Snort - Network Intrusion Detection & Prevention System

Talos Rules 2024-02-13

Talos is aware of vulnerabilities affecting products from Microsoft Corporation.

Microsoft Vulnerability CVE-2024-21338: A coding deficiency exists in Microsoft Windows Kernel that may lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with: Snort 2: GID 1, SIDs 63000 through 63001, Snort 3: GID 1, SID 300825.

Microsoft Vulnerability CVE-2024-21345: A coding deficiency exists in Microsoft Windows Kernel that may lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with: Snort 2: GID 1, SIDs 63004 through 63005, Snort 3: GID 1, SID 300826.

Microsoft Vulnerability CVE-2024-21346: A coding deficiency exists in Microsoft Win32k that may lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with: Snort 2: GID 1, SIDs 62992 through 62993, Snort 3: GID 1, SID 300822.

Microsoft Vulnerability CVE-2024-21371: A coding deficiency exists in Microsoft Windows Kernel that may lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with: Snort 2: GID 1, SIDs 62998 through 62999, Snort 3: GID 1, SID 300824.

Microsoft Vulnerability CVE-2024-21379: A coding deficiency exists in Microsoft Word that may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with: Snort 2: GID 1, SIDs 62994 through 62995, Snort 3: GID 1, SID 300823.

Talos also has added and modified multiple rules in the browser-chrome, browser-ie, file-office, file-other, malware-cnc, malware-other, os-windows, policy-other and server-webapp rule sets to provide coverage for emerging threats from these technologies.

For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.

Change logs

29200

2024-02-13 18:44:59 UTC

Snort Subscriber Rules Update

Date: 2024-02-13

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2092000.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:62983 <-> ENABLED <-> MALWARE-CNC Win.Ransomware.GhostLocker variant outbound connection attempt (malware-cnc.rules)
 * 1:62984 <-> ENABLED <-> MALWARE-CNC Win.Ransomware.GhostLocker variant outbound connection attempt (malware-cnc.rules)
 * 1:62985 <-> ENABLED <-> MALWARE-CNC Win.Ransomware.GhostLocker variant outbound connection attempt (malware-cnc.rules)
 * 1:62986 <-> ENABLED <-> MALWARE-CNC Win.Ransomware.GhostLocker variant outbound connection attempt (malware-cnc.rules)
 * 1:62987 <-> ENABLED <-> MALWARE-CNC Win.Ransomware.GhostLocker variant outbound connection attempt (malware-cnc.rules)
 * 1:62988 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.GhostLocker variant download attempt (malware-other.rules)
 * 1:62989 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.GhostLocker variant download attempt (malware-other.rules)
 * 1:62990 <-> DISABLED <-> BROWSER-CHROME Google Chrome FileReader use after free attempt (browser-chrome.rules)
 * 1:62991 <-> DISABLED <-> BROWSER-CHROME Google Chrome FileReader use after free attempt (browser-chrome.rules)
 * 1:62992 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k elevation of privilege attempt (os-windows.rules)
 * 1:62993 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k elevation of privilege attempt (os-windows.rules)
 * 1:62994 <-> DISABLED <-> FILE-OFFICE Microsoft Word remote code execution attempt (file-office.rules)
 * 1:62995 <-> DISABLED <-> FILE-OFFICE Microsoft Word remote code execution attempt (file-office.rules)
 * 1:62996 <-> ENABLED <-> MALWARE-CNC Win.Trojan.TinyTurla variant outbound connection (malware-cnc.rules)
 * 1:62997 <-> ENABLED <-> MALWARE-CNC Win.Trojan.TinyTurla variant outbound connection (malware-cnc.rules)
 * 1:62998 <-> DISABLED <-> OS-WINDOWS Microsoft Windows kernel elevation of privilege attempt (os-windows.rules)
 * 1:62999 <-> DISABLED <-> OS-WINDOWS Microsoft Windows kernel elevation of privilege attempt (os-windows.rules)
 * 1:63000 <-> DISABLED <-> OS-WINDOWS Microsoft Windows AppId driver elevation of privileges attempt (os-windows.rules)
 * 1:63001 <-> DISABLED <-> OS-WINDOWS Microsoft Windows AppId driver elevation of privileges attempt (os-windows.rules)
 * 1:63004 <-> DISABLED <-> OS-WINDOWS Microsoft Windows ntoskrnl elevation of privileges attempt (os-windows.rules)
 * 1:63005 <-> DISABLED <-> OS-WINDOWS Microsoft Windows ntoskrnl elevation of privileges attempt (os-windows.rules)
 * 3:63002 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1932 attack attempt (server-webapp.rules)
 * 3:63003 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1934 attack attempt (server-webapp.rules)
 * 3:63006 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2024-1933 attack attempt (policy-other.rules)
 * 3:63007 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1917 attack attempt (file-other.rules)
 * 3:63008 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1917 attack attempt (file-other.rules)
 * 3:63009 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1919 attack attempt (file-other.rules)
 * 3:63010 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1919 attack attempt (file-other.rules)
 * 3:63011 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1918 attack attempt (file-other.rules)
 * 3:63012 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1918 attack attempt (file-other.rules)

Modified Rules:


 * 1:36950 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer SComputedStyle destructor out of bounds read attempt (browser-ie.rules)
 * 1:36951 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer SComputedStyle destructor out of bounds read attempt (browser-ie.rules)
 * 1:40360 <-> DISABLED <-> SERVER-OTHER OpenSSL OCSP Status Request Extension denial of service attempt (server-other.rules)
 * 1:62640 <-> ENABLED <-> SERVER-WEBAPP F5 BIG-IP AJP authentication bypass attempt (server-webapp.rules)

29190

2024-02-13 18:44:59 UTC

Snort Subscriber Rules Update

Date: 2024-02-13

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2091900.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:63005 <-> DISABLED <-> OS-WINDOWS Microsoft Windows ntoskrnl elevation of privileges attempt (os-windows.rules)
 * 1:62983 <-> ENABLED <-> MALWARE-CNC Win.Ransomware.GhostLocker variant outbound connection attempt (malware-cnc.rules)
 * 1:62985 <-> ENABLED <-> MALWARE-CNC Win.Ransomware.GhostLocker variant outbound connection attempt (malware-cnc.rules)
 * 1:63001 <-> DISABLED <-> OS-WINDOWS Microsoft Windows AppId driver elevation of privileges attempt (os-windows.rules)
 * 1:63004 <-> DISABLED <-> OS-WINDOWS Microsoft Windows ntoskrnl elevation of privileges attempt (os-windows.rules)
 * 1:62988 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.GhostLocker variant download attempt (malware-other.rules)
 * 1:62992 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k elevation of privilege attempt (os-windows.rules)
 * 1:62993 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k elevation of privilege attempt (os-windows.rules)
 * 1:62986 <-> ENABLED <-> MALWARE-CNC Win.Ransomware.GhostLocker variant outbound connection attempt (malware-cnc.rules)
 * 1:62984 <-> ENABLED <-> MALWARE-CNC Win.Ransomware.GhostLocker variant outbound connection attempt (malware-cnc.rules)
 * 1:62990 <-> DISABLED <-> BROWSER-CHROME Google Chrome FileReader use after free attempt (browser-chrome.rules)
 * 1:62989 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.GhostLocker variant download attempt (malware-other.rules)
 * 1:62998 <-> DISABLED <-> OS-WINDOWS Microsoft Windows kernel elevation of privilege attempt (os-windows.rules)
 * 1:62997 <-> ENABLED <-> MALWARE-CNC Win.Trojan.TinyTurla variant outbound connection (malware-cnc.rules)
 * 1:62999 <-> DISABLED <-> OS-WINDOWS Microsoft Windows kernel elevation of privilege attempt (os-windows.rules)
 * 1:63000 <-> DISABLED <-> OS-WINDOWS Microsoft Windows AppId driver elevation of privileges attempt (os-windows.rules)
 * 1:62991 <-> DISABLED <-> BROWSER-CHROME Google Chrome FileReader use after free attempt (browser-chrome.rules)
 * 1:62987 <-> ENABLED <-> MALWARE-CNC Win.Ransomware.GhostLocker variant outbound connection attempt (malware-cnc.rules)
 * 1:62994 <-> DISABLED <-> FILE-OFFICE Microsoft Word remote code execution attempt (file-office.rules)
 * 1:62995 <-> DISABLED <-> FILE-OFFICE Microsoft Word remote code execution attempt (file-office.rules)
 * 1:62996 <-> ENABLED <-> MALWARE-CNC Win.Trojan.TinyTurla variant outbound connection (malware-cnc.rules)
 * 3:63009 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1919 attack attempt (file-other.rules)
 * 3:63002 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1932 attack attempt (server-webapp.rules)
 * 3:63011 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1918 attack attempt (file-other.rules)
 * 3:63003 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1934 attack attempt (server-webapp.rules)
 * 3:63006 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2024-1933 attack attempt (policy-other.rules)
 * 3:63007 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1917 attack attempt (file-other.rules)
 * 3:63010 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1919 attack attempt (file-other.rules)
 * 3:63012 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1918 attack attempt (file-other.rules)
 * 3:63008 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1917 attack attempt (file-other.rules)

Modified Rules:


 * 1:36950 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer SComputedStyle destructor out of bounds read attempt (browser-ie.rules)
 * 1:36951 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer SComputedStyle destructor out of bounds read attempt (browser-ie.rules)
 * 1:40360 <-> DISABLED <-> SERVER-OTHER OpenSSL OCSP Status Request Extension denial of service attempt (server-other.rules)
 * 1:62640 <-> ENABLED <-> SERVER-WEBAPP F5 BIG-IP AJP authentication bypass attempt (server-webapp.rules)

