Talos Rules 2021-01-26
This release adds and modifies rules in several categories.

Talos has added and modified multiple rules in the file-image, file-other, indicator-compromise, malware-cnc and server-webapp rule sets to provide coverage for emerging threats from these technologies.

Change logs

2021-01-26 13:54:24 UTC

Snort Subscriber Rules Update

Date: 2021-01-26

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091700.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:56991 <-> ENABLED <-> MALWARE-CNC Win.Trojan.ElectroRat outbound connection attempt (malware-cnc.rules)
 * 1:56992 <-> ENABLED <-> MALWARE-CNC Win.Trojan.ElectroRat outbound connection attempt (malware-cnc.rules)
 * 1:56993 <-> ENABLED <-> MALWARE-CNC Win.Trojan.ElectroRat outbound connection attempt (malware-cnc.rules)
 * 1:56996 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Urelas-9825378-0 download attempt (malware-other.rules)
 * 1:56997 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Urelas-9825378-0 download attempt (malware-other.rules)
 * 1:56998 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Cowq-9825380-0 download attempt (malware-other.rules)
 * 1:56999 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Cowq-9825380-0 download attempt (malware-other.rules)
 * 1:57002 <-> DISABLED <-> SERVER-WEBAPP Belkin Wemo UPnP cross site scripting attempt (server-webapp.rules)
 * 1:57003 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Generickdz-9825516-0 download attempt (malware-other.rules)
 * 1:57004 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Generickdz-9825516-0 download attempt (malware-other.rules)
 * 1:57005 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zbot-9825410-0 download attempt (malware-other.rules)
 * 1:57006 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zbot-9825410-0 download attempt (malware-other.rules)
 * 1:57007 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Demp-9825500-0 download attempt (malware-other.rules)
 * 1:57008 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Demp-9825500-0 download attempt (malware-other.rules)
 * 1:57009 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Cerber-9825486-0 download attempt (malware-other.rules)
 * 1:57010 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Cerber-9825486-0 download attempt (malware-other.rules)
 * 1:56967 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Upatre-9823253-0 download attempt (malware-other.rules)
 * 1:56968 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Upatre-9823253-0 download attempt (malware-other.rules)
 * 1:56969 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Emotet-9823374-0 download attempt (malware-other.rules)
 * 1:56970 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Emotet-9823374-0 download attempt (malware-other.rules)
 * 1:56971 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Winsecsrv-9823442-0 download attempt (malware-other.rules)
 * 1:56972 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Winsecsrv-9823442-0 download attempt (malware-other.rules)
 * 1:56973 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Winsecsrv-9823448-0 download attempt (malware-other.rules)
 * 1:56974 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Winsecsrv-9823448-0 download attempt (malware-other.rules)
 * 1:56975 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Upatre-9823510-0 download attempt (malware-other.rules)
 * 1:56976 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Upatre-9823510-0 download attempt (malware-other.rules)
 * 1:56977 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Winsecsrv-9823545-0 download attempt (malware-other.rules)
 * 1:56978 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Winsecsrv-9823545-0 download attempt (malware-other.rules)
 * 1:56979 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Winsecsrv-9823554-0 download attempt (malware-other.rules)
 * 1:56980 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Winsecsrv-9823554-0 download attempt (malware-other.rules)
 * 1:56981 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ulise-9823887-0 download attempt (malware-other.rules)
 * 1:56982 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ulise-9823887-0 download attempt (malware-other.rules)
 * 1:56983 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Emotet-9823901-0 download attempt (malware-other.rules)
 * 1:56984 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Emotet-9823901-0 download attempt (malware-other.rules)
 * 1:56985 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ulise-9823969-0 download attempt (malware-other.rules)
 * 1:56986 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ulise-9823969-0 download attempt (malware-other.rules)
 * 1:56987 <-> DISABLED <-> MALWARE-CNC Win.Trojan.IcedID variant extra payload download attempt (malware-cnc.rules)
 * 1:56988 <-> DISABLED <-> MALWARE-CNC Win.Trojan.IcedID variant extra payload download attempt (malware-cnc.rules)
 * 1:56989 <-> DISABLED <-> SERVER-WEBAPP Apache OpenMeetings NetTest denial of service attempt (server-webapp.rules)
 * 1:56990 <-> DISABLED <-> SERVER-WEBAPP Apache Unomi OGNL MVEL2 remote command execution attempt (server-webapp.rules)
 * 3:56994 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1226 attack attempt (file-other.rules)
 * 3:57000 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1224 attack attempt (file-other.rules)
 * 3:56995 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1226 attack attempt (file-other.rules)
 * 3:57011 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1227 attack attempt (file-image.rules)
 * 3:57001 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1224 attack attempt (file-other.rules)
 * 3:57013 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1227 attack attempt (file-image.rules)
 * 3:57012 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1227 attack attempt (file-image.rules)
 * 3:57015 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1227 attack attempt (file-image.rules)
 * 3:57014 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1227 attack attempt (file-image.rules)
 * 3:57017 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1227 attack attempt (file-image.rules)
 * 3:57016 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1227 attack attempt (file-image.rules)
 * 3:57018 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1227 attack attempt (file-image.rules)

Modified Rules:


 * 1:34416 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Internet Explorer 8 compatibility mode enable attempt (indicator-compromise.rules)
 * 3:56451 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-1196 attack attempt (file-image.rules)
 * 3:56452 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-1196 attack attempt (file-image.rules)

