Snort - Network Intrusion Detection & Prevention System

Talos Rules 2020-02-25

This release adds and modifies rules in several categories.

Talos has added and modified multiple rules in the file-identify, file-image, file-office, file-pdf, indicator-obfuscation, malware-cnc, malware-other, os-windows, policy-other, protocol-other, protocol-rpc and server-webapp rule sets to provide coverage for emerging threats from these technologies.

For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.

Change logs

29151

2020-02-25 13:59:25 UTC

Snort Subscriber Rules Update

Date: 2020-02-25

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091501.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:53205 <-> DISABLED <-> INDICATOR-OBFUSCATION Win.Dropper.Vivin download attempt (indicator-obfuscation.rules)
 * 1:53204 <-> DISABLED <-> INDICATOR-OBFUSCATION Win.Dropper.Vivin download attempt (indicator-obfuscation.rules)
 * 1:53203 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Vivin download attempt (malware-other.rules)
 * 1:53221 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Aepwbrt-7594784-0 download attempt (malware-other.rules)
 * 1:53220 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Darkkomet-7594783-0 download attempt (malware-other.rules)
 * 1:53219 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Fakevimes-7594788-0 download attempt (malware-other.rules)
 * 1:53218 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Bifrost-7594716-0 download attempt (malware-other.rules)
 * 1:53217 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Bifrost-7594755-0 download attempt (malware-other.rules)
 * 1:53216 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Bifrost-7594703-0 download attempt (malware-other.rules)
 * 1:53215 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Bifrost-7594702-0 download attempt (malware-other.rules)
 * 1:53214 <-> DISABLED <-> PROTOCOL-OTHER Cesanta Mongoose MQTT integer overflow attempt (protocol-other.rules)
 * 1:53213 <-> ENABLED <-> PROTOCOL-OTHER MQTT Connect control packet detected (protocol-other.rules)
 * 1:53212 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.AZORult malicious executable download attempt (malware-other.rules)
 * 1:53211 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.AZORult malicious executable download attempt (malware-other.rules)
 * 1:53210 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.AZORult malicious executable download attempt (malware-other.rules)
 * 1:53209 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.AZORult malicious executable download attempt (malware-other.rules)
 * 1:53208 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.AZORult malicious executable download attempt (malware-other.rules)
 * 1:53207 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.AZORult malicious executable download attempt (malware-other.rules)
 * 1:53206 <-> DISABLED <-> SERVER-WEBAPP Microsoft SharePoint file upload information disclosure attempt (server-webapp.rules)
 * 1:53224 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Fakevimes-7594780-0 download attempt (malware-other.rules)
 * 1:53223 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Upatre-7594799-0 download attempt (malware-other.rules)
 * 1:53222 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Fakevimes-7594778-0 download attempt (malware-other.rules)
 * 1:53227 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594897-0 download attempt (malware-other.rules)
 * 1:53226 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594962-0 download attempt (malware-other.rules)
 * 1:53225 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594896-0 download attempt (malware-other.rules)
 * 1:53228 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594996-0 download attempt (malware-other.rules)
 * 1:53231 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594898-0 download attempt (malware-other.rules)
 * 1:53230 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594932-0 download attempt (malware-other.rules)
 * 1:53229 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594931-0 download attempt (malware-other.rules)
 * 1:53234 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594998-0 download attempt (malware-other.rules)
 * 1:53233 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594899-0 download attempt (malware-other.rules)
 * 1:53232 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594964-0 download attempt (malware-other.rules)
 * 1:53235 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594965-0 download attempt (malware-other.rules)
 * 1:53262 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.DarkVision RAT download attempt (malware-other.rules)
 * 1:53261 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.DarkVision RAT download attempt (malware-other.rules)
 * 1:53260 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.DarkVision RAT download attempt (malware-other.rules)
 * 1:53259 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594928-0 download attempt (malware-other.rules)
 * 1:53256 <-> ENABLED <-> SERVER-WEBAPP SQL Server Reporting Services web application remote code execution attempt (server-webapp.rules)
 * 1:53251 <-> DISABLED <-> POLICY-OTHER Oracle E-Business Suite TCF Server vulnerable function access attempt (policy-other.rules)
 * 1:53250 <-> DISABLED <-> POLICY-OTHER Oracle E-Business Suite TCF Server arbitrary SQL execution attempt (policy-other.rules)
 * 1:53249 <-> DISABLED <-> POLICY-OTHER Oracle E-Business Suite TCF Server access attempt (policy-other.rules)
 * 1:53248 <-> DISABLED <-> SERVER-WEBAPP OpenEMR command injection attempt (server-webapp.rules)
 * 1:53247 <-> DISABLED <-> SERVER-WEBAPP OpenEMR command injection attempt (server-webapp.rules)
 * 1:53246 <-> DISABLED <-> SERVER-WEBAPP OpenEMR command injection attempt (server-webapp.rules)
 * 1:53245 <-> DISABLED <-> SERVER-WEBAPP OpenEMR command injection attempt (server-webapp.rules)
 * 1:53244 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594972-0 download attempt (malware-other.rules)
 * 1:53243 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594977-0 download attempt (malware-other.rules)
 * 1:53242 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GDI information disclosure attempt (file-image.rules)
 * 1:53241 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GDI information disclosure attempt (file-image.rules)
 * 1:53240 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594967-0 download attempt (malware-other.rules)
 * 1:53239 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7595000-0 download attempt (malware-other.rules)
 * 1:53238 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594966-0 download attempt (malware-other.rules)
 * 1:53237 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594999-0 download attempt (malware-other.rules)
 * 1:53236 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594933-0 download attempt (malware-other.rules)
 * 1:53267 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594994-0 download attempt (malware-other.rules)
 * 1:53264 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DarkVision initial outbound CNC connection attempt (malware-cnc.rules)
 * 1:53263 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.DarkVision RAT download attempt (malware-other.rules)
 * 3:53252 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-1017 attack attempt (file-image.rules)
 * 3:53254 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-1017 attack attempt (file-image.rules)
 * 3:53255 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-1017 attack attempt (file-image.rules)
 * 3:53257 <-> ENABLED <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2020-1016 attack attempt (os-windows.rules)
 * 3:53258 <-> ENABLED <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2020-1016 attack attempt (os-windows.rules)
 * 3:53265 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1014 attack attempt (file-pdf.rules)
 * 3:53266 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1014 attack attempt (file-pdf.rules)
 * 3:53268 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2020-1015 attack attempt (file-office.rules)
 * 3:53269 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2020-1015 attack attempt (file-office.rules)
 * 3:53253 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-1017 attack attempt (file-image.rules)

