Talos Rules 2019-03-08
This release adds and modifies rules.

Talos has added and modified multiple rules in the malware-cnc rule sets to provide coverage for emerging threats from these technologies.

Change logs

2019-03-08 21:06:29 UTC

Snort Subscriber Rules Update

Date: 2019-03-08

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091200.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:49361 <-> ENABLED <-> BROWSER-CHROME Google Chrome FileReader use after free attempt (browser-chrome.rules)
 * 1:49360 <-> ENABLED <-> BROWSER-CHROME Google Chrome FileReader use after free attempt (browser-chrome.rules)
 * 1:49359 <-> ENABLED <-> MALWARE-CNC Win.Trojan.KerrDown download attempt (malware-cnc.rules)
 * 1:49358 <-> ENABLED <-> MALWARE-CNC Win.Trojan.KerrDown download attempt (malware-cnc.rules)
 * 1:49357 <-> ENABLED <-> MALWARE-CNC Win.Trojan.KerrDown download attempt (malware-cnc.rules)
 * 1:49356 <-> ENABLED <-> MALWARE-CNC Win.Trojan.KerrDown download attempt (malware-cnc.rules)
 * 1:49355 <-> ENABLED <-> MALWARE-CNC Win.Trojan.KerrDown variant outbound connection (malware-cnc.rules)
 * 1:49354 <-> ENABLED <-> MALWARE-CNC Win.Trojan.KerrDown variant outbound connection (malware-cnc.rules)

Modified Rules:



2019-03-08 21:06:29 UTC

Snort Subscriber Rules Update

Date: 2019-03-08

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091101.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:49361 <-> ENABLED <-> BROWSER-CHROME Google Chrome FileReader use after free attempt (browser-chrome.rules)
 * 1:49360 <-> ENABLED <-> BROWSER-CHROME Google Chrome FileReader use after free attempt (browser-chrome.rules)
 * 1:49355 <-> ENABLED <-> MALWARE-CNC Win.Trojan.KerrDown variant outbound connection (malware-cnc.rules)
 * 1:49356 <-> ENABLED <-> MALWARE-CNC Win.Trojan.KerrDown download attempt (malware-cnc.rules)
 * 1:49357 <-> ENABLED <-> MALWARE-CNC Win.Trojan.KerrDown download attempt (malware-cnc.rules)
 * 1:49358 <-> ENABLED <-> MALWARE-CNC Win.Trojan.KerrDown download attempt (malware-cnc.rules)
 * 1:49359 <-> ENABLED <-> MALWARE-CNC Win.Trojan.KerrDown download attempt (malware-cnc.rules)
 * 1:49354 <-> ENABLED <-> MALWARE-CNC Win.Trojan.KerrDown variant outbound connection (malware-cnc.rules)

Modified Rules:



2019-03-08 21:06:29 UTC

Snort Subscriber Rules Update

Date: 2019-03-08

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3000.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:49354 <-> ENABLED <-> MALWARE-CNC Win.Trojan.KerrDown variant outbound connection (snort3-malware-cnc.rules)
 * 1:49359 <-> ENABLED <-> MALWARE-CNC Win.Trojan.KerrDown download attempt (snort3-malware-cnc.rules)
 * 1:49360 <-> ENABLED <-> BROWSER-CHROME Google Chrome FileReader use after free attempt (snort3-browser-chrome.rules)
 * 1:49361 <-> ENABLED <-> BROWSER-CHROME Google Chrome FileReader use after free attempt (snort3-browser-chrome.rules)
 * 1:49355 <-> ENABLED <-> MALWARE-CNC Win.Trojan.KerrDown variant outbound connection (snort3-malware-cnc.rules)
 * 1:49356 <-> ENABLED <-> MALWARE-CNC Win.Trojan.KerrDown download attempt (snort3-malware-cnc.rules)
 * 1:49357 <-> ENABLED <-> MALWARE-CNC Win.Trojan.KerrDown download attempt (snort3-malware-cnc.rules)
 * 1:49358 <-> ENABLED <-> MALWARE-CNC Win.Trojan.KerrDown download attempt (snort3-malware-cnc.rules)

Modified Rules:



2019-03-08 21:06:29 UTC

Snort Subscriber Rules Update

Date: 2019-03-08

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2990.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:49355 <-> ENABLED <-> MALWARE-CNC Win.Trojan.KerrDown variant outbound connection (malware-cnc.rules)
 * 1:49361 <-> ENABLED <-> BROWSER-CHROME Google Chrome FileReader use after free attempt (browser-chrome.rules)
 * 1:49354 <-> ENABLED <-> MALWARE-CNC Win.Trojan.KerrDown variant outbound connection (malware-cnc.rules)
 * 1:49356 <-> ENABLED <-> MALWARE-CNC Win.Trojan.KerrDown download attempt (malware-cnc.rules)
 * 1:49357 <-> ENABLED <-> MALWARE-CNC Win.Trojan.KerrDown download attempt (malware-cnc.rules)
 * 1:49359 <-> ENABLED <-> MALWARE-CNC Win.Trojan.KerrDown download attempt (malware-cnc.rules)
 * 1:49358 <-> ENABLED <-> MALWARE-CNC Win.Trojan.KerrDown download attempt (malware-cnc.rules)
 * 1:49360 <-> ENABLED <-> BROWSER-CHROME Google Chrome FileReader use after free attempt (browser-chrome.rules)

Modified Rules:



2019-03-08 21:06:29 UTC

Snort Subscriber Rules Update

Date: 2019-03-08

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:49361 <-> ENABLED <-> BROWSER-CHROME Google Chrome FileReader use after free attempt (browser-chrome.rules)
 * 1:49360 <-> ENABLED <-> BROWSER-CHROME Google Chrome FileReader use after free attempt (browser-chrome.rules)
 * 1:49355 <-> ENABLED <-> MALWARE-CNC Win.Trojan.KerrDown variant outbound connection (malware-cnc.rules)
 * 1:49354 <-> ENABLED <-> MALWARE-CNC Win.Trojan.KerrDown variant outbound connection (malware-cnc.rules)
 * 1:49356 <-> ENABLED <-> MALWARE-CNC Win.Trojan.KerrDown download attempt (malware-cnc.rules)
 * 1:49357 <-> ENABLED <-> MALWARE-CNC Win.Trojan.KerrDown download attempt (malware-cnc.rules)
 * 1:49359 <-> ENABLED <-> MALWARE-CNC Win.Trojan.KerrDown download attempt (malware-cnc.rules)
 * 1:49358 <-> ENABLED <-> MALWARE-CNC Win.Trojan.KerrDown download attempt (malware-cnc.rules)

Modified Rules: