Talos Rules 2020-04-21
This release adds and modifies rules in several categories.

Talos has added and modified multiple rules in the file-other, malware-other and server-webapp rule sets to provide coverage for emerging threats from these technologies.

Change logs

2020-04-21 12:16:23 UTC

Snort Subscriber Rules Update

Date: 2020-04-21

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091600.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:53699 <-> DISABLED <-> MALWARE-OTHER Unix.Trojan.Feejar-7665621-0 download attempt (malware-other.rules)
 * 1:53698 <-> DISABLED <-> MALWARE-OTHER Unix.Exploit.Generic-7664564-0 download attempt (malware-other.rules)
 * 1:53697 <-> DISABLED <-> MALWARE-OTHER Unix.Exploit.Generic-7664564-0 download attempt (malware-other.rules)
 * 1:53696 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Reconyc-7663171-0 download attempt (malware-other.rules)
 * 1:53695 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Reconyc-7663171-0 download attempt (malware-other.rules)
 * 1:53720 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Vobfus-7672805-0 download attempt (malware-other.rules)
 * 1:53719 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Vobfus-7672805-0 download attempt (malware-other.rules)
 * 1:53718 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.XtremeRAT-7672139-0 download attempt (malware-other.rules)
 * 1:53717 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.XtremeRAT-7672139-0 download attempt (malware-other.rules)
 * 1:53716 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-7671762-0 download attempt (malware-other.rules)
 * 1:53715 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-7671762-0 download attempt (malware-other.rules)
 * 1:53714 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-7671761-0 download attempt (malware-other.rules)
 * 1:53713 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-7671761-0 download attempt (malware-other.rules)
 * 1:53712 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zbot-7671047-0 download attempt (malware-other.rules)
 * 1:53711 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zbot-7671047-0 download attempt (malware-other.rules)
 * 1:53710 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Vobfus-7670131-0 download attempt (malware-other.rules)
 * 1:53709 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Vobfus-7670131-0 download attempt (malware-other.rules)
 * 1:53708 <-> DISABLED <-> MALWARE-OTHER Unix.Trojan.Coinminer-7668629-0 download attempt (malware-other.rules)
 * 1:53707 <-> DISABLED <-> MALWARE-OTHER Unix.Trojan.Coinminer-7668629-0 download attempt (malware-other.rules)
 * 1:53706 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Vobfus-7667850-0 download attempt (malware-other.rules)
 * 1:53705 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Vobfus-7667850-0 download attempt (malware-other.rules)
 * 1:53704 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Gepys-7667037-0 download attempt (malware-other.rules)
 * 1:53703 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Gepys-7667037-0 download attempt (malware-other.rules)
 * 1:53702 <-> DISABLED <-> MALWARE-OTHER Unix.Trojan.Mirai-7666587-0 download attempt (malware-other.rules)
 * 1:53701 <-> DISABLED <-> MALWARE-OTHER Unix.Trojan.Mirai-7666587-0 download attempt (malware-other.rules)
 * 1:53700 <-> DISABLED <-> MALWARE-OTHER Unix.Trojan.Feejar-7665621-0 download attempt (malware-other.rules)
 * 1:53728 <-> DISABLED <-> FILE-OTHER Visual Studio Code Python extension arbitrary code execution attempt (file-other.rules)
 * 1:53727 <-> DISABLED <-> FILE-OTHER Visual Studio Code Python extension arbitrary code execution attempt (file-other.rules)
 * 1:53726 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Sdbot-7674650-0 download attempt (malware-other.rules)
 * 1:53725 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Sdbot-7674650-0 download attempt (malware-other.rules)
 * 1:53724 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Vobfus-7674660-0 download attempt (malware-other.rules)
 * 1:53723 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Vobfus-7674660-0 download attempt (malware-other.rules)
 * 1:53722 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Sdbot-7674653-0 download attempt (malware-other.rules)
 * 1:53721 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Sdbot-7674653-0 download attempt (malware-other.rules)
 * 3:53729 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1050 attack attempt (file-other.rules)
 * 3:53730 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1050 attack attempt (file-other.rules)
 * 3:53731 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1046 attack attempt (file-other.rules)
 * 3:53732 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1046 attack attempt (file-other.rules)

Modified Rules:


 * 1:51390 <-> DISABLED <-> SERVER-WEBAPP Pulse Secure SSL VPN version check attempt (server-webapp.rules)
 * 1:28955 <-> DISABLED <-> SERVER-OTHER Squid HTTP Host header port parameter denial of service attempt (server-other.rules)
 * 1:33817 <-> DISABLED <-> SERVER-OTHER Lighttpd Host header directory traversal attempt (server-other.rules)

