Talos has added and modified multiple rules in the browser-webkit, exploit-kit, malware-cnc, malware-other and server-webapp rule sets to provide coverage for emerging threats from these technologies.
For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091700.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:57019 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generickdz-9825913-0 download attempt (malware-other.rules) * 1:57020 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generickdz-9825913-0 download attempt (malware-other.rules) * 1:57021 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ceyc-9825747-0 download attempt (malware-other.rules) * 1:57022 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ceyc-9825747-0 download attempt (malware-other.rules) * 1:57023 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.RansomLock-9825921-0 download attempt (malware-other.rules) * 1:57024 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.RansomLock-9825921-0 download attempt (malware-other.rules) * 1:57025 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Urausy-9825941-0 download attempt (malware-other.rules) * 1:57026 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Urausy-9825941-0 download attempt (malware-other.rules) * 1:57027 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Fugrafa-9826021-0 download attempt (malware-other.rules) * 1:57028 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Fugrafa-9826021-0 download attempt (malware-other.rules) * 1:57029 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Lockscreen-9826040-0 download attempt (malware-other.rules) * 1:57030 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Lockscreen-9826040-0 download attempt (malware-other.rules) * 1:57031 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zbot-9826061-0 download attempt (malware-other.rules) * 1:57032 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zbot-9826061-0 download attempt (malware-other.rules) * 1:57033 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Urausy-9826539-0 download attempt (malware-other.rules) * 1:57034 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Urausy-9826539-0 download attempt (malware-other.rules) * 1:57035 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Urausy-9826537-0 download attempt (malware-other.rules) * 1:57036 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Urausy-9826537-0 download attempt (malware-other.rules) * 1:57037 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Generickdz-9826546-0 download attempt (malware-other.rules) * 1:57038 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Generickdz-9826546-0 download attempt (malware-other.rules) * 1:57039 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Karagany-9826730-0 download attempt (malware-other.rules) * 1:57040 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Karagany-9826730-0 download attempt (malware-other.rules) * 1:57041 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Nymaim-9826797-0 download attempt (malware-other.rules) * 1:57042 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Nymaim-9826797-0 download attempt (malware-other.rules) * 1:57043 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Fugrafa-9826819-0 download attempt (malware-other.rules) * 1:57044 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Fugrafa-9826819-0 download attempt (malware-other.rules) * 1:57047 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Covicli variant download attempt (malware-cnc.rules) * 1:57048 <-> DISABLED <-> SERVER-WEBAPP SaltStack Salt API SSH Client command injection attempt (server-webapp.rules) * 1:57049 <-> DISABLED <-> SERVER-WEBAPP SaltStack Salt API SSH Client command injection attempt (server-webapp.rules) * 3:57045 <-> ENABLED <-> BROWSER-WEBKIT TRUFFLEHUNTER TALOS-2021-1229 attack attempt (browser-webkit.rules) * 3:57046 <-> ENABLED <-> BROWSER-WEBKIT TRUFFLEHUNTER TALOS-2021-1229 attack attempt (browser-webkit.rules)
* 1:40753 <-> ENABLED <-> EXPLOIT-KIT Rig exploit kit outbound communication (exploit-kit.rules) * 1:26784 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nivdort variant outbound connection (malware-cnc.rules) * 1:15941 <-> DISABLED <-> SERVER-OTHER Squid Proxy TRACE request remote DoS attempt (server-other.rules) * 1:25043 <-> ENABLED <-> EXPLOIT-KIT Blackholev2 exploit kit url structure detected (exploit-kit.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091601.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:57021 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ceyc-9825747-0 download attempt (malware-other.rules) * 1:57049 <-> DISABLED <-> SERVER-WEBAPP SaltStack Salt API SSH Client command injection attempt (server-webapp.rules) * 1:57020 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generickdz-9825913-0 download attempt (malware-other.rules) * 1:57025 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Urausy-9825941-0 download attempt (malware-other.rules) * 1:57041 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Nymaim-9826797-0 download attempt (malware-other.rules) * 1:57042 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Nymaim-9826797-0 download attempt (malware-other.rules) * 1:57019 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generickdz-9825913-0 download attempt (malware-other.rules) * 1:57022 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ceyc-9825747-0 download attempt (malware-other.rules) * 1:57023 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.RansomLock-9825921-0 download attempt (malware-other.rules) * 1:57024 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.RansomLock-9825921-0 download attempt (malware-other.rules) * 1:57026 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Urausy-9825941-0 download attempt (malware-other.rules) * 1:57027 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Fugrafa-9826021-0 download attempt (malware-other.rules) * 1:57028 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Fugrafa-9826021-0 download attempt (malware-other.rules) * 1:57029 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Lockscreen-9826040-0 download attempt (malware-other.rules) * 1:57030 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Lockscreen-9826040-0 download attempt (malware-other.rules) * 1:57031 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zbot-9826061-0 download attempt (malware-other.rules) * 1:57032 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zbot-9826061-0 download attempt (malware-other.rules) * 1:57033 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Urausy-9826539-0 download attempt (malware-other.rules) * 1:57034 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Urausy-9826539-0 download attempt (malware-other.rules) * 1:57035 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Urausy-9826537-0 download attempt (malware-other.rules) * 1:57036 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Urausy-9826537-0 download attempt (malware-other.rules) * 1:57037 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Generickdz-9826546-0 download attempt (malware-other.rules) * 1:57038 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Generickdz-9826546-0 download attempt (malware-other.rules) * 1:57039 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Karagany-9826730-0 download attempt (malware-other.rules) * 1:57040 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Karagany-9826730-0 download attempt (malware-other.rules) * 1:57043 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Fugrafa-9826819-0 download attempt (malware-other.rules) * 1:57044 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Fugrafa-9826819-0 download attempt (malware-other.rules) * 1:57047 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Covicli variant download attempt (malware-cnc.rules) * 1:57048 <-> DISABLED <-> SERVER-WEBAPP SaltStack Salt API SSH Client command injection attempt (server-webapp.rules) * 3:57045 <-> ENABLED <-> BROWSER-WEBKIT TRUFFLEHUNTER TALOS-2021-1229 attack attempt (browser-webkit.rules) * 3:57046 <-> ENABLED <-> BROWSER-WEBKIT TRUFFLEHUNTER TALOS-2021-1229 attack attempt (browser-webkit.rules)
* 1:25043 <-> ENABLED <-> EXPLOIT-KIT Blackholev2 exploit kit url structure detected (exploit-kit.rules) * 1:40753 <-> ENABLED <-> EXPLOIT-KIT Rig exploit kit outbound communication (exploit-kit.rules) * 1:26784 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nivdort variant outbound connection (malware-cnc.rules) * 1:15941 <-> DISABLED <-> SERVER-OTHER Squid Proxy TRACE request remote DoS attempt (server-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091600.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:57025 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Urausy-9825941-0 download attempt (malware-other.rules) * 1:57043 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Fugrafa-9826819-0 download attempt (malware-other.rules) * 1:57030 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Lockscreen-9826040-0 download attempt (malware-other.rules) * 1:57032 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zbot-9826061-0 download attempt (malware-other.rules) * 1:57031 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zbot-9826061-0 download attempt (malware-other.rules) * 1:57034 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Urausy-9826539-0 download attempt (malware-other.rules) * 1:57033 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Urausy-9826539-0 download attempt (malware-other.rules) * 1:57035 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Urausy-9826537-0 download attempt (malware-other.rules) * 1:57036 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Urausy-9826537-0 download attempt (malware-other.rules) * 1:57038 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Generickdz-9826546-0 download attempt (malware-other.rules) * 1:57037 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Generickdz-9826546-0 download attempt (malware-other.rules) * 1:57040 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Karagany-9826730-0 download attempt (malware-other.rules) * 1:57039 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Karagany-9826730-0 download attempt (malware-other.rules) * 1:57042 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Nymaim-9826797-0 download attempt (malware-other.rules) * 1:57041 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Nymaim-9826797-0 download attempt (malware-other.rules) * 1:57021 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ceyc-9825747-0 download attempt (malware-other.rules) * 1:57029 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Lockscreen-9826040-0 download attempt (malware-other.rules) * 1:57044 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Fugrafa-9826819-0 download attempt (malware-other.rules) * 1:57047 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Covicli variant download attempt (malware-cnc.rules) * 1:57049 <-> DISABLED <-> SERVER-WEBAPP SaltStack Salt API SSH Client command injection attempt (server-webapp.rules) * 1:57023 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.RansomLock-9825921-0 download attempt (malware-other.rules) * 1:57024 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.RansomLock-9825921-0 download attempt (malware-other.rules) * 1:57048 <-> DISABLED <-> SERVER-WEBAPP SaltStack Salt API SSH Client command injection attempt (server-webapp.rules) * 1:57020 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generickdz-9825913-0 download attempt (malware-other.rules) * 1:57026 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Urausy-9825941-0 download attempt (malware-other.rules) * 1:57027 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Fugrafa-9826021-0 download attempt (malware-other.rules) * 1:57028 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Fugrafa-9826021-0 download attempt (malware-other.rules) * 1:57022 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ceyc-9825747-0 download attempt (malware-other.rules) * 1:57019 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generickdz-9825913-0 download attempt (malware-other.rules) * 3:57045 <-> ENABLED <-> BROWSER-WEBKIT TRUFFLEHUNTER TALOS-2021-1229 attack attempt (browser-webkit.rules) * 3:57046 <-> ENABLED <-> BROWSER-WEBKIT TRUFFLEHUNTER TALOS-2021-1229 attack attempt (browser-webkit.rules)
* 1:40753 <-> ENABLED <-> EXPLOIT-KIT Rig exploit kit outbound communication (exploit-kit.rules) * 1:26784 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nivdort variant outbound connection (malware-cnc.rules) * 1:25043 <-> ENABLED <-> EXPLOIT-KIT Blackholev2 exploit kit url structure detected (exploit-kit.rules) * 1:15941 <-> DISABLED <-> SERVER-OTHER Squid Proxy TRACE request remote DoS attempt (server-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091501.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:57048 <-> DISABLED <-> SERVER-WEBAPP SaltStack Salt API SSH Client command injection attempt (server-webapp.rules) * 1:57027 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Fugrafa-9826021-0 download attempt (malware-other.rules) * 1:57029 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Lockscreen-9826040-0 download attempt (malware-other.rules) * 1:57028 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Fugrafa-9826021-0 download attempt (malware-other.rules) * 1:57031 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zbot-9826061-0 download attempt (malware-other.rules) * 1:57033 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Urausy-9826539-0 download attempt (malware-other.rules) * 1:57032 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zbot-9826061-0 download attempt (malware-other.rules) * 1:57030 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Lockscreen-9826040-0 download attempt (malware-other.rules) * 1:57035 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Urausy-9826537-0 download attempt (malware-other.rules) * 1:57037 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Generickdz-9826546-0 download attempt (malware-other.rules) * 1:57036 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Urausy-9826537-0 download attempt (malware-other.rules) * 1:57039 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Karagany-9826730-0 download attempt (malware-other.rules) * 1:57034 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Urausy-9826539-0 download attempt (malware-other.rules) * 1:57041 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Nymaim-9826797-0 download attempt (malware-other.rules) * 1:57040 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Karagany-9826730-0 download attempt (malware-other.rules) * 1:57038 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Generickdz-9826546-0 download attempt (malware-other.rules) * 1:57021 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ceyc-9825747-0 download attempt (malware-other.rules) * 1:57023 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.RansomLock-9825921-0 download attempt (malware-other.rules) * 1:57024 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.RansomLock-9825921-0 download attempt (malware-other.rules) * 1:57025 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Urausy-9825941-0 download attempt (malware-other.rules) * 1:57019 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generickdz-9825913-0 download attempt (malware-other.rules) * 1:57020 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generickdz-9825913-0 download attempt (malware-other.rules) * 1:57026 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Urausy-9825941-0 download attempt (malware-other.rules) * 1:57042 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Nymaim-9826797-0 download attempt (malware-other.rules) * 1:57022 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ceyc-9825747-0 download attempt (malware-other.rules) * 1:57044 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Fugrafa-9826819-0 download attempt (malware-other.rules) * 1:57043 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Fugrafa-9826819-0 download attempt (malware-other.rules) * 1:57047 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Covicli variant download attempt (malware-cnc.rules) * 1:57049 <-> DISABLED <-> SERVER-WEBAPP SaltStack Salt API SSH Client command injection attempt (server-webapp.rules) * 3:57045 <-> ENABLED <-> BROWSER-WEBKIT TRUFFLEHUNTER TALOS-2021-1229 attack attempt (browser-webkit.rules) * 3:57046 <-> ENABLED <-> BROWSER-WEBKIT TRUFFLEHUNTER TALOS-2021-1229 attack attempt (browser-webkit.rules)
* 1:40753 <-> ENABLED <-> EXPLOIT-KIT Rig exploit kit outbound communication (exploit-kit.rules) * 1:26784 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nivdort variant outbound connection (malware-cnc.rules) * 1:15941 <-> DISABLED <-> SERVER-OTHER Squid Proxy TRACE request remote DoS attempt (server-other.rules) * 1:25043 <-> ENABLED <-> EXPLOIT-KIT Blackholev2 exploit kit url structure detected (exploit-kit.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091500.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:57028 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Fugrafa-9826021-0 download attempt (malware-other.rules) * 1:57027 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Fugrafa-9826021-0 download attempt (malware-other.rules) * 1:57029 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Lockscreen-9826040-0 download attempt (malware-other.rules) * 1:57032 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zbot-9826061-0 download attempt (malware-other.rules) * 1:57031 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zbot-9826061-0 download attempt (malware-other.rules) * 1:57033 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Urausy-9826539-0 download attempt (malware-other.rules) * 1:57036 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Urausy-9826537-0 download attempt (malware-other.rules) * 1:57035 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Urausy-9826537-0 download attempt (malware-other.rules) * 1:57037 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Generickdz-9826546-0 download attempt (malware-other.rules) * 1:57039 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Karagany-9826730-0 download attempt (malware-other.rules) * 1:57030 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Lockscreen-9826040-0 download attempt (malware-other.rules) * 1:57041 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Nymaim-9826797-0 download attempt (malware-other.rules) * 1:57040 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Karagany-9826730-0 download attempt (malware-other.rules) * 1:57034 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Urausy-9826539-0 download attempt (malware-other.rules) * 1:57038 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Generickdz-9826546-0 download attempt (malware-other.rules) * 1:57021 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ceyc-9825747-0 download attempt (malware-other.rules) * 1:57023 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.RansomLock-9825921-0 download attempt (malware-other.rules) * 1:57024 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.RansomLock-9825921-0 download attempt (malware-other.rules) * 1:57025 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Urausy-9825941-0 download attempt (malware-other.rules) * 1:57042 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Nymaim-9826797-0 download attempt (malware-other.rules) * 1:57022 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ceyc-9825747-0 download attempt (malware-other.rules) * 1:57049 <-> DISABLED <-> SERVER-WEBAPP SaltStack Salt API SSH Client command injection attempt (server-webapp.rules) * 1:57047 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Covicli variant download attempt (malware-cnc.rules) * 1:57026 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Urausy-9825941-0 download attempt (malware-other.rules) * 1:57044 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Fugrafa-9826819-0 download attempt (malware-other.rules) * 1:57048 <-> DISABLED <-> SERVER-WEBAPP SaltStack Salt API SSH Client command injection attempt (server-webapp.rules) * 1:57020 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generickdz-9825913-0 download attempt (malware-other.rules) * 1:57019 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generickdz-9825913-0 download attempt (malware-other.rules) * 1:57043 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Fugrafa-9826819-0 download attempt (malware-other.rules) * 3:57046 <-> ENABLED <-> BROWSER-WEBKIT TRUFFLEHUNTER TALOS-2021-1229 attack attempt (browser-webkit.rules) * 3:57045 <-> ENABLED <-> BROWSER-WEBKIT TRUFFLEHUNTER TALOS-2021-1229 attack attempt (browser-webkit.rules)
* 1:15941 <-> DISABLED <-> SERVER-OTHER Squid Proxy TRACE request remote DoS attempt (server-other.rules) * 1:25043 <-> ENABLED <-> EXPLOIT-KIT Blackholev2 exploit kit url structure detected (exploit-kit.rules) * 1:40753 <-> ENABLED <-> EXPLOIT-KIT Rig exploit kit outbound communication (exploit-kit.rules) * 1:26784 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nivdort variant outbound connection (malware-cnc.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091401.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:57030 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Lockscreen-9826040-0 download attempt (malware-other.rules) * 1:57034 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Urausy-9826539-0 download attempt (malware-other.rules) * 1:57022 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ceyc-9825747-0 download attempt (malware-other.rules) * 1:57039 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Karagany-9826730-0 download attempt (malware-other.rules) * 1:57027 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Fugrafa-9826021-0 download attempt (malware-other.rules) * 1:57047 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Covicli variant download attempt (malware-cnc.rules) * 1:57031 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zbot-9826061-0 download attempt (malware-other.rules) * 1:57049 <-> DISABLED <-> SERVER-WEBAPP SaltStack Salt API SSH Client command injection attempt (server-webapp.rules) * 1:57036 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Urausy-9826537-0 download attempt (malware-other.rules) * 1:57019 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generickdz-9825913-0 download attempt (malware-other.rules) * 1:57040 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Karagany-9826730-0 download attempt (malware-other.rules) * 1:57042 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Nymaim-9826797-0 download attempt (malware-other.rules) * 1:57033 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Urausy-9826539-0 download attempt (malware-other.rules) * 1:57037 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Generickdz-9826546-0 download attempt (malware-other.rules) * 1:57032 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zbot-9826061-0 download attempt (malware-other.rules) * 1:57035 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Urausy-9826537-0 download attempt (malware-other.rules) * 1:57025 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Urausy-9825941-0 download attempt (malware-other.rules) * 1:57020 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generickdz-9825913-0 download attempt (malware-other.rules) * 1:57026 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Urausy-9825941-0 download attempt (malware-other.rules) * 1:57038 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Generickdz-9826546-0 download attempt (malware-other.rules) * 1:57029 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Lockscreen-9826040-0 download attempt (malware-other.rules) * 1:57021 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ceyc-9825747-0 download attempt (malware-other.rules) * 1:57023 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.RansomLock-9825921-0 download attempt (malware-other.rules) * 1:57044 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Fugrafa-9826819-0 download attempt (malware-other.rules) * 1:57043 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Fugrafa-9826819-0 download attempt (malware-other.rules) * 1:57041 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Nymaim-9826797-0 download attempt (malware-other.rules) * 1:57048 <-> DISABLED <-> SERVER-WEBAPP SaltStack Salt API SSH Client command injection attempt (server-webapp.rules) * 1:57028 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Fugrafa-9826021-0 download attempt (malware-other.rules) * 1:57024 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.RansomLock-9825921-0 download attempt (malware-other.rules) * 3:57045 <-> ENABLED <-> BROWSER-WEBKIT TRUFFLEHUNTER TALOS-2021-1229 attack attempt (browser-webkit.rules) * 3:57046 <-> ENABLED <-> BROWSER-WEBKIT TRUFFLEHUNTER TALOS-2021-1229 attack attempt (browser-webkit.rules)
* 1:15941 <-> DISABLED <-> SERVER-OTHER Squid Proxy TRACE request remote DoS attempt (server-other.rules) * 1:25043 <-> ENABLED <-> EXPLOIT-KIT Blackholev2 exploit kit url structure detected (exploit-kit.rules) * 1:40753 <-> ENABLED <-> EXPLOIT-KIT Rig exploit kit outbound communication (exploit-kit.rules) * 1:26784 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nivdort variant outbound connection (malware-cnc.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091300.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:57022 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ceyc-9825747-0 download attempt (malware-other.rules) * 1:57047 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Covicli variant download attempt (malware-cnc.rules) * 1:57023 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.RansomLock-9825921-0 download attempt (malware-other.rules) * 1:57019 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generickdz-9825913-0 download attempt (malware-other.rules) * 1:57048 <-> DISABLED <-> SERVER-WEBAPP SaltStack Salt API SSH Client command injection attempt (server-webapp.rules) * 1:57021 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ceyc-9825747-0 download attempt (malware-other.rules) * 1:57043 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Fugrafa-9826819-0 download attempt (malware-other.rules) * 1:57044 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Fugrafa-9826819-0 download attempt (malware-other.rules) * 1:57025 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Urausy-9825941-0 download attempt (malware-other.rules) * 1:57028 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Fugrafa-9826021-0 download attempt (malware-other.rules) * 1:57029 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Lockscreen-9826040-0 download attempt (malware-other.rules) * 1:57026 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Urausy-9825941-0 download attempt (malware-other.rules) * 1:57030 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Lockscreen-9826040-0 download attempt (malware-other.rules) * 1:57031 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zbot-9826061-0 download attempt (malware-other.rules) * 1:57032 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zbot-9826061-0 download attempt (malware-other.rules) * 1:57024 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.RansomLock-9825921-0 download attempt (malware-other.rules) * 1:57033 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Urausy-9826539-0 download attempt (malware-other.rules) * 1:57034 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Urausy-9826539-0 download attempt (malware-other.rules) * 1:57035 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Urausy-9826537-0 download attempt (malware-other.rules) * 1:57036 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Urausy-9826537-0 download attempt (malware-other.rules) * 1:57037 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Generickdz-9826546-0 download attempt (malware-other.rules) * 1:57038 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Generickdz-9826546-0 download attempt (malware-other.rules) * 1:57020 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generickdz-9825913-0 download attempt (malware-other.rules) * 1:57039 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Karagany-9826730-0 download attempt (malware-other.rules) * 1:57040 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Karagany-9826730-0 download attempt (malware-other.rules) * 1:57041 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Nymaim-9826797-0 download attempt (malware-other.rules) * 1:57042 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Nymaim-9826797-0 download attempt (malware-other.rules) * 1:57049 <-> DISABLED <-> SERVER-WEBAPP SaltStack Salt API SSH Client command injection attempt (server-webapp.rules) * 1:57027 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Fugrafa-9826021-0 download attempt (malware-other.rules) * 3:57045 <-> ENABLED <-> BROWSER-WEBKIT TRUFFLEHUNTER TALOS-2021-1229 attack attempt (browser-webkit.rules) * 3:57046 <-> ENABLED <-> BROWSER-WEBKIT TRUFFLEHUNTER TALOS-2021-1229 attack attempt (browser-webkit.rules)
* 1:25043 <-> ENABLED <-> EXPLOIT-KIT Blackholev2 exploit kit url structure detected (exploit-kit.rules) * 1:40753 <-> ENABLED <-> EXPLOIT-KIT Rig exploit kit outbound communication (exploit-kit.rules) * 1:26784 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nivdort variant outbound connection (malware-cnc.rules) * 1:15941 <-> DISABLED <-> SERVER-OTHER Squid Proxy TRACE request remote DoS attempt (server-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091101.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:57048 <-> DISABLED <-> SERVER-WEBAPP SaltStack Salt API SSH Client command injection attempt (server-webapp.rules) * 1:57035 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Urausy-9826537-0 download attempt (malware-other.rules) * 1:57042 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Nymaim-9826797-0 download attempt (malware-other.rules) * 1:57019 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generickdz-9825913-0 download attempt (malware-other.rules) * 1:57027 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Fugrafa-9826021-0 download attempt (malware-other.rules) * 1:57030 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Lockscreen-9826040-0 download attempt (malware-other.rules) * 1:57029 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Lockscreen-9826040-0 download attempt (malware-other.rules) * 1:57032 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zbot-9826061-0 download attempt (malware-other.rules) * 1:57043 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Fugrafa-9826819-0 download attempt (malware-other.rules) * 1:57039 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Karagany-9826730-0 download attempt (malware-other.rules) * 1:57041 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Nymaim-9826797-0 download attempt (malware-other.rules) * 1:57028 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Fugrafa-9826021-0 download attempt (malware-other.rules) * 1:57044 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Fugrafa-9826819-0 download attempt (malware-other.rules) * 1:57025 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Urausy-9825941-0 download attempt (malware-other.rules) * 1:57022 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ceyc-9825747-0 download attempt (malware-other.rules) * 1:57040 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Karagany-9826730-0 download attempt (malware-other.rules) * 1:57020 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generickdz-9825913-0 download attempt (malware-other.rules) * 1:57038 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Generickdz-9826546-0 download attempt (malware-other.rules) * 1:57037 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Generickdz-9826546-0 download attempt (malware-other.rules) * 1:57033 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Urausy-9826539-0 download attempt (malware-other.rules) * 1:57021 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ceyc-9825747-0 download attempt (malware-other.rules) * 1:57026 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Urausy-9825941-0 download attempt (malware-other.rules) * 1:57031 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zbot-9826061-0 download attempt (malware-other.rules) * 1:57049 <-> DISABLED <-> SERVER-WEBAPP SaltStack Salt API SSH Client command injection attempt (server-webapp.rules) * 1:57036 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Urausy-9826537-0 download attempt (malware-other.rules) * 1:57024 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.RansomLock-9825921-0 download attempt (malware-other.rules) * 1:57023 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.RansomLock-9825921-0 download attempt (malware-other.rules) * 1:57034 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Urausy-9826539-0 download attempt (malware-other.rules) * 1:57047 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Covicli variant download attempt (malware-cnc.rules) * 3:57046 <-> ENABLED <-> BROWSER-WEBKIT TRUFFLEHUNTER TALOS-2021-1229 attack attempt (browser-webkit.rules) * 3:57045 <-> ENABLED <-> BROWSER-WEBKIT TRUFFLEHUNTER TALOS-2021-1229 attack attempt (browser-webkit.rules)
* 1:26784 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nivdort variant outbound connection (malware-cnc.rules) * 1:40753 <-> ENABLED <-> EXPLOIT-KIT Rig exploit kit outbound communication (exploit-kit.rules) * 1:25043 <-> ENABLED <-> EXPLOIT-KIT Blackholev2 exploit kit url structure detected (exploit-kit.rules) * 1:15941 <-> DISABLED <-> SERVER-OTHER Squid Proxy TRACE request remote DoS attempt (server-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3000.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:57044 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Fugrafa-9826819-0 download attempt (snort3-malware-other.rules) * 1:57025 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Urausy-9825941-0 download attempt (snort3-malware-other.rules) * 1:57021 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ceyc-9825747-0 download attempt (snort3-malware-other.rules) * 1:57022 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ceyc-9825747-0 download attempt (snort3-malware-other.rules) * 1:57024 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.RansomLock-9825921-0 download attempt (snort3-malware-other.rules) * 1:57026 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Urausy-9825941-0 download attempt (snort3-malware-other.rules) * 1:57040 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Karagany-9826730-0 download attempt (snort3-malware-other.rules) * 1:57027 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Fugrafa-9826021-0 download attempt (snort3-malware-other.rules) * 1:57028 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Fugrafa-9826021-0 download attempt (snort3-malware-other.rules) * 1:57048 <-> DISABLED <-> SERVER-WEBAPP SaltStack Salt API SSH Client command injection attempt (snort3-server-webapp.rules) * 1:57038 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Generickdz-9826546-0 download attempt (snort3-malware-other.rules) * 1:57034 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Urausy-9826539-0 download attempt (snort3-malware-other.rules) * 1:57019 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generickdz-9825913-0 download attempt (snort3-malware-other.rules) * 1:57023 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.RansomLock-9825921-0 download attempt (snort3-malware-other.rules) * 1:57041 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Nymaim-9826797-0 download attempt (snort3-malware-other.rules) * 1:57031 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zbot-9826061-0 download attempt (snort3-malware-other.rules) * 1:57032 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zbot-9826061-0 download attempt (snort3-malware-other.rules) * 1:57042 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Nymaim-9826797-0 download attempt (snort3-malware-other.rules) * 1:57035 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Urausy-9826537-0 download attempt (snort3-malware-other.rules) * 1:57043 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Fugrafa-9826819-0 download attempt (snort3-malware-other.rules) * 1:57036 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Urausy-9826537-0 download attempt (snort3-malware-other.rules) * 1:57033 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Urausy-9826539-0 download attempt (snort3-malware-other.rules) * 1:57039 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Karagany-9826730-0 download attempt (snort3-malware-other.rules) * 1:57049 <-> DISABLED <-> SERVER-WEBAPP SaltStack Salt API SSH Client command injection attempt (snort3-server-webapp.rules) * 1:57020 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generickdz-9825913-0 download attempt (snort3-malware-other.rules) * 1:57037 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Generickdz-9826546-0 download attempt (snort3-malware-other.rules) * 1:57047 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Covicli variant download attempt (snort3-malware-cnc.rules) * 1:57030 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Lockscreen-9826040-0 download attempt (snort3-malware-other.rules) * 1:57029 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Lockscreen-9826040-0 download attempt (snort3-malware-other.rules)
* 1:15941 <-> DISABLED <-> SERVER-OTHER Squid Proxy TRACE request remote DoS attempt (snort3-server-other.rules) * 1:40753 <-> ENABLED <-> EXPLOIT-KIT Rig exploit kit outbound communication (snort3-exploit-kit.rules) * 1:26784 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nivdort variant outbound connection (snort3-malware-cnc.rules) * 1:25043 <-> ENABLED <-> EXPLOIT-KIT Blackholev2 exploit kit url structure detected (snort3-exploit-kit.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:57035 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Urausy-9826537-0 download attempt (malware-other.rules) * 1:57044 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Fugrafa-9826819-0 download attempt (malware-other.rules) * 1:57019 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generickdz-9825913-0 download attempt (malware-other.rules) * 1:57049 <-> DISABLED <-> SERVER-WEBAPP SaltStack Salt API SSH Client command injection attempt (server-webapp.rules) * 1:57036 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Urausy-9826537-0 download attempt (malware-other.rules) * 1:57037 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Generickdz-9826546-0 download attempt (malware-other.rules) * 1:57022 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ceyc-9825747-0 download attempt (malware-other.rules) * 1:57023 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.RansomLock-9825921-0 download attempt (malware-other.rules) * 1:57028 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Fugrafa-9826021-0 download attempt (malware-other.rules) * 1:57025 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Urausy-9825941-0 download attempt (malware-other.rules) * 1:57020 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generickdz-9825913-0 download attempt (malware-other.rules) * 1:57043 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Fugrafa-9826819-0 download attempt (malware-other.rules) * 1:57038 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Generickdz-9826546-0 download attempt (malware-other.rules) * 1:57041 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Nymaim-9826797-0 download attempt (malware-other.rules) * 1:57042 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Nymaim-9826797-0 download attempt (malware-other.rules) * 1:57047 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Covicli variant download attempt (malware-cnc.rules) * 1:57029 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Lockscreen-9826040-0 download attempt (malware-other.rules) * 1:57048 <-> DISABLED <-> SERVER-WEBAPP SaltStack Salt API SSH Client command injection attempt (server-webapp.rules) * 1:57039 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Karagany-9826730-0 download attempt (malware-other.rules) * 1:57040 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Karagany-9826730-0 download attempt (malware-other.rules) * 1:57033 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Urausy-9826539-0 download attempt (malware-other.rules) * 1:57031 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zbot-9826061-0 download attempt (malware-other.rules) * 1:57034 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Urausy-9826539-0 download attempt (malware-other.rules) * 1:57027 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Fugrafa-9826021-0 download attempt (malware-other.rules) * 1:57032 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zbot-9826061-0 download attempt (malware-other.rules) * 1:57026 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Urausy-9825941-0 download attempt (malware-other.rules) * 1:57030 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Lockscreen-9826040-0 download attempt (malware-other.rules) * 1:57024 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.RansomLock-9825921-0 download attempt (malware-other.rules) * 1:57021 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ceyc-9825747-0 download attempt (malware-other.rules) * 3:57046 <-> ENABLED <-> BROWSER-WEBKIT TRUFFLEHUNTER TALOS-2021-1229 attack attempt (browser-webkit.rules) * 3:57045 <-> ENABLED <-> BROWSER-WEBKIT TRUFFLEHUNTER TALOS-2021-1229 attack attempt (browser-webkit.rules)
* 1:40753 <-> ENABLED <-> EXPLOIT-KIT Rig exploit kit outbound communication (exploit-kit.rules) * 1:15941 <-> DISABLED <-> SERVER-OTHER Squid Proxy TRACE request remote DoS attempt (server-other.rules) * 1:26784 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nivdort variant outbound connection (malware-cnc.rules) * 1:25043 <-> ENABLED <-> EXPLOIT-KIT Blackholev2 exploit kit url structure detected (exploit-kit.rules)
©2024 Cisco and/or its affiliates. Snort, the Snort and Pig logo are registered trademarks of Cisco. All rights reserved.
