Daily Ruleset Update Summary 2022/10/27

[***] Summary: [***]

2 new OPEN, 10 new PRO (2 + 8) SocGholish, Remcos RAT, Suspicious UA,
Various Phish

Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++] Added rules: [+++]

Open:

2039584 - ET INFO Observed DNS Query to Filesharing Service (mega .co
.nz) (info.rules)
2039585 - ET MALWARE SocGholish Domain in DNS Lookup (shipwrecks
.ggentile .com) (malware.rules)

Pro:

2852668 - ETPRO MALWARE Win32/Remcos RAT Checkin 847 (malware.rules)
2852669 - ETPRO INFO Geodirecting Service Domain in DNS Lookup (gtly .to)
(info.rules)
2852671 - ETPRO PHISHING Successful Generic Phish 2022-10-27
(phishing.rules)
2852672 - ETPRO PHISHING Successful Generic Phish 2022-10-27
(phishing.rules)
2852673 - ETPRO PHISHING Successful Generic Phish 2022-10-27
(phishing.rules)
2852674 - ETPRO USER_AGENTS Observed Suspicious UA (Mazilla)
(user_agents.rules)

[///] Modified active rules: [///]

2037876 - ET PHISHING America First CU Successful Phish 2022-10-27
(phishing.rules)
2037877 - ET PHISHING America First CU Account Recovery 2022-10-27
(phishing.rules)

Date:

Thursday, October 27, 2022

Summary title:

2 new OPEN, 10 new PRO (2 + 8) SocGholish, Remcos RAT, Suspicious UA, Various Phish