Daily Ruleset Update Summary 2021/10/21

Daily Ruleset Update Summary

[***] Summary: [***]

6 new OPEN, 11 new PRO (6 + 5). MalDoc Downloader, Remcos, Various
Phish, Others.

There will be no ruleset update tomorrow (2021-10-22) as this is a
Proofpoint holiday.

Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++] Added rules: [+++]

Open:

2034232 - ET CURRENT_EVENTS Covid19 Stimulus Payment Phish Inbound M1
(2021-10-21) (current_events.rules)
2034233 - ET CURRENT_EVENTS Covid19 Stimulus Payment Phish Inbound M2
(2021-10-21) (current_events.rules)
2034234 - ET CURRENT_EVENTS Covid19 Stimulus Payment Phish Inbound M3
(2021-10-21) (current_events.rules)
2034235 - ET CURRENT_EVENTS Covid19 Stimulus Payment Phish Inbound M4
(2021-10-21) (current_events.rules)
2034236 - ET TROJAN Win32/Remcos RAT Checkin 756 (trojan.rules)
2034237 - ET CURRENT_EVENTS Observed DNS Query to KnowBe4 Simulated Phish
Domain (current_events.rules)

Pro:

2850262 - ETPRO TROJAN MSIL/GenKryptik.FMFN CnC Exfil (trojan.rules)
2850263 - ETPRO TROJAN MalDoc Downloader User-Agent (trojan.rules)
2850264 - ETPRO TROJAN MalDoc Downloader User-Agent (trojan.rules)
2850265 - ETPRO CURRENT_EVENTS Successful Generic Phish 2021-10-21
(current_events.rules)
2850266 - ETPRO TROJAN Suspicious Cookie [jOWL] (trojan.rules)

[---] Disabled and modified rules: [---]

2034189 - ET CURRENT_EVENTS Possible Generic Phishkit Landing Page M1
(current_events.rules)

[---] Removed rules: [---]

2850118 - ETPRO TROJAN Win32/Remcos RAT Checkin 756 (trojan.rules)

---------------------------------------

James Emery-Callcott
Security Researcher | ProofPoint Inc | Emerging Threats Team

Date:

Thursday, October 21, 2021

Summary title:

6 new OPEN, 11 new PRO (6 + 5). MalDoc Downloader, Remcos, Various Phish, Others.