Talos Rules 2020-06-02
This release adds and modifies rules in several categories.

Talos has added and modified multiple rules in the browser-ie, file-multimedia, malware-cnc, malware-other, protocol-scada, pua-adware and server-webapp rule sets to provide coverage for emerging threats from these technologies.

Change logs

2020-06-02 12:24:47 UTC

Snort Subscriber Rules Update

Date: 2020-06-02

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091600.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:54084 <-> DISABLED <-> MALWARE-OTHER PUA.Unix.Adware.Mobidash-7914334-0 download attempt (malware-other.rules)
 * 1:54083 <-> DISABLED <-> MALWARE-OTHER PUA.Unix.Adware.Mobidash-7914334-0 download attempt (malware-other.rules)
 * 1:54100 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Mokes malicious executable download attempt (malware-other.rules)
 * 1:54099 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Mokes malicious executable download attempt (malware-other.rules)
 * 1:54098 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Mokes malicious executable download attempt (malware-other.rules)
 * 1:54097 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Mokes malicious executable download attempt (malware-other.rules)
 * 1:54096 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.CobaltStrike powershell beacon download attempt (malware-other.rules)
 * 1:54095 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.CobaltStrike powershell beacon download attempt (malware-other.rules)
 * 1:54094 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Zeus-7944985-0 download attempt (malware-other.rules)
 * 1:54093 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Zeus-7944985-0 download attempt (malware-other.rules)
 * 1:54092 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-7977738-0 download attempt (malware-other.rules)
 * 1:54091 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-7977738-0 download attempt (malware-other.rules)
 * 1:54090 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.DarkKomet-7946160-0 download attempt (malware-other.rules)
 * 1:54089 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.DarkKomet-7946160-0 download attempt (malware-other.rules)
 * 1:54088 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Zeus-7945000-0 download attempt (malware-other.rules)
 * 1:54087 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Zeus-7945000-0 download attempt (malware-other.rules)
 * 1:54086 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Barys-7933433-0 download attempt (malware-other.rules)
 * 1:54085 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Barys-7933433-0 download attempt (malware-other.rules)
 * 1:54103 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Mokes malicious executable download attempt (malware-other.rules)
 * 1:54102 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Mokes malicious executable download attempt (malware-other.rules)
 * 1:54101 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Mokes malicious executable download attempt (malware-other.rules)
 * 1:54106 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Mokes malicious executable download attempt (malware-other.rules)
 * 1:54105 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Mokes malicious executable download attempt (malware-other.rules)
 * 1:54104 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Mokes malicious executable download attempt (malware-other.rules)
 * 1:54107 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Mokes variant outbound connection (malware-cnc.rules)
 * 1:54110 <-> ENABLED <-> MALWARE-OTHER Html.Trojan.CobaltStrike HTML payload download attempt (malware-other.rules)
 * 1:54109 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Mikey-7914350-0 download attempt (malware-other.rules)
 * 1:54108 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Mikey-7914350-0 download attempt (malware-other.rules)
 * 1:54113 <-> ENABLED <-> MALWARE-OTHER Html.Trojan.CobaltStrike HTML payload download attempt (malware-other.rules)
 * 1:54112 <-> ENABLED <-> MALWARE-OTHER Html.Trojan.CobaltStrike HTML payload download attempt (malware-other.rules)
 * 1:54111 <-> ENABLED <-> MALWARE-OTHER Html.Trojan.CobaltStrike HTML payload download attempt (malware-other.rules)
 * 1:54114 <-> ENABLED <-> MALWARE-OTHER Html.Trojan.CobaltStrike powershell payload download attempt (malware-other.rules)
 * 1:54122 <-> ENABLED <-> SERVER-OTHER OpenSMTPD mta_io remote command injection attempt (server-other.rules)
 * 1:54119 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Ircbot-7910553-0 download attempt (malware-other.rules)
 * 1:54118 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Ircbot-7910553-0 download attempt (malware-other.rules)
 * 1:54117 <-> ENABLED <-> MALWARE-OTHER Html.Trojan.CobaltStrike VBA payload download attempt (malware-other.rules)
 * 1:54116 <-> ENABLED <-> MALWARE-OTHER Html.Trojan.CobaltStrike VBA payload download attempt (malware-other.rules)
 * 1:54115 <-> ENABLED <-> MALWARE-OTHER Html.Trojan.CobaltStrike powershell payload download attempt (malware-other.rules)
 * 3:54120 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2019-0912 attack attempt (file-multimedia.rules)
 * 3:54121 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2019-0912 attack attempt (file-multimedia.rules)
 * 3:54123 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1077 attack attempt (server-webapp.rules)
 * 3:54124 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1077 attack attempt (server-webapp.rules)
 * 3:54125 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1077 attack attempt (server-webapp.rules)
 * 3:54126 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1077 attack attempt (server-webapp.rules)
 * 3:54127 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1077 attack attempt (server-webapp.rules)
 * 3:54128 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1077 attack attempt (server-webapp.rules)
 * 3:54129 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1077 attack attempt (server-webapp.rules)
 * 3:54130 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1077 attack attempt (server-webapp.rules)
 * 3:54131 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1077 attack attempt (server-webapp.rules)
 * 3:54132 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1072 attack attempt (server-webapp.rules)
 * 3:54134 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1072 attack attempt (server-webapp.rules)
 * 3:54135 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1073 attack attempt (server-webapp.rules)
 * 3:54137 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1073 attack attempt (server-webapp.rules)
 * 3:54138 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1074 attack attempt (server-webapp.rules)
 * 3:54133 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1072 attack attempt (server-webapp.rules)
 * 3:54139 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1075 attack attempt (server-webapp.rules)
 * 3:54136 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1073 attack attempt (server-webapp.rules)
 * 3:54140 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1075 attack attempt (server-webapp.rules)
 * 3:54141 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1075 attack attempt (server-webapp.rules)
 * 3:54142 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1076 attack attempt (server-webapp.rules)
 * 3:54144 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1076 attack attempt (server-webapp.rules)
 * 3:54143 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1076 attack attempt (server-webapp.rules)

Modified Rules:


 * 1:28372 <-> ENABLED <-> PUA-ADWARE UpdateStar encapsulated installer outbound connection (pua-adware.rules)
 * 1:28371 <-> ENABLED <-> PUA-ADWARE UpdateStar CIS file retrieval attempt (pua-adware.rules)
 * 1:54082 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound cnc connection (malware-cnc.rules)
 * 1:54031 <-> DISABLED <-> SERVER-OTHER SaltStack wheel directory traversal attempt (server-other.rules)
 * 1:54033 <-> DISABLED <-> SERVER-OTHER SaltStack wheel directory traversal attempt (server-other.rules)
 * 1:54022 <-> DISABLED <-> SERVER-OTHER SaltStack authentication bypass attempt (server-other.rules)
 * 1:54023 <-> DISABLED <-> SERVER-OTHER SaltStack authentication bypass attempt (server-other.rules)
 * 1:42075 <-> ENABLED <-> PROTOCOL-SCADA TraceMode Runtime DOS attempt (protocol-scada.rules)
 * 1:54032 <-> DISABLED <-> SERVER-OTHER SaltStack wheel directory traversal attempt (server-other.rules)
 * 1:54030 <-> DISABLED <-> SERVER-OTHER SaltStack wheel directory traversal attempt (server-other.rules)
 * 1:42074 <-> ENABLED <-> PROTOCOL-SCADA TraceMode Runtime DOS attempt (protocol-scada.rules)
 * 1:39233 <-> ENABLED <-> BROWSER-IE Microsoft Edge Content Security Policy bypass attempt (browser-ie.rules)
 * 1:40027 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Shakti variant outbound connection (malware-cnc.rules)
 * 1:29423 <-> ENABLED <-> MALWARE-CNC Win.Trojan.MaxerDDos variant connection (malware-cnc.rules)
 * 1:33481 <-> ENABLED <-> MALWARE-CNC Linux.Backdoor.Xnote outbound connection (malware-cnc.rules)
 * 1:28862 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CViewportChangeInvalidation use after free attempt (browser-ie.rules)
 * 1:28863 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CViewportChangeInvalidation use after free attempt (browser-ie.rules)
 * 3:51677 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2019-0912 attack attempt (file-multimedia.rules)
 * 3:51674 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2019-0912 attack attempt (file-multimedia.rules)
 * 3:51678 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2019-0912 attack attempt (file-multimedia.rules)
 * 3:51676 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2019-0912 attack attempt (file-multimedia.rules)
 * 3:51680 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2019-0912 attack attempt (file-multimedia.rules)
 * 3:51679 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2019-0912 attack attempt (file-multimedia.rules)
 * 3:51675 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2019-0912 attack attempt (file-multimedia.rules)
 * 3:51673 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2019-0912 attack attempt (file-multimedia.rules)

