Summary:
14 new OPEN, 16 new PRO (14 + 2)
Added rules:
Open:
- 2071214 - ET WEB_SPECIFIC_APPS Sonicwall SMA1000 AMC Authenticated Path Traversal (CVE-2026-15410) (web_specific_apps.rules)
- 2071215 - ET WEB_SPECIFIC_APPS Splunk Cloud & Enterprise edit_user Capability Privilege Escalation (CVE-2023-32707) (web_specific_apps.rules)
- 2071216 - ET EXPLOIT_KIT LandUpdate808 Domain in DNS Lookup (monteiro .click) (exploit_kit.rules)
- 2071217 - ET EXPLOIT_KIT LandUpdate808 Domain in DNS Lookup (oosterhout .click) (exploit_kit.rules)
- 2071218 - ET EXPLOIT_KIT LandUpdate808 Domain in TLS SNI (monteiro .click) (exploit_kit.rules)
- 2071219 - ET EXPLOIT_KIT LandUpdate808 Domain in TLS SNI (oosterhout .click) (exploit_kit.rules)
- 2071220 - ET MALWARE TA569 Gholoader CnC Domain in DNS Lookup (up-to-date .paquetesparaorlando .com) (malware.rules)
- 2071221 - ET MALWARE TA569 Gholoader CnC Domain in TLS SNI (up-to-date .paquetesparaorlando .com) (malware.rules)
- 2071222 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (mv2group .com) (exploit_kit.rules)
- 2071223 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (mv2group .com) (exploit_kit.rules)
- 2071224 - ET INFO Remote Monitoring and Management (RMM) Tool in DNS Lookup (agentreportingstore .blob .core .windows .net) (info.rules)
- 2071225 - ET INFO Observed Remote Monitoring and Management (RMM) Tool in TLS SNI (agentreportingstore .blob .core .windows .net) (info.rules)
- 2071226 - ET INFO Observed Remote Monitoring and Management (RMM) Tool in DNS Lookup (packagesstore .blob .core .windows .net) (info.rules)
- 2071227 - ET INFO Observed Remote Monitoring and Management (RMM) Tool in TLS SNI (packagesstore .blob .core .windows .net) (info.rules)
Pro:
- 2868017 - ETPRO WEB_SPECIFIC_APPS Citrix Netscaler Memory Overread (CVE-2026-8451) (web_specific_apps.rules)
- 2868018 - ETPRO MALWARE Malicious Win32/NetSupport Rat CnC Checkin (malware.rules)