[***] Summary: [***]
5 new OPEN, 12 new PRO (5 + 7) CVE-2021-44077, AgentTesla,
Win64/Agent.NL, Lowzones and VARIOUS Phishing and CoinMiners.
Want to come with Emerging Threats? Consider applying https://t.co/rqnzCGdo7B
Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback
[+++] Added rules: [+++]
Open:
2034577 - ET EXPLOIT [CISA AA21-336A] Suspicious POST Request -
Possible Exploitation Activity (CVE-2021-44077) (exploit.rules)
2034578 - ET EXPLOIT IE Scripting Engine Memory Corruption
Vulnerability M2 (CVE-2019-0752) (exploit.rules)
2034579 - ET TROJAN AgentTesla Communicating with CnC Server (trojan.rules)
2034580 - ET TROJAN Win64/Agent.NL Variant CnC Activity (trojan.rules)
2034581 - ET INFO Terse Request for .txt - Likely Hostile (info.rules)
Pro:
2850625 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-12-03 1) (trojan.rules)
2850626 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-12-03 2) (trojan.rules)
2850627 - ETPRO CURRENT_EVENTS Successful Generic Phish 2021-12-03
(current_events.rules)
2850628 - ETPRO CURRENT_EVENTS Successful Generic Phish 2021-12-03
(current_events.rules)
2850629 - ETPRO TROJAN Possible Lowzones Trojan Activity (trojan.rules)
2850630 - ETPRO CURRENT_EVENTS Successful Generic Phish 2021-12-03
(current_events.rules)
2850631 - ETPRO CURRENT_EVENTS Generic Phish Landing Page 2021-12-03
(current_events.rules)
[///] Modified active rules: [///]
2027721 - ET EXPLOIT IE Scripting Engine Memory Corruption
Vulnerability M1 (CVE-2019-0752) (exploit.rules)
2034576 - ET EXPLOIT Netgear DGN Remote Code Execution (exploit.rules)
2850555 - ETPRO TROJAN TeamBot CnC Activity (trojan.rules)
[---] Removed rules: [---]
2034007 - ET WEB_SERVER Possible WebShell Access Inbound [exec] M2
(CISA AA21-259A) (web_server.rules)
2034008 - ET WEB_SERVER Possible WebShell Access Inbound [exec] M3
(CISA AA21-259A) (web_server.rules)
2034010 - ET WEB_SERVER Possible WebShell Access Inbound [upload] M2
(CISA AA21-259A) (web_server.rules)
2034011 - ET WEB_SERVER Possible WebShell Access Inbound [upload] M3
(CISA AA21-259A) (web_server.rules)
2828212 - ETPRO TROJAN AgentTesla Communicating with CnC Server (trojan.rules)