Talos has added and modified multiple rules in the blacklist, malware-cnc, protocol-voip, pua-adware, server-other and server-webapp rule sets to provide coverage for emerging threats from these technologies.
For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2962.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:33859 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound communication attempt (malware-cnc.rules) * 1:33855 <-> DISABLED <-> SERVER-WEBAPP Wordpress Ultimate CSV Importer auth bypass export attempt (server-webapp.rules) * 1:33843 <-> ENABLED <-> BLACKLIST DNS request for known malware domain mifastubiv.ru - Win.Trojan.Poseidon (blacklist.rules) * 1:33847 <-> ENABLED <-> BLACKLIST DNS request for known malware domain kilaxuntf.ru - Win.Trojan.Poseidon (blacklist.rules) * 1:33839 <-> ENABLED <-> BLACKLIST DNS request for known malware domain linturefa.ru - Win.Trojan.Poseidon (blacklist.rules) * 1:33838 <-> ENABLED <-> BLACKLIST DNS request for known malware domain tabidzuwek.com - Win.Trojan.Poseidon (blacklist.rules) * 1:33834 <-> DISABLED <-> PUA-ADWARE User-Agent adware OutBrowse/Amonitize (pua-adware.rules) * 1:33837 <-> ENABLED <-> BLACKLIST DNS request for known malware domain xablopefgr.com - Win.Trojan.Poseidon (blacklist.rules) * 1:33833 <-> DISABLED <-> PUA-ADWARE User-Agent adware OutBrowse/Amonitize (pua-adware.rules) * 1:33831 <-> ENABLED <-> BLACKLIST User-Agent known malicious user agent DownloadMR - Solimba (blacklist.rules) * 1:33832 <-> DISABLED <-> SERVER-WEBAPP Seagate BlackArmor NAS getAlias.php command injection attempt (server-webapp.rules) * 1:33836 <-> ENABLED <-> BLACKLIST DNS request for known malware domain linturefa.com - Win.Trojan.Poseidon (blacklist.rules) * 1:33844 <-> ENABLED <-> BLACKLIST DNS request for known malware domain lacdileftre.ru - Win.Trojan.Poseidon (blacklist.rules) * 1:33867 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound communication attempt (malware-cnc.rules) * 1:33845 <-> ENABLED <-> BLACKLIST DNS request for known malware domain quartlet.com - Win.Trojan.Poseidon (blacklist.rules) * 1:33835 <-> DISABLED <-> PUA-ADWARE User-Agent adware OutBrowse/Amonitize (pua-adware.rules) * 1:33868 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound communication attempt (malware-cnc.rules) * 1:33840 <-> ENABLED <-> BLACKLIST DNS request for known malware domain xablopefgr.ru - Win.Trojan.Poseidon (blacklist.rules) * 1:33864 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound communication attempt (malware-cnc.rules) * 1:33863 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound communication attempt (malware-cnc.rules) * 1:33865 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound communication attempt (malware-cnc.rules) * 1:33860 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound communication attempt (malware-cnc.rules) * 1:33866 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound communication attempt (malware-cnc.rules) * 1:33849 <-> ENABLED <-> BLACKLIST DNS request for known malware domain fimzusoln.ru - Win.Trojan.Poseidon (blacklist.rules) * 1:33842 <-> ENABLED <-> BLACKLIST DNS request for known malware domain weksrubaz.ru - Win.Trojan.Poseidon (blacklist.rules) * 1:33850 <-> ENABLED <-> BLACKLIST DNS request for known malware domain wetguqan.ru - Win.Trojan.Poseidon (blacklist.rules) * 1:33852 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Poseidon outbound connection (malware-cnc.rules) * 1:33854 <-> ENABLED <-> MALWARE-CNC Win.Trojan.LogPOS variant outbound connection (malware-cnc.rules) * 1:33853 <-> DISABLED <-> SERVER-WEBAPP D-Link multiple products ping.cpp command injection attempt (server-webapp.rules) * 1:33851 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Poseidon outbound connection (malware-cnc.rules) * 1:33857 <-> ENABLED <-> MALWARE-CNC Win.Trojan.PwnPOS data exfiltration attempt (malware-cnc.rules) * 1:33856 <-> DISABLED <-> SERVER-WEBAPP Wordpress Holding Pattern theme file upload attempt (server-webapp.rules) * 1:33858 <-> DISABLED <-> SERVER-OTHER rsyslog remote PRI out of bounds attempt (server-other.rules) * 1:33861 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound communication attempt (malware-cnc.rules) * 1:33862 