Talos Rules 2021-05-27
This release adds and modifies rules in several categories.

Talos has added and modified multiple rules in the file-multimedia, file-pdf, malware-other and server-webapp rule sets to provide coverage for emerging threats from these technologies.

Change logs

2021-05-27 12:50:19 UTC

Snort Subscriber Rules Update

Date: 2021-05-27

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091701.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:57622 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.REvil variant binary download attempt (malware-other.rules)
 * 1:57621 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.REvil variant binary download attempt (malware-other.rules)
 * 1:57631 <-> DISABLED <-> PUA-OTHER WeChat User-Agent string - MicroMessenger (pua-other.rules)
 * 1:57632 <-> DISABLED <-> PUA-OTHER Known unwanted User-Agent string - LieBaoFast (pua-other.rules)
 * 1:57633 <-> DISABLED <-> PUA-OTHER Known unwanted User-Agent string - Mb2345Browser (pua-other.rules)
 * 1:57634 <-> DISABLED <-> PUA-OTHER Known unwanted User-Agent string - PetalBot (pua-other.rules)
 * 3:57623 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1298 attack attempt (file-multimedia.rules)
 * 3:57624 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1298 attack attempt (file-multimedia.rules)
 * 3:57626 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1298 attack attempt (file-multimedia.rules)
 * 3:57625 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1298 attack attempt (file-multimedia.rules)
 * 3:57627 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1298 attack attempt (file-multimedia.rules)
 * 3:57628 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1298 attack attempt (file-multimedia.rules)
 * 3:57629 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1298 attack attempt (file-multimedia.rules)
 * 3:57630 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1298 attack attempt (file-multimedia.rules)
 * 3:57635 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57636 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57637 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57638 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57639 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57640 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57641 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57642 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57643 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57644 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57645 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57646 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57647 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57648 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57649 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57650 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57651 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57652 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57653 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57654 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57655 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57656 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57657 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57658 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57659 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57660 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57661 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57662 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57663 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57664 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57665 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57666 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57667 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57668 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57669 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57670 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57671 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57672 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)

Modified Rules:


 * 3:57479 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2021-1287 attack attempt (file-pdf.rules)
 * 3:46897 <-> ENABLED <-> SERVER-WEBAPP Cisco Adaptive Security Appliance directory traversal attempt (server-webapp.rules)
 * 3:57480 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2021-1287 attack attempt (file-pdf.rules)

2021-05-27 12:50:19 UTC

Snort Subscriber Rules Update

Date: 2021-05-27

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091700.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:57634 <-> DISABLED <-> PUA-OTHER Known unwanted User-Agent string - PetalBot (pua-other.rules)
 * 1:57633 <-> DISABLED <-> PUA-OTHER Known unwanted User-Agent string - Mb2345Browser (pua-other.rules)
 * 1:57621 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.REvil variant binary download attempt (malware-other.rules)
 * 1:57622 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.REvil variant binary download attempt (malware-other.rules)
 * 1:57631 <-> DISABLED <-> PUA-OTHER WeChat User-Agent string - MicroMessenger (pua-other.rules)
 * 1:57632 <-> DISABLED <-> PUA-OTHER Known unwanted User-Agent string - LieBaoFast (pua-other.rules)
 * 3:57659 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57665 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57660 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57623 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1298 attack attempt (file-multimedia.rules)
 * 3:57624 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1298 attack attempt (file-multimedia.rules)
 * 3:57625 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1298 attack attempt (file-multimedia.rules)
 * 3:57626 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1298 attack attempt (file-multimedia.rules)
 * 3:57627 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1298 attack attempt (file-multimedia.rules)
 * 3:57628 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1298 attack attempt (file-multimedia.rules)
 * 3:57629 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1298 attack attempt (file-multimedia.rules)
 * 3:57630 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1298 attack attempt (file-multimedia.rules)
 * 3:57635 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57636 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57637 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57638 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57639 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57640 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57641 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57642 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57643 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57644 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57645 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57646 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57647 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57648 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57649 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57650 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57651 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57652 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57653 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57654 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57655 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57656 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57657 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57658 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57661 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57662 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57663 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57664 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57666 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57667 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57668 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57669 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57670 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57671 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57672 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)

Modified Rules:


 * 3:46897 <-> ENABLED <-> SERVER-WEBAPP Cisco Adaptive Security Appliance directory traversal attempt (server-webapp.rules)
 * 3:57480 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2021-1287 attack attempt (file-pdf.rules)
 * 3:57479 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2021-1287 attack attempt (file-pdf.rules)

