Talos has added and modified multiple rules in the deleted, file-image, malware-cnc and server-webapp rule sets to provide coverage for emerging threats from these technologies.
For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091801.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:58200 <-> DISABLED <-> MALWARE-OTHER Webshell.Backdoor.Agent variant upload detected (malware-other.rules) * 1:58201 <-> ENABLED <-> SERVER-WEBAPP Zoho ManageEngine ADSelfService Plus authentication bypass attempt (server-webapp.rules) * 1:58202 <-> DISABLED <-> MALWARE-OTHER Standard Bank credential phishing attempt (malware-other.rules) * 1:58203 <-> DISABLED <-> MALWARE-OTHER Banking credential phishing attempt (malware-other.rules) * 1:58204 <-> DISABLED <-> MALWARE-OTHER Absa Bank credential phishing attempt (malware-other.rules) * 1:58205 <-> DISABLED <-> DELETED MALWARE-OTHER Email credential phishing attempt (deleted.rules) * 1:58206 <-> DISABLED <-> MALWARE-OTHER Standard Bank credential phishing attempt (malware-other.rules) * 1:58207 <-> DISABLED <-> MALWARE-OTHER Banking credential phishing attempt (malware-other.rules) * 1:58208 <-> DISABLED <-> MALWARE-OTHER Absa Bank credential phishing attempt (malware-other.rules) * 1:58209 <-> DISABLED <-> DELETED MALWARE-OTHER Email credential phishing attempt (deleted.rules) * 1:58210 <-> DISABLED <-> MALWARE-OTHER Standard Bank credential phishing attempt (malware-other.rules) * 1:58211 <-> DISABLED <-> MALWARE-OTHER Standard Bank credential phishing attempt (malware-other.rules) * 1:58212 <-> DISABLED <-> MALWARE-OTHER Absa Bank credential phishing attempt (malware-other.rules) * 1:58213 <-> DISABLED <-> MALWARE-OTHER Absa Bank credential phishing attempt (malware-other.rules) * 1:58214 <-> DISABLED <-> MALWARE-OTHER Email credential phishing attempt (malware-other.rules) * 1:58215 <-> DISABLED <-> MALWARE-OTHER Email credential phishing attempt (malware-other.rules) * 1:58216 <-> DISABLED <-> MALWARE-CNC Banking credential stealer credential exfiltration attempt (malware-cnc.rules) * 1:58217 <-> ENABLED <-> SERVER-WEBAPP VMware vCenter Server remote code execution attempt (server-webapp.rules) * 1:58218 <-> ENABLED <-> SERVER-WEBAPP VMware vCenter Server file upload attempt (server-webapp.rules) * 1:58219 <-> ENABLED <-> SERVER-WEBAPP VMware vCenter Server file upload attempt (server-webapp.rules) * 3:58221 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1375 attack attempt (file-image.rules) * 3:58220 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1375 attack attempt (file-image.rules) * 3:58223 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1375 attack attempt (file-image.rules) * 3:58222 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1375 attack attempt (file-image.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091800.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:58219 <-> ENABLED <-> SERVER-WEBAPP VMware vCenter Server file upload attempt (server-webapp.rules) * 1:58218 <-> ENABLED <-> SERVER-WEBAPP VMware vCenter Server file upload attempt (server-webapp.rules) * 1:58202 <-> DISABLED <-> MALWARE-OTHER Standard Bank credential phishing attempt (malware-other.rules) * 1:58204 <-> DISABLED <-> MALWARE-OTHER Absa Bank credential phishing attempt (malware-other.rules) * 1:58200 <-> DISABLED <-> MALWARE-OTHER Webshell.Backdoor.Agent variant upload detected (malware-other.rules) * 1:58207 <-> DISABLED <-> MALWARE-OTHER Banking credential phishing attempt (malware-other.rules) * 1:58206 <-> DISABLED <-> MALWARE-OTHER Standard Bank credential phishing attempt (malware-other.rules) * 1:58208 <-> DISABLED <-> MALWARE-OTHER Absa Bank credential phishing attempt (malware-other.rules) * 1:58209 <-> DISABLED <-> DELETED MALWARE-OTHER Email credential phishing attempt (deleted.rules) * 1:58210 <-> DISABLED <-> MALWARE-OTHER Standard Bank credential phishing attempt (malware-other.rules) * 1:58211 <-> DISABLED <-> MALWARE-OTHER Standard Bank credential phishing attempt (malware-other.rules) * 1:58201 <-> ENABLED <-> SERVER-WEBAPP Zoho ManageEngine ADSelfService Plus authentication bypass attempt (server-webapp.rules) * 1:58212 <-> DISABLED <-> MALWARE-OTHER Absa Bank credential phishing attempt (malware-other.rules) * 1:58213 <-> DISABLED <-> MALWARE-OTHER Absa Bank credential phishing attempt (malware-other.rules) * 1:58214 <-> DISABLED <-> MALWARE-OTHER Email credential phishing attempt (malware-other.rules) * 1:58215 <-> DISABLED <-> MALWARE-OTHER Email credential phishing attempt (malware-other.rules) * 1:58216 <-> DISABLED <-> MALWARE-CNC Banking credential stealer credential exfiltration attempt (malware-cnc.rules) * 1:58205 <-> DISABLED <-> DELETED MALWARE-OTHER Email credential phishing attempt (deleted.rules) * 1:58203 <-> DISABLED <-> MALWARE-OTHER Banking credential phishing attempt (malware-other.rules) * 1:58217 <-> ENABLED <-> SERVER-WEBAPP VMware vCenter Server remote code execution attempt (server-webapp.rules) * 3:58220 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1375 attack attempt (file-image.rules) * 3:58221 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1375 attack attempt (file-image.rules) * 3:58223 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1375 attack attempt (file-image.rules) * 3:58222 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1375 attack attempt (file-image.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091701.