Modified Rules:


 * 1:13696 <-> DISABLED <-> POLICY-OTHER TOR proxy connection initiation (policy-other.rules)
 * 1:21740 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media asx file attachment detected (file-identify.rules)
 * 1:21741 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media asx file attachment detected (file-identify.rules)
 * 1:34645 <-> DISABLED <-> SERVER-MAIL Exim buffer overflow attempt (server-mail.rules)
 * 1:585 <-> DISABLED <-> PROTOCOL-RPC Solaris UDP portmap sadmin port query request attempt (protocol-rpc.rules)

29150

2020-02-25 13:59:25 UTC

Snort Subscriber Rules Update

Date: 2020-02-25

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091500.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:53247 <-> DISABLED <-> SERVER-WEBAPP OpenEMR command injection attempt (server-webapp.rules)
 * 1:53207 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.AZORult malicious executable download attempt (malware-other.rules)
 * 1:53220 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Darkkomet-7594783-0 download attempt (malware-other.rules)
 * 1:53209 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.AZORult malicious executable download attempt (malware-other.rules)
 * 1:53210 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.AZORult malicious executable download attempt (malware-other.rules)
 * 1:53205 <-> DISABLED <-> INDICATOR-OBFUSCATION Win.Dropper.Vivin download attempt (indicator-obfuscation.rules)
 * 1:53211 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.AZORult malicious executable download attempt (malware-other.rules)
 * 1:53212 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.AZORult malicious executable download attempt (malware-other.rules)
 * 1:53213 <-> ENABLED <-> PROTOCOL-OTHER MQTT Connect control packet detected (protocol-other.rules)
 * 1:53214 <-> DISABLED <-> PROTOCOL-OTHER Cesanta Mongoose MQTT integer overflow attempt (protocol-other.rules)
 * 1:53208 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.AZORult malicious executable download attempt (malware-other.rules)
 * 1:53215 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Bifrost-7594702-0 download attempt (malware-other.rules)
 * 1:53216 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Bifrost-7594703-0 download attempt (malware-other.rules)
 * 1:53217 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Bifrost-7594755-0 download attempt (malware-other.rules)
 * 1:53222 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Fakevimes-7594778-0 download attempt (malware-other.rules)
 * 1:53223 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Upatre-7594799-0 download attempt (malware-other.rules)
 * 1:53221 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Aepwbrt-7594784-0 download attempt (malware-other.rules)
 * 1:53226 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594962-0 download attempt (malware-other.rules)
 * 1:53227 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594897-0 download attempt (malware-other.rules)
 * 1:53228 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594996-0 download attempt (malware-other.rules)
 * 1:53229 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594931-0 download attempt (malware-other.rules)
 * 1:53230 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594932-0 download attempt (malware-other.rules)
 * 1:53231 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594898-0 download attempt (malware-other.rules)
 * 1:53232 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594964-0 download attempt (malware-other.rules)
 * 1:53233 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594899-0 download attempt (malware-other.rules)
 * 1:53234 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594998-0 download attempt (malware-other.rules)
 * 1:53235 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594965-0 download attempt (malware-other.rules)
 * 1:53236 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594933-0 download attempt (malware-other.rules)
 * 1:53237 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594999-0 download attempt (malware-other.rules)
 * 1:53238 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594966-0 download attempt (malware-other.rules)
 * 1:53239 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7595000-0 download attempt (malware-other.rules)
 * 1:53240 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594967-0 download attempt (malware-other.rules)
 * 1:53241 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GDI information disclosure attempt (file-image.rules)
 * 1:53242 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GDI information disclosure attempt (file-image.rules)
 * 1:53243 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594977-0 download attempt (malware-other.rules)
 * 1:53244 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594972-0 download attempt (malware-other.rules)
 * 1:53245 <-> DISABLED <-> SERVER-WEBAPP OpenEMR command injection attempt (server-webapp.rules)
 * 1:53224 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Fakevimes-7594780-0 download attempt (malware-other.rules)
 * 1:53263 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.DarkVision RAT download attempt (malware-other.rules)
 * 1:53262 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.DarkVision RAT download attempt (malware-other.rules)
 * 1:53261 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.DarkVision RAT download attempt (malware-other.rules)
 * 1:53260 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.DarkVision RAT download attempt (malware-other.rules)
 * 1:53259 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594928-0 download attempt (malware-other.rules)
 * 1:53256 <-> ENABLED <-> SERVER-WEBAPP SQL Server Reporting Services web application remote code execution attempt (server-webapp.rules)
 * 1:53206 <-> DISABLED <-> SERVER-WEBAPP Microsoft SharePoint file upload information disclosure attempt (server-webapp.rules)
 * 1:53251 <-> DISABLED <-> POLICY-OTHER Oracle E-Business Suite TCF Server vulnerable function access attempt (policy-other.rules)
 * 1:53250 <-> DISABLED <-> POLICY-OTHER Oracle E-Business Suite TCF Server arbitrary SQL execution attempt (policy-other.rules)
 * 1:53249 <-> DISABLED <-> POLICY-OTHER Oracle E-Business Suite TCF Server access attempt (policy-other.rules)
 * 1:53246 <-> DISABLED <-> SERVER-WEBAPP OpenEMR command injection attempt (server-webapp.rules)
 * 1:53203 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Vivin download attempt (malware-other.rules)
 * 1:53225 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594896-0 download attempt (malware-other.rules)
 * 1:53248 <-> DISABLED <-> SERVER-WEBAPP OpenEMR command injection attempt (server-webapp.rules)
 * 1:53267 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594994-0 download attempt (malware-other.rules)
 * 1:53264 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DarkVision initial outbound CNC connection attempt (malware-cnc.rules)
 * 1:53218 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Bifrost-7594716-0 download attempt (malware-other.rules)
 * 1:53219 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Fakevimes-7594788-0 download attempt (malware-other.rules)
 * 1:53204 <-> DISABLED <-> INDICATOR-OBFUSCATION Win.Dropper.Vivin download attempt (indicator-obfuscation.rules)
 * 3:53268 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2020-1015 attack attempt (file-office.rules)
 * 3:53253 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-1017 attack attempt (file-image.rules)
 * 3:53254 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-1017 attack attempt (file-image.rules)
 * 3:53257 <-> ENABLED <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2020-1016 attack attempt (os-windows.rules)
 * 3:53258 <-> ENABLED <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2020-1016 attack attempt (os-windows.rules)
 * 3:53265 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1014 attack attempt (file-pdf.rules)
 * 3:53269 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2020-1015 attack attempt (file-office.rules)
 * 3:53266 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1014 attack attempt (file-pdf.rules)
 * 3:53252 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-1017 attack attempt (file-image.rules)
 * 3:53255 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-1017 attack attempt (file-image.rules)

