Talos has added and modified multiple rules in the malware-cnc, malware-other and server-webapp rule sets to provide coverage for emerging threats from these technologies.
For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2092000.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:64461 <-> DISABLED <-> MALWARE-OTHER Win.Loader.Agent variant download attempt (malware-other.rules) * 1:64462 <-> DISABLED <-> MALWARE-OTHER Win.Loader.Agent variant download attempt (malware-other.rules) * 1:64463 <-> DISABLED <-> SERVER-WEBAPP Nostromo httpd directory traversal attempt (server-webapp.rules) * 1:64464 <-> DISABLED <-> SERVER-WEBAPP Nostromo httpd directory traversal attempt (server-webapp.rules) * 1:64465 <-> DISABLED <-> MALWARE-CNC Win.Trojan.KoiStealer outbound connection attempt (malware-cnc.rules) * 1:64466 <-> DISABLED <-> MALWARE-CNC Win.Trojan.KoiStealer outbound connection attempt (malware-cnc.rules) * 1:64467 <-> DISABLED <-> MALWARE-CNC Win.Trojan.KoiStealer outbound connection attempt (malware-cnc.rules) * 1:64468 <-> DISABLED <-> POLICY-SPAM Fake account validable email phishing attempt (policy-spam.rules)
* 1:24339 <-> DISABLED <-> SERVER-WEBAPP Multiple products XML external entity parsing information disclosure attempt (server-webapp.rules) * 1:64378 <-> DISABLED <-> SERVER-WEBAPP Fortinet FortiOS out of bounds write attempt (server-webapp.rules)
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2091900.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:64464 <-> DISABLED <-> SERVER-WEBAPP Nostromo httpd directory traversal attempt (server-webapp.rules) * 1:64466 <-> DISABLED <-> MALWARE-CNC Win.Trojan.KoiStealer outbound connection attempt (malware-cnc.rules) * 1:64467 <-> DISABLED <-> MALWARE-CNC Win.Trojan.KoiStealer outbound connection attempt (malware-cnc.rules) * 1:64462 <-> DISABLED <-> MALWARE-OTHER Win.Loader.Agent variant download attempt (malware-other.rules) * 1:64465 <-> DISABLED <-> MALWARE-CNC Win.Trojan.KoiStealer outbound connection attempt (malware-cnc.rules) * 1:64468 <-> DISABLED <-> POLICY-SPAM Fake account validable email phishing attempt (policy-spam.rules) * 1:64461 <-> DISABLED <-> MALWARE-OTHER Win.Loader.Agent variant download attempt (malware-other.rules) * 1:64463 <-> DISABLED <-> SERVER-WEBAPP Nostromo httpd directory traversal attempt (server-webapp.rules)
* 1:24339 <-> DISABLED <-> SERVER-WEBAPP Multiple products XML external entity parsing information disclosure attempt (server-webapp.rules) * 1:64378 <-> DISABLED <-> SERVER-WEBAPP Fortinet FortiOS out of bounds write attempt (server-webapp.rules)
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2091801.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:64461 <-> DISABLED <-> MALWARE-OTHER Win.Loader.Agent variant download attempt (malware-other.rules) * 1:64465 <-> DISABLED <-> MALWARE-CNC Win.Trojan.KoiStealer outbound connection attempt (malware-cnc.rules) * 1:64468 <-> DISABLED <-> POLICY-SPAM Fake account validable email phishing attempt (policy-spam.rules) * 1:64466 <-> DISABLED <-> MALWARE-CNC Win.Trojan.KoiStealer outbound connection attempt (malware-cnc.rules) * 1:64462 <-> DISABLED <-> MALWARE-OTHER Win.Loader.Agent variant download attempt (malware-other.rules) * 1:64463 <-> DISABLED <-> SERVER-WEBAPP Nostromo httpd directory traversal attempt (server-webapp.rules) * 1:64464 <-> DISABLED <-> SERVER-WEBAPP Nostromo httpd directory traversal attempt (server-webapp.rules) * 1:64467 <-> DISABLED <-> MALWARE-CNC Win.Trojan.KoiStealer outbound connection attempt (malware-cnc.rules)
* 1:24339 <-> DISABLED <-> SERVER-WEBAPP Multiple products XML external entity parsing information disclosure attempt (server-webapp.rules) * 1:64378 <-> DISABLED <-> SERVER-WEBAPP Fortinet FortiOS out of bounds write attempt (server-webapp.rules)
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2091701.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:64464 <-> DISABLED <-> SERVER-WEBAPP Nostromo httpd directory traversal attempt (server-webapp.rules) * 1:64465 <-> DISABLED <-> MALWARE-CNC Win.Trojan.KoiStealer outbound connection attempt (malware-cnc.rules) * 1:64468 <-> DISABLED <-> POLICY-SPAM Fake account validable email phishing attempt (policy-spam.rules) * 1:64467 <-> DISABLED <-> MALWARE-CNC Win.Trojan.KoiStealer outbound connection attempt (malware-cnc.rules) * 1:64463 <-> DISABLED <-> SERVER-WEBAPP Nostromo httpd directory traversal attempt (server-webapp.rules) * 1:64461 <-> DISABLED <-> MALWARE-OTHER Win.Loader.Agent variant download attempt (malware-other.rules) * 1:64466 <-> DISABLED <-> MALWARE-CNC Win.Trojan.KoiStealer outbound connection attempt (malware-cnc.rules) * 1:64462 <-> DISABLED <-> MALWARE-OTHER Win.Loader.Agent variant download attempt (malware-other.rules)
* 1:64378 <-> DISABLED <-> SERVER-WEBAPP Fortinet FortiOS out of bounds write attempt (server-webapp.rules) * 1:24339 <-> DISABLED <-> SERVER-WEBAPP Multiple products XML external entity parsing information disclosure attempt (server-webapp.rules)
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2091700.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:64463 <-> DISABLED <-> SERVER-WEBAPP Nostromo httpd directory traversal attempt (server-webapp.rules) * 1:64468 <-> DISABLED <-> POLICY-SPAM Fake account validable email phishing attempt (policy-spam.rules) * 1:64462 <-> DISABLED <-> MALWARE-OTHER Win.Loader.Agent variant download attempt (malware-other.rules) * 1:64465 <-> DISABLED <-> MALWARE-CNC Win.Trojan.KoiStealer outbound connection attempt (malware-cnc.rules) * 1:64461 <-> DISABLED <-> MALWARE-OTHER Win.Loader.Agent variant download attempt (malware-other.rules) * 1:64464 <-> DISABLED <-> SERVER-WEBAPP Nostromo httpd directory traversal attempt (server-webapp.rules) * 1:64466 <-> DISABLED <-> MALWARE-CNC Win.Trojan.KoiStealer outbound connection attempt (malware-cnc.rules) * 1:64467 <-> DISABLED <-> MALWARE-CNC Win.Trojan.KoiStealer outbound connection attempt (malware-cnc.rules)
* 1:64378 <-> DISABLED <-> SERVER-WEBAPP Fortinet FortiOS out of bounds write attempt (server-webapp.rules) * 1:24339 <-> DISABLED <-> SERVER-WEBAPP Multiple products XML external entity parsing information disclosure attempt (server-webapp.rules)
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2091601.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:64468 <-> DISABLED <-> POLICY-SPAM Fake account validable email phishing attempt (policy-spam.rules) * 1:64462 <-> DISABLED <-> MALWARE-OTHER Win.Loader.Agent variant download attempt (malware-other.rules) * 1:64463 <-> DISABLED <-> SERVER-WEBAPP Nostromo httpd directory traversal attempt (server-webapp.rules) * 1:64464 <-> DISABLED <-> SERVER-WEBAPP Nostromo httpd directory traversal attempt (server-webapp.rules) * 1:64467 <-> DISABLED <-> MALWARE-CNC Win.Trojan.KoiStealer outbound connection attempt (malware-cnc.rules) * 1:64466 <-> DISABLED <-> MALWARE-CNC Win.Trojan.KoiStealer outbound connection attempt (malware-cnc.rules) * 1:64461 <-> DISABLED <-> MALWARE-OTHER Win.Loader.Agent variant download attempt (malware-other.rules) * 1:64465 <-> DISABLED <-> MALWARE-CNC Win.Trojan.KoiStealer outbound connection attempt (malware-cnc.rules)
* 1:24339 <-> DISABLED <-> SERVER-WEBAPP Multiple products XML external entity parsing information disclosure attempt (server-webapp.rules) * 1:64378 <-> DISABLED <-> SERVER-WEBAPP Fortinet FortiOS out of bounds write attempt (server-webapp.rules)
