Ruleset Update Summary - 2026/06/02 - v11205

rulesbot · June 2, 2026, 8:45pm

Summary:

27 new OPEN, 30 new PRO (27 + 3)

Added rules:

Open:

2069583 - ET INFO Remote Monitoring and Management (RMM) Tool in DNS Lookup (* .aomeisoftware .com) (info.rules)
2069584 - ET INFO Remote Monitoring and Management (RMM) Tool in TLS SNI (* .aomeisoftware .com) (info.rules)
2069585 - ET INFO Remote Monitoring and Management (RMM) Tool in DNS Lookup (getalphacontrol .com) (info.rules)
2069586 - ET INFO Remote Monitoring and Management (RMM) Tool in TLS SNI (getalphacontrol .com) (info.rules)
2069587 - ET INFO Remote Monitoring and Management (RMM) Tool in DNS Lookup (atera-agent-heartbeat .servicebus .windows .net) (info.rules)
2069588 - ET INFO Remote Monitoring and Management (RMM) Tool in TLS SNI (atera-agent-heartbeat .servicebus .windows .net) (info.rules)
2069589 - ET INFO Remote Monitoring and Management (RMM) Tool in DNS Lookup (* .baramundi .com) (info.rules)
2069590 - ET INFO Remote Monitoring and Management (RMM) Tool in TLS SNI (* .baramundi .com) (info.rules)
2069591 - ET INFO Remote Monitoring and Management (RMM) Tool in DNS Lookup (* .beinsync .net) (info.rules)
2069592 - ET INFO Remote Monitoring and Management (RMM) Tool in TLS SNI (* .beinsync .net) (info.rules)
2069593 - ET MALWARE TA569 Gholoader CnC Domain in DNS Lookup (content .sodakconcretecoatings .com) (malware.rules)
2069594 - ET MALWARE TA569 Gholoader CnC Domain in TLS SNI (content .sodakconcretecoatings .com) (malware.rules)
2069595 - ET EXPLOIT_KIT LandUpdate808 Domain in DNS Lookup (glnason .lol) (exploit_kit.rules)
2069596 - ET EXPLOIT_KIT LandUpdate808 Domain in TLS SNI (glnason .lol) (exploit_kit.rules)
2069597 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (hardsmi .cyou) (malware.rules)
2069598 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (hardsmi .cyou) in TLS SNI (malware.rules)
2069599 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (workableefferz .click) (malware.rules)
2069600 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (workableefferz .click) in TLS SNI (malware.rules)
2069601 - ET INFO Remote Monitoring and Management (RMM) Tool in DNS Lookup (* .beamyourscreen .com) (info.rules)
2069602 - ET INFO Remote Monitoring and Management (RMM) Tool in TLS SNI (* .beamyourscreen .com) (info.rules)
2069603 - ET INFO Remote Monitoring and Management (RMM) Tool in DNS Lookup (* .bomgarcloud .com) (info.rules)
2069604 - ET INFO Remote Monitoring and Management (RMM) Tool in TLS SNI (* .bomgarcloud .com) (info.rules)
2069605 - ET INFO Remote Monitoring and Management (RMM) Tool in DNS Lookup (* .beyondtrustcloud .com) (info.rules)
2069606 - ET INFO Remote Monitoring and Management (RMM) Tool in TLS SNI (* .beyondtrustcloud .com) (info.rules)
2069607 - ET INFO Remote Monitoring and Management (RMM) Tool in DNS Lookup (* .bluetrait .io) (info.rules)
2069608 - ET INFO Remote Monitoring and Management (RMM) Tool in TLS SNI (* .bluetrait .io) (info.rules)
2069609 - ET HUNTING MSI download request via curl (GET) (hunting.rules)

Pro:

2867621 - ETPRO MALWARE Malicious Win32/NetSupport Rat CnC Checkin (malware.rules)
2867622 - ETPRO WEB_SPECIFIC_APPS Drupal Core DB Abstraction API SQL Injection (CVE-2026-9082) M3 (web_specific_apps.rules)
2867623 - ETPRO EXPLOIT Microsoft Windows Software Protection Platform EoP (CVE-2025-59199) (exploit.rules)

Topic	Replies	Views
Ruleset Update Summary - 2026/06/03 - v11206 Ruleset Updates	52	June 3, 2026
Ruleset Update Summary - 2026/02/09 - v11121 Ruleset Updates	77	February 9, 2026
Ruleset Update Summary - 2026/01/30 - v11115 Ruleset Updates	93	January 30, 2026
Ruleset Update Summary - 2026/03/05 - v11140 Ruleset Updates	75	March 5, 2026
Ruleset Update Summary - 2026/03/02 - v11137 Ruleset Updates	63	March 2, 2026

Ruleset Update Summary - 2026/06/02 - v11205

Summary:

Added rules:

Open:

Pro:

Related topics