Talos Rules 2021-06-03
This release adds and modifies rules in several categories.

Talos has added and modified multiple rules in the deleted, malware-cnc, malware-other and server-other rule sets to provide coverage for emerging threats from these technologies.

Change logs

2021-06-03 13:23:11 UTC

Snort Subscriber Rules Update

Date: 2021-06-03

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091701.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:57719 <-> DISABLED <-> SERVER-OTHER Microsoft Systems Management Server out of bounds write attempt (server-other.rules)
 * 1:15148 <-> DISABLED <-> DELETED mDYHhn0mqtj919h9y92PmnM3gj01Bxxw (deleted.rules)
 * 1:57687 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Nobelium malicious shortcut download attempt (malware-other.rules)
 * 1:57688 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Nobelium ISO download attempt (malware-other.rules)
 * 1:57689 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Nobelium malicious shortcut download attempt (malware-other.rules)
 * 1:57690 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Nobelium ISO download attempt (malware-other.rules)
 * 1:57691 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Nobelium CobaltStrike beacon download attempt (malware-other.rules)
 * 1:57692 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Nobelium CobaltStrike beacon download attempt (malware-other.rules)
 * 1:57693 <-> ENABLED <-> MALWARE-TOOLS Py.Trojan.NecroBot TODELETE ious download attempt (malware-tools.rules)
 * 1:57694 <-> ENABLED <-> MALWARE-TOOLS Py.Trojan.NecroBot malicious download attempt (malware-tools.rules)
 * 1:57695 <-> ENABLED <-> MALWARE-TOOLS Py.Trojan.NecroBot malicious download attempt (malware-tools.rules)
 * 1:57696 <-> ENABLED <-> MALWARE-TOOLS Py.Trojan.NecroBot malicious download attempt (malware-tools.rules)
 * 1:57697 <-> ENABLED <-> MALWARE-TOOLS Html.Trojan.NecroBot malicious download attempt (malware-tools.rules)
 * 1:57698 <-> ENABLED <-> MALWARE-TOOLS Py.Trojan.NecroBot malicious download attempt (malware-tools.rules)
 * 1:57699 <-> ENABLED <-> MALWARE-TOOLS Html.Trojan.NecroBot malicious download attempt (malware-tools.rules)
 * 1:57700 <-> ENABLED <-> MALWARE-TOOLS Js.Trojan.NecroBot malicious download attempt (malware-tools.rules)
 * 1:57701 <-> ENABLED <-> MALWARE-TOOLS Js.Trojan.NecroBot malicious download attempt (malware-tools.rules)
 * 1:57702 <-> ENABLED <-> MALWARE-TOOLS Win.Trojan.NecroBot malicious download attempt (malware-tools.rules)
 * 1:57703 <-> ENABLED <-> MALWARE-TOOLS Win.Trojan.NecroBot malicious download attempt (malware-tools.rules)
 * 1:57704 <-> ENABLED <-> MALWARE-TOOLS Win.Trojan.NecroBot malicious download attempt (malware-tools.rules)
 * 1:57705 <-> ENABLED <-> MALWARE-TOOLS Win.Trojan.NecroBot malicious download attempt (malware-tools.rules)
 * 1:57706 <-> ENABLED <-> MALWARE-TOOLS Unix.Trojan.NecroBot malicious download attempt (malware-tools.rules)
 * 1:57707 <-> ENABLED <-> MALWARE-TOOLS Unix.Trojan.NecroBot malicious download attempt (malware-tools.rules)
 * 1:57708 <-> ENABLED <-> MALWARE-TOOLS Unix.Trojan.NecroBot malicious download attempt (malware-tools.rules)
 * 1:57709 <-> ENABLED <-> MALWARE-TOOLS Win.Trojan.NecroBot malicious download attempt (malware-tools.rules)
 * 1:57710 <-> ENABLED <-> MALWARE-TOOLS Win.Trojan.NecroBot malicious download attempt (malware-tools.rules)
 * 1:57711 <-> ENABLED <-> MALWARE-TOOLS Win.Trojan.NecroBot malicious download attempt (malware-tools.rules)
 * 1:57712 <-> ENABLED <-> MALWARE-TOOLS Win.Trojan.NecroBot malicious download attempt (malware-tools.rules)
 * 1:57713 <-> ENABLED <-> MALWARE-TOOLS Win.Trojan.NecroBot malicious download attempt (malware-tools.rules)
 * 1:57714 <-> ENABLED <-> MALWARE-CNC Multios.Trojan.NecroBot outbound connection attempt (malware-cnc.rules)
 * 1:57715 <-> ENABLED <-> MALWARE-CNC Multios.Trojan.NecroBot outbound connection attempt (malware-cnc.rules)
 * 1:57716 <-> ENABLED <-> MALWARE-CNC Multios.Trojan.NecroBot outbound connection attempt (malware-cnc.rules)
 * 1:57717 <-> ENABLED <-> MALWARE-CNC Multios.Trojan.NecroBot outbound connection attempt (malware-cnc.rules)
 * 1:57718 <-> DISABLED <-> SERVER-OTHER Microsoft Systems Management Server out of bounds write attempt (server-other.rules)

Modified Rules:



2021-06-03 13:23:11 UTC

Snort Subscriber Rules Update

Date: 2021-06-03

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091700.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:57715 <-> ENABLED <-> MALWARE-CNC Multios.Trojan.NecroBot outbound connection attempt (malware-cnc.rules)
 * 1:57716 <-> ENABLED <-> MALWARE-CNC Multios.Trojan.NecroBot outbound connection attempt (malware-cnc.rules)
 * 1:57714 <-> ENABLED <-> MALWARE-CNC Multios.Trojan.NecroBot outbound connection attempt (malware-cnc.rules)
 * 1:57717 <-> ENABLED <-> MALWARE-CNC Multios.Trojan.NecroBot outbound connection attempt (malware-cnc.rules)
 * 1:57718 <-> DISABLED <-> SERVER-OTHER Microsoft Systems Management Server out of bounds write attempt (server-other.rules)
 * 1:57719 <-> DISABLED <-> SERVER-OTHER Microsoft Systems Management Server out of bounds write attempt (server-other.rules)
 * 1:15148 <-> DISABLED <-> DELETED mDYHhn0mqtj919h9y92PmnM3gj01Bxxw (deleted.rules)
 * 1:57688 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Nobelium ISO download attempt (malware-other.rules)
 * 1:57687 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Nobelium malicious shortcut download attempt (malware-other.rules)
 * 1:57690 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Nobelium ISO download attempt (malware-other.rules)
 * 1:57689 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Nobelium malicious shortcut download attempt (malware-other.rules)
 * 1:57692 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Nobelium CobaltStrike beacon download attempt (malware-other.rules)
 * 1:57691 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Nobelium CobaltStrike beacon download attempt (malware-other.rules)
 * 1:57694 <-> ENABLED <-> MALWARE-TOOLS Py.Trojan.NecroBot malicious download attempt (malware-tools.rules)
 * 1:57693 <-> ENABLED <-> MALWARE-TOOLS Py.Trojan.NecroBot TODELETE ious download attempt (malware-tools.rules)
 * 1:57696 <-> ENABLED <-> MALWARE-TOOLS Py.Trojan.NecroBot malicious download attempt (malware-tools.rules)
 * 1:57695 <-> ENABLED <-> MALWARE-TOOLS Py.Trojan.NecroBot malicious download attempt (malware-tools.rules)
 * 1:57698 <-> ENABLED <-> MALWARE-TOOLS Py.Trojan.NecroBot malicious download attempt (malware-tools.rules)
 * 1:57697 <-> ENABLED <-> MALWARE-TOOLS Html.Trojan.NecroBot malicious download attempt (malware-tools.rules)
 * 1:57700 <-> ENABLED <-> MALWARE-TOOLS Js.Trojan.NecroBot malicious download attempt (malware-tools.rules)
 * 1:57699 <-> ENABLED <-> MALWARE-TOOLS Html.Trojan.NecroBot malicious download attempt (malware-tools.rules)
 * 1:57701 <-> ENABLED <-> MALWARE-TOOLS Js.Trojan.NecroBot malicious download attempt (malware-tools.rules)
 * 1:57703 <-> ENABLED <-> MALWARE-TOOLS Win.Trojan.NecroBot malicious download attempt (malware-tools.rules)
 * 1:57702 <-> ENABLED <-> MALWARE-TOOLS Win.Trojan.NecroBot malicious download attempt (malware-tools.rules)
 * 1:57705 <-> ENABLED <-> MALWARE-TOOLS Win.Trojan.NecroBot malicious download attempt (malware-tools.rules)
 * 1:57704 <-> ENABLED <-> MALWARE-TOOLS Win.Trojan.NecroBot malicious download attempt (malware-tools.rules)
 * 1:57707 <-> ENABLED <-> MALWARE-TOOLS Unix.Trojan.NecroBot malicious download attempt (malware-tools.rules)
 * 1:57706 <-> ENABLED <-> MALWARE-TOOLS Unix.Trojan.NecroBot malicious download attempt (malware-tools.rules)
 * 1:57709 <-> ENABLED <-> MALWARE-TOOLS Win.Trojan.NecroBot malicious download attempt (malware-tools.rules)
 * 1:57708 <-> ENABLED <-> MALWARE-TOOLS Unix.Trojan.NecroBot malicious download attempt (malware-tools.rules)
 * 1:57710 <-> ENABLED <-> MALWARE-TOOLS Win.Trojan.NecroBot malicious download attempt (malware-tools.rules)
 * 1:57713 <-> ENABLED <-> MALWARE-TOOLS Win.Trojan.NecroBot malicious download attempt (malware-tools.rules)
 * 1:57711 <-> ENABLED <-> MALWARE-TOOLS Win.Trojan.NecroBot malicious download attempt (malware-tools.rules)
 * 1:57712 <-> ENABLED <-> MALWARE-TOOLS Win.Trojan.NecroBot malicious download attempt (malware-tools.rules)

Modified Rules:



2021-06-03 13:23:11 UTC

Snort Subscriber Rules Update

Date: 2021-06-03

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091601.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:57715 <-> ENABLED <-> MALWARE-CNC Multios.Trojan.NecroBot outbound connection attempt (malware-cnc.rules)
 * 1:57714 <-> ENABLED <-> MALWARE-CNC Multios.Trojan.NecroBot outbound connection attempt (malware-cnc.rules)
 * 1:57712 <-> ENABLED <-> MALWARE-TOOLS Win.Trojan.NecroBot malicious download attempt (malware-tools.rules)
 * 1:15148 <-> DISABLED <-> DELETED mDYHhn0mqtj919h9y92PmnM3gj01Bxxw (deleted.rules)
 * 1:57717 <-> ENABLED <-> MALWARE-CNC Multios.Trojan.NecroBot outbound connection attempt (malware-cnc.rules)
 * 1:57713 <-> ENABLED <-> MALWARE-TOOLS Win.Trojan.NecroBot malicious download attempt (malware-tools.rules)
 * 1:57711 <-> ENABLED <-> MALWARE-TOOLS Win.Trojan.NecroBot malicious download attempt (malware-tools.rules)
 * 1:57716 <-> ENABLED <-> MALWARE-CNC Multios.Trojan.NecroBot outbound connection attempt (malware-cnc.rules)
 * 1:57718 <-> DISABLED <-> SERVER-OTHER Microsoft Systems Management Server out of bounds write attempt (server-other.rules)
 * 1:57719 <-> DISABLED <-> SERVER-OTHER Microsoft Systems Management Server out of bounds write attempt (server-other.rules)
 * 1:57687 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Nobelium malicious shortcut download attempt (malware-other.rules)
 * 1:57689 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Nobelium malicious shortcut download attempt (malware-other.rules)
 * 1:57688 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Nobelium ISO download attempt (malware-other.rules)
 * 1:57691 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Nobelium CobaltStrike beacon download attempt (malware-other.rules)
 * 1:57690 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Nobelium ISO download attempt (malware-other.rules)
 * 1:57693 <-> ENABLED <-> MALWARE-TOOLS Py.Trojan.NecroBot TODELETE ious download attempt (malware-tools.rules)
 * 1:57692 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Nobelium CobaltStrike beacon download attempt (malware-other.rules)
 * 1:57695 <-> ENABLED <-> MALWARE-TOOLS Py.Trojan.NecroBot malicious download attempt (malware-tools.rules)
 * 1:57694 <-> ENABLED <-> MALWARE-TOOLS Py.Trojan.NecroBot malicious download attempt (malware-tools.rules)
 * 1:57697 <-> ENABLED <-> MALWARE-TOOLS Html.Trojan.NecroBot malicious download attempt (malware-tools.rules)
 * 1:57696 <-> ENABLED <-> MALWARE-TOOLS Py.Trojan.NecroBot malicious download attempt (malware-tools.rules)
 * 1:57699 <-> ENABLED <-> MALWARE-TOOLS Html.Trojan.NecroBot malicious download attempt (malware-tools.rules)
 * 1:57698 <-> ENABLED <-> MALWARE-TOOLS Py.Trojan.NecroBot malicious download attempt (malware-tools.rules)
 * 1:57701 <-> ENABLED <-> MALWARE-TOOLS Js.Trojan.NecroBot malicious download attempt (malware-tools.rules)
 * 1:57700 <-> ENABLED <-> MALWARE-TOOLS Js.Trojan.NecroBot malicious download attempt (malware-tools.rules)
 * 1:57702 <-> ENABLED <-> MALWARE-TOOLS Win.Trojan.NecroBot malicious download attempt (malware-tools.rules)
 * 1:57704 <-> ENABLED <-> MALWARE-TOOLS Win.Trojan.NecroBot malicious download attempt (malware-tools.rules)
 * 1:57703 <-> ENABLED <-> MALWARE-TOOLS Win.Trojan.NecroBot malicious download attempt (malware-tools.rules)
 * 1:57706 <-> ENABLED <-> MALWARE-TOOLS Unix.Trojan.NecroBot malicious download attempt (malware-tools.rules)
 * 1:57705 <-> ENABLED <-> MALWARE-TOOLS Win.Trojan.NecroBot malicious download attempt (malware-tools.rules)
 * 1:57708 <-> ENABLED <-> MALWARE-TOOLS Unix.Trojan.NecroBot malicious download attempt (malware-tools.rules)
 * 1:57707 <-> ENABLED <-> MALWARE-TOOLS Unix.Trojan.NecroBot malicious download attempt (malware-tools.rules)
 * 1:57710 <-> ENABLED <-> MALWARE-TOOLS Win.Trojan.NecroBot malicious download attempt (malware-tools.rules)
 * 1:57709 <-> ENABLED <-> MALWARE-TOOLS Win.Trojan.NecroBot malicious download attempt (malware-tools.rules)