2021-01-26 13:54:24 UTC

Snort Subscriber Rules Update

Date: 2021-01-26

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091601.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:56971 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Winsecsrv-9823442-0 download attempt (malware-other.rules)
 * 1:56969 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Emotet-9823374-0 download attempt (malware-other.rules)
 * 1:56975 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Upatre-9823510-0 download attempt (malware-other.rules)
 * 1:56976 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Upatre-9823510-0 download attempt (malware-other.rules)
 * 1:56977 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Winsecsrv-9823545-0 download attempt (malware-other.rules)
 * 1:56981 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ulise-9823887-0 download attempt (malware-other.rules)
 * 1:56979 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Winsecsrv-9823554-0 download attempt (malware-other.rules)
 * 1:56980 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Winsecsrv-9823554-0 download attempt (malware-other.rules)
 * 1:57004 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Generickdz-9825516-0 download attempt (malware-other.rules)
 * 1:57003 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Generickdz-9825516-0 download attempt (malware-other.rules)
 * 1:57005 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zbot-9825410-0 download attempt (malware-other.rules)
 * 1:56974 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Winsecsrv-9823448-0 download attempt (malware-other.rules)
 * 1:57006 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zbot-9825410-0 download attempt (malware-other.rules)
 * 1:57007 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Demp-9825500-0 download attempt (malware-other.rules)
 * 1:57008 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Demp-9825500-0 download attempt (malware-other.rules)
 * 1:57009 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Cerber-9825486-0 download attempt (malware-other.rules)
 * 1:57010 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Cerber-9825486-0 download attempt (malware-other.rules)
 * 1:57002 <-> DISABLED <-> SERVER-WEBAPP Belkin Wemo UPnP cross site scripting attempt (server-webapp.rules)
 * 1:56999 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Cowq-9825380-0 download attempt (malware-other.rules)
 * 1:56972 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Winsecsrv-9823442-0 download attempt (malware-other.rules)
 * 1:56982 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ulise-9823887-0 download attempt (malware-other.rules)
 * 1:56983 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Emotet-9823901-0 download attempt (malware-other.rules)
 * 1:56984 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Emotet-9823901-0 download attempt (malware-other.rules)
 * 1:56985 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ulise-9823969-0 download attempt (malware-other.rules)
 * 1:56986 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ulise-9823969-0 download attempt (malware-other.rules)
 * 1:56987 <-> DISABLED <-> MALWARE-CNC Win.Trojan.IcedID variant extra payload download attempt (malware-cnc.rules)
 * 1:56988 <-> DISABLED <-> MALWARE-CNC Win.Trojan.IcedID variant extra payload download attempt (malware-cnc.rules)
 * 1:56989 <-> DISABLED <-> SERVER-WEBAPP Apache OpenMeetings NetTest denial of service attempt (server-webapp.rules)
 * 1:56990 <-> DISABLED <-> SERVER-WEBAPP Apache Unomi OGNL MVEL2 remote command execution attempt (server-webapp.rules)
 * 1:56993 <-> ENABLED <-> MALWARE-CNC Win.Trojan.ElectroRat outbound connection attempt (malware-cnc.rules)
 * 1:56991 <-> ENABLED <-> MALWARE-CNC Win.Trojan.ElectroRat outbound connection attempt (malware-cnc.rules)
 * 1:56992 <-> ENABLED <-> MALWARE-CNC Win.Trojan.ElectroRat outbound connection attempt (malware-cnc.rules)
 * 1:56967 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Upatre-9823253-0 download attempt (malware-other.rules)
 * 1:56968 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Upatre-9823253-0 download attempt (malware-other.rules)
 * 1:56970 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Emotet-9823374-0 download attempt (malware-other.rules)
 * 1:56973 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Winsecsrv-9823448-0 download attempt (malware-other.rules)
 * 1:56978 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Winsecsrv-9823545-0 download attempt (malware-other.rules)
 * 1:56997 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Urelas-9825378-0 download attempt (malware-other.rules)
 * 1:56996 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Urelas-9825378-0 download attempt (malware-other.rules)
 * 1:56998 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Cowq-9825380-0 download attempt (malware-other.rules)
 * 3:56995 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1226 attack attempt (file-other.rules)
 * 3:56994 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1226 attack attempt (file-other.rules)
 * 3:57001 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1224 attack attempt (file-other.rules)
 * 3:57000 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1224 attack attempt (file-other.rules)
 * 3:57012 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1227 attack attempt (file-image.rules)
 * 3:57011 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1227 attack attempt (file-image.rules)
 * 3:57014 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1227 attack attempt (file-image.rules)
 * 3:57013 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1227 attack attempt (file-image.rules)
 * 3:57016 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1227 attack attempt (file-image.rules)
 * 3:57015 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1227 attack attempt (file-image.rules)
 * 3:57018 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1227 attack attempt (file-image.rules)
 * 3:57017 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1227 attack attempt (file-image.rules)

Modified Rules:


 * 1:34416 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Internet Explorer 8 compatibility mode enable attempt (indicator-compromise.rules)
 * 3:56451 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-1196 attack attempt (file-image.rules)
 * 3:56452 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-1196 attack attempt (file-image.rules)