2020-06-02 12:24:47 UTC

Snort Subscriber Rules Update

Date: 2020-06-02

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091501.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:54097 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Mokes malicious executable download attempt (malware-other.rules)
 * 1:54096 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.CobaltStrike powershell beacon download attempt (malware-other.rules)
 * 1:54100 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Mokes malicious executable download attempt (malware-other.rules)
 * 1:54088 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Zeus-7945000-0 download attempt (malware-other.rules)
 * 1:54101 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Mokes malicious executable download attempt (malware-other.rules)
 * 1:54102 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Mokes malicious executable download attempt (malware-other.rules)
 * 1:54103 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Mokes malicious executable download attempt (malware-other.rules)
 * 1:54122 <-> ENABLED <-> SERVER-OTHER OpenSMTPD mta_io remote command injection attempt (server-other.rules)
 * 1:54084 <-> DISABLED <-> MALWARE-OTHER PUA.Unix.Adware.Mobidash-7914334-0 download attempt (malware-other.rules)
 * 1:54086 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Barys-7933433-0 download attempt (malware-other.rules)
 * 1:54091 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-7977738-0 download attempt (malware-other.rules)
 * 1:54083 <-> DISABLED <-> MALWARE-OTHER PUA.Unix.Adware.Mobidash-7914334-0 download attempt (malware-other.rules)
 * 1:54108 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Mikey-7914350-0 download attempt (malware-other.rules)
 * 1:54090 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.DarkKomet-7946160-0 download attempt (malware-other.rules)
 * 1:54107 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Mokes variant outbound connection (malware-cnc.rules)
 * 1:54106 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Mokes malicious executable download attempt (malware-other.rules)
 * 1:54109 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Mikey-7914350-0 download attempt (malware-other.rules)
 * 1:54094 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Zeus-7944985-0 download attempt (malware-other.rules)
 * 1:54095 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.CobaltStrike powershell beacon download attempt (malware-other.rules)
 * 1:54085 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Barys-7933433-0 download attempt (malware-other.rules)
 * 1:54092 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-7977738-0 download attempt (malware-other.rules)
 * 1:54093 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Zeus-7944985-0 download attempt (malware-other.rules)
 * 1:54099 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Mokes malicious executable download attempt (malware-other.rules)
 * 1:54098 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Mokes malicious executable download attempt (malware-other.rules)
 * 1:54105 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Mokes malicious executable download attempt (malware-other.rules)
 * 1:54110 <-> ENABLED <-> MALWARE-OTHER Html.Trojan.CobaltStrike HTML payload download attempt (malware-other.rules)
 * 1:54111 <-> ENABLED <-> MALWARE-OTHER Html.Trojan.CobaltStrike HTML payload download attempt (malware-other.rules)
 * 1:54112 <-> ENABLED <-> MALWARE-OTHER Html.Trojan.CobaltStrike HTML payload download attempt (malware-other.rules)
 * 1:54087 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Zeus-7945000-0 download attempt (malware-other.rules)
 * 1:54104 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Mokes malicious executable download attempt (malware-other.rules)
 * 1:54089 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.DarkKomet-7946160-0 download attempt (malware-other.rules)
 * 1:54115 <-> ENABLED <-> MALWARE-OTHER Html.Trojan.CobaltStrike powershell payload download attempt (malware-other.rules)
 * 1:54118 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Ircbot-7910553-0 download attempt (malware-other.rules)
 * 1:54117 <-> ENABLED <-> MALWARE-OTHER Html.Trojan.CobaltStrike VBA payload download attempt (malware-other.rules)
 * 1:54116 <-> ENABLED <-> MALWARE-OTHER Html.Trojan.CobaltStrike VBA payload download attempt (malware-other.rules)
 * 1:54113 <-> ENABLED <-> MALWARE-OTHER Html.Trojan.CobaltStrike HTML payload download attempt (malware-other.rules)
 * 1:54114 <-> ENABLED <-> MALWARE-OTHER Html.Trojan.CobaltStrike powershell payload download attempt (malware-other.rules)
 * 1:54119 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Ircbot-7910553-0 download attempt (malware-other.rules)
 * 3:54133 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1072 attack attempt (server-webapp.rules)
 * 3:54126 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1077 attack attempt (server-webapp.rules)
 * 3:54138 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1074 attack attempt (server-webapp.rules)
 * 3:54120 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2019-0912 attack attempt (file-multimedia.rules)
 * 3:54142 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1076 attack attempt (server-webapp.rules)
 * 3:54143 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1076 attack attempt (server-webapp.rules)
 * 3:54137 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1073 attack attempt (server-webapp.rules)
 * 3:54132 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1072 attack attempt (server-webapp.rules)
 * 3:54135 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1073 attack attempt (server-webapp.rules)
 * 3:54136 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1073 attack attempt (server-webapp.rules)
 * 3:54141 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1075 attack attempt (server-webapp.rules)
 * 3:54123 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1077 attack attempt (server-webapp.rules)
 * 3:54121 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2019-0912 attack attempt (file-multimedia.rules)
 * 3:54128 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1077 attack attempt (server-webapp.rules)
 * 3:54125 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1077 attack attempt (server-webapp.rules)
 * 3:54139 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1075 attack attempt (server-webapp.rules)
 * 3:54144 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1076 attack attempt (server-webapp.rules)
 * 3:54130 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1077 attack attempt (server-webapp.rules)
 * 3:54129 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1077 attack attempt (server-webapp.rules)
 * 3:54124 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1077 attack attempt (server-webapp.rules)
 * 3:54131 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1077 attack attempt (server-webapp.rules)
 * 3:54140 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1075 attack attempt (server-webapp.rules)
 * 3:54127 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1077 attack attempt (server-webapp.rules)
 * 3:54134 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1072 attack attempt (server-webapp.rules)

Modified Rules:


 * 1:54030 <-> DISABLED <-> SERVER-OTHER SaltStack wheel directory traversal attempt (server-other.rules)
 * 1:28371 <-> ENABLED <-> PUA-ADWARE UpdateStar CIS file retrieval attempt (pua-adware.rules)
 * 1:28372 <-> ENABLED <-> PUA-ADWARE UpdateStar encapsulated installer outbound connection (pua-adware.rules)
 * 1:39233 <-> ENABLED <-> BROWSER-IE Microsoft Edge Content Security Policy bypass attempt (browser-ie.rules)
 * 1:54023 <-> DISABLED <-> SERVER-OTHER SaltStack authentication bypass attempt (server-other.rules)
 * 1:33481 <-> ENABLED <-> MALWARE-CNC Linux.Backdoor.Xnote outbound connection (malware-cnc.rules)
 * 1:28862 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CViewportChangeInvalidation use after free attempt (browser-ie.rules)
 * 1:29423 <-> ENABLED <-> MALWARE-CNC Win.Trojan.MaxerDDos variant connection (malware-cnc.rules)
 * 1:28863 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CViewportChangeInvalidation use after free attempt (browser-ie.rules)
 * 1:54031 <-> DISABLED <-> SERVER-OTHER SaltStack wheel directory traversal attempt (server-other.rules)
 * 1:54082 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound cnc connection (malware-cnc.rules)
 * 1:42075 <-> ENABLED <-> PROTOCOL-SCADA TraceMode Runtime DOS attempt (protocol-scada.rules)
 * 1:54032 <-> DISABLED <-> SERVER-OTHER SaltStack wheel directory traversal attempt (server-other.rules)
 * 1:54033 <-> DISABLED <-> SERVER-OTHER SaltStack wheel directory traversal attempt (server-other.rules)
 * 1:54022 <-> DISABLED <-> SERVER-OTHER SaltStack authentication bypass attempt (server-other.rules)
 * 1:42074 <-> ENABLED <-> PROTOCOL-SCADA TraceMode Runtime DOS attempt (protocol-scada.rules)
 * 1:40027 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Shakti variant outbound connection (malware-cnc.rules)
 * 3:51674 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2019-0912 attack attempt (file-multimedia.rules)
 * 3:51680 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2019-0912 attack attempt (file-multimedia.rules)
 * 3:51677 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2019-0912 attack attempt (file-multimedia.rules)
 * 3:51679 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2019-0912 attack attempt (file-multimedia.rules)
 * 3:51678 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2019-0912 attack attempt (file-multimedia.rules)
 * 3:51673 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2019-0912 attack attempt (file-multimedia.rules)
 * 3:51676 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2019-0912 attack attempt (file-multimedia.rules)
 * 3:51675 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2019-0912 attack attempt (file-multimedia.rules)

2020-06-02 12:24:47 UTC

Snort Subscriber Rules Update

Date: 2020-06-02

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091500.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:54096 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.CobaltStrike powershell beacon download attempt (malware-other.rules)
 * 1:54097 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Mokes malicious executable download attempt (malware-other.rules)
 * 1:54083 <-> DISABLED <-> MALWARE-OTHER PUA.Unix.Adware.Mobidash-7914334-0 download attempt (malware-other.rules)
 * 1:54090 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.DarkKomet-7946160-0 download attempt (malware-other.rules)
 * 1:54107 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Mokes variant outbound connection (malware-cnc.rules)
 * 1:54088 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Zeus-7945000-0 download attempt (malware-other.rules)
 * 1:54105 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Mokes malicious executable download attempt (malware-other.rules)
 * 1:54098 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Mokes malicious executable download attempt (malware-other.rules)
 * 1:54119 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Ircbot-7910553-0 download attempt (malware-other.rules)
 * 1:54106 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Mokes malicious executable download attempt (malware-other.rules)
 * 1:54101 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Mokes malicious executable download attempt (malware-other.rules)
 * 1:54091 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-7977738-0 download attempt (malware-other.rules)
 * 1:54084 <-> DISABLED <-> MALWARE-OTHER PUA.Unix.Adware.Mobidash-7914334-0 download attempt (malware-other.rules)
 * 1:54087 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Zeus-7945000-0 download attempt (malware-other.rules)
 * 1:54085 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Barys-7933433-0 download attempt (malware-other.rules)
 * 1:54122 <-> ENABLED <-> SERVER-OTHER OpenSMTPD mta_io remote command injection attempt (server-other.rules)
 * 1:54095 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.CobaltStrike powershell beacon download attempt (malware-other.rules)
 * 1:54093 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Zeus-7944985-0 download attempt (malware-other.rules)
 * 1:54086 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Barys-7933433-0 download attempt (malware-other.rules)
 * 1:54099 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Mokes malicious executable download attempt (malware-other.rules)
 * 1:54109 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Mikey-7914350-0 download attempt (malware-other.rules)
 * 1:54094 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Zeus-7944985-0 download attempt (malware-other.rules)
 * 1:54103 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Mokes malicious executable download attempt (malware-other.rules)
 * 1:54104 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Mokes malicious executable download attempt (malware-other.rules)
 * 1:54100 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Mokes malicious executable download attempt (malware-other.rules)
 * 1:54102 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Mokes malicious executable download attempt (malware-other.rules)
 * 1:54108 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Mikey-7914350-0 download attempt (malware-other.rules)
 * 1:54110 <-> ENABLED <-> MALWARE-OTHER Html.Trojan.CobaltStrike HTML payload download attempt (malware-other.rules)
 * 1:54111 <-> ENABLED <-> MALWARE-OTHER Html.Trojan.CobaltStrike HTML payload download attempt (malware-other.rules)
 * 1:54112 <-> ENABLED <-> MALWARE-OTHER Html.Trojan.CobaltStrike HTML payload download attempt (malware-other.rules)
 * 1:54089 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.DarkKomet-7946160-0 download attempt (malware-other.rules)
 * 1:54118 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Ircbot-7910553-0 download attempt (malware-other.rules)
 * 1:54116 <-> ENABLED <-> MALWARE-OTHER Html.Trojan.CobaltStrike VBA payload download attempt (malware-other.rules)
 * 1:54117 <-> ENABLED <-> MALWARE-OTHER Html.Trojan.CobaltStrike VBA payload download attempt (malware-other.rules)
 * 1:54114 <-> ENABLED <-> MALWARE-OTHER Html.Trojan.CobaltStrike powershell payload download attempt (malware-other.rules)
 * 1:54115 <-> ENABLED <-> MALWARE-OTHER Html.Trojan.CobaltStrike powershell payload download attempt (malware-other.rules)
 * 1:54113 <-> ENABLED <-> MALWARE-OTHER Html.Trojan.CobaltStrike HTML payload download attempt (malware-other.rules)
 * 1:54092 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-7977738-0 download attempt (malware-other.rules)
 * 3:54128 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1077 attack attempt (server-webapp.rules)
 * 3:54138 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1074 attack attempt (server-webapp.rules)
 * 3:54131 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1077 attack attempt (server-webapp.rules)
 * 3:54121 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2019-0912 attack attempt (file-multimedia.rules)
 * 3:54134 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1072 attack attempt (server-webapp.rules)
 * 3:54139 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1075 attack attempt (server-webapp.rules)
 * 3:54125 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1077 attack attempt (server-webapp.rules)
 * 3:54120 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2019-0912 attack attempt (file-multimedia.rules)
 * 3:54137 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1073 attack attempt (server-webapp.rules)
 * 3:54126 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1077 attack attempt (server-webapp.rules)
 * 3:54133 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1072 attack attempt (server-webapp.rules)
 * 3:54130 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1077 attack attempt (server-webapp.rules)
 * 3:54135 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1073 attack attempt (server-webapp.rules)
 * 3:54124 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1077 attack attempt (server-webapp.rules)
 * 3:54136 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1073 attack attempt (server-webapp.rules)
 * 3:54143 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1076 attack attempt (server-webapp.rules)
 * 3:54132 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1072 attack attempt (server-webapp.rules)
 * 3:54144 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1076 attack attempt (server-webapp.rules)
 * 3:54123 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1077 attack attempt (server-webapp.rules)
 * 3:54140 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1075 attack attempt (server-webapp.rules)
 * 3:54141 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1075 attack attempt (server-webapp.rules)
 * 3:54129 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1077 attack attempt (server-webapp.rules)
 * 3:54142 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1076 attack attempt (server-webapp.rules)
 * 3:54127 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1077 attack attempt (server-webapp.rules)

Modified Rules:


 * 1:28863 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CViewportChangeInvalidation use after free attempt (browser-ie.rules)
 * 1:54031 <-> DISABLED <-> SERVER-OTHER SaltStack wheel directory traversal attempt (server-other.rules)
 * 1:54023 <-> DISABLED <-> SERVER-OTHER SaltStack authentication bypass attempt (server-other.rules)
 * 1:54033 <-> DISABLED <-> SERVER-OTHER SaltStack wheel directory traversal attempt (server-other.rules)
 * 1:54082 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound cnc connection (malware-cnc.rules)
 * 1:28371 <-> ENABLED <-> PUA-ADWARE UpdateStar CIS file retrieval attempt (pua-adware.rules)
 * 1:28372 <-> ENABLED <-> PUA-ADWARE UpdateStar encapsulated installer outbound connection (pua-adware.rules)
 * 1:54022 <-> DISABLED <-> SERVER-OTHER SaltStack authentication bypass attempt (server-other.rules)
 * 1:29423 <-> ENABLED <-> MALWARE-CNC Win.Trojan.MaxerDDos variant connection (malware-cnc.rules)
 * 1:40027 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Shakti variant outbound connection (malware-cnc.rules)
 * 1:42074 <-> ENABLED <-> PROTOCOL-SCADA TraceMode Runtime DOS attempt (protocol-scada.rules)
 * 1:54030 <-> DISABLED <-> SERVER-OTHER SaltStack wheel directory traversal attempt (server-other.rules)
 * 1:39233 <-> ENABLED <-> BROWSER-IE Microsoft Edge Content Security Policy bypass attempt (browser-ie.rules)
 * 1:33481 <-> ENABLED <-> MALWARE-CNC Linux.Backdoor.Xnote outbound connection (malware-cnc.rules)
 * 1:42075 <-> ENABLED <-> PROTOCOL-SCADA TraceMode Runtime DOS attempt (protocol-scada.rules)
 * 1:28862 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CViewportChangeInvalidation use after free attempt (browser-ie.rules)
 * 1:54032 <-> DISABLED <-> SERVER-OTHER SaltStack wheel directory traversal attempt (server-other.rules)
 * 3:51677 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2019-0912 attack attempt (file-multimedia.rules)
 * 3:51679 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2019-0912 attack attempt (file-multimedia.rules)
 * 3:51675 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2019-0912 attack attempt (file-multimedia.rules)
 * 3:51673 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2019-0912 attack attempt (file-multimedia.rules)
 * 3:51680 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2019-0912 attack attempt (file-multimedia.rules)
 * 3:51676 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2019-0912 attack attempt (file-multimedia.rules)
 * 3:51674 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2019-0912 attack attempt (file-multimedia.rules)
 * 3:51678 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2019-0912 attack attempt (file-multimedia.rules)