Modified Rules:



2021-06-03 13:23:11 UTC

Snort Subscriber Rules Update

Date: 2021-06-03

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091600.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:15148 <-> DISABLED <-> DELETED mDYHhn0mqtj919h9y92PmnM3gj01Bxxw (deleted.rules)
 * 1:57688 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Nobelium ISO download attempt (malware-other.rules)
 * 1:57687 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Nobelium malicious shortcut download attempt (malware-other.rules)
 * 1:57690 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Nobelium ISO download attempt (malware-other.rules)
 * 1:57689 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Nobelium malicious shortcut download attempt (malware-other.rules)
 * 1:57692 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Nobelium CobaltStrike beacon download attempt (malware-other.rules)
 * 1:57691 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Nobelium CobaltStrike beacon download attempt (malware-other.rules)
 * 1:57694 <-> ENABLED <-> MALWARE-TOOLS Py.Trojan.NecroBot malicious download attempt (malware-tools.rules)
 * 1:57693 <-> ENABLED <-> MALWARE-TOOLS Py.Trojan.NecroBot TODELETE ious download attempt (malware-tools.rules)
 * 1:57696 <-> ENABLED <-> MALWARE-TOOLS Py.Trojan.NecroBot malicious download attempt (malware-tools.rules)
 * 1:57695 <-> ENABLED <-> MALWARE-TOOLS Py.Trojan.NecroBot malicious download attempt (malware-tools.rules)
 * 1:57698 <-> ENABLED <-> MALWARE-TOOLS Py.Trojan.NecroBot malicious download attempt (malware-tools.rules)
 * 1:57697 <-> ENABLED <-> MALWARE-TOOLS Html.Trojan.NecroBot malicious download attempt (malware-tools.rules)
 * 1:57700 <-> ENABLED <-> MALWARE-TOOLS Js.Trojan.NecroBot malicious download attempt (malware-tools.rules)
 * 1:57699 <-> ENABLED <-> MALWARE-TOOLS Html.Trojan.NecroBot malicious download attempt (malware-tools.rules)
 * 1:57701 <-> ENABLED <-> MALWARE-TOOLS Js.Trojan.NecroBot malicious download attempt (malware-tools.rules)
 * 1:57703 <-> ENABLED <-> MALWARE-TOOLS Win.Trojan.NecroBot malicious download attempt (malware-tools.rules)
 * 1:57702 <-> ENABLED <-> MALWARE-TOOLS Win.Trojan.NecroBot malicious download attempt (malware-tools.rules)
 * 1:57705 <-> ENABLED <-> MALWARE-TOOLS Win.Trojan.NecroBot malicious download attempt (malware-tools.rules)
 * 1:57704 <-> ENABLED <-> MALWARE-TOOLS Win.Trojan.NecroBot malicious download attempt (malware-tools.rules)
 * 1:57707 <-> ENABLED <-> MALWARE-TOOLS Unix.Trojan.NecroBot malicious download attempt (malware-tools.rules)
 * 1:57706 <-> ENABLED <-> MALWARE-TOOLS Unix.Trojan.NecroBot malicious download attempt (malware-tools.rules)
 * 1:57708 <-> ENABLED <-> MALWARE-TOOLS Unix.Trojan.NecroBot malicious download attempt (malware-tools.rules)
 * 1:57719 <-> DISABLED <-> SERVER-OTHER Microsoft Systems Management Server out of bounds write attempt (server-other.rules)
 * 1:57709 <-> ENABLED <-> MALWARE-TOOLS Win.Trojan.NecroBot malicious download attempt (malware-tools.rules)
 * 1:57710 <-> ENABLED <-> MALWARE-TOOLS Win.Trojan.NecroBot malicious download attempt (malware-tools.rules)
 * 1:57715 <-> ENABLED <-> MALWARE-CNC Multios.Trojan.NecroBot outbound connection attempt (malware-cnc.rules)
 * 1:57711 <-> ENABLED <-> MALWARE-TOOLS Win.Trojan.NecroBot malicious download attempt (malware-tools.rules)
 * 1:57712 <-> ENABLED <-> MALWARE-TOOLS Win.Trojan.NecroBot malicious download attempt (malware-tools.rules)
 * 1:57713 <-> ENABLED <-> MALWARE-TOOLS Win.Trojan.NecroBot malicious download attempt (malware-tools.rules)
 * 1:57716 <-> ENABLED <-> MALWARE-CNC Multios.Trojan.NecroBot outbound connection attempt (malware-cnc.rules)
 * 1:57714 <-> ENABLED <-> MALWARE-CNC Multios.Trojan.NecroBot outbound connection attempt (malware-cnc.rules)
 * 1:57717 <-> ENABLED <-> MALWARE-CNC Multios.Trojan.NecroBot outbound connection attempt (malware-cnc.rules)
 * 1:57718 <-> DISABLED <-> SERVER-OTHER Microsoft Systems Management Server out of bounds write attempt (server-other.rules)

Modified Rules:



2021-06-03 13:23:11 UTC

Snort Subscriber Rules Update

Date: 2021-06-03

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091501.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:57702 <-> ENABLED <-> MALWARE-TOOLS Win.Trojan.NecroBot malicious download attempt (malware-tools.rules)
 * 1:57701 <-> ENABLED <-> MALWARE-TOOLS Js.Trojan.NecroBot malicious download attempt (malware-tools.rules)
 * 1:57715 <-> ENABLED <-> MALWARE-CNC Multios.Trojan.NecroBot outbound connection attempt (malware-cnc.rules)
 * 1:57717 <-> ENABLED <-> MALWARE-CNC Multios.Trojan.NecroBot outbound connection attempt (malware-cnc.rules)
 * 1:57716 <-> ENABLED <-> MALWARE-CNC Multios.Trojan.NecroBot outbound connection attempt (malware-cnc.rules)
 * 1:57718 <-> DISABLED <-> SERVER-OTHER Microsoft Systems Management Server out of bounds write attempt (server-other.rules)
 * 1:57719 <-> DISABLED <-> SERVER-OTHER Microsoft Systems Management Server out of bounds write attempt (server-other.rules)
 * 1:57703 <-> ENABLED <-> MALWARE-TOOLS Win.Trojan.NecroBot malicious download attempt (malware-tools.rules)
 * 1:57700 <-> ENABLED <-> MALWARE-TOOLS Js.Trojan.NecroBot malicious download attempt (malware-tools.rules)
 * 1:57713 <-> ENABLED <-> MALWARE-TOOLS Win.Trojan.NecroBot malicious download attempt (malware-tools.rules)
 * 1:57711 <-> ENABLED <-> MALWARE-TOOLS Win.Trojan.NecroBot malicious download attempt (malware-tools.rules)
 * 1:57712 <-> ENABLED <-> MALWARE-TOOLS Win.Trojan.NecroBot malicious download attempt (malware-tools.rules)
 * 1:57714 <-> ENABLED <-> MALWARE-CNC Multios.Trojan.NecroBot outbound connection attempt (malware-cnc.rules)
 * 1:57704 <-> ENABLED <-> MALWARE-TOOLS Win.Trojan.NecroBot malicious download attempt (malware-tools.rules)
 * 1:57705 <-> ENABLED <-> MALWARE-TOOLS Win.Trojan.NecroBot malicious download attempt (malware-tools.rules)
 * 1:57706 <-> ENABLED <-> MALWARE-TOOLS Unix.Trojan.NecroBot malicious download attempt (malware-tools.rules)
 * 1:57707 <-> ENABLED <-> MALWARE-TOOLS Unix.Trojan.NecroBot malicious download attempt (malware-tools.rules)
 * 1:57709 <-> ENABLED <-> MALWARE-TOOLS Win.Trojan.NecroBot malicious download attempt (malware-tools.rules)
 * 1:57708 <-> ENABLED <-> MALWARE-TOOLS Unix.Trojan.NecroBot malicious download attempt (malware-tools.rules)
 * 1:57710 <-> ENABLED <-> MALWARE-TOOLS Win.Trojan.NecroBot malicious download attempt (malware-tools.rules)
 * 1:15148 <-> DISABLED <-> DELETED mDYHhn0mqtj919h9y92PmnM3gj01Bxxw (deleted.rules)
 * 1:57688 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Nobelium ISO download attempt (malware-other.rules)
 * 1:57687 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Nobelium malicious shortcut download attempt (malware-other.rules)
 * 1:57690 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Nobelium ISO download attempt (malware-other.rules)
 * 1:57689 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Nobelium malicious shortcut download attempt (malware-other.rules)
 * 1:57692 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Nobelium CobaltStrike beacon download attempt (malware-other.rules)
 * 1:57691 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Nobelium CobaltStrike beacon download attempt (malware-other.rules)
 * 1:57693 <-> ENABLED <-> MALWARE-TOOLS Py.Trojan.NecroBot TODELETE ious download attempt (malware-tools.rules)
 * 1:57695 <-> ENABLED <-> MALWARE-TOOLS Py.Trojan.NecroBot malicious download attempt (malware-tools.rules)
 * 1:57694 <-> ENABLED <-> MALWARE-TOOLS Py.Trojan.NecroBot malicious download attempt (malware-tools.rules)
 * 1:57697 <-> ENABLED <-> MALWARE-TOOLS Html.Trojan.NecroBot malicious download attempt (malware-tools.rules)
 * 1:57696 <-> ENABLED <-> MALWARE-TOOLS Py.Trojan.NecroBot malicious download attempt (malware-tools.rules)
 * 1:57699 <-> ENABLED <-> MALWARE-TOOLS Html.Trojan.NecroBot malicious download attempt (malware-tools.rules)
 * 1:57698 <-> ENABLED <-> MALWARE-TOOLS Py.Trojan.NecroBot malicious download attempt (malware-tools.rules)

Modified Rules:



2021-06-03 13:23:11 UTC

Snort Subscriber Rules Update

Date: 2021-06-03

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091500.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:57714 <-> ENABLED <-> MALWARE-CNC Multios.Trojan.NecroBot outbound connection attempt (malware-cnc.rules)
 * 1:57689 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Nobelium malicious shortcut download attempt (malware-other.rules)
 * 1:57687 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Nobelium malicious shortcut download attempt (malware-other.rules)
 * 1:15148 <-> DISABLED <-> DELETED mDYHhn0mqtj919h9y92PmnM3gj01Bxxw (deleted.rules)
 * 1:57688 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Nobelium ISO download attempt (malware-other.rules)
 * 1:57693 <-> ENABLED <-> MALWARE-TOOLS Py.Trojan.NecroBot TODELETE ious download attempt (malware-tools.rules)
 * 1:57691 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Nobelium CobaltStrike beacon download attempt (malware-other.rules)
 * 1:57690 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Nobelium ISO download attempt (malware-other.rules)
 * 1:57692 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Nobelium CobaltStrike beacon download attempt (malware-other.rules)
 * 1:57694 <-> ENABLED <-> MALWARE-TOOLS Py.Trojan.NecroBot malicious download attempt (malware-tools.rules)
 * 1:57697 <-> ENABLED <-> MALWARE-TOOLS Html.Trojan.NecroBot malicious download attempt (malware-tools.rules)
 * 1:57696 <-> ENABLED <-> MALWARE-TOOLS Py.Trojan.NecroBot malicious download attempt (malware-tools.rules)
 * 1:57695 <-> ENABLED <-> MALWARE-TOOLS Py.Trojan.NecroBot malicious download attempt (malware-tools.rules)
 * 1:57698 <-> ENABLED <-> MALWARE-TOOLS Py.Trojan.NecroBot malicious download attempt (malware-tools.rules)
 * 1:57701 <-> ENABLED <-> MALWARE-TOOLS Js.Trojan.NecroBot malicious download attempt (malware-tools.rules)
 * 1:57700 <-> ENABLED <-> MALWARE-TOOLS Js.Trojan.NecroBot malicious download attempt (malware-tools.rules)
 * 1:57699 <-> ENABLED <-> MALWARE-TOOLS Html.Trojan.NecroBot malicious download attempt (malware-tools.rules)
 * 1:57702 <-> ENABLED <-> MALWARE-TOOLS Win.Trojan.NecroBot malicious download attempt (malware-tools.rules)
 * 1:57705 <-> ENABLED <-> MALWARE-TOOLS Win.Trojan.NecroBot malicious download attempt (malware-tools.rules)
 * 1:57704 <-> ENABLED <-> MALWARE-TOOLS Win.Trojan.NecroBot malicious download attempt (malware-tools.rules)
 * 1:57703 <-> ENABLED <-> MALWARE-TOOLS Win.Trojan.NecroBot malicious download attempt (malware-tools.rules)
 * 1:57708 <-> ENABLED <-> MALWARE-TOOLS Unix.Trojan.NecroBot malicious download attempt (malware-tools.rules)
 * 1:57707 <-> ENABLED <-> MALWARE-TOOLS Unix.Trojan.NecroBot malicious download attempt (malware-tools.rules)
 * 1:57706 <-> ENABLED <-> MALWARE-TOOLS Unix.Trojan.NecroBot malicious download attempt (malware-tools.rules)
 * 1:57709 <-> ENABLED <-> MALWARE-TOOLS Win.Trojan.NecroBot malicious download attempt (malware-tools.rules)
 * 1:57715 <-> ENABLED <-> MALWARE-CNC Multios.Trojan.NecroBot outbound connection attempt (malware-cnc.rules)
 * 1:57717 <-> ENABLED <-> MALWARE-CNC Multios.Trojan.NecroBot outbound connection attempt (malware-cnc.rules)
 * 1:57713 <-> ENABLED <-> MALWARE-TOOLS Win.Trojan.NecroBot malicious download attempt (malware-tools.rules)
 * 1:57711 <-> ENABLED <-> MALWARE-TOOLS Win.Trojan.NecroBot malicious download attempt (malware-tools.rules)
 * 1:57712 <-> ENABLED <-> MALWARE-TOOLS Win.Trojan.NecroBot malicious download attempt (malware-tools.rules)
 * 1:57710 <-> ENABLED <-> MALWARE-TOOLS Win.Trojan.NecroBot malicious download attempt (malware-tools.rules)
 * 1:57716 <-> ENABLED <-> MALWARE-CNC Multios.Trojan.NecroBot outbound connection attempt (malware-cnc.rules)
 * 1:57718 <-> DISABLED <-> SERVER-OTHER Microsoft Systems Management Server out of bounds write attempt (server-other.rules)
 * 1:57719 <-> DISABLED <-> SERVER-OTHER Microsoft Systems Management Server out of bounds write attempt (server-other.rules)

