Talos Rules 2020-02-25
This release adds and modifies rules in several categories.

Talos has added and modified multiple rules in the file-identify, file-image, file-office, file-pdf, indicator-obfuscation, malware-cnc, malware-other, os-windows, policy-other, protocol-other, protocol-rpc and server-webapp rule sets to provide coverage for emerging threats from these technologies.

Change logs

2020-02-25 13:59:25 UTC

Snort Subscriber Rules Update

Date: 2020-02-25

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091501.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:53205 <-> DISABLED <-> INDICATOR-OBFUSCATION Win.Dropper.Vivin download attempt (indicator-obfuscation.rules)
 * 1:53204 <-> DISABLED <-> INDICATOR-OBFUSCATION Win.Dropper.Vivin download attempt (indicator-obfuscation.rules)
 * 1:53203 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Vivin download attempt (malware-other.rules)
 * 1:53221 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Aepwbrt-7594784-0 download attempt (malware-other.rules)
 * 1:53220 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Darkkomet-7594783-0 download attempt (malware-other.rules)
 * 1:53219 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Fakevimes-7594788-0 download attempt (malware-other.rules)
 * 1:53218 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Bifrost-7594716-0 download attempt (malware-other.rules)
 * 1:53217 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Bifrost-7594755-0 download attempt (malware-other.rules)
 * 1:53216 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Bifrost-7594703-0 download attempt (malware-other.rules)
 * 1:53215 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Bifrost-7594702-0 download attempt (malware-other.rules)
 * 1:53214 <-> DISABLED <-> PROTOCOL-OTHER Cesanta Mongoose MQTT integer overflow attempt (protocol-other.rules)
 * 1:53213 <-> ENABLED <-> PROTOCOL-OTHER MQTT Connect control packet detected (protocol-other.rules)
 * 1:53212 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.AZORult malicious executable download attempt (malware-other.rules)
 * 1:53211 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.AZORult malicious executable download attempt (malware-other.rules)
 * 1:53210 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.AZORult malicious executable download attempt (malware-other.rules)
 * 1:53209 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.AZORult malicious executable download attempt (malware-other.rules)
 * 1:53208 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.AZORult malicious executable download attempt (malware-other.rules)
 * 1:53207 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.AZORult malicious executable download attempt (malware-other.rules)
 * 1:53206 <-> DISABLED <-> SERVER-WEBAPP Microsoft SharePoint file upload information disclosure attempt (server-webapp.rules)
 * 1:53224 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Fakevimes-7594780-0 download attempt (malware-other.rules)
 * 1:53223 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Upatre-7594799-0 download attempt (malware-other.rules)
 * 1:53222 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Fakevimes-7594778-0 download attempt (malware-other.rules)
 * 1:53227 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594897-0 download attempt (malware-other.rules)
 * 1:53226 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594962-0 download attempt (malware-other.rules)
 * 1:53225 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594896-0 download attempt (malware-other.rules)
 * 1:53228 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594996-0 download attempt (malware-other.rules)
 * 1:53231 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594898-0 download attempt (malware-other.rules)
 * 1:53230 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594932-0 download attempt (malware-other.rules)
 * 1:53229 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594931-0 download attempt (malware-other.rules)
 * 1:53234 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594998-0 download attempt (malware-other.rules)
 * 1:53233 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594899-0 download attempt (malware-other.rules)
 * 1:53232 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594964-0 download attempt (malware-other.rules)
 * 1:53235 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594965-0 download attempt (malware-other.rules)
 * 1:53262 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.DarkVision RAT download attempt (malware-other.rules)
 * 1:53261 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.DarkVision RAT download attempt (malware-other.rules)
 * 1:53260 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.DarkVision RAT download attempt (malware-other.rules)
 * 1:53259 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594928-0 download attempt (malware-other.rules)
 * 1:53256 <-> ENABLED <-> SERVER-WEBAPP SQL Server Reporting Services web application remote code execution attempt (server-webapp.rules)
 * 1:53251 <-> DISABLED <-> POLICY-OTHER Oracle E-Business Suite TCF Server vulnerable function access attempt (policy-other.rules)
 * 1:53250 <-> DISABLED <-> POLICY-OTHER Oracle E-Business Suite TCF Server arbitrary SQL execution attempt (policy-other.rules)
 * 1:53249 <-> DISABLED <-> POLICY-OTHER Oracle E-Business Suite TCF Server access attempt (policy-other.rules)
 * 1:53248 <-> DISABLED <-> SERVER-WEBAPP OpenEMR command injection attempt (server-webapp.rules)
 * 1:53247 <-> DISABLED <-> SERVER-WEBAPP OpenEMR command injection attempt (server-webapp.rules)
 * 1:53246 <-> DISABLED <-> SERVER-WEBAPP OpenEMR command injection attempt (server-webapp.rules)
 * 1:53245 <-> DISABLED <-> SERVER-WEBAPP OpenEMR command injection attempt (server-webapp.rules)
 * 1:53244 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594972-0 download attempt (malware-other.rules)
 * 1:53243 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594977-0 download attempt (malware-other.rules)
 * 1:53242 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GDI information disclosure attempt (file-image.rules)
 * 1:53241 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GDI information disclosure attempt (file-image.rules)
 * 1:53240 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594967-0 download attempt (malware-other.rules)
 * 1:53239 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7595000-0 download attempt (malware-other.rules)
 * 1:53238 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594966-0 download attempt (malware-other.rules)
 * 1:53237 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594999-0 download attempt (malware-other.rules)
 * 1:53236 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594933-0 download attempt (malware-other.rules)
 * 1:53267 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594994-0 download attempt (malware-other.rules)
 * 1:53264 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DarkVision initial outbound CNC connection attempt (malware-cnc.rules)
 * 1:53263 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.DarkVision RAT download attempt (malware-other.rules)
 * 3:53252 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-1017 attack attempt (file-image.rules)
 * 3:53254 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-1017 attack attempt (file-image.rules)
 * 3:53255 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-1017 attack attempt (file-image.rules)
 * 3:53257 <-> ENABLED <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2020-1016 attack attempt (os-windows.rules)
 * 3:53258 <-> ENABLED <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2020-1016 attack attempt (os-windows.rules)
 * 3:53265 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1014 attack attempt (file-pdf.rules)
 * 3:53266 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1014 attack attempt (file-pdf.rules)
 * 3:53268 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2020-1015 attack attempt (file-office.rules)
 * 3:53269 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2020-1015 attack attempt (file-office.rules)
 * 3:53253 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-1017 attack attempt (file-image.rules)

