Talos Rules 2020-05-12
Talos is aware of vulnerabilities affecting products from Microsoft Corporation.

Microsoft Vulnerability CVE-2020-1035: A coding deficiency exists in Microsoft Windows VBScript Engine that may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 53918 through 53919.

Microsoft Vulnerability CVE-2020-1054: A coding deficiency exists in Microsoft Win32k that may lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 53916 through 53917.

Microsoft Vulnerability CVE-2020-1058: A coding deficiency exists in Microsoft Windows VBScript Engine that may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 53924 through 53925.

Microsoft Vulnerability CVE-2020-1060: A coding deficiency exists in Microsoft Windows VBScript Engine that may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 53926 through 53927.

Microsoft Vulnerability CVE-2020-1062: A coding deficiency exists in Microsoft Internet Explorer that may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 53928 through 53931.

Microsoft Vulnerability CVE-2020-1135: A coding deficiency exists in Microsoft Graphics Component that may lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 53940 through 53941.

Microsoft Vulnerability CVE-2020-1143: A coding deficiency exists in Microsoft Win32k that may lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 53932 through 53933.

Microsoft Vulnerability CVE-2020-1153: A coding deficiency exists in Microsoft Graphics Component that may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 53950 through 53951.

Talos has added and modified multiple rules in the browser-chrome, browser-ie, file-other, file-pdf, indicator-obfuscation, malware-cnc, malware-other, malware-tools, os-windows and server-webapp rule sets to provide coverage for emerging threats from these technologies.

Change logs

2020-05-12 17:20:37 UTC

Snort Subscriber Rules Update

Date: 2020-05-12

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091600.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:53877 <-> ENABLED <-> MALWARE-TOOLS Win.Trojan.EnigmaSpark download attempt (malware-tools.rules)
 * 1:53876 <-> ENABLED <-> MALWARE-TOOLS Win.Trojan.EnigmaSpark download attempt (malware-tools.rules)
 * 1:53875 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Ursnif-7770520-0 download attempt (malware-other.rules)
 * 1:53874 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Ursnif-7770520-0 download attempt (malware-other.rules)
 * 1:53873 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Petr-7770233-0 download attempt (malware-other.rules)
 * 1:53872 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Petr-7770233-0 download attempt (malware-other.rules)
 * 1:53880 <-> DISABLED <-> INDICATOR-OBFUSCATION Executable packed with EnigmaProtector detected (indicator-obfuscation.rules)
 * 1:53879 <-> DISABLED <-> MALWARE-TOOLS Win.Trojan.EnigmaSpark download attempt (malware-tools.rules)
 * 1:53878 <-> DISABLED <-> MALWARE-TOOLS Win.Trojan.EnigmaSpark download attempt (malware-tools.rules)
 * 1:53883 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Ursnif-7770512-0 download attempt (malware-other.rules)
 * 1:53882 <-> ENABLED <-> MALWARE-CNC Win.Trojan.EnigmaSpark variant outbound connection (malware-cnc.rules)
 * 1:53881 <-> DISABLED <-> INDICATOR-OBFUSCATION Executable packed with EnigmaProtector detected (indicator-obfuscation.rules)
 * 1:53890 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zeroaccess-7779678-0 download attempt (malware-other.rules)
 * 1:53884 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Ursnif-7770512-0 download attempt (malware-other.rules)
 * 1:53887 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Bifrost-7776555-0 download attempt (malware-other.rules)
 * 1:53886 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Bifrost-7776555-0 download attempt (malware-other.rules)
 * 1:53885 <-> ENABLED <-> SERVER-WEBAPP Grandstream UCM6200 series SQL injection attempt (server-webapp.rules)
 * 1:53889 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Gh0stRAT-7779557-0 download attempt (malware-other.rules)
 * 1:53888 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Gh0stRAT-7779557-0 download attempt (malware-other.rules)
 * 1:53911 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Ursnif-7781451-0 download attempt (malware-other.rules)
 * 1:53910 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Ursnif-7781451-0 download attempt (malware-other.rules)
 * 1:53909 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Bunitu-7780594-0 download attempt (malware-other.rules)
 * 1:53908 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Bunitu-7780594-0 download attempt (malware-other.rules)
 * 1:53907 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Nitol-7780618-0 download attempt (malware-other.rules)
 * 1:53906 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Nitol-7780618-0 download attempt (malware-other.rules)
 * 1:53905 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Cerber-7780045-0 download attempt (malware-other.rules)
 * 1:53904 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Cerber-7780045-0 download attempt (malware-other.rules)
 * 1:53903 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Downloader.Loadmoney-7779808-0 download attempt (malware-other.rules)
 * 1:53902 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Downloader.Loadmoney-7779808-0 download attempt (malware-other.rules)
 * 1:53901 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zeroaccess-7779788-0 download attempt (malware-other.rules)
 * 1:53900 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zeroaccess-7779788-0 download attempt (malware-other.rules)
 * 1:53899 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zeroaccess-7779787-0 download attempt (malware-other.rules)
 * 1:53898 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zeroaccess-7779787-0 download attempt (malware-other.rules)
 * 1:53897 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zeroaccess-7779786-0 download attempt (malware-other.rules)
 * 1:53896 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zeroaccess-7779786-0 download attempt (malware-other.rules)
 * 1:53895 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zeroaccess-7779785-0 download attempt (malware-other.rules)
 * 1:53894 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zeroaccess-7779785-0 download attempt (malware-other.rules)
 * 1:53893 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Worpof-7779679-0 download attempt (malware-other.rules)
 * 1:53892 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Worpof-7779679-0 download attempt (malware-other.rules)
 * 1:53891 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zeroaccess-7779678-0 download attempt (malware-other.rules)
 * 1:53928 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer memory corruption attempt (browser-ie.rules)
 * 1:53927 <-> ENABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules)
 * 1:53926 <-> ENABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules)
 * 1:53925 <-> ENABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules)
 * 1:53924 <-> ENABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules)
 * 1:53923 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zusy-7779081-0 download attempt (malware-other.rules)
 * 1:53922 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zusy-7779081-0 download attempt (malware-other.rules)
 * 1:53921 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Genpack-7782249-0 download attempt (malware-other.rules)
 * 1:53920 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Genpack-7782249-0 download attempt (malware-other.rules)
 * 1:53919 <-> ENABLED <-> BROWSER-IE Internet Explorer VBScript engine memory corruption attempt (browser-ie.rules)
 * 1:53918 <-> ENABLED <-> BROWSER-IE Internet Explorer VBScript engine memory corruption attempt (browser-ie.rules)
 * 1:53917 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k kernel driver privilege escalation attempt (os-windows.rules)
 * 1:53916 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k kernel driver privilege escalation attempt (os-windows.rules)
 * 1:53915 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zusy-7782261-0 download attempt (malware-other.rules)
 * 1:53914 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zusy-7782261-0 download attempt (malware-other.rules)
 * 1:53913 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Mikey-7782296-0 download attempt (malware-other.rules)
 * 1:53912 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Mikey-7782296-0 download attempt (malware-other.rules)
 * 1:53953 <-> ENABLED <-> MALWARE-OTHER Win.Dropper.Agent payload download attempt (malware-other.rules)
 * 1:53952 <-> ENABLED <-> MALWARE-OTHER Win.Dropper.Agent payload download attempt (malware-other.rules)
 * 1:53951 <-> DISABLED <-> OS-WINDOWS Microsoft Windows fontdrvhost remote code execution attempt (os-windows.rules)
 * 1:53950 <-> ENABLED <-> OS-WINDOWS Microsoft Windows fontdrvhost remote code execution attempt (os-windows.rules)
 * 1:53947 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Cerber-7782997-0 download attempt (malware-other.rules)
 * 1:53946 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Cerber-7782997-0 download attempt (malware-other.rules)
 * 1:53943 <-> ENABLED <-> BROWSER-CHROME Google Chromium for Android AddInterface use after free attempt (browser-chrome.rules)
 * 1:53942 <-> ENABLED <-> BROWSER-CHROME Google Chromium for Android AddInterface use after free attempt (browser-chrome.rules)
 * 1:53941 <-> DISABLED <-> OS-WINDOWS Win32 kernel use after free privilege escalation attempt (os-windows.rules)
 * 1:53940 <-> DISABLED <-> OS-WINDOWS Win32 kernel use after free privilege escalation attempt (os-windows.rules)
 * 1:53939 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Dorkbot-7781513-0 download attempt (malware-other.rules)
 * 1:53938 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Dorkbot-7781513-0 download attempt (malware-other.rules)
 * 1:53937 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-7781049-0 download attempt (malware-other.rules)
 * 1:53936 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-7781049-0 download attempt (malware-other.rules)
 * 1:53935 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zusy-7779639-0 download attempt (malware-other.rules)
 * 1:53934 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zusy-7779639-0 download attempt (malware-other.rules)
 * 1:53933 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k privilege escalation attempt (os-windows.rules)
 * 1:53932 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k privilege escalation attempt (os-windows.rules)
 * 1:53931 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer memory corruption attempt (browser-ie.rules)
 * 1:53930 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer memory corruption attempt (browser-ie.rules)
 * 1:53929 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer memory corruption attempt (browser-ie.rules)
 * 1:53958 <-> ENABLED <-> MALWARE-CNC Win.Malware.Agent variant outbound cnc connection attempt (malware-cnc.rules)
 * 1:53957 <-> ENABLED <-> MALWARE-CNC Win.Malware.Agent variant outbound cnc connection attempt (malware-cnc.rules)
 * 1:53956 <-> ENABLED <-> MALWARE-CNC Win.Malware.Agent variant outbound cnc connection attempt (malware-cnc.rules)
 * 1:53955 <-> ENABLED <-> MALWARE-OTHER Win.Dropper.Agent payload download attempt (malware-other.rules)
 * 1:53954 <-> ENABLED <-> MALWARE-OTHER Win.Dropper.Agent payload download attempt (malware-other.rules)
 * 3:53959 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2020-1065 attack attempt (server-other.rules)
 * 3:53948 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1063 attack attempt (file-pdf.rules)
 * 3:53949 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1063 attack attempt (file-pdf.rules)
 * 3:53944 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1067 attack attempt (server-webapp.rules)
 * 3:53945 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1067 attack attempt (server-webapp.rules)

Modified Rules:


 * 1:49280 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro HTML use-after-free attempt (file-other.rules)
 * 1:49281 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro HTML use-after-free attempt (file-other.rules)

2020-05-12 17:20:37 UTC

Snort Subscriber Rules Update

Date: 2020-05-12

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091501.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:53936 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-7781049-0 download attempt (malware-other.rules)
 * 1:53935 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zusy-7779639-0 download attempt (malware-other.rules)
 * 1:53872 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Petr-7770233-0 download attempt (malware-other.rules)
 * 1:53873 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Petr-7770233-0 download attempt (malware-other.rules)
 * 1:53874 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Ursnif-7770520-0 download attempt (malware-other.rules)
 * 1:53875 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Ursnif-7770520-0 download attempt (malware-other.rules)
 * 1:53876 <-> ENABLED <-> MALWARE-TOOLS Win.Trojan.EnigmaSpark download attempt (malware-tools.rules)
 * 1:53877 <-> ENABLED <-> MALWARE-TOOLS Win.Trojan.EnigmaSpark download attempt (malware-tools.rules)
 * 1:53878 <-> DISABLED <-> MALWARE-TOOLS Win.Trojan.EnigmaSpark download attempt (malware-tools.rules)
 * 1:53879 <-> DISABLED <-> MALWARE-TOOLS Win.Trojan.EnigmaSpark download attempt (malware-tools.rules)
 * 1:53880 <-> DISABLED <-> INDICATOR-OBFUSCATION Executable packed with EnigmaProtector detected (indicator-obfuscation.rules)
 * 1:53881 <-> DISABLED <-> INDICATOR-OBFUSCATION Executable packed with EnigmaProtector detected (indicator-obfuscation.rules)
 * 1:53882 <-> ENABLED <-> MALWARE-CNC Win.Trojan.EnigmaSpark variant outbound connection (malware-cnc.rules)
 * 1:53883 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Ursnif-7770512-0 download attempt (malware-other.rules)
 * 1:53884 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Ursnif-7770512-0 download attempt (malware-other.rules)
 * 1:53885 <-> ENABLED <-> SERVER-WEBAPP Grandstream UCM6200 series SQL injection attempt (server-webapp.rules)
 * 1:53886 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Bifrost-7776555-0 download attempt (malware-other.rules)
 * 1:53887 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Bifrost-7776555-0 download attempt (malware-other.rules)
 * 1:53888 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Gh0stRAT-7779557-0 download attempt (malware-other.rules)
 * 1:53889 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Gh0stRAT-7779557-0 download attempt (malware-other.rules)
 * 1:53890 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zeroaccess-7779678-0 download attempt (malware-other.rules)
 * 1:53891 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zeroaccess-7779678-0 download attempt (malware-other.rules)
 * 1:53892 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Worpof-7779679-0 download attempt (malware-other.rules)
 * 1:53894 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zeroaccess-7779785-0 download attempt (malware-other.rules)
 * 1:53895 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zeroaccess-7779785-0 download attempt (malware-other.rules)
 * 1:53896 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zeroaccess-7779786-0 download attempt (malware-other.rules)
 * 1:53897 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zeroaccess-7779786-0 download attempt (malware-other.rules)
 * 1:53898 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zeroaccess-7779787-0 download attempt (malware-other.rules)
 * 1:53899 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zeroaccess-7779787-0 download attempt (malware-other.rules)
 * 1:53900 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zeroaccess-7779788-0 download attempt (malware-other.rules)
 * 1:53901 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zeroaccess-7779788-0 download attempt (malware-other.rules)
 * 1:53902 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Downloader.Loadmoney-7779808-0 download attempt (malware-other.rules)
 * 1:53903 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Downloader.Loadmoney-7779808-0 download attempt (malware-other.rules)
 * 1:53904 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Cerber-7780045-0 download attempt (malware-other.rules)
 * 1:53905 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Cerber-7780045-0 download attempt (malware-other.rules)
 * 1:53906 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Nitol-7780618-0 download attempt (malware-other.rules)
 * 1:53907 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Nitol-7780618-0 download attempt (malware-other.rules)
 * 1:53908 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Bunitu-7780594-0 download attempt (malware-other.rules)
 * 1:53909 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Bunitu-7780594-0 download attempt (malware-other.rules)
 * 1:53946 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Cerber-7782997-0 download attempt (malware-other.rules)
 * 1:53911 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Ursnif-7781451-0 download attempt (malware-other.rules)
 * 1:53912 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Mikey-7782296-0 download attempt (malware-other.rules)
 * 1:53913 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Mikey-7782296-0 download attempt (malware-other.rules)
 * 1:53914 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zusy-7782261-0 download attempt (malware-other.rules)
 * 1:53915 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zusy-7782261-0 download attempt (malware-other.rules)
 * 1:53916 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k kernel driver privilege escalation attempt (os-windows.rules)
 * 1:53917 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k kernel driver privilege escalation attempt (os-windows.rules)
 * 1:53918 <-> ENABLED <-> BROWSER-IE Internet Explorer VBScript engine memory corruption attempt (browser-ie.rules)
 * 1:53919 <-> ENABLED <-> BROWSER-IE Internet Explorer VBScript engine memory corruption attempt (browser-ie.rules)
 * 1:53920 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Genpack-7782249-0 download attempt (malware-other.rules)
 * 1:53921 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Genpack-7782249-0 download attempt (malware-other.rules)
 * 1:53922 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zusy-7779081-0 download attempt (malware-other.rules)
 * 1:53923 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zusy-7779081-0 download attempt (malware-other.rules)
 * 1:53924 <-> ENABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules)
 * 1:53925 <-> ENABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules)
 * 1:53926 <-> ENABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules)
 * 1:53927 <-> ENABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules)
 * 1:53928 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer memory corruption attempt (browser-ie.rules)
 * 1:53929 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer memory corruption attempt (browser-ie.rules)
 * 1:53930 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer memory corruption attempt (browser-ie.rules)
 * 1:53893 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Worpof-7779679-0 download attempt (malware-other.rules)
 * 1:53943 <-> ENABLED <-> BROWSER-CHROME Google Chromium for Android AddInterface use after free attempt (browser-chrome.rules)
 * 1:53942 <-> ENABLED <-> BROWSER-CHROME Google Chromium for Android AddInterface use after free attempt (browser-chrome.rules)
 * 1:53941 <-> DISABLED <-> OS-WINDOWS Win32 kernel use after free privilege escalation attempt (os-windows.rules)
 * 1:53940 <-> DISABLED <-> OS-WINDOWS Win32 kernel use after free privilege escalation attempt (os-windows.rules)
 * 1:53938 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Dorkbot-7781513-0 download attempt (malware-other.rules)
 * 1:53939 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Dorkbot-7781513-0 download attempt (malware-other.rules)
 * 1:53937 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-7781049-0 download attempt (malware-other.rules)
 * 1:53931 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer memory corruption attempt (browser-ie.rules)
 * 1:53932 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k privilege escalation attempt (os-windows.rules)
 * 1:53933 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k privilege escalation attempt (os-windows.rules)
 * 1:53910 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Ursnif-7781451-0 download attempt (malware-other.rules)
 * 1:53947 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Cerber-7782997-0 download attempt (malware-other.rules)
 * 1:53950 <-> ENABLED <-> OS-WINDOWS Microsoft Windows fontdrvhost remote code execution attempt (os-windows.rules)
 * 1:53956 <-> ENABLED <-> MALWARE-CNC Win.Malware.Agent variant outbound cnc connection attempt (malware-cnc.rules)
 * 1:53955 <-> ENABLED <-> MALWARE-OTHER Win.Dropper.Agent payload download attempt (malware-other.rules)
 * 1:53954 <-> ENABLED <-> MALWARE-OTHER Win.Dropper.Agent payload download attempt (malware-other.rules)
 * 1:53953 <-> ENABLED <-> MALWARE-OTHER Win.Dropper.Agent payload download attempt (malware-other.rules)
 * 1:53952 <-> ENABLED <-> MALWARE-OTHER Win.Dropper.Agent payload download attempt (malware-other.rules)
 * 1:53951 <-> DISABLED <-> OS-WINDOWS Microsoft Windows fontdrvhost remote code execution attempt (os-windows.rules)
 * 1:53958 <-> ENABLED <-> MALWARE-CNC Win.Malware.Agent variant outbound cnc connection attempt (malware-cnc.rules)
 * 1:53957 <-> ENABLED <-> MALWARE-CNC Win.Malware.Agent variant outbound cnc connection attempt (malware-cnc.rules)
 * 1:53934 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zusy-7779639-0 download attempt (malware-other.rules)
 * 3:53944 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1067 attack attempt (server-webapp.rules)
 * 3:53945 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1067 attack attempt (server-webapp.rules)
 * 3:53948 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1063 attack attempt (file-pdf.rules)
 * 3:53949 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1063 attack attempt (file-pdf.rules)
 * 3:53959 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2020-1065 attack attempt (server-other.rules)

