Talos Rules 2020-07-14
Talos is aware of vulnerabilities affecting products from Microsoft Corporation.

Microsoft Vulnerability CVE-2020-1147: A coding deficiency exists in .NET Framework, SharePoint Server, and Visual Studio that may lead to remote code execution.

A rule to detect attacks targeting this vulnerability is included in this release and is identified with GID 1, SID 54511.

Microsoft Vulnerability CVE-2020-1350: A coding deficiency exists in Microsoft Windows DNS server that may lead to remote code execution.

A rule to detect attacks targeting this vulnerability is included in this release and is identified with GID 1, SID 54518.

Microsoft Vulnerability CVE-2020-1374: A coding deficiency exists in Remote Desktop Client that may lead to remote code execution.

A rule to detect attacks targeting this vulnerability is included in this release and is identified with GID 1, SID 54523.

Microsoft Vulnerability CVE-2020-1381: A coding deficiency exists in Microsoft Windows Graphics Component that may lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 54521 through 54522.

Microsoft Vulnerability CVE-2020-1382: A coding deficiency exists in Microsoft Windows Graphics Component that may lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 54512 through 54515.

Microsoft Vulnerability CVE-2020-1399: A coding deficiency exists in Microsoft Windows Runtime that may lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 54534 through 54535.

Microsoft Vulnerability CVE-2020-1403: A coding deficiency exists in Microsoft Windows VBScript that may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 54509 through 54510.

Microsoft Vulnerability CVE-2020-1410: A coding deficiency exists in Microsoft Windows Address Book that may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 54528 through 54533.

Microsoft Vulnerability CVE-2020-1426: A coding deficiency exists in Microsoft Windows Kernel that may lead to information disclosure.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 54516 through 54517.

Talos also has added and modified multiple rules in the browser-chrome, browser-ie, file-executable, file-other, malware-cnc, malware-other, os-other, os-windows and server-webapp rule sets to provide coverage for emerging threats from these technologies.

For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.

Change logs

2020-07-14 17:45:37 UTC

Snort Subscriber Rules Update

Date: 2020-07-14

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091600.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:54497 <-> DISABLED <-> BROWSER-CHROME Google Chrome Blink use-after-free attempt (browser-chrome.rules)
 * 1:54496 <-> ENABLED <-> MALWARE-CNC Win.Trojan.NetSupportManager outbound connection attempt (malware-cnc.rules)
 * 1:54495 <-> DISABLED <-> SERVER-OTHER Unitrends UEB 9 bpserverd unauthenticated remote command execution attempt (server-other.rules)
 * 1:54524 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Netwire-8705642-0 download attempt (malware-other.rules)
 * 1:54523 <-> DISABLED <-> OS-WINDOWS Microsoft Windows RDP Client remote code execution attempt (os-windows.rules)
 * 1:54522 <-> DISABLED <-> OS-WINDOWS Microsoft Windows graphics component privilege escalation attempt (os-windows.rules)
 * 1:54521 <-> DISABLED <-> OS-WINDOWS Microsoft Windows graphics component privilege escalation attempt (os-windows.rules)
 * 1:54518 <-> ENABLED <-> SERVER-OTHER Microsoft Windows DNS server remote integer overflow attempt (server-other.rules)
 * 1:54517 <-> ENABLED <-> OS-WINDOWS Microsoft Windows win32k type confusion attempt (os-windows.rules)
 * 1:54516 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k type confusion attempt (os-windows.rules)
 * 1:54515 <-> DISABLED <-> FILE-EXECUTABLE Microsoft Windows graphics component elevation of privilege attempt (file-executable.rules)
 * 1:54514 <-> DISABLED <-> FILE-EXECUTABLE Microsoft Windows graphics component elevation of privilege attempt (file-executable.rules)
 * 1:54513 <-> DISABLED <-> FILE-EXECUTABLE Microsoft Windows graphics component elevation of privilege attempt (file-executable.rules)
 * 1:54512 <-> DISABLED <-> FILE-EXECUTABLE Microsoft Windows graphics component elevation of privilege attempt (file-executable.rules)
 * 1:54511 <-> ENABLED <-> SERVER-WEBAPP Microsoft Windows .NET API XML unsafe deserialization attempt (server-webapp.rules)
 * 1:54510 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer VBScript engine memory corruption attempt (browser-ie.rules)
 * 1:54509 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer VBScript engine memory corruption attempt (browser-ie.rules)
 * 1:54508 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Genpack-8799099-0 download attempt (malware-other.rules)
 * 1:54507 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Genpack-8799099-0 download attempt (malware-other.rules)
 * 1:54506 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generic-8798012-0 download attempt (malware-other.rules)
 * 1:54505 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generic-8798012-0 download attempt (malware-other.rules)
 * 1:54500 <-> ENABLED <-> MALWARE-CNC Win.Ransomware.Maze variant outbound connection (malware-cnc.rules)
 * 1:54499 <-> ENABLED <-> MALWARE-CNC Win.Ransomware.Maze variant outbound connection (malware-cnc.rules)
 * 1:54498 <-> DISABLED <-> BROWSER-CHROME Google Chrome Blink use-after-free attempt (browser-chrome.rules)
 * 1:54535 <-> DISABLED <-> OS-WINDOWS Microsoft Windows null pointer dereference attempt (os-windows.rules)
 * 1:54534 <-> DISABLED <-> OS-WINDOWS Microsoft Windows null pointer dereference attempt (os-windows.rules)
 * 1:54533 <-> DISABLED <-> FILE-OTHER Microsoft Windows Address Book Contact file integer overflow attempt (file-other.rules)
 * 1:54532 <-> DISABLED <-> FILE-OTHER Microsoft Windows Address Book Contact file integer overflow attempt (file-other.rules)
 * 1:54531 <-> DISABLED <-> FILE-OTHER Microsoft Windows Address Book Contact file integer overflow attempt (file-other.rules)
 * 1:54530 <-> DISABLED <-> FILE-OTHER Microsoft Windows Address Book Contact file integer overflow attempt (file-other.rules)
 * 1:54529 <-> DISABLED <-> FILE-OTHER Microsoft Windows Address Book Contact file integer overflow attempt (file-other.rules)
 * 1:54528 <-> DISABLED <-> FILE-OTHER Microsoft Windows Address Book Contact file integer overflow attempt (file-other.rules)
 * 1:54527 <-> DISABLED <-> FILE-OTHER Microsoft Windows CAB file szName directory traversal attempt (file-other.rules)
 * 1:54526 <-> DISABLED <-> FILE-OTHER Microsoft Windows CAB file szName directory traversal attempt (file-other.rules)
 * 1:54525 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Netwire-8705642-0 download attempt (malware-other.rules)
 * 3:54501 <-> ENABLED <-> OS-OTHER TRUFFLEHUNTER TALOS-2020-1118 attack attempt (os-other.rules)
 * 3:54502 <-> ENABLED <-> OS-OTHER TRUFFLEHUNTER TALOS-2020-1118 attack attempt (os-other.rules)
 * 3:54503 <-> ENABLED <-> OS-OTHER TRUFFLEHUNTER TALOS-2020-1117 attack attempt (os-other.rules)
 * 3:54504 <-> ENABLED <-> OS-OTHER TRUFFLEHUNTER TALOS-2020-1117 attack attempt (os-other.rules)
 * 3:54519 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1120 attack attempt (file-other.rules)
 * 3:54520 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1120 attack attempt (file-other.rules)

Modified Rules:


 * 3:36215 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1119 attack attempt (file-other.rules)
 * 3:36214 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1119 attack attempt (file-other.rules)

2020-07-14 17:45:37 UTC

Snort Subscriber Rules Update

Date: 2020-07-14

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091501.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:54529 <-> DISABLED <-> FILE-OTHER Microsoft Windows Address Book Contact file integer overflow attempt (file-other.rules)
 * 1:54528 <-> DISABLED <-> FILE-OTHER Microsoft Windows Address Book Contact file integer overflow attempt (file-other.rules)
 * 1:54497 <-> DISABLED <-> BROWSER-CHROME Google Chrome Blink use-after-free attempt (browser-chrome.rules)
 * 1:54500 <-> ENABLED <-> MALWARE-CNC Win.Ransomware.Maze variant outbound connection (malware-cnc.rules)
 * 1:54496 <-> ENABLED <-> MALWARE-CNC Win.Trojan.NetSupportManager outbound connection attempt (malware-cnc.rules)
 * 1:54495 <-> DISABLED <-> SERVER-OTHER Unitrends UEB 9 bpserverd unauthenticated remote command execution attempt (server-other.rules)
 * 1:54505 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generic-8798012-0 download attempt (malware-other.rules)
 * 1:54506 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generic-8798012-0 download attempt (malware-other.rules)
 * 1:54507 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Genpack-8799099-0 download attempt (malware-other.rules)
 * 1:54508 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Genpack-8799099-0 download attempt (malware-other.rules)
 * 1:54509 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer VBScript engine memory corruption attempt (browser-ie.rules)
 * 1:54499 <-> ENABLED <-> MALWARE-CNC Win.Ransomware.Maze variant outbound connection (malware-cnc.rules)
 * 1:54510 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer VBScript engine memory corruption attempt (browser-ie.rules)
 * 1:54511 <-> ENABLED <-> SERVER-WEBAPP Microsoft Windows .NET API XML unsafe deserialization attempt (server-webapp.rules)
 * 1:54512 <-> DISABLED <-> FILE-EXECUTABLE Microsoft Windows graphics component elevation of privilege attempt (file-executable.rules)
 * 1:54513 <-> DISABLED <-> FILE-EXECUTABLE Microsoft Windows graphics component elevation of privilege attempt (file-executable.rules)
 * 1:54514 <-> DISABLED <-> FILE-EXECUTABLE Microsoft Windows graphics component elevation of privilege attempt (file-executable.rules)
 * 1:54498 <-> DISABLED <-> BROWSER-CHROME Google Chrome Blink use-after-free attempt (browser-chrome.rules)
 * 1:54531 <-> DISABLED <-> FILE-OTHER Microsoft Windows Address Book Contact file integer overflow attempt (file-other.rules)
 * 1:54530 <-> DISABLED <-> FILE-OTHER Microsoft Windows Address Book Contact file integer overflow attempt (file-other.rules)
 * 1:54515 <-> DISABLED <-> FILE-EXECUTABLE Microsoft Windows graphics component elevation of privilege attempt (file-executable.rules)
 * 1:54516 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k type confusion attempt (os-windows.rules)
 * 1:54517 <-> ENABLED <-> OS-WINDOWS Microsoft Windows win32k type confusion attempt (os-windows.rules)
 * 1:54518 <-> ENABLED <-> SERVER-OTHER Microsoft Windows DNS server remote integer overflow attempt (server-other.rules)
 * 1:54521 <-> DISABLED <-> OS-WINDOWS Microsoft Windows graphics component privilege escalation attempt (os-windows.rules)
 * 1:54522 <-> DISABLED <-> OS-WINDOWS Microsoft Windows graphics component privilege escalation attempt (os-windows.rules)
 * 1:54523 <-> DISABLED <-> OS-WINDOWS Microsoft Windows RDP Client remote code execution attempt (os-windows.rules)
 * 1:54524 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Netwire-8705642-0 download attempt (malware-other.rules)
 * 1:54525 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Netwire-8705642-0 download attempt (malware-other.rules)
 * 1:54526 <-> DISABLED <-> FILE-OTHER Microsoft Windows CAB file szName directory traversal attempt (file-other.rules)
 * 1:54535 <-> DISABLED <-> OS-WINDOWS Microsoft Windows null pointer dereference attempt (os-windows.rules)
 * 1:54534 <-> DISABLED <-> OS-WINDOWS Microsoft Windows null pointer dereference attempt (os-windows.rules)
 * 1:54533 <-> DISABLED <-> FILE-OTHER Microsoft Windows Address Book Contact file integer overflow attempt (file-other.rules)
 * 1:54532 <-> DISABLED <-> FILE-OTHER Microsoft Windows Address Book Contact file integer overflow attempt (file-other.rules)
 * 1:54527 <-> DISABLED <-> FILE-OTHER Microsoft Windows CAB file szName directory traversal attempt (file-other.rules)
 * 3:54501 <-> ENABLED <-> OS-OTHER TRUFFLEHUNTER TALOS-2020-1118 attack attempt (os-other.rules)
 * 3:54519 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1120 attack attempt (file-other.rules)
 * 3:54520 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1120 attack attempt (file-other.rules)
 * 3:54504 <-> ENABLED <-> OS-OTHER TRUFFLEHUNTER TALOS-2020-1117 attack attempt (os-other.rules)
 * 3:54503 <-> ENABLED <-> OS-OTHER TRUFFLEHUNTER TALOS-2020-1117 attack attempt (os-other.rules)
 * 3:54502 <-> ENABLED <-> OS-OTHER TRUFFLEHUNTER TALOS-2020-1118 attack attempt (os-other.rules)

Modified Rules:


 * 3:36214 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1119 attack attempt (file-other.rules)
 * 3:36215 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1119 attack attempt (file-other.rules)

2020-07-14 17:45:37 UTC

Snort Subscriber Rules Update

Date: 2020-07-14

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091500.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:54529 <-> DISABLED <-> FILE-OTHER Microsoft Windows Address Book Contact file integer overflow attempt (file-other.rules)
 * 1:54497 <-> DISABLED <-> BROWSER-CHROME Google Chrome Blink use-after-free attempt (browser-chrome.rules)
 * 1:54535 <-> DISABLED <-> OS-WINDOWS Microsoft Windows null pointer dereference attempt (os-windows.rules)
 * 1:54534 <-> DISABLED <-> OS-WINDOWS Microsoft Windows null pointer dereference attempt (os-windows.rules)
 * 1:54533 <-> DISABLED <-> FILE-OTHER Microsoft Windows Address Book Contact file integer overflow attempt (file-other.rules)
 * 1:54498 <-> DISABLED <-> BROWSER-CHROME Google Chrome Blink use-after-free attempt (browser-chrome.rules)
 * 1:54532 <-> DISABLED <-> FILE-OTHER Microsoft Windows Address Book Contact file integer overflow attempt (file-other.rules)
 * 1:54531 <-> DISABLED <-> FILE-OTHER Microsoft Windows Address Book Contact file integer overflow attempt (file-other.rules)
 * 1:54530 <-> DISABLED <-> FILE-OTHER Microsoft Windows Address Book Contact file integer overflow attempt (file-other.rules)
 * 1:54500 <-> ENABLED <-> MALWARE-CNC Win.Ransomware.Maze variant outbound connection (malware-cnc.rules)
 * 1:54528 <-> DISABLED <-> FILE-OTHER Microsoft Windows Address Book Contact file integer overflow attempt (file-other.rules)
 * 1:54495 <-> DISABLED <-> SERVER-OTHER Unitrends UEB 9 bpserverd unauthenticated remote command execution attempt (server-other.rules)
 * 1:54505 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generic-8798012-0 download attempt (malware-other.rules)
 * 1:54510 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer VBScript engine memory corruption attempt (browser-ie.rules)
 * 1:54506 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generic-8798012-0 download attempt (malware-other.rules)
 * 1:54507 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Genpack-8799099-0 download attempt (malware-other.rules)
 * 1:54508 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Genpack-8799099-0 download attempt (malware-other.rules)
 * 1:54499 <-> ENABLED <-> MALWARE-CNC Win.Ransomware.Maze variant outbound connection (malware-cnc.rules)
 * 1:54511 <-> ENABLED <-> SERVER-WEBAPP Microsoft Windows .NET API XML unsafe deserialization attempt (server-webapp.rules)
 * 1:54512 <-> DISABLED <-> FILE-EXECUTABLE Microsoft Windows graphics component elevation of privilege attempt (file-executable.rules)
 * 1:54513 <-> DISABLED <-> FILE-EXECUTABLE Microsoft Windows graphics component elevation of privilege attempt (file-executable.rules)
 * 1:54514 <-> DISABLED <-> FILE-EXECUTABLE Microsoft Windows graphics component elevation of privilege attempt (file-executable.rules)
 * 1:54515 <-> DISABLED <-> FILE-EXECUTABLE Microsoft Windows graphics component elevation of privilege attempt (file-executable.rules)
 * 1:54516 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k type confusion attempt (os-windows.rules)
 * 1:54517 <-> ENABLED <-> OS-WINDOWS Microsoft Windows win32k type confusion attempt (os-windows.rules)
 * 1:54518 <-> ENABLED <-> SERVER-OTHER Microsoft Windows DNS server remote integer overflow attempt (server-other.rules)
 * 1:54521 <-> DISABLED <-> OS-WINDOWS Microsoft Windows graphics component privilege escalation attempt (os-windows.rules)
 * 1:54522 <-> DISABLED <-> OS-WINDOWS Microsoft Windows graphics component privilege escalation attempt (os-windows.rules)
 * 1:54523 <-> DISABLED <-> OS-WINDOWS Microsoft Windows RDP Client remote code execution attempt (os-windows.rules)
 * 1:54524 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Netwire-8705642-0 download attempt (malware-other.rules)
 * 1:54525 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Netwire-8705642-0 download attempt (malware-other.rules)
 * 1:54526 <-> DISABLED <-> FILE-OTHER Microsoft Windows CAB file szName directory traversal attempt (file-other.rules)
 * 1:54527 <-> DISABLED <-> FILE-OTHER Microsoft Windows CAB file szName directory traversal attempt (file-other.rules)
 * 1:54509 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer VBScript engine memory corruption attempt (browser-ie.rules)
 * 1:54496 <-> ENABLED <-> MALWARE-CNC Win.Trojan.NetSupportManager outbound connection attempt (malware-cnc.rules)
 * 3:54501 <-> ENABLED <-> OS-OTHER TRUFFLEHUNTER TALOS-2020-1118 attack attempt (os-other.rules)
 * 3:54502 <-> ENABLED <-> OS-OTHER TRUFFLEHUNTER TALOS-2020-1118 attack attempt (os-other.rules)
 * 3:54504 <-> ENABLED <-> OS-OTHER TRUFFLEHUNTER TALOS-2020-1117 attack attempt (os-other.rules)
 * 3:54503 <-> ENABLED <-> OS-OTHER TRUFFLEHUNTER TALOS-2020-1117 attack attempt (os-other.rules)
 * 3:54519 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1120 attack attempt (file-other.rules)
 * 3:54520 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1120 attack attempt (file-other.rules)

Modified Rules:


 * 3:36215 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1119 attack attempt (file-other.rules)
 * 3:36214 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1119 attack attempt (file-other.rules)

2020-07-14 17:45:37 UTC

Snort Subscriber Rules Update

Date: 2020-07-14

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091401.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:54527 <-> DISABLED <-> FILE-OTHER Microsoft Windows CAB file szName directory traversal attempt (file-other.rules)
 * 1:54529 <-> DISABLED <-> FILE-OTHER Microsoft Windows Address Book Contact file integer overflow attempt (file-other.rules)
 * 1:54522 <-> DISABLED <-> OS-WINDOWS Microsoft Windows graphics component privilege escalation attempt (os-windows.rules)
 * 1:54525 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Netwire-8705642-0 download attempt (malware-other.rules)
 * 1:54497 <-> DISABLED <-> BROWSER-CHROME Google Chrome Blink use-after-free attempt (browser-chrome.rules)
 * 1:54533 <-> DISABLED <-> FILE-OTHER Microsoft Windows Address Book Contact file integer overflow attempt (file-other.rules)
 * 1:54532 <-> DISABLED <-> FILE-OTHER Microsoft Windows Address Book Contact file integer overflow attempt (file-other.rules)
 * 1:54531 <-> DISABLED <-> FILE-OTHER Microsoft Windows Address Book Contact file integer overflow attempt (file-other.rules)
 * 1:54535 <-> DISABLED <-> OS-WINDOWS Microsoft Windows null pointer dereference attempt (os-windows.rules)
 * 1:54534 <-> DISABLED <-> OS-WINDOWS Microsoft Windows null pointer dereference attempt (os-windows.rules)
 * 1:54509 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer VBScript engine memory corruption attempt (browser-ie.rules)
 * 1:54510 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer VBScript engine memory corruption attempt (browser-ie.rules)
 * 1:54526 <-> DISABLED <-> FILE-OTHER Microsoft Windows CAB file szName directory traversal attempt (file-other.rules)
 * 1:54530 <-> DISABLED <-> FILE-OTHER Microsoft Windows Address Book Contact file integer overflow attempt (file-other.rules)
 * 1:54505 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generic-8798012-0 download attempt (malware-other.rules)
 * 1:54495 <-> DISABLED <-> SERVER-OTHER Unitrends UEB 9 bpserverd unauthenticated remote command execution attempt (server-other.rules)
 * 1:54496 <-> ENABLED <-> MALWARE-CNC Win.Trojan.NetSupportManager outbound connection attempt (malware-cnc.rules)
 * 1:54500 <-> ENABLED <-> MALWARE-CNC Win.Ransomware.Maze variant outbound connection (malware-cnc.rules)
 * 1:54523 <-> DISABLED <-> OS-WINDOWS Microsoft Windows RDP Client remote code execution attempt (os-windows.rules)
 * 1:54524 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Netwire-8705642-0 download attempt (malware-other.rules)
 * 1:54498 <-> DISABLED <-> BROWSER-CHROME Google Chrome Blink use-after-free attempt (browser-chrome.rules)
 * 1:54528 <-> DISABLED <-> FILE-OTHER Microsoft Windows Address Book Contact file integer overflow attempt (file-other.rules)
 * 1:54521 <-> DISABLED <-> OS-WINDOWS Microsoft Windows graphics component privilege escalation attempt (os-windows.rules)
 * 1:54517 <-> ENABLED <-> OS-WINDOWS Microsoft Windows win32k type confusion attempt (os-windows.rules)
 * 1:54518 <-> ENABLED <-> SERVER-OTHER Microsoft Windows DNS server remote integer overflow attempt (server-other.rules)
 * 1:54515 <-> DISABLED <-> FILE-EXECUTABLE Microsoft Windows graphics component elevation of privilege attempt (file-executable.rules)
 * 1:54516 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k type confusion attempt (os-windows.rules)
 * 1:54513 <-> DISABLED <-> FILE-EXECUTABLE Microsoft Windows graphics component elevation of privilege attempt (file-executable.rules)
 * 1:54514 <-> DISABLED <-> FILE-EXECUTABLE Microsoft Windows graphics component elevation of privilege attempt (file-executable.rules)
 * 1:54511 <-> ENABLED <-> SERVER-WEBAPP Microsoft Windows .NET API XML unsafe deserialization attempt (server-webapp.rules)
 * 1:54512 <-> DISABLED <-> FILE-EXECUTABLE Microsoft Windows graphics component elevation of privilege attempt (file-executable.rules)
 * 1:54506 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generic-8798012-0 download attempt (malware-other.rules)
 * 1:54499 <-> ENABLED <-> MALWARE-CNC Win.Ransomware.Maze variant outbound connection (malware-cnc.rules)
 * 1:54507 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Genpack-8799099-0 download attempt (malware-other.rules)
 * 1:54508 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Genpack-8799099-0 download attempt (malware-other.rules)
 * 3:54502 <-> ENABLED <-> OS-OTHER TRUFFLEHUNTER TALOS-2020-1118 attack attempt (os-other.rules)
 * 3:54504 <-> ENABLED <-> OS-OTHER TRUFFLEHUNTER TALOS-2020-1117 attack attempt (os-other.rules)
 * 3:54520 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1120 attack attempt (file-other.rules)
 * 3:54519 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1120 attack attempt (file-other.rules)
 * 3:54501 <-> ENABLED <-> OS-OTHER TRUFFLEHUNTER TALOS-2020-1118 attack attempt (os-other.rules)
 * 3:54503 <-> ENABLED <-> OS-OTHER TRUFFLEHUNTER TALOS-2020-1117 attack attempt (os-other.rules)

Modified Rules:


 * 3:36215 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1119 attack attempt (file-other.rules)
 * 3:36214 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1119 attack attempt (file-other.rules)

2020-07-14 17:45:37 UTC

Snort Subscriber Rules Update

Date: 2020-07-14

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091300.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:54527 <-> DISABLED <-> FILE-OTHER Microsoft Windows CAB file szName directory traversal attempt (file-other.rules)
 * 1:54512 <-> DISABLED <-> FILE-EXECUTABLE Microsoft Windows graphics component elevation of privilege attempt (file-executable.rules)
 * 1:54529 <-> DISABLED <-> FILE-OTHER Microsoft Windows Address Book Contact file integer overflow attempt (file-other.rules)
 * 1:54499 <-> ENABLED <-> MALWARE-CNC Win.Ransomware.Maze variant outbound connection (malware-cnc.rules)
 * 1:54528 <-> DISABLED <-> FILE-OTHER Microsoft Windows Address Book Contact file integer overflow attempt (file-other.rules)
 * 1:54530 <-> DISABLED <-> FILE-OTHER Microsoft Windows Address Book Contact file integer overflow attempt (file-other.rules)
 * 1:54508 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Genpack-8799099-0 download attempt (malware-other.rules)
 * 1:54531 <-> DISABLED <-> FILE-OTHER Microsoft Windows Address Book Contact file integer overflow attempt (file-other.rules)
 * 1:54509 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer VBScript engine memory corruption attempt (browser-ie.rules)
 * 1:54507 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Genpack-8799099-0 download attempt (malware-other.rules)
 * 1:54524 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Netwire-8705642-0 download attempt (malware-other.rules)
 * 1:54526 <-> DISABLED <-> FILE-OTHER Microsoft Windows CAB file szName directory traversal attempt (file-other.rules)
 * 1:54525 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Netwire-8705642-0 download attempt (malware-other.rules)
 * 1:54535 <-> DISABLED <-> OS-WINDOWS Microsoft Windows null pointer dereference attempt (os-windows.rules)
 * 1:54534 <-> DISABLED <-> OS-WINDOWS Microsoft Windows null pointer dereference attempt (os-windows.rules)
 * 1:54495 <-> DISABLED <-> SERVER-OTHER Unitrends UEB 9 bpserverd unauthenticated remote command execution attempt (server-other.rules)
 * 1:54522 <-> DISABLED <-> OS-WINDOWS Microsoft Windows graphics component privilege escalation attempt (os-windows.rules)
 * 1:54523 <-> DISABLED <-> OS-WINDOWS Microsoft Windows RDP Client remote code execution attempt (os-windows.rules)
 * 1:54518 <-> ENABLED <-> SERVER-OTHER Microsoft Windows DNS server remote integer overflow attempt (server-other.rules)
 * 1:54521 <-> DISABLED <-> OS-WINDOWS Microsoft Windows graphics component privilege escalation attempt (os-windows.rules)
 * 1:54516 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k type confusion attempt (os-windows.rules)
 * 1:54517 <-> ENABLED <-> OS-WINDOWS Microsoft Windows win32k type confusion attempt (os-windows.rules)
 * 1:54514 <-> DISABLED <-> FILE-EXECUTABLE Microsoft Windows graphics component elevation of privilege attempt (file-executable.rules)
 * 1:54506 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generic-8798012-0 download attempt (malware-other.rules)
 * 1:54515 <-> DISABLED <-> FILE-EXECUTABLE Microsoft Windows graphics component elevation of privilege attempt (file-executable.rules)
 * 1:54513 <-> DISABLED <-> FILE-EXECUTABLE Microsoft Windows graphics component elevation of privilege attempt (file-executable.rules)
 * 1:54497 <-> DISABLED <-> BROWSER-CHROME Google Chrome Blink use-after-free attempt (browser-chrome.rules)
 * 1:54500 <-> ENABLED <-> MALWARE-CNC Win.Ransomware.Maze variant outbound connection (malware-cnc.rules)
 * 1:54498 <-> DISABLED <-> BROWSER-CHROME Google Chrome Blink use-after-free attempt (browser-chrome.rules)
 * 1:54505 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generic-8798012-0 download attempt (malware-other.rules)
 * 1:54511 <-> ENABLED <-> SERVER-WEBAPP Microsoft Windows .NET API XML unsafe deserialization attempt (server-webapp.rules)
 * 1:54510 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer VBScript engine memory corruption attempt (browser-ie.rules)
 * 1:54496 <-> ENABLED <-> MALWARE-CNC Win.Trojan.NetSupportManager outbound connection attempt (malware-cnc.rules)
 * 1:54532 <-> DISABLED <-> FILE-OTHER Microsoft Windows Address Book Contact file integer overflow attempt (file-other.rules)
 * 1:54533 <-> DISABLED <-> FILE-OTHER Microsoft Windows Address Book Contact file integer overflow attempt (file-other.rules)
 * 3:54503 <-> ENABLED <-> OS-OTHER TRUFFLEHUNTER TALOS-2020-1117 attack attempt (os-other.rules)
 * 3:54502 <-> ENABLED <-> OS-OTHER TRUFFLEHUNTER TALOS-2020-1118 attack attempt (os-other.rules)
 * 3:54504 <-> ENABLED <-> OS-OTHER TRUFFLEHUNTER TALOS-2020-1117 attack attempt (os-other.rules)
 * 3:54520 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1120 attack attempt (file-other.rules)
 * 3:54501 <-> ENABLED <-> OS-OTHER TRUFFLEHUNTER TALOS-2020-1118 attack attempt (os-other.rules)
 * 3:54519 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1120 attack attempt (file-other.rules)

Modified Rules:


 * 3:36214 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1119 attack attempt (file-other.rules)
 * 3:36215 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1119 attack attempt (file-other.rules)

2020-07-14 17:45:37 UTC

Snort Subscriber Rules Update

Date: 2020-07-14

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091101.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:54497 <-> DISABLED <-> BROWSER-CHROME Google Chrome Blink use-after-free attempt (browser-chrome.rules)
 * 1:54529 <-> DISABLED <-> FILE-OTHER Microsoft Windows Address Book Contact file integer overflow attempt (file-other.rules)
 * 1:54530 <-> DISABLED <-> FILE-OTHER Microsoft Windows Address Book Contact file integer overflow attempt (file-other.rules)
 * 1:54498 <-> DISABLED <-> BROWSER-CHROME Google Chrome Blink use-after-free attempt (browser-chrome.rules)
 * 1:54535 <-> DISABLED <-> OS-WINDOWS Microsoft Windows null pointer dereference attempt (os-windows.rules)
 * 1:54532 <-> DISABLED <-> FILE-OTHER Microsoft Windows Address Book Contact file integer overflow attempt (file-other.rules)
 * 1:54495 <-> DISABLED <-> SERVER-OTHER Unitrends UEB 9 bpserverd unauthenticated remote command execution attempt (server-other.rules)
 * 1:54505 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generic-8798012-0 download attempt (malware-other.rules)
 * 1:54506 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generic-8798012-0 download attempt (malware-other.rules)
 * 1:54507 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Genpack-8799099-0 download attempt (malware-other.rules)
 * 1:54508 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Genpack-8799099-0 download attempt (malware-other.rules)
 * 1:54499 <-> ENABLED <-> MALWARE-CNC Win.Ransomware.Maze variant outbound connection (malware-cnc.rules)
 * 1:54511 <-> ENABLED <-> SERVER-WEBAPP Microsoft Windows .NET API XML unsafe deserialization attempt (server-webapp.rules)
 * 1:54512 <-> DISABLED <-> FILE-EXECUTABLE Microsoft Windows graphics component elevation of privilege attempt (file-executable.rules)
 * 1:54513 <-> DISABLED <-> FILE-EXECUTABLE Microsoft Windows graphics component elevation of privilege attempt (file-executable.rules)
 * 1:54514 <-> DISABLED <-> FILE-EXECUTABLE Microsoft Windows graphics component elevation of privilege attempt (file-executable.rules)
 * 1:54515 <-> DISABLED <-> FILE-EXECUTABLE Microsoft Windows graphics component elevation of privilege attempt (file-executable.rules)
 * 1:54516 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k type confusion attempt (os-windows.rules)
 * 1:54517 <-> ENABLED <-> OS-WINDOWS Microsoft Windows win32k type confusion attempt (os-windows.rules)
 * 1:54518 <-> ENABLED <-> SERVER-OTHER Microsoft Windows DNS server remote integer overflow attempt (server-other.rules)
 * 1:54527 <-> DISABLED <-> FILE-OTHER Microsoft Windows CAB file szName directory traversal attempt (file-other.rules)
 * 1:54531 <-> DISABLED <-> FILE-OTHER Microsoft Windows Address Book Contact file integer overflow attempt (file-other.rules)
 * 1:54521 <-> DISABLED <-> OS-WINDOWS Microsoft Windows graphics component privilege escalation attempt (os-windows.rules)
 * 1:54522 <-> DISABLED <-> OS-WINDOWS Microsoft Windows graphics component privilege escalation attempt (os-windows.rules)
 * 1:54523 <-> DISABLED <-> OS-WINDOWS Microsoft Windows RDP Client remote code execution attempt (os-windows.rules)
 * 1:54524 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Netwire-8705642-0 download attempt (malware-other.rules)
 * 1:54496 <-> ENABLED <-> MALWARE-CNC Win.Trojan.NetSupportManager outbound connection attempt (malware-cnc.rules)
 * 1:54500 <-> ENABLED <-> MALWARE-CNC Win.Ransomware.Maze variant outbound connection (malware-cnc.rules)
 * 1:54525 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Netwire-8705642-0 download attempt (malware-other.rules)
 * 1:54526 <-> DISABLED <-> FILE-OTHER Microsoft Windows CAB file szName directory traversal attempt (file-other.rules)
 * 1:54528 <-> DISABLED <-> FILE-OTHER Microsoft Windows Address Book Contact file integer overflow attempt (file-other.rules)
 * 1:54509 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer VBScript engine memory corruption attempt (browser-ie.rules)
 * 1:54533 <-> DISABLED <-> FILE-OTHER Microsoft Windows Address Book Contact file integer overflow attempt (file-other.rules)
 * 1:54534 <-> DISABLED <-> OS-WINDOWS Microsoft Windows null pointer dereference attempt (os-windows.rules)
 * 1:54510 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer VBScript engine memory corruption attempt (browser-ie.rules)
 * 3:54501 <-> ENABLED <-> OS-OTHER TRUFFLEHUNTER TALOS-2020-1118 attack attempt (os-other.rules)
 * 3:54503 <-> ENABLED <-> OS-OTHER TRUFFLEHUNTER TALOS-2020-1117 attack attempt (os-other.rules)
 * 3:54504 <-> ENABLED <-> OS-OTHER TRUFFLEHUNTER TALOS-2020-1117 attack attempt (os-other.rules)
 * 3:54502 <-> ENABLED <-> OS-OTHER TRUFFLEHUNTER TALOS-2020-1118 attack attempt (os-other.rules)
 * 3:54520 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1120 attack attempt (file-other.rules)
 * 3:54519 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1120 attack attempt (file-other.rules)

Modified Rules:


 * 3:36215 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1119 attack attempt (file-other.rules)
 * 3:36214 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1119 attack attempt (file-other.rules)

2020-07-14 17:45:37 UTC

Snort Subscriber Rules Update

Date: 2020-07-14

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3000.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:54531 <-> DISABLED <-> FILE-OTHER Microsoft Windows Address Book Contact file integer overflow attempt (snort3-file-other.rules)
 * 1:54534 <-> DISABLED <-> OS-WINDOWS Microsoft Windows null pointer dereference attempt (snort3-os-windows.rules)
 * 1:54498 <-> DISABLED <-> BROWSER-CHROME Google Chrome Blink use-after-free attempt (snort3-browser-chrome.rules)
 * 1:54527 <-> DISABLED <-> FILE-OTHER Microsoft Windows CAB file szName directory traversal attempt (snort3-file-other.rules)
 * 1:54533 <-> DISABLED <-> FILE-OTHER Microsoft Windows Address Book Contact file integer overflow attempt (snort3-file-other.rules)
 * 1:54496 <-> ENABLED <-> MALWARE-CNC Win.Trojan.NetSupportManager outbound connection attempt (snort3-malware-cnc.rules)
 * 1:54529 <-> DISABLED <-> FILE-OTHER Microsoft Windows Address Book Contact file integer overflow attempt (snort3-file-other.rules)
 * 1:54506 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generic-8798012-0 download attempt (snort3-malware-other.rules)
 * 1:54515 <-> DISABLED <-> FILE-EXECUTABLE Microsoft Windows graphics component elevation of privilege attempt (snort3-file-executable.rules)
 * 1:54495 <-> DISABLED <-> SERVER-OTHER Unitrends UEB 9 bpserverd unauthenticated remote command execution attempt (snort3-server-other.rules)
 * 1:54516 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k type confusion attempt (snort3-os-windows.rules)
 * 1:54530 <-> DISABLED <-> FILE-OTHER Microsoft Windows Address Book Contact file integer overflow attempt (snort3-file-other.rules)
 * 1:54505 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generic-8798012-0 download attempt (snort3-malware-other.rules)
 * 1:54528 <-> DISABLED <-> FILE-OTHER Microsoft Windows Address Book Contact file integer overflow attempt (snort3-file-other.rules)
 * 1:54523 <-> DISABLED <-> OS-WINDOWS Microsoft Windows RDP Client remote code execution attempt (snort3-os-windows.rules)
 * 1:54508 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Genpack-8799099-0 download attempt (snort3-malware-other.rules)
 * 1:54499 <-> ENABLED <-> MALWARE-CNC Win.Ransomware.Maze variant outbound connection (snort3-malware-cnc.rules)
 * 1:54500 <-> ENABLED <-> MALWARE-CNC Win.Ransomware.Maze variant outbound connection (snort3-malware-cnc.rules)
 * 1:54510 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer VBScript engine memory corruption attempt (snort3-browser-ie.rules)
 * 1:54509 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer VBScript engine memory corruption attempt (snort3-browser-ie.rules)
 * 1:54512 <-> DISABLED <-> FILE-EXECUTABLE Microsoft Windows graphics component elevation of privilege attempt (snort3-file-executable.rules)
 * 1:54525 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Netwire-8705642-0 download attempt (snort3-malware-other.rules)
 * 1:54526 <-> DISABLED <-> FILE-OTHER Microsoft Windows CAB file szName directory traversal attempt (snort3-file-other.rules)
 * 1:54521 <-> DISABLED <-> OS-WINDOWS Microsoft Windows graphics component privilege escalation attempt (snort3-os-windows.rules)
 * 1:54517 <-> ENABLED <-> OS-WINDOWS Microsoft Windows win32k type confusion attempt (snort3-os-windows.rules)
 * 1:54518 <-> ENABLED <-> SERVER-OTHER Microsoft Windows DNS server remote integer overflow attempt (snort3-server-other.rules)
 * 1:54522 <-> DISABLED <-> OS-WINDOWS Microsoft Windows graphics component privilege escalation attempt (snort3-os-windows.rules)
 * 1:54507 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Genpack-8799099-0 download attempt (snort3-malware-other.rules)
 * 1:54511 <-> ENABLED <-> SERVER-WEBAPP Microsoft Windows .NET API XML unsafe deserialization attempt (snort3-server-webapp.rules)
 * 1:54497 <-> DISABLED <-> BROWSER-CHROME Google Chrome Blink use-after-free attempt (snort3-browser-chrome.rules)
 * 1:54535 <-> DISABLED <-> OS-WINDOWS Microsoft Windows null pointer dereference attempt (snort3-os-windows.rules)
 * 1:54524 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Netwire-8705642-0 download attempt (snort3-malware-other.rules)
 * 1:54513 <-> DISABLED <-> FILE-EXECUTABLE Microsoft Windows graphics component elevation of privilege attempt (snort3-file-executable.rules)
 * 1:54514 <-> DISABLED <-> FILE-EXECUTABLE Microsoft Windows graphics component elevation of privilege attempt (snort3-file-executable.rules)
 * 1:54532 <-> DISABLED <-> FILE-OTHER Microsoft Windows Address Book Contact file integer overflow attempt (snort3-file-other.rules)

Modified Rules:



2020-07-14 17:45:37 UTC

Snort Subscriber Rules Update

Date: 2020-07-14

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:54534 <-> DISABLED <-> OS-WINDOWS Microsoft Windows null pointer dereference attempt (os-windows.rules)
 * 1:54526 <-> DISABLED <-> FILE-OTHER Microsoft Windows CAB file szName directory traversal attempt (file-other.rules)
 * 1:54530 <-> DISABLED <-> FILE-OTHER Microsoft Windows Address Book Contact file integer overflow attempt (file-other.rules)
 * 1:54527 <-> DISABLED <-> FILE-OTHER Microsoft Windows CAB file szName directory traversal attempt (file-other.rules)
 * 1:54525 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Netwire-8705642-0 download attempt (malware-other.rules)
 * 1:54505 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generic-8798012-0 download attempt (malware-other.rules)
 * 1:54496 <-> ENABLED <-> MALWARE-CNC Win.Trojan.NetSupportManager outbound connection attempt (malware-cnc.rules)
 * 1:54532 <-> DISABLED <-> FILE-OTHER Microsoft Windows Address Book Contact file integer overflow attempt (file-other.rules)
 * 1:54531 <-> DISABLED <-> FILE-OTHER Microsoft Windows Address Book Contact file integer overflow attempt (file-other.rules)
 * 1:54495 <-> DISABLED <-> SERVER-OTHER Unitrends UEB 9 bpserverd unauthenticated remote command execution attempt (server-other.rules)
 * 1:54528 <-> DISABLED <-> FILE-OTHER Microsoft Windows Address Book Contact file integer overflow attempt (file-other.rules)
 * 1:54521 <-> DISABLED <-> OS-WINDOWS Microsoft Windows graphics component privilege escalation attempt (os-windows.rules)
 * 1:54517 <-> ENABLED <-> OS-WINDOWS Microsoft Windows win32k type confusion attempt (os-windows.rules)
 * 1:54500 <-> ENABLED <-> MALWARE-CNC Win.Ransomware.Maze variant outbound connection (malware-cnc.rules)
 * 1:54533 <-> DISABLED <-> FILE-OTHER Microsoft Windows Address Book Contact file integer overflow attempt (file-other.rules)
 * 1:54507 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Genpack-8799099-0 download attempt (malware-other.rules)
 * 1:54506 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generic-8798012-0 download attempt (malware-other.rules)
 * 1:54516 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k type confusion attempt (os-windows.rules)
 * 1:54508 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Genpack-8799099-0 download attempt (malware-other.rules)
 * 1:54515 <-> DISABLED <-> FILE-EXECUTABLE Microsoft Windows graphics component elevation of privilege attempt (file-executable.rules)
 * 1:54499 <-> ENABLED <-> MALWARE-CNC Win.Ransomware.Maze variant outbound connection (malware-cnc.rules)
 * 1:54523 <-> DISABLED <-> OS-WINDOWS Microsoft Windows RDP Client remote code execution attempt (os-windows.rules)
 * 1:54529 <-> DISABLED <-> FILE-OTHER Microsoft Windows Address Book Contact file integer overflow attempt (file-other.rules)
 * 1:54524 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Netwire-8705642-0 download attempt (malware-other.rules)
 * 1:54535 <-> DISABLED <-> OS-WINDOWS Microsoft Windows null pointer dereference attempt (os-windows.rules)
 * 1:54512 <-> DISABLED <-> FILE-EXECUTABLE Microsoft Windows graphics component elevation of privilege attempt (file-executable.rules)
 * 1:54513 <-> DISABLED <-> FILE-EXECUTABLE Microsoft Windows graphics component elevation of privilege attempt (file-executable.rules)
 * 1:54511 <-> ENABLED <-> SERVER-WEBAPP Microsoft Windows .NET API XML unsafe deserialization attempt (server-webapp.rules)
 * 1:54514 <-> DISABLED <-> FILE-EXECUTABLE Microsoft Windows graphics component elevation of privilege attempt (file-executable.rules)
 * 1:54498 <-> DISABLED <-> BROWSER-CHROME Google Chrome Blink use-after-free attempt (browser-chrome.rules)
 * 1:54522 <-> DISABLED <-> OS-WINDOWS Microsoft Windows graphics component privilege escalation attempt (os-windows.rules)
 * 1:54509 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer VBScript engine memory corruption attempt (browser-ie.rules)
 * 1:54510 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer VBScript engine memory corruption attempt (browser-ie.rules)
 * 1:54497 <-> DISABLED <-> BROWSER-CHROME Google Chrome Blink use-after-free attempt (browser-chrome.rules)
 * 3:54501 <-> ENABLED <-> OS-OTHER TRUFFLEHUNTER TALOS-2020-1118 attack attempt (os-other.rules)
 * 3:54502 <-> ENABLED <-> OS-OTHER TRUFFLEHUNTER TALOS-2020-1118 attack attempt (os-other.rules)
 * 3:54503 <-> ENABLED <-> OS-OTHER TRUFFLEHUNTER TALOS-2020-1117 attack attempt (os-other.rules)
 * 3:54520 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1120 attack attempt (file-other.rules)
 * 3:54504 <-> ENABLED <-> OS-OTHER TRUFFLEHUNTER TALOS-2020-1117 attack attempt (os-other.rules)
 * 3:54519 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1120 attack attempt (file-other.rules)

Modified Rules:


 * 3:36215 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1119 attack attempt (file-other.rules)
 * 3:36214 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1119 attack attempt (file-other.rules)