Talos has added and modified multiple rules in the malware-cnc, malware-other, malware-tools and server-webapp rule sets to provide coverage for emerging threats from these technologies.
For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2092000.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:61202 <-> DISABLED <-> MALWARE-OTHER PowerSploit toolkit download attempt (malware-other.rules) * 1:61203 <-> DISABLED <-> MALWARE-OTHER PowerSCCM toolkit download attempt (malware-other.rules) * 1:61204 <-> DISABLED <-> MALWARE-TOOLS PowerSploit script download attempt (malware-tools.rules) * 1:61205 <-> DISABLED <-> MALWARE-TOOLS PowerSploit script download attempt (malware-tools.rules) * 1:61213 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt (malware-other.rules) * 1:61214 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt (malware-other.rules) * 1:61215 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt (malware-other.rules) * 1:61216 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt (malware-other.rules) * 1:61217 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt (malware-other.rules) * 1:61218 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt (malware-other.rules) * 1:61219 <-> ENABLED <-> MALWARE-OTHER WinPWN Powershell toolkit outbound connection attempt (malware-other.rules) * 1:61220 <-> ENABLED <-> MALWARE-OTHER WinPWN Powershell toolkit outbound connection attempt (malware-other.rules) * 1:61221 <-> ENABLED <-> MALWARE-OTHER WinPWN Powershell toolkit outbound connection attempt (malware-other.rules) * 1:61222 <-> ENABLED <-> MALWARE-OTHER WinPWN Powershell toolkit outbound connection attempt (malware-other.rules) * 1:61223 <-> DISABLED <-> MALWARE-CNC User-Agent Sality malicious user agent (malware-cnc.rules) * 1:61224 <-> DISABLED <-> MALWARE-CNC User-Agent Houdini malicious user agent (malware-cnc.rules) * 3:61206 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2023-1701 attack attempt (server-webapp.rules) * 3:61208 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2023-1701 attack attempt (server-webapp.rules) * 3:61207 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2023-1701 attack attempt (server-webapp.rules) * 3:61210 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2023-1695 attack attempt (server-webapp.rules) * 3:61209 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2023-1695 attack attempt (server-webapp.rules) * 3:61212 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2023-1698 attack attempt (policy-other.rules) * 3:61211 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2023-1695 attack attempt (server-webapp.rules)
* 1:42886 <-> DISABLED <-> MALWARE-CNC HttpBrowser User-Agent outbound communication attmept (malware-cnc.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091900.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:61202 <-> DISABLED <-> MALWARE-OTHER PowerSploit toolkit download attempt (malware-other.rules) * 1:61203 <-> DISABLED <-> MALWARE-OTHER PowerSCCM toolkit download attempt (malware-other.rules) * 1:61222 <-> ENABLED <-> MALWARE-OTHER WinPWN Powershell toolkit outbound connection attempt (malware-other.rules) * 1:61220 <-> ENABLED <-> MALWARE-OTHER WinPWN Powershell toolkit outbound connection attempt (malware-other.rules) * 1:61221 <-> ENABLED <-> MALWARE-OTHER WinPWN Powershell toolkit outbound connection attempt (malware-other.rules) * 1:61204 <-> DISABLED <-> MALWARE-TOOLS PowerSploit script download attempt (malware-tools.rules) * 1:61216 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt (malware-other.rules) * 1:61217 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt (malware-other.rules) * 1:61214 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt (malware-other.rules) * 1:61218 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt (malware-other.rules) * 1:61219 <-> ENABLED <-> MALWARE-OTHER WinPWN Powershell toolkit outbound connection attempt (malware-other.rules) * 1:61213 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt (malware-other.rules) * 1:61223 <-> DISABLED <-> MALWARE-CNC User-Agent Sality malicious user agent (malware-cnc.rules) * 1:61224 <-> DISABLED <-> MALWARE-CNC User-Agent Houdini malicious user agent (malware-cnc.rules) * 1:61215 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt (malware-other.rules) * 1:61205 <-> DISABLED <-> MALWARE-TOOLS PowerSploit script download attempt (malware-tools.rules) * 3:61207 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2023-1701 attack attempt (server-webapp.rules) * 3:61212 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2023-1698 attack attempt (policy-other.rules) * 3:61209 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2023-1695 attack attempt (server-webapp.rules) * 3:61210 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2023-1695 attack attempt (server-webapp.rules) * 3:61211 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2023-1695 attack attempt (server-webapp.rules) * 3:61208 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2023-1701 attack attempt (server-webapp.rules) * 3:61206 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2023-1701 attack attempt (server-webapp.rules)
* 1:42886 <-> DISABLED <-> MALWARE-CNC HttpBrowser User-Agent outbound communication attmept (malware-cnc.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091801.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:61202 <-> DISABLED <-> MALWARE-OTHER PowerSploit toolkit download attempt (malware-other.rules) * 1:61214 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt (malware-other.rules) * 1:61220 <-> ENABLED <-> MALWARE-OTHER WinPWN Powershell toolkit outbound connection attempt (malware-other.rules) * 1:61204 <-> DISABLED <-> MALWARE-TOOLS PowerSploit script download attempt (malware-tools.rules) * 1:61203 <-> DISABLED <-> MALWARE-OTHER PowerSCCM toolkit download attempt (malware-other.rules) * 1:61213 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt (malware-other.rules) * 1:61222 <-> ENABLED <-> MALWARE-OTHER WinPWN Powershell toolkit outbound connection attempt (malware-other.rules) * 1:61216 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt (malware-other.rules) * 1:61215 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt (malware-other.rules) * 1:61217 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt (malware-other.rules) * 1:61223 <-> DISABLED <-> MALWARE-CNC User-Agent Sality malicious user agent (malware-cnc.rules) * 1:61219 <-> ENABLED <-> MALWARE-OTHER WinPWN Powershell toolkit outbound connection attempt (malware-other.rules) * 1:61221 <-> ENABLED <-> MALWARE-OTHER WinPWN