Ruleset Update Summary - 2026/06/30 - v11224

Summary:

15 new OPEN, 30 new PRO (15 + 15)

There will be no release Friday July 3rd.


Added rules:

Open:

  • 2070110 - ET INFO Observed DNS Query to FingerprintJS Domain (fpjscdn .net) (info.rules)
  • 2070111 - ET INFO Observed FingerprintJS Domain (fpjscdn .net in TLS SNI) (info.rules)
  • 2070112 - ET WEB_SPECIFIC_APPS [aretiq.ai] Apache OFBiz requirePasswordChange GroovyScript Authentication Bypass and Command Execution Attempt (CVE-2026-45434) (web_specific_apps.rules)
  • 2070113 - ET WEB_SPECIFIC_APPS [aretiq.ai] Apache OFBiz Program Export GroovyScript OS Command Exeuction Attempt (web_specific_apps.rules)
  • 2070114 - ET WEB_SPECIFIC_APPS [aretiq.ai] Apache OFBiz requirePasswordChange Authentication Bypass Attempt (web_specific_apps.rules)
  • 2070115 - ET EXPLOIT_KIT LandUpdate808 Domain in DNS Lookup (riviere .sbs) (exploit_kit.rules)
  • 2070116 - ET EXPLOIT_KIT LandUpdate808 Domain in TLS SNI (riviere .sbs) (exploit_kit.rules)
  • 2070117 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (coralwayfinder .top) (exploit_kit.rules)
  • 2070118 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (coralwayfinder .top) (exploit_kit.rules)
  • 2070119 - ET MALWARE TA569 Gholoader CnC Domain in DNS Lookup (api-v2 .golfsignpro .com) (malware.rules)
  • 2070120 - ET MALWARE TA569 Gholoader CnC Domain in TLS SNI (api-v2 .golfsignpro .com) (malware.rules)
  • 2070121 - ET INFO DYNAMIC_DNS Query to a *.joeseitz .com domain (info.rules)
  • 2070122 - ET INFO DYNAMIC_DNS HTTP Request to a *.joeseitz .com domain (info.rules)
  • 2070123 - ET INFO DYNAMIC_DNS Query to a *.kandla .com domain (info.rules)
  • 2070124 - ET INFO DYNAMIC_DNS HTTP Request to a *.kandla .com domain (info.rules)

Pro:

  • 2867860 - ETPRO WEB_SPECIFIC_APPS Microsoft Office SharePoint Remote Code Execution (CVE-2026-33112) (web_specific_apps.rules)
  • 2867861 - ETPRO PHISHING Jalisco Device Code Phish Domain in DNS Lookup (levaquin2us .top) (phishing.rules)
  • 2867862 - ETPRO PHISHING Jalisco Device Code Phish Domain in DNS Lookup (sessionopen0 .site) (phishing.rules)
  • 2867863 - ETPRO PHISHING Jalisco Device Code Phish Domain in DNS Lookup (authplanned .online) (phishing.rules)
  • 2867864 - ETPRO PHISHING Jalisco Device Code Phish Domain in DNS Lookup (grantfundingapplications .com) (phishing.rules)
  • 2867865 - ETPRO PHISHING Jalisco Device Code Phish Domain in TLS SNI (levaquin2us .top) (phishing.rules)
  • 2867866 - ETPRO PHISHING Jalisco Device Code Phish Domain in TLS SNI (sessionopen0 .site) (phishing.rules)
  • 2867867 - ETPRO PHISHING Jalisco Device Code Phish Domain in TLS SNI (authplanned .online) (phishing.rules)
  • 2867868 - ETPRO PHISHING Jalisco Device Code Phish Domain in TLS SNI (grantfundingapplications .com) (phishing.rules)
  • 2867869 - ETPRO PHISHING Jalisco Device Code Phish Landing Page M1 2026-06-30 (phishing.rules)
  • 2867870 - ETPRO PHISHING Jalisco Device Code Phish Landing Page M2 2026-06-30 (phishing.rules)
  • 2867871 - ETPRO PHISHING Jalisco Device Code Phish Landing Page M3 2026-06-30 (phishing.rules)
  • 2867872 - ETPRO PHISHING Jalisco Device Code Phish Registration 2026-06-30 (phishing.rules)
  • 2867873 - ETPRO MALWARE ReverseLoader CnC Domain in DNS Lookup (malware.rules)
  • 2867874 - ETPRO MALWARE ReverseLoader CnC Domain in TLS SNI (malware.rules)