Talos Rules 2023-05-30
This release adds and modifies rules in several categories.

Talos has added and modified multiple rules in the browser-chrome, malware-cnc, malware-other and server-webapp rule sets to provide coverage for emerging threats from these technologies.

For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.

Change logs

2023-05-31 01:57:04 UTC

Snort Subscriber Rules Update

Date: 2023-05-30

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2092000.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:61804 <-> DISABLED <-> BROWSER-CHROME Google Chrome PerformLayout use after free attempt (browser-chrome.rules)
 * 1:61805 <-> DISABLED <-> BROWSER-CHROME Google Chrome PerformLayout use after free attempt (browser-chrome.rules)
 * 1:61806 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61807 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61808 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61809 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61810 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61811 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61812 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61813 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61814 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61815 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61816 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61817 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61818 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61819 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61820 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61821 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61822 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61823 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61824 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61825 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61826 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61827 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61828 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61829 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61830 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61831 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61832 <-> DISABLED <-> SERVER-WEBAPP Bitrix CMS HTML Editor Module arbitrary code injection attempt (server-webapp.rules)
 * 1:61833 <-> DISABLED <-> SERVER-WEBAPP Bitrix CMS Vote Module arbitrary code injection attempt (server-webapp.rules)
 * 1:61834 <-> DISABLED <-> SERVER-WEBAPP Bitrix CMS Vote Module PHP file injection attempt (server-webapp.rules)
 * 1:61835 <-> DISABLED <-> SERVER-WEBAPP Bitrix CMS HTML Editor Module PHP file injection attempt (server-webapp.rules)
 * 1:61836 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DHCP service remove code execution attempt (os-windows.rules)
 * 1:61837 <-> DISABLED <-> SERVER-WEBAPP Ruckus Wireless Admin command injection attempt (server-webapp.rules)
 * 1:61838 <-> DISABLED <-> SERVER-WEBAPP Ruckus Wireless Admin command injection attempt (server-webapp.rules)
 * 1:61839 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Horabot data exfiltration attempt (malware-cnc.rules)
 * 1:61840 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Horabot phishing attempt (malware-other.rules)
 * 1:61841 <-> DISABLED <-> MALWARE-CNC Ps1.Trojan.Horabot malicious file download attempt (malware-cnc.rules)
 * 1:61842 <-> DISABLED <-> MALWARE-CNC Ps1.Trojan.Horabot malicious file download attempt (malware-cnc.rules)
 * 1:61843 <-> DISABLED <-> MALWARE-OTHER Html.Downloader.Horabot trojan phishing attempt (malware-other.rules)
 * 1:61844 <-> DISABLED <-> MALWARE-OTHER Html.Downloader.Horabot trojan phishing attempt (malware-other.rules)
 * 1:61845 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Horabot malicious file download attempt (malware-cnc.rules)
 * 1:61846 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Horabot malicious file download attempt (malware-cnc.rules)
 * 1:61847 <-> DISABLED <-> MALWARE-CNC Ps1.Trojan.Horabot malicious file download attempt (malware-cnc.rules)
 * 1:61848 <-> DISABLED <-> MALWARE-CNC Ps1.Trojan.Horabot malicious file download attempt (malware-cnc.rules)
 * 1:61849 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Horabot malicious file download attempt (malware-cnc.rules)
 * 1:61850 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Horabot malicious file download attempt (malware-cnc.rules)
 * 1:61851 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Horabot malicious file download attempt (malware-cnc.rules)
 * 1:61852 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Horabot malicious file download attempt (malware-cnc.rules)
 * 1:61853 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Horabot malicious file download attempt (malware-cnc.rules)
 * 1:61854 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Horabot malicious file download attempt (malware-cnc.rules)
 * 1:61855 <-> DISABLED <-> MALWARE-CNC Ps1.Trojan.Horabot malicious file download attempt (malware-cnc.rules)
 * 1:61856 <-> DISABLED <-> MALWARE-CNC Ps1.Trojan.Horabot malicious file download attempt (malware-cnc.rules)
 * 1:61857 <-> DISABLED <-> MALWARE-OTHER Ps1.Downloader.Horabot malicious file download attempt (malware-other.rules)
 * 1:61858 <-> DISABLED <-> MALWARE-OTHER Ps1.Downloader.Horabot malicious file download attempt (malware-other.rules)

Modified Rules:



2023-05-31 01:57:04 UTC

Snort Subscriber Rules Update

Date: 2023-05-30

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2091900.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:61847 <-> DISABLED <-> MALWARE-CNC Ps1.Trojan.Horabot malicious file download attempt (malware-cnc.rules)
 * 1:61848 <-> DISABLED <-> MALWARE-CNC Ps1.Trojan.Horabot malicious file download attempt (malware-cnc.rules)
 * 1:61849 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Horabot malicious file download attempt (malware-cnc.rules)
 * 1:61804 <-> DISABLED <-> BROWSER-CHROME Google Chrome PerformLayout use after free attempt (browser-chrome.rules)
 * 1:61805 <-> DISABLED <-> BROWSER-CHROME Google Chrome PerformLayout use after free attempt (browser-chrome.rules)
 * 1:61806 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61807 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61808 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61809 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61810 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61811 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61812 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61813 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61814 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61815 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61816 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61817 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61818 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61819 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61820 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61821 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61822 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61823 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61824 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61825 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61826 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61827 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61828 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61829 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61830 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61831 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61832 <-> DISABLED <-> SERVER-WEBAPP Bitrix CMS HTML Editor Module arbitrary code injection attempt (server-webapp.rules)
 * 1:61833 <-> DISABLED <-> SERVER-WEBAPP Bitrix CMS Vote Module arbitrary code injection attempt (server-webapp.rules)
 * 1:61834 <-> DISABLED <-> SERVER-WEBAPP Bitrix CMS Vote Module PHP file injection attempt (server-webapp.rules)
 * 1:61835 <-> DISABLED <-> SERVER-WEBAPP Bitrix CMS HTML Editor Module PHP file injection attempt (server-webapp.rules)
 * 1:61836 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DHCP service remove code execution attempt (os-windows.rules)
 * 1:61837 <-> DISABLED <-> SERVER-WEBAPP Ruckus Wireless Admin command injection attempt (server-webapp.rules)
 * 1:61838 <-> DISABLED <-> SERVER-WEBAPP Ruckus Wireless Admin command injection attempt (server-webapp.rules)
 * 1:61839 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Horabot data exfiltration attempt (malware-cnc.rules)
 * 1:61840 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Horabot phishing attempt (malware-other.rules)
 * 1:61841 <-> DISABLED <-> MALWARE-CNC Ps1.Trojan.Horabot malicious file download attempt (malware-cnc.rules)
 * 1:61842 <-> DISABLED <-> MALWARE-CNC Ps1.Trojan.Horabot malicious file download attempt (malware-cnc.rules)
 * 1:61843 <-> DISABLED <-> MALWARE-OTHER Html.Downloader.Horabot trojan phishing attempt (malware-other.rules)
 * 1:61844 <-> DISABLED <-> MALWARE-OTHER Html.Downloader.Horabot trojan phishing attempt (malware-other.rules)
 * 1:61845 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Horabot malicious file download attempt (malware-cnc.rules)
 * 1:61846 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Horabot malicious file download attempt (malware-cnc.rules)
 * 1:61850 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Horabot malicious file download attempt (malware-cnc.rules)
 * 1:61851 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Horabot malicious file download attempt (malware-cnc.rules)
 * 1:61852 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Horabot malicious file download attempt (malware-cnc.rules)
 * 1:61853 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Horabot malicious file download attempt (malware-cnc.rules)
 * 1:61854 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Horabot malicious file download attempt (malware-cnc.rules)
 * 1:61855 <-> DISABLED <-> MALWARE-CNC Ps1.Trojan.Horabot malicious file download attempt (malware-cnc.rules)
 * 1:61856 <-> DISABLED <-> MALWARE-CNC Ps1.Trojan.Horabot malicious file download attempt (malware-cnc.rules)
 * 1:61857 <-> DISABLED <-> MALWARE-OTHER Ps1.Downloader.Horabot malicious file download attempt (malware-other.rules)
 * 1:61858 <-> DISABLED <-> MALWARE-OTHER Ps1.Downloader.Horabot malicious file download attempt (malware-other.rules)

Modified Rules:



2023-05-31 01:57:04 UTC

Snort Subscriber Rules Update

Date: 2023-05-30

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2091801.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:61805 <-> DISABLED <-> BROWSER-CHROME Google Chrome PerformLayout use after free attempt (browser-chrome.rules)
 * 1:61804 <-> DISABLED <-> BROWSER-CHROME Google Chrome PerformLayout use after free attempt (browser-chrome.rules)
 * 1:61807 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61806 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61809 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61808 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61811 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61810 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61813 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61812 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61815 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61814 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61817 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61816 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61819 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61818 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61820 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61821 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61823 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61822 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61825 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61824 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61827 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61826 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61828 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61829 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61831 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61830 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61833 <-> DISABLED <-> SERVER-WEBAPP Bitrix CMS Vote Module arbitrary code injection attempt (server-webapp.rules)
 * 1:61832 <-> DISABLED <-> SERVER-WEBAPP Bitrix CMS HTML Editor Module arbitrary code injection attempt (server-webapp.rules)
 * 1:61844 <-> DISABLED <-> MALWARE-OTHER Html.Downloader.Horabot trojan phishing attempt (malware-other.rules)
 * 1:61858 <-> DISABLED <-> MALWARE-OTHER Ps1.Downloader.Horabot malicious file download attempt (malware-other.rules)
 * 1:61842 <-> DISABLED <-> MALWARE-CNC Ps1.Trojan.Horabot malicious file download attempt (malware-cnc.rules)
 * 1:61857 <-> DISABLED <-> MALWARE-OTHER Ps1.Downloader.Horabot malicious file download attempt (malware-other.rules)
 * 1:61848 <-> DISABLED <-> MALWARE-CNC Ps1.Trojan.Horabot malicious file download attempt (malware-cnc.rules)
 * 1:61849 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Horabot malicious file download attempt (malware-cnc.rules)
 * 1:61850 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Horabot malicious file download attempt (malware-cnc.rules)
 * 1:61851 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Horabot malicious file download attempt (malware-cnc.rules)
 * 1:61852 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Horabot malicious file download attempt (malware-cnc.rules)
 * 1:61853 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Horabot malicious file download attempt (malware-cnc.rules)
 * 1:61854 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Horabot malicious file download attempt (malware-cnc.rules)
 * 1:61855 <-> DISABLED <-> MALWARE-CNC Ps1.Trojan.Horabot malicious file download attempt (malware-cnc.rules)
 * 1:61856 <-> DISABLED <-> MALWARE-CNC Ps1.Trojan.Horabot malicious file download attempt (malware-cnc.rules)
 * 1:61843 <-> DISABLED <-> MALWARE-OTHER Html.Downloader.Horabot trojan phishing attempt (malware-other.rules)
 * 1:61835 <-> DISABLED <-> SERVER-WEBAPP Bitrix CMS HTML Editor Module PHP file injection attempt (server-webapp.rules)
 * 1:61836 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DHCP service remove code execution attempt (os-windows.rules)
 * 1:61834 <-> DISABLED <-> SERVER-WEBAPP Bitrix CMS Vote Module PHP file injection attempt (server-webapp.rules)
 * 1:61837 <-> DISABLED <-> SERVER-WEBAPP Ruckus Wireless Admin command injection attempt (server-webapp.rules)
 * 1:61838 <-> DISABLED <-> SERVER-WEBAPP Ruckus Wireless Admin command injection attempt (server-webapp.rules)
 * 1:61839 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Horabot data exfiltration attempt (malware-cnc.rules)
 * 1:61840 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Horabot phishing attempt (malware-other.rules)
 * 1:61841 <-> DISABLED <-> MALWARE-CNC Ps1.Trojan.Horabot malicious file download attempt (malware-cnc.rules)
 * 1:61846 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Horabot malicious file download attempt (malware-cnc.rules)
 * 1:61845 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Horabot malicious file download attempt (malware-cnc.rules)
 * 1:61847 <-> DISABLED <-> MALWARE-CNC Ps1.Trojan.Horabot malicious file download attempt (malware-cnc.rules)

