified active rules: [///]

2030231 - ET TROJAN SHLAYER CnC (trojan.rules)
2814778 - ETPRO TROJAN TinyLoader.D CnC Initiial Beacon x86 (trojan.rules)

Date:

Monday, October 11, 2021

Summary title:

13 new OPEN, 26 new PRO (13 + 13). CVE-2021-40870, CVE-2021-27513, Fin12, Various Android/AhMyth RAT, Various PHISH.