Talos has added and modified multiple rules in the file-executable, file-other, indicator-compromise, malware-cnc, malware-other and server-webapp rule sets to provide coverage for emerging threats from these technologies.
For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2092000.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:64595 <-> DISABLED <-> INDICATOR-COMPROMISE XMRig cryptocurrency miner download attempt (indicator-compromise.rules) * 1:64596 <-> DISABLED <-> INDICATOR-COMPROMISE XMRig cryptocurrency miner download attempt (indicator-compromise.rules) * 1:64597 <-> DISABLED <-> SERVER-WEBAPP Paessler PRTG Network Monitor local file inclusion attempt (server-webapp.rules) * 1:64598 <-> DISABLED <-> SERVER-WEBAPP Zyxel DSL CPE OS command injection attempt (server-webapp.rules) * 1:64599 <-> DISABLED <-> SERVER-WEBAPP Zyxel DSL CPE OS command injection attempt (server-webapp.rules) * 1:64600 <-> ENABLED <-> SERVER-WEBAPP SimpleHelp directory traversal attempt (server-webapp.rules) * 1:64601 <-> ENABLED <-> MALWARE-OTHER Win.Loader.TetraLoader variant download attempt (malware-other.rules) * 1:64602 <-> ENABLED <-> MALWARE-OTHER Win.Loader.TetraLoader variant download attempt (malware-other.rules) * 1:64603 <-> ENABLED <-> MALWARE-OTHER Win.Loader.TetraLoader variant download attempt (malware-other.rules) * 1:64604 <-> ENABLED <-> MALWARE-OTHER Win.Loader.TetraLoader variant download attempt (malware-other.rules) * 1:64605 <-> ENABLED <-> MALWARE-OTHER Win.Loader.TetraLoader variant download attempt (malware-other.rules) * 1:64606 <-> ENABLED <-> MALWARE-OTHER Win.Loader.TetraLoader variant download attempt (malware-other.rules) * 1:64607 <-> ENABLED <-> MALWARE-OTHER Win.Shellcode.CobaltStrike variant download attempt (malware-other.rules) * 1:64608 <-> ENABLED <-> MALWARE-OTHER Win.Shellcode.CobaltStrike variant download attempt (malware-other.rules) * 1:64609 <-> ENABLED <-> MALWARE-CNC Win.Trojan.VShell variant outbound connection attempt (malware-cnc.rules) * 1:64610 <-> DISABLED <-> MALWARE-CNC Win.Trojan.SlowStepper variant outbound communication attempt (malware-cnc.rules) * 1:64611 <-> ENABLED <-> MALWARE-CNC Win.Trojan.SlowStepper variant outbound communication attempt (malware-cnc.rules) * 3:64612 <-> ENABLED <-> FILE-EXECUTABLE TRUFFLEHUNTER TALOS-2025-2151 attack attempt (file-executable.rules) * 3:64613 <-> ENABLED <-> FILE-EXECUTABLE TRUFFLEHUNTER TALOS-2025-2151 attack attempt (file-executable.rules)
* 1:52235 <-> DISABLED <-> SERVER-WEBAPP Wget HTTP non-200 negative chunk-size buffer overflow attempt (server-webapp.rules) * 1:64553 <-> DISABLED <-> FILE-OTHER ERDAS ERS Viewer ERM_convert_to_correct_webpath buffer overflow attempt (file-other.rules) * 1:64552 <-> DISABLED <-> FILE-OTHER ERDAS ERS Viewer ERM_convert_to_correct_webpath buffer overflow attempt (file-other.rules) * 1:52287 <-> DISABLED <-> SERVER-OTHER Hummingbird InetD LPD buffer overflow attempt (server-other.rules)
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2091900.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:64608 <-> ENABLED <-> MALWARE-OTHER Win.Shellcode.CobaltStrike variant download attempt (malware-other.rules) * 1:64599 <-> DISABLED <-> SERVER-WEBAPP Zyxel DSL CPE OS command injection attempt (server-webapp.rules) * 1:64607 <-> ENABLED <-> MALWARE-OTHER Win.Shellcode.CobaltStrike variant download attempt (malware-other.rules) * 1:64598 <-> DISABLED <-> SERVER-WEBAPP Zyxel DSL CPE OS command injection attempt (server-webapp.rules) * 1:64597 <-> DISABLED <-> SERVER-WEBAPP Paessler PRTG Network Monitor local file inclusion attempt (server-webapp.rules) * 1:64596 <-> DISABLED <-> INDICATOR-COMPROMISE XMRig cryptocurrency miner download attempt (indicator-compromise.rules) * 1:64595 <-> DISABLED <-> INDICATOR-COMPROMISE XMRig cryptocurrency miner download attempt (indicator-compromise.rules) * 1:64601 <-> ENABLED <-> MALWARE-OTHER Win.Loader.TetraLoader variant download attempt (malware-other.rules) * 1:64602 <-> ENABLED <-> MALWARE-OTHER Win.Loader.TetraLoader variant download attempt (malware-other.rules) * 1:64603 <-> ENABLED <-> MALWARE-OTHER Win.Loader.TetraLoader variant download attempt (malware-other.rules) * 1:64604 <-> ENABLED <-> MALWARE-OTHER Win.Loader.TetraLoader variant download attempt (malware-other.rules) * 1:64605 <-> ENABLED <-> MALWARE-OTHER Win.Loader.TetraLoader variant download attempt (malware-other.rules) * 1:64606 <-> ENABLED <-> MALWARE-OTHER Win.Loader.TetraLoader variant download attempt (malware-other.rules) * 1:64600 <-> ENABLED <-> SERVER-WEBAPP SimpleHelp directory traversal attempt (server-webapp.rules) * 1:64609 <-> ENABLED <-> MALWARE-CNC Win.Trojan.VShell variant outbound connection attempt (malware-cnc.rules) * 1:64610 <-> DISABLED <-> MALWARE-CNC Win.Trojan.SlowStepper variant outbound communication attempt (malware-cnc.rules) * 1:64611 <-> ENABLED <-> MALWARE-CNC Win.Trojan.SlowStepper variant outbound communication attempt (malware-cnc.rules) * 3:64612 <-> ENABLED <-> FILE-EXECUTABLE TRUFFLEHUNTER TALOS-2025-2151 attack attempt (file-executable.rules) * 3:64613 <-> ENABLED <-> FILE-EXECUTABLE TRUFFLEHUNTER TALOS-2025-2151 attack attempt (file-executable.rules)
* 1:64553 <-> DISABLED <-> FILE-OTHER ERDAS ERS Viewer ERM_convert_to_correct_webpath buffer overflow attempt (file-other.rules) * 1:52235 <-> DISABLED <-> SERVER-WEBAPP Wget HTTP non-200 negative chunk-size buffer overflow attempt (server-webapp.rules) * 1:64552 <-> DISABLED <-> FILE-OTHER ERDAS ERS Viewer ERM_convert_to_correct_webpath buffer overflow attempt (file-other.rules) * 1:52287 <-> DISABLED <-> SERVER-OTHER Hummingbird InetD LPD buffer overflow attempt (server-other.rules)
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2091801.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:64601 <-> ENABLED <-> MALWARE-OTHER Win.Loader.TetraLoader variant download attempt (malware-other.rules) * 1:64597 <-> DISABLED <-> SERVER-WEBAPP Paessler PRTG Network Monitor local file inclusion attempt (server-webapp.rules) * 1:64599 <-> DISABLED <-> SERVER-WEBAPP Zyxel DSL CPE OS command injection attempt (server-webapp.rules) * 1:64598 <-> DISABLED <-> SERVER-WEBAPP Zyxel DSL CPE OS command injection attempt (server-webapp.rules) * 1:64595 <-> DISABLED <-> INDICATOR-COMPROMISE XMRig cryptocurrency miner download attempt (indicator-compromise.rules) * 1:64604 <-> ENABLED <-> MALWARE-OTHER Win.Loader.TetraLoader variant download attempt (malware-other.rules) * 1:64605 <-> ENABLED <-> MALWARE-OTHER Win.Loader.TetraLoader variant download attempt (malware-other.rules) * 1:64607 <-> ENABLED <-> MALWARE-OTHER Win.Shellcode.CobaltStrike variant download attempt (malware-other.rules) * 1:64609 <-> ENABLED <-> MALWARE-CNC Win.Trojan.VShell variant outbound connection attempt (malware-cnc.rules) * 1:64610 <-> DISABLED <-> MALWARE-CNC Win.Trojan.SlowStepper variant outbound communication attempt (malware-cnc.rules) * 1:64608 <-> ENABLED <-> MALWARE-OTHER Win.Shellcode.CobaltStrike variant download attempt (malware-other.rules) * 1:64602 <-> ENABLED <-> MALWARE-OTHER Win.Loader.TetraLoader variant download attempt (malware-other.rules) * 1:64600 <-> ENABLED <-> SERVER-WEBAPP SimpleHelp directory traversal attempt (server-webapp.rules) * 1:64603 <-> ENABLED <-> MALWARE-OTHER Win.Loader.TetraLoader variant download attempt (malware-other.rules) * 1:64606 <-> ENABLED <-> MALWARE-OTHER Win.Loader.TetraLoader variant download attempt (malware-other.rules) * 1:64596 <-> DISABLED <-> INDICATOR-COMPROMISE XMRig cryptocurrency miner download attempt (indicator-compromise.rules) * 1:64611 <-> ENABLED <-> MALWARE-CNC Win.Trojan.SlowStepper variant outbound communication attempt (malware-cnc.rules) * 3:64612 <-> ENABLED <-> FILE-EXECUTABLE TRUFFLEHUNTER TALOS-2025-2151 attack attempt (file-executable.rules) * 3:64613 <-> ENABLED <-> FILE-EXECUTABLE TRUFFLEHUNTER TALOS-2025-2151 attack attempt (file-executable.rules)
* 1:52235 <-> DISABLED <-> SERVER-WEBAPP Wget HTTP non-200 negative chunk-size buffer overflow attempt (server-webapp.rules) * 1:52287 <-> DISABLED <-> SERVER-OTHER Hummingbird InetD LPD buffer overflow attempt (server-other.rules) * 1:64552 <-> DISABLED <-> FILE-OTHER ERDAS ERS Viewer ERM_convert_to_correct_webpath buffer overflow attempt (file-other.rules) * 1:64553 <-> DISABLED <-> FILE-OTHER ERDAS ERS Viewer ERM_convert_to_correct_webpath buffer overflow attempt (file-other.rules)
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2091701.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:64607 <-> ENABLED <-> MALWARE-OTHER Win.Shellcode.CobaltStrike variant download attempt (malware-other.rules) * 1:64608 <-> ENABLED <-> MALWARE-OTHER Win.Shellcode.CobaltStrike variant download attempt (malware-other.rules) * 1:64596 <-> DISABLED <-> INDICATOR-COMPROMISE XMRig cryptocurrency miner download attempt (indicator-compromise.rules) * 1:64599 <-> DISABLED <-> SERVER-WEBAPP Zyxel DSL CPE OS command injection attempt (server-webapp.rules) * 1:64609 <-> ENABLED <-> MALWARE-CNC Win.Trojan.VShell variant outbound connection attempt (malware-cnc.rules) * 1:64610 <-> DISABLED <-> MALWARE-CNC Win.Trojan.SlowStepper variant outbound communication attempt (malware-cnc.rules) * 1:64611 <-> ENABLED <-> MALWARE-CNC Win.Trojan.SlowStepper variant outbound communication attempt (malware-cnc.rules) * 1:64597 <-> DISABLED <-> SERVER-WEBAPP Paessler PRTG Network Monitor local file inclusion attempt (server-webapp.rules) * 1:64600 <-> ENABLED <-> SERVER-WEBAPP SimpleHelp directory traversal attempt (server-webapp.rules) * 1:64595 <-> DISABLED <-> INDICATOR-COMPROMISE XMRig cryptocurrency miner download attempt (indicator-compromise.rules) * 1:64605 <-> ENABLED <-> MALWARE-OTHER Win.Loader.TetraLoader variant download attempt (malware-other.rules) * 1:64604 <-> ENABLED <-> MALWARE-OTHER Win.Loader.TetraLoader variant download attempt (malware-other.rules) * 1:64606 <-> ENABLED <-> MALWARE-OTHER Win.Loader.TetraLoader variant download attempt (malware-other.rules) * 1:64601 <-> ENABLED <-> MALWARE-OTHER Win.Loader.TetraLoader variant download attempt (malware-other.rules) * 1:64602 <-> ENABLED <-> MALWARE-OTHER Win.Loader.TetraLoader variant download attempt (malware-other.rules) * 1:64603 <-> ENABLED <-> MALWARE-OTHER Win.Loader.TetraLoader variant download attempt (malware-other.rules) * 1:64598 <-> DISABLED <-> SERVER-WEBAPP Zyxel DSL CPE OS command injection attempt (server-webapp.rules) * 3:64612 <-> ENABLED <-> FILE-EXECUTABLE TRUFFLEHUNTER TALOS-2025-2151 attack attempt (file-executable.rules) * 3:64613 <-> ENABLED <-> FILE-EXECUTABLE TRUFFLEHUNTER TALOS-2025-2151 attack attempt (file-executable.rules)
* 1:64552 <-> DISABLED <-> FILE-OTHER ERDAS ERS Viewer ERM_convert_to_correct_webpath buffer overflow attempt (file-other.rules) * 1:64553 <-> DISABLED <-> FILE-OTHER ERDAS ERS Viewer ERM_convert_to_correct_webpath buffer overflow attempt (file-other.rules) * 1:52235 <-> DISABLED <-> SERVER-WEBAPP Wget HTTP non-200 negative chunk-size buffer overflow attempt (server-webapp.rules) * 1:52287 <-> DISABLED <-> SERVER-OTHER Hummingbird InetD LPD buffer overflow attempt (server-other.rules)
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2091700.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:64596 <-> DISABLED <-> INDICATOR-COMPROMISE XMRig cryptocurrency miner download attempt (indicator-compromise.rules) * 1:64609 <-> ENABLED <-> MALWARE-CNC Win.Trojan.VShell variant outbound connection attempt (malware-cnc.rules) * 1:64598 <-> DISABLED <-> SERVER-WEBAPP Zyxel DSL CPE OS command injection attempt (server-webapp.rules) * 1:64608 <-> ENABLED <-> MALWARE-OTHER Win.Shellcode.CobaltStrike variant download attempt (malware-other.rules) * 1:64610 <-> DISABLED <-> MALWARE-CNC Win.Trojan.SlowStepper variant outbound communication attempt (malware-cnc.rules) * 1:64599 <-> DISABLED <-> SERVER-WEBAPP Zyxel DSL CPE OS command injection attempt (server-webapp.rules) * 1:64595 <-> DISABLED <-> INDICATOR-COMPROMISE XMRig cryptocurrency miner download attempt (indicator-compromise.rules) * 1:64606 <-> ENABLED <-> MALWARE-OTHER Win.Loader.TetraLoader variant download attempt (malware-other.rules) * 1:64611 <-> ENABLED <-> MALWARE-CNC Win.Trojan.SlowStepper variant outbound communication attempt (malware-cnc.rules) * 1:64597 <-> DISABLED <-> SERVER-WEBAPP Paessler PRTG Network Monitor local file inclusion attempt (server-webapp.rules) * 1:64601 <-> ENABLED <-> MALWARE-OTHER Win.Loader.TetraLoader variant download attempt (malware-other.rules) * 1:64600 <-> ENABLED <-> SERVER-WEBAPP SimpleHelp directory traversal attempt (server-webapp.rules) * 1:64603 <-> ENABLED <-> MALWARE-OTHER Win.Loader.TetraLoader variant download attempt (malware-other.rules) * 1:64602 <-> ENABLED <-> MALWARE-OTHER Win.Loader.TetraLoader variant download attempt (malware-other.rules) * 1:64604 <-> ENABLED <-> MALWARE-OTHER Win.Loader.TetraLoader variant download attempt (malware-other.rules) * 1:64607 <-> ENABLED <-> MALWARE-OTHER Win.Shellcode.CobaltStrike variant download attempt (malware-other.rules) * 1:64605 <-> ENABLED <-> MALWARE-OTHER Win.Loader.TetraLoader variant download attempt (malware-other.rules) * 3:64612 <-> ENABLED <-> FILE-EXECUTABLE TRUFFLEHUNTER TALOS-2025-2151 attack attempt (file-executable.rules) * 3:64613 <-> ENABLED <-> FILE-EXECUTABLE TRUFFLEHUNTER TALOS-2025-2151 attack attempt (file-executable.rules)
* 1:52235 <-> DISABLED <-> SERVER-WEBAPP Wget HTTP non-200 negative chunk-size buffer overflow attempt (server-webapp.rules) * 1:64553 <-> DISABLED <-> FILE-OTHER ERDAS ERS Viewer ERM_convert_to_correct_webpath buffer overflow attempt (file-other.rules) * 1:64552 <-> DISABLED <-> FILE-OTHER ERDAS ERS Viewer ERM_convert_to_correct_webpath buffer overflow attempt (file-other.rules) * 1:52287 <-> DISABLED <-> SERVER-OTHER Hummingbird InetD LPD buffer overflow attempt (server-other.rules)
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2091601.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:64598 <-> DISABLED <-> SERVER-WEBAPP Zyxel DSL CPE OS command injection attempt (server-webapp.rules) * 1:64609 <-> ENABLED <-> MALWARE-CNC Win.Trojan.VShell variant outbound connection attempt (malware-cnc.rules) * 1:64608 <-> ENABLED <-> MALWARE-OTHER Win.Shellcode.CobaltStrike variant download attempt (malware-other.rules) * 1:64611 <-> ENABLED <-> MALWARE-CNC Win.Trojan.SlowStepper variant outbound communication attempt (malware-cnc.rules) * 1:64603 <-> ENABLED <-> MALWARE-OTHER Win.Loader.TetraLoader variant download attempt (malware-other.rules) * 1:64610 <-> DISABLED <-> MALWARE-CNC Win.Trojan.SlowStepper variant outbound communication attempt (malware-cnc.rules) * 1:64607 <-> ENABLED <-> MALWARE-OTHER Win.Shellcode.CobaltStrike variant download attempt (malware-other.rules) * 1:64595 <-> DISABLED <-> INDICATOR-COMPROMISE XMRig cryptocurrency miner download attempt (indicator-compromise.rules) * 1:64597 <-> DISABLED <-> SERVER-WEBAPP Paessler PRTG Network Monitor local file inclusion attempt (server-webapp.rules) * 1:64601 <-> ENABLED <-> MALWARE-OTHER Win.Loader.TetraLoader variant download attempt (malware-other.rules) * 1:64600 <-> ENABLED <-> SERVER-WEBAPP SimpleHelp directory traversal attempt (server-webapp.rules) * 1:64602 <-> ENABLED <-> MALWARE-OTHER Win.Loader.TetraLoader variant download attempt (malware-other.rules) * 1:64604 <-> ENABLED <-> MALWARE-OTHER Win.Loader.TetraLoader variant download attempt (malware-other.rules) * 1:64606 <-> ENABLED <-> MALWARE-OTHER Win.Loader.TetraLoader variant download attempt (malware-other.rules) * 1:64605 <-> ENABLED <-> MALWARE-OTHER Win.Loader.TetraLoader variant download attempt (malware-other.rules) * 1:64599 <-> DISABLED <-> SERVER-WEBAPP Zyxel DSL CPE OS command injection attempt (server-webapp.rules) * 1:64596 <-> DISABLED <-> INDICATOR-COMPROMISE XMRig cryptocurrency miner download attempt (indicator-compromise.rules) * 3:64612 <-> ENABLED <-> FILE-EXECUTABLE TRUFFLEHUNTER TALOS-2025-2151 attack attempt (file-executable.rules) * 3:64613 <-> ENABLED <-> FILE-EXECUTABLE TRUFFLEHUNTER TALOS-2025-2151 attack attempt (file-executable.rules)
* 1:52287 <-> DISABLED <-> SERVER-OTHER Hummingbird InetD LPD buffer overflow attempt (server-other.rules) * 1:52235 <-> DISABLED <-> SERVER-WEBAPP Wget HTTP non-200 negative chunk-size buffer overflow attempt (server-webapp.rules) * 1:64552 <-> DISABLED <-> FILE-OTHER ERDAS ERS Viewer ERM_convert_to_correct_webpath buffer overflow attempt (file-other.rules) * 1:64553 <-> DISABLED <-> FILE-OTHER ERDAS ERS Viewer ERM_convert_to_correct_webpath buffer overflow attempt (file-other.rules)
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2091600.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:64600 <-> ENABLED <-> SERVER-WEBAPP SimpleHelp directory traversal attempt (server-webapp.rules) * 1:64597 <-> DISABLED <-> SERVER-WEBAPP Paessler PRTG Network Monitor local file inclusion attempt (server-webapp.rules) * 1:64599 <-> DISABLED <-> SERVER-WEBAPP Zyxel DSL CPE OS command injection attempt (server-webapp.rules) * 1:64610 <-> DISABLED <-> MALWARE-CNC Win.Trojan.SlowStepper variant outbound communication attempt (malware-cnc.rules) * 1:64602 <-> ENABLED <-> MALWARE-OTHER Win.Loader.TetraLoader variant download attempt (malware-other.rules) * 1:64596 <-> DISABLED <-> INDICATOR-COMPROMISE XMRig cryptocurrency miner download attempt (indicator-compromise.rules) * 1:64601 <-> ENABLED <-> MALWARE-OTHER Win.Loader.TetraLoader variant download attempt (malware-other.rules) * 1:64598 <-> DISABLED <-> SERVER-WEBAPP Zyxel DSL CPE OS command injection attempt (server-webapp.rules) * 1:64603 <-> ENABLED <-> MALWARE-OTHER Win.Loader.TetraLoader variant download attempt (malware-other.rules) * 1:64604 <-> ENABLED <-> MALWARE-OTHER Win.Loader.TetraLoader variant download attempt (malware-other.rules) * 1:64606 <-> ENABLED <-> MALWARE-OTHER Win.Loader.TetraLoader variant download attempt (malware-other.rules) * 1:64605 <-> ENABLED <-> MALWARE-OTHER Win.Loader.TetraLoader variant download attempt (malware-other.rules) * 1:64595 <-> DISABLED <-> INDICATOR-COMPROMISE XMRig cryptocurrency miner download attempt (indicator-compromise.rules) * 1:64607 <-> ENABLED <-> MALWARE-OTHER Win.Shellcode.CobaltStrike variant download attempt (malware-other.rules) * 1:64608 <-> ENABLED <-> MALWARE-OTHER Win.Shellcode.CobaltStrike variant download attempt (malware-other.rules) * 1:64609 <-> ENABLED <-> MALWARE-CNC Win.Trojan.VShell variant outbound connection attempt (malware-cnc.rules) * 1:64611 <-> ENABLED <-> MALWARE-CNC Win.Trojan.SlowStepper variant outbound communication attempt (malware-cnc.rules) * 3:64612 <-> ENABLED <-> FILE-EXECUTABLE TRUFFLEHUNTER TALOS-2025-2151 attack attempt (file-executable.rules) * 3:64613 <-> ENABLED <-> FILE-EXECUTABLE TRUFFLEHUNTER TALOS-2025-2151 attack attempt (file-executable.rules)
* 1:52235 <-> DISABLED <-> SERVER-WEBAPP Wget HTTP non-200 negative chunk-size buffer overflow attempt (server-webapp.rules) * 1:52287 <-> DISABLED <-> SERVER-OTHER Hummingbird InetD LPD buffer overflow attempt (server-other.rules) * 1:64552 <-> DISABLED <-> FILE-OTHER ERDAS ERS Viewer ERM_convert_to_correct_webpath buffer overflow attempt (file-other.rules) * 1:64553 <-> DISABLED <-> FILE-OTHER ERDAS ERS Viewer ERM_convert_to_correct_webpath buffer overflow attempt (file-other.rules)
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2091501.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:64610 <-> DISABLED <-> MALWARE-CNC Win.Trojan.SlowStepper variant outbound communication attempt (malware-cnc.rules) * 1:64601 <-> ENABLED <-> MALWARE-OTHER Win.Loader.TetraLoader variant download attempt (malware-other.rules) * 1:64608 <-> ENABLED <-> MALWARE-OTHER Win.Shellcode.CobaltStrike variant download attempt (malware-other.rules) * 1:64599 <-> DISABLED <-> SERVER-WEBAPP Zyxel DSL CPE OS command injection attempt (server-webapp.rules) * 1:64609 <-> ENABLED <-> MALWARE-CNC Win.Trojan.VShell variant outbound connection attempt (malware-cnc.rules) * 1:64600 <-> ENABLED <-> SERVER-WEBAPP SimpleHelp directory traversal attempt (server-webapp.rules) * 1:64603 <-> ENABLED <-> MALWARE-OTHER Win.Loader.TetraLoader variant download attempt (malware-other.rules) * 1:64604 <-> ENABLED <-> MALWARE-OTHER Win.Loader.TetraLoader variant download attempt (malware-other.rules) * 1:64598 <-> DISABLED <-> SERVER-WEBAPP Zyxel DSL CPE OS command injection attempt (server-webapp.rules) * 1:64597 <-> DISABLED <-> SERVER-WEBAPP Paessler PRTG Network Monitor local file inclusion attempt (server-webapp.rules) * 1:64605 <-> ENABLED <-> MALWARE-OTHER Win.Loader.TetraLoader variant download attempt (malware-other.rules) * 1:64595 <-> DISABLED <-> INDICATOR-COMPROMISE XMRig cryptocurrency miner download attempt (indicator-compromise.rules) * 1:64611 <-> ENABLED <-> MALWARE-CNC Win.Trojan.SlowStepper variant outbound communication attempt (malware-cnc.rules) * 1:64606 <-> ENABLED <-> MALWARE-OTHER Win.Loader.TetraLoader variant download attempt (malware-other.rules) * 1:64596 <-> DISABLED <-> INDICATOR-COMPROMISE XMRig cryptocurrency miner download attempt (indicator-compromise.rules) * 1:64602 <-> ENABLED <-> MALWARE-OTHER Win.Loader.TetraLoader variant download attempt (malware-other.rules) * 1:64607 <-> ENABLED <-> MALWARE-OTHER Win.Shellcode.CobaltStrike variant download attempt (malware-other.rules) * 3:64613 <-> ENABLED <-> FILE-EXECUTABLE TRUFFLEHUNTER TALOS-2025-2151 attack attempt (file-executable.rules) * 3:64612 <-> ENABLED <-> FILE-EXECUTABLE TRUFFLEHUNTER TALOS-2025-2151 attack attempt (file-executable.rules)
* 1:52235 <-> DISABLED <-> SERVER-WEBAPP Wget HTTP non-200 negative chunk-size buffer overflow attempt (server-webapp.rules) * 1:52287 <-> DISABLED <-> SERVER-OTHER Hummingbird InetD LPD buffer overflow attempt (server-other.rules) * 1:64553 <-> DISABLED <-> FILE-OTHER ERDAS ERS Viewer ERM_convert_to_correct_webpath buffer overflow attempt (file-other.rules) * 1:64552 <-> DISABLED <-> FILE-OTHER ERDAS ERS Viewer ERM_convert_to_correct_webpath buffer overflow attempt (file-other.rules)
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2091401.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:64595 <-> DISABLED <-> INDICATOR-COMPROMISE XMRig cryptocurrency miner download attempt (indicator-compromise.rules) * 1:64609 <-> ENABLED <-> MALWARE-CNC Win.Trojan.VShell variant outbound connection attempt (malware-cnc.rules) * 1:64601 <-> ENABLED <-> MALWARE-OTHER Win.Loader.TetraLoader variant download attempt (malware-other.rules) * 1:64608 <-> ENABLED <-> MALWARE-OTHER Win.Shellcode.CobaltStrike variant download attempt (malware-other.rules) * 1:64597 <-> DISABLED <-> SERVER-WEBAPP Paessler PRTG Network Monitor local file inclusion attempt (server-webapp.rules) * 1:64598 <-> DISABLED <-> SERVER-WEBAPP Zyxel DSL CPE OS command injection attempt (server-webapp.rules) * 1:64610 <-> DISABLED <-> MALWARE-CNC Win.Trojan.SlowStepper variant outbound communication attempt (malware-cnc.rules) * 1:64606 <-> ENABLED <-> MALWARE-OTHER Win.Loader.TetraLoader variant download attempt (malware-other.rules) * 1:64596 <-> DISABLED <-> INDICATOR-COMPROMISE XMRig cryptocurrency miner download attempt (indicator-compromise.rules) * 1:64607 <-> ENABLED <-> MALWARE-OTHER Win.Shellcode.CobaltStrike variant download attempt (malware-other.rules) * 1:64600 <-> ENABLED <-> SERVER-WEBAPP SimpleHelp directory traversal attempt (server-webapp.rules) * 1:64602 <-> ENABLED <-> MALWARE-OTHER Win.Loader.TetraLoader variant download attempt (malware-other.rules) * 1:64603 <-> ENABLED <-> MALWARE-OTHER Win.Loader.TetraLoader variant download attempt (malware-other.rules) * 1:64604 <-> ENABLED <-> MALWARE-OTHER Win.Loader.TetraLoader variant download attempt (malware-other.rules) * 1:64605 <-> ENABLED <-> MALWARE-OTHER Win.Loader.TetraLoader variant download attempt (malware-other.rules) * 1:64599 <-> DISABLED <-> SERVER-WEBAPP Zyxel DSL CPE OS command injection attempt (server-webapp.rules) * 1:64611 <-> ENABLED <-> MALWARE-CNC Win.Trojan.SlowStepper variant outbound communication attempt (malware-cnc.rules) * 3:64613 <-> ENABLED <-> FILE-EXECUTABLE TRUFFLEHUNTER TALOS-2025-2151 attack attempt (file-executable.rules) * 3:64612 <-> ENABLED <-> FILE-EXECUTABLE TRUFFLEHUNTER TALOS-2025-2151 attack attempt (file-executable.rules)
