Talos has added and modified multiple rules in the malware-cnc and server-webapp rule sets to provide coverage for emerging threats from these technologies.
For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091300.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:50056 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Buckeye malicious executable download attempt (malware-cnc.rules) * 1:50055 <-> ENABLED <-> MALWARE-CNC Win.Trojan.HTran malicious executable download attempt (malware-cnc.rules) * 1:50054 <-> ENABLED <-> MALWARE-CNC Win.Trojan.HTran malicious executable download attempt (malware-cnc.rules) * 1:50053 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Pirpi malicious executable download attempt (malware-cnc.rules) * 1:50052 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Pirpi malicious executable download attempt (malware-cnc.rules) * 1:50051 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Pirpi malicious executable download attempt (malware-cnc.rules) * 1:50050 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Pirpi malicious executable download attempt (malware-cnc.rules) * 1:50049 <-> ENABLED <-> MALWARE-CNC Win.Dropper.FormBook variant outbound connection (malware-cnc.rules) * 1:50048 <-> ENABLED <-> MALWARE-CNC Win.Dropper.Fareit variant outbound connection (malware-cnc.rules) * 1:50047 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.GenKryptik variant binary download attempt (malware-other.rules) * 1:50046 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.GenKryptik variant binary download attempt (malware-other.rules) * 1:50045 <-> ENABLED <-> MALWARE-OTHER Win.Dropper.FormBook variant binary download attempt (malware-other.rules) * 1:50044 <-> ENABLED <-> MALWARE-OTHER Win.Dropper.FormBook variant binary download attempt (malware-other.rules) * 1:50043 <-> ENABLED <-> MALWARE-OTHER Win.Dropper.Fareit variant binary download attempt (malware-other.rules) * 1:50042 <-> ENABLED <-> MALWARE-OTHER Win.Dropper.Fareit variant binary download attempt (malware-other.rules) * 1:50041 <-> ENABLED <-> SERVER-WEBAPP Jenkins CI Server ASTTest code execution attempt (server-webapp.rules) * 1:50064 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Filensfer variant outbound connection (malware-cnc.rules) * 1:50063 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Filensfer malicious executable download attempt (malware-cnc.rules) * 1:50062 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Filensfer malicious executable download attempt (malware-cnc.rules) * 1:50061 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Buckeye malicious executable download attempt (malware-cnc.rules) * 1:50060 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Buckeye malicious executable download attempt (malware-cnc.rules) * 1:50059 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Filensfer malicious executable download attempt (malware-cnc.rules) * 1:50058 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Filensfer malicious executable download attempt (malware-cnc.rules) * 1:50057 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Buckeye malicious executable download attempt (malware-cnc.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091200.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:50060 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Buckeye malicious executable download attempt (malware-cnc.rules) * 1:50059 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Filensfer malicious executable download attempt (malware-cnc.rules) * 1:50041 <-> ENABLED <-> SERVER-WEBAPP Jenkins CI Server ASTTest code execution attempt (server-webapp.rules) * 1:50042 <-> ENABLED <-> MALWARE-OTHER Win.Dropper.Fareit variant binary download attempt (malware-other.rules) * 1:50043 <-> ENABLED <-> MALWARE-OTHER Win.Dropper.Fareit variant binary download attempt (malware-other.rules) * 1:50044 <-> ENABLED <-> MALWARE-OTHER Win.Dropper.FormBook variant binary download attempt (malware-other.rules) * 1:50045 <-> ENABLED <-> MALWARE-OTHER Win.Dropper.FormBook variant binary download attempt (malware-other.rules) * 1:50046 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.GenKryptik variant binary download attempt (malware-other.rules) * 1:50047 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.GenKryptik variant binary download attempt (malware-other.rules) * 1:50048 <-> ENABLED <-> MALWARE-CNC Win.Dropper.Fareit variant outbound connection (malware-cnc.rules) * 1:50049 <-> ENABLED <-> MALWARE-CNC Win.Dropper.FormBook variant outbound connection (malware-cnc.rules) * 1:50050 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Pirpi malicious executable download attempt (malware-cnc.rules) * 1:50064 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Filensfer variant outbound connection (malware-cnc.rules) * 1:50061 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Buckeye malicious executable download attempt (malware-cnc.rules) * 1:50063 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Filensfer malicious executable download attempt (malware-cnc.rules) * 1:50062 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Filensfer malicious executable download attempt (malware-cnc.rules) * 1:50051 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Pirpi malicious executable download attempt (malware-cnc.rules) * 1:50052 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Pirpi malicious executable download attempt (malware-cnc.rules) * 1:50053 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Pirpi malicious executable download attempt (malware-cnc.rules) * 1:50054 <-> ENABLED <-> MALWARE-CNC Win.Trojan.HTran malicious executable download attempt (malware-cnc.rules) * 1:50055 <-> ENABLED <-> MALWARE-CNC Win.Trojan.HTran malicious executable download attempt (malware-cnc.rules) * 1:50056 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Buckeye malicious executable download attempt (malware-cnc.rules) * 1:50057 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Buckeye malicious executable download attempt (malware-cnc.rules) * 1:50058 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Filensfer malicious executable download attempt (malware-cnc.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091101.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:50060 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Buckeye malicious executable download attempt (malware-cnc.rules) * 1:50061 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Buckeye malicious executable download attempt (malware-cnc.rules) * 1:50063 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Filensfer malicious executable download attempt (malware-cnc.rules) * 1:50064 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Filensfer variant outbound connection (malware-cnc.rules) * 1:50062 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Filensfer malicious executable download attempt (malware-cnc.rules) * 1:50041 <-> ENABLED <-> SERVER-WEBAPP Jenkins CI Server ASTTest code execution attempt (server-webapp.rules) * 1:50042 <-> ENABLED <-> MALWARE-OTHER Win.Dropper.Fareit variant binary download attempt (malware-other.rules) * 1:50043 <-> ENABLED <-> MALWARE-OTHER Win.Dropper.Fareit variant binary download attempt (malware-other.rules) * 1:50044 <-> ENABLED <-> MALWARE-OTHER Win.Dropper.FormBook variant binary download attempt (malware-other.rules) * 1:50045 <-> ENABLED <-> MALWARE-OTHER Win.Dropper.FormBook variant binary download attempt (malware-other.rules) * 1:50046 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.GenKryptik variant binary download attempt (malware-other.rules) * 1:50047 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.GenKryptik variant binary download attempt (malware-other.rules) * 1:50048 <-> ENABLED <-> MALWARE-CNC Win.Dropper.Fareit variant outbound connection (malware-cnc.rules) * 1:50049 <-> ENABLED <-> MALWARE-CNC Win.Dropper.FormBook variant outbound connection (malware-cnc.rules) * 1:50050 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Pirpi malicious executable download attempt (malware-cnc.rules) * 1:50051 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Pirpi malicious executable download attempt (malware-cnc.rules) * 1:50052 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Pirpi malicious executable download attempt (malware-cnc.rules) * 1:50053 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Pirpi malicious executable download attempt (malware-cnc.rules) * 1:50054 <-> ENABLED <-> MALWARE-CNC Win.Trojan.HTran malicious executable download attempt (malware-cnc.rules) * 1:50055 <-> ENABLED <-> MALWARE-CNC Win.Trojan.HTran malicious executable download attempt (malware-cnc.rules) * 1:50056 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Buckeye malicious executable download attempt (malware-cnc.rules) * 1:50057 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Buckeye malicious executable download attempt (malware-cnc.rules) * 1:50058 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Filensfer malicious executable download attempt (malware-cnc.rules) * 1:50059 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Filensfer malicious executable download attempt (malware-cnc.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3000.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:50060 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Buckeye malicious executable download attempt (snort3-malware-cnc.rules) * 1:50048 <-> ENABLED <-> MALWARE-CNC Win.Dropper.Fareit variant outbound connection (snort3-malware-cnc.rules) * 1:50062 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Filensfer malicious executable download attempt (snort3-malware-cnc.rules) * 1:50063 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Filensfer malicious executable download attempt (snort3-malware-cnc.rules) * 1:50064 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Filensfer variant outbound connection (snort3-malware-cnc.rules) * 1:50061 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Buckeye malicious executable download attempt (snort3-malware-cnc.rules) * 1:50041 <-> ENABLED <-> SERVER-WEBAPP Jenkins CI Server ASTTest code execution attempt (snort3-server-webapp.rules) * 1:50042 <-> ENABLED <-> MALWARE-OTHER Win.Dropper.Fareit variant binary download attempt (snort3-malware-other.rules) * 1:50043 <-> ENABLED <-> MALWARE-OTHER Win.Dropper.Fareit variant binary download attempt (snort3-malware-other.rules) * 1:50044 <-> ENABLED <-> MALWARE-OTHER Win.Dropper.FormBook variant binary download attempt (snort3-malware-other.rules) * 1:50045 <-> ENABLED <-> MALWARE-OTHER Win.Dropper.FormBook variant binary download attempt (snort3-malware-other.rules) * 1:50046 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.GenKryptik variant binary download attempt (snort3-malware-other.rules) * 1:50047 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.GenKryptik variant binary download attempt (snort3-malware-other.rules) * 1:50059 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Filensfer malicious executable download attempt (snort3-malware-cnc.rules) * 1:50050 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Pirpi malicious executable download attempt (snort3-malware-cnc.rules) * 1:50051 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Pirpi malicious executable download attempt (snort3-malware-cnc.rules) * 1:50049 <-> ENABLED <-> MALWARE-CNC Win.Dropper.FormBook variant outbound connection (snort3-malware-cnc.rules) * 1:50052 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Pirpi malicious executable download attempt (snort3-malware-cnc.rules) * 1:50053 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Pirpi malicious executable download attempt (snort3-malware-cnc.rules) * 1:50054 <-> ENABLED <-> MALWARE-CNC Win.Trojan.HTran malicious executable download attempt (snort3-malware-cnc.rules) * 1:50055 <-> ENABLED <-> MALWARE-CNC Win.Trojan.HTran malicious executable download attempt (snort3-malware-cnc.rules) * 1:50056 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Buckeye malicious executable download attempt (snort3-malware-cnc.rules) * 1:50057 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Buckeye malicious executable download attempt (snort3-malware-cnc.rules) * 1:50058 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Filensfer malicious executable download attempt (snort3-malware-cnc.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2990.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:50049 <-> ENABLED <-> MALWARE-CNC Win.Dropper.FormBook variant outbound connection (malware-cnc.rules) * 1:50063 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Filensfer malicious executable download attempt (malware-cnc.rules) * 1:50061 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Buckeye malicious executable download attempt (malware-cnc.rules) * 1:50042 <-> ENABLED <-> MALWARE-OTHER Win.Dropper.Fareit variant binary download attempt (malware-other.rules) * 1:50043 <-> ENABLED <-> MALWARE-OTHER Win.Dropper.Fareit variant binary download attempt (malware-other.rules) * 1:50044 <-> ENABLED <-> MALWARE-OTHER Win.Dropper.FormBook variant binary download attempt (malware-other.rules) * 1:50045 <-> ENABLED <-> MALWARE-OTHER Win.Dropper.FormBook variant binary download attempt (malware-other.rules) * 1:50046 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.GenKryptik variant binary download attempt (malware-other.rules) * 1:50047 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.GenKryptik variant binary download attempt (malware-other.rules) * 1:50060 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Buckeye malicious executable download attempt (malware-cnc.rules) * 1:50059 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Filensfer malicious executable download attempt (malware-cnc.rules) * 1:50048 <-> ENABLED <-> MALWARE-CNC Win.Dropper.Fareit variant outbound connection (malware-cnc.rules) * 1:50052 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Pirpi malicious executable download attempt (malware-cnc.rules) * 1:50050 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Pirpi malicious executable download attempt (malware-cnc.rules) * 1:50051 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Pirpi malicious executable download attempt (malware-cnc.rules) * 1:50053 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Pirpi malicious executable download attempt (malware-cnc.rules) * 1:50054 <-> ENABLED <-> MALWARE-CNC Win.Trojan.HTran malicious executable download attempt (malware-cnc.rules) * 1:50055 <-> ENABLED <-> MALWARE-CNC Win.Trojan.HTran malicious executable download attempt (malware-cnc.rules) * 1:50056 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Buckeye malicious executable download attempt (malware-cnc.rules) * 1:50057 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Buckeye malicious executable download attempt (malware-cnc.rules) * 1:50058 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Filensfer malicious executable download attempt (malware-cnc.rules) * 1:50064 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Filensfer variant outbound connection (malware-cnc.rules) * 1:50062 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Filensfer malicious executable download attempt (malware-cnc.rules) * 1:50041 <-> ENABLED <-> SERVER-WEBAPP Jenkins CI Server ASTTest code execution attempt (server-webapp.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:50046 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.GenKryptik variant binary download attempt (malware-other.rules) * 1:50045 <-> ENABLED <-> MALWARE-OTHER Win.Dropper.FormBook variant binary download attempt (malware-other.rules) * 1:50058 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Filensfer malicious executable download attempt (malware-cnc.rules) * 1:50064 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Filensfer variant outbound connection (malware-cnc.rules) * 1:50062 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Filensfer malicious executable download attempt (malware-cnc.rules) * 1:50060 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Buckeye malicious executable download attempt (malware-cnc.rules) * 1:50057 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Buckeye malicious executable download attempt (malware-cnc.rules) * 1:50061 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Buckeye malicious executable download attempt (malware-cnc.rules) * 1:50041 <-> ENABLED <-> SERVER-WEBAPP Jenkins CI Server ASTTest code execution attempt (server-webapp.rules) * 1:50042 <-> ENABLED <-> MALWARE-OTHER Win.Dropper.Fareit variant binary download attempt (malware-other.rules) * 1:50043 <-> ENABLED <-> MALWARE-OTHER Win.Dropper.Fareit variant binary download attempt (malware-other.rules) * 1:50044 <-> ENABLED <-> MALWARE-OTHER Win.Dropper.FormBook variant binary download attempt (malware-other.rules) * 1:50047 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.GenKryptik variant binary download attempt (malware-other.rules) * 1:50049 <-> ENABLED <-> MALWARE-CNC Win.Dropper.FormBook variant outbound connection (malware-cnc.rules) * 1:50050 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Pirpi malicious executable download attempt (malware-cnc.rules) * 1:50048 <-> ENABLED <-> MALWARE-CNC Win.Dropper.Fareit variant outbound connection (malware-cnc.rules) * 1:50051 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Pirpi malicious executable download attempt (malware-cnc.rules) * 1:50052 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Pirpi malicious executable download attempt (malware-cnc.rules) * 1:50053 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Pirpi malicious executable download attempt (malware-cnc.rules) * 1:50054 <-> ENABLED <-> MALWARE-CNC Win.Trojan.HTran malicious executable download attempt (malware-cnc.rules) * 1:50055 <-> ENABLED <-> MALWARE-CNC Win.Trojan.HTran malicious executable download attempt (malware-cnc.rules) * 1:50063 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Filensfer malicious executable download attempt (malware-cnc.rules) * 1:50056 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Buckeye malicious executable download attempt (malware-cnc.rules) * 1:50059 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Filensfer malicious executable download attempt (malware-cnc.rules)
©2024 Cisco and/or its affiliates. Snort, the Snort and Pig logo are registered trademarks of Cisco. All rights reserved.