2021-05-27 12:50:19 UTC

Snort Subscriber Rules Update

Date: 2021-05-27

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091601.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:57632 <-> DISABLED <-> PUA-OTHER Known unwanted User-Agent string - LieBaoFast (pua-other.rules)
 * 1:57621 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.REvil variant binary download attempt (malware-other.rules)
 * 1:57622 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.REvil variant binary download attempt (malware-other.rules)
 * 1:57631 <-> DISABLED <-> PUA-OTHER WeChat User-Agent string - MicroMessenger (pua-other.rules)
 * 1:57633 <-> DISABLED <-> PUA-OTHER Known unwanted User-Agent string - Mb2345Browser (pua-other.rules)
 * 1:57634 <-> DISABLED <-> PUA-OTHER Known unwanted User-Agent string - PetalBot (pua-other.rules)
 * 3:57667 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57670 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57671 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57668 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57669 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57662 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57663 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57672 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57665 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57664 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57666 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57661 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57623 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1298 attack attempt (file-multimedia.rules)
 * 3:57626 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1298 attack attempt (file-multimedia.rules)
 * 3:57627 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1298 attack attempt (file-multimedia.rules)
 * 3:57628 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1298 attack attempt (file-multimedia.rules)
 * 3:57629 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1298 attack attempt (file-multimedia.rules)
 * 3:57630 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1298 attack attempt (file-multimedia.rules)
 * 3:57635 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57636 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57637 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57638 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57639 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57640 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57641 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57642 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57643 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57644 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57645 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57646 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57647 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57648 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57649 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57650 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57651 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57652 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57653 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57654 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57655 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57656 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57657 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57658 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57659 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57625 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1298 attack attempt (file-multimedia.rules)
 * 3:57624 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1298 attack attempt (file-multimedia.rules)
 * 3:57660 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)

Modified Rules:


 * 3:57479 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2021-1287 attack attempt (file-pdf.rules)
 * 3:57480 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2021-1287 attack attempt (file-pdf.rules)
 * 3:46897 <-> ENABLED <-> SERVER-WEBAPP Cisco Adaptive Security Appliance directory traversal attempt (server-webapp.rules)

2021-05-27 12:50:19 UTC

Snort Subscriber Rules Update

Date: 2021-05-27

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091600.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:57621 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.REvil variant binary download attempt (malware-other.rules)
 * 1:57631 <-> DISABLED <-> PUA-OTHER WeChat User-Agent string - MicroMessenger (pua-other.rules)
 * 1:57634 <-> DISABLED <-> PUA-OTHER Known unwanted User-Agent string - PetalBot (pua-other.rules)
 * 1:57633 <-> DISABLED <-> PUA-OTHER Known unwanted User-Agent string - Mb2345Browser (pua-other.rules)
 * 1:57632 <-> DISABLED <-> PUA-OTHER Known unwanted User-Agent string - LieBaoFast (pua-other.rules)
 * 1:57622 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.REvil variant binary download attempt (malware-other.rules)
 * 3:57666 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57665 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57664 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57667 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57668 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57671 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57669 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57663 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57672 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57670 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57659 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57623 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1298 attack attempt (file-multimedia.rules)
 * 3:57626 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1298 attack attempt (file-multimedia.rules)
 * 3:57660 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57627 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1298 attack attempt (file-multimedia.rules)
 * 3:57629 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1298 attack attempt (file-multimedia.rules)
 * 3:57635 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57630 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1298 attack attempt (file-multimedia.rules)
 * 3:57637 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57628 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1298 attack attempt (file-multimedia.rules)
 * 3:57639 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57638 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57641 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57636 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57643 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57642 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57645 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57640 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57647 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57646 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57649 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57644 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57651 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57650 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57655 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57648 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57653 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57654 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57657 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57652 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57656 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57662 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57658 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57624 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1298 attack attempt (file-multimedia.rules)
 * 3:57661 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57625 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1298 attack attempt (file-multimedia.rules)

Modified Rules:


 * 3:57479 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2021-1287 attack attempt (file-pdf.rules)
 * 3:46897 <-> ENABLED <-> SERVER-WEBAPP Cisco Adaptive Security Appliance directory traversal attempt (server-webapp.rules)
 * 3:57480 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2021-1287 attack attempt (file-pdf.rules)

2021-05-27 12:50:19 UTC

Snort Subscriber Rules Update

Date: 2021-05-27

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091501.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:57634 <-> DISABLED <-> PUA-OTHER Known unwanted User-Agent string - PetalBot (pua-other.rules)
 * 1:57621 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.REvil variant binary download attempt (malware-other.rules)
 * 1:57622 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.REvil variant binary download attempt (malware-other.rules)
 * 1:57633 <-> DISABLED <-> PUA-OTHER Known unwanted User-Agent string - Mb2345Browser (pua-other.rules)
 * 1:57632 <-> DISABLED <-> PUA-OTHER Known unwanted User-Agent string - LieBaoFast (pua-other.rules)
 * 1:57631 <-> DISABLED <-> PUA-OTHER WeChat User-Agent string - MicroMessenger (pua-other.rules)
 * 3:57669 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57623 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1298 attack attempt (file-multimedia.rules)
 * 3:57624 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1298 attack attempt (file-multimedia.rules)
 * 3:57663 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57664 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57667 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57671 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57625 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1298 attack attempt (file-multimedia.rules)
 * 3:57670 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57666 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57668 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57627 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1298 attack attempt (file-multimedia.rules)
 * 3:57628 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1298 attack attempt (file-multimedia.rules)
 * 3:57629 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1298 attack attempt (file-multimedia.rules)
 * 3:57630 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1298 attack attempt (file-multimedia.rules)
 * 3:57635 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57636 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57637 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57638 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57639 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57640 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57641 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57642 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57643 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57644 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57645 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57646 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57647 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57648 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57649 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57650 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57651 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57652 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57653 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57654 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57655 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57656 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57657 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57672 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57658 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57659 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57665 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57660 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57661 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57626 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1298 attack attempt (file-multimedia.rules)
 * 3:57662 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)

Modified Rules:


 * 3:46897 <-> ENABLED <-> SERVER-WEBAPP Cisco Adaptive Security Appliance directory traversal attempt (server-webapp.rules)
 * 3:57479 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2021-1287 attack attempt (file-pdf.rules)
 * 3:57480 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2021-1287 attack attempt (file-pdf.rules)

2021-05-27 12:50:19 UTC

Snort Subscriber Rules Update

Date: 2021-05-27

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091500.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:57632 <-> DISABLED <-> PUA-OTHER Known unwanted User-Agent string - LieBaoFast (pua-other.rules)
 * 1:57633 <-> DISABLED <-> PUA-OTHER Known unwanted User-Agent string - Mb2345Browser (pua-other.rules)
 * 1:57621 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.REvil variant binary download attempt (malware-other.rules)
 * 1:57634 <-> DISABLED <-> PUA-OTHER Known unwanted User-Agent string - PetalBot (pua-other.rules)
 * 1:57622 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.REvil variant binary download attempt (malware-other.rules)
 * 1:57631 <-> DISABLED <-> PUA-OTHER WeChat User-Agent string - MicroMessenger (pua-other.rules)
 * 3:57658 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57667 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57668 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57670 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57669 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57662 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57661 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57660 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57659 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57666 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57657 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57625 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1298 attack attempt (file-multimedia.rules)
 * 3:57623 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1298 attack attempt (file-multimedia.rules)
 * 3:57624 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1298 attack attempt (file-multimedia.rules)
 * 3:57656 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57672 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57626 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1298 attack attempt (file-multimedia.rules)
 * 3:57665 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57627 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1298 attack attempt (file-multimedia.rules)
 * 3:57628 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1298 attack attempt (file-multimedia.rules)
 * 3:57629 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1298 attack attempt (file-multimedia.rules)
 * 3:57630 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1298 attack attempt (file-multimedia.rules)
 * 3:57635 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57636 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57637 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57638 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57639 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57640 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57641 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57642 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57643 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57644 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57645 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57646 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57647 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57648 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57649 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57650 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57651 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57652 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57653 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57663 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57654 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57655 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57671 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57664 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)

Modified Rules:


 * 3:57479 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2021-1287 attack attempt (file-pdf.rules)
 * 3:57480 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2021-1287 attack attempt (file-pdf.rules)
 * 3:46897 <-> ENABLED <-> SERVER-WEBAPP Cisco Adaptive Security Appliance directory traversal attempt (server-webapp.rules)

2021-05-27 12:50:19 UTC

Snort Subscriber Rules Update

Date: 2021-05-27

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091401.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:57621 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.REvil variant binary download attempt (malware-other.rules)
 * 1:57622 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.REvil variant binary download attempt (malware-other.rules)
 * 1:57631 <-> DISABLED <-> PUA-OTHER WeChat User-Agent string - MicroMessenger (pua-other.rules)
 * 1:57633 <-> DISABLED <-> PUA-OTHER Known unwanted User-Agent string - Mb2345Browser (pua-other.rules)
 * 1:57634 <-> DISABLED <-> PUA-OTHER Known unwanted User-Agent string - PetalBot (pua-other.rules)
 * 1:57632 <-> DISABLED <-> PUA-OTHER Known unwanted User-Agent string - LieBaoFast (pua-other.rules)
 * 3:57671 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57665 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57629 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1298 attack attempt (file-multimedia.rules)
 * 3:57660 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57624 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1298 attack attempt (file-multimedia.rules)
 * 3:57670 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57661 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57627 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1298 attack attempt (file-multimedia.rules)
 * 3:57668 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57669 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57666 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57672 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57667 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57623 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1298 attack attempt (file-multimedia.rules)
 * 3:57664 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57663 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57625 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1298 attack attempt (file-multimedia.rules)
 * 3:57630 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1298 attack attempt (file-multimedia.rules)
 * 3:57638 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57637 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57635 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57642 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57641 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57636 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57639 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57646 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57645 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57643 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57649 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57640 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57647 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57650 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57653 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57644 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57651 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57654 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57658 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57648 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57655 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57659 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57652 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57656 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57626 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1298 attack attempt (file-multimedia.rules)
 * 3:57662 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57628 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1298 attack attempt (file-multimedia.rules)
 * 3:57657 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)

Modified Rules:


 * 3:57480 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2021-1287 attack attempt (file-pdf.rules)
 * 3:57479 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2021-1287 attack attempt (file-pdf.rules)
 * 3:46897 <-> ENABLED <-> SERVER-WEBAPP Cisco Adaptive Security Appliance directory traversal attempt (server-webapp.rules)