* 1:52287 <-> DISABLED <-> SERVER-OTHER Hummingbird InetD LPD buffer overflow attempt (server-other.rules) * 1:52235 <-> DISABLED <-> SERVER-WEBAPP Wget HTTP non-200 negative chunk-size buffer overflow attempt (server-webapp.rules) * 1:64552 <-> DISABLED <-> FILE-OTHER ERDAS ERS Viewer ERM_convert_to_correct_webpath buffer overflow attempt (file-other.rules) * 1:64553 <-> DISABLED <-> FILE-OTHER ERDAS ERS Viewer ERM_convert_to_correct_webpath buffer overflow attempt (file-other.rules)
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2091300.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:64598 <-> DISABLED <-> SERVER-WEBAPP Zyxel DSL CPE OS command injection attempt (server-webapp.rules) * 1:64606 <-> ENABLED <-> MALWARE-OTHER Win.Loader.TetraLoader variant download attempt (malware-other.rules) * 1:64610 <-> DISABLED <-> MALWARE-CNC Win.Trojan.SlowStepper variant outbound communication attempt (malware-cnc.rules) * 1:64599 <-> DISABLED <-> SERVER-WEBAPP Zyxel DSL CPE OS command injection attempt (server-webapp.rules) * 1:64601 <-> ENABLED <-> MALWARE-OTHER Win.Loader.TetraLoader variant download attempt (malware-other.rules) * 1:64608 <-> ENABLED <-> MALWARE-OTHER Win.Shellcode.CobaltStrike variant download attempt (malware-other.rules) * 1:64611 <-> ENABLED <-> MALWARE-CNC Win.Trojan.SlowStepper variant outbound communication attempt (malware-cnc.rules) * 1:64595 <-> DISABLED <-> INDICATOR-COMPROMISE XMRig cryptocurrency miner download attempt (indicator-compromise.rules) * 1:64597 <-> DISABLED <-> SERVER-WEBAPP Paessler PRTG Network Monitor local file inclusion attempt (server-webapp.rules) * 1:64607 <-> ENABLED <-> MALWARE-OTHER Win.Shellcode.CobaltStrike variant download attempt (malware-other.rules) * 1:64609 <-> ENABLED <-> MALWARE-CNC Win.Trojan.VShell variant outbound connection attempt (malware-cnc.rules) * 1:64600 <-> ENABLED <-> SERVER-WEBAPP SimpleHelp directory traversal attempt (server-webapp.rules) * 1:64602 <-> ENABLED <-> MALWARE-OTHER Win.Loader.TetraLoader variant download attempt (malware-other.rules) * 1:64603 <-> ENABLED <-> MALWARE-OTHER Win.Loader.TetraLoader variant download attempt (malware-other.rules) * 1:64604 <-> ENABLED <-> MALWARE-OTHER Win.Loader.TetraLoader variant download attempt (malware-other.rules) * 1:64605 <-> ENABLED <-> MALWARE-OTHER Win.Loader.TetraLoader variant download attempt (malware-other.rules) * 1:64596 <-> DISABLED <-> INDICATOR-COMPROMISE XMRig cryptocurrency miner download attempt (indicator-compromise.rules) * 3:64612 <-> ENABLED <-> FILE-EXECUTABLE TRUFFLEHUNTER TALOS-2025-2151 attack attempt (file-executable.rules) * 3:64613 <-> ENABLED <-> FILE-EXECUTABLE TRUFFLEHUNTER TALOS-2025-2151 attack attempt (file-executable.rules)
* 1:64553 <-> DISABLED <-> FILE-OTHER ERDAS ERS Viewer ERM_convert_to_correct_webpath buffer overflow attempt (file-other.rules) * 1:52235 <-> DISABLED <-> SERVER-WEBAPP Wget HTTP non-200 negative chunk-size buffer overflow attempt (server-webapp.rules) * 1:64552 <-> DISABLED <-> FILE-OTHER ERDAS ERS Viewer ERM_convert_to_correct_webpath buffer overflow attempt (file-other.rules) * 1:52287 <-> DISABLED <-> SERVER-OTHER Hummingbird InetD LPD buffer overflow attempt (server-other.rules)
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2091101.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:64595 <-> DISABLED <-> INDICATOR-COMPROMISE XMRig cryptocurrency miner download attempt (indicator-compromise.rules) * 1:64605 <-> ENABLED <-> MALWARE-OTHER Win.Loader.TetraLoader variant download attempt (malware-other.rules) * 1:64598 <-> DISABLED <-> SERVER-WEBAPP Zyxel DSL CPE OS command injection attempt (server-webapp.rules) * 1:64611 <-> ENABLED <-> MALWARE-CNC Win.Trojan.SlowStepper variant outbound communication attempt (malware-cnc.rules) * 1:64607 <-> ENABLED <-> MALWARE-OTHER Win.Shellcode.CobaltStrike variant download attempt (malware-other.rules) * 1:64609 <-> ENABLED <-> MALWARE-CNC Win.Trojan.VShell variant outbound connection attempt (malware-cnc.rules) * 1:64610 <-> DISABLED <-> MALWARE-CNC Win.Trojan.SlowStepper variant outbound communication attempt (malware-cnc.rules) * 1:64608 <-> ENABLED <-> MALWARE-OTHER Win.Shellcode.CobaltStrike variant download attempt (malware-other.rules) * 1:64604 <-> ENABLED <-> MALWARE-OTHER Win.Loader.TetraLoader variant download attempt (malware-other.rules) * 1:64597 <-> DISABLED <-> SERVER-WEBAPP Paessler PRTG Network Monitor local file inclusion attempt (server-webapp.rules) * 1:64606 <-> ENABLED <-> MALWARE-OTHER Win.Loader.TetraLoader variant download attempt (malware-other.rules) * 1:64596 <-> DISABLED <-> INDICATOR-COMPROMISE XMRig cryptocurrency miner download attempt (indicator-compromise.rules) * 1:64603 <-> ENABLED <-> MALWARE-OTHER Win.Loader.TetraLoader variant download attempt (malware-other.rules) * 1:64599 <-> DISABLED <-> SERVER-WEBAPP Zyxel DSL CPE OS command injection attempt (server-webapp.rules) * 1:64602 <-> ENABLED <-> MALWARE-OTHER Win.Loader.TetraLoader variant download attempt (malware-other.rules) * 1:64600 <-> ENABLED <-> SERVER-WEBAPP SimpleHelp directory traversal attempt (server-webapp.rules) * 1:64601 <-> ENABLED <-> MALWARE-OTHER Win.Loader.TetraLoader variant download attempt (malware-other.rules) * 3:64612 <-> ENABLED <-> FILE-EXECUTABLE TRUFFLEHUNTER TALOS-2025-2151 attack attempt (file-executable.rules) * 3:64613 <-> ENABLED <-> FILE-EXECUTABLE TRUFFLEHUNTER TALOS-2025-2151 attack attempt (file-executable.rules)
* 1:64553 <-> DISABLED <-> FILE-OTHER ERDAS ERS Viewer ERM_convert_to_correct_webpath buffer overflow attempt (file-other.rules) * 1:52235 <-> DISABLED <-> SERVER-WEBAPP Wget HTTP non-200 negative chunk-size buffer overflow attempt (server-webapp.rules) * 1:64552 <-> DISABLED <-> FILE-OTHER ERDAS ERS Viewer ERM_convert_to_correct_webpath buffer overflow attempt (file-other.rules) * 1:52287 <-> DISABLED <-> SERVER-OTHER Hummingbird InetD LPD buffer overflow attempt (server-other.rules)
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.0.0.0.
The format of the file is:
gid:sid <-> Message
* 1:301149 <-> MALWARE-OTHER Win.Loader.TetraLoader variant download attempt * 1:301150 <-> MALWARE-OTHER Win.Loader.TetraLoader variant download attempt * 1:301151 <-> MALWARE-OTHER Win.Loader.TetraLoader variant download attempt * 1:301152 <-> MALWARE-OTHER Win.Shellcode.CobaltStrike variant download attempt * 1:64595 <-> INDICATOR-COMPROMISE XMRig cryptocurrency miner download attempt * 1:64596 <-> INDICATOR-COMPROMISE XMRig cryptocurrency miner download attempt * 1:64597 <-> SERVER-WEBAPP Paessler PRTG Network Monitor local file inclusion attempt * 1:64598 <-> SERVER-WEBAPP Zyxel DSL CPE OS command injection attempt * 1:64599 <-> SERVER-WEBAPP Zyxel DSL CPE OS command injection attempt * 1:64600 <-> SERVER-WEBAPP SimpleHelp directory traversal attempt * 1:64609 <-> MALWARE-CNC Win.Trojan.VShell variant outbound connection attempt * 1:64610 <-> MALWARE-CNC Win.Trojan.SlowStepper variant outbound communication attempt * 1:64611 <-> MALWARE-CNC Win.Trojan.SlowStepper variant outbound communication attempt * 3:64612 <-> FILE-EXECUTABLE TRUFFLEHUNTER TALOS-2025-2151 attack attempt * 3:64613 <-> FILE-EXECUTABLE TRUFFLEHUNTER TALOS-2025-2151 attack attempt
* 1:301142 <-> FILE-OTHER ERDAS ERS Viewer ERM_convert_to_correct_webpath buffer overflow attempt * 1:52235 <-> SERVER-WEBAPP Wget HTTP non-200 negative chunk-size buffer overflow attempt * 1:52287 <-> SERVER-OTHER Hummingbird InetD LPD buffer overflow attempt
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.0.3.1.
The format of the file is:
gid:sid <-> Message
* 1:301149 <-> MALWARE-OTHER Win.Loader.TetraLoader variant download attempt * 1:301150 <-> MALWARE-OTHER Win.Loader.TetraLoader variant download attempt * 1:301151 <-> MALWARE-OTHER Win.Loader.TetraLoader variant download attempt * 1:301152 <-> MALWARE-OTHER Win.Shellcode.CobaltStrike variant download attempt * 1:64595 <-> INDICATOR-COMPROMISE XMRig cryptocurrency miner download attempt * 1:64596 <-> INDICATOR-COMPROMISE XMRig cryptocurrency miner download attempt * 1:64597 <-> SERVER-WEBAPP Paessler PRTG Network Monitor local file inclusion attempt * 1:64598 <-> SERVER-WEBAPP Zyxel DSL CPE OS command injection attempt * 1:64599 <-> SERVER-WEBAPP Zyxel DSL CPE OS command injection attempt * 1:64600 <-> SERVER-WEBAPP SimpleHelp directory traversal attempt * 1:64609 <-> MALWARE-CNC Win.Trojan.VShell variant outbound connection attempt * 1:64610 <-> MALWARE-CNC Win.Trojan.SlowStepper variant outbound communication attempt * 1:64611 <-> MALWARE-CNC Win.Trojan.SlowStepper variant outbound communication attempt * 3:64612 <-> FILE-EXECUTABLE TRUFFLEHUNTER TALOS-2025-2151 attack attempt * 3:64613 <-> FILE-EXECUTABLE TRUFFLEHUNTER TALOS-2025-2151 attack attempt
* 1:301142 <-> FILE-OTHER ERDAS ERS Viewer ERM_convert_to_correct_webpath buffer overflow attempt * 1:52235 <-> SERVER-WEBAPP Wget HTTP non-200 negative chunk-size buffer overflow attempt * 1:52287 <-> SERVER-OTHER Hummingbird InetD LPD buffer overflow attempt
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.0.3.4.
The format of the file is:
gid:sid <-> Message
* 1:301149 <-> MALWARE-OTHER Win.Loader.TetraLoader variant download attempt * 1:301150 <-> MALWARE-OTHER Win.Loader.TetraLoader variant download attempt * 1:301151 <-> MALWARE-OTHER Win.Loader.TetraLoader variant download attempt * 1:301152 <-> MALWARE-OTHER Win.Shellcode.CobaltStrike variant download attempt * 1:64595 <-> INDICATOR-COMPROMISE XMRig cryptocurrency miner download attempt * 1:64596 <-> INDICATOR-COMPROMISE XMRig cryptocurrency miner download attempt * 1:64597 <-> SERVER-WEBAPP Paessler PRTG Network Monitor local file inclusion attempt * 1:64598 <-> SERVER-WEBAPP Zyxel DSL CPE OS command injection attempt * 1:64599 <-> SERVER-WEBAPP Zyxel DSL CPE OS command injection attempt * 1:64600 <-> SERVER-WEBAPP SimpleHelp directory traversal attempt * 1:64609 <-> MALWARE-CNC Win.Trojan.VShell variant outbound connection attempt * 1:64610 <-> MALWARE-CNC Win.Trojan.SlowStepper variant outbound communication attempt * 1:64611 <-> MALWARE-CNC Win.Trojan.SlowStepper variant outbound communication attempt * 3:64612 <-> FILE-EXECUTABLE TRUFFLEHUNTER TALOS-2025-2151 attack attempt * 3:64613 <-> FILE-EXECUTABLE TRUFFLEHUNTER TALOS-2025-2151 attack attempt
* 1:301142 <-> FILE-OTHER ERDAS ERS Viewer ERM_convert_to_correct_webpath buffer overflow attempt * 1:52235 <-> SERVER-WEBAPP Wget HTTP non-200 negative chunk-size buffer overflow attempt * 1:52287 <-> SERVER-OTHER Hummingbird InetD LPD buffer overflow attempt
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.0.0.
The format of the file is:
gid:sid <-> Message
* 1:301149 <-> MALWARE-OTHER Win.Loader.TetraLoader variant download attempt * 1:301150 <-> MALWARE-OTHER Win.Loader.TetraLoader variant download attempt * 1:301151 <-> MALWARE-OTHER Win.Loader.TetraLoader variant download attempt * 1:301152 <-> MALWARE-OTHER Win.Shellcode.CobaltStrike variant download attempt * 1:64595 <-> INDICATOR-COMPROMISE XMRig cryptocurrency miner download attempt * 1:64596 <-> INDICATOR-COMPROMISE XMRig cryptocurrency miner download attempt * 1:64597 <-> SERVER-WEBAPP Paessler PRTG Network Monitor local file inclusion attempt * 1:64598 <-> SERVER-WEBAPP Zyxel DSL CPE OS command injection attempt * 1:64599 <-> SERVER-WEBAPP Zyxel DSL CPE OS command injection attempt * 1:64600 <-> SERVER-WEBAPP SimpleHelp directory traversal attempt * 1:64609 <-> MALWARE-CNC Win.Trojan.VShell variant outbound connection attempt * 1:64610 <-> MALWARE-CNC Win.Trojan.SlowStepper variant outbound communication attempt * 1:64611 <-> MALWARE-CNC Win.Trojan.SlowStepper variant outbound communication attempt * 3:64612 <-> FILE-EXECUTABLE TRUFFLEHUNTER TALOS-2025-2151 attack attempt * 3:64613 <-> FILE-EXECUTABLE TRUFFLEHUNTER TALOS-2025-2151 attack attempt
* 1:301142 <-> FILE-OTHER ERDAS ERS Viewer ERM_convert_to_correct_webpath buffer overflow attempt * 1:52235 <-> SERVER-WEBAPP Wget HTTP non-200 negative chunk-size buffer overflow attempt * 1:52287 <-> SERVER-OTHER Hummingbird InetD LPD buffer overflow attempt
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.0.1.
The format of the file is:
gid:sid <-> Message
* 1:301149 <-> MALWARE-OTHER Win.Loader.TetraLoader variant download attempt * 1:301150 <-> MALWARE-OTHER Win.Loader.TetraLoader variant download attempt * 1:301151 <-> MALWARE-OTHER Win.Loader.TetraLoader variant download attempt * 1:301152 <-> MALWARE-OTHER Win.Shellcode.CobaltStrike variant download attempt * 1:64595 <-> INDICATOR-COMPROMISE XMRig cryptocurrency miner download attempt * 1:64596 <-> INDICATOR-COMPROMISE XMRig cryptocurrency miner download attempt * 1:64597 <-> SERVER-WEBAPP Paessler PRTG Network Monitor local file inclusion attempt * 1:64598 <-> SERVER-WEBAPP Zyxel DSL CPE OS command injection attempt * 1:64599 <-> SERVER-WEBAPP Zyxel DSL CPE OS command injection attempt * 1:64600 <-> SERVER-WEBAPP SimpleHelp directory traversal attempt * 1:64609 <-> MALWARE-CNC Win.Trojan.VShell variant outbound connection attempt * 1:64610 <-> MALWARE-CNC Win.Trojan.SlowStepper variant outbound communication attempt * 1:64611 <-> MALWARE-CNC Win.Trojan.SlowStepper variant outbound communication attempt * 3:64612 <-> FILE-EXECUTABLE TRUFFLEHUNTER TALOS-2025-2151 attack attempt * 3:64613 <-> FILE-EXECUTABLE TRUFFLEHUNTER TALOS-2025-2151 attack attempt
* 1:301142 <-> FILE-OTHER ERDAS ERS Viewer ERM_convert_to_correct_webpath buffer overflow attempt * 1:52235 <-> SERVER-WEBAPP Wget HTTP non-200 negative chunk-size buffer overflow attempt * 1:52287 <-> SERVER-OTHER Hummingbird InetD LPD buffer overflow attempt
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.1.0.
The format of the file is:
gid:sid <-> Message
* 1:301149 <-> MALWARE-OTHER Win.Loader.TetraLoader variant download attempt * 1:301150 <-> MALWARE-OTHER Win.Loader.TetraLoader variant download attempt * 1:301151 <-> MALWARE-OTHER Win.Loader.TetraLoader variant download attempt * 1:301152 <-> MALWARE-OTHER Win.Shellcode.CobaltStrike variant download attempt * 1:64595 <-> INDICATOR-COMPROMISE XMRig cryptocurrency miner download attempt * 1:64596 <-> INDICATOR-COMPROMISE XMRig cryptocurrency miner download attempt * 1:64597 <-> SERVER-WEBAPP Paessler PRTG Network Monitor local file inclusion attempt * 1:64598 <-> SERVER-WEBAPP Zyxel DSL CPE OS command injection attempt * 1:64599 <-> SERVER-WEBAPP Zyxel DSL CPE OS command injection attempt * 1:64600 <-> SERVER-WEBAPP SimpleHelp directory traversal attempt * 1:64609 <-> MALWARE-CNC Win.Trojan.VShell variant outbound connection attempt * 1:64610 <-> MALWARE-CNC Win.Trojan.SlowStepper variant outbound communication attempt * 1:64611 <-> MALWARE-CNC Win.Trojan.SlowStepper variant outbound communication attempt * 3:64612 <-> FILE-EXECUTABLE TRUFFLEHUNTER TALOS-2025-2151 attack attempt * 3:64613 <-> FILE-EXECUTABLE TRUFFLEHUNTER TALOS-2025-2151 attack attempt
* 1:301142 <-> FILE-OTHER ERDAS ERS Viewer ERM_convert_to_correct_webpath buffer overflow attempt * 1:52235 <-> SERVER-WEBAPP Wget HTTP non-200 negative chunk-size buffer overflow attempt * 1:52287 <-> SERVER-OTHER Hummingbird InetD LPD buffer overflow attempt
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.3.0.
The format of the file is:
gid:sid <-> Message
* 1:301149 <-> MALWARE-OTHER Win.Loader.TetraLoader variant download attempt * 1:301150 <-> MALWARE-OTHER Win.Loader.TetraLoader variant download attempt * 1:301151 <-> MALWARE-OTHER Win.Loader.TetraLoader variant download attempt * 1:301152 <-> MALWARE-OTHER Win.Shellcode.CobaltStrike variant download attempt * 1:64595 <-> INDICATOR-COMPROMISE XMRig cryptocurrency miner download attempt * 1:64596 <-> INDICATOR-COMPROMISE XMRig cryptocurrency miner download attempt * 1:64597 <-> SERVER-WEBAPP Paessler PRTG Network Monitor local file inclusion attempt * 1:64598 <-> SERVER-WEBAPP Zyxel DSL CPE OS command injection attempt * 1:64599 <-> SERVER-WEBAPP Zyxel DSL CPE OS command injection attempt * 1:64600 <-> SERVER-WEBAPP SimpleHelp directory traversal attempt * 1:64609 <-> MALWARE-CNC Win.Trojan.VShell variant outbound connection attempt * 1:64610 <-> MALWARE-CNC Win.Trojan.SlowStepper variant outbound communication attempt * 1:64611 <-> MALWARE-CNC Win.Trojan.SlowStepper variant outbound communication attempt * 3:64612 <-> FILE-EXECUTABLE TRUFFLEHUNTER TALOS-2025-2151 attack attempt * 3:64613 <-> FILE-EXECUTABLE TRUFFLEHUNTER TALOS-2025-2151 attack attempt
* 1:301142 <-> FILE-OTHER ERDAS ERS Viewer ERM_convert_to_correct_webpath buffer overflow attempt * 1:52235 <-> SERVER-WEBAPP Wget HTTP non-200 negative chunk-size buffer overflow attempt * 1:52287 <-> SERVER-OTHER Hummingbird InetD LPD buffer overflow attempt
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.4.0.
The format of the file is:
gid:sid <-> Message
* 1:301149 <-> MALWARE-OTHER Win.Loader.TetraLoader variant download attempt * 1:301150 <-> MALWARE-OTHER Win.Loader.TetraLoader variant download attempt * 1:301151 <-> MALWARE-OTHER Win.Loader.TetraLoader variant download attempt * 1:301152 <-> MALWARE-OTHER Win.Shellcode.CobaltStrike variant download attempt * 1:64595 <-> INDICATOR-COMPROMISE XMRig cryptocurrency miner download attempt * 1:64596 <-> INDICATOR-COMPROMISE XMRig cryptocurrency miner download attempt * 1:64597 <-> SERVER-WEBAPP Paessler PRTG Network Monitor local file inclusion attempt * 1:64598 <-> SERVER-WEBAPP Zyxel DSL CPE OS command injection attempt * 1:64599 <-> SERVER-WEBAPP Zyxel DSL CPE OS command injection attempt * 1:64600 <-> SERVER-WEBAPP SimpleHelp directory traversal attempt * 1:64609 <-> MALWARE-CNC Win.Trojan.VShell variant outbound connection attempt * 1:64610 <-> MALWARE-CNC Win.Trojan.SlowStepper variant outbound communication attempt * 1:64611 <-> MALWARE-CNC Win.Trojan.SlowStepper variant outbound communication attempt * 3:64612 <-> FILE-EXECUTABLE TRUFFLEHUNTER TALOS-2025-2151 attack attempt * 3:64613 <-> FILE-EXECUTABLE TRUFFLEHUNTER TALOS-2025-2151 attack attempt
* 1:301142 <-> FILE-OTHER ERDAS ERS Viewer ERM_convert_to_correct_webpath buffer overflow attempt * 1:52235 <-> SERVER-WEBAPP Wget HTTP non-200 negative chunk-size buffer overflow attempt * 1:52287 <-> SERVER-OTHER Hummingbird InetD LPD buffer overflow attempt
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.5.0.
The format of the file is:
gid:sid <-> Message
* 1:301149 <-> MALWARE-OTHER Win.Loader.TetraLoader variant download attempt * 1:301150 <-> MALWARE-OTHER Win.Loader.TetraLoader variant download attempt * 1:301151 <-> MALWARE-OTHER Win.Loader.TetraLoader variant download attempt * 1:301152 <-> MALWARE-OTHER Win.Shellcode.CobaltStrike variant download attempt * 1:64595 <-> INDICATOR-COMPROMISE XMRig cryptocurrency miner download attempt * 1:64596 <-> INDICATOR-COMPROMISE XMRig cryptocurrency miner download attempt * 1:64597 <-> SERVER-WEBAPP Paessler PRTG Network Monitor local file inclusion attempt * 1:64598 <-> SERVER-WEBAPP Zyxel DSL CPE OS command injection attempt * 1:64599 <-> SERVER-WEBAPP Zyxel DSL CPE OS command injection attempt * 1:64600 <-> SERVER-WEBAPP SimpleHelp directory traversal attempt * 1:64609 <-> MALWARE-CNC Win.Trojan.VShell variant outbound connection attempt * 1:64610 <-> MALWARE-CNC Win.Trojan.SlowStepper variant outbound communication attempt * 1:64611 <-> MALWARE-CNC Win.Trojan.SlowStepper variant outbound communication attempt * 3:64612 <-> FILE-EXECUTABLE TRUFFLEHUNTER TALOS-2025-2151 attack attempt * 3:64613 <-> FILE-EXECUTABLE TRUFFLEHUNTER TALOS-2025-2151 attack attempt
* 1:301142 <-> FILE-OTHER ERDAS ERS Viewer ERM_convert_to_correct_webpath buffer overflow attempt * 1:52235 <-> SERVER-WEBAPP Wget HTTP non-200 negative chunk-size buffer overflow attempt * 1:52287 <-> SERVER-OTHER Hummingbird InetD LPD buffer overflow attempt
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.7.0.
The format of the file is:
gid:sid <-> Message
* 1:301149 <-> MALWARE-OTHER Win.Loader.TetraLoader variant download attempt * 1:301150 <-> MALWARE-OTHER Win.Loader.TetraLoader variant download attempt * 1:301151 <-> MALWARE-OTHER Win.Loader.TetraLoader variant download attempt * 1:301152 <-> MALWARE-OTHER Win.Shellcode.CobaltStrike variant download attempt * 1:64595 <-> INDICATOR-COMPROMISE XMRig cryptocurrency miner download attempt * 1:64596 <-> INDICATOR-COMPROMISE XMRig cryptocurrency miner download attempt * 1:64597 <-> SERVER-WEBAPP Paessler PRTG Network Monitor local file inclusion attempt * 1:64598 <-> SERVER-WEBAPP Zyxel DSL CPE OS command injection attempt * 1:64599 <-> SERVER-WEBAPP Zyxel DSL CPE OS command injection attempt * 1:64600 <-> SERVER-WEBAPP SimpleHelp directory traversal attempt * 1:64609 <-> MALWARE-CNC Win.Trojan.VShell variant outbound connection attempt * 1:64610 <-> MALWARE-CNC Win.Trojan.SlowStepper variant outbound communication attempt * 1:64611 <-> MALWARE-CNC Win.Trojan.SlowStepper variant outbound communication attempt * 3:64612 <-> FILE-EXECUTABLE TRUFFLEHUNTER TALOS-2025-2151 attack attempt * 3:64613 <-> FILE-EXECUTABLE TRUFFLEHUNTER TALOS-2025-2151 attack attempt
* 1:301142 <-> FILE-OTHER ERDAS ERS Viewer ERM_convert_to_correct_webpath buffer overflow attempt * 1:52235 <-> SERVER-WEBAPP Wget HTTP non-200 negative chunk-size buffer overflow attempt * 1:52287 <-> SERVER-OTHER Hummingbird InetD LPD buffer overflow attempt
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.9.0.
The format of the file is:
gid:sid <-> Message
* 1:301149 <-> MALWARE-OTHER Win.Loader.TetraLoader variant download attempt * 1:301150 <-> MALWARE-OTHER Win.Loader.TetraLoader variant download attempt * 1:301151 <-> MALWARE-OTHER Win.Loader.TetraLoader variant download attempt * 1:301152 <-> MALWARE-OTHER Win.Shellcode.CobaltStrike variant download attempt * 1:64595 <-> INDICATOR-COMPROMISE XMRig cryptocurrency miner download attempt * 1:64596 <-> INDICATOR-COMPROMISE XMRig cryptocurrency miner download attempt * 1:64597 <-> SERVER-WEBAPP Paessler PRTG Network Monitor local file inclusion attempt * 1:64598 <-> SERVER-WEBAPP Zyxel DSL CPE OS command injection attempt * 1:64599 <-> SERVER-WEBAPP Zyxel DSL CPE OS command injection attempt * 1:64600 <-> SERVER-WEBAPP SimpleHelp directory traversal attempt * 1:64609 <-> MALWARE-CNC Win.Trojan.VShell variant outbound connection attempt * 1:64610 <-> MALWARE-CNC Win.Trojan.SlowStepper variant outbound communication attempt * 1:64611 <-> MALWARE-CNC Win.Trojan.SlowStepper variant outbound communication attempt * 3:64612 <-> FILE-EXECUTABLE TRUFFLEHUNTER TALOS-2025-2151 attack attempt * 3:64613 <-> FILE-EXECUTABLE TRUFFLEHUNTER TALOS-2025-2151 attack attempt
* 1:301142 <-> FILE-OTHER ERDAS ERS Viewer ERM_convert_to_correct_webpath buffer overflow attempt * 1:52235 <-> SERVER-WEBAPP Wget HTTP non-200 negative chunk-size buffer overflow attempt * 1:52287 <-> SERVER-OTHER Hummingbird InetD LPD buffer overflow attempt
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.2.0.0.
The format of the file is:
gid:sid <-> Message
* 1:301149 <-> MALWARE-OTHER Win.Loader.TetraLoader variant download attempt * 1:301150 <-> MALWARE-OTHER Win.Loader.TetraLoader variant download attempt * 1:301151 <-> MALWARE-OTHER Win.Loader.TetraLoader variant download attempt * 1:301152 <-> MALWARE-OTHER Win.Shellcode.CobaltStrike variant download attempt * 1:64595 <-> INDICATOR-COMPROMISE XMRig cryptocurrency miner download attempt * 1:64596 <-> INDICATOR-COMPROMISE XMRig cryptocurrency miner download attempt * 1:64597 <-> SERVER-WEBAPP Paessler PRTG Network Monitor local file inclusion attempt * 1:64598 <-> SERVER-WEBAPP Zyxel DSL CPE OS command injection attempt * 1:64599 <-> SERVER-WEBAPP Zyxel DSL CPE OS command injection attempt * 1:64600 <-> SERVER-WEBAPP SimpleHelp directory traversal attempt * 1:64609 <-> MALWARE-CNC Win.Trojan.VShell variant outbound connection attempt * 1:64610 <-> MALWARE-CNC Win.Trojan.SlowStepper variant outbound communication attempt * 1:64611 <-> MALWARE-CNC Win.Trojan.SlowStepper variant outbound communication attempt * 3:64612 <-> FILE-EXECUTABLE TRUFFLEHUNTER TALOS-2025-2151 attack attempt * 3:64613 <-> FILE-EXECUTABLE TRUFFLEHUNTER TALOS-2025-2151 attack attempt
* 1:301142 <-> FILE-OTHER ERDAS ERS Viewer ERM_convert_to_correct_webpath buffer overflow attempt * 1:52235 <-> SERVER-WEBAPP Wget HTTP non-200 negative chunk-size buffer overflow attempt * 1:52287 <-> SERVER-OTHER Hummingbird InetD LPD buffer overflow attempt
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.7.0.0.
The format of the file is:
gid:sid <-> Message
* 1:301149 <-> MALWARE-OTHER Win.Loader.TetraLoader variant download attempt * 1:301150 <-> MALWARE-OTHER Win.Loader.TetraLoader variant download attempt * 1:301151 <-> MALWARE-OTHER Win.Loader.TetraLoader variant download attempt * 1:301152 <-> MALWARE-OTHER Win.Shellcode.CobaltStrike variant download attempt * 1:64595 <-> INDICATOR-COMPROMISE XMRig cryptocurrency miner download attempt * 1:64596 <-> INDICATOR-COMPROMISE XMRig cryptocurrency miner download attempt * 1:64597 <-> SERVER-WEBAPP Paessler PRTG Network Monitor local file inclusion attempt * 1:64598 <-> SERVER-WEBAPP Zyxel DSL CPE OS command injection attempt * 1:64599 <-> SERVER-WEBAPP Zyxel DSL CPE OS command injection attempt * 1:64600 <-> SERVER-WEBAPP SimpleHelp directory traversal attempt * 1:64609 <-> MALWARE-CNC Win.Trojan.VShell variant outbound connection attempt * 1:64610 <-> MALWARE-CNC Win.Trojan.SlowStepper variant outbound communication attempt * 1:64611 <-> MALWARE-CNC Win.Trojan.SlowStepper variant outbound communication attempt * 3:64612 <-> FILE-EXECUTABLE TRUFFLEHUNTER TALOS-2025-2151 attack attempt * 3:64613 <-> FILE-EXECUTABLE TRUFFLEHUNTER TALOS-2025-2151 attack attempt
* 1:301142 <-> FILE-OTHER ERDAS ERS Viewer ERM_convert_to_correct_webpath buffer overflow attempt * 1:52235 <-> SERVER-WEBAPP Wget HTTP non-200 negative chunk-size buffer overflow attempt * 1:52287 <-> SERVER-OTHER Hummingbird InetD LPD buffer overflow attempt
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.11.0.
The format of the file is:
gid:sid <-> Message
* 1:301149 <-> MALWARE-OTHER Win.Loader.TetraLoader variant download attempt * 1:301150 <-> MALWARE-OTHER Win.Loader.TetraLoader variant download attempt * 1:301151 <-> MALWARE-OTHER Win.Loader.TetraLoader variant download attempt * 1:301152 <-> MALWARE-OTHER Win.Shellcode.CobaltStrike variant download attempt * 1:64595 <-> INDICATOR-COMPROMISE XMRig cryptocurrency miner download attempt * 1:64596 <-> INDICATOR-COMPROMISE XMRig cryptocurrency miner download attempt * 1:64597 <-> SERVER-WEBAPP Paessler PRTG Network Monitor local file inclusion attempt * 1:64598 <-> SERVER-WEBAPP Zyxel DSL CPE OS command injection attempt * 1:64599 <-> SERVER-WEBAPP Zyxel DSL CPE OS command injection attempt * 1:64600 <-> SERVER-WEBAPP SimpleHelp directory traversal attempt * 1:64609 <-> MALWARE-CNC Win.Trojan.VShell variant outbound connection attempt * 1:64610 <-> MALWARE-CNC Win.Trojan.SlowStepper variant outbound communication attempt * 1:64611 <-> MALWARE-CNC Win.Trojan.SlowStepper variant outbound communication attempt * 3:64612 <-> FILE-EXECUTABLE TRUFFLEHUNTER TALOS-2025-2151 attack attempt * 3:64613 <-> FILE-EXECUTABLE TRUFFLEHUNTER TALOS-2025-2151 attack attempt
* 1:301142 <-> FILE-OTHER ERDAS ERS Viewer ERM_convert_to_correct_webpath buffer overflow attempt * 1:52235 <-> SERVER-WEBAPP Wget HTTP non-200 negative chunk-size buffer overflow attempt * 1:52287 <-> SERVER-OTHER Hummingbird InetD LPD buffer overflow attempt
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.15.0.
The format of the file is:
gid:sid <-> Message
* 1:301149 <-> MALWARE-OTHER Win.Loader.TetraLoader variant download attempt * 1:301150 <-> MALWARE-OTHER Win.Loader.TetraLoader variant download attempt * 1:301151 <-> MALWARE-OTHER Win.Loader.TetraLoader variant download attempt * 1:301152 <-> MALWARE-OTHER Win.Shellcode.CobaltStrike variant download attempt * 1:64595 <-> INDICATOR-COMPROMISE XMRig cryptocurrency miner download attempt * 1:64596 <-> INDICATOR-COMPROMISE XMRig cryptocurrency miner download attempt * 1:64597 <-> SERVER-WEBAPP Paessler PRTG Network Monitor local file inclusion attempt * 1:64598 <-> SERVER-WEBAPP Zyxel DSL CPE OS command injection attempt * 1:64599 <-> SERVER-WEBAPP Zyxel DSL CPE OS command injection attempt * 1:64600 <-> SERVER-WEBAPP SimpleHelp directory traversal attempt * 1:64609 <-> MALWARE-CNC Win.Trojan.VShell variant outbound connection attempt * 1:64610 <-> MALWARE-CNC Win.Trojan.SlowStepper variant outbound communication attempt * 1:64611 <-> MALWARE-CNC Win.Trojan.SlowStepper variant outbound communication attempt * 3:64612 <-> FILE-EXECUTABLE TRUFFLEHUNTER TALOS-2025-2151 attack attempt * 3:64613 <-> FILE-EXECUTABLE TRUFFLEHUNTER TALOS-2025-2151 attack attempt
* 1:301142 <-> FILE-OTHER ERDAS ERS Viewer ERM_convert_to_correct_webpath buffer overflow attempt * 1:52235 <-> SERVER-WEBAPP Wget HTTP non-200 negative chunk-size buffer overflow attempt * 1:52287 <-> SERVER-OTHER Hummingbird InetD LPD buffer overflow attempt
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.18.0.
The format of the file is:
gid:sid <-> Message
* 1:301149 <-> MALWARE-OTHER Win.Loader.TetraLoader variant download attempt * 1:301150 <-> MALWARE-OTHER Win.Loader.TetraLoader variant download attempt * 1:301151 <-> MALWARE-OTHER Win.Loader.TetraLoader variant download attempt * 1:301152 <-> MALWARE-OTHER Win.Shellcode.CobaltStrike variant download attempt * 1:64595 <-> INDICATOR-COMPROMISE XMRig cryptocurrency miner download attempt * 1:64596 <-> INDICATOR-COMPROMISE XMRig cryptocurrency miner download attempt * 1:64597 <-> SERVER-WEBAPP Paessler PRTG Network Monitor local file inclusion attempt * 1:64598 <-> SERVER-WEBAPP Zyxel DSL CPE OS command injection attempt * 1:64599 <-> SERVER-WEBAPP Zyxel DSL CPE OS command injection attempt * 1:64600 <-> SERVER-WEBAPP SimpleHelp directory traversal attempt * 1:64609 <-> MALWARE-CNC Win.Trojan.VShell variant outbound connection attempt * 1:64610 <-> MALWARE-CNC Win.Trojan.SlowStepper variant outbound communication attempt * 1:64611 <-> MALWARE-CNC Win.Trojan.SlowStepper variant outbound communication attempt * 3:64612 <-> FILE-EXECUTABLE TRUFFLEHUNTER TALOS-2025-2151 attack attempt * 3:64613 <-> FILE-EXECUTABLE TRUFFLEHUNTER TALOS-2025-2151 attack attempt
* 1:301142 <-> FILE-OTHER ERDAS ERS Viewer ERM_convert_to_correct_webpath buffer overflow attempt * 1:52235 <-> SERVER-WEBAPP Wget HTTP non-200 negative chunk-size buffer overflow attempt * 1:52287 <-> SERVER-OTHER Hummingbird InetD LPD buffer overflow attempt
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.20.0.
The format of the file is:
gid:sid <-> Message
* 1:301149 <-> MALWARE-OTHER Win.Loader.TetraLoader variant download attempt * 1:301150 <-> MALWARE-OTHER Win.Loader.TetraLoader variant download attempt * 1:301151 <-> MALWARE-OTHER Win.Loader.TetraLoader variant download attempt * 1:301152 <-> MALWARE-OTHER Win.Shellcode.CobaltStrike variant download attempt * 1:64595 <-> INDICATOR-COMPROMISE XMRig cryptocurrency miner download attempt * 1:64596 <-> INDICATOR-COMPROMISE XMRig cryptocurrency miner download attempt * 1:64597 <-> SERVER-WEBAPP Paessler PRTG Network Monitor local file inclusion attempt * 1:64598 <-> SERVER-WEBAPP Zyxel DSL CPE OS command injection attempt * 1:64599 <-> SERVER-WEBAPP Zyxel DSL CPE OS command injection attempt * 1:64600 <-> SERVER-WEBAPP SimpleHelp directory traversal attempt * 1:64609 <-> MALWARE-CNC Win.Trojan.VShell variant outbound connection attempt * 1:64610 <-> MALWARE-CNC Win.Trojan.SlowStepper variant outbound communication attempt * 1:64611 <-> MALWARE-CNC Win.Trojan.SlowStepper variant outbound communication attempt * 3:64612 <-> FILE-EXECUTABLE TRUFFLEHUNTER TALOS-2025-2151 attack attempt * 3:64613 <-> FILE-EXECUTABLE TRUFFLEHUNTER TALOS-2025-2151 attack attempt
* 1:301142 <-> FILE-OTHER ERDAS ERS Viewer ERM_convert_to_correct_webpath buffer overflow attempt * 1:52235 <-> SERVER-WEBAPP Wget HTTP non-200 negative chunk-size buffer overflow attempt * 1:52287 <-> SERVER-OTHER Hummingbird InetD LPD buffer overflow attempt
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.21.0.
The format of the file is:
gid:sid <-> Message
* 1:301149 <-> MALWARE-OTHER Win.Loader.TetraLoader variant download attempt * 1:301150 <-> MALWARE-OTHER Win.Loader.TetraLoader variant download attempt * 1:301151 <-> MALWARE-OTHER Win.Loader.TetraLoader variant download attempt * 1:301152 <-> MALWARE-OTHER Win.Shellcode.CobaltStrike variant download attempt * 1:64595 <-> INDICATOR-COMPROMISE XMRig cryptocurrency miner download attempt * 1:64596 <-> INDICATOR-COMPROMISE XMRig cryptocurrency miner download attempt * 1:64597 <-> SERVER-WEBAPP Paessler PRTG Network Monitor local file inclusion attempt * 1:64598 <-> SERVER-WEBAPP Zyxel DSL CPE OS command injection attempt * 1:64599 <-> SERVER-WEBAPP Zyxel DSL CPE OS command injection attempt * 1:64600 <-> SERVER-WEBAPP SimpleHelp directory traversal attempt * 1:64609 <-> MALWARE-CNC Win.Trojan.VShell variant outbound connection attempt * 1:64610 <-> MALWARE-CNC Win.Trojan.SlowStepper variant outbound communication attempt * 1:64611 <-> MALWARE-CNC Win.Trojan.SlowStepper variant outbound communication attempt * 3:64612 <-> FILE-EXECUTABLE TRUFFLEHUNTER TALOS-2025-2151 attack attempt * 3:64613 <-> FILE-EXECUTABLE TRUFFLEHUNTER TALOS-2025-2151 attack attempt
* 1:301142 <-> FILE-OTHER ERDAS ERS Viewer ERM_convert_to_correct_webpath buffer overflow attempt * 1:52235 <-> SERVER-WEBAPP Wget HTTP non-200 negative chunk-size buffer overflow attempt * 1:52287 <-> SERVER-OTHER Hummingbird InetD LPD buffer overflow attempt
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.35.0.
The format of the file is:
gid:sid <-> Message
* 1:301149 <-> MALWARE-OTHER Win.Loader.TetraLoader variant download attempt * 1:301150 <-> MALWARE-OTHER Win.Loader.TetraLoader variant download attempt * 1:301151 <-> MALWARE-OTHER Win.Loader.TetraLoader variant download attempt * 1:301152 <-> MALWARE-OTHER Win.Shellcode.CobaltStrike variant download attempt * 1:64595 <-> INDICATOR-COMPROMISE XMRig cryptocurrency miner download attempt * 1:64596 <-> INDICATOR-COMPROMISE XMRig cryptocurrency miner download attempt * 1:64597 <-> SERVER-WEBAPP Paessler PRTG Network Monitor local file inclusion attempt * 1:64598 <-> SERVER-WEBAPP Zyxel DSL CPE OS command injection attempt * 1:64599 <-> SERVER-WEBAPP Zyxel DSL CPE OS command injection attempt * 1:64600 <-> SERVER-WEBAPP SimpleHelp directory traversal attempt * 1:64609 <-> MALWARE-CNC Win.Trojan.VShell variant outbound connection attempt * 1:64610 <-> MALWARE-CNC Win.Trojan.SlowStepper variant outbound communication attempt * 1:64611 <-> MALWARE-CNC Win.Trojan.SlowStepper variant outbound communication attempt * 3:64612 <-> FILE-EXECUTABLE TRUFFLEHUNTER TALOS-2025-2151 attack attempt * 3:64613 <-> FILE-EXECUTABLE TRUFFLEHUNTER TALOS-2025-2151 attack attempt
* 1:301142 <-> FILE-OTHER ERDAS ERS Viewer ERM_convert_to_correct_webpath buffer overflow attempt * 1:52235 <-> SERVER-WEBAPP Wget HTTP non-200 negative chunk-size buffer overflow attempt * 1:52287 <-> SERVER-OTHER Hummingbird InetD LPD buffer overflow attempt
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.44.0.
The format of the file is:
gid:sid <-> Message
* 1:301149 <-> MALWARE-OTHER Win.Loader.TetraLoader variant download attempt * 1:301150 <-> MALWARE-OTHER Win.Loader.TetraLoader variant download attempt * 1:301151 <-> MALWARE-OTHER Win.Loader.TetraLoader variant download attempt * 1:301152 <-> MALWARE-OTHER Win.Shellcode.CobaltStrike variant download attempt * 1:64595 <-> INDICATOR-COMPROMISE XMRig cryptocurrency miner download attempt * 1:64596 <-> INDICATOR-COMPROMISE XMRig cryptocurrency miner download attempt * 1:64597 <-> SERVER-WEBAPP Paessler PRTG Network Monitor local file inclusion attempt * 1:64598 <-> SERVER-WEBAPP Zyxel DSL CPE OS command injection attempt * 1:64599 <-> SERVER-WEBAPP Zyxel DSL CPE OS command injection attempt * 1:64600 <-> SERVER-WEBAPP SimpleHelp directory traversal attempt * 1:64609 <-> MALWARE-CNC Win.Trojan.VShell variant outbound connection attempt * 1:64610 <-> MALWARE-CNC Win.Trojan.SlowStepper variant outbound communication attempt * 1:64611 <-> MALWARE-CNC Win.Trojan.SlowStepper variant outbound communication attempt * 3:64612 <-> FILE-EXECUTABLE TRUFFLEHUNTER TALOS-2025-2151 attack attempt * 3:64613 <-> FILE-EXECUTABLE TRUFFLEHUNTER TALOS-2025-2151 attack attempt
* 1:301142 <-> FILE-OTHER ERDAS ERS Viewer ERM_convert_to_correct_webpath buffer overflow attempt * 1:52235 <-> SERVER-WEBAPP Wget HTTP non-200 negative chunk-size buffer overflow attempt * 1:52287 <-> SERVER-OTHER Hummingbird InetD LPD buffer overflow attempt
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.47.0.
The format of the file is:
gid:sid <-> Message
* 1:301149 <-> MALWARE-OTHER Win.Loader.TetraLoader variant download attempt * 1:301150 <-> MALWARE-OTHER Win.Loader.TetraLoader variant download attempt * 1:301151 <-> MALWARE-OTHER Win.Loader.TetraLoader variant download attempt * 1:301152 <-> MALWARE-OTHER Win.Shellcode.CobaltStrike variant download attempt * 1:64595 <-> INDICATOR-COMPROMISE XMRig cryptocurrency miner download attempt * 1:64596 <-> INDICATOR-COMPROMISE XMRig cryptocurrency miner download attempt * 1:64597 <-> SERVER-WEBAPP Paessler PRTG Network Monitor local file inclusion attempt * 1:64598 <-> SERVER-WEBAPP Zyxel DSL CPE OS command injection attempt * 1:64599 <-> SERVER-WEBAPP Zyxel DSL CPE OS command injection attempt * 1:64600 <-> SERVER-WEBAPP SimpleHelp directory traversal attempt * 1:64609 <-> MALWARE-CNC Win.Trojan.VShell variant outbound connection attempt * 1:64610 <-> MALWARE-CNC Win.Trojan.SlowStepper variant outbound communication attempt * 1:64611 <-> MALWARE-CNC Win.Trojan.SlowStepper variant outbound communication attempt * 3:64612 <-> FILE-EXECUTABLE TRUFFLEHUNTER TALOS-2025-2151 attack attempt * 3:64613 <-> FILE-EXECUTABLE TRUFFLEHUNTER TALOS-2025-2151 attack attempt
* 1:301142 <-> FILE-OTHER ERDAS ERS Viewer ERM_convert_to_correct_webpath buffer overflow attempt * 1:52235 <-> SERVER-WEBAPP Wget HTTP non-200 negative chunk-size buffer overflow attempt * 1:52287 <-> SERVER-OTHER Hummingbird InetD LPD buffer overflow attempt
©2025 Cisco and/or its affiliates. Snort, the Snort and Pig logo are registered trademarks of Cisco. All rights reserved.
