Talos has added and modified multiple rules in the deleted, file-other, malware-cnc, malware-other, malware-tools, policy-other, server-apache and server-webapp rule sets to provide coverage for emerging threats from these technologies.
For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091700.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:56732 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zeroaccess-9811539-0 download attempt (malware-other.rules) * 1:56733 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zeroaccess-9811539-0 download attempt (malware-other.rules) * 1:56734 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Pcclient-9811524-0 download attempt (malware-other.rules) * 1:56735 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Pcclient-9811524-0 download attempt (malware-other.rules) * 1:56736 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generic-9812011-0 download attempt (malware-other.rules) * 1:56737 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generic-9812011-0 download attempt (malware-other.rules) * 1:56738 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generickdz-9812035-0 download attempt (malware-other.rules) * 1:56739 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generickdz-9812035-0 download attempt (malware-other.rules) * 1:56740 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generickdz-9812036-0 download attempt (malware-other.rules) * 1:56741 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generickdz-9812036-0 download attempt (malware-other.rules) * 1:56742 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generickdz-9812037-0 download attempt (malware-other.rules) * 1:56743 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generickdz-9812037-0 download attempt (malware-other.rules) * 1:56744 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Cerbu-9811987-0 download attempt (malware-other.rules) * 1:56745 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Cerbu-9811987-0 download attempt (malware-other.rules) * 1:56746 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ulise-9811997-0 download attempt (malware-other.rules) * 1:56747 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ulise-9811997-0 download attempt (malware-other.rules) * 1:56748 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generickdz-9812114-0 download attempt (malware-other.rules) * 1:56749 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generickdz-9812114-0 download attempt (malware-other.rules) * 1:56750 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generickdz-9812058-0 download attempt (malware-other.rules) * 1:56751 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generickdz-9812058-0 download attempt (malware-other.rules) * 1:56752 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ulise-9812070-0 download attempt (malware-other.rules) * 1:56753 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ulise-9812070-0 download attempt (malware-other.rules) * 1:56754 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generickdz-9812083-0 download attempt (malware-other.rules) * 1:56755 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generickdz-9812083-0 download attempt (malware-other.rules) * 1:56756 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zusy-9812442-0 download attempt (malware-other.rules) * 1:56757 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zusy-9812442-0 download attempt (malware-other.rules) * 1:56758 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Ceeinject-9812597-0 download attempt (malware-other.rules) * 1:56759 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Ceeinject-9812597-0 download attempt (malware-other.rules) * 1:56760 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Mikey-9812612-0 download attempt (malware-other.rules) * 1:56761 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Mikey-9812612-0 download attempt (malware-other.rules) * 1:56762 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Upantix-9812630-0 download attempt (malware-other.rules) * 1:56763 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Upantix-9812630-0 download attempt (malware-other.rules) * 1:56764 <-> DISABLED <-> MALWARE-OTHER Win.Malware.3400da6c-9812978-0 download attempt (malware-other.rules) * 1:56765 <-> DISABLED <-> MALWARE-OTHER Win.Malware.3400da6c-9812978-0 download attempt (malware-other.rules) * 1:56766 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Shiz-9814645-0 download attempt (malware-other.rules) * 1:56767 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Shiz-9814645-0 download attempt (malware-other.rules) * 1:56768 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Supernova Webshell Command and Control attempt (malware-cnc.rules) * 1:56769 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules) * 1:56770 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Qbot outbound connection attempt (malware-cnc.rules) * 1:56771 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Qbot outbound connection attempt (malware-cnc.rules) * 1:56772 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Qbot variant download attempt (malware-other.rules) * 1:56773 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Qbot variant download attempt (malware-other.rules) * 1:56730 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Fareit-9810681-0 download attempt (malware-other.rules) * 1:56731 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Fareit-9810681-0 download attempt (malware-other.rules) * 1:56774 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Qbot variant download attempt (malware-other.rules) * 1:56775 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Qbot variant download attempt (malware-other.rules) * 1:56776 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Gamarue-9811452-0 download attempt (malware-other.rules) * 1:56777 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Gamarue-9811452-0 download attempt (malware-other.rules) * 1:56778 <-> DISABLED <-> SERVER-WEBAPP ARRIS VAP2500 list_mac_address cmb_macaddrfilter command injection attempt (server-webapp.rules) * 1:56779 <-> DISABLED <-> SERVER-WEBAPP ARRIS VAP2500 list_mac_address cmb_macaddrfilter command injection attempt (server-webapp.rules) * 1:56780 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Cerber-9815517-0 download attempt (malware-other.rules) * 1:56781 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Cerber-9815517-0 download attempt (malware-other.rules) * 1:56782 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Bunitu-9815611-0 download attempt (malware-other.rules) * 1:56783 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Bunitu-9815611-0 download attempt (malware-other.rules) * 1:56784 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules) * 1:56785 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules) * 1:56786 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules) * 1:56787 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules) * 1:56788 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules) * 1:56789 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules) * 1:56790 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules) * 1:56791 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules) * 1:56792 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules) * 1:56793 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules) * 1:56794 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules) * 1:56795 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules) * 1:56796 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules) * 1:56797 <-> DISABLED <-> DELETED MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (deleted.rules) * 1:56798 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules) * 1:56799 <-> DISABLED <-> SERVER-WEBAPP LifeRay arbitrary Java object deserialization attempt (server-webapp.rules) * 1:56800 <-> DISABLED <-> SERVER-WEBAPP LifeRay arbitrary Java object deserialization attempt (server-webapp.rules) * 1:56801 <-> DISABLED <-> SERVER-WEBAPP LifeRay arbitrary Java object deserialization attempt (server-webapp.rules) * 1:56802 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-9815697-0 download attempt (malware-other.rules) * 1:56803 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-9815697-0 download attempt (malware-other.rules)
* 1:16048 <-> DISABLED <-> SERVER-OTHER Microsoft ASP.NET application folder info disclosure attempt (server-other.rules) * 1:29592 <-> DISABLED <-> SERVER-APACHE Apache Struts wildcard matching OGNL remote code execution attempt (server-apache.rules) * 1:41816 <-> DISABLED <-> POLICY-OTHER ElasticSearch cluster health access detected (policy-other.rules) * 1:47690 <-> ENABLED <-> SERVER-APACHE Apache Struts java.lang.ProcessBuilder class access attempt (server-apache.rules) * 1:56581 <-> DISABLED <-> MALWARE-TOOLS GhostPack Rubeus kerberos request attempt (malware-tools.rules) * 1:56582 <-> DISABLED <-> MALWARE-TOOLS GhostPack Rubeus kerberos request attempt (malware-tools.rules) * 3:47721 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2018-0670 attack attempt (file-other.rules) * 3:47722 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2018-0670 attack attempt (file-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091601.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:56786 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules) * 1:56731 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Fareit-9810681-0 download attempt (malware-other.rules) * 1:56730 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Fareit-9810681-0 download attempt (malware-other.rules) * 1:56732 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zeroaccess-9811539-0 download attempt (malware-other.rules) * 1:56733 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zeroaccess-9811539-0 download attempt (malware-other.rules) * 1:56734 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Pcclient-9811524-0 download attempt (malware-other.rules) * 1:56735 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Pcclient-9811524-0 download attempt (malware-other.rules) * 1:56736 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generic-9812011-0 download attempt (malware-other.rules) * 1:56737 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generic-9812011-0 download attempt (malware-other.rules) * 1:56738 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generickdz-9812035-0 download attempt (malware-other.rules) * 1:56739 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generickdz-9812035-0 download attempt (malware-other.rules) * 1:56740 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generickdz-9812036-0 download attempt (malware-other.rules) * 1:56741 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generickdz-9812036-0 download attempt (malware-other.rules) * 1:56742 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generickdz-9812037-0 download attempt (malware-other.rules) * 1:56743 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generickdz-9812037-0 download attempt (malware-other.rules) * 1:56744 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Cerbu-9811987-0 download attempt (malware-other.rules) * 1:56745 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Cerbu-9811987-0 download attempt (malware-other.rules) * 1:56746 