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound communication attempt (malware-cnc.rules) * 1:33846 <-> ENABLED <-> BLACKLIST DNS request for known malware domain horticartf.com - Win.Trojan.Poseidon (blacklist.rules) * 1:33848 <-> ENABLED <-> BLACKLIST DNS request for known malware domain dreplicag.ru - Win.Trojan.Poseidon (blacklist.rules) * 1:33841 <-> ENABLED <-> BLACKLIST DNS request for known malware domain tabidzuwek.ru - Win.Trojan.Poseidon (blacklist.rules) * 3:33871 <-> ENABLED <-> SERVER-WEBAPP Cisco TelePresence Video Communication Server authentication bypass attempt (server-webapp.rules) * 3:33869 <-> ENABLED <-> PROTOCOL-VOIP Cisco TelePresence Video Communication Server SDP media description denial of service attempt (protocol-voip.rules) * 3:33870 <-> ENABLED <-> PROTOCOL-VOIP Cisco TelePresence Video Communication Server SDP media description denial of service attempt (protocol-voip.rules)
* 1:33748 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound communication attempt (malware-cnc.rules) * 1:33753 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound communication attempt (malware-cnc.rules) * 1:33752 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound communication attempt (malware-cnc.rules) * 1:33755 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound communication attempt (malware-cnc.rules) * 1:19556 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Homa variant outbound connection (malware-cnc.rules) * 1:19484 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gh0st variant outbound connection (malware-cnc.rules) * 1:19555 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Small variant outbound connection (malware-cnc.rules) * 1:33746 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound communication attempt (malware-cnc.rules) * 1:33750 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound communication attempt (malware-cnc.rules) * 1:33747 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound communication attempt (malware-cnc.rules) * 1:31167 <-> DISABLED <-> PUA-ADWARE InstallRex bundled installer outbound activity (pua-adware.rules) * 1:27964 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Gh0st variant outbound connection (malware-cnc.rules) * 1:21232 <-> DISABLED <-> SERVER-OTHER Remote Desktop Protocol brute force attempt (server-other.rules) * 1:33749 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound communication attempt (malware-cnc.rules) * 1:33745 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound communication attempt (malware-cnc.rules) * 1:33754 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound communication attempt (malware-cnc.rules) * 1:33751 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound communication attempt (malware-cnc.rules) * 1:33826 <-> DISABLED <-> SERVER-SAMBA Samba smbd _netr_ServerPasswordSet deprecated vulnerable function access attempt (server-samba.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2970.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:33838 <-> ENABLED <-> BLACKLIST DNS request for known malware domain tabidzuwek.com - Win.Trojan.Poseidon (blacklist.rules) * 1:33839 <-> ENABLED <-> BLACKLIST DNS request for known malware domain linturefa.ru - Win.Trojan.Poseidon (blacklist.rules) * 1:33836 <-> ENABLED <-> BLACKLIST DNS request for known malware domain linturefa.com - Win.Trojan.Poseidon (blacklist.rules) * 1:33837 <-> ENABLED <-> BLACKLIST DNS request for known malware domain xablopefgr.com - Win.Trojan.Poseidon (blacklist.rules) * 1:33834 <-> DISABLED <-> PUA-ADWARE User-Agent adware OutBrowse/Amonitize (pua-adware.rules) * 1:33835 <-> DISABLED <-> PUA-ADWARE User-Agent adware OutBrowse/Amonitize (pua-adware.rules) * 1:33832 <-> DISABLED <-> SERVER-WEBAPP Seagate BlackArmor NAS getAlias.php command injection attempt (server-webapp.rules) * 1:33833 <-> DISABLED <-> PUA-ADWARE User-Agent adware OutBrowse/Amonitize (pua-adware.rules) * 1:33831 <-> ENABLED <-> BLACKLIST User-Agent known malicious user agent DownloadMR - Solimba (blacklist.rules) * 1:33844 <-> ENABLED <-> BLACKLIST DNS request for known malware domain lacdileftre.ru - Win.Trojan.Poseidon (blacklist.rules) * 1:33845 <-> ENABLED <-> BLACKLIST DNS request for known malware domain quartlet.com - Win.Trojan.Poseidon (blacklist.rules) * 1:33843 <-> ENABLED <-> BLACKLIST DNS request for known malware domain mifastubiv.ru - Win.Trojan.Poseidon (blacklist.rules) * 1:33842 <-> ENABLED <-> BLACKLIST DNS request for known malware domain weksrubaz.ru - Win.Trojan.Poseidon (blacklist.rules) * 1:33847 <-> ENABLED <-> BLACKLIST DNS request for known malware domain kilaxuntf.ru - Win.Trojan.Poseidon (blacklist.rules) * 1:33840 <-> ENABLED <-> BLACKLIST DNS request for known malware domain xablopefgr.ru - Win.Trojan.Poseidon (blacklist.rules) * 1:33848 <-> ENABLED <-> BLACKLIST DNS request for known malware domain dreplicag.ru - Win.Trojan.Poseidon (blacklist.rules) * 1:33849 <-> ENABLED <-> BLACKLIST DNS request for known malware domain fimzusoln.ru - Win.Trojan.Poseidon (blacklist.rules) * 1:33850 <-> ENABLED <-> BLACKLIST DNS request for known malware domain wetguqan.ru - Win.Trojan.Poseidon (blacklist.rules) * 1:33852 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Poseidon outbound connection (malware-cnc.rules) * 1:33853 <-> DISABLED <-> SERVER-WEBAPP D-Link multiple products ping.cpp command injection attempt (server-webapp.rules) * 1:33854 <-> ENABLED <-> MALWARE-CNC Win.Trojan.LogPOS variant outbound connection (malware-cnc.rules) * 1:33855 <-> DISABLED <-> SERVER-WEBAPP Wordpress Ultimate CSV Importer auth bypass export attempt (server-webapp.rules) * 1:33856 <-> DISABLED <-> SERVER-WEBAPP Wordpress Holding Pattern theme file upload attempt (server-webapp.rules) * 1:33851 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Poseidon outbound connection (malware-cnc.rules) * 1:33857 <-> ENABLED <-> MALWARE-CNC Win.Trojan.PwnPOS data exfiltration attempt (malware-cnc.rules) * 1:33859 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound communication attempt (malware-cnc.rules) * 1:33858 <-> DISABLED <-> SERVER-OTHER rsyslog remote PRI out of bounds attempt (server-other.rules) * 1:33860 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound communication attempt (malware-cnc.rules) * 1:33861 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound communication attempt (malware-cnc.rules) * 1:33862 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound communication attempt (malware-cnc.rules) * 1:33864 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound communication attempt (malware-cnc.rules) * 1:33863 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound communication attempt (malware-cnc.rules) * 1:33846 <-> ENABLED <-> BLACKLIST DNS request for known malware domain horticartf.com - Win.Trojan.Poseidon (blacklist.rules) * 1:33868 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound communication attempt (malware-cnc.rules) * 1:33867 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound communication attempt (malware-cnc.rules) * 1:33865 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound communication attempt (malware-cnc.rules) * 1:33841 <-> ENABLED <-> BLACKLIST DNS request for known malware domain tabidzuwek.ru - Win.Trojan.Poseidon (blacklist.rules) * 1:33866 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound communication attempt (malware-cnc.rules) * 3:33871 <-> ENABLED <-> SERVER-WEBAPP Cisco TelePresence Video Communication Server authentication bypass attempt (server-webapp.rules) * 3:33869 <-> ENABLED <-> PROTOCOL-VOIP Cisco TelePresence Video Communication Server SDP media description denial of service attempt (protocol-voip.rules) * 3:33870 <-> ENABLED <-> PROTOCOL-VOIP Cisco TelePresence Video Communication Server SDP media description denial of service attempt (protocol-voip.rules)
* 1:33755 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound communication attempt (malware-cnc.rules) * 1:33753 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound communication attempt (malware-cnc.rules) * 1:33754 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound communication attempt (malware-cnc.rules) * 1:33752 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound communication attempt (malware-cnc.rules) * 1:19556 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Homa variant outbound connection (malware-cnc.rules) * 1:19555 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Small variant outbound connection (malware-cnc.rules) * 1:19484 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gh0st variant outbound connection (malware-cnc.rules) * 1:31167 <-> DISABLED <-> PUA-ADWARE InstallRex bundled installer outbound activity (pua-adware.rules) * 1:33746 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound communication attempt (malware-cnc.rules) * 1:33745 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound communication attempt (malware-cnc.rules) * 1:33747 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound communication attempt (malware-cnc.rules) * 1:33749 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound communication attempt (malware-cnc.rules) * 1:27964 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Gh0st variant outbound connection (malware-cnc.rules) * 1:21232 <-> DISABLED <-> SERVER-OTHER Remote Desktop Protocol brute force attempt (server-other.rules) * 1:33750 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound communication attempt (malware-cnc.rules) * 1:33751 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound communication attempt (malware-cnc.rules) * 1:33826 <-> DISABLED <-> SERVER-SAMBA Samba smbd _netr_ServerPasswordSet deprecated vulnerable function access attempt (server-samba.rules) * 1:33748 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound communication attempt (malware-cnc.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2972.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:33868 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound communication attempt (malware-cnc.rules) * 1:33867 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound communication attempt (malware-cnc.rules) * 1:33866 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound communication attempt (malware-cnc.rules) * 1:33865 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound communication attempt (malware-cnc.rules) * 1:33864 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound communication attempt (malware-cnc.rules) * 1:33863 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound communication attempt (malware-cnc.rules) * 1:33862 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound communication attempt (malware-cnc.rules) * 1:33861 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound communication attempt (malware-cnc.rules) * 1:33860 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound communication attempt (malware-cnc.rules) * 1:33859 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound communication attempt (malware-cnc.rules) * 1:33858 <-> DISABLED <-> SERVER-OTHER rsyslog remote PRI out of bounds attempt (server-other.rules) * 1:33857 <-> ENABLED <-> MALWARE-CNC Win.Trojan.PwnPOS data exfiltration attempt (malware-cnc.rules) * 1:33856 <-> DISABLED <-> SERVER-WEBAPP Wordpress Holding Pattern theme file upload attempt (server-webapp.rules) * 1:33855 <-> DISABLED <-> SERVER-WEBAPP Wordpress Ultimate CSV Importer auth bypass export attempt (server-webapp.rules) * 1:33854 <-> ENABLED <-> MALWARE-CNC Win.Trojan.LogPOS variant outbound connection (malware-cnc.rules) * 1:33853 <-> DISABLED <-> SERVER-WEBAPP D-Link multiple products ping.cpp command injection attempt (server-webapp.rules) * 1:33852 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Poseidon outbound connection (malware-cnc.rules) * 1:33851 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Poseidon outbound connection (malware-cnc.rules) * 1:33850 <-> ENABLED <-> BLACKLIST DNS request for known malware domain wetguqan.ru - Win.Trojan.Poseidon (blacklist.rules) * 1:33849 <-> ENABLED <-> BLACKLIST DNS request for known malware domain fimzusoln.ru - Win.Trojan.Poseidon (blacklist.rules) * 1:33848 <-> ENABLED <-> BLACKLIST DNS request for known malware domain dreplicag.ru - Win.Trojan.Poseidon (blacklist.rules) * 1:33847 <-> ENABLED <-> BLACKLIST DNS request for known malware domain kilaxuntf.ru - Win.Trojan.Poseidon (blacklist.rules) * 1:33846 <-> ENABLED <-> BLACKLIST DNS request for known malware domain horticartf.com - Win.Trojan.Poseidon (blacklist.rules) * 1:33845 <-> ENABLED <-> BLACKLIST DNS request for known malware domain quartlet.com - Win.Trojan.Poseidon (blacklist.rules) * 1:33844 <-> ENABLED <-> BLACKLIST DNS request for known malware domain lacdileftre.ru - Win.Trojan.Poseidon (blacklist.rules) * 1:33843 <-> ENABLED <-> BLACKLIST DNS request for known malware domain mifastubiv.ru - Win.Trojan.Poseidon (blacklist.rules) * 1:33842 <-> ENABLED <-> BLACKLIST DNS request for known malware domain weksrubaz.ru - Win.Trojan.Poseidon (blacklist.rules) * 1:33841 <-> ENABLED <-> BLACKLIST DNS request for known malware domain tabidzuwek.ru - Win.Trojan.Poseidon (blacklist.rules) * 1:33840 <-> ENABLED <-> BLACKLIST DNS request for known malware domain xablopefgr.ru - Win.Trojan.Poseidon (blacklist.rules) * 1:33839 <-> ENABLED <-> BLACKLIST DNS request for known malware domain linturefa.ru - Win.Trojan.Poseidon (blacklist.rules) * 1:33838 <-> ENABLED <-> BLACKLIST DNS request for known malware domain tabidzuwek.com - Win.Trojan.Poseidon (blacklist.rules) * 1:33837 <-> ENABLED <-> BLACKLIST DNS request for known malware domain xablopefgr.com - Win.Trojan.Poseidon (blacklist.rules) * 1:33836 <-> ENABLED <-> BLACKLIST DNS request for known malware domain linturefa.com - Win.Trojan.Poseidon (blacklist.rules) * 1:33835 <-> DISABLED <-> PUA-ADWARE User-Agent adware OutBrowse/Amonitize (pua-adware.rules) * 1:33834 <-> DISABLED <-> PUA-ADWARE User-Agent adware OutBrowse/Amonitize (pua-adware.rules) * 1:33833 <-> DISABLED <-> PUA-ADWARE User-Agent adware OutBrowse/Amonitize (pua-adware.rules) * 1:33832 <-> DISABLED <-> SERVER-WEBAPP Seagate BlackArmor NAS getAlias.php command injection attempt (server-webapp.rules) * 1:33831 <-> ENABLED <-> BLACKLIST User-Agent known malicious user agent DownloadMR - Solimba (blacklist.rules) * 3:33871 <-> ENABLED <-> SERVER-WEBAPP Cisco TelePresence Video Communication Server authentication bypass attempt (server-webapp.rules) * 3:33870 <-> ENABLED <-> PROTOCOL-VOIP Cisco TelePresence Video Communication Server SDP media description denial of service attempt (protocol-voip.rules) * 3:33869 <-> ENABLED <-> PROTOCOL-VOIP Cisco TelePresence Video Communication Server SDP media description denial of service attempt (protocol-voip.rules)
* 1:19555 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Small variant outbound connection (malware-cnc.rules) * 1:19484 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gh0st variant outbound connection (malware-cnc.rules) * 1:21232 <-> DISABLED <-> SERVER-OTHER Remote Desktop Protocol brute force attempt (server-other.rules) * 1:27964 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Gh0st variant outbound connection (malware-cnc.rules) * 1:31167 <-> DISABLED <-> PUA-ADWARE InstallRex bundled installer outbound activity (pua-adware.rules) * 1:33745 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound communication attempt (malware-cnc.rules) * 1:33746 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound communication attempt (malware-cnc.rules) * 1:33747 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound communication attempt (malware-cnc.rules) * 1:33748 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound communication attempt (malware-cnc.rules) * 1:33749 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound communication attempt (malware-cnc.rules) * 1:33750 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound communication attempt (malware-cnc.rules) * 1:33751 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound communication attempt (malware-cnc.rules) * 1:33752 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound communication attempt (malware-cnc.rules) * 1:33753 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound communication attempt (malware-cnc.rules) * 1:33754 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound communication attempt (malware-cnc.rules) * 1:33755 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound communication attempt (malware-cnc.rules) * 1:33826 <-> DISABLED <-> SERVER-SAMBA Samba smbd _netr_ServerPasswordSet deprecated vulnerable function access attempt (server-samba.rules) * 1:19556 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Homa variant outbound connection (malware-cnc.rules)
©2024 Cisco and/or its affiliates. Snort, the Snort and Pig logo are registered trademarks of Cisco. All rights reserved.