2021-01-26 13:54:24 UTC

Snort Subscriber Rules Update

Date: 2021-01-26

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091600.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:56970 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Emotet-9823374-0 download attempt (malware-other.rules)
 * 1:56969 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Emotet-9823374-0 download attempt (malware-other.rules)
 * 1:56996 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Urelas-9825378-0 download attempt (malware-other.rules)
 * 1:56978 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Winsecsrv-9823545-0 download attempt (malware-other.rules)
 * 1:56993 <-> ENABLED <-> MALWARE-CNC Win.Trojan.ElectroRat outbound connection attempt (malware-cnc.rules)
 * 1:56979 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Winsecsrv-9823554-0 download attempt (malware-other.rules)
 * 1:56980 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Winsecsrv-9823554-0 download attempt (malware-other.rules)
 * 1:56967 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Upatre-9823253-0 download attempt (malware-other.rules)
 * 1:56981 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ulise-9823887-0 download attempt (malware-other.rules)
 * 1:56973 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Winsecsrv-9823448-0 download attempt (malware-other.rules)
 * 1:56972 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Winsecsrv-9823442-0 download attempt (malware-other.rules)
 * 1:57003 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Generickdz-9825516-0 download attempt (malware-other.rules)
 * 1:56968 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Upatre-9823253-0 download attempt (malware-other.rules)
 * 1:56999 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Cowq-9825380-0 download attempt (malware-other.rules)
 * 1:57004 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Generickdz-9825516-0 download attempt (malware-other.rules)
 * 1:57005 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zbot-9825410-0 download attempt (malware-other.rules)
 * 1:57007 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Demp-9825500-0 download attempt (malware-other.rules)
 * 1:56975 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Upatre-9823510-0 download attempt (malware-other.rules)
 * 1:57006 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zbot-9825410-0 download attempt (malware-other.rules)
 * 1:57008 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Demp-9825500-0 download attempt (malware-other.rules)
 * 1:57009 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Cerber-9825486-0 download attempt (malware-other.rules)
 * 1:57010 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Cerber-9825486-0 download attempt (malware-other.rules)
 * 1:56974 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Winsecsrv-9823448-0 download attempt (malware-other.rules)
 * 1:56991 <-> ENABLED <-> MALWARE-CNC Win.Trojan.ElectroRat outbound connection attempt (malware-cnc.rules)
 * 1:56992 <-> ENABLED <-> MALWARE-CNC Win.Trojan.ElectroRat outbound connection attempt (malware-cnc.rules)
 * 1:56998 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Cowq-9825380-0 download attempt (malware-other.rules)
 * 1:56997 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Urelas-9825378-0 download attempt (malware-other.rules)
 * 1:56977 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Winsecsrv-9823545-0 download attempt (malware-other.rules)
 * 1:56976 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Upatre-9823510-0 download attempt (malware-other.rules)
 * 1:56971 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Winsecsrv-9823442-0 download attempt (malware-other.rules)
 * 1:56983 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Emotet-9823901-0 download attempt (malware-other.rules)
 * 1:56982 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ulise-9823887-0 download attempt (malware-other.rules)
 * 1:56985 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ulise-9823969-0 download attempt (malware-other.rules)
 * 1:56984 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Emotet-9823901-0 download attempt (malware-other.rules)
 * 1:56987 <-> DISABLED <-> MALWARE-CNC Win.Trojan.IcedID variant extra payload download attempt (malware-cnc.rules)
 * 1:56986 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ulise-9823969-0 download attempt (malware-other.rules)
 * 1:56989 <-> DISABLED <-> SERVER-WEBAPP Apache OpenMeetings NetTest denial of service attempt (server-webapp.rules)
 * 1:56988 <-> DISABLED <-> MALWARE-CNC Win.Trojan.IcedID variant extra payload download attempt (malware-cnc.rules)
 * 1:56990 <-> DISABLED <-> SERVER-WEBAPP Apache Unomi OGNL MVEL2 remote command execution attempt (server-webapp.rules)
 * 1:57002 <-> DISABLED <-> SERVER-WEBAPP Belkin Wemo UPnP cross site scripting attempt (server-webapp.rules)
 * 3:56994 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1226 attack attempt (file-other.rules)
 * 3:56995 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1226 attack attempt (file-other.rules)
 * 3:57011 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1227 attack attempt (file-image.rules)
 * 3:57001 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1224 attack attempt (file-other.rules)
 * 3:57000 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1224 attack attempt (file-other.rules)
 * 3:57012 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1227 attack attempt (file-image.rules)
 * 3:57015 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1227 attack attempt (file-image.rules)
 * 3:57014 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1227 attack attempt (file-image.rules)
 * 3:57016 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1227 attack attempt (file-image.rules)
 * 3:57018 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1227 attack attempt (file-image.rules)
 * 3:57013 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1227 attack attempt (file-image.rules)
 * 3:57017 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1227 attack attempt (file-image.rules)

Modified Rules:


 * 1:34416 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Internet Explorer 8 compatibility mode enable attempt (indicator-compromise.rules)
 * 3:56451 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-1196 attack attempt (file-image.rules)
 * 3:56452 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-1196 attack attempt (file-image.rules)

2021-01-26 13:54:24 UTC

Snort Subscriber Rules Update

Date: 2021-01-26

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091501.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:57007 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Demp-9825500-0 download attempt (malware-other.rules)
 * 1:57008 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Demp-9825500-0 download attempt (malware-other.rules)
 * 1:56978 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Winsecsrv-9823545-0 download attempt (malware-other.rules)
 * 1:56979 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Winsecsrv-9823554-0 download attempt (malware-other.rules)
 * 1:56999 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Cowq-9825380-0 download attempt (malware-other.rules)
 * 1:57002 <-> DISABLED <-> SERVER-WEBAPP Belkin Wemo UPnP cross site scripting attempt (server-webapp.rules)
 * 1:56980 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Winsecsrv-9823554-0 download attempt (malware-other.rules)
 * 1:56970 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Emotet-9823374-0 download attempt (malware-other.rules)
 * 1:56968 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Upatre-9823253-0 download attempt (malware-other.rules)
 * 1:56981 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ulise-9823887-0 download attempt (malware-other.rules)
 * 1:56972 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Winsecsrv-9823442-0 download attempt (malware-other.rules)
 * 1:56973 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Winsecsrv-9823448-0 download attempt (malware-other.rules)
 * 1:56967 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Upatre-9823253-0 download attempt (malware-other.rules)
 * 1:56974 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Winsecsrv-9823448-0 download attempt (malware-other.rules)
 * 1:57003 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Generickdz-9825516-0 download attempt (malware-other.rules)
 * 1:56969 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Emotet-9823374-0 download attempt (malware-other.rules)
 * 1:56992 <-> ENABLED <-> MALWARE-CNC Win.Trojan.ElectroRat outbound connection attempt (malware-cnc.rules)
 * 1:56991 <-> ENABLED <-> MALWARE-CNC Win.Trojan.ElectroRat outbound connection attempt (malware-cnc.rules)
 * 1:56993 <-> ENABLED <-> MALWARE-CNC Win.Trojan.ElectroRat outbound connection attempt (malware-cnc.rules)
 * 1:56997 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Urelas-9825378-0 download attempt (malware-other.rules)
 * 1:57009 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Cerber-9825486-0 download attempt (malware-other.rules)
 * 1:57006 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zbot-9825410-0 download attempt (malware-other.rules)
 * 1:57004 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Generickdz-9825516-0 download attempt (malware-other.rules)
 * 1:57010 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Cerber-9825486-0 download attempt (malware-other.rules)
 * 1:56996 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Urelas-9825378-0 download attempt (malware-other.rules)
 * 1:56977 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Winsecsrv-9823545-0 download attempt (malware-other.rules)
 * 1:56976 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Upatre-9823510-0 download attempt (malware-other.rules)
 * 1:56971 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Winsecsrv-9823442-0 download attempt (malware-other.rules)
 * 1:56983 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Emotet-9823901-0 download attempt (malware-other.rules)
 * 1:56982 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ulise-9823887-0 download attempt (malware-other.rules)
 * 1:56986 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ulise-9823969-0 download attempt (malware-other.rules)
 * 1:56985 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ulise-9823969-0 download attempt (malware-other.rules)
 * 1:56984 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Emotet-9823901-0 download attempt (malware-other.rules)
 * 1:56987 <-> DISABLED <-> MALWARE-CNC Win.Trojan.IcedID variant extra payload download attempt (malware-cnc.rules)
 * 1:56990 <-> DISABLED <-> SERVER-WEBAPP Apache Unomi OGNL MVEL2 remote command execution attempt (server-webapp.rules)
 * 1:56989 <-> DISABLED <-> SERVER-WEBAPP Apache OpenMeetings NetTest denial of service attempt (server-webapp.rules)
 * 1:56988 <-> DISABLED <-> MALWARE-CNC Win.Trojan.IcedID variant extra payload download attempt (malware-cnc.rules)
 * 1:56998 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Cowq-9825380-0 download attempt (malware-other.rules)
 * 1:57005 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zbot-9825410-0 download attempt (malware-other.rules)
 * 1:56975 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Upatre-9823510-0 download attempt (malware-other.rules)
 * 3:56994 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1226 attack attempt (file-other.rules)
 * 3:57001 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1224 attack attempt (file-other.rules)
 * 3:56995 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1226 attack attempt (file-other.rules)
 * 3:57011 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1227 attack attempt (file-image.rules)
 * 3:57000 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1224 attack attempt (file-other.rules)
 * 3:57014 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1227 attack attempt (file-image.rules)
 * 3:57012 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1227 attack attempt (file-image.rules)
 * 3:57015 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1227 attack attempt (file-image.rules)
 * 3:57018 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1227 attack attempt (file-image.rules)
 * 3:57013 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1227 attack attempt (file-image.rules)
 * 3:57016 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1227 attack attempt (file-image.rules)
 * 3:57017 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1227 attack attempt (file-image.rules)

Modified Rules:


 * 1:34416 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Internet Explorer 8 compatibility mode enable attempt (indicator-compromise.rules)
 * 3:56451 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-1196 attack attempt (file-image.rules)
 * 3:56452 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-1196 attack attempt (file-image.rules)

2021-01-26 13:54:24 UTC

Snort Subscriber Rules Update

Date: 2021-01-26

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091500.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:56996 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Urelas-9825378-0 download attempt (malware-other.rules)
 * 1:56968 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Upatre-9823253-0 download attempt (malware-other.rules)
 * 1:56998 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Cowq-9825380-0 download attempt (malware-other.rules)
 * 1:56969 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Emotet-9823374-0 download attempt (malware-other.rules)
 * 1:57003 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Generickdz-9825516-0 download attempt (malware-other.rules)
 * 1:57004 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Generickdz-9825516-0 download attempt (malware-other.rules)
 * 1:57006 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zbot-9825410-0 download attempt (malware-other.rules)
 * 1:57010 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Cerber-9825486-0 download attempt (malware-other.rules)
 * 1:57009 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Cerber-9825486-0 download attempt (malware-other.rules)
 * 1:56977 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Winsecsrv-9823545-0 download attempt (malware-other.rules)
 * 1:56976 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Upatre-9823510-0 download attempt (malware-other.rules)
 * 1:56971 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Winsecsrv-9823442-0 download attempt (malware-other.rules)
 * 1:56982 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ulise-9823887-0 download attempt (malware-other.rules)
 * 1:57005 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zbot-9825410-0 download attempt (malware-other.rules)
 * 1:56999 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Cowq-9825380-0 download attempt (malware-other.rules)
 * 1:56978 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Winsecsrv-9823545-0 download attempt (malware-other.rules)
 * 1:57002 <-> DISABLED <-> SERVER-WEBAPP Belkin Wemo UPnP cross site scripting attempt (server-webapp.rules)
 * 1:56979 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Winsecsrv-9823554-0 download attempt (malware-other.rules)
 * 1:56980 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Winsecsrv-9823554-0 download attempt (malware-other.rules)
 * 1:56970 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Emotet-9823374-0 download attempt (malware-other.rules)
 * 1:56967 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Upatre-9823253-0 download attempt (malware-other.rules)
 * 1:57008 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Demp-9825500-0 download attempt (malware-other.rules)
 * 1:57007 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Demp-9825500-0 download attempt (malware-other.rules)
 * 1:56981 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ulise-9823887-0 download attempt (malware-other.rules)
 * 1:56972 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Winsecsrv-9823442-0 download attempt (malware-other.rules)
 * 1:56974 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Winsecsrv-9823448-0 download attempt (malware-other.rules)
 * 1:56986 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ulise-9823969-0 download attempt (malware-other.rules)
 * 1:56985 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ulise-9823969-0 download attempt (malware-other.rules)
 * 1:56984 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Emotet-9823901-0 download attempt (malware-other.rules)
 * 1:56983 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Emotet-9823901-0 download attempt (malware-other.rules)
 * 1:56990 <-> DISABLED <-> SERVER-WEBAPP Apache Unomi OGNL MVEL2 remote command execution attempt (server-webapp.rules)
 * 1:56989 <-> DISABLED <-> SERVER-WEBAPP Apache OpenMeetings NetTest denial of service attempt (server-webapp.rules)
 * 1:56988 <-> DISABLED <-> MALWARE-CNC Win.Trojan.IcedID variant extra payload download attempt (malware-cnc.rules)
 * 1:56987 <-> DISABLED <-> MALWARE-CNC Win.Trojan.IcedID variant extra payload download attempt (malware-cnc.rules)
 * 1:56997 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Urelas-9825378-0 download attempt (malware-other.rules)
 * 1:56973 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Winsecsrv-9823448-0 download attempt (malware-other.rules)
 * 1:56992 <-> ENABLED <-> MALWARE-CNC Win.Trojan.ElectroRat outbound connection attempt (malware-cnc.rules)
 * 1:56993 <-> ENABLED <-> MALWARE-CNC Win.Trojan.ElectroRat outbound connection attempt (malware-cnc.rules)
 * 1:56975 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Upatre-9823510-0 download attempt (malware-other.rules)
 * 1:56991 <-> ENABLED <-> MALWARE-CNC Win.Trojan.ElectroRat outbound connection attempt (malware-cnc.rules)
 * 3:57001 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1224 attack attempt (file-other.rules)
 * 3:56995 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1226 attack attempt (file-other.rules)
 * 3:56994 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1226 attack attempt (file-other.rules)
 * 3:57014 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1227 attack attempt (file-image.rules)
 * 3:57000 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1224 attack attempt (file-other.rules)
 * 3:57012 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1227 attack attempt (file-image.rules)
 * 3:57011 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1227 attack attempt (file-image.rules)
 * 3:57013 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1227 attack attempt (file-image.rules)
 * 3:57015 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1227 attack attempt (file-image.rules)
 * 3:57018 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1227 attack attempt (file-image.rules)
 * 3:57017 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1227 attack attempt (file-image.rules)
 * 3:57016 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1227 attack attempt (file-image.rules)