Powershell toolkit outbound connection attempt (malware-other.rules) * 1:61224 <-> DISABLED <-> MALWARE-CNC User-Agent Houdini malicious user agent (malware-cnc.rules) * 1:61205 <-> DISABLED <-> MALWARE-TOOLS PowerSploit script download attempt (malware-tools.rules) * 1:61218 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt (malware-other.rules) * 3:61206 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2023-1701 attack attempt (server-webapp.rules) * 3:61207 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2023-1701 attack attempt (server-webapp.rules) * 3:61208 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2023-1701 attack attempt (server-webapp.rules) * 3:61209 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2023-1695 attack attempt (server-webapp.rules) * 3:61210 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2023-1695 attack attempt (server-webapp.rules) * 3:61211 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2023-1695 attack attempt (server-webapp.rules) * 3:61212 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2023-1698 attack attempt (policy-other.rules)
* 1:42886 <-> DISABLED <-> MALWARE-CNC HttpBrowser User-Agent outbound communication attmept (malware-cnc.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091701.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:61205 <-> DISABLED <-> MALWARE-TOOLS PowerSploit script download attempt (malware-tools.rules) * 1:61204 <-> DISABLED <-> MALWARE-TOOLS PowerSploit script download attempt (malware-tools.rules) * 1:61213 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt (malware-other.rules) * 1:61202 <-> DISABLED <-> MALWARE-OTHER PowerSploit toolkit download attempt (malware-other.rules) * 1:61224 <-> DISABLED <-> MALWARE-CNC User-Agent Houdini malicious user agent (malware-cnc.rules) * 1:61220 <-> ENABLED <-> MALWARE-OTHER WinPWN Powershell toolkit outbound connection attempt (malware-other.rules) * 1:61217 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt (malware-other.rules) * 1:61215 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt (malware-other.rules) * 1:61222 <-> ENABLED <-> MALWARE-OTHER WinPWN Powershell toolkit outbound connection attempt (malware-other.rules) * 1:61223 <-> DISABLED <-> MALWARE-CNC User-Agent Sality malicious user agent (malware-cnc.rules) * 1:61221 <-> ENABLED <-> MALWARE-OTHER WinPWN Powershell toolkit outbound connection attempt (malware-other.rules) * 1:61219 <-> ENABLED <-> MALWARE-OTHER WinPWN Powershell toolkit outbound connection attempt (malware-other.rules) * 1:61203 <-> DISABLED <-> MALWARE-OTHER PowerSCCM toolkit download attempt (malware-other.rules) * 1:61218 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt (malware-other.rules) * 1:61214 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt (malware-other.rules) * 1:61216 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt (malware-other.rules) * 3:61206 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2023-1701 attack attempt (server-webapp.rules) * 3:61207 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2023-1701 attack attempt (server-webapp.rules) * 3:61208 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2023-1701 attack attempt (server-webapp.rules) * 3:61209 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2023-1695 attack attempt (server-webapp.rules) * 3:61210 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2023-1695 attack attempt (server-webapp.rules) * 3:61211 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2023-1695 attack attempt (server-webapp.rules) * 3:61212 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2023-1698 attack attempt (policy-other.rules)
* 1:42886 <-> DISABLED <-> MALWARE-CNC HttpBrowser User-Agent outbound communication attmept (malware-cnc.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091700.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:61219 <-> ENABLED <-> MALWARE-OTHER WinPWN Powershell toolkit outbound connection attempt (malware-other.rules) * 1:61203 <-> DISABLED <-> MALWARE-OTHER PowerSCCM toolkit download attempt (malware-other.rules) * 1:61217 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt (malware-other.rules) * 1:61205 <-> DISABLED <-> MALWARE-TOOLS PowerSploit script download attempt (malware-tools.rules) * 1:61214 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt (malware-other.rules) * 1:61213 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt (malware-other.rules) * 1:61204 <-> DISABLED <-> MALWARE-TOOLS PowerSploit script download attempt (malware-tools.rules) * 1:61220 <-> ENABLED <-> MALWARE-OTHER WinPWN Powershell toolkit outbound connection attempt (malware-other.rules) * 1:61224 <-> DISABLED <-> MALWARE-CNC User-Agent Houdini malicious user agent (malware-cnc.rules) * 1:61218 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt (malware-other.rules) * 1:61215 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt (malware-other.rules) * 1:61222 <-> ENABLED <-> MALWARE-OTHER WinPWN Powershell toolkit outbound connection attempt (malware-other.rules) * 1:61216 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt (malware-other.rules) * 1:61221 <-> ENABLED <-> MALWARE-OTHER WinPWN Powershell toolkit outbound connection attempt (malware-other.rules) * 1:61223 <-> DISABLED <-> MALWARE-CNC User-Agent Sality malicious user agent (malware-cnc.rules) * 1:61202 <-> DISABLED <-> MALWARE-OTHER PowerSploit toolkit download attempt (malware-other.rules) * 3:61208 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2023-1701 attack attempt (server-webapp.rules) * 3:61210 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2023-1695 attack attempt (server-webapp.rules) * 3:61212 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2023-1698 attack attempt (policy-other.rules) * 3:61207 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2023-1701 attack attempt (server-webapp.rules) * 3:61211 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2023-1695 attack attempt (server-webapp.rules) * 3:61206 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2023-1701 attack attempt (server-webapp.rules) * 3:61209 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2023-1695 attack attempt (server-webapp.rules)