Modified Rules:


 * 1:13696 <-> DISABLED <-> POLICY-OTHER TOR proxy connection initiation (policy-other.rules)
 * 1:21740 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media asx file attachment detected (file-identify.rules)
 * 1:21741 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media asx file attachment detected (file-identify.rules)
 * 1:34645 <-> DISABLED <-> SERVER-MAIL Exim buffer overflow attempt (server-mail.rules)
 * 1:585 <-> DISABLED <-> PROTOCOL-RPC Solaris UDP portmap sadmin port query request attempt (protocol-rpc.rules)

2020-02-25 13:59:25 UTC

Snort Subscriber Rules Update

Date: 2020-02-25

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091500.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:53247 <-> DISABLED <-> SERVER-WEBAPP OpenEMR command injection attempt (server-webapp.rules)
 * 1:53207 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.AZORult malicious executable download attempt (malware-other.rules)
 * 1:53220 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Darkkomet-7594783-0 download attempt (malware-other.rules)
 * 1:53209 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.AZORult malicious executable download attempt (malware-other.rules)
 * 1:53210 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.AZORult malicious executable download attempt (malware-other.rules)
 * 1:53205 <-> DISABLED <-> INDICATOR-OBFUSCATION Win.Dropper.Vivin download attempt (indicator-obfuscation.rules)
 * 1:53211 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.AZORult malicious executable download attempt (malware-other.rules)
 * 1:53212 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.AZORult malicious executable download attempt (malware-other.rules)
 * 1:53213 <-> ENABLED <-> PROTOCOL-OTHER MQTT Connect control packet detected (protocol-other.rules)
 * 1:53214 <-> DISABLED <-> PROTOCOL-OTHER Cesanta Mongoose MQTT integer overflow attempt (protocol-other.rules)
 * 1:53208 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.AZORult malicious executable download attempt (malware-other.rules)
 * 1:53215 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Bifrost-7594702-0 download attempt (malware-other.rules)
 * 1:53216 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Bifrost-7594703-0 download attempt (malware-other.rules)
 * 1:53217 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Bifrost-7594755-0 download attempt (malware-other.rules)
 * 1:53222 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Fakevimes-7594778-0 download attempt (malware-other.rules)
 * 1:53223 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Upatre-7594799-0 download attempt (malware-other.rules)
 * 1:53221 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Aepwbrt-7594784-0 download attempt (malware-other.rules)
 * 1:53226 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594962-0 download attempt (malware-other.rules)
 * 1:53227 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594897-0 download attempt (malware-other.rules)
 * 1:53228 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594996-0 download attempt (malware-other.rules)
 * 1:53229 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594931-0 download attempt (malware-other.rules)
 * 1:53230 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594932-0 download attempt (malware-other.rules)
 * 1:53231 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594898-0 download attempt (malware-other.rules)
 * 1:53232 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594964-0 download attempt (malware-other.rules)
 * 1:53233 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594899-0 download attempt (malware-other.rules)
 * 1:53234 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594998-0 download attempt (malware-other.rules)
 * 1:53235 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594965-0 download attempt (malware-other.rules)
 * 1:53236 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594933-0 download attempt (malware-other.rules)
 * 1:53237 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594999-0 download attempt (malware-other.rules)
 * 1:53238 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594966-0 download attempt (malware-other.rules)
 * 1:53239 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7595000-0 download attempt (malware-other.rules)
 * 1:53240 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594967-0 download attempt (malware-other.rules)
 * 1:53241 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GDI information disclosure attempt (file-image.rules)
 * 1:53242 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GDI information disclosure attempt (file-image.rules)
 * 1:53243 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594977-0 download attempt (malware-other.rules)
 * 1:53244 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594972-0 download attempt (malware-other.rules)
 * 1:53245 <-> DISABLED <-> SERVER-WEBAPP OpenEMR command injection attempt (server-webapp.rules)
 * 1:53224 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Fakevimes-7594780-0 download attempt (malware-other.rules)
 * 1:53263 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.DarkVision RAT download attempt (malware-other.rules)
 * 1:53262 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.DarkVision RAT download attempt (malware-other.rules)
 * 1:53261 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.DarkVision RAT download attempt (malware-other.rules)
 * 1:53260 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.DarkVision RAT download attempt (malware-other.rules)
 * 1:53259 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594928-0 download attempt (malware-other.rules)
 * 1:53256 <-> ENABLED <-> SERVER-WEBAPP SQL Server Reporting Services web application remote code execution attempt (server-webapp.rules)
 * 1:53206 <-> DISABLED <-> SERVER-WEBAPP Microsoft SharePoint file upload information disclosure attempt (server-webapp.rules)
 * 1:53251 <-> DISABLED <-> POLICY-OTHER Oracle E-Business Suite TCF Server vulnerable function access attempt (policy-other.rules)
 * 1:53250 <-> DISABLED <-> POLICY-OTHER Oracle E-Business Suite TCF Server arbitrary SQL execution attempt (policy-other.rules)
 * 1:53249 <-> DISABLED <-> POLICY-OTHER Oracle E-Business Suite TCF Server access attempt (policy-other.rules)
 * 1:53246 <-> DISABLED <-> SERVER-WEBAPP OpenEMR command injection attempt (server-webapp.rules)
 * 1:53203 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Vivin download attempt (malware-other.rules)
 * 1:53225 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594896-0 download attempt (malware-other.rules)
 * 1:53248 <-> DISABLED <-> SERVER-WEBAPP OpenEMR command injection attempt (server-webapp.rules)
 * 1:53267 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594994-0 download attempt (malware-other.rules)
 * 1:53264 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DarkVision initial outbound CNC connection attempt (malware-cnc.rules)
 * 1:53218 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Bifrost-7594716-0 download attempt (malware-other.rules)
 * 1:53219 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Fakevimes-7594788-0 download attempt (malware-other.rules)
 * 1:53204 <-> DISABLED <-> INDICATOR-OBFUSCATION Win.Dropper.Vivin download attempt (indicator-obfuscation.rules)
 * 3:53268 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2020-1015 attack attempt (file-office.rules)
 * 3:53253 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-1017 attack attempt (file-image.rules)
 * 3:53254 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-1017 attack attempt (file-image.rules)
 * 3:53257 <-> ENABLED <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2020-1016 attack attempt (os-windows.rules)
 * 3:53258 <-> ENABLED <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2020-1016 attack attempt (os-windows.rules)
 * 3:53265 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1014 attack attempt (file-pdf.rules)
 * 3:53269 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2020-1015 attack attempt (file-office.rules)
 * 3:53266 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1014 attack attempt (file-pdf.rules)
 * 3:53252 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-1017 attack attempt (file-image.rules)
 * 3:53255 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-1017 attack attempt (file-image.rules)

Modified Rules:


 * 1:13696 <-> DISABLED <-> POLICY-OTHER TOR proxy connection initiation (policy-other.rules)
 * 1:21740 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media asx file attachment detected (file-identify.rules)
 * 1:21741 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media asx file attachment detected (file-identify.rules)
 * 1:34645 <-> DISABLED <-> SERVER-MAIL Exim buffer overflow attempt (server-mail.rules)
 * 1:585 <-> DISABLED <-> PROTOCOL-RPC Solaris UDP portmap sadmin port query request attempt (protocol-rpc.rules)

2020-02-25 13:59:25 UTC

Snort Subscriber Rules Update

Date: 2020-02-25

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091401.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:53247 <-> DISABLED <-> SERVER-WEBAPP OpenEMR command injection attempt (server-webapp.rules)
 * 1:53241 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GDI information disclosure attempt (file-image.rules)
 * 1:53207 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.AZORult malicious executable download attempt (malware-other.rules)
 * 1:53267 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594994-0 download attempt (malware-other.rules)
 * 1:53264 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DarkVision initial outbound CNC connection attempt (malware-cnc.rules)
 * 1:53263 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.DarkVision RAT download attempt (malware-other.rules)
 * 1:53262 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.DarkVision RAT download attempt (malware-other.rules)
 * 1:53261 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.DarkVision RAT download attempt (malware-other.rules)
 * 1:53260 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.DarkVision RAT download attempt (malware-other.rules)
 * 1:53259 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594928-0 download attempt (malware-other.rules)
 * 1:53256 <-> ENABLED <-> SERVER-WEBAPP SQL Server Reporting Services web application remote code execution attempt (server-webapp.rules)
 * 1:53206 <-> DISABLED <-> SERVER-WEBAPP Microsoft SharePoint file upload information disclosure attempt (server-webapp.rules)
 * 1:53251 <-> DISABLED <-> POLICY-OTHER Oracle E-Business Suite TCF Server vulnerable function access attempt (policy-other.rules)
 * 1:53250 <-> DISABLED <-> POLICY-OTHER Oracle E-Business Suite TCF Server arbitrary SQL execution attempt (policy-other.rules)
 * 1:53249 <-> DISABLED <-> POLICY-OTHER Oracle E-Business Suite TCF Server access attempt (policy-other.rules)
 * 1:53210 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.AZORult malicious executable download attempt (malware-other.rules)
 * 1:53203 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Vivin download attempt (malware-other.rules)
 * 1:53220 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Darkkomet-7594783-0 download attempt (malware-other.rules)
 * 1:53209 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.AZORult malicious executable download attempt (malware-other.rules)
 * 1:53205 <-> DISABLED <-> INDICATOR-OBFUSCATION Win.Dropper.Vivin download attempt (indicator-obfuscation.rules)
 * 1:53246 <-> DISABLED <-> SERVER-WEBAPP OpenEMR command injection attempt (server-webapp.rules)
 * 1:53212 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.AZORult malicious executable download attempt (malware-other.rules)
 * 1:53211 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.AZORult malicious executable download attempt (malware-other.rules)
 * 1:53229 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594931-0 download attempt (malware-other.rules)
 * 1:53242 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GDI information disclosure attempt (file-image.rules)
 * 1:53213 <-> ENABLED <-> PROTOCOL-OTHER MQTT Connect control packet detected (protocol-other.rules)
 * 1:53214 <-> DISABLED <-> PROTOCOL-OTHER Cesanta Mongoose MQTT integer overflow attempt (protocol-other.rules)
 * 1:53215 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Bifrost-7594702-0 download attempt (malware-other.rules)
 * 1:53216 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Bifrost-7594703-0 download attempt (malware-other.rules)
 * 1:53217 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Bifrost-7594755-0 download attempt (malware-other.rules)
 * 1:53208 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.AZORult malicious executable download attempt (malware-other.rules)
 * 1:53221 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Aepwbrt-7594784-0 download attempt (malware-other.rules)
 * 1:53222 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Fakevimes-7594778-0 download attempt (malware-other.rules)
 * 1:53223 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Upatre-7594799-0 download attempt (malware-other.rules)
 * 1:53224 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Fakevimes-7594780-0 download attempt (malware-other.rules)
 * 1:53225 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594896-0 download attempt (malware-other.rules)
 * 1:53226 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594962-0 download attempt (malware-other.rules)
 * 1:53227 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594897-0 download attempt (malware-other.rules)
 * 1:53230 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594932-0 download attempt (malware-other.rules)
 * 1:53231 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594898-0 download attempt (malware-other.rules)
 * 1:53232 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594964-0 download attempt (malware-other.rules)
 * 1:53233 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594899-0 download attempt (malware-other.rules)
 * 1:53234 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594998-0 download attempt (malware-other.rules)
 * 1:53235 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594965-0 download attempt (malware-other.rules)
 * 1:53237 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594999-0 download attempt (malware-other.rules)
 * 1:53238 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594966-0 download attempt (malware-other.rules)
 * 1:53239 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7595000-0 download attempt (malware-other.rules)
 * 1:53243 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594977-0 download attempt (malware-other.rules)
 * 1:53228 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594996-0 download attempt (malware-other.rules)
 * 1:53244 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594972-0 download attempt (malware-other.rules)
 * 1:53245 <-> DISABLED <-> SERVER-WEBAPP OpenEMR command injection attempt (server-webapp.rules)
 * 1:53204 <-> DISABLED <-> INDICATOR-OBFUSCATION Win.Dropper.Vivin download attempt (indicator-obfuscation.rules)
 * 1:53248 <-> DISABLED <-> SERVER-WEBAPP OpenEMR command injection attempt (server-webapp.rules)
 * 1:53218 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Bifrost-7594716-0 download attempt (malware-other.rules)
 * 1:53219 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Fakevimes-7594788-0 download attempt (malware-other.rules)
 * 1:53236 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594933-0 download attempt (malware-other.rules)
 * 1:53240 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594967-0 download attempt (malware-other.rules)
 * 3:53253 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-1017 attack attempt (file-image.rules)
 * 3:53254 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-1017 attack attempt (file-image.rules)
 * 3:53255 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-1017 attack attempt (file-image.rules)
 * 3:53257 <-> ENABLED <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2020-1016 attack attempt (os-windows.rules)
 * 3:53258 <-> ENABLED <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2020-1016 attack attempt (os-windows.rules)
 * 3:53265 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1014 attack attempt (file-pdf.rules)
 * 3:53266 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1014 attack attempt (file-pdf.rules)
 * 3:53268 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2020-1015 attack attempt (file-office.rules)
 * 3:53269 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2020-1015 attack attempt (file-office.rules)
 * 3:53252 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-1017 attack attempt (file-image.rules)

