[***] Summary: [***]

18 new OPEN, 33 new PRO (18 + 15). MS-PAR Sig Set, Kaseya VSA
Exploit Activity, Dridex, Others.

Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++] Added rules: [+++]

Open:

2033248 - ET TROJAN Kaseya VSA Exploit Activity M1 (SET) (trojan.rules)
2033249 - ET TROJAN Kaseya VSA Exploit Activity M2 (SET) (trojan.rules)
2033250 - ET TROJAN Possible Kaseya VSA Exploit Activity Inbound M1
(trojan.rules)
2033251 - ET TROJAN Possible Kaseya VSA Exploit Activity Inbound M2
(trojan.rules)
2033252 - ET TROJAN Possible Kaseya VSA Exploit URI Structure
Inbound (trojan.rules)
2033253 - ET TROJAN Maldoc Retrieving Payload 2021-07-06 (trojan.rules)
2033254 - ET POLICY [MS-PAR] Windows Printer Spooler Activity -
RpcAsyncEnumPrinterDrivers (policy.rules)
2033255 - ET POLICY [MS-PAR] Windows Printer Spooler Activity -
RpcAsyncAddPrinterDriver (policy.rules)
2033256 - ET POLICY [MS-PAR] Windows Printer Spooler Activity -
RpcAsyncGetPrinterDriver (policy.rules)
2033257 - ET POLICY [MS-PAR] Windows Printer Spooler Activity -
RpcAsyncGetPrinterDriverDirectory (policy.rules)
2033258 - ET POLICY [MS-PAR] Windows Printer Spooler Activity -
RpcAsyncDeletePrinterDriver (policy.rules)
2033259 - ET POLICY [MS-PAR] Windows Printer Spooler Activity -
RpcAsyncDeletePrinterDriverEx (policy.rules)
2033260 - ET POLICY [MS-PAR] Windows Printer Spooler Activity -
RpcAsyncInstallPrinterDriverFromPackage (policy.rules)
2033261 - ET POLICY [MS-PAR] Windows Printer Spooler Activity -
RpcAsyncUploadPrinterDriverPackage (policy.rules)
2033262 - ET POLICY [MS-PAR] Windows Printer Spooler Activity -
RpcAsyncGetCorePrinterDrivers (policy.rules)
2033263 - ET POLICY [MS-PAR] Windows Printer Spooler Activity -
RpcAsyncCorePrinterDriverInstalled (policy.rules)
2033264 - ET POLICY [MS-PAR] Windows Printer Spooler Activity -
RpcAsyncGetPrinterDriverPackagePath (policy.rules)
2033265 - ET POLICY [MS-PAR] Windows Printer Spooler Activity -
RpcAsyncDeletePrinterDriverPackage (policy.rules)

Pro:

2849200 - ETPRO TROJAN Suspected Meterpreter Reverse Shell Activity
(GET) (trojan.rules)
2849201 - ETPRO MALWARE SafeCleaner Activity (POST) (malware.rules)
2849204 - ETPRO MOBILE_MALWARE Android/Agent.BQX (TLS SNI) 152
(mobile_malware.rules)
2849205 - ETPRO MOBILE_MALWARE Android/Agent.BQX (TLS SNI) 153
(mobile_malware.rules)
2849208 - ETPRO TROJAN Dridex CnC Activity (trojan.rules)
2849209 - ETPRO TROJAN Observed AZORult CnC Domain in TLS SNI (trojan.rules)
2849210 - ETPRO TROJAN Observed Malicious SSL Cert (OrcusRAT) (trojan.rules)
2849211 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT) (trojan.rules)
2849212 - ETPRO INFO Suspicious Literal CRLF In HTTP Header (info.rules)
2849213 - ETPRO CURRENT_EVENTS Successful Generic Phish 2021-07-06
(current_events.rules)
2849214 - ETPRO TROJAN Unk.ArcStealer CnC Exfil (trojan.rules)

[///] Modified active rules: [///]

2018302 - ET INFO Possible Phish - Mirrored Website Comment Observed
(info.rules)
2018334 - ET INFO Possible Phish - Saved Website Comment Observed (info.rules)
2022136 - ET WEB_CLIENT Netsolhost SSL Proxying - Possible Phishing
Nov 24 2015 (web_client.rules)
2022374 - ET WEB_CLIENT Suspicious LastPass URI Structure - Possible
Phishing (web_client.rules)
2022486 - ET CURRENT_EVENTS Possible Phishing Landing via GetGoPhish
Phishing Tool (current_events.rules)
2022578 - ET WEB_CLIENT JS Obfuscation - Possible Phishing
2016-03-01 (web_client.rules)
2022597 - ET CURRENT_EVENTS Possible Phishing Landing - Data URI
Inline Javascript Mar 07 2016 (current_events.rules)
2023139 - ET INFO Form Data Submitted to yolasite.com - Possible
Phishing (info.rules)
2023638 - ET WEB_CLIENT Possible Phishing Redirect Dec 13 2016
(web_client.rules)
2024003 - ET WEB_CLIENT Possible Phishing Verified by Visa title
over non SSL Feb 17 2017 (web_client.rules)
2024007 - ET WEB_CLIENT Suspicious JS Refresh - Possible Phishing
Redirect Feb 24 2017 (web_client.rules)
2024008 - ET WEB_CLIENT Possible Phishing Redirect Feb 24 2017
(web_client.rules)
2024227 - ET INFO Lets Encrypt Free SSL Cert Observed with
IDN/Punycode Domain - Possible Phishing (info.rules)
2024228 - ET INFO Suspicious HTML Decimal Obfuscated Title -
Possible Phishing Landing Apr 19 2017 (info.rules)
2024283 - ET INFO Miniproxy Cloned Page - Possible Phishing Landing
(info.rules)
2024375 - ET INFO Possible Successful Hostinger Generic Phish Jun 09
2017 (info.rules)
2024432 - ET INFO Suspicious HTML Hex Obfuscated Title - Possible
Phishing Landing Jun 28 2017 (info.rules)
2024450 - ET WEB_CLIENT Possible Phishing Blockchain title over non
SSL Jul 10 2017 (web_client.rules)
2025006 - ET WEB_CLIENT Possible Phishing Redirect Feb 09 2016
(web_client.rules)
2025227 - ET INFO Possible Phishing Landing - Common Multiple JS
Unescape May 25 2017 (info.rules)
2025267 - ET INFO Possible Phishing Redirect 2018-01-30 (info.rules)
2025656 - ET CURRENT_EVENTS AES Crypto Observed in Javascript -
Possible Phishing Landing (current_events.rules)
2025657 - ET CURRENT_EVENTS AES Crypto Observed in Javascript -
Possible Phishing Landing M1 Dec 28 2015 (current_events.rules)
2025659 - ET INFO Suspicious Dropbox Page - Possible Phishing
Landing (info.rules)
2025669 - ET INFO Suspicious Google Docs Page - Possible Phishing
Landing (info.rules)
2025671 - ET CURRENT_EVENTS Suspicious Wordpress Redirect - Possible
Phishing Landing Jan 7 2016 (current_events.rules)
2025696 - ET CURRENT_EVENTS Suspicious Wordpress Redirect - Possible
Phishing Landing (set) Jan 7 (current_events.rules)
2026061 - ET WEB_CLIENT Generic PhishKit Author Comment M1
2018-08-30 (web_client.rules)
2026062 - ET WEB_CLIENT Generic PhishKit Author Comment M2
2018-08-30 (web_client.rules)
2026063 - ET WEB_CLIENT Generic PhishKit Author Comment M3
2018-08-30 (web_client.rules)
2026064 - ET WEB_CLIENT Generic PhishKit Author Comment M4
2018-08-30 (web_client.rules)
2026065 - ET WEB_CLIENT Generic PhishKit Author Comment M5
2018-08-30 (web_client.rules)
2026066 - ET WEB_CLIENT Generic PhishKit Author Comment M6
2018-08-30 (web_client.rules)
2026067 - ET WEB_CLIENT Generic PhishKit Author Comment M7
2018-08-30 (web_client.rules)
2026068 - ET WEB_CLIENT Generic PhishKit Author Comment M8
2018-08-30 (web_client.rules)
2026069 - ET WEB_CLIENT Generic PhishKit Author Comment M9
2018-08-30 (web_client.rules)
2026070 - ET WEB_CLIENT Generic PhishKit Author Comment M10
2018-08-30 (web_client.rules)
2026746 - ET INFO Suspicious Fake Login - Possible Phishing -
2018-12-31 (info.rules)
2026908 - ET POLICY Suspicious SSN Parameter in HTTP POST - Possible
Phishing (policy.rules)
2026909 - ET POLICY Suspicious CVV Parameter in HTTP POST - Possible
Phishing (policy.rules)
2027519 - ET INFO Cloned EWE Telecom Page - Possible Phishing
Landing (info.rules)
2027520 - ET INFO Cloned La Banque Postale FR Page - Possible
Phishing Landing (info.rules)
2027521 - ET INFO Cloned ATB Bank Online Page - Possible Phishing
Landing (info.rules)
2027522 - ET INFO Cloned RBC Royal Bank Page - Possible Phishing
Landing (info.rules)
2027523 - ET INFO Cloned CIBC Bank Page - Possible Phishing Landing
M1 (info.rules)
2027524 - ET INFO Cloned ABSA Bank Page - Possible Phishing Landing
(info.rules)
2027525 - ET INFO Cloned Instagram Page - Possible Phishing Landing
M1 (info.rules)
2027526 - ET INFO Cloned Instagram Page - Possible Phishing Landing
M2 (info.rules)
2027527 - ET INFO Cloned Spotify Page - Possible Phishing Landing (info.rules)
2027528 - ET INFO Cloned ADP Page - Possible Phishing Landing (info.rules)
2027529 - ET INFO Cloned Westpac Bank Page - Possible Phishing
Landing (info.rules)
2027530 - ET INFO Cloned Simplii Page - Possible Phishing Landing (info.rules)
2027531 - ET INFO Cloned CIBC Bank Page - Possible Phishing Landing
M2 (info.rules)
2027532 - ET INFO Cloned Chase Page - Possible Phishing Landing (info.rules)
2027533 - ET INFO Cloned Scotiabank Page - Possible Phishing Landing
(info.rules)
2027534 - ET INFO Cloned Cox Page - Possible Phishing Landing M1 (info.rules)
2027536 - ET INFO Cloned Comcast / Xfinity Page - Possible Phishing
Landing (info.rules)
2027537 - ET INFO Cloned Telstra Page - Possible Phishing Landing (info.rules)
2027538 - ET INFO Cloned Comcast / Xfinity Page - Possible Phishing
Landing (info.rules)
2027539 - ET INFO Cloned Itscom Page - Possible Phishing Landing (info.rules)
2027540 - ET INFO Cloned Bank of America Page - Possible Phishing
Landing M1 (info.rules)
2027541 - ET INFO Cloned Bank of America Page - Possible Phishing
Landing M2 (info.rules)
2027542 - ET INFO Cloned Bank of America Page - Possible Phishing
Landing M3 (info.rules)
2027543 - ET INFO Cloned Microsoft Office Apps Page - Possible
Phishing Landing (info.rules)
2027544 - ET INFO Cloned Telekom / Tmobile Page - Possible Phishing
Landing (info.rules)
2027545 - ET INFO Cloned Fidelity Page - Possible Phishing Landing
(info.rules)
2027546 - ET INFO Cloned Societe Generale FR Page - Possible
Phishing Landing (info.rules)
2027547 - ET INFO Cloned Impots Gouv FR Page - Possible Phishing
Landing (info.rules)
2027548 - ET INFO Cloned Godaddy Page - Possible Phishing Landing (info.rules)
2027549 - ET INFO Cloned Dropbox Page - Possible Phishing Landing (info.rules)
2027550 - ET INFO Cloned American Express Page - Possible Phishing
Landing (info.rules)
2027551 - ET INFO Cloned ABSA Bank Page - Possible Phishing Landing
(info.rules)
2027552 - ET INFO Cloned Match Dating Page - Possible Phishing
Landing (info.rules)
2027553 - ET INFO Cloned Telekom / Tmobile Page - Possible Phishing
Landing (info.rules)
2027554 - ET INFO Cloned South State Bank Page - Possible Phishing
Landing (info.rules)
2027555 - ET INFO Cloned Google Tools Page - Possible Phishing
Landing (info.rules)
2027556 - ET INFO Cloned Yahoo Page - Possible Phishing Landing (info.rules)
2027557 - ET INFO Cloned Discover Page - Possible Phishing Landing
(info.rules)
2027558 - ET INFO Cloned Linkedin Page - Possible Phishing Landing
(info.rules)
2027559 - ET INFO Cloned NAB Page - Possible Phishing Landing (info.rules)
2027560 - ET INFO Cloned Ziggo NL Page - Possible Phishing Landing
(info.rules)
2027562 - ET INFO Possible Phishing Landing - Zeus365 Encoding (info.rules)