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ulise-9811997-0 download attempt (malware-other.rules) * 1:56747 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ulise-9811997-0 download attempt (malware-other.rules) * 1:56748 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generickdz-9812114-0 download attempt (malware-other.rules) * 1:56749 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generickdz-9812114-0 download attempt (malware-other.rules) * 1:56750 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generickdz-9812058-0 download attempt (malware-other.rules) * 1:56751 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generickdz-9812058-0 download attempt (malware-other.rules) * 1:56752 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ulise-9812070-0 download attempt (malware-other.rules) * 1:56753 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ulise-9812070-0 download attempt (malware-other.rules) * 1:56754 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generickdz-9812083-0 download attempt (malware-other.rules) * 1:56755 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generickdz-9812083-0 download attempt (malware-other.rules) * 1:56756 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zusy-9812442-0 download attempt (malware-other.rules) * 1:56757 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zusy-9812442-0 download attempt (malware-other.rules) * 1:56758 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Ceeinject-9812597-0 download attempt (malware-other.rules) * 1:56759 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Ceeinject-9812597-0 download attempt (malware-other.rules) * 1:56760 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Mikey-9812612-0 download attempt (malware-other.rules) * 1:56761 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Mikey-9812612-0 download attempt (malware-other.rules) * 1:56762 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Upantix-9812630-0 download attempt (malware-other.rules) * 1:56763 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Upantix-9812630-0 download attempt (malware-other.rules) * 1:56764 <-> DISABLED <-> MALWARE-OTHER Win.Malware.3400da6c-9812978-0 download attempt (malware-other.rules) * 1:56765 <-> DISABLED <-> MALWARE-OTHER Win.Malware.3400da6c-9812978-0 download attempt (malware-other.rules) * 1:56766 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Shiz-9814645-0 download attempt (malware-other.rules) * 1:56767 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Shiz-9814645-0 download attempt (malware-other.rules) * 1:56768 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Supernova Webshell Command and Control attempt (malware-cnc.rules) * 1:56769 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules) * 1:56770 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Qbot outbound connection attempt (malware-cnc.rules) * 1:56771 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Qbot outbound connection attempt (malware-cnc.rules) * 1:56772 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Qbot variant download attempt (malware-other.rules) * 1:56773 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Qbot variant download attempt (malware-other.rules) * 1:56774 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Qbot variant download attempt (malware-other.rules) * 1:56775 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Qbot variant download attempt (malware-other.rules) * 1:56776 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Gamarue-9811452-0 download attempt (malware-other.rules) * 1:56777 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Gamarue-9811452-0 download attempt (malware-other.rules) * 1:56778 <-> DISABLED <-> SERVER-WEBAPP ARRIS VAP2500 list_mac_address cmb_macaddrfilter command injection attempt (server-webapp.rules) * 1:56779 <-> DISABLED <-> SERVER-WEBAPP ARRIS VAP2500 list_mac_address cmb_macaddrfilter command injection attempt (server-webapp.rules) * 1:56780 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Cerber-9815517-0 download attempt (malware-other.rules) * 1:56781 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Cerber-9815517-0 download attempt (malware-other.rules) * 1:56782 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Bunitu-9815611-0 download attempt (malware-other.rules) * 1:56783 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Bunitu-9815611-0 download attempt (malware-other.rules) * 1:56784 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules) * 1:56790 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules) * 1:56789 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules) * 1:56788 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules) * 1:56791 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules) * 1:56792 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules) * 1:56793 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules) * 1:56794 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules) * 1:56795 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules) * 1:56796 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules) * 1:56797 <-> DISABLED <-> DELETED MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (deleted.rules) * 1:56798 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules) * 1:56799 <-> DISABLED <-> SERVER-WEBAPP LifeRay arbitrary Java object deserialization attempt (server-webapp.rules) * 1:56800 <-> DISABLED <-> SERVER-WEBAPP LifeRay arbitrary Java object deserialization attempt (server-webapp.rules) * 1:56801 <-> DISABLED <-> SERVER-WEBAPP LifeRay arbitrary Java object deserialization attempt (server-webapp.rules) * 1:56802 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-9815697-0 download attempt (malware-other.rules) * 1:56803 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-9815697-0 download attempt (malware-other.rules) * 1:56787 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules) * 1:56785 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules)
* 1:16048 <-> DISABLED <-> SERVER-OTHER Microsoft ASP.NET application folder info disclosure attempt (server-other.rules) * 1:29592 <-> DISABLED <-> SERVER-APACHE Apache Struts wildcard matching OGNL remote code execution attempt (server-apache.rules) * 1:41816 <-> DISABLED <-> POLICY-OTHER ElasticSearch cluster health access detected (policy-other.rules) * 1:47690 <-> ENABLED <-> SERVER-APACHE Apache Struts java.lang.ProcessBuilder class access attempt (server-apache.rules) * 1:56581 <-> DISABLED <-> MALWARE-TOOLS GhostPack Rubeus kerberos request attempt (malware-tools.rules) * 1:56582 <-> DISABLED <-> MALWARE-TOOLS GhostPack Rubeus kerberos request attempt (malware-tools.rules) * 3:47721 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2018-0670 attack attempt (file-other.rules) * 3:47722 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2018-0670 attack attempt (file-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091600.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:56788 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules) * 1:56730 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Fareit-9810681-0 download attempt (malware-other.rules) * 1:56731 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Fareit-9810681-0 download attempt (malware-other.rules) * 1:56786 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules) * 1:56787 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules) * 1:56790 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules) * 1:56789 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules) * 1:56791 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules) * 1:56792 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules) * 1:56793 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules) * 1:56794 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules) * 1:56795 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules) * 1:56796 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules) * 1:56797 <-> DISABLED <-> DELETED MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (deleted.rules) * 1:56798 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules) * 1:56799 <-> DISABLED <-> SERVER-WEBAPP LifeRay arbitrary Java object deserialization attempt (server-webapp.rules) * 1:56800 <-> DISABLED <-> SERVER-WEBAPP LifeRay arbitrary Java object deserialization attempt (server-webapp.rules) * 1:56801 <-> DISABLED <-> SERVER-WEBAPP LifeRay arbitrary Java object deserialization attempt (server-webapp.rules) * 1:56802 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-9815697-0 download attempt (malware-other.rules) * 1:56803 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-9815697-0 download attempt (malware-other.rules) * 1:56784 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules) * 1:56733 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zeroaccess-9811539-0 download attempt (malware-other.rules) * 1:56732 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zeroaccess-9811539-0 download attempt (malware-other.rules) * 1:56735 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Pcclient-9811524-0 download attempt (malware-other.rules) * 1:56734 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Pcclient-9811524-0 download attempt (malware-other.rules) * 1:56736 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generic-9812011-0 download attempt (malware-other.rules) * 1:56738 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generickdz-9812035-0 download attempt (malware-other.rules) * 1:56737 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generic-9812011-0 download attempt (malware-other.rules) * 1:56740 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generickdz-9812036-0 download attempt (malware-other.rules) * 1:56739 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generickdz-9812035-0 download attempt (malware-other.rules) * 1:56742 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generickdz-9812037-0 download attempt (malware-other.rules) * 1:56741 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generickdz-9812036-0 download attempt (malware-other.rules) * 1:56744 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Cerbu-9811987-0 download attempt (malware-other.rules) * 1:56743 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generickdz-9812037-0 download attempt (malware-other.rules) * 1:56746 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ulise-9811997-0 download attempt (malware-other.rules) * 1:56745 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Cerbu-9811987-0 download attempt (malware-other.rules) * 1:56747 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ulise-9811997-0 download attempt (malware-other.rules) * 1:56749 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generickdz-9812114-0 download attempt (malware-other.rules) * 1:56748 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generickdz-9812114-0 download attempt (malware-other.rules) * 1:56751 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generickdz-9812058-0 download attempt (malware-other.rules) * 1:56750 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generickdz-9812058-0 download attempt (malware-other.rules) * 1:56753 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ulise-9812070-0 download attempt (malware-other.rules) * 1:56752 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ulise-9812070-0 