Modified Rules:



2021-06-03 13:23:11 UTC

Snort Subscriber Rules Update

Date: 2021-06-03

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091401.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:57713 <-> ENABLED <-> MALWARE-TOOLS Win.Trojan.NecroBot malicious download attempt (malware-tools.rules)
 * 1:57718 <-> DISABLED <-> SERVER-OTHER Microsoft Systems Management Server out of bounds write attempt (server-other.rules)
 * 1:57717 <-> ENABLED <-> MALWARE-CNC Multios.Trojan.NecroBot outbound connection attempt (malware-cnc.rules)
 * 1:57711 <-> ENABLED <-> MALWARE-TOOLS Win.Trojan.NecroBot malicious download attempt (malware-tools.rules)
 * 1:57710 <-> ENABLED <-> MALWARE-TOOLS Win.Trojan.NecroBot malicious download attempt (malware-tools.rules)
 * 1:57712 <-> ENABLED <-> MALWARE-TOOLS Win.Trojan.NecroBot malicious download attempt (malware-tools.rules)
 * 1:57714 <-> ENABLED <-> MALWARE-CNC Multios.Trojan.NecroBot outbound connection attempt (malware-cnc.rules)
 * 1:57715 <-> ENABLED <-> MALWARE-CNC Multios.Trojan.NecroBot outbound connection attempt (malware-cnc.rules)
 * 1:57709 <-> ENABLED <-> MALWARE-TOOLS Win.Trojan.NecroBot malicious download attempt (malware-tools.rules)
 * 1:57688 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Nobelium ISO download attempt (malware-other.rules)
 * 1:15148 <-> DISABLED <-> DELETED mDYHhn0mqtj919h9y92PmnM3gj01Bxxw (deleted.rules)
 * 1:57692 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Nobelium CobaltStrike beacon download attempt (malware-other.rules)
 * 1:57689 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Nobelium malicious shortcut download attempt (malware-other.rules)
 * 1:57690 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Nobelium ISO download attempt (malware-other.rules)
 * 1:57687 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Nobelium malicious shortcut download attempt (malware-other.rules)
 * 1:57696 <-> ENABLED <-> MALWARE-TOOLS Py.Trojan.NecroBot malicious download attempt (malware-tools.rules)
 * 1:57716 <-> ENABLED <-> MALWARE-CNC Multios.Trojan.NecroBot outbound connection attempt (malware-cnc.rules)
 * 1:57693 <-> ENABLED <-> MALWARE-TOOLS Py.Trojan.NecroBot TODELETE ious download attempt (malware-tools.rules)
 * 1:57694 <-> ENABLED <-> MALWARE-TOOLS Py.Trojan.NecroBot malicious download attempt (malware-tools.rules)
 * 1:57691 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Nobelium CobaltStrike beacon download attempt (malware-other.rules)
 * 1:57700 <-> ENABLED <-> MALWARE-TOOLS Js.Trojan.NecroBot malicious download attempt (malware-tools.rules)
 * 1:57697 <-> ENABLED <-> MALWARE-TOOLS Html.Trojan.NecroBot malicious download attempt (malware-tools.rules)
 * 1:57719 <-> DISABLED <-> SERVER-OTHER Microsoft Systems Management Server out of bounds write attempt (server-other.rules)
 * 1:57698 <-> ENABLED <-> MALWARE-TOOLS Py.Trojan.NecroBot malicious download attempt (malware-tools.rules)
 * 1:57695 <-> ENABLED <-> MALWARE-TOOLS Py.Trojan.NecroBot malicious download attempt (malware-tools.rules)
 * 1:57704 <-> ENABLED <-> MALWARE-TOOLS Win.Trojan.NecroBot malicious download attempt (malware-tools.rules)
 * 1:57701 <-> ENABLED <-> MALWARE-TOOLS Js.Trojan.NecroBot malicious download attempt (malware-tools.rules)
 * 1:57702 <-> ENABLED <-> MALWARE-TOOLS Win.Trojan.NecroBot malicious download attempt (malware-tools.rules)
 * 1:57699 <-> ENABLED <-> MALWARE-TOOLS Html.Trojan.NecroBot malicious download attempt (malware-tools.rules)
 * 1:57708 <-> ENABLED <-> MALWARE-TOOLS Unix.Trojan.NecroBot malicious download attempt (malware-tools.rules)
 * 1:57705 <-> ENABLED <-> MALWARE-TOOLS Win.Trojan.NecroBot malicious download attempt (malware-tools.rules)
 * 1:57706 <-> ENABLED <-> MALWARE-TOOLS Unix.Trojan.NecroBot malicious download attempt (malware-tools.rules)
 * 1:57703 <-> ENABLED <-> MALWARE-TOOLS Win.Trojan.NecroBot malicious download attempt (malware-tools.rules)
 * 1:57707 <-> ENABLED <-> MALWARE-TOOLS Unix.Trojan.NecroBot malicious download attempt (malware-tools.rules)

Modified Rules:



2021-06-03 13:23:11 UTC

Snort Subscriber Rules Update

Date: 2021-06-03

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091300.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:57709 <-> ENABLED <-> MALWARE-TOOLS Win.Trojan.NecroBot malicious download attempt (malware-tools.rules)
 * 1:57705 <-> ENABLED <-> MALWARE-TOOLS Win.Trojan.NecroBot malicious download attempt (malware-tools.rules)
 * 1:57710 <-> ENABLED <-> MALWARE-TOOLS Win.Trojan.NecroBot malicious download attempt (malware-tools.rules)
 * 1:57716 <-> ENABLED <-> MALWARE-CNC Multios.Trojan.NecroBot outbound connection attempt (malware-cnc.rules)
 * 1:57714 <-> ENABLED <-> MALWARE-CNC Multios.Trojan.NecroBot outbound connection attempt (malware-cnc.rules)
 * 1:57715 <-> ENABLED <-> MALWARE-CNC Multios.Trojan.NecroBot outbound connection attempt (malware-cnc.rules)
 * 1:57706 <-> ENABLED <-> MALWARE-TOOLS Unix.Trojan.NecroBot malicious download attempt (malware-tools.rules)
 * 1:57698 <-> ENABLED <-> MALWARE-TOOLS Py.Trojan.NecroBot malicious download attempt (malware-tools.rules)
 * 1:57713 <-> ENABLED <-> MALWARE-TOOLS Win.Trojan.NecroBot malicious download attempt (malware-tools.rules)
 * 1:57718 <-> DISABLED <-> SERVER-OTHER Microsoft Systems Management Server out of bounds write attempt (server-other.rules)
 * 1:57695 <-> ENABLED <-> MALWARE-TOOLS Py.Trojan.NecroBot malicious download attempt (malware-tools.rules)
 * 1:57717 <-> ENABLED <-> MALWARE-CNC Multios.Trojan.NecroBot outbound connection attempt (malware-cnc.rules)
 * 1:57689 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Nobelium malicious shortcut download attempt (malware-other.rules)
 * 1:57687 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Nobelium malicious shortcut download attempt (malware-other.rules)
 * 1:57688 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Nobelium ISO download attempt (malware-other.rules)
 * 1:57694 <-> ENABLED <-> MALWARE-TOOLS Py.Trojan.NecroBot malicious download attempt (malware-tools.rules)
 * 1:57700 <-> ENABLED <-> MALWARE-TOOLS Js.Trojan.NecroBot malicious download attempt (malware-tools.rules)
 * 1:57691 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Nobelium CobaltStrike beacon download attempt (malware-other.rules)
 * 1:57693 <-> ENABLED <-> MALWARE-TOOLS Py.Trojan.NecroBot TODELETE ious download attempt (malware-tools.rules)
 * 1:57704 <-> ENABLED <-> MALWARE-TOOLS Win.Trojan.NecroBot malicious download attempt (malware-tools.rules)
 * 1:57697 <-> ENABLED <-> MALWARE-TOOLS Html.Trojan.NecroBot malicious download attempt (malware-tools.rules)
 * 1:57699 <-> ENABLED <-> MALWARE-TOOLS Html.Trojan.NecroBot malicious download attempt (malware-tools.rules)
 * 1:57702 <-> ENABLED <-> MALWARE-TOOLS Win.Trojan.NecroBot malicious download attempt (malware-tools.rules)
 * 1:57703 <-> ENABLED <-> MALWARE-TOOLS Win.Trojan.NecroBot malicious download attempt (malware-tools.rules)
 * 1:57696 <-> ENABLED <-> MALWARE-TOOLS Py.Trojan.NecroBot malicious download attempt (malware-tools.rules)
 * 1:57701 <-> ENABLED <-> MALWARE-TOOLS Js.Trojan.NecroBot malicious download attempt (malware-tools.rules)
 * 1:57719 <-> DISABLED <-> SERVER-OTHER Microsoft Systems Management Server out of bounds write attempt (server-other.rules)
 * 1:57708 <-> ENABLED <-> MALWARE-TOOLS Unix.Trojan.NecroBot malicious download attempt (malware-tools.rules)
 * 1:57711 <-> ENABLED <-> MALWARE-TOOLS Win.Trojan.NecroBot malicious download attempt (malware-tools.rules)
 * 1:57707 <-> ENABLED <-> MALWARE-TOOLS Unix.Trojan.NecroBot malicious download attempt (malware-tools.rules)
 * 1:15148 <-> DISABLED <-> DELETED mDYHhn0mqtj919h9y92PmnM3gj01Bxxw (deleted.rules)
 * 1:57690 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Nobelium ISO download attempt (malware-other.rules)
 * 1:57692 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Nobelium CobaltStrike beacon download attempt (malware-other.rules)
 * 1:57712 <-> ENABLED <-> MALWARE-TOOLS Win.Trojan.NecroBot malicious download attempt (malware-tools.rules)

Modified Rules:



2021-06-03 13:23:11 UTC

Snort Subscriber Rules Update

Date: 2021-06-03

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091101.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:57716 <-> ENABLED <-> MALWARE-CNC Multios.Trojan.NecroBot outbound connection attempt (malware-cnc.rules)
 * 1:57715 <-> ENABLED <-> MALWARE-CNC Multios.Trojan.NecroBot outbound connection attempt (malware-cnc.rules)
 * 1:57713 <-> ENABLED <-> MALWARE-TOOLS Win.Trojan.NecroBot malicious download attempt (malware-tools.rules)
 * 1:57706 <-> ENABLED <-> MALWARE-TOOLS Unix.Trojan.NecroBot malicious download attempt (malware-tools.rules)
 * 1:57689 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Nobelium malicious shortcut download attempt (malware-other.rules)
 * 1:57704 <-> ENABLED <-> MALWARE-TOOLS Win.Trojan.NecroBot malicious download attempt (malware-tools.rules)
 * 1:57714 <-> ENABLED <-> MALWARE-CNC Multios.Trojan.NecroBot outbound connection attempt (malware-cnc.rules)
 * 1:57687 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Nobelium malicious shortcut download attempt (malware-other.rules)
 * 1:57719 <-> DISABLED <-> SERVER-OTHER Microsoft Systems Management Server out of bounds write attempt (server-other.rules)
 * 1:57718 <-> DISABLED <-> SERVER-OTHER Microsoft Systems Management Server out of bounds write attempt (server-other.rules)
 * 1:15148 <-> DISABLED <-> DELETED mDYHhn0mqtj919h9y92PmnM3gj01Bxxw (deleted.rules)
 * 1:57708 <-> ENABLED <-> MALWARE-TOOLS Unix.Trojan.NecroBot malicious download attempt (malware-tools.rules)
 * 1:57691 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Nobelium CobaltStrike beacon download attempt (malware-other.rules)
 * 1:57692 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Nobelium CobaltStrike beacon download attempt (malware-other.rules)
 * 1:57717 <-> ENABLED <-> MALWARE-CNC Multios.Trojan.NecroBot outbound connection attempt (malware-cnc.rules)
 * 1:57690 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Nobelium ISO download attempt (malware-other.rules)
 * 1:57709 <-> ENABLED <-> MALWARE-TOOLS Win.Trojan.NecroBot malicious download attempt (malware-tools.rules)
 * 1:57695 <-> ENABLED <-> MALWARE-TOOLS Py.Trojan.NecroBot malicious download attempt (malware-tools.rules)
 * 1:57710 <-> ENABLED <-> MALWARE-TOOLS Win.Trojan.NecroBot malicious download attempt (malware-tools.rules)
 * 1:57696 <-> ENABLED <-> MALWARE-TOOLS Py.Trojan.NecroBot malicious download attempt (malware-tools.rules)
 * 1:57693 <-> ENABLED <-> MALWARE-TOOLS Py.Trojan.NecroBot TODELETE ious download attempt (malware-tools.rules)
 * 1:57688 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Nobelium ISO download attempt (malware-other.rules)
 * 1:57702 <-> ENABLED <-> MALWARE-TOOLS Win.Trojan.NecroBot malicious download attempt (malware-tools.rules)
 * 1:57698 <-> ENABLED <-> MALWARE-TOOLS Py.Trojan.NecroBot malicious download attempt (malware-tools.rules)
 * 1:57699 <-> ENABLED <-> MALWARE-TOOLS Html.Trojan.NecroBot malicious download attempt (malware-tools.rules)
 * 1:57694 <-> ENABLED <-> MALWARE-TOOLS Py.Trojan.NecroBot malicious download attempt (malware-tools.rules)
 * 1:57703 <-> ENABLED <-> MALWARE-TOOLS Win.Trojan.NecroBot malicious download attempt (malware-tools.rules)
 * 1:57700 <-> ENABLED <-> MALWARE-TOOLS Js.Trojan.NecroBot malicious download attempt (malware-tools.rules)
 * 1:57701 <-> ENABLED <-> MALWARE-TOOLS Js.Trojan.NecroBot malicious download attempt (malware-tools.rules)
 * 1:57697 <-> ENABLED <-> MALWARE-TOOLS Html.Trojan.NecroBot malicious download attempt (malware-tools.rules)
 * 1:57707 <-> ENABLED <-> MALWARE-TOOLS Unix.Trojan.NecroBot malicious download attempt (malware-tools.rules)
 * 1:57712 <-> ENABLED <-> MALWARE-TOOLS Win.Trojan.NecroBot malicious download attempt (malware-tools.rules)
 * 1:57705 <-> ENABLED <-> MALWARE-TOOLS Win.Trojan.NecroBot malicious download attempt (malware-tools.rules)
 * 1:57711 <-> ENABLED <-> MALWARE-TOOLS Win.Trojan.NecroBot malicious download attempt (malware-tools.rules)

Modified Rules:



2021-06-03 13:23:11 UTC

Snort Subscriber Rules Update

Date: 2021-06-03

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3000.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:57687 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Nobelium malicious shortcut download attempt (snort3-malware-other.rules)
 * 1:57717 <-> ENABLED <-> MALWARE-CNC Multios.Trojan.NecroBot outbound connection attempt (snort3-malware-cnc.rules)
 * 1:57702 <-> ENABLED <-> MALWARE-TOOLS Win.Trojan.NecroBot malicious download attempt (snort3-malware-tools.rules)
 * 1:57691 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Nobelium CobaltStrike beacon download attempt (snort3-malware-other.rules)
 * 1:57695 <-> ENABLED <-> MALWARE-TOOLS Py.Trojan.NecroBot malicious download attempt (snort3-malware-tools.rules)
 * 1:57690 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Nobelium ISO download attempt (snort3-malware-other.rules)
 * 1:57699 <-> ENABLED <-> MALWARE-TOOLS Html.Trojan.NecroBot malicious download attempt (snort3-malware-tools.rules)
 * 1:57713 <-> ENABLED <-> MALWARE-TOOLS Win.Trojan.NecroBot malicious download attempt (snort3-malware-tools.rules)
 * 1:57719 <-> DISABLED <-> SERVER-OTHER Microsoft Systems Management Server out of bounds write attempt (snort3-server-other.rules)
 * 1:57693 <-> ENABLED <-> MALWARE-TOOLS Py.Trojan.NecroBot TODELETE ious download attempt (snort3-malware-tools.rules)
 * 1:57707 <-> ENABLED <-> MALWARE-TOOLS Unix.Trojan.NecroBot malicious download attempt (snort3-malware-tools.rules)
 * 1:57714 <-> ENABLED <-> MALWARE-CNC Multios.Trojan.NecroBot outbound connection attempt (snort3-malware-cnc.rules)
 * 1:57715 <-> ENABLED <-> MALWARE-CNC Multios.Trojan.NecroBot outbound connection attempt (snort3-malware-cnc.rules)
 * 1:57712 <-> ENABLED <-> MALWARE-TOOLS Win.Trojan.NecroBot malicious download attempt (snort3-malware-tools.rules)
 * 1:57716 <-> ENABLED <-> MALWARE-CNC Multios.Trojan.NecroBot outbound connection attempt (snort3-malware-cnc.rules)
 * 1:57689 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Nobelium malicious shortcut download attempt (snort3-malware-other.rules)
 * 1:57718 <-> DISABLED <-> SERVER-OTHER Microsoft Systems Management Server out of bounds write attempt (snort3-server-other.rules)
 * 1:57696 <-> ENABLED <-> MALWARE-TOOLS Py.Trojan.NecroBot malicious download attempt (snort3-malware-tools.rules)
 * 1:57711 <-> ENABLED <-> MALWARE-TOOLS Win.Trojan.NecroBot malicious download attempt (snort3-malware-tools.rules)
 * 1:57697 <-> ENABLED <-> MALWARE-TOOLS Html.Trojan.NecroBot malicious download attempt (snort3-malware-tools.rules)
 * 1:57706 <-> ENABLED <-> MALWARE-TOOLS Unix.Trojan.NecroBot malicious download attempt (snort3-malware-tools.rules)
 * 1:57709 <-> ENABLED <-> MALWARE-TOOLS Win.Trojan.NecroBot malicious download attempt (snort3-malware-tools.rules)
 * 1:57698 <-> ENABLED <-> MALWARE-TOOLS Py.Trojan.NecroBot malicious download attempt (snort3-malware-tools.rules)
 * 1:57692 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Nobelium CobaltStrike beacon download attempt (snort3-malware-other.rules)
 * 1:57688 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Nobelium ISO download attempt (snort3-malware-other.rules)
 * 1:57701 <-> ENABLED <-> MALWARE-TOOLS Js.Trojan.NecroBot malicious download attempt (snort3-malware-tools.rules)
 * 1:57710 <-> ENABLED <-> MALWARE-TOOLS Win.Trojan.NecroBot malicious download attempt (snort3-malware-tools.rules)
 * 1:57694 <-> ENABLED <-> MALWARE-TOOLS Py.Trojan.NecroBot malicious download attempt (snort3-malware-tools.rules)
 * 1:57704 <-> ENABLED <-> MALWARE-TOOLS Win.Trojan.NecroBot malicious download attempt (snort3-malware-tools.rules)
 * 1:57700 <-> ENABLED <-> MALWARE-TOOLS Js.Trojan.NecroBot malicious download attempt (snort3-malware-tools.rules)
 * 1:57703 <-> ENABLED <-> MALWARE-TOOLS Win.Trojan.NecroBot malicious download attempt (snort3-malware-tools.rules)
 * 1:57708 <-> ENABLED <-> MALWARE-TOOLS Unix.Trojan.NecroBot malicious download attempt (snort3-malware-tools.rules)
 * 1:15148 <-> DISABLED <-> DELETED mDYHhn0mqtj919h9y92PmnM3gj01Bxxw (snort3-deleted.rules)
 * 1:57705 <-> ENABLED <-> MALWARE-TOOLS Win.Trojan.NecroBot malicious download attempt (snort3-malware-tools.rules)

Modified Rules:



2021-06-03 13:23:11 UTC

Snort Subscriber Rules Update

Date: 2021-06-03

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:57715 <-> ENABLED <-> MALWARE-CNC Multios.Trojan.NecroBot outbound connection attempt (malware-cnc.rules)
 * 1:57697 <-> ENABLED <-> MALWARE-TOOLS Html.Trojan.NecroBot malicious download attempt (malware-tools.rules)
 * 1:57710 <-> ENABLED <-> MALWARE-TOOLS Win.Trojan.NecroBot malicious download attempt (malware-tools.rules)
 * 1:57716 <-> ENABLED <-> MALWARE-CNC Multios.Trojan.NecroBot outbound connection attempt (malware-cnc.rules)
 * 1:57702 <-> ENABLED <-> MALWARE-TOOLS Win.Trojan.NecroBot malicious download attempt (malware-tools.rules)
 * 1:57699 <-> ENABLED <-> MALWARE-TOOLS Html.Trojan.NecroBot malicious download attempt (malware-tools.rules)
 * 1:57717 <-> ENABLED <-> MALWARE-CNC Multios.Trojan.NecroBot outbound connection attempt (malware-cnc.rules)
 * 1:57719 <-> DISABLED <-> SERVER-OTHER Microsoft Systems Management Server out of bounds write attempt (server-other.rules)
 * 1:15148 <-> DISABLED <-> DELETED mDYHhn0mqtj919h9y92PmnM3gj01Bxxw (deleted.rules)
 * 1:57691 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Nobelium CobaltStrike beacon download attempt (malware-other.rules)
 * 1:57700 <-> ENABLED <-> MALWARE-TOOLS Js.Trojan.NecroBot malicious download attempt (malware-tools.rules)
 * 1:57714 <-> ENABLED <-> MALWARE-CNC Multios.Trojan.NecroBot outbound connection attempt (malware-cnc.rules)
 * 1:57698 <-> ENABLED <-> MALWARE-TOOLS Py.Trojan.NecroBot malicious download attempt (malware-tools.rules)
 * 1:57704 <-> ENABLED <-> MALWARE-TOOLS Win.Trojan.NecroBot malicious download attempt (malware-tools.rules)
 * 1:57694 <-> ENABLED <-> MALWARE-TOOLS Py.Trojan.NecroBot malicious download attempt (malware-tools.rules)
 * 1:57696 <-> ENABLED <-> MALWARE-TOOLS Py.Trojan.NecroBot malicious download attempt (malware-tools.rules)
 * 1:57705 <-> ENABLED <-> MALWARE-TOOLS Win.Trojan.NecroBot malicious download attempt (malware-tools.rules)
 * 1:57703 <-> ENABLED <-> MALWARE-TOOLS Win.Trojan.NecroBot malicious download attempt (malware-tools.rules)
 * 1:57706 <-> ENABLED <-> MALWARE-TOOLS Unix.Trojan.NecroBot malicious download attempt (malware-tools.rules)
 * 1:57709 <-> ENABLED <-> MALWARE-TOOLS Win.Trojan.NecroBot malicious download attempt (malware-tools.rules)
 * 1:57695 <-> ENABLED <-> MALWARE-TOOLS Py.Trojan.NecroBot malicious download attempt (malware-tools.rules)
 * 1:57707 <-> ENABLED <-> MALWARE-TOOLS Unix.Trojan.NecroBot malicious download attempt (malware-tools.rules)
 * 1:57689 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Nobelium malicious shortcut download attempt (malware-other.rules)
 * 1:57693 <-> ENABLED <-> MALWARE-TOOLS Py.Trojan.NecroBot TODELETE ious download attempt (malware-tools.rules)
 * 1:57688 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Nobelium ISO download attempt (malware-other.rules)
 * 1:57718 <-> DISABLED <-> SERVER-OTHER Microsoft Systems Management Server out of bounds write attempt (server-other.rules)
 * 1:57708 <-> ENABLED <-> MALWARE-TOOLS Unix.Trojan.NecroBot malicious download attempt (malware-tools.rules)
 * 1:57711 <-> ENABLED <-> MALWARE-TOOLS Win.Trojan.NecroBot malicious download attempt (malware-tools.rules)
 * 1:57712 <-> ENABLED <-> MALWARE-TOOLS Win.Trojan.NecroBot malicious download attempt (malware-tools.rules)
 * 1:57701 <-> ENABLED <-> MALWARE-TOOLS Js.Trojan.NecroBot malicious download attempt (malware-tools.rules)
 * 1:57713 <-> ENABLED <-> MALWARE-TOOLS Win.Trojan.NecroBot malicious download attempt (malware-tools.rules)
 * 1:57690 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Nobelium ISO download attempt (malware-other.rules)
 * 1:57687 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Nobelium malicious shortcut download attempt (malware-other.rules)
 * 1:57692 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Nobelium CobaltStrike beacon download attempt (malware-other.rules)

Modified Rules:



2021-06-03 13:34:54 UTC

Snort Subscriber Rules Update

Date: 2021-06-02-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.0.3.1.