29181

2024-02-13 18:44:59 UTC

Snort Subscriber Rules Update

Date: 2024-02-13

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2091801.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:63000 <-> DISABLED <-> OS-WINDOWS Microsoft Windows AppId driver elevation of privileges attempt (os-windows.rules)
 * 1:62999 <-> DISABLED <-> OS-WINDOWS Microsoft Windows kernel elevation of privilege attempt (os-windows.rules)
 * 1:62988 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.GhostLocker variant download attempt (malware-other.rules)
 * 1:62991 <-> DISABLED <-> BROWSER-CHROME Google Chrome FileReader use after free attempt (browser-chrome.rules)
 * 1:62990 <-> DISABLED <-> BROWSER-CHROME Google Chrome FileReader use after free attempt (browser-chrome.rules)
 * 1:62992 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k elevation of privilege attempt (os-windows.rules)
 * 1:63005 <-> DISABLED <-> OS-WINDOWS Microsoft Windows ntoskrnl elevation of privileges attempt (os-windows.rules)
 * 1:62985 <-> ENABLED <-> MALWARE-CNC Win.Ransomware.GhostLocker variant outbound connection attempt (malware-cnc.rules)
 * 1:62984 <-> ENABLED <-> MALWARE-CNC Win.Ransomware.GhostLocker variant outbound connection attempt (malware-cnc.rules)
 * 1:62986 <-> ENABLED <-> MALWARE-CNC Win.Ransomware.GhostLocker variant outbound connection attempt (malware-cnc.rules)
 * 1:62983 <-> ENABLED <-> MALWARE-CNC Win.Ransomware.GhostLocker variant outbound connection attempt (malware-cnc.rules)
 * 1:63001 <-> DISABLED <-> OS-WINDOWS Microsoft Windows AppId driver elevation of privileges attempt (os-windows.rules)
 * 1:63004 <-> DISABLED <-> OS-WINDOWS Microsoft Windows ntoskrnl elevation of privileges attempt (os-windows.rules)
 * 1:62987 <-> ENABLED <-> MALWARE-CNC Win.Ransomware.GhostLocker variant outbound connection attempt (malware-cnc.rules)
 * 1:62995 <-> DISABLED <-> FILE-OFFICE Microsoft Word remote code execution attempt (file-office.rules)
 * 1:62994 <-> DISABLED <-> FILE-OFFICE Microsoft Word remote code execution attempt (file-office.rules)
 * 1:62993 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k elevation of privilege attempt (os-windows.rules)
 * 1:62989 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.GhostLocker variant download attempt (malware-other.rules)
 * 1:62996 <-> ENABLED <-> MALWARE-CNC Win.Trojan.TinyTurla variant outbound connection (malware-cnc.rules)
 * 1:62997 <-> ENABLED <-> MALWARE-CNC Win.Trojan.TinyTurla variant outbound connection (malware-cnc.rules)
 * 1:62998 <-> DISABLED <-> OS-WINDOWS Microsoft Windows kernel elevation of privilege attempt (os-windows.rules)
 * 3:63006 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2024-1933 attack attempt (policy-other.rules)
 * 3:63007 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1917 attack attempt (file-other.rules)
 * 3:63011 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1918 attack attempt (file-other.rules)
 * 3:63008 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1917 attack attempt (file-other.rules)
 * 3:63003 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1934 attack attempt (server-webapp.rules)
 * 3:63010 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1919 attack attempt (file-other.rules)
 * 3:63012 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1918 attack attempt (file-other.rules)
 * 3:63002 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1932 attack attempt (server-webapp.rules)
 * 3:63009 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1919 attack attempt (file-other.rules)

Modified Rules:


 * 1:36951 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer SComputedStyle destructor out of bounds read attempt (browser-ie.rules)
 * 1:36950 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer SComputedStyle destructor out of bounds read attempt (browser-ie.rules)
 * 1:40360 <-> DISABLED <-> SERVER-OTHER OpenSSL OCSP Status Request Extension denial of service attempt (server-other.rules)
 * 1:62640 <-> ENABLED <-> SERVER-WEBAPP F5 BIG-IP AJP authentication bypass attempt (server-webapp.rules)

29171

2024-02-13 18:44:59 UTC

Snort Subscriber Rules Update

Date: 2024-02-13

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2091701.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:62990 <-> DISABLED <-> BROWSER-CHROME Google Chrome FileReader use after free attempt (browser-chrome.rules)
 * 1:62987 <-> ENABLED <-> MALWARE-CNC Win.Ransomware.GhostLocker variant outbound connection attempt (malware-cnc.rules)
 * 1:62986 <-> ENABLED <-> MALWARE-CNC Win.Ransomware.GhostLocker variant outbound connection attempt (malware-cnc.rules)
 * 1:63005 <-> DISABLED <-> OS-WINDOWS Microsoft Windows ntoskrnl elevation of privileges attempt (os-windows.rules)
 * 1:62985 <-> ENABLED <-> MALWARE-CNC Win.Ransomware.GhostLocker variant outbound connection attempt (malware-cnc.rules)
 * 1:62988 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.GhostLocker variant download attempt (malware-other.rules)
 * 1:62983 <-> ENABLED <-> MALWARE-CNC Win.Ransomware.GhostLocker variant outbound connection attempt (malware-cnc.rules)
 * 1:62984 <-> ENABLED <-> MALWARE-CNC Win.Ransomware.GhostLocker variant outbound connection attempt (malware-cnc.rules)
 * 1:62994 <-> DISABLED <-> FILE-OFFICE Microsoft Word remote code execution attempt (file-office.rules)
 * 1:63000 <-> DISABLED <-> OS-WINDOWS Microsoft Windows AppId driver elevation of privileges attempt (os-windows.rules)
 * 1:62996 <-> ENABLED <-> MALWARE-CNC Win.Trojan.TinyTurla variant outbound connection (malware-cnc.rules)
 * 1:62997 <-> ENABLED <-> MALWARE-CNC Win.Trojan.TinyTurla variant outbound connection (malware-cnc.rules)
 * 1:62998 <-> DISABLED <-> OS-WINDOWS Microsoft Windows kernel elevation of privilege attempt (os-windows.rules)
 * 1:63001 <-> DISABLED <-> OS-WINDOWS Microsoft Windows AppId driver elevation of privileges attempt (os-windows.rules)
 * 1:62995 <-> DISABLED <-> FILE-OFFICE Microsoft Word remote code execution attempt (file-office.rules)
 * 1:62991 <-> DISABLED <-> BROWSER-CHROME Google Chrome FileReader use after free attempt (browser-chrome.rules)
 * 1:62999 <-> DISABLED <-> OS-WINDOWS Microsoft Windows kernel elevation of privilege attempt (os-windows.rules)
 * 1:62992 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k elevation of privilege attempt (os-windows.rules)
 * 1:62993 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k elevation of privilege attempt (os-windows.rules)
 * 1:63004 <-> DISABLED <-> OS-WINDOWS Microsoft Windows ntoskrnl elevation of privileges attempt (os-windows.rules)
 * 1:62989 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.GhostLocker variant download attempt (malware-other.rules)
 * 3:63008 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1917 attack attempt (file-other.rules)
 * 3:63006 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2024-1933 attack attempt (policy-other.rules)
 * 3:63007 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1917 attack attempt (file-other.rules)
 * 3:63009 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1919 attack attempt (file-other.rules)
 * 3:63002 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1932 attack attempt (server-webapp.rules)
 * 3:63003 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1934 attack attempt (server-webapp.rules)
 * 3:63010 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1919 attack attempt (file-other.rules)
 * 3:63011 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1918 attack attempt (file-other.rules)
 * 3:63012 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1918 attack attempt (file-other.rules)

Modified Rules:


 * 1:36951 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer SComputedStyle destructor out of bounds read attempt (browser-ie.rules)
 * 1:40360 <-> DISABLED <-> SERVER-OTHER OpenSSL OCSP Status Request Extension denial of service attempt (server-other.rules)
 * 1:36950 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer SComputedStyle destructor out of bounds read attempt (browser-ie.rules)
 * 1:62640 <-> ENABLED <-> SERVER-WEBAPP F5 BIG-IP AJP authentication bypass attempt (server-webapp.rules)

29170

2024-02-13 18:44:59 UTC

Snort Subscriber Rules Update

Date: 2024-02-13

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2091700.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:62999 <-> DISABLED <-> OS-WINDOWS Microsoft Windows kernel elevation of privilege attempt (os-windows.rules)
 * 1:62987 <-> ENABLED <-> MALWARE-CNC Win.Ransomware.GhostLocker variant outbound connection attempt (malware-cnc.rules)
 * 1:63001 <-> DISABLED <-> OS-WINDOWS Microsoft Windows AppId driver elevation of privileges attempt (os-windows.rules)
 * 1:62988 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.GhostLocker variant download attempt (malware-other.rules)
 * 1:62990 <-> DISABLED <-> BROWSER-CHROME Google Chrome FileReader use after free attempt (browser-chrome.rules)
 * 1:62985 <-> ENABLED <-> MALWARE-CNC Win.Ransomware.GhostLocker variant outbound connection attempt (malware-cnc.rules)
 * 1:63000 <-> DISABLED <-> OS-WINDOWS Microsoft Windows AppId driver elevation of privileges attempt (os-windows.rules)
 * 1:62991 <-> DISABLED <-> BROWSER-CHROME Google Chrome FileReader use after free attempt (browser-chrome.rules)
 * 1:62992 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k elevation of privilege attempt (os-windows.rules)
 * 1:62986 <-> ENABLED <-> MALWARE-CNC Win.Ransomware.GhostLocker variant outbound connection attempt (malware-cnc.rules)
 * 1:62984 <-> ENABLED <-> MALWARE-CNC Win.Ransomware.GhostLocker variant outbound connection attempt (malware-cnc.rules)
 * 1:63005 <-> DISABLED <-> OS-WINDOWS Microsoft Windows ntoskrnl elevation of privileges attempt (os-windows.rules)
 * 1:63004 <-> DISABLED <-> OS-WINDOWS Microsoft Windows ntoskrnl elevation of privileges attempt (os-windows.rules)
 * 1:62994 <-> DISABLED <-> FILE-OFFICE Microsoft Word remote code execution attempt (file-office.rules)
 * 1:62993 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k elevation of privilege attempt (os-windows.rules)
 * 1:62989 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.GhostLocker variant download attempt (malware-other.rules)
 * 1:62998 <-> DISABLED <-> OS-WINDOWS Microsoft Windows kernel elevation of privilege attempt (os-windows.rules)
 * 1:62983 <-> ENABLED <-> MALWARE-CNC Win.Ransomware.GhostLocker variant outbound connection attempt (malware-cnc.rules)
 * 1:62995 <-> DISABLED <-> FILE-OFFICE Microsoft Word remote code execution attempt (file-office.rules)
 * 1:62996 <-> ENABLED <-> MALWARE-CNC Win.Trojan.TinyTurla variant outbound connection (malware-cnc.rules)
 * 1:62997 <-> ENABLED <-> MALWARE-CNC Win.Trojan.TinyTurla variant outbound connection (malware-cnc.rules)
 * 3:63006 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2024-1933 attack attempt (policy-other.rules)
 * 3:63008 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1917 attack attempt (file-other.rules)
 * 3:63010 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1919 attack attempt (file-other.rules)
 * 3:63011 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1918 attack attempt (file-other.rules)
 * 3:63012 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1918 attack attempt (file-other.rules)
 * 3:63002 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1932 attack attempt (server-webapp.rules)
 * 3:63007 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1917 attack attempt (file-other.rules)
 * 3:63009 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1919 attack attempt (file-other.rules)
 * 3:63003 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1934 attack attempt (server-webapp.rules)

Modified Rules:


 * 1:40360 <-> DISABLED <-> SERVER-OTHER OpenSSL OCSP Status Request Extension denial of service attempt (server-other.rules)
 * 1:62640 <-> ENABLED <-> SERVER-WEBAPP F5 BIG-IP AJP authentication bypass attempt (server-webapp.rules)
 * 1:36950 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer SComputedStyle destructor out of bounds read attempt (browser-ie.rules)
 * 1:36951 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer SComputedStyle destructor out of bounds read attempt (browser-ie.rules)