Modified Rules:



2023-05-31 01:57:04 UTC

Snort Subscriber Rules Update

Date: 2023-05-30

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2091701.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:61827 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61852 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Horabot malicious file download attempt (malware-cnc.rules)
 * 1:61851 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Horabot malicious file download attempt (malware-cnc.rules)
 * 1:61853 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Horabot malicious file download attempt (malware-cnc.rules)
 * 1:61855 <-> DISABLED <-> MALWARE-CNC Ps1.Trojan.Horabot malicious file download attempt (malware-cnc.rules)
 * 1:61854 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Horabot malicious file download attempt (malware-cnc.rules)
 * 1:61857 <-> DISABLED <-> MALWARE-OTHER Ps1.Downloader.Horabot malicious file download attempt (malware-other.rules)
 * 1:61856 <-> DISABLED <-> MALWARE-CNC Ps1.Trojan.Horabot malicious file download attempt (malware-cnc.rules)
 * 1:61858 <-> DISABLED <-> MALWARE-OTHER Ps1.Downloader.Horabot malicious file download attempt (malware-other.rules)
 * 1:61846 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Horabot malicious file download attempt (malware-cnc.rules)
 * 1:61845 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Horabot malicious file download attempt (malware-cnc.rules)
 * 1:61837 <-> DISABLED <-> SERVER-WEBAPP Ruckus Wireless Admin command injection attempt (server-webapp.rules)
 * 1:61836 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DHCP service remove code execution attempt (os-windows.rules)
 * 1:61848 <-> DISABLED <-> MALWARE-CNC Ps1.Trojan.Horabot malicious file download attempt (malware-cnc.rules)
 * 1:61826 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61850 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Horabot malicious file download attempt (malware-cnc.rules)
 * 1:61828 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61829 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61830 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61831 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61832 <-> DISABLED <-> SERVER-WEBAPP Bitrix CMS HTML Editor Module arbitrary code injection attempt (server-webapp.rules)
 * 1:61833 <-> DISABLED <-> SERVER-WEBAPP Bitrix CMS Vote Module arbitrary code injection attempt (server-webapp.rules)
 * 1:61834 <-> DISABLED <-> SERVER-WEBAPP Bitrix CMS Vote Module PHP file injection attempt (server-webapp.rules)
 * 1:61835 <-> DISABLED <-> SERVER-WEBAPP Bitrix CMS HTML Editor Module PHP file injection attempt (server-webapp.rules)
 * 1:61825 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61849 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Horabot malicious file download attempt (malware-cnc.rules)
 * 1:61805 <-> DISABLED <-> BROWSER-CHROME Google Chrome PerformLayout use after free attempt (browser-chrome.rules)
 * 1:61804 <-> DISABLED <-> BROWSER-CHROME Google Chrome PerformLayout use after free attempt (browser-chrome.rules)
 * 1:61807 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61806 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61809 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61808 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61810 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61811 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61813 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61812 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61815 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61814 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61817 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61816 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61818 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61819 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61821 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61820 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61823 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61822 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61840 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Horabot phishing attempt (malware-other.rules)
 * 1:61838 <-> DISABLED <-> SERVER-WEBAPP Ruckus Wireless Admin command injection attempt (server-webapp.rules)
 * 1:61839 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Horabot data exfiltration attempt (malware-cnc.rules)
 * 1:61841 <-> DISABLED <-> MALWARE-CNC Ps1.Trojan.Horabot malicious file download attempt (malware-cnc.rules)
 * 1:61842 <-> DISABLED <-> MALWARE-CNC Ps1.Trojan.Horabot malicious file download attempt (malware-cnc.rules)
 * 1:61843 <-> DISABLED <-> MALWARE-OTHER Html.Downloader.Horabot trojan phishing attempt (malware-other.rules)
 * 1:61844 <-> DISABLED <-> MALWARE-OTHER Html.Downloader.Horabot trojan phishing attempt (malware-other.rules)
 * 1:61824 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61847 <-> DISABLED <-> MALWARE-CNC Ps1.Trojan.Horabot malicious file download attempt (malware-cnc.rules)

Modified Rules:



2023-05-31 01:57:04 UTC

Snort Subscriber Rules Update

Date: 2023-05-30

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2091700.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:61843 <-> DISABLED <-> MALWARE-OTHER Html.Downloader.Horabot trojan phishing attempt (malware-other.rules)
 * 1:61815 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61805 <-> DISABLED <-> BROWSER-CHROME Google Chrome PerformLayout use after free attempt (browser-chrome.rules)
 * 1:61806 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61847 <-> DISABLED <-> MALWARE-CNC Ps1.Trojan.Horabot malicious file download attempt (malware-cnc.rules)
 * 1:61844 <-> DISABLED <-> MALWARE-OTHER Html.Downloader.Horabot trojan phishing attempt (malware-other.rules)
 * 1:61845 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Horabot malicious file download attempt (malware-cnc.rules)
 * 1:61804 <-> DISABLED <-> BROWSER-CHROME Google Chrome PerformLayout use after free attempt (browser-chrome.rules)
 * 1:61816 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61807 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61808 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61809 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61810 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61811 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61812 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61814 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61813 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61851 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Horabot malicious file download attempt (malware-cnc.rules)
 * 1:61849 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Horabot malicious file download attempt (malware-cnc.rules)
 * 1:61852 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Horabot malicious file download attempt (malware-cnc.rules)
 * 1:61848 <-> DISABLED <-> MALWARE-CNC Ps1.Trojan.Horabot malicious file download attempt (malware-cnc.rules)
 * 1:61853 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Horabot malicious file download attempt (malware-cnc.rules)
 * 1:61850 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Horabot malicious file download attempt (malware-cnc.rules)
 * 1:61854 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Horabot malicious file download attempt (malware-cnc.rules)
 * 1:61855 <-> DISABLED <-> MALWARE-CNC Ps1.Trojan.Horabot malicious file download attempt (malware-cnc.rules)
 * 1:61856 <-> DISABLED <-> MALWARE-CNC Ps1.Trojan.Horabot malicious file download attempt (malware-cnc.rules)
 * 1:61857 <-> DISABLED <-> MALWARE-OTHER Ps1.Downloader.Horabot malicious file download attempt (malware-other.rules)
 * 1:61858 <-> DISABLED <-> MALWARE-OTHER Ps1.Downloader.Horabot malicious file download attempt (malware-other.rules)
 * 1:61846 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Horabot malicious file download attempt (malware-cnc.rules)
 * 1:61818 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61820 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61817 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61822 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61819 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61821 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61823 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61826 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61824 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61828 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61825 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61830 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61827 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61829 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61831 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61834 <-> DISABLED <-> SERVER-WEBAPP Bitrix CMS Vote Module PHP file injection attempt (server-webapp.rules)
 * 1:61832 <-> DISABLED <-> SERVER-WEBAPP Bitrix CMS HTML Editor Module arbitrary code injection attempt (server-webapp.rules)
 * 1:61836 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DHCP service remove code execution attempt (os-windows.rules)
 * 1:61833 <-> DISABLED <-> SERVER-WEBAPP Bitrix CMS Vote Module arbitrary code injection attempt (server-webapp.rules)
 * 1:61839 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Horabot data exfiltration attempt (malware-cnc.rules)
 * 1:61838 <-> DISABLED <-> SERVER-WEBAPP Ruckus Wireless Admin command injection attempt (server-webapp.rules)
 * 1:61837 <-> DISABLED <-> SERVER-WEBAPP Ruckus Wireless Admin command injection attempt (server-webapp.rules)
 * 1:61840 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Horabot phishing attempt (malware-other.rules)
 * 1:61841 <-> DISABLED <-> MALWARE-CNC Ps1.Trojan.Horabot malicious file download attempt (malware-cnc.rules)
 * 1:61842 <-> DISABLED <-> MALWARE-CNC Ps1.Trojan.Horabot malicious file download attempt (malware-cnc.rules)
 * 1:61835 <-> DISABLED <-> SERVER-WEBAPP Bitrix CMS HTML Editor Module PHP file injection attempt (server-webapp.rules)

Modified Rules:



2023-05-31 01:57:04 UTC

Snort Subscriber Rules Update

Date: 2023-05-30

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2091601.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:61850 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Horabot malicious file download attempt (malware-cnc.rules)
 * 1:61848 <-> DISABLED <-> MALWARE-CNC Ps1.Trojan.Horabot malicious file download attempt (malware-cnc.rules)
 * 1:61846 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Horabot malicious file download attempt (malware-cnc.rules)
 * 1:61822 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61824 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61820 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61825 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61821 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61823 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61826 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61830 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61828 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61832 <-> DISABLED <-> SERVER-WEBAPP Bitrix CMS HTML Editor Module arbitrary code injection attempt (server-webapp.rules)
 * 1:61827 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61833 <-> DISABLED <-> SERVER-WEBAPP Bitrix CMS Vote Module arbitrary code injection attempt (server-webapp.rules)
 * 1:61829 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61831 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61834 <-> DISABLED <-> SERVER-WEBAPP Bitrix CMS Vote Module PHP file injection attempt (server-webapp.rules)
 * 1:61838 <-> DISABLED <-> SERVER-WEBAPP Ruckus Wireless Admin command injection attempt (server-webapp.rules)
 * 1:61836 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DHCP service remove code execution attempt (os-windows.rules)
 * 1:61835 <-> DISABLED <-> SERVER-WEBAPP Bitrix CMS HTML Editor Module PHP file injection attempt (server-webapp.rules)
 * 1:61806 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61851 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Horabot malicious file download attempt (malware-cnc.rules)
 * 1:61849 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Horabot malicious file download attempt (malware-cnc.rules)
 * 1:61819 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61845 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Horabot malicious file download attempt (malware-cnc.rules)
 * 1:61804 <-> DISABLED <-> BROWSER-CHROME Google Chrome PerformLayout use after free attempt (browser-chrome.rules)
 * 1:61805 <-> DISABLED <-> BROWSER-CHROME Google Chrome PerformLayout use after free attempt (browser-chrome.rules)
 * 1:61807 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61847 <-> DISABLED <-> MALWARE-CNC Ps1.Trojan.Horabot malicious file download attempt (malware-cnc.rules)
 * 1:61813 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61808 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61810 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61812 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61811 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61814 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61815 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61816 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61809 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61817 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61818 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61853 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Horabot malicious file download attempt (malware-cnc.rules)
 * 1:61852 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Horabot malicious file download attempt (malware-cnc.rules)
 * 1:61855 <-> DISABLED <-> MALWARE-CNC Ps1.Trojan.Horabot malicious file download attempt (malware-cnc.rules)
 * 1:61854 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Horabot malicious file download attempt (malware-cnc.rules)
 * 1:61857 <-> DISABLED <-> MALWARE-OTHER Ps1.Downloader.Horabot malicious file download attempt (malware-other.rules)
 * 1:61856 <-> DISABLED <-> MALWARE-CNC Ps1.Trojan.Horabot malicious file download attempt (malware-cnc.rules)
 * 1:61858 <-> DISABLED <-> MALWARE-OTHER Ps1.Downloader.Horabot malicious file download attempt (malware-other.rules)
 * 1:61841 <-> DISABLED <-> MALWARE-CNC Ps1.Trojan.Horabot malicious file download attempt (malware-cnc.rules)
 * 1:61840 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Horabot phishing attempt (malware-other.rules)
 * 1:61837 <-> DISABLED <-> SERVER-WEBAPP Ruckus Wireless Admin command injection attempt (server-webapp.rules)
 * 1:61839 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Horabot data exfiltration attempt (malware-cnc.rules)
 * 1:61842 <-> DISABLED <-> MALWARE-CNC Ps1.Trojan.Horabot malicious file download attempt (malware-cnc.rules)
 * 1:61843 <-> DISABLED <-> MALWARE-OTHER Html.Downloader.Horabot trojan phishing attempt (malware-other.rules)
 * 1:61844 <-> DISABLED <-> MALWARE-OTHER Html.Downloader.Horabot trojan phishing attempt (malware-other.rules)

Modified Rules:



2023-05-31 01:57:04 UTC

Snort Subscriber Rules Update

Date: 2023-05-30

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2091600.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:61845 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Horabot malicious file download attempt (malware-cnc.rules)
 * 1:61806 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61858 <-> DISABLED <-> MALWARE-OTHER Ps1.Downloader.Horabot malicious file download attempt (malware-other.rules)
 * 1:61847 <-> DISABLED <-> MALWARE-CNC Ps1.Trojan.Horabot malicious file download attempt (malware-cnc.rules)
 * 1:61846 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Horabot malicious file download attempt (malware-cnc.rules)
 * 1:61857 <-> DISABLED <-> MALWARE-OTHER Ps1.Downloader.Horabot malicious file download attempt (malware-other.rules)
 * 1:61842 <-> DISABLED <-> MALWARE-CNC Ps1.Trojan.Horabot malicious file download attempt (malware-cnc.rules)
 * 1:61843 <-> DISABLED <-> MALWARE-OTHER Html.Downloader.Horabot trojan phishing attempt (malware-other.rules)
 * 1:61844 <-> DISABLED <-> MALWARE-OTHER Html.Downloader.Horabot trojan phishing attempt (malware-other.rules)
 * 1:61856 <-> DISABLED <-> MALWARE-CNC Ps1.Trojan.Horabot malicious file download attempt (malware-cnc.rules)
 * 1:61804 <-> DISABLED <-> BROWSER-CHROME Google Chrome PerformLayout use after free attempt (browser-chrome.rules)
 * 1:61808 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61810 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61849 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Horabot malicious file download attempt (malware-cnc.rules)
 * 1:61812 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61848 <-> DISABLED <-> MALWARE-CNC Ps1.Trojan.Horabot malicious file download attempt (malware-cnc.rules)
 * 1:61805 <-> DISABLED <-> BROWSER-CHROME Google Chrome PerformLayout use after free attempt (browser-chrome.rules)
 * 1:61851 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Horabot malicious file download attempt (malware-cnc.rules)
 * 1:61814 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61850 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Horabot malicious file download attempt (malware-cnc.rules)
 * 1:61807 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61852 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Horabot malicious file download attempt (malware-cnc.rules)
 * 1:61816 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61809 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61818 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61811 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61820 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61813 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61822 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61815 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61824 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61817 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61826 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61819 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61828 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61821 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61830 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61823 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61832 <-> DISABLED <-> SERVER-WEBAPP Bitrix CMS HTML Editor Module arbitrary code injection attempt (server-webapp.rules)
 * 1:61825 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61834 <-> DISABLED <-> SERVER-WEBAPP Bitrix CMS Vote Module PHP file injection attempt (server-webapp.rules)
 * 1:61827 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61836 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DHCP service remove code execution attempt (os-windows.rules)
 * 1:61829 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61838 <-> DISABLED <-> SERVER-WEBAPP Ruckus Wireless Admin command injection attempt (server-webapp.rules)
 * 1:61831 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61840 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Horabot phishing attempt (malware-other.rules)
 * 1:61833 <-> DISABLED <-> SERVER-WEBAPP Bitrix CMS Vote Module arbitrary code injection attempt (server-webapp.rules)
 * 1:61835 <-> DISABLED <-> SERVER-WEBAPP Bitrix CMS HTML Editor Module PHP file injection attempt (server-webapp.rules)
 * 1:61837 <-> DISABLED <-> SERVER-WEBAPP Ruckus Wireless Admin command injection attempt (server-webapp.rules)
 * 1:61839 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Horabot data exfiltration attempt (malware-cnc.rules)
 * 1:61841 <-> DISABLED <-> MALWARE-CNC Ps1.Trojan.Horabot malicious file download attempt (malware-cnc.rules)
 * 1:61855 <-> DISABLED <-> MALWARE-CNC Ps1.Trojan.Horabot malicious file download attempt (malware-cnc.rules)
 * 1:61854 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Horabot malicious file download attempt (malware-cnc.rules)
 * 1:61853 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Horabot malicious file download attempt (malware-cnc.rules)

Modified Rules:



2023-05-31 01:57:04 UTC

Snort Subscriber Rules Update

Date: 2023-05-30

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2091501.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:61835 <-> DISABLED <-> SERVER-WEBAPP Bitrix CMS HTML Editor Module PHP file injection attempt (server-webapp.rules)
 * 1:61817 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61820 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61823 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61829 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61822 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61825 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61833 <-> DISABLED <-> SERVER-WEBAPP Bitrix CMS Vote Module arbitrary code injection attempt (server-webapp.rules)
 * 1:61824 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61831 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61826 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61809 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61807 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61813 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61811 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61848 <-> DISABLED <-> MALWARE-CNC Ps1.Trojan.Horabot malicious file download attempt (malware-cnc.rules)
 * 1:61827 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61806 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61837 <-> DISABLED <-> SERVER-WEBAPP Ruckus Wireless Admin command injection attempt (server-webapp.rules)
 * 1:61828 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61839 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Horabot data exfiltration attempt (malware-cnc.rules)
 * 1:61830 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61841 <-> DISABLED <-> MALWARE-CNC Ps1.Trojan.Horabot malicious file download attempt (malware-cnc.rules)
 * 1:61832 <-> DISABLED <-> SERVER-WEBAPP Bitrix CMS HTML Editor Module arbitrary code injection attempt (server-webapp.rules)
 * 1:61834 <-> DISABLED <-> SERVER-WEBAPP Bitrix CMS Vote Module PHP file injection attempt (server-webapp.rules)
 * 1:61845 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Horabot malicious file download attempt (malware-cnc.rules)
 * 1:61815 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61847 <-> DISABLED <-> MALWARE-CNC Ps1.Trojan.Horabot malicious file download attempt (malware-cnc.rules)
 * 1:61851 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Horabot malicious file download attempt (malware-cnc.rules)
 * 1:61850 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Horabot malicious file download attempt (malware-cnc.rules)
 * 1:61846 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Horabot malicious file download attempt (malware-cnc.rules)
 * 1:61808 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61854 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Horabot malicious file download attempt (malware-cnc.rules)
 * 1:61852 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Horabot malicious file download attempt (malware-cnc.rules)
 * 1:61856 <-> DISABLED <-> MALWARE-CNC Ps1.Trojan.Horabot malicious file download attempt (malware-cnc.rules)
 * 1:61857 <-> DISABLED <-> MALWARE-OTHER Ps1.Downloader.Horabot malicious file download attempt (malware-other.rules)
 * 1:61858 <-> DISABLED <-> MALWARE-OTHER Ps1.Downloader.Horabot malicious file download attempt (malware-other.rules)
 * 1:61821 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61805 <-> DISABLED <-> BROWSER-CHROME Google Chrome PerformLayout use after free attempt (browser-chrome.rules)
 * 1:61812 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61816 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61853 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Horabot malicious file download attempt (malware-cnc.rules)
 * 1:61818 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61855 <-> DISABLED <-> MALWARE-CNC Ps1.Trojan.Horabot malicious file download attempt (malware-cnc.rules)
 * 1:61819 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61814 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61843 <-> DISABLED <-> MALWARE-OTHER Html.Downloader.Horabot trojan phishing attempt (malware-other.rules)
 * 1:61804 <-> DISABLED <-> BROWSER-CHROME Google Chrome PerformLayout use after free attempt (browser-chrome.rules)
 * 1:61836 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DHCP service remove code execution attempt (os-windows.rules)
 * 1:61838 <-> DISABLED <-> SERVER-WEBAPP Ruckus Wireless Admin command injection attempt (server-webapp.rules)
 * 1:61810 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61842 <-> DISABLED <-> MALWARE-CNC Ps1.Trojan.Horabot malicious file download attempt (malware-cnc.rules)
 * 1:61844 <-> DISABLED <-> MALWARE-OTHER Html.Downloader.Horabot trojan phishing attempt (malware-other.rules)
 * 1:61840 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Horabot phishing attempt (malware-other.rules)
 * 1:61849 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Horabot malicious file download attempt (malware-cnc.rules)

Modified Rules:



2023-05-31 01:57:04 UTC

Snort Subscriber Rules Update

Date: 2023-05-30

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2091401.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:61826 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61804 <-> DISABLED <-> BROWSER-CHROME Google Chrome PerformLayout use after free attempt (browser-chrome.rules)
 * 1:61836 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DHCP service remove code execution attempt (os-windows.rules)
 * 1:61837 <-> DISABLED <-> SERVER-WEBAPP Ruckus Wireless Admin command injection attempt (server-webapp.rules)
 * 1:61841 <-> DISABLED <-> MALWARE-CNC Ps1.Trojan.Horabot malicious file download attempt (malware-cnc.rules)
 * 1:61842 <-> DISABLED <-> MALWARE-CNC Ps1.Trojan.Horabot malicious file download attempt (malware-cnc.rules)
 * 1:61816 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61844 <-> DISABLED <-> MALWARE-OTHER Html.Downloader.Horabot trojan phishing attempt (malware-other.rules)
 * 1:61858 <-> DISABLED <-> MALWARE-OTHER Ps1.Downloader.Horabot malicious file download attempt (malware-other.rules)
 * 1:61814 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61829 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61840 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Horabot phishing attempt (malware-other.rules)
 * 1:61820 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61817 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61831 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61822 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61823 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61824 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61835 <-> DISABLED <-> SERVER-WEBAPP Bitrix CMS HTML Editor Module PHP file injection attempt (server-webapp.rules)
 * 1:61811 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61807 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61832 <-> DISABLED <-> SERVER-WEBAPP Bitrix CMS HTML Editor Module arbitrary code injection attempt (server-webapp.rules)
 * 1:61825 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61809 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61812 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61828 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61830 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61851 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Horabot malicious file download attempt (malware-cnc.rules)
 * 1:61852 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Horabot malicious file download attempt (malware-cnc.rules)
 * 1:61849 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Horabot malicious file download attempt (malware-cnc.rules)
 * 1:61848 <-> DISABLED <-> MALWARE-CNC Ps1.Trojan.Horabot malicious file download attempt (malware-cnc.rules)
 * 1:61850 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Horabot malicious file download attempt (malware-cnc.rules)
 * 1:61843 <-> DISABLED <-> MALWARE-OTHER Html.Downloader.Horabot trojan phishing attempt (malware-other.rules)
 * 1:61853 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Horabot malicious file download attempt (malware-cnc.rules)
 * 1:61855 <-> DISABLED <-> MALWARE-CNC Ps1.Trojan.Horabot malicious file download attempt (malware-cnc.rules)
 * 1:61856 <-> DISABLED <-> MALWARE-CNC Ps1.Trojan.Horabot malicious file download attempt (malware-cnc.rules)
 * 1:61854 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Horabot malicious file download attempt (malware-cnc.rules)
 * 1:61846 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Horabot malicious file download attempt (malware-cnc.rules)
 * 1:61839 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Horabot data exfiltration attempt (malware-cnc.rules)
 * 1:61806 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61810 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61834 <-> DISABLED <-> SERVER-WEBAPP Bitrix CMS Vote Module PHP file injection attempt (server-webapp.rules)
 * 1:61808 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61857 <-> DISABLED <-> MALWARE-OTHER Ps1.Downloader.Horabot malicious file download attempt (malware-other.rules)
 * 1:61815 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61847 <-> DISABLED <-> MALWARE-CNC Ps1.Trojan.Horabot malicious file download attempt (malware-cnc.rules)
 * 1:61845 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Horabot malicious file download attempt (malware-cnc.rules)
 * 1:61819 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61827 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61833 <-> DISABLED <-> SERVER-WEBAPP Bitrix CMS Vote Module arbitrary code injection attempt (server-webapp.rules)
 * 1:61838 <-> DISABLED <-> SERVER-WEBAPP Ruckus Wireless Admin command injection attempt (server-webapp.rules)
 * 1:61818 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61805 <-> DISABLED <-> BROWSER-CHROME Google Chrome PerformLayout use after free attempt (browser-chrome.rules)
 * 1:61813 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61821 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)

Modified Rules:



2023-05-31 01:57:04 UTC

Snort Subscriber Rules Update

Date: 2023-05-30

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2091300.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:61847 <-> DISABLED <-> MALWARE-CNC Ps1.Trojan.Horabot malicious file download attempt (malware-cnc.rules)
 * 1:61850 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Horabot malicious file download attempt (malware-cnc.rules)
 * 1:61851 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Horabot malicious file download attempt (malware-cnc.rules)
 * 1:61855 <-> DISABLED <-> MALWARE-CNC Ps1.Trojan.Horabot malicious file download attempt (malware-cnc.rules)
 * 1:61858 <-> DISABLED <-> MALWARE-OTHER Ps1.Downloader.Horabot malicious file download attempt (malware-other.rules)
 * 1:61848 <-> DISABLED <-> MALWARE-CNC Ps1.Trojan.Horabot malicious file download attempt (malware-cnc.rules)
 * 1:61856 <-> DISABLED <-> MALWARE-CNC Ps1.Trojan.Horabot malicious file download attempt (malware-cnc.rules)
 * 1:61854 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Horabot malicious file download attempt (malware-cnc.rules)
 * 1:61804 <-> DISABLED <-> BROWSER-CHROME Google Chrome PerformLayout use after free attempt (browser-chrome.rules)
 * 1:61857 <-> DISABLED <-> MALWARE-OTHER Ps1.Downloader.Horabot malicious file download attempt (malware-other.rules)
 * 1:61805 <-> DISABLED <-> BROWSER-CHROME Google Chrome PerformLayout use after free attempt (browser-chrome.rules)
 * 1:61806 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61846 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Horabot malicious file download attempt (malware-cnc.rules)
 * 1:61807 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61808 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61809 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61849 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Horabot malicious file download attempt (malware-cnc.rules)
 * 1:61810 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61853 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Horabot malicious file download attempt (malware-cnc.rules)
 * 1:61811 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61812 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61813 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61814 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61815 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61816 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61817 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61818 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61819 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61820 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61821 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61822 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61823 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61824 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61825 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61826 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61827 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61828 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61829 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61830 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61831 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61832 <-> DISABLED <-> SERVER-WEBAPP Bitrix CMS HTML Editor Module arbitrary code injection attempt (server-webapp.rules)
 * 1:61833 <-> DISABLED <-> SERVER-WEBAPP Bitrix CMS Vote Module arbitrary code injection attempt (server-webapp.rules)
 * 1:61834 <-> DISABLED <-> SERVER-WEBAPP Bitrix CMS Vote Module PHP file injection attempt (server-webapp.rules)
 * 1:61835 <-> DISABLED <-> SERVER-WEBAPP Bitrix CMS HTML Editor Module PHP file injection attempt (server-webapp.rules)
 * 1:61836 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DHCP service remove code execution attempt (os-windows.rules)
 * 1:61837 <-> DISABLED <-> SERVER-WEBAPP Ruckus Wireless Admin command injection attempt (server-webapp.rules)
 * 1:61838 <-> DISABLED <-> SERVER-WEBAPP Ruckus Wireless Admin command injection attempt (server-webapp.rules)
 * 1:61839 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Horabot data exfiltration attempt (malware-cnc.rules)
 * 1:61852 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Horabot malicious file download attempt (malware-cnc.rules)
 * 1:61840 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Horabot phishing attempt (malware-other.rules)
 * 1:61841 <-> DISABLED <-> MALWARE-CNC Ps1.Trojan.Horabot malicious file download attempt (malware-cnc.rules)
 * 1:61842 <-> DISABLED <-> MALWARE-CNC Ps1.Trojan.Horabot malicious file download attempt (malware-cnc.rules)
 * 1:61843 <-> DISABLED <-> MALWARE-OTHER Html.Downloader.Horabot trojan phishing attempt (malware-other.rules)
 * 1:61844 <-> DISABLED <-> MALWARE-OTHER Html.Downloader.Horabot trojan phishing attempt (malware-other.rules)
 * 1:61845 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Horabot malicious file download attempt (malware-cnc.rules)

Modified Rules:



2023-05-31 01:57:04 UTC

Snort Subscriber Rules Update

Date: 2023-05-30

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2091101.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:61806 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61809 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61812 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61805 <-> DISABLED <-> BROWSER-CHROME Google Chrome PerformLayout use after free attempt (browser-chrome.rules)
 * 1:61814 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61816 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61811 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61818 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61807 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61820 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61813 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61822 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61823 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61836 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DHCP service remove code execution attempt (os-windows.rules)
 * 1:61824 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61826 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61817 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61828 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61819 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61830 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61821 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61831 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61835 <-> DISABLED <-> SERVER-WEBAPP Bitrix CMS HTML Editor Module PHP file injection attempt (server-webapp.rules)
 * 1:61808 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61825 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61832 <-> DISABLED <-> SERVER-WEBAPP Bitrix CMS HTML Editor Module arbitrary code injection attempt (server-webapp.rules)
 * 1:61829 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61846 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Horabot malicious file download attempt (malware-cnc.rules)
 * 1:61810 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61843 <-> DISABLED <-> MALWARE-OTHER Html.Downloader.Horabot trojan phishing attempt (malware-other.rules)
 * 1:61847 <-> DISABLED <-> MALWARE-CNC Ps1.Trojan.Horabot malicious file download attempt (malware-cnc.rules)
 * 1:61838 <-> DISABLED <-> SERVER-WEBAPP Ruckus Wireless Admin command injection attempt (server-webapp.rules)
 * 1:61827 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61834 <-> DISABLED <-> SERVER-WEBAPP Bitrix CMS Vote Module PHP file injection attempt (server-webapp.rules)
 * 1:61804 <-> DISABLED <-> BROWSER-CHROME Google Chrome PerformLayout use after free attempt (browser-chrome.rules)
 * 1:61839 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Horabot data exfiltration attempt (malware-cnc.rules)
 * 1:61845 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Horabot malicious file download attempt (malware-cnc.rules)
 * 1:61837 <-> DISABLED <-> SERVER-WEBAPP Ruckus Wireless Admin command injection attempt (server-webapp.rules)
 * 1:61844 <-> DISABLED <-> MALWARE-OTHER Html.Downloader.Horabot trojan phishing attempt (malware-other.rules)
 * 1:61842 <-> DISABLED <-> MALWARE-CNC Ps1.Trojan.Horabot malicious file download attempt (malware-cnc.rules)
 * 1:61833 <-> DISABLED <-> SERVER-WEBAPP Bitrix CMS Vote Module arbitrary code injection attempt (server-webapp.rules)
 * 1:61858 <-> DISABLED <-> MALWARE-OTHER Ps1.Downloader.Horabot malicious file download attempt (malware-other.rules)
 * 1:61848 <-> DISABLED <-> MALWARE-CNC Ps1.Trojan.Horabot malicious file download attempt (malware-cnc.rules)
 * 1:61852 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Horabot malicious file download attempt (malware-cnc.rules)
 * 1:61851 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Horabot malicious file download attempt (malware-cnc.rules)
 * 1:61855 <-> DISABLED <-> MALWARE-CNC Ps1.Trojan.Horabot malicious file download attempt (malware-cnc.rules)
 * 1:61853 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Horabot malicious file download attempt (malware-cnc.rules)
 * 1:61857 <-> DISABLED <-> MALWARE-OTHER Ps1.Downloader.Horabot malicious file download attempt (malware-other.rules)
 * 1:61856 <-> DISABLED <-> MALWARE-CNC Ps1.Trojan.Horabot malicious file download attempt (malware-cnc.rules)
 * 1:61854 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Horabot malicious file download attempt (malware-cnc.rules)
 * 1:61849 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Horabot malicious file download attempt (malware-cnc.rules)
 * 1:61850 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Horabot malicious file download attempt (malware-cnc.rules)
 * 1:61841 <-> DISABLED <-> MALWARE-CNC Ps1.Trojan.Horabot malicious file download attempt (malware-cnc.rules)
 * 1:61840 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Horabot phishing attempt (malware-other.rules)
 * 1:61815 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)

Modified Rules:



2023-05-31 01:57:04 UTC

Snort Subscriber Rules Update

Date: 2023-05-30

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3000.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:61836 <-> ENABLED <-> OS-WINDOWS Microsoft Windows DHCP service remove code execution attempt (snort3-os-windows.rules)

Modified Rules:



2023-05-31 01:57:04 UTC

Snort Subscriber Rules Update

Date: 2023-05-30

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2983.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:61842 <-> DISABLED <-> MALWARE-CNC Ps1.Trojan.Horabot malicious file download attempt (malware-cnc.rules)
 * 1:61856 <-> DISABLED <-> MALWARE-CNC Ps1.Trojan.Horabot malicious file download attempt (malware-cnc.rules)
 * 1:61858 <-> DISABLED <-> MALWARE-OTHER Ps1.Downloader.Horabot malicious file download attempt (malware-other.rules)
 * 1:61848 <-> DISABLED <-> MALWARE-CNC Ps1.Trojan.Horabot malicious file download attempt (malware-cnc.rules)
 * 1:61855 <-> DISABLED <-> MALWARE-CNC Ps1.Trojan.Horabot malicious file download attempt (malware-cnc.rules)
 * 1:61851 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Horabot malicious file download attempt (malware-cnc.rules)
 * 1:61844 <-> DISABLED <-> MALWARE-OTHER Html.Downloader.Horabot trojan phishing attempt (malware-other.rules)
 * 1:61835 <-> DISABLED <-> SERVER-WEBAPP Bitrix CMS HTML Editor Module PHP file injection attempt (server-webapp.rules)
 * 1:61831 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61845 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Horabot malicious file download attempt (malware-cnc.rules)
 * 1:61804 <-> DISABLED <-> BROWSER-CHROME Google Chrome PerformLayout use after free attempt (browser-chrome.rules)
 * 1:61806 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61847 <-> DISABLED <-> MALWARE-CNC Ps1.Trojan.Horabot malicious file download attempt (malware-cnc.rules)
 * 1:61850 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Horabot malicious file download attempt (malware-cnc.rules)
 * 1:61843 <-> DISABLED <-> MALWARE-OTHER Html.Downloader.Horabot trojan phishing attempt (malware-other.rules)
 * 1:61833 <-> DISABLED <-> SERVER-WEBAPP Bitrix CMS Vote Module arbitrary code injection attempt (server-webapp.rules)
 * 1:61837 <-> DISABLED <-> SERVER-WEBAPP Ruckus Wireless Admin command injection attempt (server-webapp.rules)
 * 1:61839 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Horabot data exfiltration attempt (malware-cnc.rules)
 * 1:61841 <-> DISABLED <-> MALWARE-CNC Ps1.Trojan.Horabot malicious file download attempt (malware-cnc.rules)
 * 1:61849 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Horabot malicious file download attempt (malware-cnc.rules)
 * 1:61857 <-> DISABLED <-> MALWARE-OTHER Ps1.Downloader.Horabot malicious file download attempt (malware-other.rules)
 * 1:61853 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Horabot malicious file download attempt (malware-cnc.rules)
 * 1:61846 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Horabot malicious file download attempt (malware-cnc.rules)
 * 1:61854 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Horabot malicious file download attempt (malware-cnc.rules)
 * 1:61840 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Horabot phishing attempt (malware-other.rules)
 * 1:61805 <-> DISABLED <-> BROWSER-CHROME Google Chrome PerformLayout use after free attempt (browser-chrome.rules)
 * 1:61808 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61812 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61807 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61810 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61809 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61816 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61811 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61813 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61814 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61820 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61815 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61818 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61817 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61824 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61819 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61822 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61821 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61823 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61828 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61825 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61827 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61826 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61829 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61832 <-> DISABLED <-> SERVER-WEBAPP Bitrix CMS HTML Editor Module arbitrary code injection attempt (server-webapp.rules)
 * 1:61852 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Horabot malicious file download attempt (malware-cnc.rules)
 * 1:61830 <-> DISABLED <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download (malware-other.rules)
 * 1:61836 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DHCP service remove code execution attempt (os-windows.rules)
 * 1:61834 <-> DISABLED <-> SERVER-WEBAPP Bitrix CMS Vote Module PHP file injection attempt (server-webapp.rules)
 * 1:61838 <-> DISABLED <-> SERVER-WEBAPP Ruckus Wireless Admin command injection attempt (server-webapp.rules)

Modified Rules:



2023-05-31 01:59:53 UTC

Snort Subscriber Rules Update

Date: 2023-05-31-002

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.0.3.1.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:300555 <-> BROWSER-CHROME Google Chrome PerformLayout use after free attempt
* 1:300556 <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download
* 1:300557 <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download
* 1:300558 <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download
* 1:300559 <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download
* 1:300560 <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download
* 1:300561 <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download
* 1:300562 <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download
* 1:300563 <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download
* 1:300564 <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download
* 1:300565 <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download
* 1:300566 <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download
* 1:300567 <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download
* 1:300568 <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download
* 1:300569 <-> MALWARE-CNC Ps1.Trojan.Horabot malicious file download attempt
* 1:300570 <-> MALWARE-OTHER Html.Downloader.Horabot trojan phishing attempt
* 1:300571 <-> MALWARE-CNC Win.Trojan.Horabot malicious file download attempt
* 1:300572 <-> MALWARE-CNC Ps1.Trojan.Horabot malicious file download attempt
* 1:300573 <-> MALWARE-CNC Win.Downloader.Horabot malicious file download attempt
* 1:300574 <-> MALWARE-CNC Win.Downloader.Horabot malicious file download attempt
* 1:300575 <-> MALWARE-CNC Win.Downloader.Horabot malicious file download attempt
* 1:300576 <-> MALWARE-CNC Ps1.Trojan.Horabot malicious file download attempt
* 1:300577 <-> MALWARE-OTHER Ps1.Downloader.Horabot malicious file download attempt
* 1:61832 <-> SERVER-WEBAPP Bitrix CMS HTML Editor Module arbitrary code injection attempt
* 1:61833 <-> SERVER-WEBAPP Bitrix CMS Vote Module arbitrary code injection attempt
* 1:61834 <-> SERVER-WEBAPP Bitrix CMS Vote Module PHP file injection attempt
* 1:61835 <-> SERVER-WEBAPP Bitrix CMS HTML Editor Module PHP file injection attempt
* 1:61836 <-> OS-WINDOWS Microsoft Windows DHCP service remove code execution attempt
* 1:61837 <-> SERVER-WEBAPP Ruckus Wireless Admin command injection attempt
* 1:61838 <-> SERVER-WEBAPP Ruckus Wireless Admin command injection attempt
* 1:61839 <-> MALWARE-CNC Win.Trojan.Horabot data exfiltration attempt
* 1:61840 <-> MALWARE-OTHER Win.Trojan.Horabot phishing attempt

Modified Rules:



2023-05-31 01:59:53 UTC

Snort Subscriber Rules Update

Date: 2023-05-31-002

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.0.3.4.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:300555 <-> BROWSER-CHROME Google Chrome PerformLayout use after free attempt
* 1:300556 <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download
* 1:300557 <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download
* 1:300558 <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download
* 1:300559 <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download
* 1:300560 <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download
* 1:300561 <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download
* 1:300562 <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download
* 1:300563 <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download
* 1:300564 <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download
* 1:300565 <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download
* 1:300566 <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download
* 1:300567 <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download
* 1:300568 <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download
* 1:300569 <-> MALWARE-CNC Ps1.Trojan.Horabot malicious file download attempt
* 1:300570 <-> MALWARE-OTHER Html.Downloader.Horabot trojan phishing attempt
* 1:300571 <-> MALWARE-CNC Win.Trojan.Horabot malicious file download attempt
* 1:300572 <-> MALWARE-CNC Ps1.Trojan.Horabot malicious file download attempt
* 1:300573 <-> MALWARE-CNC Win.Downloader.Horabot malicious file download attempt
* 1:300574 <-> MALWARE-CNC Win.Downloader.Horabot malicious file download attempt
* 1:300575 <-> MALWARE-CNC Win.Downloader.Horabot malicious file download attempt
* 1:300576 <-> MALWARE-CNC Ps1.Trojan.Horabot malicious file download attempt
* 1:300577 <-> MALWARE-OTHER Ps1.Downloader.Horabot malicious file download attempt
* 1:61832 <-> SERVER-WEBAPP Bitrix CMS HTML Editor Module arbitrary code injection attempt
* 1:61833 <-> SERVER-WEBAPP Bitrix CMS Vote Module arbitrary code injection attempt
* 1:61834 <-> SERVER-WEBAPP Bitrix CMS Vote Module PHP file injection attempt
* 1:61835 <-> SERVER-WEBAPP Bitrix CMS HTML Editor Module PHP file injection attempt
* 1:61836 <-> OS-WINDOWS Microsoft Windows DHCP service remove code execution attempt
* 1:61837 <-> SERVER-WEBAPP Ruckus Wireless Admin command injection attempt
* 1:61838 <-> SERVER-WEBAPP Ruckus Wireless Admin command injection attempt
* 1:61839 <-> MALWARE-CNC Win.Trojan.Horabot data exfiltration attempt
* 1:61840 <-> MALWARE-OTHER Win.Trojan.Horabot phishing attempt

Modified Rules:



2023-05-31 01:59:53 UTC

Snort Subscriber Rules Update

Date: 2023-05-31-002

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.0.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:300555 <-> BROWSER-CHROME Google Chrome PerformLayout use after free attempt
* 1:300556 <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download
* 1:300557 <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download
* 1:300558 <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download
* 1:300559 <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download
* 1:300560 <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download
* 1:300561 <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download
* 1:300562 <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download
* 1:300563 <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download
* 1:300564 <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download
* 1:300565 <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download
* 1:300566 <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download
* 1:300567 <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download
* 1:300568 <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download
* 1:300569 <-> MALWARE-CNC Ps1.Trojan.Horabot malicious file download attempt
* 1:300570 <-> MALWARE-OTHER Html.Downloader.Horabot trojan phishing attempt
* 1:300571 <-> MALWARE-CNC Win.Trojan.Horabot malicious file download attempt
* 1:300572 <-> MALWARE-CNC Ps1.Trojan.Horabot malicious file download attempt
* 1:300573 <-> MALWARE-CNC Win.Downloader.Horabot malicious file download attempt
* 1:300574 <-> MALWARE-CNC Win.Downloader.Horabot malicious file download attempt
* 1:300575 <-> MALWARE-CNC Win.Downloader.Horabot malicious file download attempt
* 1:300576 <-> MALWARE-CNC Ps1.Trojan.Horabot malicious file download attempt
* 1:300577 <-> MALWARE-OTHER Ps1.Downloader.Horabot malicious file download attempt
* 1:61832 <-> SERVER-WEBAPP Bitrix CMS HTML Editor Module arbitrary code injection attempt
* 1:61833 <-> SERVER-WEBAPP Bitrix CMS Vote Module arbitrary code injection attempt
* 1:61834 <-> SERVER-WEBAPP Bitrix CMS Vote Module PHP file injection attempt
* 1:61835 <-> SERVER-WEBAPP Bitrix CMS HTML Editor Module PHP file injection attempt
* 1:61836 <-> OS-WINDOWS Microsoft Windows DHCP service remove code execution attempt
* 1:61837 <-> SERVER-WEBAPP Ruckus Wireless Admin command injection attempt
* 1:61838 <-> SERVER-WEBAPP Ruckus Wireless Admin command injection attempt
* 1:61839 <-> MALWARE-CNC Win.Trojan.Horabot data exfiltration attempt
* 1:61840 <-> MALWARE-OTHER Win.Trojan.Horabot phishing attempt

Modified Rules:



2023-05-31 01:59:53 UTC

Snort Subscriber Rules Update

Date: 2023-05-31-002

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.0.1.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:300555 <-> BROWSER-CHROME Google Chrome PerformLayout use after free attempt
* 1:300556 <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download
* 1:300557 <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download
* 1:300558 <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download
* 1:300559 <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download
* 1:300560 <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download
* 1:300561 <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download
* 1:300562 <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download
* 1:300563 <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download
* 1:300564 <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download
* 1:300565 <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download
* 1:300566 <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download
* 1:300567 <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download
* 1:300568 <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download
* 1:300569 <-> MALWARE-CNC Ps1.Trojan.Horabot malicious file download attempt
* 1:300570 <-> MALWARE-OTHER Html.Downloader.Horabot trojan phishing attempt
* 1:300571 <-> MALWARE-CNC Win.Trojan.Horabot malicious file download attempt
* 1:300572 <-> MALWARE-CNC Ps1.Trojan.Horabot malicious file download attempt
* 1:300573 <-> MALWARE-CNC Win.Downloader.Horabot malicious file download attempt
* 1:300574 <-> MALWARE-CNC Win.Downloader.Horabot malicious file download attempt
* 1:300575 <-> MALWARE-CNC Win.Downloader.Horabot malicious file download attempt
* 1:300576 <-> MALWARE-CNC Ps1.Trojan.Horabot malicious file download attempt
* 1:300577 <-> MALWARE-OTHER Ps1.Downloader.Horabot malicious file download attempt
* 1:61832 <-> SERVER-WEBAPP Bitrix CMS HTML Editor Module arbitrary code injection attempt
* 1:61833 <-> SERVER-WEBAPP Bitrix CMS Vote Module arbitrary code injection attempt
* 1:61834 <-> SERVER-WEBAPP Bitrix CMS Vote Module PHP file injection attempt
* 1:61835 <-> SERVER-WEBAPP Bitrix CMS HTML Editor Module PHP file injection attempt
* 1:61836 <-> OS-WINDOWS Microsoft Windows DHCP service remove code execution attempt
* 1:61837 <-> SERVER-WEBAPP Ruckus Wireless Admin command injection attempt
* 1:61838 <-> SERVER-WEBAPP Ruckus Wireless Admin command injection attempt
* 1:61839 <-> MALWARE-CNC Win.Trojan.Horabot data exfiltration attempt
* 1:61840 <-> MALWARE-OTHER Win.Trojan.Horabot phishing attempt

