Talos has added and modified multiple rules in the file-other, malware-other, malware-tools and server-webapp rule sets to provide coverage for emerging threats from these technologies.
For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091601.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:54903 <-> DISABLED <-> SERVER-WEBAPP ThinkPHP Framework remote code execution attempt (server-webapp.rules) * 1:54904 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Dridex malicious file download attempt (malware-other.rules) * 1:54905 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Dridex malicious executable download attempt (malware-other.rules) * 1:54906 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Dridex malicious executable download attempt (malware-other.rules) * 1:54907 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Dridex malicious executable download attempt (malware-other.rules) * 1:54908 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Dridex malicious file download attempt (malware-other.rules) * 1:54909 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Dridex malicious executable download attempt (malware-other.rules) * 1:54911 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.LockBit ransomware download attempt (malware-other.rules) * 1:54910 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.LockBit ransomware download attempt (malware-other.rules) * 1:54912 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.LockBit ransomware download attempt (malware-other.rules) * 1:54913 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.LockBit ransomware download attempt (malware-other.rules) * 1:54914 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.LockBit ransomware download attempt (malware-other.rules) * 1:54915 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.LockBit ransomware download attempt (malware-other.rules) * 1:54916 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.LockBit ransomware download attempt (malware-other.rules) * 1:54917 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.LockBit ransomware download attempt (malware-other.rules) * 1:54918 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k local privilege escalation attempt (os-windows.rules) * 1:54919 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k local privilege escalation attempt (os-windows.rules) * 1:54920 <-> ENABLED <-> MALWARE-TOOLS Win.Packer.Salfram packed executable download attempt (malware-tools.rules) * 1:54921 <-> ENABLED <-> MALWARE-TOOLS Win.Packer.Salfram packed executable download attempt (malware-tools.rules) * 3:54922 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1145 attack attempt (file-other.rules) * 3:54923 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1145 attack attempt (file-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091600.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:54912 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.LockBit ransomware download attempt (malware-other.rules) * 1:54911 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.LockBit ransomware download attempt (malware-other.rules) * 1:54914 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.LockBit ransomware download attempt (malware-other.rules) * 1:54913 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.LockBit ransomware download attempt (malware-other.rules) * 1:54916 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.LockBit ransomware download attempt (malware-other.rules) * 1:54915 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.LockBit ransomware download attempt (malware-other.rules) * 1:54917 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.LockBit ransomware download attempt (malware-other.rules) * 1:54918 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k local privilege escalation attempt (os-windows.rules) * 1:54904 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Dridex malicious file download attempt (malware-other.rules) * 1:54905 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Dridex malicious executable download attempt (malware-other.rules) * 1:54906 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Dridex malicious executable download attempt (malware-other.rules) * 1:54919 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k local privilege escalation attempt (os-windows.rules) * 1:54921 <-> ENABLED <-> MALWARE-TOOLS Win.Packer.Salfram packed executable download attempt (malware-tools.rules) * 1:54920 <-> ENABLED <-> MALWARE-TOOLS Win.Packer.Salfram packed executable download attempt (malware-tools.rules) * 1:54903 <-> DISABLED <-> SERVER-WEBAPP ThinkPHP Framework remote code execution attempt (server-webapp.rules) * 1:54908 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Dridex malicious file download attempt (malware-other.rules) * 1:54907 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Dridex malicious executable download attempt (malware-other.rules) * 1:54910 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.LockBit ransomware download attempt (malware-other.rules) * 1:54909 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Dridex malicious executable download attempt (malware-other.rules) * 3:54922 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1145 attack attempt (file-other.rules) * 3:54923 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1145 attack attempt (file-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091501.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:54918 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k local privilege escalation attempt (os-windows.rules) * 1:54906 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Dridex malicious executable download attempt (malware-other.rules) * 1:54917 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.LockBit ransomware download attempt (malware-other.rules) * 1:54904 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Dridex malicious file download attempt (malware-other.rules) * 1:54905 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Dridex malicious executable download attempt (malware-other.rules) * 1:54919 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k local privilege escalation attempt (os-windows.rules) * 1:54921 <-> ENABLED <-> MALWARE-TOOLS Win.Packer.Salfram packed executable download attempt (malware-tools.rules) * 1:54920 <-> ENABLED <-> MALWARE-TOOLS Win.Packer.Salfram packed executable download attempt (malware-tools.rules) * 1:54908 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Dridex malicious file download attempt (malware-other.rules) * 1:54909 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Dridex malicious executable download attempt (malware-other.rules) * 1:54910 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.LockBit ransomware download attempt (malware-other.rules) * 1:54903 <-> DISABLED <-> SERVER-WEBAPP ThinkPHP Framework remote code execution attempt (server-webapp.rules) * 1:54911 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.LockBit ransomware download attempt (malware-other.rules) * 1:54912 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.LockBit ransomware download attempt (malware-other.rules) * 1:54913 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.LockBit ransomware download attempt (malware-other.rules) * 1:54907 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Dridex malicious executable download attempt (malware-other.rules) * 1:54914 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.LockBit ransomware download attempt (malware-other.rules) * 1:54915 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.LockBit ransomware download attempt (malware-other.rules) * 1:54916 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.LockBit ransomware download attempt (malware-other.rules) * 3:54922 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1145 attack attempt (file-other.rules) * 3:54923 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1145 attack attempt (file-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091500.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:54917 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.LockBit ransomware download attempt (malware-other.rules) * 1:54919 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k local privilege escalation attempt (os-windows.rules) * 1:54905 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Dridex malicious executable download attempt (malware-other.rules) * 1:54921 <-> ENABLED <-> MALWARE-TOOLS Win.Packer.Salfram packed executable download attempt (malware-tools.rules) * 1:54918 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k local privilege escalation attempt (os-windows.rules) * 1:54906 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Dridex malicious executable download attempt (malware-other.rules) * 1:54907 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Dridex malicious executable download attempt (malware-other.rules) * 1:54908 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Dridex malicious file download attempt (malware-other.rules) * 1:54920 <-> ENABLED <-> MALWARE-TOOLS Win.Packer.Salfram packed executable download attempt (malware-tools.rules) * 1:54903 <-> DISABLED <-> SERVER-WEBAPP ThinkPHP Framework remote code execution attempt (server-webapp.rules) * 1:54904 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Dridex malicious file download attempt (malware-other.rules) * 1:54915 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.LockBit ransomware download attempt (malware-other.rules) * 1:54912 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.LockBit ransomware download attempt (malware-other.rules) * 1:54909 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Dridex malicious executable download attempt (malware-other.rules) * 1:54916 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.LockBit ransomware download attempt (malware-other.rules) * 1:54911 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.LockBit ransomware download attempt (malware-other.rules) * 1:54910 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.LockBit ransomware download attempt (malware-other.rules) * 1:54914 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.LockBit ransomware download attempt (malware-other.rules) * 1:54913 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.LockBit ransomware download attempt (malware-other.rules) * 3:54922 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1145 attack attempt (file-other.rules) * 3:54923 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1145 attack attempt (file-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091401.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:54921 <-> ENABLED <-> MALWARE-TOOLS Win.Packer.Salfram packed executable download attempt (malware-tools.rules) * 1:54906 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Dridex malicious executable download attempt (malware-other.rules) * 1:54904 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Dridex malicious file download attempt (malware-other.rules) * 1:54919 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k local privilege escalation attempt (os-windows.rules) * 1:54903 <-> DISABLED <-> SERVER-WEBAPP ThinkPHP Framework remote code execution attempt (server-webapp.rules) * 1:54920 <-> ENABLED <-> MALWARE-TOOLS Win.Packer.Salfram packed executable download attempt (malware-tools.rules) * 1:54905 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Dridex malicious executable download attempt (malware-other.rules) * 1:54908 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Dridex malicious file download attempt (malware-other.rules) * 1:54909 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Dridex malicious