Summary:
26 new OPEN, 39 new PRO (26 + 13)
Added rules:
Open:
- 2067266 - ET WEB_SPECIFIC_APPS SmarterTools SmarterMail ConnectToHub Unauthenticated Remote Code Execution (CVE-2026-24423) (web_specific_apps.rules)
- 2067267 - ET MALWARE PulsarRAT CnC Traffic Observed (malware.rules)
- 2067268 - ET INFO DYNAMIC_DNS Query to a *.dinprima .ro domain (info.rules)
- 2067269 - ET INFO DYNAMIC_DNS HTTP Request to a *.dinprima .ro domain (info.rules)
- 2067270 - ET EXPLOIT_KIT LandUpdate808 Domain in DNS Lookup (monseftq .com) (exploit_kit.rules)
- 2067271 - ET EXPLOIT_KIT LandUpdate808 Domain (monseftq .com) in TLS SNI (exploit_kit.rules)
- 2067272 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (scarfkn .cyou) (malware.rules)
- 2067273 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (scarfkn .cyou) in TLS SNI (malware.rules)
- 2067274 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (trainen .cyou) (malware.rules)
- 2067275 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (trainen .cyou) in TLS SNI (malware.rules)
- 2067276 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (veinyjsuwk .site) (malware.rules)
- 2067277 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (veinyjsuwk .site) in TLS SNI (malware.rules)
- 2067278 - ET WEB_SPECIFIC_APPS FreePBX SSH testconnection Multiple Parameters Command Injection Attempt (CVE-2025-64328) (web_specific_apps.rules)
- 2067279 - ET MALWARE Cobalt Strike Related Domain in DNS Lookup (safe-dns .it .com) (malware.rules)
- 2067280 - ET MALWARE Cobalt Strike Related Domain in DNS Lookup (self-dns .it .com) (malware.rules)
- 2067281 - ET MALWARE Cobalt Strike Related Domain in DNS Lookup (cdncheck .it .com) (malware.rules)
- 2067282 - ET MALWARE Cobalt Strike Related Domain in TLS SNI (safe-dns .it .com) (malware.rules)
- 2067283 - ET MALWARE Cobalt Strike Related Domain in TLS SNI (self-dns .it .com) (malware.rules)
- 2067284 - ET MALWARE Cobalt Strike Related Domain in TLS SNI (cdncheck .it .com) (malware.rules)
- 2067285 - ET EXPLOIT_KIT LandUpdate808 Domain in DNS Lookup (payinty .com) (exploit_kit.rules)
- 2067286 - ET EXPLOIT_KIT LandUpdate808 Domain in TLS SNI (payinty .com) (exploit_kit.rules)
- 2067287 - ET MALWARE TA569 Gholoader CnC Domain in DNS Lookup (plesk .cheriwildes .com) (malware.rules)
- 2067288 - ET MALWARE TA569 Gholoader CnC Domain in DNS Lookup (my .mikalprice .com) (malware.rules)
- 2067289 - ET MALWARE TA569 Gholoader CnC Domain in TLS SNI (plesk .cheriwildes .com) (malware.rules)
- 2067290 - ET MALWARE TA569 Gholoader CnC Domain in TLS SNI (my .mikalprice .com) (malware.rules)
- 2067291 - ET MALWARE Observed ClickFix Landing Page (malware.rules)
Pro:
- 2865861 - ETPRO ATTACK_RESPONSE Observed TA397 ClickFix Landing Page (attack_response.rules)
- 2865862 - ETPRO ATTACK_RESPONSE Observed TA397 ClickFix Landing Page (attack_response.rules)
- 2865863 - ETPRO ATTACK_RESPONSE TA397 CnC Activity (POST) (attack_response.rules)
- 2865864 - ETPRO MALWARE Malicious Win32/NetSupport Rat CnC Checkin (malware.rules)
- 2865865 - ETPRO PHISHING TA4903 Domain in DNS Lookup (phishing.rules)
- 2865866 - ETPRO PHISHING TA4903 Domain in TLS SNI (phishing.rules)
- 2865867 - ETPRO PHISHING TA4903 Domain in DNS Lookup (phishing.rules)
- 2865868 - ETPRO PHISHING TA4903 Domain in TLS SNI (phishing.rules)
- 2865869 - ETPRO MALWARE TA397 CnC Activity (GET) (malware.rules)
- 2865870 - ETPRO MALWARE Observed DNS Query to TA397 Domain (malware.rules)
- 2865871 - ETPRO MALWARE Observed TA397 Domain in TLS SNI (malware.rules)
- 2865872 - ETPRO EXPLOIT OpenSSL CMS AuthEnvelopedData AEAD IV Stack Overflow (CVE-2025-15467) M1 (exploit.rules)
- 2865873 - ETPRO EXPLOIT OpenSSL CMS AuthEnvelopedData AEAD IV Stack Overflow (CVE-2025-15467) M2 (exploit.rules)