[***] Summary: [***]
9 new OPEN, 13 new PRO (9 + 4). VMware Vulnerabilities, Sidecopy APT, Hancitor, Kevdroid, Generic Phishing
Thanks @Jane_0stin, @MBThreatIntel
Proofpoint is looking to hire a Product Manager to oversee the Emerging Threats products group. Interested? Check out the posting here<https://proofpoint.wd5.myworkdayjobs.com/ProofpointCareers/job/Sunnyval…;, and reach out with any questions.
Please share issues, feedback, and requests at https://feedback.emergingthreats.net/feedback
[+++] Added rules: [+++]
Open:
2034582 - ET EXPLOIT VMware vCenter Unauthorized File Read Inbound (exploit.rules)
2034583 - ET EXPLOIT VMware vCenter SSRF Inbound (exploit.rules)
2034584 - ET TROJAN TA505 P2P CnC Checkin (trojan.rules)
2034585 - ET TROJAN Win32/Hancitor Checkin (trojan.rules)
2034586 - ET TROJAN Sidecopy APT Related CnC Domain in DNS Lookup (afrepublic .xyz) (trojan.rules)
2034587 - ET TROJAN Sidecopy APT Related CnC Domain in DNS Lookup (newsroom247 .xyz) (trojan.rules)
2034588 - ET TROJAN Sidecopy APT Related CnC Domain in DNS Lookup (afghannewsnetwork .com) (trojan.rules)
2034589 - ET TROJAN Sidecopy APT Related CnC Domain in DNS Lookup (republicofaf .xyz) (trojan.rules)
2034590 - ET EXPLOIT NodeBB Path Traversal (CVE-2021-43788) (exploit.rules)
Pro:
2850632 - ETPRO MOBILE_MALWARE Android.Trojan.KevDroid.C Activity (mobile_malware.rules)
2850634 - ETPRO CURRENT_EVENTS Successful Generic Phish 2021-12-06 (current_events.rules)
2850635 - ETPRO CURRENT_EVENTS Generic Phish Landing Page 2021-12-06 (current_events.rules)