[***]            Summary:            [***]

4 new Open, 14 new Pro (4 + 10). Belkin Wemo Enabled Crock-Pot, Skuxray, Various Android Malware.

[+++]          Added rules:          [+++]

Open:

2027486 - ET EXPLOIT Belkin Wemo Enabled Crock-Pot Unauthenticated Command Injection Inbound (CVE-2019-12780) (exploit.rules)
2027487 - ET EXPLOIT Belkin Wemo Enabled Crock-Pot Unauthenticated Command Injection Outbound (CVE-2019-12780) (exploit.rules)
2027488 - ET EXPLOIT MiCasaVerde VeraLite - Remote Code Execution Outbound (CVE-2016-6255) (exploit.rules)
2027489 - ET EXPLOIT MiCasaVerde VeraLite - Remote Code Execution Inbound (CVE-2016-6255) (exploit.rules)

Pro:

2836896 - ETPRO MOBILE_MALWARE Android/Hiddad.HX Checkin (mobile_malware.rules)
2836897 - ETPRO MOBILE_MALWARE Trojan.Android.Rooter.drlftw Checkin (mobile_malware.rules)
2836898 - ETPRO MOBILE_MALWARE Android/AdDisplay.Dowgin.X Checkin (mobile_malware.rules)
2836899 - ETPRO TROJAN Skuxray CnC Initial Checkin (trojan.rules)
2836900 - ETPRO TROJAN Skuxray CnC Activity (trojan.rules)
2836906 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-06-18 1) (trojan.rules)
2836907 - ETPRO CURRENT_EVENTS Successful Simplii Phish 2019-06-18 (current_events.rules)
2836908 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-06-18 2) (trojan.rules)
2836909 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-06-18 3) (trojan.rules)
2836910 - ETPRO TROJAN Win32/Tofsee Template 1 Active - Outbound Malicious Email Spam (trojan.rules)

[///]     Modified active rules:     [///]

2019935 - ET INFO AutoIt User Agent Executable Request (info.rules)
2024914 - ET EXPLOIT Netgear ReadyNAS Surveillance Unauthenticated Remote Command Execution (exploit.rules)
2026514 - ET TROJAN XLS.Unk DDE rar Drop Attempt (.live) (trojan.rules)
2027249 - ET POLICY Request for Possible Adobe Phishing Hosted on Github.io (policy.rules)
2027452 - ET EXPLOIT Possible OpenDreamBox Attempted Remote Command Injection Outbound (exploit.rules)
2027453 - ET EXPLOIT Possible OpenDreamBox Attempted Remote Command Injection Inbound (exploit.rules)
2027456 - ET EXPLOIT Dell KACE Attempted Remote Command Injection Outbound (exploit.rules)
2027457 - ET EXPLOIT Dell KACE Attempted Remote Command Injection Inbound (exploit.rules)
2027458 - ET EXPLOIT Geutebruck Attempted Remote Command Injection Outbound (exploit.rules)
2027459 - ET EXPLOIT Geutebruck Attempted Remote Command Injection Inbound (exploit.rules)
2027460 - ET EXPLOIT Hootoo TripMate Attempted Remote Command Injection Outbound (exploit.rules)
2027461 - ET EXPLOIT Hootoo TripMate Attempted Remote Command Injection Inbound (exploit.rules)

[---]  Disabled and modified rules:  [---]

2836743 - ETPRO TROJAN MuddyWater PowerShell RAT Check-in (trojan.rules)

Date: 
Monday, June 17, 2019 - 22:00