Summary:
9 new OPEN, 16 new PRO (9 + 7)
Added rules:
Open:
- 2069266 - ET MALWARE TA569 Gholoader CnC Domain in DNS Lookup (cpanel .importersexportersltd .com) (malware.rules)
- 2069267 - ET MALWARE TA569 Gholoader CnC Domain in TLS SNI (cpanel .importersexportersltd .com) (malware.rules)
- 2069268 - ET INFO DYNAMIC_DNS Query to a *.sanibelislandfloridarealestate .com domain (info.rules)
- 2069269 - ET INFO DYNAMIC_DNS HTTP Request to a *.sanibelislandfloridarealestate .com domain (info.rules)
- 2069270 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (jinga .locker) (malware.rules)
- 2069271 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (jinga .locker) in TLS SNI (malware.rules)
- 2069272 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (maloneyr .cyou) (malware.rules)
- 2069273 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (maloneyr .cyou) in TLS SNI (malware.rules)
- 2069274 - ET EXPLOIT Rclone RC Set Options NoAuth Parameter Authentication Bypass Attempt (CVE-2026-41176) (exploit.rules)
Pro:
- 2867484 - ETPRO EXPLOIT Outlook Classic Use After Free Remote Code Execution Attempt M1 (CVE-2026-40361) (exploit.rules)
- 2867485 - ETPRO EXPLOIT Outlook Classic Use After Free Remote Code Execution Attempt M2 (CVE-2026-40361) (exploit.rules)
- 2867486 - ETPRO MALWARE DOILoader CnC Activity (User Fingerprinting) (malware.rules)
- 2867487 - ETPRO MALWARE DOILoader CnC Activity (Window Tracking) (malware.rules)
- 2867488 - ETPRO MALWARE DOILoader CnC Activity (PONG) (malware.rules)
- 2867489 - ETPRO MALWARE DOILoader CnC Activity (PING) (malware.rules)
- 2867490 - ETPRO EXPLOIT Rclone RC fsinfo Command Injection Attempt (CVE-2026-41179) (exploit.rules)
Modified inactive rules:
- 2069023 - ET EXPLOIT_KIT LandUpdate808 Domain in TLS SNI (hegmaen .com) (exploit_kit.rules)
- 2069027 - ET MALWARE TA569 Gholoader CnC Domain in DNS Lookup (images .california-wealth .com) (malware.rules)