Talos has added and modified multiple rules in the browser-other, indicator-compromise, malware-backdoor, malware-cnc, malware-other, malware-tools, os-windows and server-webapp rule sets to provide coverage for emerging threats from these technologies.
For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091700.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:56594 <-> DISABLED <-> MALWARE-BACKDOOR MultiOS.Malware.GORAT malware download attempt (malware-backdoor.rules) * 1:56595 <-> DISABLED <-> MALWARE-BACKDOOR MultiOS.Malware.GORAT malware download attempt (malware-backdoor.rules) * 1:56596 <-> DISABLED <-> MALWARE-CNC MultiOS.Malware.GORAT outbound communications attempt (malware-cnc.rules) * 1:56597 <-> DISABLED <-> MALWARE-CNC MultiOS.Malware.GORAT outbound communications attempt (malware-cnc.rules) * 1:56598 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.CSBundle_Original inbound connection attempt (malware-cnc.rules) * 1:56599 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.CSBundle_Original stager outbound connection attempt (malware-cnc.rules) * 1:56600 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.CSBundle_Original outbound connection attempt (malware-cnc.rules) * 1:56601 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.CSBundle_Original Stager 2 download attempt (malware-cnc.rules) * 1:56602 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.CSBundle_Original Server 3 inbound beacon attempt (malware-cnc.rules) * 1:56603 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.CSBundle_Original outbound connection attempt (malware-cnc.rules) * 1:56604 <-> DISABLED <-> SERVER-WEBAPP Microsoft Dynamics NAV remote code execution attempt (server-webapp.rules) * 1:56605 <-> ENABLED <-> MALWARE-CNC Rat.Tool.CSBundleUSATodayServer variant inbound command attempt (malware-cnc.rules) * 1:56606 <-> ENABLED <-> MALWARE-CNC Rat.Tool.CSBundleUSATodayServer variant inbound command attempt (malware-cnc.rules) * 1:56607 <-> DISABLED <-> MALWARE-CNC potential Rat.Tool.CSBundleUSAToday connectivity check (malware-cnc.rules) * 1:56608 <-> DISABLED <-> MALWARE-OTHER Cobalt Strike beacon inbound connection attempt (malware-other.rules) * 1:56609 <-> DISABLED <-> MALWARE-OTHER Cobalt Strike beacon outbound connection attempt (malware-other.rules) * 1:56610 <-> DISABLED <-> MALWARE-OTHER Cobalt Strike beacon outbound connection attempt (malware-other.rules) * 1:56611 <-> DISABLED <-> MALWARE-OTHER Cobalt Strike beacon outbound connection attempt (malware-other.rules) * 1:56612 <-> DISABLED <-> MALWARE-CNC Rat.Tool.FeyeYelp variant outbound beacon attempt (malware-cnc.rules) * 1:56613 <-> DISABLED <-> MALWARE-CNC Rat.Tool.FeyeYelp variant outbound beacon attempt (malware-cnc.rules) * 1:56614 <-> DISABLED <-> MALWARE-BACKDOOR Cobalt Strike beacon connection attempt (malware-backdoor.rules) * 1:56615 <-> DISABLED <-> MALWARE-CNC Cobalt Strike beacon outbound connection attempt (malware-cnc.rules) * 1:56616 <-> DISABLED <-> MALWARE-CNC Cobalt Strike beacon outbound connection attempt (malware-cnc.rules) * 1:56617 <-> DISABLED <-> MALWARE-CNC Cobalt Strike beacon inbound connection attempt (malware-cnc.rules) * 1:56292 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Crat malicious executable download (malware-other.rules) * 1:56563 <-> DISABLED <-> SERVER-WEBAPP Apache Server mod_proxy Error Page cross site scripting attempt (server-webapp.rules) * 1:56564 <-> ENABLED <-> MALWARE-CNC Win.Trojan.PowerRatankba variant download attempt (malware-cnc.rules) * 1:56565 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.AnchorBotDNS variant outbound ICMP connection (indicator-compromise.rules) * 1:56566 <-> DISABLED <-> MALWARE-TOOLS Win.Trojan.AnchorInstaller variant download attempt (malware-tools.rules) * 1:56567 <-> DISABLED <-> MALWARE-TOOLS Win.Trojan.AnchorbotDNS variant download attempt (malware-tools.rules) * 1:56568 <-> DISABLED <-> MALWARE-TOOLS Win.Trojan.Anchorbot variant download attempt (malware-tools.rules) * 1:56569 <-> DISABLED <-> MALWARE-TOOLS Win.Trojan.MemscraperDNS variant download attempt (malware-tools.rules) * 1:56570 <-> DISABLED <-> MALWARE-TOOLS Win.Trojan.Memscraper variant download attempt (malware-tools.rules) * 1:56571 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB2 SET_INFO information disclosure attempt (os-windows.rules) * 1:56574 <-> DISABLED <-> BROWSER-OTHER Microsoft Teams mention functionality displayName remote code execution attempt (browser-other.rules) * 1:56577 <-> ENABLED <-> MALWARE-CNC Lokibot outbound connection attempt (malware-cnc.rules) * 1:56578 <-> ENABLED <-> MALWARE-OTHER Lokibot download attempt (malware-other.rules) * 1:56579 <-> DISABLED <-> SERVER-WEBAPP Belkin Wemo Insight Smart Plug libUPnPHndlr.so stack buffer overflow attempt (server-webapp.rules) * 1:56580 <-> DISABLED <-> POLICY-OTHER file URI redirect attempt (policy-other.rules) * 1:56581 <-> DISABLED <-> MALWARE-TOOLS GhostPack Rubeus kerberos request attempt (malware-tools.rules) * 1:56582 <-> DISABLED <-> MALWARE-TOOLS GhostPack Rubeus kerberos request attempt (malware-tools.rules) * 1:56583 <-> DISABLED <-> MALWARE-TOOLS GhostPack Rubeus kerberos request attempt (malware-tools.rules) * 1:56584 <-> DISABLED <-> MALWARE-TOOLS GhostPack Rubeus kerberos request attempt (malware-tools.rules) * 1:56585 <-> DISABLED <-> MALWARE-TOOLS GhostPack Rubeus kerberos request attempt (malware-tools.rules) * 1:56586 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine ServiceDesk Plus arbitrary JSP file upload attempt (server-webapp.rules) * 1:56587 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.SSLBeacon variant certificate exchange attempt (malware-cnc.rules) * 1:56592 <-> DISABLED <-> MALWARE-CNC Cobalt Strike DNS beacon inbound TXT record (malware-cnc.rules) * 1:56593 <-> DISABLED <-> MALWARE-CNC Cobalt Strike DNS beacon inbound TXT record (malware-cnc.rules)
* 1:48837 <-> DISABLED <-> SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt (server-webapp.rules) * 1:56557 <-> DISABLED <-> SERVER-WEBAPP Microsoft Dynamics365 Finance and Operations remote code execution attempt (server-webapp.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091601.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:56292 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Crat malicious executable download (malware-other.rules) * 1:56563 <-> DISABLED <-> SERVER-WEBAPP Apache Server mod_proxy Error Page cross site scripting attempt (server-webapp.rules) * 1:56564 <-> ENABLED <-> MALWARE-CNC Win.Trojan.PowerRatankba variant download attempt (malware-cnc.rules) * 1:56565 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.AnchorBotDNS variant outbound ICMP connection (indicator-compromise.rules) * 1:56566 <-> DISABLED <-> MALWARE-TOOLS Win.Trojan.AnchorInstaller variant download attempt (malware-tools.rules) * 1:56567 <-> DISABLED <-> MALWARE-TOOLS Win.Trojan.AnchorbotDNS variant download attempt (malware-tools.rules) * 1:56568 <-> DISABLED <-> MALWARE-TOOLS Win.Trojan.Anchorbot variant download attempt (malware-tools.rules) * 1:56569 <-> DISABLED <-> MALWARE-TOOLS Win.Trojan.MemscraperDNS variant download attempt (malware-tools.rules) * 1:56570 <-> DISABLED <-> MALWARE-TOOLS Win.Trojan.Memscraper variant download attempt (malware-tools.rules) * 1:56571 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB2 SET_INFO information disclosure attempt (os-windows.rules) * 1:56574 <-> DISABLED <-> BROWSER-OTHER Microsoft Teams mention functionality displayName remote code execution attempt (browser-other.rules) * 1:56577 <-> ENABLED <-> MALWARE-CNC Lokibot outbound connection attempt (malware-cnc.rules) * 1:56578 <-> ENABLED <-> MALWARE-OTHER Lokibot download attempt (malware-other.rules) * 1:56579 <-> DISABLED <-> SERVER-WEBAPP Belkin Wemo Insight Smart Plug libUPnPHndlr.so stack buffer overflow attempt (server-webapp.rules) * 1:56580 <-> DISABLED <-> POLICY-OTHER file URI redirect attempt (policy-other.rules) * 1:56609 <-> DISABLED <-> MALWARE-OTHER Cobalt Strike beacon outbound connection attempt (malware-other.rules) * 1:56608 <-> DISABLED <-> MALWARE-OTHER Cobalt Strike beacon inbound connection attempt (malware-other.rules) * 1:56610 <-> DISABLED <-> MALWARE-OTHER Cobalt Strike beacon outbound connection attempt (malware-other.rules) * 1:56611 <-> DISABLED <-> MALWARE-OTHER Cobalt Strike beacon outbound connection attempt (malware-other.rules) * 1:56612 <-> DISABLED <-> MALWARE-CNC Rat.Tool.FeyeYelp variant outbound beacon attempt (malware-cnc.rules) * 1:56613 <-> DISABLED <-> MALWARE-CNC Rat.Tool.FeyeYelp variant outbound beacon attempt (malware-cnc.rules) * 1:56614 <-> DISABLED <-> MALWARE-BACKDOOR Cobalt Strike beacon connection attempt (malware-backdoor.rules) * 1:56615 <-> DISABLED <-> MALWARE-CNC Cobalt Strike beacon outbound connection attempt (malware-cnc.rules) * 1:56616 <-> DISABLED <-> MALWARE-CNC Cobalt Strike beacon outbound connection attempt (malware-cnc.rules) * 1:56617 <-> DISABLED <-> MALWARE-CNC Cobalt Strike beacon inbound connection attempt (malware-cnc.rules) * 1:56607 <-> DISABLED <-> MALWARE-CNC potential Rat.Tool.CSBundleUSAToday connectivity check (malware-cnc.rules) * 1:56581 <-> DISABLED <-> MALWARE-TOOLS GhostPack Rubeus kerberos request attempt (malware-tools.rules) * 1:56582 <-> DISABLED <-> MALWARE-TOOLS GhostPack Rubeus kerberos request attempt (malware-tools.rules) * 1:56583 <-> DISABLED <-> MALWARE-TOOLS GhostPack Rubeus kerberos request attempt (malware-tools.rules) * 1:56584 <-> DISABLED <-> MALWARE-TOOLS GhostPack Rubeus kerberos request attempt (malware-tools.rules) * 1:56585 <-> DISABLED <-> MALWARE-TOOLS GhostPack Rubeus kerberos request attempt (malware-tools.rules) * 1:56586 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine ServiceDesk Plus arbitrary JSP file upload attempt (server-webapp.rules) * 1:56587 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.SSLBeacon variant certificate exchange attempt (malware-cnc.rules) * 1:56592 <-> DISABLED <-> MALWARE-CNC Cobalt Strike DNS beacon inbound TXT record (malware-cnc.rules) * 1:56593 <-> DISABLED <-> MALWARE-CNC Cobalt Strike DNS beacon inbound TXT record (malware-cnc.rules) * 1:56594 <-> DISABLED <-> MALWARE-BACKDOOR MultiOS.Malware.GORAT malware download attempt (malware-backdoor.rules) * 1:56595 <-> DISABLED <-> MALWARE-BACKDOOR MultiOS.Malware.GORAT malware download attempt (malware-backdoor.rules) * 1:56596 <-> DISABLED <-> MALWARE-CNC MultiOS.Malware.GORAT outbound communications attempt (malware-cnc.rules) * 1:56597 <-> DISABLED <-> MALWARE-CNC MultiOS.Malware.GORAT outbound communications attempt (malware-cnc.rules) * 1:56598 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.CSBundle_Original inbound connection attempt (malware-cnc.rules) * 1:56599 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.CSBundle_Original stager outbound connection attempt (malware-cnc.rules) * 1:56600 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.CSBundle_Original outbound connection attempt (malware-cnc.rules) * 1:56601 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.CSBundle_Original Stager 2 download attempt (malware-cnc.rules) * 1:56602 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.CSBundle_Original Server 3 inbound beacon attempt (malware-cnc.rules) * 1:56603 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.CSBundle_Original outbound connection attempt (malware-cnc.rules) * 1:56604 <-> DISABLED <-> SERVER-WEBAPP Microsoft Dynamics NAV remote code execution attempt (server-webapp.rules) * 1:56605 <-> ENABLED <-> MALWARE-CNC Rat.Tool.CSBundleUSATodayServer variant inbound command attempt (malware-cnc.rules) * 1:56606 <-> ENABLED <-> MALWARE-CNC Rat.Tool.CSBundleUSATodayServer variant inbound command attempt (malware-cnc.rules)
* 1:48837 <-> DISABLED <-> SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt (server-webapp.rules) * 1:56557 <-> DISABLED <-> SERVER-WEBAPP Microsoft Dynamics365 Finance and Operations remote code execution attempt (server-webapp.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091600.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:56608 <-> DISABLED <-> MALWARE-OTHER Cobalt Strike beacon inbound connection attempt (malware-other.rules) * 1:56292 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Crat malicious executable download (malware-other.rules) * 1:56563 <-> DISABLED <-> SERVER-WEBAPP Apache Server mod_proxy Error Page cross site scripting attempt (server-webapp.rules) * 1:56564 <-> ENABLED <-> MALWARE-CNC Win.Trojan.PowerRatankba variant download attempt (malware-cnc.rules) * 1:56565 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.AnchorBotDNS variant outbound ICMP connection (indicator-compromise.rules) * 1:56566 <-> DISABLED <-> MALWARE-TOOLS Win.Trojan.AnchorInstaller variant download attempt (malware-tools.rules) * 1:56582 <-> DISABLED <-> MALWARE-TOOLS GhostPack Rubeus kerberos request attempt (malware-tools.rules) * 1:56569 <-> DISABLED <-> MALWARE-TOOLS Win.Trojan.MemscraperDNS variant download attempt (malware-tools.rules) * 1:56568 <-> DISABLED <-> MALWARE-TOOLS Win.Trojan.Anchorbot variant download attempt (malware-tools.rules) * 1:56570 <-> DISABLED <-> MALWARE-TOOLS Win.Trojan.Memscraper variant download attempt (malware-tools.rules) * 1:56571 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB2 SET_INFO information disclosure attempt (os-windows.rules) * 1:56574 <-> DISABLED <-> BROWSER-OTHER Microsoft Teams mention functionality displayName remote code execution attempt (browser-other.rules) * 1:56577 <-> ENABLED <-> MALWARE-CNC Lokibot outbound connection attempt (malware-cnc.rules) * 1:56578 <-> ENABLED <-> MALWARE-OTHER Lokibot download attempt (malware-other.rules) * 1:56579 <-> DISABLED <-> SERVER-WEBAPP Belkin Wemo Insight Smart Plug libUPnPHndlr.so stack buffer overflow attempt (server-webapp.rules) * 1:56580 <-> DISABLED <-> POLICY-OTHER file URI redirect attempt (policy-other.rules) * 1:56581 <-> DISABLED <-> MALWARE-TOOLS GhostPack Rubeus kerberos request attempt (malware-tools.rules) * 1:56609 <-> DISABLED <-> MALWARE-OTHER Cobalt Strike beacon outbound connection attempt (malware-other.rules) * 1:56610 <-> DISABLED <-> MALWARE-OTHER Cobalt Strike beacon outbound connection attempt (malware-other.rules) * 1:56611 <-> DISABLED <-> MALWARE-OTHER Cobalt Strike beacon outbound connection attempt (malware-other.rules) * 1:56612 <-> DISABLED <-> MALWARE-CNC Rat.Tool.FeyeYelp variant outbound beacon attempt (malware-cnc.rules) * 1:56613 <-> DISABLED <-> MALWARE-CNC Rat.Tool.FeyeYelp variant outbound beacon attempt (malware-cnc.rules) * 1:56614 <-> DISABLED <-> MALWARE-BACKDOOR Cobalt Strike beacon connection attempt (malware-backdoor.rules) * 1:56615 <-> DISABLED <-> MALWARE-CNC Cobalt Strike beacon outbound connection attempt (malware-cnc.rules) * 1:56616 <-> DISABLED <-> MALWARE-CNC Cobalt Strike beacon outbound connection attempt (malware-cnc.rules) * 1:56617 <-> DISABLED <-> MALWARE-CNC Cobalt Strike beacon inbound connection attempt (malware-cnc.rules) * 1:56567 <-> DISABLED <-> MALWARE-TOOLS Win.Trojan.AnchorbotDNS variant download attempt (malware-tools.rules) * 1:56583 <-> DISABLED <-> MALWARE-TOOLS GhostPack Rubeus kerberos request attempt (malware-tools.rules) * 1:56584 <-> DISABLED <-> MALWARE-TOOLS GhostPack Rubeus kerberos request attempt (malware-tools.rules) * 1:56585 <-> DISABLED <-> MALWARE-TOOLS GhostPack Rubeus kerberos request attempt (malware-tools.rules) * 1:56586 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine ServiceDesk Plus arbitrary JSP file upload attempt (server-webapp.rules) * 1:56587 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.SSLBeacon variant certificate exchange attempt (malware-cnc.rules) * 1:56592 <-> DISABLED <-> MALWARE-CNC Cobalt Strike DNS beacon inbound TXT record (malware-cnc.rules) * 1:56593 <-> DISABLED <-> MALWARE-CNC Cobalt Strike DNS beacon inbound TXT record (malware-cnc.rules) * 1:56594 <-> DISABLED <-> MALWARE-BACKDOOR MultiOS.Malware.GORAT malware download attempt (malware-backdoor.rules) * 1:56595 <-> DISABLED <-> MALWARE-BACKDOOR MultiOS.Malware.GORAT malware download attempt (malware-backdoor.rules) * 1:56596 <-> DISABLED <-> MALWARE-CNC MultiOS.Malware.GORAT outbound communications attempt (malware-cnc.rules) * 1:56597 <-> DISABLED <-> MALWARE-CNC MultiOS.Malware.GORAT outbound communications attempt (malware-cnc.rules) * 1:56598 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.CSBundle_Original inbound connection attempt (malware-cnc.rules) * 1:56599 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.CSBundle_Original stager outbound connection attempt (malware-cnc.rules) * 1:56600 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.CSBundle_Original outbound connection attempt (malware-cnc.rules) * 1:56601 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.CSBundle_Original Stager 2 download attempt (malware-cnc.rules) * 1:56602 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.CSBundle_Original Server 3 inbound beacon attempt (malware-cnc.rules) * 1:56603 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.CSBundle_Original outbound connection attempt (malware-cnc.rules) * 1:56604 <-> DISABLED <-> SERVER-WEBAPP Microsoft Dynamics NAV remote code execution attempt (server-webapp.rules) * 1:56605 <-> ENABLED <-> MALWARE-CNC Rat.Tool.CSBundleUSATodayServer variant inbound command attempt (malware-cnc.rules) * 1:56606 <-> ENABLED <-> MALWARE-CNC Rat.Tool.CSBundleUSATodayServer variant inbound command attempt (malware-cnc.rules) * 1:56607 <-> DISABLED <-> MALWARE-CNC potential Rat.Tool.CSBundleUSAToday connectivity check (malware-cnc.rules)
* 1:48837 <-> DISABLED <-> SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt (server-webapp.rules) * 1:56557 <-> DISABLED <-> SERVER-WEBAPP Microsoft Dynamics365 Finance and Operations remote code execution attempt (server-webapp.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091501.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:56615 <-> DISABLED <-> MALWARE-CNC Cobalt Strike beacon outbound connection attempt (malware-cnc.rules) * 1:56616 <-> DISABLED <-> MALWARE-CNC Cobalt Strike beacon outbound connection attempt (malware-cnc.rules) * 1:56617 <-> DISABLED <-> MALWARE-CNC Cobalt Strike beacon inbound connection attempt (malware-cnc.rules) * 1:56583 <-> DISABLED <-> MALWARE-TOOLS GhostPack Rubeus kerberos request attempt (malware-tools.rules) * 1:56614 <-> DISABLED <-> MALWARE-BACKDOOR Cobalt Strike beacon connection attempt (malware-backdoor.rules) * 1:56292 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Crat malicious executable download (malware-other.rules) * 1:56563 <-> DISABLED <-> SERVER-WEBAPP Apache Server mod_proxy Error Page cross site scripting attempt (server-webapp.rules) * 1:56564 <-> ENABLED <-> MALWARE-CNC Win.Trojan.PowerRatankba variant download attempt (malware-cnc.rules) * 1:56565 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.AnchorBotDNS variant outbound ICMP connection (indicator-compromise.rules) * 1:56566 <-> DISABLED <-> MALWARE-TOOLS Win.Trojan.AnchorInstaller variant download attempt (malware-tools.rules) * 1:56567 <-> DISABLED <-> MALWARE-TOOLS Win.Trojan.AnchorbotDNS variant download attempt (malware-tools.rules) * 1:56568 <-> DISABLED <-> MALWARE-TOOLS Win.Trojan.Anchorbot variant download attempt (malware-tools.rules) * 1:56613 <-> DISABLED <-> MALWARE-CNC Rat.Tool.FeyeYelp variant outbound beacon attempt (malware-cnc.rules) * 1:56569 <-> DISABLED <-> MALWARE-TOOLS Win.Trojan.MemscraperDNS variant download attempt (malware-tools.rules) * 1:56611 <-> DISABLED <-> MALWARE-OTHER Cobalt Strike beacon outbound connection attempt (malware-other.rules) * 1:56570 <-> DISABLED <-> MALWARE-TOOLS Win.Trojan.Memscraper variant download attempt (malware-tools.rules) * 1:56571 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB2 SET_INFO information disclosure attempt (os-windows.rules) * 1:56574 <-> DISABLED <-> BROWSER-OTHER Microsoft Teams mention functionality displayName remote code execution attempt (browser-other.rules) * 1:56577 <-> ENABLED <-> MALWARE-CNC Lokibot outbound connection attempt (malware-cnc.rules) * 1:56578 <-> ENABLED <-> MALWARE-OTHER Lokibot download attempt (malware-other.rules) * 1:56579 <-> DISABLED <-> SERVER-WEBAPP Belkin Wemo Insight Smart Plug libUPnPHndlr.so stack buffer overflow attempt (server-webapp.rules) * 1:56580 <-> DISABLED <-> POLICY-OTHER file URI redirect attempt (policy-other.rules) * 1:56581 <-> DISABLED <-> MALWARE-TOOLS GhostPack Rubeus kerberos request attempt (malware-tools.rules) * 1:56582 <-> DISABLED <-> MALWARE-TOOLS GhostPack Rubeus kerberos request attempt (malware-tools.rules) * 1:56608 <-> DISABLED <-> MALWARE-OTHER Cobalt Strike beacon inbound connection attempt (malware-other.rules) * 1:56584 <-> DISABLED <-> MALWARE-TOOLS GhostPack Rubeus kerberos request attempt (malware-tools.rules) * 1:56585 <-> DISABLED <-> MALWARE-TOOLS GhostPack Rubeus kerberos request attempt (malware-tools.rules) * 1:56586 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine ServiceDesk Plus arbitrary JSP file upload attempt (server-webapp.rules) * 1:56587 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.SSLBeacon variant certificate exchange attempt (malware-cnc.rules) * 1:56592 <-> DISABLED <-> MALWARE-CNC Cobalt Strike DNS beacon inbound TXT record (malware-cnc.rules) * 1:56593 <-> DISABLED <-> MALWARE-CNC Cobalt Strike DNS beacon inbound TXT record (malware-cnc.rules) * 1:56594 <-> DISABLED <-> MALWARE-BACKDOOR MultiOS.Malware.GORAT malware download attempt (malware-backdoor.rules) * 1:56595 <-> DISABLED <-> MALWARE-BACKDOOR MultiOS.Malware.GORAT malware download attempt (malware-backdoor.rules) * 1:56596 <-> DISABLED <-> MALWARE-CNC MultiOS.Malware.GORAT outbound communications attempt (malware-cnc.rules) * 1:56597 <-> DISABLED <-> MALWARE-CNC MultiOS.Malware.GORAT outbound communications attempt (malware-cnc.rules) * 1:56598 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.CSBundle_Original inbound connection attempt (malware-cnc.rules) * 1:56599 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.CSBundle_Original stager outbound connection attempt (malware-cnc.rules) * 1:56600 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.CSBundle_Original outbound connection attempt (malware-cnc.rules) * 1:56601 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.CSBundle_Original Stager 2 download attempt (malware-cnc.rules) * 1:56602 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.CSBundle_Original Server 3 inbound beacon attempt (malware-cnc.rules) * 1:56603 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.CSBundle_Original outbound connection attempt (malware-cnc.rules) * 1:56604 <-> DISABLED <-> SERVER-WEBAPP Microsoft Dynamics NAV remote code execution attempt (server-webapp.rules) * 1:56605 <-> ENABLED <-> MALWARE-CNC Rat.Tool.CSBundleUSATodayServer variant inbound command attempt (malware-cnc.rules) * 1:56606 <-> ENABLED <-> MALWARE-CNC Rat.Tool.CSBundleUSATodayServer variant inbound command attempt (malware-cnc.rules) * 1:56610 <-> DISABLED <-> MALWARE-OTHER Cobalt Strike beacon outbound connection attempt (malware-other.rules) * 1:56609 <-> DISABLED <-> MALWARE-OTHER Cobalt Strike beacon outbound connection attempt (malware-other.rules) * 1:56612 <-> DISABLED <-> MALWARE-CNC Rat.Tool.FeyeYelp variant outbound beacon attempt (malware-cnc.rules) * 1:56607 <-> DISABLED <-> MALWARE-CNC potential Rat.Tool.CSBundleUSAToday connectivity check (malware-cnc.rules)
* 1:48837 <-> DISABLED <-> SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt (server-webapp.rules) * 1:56557 <-> DISABLED <-> SERVER-WEBAPP Microsoft Dynamics365 Finance and Operations remote code execution attempt (server-webapp.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091500.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:56605 <-> ENABLED <-> MALWARE-CNC Rat.Tool.CSBundleUSATodayServer variant inbound command attempt (malware-cnc.rules) * 1:56565 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.AnchorBotDNS variant outbound ICMP connection (indicator-compromise.rules) * 1:56608 <-> DISABLED <-> MALWARE-OTHER Cobalt Strike beacon inbound connection attempt (malware-other.rules) * 1:56613 <-> DISABLED <-> MALWARE-CNC Rat.Tool.FeyeYelp variant outbound beacon attempt (malware-cnc.rules) * 1:56615 <-> DISABLED <-> MALWARE-CNC Cobalt Strike beacon outbound connection attempt (malware-cnc.rules) * 1:56614 <-> DISABLED <-> MALWARE-BACKDOOR Cobalt Strike beacon connection attempt (malware-backdoor.rules) * 1:56617 <-> DISABLED <-> MALWARE-CNC Cobalt Strike beacon inbound connection attempt (malware-cnc.rules) * 1:56292 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Crat malicious executable download (malware-other.rules) * 1:56563 <-> DISABLED <-> SERVER-WEBAPP Apache Server mod_proxy Error Page cross site scripting attempt (server-webapp.rules) * 1:56606 <-> ENABLED <-> MALWARE-CNC Rat.Tool.CSBundleUSATodayServer variant inbound command attempt (malware-cnc.rules) * 1:56581 <-> DISABLED <-> MALWARE-TOOLS GhostPack Rubeus kerberos request attempt (malware-tools.rules) * 1:56564 <-> ENABLED <-> MALWARE-CNC Win.Trojan.PowerRatankba variant download attempt (malware-cnc.rules) * 1:56566 <-> DISABLED <-> MALWARE-TOOLS Win.Trojan.AnchorInstaller variant download attempt (malware-tools.rules) * 1:56568 <-> DISABLED <-> MALWARE-TOOLS Win.Trojan.Anchorbot variant download attempt (malware-tools.rules) * 1:56569 <-> DISABLED <-> MALWARE-TOOLS Win.Trojan.MemscraperDNS variant download attempt (malware-tools.rules) * 1:56570 <-> DISABLED <-> MALWARE-TOOLS Win.Trojan.Memscraper variant download attempt (malware-tools.rules) * 1:56571 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB2 SET_INFO information disclosure attempt (os-windows.rules) * 1:56574 <-> DISABLED <-> BROWSER-OTHER Microsoft Teams mention functionality displayName remote code execution attempt (browser-other.rules) * 1:56577 <-> ENABLED <-> MALWARE-CNC Lokibot outbound connection attempt (malware-cnc.rules) * 1:56578 <-> ENABLED <-> MALWARE-OTHER Lokibot download attempt (malware-other.rules) * 1:56579 <-> DISABLED <-> SERVER-WEBAPP Belkin Wemo Insight Smart Plug libUPnPHndlr.so stack buffer overflow attempt (server-webapp.rules) * 1:56580 <-> DISABLED <-> POLICY-OTHER file URI redirect attempt (policy-other.rules) * 1:56582 <-> DISABLED <-> MALWARE-TOOLS GhostPack Rubeus kerberos request attempt (malware-tools.rules) * 1:56583 <-> DISABLED <-> MALWARE-TOOLS GhostPack Rubeus kerberos request attempt (malware-tools.rules) * 1:56584 <-> DISABLED <-> MALWARE-TOOLS GhostPack Rubeus kerberos request attempt (malware-tools.rules) * 1:56585 <-> DISABLED <-> MALWARE-TOOLS GhostPack Rubeus kerberos request attempt (malware-tools.rules) * 1:56586 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine ServiceDesk Plus arbitrary JSP file upload attempt (server-webapp.rules) * 1:56587 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.SSLBeacon variant certificate exchange attempt (malware-cnc.rules) * 1:56592 <-> DISABLED <-> MALWARE-CNC Cobalt Strike DNS beacon inbound TXT record (malware-cnc.rules) * 1:56593 <-> DISABLED <-> MALWARE-CNC Cobalt Strike DNS beacon inbound TXT record (malware-cnc.rules) * 1:56594 <-> DISABLED <-> MALWARE-BACKDOOR MultiOS.Malware.GORAT malware download attempt (malware-backdoor.rules) * 1:56595 <-> DISABLED <-> MALWARE-BACKDOOR MultiOS.Malware.GORAT malware download attempt (malware-backdoor.rules) * 1:56596 <-> DISABLED <-> MALWARE-CNC MultiOS.Malware.GORAT outbound communications attempt (malware-cnc.rules) * 1:56597 <-> DISABLED <-> MALWARE-CNC MultiOS.Malware.GORAT outbound communications attempt (malware-cnc.rules) * 1:56598 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.CSBundle_Original inbound connection attempt (malware-cnc.rules) * 1:56599 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.CSBundle_Original stager outbound connection attempt (malware-cnc.rules) * 1:56600 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.CSBundle_Original outbound connection attempt (malware-cnc.rules) * 1:56601 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.CSBundle_Original Stager 2 download attempt (malware-cnc.rules) * 1:56602 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.CSBundle_Original Server 3 inbound beacon attempt (malware-cnc.rules) * 1:56603 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.CSBundle_Original outbound connection attempt (malware-cnc.rules) * 1:56609 <-> DISABLED <-> MALWARE-OTHER Cobalt Strike beacon outbound connection attempt (malware-other.rules) * 1:56567 <-> DISABLED <-> MALWARE-TOOLS Win.Trojan.AnchorbotDNS variant download attempt (malware-tools.rules) * 1:56607 <-> DISABLED <-> MALWARE-CNC potential Rat.Tool.CSBundleUSAToday connectivity check (malware-cnc.rules) * 1:56610 <-> DISABLED <-> MALWARE-OTHER Cobalt Strike beacon outbound connection attempt (malware-other.rules) * 1:56604 <-> DISABLED <-> SERVER-WEBAPP Microsoft Dynamics NAV remote code execution attempt (server-webapp.rules) * 1:56611 <-> DISABLED <-> MALWARE-OTHER Cobalt Strike beacon outbound connection attempt (malware-other.rules) * 1:56616 <-> DISABLED <-> MALWARE-CNC Cobalt Strike beacon outbound connection attempt (malware-cnc.rules) * 1:56612 <-> DISABLED <-> MALWARE-CNC Rat.Tool.FeyeYelp variant outbound beacon attempt (malware-cnc.rules)
* 1:48837 <-> DISABLED <-> SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt (server-webapp.rules) * 1:56557 <-> DISABLED <-> SERVER-WEBAPP Microsoft Dynamics365 Finance and Operations remote code execution attempt (server-webapp.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091401.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:56606 <-> ENABLED <-> MALWARE-CNC Rat.Tool.CSBundleUSATodayServer variant inbound command attempt (malware-cnc.rules) * 1:56608 <-> DISABLED <-> MALWARE-OTHER Cobalt Strike beacon inbound connection attempt (malware-other.rules) * 1:56615 <-> DISABLED <-> MALWARE-CNC Cobalt Strike beacon outbound connection attempt (malware-cnc.rules) * 1:56614 <-> DISABLED <-> MALWARE-BACKDOOR Cobalt Strike beacon connection attempt (malware-backdoor.rules) * 1:56617 <-> DISABLED <-> MALWARE-CNC Cobalt Strike beacon inbound connection attempt (malware-cnc.rules) * 1:56601 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.CSBundle_Original Stager 2 download attempt (malware-cnc.rules) * 1:56603 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.CSBundle_Original outbound connection attempt (malware-cnc.rules) * 1:56564 <-> ENABLED <-> MALWARE-CNC Win.Trojan.PowerRatankba variant download attempt (malware-cnc.rules) * 1:56604 <-> DISABLED <-> SERVER-WEBAPP Microsoft Dynamics NAV remote code execution attempt (server-webapp.rules) * 1:56612 <-> DISABLED <-> MALWARE-CNC Rat.Tool.FeyeYelp variant outbound beacon attempt (malware-cnc.rules) * 1:56565 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.AnchorBotDNS variant outbound ICMP connection (indicator-compromise.rules) * 1:56602 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.CSBundle_Original Server 3 inbound beacon attempt (malware-cnc.rules) * 1:56566 <-> DISABLED <-> MALWARE-TOOLS Win.Trojan.AnchorInstaller variant download attempt (malware-tools.rules) * 1:56567 <-> DISABLED <-> MALWARE-TOOLS Win.Trojan.AnchorbotDNS variant download attempt (malware-tools.rules) * 1:56568 <-> DISABLED <-> MALWARE-TOOLS Win.Trojan.Anchorbot variant download attempt (malware-tools.rules) * 1:56569 <-> DISABLED <-> MALWARE-TOOLS Win.Trojan.MemscraperDNS variant download attempt (malware-tools.rules) * 1:56570 <-> DISABLED <-> MALWARE-TOOLS Win.Trojan.Memscraper variant download attempt (malware-tools.rules) * 1:56571 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB2 SET_INFO information disclosure attempt (os-windows.rules) * 1:56574 <-> DISABLED <-> BROWSER-OTHER Microsoft Teams mention functionality displayName remote code execution attempt (browser-other.rules) * 1:56577 <-> ENABLED <-> MALWARE-CNC Lokibot outbound connection attempt (malware-cnc.rules) * 1:56578 <-> ENABLED <-> MALWARE-OTHER Lokibot download attempt (malware-other.rules) * 1:56563 <-> DISABLED <-> SERVER-WEBAPP Apache Server mod_proxy Error Page cross site scripting attempt (server-webapp.rules) * 1:56579 <-> DISABLED <-> SERVER-WEBAPP Belkin Wemo Insight Smart Plug libUPnPHndlr.so stack buffer overflow attempt (server-webapp.rules) * 1:56580 <-> DISABLED <-> POLICY-OTHER file URI redirect attempt (policy-other.rules) * 1:56581 <-> DISABLED <-> MALWARE-TOOLS GhostPack Rubeus kerberos request attempt (malware-tools.rules) * 1:56582 <-> DISABLED <-> MALWARE-TOOLS GhostPack Rubeus kerberos request attempt (malware-tools.rules) * 1:56583 <-> DISABLED <-> MALWARE-TOOLS GhostPack Rubeus kerberos request attempt (malware-tools.rules) * 1:56584 <-> DISABLED <-> MALWARE-TOOLS GhostPack Rubeus kerberos request attempt (malware-tools.rules) * 1:56585 <-> DISABLED <-> MALWARE-TOOLS GhostPack Rubeus kerberos request attempt (malware-tools.rules) * 1:56586 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine ServiceDesk Plus arbitrary JSP file upload attempt (server-webapp.rules) * 1:56587 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.SSLBeacon variant certificate exchange attempt (malware-cnc.rules) * 1:56592 <-> DISABLED <-> MALWARE-CNC Cobalt Strike DNS beacon inbound TXT record (malware-cnc.rules) * 1:56593 <-> DISABLED <-> MALWARE-CNC Cobalt Strike DNS beacon inbound TXT record (malware-cnc.rules) * 1:56594 <-> DISABLED <-> MALWARE-BACKDOOR MultiOS.Malware.GORAT malware download attempt (malware-backdoor.rules) * 1:56595 <-> DISABLED <-> MALWARE-BACKDOOR MultiOS.Malware.GORAT malware download attempt (malware-backdoor.rules) * 1:56596 <-> DISABLED <-> MALWARE-CNC MultiOS.Malware.GORAT outbound communications attempt (malware-cnc.rules) * 1:56597 <-> DISABLED <-> MALWARE-CNC MultiOS.Malware.GORAT outbound communications attempt (malware-cnc.rules) * 1:56598 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.CSBundle_Original inbound connection attempt (malware-cnc.rules) * 1:56599 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.CSBundle_Original stager outbound connection attempt (malware-cnc.rules) * 1:56600 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.CSBundle_Original outbound connection attempt (malware-cnc.rules) * 1:56609 <-> DISABLED <-> MALWARE-OTHER Cobalt Strike beacon outbound connection attempt (malware-other.rules) * 1:56605 <-> ENABLED <-> MALWARE-CNC Rat.Tool.CSBundleUSATodayServer variant inbound command attempt (malware-cnc.rules) * 1:56607 <-> DISABLED <-> MALWARE-CNC potential Rat.Tool.CSBundleUSAToday connectivity check (malware-cnc.rules) * 1:56292 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Crat malicious executable download (malware-other.rules) * 1:56610 <-> DISABLED <-> MALWARE-OTHER Cobalt Strike beacon outbound connection attempt (malware-other.rules) * 1:56611 <-> DISABLED <-> MALWARE-OTHER Cobalt Strike beacon outbound connection attempt (malware-other.rules) * 1:56616 <-> DISABLED <-> MALWARE-CNC Cobalt Strike beacon outbound connection attempt (malware-cnc.rules) * 1:56613 <-> DISABLED <-> MALWARE-CNC Rat.Tool.FeyeYelp variant outbound beacon attempt (malware-cnc.rules)
* 1:48837 <-> DISABLED <-> SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt (server-webapp.rules) * 1:56557 <-> DISABLED <-> SERVER-WEBAPP Microsoft Dynamics365 Finance and Operations remote code execution attempt (server-webapp.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091300.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:56612 <-> DISABLED <-> MALWARE-CNC Rat.Tool.FeyeYelp variant outbound beacon attempt (malware-cnc.rules) * 1:56606 <-> ENABLED <-> MALWARE-CNC Rat.Tool.CSBundleUSATodayServer variant inbound command attempt (malware-cnc.rules) * 1:56607 <-> DISABLED <-> MALWARE-CNC potential Rat.Tool.CSBundleUSAToday connectivity check (malware-cnc.rules) * 1:56608 <-> DISABLED <-> MALWARE-OTHER Cobalt Strike beacon inbound connection attempt (malware-other.rules) * 1:56614 <-> DISABLED <-> MALWARE-BACKDOOR Cobalt Strike beacon connection attempt (malware-backdoor.rules) * 1:56617 <-> DISABLED <-> MALWARE-CNC Cobalt Strike beacon inbound connection attempt (malware-cnc.rules) * 1:56604 <-> DISABLED <-> SERVER-WEBAPP Microsoft Dynamics NAV remote code execution attempt (server-webapp.rules) * 1:56603 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.CSBundle_Original outbound connection attempt (malware-cnc.rules) * 1:56578 <-> ENABLED <-> MALWARE-OTHER Lokibot download attempt (malware-other.rules) * 1:56605 <-> ENABLED <-> MALWARE-CNC Rat.Tool.CSBundleUSATodayServer variant inbound command attempt (malware-cnc.rules) * 1:56563 <-> DISABLED <-> SERVER-WEBAPP Apache Server mod_proxy Error Page cross site scripting attempt (server-webapp.rules) * 1:56565 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.AnchorBotDNS variant outbound ICMP connection (indicator-compromise.rules) * 1:56566 <-> DISABLED <-> MALWARE-TOOLS Win.Trojan.AnchorInstaller variant download attempt (malware-tools.rules) * 1:56567 <-> DISABLED <-> MALWARE-TOOLS Win.Trojan.AnchorbotDNS variant download attempt (malware-tools.rules) * 1:56568 <-> DISABLED <-> MALWARE-TOOLS Win.Trojan.Anchorbot variant download attempt (malware-tools.rules) * 1:56569 <-> DISABLED <-> MALWARE-TOOLS Win.Trojan.MemscraperDNS variant download attempt (malware-tools.rules) * 1:56570 <-> DISABLED <-> MALWARE-TOOLS Win.Trojan.Memscraper variant download attempt (malware-tools.rules) * 1:56571 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB2 SET_INFO information disclosure attempt (os-windows.rules) * 1:56574 <-> DISABLED <-> BROWSER-OTHER Microsoft Teams mention functionality displayName remote code execution attempt (browser-other.rules) * 1:56601 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.CSBundle_Original Stager 2 download attempt (malware-cnc.rules) * 1:56615 <-> DISABLED <-> MALWARE-CNC Cobalt Strike beacon outbound connection attempt (malware-cnc.rules) * 1:56577 <-> ENABLED <-> MALWARE-CNC Lokibot outbound connection attempt (malware-cnc.rules) * 1:56579 <-> DISABLED <-> SERVER-WEBAPP Belkin Wemo Insight Smart Plug libUPnPHndlr.so stack buffer overflow attempt (server-webapp.rules) * 1:56580 <-> DISABLED <-> POLICY-OTHER file URI redirect attempt (policy-other.rules) * 1:56581 <-> DISABLED <-> MALWARE-TOOLS GhostPack Rubeus kerberos request attempt (malware-tools.rules) * 1:56582 <-> DISABLED <-> MALWARE-TOOLS GhostPack Rubeus kerberos request attempt (malware-tools.rules) * 1:56583 <-> DISABLED <-> MALWARE-TOOLS GhostPack Rubeus kerberos request attempt (malware-tools.rules) * 1:56584 <-> DISABLED <-> MALWARE-TOOLS GhostPack Rubeus kerberos request attempt (malware-tools.rules) * 1:56585 <-> DISABLED <-> MALWARE-TOOLS GhostPack Rubeus kerberos request attempt (malware-tools.rules) * 1:56586 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine ServiceDesk Plus arbitrary JSP file upload attempt (server-webapp.rules) * 1:56587 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.SSLBeacon variant certificate exchange attempt (malware-cnc.rules) * 1:56592 <-> DISABLED <-> MALWARE-CNC Cobalt Strike DNS beacon inbound TXT record (malware-cnc.rules) * 1:56593 <-> DISABLED <-> MALWARE-CNC Cobalt Strike DNS beacon inbound TXT record (malware-cnc.rules) * 1:56594 <-> DISABLED <-> MALWARE-BACKDOOR MultiOS.Malware.GORAT malware download attempt (malware-backdoor.rules) * 1:56595 <-> DISABLED <-> MALWARE-BACKDOOR MultiOS.Malware.GORAT malware download attempt (malware-backdoor.rules) * 1:56596 <-> DISABLED <-> MALWARE-CNC MultiOS.Malware.GORAT outbound communications attempt (malware-cnc.rules) * 1:56597 <-> DISABLED <-> MALWARE-CNC MultiOS.Malware.GORAT outbound communications attempt (malware-cnc.rules) * 1:56598 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.CSBundle_Original inbound connection attempt (malware-cnc.rules) * 1:56599 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.CSBundle_Original stager outbound connection attempt (malware-cnc.rules) * 1:56600 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.CSBundle_Original outbound connection attempt (malware-cnc.rules) * 1:56609 <-> DISABLED <-> MALWARE-OTHER Cobalt Strike beacon outbound connection attempt (malware-other.rules) * 1:56610 <-> DISABLED <-> MALWARE-OTHER Cobalt Strike beacon outbound connection attempt (malware-other.rules) * 1:56616 <-> DISABLED <-> MALWARE-CNC Cobalt Strike beacon outbound connection attempt (malware-cnc.rules) * 1:56611 <-> DISABLED <-> MALWARE-OTHER Cobalt Strike beacon outbound connection attempt (malware-other.rules) * 1:56292 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Crat malicious executable download (malware-other.rules) * 1:56564 <-> ENABLED <-> MALWARE-CNC Win.Trojan.PowerRatankba variant download attempt (malware-cnc.rules) * 1:56613 <-> DISABLED <-> MALWARE-CNC Rat.Tool.FeyeYelp variant outbound beacon attempt (malware-cnc.rules) * 1:56602 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.CSBundle_Original Server 3 inbound beacon attempt (malware-cnc.rules)
* 1:48837 <-> DISABLED <-> SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt (server-webapp.rules) * 1:56557 <-> DISABLED <-> SERVER-WEBAPP Microsoft Dynamics365 Finance and Operations remote code execution attempt (server-webapp.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091101.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:56604 <-> DISABLED <-> SERVER-WEBAPP Microsoft Dynamics NAV remote code execution attempt (server-webapp.rules) * 1:56615 <-> DISABLED <-> MALWARE-CNC Cobalt Strike beacon outbound connection attempt (malware-cnc.rules) * 1:56614 <-> DISABLED <-> MALWARE-BACKDOOR Cobalt Strike beacon connection attempt (malware-backdoor.rules) * 1:56610 <-> DISABLED <-> MALWARE-OTHER Cobalt Strike beacon outbound connection attempt (malware-other.rules) * 1:56607 <-> DISABLED <-> MALWARE-CNC potential Rat.Tool.CSBundleUSAToday connectivity check (malware-cnc.rules) * 1:56577 <-> ENABLED <-> MALWARE-CNC Lokibot outbound connection attempt (malware-cnc.rules) * 1:56608 <-> DISABLED <-> MALWARE-OTHER Cobalt Strike beacon inbound connection attempt (malware-other.rules) * 1:56617 <-> DISABLED <-> MALWARE-CNC Cobalt Strike beacon inbound connection attempt (malware-cnc.rules) * 1:56616 <-> DISABLED <-> MALWARE-CNC Cobalt Strike beacon outbound connection attempt (malware-cnc.rules) * 1:56611 <-> DISABLED <-> MALWARE-OTHER Cobalt Strike beacon outbound connection attempt (malware-other.rules) * 1:56602 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.CSBundle_Original Server 3 inbound beacon attempt (malware-cnc.rules) * 1:56613 <-> DISABLED <-> MALWARE-CNC Rat.Tool.FeyeYelp variant outbound beacon attempt (malware-cnc.rules) * 1:56605 <-> ENABLED <-> MALWARE-CNC Rat.Tool.CSBundleUSATodayServer variant inbound command attempt (malware-cnc.rules) * 1:56563 <-> DISABLED <-> SERVER-WEBAPP Apache Server mod_proxy Error Page cross site scripting attempt (server-webapp.rules) * 1:56606 <-> ENABLED <-> MALWARE-CNC Rat.Tool.CSBundleUSATodayServer variant inbound command attempt (malware-cnc.rules) * 1:56564 <-> ENABLED <-> MALWARE-CNC Win.Trojan.PowerRatankba variant download attempt (malware-cnc.rules) * 1:56565 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.AnchorBotDNS variant outbound ICMP connection (indicator-compromise.rules) * 1:56566 <-> DISABLED <-> MALWARE-TOOLS Win.Trojan.AnchorInstaller variant download attempt (malware-tools.rules) * 1:56567 <-> DISABLED <-> MALWARE-TOOLS Win.Trojan.AnchorbotDNS variant download attempt (malware-tools.rules) * 1:56568 <-> DISABLED <-> MALWARE-TOOLS Win.Trojan.Anchorbot variant download attempt (malware-tools.rules) * 1:56569 <-> DISABLED <-> MALWARE-TOOLS Win.Trojan.MemscraperDNS variant download attempt (malware-tools.rules) * 1:56570 <-> DISABLED <-> MALWARE-TOOLS Win.Trojan.Memscraper variant download attempt (malware-tools.rules) * 1:56571 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB2 SET_INFO information disclosure attempt (os-windows.rules) * 1:56578 <-> ENABLED <-> MALWARE-OTHER Lokibot download attempt (malware-other.rules) * 1:56579 <-> DISABLED <-> SERVER-WEBAPP Belkin Wemo Insight Smart Plug libUPnPHndlr.so stack buffer overflow attempt (server-webapp.rules) * 1:56580 <-> DISABLED <-> POLICY-OTHER file URI redirect attempt (policy-other.rules) * 1:56581 <-> DISABLED <-> MALWARE-TOOLS GhostPack Rubeus kerberos request attempt (malware-tools.rules) * 1:56582 <-> DISABLED <-> MALWARE-TOOLS GhostPack Rubeus kerberos request attempt (malware-tools.rules) * 1:56583 <-> DISABLED <-> MALWARE-TOOLS GhostPack Rubeus kerberos request attempt (malware-tools.rules) * 1:56584 <-> DISABLED <-> MALWARE-TOOLS GhostPack Rubeus kerberos request attempt (malware-tools.rules) * 1:56585 <-> DISABLED <-> MALWARE-TOOLS GhostPack Rubeus kerberos request attempt (malware-tools.rules) * 1:56586 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine ServiceDesk Plus arbitrary JSP file upload attempt (server-webapp.rules) * 1:56587 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.SSLBeacon variant certificate exchange attempt (malware-cnc.rules) * 1:56592 <-> DISABLED <-> MALWARE-CNC Cobalt Strike DNS beacon inbound TXT record (malware-cnc.rules) * 1:56593 <-> DISABLED <-> MALWARE-CNC Cobalt Strike DNS beacon inbound TXT record (malware-cnc.rules) * 1:56594 <-> DISABLED <-> MALWARE-BACKDOOR MultiOS.Malware.GORAT malware download attempt (malware-backdoor.rules) * 1:56595 <-> DISABLED <-> MALWARE-BACKDOOR MultiOS.Malware.GORAT malware download attempt (malware-backdoor.rules) * 1:56596 <-> DISABLED <-> MALWARE-CNC MultiOS.Malware.GORAT outbound communications attempt (malware-cnc.rules) * 1:56597 <-> DISABLED <-> MALWARE-CNC MultiOS.Malware.GORAT outbound communications attempt (malware-cnc.rules) * 1:56598 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.CSBundle_Original inbound connection attempt (malware-cnc.rules) * 1:56599 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.CSBundle_Original stager outbound connection attempt (malware-cnc.rules) * 1:56600 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.CSBundle_Original outbound connection attempt (malware-cnc.rules) * 1:56574 <-> DISABLED <-> BROWSER-OTHER Microsoft Teams mention functionality displayName remote code execution attempt (browser-other.rules) * 1:56603 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.CSBundle_Original outbound connection attempt (malware-cnc.rules) * 1:56292 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Crat malicious executable download (malware-other.rules) * 1:56612 <-> DISABLED <-> MALWARE-CNC Rat.Tool.FeyeYelp variant outbound beacon attempt (malware-cnc.rules) * 1:56609 <-> DISABLED <-> MALWARE-OTHER Cobalt Strike beacon outbound connection attempt (malware-other.rules) * 1:56601 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.CSBundle_Original Stager 2 download attempt (malware-cnc.rules)
* 1:48837 <-> DISABLED <-> SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt (server-webapp.rules) * 1:56557 <-> DISABLED <-> SERVER-WEBAPP Microsoft Dynamics365 Finance and Operations remote code execution attempt (server-webapp.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3000.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:56292 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Crat malicious executable download (snort3-malware-other.rules) * 1:56612 <-> DISABLED <-> MALWARE-CNC Rat.Tool.FeyeYelp variant outbound beacon attempt (snort3-malware-cnc.rules) * 1:56615 <-> DISABLED <-> MALWARE-CNC Cobalt Strike beacon outbound connection attempt (snort3-malware-cnc.rules) * 1:56606 <-> ENABLED <-> MALWARE-CNC Rat.Tool.CSBundleUSATodayServer variant inbound command attempt (snort3-malware-cnc.rules) * 1:56613 <-> DISABLED <-> MALWARE-CNC Rat.Tool.FeyeYelp variant outbound beacon attempt (snort3-malware-cnc.rules) * 1:56567 <-> DISABLED <-> MALWARE-TOOLS Win.Trojan.AnchorbotDNS variant download attempt (snort3-malware-tools.rules) * 1:56610 <-> DISABLED <-> MALWARE-OTHER Cobalt Strike beacon outbound connection attempt (snort3-malware-other.rules) * 1:56608 <-> DISABLED <-> MALWARE-OTHER Cobalt Strike beacon inbound connection attempt (snort3-malware-other.rules) * 1:56614 <-> DISABLED <-> MALWARE-BACKDOOR Cobalt Strike beacon connection attempt (snort3-malware-backdoor.rules) * 1:56617 <-> DISABLED <-> MALWARE-CNC Cobalt Strike beacon inbound connection attempt (snort3-malware-cnc.rules) * 1:56564 <-> ENABLED <-> MALWARE-CNC Win.Trojan.PowerRatankba variant download attempt (snort3-malware-cnc.rules) * 1:56605 <-> ENABLED <-> MALWARE-CNC Rat.Tool.CSBundleUSATodayServer variant inbound command attempt (snort3-malware-cnc.rules) * 1:56566 <-> DISABLED <-> MALWARE-TOOLS Win.Trojan.AnchorInstaller variant download attempt (snort3-malware-tools.rules) * 1:56568 <-> DISABLED <-> MALWARE-TOOLS Win.Trojan.Anchorbot variant download attempt (snort3-malware-tools.rules) * 1:56607 <-> DISABLED <-> MALWARE-CNC potential Rat.Tool.CSBundleUSAToday connectivity check (snort3-malware-cnc.rules) * 1:56569 <-> DISABLED <-> MALWARE-TOOLS Win.Trojan.MemscraperDNS variant download attempt (snort3-malware-tools.rules) * 1:56570 <-> DISABLED <-> MALWARE-TOOLS Win.Trojan.Memscraper variant download attempt (snort3-malware-tools.rules) * 1:56571 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB2 SET_INFO information disclosure attempt (snort3-os-windows.rules) * 1:56574 <-> DISABLED <-> BROWSER-OTHER Microsoft Teams mention functionality displayName remote code execution attempt (snort3-browser-other.rules) * 1:56577 <-> ENABLED <-> MALWARE-CNC Lokibot outbound connection attempt (snort3-malware-cnc.rules) * 1:56578 <-> ENABLED <-> MALWARE-OTHER Lokibot download attempt (snort3-malware-other.rules) * 1:56579 <-> DISABLED <-> SERVER-WEBAPP Belkin Wemo Insight Smart Plug libUPnPHndlr.so stack buffer overflow attempt (snort3-server-webapp.rules) * 1:56603 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.CSBundle_Original outbound connection attempt (snort3-malware-cnc.rules) * 1:56616 <-> DISABLED <-> MALWARE-CNC Cobalt Strike beacon outbound connection attempt (snort3-malware-cnc.rules) * 1:56611 <-> DISABLED <-> MALWARE-OTHER Cobalt Strike beacon outbound connection attempt (snort3-malware-other.rules) * 1:56580 <-> DISABLED <-> POLICY-OTHER file URI redirect attempt (snort3-policy-other.rules) * 1:56581 <-> DISABLED <-> MALWARE-TOOLS GhostPack Rubeus kerberos request attempt (snort3-malware-tools.rules) * 1:56582 <-> DISABLED <-> MALWARE-TOOLS GhostPack Rubeus kerberos request attempt (snort3-malware-tools.rules) * 1:56583 <-> DISABLED <-> MALWARE-TOOLS GhostPack Rubeus kerberos request attempt (snort3-malware-tools.rules) * 1:56584 <-> DISABLED <-> MALWARE-TOOLS GhostPack Rubeus kerberos request attempt (snort3-malware-tools.rules) * 1:56585 <-> DISABLED <-> MALWARE-TOOLS GhostPack Rubeus kerberos request attempt (snort3-malware-tools.rules) * 1:56586 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine ServiceDesk Plus arbitrary JSP file upload attempt (snort3-server-webapp.rules) * 1:56587 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.SSLBeacon variant certificate exchange attempt (snort3-malware-cnc.rules) * 1:56592 <-> DISABLED <-> MALWARE-CNC Cobalt Strike DNS beacon inbound TXT record (snort3-malware-cnc.rules) * 1:56593 <-> DISABLED <-> MALWARE-CNC Cobalt Strike DNS beacon inbound TXT record (snort3-malware-cnc.rules) * 1:56594 <-> DISABLED <-> MALWARE-BACKDOOR MultiOS.Malware.GORAT malware download attempt (snort3-malware-backdoor.rules) * 1:56595 <-> DISABLED <-> MALWARE-BACKDOOR MultiOS.Malware.GORAT malware download attempt (snort3-malware-backdoor.rules) * 1:56596 <-> DISABLED <-> MALWARE-CNC MultiOS.Malware.GORAT outbound communications attempt (snort3-malware-cnc.rules) * 1:56597 <-> DISABLED <-> MALWARE-CNC MultiOS.Malware.GORAT outbound communications attempt (snort3-malware-cnc.rules) * 1:56598 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.CSBundle_Original inbound connection attempt (snort3-malware-cnc.rules) * 1:56599 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.CSBundle_Original stager outbound connection attempt (snort3-malware-cnc.rules) * 1:56600 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.CSBundle_Original outbound connection attempt (snort3-malware-cnc.rules) * 1:56601 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.CSBundle_Original Stager 2 download attempt (snort3-malware-cnc.rules) * 1:56602 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.CSBundle_Original Server 3 inbound beacon attempt (snort3-malware-cnc.rules) * 1:56563 <-> DISABLED <-> SERVER-WEBAPP Apache Server mod_proxy Error Page cross site scripting attempt (snort3-server-webapp.rules) * 1:56604 <-> DISABLED <-> SERVER-WEBAPP Microsoft Dynamics NAV remote code execution attempt (snort3-server-webapp.rules) * 1:56565 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.AnchorBotDNS variant outbound ICMP connection (snort3-indicator-compromise.rules) * 1:56609 <-> DISABLED <-> MALWARE-OTHER Cobalt Strike beacon outbound connection attempt (snort3-malware-other.rules)
* 1:48837 <-> DISABLED <-> SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt (snort3-server-webapp.rules) * 1:56557 <-> DISABLED <-> SERVER-WEBAPP Microsoft Dynamics365 Finance and Operations remote code execution attempt (snort3-server-webapp.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:56613 <-> DISABLED <-> MALWARE-CNC Rat.Tool.FeyeYelp variant outbound beacon attempt (malware-cnc.rules) * 1:56607 <-> DISABLED <-> MALWARE-CNC potential Rat.Tool.CSBundleUSAToday connectivity check (malware-cnc.rules) * 1:56616 <-> DISABLED <-> MALWARE-CNC Cobalt Strike beacon outbound connection attempt (malware-cnc.rules) * 1:56581 <-> DISABLED <-> MALWARE-TOOLS GhostPack Rubeus kerberos request attempt (malware-tools.rules) * 1:56614 <-> DISABLED <-> MALWARE-BACKDOOR Cobalt Strike beacon connection attempt (malware-backdoor.rules) * 1:56617 <-> DISABLED <-> MALWARE-CNC Cobalt Strike beacon inbound connection attempt (malware-cnc.rules) * 1:56608 <-> DISABLED <-> MALWARE-OTHER Cobalt Strike beacon inbound connection attempt (malware-other.rules) * 1:56567 <-> DISABLED <-> MALWARE-TOOLS Win.Trojan.AnchorbotDNS variant download attempt (malware-tools.rules) * 1:56605 <-> ENABLED <-> MALWARE-CNC Rat.Tool.CSBundleUSATodayServer variant inbound command attempt (malware-cnc.rules) * 1:56563 <-> DISABLED <-> SERVER-WEBAPP Apache Server mod_proxy Error Page cross site scripting attempt (server-webapp.rules) * 1:56565 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.AnchorBotDNS variant outbound ICMP connection (indicator-compromise.rules) * 1:56566 <-> DISABLED <-> MALWARE-TOOLS Win.Trojan.AnchorInstaller variant download attempt (malware-tools.rules) * 1:56610 <-> DISABLED <-> MALWARE-OTHER Cobalt Strike beacon outbound connection attempt (malware-other.rules) * 1:56568 <-> DISABLED <-> MALWARE-TOOLS Win.Trojan.Anchorbot variant download attempt (malware-tools.rules) * 1:56569 <-> DISABLED <-> MALWARE-TOOLS Win.Trojan.MemscraperDNS variant download attempt (malware-tools.rules) * 1:56570 <-> DISABLED <-> MALWARE-TOOLS Win.Trojan.Memscraper variant download attempt (malware-tools.rules) * 1:56571 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB2 SET_INFO information disclosure attempt (os-windows.rules) * 1:56574 <-> DISABLED <-> BROWSER-OTHER Microsoft Teams mention functionality displayName remote code execution attempt (browser-other.rules) * 1:56577 <-> ENABLED <-> MALWARE-CNC Lokibot outbound connection attempt (malware-cnc.rules) * 1:56578 <-> ENABLED <-> MALWARE-OTHER Lokibot download attempt (malware-other.rules) * 1:56582 <-> DISABLED <-> MALWARE-TOOLS GhostPack Rubeus kerberos request attempt (malware-tools.rules) * 1:56583 <-> DISABLED <-> MALWARE-TOOLS GhostPack Rubeus kerberos request attempt (malware-tools.rules) * 1:56580 <-> DISABLED <-> POLICY-OTHER file URI redirect attempt (policy-other.rules) * 1:56584 <-> DISABLED <-> MALWARE-TOOLS GhostPack Rubeus kerberos request attempt (malware-tools.rules) * 1:56585 <-> DISABLED <-> MALWARE-TOOLS GhostPack Rubeus kerberos request attempt (malware-tools.rules) * 1:56586 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine ServiceDesk Plus arbitrary JSP file upload attempt (server-webapp.rules) * 1:56587 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.SSLBeacon variant certificate exchange attempt (malware-cnc.rules) * 1:56592 <-> DISABLED <-> MALWARE-CNC Cobalt Strike DNS beacon inbound TXT record (malware-cnc.rules) * 1:56593 <-> DISABLED <-> MALWARE-CNC Cobalt Strike DNS beacon inbound TXT record (malware-cnc.rules) * 1:56594 <-> DISABLED <-> MALWARE-BACKDOOR MultiOS.Malware.GORAT malware download attempt (malware-backdoor.rules) * 1:56595 <-> DISABLED <-> MALWARE-BACKDOOR MultiOS.Malware.GORAT malware download attempt (malware-backdoor.rules) * 1:56596 <-> DISABLED <-> MALWARE-CNC MultiOS.Malware.GORAT outbound communications attempt (malware-cnc.rules) * 1:56597 <-> DISABLED <-> MALWARE-CNC MultiOS.Malware.GORAT outbound communications attempt (malware-cnc.rules) * 1:56598 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.CSBundle_Original inbound connection attempt (malware-cnc.rules) * 1:56599 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.CSBundle_Original stager outbound connection attempt (malware-cnc.rules) * 1:56600 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.CSBundle_Original outbound connection attempt (malware-cnc.rules) * 1:56601 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.CSBundle_Original Stager 2 download attempt (malware-cnc.rules) * 1:56602 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.CSBundle_Original Server 3 inbound beacon attempt (malware-cnc.rules) * 1:56603 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.CSBundle_Original outbound connection attempt (malware-cnc.rules) * 1:56604 <-> DISABLED <-> SERVER-WEBAPP Microsoft Dynamics NAV remote code execution attempt (server-webapp.rules) * 1:56612 <-> DISABLED <-> MALWARE-CNC Rat.Tool.FeyeYelp variant outbound beacon attempt (malware-cnc.rules) * 1:56579 <-> DISABLED <-> SERVER-WEBAPP Belkin Wemo Insight Smart Plug libUPnPHndlr.so stack buffer overflow attempt (server-webapp.rules) * 1:56606 <-> ENABLED <-> MALWARE-CNC Rat.Tool.CSBundleUSATodayServer variant inbound command attempt (malware-cnc.rules) * 1:56609 <-> DISABLED <-> MALWARE-OTHER Cobalt Strike beacon outbound connection attempt (malware-other.rules) * 1:56564 <-> ENABLED <-> MALWARE-CNC Win.Trojan.PowerRatankba variant download attempt (malware-cnc.rules) * 1:56615 <-> DISABLED <-> MALWARE-CNC Cobalt Strike beacon outbound connection attempt (malware-cnc.rules) * 1:56611 <-> DISABLED <-> MALWARE-OTHER Cobalt Strike beacon outbound connection attempt (malware-other.rules) * 1:56292 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Crat malicious executable download (malware-other.rules)
* 1:48837 <-> DISABLED <-> SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt (server-webapp.rules) * 1:56557 <-> DISABLED <-> SERVER-WEBAPP Microsoft Dynamics365 Finance and Operations remote code execution attempt (server-webapp.rules)
©2024 Cisco and/or its affiliates. Snort, the Snort and Pig logo are registered trademarks of Cisco. All rights reserved.
