Talos Rules 2020-08-25
This release adds and modifies rules in several categories.

Talos has added and modified multiple rules in the file-office, file-pdf, malware-other, os-other, os-windows and server-other rule sets to provide coverage for emerging threats from these technologies.

Change logs

2020-08-25 12:36:05 UTC

Snort Subscriber Rules Update

Date: 2020-08-25

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091601.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:54836 <-> DISABLED <-> MALWARE-OTHER Unix.Trojan.Gafgyt-9403217-0 download attempt (malware-other.rules)
 * 1:54837 <-> DISABLED <-> MALWARE-OTHER Unix.Trojan.Gafgyt-9403217-0 download attempt (malware-other.rules)
 * 1:54838 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Vundo-9406789-0 download attempt (malware-other.rules)
 * 1:54839 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Vundo-9406789-0 download attempt (malware-other.rules)
 * 1:54840 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zeroaccess-9406344-0 download attempt (malware-other.rules)
 * 1:54841 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zeroaccess-9406344-0 download attempt (malware-other.rules)
 * 1:54842 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zeus-9415830-0 download attempt (malware-other.rules)
 * 1:54843 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zeus-9415830-0 download attempt (malware-other.rules)
 * 1:54844 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Atraps-9427196-0 download attempt (malware-other.rules)
 * 1:54845 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Atraps-9427196-0 download attempt (malware-other.rules)
 * 1:54846 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Atraps-9427203-0 download attempt (malware-other.rules)
 * 1:54847 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Atraps-9427203-0 download attempt (malware-other.rules)
 * 1:54848 <-> DISABLED <-> MALWARE-OTHER Unix.Malware.Mrblack-9428384-0 download attempt (malware-other.rules)
 * 1:54849 <-> DISABLED <-> MALWARE-OTHER Unix.Malware.Mrblack-9428384-0 download attempt (malware-other.rules)
 * 1:54850 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Remcos-9446016-0 download attempt (malware-other.rules)
 * 1:54851 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Remcos-9446016-0 download attempt (malware-other.rules)
 * 1:54852 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Remcos-9446018-0 download attempt (malware-other.rules)
 * 1:54853 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Remcos-9446018-0 download attempt (malware-other.rules)
 * 1:54854 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Nebuler-9446495-0 download attempt (malware-other.rules)
 * 1:54855 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Nebuler-9446495-0 download attempt (malware-other.rules)
 * 1:54856 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Ircbot-9446722-0 download attempt (malware-other.rules)
 * 1:54857 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Ircbot-9446722-0 download attempt (malware-other.rules)
 * 1:54858 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.QQpass-9454056-0 download attempt (malware-other.rules)
 * 1:54859 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.QQpass-9454056-0 download attempt (malware-other.rules)
 * 1:54860 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.QQpass-9455117-0 download attempt (malware-other.rules)
 * 1:54861 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.QQpass-9455117-0 download attempt (malware-other.rules)
 * 1:54862 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Tiny-9467540-0 download attempt (malware-other.rules)
 * 1:54863 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Tiny-9467540-0 download attempt (malware-other.rules)
 * 1:54864 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Tiny-9467542-0 download attempt (malware-other.rules)
 * 1:54865 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Tiny-9467542-0 download attempt (malware-other.rules)
 * 3:54866 <-> ENABLED <-> OS-OTHER TRUFFLEHUNTER TALOS-2020-1141 attack attempt (os-other.rules)
 * 3:54867 <-> ENABLED <-> OS-OTHER TRUFFLEHUNTER TALOS-2020-1141 attack attempt (os-other.rules)

Modified Rules:


 * 1:38937 <-> DISABLED <-> FILE-PDF Adobe Reader trusted JavaScript function security bypass attempt (file-pdf.rules)
 * 1:41923 <-> ENABLED <-> SERVER-APACHE Apache Struts remote code execution attempt (server-apache.rules)
 * 1:38938 <-> DISABLED <-> FILE-PDF Adobe Reader trusted JavaScript function security bypass attempt (file-pdf.rules)
 * 1:46546 <-> ENABLED <-> OS-WINDOWS Microsoft Windows win32k NtUserSetImeInfoEx privilege escalation attempt (os-windows.rules)
 * 1:46547 <-> ENABLED <-> OS-WINDOWS Microsoft Windows win32k NtUserSetImeInfoEx privilege escalation attempt (os-windows.rules)
 * 1:54575 <-> ENABLED <-> SERVER-OTHER Microsoft Windows DNS server remote integer overflow attempt (server-other.rules)
 * 1:54576 <-> ENABLED <-> SERVER-OTHER Microsoft Windows DNS server remote integer overflow attempt (server-other.rules)
 * 1:54577 <-> ENABLED <-> SERVER-OTHER Microsoft Windows DNS server remote integer overflow attempt (server-other.rules)
 * 1:13571 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel dval record arbitrary code execution attempt (file-office.rules)
 * 1:41922 <-> ENABLED <-> SERVER-APACHE Apache Struts remote code execution attempt (server-apache.rules)

2020-08-25 12:36:05 UTC

Snort Subscriber Rules Update

Date: 2020-08-25

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091600.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:54860 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.QQpass-9455117-0 download attempt (malware-other.rules)
 * 1:54845 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Atraps-9427196-0 download attempt (malware-other.rules)
 * 1:54840 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zeroaccess-9406344-0 download attempt (malware-other.rules)
 * 1:54839 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Vundo-9406789-0 download attempt (malware-other.rules)
 * 1:54836 <-> DISABLED <-> MALWARE-OTHER Unix.Trojan.Gafgyt-9403217-0 download attempt (malware-other.rules)
 * 1:54837 <-> DISABLED <-> MALWARE-OTHER Unix.Trojan.Gafgyt-9403217-0 download attempt (malware-other.rules)
 * 1:54838 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Vundo-9406789-0 download attempt (malware-other.rules)
 * 1:54842 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zeus-9415830-0 download attempt (malware-other.rules)
 * 1:54841 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zeroaccess-9406344-0 download attempt (malware-other.rules)
 * 1:54850 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Remcos-9446016-0 download attempt (malware-other.rules)
 * 1:54851 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Remcos-9446016-0 download attempt (malware-other.rules)
 * 1:54852 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Remcos-9446018-0 download attempt (malware-other.rules)
 * 1:54853 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Remcos-9446018-0 download attempt (malware-other.rules)
 * 1:54854 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Nebuler-9446495-0 download attempt (malware-other.rules)
 * 1:54855 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Nebuler-9446495-0 download attempt (malware-other.rules)
 * 1:54856 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Ircbot-9446722-0 download attempt (malware-other.rules)
 * 1:54859 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.QQpass-9454056-0 download attempt (malware-other.rules)
 * 1:54846 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Atraps-9427203-0 download attempt (malware-other.rules)
 * 1:54863 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Tiny-9467540-0 download attempt (malware-other.rules)
 * 1:54861 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.QQpass-9455117-0 download attempt (malware-other.rules)
 * 1:54862 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Tiny-9467540-0 download attempt (malware-other.rules)
 * 1:54844 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Atraps-9427196-0 download attempt (malware-other.rules)
 * 1:54864 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Tiny-9467542-0 download attempt (malware-other.rules)
 * 1:54847 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Atraps-9427203-0 download attempt (malware-other.rules)
 * 1:54865 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Tiny-9467542-0 download attempt (malware-other.rules)
 * 1:54849 <-> DISABLED <-> MALWARE-OTHER Unix.Malware.Mrblack-9428384-0 download attempt (malware-other.rules)
 * 1:54848 <-> DISABLED <-> MALWARE-OTHER Unix.Malware.Mrblack-9428384-0 download attempt (malware-other.rules)
 * 1:54843 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zeus-9415830-0 download attempt (malware-other.rules)
 * 1:54857 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Ircbot-9446722-0 download attempt (malware-other.rules)
 * 1:54858 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.QQpass-9454056-0 download attempt (malware-other.rules)
 * 3:54867 <-> ENABLED <-> OS-OTHER TRUFFLEHUNTER TALOS-2020-1141 attack attempt (os-other.rules)
 * 3:54866 <-> ENABLED <-> OS-OTHER TRUFFLEHUNTER TALOS-2020-1141 attack attempt (os-other.rules)

Modified Rules:


 * 1:38937 <-> DISABLED <-> FILE-PDF Adobe Reader trusted JavaScript function security bypass attempt (file-pdf.rules)
 * 1:41923 <-> ENABLED <-> SERVER-APACHE Apache Struts remote code execution attempt (server-apache.rules)
 * 1:46546 <-> ENABLED <-> OS-WINDOWS Microsoft Windows win32k NtUserSetImeInfoEx privilege escalation attempt (os-windows.rules)
 * 1:46547 <-> ENABLED <-> OS-WINDOWS Microsoft Windows win32k NtUserSetImeInfoEx privilege escalation attempt (os-windows.rules)
 * 1:54575 <-> ENABLED <-> SERVER-OTHER Microsoft Windows DNS server remote integer overflow attempt (server-other.rules)
 * 1:54576 <-> ENABLED <-> SERVER-OTHER Microsoft Windows DNS server remote integer overflow attempt (server-other.rules)
 * 1:54577 <-> ENABLED <-> SERVER-OTHER Microsoft Windows DNS server remote integer overflow attempt (server-other.rules)
 * 1:13571 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel dval record arbitrary code execution attempt (file-office.rules)
 * 1:41922 <-> ENABLED <-> SERVER-APACHE Apache Struts remote code execution attempt (server-apache.rules)
 * 1:38938 <-> DISABLED <-> FILE-PDF Adobe Reader trusted JavaScript function security bypass attempt (file-pdf.rules)

2020-08-25 12:36:05 UTC

Snort Subscriber Rules Update

Date: 2020-08-25

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091501.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:54860 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.QQpass-9455117-0 download attempt (malware-other.rules)
 * 1:54861 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.QQpass-9455117-0 download attempt (malware-other.rules)
 * 1:54858 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.QQpass-9454056-0 download attempt (malware-other.rules)
 * 1:54838 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Vundo-9406789-0 download attempt (malware-other.rules)
 * 1:54863 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Tiny-9467540-0 download attempt (malware-other.rules)
 * 1:54862 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Tiny-9467540-0 download attempt (malware-other.rules)
 * 1:54864 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Tiny-9467542-0 download attempt (malware-other.rules)
 * 1:54865 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Tiny-9467542-0 download attempt (malware-other.rules)
 * 1:54841 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zeroaccess-9406344-0 download attempt (malware-other.rules)
 * 1:54845 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Atraps-9427196-0 download attempt (malware-other.rules)
 * 1:54844 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Atraps-9427196-0 download attempt (malware-other.rules)
 * 1:54859 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.QQpass-9454056-0 download attempt (malware-other.rules)
 * 1:54836 <-> DISABLED <-> MALWARE-OTHER Unix.Trojan.Gafgyt-9403217-0 download attempt (malware-other.rules)
 * 1:54837 <-> DISABLED <-> MALWARE-OTHER Unix.Trojan.Gafgyt-9403217-0 download attempt (malware-other.rules)
 * 1:54842 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zeus-9415830-0 download attempt (malware-other.rules)
 * 1:54849 <-> DISABLED <-> MALWARE-OTHER Unix.Malware.Mrblack-9428384-0 download attempt (malware-other.rules)
 * 1:54840 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zeroaccess-9406344-0 download attempt (malware-other.rules)
 * 1:54846 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Atraps-9427203-0 download attempt (malware-other.rules)
 * 1:54850 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Remcos-9446016-0 download attempt (malware-other.rules)
 * 1:54851 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Remcos-9446016-0 download attempt (malware-other.rules)
 * 1:54852 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Remcos-9446018-0 download attempt (malware-other.rules)
 * 1:54853 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Remcos-9446018-0 download attempt (malware-other.rules)
 * 1:54854 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Nebuler-9446495-0 download attempt (malware-other.rules)
 * 1:54855 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Nebuler-9446495-0 download attempt (malware-other.rules)
 * 1:54856 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Ircbot-9446722-0 download attempt (malware-other.rules)
 * 1:54847 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Atraps-9427203-0 download attempt (malware-other.rules)
 * 1:54848 <-> DISABLED <-> MALWARE-OTHER Unix.Malware.Mrblack-9428384-0 download attempt (malware-other.rules)
 * 1:54857 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Ircbot-9446722-0 download attempt (malware-other.rules)
 * 1:54843 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zeus-9415830-0 download attempt (malware-other.rules)
 * 1:54839 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Vundo-9406789-0 download attempt (malware-other.rules)
 * 3:54867 <-> ENABLED <-> OS-OTHER TRUFFLEHUNTER TALOS-2020-1141 attack attempt (os-other.rules)
 * 3:54866 <-> ENABLED <-> OS-OTHER TRUFFLEHUNTER TALOS-2020-1141 attack attempt (os-other.rules)

Modified Rules:


 * 1:54577 <-> ENABLED <-> SERVER-OTHER Microsoft Windows DNS server remote integer overflow attempt (server-other.rules)
 * 1:54576 <-> ENABLED <-> SERVER-OTHER Microsoft Windows DNS server remote integer overflow attempt (server-other.rules)
 * 1:41923 <-> ENABLED <-> SERVER-APACHE Apache Struts remote code execution attempt (server-apache.rules)
 * 1:38937 <-> DISABLED <-> FILE-PDF Adobe Reader trusted JavaScript function security bypass attempt (file-pdf.rules)
 * 1:38938 <-> DISABLED <-> FILE-PDF Adobe Reader trusted JavaScript function security bypass attempt (file-pdf.rules)
 * 1:46546 <-> ENABLED <-> OS-WINDOWS Microsoft Windows win32k NtUserSetImeInfoEx privilege escalation attempt (os-windows.rules)
 * 1:54575 <-> ENABLED <-> SERVER-OTHER Microsoft Windows DNS server remote integer overflow attempt (server-other.rules)
 * 1:46547 <-> ENABLED <-> OS-WINDOWS Microsoft Windows win32k NtUserSetImeInfoEx privilege escalation attempt (os-windows.rules)
 * 1:13571 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel dval record arbitrary code execution attempt (file-office.rules)
 * 1:41922 <-> ENABLED <-> SERVER-APACHE Apache Struts remote code execution attempt (server-apache.rules)

2020-08-25 12:36:05 UTC

Snort Subscriber Rules Update

Date: 2020-08-25

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091500.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:54862 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Tiny-9467540-0 download attempt (malware-other.rules)
 * 1:54842 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zeus-9415830-0 download attempt (malware-other.rules)
 * 1:54861 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.QQpass-9455117-0 download attempt (malware-other.rules)
 * 1:54840 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zeroaccess-9406344-0 download attempt (malware-other.rules)
 * 1:54860 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.QQpass-9455117-0 download attempt (malware-other.rules)
 * 1:54841 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zeroaccess-9406344-0 download attempt (malware-other.rules)
 * 1:54844 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Atraps-9427196-0 download attempt (malware-other.rules)
 * 1:54863 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Tiny-9467540-0 download attempt (malware-other.rules)
 * 1:54836 <-> DISABLED <-> MALWARE-OTHER Unix.Trojan.Gafgyt-9403217-0 download attempt (malware-other.rules)
 * 1:54843 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zeus-9415830-0 download attempt (malware-other.rules)
 * 1:54838 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Vundo-9406789-0 download attempt (malware-other.rules)
 * 1:54864 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Tiny-9467542-0 download attempt (malware-other.rules)
 * 1:54865 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Tiny-9467542-0 download attempt (malware-other.rules)
 * 1:54845 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Atraps-9427196-0 download attempt (malware-other.rules)
 * 1:54837 <-> DISABLED <-> MALWARE-OTHER Unix.Trojan.Gafgyt-9403217-0 download attempt (malware-other.rules)
 * 1:54849 <-> DISABLED <-> MALWARE-OTHER Unix.Malware.Mrblack-9428384-0 download attempt (malware-other.rules)
 * 1:54850 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Remcos-9446016-0 download attempt (malware-other.rules)
 * 1:54851 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Remcos-9446016-0 download attempt (malware-other.rules)
 * 1:54852 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Remcos-9446018-0 download attempt (malware-other.rules)
 * 1:54853 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Remcos-9446018-0 download attempt (malware-other.rules)
 * 1:54854 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Nebuler-9446495-0 download attempt (malware-other.rules)
 * 1:54855 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Nebuler-9446495-0 download attempt (malware-other.rules)
 * 1:54856 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Ircbot-9446722-0 download attempt (malware-other.rules)
 * 1:54847 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Atraps-9427203-0 download attempt (malware-other.rules)
 * 1:54848 <-> DISABLED <-> MALWARE-OTHER Unix.Malware.Mrblack-9428384-0 download attempt (malware-other.rules)
 * 1:54839 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Vundo-9406789-0 download attempt (malware-other.rules)
 * 1:54846 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Atraps-9427203-0 download attempt (malware-other.rules)
 * 1:54859 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.QQpass-9454056-0 download attempt (malware-other.rules)
 * 1:54858 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.QQpass-9454056-0 download attempt (malware-other.rules)
 * 1:54857 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Ircbot-9446722-0 download attempt (malware-other.rules)
 * 3:54867 <-> ENABLED <-> OS-OTHER TRUFFLEHUNTER TALOS-2020-1141 attack attempt (os-other.rules)
 * 3:54866 <-> ENABLED <-> OS-OTHER TRUFFLEHUNTER TALOS-2020-1141 attack attempt (os-other.rules)

Modified Rules:


 * 1:38937 <-> DISABLED <-> FILE-PDF Adobe Reader trusted JavaScript function security bypass attempt (file-pdf.rules)
 * 1:38938 <-> DISABLED <-> FILE-PDF Adobe Reader trusted JavaScript function security bypass attempt (file-pdf.rules)
 * 1:46547 <-> ENABLED <-> OS-WINDOWS Microsoft Windows win32k NtUserSetImeInfoEx privilege escalation attempt (os-windows.rules)
 * 1:54577 <-> ENABLED <-> SERVER-OTHER Microsoft Windows DNS server remote integer overflow attempt (server-other.rules)
 * 1:54575 <-> ENABLED <-> SERVER-OTHER Microsoft Windows DNS server remote integer overflow attempt (server-other.rules)
 * 1:46546 <-> ENABLED <-> OS-WINDOWS Microsoft Windows win32k NtUserSetImeInfoEx privilege escalation attempt (os-windows.rules)
 * 1:13571 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel dval record arbitrary code execution attempt (file-office.rules)
 * 1:41922 <-> ENABLED <-> SERVER-APACHE Apache Struts remote code execution attempt (server-apache.rules)
 * 1:41923 <-> ENABLED <-> SERVER-APACHE Apache Struts remote code execution attempt (server-apache.rules)
 * 1:54576 <-> ENABLED <-> SERVER-OTHER Microsoft Windows DNS server remote integer overflow attempt (server-other.rules)

2020-08-25 12:36:05 UTC

Snort Subscriber Rules Update

Date: 2020-08-25

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091401.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:54863 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Tiny-9467540-0 download attempt (malware-other.rules)
 * 1:54837 <-> DISABLED <-> MALWARE-OTHER Unix.Trojan.Gafgyt-9403217-0 download attempt (malware-other.rules)
 * 1:54840 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zeroaccess-9406344-0 download attempt (malware-other.rules)
 * 1:54859 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.QQpass-9454056-0 download attempt (malware-other.rules)
 * 1:54844 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Atraps-9427196-0 download attempt (malware-other.rules)
 * 1:54836 <-> DISABLED <-> MALWARE-OTHER Unix.Trojan.Gafgyt-9403217-0 download attempt (malware-other.rules)
 * 1:54864 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Tiny-9467542-0 download attempt (malware-other.rules)
 * 1:54865 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Tiny-9467542-0 download attempt (malware-other.rules)
 * 1:54842 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zeus-9415830-0 download attempt (malware-other.rules)
 * 1:54849 <-> DISABLED <-> MALWARE-OTHER Unix.Malware.Mrblack-9428384-0 download attempt (malware-other.rules)
 * 1:54860 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.QQpass-9455117-0 download attempt (malware-other.rules)
 * 1:54850 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Remcos-9446016-0 download attempt (malware-other.rules)
 * 1:54862 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Tiny-9467540-0 download attempt (malware-other.rules)
 * 1:54851 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Remcos-9446016-0 download attempt (malware-other.rules)
 * 1:54852 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Remcos-9446018-0 download attempt (malware-other.rules)
 * 1:54853 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Remcos-9446018-0 download attempt (malware-other.rules)
 * 1:54854 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Nebuler-9446495-0 download attempt (malware-other.rules)
 * 1:54855 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Nebuler-9446495-0 download attempt (malware-other.rules)
 * 1:54846 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Atraps-9427203-0 download attempt (malware-other.rules)
 * 1:54847 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Atraps-9427203-0 download attempt (malware-other.rules)
 * 1:54838 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Vundo-9406789-0 download attempt (malware-other.rules)
 * 1:54848 <-> DISABLED <-> MALWARE-OTHER Unix.Malware.Mrblack-9428384-0 download attempt (malware-other.rules)
 * 1:54839 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Vundo-9406789-0 download attempt (malware-other.rules)
 * 1:54857 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Ircbot-9446722-0 download attempt (malware-other.rules)
 * 1:54856 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Ircbot-9446722-0 download attempt (malware-other.rules)
 * 1:54858 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.QQpass-9454056-0 download attempt (malware-other.rules)
 * 1:54841 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zeroaccess-9406344-0 download attempt (malware-other.rules)
 * 1:54861 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.QQpass-9455117-0 download attempt (malware-other.rules)
 * 1:54845 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Atraps-9427196-0 download attempt (malware-other.rules)
 * 1:54843 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zeus-9415830-0 download attempt (malware-other.rules)
 * 3:54866 <-> ENABLED <-> OS-OTHER TRUFFLEHUNTER TALOS-2020-1141 attack attempt (os-other.rules)
 * 3:54867 <-> ENABLED <-> OS-OTHER TRUFFLEHUNTER TALOS-2020-1141 attack attempt (os-other.rules)

Modified Rules:


 * 1:41923 <-> ENABLED <-> SERVER-APACHE Apache Struts remote code execution attempt (server-apache.rules)
 * 1:46547 <-> ENABLED <-> OS-WINDOWS Microsoft Windows win32k NtUserSetImeInfoEx privilege escalation attempt (os-windows.rules)
 * 1:38937 <-> DISABLED <-> FILE-PDF Adobe Reader trusted JavaScript function security bypass attempt (file-pdf.rules)
 * 1:41922 <-> ENABLED <-> SERVER-APACHE Apache Struts remote code execution attempt (server-apache.rules)
 * 1:54576 <-> ENABLED <-> SERVER-OTHER Microsoft Windows DNS server remote integer overflow attempt (server-other.rules)
 * 1:38938 <-> DISABLED <-> FILE-PDF Adobe Reader trusted JavaScript function security bypass attempt (file-pdf.rules)
 * 1:13571 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel dval record arbitrary code execution attempt (file-office.rules)
 * 1:54575 <-> ENABLED <-> SERVER-OTHER Microsoft Windows DNS server remote integer overflow attempt (server-other.rules)
 * 1:54577 <-> ENABLED <-> SERVER-OTHER Microsoft Windows DNS server remote integer overflow attempt (server-other.rules)
 * 1:46546 <-> ENABLED <-> OS-WINDOWS Microsoft Windows win32k NtUserSetImeInfoEx privilege escalation attempt (os-windows.rules)

2020-08-25 12:36:05 UTC

Snort Subscriber Rules Update

Date: 2020-08-25

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091300.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:54836 <-> DISABLED <-> MALWARE-OTHER Unix.Trojan.Gafgyt-9403217-0 download attempt (malware-other.rules)
 * 1:54860 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.QQpass-9455117-0 download attempt (malware-other.rules)
 * 1:54862 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Tiny-9467540-0 download attempt (malware-other.rules)
 * 1:54863 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Tiny-9467540-0 download attempt (malware-other.rules)
 * 1:54840 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zeroaccess-9406344-0 download attempt (malware-other.rules)
 * 1:54861 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.QQpass-9455117-0 download attempt (malware-other.rules)
 * 1:54865 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Tiny-9467542-0 download attempt (malware-other.rules)
 * 1:54837 <-> DISABLED <-> MALWARE-OTHER Unix.Trojan.Gafgyt-9403217-0 download attempt (malware-other.rules)
 * 1:54846 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Atraps-9427203-0 download attempt (malware-other.rules)
 * 1:54841 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zeroaccess-9406344-0 download attempt (malware-other.rules)
 * 1:54844 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Atraps-9427196-0 download attempt (malware-other.rules)
 * 1:54864 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Tiny-9467542-0 download attempt (malware-other.rules)
 * 1:54838 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Vundo-9406789-0 download attempt (malware-other.rules)
 * 1:54849 <-> DISABLED <-> MALWARE-OTHER Unix.Malware.Mrblack-9428384-0 download attempt (malware-other.rules)
 * 1:54850 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Remcos-9446016-0 download attempt (malware-other.rules)
 * 1:54851 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Remcos-9446016-0 download attempt (malware-other.rules)
 * 1:54847 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Atraps-9427203-0 download attempt (malware-other.rules)
 * 1:54848 <-> DISABLED <-> MALWARE-OTHER Unix.Malware.Mrblack-9428384-0 download attempt (malware-other.rules)
 * 1:54839 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Vundo-9406789-0 download attempt (malware-other.rules)
 * 1:54852 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Remcos-9446018-0 download attempt (malware-other.rules)
 * 1:54853 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Remcos-9446018-0 download attempt (malware-other.rules)
 * 1:54854 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Nebuler-9446495-0 download attempt (malware-other.rules)
 * 1:54842 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zeus-9415830-0 download attempt (malware-other.rules)
 * 1:54858 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.QQpass-9454056-0 download attempt (malware-other.rules)
 * 1:54859 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.QQpass-9454056-0 download attempt (malware-other.rules)
 * 1:54855 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Nebuler-9446495-0 download attempt (malware-other.rules)
 * 1:54856 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Ircbot-9446722-0 download attempt (malware-other.rules)
 * 1:54857 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Ircbot-9446722-0 download attempt (malware-other.rules)
 * 1:54843 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zeus-9415830-0 download attempt (malware-other.rules)
 * 1:54845 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Atraps-9427196-0 download attempt (malware-other.rules)
 * 3:54867 <-> ENABLED <-> OS-OTHER TRUFFLEHUNTER TALOS-2020-1141 attack attempt (os-other.rules)
 * 3:54866 <-> ENABLED <-> OS-OTHER TRUFFLEHUNTER TALOS-2020-1141 attack attempt (os-other.rules)

Modified Rules:


 * 1:54576 <-> ENABLED <-> SERVER-OTHER Microsoft Windows DNS server remote integer overflow attempt (server-other.rules)
 * 1:41923 <-> ENABLED <-> SERVER-APACHE Apache Struts remote code execution attempt (server-apache.rules)
 * 1:46547 <-> ENABLED <-> OS-WINDOWS Microsoft Windows win32k NtUserSetImeInfoEx privilege escalation attempt (os-windows.rules)
 * 1:38937 <-> DISABLED <-> FILE-PDF Adobe Reader trusted JavaScript function security bypass attempt (file-pdf.rules)
 * 1:13571 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel dval record arbitrary code execution attempt (file-office.rules)
 * 1:41922 <-> ENABLED <-> SERVER-APACHE Apache Struts remote code execution attempt (server-apache.rules)
 * 1:54575 <-> ENABLED <-> SERVER-OTHER Microsoft Windows DNS server remote integer overflow attempt (server-other.rules)
 * 1:46546 <-> ENABLED <-> OS-WINDOWS Microsoft Windows win32k NtUserSetImeInfoEx privilege escalation attempt (os-windows.rules)
 * 1:38938 <-> DISABLED <-> FILE-PDF Adobe Reader trusted JavaScript function security bypass attempt (file-pdf.rules)
 * 1:54577 <-> ENABLED <-> SERVER-OTHER Microsoft Windows DNS server remote integer overflow attempt (server-other.rules)

2020-08-25 12:36:05 UTC

Snort Subscriber Rules Update

Date: 2020-08-25

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091101.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:54864 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Tiny-9467542-0 download attempt (malware-other.rules)
 * 1:54862 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Tiny-9467540-0 download attempt (malware-other.rules)
 * 1:54858 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.QQpass-9454056-0 download attempt (malware-other.rules)
 * 1:54845 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Atraps-9427196-0 download attempt (malware-other.rules)
 * 1:54863 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Tiny-9467540-0 download attempt (malware-other.rules)
 * 1:54840 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zeroaccess-9406344-0 download attempt (malware-other.rules)
 * 1:54836 <-> DISABLED <-> MALWARE-OTHER Unix.Trojan.Gafgyt-9403217-0 download attempt (malware-other.rules)
 * 1:54838 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Vundo-9406789-0 download attempt (malware-other.rules)
 * 1:54865 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Tiny-9467542-0 download attempt (malware-other.rules)
 * 1:54848 <-> DISABLED <-> MALWARE-OTHER Unix.Malware.Mrblack-9428384-0 download attempt (malware-other.rules)
 * 1:54837 <-> DISABLED <-> MALWARE-OTHER Unix.Trojan.Gafgyt-9403217-0 download attempt (malware-other.rules)
 * 1:54841 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zeroaccess-9406344-0 download attempt (malware-other.rules)
 * 1:54847 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Atraps-9427203-0 download attempt (malware-other.rules)
 * 1:54839 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Vundo-9406789-0 download attempt (malware-other.rules)
 * 1:54849 <-> DISABLED <-> MALWARE-OTHER Unix.Malware.Mrblack-9428384-0 download attempt (malware-other.rules)
 * 1:54850 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Remcos-9446016-0 download attempt (malware-other.rules)
 * 1:54842 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zeus-9415830-0 download attempt (malware-other.rules)
 * 1:54859 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.QQpass-9454056-0 download attempt (malware-other.rules)
 * 1:54851 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Remcos-9446016-0 download attempt (malware-other.rules)
 * 1:54852 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Remcos-9446018-0 download attempt (malware-other.rules)
 * 1:54853 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Remcos-9446018-0 download attempt (malware-other.rules)
 * 1:54854 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Nebuler-9446495-0 download attempt (malware-other.rules)
 * 1:54855 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Nebuler-9446495-0 download attempt (malware-other.rules)
 * 1:54843 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zeus-9415830-0 download attempt (malware-other.rules)
 * 1:54856 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Ircbot-9446722-0 download attempt (malware-other.rules)
 * 1:54860 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.QQpass-9455117-0 download attempt (malware-other.rules)
 * 1:54857 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Ircbot-9446722-0 download attempt (malware-other.rules)
 * 1:54844 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Atraps-9427196-0 download attempt (malware-other.rules)
 * 1:54861 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.QQpass-9455117-0 download attempt (malware-other.rules)
 * 1:54846 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Atraps-9427203-0 download attempt (malware-other.rules)
 * 3:54866 <-> ENABLED <-> OS-OTHER TRUFFLEHUNTER TALOS-2020-1141 attack attempt (os-other.rules)
 * 3:54867 <-> ENABLED <-> OS-OTHER TRUFFLEHUNTER TALOS-2020-1141 attack attempt (os-other.rules)

Modified Rules:


 * 1:38937 <-> DISABLED <-> FILE-PDF Adobe Reader trusted JavaScript function security bypass attempt (file-pdf.rules)
 * 1:41922 <-> ENABLED <-> SERVER-APACHE Apache Struts remote code execution attempt (server-apache.rules)
 * 1:13571 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel dval record arbitrary code execution attempt (file-office.rules)
 * 1:54575 <-> ENABLED <-> SERVER-OTHER Microsoft Windows DNS server remote integer overflow attempt (server-other.rules)
 * 1:46546 <-> ENABLED <-> OS-WINDOWS Microsoft Windows win32k NtUserSetImeInfoEx privilege escalation attempt (os-windows.rules)
 * 1:38938 <-> DISABLED <-> FILE-PDF Adobe Reader trusted JavaScript function security bypass attempt (file-pdf.rules)
 * 1:54577 <-> ENABLED <-> SERVER-OTHER Microsoft Windows DNS server remote integer overflow attempt (server-other.rules)
 * 1:41923 <-> ENABLED <-> SERVER-APACHE Apache Struts remote code execution attempt (server-apache.rules)
 * 1:54576 <-> ENABLED <-> SERVER-OTHER Microsoft Windows DNS server remote integer overflow attempt (server-other.rules)
 * 1:46547 <-> ENABLED <-> OS-WINDOWS Microsoft Windows win32k NtUserSetImeInfoEx privilege escalation attempt (os-windows.rules)

2020-08-25 12:36:05 UTC

Snort Subscriber Rules Update

Date: 2020-08-25

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3000.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:54861 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.QQpass-9455117-0 download attempt (snort3-malware-other.rules)
 * 1:54844 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Atraps-9427196-0 download attempt (snort3-malware-other.rules)
 * 1:54842 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zeus-9415830-0 download attempt (snort3-malware-other.rules)
 * 1:54846 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Atraps-9427203-0 download attempt (snort3-malware-other.rules)
 * 1:54848 <-> DISABLED <-> MALWARE-OTHER Unix.Malware.Mrblack-9428384-0 download attempt (snort3-malware-other.rules)
 * 1:54859 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.QQpass-9454056-0 download attempt (snort3-malware-other.rules)
 * 1:54862 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Tiny-9467540-0 download attempt (snort3-malware-other.rules)
 * 1:54860 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.QQpass-9455117-0 download attempt (snort3-malware-other.rules)
 * 1:54863 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Tiny-9467540-0 download attempt (snort3-malware-other.rules)
 * 1:54853 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Remcos-9446018-0 download attempt (snort3-malware-other.rules)
 * 1:54850 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Remcos-9446016-0 download attempt (snort3-malware-other.rules)
 * 1:54855 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Nebuler-9446495-0 download attempt (snort3-malware-other.rules)
 * 1:54856 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Ircbot-9446722-0 download attempt (snort3-malware-other.rules)
 * 1:54857 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Ircbot-9446722-0 download attempt (snort3-malware-other.rules)
 * 1:54858 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.QQpass-9454056-0 download attempt (snort3-malware-other.rules)
 * 1:54840 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zeroaccess-9406344-0 download attempt (snort3-malware-other.rules)
 * 1:54836 <-> DISABLED <-> MALWARE-OTHER Unix.Trojan.Gafgyt-9403217-0 download attempt (snort3-malware-other.rules)
 * 1:54843 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zeus-9415830-0 download attempt (snort3-malware-other.rules)
 * 1:54851 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Remcos-9446016-0 download attempt (snort3-malware-other.rules)
 * 1:54852 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Remcos-9446018-0 download attempt (snort3-malware-other.rules)
 * 1:54837 <-> DISABLED <-> MALWARE-OTHER Unix.Trojan.Gafgyt-9403217-0 download attempt (snort3-malware-other.rules)
 * 1:54838 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Vundo-9406789-0 download attempt (snort3-malware-other.rules)
 * 1:54865 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Tiny-9467542-0 download attempt (snort3-malware-other.rules)
 * 1:54864 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Tiny-9467542-0 download attempt (snort3-malware-other.rules)
 * 1:54839 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Vundo-9406789-0 download attempt (snort3-malware-other.rules)
 * 1:54847 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Atraps-9427203-0 download attempt (snort3-malware-other.rules)
 * 1:54854 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Nebuler-9446495-0 download attempt (snort3-malware-other.rules)
 * 1:54845 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Atraps-9427196-0 download attempt (snort3-malware-other.rules)
 * 1:54841 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zeroaccess-9406344-0 download attempt (snort3-malware-other.rules)
 * 1:54849 <-> DISABLED <-> MALWARE-OTHER Unix.Malware.Mrblack-9428384-0 download attempt (snort3-malware-other.rules)

Modified Rules:


 * 1:46546 <-> ENABLED <-> OS-WINDOWS Microsoft Windows win32k NtUserSetImeInfoEx privilege escalation attempt (snort3-os-windows.rules)
 * 1:38938 <-> DISABLED <-> FILE-PDF Adobe Reader trusted JavaScript function security bypass attempt (snort3-file-pdf.rules)
 * 1:46547 <-> ENABLED <-> OS-WINDOWS Microsoft Windows win32k NtUserSetImeInfoEx privilege escalation attempt (snort3-os-windows.rules)
 * 1:38937 <-> DISABLED <-> FILE-PDF Adobe Reader trusted JavaScript function security bypass attempt (snort3-file-pdf.rules)
 * 1:13571 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel dval record arbitrary code execution attempt (snort3-file-office.rules)
 * 1:54576 <-> ENABLED <-> SERVER-OTHER Microsoft Windows DNS server remote integer overflow attempt (snort3-server-other.rules)
 * 1:54575 <-> ENABLED <-> SERVER-OTHER Microsoft Windows DNS server remote integer overflow attempt (snort3-server-other.rules)
 * 1:54577 <-> ENABLED <-> SERVER-OTHER Microsoft Windows DNS server remote integer overflow attempt (snort3-server-other.rules)
 * 1:41923 <-> ENABLED <-> SERVER-APACHE Apache Struts remote code execution attempt (snort3-server-apache.rules)
 * 1:41922 <-> ENABLED <-> SERVER-APACHE Apache Struts remote code execution attempt (snort3-server-apache.rules)

2020-08-25 12:36:05 UTC

Snort Subscriber Rules Update

Date: 2020-08-25

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:54863 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Tiny-9467540-0 download attempt (malware-other.rules)
 * 1:54855 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Nebuler-9446495-0 download attempt (malware-other.rules)
 * 1:54840 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zeroaccess-9406344-0 download attempt (malware-other.rules)
 * 1:54843 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zeus-9415830-0 download attempt (malware-other.rules)
 * 1:54844 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Atraps-9427196-0 download attempt (malware-other.rules)
 * 1:54865 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Tiny-9467542-0 download attempt (malware-other.rules)
 * 1:54859 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.QQpass-9454056-0 download attempt (malware-other.rules)
 * 1:54860 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.QQpass-9455117-0 download attempt (malware-other.rules)
 * 1:54850 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Remcos-9446016-0 download attempt (malware-other.rules)
 * 1:54847 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Atraps-9427203-0 download attempt (malware-other.rules)
 * 1:54854 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Nebuler-9446495-0 download attempt (malware-other.rules)
 * 1:54864 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Tiny-9467542-0 download attempt (malware-other.rules)
 * 1:54857 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Ircbot-9446722-0 download attempt (malware-other.rules)
 * 1:54848 <-> DISABLED <-> MALWARE-OTHER Unix.Malware.Mrblack-9428384-0 download attempt (malware-other.rules)
 * 1:54836 <-> DISABLED <-> MALWARE-OTHER Unix.Trojan.Gafgyt-9403217-0 download attempt (malware-other.rules)
 * 1:54837 <-> DISABLED <-> MALWARE-OTHER Unix.Trojan.Gafgyt-9403217-0 download attempt (malware-other.rules)
 * 1:54838 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Vundo-9406789-0 download attempt (malware-other.rules)
 * 1:54842 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zeus-9415830-0 download attempt (malware-other.rules)
 * 1:54852 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Remcos-9446018-0 download attempt (malware-other.rules)
 * 1:54858 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.QQpass-9454056-0 download attempt (malware-other.rules)
 * 1:54856 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Ircbot-9446722-0 download attempt (malware-other.rules)
 * 1:54862 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Tiny-9467540-0 download attempt (malware-other.rules)
 * 1:54839 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Vundo-9406789-0 download attempt (malware-other.rules)
 * 1:54845 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Atraps-9427196-0 download attempt (malware-other.rules)
 * 1:54861 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.QQpass-9455117-0 download attempt (malware-other.rules)
 * 1:54846 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Atraps-9427203-0 download attempt (malware-other.rules)
 * 1:54853 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Remcos-9446018-0 download attempt (malware-other.rules)
 * 1:54849 <-> DISABLED <-> MALWARE-OTHER Unix.Malware.Mrblack-9428384-0 download attempt (malware-other.rules)
 * 1:54851 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Remcos-9446016-0 download attempt (malware-other.rules)
 * 1:54841 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zeroaccess-9406344-0 download attempt (malware-other.rules)
 * 3:54866 <-> ENABLED <-> OS-OTHER TRUFFLEHUNTER TALOS-2020-1141 attack attempt (os-other.rules)
 * 3:54867 <-> ENABLED <-> OS-OTHER TRUFFLEHUNTER TALOS-2020-1141 attack attempt (os-other.rules)

Modified Rules:


 * 1:41923 <-> ENABLED <-> SERVER-APACHE Apache Struts remote code execution attempt (server-apache.rules)
 * 1:38937 <-> DISABLED <-> FILE-PDF Adobe Reader trusted JavaScript function security bypass attempt (file-pdf.rules)
 * 1:46546 <-> ENABLED <-> OS-WINDOWS Microsoft Windows win32k NtUserSetImeInfoEx privilege escalation attempt (os-windows.rules)
 * 1:13571 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel dval record arbitrary code execution attempt (file-office.rules)
 * 1:41922 <-> ENABLED <-> SERVER-APACHE Apache Struts remote code execution attempt (server-apache.rules)
 * 1:38938 <-> DISABLED <-> FILE-PDF Adobe Reader trusted JavaScript function security bypass attempt (file-pdf.rules)
 * 1:46547 <-> ENABLED <-> OS-WINDOWS Microsoft Windows win32k NtUserSetImeInfoEx privilege escalation attempt (os-windows.rules)