Summary:
9 new OPEN, 19 new PRO (9 + 10)
Added rules:
Open:
- 2068808 - ET INFO DYNAMIC_DNS Query to a *.fiedleracres .com domain (info.rules)
- 2068809 - ET INFO DYNAMIC_DNS HTTP Request to a *.fiedleracres .com domain (info.rules)
- 2068810 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (cankgmr .cyou) (malware.rules)
- 2068811 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (cankgmr .cyou) in TLS SNI (malware.rules)
- 2068812 - ET INFO Traffic Flooding To Evade Detection (mercadolibre .com) (info.rules)
- 2068813 - ET PHISHING Wahala Microsoft OAuth Device Code Landing Page 2026-04-16 (phishing.rules)
- 2068814 - ET PHISHING Successful Wahala Microsoft OAuth Device Code Attack, Polling for User Validated Tokens (phishing.rules)
- 2068815 - ET MALWARE TA569 Gholoader CnC Domain in DNS Lookup (store .adriennerichardson .com) (malware.rules)
- 2068816 - ET MALWARE TA569 Gholoader CnC Domain in TLS SNI (store .adriennerichardson .com) (malware.rules)
Pro:
- 2867084 - ETPRO MALWARE TA584 Win32/XWorm V2 CnC Command - PING Outbound (malware.rules)
- 2867085 - ETPRO MALWARE TA584 Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
- 2867086 - ETPRO MALWARE TA584 Win32/XWorm CnC Command - Ping Inbound (malware.rules)
- 2867087 - ETPRO MALWARE TA584 Win32/XWorm V2 CnC Command - RD- Inbound (malware.rules)
- 2867088 - ETPRO MALWARE TA584 Win32/XWorm V3 CnC Command - sendPlugin Outbound (malware.rules)
- 2867089 - ETPRO MALWARE TA584 Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
- 2867090 - ETPRO MALWARE TA584 Win32/XWorm V3 CnC Command - GetInformations Inbound (malware.rules)
- 2867091 - ETPRO MALWARE TA584 Win32/XWorm V3 CnC Command - PCShutdown Inbound (malware.rules)
- 2867092 - ETPRO MALWARE Malicious Win32/NetSupport Rat CnC Checkin (malware.rules)
- 2867093 - ETPRO MALWARE TA2527 Related CnC Beacon (POST) (malware.rules)
Disabled and modified rules:
- 2867033 - ETPRO HUNTING PDF JS-embedded contains JSF*ck Obfuscated Code (hunting.rules)