Talos Rules 2020-05-28
This release adds and modifies rules in several categories.

Talos has added and modified multiple rules in the indicator-compromise and malware-other rule sets to provide coverage for emerging threats from these technologies.

Change logs

2020-05-28 12:08:48 UTC

Snort Subscriber Rules Update

Date: 2020-05-28

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091600.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:54056 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.BlackNET variant binary download attempt (malware-other.rules)
 * 1:54055 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Copperhedge outbound connection (malware-cnc.rules)
 * 1:54054 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Copperhedge outbound connection (malware-cnc.rules)
 * 1:54053 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Copperhedge outbound connection (malware-cnc.rules)
 * 1:54077 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules)
 * 1:54076 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules)
 * 1:54075 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules)
 * 1:54074 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules)
 * 1:54073 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules)
 * 1:54072 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules)
 * 1:54071 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules)
 * 1:54070 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules)
 * 1:54069 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules)
 * 1:54068 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules)
 * 1:54067 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules)
 * 1:54066 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules)
 * 1:54065 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules)
 * 1:54064 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules)
 * 1:54063 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules)
 * 1:54062 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules)
 * 1:54061 <-> ENABLED <-> MALWARE-CNC Win.Trojan.TrickBot variant certificate exchange attempt (malware-cnc.rules)
 * 1:54060 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Blacknet variant outbound connection (malware-cnc.rules)
 * 1:54059 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Blacknet variant outbound connection (malware-cnc.rules)
 * 1:54058 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Blacknet variant outbound connection (malware-cnc.rules)
 * 1:54057 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.BlackNET variant binary download attempt (malware-other.rules)
 * 1:54082 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound cnc connection (malware-cnc.rules)
 * 1:54081 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound cnc connection (malware-cnc.rules)
 * 1:54080 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.TrickBot variant outbound connection attempt (indicator-compromise.rules)
 * 1:54079 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules)
 * 1:54078 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules)

Modified Rules:


 * 1:53841 <-> DISABLED <-> MALWARE-CNC Win.Malware.Agent variant outbound cnc connection attempt (malware-cnc.rules)
 * 1:45344 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules)
 * 1:45345 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules)
 * 1:45342 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules)
 * 1:45343 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules)
 * 1:45340 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules)
 * 1:45341 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules)
 * 1:45338 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules)
 * 1:45339 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules)
 * 1:45336 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules)
 * 1:45337 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules)
 * 1:45334 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules)
 * 1:45335 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules)
 * 1:45333 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules)
 * 1:45331 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules)

2020-05-28 12:08:48 UTC

Snort Subscriber Rules Update

Date: 2020-05-28

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091501.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:54068 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules)
 * 1:54069 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules)
 * 1:54070 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules)
 * 1:54061 <-> ENABLED <-> MALWARE-CNC Win.Trojan.TrickBot variant certificate exchange attempt (malware-cnc.rules)
 * 1:54076 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules)
 * 1:54060 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Blacknet variant outbound connection (malware-cnc.rules)
 * 1:54058 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Blacknet variant outbound connection (malware-cnc.rules)
 * 1:54059 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Blacknet variant outbound connection (malware-cnc.rules)
 * 1:54073 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules)
 * 1:54056 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.BlackNET variant binary download attempt (malware-other.rules)
 * 1:54057 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.BlackNET variant binary download attempt (malware-other.rules)
 * 1:54054 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Copperhedge outbound connection (malware-cnc.rules)
 * 1:54055 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Copperhedge outbound connection (malware-cnc.rules)
 * 1:54074 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules)
 * 1:54053 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Copperhedge outbound connection (malware-cnc.rules)
 * 1:54075 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules)
 * 1:54063 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules)
 * 1:54065 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules)
 * 1:54067 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules)
 * 1:54066 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules)
 * 1:54082 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound cnc connection (malware-cnc.rules)
 * 1:54072 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules)
 * 1:54064 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules)
 * 1:54071 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules)
 * 1:54077 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules)
 * 1:54078 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules)
 * 1:54062 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules)
 * 1:54081 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound cnc connection (malware-cnc.rules)
 * 1:54079 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules)
 * 1:54080 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.TrickBot variant outbound connection attempt (indicator-compromise.rules)

Modified Rules:


 * 1:45331 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules)
 * 1:45333 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules)
 * 1:45334 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules)
 * 1:45335 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules)
 * 1:45336 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules)
 * 1:45337 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules)
 * 1:45338 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules)
 * 1:45339 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules)
 * 1:45340 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules)
 * 1:45341 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules)
 * 1:45342 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules)
 * 1:45343 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules)
 * 1:45344 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules)
 * 1:45345 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules)
 * 1:53841 <-> DISABLED <-> MALWARE-CNC Win.Malware.Agent variant outbound cnc connection attempt (malware-cnc.rules)

2020-05-28 12:08:48 UTC

Snort Subscriber Rules Update

Date: 2020-05-28

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091500.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:54062 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules)
 * 1:54076 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules)
 * 1:54072 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules)
 * 1:54073 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules)
 * 1:54053 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Copperhedge outbound connection (malware-cnc.rules)
 * 1:54054 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Copperhedge outbound connection (malware-cnc.rules)
 * 1:54065 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules)
 * 1:54055 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Copperhedge outbound connection (malware-cnc.rules)
 * 1:54061 <-> ENABLED <-> MALWARE-CNC Win.Trojan.TrickBot variant certificate exchange attempt (malware-cnc.rules)
 * 1:54056 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.BlackNET variant binary download attempt (malware-other.rules)
 * 1:54057 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.BlackNET variant binary download attempt (malware-other.rules)
 * 1:54058 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Blacknet variant outbound connection (malware-cnc.rules)
 * 1:54059 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Blacknet variant outbound connection (malware-cnc.rules)
 * 1:54060 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Blacknet variant outbound connection (malware-cnc.rules)
 * 1:54067 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules)
 * 1:54063 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules)
 * 1:54064 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules)
 * 1:54075 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules)
 * 1:54077 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules)
 * 1:54078 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules)
 * 1:54066 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules)
 * 1:54074 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules)
 * 1:54070 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules)
 * 1:54071 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules)
 * 1:54068 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules)
 * 1:54069 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules)
 * 1:54082 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound cnc connection (malware-cnc.rules)
 * 1:54081 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound cnc connection (malware-cnc.rules)
 * 1:54079 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules)
 * 1:54080 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.TrickBot variant outbound connection attempt (indicator-compromise.rules)

Modified Rules:


 * 1:45331 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules)
 * 1:45333 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules)
 * 1:45334 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules)
 * 1:45335 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules)
 * 1:45336 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules)
 * 1:45337 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules)
 * 1:45338 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules)
 * 1:45339 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules)
 * 1:45340 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules)
 * 1:45341 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules)
 * 1:45342 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules)
 * 1:45343 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules)
 * 1:45344 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules)
 * 1:45345 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules)
 * 1:53841 <-> DISABLED <-> MALWARE-CNC Win.Malware.Agent variant outbound cnc connection attempt (malware-cnc.rules)

2020-05-28 12:08:48 UTC

Snort Subscriber Rules Update

Date: 2020-05-28

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091401.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:54072 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules)
 * 1:54063 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules)
 * 1:54062 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules)
 * 1:54082 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound cnc connection (malware-cnc.rules)
 * 1:54064 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules)
 * 1:54065 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules)
 * 1:54067 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules)
 * 1:54061 <-> ENABLED <-> MALWARE-CNC Win.Trojan.TrickBot variant certificate exchange attempt (malware-cnc.rules)
 * 1:54053 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Copperhedge outbound connection (malware-cnc.rules)
 * 1:54054 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Copperhedge outbound connection (malware-cnc.rules)
 * 1:54055 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Copperhedge outbound connection (malware-cnc.rules)
 * 1:54066 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules)
 * 1:54056 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.BlackNET variant binary download attempt (malware-other.rules)
 * 1:54074 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules)
 * 1:54057 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.BlackNET variant binary download attempt (malware-other.rules)
 * 1:54058 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Blacknet variant outbound connection (malware-cnc.rules)
 * 1:54059 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Blacknet variant outbound connection (malware-cnc.rules)
 * 1:54075 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules)
 * 1:54068 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules)
 * 1:54071 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules)
 * 1:54069 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules)
 * 1:54073 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules)
 * 1:54060 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Blacknet variant outbound connection (malware-cnc.rules)
 * 1:54076 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules)
 * 1:54077 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules)
 * 1:54078 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules)
 * 1:54081 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound cnc connection (malware-cnc.rules)
 * 1:54070 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules)
 * 1:54079 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules)
 * 1:54080 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.TrickBot variant outbound connection attempt (indicator-compromise.rules)

Modified Rules:


 * 1:45331 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules)
 * 1:45333 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules)
 * 1:45334 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules)
 * 1:45335 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules)
 * 1:45336 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules)
 * 1:45337 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules)
 * 1:45338 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules)
 * 1:45339 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules)
 * 1:45340 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules)
 * 1:45341 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules)
 * 1:45342 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules)
 * 1:45343 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules)
 * 1:45344 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules)
 * 1:45345 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules)
 * 1:53841 <-> DISABLED <-> MALWARE-CNC Win.Malware.Agent variant outbound cnc connection attempt (malware-cnc.rules)

2020-05-28 12:08:48 UTC

Snort Subscriber Rules Update

Date: 2020-05-28

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091300.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:54064 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules)
 * 1:54072 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules)
 * 1:54073 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules)
 * 1:54061 <-> ENABLED <-> MALWARE-CNC Win.Trojan.TrickBot variant certificate exchange attempt (malware-cnc.rules)
 * 1:54074 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules)
 * 1:54063 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules)
 * 1:54053 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Copperhedge outbound connection (malware-cnc.rules)
 * 1:54054 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Copperhedge outbound connection (malware-cnc.rules)
 * 1:54055 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Copperhedge outbound connection (malware-cnc.rules)
 * 1:54056 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.BlackNET variant binary download attempt (malware-other.rules)
 * 1:54057 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.BlackNET variant binary download attempt (malware-other.rules)
 * 1:54058 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Blacknet variant outbound connection (malware-cnc.rules)
 * 1:54059 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Blacknet variant outbound connection (malware-cnc.rules)
 * 1:54067 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules)
 * 1:54071 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules)
 * 1:54068 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules)
 * 1:54069 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules)
 * 1:54070 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules)
 * 1:54060 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Blacknet variant outbound connection (malware-cnc.rules)
 * 1:54081 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound cnc connection (malware-cnc.rules)
 * 1:54065 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules)
 * 1:54082 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound cnc connection (malware-cnc.rules)
 * 1:54062 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules)
 * 1:54077 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules)
 * 1:54078 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules)
 * 1:54076 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules)
 * 1:54075 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules)
 * 1:54066 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules)
 * 1:54079 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules)
 * 1:54080 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.TrickBot variant outbound connection attempt (indicator-compromise.rules)

Modified Rules:


 * 1:45331 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules)
 * 1:45333 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules)
 * 1:45334 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules)
 * 1:45335 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules)
 * 1:45336 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules)
 * 1:45337 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules)
 * 1:45338 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules)
 * 1:45339 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules)
 * 1:45340 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules)
 * 1:45341 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules)
 * 1:45342 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules)
 * 1:45343 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules)
 * 1:45344 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules)
 * 1:45345 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules)
 * 1:53841 <-> DISABLED <-> MALWARE-CNC Win.Malware.Agent variant outbound cnc connection attempt (malware-cnc.rules)

2020-05-28 12:08:49 UTC

Snort Subscriber Rules Update

Date: 2020-05-28

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091101.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:54076 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules)
 * 1:54075 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules)
 * 1:54062 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules)
 * 1:54064 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules)
 * 1:54072 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules)
 * 1:54065 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules)
 * 1:54063 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules)
 * 1:54071 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules)
 * 1:54069 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules)
 * 1:54068 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules)
 * 1:54066 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules)
 * 1:54061 <-> ENABLED <-> MALWARE-CNC Win.Trojan.TrickBot variant certificate exchange attempt (malware-cnc.rules)
 * 1:54070 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules)
 * 1:54053 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Copperhedge outbound connection (malware-cnc.rules)
 * 1:54054 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Copperhedge outbound connection (malware-cnc.rules)
 * 1:54055 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Copperhedge outbound connection (malware-cnc.rules)
 * 1:54081 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound cnc connection (malware-cnc.rules)
 * 1:54056 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.BlackNET variant binary download attempt (malware-other.rules)
 * 1:54057 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.BlackNET variant binary download attempt (malware-other.rules)
 * 1:54058 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Blacknet variant outbound connection (malware-cnc.rules)
 * 1:54059 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Blacknet variant outbound connection (malware-cnc.rules)
 * 1:54060 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Blacknet variant outbound connection (malware-cnc.rules)
 * 1:54067 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules)
 * 1:54074 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules)
 * 1:54077 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules)
 * 1:54078 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules)
 * 1:54079 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules)
 * 1:54082 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound cnc connection (malware-cnc.rules)
 * 1:54080 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.TrickBot variant outbound connection attempt (indicator-compromise.rules)
 * 1:54073 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules)

Modified Rules:


 * 1:45342 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules)
 * 1:45333 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules)
 * 1:45334 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules)
 * 1:45343 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules)
 * 1:45339 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules)
 * 1:45335 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules)
 * 1:45336 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules)
 * 1:45331 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules)
 * 1:45337 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules)
 * 1:45338 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules)
 * 1:45340 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules)
 * 1:45345 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules)
 * 1:53841 <-> DISABLED <-> MALWARE-CNC Win.Malware.Agent variant outbound cnc connection attempt (malware-cnc.rules)
 * 1:45344 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules)
 * 1:45341 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules)

2020-05-28 12:08:49 UTC

Snort Subscriber Rules Update

Date: 2020-05-28

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3000.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:54062 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (snort3-malware-other.rules)
 * 1:54067 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (snort3-malware-other.rules)
 * 1:54072 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (snort3-malware-other.rules)
 * 1:54071 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (snort3-malware-other.rules)
 * 1:54069 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (snort3-malware-other.rules)
 * 1:54068 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (snort3-malware-other.rules)
 * 1:54060 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Blacknet variant outbound connection (snort3-malware-cnc.rules)
 * 1:54076 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (snort3-malware-other.rules)
 * 1:54055 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Copperhedge outbound connection (snort3-malware-cnc.rules)
 * 1:54073 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (snort3-malware-other.rules)
 * 1:54081 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound cnc connection (snort3-malware-cnc.rules)
 * 1:54079 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (snort3-malware-other.rules)
 * 1:54078 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (snort3-malware-other.rules)
 * 1:54077 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (snort3-malware-other.rules)
 * 1:54058 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Blacknet variant outbound connection (snort3-malware-cnc.rules)
 * 1:54054 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Copperhedge outbound connection (snort3-malware-cnc.rules)
 * 1:54074 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (snort3-malware-other.rules)
 * 1:54061 <-> ENABLED <-> MALWARE-CNC Win.Trojan.TrickBot variant certificate exchange attempt (snort3-malware-cnc.rules)
 * 1:54080 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.TrickBot variant outbound connection attempt (snort3-indicator-compromise.rules)
 * 1:54082 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound cnc connection (snort3-malware-cnc.rules)
 * 1:54075 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (snort3-malware-other.rules)
 * 1:54057 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.BlackNET variant binary download attempt (snort3-malware-other.rules)
 * 1:54059 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Blacknet variant outbound connection (snort3-malware-cnc.rules)
 * 1:54063 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (snort3-malware-other.rules)
 * 1:54065 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (snort3-malware-other.rules)
 * 1:54066 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (snort3-malware-other.rules)
 * 1:54064 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (snort3-malware-other.rules)
 * 1:54053 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Copperhedge outbound connection (snort3-malware-cnc.rules)
 * 1:54070 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (snort3-malware-other.rules)
 * 1:54056 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.BlackNET variant binary download attempt (snort3-malware-other.rules)

Modified Rules:


 * 1:45338 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (snort3-malware-cnc.rules)
 * 1:45341 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (snort3-malware-cnc.rules)
 * 1:45333 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (snort3-malware-cnc.rules)
 * 1:45331 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (snort3-malware-cnc.rules)
 * 1:45342 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (snort3-malware-cnc.rules)
 * 1:45339 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (snort3-malware-cnc.rules)
 * 1:45345 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (snort3-malware-cnc.rules)
 * 1:45343 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (snort3-malware-cnc.rules)
 * 1:45334 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (snort3-malware-cnc.rules)
 * 1:45337 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (snort3-malware-cnc.rules)
 * 1:45336 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (snort3-malware-cnc.rules)
 * 1:45340 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (snort3-malware-cnc.rules)
 * 1:45335 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (snort3-malware-cnc.rules)
 * 1:45344 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (snort3-malware-cnc.rules)
 * 1:53841 <-> DISABLED <-> MALWARE-CNC Win.Malware.Agent variant outbound cnc connection attempt (snort3-malware-cnc.rules)

2020-05-28 12:08:49 UTC

Snort Subscriber Rules Update

Date: 2020-05-28

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:54061 <-> ENABLED <-> MALWARE-CNC Win.Trojan.TrickBot variant certificate exchange attempt (malware-cnc.rules)
 * 1:54072 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules)
 * 1:54071 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules)
 * 1:54067 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules)
 * 1:54076 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules)
 * 1:54082 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound cnc connection (malware-cnc.rules)
 * 1:54073 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules)
 * 1:54081 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound cnc connection (malware-cnc.rules)
 * 1:54079 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules)
 * 1:54062 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules)
 * 1:54077 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules)
 * 1:54078 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules)
 * 1:54053 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Copperhedge outbound connection (malware-cnc.rules)
 * 1:54080 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.TrickBot variant outbound connection attempt (indicator-compromise.rules)
 * 1:54054 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Copperhedge outbound connection (malware-cnc.rules)
 * 1:54055 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Copperhedge outbound connection (malware-cnc.rules)
 * 1:54074 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules)
 * 1:54069 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules)
 * 1:54075 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules)
 * 1:54056 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.BlackNET variant binary download attempt (malware-other.rules)
 * 1:54057 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.BlackNET variant binary download attempt (malware-other.rules)
 * 1:54058 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Blacknet variant outbound connection (malware-cnc.rules)
 * 1:54063 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules)
 * 1:54065 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules)
 * 1:54066 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules)
 * 1:54064 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules)
 * 1:54059 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Blacknet variant outbound connection (malware-cnc.rules)
 * 1:54060 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Blacknet variant outbound connection (malware-cnc.rules)
 * 1:54068 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules)
 * 1:54070 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules)

Modified Rules:


 * 1:45331 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules)
 * 1:45333 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules)
 * 1:45334 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules)
 * 1:45335 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules)
 * 1:45336 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules)
 * 1:45337 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules)
 * 1:45338 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules)
 * 1:45339 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules)
 * 1:45340 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules)
 * 1:45341 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules)
 * 1:45342 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules)
 * 1:45343 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules)
 * 1:45344 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules)
 * 1:45345 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules)
 * 1:53841 <-> DISABLED <-> MALWARE-CNC Win.Malware.Agent variant outbound cnc connection attempt (malware-cnc.rules)