Ruleset Update Summary - 2026/02/05 - v11119

Ruleset Updates
1

Summary:

24 new OPEN, 25 new PRO (24 + 1)

Added rules:

Open:

  • 2067327 - ET PHISHING CoGUI 404 Response 2026-02-04 (phishing.rules)
  • 2067328 - ET PHISHING CoGUI Response Page 2026-02-04 (phishing.rules)
  • 2067329 - ET INFO DYNAMIC_DNS Query to a *.rinet .ai domain (info.rules)
  • 2067330 - ET INFO DYNAMIC_DNS HTTP Request to a *.rinet .ai domain (info.rules)
  • 2067331 - ET EXPLOIT_KIT LandUpdate808 Domain in DNS Lookup (weibast .com) (exploit_kit.rules)
  • 2067332 - ET EXPLOIT_KIT LandUpdate808 Domain (weibast .com) in TLS SNI (exploit_kit.rules)
  • 2067333 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (troyouc .cyou) (malware.rules)
  • 2067334 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (troyouc .cyou) in TLS SNI (malware.rules)
  • 2067335 - ET MALWARE DesckVB RAT CnC Checkin (malware.rules)
  • 2067336 - ET MALWARE DesckVB RAT RunBlugin Response from CnC (malware.rules)
  • 2067337 - ET PHISHING Generic Crypto Phish Landing Page M1 2026-02-05 (phishing.rules)
  • 2067338 - ET PHISHING Generic Crypto Phish Landing Page M2 2026-02-05 (phishing.rules)
  • 2067339 - ET MALWARE DesckVB RAT DetectaAV Checkin (malware.rules)
  • 2067340 - ET MALWARE DesckVB RAT Ping Checkin (malware.rules)
  • 2067341 - ET MALWARE DesckVB RAT BlugPass Checkin (malware.rules)
  • 2067342 - ET PHISHING Successful Generic Crypto Phish Exfil M1 2026-02-05 (phishing.rules)
  • 2067343 - ET MALWARE DesckVB RAT BlugPass Checkin - Webcam Enumeration (malware.rules)
  • 2067344 - ET PHISHING Successful Generic Crypto Phish Exfil M2 2026-02-05 (phishing.rules)
  • 2067345 - ET MALWARE DesckVB RAT D ping request/response (malware.rules)
  • 2067346 - ET WEB_SPECIFIC_APPS Arista runTroubleshooting HOST Parameter Command Injection Attempt (CVE-2025-6978) (web_specific_apps.rules)
  • 2067347 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (madridherb .com) (exploit_kit.rules)
  • 2067348 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (madridherb .com) (exploit_kit.rules)
  • 2067349 - ET MALWARE TA569 Gholoader CnC Domain in DNS Lookup (app .envisionoptical .com) (malware.rules)
  • 2067350 - ET MALWARE TA569 Gholoader CnC Domain in TLS SNI (app .envisionoptical .com) (malware.rules)

Pro:

  • 2865922 - ETPRO WEB_SPECIFIC_APPS Apache bRPC profiling Unauthenticated Remote Code Execution (CVE-2025-60021) (web_specific_apps.rules)