Talos Rules 2020-09-18
This release adds and modifies rules in several categories.

Talos is releasing SIDs 55703 through 55704 to enhance coverage for CVE-2020-1472, including detection of its use by Mimikatz.

Talos has added and modified multiple rules in the malware-other and server-webapp rule sets to provide coverage for emerging threats from these technologies.

Change logs

2020-09-18 19:43:08 UTC

Snort Subscriber Rules Update

Date: 2020-09-18

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091601.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:55781 <-> DISABLED <-> MALWARE-OTHER Win.Keylogger.Emotet-9762950-0 download attempt (malware-other.rules)
 * 1:55782 <-> DISABLED <-> MALWARE-OTHER Win.Keylogger.Emotet-9762950-0 download attempt (malware-other.rules)
 * 1:55783 <-> DISABLED <-> MALWARE-OTHER PUA.Win.File.Avira-9762997-0 download attempt (malware-other.rules)
 * 1:55784 <-> DISABLED <-> MALWARE-OTHER PUA.Win.File.Avira-9762997-0 download attempt (malware-other.rules)
 * 1:55785 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9763167-0 download attempt (malware-other.rules)
 * 1:55786 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9763167-0 download attempt (malware-other.rules)
 * 1:55787 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Emotet-9763169-0 download attempt (malware-other.rules)
 * 1:55788 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Emotet-9763169-0 download attempt (malware-other.rules)
 * 1:55789 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Crossrider-9763527-0 download attempt (malware-other.rules)
 * 1:55790 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Crossrider-9763527-0 download attempt (malware-other.rules)
 * 1:55750 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zeroaccess-9762111-0 download attempt (malware-other.rules)
 * 1:55751 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zeroaccess-9762111-0 download attempt (malware-other.rules)
 * 1:55752 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Urausy-9762145-0 download attempt (malware-other.rules)
 * 1:55753 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Urausy-9762145-0 download attempt (malware-other.rules)
 * 1:55754 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Nitol-9762149-0 download attempt (malware-other.rules)
 * 1:55755 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Nitol-9762149-0 download attempt (malware-other.rules)
 * 1:55756 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9762150-0 download attempt (malware-other.rules)
 * 1:55757 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9762150-0 download attempt (malware-other.rules)
 * 1:55758 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9762151-0 download attempt (malware-other.rules)
 * 1:55759 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9762151-0 download attempt (malware-other.rules)
 * 1:55760 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Fareit-9762193-0 download attempt (malware-other.rules)
 * 1:55761 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Fareit-9762193-0 download attempt (malware-other.rules)
 * 1:55762 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9762160-0 download attempt (malware-other.rules)
 * 1:55763 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9762160-0 download attempt (malware-other.rules)
 * 1:55764 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Generickdz-9762176-0 download attempt (malware-other.rules)
 * 1:55765 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Generickdz-9762176-0 download attempt (malware-other.rules)
 * 1:55766 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zeroaccess-9762177-0 download attempt (malware-other.rules)
 * 1:55767 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zeroaccess-9762177-0 download attempt (malware-other.rules)
 * 1:55768 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9762179-0 download attempt (malware-other.rules)
 * 1:55769 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9762179-0 download attempt (malware-other.rules)
 * 1:55770 <-> DISABLED <-> MALWARE-OTHER Win.Keylogger.Zeroaccess-9762346-0 download attempt (malware-other.rules)
 * 1:55771 <-> DISABLED <-> MALWARE-OTHER Win.Keylogger.Zeroaccess-9762346-0 download attempt (malware-other.rules)
 * 1:55772 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zeroaccess-9762336-0 download attempt (malware-other.rules)
 * 1:55773 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zeroaccess-9762336-0 download attempt (malware-other.rules)
 * 1:55774 <-> DISABLED <-> MALWARE-OTHER Win.Keylogger.Ardamax-9762361-0 download attempt (malware-other.rules)
 * 1:55775 <-> DISABLED <-> MALWARE-OTHER Win.Keylogger.Ardamax-9762361-0 download attempt (malware-other.rules)
 * 1:55776 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Variadic-9762514-0 download attempt (malware-other.rules)
 * 1:55777 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Variadic-9762514-0 download attempt (malware-other.rules)
 * 1:55778 <-> ENABLED <-> SERVER-WEBAPP Wordpress File Manager plugin elFinder remote code execution attempt (server-webapp.rules)
 * 1:55779 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9762933-0 download attempt (malware-other.rules)
 * 1:55780 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9762933-0 download attempt (malware-other.rules)

Modified Rules:


 * 1:55703 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Netlogon crafted NetrServerReqChallenge elevation of privilege attempt (os-windows.rules)
 * 1:55704 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Netlogon crafted NetrServerAuthenticate elevation of privilege attempt (os-windows.rules)

2020-09-18 19:43:08 UTC

Snort Subscriber Rules Update

Date: 2020-09-18

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091600.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:55781 <-> DISABLED <-> MALWARE-OTHER Win.Keylogger.Emotet-9762950-0 download attempt (malware-other.rules)
 * 1:55783 <-> DISABLED <-> MALWARE-OTHER PUA.Win.File.Avira-9762997-0 download attempt (malware-other.rules)
 * 1:55784 <-> DISABLED <-> MALWARE-OTHER PUA.Win.File.Avira-9762997-0 download attempt (malware-other.rules)
 * 1:55785 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9763167-0 download attempt (malware-other.rules)
 * 1:55786 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9763167-0 download attempt (malware-other.rules)
 * 1:55787 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Emotet-9763169-0 download attempt (malware-other.rules)
 * 1:55788 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Emotet-9763169-0 download attempt (malware-other.rules)
 * 1:55789 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Crossrider-9763527-0 download attempt (malware-other.rules)
 * 1:55790 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Crossrider-9763527-0 download attempt (malware-other.rules)
 * 1:55780 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9762933-0 download attempt (malware-other.rules)
 * 1:55782 <-> DISABLED <-> MALWARE-OTHER Win.Keylogger.Emotet-9762950-0 download attempt (malware-other.rules)
 * 1:55750 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zeroaccess-9762111-0 download attempt (malware-other.rules)
 * 1:55751 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zeroaccess-9762111-0 download attempt (malware-other.rules)
 * 1:55752 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Urausy-9762145-0 download attempt (malware-other.rules)
 * 1:55753 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Urausy-9762145-0 download attempt (malware-other.rules)
 * 1:55754 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Nitol-9762149-0 download attempt (malware-other.rules)
 * 1:55755 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Nitol-9762149-0 download attempt (malware-other.rules)
 * 1:55756 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9762150-0 download attempt (malware-other.rules)
 * 1:55757 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9762150-0 download attempt (malware-other.rules)
 * 1:55758 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9762151-0 download attempt (malware-other.rules)
 * 1:55759 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9762151-0 download attempt (malware-other.rules)
 * 1:55760 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Fareit-9762193-0 download attempt (malware-other.rules)
 * 1:55761 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Fareit-9762193-0 download attempt (malware-other.rules)
 * 1:55762 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9762160-0 download attempt (malware-other.rules)
 * 1:55763 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9762160-0 download attempt (malware-other.rules)
 * 1:55764 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Generickdz-9762176-0 download attempt (malware-other.rules)
 * 1:55765 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Generickdz-9762176-0 download attempt (malware-other.rules)
 * 1:55766 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zeroaccess-9762177-0 download attempt (malware-other.rules)
 * 1:55767 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zeroaccess-9762177-0 download attempt (malware-other.rules)
 * 1:55768 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9762179-0 download attempt (malware-other.rules)
 * 1:55769 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9762179-0 download attempt (malware-other.rules)
 * 1:55770 <-> DISABLED <-> MALWARE-OTHER Win.Keylogger.Zeroaccess-9762346-0 download attempt (malware-other.rules)
 * 1:55771 <-> DISABLED <-> MALWARE-OTHER Win.Keylogger.Zeroaccess-9762346-0 download attempt (malware-other.rules)
 * 1:55772 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zeroaccess-9762336-0 download attempt (malware-other.rules)
 * 1:55773 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zeroaccess-9762336-0 download attempt (malware-other.rules)
 * 1:55774 <-> DISABLED <-> MALWARE-OTHER Win.Keylogger.Ardamax-9762361-0 download attempt (malware-other.rules)
 * 1:55775 <-> DISABLED <-> MALWARE-OTHER Win.Keylogger.Ardamax-9762361-0 download attempt (malware-other.rules)
 * 1:55776 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Variadic-9762514-0 download attempt (malware-other.rules)
 * 1:55777 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Variadic-9762514-0 download attempt (malware-other.rules)
 * 1:55778 <-> ENABLED <-> SERVER-WEBAPP Wordpress File Manager plugin elFinder remote code execution attempt (server-webapp.rules)
 * 1:55779 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9762933-0 download attempt (malware-other.rules)

Modified Rules:


 * 1:55703 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Netlogon crafted NetrServerReqChallenge elevation of privilege attempt (os-windows.rules)
 * 1:55704 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Netlogon crafted NetrServerAuthenticate elevation of privilege attempt (os-windows.rules)

2020-09-18 19:43:08 UTC

Snort Subscriber Rules Update

Date: 2020-09-18

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091501.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:55778 <-> ENABLED <-> SERVER-WEBAPP Wordpress File Manager plugin elFinder remote code execution attempt (server-webapp.rules)
 * 1:55750 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zeroaccess-9762111-0 download attempt (malware-other.rules)
 * 1:55752 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Urausy-9762145-0 download attempt (malware-other.rules)
 * 1:55751 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zeroaccess-9762111-0 download attempt (malware-other.rules)
 * 1:55754 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Nitol-9762149-0 download attempt (malware-other.rules)
 * 1:55753 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Urausy-9762145-0 download attempt (malware-other.rules)
 * 1:55756 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9762150-0 download attempt (malware-other.rules)
 * 1:55755 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Nitol-9762149-0 download attempt (malware-other.rules)
 * 1:55757 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9762150-0 download attempt (malware-other.rules)
 * 1:55758 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9762151-0 download attempt (malware-other.rules)
 * 1:55760 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Fareit-9762193-0 download attempt (malware-other.rules)
 * 1:55759 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9762151-0 download attempt (malware-other.rules)
 * 1:55762 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9762160-0 download attempt (malware-other.rules)
 * 1:55761 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Fareit-9762193-0 download attempt (malware-other.rules)
 * 1:55764 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Generickdz-9762176-0 download attempt (malware-other.rules)
 * 1:55763 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9762160-0 download attempt (malware-other.rules)
 * 1:55766 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zeroaccess-9762177-0 download attempt (malware-other.rules)
 * 1:55765 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Generickdz-9762176-0 download attempt (malware-other.rules)
 * 1:55768 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9762179-0 download attempt (malware-other.rules)
 * 1:55767 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zeroaccess-9762177-0 download attempt (malware-other.rules)
 * 1:55770 <-> DISABLED <-> MALWARE-OTHER Win.Keylogger.Zeroaccess-9762346-0 download attempt (malware-other.rules)
 * 1:55769 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9762179-0 download attempt (malware-other.rules)
 * 1:55772 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zeroaccess-9762336-0 download attempt (malware-other.rules)
 * 1:55771 <-> DISABLED <-> MALWARE-OTHER Win.Keylogger.Zeroaccess-9762346-0 download attempt (malware-other.rules)
 * 1:55774 <-> DISABLED <-> MALWARE-OTHER Win.Keylogger.Ardamax-9762361-0 download attempt (malware-other.rules)
 * 1:55773 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zeroaccess-9762336-0 download attempt (malware-other.rules)
 * 1:55776 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Variadic-9762514-0 download attempt (malware-other.rules)
 * 1:55775 <-> DISABLED <-> MALWARE-OTHER Win.Keylogger.Ardamax-9762361-0 download attempt (malware-other.rules)
 * 1:55777 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Variadic-9762514-0 download attempt (malware-other.rules)
 * 1:55779 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9762933-0 download attempt (malware-other.rules)
 * 1:55780 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9762933-0 download attempt (malware-other.rules)
 * 1:55784 <-> DISABLED <-> MALWARE-OTHER PUA.Win.File.Avira-9762997-0 download attempt (malware-other.rules)
 * 1:55782 <-> DISABLED <-> MALWARE-OTHER Win.Keylogger.Emotet-9762950-0 download attempt (malware-other.rules)
 * 1:55783 <-> DISABLED <-> MALWARE-OTHER PUA.Win.File.Avira-9762997-0 download attempt (malware-other.rules)
 * 1:55785 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9763167-0 download attempt (malware-other.rules)
 * 1:55786 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9763167-0 download attempt (malware-other.rules)
 * 1:55787 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Emotet-9763169-0 download attempt (malware-other.rules)
 * 1:55788 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Emotet-9763169-0 download attempt (malware-other.rules)
 * 1:55789 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Crossrider-9763527-0 download attempt (malware-other.rules)
 * 1:55790 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Crossrider-9763527-0 download attempt (malware-other.rules)
 * 1:55781 <-> DISABLED <-> MALWARE-OTHER Win.Keylogger.Emotet-9762950-0 download attempt (malware-other.rules)

Modified Rules:


 * 1:55704 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Netlogon crafted NetrServerAuthenticate elevation of privilege attempt (os-windows.rules)
 * 1:55703 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Netlogon crafted NetrServerReqChallenge elevation of privilege attempt (os-windows.rules)

