Talos has added and modified multiple rules in the browser-chrome, browser-other, file-other, indicator-shellcode, malware-cnc, malware-other and server-other rule sets to provide coverage for emerging threats from these technologies.
For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091600.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:53750 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Basbanke variant outbound connection (malware-cnc.rules) * 1:53749 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Basbanke variant outbound connection (malware-cnc.rules) * 1:53748 <-> DISABLED <-> MALWARE-OTHER Doc.Downloader.Aggah payload download attempt (malware-other.rules) * 1:53747 <-> DISABLED <-> MALWARE-OTHER Doc.Downloader.Aggah payload download attempt (malware-other.rules) * 1:53746 <-> DISABLED <-> MALWARE-OTHER Doc.Downloader.Aggah payload download attempt (malware-other.rules) * 1:53745 <-> DISABLED <-> MALWARE-OTHER Doc.Downloader.Aggah payload download attempt (malware-other.rules) * 1:53744 <-> ENABLED <-> SERVER-ORACLE Oracle Coherence library LimitFilter insecure deserialization attempt (server-oracle.rules) * 1:53741 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Kwampirs malicious executable download attempt (malware-other.rules) * 1:53740 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Kwampirs malicious executable download attempt (malware-other.rules) * 1:53739 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Kwampirs malicious executable download attempt (malware-other.rules) * 1:53738 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Kwampirs malicious executable download attempt (malware-other.rules) * 1:53737 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zbot-7678962-0 download attempt (malware-other.rules) * 1:53736 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zbot-7678962-0 download attempt (malware-other.rules) * 1:53758 <-> ENABLED <-> MALWARE-OTHER CobaltStrike beacon.dll download attempt (malware-other.rules) * 1:53757 <-> ENABLED <-> MALWARE-OTHER CobaltStrike beacon.dll download attempt (malware-other.rules) * 1:53754 <-> ENABLED <-> BROWSER-CHROME Google Chrome ObjectCreate type confusion attempt (browser-chrome.rules) * 1:53753 <-> ENABLED <-> BROWSER-CHROME Google Chrome ObjectCreate type confusion attempt (browser-chrome.rules) * 1:53752 <-> ENABLED <-> BROWSER-CHROME Google Chrome ObjectCreate type confusion attempt (browser-chrome.rules) * 1:53751 <-> ENABLED <-> BROWSER-CHROME Google Chrome ObjectCreate type confusion attempt (browser-chrome.rules) * 3:53742 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1048 attack attempt (file-other.rules) * 3:53743 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1048 attack attempt (file-other.rules) * 3:53755 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2020-1051 attack attempt (server-other.rules) * 3:53756 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2020-1051 attack attempt (server-other.rules) * 3:53759 <-> ENABLED <-> BROWSER-OTHER TRUFFLEHUNTER TALOS-2020-1053 attack attempt (browser-other.rules) * 3:53760 <-> ENABLED <-> BROWSER-OTHER TRUFFLEHUNTER TALOS-2020-1053 attack attempt (browser-other.rules) * 3:53761 <-> ENABLED <-> BROWSER-OTHER TRUFFLEHUNTER TALOS-2020-1054 attack attempt (browser-other.rules) * 3:53762 <-> ENABLED <-> BROWSER-OTHER TRUFFLEHUNTER TALOS-2020-1054 attack attempt (browser-other.rules)
* 1:30229 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit windows/shell stage transfer attempt (indicator-shellcode.rules) * 1:30471 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload windows_adduser (indicator-shellcode.rules) * 1:30480 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload windows_x64_meterpreter_reverse_https (indicator-shellcode.rules) * 3:53684 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1047 attack attempt (file-other.rules) * 3:53685 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1047 attack attempt (file-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091501.