Modified Rules:


 * 1:34416 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Internet Explorer 8 compatibility mode enable attempt (indicator-compromise.rules)
 * 3:56452 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-1196 attack attempt (file-image.rules)
 * 3:56451 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-1196 attack attempt (file-image.rules)

2021-01-26 13:54:24 UTC

Snort Subscriber Rules Update

Date: 2021-01-26

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091401.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:56967 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Upatre-9823253-0 download attempt (malware-other.rules)
 * 1:56973 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Winsecsrv-9823448-0 download attempt (malware-other.rules)
 * 1:56978 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Winsecsrv-9823545-0 download attempt (malware-other.rules)
 * 1:56998 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Cowq-9825380-0 download attempt (malware-other.rules)
 * 1:56979 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Winsecsrv-9823554-0 download attempt (malware-other.rules)
 * 1:56975 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Upatre-9823510-0 download attempt (malware-other.rules)
 * 1:56976 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Upatre-9823510-0 download attempt (malware-other.rules)
 * 1:56971 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Winsecsrv-9823442-0 download attempt (malware-other.rules)
 * 1:56982 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ulise-9823887-0 download attempt (malware-other.rules)
 * 1:56985 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ulise-9823969-0 download attempt (malware-other.rules)
 * 1:56984 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Emotet-9823901-0 download attempt (malware-other.rules)
 * 1:56983 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Emotet-9823901-0 download attempt (malware-other.rules)
 * 1:56986 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ulise-9823969-0 download attempt (malware-other.rules)
 * 1:56989 <-> DISABLED <-> SERVER-WEBAPP Apache OpenMeetings NetTest denial of service attempt (server-webapp.rules)
 * 1:56987 <-> DISABLED <-> MALWARE-CNC Win.Trojan.IcedID variant extra payload download attempt (malware-cnc.rules)
 * 1:56988 <-> DISABLED <-> MALWARE-CNC Win.Trojan.IcedID variant extra payload download attempt (malware-cnc.rules)
 * 1:56990 <-> DISABLED <-> SERVER-WEBAPP Apache Unomi OGNL MVEL2 remote command execution attempt (server-webapp.rules)
 * 1:56980 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Winsecsrv-9823554-0 download attempt (malware-other.rules)
 * 1:56981 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ulise-9823887-0 download attempt (malware-other.rules)
 * 1:57010 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Cerber-9825486-0 download attempt (malware-other.rules)
 * 1:56968 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Upatre-9823253-0 download attempt (malware-other.rules)
 * 1:56993 <-> ENABLED <-> MALWARE-CNC Win.Trojan.ElectroRat outbound connection attempt (malware-cnc.rules)
 * 1:56999 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Cowq-9825380-0 download attempt (malware-other.rules)
 * 1:57002 <-> DISABLED <-> SERVER-WEBAPP Belkin Wemo UPnP cross site scripting attempt (server-webapp.rules)
 * 1:56970 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Emotet-9823374-0 download attempt (malware-other.rules)
 * 1:57006 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zbot-9825410-0 download attempt (malware-other.rules)
 * 1:56972 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Winsecsrv-9823442-0 download attempt (malware-other.rules)
 * 1:57009 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Cerber-9825486-0 download attempt (malware-other.rules)
 * 1:57008 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Demp-9825500-0 download attempt (malware-other.rules)
 * 1:56977 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Winsecsrv-9823545-0 download attempt (malware-other.rules)
 * 1:56974 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Winsecsrv-9823448-0 download attempt (malware-other.rules)
 * 1:56992 <-> ENABLED <-> MALWARE-CNC Win.Trojan.ElectroRat outbound connection attempt (malware-cnc.rules)
 * 1:56996 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Urelas-9825378-0 download attempt (malware-other.rules)
 * 1:56991 <-> ENABLED <-> MALWARE-CNC Win.Trojan.ElectroRat outbound connection attempt (malware-cnc.rules)
 * 1:56997 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Urelas-9825378-0 download attempt (malware-other.rules)
 * 1:57003 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Generickdz-9825516-0 download attempt (malware-other.rules)
 * 1:56969 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Emotet-9823374-0 download attempt (malware-other.rules)
 * 1:57004 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Generickdz-9825516-0 download attempt (malware-other.rules)
 * 1:57005 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zbot-9825410-0 download attempt (malware-other.rules)
 * 1:57007 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Demp-9825500-0 download attempt (malware-other.rules)
 * 3:56994 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1226 attack attempt (file-other.rules)
 * 3:56995 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1226 attack attempt (file-other.rules)
 * 3:57000 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1224 attack attempt (file-other.rules)
 * 3:57011 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1227 attack attempt (file-image.rules)
 * 3:57012 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1227 attack attempt (file-image.rules)
 * 3:57013 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1227 attack attempt (file-image.rules)
 * 3:57014 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1227 attack attempt (file-image.rules)
 * 3:57015 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1227 attack attempt (file-image.rules)
 * 3:57016 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1227 attack attempt (file-image.rules)
 * 3:57017 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1227 attack attempt (file-image.rules)
 * 3:57018 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1227 attack attempt (file-image.rules)
 * 3:57001 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1224 attack attempt (file-other.rules)

Modified Rules:


 * 1:34416 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Internet Explorer 8 compatibility mode enable attempt (indicator-compromise.rules)
 * 3:56451 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-1196 attack attempt (file-image.rules)
 * 3:56452 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-1196 attack attempt (file-image.rules)

2021-01-26 13:54:24 UTC

Snort Subscriber Rules Update

Date: 2021-01-26

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091300.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:56987 <-> DISABLED <-> MALWARE-CNC Win.Trojan.IcedID variant extra payload download attempt (malware-cnc.rules)
 * 1:56988 <-> DISABLED <-> MALWARE-CNC Win.Trojan.IcedID variant extra payload download attempt (malware-cnc.rules)
 * 1:56989 <-> DISABLED <-> SERVER-WEBAPP Apache OpenMeetings NetTest denial of service attempt (server-webapp.rules)
 * 1:56990 <-> DISABLED <-> SERVER-WEBAPP Apache Unomi OGNL MVEL2 remote command execution attempt (server-webapp.rules)
 * 1:56993 <-> ENABLED <-> MALWARE-CNC Win.Trojan.ElectroRat outbound connection attempt (malware-cnc.rules)
 * 1:56975 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Upatre-9823510-0 download attempt (malware-other.rules)
 * 1:56974 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Winsecsrv-9823448-0 download attempt (malware-other.rules)
 * 1:56997 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Urelas-9825378-0 download attempt (malware-other.rules)
 * 1:56999 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Cowq-9825380-0 download attempt (malware-other.rules)
 * 1:56977 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Winsecsrv-9823545-0 download attempt (malware-other.rules)
 * 1:56969 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Emotet-9823374-0 download attempt (malware-other.rules)
 * 1:56973 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Winsecsrv-9823448-0 download attempt (malware-other.rules)
 * 1:56976 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Upatre-9823510-0 download attempt (malware-other.rules)
 * 1:56978 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Winsecsrv-9823545-0 download attempt (malware-other.rules)
 * 1:56970 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Emotet-9823374-0 download attempt (malware-other.rules)
 * 1:56979 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Winsecsrv-9823554-0 download attempt (malware-other.rules)
 * 1:56980 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Winsecsrv-9823554-0 download attempt (malware-other.rules)
 * 1:56981 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ulise-9823887-0 download attempt (malware-other.rules)
 * 1:56972 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Winsecsrv-9823442-0 download attempt (malware-other.rules)
 * 1:57002 <-> DISABLED <-> SERVER-WEBAPP Belkin Wemo UPnP cross site scripting attempt (server-webapp.rules)
 * 1:56996 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Urelas-9825378-0 download attempt (malware-other.rules)
 * 1:57010 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Cerber-9825486-0 download attempt (malware-other.rules)
 * 1:57004 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Generickdz-9825516-0 download attempt (malware-other.rules)
 * 1:56991 <-> ENABLED <-> MALWARE-CNC Win.Trojan.ElectroRat outbound connection attempt (malware-cnc.rules)
 * 1:56971 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Winsecsrv-9823442-0 download attempt (malware-other.rules)
 * 1:56982 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ulise-9823887-0 download attempt (malware-other.rules)
 * 1:56983 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Emotet-9823901-0 download attempt (malware-other.rules)
 * 1:56984 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Emotet-9823901-0 download attempt (malware-other.rules)
 * 1:56985 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ulise-9823969-0 download attempt (malware-other.rules)
 * 1:56986 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ulise-9823969-0 download attempt (malware-other.rules)
 * 1:56968 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Upatre-9823253-0 download attempt (malware-other.rules)
 * 1:56992 <-> ENABLED <-> MALWARE-CNC Win.Trojan.ElectroRat outbound connection attempt (malware-cnc.rules)
 * 1:57003 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Generickdz-9825516-0 download attempt (malware-other.rules)
 * 1:56998 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Cowq-9825380-0 download attempt (malware-other.rules)
 * 1:57006 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zbot-9825410-0 download attempt (malware-other.rules)
 * 1:57009 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Cerber-9825486-0 download attempt (malware-other.rules)
 * 1:57008 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Demp-9825500-0 download attempt (malware-other.rules)
 * 1:57005 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zbot-9825410-0 download attempt (malware-other.rules)
 * 1:57007 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Demp-9825500-0 download attempt (malware-other.rules)
 * 1:56967 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Upatre-9823253-0 download attempt (malware-other.rules)
 * 3:57017 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1227 attack attempt (file-image.rules)
 * 3:57018 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1227 attack attempt (file-image.rules)
 * 3:56994 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1226 attack attempt (file-other.rules)
 * 3:57011 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1227 attack attempt (file-image.rules)
 * 3:57014 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1227 attack attempt (file-image.rules)
 * 3:56995 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1226 attack attempt (file-other.rules)
 * 3:57013 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1227 attack attempt (file-image.rules)
 * 3:57012 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1227 attack attempt (file-image.rules)
 * 3:57001 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1224 attack attempt (file-other.rules)
 * 3:57015 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1227 attack attempt (file-image.rules)
 * 3:57016 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1227 attack attempt (file-image.rules)
 * 3:57000 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1224 attack attempt (file-other.rules)

Modified Rules:


 * 1:34416 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Internet Explorer 8 compatibility mode enable attempt (indicator-compromise.rules)
 * 3:56451 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-1196 attack attempt (file-image.rules)
 * 3:56452 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-1196 attack attempt (file-image.rules)

