Talos Rules 2021-01-28
This release adds and modifies rules in several categories.

Talos has added and modified multiple rules in the browser-webkit, exploit-kit, malware-cnc, malware-other and server-webapp rule sets to provide coverage for emerging threats from these technologies.

Change logs

2021-01-28 14:22:56 UTC

Snort Subscriber Rules Update

Date: 2021-01-28

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091700.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:57019 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generickdz-9825913-0 download attempt (malware-other.rules)
 * 1:57020 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generickdz-9825913-0 download attempt (malware-other.rules)
 * 1:57021 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ceyc-9825747-0 download attempt (malware-other.rules)
 * 1:57022 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ceyc-9825747-0 download attempt (malware-other.rules)
 * 1:57023 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.RansomLock-9825921-0 download attempt (malware-other.rules)
 * 1:57024 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.RansomLock-9825921-0 download attempt (malware-other.rules)
 * 1:57025 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Urausy-9825941-0 download attempt (malware-other.rules)
 * 1:57026 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Urausy-9825941-0 download attempt (malware-other.rules)
 * 1:57027 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Fugrafa-9826021-0 download attempt (malware-other.rules)
 * 1:57028 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Fugrafa-9826021-0 download attempt (malware-other.rules)
 * 1:57029 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Lockscreen-9826040-0 download attempt (malware-other.rules)
 * 1:57030 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Lockscreen-9826040-0 download attempt (malware-other.rules)
 * 1:57031 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zbot-9826061-0 download attempt (malware-other.rules)
 * 1:57032 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zbot-9826061-0 download attempt (malware-other.rules)
 * 1:57033 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Urausy-9826539-0 download attempt (malware-other.rules)
 * 1:57034 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Urausy-9826539-0 download attempt (malware-other.rules)
 * 1:57035 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Urausy-9826537-0 download attempt (malware-other.rules)
 * 1:57036 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Urausy-9826537-0 download attempt (malware-other.rules)
 * 1:57037 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Generickdz-9826546-0 download attempt (malware-other.rules)
 * 1:57038 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Generickdz-9826546-0 download attempt (malware-other.rules)
 * 1:57039 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Karagany-9826730-0 download attempt (malware-other.rules)
 * 1:57040 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Karagany-9826730-0 download attempt (malware-other.rules)
 * 1:57041 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Nymaim-9826797-0 download attempt (malware-other.rules)
 * 1:57042 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Nymaim-9826797-0 download attempt (malware-other.rules)
 * 1:57043 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Fugrafa-9826819-0 download attempt (malware-other.rules)
 * 1:57044 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Fugrafa-9826819-0 download attempt (malware-other.rules)
 * 1:57047 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Covicli variant download attempt (malware-cnc.rules)
 * 1:57048 <-> DISABLED <-> SERVER-WEBAPP SaltStack Salt API SSH Client command injection attempt (server-webapp.rules)
 * 1:57049 <-> DISABLED <-> SERVER-WEBAPP SaltStack Salt API SSH Client command injection attempt (server-webapp.rules)
 * 3:57045 <-> ENABLED <-> BROWSER-WEBKIT TRUFFLEHUNTER TALOS-2021-1229 attack attempt (browser-webkit.rules)
 * 3:57046 <-> ENABLED <-> BROWSER-WEBKIT TRUFFLEHUNTER TALOS-2021-1229 attack attempt (browser-webkit.rules)

Modified Rules:


 * 1:40753 <-> ENABLED <-> EXPLOIT-KIT Rig exploit kit outbound communication (exploit-kit.rules)
 * 1:26784 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nivdort variant outbound connection (malware-cnc.rules)
 * 1:15941 <-> DISABLED <-> SERVER-OTHER Squid Proxy TRACE request remote DoS attempt (server-other.rules)
 * 1:25043 <-> ENABLED <-> EXPLOIT-KIT Blackholev2 exploit kit url structure detected (exploit-kit.rules)