download attempt (malware-other.rules) * 1:56755 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generickdz-9812083-0 download attempt (malware-other.rules) * 1:56754 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generickdz-9812083-0 download attempt (malware-other.rules) * 1:56757 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zusy-9812442-0 download attempt (malware-other.rules) * 1:56756 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zusy-9812442-0 download attempt (malware-other.rules) * 1:56759 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Ceeinject-9812597-0 download attempt (malware-other.rules) * 1:56758 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Ceeinject-9812597-0 download attempt (malware-other.rules) * 1:56761 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Mikey-9812612-0 download attempt (malware-other.rules) * 1:56760 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Mikey-9812612-0 download attempt (malware-other.rules) * 1:56763 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Upantix-9812630-0 download attempt (malware-other.rules) * 1:56762 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Upantix-9812630-0 download attempt (malware-other.rules) * 1:56765 <-> DISABLED <-> MALWARE-OTHER Win.Malware.3400da6c-9812978-0 download attempt (malware-other.rules) * 1:56764 <-> DISABLED <-> MALWARE-OTHER Win.Malware.3400da6c-9812978-0 download attempt (malware-other.rules) * 1:56767 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Shiz-9814645-0 download attempt (malware-other.rules) * 1:56766 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Shiz-9814645-0 download attempt (malware-other.rules) * 1:56769 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules) * 1:56768 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Supernova Webshell Command and Control attempt (malware-cnc.rules) * 1:56771 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Qbot outbound connection attempt (malware-cnc.rules) * 1:56770 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Qbot outbound connection attempt (malware-cnc.rules) * 1:56773 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Qbot variant download attempt (malware-other.rules) * 1:56772 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Qbot variant download attempt (malware-other.rules) * 1:56775 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Qbot variant download attempt (malware-other.rules) * 1:56774 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Qbot variant download attempt (malware-other.rules) * 1:56776 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Gamarue-9811452-0 download attempt (malware-other.rules) * 1:56777 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Gamarue-9811452-0 download attempt (malware-other.rules) * 1:56779 <-> DISABLED <-> SERVER-WEBAPP ARRIS VAP2500 list_mac_address cmb_macaddrfilter command injection attempt (server-webapp.rules) * 1:56778 <-> DISABLED <-> SERVER-WEBAPP ARRIS VAP2500 list_mac_address cmb_macaddrfilter command injection attempt (server-webapp.rules) * 1:56783 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Bunitu-9815611-0 download attempt (malware-other.rules) * 1:56780 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Cerber-9815517-0 download attempt (malware-other.rules) * 1:56781 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Cerber-9815517-0 download attempt (malware-other.rules) * 1:56782 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Bunitu-9815611-0 download attempt (malware-other.rules) * 1:56785 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules)
* 1:41816 <-> DISABLED <-> POLICY-OTHER ElasticSearch cluster health access detected (policy-other.rules) * 1:29592 <-> DISABLED <-> SERVER-APACHE Apache Struts wildcard matching OGNL remote code execution attempt (server-apache.rules) * 1:56581 <-> DISABLED <-> MALWARE-TOOLS GhostPack Rubeus kerberos request attempt (malware-tools.rules) * 1:56582 <-> DISABLED <-> MALWARE-TOOLS GhostPack Rubeus kerberos request attempt (malware-tools.rules) * 1:47690 <-> ENABLED <-> SERVER-APACHE Apache Struts java.lang.ProcessBuilder class access attempt (server-apache.rules) * 1:16048 <-> DISABLED <-> SERVER-OTHER Microsoft ASP.NET application folder info disclosure attempt (server-other.rules) * 3:47721 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2018-0670 attack attempt (file-other.rules) * 3:47722 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2018-0670 attack attempt (file-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091501.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:56789 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules) * 1:56787 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules) * 1:56790 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules) * 1:56797 <-> DISABLED <-> DELETED MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (deleted.rules) * 1:56799 <-> DISABLED <-> SERVER-WEBAPP LifeRay arbitrary Java object deserialization attempt (server-webapp.rules) * 1:56796 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules) * 1:56795 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules) * 1:56788 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules) * 1:56786 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules) * 1:56791 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules) * 1:56730 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Fareit-9810681-0 download attempt (malware-other.rules) * 1:56731 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Fareit-9810681-0 download attempt (malware-other.rules) * 1:56732 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zeroaccess-9811539-0 download attempt (malware-other.rules) * 1:56798 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules) * 1:56733 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zeroaccess-9811539-0 download attempt (malware-other.rules) * 1:56785 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules) * 1:56734 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Pcclient-9811524-0 download attempt (malware-other.rules) * 1:56735 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Pcclient-9811524-0 download attempt (malware-other.rules) * 1:56736 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generic-9812011-0 download attempt (malware-other.rules) * 1:56737 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generic-9812011-0 download attempt (malware-other.rules) * 1:56738 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generickdz-9812035-0 download attempt (malware-other.rules) * 1:56739 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generickdz-9812035-0 download attempt (malware-other.rules) * 1:56740 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generickdz-9812036-0 download attempt (malware-other.rules) * 1:56741 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generickdz-9812036-0 download attempt (malware-other.rules) * 1:56742 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generickdz-9812037-0 download attempt (malware-other.rules) * 1:56743 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generickdz-9812037-0 download attempt (malware-other.rules) * 1:56744 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Cerbu-9811987-0 download attempt (malware-other.rules) * 1:56745 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Cerbu-9811987-0 download attempt (malware-other.rules) * 1:56746 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ulise-9811997-0 download attempt (malware-other.rules) * 1:56747 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ulise-9811997-0 download attempt (malware-other.rules) * 1:56748 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generickdz-9812114-0 download attempt (malware-other.rules) * 1:56749 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generickdz-9812114-0 download attempt (malware-other.rules) * 1:56750 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generickdz-9812058-0 download attempt (malware-other.rules) * 1:56751 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generickdz-9812058-0 download attempt (malware-other.rules) * 1:56752 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ulise-9812070-0 download attempt (malware-other.rules) * 1:56753 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ulise-9812070-0 download attempt (malware-other.rules) * 1:56754 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generickdz-9812083-0 download attempt (malware-other.rules) * 1:56755 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generickdz-9812083-0 download attempt (malware-other.rules) * 1:56756 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zusy-9812442-0 download attempt (malware-other.rules) * 1:56757 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zusy-9812442-0 download attempt (malware-other.rules) * 1:56758 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Ceeinject-9812597-0 download attempt (malware-other.rules) * 1:56759 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Ceeinject-9812597-0 download attempt (malware-other.rules) * 1:56760 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Mikey-9812612-0 download attempt (malware-other.rules) * 1:56761 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Mikey-9812612-0 download attempt (malware-other.rules) * 1:56762 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Upantix-9812630-0 download attempt (malware-other.rules) * 1:56763 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Upantix-9812630-0 download attempt (malware-other.rules) * 1:56764 <-> DISABLED <-> MALWARE-OTHER Win.Malware.3400da6c-9812978-0 download attempt (malware-other.rules) * 1:56765 <-> DISABLED <-> MALWARE-OTHER Win.Malware.3400da6c-9812978-0 download attempt (malware-other.rules) * 1:56766 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Shiz-9814645-0 download attempt (malware-other.rules) * 1:56767 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Shiz-9814645-0 download attempt (malware-other.rules) * 1:56768 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Supernova Webshell Command and Control attempt (malware-cnc.rules) * 1:56769 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules) * 1:56770 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Qbot outbound connection attempt (malware-cnc.rules) * 1:56771 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Qbot outbound connection attempt (malware-cnc.rules) * 1:56772 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Qbot variant download attempt (malware-other.rules) * 1:56773 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Qbot variant download attempt (malware-other.rules) * 1:56774 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Qbot variant download attempt (malware-other.rules) * 1:56775 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Qbot variant download attempt (malware-other.rules) * 1:56776 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Gamarue-9811452-0 download attempt (malware-other.rules) * 1:56777 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Gamarue-9811452-0 download attempt (malware-other.rules) * 1:56778 <-> DISABLED <-> SERVER-WEBAPP ARRIS VAP2500 list_mac_address cmb_macaddrfilter command injection attempt (server-webapp.rules) * 1:56779 <-> DISABLED <-> SERVER-WEBAPP ARRIS VAP2500 list_mac_address cmb_macaddrfilter command injection attempt (server-webapp.rules) * 1:56780 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Cerber-9815517-0 download attempt (malware-other.rules) * 1:56781 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Cerber-9815517-0 download attempt (malware-other.rules) * 1:56782 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Bunitu-9815611-0 download attempt (malware-other.rules) * 1:56783 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Bunitu-9815611-0 download attempt (malware-other.rules) * 1:56784 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules) * 1:56793 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules) * 1:56800 <-> DISABLED <-> SERVER-WEBAPP LifeRay arbitrary Java object deserialization attempt (server-webapp.rules) * 1:56802 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-9815697-0 download attempt (malware-other.rules) * 1:56801 <-> DISABLED <-> SERVER-WEBAPP LifeRay arbitrary Java object deserialization attempt (server-webapp.rules) * 1:56803 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-9815697-0 download attempt (malware-other.rules) * 1:56792 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules) * 1:56794 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules)