2020-04-21 12:16:23 UTC

Snort Subscriber Rules Update

Date: 2020-04-21

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091501.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:53722 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Sdbot-7674653-0 download attempt (malware-other.rules)
 * 1:53721 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Sdbot-7674653-0 download attempt (malware-other.rules)
 * 1:53699 <-> DISABLED <-> MALWARE-OTHER Unix.Trojan.Feejar-7665621-0 download attempt (malware-other.rules)
 * 1:53700 <-> DISABLED <-> MALWARE-OTHER Unix.Trojan.Feejar-7665621-0 download attempt (malware-other.rules)
 * 1:53698 <-> DISABLED <-> MALWARE-OTHER Unix.Exploit.Generic-7664564-0 download attempt (malware-other.rules)
 * 1:53695 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Reconyc-7663171-0 download attempt (malware-other.rules)
 * 1:53696 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Reconyc-7663171-0 download attempt (malware-other.rules)
 * 1:53702 <-> DISABLED <-> MALWARE-OTHER Unix.Trojan.Mirai-7666587-0 download attempt (malware-other.rules)
 * 1:53703 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Gepys-7667037-0 download attempt (malware-other.rules)
 * 1:53704 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Gepys-7667037-0 download attempt (malware-other.rules)
 * 1:53705 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Vobfus-7667850-0 download attempt (malware-other.rules)
 * 1:53706 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Vobfus-7667850-0 download attempt (malware-other.rules)
 * 1:53707 <-> DISABLED <-> MALWARE-OTHER Unix.Trojan.Coinminer-7668629-0 download attempt (malware-other.rules)
 * 1:53708 <-> DISABLED <-> MALWARE-OTHER Unix.Trojan.Coinminer-7668629-0 download attempt (malware-other.rules)
 * 1:53709 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Vobfus-7670131-0 download attempt (malware-other.rules)
 * 1:53710 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Vobfus-7670131-0 download attempt (malware-other.rules)
 * 1:53711 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zbot-7671047-0 download attempt (malware-other.rules)
 * 1:53712 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zbot-7671047-0 download attempt (malware-other.rules)
 * 1:53727 <-> DISABLED <-> FILE-OTHER Visual Studio Code Python extension arbitrary code execution attempt (file-other.rules)
 * 1:53726 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Sdbot-7674650-0 download attempt (malware-other.rules)
 * 1:53723 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Vobfus-7674660-0 download attempt (malware-other.rules)
 * 1:53725 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Sdbot-7674650-0 download attempt (malware-other.rules)
 * 1:53724 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Vobfus-7674660-0 download attempt (malware-other.rules)
 * 1:53713 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-7671761-0 download attempt (malware-other.rules)
 * 1:53714 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-7671761-0 download attempt (malware-other.rules)
 * 1:53715 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-7671762-0 download attempt (malware-other.rules)
 * 1:53716 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-7671762-0 download attempt (malware-other.rules)
 * 1:53717 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.XtremeRAT-7672139-0 download attempt (malware-other.rules)
 * 1:53718 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.XtremeRAT-7672139-0 download attempt (malware-other.rules)
 * 1:53719 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Vobfus-7672805-0 download attempt (malware-other.rules)
 * 1:53728 <-> DISABLED <-> FILE-OTHER Visual Studio Code Python extension arbitrary code execution attempt (file-other.rules)
 * 1:53720 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Vobfus-7672805-0 download attempt (malware-other.rules)
 * 1:53701 <-> DISABLED <-> MALWARE-OTHER Unix.Trojan.Mirai-7666587-0 download attempt (malware-other.rules)
 * 1:53697 <-> DISABLED <-> MALWARE-OTHER Unix.Exploit.Generic-7664564-0 download attempt (malware-other.rules)
 * 3:53729 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1050 attack attempt (file-other.rules)
 * 3:53730 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1050 attack attempt (file-other.rules)
 * 3:53731 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1046 attack attempt (file-other.rules)
 * 3:53732 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1046 attack attempt (file-other.rules)

Modified Rules:


 * 1:51390 <-> DISABLED <-> SERVER-WEBAPP Pulse Secure SSL VPN version check attempt (server-webapp.rules)
 * 1:28955 <-> DISABLED <-> SERVER-OTHER Squid HTTP Host header port parameter denial of service attempt (server-other.rules)
 * 1:33817 <-> DISABLED <-> SERVER-OTHER Lighttpd Host header directory traversal attempt (server-other.rules)

