Microsoft Vulnerability CVE-2020-0664: A coding deficiency exists in Active Directory that may lead to information disclosure.
Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 55139 through 55140.
Microsoft Vulnerability CVE-2020-0856: A coding deficiency exists in Active Directory that may lead to information disclosure.
A rule to detect attacks targeting this vulnerability is included in this release and is identified with GID 1, SID 55206.
Microsoft Vulnerability CVE-2020-0941: A coding deficiency exists in Microsoft Win32k that may lead to information disclosure.
Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 55187 through 55188.
Microsoft Vulnerability CVE-2020-1115: A coding deficiency exists in Microsoft Windows Common Log File System driver that may lead to an escalation of privilege.
Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 55141 through 55142.
Microsoft Vulnerability CVE-2020-1152: A coding deficiency exists in Microsoft Win32k that may lead to an escalation of privilege.
Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 55161 through 55162.
Microsoft Vulnerability CVE-2020-1245: A coding deficiency exists in Microsoft Win32k that may lead to an escalation of privilege.
Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 55143 through 55144.
Microsoft Vulnerability CVE-2020-1308: A coding deficiency exists in DirectX that may lead to an escalation of privilege.
Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 55145 through 55146.
Talos also has added and modified multiple rules in the browser-chrome, file-other, malware-cnc, malware-other, os-windows, policy-other and server-webapp rule sets to provide coverage for emerging threats from these technologies.
For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091601.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:55038 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Dropperx-9637493-0 download attempt (malware-other.rules) * 1:55039 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Dropperx-9637493-0 download attempt (malware-other.rules) * 1:55040 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Upatre-9638383-0 download attempt (malware-other.rules) * 1:55041 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Upatre-9638383-0 download attempt (malware-other.rules) * 1:55042 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9638741-0 download attempt (malware-other.rules) * 1:55043 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9638741-0 download attempt (malware-other.rules) * 1:55044 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9638751-0 download attempt (malware-other.rules) * 1:55045 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9638751-0 download attempt (malware-other.rules) * 1:55046 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Genpack-9638414-0 download attempt (malware-other.rules) * 1:55047 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Genpack-9638414-0 download attempt (malware-other.rules) * 1:55048 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Genpack-9638419-0 download attempt (malware-other.rules) * 1:55049 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Genpack-9638419-0 download attempt (malware-other.rules) * 1:55050 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Karagany-9638614-0 download attempt (malware-other.rules) * 1:55051 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Karagany-9638614-0 download attempt (malware-other.rules) * 1:55052 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Agentb-9639796-0 download attempt (malware-other.rules) * 1:55053 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Agentb-9639796-0 download attempt (malware-other.rules) * 1:55054 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9641287-0 download attempt (malware-other.rules) * 1:55055 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9641287-0 download attempt (malware-other.rules) * 1:55056 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Sytro-9640596-0 download attempt (malware-other.rules) * 1:55057 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Sytro-9640596-0 download attempt (malware-other.rules) * 1:55058 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Midie-9642391-0 download attempt (malware-other.rules) * 1:55059 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Midie-9642391-0 download attempt (malware-other.rules) * 1:55060 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Sytro-9644119-0 download attempt (malware-other.rules) * 1:55061 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Sytro-9644119-0 download attempt (malware-other.rules) * 1:55062 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upantix-9644504-0 download attempt (malware-other.rules) * 1:55063 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upantix-9644504-0 download attempt (malware-other.rules) * 1:55064 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upantix-9644516-0 download attempt (malware-other.rules) * 1:55065 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upantix-9644516-0 download attempt (malware-other.rules) * 1:55066 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Razy-9644138-0 download attempt (malware-other.rules) * 1:55067 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Razy-9644138-0 download attempt (malware-other.rules) * 1:55068 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Nitol-9644345-0 download attempt (malware-other.rules) * 1:55069 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Nitol-9644345-0 download attempt (malware-other.rules) * 1:55070 <-> DISABLED <-> MALWARE-OTHER Win.Tool.Zusy-9645230-0 download attempt (malware-other.rules) * 1:55071 <-> DISABLED <-> MALWARE-OTHER Win.Tool.Zusy-9645230-0 download attempt (malware-other.rules) * 1:55072 <-> DISABLED <-> MALWARE-OTHER Win.Tool.Zusy-9645231-0 download attempt (malware-other.rules) * 1:55073 <-> DISABLED <-> MALWARE-OTHER Win.Tool.Zusy-9645231-0 download attempt (malware-other.rules) * 1:55074 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Razy-9645233-0 download attempt (malware-other.rules) * 1:55075 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Razy-9645233-0 download attempt (malware-other.rules) * 1:55076 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9645326-0 download attempt (malware-other.rules) * 1:55077 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9645326-0 download attempt (malware-other.rules) * 1:55078 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Dropperx-9645502-0 download attempt (malware-other.rules) * 1:55079 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Dropperx-9645502-0 download attempt (malware-other.rules) * 1:55080 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9645329-0 download attempt (malware-other.rules) * 1:55081 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9645329-0 download attempt (malware-other.rules) * 1:55082 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9645330-0 download attempt (malware-other.rules) * 1:55083 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9645330-0 download attempt (malware-other.rules) * 1:55084 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Razy-9645384-0 download attempt (malware-other.rules) * 1:55085 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Razy-9645384-0 download attempt (malware-other.rules) * 1:55086 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Bqrf-9645595-0 download attempt (malware-other.rules) * 1:55087 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Bqrf-9645595-0 download attempt (malware-other.rules) * 1:55088 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Upatre-9645450-0 download attempt (malware-other.rules) * 1:55089 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Upatre-9645450-0 download attempt (malware-other.rules) * 1:55090 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Mikey-9645700-0 download attempt (malware-other.rules) * 1:55091 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Mikey-9645700-0 download attempt (malware-other.rules) * 1:55092 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9645872-0 download attempt (malware-other.rules) * 1:55093 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9645872-0 download attempt (malware-other.rules) * 1:55094 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Midie-9646220-0 download attempt (malware-other.rules) * 1:55095 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Midie-9646220-0 download attempt (malware-other.rules) * 1:55096 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Tool.Kuaizip-9646234-0 download attempt (malware-other.rules) * 1:55097 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Tool.Kuaizip-9646234-0 download attempt (malware-other.rules) * 1:55098 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Blackmoon-9649168-0 download attempt (malware-other.rules) * 1:55099 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Blackmoon-9649168-0 download attempt (malware-other.rules) * 1:55100 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Generickdz-9651402-0 download attempt (malware-other.rules) * 1:55101 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Generickdz-9651402-0 download attempt (malware-other.rules) * 1:55102 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Urausy-9652317-0 download attempt (malware-other.rules) * 1:55103 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Urausy-9652317-0 download attempt (malware-other.rules) * 1:55104 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Midie-9651428-0 download attempt (malware-other.rules) * 1:55105 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Midie-9651428-0 download attempt (malware-other.rules) * 1:55106 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Midie-9651455-0 download attempt (malware-other.rules) * 1:55107 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Midie-9651455-0 download attempt (malware-other.rules) * 1:55108 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9652796-0 download attempt (malware-other.rules) * 1:55109 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9652796-0 download attempt (malware-other.rules) * 1:55110 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Blackmoon-9653251-0 download attempt (malware-other.rules) * 1:55111 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Blackmoon-9653251-0 download attempt (malware-other.rules) * 1:55112 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Slenfbot-9653263-0 download attempt (malware-other.rules) * 1:55113 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Slenfbot-9653263-0 download attempt (malware-other.rules) * 1:55114 <-> DISABLED <-> MALWARE-OTHER Win.Ircbot.Ircbot-9653265-0 download attempt (malware-other.rules) * 1:55115 <-> DISABLED <-> MALWARE-OTHER Win.Ircbot.Ircbot-9653265-0 download attempt (malware-other.rules) * 1:55116 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Azzf-9653274-0 download attempt (malware-other.rules) * 1:55117 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Azzf-9653274-0 download attempt (malware-other.rules) * 1:55118 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Azzo-9653275-0 download attempt (malware-other.rules) * 1:55119 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Azzo-9653275-0 download attempt (malware-other.rules) * 1:55120 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Midie-9653298-0 download attempt (malware-other.rules) * 1:55121 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Midie-9653298-0 download attempt (malware-other.rules) * 1:55122 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Dexter-9654223-0 download attempt (malware-other.rules) * 1:55123 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Dexter-9654223-0 download attempt (malware-other.rules) * 1:55124 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Tiny-9653715-0 download attempt (malware-other.rules) * 1:55125 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Tiny-9653715-0 download attempt (malware-other.rules) * 1:55126 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Powerspider-9654501-0 download attempt (malware-other.rules) * 1:55127 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Powerspider-9654501-0 download attempt (malware-other.rules) * 1:55128 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ulise-9654608-0 download attempt (malware-other.rules) * 1:55129 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ulise-9654608-0 download attempt (malware-other.rules) * 1:55130 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Farfli-9654634-0 download attempt (malware-other.rules) * 1:55131 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Farfli-9654634-0 download attempt (malware-other.rules) * 1:55132 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Upatre-9655576-0 download attempt (malware-other.rules) * 1:55133 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Upatre-9655576-0 download attempt (malware-other.rules) * 1:55134 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Upatre-9655589-0 download attempt (malware-other.rules) * 1:55135 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Upatre-9655589-0 download attempt (malware-other.rules) * 1:55136 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Urelas-9655843-0 download attempt (malware-other.rules) * 1:55137 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Urelas-9655843-0 download attempt (malware-other.rules) * 1:55138 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Pioneer outbound communication attempt (malware-cnc.rules) * 1:55139 <-> DISABLED <-> SERVER-OTHER Microsoft Windows Active Directory information disclosure attempt (server-other.rules) * 1:55140 <-> DISABLED <-> SERVER-OTHER Microsoft Windows Active Directory information disclosure attempt (server-other.rules) * 1:55141 <-> DISABLED <-> FILE-OTHER Microsoft Windows CLFS Driver elevation of privilege attempt (file-other.rules) * 1:55142 <-> DISABLED <-> FILE-OTHER Microsoft Windows CLFS Driver elevation of privilege attempt (file-other.rules) * 1:55143 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k kernel driver use after free attempt (os-windows.rules) * 1:55144 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k kernel driver use after free attempt (os-windows.rules) * 1:55145 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DirectX kernel driver local privilege escalation attempt (os-windows.rules) * 1:55146 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DirectX kernel driver local privilege escalation attempt (os-windows.rules) * 1:55147 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Burden-9681817-0 download attempt (malware-other.rules) * 1:55148 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Burden-9681817-0 download attempt (malware-other.rules) * 1:55149 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generickdz-9681016-0 download attempt (malware-other.rules) * 1:55150 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generickdz-9681016-0 download attempt (malware-other.rules) * 1:55151 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9683280-0 download attempt (malware-other.rules) * 1:55152 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9683280-0 download attempt (malware-other.rules) * 1:55153 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Upatre-9683289-0 download attempt (malware-other.rules) * 1:55154 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Upatre-9683289-0 download attempt (malware-other.rules) * 1:55155 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9683300-0 download attempt (malware-other.rules) * 1:55156 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9683300-0 download attempt (malware-other.rules) * 1:55157 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Generickdz-9684939-0 download attempt (malware-other.rules) * 1:55158 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Generickdz-9684939-0 download attempt (malware-other.rules) * 1:55159 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Midie-9684412-0 download attempt (malware-other.rules) * 1:55160 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Midie-9684412-0 download attempt (malware-other.rules) * 1:55161 <-> DISABLED <-> OS-WINDOWS Microsoft Windows kernel DirectComposition use after free attempt (os-windows.rules) * 1:55162 <-> DISABLED <-> OS-WINDOWS Microsoft Windows kernel DirectComposition use after free attempt (os-windows.rules) * 1:55163 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Urausy-9732721-0 download attempt (malware-other.rules) * 1:55164 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Urausy-9732721-0 download attempt (malware-other.rules) * 1:55165 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Midie-9732633-0 download attempt (malware-other.rules) * 1:55166 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Midie-9732633-0 download attempt (malware-other.rules) * 1:55167 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upantix-9732988-0 download attempt (malware-other.rules) * 1:55168 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upantix-9732988-0 download attempt (malware-other.rules) * 1:55169 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upantix-9732991-0 download attempt (malware-other.rules) * 1:55170 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upantix-9732991-0 download attempt (malware-other.rules) * 1:55171 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Fugrafa-9733007-0 download attempt (malware-other.rules) * 1:55172 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Fugrafa-9733007-0 download attempt (malware-other.rules) * 1:55173 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Fugrafa-9733010-0 download attempt (malware-other.rules) * 1:55174 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Fugrafa-9733010-0 download attempt (malware-other.rules) * 1:55175 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Midie-9733145-0 download attempt (malware-other.rules) * 1:55176 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Midie-9733145-0 download attempt (malware-other.rules) * 1:55177 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generickdz-9733191-0 download attempt (malware-other.rules) * 1:55178 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generickdz-9733191-0 download attempt (malware-other.rules) * 1:55179 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Zbot-9733244-0 download attempt (malware-other.rules) * 1:55180 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Zbot-9733244-0 download attempt (malware-other.rules) * 1:55181 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9733416-0 download attempt (malware-other.rules) * 1:55182 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9733416-0 download attempt (malware-other.rules) * 1:55183 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Trustezeb-9733534-0 download attempt (malware-other.rules) * 1:55184 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Trustezeb-9733534-0 download attempt (malware-other.rules) * 1:55185 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Urausy-9733639-0 download attempt (malware-other.rules) * 1:55186 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Urausy-9733639-0 download attempt (malware-other.rules) * 1:55187 <-> DISABLED <-> OS-WINDOWS Microsoft Windows kernel driver escalation of privilege attempt (os-windows.rules) * 1:55188 <-> DISABLED <-> OS-WINDOWS Microsoft Windows kernel driver escalation of privilege attempt (os-windows.rules) * 1:55189 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Urausy-9733671-0 download attempt (malware-other.rules) * 1:55190 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Urausy-9733671-0 download attempt (malware-other.rules) * 1:55191 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Midie-9733689-0 download attempt (malware-other.rules) * 1:55192 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Midie-9733689-0 download attempt (malware-other.rules) * 1:55193 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Generickdz-9733669-0 download attempt (malware-other.rules) * 1:55194 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Generickdz-9733669-0 download attempt (malware-other.rules) * 1:55195 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Generickdz-9733685-0 download attempt (malware-other.rules) * 1:55196 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Generickdz-9733685-0 download attempt (malware-other.rules) * 1:55197 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NDIS.SYS driver buffer overflow attempt (os-windows.rules) * 1:55198 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NDIS.SYS driver buffer overflow attempt (os-windows.rules) * 1:55199 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Delf-9733756-0 download attempt (malware-other.rules) * 1:55200 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Delf-9733756-0 download attempt (malware-other.rules) * 1:55201 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zbot-9733739-0 download attempt (malware-other.rules) * 1:55202 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zbot-9733739-0 download attempt (malware-other.rules) * 1:55203 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.SoreFang malicious executable download attempt (malware-other.rules) * 1:55204 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.SoreFang malicious executable download attempt (malware-other.rules) * 1:55205 <-> DISABLED <-> MALWARE-CNC Win.Trojan.SoreFang initial outbound connection attempt (malware-cnc.rules) * 1:55206 <-> ENABLED <-> SERVER-OTHER Active Directory LDAP addRequest crafted dnsRecord information leak attempt (server-other.rules) * 1:55207 <-> DISABLED <-> SERVER-OTHER Intel AMT HTTP invalid chunk size attempt (server-other.rules) * 1:55208 <-> DISABLED <-> SERVER-OTHER Intel AMT HTTP invalid chunk size attempt (server-other.rules) * 1:55209 <-> DISABLED <-> SERVER-OTHER Intel AMT HTTP negative content-length attempt (server-other.rules) * 1:55210 <-> DISABLED <-> SERVER-OTHER Intel AMT HTTP negative content-length attempt (server-other.rules)