29161

2024-02-13 18:44:59 UTC

Snort Subscriber Rules Update

Date: 2024-02-13

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2091601.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:62993 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k elevation of privilege attempt (os-windows.rules)
 * 1:62994 <-> DISABLED <-> FILE-OFFICE Microsoft Word remote code execution attempt (file-office.rules)
 * 1:62990 <-> DISABLED <-> BROWSER-CHROME Google Chrome FileReader use after free attempt (browser-chrome.rules)
 * 1:62995 <-> DISABLED <-> FILE-OFFICE Microsoft Word remote code execution attempt (file-office.rules)
 * 1:62984 <-> ENABLED <-> MALWARE-CNC Win.Ransomware.GhostLocker variant outbound connection attempt (malware-cnc.rules)
 * 1:62987 <-> ENABLED <-> MALWARE-CNC Win.Ransomware.GhostLocker variant outbound connection attempt (malware-cnc.rules)
 * 1:62985 <-> ENABLED <-> MALWARE-CNC Win.Ransomware.GhostLocker variant outbound connection attempt (malware-cnc.rules)
 * 1:62986 <-> ENABLED <-> MALWARE-CNC Win.Ransomware.GhostLocker variant outbound connection attempt (malware-cnc.rules)
 * 1:63004 <-> DISABLED <-> OS-WINDOWS Microsoft Windows ntoskrnl elevation of privileges attempt (os-windows.rules)
 * 1:62988 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.GhostLocker variant download attempt (malware-other.rules)
 * 1:62996 <-> ENABLED <-> MALWARE-CNC Win.Trojan.TinyTurla variant outbound connection (malware-cnc.rules)
 * 1:62992 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k elevation of privilege attempt (os-windows.rules)
 * 1:62997 <-> ENABLED <-> MALWARE-CNC Win.Trojan.TinyTurla variant outbound connection (malware-cnc.rules)
 * 1:62989 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.GhostLocker variant download attempt (malware-other.rules)
 * 1:63001 <-> DISABLED <-> OS-WINDOWS Microsoft Windows AppId driver elevation of privileges attempt (os-windows.rules)
 * 1:62991 <-> DISABLED <-> BROWSER-CHROME Google Chrome FileReader use after free attempt (browser-chrome.rules)
 * 1:62998 <-> DISABLED <-> OS-WINDOWS Microsoft Windows kernel elevation of privilege attempt (os-windows.rules)
 * 1:62999 <-> DISABLED <-> OS-WINDOWS Microsoft Windows kernel elevation of privilege attempt (os-windows.rules)
 * 1:63005 <-> DISABLED <-> OS-WINDOWS Microsoft Windows ntoskrnl elevation of privileges attempt (os-windows.rules)
 * 1:63000 <-> DISABLED <-> OS-WINDOWS Microsoft Windows AppId driver elevation of privileges attempt (os-windows.rules)
 * 1:62983 <-> ENABLED <-> MALWARE-CNC Win.Ransomware.GhostLocker variant outbound connection attempt (malware-cnc.rules)
 * 3:63006 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2024-1933 attack attempt (policy-other.rules)
 * 3:63008 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1917 attack attempt (file-other.rules)
 * 3:63007 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1917 attack attempt (file-other.rules)
 * 3:63003 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1934 attack attempt (server-webapp.rules)
 * 3:63002 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1932 attack attempt (server-webapp.rules)
 * 3:63010 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1919 attack attempt (file-other.rules)
 * 3:63012 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1918 attack attempt (file-other.rules)
 * 3:63011 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1918 attack attempt (file-other.rules)
 * 3:63009 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1919 attack attempt (file-other.rules)

Modified Rules:


 * 1:36951 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer SComputedStyle destructor out of bounds read attempt (browser-ie.rules)
 * 1:36950 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer SComputedStyle destructor out of bounds read attempt (browser-ie.rules)
 * 1:40360 <-> DISABLED <-> SERVER-OTHER OpenSSL OCSP Status Request Extension denial of service attempt (server-other.rules)
 * 1:62640 <-> ENABLED <-> SERVER-WEBAPP F5 BIG-IP AJP authentication bypass attempt (server-webapp.rules)

29160

2024-02-13 18:44:59 UTC

Snort Subscriber Rules Update

Date: 2024-02-13

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2091600.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:62990 <-> DISABLED <-> BROWSER-CHROME Google Chrome FileReader use after free attempt (browser-chrome.rules)
 * 1:62991 <-> DISABLED <-> BROWSER-CHROME Google Chrome FileReader use after free attempt (browser-chrome.rules)
 * 1:63000 <-> DISABLED <-> OS-WINDOWS Microsoft Windows AppId driver elevation of privileges attempt (os-windows.rules)
 * 1:63004 <-> DISABLED <-> OS-WINDOWS Microsoft Windows ntoskrnl elevation of privileges attempt (os-windows.rules)
 * 1:62987 <-> ENABLED <-> MALWARE-CNC Win.Ransomware.GhostLocker variant outbound connection attempt (malware-cnc.rules)
 * 1:63001 <-> DISABLED <-> OS-WINDOWS Microsoft Windows AppId driver elevation of privileges attempt (os-windows.rules)
 * 1:62984 <-> ENABLED <-> MALWARE-CNC Win.Ransomware.GhostLocker variant outbound connection attempt (malware-cnc.rules)
 * 1:62993 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k elevation of privilege attempt (os-windows.rules)
 * 1:62994 <-> DISABLED <-> FILE-OFFICE Microsoft Word remote code execution attempt (file-office.rules)
 * 1:62995 <-> DISABLED <-> FILE-OFFICE Microsoft Word remote code execution attempt (file-office.rules)
 * 1:62985 <-> ENABLED <-> MALWARE-CNC Win.Ransomware.GhostLocker variant outbound connection attempt (malware-cnc.rules)
 * 1:62998 <-> DISABLED <-> OS-WINDOWS Microsoft Windows kernel elevation of privilege attempt (os-windows.rules)
 * 1:63005 <-> DISABLED <-> OS-WINDOWS Microsoft Windows ntoskrnl elevation of privileges attempt (os-windows.rules)
 * 1:62983 <-> ENABLED <-> MALWARE-CNC Win.Ransomware.GhostLocker variant outbound connection attempt (malware-cnc.rules)
 * 1:62989 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.GhostLocker variant download attempt (malware-other.rules)
 * 1:62997 <-> ENABLED <-> MALWARE-CNC Win.Trojan.TinyTurla variant outbound connection (malware-cnc.rules)
 * 1:62996 <-> ENABLED <-> MALWARE-CNC Win.Trojan.TinyTurla variant outbound connection (malware-cnc.rules)
 * 1:62999 <-> DISABLED <-> OS-WINDOWS Microsoft Windows kernel elevation of privilege attempt (os-windows.rules)
 * 1:62992 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k elevation of privilege attempt (os-windows.rules)
 * 1:62988 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.GhostLocker variant download attempt (malware-other.rules)
 * 1:62986 <-> ENABLED <-> MALWARE-CNC Win.Ransomware.GhostLocker variant outbound connection attempt (malware-cnc.rules)
 * 3:63006 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2024-1933 attack attempt (policy-other.rules)
 * 3:63003 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1934 attack attempt (server-webapp.rules)
 * 3:63007 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1917 attack attempt (file-other.rules)
 * 3:63012 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1918 attack attempt (file-other.rules)
 * 3:63008 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1917 attack attempt (file-other.rules)
 * 3:63002 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1932 attack attempt (server-webapp.rules)
 * 3:63011 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1918 attack attempt (file-other.rules)
 * 3:63009 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1919 attack attempt (file-other.rules)
 * 3:63010 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1919 attack attempt (file-other.rules)

Modified Rules:


 * 1:40360 <-> DISABLED <-> SERVER-OTHER OpenSSL OCSP Status Request Extension denial of service attempt (server-other.rules)
 * 1:36951 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer SComputedStyle destructor out of bounds read attempt (browser-ie.rules)
 * 1:62640 <-> ENABLED <-> SERVER-WEBAPP F5 BIG-IP AJP authentication bypass attempt (server-webapp.rules)
 * 1:36950 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer SComputedStyle destructor out of bounds read attempt (browser-ie.rules)

29151

2024-02-13 18:44:59 UTC

Snort Subscriber Rules Update

Date: 2024-02-13

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2091501.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:63001 <-> DISABLED <-> OS-WINDOWS Microsoft Windows AppId driver elevation of privileges attempt (os-windows.rules)
 * 1:62986 <-> ENABLED <-> MALWARE-CNC Win.Ransomware.GhostLocker variant outbound connection attempt (malware-cnc.rules)
 * 1:63000 <-> DISABLED <-> OS-WINDOWS Microsoft Windows AppId driver elevation of privileges attempt (os-windows.rules)
 * 1:63005 <-> DISABLED <-> OS-WINDOWS Microsoft Windows ntoskrnl elevation of privileges attempt (os-windows.rules)
 * 1:62987 <-> ENABLED <-> MALWARE-CNC Win.Ransomware.GhostLocker variant outbound connection attempt (malware-cnc.rules)
 * 1:62992 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k elevation of privilege attempt (os-windows.rules)
 * 1:62999 <-> DISABLED <-> OS-WINDOWS Microsoft Windows kernel elevation of privilege attempt (os-windows.rules)
 * 1:62993 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k elevation of privilege attempt (os-windows.rules)
 * 1:62995 <-> DISABLED <-> FILE-OFFICE Microsoft Word remote code execution attempt (file-office.rules)
 * 1:62990 <-> DISABLED <-> BROWSER-CHROME Google Chrome FileReader use after free attempt (browser-chrome.rules)
 * 1:62983 <-> ENABLED <-> MALWARE-CNC Win.Ransomware.GhostLocker variant outbound connection attempt (malware-cnc.rules)
 * 1:62996 <-> ENABLED <-> MALWARE-CNC Win.Trojan.TinyTurla variant outbound connection (malware-cnc.rules)
 * 1:62998 <-> DISABLED <-> OS-WINDOWS Microsoft Windows kernel elevation of privilege attempt (os-windows.rules)
 * 1:62984 <-> ENABLED <-> MALWARE-CNC Win.Ransomware.GhostLocker variant outbound connection attempt (malware-cnc.rules)
 * 1:62994 <-> DISABLED <-> FILE-OFFICE Microsoft Word remote code execution attempt (file-office.rules)
 * 1:62989 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.GhostLocker variant download attempt (malware-other.rules)
 * 1:62988 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.GhostLocker variant download attempt (malware-other.rules)
 * 1:62985 <-> ENABLED <-> MALWARE-CNC Win.Ransomware.GhostLocker variant outbound connection attempt (malware-cnc.rules)
 * 1:62991 <-> DISABLED <-> BROWSER-CHROME Google Chrome FileReader use after free attempt (browser-chrome.rules)
 * 1:63004 <-> DISABLED <-> OS-WINDOWS Microsoft Windows ntoskrnl elevation of privileges attempt (os-windows.rules)
 * 1:62997 <-> ENABLED <-> MALWARE-CNC Win.Trojan.TinyTurla variant outbound connection (malware-cnc.rules)
 * 3:63003 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1934 attack attempt (server-webapp.rules)
 * 3:63007 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1917 attack attempt (file-other.rules)
 * 3:63010 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1919 attack attempt (file-other.rules)
 * 3:63006 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2024-1933 attack attempt (policy-other.rules)
 * 3:63011 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1918 attack attempt (file-other.rules)
 * 3:63012 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1918 attack attempt (file-other.rules)
 * 3:63002 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1932 attack attempt (server-webapp.rules)
 * 3:63009 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1919 attack attempt (file-other.rules)
 * 3:63008 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1917 attack attempt (file-other.rules)

Modified Rules:


