Daily Ruleset Update Summary 2018/04/20

[***]            Summary:            [***]

11 new Open, 28 new Pro (11 + 17). BlackCarat CnC, Cisco Smart Install Exploitation Tool, Various Phishing, Various Mobile.

[+++]          Added rules:          [+++]

Open:

2025519 - ET INFO Cisco Smart Install Protocol Observed (info.rules)
2025520 - ET EXPLOIT Cisco Smart Install Exploitation Tool - Update Ios and Execute (exploit.rules)
2025521 - ET EXPLOIT Cisco Smart Install Exploitation Tool - ChangeConfig (exploit.rules)
2025522 - ET EXPLOIT Cisco Smart Install Exploitation Tool - GetConfig (exploit.rules)
2025523 - ET CURRENT_EVENTS Centurylink Phishing Landing 2018-04-19 (current_events.rules)
2025524 - ET CURRENT_EVENTS MyADP Phishing Landing 2018-04-19 (current_events.rules)
2025525 - ET CURRENT_EVENTS Microsoft Account Phishing Landing M1 2018-04-19 (current_events.rules)
2025526 - ET CURRENT_EVENTS Microsoft Account Phishing Landing M2 2018-04-19 (current_events.rules)
2025527 - ET CURRENT_EVENTS Generic Popupwnd Phishing Landing 2018-04-19 (current_events.rules)
2025528 - ET CURRENT_EVENTS Comcast/Xfinity Phishing Landing 2018-04-19 (current_events.rules)
2025529 - ET CURRENT_EVENTS LCL Banque Phishing Landing 2018-04-19 (current_events.rules)

Pro:

2830492 - ETPRO TROJAN Win32/Agent.ZKU CnC Checkin (trojan.rules)
2830493 - ETPRO TROJAN Win32/Agent.ZKU Connectivity Check (trojan.rules)
2830494 - ETPRO TROJAN BlackCarat CnC Checkin (trojan.rules)
2830495 - ETPRO TROJAN BlackCarat Sending System Information to CnC (trojan.rules)
2830496 - ETPRO TROJAN Win32/POWERSTATS CnC Activity (trojan.rules)
2830497 - ETPRO TROJAN Observed Malicious SSL Cert (POWERSTATS CnC) (trojan.rules)
2830498 - ETPRO TROJAN Observed POWERSTATS CnC Domain (aliart .nl in TLS SNI) (trojan.rules)
2830501 - ETPRO CURRENT_EVENTS GrandSoft EK Landing 2018-04-20 (current_events.rules)
2830502 - ETPRO CURRENT_EVENTS Grandsoft EK Exploit Request 2018-04-20 (current_events.rules)
2830503 - ETPRO CURRENT_EVENTS Successful Personalized Phish 2018-04-20 (current_events.rules)
2830504 - ETPRO CURRENT_EVENTS Successful Orange Phish 2018-04-20 (current_events.rules)
2830505 - ETPRO CURRENT_EVENTS Successful Verified by Visa Phish 2018-04-20 (current_events.rules)
2830506 - ETPRO CURRENT_EVENTS Successful Telekom Phish 2018-04-20 (current_events.rules)
2830507 - ETPRO CURRENT_EVENTS Successful Caixa Phish 2018-04-20 (current_events.rules)
2830508 - ETPRO CURRENT_EVENTS Successful Spotify Phish 2018-04-20 (current_events.rules)
2830509 - ETPRO CURRENT_EVENTS Successful BNZ Bank Phish M1 2018-04-20 (current_events.rules)
2830510 - ETPRO CURRENT_EVENTS Successful BNZ Phish M2 2018-04-20 (current_events.rules)

[///]     Modified active rules:     [///]

2018455 - ET TROJAN DNS Reply Sinkhole - Anubis - 195.22.26.192/26 (trojan.rules)
2024206 - ET TROJAN Quant Loader Download Response M2 (trojan.rules)

[---]         Removed rules:         [---]

2830479 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-04-19 2) (trojan.rules)

Date: 
Friday, April 20, 2018 - 00:00