* 1:16048 <-> DISABLED <-> SERVER-OTHER Microsoft ASP.NET application folder info disclosure attempt (server-other.rules) * 1:29592 <-> DISABLED <-> SERVER-APACHE Apache Struts wildcard matching OGNL remote code execution attempt (server-apache.rules) * 1:41816 <-> DISABLED <-> POLICY-OTHER ElasticSearch cluster health access detected (policy-other.rules) * 1:47690 <-> ENABLED <-> SERVER-APACHE Apache Struts java.lang.ProcessBuilder class access attempt (server-apache.rules) * 1:56581 <-> DISABLED <-> MALWARE-TOOLS GhostPack Rubeus kerberos request attempt (malware-tools.rules) * 1:56582 <-> DISABLED <-> MALWARE-TOOLS GhostPack Rubeus kerberos request attempt (malware-tools.rules) * 3:47721 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2018-0670 attack attempt (file-other.rules) * 3:47722 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2018-0670 attack attempt (file-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091500.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:56787 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules) * 1:56788 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules) * 1:56798 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules) * 1:56796 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules) * 1:56793 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules) * 1:56799 <-> DISABLED <-> SERVER-WEBAPP LifeRay arbitrary Java object deserialization attempt (server-webapp.rules) * 1:56797 <-> DISABLED <-> DELETED MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (deleted.rules) * 1:56790 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules) * 1:56786 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules) * 1:56791 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules) * 1:56789 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules) * 1:56795 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules) * 1:56794 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules) * 1:56732 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zeroaccess-9811539-0 download attempt (malware-other.rules) * 1:56733 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zeroaccess-9811539-0 download attempt (malware-other.rules) * 1:56736 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generic-9812011-0 download attempt (malware-other.rules) * 1:56734 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Pcclient-9811524-0 download attempt (malware-other.rules) * 1:56737 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generic-9812011-0 download attempt (malware-other.rules) * 1:56740 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generickdz-9812036-0 download attempt (malware-other.rules) * 1:56735 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Pcclient-9811524-0 download attempt (malware-other.rules) * 1:56738 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generickdz-9812035-0 download attempt (malware-other.rules) * 1:56741 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generickdz-9812036-0 download attempt (malware-other.rules) * 1:56744 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Cerbu-9811987-0 download attempt (malware-other.rules) * 1:56739 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generickdz-9812035-0 download attempt (malware-other.rules) * 1:56742 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generickdz-9812037-0 download attempt (malware-other.rules) * 1:56745 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Cerbu-9811987-0 download attempt (malware-other.rules) * 1:56748 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generickdz-9812114-0 download attempt (malware-other.rules) * 1:56743 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generickdz-9812037-0 download attempt (malware-other.rules) * 1:56746 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ulise-9811997-0 download attempt (malware-other.rules) * 1:56749 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generickdz-9812114-0 download attempt (malware-other.rules) * 1:56752 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ulise-9812070-0 download attempt (malware-other.rules) * 1:56747 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ulise-9811997-0 download attempt (malware-other.rules) * 1:56750 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generickdz-9812058-0 download attempt (malware-other.rules) * 1:56753 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ulise-9812070-0 download attempt (malware-other.rules) * 1:56756 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zusy-9812442-0 download attempt (malware-other.rules) * 1:56751 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generickdz-9812058-0 download attempt (malware-other.rules) * 1:56754 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generickdz-9812083-0 download attempt (malware-other.rules) * 1:56757 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zusy-9812442-0 download attempt (malware-other.rules) * 1:56760 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Mikey-9812612-0 download attempt (malware-other.rules) * 1:56755 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generickdz-9812083-0 download attempt (malware-other.rules) * 1:56758 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Ceeinject-9812597-0 download attempt (malware-other.rules) * 1:56761 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Mikey-9812612-0 download attempt (malware-other.rules) * 1:56764 <-> DISABLED <-> MALWARE-OTHER Win.Malware.3400da6c-9812978-0 download attempt (malware-other.rules) * 1:56759 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Ceeinject-9812597-0 download attempt (malware-other.rules) * 1:56762 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Upantix-9812630-0 download attempt (malware-other.rules) * 1:56765 <-> DISABLED <-> MALWARE-OTHER Win.Malware.3400da6c-9812978-0 download attempt (malware-other.rules) * 1:56768 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Supernova Webshell Command and Control attempt (malware-cnc.rules) * 1:56763 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Upantix-9812630-0 download attempt (malware-other.rules) * 1:56766 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Shiz-9814645-0 download attempt (malware-other.rules) * 1:56769 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules) * 1:56772 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Qbot variant download attempt (malware-other.rules) * 1:56767 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Shiz-9814645-0 download attempt (malware-other.rules) * 1:56770 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Qbot outbound connection attempt (malware-cnc.rules) * 1:56773 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Qbot variant download attempt (malware-other.rules) * 1:56776 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Gamarue-9811452-0 download attempt (malware-other.rules) * 1:56771 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Qbot outbound connection attempt (malware-cnc.rules) * 1:56774 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Qbot variant download attempt (malware-other.rules) * 1:56777 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Gamarue-9811452-0 download attempt (malware-other.rules) * 1:56780 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Cerber-9815517-0 download attempt (malware-other.rules) * 1:56775 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Qbot variant download attempt (malware-other.rules) * 1:56778 <-> DISABLED <-> SERVER-WEBAPP ARRIS VAP2500 list_mac_address cmb_macaddrfilter command injection attempt (server-webapp.rules) * 1:56781 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Cerber-9815517-0 download attempt (malware-other.rules) * 1:56784 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules) * 1:56779 <-> DISABLED <-> SERVER-WEBAPP ARRIS VAP2500 list_mac_address cmb_macaddrfilter command injection attempt (server-webapp.rules) * 1:56782 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Bunitu-9815611-0 download attempt (malware-other.rules) * 1:56785 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules) * 1:56783 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Bunitu-9815611-0 download attempt (malware-other.rules) * 1:56730 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Fareit-9810681-0 download attempt (malware-other.rules) * 1:56731 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Fareit-9810681-0 download attempt (malware-other.rules) * 1:56800 <-> DISABLED <-> SERVER-WEBAPP LifeRay arbitrary Java object deserialization attempt (server-webapp.rules) * 1:56801 <-> DISABLED <-> SERVER-WEBAPP LifeRay arbitrary Java object deserialization attempt (server-webapp.rules) * 1:56802 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-9815697-0 download attempt (malware-other.rules) * 1:56803 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-9815697-0 download attempt (malware-other.rules) * 1:56792 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules)