 * 1:62640 <-> ENABLED <-> SERVER-WEBAPP F5 BIG-IP AJP authentication bypass attempt (server-webapp.rules)
 * 1:36950 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer SComputedStyle destructor out of bounds read attempt (browser-ie.rules)
 * 1:36951 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer SComputedStyle destructor out of bounds read attempt (browser-ie.rules)
 * 1:40360 <-> DISABLED <-> SERVER-OTHER OpenSSL OCSP Status Request Extension denial of service attempt (server-other.rules)

29141

2024-02-13 18:44:59 UTC

Snort Subscriber Rules Update

Date: 2024-02-13

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2091401.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:62989 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.GhostLocker variant download attempt (malware-other.rules)
 * 1:62992 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k elevation of privilege attempt (os-windows.rules)
 * 1:62995 <-> DISABLED <-> FILE-OFFICE Microsoft Word remote code execution attempt (file-office.rules)
 * 1:62996 <-> ENABLED <-> MALWARE-CNC Win.Trojan.TinyTurla variant outbound connection (malware-cnc.rules)
 * 1:62984 <-> ENABLED <-> MALWARE-CNC Win.Ransomware.GhostLocker variant outbound connection attempt (malware-cnc.rules)
 * 1:62987 <-> ENABLED <-> MALWARE-CNC Win.Ransomware.GhostLocker variant outbound connection attempt (malware-cnc.rules)
 * 1:62990 <-> DISABLED <-> BROWSER-CHROME Google Chrome FileReader use after free attempt (browser-chrome.rules)
 * 1:63001 <-> DISABLED <-> OS-WINDOWS Microsoft Windows AppId driver elevation of privileges attempt (os-windows.rules)
 * 1:62999 <-> DISABLED <-> OS-WINDOWS Microsoft Windows kernel elevation of privilege attempt (os-windows.rules)
 * 1:62991 <-> DISABLED <-> BROWSER-CHROME Google Chrome FileReader use after free attempt (browser-chrome.rules)
 * 1:62986 <-> ENABLED <-> MALWARE-CNC Win.Ransomware.GhostLocker variant outbound connection attempt (malware-cnc.rules)
 * 1:62983 <-> ENABLED <-> MALWARE-CNC Win.Ransomware.GhostLocker variant outbound connection attempt (malware-cnc.rules)
 * 1:62997 <-> ENABLED <-> MALWARE-CNC Win.Trojan.TinyTurla variant outbound connection (malware-cnc.rules)
 * 1:63005 <-> DISABLED <-> OS-WINDOWS Microsoft Windows ntoskrnl elevation of privileges attempt (os-windows.rules)
 * 1:62994 <-> DISABLED <-> FILE-OFFICE Microsoft Word remote code execution attempt (file-office.rules)
 * 1:62985 <-> ENABLED <-> MALWARE-CNC Win.Ransomware.GhostLocker variant outbound connection attempt (malware-cnc.rules)
 * 1:63004 <-> DISABLED <-> OS-WINDOWS Microsoft Windows ntoskrnl elevation of privileges attempt (os-windows.rules)
 * 1:62993 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k elevation of privilege attempt (os-windows.rules)
 * 1:63000 <-> DISABLED <-> OS-WINDOWS Microsoft Windows AppId driver elevation of privileges attempt (os-windows.rules)
 * 1:62988 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.GhostLocker variant download attempt (malware-other.rules)
 * 1:62998 <-> DISABLED <-> OS-WINDOWS Microsoft Windows kernel elevation of privilege attempt (os-windows.rules)
 * 3:63009 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1919 attack attempt (file-other.rules)
 * 3:63012 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1918 attack attempt (file-other.rules)
 * 3:63003 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1934 attack attempt (server-webapp.rules)
 * 3:63002 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1932 attack attempt (server-webapp.rules)
 * 3:63010 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1919 attack attempt (file-other.rules)
 * 3:63011 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1918 attack attempt (file-other.rules)
 * 3:63006 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2024-1933 attack attempt (policy-other.rules)
 * 3:63008 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1917 attack attempt (file-other.rules)
 * 3:63007 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1917 attack attempt (file-other.rules)

Modified Rules:


 * 1:36950 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer SComputedStyle destructor out of bounds read attempt (browser-ie.rules)
 * 1:62640 <-> ENABLED <-> SERVER-WEBAPP F5 BIG-IP AJP authentication bypass attempt (server-webapp.rules)
 * 1:36951 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer SComputedStyle destructor out of bounds read attempt (browser-ie.rules)
 * 1:40360 <-> DISABLED <-> SERVER-OTHER OpenSSL OCSP Status Request Extension denial of service attempt (server-other.rules)

29130

2024-02-13 18:44:59 UTC

Snort Subscriber Rules Update

Date: 2024-02-13

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2091300.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:62987 <-> ENABLED <-> MALWARE-CNC Win.Ransomware.GhostLocker variant outbound connection attempt (malware-cnc.rules)
 * 1:62985 <-> ENABLED <-> MALWARE-CNC Win.Ransomware.GhostLocker variant outbound connection attempt (malware-cnc.rules)
 * 1:62986 <-> ENABLED <-> MALWARE-CNC Win.Ransomware.GhostLocker variant outbound connection attempt (malware-cnc.rules)
 * 1:62990 <-> DISABLED <-> BROWSER-CHROME Google Chrome FileReader use after free attempt (browser-chrome.rules)
 * 1:62989 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.GhostLocker variant download attempt (malware-other.rules)
 * 1:63005 <-> DISABLED <-> OS-WINDOWS Microsoft Windows ntoskrnl elevation of privileges attempt (os-windows.rules)
 * 1:63004 <-> DISABLED <-> OS-WINDOWS Microsoft Windows ntoskrnl elevation of privileges attempt (os-windows.rules)
 * 1:62993 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k elevation of privilege attempt (os-windows.rules)
 * 1:62984 <-> ENABLED <-> MALWARE-CNC Win.Ransomware.GhostLocker variant outbound connection attempt (malware-cnc.rules)
 * 1:63000 <-> DISABLED <-> OS-WINDOWS Microsoft Windows AppId driver elevation of privileges attempt (os-windows.rules)
 * 1:62983 <-> ENABLED <-> MALWARE-CNC Win.Ransomware.GhostLocker variant outbound connection attempt (malware-cnc.rules)
 * 1:62998 <-> DISABLED <-> OS-WINDOWS Microsoft Windows kernel elevation of privilege attempt (os-windows.rules)
 * 1:62991 <-> DISABLED <-> BROWSER-CHROME Google Chrome FileReader use after free attempt (browser-chrome.rules)
 * 1:62996 <-> ENABLED <-> MALWARE-CNC Win.Trojan.TinyTurla variant outbound connection (malware-cnc.rules)
 * 1:62994 <-> DISABLED <-> FILE-OFFICE Microsoft Word remote code execution attempt (file-office.rules)
 * 1:62992 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k elevation of privilege attempt (os-windows.rules)
 * 1:62995 <-> DISABLED <-> FILE-OFFICE Microsoft Word remote code execution attempt (file-office.rules)
 * 1:62999 <-> DISABLED <-> OS-WINDOWS Microsoft Windows kernel elevation of privilege attempt (os-windows.rules)
 * 1:63001 <-> DISABLED <-> OS-WINDOWS Microsoft Windows AppId driver elevation of privileges attempt (os-windows.rules)
 * 1:62997 <-> ENABLED <-> MALWARE-CNC Win.Trojan.TinyTurla variant outbound connection (malware-cnc.rules)
 * 1:62988 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.GhostLocker variant download attempt (malware-other.rules)
 * 3:63006 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2024-1933 attack attempt (policy-other.rules)
 * 3:63002 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1932 attack attempt (server-webapp.rules)
 * 3:63009 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1919 attack attempt (file-other.rules)
 * 3:63007 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1917 attack attempt (file-other.rules)
 * 3:63003 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1934 attack attempt (server-webapp.rules)
 * 3:63008 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1917 attack attempt (file-other.rules)
 * 3:63010 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1919 attack attempt (file-other.rules)
 * 3:63012 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1918 attack attempt (file-other.rules)
 * 3:63011 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1918 attack attempt (file-other.rules)

Modified Rules:


 * 1:36951 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer SComputedStyle destructor out of bounds read attempt (browser-ie.rules)
 * 1:36950 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer SComputedStyle destructor out of bounds read attempt (browser-ie.rules)
 * 1:40360 <-> DISABLED <-> SERVER-OTHER OpenSSL OCSP Status Request Extension denial of service attempt (server-other.rules)
 * 1:62640 <-> ENABLED <-> SERVER-WEBAPP F5 BIG-IP AJP authentication bypass attempt (server-webapp.rules)

29111

2024-02-13 18:44:59 UTC

Snort Subscriber Rules Update

Date: 2024-02-13

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2091101.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:62986 <-> ENABLED <-> MALWARE-CNC Win.Ransomware.GhostLocker variant outbound connection attempt (malware-cnc.rules)
 * 1:62987 <-> ENABLED <-> MALWARE-CNC Win.Ransomware.GhostLocker variant outbound connection attempt (malware-cnc.rules)
 * 1:62993 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k elevation of privilege attempt (os-windows.rules)
 * 1:62994 <-> DISABLED <-> FILE-OFFICE Microsoft Word remote code execution attempt (file-office.rules)
 * 1:62983 <-> ENABLED <-> MALWARE-CNC Win.Ransomware.GhostLocker variant outbound connection attempt (malware-cnc.rules)
 * 1:63004 <-> DISABLED <-> OS-WINDOWS Microsoft Windows ntoskrnl elevation of privileges attempt (os-windows.rules)
 * 1:63000 <-> DISABLED <-> OS-WINDOWS Microsoft Windows AppId driver elevation of privileges attempt (os-windows.rules)
 * 1:62992 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k elevation of privilege attempt (os-windows.rules)
 * 1:63005 <-> DISABLED <-> OS-WINDOWS Microsoft Windows ntoskrnl elevation of privileges attempt (os-windows.rules)
 * 1:62989 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.GhostLocker variant download attempt (malware-other.rules)
 * 1:62996 <-> ENABLED <-> MALWARE-CNC Win.Trojan.TinyTurla variant outbound connection (malware-cnc.rules)
 * 1:62997 <-> ENABLED <-> MALWARE-CNC Win.Trojan.TinyTurla variant outbound connection (malware-cnc.rules)
 * 1:62985 <-> ENABLED <-> MALWARE-CNC Win.Ransomware.GhostLocker variant outbound connection attempt (malware-cnc.rules)
 * 1:62984 <-> ENABLED <-> MALWARE-CNC Win.Ransomware.GhostLocker variant outbound connection attempt (malware-cnc.rules)
 * 1:63001 <-> DISABLED <-> OS-WINDOWS Microsoft Windows AppId driver elevation of privileges attempt (os-windows.rules)
 * 1:62990 <-> DISABLED <-> BROWSER-CHROME Google Chrome FileReader use after free attempt (browser-chrome.rules)
 * 1:62988 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.GhostLocker variant download attempt (malware-other.rules)
 * 1:62991 <-> DISABLED <-> BROWSER-CHROME Google Chrome FileReader use after free attempt (browser-chrome.rules)
 * 1:62998 <-> DISABLED <-> OS-WINDOWS Microsoft Windows kernel elevation of privilege attempt (os-windows.rules)
 * 1:62999 <-> DISABLED <-> OS-WINDOWS Microsoft Windows kernel elevation of privilege attempt (os-windows.rules)
 * 1:62995 <-> DISABLED <-> FILE-OFFICE Microsoft Word remote code execution attempt (file-office.rules)
 * 3:63006 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2024-1933 attack attempt (policy-other.rules)
 * 3:63002 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1932 attack attempt (server-webapp.rules)
 * 3:63011 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1918 attack attempt (file-other.rules)
 * 3:63007 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1917 attack attempt (file-other.rules)
 * 3:63008 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1917 attack attempt (file-other.rules)
 * 3:63003 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1934 attack attempt (server-webapp.rules)
 * 3:63012 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1918 attack attempt (file-other.rules)
 * 3:63009 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1919 attack attempt (file-other.rules)
 * 3:63010 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1919 attack attempt (file-other.rules)

