Talos Rules 2020-12-17
This release adds and modifies rules in several categories.

Talos has added and modified multiple rules in the file-other, malware-cnc, malware-other and server-webapp rule sets to provide coverage for emerging threats from these technologies.

Change logs

2020-12-17 13:32:19 UTC

Snort Subscriber Rules Update

Date: 2020-12-17

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091700.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:56685 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809290-0 download attempt (malware-other.rules)
 * 1:56686 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809290-0 download attempt (malware-other.rules)
 * 1:56687 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809291-0 download attempt (malware-other.rules)
 * 1:56688 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809291-0 download attempt (malware-other.rules)
 * 1:56689 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809292-0 download attempt (malware-other.rules)
 * 1:56690 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809292-0 download attempt (malware-other.rules)
 * 1:56691 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809293-0 download attempt (malware-other.rules)
 * 1:56692 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809293-0 download attempt (malware-other.rules)
 * 1:56693 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809302-0 download attempt (malware-other.rules)
 * 1:56694 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809302-0 download attempt (malware-other.rules)
 * 1:56695 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9809303-0 download attempt (malware-other.rules)
 * 1:56696 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9809303-0 download attempt (malware-other.rules)
 * 1:56697 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809310-0 download attempt (malware-other.rules)
 * 1:56698 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809310-0 download attempt (malware-other.rules)
 * 1:56699 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809311-0 download attempt (malware-other.rules)
 * 1:56700 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809311-0 download attempt (malware-other.rules)
 * 1:56701 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Napolar-9809317-0 download attempt (malware-other.rules)
 * 1:56702 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Napolar-9809317-0 download attempt (malware-other.rules)
 * 1:56703 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Mikey-9809358-0 download attempt (malware-other.rules)
 * 1:56704 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Mikey-9809358-0 download attempt (malware-other.rules)
 * 1:56705 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809405-0 download attempt (malware-other.rules)
 * 1:56706 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809405-0 download attempt (malware-other.rules)
 * 1:56707 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809423-0 download attempt (malware-other.rules)
 * 1:56708 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809423-0 download attempt (malware-other.rules)
 * 1:56709 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809425-0 download attempt (malware-other.rules)
 * 1:56710 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809425-0 download attempt (malware-other.rules)
 * 1:56711 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ppatre-9809656-0 download attempt (malware-other.rules)
 * 1:56712 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ppatre-9809656-0 download attempt (malware-other.rules)
 * 1:56713 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Emotet-9809680-0 download attempt (malware-other.rules)
 * 1:56714 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Emotet-9809680-0 download attempt (malware-other.rules)
 * 1:56715 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Priplut-9809769-0 download attempt (malware-other.rules)
 * 1:56716 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Priplut-9809769-0 download attempt (malware-other.rules)
 * 1:56717 <-> ENABLED <-> MALWARE-CNC Win.Ransomware.Egregor variant outbound connection (malware-cnc.rules)
 * 1:56718 <-> ENABLED <-> MALWARE-CNC Win.Trojan.xDLL variant outbound communication attempt (malware-cnc.rules)
 * 1:56719 <-> ENABLED <-> MALWARE-CNC Win.Trojan.xDLL variant outbound communication attempt (malware-cnc.rules)
 * 1:56720 <-> DISABLED <-> SERVER-WEBAPP Citrix ADC and Gateway authentication bypass attempt (server-webapp.rules)
 * 1:56669 <-> DISABLED <-> MALWARE-OTHER Win.Virus.Ramnit-9808983-0 download attempt (malware-other.rules)
 * 1:56670 <-> DISABLED <-> MALWARE-OTHER Win.Virus.Ramnit-9808983-0 download attempt (malware-other.rules)
 * 1:56671 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zeroaccess-9809114-0 download attempt (malware-other.rules)
 * 1:56672 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zeroaccess-9809114-0 download attempt (malware-other.rules)
 * 1:56673 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809232-0 download attempt (malware-other.rules)
 * 1:56674 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809232-0 download attempt (malware-other.rules)
 * 1:56675 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809233-0 download attempt (malware-other.rules)
 * 1:56676 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809233-0 download attempt (malware-other.rules)
 * 1:56677 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809234-0 download attempt (malware-other.rules)
 * 1:56678 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809234-0 download attempt (malware-other.rules)
 * 1:56679 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809236-0 download attempt (malware-other.rules)
 * 1:56680 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809236-0 download attempt (malware-other.rules)
 * 1:56681 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809289-0 download attempt (malware-other.rules)
 * 1:56682 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809289-0 download attempt (malware-other.rules)
 * 1:56683 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809288-0 download attempt (malware-other.rules)
 * 1:56684 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809288-0 download attempt (malware-other.rules)
 * 3:56721 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1213 attack attempt (file-other.rules)
 * 3:56722 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1213 attack attempt (file-other.rules)
 * 3:56723 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1215 attack attempt (file-other.rules)
 * 3:56724 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1215 attack attempt (file-other.rules)
 * 3:56725 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1218 attack attempt (file-other.rules)
 * 3:56726 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1218 attack attempt (file-other.rules)
 * 3:56727 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1219 attack attempt (file-other.rules)
 * 3:56728 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1219 attack attempt (file-other.rules)
 * 3:56729 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2020-1217 attack attempt (server-other.rules)

Modified Rules:


 * 1:47860 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Xamaria variant outbound connection (malware-cnc.rules)
 * 1:49952 <-> DISABLED <-> MALWARE-CNC Win.Downloader.AutoIt outbound connection (malware-cnc.rules)
 * 1:49953 <-> DISABLED <-> MALWARE-CNC Win.Downloader.AutoIt outbound connection (malware-cnc.rules)
 * 1:56545 <-> DISABLED <-> SERVER-WEBAPP rConfig commands.inc.php SQL injection attempt (server-webapp.rules)

2020-12-17 13:32:19 UTC

Snort Subscriber Rules Update

Date: 2020-12-17

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091601.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:56671 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zeroaccess-9809114-0 download attempt (malware-other.rules)
 * 1:56672 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zeroaccess-9809114-0 download attempt (malware-other.rules)
 * 1:56673 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809232-0 download attempt (malware-other.rules)
 * 1:56674 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809232-0 download attempt (malware-other.rules)
 * 1:56675 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809233-0 download attempt (malware-other.rules)
 * 1:56676 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809233-0 download attempt (malware-other.rules)
 * 1:56677 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809234-0 download attempt (malware-other.rules)
 * 1:56678 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809234-0 download attempt (malware-other.rules)
 * 1:56679 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809236-0 download attempt (malware-other.rules)
 * 1:56680 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809236-0 download attempt (malware-other.rules)
 * 1:56681 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809289-0 download attempt (malware-other.rules)
 * 1:56682 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809289-0 download attempt (malware-other.rules)
 * 1:56683 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809288-0 download attempt (malware-other.rules)
 * 1:56684 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809288-0 download attempt (malware-other.rules)
 * 1:56685 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809290-0 download attempt (malware-other.rules)
 * 1:56686 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809290-0 download attempt (malware-other.rules)
 * 1:56687 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809291-0 download attempt (malware-other.rules)
 * 1:56688 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809291-0 download attempt (malware-other.rules)
 * 1:56689 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809292-0 download attempt (malware-other.rules)
 * 1:56690 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809292-0 download attempt (malware-other.rules)
 * 1:56691 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809293-0 download attempt (malware-other.rules)
 * 1:56711 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ppatre-9809656-0 download attempt (malware-other.rules)
 * 1:56710 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809425-0 download attempt (malware-other.rules)
 * 1:56712 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ppatre-9809656-0 download attempt (malware-other.rules)
 * 1:56713 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Emotet-9809680-0 download attempt (malware-other.rules)
 * 1:56709 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809425-0 download attempt (malware-other.rules)
 * 1:56708 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809423-0 download attempt (malware-other.rules)
 * 1:56692 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809293-0 download attempt (malware-other.rules)
 * 1:56693 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809302-0 download attempt (malware-other.rules)
 * 1:56694 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809302-0 download attempt (malware-other.rules)
 * 1:56695 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9809303-0 download attempt (malware-other.rules)
 * 1:56696 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9809303-0 download attempt (malware-other.rules)
 * 1:56697 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809310-0 download attempt (malware-other.rules)
 * 1:56698 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809310-0 download attempt (malware-other.rules)
 * 1:56699 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809311-0 download attempt (malware-other.rules)
 * 1:56700 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809311-0 download attempt (malware-other.rules)
 * 1:56701 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Napolar-9809317-0 download attempt (malware-other.rules)
 * 1:56702 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Napolar-9809317-0 download attempt (malware-other.rules)
 * 1:56703 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Mikey-9809358-0 download attempt (malware-other.rules)
 * 1:56704 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Mikey-9809358-0 download attempt (malware-other.rules)
 * 1:56705 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809405-0 download attempt (malware-other.rules)
 * 1:56706 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809405-0 download attempt (malware-other.rules)
 * 1:56670 <-> DISABLED <-> MALWARE-OTHER Win.Virus.Ramnit-9808983-0 download attempt (malware-other.rules)
 * 1:56714 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Emotet-9809680-0 download attempt (malware-other.rules)
 * 1:56715 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Priplut-9809769-0 download attempt (malware-other.rules)
 * 1:56716 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Priplut-9809769-0 download attempt (malware-other.rules)
 * 1:56717 <-> ENABLED <-> MALWARE-CNC Win.Ransomware.Egregor variant outbound connection (malware-cnc.rules)
 * 1:56718 <-> ENABLED <-> MALWARE-CNC Win.Trojan.xDLL variant outbound communication attempt (malware-cnc.rules)
 * 1:56719 <-> ENABLED <-> MALWARE-CNC Win.Trojan.xDLL variant outbound communication attempt (malware-cnc.rules)
 * 1:56720 <-> DISABLED <-> SERVER-WEBAPP Citrix ADC and Gateway authentication bypass attempt (server-webapp.rules)
 * 1:56669 <-> DISABLED <-> MALWARE-OTHER Win.Virus.Ramnit-9808983-0 download attempt (malware-other.rules)
 * 1:56707 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809423-0 download attempt (malware-other.rules)
 * 3:56721 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1213 attack attempt (file-other.rules)
 * 3:56722 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1213 attack attempt (file-other.rules)
 * 3:56723 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1215 attack attempt (file-other.rules)
 * 3:56724 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1215 attack attempt (file-other.rules)
 * 3:56725 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1218 attack attempt (file-other.rules)
 * 3:56726 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1218 attack attempt (file-other.rules)
 * 3:56727 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1219 attack attempt (file-other.rules)
 * 3:56728 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1219 attack attempt (file-other.rules)
 * 3:56729 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2020-1217 attack attempt (server-other.rules)

Modified Rules:


 * 1:47860 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Xamaria variant outbound connection (malware-cnc.rules)
 * 1:49952 <-> DISABLED <-> MALWARE-CNC Win.Downloader.AutoIt outbound connection (malware-cnc.rules)
 * 1:49953 <-> DISABLED <-> MALWARE-CNC Win.Downloader.AutoIt outbound connection (malware-cnc.rules)
 * 1:56545 <-> DISABLED <-> SERVER-WEBAPP rConfig commands.inc.php SQL injection attempt (server-webapp.rules)

2020-12-17 13:32:19 UTC

Snort Subscriber Rules Update

Date: 2020-12-17

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091600.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:56670 <-> DISABLED <-> MALWARE-OTHER Win.Virus.Ramnit-9808983-0 download attempt (malware-other.rules)
 * 1:56684 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809288-0 download attempt (malware-other.rules)
 * 1:56682 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809289-0 download attempt (malware-other.rules)
 * 1:56710 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809425-0 download attempt (malware-other.rules)
 * 1:56708 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809423-0 download attempt (malware-other.rules)
 * 1:56709 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809425-0 download attempt (malware-other.rules)
 * 1:56711 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ppatre-9809656-0 download attempt (malware-other.rules)
 * 1:56712 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ppatre-9809656-0 download attempt (malware-other.rules)
 * 1:56713 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Emotet-9809680-0 download attempt (malware-other.rules)
 * 1:56714 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Emotet-9809680-0 download attempt (malware-other.rules)
 * 1:56715 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Priplut-9809769-0 download attempt (malware-other.rules)
 * 1:56716 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Priplut-9809769-0 download attempt (malware-other.rules)
 * 1:56717 <-> ENABLED <-> MALWARE-CNC Win.Ransomware.Egregor variant outbound connection (malware-cnc.rules)
 * 1:56718 <-> ENABLED <-> MALWARE-CNC Win.Trojan.xDLL variant outbound communication attempt (malware-cnc.rules)
 * 1:56719 <-> ENABLED <-> MALWARE-CNC Win.Trojan.xDLL variant outbound communication attempt (malware-cnc.rules)
 * 1:56720 <-> DISABLED <-> SERVER-WEBAPP Citrix ADC and Gateway authentication bypass attempt (server-webapp.rules)
 * 1:56683 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809288-0 download attempt (malware-other.rules)
 * 1:56705 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809405-0 download attempt (malware-other.rules)
 * 1:56672 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zeroaccess-9809114-0 download attempt (malware-other.rules)
 * 1:56671 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zeroaccess-9809114-0 download attempt (malware-other.rules)
 * 1:56676 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809233-0 download attempt (malware-other.rules)
 * 1:56675 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809233-0 download attempt (malware-other.rules)
 * 1:56678 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809234-0 download attempt (malware-other.rules)
 * 1:56677 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809234-0 download attempt (malware-other.rules)
 * 1:56680 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809236-0 download attempt (malware-other.rules)
 * 1:56679 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809236-0 download attempt (malware-other.rules)
 * 1:56681 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809289-0 download attempt (malware-other.rules)
 * 1:56686 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809290-0 download attempt (malware-other.rules)
 * 1:56685 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809290-0 download attempt (malware-other.rules)
 * 1:56688 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809291-0 download attempt (malware-other.rules)
 * 1:56687 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809291-0 download attempt (malware-other.rules)
 * 1:56690 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809292-0 download attempt (malware-other.rules)
 * 1:56689 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809292-0 download attempt (malware-other.rules)
 * 1:56692 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809293-0 download attempt (malware-other.rules)
 * 1:56691 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809293-0 download attempt (malware-other.rules)
 * 1:56694 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809302-0 download attempt (malware-other.rules)
 * 1:56693 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809302-0 download attempt (malware-other.rules)
 * 1:56695 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9809303-0 download attempt (malware-other.rules)
 * 1:56696 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9809303-0 download attempt (malware-other.rules)
 * 1:56698 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809310-0 download attempt (malware-other.rules)
 * 1:56697 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809310-0 download attempt (malware-other.rules)
 * 1:56700 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809311-0 download attempt (malware-other.rules)
 * 1:56699 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809311-0 download attempt (malware-other.rules)
 * 1:56702 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Napolar-9809317-0 download attempt (malware-other.rules)
 * 1:56701 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Napolar-9809317-0 download attempt (malware-other.rules)
 * 1:56703 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Mikey-9809358-0 download attempt (malware-other.rules)
 * 1:56704 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Mikey-9809358-0 download attempt (malware-other.rules)
 * 1:56674 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809232-0 download attempt (malware-other.rules)
 * 1:56673 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809232-0 download attempt (malware-other.rules)
 * 1:56669 <-> DISABLED <-> MALWARE-OTHER Win.Virus.Ramnit-9808983-0 download attempt (malware-other.rules)
 * 1:56706 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809405-0 download attempt (malware-other.rules)
 * 1:56707 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809423-0 download attempt (malware-other.rules)
 * 3:56721 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1213 attack attempt (file-other.rules)
 * 3:56722 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1213 attack attempt (file-other.rules)
 * 3:56724 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1215 attack attempt (file-other.rules)
 * 3:56723 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1215 attack attempt (file-other.rules)
 * 3:56725 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1218 attack attempt (file-other.rules)
 * 3:56726 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1218 attack attempt (file-other.rules)
 * 3:56727 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1219 attack attempt (file-other.rules)
 * 3:56728 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1219 attack attempt (file-other.rules)
 * 3:56729 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2020-1217 attack attempt (server-other.rules)

Modified Rules:


 * 1:47860 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Xamaria variant outbound connection (malware-cnc.rules)
 * 1:49952 <-> DISABLED <-> MALWARE-CNC Win.Downloader.AutoIt outbound connection (malware-cnc.rules)
 * 1:49953 <-> DISABLED <-> MALWARE-CNC Win.Downloader.AutoIt outbound connection (malware-cnc.rules)
 * 1:56545 <-> DISABLED <-> SERVER-WEBAPP rConfig commands.inc.php SQL injection attempt (server-webapp.rules)

2020-12-17 13:32:19 UTC

Snort Subscriber Rules Update

Date: 2020-12-17

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091501.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:56712 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ppatre-9809656-0 download attempt (malware-other.rules)
 * 1:56715 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Priplut-9809769-0 download attempt (malware-other.rules)
 * 1:56714 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Emotet-9809680-0 download attempt (malware-other.rules)
 * 1:56717 <-> ENABLED <-> MALWARE-CNC Win.Ransomware.Egregor variant outbound connection (malware-cnc.rules)
 * 1:56711 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ppatre-9809656-0 download attempt (malware-other.rules)
 * 1:56682 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809289-0 download attempt (malware-other.rules)
 * 1:56683 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809288-0 download attempt (malware-other.rules)
 * 1:56713 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Emotet-9809680-0 download attempt (malware-other.rules)
 * 1:56708 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809423-0 download attempt (malware-other.rules)
 * 1:56674 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809232-0 download attempt (malware-other.rules)
 * 1:56709 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809425-0 download attempt (malware-other.rules)
 * 1:56673 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809232-0 download attempt (malware-other.rules)
 * 1:56669 <-> DISABLED <-> MALWARE-OTHER Win.Virus.Ramnit-9808983-0 download attempt (malware-other.rules)
 * 1:56670 <-> DISABLED <-> MALWARE-OTHER Win.Virus.Ramnit-9808983-0 download attempt (malware-other.rules)
 * 1:56710 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809425-0 download attempt (malware-other.rules)
 * 1:56718 <-> ENABLED <-> MALWARE-CNC Win.Trojan.xDLL variant outbound communication attempt (malware-cnc.rules)
 * 1:56672 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zeroaccess-9809114-0 download attempt (malware-other.rules)
 * 1:56671 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zeroaccess-9809114-0 download attempt (malware-other.rules)
 * 1:56676 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809233-0 download attempt (malware-other.rules)
 * 1:56675 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809233-0 download attempt (malware-other.rules)
 * 1:56678 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809234-0 download attempt (malware-other.rules)
 * 1:56680 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809236-0 download attempt (malware-other.rules)
 * 1:56679 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809236-0 download attempt (malware-other.rules)
 * 1:56677 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809234-0 download attempt (malware-other.rules)
 * 1:56681 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809289-0 download attempt (malware-other.rules)
 * 1:56686 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809290-0 download attempt (malware-other.rules)
 * 1:56685 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809290-0 download attempt (malware-other.rules)
 * 1:56688 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809291-0 download attempt (malware-other.rules)
 * 1:56690 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809292-0 download attempt (malware-other.rules)
 * 1:56689 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809292-0 download attempt (malware-other.rules)
 * 1:56692 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809293-0 download attempt (malware-other.rules)
 * 1:56687 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809291-0 download attempt (malware-other.rules)
 * 1:56694 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809302-0 download attempt (malware-other.rules)
 * 1:56693 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809302-0 download attempt (malware-other.rules)
 * 1:56696 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9809303-0 download attempt (malware-other.rules)
 * 1:56691 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809293-0 download attempt (malware-other.rules)
 * 1:56698 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809310-0 download attempt (malware-other.rules)
 * 1:56697 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809310-0 download attempt (malware-other.rules)
 * 1:56700 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809311-0 download attempt (malware-other.rules)
 * 1:56695 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9809303-0 download attempt (malware-other.rules)
 * 1:56702 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Napolar-9809317-0 download attempt (malware-other.rules)
 * 1:56701 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Napolar-9809317-0 download attempt (malware-other.rules)
 * 1:56704 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Mikey-9809358-0 download attempt (malware-other.rules)
 * 1:56699 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809311-0 download attempt (malware-other.rules)
 * 1:56706 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809405-0 download attempt (malware-other.rules)
 * 1:56705 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809405-0 download attempt (malware-other.rules)
 * 1:56703 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Mikey-9809358-0 download attempt (malware-other.rules)
 * 1:56707 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809423-0 download attempt (malware-other.rules)
 * 1:56684 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809288-0 download attempt (malware-other.rules)
 * 1:56720 <-> DISABLED <-> SERVER-WEBAPP Citrix ADC and Gateway authentication bypass attempt (server-webapp.rules)
 * 1:56719 <-> ENABLED <-> MALWARE-CNC Win.Trojan.xDLL variant outbound communication attempt (malware-cnc.rules)
 * 1:56716 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Priplut-9809769-0 download attempt (malware-other.rules)
 * 3:56727 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1219 attack attempt (file-other.rules)
 * 3:56724 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1215 attack attempt (file-other.rules)
 * 3:56725 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1218 attack attempt (file-other.rules)
 * 3:56728 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1219 attack attempt (file-other.rules)
 * 3:56726 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1218 attack attempt (file-other.rules)
 * 3:56729 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2020-1217 attack attempt (server-other.rules)
 * 3:56722 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1213 attack attempt (file-other.rules)
 * 3:56723 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1215 attack attempt (file-other.rules)
 * 3:56721 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1213 attack attempt (file-other.rules)