Modified Rules:


 * 1:13696 <-> DISABLED <-> POLICY-OTHER TOR proxy connection initiation (policy-other.rules)
 * 1:21740 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media asx file attachment detected (file-identify.rules)
 * 1:21741 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media asx file attachment detected (file-identify.rules)
 * 1:34645 <-> DISABLED <-> SERVER-MAIL Exim buffer overflow attempt (server-mail.rules)
 * 1:585 <-> DISABLED <-> PROTOCOL-RPC Solaris UDP portmap sadmin port query request attempt (protocol-rpc.rules)

2020-02-25 13:59:25 UTC

Snort Subscriber Rules Update

Date: 2020-02-25

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091300.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:53249 <-> DISABLED <-> POLICY-OTHER Oracle E-Business Suite TCF Server access attempt (policy-other.rules)
 * 1:53215 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Bifrost-7594702-0 download attempt (malware-other.rules)
 * 1:53247 <-> DISABLED <-> SERVER-WEBAPP OpenEMR command injection attempt (server-webapp.rules)
 * 1:53263 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.DarkVision RAT download attempt (malware-other.rules)
 * 1:53212 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.AZORult malicious executable download attempt (malware-other.rules)
 * 1:53259 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594928-0 download attempt (malware-other.rules)
 * 1:53207 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.AZORult malicious executable download attempt (malware-other.rules)
 * 1:53220 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Darkkomet-7594783-0 download attempt (malware-other.rules)
 * 1:53209 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.AZORult malicious executable download attempt (malware-other.rules)
 * 1:53210 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.AZORult malicious executable download attempt (malware-other.rules)
 * 1:53244 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594972-0 download attempt (malware-other.rules)
 * 1:53205 <-> DISABLED <-> INDICATOR-OBFUSCATION Win.Dropper.Vivin download attempt (indicator-obfuscation.rules)
 * 1:53260 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.DarkVision RAT download attempt (malware-other.rules)
 * 1:53251 <-> DISABLED <-> POLICY-OTHER Oracle E-Business Suite TCF Server vulnerable function access attempt (policy-other.rules)
 * 1:53250 <-> DISABLED <-> POLICY-OTHER Oracle E-Business Suite TCF Server arbitrary SQL execution attempt (policy-other.rules)
 * 1:53261 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.DarkVision RAT download attempt (malware-other.rules)
 * 1:53267 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594994-0 download attempt (malware-other.rules)
 * 1:53203 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Vivin download attempt (malware-other.rules)
 * 1:53206 <-> DISABLED <-> SERVER-WEBAPP Microsoft SharePoint file upload information disclosure attempt (server-webapp.rules)
 * 1:53222 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Fakevimes-7594778-0 download attempt (malware-other.rules)
 * 1:53262 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.DarkVision RAT download attempt (malware-other.rules)
 * 1:53248 <-> DISABLED <-> SERVER-WEBAPP OpenEMR command injection attempt (server-webapp.rules)
 * 1:53214 <-> DISABLED <-> PROTOCOL-OTHER Cesanta Mongoose MQTT integer overflow attempt (protocol-other.rules)
 * 1:53243 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594977-0 download attempt (malware-other.rules)
 * 1:53211 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.AZORult malicious executable download attempt (malware-other.rules)
 * 1:53208 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.AZORult malicious executable download attempt (malware-other.rules)
 * 1:53217 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Bifrost-7594755-0 download attempt (malware-other.rules)
 * 1:53221 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Aepwbrt-7594784-0 download attempt (malware-other.rules)
 * 1:53245 <-> DISABLED <-> SERVER-WEBAPP OpenEMR command injection attempt (server-webapp.rules)
 * 1:53246 <-> DISABLED <-> SERVER-WEBAPP OpenEMR command injection attempt (server-webapp.rules)
 * 1:53213 <-> ENABLED <-> PROTOCOL-OTHER MQTT Connect control packet detected (protocol-other.rules)
 * 1:53223 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Upatre-7594799-0 download attempt (malware-other.rules)