2021-01-28 14:22:56 UTC

Snort Subscriber Rules Update

Date: 2021-01-28

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091601.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:57021 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ceyc-9825747-0 download attempt (malware-other.rules)
 * 1:57049 <-> DISABLED <-> SERVER-WEBAPP SaltStack Salt API SSH Client command injection attempt (server-webapp.rules)
 * 1:57020 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generickdz-9825913-0 download attempt (malware-other.rules)
 * 1:57025 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Urausy-9825941-0 download attempt (malware-other.rules)
 * 1:57041 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Nymaim-9826797-0 download attempt (malware-other.rules)
 * 1:57042 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Nymaim-9826797-0 download attempt (malware-other.rules)
 * 1:57019 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generickdz-9825913-0 download attempt (malware-other.rules)
 * 1:57022 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ceyc-9825747-0 download attempt (malware-other.rules)
 * 1:57023 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.RansomLock-9825921-0 download attempt (malware-other.rules)
 * 1:57024 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.RansomLock-9825921-0 download attempt (malware-other.rules)
 * 1:57026 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Urausy-9825941-0 download attempt (malware-other.rules)
 * 1:57027 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Fugrafa-9826021-0 download attempt (malware-other.rules)
 * 1:57028 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Fugrafa-9826021-0 download attempt (malware-other.rules)
 * 1:57029 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Lockscreen-9826040-0 download attempt (malware-other.rules)
 * 1:57030 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Lockscreen-9826040-0 download attempt (malware-other.rules)
 * 1:57031 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zbot-9826061-0 download attempt (malware-other.rules)
 * 1:57032 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zbot-9826061-0 download attempt (malware-other.rules)
 * 1:57033 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Urausy-9826539-0 download attempt (malware-other.rules)
 * 1:57034 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Urausy-9826539-0 download attempt (malware-other.rules)
 * 1:57035 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Urausy-9826537-0 download attempt (malware-other.rules)
 * 1:57036 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Urausy-9826537-0 download attempt (malware-other.rules)
 * 1:57037 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Generickdz-9826546-0 download attempt (malware-other.rules)
 * 1:57038 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Generickdz-9826546-0 download attempt (malware-other.rules)
 * 1:57039 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Karagany-9826730-0 download attempt (malware-other.rules)
 * 1:57040 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Karagany-9826730-0 download attempt (malware-other.rules)
 * 1:57043 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Fugrafa-9826819-0 download attempt (malware-other.rules)
 * 1:57044 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Fugrafa-9826819-0 download attempt (malware-other.rules)
 * 1:57047 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Covicli variant download attempt (malware-cnc.rules)
 * 1:57048 <-> DISABLED <-> SERVER-WEBAPP SaltStack Salt API SSH Client command injection attempt (server-webapp.rules)
 * 3:57045 <-> ENABLED <-> BROWSER-WEBKIT TRUFFLEHUNTER TALOS-2021-1229 attack attempt (browser-webkit.rules)
 * 3:57046 <-> ENABLED <-> BROWSER-WEBKIT TRUFFLEHUNTER TALOS-2021-1229 attack attempt (browser-webkit.rules)

Modified Rules:


 * 1:25043 <-> ENABLED <-> EXPLOIT-KIT Blackholev2 exploit kit url structure detected (exploit-kit.rules)
 * 1:40753 <-> ENABLED <-> EXPLOIT-KIT Rig exploit kit outbound communication (exploit-kit.rules)
 * 1:26784 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nivdort variant outbound connection (malware-cnc.rules)
 * 1:15941 <-> DISABLED <-> SERVER-OTHER Squid Proxy TRACE request remote DoS attempt (server-other.rules)

2021-01-28 14:22:56 UTC

Snort Subscriber Rules Update

Date: 2021-01-28

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091600.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:57025 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Urausy-9825941-0 download attempt (malware-other.rules)
 * 1:57043 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Fugrafa-9826819-0 download attempt (malware-other.rules)
 * 1:57030 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Lockscreen-9826040-0 download attempt (malware-other.rules)
 * 1:57032 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zbot-9826061-0 download attempt (malware-other.rules)
 * 1:57031 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zbot-9826061-0 download attempt (malware-other.rules)
 * 1:57034 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Urausy-9826539-0 download attempt (malware-other.rules)
 * 1:57033 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Urausy-9826539-0 download attempt (malware-other.rules)
 * 1:57035 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Urausy-9826537-0 download attempt (malware-other.rules)
 * 1:57036 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Urausy-9826537-0 download attempt (malware-other.rules)
 * 1:57038 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Generickdz-9826546-0 download attempt (malware-other.rules)
 * 1:57037 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Generickdz-9826546-0 download attempt (malware-other.rules)
 * 1:57040 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Karagany-9826730-0 download attempt (malware-other.rules)
 * 1:57039 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Karagany-9826730-0 download attempt (malware-other.rules)
 * 1:57042 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Nymaim-9826797-0 download attempt (malware-other.rules)
 * 1:57041 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Nymaim-9826797-0 download attempt (malware-other.rules)
 * 1:57021 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ceyc-9825747-0 download attempt (malware-other.rules)
 * 1:57029 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Lockscreen-9826040-0 download attempt (malware-other.rules)
 * 1:57044 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Fugrafa-9826819-0 download attempt (malware-other.rules)
 * 1:57047 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Covicli variant download attempt (malware-cnc.rules)
 * 1:57049 <-> DISABLED <-> SERVER-WEBAPP SaltStack Salt API SSH Client command injection attempt (server-webapp.rules)
 * 1:57023 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.RansomLock-9825921-0 download attempt (malware-other.rules)
 * 1:57024 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.RansomLock-9825921-0 download attempt (malware-other.rules)
 * 1:57048 <-> DISABLED <-> SERVER-WEBAPP SaltStack Salt API SSH Client command injection attempt (server-webapp.rules)
 * 1:57020 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generickdz-9825913-0 download attempt (malware-other.rules)
 * 1:57026 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Urausy-9825941-0 download attempt (malware-other.rules)
 * 1:57027 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Fugrafa-9826021-0 download attempt (malware-other.rules)
 * 1:57028 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Fugrafa-9826021-0 download attempt (malware-other.rules)
 * 1:57022 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ceyc-9825747-0 download attempt (malware-other.rules)
 * 1:57019 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generickdz-9825913-0 download attempt (malware-other.rules)
 * 3:57045 <-> ENABLED <-> BROWSER-WEBKIT TRUFFLEHUNTER TALOS-2021-1229 attack attempt (browser-webkit.rules)
 * 3:57046 <-> ENABLED <-> BROWSER-WEBKIT TRUFFLEHUNTER TALOS-2021-1229 attack attempt (browser-webkit.rules)

