Ruleset Update Summary - 2026/06/23 - v11219

rulesbot · June 23, 2026, 8:52pm

Summary:

21 new OPEN, 28 new PRO (21 + 7)

Added rules:

Open:

2070034 - ET INFO Ethereum Contract Request, get() (info.rules)
2070035 - ET INFO Ethereum Contract Request, getURL() (info.rules)
2070036 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (WieseSpark .cyou) (malware.rules)
2070037 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (WieseSpark .cyou) in TLS SNI (malware.rules)
2070038 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (settlehillcanne .pw) (malware.rules)
2070039 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (settlehillcanne .pw) in TLS SNI (malware.rules)
2070040 - ET INFO Observed DNS Query to Automox RMM Console Domain (console .automox .com) (info.rules)
2070041 - ET INFO Observed Automox RMM Console Domain Domain (console .automox .com in TLS SNI) (info.rules)
2070042 - ET HUNTING Automox RMM Installer Downloaded From 3rd Party (hunting.rules)
2070043 - ET MALWARE TA569 Gholoader CnC Domain in DNS Lookup (consumer .fsia .net) (malware.rules)
2070044 - ET MALWARE TA569 Gholoader CnC Domain in TLS SNI (consumer .fsia .net) (malware.rules)
2070045 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (cobaltmeadow .top) (exploit_kit.rules)
2070046 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (ibharcan .com) (exploit_kit.rules)
2070047 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (ivorycourtyard .top) (exploit_kit.rules)
2070048 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (cobaltmeadow .top) (exploit_kit.rules)
2070049 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (ibharcan .com) (exploit_kit.rules)
2070050 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (ivorycourtyard .top) (exploit_kit.rules)
2070051 - ET EXPLOIT_KIT LandUpdate808 Domain in DNS Lookup (bartach .xyz) (exploit_kit.rules)
2070052 - ET EXPLOIT_KIT LandUpdate808 Domain in DNS Lookup (gileert .xyz) (exploit_kit.rules)
2070053 - ET EXPLOIT_KIT LandUpdate808 Domain in TLS SNI (bartach .xyz) (exploit_kit.rules)
2070054 - ET EXPLOIT_KIT LandUpdate808 Domain in TLS SNI (gileert .xyz) (exploit_kit.rules)

Pro:

2867761 - ETPRO MALWARE SecTopRAT Payload Request via EtherHiding (malware.rules)
2867762 - ETPRO MALWARE Observed DNS Query to TA569 SocGholish Domain (malware.rules)
2867763 - ETPRO MALWARE Observed TA569 SocGholish Domain in TLS SNI (malware.rules)
2867764 - ETPRO MALWARE Microsoft Teams Fake Updates Landing Page (malware.rules)
2867765 - ETPRO MALWARE Generic Fake Updates Landing Page (malware.rules)
2867766 - ETPRO EXPLOIT Ivanti Avalanche MuProperty Type 100 ParseToken DoS (CVE-2024-50320) (exploit.rules)
2867767 - ETPRO EXPLOIT Ivanti Avalanche MuProperty Type 101-102 Space-only Value DoS (CVE-2024-47007) (exploit.rules)

Topic	Replies	Views
Ruleset Update Summary - 2026/04/23 - v11178 Ruleset Updates	95	April 23, 2026
Ruleset Update Summary - 2024/06/10 - v10613 Ruleset Updates	180	June 10, 2024
Ruleset Update Summary - 2024/06/03 - v10608 Ruleset Updates	262	June 3, 2024
Ruleset Update Summary - 2024/01/23 - v10512 Ruleset Updates	301	January 23, 2024
Ruleset Update Summary - 2024/12/27 - v10818 Ruleset Updates	97	December 27, 2024

Ruleset Update Summary - 2026/06/23 - v11219

Summary:

Added rules:

Open:

Pro:

Related topics