* 1:42886 <-> DISABLED <-> MALWARE-CNC HttpBrowser User-Agent outbound communication attmept (malware-cnc.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091601.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:61223 <-> DISABLED <-> MALWARE-CNC User-Agent Sality malicious user agent (malware-cnc.rules) * 1:61218 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt (malware-other.rules) * 1:61224 <-> DISABLED <-> MALWARE-CNC User-Agent Houdini malicious user agent (malware-cnc.rules) * 1:61204 <-> DISABLED <-> MALWARE-TOOLS PowerSploit script download attempt (malware-tools.rules) * 1:61217 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt (malware-other.rules) * 1:61214 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt (malware-other.rules) * 1:61213 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt (malware-other.rules) * 1:61202 <-> DISABLED <-> MALWARE-OTHER PowerSploit toolkit download attempt (malware-other.rules) * 1:61215 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt (malware-other.rules) * 1:61203 <-> DISABLED <-> MALWARE-OTHER PowerSCCM toolkit download attempt (malware-other.rules) * 1:61222 <-> ENABLED <-> MALWARE-OTHER WinPWN Powershell toolkit outbound connection attempt (malware-other.rules) * 1:61219 <-> ENABLED <-> MALWARE-OTHER WinPWN Powershell toolkit outbound connection attempt (malware-other.rules) * 1:61216 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt (malware-other.rules) * 1:61205 <-> DISABLED <-> MALWARE-TOOLS PowerSploit script download attempt (malware-tools.rules) * 1:61220 <-> ENABLED <-> MALWARE-OTHER WinPWN Powershell toolkit outbound connection attempt (malware-other.rules) * 1:61221 <-> ENABLED <-> MALWARE-OTHER WinPWN Powershell toolkit outbound connection attempt (malware-other.rules) * 3:61208 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2023-1701 attack attempt (server-webapp.rules) * 3:61210 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2023-1695 attack attempt (server-webapp.rules) * 3:61207 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2023-1701 attack attempt (server-webapp.rules) * 3:61206 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2023-1701 attack attempt (server-webapp.rules) * 3:61212 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2023-1698 attack attempt (policy-other.rules) * 3:61209 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2023-1695 attack attempt (server-webapp.rules) * 3:61211 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2023-1695 attack attempt (server-webapp.rules)
* 1:42886 <-> DISABLED <-> MALWARE-CNC HttpBrowser User-Agent outbound communication attmept (malware-cnc.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091600.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:61219 <-> ENABLED <-> MALWARE-OTHER WinPWN Powershell toolkit outbound connection attempt (malware-other.rules) * 1:61217 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt (malware-other.rules) * 1:61215 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt (malware-other.rules) * 1:61202 <-> DISABLED <-> MALWARE-OTHER PowerSploit toolkit download attempt (malware-other.rules) * 1:61216 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt (malware-other.rules) * 1:61213 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt (malware-other.rules) * 1:61214 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt (malware-other.rules) * 1:61224 <-> DISABLED <-> MALWARE-CNC User-Agent Houdini malicious user agent (malware-cnc.rules) * 1:61205 <-> DISABLED <-> MALWARE-TOOLS PowerSploit script download attempt (malware-tools.rules) * 1:61221 <-> ENABLED <-> MALWARE-OTHER WinPWN Powershell toolkit outbound connection attempt (malware-other.rules) * 1:61222 <-> ENABLED <-> MALWARE-OTHER WinPWN Powershell toolkit outbound connection attempt (malware-other.rules) * 1:61204 <-> DISABLED <-> MALWARE-TOOLS PowerSploit script download attempt (malware-tools.rules) * 1:61220 <-> ENABLED <-> MALWARE-OTHER WinPWN Powershell toolkit outbound connection attempt (malware-other.rules) * 1:61218 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt (malware-other.rules) * 1:61203 <-> DISABLED <-> MALWARE-OTHER PowerSCCM toolkit download attempt (malware-other.rules) * 1:61223 <-> DISABLED <-> MALWARE-CNC User-Agent Sality malicious user agent (malware-cnc.rules) * 3:61206 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2023-1701 attack attempt (server-webapp.rules) * 3:61207 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2023-1701 attack attempt (server-webapp.rules) * 3:61208 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2023-1701 attack attempt (server-webapp.rules) * 3:61209 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2023-1695 attack attempt (server-webapp.rules) * 3:61210 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2023-1695 attack attempt (server-webapp.rules) * 3:61211 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2023-1695 attack attempt (server-webapp.rules) * 3:61212 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2023-1698 attack attempt (policy-other.rules)
* 1:42886 <-> DISABLED <-> MALWARE-CNC HttpBrowser User-Agent outbound communication attmept (malware-cnc.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091501.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:61216 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt (malware-other.rules) * 1:61215 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt (malware-other.rules) * 1:61214 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt (malware-other.rules) * 1:61224 <-> DISABLED <-> MALWARE-CNC User-Agent Houdini malicious user agent (malware-cnc.rules) * 1:61202 <-> DISABLED <-> MALWARE-OTHER PowerSploit toolkit download attempt (malware-other.rules) * 1:61213 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt (malware-other.rules) * 1:61220 <-> ENABLED <-> MALWARE-OTHER WinPWN Powershell toolkit outbound connection attempt (malware-other.rules) * 1:61223 <-> DISABLED <-> MALWARE-CNC User-Agent Sality malicious user agent (malware-cnc.rules) * 1:61205 <-> DISABLED <-> MALWARE-TOOLS PowerSploit script download attempt (malware-tools.rules) * 1:61222 <-> ENABLED <-> MALWARE-OTHER WinPWN Powershell toolkit outbound connection attempt (malware-other.rules) * 1:61217 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt (malware-other.rules) * 1:61218 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt (malware-other.rules) * 1:61203 <-> DISABLED <-> MALWARE-OTHER PowerSCCM toolkit download attempt (malware-other.rules) * 1:61204 <-> DISABLED <-> MALWARE-TOOLS PowerSploit script download attempt (malware-tools.rules) * 1:61219 <-> ENABLED <-> MALWARE-OTHER WinPWN Powershell toolkit outbound connection attempt (malware-other.rules) * 1:61221 <-> ENABLED <-> MALWARE-OTHER WinPWN Powershell toolkit outbound connection attempt (malware-other.rules) * 3:61206 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2023-1701 attack attempt (server-webapp.rules) * 3:61207 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2023-1701 attack attempt (server-webapp.rules) * 3:61208 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2023-1701 attack attempt (server-webapp.rules) * 3:61209 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2023-1695 attack attempt (server-webapp.rules) * 3:61210 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2023-1695 attack attempt (server-webapp.rules) * 3:61211 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2023-1695 attack attempt (server-webapp.rules) * 3:61212 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2023-1698 attack attempt (policy-other.rules)