The format of the file is:

gid:sid <-> Message

New Rules:

* 3:23039 <-> PROTOCOL-DNS Multiple Vendors DNS name decompression denial of service attempt
* 3:23040 <-> PROTOCOL-DNS Multiple Vendors DNS name decompression denial of service attempt
* 1:300029 <-> SERVER-WEBAPP HAProxy cookie denial of service attempt
* 1:300030 <-> SERVER-WEBAPP HAProxy cookie denial of service attempt
* 1:300031 <-> SERVER-WEBAPP HAProxy cookie denial of service attempt
* 3:57581 <-> SERVER-WEBAPP Cisco Prime Infrastructure EPNM command injection attempt
* 3:57582 <-> SERVER-WEBAPP Cisco Prime Infrastructure EPNM command injection attempt
* 3:57583 <-> SERVER-WEBAPP Cisco Prime Infrastructure EPNM command injection attempt
* 3:57584 <-> SERVER-WEBAPP Cisco Modeling Labs command injection attempt
* 3:57585 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt
* 3:57586 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt
* 3:57587 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt
* 3:57588 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt
* 3:57589 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt
* 3:57590 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt
* 3:57591 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt
* 3:57592 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt
* 3:57593 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt
* 3:57594 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt
* 3:57595 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt
* 3:57596 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt
* 3:57597 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt
* 3:57598 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt
* 3:57599 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt
* 3:57600 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt
* 3:57601 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt
* 3:57602 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt
* 3:57603 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt
* 3:57604 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt
* 3:57607 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1299 attack attempt
* 3:57608 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1299 attack attempt
* 3:57609 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1299 attack attempt
* 3:57610 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1299 attack attempt
* 3:57611 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1299 attack attempt
* 3:57612 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1299 attack attempt
* 3:57613 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1299 attack attempt
* 3:57614 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1299 attack attempt
* 3:57615 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1299 attack attempt
* 3:57616 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1299 attack attempt
* 3:57617 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1299 attack attempt
* 3:57618 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1299 attack attempt
* 3:57619 <-> INDICATOR-SHELLCODE TRUFFLEHUNTER TALOS-2021-1300 attack attempt
* 3:57620 <-> INDICATOR-SHELLCODE TRUFFLEHUNTER TALOS-2021-1300 attack attempt
* 3:57623 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1298 attack attempt
* 3:57624 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1298 attack attempt
* 3:57625 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1298 attack attempt
* 3:57626 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1298 attack attempt
* 3:57627 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1298 attack attempt
* 3:57628 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1298 attack attempt
* 3:57629 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1298 attack attempt
* 3:57630 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1298 attack attempt
* 3:57635 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57636 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57637 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57638 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57639 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57640 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57641 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57642 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57643 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57644 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57645 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57646 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57647 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57648 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57649 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57650 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57651 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57652 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57653 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57654 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57655 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57656 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57657 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57658 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57659 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57660 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57661 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57662 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57663 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57664 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57665 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57666 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57667 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57668 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57669 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57670 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57671 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57672 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 1:57687 <-> MALWARE-OTHER Win.Trojan.Nobelium malicious shortcut download attempt
* 1:57688 <-> MALWARE-OTHER Win.Trojan.Nobelium ISO download attempt
* 1:57689 <-> MALWARE-OTHER Win.Trojan.Nobelium malicious shortcut download attempt
* 1:57690 <-> MALWARE-OTHER Win.Trojan.Nobelium ISO download attempt
* 1:57691 <-> MALWARE-OTHER Win.Trojan.Nobelium CobaltStrike beacon download attempt
* 1:57692 <-> MALWARE-OTHER Win.Trojan.Nobelium CobaltStrike beacon download attempt
* 1:57693 <-> MALWARE-TOOLS Py.Trojan.NecroBot TODELETE ious download attempt
* 1:57694 <-> MALWARE-TOOLS Py.Trojan.NecroBot malicious download attempt
* 1:57695 <-> MALWARE-TOOLS Py.Trojan.NecroBot malicious download attempt
* 1:57696 <-> MALWARE-TOOLS Py.Trojan.NecroBot malicious download attempt
* 1:57697 <-> MALWARE-TOOLS Html.Trojan.NecroBot malicious download attempt
* 1:57698 <-> MALWARE-TOOLS Py.Trojan.NecroBot malicious download attempt
* 1:57699 <-> MALWARE-TOOLS Html.Trojan.NecroBot malicious download attempt
* 1:57700 <-> MALWARE-TOOLS Js.Trojan.NecroBot malicious download attempt
* 1:57701 <-> MALWARE-TOOLS Js.Trojan.NecroBot malicious download attempt
* 1:57702 <-> MALWARE-TOOLS Win.Trojan.NecroBot malicious download attempt
* 1:57703 <-> MALWARE-TOOLS Win.Trojan.NecroBot malicious download attempt
* 1:57704 <-> MALWARE-TOOLS Win.Trojan.NecroBot malicious download attempt
* 1:57705 <-> MALWARE-TOOLS Win.Trojan.NecroBot malicious download attempt
* 1:57706 <-> MALWARE-TOOLS Unix.Trojan.NecroBot malicious download attempt
* 1:57707 <-> MALWARE-TOOLS Unix.Trojan.NecroBot malicious download attempt
* 1:57708 <-> MALWARE-TOOLS Unix.Trojan.NecroBot malicious download attempt
* 1:57709 <-> MALWARE-TOOLS Win.Trojan.NecroBot malicious download attempt
* 1:57710 <-> MALWARE-TOOLS Win.Trojan.NecroBot malicious download attempt
* 1:57711 <-> MALWARE-TOOLS Win.Trojan.NecroBot malicious download attempt
* 1:57712 <-> MALWARE-TOOLS Win.Trojan.NecroBot malicious download attempt
* 1:57713 <-> MALWARE-TOOLS Win.Trojan.NecroBot malicious download attempt
* 1:57714 <-> MALWARE-CNC Multios.Trojan.NecroBot outbound connection attempt
* 1:57715 <-> MALWARE-CNC Multios.Trojan.NecroBot outbound connection attempt
* 1:57716 <-> MALWARE-CNC Multios.Trojan.NecroBot outbound connection attempt
* 1:57717 <-> MALWARE-CNC Multios.Trojan.NecroBot outbound connection attempt
* 1:57718 <-> SERVER-OTHER Microsoft Systems Management Server out of bounds write attempt
* 1:57719 <-> SERVER-OTHER Microsoft Systems Management Server out of bounds write attempt

Modified Rules:

* 3:46897 <-> SERVER-WEBAPP Cisco Adaptive Security Appliance directory traversal attempt
* 3:57479 <-> FILE-PDF TRUFFLEHUNTER TALOS-2021-1287 attack attempt
* 3:57480 <-> FILE-PDF TRUFFLEHUNTER TALOS-2021-1287 attack attempt


2021-06-03 13:34:55 UTC

Snort Subscriber Rules Update

Date: 2021-06-02-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.0.3.4.

The format of the file is:

gid:sid <-> Message

New Rules:

* 3:23039 <-> PROTOCOL-DNS Multiple Vendors DNS name decompression denial of service attempt
* 3:23040 <-> PROTOCOL-DNS Multiple Vendors DNS name decompression denial of service attempt
* 1:300029 <-> SERVER-WEBAPP HAProxy cookie denial of service attempt
* 1:300030 <-> SERVER-WEBAPP HAProxy cookie denial of service attempt
* 1:300031 <-> SERVER-WEBAPP HAProxy cookie denial of service attempt
* 3:57581 <-> SERVER-WEBAPP Cisco Prime Infrastructure EPNM command injection attempt
* 3:57582 <-> SERVER-WEBAPP Cisco Prime Infrastructure EPNM command injection attempt
* 3:57583 <-> SERVER-WEBAPP Cisco Prime Infrastructure EPNM command injection attempt
* 3:57584 <-> SERVER-WEBAPP Cisco Modeling Labs command injection attempt
* 3:57585 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt
* 3:57586 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt
* 3:57587 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt
* 3:57588 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt
* 3:57589 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt
* 3:57590 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt
* 3:57591 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt
* 3:57592 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt
* 3:57593 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt
* 3:57594 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt
* 3:57595 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt
* 3:57596 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt
* 3:57597 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt
* 3:57598 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt
* 3:57599 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt
* 3:57600 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt
* 3:57601 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt
* 3:57602 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt
* 3:57603 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt
* 3:57604 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt
* 3:57607 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1299 attack attempt
* 3:57608 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1299 attack attempt
* 3:57609 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1299 attack attempt
* 3:57610 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1299 attack attempt
* 3:57611 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1299 attack attempt
* 3:57612 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1299 attack attempt
* 3:57613 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1299 attack attempt
* 3:57614 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1299 attack attempt
* 3:57615 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1299 attack attempt
* 3:57616 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1299 attack attempt
* 3:57617 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1299 attack attempt
* 3:57618 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1299 attack attempt
* 3:57619 <-> INDICATOR-SHELLCODE TRUFFLEHUNTER TALOS-2021-1300 attack attempt
* 3:57620 <-> INDICATOR-SHELLCODE TRUFFLEHUNTER TALOS-2021-1300 attack attempt
* 3:57623 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1298 attack attempt
* 3:57624 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1298 attack attempt
* 3:57625 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1298 attack attempt
* 3:57626 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1298 attack attempt
* 3:57627 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1298 attack attempt
* 3:57628 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1298 attack attempt
* 3:57629 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1298 attack attempt
* 3:57630 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1298 attack attempt
* 3:57635 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57636 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57637 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57638 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57639 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57640 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57641 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57642 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57643 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57644 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57645 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57646 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57647 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57648 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57649 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57650 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57651 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57652 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57653 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57654 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57655 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57656 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57657 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57658 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57659 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57660 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57661 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57662 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57663 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57664 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57665 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57666 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57667 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57668 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57669 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57670 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57671 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57672 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 1:57687 <-> MALWARE-OTHER Win.Trojan.Nobelium malicious shortcut download attempt
* 1:57688 <-> MALWARE-OTHER Win.Trojan.Nobelium ISO download attempt
* 1:57689 <-> MALWARE-OTHER Win.Trojan.Nobelium malicious shortcut download attempt
* 1:57690 <-> MALWARE-OTHER Win.Trojan.Nobelium ISO download attempt
* 1:57691 <-> MALWARE-OTHER Win.Trojan.Nobelium CobaltStrike beacon download attempt
* 1:57692 <-> MALWARE-OTHER Win.Trojan.Nobelium CobaltStrike beacon download attempt
* 1:57693 <-> MALWARE-TOOLS Py.Trojan.NecroBot TODELETE ious download attempt
* 1:57694 <-> MALWARE-TOOLS Py.Trojan.NecroBot malicious download attempt
* 1:57695 <-> MALWARE-TOOLS Py.Trojan.NecroBot malicious download attempt
* 1:57696 <-> MALWARE-TOOLS Py.Trojan.NecroBot malicious download attempt
* 1:57697 <-> MALWARE-TOOLS Html.Trojan.NecroBot malicious download attempt
* 1:57698 <-> MALWARE-TOOLS Py.Trojan.NecroBot malicious download attempt
* 1:57699 <-> MALWARE-TOOLS Html.Trojan.NecroBot malicious download attempt
* 1:57700 <-> MALWARE-TOOLS Js.Trojan.NecroBot malicious download attempt
* 1:57701 <-> MALWARE-TOOLS Js.Trojan.NecroBot malicious download attempt
* 1:57702 <-> MALWARE-TOOLS Win.Trojan.NecroBot malicious download attempt
* 1:57703 <-> MALWARE-TOOLS Win.Trojan.NecroBot malicious download attempt
* 1:57704 <-> MALWARE-TOOLS Win.Trojan.NecroBot malicious download attempt
* 1:57705 <-> MALWARE-TOOLS Win.Trojan.NecroBot malicious download attempt
* 1:57706 <-> MALWARE-TOOLS Unix.Trojan.NecroBot malicious download attempt
* 1:57707 <-> MALWARE-TOOLS Unix.Trojan.NecroBot malicious download attempt
* 1:57708 <-> MALWARE-TOOLS Unix.Trojan.NecroBot malicious download attempt
* 1:57709 <-> MALWARE-TOOLS Win.Trojan.NecroBot malicious download attempt
* 1:57710 <-> MALWARE-TOOLS Win.Trojan.NecroBot malicious download attempt
* 1:57711 <-> MALWARE-TOOLS Win.Trojan.NecroBot malicious download attempt
* 1:57712 <-> MALWARE-TOOLS Win.Trojan.NecroBot malicious download attempt
* 1:57713 <-> MALWARE-TOOLS Win.Trojan.NecroBot malicious download attempt
* 1:57714 <-> MALWARE-CNC Multios.Trojan.NecroBot outbound connection attempt
* 1:57715 <-> MALWARE-CNC Multios.Trojan.NecroBot outbound connection attempt
* 1:57716 <-> MALWARE-CNC Multios.Trojan.NecroBot outbound connection attempt
* 1:57717 <-> MALWARE-CNC Multios.Trojan.NecroBot outbound connection attempt
* 1:57718 <-> SERVER-OTHER Microsoft Systems Management Server out of bounds write attempt
* 1:57719 <-> SERVER-OTHER Microsoft Systems Management Server out of bounds write attempt

Modified Rules:

* 3:46897 <-> SERVER-WEBAPP Cisco Adaptive Security Appliance directory traversal attempt
* 3:57479 <-> FILE-PDF TRUFFLEHUNTER TALOS-2021-1287 attack attempt
* 3:57480 <-> FILE-PDF TRUFFLEHUNTER TALOS-2021-1287 attack attempt


2021-06-03 13:34:55 UTC

Snort Subscriber Rules Update

Date: 2021-06-02-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.0.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 3:23039 <-> PROTOCOL-DNS Multiple Vendors DNS name decompression denial of service attempt
* 3:23040 <-> PROTOCOL-DNS Multiple Vendors DNS name decompression denial of service attempt
* 1:300029 <-> SERVER-WEBAPP HAProxy cookie denial of service attempt
* 1:300030 <-> SERVER-WEBAPP HAProxy cookie denial of service attempt
* 1:300031 <-> SERVER-WEBAPP HAProxy cookie denial of service attempt
* 3:57581 <-> SERVER-WEBAPP Cisco Prime Infrastructure EPNM command injection attempt
* 3:57582 <-> SERVER-WEBAPP Cisco Prime Infrastructure EPNM command injection attempt
* 3:57583 <-> SERVER-WEBAPP Cisco Prime Infrastructure EPNM command injection attempt
* 3:57584 <-> SERVER-WEBAPP Cisco Modeling Labs command injection attempt
* 3:57585 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt
* 3:57586 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt
* 3:57587 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt
* 3:57588 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt
* 3:57589 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt
* 3:57590 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt
* 3:57591 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt
* 3:57592 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt
* 3:57593 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt
* 3:57594 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt
* 3:57595 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt
* 3:57596 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt
* 3:57597 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt
* 3:57598 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt
* 3:57599 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt
* 3:57600 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt
* 3:57601 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt
* 3:57602 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt
* 3:57603 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt
* 3:57604 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt
* 3:57607 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1299 attack attempt
* 3:57608 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1299 attack attempt
* 3:57609 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1299 attack attempt
* 3:57610 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1299 attack attempt
* 3:57611 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1299 attack attempt
* 3:57612 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1299 attack attempt
* 3:57613 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1299 attack attempt
* 3:57614 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1299 attack attempt
* 3:57615 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1299 attack attempt
* 3:57616 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1299 attack attempt
* 3:57617 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1299 attack attempt
* 3:57618 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1299 attack attempt
* 3:57619 <-> INDICATOR-SHELLCODE TRUFFLEHUNTER TALOS-2021-1300 attack attempt
* 3:57620 <-> INDICATOR-SHELLCODE TRUFFLEHUNTER TALOS-2021-1300 attack attempt
* 3:57623 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1298 attack attempt
* 3:57624 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1298 attack attempt
* 3:57625 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1298 attack attempt
* 3:57626 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1298 attack attempt
* 3:57627 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1298 attack attempt
* 3:57628 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1298 attack attempt
* 3:57629 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1298 attack attempt
* 3:57630 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1298 attack attempt
* 3:57635 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57636 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57637 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57638 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57639 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57640 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57641 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57642 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57643 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57644 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57645 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57646 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57647 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57648 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57649 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57650 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57651 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57652 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57653 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57654 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57655 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57656 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57657 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57658 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57659 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57660 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57661 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57662 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57663 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57664 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57665 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57666 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57667 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57668 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57669 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57670 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57671 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57672 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 1:57687 <-> MALWARE-OTHER Win.Trojan.Nobelium malicious shortcut download attempt
* 1:57688 <-> MALWARE-OTHER Win.Trojan.Nobelium ISO download attempt
* 1:57689 <-> MALWARE-OTHER Win.Trojan.Nobelium malicious shortcut download attempt
* 1:57690 <-> MALWARE-OTHER Win.Trojan.Nobelium ISO download attempt
* 1:57691 <-> MALWARE-OTHER Win.Trojan.Nobelium CobaltStrike beacon download attempt
* 1:57692 <-> MALWARE-OTHER Win.Trojan.Nobelium CobaltStrike beacon download attempt
* 1:57693 <-> MALWARE-TOOLS Py.Trojan.NecroBot TODELETE ious download attempt
* 1:57694 <-> MALWARE-TOOLS Py.Trojan.NecroBot malicious download attempt
* 1:57695 <-> MALWARE-TOOLS Py.Trojan.NecroBot malicious download attempt
* 1:57696 <-> MALWARE-TOOLS Py.Trojan.NecroBot malicious download attempt
* 1:57697 <-> MALWARE-TOOLS Html.Trojan.NecroBot malicious download attempt
* 1:57698 <-> MALWARE-TOOLS Py.Trojan.NecroBot malicious download attempt
* 1:57699 <-> MALWARE-TOOLS Html.Trojan.NecroBot malicious download attempt
* 1:57700 <-> MALWARE-TOOLS Js.Trojan.NecroBot malicious download attempt
* 1:57701 <-> MALWARE-TOOLS Js.Trojan.NecroBot malicious download attempt
* 1:57702 <-> MALWARE-TOOLS Win.Trojan.NecroBot malicious download attempt
* 1:57703 <-> MALWARE-TOOLS Win.Trojan.NecroBot malicious download attempt
* 1:57704 <-> MALWARE-TOOLS Win.Trojan.NecroBot malicious download attempt
* 1:57705 <-> MALWARE-TOOLS Win.Trojan.NecroBot malicious download attempt
* 1:57706 <-> MALWARE-TOOLS Unix.Trojan.NecroBot malicious download attempt
* 1:57707 <-> MALWARE-TOOLS Unix.Trojan.NecroBot malicious download attempt
* 1:57708 <-> MALWARE-TOOLS Unix.Trojan.NecroBot malicious download attempt
* 1:57709 <-> MALWARE-TOOLS Win.Trojan.NecroBot malicious download attempt
* 1:57710 <-> MALWARE-TOOLS Win.Trojan.NecroBot malicious download attempt
* 1:57711 <-> MALWARE-TOOLS Win.Trojan.NecroBot malicious download attempt
* 1:57712 <-> MALWARE-TOOLS Win.Trojan.NecroBot malicious download attempt
* 1:57713 <-> MALWARE-TOOLS Win.Trojan.NecroBot malicious download attempt
* 1:57714 <-> MALWARE-CNC Multios.Trojan.NecroBot outbound connection attempt
* 1:57715 <-> MALWARE-CNC Multios.Trojan.NecroBot outbound connection attempt
* 1:57716 <-> MALWARE-CNC Multios.Trojan.NecroBot outbound connection attempt
* 1:57717 <-> MALWARE-CNC Multios.Trojan.NecroBot outbound connection attempt
* 1:57718 <-> SERVER-OTHER Microsoft Systems Management Server out of bounds write attempt
* 1:57719 <-> SERVER-OTHER Microsoft Systems Management Server out of bounds write attempt

Modified Rules:

* 3:46897 <-> SERVER-WEBAPP Cisco Adaptive Security Appliance directory traversal attempt
* 3:57479 <-> FILE-PDF TRUFFLEHUNTER TALOS-2021-1287 attack attempt
* 3:57480 <-> FILE-PDF TRUFFLEHUNTER TALOS-2021-1287 attack attempt


2021-06-03 13:34:55 UTC

Snort Subscriber Rules Update

Date: 2021-06-02-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.0.1.

The format of the file is:

gid:sid <-> Message

New Rules:

* 3:23039 <-> PROTOCOL-DNS Multiple Vendors DNS name decompression denial of service attempt
* 3:23040 <-> PROTOCOL-DNS Multiple Vendors DNS name decompression denial of service attempt
* 1:300029 <-> SERVER-WEBAPP HAProxy cookie denial of service attempt
* 1:300030 <-> SERVER-WEBAPP HAProxy cookie denial of service attempt
* 1:300031 <-> SERVER-WEBAPP HAProxy cookie denial of service attempt
* 3:57581 <-> SERVER-WEBAPP Cisco Prime Infrastructure EPNM command injection attempt
* 3:57582 <-> SERVER-WEBAPP Cisco Prime Infrastructure EPNM command injection attempt
* 3:57583 <-> SERVER-WEBAPP Cisco Prime Infrastructure EPNM command injection attempt
* 3:57584 <-> SERVER-WEBAPP Cisco Modeling Labs command injection attempt
* 3:57585 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt
* 3:57586 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt
* 3:57587 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt
* 3:57588 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt
* 3:57589 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt
* 3:57590 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt
* 3:57591 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt
* 3:57592 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt
* 3:57593 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt
* 3:57594 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt
* 3:57595 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt
* 3:57596 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt
* 3:57597 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt
* 3:57598 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt
* 3:57599 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt
* 3:57600 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt
* 3:57601 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt
* 3:57602 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt
* 3:57603 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt
* 3:57604 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt
* 3:57607 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1299 attack attempt
* 3:57608 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1299 attack attempt
* 3:57609 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1299 attack attempt
* 3:57610 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1299 attack attempt
* 3:57611 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1299 attack attempt
* 3:57612 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1299 attack attempt
* 3:57613 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1299 attack attempt
* 3:57614 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1299 attack attempt
* 3:57615 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1299 attack attempt
* 3:57616 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1299 attack attempt
* 3:57617 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1299 attack attempt
* 3:57618 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1299 attack attempt
* 3:57619 <-> INDICATOR-SHELLCODE TRUFFLEHUNTER TALOS-2021-1300 attack attempt
* 3:57620 <-> INDICATOR-SHELLCODE TRUFFLEHUNTER TALOS-2021-1300 attack attempt
* 3:57623 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1298 attack attempt
* 3:57624 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1298 attack attempt
* 3:57625 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1298 attack attempt
* 3:57626 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1298 attack attempt
* 3:57627 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1298 attack attempt
* 3:57628 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1298 attack attempt
* 3:57629 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1298 attack attempt
* 3:57630 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1298 attack attempt
* 3:57635 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57636 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57637 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57638 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57639 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57640 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57641 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57642 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57643 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57644 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57645 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57646 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57647 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57648 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57649 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57650 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57651 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57652 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57653 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57654 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57655 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57656 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57657 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57658 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57659 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57660 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57661 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57662 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57663 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57664 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57665 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57666 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57667 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57668 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57669 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57670 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57671 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57672 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 1:57687 <-> MALWARE-OTHER Win.Trojan.Nobelium malicious shortcut download attempt
* 1:57688 <-> MALWARE-OTHER Win.Trojan.Nobelium ISO download attempt
* 1:57689 <-> MALWARE-OTHER Win.Trojan.Nobelium malicious shortcut download attempt
* 1:57690 <-> MALWARE-OTHER Win.Trojan.Nobelium ISO download attempt
* 1:57691 <-> MALWARE-OTHER Win.Trojan.Nobelium CobaltStrike beacon download attempt
* 1:57692 <-> MALWARE-OTHER Win.Trojan.Nobelium CobaltStrike beacon download attempt
* 1:57693 <-> MALWARE-TOOLS Py.Trojan.NecroBot TODELETE ious download attempt
* 1:57694 <-> MALWARE-TOOLS Py.Trojan.NecroBot malicious download attempt
* 1:57695 <-> MALWARE-TOOLS Py.Trojan.NecroBot malicious download attempt
* 1:57696 <-> MALWARE-TOOLS Py.Trojan.NecroBot malicious download attempt
* 1:57697 <-> MALWARE-TOOLS Html.Trojan.NecroBot malicious download attempt
* 1:57698 <-> MALWARE-TOOLS Py.Trojan.NecroBot malicious download attempt
* 1:57699 <-> MALWARE-TOOLS Html.Trojan.NecroBot malicious download attempt
* 1:57700 <-> MALWARE-TOOLS Js.Trojan.NecroBot malicious download attempt
* 1:57701 <-> MALWARE-TOOLS Js.Trojan.NecroBot malicious download attempt
* 1:57702 <-> MALWARE-TOOLS Win.Trojan.NecroBot malicious download attempt
* 1:57703 <-> MALWARE-TOOLS Win.Trojan.NecroBot malicious download attempt
* 1:57704 <-> MALWARE-TOOLS Win.Trojan.NecroBot malicious download attempt
* 1:57705 <-> MALWARE-TOOLS Win.Trojan.NecroBot malicious download attempt
* 1:57706 <-> MALWARE-TOOLS Unix.Trojan.NecroBot malicious download attempt
* 1:57707 <-> MALWARE-TOOLS Unix.Trojan.NecroBot malicious download attempt
* 1:57708 <-> MALWARE-TOOLS Unix.Trojan.NecroBot malicious download attempt
* 1:57709 <-> MALWARE-TOOLS Win.Trojan.NecroBot malicious download attempt
* 1:57710 <-> MALWARE-TOOLS Win.Trojan.NecroBot malicious download attempt
* 1:57711 <-> MALWARE-TOOLS Win.Trojan.NecroBot malicious download attempt
* 1:57712 <-> MALWARE-TOOLS Win.Trojan.NecroBot malicious download attempt
* 1:57713 <-> MALWARE-TOOLS Win.Trojan.NecroBot malicious download attempt
* 1:57714 <-> MALWARE-CNC Multios.Trojan.NecroBot outbound connection attempt
* 1:57715 <-> MALWARE-CNC Multios.Trojan.NecroBot outbound connection attempt
* 1:57716 <-> MALWARE-CNC Multios.Trojan.NecroBot outbound connection attempt
* 1:57717 <-> MALWARE-CNC Multios.Trojan.NecroBot outbound connection attempt
* 1:57718 <-> SERVER-OTHER Microsoft Systems Management Server out of bounds write attempt
* 1:57719 <-> SERVER-OTHER Microsoft Systems Management Server out of bounds write attempt

Modified Rules:

* 3:46897 <-> SERVER-WEBAPP Cisco Adaptive Security Appliance directory traversal attempt
* 3:57479 <-> FILE-PDF TRUFFLEHUNTER TALOS-2021-1287 attack attempt
* 3:57480 <-> FILE-PDF TRUFFLEHUNTER TALOS-2021-1287 attack attempt