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:58214 <-> DISABLED <-> MALWARE-OTHER Email credential phishing attempt (malware-other.rules) * 1:58200 <-> DISABLED <-> MALWARE-OTHER Webshell.Backdoor.Agent variant upload detected (malware-other.rules) * 1:58219 <-> ENABLED <-> SERVER-WEBAPP VMware vCenter Server file upload attempt (server-webapp.rules) * 1:58215 <-> DISABLED <-> MALWARE-OTHER Email credential phishing attempt (malware-other.rules) * 1:58204 <-> DISABLED <-> MALWARE-OTHER Absa Bank credential phishing attempt (malware-other.rules) * 1:58201 <-> ENABLED <-> SERVER-WEBAPP Zoho ManageEngine ADSelfService Plus authentication bypass attempt (server-webapp.rules) * 1:58203 <-> DISABLED <-> MALWARE-OTHER Banking credential phishing attempt (malware-other.rules) * 1:58205 <-> DISABLED <-> DELETED MALWARE-OTHER Email credential phishing attempt (deleted.rules) * 1:58206 <-> DISABLED <-> MALWARE-OTHER Standard Bank credential phishing attempt (malware-other.rules) * 1:58207 <-> DISABLED <-> MALWARE-OTHER Banking credential phishing attempt (malware-other.rules) * 1:58208 <-> DISABLED <-> MALWARE-OTHER Absa Bank credential phishing attempt (malware-other.rules) * 1:58216 <-> DISABLED <-> MALWARE-CNC Banking credential stealer credential exfiltration attempt (malware-cnc.rules) * 1:58217 <-> ENABLED <-> SERVER-WEBAPP VMware vCenter Server remote code execution attempt (server-webapp.rules) * 1:58218 <-> ENABLED <-> SERVER-WEBAPP VMware vCenter Server file upload attempt (server-webapp.rules) * 1:58202 <-> DISABLED <-> MALWARE-OTHER Standard Bank credential phishing attempt (malware-other.rules) * 1:58209 <-> DISABLED <-> DELETED MALWARE-OTHER Email credential phishing attempt (deleted.rules) * 1:58211 <-> DISABLED <-> MALWARE-OTHER Standard Bank credential phishing attempt (malware-other.rules) * 1:58210 <-> DISABLED <-> MALWARE-OTHER Standard Bank credential phishing attempt (malware-other.rules) * 1:58213 <-> DISABLED <-> MALWARE-OTHER Absa Bank credential phishing attempt (malware-other.rules) * 1:58212 <-> DISABLED <-> MALWARE-OTHER Absa Bank credential phishing attempt (malware-other.rules) * 3:58220 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1375 attack attempt (file-image.rules) * 3:58221 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1375 attack attempt (file-image.rules) * 3:58223 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1375 attack attempt (file-image.rules) * 3:58222 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1375 attack attempt (file-image.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091700.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:58216 <-> DISABLED <-> MALWARE-CNC Banking credential stealer credential exfiltration attempt (malware-cnc.rules) * 1:58211 <-> DISABLED <-> MALWARE-OTHER Standard Bank credential phishing attempt (malware-other.rules) * 1:58215 <-> DISABLED <-> MALWARE-OTHER Email credential phishing attempt (malware-other.rules) * 1:58219 <-> ENABLED <-> SERVER-WEBAPP VMware vCenter Server file upload attempt (server-webapp.rules) * 1:58217 <-> ENABLED <-> SERVER-WEBAPP VMware vCenter Server remote code execution attempt (server-webapp.rules) * 1:58204 <-> DISABLED <-> MALWARE-OTHER Absa Bank credential phishing attempt (malware-other.rules) * 1:58210 <-> DISABLED <-> MALWARE-OTHER Standard Bank credential phishing attempt (malware-other.rules) * 1:58205 <-> DISABLED <-> DELETED MALWARE-OTHER Email credential phishing attempt (deleted.rules) * 1:58218 <-> ENABLED <-> SERVER-WEBAPP VMware vCenter Server file upload attempt (server-webapp.rules) * 1:58203 <-> DISABLED <-> MALWARE-OTHER Banking credential phishing attempt (malware-other.rules) * 1:58202 <-> DISABLED <-> MALWARE-OTHER Standard Bank credential phishing attempt (malware-other.rules) * 1:58212 <-> DISABLED <-> MALWARE-OTHER Absa Bank credential phishing attempt (malware-other.rules) * 1:58214 <-> DISABLED <-> MALWARE-OTHER Email credential phishing attempt (malware-other.rules) * 1:58209 <-> DISABLED <-> DELETED MALWARE-OTHER Email credential phishing attempt (deleted.rules) * 1:58201 <-> ENABLED <-> SERVER-WEBAPP Zoho ManageEngine ADSelfService Plus authentication bypass attempt (server-webapp.rules) * 1:58208 <-> DISABLED <-> MALWARE-OTHER Absa Bank credential phishing attempt (malware-other.rules) * 1:58207 <-> DISABLED <-> MALWARE-OTHER Banking credential phishing attempt (malware-other.rules) * 1:58206 <-> DISABLED <-> MALWARE-OTHER Standard Bank credential phishing attempt (malware-other.rules) * 1:58200 <-> DISABLED <-> MALWARE-OTHER Webshell.Backdoor.Agent variant upload detected (malware-other.rules) * 1:58213 <-> DISABLED <-> MALWARE-OTHER Absa Bank credential phishing attempt (malware-other.rules) * 3:58222 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1375 attack attempt (file-image.rules) * 3:58220 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1375 attack attempt (file-image.rules) * 3:58223 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1375 attack attempt (file-image.rules) * 3:58221 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1375 attack attempt (file-image.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091601.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:58207 <-> DISABLED <-> MALWARE-OTHER Banking credential phishing attempt (malware-other.rules) * 1:58201 <-> ENABLED <-> SERVER-WEBAPP Zoho ManageEngine ADSelfService Plus authentication bypass attempt (server-webapp.rules) * 1:58217 <-> ENABLED <-> SERVER-WEBAPP VMware vCenter Server remote code execution attempt (server-webapp.rules) * 1:58202 <-> DISABLED <-> MALWARE-OTHER Standard Bank credential phishing attempt (malware-other.rules) * 1:58219 <-> ENABLED <-> SERVER-WEBAPP VMware vCenter Server file upload attempt (server-webapp.rules) * 1:58208 <-> DISABLED <-> MALWARE-OTHER Absa Bank credential phishing attempt (malware-other.rules) * 1:58209 <-> DISABLED <-> DELETED MALWARE-OTHER Email credential phishing attempt (deleted.rules) * 1:58210 <-> DISABLED <-> MALWARE-OTHER Standard Bank credential phishing attempt (malware-other.rules) * 1:58200 <-> DISABLED <-> MALWARE-OTHER Webshell.Backdoor.Agent variant upload detected (malware-other.rules) * 1:58205 <-> DISABLED <-> DELETED MALWARE-OTHER Email credential phishing attempt (deleted.rules) * 1:58215 <-> DISABLED <-> MALWARE-OTHER Email credential phishing attempt (malware-other.rules) * 1:58214 <-> DISABLED <-> MALWARE-OTHER Email credential phishing attempt (malware-other.rules) * 1:58213 <-> DISABLED <-> MALWARE-OTHER Absa Bank credential phishing attempt (malware-other.rules) * 1:58212 <-> DISABLED <-> MALWARE-OTHER Absa Bank credential phishing attempt (malware-other.rules) * 1:58216 <-> DISABLED <-> MALWARE-CNC Banking credential stealer credential exfiltration attempt (malware-cnc.rules) * 1:58211 <-> DISABLED <-> MALWARE-OTHER Standard Bank credential phishing attempt (malware-other.rules) * 1:58218 <-> ENABLED <-> SERVER-WEBAPP VMware vCenter Server file upload attempt (server-webapp.rules) * 1:58204 <-> DISABLED <-> MALWARE-OTHER Absa Bank credential phishing attempt (malware-other.rules) * 1:58203 <-> DISABLED <-> MALWARE-OTHER Banking credential phishing attempt (malware-other.rules) * 1:58206 <-> DISABLED <-> MALWARE-OTHER Standard Bank credential phishing attempt (malware-other.rules) * 3:58220 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1375 attack attempt (file-image.rules) * 3:58221 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1375 attack attempt (file-image.rules) * 3:58222 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1375 attack attempt (file-image.rules) * 3:58223 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1375 attack attempt (file-image.