2020-04-21 12:16:23 UTC

Snort Subscriber Rules Update

Date: 2020-04-21

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091500.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:53721 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Sdbot-7674653-0 download attempt (malware-other.rules)
 * 1:53722 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Sdbot-7674653-0 download attempt (malware-other.rules)
 * 1:53728 <-> DISABLED <-> FILE-OTHER Visual Studio Code Python extension arbitrary code execution attempt (file-other.rules)
 * 1:53727 <-> DISABLED <-> FILE-OTHER Visual Studio Code Python extension arbitrary code execution attempt (file-other.rules)
 * 1:53726 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Sdbot-7674650-0 download attempt (malware-other.rules)
 * 1:53725 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Sdbot-7674650-0 download attempt (malware-other.rules)
 * 1:53724 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Vobfus-7674660-0 download attempt (malware-other.rules)
 * 1:53723 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Vobfus-7674660-0 download attempt (malware-other.rules)
 * 1:53695 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Reconyc-7663171-0 download attempt (malware-other.rules)
 * 1:53696 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Reconyc-7663171-0 download attempt (malware-other.rules)
 * 1:53702 <-> DISABLED <-> MALWARE-OTHER Unix.Trojan.Mirai-7666587-0 download attempt (malware-other.rules)
 * 1:53703 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Gepys-7667037-0 download attempt (malware-other.rules)
 * 1:53704 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Gepys-7667037-0 download attempt (malware-other.rules)
 * 1:53705 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Vobfus-7667850-0 download attempt (malware-other.rules)
 * 1:53706 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Vobfus-7667850-0 download attempt (malware-other.rules)
 * 1:53707 <-> DISABLED <-> MALWARE-OTHER Unix.Trojan.Coinminer-7668629-0 download attempt (malware-other.rules)
 * 1:53708 <-> DISABLED <-> MALWARE-OTHER Unix.Trojan.Coinminer-7668629-0 download attempt (malware-other.rules)
 * 1:53709 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Vobfus-7670131-0 download attempt (malware-other.rules)
 * 1:53710 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Vobfus-7670131-0 download attempt (malware-other.rules)
 * 1:53711 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zbot-7671047-0 download attempt (malware-other.rules)
 * 1:53712 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zbot-7671047-0 download attempt (malware-other.rules)
 * 1:53713 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-7671761-0 download attempt (malware-other.rules)
 * 1:53714 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-7671761-0 download attempt (malware-other.rules)
 * 1:53715 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-7671762-0 download attempt (malware-other.rules)
 * 1:53716 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-7671762-0 download attempt (malware-other.rules)
 * 1:53717 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.XtremeRAT-7672139-0 download attempt (malware-other.rules)
 * 1:53701 <-> DISABLED <-> MALWARE-OTHER Unix.Trojan.Mirai-7666587-0 download attempt (malware-other.rules)
 * 1:53697 <-> DISABLED <-> MALWARE-OTHER Unix.Exploit.Generic-7664564-0 download attempt (malware-other.rules)
 * 1:53720 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Vobfus-7672805-0 download attempt (malware-other.rules)
 * 1:53718 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.XtremeRAT-7672139-0 download attempt (malware-other.rules)
 * 1:53700 <-> DISABLED <-> MALWARE-OTHER Unix.Trojan.Feejar-7665621-0 download attempt (malware-other.rules)
 * 1:53698 <-> DISABLED <-> MALWARE-OTHER Unix.Exploit.Generic-7664564-0 download attempt (malware-other.rules)
 * 1:53699 <-> DISABLED <-> MALWARE-OTHER Unix.Trojan.Feejar-7665621-0 download attempt (malware-other.rules)
 * 1:53719 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Vobfus-7672805-0 download attempt (malware-other.rules)
 * 3:53729 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1050 attack attempt (file-other.rules)
 * 3:53730 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1050 attack attempt (file-other.rules)
 * 3:53731 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1046 attack attempt (file-other.rules)
 * 3:53732 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1046 attack attempt (file-other.rules)

Modified Rules:


 * 1:51390 <-> DISABLED <-> SERVER-WEBAPP Pulse Secure SSL VPN version check attempt (server-webapp.rules)
 * 1:28955 <-> DISABLED <-> SERVER-OTHER Squid HTTP Host header port parameter denial of service attempt (server-other.rules)
 * 1:33817 <-> DISABLED <-> SERVER-OTHER Lighttpd Host header directory traversal attempt (server-other.rules)