Modified Rules:


 * 1:40360 <-> DISABLED <-> SERVER-OTHER OpenSSL OCSP Status Request Extension denial of service attempt (server-other.rules)
 * 1:36950 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer SComputedStyle destructor out of bounds read attempt (browser-ie.rules)
 * 1:36951 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer SComputedStyle destructor out of bounds read attempt (browser-ie.rules)
 * 1:62640 <-> ENABLED <-> SERVER-WEBAPP F5 BIG-IP AJP authentication bypass attempt (server-webapp.rules)

2983

2024-02-13 18:44:59 UTC

Snort Subscriber Rules Update

Date: 2024-02-13

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2983.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:62999 <-> DISABLED <-> OS-WINDOWS Microsoft Windows kernel elevation of privilege attempt (os-windows.rules)
 * 1:62992 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k elevation of privilege attempt (os-windows.rules)
 * 1:62988 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.GhostLocker variant download attempt (malware-other.rules)
 * 1:62996 <-> ENABLED <-> MALWARE-CNC Win.Trojan.TinyTurla variant outbound connection (malware-cnc.rules)
 * 1:63000 <-> DISABLED <-> OS-WINDOWS Microsoft Windows AppId driver elevation of privileges attempt (os-windows.rules)
 * 1:62989 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.GhostLocker variant download attempt (malware-other.rules)
 * 1:62991 <-> DISABLED <-> BROWSER-CHROME Google Chrome FileReader use after free attempt (browser-chrome.rules)
 * 1:62983 <-> ENABLED <-> MALWARE-CNC Win.Ransomware.GhostLocker variant outbound connection attempt (malware-cnc.rules)
 * 1:62994 <-> DISABLED <-> FILE-OFFICE Microsoft Word remote code execution attempt (file-office.rules)
 * 1:62985 <-> ENABLED <-> MALWARE-CNC Win.Ransomware.GhostLocker variant outbound connection attempt (malware-cnc.rules)
 * 1:62986 <-> ENABLED <-> MALWARE-CNC Win.Ransomware.GhostLocker variant outbound connection attempt (malware-cnc.rules)
 * 1:63001 <-> DISABLED <-> OS-WINDOWS Microsoft Windows AppId driver elevation of privileges attempt (os-windows.rules)
 * 1:63005 <-> DISABLED <-> OS-WINDOWS Microsoft Windows ntoskrnl elevation of privileges attempt (os-windows.rules)
 * 1:62995 <-> DISABLED <-> FILE-OFFICE Microsoft Word remote code execution attempt (file-office.rules)
 * 1:62990 <-> DISABLED <-> BROWSER-CHROME Google Chrome FileReader use after free attempt (browser-chrome.rules)
 * 1:62997 <-> ENABLED <-> MALWARE-CNC Win.Trojan.TinyTurla variant outbound connection (malware-cnc.rules)
 * 1:62987 <-> ENABLED <-> MALWARE-CNC Win.Ransomware.GhostLocker variant outbound connection attempt (malware-cnc.rules)
 * 1:62993 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k elevation of privilege attempt (os-windows.rules)
 * 1:62984 <-> ENABLED <-> MALWARE-CNC Win.Ransomware.GhostLocker variant outbound connection attempt (malware-cnc.rules)
 * 1:62998 <-> DISABLED <-> OS-WINDOWS Microsoft Windows kernel elevation of privilege attempt (os-windows.rules)
 * 1:63004 <-> DISABLED <-> OS-WINDOWS Microsoft Windows ntoskrnl elevation of privileges attempt (os-windows.rules)

Modified Rules:


 * 1:36950 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer SComputedStyle destructor out of bounds read attempt (browser-ie.rules)
 * 1:62640 <-> ENABLED <-> SERVER-WEBAPP F5 BIG-IP AJP authentication bypass attempt (server-webapp.rules)
 * 1:36951 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer SComputedStyle destructor out of bounds read attempt (browser-ie.rules)
 * 1:40360 <-> DISABLED <-> SERVER-OTHER OpenSSL OCSP Status Request Extension denial of service attempt (server-other.rules)

3000

2024-02-13 18:48:09 UTC

Snort Subscriber Rules Update

Date: 2024-02-12-001

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.0.0.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:300818 <-> MALWARE-OTHER Win.Ransomware.GhostLocker WordPress admin portal login attempt
* 1:300819 <-> MALWARE-CNC Win.Ransomware.GhostLocker variant outbound connection attempt
* 1:300820 <-> MALWARE-OTHER Win.Ransomware.GhostLocker variant download attempt
* 1:300821 <-> BROWSER-CHROME Google Chrome FileReader use after free attempt
* 1:300822 <-> OS-WINDOWS Microsoft Windows Win32k elevation of privilege attempt
* 1:300823 <-> FILE-OFFICE Microsoft Word remote code execution attempt
* 1:300824 <-> OS-WINDOWS Microsoft Windows kernel elevation of privilege attempt
* 1:300825 <-> OS-WINDOWS Microsoft Windows AppId driver elevation of privileges attempt
* 1:300826 <-> OS-WINDOWS Microsoft Windows ntoskrnl elevation of privileges attempt
* 1:62987 <-> MALWARE-CNC Win.Ransomware.GhostLocker variant outbound connection attempt
* 1:62996 <-> MALWARE-CNC Win.Trojan.TinyTurla variant outbound connection
* 1:62997 <-> MALWARE-CNC Win.Trojan.TinyTurla variant outbound connection
* 3:63002 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1932 attack attempt
* 3:63003 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1934 attack attempt
* 3:63006 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2024-1933 attack attempt
* 3:63007 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1917 attack attempt
* 3:63008 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1917 attack attempt
* 3:63009 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1919 attack attempt
* 3:63010 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1919 attack attempt
* 3:63011 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1918 attack attempt
* 3:63012 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1918 attack attempt

Modified Rules:

* 1:36950 <-> BROWSER-IE Microsoft Internet Explorer SComputedStyle destructor out of bounds read attempt
* 1:36951 <-> BROWSER-IE Microsoft Internet Explorer SComputedStyle destructor out of bounds read attempt
* 1:40360 <-> SERVER-OTHER OpenSSL OCSP Status Request Extension denial of service attempt

3031

2024-02-13 18:48:09 UTC

Snort Subscriber Rules Update

Date: 2024-02-12-001

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.0.3.1.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:300818 <-> MALWARE-OTHER Win.Ransomware.GhostLocker WordPress admin portal login attempt
* 1:300819 <-> MALWARE-CNC Win.Ransomware.GhostLocker variant outbound connection attempt
* 1:300820 <-> MALWARE-OTHER Win.Ransomware.GhostLocker variant download attempt
* 1:300821 <-> BROWSER-CHROME Google Chrome FileReader use after free attempt
* 1:300822 <-> OS-WINDOWS Microsoft Windows Win32k elevation of privilege attempt
* 1:300823 <-> FILE-OFFICE Microsoft Word remote code execution attempt
* 1:300824 <-> OS-WINDOWS Microsoft Windows kernel elevation of privilege attempt
* 1:300825 <-> OS-WINDOWS Microsoft Windows AppId driver elevation of privileges attempt
* 1:300826 <-> OS-WINDOWS Microsoft Windows ntoskrnl elevation of privileges attempt
* 1:62987 <-> MALWARE-CNC Win.Ransomware.GhostLocker variant outbound connection attempt
* 1:62996 <-> MALWARE-CNC Win.Trojan.TinyTurla variant outbound connection
* 1:62997 <-> MALWARE-CNC Win.Trojan.TinyTurla variant outbound connection
* 3:63002 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1932 attack attempt
* 3:63003 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1934 attack attempt
* 3:63006 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2024-1933 attack attempt
* 3:63007 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1917 attack attempt
* 3:63008 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1917 attack attempt
* 3:63009 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1919 attack attempt
* 3:63010 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1919 attack attempt
* 3:63011 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1918 attack attempt
* 3:63012 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1918 attack attempt

Modified Rules:

* 1:36950 <-> BROWSER-IE Microsoft Internet Explorer SComputedStyle destructor out of bounds read attempt
* 1:36951 <-> BROWSER-IE Microsoft Internet Explorer SComputedStyle destructor out of bounds read attempt
* 1:40360 <-> SERVER-OTHER OpenSSL OCSP Status Request Extension denial of service attempt

3034

2024-02-13 18:48:09 UTC

Snort Subscriber Rules Update

Date: 2024-02-12-001

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.0.3.4.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:300818 <-> MALWARE-OTHER Win.Ransomware.GhostLocker WordPress admin portal login attempt
* 1:300819 <-> MALWARE-CNC Win.Ransomware.GhostLocker variant outbound connection attempt
* 1:300820 <-> MALWARE-OTHER Win.Ransomware.GhostLocker variant download attempt
* 1:300821 <-> BROWSER-CHROME Google Chrome FileReader use after free attempt
* 1:300822 <-> OS-WINDOWS Microsoft Windows Win32k elevation of privilege attempt
* 1:300823 <-> FILE-OFFICE Microsoft Word remote code execution attempt
* 1:300824 <-> OS-WINDOWS Microsoft Windows kernel elevation of privilege attempt
* 1:300825 <-> OS-WINDOWS Microsoft Windows AppId driver elevation of privileges attempt
* 1:300826 <-> OS-WINDOWS Microsoft Windows ntoskrnl elevation of privileges attempt
* 1:62987 <-> MALWARE-CNC Win.Ransomware.GhostLocker variant outbound connection attempt
* 1:62996 <-> MALWARE-CNC Win.Trojan.TinyTurla variant outbound connection
* 1:62997 <-> MALWARE-CNC Win.Trojan.TinyTurla variant outbound connection
* 3:63002 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1932 attack attempt
* 3:63003 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1934 attack attempt
* 3:63006 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2024-1933 attack attempt
* 3:63007 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1917 attack attempt
* 3:63008 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1917 attack attempt
* 3:63009 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1919 attack attempt
* 3:63010 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1919 attack attempt
* 3:63011 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1918 attack attempt
* 3:63012 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1918 attack attempt

Modified Rules:

* 1:36950 <-> BROWSER-IE Microsoft Internet Explorer SComputedStyle destructor out of bounds read attempt
* 1:36951 <-> BROWSER-IE Microsoft Internet Explorer SComputedStyle destructor out of bounds read attempt
* 1:40360 <-> SERVER-OTHER OpenSSL OCSP Status Request Extension denial of service attempt