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091600.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:58203 <-> DISABLED <-> MALWARE-OTHER Banking credential phishing attempt (malware-other.rules) * 1:58200 <-> DISABLED <-> MALWARE-OTHER Webshell.Backdoor.Agent variant upload detected (malware-other.rules) * 1:58216 <-> DISABLED <-> MALWARE-CNC Banking credential stealer credential exfiltration attempt (malware-cnc.rules) * 1:58211 <-> DISABLED <-> MALWARE-OTHER Standard Bank credential phishing attempt (malware-other.rules) * 1:58212 <-> DISABLED <-> MALWARE-OTHER Absa Bank credential phishing attempt (malware-other.rules) * 1:58210 <-> DISABLED <-> MALWARE-OTHER Standard Bank credential phishing attempt (malware-other.rules) * 1:58219 <-> ENABLED <-> SERVER-WEBAPP VMware vCenter Server file upload attempt (server-webapp.rules) * 1:58218 <-> ENABLED <-> SERVER-WEBAPP VMware vCenter Server file upload attempt (server-webapp.rules) * 1:58205 <-> DISABLED <-> DELETED MALWARE-OTHER Email credential phishing attempt (deleted.rules) * 1:58202 <-> DISABLED <-> MALWARE-OTHER Standard Bank credential phishing attempt (malware-other.rules) * 1:58201 <-> ENABLED <-> SERVER-WEBAPP Zoho ManageEngine ADSelfService Plus authentication bypass attempt (server-webapp.rules) * 1:58204 <-> DISABLED <-> MALWARE-OTHER Absa Bank credential phishing attempt (malware-other.rules) * 1:58206 <-> DISABLED <-> MALWARE-OTHER Standard Bank credential phishing attempt (malware-other.rules) * 1:58207 <-> DISABLED <-> MALWARE-OTHER Banking credential phishing attempt (malware-other.rules) * 1:58208 <-> DISABLED <-> MALWARE-OTHER Absa Bank credential phishing attempt (malware-other.rules) * 1:58217 <-> ENABLED <-> SERVER-WEBAPP VMware vCenter Server remote code execution attempt (server-webapp.rules) * 1:58215 <-> DISABLED <-> MALWARE-OTHER Email credential phishing attempt (malware-other.rules) * 1:58214 <-> DISABLED <-> MALWARE-OTHER Email credential phishing attempt (malware-other.rules) * 1:58209 <-> DISABLED <-> DELETED MALWARE-OTHER Email credential phishing attempt (deleted.rules) * 1:58213 <-> DISABLED <-> MALWARE-OTHER Absa Bank credential phishing attempt (malware-other.rules) * 3:58221 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1375 attack attempt (file-image.rules) * 3:58222 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1375 attack attempt (file-image.rules) * 3:58220 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1375 attack attempt (file-image.rules) * 3:58223 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1375 attack attempt (file-image.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091501.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:58200 <-> DISABLED <-> MALWARE-OTHER Webshell.Backdoor.Agent variant upload detected (malware-other.rules) * 1:58212 <-> DISABLED <-> MALWARE-OTHER Absa Bank credential phishing attempt (malware-other.rules) * 1:58204 <-> DISABLED <-> MALWARE-OTHER Absa Bank credential phishing attempt (malware-other.rules) * 1:58215 <-> DISABLED <-> MALWARE-OTHER Email credential phishing attempt (malware-other.rules) * 1:58205 <-> DISABLED <-> DELETED MALWARE-OTHER Email credential phishing attempt (deleted.rules) * 1:58213 <-> DISABLED <-> MALWARE-OTHER Absa Bank credential phishing attempt (malware-other.rules) * 1:58216 <-> DISABLED <-> MALWARE-CNC Banking credential stealer credential exfiltration attempt (malware-cnc.rules) * 1:58217 <-> ENABLED <-> SERVER-WEBAPP VMware vCenter Server remote code execution attempt (server-webapp.rules) * 1:58218 <-> ENABLED <-> SERVER-WEBAPP VMware vCenter Server file upload attempt (server-webapp.rules) * 1:58206 <-> DISABLED <-> MALWARE-OTHER Standard Bank credential phishing attempt (malware-other.rules) * 1:58210 <-> DISABLED <-> MALWARE-OTHER Standard Bank credential phishing attempt (malware-other.rules) * 1:58202 <-> DISABLED <-> MALWARE-OTHER Standard Bank credential phishing attempt (malware-other.rules) * 1:58207 <-> DISABLED <-> MALWARE-OTHER Banking credential phishing attempt (malware-other.rules) * 1:58208 <-> DISABLED <-> MALWARE-OTHER Absa Bank credential phishing attempt (malware-other.rules) * 1:58201 <-> ENABLED <-> SERVER-WEBAPP Zoho ManageEngine ADSelfService Plus authentication bypass attempt (server-webapp.rules) * 1:58203 <-> DISABLED <-> MALWARE-OTHER Banking credential phishing attempt (malware-other.rules) * 1:58214 <-> DISABLED <-> MALWARE-OTHER Email credential phishing attempt (malware-other.rules) * 1:58219 <-> ENABLED <-> SERVER-WEBAPP VMware vCenter Server file upload attempt (server-webapp.rules) * 1:58211 <-> DISABLED <-> MALWARE-OTHER Standard Bank credential phishing attempt (malware-other.rules) * 1:58209 <-> DISABLED <-> DELETED MALWARE-OTHER Email credential phishing attempt (deleted.rules) * 3:58223 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1375 attack attempt (file-image.rules) * 3:58220 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1375 attack attempt (file-image.rules) * 3:58222 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1375 attack attempt (file-image.rules) * 3:58221 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1375 attack attempt (file-image.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091401.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:58217 <-> ENABLED <-> SERVER-WEBAPP VMware vCenter Server remote code execution attempt (server-webapp.rules) * 1:58215 <-> DISABLED <-> MALWARE-OTHER Email credential phishing attempt (malware-other.rules) * 1:58211 <-> DISABLED <-> MALWARE-OTHER Standard Bank credential phishing attempt (malware-other.rules) * 1:58205 <-> DISABLED <-> DELETED MALWARE-OTHER Email credential phishing attempt (deleted.rules) * 1:58206 <-> DISABLED <-> MALWARE-OTHER Standard Bank credential phishing attempt (malware-other.rules) * 1:58203 <-> DISABLED <-> MALWARE-OTHER Banking credential phishing attempt (malware-other.rules) * 1:58214 <-> DISABLED <-> MALWARE-OTHER Email credential phishing attempt (malware-other.rules) * 1:58216 <-> DISABLED <-> MALWARE-CNC Banking credential stealer credential exfiltration attempt (malware-cnc.rules) * 1:58202 <-> DISABLED <-> MALWARE-OTHER Standard Bank credential phishing attempt (malware-other.rules) * 1:58208 <-> DISABLED <-> MALWARE-OTHER Absa Bank credential phishing attempt (malware-other.rules) * 1:58213 <-> DISABLED <-> MALWARE-OTHER Absa Bank credential phishing attempt (malware-other.rules) * 1:58210 <-> DISABLED <-> MALWARE-OTHER Standard Bank credential phishing attempt (malware-other.rules) * 1:58201 <-> ENABLED <-> SERVER-WEBAPP Zoho ManageEngine ADSelfService Plus authentication bypass attempt (server-webapp.rules) * 1:58212 <-> DISABLED <-> MALWARE-OTHER Absa Bank credential phishing attempt (malware-other.rules) * 1:58204 <-> DISABLED <-> MALWARE-OTHER Absa Bank credential phishing attempt (malware-other.rules) * 1:58207 <-> DISABLED <-> MALWARE-OTHER Banking credential phishing attempt (malware-other.rules) * 1:58218 <-> ENABLED <-> SERVER-WEBAPP VMware vCenter Server file upload attempt (server-webapp.rules) * 1:58219 <-> ENABLED <-> SERVER-WEBAPP VMware vCenter Server file upload attempt (server-webapp.rules) * 1:58209 <-> DISABLED <-> DELETED MALWARE-OTHER Email credential phishing attempt (deleted.rules) * 1:58200 <-> DISABLED <-> MALWARE-OTHER Webshell.Backdoor.Agent variant upload detected (malware-other.rules) * 3:58221 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1375 attack attempt (file-image.rules) * 3:58223 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1375 attack attempt (file-image.rules) * 3:58220 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1375 attack attempt (file-image.rules) * 3:58222 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1375 attack attempt (file-image.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091300.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:58209 <-> DISABLED <-> DELETED MALWARE-OTHER Email credential phishing attempt (deleted.rules) * 1:58200 <-> DISABLED <-> MALWARE-OTHER Webshell.Backdoor.Agent variant upload detected (malware-other.rules) * 1:58214 <-> DISABLED <-> MALWARE-OTHER Email credential phishing attempt (malware-other.rules) * 1:58211 <-> DISABLED <-> MALWARE-OTHER Standard Bank credential phishing attempt (malware-other.rules) * 1:58203 <-> DISABLED <-> MALWARE-OTHER Banking credential phishing attempt (malware-other.rules) * 1:58215 <-> DISABLED <-> MALWARE-OTHER Email credential phishing attempt (malware-other.rules) * 1:58204 <-> DISABLED <-> MALWARE-OTHER Absa Bank credential phishing attempt (malware-other.rules) * 1:58219 <-> ENABLED <-> SERVER-WEBAPP VMware vCenter Server file upload attempt (server-webapp.rules) * 1:58206 <-> DISABLED <-> MALWARE-OTHER Standard Bank credential phishing attempt (malware-other.rules) * 1:58217 <-> ENABLED <-> SERVER-WEBAPP VMware vCenter Server remote code execution attempt (server-webapp.rules) * 1:58212 <-> DISABLED <-> MALWARE-OTHER Absa Bank credential phishing attempt (malware-other.rules) * 1:58213 <-> DISABLED <-> MALWARE-OTHER Absa Bank credential phishing attempt (malware-other.rules) * 1:58202 <-> DISABLED <-> MALWARE-OTHER Standard Bank credential phishing attempt (malware-other.rules) * 1:58207 <-> DISABLED <-> MALWARE-OTHER Banking credential phishing attempt (malware-other.rules) * 1:58201 <-> ENABLED <-> SERVER-WEBAPP Zoho ManageEngine ADSelfService Plus authentication bypass attempt (server-webapp.rules) * 1:58205 <-> DISABLED <-> DELETED MALWARE-OTHER Email credential phishing attempt (deleted.rules) * 1:58210 <-> DISABLED <-> MALWARE-OTHER Standard Bank credential phishing attempt (malware-other.rules) * 1:58208 <-> DISABLED <-> MALWARE-OTHER Absa Bank credential phishing attempt (malware-other.rules) * 1:58218 <-> ENABLED <-> SERVER-WEBAPP VMware vCenter Server file upload attempt (server-webapp.rules) * 1:58216 <-> DISABLED <-> MALWARE-CNC Banking credential stealer credential exfiltration attempt (malware-cnc.rules) * 3:58222 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1375 attack attempt (file-image.rules) * 3:58221 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1375 attack attempt (file-image.rules) * 3:58223 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1375 attack attempt (file-image.rules) * 3:58220 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1375 attack attempt (file-image.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091101.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:58216 <-> DISABLED <-> MALWARE-CNC Banking credential stealer credential exfiltration attempt (malware-cnc.rules) * 1:58202 <-> DISABLED <-> MALWARE-OTHER Standard Bank credential phishing attempt (malware-other.rules) * 1:58205 <-> DISABLED <-> DELETED MALWARE-OTHER Email credential phishing attempt (deleted.rules) * 1:58219 <-> ENABLED <-> SERVER-WEBAPP VMware vCenter Server file upload attempt (server-webapp.rules) * 1:58207 <-> DISABLED <-> MALWARE-OTHER Banking credential phishing attempt (malware-other.rules) * 1:58217 <-> ENABLED <-> SERVER-WEBAPP VMware vCenter Server remote code execution attempt (server-webapp.rules) * 1:58206 <-> DISABLED <-> MALWARE-OTHER Standard Bank credential phishing attempt (malware-other.rules) * 1:58208 <-> DISABLED <-> MALWARE-OTHER Absa Bank credential phishing attempt (malware-other.rules) * 1:58209 <-> DISABLED <-> DELETED MALWARE-OTHER Email credential phishing attempt (deleted.rules) * 1:58210 <-> DISABLED <-> MALWARE-OTHER Standard Bank credential phishing attempt (malware-other.rules) * 1:58211 <-> DISABLED <-> MALWARE-OTHER Standard Bank credential phishing attempt (malware-other.rules) * 1:58212 <-> DISABLED <-> MALWARE-OTHER Absa Bank credential phishing attempt (malware-other.rules) * 1:58213 <-> DISABLED <-> MALWARE-OTHER Absa Bank credential phishing attempt (malware-other.rules) * 1:58200 <-> DISABLED <-> MALWARE-OTHER Webshell.Backdoor.Agent variant upload detected (malware-other.rules) * 1:58214 <-> DISABLED <-> MALWARE-OTHER Email credential phishing attempt (malware-other.rules) * 1:58215 <-> DISABLED <-> MALWARE-OTHER Email credential phishing attempt (malware-other.rules) * 1:58201 <-> ENABLED <-> SERVER-WEBAPP Zoho ManageEngine ADSelfService Plus authentication bypass attempt (server-webapp.rules) * 1:58203 <-> DISABLED <-> MALWARE-OTHER Banking credential phishing attempt (malware-other.rules) * 1:58204 <-> DISABLED <-> MALWARE-OTHER Absa Bank credential phishing attempt (malware-other.rules) * 1:58218 <-> ENABLED <-> SERVER-WEBAPP VMware vCenter Server file upload attempt (server-webapp.rules) * 3:58220 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1375 attack attempt (file-image.rules) * 3:58221 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1375 attack attempt (file-image.rules) * 3:58222 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1375 attack attempt (file-image.rules) * 3:58223 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1375 attack attempt (file-image.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3000.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:58219 <-> ENABLED <-> SERVER-WEBAPP VMware vCenter Server file upload attempt (snort3-server-webapp.rules) * 1:58200 <-> DISABLED <-> MALWARE-OTHER Webshell.Backdoor.Agent variant upload detected (snort3-malware-other.rules) * 1:58208 <-> DISABLED <-> MALWARE-OTHER Absa Bank credential phishing attempt (snort3-malware-other.rules) * 1:58206 <-> DISABLED <-> MALWARE-OTHER Standard Bank credential phishing attempt (snort3-malware-other.rules) * 1:58212 <-> DISABLED <-> MALWARE-OTHER Absa Bank credential phishing attempt (snort3-malware-other.rules) * 1:58203 <-> DISABLED <-> MALWARE-OTHER Banking credential phishing attempt (snort3-malware-other.rules) * 1:58209 <-> DISABLED <-> DELETED MALWARE-OTHER Email credential phishing attempt (snort3-deleted.rules) * 1:58207 <-> DISABLED <-> MALWARE-OTHER Banking credential phishing attempt (snort3-malware-other.rules) * 1:58210 <-> DISABLED <-> MALWARE-OTHER Standard Bank credential phishing attempt (snort3-malware-other.rules) * 1:58211 <-> DISABLED <-> MALWARE-OTHER Standard Bank credential phishing attempt (snort3-malware-other.rules) * 1:58213 <-> DISABLED <-> MALWARE-OTHER Absa Bank credential phishing attempt (snort3-malware-other.rules) * 1:58214 <-> DISABLED <-> MALWARE-OTHER Email credential phishing attempt (snort3-malware-other.rules) * 1:58215 <-> DISABLED <-> MALWARE-OTHER Email credential phishing attempt (snort3-malware-other.rules) * 1:58216 <-> DISABLED <-> MALWARE-CNC Banking credential stealer credential exfiltration attempt (snort3-malware-cnc.rules) * 1:58201 <-> ENABLED <-> SERVER-WEBAPP Zoho ManageEngine ADSelfService Plus authentication bypass attempt (snort3-server-webapp.rules) * 1:58202 <-> DISABLED <-> MALWARE-OTHER Standard Bank credential phishing attempt (snort3-malware-other.rules) * 1:58205 <-> DISABLED <-> DELETED MALWARE-OTHER Email credential phishing attempt (snort3-deleted.rules) * 1:58218 <-> ENABLED <-> SERVER-WEBAPP VMware vCenter Server file upload attempt (snort3-server-webapp.rules) * 1:58217 <-> ENABLED <-> SERVER-WEBAPP VMware vCenter Server remote code execution attempt (snort3-server-webapp.rules) * 1:58204 <-> DISABLED <-> MALWARE-OTHER Absa Bank credential phishing attempt (snort3-malware-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:58212 <-> DISABLED <-> MALWARE-OTHER Absa Bank credential phishing attempt (malware-other.rules) * 1:58218 <-> ENABLED <-> SERVER-WEBAPP VMware vCenter Server file upload attempt (server-webapp.rules) * 1:58200 <-> DISABLED <-> MALWARE-OTHER Webshell.Backdoor.Agent variant upload detected (malware-other.rules) * 1:58216 <-> DISABLED <-> MALWARE-CNC Banking credential stealer credential exfiltration attempt (malware-cnc.rules) * 1:58205 <-> DISABLED <-> DELETED MALWARE-OTHER Email credential phishing attempt (deleted.rules) * 1:58215 <-> DISABLED <-> MALWARE-OTHER Email credential phishing attempt (malware-other.rules) * 1:58204 <-> DISABLED <-> MALWARE-OTHER Absa Bank credential phishing attempt (malware-other.rules) * 1:58214 <-> DISABLED <-> MALWARE-OTHER Email credential phishing attempt (malware-other.rules) * 1:58202 <-> DISABLED <-> MALWARE-OTHER Standard Bank credential phishing attempt (malware-other.rules) * 1:58219 <-> ENABLED <-> SERVER-WEBAPP VMware vCenter Server file upload attempt (server-webapp.rules) * 1:58208 <-> DISABLED <-> MALWARE-OTHER Absa Bank credential phishing attempt (malware-other.rules) * 1:58207 <-> DISABLED <-> MALWARE-OTHER Banking credential phishing attempt (malware-other.rules) * 1:58211 <-> DISABLED <-> MALWARE-OTHER Standard Bank credential phishing attempt (malware-other.rules) * 1:58210 <-> DISABLED <-> MALWARE-OTHER Standard Bank credential phishing attempt (malware-other.rules) * 1:58201 <-> ENABLED <-> SERVER-WEBAPP Zoho ManageEngine ADSelfService Plus authentication bypass attempt (server-webapp.rules) * 1:58203 <-> DISABLED <-> MALWARE-OTHER Banking credential phishing attempt (malware-other.rules) * 1:58213 <-> DISABLED <-> MALWARE-OTHER Absa Bank credential phishing attempt (malware-other.rules) * 1:58209 <-> DISABLED <-> DELETED MALWARE-OTHER Email credential phishing attempt (deleted.rules) * 1:58206 <-> DISABLED <-> MALWARE-OTHER Standard Bank credential phishing attempt (malware-other.rules) * 1:58217 <-> ENABLED <-> SERVER-WEBAPP VMware vCenter Server remote code execution attempt (server-webapp.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.0.3.1.
