Talos Rules 2021-04-13
Talos is aware of vulnerabilities affecting products from Microsoft Corporation.

Microsoft Vulnerability CVE-2021-28310: A coding deficiency exists in Microsoft Win32k that may lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 57403 through 57404.

Microsoft Vulnerability CVE-2021-28324: A coding deficiency exists in Microsoft SMB that may lead to information disclosure.

A rule to detect attacks targeting this vulnerability is included in this release and is identified with GID 1, SID 57411.

Microsoft Vulnerability CVE-2021-28325: A coding deficiency exists in Microsoft SMB that may lead to information disclosure.

A rule to detect attacks targeting this vulnerability is included in this release and is identified with GID 1, SID 57414.

Talos also has added and modified multiple rules in the malware-cnc, os-windows and server-webapp rule sets to provide coverage for emerging threats from these technologies.

Change logs

2021-04-13 17:28:26 UTC

Snort Subscriber Rules Update

Date: 2021-04-13

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091701.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:57403 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k elevation of privilege attempt (os-windows.rules)
 * 1:57404 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k elevation of privilege attempt (os-windows.rules)
 * 1:57405 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.Sunburst SUNSHUTTLE variant outbound connection attempt (malware-cnc.rules)
 * 1:57406 <-> DISABLED <-> SERVER-WEBAPP Palo Alto Networks management interface command injection attempt (server-webapp.rules)
 * 1:57407 <-> DISABLED <-> SERVER-WEBAPP Palo Alto Networks management interface command injection attempt (server-webapp.rules)
 * 1:57408 <-> DISABLED <-> SERVER-WEBAPP Palo Alto Networks management interface command injection attempt (server-webapp.rules)
 * 1:57409 <-> DISABLED <-> SERVER-WEBAPP Palo Alto Networks management interface command injection attempt (server-webapp.rules)
 * 1:57411 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB compression negotiation information leak attempt (os-windows.rules)
 * 1:57412 <-> DISABLED <-> SERVER-WEBAPP Nagios XI do_update_user SQL injection attempt (server-webapp.rules)
 * 1:57413 <-> DISABLED <-> SERVER-WEBAPP Nagios XI do_update_user SQL injection attempt (server-webapp.rules)
 * 1:57414 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB driver memory leak attempt (os-windows.rules)
 * 3:57410 <-> ENABLED <-> SERVER-OTHER Cisco IOS XE Wireless Controller Software CAPWAP denial of service attempt (server-other.rules)

Modified Rules:


 * 3:57360 <-> ENABLED <-> SERVER-OTHER Cisco IOS XE Wireless Controller Software CAPWAP denial of service attempt (server-other.rules)

2021-04-13 17:28:26 UTC

Snort Subscriber Rules Update

Date: 2021-04-13

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091700.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:57413 <-> DISABLED <-> SERVER-WEBAPP Nagios XI do_update_user SQL injection attempt (server-webapp.rules)
 * 1:57412 <-> DISABLED <-> SERVER-WEBAPP Nagios XI do_update_user SQL injection attempt (server-webapp.rules)
 * 1:57404 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k elevation of privilege attempt (os-windows.rules)
 * 1:57405 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.Sunburst SUNSHUTTLE variant outbound connection attempt (malware-cnc.rules)
 * 1:57406 <-> DISABLED <-> SERVER-WEBAPP Palo Alto Networks management interface command injection attempt (server-webapp.rules)
 * 1:57403 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k elevation of privilege attempt (os-windows.rules)
 * 1:57414 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB driver memory leak attempt (os-windows.rules)
 * 1:57407 <-> DISABLED <-> SERVER-WEBAPP Palo Alto Networks management interface command injection attempt (server-webapp.rules)
 * 1:57409 <-> DISABLED <-> SERVER-WEBAPP Palo Alto Networks management interface command injection attempt (server-webapp.rules)
 * 1:57408 <-> DISABLED <-> SERVER-WEBAPP Palo Alto Networks management interface command injection attempt (server-webapp.rules)
 * 1:57411 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB compression negotiation information leak attempt (os-windows.rules)
 * 3:57410 <-> ENABLED <-> SERVER-OTHER Cisco IOS XE Wireless Controller Software CAPWAP denial of service attempt (server-other.rules)

Modified Rules:


 * 3:57360 <-> ENABLED <-> SERVER-OTHER Cisco IOS XE Wireless Controller Software CAPWAP denial of service attempt (server-other.rules)

2021-04-13 17:28:26 UTC

Snort Subscriber Rules Update

Date: 2021-04-13

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091601.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:57403 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k elevation of privilege attempt (os-windows.rules)
 * 1:57406 <-> DISABLED <-> SERVER-WEBAPP Palo Alto Networks management interface command injection attempt (server-webapp.rules)
 * 1:57407 <-> DISABLED <-> SERVER-WEBAPP Palo Alto Networks management interface command injection attempt (server-webapp.rules)
 * 1:57409 <-> DISABLED <-> SERVER-WEBAPP Palo Alto Networks management interface command injection attempt (server-webapp.rules)
 * 1:57411 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB compression negotiation information leak attempt (os-windows.rules)
 * 1:57412 <-> DISABLED <-> SERVER-WEBAPP Nagios XI do_update_user SQL injection attempt (server-webapp.rules)
 * 1:57408 <-> DISABLED <-> SERVER-WEBAPP Palo Alto Networks management interface command injection attempt (server-webapp.rules)
 * 1:57404 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k elevation of privilege attempt (os-windows.rules)
 * 1:57413 <-> DISABLED <-> SERVER-WEBAPP Nagios XI do_update_user SQL injection attempt (server-webapp.rules)
 * 1:57414 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB driver memory leak attempt (os-windows.rules)
 * 1:57405 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.Sunburst SUNSHUTTLE variant outbound connection attempt (malware-cnc.rules)
 * 3:57410 <-> ENABLED <-> SERVER-OTHER Cisco IOS XE Wireless Controller Software CAPWAP denial of service attempt (server-other.rules)

Modified Rules:


 * 3:57360 <-> ENABLED <-> SERVER-OTHER Cisco IOS XE Wireless Controller Software CAPWAP denial of service attempt (server-other.rules)

2021-04-13 17:28:26 UTC

Snort Subscriber Rules Update

Date: 2021-04-13

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091600.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:57404 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k elevation of privilege attempt (os-windows.rules)
 * 1:57414 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB driver memory leak attempt (os-windows.rules)
 * 1:57405 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.Sunburst SUNSHUTTLE variant outbound connection attempt (malware-cnc.rules)
 * 1:57403 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k elevation of privilege attempt (os-windows.rules)
 * 1:57413 <-> DISABLED <-> SERVER-WEBAPP Nagios XI do_update_user SQL injection attempt (server-webapp.rules)
 * 1:57411 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB compression negotiation information leak attempt (os-windows.rules)
 * 1:57409 <-> DISABLED <-> SERVER-WEBAPP Palo Alto Networks management interface command injection attempt (server-webapp.rules)
 * 1:57407 <-> DISABLED <-> SERVER-WEBAPP Palo Alto Networks management interface command injection attempt (server-webapp.rules)
 * 1:57406 <-> DISABLED <-> SERVER-WEBAPP Palo Alto Networks management interface command injection attempt (server-webapp.rules)
 * 1:57412 <-> DISABLED <-> SERVER-WEBAPP Nagios XI do_update_user SQL injection attempt (server-webapp.rules)
 * 1:57408 <-> DISABLED <-> SERVER-WEBAPP Palo Alto Networks management interface command injection attempt (server-webapp.rules)
 * 3:57410 <-> ENABLED <-> SERVER-OTHER Cisco IOS XE Wireless Controller Software CAPWAP denial of service attempt (server-other.rules)

Modified Rules:


 * 3:57360 <-> ENABLED <-> SERVER-OTHER Cisco IOS XE Wireless Controller Software CAPWAP denial of service attempt (server-other.rules)

2021-04-13 17:28:26 UTC

Snort Subscriber Rules Update

Date: 2021-04-13

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091501.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:57414 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB driver memory leak attempt (os-windows.rules)
 * 1:57412 <-> DISABLED <-> SERVER-WEBAPP Nagios XI do_update_user SQL injection attempt (server-webapp.rules)
 * 1:57413 <-> DISABLED <-> SERVER-WEBAPP Nagios XI do_update_user SQL injection attempt (server-webapp.rules)
 * 1:57405 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.Sunburst SUNSHUTTLE variant outbound connection attempt (malware-cnc.rules)
 * 1:57403 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k elevation of privilege attempt (os-windows.rules)
 * 1:57406 <-> DISABLED <-> SERVER-WEBAPP Palo Alto Networks management interface command injection attempt (server-webapp.rules)
 * 1:57411 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB compression negotiation information leak attempt (os-windows.rules)
 * 1:57408 <-> DISABLED <-> SERVER-WEBAPP Palo Alto Networks management interface command injection attempt (server-webapp.rules)
 * 1:57407 <-> DISABLED <-> SERVER-WEBAPP Palo Alto Networks management interface command injection attempt (server-webapp.rules)
 * 1:57409 <-> DISABLED <-> SERVER-WEBAPP Palo Alto Networks management interface command injection attempt (server-webapp.rules)
 * 1:57404 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k elevation of privilege attempt (os-windows.rules)
 * 3:57410 <-> ENABLED <-> SERVER-OTHER Cisco IOS XE Wireless Controller Software CAPWAP denial of service attempt (server-other.rules)

Modified Rules:


 * 3:57360 <-> ENABLED <-> SERVER-OTHER Cisco IOS XE Wireless Controller Software CAPWAP denial of service attempt (server-other.rules)

2021-04-13 17:28:26 UTC

Snort Subscriber Rules Update

Date: 2021-04-13

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091500.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:57413 <-> DISABLED <-> SERVER-WEBAPP Nagios XI do_update_user SQL injection attempt (server-webapp.rules)
 * 1:57411 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB compression negotiation information leak attempt (os-windows.rules)
 * 1:57412 <-> DISABLED <-> SERVER-WEBAPP Nagios XI do_update_user SQL injection attempt (server-webapp.rules)
 * 1:57403 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k elevation of privilege attempt (os-windows.rules)
 * 1:57414 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB driver memory leak attempt (os-windows.rules)
 * 1:57407 <-> DISABLED <-> SERVER-WEBAPP Palo Alto Networks management interface command injection attempt (server-webapp.rules)
 * 1:57406 <-> DISABLED <-> SERVER-WEBAPP Palo Alto Networks management interface command injection attempt (server-webapp.rules)
 * 1:57404 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k elevation of privilege attempt (os-windows.rules)
 * 1:57405 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.Sunburst SUNSHUTTLE variant outbound connection attempt (malware-cnc.rules)
 * 1:57409 <-> DISABLED <-> SERVER-WEBAPP Palo Alto Networks management interface command injection attempt (server-webapp.rules)
 * 1:57408 <-> DISABLED <-> SERVER-WEBAPP Palo Alto Networks management interface command injection attempt (server-webapp.rules)
 * 3:57410 <-> ENABLED <-> SERVER-OTHER Cisco IOS XE Wireless Controller Software CAPWAP denial of service attempt (server-other.rules)

Modified Rules:


 * 3:57360 <-> ENABLED <-> SERVER-OTHER Cisco IOS XE Wireless Controller Software CAPWAP denial of service attempt (server-other.rules)

2021-04-13 17:28:26 UTC

Snort Subscriber Rules Update

Date: 2021-04-13

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091401.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:57403 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k elevation of privilege attempt (os-windows.rules)
 * 1:57413 <-> DISABLED <-> SERVER-WEBAPP Nagios XI do_update_user SQL injection attempt (server-webapp.rules)
 * 1:57414 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB driver memory leak attempt (os-windows.rules)
 * 1:57407 <-> DISABLED <-> SERVER-WEBAPP Palo Alto Networks management interface command injection attempt (server-webapp.rules)
 * 1:57404 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k elevation of privilege attempt (os-windows.rules)
 * 1:57405 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.Sunburst SUNSHUTTLE variant outbound connection attempt (malware-cnc.rules)
 * 1:57408 <-> DISABLED <-> SERVER-WEBAPP Palo Alto Networks management interface command injection attempt (server-webapp.rules)
 * 1:57406 <-> DISABLED <-> SERVER-WEBAPP Palo Alto Networks management interface command injection attempt (server-webapp.rules)
 * 1:57409 <-> DISABLED <-> SERVER-WEBAPP Palo Alto Networks management interface command injection attempt (server-webapp.rules)
 * 1:57411 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB compression negotiation information leak attempt (os-windows.rules)
 * 1:57412 <-> DISABLED <-> SERVER-WEBAPP Nagios XI do_update_user SQL injection attempt (server-webapp.rules)
 * 3:57410 <-> ENABLED <-> SERVER-OTHER Cisco IOS XE Wireless Controller Software CAPWAP denial of service attempt (server-other.rules)

Modified Rules:


 * 3:57360 <-> ENABLED <-> SERVER-OTHER Cisco IOS XE Wireless Controller Software CAPWAP denial of service attempt (server-other.rules)

2021-04-13 17:28:26 UTC

Snort Subscriber Rules Update

Date: 2021-04-13

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091300.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:57407 <-> DISABLED <-> SERVER-WEBAPP Palo Alto Networks management interface command injection attempt (server-webapp.rules)
 * 1:57403 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k elevation of privilege attempt (os-windows.rules)
 * 1:57404 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k elevation of privilege attempt (os-windows.rules)
 * 1:57408 <-> DISABLED <-> SERVER-WEBAPP Palo Alto Networks management interface command injection attempt (server-webapp.rules)
 * 1:57409 <-> DISABLED <-> SERVER-WEBAPP Palo Alto Networks management interface command injection attempt (server-webapp.rules)
 * 1:57411 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB compression negotiation information leak attempt (os-windows.rules)
 * 1:57413 <-> DISABLED <-> SERVER-WEBAPP Nagios XI do_update_user SQL injection attempt (server-webapp.rules)
 * 1:57406 <-> DISABLED <-> SERVER-WEBAPP Palo Alto Networks management interface command injection attempt (server-webapp.rules)
 * 1:57405 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.Sunburst SUNSHUTTLE variant outbound connection attempt (malware-cnc.rules)
 * 1:57414 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB driver memory leak attempt (os-windows.rules)
 * 1:57412 <-> DISABLED <-> SERVER-WEBAPP Nagios XI do_update_user SQL injection attempt (server-webapp.rules)
 * 3:57410 <-> ENABLED <-> SERVER-OTHER Cisco IOS XE Wireless Controller Software CAPWAP denial of service attempt (server-other.rules)

Modified Rules:


 * 3:57360 <-> ENABLED <-> SERVER-OTHER Cisco IOS XE Wireless Controller Software CAPWAP denial of service attempt (server-other.rules)

2021-04-13 17:28:26 UTC

Snort Subscriber Rules Update

Date: 2021-04-13

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091101.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:57411 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB compression negotiation information leak attempt (os-windows.rules)
 * 1:57408 <-> DISABLED <-> SERVER-WEBAPP Palo Alto Networks management interface command injection attempt (server-webapp.rules)
 * 1:57404 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k elevation of privilege attempt (os-windows.rules)
 * 1:57403 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k elevation of privilege attempt (os-windows.rules)
 * 1:57412 <-> DISABLED <-> SERVER-WEBAPP Nagios XI do_update_user SQL injection attempt (server-webapp.rules)
 * 1:57414 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB driver memory leak attempt (os-windows.rules)
 * 1:57413 <-> DISABLED <-> SERVER-WEBAPP Nagios XI do_update_user SQL injection attempt (server-webapp.rules)
 * 1:57405 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.Sunburst SUNSHUTTLE variant outbound connection attempt (malware-cnc.rules)
 * 1:57409 <-> DISABLED <-> SERVER-WEBAPP Palo Alto Networks management interface command injection attempt (server-webapp.rules)
 * 1:57406 <-> DISABLED <-> SERVER-WEBAPP Palo Alto Networks management interface command injection attempt (server-webapp.rules)
 * 1:57407 <-> DISABLED <-> SERVER-WEBAPP Palo Alto Networks management interface command injection attempt (server-webapp.rules)
 * 3:57410 <-> ENABLED <-> SERVER-OTHER Cisco IOS XE Wireless Controller Software CAPWAP denial of service attempt (server-other.rules)

Modified Rules:


 * 3:57360 <-> ENABLED <-> SERVER-OTHER Cisco IOS XE Wireless Controller Software CAPWAP denial of service attempt (server-other.rules)

2021-04-13 17:28:26 UTC

Snort Subscriber Rules Update

Date: 2021-04-13

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3000.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:57403 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k elevation of privilege attempt (snort3-os-windows.rules)
 * 1:57404 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k elevation of privilege attempt (snort3-os-windows.rules)
 * 1:57405 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.Sunburst SUNSHUTTLE variant outbound connection attempt (snort3-malware-cnc.rules)
 * 1:57411 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB compression negotiation information leak attempt (snort3-os-windows.rules)
 * 1:57408 <-> DISABLED <-> SERVER-WEBAPP Palo Alto Networks management interface command injection attempt (snort3-server-webapp.rules)
 * 1:57407 <-> DISABLED <-> SERVER-WEBAPP Palo Alto Networks management interface command injection attempt (snort3-server-webapp.rules)
 * 1:57412 <-> DISABLED <-> SERVER-WEBAPP Nagios XI do_update_user SQL injection attempt (snort3-server-webapp.rules)
 * 1:57413 <-> DISABLED <-> SERVER-WEBAPP Nagios XI do_update_user SQL injection attempt (snort3-server-webapp.rules)
 * 1:57414 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB driver memory leak attempt (snort3-os-windows.rules)
 * 1:57409 <-> DISABLED <-> SERVER-WEBAPP Palo Alto Networks management interface command injection attempt (snort3-server-webapp.rules)
 * 1:57406 <-> DISABLED <-> SERVER-WEBAPP Palo Alto Networks management interface command injection attempt (snort3-server-webapp.rules)

Modified Rules:



2021-04-13 17:28:26 UTC

Snort Subscriber Rules Update

Date: 2021-04-13

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:57408 <-> DISABLED <-> SERVER-WEBAPP Palo Alto Networks management interface command injection attempt (server-webapp.rules)
 * 1:57412 <-> DISABLED <-> SERVER-WEBAPP Nagios XI do_update_user SQL injection attempt (server-webapp.rules)
 * 1:57409 <-> DISABLED <-> SERVER-WEBAPP Palo Alto Networks management interface command injection attempt (server-webapp.rules)
 * 1:57406 <-> DISABLED <-> SERVER-WEBAPP Palo Alto Networks management interface command injection attempt (server-webapp.rules)
 * 1:57403 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k elevation of privilege attempt (os-windows.rules)
 * 1:57413 <-> DISABLED <-> SERVER-WEBAPP Nagios XI do_update_user SQL injection attempt (server-webapp.rules)
 * 1:57414 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB driver memory leak attempt (os-windows.rules)
 * 1:57407 <-> DISABLED <-> SERVER-WEBAPP Palo Alto Networks management interface command injection attempt (server-webapp.rules)
 * 1:57405 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.Sunburst SUNSHUTTLE variant outbound connection attempt (malware-cnc.rules)
 * 1:57411 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB compression negotiation information leak attempt (os-windows.rules)
 * 1:57404 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k elevation of privilege attempt (os-windows.rules)
 * 3:57410 <-> ENABLED <-> SERVER-OTHER Cisco IOS XE Wireless Controller Software CAPWAP denial of service attempt (server-other.rules)

Modified Rules:


 * 3:57360 <-> ENABLED <-> SERVER-OTHER Cisco IOS XE Wireless Controller Software CAPWAP denial of service attempt (server-other.rules)