[***] Summary: [***]

14 new OPEN, 17 new PRO (14 + 3). Multiple CVE, ABCbot, EtterSilent
Maldoc Builder.

Thanks @360Netlab

Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

We are hiring a Threat Detection Engineer!
https://proofpoint.wd5.myworkdayjobs.com/ProofpointCareers/job/Illinois…

[+++] Added rules: [+++]

Open:

2034479 - ET TROJAN ABCbot CnC Instruction (stop) (trojan.rules)
2034480 - ET EXPLOIT Attempted IDSVSE IP Camera RCE (exploit.rules)
2034481 - ET EXPLOIT Ultimate POS 4.4 Cross-Site Scripting (XSS) -
Outbound (exploit.rules)
2034482 - ET EXPLOIT Ultimate POS 4.4 Cross-Site Scripting (XSS) -
Inbound (exploit.rules)
2034483 - ET TROJAN ABCbot CnC Exfil (trojan.rules)
2034484 - ET TROJAN ABCbot CnC Instruction (syn) (trojan.rules)
2034485 - ET TROJAN ABCbot CnC Instruction (dns) (trojan.rules)
2034486 - ET TROJAN ABCbot CnC Instruction (bigudp) (trojan.rules)
2034487 - ET CURRENT_EVENTS Successful Facebook Credential Phish
2021-11-16 (current_events.rules)
2034488 - ET EXPLOIT Guangzhou 1GE ONU OS Command Execution
(CVE-2020-8958) (exploit.rules)
2034489 - ET EXPLOIT Tenda OS Command Injection (CVE-2020-10987)
(GET) (exploit.rules)
2034490 - ET EXPLOIT Possible Tenda OS Command Injection
(CVE-2020-10987) (POST) (exploit.rules)
2034491 - ET EXPLOIT D-Link HNAP SOAPAction Command Injection
(CVE-2015-2051) (exploit.rules)
2034492 - ET EXPLOIT Kaseya VSA ManagedITSync SQL Injection
(CVE-2017-18362) (exploit.rules)

Pro:

2850479 - ETPRO POLICY Your Freedom VPN - CGI Relay Server Lookup
(policy.rules)
2850480 - ETPRO POLICY Your Freedom VPN - Bing Search (policy.rules)
2850485 - ETPRO TROJAN EtterSilent Maldoc Builder Requesting Payload
(trojan.rules)

[///] Modified active rules: [///]

2010965 - ET WEB_SERVER SHOW VARIABLES SQL Injection Attempt in URI
(web_server.rules)