3100

2024-02-13 18:48:09 UTC

Snort Subscriber Rules Update

Date: 2024-02-12-001

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.0.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:300818 <-> MALWARE-OTHER Win.Ransomware.GhostLocker WordPress admin portal login attempt
* 1:300819 <-> MALWARE-CNC Win.Ransomware.GhostLocker variant outbound connection attempt
* 1:300820 <-> MALWARE-OTHER Win.Ransomware.GhostLocker variant download attempt
* 1:300821 <-> BROWSER-CHROME Google Chrome FileReader use after free attempt
* 1:300822 <-> OS-WINDOWS Microsoft Windows Win32k elevation of privilege attempt
* 1:300823 <-> FILE-OFFICE Microsoft Word remote code execution attempt
* 1:300824 <-> OS-WINDOWS Microsoft Windows kernel elevation of privilege attempt
* 1:300825 <-> OS-WINDOWS Microsoft Windows AppId driver elevation of privileges attempt
* 1:300826 <-> OS-WINDOWS Microsoft Windows ntoskrnl elevation of privileges attempt
* 1:62987 <-> MALWARE-CNC Win.Ransomware.GhostLocker variant outbound connection attempt
* 1:62996 <-> MALWARE-CNC Win.Trojan.TinyTurla variant outbound connection
* 1:62997 <-> MALWARE-CNC Win.Trojan.TinyTurla variant outbound connection
* 3:63002 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1932 attack attempt
* 3:63003 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1934 attack attempt
* 3:63006 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2024-1933 attack attempt
* 3:63007 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1917 attack attempt
* 3:63008 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1917 attack attempt
* 3:63009 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1919 attack attempt
* 3:63010 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1919 attack attempt
* 3:63011 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1918 attack attempt
* 3:63012 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1918 attack attempt

Modified Rules:

* 1:36950 <-> BROWSER-IE Microsoft Internet Explorer SComputedStyle destructor out of bounds read attempt
* 1:36951 <-> BROWSER-IE Microsoft Internet Explorer SComputedStyle destructor out of bounds read attempt
* 1:40360 <-> SERVER-OTHER OpenSSL OCSP Status Request Extension denial of service attempt

3101

2024-02-13 18:48:09 UTC

Snort Subscriber Rules Update

Date: 2024-02-12-001

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.0.1.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:300818 <-> MALWARE-OTHER Win.Ransomware.GhostLocker WordPress admin portal login attempt
* 1:300819 <-> MALWARE-CNC Win.Ransomware.GhostLocker variant outbound connection attempt
* 1:300820 <-> MALWARE-OTHER Win.Ransomware.GhostLocker variant download attempt
* 1:300821 <-> BROWSER-CHROME Google Chrome FileReader use after free attempt
* 1:300822 <-> OS-WINDOWS Microsoft Windows Win32k elevation of privilege attempt
* 1:300823 <-> FILE-OFFICE Microsoft Word remote code execution attempt
* 1:300824 <-> OS-WINDOWS Microsoft Windows kernel elevation of privilege attempt
* 1:300825 <-> OS-WINDOWS Microsoft Windows AppId driver elevation of privileges attempt
* 1:300826 <-> OS-WINDOWS Microsoft Windows ntoskrnl elevation of privileges attempt
* 1:62987 <-> MALWARE-CNC Win.Ransomware.GhostLocker variant outbound connection attempt
* 1:62996 <-> MALWARE-CNC Win.Trojan.TinyTurla variant outbound connection
* 1:62997 <-> MALWARE-CNC Win.Trojan.TinyTurla variant outbound connection
* 3:63002 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1932 attack attempt
* 3:63003 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1934 attack attempt
* 3:63006 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2024-1933 attack attempt
* 3:63007 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1917 attack attempt
* 3:63008 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1917 attack attempt
* 3:63009 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1919 attack attempt
* 3:63010 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1919 attack attempt
* 3:63011 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1918 attack attempt
* 3:63012 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1918 attack attempt

Modified Rules:

* 1:36950 <-> BROWSER-IE Microsoft Internet Explorer SComputedStyle destructor out of bounds read attempt
* 1:36951 <-> BROWSER-IE Microsoft Internet Explorer SComputedStyle destructor out of bounds read attempt
* 1:40360 <-> SERVER-OTHER OpenSSL OCSP Status Request Extension denial of service attempt

3110

2024-02-13 18:48:09 UTC

Snort Subscriber Rules Update

Date: 2024-02-12-001

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.1.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:300818 <-> MALWARE-OTHER Win.Ransomware.GhostLocker WordPress admin portal login attempt
* 1:300819 <-> MALWARE-CNC Win.Ransomware.GhostLocker variant outbound connection attempt
* 1:300820 <-> MALWARE-OTHER Win.Ransomware.GhostLocker variant download attempt
* 1:300821 <-> BROWSER-CHROME Google Chrome FileReader use after free attempt
* 1:300822 <-> OS-WINDOWS Microsoft Windows Win32k elevation of privilege attempt
* 1:300823 <-> FILE-OFFICE Microsoft Word remote code execution attempt
* 1:300824 <-> OS-WINDOWS Microsoft Windows kernel elevation of privilege attempt
* 1:300825 <-> OS-WINDOWS Microsoft Windows AppId driver elevation of privileges attempt
* 1:300826 <-> OS-WINDOWS Microsoft Windows ntoskrnl elevation of privileges attempt
* 1:62987 <-> MALWARE-CNC Win.Ransomware.GhostLocker variant outbound connection attempt
* 1:62996 <-> MALWARE-CNC Win.Trojan.TinyTurla variant outbound connection
* 1:62997 <-> MALWARE-CNC Win.Trojan.TinyTurla variant outbound connection
* 3:63002 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1932 attack attempt
* 3:63003 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1934 attack attempt
* 3:63006 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2024-1933 attack attempt
* 3:63007 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1917 attack attempt
* 3:63008 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1917 attack attempt
* 3:63009 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1919 attack attempt
* 3:63010 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1919 attack attempt
* 3:63011 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1918 attack attempt
* 3:63012 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1918 attack attempt

Modified Rules:

* 1:36950 <-> BROWSER-IE Microsoft Internet Explorer SComputedStyle destructor out of bounds read attempt
* 1:36951 <-> BROWSER-IE Microsoft Internet Explorer SComputedStyle destructor out of bounds read attempt
* 1:40360 <-> SERVER-OTHER OpenSSL OCSP Status Request Extension denial of service attempt

3130

2024-02-13 18:48:09 UTC

Snort Subscriber Rules Update

Date: 2024-02-12-001

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.3.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:300818 <-> MALWARE-OTHER Win.Ransomware.GhostLocker WordPress admin portal login attempt
* 1:300819 <-> MALWARE-CNC Win.Ransomware.GhostLocker variant outbound connection attempt
* 1:300820 <-> MALWARE-OTHER Win.Ransomware.GhostLocker variant download attempt
* 1:300821 <-> BROWSER-CHROME Google Chrome FileReader use after free attempt
* 1:300822 <-> OS-WINDOWS Microsoft Windows Win32k elevation of privilege attempt
* 1:300823 <-> FILE-OFFICE Microsoft Word remote code execution attempt
* 1:300824 <-> OS-WINDOWS Microsoft Windows kernel elevation of privilege attempt
* 1:300825 <-> OS-WINDOWS Microsoft Windows AppId driver elevation of privileges attempt
* 1:300826 <-> OS-WINDOWS Microsoft Windows ntoskrnl elevation of privileges attempt
* 1:62987 <-> MALWARE-CNC Win.Ransomware.GhostLocker variant outbound connection attempt
* 1:62996 <-> MALWARE-CNC Win.Trojan.TinyTurla variant outbound connection
* 1:62997 <-> MALWARE-CNC Win.Trojan.TinyTurla variant outbound connection
* 3:63002 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1932 attack attempt
* 3:63003 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1934 attack attempt
* 3:63006 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2024-1933 attack attempt
* 3:63007 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1917 attack attempt
* 3:63008 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1917 attack attempt
* 3:63009 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1919 attack attempt
* 3:63010 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1919 attack attempt
* 3:63011 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1918 attack attempt
* 3:63012 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1918 attack attempt

Modified Rules:

* 1:36950 <-> BROWSER-IE Microsoft Internet Explorer SComputedStyle destructor out of bounds read attempt
* 1:36951 <-> BROWSER-IE Microsoft Internet Explorer SComputedStyle destructor out of bounds read attempt
* 1:40360 <-> SERVER-OTHER OpenSSL OCSP Status Request Extension denial of service attempt

3140

2024-02-13 18:48:09 UTC

Snort Subscriber Rules Update

Date: 2024-02-12-001

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.4.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:300818 <-> MALWARE-OTHER Win.Ransomware.GhostLocker WordPress admin portal login attempt
* 1:300819 <-> MALWARE-CNC Win.Ransomware.GhostLocker variant outbound connection attempt
* 1:300820 <-> MALWARE-OTHER Win.Ransomware.GhostLocker variant download attempt
* 1:300821 <-> BROWSER-CHROME Google Chrome FileReader use after free attempt
* 1:300822 <-> OS-WINDOWS Microsoft Windows Win32k elevation of privilege attempt
* 1:300823 <-> FILE-OFFICE Microsoft Word remote code execution attempt
* 1:300824 <-> OS-WINDOWS Microsoft Windows kernel elevation of privilege attempt
* 1:300825 <-> OS-WINDOWS Microsoft Windows AppId driver elevation of privileges attempt
* 1:300826 <-> OS-WINDOWS Microsoft Windows ntoskrnl elevation of privileges attempt
* 1:62987 <-> MALWARE-CNC Win.Ransomware.GhostLocker variant outbound connection attempt
* 1:62996 <-> MALWARE-CNC Win.Trojan.TinyTurla variant outbound connection
* 1:62997 <-> MALWARE-CNC Win.Trojan.TinyTurla variant outbound connection
* 3:63002 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1932 attack attempt
* 3:63003 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1934 attack attempt
* 3:63006 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2024-1933 attack attempt
* 3:63007 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1917 attack attempt
* 3:63008 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1917 attack attempt
* 3:63009 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1919 attack attempt
* 3:63010 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1919 attack attempt
* 3:63011 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1918 attack attempt
* 3:63012 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1918 attack attempt

Modified Rules:

* 1:36950 <-> BROWSER-IE Microsoft Internet Explorer SComputedStyle destructor out of bounds read attempt
* 1:36951 <-> BROWSER-IE Microsoft Internet Explorer SComputedStyle destructor out of bounds read attempt
* 1:40360 <-> SERVER-OTHER OpenSSL OCSP Status Request Extension denial of service attempt

