[***] Summary: [***]

9 new OPEN, 13 new PRO (9 + 4). VMware Vulnerabilities, Sidecopy APT, Hancitor, Kevdroid, Generic Phishing

Thanks @Jane_0stin, @MBThreatIntel

Proofpoint is looking to hire a Product Manager to oversee the Emerging Threats products group. Interested? Check out the posting here<https://proofpoint.wd5.myworkdayjobs.com/ProofpointCareers/job/Sunnyval…;, and reach out with any questions.

Please share issues, feedback, and requests at https://feedback.emergingthreats.net/feedback

[+++] Added rules: [+++]

Open:

2034582 - ET EXPLOIT VMware vCenter Unauthorized File Read Inbound (exploit.rules)

2034583 - ET EXPLOIT VMware vCenter SSRF Inbound (exploit.rules)

2034584 - ET TROJAN TA505 P2P CnC Checkin (trojan.rules)

2034585 - ET TROJAN Win32/Hancitor Checkin (trojan.rules)

2034586 - ET TROJAN Sidecopy APT Related CnC Domain in DNS Lookup (afrepublic .xyz) (trojan.rules)

2034587 - ET TROJAN Sidecopy APT Related CnC Domain in DNS Lookup (newsroom247 .xyz) (trojan.rules)

2034588 - ET TROJAN Sidecopy APT Related CnC Domain in DNS Lookup (afghannewsnetwork .com) (trojan.rules)

2034589 - ET TROJAN Sidecopy APT Related CnC Domain in DNS Lookup (republicofaf .xyz) (trojan.rules)

2034590 - ET EXPLOIT NodeBB Path Traversal (CVE-2021-43788) (exploit.rules)

Pro:

2850632 - ETPRO MOBILE_MALWARE Android.Trojan.KevDroid.C Activity (mobile_malware.rules)

2850634 - ETPRO CURRENT_EVENTS Successful Generic Phish 2021-12-06 (current_events.rules)

2850635 - ETPRO CURRENT_EVENTS Generic Phish Landing Page 2021-12-06 (current_events.rules)