2020-04-21 12:16:23 UTC

Snort Subscriber Rules Update

Date: 2020-04-21

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091401.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:53723 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Vobfus-7674660-0 download attempt (malware-other.rules)
 * 1:53722 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Sdbot-7674653-0 download attempt (malware-other.rules)
 * 1:53721 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Sdbot-7674653-0 download attempt (malware-other.rules)
 * 1:53724 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Vobfus-7674660-0 download attempt (malware-other.rules)
 * 1:53727 <-> DISABLED <-> FILE-OTHER Visual Studio Code Python extension arbitrary code execution attempt (file-other.rules)
 * 1:53728 <-> DISABLED <-> FILE-OTHER Visual Studio Code Python extension arbitrary code execution attempt (file-other.rules)
 * 1:53725 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Sdbot-7674650-0 download attempt (malware-other.rules)
 * 1:53695 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Reconyc-7663171-0 download attempt (malware-other.rules)
 * 1:53696 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Reconyc-7663171-0 download attempt (malware-other.rules)
 * 1:53702 <-> DISABLED <-> MALWARE-OTHER Unix.Trojan.Mirai-7666587-0 download attempt (malware-other.rules)
 * 1:53703 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Gepys-7667037-0 download attempt (malware-other.rules)
 * 1:53704 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Gepys-7667037-0 download attempt (malware-other.rules)
 * 1:53705 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Vobfus-7667850-0 download attempt (malware-other.rules)
 * 1:53706 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Vobfus-7667850-0 download attempt (malware-other.rules)
 * 1:53707 <-> DISABLED <-> MALWARE-OTHER Unix.Trojan.Coinminer-7668629-0 download attempt (malware-other.rules)
 * 1:53708 <-> DISABLED <-> MALWARE-OTHER Unix.Trojan.Coinminer-7668629-0 download attempt (malware-other.rules)
 * 1:53709 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Vobfus-7670131-0 download attempt (malware-other.rules)
 * 1:53710 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Vobfus-7670131-0 download attempt (malware-other.rules)
 * 1:53711 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zbot-7671047-0 download attempt (malware-other.rules)
 * 1:53712 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zbot-7671047-0 download attempt (malware-other.rules)
 * 1:53700 <-> DISABLED <-> MALWARE-OTHER Unix.Trojan.Feejar-7665621-0 download attempt (malware-other.rules)
 * 1:53698 <-> DISABLED <-> MALWARE-OTHER Unix.Exploit.Generic-7664564-0 download attempt (malware-other.rules)
 * 1:53713 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-7671761-0 download attempt (malware-other.rules)
 * 1:53699 <-> DISABLED <-> MALWARE-OTHER Unix.Trojan.Feejar-7665621-0 download attempt (malware-other.rules)
 * 1:53714 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-7671761-0 download attempt (malware-other.rules)
 * 1:53720 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Vobfus-7672805-0 download attempt (malware-other.rules)
 * 1:53701 <-> DISABLED <-> MALWARE-OTHER Unix.Trojan.Mirai-7666587-0 download attempt (malware-other.rules)
 * 1:53697 <-> DISABLED <-> MALWARE-OTHER Unix.Exploit.Generic-7664564-0 download attempt (malware-other.rules)
 * 1:53715 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-7671762-0 download attempt (malware-other.rules)
 * 1:53716 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-7671762-0 download attempt (malware-other.rules)
 * 1:53717 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.XtremeRAT-7672139-0 download attempt (malware-other.rules)
 * 1:53718 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.XtremeRAT-7672139-0 download attempt (malware-other.rules)
 * 1:53719 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Vobfus-7672805-0 download attempt (malware-other.rules)
 * 1:53726 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Sdbot-7674650-0 download attempt (malware-other.rules)
 * 3:53729 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1050 attack attempt (file-other.rules)
 * 3:53730 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1050 attack attempt (file-other.rules)
 * 3:53731 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1046 attack attempt (file-other.rules)
 * 3:53732 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1046 attack attempt (file-other.rules)

Modified Rules:


 * 1:51390 <-> DISABLED <-> SERVER-WEBAPP Pulse Secure SSL VPN version check attempt (server-webapp.rules)
 * 1:33817 <-> DISABLED <-> SERVER-OTHER Lighttpd Host header directory traversal attempt (server-other.rules)
 * 1:28955 <-> DISABLED <-> SERVER-OTHER Squid HTTP Host header port parameter denial of service attempt (server-other.rules)

2020-04-21 12:16:23 UTC

Snort Subscriber Rules Update

Date: 2020-04-21

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091300.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:53722 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Sdbot-7674653-0 download attempt (malware-other.rules)
 * 1:53721 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Sdbot-7674653-0 download attempt (malware-other.rules)
 * 1:53727 <-> DISABLED <-> FILE-OTHER Visual Studio Code Python extension arbitrary code execution attempt (file-other.rules)
 * 1:53723 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Vobfus-7674660-0 download attempt (malware-other.rules)
 * 1:53724 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Vobfus-7674660-0 download attempt (malware-other.rules)
 * 1:53726 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Sdbot-7674650-0 download attempt (malware-other.rules)
 * 1:53695 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Reconyc-7663171-0 download attempt (malware-other.rules)
 * 1:53696 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Reconyc-7663171-0 download attempt (malware-other.rules)
 * 1:53702 <-> DISABLED <-> MALWARE-OTHER Unix.Trojan.Mirai-7666587-0 download attempt (malware-other.rules)
 * 1:53703 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Gepys-7667037-0 download attempt (malware-other.rules)
 * 1:53704 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Gepys-7667037-0 download attempt (malware-other.rules)
 * 1:53705 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Vobfus-7667850-0 download attempt (malware-other.rules)
 * 1:53706 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Vobfus-7667850-0 download attempt (malware-other.rules)
 * 1:53697 <-> DISABLED <-> MALWARE-OTHER Unix.Exploit.Generic-7664564-0 download attempt (malware-other.rules)
 * 1:53701 <-> DISABLED <-> MALWARE-OTHER Unix.Trojan.Mirai-7666587-0 download attempt (malware-other.rules)
 * 1:53707 <-> DISABLED <-> MALWARE-OTHER Unix.Trojan.Coinminer-7668629-0 download attempt (malware-other.rules)
 * 1:53708 <-> DISABLED <-> MALWARE-OTHER Unix.Trojan.Coinminer-7668629-0 download attempt (malware-other.rules)
 * 1:53709 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Vobfus-7670131-0 download attempt (malware-other.rules)
 * 1:53710 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Vobfus-7670131-0 download attempt (malware-other.rules)
 * 1:53711 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zbot-7671047-0 download attempt (malware-other.rules)
 * 1:53712 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zbot-7671047-0 download attempt (malware-other.rules)
 * 1:53699 <-> DISABLED <-> MALWARE-OTHER Unix.Trojan.Feejar-7665621-0 download attempt (malware-other.rules)
 * 1:53698 <-> DISABLED <-> MALWARE-OTHER Unix.Exploit.Generic-7664564-0 download attempt (malware-other.rules)
 * 1:53700 <-> DISABLED <-> MALWARE-OTHER Unix.Trojan.Feejar-7665621-0 download attempt (malware-other.rules)
 * 1:53713 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-7671761-0 download attempt (malware-other.rules)
 * 1:53714 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-7671761-0 download attempt (malware-other.rules)
 * 1:53720 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Vobfus-7672805-0 download attempt (malware-other.rules)
 * 1:53715 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-7671762-0 download attempt (malware-other.rules)
 * 1:53716 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-7671762-0 download attempt (malware-other.rules)
 * 1:53717 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.XtremeRAT-7672139-0 download attempt (malware-other.rules)
 * 1:53718 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.XtremeRAT-7672139-0 download attempt (malware-other.rules)
 * 1:53725 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Sdbot-7674650-0 download attempt (malware-other.rules)
 * 1:53719 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Vobfus-7672805-0 download attempt (malware-other.rules)
 * 1:53728 <-> DISABLED <-> FILE-OTHER Visual Studio Code Python extension arbitrary code execution attempt (file-other.rules)
 * 3:53729 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1050 attack attempt (file-other.rules)
 * 3:53730 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1050 attack attempt (file-other.rules)
 * 3:53731 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1046 attack attempt (file-other.rules)
 * 3:53732 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1046 attack attempt (file-other.rules)

Modified Rules:


 * 1:51390 <-> DISABLED <-> SERVER-WEBAPP Pulse Secure SSL VPN version check attempt (server-webapp.rules)
 * 1:33817 <-> DISABLED <-> SERVER-OTHER Lighttpd Host header directory traversal attempt (server-other.rules)
 * 1:28955 <-> DISABLED <-> SERVER-OTHER Squid HTTP Host header port parameter denial of service attempt (server-other.rules)

2020-04-21 12:16:23 UTC

Snort Subscriber Rules Update

Date: 2020-04-21

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091101.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:53722 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Sdbot-7674653-0 download attempt (malware-other.rules)
 * 1:53721 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Sdbot-7674653-0 download attempt (malware-other.rules)
 * 1:53727 <-> DISABLED <-> FILE-OTHER Visual Studio Code Python extension arbitrary code execution attempt (file-other.rules)
 * 1:53723 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Vobfus-7674660-0 download attempt (malware-other.rules)
 * 1:53724 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Vobfus-7674660-0 download attempt (malware-other.rules)
 * 1:53728 <-> DISABLED <-> FILE-OTHER Visual Studio Code Python extension arbitrary code execution attempt (file-other.rules)
 * 1:53725 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Sdbot-7674650-0 download attempt (malware-other.rules)
 * 1:53695 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Reconyc-7663171-0 download attempt (malware-other.rules)
 * 1:53697 <-> DISABLED <-> MALWARE-OTHER Unix.Exploit.Generic-7664564-0 download attempt (malware-other.rules)
 * 1:53701 <-> DISABLED <-> MALWARE-OTHER Unix.Trojan.Mirai-7666587-0 download attempt (malware-other.rules)
 * 1:53700 <-> DISABLED <-> MALWARE-OTHER Unix.Trojan.Feejar-7665621-0 download attempt (malware-other.rules)
 * 1:53720 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Vobfus-7672805-0 download attempt (malware-other.rules)
 * 1:53699 <-> DISABLED <-> MALWARE-OTHER Unix.Trojan.Feejar-7665621-0 download attempt (malware-other.rules)
 * 1:53696 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Reconyc-7663171-0 download attempt (malware-other.rules)
 * 1:53698 <-> DISABLED <-> MALWARE-OTHER Unix.Exploit.Generic-7664564-0 download attempt (malware-other.rules)
 * 1:53702 <-> DISABLED <-> MALWARE-OTHER Unix.Trojan.Mirai-7666587-0 download attempt (malware-other.rules)
 * 1:53703 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Gepys-7667037-0 download attempt (malware-other.rules)
 * 1:53704 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Gepys-7667037-0 download attempt (malware-other.rules)
 * 1:53705 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Vobfus-7667850-0 download attempt (malware-other.rules)
 * 1:53706 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Vobfus-7667850-0 download attempt (malware-other.rules)
 * 1:53707 <-> DISABLED <-> MALWARE-OTHER Unix.Trojan.Coinminer-7668629-0 download attempt (malware-other.rules)
 * 1:53708 <-> DISABLED <-> MALWARE-OTHER Unix.Trojan.Coinminer-7668629-0 download attempt (malware-other.rules)
 * 1:53709 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Vobfus-7670131-0 download attempt (malware-other.rules)
 * 1:53710 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Vobfus-7670131-0 download attempt (malware-other.rules)
 * 1:53711 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zbot-7671047-0 download attempt (malware-other.rules)
 * 1:53726 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Sdbot-7674650-0 download attempt (malware-other.rules)
 * 1:53712 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zbot-7671047-0 download attempt (malware-other.rules)
 * 1:53713 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-7671761-0 download attempt (malware-other.rules)
 * 1:53714 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-7671761-0 download attempt (malware-other.rules)
 * 1:53715 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-7671762-0 download attempt (malware-other.rules)
 * 1:53716 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-7671762-0 download attempt (malware-other.rules)
 * 1:53717 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.XtremeRAT-7672139-0 download attempt (malware-other.rules)
 * 1:53718 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.XtremeRAT-7672139-0 download attempt (malware-other.rules)
 * 1:53719 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Vobfus-7672805-0 download attempt (malware-other.rules)
 * 3:53729 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1050 attack attempt (file-other.rules)
 * 3:53730 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1050 attack attempt (file-other.rules)
 * 3:53731 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1046 attack attempt (file-other.rules)
 * 3:53732 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1046 attack attempt (file-other.rules)

Modified Rules:


 * 1:51390 <-> DISABLED <-> SERVER-WEBAPP Pulse Secure SSL VPN version check attempt (server-webapp.rules)
 * 1:28955 <-> DISABLED <-> SERVER-OTHER Squid HTTP Host header port parameter denial of service attempt (server-other.rules)
 * 1:33817 <-> DISABLED <-> SERVER-OTHER Lighttpd Host header directory traversal attempt (server-other.rules)