Modified Rules:


 * 1:49280 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro HTML use-after-free attempt (file-other.rules)
 * 1:49281 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro HTML use-after-free attempt (file-other.rules)

2020-05-12 17:20:37 UTC

Snort Subscriber Rules Update

Date: 2020-05-12

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091500.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:53936 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-7781049-0 download attempt (malware-other.rules)
 * 1:53935 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zusy-7779639-0 download attempt (malware-other.rules)
 * 1:53943 <-> ENABLED <-> BROWSER-CHROME Google Chromium for Android AddInterface use after free attempt (browser-chrome.rules)
 * 1:53942 <-> ENABLED <-> BROWSER-CHROME Google Chromium for Android AddInterface use after free attempt (browser-chrome.rules)
 * 1:53941 <-> DISABLED <-> OS-WINDOWS Win32 kernel use after free privilege escalation attempt (os-windows.rules)
 * 1:53940 <-> DISABLED <-> OS-WINDOWS Win32 kernel use after free privilege escalation attempt (os-windows.rules)
 * 1:53937 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-7781049-0 download attempt (malware-other.rules)
 * 1:53939 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Dorkbot-7781513-0 download attempt (malware-other.rules)
 * 1:53938 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Dorkbot-7781513-0 download attempt (malware-other.rules)
 * 1:53958 <-> ENABLED <-> MALWARE-CNC Win.Malware.Agent variant outbound cnc connection attempt (malware-cnc.rules)
 * 1:53957 <-> ENABLED <-> MALWARE-CNC Win.Malware.Agent variant outbound cnc connection attempt (malware-cnc.rules)
 * 1:53956 <-> ENABLED <-> MALWARE-CNC Win.Malware.Agent variant outbound cnc connection attempt (malware-cnc.rules)
 * 1:53955 <-> ENABLED <-> MALWARE-OTHER Win.Dropper.Agent payload download attempt (malware-other.rules)
 * 1:53954 <-> ENABLED <-> MALWARE-OTHER Win.Dropper.Agent payload download attempt (malware-other.rules)
 * 1:53953 <-> ENABLED <-> MALWARE-OTHER Win.Dropper.Agent payload download attempt (malware-other.rules)
 * 1:53952 <-> ENABLED <-> MALWARE-OTHER Win.Dropper.Agent payload download attempt (malware-other.rules)
 * 1:53951 <-> DISABLED <-> OS-WINDOWS Microsoft Windows fontdrvhost remote code execution attempt (os-windows.rules)
 * 1:53950 <-> ENABLED <-> OS-WINDOWS Microsoft Windows fontdrvhost remote code execution attempt (os-windows.rules)
 * 1:53947 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Cerber-7782997-0 download attempt (malware-other.rules)
 * 1:53946 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Cerber-7782997-0 download attempt (malware-other.rules)
 * 1:53872 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Petr-7770233-0 download attempt (malware-other.rules)
 * 1:53873 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Petr-7770233-0 download attempt (malware-other.rules)
 * 1:53874 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Ursnif-7770520-0 download attempt (malware-other.rules)
 * 1:53875 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Ursnif-7770520-0 download attempt (malware-other.rules)
 * 1:53876 <-> ENABLED <-> MALWARE-TOOLS Win.Trojan.EnigmaSpark download attempt (malware-tools.rules)
 * 1:53877 <-> ENABLED <-> MALWARE-TOOLS Win.Trojan.EnigmaSpark download attempt (malware-tools.rules)
 * 1:53878 <-> DISABLED <-> MALWARE-TOOLS Win.Trojan.EnigmaSpark download attempt (malware-tools.rules)
 * 1:53879 <-> DISABLED <-> MALWARE-TOOLS Win.Trojan.EnigmaSpark download attempt (malware-tools.rules)
 * 1:53880 <-> DISABLED <-> INDICATOR-OBFUSCATION Executable packed with EnigmaProtector detected (indicator-obfuscation.rules)
 * 1:53881 <-> DISABLED <-> INDICATOR-OBFUSCATION Executable packed with EnigmaProtector detected (indicator-obfuscation.rules)
 * 1:53882 <-> ENABLED <-> MALWARE-CNC Win.Trojan.EnigmaSpark variant outbound connection (malware-cnc.rules)
 * 1:53883 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Ursnif-7770512-0 download attempt (malware-other.rules)
 * 1:53884 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Ursnif-7770512-0 download attempt (malware-other.rules)
 * 1:53885 <-> ENABLED <-> SERVER-WEBAPP Grandstream UCM6200 series SQL injection attempt (server-webapp.rules)
 * 1:53886 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Bifrost-7776555-0 download attempt (malware-other.rules)
 * 1:53887 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Bifrost-7776555-0 download attempt (malware-other.rules)
 * 1:53888 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Gh0stRAT-7779557-0 download attempt (malware-other.rules)
 * 1:53889 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Gh0stRAT-7779557-0 download attempt (malware-other.rules)
 * 1:53890 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zeroaccess-7779678-0 download attempt (malware-other.rules)
 * 1:53891 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zeroaccess-7779678-0 download attempt (malware-other.rules)
 * 1:53892 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Worpof-7779679-0 download attempt (malware-other.rules)
 * 1:53893 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Worpof-7779679-0 download attempt (malware-other.rules)
 * 1:53894 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zeroaccess-7779785-0 download attempt (malware-other.rules)
 * 1:53895 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zeroaccess-7779785-0 download attempt (malware-other.rules)
 * 1:53896 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zeroaccess-7779786-0 download attempt (malware-other.rules)
 * 1:53897 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zeroaccess-7779786-0 download attempt (malware-other.rules)
 * 1:53898 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zeroaccess-7779787-0 download attempt (malware-other.rules)
 * 1:53899 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zeroaccess-7779787-0 download attempt (malware-other.rules)
 * 1:53900 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zeroaccess-7779788-0 download attempt (malware-other.rules)
 * 1:53901 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zeroaccess-7779788-0 download attempt (malware-other.rules)
 * 1:53902 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Downloader.Loadmoney-7779808-0 download attempt (malware-other.rules)
 * 1:53903 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Downloader.Loadmoney-7779808-0 download attempt (malware-other.rules)
 * 1:53904 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Cerber-7780045-0 download attempt (malware-other.rules)
 * 1:53905 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Cerber-7780045-0 download attempt (malware-other.rules)
 * 1:53906 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Nitol-7780618-0 download attempt (malware-other.rules)
 * 1:53907 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Nitol-7780618-0 download attempt (malware-other.rules)
 * 1:53908 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Bunitu-7780594-0 download attempt (malware-other.rules)
 * 1:53909 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Bunitu-7780594-0 download attempt (malware-other.rules)
 * 1:53910 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Ursnif-7781451-0 download attempt (malware-other.rules)
 * 1:53911 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Ursnif-7781451-0 download attempt (malware-other.rules)
 * 1:53912 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Mikey-7782296-0 download attempt (malware-other.rules)
 * 1:53913 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Mikey-7782296-0 download attempt (malware-other.rules)
 * 1:53914 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zusy-7782261-0 download attempt (malware-other.rules)
 * 1:53915 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zusy-7782261-0 download attempt (malware-other.rules)
 * 1:53916 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k kernel driver privilege escalation attempt (os-windows.rules)
 * 1:53917 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k kernel driver privilege escalation attempt (os-windows.rules)
 * 1:53918 <-> ENABLED <-> BROWSER-IE Internet Explorer VBScript engine memory corruption attempt (browser-ie.rules)
 * 1:53919 <-> ENABLED <-> BROWSER-IE Internet Explorer VBScript engine memory corruption attempt (browser-ie.rules)
 * 1:53920 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Genpack-7782249-0 download attempt (malware-other.rules)
 * 1:53921 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Genpack-7782249-0 download attempt (malware-other.rules)
 * 1:53922 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zusy-7779081-0 download attempt (malware-other.rules)
 * 1:53923 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zusy-7779081-0 download attempt (malware-other.rules)
 * 1:53924 <-> ENABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules)
 * 1:53925 <-> ENABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules)
 * 1:53926 <-> ENABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules)
 * 1:53927 <-> ENABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules)
 * 1:53928 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer memory corruption attempt (browser-ie.rules)
 * 1:53929 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer memory corruption attempt (browser-ie.rules)
 * 1:53930 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer memory corruption attempt (browser-ie.rules)
 * 1:53931 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer memory corruption attempt (browser-ie.rules)
 * 1:53932 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k privilege escalation attempt (os-windows.rules)
 * 1:53933 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k privilege escalation attempt (os-windows.rules)
 * 1:53934 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zusy-7779639-0 download attempt (malware-other.rules)
 * 3:53959 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2020-1065 attack attempt (server-other.rules)
 * 3:53945 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1067 attack attempt (server-webapp.rules)
 * 3:53948 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1063 attack attempt (file-pdf.rules)
 * 3:53949 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1063 attack attempt (file-pdf.rules)
 * 3:53944 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1067 attack attempt (server-webapp.rules)

