Ruleset Update Summary - 2026/06/25 - v11221

Ruleset Updates
1

Summary:

9 new OPEN, 22 new PRO (9 + 13)

Added rules:

Open:

  • 2070061 - ET WEB_SPECIFIC_APPS Langflow File Upload Directory Traversal/Remote Code Execution Attempt (CVE-2026-5027) (web_specific_apps.rules)
  • 2070062 - ET HUNTING CoGUI Fingerprint Activity (hunting.rules)
  • 2070063 - ET WEB_SPECIFIC_APPS Cisco Unified Communications Manager Arbitrary File Write/Remote Code Execution Attempt (CVE-2026-20230) (web_specific_apps.rules)
  • 2070064 - ET MALWARE TA569 Gholoader CnC Domain in DNS Lookup (dl .roofreach-ai .com) (malware.rules)
  • 2070065 - ET MALWARE TA569 Gholoader CnC Domain in DNS Lookup (ex-web .viottoenterprises .com) (malware.rules)
  • 2070066 - ET MALWARE TA569 Gholoader CnC Domain in TLS SNI (dl .roofreach-ai .com) (malware.rules)
  • 2070067 - ET MALWARE TA569 Gholoader CnC Domain in TLS SNI (ex-web .viottoenterprises .com) (malware.rules)
  • 2070068 - ET EXPLOIT_KIT LandUpdate808 Domain in DNS Lookup (moielli .xyz) (exploit_kit.rules)
  • 2070069 - ET EXPLOIT_KIT LandUpdate808 Domain in TLS SNI (moielli .xyz) (exploit_kit.rules)

Pro:

  • 2867793 - ETPRO PHISHING Generic Phish Landing Page M1 2026-06-24 (phishing.rules)
  • 2867794 - ETPRO PHISHING Successful Generic Credential Phish Exfil M1 2026-06-24 (phishing.rules)
  • 2867795 - ETPRO PHISHING Generic Phish Landing Page M2 2026-06-24 (phishing.rules)
  • 2867796 - ETPRO PHISHING Successful Generic Credential Phish Exfil M2 2026-06-24 (phishing.rules)
  • 2867797 - ETPRO MALWARE TA584 Win32/XWorm V2 CnC Command - PING Outbound (malware.rules)
  • 2867798 - ETPRO MALWARE TA584 Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
  • 2867799 - ETPRO MALWARE TA584 Win32/XWorm CnC Command - Ping Inbound (malware.rules)
  • 2867800 - ETPRO MALWARE TA584 Win32/XWorm V2 CnC Command - RD- Inbound (malware.rules)
  • 2867801 - ETPRO MALWARE TA584 Win32/XWorm V3 CnC Command - sendPlugin Outbound (malware.rules)
  • 2867802 - ETPRO MALWARE TA584 Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
  • 2867803 - ETPRO MALWARE TA584 Win32/XWorm V3 CnC Command - GetInformations Inbound (malware.rules)
  • 2867804 - ETPRO MALWARE TA584 Win32/XWorm V3 CnC Command - PCShutdown Inbound (malware.rules)
  • 2867805 - ETPRO MALWARE Malicious Win32/NetSupport Rat CnC Checkin (malware.rules)