3150

2024-02-13 18:48:09 UTC

Snort Subscriber Rules Update

Date: 2024-02-12-001

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.5.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:300818 <-> MALWARE-OTHER Win.Ransomware.GhostLocker WordPress admin portal login attempt
* 1:300819 <-> MALWARE-CNC Win.Ransomware.GhostLocker variant outbound connection attempt
* 1:300820 <-> MALWARE-OTHER Win.Ransomware.GhostLocker variant download attempt
* 1:300821 <-> BROWSER-CHROME Google Chrome FileReader use after free attempt
* 1:300822 <-> OS-WINDOWS Microsoft Windows Win32k elevation of privilege attempt
* 1:300823 <-> FILE-OFFICE Microsoft Word remote code execution attempt
* 1:300824 <-> OS-WINDOWS Microsoft Windows kernel elevation of privilege attempt
* 1:300825 <-> OS-WINDOWS Microsoft Windows AppId driver elevation of privileges attempt
* 1:300826 <-> OS-WINDOWS Microsoft Windows ntoskrnl elevation of privileges attempt
* 1:62987 <-> MALWARE-CNC Win.Ransomware.GhostLocker variant outbound connection attempt
* 1:62996 <-> MALWARE-CNC Win.Trojan.TinyTurla variant outbound connection
* 1:62997 <-> MALWARE-CNC Win.Trojan.TinyTurla variant outbound connection
* 3:63002 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1932 attack attempt
* 3:63003 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1934 attack attempt
* 3:63006 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2024-1933 attack attempt
* 3:63007 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1917 attack attempt
* 3:63008 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1917 attack attempt
* 3:63009 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1919 attack attempt
* 3:63010 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1919 attack attempt
* 3:63011 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1918 attack attempt
* 3:63012 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1918 attack attempt

Modified Rules:

* 1:36950 <-> BROWSER-IE Microsoft Internet Explorer SComputedStyle destructor out of bounds read attempt
* 1:36951 <-> BROWSER-IE Microsoft Internet Explorer SComputedStyle destructor out of bounds read attempt
* 1:40360 <-> SERVER-OTHER OpenSSL OCSP Status Request Extension denial of service attempt

3170

2024-02-13 18:48:10 UTC

Snort Subscriber Rules Update

Date: 2024-02-12-001

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.7.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:300818 <-> MALWARE-OTHER Win.Ransomware.GhostLocker WordPress admin portal login attempt
* 1:300819 <-> MALWARE-CNC Win.Ransomware.GhostLocker variant outbound connection attempt
* 1:300820 <-> MALWARE-OTHER Win.Ransomware.GhostLocker variant download attempt
* 1:300821 <-> BROWSER-CHROME Google Chrome FileReader use after free attempt
* 1:300822 <-> OS-WINDOWS Microsoft Windows Win32k elevation of privilege attempt
* 1:300823 <-> FILE-OFFICE Microsoft Word remote code execution attempt
* 1:300824 <-> OS-WINDOWS Microsoft Windows kernel elevation of privilege attempt
* 1:300825 <-> OS-WINDOWS Microsoft Windows AppId driver elevation of privileges attempt
* 1:300826 <-> OS-WINDOWS Microsoft Windows ntoskrnl elevation of privileges attempt
* 1:62987 <-> MALWARE-CNC Win.Ransomware.GhostLocker variant outbound connection attempt
* 1:62996 <-> MALWARE-CNC Win.Trojan.TinyTurla variant outbound connection
* 1:62997 <-> MALWARE-CNC Win.Trojan.TinyTurla variant outbound connection
* 3:63002 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1932 attack attempt
* 3:63003 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1934 attack attempt
* 3:63006 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2024-1933 attack attempt
* 3:63007 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1917 attack attempt
* 3:63008 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1917 attack attempt
* 3:63009 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1919 attack attempt
* 3:63010 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1919 attack attempt
* 3:63011 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1918 attack attempt
* 3:63012 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1918 attack attempt

Modified Rules:

* 1:36950 <-> BROWSER-IE Microsoft Internet Explorer SComputedStyle destructor out of bounds read attempt
* 1:36951 <-> BROWSER-IE Microsoft Internet Explorer SComputedStyle destructor out of bounds read attempt
* 1:40360 <-> SERVER-OTHER OpenSSL OCSP Status Request Extension denial of service attempt

3190

2024-02-13 18:48:10 UTC

Snort Subscriber Rules Update

Date: 2024-02-12-001

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.9.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:300818 <-> MALWARE-OTHER Win.Ransomware.GhostLocker WordPress admin portal login attempt
* 1:300819 <-> MALWARE-CNC Win.Ransomware.GhostLocker variant outbound connection attempt
* 1:300820 <-> MALWARE-OTHER Win.Ransomware.GhostLocker variant download attempt
* 1:300821 <-> BROWSER-CHROME Google Chrome FileReader use after free attempt
* 1:300822 <-> OS-WINDOWS Microsoft Windows Win32k elevation of privilege attempt
* 1:300823 <-> FILE-OFFICE Microsoft Word remote code execution attempt
* 1:300824 <-> OS-WINDOWS Microsoft Windows kernel elevation of privilege attempt
* 1:300825 <-> OS-WINDOWS Microsoft Windows AppId driver elevation of privileges attempt
* 1:300826 <-> OS-WINDOWS Microsoft Windows ntoskrnl elevation of privileges attempt
* 1:62987 <-> MALWARE-CNC Win.Ransomware.GhostLocker variant outbound connection attempt
* 1:62996 <-> MALWARE-CNC Win.Trojan.TinyTurla variant outbound connection
* 1:62997 <-> MALWARE-CNC Win.Trojan.TinyTurla variant outbound connection
* 3:63002 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1932 attack attempt
* 3:63003 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1934 attack attempt
* 3:63006 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2024-1933 attack attempt
* 3:63007 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1917 attack attempt
* 3:63008 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1917 attack attempt
* 3:63009 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1919 attack attempt
* 3:63010 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1919 attack attempt
* 3:63011 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1918 attack attempt
* 3:63012 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1918 attack attempt

Modified Rules:

* 1:36950 <-> BROWSER-IE Microsoft Internet Explorer SComputedStyle destructor out of bounds read attempt
* 1:36951 <-> BROWSER-IE Microsoft Internet Explorer SComputedStyle destructor out of bounds read attempt
* 1:40360 <-> SERVER-OTHER OpenSSL OCSP Status Request Extension denial of service attempt

31110

2024-02-13 18:48:10 UTC

Snort Subscriber Rules Update

Date: 2024-02-12-001

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.11.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:300818 <-> MALWARE-OTHER Win.Ransomware.GhostLocker WordPress admin portal login attempt
* 1:300819 <-> MALWARE-CNC Win.Ransomware.GhostLocker variant outbound connection attempt
* 1:300820 <-> MALWARE-OTHER Win.Ransomware.GhostLocker variant download attempt
* 1:300821 <-> BROWSER-CHROME Google Chrome FileReader use after free attempt
* 1:300822 <-> OS-WINDOWS Microsoft Windows Win32k elevation of privilege attempt
* 1:300823 <-> FILE-OFFICE Microsoft Word remote code execution attempt
* 1:300824 <-> OS-WINDOWS Microsoft Windows kernel elevation of privilege attempt
* 1:300825 <-> OS-WINDOWS Microsoft Windows AppId driver elevation of privileges attempt
* 1:300826 <-> OS-WINDOWS Microsoft Windows ntoskrnl elevation of privileges attempt
* 1:62987 <-> MALWARE-CNC Win.Ransomware.GhostLocker variant outbound connection attempt
* 1:62996 <-> MALWARE-CNC Win.Trojan.TinyTurla variant outbound connection
* 1:62997 <-> MALWARE-CNC Win.Trojan.TinyTurla variant outbound connection
* 3:63002 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1932 attack attempt
* 3:63003 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1934 attack attempt
* 3:63006 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2024-1933 attack attempt
* 3:63007 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1917 attack attempt
* 3:63008 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1917 attack attempt
* 3:63009 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1919 attack attempt
* 3:63010 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1919 attack attempt
* 3:63011 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1918 attack attempt
* 3:63012 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1918 attack attempt

Modified Rules:

* 1:36950 <-> BROWSER-IE Microsoft Internet Explorer SComputedStyle destructor out of bounds read attempt
* 1:36951 <-> BROWSER-IE Microsoft Internet Explorer SComputedStyle destructor out of bounds read attempt
* 1:40360 <-> SERVER-OTHER OpenSSL OCSP Status Request Extension denial of service attempt

31150

2024-02-13 18:48:10 UTC

Snort Subscriber Rules Update

Date: 2024-02-12-001

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.15.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:300818 <-> MALWARE-OTHER Win.Ransomware.GhostLocker WordPress admin portal login attempt
* 1:300819 <-> MALWARE-CNC Win.Ransomware.GhostLocker variant outbound connection attempt
* 1:300820 <-> MALWARE-OTHER Win.Ransomware.GhostLocker variant download attempt
* 1:300821 <-> BROWSER-CHROME Google Chrome FileReader use after free attempt
* 1:300822 <-> OS-WINDOWS Microsoft Windows Win32k elevation of privilege attempt
* 1:300823 <-> FILE-OFFICE Microsoft Word remote code execution attempt
* 1:300824 <-> OS-WINDOWS Microsoft Windows kernel elevation of privilege attempt
* 1:300825 <-> OS-WINDOWS Microsoft Windows AppId driver elevation of privileges attempt
* 1:300826 <-> OS-WINDOWS Microsoft Windows ntoskrnl elevation of privileges attempt
* 1:62987 <-> MALWARE-CNC Win.Ransomware.GhostLocker variant outbound connection attempt
* 1:62996 <-> MALWARE-CNC Win.Trojan.TinyTurla variant outbound connection
* 1:62997 <-> MALWARE-CNC Win.Trojan.TinyTurla variant outbound connection
* 3:63002 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1932 attack attempt
* 3:63003 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1934 attack attempt
* 3:63006 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2024-1933 attack attempt
* 3:63007 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1917 attack attempt
* 3:63008 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1917 attack attempt
* 3:63009 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1919 attack attempt
* 3:63010 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1919 attack attempt
* 3:63011 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1918 attack attempt
* 3:63012 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1918 attack attempt

Modified Rules:

* 1:36950 <-> BROWSER-IE Microsoft Internet Explorer SComputedStyle destructor out of bounds read attempt
* 1:36951 <-> BROWSER-IE Microsoft Internet Explorer SComputedStyle destructor out of bounds read attempt
* 1:40360 <-> SERVER-OTHER OpenSSL OCSP Status Request Extension denial of service attempt

31180

2024-02-13 18:48:10 UTC

Snort Subscriber Rules Update

Date: 2024-02-12-001

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.18.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:300818 <-> MALWARE-OTHER Win.Ransomware.GhostLocker WordPress admin portal login attempt
* 1:300819 <-> MALWARE-CNC Win.Ransomware.GhostLocker variant outbound connection attempt
* 1:300820 <-> MALWARE-OTHER Win.Ransomware.GhostLocker variant download attempt
* 1:300821 <-> BROWSER-CHROME Google Chrome FileReader use after free attempt
* 1:300822 <-> OS-WINDOWS Microsoft Windows Win32k elevation of privilege attempt
* 1:300823 <-> FILE-OFFICE Microsoft Word remote code execution attempt
* 1:300824 <-> OS-WINDOWS Microsoft Windows kernel elevation of privilege attempt
* 1:300825 <-> OS-WINDOWS Microsoft Windows AppId driver elevation of privileges attempt
* 1:300826 <-> OS-WINDOWS Microsoft Windows ntoskrnl elevation of privileges attempt
* 1:62987 <-> MALWARE-CNC Win.Ransomware.GhostLocker variant outbound connection attempt
* 1:62996 <-> MALWARE-CNC Win.Trojan.TinyTurla variant outbound connection
* 1:62997 <-> MALWARE-CNC Win.Trojan.TinyTurla variant outbound connection
* 3:63002 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1932 attack attempt
* 3:63003 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1934 attack attempt
* 3:63006 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2024-1933 attack attempt
* 3:63007 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1917 attack attempt
* 3:63008 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1917 attack attempt
* 3:63009 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1919 attack attempt
* 3:63010 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1919 attack attempt
* 3:63011 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1918 attack attempt
* 3:63012 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1918 attack attempt

Modified Rules:

* 1:36950 <-> BROWSER-IE Microsoft Internet Explorer SComputedStyle destructor out of bounds read attempt
* 1:36951 <-> BROWSER-IE Microsoft Internet Explorer SComputedStyle destructor out of bounds read attempt
* 1:40360 <-> SERVER-OTHER OpenSSL OCSP Status Request Extension denial of service attempt

31200

2024-02-13 18:48:10 UTC

Snort Subscriber Rules Update

Date: 2024-02-12-001

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.20.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:300818 <-> MALWARE-OTHER Win.Ransomware.GhostLocker WordPress admin portal login attempt
* 1:300819 <-> MALWARE-CNC Win.Ransomware.GhostLocker variant outbound connection attempt
* 1:300820 <-> MALWARE-OTHER Win.Ransomware.GhostLocker variant download attempt
* 1:300821 <-> BROWSER-CHROME Google Chrome FileReader use after free attempt
* 1:300822 <-> OS-WINDOWS Microsoft Windows Win32k elevation of privilege attempt
* 1:300823 <-> FILE-OFFICE Microsoft Word remote code execution attempt
* 1:300824 <-> OS-WINDOWS Microsoft Windows kernel elevation of privilege attempt
* 1:300825 <-> OS-WINDOWS Microsoft Windows AppId driver elevation of privileges attempt
* 1:300826 <-> OS-WINDOWS Microsoft Windows ntoskrnl elevation of privileges attempt
* 1:62987 <-> MALWARE-CNC Win.Ransomware.GhostLocker variant outbound connection attempt
* 1:62996 <-> MALWARE-CNC Win.Trojan.TinyTurla variant outbound connection
* 1:62997 <-> MALWARE-CNC Win.Trojan.TinyTurla variant outbound connection
* 3:63002 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1932 attack attempt
* 3:63003 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1934 attack attempt
* 3:63006 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2024-1933 attack attempt
* 3:63007 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1917 attack attempt
* 3:63008 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1917 attack attempt
* 3:63009 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1919 attack attempt
* 3:63010 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1919 attack attempt
* 3:63011 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1918 attack attempt
* 3:63012 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1918 attack attempt

Modified Rules:

* 1:36950 <-> BROWSER-IE Microsoft Internet Explorer SComputedStyle destructor out of bounds read attempt
* 1:36951 <-> BROWSER-IE Microsoft Internet Explorer SComputedStyle destructor out of bounds read attempt
* 1:40360 <-> SERVER-OTHER OpenSSL OCSP Status Request Extension denial of service attempt

31210

2024-02-13 18:48:10 UTC

Snort Subscriber Rules Update

Date: 2024-02-12-001

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.21.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:300818 <-> MALWARE-OTHER Win.Ransomware.GhostLocker WordPress admin portal login attempt
* 1:300819 <-> MALWARE-CNC Win.Ransomware.GhostLocker variant outbound connection attempt
* 1:300820 <-> MALWARE-OTHER Win.Ransomware.GhostLocker variant download attempt
* 1:300821 <-> BROWSER-CHROME Google Chrome FileReader use after free attempt
* 1:300822 <-> OS-WINDOWS Microsoft Windows Win32k elevation of privilege attempt
* 1:300823 <-> FILE-OFFICE Microsoft Word remote code execution attempt
* 1:300824 <-> OS-WINDOWS Microsoft Windows kernel elevation of privilege attempt
* 1:300825 <-> OS-WINDOWS Microsoft Windows AppId driver elevation of privileges attempt
* 1:300826 <-> OS-WINDOWS Microsoft Windows ntoskrnl elevation of privileges attempt
* 1:62987 <-> MALWARE-CNC Win.Ransomware.GhostLocker variant outbound connection attempt
* 1:62996 <-> MALWARE-CNC Win.Trojan.TinyTurla variant outbound connection
* 1:62997 <-> MALWARE-CNC Win.Trojan.TinyTurla variant outbound connection
* 3:63002 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1932 attack attempt
* 3:63003 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1934 attack attempt
* 3:63006 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2024-1933 attack attempt
* 3:63007 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1917 attack attempt
* 3:63008 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1917 attack attempt
* 3:63009 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1919 attack attempt
* 3:63010 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1919 attack attempt
* 3:63011 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1918 attack attempt
* 3:63012 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1918 attack attempt

Modified Rules:

* 1:36950 <-> BROWSER-IE Microsoft Internet Explorer SComputedStyle destructor out of bounds read attempt
* 1:36951 <-> BROWSER-IE Microsoft Internet Explorer SComputedStyle destructor out of bounds read attempt
* 1:40360 <-> SERVER-OTHER OpenSSL OCSP Status Request Extension denial of service attempt

31350

2024-02-13 18:48:10 UTC

Snort Subscriber Rules Update

Date: 2024-02-12-001

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.35.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:300818 <-> MALWARE-OTHER Win.Ransomware.GhostLocker WordPress admin portal login attempt
* 1:300819 <-> MALWARE-CNC Win.Ransomware.GhostLocker variant outbound connection attempt
* 1:300820 <-> MALWARE-OTHER Win.Ransomware.GhostLocker variant download attempt
* 1:300821 <-> BROWSER-CHROME Google Chrome FileReader use after free attempt
* 1:300822 <-> OS-WINDOWS Microsoft Windows Win32k elevation of privilege attempt
* 1:300823 <-> FILE-OFFICE Microsoft Word remote code execution attempt
* 1:300824 <-> OS-WINDOWS Microsoft Windows kernel elevation of privilege attempt
* 1:300825 <-> OS-WINDOWS Microsoft Windows AppId driver elevation of privileges attempt
* 1:300826 <-> OS-WINDOWS Microsoft Windows ntoskrnl elevation of privileges attempt
* 1:62987 <-> MALWARE-CNC Win.Ransomware.GhostLocker variant outbound connection attempt
* 1:62996 <-> MALWARE-CNC Win.Trojan.TinyTurla variant outbound connection
* 1:62997 <-> MALWARE-CNC Win.Trojan.TinyTurla variant outbound connection
* 3:63002 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1932 attack attempt
* 3:63003 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1934 attack attempt
* 3:63006 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2024-1933 attack attempt
* 3:63007 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1917 attack attempt
* 3:63008 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1917 attack attempt
* 3:63009 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1919 attack attempt
* 3:63010 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1919 attack attempt
* 3:63011 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1918 attack attempt
* 3:63012 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1918 attack attempt

Modified Rules:

* 1:36950 <-> BROWSER-IE Microsoft Internet Explorer SComputedStyle destructor out of bounds read attempt
* 1:36951 <-> BROWSER-IE Microsoft Internet Explorer SComputedStyle destructor out of bounds read attempt
* 1:40360 <-> SERVER-OTHER OpenSSL OCSP Status Request Extension denial of service attempt

31440

2024-02-13 18:48:10 UTC

Snort Subscriber Rules Update

Date: 2024-02-12-001

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.44.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:300818 <-> MALWARE-OTHER Win.Ransomware.GhostLocker WordPress admin portal login attempt
* 1:300819 <-> MALWARE-CNC Win.Ransomware.GhostLocker variant outbound connection attempt
* 1:300820 <-> MALWARE-OTHER Win.Ransomware.GhostLocker variant download attempt
* 1:300821 <-> BROWSER-CHROME Google Chrome FileReader use after free attempt
* 1:300822 <-> OS-WINDOWS Microsoft Windows Win32k elevation of privilege attempt
* 1:300823 <-> FILE-OFFICE Microsoft Word remote code execution attempt
* 1:300824 <-> OS-WINDOWS Microsoft Windows kernel elevation of privilege attempt
* 1:300825 <-> OS-WINDOWS Microsoft Windows AppId driver elevation of privileges attempt
* 1:300826 <-> OS-WINDOWS Microsoft Windows ntoskrnl elevation of privileges attempt
* 1:62987 <-> MALWARE-CNC Win.Ransomware.GhostLocker variant outbound connection attempt
* 1:62996 <-> MALWARE-CNC Win.Trojan.TinyTurla variant outbound connection
* 1:62997 <-> MALWARE-CNC Win.Trojan.TinyTurla variant outbound connection
* 3:63002 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1932 attack attempt
* 3:63003 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1934 attack attempt
* 3:63006 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2024-1933 attack attempt
* 3:63007 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1917 attack attempt
* 3:63008 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1917 attack attempt
* 3:63009 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1919 attack attempt
* 3:63010 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1919 attack attempt
* 3:63011 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1918 attack attempt
* 3:63012 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1918 attack attempt

Modified Rules:

* 1:36950 <-> BROWSER-IE Microsoft Internet Explorer SComputedStyle destructor out of bounds read attempt
* 1:36951 <-> BROWSER-IE Microsoft Internet Explorer SComputedStyle destructor out of bounds read attempt
* 1:40360 <-> SERVER-OTHER OpenSSL OCSP Status Request Extension denial of service attempt

31470

2024-02-13 18:48:10 UTC

Snort Subscriber Rules Update

Date: 2024-02-12-001

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.47.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:300818 <-> MALWARE-OTHER Win.Ransomware.GhostLocker WordPress admin portal login attempt
* 1:300819 <-> MALWARE-CNC Win.Ransomware.GhostLocker variant outbound connection attempt
* 1:300820 <-> MALWARE-OTHER Win.Ransomware.GhostLocker variant download attempt
* 1:300821 <-> BROWSER-CHROME Google Chrome FileReader use after free attempt
* 1:300822 <-> OS-WINDOWS Microsoft Windows Win32k elevation of privilege attempt
* 1:300823 <-> FILE-OFFICE Microsoft Word remote code execution attempt
* 1:300824 <-> OS-WINDOWS Microsoft Windows kernel elevation of privilege attempt
* 1:300825 <-> OS-WINDOWS Microsoft Windows AppId driver elevation of privileges attempt
* 1:300826 <-> OS-WINDOWS Microsoft Windows ntoskrnl elevation of privileges attempt
* 1:62987 <-> MALWARE-CNC Win.Ransomware.GhostLocker variant outbound connection attempt
* 1:62996 <-> MALWARE-CNC Win.Trojan.TinyTurla variant outbound connection
* 1:62997 <-> MALWARE-CNC Win.Trojan.TinyTurla variant outbound connection
* 3:63002 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1932 attack attempt
* 3:63003 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1934 attack attempt
* 3:63006 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2024-1933 attack attempt
* 3:63007 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1917 attack attempt
* 3:63008 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1917 attack attempt
* 3:63009 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1919 attack attempt
* 3:63010 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1919 attack attempt
* 3:63011 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1918 attack attempt
* 3:63012 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1918 attack attempt

Modified Rules:

* 1:36950 <-> BROWSER-IE Microsoft Internet Explorer SComputedStyle destructor out of bounds read attempt
* 1:36951 <-> BROWSER-IE Microsoft Internet Explorer SComputedStyle destructor out of bounds read attempt
* 1:40360 <-> SERVER-OTHER OpenSSL OCSP Status Request Extension denial of service attempt