Talos has added and modified multiple rules in the file-identify, file-pdf, indicator-obfuscation, indicator-shellcode and server-webapp rule sets to provide coverage for emerging threats from these technologies.
For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2092000.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:61859 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Cerbu file download (malware-other.rules) * 1:61860 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Cerbu file download (malware-other.rules) * 1:61861 <-> DISABLED <-> INDICATOR-OBFUSCATION .zip top-level domain unicode forward slash obfuscation attempt (indicator-obfuscation.rules) * 1:61862 <-> DISABLED <-> INDICATOR-OBFUSCATION .zip top-level domain unicode forward slash obfuscation attempt (indicator-obfuscation.rules) * 1:61863 <-> DISABLED <-> INDICATOR-OBFUSCATION .zip top-level domain unicode forward slash obfuscation attempt (indicator-obfuscation.rules) * 1:61864 <-> DISABLED <-> INDICATOR-OBFUSCATION .zip top-level domain unicode forward slash obfuscation attempt (indicator-obfuscation.rules) * 1:61865 <-> DISABLED <-> SERVER-WEBAPP Zyxel unauthenticated IKEv2 command injection attempt (server-webapp.rules) * 1:61866 <-> DISABLED <-> SERVER-WEBAPP TP-Link MiniDLNA remote code execution attempt (server-webapp.rules) * 1:61867 <-> DISABLED <-> SERVER-WEBAPP TP-Link MiniDLNA remote code execution attempt (server-webapp.rules) * 1:61868 <-> DISABLED <-> FILE-IDENTIFY sqlite3 magic detected (file-identify.rules) * 1:61869 <-> DISABLED <-> FILE-IDENTIFY sqlite3 magic detected (file-identify.rules) * 1:61870 <-> DISABLED <-> INDICATOR-SHELLCODE Windows Donut x64 loader download attempt (indicator-shellcode.rules) * 1:61871 <-> DISABLED <-> INDICATOR-SHELLCODE Windows Donut x64 loader download attempt (indicator-shellcode.rules) * 1:61872 <-> DISABLED <-> INDICATOR-SHELLCODE Windows Donut x86 loader download attempt (indicator-shellcode.rules) * 1:61873 <-> DISABLED <-> INDICATOR-SHELLCODE Windows Donut x86 loader download attempt (indicator-shellcode.rules) * 3:61874 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2023-1747 attack attempt (file-pdf.rules) * 3:61875 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2023-1747 attack attempt (file-pdf.rules)
* 1:61840 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Horabot phishing attempt (malware-other.rules)
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2091900.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:61870 <-> DISABLED <-> INDICATOR-SHELLCODE Windows Donut x64 loader download attempt (indicator-shellcode.rules) * 1:61862 <-> DISABLED <-> INDICATOR-OBFUSCATION .zip top-level domain unicode forward slash obfuscation attempt (indicator-obfuscation.rules) * 1:61861 <-> DISABLED <-> INDICATOR-OBFUSCATION .zip top-level domain unicode forward slash obfuscation attempt (indicator-obfuscation.rules) * 1:61863 <-> DISABLED <-> INDICATOR-OBFUSCATION .zip top-level domain unicode forward slash obfuscation attempt (indicator-obfuscation.rules) * 1:61859 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Cerbu file download (malware-other.rules) * 1:61864 <-> DISABLED <-> INDICATOR-OBFUSCATION .zip top-level domain unicode forward slash obfuscation attempt (indicator-obfuscation.rules) * 1:61865 <-> DISABLED <-> SERVER-WEBAPP Zyxel unauthenticated IKEv2 command injection attempt (server-webapp.rules) * 1:61866 <-> DISABLED <-> SERVER-WEBAPP TP-Link MiniDLNA remote code execution attempt (server-webapp.rules) * 1:61867 <-> DISABLED <-> SERVER-WEBAPP TP-Link MiniDLNA remote code execution attempt (server-webapp.rules) * 1:61868 <-> DISABLED <-> FILE-IDENTIFY sqlite3 magic detected (file-identify.rules) * 1:61872 <-> DISABLED <-> INDICATOR-SHELLCODE Windows Donut x86 loader download attempt (indicator-shellcode.rules) * 1:61873 <-> DISABLED <-> INDICATOR-SHELLCODE Windows Donut x86 loader download attempt (indicator-shellcode.rules) * 1:61871 <-> DISABLED <-> INDICATOR-SHELLCODE Windows Donut x64 loader download attempt (indicator-shellcode.rules) * 1:61860 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Cerbu file download (malware-other.rules) * 1:61869 <-> DISABLED <-> FILE-IDENTIFY sqlite3 magic detected (file-identify.rules) * 3:61874 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2023-1747 attack attempt (file-pdf.rules) * 3:61875 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2023-1747 attack attempt (file-pdf.rules)
* 1:61840 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Horabot phishing attempt (malware-other.rules)
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2091801.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:61862 <-> DISABLED <-> INDICATOR-OBFUSCATION .zip top-level domain unicode forward slash obfuscation attempt (indicator-obfuscation.rules) * 1:61860 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Cerbu file download (malware-other.rules) * 1:61865 <-> DISABLED <-> SERVER-WEBAPP Zyxel unauthenticated IKEv2 command injection attempt (server-webapp.rules) * 1:61861 <-> DISABLED <-> INDICATOR-OBFUSCATION .zip top-level domain unicode forward slash obfuscation attempt (indicator-obfuscation.rules) * 1:61867 <-> DISABLED <-> SERVER-WEBAPP TP-Link MiniDLNA remote code execution attempt (server-webapp.rules) * 1:61859 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Cerbu file download (malware-other.rules) * 1:61864 <-> DISABLED <-> INDICATOR-OBFUSCATION .zip top-level domain unicode forward slash obfuscation attempt (indicator-obfuscation.rules) * 1:61869 <-> DISABLED <-> FILE-IDENTIFY sqlite3 magic detected (file-identify.rules) * 1:61863 <-> DISABLED <-> INDICATOR-OBFUSCATION .zip top-level domain unicode forward slash obfuscation attempt (indicator-obfuscation.rules) * 1:61868 <-> DISABLED <-> FILE-IDENTIFY sqlite3 magic detected (file-identify.rules) * 1:61866 <-> DISABLED <-> SERVER-WEBAPP TP-Link MiniDLNA remote code execution attempt (server-webapp.rules) * 1:61871 <-> DISABLED <-> INDICATOR-SHELLCODE Windows Donut x64 loader download attempt (indicator-shellcode.rules) * 1:61870 <-> DISABLED <-> INDICATOR-SHELLCODE Windows Donut x64 loader download attempt (indicator-shellcode.rules) * 1:61873 <-> DISABLED <-> INDICATOR-SHELLCODE Windows Donut x86 loader download attempt (indicator-shellcode.rules) * 1:61872 <-> DISABLED <-> INDICATOR-SHELLCODE Windows Donut x86 loader download attempt (indicator-shellcode.rules) * 3:61874 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2023-1747 attack attempt (file-pdf.rules) * 3:61875 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2023-1747 attack attempt (file-pdf.rules)
* 1:61840 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Horabot phishing attempt (malware-other.rules)
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2091701.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:61867 <-> DISABLED <-> SERVER-WEBAPP TP-Link MiniDLNA remote code execution attempt (server-webapp.rules) * 1:61868 <-> DISABLED <-> FILE-IDENTIFY sqlite3 magic detected (file-identify.rules) * 1:61860 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Cerbu file download (malware-other.rules) * 1:61859 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Cerbu file download (malware-other.rules) * 1:61871 <-> DISABLED <-> INDICATOR-SHELLCODE Windows Donut x64 loader download attempt (indicator-shellcode.rules) * 1:61866 <-> DISABLED <-> SERVER-WEBAPP TP-Link MiniDLNA remote code execution attempt (server-webapp.rules) * 1:61873 <-> DISABLED <-> INDICATOR-SHELLCODE Windows Donut x86 loader download attempt (indicator-shellcode.rules) * 1:61870 <-> DISABLED <-> INDICATOR-SHELLCODE Windows Donut x64 loader download attempt (indicator-shellcode.rules) * 1:61872 <-> DISABLED <-> INDICATOR-SHELLCODE Windows Donut x86 loader download attempt (indicator-shellcode.rules) * 1:61862 <-> DISABLED <-> INDICATOR-OBFUSCATION .zip top-level domain unicode forward slash obfuscation attempt (indicator-obfuscation.rules) * 1:61864 <-> DISABLED <-> INDICATOR-OBFUSCATION .zip top-level domain unicode forward slash obfuscation attempt (indicator-obfuscation.rules) * 1:61865 <-> DISABLED <-> SERVER-WEBAPP Zyxel unauthenticated IKEv2 command injection attempt (server-webapp.rules) * 1:61861 <-> DISABLED <-> INDICATOR-OBFUSCATION .zip top-level domain unicode forward slash obfuscation attempt (indicator-obfuscation.rules) * 1:61863 <-> DISABLED <-> INDICATOR-OBFUSCATION .zip top-level domain unicode forward slash obfuscation attempt (indicator-obfuscation.rules) * 1:61869 <-> DISABLED <-> FILE-IDENTIFY sqlite3 magic detected (file-identify.rules) * 3:61874 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2023-1747 attack attempt (file-pdf.rules) * 3:61875 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2023-1747 attack attempt (file-pdf.rules)
* 1:61840 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Horabot phishing attempt (malware-other.rules)
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2091700.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:61863 <-> DISABLED <-> INDICATOR-OBFUSCATION .zip top-level domain unicode forward slash obfuscation attempt (indicator-obfuscation.rules) * 1:61873 <-> DISABLED <-> INDICATOR-SHELLCODE Windows Donut x86 loader download attempt (indicator-shellcode.rules) * 1:61859 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Cerbu file download (malware-other.rules) * 1:61861 <-> DISABLED <-> INDICATOR-OBFUSCATION .zip top-level domain unicode forward slash obfuscation attempt (indicator-obfuscation.rules) * 1:61872 <-> DISABLED <-> INDICATOR-SHELLCODE Windows Donut x86 loader download attempt (indicator-shellcode.rules) * 1:61860 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Cerbu file download (malware-other.rules) * 1:61862 <-> DISABLED <-> INDICATOR-OBFUSCATION .zip top-level domain unicode forward slash obfuscation attempt (indicator-obfuscation.rules) * 1:61867 <-> DISABLED <-> SERVER-WEBAPP TP-Link MiniDLNA remote code execution attempt (server-webapp.rules) * 1:61870 <-> DISABLED <-> INDICATOR-SHELLCODE Windows Donut x64 loader download attempt (indicator-shellcode.rules) * 1:61871 <-> DISABLED <-> INDICATOR-SHELLCODE Windows Donut x64 loader download attempt (indicator-shellcode.rules) * 1:61869 <-> DISABLED <-> FILE-IDENTIFY sqlite3 magic detected (file-identify.rules) * 1:61868 <-> DISABLED <-> FILE-IDENTIFY sqlite3 magic detected (file-identify.rules) * 1:61865 <-> DISABLED <-> SERVER-WEBAPP Zyxel unauthenticated IKEv2 command injection attempt (server-webapp.rules) * 1:61864 <-> DISABLED <-> INDICATOR-OBFUSCATION .zip top-level domain unicode forward slash obfuscation attempt (indicator-obfuscation.rules) * 1:61866 <-> DISABLED <-> SERVER-WEBAPP TP-Link MiniDLNA remote code execution attempt (server-webapp.rules) * 3:61874 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2023-1747 attack attempt (file-pdf.rules) * 3:61875 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2023-1747 attack attempt (file-pdf.rules)
* 1:61840 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Horabot phishing attempt (malware-other.rules)
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2091601.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:61862 <-> DISABLED <-> INDICATOR-OBFUSCATION .zip top-level domain unicode forward slash obfuscation attempt (indicator-obfuscation.rules) * 1:61872 <-> DISABLED <-> INDICATOR-SHELLCODE Windows Donut x86 loader download attempt (indicator-shellcode.rules) * 1:61861 <-> DISABLED <-> INDICATOR-OBFUSCATION .zip top-level domain unicode forward slash obfuscation attempt (indicator-obfuscation.rules) * 1:61863 <-> DISABLED <-> INDICATOR-OBFUSCATION .zip top-level domain unicode forward slash obfuscation attempt (indicator-obfuscation.rules) * 1:61873 <-> DISABLED <-> INDICATOR-SHELLCODE Windows Donut x86 loader download attempt (indicator-shellcode.rules) * 1:61868 <-> DISABLED <-> FILE-IDENTIFY sqlite3 magic detected (file-identify.rules) * 1:61860 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Cerbu file download (malware-other.rules) * 1:61865 <-> DISABLED <-> SERVER-WEBAPP Zyxel unauthenticated IKEv2 command injection attempt (server-webapp.rules) * 1:61870 <-> DISABLED <-> INDICATOR-SHELLCODE Windows Donut x64 loader download attempt (indicator-shellcode.rules) * 1:61859 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Cerbu file download (malware-other.rules) * 1:61864 <-> DISABLED <-> INDICATOR-OBFUSCATION .zip top-level domain unicode forward slash obfuscation attempt (indicator-obfuscation.rules) * 1:61869 <-> DISABLED <-> FILE-IDENTIFY sqlite3 magic detected (file-identify.rules) * 1:61866 <-> DISABLED <-> SERVER-WEBAPP TP-Link MiniDLNA remote code execution attempt (server-webapp.rules) * 1:61871 <-> DISABLED <-> INDICATOR-SHELLCODE Windows Donut x64 loader download attempt (indicator-shellcode.rules) * 1:61867 <-> DISABLED <-> SERVER-WEBAPP TP-Link MiniDLNA remote code execution attempt (server-webapp.rules) * 3:61874 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2023-1747 attack attempt (file-pdf.rules) * 3:61875 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2023-1747 attack attempt (file-pdf.rules)
* 1:61840 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Horabot phishing attempt (malware-other.rules)
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2091600.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:61870 <-> DISABLED <-> INDICATOR-SHELLCODE Windows Donut x64 loader download attempt (indicator-shellcode.rules) * 1:61869 <-> DISABLED <-> FILE-IDENTIFY sqlite3 magic detected (file-identify.rules) * 1:61872 <-> DISABLED <-> INDICATOR-SHELLCODE Windows Donut x86 loader download attempt (indicator-shellcode.rules) * 1:61873 <-> DISABLED <-> INDICATOR-SHELLCODE Windows Donut x86 loader download attempt (indicator-shellcode.rules) * 1:61871 <-> DISABLED <-> INDICATOR-SHELLCODE Windows Donut x64 loader download attempt (indicator-shellcode.rules) * 1:61860 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Cerbu file download (malware-other.rules) * 1:61859 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Cerbu file download (malware-other.rules) * 1:61868 <-> DISABLED <-> FILE-IDENTIFY sqlite3 magic detected (file-identify.rules) * 1:61863 <-> DISABLED <-> INDICATOR-OBFUSCATION .zip top-level domain unicode forward slash obfuscation attempt (indicator-obfuscation.rules) * 1:61864 <-> DISABLED <-> INDICATOR-OBFUSCATION .zip top-level domain unicode forward slash obfuscation attempt (indicator-obfuscation.rules) * 1:61862 <-> DISABLED <-> INDICATOR-OBFUSCATION .zip top-level domain unicode forward slash obfuscation attempt (indicator-obfuscation.rules) * 1:61865 <-> DISABLED <-> SERVER-WEBAPP Zyxel unauthenticated IKEv2 command injection attempt (server-webapp.rules) * 1:61861 <-> DISABLED <-> INDICATOR-OBFUSCATION .zip top-level domain unicode forward slash obfuscation attempt (indicator-obfuscation.rules) * 1:61866 <-> DISABLED <-> SERVER-WEBAPP TP-Link MiniDLNA remote code execution attempt (server-webapp.rules) * 1:61867 <-> DISABLED <-> SERVER-WEBAPP TP-Link MiniDLNA remote code execution attempt (server-webapp.rules) * 3:61874 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2023-1747 attack attempt (file-pdf.rules) * 3:61875 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2023-1747 attack attempt (file-pdf.rules)
* 1:61840 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Horabot phishing attempt (malware-other.rules)
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2091501.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:61872 <-> DISABLED <-> INDICATOR-SHELLCODE Windows Donut x86 loader download attempt (indicator-shellcode.rules) * 1:61864 <-> DISABLED <-> INDICATOR-OBFUSCATION .zip top-level domain unicode forward slash obfuscation attempt (indicator-obfuscation.rules) * 1:61873 <-> DISABLED <-> INDICATOR-SHELLCODE Windows Donut x86 loader download attempt (indicator-shellcode.rules) * 1:61868 <-> DISABLED <-> FILE-IDENTIFY sqlite3 magic detected (file-identify.rules) * 1:61862 <-> DISABLED <-> INDICATOR-OBFUSCATION .zip top-level domain unicode forward slash obfuscation attempt (indicator-obfuscation.rules) * 1:61859 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Cerbu file download (malware-other.rules) * 1:61871 <-> DISABLED <-> INDICATOR-SHELLCODE Windows Donut x64 loader download attempt (indicator-shellcode.rules) * 1:61861 <-> DISABLED <-> INDICATOR-OBFUSCATION .zip top-level domain unicode forward slash obfuscation attempt (indicator-obfuscation.rules) * 1:61866 <-> DISABLED <-> SERVER-WEBAPP TP-Link MiniDLNA remote code execution attempt (server-webapp.rules) * 1:61863 <-> DISABLED <-> INDICATOR-OBFUSCATION .zip top-level domain unicode forward slash obfuscation attempt (indicator-obfuscation.rules) * 1:61870 <-> DISABLED <-> INDICATOR-SHELLCODE Windows Donut x64 loader download attempt (indicator-shellcode.rules) * 1:61869 <-> DISABLED <-> FILE-IDENTIFY sqlite3 magic detected (file-identify.rules) * 1:61867 <-> DISABLED <-> SERVER-WEBAPP TP-Link MiniDLNA remote code execution attempt (server-webapp.rules) * 1:61860 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Cerbu file download (malware-other.rules) * 1:61865 <-> DISABLED <-> SERVER-WEBAPP Zyxel unauthenticated IKEv2 command injection attempt (server-webapp.rules) * 3:61875 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2023-1747 attack attempt (file-pdf.rules) * 3:61874 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2023-1747 attack attempt (file-pdf.rules)
* 1:61840 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Horabot phishing attempt (malware-other.rules)
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2091401.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:61862 <-> DISABLED <-> INDICATOR-OBFUSCATION .zip top-level domain unicode forward slash obfuscation attempt (indicator-obfuscation.rules) * 1:61872 <-> DISABLED <-> INDICATOR-SHELLCODE Windows Donut x86 loader download attempt (indicator-shellcode.rules) * 1:61871 <-> DISABLED <-> INDICATOR-SHELLCODE Windows Donut x64 loader download attempt (indicator-shellcode.rules) * 1:61861 <-> DISABLED <-> INDICATOR-OBFUSCATION .zip top-level domain unicode forward slash obfuscation attempt (indicator-obfuscation.rules) * 1:61859 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Cerbu file download (malware-other.rules) * 1:61863 <-> DISABLED <-> INDICATOR-OBFUSCATION .zip top-level domain unicode forward slash obfuscation attempt (indicator-obfuscation.rules) * 1:61865 <-> DISABLED <-> SERVER-WEBAPP Zyxel unauthenticated IKEv2 command injection attempt (server-webapp.rules) * 1:61866 <-> DISABLED <-> SERVER-WEBAPP TP-Link MiniDLNA remote code execution attempt (server-webapp.rules) * 1:61860 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Cerbu file download (malware-other.rules) * 1:61867 <-> DISABLED <-> SERVER-WEBAPP TP-Link MiniDLNA remote code execution attempt (server-webapp.rules) * 1:61868 <-> DISABLED <-> FILE-IDENTIFY sqlite3 magic detected (file-identify.rules) * 1:61869 <-> DISABLED <-> FILE-IDENTIFY sqlite3 magic detected (file-identify.rules) * 1:61870 <-> DISABLED <-> INDICATOR-SHELLCODE Windows Donut x64 loader download attempt (indicator-shellcode.rules) * 1:61864 <-> DISABLED <-> INDICATOR-OBFUSCATION .zip top-level domain unicode forward slash obfuscation attempt (indicator-obfuscation.rules) * 1:61873 <-> DISABLED <-> INDICATOR-SHELLCODE Windows Donut x86 loader download attempt (indicator-shellcode.rules) * 3:61874 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2023-1747 attack attempt (file-pdf.rules) * 3:61875 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2023-1747 attack attempt (file-pdf.rules)
* 1:61840 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Horabot phishing attempt (malware-other.rules)
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2091300.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:61870 <-> DISABLED <-> INDICATOR-SHELLCODE Windows Donut x64 loader download attempt (indicator-shellcode.rules) * 1:61869 <-> DISABLED <-> FILE-IDENTIFY sqlite3 magic detected (file-identify.rules) * 1:61863 <-> DISABLED <-> INDICATOR-OBFUSCATION .zip top-level domain unicode forward slash obfuscation attempt (indicator-obfuscation.rules) * 1:61861 <-> DISABLED <-> INDICATOR-OBFUSCATION .zip top-level domain unicode forward slash obfuscation attempt (indicator-obfuscation.rules) * 1:61872 <-> DISABLED <-> INDICATOR-SHELLCODE Windows Donut x86 loader download attempt (indicator-shellcode.rules) * 1:61867 <-> DISABLED <-> SERVER-WEBAPP TP-Link MiniDLNA remote code execution attempt (server-webapp.rules) * 1:61873 <-> DISABLED <-> INDICATOR-SHELLCODE Windows Donut x86 loader download attempt (indicator-shellcode.rules) * 1:61859 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Cerbu file download (malware-other.rules) * 1:61860 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Cerbu file download (malware-other.rules) * 1:61871 <-> DISABLED <-> INDICATOR-SHELLCODE Windows Donut x64 loader download attempt (indicator-shellcode.rules) * 1:61866 <-> DISABLED <-> SERVER-WEBAPP TP-Link MiniDLNA remote code execution attempt (server-webapp.rules) * 1:61865 <-> DISABLED <-> SERVER-WEBAPP Zyxel unauthenticated IKEv2 command injection attempt (server-webapp.rules) * 1:61864 <-> DISABLED <-> INDICATOR-OBFUSCATION .zip top-level domain unicode forward slash obfuscation attempt (indicator-obfuscation.rules) * 1:61868 <-> DISABLED <-> FILE-IDENTIFY sqlite3 magic detected (file-identify.rules) * 1:61862 <-> DISABLED <-> INDICATOR-OBFUSCATION .zip top-level domain unicode forward slash obfuscation attempt (indicator-obfuscation.rules) * 3:61874 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2023-1747 attack attempt (file-pdf.rules) * 3:61875 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2023-1747 attack attempt (file-pdf.rules)
* 1:61840 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Horabot phishing attempt (malware-other.rules)
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2091101.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:61862 <-> DISABLED <-> INDICATOR-OBFUSCATION .zip top-level domain unicode forward slash obfuscation attempt (indicator-obfuscation.rules) * 1:61865 <-> DISABLED <-> SERVER-WEBAPP Zyxel unauthenticated IKEv2 command injection attempt (server-webapp.rules) * 1:61872 <-> DISABLED <-> INDICATOR-SHELLCODE Windows Donut x86 loader download attempt (indicator-shellcode.rules) * 1:61871 <-> DISABLED <-> INDICATOR-SHELLCODE Windows Donut x64 loader download attempt (indicator-shellcode.rules) * 1:61859 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Cerbu file download (malware-other.rules) * 1:61863 <-> DISABLED <-> INDICATOR-OBFUSCATION .zip top-level domain unicode forward slash obfuscation attempt (indicator-obfuscation.rules) * 1:61860 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Cerbu file download (malware-other.rules) * 1:61864 <-> DISABLED <-> INDICATOR-OBFUSCATION .zip top-level domain unicode forward slash obfuscation attempt (indicator-obfuscation.rules) * 1:61866 <-> DISABLED <-> SERVER-WEBAPP TP-Link MiniDLNA remote code execution attempt (server-webapp.rules) * 1:61867 <-> DISABLED <-> SERVER-WEBAPP TP-Link MiniDLNA remote code execution attempt (server-webapp.rules) * 1:61861 <-> DISABLED <-> INDICATOR-OBFUSCATION .zip top-level domain unicode forward slash obfuscation attempt (indicator-obfuscation.rules) * 1:61868 <-> DISABLED <-> FILE-IDENTIFY sqlite3 magic detected (file-identify.rules) * 1:61873 <-> DISABLED <-> INDICATOR-SHELLCODE Windows Donut x86 loader download attempt (indicator-shellcode.rules) * 1:61869 <-> DISABLED <-> FILE-IDENTIFY sqlite3 magic detected (file-identify.rules) * 1:61870 <-> DISABLED <-> INDICATOR-SHELLCODE Windows Donut x64 loader download attempt (indicator-shellcode.rules) * 3:61875 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2023-1747 attack attempt (file-pdf.rules) * 3:61874 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2023-1747 attack attempt (file-pdf.rules)
* 1:61840 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Horabot phishing attempt (malware-other.rules)
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3000.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:61865 <-> ENABLED <-> SERVER-WEBAPP Zyxel unauthenticated IKEv2 command injection attempt (snort3-server-webapp.rules)
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2983.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:61869 <-> DISABLED <-> FILE-IDENTIFY sqlite3 magic detected (file-identify.rules) * 1:61868 <-> DISABLED <-> FILE-IDENTIFY sqlite3 magic detected (file-identify.rules) * 1:61872 <-> DISABLED <-> INDICATOR-SHELLCODE Windows Donut x86 loader download attempt (indicator-shellcode.rules) * 1:61871 <-> DISABLED <-> INDICATOR-SHELLCODE Windows Donut x64 loader download attempt (indicator-shellcode.rules) * 1:61870 <-> DISABLED <-> INDICATOR-SHELLCODE Windows Donut x64 loader download attempt (indicator-shellcode.rules) * 1:61873 <-> DISABLED <-> INDICATOR-SHELLCODE Windows Donut x86 loader download attempt (indicator-shellcode.rules) * 1:61860 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Cerbu file download (malware-other.rules) * 1:61862 <-> DISABLED <-> INDICATOR-OBFUSCATION .zip top-level domain unicode forward slash obfuscation attempt (indicator-obfuscation.rules) * 1:61859 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Cerbu file download (malware-other.rules) * 1:61863 <-> DISABLED <-> INDICATOR-OBFUSCATION .zip top-level domain unicode forward slash obfuscation attempt (indicator-obfuscation.rules) * 1:61864 <-> DISABLED <-> INDICATOR-OBFUSCATION .zip top-level domain unicode forward slash obfuscation attempt (indicator-obfuscation.rules) * 1:61865 <-> DISABLED <-> SERVER-WEBAPP Zyxel unauthenticated IKEv2 command injection attempt (server-webapp.rules) * 1:61866 <-> DISABLED <-> SERVER-WEBAPP TP-Link MiniDLNA remote code execution attempt (server-webapp.rules) * 1:61867 <-> DISABLED <-> SERVER-WEBAPP TP-Link MiniDLNA remote code execution attempt (server-webapp.rules) * 1:61861 <-> DISABLED <-> INDICATOR-OBFUSCATION .zip top-level domain unicode forward slash obfuscation attempt (indicator-obfuscation.rules)
* 1:61840 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Horabot phishing attempt (malware-other.rules)
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.0.3.1.
The format of the file is:
gid:sid <-> Message
* 1:300578 <-> MALWARE-OTHER Win.Trojan.Cerbu file download * 1:300579 <-> FILE-IDENTIFY sqlite3 magic detected * 1:300580 <-> INDICATOR-SHELLCODE Windows Donut x64 loader download attempt * 1:300581 <-> INDICATOR-SHELLCODE Windows Donut x86 loader download attempt * 1:61861 <-> INDICATOR-OBFUSCATION .zip top-level domain unicode forward slash obfuscation attempt * 1:61862 <-> INDICATOR-OBFUSCATION .zip top-level domain unicode forward slash obfuscation attempt * 1:61863 <-> INDICATOR-OBFUSCATION .zip top-level domain unicode forward slash obfuscation attempt * 1:61864 <-> INDICATOR-OBFUSCATION .zip top-level domain unicode forward slash obfuscation attempt * 1:61865 <-> SERVER-WEBAPP Zyxel unauthenticated IKEv2 command injection attempt * 1:61866 <-> SERVER-WEBAPP TP-Link MiniDLNA remote code execution attempt * 1:61867 <-> SERVER-WEBAPP TP-Link MiniDLNA remote code execution attempt * 3:61874 <-> FILE-PDF TRUFFLEHUNTER TALOS-2023-1747 attack attempt * 3:61875 <-> FILE-PDF TRUFFLEHUNTER TALOS-2023-1747 attack attempt
* 1:61840 <-> MALWARE-OTHER Win.Trojan.Horabot phishing attempt
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.0.3.4.
The format of the file is:
gid:sid <-> Message
* 1:300578 <-> MALWARE-OTHER Win.Trojan.Cerbu file download * 1:300579 <-> FILE-IDENTIFY sqlite3 magic detected * 1:300580 <-> INDICATOR-SHELLCODE Windows Donut x64 loader download attempt * 1:300581 <-> INDICATOR-SHELLCODE Windows Donut x86 loader download attempt * 1:61861 <-> INDICATOR-OBFUSCATION .zip top-level domain unicode forward slash obfuscation attempt * 1:61862 <-> INDICATOR-OBFUSCATION .zip top-level domain unicode forward slash obfuscation attempt * 1:61863 <-> INDICATOR-OBFUSCATION .zip top-level domain unicode forward slash obfuscation attempt * 1:61864 <-> INDICATOR-OBFUSCATION .zip top-level domain unicode forward slash obfuscation attempt * 1:61865 <-> SERVER-WEBAPP Zyxel unauthenticated IKEv2 command injection attempt * 1:61866 <-> SERVER-WEBAPP TP-Link MiniDLNA remote code execution attempt * 1:61867 <-> SERVER-WEBAPP TP-Link MiniDLNA remote code execution attempt * 3:61874 <-> FILE-PDF TRUFFLEHUNTER TALOS-2023-1747 attack attempt * 3:61875 <-> FILE-PDF TRUFFLEHUNTER TALOS-2023-1747 attack attempt
* 1:61840 <-> MALWARE-OTHER Win.Trojan.Horabot phishing attempt
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.0.0.
The format of the file is:
gid:sid <-> Message
* 1:300578 <-> MALWARE-OTHER Win.Trojan.Cerbu file download * 1:300579 <-> FILE-IDENTIFY sqlite3 magic detected * 1:300580 <-> INDICATOR-SHELLCODE Windows Donut x64 loader download attempt * 1:300581 <-> INDICATOR-SHELLCODE Windows Donut x86 loader download attempt * 1:61861 <-> INDICATOR-OBFUSCATION .zip top-level domain unicode forward slash obfuscation attempt * 1:61862 <-> INDICATOR-OBFUSCATION .zip top-level domain unicode forward slash obfuscation attempt * 1:61863 <-> INDICATOR-OBFUSCATION .zip top-level domain unicode forward slash obfuscation attempt * 1:61864 <-> INDICATOR-OBFUSCATION .zip top-level domain unicode forward slash obfuscation attempt * 1:61865 <-> SERVER-WEBAPP Zyxel unauthenticated IKEv2 command injection attempt * 1:61866 <-> SERVER-WEBAPP TP-Link MiniDLNA remote code execution attempt * 1:61867 <-> SERVER-WEBAPP TP-Link MiniDLNA remote code execution attempt * 3:61874 <-> FILE-PDF TRUFFLEHUNTER TALOS-2023-1747 attack attempt * 3:61875 <-> FILE-PDF TRUFFLEHUNTER TALOS-2023-1747 attack attempt
* 1:61840 <-> MALWARE-OTHER Win.Trojan.Horabot phishing attempt
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.0.1.
The format of the file is:
gid:sid <-> Message
* 1:300578 <-> MALWARE-OTHER Win.Trojan.Cerbu file download * 1:300579 <-> FILE-IDENTIFY sqlite3 magic detected * 1:300580 <-> INDICATOR-SHELLCODE Windows Donut x64 loader download attempt * 1:300581 <-> INDICATOR-SHELLCODE Windows Donut x86 loader download attempt * 1:61861 <-> INDICATOR-OBFUSCATION .zip top-level domain unicode forward slash obfuscation attempt * 1:61862 <-> INDICATOR-OBFUSCATION .zip top-level domain unicode forward slash obfuscation attempt * 1:61863 <-> INDICATOR-OBFUSCATION .zip top-level domain unicode forward slash obfuscation attempt * 1:61864 <-> INDICATOR-OBFUSCATION .zip top-level domain unicode forward slash obfuscation attempt * 1:61865 <-> SERVER-WEBAPP Zyxel unauthenticated IKEv2 command injection attempt * 1:61866 <-> SERVER-WEBAPP TP-Link MiniDLNA remote code execution attempt * 1:61867 <-> SERVER-WEBAPP TP-Link MiniDLNA remote code execution attempt * 3:61874 <-> FILE-PDF TRUFFLEHUNTER TALOS-2023-1747 attack attempt * 3:61875 <-> FILE-PDF TRUFFLEHUNTER TALOS-2023-1747 attack attempt
* 1:61840 <-> MALWARE-OTHER Win.Trojan.Horabot phishing attempt
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.1.0.
The format of the file is:
gid:sid <-> Message
* 1:300578 <-> MALWARE-OTHER Win.Trojan.Cerbu file download * 1:300579 <-> FILE-IDENTIFY sqlite3 magic detected * 1:300580 <-> INDICATOR-SHELLCODE Windows Donut x64 loader download attempt * 1:300581 <-> INDICATOR-SHELLCODE Windows Donut x86 loader download attempt * 1:61861 <-> INDICATOR-OBFUSCATION .zip top-level domain unicode forward slash obfuscation attempt * 1:61862 <-> INDICATOR-OBFUSCATION .zip top-level domain unicode forward slash obfuscation attempt * 1:61863 <-> INDICATOR-OBFUSCATION .zip top-level domain unicode forward slash obfuscation attempt * 1:61864 <-> INDICATOR-OBFUSCATION .zip top-level domain unicode forward slash obfuscation attempt * 1:61865 <-> SERVER-WEBAPP Zyxel unauthenticated IKEv2 command injection attempt * 1:61866 <-> SERVER-WEBAPP TP-Link MiniDLNA remote code execution attempt * 1:61867 <-> SERVER-WEBAPP TP-Link MiniDLNA remote code execution attempt * 3:61874 <-> FILE-PDF TRUFFLEHUNTER TALOS-2023-1747 attack attempt * 3:61875 <-> FILE-PDF TRUFFLEHUNTER TALOS-2023-1747 attack attempt
* 1:61840 <-> MALWARE-OTHER Win.Trojan.Horabot phishing attempt
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.3.0.
The format of the file is:
gid:sid <-> Message
* 1:300578 <-> MALWARE-OTHER Win.Trojan.Cerbu file download * 1:300579 <-> FILE-IDENTIFY sqlite3 magic detected * 1:300580 <-> INDICATOR-SHELLCODE Windows Donut x64 loader download attempt * 1:300581 <-> INDICATOR-SHELLCODE Windows Donut x86 loader download attempt * 1:61861 <-> INDICATOR-OBFUSCATION .zip top-level domain unicode forward slash obfuscation attempt * 1:61862 <-> INDICATOR-OBFUSCATION .zip top-level domain unicode forward slash obfuscation attempt * 1:61863 <-> INDICATOR-OBFUSCATION .zip top-level domain unicode forward slash obfuscation attempt * 1:61864 <-> INDICATOR-OBFUSCATION .zip top-level domain unicode forward slash obfuscation attempt * 1:61865 <-> SERVER-WEBAPP Zyxel unauthenticated IKEv2 command injection attempt * 1:61866 <-> SERVER-WEBAPP TP-Link MiniDLNA remote code execution attempt * 1:61867 <-> SERVER-WEBAPP TP-Link MiniDLNA remote code execution attempt * 3:61874 <-> FILE-PDF TRUFFLEHUNTER TALOS-2023-1747 attack attempt * 3:61875 <-> FILE-PDF TRUFFLEHUNTER TALOS-2023-1747 attack attempt
* 1:61840 <-> MALWARE-OTHER Win.Trojan.Horabot phishing attempt
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.4.0.
The format of the file is:
gid:sid <-> Message
* 1:300578 <-> MALWARE-OTHER Win.Trojan.Cerbu file download * 1:300579 <-> FILE-IDENTIFY sqlite3 magic detected * 1:300580 <-> INDICATOR-SHELLCODE Windows Donut x64 loader download attempt * 1:300581 <-> INDICATOR-SHELLCODE Windows Donut x86 loader download attempt * 1:61861 <-> INDICATOR-OBFUSCATION .zip top-level domain unicode forward slash obfuscation attempt * 1:61862 <-> INDICATOR-OBFUSCATION .zip top-level domain unicode forward slash obfuscation attempt * 1:61863 <-> INDICATOR-OBFUSCATION .zip top-level domain unicode forward slash obfuscation attempt * 1:61864 <-> INDICATOR-OBFUSCATION .zip top-level domain unicode forward slash obfuscation attempt * 1:61865 <-> SERVER-WEBAPP Zyxel unauthenticated IKEv2 command injection attempt * 1:61866 <-> SERVER-WEBAPP TP-Link MiniDLNA remote code execution attempt * 1:61867 <-> SERVER-WEBAPP TP-Link MiniDLNA remote code execution attempt * 3:61874 <-> FILE-PDF TRUFFLEHUNTER TALOS-2023-1747 attack attempt * 3:61875 <-> FILE-PDF TRUFFLEHUNTER TALOS-2023-1747 attack attempt
* 1:61840 <-> MALWARE-OTHER Win.Trojan.Horabot phishing attempt
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.5.0.
The format of the file is:
gid:sid <-> Message
* 1:300578 <-> MALWARE-OTHER Win.Trojan.Cerbu file download * 1:300579 <-> FILE-IDENTIFY sqlite3 magic detected * 1:300580 <-> INDICATOR-SHELLCODE Windows Donut x64 loader download attempt * 1:300581 <-> INDICATOR-SHELLCODE Windows Donut x86 loader download attempt * 1:61861 <-> INDICATOR-OBFUSCATION .zip top-level domain unicode forward slash obfuscation attempt * 1:61862 <-> INDICATOR-OBFUSCATION .zip top-level domain unicode forward slash obfuscation attempt * 1:61863 <-> INDICATOR-OBFUSCATION .zip top-level domain unicode forward slash obfuscation attempt * 1:61864 <-> INDICATOR-OBFUSCATION .zip top-level domain unicode forward slash obfuscation attempt * 1:61865 <-> SERVER-WEBAPP Zyxel unauthenticated IKEv2 command injection attempt * 1:61866 <-> SERVER-WEBAPP TP-Link MiniDLNA remote code execution attempt * 1:61867 <-> SERVER-WEBAPP TP-Link MiniDLNA remote code execution attempt * 3:61874 <-> FILE-PDF TRUFFLEHUNTER TALOS-2023-1747 attack attempt * 3:61875 <-> FILE-PDF TRUFFLEHUNTER TALOS-2023-1747 attack attempt
* 1:61840 <-> MALWARE-OTHER Win.Trojan.Horabot phishing attempt
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.7.0.
The format of the file is:
gid:sid <-> Message
* 1:300578 <-> MALWARE-OTHER Win.Trojan.Cerbu file download * 1:300579 <-> FILE-IDENTIFY sqlite3 magic detected * 1:300580 <-> INDICATOR-SHELLCODE Windows Donut x64 loader download attempt * 1:300581 <-> INDICATOR-SHELLCODE Windows Donut x86 loader download attempt * 1:61861 <-> INDICATOR-OBFUSCATION .zip top-level domain unicode forward slash obfuscation attempt * 1:61862 <-> INDICATOR-OBFUSCATION .zip top-level domain unicode forward slash obfuscation attempt * 1:61863 <-> INDICATOR-OBFUSCATION .zip top-level domain unicode forward slash obfuscation attempt * 1:61864 <-> INDICATOR-OBFUSCATION .zip top-level domain unicode forward slash obfuscation attempt * 1:61865 <-> SERVER-WEBAPP Zyxel unauthenticated IKEv2 command injection attempt * 1:61866 <-> SERVER-WEBAPP TP-Link MiniDLNA remote code execution attempt * 1:61867 <-> SERVER-WEBAPP TP-Link MiniDLNA remote code execution attempt * 3:61874 <-> FILE-PDF TRUFFLEHUNTER TALOS-2023-1747 attack attempt * 3:61875 <-> FILE-PDF TRUFFLEHUNTER TALOS-2023-1747 attack attempt
* 1:61840 <-> MALWARE-OTHER Win.Trojan.Horabot phishing attempt
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.9.0.
The format of the file is:
gid:sid <-> Message
* 1:300578 <-> MALWARE-OTHER Win.Trojan.Cerbu file download * 1:300579 <-> FILE-IDENTIFY sqlite3 magic detected * 1:300580 <-> INDICATOR-SHELLCODE Windows Donut x64 loader download attempt * 1:300581 <-> INDICATOR-SHELLCODE Windows Donut x86 loader download attempt * 1:61861 <-> INDICATOR-OBFUSCATION .zip top-level domain unicode forward slash obfuscation attempt * 1:61862 <-> INDICATOR-OBFUSCATION .zip top-level domain unicode forward slash obfuscation attempt * 1:61863 <-> INDICATOR-OBFUSCATION .zip top-level domain unicode forward slash obfuscation attempt * 1:61864 <-> INDICATOR-OBFUSCATION .zip top-level domain unicode forward slash obfuscation attempt * 1:61865 <-> SERVER-WEBAPP Zyxel unauthenticated IKEv2 command injection attempt * 1:61866 <-> SERVER-WEBAPP TP-Link MiniDLNA remote code execution attempt * 1:61867 <-> SERVER-WEBAPP TP-Link MiniDLNA remote code execution attempt * 3:61874 <-> FILE-PDF TRUFFLEHUNTER TALOS-2023-1747 attack attempt * 3:61875 <-> FILE-PDF TRUFFLEHUNTER TALOS-2023-1747 attack attempt
* 1:61840 <-> MALWARE-OTHER Win.Trojan.Horabot phishing attempt
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.11.0.
The format of the file is:
gid:sid <-> Message
* 1:300578 <-> MALWARE-OTHER Win.Trojan.Cerbu file download * 1:300579 <-> FILE-IDENTIFY sqlite3 magic detected * 1:300580 <-> INDICATOR-SHELLCODE Windows Donut x64 loader download attempt * 1:300581 <-> INDICATOR-SHELLCODE Windows Donut x86 loader download attempt * 1:61861 <-> INDICATOR-OBFUSCATION .zip top-level domain unicode forward slash obfuscation attempt * 1:61862 <-> INDICATOR-OBFUSCATION .zip top-level domain unicode forward slash obfuscation attempt * 1:61863 <-> INDICATOR-OBFUSCATION .zip top-level domain unicode forward slash obfuscation attempt * 1:61864 <-> INDICATOR-OBFUSCATION .zip top-level domain unicode forward slash obfuscation attempt * 1:61865 <-> SERVER-WEBAPP Zyxel unauthenticated IKEv2 command injection attempt * 1:61866 <-> SERVER-WEBAPP TP-Link MiniDLNA remote code execution attempt * 1:61867 <-> SERVER-WEBAPP TP-Link MiniDLNA remote code execution attempt * 3:61874 <-> FILE-PDF TRUFFLEHUNTER TALOS-2023-1747 attack attempt * 3:61875 <-> FILE-PDF TRUFFLEHUNTER TALOS-2023-1747 attack attempt
* 1:61840 <-> MALWARE-OTHER Win.Trojan.Horabot phishing attempt
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.15.0.
The format of the file is:
gid:sid <-> Message
* 1:300578 <-> MALWARE-OTHER Win.Trojan.Cerbu file download * 1:300579 <-> FILE-IDENTIFY sqlite3 magic detected * 1:300580 <-> INDICATOR-SHELLCODE Windows Donut x64 loader download attempt * 1:300581 <-> INDICATOR-SHELLCODE Windows Donut x86 loader download attempt * 1:61861 <-> INDICATOR-OBFUSCATION .zip top-level domain unicode forward slash obfuscation attempt * 1:61862 <-> INDICATOR-OBFUSCATION .zip top-level domain unicode forward slash obfuscation attempt * 1:61863 <-> INDICATOR-OBFUSCATION .zip top-level domain unicode forward slash obfuscation attempt * 1:61864 <-> INDICATOR-OBFUSCATION .zip top-level domain unicode forward slash obfuscation attempt * 1:61865 <-> SERVER-WEBAPP Zyxel unauthenticated IKEv2 command injection attempt * 1:61866 <-> SERVER-WEBAPP TP-Link MiniDLNA remote code execution attempt * 1:61867 <-> SERVER-WEBAPP TP-Link MiniDLNA remote code execution attempt * 3:61874 <-> FILE-PDF TRUFFLEHUNTER TALOS-2023-1747 attack attempt * 3:61875 <-> FILE-PDF TRUFFLEHUNTER TALOS-2023-1747 attack attempt
* 1:61840 <-> MALWARE-OTHER Win.Trojan.Horabot phishing attempt
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.18.0.
The format of the file is:
gid:sid <-> Message
* 1:300578 <-> MALWARE-OTHER Win.Trojan.Cerbu file download * 1:300579 <-> FILE-IDENTIFY sqlite3 magic detected * 1:300580 <-> INDICATOR-SHELLCODE Windows Donut x64 loader download attempt * 1:300581 <-> INDICATOR-SHELLCODE Windows Donut x86 loader download attempt * 1:61861 <-> INDICATOR-OBFUSCATION .zip top-level domain unicode forward slash obfuscation attempt * 1:61862 <-> INDICATOR-OBFUSCATION .zip top-level domain unicode forward slash obfuscation attempt * 1:61863 <-> INDICATOR-OBFUSCATION .zip top-level domain unicode forward slash obfuscation attempt * 1:61864 <-> INDICATOR-OBFUSCATION .zip top-level domain unicode forward slash obfuscation attempt * 1:61865 <-> SERVER-WEBAPP Zyxel unauthenticated IKEv2 command injection attempt * 1:61866 <-> SERVER-WEBAPP TP-Link MiniDLNA remote code execution attempt * 1:61867 <-> SERVER-WEBAPP TP-Link MiniDLNA remote code execution attempt * 3:61874 <-> FILE-PDF TRUFFLEHUNTER TALOS-2023-1747 attack attempt * 3:61875 <-> FILE-PDF TRUFFLEHUNTER TALOS-2023-1747 attack attempt
* 1:61840 <-> MALWARE-OTHER Win.Trojan.Horabot phishing attempt
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.20.0.
The format of the file is:
gid:sid <-> Message
* 1:300578 <-> MALWARE-OTHER Win.Trojan.Cerbu file download * 1:300579 <-> FILE-IDENTIFY sqlite3 magic detected * 1:300580 <-> INDICATOR-SHELLCODE Windows Donut x64 loader download attempt * 1:300581 <-> INDICATOR-SHELLCODE Windows Donut x86 loader download attempt * 1:61861 <-> INDICATOR-OBFUSCATION .zip top-level domain unicode forward slash obfuscation attempt * 1:61862 <-> INDICATOR-OBFUSCATION .zip top-level domain unicode forward slash obfuscation attempt * 1:61863 <-> INDICATOR-OBFUSCATION .zip top-level domain unicode forward slash obfuscation attempt * 1:61864 <-> INDICATOR-OBFUSCATION .zip top-level domain unicode forward slash obfuscation attempt * 1:61865 <-> SERVER-WEBAPP Zyxel unauthenticated IKEv2 command injection attempt * 1:61866 <-> SERVER-WEBAPP TP-Link MiniDLNA remote code execution attempt * 1:61867 <-> SERVER-WEBAPP TP-Link MiniDLNA remote code execution attempt * 3:61874 <-> FILE-PDF TRUFFLEHUNTER TALOS-2023-1747 attack attempt * 3:61875 <-> FILE-PDF TRUFFLEHUNTER TALOS-2023-1747 attack attempt
* 1:61840 <-> MALWARE-OTHER Win.Trojan.Horabot phishing attempt
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.21.0.
The format of the file is:
gid:sid <-> Message
* 1:300578 <-> MALWARE-OTHER Win.Trojan.Cerbu file download * 1:300579 <-> FILE-IDENTIFY sqlite3 magic detected * 1:300580 <-> INDICATOR-SHELLCODE Windows Donut x64 loader download attempt * 1:300581 <-> INDICATOR-SHELLCODE Windows Donut x86 loader download attempt * 1:61861 <-> INDICATOR-OBFUSCATION .zip top-level domain unicode forward slash obfuscation attempt * 1:61862 <-> INDICATOR-OBFUSCATION .zip top-level domain unicode forward slash obfuscation attempt * 1:61863 <-> INDICATOR-OBFUSCATION .zip top-level domain unicode forward slash obfuscation attempt * 1:61864 <-> INDICATOR-OBFUSCATION .zip top-level domain unicode forward slash obfuscation attempt * 1:61865 <-> SERVER-WEBAPP Zyxel unauthenticated IKEv2 command injection attempt * 1:61866 <-> SERVER-WEBAPP TP-Link MiniDLNA remote code execution attempt * 1:61867 <-> SERVER-WEBAPP TP-Link MiniDLNA remote code execution attempt * 3:61874 <-> FILE-PDF TRUFFLEHUNTER TALOS-2023-1747 attack attempt * 3:61875 <-> FILE-PDF TRUFFLEHUNTER TALOS-2023-1747 attack attempt
* 1:61840 <-> MALWARE-OTHER Win.Trojan.Horabot phishing attempt
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.35.0.
The format of the file is:
gid:sid <-> Message
* 1:300578 <-> MALWARE-OTHER Win.Trojan.Cerbu file download * 1:300579 <-> FILE-IDENTIFY sqlite3 magic detected * 1:300580 <-> INDICATOR-SHELLCODE Windows Donut x64 loader download attempt * 1:300581 <-> INDICATOR-SHELLCODE Windows Donut x86 loader download attempt * 1:61861 <-> INDICATOR-OBFUSCATION .zip top-level domain unicode forward slash obfuscation attempt * 1:61862 <-> INDICATOR-OBFUSCATION .zip top-level domain unicode forward slash obfuscation attempt * 1:61863 <-> INDICATOR-OBFUSCATION .zip top-level domain unicode forward slash obfuscation attempt * 1:61864 <-> INDICATOR-OBFUSCATION .zip top-level domain unicode forward slash obfuscation attempt * 1:61865 <-> SERVER-WEBAPP Zyxel unauthenticated IKEv2 command injection attempt * 1:61866 <-> SERVER-WEBAPP TP-Link MiniDLNA remote code execution attempt * 1:61867 <-> SERVER-WEBAPP TP-Link MiniDLNA remote code execution attempt * 3:61874 <-> FILE-PDF TRUFFLEHUNTER TALOS-2023-1747 attack attempt * 3:61875 <-> FILE-PDF TRUFFLEHUNTER TALOS-2023-1747 attack attempt
* 1:61840 <-> MALWARE-OTHER Win.Trojan.Horabot phishing attempt
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.44.0.
The format of the file is:
gid:sid <-> Message
* 1:300578 <-> MALWARE-OTHER Win.Trojan.Cerbu file download * 1:300579 <-> FILE-IDENTIFY sqlite3 magic detected * 1:300580 <-> INDICATOR-SHELLCODE Windows Donut x64 loader download attempt * 1:300581 <-> INDICATOR-SHELLCODE Windows Donut x86 loader download attempt * 1:61861 <-> INDICATOR-OBFUSCATION .zip top-level domain unicode forward slash obfuscation attempt * 1:61862 <-> INDICATOR-OBFUSCATION .zip top-level domain unicode forward slash obfuscation attempt * 1:61863 <-> INDICATOR-OBFUSCATION .zip top-level domain unicode forward slash obfuscation attempt * 1:61864 <-> INDICATOR-OBFUSCATION .zip top-level domain unicode forward slash obfuscation attempt * 1:61865 <-> SERVER-WEBAPP Zyxel unauthenticated IKEv2 command injection attempt * 1:61866 <-> SERVER-WEBAPP TP-Link MiniDLNA remote code execution attempt * 1:61867 <-> SERVER-WEBAPP TP-Link MiniDLNA remote code execution attempt * 3:61874 <-> FILE-PDF TRUFFLEHUNTER TALOS-2023-1747 attack attempt * 3:61875 <-> FILE-PDF TRUFFLEHUNTER TALOS-2023-1747 attack attempt
* 1:61840 <-> MALWARE-OTHER Win.Trojan.Horabot phishing attempt
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.47.0.
The format of the file is:
gid:sid <-> Message
* 1:300578 <-> MALWARE-OTHER Win.Trojan.Cerbu file download * 1:300579 <-> FILE-IDENTIFY sqlite3 magic detected * 1:300580 <-> INDICATOR-SHELLCODE Windows Donut x64 loader download attempt * 1:300581 <-> INDICATOR-SHELLCODE Windows Donut x86 loader download attempt * 1:61861 <-> INDICATOR-OBFUSCATION .zip top-level domain unicode forward slash obfuscation attempt * 1:61862 <-> INDICATOR-OBFUSCATION .zip top-level domain unicode forward slash obfuscation attempt * 1:61863 <-> INDICATOR-OBFUSCATION .zip top-level domain unicode forward slash obfuscation attempt * 1:61864 <-> INDICATOR-OBFUSCATION .zip top-level domain unicode forward slash obfuscation attempt * 1:61865 <-> SERVER-WEBAPP Zyxel unauthenticated IKEv2 command injection attempt * 1:61866 <-> SERVER-WEBAPP TP-Link MiniDLNA remote code execution attempt * 1:61867 <-> SERVER-WEBAPP TP-Link MiniDLNA remote code execution attempt * 3:61874 <-> FILE-PDF TRUFFLEHUNTER TALOS-2023-1747 attack attempt * 3:61875 <-> FILE-PDF TRUFFLEHUNTER TALOS-2023-1747 attack attempt
* 1:61840 <-> MALWARE-OTHER Win.Trojan.Horabot phishing attempt
©2024 Cisco and/or its affiliates. Snort, the Snort and Pig logo are registered trademarks of Cisco. All rights reserved.