executable download attempt (malware-other.rules) * 1:54910 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.LockBit ransomware download attempt (malware-other.rules) * 1:54907 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Dridex malicious executable download attempt (malware-other.rules) * 1:54917 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.LockBit ransomware download attempt (malware-other.rules) * 1:54911 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.LockBit ransomware download attempt (malware-other.rules) * 1:54912 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.LockBit ransomware download attempt (malware-other.rules) * 1:54918 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k local privilege escalation attempt (os-windows.rules) * 1:54913 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.LockBit ransomware download attempt (malware-other.rules) * 1:54914 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.LockBit ransomware download attempt (malware-other.rules) * 1:54915 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.LockBit ransomware download attempt (malware-other.rules) * 1:54916 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.LockBit ransomware download attempt (malware-other.rules) * 3:54922 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1145 attack attempt (file-other.rules) * 3:54923 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1145 attack attempt (file-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091300.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:54918 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k local privilege escalation attempt (os-windows.rules) * 1:54903 <-> DISABLED <-> SERVER-WEBAPP ThinkPHP Framework remote code execution attempt (server-webapp.rules) * 1:54919 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k local privilege escalation attempt (os-windows.rules) * 1:54920 <-> ENABLED <-> MALWARE-TOOLS Win.Packer.Salfram packed executable download attempt (malware-tools.rules) * 1:54905 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Dridex malicious executable download attempt (malware-other.rules) * 1:54921 <-> ENABLED <-> MALWARE-TOOLS Win.Packer.Salfram packed executable download attempt (malware-tools.rules) * 1:54908 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Dridex malicious file download attempt (malware-other.rules) * 1:54909 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Dridex malicious executable download attempt (malware-other.rules) * 1:54906 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Dridex malicious executable download attempt (malware-other.rules) * 1:54907 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Dridex malicious executable download attempt (malware-other.rules) * 1:54904 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Dridex malicious file download attempt (malware-other.rules) * 1:54917 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.LockBit ransomware download attempt (malware-other.rules) * 1:54910 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.LockBit ransomware download attempt (malware-other.rules) * 1:54911 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.LockBit ransomware download attempt (malware-other.rules) * 1:54912 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.LockBit ransomware download attempt (malware-other.rules) * 1:54913 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.LockBit ransomware download attempt (malware-other.rules) * 1:54914 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.LockBit ransomware download attempt (malware-other.rules) * 1:54915 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.LockBit ransomware download attempt (malware-other.rules) * 1:54916 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.LockBit ransomware download attempt (malware-other.rules) * 3:54922 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1145 attack attempt (file-other.rules) * 3:54923 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1145 attack attempt (file-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091101.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:54903 <-> DISABLED <-> SERVER-WEBAPP ThinkPHP Framework remote code execution attempt (server-webapp.rules) * 1:54920 <-> ENABLED <-> MALWARE-TOOLS Win.Packer.Salfram packed executable download attempt (malware-tools.rules) * 1:54921 <-> ENABLED <-> MALWARE-TOOLS Win.Packer.Salfram packed executable download attempt (malware-tools.rules) * 1:54918 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k local privilege escalation attempt (os-windows.rules) * 1:54904 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Dridex malicious file download attempt (malware-other.rules) * 1:54906 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Dridex malicious executable download attempt (malware-other.rules) * 1:54917 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.LockBit ransomware download attempt (malware-other.rules) * 1:54907 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Dridex malicious executable download attempt (malware-other.rules) * 1:54905 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Dridex malicious executable download attempt (malware-other.rules) * 1:54908 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Dridex malicious file download attempt (malware-other.rules) * 1:54919 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k local privilege escalation attempt (os-windows.rules) * 1:54909 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Dridex malicious executable download attempt (malware-other.rules) * 1:54910 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.LockBit ransomware download attempt (malware-other.rules) * 1:54911 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.LockBit ransomware download attempt (malware-other.rules) * 1:54912 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.LockBit ransomware download attempt (malware-other.rules) * 1:54913 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.LockBit ransomware download attempt (malware-other.rules) * 1:54914 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.LockBit ransomware download attempt (malware-other.rules) * 1:54915 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.LockBit ransomware download attempt (malware-other.rules) * 1:54916 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.LockBit ransomware download attempt (malware-other.rules) * 3:54922 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1145 attack attempt (file-other.rules) * 3:54923 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1145 attack attempt (file-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3000.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:54914 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.LockBit ransomware download attempt (snort3-malware-other.rules) * 1:54907 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Dridex malicious executable download attempt (snort3-malware-other.rules) * 1:54921 <-> ENABLED <-> MALWARE-TOOLS Win.Packer.Salfram packed executable download attempt (snort3-malware-tools.rules) * 1:54920 <-> ENABLED <-> MALWARE-TOOLS Win.Packer.Salfram packed executable download attempt (snort3-malware-tools.rules) * 1:54910 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.LockBit ransomware download attempt (snort3-malware-other.rules) * 1:54908 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Dridex malicious file download attempt (snort3-malware-other.rules) * 1:54912 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.LockBit ransomware download attempt (snort3-malware-other.rules) * 1:54916 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.LockBit ransomware download attempt (snort3-malware-other.rules) * 1:54918 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k local privilege escalation attempt (snort3-os-windows.rules) * 1:54911 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.LockBit ransomware download attempt (snort3-malware-other.rules) * 1:54913 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.LockBit ransomware download attempt (snort3-malware-other.rules) * 1:54904 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Dridex malicious file download attempt (snort3-malware-other.rules) * 1:54915 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.LockBit ransomware download attempt (snort3-malware-other.rules) * 1:54917 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.LockBit ransomware download attempt (snort3-malware-other.rules) * 1:54903 <-> DISABLED <-> SERVER-WEBAPP ThinkPHP Framework remote code execution attempt (snort3-server-webapp.rules) * 1:54905 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Dridex malicious executable download attempt (snort3-malware-other.rules) * 1:54906 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Dridex malicious executable download attempt (snort3-malware-other.rules) * 1:54919 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k local privilege escalation attempt (snort3-os-windows.rules) * 1:54909 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Dridex malicious executable download attempt (snort3-malware-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:54917 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.LockBit ransomware download attempt (malware-other.rules) * 1:54913 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.LockBit ransomware download attempt (malware-other.rules) * 1:54914 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.LockBit ransomware download attempt (malware-other.rules) * 1:54920 <-> ENABLED <-> MALWARE-TOOLS Win.Packer.Salfram packed executable download attempt (malware-tools.rules) * 1:54910 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.LockBit ransomware download attempt (malware-other.rules) * 1:54903 <-> DISABLED <-> SERVER-WEBAPP ThinkPHP Framework remote code execution attempt (server-webapp.rules) * 1:54916 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.LockBit ransomware download attempt (malware-other.rules) * 1:54907 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Dridex malicious executable download attempt (malware-other.rules) * 1:54919 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k local privilege escalation attempt (os-windows.rules) * 1:54908 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Dridex malicious file download attempt (malware-other.rules) * 1:54918 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k local privilege escalation attempt (os-windows.rules) * 1:54905 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Dridex malicious executable download attempt (malware-other.rules) * 1:54911 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.LockBit ransomware download attempt (malware-other.rules) * 1:54912 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.LockBit ransomware download attempt (malware-other.rules) * 1:54906 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Dridex malicious executable download attempt (malware-other.rules) * 1:54904 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Dridex malicious file download attempt (malware-other.rules) * 1:54921 <-> ENABLED <-> MALWARE-TOOLS Win.Packer.Salfram packed executable download attempt (malware-tools.rules) * 1:54915 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.LockBit ransomware download attempt (malware-other.rules) * 1:54909 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Dridex malicious executable download attempt (malware-other.rules) * 3:54922 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1145 attack attempt (file-other.rules) * 3:54923 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1145 attack attempt (file-other.rules)