Talos Rules 2020-12-22
This release adds and modifies rules in several categories.

Talos has added and modified multiple rules in the deleted, file-other, malware-cnc, malware-other, malware-tools, policy-other, server-apache and server-webapp rule sets to provide coverage for emerging threats from these technologies.

Change logs

2020-12-22 20:59:49 UTC

Snort Subscriber Rules Update

Date: 2020-12-22

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091700.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:56732 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zeroaccess-9811539-0 download attempt (malware-other.rules)
 * 1:56733 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zeroaccess-9811539-0 download attempt (malware-other.rules)
 * 1:56734 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Pcclient-9811524-0 download attempt (malware-other.rules)
 * 1:56735 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Pcclient-9811524-0 download attempt (malware-other.rules)
 * 1:56736 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generic-9812011-0 download attempt (malware-other.rules)
 * 1:56737 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generic-9812011-0 download attempt (malware-other.rules)
 * 1:56738 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generickdz-9812035-0 download attempt (malware-other.rules)
 * 1:56739 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generickdz-9812035-0 download attempt (malware-other.rules)
 * 1:56740 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generickdz-9812036-0 download attempt (malware-other.rules)
 * 1:56741 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generickdz-9812036-0 download attempt (malware-other.rules)
 * 1:56742 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generickdz-9812037-0 download attempt (malware-other.rules)
 * 1:56743 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generickdz-9812037-0 download attempt (malware-other.rules)
 * 1:56744 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Cerbu-9811987-0 download attempt (malware-other.rules)
 * 1:56745 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Cerbu-9811987-0 download attempt (malware-other.rules)
 * 1:56746 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ulise-9811997-0 download attempt (malware-other.rules)
 * 1:56747 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ulise-9811997-0 download attempt (malware-other.rules)
 * 1:56748 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generickdz-9812114-0 download attempt (malware-other.rules)
 * 1:56749 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generickdz-9812114-0 download attempt (malware-other.rules)
 * 1:56750 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generickdz-9812058-0 download attempt (malware-other.rules)
 * 1:56751 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generickdz-9812058-0 download attempt (malware-other.rules)
 * 1:56752 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ulise-9812070-0 download attempt (malware-other.rules)
 * 1:56753 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ulise-9812070-0 download attempt (malware-other.rules)
 * 1:56754 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generickdz-9812083-0 download attempt (malware-other.rules)
 * 1:56755 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generickdz-9812083-0 download attempt (malware-other.rules)
 * 1:56756 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zusy-9812442-0 download attempt (malware-other.rules)
 * 1:56757 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zusy-9812442-0 download attempt (malware-other.rules)
 * 1:56758 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Ceeinject-9812597-0 download attempt (malware-other.rules)
 * 1:56759 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Ceeinject-9812597-0 download attempt (malware-other.rules)
 * 1:56760 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Mikey-9812612-0 download attempt (malware-other.rules)
 * 1:56761 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Mikey-9812612-0 download attempt (malware-other.rules)
 * 1:56762 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Upantix-9812630-0 download attempt (malware-other.rules)
 * 1:56763 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Upantix-9812630-0 download attempt (malware-other.rules)
 * 1:56764 <-> DISABLED <-> MALWARE-OTHER Win.Malware.3400da6c-9812978-0 download attempt (malware-other.rules)
 * 1:56765 <-> DISABLED <-> MALWARE-OTHER Win.Malware.3400da6c-9812978-0 download attempt (malware-other.rules)
 * 1:56766 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Shiz-9814645-0 download attempt (malware-other.rules)
 * 1:56767 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Shiz-9814645-0 download attempt (malware-other.rules)
 * 1:56768 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Supernova Webshell Command and Control attempt (malware-cnc.rules)
 * 1:56769 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules)
 * 1:56770 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Qbot outbound connection attempt (malware-cnc.rules)
 * 1:56771 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Qbot outbound connection attempt (malware-cnc.rules)
 * 1:56772 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Qbot variant download attempt (malware-other.rules)
 * 1:56773 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Qbot variant download attempt (malware-other.rules)
 * 1:56730 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Fareit-9810681-0 download attempt (malware-other.rules)
 * 1:56731 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Fareit-9810681-0 download attempt (malware-other.rules)
 * 1:56774 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Qbot variant download attempt (malware-other.rules)
 * 1:56775 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Qbot variant download attempt (malware-other.rules)
 * 1:56776 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Gamarue-9811452-0 download attempt (malware-other.rules)
 * 1:56777 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Gamarue-9811452-0 download attempt (malware-other.rules)
 * 1:56778 <-> DISABLED <-> SERVER-WEBAPP ARRIS VAP2500 list_mac_address cmb_macaddrfilter command injection attempt (server-webapp.rules)
 * 1:56779 <-> DISABLED <-> SERVER-WEBAPP ARRIS VAP2500 list_mac_address cmb_macaddrfilter command injection attempt (server-webapp.rules)
 * 1:56780 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Cerber-9815517-0 download attempt (malware-other.rules)
 * 1:56781 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Cerber-9815517-0 download attempt (malware-other.rules)
 * 1:56782 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Bunitu-9815611-0 download attempt (malware-other.rules)
 * 1:56783 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Bunitu-9815611-0 download attempt (malware-other.rules)
 * 1:56784 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules)
 * 1:56785 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules)
 * 1:56786 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules)
 * 1:56787 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules)
 * 1:56788 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules)
 * 1:56789 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules)
 * 1:56790 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules)
 * 1:56791 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules)
 * 1:56792 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules)
 * 1:56793 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules)
 * 1:56794 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules)
 * 1:56795 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules)
 * 1:56796 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules)
 * 1:56797 <-> DISABLED <-> DELETED MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (deleted.rules)
 * 1:56798 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules)
 * 1:56799 <-> DISABLED <-> SERVER-WEBAPP LifeRay arbitrary Java object deserialization attempt (server-webapp.rules)
 * 1:56800 <-> DISABLED <-> SERVER-WEBAPP LifeRay arbitrary Java object deserialization attempt (server-webapp.rules)
 * 1:56801 <-> DISABLED <-> SERVER-WEBAPP LifeRay arbitrary Java object deserialization attempt (server-webapp.rules)
 * 1:56802 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-9815697-0 download attempt (malware-other.rules)
 * 1:56803 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-9815697-0 download attempt (malware-other.rules)

Modified Rules:


 * 1:16048 <-> DISABLED <-> SERVER-OTHER Microsoft ASP.NET application folder info disclosure attempt (server-other.rules)
 * 1:29592 <-> DISABLED <-> SERVER-APACHE Apache Struts wildcard matching OGNL remote code execution attempt (server-apache.rules)
 * 1:41816 <-> DISABLED <-> POLICY-OTHER ElasticSearch cluster health access detected (policy-other.rules)
 * 1:47690 <-> ENABLED <-> SERVER-APACHE Apache Struts java.lang.ProcessBuilder class access attempt (server-apache.rules)
 * 1:56581 <-> DISABLED <-> MALWARE-TOOLS GhostPack Rubeus kerberos request attempt (malware-tools.rules)
 * 1:56582 <-> DISABLED <-> MALWARE-TOOLS GhostPack Rubeus kerberos request attempt (malware-tools.rules)
 * 3:47721 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2018-0670 attack attempt (file-other.rules)
 * 3:47722 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2018-0670 attack attempt (file-other.rules)