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:53747 <-> DISABLED <-> MALWARE-OTHER Doc.Downloader.Aggah payload download attempt (malware-other.rules) * 1:53757 <-> ENABLED <-> MALWARE-OTHER CobaltStrike beacon.dll download attempt (malware-other.rules) * 1:53749 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Basbanke variant outbound connection (malware-cnc.rules) * 1:53736 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zbot-7678962-0 download attempt (malware-other.rules) * 1:53741 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Kwampirs malicious executable download attempt (malware-other.rules) * 1:53751 <-> ENABLED <-> BROWSER-CHROME Google Chrome ObjectCreate type confusion attempt (browser-chrome.rules) * 1:53748 <-> DISABLED <-> MALWARE-OTHER Doc.Downloader.Aggah payload download attempt (malware-other.rules) * 1:53740 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Kwampirs malicious executable download attempt (malware-other.rules) * 1:53750 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Basbanke variant outbound connection (malware-cnc.rules) * 1:53758 <-> ENABLED <-> MALWARE-OTHER CobaltStrike beacon.dll download attempt (malware-other.rules) * 1:53746 <-> DISABLED <-> MALWARE-OTHER Doc.Downloader.Aggah payload download attempt (malware-other.rules) * 1:53737 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zbot-7678962-0 download attempt (malware-other.rules) * 1:53739 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Kwampirs malicious executable download attempt (malware-other.rules) * 1:53752 <-> ENABLED <-> BROWSER-CHROME Google Chrome ObjectCreate type confusion attempt (browser-chrome.rules) * 1:53753 <-> ENABLED <-> BROWSER-CHROME Google Chrome ObjectCreate type confusion attempt (browser-chrome.rules) * 1:53754 <-> ENABLED <-> BROWSER-CHROME Google Chrome ObjectCreate type confusion attempt (browser-chrome.rules) * 1:53744 <-> ENABLED <-> SERVER-ORACLE Oracle Coherence library LimitFilter insecure deserialization attempt (server-oracle.rules) * 1:53745 <-> DISABLED <-> MALWARE-OTHER Doc.Downloader.Aggah payload download attempt (malware-other.rules) * 1:53738 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Kwampirs malicious executable download attempt (malware-other.rules) * 3:53742 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1048 attack attempt (file-other.rules) * 3:53743 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1048 attack attempt (file-other.rules) * 3:53755 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2020-1051 attack attempt (server-other.rules) * 3:53756 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2020-1051 attack attempt (server-other.rules) * 3:53759 <-> ENABLED <-> BROWSER-OTHER TRUFFLEHUNTER TALOS-2020-1053 attack attempt (browser-other.rules) * 3:53760 <-> ENABLED <-> BROWSER-OTHER TRUFFLEHUNTER TALOS-2020-1053 attack attempt (browser-other.rules) * 3:53761 <-> ENABLED <-> BROWSER-OTHER TRUFFLEHUNTER TALOS-2020-1054 attack attempt (browser-other.rules) * 3:53762 <-> ENABLED <-> BROWSER-OTHER TRUFFLEHUNTER TALOS-2020-1054 attack attempt (browser-other.rules)
* 1:30480 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload windows_x64_meterpreter_reverse_https (indicator-shellcode.rules) * 1:30471 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload windows_adduser (indicator-shellcode.rules) * 1:30229 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit windows/shell stage transfer attempt (indicator-shellcode.rules) * 3:53684 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1047 attack attempt (file-other.rules) * 3:53685 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1047 attack attempt (file-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091500.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:53750 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Basbanke variant outbound connection (malware-cnc.rules) * 1:53744 <-> ENABLED <-> SERVER-ORACLE Oracle Coherence library LimitFilter insecure deserialization attempt (server-oracle.rules) * 1:53753 <-> ENABLED <-> BROWSER-CHROME Google Chrome ObjectCreate type confusion attempt (browser-chrome.rules) * 1:53758 <-> ENABLED <-> MALWARE-OTHER CobaltStrike beacon.dll download attempt (malware-other.rules) * 1:53752 <-> ENABLED <-> BROWSER-CHROME Google Chrome ObjectCreate type confusion attempt (browser-chrome.rules) * 1:53736 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zbot-7678962-0 download attempt (malware-other.rules) * 1:53747 <-> DISABLED <-> MALWARE-OTHER Doc.Downloader.Aggah payload download attempt (malware-other.rules) * 1:53738 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Kwampirs malicious executable download attempt (malware-other.rules) * 1:53757 <-> ENABLED <-> MALWARE-OTHER CobaltStrike beacon.dll download attempt (malware-other.rules) * 1:53741 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Kwampirs malicious executable download attempt (malware-other.rules) * 1:53740 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Kwampirs malicious executable download attempt (malware-other.rules) * 1:53754 <-> ENABLED <-> BROWSER-CHROME Google Chrome ObjectCreate type confusion attempt (browser-chrome.rules) * 1:53737 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zbot-7678962-0 download attempt (malware-other.rules) * 1:53751 <-> ENABLED <-> BROWSER-CHROME Google Chrome ObjectCreate type confusion attempt (browser-chrome.rules) * 1:53749 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Basbanke variant outbound connection (malware-cnc.rules) * 1:53745 <-> DISABLED <-> MALWARE-OTHER Doc.Downloader.Aggah payload download attempt (malware-other.rules) * 1:53746 <-> DISABLED <-> MALWARE-OTHER Doc.Downloader.Aggah payload download attempt (malware-other.rules) * 1:53739 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Kwampirs malicious executable download attempt (malware-other.rules) * 1:53748 <-> DISABLED <-> MALWARE-OTHER Doc.Downloader.Aggah payload download attempt (malware-other.rules) * 3:53742 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1048 attack attempt (file-other.rules) * 3:53743 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1048 attack attempt (file-other.rules) * 3:53755 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2020-1051 attack attempt (server-other.rules) * 3:53756 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2020-1051 attack attempt (server-other.rules) * 3:53759 <-> ENABLED <-> BROWSER-OTHER TRUFFLEHUNTER TALOS-2020-1053 attack attempt (browser-other.rules) * 3:53760 <-> ENABLED <-> BROWSER-OTHER TRUFFLEHUNTER TALOS-2020-1053 attack attempt (browser-other.rules) * 3:53761 <-> ENABLED <-> BROWSER-OTHER TRUFFLEHUNTER TALOS-2020-1054 attack attempt (browser-other.rules) * 3:53762 <-> ENABLED <-> BROWSER-OTHER TRUFFLEHUNTER TALOS-2020-1054 attack attempt (browser-other.rules)
* 1:30480 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload windows_x64_meterpreter_reverse_https (indicator-shellcode.rules) * 1:30229 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit windows/shell stage transfer attempt (indicator-shellcode.rules) * 1:30471 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload windows_adduser (indicator-shellcode.rules) * 3:53684 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1047 attack attempt (file-other.rules) * 3:53685 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1047 attack attempt (file-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091401.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:53758 <-> ENABLED <-> MALWARE-OTHER CobaltStrike beacon.dll download attempt (malware-other.rules) * 1:53757 <-> ENABLED <-> MALWARE-OTHER CobaltStrike beacon.dll download attempt (malware-other.rules) * 1:53749 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Basbanke variant outbound connection (malware-cnc.rules) * 1:53750 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Basbanke variant outbound connection (malware-cnc.rules) * 1:53740 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Kwampirs malicious executable download attempt (malware-other.rules) * 1:53744 <-> ENABLED <-> SERVER-ORACLE Oracle Coherence library LimitFilter insecure deserialization attempt (server-oracle.rules) * 1:53737 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zbot-7678962-0 download attempt (malware-other.rules) * 1:53747 <-> DISABLED <-> MALWARE-OTHER Doc.Downloader.Aggah payload download attempt (malware-other.rules) * 1:53739 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Kwampirs malicious