Modified Rules:



2023-05-31 01:59:53 UTC

Snort Subscriber Rules Update

Date: 2023-05-31-002

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.1.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:300555 <-> BROWSER-CHROME Google Chrome PerformLayout use after free attempt
* 1:300556 <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download
* 1:300557 <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download
* 1:300558 <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download
* 1:300559 <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download
* 1:300560 <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download
* 1:300561 <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download
* 1:300562 <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download
* 1:300563 <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download
* 1:300564 <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download
* 1:300565 <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download
* 1:300566 <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download
* 1:300567 <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download
* 1:300568 <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download
* 1:300569 <-> MALWARE-CNC Ps1.Trojan.Horabot malicious file download attempt
* 1:300570 <-> MALWARE-OTHER Html.Downloader.Horabot trojan phishing attempt
* 1:300571 <-> MALWARE-CNC Win.Trojan.Horabot malicious file download attempt
* 1:300572 <-> MALWARE-CNC Ps1.Trojan.Horabot malicious file download attempt
* 1:300573 <-> MALWARE-CNC Win.Downloader.Horabot malicious file download attempt
* 1:300574 <-> MALWARE-CNC Win.Downloader.Horabot malicious file download attempt
* 1:300575 <-> MALWARE-CNC Win.Downloader.Horabot malicious file download attempt
* 1:300576 <-> MALWARE-CNC Ps1.Trojan.Horabot malicious file download attempt
* 1:300577 <-> MALWARE-OTHER Ps1.Downloader.Horabot malicious file download attempt
* 1:61832 <-> SERVER-WEBAPP Bitrix CMS HTML Editor Module arbitrary code injection attempt
* 1:61833 <-> SERVER-WEBAPP Bitrix CMS Vote Module arbitrary code injection attempt
* 1:61834 <-> SERVER-WEBAPP Bitrix CMS Vote Module PHP file injection attempt
* 1:61835 <-> SERVER-WEBAPP Bitrix CMS HTML Editor Module PHP file injection attempt
* 1:61836 <-> OS-WINDOWS Microsoft Windows DHCP service remove code execution attempt
* 1:61837 <-> SERVER-WEBAPP Ruckus Wireless Admin command injection attempt
* 1:61838 <-> SERVER-WEBAPP Ruckus Wireless Admin command injection attempt
* 1:61839 <-> MALWARE-CNC Win.Trojan.Horabot data exfiltration attempt
* 1:61840 <-> MALWARE-OTHER Win.Trojan.Horabot phishing attempt

Modified Rules:



2023-05-31 01:59:54 UTC

Snort Subscriber Rules Update

Date: 2023-05-31-002

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.3.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:300555 <-> BROWSER-CHROME Google Chrome PerformLayout use after free attempt
* 1:300556 <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download
* 1:300557 <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download
* 1:300558 <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download
* 1:300559 <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download
* 1:300560 <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download
* 1:300561 <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download
* 1:300562 <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download
* 1:300563 <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download
* 1:300564 <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download
* 1:300565 <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download
* 1:300566 <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download
* 1:300567 <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download
* 1:300568 <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download
* 1:300569 <-> MALWARE-CNC Ps1.Trojan.Horabot malicious file download attempt
* 1:300570 <-> MALWARE-OTHER Html.Downloader.Horabot trojan phishing attempt
* 1:300571 <-> MALWARE-CNC Win.Trojan.Horabot malicious file download attempt
* 1:300572 <-> MALWARE-CNC Ps1.Trojan.Horabot malicious file download attempt
* 1:300573 <-> MALWARE-CNC Win.Downloader.Horabot malicious file download attempt
* 1:300574 <-> MALWARE-CNC Win.Downloader.Horabot malicious file download attempt
* 1:300575 <-> MALWARE-CNC Win.Downloader.Horabot malicious file download attempt
* 1:300576 <-> MALWARE-CNC Ps1.Trojan.Horabot malicious file download attempt
* 1:300577 <-> MALWARE-OTHER Ps1.Downloader.Horabot malicious file download attempt
* 1:61832 <-> SERVER-WEBAPP Bitrix CMS HTML Editor Module arbitrary code injection attempt
* 1:61833 <-> SERVER-WEBAPP Bitrix CMS Vote Module arbitrary code injection attempt
* 1:61834 <-> SERVER-WEBAPP Bitrix CMS Vote Module PHP file injection attempt
* 1:61835 <-> SERVER-WEBAPP Bitrix CMS HTML Editor Module PHP file injection attempt
* 1:61836 <-> OS-WINDOWS Microsoft Windows DHCP service remove code execution attempt
* 1:61837 <-> SERVER-WEBAPP Ruckus Wireless Admin command injection attempt
* 1:61838 <-> SERVER-WEBAPP Ruckus Wireless Admin command injection attempt
* 1:61839 <-> MALWARE-CNC Win.Trojan.Horabot data exfiltration attempt
* 1:61840 <-> MALWARE-OTHER Win.Trojan.Horabot phishing attempt

Modified Rules:



2023-05-31 01:59:54 UTC

Snort Subscriber Rules Update

Date: 2023-05-31-002

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.4.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:300555 <-> BROWSER-CHROME Google Chrome PerformLayout use after free attempt
* 1:300556 <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download
* 1:300557 <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download
* 1:300558 <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download
* 1:300559 <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download
* 1:300560 <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download
* 1:300561 <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download
* 1:300562 <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download
* 1:300563 <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download
* 1:300564 <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download
* 1:300565 <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download
* 1:300566 <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download
* 1:300567 <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download
* 1:300568 <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download
* 1:300569 <-> MALWARE-CNC Ps1.Trojan.Horabot malicious file download attempt
* 1:300570 <-> MALWARE-OTHER Html.Downloader.Horabot trojan phishing attempt
* 1:300571 <-> MALWARE-CNC Win.Trojan.Horabot malicious file download attempt
* 1:300572 <-> MALWARE-CNC Ps1.Trojan.Horabot malicious file download attempt
* 1:300573 <-> MALWARE-CNC Win.Downloader.Horabot malicious file download attempt
* 1:300574 <-> MALWARE-CNC Win.Downloader.Horabot malicious file download attempt
* 1:300575 <-> MALWARE-CNC Win.Downloader.Horabot malicious file download attempt
* 1:300576 <-> MALWARE-CNC Ps1.Trojan.Horabot malicious file download attempt
* 1:300577 <-> MALWARE-OTHER Ps1.Downloader.Horabot malicious file download attempt
* 1:61832 <-> SERVER-WEBAPP Bitrix CMS HTML Editor Module arbitrary code injection attempt
* 1:61833 <-> SERVER-WEBAPP Bitrix CMS Vote Module arbitrary code injection attempt
* 1:61834 <-> SERVER-WEBAPP Bitrix CMS Vote Module PHP file injection attempt
* 1:61835 <-> SERVER-WEBAPP Bitrix CMS HTML Editor Module PHP file injection attempt
* 1:61836 <-> OS-WINDOWS Microsoft Windows DHCP service remove code execution attempt
* 1:61837 <-> SERVER-WEBAPP Ruckus Wireless Admin command injection attempt
* 1:61838 <-> SERVER-WEBAPP Ruckus Wireless Admin command injection attempt
* 1:61839 <-> MALWARE-CNC Win.Trojan.Horabot data exfiltration attempt
* 1:61840 <-> MALWARE-OTHER Win.Trojan.Horabot phishing attempt

Modified Rules:



2023-05-31 01:59:54 UTC

Snort Subscriber Rules Update

Date: 2023-05-31-002

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.5.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:300555 <-> BROWSER-CHROME Google Chrome PerformLayout use after free attempt
* 1:300556 <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download
* 1:300557 <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download
* 1:300558 <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download
* 1:300559 <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download
* 1:300560 <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download
* 1:300561 <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download
* 1:300562 <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download
* 1:300563 <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download
* 1:300564 <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download
* 1:300565 <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download
* 1:300566 <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download
* 1:300567 <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download
* 1:300568 <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download
* 1:300569 <-> MALWARE-CNC Ps1.Trojan.Horabot malicious file download attempt
* 1:300570 <-> MALWARE-OTHER Html.Downloader.Horabot trojan phishing attempt
* 1:300571 <-> MALWARE-CNC Win.Trojan.Horabot malicious file download attempt
* 1:300572 <-> MALWARE-CNC Ps1.Trojan.Horabot malicious file download attempt
* 1:300573 <-> MALWARE-CNC Win.Downloader.Horabot malicious file download attempt
* 1:300574 <-> MALWARE-CNC Win.Downloader.Horabot malicious file download attempt
* 1:300575 <-> MALWARE-CNC Win.Downloader.Horabot malicious file download attempt
* 1:300576 <-> MALWARE-CNC Ps1.Trojan.Horabot malicious file download attempt
* 1:300577 <-> MALWARE-OTHER Ps1.Downloader.Horabot malicious file download attempt
* 1:61832 <-> SERVER-WEBAPP Bitrix CMS HTML Editor Module arbitrary code injection attempt
* 1:61833 <-> SERVER-WEBAPP Bitrix CMS Vote Module arbitrary code injection attempt
* 1:61834 <-> SERVER-WEBAPP Bitrix CMS Vote Module PHP file injection attempt
* 1:61835 <-> SERVER-WEBAPP Bitrix CMS HTML Editor Module PHP file injection attempt
* 1:61836 <-> OS-WINDOWS Microsoft Windows DHCP service remove code execution attempt
* 1:61837 <-> SERVER-WEBAPP Ruckus Wireless Admin command injection attempt
* 1:61838 <-> SERVER-WEBAPP Ruckus Wireless Admin command injection attempt
* 1:61839 <-> MALWARE-CNC Win.Trojan.Horabot data exfiltration attempt
* 1:61840 <-> MALWARE-OTHER Win.Trojan.Horabot phishing attempt

Modified Rules:



2023-05-31 01:59:54 UTC

Snort Subscriber Rules Update

Date: 2023-05-31-002

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.7.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:300555 <-> BROWSER-CHROME Google Chrome PerformLayout use after free attempt
* 1:300556 <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download
* 1:300557 <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download
* 1:300558 <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download
* 1:300559 <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download
* 1:300560 <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download
* 1:300561 <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download
* 1:300562 <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download
* 1:300563 <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download
* 1:300564 <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download
* 1:300565 <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download
* 1:300566 <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download
* 1:300567 <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download
* 1:300568 <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download
* 1:300569 <-> MALWARE-CNC Ps1.Trojan.Horabot malicious file download attempt
* 1:300570 <-> MALWARE-OTHER Html.Downloader.Horabot trojan phishing attempt
* 1:300571 <-> MALWARE-CNC Win.Trojan.Horabot malicious file download attempt
* 1:300572 <-> MALWARE-CNC Ps1.Trojan.Horabot malicious file download attempt
* 1:300573 <-> MALWARE-CNC Win.Downloader.Horabot malicious file download attempt
* 1:300574 <-> MALWARE-CNC Win.Downloader.Horabot malicious file download attempt
* 1:300575 <-> MALWARE-CNC Win.Downloader.Horabot malicious file download attempt
* 1:300576 <-> MALWARE-CNC Ps1.Trojan.Horabot malicious file download attempt
* 1:300577 <-> MALWARE-OTHER Ps1.Downloader.Horabot malicious file download attempt
* 1:61832 <-> SERVER-WEBAPP Bitrix CMS HTML Editor Module arbitrary code injection attempt
* 1:61833 <-> SERVER-WEBAPP Bitrix CMS Vote Module arbitrary code injection attempt
* 1:61834 <-> SERVER-WEBAPP Bitrix CMS Vote Module PHP file injection attempt
* 1:61835 <-> SERVER-WEBAPP Bitrix CMS HTML Editor Module PHP file injection attempt
* 1:61836 <-> OS-WINDOWS Microsoft Windows DHCP service remove code execution attempt
* 1:61837 <-> SERVER-WEBAPP Ruckus Wireless Admin command injection attempt
* 1:61838 <-> SERVER-WEBAPP Ruckus Wireless Admin command injection attempt
* 1:61839 <-> MALWARE-CNC Win.Trojan.Horabot data exfiltration attempt
* 1:61840 <-> MALWARE-OTHER Win.Trojan.Horabot phishing attempt

Modified Rules:



2023-05-31 01:59:54 UTC

Snort Subscriber Rules Update

Date: 2023-05-31-002

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.9.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:300555 <-> BROWSER-CHROME Google Chrome PerformLayout use after free attempt
* 1:300556 <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download
* 1:300557 <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download
* 1:300558 <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download
* 1:300559 <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download
* 1:300560 <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download
* 1:300561 <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download
* 1:300562 <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download
* 1:300563 <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download
* 1:300564 <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download
* 1:300565 <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download
* 1:300566 <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download
* 1:300567 <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download
* 1:300568 <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download
* 1:300569 <-> MALWARE-CNC Ps1.Trojan.Horabot malicious file download attempt
* 1:300570 <-> MALWARE-OTHER Html.Downloader.Horabot trojan phishing attempt
* 1:300571 <-> MALWARE-CNC Win.Trojan.Horabot malicious file download attempt
* 1:300572 <-> MALWARE-CNC Ps1.Trojan.Horabot malicious file download attempt
* 1:300573 <-> MALWARE-CNC Win.Downloader.Horabot malicious file download attempt
* 1:300574 <-> MALWARE-CNC Win.Downloader.Horabot malicious file download attempt
* 1:300575 <-> MALWARE-CNC Win.Downloader.Horabot malicious file download attempt
* 1:300576 <-> MALWARE-CNC Ps1.Trojan.Horabot malicious file download attempt
* 1:300577 <-> MALWARE-OTHER Ps1.Downloader.Horabot malicious file download attempt
* 1:61832 <-> SERVER-WEBAPP Bitrix CMS HTML Editor Module arbitrary code injection attempt
* 1:61833 <-> SERVER-WEBAPP Bitrix CMS Vote Module arbitrary code injection attempt
* 1:61834 <-> SERVER-WEBAPP Bitrix CMS Vote Module PHP file injection attempt
* 1:61835 <-> SERVER-WEBAPP Bitrix CMS HTML Editor Module PHP file injection attempt
* 1:61836 <-> OS-WINDOWS Microsoft Windows DHCP service remove code execution attempt
* 1:61837 <-> SERVER-WEBAPP Ruckus Wireless Admin command injection attempt
* 1:61838 <-> SERVER-WEBAPP Ruckus Wireless Admin command injection attempt
* 1:61839 <-> MALWARE-CNC Win.Trojan.Horabot data exfiltration attempt
* 1:61840 <-> MALWARE-OTHER Win.Trojan.Horabot phishing attempt

Modified Rules:



2023-05-31 01:59:54 UTC

Snort Subscriber Rules Update

Date: 2023-05-31-002

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.11.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:300555 <-> BROWSER-CHROME Google Chrome PerformLayout use after free attempt
* 1:300556 <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download
* 1:300557 <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download
* 1:300558 <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download
* 1:300559 <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download
* 1:300560 <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download
* 1:300561 <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download
* 1:300562 <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download
* 1:300563 <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download
* 1:300564 <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download
* 1:300565 <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download
* 1:300566 <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download
* 1:300567 <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download
* 1:300568 <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download
* 1:300569 <-> MALWARE-CNC Ps1.Trojan.Horabot malicious file download attempt
* 1:300570 <-> MALWARE-OTHER Html.Downloader.Horabot trojan phishing attempt
* 1:300571 <-> MALWARE-CNC Win.Trojan.Horabot malicious file download attempt
* 1:300572 <-> MALWARE-CNC Ps1.Trojan.Horabot malicious file download attempt
* 1:300573 <-> MALWARE-CNC Win.Downloader.Horabot malicious file download attempt
* 1:300574 <-> MALWARE-CNC Win.Downloader.Horabot malicious file download attempt
* 1:300575 <-> MALWARE-CNC Win.Downloader.Horabot malicious file download attempt
* 1:300576 <-> MALWARE-CNC Ps1.Trojan.Horabot malicious file download attempt
* 1:300577 <-> MALWARE-OTHER Ps1.Downloader.Horabot malicious file download attempt
* 1:61832 <-> SERVER-WEBAPP Bitrix CMS HTML Editor Module arbitrary code injection attempt
* 1:61833 <-> SERVER-WEBAPP Bitrix CMS Vote Module arbitrary code injection attempt
* 1:61834 <-> SERVER-WEBAPP Bitrix CMS Vote Module PHP file injection attempt
* 1:61835 <-> SERVER-WEBAPP Bitrix CMS HTML Editor Module PHP file injection attempt
* 1:61836 <-> OS-WINDOWS Microsoft Windows DHCP service remove code execution attempt
* 1:61837 <-> SERVER-WEBAPP Ruckus Wireless Admin command injection attempt
* 1:61838 <-> SERVER-WEBAPP Ruckus Wireless Admin command injection attempt
* 1:61839 <-> MALWARE-CNC Win.Trojan.Horabot data exfiltration attempt
* 1:61840 <-> MALWARE-OTHER Win.Trojan.Horabot phishing attempt

Modified Rules:



2023-05-31 01:59:54 UTC

Snort Subscriber Rules Update

Date: 2023-05-31-002

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.15.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:300555 <-> BROWSER-CHROME Google Chrome PerformLayout use after free attempt
* 1:300556 <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download
* 1:300557 <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download
* 1:300558 <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download
* 1:300559 <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download
* 1:300560 <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download
* 1:300561 <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download
* 1:300562 <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download
* 1:300563 <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download
* 1:300564 <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download
* 1:300565 <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download
* 1:300566 <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download
* 1:300567 <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download
* 1:300568 <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download
* 1:300569 <-> MALWARE-CNC Ps1.Trojan.Horabot malicious file download attempt
* 1:300570 <-> MALWARE-OTHER Html.Downloader.Horabot trojan phishing attempt
* 1:300571 <-> MALWARE-CNC Win.Trojan.Horabot malicious file download attempt
* 1:300572 <-> MALWARE-CNC Ps1.Trojan.Horabot malicious file download attempt
* 1:300573 <-> MALWARE-CNC Win.Downloader.Horabot malicious file download attempt
* 1:300574 <-> MALWARE-CNC Win.Downloader.Horabot malicious file download attempt
* 1:300575 <-> MALWARE-CNC Win.Downloader.Horabot malicious file download attempt
* 1:300576 <-> MALWARE-CNC Ps1.Trojan.Horabot malicious file download attempt
* 1:300577 <-> MALWARE-OTHER Ps1.Downloader.Horabot malicious file download attempt
* 1:61832 <-> SERVER-WEBAPP Bitrix CMS HTML Editor Module arbitrary code injection attempt
* 1:61833 <-> SERVER-WEBAPP Bitrix CMS Vote Module arbitrary code injection attempt
* 1:61834 <-> SERVER-WEBAPP Bitrix CMS Vote Module PHP file injection attempt
* 1:61835 <-> SERVER-WEBAPP Bitrix CMS HTML Editor Module PHP file injection attempt
* 1:61836 <-> OS-WINDOWS Microsoft Windows DHCP service remove code execution attempt
* 1:61837 <-> SERVER-WEBAPP Ruckus Wireless Admin command injection attempt
* 1:61838 <-> SERVER-WEBAPP Ruckus Wireless Admin command injection attempt
* 1:61839 <-> MALWARE-CNC Win.Trojan.Horabot data exfiltration attempt
* 1:61840 <-> MALWARE-OTHER Win.Trojan.Horabot phishing attempt

Modified Rules:



2023-05-31 01:59:54 UTC

Snort Subscriber Rules Update

Date: 2023-05-31-002

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.18.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:300555 <-> BROWSER-CHROME Google Chrome PerformLayout use after free attempt
* 1:300556 <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download
* 1:300557 <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download
* 1:300558 <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download
* 1:300559 <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download
* 1:300560 <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download
* 1:300561 <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download
* 1:300562 <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download
* 1:300563 <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download
* 1:300564 <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download
* 1:300565 <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download
* 1:300566 <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download
* 1:300567 <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download
* 1:300568 <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download
* 1:300569 <-> MALWARE-CNC Ps1.Trojan.Horabot malicious file download attempt
* 1:300570 <-> MALWARE-OTHER Html.Downloader.Horabot trojan phishing attempt
* 1:300571 <-> MALWARE-CNC Win.Trojan.Horabot malicious file download attempt
* 1:300572 <-> MALWARE-CNC Ps1.Trojan.Horabot malicious file download attempt
* 1:300573 <-> MALWARE-CNC Win.Downloader.Horabot malicious file download attempt
* 1:300574 <-> MALWARE-CNC Win.Downloader.Horabot malicious file download attempt
* 1:300575 <-> MALWARE-CNC Win.Downloader.Horabot malicious file download attempt
* 1:300576 <-> MALWARE-CNC Ps1.Trojan.Horabot malicious file download attempt
* 1:300577 <-> MALWARE-OTHER Ps1.Downloader.Horabot malicious file download attempt
* 1:61832 <-> SERVER-WEBAPP Bitrix CMS HTML Editor Module arbitrary code injection attempt
* 1:61833 <-> SERVER-WEBAPP Bitrix CMS Vote Module arbitrary code injection attempt
* 1:61834 <-> SERVER-WEBAPP Bitrix CMS Vote Module PHP file injection attempt
* 1:61835 <-> SERVER-WEBAPP Bitrix CMS HTML Editor Module PHP file injection attempt
* 1:61836 <-> OS-WINDOWS Microsoft Windows DHCP service remove code execution attempt
* 1:61837 <-> SERVER-WEBAPP Ruckus Wireless Admin command injection attempt
* 1:61838 <-> SERVER-WEBAPP Ruckus Wireless Admin command injection attempt
* 1:61839 <-> MALWARE-CNC Win.Trojan.Horabot data exfiltration attempt
* 1:61840 <-> MALWARE-OTHER Win.Trojan.Horabot phishing attempt

Modified Rules:



