Talos has added and modified multiple rules in the browser-ie, file-multimedia, malware-cnc, malware-other, protocol-scada, pua-adware and server-webapp rule sets to provide coverage for emerging threats from these technologies.
For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091600.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:54084 <-> DISABLED <-> MALWARE-OTHER PUA.Unix.Adware.Mobidash-7914334-0 download attempt (malware-other.rules) * 1:54083 <-> DISABLED <-> MALWARE-OTHER PUA.Unix.Adware.Mobidash-7914334-0 download attempt (malware-other.rules) * 1:54100 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Mokes malicious executable download attempt (malware-other.rules) * 1:54099 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Mokes malicious executable download attempt (malware-other.rules) * 1:54098 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Mokes malicious executable download attempt (malware-other.rules) * 1:54097 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Mokes malicious executable download attempt (malware-other.rules) * 1:54096 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.CobaltStrike powershell beacon download attempt (malware-other.rules) * 1:54095 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.CobaltStrike powershell beacon download attempt (malware-other.rules) * 1:54094 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Zeus-7944985-0 download attempt (malware-other.rules) * 1:54093 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Zeus-7944985-0 download attempt (malware-other.rules) * 1:54092 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-7977738-0 download attempt (malware-other.rules) * 1:54091 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-7977738-0 download attempt (malware-other.rules) * 1:54090 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.DarkKomet-7946160-0 download attempt (malware-other.rules) * 1:54089 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.DarkKomet-7946160-0 download attempt (malware-other.rules) * 1:54088 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Zeus-7945000-0 download attempt (malware-other.rules) * 1:54087 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Zeus-7945000-0 download attempt (malware-other.rules) * 1:54086 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Barys-7933433-0 download attempt (malware-other.rules) * 1:54085 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Barys-7933433-0 download attempt (malware-other.rules) * 1:54103 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Mokes malicious executable download attempt (malware-other.rules) * 1:54102 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Mokes malicious executable download attempt (malware-other.rules) * 1:54101 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Mokes malicious executable download attempt (malware-other.rules) * 1:54106 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Mokes malicious executable download attempt (malware-other.rules) * 1:54105 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Mokes malicious executable download attempt (malware-other.rules) * 1:54104 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Mokes malicious executable download attempt (malware-other.rules) * 1:54107 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Mokes variant outbound connection (malware-cnc.rules) * 1:54110 <-> ENABLED <-> MALWARE-OTHER Html.Trojan.CobaltStrike HTML payload download attempt (malware-other.rules) * 1:54109 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Mikey-7914350-0 download attempt (malware-other.rules) * 1:54108 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Mikey-7914350-0 download attempt (malware-other.rules) * 1:54113 <-> ENABLED <-> MALWARE-OTHER Html.Trojan.CobaltStrike HTML payload download attempt (malware-other.rules) * 1:54112 <-> ENABLED <-> MALWARE-OTHER Html.Trojan.CobaltStrike HTML payload download attempt (malware-other.rules) * 1:54111 <-> ENABLED <-> MALWARE-OTHER Html.Trojan.CobaltStrike HTML payload download attempt (malware-other.rules) * 1:54114 <-> ENABLED <-> MALWARE-OTHER Html.Trojan.CobaltStrike powershell payload download attempt (malware-other.rules) * 1:54122 <-> ENABLED <-> SERVER-OTHER OpenSMTPD mta_io remote command injection attempt (server-other.rules) * 1:54119 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Ircbot-7910553-0 download attempt (malware-other.rules) * 1:54118 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Ircbot-7910553-0 download attempt (malware-other.rules) * 1:54117 <-> ENABLED <-> MALWARE-OTHER Html.Trojan.CobaltStrike VBA payload download attempt (malware-other.rules) * 1:54116 <-> ENABLED <-> MALWARE-OTHER Html.Trojan.CobaltStrike VBA payload download attempt (malware-other.rules) * 1:54115 <-> ENABLED <-> MALWARE-OTHER Html.Trojan.CobaltStrike powershell payload download attempt (malware-other.rules) * 3:54120 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2019-0912 attack attempt (file-multimedia.rules) * 3:54121 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2019-0912 attack attempt (file-multimedia.rules) * 3:54123 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1077 attack attempt (server-webapp.rules) * 3:54124 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1077 attack attempt (server-webapp.rules) * 3:54125 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1077 attack attempt (server-webapp.rules) * 3:54126 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1077 attack attempt (server-webapp.rules) * 3:54127 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1077 attack attempt (server-webapp.rules) * 3:54128 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1077 attack attempt (server-webapp.rules) * 3:54129 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1077 attack attempt (server-webapp.rules) * 3:54130 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1077 attack attempt (server-webapp.rules) * 3:54131 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1077 attack attempt (server-webapp.rules) * 3:54132 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1072 attack attempt (server-webapp.rules) * 3:54134 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1072 attack attempt (server-webapp.rules) * 3:54135 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1073 attack attempt (server-webapp.rules) * 3:54137 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1073 attack attempt (server-webapp.rules) * 3:54138 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1074 attack attempt (server-webapp.rules) * 3:54133 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1072 attack attempt (server-webapp.rules) * 3:54139 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1075 attack attempt (server-webapp.rules) * 3:54136 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1073 attack attempt (server-webapp.rules) * 3:54140 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1075 attack attempt (server-webapp.rules) * 3:54141 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1075 attack attempt (server-webapp.rules) * 3:54142 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1076 attack attempt (server-webapp.rules) * 3:54144 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1076 attack attempt (server-webapp.rules) * 3:54143 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1076 attack attempt (server-webapp.rules)
* 1:28372 <-> ENABLED <-> PUA-ADWARE UpdateStar encapsulated installer outbound connection (pua-adware.rules) * 1:28371 <-> ENABLED <-> PUA-ADWARE UpdateStar CIS file retrieval attempt (pua-adware.rules) * 1:54082 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound cnc connection (malware-cnc.rules) * 1:54031 <-> DISABLED <-> SERVER-OTHER SaltStack wheel directory traversal attempt (server-other.rules) * 1:54033 <-> DISABLED <-> SERVER-OTHER SaltStack wheel directory traversal attempt (server-other.rules) * 1:54022 <-> DISABLED <-> SERVER-OTHER SaltStack authentication bypass attempt (server-other.rules) * 1:54023 <-> DISABLED <-> SERVER-OTHER SaltStack authentication bypass attempt (server-other.rules) * 1:42075 <-> ENABLED <-> PROTOCOL-SCADA TraceMode Runtime DOS attempt (protocol-scada.rules) * 1:54032 <-> DISABLED <-> SERVER-OTHER SaltStack wheel directory traversal attempt (server-other.rules) * 1:54030 <-> DISABLED <-> SERVER-OTHER SaltStack wheel directory traversal attempt (server-other.rules) * 1:42074 <-> ENABLED <-> PROTOCOL-SCADA TraceMode Runtime DOS attempt (protocol-scada.rules) * 1:39233 <-> ENABLED <-> BROWSER-IE Microsoft Edge Content Security Policy bypass attempt (browser-ie.rules) * 1:40027 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Shakti variant outbound connection (malware-cnc.rules) * 1:29423 <-> ENABLED <-> MALWARE-CNC Win.Trojan.MaxerDDos variant connection (malware-cnc.rules) * 1:33481 <-> ENABLED <-> MALWARE-CNC Linux.Backdoor.Xnote outbound connection (malware-cnc.rules) * 1:28862 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CViewportChangeInvalidation use after free attempt (browser-ie.rules) * 1:28863 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CViewportChangeInvalidation use after free attempt (browser-ie.rules) * 3:51677 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2019-0912 attack attempt (file-multimedia.rules) * 3:51674 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2019-0912 attack attempt (file-multimedia.rules) * 3:51678 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2019-0912 attack attempt (file-multimedia.rules) * 3:51676 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2019-0912 attack attempt (file-multimedia.rules) * 3:51680 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2019-0912 attack attempt (file-multimedia.rules) * 3:51679 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2019-0912 attack attempt (file-multimedia.rules) * 3:51675 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2019-0912 attack attempt (file-multimedia.rules) * 3:51673 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2019-0912 attack attempt (file-multimedia.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091501.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:54097 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Mokes malicious executable download attempt (malware-other.rules) * 1:54096 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.CobaltStrike powershell beacon download attempt (malware-other.rules) * 1:54100 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Mokes malicious executable download attempt (malware-other.rules) * 1:54088 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Zeus-7945000-0 download attempt (malware-other.rules) * 1:54101 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Mokes malicious executable download attempt (malware-other.rules) * 1:54102 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Mokes malicious executable download attempt (malware-other.rules) * 1:54103 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Mokes malicious executable download attempt (malware-other.rules) * 1:54122 <-> ENABLED <-> SERVER-OTHER OpenSMTPD mta_io remote command injection attempt (server-other.rules) * 1:54084 <-> DISABLED <-> MALWARE-OTHER PUA.Unix.Adware.Mobidash-7914334-0 download attempt (malware-other.rules) * 1:54086 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Barys-7933433-0 download attempt (malware-other.rules) * 1:54091 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-7977738-0 download attempt (malware-other.rules) * 1:54083 <-> DISABLED <-> MALWARE-OTHER PUA.Unix.Adware.Mobidash-7914334-0 download attempt (malware-other.rules) * 1:54108 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Mikey-7914350-0 download attempt (malware-other.rules) * 1:54090 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.DarkKomet-7946160-0 download attempt (malware-other.rules) * 1:54107 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Mokes variant outbound connection (malware-cnc.rules) * 1:54106 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Mokes malicious executable download attempt (malware-other.rules) * 1:54109 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Mikey-7914350-0 download attempt (malware-other.rules) * 1:54094 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Zeus-7944985-0 download attempt (malware-other.rules) * 1:54095 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.CobaltStrike powershell beacon download attempt (malware-other.rules) * 1:54085 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Barys-7933433-0 download attempt (malware-other.rules) * 1:54092 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-7977738-0 download attempt (malware-other.rules) * 1:54093 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Zeus-7944985-0 download attempt (malware-other.rules) * 1:54099 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Mokes malicious executable download attempt (malware-other.rules) * 1:54098 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Mokes malicious executable download attempt (malware-other.rules) * 1:54105 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Mokes malicious executable download attempt (malware-other.rules) * 1:54110 <-> ENABLED <-> MALWARE-OTHER Html.Trojan.CobaltStrike HTML payload download attempt (malware-other.rules) * 1:54111 <-> ENABLED <-> MALWARE-OTHER Html.Trojan.CobaltStrike HTML payload download attempt (malware-other.rules) * 1:54112 <-> ENABLED <-> MALWARE-OTHER Html.Trojan.CobaltStrike HTML payload download attempt (malware-other.rules) * 1:54087 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Zeus-7945000-0 download attempt (malware-other.rules) * 1:54104 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Mokes malicious executable download attempt (malware-other.rules) * 1:54089 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.DarkKomet-7946160-0 download attempt (malware-other.rules) * 1:54115 <-> ENABLED <-> MALWARE-OTHER Html.Trojan.CobaltStrike powershell payload download attempt (malware-other.rules) * 1:54118 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Ircbot-7910553-0 download attempt (malware-other.rules) * 1:54117 <-> ENABLED <-> MALWARE-OTHER Html.Trojan.CobaltStrike VBA payload download attempt (malware-other.rules) * 1:54116 <-> ENABLED <-> MALWARE-OTHER Html.Trojan.CobaltStrike VBA payload download attempt (malware-other.rules) * 1:54113 <-> ENABLED <-> MALWARE-OTHER Html.Trojan.CobaltStrike HTML payload download attempt (malware-other.rules) * 1:54114 <-> ENABLED <-> MALWARE-OTHER Html.Trojan.CobaltStrike powershell payload download attempt (malware-other.rules) * 1:54119 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Ircbot-7910553-0 download attempt (malware-other.rules) * 3:54133 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1072 attack attempt (server-webapp.rules) * 3:54126 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1077 attack attempt (server-webapp.rules) * 3:54138 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1074 attack attempt (server-webapp.rules) * 3:54120 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2019-0912 attack attempt (file-multimedia.rules) * 3:54142 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1076 attack attempt (server-webapp.rules) * 3:54143 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1076 attack attempt (server-webapp.rules) * 3:54137 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1073 attack attempt (server-webapp.rules) * 3:54132 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1072 attack attempt (server-webapp.rules) * 3:54135 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1073 attack attempt (server-webapp.rules) * 3:54136 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1073 attack attempt (server-webapp.rules) * 3:54141 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1075 attack attempt (server-webapp.rules) * 3:54123 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1077 attack attempt (server-webapp.rules) * 3:54121 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2019-0912 attack attempt (file-multimedia.rules) * 3:54128 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1077 attack attempt (server-webapp.rules) * 3:54125 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1077 attack attempt (server-webapp.rules) * 3:54139 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1075 attack attempt (server-webapp.rules) * 3:54144 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1076 attack attempt (server-webapp.rules) * 3:54130 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1077 attack attempt (server-webapp.rules) * 3:54129 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1077 attack attempt (server-webapp.rules) * 3:54124 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1077 attack attempt (server-webapp.rules) * 3:54131 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1077 attack attempt (server-webapp.rules) * 3:54140 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1075 attack attempt (server-webapp.rules) * 3:54127 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1077 attack attempt (server-webapp.rules) * 3:54134 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1072 attack attempt (server-webapp.rules)
* 1:54030 <-> DISABLED <-> SERVER-OTHER SaltStack wheel directory traversal attempt (server-other.rules) * 1:28371 <-> ENABLED <-> PUA-ADWARE UpdateStar CIS file retrieval attempt (pua-adware.rules) * 1:28372 <-> ENABLED <-> PUA-ADWARE UpdateStar encapsulated installer outbound connection (pua-adware.rules) * 1:39233 <-> ENABLED <-> BROWSER-IE Microsoft Edge Content Security Policy bypass attempt (browser-ie.rules) * 1:54023 <-> DISABLED <-> SERVER-OTHER SaltStack authentication bypass attempt (server-other.rules) * 1:33481 <-> ENABLED <-> MALWARE-CNC Linux.Backdoor.Xnote outbound connection (malware-cnc.rules) * 1:28862 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CViewportChangeInvalidation use after free attempt (browser-ie.rules) * 1:29423 <-> ENABLED <-> MALWARE-CNC Win.Trojan.MaxerDDos variant connection (malware-cnc.rules) * 1:28863 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CViewportChangeInvalidation use after free attempt (browser-ie.rules) * 1:54031 <-> DISABLED <-> SERVER-OTHER SaltStack wheel directory traversal attempt (server-other.rules) * 1:54082 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound cnc connection (malware-cnc.rules) * 1:42075 <-> ENABLED <-> PROTOCOL-SCADA TraceMode Runtime DOS attempt (protocol-scada.rules) * 1:54032 <-> DISABLED <-> SERVER-OTHER SaltStack wheel directory traversal attempt (server-other.rules) * 1:54033 <-> DISABLED <-> SERVER-OTHER SaltStack wheel directory traversal attempt (server-other.rules) * 1:54022 <-> DISABLED <-> SERVER-OTHER SaltStack authentication bypass attempt (server-other.rules) * 1:42074 <-> ENABLED <-> PROTOCOL-SCADA TraceMode Runtime DOS attempt (protocol-scada.rules) * 1:40027 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Shakti variant outbound connection (malware-cnc.rules) * 3:51674 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2019-0912 attack attempt (file-multimedia.rules) * 3:51680 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2019-0912 attack attempt (file-multimedia.rules) * 3:51677 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2019-0912 attack attempt (file-multimedia.rules) * 3:51679 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2019-0912 attack attempt (file-multimedia.rules) * 3:51678 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2019-0912 attack attempt (file-multimedia.rules) * 3:51673 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2019-0912 attack attempt (file-multimedia.rules) * 3:51676 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2019-0912 attack attempt (file-multimedia.rules) * 3:51675 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2019-0912 attack attempt (file-multimedia.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091500.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:54096 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.CobaltStrike powershell beacon download attempt (malware-other.rules) * 1:54097 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Mokes malicious executable download attempt (malware-other.rules) * 1:54083 <-> DISABLED <-> MALWARE-OTHER PUA.Unix.Adware.Mobidash-7914334-0 download attempt (malware-other.rules) * 1:54090 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.DarkKomet-7946160-0 download attempt (malware-other.rules) * 1:54107 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Mokes variant outbound connection (malware-cnc.rules) * 1:54088 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Zeus-7945000-0 download attempt (malware-other.rules) * 1:54105 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Mokes malicious executable download attempt (malware-other.rules) * 1:54098 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Mokes malicious executable download attempt (malware-other.rules) * 1:54119 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Ircbot-7910553-0 download attempt (malware-other.rules) * 1:54106 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Mokes malicious executable download attempt (malware-other.rules) * 1:54101 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Mokes malicious executable download attempt (malware-other.rules) * 1:54091 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-7977738-0 download attempt (malware-other.rules) * 1:54084 <-> DISABLED <-> MALWARE-OTHER PUA.Unix.Adware.Mobidash-7914334-0 download attempt (malware-other.rules) * 1:54087 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Zeus-7945000-0 download attempt (malware-other.rules) * 1:54085 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Barys-7933433-0 download attempt (malware-other.rules) * 1:54122 <-> ENABLED <-> SERVER-OTHER OpenSMTPD mta_io remote command injection attempt (server-other.rules) * 1:54095 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.CobaltStrike powershell beacon download attempt (malware-other.rules) * 1:54093 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Zeus-7944985-0 download attempt (malware-other.rules) * 1:54086 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Barys-7933433-0 download attempt (malware-other.rules) * 1:54099 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Mokes malicious executable download attempt (malware-other.rules) * 1:54109 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Mikey-7914350-0 download attempt (malware-other.rules) * 1:54094 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Zeus-7944985-0 download attempt (malware-other.rules) * 1:54103 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Mokes malicious executable download attempt (malware-other.rules) * 1:54104 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Mokes malicious executable download attempt (malware-other.rules) * 1:54100 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Mokes malicious executable download attempt (malware-other.rules) * 1:54102 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Mokes malicious executable download attempt (malware-other.rules) * 1:54108 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Mikey-7914350-0 download attempt (malware-other.rules) * 1:54110 <-> ENABLED <-> MALWARE-OTHER Html.Trojan.CobaltStrike HTML payload download attempt (malware-other.rules) * 1:54111 <-> ENABLED <-> MALWARE-OTHER Html.Trojan.CobaltStrike HTML payload download attempt (malware-other.rules) * 1:54112 <-> ENABLED <-> MALWARE-OTHER Html.Trojan.CobaltStrike HTML payload download attempt (malware-other.rules) * 1:54089 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.DarkKomet-7946160-0 download attempt (malware-other.rules) * 1:54118 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Ircbot-7910553-0 download attempt (malware-other.rules) * 1:54116 <-> ENABLED <-> MALWARE-OTHER Html.Trojan.CobaltStrike VBA payload download attempt (malware-other.rules) * 1:54117 <-> ENABLED <-> MALWARE-OTHER Html.Trojan.CobaltStrike VBA payload download attempt (malware-other.rules) * 1:54114 <-> ENABLED <-> MALWARE-OTHER Html.Trojan.CobaltStrike powershell payload download attempt (malware-other.rules) * 1:54115 <-> ENABLED <-> MALWARE-OTHER Html.Trojan.CobaltStrike powershell payload download attempt (malware-other.rules) * 1:54113 <-> ENABLED <-> MALWARE-OTHER Html.Trojan.CobaltStrike HTML payload download attempt (malware-other.rules) * 1:54092 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-7977738-0 download attempt (malware-other.rules) * 3:54128 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1077 attack attempt (server-webapp.rules) * 3:54138 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1074 attack attempt (server-webapp.rules) * 3:54131 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1077 attack attempt (server-webapp.rules) * 3:54121 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2019-0912 attack attempt (file-multimedia.rules) * 3:54134 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1072 attack attempt (server-webapp.rules) * 3:54139 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1075 attack attempt (server-webapp.rules) * 3:54125 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1077 attack attempt (server-webapp.rules) * 3:54120 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2019-0912 attack attempt (file-multimedia.rules) * 3:54137 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1073 attack attempt (server-webapp.rules) * 3:54126 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1077 attack attempt (server-webapp.rules) * 3:54133 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1072 attack attempt (server-webapp.rules) * 3:54130 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1077 attack attempt (server-webapp.rules) * 3:54135 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1073 attack attempt (server-webapp.rules) * 3:54124 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1077 attack attempt (server-webapp.rules) * 3:54136 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1073 attack attempt (server-webapp.rules) * 3:54143 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1076 attack attempt (server-webapp.rules) * 3:54132 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1072 attack attempt (server-webapp.rules) * 3:54144 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1076 attack attempt (server-webapp.rules) * 3:54123 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1077 attack attempt (server-webapp.rules) * 3:54140 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1075 attack attempt (server-webapp.rules) * 3:54141 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1075 attack attempt (server-webapp.rules) * 3:54129 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1077 attack attempt (server-webapp.rules) * 3:54142 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1076 attack attempt (server-webapp.rules) * 3:54127 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1077 attack attempt (server-webapp.rules)
* 1:28863 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CViewportChangeInvalidation use after free attempt (browser-ie.rules) * 1:54031 <-> DISABLED <-> SERVER-OTHER SaltStack wheel directory traversal attempt (server-other.rules) * 1:54023 <-> DISABLED <-> SERVER-OTHER SaltStack authentication bypass attempt (server-other.rules) * 1:54033 <-> DISABLED <-> SERVER-OTHER SaltStack wheel directory traversal attempt (server-other.rules) * 1:54082 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound cnc connection (malware-cnc.rules) * 1:28371 <-> ENABLED <-> PUA-ADWARE UpdateStar CIS file retrieval attempt (pua-adware.rules) * 1:28372 <-> ENABLED <-> PUA-ADWARE UpdateStar encapsulated installer outbound connection (pua-adware.rules) * 1:54022 <-> DISABLED <-> SERVER-OTHER SaltStack authentication bypass attempt (server-other.rules) * 1:29423 <-> ENABLED <-> MALWARE-CNC Win.Trojan.MaxerDDos variant connection (malware-cnc.rules) * 1:40027 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Shakti variant outbound connection (malware-cnc.rules) * 1:42074 <-> ENABLED <-> PROTOCOL-SCADA TraceMode Runtime DOS attempt (protocol-scada.rules) * 1:54030 <-> DISABLED <-> SERVER-OTHER SaltStack wheel directory traversal attempt (server-other.rules) * 1:39233 <-> ENABLED <-> BROWSER-IE Microsoft Edge Content Security Policy bypass attempt (browser-ie.rules) * 1:33481 <-> ENABLED <-> MALWARE-CNC Linux.Backdoor.Xnote outbound connection (malware-cnc.rules) * 1:42075 <-> ENABLED <-> PROTOCOL-SCADA TraceMode Runtime DOS attempt (protocol-scada.rules) * 1:28862 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CViewportChangeInvalidation use after free attempt (browser-ie.rules) * 1:54032 <-> DISABLED <-> SERVER-OTHER SaltStack wheel directory traversal attempt (server-other.rules) * 3:51677 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2019-0912 attack attempt (file-multimedia.rules) * 3:51679 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2019-0912 attack attempt (file-multimedia.rules) * 3:51675 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2019-0912 attack attempt (file-multimedia.rules) * 3:51673 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2019-0912 attack attempt (file-multimedia.rules) * 3:51680 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2019-0912 attack attempt (file-multimedia.rules) * 3:51676 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2019-0912 attack attempt (file-multimedia.rules) * 3:51674 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2019-0912 attack attempt (file-multimedia.rules) * 3:51678 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2019-0912 attack attempt (file-multimedia.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091401.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:54107 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Mokes variant outbound connection (malware-cnc.rules) * 1:54096 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.CobaltStrike powershell beacon download attempt (malware-other.rules) * 1:54097 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Mokes malicious executable download attempt (malware-other.rules) * 1:54083 <-> DISABLED <-> MALWARE-OTHER PUA.Unix.Adware.Mobidash-7914334-0 download attempt (malware-other.rules) * 1:54119 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Ircbot-7910553-0 download attempt (malware-other.rules) * 1:54099 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Mokes malicious executable download attempt (malware-other.rules) * 1:54090 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.DarkKomet-7946160-0 download attempt (malware-other.rules) * 1:54104 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Mokes malicious executable download attempt (malware-other.rules) * 1:54101 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Mokes malicious executable download attempt (malware-other.rules) * 1:54105 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Mokes malicious executable download attempt (malware-other.rules) * 1:54098 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Mokes malicious executable download attempt (malware-other.rules) * 1:54106 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Mokes malicious executable download attempt (malware-other.rules) * 1:54100 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Mokes malicious executable download attempt (malware-other.rules) * 1:54085 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Barys-7933433-0 download attempt (malware-other.rules) * 1:54103 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Mokes malicious executable download attempt (malware-other.rules) * 1:54091 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-7977738-0 download attempt (malware-other.rules) * 1:54086 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Barys-7933433-0 download attempt (malware-other.rules) * 1:54109 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Mikey-7914350-0 download attempt (malware-other.rules) * 1:54094 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Zeus-7944985-0 download attempt (malware-other.rules) * 1:54102 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Mokes malicious executable download attempt (malware-other.rules) * 1:54122 <-> ENABLED <-> SERVER-OTHER OpenSMTPD mta_io remote command injection attempt (server-other.rules) * 1:54088 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Zeus-7945000-0 download attempt (malware-other.rules) * 1:54087 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Zeus-7945000-0 download attempt (malware-other.rules) * 1:54095 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.CobaltStrike powershell beacon download attempt (malware-other.rules) * 1:54093 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Zeus-7944985-0 download attempt (malware-other.rules) * 1:54118 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Ircbot-7910553-0 download attempt (malware-other.rules) * 1:54117 <-> ENABLED <-> MALWARE-OTHER Html.Trojan.CobaltStrike VBA payload download attempt (malware-other.rules) * 1:54114 <-> ENABLED <-> MALWARE-OTHER Html.Trojan.CobaltStrike powershell payload download attempt (malware-other.rules) * 1:54115 <-> ENABLED <-> MALWARE-OTHER Html.Trojan.CobaltStrike powershell payload download attempt (malware-other.rules) * 1:54113 <-> ENABLED <-> MALWARE-OTHER Html.Trojan.CobaltStrike HTML payload download attempt (malware-other.rules) * 1:54084 <-> DISABLED <-> MALWARE-OTHER PUA.Unix.Adware.Mobidash-7914334-0 download attempt (malware-other.rules) * 1:54108 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Mikey-7914350-0 download attempt (malware-other.rules) * 1:54110 <-> ENABLED <-> MALWARE-OTHER Html.Trojan.CobaltStrike HTML payload download attempt (malware-other.rules) * 1:54111 <-> ENABLED <-> MALWARE-OTHER Html.Trojan.CobaltStrike HTML payload download attempt (malware-other.rules) * 1:54112 <-> ENABLED <-> MALWARE-OTHER Html.Trojan.CobaltStrike HTML payload download attempt (malware-other.rules) * 1:54089 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.DarkKomet-7946160-0 download attempt (malware-other.rules) * 1:54116 <-> ENABLED <-> MALWARE-OTHER Html.Trojan.CobaltStrike VBA payload download attempt (malware-other.rules) * 1:54092 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-7977738-0 download attempt (malware-other.rules) * 3:54124 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1077 attack attempt (server-webapp.rules) * 3:54137 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1073 attack attempt (server-webapp.rules) * 3:54125 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1077 attack attempt (server-webapp.rules) * 3:54141 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1075 attack attempt (server-webapp.rules) * 3:54126 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1077 attack attempt (server-webapp.rules) * 3:54138 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1074 attack attempt (server-webapp.rules) * 3:54140 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1075 attack attempt (server-webapp.rules) * 3:54121 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2019-0912 attack attempt (file-multimedia.rules) * 3:54127 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1077 attack attempt (server-webapp.rules) * 3:54123 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1077 attack attempt (server-webapp.rules) * 3:54120 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2019-0912 attack attempt (file-multimedia.rules) * 3:54133 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1072 attack attempt (server-webapp.rules) * 3:54129 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1077 attack attempt (server-webapp.rules) * 3:54142 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1076 attack attempt (server-webapp.rules) * 3:54139 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1075 attack attempt (server-webapp.rules) * 3:54130 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1077 attack attempt (server-webapp.rules) * 3:54143 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1076 attack attempt (server-webapp.rules) * 3:54135 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1073 attack attempt (server-webapp.rules) * 3:54134 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1072 attack attempt (server-webapp.rules) * 3:54136 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1073 attack attempt (server-webapp.rules) * 3:54144 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1076 attack attempt (server-webapp.rules) * 3:54132 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1072 attack attempt (server-webapp.rules) * 3:54128 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1077 attack attempt (server-webapp.rules) * 3:54131 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1077 attack attempt (server-webapp.rules)
* 1:42075 <-> ENABLED <-> PROTOCOL-SCADA TraceMode Runtime DOS attempt (protocol-scada.rules) * 1:28372 <-> ENABLED <-> PUA-ADWARE UpdateStar encapsulated installer outbound connection (pua-adware.rules) * 1:54082 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound cnc connection (malware-cnc.rules) * 1:54032 <-> DISABLED <-> SERVER-OTHER SaltStack wheel directory traversal attempt (server-other.rules) * 1:54030 <-> DISABLED <-> SERVER-OTHER SaltStack wheel directory traversal attempt (server-other.rules) * 1:28862 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CViewportChangeInvalidation use after free attempt (browser-ie.rules) * 1:54023 <-> DISABLED <-> SERVER-OTHER SaltStack authentication bypass attempt (server-other.rules) * 1:54022 <-> DISABLED <-> SERVER-OTHER SaltStack authentication bypass attempt (server-other.rules) * 1:54033 <-> DISABLED <-> SERVER-OTHER SaltStack wheel directory traversal attempt (server-other.rules) * 1:28371 <-> ENABLED <-> PUA-ADWARE UpdateStar CIS file retrieval attempt (pua-adware.rules) * 1:54031 <-> DISABLED <-> SERVER-OTHER SaltStack wheel directory traversal attempt (server-other.rules) * 1:40027 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Shakti variant outbound connection (malware-cnc.rules) * 1:28863 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CViewportChangeInvalidation use after free attempt (browser-ie.rules) * 1:42074 <-> ENABLED <-> PROTOCOL-SCADA TraceMode Runtime DOS attempt (protocol-scada.rules) * 1:29423 <-> ENABLED <-> MALWARE-CNC Win.Trojan.MaxerDDos variant connection (malware-cnc.rules) * 1:33481 <-> ENABLED <-> MALWARE-CNC Linux.Backdoor.Xnote outbound connection (malware-cnc.rules) * 1:39233 <-> ENABLED <-> BROWSER-IE Microsoft Edge Content Security Policy bypass attempt (browser-ie.rules) * 3:51676 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2019-0912 attack attempt (file-multimedia.rules) * 3:51678 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2019-0912 attack attempt (file-multimedia.rules) * 3:51673 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2019-0912 attack attempt (file-multimedia.rules) * 3:51675 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2019-0912 attack attempt (file-multimedia.rules) * 3:51674 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2019-0912 attack attempt (file-multimedia.rules) * 3:51680 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2019-0912 attack attempt (file-multimedia.rules) * 3:51677 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2019-0912 attack attempt (file-multimedia.rules) * 3:51679 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2019-0912 attack attempt (file-multimedia.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091300.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:54096 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.CobaltStrike powershell beacon download attempt (malware-other.rules) * 1:54094 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Zeus-7944985-0 download attempt (malware-other.rules) * 1:54090 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.DarkKomet-7946160-0 download attempt (malware-other.rules) * 1:54119 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Ircbot-7910553-0 download attempt (malware-other.rules) * 1:54107 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Mokes variant outbound connection (malware-cnc.rules) * 1:54088 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Zeus-7945000-0 download attempt (malware-other.rules) * 1:54097 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Mokes malicious executable download attempt (malware-other.rules) * 1:54105 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Mokes malicious executable download attempt (malware-other.rules) * 1:54099 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Mokes malicious executable download attempt (malware-other.rules) * 1:54109 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Mikey-7914350-0 download attempt (malware-other.rules) * 1:54106 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Mokes malicious executable download attempt (malware-other.rules) * 1:54086 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Barys-7933433-0 download attempt (malware-other.rules) * 1:54100 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Mokes malicious executable download attempt (malware-other.rules) * 1:54083 <-> DISABLED <-> MALWARE-OTHER PUA.Unix.Adware.Mobidash-7914334-0 download attempt (malware-other.rules) * 1:54085 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Barys-7933433-0 download attempt (malware-other.rules) * 1:54098 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Mokes malicious executable download attempt (malware-other.rules) * 1:54122 <-> ENABLED <-> SERVER-OTHER OpenSMTPD mta_io remote command injection attempt (server-other.rules) * 1:54102 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Mokes malicious executable download attempt (malware-other.rules) * 1:54087 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Zeus-7945000-0 download attempt (malware-other.rules) * 1:54091 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-7977738-0 download attempt (malware-other.rules) * 1:54095 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.CobaltStrike powershell beacon download attempt (malware-other.rules) * 1:54084 <-> DISABLED <-> MALWARE-OTHER PUA.Unix.Adware.Mobidash-7914334-0 download attempt (malware-other.rules) * 1:54093 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Zeus-7944985-0 download attempt (malware-other.rules) * 1:54101 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Mokes malicious executable download attempt (malware-other.rules) * 1:54089 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.DarkKomet-7946160-0 download attempt (malware-other.rules) * 1:54116 <-> ENABLED <-> MALWARE-OTHER Html.Trojan.CobaltStrike VBA payload download attempt (malware-other.rules) * 1:54118 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Ircbot-7910553-0 download attempt (malware-other.rules) * 1:54117 <-> ENABLED <-> MALWARE-OTHER Html.Trojan.CobaltStrike VBA payload download attempt (malware-other.rules) * 1:54114 <-> ENABLED <-> MALWARE-OTHER Html.Trojan.CobaltStrike powershell payload download attempt (malware-other.rules) * 1:54115 <-> ENABLED <-> MALWARE-OTHER Html.Trojan.CobaltStrike powershell payload download attempt (malware-other.rules) * 1:54113 <-> ENABLED <-> MALWARE-OTHER Html.Trojan.CobaltStrike HTML payload download attempt (malware-other.rules) * 1:54103 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Mokes malicious executable download attempt (malware-other.rules) * 1:54108 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Mikey-7914350-0 download attempt (malware-other.rules) * 1:54110 <-> ENABLED <-> MALWARE-OTHER Html.Trojan.CobaltStrike HTML payload download attempt (malware-other.rules) * 1:54092 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-7977738-0 download attempt (malware-other.rules) * 1:54111 <-> ENABLED <-> MALWARE-OTHER Html.Trojan.CobaltStrike HTML payload download attempt (malware-other.rules) * 1:54112 <-> ENABLED <-> MALWARE-OTHER Html.Trojan.CobaltStrike HTML payload download attempt (malware-other.rules) * 1:54104 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Mokes malicious executable download attempt (malware-other.rules) * 3:54130 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1077 attack attempt (server-webapp.rules) * 3:54141 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1075 attack attempt (server-webapp.rules) * 3:54123 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1077 attack attempt (server-webapp.rules) * 3:54127 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1077 attack attempt (server-webapp.rules) * 3:54135 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1073 attack attempt (server-webapp.rules) * 3:54120 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2019-0912 attack attempt (file-multimedia.rules) * 3:54138 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1074 attack attempt (server-webapp.rules) * 3:54142 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1076 attack attempt (server-webapp.rules) * 3:54121 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2019-0912 attack attempt (file-multimedia.rules) * 3:54133 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1072 attack attempt (server-webapp.rules) * 3:54128 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1077 attack attempt (server-webapp.rules) * 3:54137 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1073 attack attempt (server-webapp.rules) * 3:54126 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1077 attack attempt (server-webapp.rules) * 3:54139 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1075 attack attempt (server-webapp.rules) * 3:54132 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1072 attack attempt (server-webapp.rules) * 3:54143 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1076 attack attempt (server-webapp.rules) * 3:54131 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1077 attack attempt (server-webapp.rules) * 3:54136 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1073 attack attempt (server-webapp.rules) * 3:54140 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1075 attack attempt (server-webapp.rules) * 3:54124 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1077 attack attempt (server-webapp.rules) * 3:54129 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1077 attack attempt (server-webapp.rules) * 3:54144 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1076 attack attempt (server-webapp.rules) * 3:54125 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1077 attack attempt (server-webapp.rules) * 3:54134 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1072 attack attempt (server-webapp.rules)
* 1:29423 <-> ENABLED <-> MALWARE-CNC Win.Trojan.MaxerDDos variant connection (malware-cnc.rules) * 1:54082 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound cnc connection (malware-cnc.rules) * 1:39233 <-> ENABLED <-> BROWSER-IE Microsoft Edge Content Security Policy bypass attempt (browser-ie.rules) * 1:54033 <-> DISABLED <-> SERVER-OTHER SaltStack wheel directory traversal attempt (server-other.rules) * 1:54031 <-> DISABLED <-> SERVER-OTHER SaltStack wheel directory traversal attempt (server-other.rules) * 1:28372 <-> ENABLED <-> PUA-ADWARE UpdateStar encapsulated installer outbound connection (pua-adware.rules) * 1:33481 <-> ENABLED <-> MALWARE-CNC Linux.Backdoor.Xnote outbound connection (malware-cnc.rules) * 1:54022 <-> DISABLED <-> SERVER-OTHER SaltStack authentication bypass attempt (server-other.rules) * 1:54030 <-> DISABLED <-> SERVER-OTHER SaltStack wheel directory traversal attempt (server-other.rules) * 1:42074 <-> ENABLED <-> PROTOCOL-SCADA TraceMode Runtime DOS attempt (protocol-scada.rules) * 1:28371 <-> ENABLED <-> PUA-ADWARE UpdateStar CIS file retrieval attempt (pua-adware.rules) * 1:54023 <-> DISABLED <-> SERVER-OTHER SaltStack authentication bypass attempt (server-other.rules) * 1:54032 <-> DISABLED <-> SERVER-OTHER SaltStack wheel directory traversal attempt (server-other.rules) * 1:42075 <-> ENABLED <-> PROTOCOL-SCADA TraceMode Runtime DOS attempt (protocol-scada.rules) * 1:40027 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Shakti variant outbound connection (malware-cnc.rules) * 1:28863 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CViewportChangeInvalidation use after free attempt (browser-ie.rules) * 1:28862 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CViewportChangeInvalidation use after free attempt (browser-ie.rules) * 3:51677 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2019-0912 attack attempt (file-multimedia.rules) * 3:51674 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2019-0912 attack attempt (file-multimedia.rules) * 3:51679 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2019-0912 attack attempt (file-multimedia.rules) * 3:51673 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2019-0912 attack attempt (file-multimedia.rules) * 3:51676 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2019-0912 attack attempt (file-multimedia.rules) * 3:51680 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2019-0912 attack attempt (file-multimedia.rules) * 3:51675 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2019-0912 attack attempt (file-multimedia.rules) * 3:51678 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2019-0912 attack attempt (file-multimedia.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091101.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:54096 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.CobaltStrike powershell beacon download attempt (malware-other.rules) * 1:54105 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Mokes malicious executable download attempt (malware-other.rules) * 1:54119 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Ircbot-7910553-0 download attempt (malware-other.rules) * 1:54090 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.DarkKomet-7946160-0 download attempt (malware-other.rules) * 1:54109 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Mikey-7914350-0 download attempt (malware-other.rules) * 1:54107 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Mokes variant outbound connection (malware-cnc.rules) * 1:54097 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Mokes malicious executable download attempt (malware-other.rules) * 1:54094 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Zeus-7944985-0 download attempt (malware-other.rules) * 1:54100 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Mokes malicious executable download attempt (malware-other.rules) * 1:54106 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Mokes malicious executable download attempt (malware-other.rules) * 1:54116 <-> ENABLED <-> MALWARE-OTHER Html.Trojan.CobaltStrike VBA payload download attempt (malware-other.rules) * 1:54117 <-> ENABLED <-> MALWARE-OTHER Html.Trojan.CobaltStrike VBA payload download attempt (malware-other.rules) * 1:54118 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Ircbot-7910553-0 download attempt (malware-other.rules) * 1:54113 <-> ENABLED <-> MALWARE-OTHER Html.Trojan.CobaltStrike HTML payload download attempt (malware-other.rules) * 1:54115 <-> ENABLED <-> MALWARE-OTHER Html.Trojan.CobaltStrike powershell payload download attempt (malware-other.rules) * 1:54114 <-> ENABLED <-> MALWARE-OTHER Html.Trojan.CobaltStrike powershell payload download attempt (malware-other.rules) * 1:54101 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Mokes malicious executable download attempt (malware-other.rules) * 1:54093 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Zeus-7944985-0 download attempt (malware-other.rules) * 1:54087 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Zeus-7945000-0 download attempt (malware-other.rules) * 1:54091 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-7977738-0 download attempt (malware-other.rules) * 1:54089 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.DarkKomet-7946160-0 download attempt (malware-other.rules) * 1:54104 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Mokes malicious executable download attempt (malware-other.rules) * 1:54086 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Barys-7933433-0 download attempt (malware-other.rules) * 1:54102 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Mokes malicious executable download attempt (malware-other.rules) * 1:54085 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Barys-7933433-0 download attempt (malware-other.rules) * 1:54099 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Mokes malicious executable download attempt (malware-other.rules) * 1:54092 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-7977738-0 download attempt (malware-other.rules) * 1:54122 <-> ENABLED <-> SERVER-OTHER OpenSMTPD mta_io remote command injection attempt (server-other.rules) * 1:54084 <-> DISABLED <-> MALWARE-OTHER PUA.Unix.Adware.Mobidash-7914334-0 download attempt (malware-other.rules) * 1:54108 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Mikey-7914350-0 download attempt (malware-other.rules) * 1:54083 <-> DISABLED <-> MALWARE-OTHER PUA.Unix.Adware.Mobidash-7914334-0 download attempt (malware-other.rules) * 1:54095 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.CobaltStrike powershell beacon download attempt (malware-other.rules) * 1:54088 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Zeus-7945000-0 download attempt (malware-other.rules) * 1:54103 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Mokes malicious executable download attempt (malware-other.rules) * 1:54110 <-> ENABLED <-> MALWARE-OTHER Html.Trojan.CobaltStrike HTML payload download attempt (malware-other.rules) * 1:54111 <-> ENABLED <-> MALWARE-OTHER Html.Trojan.CobaltStrike HTML payload download attempt (malware-other.rules) * 1:54112 <-> ENABLED <-> MALWARE-OTHER Html.Trojan.CobaltStrike HTML payload download attempt (malware-other.rules) * 1:54098 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Mokes malicious executable download attempt (malware-other.rules) * 3:54133 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1072 attack attempt (server-webapp.rules) * 3:54126 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1077 attack attempt (server-webapp.rules) * 3:54140 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1075 attack attempt (server-webapp.rules) * 3:54123 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1077 attack attempt (server-webapp.rules) * 3:54120 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2019-0912 attack attempt (file-multimedia.rules) * 3:54131 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1077 attack attempt (server-webapp.rules) * 3:54143 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1076 attack attempt (server-webapp.rules) * 3:54137 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1073 attack attempt (server-webapp.rules) * 3:54128 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1077 attack attempt (server-webapp.rules) * 3:54121 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2019-0912 attack attempt (file-multimedia.rules) * 3:54142 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1076 attack attempt (server-webapp.rules) * 3:54136 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1073 attack attempt (server-webapp.rules) * 3:54134 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1072 attack attempt (server-webapp.rules) * 3:54135 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1073 attack attempt (server-webapp.rules) * 3:54129 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1077 attack attempt (server-webapp.rules) * 3:54124 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1077 attack attempt (server-webapp.rules) * 3:54132 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1072 attack attempt (server-webapp.rules) * 3:54141 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1075 attack attempt (server-webapp.rules) * 3:54139 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1075 attack attempt (server-webapp.rules) * 3:54127 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1077 attack attempt (server-webapp.rules) * 3:54125 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1077 attack attempt (server-webapp.rules) * 3:54138 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1074 attack attempt (server-webapp.rules) * 3:54144 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1076 attack attempt (server-webapp.rules) * 3:54130 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1077 attack attempt (server-webapp.rules)
* 1:54022 <-> DISABLED <-> SERVER-OTHER SaltStack authentication bypass attempt (server-other.rules) * 1:39233 <-> ENABLED <-> BROWSER-IE Microsoft Edge Content Security Policy bypass attempt (browser-ie.rules) * 1:42074 <-> ENABLED <-> PROTOCOL-SCADA TraceMode Runtime DOS attempt (protocol-scada.rules) * 1:28862 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CViewportChangeInvalidation use after free attempt (browser-ie.rules) * 1:54031 <-> DISABLED <-> SERVER-OTHER SaltStack wheel directory traversal attempt (server-other.rules) * 1:54032 <-> DISABLED <-> SERVER-OTHER SaltStack wheel directory traversal attempt (server-other.rules) * 1:28863 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CViewportChangeInvalidation use after free attempt (browser-ie.rules) * 1:40027 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Shakti variant outbound connection (malware-cnc.rules) * 1:54023 <-> DISABLED <-> SERVER-OTHER SaltStack authentication bypass attempt (server-other.rules) * 1:33481 <-> ENABLED <-> MALWARE-CNC Linux.Backdoor.Xnote outbound connection (malware-cnc.rules) * 1:29423 <-> ENABLED <-> MALWARE-CNC Win.Trojan.MaxerDDos variant connection (malware-cnc.rules) * 1:54030 <-> DISABLED <-> SERVER-OTHER SaltStack wheel directory traversal attempt (server-other.rules) * 1:28371 <-> ENABLED <-> PUA-ADWARE UpdateStar CIS file retrieval attempt (pua-adware.rules) * 1:42075 <-> ENABLED <-> PROTOCOL-SCADA TraceMode Runtime DOS attempt (protocol-scada.rules) * 1:28372 <-> ENABLED <-> PUA-ADWARE UpdateStar encapsulated installer outbound connection (pua-adware.rules) * 1:54033 <-> DISABLED <-> SERVER-OTHER SaltStack wheel directory traversal attempt (server-other.rules) * 1:54082 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound cnc connection (malware-cnc.rules) * 3:51676 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2019-0912 attack attempt (file-multimedia.rules) * 3:51677 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2019-0912 attack attempt (file-multimedia.rules) * 3:51679 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2019-0912 attack attempt (file-multimedia.rules) * 3:51678 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2019-0912 attack attempt (file-multimedia.rules) * 3:51673 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2019-0912 attack attempt (file-multimedia.rules) * 3:51674 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2019-0912 attack attempt (file-multimedia.rules) * 3:51675 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2019-0912 attack attempt (file-multimedia.rules) * 3:51680 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2019-0912 attack attempt (file-multimedia.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3000.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:54099 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Mokes malicious executable download attempt (snort3-malware-other.rules) * 1:54112 <-> ENABLED <-> MALWARE-OTHER Html.Trojan.CobaltStrike HTML payload download attempt (snort3-malware-other.rules) * 1:54084 <-> DISABLED <-> MALWARE-OTHER PUA.Unix.Adware.Mobidash-7914334-0 download attempt (snort3-malware-other.rules) * 1:54106 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Mokes malicious executable download attempt (snort3-malware-other.rules) * 1:54083 <-> DISABLED <-> MALWARE-OTHER PUA.Unix.Adware.Mobidash-7914334-0 download attempt (snort3-malware-other.rules) * 1:54111 <-> ENABLED <-> MALWARE-OTHER Html.Trojan.CobaltStrike HTML payload download attempt (snort3-malware-other.rules) * 1:54089 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.DarkKomet-7946160-0 download attempt (snort3-malware-other.rules) * 1:54088 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Zeus-7945000-0 download attempt (snort3-malware-other.rules) * 1:54087 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Zeus-7945000-0 download attempt (snort3-malware-other.rules) * 1:54086 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Barys-7933433-0 download attempt (snort3-malware-other.rules) * 1:54104 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Mokes malicious executable download attempt (snort3-malware-other.rules) * 1:54113 <-> ENABLED <-> MALWARE-OTHER Html.Trojan.CobaltStrike HTML payload download attempt (snort3-malware-other.rules) * 1:54110 <-> ENABLED <-> MALWARE-OTHER Html.Trojan.CobaltStrike HTML payload download attempt (snort3-malware-other.rules) * 1:54107 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Mokes variant outbound connection (snort3-malware-cnc.rules) * 1:54096 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.CobaltStrike powershell beacon download attempt (snort3-malware-other.rules) * 1:54097 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Mokes malicious executable download attempt (snort3-malware-other.rules) * 1:54098 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Mokes malicious executable download attempt (snort3-malware-other.rules) * 1:54115 <-> ENABLED <-> MALWARE-OTHER Html.Trojan.CobaltStrike powershell payload download attempt (snort3-malware-other.rules) * 1:54092 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-7977738-0 download attempt (snort3-malware-other.rules) * 1:54119 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Ircbot-7910553-0 download attempt (snort3-malware-other.rules) * 1:54090 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.DarkKomet-7946160-0 download attempt (snort3-malware-other.rules) * 1:54118 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Ircbot-7910553-0 download attempt (snort3-malware-other.rules) * 1:54117 <-> ENABLED <-> MALWARE-OTHER Html.Trojan.CobaltStrike VBA payload download attempt (snort3-malware-other.rules) * 1:54109 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Mikey-7914350-0 download attempt (snort3-malware-other.rules) * 1:54101 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Mokes malicious executable download attempt (snort3-malware-other.rules) * 1:54122 <-> ENABLED <-> SERVER-OTHER OpenSMTPD mta_io remote command injection attempt (snort3-server-other.rules) * 1:54093 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Zeus-7944985-0 download attempt (snort3-malware-other.rules) * 1:54114 <-> ENABLED <-> MALWARE-OTHER Html.Trojan.CobaltStrike powershell payload download attempt (snort3-malware-other.rules) * 1:54095 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.CobaltStrike powershell beacon download attempt (snort3-malware-other.rules) * 1:54094 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Zeus-7944985-0 download attempt (snort3-malware-other.rules) * 1:54102 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Mokes malicious executable download attempt (snort3-malware-other.rules) * 1:54100 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Mokes malicious executable download attempt (snort3-malware-other.rules) * 1:54116 <-> ENABLED <-> MALWARE-OTHER Html.Trojan.CobaltStrike VBA payload download attempt (snort3-malware-other.rules) * 1:54108 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Mikey-7914350-0 download attempt (snort3-malware-other.rules) * 1:54103 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Mokes malicious executable download attempt (snort3-malware-other.rules) * 1:54105 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Mokes malicious executable download attempt (snort3-malware-other.rules) * 1:54091 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-7977738-0 download attempt (snort3-malware-other.rules) * 1:54085 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Barys-7933433-0 download attempt (snort3-malware-other.rules)
* 1:54030 <-> DISABLED <-> SERVER-OTHER SaltStack wheel directory traversal attempt (snort3-server-other.rules) * 1:28371 <-> ENABLED <-> PUA-ADWARE UpdateStar CIS file retrieval attempt (snort3-pua-adware.rules) * 1:42075 <-> ENABLED <-> PROTOCOL-SCADA TraceMode Runtime DOS attempt (snort3-protocol-scada.rules) * 1:33481 <-> ENABLED <-> MALWARE-CNC Linux.Backdoor.Xnote outbound connection (snort3-malware-cnc.rules) * 1:28863 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CViewportChangeInvalidation use after free attempt (snort3-browser-ie.rules) * 1:54031 <-> DISABLED <-> SERVER-OTHER SaltStack wheel directory traversal attempt (snort3-server-other.rules) * 1:28862 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CViewportChangeInvalidation use after free attempt (snort3-browser-ie.rules) * 1:39233 <-> ENABLED <-> BROWSER-IE Microsoft Edge Content Security Policy bypass attempt (snort3-browser-ie.rules) * 1:54032 <-> DISABLED <-> SERVER-OTHER SaltStack wheel directory traversal attempt (snort3-server-other.rules) * 1:54023 <-> DISABLED <-> SERVER-OTHER SaltStack authentication bypass attempt (snort3-server-other.rules) * 1:54033 <-> DISABLED <-> SERVER-OTHER SaltStack wheel directory traversal attempt (snort3-server-other.rules) * 1:42074 <-> ENABLED <-> PROTOCOL-SCADA TraceMode Runtime DOS attempt (snort3-protocol-scada.rules) * 1:54082 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound cnc connection (snort3-malware-cnc.rules) * 1:54022 <-> DISABLED <-> SERVER-OTHER SaltStack authentication bypass attempt (snort3-server-other.rules) * 1:40027 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Shakti variant outbound connection (snort3-malware-cnc.rules) * 1:28372 <-> ENABLED <-> PUA-ADWARE UpdateStar encapsulated installer outbound connection (snort3-pua-adware.rules) * 1:29423 <-> ENABLED <-> MALWARE-CNC Win.Trojan.MaxerDDos variant connection (snort3-malware-cnc.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:54113 <-> ENABLED <-> MALWARE-OTHER Html.Trojan.CobaltStrike HTML payload download attempt (malware-other.rules) * 1:54119 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Ircbot-7910553-0 download attempt (malware-other.rules) * 1:54104 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Mokes malicious executable download attempt (malware-other.rules) * 1:54106 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Mokes malicious executable download attempt (malware-other.rules) * 1:54088 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Zeus-7945000-0 download attempt (malware-other.rules) * 1:54116 <-> ENABLED <-> MALWARE-OTHER Html.Trojan.CobaltStrike VBA payload download attempt (malware-other.rules) * 1:54111 <-> ENABLED <-> MALWARE-OTHER Html.Trojan.CobaltStrike HTML payload download attempt (malware-other.rules) * 1:54085 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Barys-7933433-0 download attempt (malware-other.rules) * 1:54115 <-> ENABLED <-> MALWARE-OTHER Html.Trojan.CobaltStrike powershell payload download attempt (malware-other.rules) * 1:54109 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Mikey-7914350-0 download attempt (malware-other.rules) * 1:54122 <-> ENABLED <-> SERVER-OTHER OpenSMTPD mta_io remote command injection attempt (server-other.rules) * 1:54086 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Barys-7933433-0 download attempt (malware-other.rules) * 1:54118 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Ircbot-7910553-0 download attempt (malware-other.rules) * 1:54110 <-> ENABLED <-> MALWARE-OTHER Html.Trojan.CobaltStrike HTML payload download attempt (malware-other.rules) * 1:54108 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Mikey-7914350-0 download attempt (malware-other.rules) * 1:54114 <-> ENABLED <-> MALWARE-OTHER Html.Trojan.CobaltStrike powershell payload download attempt (malware-other.rules) * 1:54093 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Zeus-7944985-0 download attempt (malware-other.rules) * 1:54101 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Mokes malicious executable download attempt (malware-other.rules) * 1:54102 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Mokes malicious executable download attempt (malware-other.rules) * 1:54117 <-> ENABLED <-> MALWARE-OTHER Html.Trojan.CobaltStrike VBA payload download attempt (malware-other.rules) * 1:54100 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Mokes malicious executable download attempt (malware-other.rules) * 1:54099 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Mokes malicious executable download attempt (malware-other.rules) * 1:54089 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.DarkKomet-7946160-0 download attempt (malware-other.rules) * 1:54094 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Zeus-7944985-0 download attempt (malware-other.rules) * 1:54090 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.DarkKomet-7946160-0 download attempt (malware-other.rules) * 1:54096 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.CobaltStrike powershell beacon download attempt (malware-other.rules) * 1:54091 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-7977738-0 download attempt (malware-other.rules) * 1:54097 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Mokes malicious executable download attempt (malware-other.rules) * 1:54092 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-7977738-0 download attempt (malware-other.rules) * 1:54105 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Mokes malicious executable download attempt (malware-other.rules) * 1:54083 <-> DISABLED <-> MALWARE-OTHER PUA.Unix.Adware.Mobidash-7914334-0 download attempt (malware-other.rules) * 1:54087 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Zeus-7945000-0 download attempt (malware-other.rules) * 1:54098 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Mokes malicious executable download attempt (malware-other.rules) * 1:54095 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.CobaltStrike powershell beacon download attempt (malware-other.rules) * 1:54112 <-> ENABLED <-> MALWARE-OTHER Html.Trojan.CobaltStrike HTML payload download attempt (malware-other.rules) * 1:54103 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Mokes malicious executable download attempt (malware-other.rules) * 1:54107 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Mokes variant outbound connection (malware-cnc.rules) * 1:54084 <-> DISABLED <-> MALWARE-OTHER PUA.Unix.Adware.Mobidash-7914334-0 download attempt (malware-other.rules) * 3:54124 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1077 attack attempt (server-webapp.rules) * 3:54141 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1075 attack attempt (server-webapp.rules) * 3:54132 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1072 attack attempt (server-webapp.rules) * 3:54138 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1074 attack attempt (server-webapp.rules) * 3:54121 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2019-0912 attack attempt (file-multimedia.rules) * 3:54140 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1075 attack attempt (server-webapp.rules) * 3:54129 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1077 attack attempt (server-webapp.rules) * 3:54133 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1072 attack attempt (server-webapp.rules) * 3:54130 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1077 attack attempt (server-webapp.rules) * 3:54126 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1077 attack attempt (server-webapp.rules) * 3:54123 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1077 attack attempt (server-webapp.rules) * 3:54144 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1076 attack attempt (server-webapp.rules) * 3:54125 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1077 attack attempt (server-webapp.rules) * 3:54120 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2019-0912 attack attempt (file-multimedia.rules) * 3:54142 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1076 attack attempt (server-webapp.rules) * 3:54135 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1073 attack attempt (server-webapp.rules) * 3:54139 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1075 attack attempt (server-webapp.rules) * 3:54134 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1072 attack attempt (server-webapp.rules) * 3:54128 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1077 attack attempt (server-webapp.rules) * 3:54131 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1077 attack attempt (server-webapp.rules) * 3:54143 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1076 attack attempt (server-webapp.rules) * 3:54136 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1073 attack attempt (server-webapp.rules) * 3:54127 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1077 attack attempt (server-webapp.rules) * 3:54137 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1073 attack attempt (server-webapp.rules)
* 1:28372 <-> ENABLED <-> PUA-ADWARE UpdateStar encapsulated installer outbound connection (pua-adware.rules) * 1:29423 <-> ENABLED <-> MALWARE-CNC Win.Trojan.MaxerDDos variant connection (malware-cnc.rules) * 1:28862 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CViewportChangeInvalidation use after free attempt (browser-ie.rules) * 1:54030 <-> DISABLED <-> SERVER-OTHER SaltStack wheel directory traversal attempt (server-other.rules) * 1:54023 <-> DISABLED <-> SERVER-OTHER SaltStack authentication bypass attempt (server-other.rules) * 1:40027 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Shakti variant outbound connection (malware-cnc.rules) * 1:54032 <-> DISABLED <-> SERVER-OTHER SaltStack wheel directory traversal attempt (server-other.rules) * 1:28863 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CViewportChangeInvalidation use after free attempt (browser-ie.rules) * 1:54082 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound cnc connection (malware-cnc.rules) * 1:28371 <-> ENABLED <-> PUA-ADWARE UpdateStar CIS file retrieval attempt (pua-adware.rules) * 1:42075 <-> ENABLED <-> PROTOCOL-SCADA TraceMode Runtime DOS attempt (protocol-scada.rules) * 1:33481 <-> ENABLED <-> MALWARE-CNC Linux.Backdoor.Xnote outbound connection (malware-cnc.rules) * 1:42074 <-> ENABLED <-> PROTOCOL-SCADA TraceMode Runtime DOS attempt (protocol-scada.rules) * 1:39233 <-> ENABLED <-> BROWSER-IE Microsoft Edge Content Security Policy bypass attempt (browser-ie.rules) * 1:54033 <-> DISABLED <-> SERVER-OTHER SaltStack wheel directory traversal attempt (server-other.rules) * 1:54031 <-> DISABLED <-> SERVER-OTHER SaltStack wheel directory traversal attempt (server-other.rules) * 1:54022 <-> DISABLED <-> SERVER-OTHER SaltStack authentication bypass attempt (server-other.rules) * 3:51676 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2019-0912 attack attempt (file-multimedia.rules) * 3:51678 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2019-0912 attack attempt (file-multimedia.rules) * 3:51677 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2019-0912 attack attempt (file-multimedia.rules) * 3:51673 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2019-0912 attack attempt (file-multimedia.rules) * 3:51674 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2019-0912 attack attempt (file-multimedia.rules) * 3:51679 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2019-0912 attack attempt (file-multimedia.rules) * 3:51675 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2019-0912 attack attempt (file-multimedia.rules) * 3:51680 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2019-0912 attack attempt (file-multimedia.rules)
©2024 Cisco and/or its affiliates. Snort, the Snort and Pig logo are registered trademarks of Cisco. All rights reserved.