2020-04-21 12:16:23 UTC

Snort Subscriber Rules Update

Date: 2020-04-21

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3000.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:53696 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Reconyc-7663171-0 download attempt (snort3-malware-other.rules)
 * 1:53725 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Sdbot-7674650-0 download attempt (snort3-malware-other.rules)
 * 1:53695 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Reconyc-7663171-0 download attempt (snort3-malware-other.rules)
 * 1:53723 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Vobfus-7674660-0 download attempt (snort3-malware-other.rules)
 * 1:53724 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Vobfus-7674660-0 download attempt (snort3-malware-other.rules)
 * 1:53722 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Sdbot-7674653-0 download attempt (snort3-malware-other.rules)
 * 1:53703 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Gepys-7667037-0 download attempt (snort3-malware-other.rules)
 * 1:53699 <-> DISABLED <-> MALWARE-OTHER Unix.Trojan.Feejar-7665621-0 download attempt (snort3-malware-other.rules)
 * 1:53701 <-> DISABLED <-> MALWARE-OTHER Unix.Trojan.Mirai-7666587-0 download attempt (snort3-malware-other.rules)
 * 1:53697 <-> DISABLED <-> MALWARE-OTHER Unix.Exploit.Generic-7664564-0 download attempt (snort3-malware-other.rules)
 * 1:53728 <-> DISABLED <-> FILE-OTHER Visual Studio Code Python extension arbitrary code execution attempt (snort3-file-other.rules)
 * 1:53698 <-> DISABLED <-> MALWARE-OTHER Unix.Exploit.Generic-7664564-0 download attempt (snort3-malware-other.rules)
 * 1:53704 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Gepys-7667037-0 download attempt (snort3-malware-other.rules)
 * 1:53705 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Vobfus-7667850-0 download attempt (snort3-malware-other.rules)
 * 1:53706 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Vobfus-7667850-0 download attempt (snort3-malware-other.rules)
 * 1:53707 <-> DISABLED <-> MALWARE-OTHER Unix.Trojan.Coinminer-7668629-0 download attempt (snort3-malware-other.rules)
 * 1:53708 <-> DISABLED <-> MALWARE-OTHER Unix.Trojan.Coinminer-7668629-0 download attempt (snort3-malware-other.rules)
 * 1:53709 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Vobfus-7670131-0 download attempt (snort3-malware-other.rules)
 * 1:53710 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Vobfus-7670131-0 download attempt (snort3-malware-other.rules)
 * 1:53711 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zbot-7671047-0 download attempt (snort3-malware-other.rules)
 * 1:53712 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zbot-7671047-0 download attempt (snort3-malware-other.rules)
 * 1:53727 <-> DISABLED <-> FILE-OTHER Visual Studio Code Python extension arbitrary code execution attempt (snort3-file-other.rules)
 * 1:53713 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-7671761-0 download attempt (snort3-malware-other.rules)
 * 1:53714 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-7671761-0 download attempt (snort3-malware-other.rules)
 * 1:53715 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-7671762-0 download attempt (snort3-malware-other.rules)
 * 1:53716 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-7671762-0 download attempt (snort3-malware-other.rules)
 * 1:53702 <-> DISABLED <-> MALWARE-OTHER Unix.Trojan.Mirai-7666587-0 download attempt (snort3-malware-other.rules)
 * 1:53717 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.XtremeRAT-7672139-0 download attempt (snort3-malware-other.rules)
 * 1:53718 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.XtremeRAT-7672139-0 download attempt (snort3-malware-other.rules)
 * 1:53719 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Vobfus-7672805-0 download attempt (snort3-malware-other.rules)
 * 1:53720 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Vobfus-7672805-0 download attempt (snort3-malware-other.rules)
 * 1:53721 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Sdbot-7674653-0 download attempt (snort3-malware-other.rules)
 * 1:53726 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Sdbot-7674650-0 download attempt (snort3-malware-other.rules)
 * 1:53700 <-> DISABLED <-> MALWARE-OTHER Unix.Trojan.Feejar-7665621-0 download attempt (snort3-malware-other.rules)

Modified Rules:


 * 1:28955 <-> DISABLED <-> SERVER-OTHER Squid HTTP Host header port parameter denial of service attempt (snort3-server-other.rules)
 * 1:33817 <-> DISABLED <-> SERVER-OTHER Lighttpd Host header directory traversal attempt (snort3-server-other.rules)
 * 1:51390 <-> DISABLED <-> SERVER-WEBAPP Pulse Secure SSL VPN version check attempt (snort3-server-webapp.rules)

2020-04-21 12:16:23 UTC

Snort Subscriber Rules Update

Date: 2020-04-21

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:53728 <-> DISABLED <-> FILE-OTHER Visual Studio Code Python extension arbitrary code execution attempt (file-other.rules)
 * 1:53727 <-> DISABLED <-> FILE-OTHER Visual Studio Code Python extension arbitrary code execution attempt (file-other.rules)
 * 1:53726 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Sdbot-7674650-0 download attempt (malware-other.rules)
 * 1:53724 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Vobfus-7674660-0 download attempt (malware-other.rules)
 * 1:53721 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Sdbot-7674653-0 download attempt (malware-other.rules)
 * 1:53720 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Vobfus-7672805-0 download attempt (malware-other.rules)
 * 1:53719 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Vobfus-7672805-0 download attempt (malware-other.rules)
 * 1:53695 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Reconyc-7663171-0 download attempt (malware-other.rules)
 * 1:53723 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Vobfus-7674660-0 download attempt (malware-other.rules)
 * 1:53725 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Sdbot-7674650-0 download attempt (malware-other.rules)
 * 1:53722 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Sdbot-7674653-0 download attempt (malware-other.rules)
 * 1:53696 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Reconyc-7663171-0 download attempt (malware-other.rules)
 * 1:53697 <-> DISABLED <-> MALWARE-OTHER Unix.Exploit.Generic-7664564-0 download attempt (malware-other.rules)
 * 1:53698 <-> DISABLED <-> MALWARE-OTHER Unix.Exploit.Generic-7664564-0 download attempt (malware-other.rules)
 * 1:53699 <-> DISABLED <-> MALWARE-OTHER Unix.Trojan.Feejar-7665621-0 download attempt (malware-other.rules)
 * 1:53700 <-> DISABLED <-> MALWARE-OTHER Unix.Trojan.Feejar-7665621-0 download attempt (malware-other.rules)
 * 1:53701 <-> DISABLED <-> MALWARE-OTHER Unix.Trojan.Mirai-7666587-0 download attempt (malware-other.rules)
 * 1:53702 <-> DISABLED <-> MALWARE-OTHER Unix.Trojan.Mirai-7666587-0 download attempt (malware-other.rules)
 * 1:53703 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Gepys-7667037-0 download attempt (malware-other.rules)
 * 1:53704 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Gepys-7667037-0 download attempt (malware-other.rules)
 * 1:53705 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Vobfus-7667850-0 download attempt (malware-other.rules)
 * 1:53706 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Vobfus-7667850-0 download attempt (malware-other.rules)
 * 1:53707 <-> DISABLED <-> MALWARE-OTHER Unix.Trojan.Coinminer-7668629-0 download attempt (malware-other.rules)
 * 1:53708 <-> DISABLED <-> MALWARE-OTHER Unix.Trojan.Coinminer-7668629-0 download attempt (malware-other.rules)
 * 1:53709 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Vobfus-7670131-0 download attempt (malware-other.rules)
 * 1:53710 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Vobfus-7670131-0 download attempt (malware-other.rules)
 * 1:53711 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zbot-7671047-0 download attempt (malware-other.rules)
 * 1:53712 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zbot-7671047-0 download attempt (malware-other.rules)
 * 1:53713 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-7671761-0 download attempt (malware-other.rules)
 * 1:53714 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-7671761-0 download attempt (malware-other.rules)
 * 1:53715 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-7671762-0 download attempt (malware-other.rules)
 * 1:53716 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-7671762-0 download attempt (malware-other.rules)
 * 1:53717 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.XtremeRAT-7672139-0 download attempt (malware-other.rules)
 * 1:53718 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.XtremeRAT-7672139-0 download attempt (malware-other.rules)
 * 3:53729 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1050 attack attempt (file-other.rules)
 * 3:53730 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1050 attack attempt (file-other.rules)
 * 3:53731 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1046 attack attempt (file-other.rules)
 * 3:53732 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1046 attack attempt (file-other.rules)

Modified Rules:


 * 1:33817 <-> DISABLED <-> SERVER-OTHER Lighttpd Host header directory traversal attempt (server-other.rules)
 * 1:51390 <-> DISABLED <-> SERVER-WEBAPP Pulse Secure SSL VPN version check attempt (server-webapp.rules)
 * 1:28955 <-> DISABLED <-> SERVER-OTHER Squid HTTP Host header port parameter denial of service attempt (server-other.rules)