2021-06-03 13:34:55 UTC

Snort Subscriber Rules Update

Date: 2021-06-02-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.1.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 3:23039 <-> PROTOCOL-DNS Multiple Vendors DNS name decompression denial of service attempt
* 3:23040 <-> PROTOCOL-DNS Multiple Vendors DNS name decompression denial of service attempt
* 1:300029 <-> SERVER-WEBAPP HAProxy cookie denial of service attempt
* 1:300030 <-> SERVER-WEBAPP HAProxy cookie denial of service attempt
* 1:300031 <-> SERVER-WEBAPP HAProxy cookie denial of service attempt
* 3:57581 <-> SERVER-WEBAPP Cisco Prime Infrastructure EPNM command injection attempt
* 3:57582 <-> SERVER-WEBAPP Cisco Prime Infrastructure EPNM command injection attempt
* 3:57583 <-> SERVER-WEBAPP Cisco Prime Infrastructure EPNM command injection attempt
* 3:57584 <-> SERVER-WEBAPP Cisco Modeling Labs command injection attempt
* 3:57585 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt
* 3:57586 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt
* 3:57587 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt
* 3:57588 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt
* 3:57589 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt
* 3:57590 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt
* 3:57591 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt
* 3:57592 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt
* 3:57593 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt
* 3:57594 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt
* 3:57595 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt
* 3:57596 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt
* 3:57597 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt
* 3:57598 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt
* 3:57599 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt
* 3:57600 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt
* 3:57601 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt
* 3:57602 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt
* 3:57603 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt
* 3:57604 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt
* 3:57607 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1299 attack attempt
* 3:57608 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1299 attack attempt
* 3:57609 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1299 attack attempt
* 3:57610 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1299 attack attempt
* 3:57611 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1299 attack attempt
* 3:57612 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1299 attack attempt
* 3:57613 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1299 attack attempt
* 3:57614 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1299 attack attempt
* 3:57615 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1299 attack attempt
* 3:57616 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1299 attack attempt
* 3:57617 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1299 attack attempt
* 3:57618 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1299 attack attempt
* 3:57619 <-> INDICATOR-SHELLCODE TRUFFLEHUNTER TALOS-2021-1300 attack attempt
* 3:57620 <-> INDICATOR-SHELLCODE TRUFFLEHUNTER TALOS-2021-1300 attack attempt
* 3:57623 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1298 attack attempt
* 3:57624 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1298 attack attempt
* 3:57625 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1298 attack attempt
* 3:57626 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1298 attack attempt
* 3:57627 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1298 attack attempt
* 3:57628 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1298 attack attempt
* 3:57629 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1298 attack attempt
* 3:57630 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1298 attack attempt
* 3:57635 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57636 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57637 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57638 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57639 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57640 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57641 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57642 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57643 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57644 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57645 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57646 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57647 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57648 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57649 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57650 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57651 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57652 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57653 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57654 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57655 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57656 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57657 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57658 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57659 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57660 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57661 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57662 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57663 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57664 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57665 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57666 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57667 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57668 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57669 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57670 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57671 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57672 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 1:57687 <-> MALWARE-OTHER Win.Trojan.Nobelium malicious shortcut download attempt
* 1:57688 <-> MALWARE-OTHER Win.Trojan.Nobelium ISO download attempt
* 1:57689 <-> MALWARE-OTHER Win.Trojan.Nobelium malicious shortcut download attempt
* 1:57690 <-> MALWARE-OTHER Win.Trojan.Nobelium ISO download attempt
* 1:57691 <-> MALWARE-OTHER Win.Trojan.Nobelium CobaltStrike beacon download attempt
* 1:57692 <-> MALWARE-OTHER Win.Trojan.Nobelium CobaltStrike beacon download attempt
* 1:57693 <-> MALWARE-TOOLS Py.Trojan.NecroBot TODELETE ious download attempt
* 1:57694 <-> MALWARE-TOOLS Py.Trojan.NecroBot malicious download attempt
* 1:57695 <-> MALWARE-TOOLS Py.Trojan.NecroBot malicious download attempt
* 1:57696 <-> MALWARE-TOOLS Py.Trojan.NecroBot malicious download attempt
* 1:57697 <-> MALWARE-TOOLS Html.Trojan.NecroBot malicious download attempt
* 1:57698 <-> MALWARE-TOOLS Py.Trojan.NecroBot malicious download attempt
* 1:57699 <-> MALWARE-TOOLS Html.Trojan.NecroBot malicious download attempt
* 1:57700 <-> MALWARE-TOOLS Js.Trojan.NecroBot malicious download attempt
* 1:57701 <-> MALWARE-TOOLS Js.Trojan.NecroBot malicious download attempt
* 1:57702 <-> MALWARE-TOOLS Win.Trojan.NecroBot malicious download attempt
* 1:57703 <-> MALWARE-TOOLS Win.Trojan.NecroBot malicious download attempt
* 1:57704 <-> MALWARE-TOOLS Win.Trojan.NecroBot malicious download attempt
* 1:57705 <-> MALWARE-TOOLS Win.Trojan.NecroBot malicious download attempt
* 1:57706 <-> MALWARE-TOOLS Unix.Trojan.NecroBot malicious download attempt
* 1:57707 <-> MALWARE-TOOLS Unix.Trojan.NecroBot malicious download attempt
* 1:57708 <-> MALWARE-TOOLS Unix.Trojan.NecroBot malicious download attempt
* 1:57709 <-> MALWARE-TOOLS Win.Trojan.NecroBot malicious download attempt
* 1:57710 <-> MALWARE-TOOLS Win.Trojan.NecroBot malicious download attempt
* 1:57711 <-> MALWARE-TOOLS Win.Trojan.NecroBot malicious download attempt
* 1:57712 <-> MALWARE-TOOLS Win.Trojan.NecroBot malicious download attempt
* 1:57713 <-> MALWARE-TOOLS Win.Trojan.NecroBot malicious download attempt
* 1:57714 <-> MALWARE-CNC Multios.Trojan.NecroBot outbound connection attempt
* 1:57715 <-> MALWARE-CNC Multios.Trojan.NecroBot outbound connection attempt
* 1:57716 <-> MALWARE-CNC Multios.Trojan.NecroBot outbound connection attempt
* 1:57717 <-> MALWARE-CNC Multios.Trojan.NecroBot outbound connection attempt
* 1:57718 <-> SERVER-OTHER Microsoft Systems Management Server out of bounds write attempt
* 1:57719 <-> SERVER-OTHER Microsoft Systems Management Server out of bounds write attempt

Modified Rules:

* 3:46897 <-> SERVER-WEBAPP Cisco Adaptive Security Appliance directory traversal attempt
* 3:57479 <-> FILE-PDF TRUFFLEHUNTER TALOS-2021-1287 attack attempt
* 3:57480 <-> FILE-PDF TRUFFLEHUNTER TALOS-2021-1287 attack attempt


2021-06-03 13:34:55 UTC

Snort Subscriber Rules Update

Date: 2021-06-02-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.3.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 3:23039 <-> PROTOCOL-DNS Multiple Vendors DNS name decompression denial of service attempt
* 3:23040 <-> PROTOCOL-DNS Multiple Vendors DNS name decompression denial of service attempt
* 1:300029 <-> SERVER-WEBAPP HAProxy cookie denial of service attempt
* 1:300030 <-> SERVER-WEBAPP HAProxy cookie denial of service attempt
* 1:300031 <-> SERVER-WEBAPP HAProxy cookie denial of service attempt
* 3:57581 <-> SERVER-WEBAPP Cisco Prime Infrastructure EPNM command injection attempt
* 3:57582 <-> SERVER-WEBAPP Cisco Prime Infrastructure EPNM command injection attempt
* 3:57583 <-> SERVER-WEBAPP Cisco Prime Infrastructure EPNM command injection attempt
* 3:57584 <-> SERVER-WEBAPP Cisco Modeling Labs command injection attempt
* 3:57585 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt
* 3:57586 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt
* 3:57587 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt
* 3:57588 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt
* 3:57589 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt
* 3:57590 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt
* 3:57591 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt
* 3:57592 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt
* 3:57593 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt
* 3:57594 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt
* 3:57595 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt
* 3:57596 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt
* 3:57597 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt
* 3:57598 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt
* 3:57599 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt
* 3:57600 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt
* 3:57601 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt
* 3:57602 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt
* 3:57603 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt
* 3:57604 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt
* 3:57607 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1299 attack attempt
* 3:57608 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1299 attack attempt
* 3:57609 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1299 attack attempt
* 3:57610 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1299 attack attempt
* 3:57611 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1299 attack attempt
* 3:57612 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1299 attack attempt
* 3:57613 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1299 attack attempt
* 3:57614 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1299 attack attempt
* 3:57615 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1299 attack attempt
* 3:57616 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1299 attack attempt
* 3:57617 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1299 attack attempt
* 3:57618 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1299 attack attempt
* 3:57619 <-> INDICATOR-SHELLCODE TRUFFLEHUNTER TALOS-2021-1300 attack attempt
* 3:57620 <-> INDICATOR-SHELLCODE TRUFFLEHUNTER TALOS-2021-1300 attack attempt
* 3:57623 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1298 attack attempt
* 3:57624 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1298 attack attempt
* 3:57625 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1298 attack attempt
* 3:57626 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1298 attack attempt
* 3:57627 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1298 attack attempt
* 3:57628 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1298 attack attempt
* 3:57629 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1298 attack attempt
* 3:57630 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1298 attack attempt
* 3:57635 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57636 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57637 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57638 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57639 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57640 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57641 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57642 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57643 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57644 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57645 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57646 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57647 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57648 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57649 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57650 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57651 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57652 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57653 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57654 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57655 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57656 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57657 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57658 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57659 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57660 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57661 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57662 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57663 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57664 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57665 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57666 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57667 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57668 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57669 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57670 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57671 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57672 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 1:57687 <-> MALWARE-OTHER Win.Trojan.Nobelium malicious shortcut download attempt
* 1:57688 <-> MALWARE-OTHER Win.Trojan.Nobelium ISO download attempt
* 1:57689 <-> MALWARE-OTHER Win.Trojan.Nobelium malicious shortcut download attempt
* 1:57690 <-> MALWARE-OTHER Win.Trojan.Nobelium ISO download attempt
* 1:57691 <-> MALWARE-OTHER Win.Trojan.Nobelium CobaltStrike beacon download attempt
* 1:57692 <-> MALWARE-OTHER Win.Trojan.Nobelium CobaltStrike beacon download attempt
* 1:57693 <-> MALWARE-TOOLS Py.Trojan.NecroBot TODELETE ious download attempt
* 1:57694 <-> MALWARE-TOOLS Py.Trojan.NecroBot malicious download attempt
* 1:57695 <-> MALWARE-TOOLS Py.Trojan.NecroBot malicious download attempt
* 1:57696 <-> MALWARE-TOOLS Py.Trojan.NecroBot malicious download attempt
* 1:57697 <-> MALWARE-TOOLS Html.Trojan.NecroBot malicious download attempt
* 1:57698 <-> MALWARE-TOOLS Py.Trojan.NecroBot malicious download attempt
* 1:57699 <-> MALWARE-TOOLS Html.Trojan.NecroBot malicious download attempt
* 1:57700 <-> MALWARE-TOOLS Js.Trojan.NecroBot malicious download attempt
* 1:57701 <-> MALWARE-TOOLS Js.Trojan.NecroBot malicious download attempt
* 1:57702 <-> MALWARE-TOOLS Win.Trojan.NecroBot malicious download attempt
* 1:57703 <-> MALWARE-TOOLS Win.Trojan.NecroBot malicious download attempt
* 1:57704 <-> MALWARE-TOOLS Win.Trojan.NecroBot malicious download attempt
* 1:57705 <-> MALWARE-TOOLS Win.Trojan.NecroBot malicious download attempt
* 1:57706 <-> MALWARE-TOOLS Unix.Trojan.NecroBot malicious download attempt
* 1:57707 <-> MALWARE-TOOLS Unix.Trojan.NecroBot malicious download attempt
* 1:57708 <-> MALWARE-TOOLS Unix.Trojan.NecroBot malicious download attempt
* 1:57709 <-> MALWARE-TOOLS Win.Trojan.NecroBot malicious download attempt
* 1:57710 <-> MALWARE-TOOLS Win.Trojan.NecroBot malicious download attempt
* 1:57711 <-> MALWARE-TOOLS Win.Trojan.NecroBot malicious download attempt
* 1:57712 <-> MALWARE-TOOLS Win.Trojan.NecroBot malicious download attempt
* 1:57713 <-> MALWARE-TOOLS Win.Trojan.NecroBot malicious download attempt
* 1:57714 <-> MALWARE-CNC Multios.Trojan.NecroBot outbound connection attempt
* 1:57715 <-> MALWARE-CNC Multios.Trojan.NecroBot outbound connection attempt
* 1:57716 <-> MALWARE-CNC Multios.Trojan.NecroBot outbound connection attempt
* 1:57717 <-> MALWARE-CNC Multios.Trojan.NecroBot outbound connection attempt
* 1:57718 <-> SERVER-OTHER Microsoft Systems Management Server out of bounds write attempt
* 1:57719 <-> SERVER-OTHER Microsoft Systems Management Server out of bounds write attempt

Modified Rules:

* 3:46897 <-> SERVER-WEBAPP Cisco Adaptive Security Appliance directory traversal attempt
* 3:57479 <-> FILE-PDF TRUFFLEHUNTER TALOS-2021-1287 attack attempt
* 3:57480 <-> FILE-PDF TRUFFLEHUNTER TALOS-2021-1287 attack attempt


2021-06-03 13:34:55 UTC

Snort Subscriber Rules Update

Date: 2021-06-02-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.4.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 3:23039 <-> PROTOCOL-DNS Multiple Vendors DNS name decompression denial of service attempt
* 3:23040 <-> PROTOCOL-DNS Multiple Vendors DNS name decompression denial of service attempt
* 1:300029 <-> SERVER-WEBAPP HAProxy cookie denial of service attempt
* 1:300030 <-> SERVER-WEBAPP HAProxy cookie denial of service attempt
* 1:300031 <-> SERVER-WEBAPP HAProxy cookie denial of service attempt
* 3:57581 <-> SERVER-WEBAPP Cisco Prime Infrastructure EPNM command injection attempt
* 3:57582 <-> SERVER-WEBAPP Cisco Prime Infrastructure EPNM command injection attempt
* 3:57583 <-> SERVER-WEBAPP Cisco Prime Infrastructure EPNM command injection attempt
* 3:57584 <-> SERVER-WEBAPP Cisco Modeling Labs command injection attempt
* 3:57585 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt
* 3:57586 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt
* 3:57587 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt
* 3:57588 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt
* 3:57589 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt
* 3:57590 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt
* 3:57591 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt
* 3:57592 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt
* 3:57593 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt
* 3:57594 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt
* 3:57595 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt
* 3:57596 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt
* 3:57597 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt
* 3:57598 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt
* 3:57599 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt
* 3:57600 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt
* 3:57601 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt
* 3:57602 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt
* 3:57603 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt
* 3:57604 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt
* 3:57607 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1299 attack attempt
* 3:57608 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1299 attack attempt
* 3:57609 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1299 attack attempt
* 3:57610 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1299 attack attempt
* 3:57611 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1299 attack attempt
* 3:57612 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1299 attack attempt
* 3:57613 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1299 attack attempt
* 3:57614 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1299 attack attempt
* 3:57615 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1299 attack attempt
* 3:57616 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1299 attack attempt
* 3:57617 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1299 attack attempt
* 3:57618 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1299 attack attempt
* 3:57619 <-> INDICATOR-SHELLCODE TRUFFLEHUNTER TALOS-2021-1300 attack attempt
* 3:57620 <-> INDICATOR-SHELLCODE TRUFFLEHUNTER TALOS-2021-1300 attack attempt
* 3:57623 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1298 attack attempt
* 3:57624 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1298 attack attempt
* 3:57625 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1298 attack attempt
* 3:57626 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1298 attack attempt
* 3:57627 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1298 attack attempt
* 3:57628 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1298 attack attempt
* 3:57629 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1298 attack attempt
* 3:57630 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1298 attack attempt
* 3:57635 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57636 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57637 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57638 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57639 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57640 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57641 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57642 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57643 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57644 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57645 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57646 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57647 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57648 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57649 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57650 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57651 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57652 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57653 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57654 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57655 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57656 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57657 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57658 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57659 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57660 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57661 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57662 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57663 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57664 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57665 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57666 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57667 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57668 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57669 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57670 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57671 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57672 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 1:57687 <-> MALWARE-OTHER Win.Trojan.Nobelium malicious shortcut download attempt
* 1:57688 <-> MALWARE-OTHER Win.Trojan.Nobelium ISO download attempt
* 1:57689 <-> MALWARE-OTHER Win.Trojan.Nobelium malicious shortcut download attempt
* 1:57690 <-> MALWARE-OTHER Win.Trojan.Nobelium ISO download attempt
* 1:57691 <-> MALWARE-OTHER Win.Trojan.Nobelium CobaltStrike beacon download attempt
* 1:57692 <-> MALWARE-OTHER Win.Trojan.Nobelium CobaltStrike beacon download attempt
* 1:57693 <-> MALWARE-TOOLS Py.Trojan.NecroBot TODELETE ious download attempt
* 1:57694 <-> MALWARE-TOOLS Py.Trojan.NecroBot malicious download attempt
* 1:57695 <-> MALWARE-TOOLS Py.Trojan.NecroBot malicious download attempt
* 1:57696 <-> MALWARE-TOOLS Py.Trojan.NecroBot malicious download attempt
* 1:57697 <-> MALWARE-TOOLS Html.Trojan.NecroBot malicious download attempt
* 1:57698 <-> MALWARE-TOOLS Py.Trojan.NecroBot malicious download attempt
* 1:57699 <-> MALWARE-TOOLS Html.Trojan.NecroBot malicious download attempt
* 1:57700 <-> MALWARE-TOOLS Js.Trojan.NecroBot malicious download attempt
* 1:57701 <-> MALWARE-TOOLS Js.Trojan.NecroBot malicious download attempt
* 1:57702 <-> MALWARE-TOOLS Win.Trojan.NecroBot malicious download attempt
* 1:57703 <-> MALWARE-TOOLS Win.Trojan.NecroBot malicious download attempt
* 1:57704 <-> MALWARE-TOOLS Win.Trojan.NecroBot malicious download attempt
* 1:57705 <-> MALWARE-TOOLS Win.Trojan.NecroBot malicious download attempt
* 1:57706 <-> MALWARE-TOOLS Unix.Trojan.NecroBot malicious download attempt
* 1:57707 <-> MALWARE-TOOLS Unix.Trojan.NecroBot malicious download attempt
* 1:57708 <-> MALWARE-TOOLS Unix.Trojan.NecroBot malicious download attempt
* 1:57709 <-> MALWARE-TOOLS Win.Trojan.NecroBot malicious download attempt
* 1:57710 <-> MALWARE-TOOLS Win.Trojan.NecroBot malicious download attempt
* 1:57711 <-> MALWARE-TOOLS Win.Trojan.NecroBot malicious download attempt
* 1:57712 <-> MALWARE-TOOLS Win.Trojan.NecroBot malicious download attempt
* 1:57713 <-> MALWARE-TOOLS Win.Trojan.NecroBot malicious download attempt
* 1:57714 <-> MALWARE-CNC Multios.Trojan.NecroBot outbound connection attempt
* 1:57715 <-> MALWARE-CNC Multios.Trojan.NecroBot outbound connection attempt
* 1:57716 <-> MALWARE-CNC Multios.Trojan.NecroBot outbound connection attempt
* 1:57717 <-> MALWARE-CNC Multios.Trojan.NecroBot outbound connection attempt
* 1:57718 <-> SERVER-OTHER Microsoft Systems Management Server out of bounds write attempt
* 1:57719 <-> SERVER-OTHER Microsoft Systems Management Server out of bounds write attempt

Modified Rules:

* 3:46897 <-> SERVER-WEBAPP Cisco Adaptive Security Appliance directory traversal attempt
* 3:57479 <-> FILE-PDF TRUFFLEHUNTER TALOS-2021-1287 attack attempt
* 3:57480 <-> FILE-PDF TRUFFLEHUNTER TALOS-2021-1287 attack attempt


2021-06-03 13:34:55 UTC

Snort Subscriber Rules Update

Date: 2021-06-02-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.5.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 3:23039 <-> PROTOCOL-DNS Multiple Vendors DNS name decompression denial of service attempt
* 3:23040 <-> PROTOCOL-DNS Multiple Vendors DNS name decompression denial of service attempt
* 1:300029 <-> SERVER-WEBAPP HAProxy cookie denial of service attempt
* 1:300030 <-> SERVER-WEBAPP HAProxy cookie denial of service attempt
* 1:300031 <-> SERVER-WEBAPP HAProxy cookie denial of service attempt
* 3:57581 <-> SERVER-WEBAPP Cisco Prime Infrastructure EPNM command injection attempt
* 3:57582 <-> SERVER-WEBAPP Cisco Prime Infrastructure EPNM command injection attempt
* 3:57583 <-> SERVER-WEBAPP Cisco Prime Infrastructure EPNM command injection attempt
* 3:57584 <-> SERVER-WEBAPP Cisco Modeling Labs command injection attempt
* 3:57585 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt
* 3:57586 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt
* 3:57587 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt
* 3:57588 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt
* 3:57589 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt
* 3:57590 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt
* 3:57591 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt
* 3:57592 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt
* 3:57593 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt
* 3:57594 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt
* 3:57595 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt
* 3:57596 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt
* 3:57597 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt
* 3:57598 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt
* 3:57599 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt
* 3:57600 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt
* 3:57601 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt
* 3:57602 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt
* 3:57603 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt
* 3:57604 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1304 attack attempt
* 3:57607 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1299 attack attempt
* 3:57608 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1299 attack attempt
* 3:57609 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1299 attack attempt
* 3:57610 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1299 attack attempt
* 3:57611 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1299 attack attempt
* 3:57612 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1299 attack attempt
* 3:57613 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1299 attack attempt
* 3:57614 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1299 attack attempt
* 3:57615 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1299 attack attempt
* 3:57616 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1299 attack attempt
* 3:57617 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1299 attack attempt
* 3:57618 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1299 attack attempt
* 3:57619 <-> INDICATOR-SHELLCODE TRUFFLEHUNTER TALOS-2021-1300 attack attempt
* 3:57620 <-> INDICATOR-SHELLCODE TRUFFLEHUNTER TALOS-2021-1300 attack attempt
* 3:57623 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1298 attack attempt
* 3:57624 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1298 attack attempt
* 3:57625 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1298 attack attempt
* 3:57626 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1298 attack attempt
* 3:57627 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1298 attack attempt
* 3:57628 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1298 attack attempt
* 3:57629 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1298 attack attempt
* 3:57630 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1298 attack attempt
* 3:57635 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57636 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57637 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57638 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57639 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57640 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57641 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57642 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57643 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57644 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57645 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57646 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57647 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57648 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57649 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57650 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57651 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57652 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57653 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57654 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57655 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57656 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57657 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57658 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57659 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57660 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57661 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57662 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57663 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57664 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57665 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57666 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57667 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57668 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57669 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57670 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57671 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 3:57672 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1297 attack attempt
* 1:57687 <-> MALWARE-OTHER Win.Trojan.Nobelium malicious shortcut download attempt
* 1:57688 <-> MALWARE-OTHER Win.Trojan.Nobelium ISO download attempt
* 1:57689 <-> MALWARE-OTHER Win.Trojan.Nobelium malicious shortcut download attempt
* 1:57690 <-> MALWARE-OTHER Win.Trojan.Nobelium ISO download attempt
* 1:57691 <-> MALWARE-OTHER Win.Trojan.Nobelium CobaltStrike beacon download attempt
* 1:57692 <-> MALWARE-OTHER Win.Trojan.Nobelium CobaltStrike beacon download attempt
* 1:57693 <-> MALWARE-TOOLS Py.Trojan.NecroBot TODELETE ious download attempt
* 1:57694 <-> MALWARE-TOOLS Py.Trojan.NecroBot malicious download attempt
* 1:57695 <-> MALWARE-TOOLS Py.Trojan.NecroBot malicious download attempt
* 1:57696 <-> MALWARE-TOOLS Py.Trojan.NecroBot malicious download attempt
* 1:57697 <-> MALWARE-TOOLS Html.Trojan.NecroBot malicious download attempt
* 1:57698 <-> MALWARE-TOOLS Py.Trojan.NecroBot malicious download attempt
* 1:57699 <-> MALWARE-TOOLS Html.Trojan.NecroBot malicious download attempt
* 1:57700 <-> MALWARE-TOOLS Js.Trojan.NecroBot malicious download attempt
* 1:57701 <-> MALWARE-TOOLS Js.Trojan.NecroBot malicious download attempt
* 1:57702 <-> MALWARE-TOOLS Win.Trojan.NecroBot malicious download attempt
* 1:57703 <-> MALWARE-TOOLS Win.Trojan.NecroBot malicious download attempt
* 1:57704 <-> MALWARE-TOOLS Win.Trojan.NecroBot malicious download attempt
* 1:57705 <-> MALWARE-TOOLS Win.Trojan.NecroBot malicious download attempt
* 1:57706 <-> MALWARE-TOOLS Unix.Trojan.NecroBot malicious download attempt
* 1:57707 <-> MALWARE-TOOLS Unix.Trojan.NecroBot malicious download attempt
* 1:57708 <-> MALWARE-TOOLS Unix.Trojan.NecroBot malicious download attempt
* 1:57709 <-> MALWARE-TOOLS Win.Trojan.NecroBot malicious download attempt
* 1:57710 <-> MALWARE-TOOLS Win.Trojan.NecroBot malicious download attempt
* 1:57711 <-> MALWARE-TOOLS Win.Trojan.NecroBot malicious download attempt
* 1:57712 <-> MALWARE-TOOLS Win.Trojan.NecroBot malicious download attempt
* 1:57713 <-> MALWARE-TOOLS Win.Trojan.NecroBot malicious download attempt
* 1:57714 <-> MALWARE-CNC Multios.Trojan.NecroBot outbound connection attempt
* 1:57715 <-> MALWARE-CNC Multios.Trojan.NecroBot outbound connection attempt
* 1:57716 <-> MALWARE-CNC Multios.Trojan.NecroBot outbound connection attempt
* 1:57717 <-> MALWARE-CNC Multios.Trojan.NecroBot outbound connection attempt
* 1:57718 <-> SERVER-OTHER Microsoft Systems Management Server out of bounds write attempt
* 1:57719 <-> SERVER-OTHER Microsoft Systems Management Server out of bounds write attempt

Modified Rules:

* 3:46897 <-> SERVER-WEBAPP Cisco Adaptive Security Appliance directory traversal attempt
* 3:57479 <-> FILE-PDF TRUFFLEHUNTER TALOS-2021-1287 attack attempt
* 3:57480 <-> FILE-PDF TRUFFLEHUNTER TALOS-2021-1287 attack attempt