Talos has added and modified multiple rules in the indicator-compromise and malware-other rule sets to provide coverage for emerging threats from these technologies.
For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091600.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:54056 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.BlackNET variant binary download attempt (malware-other.rules) * 1:54055 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Copperhedge outbound connection (malware-cnc.rules) * 1:54054 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Copperhedge outbound connection (malware-cnc.rules) * 1:54053 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Copperhedge outbound connection (malware-cnc.rules) * 1:54077 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules) * 1:54076 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules) * 1:54075 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules) * 1:54074 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules) * 1:54073 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules) * 1:54072 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules) * 1:54071 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules) * 1:54070 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules) * 1:54069 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules) * 1:54068 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules) * 1:54067 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules) * 1:54066 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules) * 1:54065 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules) * 1:54064 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules) * 1:54063 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules) * 1:54062 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules) * 1:54061 <-> ENABLED <-> MALWARE-CNC Win.Trojan.TrickBot variant certificate exchange attempt (malware-cnc.rules) * 1:54060 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Blacknet variant outbound connection (malware-cnc.rules) * 1:54059 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Blacknet variant outbound connection (malware-cnc.rules) * 1:54058 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Blacknet variant outbound connection (malware-cnc.rules) * 1:54057 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.BlackNET variant binary download attempt (malware-other.rules) * 1:54082 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound cnc connection (malware-cnc.rules) * 1:54081 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound cnc connection (malware-cnc.rules) * 1:54080 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.TrickBot variant outbound connection attempt (indicator-compromise.rules) * 1:54079 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules) * 1:54078 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules)
* 1:53841 <-> DISABLED <-> MALWARE-CNC Win.Malware.Agent variant outbound cnc connection attempt (malware-cnc.rules) * 1:45344 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules) * 1:45345 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules) * 1:45342 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules) * 1:45343 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules) * 1:45340 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules) * 1:45341 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules) * 1:45338 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules) * 1:45339 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules) * 1:45336 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules) * 1:45337 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules) * 1:45334 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules) * 1:45335 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules) * 1:45333 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules) * 1:45331 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091501.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:54068 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules) * 1:54069 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules) * 1:54070 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules) * 1:54061 <-> ENABLED <-> MALWARE-CNC Win.Trojan.TrickBot variant certificate exchange attempt (malware-cnc.rules) * 1:54076 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules) * 1:54060 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Blacknet variant outbound connection (malware-cnc.rules) * 1:54058 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Blacknet variant outbound connection (malware-cnc.rules) * 1:54059 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Blacknet variant outbound connection (malware-cnc.rules) * 1:54073 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules) * 1:54056 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.BlackNET variant binary download attempt (malware-other.rules) * 1:54057 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.BlackNET variant binary download attempt (malware-other.rules) * 1:54054 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Copperhedge outbound connection (malware-cnc.rules) * 1:54055 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Copperhedge outbound connection (malware-cnc.rules) * 1:54074 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules) * 1:54053 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Copperhedge outbound connection (malware-cnc.rules) * 1:54075 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules) * 1:54063 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules) * 1:54065 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules) * 1:54067 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules) * 1:54066 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules) * 1:54082 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound cnc connection (malware-cnc.rules) * 1:54072 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules) * 1:54064 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules) * 1:54071 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules) * 1:54077 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules) * 1:54078 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules) * 1:54062 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules) * 1:54081 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound cnc connection (malware-cnc.rules) * 1:54079 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules) * 1:54080 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.TrickBot variant outbound connection attempt (indicator-compromise.rules)
* 1:45331 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules) * 1:45333 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules) * 1:45334 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules) * 1:45335 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules) * 1:45336 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules) * 1:45337 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules) * 1:45338 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules) * 1:45339 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules) * 1:45340 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules) * 1:45341 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules) * 1:45342 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules) * 1:45343 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules) * 1:45344 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules) * 1:45345 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules) * 1:53841 <-> DISABLED <-> MALWARE-CNC Win.Malware.Agent variant outbound cnc connection attempt (malware-cnc.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091500.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:54062 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules) * 1:54076 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules) * 1:54072 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules) * 1:54073 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules) * 1:54053 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Copperhedge outbound connection (malware-cnc.rules) * 1:54054 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Copperhedge outbound connection (malware-cnc.rules) * 1:54065 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules) * 1:54055 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Copperhedge outbound connection (malware-cnc.rules) * 1:54061 <-> ENABLED <-> MALWARE-CNC Win.Trojan.TrickBot variant certificate exchange attempt (malware-cnc.rules) * 1:54056 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.BlackNET variant binary download attempt (malware-other.rules) * 1:54057 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.BlackNET variant binary download attempt (malware-other.rules) * 1:54058 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Blacknet variant outbound connection (malware-cnc.rules) * 1:54059 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Blacknet variant outbound connection (malware-cnc.rules) * 1:54060 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Blacknet variant outbound connection (malware-cnc.rules) * 1:54067 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules) * 1:54063 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules) * 1:54064 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules) * 1:54075 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules) * 1:54077 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules) * 1:54078 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules) * 1:54066 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules) * 1:54074 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules) * 1:54070 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules) * 1:54071 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules) * 1:54068 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules) * 1:54069 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules) * 1:54082 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound cnc connection (malware-cnc.rules) * 1:54081 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound cnc connection (malware-cnc.rules) * 1:54079 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules) * 1:54080 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.TrickBot variant outbound connection attempt (indicator-compromise.rules)
* 1:45331 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules) * 1:45333 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules) * 1:45334 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules) * 1:45335 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules) * 1:45336 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules) * 1:45337 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules) * 1:45338 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules) * 1:45339 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules) * 1:45340 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules) * 1:45341 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules) * 1:45342 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules) * 1:45343 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules) * 1:45344 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules) * 1:45345 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules) * 1:53841 <-> DISABLED <-> MALWARE-CNC Win.Malware.Agent variant outbound cnc connection attempt (malware-cnc.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091401.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:54072 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules) * 1:54063 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules) * 1:54062 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules) * 1:54082 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound cnc connection (malware-cnc.rules) * 1:54064 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules) * 1:54065 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules) * 1:54067 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules) * 1:54061 <-> ENABLED <-> MALWARE-CNC Win.Trojan.TrickBot variant certificate exchange attempt (malware-cnc.rules) * 1:54053 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Copperhedge outbound connection (malware-cnc.rules) * 1:54054 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Copperhedge outbound connection (malware-cnc.rules) * 1:54055 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Copperhedge outbound connection (malware-cnc.rules) * 1:54066 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules) * 1:54056 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.BlackNET variant binary download attempt (malware-other.rules) * 1:54074 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules) * 1:54057 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.BlackNET variant binary download attempt (malware-other.rules) * 1:54058 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Blacknet variant outbound connection (malware-cnc.rules) * 1:54059 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Blacknet variant outbound connection (malware-cnc.rules) * 1:54075 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules) * 1:54068 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules) * 1:54071 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules) * 1:54069 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules) * 1:54073 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules) * 1:54060 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Blacknet variant outbound connection (malware-cnc.rules) * 1:54076 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules) * 1:54077 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules) * 1:54078 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules) * 1:54081 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound cnc connection (malware-cnc.rules) * 1:54070 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules) * 1:54079 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules) * 1:54080 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.TrickBot variant outbound connection attempt (indicator-compromise.rules)
* 1:45331 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules) * 1:45333 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules) * 1:45334 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules) * 1:45335 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules) * 1:45336 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules) * 1:45337 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules) * 1:45338 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules) * 1:45339 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules) * 1:45340 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules) * 1:45341 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules) * 1:45342 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules) * 1:45343 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules) * 1:45344 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules) * 1:45345 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules) * 1:53841 <-> DISABLED <-> MALWARE-CNC Win.Malware.Agent variant outbound cnc connection attempt (malware-cnc.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091300.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:54064 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules) * 1:54072 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules) * 1:54073 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules) * 1:54061 <-> ENABLED <-> MALWARE-CNC Win.Trojan.TrickBot variant certificate exchange attempt (malware-cnc.rules) * 1:54074 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules) * 1:54063 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules) * 1:54053 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Copperhedge outbound connection (malware-cnc.rules) * 1:54054 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Copperhedge outbound connection (malware-cnc.rules) * 1:54055 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Copperhedge outbound connection (malware-cnc.rules) * 1:54056 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.BlackNET variant binary download attempt (malware-other.rules) * 1:54057 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.BlackNET variant binary download attempt (malware-other.rules) * 1:54058 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Blacknet variant outbound connection (malware-cnc.rules) * 1:54059 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Blacknet variant outbound connection (malware-cnc.rules) * 1:54067 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules) * 1:54071 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules) * 1:54068 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules) * 1:54069 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules) * 1:54070 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules) * 1:54060 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Blacknet variant outbound connection (malware-cnc.rules) * 1:54081 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound cnc connection (malware-cnc.rules) * 1:54065 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules) * 1:54082 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound cnc connection (malware-cnc.rules) * 1:54062 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules) * 1:54077 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules) * 1:54078 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules) * 1:54076 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules) * 1:54075 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules) * 1:54066 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules) * 1:54079 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules) * 1:54080 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.TrickBot variant outbound connection attempt (indicator-compromise.rules)
* 1:45331 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules) * 1:45333 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules) * 1:45334 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules) * 1:45335 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules) * 1:45336 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules) * 1:45337 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules) * 1:45338 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules) * 1:45339 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules) * 1:45340 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules) * 1:45341 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules) * 1:45342 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules) * 1:45343 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules) * 1:45344 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules) * 1:45345 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules) * 1:53841 <-> DISABLED <-> MALWARE-CNC Win.Malware.Agent variant outbound cnc connection attempt (malware-cnc.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091101.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:54076 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules) * 1:54075 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules) * 1:54062 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules) * 1:54064 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules) * 1:54072 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules) * 1:54065 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules) * 1:54063 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules) * 1:54071 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules) * 1:54069 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules) * 1:54068 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules) * 1:54066 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules) * 1:54061 <-> ENABLED <-> MALWARE-CNC Win.Trojan.TrickBot variant certificate exchange attempt (malware-cnc.rules) * 1:54070 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules) * 1:54053 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Copperhedge outbound connection (malware-cnc.rules) * 1:54054 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Copperhedge outbound connection (malware-cnc.rules) * 1:54055 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Copperhedge outbound connection (malware-cnc.rules) * 1:54081 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound cnc connection (malware-cnc.rules) * 1:54056 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.BlackNET variant binary download attempt (malware-other.rules) * 1:54057 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.BlackNET variant binary download attempt (malware-other.rules) * 1:54058 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Blacknet variant outbound connection (malware-cnc.rules) * 1:54059 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Blacknet variant outbound connection (malware-cnc.rules) * 1:54060 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Blacknet variant outbound connection (malware-cnc.rules) * 1:54067 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules) * 1:54074 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules) * 1:54077 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules) * 1:54078 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules) * 1:54079 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules) * 1:54082 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound cnc connection (malware-cnc.rules) * 1:54080 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.TrickBot variant outbound connection attempt (indicator-compromise.rules) * 1:54073 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules)
* 1:45342 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules) * 1:45333 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules) * 1:45334 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules) * 1:45343 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules) * 1:45339 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules) * 1:45335 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules) * 1:45336 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules) * 1:45331 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules) * 1:45337 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules) * 1:45338 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules) * 1:45340 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules) * 1:45345 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules) * 1:53841 <-> DISABLED <-> MALWARE-CNC Win.Malware.Agent variant outbound cnc connection attempt (malware-cnc.rules) * 1:45344 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules) * 1:45341 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3000.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:54062 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (snort3-malware-other.rules) * 1:54067 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (snort3-malware-other.rules) * 1:54072 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (snort3-malware-other.rules) * 1:54071 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (snort3-malware-other.rules) * 1:54069 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (snort3-malware-other.rules) * 1:54068 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (snort3-malware-other.rules) * 1:54060 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Blacknet variant outbound connection (snort3-malware-cnc.rules) * 1:54076 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (snort3-malware-other.rules) * 1:54055 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Copperhedge outbound connection (snort3-malware-cnc.rules) * 1:54073 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (snort3-malware-other.rules) * 1:54081 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound cnc connection (snort3-malware-cnc.rules) * 1:54079 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (snort3-malware-other.rules) * 1:54078 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (snort3-malware-other.rules) * 1:54077 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (snort3-malware-other.rules) * 1:54058 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Blacknet variant outbound connection (snort3-malware-cnc.rules) * 1:54054 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Copperhedge outbound connection (snort3-malware-cnc.rules) * 1:54074 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (snort3-malware-other.rules) * 1:54061 <-> ENABLED <-> MALWARE-CNC Win.Trojan.TrickBot variant certificate exchange attempt (snort3-malware-cnc.rules) * 1:54080 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.TrickBot variant outbound connection attempt (snort3-indicator-compromise.rules) * 1:54082 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound cnc connection (snort3-malware-cnc.rules) * 1:54075 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (snort3-malware-other.rules) * 1:54057 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.BlackNET variant binary download attempt (snort3-malware-other.rules) * 1:54059 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Blacknet variant outbound connection (snort3-malware-cnc.rules) * 1:54063 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (snort3-malware-other.rules) * 1:54065 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (snort3-malware-other.rules) * 1:54066 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (snort3-malware-other.rules) * 1:54064 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (snort3-malware-other.rules) * 1:54053 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Copperhedge outbound connection (snort3-malware-cnc.rules) * 1:54070 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (snort3-malware-other.rules) * 1:54056 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.BlackNET variant binary download attempt (snort3-malware-other.rules)
* 1:45338 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (snort3-malware-cnc.rules) * 1:45341 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (snort3-malware-cnc.rules) * 1:45333 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (snort3-malware-cnc.rules) * 1:45331 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (snort3-malware-cnc.rules) * 1:45342 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (snort3-malware-cnc.rules) * 1:45339 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (snort3-malware-cnc.rules) * 1:45345 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (snort3-malware-cnc.rules) * 1:45343 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (snort3-malware-cnc.rules) * 1:45334 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (snort3-malware-cnc.rules) * 1:45337 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (snort3-malware-cnc.rules) * 1:45336 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (snort3-malware-cnc.rules) * 1:45340 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (snort3-malware-cnc.rules) * 1:45335 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (snort3-malware-cnc.rules) * 1:45344 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (snort3-malware-cnc.rules) * 1:53841 <-> DISABLED <-> MALWARE-CNC Win.Malware.Agent variant outbound cnc connection attempt (snort3-malware-cnc.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:54061 <-> ENABLED <-> MALWARE-CNC Win.Trojan.TrickBot variant certificate exchange attempt (malware-cnc.rules) * 1:54072 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules) * 1:54071 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules) * 1:54067 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules) * 1:54076 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules) * 1:54082 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound cnc connection (malware-cnc.rules) * 1:54073 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules) * 1:54081 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound cnc connection (malware-cnc.rules) * 1:54079 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules) * 1:54062 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules) * 1:54077 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules) * 1:54078 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules) * 1:54053 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Copperhedge outbound connection (malware-cnc.rules) * 1:54080 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.TrickBot variant outbound connection attempt (indicator-compromise.rules) * 1:54054 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Copperhedge outbound connection (malware-cnc.rules) * 1:54055 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Copperhedge outbound connection (malware-cnc.rules) * 1:54074 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules) * 1:54069 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules) * 1:54075 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules) * 1:54056 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.BlackNET variant binary download attempt (malware-other.rules) * 1:54057 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.BlackNET variant binary download attempt (malware-other.rules) * 1:54058 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Blacknet variant outbound connection (malware-cnc.rules) * 1:54063 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules) * 1:54065 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules) * 1:54066 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules) * 1:54064 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules) * 1:54059 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Blacknet variant outbound connection (malware-cnc.rules) * 1:54060 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Blacknet variant outbound connection (malware-cnc.rules) * 1:54068 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules) * 1:54070 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules)
* 1:45331 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules) * 1:45333 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules) * 1:45334 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules) * 1:45335 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules) * 1:45336 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules) * 1:45337 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules) * 1:45338 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules) * 1:45339 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules) * 1:45340 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules) * 1:45341 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules) * 1:45342 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules) * 1:45343 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules) * 1:45344 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules) * 1:45345 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules) * 1:53841 <-> DISABLED <-> MALWARE-CNC Win.Malware.Agent variant outbound cnc connection attempt (malware-cnc.rules)
©2024 Cisco and/or its affiliates. Snort, the Snort and Pig logo are registered trademarks of Cisco. All rights reserved.