The format of the file is:
gid:sid <-> Message
* 1:58200 <-> MALWARE-OTHER Webshell.Backdoor.Agent variant upload detected * 1:58201 <-> SERVER-WEBAPP Zoho ManageEngine ADSelfService Plus authentication bypass attempt * 1:58202 <-> MALWARE-OTHER Standard Bank credential phishing attempt * 1:58203 <-> MALWARE-OTHER Banking credential phishing attempt * 1:58204 <-> MALWARE-OTHER Absa Bank credential phishing attempt * 1:58206 <-> MALWARE-OTHER Standard Bank credential phishing attempt * 1:58207 <-> MALWARE-OTHER Banking credential phishing attempt * 1:58208 <-> MALWARE-OTHER Absa Bank credential phishing attempt * 1:58210 <-> MALWARE-OTHER Standard Bank credential phishing attempt * 1:58211 <-> MALWARE-OTHER Standard Bank credential phishing attempt * 1:58212 <-> MALWARE-OTHER Absa Bank credential phishing attempt * 1:58213 <-> MALWARE-OTHER Absa Bank credential phishing attempt * 1:58214 <-> MALWARE-OTHER Email credential phishing attempt * 1:58215 <-> MALWARE-OTHER Email credential phishing attempt * 1:58216 <-> MALWARE-CNC Banking credential stealer credential exfiltration attempt * 1:58217 <-> SERVER-WEBAPP VMware vCenter Server remote code execution attempt * 1:58218 <-> SERVER-WEBAPP VMware vCenter Server file upload attempt * 1:58219 <-> SERVER-WEBAPP VMware vCenter Server file upload attempt * 3:58220 <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1375 attack attempt * 3:58221 <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1375 attack attempt * 3:58222 <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1375 attack attempt * 3:58223 <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1375 attack attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.0.3.4.
The format of the file is:
gid:sid <-> Message
* 1:58200 <-> MALWARE-OTHER Webshell.Backdoor.Agent variant upload detected * 1:58201 <-> SERVER-WEBAPP Zoho ManageEngine ADSelfService Plus authentication bypass attempt * 1:58202 <-> MALWARE-OTHER Standard Bank credential phishing attempt * 1:58203 <-> MALWARE-OTHER Banking credential phishing attempt * 1:58204 <-> MALWARE-OTHER Absa Bank credential phishing attempt * 1:58206 <-> MALWARE-OTHER Standard Bank credential phishing attempt * 1:58207 <-> MALWARE-OTHER Banking credential phishing attempt * 1:58208 <-> MALWARE-OTHER Absa Bank credential phishing attempt * 1:58210 <-> MALWARE-OTHER Standard Bank credential phishing attempt * 1:58211 <-> MALWARE-OTHER Standard Bank credential phishing attempt * 1:58212 <-> MALWARE-OTHER Absa Bank credential phishing attempt * 1:58213 <-> MALWARE-OTHER Absa Bank credential phishing attempt * 1:58214 <-> MALWARE-OTHER Email credential phishing attempt * 1:58215 <-> MALWARE-OTHER Email credential phishing attempt * 1:58216 <-> MALWARE-CNC Banking credential stealer credential exfiltration attempt * 1:58217 <-> SERVER-WEBAPP VMware vCenter Server remote code execution attempt * 1:58218 <-> SERVER-WEBAPP VMware vCenter Server file upload attempt * 1:58219 <-> SERVER-WEBAPP VMware vCenter Server file upload attempt * 3:58220 <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1375 attack attempt * 3:58221 <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1375 attack attempt * 3:58222 <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1375 attack attempt * 3:58223 <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1375 attack attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.0.0.
The format of the file is:
gid:sid <-> Message
* 1:58200 <-> MALWARE-OTHER Webshell.Backdoor.Agent variant upload detected * 1:58201 <-> SERVER-WEBAPP Zoho ManageEngine ADSelfService Plus authentication bypass attempt * 1:58202 <-> MALWARE-OTHER Standard Bank credential phishing attempt * 1:58203 <-> MALWARE-OTHER Banking credential phishing attempt * 1:58204 <-> MALWARE-OTHER Absa Bank credential phishing attempt * 1:58206 <-> MALWARE-OTHER Standard Bank credential phishing attempt * 1:58207 <-> MALWARE-OTHER Banking credential phishing attempt * 1:58208 <-> MALWARE-OTHER Absa Bank credential phishing attempt * 1:58210 <-> MALWARE-OTHER Standard Bank credential phishing attempt * 1:58211 <-> MALWARE-OTHER Standard Bank credential phishing attempt * 1:58212 <-> MALWARE-OTHER Absa Bank credential phishing attempt * 1:58213 <-> MALWARE-OTHER Absa Bank credential phishing attempt * 1:58214 <-> MALWARE-OTHER Email credential phishing attempt * 1:58215 <-> MALWARE-OTHER Email credential phishing attempt * 1:58216 <-> MALWARE-CNC Banking credential stealer credential exfiltration attempt * 1:58217 <-> SERVER-WEBAPP VMware vCenter Server remote code execution attempt * 1:58218 <-> SERVER-WEBAPP VMware vCenter Server file upload attempt * 1:58219 <-> SERVER-WEBAPP VMware vCenter Server file upload attempt * 3:58220 <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1375 attack attempt * 3:58221 <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1375 attack attempt * 3:58222 <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1375 attack attempt * 3:58223 <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1375 attack attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.0.1.
The format of the file is:
gid:sid <-> Message
* 1:58200 <-> MALWARE-OTHER Webshell.Backdoor.Agent variant upload detected * 1:58201 <-> SERVER-WEBAPP Zoho ManageEngine ADSelfService Plus authentication bypass attempt * 1:58202 <-> MALWARE-OTHER Standard Bank credential phishing attempt * 1:58203 <-> MALWARE-OTHER Banking credential phishing attempt * 1:58204 <-> MALWARE-OTHER Absa Bank credential phishing attempt * 1:58206 <-> MALWARE-OTHER Standard Bank credential phishing attempt * 1:58207 <-> MALWARE-OTHER Banking credential phishing attempt * 1:58208 <-> MALWARE-OTHER Absa Bank credential phishing attempt * 1:58210 <-> MALWARE-OTHER Standard Bank credential phishing attempt * 1:58211 <-> MALWARE-OTHER Standard Bank credential phishing attempt * 1:58212 <-> MALWARE-OTHER Absa Bank credential phishing attempt * 1:58213 <-> MALWARE-OTHER Absa Bank credential phishing attempt * 1:58214 <-> MALWARE-OTHER Email credential phishing attempt * 1:58215 <-> MALWARE-OTHER Email credential phishing attempt * 1:58216 <-> MALWARE-CNC Banking credential stealer credential exfiltration attempt * 1:58217 <-> SERVER-WEBAPP VMware vCenter Server remote code execution attempt * 1:58218 <-> SERVER-WEBAPP VMware vCenter Server file upload attempt * 1:58219 <-> SERVER-WEBAPP VMware vCenter Server file upload attempt * 3:58220 <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1375 attack attempt * 3:58221 <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1375 attack attempt * 3:58222 <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1375 attack attempt * 3:58223 <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1375 attack attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.1.0.