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2091600.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:64463 <-> DISABLED <-> SERVER-WEBAPP Nostromo httpd directory traversal attempt (server-webapp.rules) * 1:64467 <-> DISABLED <-> MALWARE-CNC Win.Trojan.KoiStealer outbound connection attempt (malware-cnc.rules) * 1:64465 <-> DISABLED <-> MALWARE-CNC Win.Trojan.KoiStealer outbound connection attempt (malware-cnc.rules) * 1:64462 <-> DISABLED <-> MALWARE-OTHER Win.Loader.Agent variant download attempt (malware-other.rules) * 1:64461 <-> DISABLED <-> MALWARE-OTHER Win.Loader.Agent variant download attempt (malware-other.rules) * 1:64466 <-> DISABLED <-> MALWARE-CNC Win.Trojan.KoiStealer outbound connection attempt (malware-cnc.rules) * 1:64464 <-> DISABLED <-> SERVER-WEBAPP Nostromo httpd directory traversal attempt (server-webapp.rules) * 1:64468 <-> DISABLED <-> POLICY-SPAM Fake account validable email phishing attempt (policy-spam.rules)
* 1:64378 <-> DISABLED <-> SERVER-WEBAPP Fortinet FortiOS out of bounds write attempt (server-webapp.rules) * 1:24339 <-> DISABLED <-> SERVER-WEBAPP Multiple products XML external entity parsing information disclosure attempt (server-webapp.rules)
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2091501.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:64463 <-> DISABLED <-> SERVER-WEBAPP Nostromo httpd directory traversal attempt (server-webapp.rules) * 1:64467 <-> DISABLED <-> MALWARE-CNC Win.Trojan.KoiStealer outbound connection attempt (malware-cnc.rules) * 1:64466 <-> DISABLED <-> MALWARE-CNC Win.Trojan.KoiStealer outbound connection attempt (malware-cnc.rules) * 1:64468 <-> DISABLED <-> POLICY-SPAM Fake account validable email phishing attempt (policy-spam.rules) * 1:64462 <-> DISABLED <-> MALWARE-OTHER Win.Loader.Agent variant download attempt (malware-other.rules) * 1:64465 <-> DISABLED <-> MALWARE-CNC Win.Trojan.KoiStealer outbound connection attempt (malware-cnc.rules) * 1:64461 <-> DISABLED <-> MALWARE-OTHER Win.Loader.Agent variant download attempt (malware-other.rules) * 1:64464 <-> DISABLED <-> SERVER-WEBAPP Nostromo httpd directory traversal attempt (server-webapp.rules)
* 1:24339 <-> DISABLED <-> SERVER-WEBAPP Multiple products XML external entity parsing information disclosure attempt (server-webapp.rules) * 1:64378 <-> DISABLED <-> SERVER-WEBAPP Fortinet FortiOS out of bounds write attempt (server-webapp.rules)
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2091401.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:64461 <-> DISABLED <-> MALWARE-OTHER Win.Loader.Agent variant download attempt (malware-other.rules) * 1:64468 <-> DISABLED <-> POLICY-SPAM Fake account validable email phishing attempt (policy-spam.rules) * 1:64463 <-> DISABLED <-> SERVER-WEBAPP Nostromo httpd directory traversal attempt (server-webapp.rules) * 1:64466 <-> DISABLED <-> MALWARE-CNC Win.Trojan.KoiStealer outbound connection attempt (malware-cnc.rules) * 1:64465 <-> DISABLED <-> MALWARE-CNC Win.Trojan.KoiStealer outbound connection attempt (malware-cnc.rules) * 1:64464 <-> DISABLED <-> SERVER-WEBAPP Nostromo httpd directory traversal attempt (server-webapp.rules) * 1:64467 <-> DISABLED <-> MALWARE-CNC Win.Trojan.KoiStealer outbound connection attempt (malware-cnc.rules) * 1:64462 <-> DISABLED <-> MALWARE-OTHER Win.Loader.Agent variant download attempt (malware-other.rules)
* 1:64378 <-> DISABLED <-> SERVER-WEBAPP Fortinet FortiOS out of bounds write attempt (server-webapp.rules) * 1:24339 <-> DISABLED <-> SERVER-WEBAPP Multiple products XML external entity parsing information disclosure attempt (server-webapp.rules)
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2091300.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:64462 <-> DISABLED <-> MALWARE-OTHER Win.Loader.Agent variant download attempt (malware-other.rules) * 1:64468 <-> DISABLED <-> POLICY-SPAM Fake account validable email phishing attempt (policy-spam.rules) * 1:64464 <-> DISABLED <-> SERVER-WEBAPP Nostromo httpd directory traversal attempt (server-webapp.rules) * 1:64465 <-> DISABLED <-> MALWARE-CNC Win.Trojan.KoiStealer outbound connection attempt (malware-cnc.rules) * 1:64467 <-> DISABLED <-> MALWARE-CNC Win.Trojan.KoiStealer outbound connection attempt (malware-cnc.rules) * 1:64463 <-> DISABLED <-> SERVER-WEBAPP Nostromo httpd directory traversal attempt (server-webapp.rules) * 1:64461 <-> DISABLED <-> MALWARE-OTHER Win.Loader.Agent variant download attempt (malware-other.rules) * 1:64466 <-> DISABLED <-> MALWARE-CNC Win.Trojan.KoiStealer outbound connection attempt (malware-cnc.rules)
* 1:24339 <-> DISABLED <-> SERVER-WEBAPP Multiple products XML external entity parsing information disclosure attempt (server-webapp.rules) * 1:64378 <-> DISABLED <-> SERVER-WEBAPP Fortinet FortiOS out of bounds write attempt (server-webapp.rules)
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2091101.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:64464 <-> DISABLED <-> SERVER-WEBAPP Nostromo httpd directory traversal attempt (server-webapp.rules) * 1:64461 <-> DISABLED <-> MALWARE-OTHER Win.Loader.Agent variant download attempt (malware-other.rules) * 1:64462 <-> DISABLED <-> MALWARE-OTHER Win.Loader.Agent variant download attempt (malware-other.rules) * 1:64466 <-> DISABLED <-> MALWARE-CNC Win.Trojan.KoiStealer outbound connection attempt (malware-cnc.rules) * 1:64467 <-> DISABLED <-> MALWARE-CNC Win.Trojan.KoiStealer outbound connection attempt (malware-cnc.rules) * 1:64468 <-> DISABLED <-> POLICY-SPAM Fake account validable email phishing attempt (policy-spam.rules) * 1:64465 <-> DISABLED <-> MALWARE-CNC Win.Trojan.KoiStealer outbound connection attempt (malware-cnc.rules) * 1:64463 <-> DISABLED <-> SERVER-WEBAPP Nostromo httpd directory traversal attempt (server-webapp.rules)
* 1:64378 <-> DISABLED <-> SERVER-WEBAPP Fortinet FortiOS out of bounds write attempt (server-webapp.rules) * 1:24339 <-> DISABLED <-> SERVER-WEBAPP Multiple products XML external entity parsing information disclosure attempt (server-webapp.rules)
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.0.0.0.
The format of the file is:
gid:sid <-> Message
* 1:301124 <-> MALWARE-OTHER Win.Loader.Agent variant download attempt * 1:64463 <-> SERVER-WEBAPP Nostromo httpd directory traversal attempt * 1:64464 <-> SERVER-WEBAPP Nostromo httpd directory traversal attempt * 1:64465 <-> MALWARE-CNC Win.Trojan.KoiStealer outbound connection attempt * 1:64466 <-> MALWARE-CNC Win.Trojan.KoiStealer outbound connection attempt * 1:64467 <-> MALWARE-CNC Win.Trojan.KoiStealer outbound connection attempt * 1:64468 <-> POLICY-SPAM Fake account validable email phishing attempt
* 1:24339 <-> SERVER-WEBAPP Multiple products XML external entity parsing information disclosure attempt * 1:60885 <-> SERVER-WEBAPP Nostromo httpd directory traversal attempt
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.0.3.1.
The format of the file is:
gid:sid <-> Message
* 1:301124 <-> MALWARE-OTHER Win.Loader.Agent variant download attempt * 1:64463 <-> SERVER-WEBAPP Nostromo httpd directory traversal attempt * 1:64464 <-> SERVER-WEBAPP Nostromo httpd directory traversal attempt * 1:64465 <-> MALWARE-CNC Win.Trojan.KoiStealer outbound connection attempt * 1:64466 <-> MALWARE-CNC Win.Trojan.KoiStealer outbound connection attempt * 1:64467 <-> MALWARE-CNC Win.Trojan.KoiStealer outbound connection attempt * 1:64468 <-> POLICY-SPAM Fake account validable email phishing attempt
* 1:24339 <-> SERVER-WEBAPP Multiple products XML external entity parsing information disclosure attempt * 1:60885 <-> SERVER-WEBAPP Nostromo httpd directory traversal attempt
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.0.3.4.
The format of the file is:
gid:sid <-> Message
* 1:301124 <-> MALWARE-OTHER Win.Loader.Agent variant download attempt * 1:64463 <-> SERVER-WEBAPP Nostromo httpd directory traversal attempt * 1:64464 <-> SERVER-WEBAPP Nostromo httpd directory traversal attempt * 1:64465 <-> MALWARE-CNC Win.Trojan.KoiStealer outbound connection attempt * 1:64466 <-> MALWARE-CNC Win.Trojan.KoiStealer outbound connection attempt * 1:64467 <-> MALWARE-CNC Win.Trojan.KoiStealer outbound connection attempt * 1:64468 <-> POLICY-SPAM Fake account validable email phishing attempt
* 1:24339 <-> SERVER-WEBAPP Multiple products XML external entity parsing information disclosure attempt * 1:60885 <-> SERVER-WEBAPP Nostromo httpd directory traversal attempt
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.0.0.
The format of the file is:
gid:sid <-> Message
* 1:301124 <-> MALWARE-OTHER Win.Loader.Agent variant download attempt * 1:64463 <-> SERVER-WEBAPP Nostromo httpd directory traversal attempt * 1:64464 <-> SERVER-WEBAPP Nostromo httpd directory traversal attempt * 1:64465 <-> MALWARE-CNC Win.Trojan.KoiStealer outbound connection attempt * 1:64466 <-> MALWARE-CNC Win.Trojan.KoiStealer outbound connection attempt * 1:64467 <-> MALWARE-CNC Win.Trojan.KoiStealer outbound connection attempt * 1:64468 <-> POLICY-SPAM Fake account validable email phishing attempt
* 1:24339 <-> SERVER-WEBAPP Multiple products XML external entity parsing information disclosure attempt * 1:60885 <-> SERVER-WEBAPP Nostromo httpd directory traversal attempt
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.0.1.
The format of the file is:
gid:sid <-> Message
* 1:301124 <-> MALWARE-OTHER Win.Loader.Agent variant download attempt * 1:64463 <-> SERVER-WEBAPP Nostromo httpd directory traversal attempt * 1:64464 <-> SERVER-WEBAPP Nostromo httpd directory traversal attempt * 1:64465 <-> MALWARE-CNC Win.Trojan.KoiStealer outbound connection attempt * 1:64466 <-> MALWARE-CNC Win.Trojan.KoiStealer outbound connection attempt * 1:64467 <-> MALWARE-CNC Win.Trojan.KoiStealer outbound connection attempt * 1:64468 <-> POLICY-SPAM Fake account validable email phishing attempt
* 1:24339 <-> SERVER-WEBAPP Multiple products XML external entity parsing information disclosure attempt * 1:60885 <-> SERVER-WEBAPP Nostromo httpd directory traversal attempt
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.1.0.
The format of the file is:
gid:sid <-> Message
* 1:301124 <-> MALWARE-OTHER Win.Loader.Agent variant download attempt * 1:64463 <-> SERVER-WEBAPP Nostromo httpd directory traversal attempt * 1:64464 <-> SERVER-WEBAPP Nostromo httpd directory traversal attempt * 1:64465 <-> MALWARE-CNC Win.Trojan.KoiStealer outbound connection attempt * 1:64466 <-> MALWARE-CNC Win.Trojan.KoiStealer outbound connection attempt * 1:64467 <-> MALWARE-CNC Win.Trojan.KoiStealer outbound connection attempt * 1:64468 <-> POLICY-SPAM Fake account validable email phishing attempt
* 1:24339 <-> SERVER-WEBAPP Multiple products XML external entity parsing information disclosure attempt * 1:60885 <-> SERVER-WEBAPP Nostromo httpd directory traversal attempt
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.3.0.
The format of the file is:
gid:sid <-> Message
* 1:301124 <-> MALWARE-OTHER Win.Loader.Agent variant download attempt * 1:64463 <-> SERVER-WEBAPP Nostromo httpd directory traversal attempt * 1:64464 <-> SERVER-WEBAPP Nostromo httpd directory traversal attempt * 1:64465 <-> MALWARE-CNC Win.Trojan.KoiStealer outbound connection attempt * 1:64466 <-> MALWARE-CNC Win.Trojan.KoiStealer outbound connection attempt * 1:64467 <-> MALWARE-CNC Win.Trojan.KoiStealer outbound connection attempt * 1:64468 <-> POLICY-SPAM Fake account validable email phishing attempt
* 1:24339 <-> SERVER-WEBAPP Multiple products XML external entity parsing information disclosure attempt * 1:60885 <-> SERVER-WEBAPP Nostromo httpd directory traversal attempt
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.4.0.
The format of the file is:
gid:sid <-> Message
* 1:301124 <-> MALWARE-OTHER Win.Loader.Agent variant download attempt * 1:64463 <-> SERVER-WEBAPP Nostromo httpd directory traversal attempt * 1:64464 <-> SERVER-WEBAPP Nostromo httpd directory traversal attempt * 1:64465 <-> MALWARE-CNC Win.Trojan.KoiStealer outbound connection attempt * 1:64466 <-> MALWARE-CNC Win.Trojan.KoiStealer outbound connection attempt * 1:64467 <-> MALWARE-CNC Win.Trojan.KoiStealer outbound connection attempt * 1:64468 <-> POLICY-SPAM Fake account validable email phishing attempt
* 1:24339 <-> SERVER-WEBAPP Multiple products XML external entity parsing information disclosure attempt * 1:60885 <-> SERVER-WEBAPP Nostromo httpd directory traversal attempt
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.5.0.
The format of the file is:
gid:sid <-> Message
* 1:301124 <-> MALWARE-OTHER Win.Loader.Agent variant download attempt * 1:64463 <-> SERVER-WEBAPP Nostromo httpd directory traversal attempt * 1:64464 <-> SERVER-WEBAPP Nostromo httpd directory traversal attempt * 1:64465 <-> MALWARE-CNC Win.Trojan.KoiStealer outbound connection attempt * 1:64466 <-> MALWARE-CNC Win.Trojan.KoiStealer outbound connection attempt * 1:64467 <-> MALWARE-CNC Win.Trojan.KoiStealer outbound connection attempt * 1:64468 <-> POLICY-SPAM Fake account validable email phishing attempt
* 1:24339 <-> SERVER-WEBAPP Multiple products XML external entity parsing information disclosure attempt * 1:60885 <-> SERVER-WEBAPP Nostromo httpd directory traversal attempt
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.7.0.
The format of the file is:
gid:sid <-> Message
* 1:301124 <-> MALWARE-OTHER Win.Loader.Agent variant download attempt * 1:64463 <-> SERVER-WEBAPP Nostromo httpd directory traversal attempt * 1:64464 <-> SERVER-WEBAPP Nostromo httpd directory traversal attempt * 1:64465 <-> MALWARE-CNC Win.Trojan.KoiStealer outbound connection attempt * 1:64466 <-> MALWARE-CNC Win.Trojan.KoiStealer outbound connection attempt * 1:64467 <-> MALWARE-CNC Win.Trojan.KoiStealer outbound connection attempt * 1:64468 <-> POLICY-SPAM Fake account validable email phishing attempt
* 1:24339 <-> SERVER-WEBAPP Multiple products XML external entity parsing information disclosure attempt * 1:60885 <-> SERVER-WEBAPP Nostromo httpd directory traversal attempt
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.9.0.
The format of the file is:
gid:sid <-> Message
* 1:301124 <-> MALWARE-OTHER Win.Loader.Agent variant download attempt * 1:64463 <-> SERVER-WEBAPP Nostromo httpd directory traversal attempt * 1:64464 <-> SERVER-WEBAPP Nostromo httpd directory traversal attempt * 1:64465 <-> MALWARE-CNC Win.Trojan.KoiStealer outbound connection attempt * 1:64466 <-> MALWARE-CNC Win.Trojan.KoiStealer outbound connection attempt * 1:64467 <-> MALWARE-CNC Win.Trojan.KoiStealer outbound connection attempt * 1:64468 <-> POLICY-SPAM Fake account validable email phishing attempt
* 1:24339 <-> SERVER-WEBAPP Multiple products XML external entity parsing information disclosure attempt * 1:60885 <-> SERVER-WEBAPP Nostromo httpd directory traversal attempt
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.2.0.0.
The format of the file is:
gid:sid <-> Message
* 1:301124 <-> MALWARE-OTHER Win.Loader.Agent variant download attempt * 1:64463 <-> SERVER-WEBAPP Nostromo httpd directory traversal attempt * 1:64464 <-> SERVER-WEBAPP Nostromo httpd directory traversal attempt * 1:64465 <-> MALWARE-CNC Win.Trojan.KoiStealer outbound connection attempt * 1:64466 <-> MALWARE-CNC Win.Trojan.KoiStealer outbound connection attempt * 1:64467 <-> MALWARE-CNC Win.Trojan.KoiStealer outbound connection attempt * 1:64468 <-> POLICY-SPAM Fake account validable email phishing attempt
* 1:24339 <-> SERVER-WEBAPP Multiple products XML external entity parsing information disclosure attempt * 1:60885 <-> SERVER-WEBAPP Nostromo httpd directory traversal attempt
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.11.0.
The format of the file is:
gid:sid <-> Message
* 1:301124 <-> MALWARE-OTHER Win.Loader.Agent variant download attempt * 1:64463 <-> SERVER-WEBAPP Nostromo httpd directory traversal attempt * 1:64464 <-> SERVER-WEBAPP Nostromo httpd directory traversal attempt * 1:64465 <-> MALWARE-CNC Win.Trojan.KoiStealer outbound connection attempt * 1:64466 <-> MALWARE-CNC Win.Trojan.KoiStealer outbound connection attempt * 1:64467 <-> MALWARE-CNC Win.Trojan.KoiStealer outbound connection attempt * 1:64468 <-> POLICY-SPAM Fake account validable email phishing attempt
* 1:24339 <-> SERVER-WEBAPP Multiple products XML external entity parsing information disclosure attempt * 1:60885 <-> SERVER-WEBAPP Nostromo httpd directory traversal attempt
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.15.0.
The format of the file is:
gid:sid <-> Message
* 1:301124 <-> MALWARE-OTHER Win.Loader.Agent variant download attempt * 1:64463 <-> SERVER-WEBAPP Nostromo httpd directory traversal attempt * 1:64464 <-> SERVER-WEBAPP Nostromo httpd directory traversal attempt * 1:64465 <-> MALWARE-CNC Win.Trojan.KoiStealer outbound connection attempt * 1:64466 <-> MALWARE-CNC Win.Trojan.KoiStealer outbound connection attempt * 1:64467 <-> MALWARE-CNC Win.Trojan.KoiStealer outbound connection attempt * 1:64468 <-> POLICY-SPAM Fake account validable email phishing attempt
* 1:24339 <-> SERVER-WEBAPP Multiple products XML external entity parsing information disclosure attempt * 1:60885 <-> SERVER-WEBAPP Nostromo httpd directory traversal attempt
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.18.0.
The format of the file is:
gid:sid <-> Message
* 1:301124 <-> MALWARE-OTHER Win.Loader.Agent variant download attempt * 1:64463 <-> SERVER-WEBAPP Nostromo httpd directory traversal attempt * 1:64464 <-> SERVER-WEBAPP Nostromo httpd directory traversal attempt * 1:64465 <-> MALWARE-CNC Win.Trojan.KoiStealer outbound connection attempt * 1:64466 <-> MALWARE-CNC Win.Trojan.KoiStealer outbound connection attempt * 1:64467 <-> MALWARE-CNC Win.Trojan.KoiStealer outbound connection attempt * 1:64468 <-> POLICY-SPAM Fake account validable email phishing attempt
* 1:24339 <-> SERVER-WEBAPP Multiple products XML external entity parsing information disclosure attempt * 1:60885 <-> SERVER-WEBAPP Nostromo httpd directory traversal attempt
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.20.0.
The format of the file is:
gid:sid <-> Message
* 1:301124 <-> MALWARE-OTHER Win.Loader.Agent variant download attempt * 1:64463 <-> SERVER-WEBAPP Nostromo httpd directory traversal attempt * 1:64464 <-> SERVER-WEBAPP Nostromo httpd directory traversal attempt * 1:64465 <-> MALWARE-CNC Win.Trojan.KoiStealer outbound connection attempt * 1:64466 <-> MALWARE-CNC Win.Trojan.KoiStealer outbound connection attempt * 1:64467 <-> MALWARE-CNC Win.Trojan.KoiStealer outbound connection attempt * 1:64468 <-> POLICY-SPAM Fake account validable email phishing attempt
* 1:24339 <-> SERVER-WEBAPP Multiple products XML external entity parsing information disclosure attempt * 1:60885 <-> SERVER-WEBAPP Nostromo httpd directory traversal attempt
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.21.0.
The format of the file is:
gid:sid <-> Message
* 1:301124 <-> MALWARE-OTHER Win.Loader.Agent variant download attempt * 1:64463 <-> SERVER-WEBAPP Nostromo httpd directory traversal attempt * 1:64464 <-> SERVER-WEBAPP Nostromo httpd directory traversal attempt * 1:64465 <-> MALWARE-CNC Win.Trojan.KoiStealer outbound connection attempt * 1:64466 <-> MALWARE-CNC Win.Trojan.KoiStealer outbound connection attempt * 1:64467 <-> MALWARE-CNC Win.Trojan.KoiStealer outbound connection attempt * 1:64468 <-> POLICY-SPAM Fake account validable email phishing attempt
* 1:24339 <-> SERVER-WEBAPP Multiple products XML external entity parsing information disclosure attempt * 1:60885 <-> SERVER-WEBAPP Nostromo httpd directory traversal attempt
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.35.0.
The format of the file is:
gid:sid <-> Message
* 1:301124 <-> MALWARE-OTHER Win.Loader.Agent variant download attempt * 1:64463 <-> SERVER-WEBAPP Nostromo httpd directory traversal attempt * 1:64464 <-> SERVER-WEBAPP Nostromo httpd directory traversal attempt * 1:64465 <-> MALWARE-CNC Win.Trojan.KoiStealer outbound connection attempt * 1:64466 <-> MALWARE-CNC Win.Trojan.KoiStealer outbound connection attempt * 1:64467 <-> MALWARE-CNC Win.Trojan.KoiStealer outbound connection attempt * 1:64468 <-> POLICY-SPAM Fake account validable email phishing attempt
* 1:24339 <-> SERVER-WEBAPP Multiple products XML external entity parsing information disclosure attempt * 1:60885 <-> SERVER-WEBAPP Nostromo httpd directory traversal attempt
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.44.0.
The format of the file is:
gid:sid <-> Message
* 1:301124 <-> MALWARE-OTHER Win.Loader.Agent variant download attempt * 1:64463 <-> SERVER-WEBAPP Nostromo httpd directory traversal attempt * 1:64464 <-> SERVER-WEBAPP Nostromo httpd directory traversal attempt * 1:64465 <-> MALWARE-CNC Win.Trojan.KoiStealer outbound connection attempt * 1:64466 <-> MALWARE-CNC Win.Trojan.KoiStealer outbound connection attempt * 1:64467 <-> MALWARE-CNC Win.Trojan.KoiStealer outbound connection attempt * 1:64468 <-> POLICY-SPAM Fake account validable email phishing attempt
* 1:24339 <-> SERVER-WEBAPP Multiple products XML external entity parsing information disclosure attempt * 1:60885 <-> SERVER-WEBAPP Nostromo httpd directory traversal attempt
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.47.0.
The format of the file is:
gid:sid <-> Message
* 1:301124 <-> MALWARE-OTHER Win.Loader.Agent variant download attempt * 1:64463 <-> SERVER-WEBAPP Nostromo httpd directory traversal attempt * 1:64464 <-> SERVER-WEBAPP Nostromo httpd directory traversal attempt * 1:64465 <-> MALWARE-CNC Win.Trojan.KoiStealer outbound connection attempt * 1:64466 <-> MALWARE-CNC Win.Trojan.KoiStealer outbound connection attempt * 1:64467 <-> MALWARE-CNC Win.Trojan.KoiStealer outbound connection attempt * 1:64468 <-> POLICY-SPAM Fake account validable email phishing attempt
* 1:24339 <-> SERVER-WEBAPP Multiple products XML external entity parsing information disclosure attempt * 1:60885 <-> SERVER-WEBAPP Nostromo httpd directory traversal attempt
©2025 Cisco and/or its affiliates. Snort, the Snort and Pig logo are registered trademarks of Cisco. All rights reserved.