2023-05-31 01:59:54 UTC

Snort Subscriber Rules Update

Date: 2023-05-31-002

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.20.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:300555 <-> BROWSER-CHROME Google Chrome PerformLayout use after free attempt
* 1:300556 <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download
* 1:300557 <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download
* 1:300558 <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download
* 1:300559 <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download
* 1:300560 <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download
* 1:300561 <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download
* 1:300562 <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download
* 1:300563 <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download
* 1:300564 <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download
* 1:300565 <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download
* 1:300566 <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download
* 1:300567 <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download
* 1:300568 <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download
* 1:300569 <-> MALWARE-CNC Ps1.Trojan.Horabot malicious file download attempt
* 1:300570 <-> MALWARE-OTHER Html.Downloader.Horabot trojan phishing attempt
* 1:300571 <-> MALWARE-CNC Win.Trojan.Horabot malicious file download attempt
* 1:300572 <-> MALWARE-CNC Ps1.Trojan.Horabot malicious file download attempt
* 1:300573 <-> MALWARE-CNC Win.Downloader.Horabot malicious file download attempt
* 1:300574 <-> MALWARE-CNC Win.Downloader.Horabot malicious file download attempt
* 1:300575 <-> MALWARE-CNC Win.Downloader.Horabot malicious file download attempt
* 1:300576 <-> MALWARE-CNC Ps1.Trojan.Horabot malicious file download attempt
* 1:300577 <-> MALWARE-OTHER Ps1.Downloader.Horabot malicious file download attempt
* 1:61832 <-> SERVER-WEBAPP Bitrix CMS HTML Editor Module arbitrary code injection attempt
* 1:61833 <-> SERVER-WEBAPP Bitrix CMS Vote Module arbitrary code injection attempt
* 1:61834 <-> SERVER-WEBAPP Bitrix CMS Vote Module PHP file injection attempt
* 1:61835 <-> SERVER-WEBAPP Bitrix CMS HTML Editor Module PHP file injection attempt
* 1:61836 <-> OS-WINDOWS Microsoft Windows DHCP service remove code execution attempt
* 1:61837 <-> SERVER-WEBAPP Ruckus Wireless Admin command injection attempt
* 1:61838 <-> SERVER-WEBAPP Ruckus Wireless Admin command injection attempt
* 1:61839 <-> MALWARE-CNC Win.Trojan.Horabot data exfiltration attempt
* 1:61840 <-> MALWARE-OTHER Win.Trojan.Horabot phishing attempt

Modified Rules:



2023-05-31 01:59:54 UTC

Snort Subscriber Rules Update

Date: 2023-05-31-002

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.21.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:300555 <-> BROWSER-CHROME Google Chrome PerformLayout use after free attempt
* 1:300556 <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download
* 1:300557 <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download
* 1:300558 <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download
* 1:300559 <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download
* 1:300560 <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download
* 1:300561 <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download
* 1:300562 <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download
* 1:300563 <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download
* 1:300564 <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download
* 1:300565 <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download
* 1:300566 <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download
* 1:300567 <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download
* 1:300568 <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download
* 1:300569 <-> MALWARE-CNC Ps1.Trojan.Horabot malicious file download attempt
* 1:300570 <-> MALWARE-OTHER Html.Downloader.Horabot trojan phishing attempt
* 1:300571 <-> MALWARE-CNC Win.Trojan.Horabot malicious file download attempt
* 1:300572 <-> MALWARE-CNC Ps1.Trojan.Horabot malicious file download attempt
* 1:300573 <-> MALWARE-CNC Win.Downloader.Horabot malicious file download attempt
* 1:300574 <-> MALWARE-CNC Win.Downloader.Horabot malicious file download attempt
* 1:300575 <-> MALWARE-CNC Win.Downloader.Horabot malicious file download attempt
* 1:300576 <-> MALWARE-CNC Ps1.Trojan.Horabot malicious file download attempt
* 1:300577 <-> MALWARE-OTHER Ps1.Downloader.Horabot malicious file download attempt
* 1:61832 <-> SERVER-WEBAPP Bitrix CMS HTML Editor Module arbitrary code injection attempt
* 1:61833 <-> SERVER-WEBAPP Bitrix CMS Vote Module arbitrary code injection attempt
* 1:61834 <-> SERVER-WEBAPP Bitrix CMS Vote Module PHP file injection attempt
* 1:61835 <-> SERVER-WEBAPP Bitrix CMS HTML Editor Module PHP file injection attempt
* 1:61836 <-> OS-WINDOWS Microsoft Windows DHCP service remove code execution attempt
* 1:61837 <-> SERVER-WEBAPP Ruckus Wireless Admin command injection attempt
* 1:61838 <-> SERVER-WEBAPP Ruckus Wireless Admin command injection attempt
* 1:61839 <-> MALWARE-CNC Win.Trojan.Horabot data exfiltration attempt
* 1:61840 <-> MALWARE-OTHER Win.Trojan.Horabot phishing attempt

Modified Rules:



2023-05-31 01:59:54 UTC

Snort Subscriber Rules Update

Date: 2023-05-31-002

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.35.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:300555 <-> BROWSER-CHROME Google Chrome PerformLayout use after free attempt
* 1:300556 <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download
* 1:300557 <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download
* 1:300558 <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download
* 1:300559 <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download
* 1:300560 <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download
* 1:300561 <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download
* 1:300562 <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download
* 1:300563 <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download
* 1:300564 <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download
* 1:300565 <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download
* 1:300566 <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download
* 1:300567 <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download
* 1:300568 <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download
* 1:300569 <-> MALWARE-CNC Ps1.Trojan.Horabot malicious file download attempt
* 1:300570 <-> MALWARE-OTHER Html.Downloader.Horabot trojan phishing attempt
* 1:300571 <-> MALWARE-CNC Win.Trojan.Horabot malicious file download attempt
* 1:300572 <-> MALWARE-CNC Ps1.Trojan.Horabot malicious file download attempt
* 1:300573 <-> MALWARE-CNC Win.Downloader.Horabot malicious file download attempt
* 1:300574 <-> MALWARE-CNC Win.Downloader.Horabot malicious file download attempt
* 1:300575 <-> MALWARE-CNC Win.Downloader.Horabot malicious file download attempt
* 1:300576 <-> MALWARE-CNC Ps1.Trojan.Horabot malicious file download attempt
* 1:300577 <-> MALWARE-OTHER Ps1.Downloader.Horabot malicious file download attempt
* 1:61832 <-> SERVER-WEBAPP Bitrix CMS HTML Editor Module arbitrary code injection attempt
* 1:61833 <-> SERVER-WEBAPP Bitrix CMS Vote Module arbitrary code injection attempt
* 1:61834 <-> SERVER-WEBAPP Bitrix CMS Vote Module PHP file injection attempt
* 1:61835 <-> SERVER-WEBAPP Bitrix CMS HTML Editor Module PHP file injection attempt
* 1:61836 <-> OS-WINDOWS Microsoft Windows DHCP service remove code execution attempt
* 1:61837 <-> SERVER-WEBAPP Ruckus Wireless Admin command injection attempt
* 1:61838 <-> SERVER-WEBAPP Ruckus Wireless Admin command injection attempt
* 1:61839 <-> MALWARE-CNC Win.Trojan.Horabot data exfiltration attempt
* 1:61840 <-> MALWARE-OTHER Win.Trojan.Horabot phishing attempt

Modified Rules:



2023-05-31 01:59:54 UTC

Snort Subscriber Rules Update

Date: 2023-05-31-002

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.44.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:300555 <-> BROWSER-CHROME Google Chrome PerformLayout use after free attempt
* 1:300556 <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download
* 1:300557 <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download
* 1:300558 <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download
* 1:300559 <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download
* 1:300560 <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download
* 1:300561 <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download
* 1:300562 <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download
* 1:300563 <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download
* 1:300564 <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download
* 1:300565 <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download
* 1:300566 <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download
* 1:300567 <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download
* 1:300568 <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download
* 1:300569 <-> MALWARE-CNC Ps1.Trojan.Horabot malicious file download attempt
* 1:300570 <-> MALWARE-OTHER Html.Downloader.Horabot trojan phishing attempt
* 1:300571 <-> MALWARE-CNC Win.Trojan.Horabot malicious file download attempt
* 1:300572 <-> MALWARE-CNC Ps1.Trojan.Horabot malicious file download attempt
* 1:300573 <-> MALWARE-CNC Win.Downloader.Horabot malicious file download attempt
* 1:300574 <-> MALWARE-CNC Win.Downloader.Horabot malicious file download attempt
* 1:300575 <-> MALWARE-CNC Win.Downloader.Horabot malicious file download attempt
* 1:300576 <-> MALWARE-CNC Ps1.Trojan.Horabot malicious file download attempt
* 1:300577 <-> MALWARE-OTHER Ps1.Downloader.Horabot malicious file download attempt
* 1:61832 <-> SERVER-WEBAPP Bitrix CMS HTML Editor Module arbitrary code injection attempt
* 1:61833 <-> SERVER-WEBAPP Bitrix CMS Vote Module arbitrary code injection attempt
* 1:61834 <-> SERVER-WEBAPP Bitrix CMS Vote Module PHP file injection attempt
* 1:61835 <-> SERVER-WEBAPP Bitrix CMS HTML Editor Module PHP file injection attempt
* 1:61836 <-> OS-WINDOWS Microsoft Windows DHCP service remove code execution attempt
* 1:61837 <-> SERVER-WEBAPP Ruckus Wireless Admin command injection attempt
* 1:61838 <-> SERVER-WEBAPP Ruckus Wireless Admin command injection attempt
* 1:61839 <-> MALWARE-CNC Win.Trojan.Horabot data exfiltration attempt
* 1:61840 <-> MALWARE-OTHER Win.Trojan.Horabot phishing attempt

Modified Rules:



2023-05-31 01:59:54 UTC

Snort Subscriber Rules Update

Date: 2023-05-31-002

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.47.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:300555 <-> BROWSER-CHROME Google Chrome PerformLayout use after free attempt
* 1:300556 <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download
* 1:300557 <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download
* 1:300558 <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download
* 1:300559 <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download
* 1:300560 <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download
* 1:300561 <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download
* 1:300562 <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download
* 1:300563 <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download
* 1:300564 <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download
* 1:300565 <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download
* 1:300566 <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download
* 1:300567 <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download
* 1:300568 <-> MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download
* 1:300569 <-> MALWARE-CNC Ps1.Trojan.Horabot malicious file download attempt
* 1:300570 <-> MALWARE-OTHER Html.Downloader.Horabot trojan phishing attempt
* 1:300571 <-> MALWARE-CNC Win.Trojan.Horabot malicious file download attempt
* 1:300572 <-> MALWARE-CNC Ps1.Trojan.Horabot malicious file download attempt
* 1:300573 <-> MALWARE-CNC Win.Downloader.Horabot malicious file download attempt
* 1:300574 <-> MALWARE-CNC Win.Downloader.Horabot malicious file download attempt
* 1:300575 <-> MALWARE-CNC Win.Downloader.Horabot malicious file download attempt
* 1:300576 <-> MALWARE-CNC Ps1.Trojan.Horabot malicious file download attempt
* 1:300577 <-> MALWARE-OTHER Ps1.Downloader.Horabot malicious file download attempt
* 1:61832 <-> SERVER-WEBAPP Bitrix CMS HTML Editor Module arbitrary code injection attempt
* 1:61833 <-> SERVER-WEBAPP Bitrix CMS Vote Module arbitrary code injection attempt
* 1:61834 <-> SERVER-WEBAPP Bitrix CMS Vote Module PHP file injection attempt
* 1:61835 <-> SERVER-WEBAPP Bitrix CMS HTML Editor Module PHP file injection attempt
* 1:61836 <-> OS-WINDOWS Microsoft Windows DHCP service remove code execution attempt
* 1:61837 <-> SERVER-WEBAPP Ruckus Wireless Admin command injection attempt
* 1:61838 <-> SERVER-WEBAPP Ruckus Wireless Admin command injection attempt
* 1:61839 <-> MALWARE-CNC Win.Trojan.Horabot data exfiltration attempt
* 1:61840 <-> MALWARE-OTHER Win.Trojan.Horabot phishing attempt

Modified Rules: