[***]            Summary:            [***]

24 new Pro. sLoad Cert, AscentorLoader, Weblogic Server Deserialization, Various Mobile.

[+++]          Added rules:          [+++]

2831581 - ETPRO EXPLOIT Oracle Weblogic Server Deserialization Remote Command Execution (exploit.rules)
2831582 - ETPRO TROJAN SSL/TLS Certificate Observed (sLoad) (trojan.rules)
2831583 - ETPRO TROJAN SSL/TLS Certificate Observed (sLoad) (trojan.rules)
2831584 - ETPRO MOBILE_MALWARE Android.Adware.KyView CnC Checkin (mobile_malware.rules)
2831585 - ETPRO MALWARE Win32/InstallMonster.Adware CnC Checkin (malware.rules)
2831586 - ETPRO USER_AGENTS InstallMonster Adware User-Agent (LH_A) (user_agents.rules)
2831587 - ETPRO TROJAN AscentorLoader HTTP Response M1 (trojan.rules)
2831588 - ETPRO TROJAN AscentorLoader HTTP Response M2 (trojan.rules)
2831589 - ETPRO TROJAN Cobalt Group Downloader (apstore .info in DNS Lookup) (trojan.rules)
2831590 - ETPRO TROJAN Cobalt Group Downloader (apstore .info in TLS SNI) (trojan.rules)
2831591 - ETPRO WEB_SPECIFIC_APPS Airties AIR5444TT - Cross-Site Scripting (web_specific_apps.rules)
2831592 - ETPRO NETBIOS PolarisOffice Insecure Library Loading - SMB ASCII (netbios.rules)
2831593 - ETPRO NETBIOS PolarisOffice Insecure Library Loading - SMB Unicode (netbios.rules)
2831594 - ETPRO WEB_CLIENT PolarisOffice Insecure Library Loading (web_client.rules)
2831595 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-07-06 1) (trojan.rules)
2831596 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-07-06 2) (trojan.rules)
2831597 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-07-06 3) (trojan.rules)
2831598 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-07-06 4) (trojan.rules)
2831599 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-07-06 5) (trojan.rules)
2831600 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-07-06 6) (trojan.rules)
2831601 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-07-06 7) (trojan.rules)
2831602 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-07-06 8) (trojan.rules)
2831603 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-07-06 9) (trojan.rules)
2831604 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-07-06 10) (trojan.rules)

[///]     Modified active rules:     [///]

2025091 - ET WEB_CLIENT Adobe Acrobat PDF Reader use after free JavaScript engine (CVE-2017-16393) (web_client.rules)
2828205 - ETPRO TROJAN MSIL/Kryptik.JJC/GalaxyRAT IP Check (trojan.rules)

Date: 
Friday, July 6, 2018 - 00:00