 * 1:53224 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Fakevimes-7594780-0 download attempt (malware-other.rules)
 * 1:53225 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594896-0 download attempt (malware-other.rules)
 * 1:53226 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594962-0 download attempt (malware-other.rules)
 * 1:53227 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594897-0 download attempt (malware-other.rules)
 * 1:53228 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594996-0 download attempt (malware-other.rules)
 * 1:53229 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594931-0 download attempt (malware-other.rules)
 * 1:53240 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594967-0 download attempt (malware-other.rules)
 * 1:53230 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594932-0 download attempt (malware-other.rules)
 * 1:53231 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594898-0 download attempt (malware-other.rules)
 * 1:53232 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594964-0 download attempt (malware-other.rules)
 * 1:53233 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594899-0 download attempt (malware-other.rules)
 * 1:53234 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594998-0 download attempt (malware-other.rules)
 * 1:53235 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594965-0 download attempt (malware-other.rules)
 * 1:53236 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594933-0 download attempt (malware-other.rules)
 * 1:53237 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594999-0 download attempt (malware-other.rules)
 * 1:53238 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594966-0 download attempt (malware-other.rules)
 * 1:53239 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7595000-0 download attempt (malware-other.rules)
 * 1:53241 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GDI information disclosure attempt (file-image.rules)
 * 1:53219 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Fakevimes-7594788-0 download attempt (malware-other.rules)
 * 1:53218 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Bifrost-7594716-0 download attempt (malware-other.rules)
 * 1:53204 <-> DISABLED <-> INDICATOR-OBFUSCATION Win.Dropper.Vivin download attempt (indicator-obfuscation.rules)
 * 1:53264 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DarkVision initial outbound CNC connection attempt (malware-cnc.rules)
 * 1:53216 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Bifrost-7594703-0 download attempt (malware-other.rules)
 * 1:53256 <-> ENABLED <-> SERVER-WEBAPP SQL Server Reporting Services web application remote code execution attempt (server-webapp.rules)
 * 1:53242 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GDI information disclosure attempt (file-image.rules)
 * 3:53252 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-1017 attack attempt (file-image.rules)
 * 3:53265 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1014 attack attempt (file-pdf.rules)
 * 3:53255 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-1017 attack attempt (file-image.rules)
 * 3:53253 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-1017 attack attempt (file-image.rules)
 * 3:53257 <-> ENABLED <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2020-1016 attack attempt (os-windows.rules)
 * 3:53258 <-> ENABLED <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2020-1016 attack attempt (os-windows.rules)
 * 3:53268 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2020-1015 attack attempt (file-office.rules)
 * 3:53254 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-1017 attack attempt (file-image.rules)
 * 3:53266 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1014 attack attempt (file-pdf.rules)
 * 3:53269 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2020-1015 attack attempt (file-office.rules)

Modified Rules:


 * 1:13696 <-> DISABLED <-> POLICY-OTHER TOR proxy connection initiation (policy-other.rules)
 * 1:21740 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media asx file attachment detected (file-identify.rules)
 * 1:21741 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media asx file attachment detected (file-identify.rules)
 * 1:34645 <-> DISABLED <-> SERVER-MAIL Exim buffer overflow attempt (server-mail.rules)
 * 1:585 <-> DISABLED <-> PROTOCOL-RPC Solaris UDP portmap sadmin port query request attempt (protocol-rpc.rules)