* 1:42886 <-> DISABLED <-> MALWARE-CNC HttpBrowser User-Agent outbound communication attmept (malware-cnc.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091401.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:61218 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt (malware-other.rules) * 1:61204 <-> DISABLED <-> MALWARE-TOOLS PowerSploit script download attempt (malware-tools.rules) * 1:61217 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt (malware-other.rules) * 1:61215 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt (malware-other.rules) * 1:61224 <-> DISABLED <-> MALWARE-CNC User-Agent Houdini malicious user agent (malware-cnc.rules) * 1:61214 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt (malware-other.rules) * 1:61213 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt (malware-other.rules) * 1:61220 <-> ENABLED <-> MALWARE-OTHER WinPWN Powershell toolkit outbound connection attempt (malware-other.rules) * 1:61223 <-> DISABLED <-> MALWARE-CNC User-Agent Sality malicious user agent (malware-cnc.rules) * 1:61221 <-> ENABLED <-> MALWARE-OTHER WinPWN Powershell toolkit outbound connection attempt (malware-other.rules) * 1:61202 <-> DISABLED <-> MALWARE-OTHER PowerSploit toolkit download attempt (malware-other.rules) * 1:61222 <-> ENABLED <-> MALWARE-OTHER WinPWN Powershell toolkit outbound connection attempt (malware-other.rules) * 1:61219 <-> ENABLED <-> MALWARE-OTHER WinPWN Powershell toolkit outbound connection attempt (malware-other.rules) * 1:61203 <-> DISABLED <-> MALWARE-OTHER PowerSCCM toolkit download attempt (malware-other.rules) * 1:61216 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt (malware-other.rules) * 1:61205 <-> DISABLED <-> MALWARE-TOOLS PowerSploit script download attempt (malware-tools.rules) * 3:61211 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2023-1695 attack attempt (server-webapp.rules) * 3:61212 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2023-1698 attack attempt (policy-other.rules) * 3:61210 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2023-1695 attack attempt (server-webapp.rules) * 3:61209 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2023-1695 attack attempt (server-webapp.rules) * 3:61207 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2023-1701 attack attempt (server-webapp.rules) * 3:61208 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2023-1701 attack attempt (server-webapp.rules) * 3:61206 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2023-1701 attack attempt (server-webapp.rules)
* 1:42886 <-> DISABLED <-> MALWARE-CNC HttpBrowser User-Agent outbound communication attmept (malware-cnc.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091300.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:61215 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt (malware-other.rules) * 1:61218 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt (malware-other.rules) * 1:61224 <-> DISABLED <-> MALWARE-CNC User-Agent Houdini malicious user agent (malware-cnc.rules) * 1:61223 <-> DISABLED <-> MALWARE-CNC User-Agent Sality malicious user agent (malware-cnc.rules) * 1:61217 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt (malware-other.rules) * 1:61203 <-> DISABLED <-> MALWARE-OTHER PowerSCCM toolkit download attempt (malware-other.rules) * 1:61221 <-> ENABLED <-> MALWARE-OTHER WinPWN Powershell toolkit outbound connection attempt (malware-other.rules) * 1:61219 <-> ENABLED <-> MALWARE-OTHER WinPWN Powershell toolkit outbound connection attempt (malware-other.rules) * 1:61222 <-> ENABLED <-> MALWARE-OTHER WinPWN Powershell toolkit outbound connection attempt (malware-other.rules) * 1:61216 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt (malware-other.rules) * 1:61213 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt (malware-other.rules) * 1:61214 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt (malware-other.rules) * 1:61202 <-> DISABLED <-> MALWARE-OTHER PowerSploit toolkit download attempt (malware-other.rules) * 1:61204 <-> DISABLED <-> MALWARE-TOOLS PowerSploit script download attempt (malware-tools.rules) * 1:61220 <-> ENABLED <-> MALWARE-OTHER WinPWN Powershell toolkit outbound connection attempt (malware-other.rules) * 1:61205 <-> DISABLED <-> MALWARE-TOOLS PowerSploit script download attempt (malware-tools.rules) * 3:61206 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2023-1701 attack attempt (server-webapp.rules) * 3:61207 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2023-1701 attack attempt (server-webapp.rules) * 3:61208 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2023-1701 attack attempt (server-webapp.rules) * 3:61209 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2023-1695 attack attempt (server-webapp.rules) * 3:61210 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2023-1695 attack attempt (server-webapp.rules) * 3:61211 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2023-1695 attack attempt (server-webapp.rules) * 3:61212 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2023-1698 attack attempt (policy-other.rules)
