Ruleset Update Summary - 2026/05/21 - v11198

rulesbot · May 21, 2026, 8:50pm

Summary:

4 new OPEN, 12 new PRO (4 + 8)

2069384 - ET PHISHING Operation HookedWing Landing Page Observed (phishing.rules)
2069385 - ET PHISHING Operation HookedWing Form Injection Payload Request (phishing.rules)
2069386 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (pantofr .cyou) (malware.rules)
2069387 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (pantofr .cyou) in TLS SNI (malware.rules)

2867545 - ETPRO WEB_SPECIFIC_APPS Atlassian Jira SetupLicense Reflected Cross-Site Scripting (web_specific_apps.rules)
2867547 - ETPRO PHISHING TA4903 Domain in DNS Lookup (phishing.rules)
2867548 - ETPRO PHISHING TA4903 Domain in TLS SNI (phishing.rules)
2867549 - ETPRO PHISHING TA4903 Domain in DNS Lookup (phishing.rules)
2867550 - ETPRO PHISHING TA4903 Domain in TLS SNI (phishing.rules)
2867551 - ETPRO MALWARE Observed DNS Query to UNK_SteadySplit Domain (malware.rules)
2867552 - ETPRO MALWARE Observed UNK_SteadySplit Domain in TLS SNI (malware.rules)
2867553 - ETPRO MALWARE PropSocket CnC Activity (GET) (malware.rules)

2031189 - ET HUNTING HTTP POST to XYZ TLD Containing Pass - Possible Phishing (hunting.rules)

Topic	Replies	Views
Ruleset Update Summary - 2024/06/12 - v10616 Ruleset Updates	528	June 12, 2024
Ruleset Update Summary - 2024/11/07 - v10737 Ruleset Updates	129	November 7, 2024
Ruleset Update Summary - 2025/02/19 - v10862 Ruleset Updates	113	February 19, 2025
Ruleset Update Summary - 2023/12/26 - v10493 Ruleset Updates	364	December 26, 2023
Ruleset Update Summary - 2026/03/27 - v11159 Ruleset Updates	79	March 27, 2026