Modified Rules:


 * 1:49280 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro HTML use-after-free attempt (file-other.rules)
 * 1:49281 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro HTML use-after-free attempt (file-other.rules)

2020-05-12 17:20:37 UTC

Snort Subscriber Rules Update

Date: 2020-05-12

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091401.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:53936 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-7781049-0 download attempt (malware-other.rules)
 * 1:53939 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Dorkbot-7781513-0 download attempt (malware-other.rules)
 * 1:53938 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Dorkbot-7781513-0 download attempt (malware-other.rules)
 * 1:53937 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-7781049-0 download attempt (malware-other.rules)
 * 1:53940 <-> DISABLED <-> OS-WINDOWS Win32 kernel use after free privilege escalation attempt (os-windows.rules)
 * 1:53935 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zusy-7779639-0 download attempt (malware-other.rules)
 * 1:53941 <-> DISABLED <-> OS-WINDOWS Win32 kernel use after free privilege escalation attempt (os-windows.rules)
 * 1:53952 <-> ENABLED <-> MALWARE-OTHER Win.Dropper.Agent payload download attempt (malware-other.rules)
 * 1:53943 <-> ENABLED <-> BROWSER-CHROME Google Chromium for Android AddInterface use after free attempt (browser-chrome.rules)
 * 1:53954 <-> ENABLED <-> MALWARE-OTHER Win.Dropper.Agent payload download attempt (malware-other.rules)
 * 1:53955 <-> ENABLED <-> MALWARE-OTHER Win.Dropper.Agent payload download attempt (malware-other.rules)
 * 1:53953 <-> ENABLED <-> MALWARE-OTHER Win.Dropper.Agent payload download attempt (malware-other.rules)
 * 1:53957 <-> ENABLED <-> MALWARE-CNC Win.Malware.Agent variant outbound cnc connection attempt (malware-cnc.rules)
 * 1:53956 <-> ENABLED <-> MALWARE-CNC Win.Malware.Agent variant outbound cnc connection attempt (malware-cnc.rules)
 * 1:53958 <-> ENABLED <-> MALWARE-CNC Win.Malware.Agent variant outbound cnc connection attempt (malware-cnc.rules)
 * 1:53951 <-> DISABLED <-> OS-WINDOWS Microsoft Windows fontdrvhost remote code execution attempt (os-windows.rules)
 * 1:53950 <-> ENABLED <-> OS-WINDOWS Microsoft Windows fontdrvhost remote code execution attempt (os-windows.rules)
 * 1:53947 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Cerber-7782997-0 download attempt (malware-other.rules)
 * 1:53946 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Cerber-7782997-0 download attempt (malware-other.rules)
 * 1:53886 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Bifrost-7776555-0 download attempt (malware-other.rules)
 * 1:53885 <-> ENABLED <-> SERVER-WEBAPP Grandstream UCM6200 series SQL injection attempt (server-webapp.rules)
 * 1:53883 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Ursnif-7770512-0 download attempt (malware-other.rules)
 * 1:53880 <-> DISABLED <-> INDICATOR-OBFUSCATION Executable packed with EnigmaProtector detected (indicator-obfuscation.rules)
 * 1:53881 <-> DISABLED <-> INDICATOR-OBFUSCATION Executable packed with EnigmaProtector detected (indicator-obfuscation.rules)
 * 1:53882 <-> ENABLED <-> MALWARE-CNC Win.Trojan.EnigmaSpark variant outbound connection (malware-cnc.rules)
 * 1:53879 <-> DISABLED <-> MALWARE-TOOLS Win.Trojan.EnigmaSpark download attempt (malware-tools.rules)
 * 1:53876 <-> ENABLED <-> MALWARE-TOOLS Win.Trojan.EnigmaSpark download attempt (malware-tools.rules)
 * 1:53877 <-> ENABLED <-> MALWARE-TOOLS Win.Trojan.EnigmaSpark download attempt (malware-tools.rules)
 * 1:53878 <-> DISABLED <-> MALWARE-TOOLS Win.Trojan.EnigmaSpark download attempt (malware-tools.rules)
 * 1:53875 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Ursnif-7770520-0 download attempt (malware-other.rules)
 * 1:53872 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Petr-7770233-0 download attempt (malware-other.rules)
 * 1:53873 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Petr-7770233-0 download attempt (malware-other.rules)
 * 1:53874 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Ursnif-7770520-0 download attempt (malware-other.rules)
 * 1:53884 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Ursnif-7770512-0 download attempt (malware-other.rules)
 * 1:53890 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zeroaccess-7779678-0 download attempt (malware-other.rules)
 * 1:53887 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Bifrost-7776555-0 download attempt (malware-other.rules)
 * 1:53913 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Mikey-7782296-0 download attempt (malware-other.rules)
 * 1:53889 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Gh0stRAT-7779557-0 download attempt (malware-other.rules)
 * 1:53909 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Bunitu-7780594-0 download attempt (malware-other.rules)
 * 1:53910 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Ursnif-7781451-0 download attempt (malware-other.rules)
 * 1:53907 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Nitol-7780618-0 download attempt (malware-other.rules)
 * 1:53904 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Cerber-7780045-0 download attempt (malware-other.rules)
 * 1:53905 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Cerber-7780045-0 download attempt (malware-other.rules)
 * 1:53906 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Nitol-7780618-0 download attempt (malware-other.rules)
 * 1:53903 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Downloader.Loadmoney-7779808-0 download attempt (malware-other.rules)
 * 1:53900 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zeroaccess-7779788-0 download attempt (malware-other.rules)
 * 1:53901 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zeroaccess-7779788-0 download attempt (malware-other.rules)
 * 1:53902 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Downloader.Loadmoney-7779808-0 download attempt (malware-other.rules)
 * 1:53899 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zeroaccess-7779787-0 download attempt (malware-other.rules)
 * 1:53896 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zeroaccess-7779786-0 download attempt (malware-other.rules)
 * 1:53897 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zeroaccess-7779786-0 download attempt (malware-other.rules)
 * 1:53898 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zeroaccess-7779787-0 download attempt (malware-other.rules)
 * 1:53895 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zeroaccess-7779785-0 download attempt (malware-other.rules)
 * 1:53892 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Worpof-7779679-0 download attempt (malware-other.rules)
 * 1:53893 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Worpof-7779679-0 download attempt (malware-other.rules)
 * 1:53894 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zeroaccess-7779785-0 download attempt (malware-other.rules)
 * 1:53891 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zeroaccess-7779678-0 download attempt (malware-other.rules)
 * 1:53888 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Gh0stRAT-7779557-0 download attempt (malware-other.rules)
 * 1:53908 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Bunitu-7780594-0 download attempt (malware-other.rules)
 * 1:53915 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zusy-7782261-0 download attempt (malware-other.rules)
 * 1:53911 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Ursnif-7781451-0 download attempt (malware-other.rules)
 * 1:53914 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zusy-7782261-0 download attempt (malware-other.rules)
 * 1:53932 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k privilege escalation attempt (os-windows.rules)
 * 1:53928 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer memory corruption attempt (browser-ie.rules)
 * 1:53930 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer memory corruption attempt (browser-ie.rules)
 * 1:53931 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer memory corruption attempt (browser-ie.rules)
 * 1:53924 <-> ENABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules)
 * 1:53929 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer memory corruption attempt (browser-ie.rules)
 * 1:53926 <-> ENABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules)
 * 1:53927 <-> ENABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules)
 * 1:53920 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Genpack-7782249-0 download attempt (malware-other.rules)
 * 1:53925 <-> ENABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules)
 * 1:53922 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zusy-7779081-0 download attempt (malware-other.rules)
 * 1:53923 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zusy-7779081-0 download attempt (malware-other.rules)
 * 1:53916 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k kernel driver privilege escalation attempt (os-windows.rules)
 * 1:53921 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Genpack-7782249-0 download attempt (malware-other.rules)
 * 1:53918 <-> ENABLED <-> BROWSER-IE Internet Explorer VBScript engine memory corruption attempt (browser-ie.rules)
 * 1:53919 <-> ENABLED <-> BROWSER-IE Internet Explorer VBScript engine memory corruption attempt (browser-ie.rules)
 * 1:53912 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Mikey-7782296-0 download attempt (malware-other.rules)
 * 1:53917 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k kernel driver privilege escalation attempt (os-windows.rules)
 * 1:53933 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k privilege escalation attempt (os-windows.rules)
 * 1:53934 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zusy-7779639-0 download attempt (malware-other.rules)
 * 1:53942 <-> ENABLED <-> BROWSER-CHROME Google Chromium for Android AddInterface use after free attempt (browser-chrome.rules)
 * 3:53944 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1067 attack attempt (server-webapp.rules)
 * 3:53945 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1067 attack attempt (server-webapp.rules)
 * 3:53948 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1063 attack attempt (file-pdf.rules)
 * 3:53949 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1063 attack attempt (file-pdf.rules)
 * 3:53959 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2020-1065 attack attempt (server-other.rules)