* 1:42886 <-> DISABLED <-> MALWARE-CNC HttpBrowser User-Agent outbound communication attmept (malware-cnc.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091101.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:61224 <-> DISABLED <-> MALWARE-CNC User-Agent Houdini malicious user agent (malware-cnc.rules) * 1:61213 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt (malware-other.rules) * 1:61221 <-> ENABLED <-> MALWARE-OTHER WinPWN Powershell toolkit outbound connection attempt (malware-other.rules) * 1:61217 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt (malware-other.rules) * 1:61202 <-> DISABLED <-> MALWARE-OTHER PowerSploit toolkit download attempt (malware-other.rules) * 1:61216 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt (malware-other.rules) * 1:61203 <-> DISABLED <-> MALWARE-OTHER PowerSCCM toolkit download attempt (malware-other.rules) * 1:61220 <-> ENABLED <-> MALWARE-OTHER WinPWN Powershell toolkit outbound connection attempt (malware-other.rules) * 1:61204 <-> DISABLED <-> MALWARE-TOOLS PowerSploit script download attempt (malware-tools.rules) * 1:61205 <-> DISABLED <-> MALWARE-TOOLS PowerSploit script download attempt (malware-tools.rules) * 1:61223 <-> DISABLED <-> MALWARE-CNC User-Agent Sality malicious user agent (malware-cnc.rules) * 1:61215 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt (malware-other.rules) * 1:61218 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt (malware-other.rules) * 1:61214 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt (malware-other.rules) * 1:61219 <-> ENABLED <-> MALWARE-OTHER WinPWN Powershell toolkit outbound connection attempt (malware-other.rules) * 1:61222 <-> ENABLED <-> MALWARE-OTHER WinPWN Powershell toolkit outbound connection attempt (malware-other.rules) * 3:61206 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2023-1701 attack attempt (server-webapp.rules) * 3:61207 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2023-1701 attack attempt (server-webapp.rules) * 3:61208 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2023-1701 attack attempt (server-webapp.rules) * 3:61209 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2023-1695 attack attempt (server-webapp.rules) * 3:61210 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2023-1695 attack attempt (server-webapp.rules) * 3:61211 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2023-1695 attack attempt (server-webapp.rules) * 3:61212 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2023-1698 attack attempt (policy-other.rules)
* 1:42886 <-> DISABLED <-> MALWARE-CNC HttpBrowser User-Agent outbound communication attmept (malware-cnc.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3000.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:61222 <-> ENABLED <-> MALWARE-OTHER WinPWN Powershell toolkit outbound connection attempt (malware-other.rules) * 1:61214 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt (malware-other.rules) * 1:61202 <-> DISABLED <-> MALWARE-OTHER PowerSploit toolkit download attempt (malware-other.rules) * 1:61217 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt (malware-other.rules) * 1:61223 <-> DISABLED <-> MALWARE-CNC User-Agent Sality malicious user agent (malware-cnc.rules) * 1:61203 <-> DISABLED <-> MALWARE-OTHER PowerSCCM toolkit download attempt (malware-other.rules) * 1:61219 <-> ENABLED <-> MALWARE-OTHER WinPWN Powershell toolkit outbound connection attempt (malware-other.rules) * 1:61213 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt (malware-other.rules) * 1:61205 <-> DISABLED <-> MALWARE-TOOLS PowerSploit script download attempt (malware-tools.rules) * 1:61218 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt (malware-other.rules) * 1:61224 <-> DISABLED <-> MALWARE-CNC User-Agent Houdini malicious user agent (malware-cnc.rules) * 1:61216 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt (malware-other.rules) * 1:61204 <-> DISABLED <-> MALWARE-TOOLS PowerSploit script download attempt (malware-tools.rules) * 1:61221 <-> ENABLED <-> MALWARE-OTHER WinPWN Powershell toolkit outbound connection attempt (malware-other.rules) * 1:61215 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt (malware-other.rules) * 1:61220 <-> ENABLED <-> MALWARE-OTHER WinPWN Powershell toolkit outbound connection attempt (malware-other.rules)
* 1:42886 <-> DISABLED <-> MALWARE-CNC HttpBrowser User-Agent outbound communication attmept (malware-cnc.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.0.3.1.
The format of the file is:
gid:sid <-> Message
* 1:300380 <-> MALWARE-TOOLS PowerSploit script download attempt * 1:300381 <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt * 1:300382 <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt * 1:300383 <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt * 1:300384 <-> MALWARE-OTHER WinPWN Powershell toolkit outbound connection attempt * 1:300385 <-> MALWARE-OTHER WinPWN Powershell toolkit outbound connection attempt * 1:61202 <-> MALWARE-TOOLS PowerSploit toolkit download attempt * 1:61203 <-> MALWARE-TOOLS PowerSCCM toolkit download attempt * 3:61206 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2023-1701 attack attempt * 3:61207 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2023-1701 attack attempt * 3:61208 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2023-1701 attack attempt * 3:61209 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2023-1695 attack attempt * 3:61210 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2023-1695 attack attempt * 3:61211 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2023-1695 attack attempt * 3:61212 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2023-1698 attack attempt * 1:61223 <-> MALWARE-CNC Sality User-Agent outbound communication attmept * 1:61224 <-> MALWARE-CNC Houdini User-Agent outbound communication attmept
* 1:42886 <-> MALWARE-CNC HttpBrowser User-Agent outbound communication attmept
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.0.3.4.
The format of the file is:
gid:sid <-> Message
* 1:300380 <-> MALWARE-TOOLS PowerSploit script download attempt * 1:300381 <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt * 1:300382 <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt * 1:300383 <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt * 1:300384 <-> MALWARE-OTHER WinPWN Powershell toolkit outbound connection attempt * 1:300385 <-> MALWARE-OTHER WinPWN Powershell toolkit outbound connection attempt * 1:61202 <-> MALWARE-TOOLS PowerSploit toolkit download attempt * 1:61203 <-> MALWARE-TOOLS PowerSCCM toolkit download attempt * 3:61206 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2023-1701 attack attempt * 3:61207 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2023-1701 attack attempt * 3:61208 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2023-1701 attack attempt * 3:61209 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2023-1695 attack attempt * 3:61210 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2023-1695 attack attempt * 3:61211 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2023-1695 attack attempt * 3:61212 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2023-1698 attack attempt * 1:61223 <-> MALWARE-CNC Sality User-Agent outbound communication attmept * 1:61224 <-> MALWARE-CNC Houdini User-Agent outbound communication attmept
* 1:42886 <-> MALWARE-CNC HttpBrowser User-Agent outbound communication attmept
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.0.0.
