Ruleset Update Summary - 2026/02/02 - v11116

Ruleset Updates
1

Summary:

36 new OPEN, 39 new PRO (36 + 3)

Added rules:

Open:

  • 2067230 - ET WEB_SPECIFIC_APPS Ivanti Endpoint Manager Mobile Unauthenticated Remote Code Execution (CVE-2026-1281 & CVE-2026-1340) (web_specific_apps.rules)
  • 2067231 - ET INFO DYNAMIC_DNS Query to a *.carrard .org domain (info.rules)
  • 2067232 - ET INFO DYNAMIC_DNS HTTP Request to a *.carrard .org domain (info.rules)
  • 2067233 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (caverncyom .live) (malware.rules)
  • 2067234 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (caverncyom .live) in TLS SNI (malware.rules)
  • 2067235 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (tidy-celery .cyou) (malware.rules)
  • 2067236 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (tidy-celery .cyou) in TLS SNI (malware.rules)
  • 2067237 - ET INFO DYNAMIC_DNS Query to a *.lang .hm domain (info.rules)
  • 2067238 - ET INFO DYNAMIC_DNS HTTP Request to a *.lang .hm domain (info.rules)
  • 2067239 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (exchank .cyou) (malware.rules)
  • 2067240 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (exchank .cyou) in TLS SNI (malware.rules)
  • 2067241 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (tragedj .cyou) (malware.rules)
  • 2067242 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (tragedj .cyou) in TLS SNI (malware.rules)
  • 2067243 - ET INFO Observed DNS Query to Clawdbot Domain (clawdbot .ai) (info.rules)
  • 2067244 - ET INFO Observed DNS Query to Clawdbot Domain (openclaw .ai) (info.rules)
  • 2067245 - ET INFO Observed Clawdbot Domain (clawdbot .ai in TLS SNI) (info.rules)
  • 2067246 - ET INFO Observed Clawdbot Domain (openclaw .ai in TLS SNI) (info.rules)
  • 2067247 - ET INFO Moltbook Domain (moltbook .com) in DNS Lookup (info.rules)
  • 2067248 - ET INFO Observed Moltbook Domain (moltbook .com) in TLS SNI (info.rules)
  • 2067249 - ET INFO Moltbook AI Agent Registration Attempt (info.rules)
  • 2067250 - ET INFO Moltbook skill.md request (info.rules)
  • 2067251 - ET EXPLOIT_KIT LandUpdate808 Domain in DNS Lookup (soulversr .com) (exploit_kit.rules)
  • 2067252 - ET EXPLOIT_KIT LandUpdate808 Domain (soulversr .com) in TLS SNI (exploit_kit.rules)
  • 2067253 - ET INFO Moltbook messaging.md request (info.rules)
  • 2067254 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (dutchfj .cyou) (malware.rules)
  • 2067255 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (dutchfj .cyou) in TLS SNI (malware.rules)
  • 2067256 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (marktwx .cyou) (malware.rules)
  • 2067257 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (marktwx .cyou) in TLS SNI (malware.rules)
  • 2067258 - ET INFO Moltbook heartbeat.md request (info.rules)
  • 2067259 - ET INFO Moltbook skill.json request (info.rules)
  • 2067260 - ET INFO GET Request to Clawdbot Installer (info.rules)
  • 2067261 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (tiapolif .com) (exploit_kit.rules)
  • 2067262 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (tiapolif .com) (exploit_kit.rules)
  • 2067263 - ET MALWARE Chrysalis Backdoor CnC Domain in DNS Lookup (skycloudcenter .com) (malware.rules)
  • 2067264 - ET MALWARE Chrysalis Backdoor CnC Domain in TLS SNI (skycloudcenter .com) (malware.rules)
  • 2067265 - ET MALWARE Chrysalis Backdoor CnC Checkin (malware.rules)

Pro:

  • 2865858 - ETPRO MALWARE Malicious Win32/NetSupport Rat CnC Checkin (malware.rules)
  • 2865859 - ETPRO MALWARE Win32/zgRAT CnC Checkin (malware.rules)
  • 2865860 - ETPRO MALWARE Win32/Stitcher CnC Data Exfil (PST) (malware.rules)