Modified Rules:


 * 1:13696 <-> DISABLED <-> POLICY-OTHER TOR proxy connection initiation (policy-other.rules)
 * 1:21740 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media asx file attachment detected (file-identify.rules)
 * 1:21741 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media asx file attachment detected (file-identify.rules)
 * 1:34645 <-> DISABLED <-> SERVER-MAIL Exim buffer overflow attempt (server-mail.rules)
 * 1:585 <-> DISABLED <-> PROTOCOL-RPC Solaris UDP portmap sadmin port query request attempt (protocol-rpc.rules)

29141

2020-02-25 13:59:25 UTC

Snort Subscriber Rules Update

Date: 2020-02-25

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091401.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:53247 <-> DISABLED <-> SERVER-WEBAPP OpenEMR command injection attempt (server-webapp.rules)
 * 1:53241 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GDI information disclosure attempt (file-image.rules)
 * 1:53207 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.AZORult malicious executable download attempt (malware-other.rules)
 * 1:53267 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594994-0 download attempt (malware-other.rules)
 * 1:53264 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DarkVision initial outbound CNC connection attempt (malware-cnc.rules)
 * 1:53263 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.DarkVision RAT download attempt (malware-other.rules)
 * 1:53262 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.DarkVision RAT download attempt (malware-other.rules)
 * 1:53261 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.DarkVision RAT download attempt (malware-other.rules)
 * 1:53260 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.DarkVision RAT download attempt (malware-other.rules)
 * 1:53259 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594928-0 download attempt (malware-other.rules)
 * 1:53256 <-> ENABLED <-> SERVER-WEBAPP SQL Server Reporting Services web application remote code execution attempt (server-webapp.rules)
 * 1:53206 <-> DISABLED <-> SERVER-WEBAPP Microsoft SharePoint file upload information disclosure attempt (server-webapp.rules)
 * 1:53251 <-> DISABLED <-> POLICY-OTHER Oracle E-Business Suite TCF Server vulnerable function access attempt (policy-other.rules)
 * 1:53250 <-> DISABLED <-> POLICY-OTHER Oracle E-Business Suite TCF Server arbitrary SQL execution attempt (policy-other.rules)
 * 1:53249 <-> DISABLED <-> POLICY-OTHER Oracle E-Business Suite TCF Server access attempt (policy-other.rules)
 * 1:53210 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.AZORult malicious executable download attempt (malware-other.rules)
 * 1:53203 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Vivin download attempt (malware-other.rules)
 * 1:53220 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Darkkomet-7594783-0 download attempt (malware-other.rules)
 * 1:53209 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.AZORult malicious executable download attempt (malware-other.rules)
 * 1:53205 <-> DISABLED <-> INDICATOR-OBFUSCATION Win.Dropper.Vivin download attempt (indicator-obfuscation.rules)
 * 1:53246 <-> DISABLED <-> SERVER-WEBAPP OpenEMR command injection attempt (server-webapp.rules)
 * 1:53212 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.AZORult malicious executable download attempt (malware-other.rules)
 * 1:53211 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.AZORult malicious executable download attempt (malware-other.rules)
 * 1:53229 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594931-0 download attempt (malware-other.rules)
 * 1:53242 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GDI information disclosure attempt (file-image.rules)
 * 1:53213 <-> ENABLED <-> PROTOCOL-OTHER MQTT Connect control packet detected (protocol-other.rules)
 * 1:53214 <-> DISABLED <-> PROTOCOL-OTHER Cesanta Mongoose MQTT integer overflow attempt (protocol-other.rules)
 * 1:53215 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Bifrost-7594702-0 download attempt (malware-other.rules)
 * 1:53216 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Bifrost-7594703-0 download attempt (malware-other.rules)
 * 1:53217 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Bifrost-7594755-0 download attempt (malware-other.rules)
 * 1:53208 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.AZORult malicious executable download attempt (malware-other.rules)
 * 1:53221 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Aepwbrt-7594784-0 download attempt (malware-other.rules)
 * 1:53222 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Fakevimes-7594778-0 download attempt (malware-other.rules)
 * 1:53223 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Upatre-7594799-0 download attempt (malware-other.rules)
 * 1:53224 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Fakevimes-7594780-0 download attempt (malware-other.rules)
 * 1:53225 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594896-0 download attempt (malware-other.rules)
 * 1:53226 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594962-0 download attempt (malware-other.rules)
 * 1:53227 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594897-0 download attempt (malware-other.rules)
 * 1:53230 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594932-0 download attempt (malware-other.rules)
 * 1:53231 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594898-0 download attempt (malware-other.rules)
 * 1:53232 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594964-0 download attempt (malware-other.rules)
 * 1:53233 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594899-0 download attempt (malware-other.rules)
 * 1:53234 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594998-0 download attempt (malware-other.rules)
 * 1:53235 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594965-0 download attempt (malware-other.rules)
 * 1:53237 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594999-0 download attempt (malware-other.rules)
 * 1:53238 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594966-0 download attempt (malware-other.rules)
 * 1:53239 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7595000-0 download attempt (malware-other.rules)
 * 1:53243 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594977-0 download attempt (malware-other.rules)
 * 1:53228 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594996-0 download attempt (malware-other.rules)
 * 1:53244 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594972-0 download attempt (malware-other.rules)
 * 1:53245 <-> DISABLED <-> SERVER-WEBAPP OpenEMR command injection attempt (server-webapp.rules)
 * 1:53204 <-> DISABLED <-> INDICATOR-OBFUSCATION Win.Dropper.Vivin download attempt (indicator-obfuscation.rules)
 * 1:53248 <-> DISABLED <-> SERVER-WEBAPP OpenEMR command injection attempt (server-webapp.rules)
 * 1:53218 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Bifrost-7594716-0 download attempt (malware-other.rules)
 * 1:53219 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Fakevimes-7594788-0 download attempt (malware-other.rules)
 * 1:53236 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594933-0 download attempt (malware-other.rules)
 * 1:53240 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594967-0 download attempt (malware-other.rules)
 * 3:53253 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-1017 attack attempt (file-image.rules)
 * 3:53254 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-1017 attack attempt (file-image.rules)
 * 3:53255 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-1017 attack attempt (file-image.rules)
 * 3:53257 <-> ENABLED <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2020-1016 attack attempt (os-windows.rules)
 * 3:53258 <-> ENABLED <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2020-1016 attack attempt (os-windows.rules)
 * 3:53265 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1014 attack attempt (file-pdf.rules)
 * 3:53266 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1014 attack attempt (file-pdf.rules)
 * 3:53268 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2020-1015 attack attempt (file-office.rules)
 * 3:53269 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2020-1015 attack attempt (file-office.rules)
 * 3:53252 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-1017 attack attempt (file-image.rules)

Modified Rules:


 * 1:13696 <-> DISABLED <-> POLICY-OTHER TOR proxy connection initiation (policy-other.rules)
 * 1:21740 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media asx file attachment detected (file-identify.rules)
 * 1:21741 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media asx file attachment detected (file-identify.rules)
 * 1:34645 <-> DISABLED <-> SERVER-MAIL Exim buffer overflow attempt (server-mail.rules)
 * 1:585 <-> DISABLED <-> PROTOCOL-RPC Solaris UDP portmap sadmin port query request attempt (protocol-rpc.rules)

29130

2020-02-25 13:59:25 UTC

Snort Subscriber Rules Update

Date: 2020-02-25

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091300.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:53249 <-> DISABLED <-> POLICY-OTHER Oracle E-Business Suite TCF Server access attempt (policy-other.rules)
 * 1:53215 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Bifrost-7594702-0 download attempt (malware-other.rules)
 * 1:53247 <-> DISABLED <-> SERVER-WEBAPP OpenEMR command injection attempt (server-webapp.rules)
 * 1:53263 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.DarkVision RAT download attempt (malware-other.rules)
 * 1:53212 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.AZORult malicious executable download attempt (malware-other.rules)
 * 1:53259 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594928-0 download attempt (malware-other.rules)
 * 1:53207 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.AZORult malicious executable download attempt (malware-other.rules)
 * 1:53220 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Darkkomet-7594783-0 download attempt (malware-other.rules)
 * 1:53209 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.AZORult malicious executable download attempt (malware-other.rules)
 * 1:53210 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.AZORult malicious executable download attempt (malware-other.rules)
 * 1:53244 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594972-0 download attempt (malware-other.rules)
 * 1:53205 <-> DISABLED <-> INDICATOR-OBFUSCATION Win.Dropper.Vivin download attempt (indicator-obfuscation.rules)
 * 1:53260 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.DarkVision RAT download attempt (malware-other.rules)
 * 1:53251 <-> DISABLED <-> POLICY-OTHER Oracle E-Business Suite TCF Server vulnerable function access attempt (policy-other.rules)
 * 1:53250 <-> DISABLED <-> POLICY-OTHER Oracle E-Business Suite TCF Server arbitrary SQL execution attempt (policy-other.rules)
 * 1:53261 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.DarkVision RAT download attempt (malware-other.rules)
 * 1:53267 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594994-0 download attempt (malware-other.rules)
 * 1:53203 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Vivin download attempt (malware-other.rules)
 * 1:53206 <-> DISABLED <-> SERVER-WEBAPP Microsoft SharePoint file upload information disclosure attempt (server-webapp.rules)
 * 1:53222 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Fakevimes-7594778-0 download attempt (malware-other.rules)
 * 1:53262 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.DarkVision RAT download attempt (malware-other.rules)
 * 1:53248 <-> DISABLED <-> SERVER-WEBAPP OpenEMR command injection attempt (server-webapp.rules)
 * 1:53214 <-> DISABLED <-> PROTOCOL-OTHER Cesanta Mongoose MQTT integer overflow attempt (protocol-other.rules)
 * 1:53243 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594977-0 download attempt (malware-other.rules)
 * 1:53211 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.AZORult malicious executable download attempt (malware-other.rules)
 * 1:53208 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.AZORult malicious executable download attempt (malware-other.rules)
 * 1:53217 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Bifrost-7594755-0 download attempt (malware-other.rules)
 * 1:53221 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Aepwbrt-7594784-0 download attempt (malware-other.rules)
 * 1:53245 <-> DISABLED <-> SERVER-WEBAPP OpenEMR command injection attempt (server-webapp.rules)
 * 1:53246 <-> DISABLED <-> SERVER-WEBAPP OpenEMR command injection attempt (server-webapp.rules)
 * 1:53213 <-> ENABLED <-> PROTOCOL-OTHER MQTT Connect control packet detected (protocol-other.rules)
 * 1:53223 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Upatre-7594799-0 download attempt (malware-other.rules)
 * 1:53224 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Fakevimes-7594780-0 download attempt (malware-other.rules)
 * 1:53225 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594896-0 download attempt (malware-other.rules)
 * 1:53226 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594962-0 download attempt (malware-other.rules)
 * 1:53227 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594897-0 download attempt (malware-other.rules)
 * 1:53228 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594996-0 download attempt (malware-other.rules)
 * 1:53229 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594931-0 download attempt (malware-other.rules)
 * 1:53240 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594967-0 download attempt (malware-other.rules)
 * 1:53230 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594932-0 download attempt (malware-other.rules)
 * 1:53231 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594898-0 download attempt (malware-other.rules)
 * 1:53232 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594964-0 download attempt (malware-other.rules)
 * 1:53233 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594899-0 download attempt (malware-other.rules)
 * 1:53234 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594998-0 download attempt (malware-other.rules)
 * 1:53235 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594965-0 download attempt (malware-other.rules)
 * 1:53236 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594933-0 download attempt (malware-other.rules)
 * 1:53237 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594999-0 download attempt (malware-other.rules)
 * 1:53238 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594966-0 download attempt (malware-other.rules)
 * 1:53239 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7595000-0 download attempt (malware-other.rules)
 * 1:53241 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GDI information disclosure attempt (file-image.rules)
 * 1:53219 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Fakevimes-7594788-0 download attempt (malware-other.rules)
 * 1:53218 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Bifrost-7594716-0 download attempt (malware-other.rules)
 * 1:53204 <-> DISABLED <-> INDICATOR-OBFUSCATION Win.Dropper.Vivin download attempt (indicator-obfuscation.rules)
 * 1:53264 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DarkVision initial outbound CNC connection attempt (malware-cnc.rules)
 * 1:53216 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Bifrost-7594703-0 download attempt (malware-other.rules)
 * 1:53256 <-> ENABLED <-> SERVER-WEBAPP SQL Server Reporting Services web application remote code execution attempt (server-webapp.rules)
 * 1:53242 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GDI information disclosure attempt (file-image.rules)
 * 3:53252 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-1017 attack attempt (file-image.rules)
 * 3:53265 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1014 attack attempt (file-pdf.rules)
 * 3:53255 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-1017 attack attempt (file-image.rules)
 * 3:53253 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-1017 attack attempt (file-image.rules)
 * 3:53257 <-> ENABLED <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2020-1016 attack attempt (os-windows.rules)
 * 3:53258 <-> ENABLED <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2020-1016 attack attempt (os-windows.rules)
 * 3:53268 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2020-1015 attack attempt (file-office.rules)
 * 3:53254 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-1017 attack attempt (file-image.rules)
 * 3:53266 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1014 attack attempt (file-pdf.rules)
 * 3:53269 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2020-1015 attack attempt (file-office.rules)

Modified Rules:


 * 1:13696 <-> DISABLED <-> POLICY-OTHER TOR proxy connection initiation (policy-other.rules)
 * 1:21740 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media asx file attachment detected (file-identify.rules)
 * 1:21741 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media asx file attachment detected (file-identify.rules)
 * 1:34645 <-> DISABLED <-> SERVER-MAIL Exim buffer overflow attempt (server-mail.rules)
 * 1:585 <-> DISABLED <-> PROTOCOL-RPC Solaris UDP portmap sadmin port query request attempt (protocol-rpc.rules)

29111

2020-02-25 13:59:25 UTC

Snort Subscriber Rules Update

Date: 2020-02-25

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091101.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:53263 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.DarkVision RAT download attempt (malware-other.rules)
 * 1:53249 <-> DISABLED <-> POLICY-OTHER Oracle E-Business Suite TCF Server access attempt (policy-other.rules)
 * 1:53247 <-> DISABLED <-> SERVER-WEBAPP OpenEMR command injection attempt (server-webapp.rules)
 * 1:53260 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.DarkVision RAT download attempt (malware-other.rules)
 * 1:53206 <-> DISABLED <-> SERVER-WEBAPP Microsoft SharePoint file upload information disclosure attempt (server-webapp.rules)
 * 1:53213 <-> ENABLED <-> PROTOCOL-OTHER MQTT Connect control packet detected (protocol-other.rules)
 * 1:53244 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594972-0 download attempt (malware-other.rules)
 * 1:53216 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Bifrost-7594703-0 download attempt (malware-other.rules)
 * 1:53205 <-> DISABLED <-> INDICATOR-OBFUSCATION Win.Dropper.Vivin download attempt (indicator-obfuscation.rules)
 * 1:53212 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.AZORult malicious executable download attempt (malware-other.rules)
 * 1:53217 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Bifrost-7594755-0 download attempt (malware-other.rules)
 * 1:53245 <-> DISABLED <-> SERVER-WEBAPP OpenEMR command injection attempt (server-webapp.rules)
 * 1:53207 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.AZORult malicious executable download attempt (malware-other.rules)
 * 1:53251 <-> DISABLED <-> POLICY-OTHER Oracle E-Business Suite TCF Server vulnerable function access attempt (policy-other.rules)
 * 1:53250 <-> DISABLED <-> POLICY-OTHER Oracle E-Business Suite TCF Server arbitrary SQL execution attempt (policy-other.rules)
 * 1:53220 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Darkkomet-7594783-0 download attempt (malware-other.rules)
 * 1:53261 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.DarkVision RAT download attempt (malware-other.rules)
 * 1:53222 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Fakevimes-7594778-0 download attempt (malware-other.rules)
 * 1:53203 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Vivin download attempt (malware-other.rules)
 * 1:53267 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594994-0 download attempt (malware-other.rules)
 * 1:53208 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.AZORult malicious executable download attempt (malware-other.rules)
 * 1:53259 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594928-0 download attempt (malware-other.rules)
 * 1:53246 <-> DISABLED <-> SERVER-WEBAPP OpenEMR command injection attempt (server-webapp.rules)
 * 1:53209 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.AZORult malicious executable download attempt (malware-other.rules)
 * 1:53242 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GDI information disclosure attempt (file-image.rules)
 * 1:53248 <-> DISABLED <-> SERVER-WEBAPP OpenEMR command injection attempt (server-webapp.rules)
 * 1:53262 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.DarkVision RAT download attempt (malware-other.rules)
 * 1:53215 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Bifrost-7594702-0 download attempt (malware-other.rules)
 * 1:53223 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Upatre-7594799-0 download attempt (malware-other.rules)
 * 1:53224 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Fakevimes-7594780-0 download attempt (malware-other.rules)
 * 1:53225 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594896-0 download attempt (malware-other.rules)
 * 1:53226 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594962-0 download attempt (malware-other.rules)
 * 1:53227 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594897-0 download attempt (malware-other.rules)
 * 1:53228 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594996-0 download attempt (malware-other.rules)
 * 1:53229 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594931-0 download attempt (malware-other.rules)
 * 1:53231 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594898-0 download attempt (malware-other.rules)
 * 1:53232 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594964-0 download attempt (malware-other.rules)
 * 1:53233 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594899-0 download attempt (malware-other.rules)
 * 1:53234 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594998-0 download attempt (malware-other.rules)
 * 1:53235 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594965-0 download attempt (malware-other.rules)
 * 1:53236 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594933-0 download attempt (malware-other.rules)
 * 1:53237 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594999-0 download attempt (malware-other.rules)
 * 1:53238 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594966-0 download attempt (malware-other.rules)
 * 1:53239 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7595000-0 download attempt (malware-other.rules)
 * 1:53243 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594977-0 download attempt (malware-other.rules)
 * 1:53240 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594967-0 download attempt (malware-other.rules)
 * 1:53219 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Fakevimes-7594788-0 download attempt (malware-other.rules)
 * 1:53218 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Bifrost-7594716-0 download attempt (malware-other.rules)
 * 1:53204 <-> DISABLED <-> INDICATOR-OBFUSCATION Win.Dropper.Vivin download attempt (indicator-obfuscation.rules)
 * 1:53230 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594932-0 download attempt (malware-other.rules)
 * 1:53241 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GDI information disclosure attempt (file-image.rules)
 * 1:53214 <-> DISABLED <-> PROTOCOL-OTHER Cesanta Mongoose MQTT integer overflow attempt (protocol-other.rules)
 * 1:53264 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DarkVision initial outbound CNC connection attempt (malware-cnc.rules)
 * 1:53221 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Aepwbrt-7594784-0 download attempt (malware-other.rules)
 * 1:53256 <-> ENABLED <-> SERVER-WEBAPP SQL Server Reporting Services web application remote code execution attempt (server-webapp.rules)
 * 1:53210 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.AZORult malicious executable download attempt (malware-other.rules)
 * 1:53211 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.AZORult malicious executable download attempt (malware-other.rules)
 * 3:53258 <-> ENABLED <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2020-1016 attack attempt (os-windows.rules)
 * 3:53254 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-1017 attack attempt (file-image.rules)
 * 3:53252 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-1017 attack attempt (file-image.rules)
 * 3:53255 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-1017 attack attempt (file-image.rules)
 * 3:53266 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1014 attack attempt (file-pdf.rules)
 * 3:53269 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2020-1015 attack attempt (file-office.rules)
 * 3:53268 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2020-1015 attack attempt (file-office.rules)
 * 3:53253 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-1017 attack attempt (file-image.rules)
 * 3:53265 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1014 attack attempt (file-pdf.rules)
 * 3:53257 <-> ENABLED <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2020-1016 attack attempt (os-windows.rules)

Modified Rules:


 * 1:13696 <-> DISABLED <-> POLICY-OTHER TOR proxy connection initiation (policy-other.rules)
 * 1:21740 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media asx file attachment detected (file-identify.rules)
 * 1:21741 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media asx file attachment detected (file-identify.rules)
 * 1:34645 <-> DISABLED <-> SERVER-MAIL Exim buffer overflow attempt (server-mail.rules)
 * 1:585 <-> DISABLED <-> PROTOCOL-RPC Solaris UDP portmap sadmin port query request attempt (protocol-rpc.rules)

3000

2020-02-25 13:59:25 UTC

Snort Subscriber Rules Update

Date: 2020-02-25

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3000.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:53211 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.AZORult malicious executable download attempt (snort3-malware-other.rules)
 * 1:53203 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Vivin download attempt (snort3-malware-other.rules)
 * 1:53256 <-> ENABLED <-> SERVER-WEBAPP SQL Server Reporting Services web application remote code execution attempt (snort3-server-webapp.rules)
 * 1:53267 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594994-0 download attempt (snort3-malware-other.rules)
 * 1:53207 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.AZORult malicious executable download attempt (snort3-malware-other.rules)
 * 1:53222 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Fakevimes-7594778-0 download attempt (snort3-malware-other.rules)
 * 1:53219 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Fakevimes-7594788-0 download attempt (snort3-malware-other.rules)
 * 1:53260 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.DarkVision RAT download attempt (snort3-malware-other.rules)
 * 1:53243 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594977-0 download attempt (snort3-malware-other.rules)
 * 1:53262 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.DarkVision RAT download attempt (snort3-malware-other.rules)
 * 1:53261 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.DarkVision RAT download attempt (snort3-malware-other.rules)
 * 1:53215 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Bifrost-7594702-0 download attempt (snort3-malware-other.rules)
 * 1:53205 <-> DISABLED <-> INDICATOR-OBFUSCATION Win.Dropper.Vivin download attempt (snort3-indicator-obfuscation.rules)
 * 1:53245 <-> DISABLED <-> SERVER-WEBAPP OpenEMR command injection attempt (snort3-server-webapp.rules)
 * 1:53208 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.AZORult malicious executable download attempt (snort3-malware-other.rules)
 * 1:53210 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.AZORult malicious executable download attempt (snort3-malware-other.rules)
 * 1:53220 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Darkkomet-7594783-0 download attempt (snort3-malware-other.rules)
 * 1:53212 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.AZORult malicious executable download attempt (snort3-malware-other.rules)
 * 1:53248 <-> DISABLED <-> SERVER-WEBAPP OpenEMR command injection attempt (snort3-server-webapp.rules)
 * 1:53244 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594972-0 download attempt (snort3-malware-other.rules)
 * 1:53249 <-> DISABLED <-> POLICY-OTHER Oracle E-Business Suite TCF Server access attempt (snort3-policy-other.rules)
 * 1:53264 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DarkVision initial outbound CNC connection attempt (snort3-malware-cnc.rules)
 * 1:53259 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594928-0 download attempt (snort3-malware-other.rules)
 * 1:53221 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Aepwbrt-7594784-0 download attempt (snort3-malware-other.rules)
 * 1:53216 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Bifrost-7594703-0 download attempt (snort3-malware-other.rules)
 * 1:53204 <-> DISABLED <-> INDICATOR-OBFUSCATION Win.Dropper.Vivin download attempt (snort3-indicator-obfuscation.rules)
 * 1:53250 <-> DISABLED <-> POLICY-OTHER Oracle E-Business Suite TCF Server arbitrary SQL execution attempt (snort3-policy-other.rules)
 * 1:53218 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Bifrost-7594716-0 download attempt (snort3-malware-other.rules)
 * 1:53226 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594962-0 download attempt (snort3-malware-other.rules)
 * 1:53227 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594897-0 download attempt (snort3-malware-other.rules)
 * 1:53228 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594996-0 download attempt (snort3-malware-other.rules)
 * 1:53229 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594931-0 download attempt (snort3-malware-other.rules)
 * 1:53230 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594932-0 download attempt (snort3-malware-other.rules)
 * 1:53231 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594898-0 download attempt (snort3-malware-other.rules)
 * 1:53246 <-> DISABLED <-> SERVER-WEBAPP OpenEMR command injection attempt (snort3-server-webapp.rules)
 * 1:53232 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594964-0 download attempt (snort3-malware-other.rules)
 * 1:53233 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594899-0 download attempt (snort3-malware-other.rules)
 * 1:53234 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594998-0 download attempt (snort3-malware-other.rules)
 * 1:53235 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594965-0 download attempt (snort3-malware-other.rules)
 * 1:53236 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594933-0 download attempt (snort3-malware-other.rules)
 * 1:53237 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594999-0 download attempt (snort3-malware-other.rules)
 * 1:53238 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594966-0 download attempt (snort3-malware-other.rules)
 * 1:53239 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7595000-0 download attempt (snort3-malware-other.rules)
 * 1:53225 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594896-0 download attempt (snort3-malware-other.rules)
 * 1:53224 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Fakevimes-7594780-0 download attempt (snort3-malware-other.rules)
 * 1:53206 <-> DISABLED <-> SERVER-WEBAPP Microsoft SharePoint file upload information disclosure attempt (snort3-server-webapp.rules)
 * 1:53223 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Upatre-7594799-0 download attempt (snort3-malware-other.rules)
 * 1:53209 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.AZORult malicious executable download attempt (snort3-malware-other.rules)
 * 1:53240 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594967-0 download attempt (snort3-malware-other.rules)
 * 1:53242 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GDI information disclosure attempt (snort3-file-image.rules)
 * 1:53247 <-> DISABLED <-> SERVER-WEBAPP OpenEMR command injection attempt (snort3-server-webapp.rules)
 * 1:53241 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GDI information disclosure attempt (snort3-file-image.rules)
 * 1:53213 <-> ENABLED <-> PROTOCOL-OTHER MQTT Connect control packet detected (snort3-protocol-other.rules)
 * 1:53263 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.DarkVision RAT download attempt (snort3-malware-other.rules)
 * 1:53217 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Bifrost-7594755-0 download attempt (snort3-malware-other.rules)
 * 1:53251 <-> DISABLED <-> POLICY-OTHER Oracle E-Business Suite TCF Server vulnerable function access attempt (snort3-policy-other.rules)
 * 1:53214 <-> DISABLED <-> PROTOCOL-OTHER Cesanta Mongoose MQTT integer overflow attempt (snort3-protocol-other.rules)

Modified Rules:


 * 1:13696 <-> DISABLED <-> POLICY-OTHER TOR proxy connection initiation (snort3-policy-other.rules)
 * 1:21740 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media asx file attachment detected (snort3-file-identify.rules)
 * 1:21741 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media asx file attachment detected (snort3-file-identify.rules)
 * 1:34645 <-> DISABLED <-> SERVER-MAIL Exim buffer overflow attempt (snort3-server-mail.rules)
 * 1:585 <-> DISABLED <-> PROTOCOL-RPC Solaris UDP portmap sadmin port query request attempt (snort3-protocol-rpc.rules)

2983

2020-02-25 13:59:25 UTC

Snort Subscriber Rules Update

Date: 2020-02-25

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:53249 <-> DISABLED <-> POLICY-OTHER Oracle E-Business Suite TCF Server access attempt (policy-other.rules)
 * 1:53264 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DarkVision initial outbound CNC connection attempt (malware-cnc.rules)
 * 1:53224 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Fakevimes-7594780-0 download attempt (malware-other.rules)
 * 1:53267 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594994-0 download attempt (malware-other.rules)
 * 1:53246 <-> DISABLED <-> SERVER-WEBAPP OpenEMR command injection attempt (server-webapp.rules)
 * 1:53245 <-> DISABLED <-> SERVER-WEBAPP OpenEMR command injection attempt (server-webapp.rules)
 * 1:53244 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594972-0 download attempt (malware-other.rules)
 * 1:53263 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.DarkVision RAT download attempt (malware-other.rules)
 * 1:53240 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594967-0 download attempt (malware-other.rules)
 * 1:53239 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7595000-0 download attempt (malware-other.rules)
 * 1:53238 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594966-0 download attempt (malware-other.rules)
 * 1:53237 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594999-0 download attempt (malware-other.rules)
 * 1:53236 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594933-0 download attempt (malware-other.rules)
 * 1:53235 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594965-0 download attempt (malware-other.rules)
 * 1:53234 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594998-0 download attempt (malware-other.rules)
 * 1:53233 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594899-0 download attempt (malware-other.rules)
 * 1:53232 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594964-0 download attempt (malware-other.rules)
 * 1:53231 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594898-0 download attempt (malware-other.rules)
 * 1:53230 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594932-0 download attempt (malware-other.rules)
 * 1:53229 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594931-0 download attempt (malware-other.rules)
 * 1:53228 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594996-0 download attempt (malware-other.rules)
 * 1:53227 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594897-0 download attempt (malware-other.rules)
 * 1:53226 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594962-0 download attempt (malware-other.rules)
 * 1:53225 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594896-0 download attempt (malware-other.rules)
 * 1:53243 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594977-0 download attempt (malware-other.rules)
 * 1:53242 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GDI information disclosure attempt (file-image.rules)
 * 1:53241 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GDI information disclosure attempt (file-image.rules)
 * 1:53247 <-> DISABLED <-> SERVER-WEBAPP OpenEMR command injection attempt (server-webapp.rules)
 * 1:53250 <-> DISABLED <-> POLICY-OTHER Oracle E-Business Suite TCF Server arbitrary SQL execution attempt (policy-other.rules)
 * 1:53217 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Bifrost-7594755-0 download attempt (malware-other.rules)
 * 1:53220 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Darkkomet-7594783-0 download attempt (malware-other.rules)
 * 1:53215 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Bifrost-7594702-0 download attempt (malware-other.rules)
 * 1:53213 <-> ENABLED <-> PROTOCOL-OTHER MQTT Connect control packet detected (protocol-other.rules)
 * 1:53212 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.AZORult malicious executable download attempt (malware-other.rules)
 * 1:53216 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Bifrost-7594703-0 download attempt (malware-other.rules)
 * 1:53210 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.AZORult malicious executable download attempt (malware-other.rules)
 * 1:53209 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.AZORult malicious executable download attempt (malware-other.rules)
 * 1:53208 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.AZORult malicious executable download attempt (malware-other.rules)
 * 1:53211 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.AZORult malicious executable download attempt (malware-other.rules)
 * 1:53248 <-> DISABLED <-> SERVER-WEBAPP OpenEMR command injection attempt (server-webapp.rules)
 * 1:53259 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594928-0 download attempt (malware-other.rules)
 * 1:53251 <-> DISABLED <-> POLICY-OTHER Oracle E-Business Suite TCF Server vulnerable function access attempt (policy-other.rules)
 * 1:53256 <-> ENABLED <-> SERVER-WEBAPP SQL Server Reporting Services web application remote code execution attempt (server-webapp.rules)
 * 1:53260 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.DarkVision RAT download attempt (malware-other.rules)
 * 1:53262 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.DarkVision RAT download attempt (malware-other.rules)
 * 1:53219 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Fakevimes-7594788-0 download attempt (malware-other.rules)
 * 1:53218 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Bifrost-7594716-0 download attempt (malware-other.rules)
 * 1:53222 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Fakevimes-7594778-0 download attempt (malware-other.rules)
 * 1:53223 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Upatre-7594799-0 download attempt (malware-other.rules)
 * 1:53221 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Aepwbrt-7594784-0 download attempt (malware-other.rules)
 * 1:53261 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.DarkVision RAT download attempt (malware-other.rules)
 * 1:53207 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.AZORult malicious executable download attempt (malware-other.rules)
 * 1:53205 <-> DISABLED <-> INDICATOR-OBFUSCATION Win.Dropper.Vivin download attempt (indicator-obfuscation.rules)
 * 1:53206 <-> DISABLED <-> SERVER-WEBAPP Microsoft SharePoint file upload information disclosure attempt (server-webapp.rules)
 * 1:53203 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Vivin download attempt (malware-other.rules)
 * 1:53204 <-> DISABLED <-> INDICATOR-OBFUSCATION Win.Dropper.Vivin download attempt (indicator-obfuscation.rules)
 * 3:53265 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1014 attack attempt (file-pdf.rules)
 * 3:53258 <-> ENABLED <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2020-1016 attack attempt (os-windows.rules)
 * 3:53254 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-1017 attack attempt (file-image.rules)
 * 3:53255 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-1017 attack attempt (file-image.rules)
 * 3:53252 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-1017 attack attempt (file-image.rules)
 * 3:53253 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-1017 attack attempt (file-image.rules)
 * 3:53266 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1014 attack attempt (file-pdf.rules)
 * 3:53269 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2020-1015 attack attempt (file-office.rules)
 * 3:53268 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2020-1015 attack attempt (file-office.rules)
 * 3:53257 <-> ENABLED <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2020-1016 attack attempt (os-windows.rules)

Modified Rules:


 * 1:13696 <-> DISABLED <-> POLICY-OTHER TOR proxy connection initiation (policy-other.rules)
 * 1:21740 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media asx file attachment detected (file-identify.rules)
 * 1:21741 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media asx file attachment detected (file-identify.rules)
 * 1:34645 <-> DISABLED <-> SERVER-MAIL Exim buffer overflow attempt (server-mail.rules)
 * 1:585 <-> DISABLED <-> PROTOCOL-RPC Solaris UDP portmap sadmin port query request attempt (protocol-rpc.rules)