The format of the file is:
gid:sid <-> Message
* 1:58200 <-> MALWARE-OTHER Webshell.Backdoor.Agent variant upload detected * 1:58201 <-> SERVER-WEBAPP Zoho ManageEngine ADSelfService Plus authentication bypass attempt * 1:58202 <-> MALWARE-OTHER Standard Bank credential phishing attempt * 1:58203 <-> MALWARE-OTHER Banking credential phishing attempt * 1:58204 <-> MALWARE-OTHER Absa Bank credential phishing attempt * 1:58206 <-> MALWARE-OTHER Standard Bank credential phishing attempt * 1:58207 <-> MALWARE-OTHER Banking credential phishing attempt * 1:58208 <-> MALWARE-OTHER Absa Bank credential phishing attempt * 1:58210 <-> MALWARE-OTHER Standard Bank credential phishing attempt * 1:58211 <-> MALWARE-OTHER Standard Bank credential phishing attempt * 1:58212 <-> MALWARE-OTHER Absa Bank credential phishing attempt * 1:58213 <-> MALWARE-OTHER Absa Bank credential phishing attempt * 1:58214 <-> MALWARE-OTHER Email credential phishing attempt * 1:58215 <-> MALWARE-OTHER Email credential phishing attempt * 1:58216 <-> MALWARE-CNC Banking credential stealer credential exfiltration attempt * 1:58217 <-> SERVER-WEBAPP VMware vCenter Server remote code execution attempt * 1:58218 <-> SERVER-WEBAPP VMware vCenter Server file upload attempt * 1:58219 <-> SERVER-WEBAPP VMware vCenter Server file upload attempt * 3:58220 <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1375 attack attempt * 3:58221 <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1375 attack attempt * 3:58222 <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1375 attack attempt * 3:58223 <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1375 attack attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.3.0.
The format of the file is:
gid:sid <-> Message
* 1:58200 <-> MALWARE-OTHER Webshell.Backdoor.Agent variant upload detected * 1:58201 <-> SERVER-WEBAPP Zoho ManageEngine ADSelfService Plus authentication bypass attempt * 1:58202 <-> MALWARE-OTHER Standard Bank credential phishing attempt * 1:58203 <-> MALWARE-OTHER Banking credential phishing attempt * 1:58204 <-> MALWARE-OTHER Absa Bank credential phishing attempt * 1:58206 <-> MALWARE-OTHER Standard Bank credential phishing attempt * 1:58207 <-> MALWARE-OTHER Banking credential phishing attempt * 1:58208 <-> MALWARE-OTHER Absa Bank credential phishing attempt * 1:58210 <-> MALWARE-OTHER Standard Bank credential phishing attempt * 1:58211 <-> MALWARE-OTHER Standard Bank credential phishing attempt * 1:58212 <-> MALWARE-OTHER Absa Bank credential phishing attempt * 1:58213 <-> MALWARE-OTHER Absa Bank credential phishing attempt * 1:58214 <-> MALWARE-OTHER Email credential phishing attempt * 1:58215 <-> MALWARE-OTHER Email credential phishing attempt * 1:58216 <-> MALWARE-CNC Banking credential stealer credential exfiltration attempt * 1:58217 <-> SERVER-WEBAPP VMware vCenter Server remote code execution attempt * 1:58218 <-> SERVER-WEBAPP VMware vCenter Server file upload attempt * 1:58219 <-> SERVER-WEBAPP VMware vCenter Server file upload attempt * 3:58220 <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1375 attack attempt * 3:58221 <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1375 attack attempt * 3:58222 <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1375 attack attempt * 3:58223 <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1375 attack attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.4.0.
The format of the file is:
gid:sid <-> Message
* 1:58200 <-> MALWARE-OTHER Webshell.Backdoor.Agent variant upload detected * 1:58201 <-> SERVER-WEBAPP Zoho ManageEngine ADSelfService Plus authentication bypass attempt * 1:58202 <-> MALWARE-OTHER Standard Bank credential phishing attempt * 1:58203 <-> MALWARE-OTHER Banking credential phishing attempt * 1:58204 <-> MALWARE-OTHER Absa Bank credential phishing attempt * 1:58206 <-> MALWARE-OTHER Standard Bank credential phishing attempt * 1:58207 <-> MALWARE-OTHER Banking credential phishing attempt * 1:58208 <-> MALWARE-OTHER Absa Bank credential phishing attempt * 1:58210 <-> MALWARE-OTHER Standard Bank credential phishing attempt * 1:58211 <-> MALWARE-OTHER Standard Bank credential phishing attempt * 1:58212 <-> MALWARE-OTHER Absa Bank credential phishing attempt * 1:58213 <-> MALWARE-OTHER Absa Bank credential phishing attempt * 1:58214 <-> MALWARE-OTHER Email credential phishing attempt * 1:58215 <-> MALWARE-OTHER Email credential phishing attempt * 1:58216 <-> MALWARE-CNC Banking credential stealer credential exfiltration attempt * 1:58217 <-> SERVER-WEBAPP VMware vCenter Server remote code execution attempt * 1:58218 <-> SERVER-WEBAPP VMware vCenter Server file upload attempt * 1:58219 <-> SERVER-WEBAPP VMware vCenter Server file upload attempt * 3:58220 <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1375 attack attempt * 3:58221 <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1375 attack attempt * 3:58222 <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1375 attack attempt * 3:58223 <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1375 attack attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.5.0.
The format of the file is:
gid:sid <-> Message
* 1:58200 <-> MALWARE-OTHER Webshell.Backdoor.Agent variant upload detected * 1:58201 <-> SERVER-WEBAPP Zoho ManageEngine ADSelfService Plus authentication bypass attempt * 1:58202 <-> MALWARE-OTHER Standard Bank credential phishing attempt * 1:58203 <-> MALWARE-OTHER Banking credential phishing attempt * 1:58204 <-> MALWARE-OTHER Absa Bank credential phishing attempt * 1:58206 <-> MALWARE-OTHER Standard Bank credential phishing attempt * 1:58207 <-> MALWARE-OTHER Banking credential phishing attempt * 1:58208 <-> MALWARE-OTHER Absa Bank credential phishing attempt * 1:58210 <-> MALWARE-OTHER Standard Bank credential phishing attempt * 1:58211 <-> MALWARE-OTHER Standard Bank credential phishing attempt * 1:58212 <-> MALWARE-OTHER Absa Bank credential phishing attempt * 1:58213 <-> MALWARE-OTHER Absa Bank credential phishing attempt * 1:58214 <-> MALWARE-OTHER Email credential phishing attempt * 1:58215 <-> MALWARE-OTHER Email credential phishing attempt * 1:58216 <-> MALWARE-CNC Banking credential stealer credential exfiltration attempt * 1:58217 <-> SERVER-WEBAPP VMware vCenter Server remote code execution attempt * 1:58218 <-> SERVER-WEBAPP VMware vCenter Server file upload attempt * 1:58219 <-> SERVER-WEBAPP VMware vCenter Server file upload attempt * 3:58220 <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1375 attack attempt * 3:58221 <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1375 attack attempt * 3:58222 <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1375 attack attempt * 3:58223 <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1375 attack attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.7.0.
The format of the file is:
gid:sid <-> Message
* 1:58200 <-> MALWARE-OTHER Webshell.Backdoor.Agent variant upload detected * 1:58201 <-> SERVER-WEBAPP Zoho ManageEngine ADSelfService Plus authentication bypass attempt * 1:58202 <-> MALWARE-OTHER Standard Bank credential phishing attempt * 1:58203 <-> MALWARE-OTHER Banking credential phishing attempt * 1:58204 <-> MALWARE-OTHER Absa Bank credential phishing attempt * 1:58206 <-> MALWARE-OTHER Standard Bank credential phishing attempt * 1:58207 <-> MALWARE-OTHER Banking credential phishing attempt * 1:58208 <-> MALWARE-OTHER Absa Bank credential phishing attempt * 1:58210 <-> MALWARE-OTHER Standard Bank credential phishing attempt * 1:58211 <-> MALWARE-OTHER Standard Bank credential phishing attempt * 1:58212 <-> MALWARE-OTHER Absa Bank credential phishing attempt * 1:58213 <-> MALWARE-OTHER Absa Bank credential phishing attempt * 1:58214 <-> MALWARE-OTHER Email credential phishing attempt * 1:58215 <-> MALWARE-OTHER Email credential phishing attempt * 1:58216 <-> MALWARE-CNC Banking credential stealer credential exfiltration attempt * 1:58217 <-> SERVER-WEBAPP VMware vCenter Server remote code execution attempt * 1:58218 <-> SERVER-WEBAPP VMware vCenter Server file upload attempt * 1:58219 <-> SERVER-WEBAPP VMware vCenter Server file upload attempt * 3:58220 <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1375 attack attempt * 3:58221 <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1375 attack attempt * 3:58222 <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1375 attack attempt * 3:58223 <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1375 attack attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.9.0.
The format of the file is:
gid:sid <-> Message
* 1:58200 <-> MALWARE-OTHER Webshell.Backdoor.Agent variant upload detected * 1:58201 <-> SERVER-WEBAPP Zoho ManageEngine ADSelfService Plus authentication bypass attempt * 1:58202 <-> MALWARE-OTHER Standard Bank credential phishing attempt * 1:58203 <-> MALWARE-OTHER Banking credential phishing attempt * 1:58204 <-> MALWARE-OTHER Absa Bank credential phishing attempt * 1:58206 <-> MALWARE-OTHER Standard Bank credential phishing attempt * 1:58207 <-> MALWARE-OTHER Banking credential phishing attempt * 1:58208 <-> MALWARE-OTHER Absa Bank credential phishing attempt * 1:58210 <-> MALWARE-OTHER Standard Bank credential phishing attempt * 1:58211 <-> MALWARE-OTHER Standard Bank credential phishing attempt * 1:58212 <-> MALWARE-OTHER Absa Bank credential phishing attempt * 1:58213 <-> MALWARE-OTHER Absa Bank credential phishing attempt * 1:58214 <-> MALWARE-OTHER Email credential phishing attempt * 1:58215 <-> MALWARE-OTHER Email credential phishing attempt * 1:58216 <-> MALWARE-CNC Banking credential stealer credential exfiltration attempt * 1:58217 <-> SERVER-WEBAPP VMware vCenter Server remote code execution attempt * 1:58218 <-> SERVER-WEBAPP VMware vCenter Server file upload attempt * 1:58219 <-> SERVER-WEBAPP VMware vCenter Server file upload attempt * 3:58220 <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1375 attack attempt * 3:58221 <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1375 attack attempt * 3:58222 <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1375 attack attempt * 3:58223 <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1375 attack attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.11.0.
The format of the file is:
gid:sid <-> Message
* 1:58200 <-> MALWARE-OTHER Webshell.Backdoor.Agent variant upload detected * 1:58201 <-> SERVER-WEBAPP Zoho ManageEngine ADSelfService Plus authentication bypass attempt * 1:58202 <-> MALWARE-OTHER Standard Bank credential phishing attempt * 1:58203 <-> MALWARE-OTHER Banking credential phishing attempt * 1:58204 <-> MALWARE-OTHER Absa Bank credential phishing attempt * 1:58206 <-> MALWARE-OTHER Standard Bank credential phishing attempt * 1:58207 <-> MALWARE-OTHER Banking credential phishing attempt * 1:58208 <-> MALWARE-OTHER Absa Bank credential phishing attempt * 1:58210 <-> MALWARE-OTHER Standard Bank credential phishing attempt * 1:58211 <-> MALWARE-OTHER Standard Bank credential phishing attempt * 1:58212 <-> MALWARE-OTHER Absa Bank credential phishing attempt * 1:58213 <-> MALWARE-OTHER Absa Bank credential phishing attempt * 1:58214 <-> MALWARE-OTHER Email credential phishing attempt * 1:58215 <-> MALWARE-OTHER Email credential phishing attempt * 1:58216 <-> MALWARE-CNC Banking credential stealer credential exfiltration attempt * 1:58217 <-> SERVER-WEBAPP VMware vCenter Server remote code execution attempt * 1:58218 <-> SERVER-WEBAPP VMware vCenter Server file upload attempt * 1:58219 <-> SERVER-WEBAPP VMware vCenter Server file upload attempt * 3:58220 <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1375 attack attempt * 3:58221 <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1375 attack attempt * 3:58222 <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1375 attack attempt * 3:58223 <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1375 attack attempt
©2024 Cisco and/or its affiliates. Snort, the Snort and Pig logo are registered trademarks of Cisco. All rights reserved.