2020-06-02 12:24:47 UTC

Snort Subscriber Rules Update

Date: 2020-06-02

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091401.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:54107 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Mokes variant outbound connection (malware-cnc.rules)
 * 1:54096 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.CobaltStrike powershell beacon download attempt (malware-other.rules)
 * 1:54097 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Mokes malicious executable download attempt (malware-other.rules)
 * 1:54083 <-> DISABLED <-> MALWARE-OTHER PUA.Unix.Adware.Mobidash-7914334-0 download attempt (malware-other.rules)
 * 1:54119 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Ircbot-7910553-0 download attempt (malware-other.rules)
 * 1:54099 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Mokes malicious executable download attempt (malware-other.rules)
 * 1:54090 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.DarkKomet-7946160-0 download attempt (malware-other.rules)
 * 1:54104 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Mokes malicious executable download attempt (malware-other.rules)
 * 1:54101 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Mokes malicious executable download attempt (malware-other.rules)
 * 1:54105 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Mokes malicious executable download attempt (malware-other.rules)
 * 1:54098 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Mokes malicious executable download attempt (malware-other.rules)
 * 1:54106 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Mokes malicious executable download attempt (malware-other.rules)
 * 1:54100 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Mokes malicious executable download attempt (malware-other.rules)
 * 1:54085 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Barys-7933433-0 download attempt (malware-other.rules)
 * 1:54103 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Mokes malicious executable download attempt (malware-other.rules)
 * 1:54091 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-7977738-0 download attempt (malware-other.rules)
 * 1:54086 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Barys-7933433-0 download attempt (malware-other.rules)
 * 1:54109 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Mikey-7914350-0 download attempt (malware-other.rules)
 * 1:54094 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Zeus-7944985-0 download attempt (malware-other.rules)
 * 1:54102 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Mokes malicious executable download attempt (malware-other.rules)
 * 1:54122 <-> ENABLED <-> SERVER-OTHER OpenSMTPD mta_io remote command injection attempt (server-other.rules)
 * 1:54088 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Zeus-7945000-0 download attempt (malware-other.rules)
 * 1:54087 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Zeus-7945000-0 download attempt (malware-other.rules)
 * 1:54095 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.CobaltStrike powershell beacon download attempt (malware-other.rules)
 * 1:54093 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Zeus-7944985-0 download attempt (malware-other.rules)
 * 1:54118 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Ircbot-7910553-0 download attempt (malware-other.rules)
 * 1:54117 <-> ENABLED <-> MALWARE-OTHER Html.Trojan.CobaltStrike VBA payload download attempt (malware-other.rules)
 * 1:54114 <-> ENABLED <-> MALWARE-OTHER Html.Trojan.CobaltStrike powershell payload download attempt (malware-other.rules)
 * 1:54115 <-> ENABLED <-> MALWARE-OTHER Html.Trojan.CobaltStrike powershell payload download attempt (malware-other.rules)
 * 1:54113 <-> ENABLED <-> MALWARE-OTHER Html.Trojan.CobaltStrike HTML payload download attempt (malware-other.rules)
 * 1:54084 <-> DISABLED <-> MALWARE-OTHER PUA.Unix.Adware.Mobidash-7914334-0 download attempt (malware-other.rules)
 * 1:54108 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Mikey-7914350-0 download attempt (malware-other.rules)
 * 1:54110 <-> ENABLED <-> MALWARE-OTHER Html.Trojan.CobaltStrike HTML payload download attempt (malware-other.rules)
 * 1:54111 <-> ENABLED <-> MALWARE-OTHER Html.Trojan.CobaltStrike HTML payload download attempt (malware-other.rules)
 * 1:54112 <-> ENABLED <-> MALWARE-OTHER Html.Trojan.CobaltStrike HTML payload download attempt (malware-other.rules)
 * 1:54089 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.DarkKomet-7946160-0 download attempt (malware-other.rules)
 * 1:54116 <-> ENABLED <-> MALWARE-OTHER Html.Trojan.CobaltStrike VBA payload download attempt (malware-other.rules)
 * 1:54092 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-7977738-0 download attempt (malware-other.rules)
 * 3:54124 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1077 attack attempt (server-webapp.rules)
 * 3:54137 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1073 attack attempt (server-webapp.rules)
 * 3:54125 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1077 attack attempt (server-webapp.rules)
 * 3:54141 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1075 attack attempt (server-webapp.rules)
 * 3:54126 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1077 attack attempt (server-webapp.rules)
 * 3:54138 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1074 attack attempt (server-webapp.rules)
 * 3:54140 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1075 attack attempt (server-webapp.rules)
 * 3:54121 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2019-0912 attack attempt (file-multimedia.rules)
 * 3:54127 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1077 attack attempt (server-webapp.rules)
 * 3:54123 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1077 attack attempt (server-webapp.rules)
 * 3:54120 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2019-0912 attack attempt (file-multimedia.rules)
 * 3:54133 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1072 attack attempt (server-webapp.rules)
 * 3:54129 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1077 attack attempt (server-webapp.rules)
 * 3:54142 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1076 attack attempt (server-webapp.rules)
 * 3:54139 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1075 attack attempt (server-webapp.rules)
 * 3:54130 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1077 attack attempt (server-webapp.rules)
 * 3:54143 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1076 attack attempt (server-webapp.rules)
 * 3:54135 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1073 attack attempt (server-webapp.rules)
 * 3:54134 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1072 attack attempt (server-webapp.rules)
 * 3:54136 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1073 attack attempt (server-webapp.rules)
 * 3:54144 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1076 attack attempt (server-webapp.rules)
 * 3:54132 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1072 attack attempt (server-webapp.rules)
 * 3:54128 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1077 attack attempt (server-webapp.rules)
 * 3:54131 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1077 attack attempt (server-webapp.rules)

Modified Rules:


 * 1:42075 <-> ENABLED <-> PROTOCOL-SCADA TraceMode Runtime DOS attempt (protocol-scada.rules)
 * 1:28372 <-> ENABLED <-> PUA-ADWARE UpdateStar encapsulated installer outbound connection (pua-adware.rules)
 * 1:54082 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound cnc connection (malware-cnc.rules)
 * 1:54032 <-> DISABLED <-> SERVER-OTHER SaltStack wheel directory traversal attempt (server-other.rules)
 * 1:54030 <-> DISABLED <-> SERVER-OTHER SaltStack wheel directory traversal attempt (server-other.rules)
 * 1:28862 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CViewportChangeInvalidation use after free attempt (browser-ie.rules)
 * 1:54023 <-> DISABLED <-> SERVER-OTHER SaltStack authentication bypass attempt (server-other.rules)
 * 1:54022 <-> DISABLED <-> SERVER-OTHER SaltStack authentication bypass attempt (server-other.rules)
 * 1:54033 <-> DISABLED <-> SERVER-OTHER SaltStack wheel directory traversal attempt (server-other.rules)
 * 1:28371 <-> ENABLED <-> PUA-ADWARE UpdateStar CIS file retrieval attempt (pua-adware.rules)
 * 1:54031 <-> DISABLED <-> SERVER-OTHER SaltStack wheel directory traversal attempt (server-other.rules)
 * 1:40027 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Shakti variant outbound connection (malware-cnc.rules)
 * 1:28863 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CViewportChangeInvalidation use after free attempt (browser-ie.rules)
 * 1:42074 <-> ENABLED <-> PROTOCOL-SCADA TraceMode Runtime DOS attempt (protocol-scada.rules)
 * 1:29423 <-> ENABLED <-> MALWARE-CNC Win.Trojan.MaxerDDos variant connection (malware-cnc.rules)
 * 1:33481 <-> ENABLED <-> MALWARE-CNC Linux.Backdoor.Xnote outbound connection (malware-cnc.rules)
 * 1:39233 <-> ENABLED <-> BROWSER-IE Microsoft Edge Content Security Policy bypass attempt (browser-ie.rules)
 * 3:51676 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2019-0912 attack attempt (file-multimedia.rules)
 * 3:51678 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2019-0912 attack attempt (file-multimedia.rules)
 * 3:51673 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2019-0912 attack attempt (file-multimedia.rules)
 * 3:51675 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2019-0912 attack attempt (file-multimedia.rules)
 * 3:51674 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2019-0912 attack attempt (file-multimedia.rules)
 * 3:51680 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2019-0912 attack attempt (file-multimedia.rules)
 * 3:51677 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2019-0912 attack attempt (file-multimedia.rules)
 * 3:51679 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2019-0912 attack attempt (file-multimedia.rules)

2020-06-02 12:24:47 UTC

Snort Subscriber Rules Update

Date: 2020-06-02

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091300.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:54096 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.CobaltStrike powershell beacon download attempt (malware-other.rules)
 * 1:54094 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Zeus-7944985-0 download attempt (malware-other.rules)
 * 1:54090 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.DarkKomet-7946160-0 download attempt (malware-other.rules)
 * 1:54119 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Ircbot-7910553-0 download attempt (malware-other.rules)
 * 1:54107 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Mokes variant outbound connection (malware-cnc.rules)
 * 1:54088 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Zeus-7945000-0 download attempt (malware-other.rules)
 * 1:54097 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Mokes malicious executable download attempt (malware-other.rules)
 * 1:54105 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Mokes malicious executable download attempt (malware-other.rules)
 * 1:54099 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Mokes malicious executable download attempt (malware-other.rules)
 * 1:54109 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Mikey-7914350-0 download attempt (malware-other.rules)
 * 1:54106 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Mokes malicious executable download attempt (malware-other.rules)
 * 1:54086 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Barys-7933433-0 download attempt (malware-other.rules)
 * 1:54100 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Mokes malicious executable download attempt (malware-other.rules)
 * 1:54083 <-> DISABLED <-> MALWARE-OTHER PUA.Unix.Adware.Mobidash-7914334-0 download attempt (malware-other.rules)
 * 1:54085 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Barys-7933433-0 download attempt (malware-other.rules)
 * 1:54098 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Mokes malicious executable download attempt (malware-other.rules)
 * 1:54122 <-> ENABLED <-> SERVER-OTHER OpenSMTPD mta_io remote command injection attempt (server-other.rules)
 * 1:54102 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Mokes malicious executable download attempt (malware-other.rules)
 * 1:54087 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Zeus-7945000-0 download attempt (malware-other.rules)
 * 1:54091 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-7977738-0 download attempt (malware-other.rules)
 * 1:54095 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.CobaltStrike powershell beacon download attempt (malware-other.rules)
 * 1:54084 <-> DISABLED <-> MALWARE-OTHER PUA.Unix.Adware.Mobidash-7914334-0 download attempt (malware-other.rules)
 * 1:54093 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Zeus-7944985-0 download attempt (malware-other.rules)
 * 1:54101 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Mokes malicious executable download attempt (malware-other.rules)
 * 1:54089 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.DarkKomet-7946160-0 download attempt (malware-other.rules)
 * 1:54116 <-> ENABLED <-> MALWARE-OTHER Html.Trojan.CobaltStrike VBA payload download attempt (malware-other.rules)
 * 1:54118 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Ircbot-7910553-0 download attempt (malware-other.rules)
 * 1:54117 <-> ENABLED <-> MALWARE-OTHER Html.Trojan.CobaltStrike VBA payload download attempt (malware-other.rules)
 * 1:54114 <-> ENABLED <-> MALWARE-OTHER Html.Trojan.CobaltStrike powershell payload download attempt (malware-other.rules)
 * 1:54115 <-> ENABLED <-> MALWARE-OTHER Html.Trojan.CobaltStrike powershell payload download attempt (malware-other.rules)
 * 1:54113 <-> ENABLED <-> MALWARE-OTHER Html.Trojan.CobaltStrike HTML payload download attempt (malware-other.rules)
 * 1:54103 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Mokes malicious executable download attempt (malware-other.rules)
 * 1:54108 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Mikey-7914350-0 download attempt (malware-other.rules)
 * 1:54110 <-> ENABLED <-> MALWARE-OTHER Html.Trojan.CobaltStrike HTML payload download attempt (malware-other.rules)
 * 1:54092 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-7977738-0 download attempt (malware-other.rules)
 * 1:54111 <-> ENABLED <-> MALWARE-OTHER Html.Trojan.CobaltStrike HTML payload download attempt (malware-other.rules)
 * 1:54112 <-> ENABLED <-> MALWARE-OTHER Html.Trojan.CobaltStrike HTML payload download attempt (malware-other.rules)
 * 1:54104 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Mokes malicious executable download attempt (malware-other.rules)
 * 3:54130 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1077 attack attempt (server-webapp.rules)
 * 3:54141 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1075 attack attempt (server-webapp.rules)
 * 3:54123 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1077 attack attempt (server-webapp.rules)
 * 3:54127 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1077 attack attempt (server-webapp.rules)
 * 3:54135 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1073 attack attempt (server-webapp.rules)
 * 3:54120 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2019-0912 attack attempt (file-multimedia.rules)
 * 3:54138 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1074 attack attempt (server-webapp.rules)
 * 3:54142 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1076 attack attempt (server-webapp.rules)
 * 3:54121 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2019-0912 attack attempt (file-multimedia.rules)
 * 3:54133 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1072 attack attempt (server-webapp.rules)
 * 3:54128 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1077 attack attempt (server-webapp.rules)
 * 3:54137 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1073 attack attempt (server-webapp.rules)
 * 3:54126 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1077 attack attempt (server-webapp.rules)
 * 3:54139 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1075 attack attempt (server-webapp.rules)
 * 3:54132 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1072 attack attempt (server-webapp.rules)
 * 3:54143 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1076 attack attempt (server-webapp.rules)
 * 3:54131 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1077 attack attempt (server-webapp.rules)
 * 3:54136 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1073 attack attempt (server-webapp.rules)
 * 3:54140 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1075 attack attempt (server-webapp.rules)
 * 3:54124 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1077 attack attempt (server-webapp.rules)
 * 3:54129 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1077 attack attempt (server-webapp.rules)
 * 3:54144 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1076 attack attempt (server-webapp.rules)
 * 3:54125 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1077 attack attempt (server-webapp.rules)
 * 3:54134 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1072 attack attempt (server-webapp.rules)

Modified Rules:


 * 1:29423 <-> ENABLED <-> MALWARE-CNC Win.Trojan.MaxerDDos variant connection (malware-cnc.rules)
 * 1:54082 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound cnc connection (malware-cnc.rules)
 * 1:39233 <-> ENABLED <-> BROWSER-IE Microsoft Edge Content Security Policy bypass attempt (browser-ie.rules)
 * 1:54033 <-> DISABLED <-> SERVER-OTHER SaltStack wheel directory traversal attempt (server-other.rules)
 * 1:54031 <-> DISABLED <-> SERVER-OTHER SaltStack wheel directory traversal attempt (server-other.rules)
 * 1:28372 <-> ENABLED <-> PUA-ADWARE UpdateStar encapsulated installer outbound connection (pua-adware.rules)
 * 1:33481 <-> ENABLED <-> MALWARE-CNC Linux.Backdoor.Xnote outbound connection (malware-cnc.rules)
 * 1:54022 <-> DISABLED <-> SERVER-OTHER SaltStack authentication bypass attempt (server-other.rules)
 * 1:54030 <-> DISABLED <-> SERVER-OTHER SaltStack wheel directory traversal attempt (server-other.rules)
 * 1:42074 <-> ENABLED <-> PROTOCOL-SCADA TraceMode Runtime DOS attempt (protocol-scada.rules)
 * 1:28371 <-> ENABLED <-> PUA-ADWARE UpdateStar CIS file retrieval attempt (pua-adware.rules)
 * 1:54023 <-> DISABLED <-> SERVER-OTHER SaltStack authentication bypass attempt (server-other.rules)
 * 1:54032 <-> DISABLED <-> SERVER-OTHER SaltStack wheel directory traversal attempt (server-other.rules)
 * 1:42075 <-> ENABLED <-> PROTOCOL-SCADA TraceMode Runtime DOS attempt (protocol-scada.rules)
 * 1:40027 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Shakti variant outbound connection (malware-cnc.rules)
 * 1:28863 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CViewportChangeInvalidation use after free attempt (browser-ie.rules)
 * 1:28862 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CViewportChangeInvalidation use after free attempt (browser-ie.rules)
 * 3:51677 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2019-0912 attack attempt (file-multimedia.rules)
 * 3:51674 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2019-0912 attack attempt (file-multimedia.rules)
 * 3:51679 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2019-0912 attack attempt (file-multimedia.rules)
 * 3:51673 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2019-0912 attack attempt (file-multimedia.rules)
 * 3:51676 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2019-0912 attack attempt (file-multimedia.rules)
 * 3:51680 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2019-0912 attack attempt (file-multimedia.rules)
 * 3:51675 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2019-0912 attack attempt (file-multimedia.rules)
 * 3:51678 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2019-0912 attack attempt (file-multimedia.rules)

2020-06-02 12:24:47 UTC

Snort Subscriber Rules Update

Date: 2020-06-02

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091101.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:54096 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.CobaltStrike powershell beacon download attempt (malware-other.rules)
 * 1:54105 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Mokes malicious executable download attempt (malware-other.rules)
 * 1:54119 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Ircbot-7910553-0 download attempt (malware-other.rules)
 * 1:54090 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.DarkKomet-7946160-0 download attempt (malware-other.rules)
 * 1:54109 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Mikey-7914350-0 download attempt (malware-other.rules)
 * 1:54107 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Mokes variant outbound connection (malware-cnc.rules)
 * 1:54097 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Mokes malicious executable download attempt (malware-other.rules)
 * 1:54094 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Zeus-7944985-0 download attempt (malware-other.rules)
 * 1:54100 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Mokes malicious executable download attempt (malware-other.rules)
 * 1:54106 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Mokes malicious executable download attempt (malware-other.rules)
 * 1:54116 <-> ENABLED <-> MALWARE-OTHER Html.Trojan.CobaltStrike VBA payload download attempt (malware-other.rules)
 * 1:54117 <-> ENABLED <-> MALWARE-OTHER Html.Trojan.CobaltStrike VBA payload download attempt (malware-other.rules)
 * 1:54118 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Ircbot-7910553-0 download attempt (malware-other.rules)
 * 1:54113 <-> ENABLED <-> MALWARE-OTHER Html.Trojan.CobaltStrike HTML payload download attempt (malware-other.rules)
 * 1:54115 <-> ENABLED <-> MALWARE-OTHER Html.Trojan.CobaltStrike powershell payload download attempt (malware-other.rules)
 * 1:54114 <-> ENABLED <-> MALWARE-OTHER Html.Trojan.CobaltStrike powershell payload download attempt (malware-other.rules)
 * 1:54101 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Mokes malicious executable download attempt (malware-other.rules)
 * 1:54093 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Zeus-7944985-0 download attempt (malware-other.rules)
 * 1:54087 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Zeus-7945000-0 download attempt (malware-other.rules)
 * 1:54091 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-7977738-0 download attempt (malware-other.rules)
 * 1:54089 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.DarkKomet-7946160-0 download attempt (malware-other.rules)
 * 1:54104 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Mokes malicious executable download attempt (malware-other.rules)
 * 1:54086 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Barys-7933433-0 download attempt (malware-other.rules)
 * 1:54102 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Mokes malicious executable download attempt (malware-other.rules)
 * 1:54085 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Barys-7933433-0 download attempt (malware-other.rules)
 * 1:54099 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Mokes malicious executable download attempt (malware-other.rules)
 * 1:54092 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-7977738-0 download attempt (malware-other.rules)
 * 1:54122 <-> ENABLED <-> SERVER-OTHER OpenSMTPD mta_io remote command injection attempt (server-other.rules)
 * 1:54084 <-> DISABLED <-> MALWARE-OTHER PUA.Unix.Adware.Mobidash-7914334-0 download attempt (malware-other.rules)
 * 1:54108 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Mikey-7914350-0 download attempt (malware-other.rules)
 * 1:54083 <-> DISABLED <-> MALWARE-OTHER PUA.Unix.Adware.Mobidash-7914334-0 download attempt (malware-other.rules)
 * 1:54095 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.CobaltStrike powershell beacon download attempt (malware-other.rules)
 * 1:54088 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Zeus-7945000-0 download attempt (malware-other.rules)
 * 1:54103 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Mokes malicious executable download attempt (malware-other.rules)
 * 1:54110 <-> ENABLED <-> MALWARE-OTHER Html.Trojan.CobaltStrike HTML payload download attempt (malware-other.rules)
 * 1:54111 <-> ENABLED <-> MALWARE-OTHER Html.Trojan.CobaltStrike HTML payload download attempt (malware-other.rules)
 * 1:54112 <-> ENABLED <-> MALWARE-OTHER Html.Trojan.CobaltStrike HTML payload download attempt (malware-other.rules)
 * 1:54098 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Mokes malicious executable download attempt (malware-other.rules)
 * 3:54133 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1072 attack attempt (server-webapp.rules)
 * 3:54126 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1077 attack attempt (server-webapp.rules)
 * 3:54140 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1075 attack attempt (server-webapp.rules)
 * 3:54123 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1077 attack attempt (server-webapp.rules)
 * 3:54120 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2019-0912 attack attempt (file-multimedia.rules)
 * 3:54131 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1077 attack attempt (server-webapp.rules)
 * 3:54143 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1076 attack attempt (server-webapp.rules)
 * 3:54137 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1073 attack attempt (server-webapp.rules)
 * 3:54128 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1077 attack attempt (server-webapp.rules)
 * 3:54121 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2019-0912 attack attempt (file-multimedia.rules)
 * 3:54142 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1076 attack attempt (server-webapp.rules)
 * 3:54136 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1073 attack attempt (server-webapp.rules)
 * 3:54134 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1072 attack attempt (server-webapp.rules)
 * 3:54135 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1073 attack attempt (server-webapp.rules)
 * 3:54129 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1077 attack attempt (server-webapp.rules)
 * 3:54124 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1077 attack attempt (server-webapp.rules)
 * 3:54132 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1072 attack attempt (server-webapp.rules)
 * 3:54141 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1075 attack attempt (server-webapp.rules)
 * 3:54139 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1075 attack attempt (server-webapp.rules)
 * 3:54127 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1077 attack attempt (server-webapp.rules)
 * 3:54125 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1077 attack attempt (server-webapp.rules)
 * 3:54138 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1074 attack attempt (server-webapp.rules)
 * 3:54144 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1076 attack attempt (server-webapp.rules)
 * 3:54130 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1077 attack attempt (server-webapp.rules)

Modified Rules:


 * 1:54022 <-> DISABLED <-> SERVER-OTHER SaltStack authentication bypass attempt (server-other.rules)
 * 1:39233 <-> ENABLED <-> BROWSER-IE Microsoft Edge Content Security Policy bypass attempt (browser-ie.rules)
 * 1:42074 <-> ENABLED <-> PROTOCOL-SCADA TraceMode Runtime DOS attempt (protocol-scada.rules)
 * 1:28862 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CViewportChangeInvalidation use after free attempt (browser-ie.rules)
 * 1:54031 <-> DISABLED <-> SERVER-OTHER SaltStack wheel directory traversal attempt (server-other.rules)
 * 1:54032 <-> DISABLED <-> SERVER-OTHER SaltStack wheel directory traversal attempt (server-other.rules)
 * 1:28863 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CViewportChangeInvalidation use after free attempt (browser-ie.rules)
 * 1:40027 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Shakti variant outbound connection (malware-cnc.rules)
 * 1:54023 <-> DISABLED <-> SERVER-OTHER SaltStack authentication bypass attempt (server-other.rules)
 * 1:33481 <-> ENABLED <-> MALWARE-CNC Linux.Backdoor.Xnote outbound connection (malware-cnc.rules)
 * 1:29423 <-> ENABLED <-> MALWARE-CNC Win.Trojan.MaxerDDos variant connection (malware-cnc.rules)
 * 1:54030 <-> DISABLED <-> SERVER-OTHER SaltStack wheel directory traversal attempt (server-other.rules)
 * 1:28371 <-> ENABLED <-> PUA-ADWARE UpdateStar CIS file retrieval attempt (pua-adware.rules)
 * 1:42075 <-> ENABLED <-> PROTOCOL-SCADA TraceMode Runtime DOS attempt (protocol-scada.rules)
 * 1:28372 <-> ENABLED <-> PUA-ADWARE UpdateStar encapsulated installer outbound connection (pua-adware.rules)
 * 1:54033 <-> DISABLED <-> SERVER-OTHER SaltStack wheel directory traversal attempt (server-other.rules)
 * 1:54082 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound cnc connection (malware-cnc.rules)
 * 3:51676 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2019-0912 attack attempt (file-multimedia.rules)
 * 3:51677 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2019-0912 attack attempt (file-multimedia.rules)
 * 3:51679 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2019-0912 attack attempt (file-multimedia.rules)
 * 3:51678 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2019-0912 attack attempt (file-multimedia.rules)
 * 3:51673 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2019-0912 attack attempt (file-multimedia.rules)
 * 3:51674 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2019-0912 attack attempt (file-multimedia.rules)
 * 3:51675 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2019-0912 attack attempt (file-multimedia.rules)
 * 3:51680 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2019-0912 attack attempt (file-multimedia.rules)

2020-06-02 12:24:47 UTC

Snort Subscriber Rules Update

Date: 2020-06-02

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3000.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:54099 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Mokes malicious executable download attempt (snort3-malware-other.rules)
 * 1:54112 <-> ENABLED <-> MALWARE-OTHER Html.Trojan.CobaltStrike HTML payload download attempt (snort3-malware-other.rules)
 * 1:54084 <-> DISABLED <-> MALWARE-OTHER PUA.Unix.Adware.Mobidash-7914334-0 download attempt (snort3-malware-other.rules)
 * 1:54106 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Mokes malicious executable download attempt (snort3-malware-other.rules)
 * 1:54083 <-> DISABLED <-> MALWARE-OTHER PUA.Unix.Adware.Mobidash-7914334-0 download attempt (snort3-malware-other.rules)
 * 1:54111 <-> ENABLED <-> MALWARE-OTHER Html.Trojan.CobaltStrike HTML payload download attempt (snort3-malware-other.rules)
 * 1:54089 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.DarkKomet-7946160-0 download attempt (snort3-malware-other.rules)
 * 1:54088 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Zeus-7945000-0 download attempt (snort3-malware-other.rules)
 * 1:54087 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Zeus-7945000-0 download attempt (snort3-malware-other.rules)
 * 1:54086 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Barys-7933433-0 download attempt (snort3-malware-other.rules)
 * 1:54104 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Mokes malicious executable download attempt (snort3-malware-other.rules)
 * 1:54113 <-> ENABLED <-> MALWARE-OTHER Html.Trojan.CobaltStrike HTML payload download attempt (snort3-malware-other.rules)
 * 1:54110 <-> ENABLED <-> MALWARE-OTHER Html.Trojan.CobaltStrike HTML payload download attempt (snort3-malware-other.rules)
 * 1:54107 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Mokes variant outbound connection (snort3-malware-cnc.rules)
 * 1:54096 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.CobaltStrike powershell beacon download attempt (snort3-malware-other.rules)
 * 1:54097 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Mokes malicious executable download attempt (snort3-malware-other.rules)
 * 1:54098 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Mokes malicious executable download attempt (snort3-malware-other.rules)
 * 1:54115 <-> ENABLED <-> MALWARE-OTHER Html.Trojan.CobaltStrike powershell payload download attempt (snort3-malware-other.rules)
 * 1:54092 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-7977738-0 download attempt (snort3-malware-other.rules)
 * 1:54119 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Ircbot-7910553-0 download attempt (snort3-malware-other.rules)
 * 1:54090 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.DarkKomet-7946160-0 download attempt (snort3-malware-other.rules)
 * 1:54118 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Ircbot-7910553-0 download attempt (snort3-malware-other.rules)
 * 1:54117 <-> ENABLED <-> MALWARE-OTHER Html.Trojan.CobaltStrike VBA payload download attempt (snort3-malware-other.rules)
 * 1:54109 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Mikey-7914350-0 download attempt (snort3-malware-other.rules)
 * 1:54101 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Mokes malicious executable download attempt (snort3-malware-other.rules)
 * 1:54122 <-> ENABLED <-> SERVER-OTHER OpenSMTPD mta_io remote command injection attempt (snort3-server-other.rules)
 * 1:54093 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Zeus-7944985-0 download attempt (snort3-malware-other.rules)
 * 1:54114 <-> ENABLED <-> MALWARE-OTHER Html.Trojan.CobaltStrike powershell payload download attempt (snort3-malware-other.rules)
 * 1:54095 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.CobaltStrike powershell beacon download attempt (snort3-malware-other.rules)
 * 1:54094 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Zeus-7944985-0 download attempt (snort3-malware-other.rules)
 * 1:54102 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Mokes malicious executable download attempt (snort3-malware-other.rules)
 * 1:54100 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Mokes malicious executable download attempt (snort3-malware-other.rules)
 * 1:54116 <-> ENABLED <-> MALWARE-OTHER Html.Trojan.CobaltStrike VBA payload download attempt (snort3-malware-other.rules)
 * 1:54108 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Mikey-7914350-0 download attempt (snort3-malware-other.rules)
 * 1:54103 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Mokes malicious executable download attempt (snort3-malware-other.rules)
 * 1:54105 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Mokes malicious executable download attempt (snort3-malware-other.rules)
 * 1:54091 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-7977738-0 download attempt (snort3-malware-other.rules)
 * 1:54085 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Barys-7933433-0 download attempt (snort3-malware-other.rules)

Modified Rules:


 * 1:54030 <-> DISABLED <-> SERVER-OTHER SaltStack wheel directory traversal attempt (snort3-server-other.rules)
 * 1:28371 <-> ENABLED <-> PUA-ADWARE UpdateStar CIS file retrieval attempt (snort3-pua-adware.rules)
 * 1:42075 <-> ENABLED <-> PROTOCOL-SCADA TraceMode Runtime DOS attempt (snort3-protocol-scada.rules)
 * 1:33481 <-> ENABLED <-> MALWARE-CNC Linux.Backdoor.Xnote outbound connection (snort3-malware-cnc.rules)
 * 1:28863 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CViewportChangeInvalidation use after free attempt (snort3-browser-ie.rules)
 * 1:54031 <-> DISABLED <-> SERVER-OTHER SaltStack wheel directory traversal attempt (snort3-server-other.rules)
 * 1:28862 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CViewportChangeInvalidation use after free attempt (snort3-browser-ie.rules)
 * 1:39233 <-> ENABLED <-> BROWSER-IE Microsoft Edge Content Security Policy bypass attempt (snort3-browser-ie.rules)
 * 1:54032 <-> DISABLED <-> SERVER-OTHER SaltStack wheel directory traversal attempt (snort3-server-other.rules)
 * 1:54023 <-> DISABLED <-> SERVER-OTHER SaltStack authentication bypass attempt (snort3-server-other.rules)
 * 1:54033 <-> DISABLED <-> SERVER-OTHER SaltStack wheel directory traversal attempt (snort3-server-other.rules)
 * 1:42074 <-> ENABLED <-> PROTOCOL-SCADA TraceMode Runtime DOS attempt (snort3-protocol-scada.rules)
 * 1:54082 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound cnc connection (snort3-malware-cnc.rules)
 * 1:54022 <-> DISABLED <-> SERVER-OTHER SaltStack authentication bypass attempt (snort3-server-other.rules)
 * 1:40027 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Shakti variant outbound connection (snort3-malware-cnc.rules)
 * 1:28372 <-> ENABLED <-> PUA-ADWARE UpdateStar encapsulated installer outbound connection (snort3-pua-adware.rules)
 * 1:29423 <-> ENABLED <-> MALWARE-CNC Win.Trojan.MaxerDDos variant connection (snort3-malware-cnc.rules)