Modified Rules:


 * 1:40753 <-> ENABLED <-> EXPLOIT-KIT Rig exploit kit outbound communication (exploit-kit.rules)
 * 1:26784 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nivdort variant outbound connection (malware-cnc.rules)
 * 1:25043 <-> ENABLED <-> EXPLOIT-KIT Blackholev2 exploit kit url structure detected (exploit-kit.rules)
 * 1:15941 <-> DISABLED <-> SERVER-OTHER Squid Proxy TRACE request remote DoS attempt (server-other.rules)

2021-01-28 14:22:56 UTC

Snort Subscriber Rules Update

Date: 2021-01-28

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091501.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:57048 <-> DISABLED <-> SERVER-WEBAPP SaltStack Salt API SSH Client command injection attempt (server-webapp.rules)
 * 1:57027 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Fugrafa-9826021-0 download attempt (malware-other.rules)
 * 1:57029 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Lockscreen-9826040-0 download attempt (malware-other.rules)
 * 1:57028 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Fugrafa-9826021-0 download attempt (malware-other.rules)
 * 1:57031 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zbot-9826061-0 download attempt (malware-other.rules)
 * 1:57033 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Urausy-9826539-0 download attempt (malware-other.rules)
 * 1:57032 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zbot-9826061-0 download attempt (malware-other.rules)
 * 1:57030 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Lockscreen-9826040-0 download attempt (malware-other.rules)
 * 1:57035 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Urausy-9826537-0 download attempt (malware-other.rules)
 * 1:57037 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Generickdz-9826546-0 download attempt (malware-other.rules)
 * 1:57036 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Urausy-9826537-0 download attempt (malware-other.rules)
 * 1:57039 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Karagany-9826730-0 download attempt (malware-other.rules)
 * 1:57034 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Urausy-9826539-0 download attempt (malware-other.rules)
 * 1:57041 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Nymaim-9826797-0 download attempt (malware-other.rules)
 * 1:57040 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Karagany-9826730-0 download attempt (malware-other.rules)
 * 1:57038 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Generickdz-9826546-0 download attempt (malware-other.rules)
 * 1:57021 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ceyc-9825747-0 download attempt (malware-other.rules)
 * 1:57023 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.RansomLock-9825921-0 download attempt (malware-other.rules)
 * 1:57024 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.RansomLock-9825921-0 download attempt (malware-other.rules)
 * 1:57025 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Urausy-9825941-0 download attempt (malware-other.rules)
 * 1:57019 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generickdz-9825913-0 download attempt (malware-other.rules)
 * 1:57020 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generickdz-9825913-0 download attempt (malware-other.rules)
 * 1:57026 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Urausy-9825941-0 download attempt (malware-other.rules)
 * 1:57042 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Nymaim-9826797-0 download attempt (malware-other.rules)
 * 1:57022 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ceyc-9825747-0 download attempt (malware-other.rules)
 * 1:57044 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Fugrafa-9826819-0 download attempt (malware-other.rules)
 * 1:57043 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Fugrafa-9826819-0 download attempt (malware-other.rules)
 * 1:57047 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Covicli variant download attempt (malware-cnc.rules)
 * 1:57049 <-> DISABLED <-> SERVER-WEBAPP SaltStack Salt API SSH Client command injection attempt (server-webapp.rules)
 * 3:57045 <-> ENABLED <-> BROWSER-WEBKIT TRUFFLEHUNTER TALOS-2021-1229 attack attempt (browser-webkit.rules)
 * 3:57046 <-> ENABLED <-> BROWSER-WEBKIT TRUFFLEHUNTER TALOS-2021-1229 attack attempt (browser-webkit.rules)

Modified Rules:


 * 1:40753 <-> ENABLED <-> EXPLOIT-KIT Rig exploit kit outbound communication (exploit-kit.rules)
 * 1:26784 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nivdort variant outbound connection (malware-cnc.rules)
 * 1:15941 <-> DISABLED <-> SERVER-OTHER Squid Proxy TRACE request remote DoS attempt (server-other.rules)
 * 1:25043 <-> ENABLED <-> EXPLOIT-KIT Blackholev2 exploit kit url structure detected (exploit-kit.rules)

2021-01-28 14:22:57 UTC

Snort Subscriber Rules Update

Date: 2021-01-28

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091500.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:57028 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Fugrafa-9826021-0 download attempt (malware-other.rules)
 * 1:57027 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Fugrafa-9826021-0 download attempt (malware-other.rules)
 * 1:57029 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Lockscreen-9826040-0 download attempt (malware-other.rules)
 * 1:57032 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zbot-9826061-0 download attempt (malware-other.rules)
 * 1:57031 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zbot-9826061-0 download attempt (malware-other.rules)
 * 1:57033 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Urausy-9826539-0 download attempt (malware-other.rules)
 * 1:57036 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Urausy-9826537-0 download attempt (malware-other.rules)
 * 1:57035 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Urausy-9826537-0 download attempt (malware-other.rules)
 * 1:57037 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Generickdz-9826546-0 download attempt (malware-other.rules)
 * 1:57039 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Karagany-9826730-0 download attempt (malware-other.rules)
 * 1:57030 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Lockscreen-9826040-0 download attempt (malware-other.rules)
 * 1:57041 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Nymaim-9826797-0 download attempt (malware-other.rules)
 * 1:57040 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Karagany-9826730-0 download attempt (malware-other.rules)
 * 1:57034 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Urausy-9826539-0 download attempt (malware-other.rules)
 * 1:57038 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Generickdz-9826546-0 download attempt (malware-other.rules)
 * 1:57021 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ceyc-9825747-0 download attempt (malware-other.rules)
 * 1:57023 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.RansomLock-9825921-0 download attempt (malware-other.rules)
 * 1:57024 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.RansomLock-9825921-0 download attempt (malware-other.rules)
 * 1:57025 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Urausy-9825941-0 download attempt (malware-other.rules)
 * 1:57042 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Nymaim-9826797-0 download attempt (malware-other.rules)
 * 1:57022 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ceyc-9825747-0 download attempt (malware-other.rules)
 * 1:57049 <-> DISABLED <-> SERVER-WEBAPP SaltStack Salt API SSH Client command injection attempt (server-webapp.rules)
 * 1:57047 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Covicli variant download attempt (malware-cnc.rules)
 * 1:57026 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Urausy-9825941-0 download attempt (malware-other.rules)
 * 1:57044 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Fugrafa-9826819-0 download attempt (malware-other.rules)
 * 1:57048 <-> DISABLED <-> SERVER-WEBAPP SaltStack Salt API SSH Client command injection attempt (server-webapp.rules)
 * 1:57020 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generickdz-9825913-0 download attempt (malware-other.rules)
 * 1:57019 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generickdz-9825913-0 download attempt (malware-other.rules)
 * 1:57043 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Fugrafa-9826819-0 download attempt (malware-other.rules)
 * 3:57046 <-> ENABLED <-> BROWSER-WEBKIT TRUFFLEHUNTER TALOS-2021-1229 attack attempt (browser-webkit.rules)
 * 3:57045 <-> ENABLED <-> BROWSER-WEBKIT TRUFFLEHUNTER TALOS-2021-1229 attack attempt (browser-webkit.rules)

Modified Rules:


 * 1:15941 <-> DISABLED <-> SERVER-OTHER Squid Proxy TRACE request remote DoS attempt (server-other.rules)
 * 1:25043 <-> ENABLED <-> EXPLOIT-KIT Blackholev2 exploit kit url structure detected (exploit-kit.rules)
 * 1:40753 <-> ENABLED <-> EXPLOIT-KIT Rig exploit kit outbound communication (exploit-kit.rules)
 * 1:26784 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nivdort variant outbound connection (malware-cnc.rules)

2021-01-28 14:22:57 UTC

Snort Subscriber Rules Update

Date: 2021-01-28

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091401.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:57030 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Lockscreen-9826040-0 download attempt (malware-other.rules)
 * 1:57034 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Urausy-9826539-0 download attempt (malware-other.rules)
 * 1:57022 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ceyc-9825747-0 download attempt (malware-other.rules)
 * 1:57039 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Karagany-9826730-0 download attempt (malware-other.rules)
 * 1:57027 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Fugrafa-9826021-0 download attempt (malware-other.rules)
 * 1:57047 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Covicli variant download attempt (malware-cnc.rules)
 * 1:57031 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zbot-9826061-0 download attempt (malware-other.rules)
 * 1:57049 <-> DISABLED <-> SERVER-WEBAPP SaltStack Salt API SSH Client command injection attempt (server-webapp.rules)
 * 1:57036 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Urausy-9826537-0 download attempt (malware-other.rules)
 * 1:57019 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generickdz-9825913-0 download attempt (malware-other.rules)
 * 1:57040 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Karagany-9826730-0 download attempt (malware-other.rules)
 * 1:57042 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Nymaim-9826797-0 download attempt (malware-other.rules)
 * 1:57033 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Urausy-9826539-0 download attempt (malware-other.rules)
 * 1:57037 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Generickdz-9826546-0 download attempt (malware-other.rules)
 * 1:57032 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zbot-9826061-0 download attempt (malware-other.rules)
 * 1:57035 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Urausy-9826537-0 download attempt (malware-other.rules)
 * 1:57025 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Urausy-9825941-0 download attempt (malware-other.rules)
 * 1:57020 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generickdz-9825913-0 download attempt (malware-other.rules)
 * 1:57026 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Urausy-9825941-0 download attempt (malware-other.rules)
 * 1:57038 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Generickdz-9826546-0 download attempt (malware-other.rules)
 * 1:57029 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Lockscreen-9826040-0 download attempt (malware-other.rules)
 * 1:57021 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ceyc-9825747-0 download attempt (malware-other.rules)
 * 1:57023 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.RansomLock-9825921-0 download attempt (malware-other.rules)
 * 1:57044 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Fugrafa-9826819-0 download attempt (malware-other.rules)
 * 1:57043 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Fugrafa-9826819-0 download attempt (malware-other.rules)
 * 1:57041 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Nymaim-9826797-0 download attempt (malware-other.rules)
 * 1:57048 <-> DISABLED <-> SERVER-WEBAPP SaltStack Salt API SSH Client command injection attempt (server-webapp.rules)
 * 1:57028 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Fugrafa-9826021-0 download attempt (malware-other.rules)
 * 1:57024 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.RansomLock-9825921-0 download attempt (malware-other.rules)
 * 3:57045 <-> ENABLED <-> BROWSER-WEBKIT TRUFFLEHUNTER TALOS-2021-1229 attack attempt (browser-webkit.rules)
 * 3:57046 <-> ENABLED <-> BROWSER-WEBKIT TRUFFLEHUNTER TALOS-2021-1229 attack attempt (browser-webkit.rules)

Modified Rules:


 * 1:15941 <-> DISABLED <-> SERVER-OTHER Squid Proxy TRACE request remote DoS attempt (server-other.rules)
 * 1:25043 <-> ENABLED <-> EXPLOIT-KIT Blackholev2 exploit kit url structure detected (exploit-kit.rules)
 * 1:40753 <-> ENABLED <-> EXPLOIT-KIT Rig exploit kit outbound communication (exploit-kit.rules)
 * 1:26784 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nivdort variant outbound connection (malware-cnc.rules)

2021-01-28 14:22:57 UTC

Snort Subscriber Rules Update

Date: 2021-01-28

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091300.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:57022 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ceyc-9825747-0 download attempt (malware-other.rules)
 * 1:57047 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Covicli variant download attempt (malware-cnc.rules)
 * 1:57023 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.RansomLock-9825921-0 download attempt (malware-other.rules)
 * 1:57019 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generickdz-9825913-0 download attempt (malware-other.rules)
 * 1:57048 <-> DISABLED <-> SERVER-WEBAPP SaltStack Salt API SSH Client command injection attempt (server-webapp.rules)
 * 1:57021 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ceyc-9825747-0 download attempt (malware-other.rules)
 * 1:57043 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Fugrafa-9826819-0 download attempt (malware-other.rules)
 * 1:57044 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Fugrafa-9826819-0 download attempt (malware-other.rules)
 * 1:57025 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Urausy-9825941-0 download attempt (malware-other.rules)
 * 1:57028 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Fugrafa-9826021-0 download attempt (malware-other.rules)
 * 1:57029 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Lockscreen-9826040-0 download attempt (malware-other.rules)
 * 1:57026 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Urausy-9825941-0 download attempt (malware-other.rules)
 * 1:57030 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Lockscreen-9826040-0 download attempt (malware-other.rules)
 * 1:57031 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zbot-9826061-0 download attempt (malware-other.rules)
 * 1:57032 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zbot-9826061-0 download attempt (malware-other.rules)
 * 1:57024 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.RansomLock-9825921-0 download attempt (malware-other.rules)
 * 1:57033 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Urausy-9826539-0 download attempt (malware-other.rules)
 * 1:57034 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Urausy-9826539-0 download attempt (malware-other.rules)
 * 1:57035 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Urausy-9826537-0 download attempt (malware-other.rules)
 * 1:57036 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Urausy-9826537-0 download attempt (malware-other.rules)
 * 1:57037 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Generickdz-9826546-0 download attempt (malware-other.rules)
 * 1:57038 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Generickdz-9826546-0 download attempt (malware-other.rules)
 * 1:57020 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generickdz-9825913-0 download attempt (malware-other.rules)
 * 1:57039 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Karagany-9826730-0 download attempt (malware-other.rules)
 * 1:57040 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Karagany-9826730-0 download attempt (malware-other.rules)
 * 1:57041 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Nymaim-9826797-0 download attempt (malware-other.rules)
 * 1:57042 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Nymaim-9826797-0 download attempt (malware-other.rules)
 * 1:57049 <-> DISABLED <-> SERVER-WEBAPP SaltStack Salt API SSH Client command injection attempt (server-webapp.rules)
 * 1:57027 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Fugrafa-9826021-0 download attempt (malware-other.rules)
 * 3:57045 <-> ENABLED <-> BROWSER-WEBKIT TRUFFLEHUNTER TALOS-2021-1229 attack attempt (browser-webkit.rules)
 * 3:57046 <-> ENABLED <-> BROWSER-WEBKIT TRUFFLEHUNTER TALOS-2021-1229 attack attempt (browser-webkit.rules)

Modified Rules:


 * 1:25043 <-> ENABLED <-> EXPLOIT-KIT Blackholev2 exploit kit url structure detected (exploit-kit.rules)
 * 1:40753 <-> ENABLED <-> EXPLOIT-KIT Rig exploit kit outbound communication (exploit-kit.rules)
 * 1:26784 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nivdort variant outbound connection (malware-cnc.rules)
 * 1:15941 <-> DISABLED <-> SERVER-OTHER Squid Proxy TRACE request remote DoS attempt (server-other.rules)

2021-01-28 14:22:57 UTC

Snort Subscriber Rules Update

Date: 2021-01-28

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091101.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:57048 <-> DISABLED <-> SERVER-WEBAPP SaltStack Salt API SSH Client command injection attempt (server-webapp.rules)
 * 1:57035 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Urausy-9826537-0 download attempt (malware-other.rules)
 * 1:57042 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Nymaim-9826797-0 download attempt (malware-other.rules)
 * 1:57019 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generickdz-9825913-0 download attempt (malware-other.rules)
 * 1:57027 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Fugrafa-9826021-0 download attempt (malware-other.rules)
 * 1:57030 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Lockscreen-9826040-0 download attempt (malware-other.rules)
 * 1:57029 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Lockscreen-9826040-0 download attempt (malware-other.rules)
 * 1:57032 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zbot-9826061-0 download attempt (malware-other.rules)
 * 1:57043 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Fugrafa-9826819-0 download attempt (malware-other.rules)
 * 1:57039 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Karagany-9826730-0 download attempt (malware-other.rules)
 * 1:57041 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Nymaim-9826797-0 download attempt (malware-other.rules)
 * 1:57028 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Fugrafa-9826021-0 download attempt (malware-other.rules)
 * 1:57044 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Fugrafa-9826819-0 download attempt (malware-other.rules)
 * 1:57025 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Urausy-9825941-0 download attempt (malware-other.rules)
 * 1:57022 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ceyc-9825747-0 download attempt (malware-other.rules)
 * 1:57040 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Karagany-9826730-0 download attempt (malware-other.rules)
 * 1:57020 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generickdz-9825913-0 download attempt (malware-other.rules)
 * 1:57038 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Generickdz-9826546-0 download attempt (malware-other.rules)
 * 1:57037 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Generickdz-9826546-0 download attempt (malware-other.rules)
 * 1:57033 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Urausy-9826539-0 download attempt (malware-other.rules)
 * 1:57021 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ceyc-9825747-0 download attempt (malware-other.rules)
 * 1:57026 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Urausy-9825941-0 download attempt (malware-other.rules)
 * 1:57031 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zbot-9826061-0 download attempt (malware-other.rules)
 * 1:57049 <-> DISABLED <-> SERVER-WEBAPP SaltStack Salt API SSH Client command injection attempt (server-webapp.rules)
 * 1:57036 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Urausy-9826537-0 download attempt (malware-other.rules)
 * 1:57024 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.RansomLock-9825921-0 download attempt (malware-other.rules)
 * 1:57023 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.RansomLock-9825921-0 download attempt (malware-other.rules)
 * 1:57034 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Urausy-9826539-0 download attempt (malware-other.rules)
 * 1:57047 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Covicli variant download attempt (malware-cnc.rules)
 * 3:57046 <-> ENABLED <-> BROWSER-WEBKIT TRUFFLEHUNTER TALOS-2021-1229 attack attempt (browser-webkit.rules)
 * 3:57045 <-> ENABLED <-> BROWSER-WEBKIT TRUFFLEHUNTER TALOS-2021-1229 attack attempt (browser-webkit.rules)

Modified Rules:


 * 1:26784 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nivdort variant outbound connection (malware-cnc.rules)
 * 1:40753 <-> ENABLED <-> EXPLOIT-KIT Rig exploit kit outbound communication (exploit-kit.rules)
 * 1:25043 <-> ENABLED <-> EXPLOIT-KIT Blackholev2 exploit kit url structure detected (exploit-kit.rules)
 * 1:15941 <-> DISABLED <-> SERVER-OTHER Squid Proxy TRACE request remote DoS attempt (server-other.rules)

2021-01-28 14:22:57 UTC

Snort Subscriber Rules Update

Date: 2021-01-28

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3000.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:57044 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Fugrafa-9826819-0 download attempt (snort3-malware-other.rules)
 * 1:57025 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Urausy-9825941-0 download attempt (snort3-malware-other.rules)
 * 1:57021 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ceyc-9825747-0 download attempt (snort3-malware-other.rules)
 * 1:57022 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ceyc-9825747-0 download attempt (snort3-malware-other.rules)
 * 1:57024 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.RansomLock-9825921-0 download attempt (snort3-malware-other.rules)
 * 1:57026 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Urausy-9825941-0 download attempt (snort3-malware-other.rules)
 * 1:57040 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Karagany-9826730-0 download attempt (snort3-malware-other.rules)
 * 1:57027 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Fugrafa-9826021-0 download attempt (snort3-malware-other.rules)
 * 1:57028 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Fugrafa-9826021-0 download attempt (snort3-malware-other.rules)
 * 1:57048 <-> DISABLED <-> SERVER-WEBAPP SaltStack Salt API SSH Client command injection attempt (snort3-server-webapp.rules)
 * 1:57038 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Generickdz-9826546-0 download attempt (snort3-malware-other.rules)
 * 1:57034 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Urausy-9826539-0 download attempt (snort3-malware-other.rules)
 * 1:57019 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generickdz-9825913-0 download attempt (snort3-malware-other.rules)
 * 1:57023 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.RansomLock-9825921-0 download attempt (snort3-malware-other.rules)
 * 1:57041 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Nymaim-9826797-0 download attempt (snort3-malware-other.rules)
 * 1:57031 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zbot-9826061-0 download attempt (snort3-malware-other.rules)
 * 1:57032 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zbot-9826061-0 download attempt (snort3-malware-other.rules)
 * 1:57042 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Nymaim-9826797-0 download attempt (snort3-malware-other.rules)
 * 1:57035 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Urausy-9826537-0 download attempt (snort3-malware-other.rules)
 * 1:57043 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Fugrafa-9826819-0 download attempt (snort3-malware-other.rules)
 * 1:57036 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Urausy-9826537-0 download attempt (snort3-malware-other.rules)
 * 1:57033 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Urausy-9826539-0 download attempt (snort3-malware-other.rules)
 * 1:57039 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Karagany-9826730-0 download attempt (snort3-malware-other.rules)
 * 1:57049 <-> DISABLED <-> SERVER-WEBAPP SaltStack Salt API SSH Client command injection attempt (snort3-server-webapp.rules)
 * 1:57020 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generickdz-9825913-0 download attempt (snort3-malware-other.rules)
 * 1:57037 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Generickdz-9826546-0 download attempt (snort3-malware-other.rules)
 * 1:57047 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Covicli variant download attempt (snort3-malware-cnc.rules)
 * 1:57030 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Lockscreen-9826040-0 download attempt (snort3-malware-other.rules)
 * 1:57029 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Lockscreen-9826040-0 download attempt (snort3-malware-other.rules)

Modified Rules:


 * 1:15941 <-> DISABLED <-> SERVER-OTHER Squid Proxy TRACE request remote DoS attempt (snort3-server-other.rules)
 * 1:40753 <-> ENABLED <-> EXPLOIT-KIT Rig exploit kit outbound communication (snort3-exploit-kit.rules)
 * 1:26784 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nivdort variant outbound connection (snort3-malware-cnc.rules)
 * 1:25043 <-> ENABLED <-> EXPLOIT-KIT Blackholev2 exploit kit url structure detected (snort3-exploit-kit.rules)

2021-01-28 14:22:57 UTC

Snort Subscriber Rules Update

Date: 2021-01-28

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:57035 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Urausy-9826537-0 download attempt (malware-other.rules)
 * 1:57044 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Fugrafa-9826819-0 download attempt (malware-other.rules)
 * 1:57019 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generickdz-9825913-0 download attempt (malware-other.rules)
 * 1:57049 <-> DISABLED <-> SERVER-WEBAPP SaltStack Salt API SSH Client command injection attempt (server-webapp.rules)
 * 1:57036 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Urausy-9826537-0 download attempt (malware-other.rules)
 * 1:57037 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Generickdz-9826546-0 download attempt (malware-other.rules)
 * 1:57022 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ceyc-9825747-0 download attempt (malware-other.rules)
 * 1:57023 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.RansomLock-9825921-0 download attempt (malware-other.rules)
 * 1:57028 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Fugrafa-9826021-0 download attempt (malware-other.rules)
 * 1:57025 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Urausy-9825941-0 download attempt (malware-other.rules)
 * 1:57020 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generickdz-9825913-0 download attempt (malware-other.rules)
 * 1:57043 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Fugrafa-9826819-0 download attempt (malware-other.rules)
 * 1:57038 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Generickdz-9826546-0 download attempt (malware-other.rules)
 * 1:57041 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Nymaim-9826797-0 download attempt (malware-other.rules)
 * 1:57042 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Nymaim-9826797-0 download attempt (malware-other.rules)
 * 1:57047 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Covicli variant download attempt (malware-cnc.rules)
 * 1:57029 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Lockscreen-9826040-0 download attempt (malware-other.rules)
 * 1:57048 <-> DISABLED <-> SERVER-WEBAPP SaltStack Salt API SSH Client command injection attempt (server-webapp.rules)
 * 1:57039 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Karagany-9826730-0 download attempt (malware-other.rules)
 * 1:57040 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Karagany-9826730-0 download attempt (malware-other.rules)
 * 1:57033 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Urausy-9826539-0 download attempt (malware-other.rules)
 * 1:57031 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zbot-9826061-0 download attempt (malware-other.rules)
 * 1:57034 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Urausy-9826539-0 download attempt (malware-other.rules)
 * 1:57027 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Fugrafa-9826021-0 download attempt (malware-other.rules)
 * 1:57032 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zbot-9826061-0 download attempt (malware-other.rules)
 * 1:57026 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Urausy-9825941-0 download attempt (malware-other.rules)
 * 1:57030 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Lockscreen-9826040-0 download attempt (malware-other.rules)
 * 1:57024 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.RansomLock-9825921-0 download attempt (malware-other.rules)
 * 1:57021 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ceyc-9825747-0 download attempt (malware-other.rules)
 * 3:57046 <-> ENABLED <-> BROWSER-WEBKIT TRUFFLEHUNTER TALOS-2021-1229 attack attempt (browser-webkit.rules)
 * 3:57045 <-> ENABLED <-> BROWSER-WEBKIT TRUFFLEHUNTER TALOS-2021-1229 attack attempt (browser-webkit.rules)

Modified Rules:


 * 1:40753 <-> ENABLED <-> EXPLOIT-KIT Rig exploit kit outbound communication (exploit-kit.rules)
 * 1:15941 <-> DISABLED <-> SERVER-OTHER Squid Proxy TRACE request remote DoS attempt (server-other.rules)
 * 1:26784 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nivdort variant outbound connection (malware-cnc.rules)
 * 1:25043 <-> ENABLED <-> EXPLOIT-KIT Blackholev2 exploit kit url structure detected (exploit-kit.rules)