Summary:
9 new OPEN, 10 new PRO (9 + 1)
Thanks @h2jazi
Added rules:
Open:
- 2067940 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (ridobad .cyou) (malware.rules)
- 2067941 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (ridobad .cyou) in TLS SNI (malware.rules)
- 2067942 - ET MALWARE Observed DNS Query to TrustConnect RAT Domain (beyondset .top) (malware.rules)
- 2067943 - ET MALWARE Observed TrustConnect Domain RAT (beyondset .top in TLS SNI) (malware.rules)
- 2067944 - ET MALWARE Observed ClickFix Landing Page (malware.rules)
- 2067945 - ET MALWARE Observed ClickFix Landing Page (malware.rules)
- 2067946 - ET MALWARE Observed ClickFix Landing Page (malware.rules)
- 2067947 - ET MALWARE Observed ClickFix Landing Page (malware.rules)
- 2067948 - ET MALWARE Observed TrustConnect RAT Landing Page (malware.rules)
Pro:
- 2866392 - ETPRO WEB_SERVER Cisco Catalyst SD-WAN Authentication Bypass (CVE-2026-20127) (web_server.rules)