Talos Rules 2020-02-26
This release adds and modifies rules in several categories.

Talos has added and modified multiple rules in the browser-chrome, malware-cnc, malware-other, os-mobile, policy-other and server-webapp rule sets to provide coverage for emerging threats from these technologies.

Change logs

2020-02-26 13:26:05 UTC

Snort Subscriber Rules Update

Date: 2020-02-26

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091501.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:53276 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597059-0 download attempt (malware-other.rules)
 * 1:53275 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Zeroll-7596408-0 download attempt (malware-other.rules)
 * 1:53274 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597092-0 download attempt (malware-other.rules)
 * 1:53273 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597058-0 download attempt (malware-other.rules)
 * 1:53272 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Gamarue-7596406-0 download attempt (malware-other.rules)
 * 1:53271 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Zeroll-7596404-0 download attempt (malware-other.rules)
 * 1:53270 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Generic-7596403-0 download attempt (malware-other.rules)
 * 1:53282 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Zeroll-7596435-0 download attempt (malware-other.rules)
 * 1:53279 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Generic-7596410-0 download attempt (malware-other.rules)
 * 1:53278 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597060-0 download attempt (malware-other.rules)
 * 1:53277 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Zeroll-7596409-0 download attempt (malware-other.rules)
 * 1:53281 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597061-0 download attempt (malware-other.rules)
 * 1:53280 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597094-0 download attempt (malware-other.rules)
 * 1:53283 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Xtrat-7597808-0 download attempt (malware-other.rules)
 * 1:53286 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597078-0 download attempt (malware-other.rules)
 * 1:53285 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597077-0 download attempt (malware-other.rules)
 * 1:53284 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Vebzenpak-7597842-0 download attempt (malware-other.rules)
 * 1:53288 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597079-0 download attempt (malware-other.rules)
 * 1:53287 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Zeroll-7596437-0 download attempt (malware-other.rules)
 * 1:53289 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597111-0 download attempt (malware-other.rules)
 * 1:53327 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Midie-7597854-0 download attempt (malware-other.rules)
 * 1:53310 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Xtrat-7597778-0 download attempt (malware-other.rules)
 * 1:53309 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Generic-7596397-0 download attempt (malware-other.rules)
 * 1:53308 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597051-0 download attempt (malware-other.rules)
 * 1:53307 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597116-0 download attempt (malware-other.rules)
 * 1:53306 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597084-0 download attempt (malware-other.rules)
 * 1:53305 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597050-0 download attempt (malware-other.rules)
 * 1:53304 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generic-7596394-0 download attempt (malware-other.rules)
 * 1:53303 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597083-0 download attempt (malware-other.rules)
 * 1:53302 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597115-0 download attempt (malware-other.rules)
 * 1:53301 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Zbot-7596393-0 download attempt (malware-other.rules)
 * 1:53300 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597049-0 download attempt (malware-other.rules)
 * 1:53299 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597114-0 download attempt (malware-other.rules)
 * 1:53298 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Filerepmalware-7596392-0 download attempt (malware-other.rules)
 * 1:53297 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zbot-7597775-0 download attempt (malware-other.rules)
 * 1:53296 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597081-0 download attempt (malware-other.rules)
 * 1:53295 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Generic-7596391-0 download attempt (malware-other.rules)
 * 1:53294 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Generic-7596390-0 download attempt (malware-other.rules)
 * 1:53293 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597080-0 download attempt (malware-other.rules)
 * 1:53292 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Generic-7596389-0 download attempt (malware-other.rules)
 * 1:53291 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597112-0 download attempt (malware-other.rules)
 * 1:53290 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generic-7597876-0 download attempt (malware-other.rules)
 * 1:53326 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597056-0 download attempt (malware-other.rules)
 * 1:53325 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Szq7apnib-7597786-0 download attempt (malware-other.rules)
 * 1:53324 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597089-0 download attempt (malware-other.rules)
 * 1:53323 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597055-0 download attempt (malware-other.rules)
 * 1:53322 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Leer-7597784-0 download attempt (malware-other.rules)
 * 1:53321 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597120-0 download attempt (malware-other.rules)
 * 1:53320 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597054-0 download attempt (malware-other.rules)
 * 1:53319 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597087-0 download attempt (malware-other.rules)
 * 1:53318 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597086-0 download attempt (malware-other.rules)
 * 1:53317 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Generic-7596399-0 download attempt (malware-other.rules)
 * 1:53316 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597053-0 download attempt (malware-other.rules)
 * 1:53315 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597118-0 download attempt (malware-other.rules)
 * 1:53314 <-> DISABLED <-> MALWARE-OTHER Win.Keylogger.Banbra-7597779-0 download attempt (malware-other.rules)
 * 1:53313 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Generic-7596398-0 download attempt (malware-other.rules)
 * 1:53312 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597052-0 download attempt (malware-other.rules)
 * 1:53311 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597117-0 download attempt (malware-other.rules)
 * 1:53348 <-> DISABLED <-> SERVER-WEBAPP Microsoft Exchange Control Panel remote code execution attempt (server-webapp.rules)
 * 1:53347 <-> DISABLED <-> SERVER-WEBAPP Microsoft Exchange Control Panel remote code execution attempt (server-webapp.rules)
 * 1:53346 <-> DISABLED <-> SERVER-WEBAPP Microsoft Exchange Control Panel remote code execution attempt (server-webapp.rules)
 * 1:53345 <-> DISABLED <-> OS-MOBILE Android Binder use after free exploit attempt (os-mobile.rules)
 * 1:53344 <-> DISABLED <-> OS-MOBILE Android Binder use after free exploit attempt (os-mobile.rules)
 * 1:53343 <-> DISABLED <-> BROWSER-CHROME Google Chrome V8 Turbofan Array pop type confusion attempt (browser-chrome.rules)
 * 1:53342 <-> DISABLED <-> BROWSER-CHROME Google Chrome V8 Turbofan Array pop type confusion attempt (browser-chrome.rules)
 * 1:53341 <-> ENABLED <-> SERVER-APACHE Apache Tomcat AJP connector arbitrary file access attempt (server-apache.rules)
 * 1:53340 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ftcode variant download attempt (malware-cnc.rules)
 * 1:53339 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ftcode variant download attempt (malware-cnc.rules)
 * 1:53338 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ftcode variant outbound communication attempt (malware-cnc.rules)
 * 1:53337 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Agent variant payload download attempt (malware-other.rules)
 * 1:53336 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Ryuk variant payload download attempt (malware-other.rules)
 * 1:53335 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Ryuk variant payload download attempt (malware-other.rules)
 * 1:53334 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Agent variant payload download attempt (malware-other.rules)
 * 1:53333 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Ryuk variant payload download attempt (malware-other.rules)
 * 1:53332 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Ryuk variant payload download attempt (malware-other.rules)
 * 1:53331 <-> DISABLED <-> POLICY-OTHER Wake-on-LAN magic packet attempt (policy-other.rules)
 * 1:53330 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Jaik-7597790-0 download attempt (malware-other.rules)
 * 1:53329 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597057-0 download attempt (malware-other.rules)
 * 1:53328 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597090-0 download attempt (malware-other.rules)
 * 1:53351 <-> DISABLED <-> SERVER-WEBAPP Microsoft Exchange Control Panel remote code execution attempt (server-webapp.rules)
 * 1:53350 <-> DISABLED <-> SERVER-WEBAPP Microsoft Exchange Control Panel remote code execution attempt (server-webapp.rules)
 * 1:53349 <-> DISABLED <-> SERVER-WEBAPP Microsoft Exchange Control Panel remote code execution attempt (server-webapp.rules)

Modified Rules:


 * 1:44484 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (policy-other.rules)
 * 1:44485 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (policy-other.rules)
 * 1:44486 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (policy-other.rules)
 * 1:44487 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (policy-other.rules)
 * 1:44489 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (policy-other.rules)
 * 1:44488 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (policy-other.rules)

2020-02-26 13:26:05 UTC

Snort Subscriber Rules Update

Date: 2020-02-26

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091500.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:53333 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Ryuk variant payload download attempt (malware-other.rules)
 * 1:53343 <-> DISABLED <-> BROWSER-CHROME Google Chrome V8 Turbofan Array pop type confusion attempt (browser-chrome.rules)
 * 1:53342 <-> DISABLED <-> BROWSER-CHROME Google Chrome V8 Turbofan Array pop type confusion attempt (browser-chrome.rules)
 * 1:53341 <-> ENABLED <-> SERVER-APACHE Apache Tomcat AJP connector arbitrary file access attempt (server-apache.rules)
 * 1:53340 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ftcode variant download attempt (malware-cnc.rules)
 * 1:53339 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ftcode variant download attempt (malware-cnc.rules)
 * 1:53338 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ftcode variant outbound communication attempt (malware-cnc.rules)
 * 1:53337 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Agent variant payload download attempt (malware-other.rules)
 * 1:53334 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Agent variant payload download attempt (malware-other.rules)
 * 1:53335 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Ryuk variant payload download attempt (malware-other.rules)
 * 1:53336 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Ryuk variant payload download attempt (malware-other.rules)
 * 1:53346 <-> DISABLED <-> SERVER-WEBAPP Microsoft Exchange Control Panel remote code execution attempt (server-webapp.rules)
 * 1:53344 <-> DISABLED <-> OS-MOBILE Android Binder use after free exploit attempt (os-mobile.rules)
 * 1:53345 <-> DISABLED <-> OS-MOBILE Android Binder use after free exploit attempt (os-mobile.rules)
 * 1:53351 <-> DISABLED <-> SERVER-WEBAPP Microsoft Exchange Control Panel remote code execution attempt (server-webapp.rules)
 * 1:53350 <-> DISABLED <-> SERVER-WEBAPP Microsoft Exchange Control Panel remote code execution attempt (server-webapp.rules)
 * 1:53349 <-> DISABLED <-> SERVER-WEBAPP Microsoft Exchange Control Panel remote code execution attempt (server-webapp.rules)
 * 1:53348 <-> DISABLED <-> SERVER-WEBAPP Microsoft Exchange Control Panel remote code execution attempt (server-webapp.rules)
 * 1:53347 <-> DISABLED <-> SERVER-WEBAPP Microsoft Exchange Control Panel remote code execution attempt (server-webapp.rules)
 * 1:53332 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Ryuk variant payload download attempt (malware-other.rules)
 * 1:53282 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Zeroll-7596435-0 download attempt (malware-other.rules)
 * 1:53283 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Xtrat-7597808-0 download attempt (malware-other.rules)
 * 1:53280 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597094-0 download attempt (malware-other.rules)
 * 1:53281 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597061-0 download attempt (malware-other.rules)
 * 1:53278 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597060-0 download attempt (malware-other.rules)
 * 1:53279 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Generic-7596410-0 download attempt (malware-other.rules)
 * 1:53277 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Zeroll-7596409-0 download attempt (malware-other.rules)
 * 1:53276 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597059-0 download attempt (malware-other.rules)
 * 1:53274 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597092-0 download attempt (malware-other.rules)
 * 1:53275 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Zeroll-7596408-0 download attempt (malware-other.rules)
 * 1:53272 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Gamarue-7596406-0 download attempt (malware-other.rules)
 * 1:53273 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597058-0 download attempt (malware-other.rules)
 * 1:53270 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Generic-7596403-0 download attempt (malware-other.rules)
 * 1:53271 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Zeroll-7596404-0 download attempt (malware-other.rules)
 * 1:53330 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Jaik-7597790-0 download attempt (malware-other.rules)
 * 1:53331 <-> DISABLED <-> POLICY-OTHER Wake-on-LAN magic packet attempt (policy-other.rules)
 * 1:53328 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597090-0 download attempt (malware-other.rules)
 * 1:53329 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597057-0 download attempt (malware-other.rules)
 * 1:53326 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597056-0 download attempt (malware-other.rules)
 * 1:53327 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Midie-7597854-0 download attempt (malware-other.rules)
 * 1:53324 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597089-0 download attempt (malware-other.rules)
 * 1:53325 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Szq7apnib-7597786-0 download attempt (malware-other.rules)
 * 1:53322 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Leer-7597784-0 download attempt (malware-other.rules)
 * 1:53323 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597055-0 download attempt (malware-other.rules)
 * 1:53320 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597054-0 download attempt (malware-other.rules)
 * 1:53321 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597120-0 download attempt (malware-other.rules)
 * 1:53318 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597086-0 download attempt (malware-other.rules)
 * 1:53319 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597087-0 download attempt (malware-other.rules)
 * 1:53316 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597053-0 download attempt (malware-other.rules)
 * 1:53317 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Generic-7596399-0 download attempt (malware-other.rules)
 * 1:53314 <-> DISABLED <-> MALWARE-OTHER Win.Keylogger.Banbra-7597779-0 download attempt (malware-other.rules)
 * 1:53315 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597118-0 download attempt (malware-other.rules)
 * 1:53312 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597052-0 download attempt (malware-other.rules)
 * 1:53313 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Generic-7596398-0 download attempt (malware-other.rules)
 * 1:53310 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Xtrat-7597778-0 download attempt (malware-other.rules)
 * 1:53311 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597117-0 download attempt (malware-other.rules)
 * 1:53308 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597051-0 download attempt (malware-other.rules)
 * 1:53309 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Generic-7596397-0 download attempt (malware-other.rules)
 * 1:53306 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597084-0 download attempt (malware-other.rules)
 * 1:53307 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597116-0 download attempt (malware-other.rules)
 * 1:53304 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generic-7596394-0 download attempt (malware-other.rules)
 * 1:53305 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597050-0 download attempt (malware-other.rules)
 * 1:53302 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597115-0 download attempt (malware-other.rules)
 * 1:53303 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597083-0 download attempt (malware-other.rules)
 * 1:53300 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597049-0 download attempt (malware-other.rules)
 * 1:53301 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Zbot-7596393-0 download attempt (malware-other.rules)
 * 1:53298 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Filerepmalware-7596392-0 download attempt (malware-other.rules)
 * 1:53299 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597114-0 download attempt (malware-other.rules)
 * 1:53296 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597081-0 download attempt (malware-other.rules)
 * 1:53297 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zbot-7597775-0 download attempt (malware-other.rules)
 * 1:53294 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Generic-7596390-0 download attempt (malware-other.rules)
 * 1:53295 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Generic-7596391-0 download attempt (malware-other.rules)
 * 1:53292 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Generic-7596389-0 download attempt (malware-other.rules)
 * 1:53293 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597080-0 download attempt (malware-other.rules)
 * 1:53290 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generic-7597876-0 download attempt (malware-other.rules)
 * 1:53291 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597112-0 download attempt (malware-other.rules)
 * 1:53288 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597079-0 download attempt (malware-other.rules)
 * 1:53289 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597111-0 download attempt (malware-other.rules)
 * 1:53286 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597078-0 download attempt (malware-other.rules)
 * 1:53287 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Zeroll-7596437-0 download attempt (malware-other.rules)
 * 1:53284 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Vebzenpak-7597842-0 download attempt (malware-other.rules)
 * 1:53285 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597077-0 download attempt (malware-other.rules)

Modified Rules:


 * 1:44484 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (policy-other.rules)
 * 1:44485 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (policy-other.rules)
 * 1:44486 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (policy-other.rules)
 * 1:44487 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (policy-other.rules)
 * 1:44488 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (policy-other.rules)
 * 1:44489 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (policy-other.rules)

2020-02-26 13:26:05 UTC

Snort Subscriber Rules Update

Date: 2020-02-26

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091401.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:53333 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Ryuk variant payload download attempt (malware-other.rules)
 * 1:53341 <-> ENABLED <-> SERVER-APACHE Apache Tomcat AJP connector arbitrary file access attempt (server-apache.rules)
 * 1:53340 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ftcode variant download attempt (malware-cnc.rules)
 * 1:53339 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ftcode variant download attempt (malware-cnc.rules)
 * 1:53338 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ftcode variant outbound communication attempt (malware-cnc.rules)
 * 1:53337 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Agent variant payload download attempt (malware-other.rules)
 * 1:53335 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Ryuk variant payload download attempt (malware-other.rules)
 * 1:53336 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Ryuk variant payload download attempt (malware-other.rules)
 * 1:53334 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Agent variant payload download attempt (malware-other.rules)
 * 1:53329 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597057-0 download attempt (malware-other.rules)
 * 1:53351 <-> DISABLED <-> SERVER-WEBAPP Microsoft Exchange Control Panel remote code execution attempt (server-webapp.rules)
 * 1:53350 <-> DISABLED <-> SERVER-WEBAPP Microsoft Exchange Control Panel remote code execution attempt (server-webapp.rules)
 * 1:53349 <-> DISABLED <-> SERVER-WEBAPP Microsoft Exchange Control Panel remote code execution attempt (server-webapp.rules)
 * 1:53348 <-> DISABLED <-> SERVER-WEBAPP Microsoft Exchange Control Panel remote code execution attempt (server-webapp.rules)
 * 1:53347 <-> DISABLED <-> SERVER-WEBAPP Microsoft Exchange Control Panel remote code execution attempt (server-webapp.rules)
 * 1:53346 <-> DISABLED <-> SERVER-WEBAPP Microsoft Exchange Control Panel remote code execution attempt (server-webapp.rules)
 * 1:53345 <-> DISABLED <-> OS-MOBILE Android Binder use after free exploit attempt (os-mobile.rules)
 * 1:53344 <-> DISABLED <-> OS-MOBILE Android Binder use after free exploit attempt (os-mobile.rules)
 * 1:53343 <-> DISABLED <-> BROWSER-CHROME Google Chrome V8 Turbofan Array pop type confusion attempt (browser-chrome.rules)
 * 1:53342 <-> DISABLED <-> BROWSER-CHROME Google Chrome V8 Turbofan Array pop type confusion attempt (browser-chrome.rules)
 * 1:53278 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597060-0 download attempt (malware-other.rules)
 * 1:53332 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Ryuk variant payload download attempt (malware-other.rules)
 * 1:53277 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Zeroll-7596409-0 download attempt (malware-other.rules)
 * 1:53275 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Zeroll-7596408-0 download attempt (malware-other.rules)
 * 1:53276 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597059-0 download attempt (malware-other.rules)
 * 1:53273 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597058-0 download attempt (malware-other.rules)
 * 1:53274 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597092-0 download attempt (malware-other.rules)
 * 1:53271 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Zeroll-7596404-0 download attempt (malware-other.rules)
 * 1:53272 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Gamarue-7596406-0 download attempt (malware-other.rules)
 * 1:53270 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Generic-7596403-0 download attempt (malware-other.rules)
 * 1:53327 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Midie-7597854-0 download attempt (malware-other.rules)
 * 1:53328 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597090-0 download attempt (malware-other.rules)
 * 1:53325 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Szq7apnib-7597786-0 download attempt (malware-other.rules)
 * 1:53326 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597056-0 download attempt (malware-other.rules)
 * 1:53323 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597055-0 download attempt (malware-other.rules)
 * 1:53324 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597089-0 download attempt (malware-other.rules)
 * 1:53321 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597120-0 download attempt (malware-other.rules)
 * 1:53322 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Leer-7597784-0 download attempt (malware-other.rules)
 * 1:53319 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597087-0 download attempt (malware-other.rules)
 * 1:53320 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597054-0 download attempt (malware-other.rules)
 * 1:53317 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Generic-7596399-0 download attempt (malware-other.rules)
 * 1:53318 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597086-0 download attempt (malware-other.rules)
 * 1:53315 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597118-0 download attempt (malware-other.rules)
 * 1:53316 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597053-0 download attempt (malware-other.rules)
 * 1:53313 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Generic-7596398-0 download attempt (malware-other.rules)
 * 1:53314 <-> DISABLED <-> MALWARE-OTHER Win.Keylogger.Banbra-7597779-0 download attempt (malware-other.rules)
 * 1:53311 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597117-0 download attempt (malware-other.rules)
 * 1:53312 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597052-0 download attempt (malware-other.rules)
 * 1:53310 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Xtrat-7597778-0 download attempt (malware-other.rules)
 * 1:53309 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Generic-7596397-0 download attempt (malware-other.rules)
 * 1:53307 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597116-0 download attempt (malware-other.rules)
 * 1:53308 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597051-0 download attempt (malware-other.rules)
 * 1:53305 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597050-0 download attempt (malware-other.rules)
 * 1:53306 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597084-0 download attempt (malware-other.rules)
 * 1:53301 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Zbot-7596393-0 download attempt (malware-other.rules)
 * 1:53304 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generic-7596394-0 download attempt (malware-other.rules)
 * 1:53303 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597083-0 download attempt (malware-other.rules)
 * 1:53302 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597115-0 download attempt (malware-other.rules)
 * 1:53299 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597114-0 download attempt (malware-other.rules)
 * 1:53300 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597049-0 download attempt (malware-other.rules)
 * 1:53297 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zbot-7597775-0 download attempt (malware-other.rules)
 * 1:53298 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Filerepmalware-7596392-0 download attempt (malware-other.rules)
 * 1:53295 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Generic-7596391-0 download attempt (malware-other.rules)
 * 1:53296 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597081-0 download attempt (malware-other.rules)
 * 1:53293 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597080-0 download attempt (malware-other.rules)
 * 1:53294 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Generic-7596390-0 download attempt (malware-other.rules)
 * 1:53291 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597112-0 download attempt (malware-other.rules)
 * 1:53292 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Generic-7596389-0 download attempt (malware-other.rules)
 * 1:53289 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597111-0 download attempt (malware-other.rules)
 * 1:53290 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generic-7597876-0 download attempt (malware-other.rules)
 * 1:53287 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Zeroll-7596437-0 download attempt (malware-other.rules)
 * 1:53288 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597079-0 download attempt (malware-other.rules)
 * 1:53285 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597077-0 download attempt (malware-other.rules)
 * 1:53286 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597078-0 download attempt (malware-other.rules)
 * 1:53283 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Xtrat-7597808-0 download attempt (malware-other.rules)
 * 1:53284 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Vebzenpak-7597842-0 download attempt (malware-other.rules)
 * 1:53281 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597061-0 download attempt (malware-other.rules)
 * 1:53282 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Zeroll-7596435-0 download attempt (malware-other.rules)
 * 1:53279 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Generic-7596410-0 download attempt (malware-other.rules)
 * 1:53280 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597094-0 download attempt (malware-other.rules)
 * 1:53330 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Jaik-7597790-0 download attempt (malware-other.rules)
 * 1:53331 <-> DISABLED <-> POLICY-OTHER Wake-on-LAN magic packet attempt (policy-other.rules)

Modified Rules:


 * 1:44484 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (policy-other.rules)
 * 1:44485 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (policy-other.rules)
 * 1:44486 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (policy-other.rules)
 * 1:44488 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (policy-other.rules)
 * 1:44487 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (policy-other.rules)
 * 1:44489 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (policy-other.rules)

2020-02-26 13:26:05 UTC

Snort Subscriber Rules Update

Date: 2020-02-26

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091300.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:53335 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Ryuk variant payload download attempt (malware-other.rules)
 * 1:53334 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Agent variant payload download attempt (malware-other.rules)
 * 1:53336 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Ryuk variant payload download attempt (malware-other.rules)
 * 1:53333 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Ryuk variant payload download attempt (malware-other.rules)
 * 1:53340 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ftcode variant download attempt (malware-cnc.rules)
 * 1:53339 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ftcode variant download attempt (malware-cnc.rules)
 * 1:53337 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Agent variant payload download attempt (malware-other.rules)
 * 1:53338 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ftcode variant outbound communication attempt (malware-cnc.rules)
 * 1:53342 <-> DISABLED <-> BROWSER-CHROME Google Chrome V8 Turbofan Array pop type confusion attempt (browser-chrome.rules)
 * 1:53341 <-> ENABLED <-> SERVER-APACHE Apache Tomcat AJP connector arbitrary file access attempt (server-apache.rules)
 * 1:53348 <-> DISABLED <-> SERVER-WEBAPP Microsoft Exchange Control Panel remote code execution attempt (server-webapp.rules)
 * 1:53349 <-> DISABLED <-> SERVER-WEBAPP Microsoft Exchange Control Panel remote code execution attempt (server-webapp.rules)
 * 1:53332 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Ryuk variant payload download attempt (malware-other.rules)
 * 1:53347 <-> DISABLED <-> SERVER-WEBAPP Microsoft Exchange Control Panel remote code execution attempt (server-webapp.rules)
 * 1:53346 <-> DISABLED <-> SERVER-WEBAPP Microsoft Exchange Control Panel remote code execution attempt (server-webapp.rules)
 * 1:53350 <-> DISABLED <-> SERVER-WEBAPP Microsoft Exchange Control Panel remote code execution attempt (server-webapp.rules)
 * 1:53351 <-> DISABLED <-> SERVER-WEBAPP Microsoft Exchange Control Panel remote code execution attempt (server-webapp.rules)
 * 1:53344 <-> DISABLED <-> OS-MOBILE Android Binder use after free exploit attempt (os-mobile.rules)
 * 1:53345 <-> DISABLED <-> OS-MOBILE Android Binder use after free exploit attempt (os-mobile.rules)
 * 1:53295 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Generic-7596391-0 download attempt (malware-other.rules)
 * 1:53290 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generic-7597876-0 download attempt (malware-other.rules)
 * 1:53292 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Generic-7596389-0 download attempt (malware-other.rules)
 * 1:53293 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597080-0 download attempt (malware-other.rules)
 * 1:53286 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597078-0 download attempt (malware-other.rules)
 * 1:53291 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597112-0 download attempt (malware-other.rules)
 * 1:53288 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597079-0 download attempt (malware-other.rules)
 * 1:53289 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597111-0 download attempt (malware-other.rules)
 * 1:53282 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Zeroll-7596435-0 download attempt (malware-other.rules)
 * 1:53287 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Zeroll-7596437-0 download attempt (malware-other.rules)
 * 1:53284 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Vebzenpak-7597842-0 download attempt (malware-other.rules)
 * 1:53285 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597077-0 download attempt (malware-other.rules)
 * 1:53278 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597060-0 download attempt (malware-other.rules)
 * 1:53283 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Xtrat-7597808-0 download attempt (malware-other.rules)
 * 1:53280 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597094-0 download attempt (malware-other.rules)
 * 1:53281 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597061-0 download attempt (malware-other.rules)
 * 1:53274 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597092-0 download attempt (malware-other.rules)
 * 1:53279 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Generic-7596410-0 download attempt (malware-other.rules)
 * 1:53276 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597059-0 download attempt (malware-other.rules)
 * 1:53277 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Zeroll-7596409-0 download attempt (malware-other.rules)
 * 1:53270 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Generic-7596403-0 download attempt (malware-other.rules)
 * 1:53275 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Zeroll-7596408-0 download attempt (malware-other.rules)
 * 1:53272 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Gamarue-7596406-0 download attempt (malware-other.rules)
 * 1:53273 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597058-0 download attempt (malware-other.rules)
 * 1:53271 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Zeroll-7596404-0 download attempt (malware-other.rules)
 * 1:53297 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zbot-7597775-0 download attempt (malware-other.rules)
 * 1:53299 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597114-0 download attempt (malware-other.rules)
 * 1:53296 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597081-0 download attempt (malware-other.rules)
 * 1:53318 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597086-0 download attempt (malware-other.rules)
 * 1:53294 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Generic-7596390-0 download attempt (malware-other.rules)
 * 1:53314 <-> DISABLED <-> MALWARE-OTHER Win.Keylogger.Banbra-7597779-0 download attempt (malware-other.rules)
 * 1:53319 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597087-0 download attempt (malware-other.rules)
 * 1:53316 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597053-0 download attempt (malware-other.rules)
 * 1:53317 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Generic-7596399-0 download attempt (malware-other.rules)
 * 1:53310 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Xtrat-7597778-0 download attempt (malware-other.rules)
 * 1:53315 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597118-0 download attempt (malware-other.rules)
 * 1:53312 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597052-0 download attempt (malware-other.rules)
 * 1:53313 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Generic-7596398-0 download attempt (malware-other.rules)
 * 1:53306 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597084-0 download attempt (malware-other.rules)
 * 1:53311 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597117-0 download attempt (malware-other.rules)
 * 1:53308 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597051-0 download attempt (malware-other.rules)
 * 1:53309 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Generic-7596397-0 download attempt (malware-other.rules)
 * 1:53302 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597115-0 download attempt (malware-other.rules)
 * 1:53307 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597116-0 download attempt (malware-other.rules)
 * 1:53304 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generic-7596394-0 download attempt (malware-other.rules)
 * 1:53305 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597050-0 download attempt (malware-other.rules)
 * 1:53298 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Filerepmalware-7596392-0 download attempt (malware-other.rules)
 * 1:53303 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597083-0 download attempt (malware-other.rules)
 * 1:53300 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597049-0 download attempt (malware-other.rules)
 * 1:53301 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Zbot-7596393-0 download attempt (malware-other.rules)
 * 1:53321 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597120-0 download attempt (malware-other.rules)
 * 1:53324 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597089-0 download attempt (malware-other.rules)
 * 1:53320 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597054-0 download attempt (malware-other.rules)
 * 1:53323 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597055-0 download attempt (malware-other.rules)
 * 1:53330 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Jaik-7597790-0 download attempt (malware-other.rules)
 * 1:53331 <-> DISABLED <-> POLICY-OTHER Wake-on-LAN magic packet attempt (policy-other.rules)
 * 1:53329 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597057-0 download attempt (malware-other.rules)
 * 1:53326 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597056-0 download attempt (malware-other.rules)
 * 1:53327 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Midie-7597854-0 download attempt (malware-other.rules)
 * 1:53328 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597090-0 download attempt (malware-other.rules)
 * 1:53325 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Szq7apnib-7597786-0 download attempt (malware-other.rules)
 * 1:53322 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Leer-7597784-0 download attempt (malware-other.rules)
 * 1:53343 <-> DISABLED <-> BROWSER-CHROME Google Chrome V8 Turbofan Array pop type confusion attempt (browser-chrome.rules)

Modified Rules:


 * 1:44489 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (policy-other.rules)
 * 1:44484 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (policy-other.rules)
 * 1:44485 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (policy-other.rules)
 * 1:44487 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (policy-other.rules)
 * 1:44486 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (policy-other.rules)
 * 1:44488 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (policy-other.rules)

2020-02-26 13:26:05 UTC

Snort Subscriber Rules Update

Date: 2020-02-26

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091101.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:53351 <-> DISABLED <-> SERVER-WEBAPP Microsoft Exchange Control Panel remote code execution attempt (server-webapp.rules)
 * 1:53336 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Ryuk variant payload download attempt (malware-other.rules)
 * 1:53335 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Ryuk variant payload download attempt (malware-other.rules)
 * 1:53334 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Agent variant payload download attempt (malware-other.rules)
 * 1:53333 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Ryuk variant payload download attempt (malware-other.rules)
 * 1:53344 <-> DISABLED <-> OS-MOBILE Android Binder use after free exploit attempt (os-mobile.rules)
 * 1:53345 <-> DISABLED <-> OS-MOBILE Android Binder use after free exploit attempt (os-mobile.rules)
 * 1:53341 <-> ENABLED <-> SERVER-APACHE Apache Tomcat AJP connector arbitrary file access attempt (server-apache.rules)
 * 1:53340 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ftcode variant download attempt (malware-cnc.rules)
 * 1:53339 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ftcode variant download attempt (malware-cnc.rules)
 * 1:53337 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Agent variant payload download attempt (malware-other.rules)
 * 1:53347 <-> DISABLED <-> SERVER-WEBAPP Microsoft Exchange Control Panel remote code execution attempt (server-webapp.rules)
 * 1:53338 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ftcode variant outbound communication attempt (malware-cnc.rules)
 * 1:53342 <-> DISABLED <-> BROWSER-CHROME Google Chrome V8 Turbofan Array pop type confusion attempt (browser-chrome.rules)
 * 1:53350 <-> DISABLED <-> SERVER-WEBAPP Microsoft Exchange Control Panel remote code execution attempt (server-webapp.rules)
 * 1:53349 <-> DISABLED <-> SERVER-WEBAPP Microsoft Exchange Control Panel remote code execution attempt (server-webapp.rules)
 * 1:53346 <-> DISABLED <-> SERVER-WEBAPP Microsoft Exchange Control Panel remote code execution attempt (server-webapp.rules)
 * 1:53348 <-> DISABLED <-> SERVER-WEBAPP Microsoft Exchange Control Panel remote code execution attempt (server-webapp.rules)
 * 1:53270 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Generic-7596403-0 download attempt (malware-other.rules)
 * 1:53271 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Zeroll-7596404-0 download attempt (malware-other.rules)
 * 1:53272 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Gamarue-7596406-0 download attempt (malware-other.rules)
 * 1:53273 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597058-0 download attempt (malware-other.rules)
 * 1:53274 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597092-0 download attempt (malware-other.rules)
 * 1:53275 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Zeroll-7596408-0 download attempt (malware-other.rules)
 * 1:53276 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597059-0 download attempt (malware-other.rules)
 * 1:53277 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Zeroll-7596409-0 download attempt (malware-other.rules)
 * 1:53278 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597060-0 download attempt (malware-other.rules)
 * 1:53279 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Generic-7596410-0 download attempt (malware-other.rules)
 * 1:53280 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597094-0 download attempt (malware-other.rules)
 * 1:53281 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597061-0 download attempt (malware-other.rules)
 * 1:53282 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Zeroll-7596435-0 download attempt (malware-other.rules)
 * 1:53283 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Xtrat-7597808-0 download attempt (malware-other.rules)
 * 1:53284 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Vebzenpak-7597842-0 download attempt (malware-other.rules)
 * 1:53285 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597077-0 download attempt (malware-other.rules)
 * 1:53286 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597078-0 download attempt (malware-other.rules)
 * 1:53287 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Zeroll-7596437-0 download attempt (malware-other.rules)
 * 1:53288 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597079-0 download attempt (malware-other.rules)
 * 1:53289 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597111-0 download attempt (malware-other.rules)
 * 1:53290 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generic-7597876-0 download attempt (malware-other.rules)
 * 1:53291 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597112-0 download attempt (malware-other.rules)
 * 1:53292 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Generic-7596389-0 download attempt (malware-other.rules)
 * 1:53293 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597080-0 download attempt (malware-other.rules)
 * 1:53331 <-> DISABLED <-> POLICY-OTHER Wake-on-LAN magic packet attempt (policy-other.rules)
 * 1:53294 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Generic-7596390-0 download attempt (malware-other.rules)
 * 1:53295 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Generic-7596391-0 download attempt (malware-other.rules)
 * 1:53296 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597081-0 download attempt (malware-other.rules)
 * 1:53297 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zbot-7597775-0 download attempt (malware-other.rules)
 * 1:53298 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Filerepmalware-7596392-0 download attempt (malware-other.rules)
 * 1:53299 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597114-0 download attempt (malware-other.rules)
 * 1:53300 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597049-0 download attempt (malware-other.rules)
 * 1:53301 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Zbot-7596393-0 download attempt (malware-other.rules)
 * 1:53302 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597115-0 download attempt (malware-other.rules)
 * 1:53303 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597083-0 download attempt (malware-other.rules)
 * 1:53304 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generic-7596394-0 download attempt (malware-other.rules)
 * 1:53305 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597050-0 download attempt (malware-other.rules)
 * 1:53306 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597084-0 download attempt (malware-other.rules)
 * 1:53307 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597116-0 download attempt (malware-other.rules)
 * 1:53308 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597051-0 download attempt (malware-other.rules)
 * 1:53309 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Generic-7596397-0 download attempt (malware-other.rules)
 * 1:53310 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Xtrat-7597778-0 download attempt (malware-other.rules)
 * 1:53311 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597117-0 download attempt (malware-other.rules)
 * 1:53312 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597052-0 download attempt (malware-other.rules)
 * 1:53313 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Generic-7596398-0 download attempt (malware-other.rules)
 * 1:53314 <-> DISABLED <-> MALWARE-OTHER Win.Keylogger.Banbra-7597779-0 download attempt (malware-other.rules)
 * 1:53315 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597118-0 download attempt (malware-other.rules)
 * 1:53316 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597053-0 download attempt (malware-other.rules)
 * 1:53317 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Generic-7596399-0 download attempt (malware-other.rules)
 * 1:53318 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597086-0 download attempt (malware-other.rules)
 * 1:53319 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597087-0 download attempt (malware-other.rules)
 * 1:53320 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597054-0 download attempt (malware-other.rules)
 * 1:53321 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597120-0 download attempt (malware-other.rules)
 * 1:53322 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Leer-7597784-0 download attempt (malware-other.rules)
 * 1:53323 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597055-0 download attempt (malware-other.rules)
 * 1:53324 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597089-0 download attempt (malware-other.rules)
 * 1:53325 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Szq7apnib-7597786-0 download attempt (malware-other.rules)
 * 1:53326 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597056-0 download attempt (malware-other.rules)
 * 1:53327 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Midie-7597854-0 download attempt (malware-other.rules)
 * 1:53328 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597090-0 download attempt (malware-other.rules)
 * 1:53329 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597057-0 download attempt (malware-other.rules)
 * 1:53330 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Jaik-7597790-0 download attempt (malware-other.rules)
 * 1:53332 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Ryuk variant payload download attempt (malware-other.rules)
 * 1:53343 <-> DISABLED <-> BROWSER-CHROME Google Chrome V8 Turbofan Array pop type confusion attempt (browser-chrome.rules)

Modified Rules:


 * 1:44484 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (policy-other.rules)
 * 1:44485 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (policy-other.rules)
 * 1:44489 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (policy-other.rules)
 * 1:44488 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (policy-other.rules)
 * 1:44487 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (policy-other.rules)
 * 1:44486 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (policy-other.rules)

2020-02-26 13:26:05 UTC

Snort Subscriber Rules Update

Date: 2020-02-26

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3000.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:53345 <-> DISABLED <-> OS-MOBILE Android Binder use after free exploit attempt (snort3-os-mobile.rules)
 * 1:53336 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Ryuk variant payload download attempt (snort3-malware-other.rules)
 * 1:53340 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ftcode variant download attempt (snort3-malware-cnc.rules)
 * 1:53333 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Ryuk variant payload download attempt (snort3-malware-other.rules)
 * 1:53334 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Agent variant payload download attempt (snort3-malware-other.rules)
 * 1:53341 <-> ENABLED <-> SERVER-APACHE Apache Tomcat AJP connector arbitrary file access attempt (snort3-server-apache.rules)
 * 1:53335 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Ryuk variant payload download attempt (snort3-malware-other.rules)
 * 1:53339 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ftcode variant download attempt (snort3-malware-cnc.rules)
 * 1:53337 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Agent variant payload download attempt (snort3-malware-other.rules)
 * 1:53347 <-> DISABLED <-> SERVER-WEBAPP Microsoft Exchange Control Panel remote code execution attempt (snort3-server-webapp.rules)
 * 1:53338 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ftcode variant outbound communication attempt (snort3-malware-cnc.rules)
 * 1:53344 <-> DISABLED <-> OS-MOBILE Android Binder use after free exploit attempt (snort3-os-mobile.rules)
 * 1:53348 <-> DISABLED <-> SERVER-WEBAPP Microsoft Exchange Control Panel remote code execution attempt (snort3-server-webapp.rules)
 * 1:53349 <-> DISABLED <-> SERVER-WEBAPP Microsoft Exchange Control Panel remote code execution attempt (snort3-server-webapp.rules)
 * 1:53350 <-> DISABLED <-> SERVER-WEBAPP Microsoft Exchange Control Panel remote code execution attempt (snort3-server-webapp.rules)
 * 1:53351 <-> DISABLED <-> SERVER-WEBAPP Microsoft Exchange Control Panel remote code execution attempt (snort3-server-webapp.rules)
 * 1:53346 <-> DISABLED <-> SERVER-WEBAPP Microsoft Exchange Control Panel remote code execution attempt (snort3-server-webapp.rules)
 * 1:53342 <-> DISABLED <-> BROWSER-CHROME Google Chrome V8 Turbofan Array pop type confusion attempt (snort3-browser-chrome.rules)
 * 1:53331 <-> DISABLED <-> POLICY-OTHER Wake-on-LAN magic packet attempt (snort3-policy-other.rules)
 * 1:53270 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Generic-7596403-0 download attempt (snort3-malware-other.rules)
 * 1:53271 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Zeroll-7596404-0 download attempt (snort3-malware-other.rules)
 * 1:53272 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Gamarue-7596406-0 download attempt (snort3-malware-other.rules)
 * 1:53273 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597058-0 download attempt (snort3-malware-other.rules)
 * 1:53274 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597092-0 download attempt (snort3-malware-other.rules)
 * 1:53275 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Zeroll-7596408-0 download attempt (snort3-malware-other.rules)
 * 1:53276 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597059-0 download attempt (snort3-malware-other.rules)
 * 1:53277 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Zeroll-7596409-0 download attempt (snort3-malware-other.rules)
 * 1:53278 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597060-0 download attempt (snort3-malware-other.rules)
 * 1:53279 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Generic-7596410-0 download attempt (snort3-malware-other.rules)
 * 1:53280 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597094-0 download attempt (snort3-malware-other.rules)
 * 1:53281 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597061-0 download attempt (snort3-malware-other.rules)
 * 1:53282 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Zeroll-7596435-0 download attempt (snort3-malware-other.rules)
 * 1:53283 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Xtrat-7597808-0 download attempt (snort3-malware-other.rules)
 * 1:53284 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Vebzenpak-7597842-0 download attempt (snort3-malware-other.rules)
 * 1:53285 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597077-0 download attempt (snort3-malware-other.rules)
 * 1:53286 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597078-0 download attempt (snort3-malware-other.rules)
 * 1:53287 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Zeroll-7596437-0 download attempt (snort3-malware-other.rules)
 * 1:53288 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597079-0 download attempt (snort3-malware-other.rules)
 * 1:53289 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597111-0 download attempt (snort3-malware-other.rules)
 * 1:53290 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generic-7597876-0 download attempt (snort3-malware-other.rules)
 * 1:53291 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597112-0 download attempt (snort3-malware-other.rules)
 * 1:53332 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Ryuk variant payload download attempt (snort3-malware-other.rules)
 * 1:53343 <-> DISABLED <-> BROWSER-CHROME Google Chrome V8 Turbofan Array pop type confusion attempt (snort3-browser-chrome.rules)
 * 1:53292 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Generic-7596389-0 download attempt (snort3-malware-other.rules)
 * 1:53293 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597080-0 download attempt (snort3-malware-other.rules)
 * 1:53294 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Generic-7596390-0 download attempt (snort3-malware-other.rules)
 * 1:53295 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Generic-7596391-0 download attempt (snort3-malware-other.rules)
 * 1:53296 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597081-0 download attempt (snort3-malware-other.rules)
 * 1:53297 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zbot-7597775-0 download attempt (snort3-malware-other.rules)
 * 1:53298 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Filerepmalware-7596392-0 download attempt (snort3-malware-other.rules)
 * 1:53299 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597114-0 download attempt (snort3-malware-other.rules)
 * 1:53300 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597049-0 download attempt (snort3-malware-other.rules)
 * 1:53301 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Zbot-7596393-0 download attempt (snort3-malware-other.rules)
 * 1:53302 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597115-0 download attempt (snort3-malware-other.rules)
 * 1:53303 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597083-0 download attempt (snort3-malware-other.rules)
 * 1:53304 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generic-7596394-0 download attempt (snort3-malware-other.rules)
 * 1:53305 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597050-0 download attempt (snort3-malware-other.rules)
 * 1:53306 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597084-0 download attempt (snort3-malware-other.rules)
 * 1:53307 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597116-0 download attempt (snort3-malware-other.rules)
 * 1:53308 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597051-0 download attempt (snort3-malware-other.rules)
 * 1:53309 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Generic-7596397-0 download attempt (snort3-malware-other.rules)
 * 1:53310 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Xtrat-7597778-0 download attempt (snort3-malware-other.rules)
 * 1:53311 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597117-0 download attempt (snort3-malware-other.rules)
 * 1:53312 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597052-0 download attempt (snort3-malware-other.rules)
 * 1:53313 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Generic-7596398-0 download attempt (snort3-malware-other.rules)
 * 1:53314 <-> DISABLED <-> MALWARE-OTHER Win.Keylogger.Banbra-7597779-0 download attempt (snort3-malware-other.rules)
 * 1:53315 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597118-0 download attempt (snort3-malware-other.rules)
 * 1:53316 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597053-0 download attempt (snort3-malware-other.rules)
 * 1:53317 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Generic-7596399-0 download attempt (snort3-malware-other.rules)
 * 1:53318 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597086-0 download attempt (snort3-malware-other.rules)
 * 1:53319 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597087-0 download attempt (snort3-malware-other.rules)
 * 1:53320 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597054-0 download attempt (snort3-malware-other.rules)
 * 1:53321 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597120-0 download attempt (snort3-malware-other.rules)
 * 1:53322 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Leer-7597784-0 download attempt (snort3-malware-other.rules)
 * 1:53323 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597055-0 download attempt (snort3-malware-other.rules)
 * 1:53324 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597089-0 download attempt (snort3-malware-other.rules)
 * 1:53325 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Szq7apnib-7597786-0 download attempt (snort3-malware-other.rules)
 * 1:53326 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597056-0 download attempt (snort3-malware-other.rules)
 * 1:53327 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Midie-7597854-0 download attempt (snort3-malware-other.rules)
 * 1:53328 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597090-0 download attempt (snort3-malware-other.rules)
 * 1:53329 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597057-0 download attempt (snort3-malware-other.rules)
 * 1:53330 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Jaik-7597790-0 download attempt (snort3-malware-other.rules)

Modified Rules:


 * 1:44487 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (snort3-policy-other.rules)
 * 1:44484 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (snort3-policy-other.rules)
 * 1:44485 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (snort3-policy-other.rules)
 * 1:44489 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (snort3-policy-other.rules)
 * 1:44486 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (snort3-policy-other.rules)
 * 1:44488 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (snort3-policy-other.rules)

2020-02-26 13:26:05 UTC

Snort Subscriber Rules Update

Date: 2020-02-26

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:53340 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ftcode variant download attempt (malware-cnc.rules)
 * 1:53336 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Ryuk variant payload download attempt (malware-other.rules)
 * 1:53339 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ftcode variant download attempt (malware-cnc.rules)
 * 1:53341 <-> ENABLED <-> SERVER-APACHE Apache Tomcat AJP connector arbitrary file access attempt (server-apache.rules)
 * 1:53333 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Ryuk variant payload download attempt (malware-other.rules)
 * 1:53334 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Agent variant payload download attempt (malware-other.rules)
 * 1:53344 <-> DISABLED <-> OS-MOBILE Android Binder use after free exploit attempt (os-mobile.rules)
 * 1:53335 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Ryuk variant payload download attempt (malware-other.rules)
 * 1:53338 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ftcode variant outbound communication attempt (malware-cnc.rules)
 * 1:53343 <-> DISABLED <-> BROWSER-CHROME Google Chrome V8 Turbofan Array pop type confusion attempt (browser-chrome.rules)
 * 1:53337 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Agent variant payload download attempt (malware-other.rules)
 * 1:53331 <-> DISABLED <-> POLICY-OTHER Wake-on-LAN magic packet attempt (policy-other.rules)
 * 1:53346 <-> DISABLED <-> SERVER-WEBAPP Microsoft Exchange Control Panel remote code execution attempt (server-webapp.rules)
 * 1:53348 <-> DISABLED <-> SERVER-WEBAPP Microsoft Exchange Control Panel remote code execution attempt (server-webapp.rules)
 * 1:53332 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Ryuk variant payload download attempt (malware-other.rules)
 * 1:53347 <-> DISABLED <-> SERVER-WEBAPP Microsoft Exchange Control Panel remote code execution attempt (server-webapp.rules)
 * 1:53350 <-> DISABLED <-> SERVER-WEBAPP Microsoft Exchange Control Panel remote code execution attempt (server-webapp.rules)
 * 1:53351 <-> DISABLED <-> SERVER-WEBAPP Microsoft Exchange Control Panel remote code execution attempt (server-webapp.rules)
 * 1:53349 <-> DISABLED <-> SERVER-WEBAPP Microsoft Exchange Control Panel remote code execution attempt (server-webapp.rules)
 * 1:53342 <-> DISABLED <-> BROWSER-CHROME Google Chrome V8 Turbofan Array pop type confusion attempt (browser-chrome.rules)
 * 1:53270 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Generic-7596403-0 download attempt (malware-other.rules)
 * 1:53271 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Zeroll-7596404-0 download attempt (malware-other.rules)
 * 1:53272 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Gamarue-7596406-0 download attempt (malware-other.rules)
 * 1:53273 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597058-0 download attempt (malware-other.rules)
 * 1:53274 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597092-0 download attempt (malware-other.rules)
 * 1:53275 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Zeroll-7596408-0 download attempt (malware-other.rules)
 * 1:53276 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597059-0 download attempt (malware-other.rules)
 * 1:53277 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Zeroll-7596409-0 download attempt (malware-other.rules)
 * 1:53278 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597060-0 download attempt (malware-other.rules)
 * 1:53279 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Generic-7596410-0 download attempt (malware-other.rules)
 * 1:53280 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597094-0 download attempt (malware-other.rules)
 * 1:53281 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597061-0 download attempt (malware-other.rules)
 * 1:53282 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Zeroll-7596435-0 download attempt (malware-other.rules)
 * 1:53283 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Xtrat-7597808-0 download attempt (malware-other.rules)
 * 1:53284 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Vebzenpak-7597842-0 download attempt (malware-other.rules)
 * 1:53285 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597077-0 download attempt (malware-other.rules)
 * 1:53286 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597078-0 download attempt (malware-other.rules)
 * 1:53287 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Zeroll-7596437-0 download attempt (malware-other.rules)
 * 1:53288 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597079-0 download attempt (malware-other.rules)
 * 1:53289 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597111-0 download attempt (malware-other.rules)
 * 1:53290 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generic-7597876-0 download attempt (malware-other.rules)
 * 1:53291 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597112-0 download attempt (malware-other.rules)
 * 1:53292 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Generic-7596389-0 download attempt (malware-other.rules)
 * 1:53293 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597080-0 download attempt (malware-other.rules)
 * 1:53294 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Generic-7596390-0 download attempt (malware-other.rules)
 * 1:53295 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Generic-7596391-0 download attempt (malware-other.rules)
 * 1:53296 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597081-0 download attempt (malware-other.rules)
 * 1:53297 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zbot-7597775-0 download attempt (malware-other.rules)
 * 1:53298 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Filerepmalware-7596392-0 download attempt (malware-other.rules)
 * 1:53299 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597114-0 download attempt (malware-other.rules)
 * 1:53300 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597049-0 download attempt (malware-other.rules)
 * 1:53301 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Zbot-7596393-0 download attempt (malware-other.rules)
 * 1:53302 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597115-0 download attempt (malware-other.rules)
 * 1:53303 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597083-0 download attempt (malware-other.rules)
 * 1:53304 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generic-7596394-0 download attempt (malware-other.rules)
 * 1:53305 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597050-0 download attempt (malware-other.rules)
 * 1:53306 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597084-0 download attempt (malware-other.rules)
 * 1:53307 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597116-0 download attempt (malware-other.rules)
 * 1:53308 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597051-0 download attempt (malware-other.rules)
 * 1:53309 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Generic-7596397-0 download attempt (malware-other.rules)
 * 1:53310 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Xtrat-7597778-0 download attempt (malware-other.rules)
 * 1:53311 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597117-0 download attempt (malware-other.rules)
 * 1:53312 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597052-0 download attempt (malware-other.rules)
 * 1:53313 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Generic-7596398-0 download attempt (malware-other.rules)
 * 1:53314 <-> DISABLED <-> MALWARE-OTHER Win.Keylogger.Banbra-7597779-0 download attempt (malware-other.rules)
 * 1:53315 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597118-0 download attempt (malware-other.rules)
 * 1:53316 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597053-0 download attempt (malware-other.rules)
 * 1:53317 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Generic-7596399-0 download attempt (malware-other.rules)
 * 1:53318 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597086-0 download attempt (malware-other.rules)
 * 1:53319 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597087-0 download attempt (malware-other.rules)
 * 1:53320 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597054-0 download attempt (malware-other.rules)
 * 1:53321 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597120-0 download attempt (malware-other.rules)
 * 1:53322 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Leer-7597784-0 download attempt (malware-other.rules)
 * 1:53345 <-> DISABLED <-> OS-MOBILE Android Binder use after free exploit attempt (os-mobile.rules)
 * 1:53323 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597055-0 download attempt (malware-other.rules)
 * 1:53324 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597089-0 download attempt (malware-other.rules)
 * 1:53325 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Szq7apnib-7597786-0 download attempt (malware-other.rules)
 * 1:53326 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597056-0 download attempt (malware-other.rules)
 * 1:53327 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Midie-7597854-0 download attempt (malware-other.rules)
 * 1:53328 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597090-0 download attempt (malware-other.rules)
 * 1:53329 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597057-0 download attempt (malware-other.rules)
 * 1:53330 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Jaik-7597790-0 download attempt (malware-other.rules)

Modified Rules:


 * 1:44485 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (policy-other.rules)
 * 1:44488 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (policy-other.rules)
 * 1:44487 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (policy-other.rules)
 * 1:44486 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (policy-other.rules)
 * 1:44484 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (policy-other.rules)
 * 1:44489 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (policy-other.rules)