Modified Rules:


 * 1:47860 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Xamaria variant outbound connection (malware-cnc.rules)
 * 1:49952 <-> DISABLED <-> MALWARE-CNC Win.Downloader.AutoIt outbound connection (malware-cnc.rules)
 * 1:49953 <-> DISABLED <-> MALWARE-CNC Win.Downloader.AutoIt outbound connection (malware-cnc.rules)
 * 1:56545 <-> DISABLED <-> SERVER-WEBAPP rConfig commands.inc.php SQL injection attempt (server-webapp.rules)

2020-12-17 13:32:19 UTC

Snort Subscriber Rules Update

Date: 2020-12-17

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091500.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:56710 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809425-0 download attempt (malware-other.rules)
 * 1:56709 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809425-0 download attempt (malware-other.rules)
 * 1:56674 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809232-0 download attempt (malware-other.rules)
 * 1:56715 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Priplut-9809769-0 download attempt (malware-other.rules)
 * 1:56717 <-> ENABLED <-> MALWARE-CNC Win.Ransomware.Egregor variant outbound connection (malware-cnc.rules)
 * 1:56711 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ppatre-9809656-0 download attempt (malware-other.rules)
 * 1:56712 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ppatre-9809656-0 download attempt (malware-other.rules)
 * 1:56683 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809288-0 download attempt (malware-other.rules)
 * 1:56669 <-> DISABLED <-> MALWARE-OTHER Win.Virus.Ramnit-9808983-0 download attempt (malware-other.rules)
 * 1:56708 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809423-0 download attempt (malware-other.rules)
 * 1:56673 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809232-0 download attempt (malware-other.rules)
 * 1:56718 <-> ENABLED <-> MALWARE-CNC Win.Trojan.xDLL variant outbound communication attempt (malware-cnc.rules)
 * 1:56670 <-> DISABLED <-> MALWARE-OTHER Win.Virus.Ramnit-9808983-0 download attempt (malware-other.rules)
 * 1:56672 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zeroaccess-9809114-0 download attempt (malware-other.rules)
 * 1:56671 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zeroaccess-9809114-0 download attempt (malware-other.rules)
 * 1:56675 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809233-0 download attempt (malware-other.rules)
 * 1:56678 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809234-0 download attempt (malware-other.rules)
 * 1:56676 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809233-0 download attempt (malware-other.rules)
 * 1:56679 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809236-0 download attempt (malware-other.rules)
 * 1:56677 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809234-0 download attempt (malware-other.rules)
 * 1:56680 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809236-0 download attempt (malware-other.rules)
 * 1:56681 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809289-0 download attempt (malware-other.rules)
 * 1:56685 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809290-0 download attempt (malware-other.rules)
 * 1:56688 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809291-0 download attempt (malware-other.rules)
 * 1:56686 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809290-0 download attempt (malware-other.rules)
 * 1:56689 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809292-0 download attempt (malware-other.rules)
 * 1:56692 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809293-0 download attempt (malware-other.rules)
 * 1:56687 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809291-0 download attempt (malware-other.rules)
 * 1:56690 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809292-0 download attempt (malware-other.rules)
 * 1:56693 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809302-0 download attempt (malware-other.rules)
 * 1:56696 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9809303-0 download attempt (malware-other.rules)
 * 1:56691 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809293-0 download attempt (malware-other.rules)
 * 1:56700 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809311-0 download attempt (malware-other.rules)
 * 1:56697 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809310-0 download attempt (malware-other.rules)
 * 1:56694 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809302-0 download attempt (malware-other.rules)
 * 1:56695 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9809303-0 download attempt (malware-other.rules)
 * 1:56698 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809310-0 download attempt (malware-other.rules)
 * 1:56701 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Napolar-9809317-0 download attempt (malware-other.rules)
 * 1:56699 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809311-0 download attempt (malware-other.rules)
 * 1:56705 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809405-0 download attempt (malware-other.rules)
 * 1:56704 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Mikey-9809358-0 download attempt (malware-other.rules)
 * 1:56703 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Mikey-9809358-0 download attempt (malware-other.rules)
 * 1:56702 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Napolar-9809317-0 download attempt (malware-other.rules)
 * 1:56707 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809423-0 download attempt (malware-other.rules)
 * 1:56706 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809405-0 download attempt (malware-other.rules)
 * 1:56684 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809288-0 download attempt (malware-other.rules)
 * 1:56720 <-> DISABLED <-> SERVER-WEBAPP Citrix ADC and Gateway authentication bypass attempt (server-webapp.rules)
 * 1:56716 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Priplut-9809769-0 download attempt (malware-other.rules)
 * 1:56719 <-> ENABLED <-> MALWARE-CNC Win.Trojan.xDLL variant outbound communication attempt (malware-cnc.rules)
 * 1:56714 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Emotet-9809680-0 download attempt (malware-other.rules)
 * 1:56682 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809289-0 download attempt (malware-other.rules)
 * 1:56713 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Emotet-9809680-0 download attempt (malware-other.rules)
 * 3:56725 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1218 attack attempt (file-other.rules)
 * 3:56722 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1213 attack attempt (file-other.rules)
 * 3:56727 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1219 attack attempt (file-other.rules)
 * 3:56723 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1215 attack attempt (file-other.rules)
 * 3:56726 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1218 attack attempt (file-other.rules)
 * 3:56724 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1215 attack attempt (file-other.rules)
 * 3:56728 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1219 attack attempt (file-other.rules)
 * 3:56729 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2020-1217 attack attempt (server-other.rules)
 * 3:56721 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1213 attack attempt (file-other.rules)

Modified Rules:


 * 1:47860 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Xamaria variant outbound connection (malware-cnc.rules)
 * 1:49952 <-> DISABLED <-> MALWARE-CNC Win.Downloader.AutoIt outbound connection (malware-cnc.rules)
 * 1:49953 <-> DISABLED <-> MALWARE-CNC Win.Downloader.AutoIt outbound connection (malware-cnc.rules)
 * 1:56545 <-> DISABLED <-> SERVER-WEBAPP rConfig commands.inc.php SQL injection attempt (server-webapp.rules)

2020-12-17 13:32:19 UTC

Snort Subscriber Rules Update

Date: 2020-12-17

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091401.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:56709 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809425-0 download attempt (malware-other.rules)
 * 1:56710 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809425-0 download attempt (malware-other.rules)
 * 1:56674 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809232-0 download attempt (malware-other.rules)
 * 1:56673 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809232-0 download attempt (malware-other.rules)
 * 1:56715 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Priplut-9809769-0 download attempt (malware-other.rules)
 * 1:56717 <-> ENABLED <-> MALWARE-CNC Win.Ransomware.Egregor variant outbound connection (malware-cnc.rules)
 * 1:56711 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ppatre-9809656-0 download attempt (malware-other.rules)
 * 1:56712 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ppatre-9809656-0 download attempt (malware-other.rules)
 * 1:56713 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Emotet-9809680-0 download attempt (malware-other.rules)
 * 1:56672 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zeroaccess-9809114-0 download attempt (malware-other.rules)
 * 1:56718 <-> ENABLED <-> MALWARE-CNC Win.Trojan.xDLL variant outbound communication attempt (malware-cnc.rules)
 * 1:56683 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809288-0 download attempt (malware-other.rules)
 * 1:56682 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809289-0 download attempt (malware-other.rules)
 * 1:56671 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zeroaccess-9809114-0 download attempt (malware-other.rules)
 * 1:56675 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809233-0 download attempt (malware-other.rules)
 * 1:56678 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809234-0 download attempt (malware-other.rules)
 * 1:56677 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809234-0 download attempt (malware-other.rules)
 * 1:56676 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809233-0 download attempt (malware-other.rules)
 * 1:56679 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809236-0 download attempt (malware-other.rules)
 * 1:56681 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809289-0 download attempt (malware-other.rules)
 * 1:56680 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809236-0 download attempt (malware-other.rules)
 * 1:56685 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809290-0 download attempt (malware-other.rules)
 * 1:56688 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809291-0 download attempt (malware-other.rules)
 * 1:56687 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809291-0 download attempt (malware-other.rules)
 * 1:56686 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809290-0 download attempt (malware-other.rules)
 * 1:56689 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809292-0 download attempt (malware-other.rules)
 * 1:56692 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809293-0 download attempt (malware-other.rules)
 * 1:56690 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809292-0 download attempt (malware-other.rules)
 * 1:56691 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809293-0 download attempt (malware-other.rules)
 * 1:56693 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809302-0 download attempt (malware-other.rules)
 * 1:56696 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9809303-0 download attempt (malware-other.rules)
 * 1:56695 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9809303-0 download attempt (malware-other.rules)
 * 1:56694 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809302-0 download attempt (malware-other.rules)
 * 1:56697 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809310-0 download attempt (malware-other.rules)
 * 1:56700 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809311-0 download attempt (malware-other.rules)
 * 1:56699 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809311-0 download attempt (malware-other.rules)
 * 1:56698 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809310-0 download attempt (malware-other.rules)
 * 1:56701 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Napolar-9809317-0 download attempt (malware-other.rules)
 * 1:56704 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Mikey-9809358-0 download attempt (malware-other.rules)
 * 1:56703 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Mikey-9809358-0 download attempt (malware-other.rules)
 * 1:56702 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Napolar-9809317-0 download attempt (malware-other.rules)
 * 1:56705 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809405-0 download attempt (malware-other.rules)
 * 1:56707 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809423-0 download attempt (malware-other.rules)
 * 1:56706 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809405-0 download attempt (malware-other.rules)
 * 1:56670 <-> DISABLED <-> MALWARE-OTHER Win.Virus.Ramnit-9808983-0 download attempt (malware-other.rules)
 * 1:56669 <-> DISABLED <-> MALWARE-OTHER Win.Virus.Ramnit-9808983-0 download attempt (malware-other.rules)
 * 1:56684 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809288-0 download attempt (malware-other.rules)
 * 1:56720 <-> DISABLED <-> SERVER-WEBAPP Citrix ADC and Gateway authentication bypass attempt (server-webapp.rules)
 * 1:56716 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Priplut-9809769-0 download attempt (malware-other.rules)
 * 1:56719 <-> ENABLED <-> MALWARE-CNC Win.Trojan.xDLL variant outbound communication attempt (malware-cnc.rules)
 * 1:56714 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Emotet-9809680-0 download attempt (malware-other.rules)
 * 1:56708 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809423-0 download attempt (malware-other.rules)
 * 3:56725 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1218 attack attempt (file-other.rules)
 * 3:56726 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1218 attack attempt (file-other.rules)
 * 3:56724 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1215 attack attempt (file-other.rules)
 * 3:56723 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1215 attack attempt (file-other.rules)
 * 3:56729 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2020-1217 attack attempt (server-other.rules)
 * 3:56728 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1219 attack attempt (file-other.rules)
 * 3:56721 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1213 attack attempt (file-other.rules)
 * 3:56727 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1219 attack attempt (file-other.rules)
 * 3:56722 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1213 attack attempt (file-other.rules)

Modified Rules:


 * 1:47860 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Xamaria variant outbound connection (malware-cnc.rules)
 * 1:49952 <-> DISABLED <-> MALWARE-CNC Win.Downloader.AutoIt outbound connection (malware-cnc.rules)
 * 1:49953 <-> DISABLED <-> MALWARE-CNC Win.Downloader.AutoIt outbound connection (malware-cnc.rules)
 * 1:56545 <-> DISABLED <-> SERVER-WEBAPP rConfig commands.inc.php SQL injection attempt (server-webapp.rules)

2020-12-17 13:32:19 UTC

Snort Subscriber Rules Update

Date: 2020-12-17

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091300.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:56676 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809233-0 download attempt (malware-other.rules)
 * 1:56677 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809234-0 download attempt (malware-other.rules)
 * 1:56678 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809234-0 download attempt (malware-other.rules)
 * 1:56679 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809236-0 download attempt (malware-other.rules)
 * 1:56680 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809236-0 download attempt (malware-other.rules)
 * 1:56681 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809289-0 download attempt (malware-other.rules)
 * 1:56685 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809290-0 download attempt (malware-other.rules)
 * 1:56686 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809290-0 download attempt (malware-other.rules)
 * 1:56687 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809291-0 download attempt (malware-other.rules)
 * 1:56688 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809291-0 download attempt (malware-other.rules)
 * 1:56689 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809292-0 download attempt (malware-other.rules)
 * 1:56690 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809292-0 download attempt (malware-other.rules)
 * 1:56691 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809293-0 download attempt (malware-other.rules)
 * 1:56692 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809293-0 download attempt (malware-other.rules)
 * 1:56693 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809302-0 download attempt (malware-other.rules)
 * 1:56694 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809302-0 download attempt (malware-other.rules)
 * 1:56695 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9809303-0 download attempt (malware-other.rules)
 * 1:56696 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9809303-0 download attempt (malware-other.rules)
 * 1:56697 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809310-0 download attempt (malware-other.rules)
 * 1:56698 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809310-0 download attempt (malware-other.rules)
 * 1:56699 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809311-0 download attempt (malware-other.rules)
 * 1:56700 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809311-0 download attempt (malware-other.rules)
 * 1:56701 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Napolar-9809317-0 download attempt (malware-other.rules)
 * 1:56702 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Napolar-9809317-0 download attempt (malware-other.rules)
 * 1:56703 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Mikey-9809358-0 download attempt (malware-other.rules)
 * 1:56669 <-> DISABLED <-> MALWARE-OTHER Win.Virus.Ramnit-9808983-0 download attempt (malware-other.rules)
 * 1:56704 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Mikey-9809358-0 download attempt (malware-other.rules)
 * 1:56705 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809405-0 download attempt (malware-other.rules)
 * 1:56706 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809405-0 download attempt (malware-other.rules)
 * 1:56707 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809423-0 download attempt (malware-other.rules)
 * 1:56715 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Priplut-9809769-0 download attempt (malware-other.rules)
 * 1:56708 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809423-0 download attempt (malware-other.rules)
 * 1:56717 <-> ENABLED <-> MALWARE-CNC Win.Ransomware.Egregor variant outbound connection (malware-cnc.rules)
 * 1:56674 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809232-0 download attempt (malware-other.rules)
 * 1:56711 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ppatre-9809656-0 download attempt (malware-other.rules)
 * 1:56712 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ppatre-9809656-0 download attempt (malware-other.rules)
 * 1:56709 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809425-0 download attempt (malware-other.rules)
 * 1:56718 <-> ENABLED <-> MALWARE-CNC Win.Trojan.xDLL variant outbound communication attempt (malware-cnc.rules)
 * 1:56682 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809289-0 download attempt (malware-other.rules)
 * 1:56675 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809233-0 download attempt (malware-other.rules)
 * 1:56672 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zeroaccess-9809114-0 download attempt (malware-other.rules)
 * 1:56683 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809288-0 download attempt (malware-other.rules)
 * 1:56671 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zeroaccess-9809114-0 download attempt (malware-other.rules)
 * 1:56670 <-> DISABLED <-> MALWARE-OTHER Win.Virus.Ramnit-9808983-0 download attempt (malware-other.rules)
 * 1:56673 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809232-0 download attempt (malware-other.rules)
 * 1:56684 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809288-0 download attempt (malware-other.rules)
 * 1:56720 <-> DISABLED <-> SERVER-WEBAPP Citrix ADC and Gateway authentication bypass attempt (server-webapp.rules)
 * 1:56719 <-> ENABLED <-> MALWARE-CNC Win.Trojan.xDLL variant outbound communication attempt (malware-cnc.rules)
 * 1:56716 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Priplut-9809769-0 download attempt (malware-other.rules)
 * 1:56714 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Emotet-9809680-0 download attempt (malware-other.rules)
 * 1:56713 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Emotet-9809680-0 download attempt (malware-other.rules)
 * 1:56710 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809425-0 download attempt (malware-other.rules)
 * 3:56728 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1219 attack attempt (file-other.rules)
 * 3:56725 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1218 attack attempt (file-other.rules)
 * 3:56722 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1213 attack attempt (file-other.rules)
 * 3:56727 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1219 attack attempt (file-other.rules)
 * 3:56723 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1215 attack attempt (file-other.rules)
 * 3:56729 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2020-1217 attack attempt (server-other.rules)
 * 3:56724 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1215 attack attempt (file-other.rules)
 * 3:56721 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1213 attack attempt (file-other.rules)
 * 3:56726 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1218 attack attempt (file-other.rules)

Modified Rules:


 * 1:47860 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Xamaria variant outbound connection (malware-cnc.rules)
 * 1:49952 <-> DISABLED <-> MALWARE-CNC Win.Downloader.AutoIt outbound connection (malware-cnc.rules)
 * 1:49953 <-> DISABLED <-> MALWARE-CNC Win.Downloader.AutoIt outbound connection (malware-cnc.rules)
 * 1:56545 <-> DISABLED <-> SERVER-WEBAPP rConfig commands.inc.php SQL injection attempt (server-webapp.rules)

2020-12-17 13:32:19 UTC

Snort Subscriber Rules Update

Date: 2020-12-17

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091101.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:56683 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809288-0 download attempt (malware-other.rules)
 * 1:56670 <-> DISABLED <-> MALWARE-OTHER Win.Virus.Ramnit-9808983-0 download attempt (malware-other.rules)
 * 1:56675 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809233-0 download attempt (malware-other.rules)
 * 1:56676 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809233-0 download attempt (malware-other.rules)
 * 1:56715 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Priplut-9809769-0 download attempt (malware-other.rules)
 * 1:56677 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809234-0 download attempt (malware-other.rules)
 * 1:56669 <-> DISABLED <-> MALWARE-OTHER Win.Virus.Ramnit-9808983-0 download attempt (malware-other.rules)
 * 1:56717 <-> ENABLED <-> MALWARE-CNC Win.Ransomware.Egregor variant outbound connection (malware-cnc.rules)
 * 1:56684 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809288-0 download attempt (malware-other.rules)
 * 1:56680 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809236-0 download attempt (malware-other.rules)
 * 1:56681 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809289-0 download attempt (malware-other.rules)
 * 1:56720 <-> DISABLED <-> SERVER-WEBAPP Citrix ADC and Gateway authentication bypass attempt (server-webapp.rules)
 * 1:56711 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ppatre-9809656-0 download attempt (malware-other.rules)
 * 1:56685 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809290-0 download attempt (malware-other.rules)
 * 1:56704 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Mikey-9809358-0 download attempt (malware-other.rules)
 * 1:56706 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809405-0 download attempt (malware-other.rules)
 * 1:56705 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809405-0 download attempt (malware-other.rules)
 * 1:56707 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809423-0 download attempt (malware-other.rules)
 * 1:56702 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Napolar-9809317-0 download attempt (malware-other.rules)
 * 1:56701 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Napolar-9809317-0 download attempt (malware-other.rules)
 * 1:56709 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809425-0 download attempt (malware-other.rules)
 * 1:56703 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Mikey-9809358-0 download attempt (malware-other.rules)
 * 1:56672 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zeroaccess-9809114-0 download attempt (malware-other.rules)
 * 1:56671 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zeroaccess-9809114-0 download attempt (malware-other.rules)
 * 1:56686 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809290-0 download attempt (malware-other.rules)
 * 1:56687 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809291-0 download attempt (malware-other.rules)
 * 1:56688 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809291-0 download attempt (malware-other.rules)
 * 1:56689 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809292-0 download attempt (malware-other.rules)
 * 1:56690 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809292-0 download attempt (malware-other.rules)
 * 1:56691 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809293-0 download attempt (malware-other.rules)
 * 1:56692 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809293-0 download attempt (malware-other.rules)
 * 1:56693 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809302-0 download attempt (malware-other.rules)
 * 1:56718 <-> ENABLED <-> MALWARE-CNC Win.Trojan.xDLL variant outbound communication attempt (malware-cnc.rules)
 * 1:56694 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809302-0 download attempt (malware-other.rules)
 * 1:56695 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9809303-0 download attempt (malware-other.rules)
 * 1:56696 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9809303-0 download attempt (malware-other.rules)
 * 1:56697 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809310-0 download attempt (malware-other.rules)
 * 1:56698 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809310-0 download attempt (malware-other.rules)
 * 1:56699 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809311-0 download attempt (malware-other.rules)
 * 1:56700 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809311-0 download attempt (malware-other.rules)
 * 1:56682 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809289-0 download attempt (malware-other.rules)
 * 1:56674 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809232-0 download attempt (malware-other.rules)
 * 1:56673 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809232-0 download attempt (malware-other.rules)
 * 1:56719 <-> ENABLED <-> MALWARE-CNC Win.Trojan.xDLL variant outbound communication attempt (malware-cnc.rules)
 * 1:56716 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Priplut-9809769-0 download attempt (malware-other.rules)
 * 1:56714 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Emotet-9809680-0 download attempt (malware-other.rules)
 * 1:56712 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ppatre-9809656-0 download attempt (malware-other.rules)
 * 1:56713 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Emotet-9809680-0 download attempt (malware-other.rules)
 * 1:56708 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809423-0 download attempt (malware-other.rules)
 * 1:56710 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809425-0 download attempt (malware-other.rules)
 * 1:56679 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809236-0 download attempt (malware-other.rules)
 * 1:56678 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809234-0 download attempt (malware-other.rules)
 * 3:56723 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1215 attack attempt (file-other.rules)
 * 3:56722 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1213 attack attempt (file-other.rules)
 * 3:56729 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2020-1217 attack attempt (server-other.rules)
 * 3:56728 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1219 attack attempt (file-other.rules)
 * 3:56725 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1218 attack attempt (file-other.rules)
 * 3:56726 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1218 attack attempt (file-other.rules)
 * 3:56721 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1213 attack attempt (file-other.rules)
 * 3:56727 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1219 attack attempt (file-other.rules)
 * 3:56724 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1215 attack attempt (file-other.rules)

Modified Rules:


 * 1:47860 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Xamaria variant outbound connection (malware-cnc.rules)
 * 1:49952 <-> DISABLED <-> MALWARE-CNC Win.Downloader.AutoIt outbound connection (malware-cnc.rules)
 * 1:49953 <-> DISABLED <-> MALWARE-CNC Win.Downloader.AutoIt outbound connection (malware-cnc.rules)
 * 1:56545 <-> DISABLED <-> SERVER-WEBAPP rConfig commands.inc.php SQL injection attempt (server-webapp.rules)

2020-12-17 13:32:20 UTC

Snort Subscriber Rules Update

Date: 2020-12-17

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3000.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:56679 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809236-0 download attempt (snort3-malware-other.rules)
 * 1:56672 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zeroaccess-9809114-0 download attempt (snort3-malware-other.rules)
 * 1:56676 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809233-0 download attempt (snort3-malware-other.rules)
 * 1:56677 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809234-0 download attempt (snort3-malware-other.rules)
 * 1:56671 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zeroaccess-9809114-0 download attempt (snort3-malware-other.rules)
 * 1:56674 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809232-0 download attempt (snort3-malware-other.rules)
 * 1:56688 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809291-0 download attempt (snort3-malware-other.rules)
 * 1:56670 <-> DISABLED <-> MALWARE-OTHER Win.Virus.Ramnit-9808983-0 download attempt (snort3-malware-other.rules)
 * 1:56675 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809233-0 download attempt (snort3-malware-other.rules)
 * 1:56680 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809236-0 download attempt (snort3-malware-other.rules)
 * 1:56681 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809289-0 download attempt (snort3-malware-other.rules)
 * 1:56682 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809289-0 download attempt (snort3-malware-other.rules)
 * 1:56713 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Emotet-9809680-0 download attempt (snort3-malware-other.rules)
 * 1:56683 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809288-0 download attempt (snort3-malware-other.rules)
 * 1:56717 <-> ENABLED <-> MALWARE-CNC Win.Ransomware.Egregor variant outbound connection (snort3-malware-cnc.rules)
 * 1:56684 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809288-0 download attempt (snort3-malware-other.rules)
 * 1:56714 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Emotet-9809680-0 download attempt (snort3-malware-other.rules)
 * 1:56715 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Priplut-9809769-0 download attempt (snort3-malware-other.rules)
 * 1:56685 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809290-0 download attempt (snort3-malware-other.rules)
 * 1:56712 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ppatre-9809656-0 download attempt (snort3-malware-other.rules)
 * 1:56686 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809290-0 download attempt (snort3-malware-other.rules)
 * 1:56719 <-> ENABLED <-> MALWARE-CNC Win.Trojan.xDLL variant outbound communication attempt (snort3-malware-cnc.rules)
 * 1:56689 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809292-0 download attempt (snort3-malware-other.rules)
 * 1:56690 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809292-0 download attempt (snort3-malware-other.rules)
 * 1:56691 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809293-0 download attempt (snort3-malware-other.rules)
 * 1:56692 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809293-0 download attempt (snort3-malware-other.rules)
 * 1:56693 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809302-0 download attempt (snort3-malware-other.rules)
 * 1:56694 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809302-0 download attempt (snort3-malware-other.rules)
 * 1:56678 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809234-0 download attempt (snort3-malware-other.rules)
 * 1:56695 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9809303-0 download attempt (snort3-malware-other.rules)
 * 1:56696 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9809303-0 download attempt (snort3-malware-other.rules)
 * 1:56697 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809310-0 download attempt (snort3-malware-other.rules)
 * 1:56698 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809310-0 download attempt (snort3-malware-other.rules)
 * 1:56699 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809311-0 download attempt (snort3-malware-other.rules)
 * 1:56700 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809311-0 download attempt (snort3-malware-other.rules)
 * 1:56701 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Napolar-9809317-0 download attempt (snort3-malware-other.rules)
 * 1:56702 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Napolar-9809317-0 download attempt (snort3-malware-other.rules)
 * 1:56703 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Mikey-9809358-0 download attempt (snort3-malware-other.rules)
 * 1:56718 <-> ENABLED <-> MALWARE-CNC Win.Trojan.xDLL variant outbound communication attempt (snort3-malware-cnc.rules)
 * 1:56704 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Mikey-9809358-0 download attempt (snort3-malware-other.rules)
 * 1:56705 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809405-0 download attempt (snort3-malware-other.rules)
 * 1:56706 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809405-0 download attempt (snort3-malware-other.rules)
 * 1:56707 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809423-0 download attempt (snort3-malware-other.rules)
 * 1:56669 <-> DISABLED <-> MALWARE-OTHER Win.Virus.Ramnit-9808983-0 download attempt (snort3-malware-other.rules)
 * 1:56720 <-> DISABLED <-> SERVER-WEBAPP Citrix ADC and Gateway authentication bypass attempt (snort3-server-webapp.rules)
 * 1:56708 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809423-0 download attempt (snort3-malware-other.rules)
 * 1:56709 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809425-0 download attempt (snort3-malware-other.rules)
 * 1:56710 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809425-0 download attempt (snort3-malware-other.rules)
 * 1:56673 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809232-0 download attempt (snort3-malware-other.rules)
 * 1:56716 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Priplut-9809769-0 download attempt (snort3-malware-other.rules)
 * 1:56711 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ppatre-9809656-0 download attempt (snort3-malware-other.rules)
 * 1:56687 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809291-0 download attempt (snort3-malware-other.rules)

Modified Rules:


 * 1:47860 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Xamaria variant outbound connection (snort3-malware-cnc.rules)
 * 1:49952 <-> DISABLED <-> MALWARE-CNC Win.Downloader.AutoIt outbound connection (snort3-malware-cnc.rules)
 * 1:49953 <-> DISABLED <-> MALWARE-CNC Win.Downloader.AutoIt outbound connection (snort3-malware-cnc.rules)
 * 1:56545 <-> DISABLED <-> SERVER-WEBAPP rConfig commands.inc.php SQL injection attempt (snort3-server-webapp.rules)

2020-12-17 13:32:20 UTC

Snort Subscriber Rules Update

Date: 2020-12-17

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:56698 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809310-0 download attempt (malware-other.rules)
 * 1:56696 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9809303-0 download attempt (malware-other.rules)
 * 1:56715 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Priplut-9809769-0 download attempt (malware-other.rules)
 * 1:56716 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Priplut-9809769-0 download attempt (malware-other.rules)
 * 1:56703 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Mikey-9809358-0 download attempt (malware-other.rules)
 * 1:56680 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809236-0 download attempt (malware-other.rules)
 * 1:56673 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809232-0 download attempt (malware-other.rules)
 * 1:56672 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zeroaccess-9809114-0 download attempt (malware-other.rules)
 * 1:56712 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ppatre-9809656-0 download attempt (malware-other.rules)
 * 1:56700 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809311-0 download attempt (malware-other.rules)
 * 1:56709 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809425-0 download attempt (malware-other.rules)
 * 1:56711 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ppatre-9809656-0 download attempt (malware-other.rules)
 * 1:56713 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Emotet-9809680-0 download attempt (malware-other.rules)
 * 1:56671 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zeroaccess-9809114-0 download attempt (malware-other.rules)
 * 1:56714 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Emotet-9809680-0 download attempt (malware-other.rules)
 * 1:56693 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809302-0 download attempt (malware-other.rules)
 * 1:56694 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809302-0 download attempt (malware-other.rules)
 * 1:56717 <-> ENABLED <-> MALWARE-CNC Win.Ransomware.Egregor variant outbound connection (malware-cnc.rules)
 * 1:56720 <-> DISABLED <-> SERVER-WEBAPP Citrix ADC and Gateway authentication bypass attempt (server-webapp.rules)
 * 1:56697 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809310-0 download attempt (malware-other.rules)
 * 1:56699 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809311-0 download attempt (malware-other.rules)
 * 1:56710 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809425-0 download attempt (malware-other.rules)
 * 1:56702 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Napolar-9809317-0 download attempt (malware-other.rules)
 * 1:56669 <-> DISABLED <-> MALWARE-OTHER Win.Virus.Ramnit-9808983-0 download attempt (malware-other.rules)
 * 1:56707 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809423-0 download attempt (malware-other.rules)
 * 1:56670 <-> DISABLED <-> MALWARE-OTHER Win.Virus.Ramnit-9808983-0 download attempt (malware-other.rules)
 * 1:56695 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9809303-0 download attempt (malware-other.rules)
 * 1:56674 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809232-0 download attempt (malware-other.rules)
 * 1:56675 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809233-0 download attempt (malware-other.rules)
 * 1:56676 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809233-0 download attempt (malware-other.rules)
 * 1:56706 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809405-0 download attempt (malware-other.rules)
 * 1:56677 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809234-0 download attempt (malware-other.rules)
 * 1:56678 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809234-0 download attempt (malware-other.rules)
 * 1:56690 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809292-0 download attempt (malware-other.rules)
 * 1:56679 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809236-0 download attempt (malware-other.rules)
 * 1:56681 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809289-0 download attempt (malware-other.rules)
 * 1:56682 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809289-0 download attempt (malware-other.rules)
 * 1:56683 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809288-0 download attempt (malware-other.rules)
 * 1:56684 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809288-0 download attempt (malware-other.rules)
 * 1:56685 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809290-0 download attempt (malware-other.rules)
 * 1:56686 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809290-0 download attempt (malware-other.rules)
 * 1:56687 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809291-0 download attempt (malware-other.rules)
 * 1:56688 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809291-0 download attempt (malware-other.rules)
 * 1:56689 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809292-0 download attempt (malware-other.rules)
 * 1:56719 <-> ENABLED <-> MALWARE-CNC Win.Trojan.xDLL variant outbound communication attempt (malware-cnc.rules)
 * 1:56701 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Napolar-9809317-0 download attempt (malware-other.rules)
 * 1:56708 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809423-0 download attempt (malware-other.rules)
 * 1:56704 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Mikey-9809358-0 download attempt (malware-other.rules)
 * 1:56705 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809405-0 download attempt (malware-other.rules)
 * 1:56718 <-> ENABLED <-> MALWARE-CNC Win.Trojan.xDLL variant outbound communication attempt (malware-cnc.rules)
 * 1:56691 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809293-0 download attempt (malware-other.rules)
 * 1:56692 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809293-0 download attempt (malware-other.rules)
 * 3:56725 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1218 attack attempt (file-other.rules)
 * 3:56721 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1213 attack attempt (file-other.rules)
 * 3:56724 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1215 attack attempt (file-other.rules)
 * 3:56723 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1215 attack attempt (file-other.rules)
 * 3:56722 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1213 attack attempt (file-other.rules)
 * 3:56727 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1219 attack attempt (file-other.rules)
 * 3:56729 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2020-1217 attack attempt (server-other.rules)
 * 3:56726 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1218 attack attempt (file-other.rules)
 * 3:56728 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1219 attack attempt (file-other.rules)

Modified Rules:


 * 1:47860 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Xamaria variant outbound connection (malware-cnc.rules)
 * 1:49952 <-> DISABLED <-> MALWARE-CNC Win.Downloader.AutoIt outbound connection (malware-cnc.rules)
 * 1:49953 <-> DISABLED <-> MALWARE-CNC Win.Downloader.AutoIt outbound connection (malware-cnc.rules)
 * 1:56545 <-> DISABLED <-> SERVER-WEBAPP rConfig commands.inc.php SQL injection attempt (server-webapp.rules)