Ruleset Update Summary - 2026/06/01 - v11204

rulesbot · June 1, 2026, 8:50pm

Summary:

102 new OPEN, 130 new PRO (102 + 28)

Added rules:

Open:

2069481 - ET INFO DYNAMIC_DNS Query to a *.sos .al domain (info.rules)
2069482 - ET INFO DYNAMIC_DNS HTTP Request to a *.sos .al domain (info.rules)
2069483 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (crowfza .xyz) (malware.rules)
2069484 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (crowfza .xyz) in TLS SNI (malware.rules)
2069485 - ET EXPLOIT_KIT LandUpdate808 Domain in DNS Lookup (marqueq .lol) (exploit_kit.rules)
2069486 - ET EXPLOIT_KIT LandUpdate808 Domain in TLS SNI (marqueq .lol) (exploit_kit.rules)
2069487 - ET MALWARE TA569 Gholoader CnC Domain in DNS Lookup (order .stnicksxmaslighting .com) (malware.rules)
2069488 - ET MALWARE TA569 Gholoader CnC Domain in TLS SNI (order .stnicksxmaslighting .com) (malware.rules)
2069489 - ET PHISHING UNK_DeadDrop Domain in DNS Lookup (alphanonega .org) (phishing.rules)
2069490 - ET PHISHING UNK_DeadDrop Domain in DNS Lookup (asteara .org) (phishing.rules)
2069491 - ET PHISHING UNK_DeadDrop Domain in DNS Lookup (careerpredictto .space) (phishing.rules)
2069492 - ET PHISHING UNK_DeadDrop Domain in DNS Lookup (careerpulsynk .xyz) (phishing.rules)
2069493 - ET PHISHING UNK_DeadDrop Domain in DNS Lookup (careertrixauvex .ink) (phishing.rules)
2069494 - ET PHISHING UNK_DeadDrop Domain in DNS Lookup (ceronet .work) (phishing.rules)
2069495 - ET PHISHING UNK_DeadDrop Domain in DNS Lookup (ceronetwork .org) (phishing.rules)
2069496 - ET PHISHING UNK_DeadDrop Domain in DNS Lookup (connectptogether .ink) (phishing.rules)
2069497 - ET PHISHING UNK_DeadDrop Domain in DNS Lookup (contactpredicttogether .ink) (phishing.rules)
2069498 - ET PHISHING UNK_DeadDrop Domain in DNS Lookup (contactpulsynk .ink) (phishing.rules)
2069499 - ET PHISHING UNK_DeadDrop Domain in DNS Lookup (contacttrixauvex .ink) (phishing.rules)
2069500 - ET PHISHING UNK_DeadDrop Domain in DNS Lookup (coslyintra .online) (phishing.rules)
2069501 - ET PHISHING UNK_DeadDrop Domain in DNS Lookup (cotrixauvex .ink) (phishing.rules)
2069502 - ET PHISHING UNK_DeadDrop Domain in DNS Lookup (culyrax .us) (phishing.rules)
2069503 - ET PHISHING UNK_DeadDrop Domain in DNS Lookup (deep-ai-guard .store) (phishing.rules)
2069504 - ET PHISHING UNK_DeadDrop Domain in DNS Lookup (domatisc .ink) (phishing.rules)
2069505 - ET PHISHING UNK_DeadDrop Domain in DNS Lookup (doxxela .ink) (phishing.rules)
2069506 - ET PHISHING UNK_DeadDrop Domain in DNS Lookup (elsavora .us) (phishing.rules)
2069507 - ET PHISHING UNK_DeadDrop Domain in DNS Lookup (empowerpharmacy .space) (phishing.rules)
2069508 - ET PHISHING UNK_DeadDrop Domain in DNS Lookup (hyperdevpipline .org) (phishing.rules)
2069509 - ET PHISHING UNK_DeadDrop Domain in DNS Lookup (mailpredicttogether .ink) (phishing.rules)
2069510 - ET PHISHING UNK_DeadDrop Domain in DNS Lookup (mailpulsynk .xyz) (phishing.rules)
2069511 - ET PHISHING UNK_DeadDrop Domain in DNS Lookup (mailtrixauvex .ink) (phishing.rules)
2069512 - ET PHISHING UNK_DeadDrop Domain in DNS Lookup (migadyn .info) (phishing.rules)
2069513 - ET PHISHING UNK_DeadDrop Domain in DNS Lookup (nemesistrade .work) (phishing.rules)
2069514 - ET PHISHING UNK_DeadDrop Domain in DNS Lookup (notifypulsynk .ink) (phishing.rules)
2069515 - ET PHISHING UNK_DeadDrop Domain in DNS Lookup (nowurisch .fit) (phishing.rules)
2069516 - ET PHISHING UNK_DeadDrop Domain in DNS Lookup (nxlog .tech) (phishing.rules)
2069517 - ET PHISHING UNK_DeadDrop Domain in DNS Lookup (ondofinance .tech) (phishing.rules)
2069518 - ET PHISHING UNK_DeadDrop Domain in DNS Lookup (onoplainai .ink) (phishing.rules)
2069519 - ET PHISHING UNK_DeadDrop Domain in DNS Lookup (onoplanoai .ink) (phishing.rules)
2069520 - ET PHISHING UNK_DeadDrop Domain in DNS Lookup (optixauvex .us) (phishing.rules)
2069521 - ET PHISHING UNK_DeadDrop Domain in DNS Lookup (predictcareertogether .space) (phishing.rules)
2069522 - ET PHISHING UNK_DeadDrop Domain in DNS Lookup (predicttocareer .space) (phishing.rules)
2069523 - ET PHISHING UNK_DeadDrop Domain in DNS Lookup (predicttogerecruit .store) (phishing.rules)
2069524 - ET PHISHING UNK_DeadDrop Domain in DNS Lookup (predicttogether .ink) (phishing.rules)
2069525 - ET PHISHING UNK_DeadDrop Domain in DNS Lookup (predicttogetherrecruit .store) (phishing.rules)
2069526 - ET PHISHING UNK_DeadDrop Domain in DNS Lookup (pulsynk .org) (phishing.rules)
2069527 - ET PHISHING UNK_DeadDrop Domain in DNS Lookup (raxvatange .ink) (phishing.rules)
2069528 - ET PHISHING UNK_DeadDrop Domain in DNS Lookup (recruitptogether .xyz) (phishing.rules)
2069529 - ET PHISHING UNK_DeadDrop Domain in DNS Lookup (recruitvex .us) (phishing.rules)
2069530 - ET PHISHING UNK_DeadDrop Domain in DNS Lookup (talentnexhr .ink) (phishing.rules)
2069531 - ET PHISHING UNK_DeadDrop Domain in DNS Lookup (teampulsynk .team) (phishing.rules)
2069532 - ET PHISHING UNK_DeadDrop Domain in DNS Lookup (togetherhire .fun) (phishing.rules)
2069533 - ET PHISHING UNK_DeadDrop Domain in DNS Lookup (trixauvex .org) (phishing.rules)
2069534 - ET PHISHING UNK_DeadDrop Domain in DNS Lookup (trixauvexnet .ink) (phishing.rules)
2069535 - ET PHISHING UNK_DeadDrop Domain in DNS Lookup (valorecuiting .online) (phishing.rules)
2069536 - ET PHISHING UNK_DeadDrop Domain in TLS SNI (alphanonega .org) (phishing.rules)
2069537 - ET PHISHING UNK_DeadDrop Domain in TLS SNI (asteara .org) (phishing.rules)
2069538 - ET PHISHING UNK_DeadDrop Domain in TLS SNI (careerpredictto .space) (phishing.rules)
2069539 - ET PHISHING UNK_DeadDrop Domain in TLS SNI (careerpulsynk .xyz) (phishing.rules)
2069540 - ET PHISHING UNK_DeadDrop Domain in TLS SNI (careertrixauvex .ink) (phishing.rules)
2069541 - ET PHISHING UNK_DeadDrop Domain in TLS SNI (ceronet .work) (phishing.rules)
2069542 - ET PHISHING UNK_DeadDrop Domain in TLS SNI (ceronetwork .org) (phishing.rules)
2069543 - ET PHISHING UNK_DeadDrop Domain in TLS SNI (connectptogether .ink) (phishing.rules)
2069544 - ET PHISHING UNK_DeadDrop Domain in TLS SNI (contactpredicttogether .ink) (phishing.rules)
2069545 - ET PHISHING UNK_DeadDrop Domain in TLS SNI (contactpulsynk .ink) (phishing.rules)
2069546 - ET PHISHING UNK_DeadDrop Domain in TLS SNI (contacttrixauvex .ink) (phishing.rules)
2069547 - ET PHISHING UNK_DeadDrop Domain in TLS SNI (coslyintra .online) (phishing.rules)
2069548 - ET PHISHING UNK_DeadDrop Domain in TLS SNI (cotrixauvex .ink) (phishing.rules)
2069549 - ET PHISHING UNK_DeadDrop Domain in TLS SNI (culyrax .us) (phishing.rules)
2069550 - ET PHISHING UNK_DeadDrop Domain in TLS SNI (deep-ai-guard .store) (phishing.rules)
2069551 - ET PHISHING UNK_DeadDrop Domain in TLS SNI (domatisc .ink) (phishing.rules)
2069552 - ET PHISHING UNK_DeadDrop Domain in TLS SNI (doxxela .ink) (phishing.rules)
2069553 - ET PHISHING UNK_DeadDrop Domain in TLS SNI (elsavora .us) (phishing.rules)
2069554 - ET PHISHING UNK_DeadDrop Domain in TLS SNI (empowerpharmacy .space) (phishing.rules)
2069555 - ET PHISHING UNK_DeadDrop Domain in TLS SNI (hyperdevpipline .org) (phishing.rules)
2069556 - ET PHISHING UNK_DeadDrop Domain in TLS SNI (mailpredicttogether .ink) (phishing.rules)
2069557 - ET PHISHING UNK_DeadDrop Domain in TLS SNI (mailpulsynk .xyz) (phishing.rules)
2069558 - ET PHISHING UNK_DeadDrop Domain in TLS SNI (mailtrixauvex .ink) (phishing.rules)
2069559 - ET PHISHING UNK_DeadDrop Domain in TLS SNI (migadyn .info) (phishing.rules)
2069560 - ET PHISHING UNK_DeadDrop Domain in TLS SNI (nemesistrade .work) (phishing.rules)
2069561 - ET PHISHING UNK_DeadDrop Domain in TLS SNI (notifypulsynk .ink) (phishing.rules)
2069562 - ET PHISHING UNK_DeadDrop Domain in TLS SNI (nowurisch .fit) (phishing.rules)
2069563 - ET PHISHING UNK_DeadDrop Domain in TLS SNI (nxlog .tech) (phishing.rules)
2069564 - ET PHISHING UNK_DeadDrop Domain in TLS SNI (ondofinance .tech) (phishing.rules)
2069565 - ET PHISHING UNK_DeadDrop Domain in TLS SNI (onoplainai .ink) (phishing.rules)
2069566 - ET PHISHING UNK_DeadDrop Domain in TLS SNI (onoplanoai .ink) (phishing.rules)
2069567 - ET PHISHING UNK_DeadDrop Domain in TLS SNI (optixauvex .us) (phishing.rules)
2069568 - ET PHISHING UNK_DeadDrop Domain in TLS SNI (predictcareertogether .space) (phishing.rules)
2069569 - ET PHISHING UNK_DeadDrop Domain in TLS SNI (predicttocareer .space) (phishing.rules)
2069570 - ET PHISHING UNK_DeadDrop Domain in TLS SNI (predicttogerecruit .store) (phishing.rules)
2069571 - ET PHISHING UNK_DeadDrop Domain in TLS SNI (predicttogether .ink) (phishing.rules)
2069572 - ET PHISHING UNK_DeadDrop Domain in TLS SNI (predicttogetherrecruit .store) (phishing.rules)
2069573 - ET PHISHING UNK_DeadDrop Domain in TLS SNI (pulsynk .org) (phishing.rules)
2069574 - ET PHISHING UNK_DeadDrop Domain in TLS SNI (raxvatange .ink) (phishing.rules)
2069575 - ET PHISHING UNK_DeadDrop Domain in TLS SNI (recruitptogether .xyz) (phishing.rules)
2069576 - ET PHISHING UNK_DeadDrop Domain in TLS SNI (recruitvex .us) (phishing.rules)
2069577 - ET PHISHING UNK_DeadDrop Domain in TLS SNI (talentnexhr .ink) (phishing.rules)
2069578 - ET PHISHING UNK_DeadDrop Domain in TLS SNI (teampulsynk .team) (phishing.rules)
2069579 - ET PHISHING UNK_DeadDrop Domain in TLS SNI (togetherhire .fun) (phishing.rules)
2069580 - ET PHISHING UNK_DeadDrop Domain in TLS SNI (trixauvex .org) (phishing.rules)
2069581 - ET PHISHING UNK_DeadDrop Domain in TLS SNI (trixauvexnet .ink) (phishing.rules)
2069582 - ET PHISHING UNK_DeadDrop Domain in TLS SNI (valorecuiting .online) (phishing.rules)

Pro:

2867593 - ETPRO PHISHING CoGUI Visitor Filter M1 2026-05-29 (phishing.rules)
2867594 - ETPRO PHISHING CoGUI Visitor Filter M2 2026-05-29 (phishing.rules)
2867595 - ETPRO PHISHING CoGUI Activity (Config Check) M1 2026-05-29 (phishing.rules)
2867596 - ETPRO PHISHING CoGUI Activity (Config Check) M2 2026-05-29 (phishing.rules)
2867597 - ETPRO PHISHING CoGUI Activity (Config Check) M3 2026-05-29 (phishing.rules)
2867598 - ETPRO PHISHING CoGUI Activity (Config Check) M4 2026-05-29 (phishing.rules)
2867599 - ETPRO PHISHING CoGUI Activity (Config Check) M5 2026-05-29 (phishing.rules)
2867600 - ETPRO PHISHING CoGUI Activity (Config Check) M6 2026-05-29 (phishing.rules)
2867601 - ETPRO PHISHING CoGUI Activity (Config Check) M7 2026-05-29 (phishing.rules)
2867602 - ETPRO PHISHING CoGUI Activity (Config Check) M8 2026-05-29 (phishing.rules)
2867603 - ETPRO MALWARE Malicious Win32/NetSupport Rat CnC Checkin (malware.rules)
2867604 - ETPRO MALWARE Malicious Win32/NetSupport Rat CnC Checkin (malware.rules)
2867605 - ETPRO EXPLOIT Microsoft Windows Netlogon BuildSamLogonResponse Stack Buffer Overflow (CVE-2026-41089) (exploit.rules)
2867606 - ETPRO MALWARE Observed DNS Query to player12 Domain (malware.rules)
2867607 - ETPRO MALWARE Observed DNS Query to player12 Domain (malware.rules)
2867608 - ETPRO MALWARE Observed player12 Domain in TLS SNI (malware.rules)
2867609 - ETPRO MALWARE Observed player12 Domain in TLS SNI (malware.rules)
2867610 - ETPRO MALWARE player12 CnC Victim Beacon (malware.rules)
2867611 - ETPRO MALWARE player12 CnC Victim Registration (malware.rules)
2867612 - ETPRO MALWARE player12 CnC Victim Poll (malware.rules)
2867613 - ETPRO MALWARE TA584 Win32/XWorm V2 CnC Command - PING Outbound (malware.rules)
2867614 - ETPRO MALWARE TA584 Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
2867615 - ETPRO MALWARE TA584 Win32/XWorm CnC Command - Ping Inbound (malware.rules)
2867616 - ETPRO MALWARE TA584 Win32/XWorm V2 CnC Command - RD- Inbound (malware.rules)
2867617 - ETPRO MALWARE TA584 Win32/XWorm V3 CnC Command - sendPlugin Outbound (malware.rules)
2867618 - ETPRO MALWARE TA584 Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
2867619 - ETPRO MALWARE TA584 Win32/XWorm V3 CnC Command - GetInformations Inbound (malware.rules)
2867620 - ETPRO MALWARE TA584 Win32/XWorm V3 CnC Command - PCShutdown Inbound (malware.rules)

Modified inactive rules:

2069428 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (lucidgardenhub .top) (exploit_kit.rules)
2069429 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (silentquarry .top) (exploit_kit.rules)
2069430 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (thunderplanethub .top) (exploit_kit.rules)
2069431 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (bluecompass .top) (exploit_kit.rules)

Topic	Replies	Views
Ruleset Update Summary - 2025/07/29 - v10981 Ruleset Updates	93	July 29, 2025
Ruleset Update Summary - 2025/02/18 - v10861 Ruleset Updates	202	February 18, 2025
Ruleset Update Summary - 2025/06/30 - v10960 Ruleset Updates	82	June 30, 2025
Ruleset Update Summary - 2025/09/05 - v11009 Ruleset Updates	102	September 5, 2025
Ruleset Update Summary - 2024/01/18 - v10509 Ruleset Updates	554	January 18, 2024

Ruleset Update Summary - 2026/06/01 - v11204

Summary:

Added rules:

Open:

Pro:

Modified inactive rules:

Related topics