Talos has added and modified multiple rules in the malware-other, policy-other, protocol-scada, pua-other and server-webapp rule sets to provide coverage for emerging threats from these technologies.
For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091400.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:50794 <-> ENABLED <-> PUA-OTHER Unix.Trojan.CoinMiner attempted download (pua-other.rules) * 1:50781 <-> DISABLED <-> SERVER-OTHER InduSoft Web Studio remote code execution attempt (server-other.rules) * 1:50780 <-> DISABLED <-> POLICY-OTHER InduSoft Web Studio DBProcessCall remote connection open attempt (policy-other.rules) * 1:50779 <-> DISABLED <-> SERVER-WEBAPP Schneider Electric Quantum modicon ethernet module unauthenticated password reset attempt (server-webapp.rules) * 1:50796 <-> ENABLED <-> PUA-OTHER Win.Trojan.CoinMiner attempted download (pua-other.rules) * 1:50795 <-> ENABLED <-> PUA-OTHER Win.Trojan.CoinMiner attempted download (pua-other.rules) * 3:50785 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0861 attack attempt (server-webapp.rules) * 3:50783 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0861 attack attempt (server-webapp.rules) * 3:50793 <-> ENABLED <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2019-0871 attack attempt (protocol-scada.rules) * 3:50784 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0861 attack attempt (server-webapp.rules) * 3:50797 <-> ENABLED <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2019-0870 attack attempt (protocol-scada.rules) * 3:50786 <-> ENABLED <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2019-0872 attack attempt (protocol-scada.rules) * 3:50792 <-> ENABLED <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2019-0874 attack attempt (protocol-scada.rules) * 3:50791 <-> ENABLED <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2019-0873 attack attempt (protocol-scada.rules) * 3:50790 <-> ENABLED <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2019-0863 attack attempt (protocol-scada.rules) * 3:50789 <-> ENABLED <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2019-0862 attack attempt (protocol-scada.rules) * 3:50787 <-> ENABLED <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2019-0869 attack attempt (protocol-scada.rules) * 3:50788 <-> ENABLED <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2019-0862 attack attempt (protocol-scada.rules) * 3:50782 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0861 attack attempt (server-webapp.rules)
* 1:47870 <-> ENABLED <-> MALWARE-OTHER Unix.Miner.Xbash variant dropped bash script (malware-other.rules) * 1:47871 <-> ENABLED <-> MALWARE-OTHER Unix.Miner.Xbash variant dropped bash script (malware-other.rules) * 1:47872 <-> ENABLED <-> MALWARE-OTHER Unix.Miner.Xbash variant dropped bash script (malware-other.rules) * 1:47873 <-> ENABLED <-> MALWARE-OTHER Unix.Miner.Xbash variant dropped bash script (malware-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091300.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:50796 <-> ENABLED <-> PUA-OTHER Win.Trojan.CoinMiner attempted download (pua-other.rules) * 1:50779 <-> DISABLED <-> SERVER-WEBAPP Schneider Electric Quantum modicon ethernet module unauthenticated password reset attempt (server-webapp.rules) * 1:50794 <-> ENABLED <-> PUA-OTHER Unix.Trojan.CoinMiner attempted download (pua-other.rules) * 1:50781 <-> DISABLED <-> SERVER-OTHER InduSoft Web Studio remote code execution attempt (server-other.rules) * 1:50780 <-> DISABLED <-> POLICY-OTHER InduSoft Web Studio DBProcessCall remote connection open attempt (policy-other.rules) * 1:50795 <-> ENABLED <-> PUA-OTHER Win.Trojan.CoinMiner attempted download (pua-other.rules) * 3:50789 <-> ENABLED <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2019-0862 attack attempt (protocol-scada.rules) * 3:50787 <-> ENABLED <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2019-0869 attack attempt (protocol-scada.rules) * 3:50783 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0861 attack attempt (server-webapp.rules) * 3:50797 <-> ENABLED <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2019-0870 attack attempt (protocol-scada.rules) * 3:50793 <-> ENABLED <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2019-0871 attack attempt (protocol-scada.rules) * 3:50782 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0861 attack attempt (server-webapp.rules) * 3:50790 <-> ENABLED <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2019-0863 attack attempt (protocol-scada.rules) * 3:50791 <-> ENABLED <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2019-0873 attack attempt (protocol-scada.rules) * 3:50792 <-> ENABLED <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2019-0874 attack attempt (protocol-scada.rules) * 3:50788 <-> ENABLED <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2019-0862 attack attempt (protocol-scada.rules) * 3:50784 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0861 attack attempt (server-webapp.rules) * 3:50786 <-> ENABLED <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2019-0872 attack attempt (protocol-scada.rules) * 3:50785 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0861 attack attempt (server-webapp.rules)
* 1:47870 <-> ENABLED <-> MALWARE-OTHER Unix.Miner.Xbash variant dropped bash script (malware-other.rules) * 1:47871 <-> ENABLED <-> MALWARE-OTHER Unix.Miner.Xbash variant dropped bash script (malware-other.rules) * 1:47872 <-> ENABLED <-> MALWARE-OTHER Unix.Miner.Xbash variant dropped bash script (malware-other.rules) * 1:47873 <-> ENABLED <-> MALWARE-OTHER Unix.Miner.Xbash variant dropped bash script (malware-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091200.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:50780 <-> DISABLED <-> POLICY-OTHER InduSoft Web Studio DBProcessCall remote connection open attempt (policy-other.rules) * 1:50794 <-> ENABLED <-> PUA-OTHER Unix.Trojan.CoinMiner attempted download (pua-other.rules) * 1:50781 <-> DISABLED <-> SERVER-OTHER InduSoft Web Studio remote code execution attempt (server-other.rules) * 1:50796 <-> ENABLED <-> PUA-OTHER Win.Trojan.CoinMiner attempted download (pua-other.rules) * 1:50779 <-> DISABLED <-> SERVER-WEBAPP Schneider Electric Quantum modicon ethernet module unauthenticated password reset attempt (server-webapp.rules) * 1:50795 <-> ENABLED <-> PUA-OTHER Win.Trojan.CoinMiner attempted download (pua-other.rules) * 3:50784 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0861 attack attempt (server-webapp.rules) * 3:50793 <-> ENABLED <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2019-0871 attack attempt (protocol-scada.rules) * 3:50783 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0861 attack attempt (server-webapp.rules) * 3:50792 <-> ENABLED <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2019-0874 attack attempt (protocol-scada.rules) * 3:50787 <-> ENABLED <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2019-0869 attack attempt (protocol-scada.rules) * 3:50797 <-> ENABLED <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2019-0870 attack attempt (protocol-scada.rules) * 3:50782 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0861 attack attempt (server-webapp.rules) * 3:50788 <-> ENABLED <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2019-0862 attack attempt (protocol-scada.rules) * 3:50790 <-> ENABLED <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2019-0863 attack attempt (protocol-scada.rules) * 3:50791 <-> ENABLED <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2019-0873 attack attempt (protocol-scada.rules) * 3:50785 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0861 attack attempt (server-webapp.rules) * 3:50789 <-> ENABLED <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2019-0862 attack attempt (protocol-scada.rules) * 3:50786 <-> ENABLED <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2019-0872 attack attempt (protocol-scada.rules)
* 1:47870 <-> ENABLED <-> MALWARE-OTHER Unix.Miner.Xbash variant dropped bash script (malware-other.rules) * 1:47871 <-> ENABLED <-> MALWARE-OTHER Unix.Miner.Xbash variant dropped bash script (malware-other.rules) * 1:47872 <-> ENABLED <-> MALWARE-OTHER Unix.Miner.Xbash variant dropped bash script (malware-other.rules) * 1:47873 <-> ENABLED <-> MALWARE-OTHER Unix.Miner.Xbash variant dropped bash script (malware-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091101.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:50794 <-> ENABLED <-> PUA-OTHER Unix.Trojan.CoinMiner attempted download (pua-other.rules) * 1:50779 <-> DISABLED <-> SERVER-WEBAPP Schneider Electric Quantum modicon ethernet module unauthenticated password reset attempt (server-webapp.rules) * 1:50781 <-> DISABLED <-> SERVER-OTHER InduSoft Web Studio remote code execution attempt (server-other.rules) * 1:50796 <-> ENABLED <-> PUA-OTHER Win.Trojan.CoinMiner attempted download (pua-other.rules) * 1:50795 <-> ENABLED <-> PUA-OTHER Win.Trojan.CoinMiner attempted download (pua-other.rules) * 1:50780 <-> DISABLED <-> POLICY-OTHER InduSoft Web Studio DBProcessCall remote connection open attempt (policy-other.rules) * 3:50797 <-> ENABLED <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2019-0870 attack attempt (protocol-scada.rules) * 3:50784 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0861 attack attempt (server-webapp.rules) * 3:50785 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0861 attack attempt (server-webapp.rules) * 3:50786 <-> ENABLED <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2019-0872 attack attempt (protocol-scada.rules) * 3:50783 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0861 attack attempt (server-webapp.rules) * 3:50793 <-> ENABLED <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2019-0871 attack attempt (protocol-scada.rules) * 3:50788 <-> ENABLED <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2019-0862 attack attempt (protocol-scada.rules) * 3:50787 <-> ENABLED <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2019-0869 attack attempt (protocol-scada.rules) * 3:50789 <-> ENABLED <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2019-0862 attack attempt (protocol-scada.rules) * 3:50792 <-> ENABLED <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2019-0874 attack attempt (protocol-scada.rules) * 3:50790 <-> ENABLED <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2019-0863 attack attempt (protocol-scada.rules) * 3:50791 <-> ENABLED <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2019-0873 attack attempt (protocol-scada.rules) * 3:50782 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0861 attack attempt (server-webapp.rules)
* 1:47870 <-> ENABLED <-> MALWARE-OTHER Unix.Miner.Xbash variant dropped bash script (malware-other.rules) * 1:47871 <-> ENABLED <-> MALWARE-OTHER Unix.Miner.Xbash variant dropped bash script (malware-other.rules) * 1:47872 <-> ENABLED <-> MALWARE-OTHER Unix.Miner.Xbash variant dropped bash script (malware-other.rules) * 1:47873 <-> ENABLED <-> MALWARE-OTHER Unix.Miner.Xbash variant dropped bash script (malware-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3000.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:50780 <-> DISABLED <-> POLICY-OTHER InduSoft Web Studio DBProcessCall remote connection open attempt (snort3-policy-other.rules) * 1:50781 <-> DISABLED <-> SERVER-OTHER InduSoft Web Studio remote code execution attempt (snort3-server-other.rules) * 1:50796 <-> ENABLED <-> PUA-OTHER Win.Trojan.CoinMiner attempted download (snort3-pua-other.rules) * 1:50795 <-> ENABLED <-> PUA-OTHER Win.Trojan.CoinMiner attempted download (snort3-pua-other.rules) * 1:50794 <-> ENABLED <-> PUA-OTHER Unix.Trojan.CoinMiner attempted download (snort3-pua-other.rules) * 1:50779 <-> DISABLED <-> SERVER-WEBAPP Schneider Electric Quantum modicon ethernet module unauthenticated password reset attempt (snort3-server-webapp.rules)
* 1:47873 <-> ENABLED <-> MALWARE-OTHER Unix.Miner.Xbash variant dropped bash script (snort3-malware-other.rules) * 1:47870 <-> ENABLED <-> MALWARE-OTHER Unix.Miner.Xbash variant dropped bash script (snort3-malware-other.rules) * 1:47871 <-> ENABLED <-> MALWARE-OTHER Unix.Miner.Xbash variant dropped bash script (snort3-malware-other.rules) * 1:47872 <-> ENABLED <-> MALWARE-OTHER Unix.Miner.Xbash variant dropped bash script (snort3-malware-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2990.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:50780 <-> DISABLED <-> POLICY-OTHER InduSoft Web Studio DBProcessCall remote connection open attempt (policy-other.rules) * 1:50795 <-> ENABLED <-> PUA-OTHER Win.Trojan.CoinMiner attempted download (pua-other.rules) * 1:50779 <-> DISABLED <-> SERVER-WEBAPP Schneider Electric Quantum modicon ethernet module unauthenticated password reset attempt (server-webapp.rules) * 1:50781 <-> DISABLED <-> SERVER-OTHER InduSoft Web Studio remote code execution attempt (server-other.rules) * 1:50796 <-> ENABLED <-> PUA-OTHER Win.Trojan.CoinMiner attempted download (pua-other.rules) * 1:50794 <-> ENABLED <-> PUA-OTHER Unix.Trojan.CoinMiner attempted download (pua-other.rules) * 3:50783 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0861 attack attempt (server-webapp.rules) * 3:50789 <-> ENABLED <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2019-0862 attack attempt (protocol-scada.rules) * 3:50782 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0861 attack attempt (server-webapp.rules) * 3:50793 <-> ENABLED <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2019-0871 attack attempt (protocol-scada.rules) * 3:50787 <-> ENABLED <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2019-0869 attack attempt (protocol-scada.rules) * 3:50788 <-> ENABLED <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2019-0862 attack attempt (protocol-scada.rules) * 3:50797 <-> ENABLED <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2019-0870 attack attempt (protocol-scada.rules) * 3:50786 <-> ENABLED <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2019-0872 attack attempt (protocol-scada.rules) * 3:50784 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0861 attack attempt (server-webapp.rules) * 3:50785 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0861 attack attempt (server-webapp.rules) * 3:50791 <-> ENABLED <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2019-0873 attack attempt (protocol-scada.rules) * 3:50792 <-> ENABLED <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2019-0874 attack attempt (protocol-scada.rules) * 3:50790 <-> ENABLED <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2019-0863 attack attempt (protocol-scada.rules)
* 1:47870 <-> ENABLED <-> MALWARE-OTHER Unix.Miner.Xbash variant dropped bash script (malware-other.rules) * 1:47871 <-> ENABLED <-> MALWARE-OTHER Unix.Miner.Xbash variant dropped bash script (malware-other.rules) * 1:47872 <-> ENABLED <-> MALWARE-OTHER Unix.Miner.Xbash variant dropped bash script (malware-other.rules) * 1:47873 <-> ENABLED <-> MALWARE-OTHER Unix.Miner.Xbash variant dropped bash script (malware-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:50795 <-> ENABLED <-> PUA-OTHER Win.Trojan.CoinMiner attempted download (pua-other.rules) * 1:50780 <-> DISABLED <-> POLICY-OTHER InduSoft Web Studio DBProcessCall remote connection open attempt (policy-other.rules) * 1:50779 <-> DISABLED <-> SERVER-WEBAPP Schneider Electric Quantum modicon ethernet module unauthenticated password reset attempt (server-webapp.rules) * 1:50796 <-> ENABLED <-> PUA-OTHER Win.Trojan.CoinMiner attempted download (pua-other.rules) * 1:50781 <-> DISABLED <-> SERVER-OTHER InduSoft Web Studio remote code execution attempt (server-other.rules) * 1:50794 <-> ENABLED <-> PUA-OTHER Unix.Trojan.CoinMiner attempted download (pua-other.rules) * 3:50788 <-> ENABLED <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2019-0862 attack attempt (protocol-scada.rules) * 3:50783 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0861 attack attempt (server-webapp.rules) * 3:50787 <-> ENABLED <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2019-0869 attack attempt (protocol-scada.rules) * 3:50791 <-> ENABLED <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2019-0873 attack attempt (protocol-scada.rules) * 3:50790 <-> ENABLED <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2019-0863 attack attempt (protocol-scada.rules) * 3:50792 <-> ENABLED <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2019-0874 attack attempt (protocol-scada.rules) * 3:50785 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0861 attack attempt (server-webapp.rules) * 3:50782 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0861 attack attempt (server-webapp.rules) * 3:50786 <-> ENABLED <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2019-0872 attack attempt (protocol-scada.rules) * 3:50784 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0861 attack attempt (server-webapp.rules) * 3:50797 <-> ENABLED <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2019-0870 attack attempt (protocol-scada.rules) * 3:50793 <-> ENABLED <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2019-0871 attack attempt (protocol-scada.rules) * 3:50789 <-> ENABLED <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2019-0862 attack attempt (protocol-scada.rules)
* 1:47870 <-> ENABLED <-> MALWARE-OTHER Unix.Miner.Xbash variant dropped bash script (malware-other.rules) * 1:47871 <-> ENABLED <-> MALWARE-OTHER Unix.Miner.Xbash variant dropped bash script (malware-other.rules) * 1:47872 <-> ENABLED <-> MALWARE-OTHER Unix.Miner.Xbash variant dropped bash script (malware-other.rules) * 1:47873 <-> ENABLED <-> MALWARE-OTHER Unix.Miner.Xbash variant dropped bash script (malware-other.rules)
©2024 Cisco and/or its affiliates. Snort, the Snort and Pig logo are registered trademarks of Cisco. All rights reserved.
