Talos Rules 2020-12-14
This release adds and modifies rules in several categories.

Talos has added and modified multiple rules in the browser-webkit, malware-cnc and server-webapp rule sets to provide coverage for emerging threats from these technologies.

Change logs

2020-12-14 22:12:25 UTC

Snort Subscriber Rules Update

Date: 2020-12-14

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091700.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:56652 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Esprot-9807946-0 download attempt (malware-other.rules)
 * 1:56653 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Esprot-9807946-0 download attempt (malware-other.rules)
 * 1:56654 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Smalltrojan-9807963-0 download attempt (malware-other.rules)
 * 1:56655 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Smalltrojan-9807963-0 download attempt (malware-other.rules)
 * 1:56656 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Emotet-9808656-0 download attempt (malware-other.rules)
 * 1:56657 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Emotet-9808656-0 download attempt (malware-other.rules)
 * 1:56660 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Sunburst outbound connection attempt (malware-cnc.rules)
 * 1:56661 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Sunburst outbound connection attempt (malware-cnc.rules)
 * 1:56662 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.Sunburst inbound connection attempt (malware-cnc.rules)
 * 1:56663 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.Sunburst inbound connection attempt (malware-cnc.rules)
 * 1:56664 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.Sunburst inbound connection attempt (malware-cnc.rules)
 * 1:56665 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Sunburst outbound connection attempt (malware-cnc.rules)
 * 1:56666 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.Sunburst inbound connection attempt (malware-cnc.rules)
 * 1:56667 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Sunburst inbound connection attempt (malware-cnc.rules)
 * 1:56668 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Sunburst outbound connection attempt (malware-cnc.rules)
 * 1:56624 <-> DISABLED <-> SERVER-WEBAPP rConfig command injection attempt (server-webapp.rules)
 * 1:56625 <-> DISABLED <-> SERVER-WEBAPP rConfig command injection attempt (server-webapp.rules)
 * 1:56626 <-> DISABLED <-> SERVER-WEBAPP rConfig command injection attempt (server-webapp.rules)
 * 1:56627 <-> DISABLED <-> SERVER-WEBAPP rConfig command injection attempt (server-webapp.rules)
 * 1:56628 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Ap0calypseRAT-9805570-0 download attempt (malware-other.rules)
 * 1:56629 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Ap0calypseRAT-9805570-0 download attempt (malware-other.rules)
 * 1:56630 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Opesup-9805608-0 download attempt (malware-other.rules)
 * 1:56631 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Opesup-9805608-0 download attempt (malware-other.rules)
 * 1:56632 <-> DISABLED <-> MALWARE-OTHER PUA.Win.File.Ezsoftwareupdater-9805635-0 download attempt (malware-other.rules)
 * 1:56633 <-> DISABLED <-> MALWARE-OTHER PUA.Win.File.Ezsoftwareupdater-9805635-0 download attempt (malware-other.rules)
 * 1:56634 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Jpbv-9805695-0 download attempt (malware-other.rules)
 * 1:56635 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Jpbv-9805695-0 download attempt (malware-other.rules)
 * 1:56636 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Cerber-9806289-0 download attempt (malware-other.rules)
 * 1:56637 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Cerber-9806289-0 download attempt (malware-other.rules)
 * 1:56638 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Mahato-9806484-0 download attempt (malware-other.rules)
 * 1:56639 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Mahato-9806484-0 download attempt (malware-other.rules)
 * 1:56640 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9806564-0 download attempt (malware-other.rules)
 * 1:56641 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9806564-0 download attempt (malware-other.rules)
 * 1:56642 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Upantix-9807018-0 download attempt (malware-other.rules)
 * 1:56643 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Upantix-9807018-0 download attempt (malware-other.rules)
 * 1:56644 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Nanocore-9807037-0 download attempt (malware-other.rules)
 * 1:56645 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Nanocore-9807037-0 download attempt (malware-other.rules)
 * 1:56646 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Crossrider-9807047-0 download attempt (malware-other.rules)
 * 1:56647 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Crossrider-9807047-0 download attempt (malware-other.rules)
 * 1:56648 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Crossrider-9807045-0 download attempt (malware-other.rules)
 * 1:56649 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Crossrider-9807045-0 download attempt (malware-other.rules)
 * 1:56650 <-> DISABLED <-> MALWARE-OTHER Win.Adware.Esprot-9807942-0 download attempt (malware-other.rules)
 * 1:56651 <-> DISABLED <-> MALWARE-OTHER Win.Adware.Esprot-9807942-0 download attempt (malware-other.rules)
 * 3:56658 <-> ENABLED <-> BROWSER-WEBKIT TRUFFLEHUNTER TALOS-2020-1214 attack attempt (browser-webkit.rules)
 * 3:56659 <-> ENABLED <-> BROWSER-WEBKIT TRUFFLEHUNTER TALOS-2020-1214 attack attempt (browser-webkit.rules)

Modified Rules:



2020-12-14 22:12:25 UTC

Snort Subscriber Rules Update

Date: 2020-12-14

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091601.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:56624 <-> DISABLED <-> SERVER-WEBAPP rConfig command injection attempt (server-webapp.rules)
 * 1:56625 <-> DISABLED <-> SERVER-WEBAPP rConfig command injection attempt (server-webapp.rules)
 * 1:56626 <-> DISABLED <-> SERVER-WEBAPP rConfig command injection attempt (server-webapp.rules)
 * 1:56627 <-> DISABLED <-> SERVER-WEBAPP rConfig command injection attempt (server-webapp.rules)
 * 1:56628 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Ap0calypseRAT-9805570-0 download attempt (malware-other.rules)
 * 1:56629 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Ap0calypseRAT-9805570-0 download attempt (malware-other.rules)
 * 1:56660 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Sunburst outbound connection attempt (malware-cnc.rules)
 * 1:56661 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Sunburst outbound connection attempt (malware-cnc.rules)
 * 1:56662 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.Sunburst inbound connection attempt (malware-cnc.rules)
 * 1:56663 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.Sunburst inbound connection attempt (malware-cnc.rules)
 * 1:56664 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.Sunburst inbound connection attempt (malware-cnc.rules)
 * 1:56665 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Sunburst outbound connection attempt (malware-cnc.rules)
 * 1:56666 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.Sunburst inbound connection attempt (malware-cnc.rules)
 * 1:56667 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Sunburst inbound connection attempt (malware-cnc.rules)
 * 1:56668 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Sunburst outbound connection attempt (malware-cnc.rules)
 * 1:56657 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Emotet-9808656-0 download attempt (malware-other.rules)
 * 1:56656 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Emotet-9808656-0 download attempt (malware-other.rules)
 * 1:56630 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Opesup-9805608-0 download attempt (malware-other.rules)
 * 1:56631 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Opesup-9805608-0 download attempt (malware-other.rules)
 * 1:56632 <-> DISABLED <-> MALWARE-OTHER PUA.Win.File.Ezsoftwareupdater-9805635-0 download attempt (malware-other.rules)
 * 1:56633 <-> DISABLED <-> MALWARE-OTHER PUA.Win.File.Ezsoftwareupdater-9805635-0 download attempt (malware-other.rules)
 * 1:56634 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Jpbv-9805695-0 download attempt (malware-other.rules)
 * 1:56635 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Jpbv-9805695-0 download attempt (malware-other.rules)
 * 1:56636 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Cerber-9806289-0 download attempt (malware-other.rules)
 * 1:56637 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Cerber-9806289-0 download attempt (malware-other.rules)
 * 1:56638 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Mahato-9806484-0 download attempt (malware-other.rules)
 * 1:56639 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Mahato-9806484-0 download attempt (malware-other.rules)
 * 1:56640 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9806564-0 download attempt (malware-other.rules)
 * 1:56641 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9806564-0 download attempt (malware-other.rules)
 * 1:56642 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Upantix-9807018-0 download attempt (malware-other.rules)
 * 1:56643 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Upantix-9807018-0 download attempt (malware-other.rules)
 * 1:56644 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Nanocore-9807037-0 download attempt (malware-other.rules)
 * 1:56645 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Nanocore-9807037-0 download attempt (malware-other.rules)
 * 1:56646 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Crossrider-9807047-0 download attempt (malware-other.rules)
 * 1:56647 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Crossrider-9807047-0 download attempt (malware-other.rules)
 * 1:56648 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Crossrider-9807045-0 download attempt (malware-other.rules)
 * 1:56649 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Crossrider-9807045-0 download attempt (malware-other.rules)
 * 1:56650 <-> DISABLED <-> MALWARE-OTHER Win.Adware.Esprot-9807942-0 download attempt (malware-other.rules)
 * 1:56651 <-> DISABLED <-> MALWARE-OTHER Win.Adware.Esprot-9807942-0 download attempt (malware-other.rules)
 * 1:56652 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Esprot-9807946-0 download attempt (malware-other.rules)
 * 1:56653 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Esprot-9807946-0 download attempt (malware-other.rules)
 * 1:56654 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Smalltrojan-9807963-0 download attempt (malware-other.rules)
 * 1:56655 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Smalltrojan-9807963-0 download attempt (malware-other.rules)
 * 3:56658 <-> ENABLED <-> BROWSER-WEBKIT TRUFFLEHUNTER TALOS-2020-1214 attack attempt (browser-webkit.rules)
 * 3:56659 <-> ENABLED <-> BROWSER-WEBKIT TRUFFLEHUNTER TALOS-2020-1214 attack attempt (browser-webkit.rules)

Modified Rules:



2020-12-14 22:12:25 UTC

Snort Subscriber Rules Update

Date: 2020-12-14

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091600.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:56629 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Ap0calypseRAT-9805570-0 download attempt (malware-other.rules)
 * 1:56624 <-> DISABLED <-> SERVER-WEBAPP rConfig command injection attempt (server-webapp.rules)
 * 1:56625 <-> DISABLED <-> SERVER-WEBAPP rConfig command injection attempt (server-webapp.rules)
 * 1:56626 <-> DISABLED <-> SERVER-WEBAPP rConfig command injection attempt (server-webapp.rules)
 * 1:56627 <-> DISABLED <-> SERVER-WEBAPP rConfig command injection attempt (server-webapp.rules)
 * 1:56628 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Ap0calypseRAT-9805570-0 download attempt (malware-other.rules)
 * 1:56630 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Opesup-9805608-0 download attempt (malware-other.rules)
 * 1:56631 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Opesup-9805608-0 download attempt (malware-other.rules)
 * 1:56660 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Sunburst outbound connection attempt (malware-cnc.rules)
 * 1:56657 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Emotet-9808656-0 download attempt (malware-other.rules)
 * 1:56661 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Sunburst outbound connection attempt (malware-cnc.rules)
 * 1:56663 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.Sunburst inbound connection attempt (malware-cnc.rules)
 * 1:56662 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.Sunburst inbound connection attempt (malware-cnc.rules)
 * 1:56664 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.Sunburst inbound connection attempt (malware-cnc.rules)
 * 1:56665 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Sunburst outbound connection attempt (malware-cnc.rules)
 * 1:56666 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.Sunburst inbound connection attempt (malware-cnc.rules)
 * 1:56667 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Sunburst inbound connection attempt (malware-cnc.rules)
 * 1:56668 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Sunburst outbound connection attempt (malware-cnc.rules)
 * 1:56632 <-> DISABLED <-> MALWARE-OTHER PUA.Win.File.Ezsoftwareupdater-9805635-0 download attempt (malware-other.rules)
 * 1:56633 <-> DISABLED <-> MALWARE-OTHER PUA.Win.File.Ezsoftwareupdater-9805635-0 download attempt (malware-other.rules)
 * 1:56634 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Jpbv-9805695-0 download attempt (malware-other.rules)
 * 1:56635 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Jpbv-9805695-0 download attempt (malware-other.rules)
 * 1:56636 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Cerber-9806289-0 download attempt (malware-other.rules)
 * 1:56637 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Cerber-9806289-0 download attempt (malware-other.rules)
 * 1:56638 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Mahato-9806484-0 download attempt (malware-other.rules)
 * 1:56639 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Mahato-9806484-0 download attempt (malware-other.rules)
 * 1:56640 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9806564-0 download attempt (malware-other.rules)
 * 1:56641 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9806564-0 download attempt (malware-other.rules)
 * 1:56642 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Upantix-9807018-0 download attempt (malware-other.rules)
 * 1:56643 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Upantix-9807018-0 download attempt (malware-other.rules)
 * 1:56644 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Nanocore-9807037-0 download attempt (malware-other.rules)
 * 1:56645 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Nanocore-9807037-0 download attempt (malware-other.rules)
 * 1:56646 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Crossrider-9807047-0 download attempt (malware-other.rules)
 * 1:56647 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Crossrider-9807047-0 download attempt (malware-other.rules)
 * 1:56648 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Crossrider-9807045-0 download attempt (malware-other.rules)
 * 1:56649 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Crossrider-9807045-0 download attempt (malware-other.rules)
 * 1:56650 <-> DISABLED <-> MALWARE-OTHER Win.Adware.Esprot-9807942-0 download attempt (malware-other.rules)
 * 1:56651 <-> DISABLED <-> MALWARE-OTHER Win.Adware.Esprot-9807942-0 download attempt (malware-other.rules)
 * 1:56652 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Esprot-9807946-0 download attempt (malware-other.rules)
 * 1:56653 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Esprot-9807946-0 download attempt (malware-other.rules)
 * 1:56654 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Smalltrojan-9807963-0 download attempt (malware-other.rules)
 * 1:56655 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Smalltrojan-9807963-0 download attempt (malware-other.rules)
 * 1:56656 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Emotet-9808656-0 download attempt (malware-other.rules)
 * 3:56658 <-> ENABLED <-> BROWSER-WEBKIT TRUFFLEHUNTER TALOS-2020-1214 attack attempt (browser-webkit.rules)
 * 3:56659 <-> ENABLED <-> BROWSER-WEBKIT TRUFFLEHUNTER TALOS-2020-1214 attack attempt (browser-webkit.rules)

Modified Rules:



2020-12-14 22:12:25 UTC

Snort Subscriber Rules Update

Date: 2020-12-14

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091501.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:56664 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.Sunburst inbound connection attempt (malware-cnc.rules)
 * 1:56661 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Sunburst outbound connection attempt (malware-cnc.rules)
 * 1:56663 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.Sunburst inbound connection attempt (malware-cnc.rules)
 * 1:56667 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Sunburst inbound connection attempt (malware-cnc.rules)
 * 1:56668 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Sunburst outbound connection attempt (malware-cnc.rules)
 * 1:56666 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.Sunburst inbound connection attempt (malware-cnc.rules)
 * 1:56660 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Sunburst outbound connection attempt (malware-cnc.rules)
 * 1:56657 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Emotet-9808656-0 download attempt (malware-other.rules)
 * 1:56662 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.Sunburst inbound connection attempt (malware-cnc.rules)
 * 1:56625 <-> DISABLED <-> SERVER-WEBAPP rConfig command injection attempt (server-webapp.rules)
 * 1:56627 <-> DISABLED <-> SERVER-WEBAPP rConfig command injection attempt (server-webapp.rules)
 * 1:56626 <-> DISABLED <-> SERVER-WEBAPP rConfig command injection attempt (server-webapp.rules)
 * 1:56628 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Ap0calypseRAT-9805570-0 download attempt (malware-other.rules)
 * 1:56629 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Ap0calypseRAT-9805570-0 download attempt (malware-other.rules)
 * 1:56630 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Opesup-9805608-0 download attempt (malware-other.rules)
 * 1:56631 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Opesup-9805608-0 download attempt (malware-other.rules)
 * 1:56632 <-> DISABLED <-> MALWARE-OTHER PUA.Win.File.Ezsoftwareupdater-9805635-0 download attempt (malware-other.rules)
 * 1:56633 <-> DISABLED <-> MALWARE-OTHER PUA.Win.File.Ezsoftwareupdater-9805635-0 download attempt (malware-other.rules)
 * 1:56634 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Jpbv-9805695-0 download attempt (malware-other.rules)
 * 1:56635 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Jpbv-9805695-0 download attempt (malware-other.rules)
 * 1:56636 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Cerber-9806289-0 download attempt (malware-other.rules)
 * 1:56637 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Cerber-9806289-0 download attempt (malware-other.rules)
 * 1:56624 <-> DISABLED <-> SERVER-WEBAPP rConfig command injection attempt (server-webapp.rules)
 * 1:56638 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Mahato-9806484-0 download attempt (malware-other.rules)
 * 1:56639 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Mahato-9806484-0 download attempt (malware-other.rules)
 * 1:56640 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9806564-0 download attempt (malware-other.rules)
 * 1:56641 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9806564-0 download attempt (malware-other.rules)
 * 1:56642 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Upantix-9807018-0 download attempt (malware-other.rules)
 * 1:56643 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Upantix-9807018-0 download attempt (malware-other.rules)
 * 1:56644 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Nanocore-9807037-0 download attempt (malware-other.rules)
 * 1:56645 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Nanocore-9807037-0 download attempt (malware-other.rules)
 * 1:56646 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Crossrider-9807047-0 download attempt (malware-other.rules)
 * 1:56647 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Crossrider-9807047-0 download attempt (malware-other.rules)
 * 1:56648 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Crossrider-9807045-0 download attempt (malware-other.rules)
 * 1:56649 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Crossrider-9807045-0 download attempt (malware-other.rules)
 * 1:56650 <-> DISABLED <-> MALWARE-OTHER Win.Adware.Esprot-9807942-0 download attempt (malware-other.rules)
 * 1:56651 <-> DISABLED <-> MALWARE-OTHER Win.Adware.Esprot-9807942-0 download attempt (malware-other.rules)
 * 1:56652 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Esprot-9807946-0 download attempt (malware-other.rules)
 * 1:56653 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Esprot-9807946-0 download attempt (malware-other.rules)
 * 1:56654 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Smalltrojan-9807963-0 download attempt (malware-other.rules)
 * 1:56655 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Smalltrojan-9807963-0 download attempt (malware-other.rules)
 * 1:56656 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Emotet-9808656-0 download attempt (malware-other.rules)
 * 1:56665 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Sunburst outbound connection attempt (malware-cnc.rules)
 * 3:56659 <-> ENABLED <-> BROWSER-WEBKIT TRUFFLEHUNTER TALOS-2020-1214 attack attempt (browser-webkit.rules)
 * 3:56658 <-> ENABLED <-> BROWSER-WEBKIT TRUFFLEHUNTER TALOS-2020-1214 attack attempt (browser-webkit.rules)

Modified Rules:



2020-12-14 22:12:25 UTC

Snort Subscriber Rules Update

Date: 2020-12-14

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091500.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:56661 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Sunburst outbound connection attempt (malware-cnc.rules)
 * 1:56665 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Sunburst outbound connection attempt (malware-cnc.rules)
 * 1:56662 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.Sunburst inbound connection attempt (malware-cnc.rules)
 * 1:56666 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.Sunburst inbound connection attempt (malware-cnc.rules)
 * 1:56667 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Sunburst inbound connection attempt (malware-cnc.rules)
 * 1:56668 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Sunburst outbound connection attempt (malware-cnc.rules)
 * 1:56660 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Sunburst outbound connection attempt (malware-cnc.rules)
 * 1:56657 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Emotet-9808656-0 download attempt (malware-other.rules)
 * 1:56637 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Cerber-9806289-0 download attempt (malware-other.rules)
 * 1:56624 <-> DISABLED <-> SERVER-WEBAPP rConfig command injection attempt (server-webapp.rules)
 * 1:56626 <-> DISABLED <-> SERVER-WEBAPP rConfig command injection attempt (server-webapp.rules)
 * 1:56625 <-> DISABLED <-> SERVER-WEBAPP rConfig command injection attempt (server-webapp.rules)
 * 1:56627 <-> DISABLED <-> SERVER-WEBAPP rConfig command injection attempt (server-webapp.rules)
 * 1:56628 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Ap0calypseRAT-9805570-0 download attempt (malware-other.rules)
 * 1:56629 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Ap0calypseRAT-9805570-0 download attempt (malware-other.rules)
 * 1:56630 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Opesup-9805608-0 download attempt (malware-other.rules)
 * 1:56631 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Opesup-9805608-0 download attempt (malware-other.rules)
 * 1:56632 <-> DISABLED <-> MALWARE-OTHER PUA.Win.File.Ezsoftwareupdater-9805635-0 download attempt (malware-other.rules)
 * 1:56633 <-> DISABLED <-> MALWARE-OTHER PUA.Win.File.Ezsoftwareupdater-9805635-0 download attempt (malware-other.rules)
 * 1:56634 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Jpbv-9805695-0 download attempt (malware-other.rules)
 * 1:56635 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Jpbv-9805695-0 download attempt (malware-other.rules)
 * 1:56636 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Cerber-9806289-0 download attempt (malware-other.rules)
 * 1:56638 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Mahato-9806484-0 download attempt (malware-other.rules)
 * 1:56639 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Mahato-9806484-0 download attempt (malware-other.rules)
 * 1:56640 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9806564-0 download attempt (malware-other.rules)
 * 1:56641 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9806564-0 download attempt (malware-other.rules)
 * 1:56642 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Upantix-9807018-0 download attempt (malware-other.rules)
 * 1:56643 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Upantix-9807018-0 download attempt (malware-other.rules)
 * 1:56644 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Nanocore-9807037-0 download attempt (malware-other.rules)
 * 1:56645 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Nanocore-9807037-0 download attempt (malware-other.rules)
 * 1:56646 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Crossrider-9807047-0 download attempt (malware-other.rules)
 * 1:56647 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Crossrider-9807047-0 download attempt (malware-other.rules)
 * 1:56648 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Crossrider-9807045-0 download attempt (malware-other.rules)
 * 1:56649 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Crossrider-9807045-0 download attempt (malware-other.rules)
 * 1:56650 <-> DISABLED <-> MALWARE-OTHER Win.Adware.Esprot-9807942-0 download attempt (malware-other.rules)
 * 1:56651 <-> DISABLED <-> MALWARE-OTHER Win.Adware.Esprot-9807942-0 download attempt (malware-other.rules)
 * 1:56652 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Esprot-9807946-0 download attempt (malware-other.rules)
 * 1:56653 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Esprot-9807946-0 download attempt (malware-other.rules)
 * 1:56654 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Smalltrojan-9807963-0 download attempt (malware-other.rules)
 * 1:56656 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Emotet-9808656-0 download attempt (malware-other.rules)
 * 1:56655 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Smalltrojan-9807963-0 download attempt (malware-other.rules)
 * 1:56663 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.Sunburst inbound connection attempt (malware-cnc.rules)
 * 1:56664 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.Sunburst inbound connection attempt (malware-cnc.rules)
 * 3:56659 <-> ENABLED <-> BROWSER-WEBKIT TRUFFLEHUNTER TALOS-2020-1214 attack attempt (browser-webkit.rules)
 * 3:56658 <-> ENABLED <-> BROWSER-WEBKIT TRUFFLEHUNTER TALOS-2020-1214 attack attempt (browser-webkit.rules)

Modified Rules:



2020-12-14 22:12:25 UTC

Snort Subscriber Rules Update

Date: 2020-12-14

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091401.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:56665 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Sunburst outbound connection attempt (malware-cnc.rules)
 * 1:56657 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Emotet-9808656-0 download attempt (malware-other.rules)
 * 1:56667 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Sunburst inbound connection attempt (malware-cnc.rules)
 * 1:56656 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Emotet-9808656-0 download attempt (malware-other.rules)
 * 1:56660 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Sunburst outbound connection attempt (malware-cnc.rules)
 * 1:56668 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Sunburst outbound connection attempt (malware-cnc.rules)
 * 1:56654 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Smalltrojan-9807963-0 download attempt (malware-other.rules)
 * 1:56664 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.Sunburst inbound connection attempt (malware-cnc.rules)
 * 1:56662 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.Sunburst inbound connection attempt (malware-cnc.rules)
 * 1:56624 <-> DISABLED <-> SERVER-WEBAPP rConfig command injection attempt (server-webapp.rules)
 * 1:56626 <-> DISABLED <-> SERVER-WEBAPP rConfig command injection attempt (server-webapp.rules)
 * 1:56625 <-> DISABLED <-> SERVER-WEBAPP rConfig command injection attempt (server-webapp.rules)
 * 1:56627 <-> DISABLED <-> SERVER-WEBAPP rConfig command injection attempt (server-webapp.rules)
 * 1:56628 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Ap0calypseRAT-9805570-0 download attempt (malware-other.rules)
 * 1:56629 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Ap0calypseRAT-9805570-0 download attempt (malware-other.rules)
 * 1:56630 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Opesup-9805608-0 download attempt (malware-other.rules)
 * 1:56631 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Opesup-9805608-0 download attempt (malware-other.rules)
 * 1:56632 <-> DISABLED <-> MALWARE-OTHER PUA.Win.File.Ezsoftwareupdater-9805635-0 download attempt (malware-other.rules)
 * 1:56633 <-> DISABLED <-> MALWARE-OTHER PUA.Win.File.Ezsoftwareupdater-9805635-0 download attempt (malware-other.rules)
 * 1:56634 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Jpbv-9805695-0 download attempt (malware-other.rules)
 * 1:56635 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Jpbv-9805695-0 download attempt (malware-other.rules)
 * 1:56636 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Cerber-9806289-0 download attempt (malware-other.rules)
 * 1:56637 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Cerber-9806289-0 download attempt (malware-other.rules)
 * 1:56638 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Mahato-9806484-0 download attempt (malware-other.rules)
 * 1:56639 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Mahato-9806484-0 download attempt (malware-other.rules)
 * 1:56640 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9806564-0 download attempt (malware-other.rules)
 * 1:56641 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9806564-0 download attempt (malware-other.rules)
 * 1:56642 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Upantix-9807018-0 download attempt (malware-other.rules)
 * 1:56643 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Upantix-9807018-0 download attempt (malware-other.rules)
 * 1:56644 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Nanocore-9807037-0 download attempt (malware-other.rules)
 * 1:56645 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Nanocore-9807037-0 download attempt (malware-other.rules)
 * 1:56646 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Crossrider-9807047-0 download attempt (malware-other.rules)
 * 1:56647 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Crossrider-9807047-0 download attempt (malware-other.rules)
 * 1:56648 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Crossrider-9807045-0 download attempt (malware-other.rules)
 * 1:56649 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Crossrider-9807045-0 download attempt (malware-other.rules)
 * 1:56650 <-> DISABLED <-> MALWARE-OTHER Win.Adware.Esprot-9807942-0 download attempt (malware-other.rules)
 * 1:56651 <-> DISABLED <-> MALWARE-OTHER Win.Adware.Esprot-9807942-0 download attempt (malware-other.rules)
 * 1:56652 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Esprot-9807946-0 download attempt (malware-other.rules)
 * 1:56653 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Esprot-9807946-0 download attempt (malware-other.rules)
 * 1:56655 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Smalltrojan-9807963-0 download attempt (malware-other.rules)
 * 1:56663 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.Sunburst inbound connection attempt (malware-cnc.rules)
 * 1:56666 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.Sunburst inbound connection attempt (malware-cnc.rules)
 * 1:56661 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Sunburst outbound connection attempt (malware-cnc.rules)
 * 3:56658 <-> ENABLED <-> BROWSER-WEBKIT TRUFFLEHUNTER TALOS-2020-1214 attack attempt (browser-webkit.rules)
 * 3:56659 <-> ENABLED <-> BROWSER-WEBKIT TRUFFLEHUNTER TALOS-2020-1214 attack attempt (browser-webkit.rules)

Modified Rules:



2020-12-14 22:12:25 UTC

Snort Subscriber Rules Update

Date: 2020-12-14

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091300.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:56665 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Sunburst outbound connection attempt (malware-cnc.rules)
 * 1:56662 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.Sunburst inbound connection attempt (malware-cnc.rules)
 * 1:56664 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.Sunburst inbound connection attempt (malware-cnc.rules)
 * 1:56667 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Sunburst inbound connection attempt (malware-cnc.rules)
 * 1:56656 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Emotet-9808656-0 download attempt (malware-other.rules)
 * 1:56654 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Smalltrojan-9807963-0 download attempt (malware-other.rules)
 * 1:56663 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.Sunburst inbound connection attempt (malware-cnc.rules)
 * 1:56668 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Sunburst outbound connection attempt (malware-cnc.rules)
 * 1:56660 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Sunburst outbound connection attempt (malware-cnc.rules)
 * 1:56624 <-> DISABLED <-> SERVER-WEBAPP rConfig command injection attempt (server-webapp.rules)
 * 1:56626 <-> DISABLED <-> SERVER-WEBAPP rConfig command injection attempt (server-webapp.rules)
 * 1:56625 <-> DISABLED <-> SERVER-WEBAPP rConfig command injection attempt (server-webapp.rules)
 * 1:56627 <-> DISABLED <-> SERVER-WEBAPP rConfig command injection attempt (server-webapp.rules)
 * 1:56628 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Ap0calypseRAT-9805570-0 download attempt (malware-other.rules)
 * 1:56629 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Ap0calypseRAT-9805570-0 download attempt (malware-other.rules)
 * 1:56630 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Opesup-9805608-0 download attempt (malware-other.rules)
 * 1:56631 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Opesup-9805608-0 download attempt (malware-other.rules)
 * 1:56632 <-> DISABLED <-> MALWARE-OTHER PUA.Win.File.Ezsoftwareupdater-9805635-0 download attempt (malware-other.rules)
 * 1:56633 <-> DISABLED <-> MALWARE-OTHER PUA.Win.File.Ezsoftwareupdater-9805635-0 download attempt (malware-other.rules)
 * 1:56634 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Jpbv-9805695-0 download attempt (malware-other.rules)
 * 1:56635 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Jpbv-9805695-0 download attempt (malware-other.rules)
 * 1:56636 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Cerber-9806289-0 download attempt (malware-other.rules)
 * 1:56637 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Cerber-9806289-0 download attempt (malware-other.rules)
 * 1:56638 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Mahato-9806484-0 download attempt (malware-other.rules)
 * 1:56639 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Mahato-9806484-0 download attempt (malware-other.rules)
 * 1:56640 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9806564-0 download attempt (malware-other.rules)
 * 1:56641 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9806564-0 download attempt (malware-other.rules)
 * 1:56642 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Upantix-9807018-0 download attempt (malware-other.rules)
 * 1:56643 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Upantix-9807018-0 download attempt (malware-other.rules)
 * 1:56644 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Nanocore-9807037-0 download attempt (malware-other.rules)
 * 1:56645 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Nanocore-9807037-0 download attempt (malware-other.rules)
 * 1:56646 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Crossrider-9807047-0 download attempt (malware-other.rules)
 * 1:56647 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Crossrider-9807047-0 download attempt (malware-other.rules)
 * 1:56648 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Crossrider-9807045-0 download attempt (malware-other.rules)
 * 1:56649 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Crossrider-9807045-0 download attempt (malware-other.rules)
 * 1:56650 <-> DISABLED <-> MALWARE-OTHER Win.Adware.Esprot-9807942-0 download attempt (malware-other.rules)
 * 1:56651 <-> DISABLED <-> MALWARE-OTHER Win.Adware.Esprot-9807942-0 download attempt (malware-other.rules)
 * 1:56652 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Esprot-9807946-0 download attempt (malware-other.rules)
 * 1:56653 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Esprot-9807946-0 download attempt (malware-other.rules)
 * 1:56655 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Smalltrojan-9807963-0 download attempt (malware-other.rules)
 * 1:56666 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.Sunburst inbound connection attempt (malware-cnc.rules)
 * 1:56657 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Emotet-9808656-0 download attempt (malware-other.rules)
 * 1:56661 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Sunburst outbound connection attempt (malware-cnc.rules)
 * 3:56659 <-> ENABLED <-> BROWSER-WEBKIT TRUFFLEHUNTER TALOS-2020-1214 attack attempt (browser-webkit.rules)
 * 3:56658 <-> ENABLED <-> BROWSER-WEBKIT TRUFFLEHUNTER TALOS-2020-1214 attack attempt (browser-webkit.rules)

Modified Rules:



2020-12-14 22:12:25 UTC

Snort Subscriber Rules Update

Date: 2020-12-14

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091101.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:56661 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Sunburst outbound connection attempt (malware-cnc.rules)
 * 1:56655 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Smalltrojan-9807963-0 download attempt (malware-other.rules)
 * 1:56666 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.Sunburst inbound connection attempt (malware-cnc.rules)
 * 1:56665 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Sunburst outbound connection attempt (malware-cnc.rules)
 * 1:56668 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Sunburst outbound connection attempt (malware-cnc.rules)
 * 1:56663 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.Sunburst inbound connection attempt (malware-cnc.rules)
 * 1:56660 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Sunburst outbound connection attempt (malware-cnc.rules)
 * 1:56662 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.Sunburst inbound connection attempt (malware-cnc.rules)
 * 1:56656 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Emotet-9808656-0 download attempt (malware-other.rules)
 * 1:56624 <-> DISABLED <-> SERVER-WEBAPP rConfig command injection attempt (server-webapp.rules)
 * 1:56626 <-> DISABLED <-> SERVER-WEBAPP rConfig command injection attempt (server-webapp.rules)
 * 1:56625 <-> DISABLED <-> SERVER-WEBAPP rConfig command injection attempt (server-webapp.rules)
 * 1:56627 <-> DISABLED <-> SERVER-WEBAPP rConfig command injection attempt (server-webapp.rules)
 * 1:56628 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Ap0calypseRAT-9805570-0 download attempt (malware-other.rules)
 * 1:56629 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Ap0calypseRAT-9805570-0 download attempt (malware-other.rules)
 * 1:56667 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Sunburst inbound connection attempt (malware-cnc.rules)
 * 1:56654 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Smalltrojan-9807963-0 download attempt (malware-other.rules)
 * 1:56630 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Opesup-9805608-0 download attempt (malware-other.rules)
 * 1:56631 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Opesup-9805608-0 download attempt (malware-other.rules)
 * 1:56632 <-> DISABLED <-> MALWARE-OTHER PUA.Win.File.Ezsoftwareupdater-9805635-0 download attempt (malware-other.rules)
 * 1:56633 <-> DISABLED <-> MALWARE-OTHER PUA.Win.File.Ezsoftwareupdater-9805635-0 download attempt (malware-other.rules)
 * 1:56634 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Jpbv-9805695-0 download attempt (malware-other.rules)
 * 1:56635 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Jpbv-9805695-0 download attempt (malware-other.rules)
 * 1:56636 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Cerber-9806289-0 download attempt (malware-other.rules)
 * 1:56637 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Cerber-9806289-0 download attempt (malware-other.rules)
 * 1:56638 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Mahato-9806484-0 download attempt (malware-other.rules)
 * 1:56639 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Mahato-9806484-0 download attempt (malware-other.rules)
 * 1:56640 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9806564-0 download attempt (malware-other.rules)
 * 1:56641 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9806564-0 download attempt (malware-other.rules)
 * 1:56642 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Upantix-9807018-0 download attempt (malware-other.rules)
 * 1:56643 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Upantix-9807018-0 download attempt (malware-other.rules)
 * 1:56644 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Nanocore-9807037-0 download attempt (malware-other.rules)
 * 1:56645 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Nanocore-9807037-0 download attempt (malware-other.rules)
 * 1:56646 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Crossrider-9807047-0 download attempt (malware-other.rules)
 * 1:56647 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Crossrider-9807047-0 download attempt (malware-other.rules)
 * 1:56648 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Crossrider-9807045-0 download attempt (malware-other.rules)
 * 1:56649 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Crossrider-9807045-0 download attempt (malware-other.rules)
 * 1:56650 <-> DISABLED <-> MALWARE-OTHER Win.Adware.Esprot-9807942-0 download attempt (malware-other.rules)
 * 1:56651 <-> DISABLED <-> MALWARE-OTHER Win.Adware.Esprot-9807942-0 download attempt (malware-other.rules)
 * 1:56652 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Esprot-9807946-0 download attempt (malware-other.rules)
 * 1:56657 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Emotet-9808656-0 download attempt (malware-other.rules)
 * 1:56653 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Esprot-9807946-0 download attempt (malware-other.rules)
 * 1:56664 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.Sunburst inbound connection attempt (malware-cnc.rules)
 * 3:56658 <-> ENABLED <-> BROWSER-WEBKIT TRUFFLEHUNTER TALOS-2020-1214 attack attempt (browser-webkit.rules)
 * 3:56659 <-> ENABLED <-> BROWSER-WEBKIT TRUFFLEHUNTER TALOS-2020-1214 attack attempt (browser-webkit.rules)

Modified Rules:



2020-12-14 22:12:25 UTC

Snort Subscriber Rules Update

Date: 2020-12-14

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3000.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:56660 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Sunburst outbound connection attempt (snort3-malware-cnc.rules)
 * 1:56667 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Sunburst inbound connection attempt (snort3-malware-cnc.rules)
 * 1:56665 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Sunburst outbound connection attempt (snort3-malware-cnc.rules)
 * 1:56662 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.Sunburst inbound connection attempt (snort3-malware-cnc.rules)
 * 1:56624 <-> DISABLED <-> SERVER-WEBAPP rConfig command injection attempt (snort3-server-webapp.rules)
 * 1:56664 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.Sunburst inbound connection attempt (snort3-malware-cnc.rules)
 * 1:56663 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.Sunburst inbound connection attempt (snort3-malware-cnc.rules)
 * 1:56625 <-> DISABLED <-> SERVER-WEBAPP rConfig command injection attempt (snort3-server-webapp.rules)
 * 1:56626 <-> DISABLED <-> SERVER-WEBAPP rConfig command injection attempt (snort3-server-webapp.rules)
 * 1:56657 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Emotet-9808656-0 download attempt (snort3-malware-other.rules)
 * 1:56627 <-> DISABLED <-> SERVER-WEBAPP rConfig command injection attempt (snort3-server-webapp.rules)
 * 1:56628 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Ap0calypseRAT-9805570-0 download attempt (snort3-malware-other.rules)
 * 1:56629 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Ap0calypseRAT-9805570-0 download attempt (snort3-malware-other.rules)
 * 1:56630 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Opesup-9805608-0 download attempt (snort3-malware-other.rules)
 * 1:56631 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Opesup-9805608-0 download attempt (snort3-malware-other.rules)
 * 1:56632 <-> DISABLED <-> MALWARE-OTHER PUA.Win.File.Ezsoftwareupdater-9805635-0 download attempt (snort3-malware-other.rules)
 * 1:56633 <-> DISABLED <-> MALWARE-OTHER PUA.Win.File.Ezsoftwareupdater-9805635-0 download attempt (snort3-malware-other.rules)
 * 1:56634 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Jpbv-9805695-0 download attempt (snort3-malware-other.rules)
 * 1:56661 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Sunburst outbound connection attempt (snort3-malware-cnc.rules)
 * 1:56635 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Jpbv-9805695-0 download attempt (snort3-malware-other.rules)
 * 1:56636 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Cerber-9806289-0 download attempt (snort3-malware-other.rules)
 * 1:56637 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Cerber-9806289-0 download attempt (snort3-malware-other.rules)
 * 1:56638 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Mahato-9806484-0 download attempt (snort3-malware-other.rules)
 * 1:56639 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Mahato-9806484-0 download attempt (snort3-malware-other.rules)
 * 1:56640 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9806564-0 download attempt (snort3-malware-other.rules)
 * 1:56641 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9806564-0 download attempt (snort3-malware-other.rules)
 * 1:56642 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Upantix-9807018-0 download attempt (snort3-malware-other.rules)
 * 1:56643 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Upantix-9807018-0 download attempt (snort3-malware-other.rules)
 * 1:56644 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Nanocore-9807037-0 download attempt (snort3-malware-other.rules)
 * 1:56645 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Nanocore-9807037-0 download attempt (snort3-malware-other.rules)
 * 1:56646 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Crossrider-9807047-0 download attempt (snort3-malware-other.rules)
 * 1:56647 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Crossrider-9807047-0 download attempt (snort3-malware-other.rules)
 * 1:56648 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Crossrider-9807045-0 download attempt (snort3-malware-other.rules)
 * 1:56649 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Crossrider-9807045-0 download attempt (snort3-malware-other.rules)
 * 1:56650 <-> DISABLED <-> MALWARE-OTHER Win.Adware.Esprot-9807942-0 download attempt (snort3-malware-other.rules)
 * 1:56651 <-> DISABLED <-> MALWARE-OTHER Win.Adware.Esprot-9807942-0 download attempt (snort3-malware-other.rules)
 * 1:56652 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Esprot-9807946-0 download attempt (snort3-malware-other.rules)
 * 1:56653 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Esprot-9807946-0 download attempt (snort3-malware-other.rules)
 * 1:56654 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Smalltrojan-9807963-0 download attempt (snort3-malware-other.rules)
 * 1:56655 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Smalltrojan-9807963-0 download attempt (snort3-malware-other.rules)
 * 1:56656 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Emotet-9808656-0 download attempt (snort3-malware-other.rules)
 * 1:56668 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Sunburst outbound connection attempt (snort3-malware-cnc.rules)
 * 1:56666 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.Sunburst inbound connection attempt (snort3-malware-cnc.rules)

Modified Rules:



2020-12-14 22:12:25 UTC

Snort Subscriber Rules Update

Date: 2020-12-14

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:56667 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Sunburst inbound connection attempt (malware-cnc.rules)
 * 1:56663 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.Sunburst inbound connection attempt (malware-cnc.rules)
 * 1:56665 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Sunburst outbound connection attempt (malware-cnc.rules)
 * 1:56655 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Smalltrojan-9807963-0 download attempt (malware-other.rules)
 * 1:56666 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.Sunburst inbound connection attempt (malware-cnc.rules)
 * 1:56653 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Esprot-9807946-0 download attempt (malware-other.rules)
 * 1:56629 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Ap0calypseRAT-9805570-0 download attempt (malware-other.rules)
 * 1:56628 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Ap0calypseRAT-9805570-0 download attempt (malware-other.rules)
 * 1:56668 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Sunburst outbound connection attempt (malware-cnc.rules)
 * 1:56664 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.Sunburst inbound connection attempt (malware-cnc.rules)
 * 1:56662 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.Sunburst inbound connection attempt (malware-cnc.rules)
 * 1:56651 <-> DISABLED <-> MALWARE-OTHER Win.Adware.Esprot-9807942-0 download attempt (malware-other.rules)
 * 1:56661 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Sunburst outbound connection attempt (malware-cnc.rules)
 * 1:56654 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Smalltrojan-9807963-0 download attempt (malware-other.rules)
 * 1:56632 <-> DISABLED <-> MALWARE-OTHER PUA.Win.File.Ezsoftwareupdater-9805635-0 download attempt (malware-other.rules)
 * 1:56656 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Emotet-9808656-0 download attempt (malware-other.rules)
 * 1:56660 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Sunburst outbound connection attempt (malware-cnc.rules)
 * 1:56657 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Emotet-9808656-0 download attempt (malware-other.rules)
 * 1:56625 <-> DISABLED <-> SERVER-WEBAPP rConfig command injection attempt (server-webapp.rules)
 * 1:56627 <-> DISABLED <-> SERVER-WEBAPP rConfig command injection attempt (server-webapp.rules)
 * 1:56631 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Opesup-9805608-0 download attempt (malware-other.rules)
 * 1:56634 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Jpbv-9805695-0 download attempt (malware-other.rules)
 * 1:56636 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Cerber-9806289-0 download attempt (malware-other.rules)
 * 1:56638 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Mahato-9806484-0 download attempt (malware-other.rules)
 * 1:56626 <-> DISABLED <-> SERVER-WEBAPP rConfig command injection attempt (server-webapp.rules)
 * 1:56640 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9806564-0 download attempt (malware-other.rules)
 * 1:56630 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Opesup-9805608-0 download attempt (malware-other.rules)
 * 1:56642 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Upantix-9807018-0 download attempt (malware-other.rules)
 * 1:56633 <-> DISABLED <-> MALWARE-OTHER PUA.Win.File.Ezsoftwareupdater-9805635-0 download attempt (malware-other.rules)
 * 1:56644 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Nanocore-9807037-0 download attempt (malware-other.rules)
 * 1:56635 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Jpbv-9805695-0 download attempt (malware-other.rules)
 * 1:56646 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Crossrider-9807047-0 download attempt (malware-other.rules)
 * 1:56637 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Cerber-9806289-0 download attempt (malware-other.rules)
 * 1:56648 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Crossrider-9807045-0 download attempt (malware-other.rules)
 * 1:56639 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Mahato-9806484-0 download attempt (malware-other.rules)
 * 1:56650 <-> DISABLED <-> MALWARE-OTHER Win.Adware.Esprot-9807942-0 download attempt (malware-other.rules)
 * 1:56641 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9806564-0 download attempt (malware-other.rules)
 * 1:56652 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Esprot-9807946-0 download attempt (malware-other.rules)
 * 1:56643 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Upantix-9807018-0 download attempt (malware-other.rules)
 * 1:56645 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Nanocore-9807037-0 download attempt (malware-other.rules)
 * 1:56647 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Crossrider-9807047-0 download attempt (malware-other.rules)
 * 1:56649 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Crossrider-9807045-0 download attempt (malware-other.rules)
 * 1:56624 <-> DISABLED <-> SERVER-WEBAPP rConfig command injection attempt (server-webapp.rules)
 * 3:56659 <-> ENABLED <-> BROWSER-WEBKIT TRUFFLEHUNTER TALOS-2020-1214 attack attempt (browser-webkit.rules)
 * 3:56658 <-> ENABLED <-> BROWSER-WEBKIT TRUFFLEHUNTER TALOS-2020-1214 attack attempt (browser-webkit.rules)

Modified Rules: