Talos Rules 2020-11-24
This release adds and modifies rules in several categories.

Talos has added and modified multiple rules in the malware-other and server-webapp rule sets to provide coverage for emerging threats from these technologies.

Change logs

2020-11-24 14:07:10 UTC

Snort Subscriber Rules Update

Date: 2020-11-24

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091700.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:56484 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Ursu-9799226-0 download attempt (malware-other.rules)
 * 1:56485 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Ursu-9799226-0 download attempt (malware-other.rules)
 * 1:56490 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Razy-9799256-0 download attempt (malware-other.rules)
 * 1:56491 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Razy-9799256-0 download attempt (malware-other.rules)
 * 1:56492 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Agen-9799302-0 download attempt (malware-other.rules)
 * 1:56493 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Agen-9799302-0 download attempt (malware-other.rules)
 * 1:56494 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9799298-0 download attempt (malware-other.rules)
 * 1:56495 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9799298-0 download attempt (malware-other.rules)
 * 1:56497 <-> DISABLED <-> SERVER-WEBAPP Multiple Products Java Faces ViewState deserialization remote code execution attempt (server-webapp.rules)
 * 1:56498 <-> DISABLED <-> SERVER-WEBAPP Oracle ADF Faces potential ViewState deserialization remote code execution attempt (server-webapp.rules)
 * 1:56499 <-> DISABLED <-> SERVER-WEBAPP Oracle ADF Faces potential ViewState deserialization remote code execution attempt (server-webapp.rules)
 * 1:56453 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zbot-9796608-0 download attempt (malware-other.rules)
 * 1:56454 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zbot-9796608-0 download attempt (malware-other.rules)
 * 1:56455 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Crossrider-9797289-0 download attempt (malware-other.rules)
 * 1:56456 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Crossrider-9797289-0 download attempt (malware-other.rules)
 * 1:56457 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Nwh1dlg-9797380-0 download attempt (malware-other.rules)
 * 1:56458 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Nwh1dlg-9797380-0 download attempt (malware-other.rules)
 * 1:56459 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-9797422-0 download attempt (malware-other.rules)
 * 1:56460 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-9797422-0 download attempt (malware-other.rules)
 * 1:56461 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zbot-9797509-0 download attempt (malware-other.rules)
 * 1:56462 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zbot-9797509-0 download attempt (malware-other.rules)
 * 1:56463 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Morto-9797503-0 download attempt (malware-other.rules)
 * 1:56464 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Morto-9797503-0 download attempt (malware-other.rules)
 * 1:56465 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Amonetize-9797769-0 download attempt (malware-other.rules)
 * 1:56466 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Amonetize-9797769-0 download attempt (malware-other.rules)
 * 1:56467 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Downloader.Amonetize-9797772-0 download attempt (malware-other.rules)
 * 1:56468 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Downloader.Amonetize-9797772-0 download attempt (malware-other.rules)
 * 1:56469 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Uztub-9798162-0 download attempt (malware-other.rules)
 * 1:56470 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Uztub-9798162-0 download attempt (malware-other.rules)
 * 1:56471 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Budt-9798777-0 download attempt (malware-other.rules)
 * 1:56472 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Budt-9798777-0 download attempt (malware-other.rules)
 * 1:56473 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Budt-9798951-0 download attempt (malware-other.rules)
 * 1:56474 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Budt-9798951-0 download attempt (malware-other.rules)
 * 3:56475 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1205 attack attempt (server-webapp.rules)
 * 3:56476 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1205 attack attempt (server-webapp.rules)
 * 3:56477 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1205 attack attempt (server-webapp.rules)
 * 3:56510 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2020-1187 attack attempt (server-other.rules)
 * 3:56478 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1207 attack attempt (server-webapp.rules)
 * 3:56479 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1207 attack attempt (server-webapp.rules)
 * 3:56480 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1207 attack attempt (server-webapp.rules)
 * 3:56481 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1206 attack attempt (server-webapp.rules)
 * 3:56482 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1206 attack attempt (server-webapp.rules)
 * 3:56483 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1206 attack attempt (server-webapp.rules)
 * 3:56486 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1202 attack attempt (server-webapp.rules)
 * 3:56487 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1202 attack attempt (server-webapp.rules)
 * 3:56488 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1202 attack attempt (server-webapp.rules)
 * 3:56489 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1203 attack attempt (server-webapp.rules)
 * 3:56496 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1198 attack attempt (server-webapp.rules)
 * 3:56500 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1200 attack attempt (server-webapp.rules)
 * 3:56501 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1200 attack attempt (server-webapp.rules)
 * 3:56502 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1200 attack attempt (server-webapp.rules)
 * 3:56503 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1201 attack attempt (server-webapp.rules)
 * 3:56504 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1199 attack attempt (server-webapp.rules)
 * 3:56505 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1199 attack attempt (server-webapp.rules)
 * 3:56506 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1199 attack attempt (server-webapp.rules)
 * 3:56507 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1186 attack attempt (server-webapp.rules)
 * 3:56508 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2020-1186 attack attempt (server-other.rules)
 * 3:56509 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1187 attack attempt (server-webapp.rules)

Modified Rules:


 * 1:50065 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Robinhood variant file transfer attempt (malware-other.rules)
 * 1:45545 <-> ENABLED <-> MALWARE-CNC Osx.Trojan.SHLayer variant outbound connection (malware-cnc.rules)
 * 1:50066 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Robinhood variant file transfer attempt (malware-other.rules)

2020-11-24 14:07:10 UTC

Snort Subscriber Rules Update

Date: 2020-11-24

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091601.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:56470 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Uztub-9798162-0 download attempt (malware-other.rules)
 * 1:56492 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Agen-9799302-0 download attempt (malware-other.rules)
 * 1:56493 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Agen-9799302-0 download attempt (malware-other.rules)
 * 1:56494 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9799298-0 download attempt (malware-other.rules)
 * 1:56495 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9799298-0 download attempt (malware-other.rules)
 * 1:56497 <-> DISABLED <-> SERVER-WEBAPP Multiple Products Java Faces ViewState deserialization remote code execution attempt (server-webapp.rules)
 * 1:56498 <-> DISABLED <-> SERVER-WEBAPP Oracle ADF Faces potential ViewState deserialization remote code execution attempt (server-webapp.rules)
 * 1:56499 <-> DISABLED <-> SERVER-WEBAPP Oracle ADF Faces potential ViewState deserialization remote code execution attempt (server-webapp.rules)
 * 1:56474 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Budt-9798951-0 download attempt (malware-other.rules)
 * 1:56484 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Ursu-9799226-0 download attempt (malware-other.rules)
 * 1:56473 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Budt-9798951-0 download attempt (malware-other.rules)
 * 1:56490 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Razy-9799256-0 download attempt (malware-other.rules)
 * 1:56485 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Ursu-9799226-0 download attempt (malware-other.rules)
 * 1:56491 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Razy-9799256-0 download attempt (malware-other.rules)
 * 1:56454 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zbot-9796608-0 download attempt (malware-other.rules)
 * 1:56455 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Crossrider-9797289-0 download attempt (malware-other.rules)
 * 1:56469 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Uztub-9798162-0 download attempt (malware-other.rules)
 * 1:56472 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Budt-9798777-0 download attempt (malware-other.rules)
 * 1:56453 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zbot-9796608-0 download attempt (malware-other.rules)
 * 1:56456 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Crossrider-9797289-0 download attempt (malware-other.rules)
 * 1:56471 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Budt-9798777-0 download attempt (malware-other.rules)
 * 1:56458 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Nwh1dlg-9797380-0 download attempt (malware-other.rules)
 * 1:56457 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Nwh1dlg-9797380-0 download attempt (malware-other.rules)
 * 1:56459 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-9797422-0 download attempt (malware-other.rules)
 * 1:56460 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-9797422-0 download attempt (malware-other.rules)
 * 1:56462 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zbot-9797509-0 download attempt (malware-other.rules)
 * 1:56461 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zbot-9797509-0 download attempt (malware-other.rules)
 * 1:56464 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Morto-9797503-0 download attempt (malware-other.rules)
 * 1:56463 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Morto-9797503-0 download attempt (malware-other.rules)
 * 1:56466 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Amonetize-9797769-0 download attempt (malware-other.rules)
 * 1:56465 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Amonetize-9797769-0 download attempt (malware-other.rules)
 * 1:56468 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Downloader.Amonetize-9797772-0 download attempt (malware-other.rules)
 * 1:56467 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Downloader.Amonetize-9797772-0 download attempt (malware-other.rules)
 * 3:56483 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1206 attack attempt (server-webapp.rules)
 * 3:56477 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1205 attack attempt (server-webapp.rules)
 * 3:56475 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1205 attack attempt (server-webapp.rules)
 * 3:56476 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1205 attack attempt (server-webapp.rules)
 * 3:56479 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1207 attack attempt (server-webapp.rules)
 * 3:56478 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1207 attack attempt (server-webapp.rules)
 * 3:56487 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1202 attack attempt (server-webapp.rules)
 * 3:56480 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1207 attack attempt (server-webapp.rules)
 * 3:56500 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1200 attack attempt (server-webapp.rules)
 * 3:56488 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1202 attack attempt (server-webapp.rules)
 * 3:56501 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1200 attack attempt (server-webapp.rules)
 * 3:56482 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1206 attack attempt (server-webapp.rules)
 * 3:56502 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1200 attack attempt (server-webapp.rules)
 * 3:56504 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1199 attack attempt (server-webapp.rules)
 * 3:56506 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1199 attack attempt (server-webapp.rules)
 * 3:56496 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1198 attack attempt (server-webapp.rules)
 * 3:56508 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2020-1186 attack attempt (server-other.rules)
 * 3:56505 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1199 attack attempt (server-webapp.rules)
 * 3:56503 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1201 attack attempt (server-webapp.rules)
 * 3:56509 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1187 attack attempt (server-webapp.rules)
 * 3:56507 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1186 attack attempt (server-webapp.rules)
 * 3:56510 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2020-1187 attack attempt (server-other.rules)
 * 3:56489 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1203 attack attempt (server-webapp.rules)
 * 3:56486 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1202 attack attempt (server-webapp.rules)
 * 3:56481 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1206 attack attempt (server-webapp.rules)

Modified Rules:


 * 1:45545 <-> ENABLED <-> MALWARE-CNC Osx.Trojan.SHLayer variant outbound connection (malware-cnc.rules)
 * 1:50065 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Robinhood variant file transfer attempt (malware-other.rules)
 * 1:50066 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Robinhood variant file transfer attempt (malware-other.rules)

2020-11-24 14:07:10 UTC

Snort Subscriber Rules Update

Date: 2020-11-24

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091600.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:56492 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Agen-9799302-0 download attempt (malware-other.rules)
 * 1:56493 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Agen-9799302-0 download attempt (malware-other.rules)
 * 1:56494 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9799298-0 download attempt (malware-other.rules)
 * 1:56495 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9799298-0 download attempt (malware-other.rules)
 * 1:56497 <-> DISABLED <-> SERVER-WEBAPP Multiple Products Java Faces ViewState deserialization remote code execution attempt (server-webapp.rules)
 * 1:56498 <-> DISABLED <-> SERVER-WEBAPP Oracle ADF Faces potential ViewState deserialization remote code execution attempt (server-webapp.rules)
 * 1:56499 <-> DISABLED <-> SERVER-WEBAPP Oracle ADF Faces potential ViewState deserialization remote code execution attempt (server-webapp.rules)
 * 1:56470 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Uztub-9798162-0 download attempt (malware-other.rules)
 * 1:56490 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Razy-9799256-0 download attempt (malware-other.rules)
 * 1:56469 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Uztub-9798162-0 download attempt (malware-other.rules)
 * 1:56454 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zbot-9796608-0 download attempt (malware-other.rules)
 * 1:56456 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Crossrider-9797289-0 download attempt (malware-other.rules)
 * 1:56457 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Nwh1dlg-9797380-0 download attempt (malware-other.rules)
 * 1:56458 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Nwh1dlg-9797380-0 download attempt (malware-other.rules)
 * 1:56459 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-9797422-0 download attempt (malware-other.rules)
 * 1:56460 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-9797422-0 download attempt (malware-other.rules)
 * 1:56461 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zbot-9797509-0 download attempt (malware-other.rules)
 * 1:56462 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zbot-9797509-0 download attempt (malware-other.rules)
 * 1:56463 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Morto-9797503-0 download attempt (malware-other.rules)
 * 1:56464 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Morto-9797503-0 download attempt (malware-other.rules)
 * 1:56465 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Amonetize-9797769-0 download attempt (malware-other.rules)
 * 1:56466 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Amonetize-9797769-0 download attempt (malware-other.rules)
 * 1:56467 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Downloader.Amonetize-9797772-0 download attempt (malware-other.rules)
 * 1:56491 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Razy-9799256-0 download attempt (malware-other.rules)
 * 1:56474 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Budt-9798951-0 download attempt (malware-other.rules)
 * 1:56472 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Budt-9798777-0 download attempt (malware-other.rules)
 * 1:56484 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Ursu-9799226-0 download attempt (malware-other.rules)
 * 1:56485 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Ursu-9799226-0 download attempt (malware-other.rules)
 * 1:56453 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zbot-9796608-0 download attempt (malware-other.rules)
 * 1:56473 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Budt-9798951-0 download attempt (malware-other.rules)
 * 1:56468 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Downloader.Amonetize-9797772-0 download attempt (malware-other.rules)
 * 1:56471 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Budt-9798777-0 download attempt (malware-other.rules)
 * 1:56455 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Crossrider-9797289-0 download attempt (malware-other.rules)
 * 3:56507 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1186 attack attempt (server-webapp.rules)
 * 3:56496 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1198 attack attempt (server-webapp.rules)
 * 3:56476 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1205 attack attempt (server-webapp.rules)
 * 3:56504 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1199 attack attempt (server-webapp.rules)
 * 3:56501 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1200 attack attempt (server-webapp.rules)
 * 3:56477 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1205 attack attempt (server-webapp.rules)
 * 3:56502 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1200 attack attempt (server-webapp.rules)
 * 3:56510 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2020-1187 attack attempt (server-other.rules)
 * 3:56478 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1207 attack attempt (server-webapp.rules)
 * 3:56503 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1201 attack attempt (server-webapp.rules)
 * 3:56508 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2020-1186 attack attempt (server-other.rules)
 * 3:56505 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1199 attack attempt (server-webapp.rules)
 * 3:56475 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1205 attack attempt (server-webapp.rules)
 * 3:56506 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1199 attack attempt (server-webapp.rules)
 * 3:56509 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1187 attack attempt (server-webapp.rules)
 * 3:56500 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1200 attack attempt (server-webapp.rules)
 * 3:56482 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1206 attack attempt (server-webapp.rules)
 * 3:56479 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1207 attack attempt (server-webapp.rules)
 * 3:56487 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1202 attack attempt (server-webapp.rules)
 * 3:56480 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1207 attack attempt (server-webapp.rules)
 * 3:56486 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1202 attack attempt (server-webapp.rules)
 * 3:56481 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1206 attack attempt (server-webapp.rules)
 * 3:56489 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1203 attack attempt (server-webapp.rules)
 * 3:56483 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1206 attack attempt (server-webapp.rules)
 * 3:56488 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1202 attack attempt (server-webapp.rules)

Modified Rules:


 * 1:45545 <-> ENABLED <-> MALWARE-CNC Osx.Trojan.SHLayer variant outbound connection (malware-cnc.rules)
 * 1:50066 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Robinhood variant file transfer attempt (malware-other.rules)
 * 1:50065 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Robinhood variant file transfer attempt (malware-other.rules)

2020-11-24 14:07:10 UTC

Snort Subscriber Rules Update

Date: 2020-11-24

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091501.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:56490 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Razy-9799256-0 download attempt (malware-other.rules)
 * 1:56470 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Uztub-9798162-0 download attempt (malware-other.rules)
 * 1:56469 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Uztub-9798162-0 download attempt (malware-other.rules)
 * 1:56492 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Agen-9799302-0 download attempt (malware-other.rules)
 * 1:56493 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Agen-9799302-0 download attempt (malware-other.rules)
 * 1:56494 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9799298-0 download attempt (malware-other.rules)
 * 1:56495 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9799298-0 download attempt (malware-other.rules)
 * 1:56497 <-> DISABLED <-> SERVER-WEBAPP Multiple Products Java Faces ViewState deserialization remote code execution attempt (server-webapp.rules)
 * 1:56498 <-> DISABLED <-> SERVER-WEBAPP Oracle ADF Faces potential ViewState deserialization remote code execution attempt (server-webapp.rules)
 * 1:56499 <-> DISABLED <-> SERVER-WEBAPP Oracle ADF Faces potential ViewState deserialization remote code execution attempt (server-webapp.rules)
 * 1:56455 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Crossrider-9797289-0 download attempt (malware-other.rules)
 * 1:56491 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Razy-9799256-0 download attempt (malware-other.rules)
 * 1:56472 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Budt-9798777-0 download attempt (malware-other.rules)
 * 1:56471 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Budt-9798777-0 download attempt (malware-other.rules)
 * 1:56454 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zbot-9796608-0 download attempt (malware-other.rules)
 * 1:56474 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Budt-9798951-0 download attempt (malware-other.rules)
 * 1:56456 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Crossrider-9797289-0 download attempt (malware-other.rules)
 * 1:56485 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Ursu-9799226-0 download attempt (malware-other.rules)
 * 1:56473 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Budt-9798951-0 download attempt (malware-other.rules)
 * 1:56484 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Ursu-9799226-0 download attempt (malware-other.rules)
 * 1:56453 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zbot-9796608-0 download attempt (malware-other.rules)
 * 1:56457 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Nwh1dlg-9797380-0 download attempt (malware-other.rules)
 * 1:56458 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Nwh1dlg-9797380-0 download attempt (malware-other.rules)
 * 1:56459 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-9797422-0 download attempt (malware-other.rules)
 * 1:56460 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-9797422-0 download attempt (malware-other.rules)
 * 1:56461 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zbot-9797509-0 download attempt (malware-other.rules)
 * 1:56462 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zbot-9797509-0 download attempt (malware-other.rules)
 * 1:56463 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Morto-9797503-0 download attempt (malware-other.rules)
 * 1:56464 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Morto-9797503-0 download attempt (malware-other.rules)
 * 1:56465 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Amonetize-9797769-0 download attempt (malware-other.rules)
 * 1:56466 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Amonetize-9797769-0 download attempt (malware-other.rules)
 * 1:56467 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Downloader.Amonetize-9797772-0 download attempt (malware-other.rules)
 * 1:56468 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Downloader.Amonetize-9797772-0 download attempt (malware-other.rules)
 * 3:56476 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1205 attack attempt (server-webapp.rules)
 * 3:56496 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1198 attack attempt (server-webapp.rules)
 * 3:56504 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1199 attack attempt (server-webapp.rules)
 * 3:56506 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1199 attack attempt (server-webapp.rules)
 * 3:56508 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2020-1186 attack attempt (server-other.rules)
 * 3:56503 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1201 attack attempt (server-webapp.rules)
 * 3:56507 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1186 attack attempt (server-webapp.rules)
 * 3:56505 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1199 attack attempt (server-webapp.rules)
 * 3:56509 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1187 attack attempt (server-webapp.rules)
 * 3:56478 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1207 attack attempt (server-webapp.rules)
 * 3:56502 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1200 attack attempt (server-webapp.rules)
 * 3:56482 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1206 attack attempt (server-webapp.rules)
 * 3:56475 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1205 attack attempt (server-webapp.rules)
 * 3:56487 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1202 attack attempt (server-webapp.rules)
 * 3:56479 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1207 attack attempt (server-webapp.rules)
 * 3:56481 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1206 attack attempt (server-webapp.rules)
 * 3:56510 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2020-1187 attack attempt (server-other.rules)
 * 3:56477 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1205 attack attempt (server-webapp.rules)
 * 3:56486 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1202 attack attempt (server-webapp.rules)
 * 3:56488 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1202 attack attempt (server-webapp.rules)
 * 3:56483 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1206 attack attempt (server-webapp.rules)
 * 3:56489 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1203 attack attempt (server-webapp.rules)
 * 3:56500 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1200 attack attempt (server-webapp.rules)
 * 3:56501 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1200 attack attempt (server-webapp.rules)
 * 3:56480 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1207 attack attempt (server-webapp.rules)

Modified Rules:


 * 1:50065 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Robinhood variant file transfer attempt (malware-other.rules)
 * 1:45545 <-> ENABLED <-> MALWARE-CNC Osx.Trojan.SHLayer variant outbound connection (malware-cnc.rules)
 * 1:50066 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Robinhood variant file transfer attempt (malware-other.rules)

2020-11-24 14:07:10 UTC

Snort Subscriber Rules Update

Date: 2020-11-24

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091500.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:56485 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Ursu-9799226-0 download attempt (malware-other.rules)
 * 1:56492 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Agen-9799302-0 download attempt (malware-other.rules)
 * 1:56493 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Agen-9799302-0 download attempt (malware-other.rules)
 * 1:56494 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9799298-0 download attempt (malware-other.rules)
 * 1:56495 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9799298-0 download attempt (malware-other.rules)
 * 1:56497 <-> DISABLED <-> SERVER-WEBAPP Multiple Products Java Faces ViewState deserialization remote code execution attempt (server-webapp.rules)
 * 1:56498 <-> DISABLED <-> SERVER-WEBAPP Oracle ADF Faces potential ViewState deserialization remote code execution attempt (server-webapp.rules)
 * 1:56470 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Uztub-9798162-0 download attempt (malware-other.rules)
 * 1:56499 <-> DISABLED <-> SERVER-WEBAPP Oracle ADF Faces potential ViewState deserialization remote code execution attempt (server-webapp.rules)
 * 1:56471 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Budt-9798777-0 download attempt (malware-other.rules)
 * 1:56484 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Ursu-9799226-0 download attempt (malware-other.rules)
 * 1:56455 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Crossrider-9797289-0 download attempt (malware-other.rules)
 * 1:56490 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Razy-9799256-0 download attempt (malware-other.rules)
 * 1:56491 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Razy-9799256-0 download attempt (malware-other.rules)
 * 1:56474 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Budt-9798951-0 download attempt (malware-other.rules)
 * 1:56456 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Crossrider-9797289-0 download attempt (malware-other.rules)
 * 1:56472 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Budt-9798777-0 download attempt (malware-other.rules)
 * 1:56457 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Nwh1dlg-9797380-0 download attempt (malware-other.rules)
 * 1:56458 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Nwh1dlg-9797380-0 download attempt (malware-other.rules)
 * 1:56459 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-9797422-0 download attempt (malware-other.rules)
 * 1:56473 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Budt-9798951-0 download attempt (malware-other.rules)
 * 1:56460 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-9797422-0 download attempt (malware-other.rules)
 * 1:56461 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zbot-9797509-0 download attempt (malware-other.rules)
 * 1:56462 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zbot-9797509-0 download attempt (malware-other.rules)
 * 1:56453 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zbot-9796608-0 download attempt (malware-other.rules)
 * 1:56463 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Morto-9797503-0 download attempt (malware-other.rules)
 * 1:56464 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Morto-9797503-0 download attempt (malware-other.rules)
 * 1:56465 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Amonetize-9797769-0 download attempt (malware-other.rules)
 * 1:56466 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Amonetize-9797769-0 download attempt (malware-other.rules)
 * 1:56467 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Downloader.Amonetize-9797772-0 download attempt (malware-other.rules)
 * 1:56468 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Downloader.Amonetize-9797772-0 download attempt (malware-other.rules)
 * 1:56469 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Uztub-9798162-0 download attempt (malware-other.rules)
 * 1:56454 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zbot-9796608-0 download attempt (malware-other.rules)
 * 3:56502 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1200 attack attempt (server-webapp.rules)
 * 3:56510 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2020-1187 attack attempt (server-other.rules)
 * 3:56486 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1202 attack attempt (server-webapp.rules)
 * 3:56501 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1200 attack attempt (server-webapp.rules)
 * 3:56509 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1187 attack attempt (server-webapp.rules)
 * 3:56478 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1207 attack attempt (server-webapp.rules)
 * 3:56500 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1200 attack attempt (server-webapp.rules)
 * 3:56488 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1202 attack attempt (server-webapp.rules)
 * 3:56496 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1198 attack attempt (server-webapp.rules)
 * 3:56481 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1206 attack attempt (server-webapp.rules)
 * 3:56489 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1203 attack attempt (server-webapp.rules)
 * 3:56480 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1207 attack attempt (server-webapp.rules)
 * 3:56482 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1206 attack attempt (server-webapp.rules)
 * 3:56505 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1199 attack attempt (server-webapp.rules)
 * 3:56503 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1201 attack attempt (server-webapp.rules)
 * 3:56476 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1205 attack attempt (server-webapp.rules)
 * 3:56487 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1202 attack attempt (server-webapp.rules)
 * 3:56477 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1205 attack attempt (server-webapp.rules)
 * 3:56479 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1207 attack attempt (server-webapp.rules)
 * 3:56504 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1199 attack attempt (server-webapp.rules)
 * 3:56506 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1199 attack attempt (server-webapp.rules)
 * 3:56483 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1206 attack attempt (server-webapp.rules)
 * 3:56507 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1186 attack attempt (server-webapp.rules)
 * 3:56475 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1205 attack attempt (server-webapp.rules)
 * 3:56508 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2020-1186 attack attempt (server-other.rules)

Modified Rules:


 * 1:50065 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Robinhood variant file transfer attempt (malware-other.rules)
 * 1:50066 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Robinhood variant file transfer attempt (malware-other.rules)
 * 1:45545 <-> ENABLED <-> MALWARE-CNC Osx.Trojan.SHLayer variant outbound connection (malware-cnc.rules)

2020-11-24 14:07:10 UTC

Snort Subscriber Rules Update

Date: 2020-11-24

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091401.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:56492 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Agen-9799302-0 download attempt (malware-other.rules)
 * 1:56493 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Agen-9799302-0 download attempt (malware-other.rules)
 * 1:56494 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9799298-0 download attempt (malware-other.rules)
 * 1:56495 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9799298-0 download attempt (malware-other.rules)
 * 1:56491 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Razy-9799256-0 download attempt (malware-other.rules)
 * 1:56469 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Uztub-9798162-0 download attempt (malware-other.rules)
 * 1:56497 <-> DISABLED <-> SERVER-WEBAPP Multiple Products Java Faces ViewState deserialization remote code execution attempt (server-webapp.rules)
 * 1:56498 <-> DISABLED <-> SERVER-WEBAPP Oracle ADF Faces potential ViewState deserialization remote code execution attempt (server-webapp.rules)
 * 1:56499 <-> DISABLED <-> SERVER-WEBAPP Oracle ADF Faces potential ViewState deserialization remote code execution attempt (server-webapp.rules)
 * 1:56484 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Ursu-9799226-0 download attempt (malware-other.rules)
 * 1:56473 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Budt-9798951-0 download attempt (malware-other.rules)
 * 1:56471 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Budt-9798777-0 download attempt (malware-other.rules)
 * 1:56472 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Budt-9798777-0 download attempt (malware-other.rules)
 * 1:56490 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Razy-9799256-0 download attempt (malware-other.rules)
 * 1:56474 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Budt-9798951-0 download attempt (malware-other.rules)
 * 1:56454 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zbot-9796608-0 download attempt (malware-other.rules)
 * 1:56456 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Crossrider-9797289-0 download attempt (malware-other.rules)
 * 1:56455 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Crossrider-9797289-0 download attempt (malware-other.rules)
 * 1:56457 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Nwh1dlg-9797380-0 download attempt (malware-other.rules)
 * 1:56458 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Nwh1dlg-9797380-0 download attempt (malware-other.rules)
 * 1:56459 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-9797422-0 download attempt (malware-other.rules)
 * 1:56460 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-9797422-0 download attempt (malware-other.rules)
 * 1:56461 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zbot-9797509-0 download attempt (malware-other.rules)
 * 1:56462 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zbot-9797509-0 download attempt (malware-other.rules)
 * 1:56463 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Morto-9797503-0 download attempt (malware-other.rules)
 * 1:56464 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Morto-9797503-0 download attempt (malware-other.rules)
 * 1:56485 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Ursu-9799226-0 download attempt (malware-other.rules)
 * 1:56465 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Amonetize-9797769-0 download attempt (malware-other.rules)
 * 1:56470 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Uztub-9798162-0 download attempt (malware-other.rules)
 * 1:56453 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zbot-9796608-0 download attempt (malware-other.rules)
 * 1:56466 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Amonetize-9797769-0 download attempt (malware-other.rules)
 * 1:56467 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Downloader.Amonetize-9797772-0 download attempt (malware-other.rules)
 * 1:56468 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Downloader.Amonetize-9797772-0 download attempt (malware-other.rules)
 * 3:56476 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1205 attack attempt (server-webapp.rules)
 * 3:56475 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1205 attack attempt (server-webapp.rules)
 * 3:56507 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1186 attack attempt (server-webapp.rules)
 * 3:56481 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1206 attack attempt (server-webapp.rules)
 * 3:56496 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1198 attack attempt (server-webapp.rules)
 * 3:56506 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1199 attack attempt (server-webapp.rules)
 * 3:56501 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1200 attack attempt (server-webapp.rules)
 * 3:56480 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1207 attack attempt (server-webapp.rules)
 * 3:56502 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1200 attack attempt (server-webapp.rules)
 * 3:56483 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1206 attack attempt (server-webapp.rules)
 * 3:56477 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1205 attack attempt (server-webapp.rules)
 * 3:56482 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1206 attack attempt (server-webapp.rules)
 * 3:56487 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1202 attack attempt (server-webapp.rules)
 * 3:56508 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2020-1186 attack attempt (server-other.rules)
 * 3:56486 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1202 attack attempt (server-webapp.rules)
 * 3:56500 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1200 attack attempt (server-webapp.rules)
 * 3:56510 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2020-1187 attack attempt (server-other.rules)
 * 3:56479 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1207 attack attempt (server-webapp.rules)
 * 3:56489 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1203 attack attempt (server-webapp.rules)
 * 3:56478 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1207 attack attempt (server-webapp.rules)
 * 3:56503 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1201 attack attempt (server-webapp.rules)
 * 3:56488 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1202 attack attempt (server-webapp.rules)
 * 3:56505 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1199 attack attempt (server-webapp.rules)
 * 3:56504 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1199 attack attempt (server-webapp.rules)
 * 3:56509 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1187 attack attempt (server-webapp.rules)

Modified Rules:


 * 1:50066 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Robinhood variant file transfer attempt (malware-other.rules)
 * 1:50065 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Robinhood variant file transfer attempt (malware-other.rules)
 * 1:45545 <-> ENABLED <-> MALWARE-CNC Osx.Trojan.SHLayer variant outbound connection (malware-cnc.rules)

2020-11-24 14:07:10 UTC

Snort Subscriber Rules Update

Date: 2020-11-24

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091300.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:56471 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Budt-9798777-0 download attempt (malware-other.rules)
 * 1:56491 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Razy-9799256-0 download attempt (malware-other.rules)
 * 1:56492 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Agen-9799302-0 download attempt (malware-other.rules)
 * 1:56493 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Agen-9799302-0 download attempt (malware-other.rules)
 * 1:56494 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9799298-0 download attempt (malware-other.rules)
 * 1:56495 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9799298-0 download attempt (malware-other.rules)
 * 1:56497 <-> DISABLED <-> SERVER-WEBAPP Multiple Products Java Faces ViewState deserialization remote code execution attempt (server-webapp.rules)
 * 1:56498 <-> DISABLED <-> SERVER-WEBAPP Oracle ADF Faces potential ViewState deserialization remote code execution attempt (server-webapp.rules)
 * 1:56453 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zbot-9796608-0 download attempt (malware-other.rules)
 * 1:56499 <-> DISABLED <-> SERVER-WEBAPP Oracle ADF Faces potential ViewState deserialization remote code execution attempt (server-webapp.rules)
 * 1:56470 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Uztub-9798162-0 download attempt (malware-other.rules)
 * 1:56472 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Budt-9798777-0 download attempt (malware-other.rules)
 * 1:56456 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Crossrider-9797289-0 download attempt (malware-other.rules)
 * 1:56474 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Budt-9798951-0 download attempt (malware-other.rules)
 * 1:56454 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zbot-9796608-0 download attempt (malware-other.rules)
 * 1:56457 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Nwh1dlg-9797380-0 download attempt (malware-other.rules)
 * 1:56458 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Nwh1dlg-9797380-0 download attempt (malware-other.rules)
 * 1:56459 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-9797422-0 download attempt (malware-other.rules)
 * 1:56460 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-9797422-0 download attempt (malware-other.rules)
 * 1:56461 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zbot-9797509-0 download attempt (malware-other.rules)
 * 1:56490 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Razy-9799256-0 download attempt (malware-other.rules)
 * 1:56485 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Ursu-9799226-0 download attempt (malware-other.rules)
 * 1:56473 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Budt-9798951-0 download attempt (malware-other.rules)
 * 1:56462 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zbot-9797509-0 download attempt (malware-other.rules)
 * 1:56463 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Morto-9797503-0 download attempt (malware-other.rules)
 * 1:56464 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Morto-9797503-0 download attempt (malware-other.rules)
 * 1:56455 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Crossrider-9797289-0 download attempt (malware-other.rules)
 * 1:56465 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Amonetize-9797769-0 download attempt (malware-other.rules)
 * 1:56466 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Amonetize-9797769-0 download attempt (malware-other.rules)
 * 1:56467 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Downloader.Amonetize-9797772-0 download attempt (malware-other.rules)
 * 1:56468 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Downloader.Amonetize-9797772-0 download attempt (malware-other.rules)
 * 1:56469 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Uztub-9798162-0 download attempt (malware-other.rules)
 * 1:56484 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Ursu-9799226-0 download attempt (malware-other.rules)
 * 3:56481 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1206 attack attempt (server-webapp.rules)
 * 3:56489 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1203 attack attempt (server-webapp.rules)
 * 3:56503 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1201 attack attempt (server-webapp.rules)
 * 3:56504 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1199 attack attempt (server-webapp.rules)
 * 3:56477 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1205 attack attempt (server-webapp.rules)
 * 3:56501 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1200 attack attempt (server-webapp.rules)
 * 3:56480 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1207 attack attempt (server-webapp.rules)
 * 3:56500 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1200 attack attempt (server-webapp.rules)
 * 3:56488 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1202 attack attempt (server-webapp.rules)
 * 3:56479 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1207 attack attempt (server-webapp.rules)
 * 3:56509 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1187 attack attempt (server-webapp.rules)
 * 3:56486 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1202 attack attempt (server-webapp.rules)
 * 3:56510 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2020-1187 attack attempt (server-other.rules)
 * 3:56475 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1205 attack attempt (server-webapp.rules)
 * 3:56482 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1206 attack attempt (server-webapp.rules)
 * 3:56506 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1199 attack attempt (server-webapp.rules)
 * 3:56502 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1200 attack attempt (server-webapp.rules)
 * 3:56487 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1202 attack attempt (server-webapp.rules)
 * 3:56478 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1207 attack attempt (server-webapp.rules)
 * 3:56505 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1199 attack attempt (server-webapp.rules)
 * 3:56508 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2020-1186 attack attempt (server-other.rules)
 * 3:56507 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1186 attack attempt (server-webapp.rules)
 * 3:56476 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1205 attack attempt (server-webapp.rules)
 * 3:56483 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1206 attack attempt (server-webapp.rules)
 * 3:56496 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1198 attack attempt (server-webapp.rules)

Modified Rules:


 * 1:50065 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Robinhood variant file transfer attempt (malware-other.rules)
 * 1:45545 <-> ENABLED <-> MALWARE-CNC Osx.Trojan.SHLayer variant outbound connection (malware-cnc.rules)
 * 1:50066 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Robinhood variant file transfer attempt (malware-other.rules)

2020-11-24 14:07:10 UTC

Snort Subscriber Rules Update

Date: 2020-11-24

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091101.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:56453 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zbot-9796608-0 download attempt (malware-other.rules)
 * 1:56473 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Budt-9798951-0 download attempt (malware-other.rules)
 * 1:56492 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Agen-9799302-0 download attempt (malware-other.rules)
 * 1:56493 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Agen-9799302-0 download attempt (malware-other.rules)
 * 1:56494 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9799298-0 download attempt (malware-other.rules)
 * 1:56495 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9799298-0 download attempt (malware-other.rules)
 * 1:56497 <-> DISABLED <-> SERVER-WEBAPP Multiple Products Java Faces ViewState deserialization remote code execution attempt (server-webapp.rules)
 * 1:56498 <-> DISABLED <-> SERVER-WEBAPP Oracle ADF Faces potential ViewState deserialization remote code execution attempt (server-webapp.rules)
 * 1:56485 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Ursu-9799226-0 download attempt (malware-other.rules)
 * 1:56499 <-> DISABLED <-> SERVER-WEBAPP Oracle ADF Faces potential ViewState deserialization remote code execution attempt (server-webapp.rules)
 * 1:56469 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Uztub-9798162-0 download attempt (malware-other.rules)
 * 1:56474 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Budt-9798951-0 download attempt (malware-other.rules)
 * 1:56455 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Crossrider-9797289-0 download attempt (malware-other.rules)
 * 1:56484 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Ursu-9799226-0 download attempt (malware-other.rules)
 * 1:56472 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Budt-9798777-0 download attempt (malware-other.rules)
 * 1:56470 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Uztub-9798162-0 download attempt (malware-other.rules)
 * 1:56456 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Crossrider-9797289-0 download attempt (malware-other.rules)
 * 1:56457 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Nwh1dlg-9797380-0 download attempt (malware-other.rules)
 * 1:56458 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Nwh1dlg-9797380-0 download attempt (malware-other.rules)
 * 1:56459 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-9797422-0 download attempt (malware-other.rules)
 * 1:56460 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-9797422-0 download attempt (malware-other.rules)
 * 1:56461 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zbot-9797509-0 download attempt (malware-other.rules)
 * 1:56454 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zbot-9796608-0 download attempt (malware-other.rules)
 * 1:56462 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zbot-9797509-0 download attempt (malware-other.rules)
 * 1:56463 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Morto-9797503-0 download attempt (malware-other.rules)
 * 1:56464 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Morto-9797503-0 download attempt (malware-other.rules)
 * 1:56465 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Amonetize-9797769-0 download attempt (malware-other.rules)
 * 1:56466 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Amonetize-9797769-0 download attempt (malware-other.rules)
 * 1:56490 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Razy-9799256-0 download attempt (malware-other.rules)
 * 1:56467 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Downloader.Amonetize-9797772-0 download attempt (malware-other.rules)
 * 1:56471 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Budt-9798777-0 download attempt (malware-other.rules)
 * 1:56468 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Downloader.Amonetize-9797772-0 download attempt (malware-other.rules)
 * 1:56491 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Razy-9799256-0 download attempt (malware-other.rules)
 * 3:56482 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1206 attack attempt (server-webapp.rules)
 * 3:56487 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1202 attack attempt (server-webapp.rules)
 * 3:56507 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1186 attack attempt (server-webapp.rules)
 * 3:56476 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1205 attack attempt (server-webapp.rules)
 * 3:56475 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1205 attack attempt (server-webapp.rules)
 * 3:56478 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1207 attack attempt (server-webapp.rules)
 * 3:56502 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1200 attack attempt (server-webapp.rules)
 * 3:56510 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2020-1187 attack attempt (server-other.rules)
 * 3:56508 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2020-1186 attack attempt (server-other.rules)
 * 3:56488 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1202 attack attempt (server-webapp.rules)
 * 3:56509 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1187 attack attempt (server-webapp.rules)
 * 3:56483 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1206 attack attempt (server-webapp.rules)
 * 3:56500 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1200 attack attempt (server-webapp.rules)
 * 3:56479 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1207 attack attempt (server-webapp.rules)
 * 3:56501 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1200 attack attempt (server-webapp.rules)
 * 3:56486 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1202 attack attempt (server-webapp.rules)
 * 3:56506 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1199 attack attempt (server-webapp.rules)
 * 3:56480 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1207 attack attempt (server-webapp.rules)
 * 3:56481 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1206 attack attempt (server-webapp.rules)
 * 3:56496 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1198 attack attempt (server-webapp.rules)
 * 3:56503 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1201 attack attempt (server-webapp.rules)
 * 3:56489 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1203 attack attempt (server-webapp.rules)
 * 3:56505 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1199 attack attempt (server-webapp.rules)
 * 3:56504 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1199 attack attempt (server-webapp.rules)
 * 3:56477 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1205 attack attempt (server-webapp.rules)

Modified Rules:


 * 1:50066 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Robinhood variant file transfer attempt (malware-other.rules)
 * 1:45545 <-> ENABLED <-> MALWARE-CNC Osx.Trojan.SHLayer variant outbound connection (malware-cnc.rules)
 * 1:50065 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Robinhood variant file transfer attempt (malware-other.rules)

2020-11-24 14:07:10 UTC

Snort Subscriber Rules Update

Date: 2020-11-24

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3000.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:56469 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Uztub-9798162-0 download attempt (snort3-malware-other.rules)
 * 1:56498 <-> DISABLED <-> SERVER-WEBAPP Oracle ADF Faces potential ViewState deserialization remote code execution attempt (snort3-server-webapp.rules)
 * 1:56463 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Morto-9797503-0 download attempt (snort3-malware-other.rules)
 * 1:56472 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Budt-9798777-0 download attempt (snort3-malware-other.rules)
 * 1:56464 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Morto-9797503-0 download attempt (snort3-malware-other.rules)
 * 1:56484 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Ursu-9799226-0 download attempt (snort3-malware-other.rules)
 * 1:56491 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Razy-9799256-0 download attempt (snort3-malware-other.rules)
 * 1:56468 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Downloader.Amonetize-9797772-0 download attempt (snort3-malware-other.rules)
 * 1:56466 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Amonetize-9797769-0 download attempt (snort3-malware-other.rules)
 * 1:56493 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Agen-9799302-0 download attempt (snort3-malware-other.rules)
 * 1:56460 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-9797422-0 download attempt (snort3-malware-other.rules)
 * 1:56492 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Agen-9799302-0 download attempt (snort3-malware-other.rules)
 * 1:56467 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Downloader.Amonetize-9797772-0 download attempt (snort3-malware-other.rules)
 * 1:56457 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Nwh1dlg-9797380-0 download attempt (snort3-malware-other.rules)
 * 1:56453 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zbot-9796608-0 download attempt (snort3-malware-other.rules)
 * 1:56459 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-9797422-0 download attempt (snort3-malware-other.rules)
 * 1:56471 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Budt-9798777-0 download attempt (snort3-malware-other.rules)
 * 1:56454 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zbot-9796608-0 download attempt (snort3-malware-other.rules)
 * 1:56473 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Budt-9798951-0 download attempt (snort3-malware-other.rules)
 * 1:56458 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Nwh1dlg-9797380-0 download attempt (snort3-malware-other.rules)
 * 1:56470 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Uztub-9798162-0 download attempt (snort3-malware-other.rules)
 * 1:56490 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Razy-9799256-0 download attempt (snort3-malware-other.rules)
 * 1:56485 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Ursu-9799226-0 download attempt (snort3-malware-other.rules)
 * 1:56465 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Amonetize-9797769-0 download attempt (snort3-malware-other.rules)
 * 1:56455 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Crossrider-9797289-0 download attempt (snort3-malware-other.rules)
 * 1:56461 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zbot-9797509-0 download attempt (snort3-malware-other.rules)
 * 1:56499 <-> DISABLED <-> SERVER-WEBAPP Oracle ADF Faces potential ViewState deserialization remote code execution attempt (snort3-server-webapp.rules)
 * 1:56497 <-> DISABLED <-> SERVER-WEBAPP Multiple Products Java Faces ViewState deserialization remote code execution attempt (snort3-server-webapp.rules)
 * 1:56456 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Crossrider-9797289-0 download attempt (snort3-malware-other.rules)
 * 1:56494 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9799298-0 download attempt (snort3-malware-other.rules)
 * 1:56462 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zbot-9797509-0 download attempt (snort3-malware-other.rules)
 * 1:56474 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Budt-9798951-0 download attempt (snort3-malware-other.rules)
 * 1:56495 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9799298-0 download attempt (snort3-malware-other.rules)

Modified Rules:



2020-11-24 14:07:10 UTC

Snort Subscriber Rules Update

Date: 2020-11-24

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:56465 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Amonetize-9797769-0 download attempt (malware-other.rules)
 * 1:56457 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Nwh1dlg-9797380-0 download attempt (malware-other.rules)
 * 1:56469 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Uztub-9798162-0 download attempt (malware-other.rules)
 * 1:56497 <-> DISABLED <-> SERVER-WEBAPP Multiple Products Java Faces ViewState deserialization remote code execution attempt (server-webapp.rules)
 * 1:56474 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Budt-9798951-0 download attempt (malware-other.rules)
 * 1:56461 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zbot-9797509-0 download attempt (malware-other.rules)
 * 1:56453 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zbot-9796608-0 download attempt (malware-other.rules)
 * 1:56455 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Crossrider-9797289-0 download attempt (malware-other.rules)
 * 1:56470 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Uztub-9798162-0 download attempt (malware-other.rules)
 * 1:56462 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zbot-9797509-0 download attempt (malware-other.rules)
 * 1:56471 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Budt-9798777-0 download attempt (malware-other.rules)
 * 1:56484 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Ursu-9799226-0 download attempt (malware-other.rules)
 * 1:56498 <-> DISABLED <-> SERVER-WEBAPP Oracle ADF Faces potential ViewState deserialization remote code execution attempt (server-webapp.rules)
 * 1:56463 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Morto-9797503-0 download attempt (malware-other.rules)
 * 1:56493 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Agen-9799302-0 download attempt (malware-other.rules)
 * 1:56458 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Nwh1dlg-9797380-0 download attempt (malware-other.rules)
 * 1:56491 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Razy-9799256-0 download attempt (malware-other.rules)
 * 1:56492 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Agen-9799302-0 download attempt (malware-other.rules)
 * 1:56468 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Downloader.Amonetize-9797772-0 download attempt (malware-other.rules)
 * 1:56473 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Budt-9798951-0 download attempt (malware-other.rules)
 * 1:56456 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Crossrider-9797289-0 download attempt (malware-other.rules)
 * 1:56464 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Morto-9797503-0 download attempt (malware-other.rules)
 * 1:56485 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Ursu-9799226-0 download attempt (malware-other.rules)
 * 1:56472 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Budt-9798777-0 download attempt (malware-other.rules)
 * 1:56460 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-9797422-0 download attempt (malware-other.rules)
 * 1:56490 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Razy-9799256-0 download attempt (malware-other.rules)
 * 1:56467 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Downloader.Amonetize-9797772-0 download attempt (malware-other.rules)
 * 1:56495 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9799298-0 download attempt (malware-other.rules)
 * 1:56454 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zbot-9796608-0 download attempt (malware-other.rules)
 * 1:56494 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9799298-0 download attempt (malware-other.rules)
 * 1:56459 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-9797422-0 download attempt (malware-other.rules)
 * 1:56499 <-> DISABLED <-> SERVER-WEBAPP Oracle ADF Faces potential ViewState deserialization remote code execution attempt (server-webapp.rules)
 * 1:56466 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Amonetize-9797769-0 download attempt (malware-other.rules)
 * 3:56496 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1198 attack attempt (server-webapp.rules)
 * 3:56486 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1202 attack attempt (server-webapp.rules)
 * 3:56476 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1205 attack attempt (server-webapp.rules)
 * 3:56478 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1207 attack attempt (server-webapp.rules)
 * 3:56480 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1207 attack attempt (server-webapp.rules)
 * 3:56503 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1201 attack attempt (server-webapp.rules)
 * 3:56487 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1202 attack attempt (server-webapp.rules)
 * 3:56481 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1206 attack attempt (server-webapp.rules)
 * 3:56507 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1186 attack attempt (server-webapp.rules)
 * 3:56475 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1205 attack attempt (server-webapp.rules)
 * 3:56488 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1202 attack attempt (server-webapp.rules)
 * 3:56489 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1203 attack attempt (server-webapp.rules)
 * 3:56483 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1206 attack attempt (server-webapp.rules)
 * 3:56509 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1187 attack attempt (server-webapp.rules)
 * 3:56482 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1206 attack attempt (server-webapp.rules)
 * 3:56500 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1200 attack attempt (server-webapp.rules)
 * 3:56501 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1200 attack attempt (server-webapp.rules)
 * 3:56510 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2020-1187 attack attempt (server-other.rules)
 * 3:56506 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1199 attack attempt (server-webapp.rules)
 * 3:56479 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1207 attack attempt (server-webapp.rules)
 * 3:56504 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1199 attack attempt (server-webapp.rules)
 * 3:56505 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1199 attack attempt (server-webapp.rules)
 * 3:56502 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1200 attack attempt (server-webapp.rules)
 * 3:56508 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2020-1186 attack attempt (server-other.rules)
 * 3:56477 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1205 attack attempt (server-webapp.rules)

Modified Rules:


 * 1:45545 <-> ENABLED <-> MALWARE-CNC Osx.Trojan.SHLayer variant outbound connection (malware-cnc.rules)
 * 1:50065 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Robinhood variant file transfer attempt (malware-other.rules)
 * 1:50066 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Robinhood variant file transfer attempt (malware-other.rules)