2021-01-26 13:54:24 UTC

Snort Subscriber Rules Update

Date: 2021-01-26

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091101.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:56971 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Winsecsrv-9823442-0 download attempt (malware-other.rules)
 * 1:56974 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Winsecsrv-9823448-0 download attempt (malware-other.rules)
 * 1:56978 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Winsecsrv-9823545-0 download attempt (malware-other.rules)
 * 1:57007 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Demp-9825500-0 download attempt (malware-other.rules)
 * 1:56979 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Winsecsrv-9823554-0 download attempt (malware-other.rules)
 * 1:56980 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Winsecsrv-9823554-0 download attempt (malware-other.rules)
 * 1:56967 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Upatre-9823253-0 download attempt (malware-other.rules)
 * 1:56981 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ulise-9823887-0 download attempt (malware-other.rules)
 * 1:56972 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Winsecsrv-9823442-0 download attempt (malware-other.rules)
 * 1:57008 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Demp-9825500-0 download attempt (malware-other.rules)
 * 1:57003 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Generickdz-9825516-0 download attempt (malware-other.rules)
 * 1:56997 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Urelas-9825378-0 download attempt (malware-other.rules)
 * 1:56991 <-> ENABLED <-> MALWARE-CNC Win.Trojan.ElectroRat outbound connection attempt (malware-cnc.rules)
 * 1:56973 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Winsecsrv-9823448-0 download attempt (malware-other.rules)
 * 1:57004 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Generickdz-9825516-0 download attempt (malware-other.rules)
 * 1:57006 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zbot-9825410-0 download attempt (malware-other.rules)
 * 1:57010 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Cerber-9825486-0 download attempt (malware-other.rules)
 * 1:57002 <-> DISABLED <-> SERVER-WEBAPP Belkin Wemo UPnP cross site scripting attempt (server-webapp.rules)
 * 1:56975 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Upatre-9823510-0 download attempt (malware-other.rules)
 * 1:56970 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Emotet-9823374-0 download attempt (malware-other.rules)
 * 1:56968 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Upatre-9823253-0 download attempt (malware-other.rules)
 * 1:56977 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Winsecsrv-9823545-0 download attempt (malware-other.rules)
 * 1:56993 <-> ENABLED <-> MALWARE-CNC Win.Trojan.ElectroRat outbound connection attempt (malware-cnc.rules)
 * 1:56976 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Upatre-9823510-0 download attempt (malware-other.rules)
 * 1:56998 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Cowq-9825380-0 download attempt (malware-other.rules)
 * 1:56999 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Cowq-9825380-0 download attempt (malware-other.rules)
 * 1:56982 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ulise-9823887-0 download attempt (malware-other.rules)
 * 1:56983 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Emotet-9823901-0 download attempt (malware-other.rules)
 * 1:56984 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Emotet-9823901-0 download attempt (malware-other.rules)
 * 1:56985 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ulise-9823969-0 download attempt (malware-other.rules)
 * 1:56986 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ulise-9823969-0 download attempt (malware-other.rules)
 * 1:56987 <-> DISABLED <-> MALWARE-CNC Win.Trojan.IcedID variant extra payload download attempt (malware-cnc.rules)
 * 1:56988 <-> DISABLED <-> MALWARE-CNC Win.Trojan.IcedID variant extra payload download attempt (malware-cnc.rules)
 * 1:56989 <-> DISABLED <-> SERVER-WEBAPP Apache OpenMeetings NetTest denial of service attempt (server-webapp.rules)
 * 1:56990 <-> DISABLED <-> SERVER-WEBAPP Apache Unomi OGNL MVEL2 remote command execution attempt (server-webapp.rules)
 * 1:56996 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Urelas-9825378-0 download attempt (malware-other.rules)
 * 1:56992 <-> ENABLED <-> MALWARE-CNC Win.Trojan.ElectroRat outbound connection attempt (malware-cnc.rules)
 * 1:57005 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zbot-9825410-0 download attempt (malware-other.rules)
 * 1:56969 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Emotet-9823374-0 download attempt (malware-other.rules)
 * 1:57009 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Cerber-9825486-0 download attempt (malware-other.rules)
 * 3:57011 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1227 attack attempt (file-image.rules)
 * 3:57017 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1227 attack attempt (file-image.rules)
 * 3:57018 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1227 attack attempt (file-image.rules)
 * 3:57014 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1227 attack attempt (file-image.rules)
 * 3:56994 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1226 attack attempt (file-other.rules)
 * 3:57013 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1227 attack attempt (file-image.rules)
 * 3:57016 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1227 attack attempt (file-image.rules)
 * 3:56995 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1226 attack attempt (file-other.rules)
 * 3:57000 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1224 attack attempt (file-other.rules)
 * 3:57012 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1227 attack attempt (file-image.rules)
 * 3:57015 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1227 attack attempt (file-image.rules)
 * 3:57001 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1224 attack attempt (file-other.rules)

Modified Rules:


 * 1:34416 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Internet Explorer 8 compatibility mode enable attempt (indicator-compromise.rules)
 * 3:56451 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-1196 attack attempt (file-image.rules)
 * 3:56452 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-1196 attack attempt (file-image.rules)

2021-01-26 13:54:24 UTC

Snort Subscriber Rules Update

Date: 2021-01-26

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3000.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:57010 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Cerber-9825486-0 download attempt (snort3-malware-other.rules)
 * 1:56967 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Upatre-9823253-0 download attempt (snort3-malware-other.rules)
 * 1:56981 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ulise-9823887-0 download attempt (snort3-malware-other.rules)
 * 1:56975 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Upatre-9823510-0 download attempt (snort3-malware-other.rules)
 * 1:56993 <-> ENABLED <-> MALWARE-CNC Win.Trojan.ElectroRat outbound connection attempt (snort3-malware-cnc.rules)
 * 1:56974 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Winsecsrv-9823448-0 download attempt (snort3-malware-other.rules)
 * 1:56984 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Emotet-9823901-0 download attempt (snort3-malware-other.rules)
 * 1:56983 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Emotet-9823901-0 download attempt (snort3-malware-other.rules)
 * 1:56985 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ulise-9823969-0 download attempt (snort3-malware-other.rules)
 * 1:56986 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ulise-9823969-0 download attempt (snort3-malware-other.rules)
 * 1:56968 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Upatre-9823253-0 download attempt (snort3-malware-other.rules)
 * 1:56989 <-> DISABLED <-> SERVER-WEBAPP Apache OpenMeetings NetTest denial of service attempt (snort3-server-webapp.rules)
 * 1:56987 <-> DISABLED <-> MALWARE-CNC Win.Trojan.IcedID variant extra payload download attempt (snort3-malware-cnc.rules)
 * 1:56978 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Winsecsrv-9823545-0 download attempt (snort3-malware-other.rules)
 * 1:56996 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Urelas-9825378-0 download attempt (snort3-malware-other.rules)
 * 1:56988 <-> DISABLED <-> MALWARE-CNC Win.Trojan.IcedID variant extra payload download attempt (snort3-malware-cnc.rules)
 * 1:56999 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Cowq-9825380-0 download attempt (snort3-malware-other.rules)
 * 1:56980 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Winsecsrv-9823554-0 download attempt (snort3-malware-other.rules)
 * 1:57009 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Cerber-9825486-0 download attempt (snort3-malware-other.rules)
 * 1:56979 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Winsecsrv-9823554-0 download attempt (snort3-malware-other.rules)
 * 1:56970 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Emotet-9823374-0 download attempt (snort3-malware-other.rules)
 * 1:56973 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Winsecsrv-9823448-0 download attempt (snort3-malware-other.rules)
 * 1:56992 <-> ENABLED <-> MALWARE-CNC Win.Trojan.ElectroRat outbound connection attempt (snort3-malware-cnc.rules)
 * 1:57002 <-> DISABLED <-> SERVER-WEBAPP Belkin Wemo UPnP cross site scripting attempt (snort3-server-webapp.rules)
 * 1:57003 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Generickdz-9825516-0 download attempt (snort3-malware-other.rules)
 * 1:57004 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Generickdz-9825516-0 download attempt (snort3-malware-other.rules)
 * 1:56976 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Upatre-9823510-0 download attempt (snort3-malware-other.rules)
 * 1:56969 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Emotet-9823374-0 download attempt (snort3-malware-other.rules)
 * 1:56977 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Winsecsrv-9823545-0 download attempt (snort3-malware-other.rules)
 * 1:56998 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Cowq-9825380-0 download attempt (snort3-malware-other.rules)
 * 1:56982 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ulise-9823887-0 download attempt (snort3-malware-other.rules)
 * 1:57007 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Demp-9825500-0 download attempt (snort3-malware-other.rules)
 * 1:57008 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Demp-9825500-0 download attempt (snort3-malware-other.rules)
 * 1:57005 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zbot-9825410-0 download attempt (snort3-malware-other.rules)
 * 1:56971 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Winsecsrv-9823442-0 download attempt (snort3-malware-other.rules)
 * 1:56997 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Urelas-9825378-0 download attempt (snort3-malware-other.rules)
 * 1:56972 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Winsecsrv-9823442-0 download attempt (snort3-malware-other.rules)
 * 1:56990 <-> DISABLED <-> SERVER-WEBAPP Apache Unomi OGNL MVEL2 remote command execution attempt (snort3-server-webapp.rules)
 * 1:56991 <-> ENABLED <-> MALWARE-CNC Win.Trojan.ElectroRat outbound connection attempt (snort3-malware-cnc.rules)
 * 1:57006 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zbot-9825410-0 download attempt (snort3-malware-other.rules)

Modified Rules:


 * 1:34416 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Internet Explorer 8 compatibility mode enable attempt (snort3-indicator-compromise.rules)

2021-01-26 13:54:24 UTC

Snort Subscriber Rules Update

Date: 2021-01-26

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:56988 <-> DISABLED <-> MALWARE-CNC Win.Trojan.IcedID variant extra payload download attempt (malware-cnc.rules)
 * 1:57002 <-> DISABLED <-> SERVER-WEBAPP Belkin Wemo UPnP cross site scripting attempt (server-webapp.rules)
 * 1:56990 <-> DISABLED <-> SERVER-WEBAPP Apache Unomi OGNL MVEL2 remote command execution attempt (server-webapp.rules)
 * 1:57003 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Generickdz-9825516-0 download attempt (malware-other.rules)
 * 1:56998 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Cowq-9825380-0 download attempt (malware-other.rules)
 * 1:56978 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Winsecsrv-9823545-0 download attempt (malware-other.rules)
 * 1:56986 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ulise-9823969-0 download attempt (malware-other.rules)
 * 1:57005 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zbot-9825410-0 download attempt (malware-other.rules)
 * 1:56975 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Upatre-9823510-0 download attempt (malware-other.rules)
 * 1:57004 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Generickdz-9825516-0 download attempt (malware-other.rules)
 * 1:56991 <-> ENABLED <-> MALWARE-CNC Win.Trojan.ElectroRat outbound connection attempt (malware-cnc.rules)
 * 1:57008 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Demp-9825500-0 download attempt (malware-other.rules)
 * 1:56996 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Urelas-9825378-0 download attempt (malware-other.rules)
 * 1:57009 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Cerber-9825486-0 download attempt (malware-other.rules)
 * 1:56970 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Emotet-9823374-0 download attempt (malware-other.rules)
 * 1:56997 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Urelas-9825378-0 download attempt (malware-other.rules)
 * 1:56999 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Cowq-9825380-0 download attempt (malware-other.rules)
 * 1:57006 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zbot-9825410-0 download attempt (malware-other.rules)
 * 1:57007 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Demp-9825500-0 download attempt (malware-other.rules)
 * 1:56976 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Upatre-9823510-0 download attempt (malware-other.rules)
 * 1:57010 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Cerber-9825486-0 download attempt (malware-other.rules)
 * 1:56971 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Winsecsrv-9823442-0 download attempt (malware-other.rules)
 * 1:56984 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Emotet-9823901-0 download attempt (malware-other.rules)
 * 1:56993 <-> ENABLED <-> MALWARE-CNC Win.Trojan.ElectroRat outbound connection attempt (malware-cnc.rules)
 * 1:56985 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ulise-9823969-0 download attempt (malware-other.rules)
 * 1:56969 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Emotet-9823374-0 download attempt (malware-other.rules)
 * 1:56972 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Winsecsrv-9823442-0 download attempt (malware-other.rules)
 * 1:56992 <-> ENABLED <-> MALWARE-CNC Win.Trojan.ElectroRat outbound connection attempt (malware-cnc.rules)
 * 1:56973 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Winsecsrv-9823448-0 download attempt (malware-other.rules)
 * 1:56974 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Winsecsrv-9823448-0 download attempt (malware-other.rules)
 * 1:56989 <-> DISABLED <-> SERVER-WEBAPP Apache OpenMeetings NetTest denial of service attempt (server-webapp.rules)
 * 1:56967 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Upatre-9823253-0 download attempt (malware-other.rules)
 * 1:56968 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Upatre-9823253-0 download attempt (malware-other.rules)
 * 1:56987 <-> DISABLED <-> MALWARE-CNC Win.Trojan.IcedID variant extra payload download attempt (malware-cnc.rules)
 * 1:56979 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Winsecsrv-9823554-0 download attempt (malware-other.rules)
 * 1:56980 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Winsecsrv-9823554-0 download attempt (malware-other.rules)
 * 1:56983 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Emotet-9823901-0 download attempt (malware-other.rules)
 * 1:56977 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Winsecsrv-9823545-0 download attempt (malware-other.rules)
 * 1:56981 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ulise-9823887-0 download attempt (malware-other.rules)
 * 1:56982 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ulise-9823887-0 download attempt (malware-other.rules)
 * 3:57017 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1227 attack attempt (file-image.rules)
 * 3:57018 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1227 attack attempt (file-image.rules)
 * 3:57011 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1227 attack attempt (file-image.rules)
 * 3:57000 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1224 attack attempt (file-other.rules)
 * 3:57012 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1227 attack attempt (file-image.rules)
 * 3:57016 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1227 attack attempt (file-image.rules)
 * 3:56994 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1226 attack attempt (file-other.rules)
 * 3:57015 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1227 attack attempt (file-image.rules)
 * 3:57014 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1227 attack attempt (file-image.rules)
 * 3:57001 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1224 attack attempt (file-other.rules)
 * 3:56995 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1226 attack attempt (file-other.rules)
 * 3:57013 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1227 attack attempt (file-image.rules)

Modified Rules:


 * 1:34416 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Internet Explorer 8 compatibility mode enable attempt (indicator-compromise.rules)
 * 3:56452 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-1196 attack attempt (file-image.rules)
 * 3:56451 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-1196 attack attempt (file-image.rules)