Talos Rules 2020-11-17
This release adds and modifies rules in several categories.

Talos has added and modified multiple rules in the browser-webkit, file-image, file-office, indicator-shellcode, malware-backdoor, malware-cnc, malware-other, policy-other and server-webapp rule sets to provide coverage for emerging threats from these technologies.

Change logs

2020-11-17 20:28:07 UTC

Snort Subscriber Rules Update

Date: 2020-11-17

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091601.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:56328 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9791863-0 download attempt (malware-other.rules)
 * 1:56329 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9791863-0 download attempt (malware-other.rules)
 * 1:56330 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Rukoma-9792185-0 download attempt (malware-other.rules)
 * 1:56331 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Rukoma-9792185-0 download attempt (malware-other.rules)
 * 1:56332 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zbot-9792718-0 download attempt (malware-other.rules)
 * 1:56333 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zbot-9792718-0 download attempt (malware-other.rules)
 * 1:56334 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Ursu-9792860-0 download attempt (malware-other.rules)
 * 1:56335 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Ursu-9792860-0 download attempt (malware-other.rules)
 * 1:56336 <-> DISABLED <-> MALWARE-OTHER PUA.Win.File.Zusy-9792896-0 download attempt (malware-other.rules)
 * 1:56337 <-> DISABLED <-> MALWARE-OTHER PUA.Win.File.Zusy-9792896-0 download attempt (malware-other.rules)
 * 1:56338 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Dagava-9793006-0 download attempt (malware-other.rules)
 * 1:56339 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Dagava-9793006-0 download attempt (malware-other.rules)
 * 1:56340 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Daws-9793378-0 download attempt (malware-other.rules)
 * 1:56341 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Daws-9793378-0 download attempt (malware-other.rules)
 * 1:56342 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9793635-0 download attempt (malware-other.rules)
 * 1:56343 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9793635-0 download attempt (malware-other.rules)
 * 1:56344 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9793638-0 download attempt (malware-other.rules)
 * 1:56345 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9793638-0 download attempt (malware-other.rules)
 * 1:56346 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Icloader-9793684-0 download attempt (malware-other.rules)
 * 1:56347 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Icloader-9793684-0 download attempt (malware-other.rules)
 * 1:56348 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Chen-9793785-0 download attempt (malware-other.rules)
 * 1:56349 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Chen-9793785-0 download attempt (malware-other.rules)
 * 1:56350 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9793863-0 download attempt (malware-other.rules)
 * 1:56351 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9793863-0 download attempt (malware-other.rules)
 * 1:56352 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9793788-0 download attempt (malware-other.rules)
 * 1:56353 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9793788-0 download attempt (malware-other.rules)
 * 1:56354 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9793953-0 download attempt (malware-other.rules)
 * 1:56355 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9793953-0 download attempt (malware-other.rules)
 * 1:56356 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9794293-0 download attempt (malware-other.rules)
 * 1:56357 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9794293-0 download attempt (malware-other.rules)
 * 1:56358 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Ulise-9794347-0 download attempt (malware-other.rules)
 * 1:56359 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Ulise-9794347-0 download attempt (malware-other.rules)
 * 1:56360 <-> DISABLED <-> MALWARE-OTHER PUA.Win.File.Playtech-9794342-0 download attempt (malware-other.rules)
 * 1:56361 <-> DISABLED <-> MALWARE-OTHER PUA.Win.File.Playtech-9794342-0 download attempt (malware-other.rules)
 * 1:56362 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Cerber-9794403-0 download attempt (malware-other.rules)
 * 1:56363 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Cerber-9794403-0 download attempt (malware-other.rules)
 * 1:56364 <-> DISABLED <-> SERVER-WEBAPP D-Link DSR-250N denial of service attempt (server-webapp.rules)
 * 1:56367 <-> ENABLED <-> MALWARE-CNC Win.Trojan.GlitchPOS variant outbound connection attempt (malware-cnc.rules)
 * 1:56368 <-> ENABLED <-> MALWARE-CNC Win.Trojan.GlitchPOS variant outbound connection attempt (malware-cnc.rules)
 * 1:56369 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.GlitchPOS malicious executable download attempt (malware-other.rules)
 * 1:56370 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.GlitchPOS malicious executable download attempt (malware-other.rules)
 * 1:56371 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ComRAT variant binary download attempt (malware-cnc.rules)
 * 1:56372 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ComRAT variant binary download attempt (malware-cnc.rules)
 * 1:56373 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ComRAT variant download attempt (malware-cnc.rules)
 * 1:56374 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ComRAT variant binary download attempt (malware-cnc.rules)
 * 1:56375 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ComRAT variant binary download attempt (malware-cnc.rules)
 * 1:56376 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ComRAT variant download attempt (malware-cnc.rules)
 * 1:56377 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ComRAT variant binary download attempt (malware-cnc.rules)
 * 1:56378 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ComRAT variant binary download attempt (malware-cnc.rules)
 * 1:56383 <-> DISABLED <-> PROTOCOL-SCADA Advantech DiagAnywhere remote code execution attempt (protocol-scada.rules)
 * 1:56384 <-> DISABLED <-> PROTOCOL-SCADA Advantech DiagAnywhere remote code execution attempt (protocol-scada.rules)
 * 1:56385 <-> DISABLED <-> PROTOCOL-SCADA Advantech DiagAnywhere remote code execution attempt (protocol-scada.rules)
 * 1:56386 <-> DISABLED <-> PROTOCOL-SCADA Advantech DiagAnywhere remote code execution attempt (protocol-scada.rules)
 * 1:56387 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Raccoon CNC decryption key response (malware-cnc.rules)
 * 1:56388 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Raccoon data exfiltration attempt (malware-cnc.rules)
 * 1:56391 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Racoon outbound connection attempt (malware-cnc.rules)
 * 1:56392 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Razy-9794567-0 download attempt (malware-other.rules)
 * 1:56393 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Razy-9794567-0 download attempt (malware-other.rules)
 * 1:56394 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ursu-9794593-0 download attempt (malware-other.rules)
 * 1:56395 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ursu-9794593-0 download attempt (malware-other.rules)
 * 1:56396 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9794604-0 download attempt (malware-other.rules)
 * 1:56397 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9794604-0 download attempt (malware-other.rules)
 * 1:56398 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Qbot-9794652-0 download attempt (malware-other.rules)
 * 1:56399 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Qbot-9794652-0 download attempt (malware-other.rules)
 * 1:56400 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Razy-9794901-0 download attempt (malware-other.rules)
 * 1:56401 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Razy-9794901-0 download attempt (malware-other.rules)
 * 1:56402 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-9795078-0 download attempt (malware-other.rules)
 * 1:56403 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-9795078-0 download attempt (malware-other.rules)
 * 1:56404 <-> ENABLED <-> SERVER-WEBAPP Cisco Security Manager XmpFileUploadServlet arbitrary JSP file upload attempt (server-webapp.rules)
 * 1:56405 <-> ENABLED <-> SERVER-WEBAPP Cisco Security Manager XmpFileUploadServlet directory traversal attempt (server-webapp.rules)
 * 1:56406 <-> ENABLED <-> INDICATOR-SHELLCODE ysoserial Java object deserialization exploit attempt (indicator-shellcode.rules)
 * 1:56407 <-> ENABLED <-> INDICATOR-SHELLCODE ysoserial Java object deserialization exploit attempt (indicator-shellcode.rules)
 * 1:56408 <-> DISABLED <-> POLICY-OTHER Cisco Security Manager vulnerable CsJaasServiceServlet access detected (policy-other.rules)
 * 1:56409 <-> DISABLED <-> POLICY-OTHER Cisco Security Manager vulnerable SecretService.jsp access detected (policy-other.rules)
 * 1:56410 <-> DISABLED <-> POLICY-OTHER Cisco Security Manager vulnerable AuthTokenServlet access detected (policy-other.rules)
 * 1:56411 <-> DISABLED <-> POLICY-OTHER Cisco Security Manager vulnerable ClientServicesServlet access detected (policy-other.rules)
 * 1:56412 <-> DISABLED <-> POLICY-OTHER Cisco Security Manager vulnerable CTMServlet access detected (policy-other.rules)
 * 1:56413 <-> DISABLED <-> POLICY-OTHER Cisco Security Manager vulnerable SecretServiceServlet access detected (policy-other.rules)
 * 1:56414 <-> ENABLED <-> SERVER-WEBAPP Cisco Security Manager XmpFileDownloadServlet directory traversal attempt (server-webapp.rules)
 * 1:56415 <-> ENABLED <-> SERVER-WEBAPP Cisco Security Manager XmpFileDownloadServlet directory traversal attempt (server-webapp.rules)
 * 1:56416 <-> ENABLED <-> SERVER-WEBAPP Cisco Security Manager XmpFileDownloadServlet directory traversal attempt (server-webapp.rules)
 * 1:56417 <-> ENABLED <-> SERVER-WEBAPP Cisco Security Manager SampleFileDownloadServlet directory traversal attempt (server-webapp.rules)
 * 1:56418 <-> ENABLED <-> SERVER-WEBAPP Cisco Security Manager SampleFileDownloadServlet directory traversal attempt (server-webapp.rules)
 * 1:56419 <-> ENABLED <-> SERVER-WEBAPP Cisco Security Manager SampleFileDownloadServlet directory traversal attempt (server-webapp.rules)
 * 1:56420 <-> ENABLED <-> SERVER-WEBAPP Cisco Security Manager resultsFrame directory traversal attempt (server-webapp.rules)
 * 1:56421 <-> ENABLED <-> SERVER-WEBAPP Cisco Security Manager resultsFrame directory traversal attempt (server-webapp.rules)
 * 1:56422 <-> ENABLED <-> SERVER-WEBAPP Cisco Security Manager resultsFrame directory traversal attempt (server-webapp.rules)
 * 1:56423 <-> ENABLED <-> SERVER-WEBAPP Cisco Security Manager xdmProxy directory traversal attempt (server-webapp.rules)
 * 3:56365 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-1183 attack attempt (file-image.rules)
 * 3:56366 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-1183 attack attempt (file-image.rules)
 * 3:56379 <-> ENABLED <-> BROWSER-WEBKIT TRUFFLEHUNTER TALOS-2020-1195 attack attempt (browser-webkit.rules)
 * 3:56380 <-> ENABLED <-> BROWSER-WEBKIT TRUFFLEHUNTER TALOS-2020-1195 attack attempt (browser-webkit.rules)
 * 3:56381 <-> ENABLED <-> BROWSER-WEBKIT TRUFFLEHUNTER TALOS-2020-1195 attack attempt (browser-webkit.rules)
 * 3:56382 <-> ENABLED <-> BROWSER-WEBKIT TRUFFLEHUNTER TALOS-2020-1195 attack attempt (browser-webkit.rules)
 * 3:56389 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2020-1197 attack attempt (file-office.rules)
 * 3:56390 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2020-1197 attack attempt (file-office.rules)

Modified Rules:


 * 1:50475 <-> ENABLED <-> MALWARE-BACKDOOR JSP Web shell access attempt (malware-backdoor.rules)
 * 1:46937 <-> ENABLED <-> INDICATOR-SHELLCODE ysoserial Java object deserialization exploit attempt (indicator-shellcode.rules)

2020-11-17 20:28:07 UTC

Snort Subscriber Rules Update

Date: 2020-11-17

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091600.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:56328 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9791863-0 download attempt (malware-other.rules)
 * 1:56331 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Rukoma-9792185-0 download attempt (malware-other.rules)
 * 1:56332 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zbot-9792718-0 download attempt (malware-other.rules)
 * 1:56333 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zbot-9792718-0 download attempt (malware-other.rules)
 * 1:56334 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Ursu-9792860-0 download attempt (malware-other.rules)
 * 1:56335 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Ursu-9792860-0 download attempt (malware-other.rules)
 * 1:56336 <-> DISABLED <-> MALWARE-OTHER PUA.Win.File.Zusy-9792896-0 download attempt (malware-other.rules)
 * 1:56337 <-> DISABLED <-> MALWARE-OTHER PUA.Win.File.Zusy-9792896-0 download attempt (malware-other.rules)
 * 1:56338 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Dagava-9793006-0 download attempt (malware-other.rules)
 * 1:56339 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Dagava-9793006-0 download attempt (malware-other.rules)
 * 1:56340 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Daws-9793378-0 download attempt (malware-other.rules)
 * 1:56341 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Daws-9793378-0 download attempt (malware-other.rules)
 * 1:56342 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9793635-0 download attempt (malware-other.rules)
 * 1:56343 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9793635-0 download attempt (malware-other.rules)
 * 1:56344 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9793638-0 download attempt (malware-other.rules)
 * 1:56345 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9793638-0 download attempt (malware-other.rules)
 * 1:56346 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Icloader-9793684-0 download attempt (malware-other.rules)
 * 1:56347 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Icloader-9793684-0 download attempt (malware-other.rules)
 * 1:56348 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Chen-9793785-0 download attempt (malware-other.rules)
 * 1:56349 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Chen-9793785-0 download attempt (malware-other.rules)
 * 1:56350 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9793863-0 download attempt (malware-other.rules)
 * 1:56351 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9793863-0 download attempt (malware-other.rules)
 * 1:56352 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9793788-0 download attempt (malware-other.rules)
 * 1:56353 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9793788-0 download attempt (malware-other.rules)
 * 1:56354 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9793953-0 download attempt (malware-other.rules)
 * 1:56355 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9793953-0 download attempt (malware-other.rules)
 * 1:56356 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9794293-0 download attempt (malware-other.rules)
 * 1:56357 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9794293-0 download attempt (malware-other.rules)
 * 1:56358 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Ulise-9794347-0 download attempt (malware-other.rules)
 * 1:56359 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Ulise-9794347-0 download attempt (malware-other.rules)
 * 1:56360 <-> DISABLED <-> MALWARE-OTHER PUA.Win.File.Playtech-9794342-0 download attempt (malware-other.rules)
 * 1:56361 <-> DISABLED <-> MALWARE-OTHER PUA.Win.File.Playtech-9794342-0 download attempt (malware-other.rules)
 * 1:56362 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Cerber-9794403-0 download attempt (malware-other.rules)
 * 1:56363 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Cerber-9794403-0 download attempt (malware-other.rules)
 * 1:56364 <-> DISABLED <-> SERVER-WEBAPP D-Link DSR-250N denial of service attempt (server-webapp.rules)
 * 1:56367 <-> ENABLED <-> MALWARE-CNC Win.Trojan.GlitchPOS variant outbound connection attempt (malware-cnc.rules)
 * 1:56368 <-> ENABLED <-> MALWARE-CNC Win.Trojan.GlitchPOS variant outbound connection attempt (malware-cnc.rules)
 * 1:56369 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.GlitchPOS malicious executable download attempt (malware-other.rules)
 * 1:56370 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.GlitchPOS malicious executable download attempt (malware-other.rules)
 * 1:56371 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ComRAT variant binary download attempt (malware-cnc.rules)
 * 1:56372 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ComRAT variant binary download attempt (malware-cnc.rules)
 * 1:56373 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ComRAT variant download attempt (malware-cnc.rules)
 * 1:56374 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ComRAT variant binary download attempt (malware-cnc.rules)
 * 1:56375 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ComRAT variant binary download attempt (malware-cnc.rules)
 * 1:56376 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ComRAT variant download attempt (malware-cnc.rules)
 * 1:56377 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ComRAT variant binary download attempt (malware-cnc.rules)
 * 1:56378 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ComRAT variant binary download attempt (malware-cnc.rules)
 * 1:56383 <-> DISABLED <-> PROTOCOL-SCADA Advantech DiagAnywhere remote code execution attempt (protocol-scada.rules)
 * 1:56384 <-> DISABLED <-> PROTOCOL-SCADA Advantech DiagAnywhere remote code execution attempt (protocol-scada.rules)
 * 1:56385 <-> DISABLED <-> PROTOCOL-SCADA Advantech DiagAnywhere remote code execution attempt (protocol-scada.rules)
 * 1:56386 <-> DISABLED <-> PROTOCOL-SCADA Advantech DiagAnywhere remote code execution attempt (protocol-scada.rules)
 * 1:56387 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Raccoon CNC decryption key response (malware-cnc.rules)
 * 1:56388 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Raccoon data exfiltration attempt (malware-cnc.rules)
 * 1:56391 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Racoon outbound connection attempt (malware-cnc.rules)
 * 1:56392 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Razy-9794567-0 download attempt (malware-other.rules)
 * 1:56393 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Razy-9794567-0 download attempt (malware-other.rules)
 * 1:56394 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ursu-9794593-0 download attempt (malware-other.rules)
 * 1:56395 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ursu-9794593-0 download attempt (malware-other.rules)
 * 1:56396 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9794604-0 download attempt (malware-other.rules)
 * 1:56397 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9794604-0 download attempt (malware-other.rules)
 * 1:56398 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Qbot-9794652-0 download attempt (malware-other.rules)
 * 1:56399 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Qbot-9794652-0 download attempt (malware-other.rules)
 * 1:56400 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Razy-9794901-0 download attempt (malware-other.rules)
 * 1:56406 <-> ENABLED <-> INDICATOR-SHELLCODE ysoserial Java object deserialization exploit attempt (indicator-shellcode.rules)
 * 1:56404 <-> ENABLED <-> SERVER-WEBAPP Cisco Security Manager XmpFileUploadServlet arbitrary JSP file upload attempt (server-webapp.rules)
 * 1:56405 <-> ENABLED <-> SERVER-WEBAPP Cisco Security Manager XmpFileUploadServlet directory traversal attempt (server-webapp.rules)
 * 1:56407 <-> ENABLED <-> INDICATOR-SHELLCODE ysoserial Java object deserialization exploit attempt (indicator-shellcode.rules)
 * 1:56408 <-> DISABLED <-> POLICY-OTHER Cisco Security Manager vulnerable CsJaasServiceServlet access detected (policy-other.rules)
 * 1:56409 <-> DISABLED <-> POLICY-OTHER Cisco Security Manager vulnerable SecretService.jsp access detected (policy-other.rules)
 * 1:56410 <-> DISABLED <-> POLICY-OTHER Cisco Security Manager vulnerable AuthTokenServlet access detected (policy-other.rules)
 * 1:56411 <-> DISABLED <-> POLICY-OTHER Cisco Security Manager vulnerable ClientServicesServlet access detected (policy-other.rules)
 * 1:56412 <-> DISABLED <-> POLICY-OTHER Cisco Security Manager vulnerable CTMServlet access detected (policy-other.rules)
 * 1:56413 <-> DISABLED <-> POLICY-OTHER Cisco Security Manager vulnerable SecretServiceServlet access detected (policy-other.rules)
 * 1:56414 <-> ENABLED <-> SERVER-WEBAPP Cisco Security Manager XmpFileDownloadServlet directory traversal attempt (server-webapp.rules)
 * 1:56415 <-> ENABLED <-> SERVER-WEBAPP Cisco Security Manager XmpFileDownloadServlet directory traversal attempt (server-webapp.rules)
 * 1:56416 <-> ENABLED <-> SERVER-WEBAPP Cisco Security Manager XmpFileDownloadServlet directory traversal attempt (server-webapp.rules)
 * 1:56417 <-> ENABLED <-> SERVER-WEBAPP Cisco Security Manager SampleFileDownloadServlet directory traversal attempt (server-webapp.rules)
 * 1:56418 <-> ENABLED <-> SERVER-WEBAPP Cisco Security Manager SampleFileDownloadServlet directory traversal attempt (server-webapp.rules)
 * 1:56419 <-> ENABLED <-> SERVER-WEBAPP Cisco Security Manager SampleFileDownloadServlet directory traversal attempt (server-webapp.rules)
 * 1:56420 <-> ENABLED <-> SERVER-WEBAPP Cisco Security Manager resultsFrame directory traversal attempt (server-webapp.rules)
 * 1:56421 <-> ENABLED <-> SERVER-WEBAPP Cisco Security Manager resultsFrame directory traversal attempt (server-webapp.rules)
 * 1:56422 <-> ENABLED <-> SERVER-WEBAPP Cisco Security Manager resultsFrame directory traversal attempt (server-webapp.rules)
 * 1:56423 <-> ENABLED <-> SERVER-WEBAPP Cisco Security Manager xdmProxy directory traversal attempt (server-webapp.rules)
 * 1:56330 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Rukoma-9792185-0 download attempt (malware-other.rules)
 * 1:56329 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9791863-0 download attempt (malware-other.rules)
 * 1:56401 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Razy-9794901-0 download attempt (malware-other.rules)
 * 1:56402 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-9795078-0 download attempt (malware-other.rules)
 * 1:56403 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-9795078-0 download attempt (malware-other.rules)
 * 3:56365 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-1183 attack attempt (file-image.rules)
 * 3:56379 <-> ENABLED <-> BROWSER-WEBKIT TRUFFLEHUNTER TALOS-2020-1195 attack attempt (browser-webkit.rules)
 * 3:56366 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-1183 attack attempt (file-image.rules)
 * 3:56381 <-> ENABLED <-> BROWSER-WEBKIT TRUFFLEHUNTER TALOS-2020-1195 attack attempt (browser-webkit.rules)
 * 3:56380 <-> ENABLED <-> BROWSER-WEBKIT TRUFFLEHUNTER TALOS-2020-1195 attack attempt (browser-webkit.rules)
 * 3:56389 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2020-1197 attack attempt (file-office.rules)
 * 3:56382 <-> ENABLED <-> BROWSER-WEBKIT TRUFFLEHUNTER TALOS-2020-1195 attack attempt (browser-webkit.rules)
 * 3:56390 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2020-1197 attack attempt (file-office.rules)

Modified Rules:


 * 1:46937 <-> ENABLED <-> INDICATOR-SHELLCODE ysoserial Java object deserialization exploit attempt (indicator-shellcode.rules)
 * 1:50475 <-> ENABLED <-> MALWARE-BACKDOOR JSP Web shell access attempt (malware-backdoor.rules)

2020-11-17 20:28:07 UTC

Snort Subscriber Rules Update

Date: 2020-11-17

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091501.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:56415 <-> ENABLED <-> SERVER-WEBAPP Cisco Security Manager XmpFileDownloadServlet directory traversal attempt (server-webapp.rules)
 * 1:56416 <-> ENABLED <-> SERVER-WEBAPP Cisco Security Manager XmpFileDownloadServlet directory traversal attempt (server-webapp.rules)
 * 1:56417 <-> ENABLED <-> SERVER-WEBAPP Cisco Security Manager SampleFileDownloadServlet directory traversal attempt (server-webapp.rules)
 * 1:56418 <-> ENABLED <-> SERVER-WEBAPP Cisco Security Manager SampleFileDownloadServlet directory traversal attempt (server-webapp.rules)
 * 1:56419 <-> ENABLED <-> SERVER-WEBAPP Cisco Security Manager SampleFileDownloadServlet directory traversal attempt (server-webapp.rules)
 * 1:56420 <-> ENABLED <-> SERVER-WEBAPP Cisco Security Manager resultsFrame directory traversal attempt (server-webapp.rules)
 * 1:56421 <-> ENABLED <-> SERVER-WEBAPP Cisco Security Manager resultsFrame directory traversal attempt (server-webapp.rules)
 * 1:56422 <-> ENABLED <-> SERVER-WEBAPP Cisco Security Manager resultsFrame directory traversal attempt (server-webapp.rules)
 * 1:56423 <-> ENABLED <-> SERVER-WEBAPP Cisco Security Manager xdmProxy directory traversal attempt (server-webapp.rules)
 * 1:56332 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zbot-9792718-0 download attempt (malware-other.rules)
 * 1:56333 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zbot-9792718-0 download attempt (malware-other.rules)
 * 1:56334 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Ursu-9792860-0 download attempt (malware-other.rules)
 * 1:56335 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Ursu-9792860-0 download attempt (malware-other.rules)
 * 1:56336 <-> DISABLED <-> MALWARE-OTHER PUA.Win.File.Zusy-9792896-0 download attempt (malware-other.rules)
 * 1:56337 <-> DISABLED <-> MALWARE-OTHER PUA.Win.File.Zusy-9792896-0 download attempt (malware-other.rules)
 * 1:56338 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Dagava-9793006-0 download attempt (malware-other.rules)
 * 1:56339 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Dagava-9793006-0 download attempt (malware-other.rules)
 * 1:56340 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Daws-9793378-0 download attempt (malware-other.rules)
 * 1:56341 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Daws-9793378-0 download attempt (malware-other.rules)
 * 1:56342 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9793635-0 download attempt (malware-other.rules)
 * 1:56343 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9793635-0 download attempt (malware-other.rules)
 * 1:56344 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9793638-0 download attempt (malware-other.rules)
 * 1:56345 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9793638-0 download attempt (malware-other.rules)
 * 1:56346 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Icloader-9793684-0 download attempt (malware-other.rules)
 * 1:56347 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Icloader-9793684-0 download attempt (malware-other.rules)
 * 1:56348 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Chen-9793785-0 download attempt (malware-other.rules)
 * 1:56349 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Chen-9793785-0 download attempt (malware-other.rules)
 * 1:56350 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9793863-0 download attempt (malware-other.rules)
 * 1:56351 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9793863-0 download attempt (malware-other.rules)
 * 1:56352 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9793788-0 download attempt (malware-other.rules)
 * 1:56353 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9793788-0 download attempt (malware-other.rules)
 * 1:56354 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9793953-0 download attempt (malware-other.rules)
 * 1:56355 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9793953-0 download attempt (malware-other.rules)
 * 1:56356 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9794293-0 download attempt (malware-other.rules)
 * 1:56357 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9794293-0 download attempt (malware-other.rules)
 * 1:56358 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Ulise-9794347-0 download attempt (malware-other.rules)
 * 1:56359 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Ulise-9794347-0 download attempt (malware-other.rules)
 * 1:56360 <-> DISABLED <-> MALWARE-OTHER PUA.Win.File.Playtech-9794342-0 download attempt (malware-other.rules)
 * 1:56361 <-> DISABLED <-> MALWARE-OTHER PUA.Win.File.Playtech-9794342-0 download attempt (malware-other.rules)
 * 1:56362 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Cerber-9794403-0 download attempt (malware-other.rules)
 * 1:56363 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Cerber-9794403-0 download attempt (malware-other.rules)
 * 1:56364 <-> DISABLED <-> SERVER-WEBAPP D-Link DSR-250N denial of service attempt (server-webapp.rules)
 * 1:56367 <-> ENABLED <-> MALWARE-CNC Win.Trojan.GlitchPOS variant outbound connection attempt (malware-cnc.rules)
 * 1:56368 <-> ENABLED <-> MALWARE-CNC Win.Trojan.GlitchPOS variant outbound connection attempt (malware-cnc.rules)
 * 1:56369 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.GlitchPOS malicious executable download attempt (malware-other.rules)
 * 1:56370 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.GlitchPOS malicious executable download attempt (malware-other.rules)
 * 1:56371 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ComRAT variant binary download attempt (malware-cnc.rules)
 * 1:56372 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ComRAT variant binary download attempt (malware-cnc.rules)
 * 1:56373 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ComRAT variant download attempt (malware-cnc.rules)
 * 1:56374 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ComRAT variant binary download attempt (malware-cnc.rules)
 * 1:56375 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ComRAT variant binary download attempt (malware-cnc.rules)
 * 1:56376 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ComRAT variant download attempt (malware-cnc.rules)
 * 1:56377 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ComRAT variant binary download attempt (malware-cnc.rules)
 * 1:56378 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ComRAT variant binary download attempt (malware-cnc.rules)
 * 1:56383 <-> DISABLED <-> PROTOCOL-SCADA Advantech DiagAnywhere remote code execution attempt (protocol-scada.rules)
 * 1:56384 <-> DISABLED <-> PROTOCOL-SCADA Advantech DiagAnywhere remote code execution attempt (protocol-scada.rules)
 * 1:56385 <-> DISABLED <-> PROTOCOL-SCADA Advantech DiagAnywhere remote code execution attempt (protocol-scada.rules)
 * 1:56386 <-> DISABLED <-> PROTOCOL-SCADA Advantech DiagAnywhere remote code execution attempt (protocol-scada.rules)
 * 1:56387 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Raccoon CNC decryption key response (malware-cnc.rules)
 * 1:56388 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Raccoon data exfiltration attempt (malware-cnc.rules)
 * 1:56391 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Racoon outbound connection attempt (malware-cnc.rules)
 * 1:56392 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Razy-9794567-0 download attempt (malware-other.rules)
 * 1:56393 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Razy-9794567-0 download attempt (malware-other.rules)
 * 1:56394 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ursu-9794593-0 download attempt (malware-other.rules)
 * 1:56395 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ursu-9794593-0 download attempt (malware-other.rules)
 * 1:56396 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9794604-0 download attempt (malware-other.rules)
 * 1:56397 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9794604-0 download attempt (malware-other.rules)
 * 1:56330 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Rukoma-9792185-0 download attempt (malware-other.rules)
 * 1:56331 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Rukoma-9792185-0 download attempt (malware-other.rules)
 * 1:56398 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Qbot-9794652-0 download attempt (malware-other.rules)
 * 1:56399 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Qbot-9794652-0 download attempt (malware-other.rules)
 * 1:56328 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9791863-0 download attempt (malware-other.rules)
 * 1:56329 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9791863-0 download attempt (malware-other.rules)
 * 1:56400 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Razy-9794901-0 download attempt (malware-other.rules)
 * 1:56402 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-9795078-0 download attempt (malware-other.rules)
 * 1:56404 <-> ENABLED <-> SERVER-WEBAPP Cisco Security Manager XmpFileUploadServlet arbitrary JSP file upload attempt (server-webapp.rules)
 * 1:56401 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Razy-9794901-0 download attempt (malware-other.rules)
 * 1:56403 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-9795078-0 download attempt (malware-other.rules)
 * 1:56405 <-> ENABLED <-> SERVER-WEBAPP Cisco Security Manager XmpFileUploadServlet directory traversal attempt (server-webapp.rules)
 * 1:56406 <-> ENABLED <-> INDICATOR-SHELLCODE ysoserial Java object deserialization exploit attempt (indicator-shellcode.rules)
 * 1:56408 <-> DISABLED <-> POLICY-OTHER Cisco Security Manager vulnerable CsJaasServiceServlet access detected (policy-other.rules)
 * 1:56407 <-> ENABLED <-> INDICATOR-SHELLCODE ysoserial Java object deserialization exploit attempt (indicator-shellcode.rules)
 * 1:56409 <-> DISABLED <-> POLICY-OTHER Cisco Security Manager vulnerable SecretService.jsp access detected (policy-other.rules)
 * 1:56410 <-> DISABLED <-> POLICY-OTHER Cisco Security Manager vulnerable AuthTokenServlet access detected (policy-other.rules)
 * 1:56411 <-> DISABLED <-> POLICY-OTHER Cisco Security Manager vulnerable ClientServicesServlet access detected (policy-other.rules)
 * 1:56412 <-> DISABLED <-> POLICY-OTHER Cisco Security Manager vulnerable CTMServlet access detected (policy-other.rules)
 * 1:56413 <-> DISABLED <-> POLICY-OTHER Cisco Security Manager vulnerable SecretServiceServlet access detected (policy-other.rules)
 * 1:56414 <-> ENABLED <-> SERVER-WEBAPP Cisco Security Manager XmpFileDownloadServlet directory traversal attempt (server-webapp.rules)
 * 3:56365 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-1183 attack attempt (file-image.rules)
 * 3:56366 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-1183 attack attempt (file-image.rules)
 * 3:56379 <-> ENABLED <-> BROWSER-WEBKIT TRUFFLEHUNTER TALOS-2020-1195 attack attempt (browser-webkit.rules)
 * 3:56380 <-> ENABLED <-> BROWSER-WEBKIT TRUFFLEHUNTER TALOS-2020-1195 attack attempt (browser-webkit.rules)
 * 3:56381 <-> ENABLED <-> BROWSER-WEBKIT TRUFFLEHUNTER TALOS-2020-1195 attack attempt (browser-webkit.rules)
 * 3:56382 <-> ENABLED <-> BROWSER-WEBKIT TRUFFLEHUNTER TALOS-2020-1195 attack attempt (browser-webkit.rules)
 * 3:56389 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2020-1197 attack attempt (file-office.rules)
 * 3:56390 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2020-1197 attack attempt (file-office.rules)

Modified Rules:


 * 1:46937 <-> ENABLED <-> INDICATOR-SHELLCODE ysoserial Java object deserialization exploit attempt (indicator-shellcode.rules)
 * 1:50475 <-> ENABLED <-> MALWARE-BACKDOOR JSP Web shell access attempt (malware-backdoor.rules)

2020-11-17 20:28:07 UTC

Snort Subscriber Rules Update

Date: 2020-11-17

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091500.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:56403 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-9795078-0 download attempt (malware-other.rules)
 * 1:56417 <-> ENABLED <-> SERVER-WEBAPP Cisco Security Manager SampleFileDownloadServlet directory traversal attempt (server-webapp.rules)
 * 1:56410 <-> DISABLED <-> POLICY-OTHER Cisco Security Manager vulnerable AuthTokenServlet access detected (policy-other.rules)
 * 1:56415 <-> ENABLED <-> SERVER-WEBAPP Cisco Security Manager XmpFileDownloadServlet directory traversal attempt (server-webapp.rules)
 * 1:56419 <-> ENABLED <-> SERVER-WEBAPP Cisco Security Manager SampleFileDownloadServlet directory traversal attempt (server-webapp.rules)
 * 1:56420 <-> ENABLED <-> SERVER-WEBAPP Cisco Security Manager resultsFrame directory traversal attempt (server-webapp.rules)
 * 1:56421 <-> ENABLED <-> SERVER-WEBAPP Cisco Security Manager resultsFrame directory traversal attempt (server-webapp.rules)
 * 1:56422 <-> ENABLED <-> SERVER-WEBAPP Cisco Security Manager resultsFrame directory traversal attempt (server-webapp.rules)
 * 1:56423 <-> ENABLED <-> SERVER-WEBAPP Cisco Security Manager xdmProxy directory traversal attempt (server-webapp.rules)
 * 1:56332 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zbot-9792718-0 download attempt (malware-other.rules)
 * 1:56333 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zbot-9792718-0 download attempt (malware-other.rules)
 * 1:56334 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Ursu-9792860-0 download attempt (malware-other.rules)
 * 1:56335 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Ursu-9792860-0 download attempt (malware-other.rules)
 * 1:56336 <-> DISABLED <-> MALWARE-OTHER PUA.Win.File.Zusy-9792896-0 download attempt (malware-other.rules)
 * 1:56337 <-> DISABLED <-> MALWARE-OTHER PUA.Win.File.Zusy-9792896-0 download attempt (malware-other.rules)
 * 1:56338 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Dagava-9793006-0 download attempt (malware-other.rules)
 * 1:56339 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Dagava-9793006-0 download attempt (malware-other.rules)
 * 1:56340 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Daws-9793378-0 download attempt (malware-other.rules)
 * 1:56341 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Daws-9793378-0 download attempt (malware-other.rules)
 * 1:56342 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9793635-0 download attempt (malware-other.rules)
 * 1:56343 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9793635-0 download attempt (malware-other.rules)
 * 1:56344 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9793638-0 download attempt (malware-other.rules)
 * 1:56345 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9793638-0 download attempt (malware-other.rules)
 * 1:56346 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Icloader-9793684-0 download attempt (malware-other.rules)
 * 1:56347 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Icloader-9793684-0 download attempt (malware-other.rules)
 * 1:56348 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Chen-9793785-0 download attempt (malware-other.rules)
 * 1:56349 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Chen-9793785-0 download attempt (malware-other.rules)
 * 1:56350 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9793863-0 download attempt (malware-other.rules)
 * 1:56351 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9793863-0 download attempt (malware-other.rules)
 * 1:56352 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9793788-0 download attempt (malware-other.rules)
 * 1:56353 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9793788-0 download attempt (malware-other.rules)
 * 1:56413 <-> DISABLED <-> POLICY-OTHER Cisco Security Manager vulnerable SecretServiceServlet access detected (policy-other.rules)
 * 1:56414 <-> ENABLED <-> SERVER-WEBAPP Cisco Security Manager XmpFileDownloadServlet directory traversal attempt (server-webapp.rules)
 * 1:56354 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9793953-0 download attempt (malware-other.rules)
 * 1:56355 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9793953-0 download attempt (malware-other.rules)
 * 1:56356 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9794293-0 download attempt (malware-other.rules)
 * 1:56416 <-> ENABLED <-> SERVER-WEBAPP Cisco Security Manager XmpFileDownloadServlet directory traversal attempt (server-webapp.rules)
 * 1:56357 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9794293-0 download attempt (malware-other.rules)
 * 1:56358 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Ulise-9794347-0 download attempt (malware-other.rules)
 * 1:56359 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Ulise-9794347-0 download attempt (malware-other.rules)
 * 1:56360 <-> DISABLED <-> MALWARE-OTHER PUA.Win.File.Playtech-9794342-0 download attempt (malware-other.rules)
 * 1:56361 <-> DISABLED <-> MALWARE-OTHER PUA.Win.File.Playtech-9794342-0 download attempt (malware-other.rules)
 * 1:56362 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Cerber-9794403-0 download attempt (malware-other.rules)
 * 1:56363 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Cerber-9794403-0 download attempt (malware-other.rules)
 * 1:56364 <-> DISABLED <-> SERVER-WEBAPP D-Link DSR-250N denial of service attempt (server-webapp.rules)
 * 1:56367 <-> ENABLED <-> MALWARE-CNC Win.Trojan.GlitchPOS variant outbound connection attempt (malware-cnc.rules)
 * 1:56368 <-> ENABLED <-> MALWARE-CNC Win.Trojan.GlitchPOS variant outbound connection attempt (malware-cnc.rules)
 * 1:56369 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.GlitchPOS malicious executable download attempt (malware-other.rules)
 * 1:56370 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.GlitchPOS malicious executable download attempt (malware-other.rules)
 * 1:56371 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ComRAT variant binary download attempt (malware-cnc.rules)
 * 1:56372 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ComRAT variant binary download attempt (malware-cnc.rules)
 * 1:56373 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ComRAT variant download attempt (malware-cnc.rules)
 * 1:56374 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ComRAT variant binary download attempt (malware-cnc.rules)
 * 1:56375 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ComRAT variant binary download attempt (malware-cnc.rules)
 * 1:56331 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Rukoma-9792185-0 download attempt (malware-other.rules)
 * 1:56330 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Rukoma-9792185-0 download attempt (malware-other.rules)
 * 1:56402 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-9795078-0 download attempt (malware-other.rules)
 * 1:56376 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ComRAT variant download attempt (malware-cnc.rules)
 * 1:56377 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ComRAT variant binary download attempt (malware-cnc.rules)
 * 1:56328 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9791863-0 download attempt (malware-other.rules)
 * 1:56329 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9791863-0 download attempt (malware-other.rules)
 * 1:56418 <-> ENABLED <-> SERVER-WEBAPP Cisco Security Manager SampleFileDownloadServlet directory traversal attempt (server-webapp.rules)
 * 1:56412 <-> DISABLED <-> POLICY-OTHER Cisco Security Manager vulnerable CTMServlet access detected (policy-other.rules)
 * 1:56378 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ComRAT variant binary download attempt (malware-cnc.rules)
 * 1:56383 <-> DISABLED <-> PROTOCOL-SCADA Advantech DiagAnywhere remote code execution attempt (protocol-scada.rules)
 * 1:56411 <-> DISABLED <-> POLICY-OTHER Cisco Security Manager vulnerable ClientServicesServlet access detected (policy-other.rules)
 * 1:56384 <-> DISABLED <-> PROTOCOL-SCADA Advantech DiagAnywhere remote code execution attempt (protocol-scada.rules)
 * 1:56385 <-> DISABLED <-> PROTOCOL-SCADA Advantech DiagAnywhere remote code execution attempt (protocol-scada.rules)
 * 1:56404 <-> ENABLED <-> SERVER-WEBAPP Cisco Security Manager XmpFileUploadServlet arbitrary JSP file upload attempt (server-webapp.rules)
 * 1:56386 <-> DISABLED <-> PROTOCOL-SCADA Advantech DiagAnywhere remote code execution attempt (protocol-scada.rules)
 * 1:56387 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Raccoon CNC decryption key response (malware-cnc.rules)
 * 1:56388 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Raccoon data exfiltration attempt (malware-cnc.rules)
 * 1:56409 <-> DISABLED <-> POLICY-OTHER Cisco Security Manager vulnerable SecretService.jsp access detected (policy-other.rules)
 * 1:56408 <-> DISABLED <-> POLICY-OTHER Cisco Security Manager vulnerable CsJaasServiceServlet access detected (policy-other.rules)
 * 1:56406 <-> ENABLED <-> INDICATOR-SHELLCODE ysoserial Java object deserialization exploit attempt (indicator-shellcode.rules)
 * 1:56407 <-> ENABLED <-> INDICATOR-SHELLCODE ysoserial Java object deserialization exploit attempt (indicator-shellcode.rules)
 * 1:56405 <-> ENABLED <-> SERVER-WEBAPP Cisco Security Manager XmpFileUploadServlet directory traversal attempt (server-webapp.rules)
 * 1:56391 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Racoon outbound connection attempt (malware-cnc.rules)
 * 1:56392 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Razy-9794567-0 download attempt (malware-other.rules)
 * 1:56393 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Razy-9794567-0 download attempt (malware-other.rules)
 * 1:56394 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ursu-9794593-0 download attempt (malware-other.rules)
 * 1:56395 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ursu-9794593-0 download attempt (malware-other.rules)
 * 1:56396 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9794604-0 download attempt (malware-other.rules)
 * 1:56397 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9794604-0 download attempt (malware-other.rules)
 * 1:56398 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Qbot-9794652-0 download attempt (malware-other.rules)
 * 1:56399 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Qbot-9794652-0 download attempt (malware-other.rules)
 * 1:56400 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Razy-9794901-0 download attempt (malware-other.rules)
 * 1:56401 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Razy-9794901-0 download attempt (malware-other.rules)
 * 3:56379 <-> ENABLED <-> BROWSER-WEBKIT TRUFFLEHUNTER TALOS-2020-1195 attack attempt (browser-webkit.rules)
 * 3:56380 <-> ENABLED <-> BROWSER-WEBKIT TRUFFLEHUNTER TALOS-2020-1195 attack attempt (browser-webkit.rules)
 * 3:56381 <-> ENABLED <-> BROWSER-WEBKIT TRUFFLEHUNTER TALOS-2020-1195 attack attempt (browser-webkit.rules)
 * 3:56382 <-> ENABLED <-> BROWSER-WEBKIT TRUFFLEHUNTER TALOS-2020-1195 attack attempt (browser-webkit.rules)
 * 3:56389 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2020-1197 attack attempt (file-office.rules)
 * 3:56390 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2020-1197 attack attempt (file-office.rules)
 * 3:56365 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-1183 attack attempt (file-image.rules)
 * 3:56366 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-1183 attack attempt (file-image.rules)

Modified Rules:


 * 1:46937 <-> ENABLED <-> INDICATOR-SHELLCODE ysoserial Java object deserialization exploit attempt (indicator-shellcode.rules)
 * 1:50475 <-> ENABLED <-> MALWARE-BACKDOOR JSP Web shell access attempt (malware-backdoor.rules)

2020-11-17 20:28:07 UTC

Snort Subscriber Rules Update

Date: 2020-11-17

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091401.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:56338 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Dagava-9793006-0 download attempt (malware-other.rules)
 * 1:56385 <-> DISABLED <-> PROTOCOL-SCADA Advantech DiagAnywhere remote code execution attempt (protocol-scada.rules)
 * 1:56404 <-> ENABLED <-> SERVER-WEBAPP Cisco Security Manager XmpFileUploadServlet arbitrary JSP file upload attempt (server-webapp.rules)
 * 1:56413 <-> DISABLED <-> POLICY-OTHER Cisco Security Manager vulnerable SecretServiceServlet access detected (policy-other.rules)
 * 1:56418 <-> ENABLED <-> SERVER-WEBAPP Cisco Security Manager SampleFileDownloadServlet directory traversal attempt (server-webapp.rules)
 * 1:56419 <-> ENABLED <-> SERVER-WEBAPP Cisco Security Manager SampleFileDownloadServlet directory traversal attempt (server-webapp.rules)
 * 1:56410 <-> DISABLED <-> POLICY-OTHER Cisco Security Manager vulnerable AuthTokenServlet access detected (policy-other.rules)
 * 1:56411 <-> DISABLED <-> POLICY-OTHER Cisco Security Manager vulnerable ClientServicesServlet access detected (policy-other.rules)
 * 1:56420 <-> ENABLED <-> SERVER-WEBAPP Cisco Security Manager resultsFrame directory traversal attempt (server-webapp.rules)
 * 1:56416 <-> ENABLED <-> SERVER-WEBAPP Cisco Security Manager XmpFileDownloadServlet directory traversal attempt (server-webapp.rules)
 * 1:56421 <-> ENABLED <-> SERVER-WEBAPP Cisco Security Manager resultsFrame directory traversal attempt (server-webapp.rules)
 * 1:56422 <-> ENABLED <-> SERVER-WEBAPP Cisco Security Manager resultsFrame directory traversal attempt (server-webapp.rules)
 * 1:56423 <-> ENABLED <-> SERVER-WEBAPP Cisco Security Manager xdmProxy directory traversal attempt (server-webapp.rules)
 * 1:56368 <-> ENABLED <-> MALWARE-CNC Win.Trojan.GlitchPOS variant outbound connection attempt (malware-cnc.rules)
 * 1:56369 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.GlitchPOS malicious executable download attempt (malware-other.rules)
 * 1:56362 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Cerber-9794403-0 download attempt (malware-other.rules)
 * 1:56328 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9791863-0 download attempt (malware-other.rules)
 * 1:56329 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9791863-0 download attempt (malware-other.rules)
 * 1:56330 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Rukoma-9792185-0 download attempt (malware-other.rules)
 * 1:56331 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Rukoma-9792185-0 download attempt (malware-other.rules)
 * 1:56371 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ComRAT variant binary download attempt (malware-cnc.rules)
 * 1:56361 <-> DISABLED <-> MALWARE-OTHER PUA.Win.File.Playtech-9794342-0 download attempt (malware-other.rules)
 * 1:56333 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zbot-9792718-0 download attempt (malware-other.rules)
 * 1:56332 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zbot-9792718-0 download attempt (malware-other.rules)
 * 1:56334 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Ursu-9792860-0 download attempt (malware-other.rules)
 * 1:56337 <-> DISABLED <-> MALWARE-OTHER PUA.Win.File.Zusy-9792896-0 download attempt (malware-other.rules)
 * 1:56336 <-> DISABLED <-> MALWARE-OTHER PUA.Win.File.Zusy-9792896-0 download attempt (malware-other.rules)
 * 1:56335 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Ursu-9792860-0 download attempt (malware-other.rules)
 * 1:56340 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Daws-9793378-0 download attempt (malware-other.rules)
 * 1:56344 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9793638-0 download attempt (malware-other.rules)
 * 1:56342 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9793635-0 download attempt (malware-other.rules)
 * 1:56345 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9793638-0 download attempt (malware-other.rules)
 * 1:56347 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Icloader-9793684-0 download attempt (malware-other.rules)
 * 1:56341 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Daws-9793378-0 download attempt (malware-other.rules)
 * 1:56349 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Chen-9793785-0 download attempt (malware-other.rules)
 * 1:56348 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Chen-9793785-0 download attempt (malware-other.rules)
 * 1:56351 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9793863-0 download attempt (malware-other.rules)
 * 1:56346 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Icloader-9793684-0 download attempt (malware-other.rules)
 * 1:56353 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9793788-0 download attempt (malware-other.rules)
 * 1:56352 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9793788-0 download attempt (malware-other.rules)
 * 1:56355 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9793953-0 download attempt (malware-other.rules)
 * 1:56350 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9793863-0 download attempt (malware-other.rules)
 * 1:56357 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9794293-0 download attempt (malware-other.rules)
 * 1:56356 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9794293-0 download attempt (malware-other.rules)
 * 1:56359 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Ulise-9794347-0 download attempt (malware-other.rules)
 * 1:56354 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9793953-0 download attempt (malware-other.rules)
 * 1:56364 <-> DISABLED <-> SERVER-WEBAPP D-Link DSR-250N denial of service attempt (server-webapp.rules)
 * 1:56360 <-> DISABLED <-> MALWARE-OTHER PUA.Win.File.Playtech-9794342-0 download attempt (malware-other.rules)
 * 1:56372 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ComRAT variant binary download attempt (malware-cnc.rules)
 * 1:56358 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Ulise-9794347-0 download attempt (malware-other.rules)
 * 1:56375 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ComRAT variant binary download attempt (malware-cnc.rules)
 * 1:56373 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ComRAT variant download attempt (malware-cnc.rules)
 * 1:56378 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ComRAT variant binary download attempt (malware-cnc.rules)
 * 1:56367 <-> ENABLED <-> MALWARE-CNC Win.Trojan.GlitchPOS variant outbound connection attempt (malware-cnc.rules)
 * 1:56384 <-> DISABLED <-> PROTOCOL-SCADA Advantech DiagAnywhere remote code execution attempt (protocol-scada.rules)
 * 1:56383 <-> DISABLED <-> PROTOCOL-SCADA Advantech DiagAnywhere remote code execution attempt (protocol-scada.rules)
 * 1:56393 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Razy-9794567-0 download attempt (malware-other.rules)
 * 1:56376 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ComRAT variant download attempt (malware-cnc.rules)
 * 1:56395 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ursu-9794593-0 download attempt (malware-other.rules)
 * 1:56394 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ursu-9794593-0 download attempt (malware-other.rules)
 * 1:56397 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9794604-0 download attempt (malware-other.rules)
 * 1:56392 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Razy-9794567-0 download attempt (malware-other.rules)
 * 1:56399 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Qbot-9794652-0 download attempt (malware-other.rules)
 * 1:56398 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Qbot-9794652-0 download attempt (malware-other.rules)
 * 1:56396 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9794604-0 download attempt (malware-other.rules)
 * 1:56401 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Razy-9794901-0 download attempt (malware-other.rules)
 * 1:56400 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Razy-9794901-0 download attempt (malware-other.rules)
 * 1:56412 <-> DISABLED <-> POLICY-OTHER Cisco Security Manager vulnerable CTMServlet access detected (policy-other.rules)
 * 1:56343 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9793635-0 download attempt (malware-other.rules)
 * 1:56370 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.GlitchPOS malicious executable download attempt (malware-other.rules)
 * 1:56339 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Dagava-9793006-0 download attempt (malware-other.rules)
 * 1:56417 <-> ENABLED <-> SERVER-WEBAPP Cisco Security Manager SampleFileDownloadServlet directory traversal attempt (server-webapp.rules)
 * 1:56415 <-> ENABLED <-> SERVER-WEBAPP Cisco Security Manager XmpFileDownloadServlet directory traversal attempt (server-webapp.rules)
 * 1:56414 <-> ENABLED <-> SERVER-WEBAPP Cisco Security Manager XmpFileDownloadServlet directory traversal attempt (server-webapp.rules)
 * 1:56363 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Cerber-9794403-0 download attempt (malware-other.rules)
 * 1:56406 <-> ENABLED <-> INDICATOR-SHELLCODE ysoserial Java object deserialization exploit attempt (indicator-shellcode.rules)
 * 1:56407 <-> ENABLED <-> INDICATOR-SHELLCODE ysoserial Java object deserialization exploit attempt (indicator-shellcode.rules)
 * 1:56374 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ComRAT variant binary download attempt (malware-cnc.rules)
 * 1:56386 <-> DISABLED <-> PROTOCOL-SCADA Advantech DiagAnywhere remote code execution attempt (protocol-scada.rules)
 * 1:56391 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Racoon outbound connection attempt (malware-cnc.rules)
 * 1:56388 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Raccoon data exfiltration attempt (malware-cnc.rules)
 * 1:56387 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Raccoon CNC decryption key response (malware-cnc.rules)
 * 1:56402 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-9795078-0 download attempt (malware-other.rules)
 * 1:56377 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ComRAT variant binary download attempt (malware-cnc.rules)
 * 1:56403 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-9795078-0 download attempt (malware-other.rules)
 * 1:56405 <-> ENABLED <-> SERVER-WEBAPP Cisco Security Manager XmpFileUploadServlet directory traversal attempt (server-webapp.rules)
 * 1:56408 <-> DISABLED <-> POLICY-OTHER Cisco Security Manager vulnerable CsJaasServiceServlet access detected (policy-other.rules)
 * 1:56409 <-> DISABLED <-> POLICY-OTHER Cisco Security Manager vulnerable SecretService.jsp access detected (policy-other.rules)
 * 3:56382 <-> ENABLED <-> BROWSER-WEBKIT TRUFFLEHUNTER TALOS-2020-1195 attack attempt (browser-webkit.rules)
 * 3:56379 <-> ENABLED <-> BROWSER-WEBKIT TRUFFLEHUNTER TALOS-2020-1195 attack attempt (browser-webkit.rules)
 * 3:56381 <-> ENABLED <-> BROWSER-WEBKIT TRUFFLEHUNTER TALOS-2020-1195 attack attempt (browser-webkit.rules)
 * 3:56390 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2020-1197 attack attempt (file-office.rules)
 * 3:56365 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-1183 attack attempt (file-image.rules)
 * 3:56380 <-> ENABLED <-> BROWSER-WEBKIT TRUFFLEHUNTER TALOS-2020-1195 attack attempt (browser-webkit.rules)
 * 3:56366 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-1183 attack attempt (file-image.rules)
 * 3:56389 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2020-1197 attack attempt (file-office.rules)

Modified Rules:


 * 1:46937 <-> ENABLED <-> INDICATOR-SHELLCODE ysoserial Java object deserialization exploit attempt (indicator-shellcode.rules)
 * 1:50475 <-> ENABLED <-> MALWARE-BACKDOOR JSP Web shell access attempt (malware-backdoor.rules)

2020-11-17 20:28:07 UTC

Snort Subscriber Rules Update

Date: 2020-11-17

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091300.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:56408 <-> DISABLED <-> POLICY-OTHER Cisco Security Manager vulnerable CsJaasServiceServlet access detected (policy-other.rules)
 * 1:56413 <-> DISABLED <-> POLICY-OTHER Cisco Security Manager vulnerable SecretServiceServlet access detected (policy-other.rules)
 * 1:56417 <-> ENABLED <-> SERVER-WEBAPP Cisco Security Manager SampleFileDownloadServlet directory traversal attempt (server-webapp.rules)
 * 1:56418 <-> ENABLED <-> SERVER-WEBAPP Cisco Security Manager SampleFileDownloadServlet directory traversal attempt (server-webapp.rules)
 * 1:56402 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-9795078-0 download attempt (malware-other.rules)
 * 1:56410 <-> DISABLED <-> POLICY-OTHER Cisco Security Manager vulnerable AuthTokenServlet access detected (policy-other.rules)
 * 1:56419 <-> ENABLED <-> SERVER-WEBAPP Cisco Security Manager SampleFileDownloadServlet directory traversal attempt (server-webapp.rules)
 * 1:56411 <-> DISABLED <-> POLICY-OTHER Cisco Security Manager vulnerable ClientServicesServlet access detected (policy-other.rules)
 * 1:56409 <-> DISABLED <-> POLICY-OTHER Cisco Security Manager vulnerable SecretService.jsp access detected (policy-other.rules)
 * 1:56376 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ComRAT variant download attempt (malware-cnc.rules)
 * 1:56404 <-> ENABLED <-> SERVER-WEBAPP Cisco Security Manager XmpFileUploadServlet arbitrary JSP file upload attempt (server-webapp.rules)
 * 1:56420 <-> ENABLED <-> SERVER-WEBAPP Cisco Security Manager resultsFrame directory traversal attempt (server-webapp.rules)
 * 1:56416 <-> ENABLED <-> SERVER-WEBAPP Cisco Security Manager XmpFileDownloadServlet directory traversal attempt (server-webapp.rules)
 * 1:56421 <-> ENABLED <-> SERVER-WEBAPP Cisco Security Manager resultsFrame directory traversal attempt (server-webapp.rules)
 * 1:56422 <-> ENABLED <-> SERVER-WEBAPP Cisco Security Manager resultsFrame directory traversal attempt (server-webapp.rules)
 * 1:56423 <-> ENABLED <-> SERVER-WEBAPP Cisco Security Manager xdmProxy directory traversal attempt (server-webapp.rules)
 * 1:56403 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-9795078-0 download attempt (malware-other.rules)
 * 1:56328 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9791863-0 download attempt (malware-other.rules)
 * 1:56334 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Ursu-9792860-0 download attempt (malware-other.rules)
 * 1:56333 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zbot-9792718-0 download attempt (malware-other.rules)
 * 1:56332 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zbot-9792718-0 download attempt (malware-other.rules)
 * 1:56383 <-> DISABLED <-> PROTOCOL-SCADA Advantech DiagAnywhere remote code execution attempt (protocol-scada.rules)
 * 1:56335 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Ursu-9792860-0 download attempt (malware-other.rules)
 * 1:56340 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Daws-9793378-0 download attempt (malware-other.rules)
 * 1:56337 <-> DISABLED <-> MALWARE-OTHER PUA.Win.File.Zusy-9792896-0 download attempt (malware-other.rules)
 * 1:56377 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ComRAT variant binary download attempt (malware-cnc.rules)
 * 1:56336 <-> DISABLED <-> MALWARE-OTHER PUA.Win.File.Zusy-9792896-0 download attempt (malware-other.rules)
 * 1:56338 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Dagava-9793006-0 download attempt (malware-other.rules)
 * 1:56344 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9793638-0 download attempt (malware-other.rules)
 * 1:56339 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Dagava-9793006-0 download attempt (malware-other.rules)
 * 1:56342 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9793635-0 download attempt (malware-other.rules)
 * 1:56341 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Daws-9793378-0 download attempt (malware-other.rules)
 * 1:56348 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Chen-9793785-0 download attempt (malware-other.rules)
 * 1:56343 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9793635-0 download attempt (malware-other.rules)
 * 1:56346 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Icloader-9793684-0 download attempt (malware-other.rules)
 * 1:56345 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9793638-0 download attempt (malware-other.rules)
 * 1:56352 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9793788-0 download attempt (malware-other.rules)
 * 1:56347 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Icloader-9793684-0 download attempt (malware-other.rules)
 * 1:56350 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9793863-0 download attempt (malware-other.rules)
 * 1:56349 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Chen-9793785-0 download attempt (malware-other.rules)
 * 1:56356 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9794293-0 download attempt (malware-other.rules)
 * 1:56351 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9793863-0 download attempt (malware-other.rules)
 * 1:56329 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9791863-0 download attempt (malware-other.rules)
 * 1:56374 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ComRAT variant binary download attempt (malware-cnc.rules)
 * 1:56354 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9793953-0 download attempt (malware-other.rules)
 * 1:56412 <-> DISABLED <-> POLICY-OTHER Cisco Security Manager vulnerable CTMServlet access detected (policy-other.rules)
 * 1:56330 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Rukoma-9792185-0 download attempt (malware-other.rules)
 * 1:56331 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Rukoma-9792185-0 download attempt (malware-other.rules)
 * 1:56384 <-> DISABLED <-> PROTOCOL-SCADA Advantech DiagAnywhere remote code execution attempt (protocol-scada.rules)
 * 1:56385 <-> DISABLED <-> PROTOCOL-SCADA Advantech DiagAnywhere remote code execution attempt (protocol-scada.rules)
 * 1:56387 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Raccoon CNC decryption key response (malware-cnc.rules)
 * 1:56353 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9793788-0 download attempt (malware-other.rules)
 * 1:56414 <-> ENABLED <-> SERVER-WEBAPP Cisco Security Manager XmpFileDownloadServlet directory traversal attempt (server-webapp.rules)
 * 1:56415 <-> ENABLED <-> SERVER-WEBAPP Cisco Security Manager XmpFileDownloadServlet directory traversal attempt (server-webapp.rules)
 * 1:56360 <-> DISABLED <-> MALWARE-OTHER PUA.Win.File.Playtech-9794342-0 download attempt (malware-other.rules)
 * 1:56378 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ComRAT variant binary download attempt (malware-cnc.rules)
 * 1:56355 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9793953-0 download attempt (malware-other.rules)
 * 1:56358 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Ulise-9794347-0 download attempt (malware-other.rules)
 * 1:56392 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Razy-9794567-0 download attempt (malware-other.rules)
 * 1:56357 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9794293-0 download attempt (malware-other.rules)
 * 1:56364 <-> DISABLED <-> SERVER-WEBAPP D-Link DSR-250N denial of service attempt (server-webapp.rules)
 * 1:56398 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Qbot-9794652-0 download attempt (malware-other.rules)
 * 1:56359 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Ulise-9794347-0 download attempt (malware-other.rules)
 * 1:56406 <-> ENABLED <-> INDICATOR-SHELLCODE ysoserial Java object deserialization exploit attempt (indicator-shellcode.rules)
 * 1:56391 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Racoon outbound connection attempt (malware-cnc.rules)
 * 1:56362 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Cerber-9794403-0 download attempt (malware-other.rules)
 * 1:56361 <-> DISABLED <-> MALWARE-OTHER PUA.Win.File.Playtech-9794342-0 download attempt (malware-other.rules)
 * 1:56401 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Razy-9794901-0 download attempt (malware-other.rules)
 * 1:56393 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Razy-9794567-0 download attempt (malware-other.rules)
 * 1:56396 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9794604-0 download attempt (malware-other.rules)
 * 1:56395 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ursu-9794593-0 download attempt (malware-other.rules)
 * 1:56394 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ursu-9794593-0 download attempt (malware-other.rules)
 * 1:56407 <-> ENABLED <-> INDICATOR-SHELLCODE ysoserial Java object deserialization exploit attempt (indicator-shellcode.rules)
 * 1:56397 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9794604-0 download attempt (malware-other.rules)
 * 1:56388 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Raccoon data exfiltration attempt (malware-cnc.rules)
 * 1:56370 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.GlitchPOS malicious executable download attempt (malware-other.rules)
 * 1:56399 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Qbot-9794652-0 download attempt (malware-other.rules)
 * 1:56400 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Razy-9794901-0 download attempt (malware-other.rules)
 * 1:56405 <-> ENABLED <-> SERVER-WEBAPP Cisco Security Manager XmpFileUploadServlet directory traversal attempt (server-webapp.rules)
 * 1:56386 <-> DISABLED <-> PROTOCOL-SCADA Advantech DiagAnywhere remote code execution attempt (protocol-scada.rules)
 * 1:56363 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Cerber-9794403-0 download attempt (malware-other.rules)
 * 1:56368 <-> ENABLED <-> MALWARE-CNC Win.Trojan.GlitchPOS variant outbound connection attempt (malware-cnc.rules)
 * 1:56367 <-> ENABLED <-> MALWARE-CNC Win.Trojan.GlitchPOS variant outbound connection attempt (malware-cnc.rules)
 * 1:56373 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ComRAT variant download attempt (malware-cnc.rules)
 * 1:56369 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.GlitchPOS malicious executable download attempt (malware-other.rules)
 * 1:56372 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ComRAT variant binary download attempt (malware-cnc.rules)
 * 1:56371 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ComRAT variant binary download attempt (malware-cnc.rules)
 * 1:56375 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ComRAT variant binary download attempt (malware-cnc.rules)
 * 3:56380 <-> ENABLED <-> BROWSER-WEBKIT TRUFFLEHUNTER TALOS-2020-1195 attack attempt (browser-webkit.rules)
 * 3:56390 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2020-1197 attack attempt (file-office.rules)
 * 3:56381 <-> ENABLED <-> BROWSER-WEBKIT TRUFFLEHUNTER TALOS-2020-1195 attack attempt (browser-webkit.rules)
 * 3:56389 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2020-1197 attack attempt (file-office.rules)
 * 3:56379 <-> ENABLED <-> BROWSER-WEBKIT TRUFFLEHUNTER TALOS-2020-1195 attack attempt (browser-webkit.rules)
 * 3:56382 <-> ENABLED <-> BROWSER-WEBKIT TRUFFLEHUNTER TALOS-2020-1195 attack attempt (browser-webkit.rules)
 * 3:56365 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-1183 attack attempt (file-image.rules)
 * 3:56366 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-1183 attack attempt (file-image.rules)

Modified Rules:


 * 1:46937 <-> ENABLED <-> INDICATOR-SHELLCODE ysoserial Java object deserialization exploit attempt (indicator-shellcode.rules)
 * 1:50475 <-> ENABLED <-> MALWARE-BACKDOOR JSP Web shell access attempt (malware-backdoor.rules)

2020-11-17 20:28:07 UTC

Snort Subscriber Rules Update

Date: 2020-11-17

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091101.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:56385 <-> DISABLED <-> PROTOCOL-SCADA Advantech DiagAnywhere remote code execution attempt (protocol-scada.rules)
 * 1:56359 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Ulise-9794347-0 download attempt (malware-other.rules)
 * 1:56402 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-9795078-0 download attempt (malware-other.rules)
 * 1:56408 <-> DISABLED <-> POLICY-OTHER Cisco Security Manager vulnerable CsJaasServiceServlet access detected (policy-other.rules)
 * 1:56413 <-> DISABLED <-> POLICY-OTHER Cisco Security Manager vulnerable SecretServiceServlet access detected (policy-other.rules)
 * 1:56352 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9793788-0 download attempt (malware-other.rules)
 * 1:56404 <-> ENABLED <-> SERVER-WEBAPP Cisco Security Manager XmpFileUploadServlet arbitrary JSP file upload attempt (server-webapp.rules)
 * 1:56414 <-> ENABLED <-> SERVER-WEBAPP Cisco Security Manager XmpFileDownloadServlet directory traversal attempt (server-webapp.rules)
 * 1:56415 <-> ENABLED <-> SERVER-WEBAPP Cisco Security Manager XmpFileDownloadServlet directory traversal attempt (server-webapp.rules)
 * 1:56412 <-> DISABLED <-> POLICY-OTHER Cisco Security Manager vulnerable CTMServlet access detected (policy-other.rules)
 * 1:56330 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Rukoma-9792185-0 download attempt (malware-other.rules)
 * 1:56331 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Rukoma-9792185-0 download attempt (malware-other.rules)
 * 1:56418 <-> ENABLED <-> SERVER-WEBAPP Cisco Security Manager SampleFileDownloadServlet directory traversal attempt (server-webapp.rules)
 * 1:56349 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Chen-9793785-0 download attempt (malware-other.rules)
 * 1:56353 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9793788-0 download attempt (malware-other.rules)
 * 1:56328 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9791863-0 download attempt (malware-other.rules)
 * 1:56329 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9791863-0 download attempt (malware-other.rules)
 * 1:56376 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ComRAT variant download attempt (malware-cnc.rules)
 * 1:56419 <-> ENABLED <-> SERVER-WEBAPP Cisco Security Manager SampleFileDownloadServlet directory traversal attempt (server-webapp.rules)
 * 1:56420 <-> ENABLED <-> SERVER-WEBAPP Cisco Security Manager resultsFrame directory traversal attempt (server-webapp.rules)
 * 1:56360 <-> DISABLED <-> MALWARE-OTHER PUA.Win.File.Playtech-9794342-0 download attempt (malware-other.rules)
 * 1:56411 <-> DISABLED <-> POLICY-OTHER Cisco Security Manager vulnerable ClientServicesServlet access detected (policy-other.rules)
 * 1:56421 <-> ENABLED <-> SERVER-WEBAPP Cisco Security Manager resultsFrame directory traversal attempt (server-webapp.rules)
 * 1:56416 <-> ENABLED <-> SERVER-WEBAPP Cisco Security Manager XmpFileDownloadServlet directory traversal attempt (server-webapp.rules)
 * 1:56422 <-> ENABLED <-> SERVER-WEBAPP Cisco Security Manager resultsFrame directory traversal attempt (server-webapp.rules)
 * 1:56423 <-> ENABLED <-> SERVER-WEBAPP Cisco Security Manager xdmProxy directory traversal attempt (server-webapp.rules)
 * 1:56403 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-9795078-0 download attempt (malware-other.rules)
 * 1:56354 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9793953-0 download attempt (malware-other.rules)
 * 1:56333 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zbot-9792718-0 download attempt (malware-other.rules)
 * 1:56334 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Ursu-9792860-0 download attempt (malware-other.rules)
 * 1:56336 <-> DISABLED <-> MALWARE-OTHER PUA.Win.File.Zusy-9792896-0 download attempt (malware-other.rules)
 * 1:56338 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Dagava-9793006-0 download attempt (malware-other.rules)
 * 1:56337 <-> DISABLED <-> MALWARE-OTHER PUA.Win.File.Zusy-9792896-0 download attempt (malware-other.rules)
 * 1:56340 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Daws-9793378-0 download attempt (malware-other.rules)
 * 1:56335 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Ursu-9792860-0 download attempt (malware-other.rules)
 * 1:56342 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9793635-0 download attempt (malware-other.rules)
 * 1:56341 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Daws-9793378-0 download attempt (malware-other.rules)
 * 1:56344 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9793638-0 download attempt (malware-other.rules)
 * 1:56339 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Dagava-9793006-0 download attempt (malware-other.rules)
 * 1:56346 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Icloader-9793684-0 download attempt (malware-other.rules)
 * 1:56345 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9793638-0 download attempt (malware-other.rules)
 * 1:56348 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Chen-9793785-0 download attempt (malware-other.rules)
 * 1:56343 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9793635-0 download attempt (malware-other.rules)
 * 1:56358 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Ulise-9794347-0 download attempt (malware-other.rules)
 * 1:56351 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9793863-0 download attempt (malware-other.rules)
 * 1:56363 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Cerber-9794403-0 download attempt (malware-other.rules)
 * 1:56347 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Icloader-9793684-0 download attempt (malware-other.rules)
 * 1:56368 <-> ENABLED <-> MALWARE-CNC Win.Trojan.GlitchPOS variant outbound connection attempt (malware-cnc.rules)
 * 1:56364 <-> DISABLED <-> SERVER-WEBAPP D-Link DSR-250N denial of service attempt (server-webapp.rules)
 * 1:56371 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ComRAT variant binary download attempt (malware-cnc.rules)
 * 1:56361 <-> DISABLED <-> MALWARE-OTHER PUA.Win.File.Playtech-9794342-0 download attempt (malware-other.rules)
 * 1:56375 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ComRAT variant binary download attempt (malware-cnc.rules)
 * 1:56374 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ComRAT variant binary download attempt (malware-cnc.rules)
 * 1:56395 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ursu-9794593-0 download attempt (malware-other.rules)
 * 1:56369 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.GlitchPOS malicious executable download attempt (malware-other.rules)
 * 1:56397 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9794604-0 download attempt (malware-other.rules)
 * 1:56396 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9794604-0 download attempt (malware-other.rules)
 * 1:56399 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Qbot-9794652-0 download attempt (malware-other.rules)
 * 1:56388 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Raccoon data exfiltration attempt (malware-cnc.rules)
 * 1:56401 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Razy-9794901-0 download attempt (malware-other.rules)
 * 1:56400 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Razy-9794901-0 download attempt (malware-other.rules)
 * 1:56398 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Qbot-9794652-0 download attempt (malware-other.rules)
 * 1:56350 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9793863-0 download attempt (malware-other.rules)
 * 1:56409 <-> DISABLED <-> POLICY-OTHER Cisco Security Manager vulnerable SecretService.jsp access detected (policy-other.rules)
 * 1:56417 <-> ENABLED <-> SERVER-WEBAPP Cisco Security Manager SampleFileDownloadServlet directory traversal attempt (server-webapp.rules)
 * 1:56332 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zbot-9792718-0 download attempt (malware-other.rules)
 * 1:56362 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Cerber-9794403-0 download attempt (malware-other.rules)
 * 1:56410 <-> DISABLED <-> POLICY-OTHER Cisco Security Manager vulnerable AuthTokenServlet access detected (policy-other.rules)
 * 1:56355 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9793953-0 download attempt (malware-other.rules)
 * 1:56356 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9794293-0 download attempt (malware-other.rules)
 * 1:56393 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Razy-9794567-0 download attempt (malware-other.rules)
 * 1:56394 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ursu-9794593-0 download attempt (malware-other.rules)
 * 1:56357 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9794293-0 download attempt (malware-other.rules)
 * 1:56387 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Raccoon CNC decryption key response (malware-cnc.rules)
 * 1:56372 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ComRAT variant binary download attempt (malware-cnc.rules)
 * 1:56373 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ComRAT variant download attempt (malware-cnc.rules)
 * 1:56367 <-> ENABLED <-> MALWARE-CNC Win.Trojan.GlitchPOS variant outbound connection attempt (malware-cnc.rules)
 * 1:56377 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ComRAT variant binary download attempt (malware-cnc.rules)
 * 1:56384 <-> DISABLED <-> PROTOCOL-SCADA Advantech DiagAnywhere remote code execution attempt (protocol-scada.rules)
 * 1:56383 <-> DISABLED <-> PROTOCOL-SCADA Advantech DiagAnywhere remote code execution attempt (protocol-scada.rules)
 * 1:56378 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ComRAT variant binary download attempt (malware-cnc.rules)
 * 1:56386 <-> DISABLED <-> PROTOCOL-SCADA Advantech DiagAnywhere remote code execution attempt (protocol-scada.rules)
 * 1:56370 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.GlitchPOS malicious executable download attempt (malware-other.rules)
 * 1:56406 <-> ENABLED <-> INDICATOR-SHELLCODE ysoserial Java object deserialization exploit attempt (indicator-shellcode.rules)
 * 1:56407 <-> ENABLED <-> INDICATOR-SHELLCODE ysoserial Java object deserialization exploit attempt (indicator-shellcode.rules)
 * 1:56391 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Racoon outbound connection attempt (malware-cnc.rules)
 * 1:56392 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Razy-9794567-0 download attempt (malware-other.rules)
 * 1:56405 <-> ENABLED <-> SERVER-WEBAPP Cisco Security Manager XmpFileUploadServlet directory traversal attempt (server-webapp.rules)
 * 3:56365 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-1183 attack attempt (file-image.rules)
 * 3:56379 <-> ENABLED <-> BROWSER-WEBKIT TRUFFLEHUNTER TALOS-2020-1195 attack attempt (browser-webkit.rules)
 * 3:56381 <-> ENABLED <-> BROWSER-WEBKIT TRUFFLEHUNTER TALOS-2020-1195 attack attempt (browser-webkit.rules)
 * 3:56390 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2020-1197 attack attempt (file-office.rules)
 * 3:56382 <-> ENABLED <-> BROWSER-WEBKIT TRUFFLEHUNTER TALOS-2020-1195 attack attempt (browser-webkit.rules)
 * 3:56366 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-1183 attack attempt (file-image.rules)
 * 3:56389 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2020-1197 attack attempt (file-office.rules)
 * 3:56380 <-> ENABLED <-> BROWSER-WEBKIT TRUFFLEHUNTER TALOS-2020-1195 attack attempt (browser-webkit.rules)

Modified Rules:


 * 1:46937 <-> ENABLED <-> INDICATOR-SHELLCODE ysoserial Java object deserialization exploit attempt (indicator-shellcode.rules)
 * 1:50475 <-> ENABLED <-> MALWARE-BACKDOOR JSP Web shell access attempt (malware-backdoor.rules)

2020-11-17 20:28:07 UTC

Snort Subscriber Rules Update

Date: 2020-11-17

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3000.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:56330 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Rukoma-9792185-0 download attempt (snort3-malware-other.rules)
 * 1:56422 <-> ENABLED <-> SERVER-WEBAPP Cisco Security Manager resultsFrame directory traversal attempt (snort3-server-webapp.rules)
 * 1:56334 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Ursu-9792860-0 download attempt (snort3-malware-other.rules)
 * 1:56335 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Ursu-9792860-0 download attempt (snort3-malware-other.rules)
 * 1:56420 <-> ENABLED <-> SERVER-WEBAPP Cisco Security Manager resultsFrame directory traversal attempt (snort3-server-webapp.rules)
 * 1:56332 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zbot-9792718-0 download attempt (snort3-malware-other.rules)
 * 1:56333 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zbot-9792718-0 download attempt (snort3-malware-other.rules)
 * 1:56416 <-> ENABLED <-> SERVER-WEBAPP Cisco Security Manager XmpFileDownloadServlet directory traversal attempt (snort3-server-webapp.rules)
 * 1:56406 <-> ENABLED <-> INDICATOR-SHELLCODE ysoserial Java object deserialization exploit attempt (snort3-indicator-shellcode.rules)
 * 1:56423 <-> ENABLED <-> SERVER-WEBAPP Cisco Security Manager xdmProxy directory traversal attempt (snort3-server-webapp.rules)
 * 1:56417 <-> ENABLED <-> SERVER-WEBAPP Cisco Security Manager SampleFileDownloadServlet directory traversal attempt (snort3-server-webapp.rules)
 * 1:56415 <-> ENABLED <-> SERVER-WEBAPP Cisco Security Manager XmpFileDownloadServlet directory traversal attempt (snort3-server-webapp.rules)
 * 1:56414 <-> ENABLED <-> SERVER-WEBAPP Cisco Security Manager XmpFileDownloadServlet directory traversal attempt (snort3-server-webapp.rules)
 * 1:56336 <-> DISABLED <-> MALWARE-OTHER PUA.Win.File.Zusy-9792896-0 download attempt (snort3-malware-other.rules)
 * 1:56337 <-> DISABLED <-> MALWARE-OTHER PUA.Win.File.Zusy-9792896-0 download attempt (snort3-malware-other.rules)
 * 1:56328 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9791863-0 download attempt (snort3-malware-other.rules)
 * 1:56338 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Dagava-9793006-0 download attempt (snort3-malware-other.rules)
 * 1:56329 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9791863-0 download attempt (snort3-malware-other.rules)
 * 1:56339 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Dagava-9793006-0 download attempt (snort3-malware-other.rules)
 * 1:56340 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Daws-9793378-0 download attempt (snort3-malware-other.rules)
 * 1:56341 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Daws-9793378-0 download attempt (snort3-malware-other.rules)
 * 1:56342 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9793635-0 download attempt (snort3-malware-other.rules)
 * 1:56343 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9793635-0 download attempt (snort3-malware-other.rules)
 * 1:56344 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9793638-0 download attempt (snort3-malware-other.rules)
 * 1:56345 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9793638-0 download attempt (snort3-malware-other.rules)
 * 1:56346 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Icloader-9793684-0 download attempt (snort3-malware-other.rules)
 * 1:56347 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Icloader-9793684-0 download attempt (snort3-malware-other.rules)
 * 1:56348 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Chen-9793785-0 download attempt (snort3-malware-other.rules)
 * 1:56349 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Chen-9793785-0 download attempt (snort3-malware-other.rules)
 * 1:56350 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9793863-0 download attempt (snort3-malware-other.rules)
 * 1:56351 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9793863-0 download attempt (snort3-malware-other.rules)
 * 1:56352 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9793788-0 download attempt (snort3-malware-other.rules)
 * 1:56353 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9793788-0 download attempt (snort3-malware-other.rules)
 * 1:56354 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9793953-0 download attempt (snort3-malware-other.rules)
 * 1:56355 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9793953-0 download attempt (snort3-malware-other.rules)
 * 1:56356 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9794293-0 download attempt (snort3-malware-other.rules)
 * 1:56357 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9794293-0 download attempt (snort3-malware-other.rules)
 * 1:56358 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Ulise-9794347-0 download attempt (snort3-malware-other.rules)
 * 1:56359 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Ulise-9794347-0 download attempt (snort3-malware-other.rules)
 * 1:56360 <-> DISABLED <-> MALWARE-OTHER PUA.Win.File.Playtech-9794342-0 download attempt (snort3-malware-other.rules)
 * 1:56361 <-> DISABLED <-> MALWARE-OTHER PUA.Win.File.Playtech-9794342-0 download attempt (snort3-malware-other.rules)
 * 1:56362 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Cerber-9794403-0 download attempt (snort3-malware-other.rules)
 * 1:56363 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Cerber-9794403-0 download attempt (snort3-malware-other.rules)
 * 1:56364 <-> DISABLED <-> SERVER-WEBAPP D-Link DSR-250N denial of service attempt (snort3-server-webapp.rules)
 * 1:56367 <-> ENABLED <-> MALWARE-CNC Win.Trojan.GlitchPOS variant outbound connection attempt (snort3-malware-cnc.rules)
 * 1:56368 <-> ENABLED <-> MALWARE-CNC Win.Trojan.GlitchPOS variant outbound connection attempt (snort3-malware-cnc.rules)
 * 1:56369 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.GlitchPOS malicious executable download attempt (snort3-malware-other.rules)
 * 1:56370 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.GlitchPOS malicious executable download attempt (snort3-malware-other.rules)
 * 1:56371 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ComRAT variant binary download attempt (snort3-malware-cnc.rules)
 * 1:56372 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ComRAT variant binary download attempt (snort3-malware-cnc.rules)
 * 1:56373 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ComRAT variant download attempt (snort3-malware-cnc.rules)
 * 1:56374 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ComRAT variant binary download attempt (snort3-malware-cnc.rules)
 * 1:56375 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ComRAT variant binary download attempt (snort3-malware-cnc.rules)
 * 1:56376 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ComRAT variant download attempt (snort3-malware-cnc.rules)
 * 1:56377 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ComRAT variant binary download attempt (snort3-malware-cnc.rules)
 * 1:56378 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ComRAT variant binary download attempt (snort3-malware-cnc.rules)
 * 1:56383 <-> DISABLED <-> PROTOCOL-SCADA Advantech DiagAnywhere remote code execution attempt (snort3-protocol-scada.rules)
 * 1:56408 <-> DISABLED <-> POLICY-OTHER Cisco Security Manager vulnerable CsJaasServiceServlet access detected (snort3-policy-other.rules)
 * 1:56384 <-> DISABLED <-> PROTOCOL-SCADA Advantech DiagAnywhere remote code execution attempt (snort3-protocol-scada.rules)
 * 1:56413 <-> DISABLED <-> POLICY-OTHER Cisco Security Manager vulnerable SecretServiceServlet access detected (snort3-policy-other.rules)
 * 1:56385 <-> DISABLED <-> PROTOCOL-SCADA Advantech DiagAnywhere remote code execution attempt (snort3-protocol-scada.rules)
 * 1:56386 <-> DISABLED <-> PROTOCOL-SCADA Advantech DiagAnywhere remote code execution attempt (snort3-protocol-scada.rules)
 * 1:56419 <-> ENABLED <-> SERVER-WEBAPP Cisco Security Manager SampleFileDownloadServlet directory traversal attempt (snort3-server-webapp.rules)
 * 1:56418 <-> ENABLED <-> SERVER-WEBAPP Cisco Security Manager SampleFileDownloadServlet directory traversal attempt (snort3-server-webapp.rules)
 * 1:56387 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Raccoon CNC decryption key response (snort3-malware-cnc.rules)
 * 1:56388 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Raccoon data exfiltration attempt (snort3-malware-cnc.rules)
 * 1:56412 <-> DISABLED <-> POLICY-OTHER Cisco Security Manager vulnerable CTMServlet access detected (snort3-policy-other.rules)
 * 1:56391 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Racoon outbound connection attempt (snort3-malware-cnc.rules)
 * 1:56392 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Razy-9794567-0 download attempt (snort3-malware-other.rules)
 * 1:56393 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Razy-9794567-0 download attempt (snort3-malware-other.rules)
 * 1:56421 <-> ENABLED <-> SERVER-WEBAPP Cisco Security Manager resultsFrame directory traversal attempt (snort3-server-webapp.rules)
 * 1:56394 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ursu-9794593-0 download attempt (snort3-malware-other.rules)
 * 1:56395 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ursu-9794593-0 download attempt (snort3-malware-other.rules)
 * 1:56396 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9794604-0 download attempt (snort3-malware-other.rules)
 * 1:56397 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9794604-0 download attempt (snort3-malware-other.rules)
 * 1:56411 <-> DISABLED <-> POLICY-OTHER Cisco Security Manager vulnerable ClientServicesServlet access detected (snort3-policy-other.rules)
 * 1:56331 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Rukoma-9792185-0 download attempt (snort3-malware-other.rules)
 * 1:56398 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Qbot-9794652-0 download attempt (snort3-malware-other.rules)
 * 1:56399 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Qbot-9794652-0 download attempt (snort3-malware-other.rules)
 * 1:56400 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Razy-9794901-0 download attempt (snort3-malware-other.rules)
 * 1:56401 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Razy-9794901-0 download attempt (snort3-malware-other.rules)
 * 1:56407 <-> ENABLED <-> INDICATOR-SHELLCODE ysoserial Java object deserialization exploit attempt (snort3-indicator-shellcode.rules)
 * 1:56410 <-> DISABLED <-> POLICY-OTHER Cisco Security Manager vulnerable AuthTokenServlet access detected (snort3-policy-other.rules)
 * 1:56402 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-9795078-0 download attempt (snort3-malware-other.rules)
 * 1:56403 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-9795078-0 download attempt (snort3-malware-other.rules)
 * 1:56409 <-> DISABLED <-> POLICY-OTHER Cisco Security Manager vulnerable SecretService.jsp access detected (snort3-policy-other.rules)
 * 1:56404 <-> ENABLED <-> SERVER-WEBAPP Cisco Security Manager XmpFileUploadServlet arbitrary JSP file upload attempt (snort3-server-webapp.rules)
 * 1:56405 <-> ENABLED <-> SERVER-WEBAPP Cisco Security Manager XmpFileUploadServlet directory traversal attempt (snort3-server-webapp.rules)

Modified Rules:


 * 1:46937 <-> ENABLED <-> INDICATOR-SHELLCODE ysoserial Java object deserialization exploit attempt (snort3-indicator-shellcode.rules)
 * 1:50475 <-> ENABLED <-> MALWARE-BACKDOOR JSP Web shell access attempt (snort3-malware-backdoor.rules)

2020-11-17 20:28:07 UTC

Snort Subscriber Rules Update

Date: 2020-11-17

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:56405 <-> ENABLED <-> SERVER-WEBAPP Cisco Security Manager XmpFileUploadServlet directory traversal attempt (server-webapp.rules)
 * 1:56412 <-> DISABLED <-> POLICY-OTHER Cisco Security Manager vulnerable CTMServlet access detected (policy-other.rules)
 * 1:56418 <-> ENABLED <-> SERVER-WEBAPP Cisco Security Manager SampleFileDownloadServlet directory traversal attempt (server-webapp.rules)
 * 1:56409 <-> DISABLED <-> POLICY-OTHER Cisco Security Manager vulnerable SecretService.jsp access detected (policy-other.rules)
 * 1:56410 <-> DISABLED <-> POLICY-OTHER Cisco Security Manager vulnerable AuthTokenServlet access detected (policy-other.rules)
 * 1:56419 <-> ENABLED <-> SERVER-WEBAPP Cisco Security Manager SampleFileDownloadServlet directory traversal attempt (server-webapp.rules)
 * 1:56420 <-> ENABLED <-> SERVER-WEBAPP Cisco Security Manager resultsFrame directory traversal attempt (server-webapp.rules)
 * 1:56398 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Qbot-9794652-0 download attempt (malware-other.rules)
 * 1:56368 <-> ENABLED <-> MALWARE-CNC Win.Trojan.GlitchPOS variant outbound connection attempt (malware-cnc.rules)
 * 1:56328 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9791863-0 download attempt (malware-other.rules)
 * 1:56329 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9791863-0 download attempt (malware-other.rules)
 * 1:56330 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Rukoma-9792185-0 download attempt (malware-other.rules)
 * 1:56415 <-> ENABLED <-> SERVER-WEBAPP Cisco Security Manager XmpFileDownloadServlet directory traversal attempt (server-webapp.rules)
 * 1:56331 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Rukoma-9792185-0 download attempt (malware-other.rules)
 * 1:56332 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zbot-9792718-0 download attempt (malware-other.rules)
 * 1:56333 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zbot-9792718-0 download attempt (malware-other.rules)
 * 1:56334 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Ursu-9792860-0 download attempt (malware-other.rules)
 * 1:56335 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Ursu-9792860-0 download attempt (malware-other.rules)
 * 1:56336 <-> DISABLED <-> MALWARE-OTHER PUA.Win.File.Zusy-9792896-0 download attempt (malware-other.rules)
 * 1:56337 <-> DISABLED <-> MALWARE-OTHER PUA.Win.File.Zusy-9792896-0 download attempt (malware-other.rules)
 * 1:56338 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Dagava-9793006-0 download attempt (malware-other.rules)
 * 1:56339 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Dagava-9793006-0 download attempt (malware-other.rules)
 * 1:56340 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Daws-9793378-0 download attempt (malware-other.rules)
 * 1:56341 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Daws-9793378-0 download attempt (malware-other.rules)
 * 1:56342 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9793635-0 download attempt (malware-other.rules)
 * 1:56343 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9793635-0 download attempt (malware-other.rules)
 * 1:56344 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9793638-0 download attempt (malware-other.rules)
 * 1:56345 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9793638-0 download attempt (malware-other.rules)
 * 1:56346 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Icloader-9793684-0 download attempt (malware-other.rules)
 * 1:56347 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Icloader-9793684-0 download attempt (malware-other.rules)
 * 1:56348 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Chen-9793785-0 download attempt (malware-other.rules)
 * 1:56349 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Chen-9793785-0 download attempt (malware-other.rules)
 * 1:56350 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9793863-0 download attempt (malware-other.rules)
 * 1:56351 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9793863-0 download attempt (malware-other.rules)
 * 1:56352 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9793788-0 download attempt (malware-other.rules)
 * 1:56353 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9793788-0 download attempt (malware-other.rules)
 * 1:56354 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9793953-0 download attempt (malware-other.rules)
 * 1:56392 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Razy-9794567-0 download attempt (malware-other.rules)
 * 1:56355 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9793953-0 download attempt (malware-other.rules)
 * 1:56356 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9794293-0 download attempt (malware-other.rules)
 * 1:56357 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9794293-0 download attempt (malware-other.rules)
 * 1:56358 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Ulise-9794347-0 download attempt (malware-other.rules)
 * 1:56359 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Ulise-9794347-0 download attempt (malware-other.rules)
 * 1:56361 <-> DISABLED <-> MALWARE-OTHER PUA.Win.File.Playtech-9794342-0 download attempt (malware-other.rules)
 * 1:56363 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Cerber-9794403-0 download attempt (malware-other.rules)
 * 1:56364 <-> DISABLED <-> SERVER-WEBAPP D-Link DSR-250N denial of service attempt (server-webapp.rules)
 * 1:56369 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.GlitchPOS malicious executable download attempt (malware-other.rules)
 * 1:56373 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ComRAT variant download attempt (malware-cnc.rules)
 * 1:56374 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ComRAT variant binary download attempt (malware-cnc.rules)
 * 1:56376 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ComRAT variant download attempt (malware-cnc.rules)
 * 1:56378 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ComRAT variant binary download attempt (malware-cnc.rules)
 * 1:56377 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ComRAT variant binary download attempt (malware-cnc.rules)
 * 1:56404 <-> ENABLED <-> SERVER-WEBAPP Cisco Security Manager XmpFileUploadServlet arbitrary JSP file upload attempt (server-webapp.rules)
 * 1:56383 <-> DISABLED <-> PROTOCOL-SCADA Advantech DiagAnywhere remote code execution attempt (protocol-scada.rules)
 * 1:56386 <-> DISABLED <-> PROTOCOL-SCADA Advantech DiagAnywhere remote code execution attempt (protocol-scada.rules)
 * 1:56387 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Raccoon CNC decryption key response (malware-cnc.rules)
 * 1:56388 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Raccoon data exfiltration attempt (malware-cnc.rules)
 * 1:56391 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Racoon outbound connection attempt (malware-cnc.rules)
 * 1:56394 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ursu-9794593-0 download attempt (malware-other.rules)
 * 1:56395 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ursu-9794593-0 download attempt (malware-other.rules)
 * 1:56397 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9794604-0 download attempt (malware-other.rules)
 * 1:56400 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Razy-9794901-0 download attempt (malware-other.rules)
 * 1:56375 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ComRAT variant binary download attempt (malware-cnc.rules)
 * 1:56367 <-> ENABLED <-> MALWARE-CNC Win.Trojan.GlitchPOS variant outbound connection attempt (malware-cnc.rules)
 * 1:56411 <-> DISABLED <-> POLICY-OTHER Cisco Security Manager vulnerable ClientServicesServlet access detected (policy-other.rules)
 * 1:56385 <-> DISABLED <-> PROTOCOL-SCADA Advantech DiagAnywhere remote code execution attempt (protocol-scada.rules)
 * 1:56403 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-9795078-0 download attempt (malware-other.rules)
 * 1:56362 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Cerber-9794403-0 download attempt (malware-other.rules)
 * 1:56401 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Razy-9794901-0 download attempt (malware-other.rules)
 * 1:56416 <-> ENABLED <-> SERVER-WEBAPP Cisco Security Manager XmpFileDownloadServlet directory traversal attempt (server-webapp.rules)
 * 1:56402 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-9795078-0 download attempt (malware-other.rules)
 * 1:56399 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Qbot-9794652-0 download attempt (malware-other.rules)
 * 1:56406 <-> ENABLED <-> INDICATOR-SHELLCODE ysoserial Java object deserialization exploit attempt (indicator-shellcode.rules)
 * 1:56370 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.GlitchPOS malicious executable download attempt (malware-other.rules)
 * 1:56407 <-> ENABLED <-> INDICATOR-SHELLCODE ysoserial Java object deserialization exploit attempt (indicator-shellcode.rules)
 * 1:56372 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ComRAT variant binary download attempt (malware-cnc.rules)
 * 1:56421 <-> ENABLED <-> SERVER-WEBAPP Cisco Security Manager resultsFrame directory traversal attempt (server-webapp.rules)
 * 1:56414 <-> ENABLED <-> SERVER-WEBAPP Cisco Security Manager XmpFileDownloadServlet directory traversal attempt (server-webapp.rules)
 * 1:56422 <-> ENABLED <-> SERVER-WEBAPP Cisco Security Manager resultsFrame directory traversal attempt (server-webapp.rules)
 * 1:56408 <-> DISABLED <-> POLICY-OTHER Cisco Security Manager vulnerable CsJaasServiceServlet access detected (policy-other.rules)
 * 1:56360 <-> DISABLED <-> MALWARE-OTHER PUA.Win.File.Playtech-9794342-0 download attempt (malware-other.rules)
 * 1:56393 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Razy-9794567-0 download attempt (malware-other.rules)
 * 1:56396 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9794604-0 download attempt (malware-other.rules)
 * 1:56384 <-> DISABLED <-> PROTOCOL-SCADA Advantech DiagAnywhere remote code execution attempt (protocol-scada.rules)
 * 1:56371 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ComRAT variant binary download attempt (malware-cnc.rules)
 * 1:56423 <-> ENABLED <-> SERVER-WEBAPP Cisco Security Manager xdmProxy directory traversal attempt (server-webapp.rules)
 * 1:56417 <-> ENABLED <-> SERVER-WEBAPP Cisco Security Manager SampleFileDownloadServlet directory traversal attempt (server-webapp.rules)
 * 1:56413 <-> DISABLED <-> POLICY-OTHER Cisco Security Manager vulnerable SecretServiceServlet access detected (policy-other.rules)
 * 3:56365 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-1183 attack attempt (file-image.rules)
 * 3:56366 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-1183 attack attempt (file-image.rules)
 * 3:56379 <-> ENABLED <-> BROWSER-WEBKIT TRUFFLEHUNTER TALOS-2020-1195 attack attempt (browser-webkit.rules)
 * 3:56381 <-> ENABLED <-> BROWSER-WEBKIT TRUFFLEHUNTER TALOS-2020-1195 attack attempt (browser-webkit.rules)
 * 3:56389 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2020-1197 attack attempt (file-office.rules)
 * 3:56390 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2020-1197 attack attempt (file-office.rules)
 * 3:56382 <-> ENABLED <-> BROWSER-WEBKIT TRUFFLEHUNTER TALOS-2020-1195 attack attempt (browser-webkit.rules)
 * 3:56380 <-> ENABLED <-> BROWSER-WEBKIT TRUFFLEHUNTER TALOS-2020-1195 attack attempt (browser-webkit.rules)

Modified Rules:


 * 1:46937 <-> ENABLED <-> INDICATOR-SHELLCODE ysoserial Java object deserialization exploit attempt (indicator-shellcode.rules)
 * 1:50475 <-> ENABLED <-> MALWARE-BACKDOOR JSP Web shell access attempt (malware-backdoor.rules)