Summary:
13 new OPEN, 23 new PRO (13 + 10)
Added rules:
Open:
- 2071132 - ET EXPLOIT_KIT LandUpdate808 Domain in DNS Lookup (carreiro .lol) (exploit_kit.rules)
- 2071133 - ET EXPLOIT_KIT LandUpdate808 Domain in DNS Lookup (henreques .lol) (exploit_kit.rules)
- 2071134 - ET EXPLOIT_KIT LandUpdate808 Domain in TLS SNI (carreiro .lol) (exploit_kit.rules)
- 2071135 - ET EXPLOIT_KIT LandUpdate808 Domain in TLS SNI (henreques .lol) (exploit_kit.rules)
- 2071136 - ET MALWARE TA569 Gholoader CnC Domain in DNS Lookup (client-side .cellustrong .com) (malware.rules)
- 2071137 - ET MALWARE TA569 Gholoader CnC Domain in TLS SNI (client-side .cellustrong .com) (malware.rules)
- 2071138 - ET WEB_SPECIFIC_APPS Gitea API Authentication Bypass (CVE-2026-20896) (web_specific_apps.rules)
- 2071139 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (bittercoldzzdwu .shop) (malware.rules)
- 2071140 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (bittercoldzzdwu .shop) in TLS SNI (malware.rules)
- 2071141 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (conferenctdressingshrw .site) (malware.rules)
- 2071142 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (conferenctdressingshrw .site) in TLS SNI (malware.rules)
- 2071143 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (teachherwjw .shop) (malware.rules)
- 2071144 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (teachherwjw .shop) in TLS SNI (malware.rules)
Pro:
- 2867935 - ETPRO WEB_SPECIFIC_APPS OPNsense Secrets Disclosure via XPATH Injection (CVE-2026-53582) (web_specific_apps.rules)
- 2867936 - ETPRO MALWARE TA584 Win32/XWorm V2 CnC Command - PING Outbound (malware.rules)
- 2867937 - ETPRO MALWARE TA584 Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
- 2867938 - ETPRO MALWARE TA584 Win32/XWorm CnC Command - Ping Inbound (malware.rules)
- 2867939 - ETPRO MALWARE TA584 Win32/XWorm V2 CnC Command - RD- Inbound (malware.rules)
- 2867940 - ETPRO MALWARE TA584 Win32/XWorm V3 CnC Command - sendPlugin Outbound (malware.rules)
- 2867941 - ETPRO MALWARE TA584 Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
- 2867942 - ETPRO MALWARE TA584 Win32/XWorm V3 CnC Command - GetInformations Inbound (malware.rules)
- 2867943 - ETPRO MALWARE TA584 Win32/XWorm V3 CnC Command - PCShutdown Inbound (malware.rules)
- 2867944 - ETPRO WEB_SPECIFIC_APPS Microsoft SharePoint Taxonomy SQLi (CVE-2026-26114) (web_specific_apps.rules)
Modified inactive rules:
- 2867923 - ETPRO MALWARE TA584 Win32/XWorm V3 CnC Command - PCShutdown Inbound (malware.rules)