Talos Rules 2020-04-28
This release adds and modifies rules in several categories.

Talos has added and modified multiple rules in the and malware-other rule sets to provide coverage for emerging threats from these technologies.

Change logs

2020-04-28 12:10:06 UTC

Snort Subscriber Rules Update

Date: 2020-04-28

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091600.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:53770 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Emotet-7691064-0 download attempt (malware-other.rules)
 * 1:53786 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Kuluoz-7700058-0 download attempt (malware-other.rules)
 * 1:53785 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Kuluoz-7700057-0 download attempt (malware-other.rules)
 * 1:53784 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Kuluoz-7700057-0 download attempt (malware-other.rules)
 * 1:53783 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.DarkKomet-7685261-0 download attempt (malware-other.rules)
 * 1:53782 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.DarkKomet-7685261-0 download attempt (malware-other.rules)
 * 1:53781 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Barys-7699954-0 download attempt (malware-other.rules)
 * 1:53780 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Barys-7699954-0 download attempt (malware-other.rules)
 * 1:53779 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-7696398-0 download attempt (malware-other.rules)
 * 1:53778 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-7696398-0 download attempt (malware-other.rules)
 * 1:53777 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-7696245-0 download attempt (malware-other.rules)
 * 1:53776 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-7696245-0 download attempt (malware-other.rules)
 * 1:53775 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Cryptolocker-7691287-0 download attempt (malware-other.rules)
 * 1:53774 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Cryptolocker-7691287-0 download attempt (malware-other.rules)
 * 1:53773 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Generickdz-7691284-0 download attempt (malware-other.rules)
 * 1:53772 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Generickdz-7691284-0 download attempt (malware-other.rules)
 * 1:53771 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Emotet-7691064-0 download attempt (malware-other.rules)
 * 1:53791 <-> DISABLED <-> MALWARE-OTHER PUA.Win.File.Multiplug-7693689-0 download attempt (malware-other.rules)
 * 1:53790 <-> DISABLED <-> MALWARE-OTHER PUA.Win.File.Multiplug-7693689-0 download attempt (malware-other.rules)
 * 1:53789 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.DarkKomet-7685740-0 download attempt (malware-other.rules)
 * 1:53788 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.DarkKomet-7685740-0 download attempt (malware-other.rules)
 * 1:53787 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Kuluoz-7700058-0 download attempt (malware-other.rules)

Modified Rules:



2020-04-28 12:10:06 UTC

Snort Subscriber Rules Update

Date: 2020-04-28

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091501.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:53787 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Kuluoz-7700058-0 download attempt (malware-other.rules)
 * 1:53788 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.DarkKomet-7685740-0 download attempt (malware-other.rules)
 * 1:53770 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Emotet-7691064-0 download attempt (malware-other.rules)
 * 1:53771 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Emotet-7691064-0 download attempt (malware-other.rules)
 * 1:53772 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Generickdz-7691284-0 download attempt (malware-other.rules)
 * 1:53773 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Generickdz-7691284-0 download attempt (malware-other.rules)
 * 1:53774 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Cryptolocker-7691287-0 download attempt (malware-other.rules)
 * 1:53775 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Cryptolocker-7691287-0 download attempt (malware-other.rules)
 * 1:53776 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-7696245-0 download attempt (malware-other.rules)
 * 1:53777 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-7696245-0 download attempt (malware-other.rules)
 * 1:53778 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-7696398-0 download attempt (malware-other.rules)
 * 1:53779 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-7696398-0 download attempt (malware-other.rules)
 * 1:53780 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Barys-7699954-0 download attempt (malware-other.rules)
 * 1:53781 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Barys-7699954-0 download attempt (malware-other.rules)
 * 1:53782 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.DarkKomet-7685261-0 download attempt (malware-other.rules)
 * 1:53783 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.DarkKomet-7685261-0 download attempt (malware-other.rules)
 * 1:53791 <-> DISABLED <-> MALWARE-OTHER PUA.Win.File.Multiplug-7693689-0 download attempt (malware-other.rules)
 * 1:53790 <-> DISABLED <-> MALWARE-OTHER PUA.Win.File.Multiplug-7693689-0 download attempt (malware-other.rules)
 * 1:53789 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.DarkKomet-7685740-0 download attempt (malware-other.rules)
 * 1:53784 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Kuluoz-7700057-0 download attempt (malware-other.rules)
 * 1:53785 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Kuluoz-7700057-0 download attempt (malware-other.rules)
 * 1:53786 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Kuluoz-7700058-0 download attempt (malware-other.rules)

Modified Rules:



2020-04-28 12:10:06 UTC

Snort Subscriber Rules Update

Date: 2020-04-28

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091500.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:53788 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.DarkKomet-7685740-0 download attempt (malware-other.rules)
 * 1:53791 <-> DISABLED <-> MALWARE-OTHER PUA.Win.File.Multiplug-7693689-0 download attempt (malware-other.rules)
 * 1:53790 <-> DISABLED <-> MALWARE-OTHER PUA.Win.File.Multiplug-7693689-0 download attempt (malware-other.rules)
 * 1:53789 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.DarkKomet-7685740-0 download attempt (malware-other.rules)
 * 1:53770 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Emotet-7691064-0 download attempt (malware-other.rules)
 * 1:53771 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Emotet-7691064-0 download attempt (malware-other.rules)
 * 1:53772 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Generickdz-7691284-0 download attempt (malware-other.rules)
 * 1:53773 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Generickdz-7691284-0 download attempt (malware-other.rules)
 * 1:53774 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Cryptolocker-7691287-0 download attempt (malware-other.rules)
 * 1:53775 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Cryptolocker-7691287-0 download attempt (malware-other.rules)
 * 1:53776 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-7696245-0 download attempt (malware-other.rules)
 * 1:53777 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-7696245-0 download attempt (malware-other.rules)
 * 1:53778 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-7696398-0 download attempt (malware-other.rules)
 * 1:53779 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-7696398-0 download attempt (malware-other.rules)
 * 1:53780 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Barys-7699954-0 download attempt (malware-other.rules)
 * 1:53781 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Barys-7699954-0 download attempt (malware-other.rules)
 * 1:53782 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.DarkKomet-7685261-0 download attempt (malware-other.rules)
 * 1:53784 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Kuluoz-7700057-0 download attempt (malware-other.rules)
 * 1:53785 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Kuluoz-7700057-0 download attempt (malware-other.rules)
 * 1:53786 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Kuluoz-7700058-0 download attempt (malware-other.rules)
 * 1:53783 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.DarkKomet-7685261-0 download attempt (malware-other.rules)
 * 1:53787 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Kuluoz-7700058-0 download attempt (malware-other.rules)

Modified Rules:



2020-04-28 12:10:06 UTC

Snort Subscriber Rules Update

Date: 2020-04-28

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091401.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:53788 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.DarkKomet-7685740-0 download attempt (malware-other.rules)
 * 1:53791 <-> DISABLED <-> MALWARE-OTHER PUA.Win.File.Multiplug-7693689-0 download attempt (malware-other.rules)
 * 1:53790 <-> DISABLED <-> MALWARE-OTHER PUA.Win.File.Multiplug-7693689-0 download attempt (malware-other.rules)
 * 1:53789 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.DarkKomet-7685740-0 download attempt (malware-other.rules)
 * 1:53770 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Emotet-7691064-0 download attempt (malware-other.rules)
 * 1:53787 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Kuluoz-7700058-0 download attempt (malware-other.rules)
 * 1:53771 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Emotet-7691064-0 download attempt (malware-other.rules)
 * 1:53772 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Generickdz-7691284-0 download attempt (malware-other.rules)
 * 1:53773 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Generickdz-7691284-0 download attempt (malware-other.rules)
 * 1:53774 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Cryptolocker-7691287-0 download attempt (malware-other.rules)
 * 1:53775 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Cryptolocker-7691287-0 download attempt (malware-other.rules)
 * 1:53776 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-7696245-0 download attempt (malware-other.rules)
 * 1:53777 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-7696245-0 download attempt (malware-other.rules)
 * 1:53778 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-7696398-0 download attempt (malware-other.rules)
 * 1:53779 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-7696398-0 download attempt (malware-other.rules)
 * 1:53780 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Barys-7699954-0 download attempt (malware-other.rules)
 * 1:53781 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Barys-7699954-0 download attempt (malware-other.rules)
 * 1:53782 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.DarkKomet-7685261-0 download attempt (malware-other.rules)
 * 1:53783 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.DarkKomet-7685261-0 download attempt (malware-other.rules)
 * 1:53784 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Kuluoz-7700057-0 download attempt (malware-other.rules)
 * 1:53785 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Kuluoz-7700057-0 download attempt (malware-other.rules)
 * 1:53786 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Kuluoz-7700058-0 download attempt (malware-other.rules)

Modified Rules:



2020-04-28 12:10:06 UTC

Snort Subscriber Rules Update

Date: 2020-04-28

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091300.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:53789 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.DarkKomet-7685740-0 download attempt (malware-other.rules)
 * 1:53787 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Kuluoz-7700058-0 download attempt (malware-other.rules)
 * 1:53772 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Generickdz-7691284-0 download attempt (malware-other.rules)
 * 1:53788 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.DarkKomet-7685740-0 download attempt (malware-other.rules)
 * 1:53770 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Emotet-7691064-0 download attempt (malware-other.rules)
 * 1:53790 <-> DISABLED <-> MALWARE-OTHER PUA.Win.File.Multiplug-7693689-0 download attempt (malware-other.rules)
 * 1:53771 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Emotet-7691064-0 download attempt (malware-other.rules)
 * 1:53773 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Generickdz-7691284-0 download attempt (malware-other.rules)
 * 1:53774 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Cryptolocker-7691287-0 download attempt (malware-other.rules)
 * 1:53775 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Cryptolocker-7691287-0 download attempt (malware-other.rules)
 * 1:53776 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-7696245-0 download attempt (malware-other.rules)
 * 1:53777 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-7696245-0 download attempt (malware-other.rules)
 * 1:53778 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-7696398-0 download attempt (malware-other.rules)
 * 1:53779 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-7696398-0 download attempt (malware-other.rules)
 * 1:53780 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Barys-7699954-0 download attempt (malware-other.rules)
 * 1:53781 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Barys-7699954-0 download attempt (malware-other.rules)
 * 1:53782 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.DarkKomet-7685261-0 download attempt (malware-other.rules)
 * 1:53783 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.DarkKomet-7685261-0 download attempt (malware-other.rules)
 * 1:53784 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Kuluoz-7700057-0 download attempt (malware-other.rules)
 * 1:53791 <-> DISABLED <-> MALWARE-OTHER PUA.Win.File.Multiplug-7693689-0 download attempt (malware-other.rules)
 * 1:53785 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Kuluoz-7700057-0 download attempt (malware-other.rules)
 * 1:53786 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Kuluoz-7700058-0 download attempt (malware-other.rules)

Modified Rules:



2020-04-28 12:10:06 UTC

Snort Subscriber Rules Update

Date: 2020-04-28

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091101.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:53789 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.DarkKomet-7685740-0 download attempt (malware-other.rules)
 * 1:53770 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Emotet-7691064-0 download attempt (malware-other.rules)
 * 1:53791 <-> DISABLED <-> MALWARE-OTHER PUA.Win.File.Multiplug-7693689-0 download attempt (malware-other.rules)
 * 1:53788 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.DarkKomet-7685740-0 download attempt (malware-other.rules)
 * 1:53786 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Kuluoz-7700058-0 download attempt (malware-other.rules)
 * 1:53771 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Emotet-7691064-0 download attempt (malware-other.rules)
 * 1:53772 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Generickdz-7691284-0 download attempt (malware-other.rules)
 * 1:53790 <-> DISABLED <-> MALWARE-OTHER PUA.Win.File.Multiplug-7693689-0 download attempt (malware-other.rules)
 * 1:53773 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Generickdz-7691284-0 download attempt (malware-other.rules)
 * 1:53787 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Kuluoz-7700058-0 download attempt (malware-other.rules)
 * 1:53774 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Cryptolocker-7691287-0 download attempt (malware-other.rules)
 * 1:53775 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Cryptolocker-7691287-0 download attempt (malware-other.rules)
 * 1:53776 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-7696245-0 download attempt (malware-other.rules)
 * 1:53777 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-7696245-0 download attempt (malware-other.rules)
 * 1:53778 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-7696398-0 download attempt (malware-other.rules)
 * 1:53779 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-7696398-0 download attempt (malware-other.rules)
 * 1:53780 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Barys-7699954-0 download attempt (malware-other.rules)
 * 1:53781 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Barys-7699954-0 download attempt (malware-other.rules)
 * 1:53782 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.DarkKomet-7685261-0 download attempt (malware-other.rules)
 * 1:53783 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.DarkKomet-7685261-0 download attempt (malware-other.rules)
 * 1:53784 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Kuluoz-7700057-0 download attempt (malware-other.rules)
 * 1:53785 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Kuluoz-7700057-0 download attempt (malware-other.rules)

Modified Rules:



2020-04-28 12:10:06 UTC

Snort Subscriber Rules Update

Date: 2020-04-28

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3000.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:53789 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.DarkKomet-7685740-0 download attempt (snort3-malware-other.rules)
 * 1:53791 <-> DISABLED <-> MALWARE-OTHER PUA.Win.File.Multiplug-7693689-0 download attempt (snort3-malware-other.rules)
 * 1:53770 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Emotet-7691064-0 download attempt (snort3-malware-other.rules)
 * 1:53788 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.DarkKomet-7685740-0 download attempt (snort3-malware-other.rules)
 * 1:53787 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Kuluoz-7700058-0 download attempt (snort3-malware-other.rules)
 * 1:53790 <-> DISABLED <-> MALWARE-OTHER PUA.Win.File.Multiplug-7693689-0 download attempt (snort3-malware-other.rules)
 * 1:53774 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Cryptolocker-7691287-0 download attempt (snort3-malware-other.rules)
 * 1:53776 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-7696245-0 download attempt (snort3-malware-other.rules)
 * 1:53772 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Generickdz-7691284-0 download attempt (snort3-malware-other.rules)
 * 1:53773 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Generickdz-7691284-0 download attempt (snort3-malware-other.rules)
 * 1:53775 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Cryptolocker-7691287-0 download attempt (snort3-malware-other.rules)
 * 1:53777 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-7696245-0 download attempt (snort3-malware-other.rules)
 * 1:53778 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-7696398-0 download attempt (snort3-malware-other.rules)
 * 1:53779 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-7696398-0 download attempt (snort3-malware-other.rules)
 * 1:53780 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Barys-7699954-0 download attempt (snort3-malware-other.rules)
 * 1:53781 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Barys-7699954-0 download attempt (snort3-malware-other.rules)
 * 1:53782 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.DarkKomet-7685261-0 download attempt (snort3-malware-other.rules)
 * 1:53783 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.DarkKomet-7685261-0 download attempt (snort3-malware-other.rules)
 * 1:53784 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Kuluoz-7700057-0 download attempt (snort3-malware-other.rules)
 * 1:53785 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Kuluoz-7700057-0 download attempt (snort3-malware-other.rules)
 * 1:53786 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Kuluoz-7700058-0 download attempt (snort3-malware-other.rules)
 * 1:53771 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Emotet-7691064-0 download attempt (snort3-malware-other.rules)

Modified Rules:



2020-04-28 12:10:06 UTC

Snort Subscriber Rules Update

Date: 2020-04-28

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:53791 <-> DISABLED <-> MALWARE-OTHER PUA.Win.File.Multiplug-7693689-0 download attempt (malware-other.rules)
 * 1:53775 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Cryptolocker-7691287-0 download attempt (malware-other.rules)
 * 1:53788 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.DarkKomet-7685740-0 download attempt (malware-other.rules)
 * 1:53771 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Emotet-7691064-0 download attempt (malware-other.rules)
 * 1:53790 <-> DISABLED <-> MALWARE-OTHER PUA.Win.File.Multiplug-7693689-0 download attempt (malware-other.rules)
 * 1:53789 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.DarkKomet-7685740-0 download attempt (malware-other.rules)
 * 1:53770 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Emotet-7691064-0 download attempt (malware-other.rules)
 * 1:53777 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-7696245-0 download attempt (malware-other.rules)
 * 1:53773 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Generickdz-7691284-0 download attempt (malware-other.rules)
 * 1:53774 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Cryptolocker-7691287-0 download attempt (malware-other.rules)
 * 1:53778 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-7696398-0 download attempt (malware-other.rules)
 * 1:53779 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-7696398-0 download attempt (malware-other.rules)
 * 1:53780 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Barys-7699954-0 download attempt (malware-other.rules)
 * 1:53781 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Barys-7699954-0 download attempt (malware-other.rules)
 * 1:53782 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.DarkKomet-7685261-0 download attempt (malware-other.rules)
 * 1:53783 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.DarkKomet-7685261-0 download attempt (malware-other.rules)
 * 1:53784 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Kuluoz-7700057-0 download attempt (malware-other.rules)
 * 1:53785 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Kuluoz-7700057-0 download attempt (malware-other.rules)
 * 1:53772 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Generickdz-7691284-0 download attempt (malware-other.rules)
 * 1:53786 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Kuluoz-7700058-0 download attempt (malware-other.rules)
 * 1:53776 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-7696245-0 download attempt (malware-other.rules)
 * 1:53787 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Kuluoz-7700058-0 download attempt (malware-other.rules)

Modified Rules: