[***]            Summary:            [***]

5 new Open, 21 new Pro (5 + 16). HTA.BabyShark HTTP Exfil, Shade Ransomware, CVE-2019-6340, Various Phishing.

[+++]          Added rules:          [+++]

Open:

2027377 - ET TROJAN HTA.BabyShark HTTP Exfil (trojan.rules)
2027378 - ET CURRENT_EVENTS JS ShellWindows/AddInProcess Win10 DeviceGuardBypass Inbound (current_events.rules)
2027379 - ET TROJAN Shade Ransomware Payment Domain in DNS Lookup (trojan.rules)
2027380 - ET CURRENT_EVENTS Possible Router EK Landing Page Inbound 2019-05-24 (current_events.rules)
2027381 - ET TROJAN SSL/TLS Certificate Observed (Quasar Related) (trojan.rules)

Pro:

2836500 - ETPRO TROJAN ELF/Paranoia Bot CnC Checkin (trojan.rules)
2836501 - ETPRO EXPLOIT Observed Attempted Spring Data Commons RCE Inbound (CVE-2018-1273) (exploit.rules)
2836502 - ETPRO EXPLOIT Observed Attempted Spring Data Commons RCE Outbound (CVE-2018-1273) (exploit.rules)
2836503 - ETPRO EXPLOIT Attempted THINKPHP < 5.2.x RCE Inbound (exploit.rules)
2836504 - ETPRO EXPLOIT Attempted THINKPHP < 5.2.x RCE Outbound (exploit.rules)
2836505 - ETPRO TROJAN Win32/Farfli.ANY CnC Response (trojan.rules)
2836506 - ETPRO CURRENT_EVENTS Successful Facebook Copyright Violation Phish 2019-05-24 (current_events.rules)
2836507 - ETPRO CURRENT_EVENTS Successful Facebook Copyright Violation Phish 2019-05-24 (current_events.rules)
2836508 - ETPRO CURRENT_EVENTS Successful Whatsapp Group Phish 2019-05-24 (current_events.rules)
2836509 - ETPRO CURRENT_EVENTS Successful Banco Estado Phish 2019-05-24 (current_events.rules)
2836510 - ETPRO CURRENT_EVENTS Successful Natwest Phish 2019-05-24 (current_events.rules)
2836511 - ETPRO TROJAN Win32/KeyLogger.Spia CnC Request (set) (trojan.rules)
2836512 - ETPRO CURRENT_EVENTS Successful Generic MultiWebmail Phish 2019-05-24 (current_events.rules)
2836513 - ETPRO TROJAN Win32/KeyLogger.Spia CnC Response (trojan.rules)
2836514 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information Phish 2019-05-24 (current_events.rules)
2836515 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information Phish 2019-05-24 (current_events.rules)

[///]     Modified active rules:     [///]

2828060 - ETPRO TROJAN W32/Emotet.v4 Checkin Fake 404 Payload Response (trojan.rules)

Date: 
Thursday, May 23, 2019 - 22:00