* 1:16048 <-> DISABLED <-> SERVER-OTHER Microsoft ASP.NET application folder info disclosure attempt (server-other.rules) * 1:29592 <-> DISABLED <-> SERVER-APACHE Apache Struts wildcard matching OGNL remote code execution attempt (server-apache.rules) * 1:41816 <-> DISABLED <-> POLICY-OTHER ElasticSearch cluster health access detected (policy-other.rules) * 1:47690 <-> ENABLED <-> SERVER-APACHE Apache Struts java.lang.ProcessBuilder class access attempt (server-apache.rules) * 1:56581 <-> DISABLED <-> MALWARE-TOOLS GhostPack Rubeus kerberos request attempt (malware-tools.rules) * 1:56582 <-> DISABLED <-> MALWARE-TOOLS GhostPack Rubeus kerberos request attempt (malware-tools.rules) * 3:47721 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2018-0670 attack attempt (file-other.rules) * 3:47722 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2018-0670 attack attempt (file-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091401.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:56789 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules) * 1:56798 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules) * 1:56797 <-> DISABLED <-> DELETED MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (deleted.rules) * 1:56791 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules) * 1:56790 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules) * 1:56787 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules) * 1:56786 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules) * 1:56793 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules) * 1:56800 <-> DISABLED <-> SERVER-WEBAPP LifeRay arbitrary Java object deserialization attempt (server-webapp.rules) * 1:56792 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules) * 1:56801 <-> DISABLED <-> SERVER-WEBAPP LifeRay arbitrary Java object deserialization attempt (server-webapp.rules) * 1:56802 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-9815697-0 download attempt (malware-other.rules) * 1:56803 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-9815697-0 download attempt (malware-other.rules) * 1:56799 <-> DISABLED <-> SERVER-WEBAPP LifeRay arbitrary Java object deserialization attempt (server-webapp.rules) * 1:56794 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules) * 1:56795 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules) * 1:56733 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zeroaccess-9811539-0 download attempt (malware-other.rules) * 1:56732 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zeroaccess-9811539-0 download attempt (malware-other.rules) * 1:56734 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Pcclient-9811524-0 download attempt (malware-other.rules) * 1:56737 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generic-9812011-0 download attempt (malware-other.rules) * 1:56736 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generic-9812011-0 download attempt (malware-other.rules) * 1:56735 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Pcclient-9811524-0 download attempt (malware-other.rules) * 1:56738 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generickdz-9812035-0 download attempt (malware-other.rules) * 1:56741 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generickdz-9812036-0 download attempt (malware-other.rules) * 1:56740 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generickdz-9812036-0 download attempt (malware-other.rules) * 1:56739 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generickdz-9812035-0 download attempt (malware-other.rules) * 1:56742 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generickdz-9812037-0 download attempt (malware-other.rules) * 1:56745 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Cerbu-9811987-0 download attempt (malware-other.rules) * 1:56744 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Cerbu-9811987-0 download attempt (malware-other.rules) * 1:56743 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generickdz-9812037-0 download attempt (malware-other.rules) * 1:56746 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ulise-9811997-0 download attempt (malware-other.rules) * 1:56749 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generickdz-9812114-0 download attempt (malware-other.rules) * 1:56747 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ulise-9811997-0 download attempt (malware-other.rules) * 1:56748 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generickdz-9812114-0 download attempt (malware-other.rules) * 1:56750 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generickdz-9812058-0 download attempt (malware-other.rules) * 1:56753 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ulise-9812070-0 download attempt (malware-other.rules) * 1:56752 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ulise-9812070-0 download attempt (malware-other.rules) * 1:56751 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generickdz-9812058-0 download attempt (malware-other.rules) * 1:56754 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generickdz-9812083-0 download attempt (malware-other.rules) * 1:56757 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zusy-9812442-0 download attempt (malware-other.rules) * 1:56755 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generickdz-9812083-0 download attempt (malware-other.rules) * 1:56756 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zusy-9812442-0 download attempt (malware-other.rules) * 1:56758 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Ceeinject-9812597-0 download attempt (malware-other.rules) * 1:56761 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Mikey-9812612-0 download attempt (malware-other.rules) * 1:56760 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Mikey-9812612-0 download attempt (malware-other.rules) * 1:56759 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Ceeinject-9812597-0 download attempt (malware-other.rules) * 1:56762 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Upantix-9812630-0 download attempt (malware-other.rules) * 1:56765 <-> DISABLED <-> MALWARE-OTHER Win.Malware.3400da6c-9812978-0 download attempt (malware-other.rules) * 1:56764 <-> DISABLED <-> MALWARE-OTHER Win.Malware.3400da6c-9812978-0 download attempt (malware-other.rules) * 1:56763 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Upantix-9812630-0 download attempt (malware-other.rules) * 1:56766 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Shiz-9814645-0 download attempt (malware-other.rules) * 1:56769 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules) * 1:56768 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Supernova Webshell Command and Control attempt (malware-cnc.rules) * 1:56767 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Shiz-9814645-0 download attempt (malware-other.rules) * 1:56770 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Qbot outbound connection attempt (malware-cnc.rules) * 1:56773 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Qbot variant download attempt (malware-other.rules) * 1:56772 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Qbot variant download attempt (malware-other.rules) * 1:56771 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Qbot outbound connection attempt (malware-cnc.rules) * 1:56774 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Qbot variant download attempt (malware-other.rules) * 1:56777 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Gamarue-9811452-0 download attempt (malware-other.rules) * 1:56776 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Gamarue-9811452-0 download attempt (malware-other.rules) * 1:56775 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Qbot variant download attempt (malware-other.rules) * 1:56778 <-> DISABLED <-> SERVER-WEBAPP ARRIS VAP2500 list_mac_address cmb_macaddrfilter command injection attempt (server-webapp.rules) * 1:56781 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Cerber-9815517-0 download attempt (malware-other.rules) * 1:56780 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Cerber-9815517-0 download attempt (malware-other.rules) * 1:56779 <-> DISABLED <-> SERVER-WEBAPP ARRIS VAP2500 list_mac_address cmb_macaddrfilter command injection attempt (server-webapp.rules) * 1:56782 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Bunitu-9815611-0 download attempt (malware-other.rules) * 1:56785 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules) * 1:56784 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules) * 1:56783 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Bunitu-9815611-0 download attempt (malware-other.rules) * 1:56730 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Fareit-9810681-0 download attempt (malware-other.rules) * 1:56731 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Fareit-9810681-0 download attempt (malware-other.rules) * 1:56796 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules) * 1:56788 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules)
* 1:16048 <-> DISABLED <-> SERVER-OTHER Microsoft ASP.NET application folder info disclosure attempt (server-other.rules) * 1:29592 <-> DISABLED <-> SERVER-APACHE Apache Struts wildcard matching OGNL remote code execution attempt (server-apache.rules) * 1:41816 <-> DISABLED <-> POLICY-OTHER ElasticSearch cluster health access detected (policy-other.rules) * 1:47690 <-> ENABLED <-> SERVER-APACHE Apache Struts java.lang.ProcessBuilder class access attempt (server-apache.rules) * 1:56581 <-> DISABLED <-> MALWARE-TOOLS GhostPack Rubeus kerberos request attempt (malware-tools.rules) * 1:56582 <-> DISABLED <-> MALWARE-TOOLS GhostPack Rubeus kerberos request attempt (malware-tools.rules) * 3:47722 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2018-0670 attack attempt (file-other.rules) * 3:47721 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2018-0670 attack attempt (file-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091300.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:56798 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules) * 1:56786 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules) * 1:56787 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules) * 1:56794 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules) * 1:56789 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules) * 1:56800 <-> DISABLED <-> SERVER-WEBAPP LifeRay arbitrary Java object deserialization attempt (server-webapp.rules) * 1:56732 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zeroaccess-9811539-0 download attempt (malware-other.rules) * 1:56733 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zeroaccess-9811539-0 download attempt (malware-other.rules) * 1:56734 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Pcclient-9811524-0 download attempt (malware-other.rules) * 1:56735 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Pcclient-9811524-0 download attempt (malware-other.rules) * 1:56736 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generic-9812011-0 download attempt (malware-other.rules) * 1:56737 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generic-9812011-0 download attempt (malware-other.rules) * 1:56738 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generickdz-9812035-0 download attempt (malware-other.rules) * 1:56739 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generickdz-9812035-0 download attempt (malware-other.rules) * 1:56740 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generickdz-9812036-0 download attempt (malware-other.rules) * 1:56741 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generickdz-9812036-0 download attempt (malware-other.rules) * 1:56742 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generickdz-9812037-0 download attempt (malware-other.rules) * 1:56743 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generickdz-9812037-0 download attempt (malware-other.rules) * 1:56744 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Cerbu-9811987-0 download attempt (malware-other.rules) * 1:56745 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Cerbu-9811987-0 download attempt (malware-other.rules) * 1:56746 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ulise-9811997-0 download attempt (malware-other.rules) * 1:56747 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ulise-9811997-0 download attempt (malware-other.rules) * 1:56748 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generickdz-9812114-0 download attempt (malware-other.rules) * 1:56749 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generickdz-9812114-0 download attempt (malware-other.rules) * 1:56750 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generickdz-9812058-0 download attempt (malware-other.rules) * 1:56751 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generickdz-9812058-0 download attempt (malware-other.rules) * 1:56752 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ulise-9812070-0 download attempt (malware-other.rules) * 1:56753 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ulise-9812070-0 download attempt (malware-other.rules) * 1:56754 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generickdz-9812083-0 download attempt (malware-other.rules) * 1:56755 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generickdz-9812083-0 download attempt (malware-other.rules) * 1:56756 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zusy-9812442-0 download attempt (malware-other.rules) * 1:56757 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zusy-9812442-0 download attempt (malware-other.rules) * 1:56758 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Ceeinject-9812597-0 download attempt (malware-other.rules) * 1:56759 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Ceeinject-9812597-0 download attempt (malware-other.rules) * 1:56797 <-> DISABLED <-> DELETED MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (deleted.rules) * 1:56790 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules) * 1:56788 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules) * 1:56791 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules) * 1:56802 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-9815697-0 download attempt (malware-other.rules) * 1:56803 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-9815697-0 download attempt (malware-other.rules) * 1:56760 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Mikey-9812612-0 download attempt (malware-other.rules) * 1:56761 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Mikey-9812612-0 download attempt (malware-other.rules) * 1:56762 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Upantix-9812630-0 download attempt (malware-other.rules) * 1:56763 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Upantix-9812630-0 download attempt (malware-other.rules) * 1:56764 <-> DISABLED <-> MALWARE-OTHER Win.Malware.3400da6c-9812978-0 download attempt (malware-other.rules) * 1:56765 <-> DISABLED <-> MALWARE-OTHER Win.Malware.3400da6c-9812978-0 download attempt (malware-other.rules) * 1:56766 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Shiz-9814645-0 download attempt (malware-other.rules) * 1:56767 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Shiz-9814645-0 download attempt (malware-other.rules) * 1:56768 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Supernova Webshell Command and Control attempt (malware-cnc.rules) * 1:56769 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules) * 1:56770 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Qbot outbound connection attempt (malware-cnc.rules) * 1:56771 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Qbot outbound connection attempt (malware-cnc.rules) * 1:56772 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Qbot variant download attempt (malware-other.rules) * 1:56773 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Qbot variant download attempt (malware-other.rules) * 1:56774 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Qbot variant download attempt (malware-other.rules) * 1:56775 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Qbot variant download attempt (malware-other.rules) * 1:56776 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Gamarue-9811452-0 download attempt (malware-other.rules) * 1:56777 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Gamarue-9811452-0 download attempt (malware-other.rules) * 1:56778 <-> DISABLED <-> SERVER-WEBAPP ARRIS VAP2500 list_mac_address cmb_macaddrfilter command injection attempt (server-webapp.rules) * 1:56779 <-> DISABLED <-> SERVER-WEBAPP ARRIS VAP2500 list_mac_address cmb_macaddrfilter command injection attempt (server-webapp.rules) * 1:56780 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Cerber-9815517-0 download attempt (malware-other.rules) * 1:56781 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Cerber-9815517-0 download attempt (malware-other.rules) * 1:56782 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Bunitu-9815611-0 download attempt (malware-other.rules) * 1:56783 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Bunitu-9815611-0 download attempt (malware-other.rules) * 1:56784 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules) * 1:56785 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules) * 1:56795 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules) * 1:56796 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules) * 1:56730 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Fareit-9810681-0 download attempt (malware-other.rules) * 1:56731 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Fareit-9810681-0 download attempt (malware-other.rules) * 1:56793 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules) * 1:56792 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules) * 1:56801 <-> DISABLED <-> SERVER-WEBAPP LifeRay arbitrary Java object deserialization attempt (server-webapp.rules) * 1:56799 <-> DISABLED <-> SERVER-WEBAPP LifeRay arbitrary Java object deserialization attempt (server-webapp.rules)
* 1:16048 <-> DISABLED <-> SERVER-OTHER Microsoft ASP.NET application folder info disclosure attempt (server-other.rules) * 1:29592 <-> DISABLED <-> SERVER-APACHE Apache Struts wildcard matching OGNL remote code execution attempt (server-apache.rules) * 1:41816 <-> DISABLED <-> POLICY-OTHER ElasticSearch cluster health access detected (policy-other.rules) * 1:47690 <-> ENABLED <-> SERVER-APACHE Apache Struts java.lang.ProcessBuilder class access attempt (server-apache.rules) * 1:56581 <-> DISABLED <-> MALWARE-TOOLS GhostPack Rubeus kerberos request attempt (malware-tools.rules) * 1:56582 <-> DISABLED <-> MALWARE-TOOLS GhostPack Rubeus kerberos request attempt (malware-tools.rules) * 3:47721 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2018-0670 attack attempt (file-other.rules) * 3:47722 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2018-0670 attack attempt (file-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091101.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:56746 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ulise-9811997-0 download attempt (malware-other.rules) * 1:56798 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules) * 1:56790 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules) * 1:56730 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Fareit-9810681-0 download attempt (malware-other.rules) * 1:56731 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Fareit-9810681-0 download attempt (malware-other.rules) * 1:56800 <-> DISABLED <-> SERVER-WEBAPP LifeRay arbitrary Java object deserialization attempt (server-webapp.rules) * 1:56794 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules) * 1:56732 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zeroaccess-9811539-0 download attempt (malware-other.rules) * 1:56733 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zeroaccess-9811539-0 download attempt (malware-other.rules) * 1:56734 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Pcclient-9811524-0 download attempt (malware-other.rules) * 1:56735 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Pcclient-9811524-0 download attempt (malware-other.rules) * 1:56736 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generic-9812011-0 download attempt (malware-other.rules) * 1:56737 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generic-9812011-0 download attempt (malware-other.rules) * 1:56738 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generickdz-9812035-0 download attempt (malware-other.rules) * 1:56739 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generickdz-9812035-0 download attempt (malware-other.rules) * 1:56740 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generickdz-9812036-0 download attempt (malware-other.rules) * 1:56741 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generickdz-9812036-0 download attempt (malware-other.rules) * 1:56742 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generickdz-9812037-0 download attempt (malware-other.rules) * 1:56743 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generickdz-9812037-0 download attempt (malware-other.rules) * 1:56775 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Qbot variant download attempt (malware-other.rules) * 1:56786 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules) * 1:56776 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Gamarue-9811452-0 download attempt (malware-other.rules) * 1:56796 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules) * 1:56803 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-9815697-0 download attempt (malware-other.rules) * 1:56787 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules) * 1:56802 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-9815697-0 download attempt (malware-other.rules) * 1:56801 <-> DISABLED <-> SERVER-WEBAPP LifeRay arbitrary Java object deserialization attempt (server-webapp.rules) * 1:56789 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules) * 1:56792 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules) * 1:56745 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Cerbu-9811987-0 download attempt (malware-other.rules) * 1:56744 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Cerbu-9811987-0 download attempt (malware-other.rules) * 1:56747 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ulise-9811997-0 download attempt (malware-other.rules) * 1:56748 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generickdz-9812114-0 download attempt (malware-other.rules) * 1:56749 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generickdz-9812114-0 download attempt (malware-other.rules) * 1:56750 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generickdz-9812058-0 download attempt (malware-other.rules) * 1:56751 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generickdz-9812058-0 download attempt (malware-other.rules) * 1:56752 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ulise-9812070-0 download attempt (malware-other.rules) * 1:56753 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ulise-9812070-0 download attempt (malware-other.rules) * 1:56754 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generickdz-9812083-0 download attempt (malware-other.rules) * 1:56755 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generickdz-9812083-0 download attempt (malware-other.rules) * 1:56756 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zusy-9812442-0 download attempt (malware-other.rules) * 1:56757 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zusy-9812442-0 download attempt (malware-other.rules) * 1:56758 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Ceeinject-9812597-0 download attempt (malware-other.rules) * 1:56759 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Ceeinject-9812597-0 download attempt (malware-other.rules) * 1:56760 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Mikey-9812612-0 download attempt (malware-other.rules) * 1:56761 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Mikey-9812612-0 download attempt (malware-other.rules) * 1:56762 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Upantix-9812630-0 download attempt (malware-other.rules) * 1:56763 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Upantix-9812630-0 download attempt (malware-other.rules) * 1:56764 <-> DISABLED <-> MALWARE-OTHER Win.Malware.3400da6c-9812978-0 download attempt (malware-other.rules) * 1:56765 <-> DISABLED <-> MALWARE-OTHER Win.Malware.3400da6c-9812978-0 download attempt (malware-other.rules) * 1:56766 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Shiz-9814645-0 download attempt (malware-other.rules) * 1:56767 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Shiz-9814645-0 download attempt (malware-other.rules) * 1:56768 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Supernova Webshell Command and Control attempt (malware-cnc.rules) * 1:56769 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules) * 1:56770 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Qbot outbound connection attempt (malware-cnc.rules) * 1:56771 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Qbot outbound connection attempt (malware-cnc.rules) * 1:56772 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Qbot variant download attempt (malware-other.rules) * 1:56773 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Qbot variant download attempt (malware-other.rules) * 1:56774 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Qbot variant download attempt (malware-other.rules) * 1:56777 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Gamarue-9811452-0 download attempt (malware-other.rules) * 1:56778 <-> DISABLED <-> SERVER-WEBAPP ARRIS VAP2500 list_mac_address cmb_macaddrfilter command injection attempt (server-webapp.rules) * 1:56779 <-> DISABLED <-> SERVER-WEBAPP ARRIS VAP2500 list_mac_address cmb_macaddrfilter command injection attempt (server-webapp.rules) * 1:56781 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Cerber-9815517-0 download attempt (malware-other.rules) * 1:56780 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Cerber-9815517-0 download attempt (malware-other.rules) * 1:56782 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Bunitu-9815611-0 download attempt (malware-other.rules) * 1:56783 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Bunitu-9815611-0 download attempt (malware-other.rules) * 1:56784 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules) * 1:56785 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules) * 1:56788 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules) * 1:56799 <-> DISABLED <-> SERVER-WEBAPP LifeRay arbitrary Java object deserialization attempt (server-webapp.rules) * 1:56793 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules) * 1:56791 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules) * 1:56795 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules) * 1:56797 <-> DISABLED <-> DELETED MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (deleted.rules)
* 1:47690 <-> ENABLED <-> SERVER-APACHE Apache Struts java.lang.ProcessBuilder class access attempt (server-apache.rules) * 1:56581 <-> DISABLED <-> MALWARE-TOOLS GhostPack Rubeus kerberos request attempt (malware-tools.rules) * 1:41816 <-> DISABLED <-> POLICY-OTHER ElasticSearch cluster health access detected (policy-other.rules) * 1:56582 <-> DISABLED <-> MALWARE-TOOLS GhostPack Rubeus kerberos request attempt (malware-tools.rules) * 1:16048 <-> DISABLED <-> SERVER-OTHER Microsoft ASP.NET application folder info disclosure attempt (server-other.rules) * 1:29592 <-> DISABLED <-> SERVER-APACHE Apache Struts wildcard matching OGNL remote code execution attempt (server-apache.rules) * 3:47721 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2018-0670 attack attempt (file-other.rules) * 3:47722 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2018-0670 attack attempt (file-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3000.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:56799 <-> DISABLED <-> SERVER-WEBAPP LifeRay arbitrary Java object deserialization attempt (snort3-server-webapp.rules) * 1:56795 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (snort3-malware-cnc.rules) * 1:56790 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (snort3-malware-cnc.rules) * 1:56788 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (snort3-malware-cnc.rules) * 1:56787 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (snort3-malware-cnc.rules) * 1:56793 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (snort3-malware-cnc.rules) * 1:56778 <-> DISABLED <-> SERVER-WEBAPP ARRIS VAP2500 list_mac_address cmb_macaddrfilter command injection attempt (snort3-server-webapp.rules) * 1:56800 <-> DISABLED <-> SERVER-WEBAPP LifeRay arbitrary Java object deserialization attempt (snort3-server-webapp.rules) * 1:56789 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (snort3-malware-cnc.rules) * 1:56797 <-> DISABLED <-> DELETED MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (snort3-deleted.rules) * 1:56732 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zeroaccess-9811539-0 download attempt (snort3-malware-other.rules) * 1:56777 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Gamarue-9811452-0 download attempt (snort3-malware-other.rules) * 1:56796 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (snort3-malware-cnc.rules) * 1:56792 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (snort3-malware-cnc.rules) * 1:56781 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Cerber-9815517-0 download attempt (snort3-malware-other.rules) * 1:56780 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Cerber-9815517-0 download attempt (snort3-malware-other.rules) * 1:56779 <-> DISABLED <-> SERVER-WEBAPP ARRIS VAP2500 list_mac_address cmb_macaddrfilter command injection attempt (snort3-server-webapp.rules) * 1:56782 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Bunitu-9815611-0 download attempt (snort3-malware-other.rules) * 1:56783 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Bunitu-9815611-0 download attempt (snort3-malware-other.rules) * 1:56784 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (snort3-malware-cnc.rules) * 1:56785 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (snort3-malware-cnc.rules) * 1:56802 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-9815697-0 download attempt (snort3-malware-other.rules) * 1:56786 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (snort3-malware-cnc.rules) * 1:56803 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-9815697-0 download attempt (snort3-malware-other.rules) * 1:56733 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zeroaccess-9811539-0 download attempt (snort3-malware-other.rules) * 1:56734 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Pcclient-9811524-0 download attempt (snort3-malware-other.rules) * 1:56735 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Pcclient-9811524-0 download attempt (snort3-malware-other.rules) * 1:56736 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generic-9812011-0 download attempt (snort3-malware-other.rules) * 1:56737 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generic-9812011-0 download attempt (snort3-malware-other.rules) * 1:56738 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generickdz-9812035-0 download attempt (snort3-malware-other.rules) * 1:56739 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generickdz-9812035-0 download attempt (snort3-malware-other.rules) * 1:56740 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generickdz-9812036-0 download attempt (snort3-malware-other.rules) * 1:56741 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generickdz-9812036-0 download attempt (snort3-malware-other.rules) * 1:56742 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generickdz-9812037-0 download attempt (snort3-malware-other.rules) * 1:56743 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generickdz-9812037-0 download attempt (snort3-malware-other.rules) * 1:56744 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Cerbu-9811987-0 download attempt (snort3-malware-other.rules) * 1:56745 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Cerbu-9811987-0 download attempt (snort3-malware-other.rules) * 1:56746 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ulise-9811997-0 download attempt (snort3-malware-other.rules) * 1:56747 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ulise-9811997-0 download attempt (snort3-malware-other.rules) * 1:56748 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generickdz-9812114-0 download attempt (snort3-malware-other.rules) * 1:56749 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generickdz-9812114-0 download attempt (snort3-malware-other.rules) * 1:56750 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generickdz-9812058-0 download attempt (snort3-malware-other.rules) * 1:56751 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generickdz-9812058-0 download attempt (snort3-malware-other.rules) * 1:56752 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ulise-9812070-0 download attempt (snort3-malware-other.rules) * 1:56753 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ulise-9812070-0 download attempt (snort3-malware-other.rules) * 1:56754 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generickdz-9812083-0 download attempt (snort3-malware-other.rules) * 1:56755 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generickdz-9812083-0 download attempt (snort3-malware-other.rules) * 1:56756 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zusy-9812442-0 download attempt (snort3-malware-other.rules) * 1:56757 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zusy-9812442-0 download attempt (snort3-malware-other.rules) * 1:56758 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Ceeinject-9812597-0 download attempt (snort3-malware-other.rules) * 1:56759 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Ceeinject-9812597-0 download attempt (snort3-malware-other.rules) * 1:56760 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Mikey-9812612-0 download attempt (snort3-malware-other.rules) * 1:56761 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Mikey-9812612-0 download attempt (snort3-malware-other.rules) * 1:56762 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Upantix-9812630-0 download attempt (snort3-malware-other.rules) * 1:56763 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Upantix-9812630-0 download attempt (snort3-malware-other.rules) * 1:56764 <-> DISABLED <-> MALWARE-OTHER Win.Malware.3400da6c-9812978-0 download attempt (snort3-malware-other.rules) * 1:56765 <-> DISABLED <-> MALWARE-OTHER Win.Malware.3400da6c-9812978-0 download attempt (snort3-malware-other.rules) * 1:56766 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Shiz-9814645-0 download attempt (snort3-malware-other.rules) * 1:56767 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Shiz-9814645-0 download attempt (snort3-malware-other.rules) * 1:56768 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Supernova Webshell Command and Control attempt (snort3-malware-cnc.rules) * 1:56769 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (snort3-malware-cnc.rules) * 1:56770 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Qbot outbound connection attempt (snort3-malware-cnc.rules) * 1:56771 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Qbot outbound connection attempt (snort3-malware-cnc.rules) * 1:56772 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Qbot variant download attempt (snort3-malware-other.rules) * 1:56773 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Qbot variant download attempt (snort3-malware-other.rules) * 1:56774 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Qbot variant download attempt (snort3-malware-other.rules) * 1:56775 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Qbot variant download attempt (snort3-malware-other.rules) * 1:56791 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (snort3-malware-cnc.rules) * 1:56731 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Fareit-9810681-0 download attempt (snort3-malware-other.rules) * 1:56730 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Fareit-9810681-0 download attempt (snort3-malware-other.rules) * 1:56794 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (snort3-malware-cnc.rules) * 1:56801 <-> DISABLED <-> SERVER-WEBAPP LifeRay arbitrary Java object deserialization attempt (snort3-server-webapp.rules) * 1:56798 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (snort3-malware-cnc.rules) * 1:56776 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Gamarue-9811452-0 download attempt (snort3-malware-other.rules)
* 1:16048 <-> DISABLED <-> SERVER-OTHER Microsoft ASP.NET application folder info disclosure attempt (snort3-server-other.rules) * 1:29592 <-> DISABLED <-> SERVER-APACHE Apache Struts wildcard matching OGNL remote code execution attempt (snort3-server-apache.rules) * 1:41816 <-> DISABLED <-> POLICY-OTHER ElasticSearch cluster health access detected (snort3-policy-other.rules) * 1:47690 <-> ENABLED <-> SERVER-APACHE Apache Struts java.lang.ProcessBuilder class access attempt (snort3-server-apache.rules) * 1:56581 <-> DISABLED <-> MALWARE-TOOLS GhostPack Rubeus kerberos request attempt (snort3-malware-tools.rules) * 1:56582 <-> DISABLED <-> MALWARE-TOOLS GhostPack Rubeus kerberos request attempt (snort3-malware-tools.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:56798 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules) * 1:56792 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules) * 1:56786 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules) * 1:56787 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules) * 1:56799 <-> DISABLED <-> SERVER-WEBAPP LifeRay arbitrary Java object deserialization attempt (server-webapp.rules) * 1:56784 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules) * 1:56788 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules) * 1:56797 <-> DISABLED <-> DELETED MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (deleted.rules) * 1:56790 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules) * 1:56789 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules) * 1:56785 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules) * 1:56731 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Fareit-9810681-0 download attempt (malware-other.rules) * 1:56732 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zeroaccess-9811539-0 download attempt (malware-other.rules) * 1:56733 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zeroaccess-9811539-0 download attempt (malware-other.rules) * 1:56734 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Pcclient-9811524-0 download attempt (malware-other.rules) * 1:56735 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Pcclient-9811524-0 download attempt (malware-other.rules) * 1:56794 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules) * 1:56793 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules) * 1:56736 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generic-9812011-0 download attempt (malware-other.rules) * 1:56737 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generic-9812011-0 download attempt (malware-other.rules) * 1:56738 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generickdz-9812035-0 download attempt (malware-other.rules) * 1:56739 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generickdz-9812035-0 download attempt (malware-other.rules) * 1:56802 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-9815697-0 download attempt (malware-other.rules) * 1:56740 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generickdz-9812036-0 download attempt (malware-other.rules) * 1:56800 <-> DISABLED <-> SERVER-WEBAPP LifeRay arbitrary Java object deserialization attempt (server-webapp.rules) * 1:56741 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generickdz-9812036-0 download attempt (malware-other.rules) * 1:56742 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generickdz-9812037-0 download attempt (malware-other.rules) * 1:56801 <-> DISABLED <-> SERVER-WEBAPP LifeRay arbitrary Java object deserialization attempt (server-webapp.rules) * 1:56743 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generickdz-9812037-0 download attempt (malware-other.rules) * 1:56744 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Cerbu-9811987-0 download attempt (malware-other.rules) * 1:56803 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-9815697-0 download attempt (malware-other.rules) * 1:56745 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Cerbu-9811987-0 download attempt (malware-other.rules) * 1:56746 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ulise-9811997-0 download attempt (malware-other.rules) * 1:56747 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ulise-9811997-0 download attempt (malware-other.rules) * 1:56748 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generickdz-9812114-0 download attempt (malware-other.rules) * 1:56749 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generickdz-9812114-0 download attempt (malware-other.rules) * 1:56750 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generickdz-9812058-0 download attempt (malware-other.rules) * 1:56751 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generickdz-9812058-0 download attempt (malware-other.rules) * 1:56752 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ulise-9812070-0 download attempt (malware-other.rules) * 1:56753 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ulise-9812070-0 download attempt (malware-other.rules) * 1:56754 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generickdz-9812083-0 download attempt (malware-other.rules) * 1:56755 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generickdz-9812083-0 download attempt (malware-other.rules) * 1:56756 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zusy-9812442-0 download attempt (malware-other.rules) * 1:56757 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zusy-9812442-0 download attempt (malware-other.rules) * 1:56758 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Ceeinject-9812597-0 download attempt (malware-other.rules) * 1:56759 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Ceeinject-9812597-0 download attempt (malware-other.rules) * 1:56760 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Mikey-9812612-0 download attempt (malware-other.rules) * 1:56761 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Mikey-9812612-0 download attempt (malware-other.rules) * 1:56762 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Upantix-9812630-0 download attempt (malware-other.rules) * 1:56763 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Upantix-9812630-0 download attempt (malware-other.rules) * 1:56764 <-> DISABLED <-> MALWARE-OTHER Win.Malware.3400da6c-9812978-0 download attempt (malware-other.rules) * 1:56765 <-> DISABLED <-> MALWARE-OTHER Win.Malware.3400da6c-9812978-0 download attempt (malware-other.rules) * 1:56766 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Shiz-9814645-0 download attempt (malware-other.rules) * 1:56767 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Shiz-9814645-0 download attempt (malware-other.rules) * 1:56768 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Supernova Webshell Command and Control attempt (malware-cnc.rules) * 1:56769 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules) * 1:56770 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Qbot outbound connection attempt (malware-cnc.rules) * 1:56771 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Qbot outbound connection attempt (malware-cnc.rules) * 1:56772 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Qbot variant download attempt (malware-other.rules) * 1:56773 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Qbot variant download attempt (malware-other.rules) * 1:56774 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Qbot variant download attempt (malware-other.rules) * 1:56775 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Qbot variant download attempt (malware-other.rules) * 1:56776 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Gamarue-9811452-0 download attempt (malware-other.rules) * 1:56777 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Gamarue-9811452-0 download attempt (malware-other.rules) * 1:56778 <-> DISABLED <-> SERVER-WEBAPP ARRIS VAP2500 list_mac_address cmb_macaddrfilter command injection attempt (server-webapp.rules) * 1:56730 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Fareit-9810681-0 download attempt (malware-other.rules) * 1:56795 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules) * 1:56779 <-> DISABLED <-> SERVER-WEBAPP ARRIS VAP2500 list_mac_address cmb_macaddrfilter command injection attempt (server-webapp.rules) * 1:56791 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules) * 1:56796 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules) * 1:56780 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Cerber-9815517-0 download attempt (malware-other.rules) * 1:56781 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Cerber-9815517-0 download attempt (malware-other.rules) * 1:56782 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Bunitu-9815611-0 download attempt (malware-other.rules) * 1:56783 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Bunitu-9815611-0 download attempt (malware-other.rules)
* 1:16048 <-> DISABLED <-> SERVER-OTHER Microsoft ASP.NET application folder info disclosure attempt (server-other.rules) * 1:56582 <-> DISABLED <-> MALWARE-TOOLS GhostPack Rubeus kerberos request attempt (malware-tools.rules) * 1:41816 <-> DISABLED <-> POLICY-OTHER ElasticSearch cluster health access detected (policy-other.rules) * 1:47690 <-> ENABLED <-> SERVER-APACHE Apache Struts java.lang.ProcessBuilder class access attempt (server-apache.rules) * 1:29592 <-> DISABLED <-> SERVER-APACHE Apache Struts wildcard matching OGNL remote code execution attempt (server-apache.rules) * 1:56581 <-> DISABLED <-> MALWARE-TOOLS GhostPack Rubeus kerberos request attempt (malware-tools.rules) * 3:47722 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2018-0670 attack attempt (file-other.rules) * 3:47721 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2018-0670 attack attempt (file-other.rules)
©2024 Cisco and/or its affiliates. Snort, the Snort and Pig logo are registered trademarks of Cisco. All rights reserved.