executable download attempt (malware-other.rules) * 1:53741 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Kwampirs malicious executable download attempt (malware-other.rules) * 1:53748 <-> DISABLED <-> MALWARE-OTHER Doc.Downloader.Aggah payload download attempt (malware-other.rules) * 1:53746 <-> DISABLED <-> MALWARE-OTHER Doc.Downloader.Aggah payload download attempt (malware-other.rules) * 1:53745 <-> DISABLED <-> MALWARE-OTHER Doc.Downloader.Aggah payload download attempt (malware-other.rules) * 1:53753 <-> ENABLED <-> BROWSER-CHROME Google Chrome ObjectCreate type confusion attempt (browser-chrome.rules) * 1:53754 <-> ENABLED <-> BROWSER-CHROME Google Chrome ObjectCreate type confusion attempt (browser-chrome.rules) * 1:53752 <-> ENABLED <-> BROWSER-CHROME Google Chrome ObjectCreate type confusion attempt (browser-chrome.rules) * 1:53751 <-> ENABLED <-> BROWSER-CHROME Google Chrome ObjectCreate type confusion attempt (browser-chrome.rules) * 1:53736 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zbot-7678962-0 download attempt (malware-other.rules) * 1:53738 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Kwampirs malicious executable download attempt (malware-other.rules) * 3:53742 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1048 attack attempt (file-other.rules) * 3:53743 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1048 attack attempt (file-other.rules) * 3:53755 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2020-1051 attack attempt (server-other.rules) * 3:53756 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2020-1051 attack attempt (server-other.rules) * 3:53759 <-> ENABLED <-> BROWSER-OTHER TRUFFLEHUNTER TALOS-2020-1053 attack attempt (browser-other.rules) * 3:53760 <-> ENABLED <-> BROWSER-OTHER TRUFFLEHUNTER TALOS-2020-1053 attack attempt (browser-other.rules) * 3:53761 <-> ENABLED <-> BROWSER-OTHER TRUFFLEHUNTER TALOS-2020-1054 attack attempt (browser-other.rules) * 3:53762 <-> ENABLED <-> BROWSER-OTHER TRUFFLEHUNTER TALOS-2020-1054 attack attempt (browser-other.rules)
* 1:30480 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload windows_x64_meterpreter_reverse_https (indicator-shellcode.rules) * 1:30471 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload windows_adduser (indicator-shellcode.rules) * 1:30229 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit windows/shell stage transfer attempt (indicator-shellcode.rules) * 3:53684 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1047 attack attempt (file-other.rules) * 3:53685 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1047 attack attempt (file-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091300.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:53744 <-> ENABLED <-> SERVER-ORACLE Oracle Coherence library LimitFilter insecure deserialization attempt (server-oracle.rules) * 1:53757 <-> ENABLED <-> MALWARE-OTHER CobaltStrike beacon.dll download attempt (malware-other.rules) * 1:53741 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Kwampirs malicious executable download attempt (malware-other.rules) * 1:53739 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Kwampirs malicious executable download attempt (malware-other.rules) * 1:53748 <-> DISABLED <-> MALWARE-OTHER Doc.Downloader.Aggah payload download attempt (malware-other.rules) * 1:53747 <-> DISABLED <-> MALWARE-OTHER Doc.Downloader.Aggah payload download attempt (malware-other.rules) * 1:53740 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Kwampirs malicious executable download attempt (malware-other.rules) * 1:53746 <-> DISABLED <-> MALWARE-OTHER Doc.Downloader.Aggah payload download attempt (malware-other.rules) * 1:53737 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zbot-7678962-0 download attempt (malware-other.rules) * 1:53754 <-> ENABLED <-> BROWSER-CHROME Google Chrome ObjectCreate type confusion attempt (browser-chrome.rules) * 1:53751 <-> ENABLED <-> BROWSER-CHROME Google Chrome ObjectCreate type confusion attempt (browser-chrome.rules) * 1:53753 <-> ENABLED <-> BROWSER-CHROME Google Chrome ObjectCreate type confusion attempt (browser-chrome.rules) * 1:53752 <-> ENABLED <-> BROWSER-CHROME Google Chrome ObjectCreate type confusion attempt (browser-chrome.rules) * 1:53738 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Kwampirs malicious executable download attempt (malware-other.rules) * 1:53736 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zbot-7678962-0 download attempt (malware-other.rules) * 1:53745 <-> DISABLED <-> MALWARE-OTHER Doc.Downloader.Aggah payload download attempt (malware-other.rules) * 1:53750 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Basbanke variant outbound connection (malware-cnc.rules) * 1:53749 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Basbanke variant outbound connection (malware-cnc.rules) * 1:53758 <-> ENABLED <-> MALWARE-OTHER CobaltStrike beacon.dll download attempt (malware-other.rules) * 3:53742 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1048 attack attempt (file-other.rules) * 3:53743 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1048 attack attempt (file-other.rules) * 3:53755 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2020-1051 attack attempt (server-other.rules) * 3:53756 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2020-1051 attack attempt (server-other.rules) * 3:53759 <-> ENABLED <-> BROWSER-OTHER TRUFFLEHUNTER TALOS-2020-1053 attack attempt (browser-other.rules) * 3:53760 <-> ENABLED <-> BROWSER-OTHER TRUFFLEHUNTER TALOS-2020-1053 attack attempt (browser-other.rules) * 3:53761 <-> ENABLED <-> BROWSER-OTHER TRUFFLEHUNTER TALOS-2020-1054 attack attempt (browser-other.rules) * 3:53762 <-> ENABLED <-> BROWSER-OTHER TRUFFLEHUNTER TALOS-2020-1054 attack attempt (browser-other.rules)
* 1:30480 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload windows_x64_meterpreter_reverse_https (indicator-shellcode.rules) * 1:30229 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit windows/shell stage transfer attempt (indicator-shellcode.rules) * 1:30471 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload windows_adduser (indicator-shellcode.rules) * 3:53684 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1047 attack attempt (file-other.rules) * 3:53685 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1047 attack attempt (file-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091101.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:53738 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Kwampirs malicious executable download attempt (malware-other.rules) * 1:53757 <-> ENABLED <-> MALWARE-OTHER CobaltStrike beacon.dll download attempt (malware-other.rules) * 1:53737 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zbot-7678962-0 download attempt (malware-other.rules) * 1:53758 <-> ENABLED <-> MALWARE-OTHER CobaltStrike beacon.dll download attempt (malware-other.rules) * 1:53745 <-> DISABLED <-> MALWARE-OTHER Doc.Downloader.Aggah payload download attempt (malware-other.rules) * 1:53744 <-> ENABLED <-> SERVER-ORACLE Oracle Coherence library LimitFilter insecure deserialization attempt (server-oracle.rules) * 1:53750 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Basbanke variant outbound connection (malware-cnc.rules) * 1:53739 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Kwampirs malicious executable download attempt (malware-other.rules) * 1:53740 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Kwampirs malicious executable download attempt (malware-other.rules) * 1:53748 <-> DISABLED <-> MALWARE-OTHER Doc.Downloader.Aggah payload download attempt (malware-other.rules) * 1:53752 <-> ENABLED <-> BROWSER-CHROME Google Chrome ObjectCreate type confusion attempt (browser-chrome.rules) * 1:53753 <-> ENABLED <-> BROWSER-CHROME Google Chrome ObjectCreate type confusion attempt (browser-chrome.rules) * 1:53754 <-> ENABLED <-> BROWSER-CHROME Google Chrome ObjectCreate type confusion attempt (browser-chrome.rules) * 1:53751 <-> ENABLED <-> BROWSER-CHROME Google Chrome ObjectCreate type confusion attempt (browser-chrome.rules) * 1:53736 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zbot-7678962-0 download attempt (malware-other.rules) * 1:53741 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Kwampirs malicious executable download attempt (malware-other.rules) * 1:53746 <-> DISABLED <-> MALWARE-OTHER Doc.Downloader.Aggah payload download attempt (malware-other.rules) * 1:53747 <-> DISABLED <-> MALWARE-OTHER Doc.Downloader.Aggah payload download attempt (malware-other.rules) * 1:53749 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Basbanke variant outbound connection (malware-cnc.rules) * 3:53742 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1048 attack attempt (file-other.rules) * 3:53743 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1048 attack attempt (file-other.rules) * 3:53755 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2020-1051 attack attempt (server-other.rules) * 3:53756 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2020-1051 attack attempt (server-other.rules) * 3:53759 <-> ENABLED <-> BROWSER-OTHER TRUFFLEHUNTER TALOS-2020-1053 attack attempt (browser-other.rules) * 3:53760 <-> ENABLED <-> BROWSER-OTHER TRUFFLEHUNTER TALOS-2020-1053 attack attempt (browser-other.rules) * 3:53761 <-> ENABLED <-> BROWSER-OTHER TRUFFLEHUNTER TALOS-2020-1054 attack attempt (browser-other.rules) * 3:53762 <-> ENABLED <-> BROWSER-OTHER TRUFFLEHUNTER TALOS-2020-1054 attack attempt (browser-other.rules)
* 1:30471 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload windows_adduser (indicator-shellcode.rules) * 1:30480 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload windows_x64_meterpreter_reverse_https (indicator-shellcode.rules) * 1:30229 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit windows/shell stage transfer attempt (indicator-shellcode.rules) * 3:53684 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1047 attack attempt (file-other.rules) * 3:53685 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1047 attack attempt (file-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3000.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:53749 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Basbanke variant outbound connection (snort3-malware-cnc.rules) * 1:53744 <-> ENABLED <-> SERVER-ORACLE Oracle Coherence library LimitFilter insecure deserialization attempt (snort3-server-oracle.rules) * 1:53750 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Basbanke variant outbound connection (snort3-malware-cnc.rules) * 1:53736 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zbot-7678962-0 download attempt (snort3-malware-other.rules) * 1:53745 <-> DISABLED <-> MALWARE-OTHER Doc.Downloader.Aggah payload download attempt (snort3-malware-other.rules) * 1:53748 <-> DISABLED <-> MALWARE-OTHER Doc.Downloader.Aggah payload download attempt (snort3-malware-other.rules) * 1:53738 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Kwampirs malicious executable download attempt (snort3-malware-other.rules) * 1:53746 <-> DISABLED <-> MALWARE-OTHER Doc.Downloader.Aggah payload download attempt (snort3-malware-other.rules) * 1:53741 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Kwampirs malicious executable download attempt (snort3-malware-other.rules) * 1:53753 <-> ENABLED <-> BROWSER-CHROME Google Chrome ObjectCreate type confusion attempt (snort3-browser-chrome.rules) * 1:53740 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Kwampirs malicious executable download attempt (snort3-malware-other.rules) * 1:53747 <-> DISABLED <-> MALWARE-OTHER Doc.Downloader.Aggah payload download attempt (snort3-malware-other.rules) * 1:53751 <-> ENABLED <-> BROWSER-CHROME Google Chrome ObjectCreate type confusion attempt (snort3-browser-chrome.rules) * 1:53757 <-> ENABLED <-> MALWARE-OTHER CobaltStrike beacon.dll download attempt (snort3-malware-other.rules) * 1:53752 <-> ENABLED <-> BROWSER-CHROME Google Chrome ObjectCreate type confusion attempt (snort3-browser-chrome.rules) * 1:53737 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zbot-7678962-0 download attempt (snort3-malware-other.rules) * 1:53739 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Kwampirs malicious executable download attempt (snort3-malware-other.rules) * 1:53758 <-> ENABLED <-> MALWARE-OTHER CobaltStrike beacon.dll download attempt (snort3-malware-other.rules) * 1:53754 <-> ENABLED <-> BROWSER-CHROME Google Chrome ObjectCreate type confusion attempt (snort3-browser-chrome.rules)
* 1:30471 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload windows_adduser (snort3-indicator-shellcode.rules) * 1:30480 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload windows_x64_meterpreter_reverse_https (snort3-indicator-shellcode.rules) * 1:30229 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit windows/shell stage transfer attempt (snort3-indicator-shellcode.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:53741 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Kwampirs malicious executable download attempt (malware-other.rules) * 1:53750 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Basbanke variant outbound connection (malware-cnc.rules) * 1:53738 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Kwampirs malicious executable download attempt (malware-other.rules) * 1:53748 <-> DISABLED <-> MALWARE-OTHER Doc.Downloader.Aggah payload download attempt (malware-other.rules) * 1:53753 <-> ENABLED <-> BROWSER-CHROME Google Chrome ObjectCreate type confusion attempt (browser-chrome.rules) * 1:53754 <-> ENABLED <-> BROWSER-CHROME Google Chrome ObjectCreate type confusion attempt (browser-chrome.rules) * 1:53749 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Basbanke variant outbound connection (malware-cnc.rules) * 1:53747 <-> DISABLED <-> MALWARE-OTHER Doc.Downloader.Aggah payload download attempt (malware-other.rules) * 1:53736 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zbot-7678962-0 download attempt (malware-other.rules) * 1:53737 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zbot-7678962-0 download attempt (malware-other.rules) * 1:53739 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Kwampirs malicious executable download attempt (malware-other.rules) * 1:53744 <-> ENABLED <-> SERVER-ORACLE Oracle Coherence library LimitFilter insecure deserialization attempt (server-oracle.rules) * 1:53758 <-> ENABLED <-> MALWARE-OTHER CobaltStrike beacon.dll download attempt (malware-other.rules) * 1:53751 <-> ENABLED <-> BROWSER-CHROME Google Chrome ObjectCreate type confusion attempt (browser-chrome.rules) * 1:53740 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Kwampirs malicious executable download attempt (malware-other.rules) * 1:53757 <-> ENABLED <-> MALWARE-OTHER CobaltStrike beacon.dll download attempt (malware-other.rules) * 1:53746 <-> DISABLED <-> MALWARE-OTHER Doc.Downloader.Aggah payload download attempt (malware-other.rules) * 1:53752 <-> ENABLED <-> BROWSER-CHROME Google Chrome ObjectCreate type confusion attempt (browser-chrome.rules) * 1:53745 <-> DISABLED <-> MALWARE-OTHER Doc.Downloader.Aggah payload download attempt (malware-other.rules) * 3:53742 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1048 attack attempt (file-other.rules) * 3:53743 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1048 attack attempt (file-other.rules) * 3:53755 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2020-1051 attack attempt (server-other.rules) * 3:53756 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2020-1051 attack attempt (server-other.rules) * 3:53759 <-> ENABLED <-> BROWSER-OTHER TRUFFLEHUNTER TALOS-2020-1053 attack attempt (browser-other.rules) * 3:53760 <-> ENABLED <-> BROWSER-OTHER TRUFFLEHUNTER TALOS-2020-1053 attack attempt (browser-other.rules) * 3:53761 <-> ENABLED <-> BROWSER-OTHER TRUFFLEHUNTER TALOS-2020-1054 attack attempt (browser-other.rules) * 3:53762 <-> ENABLED <-> BROWSER-OTHER TRUFFLEHUNTER TALOS-2020-1054 attack attempt (browser-other.rules)
* 1:30229 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit windows/shell stage transfer attempt (indicator-shellcode.rules) * 1:30471 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload windows_adduser (indicator-shellcode.rules) * 1:30480 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload windows_x64_meterpreter_reverse_https (indicator-shellcode.rules) * 3:53684 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1047 attack attempt (file-other.rules) * 3:53685 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1047 attack attempt (file-other.rules)
©2024 Cisco and/or its affiliates. Snort, the Snort and Pig logo are registered trademarks of Cisco. All rights reserved.
