[***] Summary: [***]
6 new OPEN, 11 new PRO (6 + 5). MalDoc Downloader, Remcos, Various
Phish, Others.
There will be no ruleset update tomorrow (2021-10-22) as this is a
Proofpoint holiday.
Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback
[+++] Added rules: [+++]
Open:
2034232 - ET CURRENT_EVENTS Covid19 Stimulus Payment Phish Inbound M1
(2021-10-21) (current_events.rules)
2034233 - ET CURRENT_EVENTS Covid19 Stimulus Payment Phish Inbound M2
(2021-10-21) (current_events.rules)
2034234 - ET CURRENT_EVENTS Covid19 Stimulus Payment Phish Inbound M3
(2021-10-21) (current_events.rules)
2034235 - ET CURRENT_EVENTS Covid19 Stimulus Payment Phish Inbound M4
(2021-10-21) (current_events.rules)
2034236 - ET TROJAN Win32/Remcos RAT Checkin 756 (trojan.rules)
2034237 - ET CURRENT_EVENTS Observed DNS Query to KnowBe4 Simulated Phish
Domain (current_events.rules)
Pro:
2850262 - ETPRO TROJAN MSIL/GenKryptik.FMFN CnC Exfil (trojan.rules)
2850263 - ETPRO TROJAN MalDoc Downloader User-Agent (trojan.rules)
2850264 - ETPRO TROJAN MalDoc Downloader User-Agent (trojan.rules)
2850265 - ETPRO CURRENT_EVENTS Successful Generic Phish 2021-10-21
(current_events.rules)
2850266 - ETPRO TROJAN Suspicious Cookie [jOWL] (trojan.rules)
[---] Disabled and modified rules: [---]
2034189 - ET CURRENT_EVENTS Possible Generic Phishkit Landing Page M1
(current_events.rules)
[---] Removed rules: [---]
2850118 - ETPRO TROJAN Win32/Remcos RAT Checkin 756 (trojan.rules)
---------------------------------------
James Emery-Callcott
Security Researcher | ProofPoint Inc | Emerging Threats Team