Talos has added and modified multiple rules in the browser-chrome, malware-cnc, malware-other, os-mobile, policy-other and server-webapp rule sets to provide coverage for emerging threats from these technologies.
For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091501.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:53276 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597059-0 download attempt (malware-other.rules) * 1:53275 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Zeroll-7596408-0 download attempt (malware-other.rules) * 1:53274 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597092-0 download attempt (malware-other.rules) * 1:53273 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597058-0 download attempt (malware-other.rules) * 1:53272 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Gamarue-7596406-0 download attempt (malware-other.rules) * 1:53271 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Zeroll-7596404-0 download attempt (malware-other.rules) * 1:53270 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Generic-7596403-0 download attempt (malware-other.rules) * 1:53282 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Zeroll-7596435-0 download attempt (malware-other.rules) * 1:53279 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Generic-7596410-0 download attempt (malware-other.rules) * 1:53278 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597060-0 download attempt (malware-other.rules) * 1:53277 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Zeroll-7596409-0 download attempt (malware-other.rules) * 1:53281 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597061-0 download attempt (malware-other.rules) * 1:53280 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597094-0 download attempt (malware-other.rules) * 1:53283 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Xtrat-7597808-0 download attempt (malware-other.rules) * 1:53286 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597078-0 download attempt (malware-other.rules) * 1:53285 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597077-0 download attempt (malware-other.rules) * 1:53284 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Vebzenpak-7597842-0 download attempt (malware-other.rules) * 1:53288 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597079-0 download attempt (malware-other.rules) * 1:53287 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Zeroll-7596437-0 download attempt (malware-other.rules) * 1:53289 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597111-0 download attempt (malware-other.rules) * 1:53327 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Midie-7597854-0 download attempt (malware-other.rules) * 1:53310 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Xtrat-7597778-0 download attempt (malware-other.rules) * 1:53309 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Generic-7596397-0 download attempt (malware-other.rules) * 1:53308 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597051-0 download attempt (malware-other.rules) * 1:53307 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597116-0 download attempt (malware-other.rules) * 1:53306 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597084-0 download attempt (malware-other.rules) * 1:53305 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597050-0 download attempt (malware-other.rules) * 1:53304 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generic-7596394-0 download attempt (malware-other.rules) * 1:53303 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597083-0 download attempt (malware-other.rules) * 1:53302 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597115-0 download attempt (malware-other.rules) * 1:53301 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Zbot-7596393-0 download attempt (malware-other.rules) * 1:53300 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597049-0 download attempt (malware-other.rules) * 1:53299 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597114-0 download attempt (malware-other.rules) * 1:53298 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Filerepmalware-7596392-0 download attempt (malware-other.rules) * 1:53297 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zbot-7597775-0 download attempt (malware-other.rules) * 1:53296 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597081-0 download attempt (malware-other.rules) * 1:53295 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Generic-7596391-0 download attempt (malware-other.rules) * 1:53294 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Generic-7596390-0 download attempt (malware-other.rules) * 1:53293 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597080-0 download attempt (malware-other.rules) * 1:53292 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Generic-7596389-0 download attempt (malware-other.rules) * 1:53291 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597112-0 download attempt (malware-other.rules) * 1:53290 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generic-7597876-0 download attempt (malware-other.rules) * 1:53326 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597056-0 download attempt (malware-other.rules) * 1:53325 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Szq7apnib-7597786-0 download attempt (malware-other.rules) * 1:53324 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597089-0 download attempt (malware-other.rules) * 1:53323 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597055-0 download attempt (malware-other.rules) * 1:53322 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Leer-7597784-0 download attempt (malware-other.rules) * 1:53321 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597120-0 download attempt (malware-other.rules) * 1:53320 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597054-0 download attempt (malware-other.rules) * 1:53319 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597087-0 download attempt (malware-other.rules) * 1:53318 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597086-0 download attempt (malware-other.rules) * 1:53317 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Generic-7596399-0 download attempt (malware-other.rules) * 1:53316 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597053-0 download attempt (malware-other.rules) * 1:53315 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597118-0 download attempt (malware-other.rules) * 1:53314 <-> DISABLED <-> MALWARE-OTHER Win.Keylogger.Banbra-7597779-0 download attempt (malware-other.rules) * 1:53313 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Generic-7596398-0 download attempt (malware-other.rules) * 1:53312 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597052-0 download attempt (malware-other.rules) * 1:53311 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597117-0 download attempt (malware-other.rules) * 1:53348 <-> DISABLED <-> SERVER-WEBAPP Microsoft Exchange Control Panel remote code execution attempt (server-webapp.rules) * 1:53347 <-> DISABLED <-> SERVER-WEBAPP Microsoft Exchange Control Panel remote code execution attempt (server-webapp.rules) * 1:53346 <-> DISABLED <-> SERVER-WEBAPP Microsoft Exchange Control Panel remote code execution attempt (server-webapp.rules) * 1:53345 <-> DISABLED <-> OS-MOBILE Android Binder use after free exploit attempt (os-mobile.rules) * 1:53344 <-> DISABLED <-> OS-MOBILE Android Binder use after free exploit attempt (os-mobile.rules) * 1:53343 <-> DISABLED <-> BROWSER-CHROME Google Chrome V8 Turbofan Array pop type confusion attempt (browser-chrome.rules) * 1:53342 <-> DISABLED <-> BROWSER-CHROME Google Chrome V8 Turbofan Array pop type confusion attempt (browser-chrome.rules) * 1:53341 <-> ENABLED <-> SERVER-APACHE Apache Tomcat AJP connector arbitrary file access attempt (server-apache.rules) * 1:53340 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ftcode variant download attempt (malware-cnc.rules) * 1:53339 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ftcode variant download attempt (malware-cnc.rules) * 1:53338 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ftcode variant outbound communication attempt (malware-cnc.rules) * 1:53337 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Agent variant payload download attempt (malware-other.rules) * 1:53336 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Ryuk variant payload download attempt (malware-other.rules) * 1:53335 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Ryuk variant payload download attempt (malware-other.rules) * 1:53334 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Agent variant payload download attempt (malware-other.rules) * 1:53333 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Ryuk variant payload download attempt (malware-other.rules) * 1:53332 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Ryuk variant payload download attempt (malware-other.rules) * 1:53331 <-> DISABLED <-> POLICY-OTHER Wake-on-LAN magic packet attempt (policy-other.rules) * 1:53330 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Jaik-7597790-0 download attempt (malware-other.rules) * 1:53329 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597057-0 download attempt (malware-other.rules) * 1:53328 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597090-0 download attempt (malware-other.rules) * 1:53351 <-> DISABLED <-> SERVER-WEBAPP Microsoft Exchange Control Panel remote code execution attempt (server-webapp.rules) * 1:53350 <-> DISABLED <-> SERVER-WEBAPP Microsoft Exchange Control Panel remote code execution attempt (server-webapp.rules) * 1:53349 <-> DISABLED <-> SERVER-WEBAPP Microsoft Exchange Control Panel remote code execution attempt (server-webapp.rules)
* 1:44484 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (policy-other.rules) * 1:44485 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (policy-other.rules) * 1:44486 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (policy-other.rules) * 1:44487 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (policy-other.rules) * 1:44489 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (policy-other.rules) * 1:44488 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (policy-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091500.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:53333 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Ryuk variant payload download attempt (malware-other.rules) * 1:53343 <-> DISABLED <-> BROWSER-CHROME Google Chrome V8 Turbofan Array pop type confusion attempt (browser-chrome.rules) * 1:53342 <-> DISABLED <-> BROWSER-CHROME Google Chrome V8 Turbofan Array pop type confusion attempt (browser-chrome.rules) * 1:53341 <-> ENABLED <-> SERVER-APACHE Apache Tomcat AJP connector arbitrary file access attempt (server-apache.rules) * 1:53340 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ftcode variant download attempt (malware-cnc.rules) * 1:53339 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ftcode variant download attempt (malware-cnc.rules) * 1:53338 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ftcode variant outbound communication attempt (malware-cnc.rules) * 1:53337 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Agent variant payload download attempt (malware-other.rules) * 1:53334 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Agent variant payload download attempt (malware-other.rules) * 1:53335 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Ryuk variant payload download attempt (malware-other.rules) * 1:53336 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Ryuk variant payload download attempt (malware-other.rules) * 1:53346 <-> DISABLED <-> SERVER-WEBAPP Microsoft Exchange Control Panel remote code execution attempt (server-webapp.rules) * 1:53344 <-> DISABLED <-> OS-MOBILE Android Binder use after free exploit attempt (os-mobile.rules) * 1:53345 <-> DISABLED <-> OS-MOBILE Android Binder use after free exploit attempt (os-mobile.rules) * 1:53351 <-> DISABLED <-> SERVER-WEBAPP Microsoft Exchange Control Panel remote code execution attempt (server-webapp.rules) * 1:53350 <-> DISABLED <-> SERVER-WEBAPP Microsoft Exchange Control Panel remote code execution attempt (server-webapp.rules) * 1:53349 <-> DISABLED <-> SERVER-WEBAPP Microsoft Exchange Control Panel remote code execution attempt (server-webapp.rules) * 1:53348 <-> DISABLED <-> SERVER-WEBAPP Microsoft Exchange Control Panel remote code execution attempt (server-webapp.rules) * 1:53347 <-> DISABLED <-> SERVER-WEBAPP Microsoft Exchange Control Panel remote code execution attempt (server-webapp.rules) * 1:53332 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Ryuk variant payload download attempt (malware-other.rules) * 1:53282 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Zeroll-7596435-0 download attempt (malware-other.rules) * 1:53283 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Xtrat-7597808-0 download attempt (malware-other.rules) * 1:53280 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597094-0 download attempt (malware-other.rules) * 1:53281 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597061-0 download attempt (malware-other.rules) * 1:53278 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597060-0 download attempt (malware-other.rules) * 1:53279 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Generic-7596410-0 download attempt (malware-other.rules) * 1:53277 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Zeroll-7596409-0 download attempt (malware-other.rules) * 1:53276 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597059-0 download attempt (malware-other.rules) * 1:53274 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597092-0 download attempt (malware-other.rules) * 1:53275 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Zeroll-7596408-0 download attempt (malware-other.rules) * 1:53272 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Gamarue-7596406-0 download attempt (malware-other.rules) * 1:53273 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597058-0 download attempt (malware-other.rules) * 1:53270 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Generic-7596403-0 download attempt (malware-other.rules) * 1:53271 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Zeroll-7596404-0 download attempt (malware-other.rules) * 1:53330 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Jaik-7597790-0 download attempt (malware-other.rules) * 1:53331 <-> DISABLED <-> POLICY-OTHER Wake-on-LAN magic packet attempt (policy-other.rules) * 1:53328 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597090-0 download attempt (malware-other.rules) * 1:53329 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597057-0 download attempt (malware-other.rules) * 1:53326 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597056-0 download attempt (malware-other.rules) * 1:53327 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Midie-7597854-0 download attempt (malware-other.rules) * 1:53324 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597089-0 download attempt (malware-other.rules) * 1:53325 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Szq7apnib-7597786-0 download attempt (malware-other.rules) * 1:53322 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Leer-7597784-0 download attempt (malware-other.rules) * 1:53323 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597055-0 download attempt (malware-other.rules) * 1:53320 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597054-0 download attempt (malware-other.rules) * 1:53321 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597120-0 download attempt (malware-other.rules) * 1:53318 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597086-0 download attempt (malware-other.rules) * 1:53319 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597087-0 download attempt (malware-other.rules) * 1:53316 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597053-0 download attempt (malware-other.rules) * 1:53317 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Generic-7596399-0 download attempt (malware-other.rules) * 1:53314 <-> DISABLED <-> MALWARE-OTHER Win.Keylogger.Banbra-7597779-0 download attempt (malware-other.rules) * 1:53315 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597118-0 download attempt (malware-other.rules) * 1:53312 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597052-0 download attempt (malware-other.rules) * 1:53313 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Generic-7596398-0 download attempt (malware-other.rules) * 1:53310 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Xtrat-7597778-0 download attempt (malware-other.rules) * 1:53311 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597117-0 download attempt (malware-other.rules) * 1:53308 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597051-0 download attempt (malware-other.rules) * 1:53309 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Generic-7596397-0 download attempt (malware-other.rules) * 1:53306 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597084-0 download attempt (malware-other.rules) * 1:53307 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597116-0 download attempt (malware-other.rules) * 1:53304 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generic-7596394-0 download attempt (malware-other.rules) * 1:53305 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597050-0 download attempt (malware-other.rules) * 1:53302 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597115-0 download attempt (malware-other.rules) * 1:53303 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597083-0 download attempt (malware-other.rules) * 1:53300 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597049-0 download attempt (malware-other.rules) * 1:53301 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Zbot-7596393-0 download attempt (malware-other.rules) * 1:53298 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Filerepmalware-7596392-0 download attempt (malware-other.rules) * 1:53299 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597114-0 download attempt (malware-other.rules) * 1:53296 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597081-0 download attempt (malware-other.rules) * 1:53297 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zbot-7597775-0 download attempt (malware-other.rules) * 1:53294 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Generic-7596390-0 download attempt (malware-other.rules) * 1:53295 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Generic-7596391-0 download attempt (malware-other.rules) * 1:53292 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Generic-7596389-0 download attempt (malware-other.rules) * 1:53293 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597080-0 download attempt (malware-other.rules) * 1:53290 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generic-7597876-0 download attempt (malware-other.rules) * 1:53291 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597112-0 download attempt (malware-other.rules) * 1:53288 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597079-0 download attempt (malware-other.rules) * 1:53289 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597111-0 download attempt (malware-other.rules) * 1:53286 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597078-0 download attempt (malware-other.rules) * 1:53287 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Zeroll-7596437-0 download attempt (malware-other.rules) * 1:53284 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Vebzenpak-7597842-0 download attempt (malware-other.rules) * 1:53285 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597077-0 download attempt (malware-other.rules)
* 1:44484 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (policy-other.rules) * 1:44485 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (policy-other.rules) * 1:44486 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (policy-other.rules) * 1:44487 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (policy-other.rules) * 1:44488 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (policy-other.rules) * 1:44489 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (policy-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091401.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:53333 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Ryuk variant payload download attempt (malware-other.rules) * 1:53341 <-> ENABLED <-> SERVER-APACHE Apache Tomcat AJP connector arbitrary file access attempt (server-apache.rules) * 1:53340 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ftcode variant download attempt (malware-cnc.rules) * 1:53339 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ftcode variant download attempt (malware-cnc.rules) * 1:53338 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ftcode variant outbound communication attempt (malware-cnc.rules) * 1:53337 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Agent variant payload download attempt (malware-other.rules) * 1:53335 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Ryuk variant payload download attempt (malware-other.rules) * 1:53336 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Ryuk variant payload download attempt (malware-other.rules) * 1:53334 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Agent variant payload download attempt (malware-other.rules) * 1:53329 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597057-0 download attempt (malware-other.rules) * 1:53351 <-> DISABLED <-> SERVER-WEBAPP Microsoft Exchange Control Panel remote code execution attempt (server-webapp.rules) * 1:53350 <-> DISABLED <-> SERVER-WEBAPP Microsoft Exchange Control Panel remote code execution attempt (server-webapp.rules) * 1:53349 <-> DISABLED <-> SERVER-WEBAPP Microsoft Exchange Control Panel remote code execution attempt (server-webapp.rules) * 1:53348 <-> DISABLED <-> SERVER-WEBAPP Microsoft Exchange Control Panel remote code execution attempt (server-webapp.rules) * 1:53347 <-> DISABLED <-> SERVER-WEBAPP Microsoft Exchange Control Panel remote code execution attempt (server-webapp.rules) * 1:53346 <-> DISABLED <-> SERVER-WEBAPP Microsoft Exchange Control Panel remote code execution attempt (server-webapp.rules) * 1:53345 <-> DISABLED <-> OS-MOBILE Android Binder use after free exploit attempt (os-mobile.rules) * 1:53344 <-> DISABLED <-> OS-MOBILE Android Binder use after free exploit attempt (os-mobile.rules) * 1:53343 <-> DISABLED <-> BROWSER-CHROME Google Chrome V8 Turbofan Array pop type confusion attempt (browser-chrome.rules) * 1:53342 <-> DISABLED <-> BROWSER-CHROME Google Chrome V8 Turbofan Array pop type confusion attempt (browser-chrome.rules) * 1:53278 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597060-0 download attempt (malware-other.rules) * 1:53332 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Ryuk variant payload download attempt (malware-other.rules) * 1:53277 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Zeroll-7596409-0 download attempt (malware-other.rules) * 1:53275 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Zeroll-7596408-0 download attempt (malware-other.rules) * 1:53276 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597059-0 download attempt (malware-other.rules) * 1:53273 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597058-0 download attempt (malware-other.rules) * 1:53274 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597092-0 download attempt (malware-other.rules) * 1:53271 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Zeroll-7596404-0 download attempt (malware-other.rules) * 1:53272 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Gamarue-7596406-0 download attempt (malware-other.rules) * 1:53270 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Generic-7596403-0 download attempt (malware-other.rules) * 1:53327 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Midie-7597854-0 download attempt (malware-other.rules) * 1:53328 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597090-0 download attempt (malware-other.rules) * 1:53325 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Szq7apnib-7597786-0 download attempt (malware-other.rules) * 1:53326 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597056-0 download attempt (malware-other.rules) * 1:53323 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597055-0 download attempt (malware-other.rules) * 1:53324 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597089-0 download attempt (malware-other.rules) * 1:53321 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597120-0 download attempt (malware-other.rules) * 1:53322 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Leer-7597784-0 download attempt (malware-other.rules) * 1:53319 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597087-0 download attempt (malware-other.rules) * 1:53320 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597054-0 download attempt (malware-other.rules) * 1:53317 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Generic-7596399-0 download attempt (malware-other.rules) * 1:53318 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597086-0 download attempt (malware-other.rules) * 1:53315 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597118-0 download attempt (malware-other.rules) * 1:53316 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597053-0 download attempt (malware-other.rules) * 1:53313 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Generic-7596398-0 download attempt (malware-other.rules) * 1:53314 <-> DISABLED <-> MALWARE-OTHER Win.Keylogger.Banbra-7597779-0 download attempt (malware-other.rules) * 1:53311 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597117-0 download attempt (malware-other.rules) * 1:53312 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597052-0 download attempt (malware-other.rules) * 1:53310 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Xtrat-7597778-0 download attempt (malware-other.rules) * 1:53309 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Generic-7596397-0 download attempt (malware-other.rules) * 1:53307 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597116-0 download attempt (malware-other.rules) * 1:53308 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597051-0 download attempt (malware-other.rules) * 1:53305 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597050-0 download attempt (malware-other.rules) * 1:53306 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597084-0 download attempt (malware-other.rules) * 1:53301 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Zbot-7596393-0 download attempt (malware-other.rules) * 1:53304 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generic-7596394-0 download attempt (malware-other.rules) * 1:53303 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597083-0 download attempt (malware-other.rules) * 1:53302 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597115-0 download attempt (malware-other.rules) * 1:53299 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597114-0 download attempt (malware-other.rules) * 1:53300 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597049-0 download attempt (malware-other.rules) * 1:53297 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zbot-7597775-0 download attempt (malware-other.rules) * 1:53298 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Filerepmalware-7596392-0 download attempt (malware-other.rules) * 1:53295 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Generic-7596391-0 download attempt (malware-other.rules) * 1:53296 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597081-0 download attempt (malware-other.rules) * 1:53293 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597080-0 download attempt (malware-other.rules) * 1:53294 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Generic-7596390-0 download attempt (malware-other.rules) * 1:53291 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597112-0 download attempt (malware-other.rules) * 1:53292 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Generic-7596389-0 download attempt (malware-other.rules) * 1:53289 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597111-0 download attempt (malware-other.rules) * 1:53290 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generic-7597876-0 download attempt (malware-other.rules) * 1:53287 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Zeroll-7596437-0 download attempt (malware-other.rules) * 1:53288 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597079-0 download attempt (malware-other.rules) * 1:53285 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597077-0 download attempt (malware-other.rules) * 1:53286 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597078-0 download attempt (malware-other.rules) * 1:53283 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Xtrat-7597808-0 download attempt (malware-other.rules) * 1:53284 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Vebzenpak-7597842-0 download attempt (malware-other.rules) * 1:53281 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597061-0 download attempt (malware-other.rules) * 1:53282 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Zeroll-7596435-0 download attempt (malware-other.rules) * 1:53279 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Generic-7596410-0 download attempt (malware-other.rules) * 1:53280 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597094-0 download attempt (malware-other.rules) * 1:53330 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Jaik-7597790-0 download attempt (malware-other.rules) * 1:53331 <-> DISABLED <-> POLICY-OTHER Wake-on-LAN magic packet attempt (policy-other.rules)
* 1:44484 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (policy-other.rules) * 1:44485 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (policy-other.rules) * 1:44486 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (policy-other.rules) * 1:44488 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (policy-other.rules) * 1:44487 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (policy-other.rules) * 1:44489 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (policy-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091300.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:53335 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Ryuk variant payload download attempt (malware-other.rules) * 1:53334 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Agent variant payload download attempt (malware-other.rules) * 1:53336 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Ryuk variant payload download attempt (malware-other.rules) * 1:53333 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Ryuk variant payload download attempt (malware-other.rules) * 1:53340 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ftcode variant download attempt (malware-cnc.rules) * 1:53339 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ftcode variant download attempt (malware-cnc.rules) * 1:53337 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Agent variant payload download attempt (malware-other.rules) * 1:53338 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ftcode variant outbound communication attempt (malware-cnc.rules) * 1:53342 <-> DISABLED <-> BROWSER-CHROME Google Chrome V8 Turbofan Array pop type confusion attempt (browser-chrome.rules) * 1:53341 <-> ENABLED <-> SERVER-APACHE Apache Tomcat AJP connector arbitrary file access attempt (server-apache.rules) * 1:53348 <-> DISABLED <-> SERVER-WEBAPP Microsoft Exchange Control Panel remote code execution attempt (server-webapp.rules) * 1:53349 <-> DISABLED <-> SERVER-WEBAPP Microsoft Exchange Control Panel remote code execution attempt (server-webapp.rules) * 1:53332 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Ryuk variant payload download attempt (malware-other.rules) * 1:53347 <-> DISABLED <-> SERVER-WEBAPP Microsoft Exchange Control Panel remote code execution attempt (server-webapp.rules) * 1:53346 <-> DISABLED <-> SERVER-WEBAPP Microsoft Exchange Control Panel remote code execution attempt (server-webapp.rules) * 1:53350 <-> DISABLED <-> SERVER-WEBAPP Microsoft Exchange Control Panel remote code execution attempt (server-webapp.rules) * 1:53351 <-> DISABLED <-> SERVER-WEBAPP Microsoft Exchange Control Panel remote code execution attempt (server-webapp.rules) * 1:53344 <-> DISABLED <-> OS-MOBILE Android Binder use after free exploit attempt (os-mobile.rules) * 1:53345 <-> DISABLED <-> OS-MOBILE Android Binder use after free exploit attempt (os-mobile.rules) * 1:53295 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Generic-7596391-0 download attempt (malware-other.rules) * 1:53290 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generic-7597876-0 download attempt (malware-other.rules) * 1:53292 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Generic-7596389-0 download attempt (malware-other.rules) * 1:53293 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597080-0 download attempt (malware-other.rules) * 1:53286 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597078-0 download attempt (malware-other.rules) * 1:53291 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597112-0 download attempt (malware-other.rules) * 1:53288 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597079-0 download attempt (malware-other.rules) * 1:53289 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597111-0 download attempt (malware-other.rules) * 1:53282 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Zeroll-7596435-0 download attempt (malware-other.rules) * 1:53287 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Zeroll-7596437-0 download attempt (malware-other.rules) * 1:53284 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Vebzenpak-7597842-0 download attempt (malware-other.rules) * 1:53285 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597077-0 download attempt (malware-other.rules) * 1:53278 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597060-0 download attempt (malware-other.rules) * 1:53283 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Xtrat-7597808-0 download attempt (malware-other.rules) * 1:53280 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597094-0 download attempt (malware-other.rules) * 1:53281 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597061-0 download attempt (malware-other.rules) * 1:53274 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597092-0 download attempt (malware-other.rules) * 1:53279 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Generic-7596410-0 download attempt (malware-other.rules) * 1:53276 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597059-0 download attempt (malware-other.rules) * 1:53277 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Zeroll-7596409-0 download attempt (malware-other.rules) * 1:53270 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Generic-7596403-0 download attempt (malware-other.rules) * 1:53275 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Zeroll-7596408-0 download attempt (malware-other.rules) * 1:53272 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Gamarue-7596406-0 download attempt (malware-other.rules) * 1:53273 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597058-0 download attempt (malware-other.rules) * 1:53271 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Zeroll-7596404-0 download attempt (malware-other.rules) * 1:53297 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zbot-7597775-0 download attempt (malware-other.rules) * 1:53299 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597114-0 download attempt (malware-other.rules) * 1:53296 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597081-0 download attempt (malware-other.rules) * 1:53318 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597086-0 download attempt (malware-other.rules) * 1:53294 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Generic-7596390-0 download attempt (malware-other.rules) * 1:53314 <-> DISABLED <-> MALWARE-OTHER Win.Keylogger.Banbra-7597779-0 download attempt (malware-other.rules) * 1:53319 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597087-0 download attempt (malware-other.rules) * 1:53316 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597053-0 download attempt (malware-other.rules) * 1:53317 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Generic-7596399-0 download attempt (malware-other.rules) * 1:53310 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Xtrat-7597778-0 download attempt (malware-other.rules) * 1:53315 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597118-0 download attempt (malware-other.rules) * 1:53312 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597052-0 download attempt (malware-other.rules) * 1:53313 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Generic-7596398-0 download attempt (malware-other.rules) * 1:53306 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597084-0 download attempt (malware-other.rules) * 1:53311 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597117-0 download attempt (malware-other.rules) * 1:53308 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597051-0 download attempt (malware-other.rules) * 1:53309 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Generic-7596397-0 download attempt (malware-other.rules) * 1:53302 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597115-0 download attempt (malware-other.rules) * 1:53307 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597116-0 download attempt (malware-other.rules) * 1:53304 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generic-7596394-0 download attempt (malware-other.rules) * 1:53305 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597050-0 download attempt (malware-other.rules) * 1:53298 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Filerepmalware-7596392-0 download attempt (malware-other.rules) * 1:53303 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597083-0 download attempt (malware-other.rules) * 1:53300 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597049-0 download attempt (malware-other.rules) * 1:53301 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Zbot-7596393-0 download attempt (malware-other.rules) * 1:53321 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597120-0 download attempt (malware-other.rules) * 1:53324 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597089-0 download attempt (malware-other.rules) * 1:53320 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597054-0 download attempt (malware-other.rules) * 1:53323 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597055-0 download attempt (malware-other.rules) * 1:53330 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Jaik-7597790-0 download attempt (malware-other.rules) * 1:53331 <-> DISABLED <-> POLICY-OTHER Wake-on-LAN magic packet attempt (policy-other.rules) * 1:53329 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597057-0 download attempt (malware-other.rules) * 1:53326 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597056-0 download attempt (malware-other.rules) * 1:53327 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Midie-7597854-0 download attempt (malware-other.rules) * 1:53328 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597090-0 download attempt (malware-other.rules) * 1:53325 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Szq7apnib-7597786-0 download attempt (malware-other.rules) * 1:53322 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Leer-7597784-0 download attempt (malware-other.rules) * 1:53343 <-> DISABLED <-> BROWSER-CHROME Google Chrome V8 Turbofan Array pop type confusion attempt (browser-chrome.rules)
* 1:44489 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (policy-other.rules) * 1:44484 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (policy-other.rules) * 1:44485 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (policy-other.rules) * 1:44487 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (policy-other.rules) * 1:44486 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (policy-other.rules) * 1:44488 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (policy-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091101.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:53351 <-> DISABLED <-> SERVER-WEBAPP Microsoft Exchange Control Panel remote code execution attempt (server-webapp.rules) * 1:53336 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Ryuk variant payload download attempt (malware-other.rules) * 1:53335 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Ryuk variant payload download attempt (malware-other.rules) * 1:53334 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Agent variant payload download attempt (malware-other.rules) * 1:53333 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Ryuk variant payload download attempt (malware-other.rules) * 1:53344 <-> DISABLED <-> OS-MOBILE Android Binder use after free exploit attempt (os-mobile.rules) * 1:53345 <-> DISABLED <-> OS-MOBILE Android Binder use after free exploit attempt (os-mobile.rules) * 1:53341 <-> ENABLED <-> SERVER-APACHE Apache Tomcat AJP connector arbitrary file access attempt (server-apache.rules) * 1:53340 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ftcode variant download attempt (malware-cnc.rules) * 1:53339 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ftcode variant download attempt (malware-cnc.rules) * 1:53337 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Agent variant payload download attempt (malware-other.rules) * 1:53347 <-> DISABLED <-> SERVER-WEBAPP Microsoft Exchange Control Panel remote code execution attempt (server-webapp.rules) * 1:53338 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ftcode variant outbound communication attempt (malware-cnc.rules) * 1:53342 <-> DISABLED <-> BROWSER-CHROME Google Chrome V8 Turbofan Array pop type confusion attempt (browser-chrome.rules) * 1:53350 <-> DISABLED <-> SERVER-WEBAPP Microsoft Exchange Control Panel remote code execution attempt (server-webapp.rules) * 1:53349 <-> DISABLED <-> SERVER-WEBAPP Microsoft Exchange Control Panel remote code execution attempt (server-webapp.rules) * 1:53346 <-> DISABLED <-> SERVER-WEBAPP Microsoft Exchange Control Panel remote code execution attempt (server-webapp.rules) * 1:53348 <-> DISABLED <-> SERVER-WEBAPP Microsoft Exchange Control Panel remote code execution attempt (server-webapp.rules) * 1:53270 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Generic-7596403-0 download attempt (malware-other.rules) * 1:53271 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Zeroll-7596404-0 download attempt (malware-other.rules) * 1:53272 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Gamarue-7596406-0 download attempt (malware-other.rules) * 1:53273 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597058-0 download attempt (malware-other.rules) * 1:53274 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597092-0 download attempt (malware-other.rules) * 1:53275 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Zeroll-7596408-0 download attempt (malware-other.rules) * 1:53276 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597059-0 download attempt (malware-other.rules) * 1:53277 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Zeroll-7596409-0 download attempt (malware-other.rules) * 1:53278 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597060-0 download attempt (malware-other.rules) * 1:53279 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Generic-7596410-0 download attempt (malware-other.rules) * 1:53280 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597094-0 download attempt (malware-other.rules) * 1:53281 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597061-0 download attempt (malware-other.rules) * 1:53282 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Zeroll-7596435-0 download attempt (malware-other.rules) * 1:53283 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Xtrat-7597808-0 download attempt (malware-other.rules) * 1:53284 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Vebzenpak-7597842-0 download attempt (malware-other.rules) * 1:53285 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597077-0 download attempt (malware-other.rules) * 1:53286 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597078-0 download attempt (malware-other.rules) * 1:53287 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Zeroll-7596437-0 download attempt (malware-other.rules) * 1:53288 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597079-0 download attempt (malware-other.rules) * 1:53289 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597111-0 download attempt (malware-other.rules) * 1:53290 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generic-7597876-0 download attempt (malware-other.rules) * 1:53291 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597112-0 download attempt (malware-other.rules) * 1:53292 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Generic-7596389-0 download attempt (malware-other.rules) * 1:53293 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597080-0 download attempt (malware-other.rules) * 1:53331 <-> DISABLED <-> POLICY-OTHER Wake-on-LAN magic packet attempt (policy-other.rules) * 1:53294 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Generic-7596390-0 download attempt (malware-other.rules) * 1:53295 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Generic-7596391-0 download attempt (malware-other.rules) * 1:53296 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597081-0 download attempt (malware-other.rules) * 1:53297 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zbot-7597775-0 download attempt (malware-other.rules) * 1:53298 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Filerepmalware-7596392-0 download attempt (malware-other.rules) * 1:53299 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597114-0 download attempt (malware-other.rules) * 1:53300 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597049-0 download attempt (malware-other.rules) * 1:53301 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Zbot-7596393-0 download attempt (malware-other.rules) * 1:53302 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597115-0 download attempt (malware-other.rules) * 1:53303 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597083-0 download attempt (malware-other.rules) * 1:53304 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generic-7596394-0 download attempt (malware-other.rules) * 1:53305 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597050-0 download attempt (malware-other.rules) * 1:53306 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597084-0 download attempt (malware-other.rules) * 1:53307 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597116-0 download attempt (malware-other.rules) * 1:53308 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597051-0 download attempt (malware-other.rules) * 1:53309 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Generic-7596397-0 download attempt (malware-other.rules) * 1:53310 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Xtrat-7597778-0 download attempt (malware-other.rules) * 1:53311 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597117-0 download attempt (malware-other.rules) * 1:53312 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597052-0 download attempt (malware-other.rules) * 1:53313 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Generic-7596398-0 download attempt (malware-other.rules) * 1:53314 <-> DISABLED <-> MALWARE-OTHER Win.Keylogger.Banbra-7597779-0 download attempt (malware-other.rules) * 1:53315 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597118-0 download attempt (malware-other.rules) * 1:53316 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597053-0 download attempt (malware-other.rules) * 1:53317 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Generic-7596399-0 download attempt (malware-other.rules) * 1:53318 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597086-0 download attempt (malware-other.rules) * 1:53319 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597087-0 download attempt (malware-other.rules) * 1:53320 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597054-0 download attempt (malware-other.rules) * 1:53321 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597120-0 download attempt (malware-other.rules) * 1:53322 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Leer-7597784-0 download attempt (malware-other.rules) * 1:53323 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597055-0 download attempt (malware-other.rules) * 1:53324 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597089-0 download attempt (malware-other.rules) * 1:53325 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Szq7apnib-7597786-0 download attempt (malware-other.rules) * 1:53326 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597056-0 download attempt (malware-other.rules) * 1:53327 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Midie-7597854-0 download attempt (malware-other.rules) * 1:53328 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597090-0 download attempt (malware-other.rules) * 1:53329 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597057-0 download attempt (malware-other.rules) * 1:53330 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Jaik-7597790-0 download attempt (malware-other.rules) * 1:53332 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Ryuk variant payload download attempt (malware-other.rules) * 1:53343 <-> DISABLED <-> BROWSER-CHROME Google Chrome V8 Turbofan Array pop type confusion attempt (browser-chrome.rules)
* 1:44484 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (policy-other.rules) * 1:44485 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (policy-other.rules) * 1:44489 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (policy-other.rules) * 1:44488 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (policy-other.rules) * 1:44487 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (policy-other.rules) * 1:44486 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (policy-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3000.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:53345 <-> DISABLED <-> OS-MOBILE Android Binder use after free exploit attempt (snort3-os-mobile.rules) * 1:53336 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Ryuk variant payload download attempt (snort3-malware-other.rules) * 1:53340 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ftcode variant download attempt (snort3-malware-cnc.rules) * 1:53333 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Ryuk variant payload download attempt (snort3-malware-other.rules) * 1:53334 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Agent variant payload download attempt (snort3-malware-other.rules) * 1:53341 <-> ENABLED <-> SERVER-APACHE Apache Tomcat AJP connector arbitrary file access attempt (snort3-server-apache.rules) * 1:53335 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Ryuk variant payload download attempt (snort3-malware-other.rules) * 1:53339 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ftcode variant download attempt (snort3-malware-cnc.rules) * 1:53337 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Agent variant payload download attempt (snort3-malware-other.rules) * 1:53347 <-> DISABLED <-> SERVER-WEBAPP Microsoft Exchange Control Panel remote code execution attempt (snort3-server-webapp.rules) * 1:53338 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ftcode variant outbound communication attempt (snort3-malware-cnc.rules) * 1:53344 <-> DISABLED <-> OS-MOBILE Android Binder use after free exploit attempt (snort3-os-mobile.rules) * 1:53348 <-> DISABLED <-> SERVER-WEBAPP Microsoft Exchange Control Panel remote code execution attempt (snort3-server-webapp.rules) * 1:53349 <-> DISABLED <-> SERVER-WEBAPP Microsoft Exchange Control Panel remote code execution attempt (snort3-server-webapp.rules) * 1:53350 <-> DISABLED <-> SERVER-WEBAPP Microsoft Exchange Control Panel remote code execution attempt (snort3-server-webapp.rules) * 1:53351 <-> DISABLED <-> SERVER-WEBAPP Microsoft Exchange Control Panel remote code execution attempt (snort3-server-webapp.rules) * 1:53346 <-> DISABLED <-> SERVER-WEBAPP Microsoft Exchange Control Panel remote code execution attempt (snort3-server-webapp.rules) * 1:53342 <-> DISABLED <-> BROWSER-CHROME Google Chrome V8 Turbofan Array pop type confusion attempt (snort3-browser-chrome.rules) * 1:53331 <-> DISABLED <-> POLICY-OTHER Wake-on-LAN magic packet attempt (snort3-policy-other.rules) * 1:53270 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Generic-7596403-0 download attempt (snort3-malware-other.rules) * 1:53271 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Zeroll-7596404-0 download attempt (snort3-malware-other.rules) * 1:53272 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Gamarue-7596406-0 download attempt (snort3-malware-other.rules) * 1:53273 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597058-0 download attempt (snort3-malware-other.rules) * 1:53274 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597092-0 download attempt (snort3-malware-other.rules) * 1:53275 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Zeroll-7596408-0 download attempt (snort3-malware-other.rules) * 1:53276 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597059-0 download attempt (snort3-malware-other.rules) * 1:53277 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Zeroll-7596409-0 download attempt (snort3-malware-other.rules) * 1:53278 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597060-0 download attempt (snort3-malware-other.rules) * 1:53279 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Generic-7596410-0 download attempt (snort3-malware-other.rules) * 1:53280 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597094-0 download attempt (snort3-malware-other.rules) * 1:53281 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597061-0 download attempt (snort3-malware-other.rules) * 1:53282 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Zeroll-7596435-0 download attempt (snort3-malware-other.rules) * 1:53283 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Xtrat-7597808-0 download attempt (snort3-malware-other.rules) * 1:53284 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Vebzenpak-7597842-0 download attempt (snort3-malware-other.rules) * 1:53285 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597077-0 download attempt (snort3-malware-other.rules) * 1:53286 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597078-0 download attempt (snort3-malware-other.rules) * 1:53287 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Zeroll-7596437-0 download attempt (snort3-malware-other.rules) * 1:53288 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597079-0 download attempt (snort3-malware-other.rules) * 1:53289 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597111-0 download attempt (snort3-malware-other.rules) * 1:53290 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generic-7597876-0 download attempt (snort3-malware-other.rules) * 1:53291 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597112-0 download attempt (snort3-malware-other.rules) * 1:53332 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Ryuk variant payload download attempt (snort3-malware-other.rules) * 1:53343 <-> DISABLED <-> BROWSER-CHROME Google Chrome V8 Turbofan Array pop type confusion attempt (snort3-browser-chrome.rules) * 1:53292 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Generic-7596389-0 download attempt (snort3-malware-other.rules) * 1:53293 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597080-0 download attempt (snort3-malware-other.rules) * 1:53294 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Generic-7596390-0 download attempt (snort3-malware-other.rules) * 1:53295 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Generic-7596391-0 download attempt (snort3-malware-other.rules) * 1:53296 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597081-0 download attempt (snort3-malware-other.rules) * 1:53297 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zbot-7597775-0 download attempt (snort3-malware-other.rules) * 1:53298 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Filerepmalware-7596392-0 download attempt (snort3-malware-other.rules) * 1:53299 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597114-0 download attempt (snort3-malware-other.rules) * 1:53300 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597049-0 download attempt (snort3-malware-other.rules) * 1:53301 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Zbot-7596393-0 download attempt (snort3-malware-other.rules) * 1:53302 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597115-0 download attempt (snort3-malware-other.rules) * 1:53303 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597083-0 download attempt (snort3-malware-other.rules) * 1:53304 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generic-7596394-0 download attempt (snort3-malware-other.rules) * 1:53305 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597050-0 download attempt (snort3-malware-other.rules) * 1:53306 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597084-0 download attempt (snort3-malware-other.rules) * 1:53307 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597116-0 download attempt (snort3-malware-other.rules) * 1:53308 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597051-0 download attempt (snort3-malware-other.rules) * 1:53309 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Generic-7596397-0 download attempt (snort3-malware-other.rules) * 1:53310 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Xtrat-7597778-0 download attempt (snort3-malware-other.rules) * 1:53311 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597117-0 download attempt (snort3-malware-other.rules) * 1:53312 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597052-0 download attempt (snort3-malware-other.rules) * 1:53313 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Generic-7596398-0 download attempt (snort3-malware-other.rules) * 1:53314 <-> DISABLED <-> MALWARE-OTHER Win.Keylogger.Banbra-7597779-0 download attempt (snort3-malware-other.rules) * 1:53315 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597118-0 download attempt (snort3-malware-other.rules) * 1:53316 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597053-0 download attempt (snort3-malware-other.rules) * 1:53317 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Generic-7596399-0 download attempt (snort3-malware-other.rules) * 1:53318 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597086-0 download attempt (snort3-malware-other.rules) * 1:53319 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597087-0 download attempt (snort3-malware-other.rules) * 1:53320 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597054-0 download attempt (snort3-malware-other.rules) * 1:53321 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597120-0 download attempt (snort3-malware-other.rules) * 1:53322 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Leer-7597784-0 download attempt (snort3-malware-other.rules) * 1:53323 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597055-0 download attempt (snort3-malware-other.rules) * 1:53324 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597089-0 download attempt (snort3-malware-other.rules) * 1:53325 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Szq7apnib-7597786-0 download attempt (snort3-malware-other.rules) * 1:53326 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597056-0 download attempt (snort3-malware-other.rules) * 1:53327 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Midie-7597854-0 download attempt (snort3-malware-other.rules) * 1:53328 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597090-0 download attempt (snort3-malware-other.rules) * 1:53329 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597057-0 download attempt (snort3-malware-other.rules) * 1:53330 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Jaik-7597790-0 download attempt (snort3-malware-other.rules)
* 1:44487 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (snort3-policy-other.rules) * 1:44484 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (snort3-policy-other.rules) * 1:44485 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (snort3-policy-other.rules) * 1:44489 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (snort3-policy-other.rules) * 1:44486 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (snort3-policy-other.rules) * 1:44488 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (snort3-policy-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:53340 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ftcode variant download attempt (malware-cnc.rules) * 1:53336 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Ryuk variant payload download attempt (malware-other.rules) * 1:53339 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ftcode variant download attempt (malware-cnc.rules) * 1:53341 <-> ENABLED <-> SERVER-APACHE Apache Tomcat AJP connector arbitrary file access attempt (server-apache.rules) * 1:53333 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Ryuk variant payload download attempt (malware-other.rules) * 1:53334 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Agent variant payload download attempt (malware-other.rules) * 1:53344 <-> DISABLED <-> OS-MOBILE Android Binder use after free exploit attempt (os-mobile.rules) * 1:53335 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Ryuk variant payload download attempt (malware-other.rules) * 1:53338 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ftcode variant outbound communication attempt (malware-cnc.rules) * 1:53343 <-> DISABLED <-> BROWSER-CHROME Google Chrome V8 Turbofan Array pop type confusion attempt (browser-chrome.rules) * 1:53337 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Agent variant payload download attempt (malware-other.rules) * 1:53331 <-> DISABLED <-> POLICY-OTHER Wake-on-LAN magic packet attempt (policy-other.rules) * 1:53346 <-> DISABLED <-> SERVER-WEBAPP Microsoft Exchange Control Panel remote code execution attempt (server-webapp.rules) * 1:53348 <-> DISABLED <-> SERVER-WEBAPP Microsoft Exchange Control Panel remote code execution attempt (server-webapp.rules) * 1:53332 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Ryuk variant payload download attempt (malware-other.rules) * 1:53347 <-> DISABLED <-> SERVER-WEBAPP Microsoft Exchange Control Panel remote code execution attempt (server-webapp.rules) * 1:53350 <-> DISABLED <-> SERVER-WEBAPP Microsoft Exchange Control Panel remote code execution attempt (server-webapp.rules) * 1:53351 <-> DISABLED <-> SERVER-WEBAPP Microsoft Exchange Control Panel remote code execution attempt (server-webapp.rules) * 1:53349 <-> DISABLED <-> SERVER-WEBAPP Microsoft Exchange Control Panel remote code execution attempt (server-webapp.rules) * 1:53342 <-> DISABLED <-> BROWSER-CHROME Google Chrome V8 Turbofan Array pop type confusion attempt (browser-chrome.rules) * 1:53270 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Generic-7596403-0 download attempt (malware-other.rules) * 1:53271 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Zeroll-7596404-0 download attempt (malware-other.rules) * 1:53272 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Gamarue-7596406-0 download attempt (malware-other.rules) * 1:53273 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597058-0 download attempt (malware-other.rules) * 1:53274 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597092-0 download attempt (malware-other.rules) * 1:53275 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Zeroll-7596408-0 download attempt (malware-other.rules) * 1:53276 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597059-0 download attempt (malware-other.rules) * 1:53277 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Zeroll-7596409-0 download attempt (malware-other.rules) * 1:53278 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597060-0 download attempt (malware-other.rules) * 1:53279 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Generic-7596410-0 download attempt (malware-other.rules) * 1:53280 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597094-0 download attempt (malware-other.rules) * 1:53281 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597061-0 download attempt (malware-other.rules) * 1:53282 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Zeroll-7596435-0 download attempt (malware-other.rules) * 1:53283 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Xtrat-7597808-0 download attempt (malware-other.rules) * 1:53284 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Vebzenpak-7597842-0 download attempt (malware-other.rules) * 1:53285 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597077-0 download attempt (malware-other.rules) * 1:53286 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597078-0 download attempt (malware-other.rules) * 1:53287 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Zeroll-7596437-0 download attempt (malware-other.rules) * 1:53288 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597079-0 download attempt (malware-other.rules) * 1:53289 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597111-0 download attempt (malware-other.rules) * 1:53290 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generic-7597876-0 download attempt (malware-other.rules) * 1:53291 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597112-0 download attempt (malware-other.rules) * 1:53292 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Generic-7596389-0 download attempt (malware-other.rules) * 1:53293 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597080-0 download attempt (malware-other.rules) * 1:53294 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Generic-7596390-0 download attempt (malware-other.rules) * 1:53295 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Generic-7596391-0 download attempt (malware-other.rules) * 1:53296 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597081-0 download attempt (malware-other.rules) * 1:53297 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zbot-7597775-0 download attempt (malware-other.rules) * 1:53298 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Filerepmalware-7596392-0 download attempt (malware-other.rules) * 1:53299 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597114-0 download attempt (malware-other.rules) * 1:53300 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597049-0 download attempt (malware-other.rules) * 1:53301 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Zbot-7596393-0 download attempt (malware-other.rules) * 1:53302 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597115-0 download attempt (malware-other.rules) * 1:53303 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597083-0 download attempt (malware-other.rules) * 1:53304 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generic-7596394-0 download attempt (malware-other.rules) * 1:53305 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597050-0 download attempt (malware-other.rules) * 1:53306 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597084-0 download attempt (malware-other.rules) * 1:53307 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597116-0 download attempt (malware-other.rules) * 1:53308 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597051-0 download attempt (malware-other.rules) * 1:53309 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Generic-7596397-0 download attempt (malware-other.rules) * 1:53310 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Xtrat-7597778-0 download attempt (malware-other.rules) * 1:53311 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597117-0 download attempt (malware-other.rules) * 1:53312 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597052-0 download attempt (malware-other.rules) * 1:53313 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Generic-7596398-0 download attempt (malware-other.rules) * 1:53314 <-> DISABLED <-> MALWARE-OTHER Win.Keylogger.Banbra-7597779-0 download attempt (malware-other.rules) * 1:53315 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597118-0 download attempt (malware-other.rules) * 1:53316 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597053-0 download attempt (malware-other.rules) * 1:53317 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Generic-7596399-0 download attempt (malware-other.rules) * 1:53318 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597086-0 download attempt (malware-other.rules) * 1:53319 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597087-0 download attempt (malware-other.rules) * 1:53320 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597054-0 download attempt (malware-other.rules) * 1:53321 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597120-0 download attempt (malware-other.rules) * 1:53322 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Leer-7597784-0 download attempt (malware-other.rules) * 1:53345 <-> DISABLED <-> OS-MOBILE Android Binder use after free exploit attempt (os-mobile.rules) * 1:53323 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597055-0 download attempt (malware-other.rules) * 1:53324 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597089-0 download attempt (malware-other.rules) * 1:53325 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Szq7apnib-7597786-0 download attempt (malware-other.rules) * 1:53326 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597056-0 download attempt (malware-other.rules) * 1:53327 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Midie-7597854-0 download attempt (malware-other.rules) * 1:53328 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597090-0 download attempt (malware-other.rules) * 1:53329 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597057-0 download attempt (malware-other.rules) * 1:53330 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Jaik-7597790-0 download attempt (malware-other.rules)
* 1:44485 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (policy-other.rules) * 1:44488 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (policy-other.rules) * 1:44487 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (policy-other.rules) * 1:44486 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (policy-other.rules) * 1:44484 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (policy-other.rules) * 1:44489 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (policy-other.rules)
©2024 Cisco and/or its affiliates. Snort, the Snort and Pig logo are registered trademarks of Cisco. All rights reserved.