2020-02-25 13:59:25 UTC

Snort Subscriber Rules Update

Date: 2020-02-25

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091101.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:53263 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.DarkVision RAT download attempt (malware-other.rules)
 * 1:53249 <-> DISABLED <-> POLICY-OTHER Oracle E-Business Suite TCF Server access attempt (policy-other.rules)
 * 1:53247 <-> DISABLED <-> SERVER-WEBAPP OpenEMR command injection attempt (server-webapp.rules)
 * 1:53260 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.DarkVision RAT download attempt (malware-other.rules)
 * 1:53206 <-> DISABLED <-> SERVER-WEBAPP Microsoft SharePoint file upload information disclosure attempt (server-webapp.rules)
 * 1:53213 <-> ENABLED <-> PROTOCOL-OTHER MQTT Connect control packet detected (protocol-other.rules)
 * 1:53244 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594972-0 download attempt (malware-other.rules)
 * 1:53216 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Bifrost-7594703-0 download attempt (malware-other.rules)
 * 1:53205 <-> DISABLED <-> INDICATOR-OBFUSCATION Win.Dropper.Vivin download attempt (indicator-obfuscation.rules)
 * 1:53212 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.AZORult malicious executable download attempt (malware-other.rules)
 * 1:53217 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Bifrost-7594755-0 download attempt (malware-other.rules)
 * 1:53245 <-> DISABLED <-> SERVER-WEBAPP OpenEMR command injection attempt (server-webapp.rules)
 * 1:53207 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.AZORult malicious executable download attempt (malware-other.rules)
 * 1:53251 <-> DISABLED <-> POLICY-OTHER Oracle E-Business Suite TCF Server vulnerable function access attempt (policy-other.rules)
 * 1:53250 <-> DISABLED <-> POLICY-OTHER Oracle E-Business Suite TCF Server arbitrary SQL execution attempt (policy-other.rules)
 * 1:53220 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Darkkomet-7594783-0 download attempt (malware-other.rules)
 * 1:53261 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.DarkVision RAT download attempt (malware-other.rules)
 * 1:53222 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Fakevimes-7594778-0 download attempt (malware-other.rules)
 * 1:53203 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Vivin download attempt (malware-other.rules)
 * 1:53267 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594994-0 download attempt (malware-other.rules)
 * 1:53208 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.AZORult malicious executable download attempt (malware-other.rules)
 * 1:53259 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594928-0 download attempt (malware-other.rules)
 * 1:53246 <-> DISABLED <-> SERVER-WEBAPP OpenEMR command injection attempt (server-webapp.rules)
 * 1:53209 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.AZORult malicious executable download attempt (malware-other.rules)
 * 1:53242 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GDI information disclosure attempt (file-image.rules)
 * 1:53248 <-> DISABLED <-> SERVER-WEBAPP OpenEMR command injection attempt (server-webapp.rules)
 * 1:53262 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.DarkVision RAT download attempt (malware-other.rules)
 * 1:53215 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Bifrost-7594702-0 download attempt (malware-other.rules)
 * 1:53223 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Upatre-7594799-0 download attempt (malware-other.rules)
 * 1:53224 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Fakevimes-7594780-0 download attempt (malware-other.rules)
 * 1:53225 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594896-0 download attempt (malware-other.rules)
 * 1:53226 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594962-0 download attempt (malware-other.rules)
 * 1:53227 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594897-0 download attempt (malware-other.rules)
 * 1:53228 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594996-0 download attempt (malware-other.rules)
 * 1:53229 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594931-0 download attempt (malware-other.rules)
 * 1:53231 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594898-0 download attempt (malware-other.rules)
 * 1:53232 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594964-0 download attempt (malware-other.rules)
 * 1:53233 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594899-0 download attempt (malware-other.rules)
 * 1:53234 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594998-0 download attempt (malware-other.rules)
 * 1:53235 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594965-0 download attempt (malware-other.rules)
 * 1:53236 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594933-0 download attempt (malware-other.rules)
 * 1:53237 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594999-0 download attempt (malware-other.rules)
 * 1:53238 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594966-0 download attempt (malware-other.rules)
 * 1:53239 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7595000-0 download attempt (malware-other.rules)
 * 1:53243 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594977-0 download attempt (malware-other.rules)
 * 1:53240 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594967-0 download attempt (malware-other.rules)
 * 1:53219 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Fakevimes-7594788-0 download attempt (malware-other.rules)
 * 1:53218 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Bifrost-7594716-0 download attempt (malware-other.rules)
 * 1:53204 <-> DISABLED <-> INDICATOR-OBFUSCATION Win.Dropper.Vivin download attempt (indicator-obfuscation.rules)
 * 1:53230 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594932-0 download attempt (malware-other.rules)
 * 1:53241 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GDI information disclosure attempt (file-image.rules)
 * 1:53214 <-> DISABLED <-> PROTOCOL-OTHER Cesanta Mongoose MQTT integer overflow attempt (protocol-other.rules)
 * 1:53264 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DarkVision initial outbound CNC connection attempt (malware-cnc.rules)
 * 1:53221 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Aepwbrt-7594784-0 download attempt (malware-other.rules)
 * 1:53256 <-> ENABLED <-> SERVER-WEBAPP SQL Server Reporting Services web application remote code execution attempt (server-webapp.rules)
 * 1:53210 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.AZORult malicious executable download attempt (malware-other.rules)
 * 1:53211 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.AZORult malicious executable download attempt (malware-other.rules)
 * 3:53258 <-> ENABLED <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2020-1016 attack attempt (os-windows.rules)
 * 3:53254 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-1017 attack attempt (file-image.rules)
 * 3:53252 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-1017 attack attempt (file-image.rules)
 * 3:53255 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-1017 attack attempt (file-image.rules)
 * 3:53266 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1014 attack attempt (file-pdf.rules)
 * 3:53269 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2020-1015 attack attempt (file-office.rules)
 * 3:53268 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2020-1015 attack attempt (file-office.rules)
 * 3:53253 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-1017 attack attempt (file-image.rules)
 * 3:53265 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1014 attack attempt (file-pdf.rules)
 * 3:53257 <-> ENABLED <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2020-1016 attack attempt (os-windows.rules)

Modified Rules:


 * 1:13696 <-> DISABLED <-> POLICY-OTHER TOR proxy connection initiation (policy-other.rules)
 * 1:21740 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media asx file attachment detected (file-identify.rules)
 * 1:21741 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media asx file attachment detected (file-identify.rules)
 * 1:34645 <-> DISABLED <-> SERVER-MAIL Exim buffer overflow attempt (server-mail.rules)
 * 1:585 <-> DISABLED <-> PROTOCOL-RPC Solaris UDP portmap sadmin port query request attempt (protocol-rpc.rules)

2020-02-25 13:59:25 UTC

Snort Subscriber Rules Update

Date: 2020-02-25

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3000.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:53211 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.AZORult malicious executable download attempt (snort3-malware-other.rules)
 * 1:53203 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Vivin download attempt (snort3-malware-other.rules)
 * 1:53256 <-> ENABLED <-> SERVER-WEBAPP SQL Server Reporting Services web application remote code execution attempt (snort3-server-webapp.rules)
 * 1:53267 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594994-0 download attempt (snort3-malware-other.rules)
 * 1:53207 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.AZORult malicious executable download attempt (snort3-malware-other.rules)
 * 1:53222 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Fakevimes-7594778-0 download attempt (snort3-malware-other.rules)
 * 1:53219 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Fakevimes-7594788-0 download attempt (snort3-malware-other.rules)
 * 1:53260 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.DarkVision RAT download attempt (snort3-malware-other.rules)
 * 1:53243 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594977-0 download attempt (snort3-malware-other.rules)
 * 1:53262 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.DarkVision RAT download attempt (snort3-malware-other.rules)
 * 1:53261 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.DarkVision RAT download attempt (snort3-malware-other.rules)
 * 1:53215 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Bifrost-7594702-0 download attempt (snort3-malware-other.rules)
 * 1:53205 <-> DISABLED <-> INDICATOR-OBFUSCATION Win.Dropper.Vivin download attempt (snort3-indicator-obfuscation.rules)
 * 1:53245 <-> DISABLED <-> SERVER-WEBAPP OpenEMR command injection attempt (snort3-server-webapp.rules)
 * 1:53208 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.AZORult malicious executable download attempt (snort3-malware-other.rules)
 * 1:53210 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.AZORult malicious executable download attempt (snort3-malware-other.rules)
 * 1:53220 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Darkkomet-7594783-0 download attempt (snort3-malware-other.rules)
 * 1:53212 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.AZORult malicious executable download attempt (snort3-malware-other.rules)
 * 1:53248 <-> DISABLED <-> SERVER-WEBAPP OpenEMR command injection attempt (snort3-server-webapp.rules)
 * 1:53244 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594972-0 download attempt (snort3-malware-other.rules)
 * 1:53249 <-> DISABLED <-> POLICY-OTHER Oracle E-Business Suite TCF Server access attempt (snort3-policy-other.rules)
 * 1:53264 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DarkVision initial outbound CNC connection attempt (snort3-malware-cnc.rules)
 * 1:53259 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594928-0 download attempt (snort3-malware-other.rules)
 * 1:53221 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Aepwbrt-7594784-0 download attempt (snort3-malware-other.rules)
 * 1:53216 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Bifrost-7594703-0 download attempt (snort3-malware-other.rules)
 * 1:53204 <-> DISABLED <-> INDICATOR-OBFUSCATION Win.Dropper.Vivin download attempt (snort3-indicator-obfuscation.rules)
 * 1:53250 <-> DISABLED <-> POLICY-OTHER Oracle E-Business Suite TCF Server arbitrary SQL execution attempt (snort3-policy-other.rules)
 * 1:53218 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Bifrost-7594716-0 download attempt (snort3-malware-other.rules)
 * 1:53226 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594962-0 download attempt (snort3-malware-other.rules)
 * 1:53227 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594897-0 download attempt (snort3-malware-other.rules)
 * 1:53228 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594996-0 download attempt (snort3-malware-other.rules)
 * 1:53229 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594931-0 download attempt (snort3-malware-other.rules)
 * 1:53230 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594932-0 download attempt (snort3-malware-other.rules)
 * 1:53231 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594898-0 download attempt (snort3-malware-other.rules)
 * 1:53246 <-> DISABLED <-> SERVER-WEBAPP OpenEMR command injection attempt (snort3-server-webapp.rules)
 * 1:53232 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594964-0 download attempt (snort3-malware-other.rules)
 * 1:53233 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594899-0 download attempt (snort3-malware-other.rules)
 * 1:53234 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594998-0 download attempt (snort3-malware-other.rules)
 * 1:53235 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594965-0 download attempt (snort3-malware-other.rules)
 * 1:53236 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594933-0 download attempt (snort3-malware-other.rules)
 * 1:53237 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594999-0 download attempt (snort3-malware-other.rules)
 * 1:53238 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594966-0 download attempt (snort3-malware-other.rules)
 * 1:53239 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7595000-0 download attempt (snort3-malware-other.rules)
 * 1:53225 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594896-0 download attempt (snort3-malware-other.rules)
 * 1:53224 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Fakevimes-7594780-0 download attempt (snort3-malware-other.rules)
 * 1:53206 <-> DISABLED <-> SERVER-WEBAPP Microsoft SharePoint file upload information disclosure attempt (snort3-server-webapp.rules)
 * 1:53223 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Upatre-7594799-0 download attempt (snort3-malware-other.rules)
 * 1:53209 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.AZORult malicious executable download attempt (snort3-malware-other.rules)
 * 1:53240 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594967-0 download attempt (snort3-malware-other.rules)
 * 1:53242 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GDI information disclosure attempt (snort3-file-image.rules)
 * 1:53247 <-> DISABLED <-> SERVER-WEBAPP OpenEMR command injection attempt (snort3-server-webapp.rules)
 * 1:53241 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GDI information disclosure attempt (snort3-file-image.rules)
 * 1:53213 <-> ENABLED <-> PROTOCOL-OTHER MQTT Connect control packet detected (snort3-protocol-other.rules)
 * 1:53263 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.DarkVision RAT download attempt (snort3-malware-other.rules)
 * 1:53217 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Bifrost-7594755-0 download attempt (snort3-malware-other.rules)
 * 1:53251 <-> DISABLED <-> POLICY-OTHER Oracle E-Business Suite TCF Server vulnerable function access attempt (snort3-policy-other.rules)
 * 1:53214 <-> DISABLED <-> PROTOCOL-OTHER Cesanta Mongoose MQTT integer overflow attempt (snort3-protocol-other.rules)

Modified Rules:


 * 1:13696 <-> DISABLED <-> POLICY-OTHER TOR proxy connection initiation (snort3-policy-other.rules)
 * 1:21740 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media asx file attachment detected (snort3-file-identify.rules)
 * 1:21741 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media asx file attachment detected (snort3-file-identify.rules)
 * 1:34645 <-> DISABLED <-> SERVER-MAIL Exim buffer overflow attempt (snort3-server-mail.rules)
 * 1:585 <-> DISABLED <-> PROTOCOL-RPC Solaris UDP portmap sadmin port query request attempt (snort3-protocol-rpc.rules)

