[***] Summary: [***]

8 new OPEN, 16 new PRO (8 + 8). Bazaloader Variant, CVE-2021-36260,
Maldoc Activity, Others.

Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++] Added rules: [+++]

Open:

2034630 - ET EXPLOIT Hikvision IP Camera RCE Attempt (CVE-2021-36260)
(exploit.rules)
2034631 - ET TROJAN Maldoc Activity (set) (trojan.rules)
2034632 - ET TROJAN Maldoc Retrieving Binary (Likely Trickbot)
(trojan.rules)
2034633 - ET TROJAN APT15/NICKEL KETRUM CnC Activity (POST) (trojan.rules)
2034634 - ET INFO webhook .site in TLS SNI (info.rules)
2034635 - ET INFO Python BaseHTTP ServerBanner (info.rules)
2034636 - ET INFO Python SimpleHTTP ServerBanner (info.rules)
2034637 - ET INFO Suspicious GET Request (Likely Pentester CnC)
(info.rules)

Pro:

2850648 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-12-07 1) (trojan.rules)
2850649 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-12-07 2) (trojan.rules)
2850650 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-12-07 3) (trojan.rules)
2850651 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-12-07 4) (trojan.rules)
2850652 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-12-07 5) (trojan.rules)
2850654 - ETPRO TROJAN Possible Bazaloader Variant Activity (trojan.rules)
2850655 - ETPRO TROJAN Possible Bazaloader Variant Activity (trojan.rules)

[///] Modified active rules: [///]

2030208 - ET TROJAN Suspected APT15/NICKEL KETRUM CnC Activity (GET)
(trojan.rules)

---------------------------------------

James Emery-Callcott
Security Researcher | ProofPoint Inc | Emerging Threats Team