2020-09-18 19:43:08 UTC

Snort Subscriber Rules Update

Date: 2020-09-18

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091500.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:55786 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9763167-0 download attempt (malware-other.rules)
 * 1:55788 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Emotet-9763169-0 download attempt (malware-other.rules)
 * 1:55783 <-> DISABLED <-> MALWARE-OTHER PUA.Win.File.Avira-9762997-0 download attempt (malware-other.rules)
 * 1:55789 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Crossrider-9763527-0 download attempt (malware-other.rules)
 * 1:55790 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Crossrider-9763527-0 download attempt (malware-other.rules)
 * 1:55781 <-> DISABLED <-> MALWARE-OTHER Win.Keylogger.Emotet-9762950-0 download attempt (malware-other.rules)
 * 1:55750 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zeroaccess-9762111-0 download attempt (malware-other.rules)
 * 1:55751 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zeroaccess-9762111-0 download attempt (malware-other.rules)
 * 1:55754 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Nitol-9762149-0 download attempt (malware-other.rules)
 * 1:55753 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Urausy-9762145-0 download attempt (malware-other.rules)
 * 1:55752 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Urausy-9762145-0 download attempt (malware-other.rules)
 * 1:55755 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Nitol-9762149-0 download attempt (malware-other.rules)
 * 1:55758 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9762151-0 download attempt (malware-other.rules)
 * 1:55757 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9762150-0 download attempt (malware-other.rules)
 * 1:55756 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9762150-0 download attempt (malware-other.rules)
 * 1:55759 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9762151-0 download attempt (malware-other.rules)
 * 1:55762 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9762160-0 download attempt (malware-other.rules)
 * 1:55761 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Fareit-9762193-0 download attempt (malware-other.rules)
 * 1:55760 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Fareit-9762193-0 download attempt (malware-other.rules)
 * 1:55763 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9762160-0 download attempt (malware-other.rules)
 * 1:55766 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zeroaccess-9762177-0 download attempt (malware-other.rules)
 * 1:55765 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Generickdz-9762176-0 download attempt (malware-other.rules)
 * 1:55764 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Generickdz-9762176-0 download attempt (malware-other.rules)
 * 1:55767 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zeroaccess-9762177-0 download attempt (malware-other.rules)
 * 1:55770 <-> DISABLED <-> MALWARE-OTHER Win.Keylogger.Zeroaccess-9762346-0 download attempt (malware-other.rules)
 * 1:55769 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9762179-0 download attempt (malware-other.rules)
 * 1:55771 <-> DISABLED <-> MALWARE-OTHER Win.Keylogger.Zeroaccess-9762346-0 download attempt (malware-other.rules)
 * 1:55773 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zeroaccess-9762336-0 download attempt (malware-other.rules)
 * 1:55768 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9762179-0 download attempt (malware-other.rules)
 * 1:55775 <-> DISABLED <-> MALWARE-OTHER Win.Keylogger.Ardamax-9762361-0 download attempt (malware-other.rules)
 * 1:55774 <-> DISABLED <-> MALWARE-OTHER Win.Keylogger.Ardamax-9762361-0 download attempt (malware-other.rules)
 * 1:55777 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Variadic-9762514-0 download attempt (malware-other.rules)
 * 1:55772 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zeroaccess-9762336-0 download attempt (malware-other.rules)
 * 1:55779 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9762933-0 download attempt (malware-other.rules)
 * 1:55778 <-> ENABLED <-> SERVER-WEBAPP Wordpress File Manager plugin elFinder remote code execution attempt (server-webapp.rules)
 * 1:55776 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Variadic-9762514-0 download attempt (malware-other.rules)
 * 1:55780 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9762933-0 download attempt (malware-other.rules)
 * 1:55787 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Emotet-9763169-0 download attempt (malware-other.rules)
 * 1:55785 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9763167-0 download attempt (malware-other.rules)
 * 1:55782 <-> DISABLED <-> MALWARE-OTHER Win.Keylogger.Emotet-9762950-0 download attempt (malware-other.rules)
 * 1:55784 <-> DISABLED <-> MALWARE-OTHER PUA.Win.File.Avira-9762997-0 download attempt (malware-other.rules)

Modified Rules:


 * 1:55704 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Netlogon crafted NetrServerAuthenticate elevation of privilege attempt (os-windows.rules)
 * 1:55703 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Netlogon crafted NetrServerReqChallenge elevation of privilege attempt (os-windows.rules)

2020-09-18 19:43:08 UTC

Snort Subscriber Rules Update

Date: 2020-09-18

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091401.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:55784 <-> DISABLED <-> MALWARE-OTHER PUA.Win.File.Avira-9762997-0 download attempt (malware-other.rules)
 * 1:55783 <-> DISABLED <-> MALWARE-OTHER PUA.Win.File.Avira-9762997-0 download attempt (malware-other.rules)
 * 1:55787 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Emotet-9763169-0 download attempt (malware-other.rules)
 * 1:55781 <-> DISABLED <-> MALWARE-OTHER Win.Keylogger.Emotet-9762950-0 download attempt (malware-other.rules)
 * 1:55751 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zeroaccess-9762111-0 download attempt (malware-other.rules)
 * 1:55750 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zeroaccess-9762111-0 download attempt (malware-other.rules)
 * 1:55753 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Urausy-9762145-0 download attempt (malware-other.rules)
 * 1:55755 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Nitol-9762149-0 download attempt (malware-other.rules)
 * 1:55754 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Nitol-9762149-0 download attempt (malware-other.rules)
 * 1:55757 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9762150-0 download attempt (malware-other.rules)
 * 1:55759 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9762151-0 download attempt (malware-other.rules)
 * 1:55758 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9762151-0 download attempt (malware-other.rules)
 * 1:55761 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Fareit-9762193-0 download attempt (malware-other.rules)
 * 1:55752 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Urausy-9762145-0 download attempt (malware-other.rules)
 * 1:55762 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9762160-0 download attempt (malware-other.rules)
 * 1:55756 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9762150-0 download attempt (malware-other.rules)
 * 1:55763 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9762160-0 download attempt (malware-other.rules)
 * 1:55766 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zeroaccess-9762177-0 download attempt (malware-other.rules)
 * 1:55765 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Generickdz-9762176-0 download attempt (malware-other.rules)
 * 1:55760 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Fareit-9762193-0 download attempt (malware-other.rules)
 * 1:55767 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zeroaccess-9762177-0 download attempt (malware-other.rules)
 * 1:55769 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9762179-0 download attempt (malware-other.rules)
 * 1:55770 <-> DISABLED <-> MALWARE-OTHER Win.Keylogger.Zeroaccess-9762346-0 download attempt (malware-other.rules)
 * 1:55764 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Generickdz-9762176-0 download attempt (malware-other.rules)
 * 1:55771 <-> DISABLED <-> MALWARE-OTHER Win.Keylogger.Zeroaccess-9762346-0 download attempt (malware-other.rules)
 * 1:55774 <-> DISABLED <-> MALWARE-OTHER Win.Keylogger.Ardamax-9762361-0 download attempt (malware-other.rules)
 * 1:55773 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zeroaccess-9762336-0 download attempt (malware-other.rules)
 * 1:55768 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9762179-0 download attempt (malware-other.rules)
 * 1:55775 <-> DISABLED <-> MALWARE-OTHER Win.Keylogger.Ardamax-9762361-0 download attempt (malware-other.rules)
 * 1:55778 <-> ENABLED <-> SERVER-WEBAPP Wordpress File Manager plugin elFinder remote code execution attempt (server-webapp.rules)
 * 1:55777 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Variadic-9762514-0 download attempt (malware-other.rules)
 * 1:55779 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9762933-0 download attempt (malware-other.rules)
 * 1:55772 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zeroaccess-9762336-0 download attempt (malware-other.rules)
 * 1:55776 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Variadic-9762514-0 download attempt (malware-other.rules)
 * 1:55780 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9762933-0 download attempt (malware-other.rules)
 * 1:55790 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Crossrider-9763527-0 download attempt (malware-other.rules)
 * 1:55786 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9763167-0 download attempt (malware-other.rules)
 * 1:55785 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9763167-0 download attempt (malware-other.rules)
 * 1:55782 <-> DISABLED <-> MALWARE-OTHER Win.Keylogger.Emotet-9762950-0 download attempt (malware-other.rules)
 * 1:55788 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Emotet-9763169-0 download attempt (malware-other.rules)
 * 1:55789 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Crossrider-9763527-0 download attempt (malware-other.rules)

Modified Rules:


 * 1:55703 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Netlogon crafted NetrServerReqChallenge elevation of privilege attempt (os-windows.rules)
 * 1:55704 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Netlogon crafted NetrServerAuthenticate elevation of privilege attempt (os-windows.rules)

2020-09-18 19:43:08 UTC

Snort Subscriber Rules Update

Date: 2020-09-18

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091300.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:55786 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9763167-0 download attempt (malware-other.rules)
 * 1:55789 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Crossrider-9763527-0 download attempt (malware-other.rules)
 * 1:55785 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9763167-0 download attempt (malware-other.rules)
 * 1:55750 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zeroaccess-9762111-0 download attempt (malware-other.rules)
 * 1:55751 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zeroaccess-9762111-0 download attempt (malware-other.rules)
 * 1:55754 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Nitol-9762149-0 download attempt (malware-other.rules)
 * 1:55753 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Urausy-9762145-0 download attempt (malware-other.rules)
 * 1:55755 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Nitol-9762149-0 download attempt (malware-other.rules)
 * 1:55757 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9762150-0 download attempt (malware-other.rules)
 * 1:55759 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9762151-0 download attempt (malware-other.rules)
 * 1:55758 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9762151-0 download attempt (malware-other.rules)
 * 1:55761 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Fareit-9762193-0 download attempt (malware-other.rules)
 * 1:55763 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9762160-0 download attempt (malware-other.rules)
 * 1:55762 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9762160-0 download attempt (malware-other.rules)
 * 1:55765 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Generickdz-9762176-0 download attempt (malware-other.rules)
 * 1:55752 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Urausy-9762145-0 download attempt (malware-other.rules)
 * 1:55767 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zeroaccess-9762177-0 download attempt (malware-other.rules)
 * 1:55766 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zeroaccess-9762177-0 download attempt (malware-other.rules)
 * 1:55769 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9762179-0 download attempt (malware-other.rules)
 * 1:55756 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9762150-0 download attempt (malware-other.rules)
 * 1:55771 <-> DISABLED <-> MALWARE-OTHER Win.Keylogger.Zeroaccess-9762346-0 download attempt (malware-other.rules)
 * 1:55770 <-> DISABLED <-> MALWARE-OTHER Win.Keylogger.Zeroaccess-9762346-0 download attempt (malware-other.rules)
 * 1:55773 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zeroaccess-9762336-0 download attempt (malware-other.rules)
 * 1:55760 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Fareit-9762193-0 download attempt (malware-other.rules)
 * 1:55774 <-> DISABLED <-> MALWARE-OTHER Win.Keylogger.Ardamax-9762361-0 download attempt (malware-other.rules)
 * 1:55764 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Generickdz-9762176-0 download attempt (malware-other.rules)
 * 1:55775 <-> DISABLED <-> MALWARE-OTHER Win.Keylogger.Ardamax-9762361-0 download attempt (malware-other.rules)
 * 1:55778 <-> ENABLED <-> SERVER-WEBAPP Wordpress File Manager plugin elFinder remote code execution attempt (server-webapp.rules)
 * 1:55777 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Variadic-9762514-0 download attempt (malware-other.rules)
 * 1:55779 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9762933-0 download attempt (malware-other.rules)
 * 1:55768 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9762179-0 download attempt (malware-other.rules)
 * 1:55772 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zeroaccess-9762336-0 download attempt (malware-other.rules)
 * 1:55776 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Variadic-9762514-0 download attempt (malware-other.rules)
 * 1:55780 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9762933-0 download attempt (malware-other.rules)
 * 1:55790 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Crossrider-9763527-0 download attempt (malware-other.rules)
 * 1:55787 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Emotet-9763169-0 download attempt (malware-other.rules)
 * 1:55788 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Emotet-9763169-0 download attempt (malware-other.rules)
 * 1:55784 <-> DISABLED <-> MALWARE-OTHER PUA.Win.File.Avira-9762997-0 download attempt (malware-other.rules)
 * 1:55782 <-> DISABLED <-> MALWARE-OTHER Win.Keylogger.Emotet-9762950-0 download attempt (malware-other.rules)
 * 1:55783 <-> DISABLED <-> MALWARE-OTHER PUA.Win.File.Avira-9762997-0 download attempt (malware-other.rules)
 * 1:55781 <-> DISABLED <-> MALWARE-OTHER Win.Keylogger.Emotet-9762950-0 download attempt (malware-other.rules)

Modified Rules:


 * 1:55703 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Netlogon crafted NetrServerReqChallenge elevation of privilege attempt (os-windows.rules)
 * 1:55704 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Netlogon crafted NetrServerAuthenticate elevation of privilege attempt (os-windows.rules)

2020-09-18 19:43:08 UTC

Snort Subscriber Rules Update

Date: 2020-09-18

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091101.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:55777 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Variadic-9762514-0 download attempt (malware-other.rules)
 * 1:55778 <-> ENABLED <-> SERVER-WEBAPP Wordpress File Manager plugin elFinder remote code execution attempt (server-webapp.rules)
 * 1:55779 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9762933-0 download attempt (malware-other.rules)
 * 1:55764 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Generickdz-9762176-0 download attempt (malware-other.rules)
 * 1:55768 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9762179-0 download attempt (malware-other.rules)
 * 1:55787 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Emotet-9763169-0 download attempt (malware-other.rules)
 * 1:55785 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9763167-0 download attempt (malware-other.rules)
 * 1:55776 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Variadic-9762514-0 download attempt (malware-other.rules)
 * 1:55780 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9762933-0 download attempt (malware-other.rules)
 * 1:55790 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Crossrider-9763527-0 download attempt (malware-other.rules)
 * 1:55783 <-> DISABLED <-> MALWARE-OTHER PUA.Win.File.Avira-9762997-0 download attempt (malware-other.rules)
 * 1:55781 <-> DISABLED <-> MALWARE-OTHER Win.Keylogger.Emotet-9762950-0 download attempt (malware-other.rules)
 * 1:55782 <-> DISABLED <-> MALWARE-OTHER Win.Keylogger.Emotet-9762950-0 download attempt (malware-other.rules)
 * 1:55786 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9763167-0 download attempt (malware-other.rules)
 * 1:55788 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Emotet-9763169-0 download attempt (malware-other.rules)
 * 1:55784 <-> DISABLED <-> MALWARE-OTHER PUA.Win.File.Avira-9762997-0 download attempt (malware-other.rules)
 * 1:55789 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Crossrider-9763527-0 download attempt (malware-other.rules)
 * 1:55772 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zeroaccess-9762336-0 download attempt (malware-other.rules)
 * 1:55750 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zeroaccess-9762111-0 download attempt (malware-other.rules)
 * 1:55751 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zeroaccess-9762111-0 download attempt (malware-other.rules)
 * 1:55753 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Urausy-9762145-0 download attempt (malware-other.rules)
 * 1:55754 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Nitol-9762149-0 download attempt (malware-other.rules)
 * 1:55755 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Nitol-9762149-0 download attempt (malware-other.rules)
 * 1:55757 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9762150-0 download attempt (malware-other.rules)
 * 1:55758 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9762151-0 download attempt (malware-other.rules)
 * 1:55759 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9762151-0 download attempt (malware-other.rules)
 * 1:55761 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Fareit-9762193-0 download attempt (malware-other.rules)
 * 1:55762 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9762160-0 download attempt (malware-other.rules)
 * 1:55763 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9762160-0 download attempt (malware-other.rules)
 * 1:55765 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Generickdz-9762176-0 download attempt (malware-other.rules)
 * 1:55766 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zeroaccess-9762177-0 download attempt (malware-other.rules)
 * 1:55767 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zeroaccess-9762177-0 download attempt (malware-other.rules)
 * 1:55752 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Urausy-9762145-0 download attempt (malware-other.rules)
 * 1:55769 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9762179-0 download attempt (malware-other.rules)
 * 1:55770 <-> DISABLED <-> MALWARE-OTHER Win.Keylogger.Zeroaccess-9762346-0 download attempt (malware-other.rules)
 * 1:55771 <-> DISABLED <-> MALWARE-OTHER Win.Keylogger.Zeroaccess-9762346-0 download attempt (malware-other.rules)
 * 1:55756 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9762150-0 download attempt (malware-other.rules)
 * 1:55773 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zeroaccess-9762336-0 download attempt (malware-other.rules)
 * 1:55774 <-> DISABLED <-> MALWARE-OTHER Win.Keylogger.Ardamax-9762361-0 download attempt (malware-other.rules)
 * 1:55775 <-> DISABLED <-> MALWARE-OTHER Win.Keylogger.Ardamax-9762361-0 download attempt (malware-other.rules)
 * 1:55760 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Fareit-9762193-0 download attempt (malware-other.rules)

Modified Rules:


 * 1:55703 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Netlogon crafted NetrServerReqChallenge elevation of privilege attempt (os-windows.rules)
 * 1:55704 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Netlogon crafted NetrServerAuthenticate elevation of privilege attempt (os-windows.rules)

2020-09-18 19:43:08 UTC

Snort Subscriber Rules Update

Date: 2020-09-18

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3000.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:55782 <-> DISABLED <-> MALWARE-OTHER Win.Keylogger.Emotet-9762950-0 download attempt (snort3-malware-other.rules)
 * 1:55768 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9762179-0 download attempt (snort3-malware-other.rules)
 * 1:55772 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zeroaccess-9762336-0 download attempt (snort3-malware-other.rules)
 * 1:55786 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9763167-0 download attempt (snort3-malware-other.rules)
 * 1:55790 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Crossrider-9763527-0 download attempt (snort3-malware-other.rules)
 * 1:55783 <-> DISABLED <-> MALWARE-OTHER PUA.Win.File.Avira-9762997-0 download attempt (snort3-malware-other.rules)
 * 1:55787 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Emotet-9763169-0 download attempt (snort3-malware-other.rules)
 * 1:55789 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Crossrider-9763527-0 download attempt (snort3-malware-other.rules)
 * 1:55785 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9763167-0 download attempt (snort3-malware-other.rules)
 * 1:55751 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zeroaccess-9762111-0 download attempt (snort3-malware-other.rules)
 * 1:55788 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Emotet-9763169-0 download attempt (snort3-malware-other.rules)
 * 1:55784 <-> DISABLED <-> MALWARE-OTHER PUA.Win.File.Avira-9762997-0 download attempt (snort3-malware-other.rules)
 * 1:55776 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Variadic-9762514-0 download attempt (snort3-malware-other.rules)
 * 1:55750 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zeroaccess-9762111-0 download attempt (snort3-malware-other.rules)
 * 1:55753 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Urausy-9762145-0 download attempt (snort3-malware-other.rules)
 * 1:55754 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Nitol-9762149-0 download attempt (snort3-malware-other.rules)
 * 1:55755 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Nitol-9762149-0 download attempt (snort3-malware-other.rules)
 * 1:55757 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9762150-0 download attempt (snort3-malware-other.rules)
 * 1:55758 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9762151-0 download attempt (snort3-malware-other.rules)
 * 1:55759 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9762151-0 download attempt (snort3-malware-other.rules)
 * 1:55780 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9762933-0 download attempt (snort3-malware-other.rules)
 * 1:55761 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Fareit-9762193-0 download attempt (snort3-malware-other.rules)
 * 1:55762 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9762160-0 download attempt (snort3-malware-other.rules)
 * 1:55763 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9762160-0 download attempt (snort3-malware-other.rules)
 * 1:55765 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Generickdz-9762176-0 download attempt (snort3-malware-other.rules)
 * 1:55766 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zeroaccess-9762177-0 download attempt (snort3-malware-other.rules)
 * 1:55767 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zeroaccess-9762177-0 download attempt (snort3-malware-other.rules)
 * 1:55752 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Urausy-9762145-0 download attempt (snort3-malware-other.rules)
 * 1:55769 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9762179-0 download attempt (snort3-malware-other.rules)
 * 1:55781 <-> DISABLED <-> MALWARE-OTHER Win.Keylogger.Emotet-9762950-0 download attempt (snort3-malware-other.rules)
 * 1:55770 <-> DISABLED <-> MALWARE-OTHER Win.Keylogger.Zeroaccess-9762346-0 download attempt (snort3-malware-other.rules)
 * 1:55771 <-> DISABLED <-> MALWARE-OTHER Win.Keylogger.Zeroaccess-9762346-0 download attempt (snort3-malware-other.rules)
 * 1:55756 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9762150-0 download attempt (snort3-malware-other.rules)
 * 1:55773 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zeroaccess-9762336-0 download attempt (snort3-malware-other.rules)
 * 1:55774 <-> DISABLED <-> MALWARE-OTHER Win.Keylogger.Ardamax-9762361-0 download attempt (snort3-malware-other.rules)
 * 1:55775 <-> DISABLED <-> MALWARE-OTHER Win.Keylogger.Ardamax-9762361-0 download attempt (snort3-malware-other.rules)
 * 1:55760 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Fareit-9762193-0 download attempt (snort3-malware-other.rules)
 * 1:55777 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Variadic-9762514-0 download attempt (snort3-malware-other.rules)
 * 1:55778 <-> ENABLED <-> SERVER-WEBAPP Wordpress File Manager plugin elFinder remote code execution attempt (snort3-server-webapp.rules)
 * 1:55779 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9762933-0 download attempt (snort3-malware-other.rules)
 * 1:55764 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Generickdz-9762176-0 download attempt (snort3-malware-other.rules)

Modified Rules:


 * 1:55704 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Netlogon crafted NetrServerAuthenticate elevation of privilege attempt (snort3-os-windows.rules)
 * 1:55703 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Netlogon crafted NetrServerReqChallenge elevation of privilege attempt (snort3-os-windows.rules)

2020-09-18 19:43:08 UTC

Snort Subscriber Rules Update

Date: 2020-09-18

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:55788 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Emotet-9763169-0 download attempt (malware-other.rules)
 * 1:55786 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9763167-0 download attempt (malware-other.rules)
 * 1:55789 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Crossrider-9763527-0 download attempt (malware-other.rules)
 * 1:55790 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Crossrider-9763527-0 download attempt (malware-other.rules)
 * 1:55785 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9763167-0 download attempt (malware-other.rules)
 * 1:55751 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zeroaccess-9762111-0 download attempt (malware-other.rules)
 * 1:55783 <-> DISABLED <-> MALWARE-OTHER PUA.Win.File.Avira-9762997-0 download attempt (malware-other.rules)
 * 1:55781 <-> DISABLED <-> MALWARE-OTHER Win.Keylogger.Emotet-9762950-0 download attempt (malware-other.rules)
 * 1:55768 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9762179-0 download attempt (malware-other.rules)
 * 1:55782 <-> DISABLED <-> MALWARE-OTHER Win.Keylogger.Emotet-9762950-0 download attempt (malware-other.rules)
 * 1:55784 <-> DISABLED <-> MALWARE-OTHER PUA.Win.File.Avira-9762997-0 download attempt (malware-other.rules)
 * 1:55776 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Variadic-9762514-0 download attempt (malware-other.rules)
 * 1:55772 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zeroaccess-9762336-0 download attempt (malware-other.rules)
 * 1:55750 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zeroaccess-9762111-0 download attempt (malware-other.rules)
 * 1:55753 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Urausy-9762145-0 download attempt (malware-other.rules)
 * 1:55754 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Nitol-9762149-0 download attempt (malware-other.rules)
 * 1:55755 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Nitol-9762149-0 download attempt (malware-other.rules)
 * 1:55757 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9762150-0 download attempt (malware-other.rules)
 * 1:55780 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9762933-0 download attempt (malware-other.rules)
 * 1:55758 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9762151-0 download attempt (malware-other.rules)
 * 1:55759 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9762151-0 download attempt (malware-other.rules)
 * 1:55761 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Fareit-9762193-0 download attempt (malware-other.rules)
 * 1:55762 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9762160-0 download attempt (malware-other.rules)
 * 1:55763 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9762160-0 download attempt (malware-other.rules)
 * 1:55765 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Generickdz-9762176-0 download attempt (malware-other.rules)
 * 1:55766 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zeroaccess-9762177-0 download attempt (malware-other.rules)
 * 1:55767 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zeroaccess-9762177-0 download attempt (malware-other.rules)
 * 1:55752 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Urausy-9762145-0 download attempt (malware-other.rules)
 * 1:55769 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9762179-0 download attempt (malware-other.rules)
 * 1:55770 <-> DISABLED <-> MALWARE-OTHER Win.Keylogger.Zeroaccess-9762346-0 download attempt (malware-other.rules)
 * 1:55771 <-> DISABLED <-> MALWARE-OTHER Win.Keylogger.Zeroaccess-9762346-0 download attempt (malware-other.rules)
 * 1:55787 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Emotet-9763169-0 download attempt (malware-other.rules)
 * 1:55756 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9762150-0 download attempt (malware-other.rules)
 * 1:55773 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zeroaccess-9762336-0 download attempt (malware-other.rules)
 * 1:55774 <-> DISABLED <-> MALWARE-OTHER Win.Keylogger.Ardamax-9762361-0 download attempt (malware-other.rules)
 * 1:55775 <-> DISABLED <-> MALWARE-OTHER Win.Keylogger.Ardamax-9762361-0 download attempt (malware-other.rules)
 * 1:55760 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Fareit-9762193-0 download attempt (malware-other.rules)
 * 1:55777 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Variadic-9762514-0 download attempt (malware-other.rules)
 * 1:55778 <-> ENABLED <-> SERVER-WEBAPP Wordpress File Manager plugin elFinder remote code execution attempt (server-webapp.rules)
 * 1:55779 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9762933-0 download attempt (malware-other.rules)
 * 1:55764 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Generickdz-9762176-0 download attempt (malware-other.rules)

Modified Rules:


 * 1:55704 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Netlogon crafted NetrServerAuthenticate elevation of privilege attempt (os-windows.rules)
 * 1:55703 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Netlogon crafted NetrServerReqChallenge elevation of privilege attempt (os-windows.rules)