[***]            Summary:            [***]

7 new Open, 10 new Pro (7 + 3). Confluence SSTI Exploitation, PS/Unk.EB.Spreader, CSharp SMB Scanner Water, Various Miners.

[+++]          Added rules:          [+++]

Open:

2027333 - ET WEB_CLIENT Possible Confluence SSTI Exploitation Attempt - Leads to RCE/LFI (CVE-2019-3396) (web_client.rules)
2027334 - ET TROJAN PS/Unk.EB.Spreader CnC Checkin (trojan.rules)
2027335 - ET CURRENT_EVENTS Wide HTA with PowerShell Execution Inbound (current_events.rules)
2027336 - ET CURRENT_EVENTS CSharp SMB Scanner Assembly in PowerShell Inbound M1 (current_events.rules)
2027337 - ET CURRENT_EVENTS CSharp SMB Scanner Assembly in PowerShell Inbound M2 (current_events.rules)
2027338 - ET POLICY Inbound PowerShell Capable of Enumerating Internal Network via WMI (policy.rules)
2027339 - ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound (exploit.rules)

Pro:

2836258 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-05-08 1) (trojan.rules)
2836259 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-05-08 2) (trojan.rules)
2836260 - ETPRO POLICY Remote TeamViewer Activity (policy.rules)

[///]     Modified active rules:     [///]

2027324 - ET INFO Anyplace Remote Access Checkin (051) (info.rules)

Date: 
Tuesday, May 7, 2019 - 22:00