[***] Summary: [***]
5 new Open, 14 new Pro (5 + 9). Win32/ElectricFish, China Chopper, Possible Oracle Weblogic wls9-async Deserialization RCE, Various Miners.
[+++] Added rules: [+++]
Open:
2027340 - ET TROJAN Win32/ElectricFish Authentication Packet Observed (trojan.rules)
2027341 - ET WEB_SERVER China Chopper WebShell Observed Outbound (web_server.rules)
2027342 - ET TROJAN Observed Malicious SSL Cert (Credit Card Stealer CnC) (trojan.rules)
2027343 - ET TROJAN Credit Card Stealer CnC Domain in DNS Lookup (trojan.rules)
2027344 - ET CURRENT_EVENTS Possible JS Credit Card Stealer Inbound (current_events.rules)
Pro:
2836097 - ETPRO WEB_SPECIFIC_APPS Possible Oracle Weblogic wls9-async Deserialization RCE M1 (web_specific_apps.rules)
2836098 - ETPRO WEB_SPECIFIC_APPS Possible Oracle Weblogic wls9-async Deserialization RCE M2 (web_specific_apps.rules)
2836261 - ETPRO MOBILE_MALWARE Android/HiddenApp.HH Checkin (mobile_malware.rules)
2836262 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-05-09 1) (trojan.rules)
2836263 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-05-09 2) (trojan.rules)
2836264 - ETPRO MALWARE Hoax.Win32.PCChist.gen Retrieving Payload (malware.rules)
2836265 - ETPRO POLICY Remote TeamViewer Activity M2 (policy.rules)
2836266 - ETPRO POLICY TeamViewer HTTP Checkin (policy.rules)
2836267 - ETPRO TROJAN Empire Loader Variant CnC Activity (trojan.rules)
[///] Modified active rules: [///]
2027324 - ET INFO Anyplace Remote Access Checkin (051) (info.rules)
2835435 - ETPRO TROJAN Win32/Emotet CnC Activity (POST) (trojan.rules)
2835461 - ETPRO TROJAN Win32/Emotet CnC Activity (POST) M2 (trojan.rules)
2835565 - ETPRO TROJAN Win32/Emotet CnC Activity (POST) M3 (trojan.rules)
2835566 - ETPRO TROJAN Win32/Emotet CnC Activity (POST) M4 (trojan.rules)
2835980 - ETPRO TROJAN ELF/Mirai Variant Momentum User-Agent (trojan.rules)
2835981 - ETPRO USER_AGENTS ELF/Mirai Variant Momentum User-Agent Observed Inbound (user_agents.rules)