2021-05-27 12:50:19 UTC

Snort Subscriber Rules Update

Date: 2021-05-27

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091300.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:57632 <-> DISABLED <-> PUA-OTHER Known unwanted User-Agent string - LieBaoFast (pua-other.rules)
 * 1:57631 <-> DISABLED <-> PUA-OTHER WeChat User-Agent string - MicroMessenger (pua-other.rules)
 * 1:57633 <-> DISABLED <-> PUA-OTHER Known unwanted User-Agent string - Mb2345Browser (pua-other.rules)
 * 1:57621 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.REvil variant binary download attempt (malware-other.rules)
 * 1:57634 <-> DISABLED <-> PUA-OTHER Known unwanted User-Agent string - PetalBot (pua-other.rules)
 * 1:57622 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.REvil variant binary download attempt (malware-other.rules)
 * 3:57663 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57670 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57661 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57655 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57623 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1298 attack attempt (file-multimedia.rules)
 * 3:57671 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57654 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57656 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57651 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57624 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1298 attack attempt (file-multimedia.rules)
 * 3:57626 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1298 attack attempt (file-multimedia.rules)
 * 3:57629 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1298 attack attempt (file-multimedia.rules)
 * 3:57628 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1298 attack attempt (file-multimedia.rules)
 * 3:57637 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57630 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1298 attack attempt (file-multimedia.rules)
 * 3:57627 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1298 attack attempt (file-multimedia.rules)
 * 3:57625 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1298 attack attempt (file-multimedia.rules)
 * 3:57672 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57636 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57641 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57638 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57635 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57640 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57645 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57642 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57639 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57644 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57649 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57646 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57643 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57648 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57653 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57650 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57647 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57652 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57657 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57659 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57658 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57660 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57667 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57666 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57662 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57669 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57665 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57668 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57664 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)

Modified Rules:


 * 3:57480 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2021-1287 attack attempt (file-pdf.rules)
 * 3:57479 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2021-1287 attack attempt (file-pdf.rules)
 * 3:46897 <-> ENABLED <-> SERVER-WEBAPP Cisco Adaptive Security Appliance directory traversal attempt (server-webapp.rules)

2021-05-27 12:50:19 UTC

Snort Subscriber Rules Update

Date: 2021-05-27

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091101.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:57632 <-> DISABLED <-> PUA-OTHER Known unwanted User-Agent string - LieBaoFast (pua-other.rules)
 * 1:57631 <-> DISABLED <-> PUA-OTHER WeChat User-Agent string - MicroMessenger (pua-other.rules)
 * 1:57634 <-> DISABLED <-> PUA-OTHER Known unwanted User-Agent string - PetalBot (pua-other.rules)
 * 1:57622 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.REvil variant binary download attempt (malware-other.rules)
 * 1:57633 <-> DISABLED <-> PUA-OTHER Known unwanted User-Agent string - Mb2345Browser (pua-other.rules)
 * 1:57621 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.REvil variant binary download attempt (malware-other.rules)
 * 3:57663 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57661 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57657 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57671 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57669 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57666 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57625 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1298 attack attempt (file-multimedia.rules)
 * 3:57665 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57623 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1298 attack attempt (file-multimedia.rules)
 * 3:57667 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57662 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57660 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57627 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1298 attack attempt (file-multimedia.rules)
 * 3:57628 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1298 attack attempt (file-multimedia.rules)
 * 3:57629 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1298 attack attempt (file-multimedia.rules)
 * 3:57630 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1298 attack attempt (file-multimedia.rules)
 * 3:57635 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57636 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57637 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57638 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57639 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57640 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57641 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57642 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57643 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57644 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57645 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57646 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57647 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57648 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57658 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57649 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57656 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57650 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57672 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57651 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57670 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57626 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1298 attack attempt (file-multimedia.rules)
 * 3:57652 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57653 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57654 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57659 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57655 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57624 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1298 attack attempt (file-multimedia.rules)
 * 3:57664 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57668 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)

Modified Rules:


 * 3:57480 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2021-1287 attack attempt (file-pdf.rules)
 * 3:57479 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2021-1287 attack attempt (file-pdf.rules)
 * 3:46897 <-> ENABLED <-> SERVER-WEBAPP Cisco Adaptive Security Appliance directory traversal attempt (server-webapp.rules)

2021-05-27 12:50:19 UTC

Snort Subscriber Rules Update

Date: 2021-05-27

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3000.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:57634 <-> DISABLED <-> PUA-OTHER Known unwanted User-Agent string - PetalBot (snort3-pua-other.rules)
 * 1:300026 <-> ENABLED <-> SERVER-WEBAPP Digium Asterisk cookie stack buffer overflow attempt (snort3-native.rules)
 * 1:57632 <-> DISABLED <-> PUA-OTHER Known unwanted User-Agent string - LieBaoFast (snort3-pua-other.rules)
 * 1:57621 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.REvil variant binary download attempt (snort3-malware-other.rules)
 * 1:57631 <-> DISABLED <-> PUA-OTHER WeChat User-Agent string - MicroMessenger (snort3-pua-other.rules)
 * 1:300025 <-> ENABLED <-> SERVER-WEBAPP Palo Alto GlobalProtect SSL VPN buffer overflow attempt (snort3-native.rules)
 * 1:300027 <-> ENABLED <-> SERVER-WEBAPP Digium Asterisk cookie stack buffer overflow attempt (snort3-native.rules)
 * 1:57622 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.REvil variant binary download attempt (snort3-malware-other.rules)
 * 1:57633 <-> DISABLED <-> PUA-OTHER Known unwanted User-Agent string - Mb2345Browser (snort3-pua-other.rules)
 * 1:300028 <-> ENABLED <-> SERVER-WEBAPP Digium Asterisk cookie stack buffer overflow attempt (snort3-native.rules)

Modified Rules:



2021-05-27 12:50:19 UTC

Snort Subscriber Rules Update

Date: 2021-05-27

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:57621 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.REvil variant binary download attempt (malware-other.rules)
 * 1:57631 <-> DISABLED <-> PUA-OTHER WeChat User-Agent string - MicroMessenger (pua-other.rules)
 * 1:57634 <-> DISABLED <-> PUA-OTHER Known unwanted User-Agent string - PetalBot (pua-other.rules)
 * 1:57632 <-> DISABLED <-> PUA-OTHER Known unwanted User-Agent string - LieBaoFast (pua-other.rules)
 * 1:57622 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.REvil variant binary download attempt (malware-other.rules)
 * 1:57633 <-> DISABLED <-> PUA-OTHER Known unwanted User-Agent string - Mb2345Browser (pua-other.rules)
 * 3:57660 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57667 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57668 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57623 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1298 attack attempt (file-multimedia.rules)
 * 3:57671 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57672 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57661 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57624 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1298 attack attempt (file-multimedia.rules)
 * 3:57627 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1298 attack attempt (file-multimedia.rules)
 * 3:57626 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1298 attack attempt (file-multimedia.rules)
 * 3:57628 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1298 attack attempt (file-multimedia.rules)
 * 3:57629 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1298 attack attempt (file-multimedia.rules)
 * 3:57630 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1298 attack attempt (file-multimedia.rules)
 * 3:57635 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57636 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57637 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57638 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57639 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57640 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57641 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57642 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57643 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57644 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57663 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57645 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57646 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57647 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57648 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57649 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57664 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57650 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57651 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57666 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57652 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57653 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57662 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57654 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57669 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57625 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1298 attack attempt (file-multimedia.rules)
 * 3:57655 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57656 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57665 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57657 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57658 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57670 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)
 * 3:57659 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt (file-multimedia.rules)

Modified Rules:


 * 3:46897 <-> ENABLED <-> SERVER-WEBAPP Cisco Adaptive Security Appliance directory traversal attempt (server-webapp.rules)
 * 3:57480 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2021-1287 attack attempt (file-pdf.rules)
 * 3:57479 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2021-1287 attack attempt (file-pdf.rules)

2021-05-27 13:08:03 UTC

Snort Subscriber Rules Update

Date: 2021-05-26-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.0.3.1.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:300025 <-> SERVER-WEBAPP Palo Alto GlobalProtect SSL VPN buffer overflow attempt
* 1:300026 <-> SERVER-WEBAPP Digium Asterisk cookie stack buffer overflow attempt
* 1:300027 <-> SERVER-WEBAPP Digium Asterisk cookie stack buffer overflow attempt
* 1:300028 <-> SERVER-WEBAPP Digium Asterisk cookie stack buffer overflow attempt
* 1:57621 <-> MALWARE-OTHER Win.Ransomware.REvil variant binary download attempt
* 1:57622 <-> MALWARE-OTHER Win.Ransomware.REvil variant binary download attempt
* 1:57631 <-> PUA-OTHER WeChat User-Agent string - MicroMessenger
* 1:57632 <-> PUA-OTHER Known unwanted User-Agent string - LieBaoFast
* 1:57633 <-> PUA-OTHER Known unwanted User-Agent string - Mb2345Browser
* 1:57634 <-> PUA-OTHER Known unwanted User-Agent string - PetalBot

Modified Rules:



2021-05-27 13:08:03 UTC

Snort Subscriber Rules Update

Date: 2021-05-26-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.0.3.4.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:300025 <-> SERVER-WEBAPP Palo Alto GlobalProtect SSL VPN buffer overflow attempt
* 1:300026 <-> SERVER-WEBAPP Digium Asterisk cookie stack buffer overflow attempt
* 1:300027 <-> SERVER-WEBAPP Digium Asterisk cookie stack buffer overflow attempt
* 1:300028 <-> SERVER-WEBAPP Digium Asterisk cookie stack buffer overflow attempt
* 1:57621 <-> MALWARE-OTHER Win.Ransomware.REvil variant binary download attempt
* 1:57622 <-> MALWARE-OTHER Win.Ransomware.REvil variant binary download attempt
* 1:57631 <-> PUA-OTHER WeChat User-Agent string - MicroMessenger
* 1:57632 <-> PUA-OTHER Known unwanted User-Agent string - LieBaoFast
* 1:57633 <-> PUA-OTHER Known unwanted User-Agent string - Mb2345Browser
* 1:57634 <-> PUA-OTHER Known unwanted User-Agent string - PetalBot

Modified Rules:



2021-05-27 13:08:03 UTC

Snort Subscriber Rules Update

Date: 2021-05-26-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.0.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:300025 <-> SERVER-WEBAPP Palo Alto GlobalProtect SSL VPN buffer overflow attempt
* 1:300026 <-> SERVER-WEBAPP Digium Asterisk cookie stack buffer overflow attempt
* 1:300027 <-> SERVER-WEBAPP Digium Asterisk cookie stack buffer overflow attempt
* 1:300028 <-> SERVER-WEBAPP Digium Asterisk cookie stack buffer overflow attempt
* 1:57621 <-> MALWARE-OTHER Win.Ransomware.REvil variant binary download attempt
* 1:57622 <-> MALWARE-OTHER Win.Ransomware.REvil variant binary download attempt
* 1:57631 <-> PUA-OTHER WeChat User-Agent string - MicroMessenger
* 1:57632 <-> PUA-OTHER Known unwanted User-Agent string - LieBaoFast
* 1:57633 <-> PUA-OTHER Known unwanted User-Agent string - Mb2345Browser
* 1:57634 <-> PUA-OTHER Known unwanted User-Agent string - PetalBot

Modified Rules:



2021-05-27 13:08:03 UTC

Snort Subscriber Rules Update

Date: 2021-05-26-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.0.1.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:300025 <-> SERVER-WEBAPP Palo Alto GlobalProtect SSL VPN buffer overflow attempt
* 1:300026 <-> SERVER-WEBAPP Digium Asterisk cookie stack buffer overflow attempt
* 1:300027 <-> SERVER-WEBAPP Digium Asterisk cookie stack buffer overflow attempt
* 1:300028 <-> SERVER-WEBAPP Digium Asterisk cookie stack buffer overflow attempt
* 1:57621 <-> MALWARE-OTHER Win.Ransomware.REvil variant binary download attempt
* 1:57622 <-> MALWARE-OTHER Win.Ransomware.REvil variant binary download attempt
* 1:57631 <-> PUA-OTHER WeChat User-Agent string - MicroMessenger
* 1:57632 <-> PUA-OTHER Known unwanted User-Agent string - LieBaoFast
* 1:57633 <-> PUA-OTHER Known unwanted User-Agent string - Mb2345Browser
* 1:57634 <-> PUA-OTHER Known unwanted User-Agent string - PetalBot

Modified Rules:



2021-05-27 13:08:03 UTC

Snort Subscriber Rules Update

Date: 2021-05-26-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.1.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:300025 <-> SERVER-WEBAPP Palo Alto GlobalProtect SSL VPN buffer overflow attempt
* 1:300026 <-> SERVER-WEBAPP Digium Asterisk cookie stack buffer overflow attempt
* 1:300027 <-> SERVER-WEBAPP Digium Asterisk cookie stack buffer overflow attempt
* 1:300028 <-> SERVER-WEBAPP Digium Asterisk cookie stack buffer overflow attempt
* 1:57621 <-> MALWARE-OTHER Win.Ransomware.REvil variant binary download attempt
* 1:57622 <-> MALWARE-OTHER Win.Ransomware.REvil variant binary download attempt
* 1:57631 <-> PUA-OTHER WeChat User-Agent string - MicroMessenger
* 1:57632 <-> PUA-OTHER Known unwanted User-Agent string - LieBaoFast
* 1:57633 <-> PUA-OTHER Known unwanted User-Agent string - Mb2345Browser
* 1:57634 <-> PUA-OTHER Known unwanted User-Agent string - PetalBot

Modified Rules:



2021-05-27 13:08:03 UTC

Snort Subscriber Rules Update

Date: 2021-05-26-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.3.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:300025 <-> SERVER-WEBAPP Palo Alto GlobalProtect SSL VPN buffer overflow attempt
* 1:300026 <-> SERVER-WEBAPP Digium Asterisk cookie stack buffer overflow attempt
* 1:300027 <-> SERVER-WEBAPP Digium Asterisk cookie stack buffer overflow attempt
* 1:300028 <-> SERVER-WEBAPP Digium Asterisk cookie stack buffer overflow attempt
* 1:57621 <-> MALWARE-OTHER Win.Ransomware.REvil variant binary download attempt
* 1:57622 <-> MALWARE-OTHER Win.Ransomware.REvil variant binary download attempt
* 1:57631 <-> PUA-OTHER WeChat User-Agent string - MicroMessenger
* 1:57632 <-> PUA-OTHER Known unwanted User-Agent string - LieBaoFast
* 1:57633 <-> PUA-OTHER Known unwanted User-Agent string - Mb2345Browser
* 1:57634 <-> PUA-OTHER Known unwanted User-Agent string - PetalBot

Modified Rules:



2021-05-27 13:08:04 UTC

Snort Subscriber Rules Update

Date: 2021-05-26-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.4.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:300025 <-> SERVER-WEBAPP Palo Alto GlobalProtect SSL VPN buffer overflow attempt
* 1:300026 <-> SERVER-WEBAPP Digium Asterisk cookie stack buffer overflow attempt
* 1:300027 <-> SERVER-WEBAPP Digium Asterisk cookie stack buffer overflow attempt
* 1:300028 <-> SERVER-WEBAPP Digium Asterisk cookie stack buffer overflow attempt
* 1:57621 <-> MALWARE-OTHER Win.Ransomware.REvil variant binary download attempt
* 1:57622 <-> MALWARE-OTHER Win.Ransomware.REvil variant binary download attempt
* 1:57631 <-> PUA-OTHER WeChat User-Agent string - MicroMessenger
* 1:57632 <-> PUA-OTHER Known unwanted User-Agent string - LieBaoFast
* 1:57633 <-> PUA-OTHER Known unwanted User-Agent string - Mb2345Browser
* 1:57634 <-> PUA-OTHER Known unwanted User-Agent string - PetalBot

Modified Rules:



2021-05-27 13:08:04 UTC

Snort Subscriber Rules Update

Date: 2021-05-26-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.5.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:300025 <-> SERVER-WEBAPP Palo Alto GlobalProtect SSL VPN buffer overflow attempt
* 1:300026 <-> SERVER-WEBAPP Digium Asterisk cookie stack buffer overflow attempt
* 1:300027 <-> SERVER-WEBAPP Digium Asterisk cookie stack buffer overflow attempt
* 1:300028 <-> SERVER-WEBAPP Digium Asterisk cookie stack buffer overflow attempt
* 1:57621 <-> MALWARE-OTHER Win.Ransomware.REvil variant binary download attempt
* 1:57622 <-> MALWARE-OTHER Win.Ransomware.REvil variant binary download attempt
* 1:57631 <-> PUA-OTHER WeChat User-Agent string - MicroMessenger
* 1:57632 <-> PUA-OTHER Known unwanted User-Agent string - LieBaoFast
* 1:57633 <-> PUA-OTHER Known unwanted User-Agent string - Mb2345Browser
* 1:57634 <-> PUA-OTHER Known unwanted User-Agent string - PetalBot

Modified Rules:



2021-05-29 16:31:55 UTC

Snort Subscriber Rules Update

Date: 2021-05-26-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.0.3.1.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:300025 <-> SERVER-WEBAPP Palo Alto GlobalProtect SSL VPN buffer overflow attempt
* 1:300026 <-> SERVER-WEBAPP Digium Asterisk cookie stack buffer overflow attempt
* 1:300027 <-> SERVER-WEBAPP Digium Asterisk cookie stack buffer overflow attempt
* 1:300028 <-> SERVER-WEBAPP Digium Asterisk cookie stack buffer overflow attempt
* 1:57621 <-> MALWARE-OTHER Win.Ransomware.REvil variant binary download attempt
* 1:57622 <-> MALWARE-OTHER Win.Ransomware.REvil variant binary download attempt
* 1:57631 <-> PUA-OTHER WeChat User-Agent string - MicroMessenger
* 1:57632 <-> PUA-OTHER Known unwanted User-Agent string - LieBaoFast
* 1:57633 <-> PUA-OTHER Known unwanted User-Agent string - Mb2345Browser
* 1:57634 <-> PUA-OTHER Known unwanted User-Agent string - PetalBot

Modified Rules:



2021-05-29 16:31:56 UTC

Snort Subscriber Rules Update

Date: 2021-05-26-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.0.3.4.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:300025 <-> SERVER-WEBAPP Palo Alto GlobalProtect SSL VPN buffer overflow attempt
* 1:300026 <-> SERVER-WEBAPP Digium Asterisk cookie stack buffer overflow attempt
* 1:300027 <-> SERVER-WEBAPP Digium Asterisk cookie stack buffer overflow attempt
* 1:300028 <-> SERVER-WEBAPP Digium Asterisk cookie stack buffer overflow attempt
* 1:57621 <-> MALWARE-OTHER Win.Ransomware.REvil variant binary download attempt
* 1:57622 <-> MALWARE-OTHER Win.Ransomware.REvil variant binary download attempt
* 1:57631 <-> PUA-OTHER WeChat User-Agent string - MicroMessenger
* 1:57632 <-> PUA-OTHER Known unwanted User-Agent string - LieBaoFast
* 1:57633 <-> PUA-OTHER Known unwanted User-Agent string - Mb2345Browser
* 1:57634 <-> PUA-OTHER Known unwanted User-Agent string - PetalBot

Modified Rules:



2021-05-29 16:31:56 UTC

Snort Subscriber Rules Update

Date: 2021-05-26-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.0.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:300025 <-> SERVER-WEBAPP Palo Alto GlobalProtect SSL VPN buffer overflow attempt
* 1:300026 <-> SERVER-WEBAPP Digium Asterisk cookie stack buffer overflow attempt
* 1:300027 <-> SERVER-WEBAPP Digium Asterisk cookie stack buffer overflow attempt
* 1:300028 <-> SERVER-WEBAPP Digium Asterisk cookie stack buffer overflow attempt
* 1:57621 <-> MALWARE-OTHER Win.Ransomware.REvil variant binary download attempt
* 1:57622 <-> MALWARE-OTHER Win.Ransomware.REvil variant binary download attempt
* 1:57631 <-> PUA-OTHER WeChat User-Agent string - MicroMessenger
* 1:57632 <-> PUA-OTHER Known unwanted User-Agent string - LieBaoFast
* 1:57633 <-> PUA-OTHER Known unwanted User-Agent string - Mb2345Browser
* 1:57634 <-> PUA-OTHER Known unwanted User-Agent string - PetalBot

Modified Rules:



2021-05-29 16:31:56 UTC

Snort Subscriber Rules Update

Date: 2021-05-26-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.0.1.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:300025 <-> SERVER-WEBAPP Palo Alto GlobalProtect SSL VPN buffer overflow attempt
* 1:300026 <-> SERVER-WEBAPP Digium Asterisk cookie stack buffer overflow attempt
* 1:300027 <-> SERVER-WEBAPP Digium Asterisk cookie stack buffer overflow attempt
* 1:300028 <-> SERVER-WEBAPP Digium Asterisk cookie stack buffer overflow attempt
* 1:57621 <-> MALWARE-OTHER Win.Ransomware.REvil variant binary download attempt
* 1:57622 <-> MALWARE-OTHER Win.Ransomware.REvil variant binary download attempt
* 1:57631 <-> PUA-OTHER WeChat User-Agent string - MicroMessenger
* 1:57632 <-> PUA-OTHER Known unwanted User-Agent string - LieBaoFast
* 1:57633 <-> PUA-OTHER Known unwanted User-Agent string - Mb2345Browser
* 1:57634 <-> PUA-OTHER Known unwanted User-Agent string - PetalBot

Modified Rules:



2021-05-29 16:31:56 UTC

Snort Subscriber Rules Update

Date: 2021-05-26-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.1.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:300025 <-> SERVER-WEBAPP Palo Alto GlobalProtect SSL VPN buffer overflow attempt
* 1:300026 <-> SERVER-WEBAPP Digium Asterisk cookie stack buffer overflow attempt
* 1:300027 <-> SERVER-WEBAPP Digium Asterisk cookie stack buffer overflow attempt
* 1:300028 <-> SERVER-WEBAPP Digium Asterisk cookie stack buffer overflow attempt
* 1:57621 <-> MALWARE-OTHER Win.Ransomware.REvil variant binary download attempt
* 1:57622 <-> MALWARE-OTHER Win.Ransomware.REvil variant binary download attempt
* 1:57631 <-> PUA-OTHER WeChat User-Agent string - MicroMessenger
* 1:57632 <-> PUA-OTHER Known unwanted User-Agent string - LieBaoFast
* 1:57633 <-> PUA-OTHER Known unwanted User-Agent string - Mb2345Browser
* 1:57634 <-> PUA-OTHER Known unwanted User-Agent string - PetalBot

Modified Rules:



2021-05-29 16:31:56 UTC

Snort Subscriber Rules Update

Date: 2021-05-26-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.3.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:300025 <-> SERVER-WEBAPP Palo Alto GlobalProtect SSL VPN buffer overflow attempt
* 1:300026 <-> SERVER-WEBAPP Digium Asterisk cookie stack buffer overflow attempt
* 1:300027 <-> SERVER-WEBAPP Digium Asterisk cookie stack buffer overflow attempt
* 1:300028 <-> SERVER-WEBAPP Digium Asterisk cookie stack buffer overflow attempt
* 1:57621 <-> MALWARE-OTHER Win.Ransomware.REvil variant binary download attempt
* 1:57622 <-> MALWARE-OTHER Win.Ransomware.REvil variant binary download attempt
* 1:57631 <-> PUA-OTHER WeChat User-Agent string - MicroMessenger
* 1:57632 <-> PUA-OTHER Known unwanted User-Agent string - LieBaoFast
* 1:57633 <-> PUA-OTHER Known unwanted User-Agent string - Mb2345Browser
* 1:57634 <-> PUA-OTHER Known unwanted User-Agent string - PetalBot

Modified Rules:



2021-05-29 16:31:56 UTC

Snort Subscriber Rules Update

Date: 2021-05-26-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.4.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:300025 <-> SERVER-WEBAPP Palo Alto GlobalProtect SSL VPN buffer overflow attempt
* 1:300026 <-> SERVER-WEBAPP Digium Asterisk cookie stack buffer overflow attempt
* 1:300027 <-> SERVER-WEBAPP Digium Asterisk cookie stack buffer overflow attempt
* 1:300028 <-> SERVER-WEBAPP Digium Asterisk cookie stack buffer overflow attempt
* 1:57621 <-> MALWARE-OTHER Win.Ransomware.REvil variant binary download attempt
* 1:57622 <-> MALWARE-OTHER Win.Ransomware.REvil variant binary download attempt
* 1:57631 <-> PUA-OTHER WeChat User-Agent string - MicroMessenger
* 1:57632 <-> PUA-OTHER Known unwanted User-Agent string - LieBaoFast
* 1:57633 <-> PUA-OTHER Known unwanted User-Agent string - Mb2345Browser
* 1:57634 <-> PUA-OTHER Known unwanted User-Agent string - PetalBot

Modified Rules:



2021-05-29 16:31:56 UTC

Snort Subscriber Rules Update

Date: 2021-05-26-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.5.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:300025 <-> SERVER-WEBAPP Palo Alto GlobalProtect SSL VPN buffer overflow attempt
* 1:300026 <-> SERVER-WEBAPP Digium Asterisk cookie stack buffer overflow attempt
* 1:300027 <-> SERVER-WEBAPP Digium Asterisk cookie stack buffer overflow attempt
* 1:300028 <-> SERVER-WEBAPP Digium Asterisk cookie stack buffer overflow attempt
* 1:57621 <-> MALWARE-OTHER Win.Ransomware.REvil variant binary download attempt
* 1:57622 <-> MALWARE-OTHER Win.Ransomware.REvil variant binary download attempt
* 1:57631 <-> PUA-OTHER WeChat User-Agent string - MicroMessenger
* 1:57632 <-> PUA-OTHER Known unwanted User-Agent string - LieBaoFast
* 1:57633 <-> PUA-OTHER Known unwanted User-Agent string - Mb2345Browser
* 1:57634 <-> PUA-OTHER Known unwanted User-Agent string - PetalBot

Modified Rules: