Ruleset Update Summary - 2026/06/24 - v11220

rulesbot · June 24, 2026, 8:50pm

Summary:

6 new OPEN, 31 new PRO (6 + 25)

Added rules:

Open:

2070055 - ET EXPLOIT_KIT LandUpdate808 Domain in DNS Lookup (uolguin .cfd) (exploit_kit.rules)
2070056 - ET EXPLOIT_KIT LandUpdate808 Domain in DNS Lookup (ledesla .cfd) (exploit_kit.rules)
2070057 - ET EXPLOIT_KIT LandUpdate808 Domain in TLS SNI (uolguin .cfd) (exploit_kit.rules)
2070058 - ET EXPLOIT_KIT LandUpdate808 Domain in TLS SNI (ledesla .cfd) (exploit_kit.rules)
2070059 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (coralwayfinder .top) (exploit_kit.rules)
2070060 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (coralwayfinder .top) (exploit_kit.rules)

Pro:

2867768 - ETPRO MALWARE TA584 Win32/XWorm V2 CnC Command - PING Outbound (malware.rules)
2867769 - ETPRO MALWARE TA584 Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
2867770 - ETPRO MALWARE TA584 Win32/XWorm CnC Command - Ping Inbound (malware.rules)
2867771 - ETPRO MALWARE TA584 Win32/XWorm V2 CnC Command - RD- Inbound (malware.rules)
2867772 - ETPRO MALWARE TA584 Win32/XWorm V3 CnC Command - sendPlugin Outbound (malware.rules)
2867773 - ETPRO MALWARE TA584 Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
2867774 - ETPRO MALWARE TA584 Win32/XWorm V3 CnC Command - GetInformations Inbound (malware.rules)
2867775 - ETPRO MALWARE TA584 Win32/XWorm V3 CnC Command - PCShutdown Inbound (malware.rules)
2867776 - ETPRO PHISHING Request to Fake Calendly Meeting Landing Page (phishing.rules)
2867777 - ETPRO PHISHING TA2730 Site Config Request (phishing.rules)
2867778 - ETPRO PHISHING Fake Calendly Meeting Landing Page (phishing.rules)
2867779 - ETPRO PHISHING Observed DNS Query to Device Code Phishing Domain (phishing.rules)
2867780 - ETPRO PHISHING Observed DNS Query to Device Code Phishing Domain (phishing.rules)
2867781 - ETPRO PHISHING Observed DNS Query to Device Code Phishing Domain (phishing.rules)
2867782 - ETPRO PHISHING Observed DNS Query to Device Code Phishing Domain (phishing.rules)
2867783 - ETPRO PHISHING Observed DNS Query to Device Code Phishing Domain (phishing.rules)
2867784 - ETPRO PHISHING Observed Device Code Phishing Domain Domain in TLS SNI (phishing.rules)
2867785 - ETPRO PHISHING Observed Device Code Phishing Domain Domain in TLS SNI (phishing.rules)
2867786 - ETPRO PHISHING Observed Device Code Phishing Domain Domain in TLS SNI (phishing.rules)
2867787 - ETPRO PHISHING Observed Device Code Phishing Domain Domain in TLS SNI (phishing.rules)
2867788 - ETPRO PHISHING Observed Device Code Phishing Domain Domain in TLS SNI (phishing.rules)
2867789 - ETPRO PHISHING Observed DNS Query to Fake Calendly Credential Theft Landing Page Domain (phishing.rules)
2867790 - ETPRO PHISHING Observed DNS Query to Fake Calendly Credential Theft Landing Page Domain (phishing.rules)
2867791 - ETPRO PHISHING Observed Fake Calendly Credential Theft Landing Page Domain in TLS SNI (phishing.rules)
2867792 - ETPRO PHISHING Observed Fake Calendly Credential Theft Landing Page Domain in TLS SNI (phishing.rules)

Topic	Replies	Views
Ruleset Update Summary - 2026/04/23 - v11178 Ruleset Updates	95	April 23, 2026
Ruleset Update Summary - 2024/12/27 - v10818 Ruleset Updates	97	December 27, 2024
Ruleset Update Summary - 2026/05/26 - v11200 Ruleset Updates	72	May 26, 2026
Ruleset Update Summary - 2025/12/22 - v11088 Ruleset Updates	158	December 22, 2025
Ruleset Update Summary - 2024/06/04 - v10609 Ruleset Updates	178	June 4, 2024

Ruleset Update Summary - 2026/06/24 - v11220

Summary:

Added rules:

Open:

Pro:

Related topics