Modified Rules:


 * 1:49280 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro HTML use-after-free attempt (file-other.rules)
 * 1:49281 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro HTML use-after-free attempt (file-other.rules)

2020-05-12 17:20:37 UTC

Snort Subscriber Rules Update

Date: 2020-05-12

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091300.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:53943 <-> ENABLED <-> BROWSER-CHROME Google Chromium for Android AddInterface use after free attempt (browser-chrome.rules)
 * 1:53937 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-7781049-0 download attempt (malware-other.rules)
 * 1:53947 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Cerber-7782997-0 download attempt (malware-other.rules)
 * 1:53939 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Dorkbot-7781513-0 download attempt (malware-other.rules)
 * 1:53938 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Dorkbot-7781513-0 download attempt (malware-other.rules)
 * 1:53940 <-> DISABLED <-> OS-WINDOWS Win32 kernel use after free privilege escalation attempt (os-windows.rules)
 * 1:53935 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zusy-7779639-0 download attempt (malware-other.rules)
 * 1:53950 <-> ENABLED <-> OS-WINDOWS Microsoft Windows fontdrvhost remote code execution attempt (os-windows.rules)
 * 1:53936 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-7781049-0 download attempt (malware-other.rules)
 * 1:53941 <-> DISABLED <-> OS-WINDOWS Win32 kernel use after free privilege escalation attempt (os-windows.rules)
 * 1:53953 <-> ENABLED <-> MALWARE-OTHER Win.Dropper.Agent payload download attempt (malware-other.rules)
 * 1:53954 <-> ENABLED <-> MALWARE-OTHER Win.Dropper.Agent payload download attempt (malware-other.rules)
 * 1:53955 <-> ENABLED <-> MALWARE-OTHER Win.Dropper.Agent payload download attempt (malware-other.rules)
 * 1:53951 <-> DISABLED <-> OS-WINDOWS Microsoft Windows fontdrvhost remote code execution attempt (os-windows.rules)
 * 1:53942 <-> ENABLED <-> BROWSER-CHROME Google Chromium for Android AddInterface use after free attempt (browser-chrome.rules)
 * 1:53946 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Cerber-7782997-0 download attempt (malware-other.rules)
 * 1:53872 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Petr-7770233-0 download attempt (malware-other.rules)
 * 1:53873 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Petr-7770233-0 download attempt (malware-other.rules)
 * 1:53874 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Ursnif-7770520-0 download attempt (malware-other.rules)
 * 1:53875 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Ursnif-7770520-0 download attempt (malware-other.rules)
 * 1:53876 <-> ENABLED <-> MALWARE-TOOLS Win.Trojan.EnigmaSpark download attempt (malware-tools.rules)
 * 1:53877 <-> ENABLED <-> MALWARE-TOOLS Win.Trojan.EnigmaSpark download attempt (malware-tools.rules)
 * 1:53878 <-> DISABLED <-> MALWARE-TOOLS Win.Trojan.EnigmaSpark download attempt (malware-tools.rules)
 * 1:53879 <-> DISABLED <-> MALWARE-TOOLS Win.Trojan.EnigmaSpark download attempt (malware-tools.rules)
 * 1:53880 <-> DISABLED <-> INDICATOR-OBFUSCATION Executable packed with EnigmaProtector detected (indicator-obfuscation.rules)
 * 1:53881 <-> DISABLED <-> INDICATOR-OBFUSCATION Executable packed with EnigmaProtector detected (indicator-obfuscation.rules)
 * 1:53882 <-> ENABLED <-> MALWARE-CNC Win.Trojan.EnigmaSpark variant outbound connection (malware-cnc.rules)
 * 1:53883 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Ursnif-7770512-0 download attempt (malware-other.rules)
 * 1:53884 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Ursnif-7770512-0 download attempt (malware-other.rules)
 * 1:53885 <-> ENABLED <-> SERVER-WEBAPP Grandstream UCM6200 series SQL injection attempt (server-webapp.rules)
 * 1:53934 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zusy-7779639-0 download attempt (malware-other.rules)
 * 1:53886 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Bifrost-7776555-0 download attempt (malware-other.rules)
 * 1:53887 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Bifrost-7776555-0 download attempt (malware-other.rules)
 * 1:53888 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Gh0stRAT-7779557-0 download attempt (malware-other.rules)
 * 1:53889 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Gh0stRAT-7779557-0 download attempt (malware-other.rules)
 * 1:53890 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zeroaccess-7779678-0 download attempt (malware-other.rules)
 * 1:53891 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zeroaccess-7779678-0 download attempt (malware-other.rules)
 * 1:53892 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Worpof-7779679-0 download attempt (malware-other.rules)
 * 1:53893 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Worpof-7779679-0 download attempt (malware-other.rules)
 * 1:53894 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zeroaccess-7779785-0 download attempt (malware-other.rules)
 * 1:53895 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zeroaccess-7779785-0 download attempt (malware-other.rules)
 * 1:53896 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zeroaccess-7779786-0 download attempt (malware-other.rules)
 * 1:53897 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zeroaccess-7779786-0 download attempt (malware-other.rules)
 * 1:53898 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zeroaccess-7779787-0 download attempt (malware-other.rules)
 * 1:53899 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zeroaccess-7779787-0 download attempt (malware-other.rules)
 * 1:53900 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zeroaccess-7779788-0 download attempt (malware-other.rules)
 * 1:53901 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zeroaccess-7779788-0 download attempt (malware-other.rules)
 * 1:53902 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Downloader.Loadmoney-7779808-0 download attempt (malware-other.rules)
 * 1:53903 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Downloader.Loadmoney-7779808-0 download attempt (malware-other.rules)
 * 1:53904 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Cerber-7780045-0 download attempt (malware-other.rules)
 * 1:53905 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Cerber-7780045-0 download attempt (malware-other.rules)
 * 1:53906 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Nitol-7780618-0 download attempt (malware-other.rules)
 * 1:53907 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Nitol-7780618-0 download attempt (malware-other.rules)
 * 1:53908 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Bunitu-7780594-0 download attempt (malware-other.rules)
 * 1:53909 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Bunitu-7780594-0 download attempt (malware-other.rules)
 * 1:53910 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Ursnif-7781451-0 download attempt (malware-other.rules)
 * 1:53911 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Ursnif-7781451-0 download attempt (malware-other.rules)
 * 1:53912 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Mikey-7782296-0 download attempt (malware-other.rules)
 * 1:53913 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Mikey-7782296-0 download attempt (malware-other.rules)
 * 1:53914 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zusy-7782261-0 download attempt (malware-other.rules)
 * 1:53915 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zusy-7782261-0 download attempt (malware-other.rules)
 * 1:53916 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k kernel driver privilege escalation attempt (os-windows.rules)
 * 1:53917 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k kernel driver privilege escalation attempt (os-windows.rules)
 * 1:53918 <-> ENABLED <-> BROWSER-IE Internet Explorer VBScript engine memory corruption attempt (browser-ie.rules)
 * 1:53919 <-> ENABLED <-> BROWSER-IE Internet Explorer VBScript engine memory corruption attempt (browser-ie.rules)
 * 1:53920 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Genpack-7782249-0 download attempt (malware-other.rules)
 * 1:53921 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Genpack-7782249-0 download attempt (malware-other.rules)
 * 1:53922 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zusy-7779081-0 download attempt (malware-other.rules)
 * 1:53923 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zusy-7779081-0 download attempt (malware-other.rules)
 * 1:53924 <-> ENABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules)
 * 1:53925 <-> ENABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules)
 * 1:53926 <-> ENABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules)
 * 1:53927 <-> ENABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules)
 * 1:53928 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer memory corruption attempt (browser-ie.rules)
 * 1:53929 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer memory corruption attempt (browser-ie.rules)
 * 1:53930 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer memory corruption attempt (browser-ie.rules)
 * 1:53931 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer memory corruption attempt (browser-ie.rules)
 * 1:53932 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k privilege escalation attempt (os-windows.rules)
 * 1:53933 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k privilege escalation attempt (os-windows.rules)
 * 1:53958 <-> ENABLED <-> MALWARE-CNC Win.Malware.Agent variant outbound cnc connection attempt (malware-cnc.rules)
 * 1:53956 <-> ENABLED <-> MALWARE-CNC Win.Malware.Agent variant outbound cnc connection attempt (malware-cnc.rules)
 * 1:53957 <-> ENABLED <-> MALWARE-CNC Win.Malware.Agent variant outbound cnc connection attempt (malware-cnc.rules)
 * 1:53952 <-> ENABLED <-> MALWARE-OTHER Win.Dropper.Agent payload download attempt (malware-other.rules)
 * 3:53959 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2020-1065 attack attempt (server-other.rules)
 * 3:53948 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1063 attack attempt (file-pdf.rules)
 * 3:53945 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1067 attack attempt (server-webapp.rules)
 * 3:53944 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1067 attack attempt (server-webapp.rules)
 * 3:53949 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1063 attack attempt (file-pdf.rules)

Modified Rules:


 * 1:49280 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro HTML use-after-free attempt (file-other.rules)
 * 1:49281 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro HTML use-after-free attempt (file-other.rules)

2020-05-12 17:20:37 UTC

Snort Subscriber Rules Update

Date: 2020-05-12

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091101.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:53940 <-> DISABLED <-> OS-WINDOWS Win32 kernel use after free privilege escalation attempt (os-windows.rules)
 * 1:53935 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zusy-7779639-0 download attempt (malware-other.rules)
 * 1:53936 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-7781049-0 download attempt (malware-other.rules)
 * 1:53946 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Cerber-7782997-0 download attempt (malware-other.rules)
 * 1:53950 <-> ENABLED <-> OS-WINDOWS Microsoft Windows fontdrvhost remote code execution attempt (os-windows.rules)
 * 1:53947 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Cerber-7782997-0 download attempt (malware-other.rules)
 * 1:53957 <-> ENABLED <-> MALWARE-CNC Win.Malware.Agent variant outbound cnc connection attempt (malware-cnc.rules)
 * 1:53941 <-> DISABLED <-> OS-WINDOWS Win32 kernel use after free privilege escalation attempt (os-windows.rules)
 * 1:53952 <-> ENABLED <-> MALWARE-OTHER Win.Dropper.Agent payload download attempt (malware-other.rules)
 * 1:53939 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Dorkbot-7781513-0 download attempt (malware-other.rules)
 * 1:53937 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-7781049-0 download attempt (malware-other.rules)
 * 1:53956 <-> ENABLED <-> MALWARE-CNC Win.Malware.Agent variant outbound cnc connection attempt (malware-cnc.rules)
 * 1:53942 <-> ENABLED <-> BROWSER-CHROME Google Chromium for Android AddInterface use after free attempt (browser-chrome.rules)
 * 1:53958 <-> ENABLED <-> MALWARE-CNC Win.Malware.Agent variant outbound cnc connection attempt (malware-cnc.rules)
 * 1:53872 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Petr-7770233-0 download attempt (malware-other.rules)
 * 1:53912 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Mikey-7782296-0 download attempt (malware-other.rules)
 * 1:53873 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Petr-7770233-0 download attempt (malware-other.rules)
 * 1:53896 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zeroaccess-7779786-0 download attempt (malware-other.rules)
 * 1:53891 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zeroaccess-7779678-0 download attempt (malware-other.rules)
 * 1:53886 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Bifrost-7776555-0 download attempt (malware-other.rules)
 * 1:53893 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Worpof-7779679-0 download attempt (malware-other.rules)
 * 1:53887 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Bifrost-7776555-0 download attempt (malware-other.rules)
 * 1:53892 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Worpof-7779679-0 download attempt (malware-other.rules)
 * 1:53889 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Gh0stRAT-7779557-0 download attempt (malware-other.rules)
 * 1:53882 <-> ENABLED <-> MALWARE-CNC Win.Trojan.EnigmaSpark variant outbound connection (malware-cnc.rules)
 * 1:53883 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Ursnif-7770512-0 download attempt (malware-other.rules)
 * 1:53888 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Gh0stRAT-7779557-0 download attempt (malware-other.rules)
 * 1:53885 <-> ENABLED <-> SERVER-WEBAPP Grandstream UCM6200 series SQL injection attempt (server-webapp.rules)
 * 1:53878 <-> DISABLED <-> MALWARE-TOOLS Win.Trojan.EnigmaSpark download attempt (malware-tools.rules)
 * 1:53879 <-> DISABLED <-> MALWARE-TOOLS Win.Trojan.EnigmaSpark download attempt (malware-tools.rules)
 * 1:53884 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Ursnif-7770512-0 download attempt (malware-other.rules)
 * 1:53881 <-> DISABLED <-> INDICATOR-OBFUSCATION Executable packed with EnigmaProtector detected (indicator-obfuscation.rules)
 * 1:53874 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Ursnif-7770520-0 download attempt (malware-other.rules)
 * 1:53875 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Ursnif-7770520-0 download attempt (malware-other.rules)
 * 1:53880 <-> DISABLED <-> INDICATOR-OBFUSCATION Executable packed with EnigmaProtector detected (indicator-obfuscation.rules)
 * 1:53877 <-> ENABLED <-> MALWARE-TOOLS Win.Trojan.EnigmaSpark download attempt (malware-tools.rules)
 * 1:53876 <-> ENABLED <-> MALWARE-TOOLS Win.Trojan.EnigmaSpark download attempt (malware-tools.rules)
 * 1:53907 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Nitol-7780618-0 download attempt (malware-other.rules)
 * 1:53909 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Bunitu-7780594-0 download attempt (malware-other.rules)
 * 1:53902 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Downloader.Loadmoney-7779808-0 download attempt (malware-other.rules)
 * 1:53903 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Downloader.Loadmoney-7779808-0 download attempt (malware-other.rules)
 * 1:53908 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Bunitu-7780594-0 download attempt (malware-other.rules)
 * 1:53905 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Cerber-7780045-0 download attempt (malware-other.rules)
 * 1:53898 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zeroaccess-7779787-0 download attempt (malware-other.rules)
 * 1:53899 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zeroaccess-7779787-0 download attempt (malware-other.rules)
 * 1:53904 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Cerber-7780045-0 download attempt (malware-other.rules)
 * 1:53901 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zeroaccess-7779788-0 download attempt (malware-other.rules)
 * 1:53894 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zeroaccess-7779785-0 download attempt (malware-other.rules)
 * 1:53895 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zeroaccess-7779785-0 download attempt (malware-other.rules)
 * 1:53900 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zeroaccess-7779788-0 download attempt (malware-other.rules)
 * 1:53897 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zeroaccess-7779786-0 download attempt (malware-other.rules)
 * 1:53890 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zeroaccess-7779678-0 download attempt (malware-other.rules)
 * 1:53906 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Nitol-7780618-0 download attempt (malware-other.rules)
 * 1:53913 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Mikey-7782296-0 download attempt (malware-other.rules)
 * 1:53934 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zusy-7779639-0 download attempt (malware-other.rules)
 * 1:53930 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer memory corruption attempt (browser-ie.rules)
 * 1:53931 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer memory corruption attempt (browser-ie.rules)
 * 1:53933 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k privilege escalation attempt (os-windows.rules)
 * 1:53926 <-> ENABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules)
 * 1:53927 <-> ENABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules)
 * 1:53932 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k privilege escalation attempt (os-windows.rules)
 * 1:53929 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer memory corruption attempt (browser-ie.rules)
 * 1:53922 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zusy-7779081-0 download attempt (malware-other.rules)
 * 1:53923 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zusy-7779081-0 download attempt (malware-other.rules)
 * 1:53928 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer memory corruption attempt (browser-ie.rules)
 * 1:53925 <-> ENABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules)
 * 1:53918 <-> ENABLED <-> BROWSER-IE Internet Explorer VBScript engine memory corruption attempt (browser-ie.rules)
 * 1:53919 <-> ENABLED <-> BROWSER-IE Internet Explorer VBScript engine memory corruption attempt (browser-ie.rules)
 * 1:53924 <-> ENABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules)
 * 1:53914 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zusy-7782261-0 download attempt (malware-other.rules)
 * 1:53921 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Genpack-7782249-0 download attempt (malware-other.rules)
 * 1:53915 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zusy-7782261-0 download attempt (malware-other.rules)
 * 1:53920 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Genpack-7782249-0 download attempt (malware-other.rules)
 * 1:53917 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k kernel driver privilege escalation attempt (os-windows.rules)
 * 1:53910 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Ursnif-7781451-0 download attempt (malware-other.rules)
 * 1:53911 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Ursnif-7781451-0 download attempt (malware-other.rules)
 * 1:53916 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k kernel driver privilege escalation attempt (os-windows.rules)
 * 1:53955 <-> ENABLED <-> MALWARE-OTHER Win.Dropper.Agent payload download attempt (malware-other.rules)
 * 1:53951 <-> DISABLED <-> OS-WINDOWS Microsoft Windows fontdrvhost remote code execution attempt (os-windows.rules)
 * 1:53954 <-> ENABLED <-> MALWARE-OTHER Win.Dropper.Agent payload download attempt (malware-other.rules)
 * 1:53953 <-> ENABLED <-> MALWARE-OTHER Win.Dropper.Agent payload download attempt (malware-other.rules)
 * 1:53943 <-> ENABLED <-> BROWSER-CHROME Google Chromium for Android AddInterface use after free attempt (browser-chrome.rules)
 * 1:53938 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Dorkbot-7781513-0 download attempt (malware-other.rules)
 * 3:53948 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1063 attack attempt (file-pdf.rules)
 * 3:53945 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1067 attack attempt (server-webapp.rules)
 * 3:53944 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1067 attack attempt (server-webapp.rules)
 * 3:53959 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2020-1065 attack attempt (server-other.rules)
 * 3:53949 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1063 attack attempt (file-pdf.rules)

Modified Rules:


 * 1:49280 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro HTML use-after-free attempt (file-other.rules)
 * 1:49281 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro HTML use-after-free attempt (file-other.rules)

