Talos Rules 2019-07-25
This release adds and modifies rules in several categories.

Talos has added and modified multiple rules in the malware-other, policy-other, protocol-scada, pua-other and server-webapp rule sets to provide coverage for emerging threats from these technologies.

For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.

Change logs

2019-07-25 12:12:26 UTC

Snort Subscriber Rules Update

Date: 2019-07-25

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091400.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:50794 <-> ENABLED <-> PUA-OTHER Unix.Trojan.CoinMiner attempted download (pua-other.rules)
 * 1:50781 <-> DISABLED <-> SERVER-OTHER InduSoft Web Studio remote code execution attempt (server-other.rules)
 * 1:50780 <-> DISABLED <-> POLICY-OTHER InduSoft Web Studio DBProcessCall remote connection open attempt (policy-other.rules)
 * 1:50779 <-> DISABLED <-> SERVER-WEBAPP Schneider Electric Quantum modicon ethernet module unauthenticated password reset attempt (server-webapp.rules)
 * 1:50796 <-> ENABLED <-> PUA-OTHER Win.Trojan.CoinMiner attempted download (pua-other.rules)
 * 1:50795 <-> ENABLED <-> PUA-OTHER Win.Trojan.CoinMiner attempted download (pua-other.rules)
 * 3:50785 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0861 attack attempt (server-webapp.rules)
 * 3:50783 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0861 attack attempt (server-webapp.rules)
 * 3:50793 <-> ENABLED <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2019-0871 attack attempt (protocol-scada.rules)
 * 3:50784 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0861 attack attempt (server-webapp.rules)
 * 3:50797 <-> ENABLED <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2019-0870 attack attempt (protocol-scada.rules)
 * 3:50786 <-> ENABLED <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2019-0872 attack attempt (protocol-scada.rules)
 * 3:50792 <-> ENABLED <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2019-0874 attack attempt (protocol-scada.rules)
 * 3:50791 <-> ENABLED <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2019-0873 attack attempt (protocol-scada.rules)
 * 3:50790 <-> ENABLED <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2019-0863 attack attempt (protocol-scada.rules)
 * 3:50789 <-> ENABLED <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2019-0862 attack attempt (protocol-scada.rules)
 * 3:50787 <-> ENABLED <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2019-0869 attack attempt (protocol-scada.rules)
 * 3:50788 <-> ENABLED <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2019-0862 attack attempt (protocol-scada.rules)
 * 3:50782 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0861 attack attempt (server-webapp.rules)

Modified Rules:


 * 1:47870 <-> ENABLED <-> MALWARE-OTHER Unix.Miner.Xbash variant dropped bash script (malware-other.rules)
 * 1:47871 <-> ENABLED <-> MALWARE-OTHER Unix.Miner.Xbash variant dropped bash script (malware-other.rules)
 * 1:47872 <-> ENABLED <-> MALWARE-OTHER Unix.Miner.Xbash variant dropped bash script (malware-other.rules)
 * 1:47873 <-> ENABLED <-> MALWARE-OTHER Unix.Miner.Xbash variant dropped bash script (malware-other.rules)

2019-07-25 12:12:26 UTC

Snort Subscriber Rules Update

Date: 2019-07-25

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091300.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:50796 <-> ENABLED <-> PUA-OTHER Win.Trojan.CoinMiner attempted download (pua-other.rules)
 * 1:50779 <-> DISABLED <-> SERVER-WEBAPP Schneider Electric Quantum modicon ethernet module unauthenticated password reset attempt (server-webapp.rules)
 * 1:50794 <-> ENABLED <-> PUA-OTHER Unix.Trojan.CoinMiner attempted download (pua-other.rules)
 * 1:50781 <-> DISABLED <-> SERVER-OTHER InduSoft Web Studio remote code execution attempt (server-other.rules)
 * 1:50780 <-> DISABLED <-> POLICY-OTHER InduSoft Web Studio DBProcessCall remote connection open attempt (policy-other.rules)
 * 1:50795 <-> ENABLED <-> PUA-OTHER Win.Trojan.CoinMiner attempted download (pua-other.rules)
 * 3:50789 <-> ENABLED <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2019-0862 attack attempt (protocol-scada.rules)
 * 3:50787 <-> ENABLED <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2019-0869 attack attempt (protocol-scada.rules)
 * 3:50783 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0861 attack attempt (server-webapp.rules)
 * 3:50797 <-> ENABLED <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2019-0870 attack attempt (protocol-scada.rules)
 * 3:50793 <-> ENABLED <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2019-0871 attack attempt (protocol-scada.rules)
 * 3:50782 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0861 attack attempt (server-webapp.rules)
 * 3:50790 <-> ENABLED <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2019-0863 attack attempt (protocol-scada.rules)
 * 3:50791 <-> ENABLED <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2019-0873 attack attempt (protocol-scada.rules)
 * 3:50792 <-> ENABLED <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2019-0874 attack attempt (protocol-scada.rules)
 * 3:50788 <-> ENABLED <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2019-0862 attack attempt (protocol-scada.rules)
 * 3:50784 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0861 attack attempt (server-webapp.rules)
 * 3:50786 <-> ENABLED <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2019-0872 attack attempt (protocol-scada.rules)
 * 3:50785 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0861 attack attempt (server-webapp.rules)

Modified Rules:


 * 1:47870 <-> ENABLED <-> MALWARE-OTHER Unix.Miner.Xbash variant dropped bash script (malware-other.rules)
 * 1:47871 <-> ENABLED <-> MALWARE-OTHER Unix.Miner.Xbash variant dropped bash script (malware-other.rules)
 * 1:47872 <-> ENABLED <-> MALWARE-OTHER Unix.Miner.Xbash variant dropped bash script (malware-other.rules)
 * 1:47873 <-> ENABLED <-> MALWARE-OTHER Unix.Miner.Xbash variant dropped bash script (malware-other.rules)

2019-07-25 12:12:26 UTC

Snort Subscriber Rules Update

Date: 2019-07-25

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091200.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:50780 <-> DISABLED <-> POLICY-OTHER InduSoft Web Studio DBProcessCall remote connection open attempt (policy-other.rules)
 * 1:50794 <-> ENABLED <-> PUA-OTHER Unix.Trojan.CoinMiner attempted download (pua-other.rules)
 * 1:50781 <-> DISABLED <-> SERVER-OTHER InduSoft Web Studio remote code execution attempt (server-other.rules)
 * 1:50796 <-> ENABLED <-> PUA-OTHER Win.Trojan.CoinMiner attempted download (pua-other.rules)
 * 1:50779 <-> DISABLED <-> SERVER-WEBAPP Schneider Electric Quantum modicon ethernet module unauthenticated password reset attempt (server-webapp.rules)
 * 1:50795 <-> ENABLED <-> PUA-OTHER Win.Trojan.CoinMiner attempted download (pua-other.rules)
 * 3:50784 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0861 attack attempt (server-webapp.rules)
 * 3:50793 <-> ENABLED <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2019-0871 attack attempt (protocol-scada.rules)
 * 3:50783 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0861 attack attempt (server-webapp.rules)
 * 3:50792 <-> ENABLED <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2019-0874 attack attempt (protocol-scada.rules)
 * 3:50787 <-> ENABLED <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2019-0869 attack attempt (protocol-scada.rules)
 * 3:50797 <-> ENABLED <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2019-0870 attack attempt (protocol-scada.rules)
 * 3:50782 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0861 attack attempt (server-webapp.rules)
 * 3:50788 <-> ENABLED <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2019-0862 attack attempt (protocol-scada.rules)
 * 3:50790 <-> ENABLED <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2019-0863 attack attempt (protocol-scada.rules)
 * 3:50791 <-> ENABLED <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2019-0873 attack attempt (protocol-scada.rules)
 * 3:50785 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0861 attack attempt (server-webapp.rules)
 * 3:50789 <-> ENABLED <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2019-0862 attack attempt (protocol-scada.rules)
 * 3:50786 <-> ENABLED <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2019-0872 attack attempt (protocol-scada.rules)

Modified Rules:


 * 1:47870 <-> ENABLED <-> MALWARE-OTHER Unix.Miner.Xbash variant dropped bash script (malware-other.rules)
 * 1:47871 <-> ENABLED <-> MALWARE-OTHER Unix.Miner.Xbash variant dropped bash script (malware-other.rules)
 * 1:47872 <-> ENABLED <-> MALWARE-OTHER Unix.Miner.Xbash variant dropped bash script (malware-other.rules)
 * 1:47873 <-> ENABLED <-> MALWARE-OTHER Unix.Miner.Xbash variant dropped bash script (malware-other.rules)

2019-07-25 12:12:26 UTC

Snort Subscriber Rules Update

Date: 2019-07-25

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091101.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:50794 <-> ENABLED <-> PUA-OTHER Unix.Trojan.CoinMiner attempted download (pua-other.rules)
 * 1:50779 <-> DISABLED <-> SERVER-WEBAPP Schneider Electric Quantum modicon ethernet module unauthenticated password reset attempt (server-webapp.rules)
 * 1:50781 <-> DISABLED <-> SERVER-OTHER InduSoft Web Studio remote code execution attempt (server-other.rules)
 * 1:50796 <-> ENABLED <-> PUA-OTHER Win.Trojan.CoinMiner attempted download (pua-other.rules)
 * 1:50795 <-> ENABLED <-> PUA-OTHER Win.Trojan.CoinMiner attempted download (pua-other.rules)
 * 1:50780 <-> DISABLED <-> POLICY-OTHER InduSoft Web Studio DBProcessCall remote connection open attempt (policy-other.rules)
 * 3:50797 <-> ENABLED <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2019-0870 attack attempt (protocol-scada.rules)
 * 3:50784 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0861 attack attempt (server-webapp.rules)
 * 3:50785 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0861 attack attempt (server-webapp.rules)
 * 3:50786 <-> ENABLED <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2019-0872 attack attempt (protocol-scada.rules)
 * 3:50783 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0861 attack attempt (server-webapp.rules)
 * 3:50793 <-> ENABLED <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2019-0871 attack attempt (protocol-scada.rules)
 * 3:50788 <-> ENABLED <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2019-0862 attack attempt (protocol-scada.rules)
 * 3:50787 <-> ENABLED <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2019-0869 attack attempt (protocol-scada.rules)
 * 3:50789 <-> ENABLED <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2019-0862 attack attempt (protocol-scada.rules)
 * 3:50792 <-> ENABLED <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2019-0874 attack attempt (protocol-scada.rules)
 * 3:50790 <-> ENABLED <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2019-0863 attack attempt (protocol-scada.rules)
 * 3:50791 <-> ENABLED <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2019-0873 attack attempt (protocol-scada.rules)
 * 3:50782 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0861 attack attempt (server-webapp.rules)

Modified Rules:


 * 1:47870 <-> ENABLED <-> MALWARE-OTHER Unix.Miner.Xbash variant dropped bash script (malware-other.rules)
 * 1:47871 <-> ENABLED <-> MALWARE-OTHER Unix.Miner.Xbash variant dropped bash script (malware-other.rules)
 * 1:47872 <-> ENABLED <-> MALWARE-OTHER Unix.Miner.Xbash variant dropped bash script (malware-other.rules)
 * 1:47873 <-> ENABLED <-> MALWARE-OTHER Unix.Miner.Xbash variant dropped bash script (malware-other.rules)

2019-07-25 12:12:26 UTC

Snort Subscriber Rules Update

Date: 2019-07-25

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3000.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:50780 <-> DISABLED <-> POLICY-OTHER InduSoft Web Studio DBProcessCall remote connection open attempt (snort3-policy-other.rules)
 * 1:50781 <-> DISABLED <-> SERVER-OTHER InduSoft Web Studio remote code execution attempt (snort3-server-other.rules)
 * 1:50796 <-> ENABLED <-> PUA-OTHER Win.Trojan.CoinMiner attempted download (snort3-pua-other.rules)
 * 1:50795 <-> ENABLED <-> PUA-OTHER Win.Trojan.CoinMiner attempted download (snort3-pua-other.rules)
 * 1:50794 <-> ENABLED <-> PUA-OTHER Unix.Trojan.CoinMiner attempted download (snort3-pua-other.rules)
 * 1:50779 <-> DISABLED <-> SERVER-WEBAPP Schneider Electric Quantum modicon ethernet module unauthenticated password reset attempt (snort3-server-webapp.rules)

Modified Rules:


 * 1:47873 <-> ENABLED <-> MALWARE-OTHER Unix.Miner.Xbash variant dropped bash script (snort3-malware-other.rules)
 * 1:47870 <-> ENABLED <-> MALWARE-OTHER Unix.Miner.Xbash variant dropped bash script (snort3-malware-other.rules)
 * 1:47871 <-> ENABLED <-> MALWARE-OTHER Unix.Miner.Xbash variant dropped bash script (snort3-malware-other.rules)
 * 1:47872 <-> ENABLED <-> MALWARE-OTHER Unix.Miner.Xbash variant dropped bash script (snort3-malware-other.rules)

2019-07-25 12:12:26 UTC

Snort Subscriber Rules Update

Date: 2019-07-25

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2990.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:50780 <-> DISABLED <-> POLICY-OTHER InduSoft Web Studio DBProcessCall remote connection open attempt (policy-other.rules)
 * 1:50795 <-> ENABLED <-> PUA-OTHER Win.Trojan.CoinMiner attempted download (pua-other.rules)
 * 1:50779 <-> DISABLED <-> SERVER-WEBAPP Schneider Electric Quantum modicon ethernet module unauthenticated password reset attempt (server-webapp.rules)
 * 1:50781 <-> DISABLED <-> SERVER-OTHER InduSoft Web Studio remote code execution attempt (server-other.rules)
 * 1:50796 <-> ENABLED <-> PUA-OTHER Win.Trojan.CoinMiner attempted download (pua-other.rules)
 * 1:50794 <-> ENABLED <-> PUA-OTHER Unix.Trojan.CoinMiner attempted download (pua-other.rules)
 * 3:50783 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0861 attack attempt (server-webapp.rules)
 * 3:50789 <-> ENABLED <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2019-0862 attack attempt (protocol-scada.rules)
 * 3:50782 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0861 attack attempt (server-webapp.rules)
 * 3:50793 <-> ENABLED <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2019-0871 attack attempt (protocol-scada.rules)
 * 3:50787 <-> ENABLED <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2019-0869 attack attempt (protocol-scada.rules)
 * 3:50788 <-> ENABLED <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2019-0862 attack attempt (protocol-scada.rules)
 * 3:50797 <-> ENABLED <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2019-0870 attack attempt (protocol-scada.rules)
 * 3:50786 <-> ENABLED <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2019-0872 attack attempt (protocol-scada.rules)
 * 3:50784 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0861 attack attempt (server-webapp.rules)
 * 3:50785 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0861 attack attempt (server-webapp.rules)
 * 3:50791 <-> ENABLED <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2019-0873 attack attempt (protocol-scada.rules)
 * 3:50792 <-> ENABLED <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2019-0874 attack attempt (protocol-scada.rules)
 * 3:50790 <-> ENABLED <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2019-0863 attack attempt (protocol-scada.rules)

Modified Rules:


 * 1:47870 <-> ENABLED <-> MALWARE-OTHER Unix.Miner.Xbash variant dropped bash script (malware-other.rules)
 * 1:47871 <-> ENABLED <-> MALWARE-OTHER Unix.Miner.Xbash variant dropped bash script (malware-other.rules)
 * 1:47872 <-> ENABLED <-> MALWARE-OTHER Unix.Miner.Xbash variant dropped bash script (malware-other.rules)
 * 1:47873 <-> ENABLED <-> MALWARE-OTHER Unix.Miner.Xbash variant dropped bash script (malware-other.rules)

2019-07-25 12:12:26 UTC

Snort Subscriber Rules Update

Date: 2019-07-25

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:50795 <-> ENABLED <-> PUA-OTHER Win.Trojan.CoinMiner attempted download (pua-other.rules)
 * 1:50780 <-> DISABLED <-> POLICY-OTHER InduSoft Web Studio DBProcessCall remote connection open attempt (policy-other.rules)
 * 1:50779 <-> DISABLED <-> SERVER-WEBAPP Schneider Electric Quantum modicon ethernet module unauthenticated password reset attempt (server-webapp.rules)
 * 1:50796 <-> ENABLED <-> PUA-OTHER Win.Trojan.CoinMiner attempted download (pua-other.rules)
 * 1:50781 <-> DISABLED <-> SERVER-OTHER InduSoft Web Studio remote code execution attempt (server-other.rules)
 * 1:50794 <-> ENABLED <-> PUA-OTHER Unix.Trojan.CoinMiner attempted download (pua-other.rules)
 * 3:50788 <-> ENABLED <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2019-0862 attack attempt (protocol-scada.rules)
 * 3:50783 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0861 attack attempt (server-webapp.rules)
 * 3:50787 <-> ENABLED <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2019-0869 attack attempt (protocol-scada.rules)
 * 3:50791 <-> ENABLED <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2019-0873 attack attempt (protocol-scada.rules)
 * 3:50790 <-> ENABLED <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2019-0863 attack attempt (protocol-scada.rules)
 * 3:50792 <-> ENABLED <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2019-0874 attack attempt (protocol-scada.rules)
 * 3:50785 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0861 attack attempt (server-webapp.rules)
 * 3:50782 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0861 attack attempt (server-webapp.rules)
 * 3:50786 <-> ENABLED <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2019-0872 attack attempt (protocol-scada.rules)
 * 3:50784 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0861 attack attempt (server-webapp.rules)
 * 3:50797 <-> ENABLED <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2019-0870 attack attempt (protocol-scada.rules)
 * 3:50793 <-> ENABLED <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2019-0871 attack attempt (protocol-scada.rules)
 * 3:50789 <-> ENABLED <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2019-0862 attack attempt (protocol-scada.rules)

Modified Rules:


 * 1:47870 <-> ENABLED <-> MALWARE-OTHER Unix.Miner.Xbash variant dropped bash script (malware-other.rules)
 * 1:47871 <-> ENABLED <-> MALWARE-OTHER Unix.Miner.Xbash variant dropped bash script (malware-other.rules)
 * 1:47872 <-> ENABLED <-> MALWARE-OTHER Unix.Miner.Xbash variant dropped bash script (malware-other.rules)
 * 1:47873 <-> ENABLED <-> MALWARE-OTHER Unix.Miner.Xbash variant dropped bash script (malware-other.rules)