Daily Ruleset Update Summary
Daily Ruleset Update Summary 2021/10/14

[***] Summary: [***]

5 new OPEN, 16 new PRO (5 + 11). Lazarus APT, Various Phishkit, Raccoon Stealer.

Thanks: @ShadowChasing1, @JCyberSec_

Proofpoint is looking to hire a Product Manager to oversee the Emerging Threats products group. Interested? Check out the posting here<https://proofpoint.wd5.myworkdayjobs.com/ProofpointCareers/job/Sunnyval…;, and reach out with any questions.

Please share issues, feedback, and requests at https://feedback.emergingthreats.net/feedback

[+++] Added rules: [+++]

Open:

2034187 - ET TROJAN Suspected Lazarus APT Related Activity (GET) (trojan.rules)

2034188 - ET CURRENT_EVENTS Generic Phishkit Activity (GET) (current_events.rules)

2034189 - ET CURRENT_EVENTS Generic Phishkit Landing Page M1 (current_events.rules)

2034190 - ET CURRENT_EVENTS Generic Phishkit Landing Page M2 (current_events.rules)

2034191 - ET CURRENT_EVENTS Generic Phishkit Landing Page M3 (current_events.rules)

Pro:

2850190 - ETPRO CURRENT_EVENTS Generic Phishkit Activity (POST) M1 (current_events.rules)

2850191 - ETPRO TROJAN Win32.Raccoon Stealer Checkin Response M3 (trojan.rules)

2850192 - ETPRO INFO Observed Honeypot Validation M1 (info.rules)

2850193 - ETPRO INFO Observed Honeypot Validation M2 (info.rules)

2850194 - ETPRO TROJAN Win32.Raccoon Stealer Checkin M4 (trojan.rules)

2850195 - ETPRO TROJAN Win32.Raccoon Stealer - Telegram Mirror Checkin (telemirror .top) (trojan.rules)

2850196 - ETPRO TROJAN Win32.Raccoon Stealer - Telegram Mirror Checkin (tgmirror .top) (trojan.rules)

2850197 - ETPRO TROJAN Win32.Raccoon Stealer - Telegram Mirror Checkin (telegatt .top) (trojan.rules)

2850198 - ETPRO TROJAN Win32.Raccoon Stealer - Telegram Mirror Checkin (telegka .top) (trojan.rules)

2850199 - ETPRO TROJAN Win32.Raccoon Stealer - Telegram Mirror Checkin (telegin .top) (trojan.rules)

2850200 - ETPRO TROJAN Win32.Raccoon Stealer - Telegram Mirror Checkin (t .me) (trojan.rules)

[///] Modified active rules: [///]

2845585 - ETPRO TROJAN Win32.Raccoon Stealer - Telegram Mirror Checkin (telete .in) (trojan.rules)

2849100 - ETPRO TROJAN Win32.Raccoon Stealer - Telegram Mirror Checkin (tttttt .me) (trojan.rules)

Date:
Summary title:
5 new OPEN, 16 new PRO (5 + 11). Lazarus APT, Various Phishkit, Raccoon Stealer.