The format of the file is:
gid:sid <-> Message
* 1:300380 <-> MALWARE-TOOLS PowerSploit script download attempt * 1:300381 <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt * 1:300382 <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt * 1:300383 <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt * 1:300384 <-> MALWARE-OTHER WinPWN Powershell toolkit outbound connection attempt * 1:300385 <-> MALWARE-OTHER WinPWN Powershell toolkit outbound connection attempt * 1:61202 <-> MALWARE-TOOLS PowerSploit toolkit download attempt * 1:61203 <-> MALWARE-TOOLS PowerSCCM toolkit download attempt * 3:61206 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2023-1701 attack attempt * 3:61207 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2023-1701 attack attempt * 3:61208 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2023-1701 attack attempt * 3:61209 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2023-1695 attack attempt * 3:61210 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2023-1695 attack attempt * 3:61211 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2023-1695 attack attempt * 3:61212 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2023-1698 attack attempt * 1:61223 <-> MALWARE-CNC Sality User-Agent outbound communication attmept * 1:61224 <-> MALWARE-CNC Houdini User-Agent outbound communication attmept
* 1:42886 <-> MALWARE-CNC HttpBrowser User-Agent outbound communication attmept
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.0.1.
The format of the file is:
gid:sid <-> Message
* 1:300380 <-> MALWARE-TOOLS PowerSploit script download attempt * 1:300381 <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt * 1:300382 <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt * 1:300383 <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt * 1:300384 <-> MALWARE-OTHER WinPWN Powershell toolkit outbound connection attempt * 1:300385 <-> MALWARE-OTHER WinPWN Powershell toolkit outbound connection attempt * 1:61202 <-> MALWARE-TOOLS PowerSploit toolkit download attempt * 1:61203 <-> MALWARE-TOOLS PowerSCCM toolkit download attempt * 3:61206 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2023-1701 attack attempt * 3:61207 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2023-1701 attack attempt * 3:61208 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2023-1701 attack attempt * 3:61209 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2023-1695 attack attempt * 3:61210 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2023-1695 attack attempt * 3:61211 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2023-1695 attack attempt * 3:61212 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2023-1698 attack attempt * 1:61223 <-> MALWARE-CNC Sality User-Agent outbound communication attmept * 1:61224 <-> MALWARE-CNC Houdini User-Agent outbound communication attmept
* 1:42886 <-> MALWARE-CNC HttpBrowser User-Agent outbound communication attmept
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.3.0.
The format of the file is:
gid:sid <-> Message
* 1:300380 <-> MALWARE-TOOLS PowerSploit script download attempt * 1:300381 <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt * 1:300382 <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt * 1:300383 <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt * 1:300384 <-> MALWARE-OTHER WinPWN Powershell toolkit outbound connection attempt * 1:300385 <-> MALWARE-OTHER WinPWN Powershell toolkit outbound connection attempt * 1:61202 <-> MALWARE-TOOLS PowerSploit toolkit download attempt * 1:61203 <-> MALWARE-TOOLS PowerSCCM toolkit download attempt * 3:61206 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2023-1701 attack attempt * 3:61207 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2023-1701 attack attempt * 3:61208 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2023-1701 attack attempt * 3:61209 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2023-1695 attack attempt * 3:61210 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2023-1695 attack attempt * 3:61211 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2023-1695 attack attempt * 3:61212 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2023-1698 attack attempt * 1:61223 <-> MALWARE-CNC Sality User-Agent outbound communication attmept * 1:61224 <-> MALWARE-CNC Houdini User-Agent outbound communication attmept
* 1:42886 <-> MALWARE-CNC HttpBrowser User-Agent outbound communication attmept
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.4.0.
The format of the file is:
gid:sid <-> Message
* 1:300380 <-> MALWARE-TOOLS PowerSploit script download attempt * 1:300381 <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt * 1:300382 <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt * 1:300383 <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt * 1:300384 <-> MALWARE-OTHER WinPWN Powershell toolkit outbound connection attempt * 1:300385 <-> MALWARE-OTHER WinPWN Powershell toolkit outbound connection attempt * 1:61202 <-> MALWARE-TOOLS PowerSploit toolkit download attempt * 1:61203 <-> MALWARE-TOOLS PowerSCCM toolkit download attempt * 3:61206 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2023-1701 attack attempt * 3:61207 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2023-1701 attack attempt * 3:61208 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2023-1701 attack attempt * 3:61209 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2023-1695 attack attempt * 3:61210 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2023-1695 attack attempt * 3:61211 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2023-1695 attack attempt * 3:61212 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2023-1698 attack attempt * 1:61223 <-> MALWARE-CNC Sality User-Agent outbound communication attmept * 1:61224 <-> MALWARE-CNC Houdini User-Agent outbound communication attmept
* 1:42886 <-> MALWARE-CNC HttpBrowser User-Agent outbound communication attmept
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.5.0.
The format of the file is:
gid:sid <-> Message
* 1:300380 <-> MALWARE-TOOLS PowerSploit script download attempt * 1:300381 <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt * 1:300382 <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt * 1:300383 <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt * 1:300384 <-> MALWARE-OTHER WinPWN Powershell toolkit outbound connection attempt * 1:300385 <-> MALWARE-OTHER WinPWN Powershell toolkit outbound connection attempt * 1:61202 <-> MALWARE-TOOLS PowerSploit toolkit download attempt * 1:61203 <-> MALWARE-TOOLS PowerSCCM toolkit download attempt * 3:61206 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2023-1701 attack attempt * 3:61207 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2023-1701 attack attempt * 3:61208 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2023-1701 attack attempt * 3:61209 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2023-1695 attack attempt * 3:61210 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2023-1695 attack attempt * 3:61211 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2023-1695 attack attempt * 3:61212 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2023-1698 attack attempt * 1:61223 <-> MALWARE-CNC Sality User-Agent outbound communication attmept * 1:61224 <-> MALWARE-CNC Houdini User-Agent outbound communication attmept
* 1:42886 <-> MALWARE-CNC HttpBrowser User-Agent outbound communication attmept
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.7.0.
The format of the file is:
gid:sid <-> Message
* 1:300380 <-> MALWARE-TOOLS PowerSploit script download attempt * 1:300381 <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt * 1:300382 <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt * 1:300383 <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt * 1:300384 <-> MALWARE-OTHER WinPWN Powershell toolkit outbound connection attempt * 1:300385 <-> MALWARE-OTHER WinPWN Powershell toolkit outbound connection attempt * 1:61202 <-> MALWARE-TOOLS PowerSploit toolkit download attempt * 1:61203 <-> MALWARE-TOOLS PowerSCCM toolkit download attempt * 3:61206 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2023-1701 attack attempt * 3:61207 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2023-1701 attack attempt * 3:61208 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2023-1701 attack attempt * 3:61209 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2023-1695 attack attempt * 3:61210 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2023-1695 attack attempt * 3:61211 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2023-1695 attack attempt * 3:61212 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2023-1698 attack attempt * 1:61223 <-> MALWARE-CNC Sality User-Agent outbound communication attmept * 1:61224 <-> MALWARE-CNC Houdini User-Agent outbound communication attmept
* 1:42886 <-> MALWARE-CNC HttpBrowser User-Agent outbound communication attmept
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.9.0.
The format of the file is:
gid:sid <-> Message
* 1:300380 <-> MALWARE-TOOLS PowerSploit script download attempt * 1:300381 <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt * 1:300382 <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt * 1:300383 <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt * 1:300384 <-> MALWARE-OTHER WinPWN Powershell toolkit outbound connection attempt * 1:300385 <-> MALWARE-OTHER WinPWN Powershell toolkit outbound connection attempt * 1:61202 <-> MALWARE-TOOLS PowerSploit toolkit download attempt * 1:61203 <-> MALWARE-TOOLS PowerSCCM toolkit download attempt * 3:61206 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2023-1701 attack attempt * 3:61207 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2023-1701 attack attempt * 3:61208 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2023-1701 attack attempt * 3:61209 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2023-1695 attack attempt * 3:61210 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2023-1695 attack attempt * 3:61211 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2023-1695 attack attempt * 3:61212 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2023-1698 attack attempt * 1:61223 <-> MALWARE-CNC Sality User-Agent outbound communication attmept * 1:61224 <-> MALWARE-CNC Houdini User-Agent outbound communication attmept
* 1:42886 <-> MALWARE-CNC HttpBrowser User-Agent outbound communication attmept
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.15.0.
The format of the file is:
gid:sid <-> Message
* 1:300380 <-> MALWARE-TOOLS PowerSploit script download attempt * 1:300381 <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt * 1:300382 <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt * 1:300383 <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt * 1:300384 <-> MALWARE-OTHER WinPWN Powershell toolkit outbound connection attempt * 1:300385 <-> MALWARE-OTHER WinPWN Powershell toolkit outbound connection attempt * 1:61202 <-> MALWARE-TOOLS PowerSploit toolkit download attempt * 1:61203 <-> MALWARE-TOOLS PowerSCCM toolkit download attempt * 3:61206 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2023-1701 attack attempt * 3:61207 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2023-1701 attack attempt * 3:61208 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2023-1701 attack attempt * 3:61209 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2023-1695 attack attempt * 3:61210 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2023-1695 attack attempt * 3:61211 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2023-1695 attack attempt * 3:61212 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2023-1698 attack attempt * 1:61223 <-> MALWARE-CNC Sality User-Agent outbound communication attmept * 1:61224 <-> MALWARE-CNC Houdini User-Agent outbound communication attmept
* 1:42886 <-> MALWARE-CNC HttpBrowser User-Agent outbound communication attmept
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.18.0.
The format of the file is:
gid:sid <-> Message
* 1:300380 <-> MALWARE-TOOLS PowerSploit script download attempt * 1:300381 <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt * 1:300382 <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt * 1:300383 <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt * 1:300384 <-> MALWARE-OTHER WinPWN Powershell toolkit outbound connection attempt * 1:300385 <-> MALWARE-OTHER WinPWN Powershell toolkit outbound connection attempt * 1:61202 <-> MALWARE-TOOLS PowerSploit toolkit download attempt * 1:61203 <-> MALWARE-TOOLS PowerSCCM toolkit download attempt * 3:61206 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2023-1701 attack attempt * 3:61207 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2023-1701 attack attempt * 3:61208 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2023-1701 attack attempt * 3:61209 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2023-1695 attack attempt * 3:61210 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2023-1695 attack attempt * 3:61211 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2023-1695 attack attempt * 3:61212 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2023-1698 attack attempt * 1:61223 <-> MALWARE-CNC Sality User-Agent outbound communication attmept * 1:61224 <-> MALWARE-CNC Houdini User-Agent outbound communication attmept
* 1:42886 <-> MALWARE-CNC HttpBrowser User-Agent outbound communication attmept
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.20.0.
The format of the file is:
gid:sid <-> Message
* 1:300380 <-> MALWARE-TOOLS PowerSploit script download attempt * 1:300381 <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt * 1:300382 <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt * 1:300383 <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt * 1:300384 <-> MALWARE-OTHER WinPWN Powershell toolkit outbound connection attempt * 1:300385 <-> MALWARE-OTHER WinPWN Powershell toolkit outbound connection attempt * 1:61202 <-> MALWARE-TOOLS PowerSploit toolkit download attempt * 1:61203 <-> MALWARE-TOOLS PowerSCCM toolkit download attempt * 3:61206 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2023-1701 attack attempt * 3:61207 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2023-1701 attack attempt * 3:61208 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2023-1701 attack attempt * 3:61209 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2023-1695 attack attempt * 3:61210 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2023-1695 attack attempt * 3:61211 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2023-1695 attack attempt * 3:61212 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2023-1698 attack attempt * 1:61223 <-> MALWARE-CNC Sality User-Agent outbound communication attmept * 1:61224 <-> MALWARE-CNC Houdini User-Agent outbound communication attmept
* 1:42886 <-> MALWARE-CNC HttpBrowser User-Agent outbound communication attmept
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.21.0.
The format of the file is:
gid:sid <-> Message
* 1:300380 <-> MALWARE-TOOLS PowerSploit script download attempt * 1:300381 <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt * 1:300382 <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt * 1:300383 <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt * 1:300384 <-> MALWARE-OTHER WinPWN Powershell toolkit outbound connection attempt * 1:300385 <-> MALWARE-OTHER WinPWN Powershell toolkit outbound connection attempt * 1:61202 <-> MALWARE-TOOLS PowerSploit toolkit download attempt * 1:61203 <-> MALWARE-TOOLS PowerSCCM toolkit download attempt * 3:61206 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2023-1701 attack attempt * 3:61207 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2023-1701 attack attempt * 3:61208 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2023-1701 attack attempt * 3:61209 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2023-1695 attack attempt * 3:61210 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2023-1695 attack attempt * 3:61211 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2023-1695 attack attempt * 3:61212 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2023-1698 attack attempt * 1:61223 <-> MALWARE-CNC Sality User-Agent outbound communication attmept * 1:61224 <-> MALWARE-CNC Houdini User-Agent outbound communication attmept
* 1:42886 <-> MALWARE-CNC HttpBrowser User-Agent outbound communication attmept
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.35.0.
The format of the file is:
gid:sid <-> Message
* 1:300380 <-> MALWARE-TOOLS PowerSploit script download attempt * 1:300381 <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt * 1:300382 <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt * 1:300383 <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt * 1:300384 <-> MALWARE-OTHER WinPWN Powershell toolkit outbound connection attempt * 1:300385 <-> MALWARE-OTHER WinPWN Powershell toolkit outbound connection attempt * 1:61202 <-> MALWARE-TOOLS PowerSploit toolkit download attempt * 1:61203 <-> MALWARE-TOOLS PowerSCCM toolkit download attempt * 3:61206 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2023-1701 attack attempt * 3:61207 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2023-1701 attack attempt * 3:61208 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2023-1701 attack attempt * 3:61209 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2023-1695 attack attempt * 3:61210 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2023-1695 attack attempt * 3:61211 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2023-1695 attack attempt * 3:61212 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2023-1698 attack attempt * 1:61223 <-> MALWARE-CNC Sality User-Agent outbound communication attmept * 1:61224 <-> MALWARE-CNC Houdini User-Agent outbound communication attmept
* 1:42886 <-> MALWARE-CNC HttpBrowser User-Agent outbound communication attmept
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.44.0.
The format of the file is:
gid:sid <-> Message
* 1:300380 <-> MALWARE-TOOLS PowerSploit script download attempt * 1:300381 <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt * 1:300382 <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt * 1:300383 <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt * 1:300384 <-> MALWARE-OTHER WinPWN Powershell toolkit outbound connection attempt * 1:300385 <-> MALWARE-OTHER WinPWN Powershell toolkit outbound connection attempt * 1:61202 <-> MALWARE-TOOLS PowerSploit toolkit download attempt * 1:61203 <-> MALWARE-TOOLS PowerSCCM toolkit download attempt * 3:61206 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2023-1701 attack attempt * 3:61207 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2023-1701 attack attempt * 3:61208 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2023-1701 attack attempt * 3:61209 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2023-1695 attack attempt * 3:61210 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2023-1695 attack attempt * 3:61211 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2023-1695 attack attempt * 3:61212 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2023-1698 attack attempt * 1:61223 <-> MALWARE-CNC Sality User-Agent outbound communication attmept * 1:61224 <-> MALWARE-CNC Houdini User-Agent outbound communication attmept
* 1:42886 <-> MALWARE-CNC HttpBrowser User-Agent outbound communication attmept
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.47.0.
The format of the file is:
gid:sid <-> Message
* 1:300380 <-> MALWARE-TOOLS PowerSploit script download attempt * 1:300381 <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt * 1:300382 <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt * 1:300383 <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt * 1:300384 <-> MALWARE-OTHER WinPWN Powershell toolkit outbound connection attempt * 1:300385 <-> MALWARE-OTHER WinPWN Powershell toolkit outbound connection attempt * 1:61202 <-> MALWARE-TOOLS PowerSploit toolkit download attempt * 1:61203 <-> MALWARE-TOOLS PowerSCCM toolkit download attempt * 3:61206 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2023-1701 attack attempt * 3:61207 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2023-1701 attack attempt * 3:61208 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2023-1701 attack attempt * 3:61209 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2023-1695 attack attempt * 3:61210 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2023-1695 attack attempt * 3:61211 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2023-1695 attack attempt * 3:61212 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2023-1698 attack attempt * 1:61223 <-> MALWARE-CNC Sality User-Agent outbound communication attmept * 1:61224 <-> MALWARE-CNC Houdini User-Agent outbound communication attmept
* 1:42886 <-> MALWARE-CNC HttpBrowser User-Agent outbound communication attmept
©2024 Cisco and/or its affiliates. Snort, the Snort and Pig logo are registered trademarks of Cisco. All rights reserved.