2020-02-25 13:59:25 UTC

Snort Subscriber Rules Update

Date: 2020-02-25

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:53249 <-> DISABLED <-> POLICY-OTHER Oracle E-Business Suite TCF Server access attempt (policy-other.rules)
 * 1:53264 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DarkVision initial outbound CNC connection attempt (malware-cnc.rules)
 * 1:53224 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Fakevimes-7594780-0 download attempt (malware-other.rules)
 * 1:53267 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594994-0 download attempt (malware-other.rules)
 * 1:53246 <-> DISABLED <-> SERVER-WEBAPP OpenEMR command injection attempt (server-webapp.rules)
 * 1:53245 <-> DISABLED <-> SERVER-WEBAPP OpenEMR command injection attempt (server-webapp.rules)
 * 1:53244 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594972-0 download attempt (malware-other.rules)
 * 1:53263 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.DarkVision RAT download attempt (malware-other.rules)
 * 1:53240 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594967-0 download attempt (malware-other.rules)
 * 1:53239 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7595000-0 download attempt (malware-other.rules)
 * 1:53238 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594966-0 download attempt (malware-other.rules)
 * 1:53237 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594999-0 download attempt (malware-other.rules)
 * 1:53236 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594933-0 download attempt (malware-other.rules)
 * 1:53235 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594965-0 download attempt (malware-other.rules)
 * 1:53234 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594998-0 download attempt (malware-other.rules)
 * 1:53233 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594899-0 download attempt (malware-other.rules)
 * 1:53232 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594964-0 download attempt (malware-other.rules)
 * 1:53231 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594898-0 download attempt (malware-other.rules)
 * 1:53230 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594932-0 download attempt (malware-other.rules)
 * 1:53229 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594931-0 download attempt (malware-other.rules)
 * 1:53228 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594996-0 download attempt (malware-other.rules)
 * 1:53227 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594897-0 download attempt (malware-other.rules)
 * 1:53226 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594962-0 download attempt (malware-other.rules)
 * 1:53225 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594896-0 download attempt (malware-other.rules)
 * 1:53243 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594977-0 download attempt (malware-other.rules)
 * 1:53242 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GDI information disclosure attempt (file-image.rules)
 * 1:53241 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GDI information disclosure attempt (file-image.rules)
 * 1:53247 <-> DISABLED <-> SERVER-WEBAPP OpenEMR command injection attempt (server-webapp.rules)
 * 1:53250 <-> DISABLED <-> POLICY-OTHER Oracle E-Business Suite TCF Server arbitrary SQL execution attempt (policy-other.rules)
 * 1:53217 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Bifrost-7594755-0 download attempt (malware-other.rules)
 * 1:53220 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Darkkomet-7594783-0 download attempt (malware-other.rules)
 * 1:53215 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Bifrost-7594702-0 download attempt (malware-other.rules)
 * 1:53213 <-> ENABLED <-> PROTOCOL-OTHER MQTT Connect control packet detected (protocol-other.rules)
 * 1:53212 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.AZORult malicious executable download attempt (malware-other.rules)
 * 1:53216 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Bifrost-7594703-0 download attempt (malware-other.rules)
 * 1:53210 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.AZORult malicious executable download attempt (malware-other.rules)
 * 1:53209 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.AZORult malicious executable download attempt (malware-other.rules)
 * 1:53208 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.AZORult malicious executable download attempt (malware-other.rules)
 * 1:53211 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.AZORult malicious executable download attempt (malware-other.rules)
 * 1:53248 <-> DISABLED <-> SERVER-WEBAPP OpenEMR command injection attempt (server-webapp.rules)
 * 1:53259 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594928-0 download attempt (malware-other.rules)
 * 1:53251 <-> DISABLED <-> POLICY-OTHER Oracle E-Business Suite TCF Server vulnerable function access attempt (policy-other.rules)
 * 1:53256 <-> ENABLED <-> SERVER-WEBAPP SQL Server Reporting Services web application remote code execution attempt (server-webapp.rules)
 * 1:53260 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.DarkVision RAT download attempt (malware-other.rules)
 * 1:53262 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.DarkVision RAT download attempt (malware-other.rules)
 * 1:53219 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Fakevimes-7594788-0 download attempt (malware-other.rules)
 * 1:53218 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Bifrost-7594716-0 download attempt (malware-other.rules)
 * 1:53222 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Fakevimes-7594778-0 download attempt (malware-other.rules)
 * 1:53223 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Upatre-7594799-0 download attempt (malware-other.rules)
 * 1:53221 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Aepwbrt-7594784-0 download attempt (malware-other.rules)
 * 1:53261 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.DarkVision RAT download attempt (malware-other.rules)
 * 1:53207 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.AZORult malicious executable download attempt (malware-other.rules)
 * 1:53205 <-> DISABLED <-> INDICATOR-OBFUSCATION Win.Dropper.Vivin download attempt (indicator-obfuscation.rules)
 * 1:53206 <-> DISABLED <-> SERVER-WEBAPP Microsoft SharePoint file upload information disclosure attempt (server-webapp.rules)
 * 1:53203 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Vivin download attempt (malware-other.rules)
 * 1:53204 <-> DISABLED <-> INDICATOR-OBFUSCATION Win.Dropper.Vivin download attempt (indicator-obfuscation.rules)
 * 3:53265 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1014 attack attempt (file-pdf.rules)
 * 3:53258 <-> ENABLED <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2020-1016 attack attempt (os-windows.rules)
 * 3:53254 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-1017 attack attempt (file-image.rules)
 * 3:53255 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-1017 attack attempt (file-image.rules)
 * 3:53252 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-1017 attack attempt (file-image.rules)
 * 3:53253 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-1017 attack attempt (file-image.rules)
 * 3:53266 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1014 attack attempt (file-pdf.rules)
 * 3:53269 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2020-1015 attack attempt (file-office.rules)
 * 3:53268 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2020-1015 attack attempt (file-office.rules)
 * 3:53257 <-> ENABLED <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2020-1016 attack attempt (os-windows.rules)

Modified Rules:


 * 1:13696 <-> DISABLED <-> POLICY-OTHER TOR proxy connection initiation (policy-other.rules)
 * 1:21740 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media asx file attachment detected (file-identify.rules)
 * 1:21741 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media asx file attachment detected (file-identify.rules)
 * 1:34645 <-> DISABLED <-> SERVER-MAIL Exim buffer overflow attempt (server-mail.rules)
 * 1:585 <-> DISABLED <-> PROTOCOL-RPC Solaris UDP portmap sadmin port query request attempt (protocol-rpc.rules)