2020-06-02 12:24:47 UTC

Snort Subscriber Rules Update

Date: 2020-06-02

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:54113 <-> ENABLED <-> MALWARE-OTHER Html.Trojan.CobaltStrike HTML payload download attempt (malware-other.rules)
 * 1:54119 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Ircbot-7910553-0 download attempt (malware-other.rules)
 * 1:54104 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Mokes malicious executable download attempt (malware-other.rules)
 * 1:54106 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Mokes malicious executable download attempt (malware-other.rules)
 * 1:54088 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Zeus-7945000-0 download attempt (malware-other.rules)
 * 1:54116 <-> ENABLED <-> MALWARE-OTHER Html.Trojan.CobaltStrike VBA payload download attempt (malware-other.rules)
 * 1:54111 <-> ENABLED <-> MALWARE-OTHER Html.Trojan.CobaltStrike HTML payload download attempt (malware-other.rules)
 * 1:54085 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Barys-7933433-0 download attempt (malware-other.rules)
 * 1:54115 <-> ENABLED <-> MALWARE-OTHER Html.Trojan.CobaltStrike powershell payload download attempt (malware-other.rules)
 * 1:54109 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Mikey-7914350-0 download attempt (malware-other.rules)
 * 1:54122 <-> ENABLED <-> SERVER-OTHER OpenSMTPD mta_io remote command injection attempt (server-other.rules)
 * 1:54086 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Barys-7933433-0 download attempt (malware-other.rules)
 * 1:54118 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Ircbot-7910553-0 download attempt (malware-other.rules)
 * 1:54110 <-> ENABLED <-> MALWARE-OTHER Html.Trojan.CobaltStrike HTML payload download attempt (malware-other.rules)
 * 1:54108 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Mikey-7914350-0 download attempt (malware-other.rules)
 * 1:54114 <-> ENABLED <-> MALWARE-OTHER Html.Trojan.CobaltStrike powershell payload download attempt (malware-other.rules)
 * 1:54093 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Zeus-7944985-0 download attempt (malware-other.rules)
 * 1:54101 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Mokes malicious executable download attempt (malware-other.rules)
 * 1:54102 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Mokes malicious executable download attempt (malware-other.rules)
 * 1:54117 <-> ENABLED <-> MALWARE-OTHER Html.Trojan.CobaltStrike VBA payload download attempt (malware-other.rules)
 * 1:54100 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Mokes malicious executable download attempt (malware-other.rules)
 * 1:54099 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Mokes malicious executable download attempt (malware-other.rules)
 * 1:54089 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.DarkKomet-7946160-0 download attempt (malware-other.rules)
 * 1:54094 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Zeus-7944985-0 download attempt (malware-other.rules)
 * 1:54090 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.DarkKomet-7946160-0 download attempt (malware-other.rules)
 * 1:54096 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.CobaltStrike powershell beacon download attempt (malware-other.rules)
 * 1:54091 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-7977738-0 download attempt (malware-other.rules)
 * 1:54097 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Mokes malicious executable download attempt (malware-other.rules)
 * 1:54092 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-7977738-0 download attempt (malware-other.rules)
 * 1:54105 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Mokes malicious executable download attempt (malware-other.rules)
 * 1:54083 <-> DISABLED <-> MALWARE-OTHER PUA.Unix.Adware.Mobidash-7914334-0 download attempt (malware-other.rules)
 * 1:54087 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Zeus-7945000-0 download attempt (malware-other.rules)
 * 1:54098 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Mokes malicious executable download attempt (malware-other.rules)
 * 1:54095 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.CobaltStrike powershell beacon download attempt (malware-other.rules)
 * 1:54112 <-> ENABLED <-> MALWARE-OTHER Html.Trojan.CobaltStrike HTML payload download attempt (malware-other.rules)
 * 1:54103 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Mokes malicious executable download attempt (malware-other.rules)
 * 1:54107 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Mokes variant outbound connection (malware-cnc.rules)
 * 1:54084 <-> DISABLED <-> MALWARE-OTHER PUA.Unix.Adware.Mobidash-7914334-0 download attempt (malware-other.rules)
 * 3:54124 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1077 attack attempt (server-webapp.rules)
 * 3:54141 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1075 attack attempt (server-webapp.rules)
 * 3:54132 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1072 attack attempt (server-webapp.rules)
 * 3:54138 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1074 attack attempt (server-webapp.rules)
 * 3:54121 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2019-0912 attack attempt (file-multimedia.rules)
 * 3:54140 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1075 attack attempt (server-webapp.rules)
 * 3:54129 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1077 attack attempt (server-webapp.rules)
 * 3:54133 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1072 attack attempt (server-webapp.rules)
 * 3:54130 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1077 attack attempt (server-webapp.rules)
 * 3:54126 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1077 attack attempt (server-webapp.rules)
 * 3:54123 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1077 attack attempt (server-webapp.rules)
 * 3:54144 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1076 attack attempt (server-webapp.rules)
 * 3:54125 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1077 attack attempt (server-webapp.rules)
 * 3:54120 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2019-0912 attack attempt (file-multimedia.rules)
 * 3:54142 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1076 attack attempt (server-webapp.rules)
 * 3:54135 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1073 attack attempt (server-webapp.rules)
 * 3:54139 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1075 attack attempt (server-webapp.rules)
 * 3:54134 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1072 attack attempt (server-webapp.rules)
 * 3:54128 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1077 attack attempt (server-webapp.rules)
 * 3:54131 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1077 attack attempt (server-webapp.rules)
 * 3:54143 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1076 attack attempt (server-webapp.rules)
 * 3:54136 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1073 attack attempt (server-webapp.rules)
 * 3:54127 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1077 attack attempt (server-webapp.rules)
 * 3:54137 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1073 attack attempt (server-webapp.rules)

Modified Rules:


 * 1:28372 <-> ENABLED <-> PUA-ADWARE UpdateStar encapsulated installer outbound connection (pua-adware.rules)
 * 1:29423 <-> ENABLED <-> MALWARE-CNC Win.Trojan.MaxerDDos variant connection (malware-cnc.rules)
 * 1:28862 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CViewportChangeInvalidation use after free attempt (browser-ie.rules)
 * 1:54030 <-> DISABLED <-> SERVER-OTHER SaltStack wheel directory traversal attempt (server-other.rules)
 * 1:54023 <-> DISABLED <-> SERVER-OTHER SaltStack authentication bypass attempt (server-other.rules)
 * 1:40027 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Shakti variant outbound connection (malware-cnc.rules)
 * 1:54032 <-> DISABLED <-> SERVER-OTHER SaltStack wheel directory traversal attempt (server-other.rules)
 * 1:28863 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CViewportChangeInvalidation use after free attempt (browser-ie.rules)
 * 1:54082 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound cnc connection (malware-cnc.rules)
 * 1:28371 <-> ENABLED <-> PUA-ADWARE UpdateStar CIS file retrieval attempt (pua-adware.rules)
 * 1:42075 <-> ENABLED <-> PROTOCOL-SCADA TraceMode Runtime DOS attempt (protocol-scada.rules)
 * 1:33481 <-> ENABLED <-> MALWARE-CNC Linux.Backdoor.Xnote outbound connection (malware-cnc.rules)
 * 1:42074 <-> ENABLED <-> PROTOCOL-SCADA TraceMode Runtime DOS attempt (protocol-scada.rules)
 * 1:39233 <-> ENABLED <-> BROWSER-IE Microsoft Edge Content Security Policy bypass attempt (browser-ie.rules)
 * 1:54033 <-> DISABLED <-> SERVER-OTHER SaltStack wheel directory traversal attempt (server-other.rules)
 * 1:54031 <-> DISABLED <-> SERVER-OTHER SaltStack wheel directory traversal attempt (server-other.rules)
 * 1:54022 <-> DISABLED <-> SERVER-OTHER SaltStack authentication bypass attempt (server-other.rules)
 * 3:51676 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2019-0912 attack attempt (file-multimedia.rules)
 * 3:51678 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2019-0912 attack attempt (file-multimedia.rules)
 * 3:51677 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2019-0912 attack attempt (file-multimedia.rules)
 * 3:51673 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2019-0912 attack attempt (file-multimedia.rules)
 * 3:51674 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2019-0912 attack attempt (file-multimedia.rules)
 * 3:51679 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2019-0912 attack attempt (file-multimedia.rules)
 * 3:51675 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2019-0912 attack attempt (file-multimedia.rules)
 * 3:51680 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2019-0912 attack attempt (file-multimedia.rules)