Snort - Network Intrusion Detection & Prevention System

Talos Rules 2023-02-09

This release adds and modifies rules in several categories.

Talos has added and modified multiple rules in the indicator-compromise, malware-cnc, malware-other, malware-tools, os-linux, os-windows and server-other rule sets to provide coverage for emerging threats from these technologies.

For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.

Change logs

29200

2023-02-09 14:52:28 UTC

Snort Subscriber Rules Update

Date: 2023-02-09

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2092000.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:61273 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Turla Crutch backdoor download (malware-other.rules)
 * 1:61274 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Turla Crutch backdoor download (malware-other.rules)
 * 1:61275 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt (indicator-compromise.rules)
 * 1:61276 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt (indicator-compromise.rules)
 * 1:61277 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt (indicator-compromise.rules)
 * 1:61278 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt (indicator-compromise.rules)
 * 1:61279 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt (indicator-compromise.rules)
 * 1:61280 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt (indicator-compromise.rules)
 * 1:61281 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt (indicator-compromise.rules)
 * 1:61282 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt (indicator-compromise.rules)
 * 1:61283 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Zerologon download attempt (indicator-compromise.rules)
 * 1:61284 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Zerologon download attempt (indicator-compromise.rules)
 * 1:61285 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt (indicator-compromise.rules)
 * 1:61286 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt (indicator-compromise.rules)
 * 1:61287 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit PrintNightmare download attempt (indicator-compromise.rules)
 * 1:61288 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit PrintNightmare download attempt (indicator-compromise.rules)
 * 1:61289 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit JuicyPotato download attempt (indicator-compromise.rules)
 * 1:61290 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit JuicyPotato download attempt (indicator-compromise.rules)
 * 1:61291 <-> DISABLED <-> SERVER-OTHER FortiOS SSLVPNd Content-Length memory corruption attempt (server-other.rules)
 * 1:61292 <-> DISABLED <-> OS-LINUX KSMBD unauthenticated remote heap overflow attempt (os-linux.rules)
 * 1:61293 <-> DISABLED <-> MALWARE-TOOLS Win.Tool.WinPWN UAC bypass module download attempt (malware-tools.rules)
 * 1:61294 <-> DISABLED <-> MALWARE-TOOLS Win.Tool.WinPWN UAC bypass module download attempt (malware-tools.rules)
 * 1:61295 <-> DISABLED <-> MALWARE-TOOLS Win.Tool.WinPWN UAC bypass module download attempt (malware-tools.rules)
 * 1:61296 <-> DISABLED <-> MALWARE-TOOLS Win.Tool.WinPWN UAC bypass module download attempt (malware-tools.rules)
 * 1:61297 <-> DISABLED <-> MALWARE-TOOLS Win.Tool.WinPWN Disk Cleanup UAC bypass module download attempt (malware-tools.rules)
 * 1:61298 <-> DISABLED <-> MALWARE-TOOLS Win.Tool.WinPWN Disk Cleanup UAC bypass module download attempt (malware-tools.rules)
 * 1:61299 <-> DISABLED <-> MALWARE-TOOLS Win.Tool.WinPWN amsi module download attempt (malware-tools.rules)
 * 1:61300 <-> DISABLED <-> MALWARE-TOOLS Win.Tool.WinPWN amsi module download attempt (malware-tools.rules)
 * 1:61301 <-> DISABLED <-> MALWARE-TOOLS Win.Tool.WinPWN adpass module download attempt (malware-tools.rules)
 * 1:61302 <-> DISABLED <-> MALWARE-TOOLS Win.Tool.WinPWN adpass module download attempt (malware-tools.rules)
 * 1:61303 <-> DISABLED <-> OS-WINDOWS Microsoft Windows PPTP denial-of-service attempt (os-windows.rules)
 * 1:61304 <-> ENABLED <-> MALWARE-CNC Win.Trojan.njRAT variant download attempt (malware-cnc.rules)
 * 1:61305 <-> ENABLED <-> MALWARE-CNC Win.Trojan.njRAT variant download attempt (malware-cnc.rules)
 * 1:61306 <-> ENABLED <-> MALWARE-CNC Win.Trojan.njRAT variant download attempt (malware-cnc.rules)
 * 1:61307 <-> ENABLED <-> MALWARE-CNC Win.Trojan.njRAT variant download attempt (malware-cnc.rules)
 * 1:61308 <-> ENABLED <-> MALWARE-CNC Win.Trojan.njRAT variant download attempt (malware-cnc.rules)
 * 1:61309 <-> ENABLED <-> MALWARE-CNC Win.Trojan.njRAT variant download attempt (malware-cnc.rules)
 * 1:61310 <-> ENABLED <-> MALWARE-CNC Win.Trojan.njRAT variant download attempt (malware-cnc.rules)
 * 1:61311 <-> ENABLED <-> MALWARE-CNC Win.Trojan.njRAT variant download attempt (malware-cnc.rules)

Modified Rules:


 * 1:59738 <-> DISABLED <-> OS-WINDOWS Windows Network File System remote code execution attempt (os-windows.rules)
 * 1:59739 <-> DISABLED <-> PROTOCOL-RPC Portmapper NLM GETADDR call attempt (protocol-rpc.rules)
 * 1:59740 <-> DISABLED <-> OS-WINDOWS Windows Network File System remote code execution attempt (os-windows.rules)
 * 1:59741 <-> DISABLED <-> PROTOCOL-RPC Portmapper NLM GETADDR call attempt (protocol-rpc.rules)

29190

2023-02-09 14:52:28 UTC

Snort Subscriber Rules Update

Date: 2023-02-09

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091900.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:61309 <-> ENABLED <-> MALWARE-CNC Win.Trojan.njRAT variant download attempt (malware-cnc.rules)
 * 1:61310 <-> ENABLED <-> MALWARE-CNC Win.Trojan.njRAT variant download attempt (malware-cnc.rules)
 * 1:61300 <-> DISABLED <-> MALWARE-TOOLS Win.Tool.WinPWN amsi module download attempt (malware-tools.rules)
 * 1:61299 <-> DISABLED <-> MALWARE-TOOLS Win.Tool.WinPWN amsi module download attempt (malware-tools.rules)
 * 1:61311 <-> ENABLED <-> MALWARE-CNC Win.Trojan.njRAT variant download attempt (malware-cnc.rules)
 * 1:61273 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Turla Crutch backdoor download (malware-other.rules)
 * 1:61275 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt (indicator-compromise.rules)
 * 1:61276 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt (indicator-compromise.rules)
 * 1:61277 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt (indicator-compromise.rules)
 * 1:61278 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt (indicator-compromise.rules)
 * 1:61279 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt (indicator-compromise.rules)
 * 1:61280 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt (indicator-compromise.rules)
 * 1:61281 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt (indicator-compromise.rules)
 * 1:61282 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt (indicator-compromise.rules)
 * 1:61283 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Zerologon download attempt (indicator-compromise.rules)
 * 1:61284 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Zerologon download attempt (indicator-compromise.rules)
 * 1:61285 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt (indicator-compromise.rules)
 * 1:61286 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt (indicator-compromise.rules)
 * 1:61287 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit PrintNightmare download attempt (indicator-compromise.rules)
 * 1:61288 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit PrintNightmare download attempt (indicator-compromise.rules)
 * 1:61289 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit JuicyPotato download attempt (indicator-compromise.rules)
 * 1:61290 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit JuicyPotato download attempt (indicator-compromise.rules)
 * 1:61291 <-> DISABLED <-> SERVER-OTHER FortiOS SSLVPNd Content-Length memory corruption attempt (server-other.rules)
 * 1:61292 <-> DISABLED <-> OS-LINUX KSMBD unauthenticated remote heap overflow attempt (os-linux.rules)
 * 1:61293 <-> DISABLED <-> MALWARE-TOOLS Win.Tool.WinPWN UAC bypass module download attempt (malware-tools.rules)
 * 1:61294 <-> DISABLED <-> MALWARE-TOOLS Win.Tool.WinPWN UAC bypass module download attempt (malware-tools.rules)
 * 1:61295 <-> DISABLED <-> MALWARE-TOOLS Win.Tool.WinPWN UAC bypass module download attempt (malware-tools.rules)
 * 1:61296 <-> DISABLED <-> MALWARE-TOOLS Win.Tool.WinPWN UAC bypass module download attempt (malware-tools.rules)
 * 1:61297 <-> DISABLED <-> MALWARE-TOOLS Win.Tool.WinPWN Disk Cleanup UAC bypass module download attempt (malware-tools.rules)
 * 1:61301 <-> DISABLED <-> MALWARE-TOOLS Win.Tool.WinPWN adpass module download attempt (malware-tools.rules)
 * 1:61302 <-> DISABLED <-> MALWARE-TOOLS Win.Tool.WinPWN adpass module download attempt (malware-tools.rules)
 * 1:61303 <-> DISABLED <-> OS-WINDOWS Microsoft Windows PPTP denial-of-service attempt (os-windows.rules)
 * 1:61304 <-> ENABLED <-> MALWARE-CNC Win.Trojan.njRAT variant download attempt (malware-cnc.rules)
 * 1:61305 <-> ENABLED <-> MALWARE-CNC Win.Trojan.njRAT variant download attempt (malware-cnc.rules)
 * 1:61306 <-> ENABLED <-> MALWARE-CNC Win.Trojan.njRAT variant download attempt (malware-cnc.rules)
 * 1:61307 <-> ENABLED <-> MALWARE-CNC Win.Trojan.njRAT variant download attempt (malware-cnc.rules)
 * 1:61308 <-> ENABLED <-> MALWARE-CNC Win.Trojan.njRAT variant download attempt (malware-cnc.rules)
 * 1:61274 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Turla Crutch backdoor download (malware-other.rules)
 * 1:61298 <-> DISABLED <-> MALWARE-TOOLS Win.Tool.WinPWN Disk Cleanup UAC bypass module download attempt (malware-tools.rules)

Modified Rules:


 * 1:59738 <-> DISABLED <-> OS-WINDOWS Windows Network File System remote code execution attempt (os-windows.rules)
 * 1:59740 <-> DISABLED <-> OS-WINDOWS Windows Network File System remote code execution attempt (os-windows.rules)
 * 1:59739 <-> DISABLED <-> PROTOCOL-RPC Portmapper NLM GETADDR call attempt (protocol-rpc.rules)
 * 1:59741 <-> DISABLED <-> PROTOCOL-RPC Portmapper NLM GETADDR call attempt (protocol-rpc.rules)

29181

2023-02-09 14:52:28 UTC

Snort Subscriber Rules Update

Date: 2023-02-09

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091801.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:61300 <-> DISABLED <-> MALWARE-TOOLS Win.Tool.WinPWN amsi module download attempt (malware-tools.rules)
 * 1:61302 <-> DISABLED <-> MALWARE-TOOLS Win.Tool.WinPWN adpass module download attempt (malware-tools.rules)
 * 1:61307 <-> ENABLED <-> MALWARE-CNC Win.Trojan.njRAT variant download attempt (malware-cnc.rules)
 * 1:61306 <-> ENABLED <-> MALWARE-CNC Win.Trojan.njRAT variant download attempt (malware-cnc.rules)
 * 1:61305 <-> ENABLED <-> MALWARE-CNC Win.Trojan.njRAT variant download attempt (malware-cnc.rules)
 * 1:61308 <-> ENABLED <-> MALWARE-CNC Win.Trojan.njRAT variant download attempt (malware-cnc.rules)
 * 1:61309 <-> ENABLED <-> MALWARE-CNC Win.Trojan.njRAT variant download attempt (malware-cnc.rules)
 * 1:61310 <-> ENABLED <-> MALWARE-CNC Win.Trojan.njRAT variant download attempt (malware-cnc.rules)
 * 1:61311 <-> ENABLED <-> MALWARE-CNC Win.Trojan.njRAT variant download attempt (malware-cnc.rules)
 * 1:61273 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Turla Crutch backdoor download (malware-other.rules)
 * 1:61304 <-> ENABLED <-> MALWARE-CNC Win.Trojan.njRAT variant download attempt (malware-cnc.rules)
 * 1:61274 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Turla Crutch backdoor download (malware-other.rules)
 * 1:61275 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt (indicator-compromise.rules)
 * 1:61276 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt (indicator-compromise.rules)
 * 1:61277 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt (indicator-compromise.rules)
 * 1:61295 <-> DISABLED <-> MALWARE-TOOLS Win.Tool.WinPWN UAC bypass module download attempt (malware-tools.rules)
 * 1:61293 <-> DISABLED <-> MALWARE-TOOLS Win.Tool.WinPWN UAC bypass module download attempt (malware-tools.rules)
 * 1:61294 <-> DISABLED <-> MALWARE-TOOLS Win.Tool.WinPWN UAC bypass module download attempt (malware-tools.rules)
 * 1:61296 <-> DISABLED <-> MALWARE-TOOLS Win.Tool.WinPWN UAC bypass module download attempt (malware-tools.rules)
 * 1:61297 <-> DISABLED <-> MALWARE-TOOLS Win.Tool.WinPWN Disk Cleanup UAC bypass module download attempt (malware-tools.rules)
 * 1:61298 <-> DISABLED <-> MALWARE-TOOLS Win.Tool.WinPWN Disk Cleanup UAC bypass module download attempt (malware-tools.rules)
 * 1:61299 <-> DISABLED <-> MALWARE-TOOLS Win.Tool.WinPWN amsi module download attempt (malware-tools.rules)
 * 1:61303 <-> DISABLED <-> OS-WINDOWS Microsoft Windows PPTP denial-of-service attempt (os-windows.rules)
 * 1:61301 <-> DISABLED <-> MALWARE-TOOLS Win.Tool.WinPWN adpass module download attempt (malware-tools.rules)
 * 1:61278 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt (indicator-compromise.rules)
 * 1:61280 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt (indicator-compromise.rules)
 * 1:61279 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt (indicator-compromise.rules)
 * 1:61282 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt (indicator-compromise.rules)
 * 1:61281 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt (indicator-compromise.rules)
 * 1:61284 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Zerologon download attempt (indicator-compromise.rules)
 * 1:61283 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Zerologon download attempt (indicator-compromise.rules)
 * 1:61286 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt (indicator-compromise.rules)
 * 1:61285 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt (indicator-compromise.rules)
 * 1:61288 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit PrintNightmare download attempt (indicator-compromise.rules)
 * 1:61287 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit PrintNightmare download attempt (indicator-compromise.rules)
 * 1:61290 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit JuicyPotato download attempt (indicator-compromise.rules)
 * 1:61289 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit JuicyPotato download attempt (indicator-compromise.rules)
 * 1:61292 <-> DISABLED <-> OS-LINUX KSMBD unauthenticated remote heap overflow attempt (os-linux.rules)
 * 1:61291 <-> DISABLED <-> SERVER-OTHER FortiOS SSLVPNd Content-Length memory corruption attempt (server-other.rules)

Modified Rules:


 * 1:59738 <-> DISABLED <-> OS-WINDOWS Windows Network File System remote code execution attempt (os-windows.rules)
 * 1:59739 <-> DISABLED <-> PROTOCOL-RPC Portmapper NLM GETADDR call attempt (protocol-rpc.rules)
 * 1:59740 <-> DISABLED <-> OS-WINDOWS Windows Network File System remote code execution attempt (os-windows.rules)
 * 1:59741 <-> DISABLED <-> PROTOCOL-RPC Portmapper NLM GETADDR call attempt (protocol-rpc.rules)

29171

2023-02-09 14:52:28 UTC

Snort Subscriber Rules Update

Date: 2023-02-09

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091701.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:61286 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt (indicator-compromise.rules)
 * 1:61303 <-> DISABLED <-> OS-WINDOWS Microsoft Windows PPTP denial-of-service attempt (os-windows.rules)
 * 1:61306 <-> ENABLED <-> MALWARE-CNC Win.Trojan.njRAT variant download attempt (malware-cnc.rules)
 * 1:61273 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Turla Crutch backdoor download (malware-other.rules)
 * 1:61310 <-> ENABLED <-> MALWARE-CNC Win.Trojan.njRAT variant download attempt (malware-cnc.rules)
 * 1:61309 <-> ENABLED <-> MALWARE-CNC Win.Trojan.njRAT variant download attempt (malware-cnc.rules)
 * 1:61311 <-> ENABLED <-> MALWARE-CNC Win.Trojan.njRAT variant download attempt (malware-cnc.rules)
 * 1:61278 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt (indicator-compromise.rules)
 * 1:61302 <-> DISABLED <-> MALWARE-TOOLS Win.Tool.WinPWN adpass module download attempt (malware-tools.rules)
 * 1:61274 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Turla Crutch backdoor download (malware-other.rules)
 * 1:61276 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt (indicator-compromise.rules)
 * 1:61275 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt (indicator-compromise.rules)
 * 1:61298 <-> DISABLED <-> MALWARE-TOOLS Win.Tool.WinPWN Disk Cleanup UAC bypass module download attempt (malware-tools.rules)
 * 1:61290 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit JuicyPotato download attempt (indicator-compromise.rules)
 * 1:61288 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit PrintNightmare download attempt (indicator-compromise.rules)
 * 1:61292 <-> DISABLED <-> OS-LINUX KSMBD unauthenticated remote heap overflow attempt (os-linux.rules)
 * 1:61289 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit JuicyPotato download attempt (indicator-compromise.rules)
 * 1:61291 <-> DISABLED <-> SERVER-OTHER FortiOS SSLVPNd Content-Length memory corruption attempt (server-other.rules)
 * 1:61294 <-> DISABLED <-> MALWARE-TOOLS Win.Tool.WinPWN UAC bypass module download attempt (malware-tools.rules)
 * 1:61296 <-> DISABLED <-> MALWARE-TOOLS Win.Tool.WinPWN UAC bypass module download attempt (malware-tools.rules)
 * 1:61293 <-> DISABLED <-> MALWARE-TOOLS Win.Tool.WinPWN UAC bypass module download attempt (malware-tools.rules)
 * 1:61307 <-> ENABLED <-> MALWARE-CNC Win.Trojan.njRAT variant download attempt (malware-cnc.rules)
 * 1:61295 <-> DISABLED <-> MALWARE-TOOLS Win.Tool.WinPWN UAC bypass module download attempt (malware-tools.rules)
 * 1:61305 <-> ENABLED <-> MALWARE-CNC Win.Trojan.njRAT variant download attempt (malware-cnc.rules)
 * 1:61308 <-> ENABLED <-> MALWARE-CNC Win.Trojan.njRAT variant download attempt (malware-cnc.rules)
 * 1:61304 <-> ENABLED <-> MALWARE-CNC Win.Trojan.njRAT variant download attempt (malware-cnc.rules)
 * 1:61277 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt (indicator-compromise.rules)
 * 1:61297 <-> DISABLED <-> MALWARE-TOOLS Win.Tool.WinPWN Disk Cleanup UAC bypass module download attempt (malware-tools.rules)
 * 1:61299 <-> DISABLED <-> MALWARE-TOOLS Win.Tool.WinPWN amsi module download attempt (malware-tools.rules)
 * 1:61300 <-> DISABLED <-> MALWARE-TOOLS Win.Tool.WinPWN amsi module download attempt (malware-tools.rules)
 * 1:61301 <-> DISABLED <-> MALWARE-TOOLS Win.Tool.WinPWN adpass module download attempt (malware-tools.rules)
 * 1:61281 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt (indicator-compromise.rules)
 * 1:61280 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt (indicator-compromise.rules)
 * 1:61282 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt (indicator-compromise.rules)
 * 1:61279 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt (indicator-compromise.rules)
 * 1:61283 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Zerologon download attempt (indicator-compromise.rules)
 * 1:61285 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt (indicator-compromise.rules)
 * 1:61284 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Zerologon download attempt (indicator-compromise.rules)
 * 1:61287 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit PrintNightmare download attempt (indicator-compromise.rules)

Modified Rules:


 * 1:59738 <-> DISABLED <-> OS-WINDOWS Windows Network File System remote code execution attempt (os-windows.rules)
 * 1:59739 <-> DISABLED <-> PROTOCOL-RPC Portmapper NLM GETADDR call attempt (protocol-rpc.rules)
 * 1:59740 <-> DISABLED <-> OS-WINDOWS Windows Network File System remote code execution attempt (os-windows.rules)
 * 1:59741 <-> DISABLED <-> PROTOCOL-RPC Portmapper NLM GETADDR call attempt (protocol-rpc.rules)

29170

2023-02-09 14:52:28 UTC

Snort Subscriber Rules Update

Date: 2023-02-09

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091700.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:61289 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit JuicyPotato download attempt (indicator-compromise.rules)
 * 1:61310 <-> ENABLED <-> MALWARE-CNC Win.Trojan.njRAT variant download attempt (malware-cnc.rules)
 * 1:61296 <-> DISABLED <-> MALWARE-TOOLS Win.Tool.WinPWN UAC bypass module download attempt (malware-tools.rules)
 * 1:61307 <-> ENABLED <-> MALWARE-CNC Win.Trojan.njRAT variant download attempt (malware-cnc.rules)
 * 1:61302 <-> DISABLED <-> MALWARE-TOOLS Win.Tool.WinPWN adpass module download attempt (malware-tools.rules)
 * 1:61305 <-> ENABLED <-> MALWARE-CNC Win.Trojan.njRAT variant download attempt (malware-cnc.rules)
 * 1:61304 <-> ENABLED <-> MALWARE-CNC Win.Trojan.njRAT variant download attempt (malware-cnc.rules)
 * 1:61276 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt (indicator-compromise.rules)
 * 1:61309 <-> ENABLED <-> MALWARE-CNC Win.Trojan.njRAT variant download attempt (malware-cnc.rules)
 * 1:61274 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Turla Crutch backdoor download (malware-other.rules)
 * 1:61290 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit JuicyPotato download attempt (indicator-compromise.rules)
 * 1:61291 <-> DISABLED <-> SERVER-OTHER FortiOS SSLVPNd Content-Length memory corruption attempt (server-other.rules)
 * 1:61287 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit PrintNightmare download attempt (indicator-compromise.rules)
 * 1:61273 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Turla Crutch backdoor download (malware-other.rules)
 * 1:61306 <-> ENABLED <-> MALWARE-CNC Win.Trojan.njRAT variant download attempt (malware-cnc.rules)
 * 1:61311 <-> ENABLED <-> MALWARE-CNC Win.Trojan.njRAT variant download attempt (malware-cnc.rules)
 * 1:61308 <-> ENABLED <-> MALWARE-CNC Win.Trojan.njRAT variant download attempt (malware-cnc.rules)
 * 1:61292 <-> DISABLED <-> OS-LINUX KSMBD unauthenticated remote heap overflow attempt (os-linux.rules)
 * 1:61282 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt (indicator-compromise.rules)
 * 1:61280 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt (indicator-compromise.rules)
 * 1:61283 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Zerologon download attempt (indicator-compromise.rules)
 * 1:61286 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt (indicator-compromise.rules)
 * 1:61281 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt (indicator-compromise.rules)
 * 1:61288 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit PrintNightmare download attempt (indicator-compromise.rules)
 * 1:61284 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Zerologon download attempt (indicator-compromise.rules)
 * 1:61293 <-> DISABLED <-> MALWARE-TOOLS Win.Tool.WinPWN UAC bypass module download attempt (malware-tools.rules)
 * 1:61285 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt (indicator-compromise.rules)
 * 1:61294 <-> DISABLED <-> MALWARE-TOOLS Win.Tool.WinPWN UAC bypass module download attempt (malware-tools.rules)
 * 1:61295 <-> DISABLED <-> MALWARE-TOOLS Win.Tool.WinPWN UAC bypass module download attempt (malware-tools.rules)
 * 1:61300 <-> DISABLED <-> MALWARE-TOOLS Win.Tool.WinPWN amsi module download attempt (malware-tools.rules)
 * 1:61298 <-> DISABLED <-> MALWARE-TOOLS Win.Tool.WinPWN Disk Cleanup UAC bypass module download attempt (malware-tools.rules)
 * 1:61297 <-> DISABLED <-> MALWARE-TOOLS Win.Tool.WinPWN Disk Cleanup UAC bypass module download attempt (malware-tools.rules)
 * 1:61299 <-> DISABLED <-> MALWARE-TOOLS Win.Tool.WinPWN amsi module download attempt (malware-tools.rules)
 * 1:61301 <-> DISABLED <-> MALWARE-TOOLS Win.Tool.WinPWN adpass module download attempt (malware-tools.rules)
 * 1:61303 <-> DISABLED <-> OS-WINDOWS Microsoft Windows PPTP denial-of-service attempt (os-windows.rules)
 * 1:61275 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt (indicator-compromise.rules)
 * 1:61279 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt (indicator-compromise.rules)
 * 1:61277 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt (indicator-compromise.rules)
 * 1:61278 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt (indicator-compromise.rules)

Modified Rules:


 * 1:59739 <-> DISABLED <-> PROTOCOL-RPC Portmapper NLM GETADDR call attempt (protocol-rpc.rules)
 * 1:59738 <-> DISABLED <-> OS-WINDOWS Windows Network File System remote code execution attempt (os-windows.rules)
 * 1:59740 <-> DISABLED <-> OS-WINDOWS Windows Network File System remote code execution attempt (os-windows.rules)
 * 1:59741 <-> DISABLED <-> PROTOCOL-RPC Portmapper NLM GETADDR call attempt (protocol-rpc.rules)

29161

2023-02-09 14:52:28 UTC

Snort Subscriber Rules Update

Date: 2023-02-09

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091601.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:61305 <-> ENABLED <-> MALWARE-CNC Win.Trojan.njRAT variant download attempt (malware-cnc.rules)
 * 1:61311 <-> ENABLED <-> MALWARE-CNC Win.Trojan.njRAT variant download attempt (malware-cnc.rules)
 * 1:61307 <-> ENABLED <-> MALWARE-CNC Win.Trojan.njRAT variant download attempt (malware-cnc.rules)
 * 1:61308 <-> ENABLED <-> MALWARE-CNC Win.Trojan.njRAT variant download attempt (malware-cnc.rules)
 * 1:61275 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt (indicator-compromise.rules)
 * 1:61309 <-> ENABLED <-> MALWARE-CNC Win.Trojan.njRAT variant download attempt (malware-cnc.rules)
 * 1:61276 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt (indicator-compromise.rules)
 * 1:61277 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt (indicator-compromise.rules)
 * 1:61304 <-> ENABLED <-> MALWARE-CNC Win.Trojan.njRAT variant download attempt (malware-cnc.rules)
 * 1:61274 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Turla Crutch backdoor download (malware-other.rules)
 * 1:61310 <-> ENABLED <-> MALWARE-CNC Win.Trojan.njRAT variant download attempt (malware-cnc.rules)
 * 1:61279 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt (indicator-compromise.rules)
 * 1:61281 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt (indicator-compromise.rules)
 * 1:61280 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt (indicator-compromise.rules)
 * 1:61283 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Zerologon download attempt (indicator-compromise.rules)
 * 1:61285 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt (indicator-compromise.rules)
 * 1:61287 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit PrintNightmare download attempt (indicator-compromise.rules)
 * 1:61289 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit JuicyPotato download attempt (indicator-compromise.rules)
 * 1:61284 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Zerologon download attempt (indicator-compromise.rules)
 * 1:61291 <-> DISABLED <-> SERVER-OTHER FortiOS SSLVPNd Content-Length memory corruption attempt (server-other.rules)
 * 1:61282 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt (indicator-compromise.rules)
 * 1:61293 <-> DISABLED <-> MALWARE-TOOLS Win.Tool.WinPWN UAC bypass module download attempt (malware-tools.rules)
 * 1:61288 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit PrintNightmare download attempt (indicator-compromise.rules)
 * 1:61295 <-> DISABLED <-> MALWARE-TOOLS Win.Tool.WinPWN UAC bypass module download attempt (malware-tools.rules)
 * 1:61286 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt (indicator-compromise.rules)
 * 1:61297 <-> DISABLED <-> MALWARE-TOOLS Win.Tool.WinPWN Disk Cleanup UAC bypass module download attempt (malware-tools.rules)
 * 1:61292 <-> DISABLED <-> OS-LINUX KSMBD unauthenticated remote heap overflow attempt (os-linux.rules)
 * 1:61299 <-> DISABLED <-> MALWARE-TOOLS Win.Tool.WinPWN amsi module download attempt (malware-tools.rules)
 * 1:61290 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit JuicyPotato download attempt (indicator-compromise.rules)
 * 1:61301 <-> DISABLED <-> MALWARE-TOOLS Win.Tool.WinPWN adpass module download attempt (malware-tools.rules)
 * 1:61296 <-> DISABLED <-> MALWARE-TOOLS Win.Tool.WinPWN UAC bypass module download attempt (malware-tools.rules)
 * 1:61303 <-> DISABLED <-> OS-WINDOWS Microsoft Windows PPTP denial-of-service attempt (os-windows.rules)
 * 1:61294 <-> DISABLED <-> MALWARE-TOOLS Win.Tool.WinPWN UAC bypass module download attempt (malware-tools.rules)
 * 1:61300 <-> DISABLED <-> MALWARE-TOOLS Win.Tool.WinPWN amsi module download attempt (malware-tools.rules)
 * 1:61298 <-> DISABLED <-> MALWARE-TOOLS Win.Tool.WinPWN Disk Cleanup UAC bypass module download attempt (malware-tools.rules)
 * 1:61302 <-> DISABLED <-> MALWARE-TOOLS Win.Tool.WinPWN adpass module download attempt (malware-tools.rules)
 * 1:61278 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt (indicator-compromise.rules)
 * 1:61306 <-> ENABLED <-> MALWARE-CNC Win.Trojan.njRAT variant download attempt (malware-cnc.rules)
 * 1:61273 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Turla Crutch backdoor download (malware-other.rules)

Modified Rules:


 * 1:59739 <-> DISABLED <-> PROTOCOL-RPC Portmapper NLM GETADDR call attempt (protocol-rpc.rules)
 * 1:59738 <-> DISABLED <-> OS-WINDOWS Windows Network File System remote code execution attempt (os-windows.rules)
 * 1:59741 <-> DISABLED <-> PROTOCOL-RPC Portmapper NLM GETADDR call attempt (protocol-rpc.rules)
 * 1:59740 <-> DISABLED <-> OS-WINDOWS Windows Network File System remote code execution attempt (os-windows.rules)

29160

2023-02-09 14:52:28 UTC

Snort Subscriber Rules Update

Date: 2023-02-09

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091600.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:61300 <-> DISABLED <-> MALWARE-TOOLS Win.Tool.WinPWN amsi module download attempt (malware-tools.rules)
 * 1:61294 <-> DISABLED <-> MALWARE-TOOLS Win.Tool.WinPWN UAC bypass module download attempt (malware-tools.rules)
 * 1:61309 <-> ENABLED <-> MALWARE-CNC Win.Trojan.njRAT variant download attempt (malware-cnc.rules)
 * 1:61310 <-> ENABLED <-> MALWARE-CNC Win.Trojan.njRAT variant download attempt (malware-cnc.rules)
 * 1:61303 <-> DISABLED <-> OS-WINDOWS Microsoft Windows PPTP denial-of-service attempt (os-windows.rules)
 * 1:61302 <-> DISABLED <-> MALWARE-TOOLS Win.Tool.WinPWN adpass module download attempt (malware-tools.rules)
 * 1:61307 <-> ENABLED <-> MALWARE-CNC Win.Trojan.njRAT variant download attempt (malware-cnc.rules)
 * 1:61308 <-> ENABLED <-> MALWARE-CNC Win.Trojan.njRAT variant download attempt (malware-cnc.rules)
 * 1:61306 <-> ENABLED <-> MALWARE-CNC Win.Trojan.njRAT variant download attempt (malware-cnc.rules)
 * 1:61304 <-> ENABLED <-> MALWARE-CNC Win.Trojan.njRAT variant download attempt (malware-cnc.rules)
 * 1:61275 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt (indicator-compromise.rules)
 * 1:61274 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Turla Crutch backdoor download (malware-other.rules)
 * 1:61276 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt (indicator-compromise.rules)
 * 1:61311 <-> ENABLED <-> MALWARE-CNC Win.Trojan.njRAT variant download attempt (malware-cnc.rules)
 * 1:61281 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt (indicator-compromise.rules)
 * 1:61277 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt (indicator-compromise.rules)
 * 1:61280 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt (indicator-compromise.rules)
 * 1:61292 <-> DISABLED <-> OS-LINUX KSMBD unauthenticated remote heap overflow attempt (os-linux.rules)
 * 1:61279 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt (indicator-compromise.rules)
 * 1:61278 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt (indicator-compromise.rules)
 * 1:61287 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit PrintNightmare download attempt (indicator-compromise.rules)
 * 1:61282 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt (indicator-compromise.rules)
 * 1:61285 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt (indicator-compromise.rules)
 * 1:61283 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Zerologon download attempt (indicator-compromise.rules)
 * 1:61289 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit JuicyPotato download attempt (indicator-compromise.rules)
 * 1:61291 <-> DISABLED <-> SERVER-OTHER FortiOS SSLVPNd Content-Length memory corruption attempt (server-other.rules)
 * 1:61284 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Zerologon download attempt (indicator-compromise.rules)
 * 1:61286 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt (indicator-compromise.rules)
 * 1:61295 <-> DISABLED <-> MALWARE-TOOLS Win.Tool.WinPWN UAC bypass module download attempt (malware-tools.rules)
 * 1:61293 <-> DISABLED <-> MALWARE-TOOLS Win.Tool.WinPWN UAC bypass module download attempt (malware-tools.rules)
 * 1:61288 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit PrintNightmare download attempt (indicator-compromise.rules)
 * 1:61297 <-> DISABLED <-> MALWARE-TOOLS Win.Tool.WinPWN Disk Cleanup UAC bypass module download attempt (malware-tools.rules)
 * 1:61290 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit JuicyPotato download attempt (indicator-compromise.rules)
 * 1:61296 <-> DISABLED <-> MALWARE-TOOLS Win.Tool.WinPWN UAC bypass module download attempt (malware-tools.rules)
 * 1:61298 <-> DISABLED <-> MALWARE-TOOLS Win.Tool.WinPWN Disk Cleanup UAC bypass module download attempt (malware-tools.rules)
 * 1:61301 <-> DISABLED <-> MALWARE-TOOLS Win.Tool.WinPWN adpass module download attempt (malware-tools.rules)
 * 1:61273 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Turla Crutch backdoor download (malware-other.rules)
 * 1:61299 <-> DISABLED <-> MALWARE-TOOLS Win.Tool.WinPWN amsi module download attempt (malware-tools.rules)
 * 1:61305 <-> ENABLED <-> MALWARE-CNC Win.Trojan.njRAT variant download attempt (malware-cnc.rules)

Modified Rules:


 * 1:59738 <-> DISABLED <-> OS-WINDOWS Windows Network File System remote code execution attempt (os-windows.rules)
 * 1:59740 <-> DISABLED <-> OS-WINDOWS Windows Network File System remote code execution attempt (os-windows.rules)
 * 1:59741 <-> DISABLED <-> PROTOCOL-RPC Portmapper NLM GETADDR call attempt (protocol-rpc.rules)
 * 1:59739 <-> DISABLED <-> PROTOCOL-RPC Portmapper NLM GETADDR call attempt (protocol-rpc.rules)

29151

2023-02-09 14:52:28 UTC

Snort Subscriber Rules Update

Date: 2023-02-09

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091501.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:61275 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt (indicator-compromise.rules)
 * 1:61311 <-> ENABLED <-> MALWARE-CNC Win.Trojan.njRAT variant download attempt (malware-cnc.rules)
 * 1:61306 <-> ENABLED <-> MALWARE-CNC Win.Trojan.njRAT variant download attempt (malware-cnc.rules)
 * 1:61299 <-> DISABLED <-> MALWARE-TOOLS Win.Tool.WinPWN amsi module download attempt (malware-tools.rules)
 * 1:61310 <-> ENABLED <-> MALWARE-CNC Win.Trojan.njRAT variant download attempt (malware-cnc.rules)
 * 1:61273 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Turla Crutch backdoor download (malware-other.rules)
 * 1:61308 <-> ENABLED <-> MALWARE-CNC Win.Trojan.njRAT variant download attempt (malware-cnc.rules)
 * 1:61303 <-> DISABLED <-> OS-WINDOWS Microsoft Windows PPTP denial-of-service attempt (os-windows.rules)
 * 1:61309 <-> ENABLED <-> MALWARE-CNC Win.Trojan.njRAT variant download attempt (malware-cnc.rules)
 * 1:61307 <-> ENABLED <-> MALWARE-CNC Win.Trojan.njRAT variant download attempt (malware-cnc.rules)
 * 1:61300 <-> DISABLED <-> MALWARE-TOOLS Win.Tool.WinPWN amsi module download attempt (malware-tools.rules)
 * 1:61277 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt (indicator-compromise.rules)
 * 1:61279 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt (indicator-compromise.rules)
 * 1:61283 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Zerologon download attempt (indicator-compromise.rules)
 * 1:61282 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt (indicator-compromise.rules)
 * 1:61280 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt (indicator-compromise.rules)
 * 1:61278 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt (indicator-compromise.rules)
 * 1:61285 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt (indicator-compromise.rules)
 * 1:61287 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit PrintNightmare download attempt (indicator-compromise.rules)
 * 1:61290 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit JuicyPotato download attempt (indicator-compromise.rules)
 * 1:61286 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt (indicator-compromise.rules)
 * 1:61291 <-> DISABLED <-> SERVER-OTHER FortiOS SSLVPNd Content-Length memory corruption attempt (server-other.rules)
 * 1:61284 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Zerologon download attempt (indicator-compromise.rules)
 * 1:61294 <-> DISABLED <-> MALWARE-TOOLS Win.Tool.WinPWN UAC bypass module download attempt (malware-tools.rules)
 * 1:61288 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit PrintNightmare download attempt (indicator-compromise.rules)
 * 1:61296 <-> DISABLED <-> MALWARE-TOOLS Win.Tool.WinPWN UAC bypass module download attempt (malware-tools.rules)
 * 1:61289 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit JuicyPotato download attempt (indicator-compromise.rules)
 * 1:61281 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt (indicator-compromise.rules)
 * 1:61293 <-> DISABLED <-> MALWARE-TOOLS Win.Tool.WinPWN UAC bypass module download attempt (malware-tools.rules)
 * 1:61292 <-> DISABLED <-> OS-LINUX KSMBD unauthenticated remote heap overflow attempt (os-linux.rules)
 * 1:61297 <-> DISABLED <-> MALWARE-TOOLS Win.Tool.WinPWN Disk Cleanup UAC bypass module download attempt (malware-tools.rules)
 * 1:61295 <-> DISABLED <-> MALWARE-TOOLS Win.Tool.WinPWN UAC bypass module download attempt (malware-tools.rules)
 * 1:61305 <-> ENABLED <-> MALWARE-CNC Win.Trojan.njRAT variant download attempt (malware-cnc.rules)
 * 1:61298 <-> DISABLED <-> MALWARE-TOOLS Win.Tool.WinPWN Disk Cleanup UAC bypass module download attempt (malware-tools.rules)
 * 1:61301 <-> DISABLED <-> MALWARE-TOOLS Win.Tool.WinPWN adpass module download attempt (malware-tools.rules)
 * 1:61276 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt (indicator-compromise.rules)
 * 1:61304 <-> ENABLED <-> MALWARE-CNC Win.Trojan.njRAT variant download attempt (malware-cnc.rules)
 * 1:61302 <-> DISABLED <-> MALWARE-TOOLS Win.Tool.WinPWN adpass module download attempt (malware-tools.rules)
 * 1:61274 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Turla Crutch backdoor download (malware-other.rules)

Modified Rules:


 * 1:59738 <-> DISABLED <-> OS-WINDOWS Windows Network File System remote code execution attempt (os-windows.rules)
 * 1:59739 <-> DISABLED <-> PROTOCOL-RPC Portmapper NLM GETADDR call attempt (protocol-rpc.rules)
 * 1:59740 <-> DISABLED <-> OS-WINDOWS Windows Network File System remote code execution attempt (os-windows.rules)
 * 1:59741 <-> DISABLED <-> PROTOCOL-RPC Portmapper NLM GETADDR call attempt (protocol-rpc.rules)

29141

2023-02-09 14:52:28 UTC

Snort Subscriber Rules Update

Date: 2023-02-09

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091401.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:61308 <-> ENABLED <-> MALWARE-CNC Win.Trojan.njRAT variant download attempt (malware-cnc.rules)
 * 1:61273 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Turla Crutch backdoor download (malware-other.rules)
 * 1:61296 <-> DISABLED <-> MALWARE-TOOLS Win.Tool.WinPWN UAC bypass module download attempt (malware-tools.rules)
 * 1:61302 <-> DISABLED <-> MALWARE-TOOLS Win.Tool.WinPWN adpass module download attempt (malware-tools.rules)
 * 1:61303 <-> DISABLED <-> OS-WINDOWS Microsoft Windows PPTP denial-of-service attempt (os-windows.rules)
 * 1:61305 <-> ENABLED <-> MALWARE-CNC Win.Trojan.njRAT variant download attempt (malware-cnc.rules)
 * 1:61279 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt (indicator-compromise.rules)
 * 1:61291 <-> DISABLED <-> SERVER-OTHER FortiOS SSLVPNd Content-Length memory corruption attempt (server-other.rules)
 * 1:61280 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt (indicator-compromise.rules)
 * 1:61282 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt (indicator-compromise.rules)
 * 1:61304 <-> ENABLED <-> MALWARE-CNC Win.Trojan.njRAT variant download attempt (malware-cnc.rules)
 * 1:61286 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt (indicator-compromise.rules)
 * 1:61281 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt (indicator-compromise.rules)
 * 1:61278 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt (indicator-compromise.rules)
 * 1:61285 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt (indicator-compromise.rules)
 * 1:61288 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit PrintNightmare download attempt (indicator-compromise.rules)
 * 1:61290 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit JuicyPotato download attempt (indicator-compromise.rules)
 * 1:61284 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Zerologon download attempt (indicator-compromise.rules)
 * 1:61295 <-> DISABLED <-> MALWARE-TOOLS Win.Tool.WinPWN UAC bypass module download attempt (malware-tools.rules)
 * 1:61293 <-> DISABLED <-> MALWARE-TOOLS Win.Tool.WinPWN UAC bypass module download attempt (malware-tools.rules)
 * 1:61292 <-> DISABLED <-> OS-LINUX KSMBD unauthenticated remote heap overflow attempt (os-linux.rules)
 * 1:61283 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Zerologon download attempt (indicator-compromise.rules)
 * 1:61289 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit JuicyPotato download attempt (indicator-compromise.rules)
 * 1:61294 <-> DISABLED <-> MALWARE-TOOLS Win.Tool.WinPWN UAC bypass module download attempt (malware-tools.rules)
 * 1:61287 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit PrintNightmare download attempt (indicator-compromise.rules)
 * 1:61298 <-> DISABLED <-> MALWARE-TOOLS Win.Tool.WinPWN Disk Cleanup UAC bypass module download attempt (malware-tools.rules)
 * 1:61309 <-> ENABLED <-> MALWARE-CNC Win.Trojan.njRAT variant download attempt (malware-cnc.rules)
 * 1:61275 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt (indicator-compromise.rules)
 * 1:61297 <-> DISABLED <-> MALWARE-TOOLS Win.Tool.WinPWN Disk Cleanup UAC bypass module download attempt (malware-tools.rules)
 * 1:61299 <-> DISABLED <-> MALWARE-TOOLS Win.Tool.WinPWN amsi module download attempt (malware-tools.rules)
 * 1:61307 <-> ENABLED <-> MALWARE-CNC Win.Trojan.njRAT variant download attempt (malware-cnc.rules)
 * 1:61311 <-> ENABLED <-> MALWARE-CNC Win.Trojan.njRAT variant download attempt (malware-cnc.rules)
 * 1:61306 <-> ENABLED <-> MALWARE-CNC Win.Trojan.njRAT variant download attempt (malware-cnc.rules)
 * 1:61277 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt (indicator-compromise.rules)
 * 1:61274 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Turla Crutch backdoor download (malware-other.rules)
 * 1:61300 <-> DISABLED <-> MALWARE-TOOLS Win.Tool.WinPWN amsi module download attempt (malware-tools.rules)
 * 1:61276 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt (indicator-compromise.rules)
 * 1:61301 <-> DISABLED <-> MALWARE-TOOLS Win.Tool.WinPWN adpass module download attempt (malware-tools.rules)
 * 1:61310 <-> ENABLED <-> MALWARE-CNC Win.Trojan.njRAT variant download attempt (malware-cnc.rules)

Modified Rules:


 * 1:59740 <-> DISABLED <-> OS-WINDOWS Windows Network File System remote code execution attempt (os-windows.rules)
 * 1:59738 <-> DISABLED <-> OS-WINDOWS Windows Network File System remote code execution attempt (os-windows.rules)
 * 1:59741 <-> DISABLED <-> PROTOCOL-RPC Portmapper NLM GETADDR call attempt (protocol-rpc.rules)
 * 1:59739 <-> DISABLED <-> PROTOCOL-RPC Portmapper NLM GETADDR call attempt (protocol-rpc.rules)

29130

2023-02-09 14:52:28 UTC

Snort Subscriber Rules Update

Date: 2023-02-09

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091300.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:61274 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Turla Crutch backdoor download (malware-other.rules)
 * 1:61311 <-> ENABLED <-> MALWARE-CNC Win.Trojan.njRAT variant download attempt (malware-cnc.rules)
 * 1:61303 <-> DISABLED <-> OS-WINDOWS Microsoft Windows PPTP denial-of-service attempt (os-windows.rules)
 * 1:61277 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt (indicator-compromise.rules)
 * 1:61304 <-> ENABLED <-> MALWARE-CNC Win.Trojan.njRAT variant download attempt (malware-cnc.rules)
 * 1:61308 <-> ENABLED <-> MALWARE-CNC Win.Trojan.njRAT variant download attempt (malware-cnc.rules)
 * 1:61307 <-> ENABLED <-> MALWARE-CNC Win.Trojan.njRAT variant download attempt (malware-cnc.rules)
 * 1:61298 <-> DISABLED <-> MALWARE-TOOLS Win.Tool.WinPWN Disk Cleanup UAC bypass module download attempt (malware-tools.rules)
 * 1:61309 <-> ENABLED <-> MALWARE-CNC Win.Trojan.njRAT variant download attempt (malware-cnc.rules)
 * 1:61297 <-> DISABLED <-> MALWARE-TOOLS Win.Tool.WinPWN Disk Cleanup UAC bypass module download attempt (malware-tools.rules)
 * 1:61291 <-> DISABLED <-> SERVER-OTHER FortiOS SSLVPNd Content-Length memory corruption attempt (server-other.rules)
 * 1:61299 <-> DISABLED <-> MALWARE-TOOLS Win.Tool.WinPWN amsi module download attempt (malware-tools.rules)
 * 1:61276 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt (indicator-compromise.rules)
 * 1:61305 <-> ENABLED <-> MALWARE-CNC Win.Trojan.njRAT variant download attempt (malware-cnc.rules)
 * 1:61296 <-> DISABLED <-> MALWARE-TOOLS Win.Tool.WinPWN UAC bypass module download attempt (malware-tools.rules)
 * 1:61295 <-> DISABLED <-> MALWARE-TOOLS Win.Tool.WinPWN UAC bypass module download attempt (malware-tools.rules)
 * 1:61310 <-> ENABLED <-> MALWARE-CNC Win.Trojan.njRAT variant download attempt (malware-cnc.rules)
 * 1:61302 <-> DISABLED <-> MALWARE-TOOLS Win.Tool.WinPWN adpass module download attempt (malware-tools.rules)
 * 1:61286 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt (indicator-compromise.rules)
 * 1:61282 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt (indicator-compromise.rules)
 * 1:61279 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt (indicator-compromise.rules)
 * 1:61289 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit JuicyPotato download attempt (indicator-compromise.rules)
 * 1:61280 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt (indicator-compromise.rules)
 * 1:61287 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit PrintNightmare download attempt (indicator-compromise.rules)
 * 1:61281 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt (indicator-compromise.rules)
 * 1:61285 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt (indicator-compromise.rules)
 * 1:61284 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Zerologon download attempt (indicator-compromise.rules)
 * 1:61288 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit PrintNightmare download attempt (indicator-compromise.rules)
 * 1:61275 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt (indicator-compromise.rules)
 * 1:61306 <-> ENABLED <-> MALWARE-CNC Win.Trojan.njRAT variant download attempt (malware-cnc.rules)
 * 1:61301 <-> DISABLED <-> MALWARE-TOOLS Win.Tool.WinPWN adpass module download attempt (malware-tools.rules)
 * 1:61283 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Zerologon download attempt (indicator-compromise.rules)
 * 1:61278 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt (indicator-compromise.rules)
 * 1:61273 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Turla Crutch backdoor download (malware-other.rules)
 * 1:61293 <-> DISABLED <-> MALWARE-TOOLS Win.Tool.WinPWN UAC bypass module download attempt (malware-tools.rules)
 * 1:61290 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit JuicyPotato download attempt (indicator-compromise.rules)
 * 1:61294 <-> DISABLED <-> MALWARE-TOOLS Win.Tool.WinPWN UAC bypass module download attempt (malware-tools.rules)
 * 1:61292 <-> DISABLED <-> OS-LINUX KSMBD unauthenticated remote heap overflow attempt (os-linux.rules)
 * 1:61300 <-> DISABLED <-> MALWARE-TOOLS Win.Tool.WinPWN amsi module download attempt (malware-tools.rules)

Modified Rules:


 * 1:59739 <-> DISABLED <-> PROTOCOL-RPC Portmapper NLM GETADDR call attempt (protocol-rpc.rules)
 * 1:59741 <-> DISABLED <-> PROTOCOL-RPC Portmapper NLM GETADDR call attempt (protocol-rpc.rules)
 * 1:59740 <-> DISABLED <-> OS-WINDOWS Windows Network File System remote code execution attempt (os-windows.rules)
 * 1:59738 <-> DISABLED <-> OS-WINDOWS Windows Network File System remote code execution attempt (os-windows.rules)

29111

2023-02-09 14:52:28 UTC

Snort Subscriber Rules Update

Date: 2023-02-09

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091101.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:61307 <-> ENABLED <-> MALWARE-CNC Win.Trojan.njRAT variant download attempt (malware-cnc.rules)
 * 1:61303 <-> DISABLED <-> OS-WINDOWS Microsoft Windows PPTP denial-of-service attempt (os-windows.rules)
 * 1:61302 <-> DISABLED <-> MALWARE-TOOLS Win.Tool.WinPWN adpass module download attempt (malware-tools.rules)
 * 1:61305 <-> ENABLED <-> MALWARE-CNC Win.Trojan.njRAT variant download attempt (malware-cnc.rules)
 * 1:61274 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Turla Crutch backdoor download (malware-other.rules)
 * 1:61293 <-> DISABLED <-> MALWARE-TOOLS Win.Tool.WinPWN UAC bypass module download attempt (malware-tools.rules)
 * 1:61275 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt (indicator-compromise.rules)
 * 1:61289 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit JuicyPotato download attempt (indicator-compromise.rules)
 * 1:61276 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt (indicator-compromise.rules)
 * 1:61308 <-> ENABLED <-> MALWARE-CNC Win.Trojan.njRAT variant download attempt (malware-cnc.rules)
 * 1:61288 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit PrintNightmare download attempt (indicator-compromise.rules)
 * 1:61306 <-> ENABLED <-> MALWARE-CNC Win.Trojan.njRAT variant download attempt (malware-cnc.rules)
 * 1:61281 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt (indicator-compromise.rules)
 * 1:61295 <-> DISABLED <-> MALWARE-TOOLS Win.Tool.WinPWN UAC bypass module download attempt (malware-tools.rules)
 * 1:61296 <-> DISABLED <-> MALWARE-TOOLS Win.Tool.WinPWN UAC bypass module download attempt (malware-tools.rules)
 * 1:61273 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Turla Crutch backdoor download (malware-other.rules)
 * 1:61310 <-> ENABLED <-> MALWARE-CNC Win.Trojan.njRAT variant download attempt (malware-cnc.rules)
 * 1:61301 <-> DISABLED <-> MALWARE-TOOLS Win.Tool.WinPWN adpass module download attempt (malware-tools.rules)
 * 1:61311 <-> ENABLED <-> MALWARE-CNC Win.Trojan.njRAT variant download attempt (malware-cnc.rules)
 * 1:61279 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt (indicator-compromise.rules)
 * 1:61278 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt (indicator-compromise.rules)
 * 1:61283 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Zerologon download attempt (indicator-compromise.rules)
 * 1:61309 <-> ENABLED <-> MALWARE-CNC Win.Trojan.njRAT variant download attempt (malware-cnc.rules)
 * 1:61277 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt (indicator-compromise.rules)
 * 1:61294 <-> DISABLED <-> MALWARE-TOOLS Win.Tool.WinPWN UAC bypass module download attempt (malware-tools.rules)
 * 1:61304 <-> ENABLED <-> MALWARE-CNC Win.Trojan.njRAT variant download attempt (malware-cnc.rules)
 * 1:61298 <-> DISABLED <-> MALWARE-TOOLS Win.Tool.WinPWN Disk Cleanup UAC bypass module download attempt (malware-tools.rules)
 * 1:61300 <-> DISABLED <-> MALWARE-TOOLS Win.Tool.WinPWN amsi module download attempt (malware-tools.rules)
 * 1:61282 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt (indicator-compromise.rules)
 * 1:61280 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt (indicator-compromise.rules)
 * 1:61285 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt (indicator-compromise.rules)
 * 1:61287 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit PrintNightmare download attempt (indicator-compromise.rules)
 * 1:61284 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Zerologon download attempt (indicator-compromise.rules)
 * 1:61286 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt (indicator-compromise.rules)
 * 1:61290 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit JuicyPotato download attempt (indicator-compromise.rules)
 * 1:61291 <-> DISABLED <-> SERVER-OTHER FortiOS SSLVPNd Content-Length memory corruption attempt (server-other.rules)
 * 1:61299 <-> DISABLED <-> MALWARE-TOOLS Win.Tool.WinPWN amsi module download attempt (malware-tools.rules)
 * 1:61292 <-> DISABLED <-> OS-LINUX KSMBD unauthenticated remote heap overflow attempt (os-linux.rules)
 * 1:61297 <-> DISABLED <-> MALWARE-TOOLS Win.Tool.WinPWN Disk Cleanup UAC bypass module download attempt (malware-tools.rules)

Modified Rules:


 * 1:59738 <-> DISABLED <-> OS-WINDOWS Windows Network File System remote code execution attempt (os-windows.rules)
 * 1:59739 <-> DISABLED <-> PROTOCOL-RPC Portmapper NLM GETADDR call attempt (protocol-rpc.rules)
 * 1:59740 <-> DISABLED <-> OS-WINDOWS Windows Network File System remote code execution attempt (os-windows.rules)
 * 1:59741 <-> DISABLED <-> PROTOCOL-RPC Portmapper NLM GETADDR call attempt (protocol-rpc.rules)

3000

2023-02-09 14:52:28 UTC

Snort Subscriber Rules Update

Date: 2023-02-09

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3000.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:61291 <-> ENABLED <-> SERVER-OTHER FortiOS SSLVPNd Content-Length memory corruption attempt (snort3-server-other.rules)
 * 1:61303 <-> ENABLED <-> OS-WINDOWS Microsoft Windows PPTP denial-of-service attempt (snort3-os-windows.rules)
 * 1:61292 <-> ENABLED <-> OS-LINUX KSMBD unauthenticated remote heap overflow attempt (snort3-os-linux.rules)

Modified Rules:


 * 1:300135 <-> ENABLED <-> PROTOCOL-RPC Portmapper NLM GETADDR call attempt (snort3-protocol-rpc.rules)
 * 1:300137 <-> ENABLED <-> PROTOCOL-RPC Portmapper NLM GETADDR call attempt (snort3-protocol-rpc.rules)
 * 1:300136 <-> ENABLED <-> OS-WINDOWS Windows Network File System remote code execution attempt (snort3-os-windows.rules)
 * 1:300134 <-> ENABLED <-> OS-WINDOWS Windows Network File System remote code execution attempt (snort3-os-windows.rules)

2983

2023-02-09 14:52:28 UTC

Snort Subscriber Rules Update

Date: 2023-02-09

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:61292 <-> DISABLED <-> OS-LINUX KSMBD unauthenticated remote heap overflow attempt (os-linux.rules)
 * 1:61307 <-> ENABLED <-> MALWARE-CNC Win.Trojan.njRAT variant download attempt (malware-cnc.rules)
 * 1:61306 <-> ENABLED <-> MALWARE-CNC Win.Trojan.njRAT variant download attempt (malware-cnc.rules)
 * 1:61304 <-> ENABLED <-> MALWARE-CNC Win.Trojan.njRAT variant download attempt (malware-cnc.rules)
 * 1:61290 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit JuicyPotato download attempt (indicator-compromise.rules)
 * 1:61289 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit JuicyPotato download attempt (indicator-compromise.rules)
 * 1:61301 <-> DISABLED <-> MALWARE-TOOLS Win.Tool.WinPWN adpass module download attempt (malware-tools.rules)
 * 1:61310 <-> ENABLED <-> MALWARE-CNC Win.Trojan.njRAT variant download attempt (malware-cnc.rules)
 * 1:61311 <-> ENABLED <-> MALWARE-CNC Win.Trojan.njRAT variant download attempt (malware-cnc.rules)
 * 1:61293 <-> DISABLED <-> MALWARE-TOOLS Win.Tool.WinPWN UAC bypass module download attempt (malware-tools.rules)
 * 1:61281 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt (indicator-compromise.rules)
 * 1:61303 <-> DISABLED <-> OS-WINDOWS Microsoft Windows PPTP denial-of-service attempt (os-windows.rules)
 * 1:61286 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt (indicator-compromise.rules)
 * 1:61283 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Zerologon download attempt (indicator-compromise.rules)
 * 1:61300 <-> DISABLED <-> MALWARE-TOOLS Win.Tool.WinPWN amsi module download attempt (malware-tools.rules)
 * 1:61296 <-> DISABLED <-> MALWARE-TOOLS Win.Tool.WinPWN UAC bypass module download attempt (malware-tools.rules)
 * 1:61284 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Zerologon download attempt (indicator-compromise.rules)
 * 1:61287 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit PrintNightmare download attempt (indicator-compromise.rules)
 * 1:61305 <-> ENABLED <-> MALWARE-CNC Win.Trojan.njRAT variant download attempt (malware-cnc.rules)
 * 1:61273 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Turla Crutch backdoor download (malware-other.rules)
 * 1:61276 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt (indicator-compromise.rules)
 * 1:61277 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt (indicator-compromise.rules)
 * 1:61274 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Turla Crutch backdoor download (malware-other.rules)
 * 1:61291 <-> DISABLED <-> SERVER-OTHER FortiOS SSLVPNd Content-Length memory corruption attempt (server-other.rules)
 * 1:61299 <-> DISABLED <-> MALWARE-TOOLS Win.Tool.WinPWN amsi module download attempt (malware-tools.rules)
 * 1:61308 <-> ENABLED <-> MALWARE-CNC Win.Trojan.njRAT variant download attempt (malware-cnc.rules)
 * 1:61280 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt (indicator-compromise.rules)
 * 1:61294 <-> DISABLED <-> MALWARE-TOOLS Win.Tool.WinPWN UAC bypass module download attempt (malware-tools.rules)
 * 1:61298 <-> DISABLED <-> MALWARE-TOOLS Win.Tool.WinPWN Disk Cleanup UAC bypass module download attempt (malware-tools.rules)
 * 1:61295 <-> DISABLED <-> MALWARE-TOOLS Win.Tool.WinPWN UAC bypass module download attempt (malware-tools.rules)
 * 1:61279 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt (indicator-compromise.rules)
 * 1:61297 <-> DISABLED <-> MALWARE-TOOLS Win.Tool.WinPWN Disk Cleanup UAC bypass module download attempt (malware-tools.rules)
 * 1:61278 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt (indicator-compromise.rules)
 * 1:61285 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt (indicator-compromise.rules)
 * 1:61288 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit PrintNightmare download attempt (indicator-compromise.rules)
 * 1:61302 <-> DISABLED <-> MALWARE-TOOLS Win.Tool.WinPWN adpass module download attempt (malware-tools.rules)
 * 1:61282 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt (indicator-compromise.rules)
 * 1:61309 <-> ENABLED <-> MALWARE-CNC Win.Trojan.njRAT variant download attempt (malware-cnc.rules)
 * 1:61275 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt (indicator-compromise.rules)

Modified Rules:


 * 1:59738 <-> DISABLED <-> OS-WINDOWS Windows Network File System remote code execution attempt (os-windows.rules)
 * 1:59739 <-> DISABLED <-> PROTOCOL-RPC Portmapper NLM GETADDR call attempt (protocol-rpc.rules)
 * 1:59740 <-> DISABLED <-> OS-WINDOWS Windows Network File System remote code execution attempt (os-windows.rules)
 * 1:59741 <-> DISABLED <-> PROTOCOL-RPC Portmapper NLM GETADDR call attempt (protocol-rpc.rules)

3031

2023-02-09 14:55:19 UTC

Snort Subscriber Rules Update

Date: 2023-02-08-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.0.3.1.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:300398 <-> MALWARE-OTHER Win.Trojan.Turla Crutch backdoor download
* 1:300399 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt
* 1:300400 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt
* 1:300401 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt
* 1:300402 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt
* 1:300403 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Zerologon download attempt
* 1:300404 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt
* 1:300405 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit PrintNightmare download attempt
* 1:300406 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit JuicyPotato download attempt
* 1:300407 <-> MALWARE-TOOLS Win.Tool.WinPWN UAC bypass module download attempt
* 1:300408 <-> MALWARE-TOOLS Win.Tool.WinPWN UAC bypass module download attempt
* 1:300409 <-> MALWARE-TOOLS Win.Tool.WinPWN Disk Cleanup UAC bypass module download attempt
* 1:300410 <-> MALWARE-TOOLS Win.Tool.WinPWN amsi module download attempt
* 1:300411 <-> MALWARE-TOOLS Win.Tool.WinPWN adpass module download attempt
* 1:300412 <-> MALWARE-CNC Win.Trojan.njRAT variant download attempt
* 1:300413 <-> MALWARE-CNC Win.Trojan.njRAT variant download attempt
* 1:300414 <-> MALWARE-CNC Win.Trojan.njRAT variant download attempt
* 1:300415 <-> MALWARE-CNC Win.Trojan.njRAT variant download attempt
* 1:61291 <-> SERVER-OTHER FortiOS SSLVPNd Content-Length memory corruption attempt
* 1:61292 <-> OS-LINUX KSMBD unauthenticated remote heap overflow attempt
* 1:61303 <-> OS-WINDOWS Microsoft Windows PPTP denial-of-service attempt

Modified Rules:

* 1:300134 <-> OS-WINDOWS Windows Network File System remote code execution attempt
* 1:300135 <-> PROTOCOL-RPC Portmapper NLM GETADDR call attempt
* 1:300136 <-> OS-WINDOWS Windows Network File System remote code execution attempt
* 1:300137 <-> PROTOCOL-RPC Portmapper NLM GETADDR call attempt

3034

2023-02-09 14:55:19 UTC

Snort Subscriber Rules Update

Date: 2023-02-08-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.0.3.4.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:300398 <-> MALWARE-OTHER Win.Trojan.Turla Crutch backdoor download
* 1:300399 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt
* 1:300400 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt
* 1:300401 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt
* 1:300402 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt
* 1:300403 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Zerologon download attempt
* 1:300404 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt
* 1:300405 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit PrintNightmare download attempt
* 1:300406 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit JuicyPotato download attempt
* 1:300407 <-> MALWARE-TOOLS Win.Tool.WinPWN UAC bypass module download attempt
* 1:300408 <-> MALWARE-TOOLS Win.Tool.WinPWN UAC bypass module download attempt
* 1:300409 <-> MALWARE-TOOLS Win.Tool.WinPWN Disk Cleanup UAC bypass module download attempt
* 1:300410 <-> MALWARE-TOOLS Win.Tool.WinPWN amsi module download attempt
* 1:300411 <-> MALWARE-TOOLS Win.Tool.WinPWN adpass module download attempt
* 1:300412 <-> MALWARE-CNC Win.Trojan.njRAT variant download attempt
* 1:300413 <-> MALWARE-CNC Win.Trojan.njRAT variant download attempt
* 1:300414 <-> MALWARE-CNC Win.Trojan.njRAT variant download attempt
* 1:300415 <-> MALWARE-CNC Win.Trojan.njRAT variant download attempt
* 1:61291 <-> SERVER-OTHER FortiOS SSLVPNd Content-Length memory corruption attempt
* 1:61292 <-> OS-LINUX KSMBD unauthenticated remote heap overflow attempt
* 1:61303 <-> OS-WINDOWS Microsoft Windows PPTP denial-of-service attempt

Modified Rules:

* 1:300134 <-> OS-WINDOWS Windows Network File System remote code execution attempt
* 1:300135 <-> PROTOCOL-RPC Portmapper NLM GETADDR call attempt
* 1:300136 <-> OS-WINDOWS Windows Network File System remote code execution attempt
* 1:300137 <-> PROTOCOL-RPC Portmapper NLM GETADDR call attempt

3100

2023-02-09 14:55:19 UTC

Snort Subscriber Rules Update

Date: 2023-02-08-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.0.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:300398 <-> MALWARE-OTHER Win.Trojan.Turla Crutch backdoor download
* 1:300399 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt
* 1:300400 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt
* 1:300401 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt
* 1:300402 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt
* 1:300403 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Zerologon download attempt
* 1:300404 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt
* 1:300405 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit PrintNightmare download attempt
* 1:300406 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit JuicyPotato download attempt
* 1:300407 <-> MALWARE-TOOLS Win.Tool.WinPWN UAC bypass module download attempt
* 1:300408 <-> MALWARE-TOOLS Win.Tool.WinPWN UAC bypass module download attempt
* 1:300409 <-> MALWARE-TOOLS Win.Tool.WinPWN Disk Cleanup UAC bypass module download attempt
* 1:300410 <-> MALWARE-TOOLS Win.Tool.WinPWN amsi module download attempt
* 1:300411 <-> MALWARE-TOOLS Win.Tool.WinPWN adpass module download attempt
* 1:300412 <-> MALWARE-CNC Win.Trojan.njRAT variant download attempt
* 1:300413 <-> MALWARE-CNC Win.Trojan.njRAT variant download attempt
* 1:300414 <-> MALWARE-CNC Win.Trojan.njRAT variant download attempt
* 1:300415 <-> MALWARE-CNC Win.Trojan.njRAT variant download attempt
* 1:61291 <-> SERVER-OTHER FortiOS SSLVPNd Content-Length memory corruption attempt
* 1:61292 <-> OS-LINUX KSMBD unauthenticated remote heap overflow attempt
* 1:61303 <-> OS-WINDOWS Microsoft Windows PPTP denial-of-service attempt

Modified Rules:

* 1:300134 <-> OS-WINDOWS Windows Network File System remote code execution attempt
* 1:300135 <-> PROTOCOL-RPC Portmapper NLM GETADDR call attempt
* 1:300136 <-> OS-WINDOWS Windows Network File System remote code execution attempt
* 1:300137 <-> PROTOCOL-RPC Portmapper NLM GETADDR call attempt

3101

2023-02-09 14:55:19 UTC

Snort Subscriber Rules Update

Date: 2023-02-08-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.0.1.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:300398 <-> MALWARE-OTHER Win.Trojan.Turla Crutch backdoor download
* 1:300399 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt
* 1:300400 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt
* 1:300401 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt
* 1:300402 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt
* 1:300403 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Zerologon download attempt
* 1:300404 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt
* 1:300405 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit PrintNightmare download attempt
* 1:300406 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit JuicyPotato download attempt
* 1:300407 <-> MALWARE-TOOLS Win.Tool.WinPWN UAC bypass module download attempt
* 1:300408 <-> MALWARE-TOOLS Win.Tool.WinPWN UAC bypass module download attempt
* 1:300409 <-> MALWARE-TOOLS Win.Tool.WinPWN Disk Cleanup UAC bypass module download attempt
* 1:300410 <-> MALWARE-TOOLS Win.Tool.WinPWN amsi module download attempt
* 1:300411 <-> MALWARE-TOOLS Win.Tool.WinPWN adpass module download attempt
* 1:300412 <-> MALWARE-CNC Win.Trojan.njRAT variant download attempt
* 1:300413 <-> MALWARE-CNC Win.Trojan.njRAT variant download attempt
* 1:300414 <-> MALWARE-CNC Win.Trojan.njRAT variant download attempt
* 1:300415 <-> MALWARE-CNC Win.Trojan.njRAT variant download attempt
* 1:61291 <-> SERVER-OTHER FortiOS SSLVPNd Content-Length memory corruption attempt
* 1:61292 <-> OS-LINUX KSMBD unauthenticated remote heap overflow attempt
* 1:61303 <-> OS-WINDOWS Microsoft Windows PPTP denial-of-service attempt

Modified Rules:

* 1:300134 <-> OS-WINDOWS Windows Network File System remote code execution attempt
* 1:300135 <-> PROTOCOL-RPC Portmapper NLM GETADDR call attempt
* 1:300136 <-> OS-WINDOWS Windows Network File System remote code execution attempt
* 1:300137 <-> PROTOCOL-RPC Portmapper NLM GETADDR call attempt

3110

2023-02-09 14:55:19 UTC

Snort Subscriber Rules Update

Date: 2023-02-08-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.1.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:300398 <-> MALWARE-OTHER Win.Trojan.Turla Crutch backdoor download
* 1:300399 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt
* 1:300400 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt
* 1:300401 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt
* 1:300402 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt
* 1:300403 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Zerologon download attempt
* 1:300404 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt
* 1:300405 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit PrintNightmare download attempt
* 1:300406 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit JuicyPotato download attempt
* 1:300407 <-> MALWARE-TOOLS Win.Tool.WinPWN UAC bypass module download attempt
* 1:300408 <-> MALWARE-TOOLS Win.Tool.WinPWN UAC bypass module download attempt
* 1:300409 <-> MALWARE-TOOLS Win.Tool.WinPWN Disk Cleanup UAC bypass module download attempt
* 1:300410 <-> MALWARE-TOOLS Win.Tool.WinPWN amsi module download attempt
* 1:300411 <-> MALWARE-TOOLS Win.Tool.WinPWN adpass module download attempt
* 1:300412 <-> MALWARE-CNC Win.Trojan.njRAT variant download attempt
* 1:300413 <-> MALWARE-CNC Win.Trojan.njRAT variant download attempt
* 1:300414 <-> MALWARE-CNC Win.Trojan.njRAT variant download attempt
* 1:300415 <-> MALWARE-CNC Win.Trojan.njRAT variant download attempt
* 1:61291 <-> SERVER-OTHER FortiOS SSLVPNd Content-Length memory corruption attempt
* 1:61292 <-> OS-LINUX KSMBD unauthenticated remote heap overflow attempt
* 1:61303 <-> OS-WINDOWS Microsoft Windows PPTP denial-of-service attempt

Modified Rules:

* 1:300134 <-> OS-WINDOWS Windows Network File System remote code execution attempt
* 1:300135 <-> PROTOCOL-RPC Portmapper NLM GETADDR call attempt
* 1:300136 <-> OS-WINDOWS Windows Network File System remote code execution attempt
* 1:300137 <-> PROTOCOL-RPC Portmapper NLM GETADDR call attempt

3130

2023-02-09 14:55:19 UTC

Snort Subscriber Rules Update

Date: 2023-02-08-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.3.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:300398 <-> MALWARE-OTHER Win.Trojan.Turla Crutch backdoor download
* 1:300399 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt
* 1:300400 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt
* 1:300401 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt
* 1:300402 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt
* 1:300403 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Zerologon download attempt
* 1:300404 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt
* 1:300405 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit PrintNightmare download attempt
* 1:300406 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit JuicyPotato download attempt
* 1:300407 <-> MALWARE-TOOLS Win.Tool.WinPWN UAC bypass module download attempt
* 1:300408 <-> MALWARE-TOOLS Win.Tool.WinPWN UAC bypass module download attempt
* 1:300409 <-> MALWARE-TOOLS Win.Tool.WinPWN Disk Cleanup UAC bypass module download attempt
* 1:300410 <-> MALWARE-TOOLS Win.Tool.WinPWN amsi module download attempt
* 1:300411 <-> MALWARE-TOOLS Win.Tool.WinPWN adpass module download attempt
* 1:300412 <-> MALWARE-CNC Win.Trojan.njRAT variant download attempt
* 1:300413 <-> MALWARE-CNC Win.Trojan.njRAT variant download attempt
* 1:300414 <-> MALWARE-CNC Win.Trojan.njRAT variant download attempt
* 1:300415 <-> MALWARE-CNC Win.Trojan.njRAT variant download attempt
* 1:61291 <-> SERVER-OTHER FortiOS SSLVPNd Content-Length memory corruption attempt
* 1:61292 <-> OS-LINUX KSMBD unauthenticated remote heap overflow attempt
* 1:61303 <-> OS-WINDOWS Microsoft Windows PPTP denial-of-service attempt

Modified Rules:

* 1:300134 <-> OS-WINDOWS Windows Network File System remote code execution attempt
* 1:300135 <-> PROTOCOL-RPC Portmapper NLM GETADDR call attempt
* 1:300136 <-> OS-WINDOWS Windows Network File System remote code execution attempt
* 1:300137 <-> PROTOCOL-RPC Portmapper NLM GETADDR call attempt

3140

2023-02-09 14:55:19 UTC

Snort Subscriber Rules Update

Date: 2023-02-08-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.4.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:300398 <-> MALWARE-OTHER Win.Trojan.Turla Crutch backdoor download
* 1:300399 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt
* 1:300400 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt
* 1:300401 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt
* 1:300402 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt
* 1:300403 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Zerologon download attempt
* 1:300404 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt
* 1:300405 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit PrintNightmare download attempt
* 1:300406 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit JuicyPotato download attempt
* 1:300407 <-> MALWARE-TOOLS Win.Tool.WinPWN UAC bypass module download attempt
* 1:300408 <-> MALWARE-TOOLS Win.Tool.WinPWN UAC bypass module download attempt
* 1:300409 <-> MALWARE-TOOLS Win.Tool.WinPWN Disk Cleanup UAC bypass module download attempt
* 1:300410 <-> MALWARE-TOOLS Win.Tool.WinPWN amsi module download attempt
* 1:300411 <-> MALWARE-TOOLS Win.Tool.WinPWN adpass module download attempt
* 1:300412 <-> MALWARE-CNC Win.Trojan.njRAT variant download attempt
* 1:300413 <-> MALWARE-CNC Win.Trojan.njRAT variant download attempt
* 1:300414 <-> MALWARE-CNC Win.Trojan.njRAT variant download attempt
* 1:300415 <-> MALWARE-CNC Win.Trojan.njRAT variant download attempt
* 1:61291 <-> SERVER-OTHER FortiOS SSLVPNd Content-Length memory corruption attempt
* 1:61292 <-> OS-LINUX KSMBD unauthenticated remote heap overflow attempt
* 1:61303 <-> OS-WINDOWS Microsoft Windows PPTP denial-of-service attempt

Modified Rules:

* 1:300134 <-> OS-WINDOWS Windows Network File System remote code execution attempt
* 1:300135 <-> PROTOCOL-RPC Portmapper NLM GETADDR call attempt
* 1:300136 <-> OS-WINDOWS Windows Network File System remote code execution attempt
* 1:300137 <-> PROTOCOL-RPC Portmapper NLM GETADDR call attempt

3150

2023-02-09 14:55:19 UTC

Snort Subscriber Rules Update

Date: 2023-02-08-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.5.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:300398 <-> MALWARE-OTHER Win.Trojan.Turla Crutch backdoor download
* 1:300399 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt
* 1:300400 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt
* 1:300401 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt
* 1:300402 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt
* 1:300403 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Zerologon download attempt
* 1:300404 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt
* 1:300405 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit PrintNightmare download attempt
* 1:300406 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit JuicyPotato download attempt
* 1:300407 <-> MALWARE-TOOLS Win.Tool.WinPWN UAC bypass module download attempt
* 1:300408 <-> MALWARE-TOOLS Win.Tool.WinPWN UAC bypass module download attempt
* 1:300409 <-> MALWARE-TOOLS Win.Tool.WinPWN Disk Cleanup UAC bypass module download attempt
* 1:300410 <-> MALWARE-TOOLS Win.Tool.WinPWN amsi module download attempt
* 1:300411 <-> MALWARE-TOOLS Win.Tool.WinPWN adpass module download attempt
* 1:300412 <-> MALWARE-CNC Win.Trojan.njRAT variant download attempt
* 1:300413 <-> MALWARE-CNC Win.Trojan.njRAT variant download attempt
* 1:300414 <-> MALWARE-CNC Win.Trojan.njRAT variant download attempt
* 1:300415 <-> MALWARE-CNC Win.Trojan.njRAT variant download attempt
* 1:61291 <-> SERVER-OTHER FortiOS SSLVPNd Content-Length memory corruption attempt
* 1:61292 <-> OS-LINUX KSMBD unauthenticated remote heap overflow attempt
* 1:61303 <-> OS-WINDOWS Microsoft Windows PPTP denial-of-service attempt

Modified Rules:

* 1:300134 <-> OS-WINDOWS Windows Network File System remote code execution attempt
* 1:300135 <-> PROTOCOL-RPC Portmapper NLM GETADDR call attempt
* 1:300136 <-> OS-WINDOWS Windows Network File System remote code execution attempt
* 1:300137 <-> PROTOCOL-RPC Portmapper NLM GETADDR call attempt

3170

2023-02-09 14:55:19 UTC

Snort Subscriber Rules Update

Date: 2023-02-08-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.7.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:300398 <-> MALWARE-OTHER Win.Trojan.Turla Crutch backdoor download
* 1:300399 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt
* 1:300400 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt
* 1:300401 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt
* 1:300402 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt
* 1:300403 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Zerologon download attempt
* 1:300404 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt
* 1:300405 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit PrintNightmare download attempt
* 1:300406 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit JuicyPotato download attempt
* 1:300407 <-> MALWARE-TOOLS Win.Tool.WinPWN UAC bypass module download attempt
* 1:300408 <-> MALWARE-TOOLS Win.Tool.WinPWN UAC bypass module download attempt
* 1:300409 <-> MALWARE-TOOLS Win.Tool.WinPWN Disk Cleanup UAC bypass module download attempt
* 1:300410 <-> MALWARE-TOOLS Win.Tool.WinPWN amsi module download attempt
* 1:300411 <-> MALWARE-TOOLS Win.Tool.WinPWN adpass module download attempt
* 1:300412 <-> MALWARE-CNC Win.Trojan.njRAT variant download attempt
* 1:300413 <-> MALWARE-CNC Win.Trojan.njRAT variant download attempt
* 1:300414 <-> MALWARE-CNC Win.Trojan.njRAT variant download attempt
* 1:300415 <-> MALWARE-CNC Win.Trojan.njRAT variant download attempt
* 1:61291 <-> SERVER-OTHER FortiOS SSLVPNd Content-Length memory corruption attempt
* 1:61292 <-> OS-LINUX KSMBD unauthenticated remote heap overflow attempt
* 1:61303 <-> OS-WINDOWS Microsoft Windows PPTP denial-of-service attempt

Modified Rules:

* 1:300134 <-> OS-WINDOWS Windows Network File System remote code execution attempt
* 1:300135 <-> PROTOCOL-RPC Portmapper NLM GETADDR call attempt
* 1:300136 <-> OS-WINDOWS Windows Network File System remote code execution attempt
* 1:300137 <-> PROTOCOL-RPC Portmapper NLM GETADDR call attempt

3190

2023-02-09 14:55:19 UTC

Snort Subscriber Rules Update

Date: 2023-02-08-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.9.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:300398 <-> MALWARE-OTHER Win.Trojan.Turla Crutch backdoor download
* 1:300399 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt
* 1:300400 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt
* 1:300401 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt
* 1:300402 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt
* 1:300403 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Zerologon download attempt
* 1:300404 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt
* 1:300405 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit PrintNightmare download attempt
* 1:300406 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit JuicyPotato download attempt
* 1:300407 <-> MALWARE-TOOLS Win.Tool.WinPWN UAC bypass module download attempt
* 1:300408 <-> MALWARE-TOOLS Win.Tool.WinPWN UAC bypass module download attempt
* 1:300409 <-> MALWARE-TOOLS Win.Tool.WinPWN Disk Cleanup UAC bypass module download attempt
* 1:300410 <-> MALWARE-TOOLS Win.Tool.WinPWN amsi module download attempt
* 1:300411 <-> MALWARE-TOOLS Win.Tool.WinPWN adpass module download attempt
* 1:300412 <-> MALWARE-CNC Win.Trojan.njRAT variant download attempt
* 1:300413 <-> MALWARE-CNC Win.Trojan.njRAT variant download attempt
* 1:300414 <-> MALWARE-CNC Win.Trojan.njRAT variant download attempt
* 1:300415 <-> MALWARE-CNC Win.Trojan.njRAT variant download attempt
* 1:61291 <-> SERVER-OTHER FortiOS SSLVPNd Content-Length memory corruption attempt
* 1:61292 <-> OS-LINUX KSMBD unauthenticated remote heap overflow attempt
* 1:61303 <-> OS-WINDOWS Microsoft Windows PPTP denial-of-service attempt

Modified Rules:

* 1:300134 <-> OS-WINDOWS Windows Network File System remote code execution attempt
* 1:300135 <-> PROTOCOL-RPC Portmapper NLM GETADDR call attempt
* 1:300136 <-> OS-WINDOWS Windows Network File System remote code execution attempt
* 1:300137 <-> PROTOCOL-RPC Portmapper NLM GETADDR call attempt

31110

2023-02-09 14:55:19 UTC

Snort Subscriber Rules Update

Date: 2023-02-08-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.11.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:300398 <-> MALWARE-OTHER Win.Trojan.Turla Crutch backdoor download
* 1:300399 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt
* 1:300400 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt
* 1:300401 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt
* 1:300402 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt
* 1:300403 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Zerologon download attempt
* 1:300404 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt
* 1:300405 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit PrintNightmare download attempt
* 1:300406 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit JuicyPotato download attempt
* 1:300407 <-> MALWARE-TOOLS Win.Tool.WinPWN UAC bypass module download attempt
* 1:300408 <-> MALWARE-TOOLS Win.Tool.WinPWN UAC bypass module download attempt
* 1:300409 <-> MALWARE-TOOLS Win.Tool.WinPWN Disk Cleanup UAC bypass module download attempt
* 1:300410 <-> MALWARE-TOOLS Win.Tool.WinPWN amsi module download attempt
* 1:300411 <-> MALWARE-TOOLS Win.Tool.WinPWN adpass module download attempt
* 1:300412 <-> MALWARE-CNC Win.Trojan.njRAT variant download attempt
* 1:300413 <-> MALWARE-CNC Win.Trojan.njRAT variant download attempt
* 1:300414 <-> MALWARE-CNC Win.Trojan.njRAT variant download attempt
* 1:300415 <-> MALWARE-CNC Win.Trojan.njRAT variant download attempt
* 1:61291 <-> SERVER-OTHER FortiOS SSLVPNd Content-Length memory corruption attempt
* 1:61292 <-> OS-LINUX KSMBD unauthenticated remote heap overflow attempt
* 1:61303 <-> OS-WINDOWS Microsoft Windows PPTP denial-of-service attempt

Modified Rules:

* 1:300134 <-> OS-WINDOWS Windows Network File System remote code execution attempt
* 1:300135 <-> PROTOCOL-RPC Portmapper NLM GETADDR call attempt
* 1:300136 <-> OS-WINDOWS Windows Network File System remote code execution attempt
* 1:300137 <-> PROTOCOL-RPC Portmapper NLM GETADDR call attempt

31150

2023-02-09 14:55:19 UTC

Snort Subscriber Rules Update

Date: 2023-02-08-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.15.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:300398 <-> MALWARE-OTHER Win.Trojan.Turla Crutch backdoor download
* 1:300399 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt
* 1:300400 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt
* 1:300401 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt
* 1:300402 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt
* 1:300403 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Zerologon download attempt
* 1:300404 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt
* 1:300405 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit PrintNightmare download attempt
* 1:300406 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit JuicyPotato download attempt
* 1:300407 <-> MALWARE-TOOLS Win.Tool.WinPWN UAC bypass module download attempt
* 1:300408 <-> MALWARE-TOOLS Win.Tool.WinPWN UAC bypass module download attempt
* 1:300409 <-> MALWARE-TOOLS Win.Tool.WinPWN Disk Cleanup UAC bypass module download attempt
* 1:300410 <-> MALWARE-TOOLS Win.Tool.WinPWN amsi module download attempt
* 1:300411 <-> MALWARE-TOOLS Win.Tool.WinPWN adpass module download attempt
* 1:300412 <-> MALWARE-CNC Win.Trojan.njRAT variant download attempt
* 1:300413 <-> MALWARE-CNC Win.Trojan.njRAT variant download attempt
* 1:300414 <-> MALWARE-CNC Win.Trojan.njRAT variant download attempt
* 1:300415 <-> MALWARE-CNC Win.Trojan.njRAT variant download attempt
* 1:61291 <-> SERVER-OTHER FortiOS SSLVPNd Content-Length memory corruption attempt
* 1:61292 <-> OS-LINUX KSMBD unauthenticated remote heap overflow attempt
* 1:61303 <-> OS-WINDOWS Microsoft Windows PPTP denial-of-service attempt

Modified Rules:

* 1:300134 <-> OS-WINDOWS Windows Network File System remote code execution attempt
* 1:300135 <-> PROTOCOL-RPC Portmapper NLM GETADDR call attempt
* 1:300136 <-> OS-WINDOWS Windows Network File System remote code execution attempt
* 1:300137 <-> PROTOCOL-RPC Portmapper NLM GETADDR call attempt

31180

2023-02-09 14:55:19 UTC

Snort Subscriber Rules Update

Date: 2023-02-08-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.18.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:300398 <-> MALWARE-OTHER Win.Trojan.Turla Crutch backdoor download
* 1:300399 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt
* 1:300400 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt
* 1:300401 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt
* 1:300402 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt
* 1:300403 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Zerologon download attempt
* 1:300404 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt
* 1:300405 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit PrintNightmare download attempt
* 1:300406 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit JuicyPotato download attempt
* 1:300407 <-> MALWARE-TOOLS Win.Tool.WinPWN UAC bypass module download attempt
* 1:300408 <-> MALWARE-TOOLS Win.Tool.WinPWN UAC bypass module download attempt
* 1:300409 <-> MALWARE-TOOLS Win.Tool.WinPWN Disk Cleanup UAC bypass module download attempt
* 1:300410 <-> MALWARE-TOOLS Win.Tool.WinPWN amsi module download attempt
* 1:300411 <-> MALWARE-TOOLS Win.Tool.WinPWN adpass module download attempt
* 1:300412 <-> MALWARE-CNC Win.Trojan.njRAT variant download attempt
* 1:300413 <-> MALWARE-CNC Win.Trojan.njRAT variant download attempt
* 1:300414 <-> MALWARE-CNC Win.Trojan.njRAT variant download attempt
* 1:300415 <-> MALWARE-CNC Win.Trojan.njRAT variant download attempt
* 1:61291 <-> SERVER-OTHER FortiOS SSLVPNd Content-Length memory corruption attempt
* 1:61292 <-> OS-LINUX KSMBD unauthenticated remote heap overflow attempt
* 1:61303 <-> OS-WINDOWS Microsoft Windows PPTP denial-of-service attempt

Modified Rules:

* 1:300134 <-> OS-WINDOWS Windows Network File System remote code execution attempt
* 1:300135 <-> PROTOCOL-RPC Portmapper NLM GETADDR call attempt
* 1:300136 <-> OS-WINDOWS Windows Network File System remote code execution attempt
* 1:300137 <-> PROTOCOL-RPC Portmapper NLM GETADDR call attempt

31200

2023-02-09 14:55:19 UTC

Snort Subscriber Rules Update

Date: 2023-02-08-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.20.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:300398 <-> MALWARE-OTHER Win.Trojan.Turla Crutch backdoor download
* 1:300399 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt
* 1:300400 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt
* 1:300401 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt
* 1:300402 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt
* 1:300403 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Zerologon download attempt
* 1:300404 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt
* 1:300405 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit PrintNightmare download attempt
* 1:300406 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit JuicyPotato download attempt
* 1:300407 <-> MALWARE-TOOLS Win.Tool.WinPWN UAC bypass module download attempt
* 1:300408 <-> MALWARE-TOOLS Win.Tool.WinPWN UAC bypass module download attempt
* 1:300409 <-> MALWARE-TOOLS Win.Tool.WinPWN Disk Cleanup UAC bypass module download attempt
* 1:300410 <-> MALWARE-TOOLS Win.Tool.WinPWN amsi module download attempt
* 1:300411 <-> MALWARE-TOOLS Win.Tool.WinPWN adpass module download attempt
* 1:300412 <-> MALWARE-CNC Win.Trojan.njRAT variant download attempt
* 1:300413 <-> MALWARE-CNC Win.Trojan.njRAT variant download attempt
* 1:300414 <-> MALWARE-CNC Win.Trojan.njRAT variant download attempt
* 1:300415 <-> MALWARE-CNC Win.Trojan.njRAT variant download attempt
* 1:61291 <-> SERVER-OTHER FortiOS SSLVPNd Content-Length memory corruption attempt
* 1:61292 <-> OS-LINUX KSMBD unauthenticated remote heap overflow attempt
* 1:61303 <-> OS-WINDOWS Microsoft Windows PPTP denial-of-service attempt

Modified Rules:

* 1:300134 <-> OS-WINDOWS Windows Network File System remote code execution attempt
* 1:300135 <-> PROTOCOL-RPC Portmapper NLM GETADDR call attempt
* 1:300136 <-> OS-WINDOWS Windows Network File System remote code execution attempt
* 1:300137 <-> PROTOCOL-RPC Portmapper NLM GETADDR call attempt

31210

2023-02-09 14:55:19 UTC

Snort Subscriber Rules Update

Date: 2023-02-08-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.21.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:300398 <-> MALWARE-OTHER Win.Trojan.Turla Crutch backdoor download
* 1:300399 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt
* 1:300400 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt
* 1:300401 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt
* 1:300402 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt
* 1:300403 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Zerologon download attempt
* 1:300404 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt
* 1:300405 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit PrintNightmare download attempt
* 1:300406 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit JuicyPotato download attempt
* 1:300407 <-> MALWARE-TOOLS Win.Tool.WinPWN UAC bypass module download attempt
* 1:300408 <-> MALWARE-TOOLS Win.Tool.WinPWN UAC bypass module download attempt
* 1:300409 <-> MALWARE-TOOLS Win.Tool.WinPWN Disk Cleanup UAC bypass module download attempt
* 1:300410 <-> MALWARE-TOOLS Win.Tool.WinPWN amsi module download attempt
* 1:300411 <-> MALWARE-TOOLS Win.Tool.WinPWN adpass module download attempt
* 1:300412 <-> MALWARE-CNC Win.Trojan.njRAT variant download attempt
* 1:300413 <-> MALWARE-CNC Win.Trojan.njRAT variant download attempt
* 1:300414 <-> MALWARE-CNC Win.Trojan.njRAT variant download attempt
* 1:300415 <-> MALWARE-CNC Win.Trojan.njRAT variant download attempt
* 1:61291 <-> SERVER-OTHER FortiOS SSLVPNd Content-Length memory corruption attempt
* 1:61292 <-> OS-LINUX KSMBD unauthenticated remote heap overflow attempt
* 1:61303 <-> OS-WINDOWS Microsoft Windows PPTP denial-of-service attempt

Modified Rules:

* 1:300134 <-> OS-WINDOWS Windows Network File System remote code execution attempt
* 1:300135 <-> PROTOCOL-RPC Portmapper NLM GETADDR call attempt
* 1:300136 <-> OS-WINDOWS Windows Network File System remote code execution attempt
* 1:300137 <-> PROTOCOL-RPC Portmapper NLM GETADDR call attempt

31350

2023-02-09 14:55:20 UTC

Snort Subscriber Rules Update

Date: 2023-02-08-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.35.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:300398 <-> MALWARE-OTHER Win.Trojan.Turla Crutch backdoor download
* 1:300399 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt
* 1:300400 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt
* 1:300401 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt
* 1:300402 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt
* 1:300403 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Zerologon download attempt
* 1:300404 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt
* 1:300405 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit PrintNightmare download attempt
* 1:300406 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit JuicyPotato download attempt
* 1:300407 <-> MALWARE-TOOLS Win.Tool.WinPWN UAC bypass module download attempt
* 1:300408 <-> MALWARE-TOOLS Win.Tool.WinPWN UAC bypass module download attempt
* 1:300409 <-> MALWARE-TOOLS Win.Tool.WinPWN Disk Cleanup UAC bypass module download attempt
* 1:300410 <-> MALWARE-TOOLS Win.Tool.WinPWN amsi module download attempt
* 1:300411 <-> MALWARE-TOOLS Win.Tool.WinPWN adpass module download attempt
* 1:300412 <-> MALWARE-CNC Win.Trojan.njRAT variant download attempt
* 1:300413 <-> MALWARE-CNC Win.Trojan.njRAT variant download attempt
* 1:300414 <-> MALWARE-CNC Win.Trojan.njRAT variant download attempt
* 1:300415 <-> MALWARE-CNC Win.Trojan.njRAT variant download attempt
* 1:61291 <-> SERVER-OTHER FortiOS SSLVPNd Content-Length memory corruption attempt
* 1:61292 <-> OS-LINUX KSMBD unauthenticated remote heap overflow attempt
* 1:61303 <-> OS-WINDOWS Microsoft Windows PPTP denial-of-service attempt

Modified Rules:

* 1:300134 <-> OS-WINDOWS Windows Network File System remote code execution attempt
* 1:300135 <-> PROTOCOL-RPC Portmapper NLM GETADDR call attempt
* 1:300136 <-> OS-WINDOWS Windows Network File System remote code execution attempt
* 1:300137 <-> PROTOCOL-RPC Portmapper NLM GETADDR call attempt

31440

2023-02-09 14:55:20 UTC

Snort Subscriber Rules Update

Date: 2023-02-08-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.44.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:300398 <-> MALWARE-OTHER Win.Trojan.Turla Crutch backdoor download
* 1:300399 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt
* 1:300400 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt
* 1:300401 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt
* 1:300402 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt
* 1:300403 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Zerologon download attempt
* 1:300404 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt
* 1:300405 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit PrintNightmare download attempt
* 1:300406 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit JuicyPotato download attempt
* 1:300407 <-> MALWARE-TOOLS Win.Tool.WinPWN UAC bypass module download attempt
* 1:300408 <-> MALWARE-TOOLS Win.Tool.WinPWN UAC bypass module download attempt
* 1:300409 <-> MALWARE-TOOLS Win.Tool.WinPWN Disk Cleanup UAC bypass module download attempt
* 1:300410 <-> MALWARE-TOOLS Win.Tool.WinPWN amsi module download attempt
* 1:300411 <-> MALWARE-TOOLS Win.Tool.WinPWN adpass module download attempt
* 1:300412 <-> MALWARE-CNC Win.Trojan.njRAT variant download attempt
* 1:300413 <-> MALWARE-CNC Win.Trojan.njRAT variant download attempt
* 1:300414 <-> MALWARE-CNC Win.Trojan.njRAT variant download attempt
* 1:300415 <-> MALWARE-CNC Win.Trojan.njRAT variant download attempt
* 1:61291 <-> SERVER-OTHER FortiOS SSLVPNd Content-Length memory corruption attempt
* 1:61292 <-> OS-LINUX KSMBD unauthenticated remote heap overflow attempt
* 1:61303 <-> OS-WINDOWS Microsoft Windows PPTP denial-of-service attempt

Modified Rules:

* 1:300134 <-> OS-WINDOWS Windows Network File System remote code execution attempt
* 1:300135 <-> PROTOCOL-RPC Portmapper NLM GETADDR call attempt
* 1:300136 <-> OS-WINDOWS Windows Network File System remote code execution attempt
* 1:300137 <-> PROTOCOL-RPC Portmapper NLM GETADDR call attempt

31470

2023-02-09 14:55:20 UTC

Snort Subscriber Rules Update

Date: 2023-02-08-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.47.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:300398 <-> MALWARE-OTHER Win.Trojan.Turla Crutch backdoor download
* 1:300399 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt
* 1:300400 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt
* 1:300401 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt
* 1:300402 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt
* 1:300403 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Zerologon download attempt
* 1:300404 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt
* 1:300405 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit PrintNightmare download attempt
* 1:300406 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit JuicyPotato download attempt
* 1:300407 <-> MALWARE-TOOLS Win.Tool.WinPWN UAC bypass module download attempt
* 1:300408 <-> MALWARE-TOOLS Win.Tool.WinPWN UAC bypass module download attempt
* 1:300409 <-> MALWARE-TOOLS Win.Tool.WinPWN Disk Cleanup UAC bypass module download attempt
* 1:300410 <-> MALWARE-TOOLS Win.Tool.WinPWN amsi module download attempt
* 1:300411 <-> MALWARE-TOOLS Win.Tool.WinPWN adpass module download attempt
* 1:300412 <-> MALWARE-CNC Win.Trojan.njRAT variant download attempt
* 1:300413 <-> MALWARE-CNC Win.Trojan.njRAT variant download attempt
* 1:300414 <-> MALWARE-CNC Win.Trojan.njRAT variant download attempt
* 1:300415 <-> MALWARE-CNC Win.Trojan.njRAT variant download attempt
* 1:61291 <-> SERVER-OTHER FortiOS SSLVPNd Content-Length memory corruption attempt
* 1:61292 <-> OS-LINUX KSMBD unauthenticated remote heap overflow attempt
* 1:61303 <-> OS-WINDOWS Microsoft Windows PPTP denial-of-service attempt

Modified Rules:

* 1:300134 <-> OS-WINDOWS Windows Network File System remote code execution attempt
* 1:300135 <-> PROTOCOL-RPC Portmapper NLM GETADDR call attempt
* 1:300136 <-> OS-WINDOWS Windows Network File System remote code execution attempt
* 1:300137 <-> PROTOCOL-RPC Portmapper NLM GETADDR call attempt