2020-05-12 17:20:37 UTC

Snort Subscriber Rules Update

Date: 2020-05-12

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3000.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:53955 <-> ENABLED <-> MALWARE-OTHER Win.Dropper.Agent payload download attempt (snort3-malware-other.rules)
 * 1:53947 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Cerber-7782997-0 download attempt (snort3-malware-other.rules)
 * 1:53942 <-> ENABLED <-> BROWSER-CHROME Google Chromium for Android AddInterface use after free attempt (snort3-browser-chrome.rules)
 * 1:53881 <-> DISABLED <-> INDICATOR-OBFUSCATION Executable packed with EnigmaProtector detected (snort3-indicator-obfuscation.rules)
 * 1:53953 <-> ENABLED <-> MALWARE-OTHER Win.Dropper.Agent payload download attempt (snort3-malware-other.rules)
 * 1:53941 <-> DISABLED <-> OS-WINDOWS Win32 kernel use after free privilege escalation attempt (snort3-os-windows.rules)
 * 1:53940 <-> DISABLED <-> OS-WINDOWS Win32 kernel use after free privilege escalation attempt (snort3-os-windows.rules)
 * 1:53943 <-> ENABLED <-> BROWSER-CHROME Google Chromium for Android AddInterface use after free attempt (snort3-browser-chrome.rules)
 * 1:53938 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Dorkbot-7781513-0 download attempt (snort3-malware-other.rules)
 * 1:53932 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k privilege escalation attempt (snort3-os-windows.rules)
 * 1:53936 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-7781049-0 download attempt (snort3-malware-other.rules)
 * 1:53935 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zusy-7779639-0 download attempt (snort3-malware-other.rules)
 * 1:53933 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k privilege escalation attempt (snort3-os-windows.rules)
 * 1:53934 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zusy-7779639-0 download attempt (snort3-malware-other.rules)
 * 1:53890 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zeroaccess-7779678-0 download attempt (snort3-malware-other.rules)
 * 1:53946 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Cerber-7782997-0 download attempt (snort3-malware-other.rules)
 * 1:53958 <-> ENABLED <-> MALWARE-CNC Win.Malware.Agent variant outbound cnc connection attempt (snort3-malware-cnc.rules)
 * 1:53956 <-> ENABLED <-> MALWARE-CNC Win.Malware.Agent variant outbound cnc connection attempt (snort3-malware-cnc.rules)
 * 1:53957 <-> ENABLED <-> MALWARE-CNC Win.Malware.Agent variant outbound cnc connection attempt (snort3-malware-cnc.rules)
 * 1:53952 <-> ENABLED <-> MALWARE-OTHER Win.Dropper.Agent payload download attempt (snort3-malware-other.rules)
 * 1:53937 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-7781049-0 download attempt (snort3-malware-other.rules)
 * 1:53910 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Ursnif-7781451-0 download attempt (snort3-malware-other.rules)
 * 1:53913 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Mikey-7782296-0 download attempt (snort3-malware-other.rules)
 * 1:53954 <-> ENABLED <-> MALWARE-OTHER Win.Dropper.Agent payload download attempt (snort3-malware-other.rules)
 * 1:53950 <-> ENABLED <-> OS-WINDOWS Microsoft Windows fontdrvhost remote code execution attempt (snort3-os-windows.rules)
 * 1:53939 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Dorkbot-7781513-0 download attempt (snort3-malware-other.rules)
 * 1:53951 <-> DISABLED <-> OS-WINDOWS Microsoft Windows fontdrvhost remote code execution attempt (snort3-os-windows.rules)
 * 1:53922 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zusy-7779081-0 download attempt (snort3-malware-other.rules)
 * 1:53927 <-> ENABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (snort3-browser-ie.rules)
 * 1:53928 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer memory corruption attempt (snort3-browser-ie.rules)
 * 1:53925 <-> ENABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (snort3-browser-ie.rules)
 * 1:53918 <-> ENABLED <-> BROWSER-IE Internet Explorer VBScript engine memory corruption attempt (snort3-browser-ie.rules)
 * 1:53923 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zusy-7779081-0 download attempt (snort3-malware-other.rules)
 * 1:53924 <-> ENABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (snort3-browser-ie.rules)
 * 1:53929 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer memory corruption attempt (snort3-browser-ie.rules)
 * 1:53914 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zusy-7782261-0 download attempt (snort3-malware-other.rules)
 * 1:53919 <-> ENABLED <-> BROWSER-IE Internet Explorer VBScript engine memory corruption attempt (snort3-browser-ie.rules)
 * 1:53920 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Genpack-7782249-0 download attempt (snort3-malware-other.rules)
 * 1:53926 <-> ENABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (snort3-browser-ie.rules)
 * 1:53911 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Ursnif-7781451-0 download attempt (snort3-malware-other.rules)
 * 1:53915 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zusy-7782261-0 download attempt (snort3-malware-other.rules)
 * 1:53930 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer memory corruption attempt (snort3-browser-ie.rules)
 * 1:53921 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Genpack-7782249-0 download attempt (snort3-malware-other.rules)
 * 1:53877 <-> ENABLED <-> MALWARE-TOOLS Win.Trojan.EnigmaSpark download attempt (snort3-malware-tools.rules)
 * 1:53931 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer memory corruption attempt (snort3-browser-ie.rules)
 * 1:53917 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k kernel driver privilege escalation attempt (snort3-os-windows.rules)
 * 1:53879 <-> DISABLED <-> MALWARE-TOOLS Win.Trojan.EnigmaSpark download attempt (snort3-malware-tools.rules)
 * 1:53907 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Nitol-7780618-0 download attempt (snort3-malware-other.rules)
 * 1:53874 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Ursnif-7770520-0 download attempt (snort3-malware-other.rules)
 * 1:53894 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zeroaccess-7779785-0 download attempt (snort3-malware-other.rules)
 * 1:53876 <-> ENABLED <-> MALWARE-TOOLS Win.Trojan.EnigmaSpark download attempt (snort3-malware-tools.rules)
 * 1:53903 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Downloader.Loadmoney-7779808-0 download attempt (snort3-malware-other.rules)
 * 1:53904 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Cerber-7780045-0 download attempt (snort3-malware-other.rules)
 * 1:53878 <-> DISABLED <-> MALWARE-TOOLS Win.Trojan.EnigmaSpark download attempt (snort3-malware-tools.rules)
 * 1:53906 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Nitol-7780618-0 download attempt (snort3-malware-other.rules)
 * 1:53899 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zeroaccess-7779787-0 download attempt (snort3-malware-other.rules)
 * 1:53873 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Petr-7770233-0 download attempt (snort3-malware-other.rules)
 * 1:53900 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zeroaccess-7779788-0 download attempt (snort3-malware-other.rules)
 * 1:53902 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Downloader.Loadmoney-7779808-0 download attempt (snort3-malware-other.rules)
 * 1:53895 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zeroaccess-7779785-0 download attempt (snort3-malware-other.rules)
 * 1:53896 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zeroaccess-7779786-0 download attempt (snort3-malware-other.rules)
 * 1:53905 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Cerber-7780045-0 download attempt (snort3-malware-other.rules)
 * 1:53893 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Worpof-7779679-0 download attempt (snort3-malware-other.rules)
 * 1:53908 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Bunitu-7780594-0 download attempt (snort3-malware-other.rules)
 * 1:53898 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zeroaccess-7779787-0 download attempt (snort3-malware-other.rules)
 * 1:53901 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zeroaccess-7779788-0 download attempt (snort3-malware-other.rules)
 * 1:53882 <-> ENABLED <-> MALWARE-CNC Win.Trojan.EnigmaSpark variant outbound connection (snort3-malware-cnc.rules)
 * 1:53883 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Ursnif-7770512-0 download attempt (snort3-malware-other.rules)
 * 1:53875 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Ursnif-7770520-0 download attempt (snort3-malware-other.rules)
 * 1:53897 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zeroaccess-7779786-0 download attempt (snort3-malware-other.rules)
 * 1:53886 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Bifrost-7776555-0 download attempt (snort3-malware-other.rules)
 * 1:53872 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Petr-7770233-0 download attempt (snort3-malware-other.rules)
 * 1:53888 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Gh0stRAT-7779557-0 download attempt (snort3-malware-other.rules)
 * 1:53889 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Gh0stRAT-7779557-0 download attempt (snort3-malware-other.rules)
 * 1:53891 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zeroaccess-7779678-0 download attempt (snort3-malware-other.rules)
 * 1:53884 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Ursnif-7770512-0 download attempt (snort3-malware-other.rules)
 * 1:53885 <-> ENABLED <-> SERVER-WEBAPP Grandstream UCM6200 series SQL injection attempt (snort3-server-webapp.rules)
 * 1:53892 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Worpof-7779679-0 download attempt (snort3-malware-other.rules)
 * 1:53887 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Bifrost-7776555-0 download attempt (snort3-malware-other.rules)
 * 1:53880 <-> DISABLED <-> INDICATOR-OBFUSCATION Executable packed with EnigmaProtector detected (snort3-indicator-obfuscation.rules)
 * 1:53912 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Mikey-7782296-0 download attempt (snort3-malware-other.rules)
 * 1:53909 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Bunitu-7780594-0 download attempt (snort3-malware-other.rules)
 * 1:53916 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k kernel driver privilege escalation attempt (snort3-os-windows.rules)

Modified Rules:


 * 1:49280 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro HTML use-after-free attempt (snort3-file-other.rules)
 * 1:49281 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro HTML use-after-free attempt (snort3-file-other.rules)

2020-05-12 17:20:37 UTC

Snort Subscriber Rules Update

Date: 2020-05-12

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:53950 <-> ENABLED <-> OS-WINDOWS Microsoft Windows fontdrvhost remote code execution attempt (os-windows.rules)
 * 1:53932 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k privilege escalation attempt (os-windows.rules)
 * 1:53939 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Dorkbot-7781513-0 download attempt (malware-other.rules)
 * 1:53942 <-> ENABLED <-> BROWSER-CHROME Google Chromium for Android AddInterface use after free attempt (browser-chrome.rules)
 * 1:53876 <-> ENABLED <-> MALWARE-TOOLS Win.Trojan.EnigmaSpark download attempt (malware-tools.rules)
 * 1:53934 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zusy-7779639-0 download attempt (malware-other.rules)
 * 1:53947 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Cerber-7782997-0 download attempt (malware-other.rules)
 * 1:53937 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-7781049-0 download attempt (malware-other.rules)
 * 1:53957 <-> ENABLED <-> MALWARE-CNC Win.Malware.Agent variant outbound cnc connection attempt (malware-cnc.rules)
 * 1:53952 <-> ENABLED <-> MALWARE-OTHER Win.Dropper.Agent payload download attempt (malware-other.rules)
 * 1:53941 <-> DISABLED <-> OS-WINDOWS Win32 kernel use after free privilege escalation attempt (os-windows.rules)
 * 1:53958 <-> ENABLED <-> MALWARE-CNC Win.Malware.Agent variant outbound cnc connection attempt (malware-cnc.rules)
 * 1:53936 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-7781049-0 download attempt (malware-other.rules)
 * 1:53938 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Dorkbot-7781513-0 download attempt (malware-other.rules)
 * 1:53877 <-> ENABLED <-> MALWARE-TOOLS Win.Trojan.EnigmaSpark download attempt (malware-tools.rules)
 * 1:53874 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Ursnif-7770520-0 download attempt (malware-other.rules)
 * 1:53956 <-> ENABLED <-> MALWARE-CNC Win.Malware.Agent variant outbound cnc connection attempt (malware-cnc.rules)
 * 1:53943 <-> ENABLED <-> BROWSER-CHROME Google Chromium for Android AddInterface use after free attempt (browser-chrome.rules)
 * 1:53875 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Ursnif-7770520-0 download attempt (malware-other.rules)
 * 1:53953 <-> ENABLED <-> MALWARE-OTHER Win.Dropper.Agent payload download attempt (malware-other.rules)
 * 1:53954 <-> ENABLED <-> MALWARE-OTHER Win.Dropper.Agent payload download attempt (malware-other.rules)
 * 1:53951 <-> DISABLED <-> OS-WINDOWS Microsoft Windows fontdrvhost remote code execution attempt (os-windows.rules)
 * 1:53955 <-> ENABLED <-> MALWARE-OTHER Win.Dropper.Agent payload download attempt (malware-other.rules)
 * 1:53922 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zusy-7779081-0 download attempt (malware-other.rules)
 * 1:53907 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Nitol-7780618-0 download attempt (malware-other.rules)
 * 1:53899 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zeroaccess-7779787-0 download attempt (malware-other.rules)
 * 1:53919 <-> ENABLED <-> BROWSER-IE Internet Explorer VBScript engine memory corruption attempt (browser-ie.rules)
 * 1:53901 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zeroaccess-7779788-0 download attempt (malware-other.rules)
 * 1:53894 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zeroaccess-7779785-0 download attempt (malware-other.rules)
 * 1:53904 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Cerber-7780045-0 download attempt (malware-other.rules)
 * 1:53897 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zeroaccess-7779786-0 download attempt (malware-other.rules)
 * 1:53930 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer memory corruption attempt (browser-ie.rules)
 * 1:53917 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k kernel driver privilege escalation attempt (os-windows.rules)
 * 1:53918 <-> ENABLED <-> BROWSER-IE Internet Explorer VBScript engine memory corruption attempt (browser-ie.rules)
 * 1:53926 <-> ENABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules)
 * 1:53927 <-> ENABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules)
 * 1:53921 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Genpack-7782249-0 download attempt (malware-other.rules)
 * 1:53929 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer memory corruption attempt (browser-ie.rules)
 * 1:53923 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zusy-7779081-0 download attempt (malware-other.rules)
 * 1:53924 <-> ENABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules)
 * 1:53925 <-> ENABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules)
 * 1:53928 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer memory corruption attempt (browser-ie.rules)
 * 1:53913 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Mikey-7782296-0 download attempt (malware-other.rules)
 * 1:53900 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zeroaccess-7779788-0 download attempt (malware-other.rules)
 * 1:53910 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Ursnif-7781451-0 download attempt (malware-other.rules)
 * 1:53911 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Ursnif-7781451-0 download attempt (malware-other.rules)
 * 1:53920 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Genpack-7782249-0 download attempt (malware-other.rules)
 * 1:53915 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zusy-7782261-0 download attempt (malware-other.rules)
 * 1:53906 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Nitol-7780618-0 download attempt (malware-other.rules)
 * 1:53908 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Bunitu-7780594-0 download attempt (malware-other.rules)
 * 1:53916 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k kernel driver privilege escalation attempt (os-windows.rules)
 * 1:53909 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Bunitu-7780594-0 download attempt (malware-other.rules)
 * 1:53902 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Downloader.Loadmoney-7779808-0 download attempt (malware-other.rules)
 * 1:53903 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Downloader.Loadmoney-7779808-0 download attempt (malware-other.rules)
 * 1:53912 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Mikey-7782296-0 download attempt (malware-other.rules)
 * 1:53905 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Cerber-7780045-0 download attempt (malware-other.rules)
 * 1:53898 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zeroaccess-7779787-0 download attempt (malware-other.rules)
 * 1:53914 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zusy-7782261-0 download attempt (malware-other.rules)
 * 1:53872 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Petr-7770233-0 download attempt (malware-other.rules)
 * 1:53890 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zeroaccess-7779678-0 download attempt (malware-other.rules)
 * 1:53931 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer memory corruption attempt (browser-ie.rules)
 * 1:53873 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Petr-7770233-0 download attempt (malware-other.rules)
 * 1:53886 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Bifrost-7776555-0 download attempt (malware-other.rules)
 * 1:53891 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zeroaccess-7779678-0 download attempt (malware-other.rules)
 * 1:53896 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zeroaccess-7779786-0 download attempt (malware-other.rules)
 * 1:53882 <-> ENABLED <-> MALWARE-CNC Win.Trojan.EnigmaSpark variant outbound connection (malware-cnc.rules)
 * 1:53887 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Bifrost-7776555-0 download attempt (malware-other.rules)
 * 1:53888 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Gh0stRAT-7779557-0 download attempt (malware-other.rules)
 * 1:53893 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Worpof-7779679-0 download attempt (malware-other.rules)
 * 1:53878 <-> DISABLED <-> MALWARE-TOOLS Win.Trojan.EnigmaSpark download attempt (malware-tools.rules)
 * 1:53883 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Ursnif-7770512-0 download attempt (malware-other.rules)
 * 1:53884 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Ursnif-7770512-0 download attempt (malware-other.rules)
 * 1:53881 <-> DISABLED <-> INDICATOR-OBFUSCATION Executable packed with EnigmaProtector detected (indicator-obfuscation.rules)
 * 1:53889 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Gh0stRAT-7779557-0 download attempt (malware-other.rules)
 * 1:53879 <-> DISABLED <-> MALWARE-TOOLS Win.Trojan.EnigmaSpark download attempt (malware-tools.rules)
 * 1:53880 <-> DISABLED <-> INDICATOR-OBFUSCATION Executable packed with EnigmaProtector detected (indicator-obfuscation.rules)
 * 1:53885 <-> ENABLED <-> SERVER-WEBAPP Grandstream UCM6200 series SQL injection attempt (server-webapp.rules)
 * 1:53892 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Worpof-7779679-0 download attempt (malware-other.rules)
 * 1:53895 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zeroaccess-7779785-0 download attempt (malware-other.rules)
 * 1:53933 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k privilege escalation attempt (os-windows.rules)
 * 1:53940 <-> DISABLED <-> OS-WINDOWS Win32 kernel use after free privilege escalation attempt (os-windows.rules)
 * 1:53935 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zusy-7779639-0 download attempt (malware-other.rules)
 * 1:53946 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Cerber-7782997-0 download attempt (malware-other.rules)
 * 3:53959 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2020-1065 attack attempt (server-other.rules)
 * 3:53949 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1063 attack attempt (file-pdf.rules)
 * 3:53945 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1067 attack attempt (server-webapp.rules)
 * 3:53944 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1067 attack attempt (server-webapp.rules)
 * 3:53948 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1063 attack attempt (file-pdf.rules)

Modified Rules:


 * 1:49280 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro HTML use-after-free attempt (file-other.rules)
 * 1:49281 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro HTML use-after-free attempt (file-other.rules)