* 1:36744 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NDIS.SYS driver buffer overflow attempt (os-windows.rules) * 1:51620 <-> ENABLED <-> SERVER-WEBAPP vBulletin pre-authenticated command injection attempt (server-webapp.rules) * 1:36745 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NDIS.SYS driver buffer overflow attempt (os-windows.rules) * 1:51833 <-> DISABLED <-> SERVER-WEBAPP vBulletin pre-authenticated command injection attempt (server-webapp.rules) * 1:51621 <-> ENABLED <-> SERVER-WEBAPP vBulletin pre-authenticated command injection attempt (server-webapp.rules) * 1:51835 <-> DISABLED <-> SERVER-WEBAPP vBulletin pre-authenticated command injection attempt (server-webapp.rules) * 1:51834 <-> DISABLED <-> SERVER-WEBAPP vBulletin pre-authenticated command injection attempt (server-webapp.rules) * 1:51837 <-> DISABLED <-> SERVER-WEBAPP vBulletin pre-authenticated command injection attempt (server-webapp.rules) * 1:51836 <-> DISABLED <-> SERVER-WEBAPP vBulletin pre-authenticated command injection attempt (server-webapp.rules) * 1:54767 <-> ENABLED <-> SERVER-WEBAPP vBulletin template rendering arbitrary PHP code execution attempt (server-webapp.rules) * 1:54383 <-> DISABLED <-> POLICY-OTHER Potentially suspicious fragmented IP in IP packet (policy-other.rules) * 1:54768 <-> ENABLED <-> SERVER-WEBAPP vBulletin template rendering arbitrary PHP code execution attempt (server-webapp.rules) * 3:55036 <-> ENABLED <-> BROWSER-CHROME TRUFFLEHUNTER TALOS-2020-1152 attack attempt (browser-chrome.rules) * 3:55037 <-> ENABLED <-> BROWSER-CHROME TRUFFLEHUNTER TALOS-2020-1152 attack attempt (browser-chrome.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091600.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:55168 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upantix-9732988-0 download attempt (malware-other.rules) * 1:55038 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Dropperx-9637493-0 download attempt (malware-other.rules) * 1:55039 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Dropperx-9637493-0 download attempt (malware-other.rules) * 1:55040 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Upatre-9638383-0 download attempt (malware-other.rules) * 1:55041 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Upatre-9638383-0 download attempt (malware-other.rules) * 1:55042 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9638741-0 download attempt (malware-other.rules) * 1:55043 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9638741-0 download attempt (malware-other.rules) * 1:55044 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9638751-0 download attempt (malware-other.rules) * 1:55045 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9638751-0 download attempt (malware-other.rules) * 1:55046 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Genpack-9638414-0 download attempt (malware-other.rules) * 1:55047 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Genpack-9638414-0 download attempt (malware-other.rules) * 1:55048 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Genpack-9638419-0 download attempt (malware-other.rules) * 1:55049 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Genpack-9638419-0 download attempt (malware-other.rules) * 1:55050 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Karagany-9638614-0 download attempt (malware-other.rules) * 1:55051 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Karagany-9638614-0 download attempt (malware-other.rules) * 1:55052 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Agentb-9639796-0 download attempt (malware-other.rules) * 1:55053 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Agentb-9639796-0 download attempt (malware-other.rules) * 1:55054 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9641287-0 download attempt (malware-other.rules) * 1:55055 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9641287-0 download attempt (malware-other.rules) * 1:55056 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Sytro-9640596-0 download attempt (malware-other.rules) * 1:55057 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Sytro-9640596-0 download attempt (malware-other.rules) * 1:55058 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Midie-9642391-0 download attempt (malware-other.rules) * 1:55059 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Midie-9642391-0 download attempt (malware-other.rules) * 1:55060 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Sytro-9644119-0 download attempt (malware-other.rules) * 1:55061 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Sytro-9644119-0 download attempt (malware-other.rules) * 1:55062 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upantix-9644504-0 download attempt (malware-other.rules) * 1:55063 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upantix-9644504-0 download attempt (malware-other.rules) * 1:55064 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upantix-9644516-0 download attempt (malware-other.rules) * 1:55065 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upantix-9644516-0 download attempt (malware-other.rules) * 1:55066 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Razy-9644138-0 download attempt (malware-other.rules) * 1:55067 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Razy-9644138-0 download attempt (malware-other.rules) * 1:55068 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Nitol-9644345-0 download attempt (malware-other.rules) * 1:55069 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Nitol-9644345-0 download attempt (malware-other.rules) * 1:55070 <-> DISABLED <-> MALWARE-OTHER Win.Tool.Zusy-9645230-0 download attempt (malware-other.rules) * 1:55071 <-> DISABLED <-> MALWARE-OTHER Win.Tool.Zusy-9645230-0 download attempt (malware-other.rules) * 1:55072 <-> DISABLED <-> MALWARE-OTHER Win.Tool.Zusy-9645231-0 download attempt (malware-other.rules) * 1:55073 <-> DISABLED <-> MALWARE-OTHER Win.Tool.Zusy-9645231-0 download attempt (malware-other.rules) * 1:55074 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Razy-9645233-0 download attempt (malware-other.rules) * 1:55075 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Razy-9645233-0 download attempt (malware-other.rules) * 1:55076 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9645326-0 download attempt (malware-other.rules) * 1:55077 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9645326-0 download attempt (malware-other.rules) * 1:55078 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Dropperx-9645502-0 download attempt (malware-other.rules) * 1:55079 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Dropperx-9645502-0 download attempt (malware-other.rules) * 1:55080 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9645329-0 download attempt (malware-other.rules) * 1:55081 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9645329-0 download attempt (malware-other.rules) * 1:55082 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9645330-0 download attempt (malware-other.rules) * 1:55083 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9645330-0 download attempt (malware-other.rules) * 1:55084 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Razy-9645384-0 download attempt (malware-other.rules) * 1:55085 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Razy-9645384-0 download attempt (malware-other.rules) * 1:55086 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Bqrf-9645595-0 download attempt (malware-other.rules) * 1:55087 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Bqrf-9645595-0 download attempt (malware-other.rules) * 1:55088 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Upatre-9645450-0 download attempt (malware-other.rules) * 1:55089 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Upatre-9645450-0 download attempt (malware-other.rules) * 1:55090 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Mikey-9645700-0 download attempt (malware-other.rules) * 1:55091 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Mikey-9645700-0 download attempt (malware-other.rules) * 1:55092 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9645872-0 download attempt (malware-other.rules) * 1:55093 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9645872-0 download attempt (malware-other.rules) * 1:55094 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Midie-9646220-0 download attempt (malware-other.rules) * 1:55095 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Midie-9646220-0 download attempt (malware-other.rules) * 1:55096 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Tool.Kuaizip-9646234-0 download attempt (malware-other.rules) * 1:55097 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Tool.Kuaizip-9646234-0 download attempt (malware-other.rules) * 1:55098 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Blackmoon-9649168-0 download attempt (malware-other.rules) * 1:55099 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Blackmoon-9649168-0 download attempt (malware-other.rules) * 1:55100 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Generickdz-9651402-0 download attempt (malware-other.rules) * 1:55101 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Generickdz-9651402-0 download attempt (malware-other.rules) * 1:55102 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Urausy-9652317-0 download attempt (malware-other.rules) * 1:55103 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Urausy-9652317-0 download attempt (malware-other.rules) * 1:55104 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Midie-9651428-0 download attempt (malware-other.rules) * 1:55105 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Midie-9651428-0 download attempt (malware-other.rules) * 1:55106 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Midie-9651455-0 download attempt (malware-other.rules) * 1:55107 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Midie-9651455-0 download attempt (malware-other.rules) * 1:55108 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9652796-0 download attempt (malware-other.rules) * 1:55109 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9652796-0 download attempt (malware-other.rules) * 1:55110 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Blackmoon-9653251-0 download attempt (malware-other.rules) * 1:55111 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Blackmoon-9653251-0 download attempt (malware-other.rules) * 1:55112 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Slenfbot-9653263-0 download attempt (malware-other.rules) * 1:55113 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Slenfbot-9653263-0 download attempt (malware-other.rules) * 1:55114 <-> DISABLED <-> MALWARE-OTHER Win.Ircbot.Ircbot-9653265-0 download attempt (malware-other.rules) * 1:55115 <-> DISABLED <-> MALWARE-OTHER Win.Ircbot.Ircbot-9653265-0 download attempt (malware-other.rules) * 1:55116 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Azzf-9653274-0 download attempt (malware-other.rules) * 1:55117 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Azzf-9653274-0 download attempt (malware-other.rules) * 1:55118 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Azzo-9653275-0 download attempt (malware-other.rules) * 1:55119 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Azzo-9653275-0 download attempt (malware-other.rules) * 1:55120 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Midie-9653298-0 download attempt (malware-other.rules) * 1:55121 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Midie-9653298-0 download attempt (malware-other.rules) * 1:55122 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Dexter-9654223-0 download attempt (malware-other.rules) * 1:55123 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Dexter-9654223-0 download attempt (malware-other.rules) * 1:55124 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Tiny-9653715-0 download attempt (malware-other.rules) * 1:55125 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Tiny-9653715-0 download attempt (malware-other.rules) * 1:55126 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Powerspider-9654501-0 download attempt (malware-other.rules) * 1:55127 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Powerspider-9654501-0 download attempt (malware-other.rules) * 1:55128 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ulise-9654608-0 download attempt (malware-other.rules) * 1:55129 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ulise-9654608-0 download attempt (malware-other.rules) * 1:55130 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Farfli-9654634-0 download attempt (malware-other.rules) * 1:55131 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Farfli-9654634-0 download attempt (malware-other.rules) * 1:55132 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Upatre-9655576-0 download attempt (malware-other.rules) * 1:55133 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Upatre-9655576-0 download attempt (malware-other.rules) * 1:55134 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Upatre-9655589-0 download attempt (malware-other.rules) * 1:55135 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Upatre-9655589-0 download attempt (malware-other.rules) * 1:55136 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Urelas-9655843-0 download attempt (malware-other.rules) * 1:55137 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Urelas-9655843-0 download attempt (malware-other.rules) * 1:55138 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Pioneer outbound communication attempt (malware-cnc.rules) * 1:55139 <-> DISABLED <-> SERVER-OTHER Microsoft Windows Active Directory information disclosure attempt (server-other.rules) * 1:55140 <-> DISABLED <-> SERVER-OTHER Microsoft Windows Active Directory information disclosure attempt (server-other.rules) * 1:55141 <-> DISABLED <-> FILE-OTHER Microsoft Windows CLFS Driver elevation of privilege attempt (file-other.rules) * 1:55142 <-> DISABLED <-> FILE-OTHER Microsoft Windows CLFS Driver elevation of privilege attempt (file-other.rules) * 1:55143 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k kernel driver use after free attempt (os-windows.rules) * 1:55144 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k kernel driver use after free attempt (os-windows.rules) * 1:55145 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DirectX kernel driver local privilege escalation attempt (os-windows.rules) * 1:55146 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DirectX kernel driver local privilege escalation attempt (os-windows.rules) * 1:55147 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Burden-9681817-0 download attempt (malware-other.rules) * 1:55148 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Burden-9681817-0 download attempt (malware-other.rules) * 1:55149 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generickdz-9681016-0 download attempt (malware-other.rules) * 1:55150 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generickdz-9681016-0 download attempt (malware-other.rules) * 1:55151 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9683280-0 download attempt (malware-other.rules) * 1:55152 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9683280-0 download attempt (malware-other.rules) * 1:55153 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Upatre-9683289-0 download attempt (malware-other.rules) * 1:55154 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Upatre-9683289-0 download attempt (malware-other.rules) * 1:55155 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9683300-0 download attempt (malware-other.rules) * 1:55156 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9683300-0 download attempt (malware-other.rules) * 1:55157 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Generickdz-9684939-0 download attempt (malware-other.rules) * 1:55158 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Generickdz-9684939-0 download attempt (malware-other.rules) * 1:55159 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Midie-9684412-0 download attempt (malware-other.rules) * 1:55160 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Midie-9684412-0 download attempt (malware-other.rules) * 1:55161 <-> DISABLED <-> OS-WINDOWS Microsoft Windows kernel DirectComposition use after free attempt (os-windows.rules) * 1:55162 <-> DISABLED <-> OS-WINDOWS Microsoft Windows kernel DirectComposition use after free attempt (os-windows.rules) * 1:55163 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Urausy-9732721-0 download attempt (malware-other.rules) * 1:55164 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Urausy-9732721-0 download attempt (malware-other.rules) * 1:55165 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Midie-9732633-0 download attempt (malware-other.rules) * 1:55166 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Midie-9732633-0 download attempt (malware-other.rules) * 1:55167 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upantix-9732988-0 download attempt (malware-other.rules) * 1:55169 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upantix-9732991-0 download attempt (malware-other.rules) * 1:55170 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upantix-9732991-0 download attempt (malware-other.rules) * 1:55171 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Fugrafa-9733007-0 download attempt (malware-other.rules) * 1:55173 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Fugrafa-9733010-0 download attempt (malware-other.rules) * 1:55172 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Fugrafa-9733007-0 download attempt (malware-other.rules) * 1:55174 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Fugrafa-9733010-0 download attempt (malware-other.rules) * 1:55175 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Midie-9733145-0 download attempt (malware-other.rules) * 1:55176 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Midie-9733145-0 download attempt (malware-other.rules) * 1:55177 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generickdz-9733191-0 download attempt (malware-other.rules) * 1:55178 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generickdz-9733191-0 download attempt (malware-other.rules) * 1:55179 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Zbot-9733244-0 download attempt (malware-other.rules) * 1:55180 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Zbot-9733244-0 download attempt (malware-other.rules) * 1:55181 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9733416-0 download attempt (malware-other.rules) * 1:55182 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9733416-0 download attempt (malware-other.rules) * 1:55183 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Trustezeb-9733534-0 download attempt (malware-other.rules) * 1:55184 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Trustezeb-9733534-0 download attempt (malware-other.rules) * 1:55185 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Urausy-9733639-0 download attempt (malware-other.rules) * 1:55186 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Urausy-9733639-0 download attempt (malware-other.rules) * 1:55187 <-> DISABLED <-> OS-WINDOWS Microsoft Windows kernel driver escalation of privilege attempt (os-windows.rules) * 1:55188 <-> DISABLED <-> OS-WINDOWS Microsoft Windows kernel driver escalation of privilege attempt (os-windows.rules) * 1:55189 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Urausy-9733671-0 download attempt (malware-other.rules) * 1:55190 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Urausy-9733671-0 download attempt (malware-other.rules) * 1:55191 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Midie-9733689-0 download attempt (malware-other.rules) * 1:55192 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Midie-9733689-0 download attempt (malware-other.rules) * 1:55193 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Generickdz-9733669-0 download attempt (malware-other.rules) * 1:55194 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Generickdz-9733669-0 download attempt (malware-other.rules) * 1:55195 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Generickdz-9733685-0 download attempt (malware-other.rules) * 1:55196 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Generickdz-9733685-0 download attempt (malware-other.rules) * 1:55197 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NDIS.SYS driver buffer overflow attempt (os-windows.rules) * 1:55198 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NDIS.SYS driver buffer overflow attempt (os-windows.rules) * 1:55199 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Delf-9733756-0 download attempt (malware-other.rules) * 1:55200 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Delf-9733756-0 download attempt (malware-other.rules) * 1:55201 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zbot-9733739-0 download attempt (malware-other.rules) * 1:55202 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zbot-9733739-0 download attempt (malware-other.rules) * 1:55203 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.SoreFang malicious executable download attempt (malware-other.rules) * 1:55204 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.SoreFang malicious executable download attempt (malware-other.rules) * 1:55205 <-> DISABLED <-> MALWARE-CNC Win.Trojan.SoreFang initial outbound connection attempt (malware-cnc.rules) * 1:55206 <-> ENABLED <-> SERVER-OTHER Active Directory LDAP addRequest crafted dnsRecord information leak attempt (server-other.rules) * 1:55207 <-> DISABLED <-> SERVER-OTHER Intel AMT HTTP invalid chunk size attempt (server-other.rules) * 1:55208 <-> DISABLED <-> SERVER-OTHER Intel AMT HTTP invalid chunk size attempt (server-other.rules) * 1:55209 <-> DISABLED <-> SERVER-OTHER Intel AMT HTTP negative content-length attempt (server-other.rules) * 1:55210 <-> DISABLED <-> SERVER-OTHER Intel AMT HTTP negative content-length attempt (server-other.rules)
* 1:36744 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NDIS.SYS driver buffer overflow attempt (os-windows.rules) * 1:51620 <-> ENABLED <-> SERVER-WEBAPP vBulletin pre-authenticated command injection attempt (server-webapp.rules) * 1:36745 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NDIS.SYS driver buffer overflow attempt (os-windows.rules) * 1:51833 <-> DISABLED <-> SERVER-WEBAPP vBulletin pre-authenticated command injection attempt (server-webapp.rules) * 1:51621 <-> ENABLED <-> SERVER-WEBAPP vBulletin pre-authenticated command injection attempt (server-webapp.rules) * 1:51834 <-> DISABLED <-> SERVER-WEBAPP vBulletin pre-authenticated command injection attempt (server-webapp.rules) * 1:51836 <-> DISABLED <-> SERVER-WEBAPP vBulletin pre-authenticated command injection attempt (server-webapp.rules) * 1:51835 <-> DISABLED <-> SERVER-WEBAPP vBulletin pre-authenticated command injection attempt (server-webapp.rules) * 1:51837 <-> DISABLED <-> SERVER-WEBAPP vBulletin pre-authenticated command injection attempt (server-webapp.rules) * 1:54767 <-> ENABLED <-> SERVER-WEBAPP vBulletin template rendering arbitrary PHP code execution attempt (server-webapp.rules) * 1:54383 <-> DISABLED <-> POLICY-OTHER Potentially suspicious fragmented IP in IP packet (policy-other.rules) * 1:54768 <-> ENABLED <-> SERVER-WEBAPP vBulletin template rendering arbitrary PHP code execution attempt (server-webapp.rules) * 3:55036 <-> ENABLED <-> BROWSER-CHROME TRUFFLEHUNTER TALOS-2020-1152 attack attempt (browser-chrome.rules) * 3:55037 <-> ENABLED <-> BROWSER-CHROME TRUFFLEHUNTER TALOS-2020-1152 attack attempt (browser-chrome.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091501.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:55166 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Midie-9732633-0 download attempt (malware-other.rules) * 1:55168 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upantix-9732988-0 download attempt (malware-other.rules) * 1:55167 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upantix-9732988-0 download attempt (malware-other.rules) * 1:55170 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upantix-9732991-0 download attempt (malware-other.rules) * 1:55172 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Fugrafa-9733007-0 download attempt (malware-other.rules) * 1:55173 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Fugrafa-9733010-0 download attempt (malware-other.rules) * 1:55174 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Fugrafa-9733010-0 download attempt (malware-other.rules) * 1:55175 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Midie-9733145-0 download attempt (malware-other.rules) * 1:55176 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Midie-9733145-0 download attempt (malware-other.rules) * 1:55177 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generickdz-9733191-0 download attempt (malware-other.rules) * 1:55178 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generickdz-9733191-0 download attempt (malware-other.rules) * 1:55179 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Zbot-9733244-0 download attempt (malware-other.rules) * 1:55180 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Zbot-9733244-0 download attempt (malware-other.rules) * 1:55181 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9733416-0 download attempt (malware-other.rules) * 1:55182 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9733416-0 download attempt (malware-other.rules) * 1:55183 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Trustezeb-9733534-0 download attempt (malware-other.rules) * 1:55184 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Trustezeb-9733534-0 download attempt (malware-other.rules) * 1:55185 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Urausy-9733639-0 download attempt (malware-other.rules) * 1:55186 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Urausy-9733639-0 download attempt (malware-other.rules) * 1:55187 <-> DISABLED <-> OS-WINDOWS Microsoft Windows kernel driver escalation of privilege attempt (os-windows.rules) * 1:55188 <-> DISABLED <-> OS-WINDOWS Microsoft Windows kernel driver escalation of privilege attempt (os-windows.rules) * 1:55189 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Urausy-9733671-0 download attempt (malware-other.rules) * 1:55190 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Urausy-9733671-0 download attempt (malware-other.rules) * 1:55191 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Midie-9733689-0 download attempt (malware-other.rules) * 1:55192 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Midie-9733689-0 download attempt (malware-other.rules) * 1:55193 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Generickdz-9733669-0 download attempt (malware-other.rules) * 1:55194 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Generickdz-9733669-0 download attempt (malware-other.rules) * 1:55195 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Generickdz-9733685-0 download attempt (malware-other.rules) * 1:55196 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Generickdz-9733685-0 download attempt (malware-other.rules) * 1:55197 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NDIS.SYS driver buffer overflow attempt (os-windows.rules) * 1:55198 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NDIS.SYS driver buffer overflow attempt (os-windows.rules) * 1:55199 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Delf-9733756-0 download attempt (malware-other.rules) * 1:55200 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Delf-9733756-0 download attempt (malware-other.rules) * 1:55201 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zbot-9733739-0 download attempt (malware-other.rules) * 1:55202 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zbot-9733739-0 download attempt (malware-other.rules) * 1:55203 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.SoreFang malicious executable download attempt (malware-other.rules) * 1:55204 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.SoreFang malicious executable download attempt (malware-other.rules) * 1:55205 <-> DISABLED <-> MALWARE-CNC Win.Trojan.SoreFang initial outbound connection attempt (malware-cnc.rules) * 1:55206 <-> ENABLED <-> SERVER-OTHER Active Directory LDAP addRequest crafted dnsRecord information leak attempt (server-other.rules) * 1:55207 <-> DISABLED <-> SERVER-OTHER Intel AMT HTTP invalid chunk size attempt (server-other.rules) * 1:55208 <-> DISABLED <-> SERVER-OTHER Intel AMT HTTP invalid chunk size attempt (server-other.rules) * 1:55209 <-> DISABLED <-> SERVER-OTHER Intel AMT HTTP negative content-length attempt (server-other.rules) * 1:55210 <-> DISABLED <-> SERVER-OTHER Intel AMT HTTP negative content-length attempt (server-other.rules) * 1:55171 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Fugrafa-9733007-0 download attempt (malware-other.rules) * 1:55169 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upantix-9732991-0 download attempt (malware-other.rules) * 1:55038 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Dropperx-9637493-0 download attempt (malware-other.rules) * 1:55040 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Upatre-9638383-0 download attempt (malware-other.rules) * 1:55039 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Dropperx-9637493-0 download attempt (malware-other.rules) * 1:55042 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9638741-0 download attempt (malware-other.rules) * 1:55041 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Upatre-9638383-0 download attempt (malware-other.rules) * 1:55044 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9638751-0 download attempt (malware-other.rules) * 1:55043 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9638741-0 download attempt (malware-other.rules) * 1:55046 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Genpack-9638414-0 download attempt (malware-other.rules) * 1:55045 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9638751-0 download attempt (malware-other.rules) * 1:55048 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Genpack-9638419-0 download attempt (malware-other.rules) * 1:55047 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Genpack-9638414-0 download attempt (malware-other.rules) * 1:55050 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Karagany-9638614-0 download attempt (malware-other.rules) * 1:55049 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Genpack-9638419-0 download attempt (malware-other.rules) * 1:55052 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Agentb-9639796-0 download attempt (malware-other.rules) * 1:55051 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Karagany-9638614-0 download attempt (malware-other.rules) * 1:55054 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9641287-0 download attempt (malware-other.rules) * 1:55053 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Agentb-9639796-0 download attempt (malware-other.rules) * 1:55056 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Sytro-9640596-0 download attempt (malware-other.rules) * 1:55055 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9641287-0 download attempt (malware-other.rules) * 1:55058 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Midie-9642391-0 download attempt (malware-other.rules) * 1:55057 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Sytro-9640596-0 download attempt (malware-other.rules) * 1:55059 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Midie-9642391-0 download attempt (malware-other.rules) * 1:55060 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Sytro-9644119-0 download attempt (malware-other.rules) * 1:55062 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upantix-9644504-0 download attempt (malware-other.rules) * 1:55061 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Sytro-9644119-0 download attempt (malware-other.rules) * 1:55064 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upantix-9644516-0 download attempt (malware-other.rules) * 1:55063 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upantix-9644504-0 download attempt (malware-other.rules) * 1:55066 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Razy-9644138-0 download attempt (malware-other.rules) * 1:55065 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upantix-9644516-0 download attempt (malware-other.rules) * 1:55068 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Nitol-9644345-0 download attempt (malware-other.rules) * 1:55067 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Razy-9644138-0 download attempt (malware-other.rules) * 1:55070 <-> DISABLED <-> MALWARE-OTHER Win.Tool.Zusy-9645230-0 download attempt (malware-other.rules) * 1:55069 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Nitol-9644345-0 download attempt (malware-other.rules) * 1:55072 <-> DISABLED <-> MALWARE-OTHER Win.Tool.Zusy-9645231-0 download attempt (malware-other.rules) * 1:55071 <-> DISABLED <-> MALWARE-OTHER Win.Tool.Zusy-9645230-0 download attempt (malware-other.rules) * 1:55074 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Razy-9645233-0 download attempt (malware-other.rules) * 1:55073 <-> DISABLED <-> MALWARE-OTHER Win.Tool.Zusy-9645231-0 download attempt (malware-other.rules) * 1:55076 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9645326-0 download attempt (malware-other.rules) * 1:55075 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Razy-9645233-0 download attempt (malware-other.rules) * 1:55078 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Dropperx-9645502-0 download attempt (malware-other.rules) * 1:55077 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9645326-0 download attempt (malware-other.rules) * 1:55080 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9645329-0 download attempt (malware-other.rules) * 1:55079 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Dropperx-9645502-0 download attempt (malware-other.rules) * 1:55082 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9645330-0 download attempt (malware-other.rules) * 1:55081 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9645329-0 download attempt (malware-other.rules) * 1:55086 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Bqrf-9645595-0 download attempt (malware-other.rules) * 1:55083 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9645330-0 download attempt (malware-other.rules) * 1:55084 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Razy-9645384-0 download attempt (malware-other.rules) * 1:55085 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Razy-9645384-0 download attempt (malware-other.rules) * 1:55088 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Upatre-9645450-0 download attempt (malware-other.rules) * 1:55087 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Bqrf-9645595-0 download attempt (malware-other.rules) * 1:55090 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Mikey-9645700-0 download attempt (malware-other.rules) * 1:55089 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Upatre-9645450-0 download attempt (malware-other.rules) * 1:55092 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9645872-0 download attempt (malware-other.rules) * 1:55091 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Mikey-9645700-0 download attempt (malware-other.rules) * 1:55093 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9645872-0 download attempt (malware-other.rules) * 1:55095 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Midie-9646220-0 download attempt (malware-other.rules) * 1:55094 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Midie-9646220-0 download attempt (malware-other.rules) * 1:55097 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Tool.Kuaizip-9646234-0 download attempt (malware-other.rules) * 1:55096 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Tool.Kuaizip-9646234-0 download attempt (malware-other.rules) * 1:55099 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Blackmoon-9649168-0 download attempt (malware-other.rules) * 1:55098 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Blackmoon-9649168-0 download attempt (malware-other.rules) * 1:55101 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Generickdz-9651402-0 download attempt (malware-other.rules) * 1:55100 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Generickdz-9651402-0 download attempt (malware-other.rules) * 1:55103 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Urausy-9652317-0 download attempt (malware-other.rules) * 1:55102 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Urausy-9652317-0 download attempt (malware-other.rules) * 1:55105 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Midie-9651428-0 download attempt (malware-other.rules) * 1:55104 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Midie-9651428-0 download attempt (malware-other.rules) * 1:55107 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Midie-9651455-0 download attempt (malware-other.rules) * 1:55106 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Midie-9651455-0 download attempt (malware-other.rules) * 1:55109 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9652796-0 download attempt (malware-other.rules) * 1:55108 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9652796-0 download attempt (malware-other.rules) * 1:55111 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Blackmoon-9653251-0 download attempt (malware-other.rules) * 1:55110 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Blackmoon-9653251-0 download attempt (malware-other.rules) * 1:55113 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Slenfbot-9653263-0 download attempt (malware-other.rules) * 1:55112 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Slenfbot-9653263-0 download attempt (malware-other.rules) * 1:55115 <-> DISABLED <-> MALWARE-OTHER Win.Ircbot.Ircbot-9653265-0 download attempt (malware-other.rules) * 1:55114 <-> DISABLED <-> MALWARE-OTHER Win.Ircbot.Ircbot-9653265-0 download attempt (malware-other.rules) * 1:55117 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Azzf-9653274-0 download attempt (malware-other.rules) * 1:55116 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Azzf-9653274-0 download attempt (malware-other.rules) * 1:55119 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Azzo-9653275-0 download attempt (malware-other.rules) * 1:55118 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Azzo-9653275-0 download attempt (malware-other.rules) * 1:55121 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Midie-9653298-0 download attempt (malware-other.rules) * 1:55120 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Midie-9653298-0 download attempt (malware-other.rules) * 1:55123 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Dexter-9654223-0 download attempt (malware-other.rules) * 1:55122 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Dexter-9654223-0 download attempt (malware-other.rules) * 1:55125 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Tiny-9653715-0 download attempt (malware-other.rules) * 1:55124 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Tiny-9653715-0 download attempt (malware-other.rules) * 1:55127 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Powerspider-9654501-0 download attempt (malware-other.rules) * 1:55126 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Powerspider-9654501-0 download attempt (malware-other.rules) * 1:55129 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ulise-9654608-0 download attempt (malware-other.rules) * 1:55128 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ulise-9654608-0 download attempt (malware-other.rules) * 1:55131 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Farfli-9654634-0 download attempt (malware-other.rules) * 1:55130 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Farfli-9654634-0 download attempt (malware-other.rules) * 1:55133 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Upatre-9655576-0 download attempt (malware-other.rules) * 1:55132 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Upatre-9655576-0 download attempt (malware-other.rules) * 1:55135 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Upatre-9655589-0 download attempt (malware-other.rules) * 1:55134 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Upatre-9655589-0 download attempt (malware-other.rules) * 1:55137 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Urelas-9655843-0 download attempt (malware-other.rules) * 1:55136 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Urelas-9655843-0 download attempt (malware-other.rules) * 1:55139 <-> DISABLED <-> SERVER-OTHER Microsoft Windows Active Directory information disclosure attempt (server-other.rules) * 1:55138 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Pioneer outbound communication attempt (malware-cnc.rules) * 1:55141 <-> DISABLED <-> FILE-OTHER Microsoft Windows CLFS Driver elevation of privilege attempt (file-other.rules) * 1:55140 <-> DISABLED <-> SERVER-OTHER Microsoft Windows Active Directory information disclosure attempt (server-other.rules) * 1:55143 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k kernel driver use after free attempt (os-windows.rules) * 1:55142 <-> DISABLED <-> FILE-OTHER Microsoft Windows CLFS Driver elevation of privilege attempt (file-other.rules) * 1:55145 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DirectX kernel driver local privilege escalation attempt (os-windows.rules) * 1:55144 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k kernel driver use after free attempt (os-windows.rules) * 1:55147 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Burden-9681817-0 download attempt (malware-other.rules) * 1:55146 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DirectX kernel driver local privilege escalation attempt (os-windows.rules) * 1:55149 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generickdz-9681016-0 download attempt (malware-other.rules) * 1:55148 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Burden-9681817-0 download attempt (malware-other.rules) * 1:55151 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9683280-0 download attempt (malware-other.rules) * 1:55150 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generickdz-9681016-0 download attempt (malware-other.rules) * 1:55153 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Upatre-9683289-0 download attempt (malware-other.rules) * 1:55152 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9683280-0 download attempt (malware-other.rules) * 1:55155 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9683300-0 download attempt (malware-other.rules) * 1:55154 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Upatre-9683289-0 download attempt (malware-other.rules) * 1:55157 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Generickdz-9684939-0 download attempt (malware-other.rules) * 1:55156 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9683300-0 download attempt (malware-other.rules) * 1:55158 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Generickdz-9684939-0 download attempt (malware-other.rules) * 1:55160 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Midie-9684412-0 download attempt (malware-other.rules) * 1:55159 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Midie-9684412-0 download attempt (malware-other.rules) * 1:55161 <-> DISABLED <-> OS-WINDOWS Microsoft Windows kernel DirectComposition use after free attempt (os-windows.rules) * 1:55163 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Urausy-9732721-0 download attempt (malware-other.rules) * 1:55162 <-> DISABLED <-> OS-WINDOWS Microsoft Windows kernel DirectComposition use after free attempt (os-windows.rules) * 1:55164 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Urausy-9732721-0 download attempt (malware-other.rules) * 1:55165 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Midie-9732633-0 download attempt (malware-other.rules)
* 1:36744 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NDIS.SYS driver buffer overflow attempt (os-windows.rules) * 1:36745 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NDIS.SYS driver buffer overflow attempt (os-windows.rules) * 1:51620 <-> ENABLED <-> SERVER-WEBAPP vBulletin pre-authenticated command injection attempt (server-webapp.rules) * 1:51834 <-> DISABLED <-> SERVER-WEBAPP vBulletin pre-authenticated command injection attempt (server-webapp.rules) * 1:51833 <-> DISABLED <-> SERVER-WEBAPP vBulletin pre-authenticated command injection attempt (server-webapp.rules) * 1:51621 <-> ENABLED <-> SERVER-WEBAPP vBulletin pre-authenticated command injection attempt (server-webapp.rules) * 1:51835 <-> DISABLED <-> SERVER-WEBAPP vBulletin pre-authenticated command injection attempt (server-webapp.rules) * 1:54383 <-> DISABLED <-> POLICY-OTHER Potentially suspicious fragmented IP in IP packet (policy-other.rules) * 1:51837 <-> DISABLED <-> SERVER-WEBAPP vBulletin pre-authenticated command injection attempt (server-webapp.rules) * 1:54767 <-> ENABLED <-> SERVER-WEBAPP vBulletin template rendering arbitrary PHP code execution attempt (server-webapp.rules) * 1:51836 <-> DISABLED <-> SERVER-WEBAPP vBulletin pre-authenticated command injection attempt (server-webapp.rules) * 1:54768 <-> ENABLED <-> SERVER-WEBAPP vBulletin template rendering arbitrary PHP code execution attempt (server-webapp.rules) * 3:55037 <-> ENABLED <-> BROWSER-CHROME TRUFFLEHUNTER TALOS-2020-1152 attack attempt (browser-chrome.rules) * 3:55036 <-> ENABLED <-> BROWSER-CHROME TRUFFLEHUNTER TALOS-2020-1152 attack attempt (browser-chrome.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091500.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:55198 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NDIS.SYS driver buffer overflow attempt (os-windows.rules) * 1:55195 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Generickdz-9733685-0 download attempt (malware-other.rules) * 1:55196 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Generickdz-9733685-0 download attempt (malware-other.rules) * 1:55197 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NDIS.SYS driver buffer overflow attempt (os-windows.rules) * 1:55199 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Delf-9733756-0 download attempt (malware-other.rules) * 1:55200 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Delf-9733756-0 download attempt (malware-other.rules) * 1:55201 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zbot-9733739-0 download attempt (malware-other.rules) * 1:55202 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zbot-9733739-0 download attempt (malware-other.rules) * 1:55203 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.SoreFang malicious executable download attempt (malware-other.rules) * 1:55204 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.SoreFang malicious executable download attempt (malware-other.rules) * 1:55205 <-> DISABLED <-> MALWARE-CNC Win.Trojan.SoreFang initial outbound connection attempt (malware-cnc.rules) * 1:55206 <-> ENABLED <-> SERVER-OTHER Active Directory LDAP addRequest crafted dnsRecord information leak attempt (server-other.rules) * 1:55207 <-> DISABLED <-> SERVER-OTHER Intel AMT HTTP invalid chunk size attempt (server-other.rules) * 1:55208 <-> DISABLED <-> SERVER-OTHER Intel AMT HTTP invalid chunk size attempt (server-other.rules) * 1:55209 <-> DISABLED <-> SERVER-OTHER Intel AMT HTTP negative content-length attempt (server-other.rules) * 1:55210 <-> DISABLED <-> SERVER-OTHER Intel AMT HTTP negative content-length attempt (server-other.rules) * 1:55192 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Midie-9733689-0 download attempt (malware-other.rules) * 1:55178 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generickdz-9733191-0 download attempt (malware-other.rules) * 1:55175 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Midie-9733145-0 download attempt (malware-other.rules) * 1:55191 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Midie-9733689-0 download attempt (malware-other.rules) * 1:55170 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upantix-9732991-0 download attempt (malware-other.rules) * 1:55181 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9733416-0 download attempt (malware-other.rules) * 1:55186 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Urausy-9733639-0 download attempt (malware-other.rules) * 1:55185 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Urausy-9733639-0 download attempt (malware-other.rules) * 1:55187 <-> DISABLED <-> OS-WINDOWS Microsoft Windows kernel driver escalation of privilege attempt (os-windows.rules) * 1:55182 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9733416-0 download attempt (malware-other.rules) * 1:55183 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Trustezeb-9733534-0 download attempt (malware-other.rules) * 1:55184 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Trustezeb-9733534-0 download attempt (malware-other.rules) * 1:55174 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Fugrafa-9733010-0 download attempt (malware-other.rules) * 1:55172 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Fugrafa-9733007-0 download attempt (malware-other.rules) * 1:55177 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generickdz-9733191-0 download attempt (malware-other.rules) * 1:55180 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Zbot-9733244-0 download attempt (malware-other.rules) * 1:55190 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Urausy-9733671-0 download attempt (malware-other.rules) * 1:55176 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Midie-9733145-0 download attempt (malware-other.rules) * 1:55173 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Fugrafa-9733010-0 download attempt (malware-other.rules) * 1:55193 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Generickdz-9733669-0 download attempt (malware-other.rules) * 1:55188 <-> DISABLED <-> OS-WINDOWS Microsoft Windows kernel driver escalation of privilege attempt (os-windows.rules) * 1:55194 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Generickdz-9733669-0 download attempt (malware-other.rules) * 1:55189 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Urausy-9733671-0 download attempt (malware-other.rules) * 1:55179 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Zbot-9733244-0 download attempt (malware-other.rules) * 1:55171 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Fugrafa-9733007-0 download attempt (malware-other.rules) * 1:55169 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upantix-9732991-0 download attempt (malware-other.rules) * 1:55038 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Dropperx-9637493-0 download attempt (malware-other.rules) * 1:55041 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Upatre-9638383-0 download attempt (malware-other.rules) * 1:55040 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Upatre-9638383-0 download attempt (malware-other.rules) * 1:55039 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Dropperx-9637493-0 download attempt (malware-other.rules) * 1:55042 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9638741-0 download attempt (malware-other.rules) * 1:55045 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9638751-0 download attempt (malware-other.rules) * 1:55044 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9638751-0 download attempt (malware-other.rules) * 1:55043 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9638741-0 download attempt (malware-other.rules) * 1:55046 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Genpack-9638414-0 download attempt (malware-other.rules) * 1:55049 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Genpack-9638419-0 download attempt (malware-other.rules) * 1:55048 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Genpack-9638419-0 download attempt (malware-other.rules) * 1:55050 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Karagany-9638614-0 download attempt (malware-other.rules) * 1:55047 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Genpack-9638414-0 download attempt (malware-other.rules) * 1:55053 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Agentb-9639796-0 download attempt (malware-other.rules) * 1:55052 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Agentb-9639796-0 download attempt (malware-other.rules) * 1:55051 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Karagany-9638614-0 download attempt (malware-other.rules) * 1:55054 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9641287-0 download attempt (malware-other.rules) * 1:55057 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Sytro-9640596-0 download attempt (malware-other.rules) * 1:55056 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Sytro-9640596-0 download attempt (malware-other.rules) * 1:55055 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9641287-0 download attempt (malware-other.rules) * 1:55058 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Midie-9642391-0 download attempt (malware-other.rules) * 1:55060 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Sytro-9644119-0 download attempt (malware-other.rules) * 1:55061 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Sytro-9644119-0 download attempt (malware-other.rules) * 1:55059 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Midie-9642391-0 download attempt (malware-other.rules) * 1:55062 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upantix-9644504-0 download attempt (malware-other.rules) * 1:55065 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upantix-9644516-0 download attempt (malware-other.rules) * 1:55064 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upantix-9644516-0 download attempt (malware-other.rules) * 1:55063 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upantix-9644504-0 download attempt (malware-other.rules) * 1:55066 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Razy-9644138-0 download attempt (malware-other.rules) * 1:55069 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Nitol-9644345-0 download attempt (malware-other.rules) * 1:55068 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Nitol-9644345-0 download attempt (malware-other.rules) * 1:55067 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Razy-9644138-0 download attempt (malware-other.rules) * 1:55070 <-> DISABLED <-> MALWARE-OTHER Win.Tool.Zusy-9645230-0 download attempt (malware-other.rules) * 1:55073 <-> DISABLED <-> MALWARE-OTHER Win.Tool.Zusy-9645231-0 download attempt (malware-other.rules) * 1:55072 <-> DISABLED <-> MALWARE-OTHER Win.Tool.Zusy-9645231-0 download attempt (malware-other.rules) * 1:55071 <-> DISABLED <-> MALWARE-OTHER Win.Tool.Zusy-9645230-0 download attempt (malware-other.rules) * 1:55074 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Razy-9645233-0 download attempt (malware-other.rules) * 1:55077 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9645326-0 download attempt (malware-other.rules) * 1:55076 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9645326-0 download attempt (malware-other.rules) * 1:55075 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Razy-9645233-0 download attempt (malware-other.rules) * 1:55078 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Dropperx-9645502-0 download attempt (malware-other.rules) * 1:55081 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9645329-0 download attempt (malware-other.rules) * 1:55080 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9645329-0 download attempt (malware-other.rules) * 1:55079 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Dropperx-9645502-0 download attempt (malware-other.rules) * 1:55082 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9645330-0 download attempt (malware-other.rules) * 1:55085 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Razy-9645384-0 download attempt (malware-other.rules) * 1:55084 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Razy-9645384-0 download attempt (malware-other.rules) * 1:55083 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9645330-0 download attempt (malware-other.rules) * 1:55086 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Bqrf-9645595-0 download attempt (malware-other.rules) * 1:55089 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Upatre-9645450-0 download attempt (malware-other.rules) * 1:55088 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Upatre-9645450-0 download attempt (malware-other.rules) * 1:55087 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Bqrf-9645595-0 download attempt (malware-other.rules) * 1:55090 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Mikey-9645700-0 download attempt (malware-other.rules) * 1:55093 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9645872-0 download attempt (malware-other.rules) * 1:55092 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9645872-0 download attempt (malware-other.rules) * 1:55091 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Mikey-9645700-0 download attempt (malware-other.rules) * 1:55094 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Midie-9646220-0 download attempt (malware-other.rules) * 1:55097 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Tool.Kuaizip-9646234-0 download attempt (malware-other.rules) * 1:55096 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Tool.Kuaizip-9646234-0 download attempt (malware-other.rules) * 1:55100 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Generickdz-9651402-0 download attempt (malware-other.rules) * 1:55098 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Blackmoon-9649168-0 download attempt (malware-other.rules) * 1:55095 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Midie-9646220-0 download attempt (malware-other.rules) * 1:55102 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Urausy-9652317-0 download attempt (malware-other.rules) * 1:55101 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Generickdz-9651402-0 download attempt (malware-other.rules) * 1:55104 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Midie-9651428-0 download attempt (malware-other.rules) * 1:55099 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Blackmoon-9649168-0 download attempt (malware-other.rules) * 1:55106 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Midie-9651455-0 download attempt (malware-other.rules) * 1:55105 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Midie-9651428-0 download attempt (malware-other.rules) * 1:55108 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9652796-0 download attempt (malware-other.rules) * 1:55103 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Urausy-9652317-0 download attempt (malware-other.rules) * 1:55110 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Blackmoon-9653251-0 download attempt (malware-other.rules) * 1:55109 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9652796-0 download attempt (malware-other.rules) * 1:55112 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Slenfbot-9653263-0 download attempt (malware-other.rules) * 1:55107 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Midie-9651455-0 download attempt (malware-other.rules) * 1:55114 <-> DISABLED <-> MALWARE-OTHER Win.Ircbot.Ircbot-9653265-0 download attempt (malware-other.rules) * 1:55113 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Slenfbot-9653263-0 download attempt (malware-other.rules) * 1:55116 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Azzf-9653274-0 download attempt (malware-other.rules) * 1:55111 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Blackmoon-9653251-0 download attempt (malware-other.rules) * 1:55118 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Azzo-9653275-0 download attempt (malware-other.rules) * 1:55117 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Azzf-9653274-0 download attempt (malware-other.rules) * 1:55120 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Midie-9653298-0 download attempt (malware-other.rules) * 1:55115 <-> DISABLED <-> MALWARE-OTHER Win.Ircbot.Ircbot-9653265-0 download attempt (malware-other.rules) * 1:55122 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Dexter-9654223-0 download attempt (malware-other.rules) * 1:55121 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Midie-9653298-0 download attempt (malware-other.rules) * 1:55124 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Tiny-9653715-0 download attempt (malware-other.rules) * 1:55119 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Azzo-9653275-0 download attempt (malware-other.rules) * 1:55126 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Powerspider-9654501-0 download attempt (malware-other.rules) * 1:55125 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Tiny-9653715-0 download attempt (malware-other.rules) * 1:55128 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ulise-9654608-0 download attempt (malware-other.rules) * 1:55123 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Dexter-9654223-0 download attempt (malware-other.rules) * 1:55130 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Farfli-9654634-0 download attempt (malware-other.rules) * 1:55129 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ulise-9654608-0 download attempt (malware-other.rules) * 1:55132 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Upatre-9655576-0 download attempt (malware-other.rules) * 1:55127 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Powerspider-9654501-0 download attempt (malware-other.rules) * 1:55134 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Upatre-9655589-0 download attempt (malware-other.rules) * 1:55133 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Upatre-9655576-0 download attempt (malware-other.rules) * 1:55136 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Urelas-9655843-0 download attempt (malware-other.rules) * 1:55131 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Farfli-9654634-0 download attempt (malware-other.rules) * 1:55138 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Pioneer outbound communication attempt (malware-cnc.rules) * 1:55137 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Urelas-9655843-0 download attempt (malware-other.rules) * 1:55140 <-> DISABLED <-> SERVER-OTHER Microsoft Windows Active Directory information disclosure attempt (server-other.rules) * 1:55135 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Upatre-9655589-0 download attempt (malware-other.rules) * 1:55142 <-> DISABLED <-> FILE-OTHER Microsoft Windows CLFS Driver elevation of privilege attempt (file-other.rules) * 1:55141 <-> DISABLED <-> FILE-OTHER Microsoft Windows CLFS Driver elevation of privilege attempt (file-other.rules) * 1:55144 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k kernel driver use after free attempt (os-windows.rules) * 1:55139 <-> DISABLED <-> SERVER-OTHER Microsoft Windows Active Directory information disclosure attempt (server-other.rules) * 1:55146 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DirectX kernel driver local privilege escalation attempt (os-windows.rules) * 1:55145 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DirectX kernel driver local privilege escalation attempt (os-windows.rules) * 1:55148 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Burden-9681817-0 download attempt (malware-other.rules) * 1:55143 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k kernel driver use after free attempt (os-windows.rules) * 1:55150 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generickdz-9681016-0 download attempt (malware-other.rules) * 1:55149 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generickdz-9681016-0 download attempt (malware-other.rules) * 1:55152 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9683280-0 download attempt (malware-other.rules) * 1:55147 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Burden-9681817-0 download attempt (malware-other.rules) * 1:55154 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Upatre-9683289-0 download attempt (malware-other.rules) * 1:55153 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Upatre-9683289-0 download attempt (malware-other.rules) * 1:55156 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9683300-0 download attempt (malware-other.rules) * 1:55151 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9683280-0 download attempt (malware-other.rules) * 1:55158 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Generickdz-9684939-0 download attempt (malware-other.rules) * 1:55157 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Generickdz-9684939-0 download attempt (malware-other.rules) * 1:55160 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Midie-9684412-0 download attempt (malware-other.rules) * 1:55155 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9683300-0 download attempt (malware-other.rules) * 1:55162 <-> DISABLED <-> OS-WINDOWS Microsoft Windows kernel DirectComposition use after free attempt (os-windows.rules) * 1:55161 <-> DISABLED <-> OS-WINDOWS Microsoft Windows kernel DirectComposition use after free attempt (os-windows.rules) * 1:55164 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Urausy-9732721-0 download attempt (malware-other.rules) * 1:55159 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Midie-9684412-0 download attempt (malware-other.rules) * 1:55165 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Midie-9732633-0 download attempt (malware-other.rules) * 1:55166 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Midie-9732633-0 download attempt (malware-other.rules) * 1:55163 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Urausy-9732721-0 download attempt (malware-other.rules) * 1:55167 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upantix-9732988-0 download attempt (malware-other.rules) * 1:55168 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upantix-9732988-0 download attempt (malware-other.rules)
* 1:36744 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NDIS.SYS driver buffer overflow attempt (os-windows.rules) * 1:51620 <-> ENABLED <-> SERVER-WEBAPP vBulletin pre-authenticated command injection attempt (server-webapp.rules) * 1:36745 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NDIS.SYS driver buffer overflow attempt (os-windows.rules) * 1:51833 <-> DISABLED <-> SERVER-WEBAPP vBulletin pre-authenticated command injection attempt (server-webapp.rules) * 1:51621 <-> ENABLED <-> SERVER-WEBAPP vBulletin pre-authenticated command injection attempt (server-webapp.rules) * 1:51835 <-> DISABLED <-> SERVER-WEBAPP vBulletin pre-authenticated command injection attempt (server-webapp.rules) * 1:51834 <-> DISABLED <-> SERVER-WEBAPP vBulletin pre-authenticated command injection attempt (server-webapp.rules) * 1:51837 <-> DISABLED <-> SERVER-WEBAPP vBulletin pre-authenticated command injection attempt (server-webapp.rules) * 1:51836 <-> DISABLED <-> SERVER-WEBAPP vBulletin pre-authenticated command injection attempt (server-webapp.rules) * 1:54767 <-> ENABLED <-> SERVER-WEBAPP vBulletin template rendering arbitrary PHP code execution attempt (server-webapp.rules) * 1:54383 <-> DISABLED <-> POLICY-OTHER Potentially suspicious fragmented IP in IP packet (policy-other.rules) * 1:54768 <-> ENABLED <-> SERVER-WEBAPP vBulletin template rendering arbitrary PHP code execution attempt (server-webapp.rules) * 3:55036 <-> ENABLED <-> BROWSER-CHROME TRUFFLEHUNTER TALOS-2020-1152 attack attempt (browser-chrome.rules) * 3:55037 <-> ENABLED <-> BROWSER-CHROME TRUFFLEHUNTER TALOS-2020-1152 attack attempt (browser-chrome.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091401.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:55169 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upantix-9732991-0 download attempt (malware-other.rules) * 1:55171 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Fugrafa-9733007-0 download attempt (malware-other.rules) * 1:55195 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Generickdz-9733685-0 download attempt (malware-other.rules) * 1:55196 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Generickdz-9733685-0 download attempt (malware-other.rules) * 1:55197 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NDIS.SYS driver buffer overflow attempt (os-windows.rules) * 1:55198 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NDIS.SYS driver buffer overflow attempt (os-windows.rules) * 1:55199 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Delf-9733756-0 download attempt (malware-other.rules) * 1:55203 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.SoreFang malicious executable download attempt (malware-other.rules) * 1:55204 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.SoreFang malicious executable download attempt (malware-other.rules) * 1:55205 <-> DISABLED <-> MALWARE-CNC Win.Trojan.SoreFang initial outbound connection attempt (malware-cnc.rules) * 1:55206 <-> ENABLED <-> SERVER-OTHER Active Directory LDAP addRequest crafted dnsRecord information leak attempt (server-other.rules) * 1:55207 <-> DISABLED <-> SERVER-OTHER Intel AMT HTTP invalid chunk size attempt (server-other.rules) * 1:55208 <-> DISABLED <-> SERVER-OTHER Intel AMT HTTP invalid chunk size attempt (server-other.rules) * 1:55209 <-> DISABLED <-> SERVER-OTHER Intel AMT HTTP negative content-length attempt (server-other.rules) * 1:55210 <-> DISABLED <-> SERVER-OTHER Intel AMT HTTP negative content-length attempt (server-other.rules) * 1:55184 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Trustezeb-9733534-0 download attempt (malware-other.rules) * 1:55178 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generickdz-9733191-0 download attempt (malware-other.rules) * 1:55187 <-> DISABLED <-> OS-WINDOWS Microsoft Windows kernel driver escalation of privilege attempt (os-windows.rules) * 1:55191 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Midie-9733689-0 download attempt (malware-other.rules) * 1:55185 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Urausy-9733639-0 download attempt (malware-other.rules) * 1:55190 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Urausy-9733671-0 download attempt (malware-other.rules) * 1:55194 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Generickdz-9733669-0 download attempt (malware-other.rules) * 1:55172 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Fugrafa-9733007-0 download attempt (malware-other.rules) * 1:55189 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Urausy-9733671-0 download attempt (malware-other.rules) * 1:55182 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9733416-0 download attempt (malware-other.rules) * 1:55183 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Trustezeb-9733534-0 download attempt (malware-other.rules) * 1:55186 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Urausy-9733639-0 download attempt (malware-other.rules) * 1:55170 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upantix-9732991-0 download attempt (malware-other.rules) * 1:55181 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9733416-0 download attempt (malware-other.rules) * 1:55175 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Midie-9733145-0 download attempt (malware-other.rules) * 1:55192 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Midie-9733689-0 download attempt (malware-other.rules) * 1:55179 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Zbot-9733244-0 download attempt (malware-other.rules) * 1:55174 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Fugrafa-9733010-0 download attempt (malware-other.rules) * 1:55193 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Generickdz-9733669-0 download attempt (malware-other.rules) * 1:55173 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Fugrafa-9733010-0 download attempt (malware-other.rules) * 1:55176 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Midie-9733145-0 download attempt (malware-other.rules) * 1:55177 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generickdz-9733191-0 download attempt (malware-other.rules) * 1:55188 <-> DISABLED <-> OS-WINDOWS Microsoft Windows kernel driver escalation of privilege attempt (os-windows.rules) * 1:55180 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Zbot-9733244-0 download attempt (malware-other.rules) * 1:55200 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Delf-9733756-0 download attempt (malware-other.rules) * 1:55202 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zbot-9733739-0 download attempt (malware-other.rules) * 1:55201 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zbot-9733739-0 download attempt (malware-other.rules) * 1:55038 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Dropperx-9637493-0 download attempt (malware-other.rules) * 1:55040 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Upatre-9638383-0 download attempt (malware-other.rules) * 1:55039 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Dropperx-9637493-0 download attempt (malware-other.rules) * 1:55042 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9638741-0 download attempt (malware-other.rules) * 1:55041 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Upatre-9638383-0 download attempt (malware-other.rules) * 1:55044 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9638751-0 download attempt (malware-other.rules) * 1:55043 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9638741-0 download attempt (malware-other.rules) * 1:55046 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Genpack-9638414-0 download attempt (malware-other.rules) * 1:55045 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9638751-0 download attempt (malware-other.rules) * 1:55048 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Genpack-9638419-0 download attempt (malware-other.rules) * 1:55047 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Genpack-9638414-0 download attempt (malware-other.rules) * 1:55050 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Karagany-9638614-0 download attempt (malware-other.rules) * 1:55049 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Genpack-9638419-0 download attempt (malware-other.rules) * 1:55052 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Agentb-9639796-0 download attempt (malware-other.rules) * 1:55054 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9641287-0 download attempt (malware-other.rules) * 1:55051 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Karagany-9638614-0 download attempt (malware-other.rules) * 1:55053 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Agentb-9639796-0 download attempt (malware-other.rules) * 1:55056 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Sytro-9640596-0 download attempt (malware-other.rules) * 1:55055 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9641287-0 download attempt (malware-other.rules) * 1:55058 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Midie-9642391-0 download attempt (malware-other.rules) * 1:55057 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Sytro-9640596-0 download attempt (malware-other.rules) * 1:55060 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Sytro-9644119-0 download attempt (malware-other.rules) * 1:55062 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upantix-9644504-0 download attempt (malware-other.rules) * 1:55059 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Midie-9642391-0 download attempt (malware-other.rules) * 1:55061 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Sytro-9644119-0 download attempt (malware-other.rules) * 1:55064 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upantix-9644516-0 download attempt (malware-other.rules) * 1:55063 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upantix-9644504-0 download attempt (malware-other.rules) * 1:55066 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Razy-9644138-0 download attempt (malware-other.rules) * 1:55068 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Nitol-9644345-0 download attempt (malware-other.rules) * 1:55070 <-> DISABLED <-> MALWARE-OTHER Win.Tool.Zusy-9645230-0 download attempt (malware-other.rules) * 1:55065 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upantix-9644516-0 download attempt (malware-other.rules) * 1:55072 <-> DISABLED <-> MALWARE-OTHER Win.Tool.Zusy-9645231-0 download attempt (malware-other.rules) * 1:55067 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Razy-9644138-0 download attempt (malware-other.rules) * 1:55074 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Razy-9645233-0 download attempt (malware-other.rules) * 1:55069 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Nitol-9644345-0 download attempt (malware-other.rules) * 1:55076 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9645326-0 download attempt (malware-other.rules) * 1:55071 <-> DISABLED <-> MALWARE-OTHER Win.Tool.Zusy-9645230-0 download attempt (malware-other.rules) * 1:55078 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Dropperx-9645502-0 download attempt (malware-other.rules) * 1:55073 <-> DISABLED <-> MALWARE-OTHER Win.Tool.Zusy-9645231-0 download attempt (malware-other.rules) * 1:55080 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9645329-0 download attempt (malware-other.rules) * 1:55075 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Razy-9645233-0 download attempt (malware-other.rules) * 1:55082 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9645330-0 download attempt (malware-other.rules) * 1:55077 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9645326-0 download attempt (malware-other.rules) * 1:55084 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Razy-9645384-0 download attempt (malware-other.rules) * 1:55079 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Dropperx-9645502-0 download attempt (malware-other.rules) * 1:55081 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9645329-0 download attempt (malware-other.rules) * 1:55083 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9645330-0 download attempt (malware-other.rules) * 1:55086 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Bqrf-9645595-0 download attempt (malware-other.rules) * 1:55085 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Razy-9645384-0 download attempt (malware-other.rules) * 1:55088 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Upatre-9645450-0 download attempt (malware-other.rules) * 1:55087 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Bqrf-9645595-0 download attempt (malware-other.rules) * 1:55090 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Mikey-9645700-0 download attempt (malware-other.rules) * 1:55089 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Upatre-9645450-0 download attempt (malware-other.rules) * 1:55092 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9645872-0 download attempt (malware-other.rules) * 1:55091 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Mikey-9645700-0 download attempt (malware-other.rules) * 1:55094 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Midie-9646220-0 download attempt (malware-other.rules) * 1:55093 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9645872-0 download attempt (malware-other.rules) * 1:55096 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Tool.Kuaizip-9646234-0 download attempt (malware-other.rules) * 1:55095 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Midie-9646220-0 download attempt (malware-other.rules) * 1:55098 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Blackmoon-9649168-0 download attempt (malware-other.rules) * 1:55097 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Tool.Kuaizip-9646234-0 download attempt (malware-other.rules) * 1:55100 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Generickdz-9651402-0 download attempt (malware-other.rules) * 1:55099 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Blackmoon-9649168-0 download attempt (malware-other.rules) * 1:55102 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Urausy-9652317-0 download attempt (malware-other.rules) * 1:55101 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Generickdz-9651402-0 download attempt (malware-other.rules) * 1:55104 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Midie-9651428-0 download attempt (malware-other.rules) * 1:55106 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Midie-9651455-0 download attempt (malware-other.rules) * 1:55108 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9652796-0 download attempt (malware-other.rules) * 1:55103 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Urausy-9652317-0 download attempt (malware-other.rules) * 1:55110 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Blackmoon-9653251-0 download attempt (malware-other.rules) * 1:55105 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Midie-9651428-0 download attempt (malware-other.rules) * 1:55107 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Midie-9651455-0 download attempt (malware-other.rules) * 1:55109 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9652796-0 download attempt (malware-other.rules) * 1:55112 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Slenfbot-9653263-0 download attempt (malware-other.rules) * 1:55111 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Blackmoon-9653251-0 download attempt (malware-other.rules) * 1:55114 <-> DISABLED <-> MALWARE-OTHER Win.Ircbot.Ircbot-9653265-0 download attempt (malware-other.rules) * 1:55113 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Slenfbot-9653263-0 download attempt (malware-other.rules) * 1:55116 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Azzf-9653274-0 download attempt (malware-other.rules) * 1:55118 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Azzo-9653275-0 download attempt (malware-other.rules) * 1:55120 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Midie-9653298-0 download attempt (malware-other.rules) * 1:55115 <-> DISABLED <-> MALWARE-OTHER Win.Ircbot.Ircbot-9653265-0 download attempt (malware-other.rules) * 1:55122 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Dexter-9654223-0 download attempt (malware-other.rules) * 1:55117 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Azzf-9653274-0 download attempt (malware-other.rules) * 1:55124 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Tiny-9653715-0 download attempt (malware-other.rules) * 1:55119 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Azzo-9653275-0 download attempt (malware-other.rules) * 1:55126 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Powerspider-9654501-0 download attempt (malware-other.rules) * 1:55121 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Midie-9653298-0 download attempt (malware-other.rules) * 1:55123 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Dexter-9654223-0 download attempt (malware-other.rules) * 1:55125 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Tiny-9653715-0 download attempt (malware-other.rules) * 1:55128 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ulise-9654608-0 download attempt (malware-other.rules) * 1:55127 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Powerspider-9654501-0 download attempt (malware-other.rules) * 1:55130 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Farfli-9654634-0 download attempt (malware-other.rules) * 1:55129 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ulise-9654608-0 download attempt (malware-other.rules) * 1:55132 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Upatre-9655576-0 download attempt (malware-other.rules) * 1:55131 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Farfli-9654634-0 download attempt (malware-other.rules) * 1:55134 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Upatre-9655589-0 download attempt (malware-other.rules) * 1:55133 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Upatre-9655576-0 download attempt (malware-other.rules) * 1:55136 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Urelas-9655843-0 download attempt (malware-other.rules) * 1:55138 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Pioneer outbound communication attempt (malware-cnc.rules) * 1:55135 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Upatre-9655589-0 download attempt (malware-other.rules) * 1:55137 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Urelas-9655843-0 download attempt (malware-other.rules) * 1:55140 <-> DISABLED <-> SERVER-OTHER Microsoft Windows Active Directory information disclosure attempt (server-other.rules) * 1:55139 <-> DISABLED <-> SERVER-OTHER Microsoft Windows Active Directory information disclosure attempt (server-other.rules) * 1:55142 <-> DISABLED <-> FILE-OTHER Microsoft Windows CLFS Driver elevation of privilege attempt (file-other.rules) * 1:55144 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k kernel driver use after free attempt (os-windows.rules) * 1:55141 <-> DISABLED <-> FILE-OTHER Microsoft Windows CLFS Driver elevation of privilege attempt (file-other.rules) * 1:55143 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k kernel driver use after free attempt (os-windows.rules) * 1:55146 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DirectX kernel driver local privilege escalation attempt (os-windows.rules) * 1:55145 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DirectX kernel driver local privilege escalation attempt (os-windows.rules) * 1:55148 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Burden-9681817-0 download attempt (malware-other.rules) * 1:55147 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Burden-9681817-0 download attempt (malware-other.rules) * 1:55150 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generickdz-9681016-0 download attempt (malware-other.rules) * 1:55149 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generickdz-9681016-0 download attempt (malware-other.rules) * 1:55152 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9683280-0 download attempt (malware-other.rules) * 1:55151 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9683280-0 download attempt (malware-other.rules) * 1:55154 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Upatre-9683289-0 download attempt (malware-other.rules) * 1:55153 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Upatre-9683289-0 download attempt (malware-other.rules) * 1:55156 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9683300-0 download attempt (malware-other.rules) * 1:55158 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Generickdz-9684939-0 download attempt (malware-other.rules) * 1:55160 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Midie-9684412-0 download attempt (malware-other.rules) * 1:55155 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9683300-0 download attempt (malware-other.rules) * 1:55162 <-> DISABLED <-> OS-WINDOWS Microsoft Windows kernel DirectComposition use after free attempt (os-windows.rules) * 1:55157 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Generickdz-9684939-0 download attempt (malware-other.rules) * 1:55164 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Urausy-9732721-0 download attempt (malware-other.rules) * 1:55159 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Midie-9684412-0 download attempt (malware-other.rules) * 1:55166 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Midie-9732633-0 download attempt (malware-other.rules) * 1:55161 <-> DISABLED <-> OS-WINDOWS Microsoft Windows kernel DirectComposition use after free attempt (os-windows.rules) * 1:55168 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upantix-9732988-0 download attempt (malware-other.rules) * 1:55163 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Urausy-9732721-0 download attempt (malware-other.rules) * 1:55165 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Midie-9732633-0 download attempt (malware-other.rules) * 1:55167 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upantix-9732988-0 download attempt (malware-other.rules)
* 1:36744 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NDIS.SYS driver buffer overflow attempt (os-windows.rules) * 1:51620 <-> ENABLED <-> SERVER-WEBAPP vBulletin pre-authenticated command injection attempt (server-webapp.rules) * 1:51833 <-> DISABLED <-> SERVER-WEBAPP vBulletin pre-authenticated command injection attempt (server-webapp.rules) * 1:51835 <-> DISABLED <-> SERVER-WEBAPP vBulletin pre-authenticated command injection attempt (server-webapp.rules) * 1:51837 <-> DISABLED <-> SERVER-WEBAPP vBulletin pre-authenticated command injection attempt (server-webapp.rules) * 1:51621 <-> ENABLED <-> SERVER-WEBAPP vBulletin pre-authenticated command injection attempt (server-webapp.rules) * 1:36745 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NDIS.SYS driver buffer overflow attempt (os-windows.rules) * 1:54767 <-> ENABLED <-> SERVER-WEBAPP vBulletin template rendering arbitrary PHP code execution attempt (server-webapp.rules) * 1:51836 <-> DISABLED <-> SERVER-WEBAPP vBulletin pre-authenticated command injection attempt (server-webapp.rules) * 1:51834 <-> DISABLED <-> SERVER-WEBAPP vBulletin pre-authenticated command injection attempt (server-webapp.rules) * 1:54768 <-> ENABLED <-> SERVER-WEBAPP vBulletin template rendering arbitrary PHP code execution attempt (server-webapp.rules) * 1:54383 <-> DISABLED <-> POLICY-OTHER Potentially suspicious fragmented IP in IP packet (policy-other.rules) * 3:55037 <-> ENABLED <-> BROWSER-CHROME TRUFFLEHUNTER TALOS-2020-1152 attack attempt (browser-chrome.rules) * 3:55036 <-> ENABLED <-> BROWSER-CHROME TRUFFLEHUNTER TALOS-2020-1152 attack attempt (browser-chrome.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091300.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:55191 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Midie-9733689-0 download attempt (malware-other.rules) * 1:55195 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Generickdz-9733685-0 download attempt (malware-other.rules) * 1:55179 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Zbot-9733244-0 download attempt (malware-other.rules) * 1:55196 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Generickdz-9733685-0 download attempt (malware-other.rules) * 1:55197 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NDIS.SYS driver buffer overflow attempt (os-windows.rules) * 1:55198 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NDIS.SYS driver buffer overflow attempt (os-windows.rules) * 1:55199 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Delf-9733756-0 download attempt (malware-other.rules) * 1:55203 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.SoreFang malicious executable download attempt (malware-other.rules) * 1:55204 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.SoreFang malicious executable download attempt (malware-other.rules) * 1:55205 <-> DISABLED <-> MALWARE-CNC Win.Trojan.SoreFang initial outbound connection attempt (malware-cnc.rules) * 1:55206 <-> ENABLED <-> SERVER-OTHER Active Directory LDAP addRequest crafted dnsRecord information leak attempt (server-other.rules) * 1:55207 <-> DISABLED <-> SERVER-OTHER Intel AMT HTTP invalid chunk size attempt (server-other.rules) * 1:55208 <-> DISABLED <-> SERVER-OTHER Intel AMT HTTP invalid chunk size attempt (server-other.rules) * 1:55209 <-> DISABLED <-> SERVER-OTHER Intel AMT HTTP negative content-length attempt (server-other.rules) * 1:55210 <-> DISABLED <-> SERVER-OTHER Intel AMT HTTP negative content-length attempt (server-other.rules) * 1:55181 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9733416-0 download attempt (malware-other.rules) * 1:55175 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Midie-9733145-0 download attempt (malware-other.rules) * 1:55173 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Fugrafa-9733010-0 download attempt (malware-other.rules) * 1:55188 <-> DISABLED <-> OS-WINDOWS Microsoft Windows kernel driver escalation of privilege attempt (os-windows.rules) * 1:55187 <-> DISABLED <-> OS-WINDOWS Microsoft Windows kernel driver escalation of privilege attempt (os-windows.rules) * 1:55186 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Urausy-9733639-0 download attempt (malware-other.rules) * 1:55172 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Fugrafa-9733007-0 download attempt (malware-other.rules) * 1:55183 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Trustezeb-9733534-0 download attempt (malware-other.rules) * 1:55171 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Fugrafa-9733007-0 download attempt (malware-other.rules) * 1:55177 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generickdz-9733191-0 download attempt (malware-other.rules) * 1:55170 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upantix-9732991-0 download attempt (malware-other.rules) * 1:55178 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generickdz-9733191-0 download attempt (malware-other.rules) * 1:55193 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Generickdz-9733669-0 download attempt (malware-other.rules) * 1:55182 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9733416-0 download attempt (malware-other.rules) * 1:55180 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Zbot-9733244-0 download attempt (malware-other.rules) * 1:55192 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Midie-9733689-0 download attempt (malware-other.rules) * 1:55174 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Fugrafa-9733010-0 download attempt (malware-other.rules) * 1:55169 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upantix-9732991-0 download attempt (malware-other.rules) * 1:55185 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Urausy-9733639-0 download attempt (malware-other.rules) * 1:55189 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Urausy-9733671-0 download attempt (malware-other.rules) * 1:55190 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Urausy-9733671-0 download attempt (malware-other.rules) * 1:55194 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Generickdz-9733669-0 download attempt (malware-other.rules) * 1:55184 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Trustezeb-9733534-0 download attempt (malware-other.rules) * 1:55176 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Midie-9733145-0 download attempt (malware-other.rules) * 1:55038 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Dropperx-9637493-0 download attempt (malware-other.rules) * 1:55040 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Upatre-9638383-0 download attempt (malware-other.rules) * 1:55039 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Dropperx-9637493-0 download attempt (malware-other.rules) * 1:55042 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9638741-0 download attempt (malware-other.rules) * 1:55044 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9638751-0 download attempt (malware-other.rules) * 1:55046 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Genpack-9638414-0 download attempt (malware-other.rules) * 1:55048 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Genpack-9638419-0 download attempt (malware-other.rules) * 1:55043 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9638741-0 download attempt (malware-other.rules) * 1:55050 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Karagany-9638614-0 download attempt (malware-other.rules) * 1:55041 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Upatre-9638383-0 download attempt (malware-other.rules) * 1:55052 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Agentb-9639796-0 download attempt (malware-other.rules) * 1:55047 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Genpack-9638414-0 download attempt (malware-other.rules) * 1:55054 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9641287-0 download attempt (malware-other.rules) * 1:55045 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9638751-0 download attempt (malware-other.rules) * 1:55056 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Sytro-9640596-0 download attempt (malware-other.rules) * 1:55051 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Karagany-9638614-0 download attempt (malware-other.rules) * 1:55058 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Midie-9642391-0 download attempt (malware-other.rules) * 1:55049 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Genpack-9638419-0 download attempt (malware-other.rules) * 1:55060 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Sytro-9644119-0 download attempt (malware-other.rules) * 1:55055 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9641287-0 download attempt (malware-other.rules) * 1:55062 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upantix-9644504-0 download attempt (malware-other.rules) * 1:55053 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Agentb-9639796-0 download attempt (malware-other.rules) * 1:55064 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upantix-9644516-0 download attempt (malware-other.rules) * 1:55059 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Midie-9642391-0 download attempt (malware-other.rules) * 1:55066 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Razy-9644138-0 download attempt (malware-other.rules) * 1:55057 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Sytro-9640596-0 download attempt (malware-other.rules) * 1:55068 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Nitol-9644345-0 download attempt (malware-other.rules) * 1:55063 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upantix-9644504-0 download attempt (malware-other.rules) * 1:55070 <-> DISABLED <-> MALWARE-OTHER Win.Tool.Zusy-9645230-0 download attempt (malware-other.rules) * 1:55061 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Sytro-9644119-0 download attempt (malware-other.rules) * 1:55072 <-> DISABLED <-> MALWARE-OTHER Win.Tool.Zusy-9645231-0 download attempt (malware-other.rules) * 1:55067 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Razy-9644138-0 download attempt (malware-other.rules) * 1:55065 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upantix-9644516-0 download attempt (malware-other.rules) * 1:55074 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Razy-9645233-0 download attempt (malware-other.rules) * 1:55076 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9645326-0 download attempt (malware-other.rules) * 1:55071 <-> DISABLED <-> MALWARE-OTHER Win.Tool.Zusy-9645230-0 download attempt (malware-other.rules) * 1:55080 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9645329-0 download attempt (malware-other.rules) * 1:55069 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Nitol-9644345-0 download attempt (malware-other.rules) * 1:55078 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Dropperx-9645502-0 download attempt (malware-other.rules) * 1:55075 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Razy-9645233-0 download attempt (malware-other.rules) * 1:55082 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9645330-0 download attempt (malware-other.rules) * 1:55073 <-> DISABLED <-> MALWARE-OTHER Win.Tool.Zusy-9645231-0 download attempt (malware-other.rules) * 1:55084 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Razy-9645384-0 download attempt (malware-other.rules) * 1:55079 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Dropperx-9645502-0 download attempt (malware-other.rules) * 1:55086 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Bqrf-9645595-0 download attempt (malware-other.rules) * 1:55077 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9645326-0 download attempt (malware-other.rules) * 1:55088 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Upatre-9645450-0 download attempt (malware-other.rules) * 1:55083 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9645330-0 download attempt (malware-other.rules) * 1:55090 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Mikey-9645700-0 download attempt (malware-other.rules) * 1:55081 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9645329-0 download attempt (malware-other.rules) * 1:55092 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9645872-0 download attempt (malware-other.rules) * 1:55087 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Bqrf-9645595-0 download attempt (malware-other.rules) * 1:55094 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Midie-9646220-0 download attempt (malware-other.rules) * 1:55085 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Razy-9645384-0 download attempt (malware-other.rules) * 1:55096 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Tool.Kuaizip-9646234-0 download attempt (malware-other.rules) * 1:55091 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Mikey-9645700-0 download attempt (malware-other.rules) * 1:55098 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Blackmoon-9649168-0 download attempt (malware-other.rules) * 1:55089 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Upatre-9645450-0 download attempt (malware-other.rules) * 1:55100 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Generickdz-9651402-0 download attempt (malware-other.rules) * 1:55095 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Midie-9646220-0 download attempt (malware-other.rules) * 1:55102 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Urausy-9652317-0 download attempt (malware-other.rules) * 1:55093 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9645872-0 download attempt (malware-other.rules) * 1:55104 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Midie-9651428-0 download attempt (malware-other.rules) * 1:55099 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Blackmoon-9649168-0 download attempt (malware-other.rules) * 1:55097 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Tool.Kuaizip-9646234-0 download attempt (malware-other.rules) * 1:55106 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Midie-9651455-0 download attempt (malware-other.rules) * 1:55108 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9652796-0 download attempt (malware-other.rules) * 1:55103 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Urausy-9652317-0 download attempt (malware-other.rules) * 1:55110 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Blackmoon-9653251-0 download attempt (malware-other.rules) * 1:55101 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Generickdz-9651402-0 download attempt (malware-other.rules) * 1:55112 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Slenfbot-9653263-0 download attempt (malware-other.rules) * 1:55107 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Midie-9651455-0 download attempt (malware-other.rules) * 1:55114 <-> DISABLED <-> MALWARE-OTHER Win.Ircbot.Ircbot-9653265-0 download attempt (malware-other.rules) * 1:55105 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Midie-9651428-0 download attempt (malware-other.rules) * 1:55116 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Azzf-9653274-0 download attempt (malware-other.rules) * 1:55111 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Blackmoon-9653251-0 download attempt (malware-other.rules) * 1:55118 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Azzo-9653275-0 download attempt (malware-other.rules) * 1:55109 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9652796-0 download attempt (malware-other.rules) * 1:55120 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Midie-9653298-0 download attempt (malware-other.rules) * 1:55115 <-> DISABLED <-> MALWARE-OTHER Win.Ircbot.Ircbot-9653265-0 download attempt (malware-other.rules) * 1:55122 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Dexter-9654223-0 download attempt (malware-other.rules) * 1:55113 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Slenfbot-9653263-0 download attempt (malware-other.rules) * 1:55124 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Tiny-9653715-0 download attempt (malware-other.rules) * 1:55119 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Azzo-9653275-0 download attempt (malware-other.rules) * 1:55126 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Powerspider-9654501-0 download attempt (malware-other.rules) * 1:55117 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Azzf-9653274-0 download attempt (malware-other.rules) * 1:55128 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ulise-9654608-0 download attempt (malware-other.rules) * 1:55123 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Dexter-9654223-0 download attempt (malware-other.rules) * 1:55121 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Midie-9653298-0 download attempt (malware-other.rules) * 1:55127 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Powerspider-9654501-0 download attempt (malware-other.rules) * 1:55130 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Farfli-9654634-0 download attempt (malware-other.rules) * 1:55125 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Tiny-9653715-0 download attempt (malware-other.rules) * 1:55132 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Upatre-9655576-0 download attempt (malware-other.rules) * 1:55131 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Farfli-9654634-0 download attempt (malware-other.rules) * 1:55134 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Upatre-9655589-0 download attempt (malware-other.rules) * 1:55129 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ulise-9654608-0 download attempt (malware-other.rules) * 1:55136 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Urelas-9655843-0 download attempt (malware-other.rules) * 1:55135 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Upatre-9655589-0 download attempt (malware-other.rules) * 1:55138 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Pioneer outbound communication attempt (malware-cnc.rules) * 1:55133 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Upatre-9655576-0 download attempt (malware-other.rules) * 1:55140 <-> DISABLED <-> SERVER-OTHER Microsoft Windows Active Directory information disclosure attempt (server-other.rules) * 1:55139 <-> DISABLED <-> SERVER-OTHER Microsoft Windows Active Directory information disclosure attempt (server-other.rules) * 1:55142 <-> DISABLED <-> FILE-OTHER Microsoft Windows CLFS Driver elevation of privilege attempt (file-other.rules) * 1:55137 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Urelas-9655843-0 download attempt (malware-other.rules) * 1:55144 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k kernel driver use after free attempt (os-windows.rules) * 1:55143 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k kernel driver use after free attempt (os-windows.rules) * 1:55146 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DirectX kernel driver local privilege escalation attempt (os-windows.rules) * 1:55141 <-> DISABLED <-> FILE-OTHER Microsoft Windows CLFS Driver elevation of privilege attempt (file-other.rules) * 1:55148 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Burden-9681817-0 download attempt (malware-other.rules) * 1:55147 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Burden-9681817-0 download attempt (malware-other.rules) * 1:55150 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generickdz-9681016-0 download attempt (malware-other.rules) * 1:55145 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DirectX kernel driver local privilege escalation attempt (os-windows.rules) * 1:55152 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9683280-0 download attempt (malware-other.rules) * 1:55151 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9683280-0 download attempt (malware-other.rules) * 1:55154 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Upatre-9683289-0 download attempt (malware-other.rules) * 1:55149 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generickdz-9681016-0 download attempt (malware-other.rules) * 1:55156 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9683300-0 download attempt (malware-other.rules) * 1:55155 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9683300-0 download attempt (malware-other.rules) * 1:55158 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Generickdz-9684939-0 download attempt (malware-other.rules) * 1:55153 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Upatre-9683289-0 download attempt (malware-other.rules) * 1:55160 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Midie-9684412-0 download attempt (malware-other.rules) * 1:55159 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Midie-9684412-0 download attempt (malware-other.rules) * 1:55162 <-> DISABLED <-> OS-WINDOWS Microsoft Windows kernel DirectComposition use after free attempt (os-windows.rules) * 1:55157 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Generickdz-9684939-0 download attempt (malware-other.rules) * 1:55164 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Urausy-9732721-0 download attempt (malware-other.rules) * 1:55163 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Urausy-9732721-0 download attempt (malware-other.rules) * 1:55166 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Midie-9732633-0 download attempt (malware-other.rules) * 1:55161 <-> DISABLED <-> OS-WINDOWS Microsoft Windows kernel DirectComposition use after free attempt (os-windows.rules) * 1:55168 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upantix-9732988-0 download attempt (malware-other.rules) * 1:55167 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upantix-9732988-0 download attempt (malware-other.rules) * 1:55165 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Midie-9732633-0 download attempt (malware-other.rules) * 1:55200 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Delf-9733756-0 download attempt (malware-other.rules) * 1:55202 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zbot-9733739-0 download attempt (malware-other.rules) * 1:55201 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zbot-9733739-0 download attempt (malware-other.rules)
* 1:51835 <-> DISABLED <-> SERVER-WEBAPP vBulletin pre-authenticated command injection attempt (server-webapp.rules) * 1:51837 <-> DISABLED <-> SERVER-WEBAPP vBulletin pre-authenticated command injection attempt (server-webapp.rules) * 1:54767 <-> ENABLED <-> SERVER-WEBAPP vBulletin template rendering arbitrary PHP code execution attempt (server-webapp.rules) * 1:51836 <-> DISABLED <-> SERVER-WEBAPP vBulletin pre-authenticated command injection attempt (server-webapp.rules) * 1:36745 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NDIS.SYS driver buffer overflow attempt (os-windows.rules) * 1:54768 <-> ENABLED <-> SERVER-WEBAPP vBulletin template rendering arbitrary PHP code execution attempt (server-webapp.rules) * 1:51834 <-> DISABLED <-> SERVER-WEBAPP vBulletin pre-authenticated command injection attempt (server-webapp.rules) * 1:54383 <-> DISABLED <-> POLICY-OTHER Potentially suspicious fragmented IP in IP packet (policy-other.rules) * 1:36744 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NDIS.SYS driver buffer overflow attempt (os-windows.rules) * 1:51620 <-> ENABLED <-> SERVER-WEBAPP vBulletin pre-authenticated command injection attempt (server-webapp.rules) * 1:51621 <-> ENABLED <-> SERVER-WEBAPP vBulletin pre-authenticated command injection attempt (server-webapp.rules) * 1:51833 <-> DISABLED <-> SERVER-WEBAPP vBulletin pre-authenticated command injection attempt (server-webapp.rules) * 3:55036 <-> ENABLED <-> BROWSER-CHROME TRUFFLEHUNTER TALOS-2020-1152 attack attempt (browser-chrome.rules) * 3:55037 <-> ENABLED <-> BROWSER-CHROME TRUFFLEHUNTER TALOS-2020-1152 attack attempt (browser-chrome.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091101.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:55182 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9733416-0 download attempt (malware-other.rules) * 1:55209 <-> DISABLED <-> SERVER-OTHER Intel AMT HTTP negative content-length attempt (server-other.rules) * 1:55195 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Generickdz-9733685-0 download attempt (malware-other.rules) * 1:55190 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Urausy-9733671-0 download attempt (malware-other.rules) * 1:55196 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Generickdz-9733685-0 download attempt (malware-other.rules) * 1:55038 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Dropperx-9637493-0 download attempt (malware-other.rules) * 1:55197 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NDIS.SYS driver buffer overflow attempt (os-windows.rules) * 1:55040 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Upatre-9638383-0 download attempt (malware-other.rules) * 1:55042 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9638741-0 download attempt (malware-other.rules) * 1:55039 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Dropperx-9637493-0 download attempt (malware-other.rules) * 1:55044 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9638751-0 download attempt (malware-other.rules) * 1:55046 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Genpack-9638414-0 download attempt (malware-other.rules) * 1:55180 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Zbot-9733244-0 download attempt (malware-other.rules) * 1:55043 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9638741-0 download attempt (malware-other.rules) * 1:55048 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Genpack-9638419-0 download attempt (malware-other.rules) * 1:55050 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Karagany-9638614-0 download attempt (malware-other.rules) * 1:55047 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Genpack-9638414-0 download attempt (malware-other.rules) * 1:55052 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Agentb-9639796-0 download attempt (malware-other.rules) * 1:55041 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Upatre-9638383-0 download attempt (malware-other.rules) * 1:55054 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9641287-0 download attempt (malware-other.rules) * 1:55051 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Karagany-9638614-0 download attempt (malware-other.rules) * 1:55056 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Sytro-9640596-0 download attempt (malware-other.rules) * 1:55045 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9638751-0 download attempt (malware-other.rules) * 1:55177 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generickdz-9733191-0 download attempt (malware-other.rules) * 1:55058 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Midie-9642391-0 download attempt (malware-other.rules) * 1:55184 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Trustezeb-9733534-0 download attempt (malware-other.rules) * 1:55055 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9641287-0 download attempt (malware-other.rules) * 1:55060 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Sytro-9644119-0 download attempt (malware-other.rules) * 1:55187 <-> DISABLED <-> OS-WINDOWS Microsoft Windows kernel driver escalation of privilege attempt (os-windows.rules) * 1:55049 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Genpack-9638419-0 download attempt (malware-other.rules) * 1:55062 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upantix-9644504-0 download attempt (malware-other.rules) * 1:55059 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Midie-9642391-0 download attempt (malware-other.rules) * 1:55169 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upantix-9732991-0 download attempt (malware-other.rules) * 1:55064 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upantix-9644516-0 download attempt (malware-other.rules) * 1:55053 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Agentb-9639796-0 download attempt (malware-other.rules) * 1:55066 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Razy-9644138-0 download attempt (malware-other.rules) * 1:55063 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upantix-9644504-0 download attempt (malware-other.rules) * 1:55068 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Nitol-9644345-0 download attempt (malware-other.rules) * 1:55057 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Sytro-9640596-0 download attempt (malware-other.rules) * 1:55070 <-> DISABLED <-> MALWARE-OTHER Win.Tool.Zusy-9645230-0 download attempt (malware-other.rules) * 1:55067 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Razy-9644138-0 download attempt (malware-other.rules) * 1:55072 <-> DISABLED <-> MALWARE-OTHER Win.Tool.Zusy-9645231-0 download attempt (malware-other.rules) * 1:55061 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Sytro-9644119-0 download attempt (malware-other.rules) * 1:55074 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Razy-9645233-0 download attempt (malware-other.rules) * 1:55071 <-> DISABLED <-> MALWARE-OTHER Win.Tool.Zusy-9645230-0 download attempt (malware-other.rules) * 1:55076 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9645326-0 download attempt (malware-other.rules) * 1:55065 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upantix-9644516-0 download attempt (malware-other.rules) * 1:55078 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Dropperx-9645502-0 download attempt (malware-other.rules) * 1:55075 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Razy-9645233-0 download attempt (malware-other.rules) * 1:55080 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9645329-0 download attempt (malware-other.rules) * 1:55069 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Nitol-9644345-0 download attempt (malware-other.rules) * 1:55082 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9645330-0 download attempt (malware-other.rules) * 1:55079 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Dropperx-9645502-0 download attempt (malware-other.rules) * 1:55084 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Razy-9645384-0 download attempt (malware-other.rules) * 1:55073 <-> DISABLED <-> MALWARE-OTHER Win.Tool.Zusy-9645231-0 download attempt (malware-other.rules) * 1:55086 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Bqrf-9645595-0 download attempt (malware-other.rules) * 1:55083 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9645330-0 download attempt (malware-other.rules) * 1:55088 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Upatre-9645450-0 download attempt (malware-other.rules) * 1:55077 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9645326-0 download attempt (malware-other.rules) * 1:55090 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Mikey-9645700-0 download attempt (malware-other.rules) * 1:55087 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Bqrf-9645595-0 download attempt (malware-other.rules) * 1:55092 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9645872-0 download attempt (malware-other.rules) * 1:55081 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9645329-0 download attempt (malware-other.rules) * 1:55094 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Midie-9646220-0 download attempt (malware-other.rules) * 1:55091 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Mikey-9645700-0 download attempt (malware-other.rules) * 1:55096 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Tool.Kuaizip-9646234-0 download attempt (malware-other.rules) * 1:55085 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Razy-9645384-0 download attempt (malware-other.rules) * 1:55098 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Blackmoon-9649168-0 download attempt (malware-other.rules) * 1:55095 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Midie-9646220-0 download attempt (malware-other.rules) * 1:55100 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Generickdz-9651402-0 download attempt (malware-other.rules) * 1:55089 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Upatre-9645450-0 download attempt (malware-other.rules) * 1:55102 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Urausy-9652317-0 download attempt (malware-other.rules) * 1:55099 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Blackmoon-9649168-0 download attempt (malware-other.rules) * 1:55104 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Midie-9651428-0 download attempt (malware-other.rules) * 1:55093 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9645872-0 download attempt (malware-other.rules) * 1:55106 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Midie-9651455-0 download attempt (malware-other.rules) * 1:55103 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Urausy-9652317-0 download attempt (malware-other.rules) * 1:55108 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9652796-0 download attempt (malware-other.rules) * 1:55097 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Tool.Kuaizip-9646234-0 download attempt (malware-other.rules) * 1:55110 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Blackmoon-9653251-0 download attempt (malware-other.rules) * 1:55107 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Midie-9651455-0 download attempt (malware-other.rules) * 1:55112 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Slenfbot-9653263-0 download attempt (malware-other.rules) * 1:55101 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Generickdz-9651402-0 download attempt (malware-other.rules) * 1:55114 <-> DISABLED <-> MALWARE-OTHER Win.Ircbot.Ircbot-9653265-0 download attempt (malware-other.rules) * 1:55111 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Blackmoon-9653251-0 download attempt (malware-other.rules) * 1:55116 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Azzf-9653274-0 download attempt (malware-other.rules) * 1:55105 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Midie-9651428-0 download attempt (malware-other.rules) * 1:55118 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Azzo-9653275-0 download attempt (malware-other.rules) * 1:55115 <-> DISABLED <-> MALWARE-OTHER Win.Ircbot.Ircbot-9653265-0 download attempt (malware-other.rules) * 1:55120 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Midie-9653298-0 download attempt (malware-other.rules) * 1:55109 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9652796-0 download attempt (malware-other.rules) * 1:55122 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Dexter-9654223-0 download attempt (malware-other.rules) * 1:55119 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Azzo-9653275-0 download attempt (malware-other.rules) * 1:55124 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Tiny-9653715-0 download attempt (malware-other.rules) * 1:55113 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Slenfbot-9653263-0 download attempt (malware-other.rules) * 1:55126 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Powerspider-9654501-0 download attempt (malware-other.rules) * 1:55123 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Dexter-9654223-0 download attempt (malware-other.rules) * 1:55128 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ulise-9654608-0 download attempt (malware-other.rules) * 1:55117 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Azzf-9653274-0 download attempt (malware-other.rules) * 1:55130 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Farfli-9654634-0 download attempt (malware-other.rules) * 1:55127 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Powerspider-9654501-0 download attempt (malware-other.rules) * 1:55132 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Upatre-9655576-0 download attempt (malware-other.rules) * 1:55121 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Midie-9653298-0 download attempt (malware-other.rules) * 1:55134 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Upatre-9655589-0 download attempt (malware-other.rules) * 1:55131 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Farfli-9654634-0 download attempt (malware-other.rules) * 1:55136 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Urelas-9655843-0 download attempt (malware-other.rules) * 1:55125 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Tiny-9653715-0 download attempt (malware-other.rules) * 1:55138 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Pioneer outbound communication attempt (malware-cnc.rules) * 1:55135 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Upatre-9655589-0 download attempt (malware-other.rules) * 1:55140 <-> DISABLED <-> SERVER-OTHER Microsoft Windows Active Directory information disclosure attempt (server-other.rules) * 1:55129 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ulise-9654608-0 download attempt (malware-other.rules) * 1:55142 <-> DISABLED <-> FILE-OTHER Microsoft Windows CLFS Driver elevation of privilege attempt (file-other.rules) * 1:55139 <-> DISABLED <-> SERVER-OTHER Microsoft Windows Active Directory information disclosure attempt (server-other.rules) * 1:55144 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k kernel driver use after free attempt (os-windows.rules) * 1:55133 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Upatre-9655576-0 download attempt (malware-other.rules) * 1:55146 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DirectX kernel driver local privilege escalation attempt (os-windows.rules) * 1:55143 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k kernel driver use after free attempt (os-windows.rules) * 1:55148 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Burden-9681817-0 download attempt (malware-other.rules) * 1:55137 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Urelas-9655843-0 download attempt (malware-other.rules) * 1:55150 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generickdz-9681016-0 download attempt (malware-other.rules) * 1:55147 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Burden-9681817-0 download attempt (malware-other.rules) * 1:55152 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9683280-0 download attempt (malware-other.rules) * 1:55141 <-> DISABLED <-> FILE-OTHER Microsoft Windows CLFS Driver elevation of privilege attempt (file-other.rules) * 1:55154 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Upatre-9683289-0 download attempt (malware-other.rules) * 1:55151 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9683280-0 download attempt (malware-other.rules) * 1:55156 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9683300-0 download attempt (malware-other.rules) * 1:55145 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DirectX kernel driver local privilege escalation attempt (os-windows.rules) * 1:55158 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Generickdz-9684939-0 download attempt (malware-other.rules) * 1:55155 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9683300-0 download attempt (malware-other.rules) * 1:55160 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Midie-9684412-0 download attempt (malware-other.rules) * 1:55149 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generickdz-9681016-0 download attempt (malware-other.rules) * 1:55162 <-> DISABLED <-> OS-WINDOWS Microsoft Windows kernel DirectComposition use after free attempt (os-windows.rules) * 1:55159 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Midie-9684412-0 download attempt (malware-other.rules) * 1:55164 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Urausy-9732721-0 download attempt (malware-other.rules) * 1:55153 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Upatre-9683289-0 download attempt (malware-other.rules) * 1:55166 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Midie-9732633-0 download attempt (malware-other.rules) * 1:55163 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Urausy-9732721-0 download attempt (malware-other.rules) * 1:55168 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upantix-9732988-0 download attempt (malware-other.rules) * 1:55157 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Generickdz-9684939-0 download attempt (malware-other.rules) * 1:55167 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upantix-9732988-0 download attempt (malware-other.rules) * 1:55161 <-> DISABLED <-> OS-WINDOWS Microsoft Windows kernel DirectComposition use after free attempt (os-windows.rules) * 1:55173 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Fugrafa-9733010-0 download attempt (malware-other.rules) * 1:55165 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Midie-9732633-0 download attempt (malware-other.rules) * 1:55175 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Midie-9733145-0 download attempt (malware-other.rules) * 1:55176 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Midie-9733145-0 download attempt (malware-other.rules) * 1:55194 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Generickdz-9733669-0 download attempt (malware-other.rules) * 1:55179 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Zbot-9733244-0 download attempt (malware-other.rules) * 1:55205 <-> DISABLED <-> MALWARE-CNC Win.Trojan.SoreFang initial outbound connection attempt (malware-cnc.rules) * 1:55191 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Midie-9733689-0 download attempt (malware-other.rules) * 1:55189 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Urausy-9733671-0 download attempt (malware-other.rules) * 1:55199 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Delf-9733756-0 download attempt (malware-other.rules) * 1:55206 <-> ENABLED <-> SERVER-OTHER Active Directory LDAP addRequest crafted dnsRecord information leak attempt (server-other.rules) * 1:55203 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.SoreFang malicious executable download attempt (malware-other.rules) * 1:55208 <-> DISABLED <-> SERVER-OTHER Intel AMT HTTP invalid chunk size attempt (server-other.rules) * 1:55207 <-> DISABLED <-> SERVER-OTHER Intel AMT HTTP invalid chunk size attempt (server-other.rules) * 1:55188 <-> DISABLED <-> OS-WINDOWS Microsoft Windows kernel driver escalation of privilege attempt (os-windows.rules) * 1:55210 <-> DISABLED <-> SERVER-OTHER Intel AMT HTTP negative content-length attempt (server-other.rules) * 1:55204 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.SoreFang malicious executable download attempt (malware-other.rules) * 1:55198 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NDIS.SYS driver buffer overflow attempt (os-windows.rules) * 1:55193 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Generickdz-9733669-0 download attempt (malware-other.rules) * 1:55192 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Midie-9733689-0 download attempt (malware-other.rules) * 1:55186 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Urausy-9733639-0 download attempt (malware-other.rules) * 1:55171 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Fugrafa-9733007-0 download attempt (malware-other.rules) * 1:55185 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Urausy-9733639-0 download attempt (malware-other.rules) * 1:55178 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generickdz-9733191-0 download attempt (malware-other.rules) * 1:55174 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Fugrafa-9733010-0 download attempt (malware-other.rules) * 1:55181 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9733416-0 download attempt (malware-other.rules) * 1:55172 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Fugrafa-9733007-0 download attempt (malware-other.rules) * 1:55183 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Trustezeb-9733534-0 download attempt (malware-other.rules) * 1:55170 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upantix-9732991-0 download attempt (malware-other.rules) * 1:55200 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Delf-9733756-0 download attempt (malware-other.rules) * 1:55202 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zbot-9733739-0 download attempt (malware-other.rules) * 1:55201 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zbot-9733739-0 download attempt (malware-other.rules)
* 1:51837 <-> DISABLED <-> SERVER-WEBAPP vBulletin pre-authenticated command injection attempt (server-webapp.rules) * 1:36744 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NDIS.SYS driver buffer overflow attempt (os-windows.rules) * 1:51620 <-> ENABLED <-> SERVER-WEBAPP vBulletin pre-authenticated command injection attempt (server-webapp.rules) * 1:51621 <-> ENABLED <-> SERVER-WEBAPP vBulletin pre-authenticated command injection attempt (server-webapp.rules) * 1:51833 <-> DISABLED <-> SERVER-WEBAPP vBulletin pre-authenticated command injection attempt (server-webapp.rules) * 1:51835 <-> DISABLED <-> SERVER-WEBAPP vBulletin pre-authenticated command injection attempt (server-webapp.rules) * 1:51836 <-> DISABLED <-> SERVER-WEBAPP vBulletin pre-authenticated command injection attempt (server-webapp.rules) * 1:54768 <-> ENABLED <-> SERVER-WEBAPP vBulletin template rendering arbitrary PHP code execution attempt (server-webapp.rules) * 1:54767 <-> ENABLED <-> SERVER-WEBAPP vBulletin template rendering arbitrary PHP code execution attempt (server-webapp.rules) * 1:36745 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NDIS.SYS driver buffer overflow attempt (os-windows.rules) * 1:51834 <-> DISABLED <-> SERVER-WEBAPP vBulletin pre-authenticated command injection attempt (server-webapp.rules) * 1:54383 <-> DISABLED <-> POLICY-OTHER Potentially suspicious fragmented IP in IP packet (policy-other.rules) * 3:55037 <-> ENABLED <-> BROWSER-CHROME TRUFFLEHUNTER TALOS-2020-1152 attack attempt (browser-chrome.rules) * 3:55036 <-> ENABLED <-> BROWSER-CHROME TRUFFLEHUNTER TALOS-2020-1152 attack attempt (browser-chrome.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3000.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:55109 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9652796-0 download attempt (snort3-malware-other.rules) * 1:55194 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Generickdz-9733669-0 download attempt (snort3-malware-other.rules) * 1:55182 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9733416-0 download attempt (snort3-malware-other.rules) * 1:55185 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Urausy-9733639-0 download attempt (snort3-malware-other.rules) * 1:55180 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Zbot-9733244-0 download attempt (snort3-malware-other.rules) * 1:55179 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Zbot-9733244-0 download attempt (snort3-malware-other.rules) * 1:55177 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generickdz-9733191-0 download attempt (snort3-malware-other.rules) * 1:55138 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Pioneer outbound communication attempt (snort3-malware-cnc.rules) * 1:55174 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Fugrafa-9733010-0 download attempt (snort3-malware-other.rules) * 1:55157 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Generickdz-9684939-0 download attempt (snort3-malware-other.rules) * 1:55165 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Midie-9732633-0 download attempt (snort3-malware-other.rules) * 1:55160 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Midie-9684412-0 download attempt (snort3-malware-other.rules) * 1:55193 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Generickdz-9733669-0 download attempt (snort3-malware-other.rules) * 1:55198 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NDIS.SYS driver buffer overflow attempt (snort3-os-windows.rules) * 1:55163 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Urausy-9732721-0 download attempt (snort3-malware-other.rules) * 1:55164 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Urausy-9732721-0 download attempt (snort3-malware-other.rules) * 1:55199 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Delf-9733756-0 download attempt (snort3-malware-other.rules) * 1:55041 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Upatre-9638383-0 download attempt (snort3-malware-other.rules) * 1:55045 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9638751-0 download attempt (snort3-malware-other.rules) * 1:55053 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Agentb-9639796-0 download attempt (snort3-malware-other.rules) * 1:55043 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9638741-0 download attempt (snort3-malware-other.rules) * 1:55057 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Sytro-9640596-0 download attempt (snort3-malware-other.rules) * 1:55047 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Genpack-9638414-0 download attempt (snort3-malware-other.rules) * 1:55039 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Dropperx-9637493-0 download attempt (snort3-malware-other.rules) * 1:55061 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Sytro-9644119-0 download attempt (snort3-malware-other.rules) * 1:55051 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Karagany-9638614-0 download attempt (snort3-malware-other.rules) * 1:55065 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upantix-9644516-0 download attempt (snort3-malware-other.rules) * 1:55038 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Dropperx-9637493-0 download attempt (snort3-malware-other.rules) * 1:55055 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9641287-0 download attempt (snort3-malware-other.rules) * 1:55049 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Genpack-9638419-0 download attempt (snort3-malware-other.rules) * 1:55046 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Genpack-9638414-0 download attempt (snort3-malware-other.rules) * 1:55040 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Upatre-9638383-0 download attempt (snort3-malware-other.rules) * 1:55069 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Nitol-9644345-0 download attempt (snort3-malware-other.rules) * 1:55042 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9638741-0 download attempt (snort3-malware-other.rules) * 1:55059 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Midie-9642391-0 download attempt (snort3-malware-other.rules) * 1:55048 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Genpack-9638419-0 download attempt (snort3-malware-other.rules) * 1:55073 <-> DISABLED <-> MALWARE-OTHER Win.Tool.Zusy-9645231-0 download attempt (snort3-malware-other.rules) * 1:55044 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9638751-0 download attempt (snort3-malware-other.rules) * 1:55063 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upantix-9644504-0 download attempt (snort3-malware-other.rules) * 1:55050 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Karagany-9638614-0 download attempt (snort3-malware-other.rules) * 1:55077 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9645326-0 download attempt (snort3-malware-other.rules) * 1:55052 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Agentb-9639796-0 download attempt (snort3-malware-other.rules) * 1:55067 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Razy-9644138-0 download attempt (snort3-malware-other.rules) * 1:55056 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Sytro-9640596-0 download attempt (snort3-malware-other.rules) * 1:55068 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Nitol-9644345-0 download attempt (snort3-malware-other.rules) * 1:55054 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9641287-0 download attempt (snort3-malware-other.rules) * 1:55071 <-> DISABLED <-> MALWARE-OTHER Win.Tool.Zusy-9645230-0 download attempt (snort3-malware-other.rules) * 1:55062 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upantix-9644504-0 download attempt (snort3-malware-other.rules) * 1:55058 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Midie-9642391-0 download attempt (snort3-malware-other.rules) * 1:55066 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Razy-9644138-0 download attempt (snort3-malware-other.rules) * 1:55085 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Razy-9645384-0 download attempt (snort3-malware-other.rules) * 1:55064 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upantix-9644516-0 download attempt (snort3-malware-other.rules) * 1:55060 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Sytro-9644119-0 download attempt (snort3-malware-other.rules) * 1:55081 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9645329-0 download attempt (snort3-malware-other.rules) * 1:55075 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Razy-9645233-0 download attempt (snort3-malware-other.rules) * 1:55089 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Upatre-9645450-0 download attempt (snort3-malware-other.rules) * 1:55079 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Dropperx-9645502-0 download attempt (snort3-malware-other.rules) * 1:55074 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Razy-9645233-0 download attempt (snort3-malware-other.rules) * 1:55093 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9645872-0 download attempt (snort3-malware-other.rules) * 1:55070 <-> DISABLED <-> MALWARE-OTHER Win.Tool.Zusy-9645230-0 download attempt (snort3-malware-other.rules) * 1:55072 <-> DISABLED <-> MALWARE-OTHER Win.Tool.Zusy-9645231-0 download attempt (snort3-malware-other.rules) * 1:55078 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Dropperx-9645502-0 download attempt (snort3-malware-other.rules) * 1:55083 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9645330-0 download attempt (snort3-malware-other.rules) * 1:55076 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9645326-0 download attempt (snort3-malware-other.rules) * 1:55097 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Tool.Kuaizip-9646234-0 download attempt (snort3-malware-other.rules) * 1:55080 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9645329-0 download attempt (snort3-malware-other.rules) * 1:55087 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Bqrf-9645595-0 download attempt (snort3-malware-other.rules) * 1:55101 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Generickdz-9651402-0 download attempt (snort3-malware-other.rules) * 1:55091 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Mikey-9645700-0 download attempt (snort3-malware-other.rules) * 1:55084 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Razy-9645384-0 download attempt (snort3-malware-other.rules) * 1:55092 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9645872-0 download attempt (snort3-malware-other.rules) * 1:55082 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9645330-0 download attempt (snort3-malware-other.rules) * 1:55095 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Midie-9646220-0 download attempt (snort3-malware-other.rules) * 1:55090 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Mikey-9645700-0 download attempt (snort3-malware-other.rules) * 1:55099 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Blackmoon-9649168-0 download attempt (snort3-malware-other.rules) * 1:55086 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Bqrf-9645595-0 download attempt (snort3-malware-other.rules) * 1:55088 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Upatre-9645450-0 download attempt (snort3-malware-other.rules) * 1:55096 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Tool.Kuaizip-9646234-0 download attempt (snort3-malware-other.rules) * 1:55105 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Midie-9651428-0 download attempt (snort3-malware-other.rules) * 1:55136 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Urelas-9655843-0 download attempt (snort3-malware-other.rules) * 1:55094 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Midie-9646220-0 download attempt (snort3-malware-other.rules) * 1:55103 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Urausy-9652317-0 download attempt (snort3-malware-other.rules) * 1:55100 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Generickdz-9651402-0 download attempt (snort3-malware-other.rules) * 1:55104 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Midie-9651428-0 download attempt (snort3-malware-other.rules) * 1:55107 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Midie-9651455-0 download attempt (snort3-malware-other.rules) * 1:55098 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Blackmoon-9649168-0 download attempt (snort3-malware-other.rules) * 1:55111 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Blackmoon-9653251-0 download attempt (snort3-malware-other.rules) * 1:55113 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Slenfbot-9653263-0 download attempt (snort3-malware-other.rules) * 1:55102 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Urausy-9652317-0 download attempt (snort3-malware-other.rules) * 1:55121 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Midie-9653298-0 download attempt (snort3-malware-other.rules) * 1:55117 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Azzf-9653274-0 download attempt (snort3-malware-other.rules) * 1:55106 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Midie-9651455-0 download attempt (snort3-malware-other.rules) * 1:55115 <-> DISABLED <-> MALWARE-OTHER Win.Ircbot.Ircbot-9653265-0 download attempt (snort3-malware-other.rules) * 1:55112 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Slenfbot-9653263-0 download attempt (snort3-malware-other.rules) * 1:55108 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9652796-0 download attempt (snort3-malware-other.rules) * 1:55110 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Blackmoon-9653251-0 download attempt (snort3-malware-other.rules) * 1:55119 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Azzo-9653275-0 download attempt (snort3-malware-other.rules) * 1:55116 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Azzf-9653274-0 download attempt (snort3-malware-other.rules) * 1:55125 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Tiny-9653715-0 download attempt (snort3-malware-other.rules) * 1:55114 <-> DISABLED <-> MALWARE-OTHER Win.Ircbot.Ircbot-9653265-0 download attempt (snort3-malware-other.rules) * 1:55123 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Dexter-9654223-0 download attempt (snort3-malware-other.rules) * 1:55120 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Midie-9653298-0 download attempt (snort3-malware-other.rules) * 1:55129 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ulise-9654608-0 download attempt (snort3-malware-other.rules) * 1:55118 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Azzo-9653275-0 download attempt (snort3-malware-other.rules) * 1:55127 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Powerspider-9654501-0 download attempt (snort3-malware-other.rules) * 1:55122 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Dexter-9654223-0 download attempt (snort3-malware-other.rules) * 1:55133 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Upatre-9655576-0 download attempt (snort3-malware-other.rules) * 1:55131 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Farfli-9654634-0 download attempt (snort3-malware-other.rules) * 1:55137 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Urelas-9655843-0 download attempt (snort3-malware-other.rules) * 1:55126 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Powerspider-9654501-0 download attempt (snort3-malware-other.rules) * 1:55135 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Upatre-9655589-0 download attempt (snort3-malware-other.rules) * 1:55124 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Tiny-9653715-0 download attempt (snort3-malware-other.rules) * 1:55139 <-> DISABLED <-> SERVER-OTHER Microsoft Windows Active Directory information disclosure attempt (snort3-server-other.rules) * 1:55134 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Upatre-9655589-0 download attempt (snort3-malware-other.rules) * 1:55141 <-> DISABLED <-> FILE-OTHER Microsoft Windows CLFS Driver elevation of privilege attempt (snort3-file-other.rules) * 1:55128 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ulise-9654608-0 download attempt (snort3-malware-other.rules) * 1:55132 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Upatre-9655576-0 download attempt (snort3-malware-other.rules) * 1:55166 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Midie-9732633-0 download attempt (snort3-malware-other.rules) * 1:55154 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Upatre-9683289-0 download attempt (snort3-malware-other.rules) * 1:55158 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Generickdz-9684939-0 download attempt (snort3-malware-other.rules) * 1:55200 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Delf-9733756-0 download attempt (snort3-malware-other.rules) * 1:55176 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Midie-9733145-0 download attempt (snort3-malware-other.rules) * 1:55167 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upantix-9732988-0 download attempt (snort3-malware-other.rules) * 1:55168 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upantix-9732988-0 download attempt (snort3-malware-other.rules) * 1:55159 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Midie-9684412-0 download attempt (snort3-malware-other.rules) * 1:55171 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Fugrafa-9733007-0 download attempt (snort3-malware-other.rules) * 1:55169 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upantix-9732991-0 download attempt (snort3-malware-other.rules) * 1:55142 <-> DISABLED <-> FILE-OTHER Microsoft Windows CLFS Driver elevation of privilege attempt (snort3-file-other.rules) * 1:55190 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Urausy-9733671-0 download attempt (snort3-malware-other.rules) * 1:55145 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DirectX kernel driver local privilege escalation attempt (snort3-os-windows.rules) * 1:55147 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Burden-9681817-0 download attempt (snort3-malware-other.rules) * 1:55189 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Urausy-9733671-0 download attempt (snort3-malware-other.rules) * 1:55172 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Fugrafa-9733007-0 download attempt (snort3-malware-other.rules) * 1:55143 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k kernel driver use after free attempt (snort3-os-windows.rules) * 1:55148 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Burden-9681817-0 download attempt (snort3-malware-other.rules) * 1:55162 <-> DISABLED <-> OS-WINDOWS Microsoft Windows kernel DirectComposition use after free attempt (snort3-os-windows.rules) * 1:55146 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DirectX kernel driver local privilege escalation attempt (snort3-os-windows.rules) * 1:55150 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generickdz-9681016-0 download attempt (snort3-malware-other.rules) * 1:55153 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Upatre-9683289-0 download attempt (snort3-malware-other.rules) * 1:55152 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9683280-0 download attempt (snort3-malware-other.rules) * 1:55155 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9683300-0 download attempt (snort3-malware-other.rules) * 1:55149 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generickdz-9681016-0 download attempt (snort3-malware-other.rules) * 1:55181 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9733416-0 download attempt (snort3-malware-other.rules) * 1:55183 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Trustezeb-9733534-0 download attempt (snort3-malware-other.rules) * 1:55178 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generickdz-9733191-0 download attempt (snort3-malware-other.rules) * 1:55173 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Fugrafa-9733010-0 download attempt (snort3-malware-other.rules) * 1:55210 <-> DISABLED <-> SERVER-OTHER Intel AMT HTTP negative content-length attempt (snort3-server-other.rules) * 1:55203 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.SoreFang malicious executable download attempt (snort3-malware-other.rules) * 1:55208 <-> DISABLED <-> SERVER-OTHER Intel AMT HTTP invalid chunk size attempt (snort3-server-other.rules) * 1:55187 <-> DISABLED <-> OS-WINDOWS Microsoft Windows kernel driver escalation of privilege attempt (snort3-os-windows.rules) * 1:55209 <-> DISABLED <-> SERVER-OTHER Intel AMT HTTP negative content-length attempt (snort3-server-other.rules) * 1:55202 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zbot-9733739-0 download attempt (snort3-malware-other.rules) * 1:55204 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.SoreFang malicious executable download attempt (snort3-malware-other.rules) * 1:55196 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Generickdz-9733685-0 download attempt (snort3-malware-other.rules) * 1:55205 <-> DISABLED <-> MALWARE-CNC Win.Trojan.SoreFang initial outbound connection attempt (snort3-malware-cnc.rules) * 1:55206 <-> ENABLED <-> SERVER-OTHER Active Directory LDAP addRequest crafted dnsRecord information leak attempt (snort3-server-other.rules) * 1:55201 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zbot-9733739-0 download attempt (snort3-malware-other.rules) * 1:55207 <-> DISABLED <-> SERVER-OTHER Intel AMT HTTP invalid chunk size attempt (snort3-server-other.rules) * 1:55191 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Midie-9733689-0 download attempt (snort3-malware-other.rules) * 1:55175 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Midie-9733145-0 download attempt (snort3-malware-other.rules) * 1:55188 <-> DISABLED <-> OS-WINDOWS Microsoft Windows kernel driver escalation of privilege attempt (snort3-os-windows.rules) * 1:55161 <-> DISABLED <-> OS-WINDOWS Microsoft Windows kernel DirectComposition use after free attempt (snort3-os-windows.rules) * 1:55140 <-> DISABLED <-> SERVER-OTHER Microsoft Windows Active Directory information disclosure attempt (snort3-server-other.rules) * 1:55170 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upantix-9732991-0 download attempt (snort3-malware-other.rules) * 1:55192 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Midie-9733689-0 download attempt (snort3-malware-other.rules) * 1:55144 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k kernel driver use after free attempt (snort3-os-windows.rules) * 1:55197 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NDIS.SYS driver buffer overflow attempt (snort3-os-windows.rules) * 1:55151 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9683280-0 download attempt (snort3-malware-other.rules) * 1:55156 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9683300-0 download attempt (snort3-malware-other.rules) * 1:55130 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Farfli-9654634-0 download attempt (snort3-malware-other.rules) * 1:55184 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Trustezeb-9733534-0 download attempt (snort3-malware-other.rules) * 1:55186 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Urausy-9733639-0 download attempt (snort3-malware-other.rules) * 1:55195 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Generickdz-9733685-0 download attempt (snort3-malware-other.rules)
* 1:51621 <-> ENABLED <-> SERVER-WEBAPP vBulletin pre-authenticated command injection attempt (snort3-server-webapp.rules) * 1:51833 <-> DISABLED <-> SERVER-WEBAPP vBulletin pre-authenticated command injection attempt (snort3-server-webapp.rules) * 1:51834 <-> DISABLED <-> SERVER-WEBAPP vBulletin pre-authenticated command injection attempt (snort3-server-webapp.rules) * 1:51836 <-> DISABLED <-> SERVER-WEBAPP vBulletin pre-authenticated command injection attempt (snort3-server-webapp.rules) * 1:51837 <-> DISABLED <-> SERVER-WEBAPP vBulletin pre-authenticated command injection attempt (snort3-server-webapp.rules) * 1:54383 <-> DISABLED <-> POLICY-OTHER Potentially suspicious fragmented IP in IP packet (snort3-policy-other.rules) * 1:54768 <-> ENABLED <-> SERVER-WEBAPP vBulletin template rendering arbitrary PHP code execution attempt (snort3-server-webapp.rules) * 1:36744 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NDIS.SYS driver buffer overflow attempt (snort3-os-windows.rules) * 1:51835 <-> DISABLED <-> SERVER-WEBAPP vBulletin pre-authenticated command injection attempt (snort3-server-webapp.rules) * 1:54767 <-> ENABLED <-> SERVER-WEBAPP vBulletin template rendering arbitrary PHP code execution attempt (snort3-server-webapp.rules) * 1:51620 <-> ENABLED <-> SERVER-WEBAPP vBulletin pre-authenticated command injection attempt (snort3-server-webapp.rules) * 1:36745 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NDIS.SYS driver buffer overflow attempt (snort3-os-windows.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:55198 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NDIS.SYS driver buffer overflow attempt (os-windows.rules) * 1:55176 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Midie-9733145-0 download attempt (malware-other.rules) * 1:55159 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Midie-9684412-0 download attempt (malware-other.rules) * 1:55143 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k kernel driver use after free attempt (os-windows.rules) * 1:55202 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zbot-9733739-0 download attempt (malware-other.rules) * 1:55129 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ulise-9654608-0 download attempt (malware-other.rules) * 1:55199 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Delf-9733756-0 download attempt (malware-other.rules) * 1:55149 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generickdz-9681016-0 download attempt (malware-other.rules) * 1:55200 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Delf-9733756-0 download attempt (malware-other.rules) * 1:55177 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generickdz-9733191-0 download attempt (malware-other.rules) * 1:55201 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zbot-9733739-0 download attempt (malware-other.rules) * 1:55194 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Generickdz-9733669-0 download attempt (malware-other.rules) * 1:55124 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Tiny-9653715-0 download attempt (malware-other.rules) * 1:55181 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9733416-0 download attempt (malware-other.rules) * 1:55183 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Trustezeb-9733534-0 download attempt (malware-other.rules) * 1:55197 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NDIS.SYS driver buffer overflow attempt (os-windows.rules) * 1:55187 <-> DISABLED <-> OS-WINDOWS Microsoft Windows kernel driver escalation of privilege attempt (os-windows.rules) * 1:55207 <-> DISABLED <-> SERVER-OTHER Intel AMT HTTP invalid chunk size attempt (server-other.rules) * 1:55186 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Urausy-9733639-0 download attempt (malware-other.rules) * 1:55208 <-> DISABLED <-> SERVER-OTHER Intel AMT HTTP invalid chunk size attempt (server-other.rules) * 1:55170 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upantix-9732991-0 download attempt (malware-other.rules) * 1:55206 <-> ENABLED <-> SERVER-OTHER Active Directory LDAP addRequest crafted dnsRecord information leak attempt (server-other.rules) * 1:55153 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Upatre-9683289-0 download attempt (malware-other.rules) * 1:55166 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Midie-9732633-0 download attempt (malware-other.rules) * 1:55203 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.SoreFang malicious executable download attempt (malware-other.rules) * 1:55039 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Dropperx-9637493-0 download attempt (malware-other.rules) * 1:55043 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9638741-0 download attempt (malware-other.rules) * 1:55041 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Upatre-9638383-0 download attempt (malware-other.rules) * 1:55046 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Genpack-9638414-0 download attempt (malware-other.rules) * 1:55050 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Karagany-9638614-0 download attempt (malware-other.rules) * 1:55045 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9638751-0 download attempt (malware-other.rules) * 1:55049 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Genpack-9638419-0 download attempt (malware-other.rules) * 1:55047 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Genpack-9638414-0 download attempt (malware-other.rules) * 1:55040 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Upatre-9638383-0 download attempt (malware-other.rules) * 1:55042 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9638741-0 download attempt (malware-other.rules) * 1:55057 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Sytro-9640596-0 download attempt (malware-other.rules) * 1:55044 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9638751-0 download attempt (malware-other.rules) * 1:55058 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Midie-9642391-0 download attempt (malware-other.rules) * 1:55055 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9641287-0 download attempt (malware-other.rules) * 1:55052 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Agentb-9639796-0 download attempt (malware-other.rules) * 1:55061 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Sytro-9644119-0 download attempt (malware-other.rules) * 1:55038 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Dropperx-9637493-0 download attempt (malware-other.rules) * 1:55059 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Midie-9642391-0 download attempt (malware-other.rules) * 1:55054 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9641287-0 download attempt (malware-other.rules) * 1:55063 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upantix-9644504-0 download attempt (malware-other.rules) * 1:55051 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Karagany-9638614-0 download attempt (malware-other.rules) * 1:55069 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Nitol-9644345-0 download attempt (malware-other.rules) * 1:55060 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Sytro-9644119-0 download attempt (malware-other.rules) * 1:55067 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Razy-9644138-0 download attempt (malware-other.rules) * 1:55048 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Genpack-9638419-0 download attempt (malware-other.rules) * 1:55073 <-> DISABLED <-> MALWARE-OTHER Win.Tool.Zusy-9645231-0 download attempt (malware-other.rules) * 1:55064 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upantix-9644516-0 download attempt (malware-other.rules) * 1:55074 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Razy-9645233-0 download attempt (malware-other.rules) * 1:55053 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Agentb-9639796-0 download attempt (malware-other.rules) * 1:55071 <-> DISABLED <-> MALWARE-OTHER Win.Tool.Zusy-9645230-0 download attempt (malware-other.rules) * 1:55066 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Razy-9644138-0 download attempt (malware-other.rules) * 1:55068 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Nitol-9644345-0 download attempt (malware-other.rules) * 1:55056 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Sytro-9640596-0 download attempt (malware-other.rules) * 1:55078 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Dropperx-9645502-0 download attempt (malware-other.rules) * 1:55070 <-> DISABLED <-> MALWARE-OTHER Win.Tool.Zusy-9645230-0 download attempt (malware-other.rules) * 1:55075 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Razy-9645233-0 download attempt (malware-other.rules) * 1:55062 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upantix-9644504-0 download attempt (malware-other.rules) * 1:55083 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9645330-0 download attempt (malware-other.rules) * 1:55072 <-> DISABLED <-> MALWARE-OTHER Win.Tool.Zusy-9645231-0 download attempt (malware-other.rules) * 1:55080 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9645329-0 download attempt (malware-other.rules) * 1:55065 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upantix-9644516-0 download attempt (malware-other.rules) * 1:55086 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Bqrf-9645595-0 download attempt (malware-other.rules) * 1:55079 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Dropperx-9645502-0 download attempt (malware-other.rules) * 1:55081 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9645329-0 download attempt (malware-other.rules) * 1:55076 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9645326-0 download attempt (malware-other.rules) * 1:55089 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Upatre-9645450-0 download attempt (malware-other.rules) * 1:55082 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9645330-0 download attempt (malware-other.rules) * 1:55092 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9645872-0 download attempt (malware-other.rules) * 1:55093 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9645872-0 download attempt (malware-other.rules) * 1:55084 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Razy-9645384-0 download attempt (malware-other.rules) * 1:55091 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Mikey-9645700-0 download attempt (malware-other.rules) * 1:55085 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Razy-9645384-0 download attempt (malware-other.rules) * 1:55097 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Tool.Kuaizip-9646234-0 download attempt (malware-other.rules) * 1:55090 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Mikey-9645700-0 download attempt (malware-other.rules) * 1:55095 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Midie-9646220-0 download attempt (malware-other.rules) * 1:55088 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Upatre-9645450-0 download attempt (malware-other.rules) * 1:55101 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Generickdz-9651402-0 download attempt (malware-other.rules) * 1:55094 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Midie-9646220-0 download attempt (malware-other.rules) * 1:55099 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Blackmoon-9649168-0 download attempt (malware-other.rules) * 1:55087 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Bqrf-9645595-0 download attempt (malware-other.rules) * 1:55103 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Urausy-9652317-0 download attempt (malware-other.rules) * 1:55098 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Blackmoon-9649168-0 download attempt (malware-other.rules) * 1:55109 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9652796-0 download attempt (malware-other.rules) * 1:55096 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Tool.Kuaizip-9646234-0 download attempt (malware-other.rules) * 1:55107 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Midie-9651455-0 download attempt (malware-other.rules) * 1:55102 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Urausy-9652317-0 download attempt (malware-other.rules) * 1:55113 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Slenfbot-9653263-0 download attempt (malware-other.rules) * 1:55100 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Generickdz-9651402-0 download attempt (malware-other.rules) * 1:55169 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upantix-9732991-0 download attempt (malware-other.rules) * 1:55105 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Midie-9651428-0 download attempt (malware-other.rules) * 1:55114 <-> DISABLED <-> MALWARE-OTHER Win.Ircbot.Ircbot-9653265-0 download attempt (malware-other.rules) * 1:55104 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Midie-9651428-0 download attempt (malware-other.rules) * 1:55111 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Blackmoon-9653251-0 download attempt (malware-other.rules) * 1:55108 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9652796-0 download attempt (malware-other.rules) * 1:55077 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9645326-0 download attempt (malware-other.rules) * 1:55106 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Midie-9651455-0 download attempt (malware-other.rules) * 1:55110 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Blackmoon-9653251-0 download attempt (malware-other.rules) * 1:55162 <-> DISABLED <-> OS-WINDOWS Microsoft Windows kernel DirectComposition use after free attempt (os-windows.rules) * 1:55193 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Generickdz-9733669-0 download attempt (malware-other.rules) * 1:55204 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.SoreFang malicious executable download attempt (malware-other.rules) * 1:55188 <-> DISABLED <-> OS-WINDOWS Microsoft Windows kernel driver escalation of privilege attempt (os-windows.rules) * 1:55191 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Midie-9733689-0 download attempt (malware-other.rules) * 1:55145 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DirectX kernel driver local privilege escalation attempt (os-windows.rules) * 1:55112 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Slenfbot-9653263-0 download attempt (malware-other.rules) * 1:55180 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Zbot-9733244-0 download attempt (malware-other.rules) * 1:55195 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Generickdz-9733685-0 download attempt (malware-other.rules) * 1:55174 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Fugrafa-9733010-0 download attempt (malware-other.rules) * 1:55130 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Farfli-9654634-0 download attempt (malware-other.rules) * 1:55125 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Tiny-9653715-0 download attempt (malware-other.rules) * 1:55131 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Farfli-9654634-0 download attempt (malware-other.rules) * 1:55126 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Powerspider-9654501-0 download attempt (malware-other.rules) * 1:55165 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Midie-9732633-0 download attempt (malware-other.rules) * 1:55127 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Powerspider-9654501-0 download attempt (malware-other.rules) * 1:55184 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Trustezeb-9733534-0 download attempt (malware-other.rules) * 1:55134 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Upatre-9655589-0 download attempt (malware-other.rules) * 1:55128 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ulise-9654608-0 download attempt (malware-other.rules) * 1:55132 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Upatre-9655576-0 download attempt (malware-other.rules) * 1:55141 <-> DISABLED <-> FILE-OTHER Microsoft Windows CLFS Driver elevation of privilege attempt (file-other.rules) * 1:55205 <-> DISABLED <-> MALWARE-CNC Win.Trojan.SoreFang initial outbound connection attempt (malware-cnc.rules) * 1:55135 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Upatre-9655589-0 download attempt (malware-other.rules) * 1:55167 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upantix-9732988-0 download attempt (malware-other.rules) * 1:55137 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Urelas-9655843-0 download attempt (malware-other.rules) * 1:55136 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Urelas-9655843-0 download attempt (malware-other.rules) * 1:55116 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Azzf-9653274-0 download attempt (malware-other.rules) * 1:55138 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Pioneer outbound communication attempt (malware-cnc.rules) * 1:55189 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Urausy-9733671-0 download attempt (malware-other.rules) * 1:55168 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upantix-9732988-0 download attempt (malware-other.rules) * 1:55117 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Azzf-9653274-0 download attempt (malware-other.rules) * 1:55122 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Dexter-9654223-0 download attempt (malware-other.rules) * 1:55119 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Azzo-9653275-0 download attempt (malware-other.rules) * 1:55154 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Upatre-9683289-0 download attempt (malware-other.rules) * 1:55178 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generickdz-9733191-0 download attempt (malware-other.rules) * 1:55172 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Fugrafa-9733007-0 download attempt (malware-other.rules) * 1:55118 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Azzo-9653275-0 download attempt (malware-other.rules) * 1:55156 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9683300-0 download attempt (malware-other.rules) * 1:55151 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9683280-0 download attempt (malware-other.rules) * 1:55147 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Burden-9681817-0 download attempt (malware-other.rules) * 1:55155 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9683300-0 download attempt (malware-other.rules) * 1:55123 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Dexter-9654223-0 download attempt (malware-other.rules) * 1:55163 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Urausy-9732721-0 download attempt (malware-other.rules) * 1:55196 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Generickdz-9733685-0 download attempt (malware-other.rules) * 1:55152 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9683280-0 download attempt (malware-other.rules) * 1:55161 <-> DISABLED <-> OS-WINDOWS Microsoft Windows kernel DirectComposition use after free attempt (os-windows.rules) * 1:55133 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Upatre-9655576-0 download attempt (malware-other.rules) * 1:55160 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Midie-9684412-0 download attempt (malware-other.rules) * 1:55175 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Midie-9733145-0 download attempt (malware-other.rules) * 1:55192 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Midie-9733689-0 download attempt (malware-other.rules) * 1:55115 <-> DISABLED <-> MALWARE-OTHER Win.Ircbot.Ircbot-9653265-0 download attempt (malware-other.rules) * 1:55185 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Urausy-9733639-0 download attempt (malware-other.rules) * 1:55173 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Fugrafa-9733010-0 download attempt (malware-other.rules) * 1:55209 <-> DISABLED <-> SERVER-OTHER Intel AMT HTTP negative content-length attempt (server-other.rules) * 1:55210 <-> DISABLED <-> SERVER-OTHER Intel AMT HTTP negative content-length attempt (server-other.rules) * 1:55120 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Midie-9653298-0 download attempt (malware-other.rules) * 1:55182 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9733416-0 download attempt (malware-other.rules) * 1:55157 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Generickdz-9684939-0 download attempt (malware-other.rules) * 1:55150 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generickdz-9681016-0 download attempt (malware-other.rules) * 1:55146 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DirectX kernel driver local privilege escalation attempt (os-windows.rules) * 1:55148 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Burden-9681817-0 download attempt (malware-other.rules) * 1:55179 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Zbot-9733244-0 download attempt (malware-other.rules) * 1:55190 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Urausy-9733671-0 download attempt (malware-other.rules) * 1:55121 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Midie-9653298-0 download attempt (malware-other.rules) * 1:55171 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Fugrafa-9733007-0 download attempt (malware-other.rules) * 1:55144 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k kernel driver use after free attempt (os-windows.rules) * 1:55142 <-> DISABLED <-> FILE-OTHER Microsoft Windows CLFS Driver elevation of privilege attempt (file-other.rules) * 1:55158 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Generickdz-9684939-0 download attempt (malware-other.rules) * 1:55164 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Urausy-9732721-0 download attempt (malware-other.rules)
* 1:51621 <-> ENABLED <-> SERVER-WEBAPP vBulletin pre-authenticated command injection attempt (server-webapp.rules) * 1:51836 <-> DISABLED <-> SERVER-WEBAPP vBulletin pre-authenticated command injection attempt (server-webapp.rules) * 1:54768 <-> ENABLED <-> SERVER-WEBAPP vBulletin template rendering arbitrary PHP code execution attempt (server-webapp.rules) * 1:51834 <-> DISABLED <-> SERVER-WEBAPP vBulletin pre-authenticated command injection attempt (server-webapp.rules) * 1:51837 <-> DISABLED <-> SERVER-WEBAPP vBulletin pre-authenticated command injection attempt (server-webapp.rules) * 1:36745 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NDIS.SYS driver buffer overflow attempt (os-windows.rules) * 1:51833 <-> DISABLED <-> SERVER-WEBAPP vBulletin pre-authenticated command injection attempt (server-webapp.rules) * 1:54767 <-> ENABLED <-> SERVER-WEBAPP vBulletin template rendering arbitrary PHP code execution attempt (server-webapp.rules) * 1:51835 <-> DISABLED <-> SERVER-WEBAPP vBulletin pre-authenticated command injection attempt (server-webapp.rules) * 1:54383 <-> DISABLED <-> POLICY-OTHER Potentially suspicious fragmented IP in IP packet (policy-other.rules) * 1:36744 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NDIS.SYS driver buffer overflow attempt (os-windows.rules) * 1:51620 <-> ENABLED <-> SERVER-WEBAPP vBulletin pre-authenticated command injection attempt (server-webapp.rules) * 3:55037 <-> ENABLED <-> BROWSER-CHROME TRUFFLEHUNTER TALOS-2020-1152 attack attempt (browser-chrome.rules) * 3:55036 <-> ENABLED <-> BROWSER-CHROME TRUFFLEHUNTER TALOS-2020-1152 attack attempt (browser-chrome.rules)