2027899 - ET CURRENT_EVENTS Possible Phishing Landing Obfuscation
2016-03-17 (current_events.rules)
2030603 - ET CURRENT_EVENTS Possible Phishing Landing Hosted on
CodeSandbox.io M1 (current_events.rules)
2030604 - ET CURRENT_EVENTS Possible Phishing Landing Hosted on
CodeSandbox.io M2 (current_events.rules)
2030605 - ET CURRENT_EVENTS Possible Phishing Landing Hosted on
CodeSandbox.io M3 (current_events.rules)
2030606 - ET CURRENT_EVENTS Possible Phishing Landing Hosted on
CodeSandbox.io M4 (current_events.rules)
2030610 - ET CURRENT_EVENTS Possible Phishing Landing Captcha Check
(current_events.rules)
2030618 - ET CURRENT_EVENTS Possible Phishing Script Hosted on
000webhostapp (current_events.rules)
2030646 - ET CURRENT_EVENTS Possible Sucessful Generic Phish (set)
2020-08-04 (current_events.rules)
2030707 - ET INFO Possible Phishing - Form submitted to submit-form
Form Hosting (info.rules)
2030708 - ET INFO HTTP POST to .php on Appspot Hosting - Possible
Phishing (info.rules)
2030936 - ET CURRENT_EVENTS Possible Phishing Landing Hosted on
CodeSandbox.io M5 (current_events.rules)
2030937 - ET CURRENT_EVENTS Possible Phishing Landing Hosted on
CodeSandbox.io M6 (current_events.rules)
2031166 - ET CURRENT_EVENTS Cloned IRS Page - Possible Phishing
Landing (current_events.rules)
2031189 - ET INFO HTTP POST to XYZ TLD Containing Pass - Possible
Phishing (info.rules)
2031238 - ET CURRENT_EVENTS Cloned Instagram Page - Possible
Phishing Landing M3 (current_events.rules)
2031492 - ET CURRENT_EVENTS Suspicious TikTok Domain Request -
Possible Phishing or Scam (current_events.rules)
2031523 - ET INFO Suspicious HTTP POST Only Containing Password -
Possible Phishing (info.rules)
2031524 - ET INFO Suspicious HTTP POST Only Containing Pass -
Possible Phishing (info.rules)
2031567 - ET WEB_CLIENT Suspicious Redirect - Possible Phishing May
25 2016 (web_client.rules)
2031741 - ET CURRENT_EVENTS Anonisma AES Crypto Observed in
Javascript - Possible Phishing Landing 2015-12-29
(current_events.rules)
2031785 - ET INFO Data Submitted to Weebly.com - Possible Phishing
(info.rules)
2031917 - ET INFO Suspicious Glitch Hosted GET Request - Possible
Phishing Landing (info.rules)
2031918 - ET INFO Suspicious Glitch Hosted DNS Request - Possible
Phishing Landing (info.rules)
2031919 - ET INFO Suspicious Glitch Hosted TLS SNI Request -
Possible Phishing Landing (info.rules)
2031955 - ET INFO Base64 Data URI Javascript Refresh - Possible
Phishing Landing (info.rules)
2031970 - ET CURRENT_EVENTS Possible Phishing Landing - Data URI
Inline Javascript 2016-02-09 (current_events.rules)
2032021 - ET WEB_CLIENT Possible Phishing Data Submitted to
yolasite.com (web_client.rules)
2032025 - ET INFO Data Submitted to MyFreeSites.com - Possible
Phishing (info.rules)
2032036 - ET WEB_CLIENT Suspicious Credential POST to FormBuddy.com
- Possible Phishing Aug 10 2016 (web_client.rules)
2032037 - ET CURRENT_EVENTS Possible Phishing Landing - Tectite Web
Form Abuse (current_events.rules)
2032038 - ET INFO Successful Tectite Web Form Submission - Possible
Phishing (info.rules)
2032046 - ET WEB_CLIENT Possible Phishing Data Submitted to
yolasite.com M2 (web_client.rules)
2032058 - ET INFO Suspicious Yahoo Page - Possible Phishing Landing
(info.rules)
2032069 - ET INFO Data Submitted to Webeden.co.uk - Possible
Phishing (info.rules)
2032070 - ET INFO Data Submitted to Weebly.com - Possible Phishing
(info.rules)
2032082 - ET INFO Possible Phishing Page - Page Saved with
SingleFile Extension (info.rules)
2032096 - ET INFO Possible Phishing Landing via MoonFruit.com (set)
(info.rules)
2032097 - ET INFO Possible Phishing Landing via MoonFruit.com M1
2016-01-22 (info.rules)
2032098 - ET INFO Possible Phishing Landing via MoonFruit.com M2
2016-01-22 (info.rules)
2032099 - ET INFO Possible Phishing Landing via MoonFruit.com M3
2016-01-22 (info.rules)
2032100 - ET INFO Possible Phishing Landing via Moonfruit M2
2016-01-26 (info.rules)
2032107 - ET INFO Suspicious Minimal HTTP Refresh to Googledrive.com
- Possible Phishing (info.rules)
2032125 - ET INFO Possible Phishing Landing via Moonfruit M1
2016-10-03 (info.rules)
2032126 - ET INFO Possible Phishing Landing via Moonfruit M2
2016-10-03 (info.rules)
2032372 - ET CURRENT_EVENTS Possible Phishing Landing Obfuscation
2016-02-26 (current_events.rules)
2032388 - ET WEB_CLIENT Suspicious Compound Refresh - Possible
Phishing Redirect 2016-06-09 (web_client.rules)
2032397 - ET INFO Data Submitted to ukit domain - Possible Phishing
M1 2016-06-29 (info.rules)
2032398 - ET INFO Data Submitted to ukit domain - Possible Phishing
M2 2016-06-29 (info.rules)
2032468 - ET INFO Killbot JS Configuration - Possible Phishing (info.rules)
2032510 - ET CURRENT_EVENTS Generic Hidden Text - Possible Phishing
Landing (current_events.rules)
2032758 - ET INFO Suspicious Netlify Hosted GET Request - Possible
Phishing Landing (info.rules)
2032759 - ET INFO Suspicious Netlify Hosted DNS Request - Possible
Phishing Landing (info.rules)
2032760 - ET INFO Suspicious Netlify Hosted TLS SNI Request -
Possible Phishing Landing (info.rules)
2033001 - ET CURRENT_EVENTS Possible Phishing Landing Page
2021-05-18 (current_events.rules)
2033048 - ET CURRENT_EVENTS Possible Phishing Landing Page
2021-05-24 (current_events.rules)
2033155 - ET CURRENT_EVENTS Observed Possible Phishing Landing Page
2021-06-22 (current_events.rules)
2033187 - ET CURRENT_EVENTS Observed Possible Phishing Landing Page
2021-06-24 (current_events.rules)
2033215 - ET CURRENT_EVENTS Observed Possible Phishing Landing Page
2021-06-25 (current_events.rules)
2033216 - ET CURRENT_EVENTS Observed Possible Phishing Landing Page
2021-06-29 (current_events.rules)
2033217 - ET CURRENT_EVENTS Observed Possible Phishing Landing Page
2021-06-29 (current_events.rules)
2033218 - ET CURRENT_EVENTS Observed Possible Phishing 2021-06-29
(current_events.rules)
2820835 - ETPRO INFO Suspicious Redirect to Recursive PHP - Possible
Phishing (info.rules)
2826655 - ETPRO CURRENT_EVENTS Successful Webhostapp Hosted Generic
Phish Jun 07 2017 (current_events.rules)
2834832 - ETPRO CURRENT_EVENTS Successful Personalized Generic Phish
2019-02-11 (current_events.rules)
2838401 - ETPRO INFO Generic Credit Card Information Observed -
Possible Phishing (info.rules)
2843273 - ETPRO CURRENT_EVENTS Succcesful Generic Phish 2020-06-30
(current_events.rules)
2843831 - ETPRO CURRENT_EVENTS Successful Justns.ru Hosted Generic
Phish 2020-08-05 (current_events.rules)
2843931 - ETPRO CURRENT_EVENTS Successful AWS Elasticbeanstalk
Hosted Generic Phish 2020-08-10 (current_events.rules)
2843932 - ETPRO CURRENT_EVENTS Possible Successful Appspot Hosted
Generic Phish 2020-08-10 (current_events.rules)
2843933 - ETPRO CURRENT_EVENTS Successful XSPH RU Hosted Generic
Phish 2020-08-05 (current_events.rules)
2843999 - ETPRO CURRENT_EVENTS Successful Dynamic DNS Hosted Generic
Phish 2020-08-13 (duckdns.org) (current_events.rules)
2844080 - ETPRO CURRENT_EVENTS Successful Zapto.org Hosted Generic
Phish 2020-08-19 (current_events.rules)
2844216 - ETPRO CURRENT_EVENTS Successful Dynamic DNS Hosted Generic
Phish 2020-08-31 (sytes.net) (current_events.rules)
2844661 - ETPRO CURRENT_EVENTS Successful Ht-test.ru Hosted Generic
Phish 2020-09-28 (current_events.rules)

[///] Modified inactive rules: [///]

2018853 - ET WEB_CLIENT Possible Phishing E-ZPass Email Toll
Notification July 30 2014 (web_client.rules)
2022905 - ET CURRENT_EVENTS Suspicious Hidden Javascript Redirect -
Possible Phishing Jun 17 (current_events.rules)
2022974 - ET CURRENT_EVENTS Suspicious SMTP Settings in XLS -
Possible Phishing Document (current_events.rules)
2027535 - ET INFO Cloned Cox Page - Possible Phishing Landing M2 (info.rules)
2033247 - ET POLICY [MS-RPRN] Windows Printer Spooler Activity -
RpcAddPrinterDriverEx with Possible UNC Path (policy.rules)
2814125 - ETPRO CURRENT_EVENTS Possible Phishing Landing Sept 28
(current_events.rules)
2815980 - ETPRO INFO Possible Phishing Landing via Moonfruit M1 Jan
26 2016 (info.rules)
2816598 - ETPRO CURRENT_EVENTS Possible Phishing Landing Obfuscation
Mar 9 (current_events.rules)
2820372 - ETPRO CURRENT_EVENTS Suspicious Domain - Possible Phishing
Redirect May 26 (current_events.rules)
2820816 - ETPRO INFO Data Submitted to my-free.website - Possible
Phishing (info.rules)
2849129 - ETPRO POLICY [MS-RPRN] Windows Printer Spooler Activity -
RpcAddPrinterDriverEx (policy.rules)
2849173 - ETPRO POLICY [MS-RPRN] Windows Printer Spooler Activity -
RpcAddPrinterDriver (policy.rules)
2849174 - ETPRO POLICY [MS-RPRN] Windows Printer Spooler Activity -
RpcEnumPrinterDrivers (policy.rules)
2849175 - ETPRO POLICY [MS-RPRN] Windows Printer Spooler Activity -
RpcGetPrinterDriver (policy.rules)
2849176 - ETPRO POLICY [MS-RPRN] Windows Printer Spooler Activity -
RpcGetPrinterDriverDirectory (policy.rules)
2849177 - ETPRO POLICY [MS-RPRN] Windows Printer Spooler Activity -
RpcDeletePrinterDriver (policy.rules)
2849178 - ETPRO POLICY [MS-RPRN] Windows Printer Spooler Activity -
RpcGetPrinterDriver2 (policy.rules)
2849179 - ETPRO POLICY [MS-RPRN] Windows Printer Spooler Activity -
RpcDeletePrinterDriverEx (policy.rules)
2849180 - ETPRO POLICY [MS-RPRN] Windows Printer Spooler Activity -
RpcGetCorePrinterDrivers (policy.rules)
2849181 - ETPRO POLICY [MS-RPRN] Windows Printer Spooler Activity -
RpcGetPrinterDriverPackagePath (policy.rules)

[---] Disabled and modified rules: [---]

2849196 - ETPRO POLICY Inbound Batch Script Deleting IIS Log
Directory (policy.rules)
2849197 - ETPRO POLICY Inbound Batch Script Deleting Log Files (policy.rules)

James Emery-Callcott
Security Researcher | ProofPoint Inc | Emerging Threats Team