2020-12-22 20:59:49 UTC

Snort Subscriber Rules Update

Date: 2020-12-22

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091601.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:56786 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules)
 * 1:56731 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Fareit-9810681-0 download attempt (malware-other.rules)
 * 1:56730 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Fareit-9810681-0 download attempt (malware-other.rules)
 * 1:56732 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zeroaccess-9811539-0 download attempt (malware-other.rules)
 * 1:56733 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zeroaccess-9811539-0 download attempt (malware-other.rules)
 * 1:56734 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Pcclient-9811524-0 download attempt (malware-other.rules)
 * 1:56735 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Pcclient-9811524-0 download attempt (malware-other.rules)
 * 1:56736 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generic-9812011-0 download attempt (malware-other.rules)
 * 1:56737 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generic-9812011-0 download attempt (malware-other.rules)
 * 1:56738 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generickdz-9812035-0 download attempt (malware-other.rules)
 * 1:56739 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generickdz-9812035-0 download attempt (malware-other.rules)
 * 1:56740 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generickdz-9812036-0 download attempt (malware-other.rules)
 * 1:56741 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generickdz-9812036-0 download attempt (malware-other.rules)
 * 1:56742 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generickdz-9812037-0 download attempt (malware-other.rules)
 * 1:56743 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generickdz-9812037-0 download attempt (malware-other.rules)
 * 1:56744 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Cerbu-9811987-0 download attempt (malware-other.rules)
 * 1:56745 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Cerbu-9811987-0 download attempt (malware-other.rules)
 * 1:56746 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ulise-9811997-0 download attempt (malware-other.rules)
 * 1:56747 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ulise-9811997-0 download attempt (malware-other.rules)
 * 1:56748 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generickdz-9812114-0 download attempt (malware-other.rules)
 * 1:56749 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generickdz-9812114-0 download attempt (malware-other.rules)
 * 1:56750 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generickdz-9812058-0 download attempt (malware-other.rules)
 * 1:56751 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generickdz-9812058-0 download attempt (malware-other.rules)
 * 1:56752 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ulise-9812070-0 download attempt (malware-other.rules)
 * 1:56753 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ulise-9812070-0 download attempt (malware-other.rules)
 * 1:56754 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generickdz-9812083-0 download attempt (malware-other.rules)
 * 1:56755 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generickdz-9812083-0 download attempt (malware-other.rules)
 * 1:56756 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zusy-9812442-0 download attempt (malware-other.rules)
 * 1:56757 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zusy-9812442-0 download attempt (malware-other.rules)
 * 1:56758 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Ceeinject-9812597-0 download attempt (malware-other.rules)
 * 1:56759 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Ceeinject-9812597-0 download attempt (malware-other.rules)
 * 1:56760 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Mikey-9812612-0 download attempt (malware-other.rules)
 * 1:56761 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Mikey-9812612-0 download attempt (malware-other.rules)
 * 1:56762 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Upantix-9812630-0 download attempt (malware-other.rules)
 * 1:56763 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Upantix-9812630-0 download attempt (malware-other.rules)
 * 1:56764 <-> DISABLED <-> MALWARE-OTHER Win.Malware.3400da6c-9812978-0 download attempt (malware-other.rules)
 * 1:56765 <-> DISABLED <-> MALWARE-OTHER Win.Malware.3400da6c-9812978-0 download attempt (malware-other.rules)
 * 1:56766 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Shiz-9814645-0 download attempt (malware-other.rules)
 * 1:56767 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Shiz-9814645-0 download attempt (malware-other.rules)
 * 1:56768 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Supernova Webshell Command and Control attempt (malware-cnc.rules)
 * 1:56769 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules)
 * 1:56770 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Qbot outbound connection attempt (malware-cnc.rules)
 * 1:56771 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Qbot outbound connection attempt (malware-cnc.rules)
 * 1:56772 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Qbot variant download attempt (malware-other.rules)
 * 1:56773 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Qbot variant download attempt (malware-other.rules)
 * 1:56774 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Qbot variant download attempt (malware-other.rules)
 * 1:56775 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Qbot variant download attempt (malware-other.rules)
 * 1:56776 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Gamarue-9811452-0 download attempt (malware-other.rules)
 * 1:56777 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Gamarue-9811452-0 download attempt (malware-other.rules)
 * 1:56778 <-> DISABLED <-> SERVER-WEBAPP ARRIS VAP2500 list_mac_address cmb_macaddrfilter command injection attempt (server-webapp.rules)
 * 1:56779 <-> DISABLED <-> SERVER-WEBAPP ARRIS VAP2500 list_mac_address cmb_macaddrfilter command injection attempt (server-webapp.rules)
 * 1:56780 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Cerber-9815517-0 download attempt (malware-other.rules)
 * 1:56781 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Cerber-9815517-0 download attempt (malware-other.rules)
 * 1:56782 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Bunitu-9815611-0 download attempt (malware-other.rules)
 * 1:56783 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Bunitu-9815611-0 download attempt (malware-other.rules)
 * 1:56784 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules)
 * 1:56790 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules)
 * 1:56789 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules)
 * 1:56788 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules)
 * 1:56791 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules)
 * 1:56792 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules)
 * 1:56793 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules)
 * 1:56794 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules)
 * 1:56795 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules)
 * 1:56796 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules)
 * 1:56797 <-> DISABLED <-> DELETED MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (deleted.rules)
 * 1:56798 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules)
 * 1:56799 <-> DISABLED <-> SERVER-WEBAPP LifeRay arbitrary Java object deserialization attempt (server-webapp.rules)
 * 1:56800 <-> DISABLED <-> SERVER-WEBAPP LifeRay arbitrary Java object deserialization attempt (server-webapp.rules)
 * 1:56801 <-> DISABLED <-> SERVER-WEBAPP LifeRay arbitrary Java object deserialization attempt (server-webapp.rules)
 * 1:56802 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-9815697-0 download attempt (malware-other.rules)
 * 1:56803 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-9815697-0 download attempt (malware-other.rules)
 * 1:56787 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules)
 * 1:56785 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules)

Modified Rules:


 * 1:16048 <-> DISABLED <-> SERVER-OTHER Microsoft ASP.NET application folder info disclosure attempt (server-other.rules)
 * 1:29592 <-> DISABLED <-> SERVER-APACHE Apache Struts wildcard matching OGNL remote code execution attempt (server-apache.rules)
 * 1:41816 <-> DISABLED <-> POLICY-OTHER ElasticSearch cluster health access detected (policy-other.rules)
 * 1:47690 <-> ENABLED <-> SERVER-APACHE Apache Struts java.lang.ProcessBuilder class access attempt (server-apache.rules)
 * 1:56581 <-> DISABLED <-> MALWARE-TOOLS GhostPack Rubeus kerberos request attempt (malware-tools.rules)
 * 1:56582 <-> DISABLED <-> MALWARE-TOOLS GhostPack Rubeus kerberos request attempt (malware-tools.rules)
 * 3:47721 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2018-0670 attack attempt (file-other.rules)
 * 3:47722 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2018-0670 attack attempt (file-other.rules)

2020-12-22 20:59:49 UTC

Snort Subscriber Rules Update

Date: 2020-12-22

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091600.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:56788 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules)
 * 1:56730 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Fareit-9810681-0 download attempt (malware-other.rules)
 * 1:56731 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Fareit-9810681-0 download attempt (malware-other.rules)
 * 1:56786 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules)
 * 1:56787 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules)
 * 1:56790 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules)
 * 1:56789 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules)
 * 1:56791 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules)
 * 1:56792 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules)
 * 1:56793 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules)
 * 1:56794 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules)
 * 1:56795 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules)
 * 1:56796 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules)
 * 1:56797 <-> DISABLED <-> DELETED MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (deleted.rules)
 * 1:56798 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules)
 * 1:56799 <-> DISABLED <-> SERVER-WEBAPP LifeRay arbitrary Java object deserialization attempt (server-webapp.rules)
 * 1:56800 <-> DISABLED <-> SERVER-WEBAPP LifeRay arbitrary Java object deserialization attempt (server-webapp.rules)
 * 1:56801 <-> DISABLED <-> SERVER-WEBAPP LifeRay arbitrary Java object deserialization attempt (server-webapp.rules)
 * 1:56802 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-9815697-0 download attempt (malware-other.rules)
 * 1:56803 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-9815697-0 download attempt (malware-other.rules)
 * 1:56784 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules)
 * 1:56733 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zeroaccess-9811539-0 download attempt (malware-other.rules)
 * 1:56732 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zeroaccess-9811539-0 download attempt (malware-other.rules)
 * 1:56735 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Pcclient-9811524-0 download attempt (malware-other.rules)
 * 1:56734 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Pcclient-9811524-0 download attempt (malware-other.rules)
 * 1:56736 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generic-9812011-0 download attempt (malware-other.rules)
 * 1:56738 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generickdz-9812035-0 download attempt (malware-other.rules)
 * 1:56737 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generic-9812011-0 download attempt (malware-other.rules)
 * 1:56740 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generickdz-9812036-0 download attempt (malware-other.rules)
 * 1:56739 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generickdz-9812035-0 download attempt (malware-other.rules)
 * 1:56742 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generickdz-9812037-0 download attempt (malware-other.rules)
 * 1:56741 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generickdz-9812036-0 download attempt (malware-other.rules)
 * 1:56744 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Cerbu-9811987-0 download attempt (malware-other.rules)
 * 1:56743 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generickdz-9812037-0 download attempt (malware-other.rules)
 * 1:56746 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ulise-9811997-0 download attempt (malware-other.rules)
 * 1:56745 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Cerbu-9811987-0 download attempt (malware-other.rules)
 * 1:56747 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ulise-9811997-0 download attempt (malware-other.rules)
 * 1:56749 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generickdz-9812114-0 download attempt (malware-other.rules)
 * 1:56748 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generickdz-9812114-0 download attempt (malware-other.rules)
 * 1:56751 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generickdz-9812058-0 download attempt (malware-other.rules)
 * 1:56750 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generickdz-9812058-0 download attempt (malware-other.rules)
 * 1:56753 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ulise-9812070-0 download attempt (malware-other.rules)
 * 1:56752 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ulise-9812070-0 download attempt (malware-other.rules)
 * 1:56755 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generickdz-9812083-0 download attempt (malware-other.rules)
 * 1:56754 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generickdz-9812083-0 download attempt (malware-other.rules)
 * 1:56757 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zusy-9812442-0 download attempt (malware-other.rules)
 * 1:56756 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zusy-9812442-0 download attempt (malware-other.rules)
 * 1:56759 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Ceeinject-9812597-0 download attempt (malware-other.rules)
 * 1:56758 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Ceeinject-9812597-0 download attempt (malware-other.rules)
 * 1:56761 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Mikey-9812612-0 download attempt (malware-other.rules)
 * 1:56760 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Mikey-9812612-0 download attempt (malware-other.rules)
 * 1:56763 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Upantix-9812630-0 download attempt (malware-other.rules)
 * 1:56762 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Upantix-9812630-0 download attempt (malware-other.rules)
 * 1:56765 <-> DISABLED <-> MALWARE-OTHER Win.Malware.3400da6c-9812978-0 download attempt (malware-other.rules)
 * 1:56764 <-> DISABLED <-> MALWARE-OTHER Win.Malware.3400da6c-9812978-0 download attempt (malware-other.rules)
 * 1:56767 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Shiz-9814645-0 download attempt (malware-other.rules)
 * 1:56766 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Shiz-9814645-0 download attempt (malware-other.rules)
 * 1:56769 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules)
 * 1:56768 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Supernova Webshell Command and Control attempt (malware-cnc.rules)
 * 1:56771 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Qbot outbound connection attempt (malware-cnc.rules)
 * 1:56770 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Qbot outbound connection attempt (malware-cnc.rules)
 * 1:56773 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Qbot variant download attempt (malware-other.rules)
 * 1:56772 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Qbot variant download attempt (malware-other.rules)
 * 1:56775 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Qbot variant download attempt (malware-other.rules)
 * 1:56774 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Qbot variant download attempt (malware-other.rules)
 * 1:56776 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Gamarue-9811452-0 download attempt (malware-other.rules)
 * 1:56777 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Gamarue-9811452-0 download attempt (malware-other.rules)
 * 1:56779 <-> DISABLED <-> SERVER-WEBAPP ARRIS VAP2500 list_mac_address cmb_macaddrfilter command injection attempt (server-webapp.rules)
 * 1:56778 <-> DISABLED <-> SERVER-WEBAPP ARRIS VAP2500 list_mac_address cmb_macaddrfilter command injection attempt (server-webapp.rules)
 * 1:56783 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Bunitu-9815611-0 download attempt (malware-other.rules)
 * 1:56780 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Cerber-9815517-0 download attempt (malware-other.rules)
 * 1:56781 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Cerber-9815517-0 download attempt (malware-other.rules)
 * 1:56782 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Bunitu-9815611-0 download attempt (malware-other.rules)
 * 1:56785 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules)

Modified Rules:


 * 1:41816 <-> DISABLED <-> POLICY-OTHER ElasticSearch cluster health access detected (policy-other.rules)
 * 1:29592 <-> DISABLED <-> SERVER-APACHE Apache Struts wildcard matching OGNL remote code execution attempt (server-apache.rules)
 * 1:56581 <-> DISABLED <-> MALWARE-TOOLS GhostPack Rubeus kerberos request attempt (malware-tools.rules)
 * 1:56582 <-> DISABLED <-> MALWARE-TOOLS GhostPack Rubeus kerberos request attempt (malware-tools.rules)
 * 1:47690 <-> ENABLED <-> SERVER-APACHE Apache Struts java.lang.ProcessBuilder class access attempt (server-apache.rules)
 * 1:16048 <-> DISABLED <-> SERVER-OTHER Microsoft ASP.NET application folder info disclosure attempt (server-other.rules)
 * 3:47721 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2018-0670 attack attempt (file-other.rules)
 * 3:47722 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2018-0670 attack attempt (file-other.rules)

2020-12-22 20:59:49 UTC

Snort Subscriber Rules Update

Date: 2020-12-22

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091501.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:56789 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules)
 * 1:56787 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules)
 * 1:56790 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules)
 * 1:56797 <-> DISABLED <-> DELETED MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (deleted.rules)
 * 1:56799 <-> DISABLED <-> SERVER-WEBAPP LifeRay arbitrary Java object deserialization attempt (server-webapp.rules)
 * 1:56796 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules)
 * 1:56795 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules)
 * 1:56788 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules)
 * 1:56786 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules)
 * 1:56791 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules)
 * 1:56730 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Fareit-9810681-0 download attempt (malware-other.rules)
 * 1:56731 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Fareit-9810681-0 download attempt (malware-other.rules)
 * 1:56732 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zeroaccess-9811539-0 download attempt (malware-other.rules)
 * 1:56798 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules)
 * 1:56733 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zeroaccess-9811539-0 download attempt (malware-other.rules)
 * 1:56785 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules)
 * 1:56734 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Pcclient-9811524-0 download attempt (malware-other.rules)
 * 1:56735 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Pcclient-9811524-0 download attempt (malware-other.rules)
 * 1:56736 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generic-9812011-0 download attempt (malware-other.rules)
 * 1:56737 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generic-9812011-0 download attempt (malware-other.rules)
 * 1:56738 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generickdz-9812035-0 download attempt (malware-other.rules)
 * 1:56739 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generickdz-9812035-0 download attempt (malware-other.rules)
 * 1:56740 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generickdz-9812036-0 download attempt (malware-other.rules)
 * 1:56741 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generickdz-9812036-0 download attempt (malware-other.rules)
 * 1:56742 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generickdz-9812037-0 download attempt (malware-other.rules)
 * 1:56743 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generickdz-9812037-0 download attempt (malware-other.rules)
 * 1:56744 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Cerbu-9811987-0 download attempt (malware-other.rules)
 * 1:56745 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Cerbu-9811987-0 download attempt (malware-other.rules)
 * 1:56746 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ulise-9811997-0 download attempt (malware-other.rules)
 * 1:56747 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ulise-9811997-0 download attempt (malware-other.rules)
 * 1:56748 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generickdz-9812114-0 download attempt (malware-other.rules)
 * 1:56749 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generickdz-9812114-0 download attempt (malware-other.rules)
 * 1:56750 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generickdz-9812058-0 download attempt (malware-other.rules)
 * 1:56751 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generickdz-9812058-0 download attempt (malware-other.rules)
 * 1:56752 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ulise-9812070-0 download attempt (malware-other.rules)
 * 1:56753 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ulise-9812070-0 download attempt (malware-other.rules)
 * 1:56754 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generickdz-9812083-0 download attempt (malware-other.rules)
 * 1:56755 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generickdz-9812083-0 download attempt (malware-other.rules)
 * 1:56756 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zusy-9812442-0 download attempt (malware-other.rules)
 * 1:56757 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zusy-9812442-0 download attempt (malware-other.rules)
 * 1:56758 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Ceeinject-9812597-0 download attempt (malware-other.rules)
 * 1:56759 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Ceeinject-9812597-0 download attempt (malware-other.rules)
 * 1:56760 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Mikey-9812612-0 download attempt (malware-other.rules)
 * 1:56761 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Mikey-9812612-0 download attempt (malware-other.rules)
 * 1:56762 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Upantix-9812630-0 download attempt (malware-other.rules)
 * 1:56763 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Upantix-9812630-0 download attempt (malware-other.rules)
 * 1:56764 <-> DISABLED <-> MALWARE-OTHER Win.Malware.3400da6c-9812978-0 download attempt (malware-other.rules)
 * 1:56765 <-> DISABLED <-> MALWARE-OTHER Win.Malware.3400da6c-9812978-0 download attempt (malware-other.rules)
 * 1:56766 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Shiz-9814645-0 download attempt (malware-other.rules)
 * 1:56767 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Shiz-9814645-0 download attempt (malware-other.rules)
 * 1:56768 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Supernova Webshell Command and Control attempt (malware-cnc.rules)
 * 1:56769 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules)
 * 1:56770 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Qbot outbound connection attempt (malware-cnc.rules)
 * 1:56771 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Qbot outbound connection attempt (malware-cnc.rules)
 * 1:56772 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Qbot variant download attempt (malware-other.rules)
 * 1:56773 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Qbot variant download attempt (malware-other.rules)
 * 1:56774 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Qbot variant download attempt (malware-other.rules)
 * 1:56775 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Qbot variant download attempt (malware-other.rules)
 * 1:56776 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Gamarue-9811452-0 download attempt (malware-other.rules)
 * 1:56777 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Gamarue-9811452-0 download attempt (malware-other.rules)
 * 1:56778 <-> DISABLED <-> SERVER-WEBAPP ARRIS VAP2500 list_mac_address cmb_macaddrfilter command injection attempt (server-webapp.rules)
 * 1:56779 <-> DISABLED <-> SERVER-WEBAPP ARRIS VAP2500 list_mac_address cmb_macaddrfilter command injection attempt (server-webapp.rules)
 * 1:56780 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Cerber-9815517-0 download attempt (malware-other.rules)
 * 1:56781 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Cerber-9815517-0 download attempt (malware-other.rules)
 * 1:56782 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Bunitu-9815611-0 download attempt (malware-other.rules)
 * 1:56783 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Bunitu-9815611-0 download attempt (malware-other.rules)
 * 1:56784 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules)
 * 1:56793 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules)
 * 1:56800 <-> DISABLED <-> SERVER-WEBAPP LifeRay arbitrary Java object deserialization attempt (server-webapp.rules)
 * 1:56802 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-9815697-0 download attempt (malware-other.rules)
 * 1:56801 <-> DISABLED <-> SERVER-WEBAPP LifeRay arbitrary Java object deserialization attempt (server-webapp.rules)
 * 1:56803 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-9815697-0 download attempt (malware-other.rules)
 * 1:56792 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules)
 * 1:56794 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules)

Modified Rules:


 * 1:16048 <-> DISABLED <-> SERVER-OTHER Microsoft ASP.NET application folder info disclosure attempt (server-other.rules)
 * 1:29592 <-> DISABLED <-> SERVER-APACHE Apache Struts wildcard matching OGNL remote code execution attempt (server-apache.rules)
 * 1:41816 <-> DISABLED <-> POLICY-OTHER ElasticSearch cluster health access detected (policy-other.rules)
 * 1:47690 <-> ENABLED <-> SERVER-APACHE Apache Struts java.lang.ProcessBuilder class access attempt (server-apache.rules)
 * 1:56581 <-> DISABLED <-> MALWARE-TOOLS GhostPack Rubeus kerberos request attempt (malware-tools.rules)
 * 1:56582 <-> DISABLED <-> MALWARE-TOOLS GhostPack Rubeus kerberos request attempt (malware-tools.rules)
 * 3:47721 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2018-0670 attack attempt (file-other.rules)
 * 3:47722 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2018-0670 attack attempt (file-other.rules)

2020-12-22 20:59:49 UTC

Snort Subscriber Rules Update

Date: 2020-12-22

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091500.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:56787 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules)
 * 1:56788 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules)
 * 1:56798 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules)
 * 1:56796 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules)
 * 1:56793 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules)
 * 1:56799 <-> DISABLED <-> SERVER-WEBAPP LifeRay arbitrary Java object deserialization attempt (server-webapp.rules)
 * 1:56797 <-> DISABLED <-> DELETED MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (deleted.rules)
 * 1:56790 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules)
 * 1:56786 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules)
 * 1:56791 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules)
 * 1:56789 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules)
 * 1:56795 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules)
 * 1:56794 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules)
 * 1:56732 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zeroaccess-9811539-0 download attempt (malware-other.rules)
 * 1:56733 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zeroaccess-9811539-0 download attempt (malware-other.rules)
 * 1:56736 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generic-9812011-0 download attempt (malware-other.rules)
 * 1:56734 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Pcclient-9811524-0 download attempt (malware-other.rules)
 * 1:56737 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generic-9812011-0 download attempt (malware-other.rules)
 * 1:56740 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generickdz-9812036-0 download attempt (malware-other.rules)
 * 1:56735 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Pcclient-9811524-0 download attempt (malware-other.rules)
 * 1:56738 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generickdz-9812035-0 download attempt (malware-other.rules)
 * 1:56741 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generickdz-9812036-0 download attempt (malware-other.rules)
 * 1:56744 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Cerbu-9811987-0 download attempt (malware-other.rules)
 * 1:56739 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generickdz-9812035-0 download attempt (malware-other.rules)
 * 1:56742 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generickdz-9812037-0 download attempt (malware-other.rules)
 * 1:56745 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Cerbu-9811987-0 download attempt (malware-other.rules)
 * 1:56748 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generickdz-9812114-0 download attempt (malware-other.rules)
 * 1:56743 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generickdz-9812037-0 download attempt (malware-other.rules)
 * 1:56746 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ulise-9811997-0 download attempt (malware-other.rules)
 * 1:56749 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generickdz-9812114-0 download attempt (malware-other.rules)
 * 1:56752 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ulise-9812070-0 download attempt (malware-other.rules)
 * 1:56747 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ulise-9811997-0 download attempt (malware-other.rules)
 * 1:56750 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generickdz-9812058-0 download attempt (malware-other.rules)
 * 1:56753 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ulise-9812070-0 download attempt (malware-other.rules)
 * 1:56756 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zusy-9812442-0 download attempt (malware-other.rules)
 * 1:56751 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generickdz-9812058-0 download attempt (malware-other.rules)
 * 1:56754 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generickdz-9812083-0 download attempt (malware-other.rules)
 * 1:56757 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zusy-9812442-0 download attempt (malware-other.rules)
 * 1:56760 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Mikey-9812612-0 download attempt (malware-other.rules)
 * 1:56755 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generickdz-9812083-0 download attempt (malware-other.rules)
 * 1:56758 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Ceeinject-9812597-0 download attempt (malware-other.rules)
 * 1:56761 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Mikey-9812612-0 download attempt (malware-other.rules)
 * 1:56764 <-> DISABLED <-> MALWARE-OTHER Win.Malware.3400da6c-9812978-0 download attempt (malware-other.rules)
 * 1:56759 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Ceeinject-9812597-0 download attempt (malware-other.rules)
 * 1:56762 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Upantix-9812630-0 download attempt (malware-other.rules)
 * 1:56765 <-> DISABLED <-> MALWARE-OTHER Win.Malware.3400da6c-9812978-0 download attempt (malware-other.rules)
 * 1:56768 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Supernova Webshell Command and Control attempt (malware-cnc.rules)
 * 1:56763 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Upantix-9812630-0 download attempt (malware-other.rules)
 * 1:56766 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Shiz-9814645-0 download attempt (malware-other.rules)
 * 1:56769 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules)
 * 1:56772 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Qbot variant download attempt (malware-other.rules)
 * 1:56767 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Shiz-9814645-0 download attempt (malware-other.rules)
 * 1:56770 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Qbot outbound connection attempt (malware-cnc.rules)
 * 1:56773 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Qbot variant download attempt (malware-other.rules)
 * 1:56776 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Gamarue-9811452-0 download attempt (malware-other.rules)
 * 1:56771 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Qbot outbound connection attempt (malware-cnc.rules)
 * 1:56774 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Qbot variant download attempt (malware-other.rules)
 * 1:56777 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Gamarue-9811452-0 download attempt (malware-other.rules)
 * 1:56780 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Cerber-9815517-0 download attempt (malware-other.rules)
 * 1:56775 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Qbot variant download attempt (malware-other.rules)
 * 1:56778 <-> DISABLED <-> SERVER-WEBAPP ARRIS VAP2500 list_mac_address cmb_macaddrfilter command injection attempt (server-webapp.rules)
 * 1:56781 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Cerber-9815517-0 download attempt (malware-other.rules)
 * 1:56784 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules)
 * 1:56779 <-> DISABLED <-> SERVER-WEBAPP ARRIS VAP2500 list_mac_address cmb_macaddrfilter command injection attempt (server-webapp.rules)
 * 1:56782 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Bunitu-9815611-0 download attempt (malware-other.rules)
 * 1:56785 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules)
 * 1:56783 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Bunitu-9815611-0 download attempt (malware-other.rules)
 * 1:56730 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Fareit-9810681-0 download attempt (malware-other.rules)
 * 1:56731 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Fareit-9810681-0 download attempt (malware-other.rules)
 * 1:56800 <-> DISABLED <-> SERVER-WEBAPP LifeRay arbitrary Java object deserialization attempt (server-webapp.rules)
 * 1:56801 <-> DISABLED <-> SERVER-WEBAPP LifeRay arbitrary Java object deserialization attempt (server-webapp.rules)
 * 1:56802 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-9815697-0 download attempt (malware-other.rules)
 * 1:56803 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-9815697-0 download attempt (malware-other.rules)
 * 1:56792 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules)

Modified Rules:


 * 1:16048 <-> DISABLED <-> SERVER-OTHER Microsoft ASP.NET application folder info disclosure attempt (server-other.rules)
 * 1:29592 <-> DISABLED <-> SERVER-APACHE Apache Struts wildcard matching OGNL remote code execution attempt (server-apache.rules)
 * 1:41816 <-> DISABLED <-> POLICY-OTHER ElasticSearch cluster health access detected (policy-other.rules)
 * 1:47690 <-> ENABLED <-> SERVER-APACHE Apache Struts java.lang.ProcessBuilder class access attempt (server-apache.rules)
 * 1:56581 <-> DISABLED <-> MALWARE-TOOLS GhostPack Rubeus kerberos request attempt (malware-tools.rules)
 * 1:56582 <-> DISABLED <-> MALWARE-TOOLS GhostPack Rubeus kerberos request attempt (malware-tools.rules)
 * 3:47721 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2018-0670 attack attempt (file-other.rules)
 * 3:47722 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2018-0670 attack attempt (file-other.rules)

2020-12-22 20:59:49 UTC

Snort Subscriber Rules Update

Date: 2020-12-22

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091401.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:56789 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules)
 * 1:56798 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules)
 * 1:56797 <-> DISABLED <-> DELETED MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (deleted.rules)
 * 1:56791 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules)
 * 1:56790 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules)
 * 1:56787 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules)
 * 1:56786 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules)
 * 1:56793 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules)
 * 1:56800 <-> DISABLED <-> SERVER-WEBAPP LifeRay arbitrary Java object deserialization attempt (server-webapp.rules)
 * 1:56792 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules)
 * 1:56801 <-> DISABLED <-> SERVER-WEBAPP LifeRay arbitrary Java object deserialization attempt (server-webapp.rules)
 * 1:56802 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-9815697-0 download attempt (malware-other.rules)
 * 1:56803 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-9815697-0 download attempt (malware-other.rules)
 * 1:56799 <-> DISABLED <-> SERVER-WEBAPP LifeRay arbitrary Java object deserialization attempt (server-webapp.rules)
 * 1:56794 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules)
 * 1:56795 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules)
 * 1:56733 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zeroaccess-9811539-0 download attempt (malware-other.rules)
 * 1:56732 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zeroaccess-9811539-0 download attempt (malware-other.rules)
 * 1:56734 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Pcclient-9811524-0 download attempt (malware-other.rules)
 * 1:56737 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generic-9812011-0 download attempt (malware-other.rules)
 * 1:56736 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generic-9812011-0 download attempt (malware-other.rules)
 * 1:56735 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Pcclient-9811524-0 download attempt (malware-other.rules)
 * 1:56738 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generickdz-9812035-0 download attempt (malware-other.rules)
 * 1:56741 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generickdz-9812036-0 download attempt (malware-other.rules)
 * 1:56740 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generickdz-9812036-0 download attempt (malware-other.rules)
 * 1:56739 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generickdz-9812035-0 download attempt (malware-other.rules)
 * 1:56742 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generickdz-9812037-0 download attempt (malware-other.rules)
 * 1:56745 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Cerbu-9811987-0 download attempt (malware-other.rules)
 * 1:56744 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Cerbu-9811987-0 download attempt (malware-other.rules)
 * 1:56743 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generickdz-9812037-0 download attempt (malware-other.rules)
 * 1:56746 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ulise-9811997-0 download attempt (malware-other.rules)
 * 1:56749 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generickdz-9812114-0 download attempt (malware-other.rules)
 * 1:56747 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ulise-9811997-0 download attempt (malware-other.rules)
 * 1:56748 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generickdz-9812114-0 download attempt (malware-other.rules)
 * 1:56750 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generickdz-9812058-0 download attempt (malware-other.rules)
 * 1:56753 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ulise-9812070-0 download attempt (malware-other.rules)
 * 1:56752 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ulise-9812070-0 download attempt (malware-other.rules)
 * 1:56751 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generickdz-9812058-0 download attempt (malware-other.rules)
 * 1:56754 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generickdz-9812083-0 download attempt (malware-other.rules)
 * 1:56757 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zusy-9812442-0 download attempt (malware-other.rules)
 * 1:56755 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generickdz-9812083-0 download attempt (malware-other.rules)
 * 1:56756 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zusy-9812442-0 download attempt (malware-other.rules)
 * 1:56758 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Ceeinject-9812597-0 download attempt (malware-other.rules)
 * 1:56761 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Mikey-9812612-0 download attempt (malware-other.rules)
 * 1:56760 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Mikey-9812612-0 download attempt (malware-other.rules)
 * 1:56759 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Ceeinject-9812597-0 download attempt (malware-other.rules)
 * 1:56762 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Upantix-9812630-0 download attempt (malware-other.rules)
 * 1:56765 <-> DISABLED <-> MALWARE-OTHER Win.Malware.3400da6c-9812978-0 download attempt (malware-other.rules)
 * 1:56764 <-> DISABLED <-> MALWARE-OTHER Win.Malware.3400da6c-9812978-0 download attempt (malware-other.rules)
 * 1:56763 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Upantix-9812630-0 download attempt (malware-other.rules)
 * 1:56766 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Shiz-9814645-0 download attempt (malware-other.rules)
 * 1:56769 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules)
 * 1:56768 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Supernova Webshell Command and Control attempt (malware-cnc.rules)
 * 1:56767 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Shiz-9814645-0 download attempt (malware-other.rules)
 * 1:56770 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Qbot outbound connection attempt (malware-cnc.rules)
 * 1:56773 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Qbot variant download attempt (malware-other.rules)
 * 1:56772 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Qbot variant download attempt (malware-other.rules)
 * 1:56771 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Qbot outbound connection attempt (malware-cnc.rules)
 * 1:56774 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Qbot variant download attempt (malware-other.rules)
 * 1:56777 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Gamarue-9811452-0 download attempt (malware-other.rules)
 * 1:56776 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Gamarue-9811452-0 download attempt (malware-other.rules)
 * 1:56775 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Qbot variant download attempt (malware-other.rules)
 * 1:56778 <-> DISABLED <-> SERVER-WEBAPP ARRIS VAP2500 list_mac_address cmb_macaddrfilter command injection attempt (server-webapp.rules)
 * 1:56781 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Cerber-9815517-0 download attempt (malware-other.rules)
 * 1:56780 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Cerber-9815517-0 download attempt (malware-other.rules)
 * 1:56779 <-> DISABLED <-> SERVER-WEBAPP ARRIS VAP2500 list_mac_address cmb_macaddrfilter command injection attempt (server-webapp.rules)
 * 1:56782 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Bunitu-9815611-0 download attempt (malware-other.rules)
 * 1:56785 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules)
 * 1:56784 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules)
 * 1:56783 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Bunitu-9815611-0 download attempt (malware-other.rules)
 * 1:56730 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Fareit-9810681-0 download attempt (malware-other.rules)
 * 1:56731 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Fareit-9810681-0 download attempt (malware-other.rules)
 * 1:56796 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules)
 * 1:56788 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules)

Modified Rules:


 * 1:16048 <-> DISABLED <-> SERVER-OTHER Microsoft ASP.NET application folder info disclosure attempt (server-other.rules)
 * 1:29592 <-> DISABLED <-> SERVER-APACHE Apache Struts wildcard matching OGNL remote code execution attempt (server-apache.rules)
 * 1:41816 <-> DISABLED <-> POLICY-OTHER ElasticSearch cluster health access detected (policy-other.rules)
 * 1:47690 <-> ENABLED <-> SERVER-APACHE Apache Struts java.lang.ProcessBuilder class access attempt (server-apache.rules)
 * 1:56581 <-> DISABLED <-> MALWARE-TOOLS GhostPack Rubeus kerberos request attempt (malware-tools.rules)
 * 1:56582 <-> DISABLED <-> MALWARE-TOOLS GhostPack Rubeus kerberos request attempt (malware-tools.rules)
 * 3:47722 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2018-0670 attack attempt (file-other.rules)
 * 3:47721 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2018-0670 attack attempt (file-other.rules)

2020-12-22 20:59:49 UTC

Snort Subscriber Rules Update

Date: 2020-12-22

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091300.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:56798 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules)
 * 1:56786 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules)
 * 1:56787 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules)
 * 1:56794 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules)
 * 1:56789 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules)
 * 1:56800 <-> DISABLED <-> SERVER-WEBAPP LifeRay arbitrary Java object deserialization attempt (server-webapp.rules)
 * 1:56732 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zeroaccess-9811539-0 download attempt (malware-other.rules)
 * 1:56733 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zeroaccess-9811539-0 download attempt (malware-other.rules)
 * 1:56734 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Pcclient-9811524-0 download attempt (malware-other.rules)
 * 1:56735 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Pcclient-9811524-0 download attempt (malware-other.rules)
 * 1:56736 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generic-9812011-0 download attempt (malware-other.rules)
 * 1:56737 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generic-9812011-0 download attempt (malware-other.rules)
 * 1:56738 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generickdz-9812035-0 download attempt (malware-other.rules)
 * 1:56739 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generickdz-9812035-0 download attempt (malware-other.rules)
 * 1:56740 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generickdz-9812036-0 download attempt (malware-other.rules)
 * 1:56741 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generickdz-9812036-0 download attempt (malware-other.rules)
 * 1:56742 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generickdz-9812037-0 download attempt (malware-other.rules)
 * 1:56743 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generickdz-9812037-0 download attempt (malware-other.rules)
 * 1:56744 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Cerbu-9811987-0 download attempt (malware-other.rules)
 * 1:56745 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Cerbu-9811987-0 download attempt (malware-other.rules)
 * 1:56746 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ulise-9811997-0 download attempt (malware-other.rules)
 * 1:56747 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ulise-9811997-0 download attempt (malware-other.rules)
 * 1:56748 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generickdz-9812114-0 download attempt (malware-other.rules)
 * 1:56749 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generickdz-9812114-0 download attempt (malware-other.rules)
 * 1:56750 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generickdz-9812058-0 download attempt (malware-other.rules)
 * 1:56751 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generickdz-9812058-0 download attempt (malware-other.rules)
 * 1:56752 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ulise-9812070-0 download attempt (malware-other.rules)
 * 1:56753 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ulise-9812070-0 download attempt (malware-other.rules)
 * 1:56754 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generickdz-9812083-0 download attempt (malware-other.rules)
 * 1:56755 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generickdz-9812083-0 download attempt (malware-other.rules)
 * 1:56756 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zusy-9812442-0 download attempt (malware-other.rules)
 * 1:56757 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zusy-9812442-0 download attempt (malware-other.rules)
 * 1:56758 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Ceeinject-9812597-0 download attempt (malware-other.rules)
 * 1:56759 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Ceeinject-9812597-0 download attempt (malware-other.rules)
 * 1:56797 <-> DISABLED <-> DELETED MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (deleted.rules)
 * 1:56790 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules)
 * 1:56788 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules)
 * 1:56791 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules)
 * 1:56802 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-9815697-0 download attempt (malware-other.rules)
 * 1:56803 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-9815697-0 download attempt (malware-other.rules)
 * 1:56760 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Mikey-9812612-0 download attempt (malware-other.rules)
 * 1:56761 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Mikey-9812612-0 download attempt (malware-other.rules)
 * 1:56762 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Upantix-9812630-0 download attempt (malware-other.rules)
 * 1:56763 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Upantix-9812630-0 download attempt (malware-other.rules)
 * 1:56764 <-> DISABLED <-> MALWARE-OTHER Win.Malware.3400da6c-9812978-0 download attempt (malware-other.rules)
 * 1:56765 <-> DISABLED <-> MALWARE-OTHER Win.Malware.3400da6c-9812978-0 download attempt (malware-other.rules)
 * 1:56766 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Shiz-9814645-0 download attempt (malware-other.rules)
 * 1:56767 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Shiz-9814645-0 download attempt (malware-other.rules)
 * 1:56768 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Supernova Webshell Command and Control attempt (malware-cnc.rules)
 * 1:56769 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules)
 * 1:56770 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Qbot outbound connection attempt (malware-cnc.rules)
 * 1:56771 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Qbot outbound connection attempt (malware-cnc.rules)
 * 1:56772 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Qbot variant download attempt (malware-other.rules)
 * 1:56773 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Qbot variant download attempt (malware-other.rules)
 * 1:56774 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Qbot variant download attempt (malware-other.rules)
 * 1:56775 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Qbot variant download attempt (malware-other.rules)
 * 1:56776 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Gamarue-9811452-0 download attempt (malware-other.rules)
 * 1:56777 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Gamarue-9811452-0 download attempt (malware-other.rules)
 * 1:56778 <-> DISABLED <-> SERVER-WEBAPP ARRIS VAP2500 list_mac_address cmb_macaddrfilter command injection attempt (server-webapp.rules)
 * 1:56779 <-> DISABLED <-> SERVER-WEBAPP ARRIS VAP2500 list_mac_address cmb_macaddrfilter command injection attempt (server-webapp.rules)
 * 1:56780 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Cerber-9815517-0 download attempt (malware-other.rules)
 * 1:56781 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Cerber-9815517-0 download attempt (malware-other.rules)
 * 1:56782 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Bunitu-9815611-0 download attempt (malware-other.rules)
 * 1:56783 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Bunitu-9815611-0 download attempt (malware-other.rules)
 * 1:56784 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules)
 * 1:56785 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules)
 * 1:56795 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules)
 * 1:56796 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules)
 * 1:56730 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Fareit-9810681-0 download attempt (malware-other.rules)
 * 1:56731 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Fareit-9810681-0 download attempt (malware-other.rules)
 * 1:56793 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules)
 * 1:56792 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules)
 * 1:56801 <-> DISABLED <-> SERVER-WEBAPP LifeRay arbitrary Java object deserialization attempt (server-webapp.rules)
 * 1:56799 <-> DISABLED <-> SERVER-WEBAPP LifeRay arbitrary Java object deserialization attempt (server-webapp.rules)

Modified Rules:


 * 1:16048 <-> DISABLED <-> SERVER-OTHER Microsoft ASP.NET application folder info disclosure attempt (server-other.rules)
 * 1:29592 <-> DISABLED <-> SERVER-APACHE Apache Struts wildcard matching OGNL remote code execution attempt (server-apache.rules)
 * 1:41816 <-> DISABLED <-> POLICY-OTHER ElasticSearch cluster health access detected (policy-other.rules)
 * 1:47690 <-> ENABLED <-> SERVER-APACHE Apache Struts java.lang.ProcessBuilder class access attempt (server-apache.rules)
 * 1:56581 <-> DISABLED <-> MALWARE-TOOLS GhostPack Rubeus kerberos request attempt (malware-tools.rules)
 * 1:56582 <-> DISABLED <-> MALWARE-TOOLS GhostPack Rubeus kerberos request attempt (malware-tools.rules)
 * 3:47721 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2018-0670 attack attempt (file-other.rules)
 * 3:47722 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2018-0670 attack attempt (file-other.rules)

2020-12-22 20:59:49 UTC

Snort Subscriber Rules Update

Date: 2020-12-22

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091101.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:56746 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ulise-9811997-0 download attempt (malware-other.rules)
 * 1:56798 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules)
 * 1:56790 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules)
 * 1:56730 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Fareit-9810681-0 download attempt (malware-other.rules)
 * 1:56731 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Fareit-9810681-0 download attempt (malware-other.rules)
 * 1:56800 <-> DISABLED <-> SERVER-WEBAPP LifeRay arbitrary Java object deserialization attempt (server-webapp.rules)
 * 1:56794 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules)
 * 1:56732 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zeroaccess-9811539-0 download attempt (malware-other.rules)
 * 1:56733 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zeroaccess-9811539-0 download attempt (malware-other.rules)
 * 1:56734 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Pcclient-9811524-0 download attempt (malware-other.rules)
 * 1:56735 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Pcclient-9811524-0 download attempt (malware-other.rules)
 * 1:56736 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generic-9812011-0 download attempt (malware-other.rules)
 * 1:56737 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generic-9812011-0 download attempt (malware-other.rules)
 * 1:56738 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generickdz-9812035-0 download attempt (malware-other.rules)
 * 1:56739 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generickdz-9812035-0 download attempt (malware-other.rules)
 * 1:56740 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generickdz-9812036-0 download attempt (malware-other.rules)
 * 1:56741 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generickdz-9812036-0 download attempt (malware-other.rules)
 * 1:56742 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generickdz-9812037-0 download attempt (malware-other.rules)
 * 1:56743 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generickdz-9812037-0 download attempt (malware-other.rules)
 * 1:56775 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Qbot variant download attempt (malware-other.rules)
 * 1:56786 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules)
 * 1:56776 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Gamarue-9811452-0 download attempt (malware-other.rules)
 * 1:56796 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules)
 * 1:56803 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-9815697-0 download attempt (malware-other.rules)
 * 1:56787 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules)
 * 1:56802 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-9815697-0 download attempt (malware-other.rules)
 * 1:56801 <-> DISABLED <-> SERVER-WEBAPP LifeRay arbitrary Java object deserialization attempt (server-webapp.rules)
 * 1:56789 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules)
 * 1:56792 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules)
 * 1:56745 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Cerbu-9811987-0 download attempt (malware-other.rules)
 * 1:56744 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Cerbu-9811987-0 download attempt (malware-other.rules)
 * 1:56747 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ulise-9811997-0 download attempt (malware-other.rules)
 * 1:56748 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generickdz-9812114-0 download attempt (malware-other.rules)
 * 1:56749 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generickdz-9812114-0 download attempt (malware-other.rules)
 * 1:56750 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generickdz-9812058-0 download attempt (malware-other.rules)
 * 1:56751 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generickdz-9812058-0 download attempt (malware-other.rules)
 * 1:56752 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ulise-9812070-0 download attempt (malware-other.rules)
 * 1:56753 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ulise-9812070-0 download attempt (malware-other.rules)
 * 1:56754 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generickdz-9812083-0 download attempt (malware-other.rules)
 * 1:56755 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generickdz-9812083-0 download attempt (malware-other.rules)
 * 1:56756 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zusy-9812442-0 download attempt (malware-other.rules)
 * 1:56757 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zusy-9812442-0 download attempt (malware-other.rules)
 * 1:56758 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Ceeinject-9812597-0 download attempt (malware-other.rules)
 * 1:56759 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Ceeinject-9812597-0 download attempt (malware-other.rules)
 * 1:56760 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Mikey-9812612-0 download attempt (malware-other.rules)
 * 1:56761 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Mikey-9812612-0 download attempt (malware-other.rules)
 * 1:56762 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Upantix-9812630-0 download attempt (malware-other.rules)
 * 1:56763 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Upantix-9812630-0 download attempt (malware-other.rules)
 * 1:56764 <-> DISABLED <-> MALWARE-OTHER Win.Malware.3400da6c-9812978-0 download attempt (malware-other.rules)
 * 1:56765 <-> DISABLED <-> MALWARE-OTHER Win.Malware.3400da6c-9812978-0 download attempt (malware-other.rules)
 * 1:56766 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Shiz-9814645-0 download attempt (malware-other.rules)
 * 1:56767 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Shiz-9814645-0 download attempt (malware-other.rules)
 * 1:56768 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Supernova Webshell Command and Control attempt (malware-cnc.rules)
 * 1:56769 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules)
 * 1:56770 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Qbot outbound connection attempt (malware-cnc.rules)
 * 1:56771 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Qbot outbound connection attempt (malware-cnc.rules)
 * 1:56772 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Qbot variant download attempt (malware-other.rules)
 * 1:56773 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Qbot variant download attempt (malware-other.rules)
 * 1:56774 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Qbot variant download attempt (malware-other.rules)
 * 1:56777 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Gamarue-9811452-0 download attempt (malware-other.rules)
 * 1:56778 <-> DISABLED <-> SERVER-WEBAPP ARRIS VAP2500 list_mac_address cmb_macaddrfilter command injection attempt (server-webapp.rules)
 * 1:56779 <-> DISABLED <-> SERVER-WEBAPP ARRIS VAP2500 list_mac_address cmb_macaddrfilter command injection attempt (server-webapp.rules)
 * 1:56781 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Cerber-9815517-0 download attempt (malware-other.rules)
 * 1:56780 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Cerber-9815517-0 download attempt (malware-other.rules)
 * 1:56782 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Bunitu-9815611-0 download attempt (malware-other.rules)
 * 1:56783 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Bunitu-9815611-0 download attempt (malware-other.rules)
 * 1:56784 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules)
 * 1:56785 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules)
 * 1:56788 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules)
 * 1:56799 <-> DISABLED <-> SERVER-WEBAPP LifeRay arbitrary Java object deserialization attempt (server-webapp.rules)
 * 1:56793 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules)
 * 1:56791 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules)
 * 1:56795 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules)
 * 1:56797 <-> DISABLED <-> DELETED MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (deleted.rules)

Modified Rules:


 * 1:47690 <-> ENABLED <-> SERVER-APACHE Apache Struts java.lang.ProcessBuilder class access attempt (server-apache.rules)
 * 1:56581 <-> DISABLED <-> MALWARE-TOOLS GhostPack Rubeus kerberos request attempt (malware-tools.rules)
 * 1:41816 <-> DISABLED <-> POLICY-OTHER ElasticSearch cluster health access detected (policy-other.rules)
 * 1:56582 <-> DISABLED <-> MALWARE-TOOLS GhostPack Rubeus kerberos request attempt (malware-tools.rules)
 * 1:16048 <-> DISABLED <-> SERVER-OTHER Microsoft ASP.NET application folder info disclosure attempt (server-other.rules)
 * 1:29592 <-> DISABLED <-> SERVER-APACHE Apache Struts wildcard matching OGNL remote code execution attempt (server-apache.rules)
 * 3:47721 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2018-0670 attack attempt (file-other.rules)
 * 3:47722 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2018-0670 attack attempt (file-other.rules)

2020-12-22 20:59:49 UTC

Snort Subscriber Rules Update

Date: 2020-12-22

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3000.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:56799 <-> DISABLED <-> SERVER-WEBAPP LifeRay arbitrary Java object deserialization attempt (snort3-server-webapp.rules)
 * 1:56795 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (snort3-malware-cnc.rules)
 * 1:56790 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (snort3-malware-cnc.rules)
 * 1:56788 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (snort3-malware-cnc.rules)
 * 1:56787 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (snort3-malware-cnc.rules)
 * 1:56793 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (snort3-malware-cnc.rules)
 * 1:56778 <-> DISABLED <-> SERVER-WEBAPP ARRIS VAP2500 list_mac_address cmb_macaddrfilter command injection attempt (snort3-server-webapp.rules)
 * 1:56800 <-> DISABLED <-> SERVER-WEBAPP LifeRay arbitrary Java object deserialization attempt (snort3-server-webapp.rules)
 * 1:56789 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (snort3-malware-cnc.rules)
 * 1:56797 <-> DISABLED <-> DELETED MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (snort3-deleted.rules)
 * 1:56732 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zeroaccess-9811539-0 download attempt (snort3-malware-other.rules)
 * 1:56777 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Gamarue-9811452-0 download attempt (snort3-malware-other.rules)
 * 1:56796 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (snort3-malware-cnc.rules)
 * 1:56792 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (snort3-malware-cnc.rules)
 * 1:56781 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Cerber-9815517-0 download attempt (snort3-malware-other.rules)
 * 1:56780 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Cerber-9815517-0 download attempt (snort3-malware-other.rules)
 * 1:56779 <-> DISABLED <-> SERVER-WEBAPP ARRIS VAP2500 list_mac_address cmb_macaddrfilter command injection attempt (snort3-server-webapp.rules)
 * 1:56782 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Bunitu-9815611-0 download attempt (snort3-malware-other.rules)
 * 1:56783 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Bunitu-9815611-0 download attempt (snort3-malware-other.rules)
 * 1:56784 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (snort3-malware-cnc.rules)
 * 1:56785 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (snort3-malware-cnc.rules)
 * 1:56802 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-9815697-0 download attempt (snort3-malware-other.rules)
 * 1:56786 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (snort3-malware-cnc.rules)
 * 1:56803 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-9815697-0 download attempt (snort3-malware-other.rules)
 * 1:56733 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zeroaccess-9811539-0 download attempt (snort3-malware-other.rules)
 * 1:56734 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Pcclient-9811524-0 download attempt (snort3-malware-other.rules)
 * 1:56735 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Pcclient-9811524-0 download attempt (snort3-malware-other.rules)
 * 1:56736 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generic-9812011-0 download attempt (snort3-malware-other.rules)
 * 1:56737 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generic-9812011-0 download attempt (snort3-malware-other.rules)
 * 1:56738 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generickdz-9812035-0 download attempt (snort3-malware-other.rules)
 * 1:56739 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generickdz-9812035-0 download attempt (snort3-malware-other.rules)
 * 1:56740 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generickdz-9812036-0 download attempt (snort3-malware-other.rules)
 * 1:56741 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generickdz-9812036-0 download attempt (snort3-malware-other.rules)
 * 1:56742 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generickdz-9812037-0 download attempt (snort3-malware-other.rules)
 * 1:56743 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generickdz-9812037-0 download attempt (snort3-malware-other.rules)
 * 1:56744 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Cerbu-9811987-0 download attempt (snort3-malware-other.rules)
 * 1:56745 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Cerbu-9811987-0 download attempt (snort3-malware-other.rules)
 * 1:56746 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ulise-9811997-0 download attempt (snort3-malware-other.rules)
 * 1:56747 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ulise-9811997-0 download attempt (snort3-malware-other.rules)
 * 1:56748 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generickdz-9812114-0 download attempt (snort3-malware-other.rules)
 * 1:56749 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generickdz-9812114-0 download attempt (snort3-malware-other.rules)
 * 1:56750 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generickdz-9812058-0 download attempt (snort3-malware-other.rules)
 * 1:56751 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generickdz-9812058-0 download attempt (snort3-malware-other.rules)
 * 1:56752 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ulise-9812070-0 download attempt (snort3-malware-other.rules)
 * 1:56753 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ulise-9812070-0 download attempt (snort3-malware-other.rules)
 * 1:56754 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generickdz-9812083-0 download attempt (snort3-malware-other.rules)
 * 1:56755 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generickdz-9812083-0 download attempt (snort3-malware-other.rules)
 * 1:56756 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zusy-9812442-0 download attempt (snort3-malware-other.rules)
 * 1:56757 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zusy-9812442-0 download attempt (snort3-malware-other.rules)
 * 1:56758 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Ceeinject-9812597-0 download attempt (snort3-malware-other.rules)
 * 1:56759 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Ceeinject-9812597-0 download attempt (snort3-malware-other.rules)
 * 1:56760 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Mikey-9812612-0 download attempt (snort3-malware-other.rules)
 * 1:56761 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Mikey-9812612-0 download attempt (snort3-malware-other.rules)
 * 1:56762 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Upantix-9812630-0 download attempt (snort3-malware-other.rules)
 * 1:56763 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Upantix-9812630-0 download attempt (snort3-malware-other.rules)
 * 1:56764 <-> DISABLED <-> MALWARE-OTHER Win.Malware.3400da6c-9812978-0 download attempt (snort3-malware-other.rules)
 * 1:56765 <-> DISABLED <-> MALWARE-OTHER Win.Malware.3400da6c-9812978-0 download attempt (snort3-malware-other.rules)
 * 1:56766 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Shiz-9814645-0 download attempt (snort3-malware-other.rules)
 * 1:56767 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Shiz-9814645-0 download attempt (snort3-malware-other.rules)
 * 1:56768 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Supernova Webshell Command and Control attempt (snort3-malware-cnc.rules)
 * 1:56769 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (snort3-malware-cnc.rules)
 * 1:56770 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Qbot outbound connection attempt (snort3-malware-cnc.rules)
 * 1:56771 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Qbot outbound connection attempt (snort3-malware-cnc.rules)
 * 1:56772 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Qbot variant download attempt (snort3-malware-other.rules)
 * 1:56773 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Qbot variant download attempt (snort3-malware-other.rules)
 * 1:56774 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Qbot variant download attempt (snort3-malware-other.rules)
 * 1:56775 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Qbot variant download attempt (snort3-malware-other.rules)
 * 1:56791 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (snort3-malware-cnc.rules)
 * 1:56731 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Fareit-9810681-0 download attempt (snort3-malware-other.rules)
 * 1:56730 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Fareit-9810681-0 download attempt (snort3-malware-other.rules)
 * 1:56794 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (snort3-malware-cnc.rules)
 * 1:56801 <-> DISABLED <-> SERVER-WEBAPP LifeRay arbitrary Java object deserialization attempt (snort3-server-webapp.rules)
 * 1:56798 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (snort3-malware-cnc.rules)
 * 1:56776 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Gamarue-9811452-0 download attempt (snort3-malware-other.rules)

Modified Rules:


 * 1:16048 <-> DISABLED <-> SERVER-OTHER Microsoft ASP.NET application folder info disclosure attempt (snort3-server-other.rules)
 * 1:29592 <-> DISABLED <-> SERVER-APACHE Apache Struts wildcard matching OGNL remote code execution attempt (snort3-server-apache.rules)
 * 1:41816 <-> DISABLED <-> POLICY-OTHER ElasticSearch cluster health access detected (snort3-policy-other.rules)
 * 1:47690 <-> ENABLED <-> SERVER-APACHE Apache Struts java.lang.ProcessBuilder class access attempt (snort3-server-apache.rules)
 * 1:56581 <-> DISABLED <-> MALWARE-TOOLS GhostPack Rubeus kerberos request attempt (snort3-malware-tools.rules)
 * 1:56582 <-> DISABLED <-> MALWARE-TOOLS GhostPack Rubeus kerberos request attempt (snort3-malware-tools.rules)

2020-12-22 20:59:49 UTC

Snort Subscriber Rules Update

Date: 2020-12-22

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:56798 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules)
 * 1:56792 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules)
 * 1:56786 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules)
 * 1:56787 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules)
 * 1:56799 <-> DISABLED <-> SERVER-WEBAPP LifeRay arbitrary Java object deserialization attempt (server-webapp.rules)
 * 1:56784 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules)
 * 1:56788 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules)
 * 1:56797 <-> DISABLED <-> DELETED MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (deleted.rules)
 * 1:56790 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules)
 * 1:56789 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules)
 * 1:56785 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules)
 * 1:56731 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Fareit-9810681-0 download attempt (malware-other.rules)
 * 1:56732 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zeroaccess-9811539-0 download attempt (malware-other.rules)
 * 1:56733 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zeroaccess-9811539-0 download attempt (malware-other.rules)
 * 1:56734 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Pcclient-9811524-0 download attempt (malware-other.rules)
 * 1:56735 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Pcclient-9811524-0 download attempt (malware-other.rules)
 * 1:56794 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules)
 * 1:56793 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules)
 * 1:56736 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generic-9812011-0 download attempt (malware-other.rules)
 * 1:56737 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generic-9812011-0 download attempt (malware-other.rules)
 * 1:56738 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generickdz-9812035-0 download attempt (malware-other.rules)
 * 1:56739 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generickdz-9812035-0 download attempt (malware-other.rules)
 * 1:56802 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-9815697-0 download attempt (malware-other.rules)
 * 1:56740 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generickdz-9812036-0 download attempt (malware-other.rules)
 * 1:56800 <-> DISABLED <-> SERVER-WEBAPP LifeRay arbitrary Java object deserialization attempt (server-webapp.rules)
 * 1:56741 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generickdz-9812036-0 download attempt (malware-other.rules)
 * 1:56742 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generickdz-9812037-0 download attempt (malware-other.rules)
 * 1:56801 <-> DISABLED <-> SERVER-WEBAPP LifeRay arbitrary Java object deserialization attempt (server-webapp.rules)
 * 1:56743 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generickdz-9812037-0 download attempt (malware-other.rules)
 * 1:56744 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Cerbu-9811987-0 download attempt (malware-other.rules)
 * 1:56803 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-9815697-0 download attempt (malware-other.rules)
 * 1:56745 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Cerbu-9811987-0 download attempt (malware-other.rules)
 * 1:56746 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ulise-9811997-0 download attempt (malware-other.rules)
 * 1:56747 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ulise-9811997-0 download attempt (malware-other.rules)
 * 1:56748 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generickdz-9812114-0 download attempt (malware-other.rules)
 * 1:56749 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generickdz-9812114-0 download attempt (malware-other.rules)
 * 1:56750 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generickdz-9812058-0 download attempt (malware-other.rules)
 * 1:56751 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generickdz-9812058-0 download attempt (malware-other.rules)
 * 1:56752 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ulise-9812070-0 download attempt (malware-other.rules)
 * 1:56753 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ulise-9812070-0 download attempt (malware-other.rules)
 * 1:56754 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generickdz-9812083-0 download attempt (malware-other.rules)
 * 1:56755 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generickdz-9812083-0 download attempt (malware-other.rules)
 * 1:56756 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zusy-9812442-0 download attempt (malware-other.rules)
 * 1:56757 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zusy-9812442-0 download attempt (malware-other.rules)
 * 1:56758 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Ceeinject-9812597-0 download attempt (malware-other.rules)
 * 1:56759 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Ceeinject-9812597-0 download attempt (malware-other.rules)
 * 1:56760 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Mikey-9812612-0 download attempt (malware-other.rules)
 * 1:56761 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Mikey-9812612-0 download attempt (malware-other.rules)
 * 1:56762 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Upantix-9812630-0 download attempt (malware-other.rules)
 * 1:56763 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Upantix-9812630-0 download attempt (malware-other.rules)
 * 1:56764 <-> DISABLED <-> MALWARE-OTHER Win.Malware.3400da6c-9812978-0 download attempt (malware-other.rules)
 * 1:56765 <-> DISABLED <-> MALWARE-OTHER Win.Malware.3400da6c-9812978-0 download attempt (malware-other.rules)
 * 1:56766 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Shiz-9814645-0 download attempt (malware-other.rules)
 * 1:56767 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Shiz-9814645-0 download attempt (malware-other.rules)
 * 1:56768 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Supernova Webshell Command and Control attempt (malware-cnc.rules)
 * 1:56769 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules)
 * 1:56770 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Qbot outbound connection attempt (malware-cnc.rules)
 * 1:56771 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Qbot outbound connection attempt (malware-cnc.rules)
 * 1:56772 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Qbot variant download attempt (malware-other.rules)
 * 1:56773 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Qbot variant download attempt (malware-other.rules)
 * 1:56774 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Qbot variant download attempt (malware-other.rules)
 * 1:56775 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Qbot variant download attempt (malware-other.rules)
 * 1:56776 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Gamarue-9811452-0 download attempt (malware-other.rules)
 * 1:56777 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Gamarue-9811452-0 download attempt (malware-other.rules)
 * 1:56778 <-> DISABLED <-> SERVER-WEBAPP ARRIS VAP2500 list_mac_address cmb_macaddrfilter command injection attempt (server-webapp.rules)
 * 1:56730 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Fareit-9810681-0 download attempt (malware-other.rules)
 * 1:56795 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules)
 * 1:56779 <-> DISABLED <-> SERVER-WEBAPP ARRIS VAP2500 list_mac_address cmb_macaddrfilter command injection attempt (server-webapp.rules)
 * 1:56791 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules)
 * 1:56796 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules)
 * 1:56780 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Cerber-9815517-0 download attempt (malware-other.rules)
 * 1:56781 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Cerber-9815517-0 download attempt (malware-other.rules)
 * 1:56782 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Bunitu-9815611-0 download attempt (malware-other.rules)
 * 1:56783 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Bunitu-9815611-0 download attempt (malware-other.rules)

Modified Rules:


 * 1:16048 <-> DISABLED <-> SERVER-OTHER Microsoft ASP.NET application folder info disclosure attempt (server-other.rules)
 * 1:56582 <-> DISABLED <-> MALWARE-TOOLS GhostPack Rubeus kerberos request attempt (malware-tools.rules)
 * 1:41816 <-> DISABLED <-> POLICY-OTHER ElasticSearch cluster health access detected (policy-other.rules)
 * 1:47690 <-> ENABLED <-> SERVER-APACHE Apache Struts java.lang.ProcessBuilder class access attempt (server-apache.rules)
 * 1:29592 <-> DISABLED <-> SERVER-APACHE Apache Struts wildcard matching OGNL remote code execution attempt (server-apache.rules)
 * 1:56581 <-> DISABLED <-> MALWARE-TOOLS GhostPack Rubeus kerberos request attempt (malware-tools.rules)
 * 3:47722 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2018-0670 attack attempt (file-other.rules)
 * 3:47721 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2018-0670 attack attempt (file-other.rules)