Talos is releasing Snort coverage to protect against ongoing cyber operations against Ukraine. These new Snort rules provide protection against the following malware families: Redline (SID 59160), IsaacWiper (SIDs 59163-59164), SunSeed Lua (SIDs 59165-59173), HermeticRansom (SIDs 59154-59159), Vidar (SIDs 59200-59203), and WhiteBlackCrypt (SIDs 59161-59162).
Talos has added and modified multiple rules in the deleted, malware-cnc, malware-other and os-windows rule sets to provide coverage for emerging threats from these technologies.
For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091900.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:59166 <-> ENABLED <-> MALWARE-CNC Xls.Downloader.SunSeed payload download attempt (malware-cnc.rules) * 1:59167 <-> ENABLED <-> MALWARE-CNC Xls.Downloader.SunSeed payload download attempt (malware-cnc.rules) * 1:59168 <-> DISABLED <-> MALWARE-CNC Win.Malware.SunSeed outbound cnc connection attempt (malware-cnc.rules) * 1:59169 <-> DISABLED <-> MALWARE-CNC Win.Malware.SunSeed payload download attempt attempt (malware-cnc.rules) * 1:59170 <-> DISABLED <-> MALWARE-CNC Win.Malware.SunSeed payload download attempt attempt (malware-cnc.rules) * 1:59171 <-> DISABLED <-> MALWARE-OTHER Xls.Downloader.SunSeed payload download attempt (malware-other.rules) * 1:59172 <-> DISABLED <-> MALWARE-OTHER Xls.Downloader.SunSeed payload download attempt (malware-other.rules) * 1:59173 <-> ENABLED <-> MALWARE-CNC Xls.Downloader.SunSeed payload download attempt (malware-cnc.rules) * 1:59174 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:59175 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:59176 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:59177 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:59178 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:59179 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:59180 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate backwards DLL download attempt (malware-other.rules) * 1:59181 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate backwards DLL download attempt (malware-other.rules) * 1:59182 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:59183 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:59184 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:59185 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:59186 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:59187 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:59188 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:59189 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:59190 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:59191 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:59192 <-> DISABLED <-> DELETED MALWARE-OTHER Win.Trojan.WhisperGate download attempt (deleted.rules) * 1:59193 <-> DISABLED <-> DELETED MALWARE-OTHER Win.Trojan.WhisperGate download attempt (deleted.rules) * 1:59194 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:59195 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:59196 <-> DISABLED <-> MALWARE-OTHER Win.Loader.Agent download attempt (malware-other.rules) * 1:59197 <-> DISABLED <-> MALWARE-OTHER Win.Loader.Agent upload attempt (malware-other.rules) * 1:59198 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Saintbot download attempt (malware-other.rules) * 1:59199 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Saintbot upload attempt (malware-other.rules) * 1:59200 <-> DISABLED <-> MALWARE-OTHER Win.Infostealer.Vidar download attempt (malware-other.rules) * 1:59201 <-> DISABLED <-> MALWARE-OTHER Win.Infostealer.Vidar download attempt (malware-other.rules) * 1:59202 <-> ENABLED <-> MALWARE-CNC Win.Infostealer.Vidar outbound connection attempt (malware-cnc.rules) * 1:59203 <-> ENABLED <-> MALWARE-CNC Win.Infostealer.Vidar outbound connection attempt (malware-cnc.rules) * 1:59204 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Saintbot variant binary download attempt (malware-other.rules) * 1:59205 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Saintbot variant binary upload attempt (malware-other.rules) * 1:59206 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Ursnif variant binary upload attempt (malware-other.rules) * 1:59207 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Ursnif variant binary download attempt (malware-other.rules) * 1:59208 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection (malware-cnc.rules) * 1:59209 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection (malware-cnc.rules) * 1:58990 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Saintbot variant outbound connection (malware-cnc.rules) * 1:58991 <-> ENABLED <-> MALWARE-OTHER Windows Defender disable script detected (malware-other.rules) * 1:59154 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.HermeticRansom binary download attempt (malware-other.rules) * 1:59155 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.HermeticRansom binary download attempt (malware-other.rules) * 1:59156 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.HermeticRansom binary download attempt (malware-other.rules) * 1:59157 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.HermeticRansom binary download attempt (malware-other.rules) * 1:59158 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.HermeticRansom binary download attempt (malware-other.rules) * 1:59159 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.HermeticRansom binary download attempt (malware-other.rules) * 1:59160 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Redline variant outbound request detected (malware-cnc.rules) * 1:59161 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.WhiteBlackCrypt variant binary download attempt (malware-other.rules) * 1:59162 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.WhiteBlackCrypt variant binary download attempt (malware-other.rules) * 1:59163 <-> DISABLED <-> MALWARE-TOOLS Win.Malware.IsaacWiper variant download attempt (malware-tools.rules) * 1:59164 <-> DISABLED <-> MALWARE-TOOLS Win.Malware.IsaacWiper variant download attempt (malware-tools.rules) * 1:59165 <-> DISABLED <-> MALWARE-CNC Win.Malware.SunSeed outbound cnc connection attempt (malware-cnc.rules)
* 1:57605 <-> DISABLED <-> OS-WINDOWS Microsoft Windows HTTP protocol stack remote code execution attempt (os-windows.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091801.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:59198 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Saintbot download attempt (malware-other.rules) * 1:59199 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Saintbot upload attempt (malware-other.rules) * 1:59201 <-> DISABLED <-> MALWARE-OTHER Win.Infostealer.Vidar download attempt (malware-other.rules) * 1:59200 <-> DISABLED <-> MALWARE-OTHER Win.Infostealer.Vidar download attempt (malware-other.rules) * 1:59203 <-> ENABLED <-> MALWARE-CNC Win.Infostealer.Vidar outbound connection attempt (malware-cnc.rules) * 1:59202 <-> ENABLED <-> MALWARE-CNC Win.Infostealer.Vidar outbound connection attempt (malware-cnc.rules) * 1:59204 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Saintbot variant binary download attempt (malware-other.rules) * 1:59205 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Saintbot variant binary upload attempt (malware-other.rules) * 1:59206 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Ursnif variant binary upload attempt (malware-other.rules) * 1:59207 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Ursnif variant binary download attempt (malware-other.rules) * 1:59208 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection (malware-cnc.rules) * 1:59209 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection (malware-cnc.rules) * 1:58991 <-> ENABLED <-> MALWARE-OTHER Windows Defender disable script detected (malware-other.rules) * 1:58990 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Saintbot variant outbound connection (malware-cnc.rules) * 1:59155 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.HermeticRansom binary download attempt (malware-other.rules) * 1:59154 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.HermeticRansom binary download attempt (malware-other.rules) * 1:59157 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.HermeticRansom binary download attempt (malware-other.rules) * 1:59156 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.HermeticRansom binary download attempt (malware-other.rules) * 1:59159 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.HermeticRansom binary download attempt (malware-other.rules) * 1:59158 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.HermeticRansom binary download attempt (malware-other.rules) * 1:59161 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.WhiteBlackCrypt variant binary download attempt (malware-other.rules) * 1:59160 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Redline variant outbound request detected (malware-cnc.rules) * 1:59163 <-> DISABLED <-> MALWARE-TOOLS Win.Malware.IsaacWiper variant download attempt (malware-tools.rules) * 1:59162 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.WhiteBlackCrypt variant binary download attempt (malware-other.rules) * 1:59165 <-> DISABLED <-> MALWARE-CNC Win.Malware.SunSeed outbound cnc connection attempt (malware-cnc.rules) * 1:59164 <-> DISABLED <-> MALWARE-TOOLS Win.Malware.IsaacWiper variant download attempt (malware-tools.rules) * 1:59167 <-> ENABLED <-> MALWARE-CNC Xls.Downloader.SunSeed payload download attempt (malware-cnc.rules) * 1:59166 <-> ENABLED <-> MALWARE-CNC Xls.Downloader.SunSeed payload download attempt (malware-cnc.rules) * 1:59169 <-> DISABLED <-> MALWARE-CNC Win.Malware.SunSeed payload download attempt attempt (malware-cnc.rules) * 1:59168 <-> DISABLED <-> MALWARE-CNC Win.Malware.SunSeed outbound cnc connection attempt (malware-cnc.rules) * 1:59171 <-> DISABLED <-> MALWARE-OTHER Xls.Downloader.SunSeed payload download attempt (malware-other.rules) * 1:59170 <-> DISABLED <-> MALWARE-CNC Win.Malware.SunSeed payload download attempt attempt (malware-cnc.rules) * 1:59173 <-> ENABLED <-> MALWARE-CNC Xls.Downloader.SunSeed payload download attempt (malware-cnc.rules) * 1:59172 <-> DISABLED <-> MALWARE-OTHER Xls.Downloader.SunSeed payload download attempt (malware-other.rules) * 1:59175 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:59174 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:59177 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:59176 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:59179 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:59178 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:59181 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate backwards DLL download attempt (malware-other.rules) * 1:59180 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate backwards DLL download attempt (malware-other.rules) * 1:59183 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:59182 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:59185 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:59184 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:59187 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:59186 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:59188 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:59190 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:59189 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:59192 <-> DISABLED <-> DELETED MALWARE-OTHER Win.Trojan.WhisperGate download attempt (deleted.rules) * 1:59191 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:59194 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:59193 <-> DISABLED <-> DELETED MALWARE-OTHER Win.Trojan.WhisperGate download attempt (deleted.rules) * 1:59196 <-> DISABLED <-> MALWARE-OTHER Win.Loader.Agent download attempt (malware-other.rules) * 1:59195 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:59197 <-> DISABLED <-> MALWARE-OTHER Win.Loader.Agent upload attempt (malware-other.rules)
* 1:57605 <-> DISABLED <-> OS-WINDOWS Microsoft Windows HTTP protocol stack remote code execution attempt (os-windows.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091701.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:59197 <-> DISABLED <-> MALWARE-OTHER Win.Loader.Agent upload attempt (malware-other.rules) * 1:59198 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Saintbot download attempt (malware-other.rules) * 1:59209 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection (malware-cnc.rules) * 1:59195 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:59196 <-> DISABLED <-> MALWARE-OTHER Win.Loader.Agent download attempt (malware-other.rules) * 1:59199 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Saintbot upload attempt (malware-other.rules) * 1:59200 <-> DISABLED <-> MALWARE-OTHER Win.Infostealer.Vidar download attempt (malware-other.rules) * 1:59201 <-> DISABLED <-> MALWARE-OTHER Win.Infostealer.Vidar download attempt (malware-other.rules) * 1:59202 <-> ENABLED <-> MALWARE-CNC Win.Infostealer.Vidar outbound connection attempt (malware-cnc.rules) * 1:59203 <-> ENABLED <-> MALWARE-CNC Win.Infostealer.Vidar outbound connection attempt (malware-cnc.rules) * 1:59204 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Saintbot variant binary download attempt (malware-other.rules) * 1:59205 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Saintbot variant binary upload attempt (malware-other.rules) * 1:59206 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Ursnif variant binary upload attempt (malware-other.rules) * 1:59207 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Ursnif variant binary download attempt (malware-other.rules) * 1:59208 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection (malware-cnc.rules) * 1:59194 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:58990 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Saintbot variant outbound connection (malware-cnc.rules) * 1:58991 <-> ENABLED <-> MALWARE-OTHER Windows Defender disable script detected (malware-other.rules) * 1:59154 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.HermeticRansom binary download attempt (malware-other.rules) * 1:59155 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.HermeticRansom binary download attempt (malware-other.rules) * 1:59156 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.HermeticRansom binary download attempt (malware-other.rules) * 1:59157 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.HermeticRansom binary download attempt (malware-other.rules) * 1:59158 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.HermeticRansom binary download attempt (malware-other.rules) * 1:59159 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.HermeticRansom binary download attempt (malware-other.rules) * 1:59160 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Redline variant outbound request detected (malware-cnc.rules) * 1:59161 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.WhiteBlackCrypt variant binary download attempt (malware-other.rules) * 1:59162 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.WhiteBlackCrypt variant binary download attempt (malware-other.rules) * 1:59163 <-> DISABLED <-> MALWARE-TOOLS Win.Malware.IsaacWiper variant download attempt (malware-tools.rules) * 1:59164 <-> DISABLED <-> MALWARE-TOOLS Win.Malware.IsaacWiper variant download attempt (malware-tools.rules) * 1:59165 <-> DISABLED <-> MALWARE-CNC Win.Malware.SunSeed outbound cnc connection attempt (malware-cnc.rules) * 1:59166 <-> ENABLED <-> MALWARE-CNC Xls.Downloader.SunSeed payload download attempt (malware-cnc.rules) * 1:59167 <-> ENABLED <-> MALWARE-CNC Xls.Downloader.SunSeed payload download attempt (malware-cnc.rules) * 1:59168 <-> DISABLED <-> MALWARE-CNC Win.Malware.SunSeed outbound cnc connection attempt (malware-cnc.rules) * 1:59169 <-> DISABLED <-> MALWARE-CNC Win.Malware.SunSeed payload download attempt attempt (malware-cnc.rules) * 1:59170 <-> DISABLED <-> MALWARE-CNC Win.Malware.SunSeed payload download attempt attempt (malware-cnc.rules) * 1:59171 <-> DISABLED <-> MALWARE-OTHER Xls.Downloader.SunSeed payload download attempt (malware-other.rules) * 1:59172 <-> DISABLED <-> MALWARE-OTHER Xls.Downloader.SunSeed payload download attempt (malware-other.rules) * 1:59173 <-> ENABLED <-> MALWARE-CNC Xls.Downloader.SunSeed payload download attempt (malware-cnc.rules) * 1:59174 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:59175 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:59176 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:59177 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:59178 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:59179 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:59180 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate backwards DLL download attempt (malware-other.rules) * 1:59181 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate backwards DLL download attempt (malware-other.rules) * 1:59182 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:59183 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:59184 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:59185 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:59186 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:59187 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:59188 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:59189 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:59190 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:59191 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:59192 <-> DISABLED <-> DELETED MALWARE-OTHER Win.Trojan.WhisperGate download attempt (deleted.rules) * 1:59193 <-> DISABLED <-> DELETED MALWARE-OTHER Win.Trojan.WhisperGate download attempt (deleted.rules)
* 1:57605 <-> DISABLED <-> OS-WINDOWS Microsoft Windows HTTP protocol stack remote code execution attempt (os-windows.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091700.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:59202 <-> ENABLED <-> MALWARE-CNC Win.Infostealer.Vidar outbound connection attempt (malware-cnc.rules) * 1:59198 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Saintbot download attempt (malware-other.rules) * 1:59200 <-> DISABLED <-> MALWARE-OTHER Win.Infostealer.Vidar download attempt (malware-other.rules) * 1:59201 <-> DISABLED <-> MALWARE-OTHER Win.Infostealer.Vidar download attempt (malware-other.rules) * 1:59199 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Saintbot upload attempt (malware-other.rules) * 1:59156 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.HermeticRansom binary download attempt (malware-other.rules) * 1:59203 <-> ENABLED <-> MALWARE-CNC Win.Infostealer.Vidar outbound connection attempt (malware-cnc.rules) * 1:59204 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Saintbot variant binary download attempt (malware-other.rules) * 1:59206 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Ursnif variant binary upload attempt (malware-other.rules) * 1:59207 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Ursnif variant binary download attempt (malware-other.rules) * 1:59208 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection (malware-cnc.rules) * 1:59209 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection (malware-cnc.rules) * 1:59205 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Saintbot variant binary upload attempt (malware-other.rules) * 1:58990 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Saintbot variant outbound connection (malware-cnc.rules) * 1:58991 <-> ENABLED <-> MALWARE-OTHER Windows Defender disable script detected (malware-other.rules) * 1:59154 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.HermeticRansom binary download attempt (malware-other.rules) * 1:59155 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.HermeticRansom binary download attempt (malware-other.rules) * 1:59157 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.HermeticRansom binary download attempt (malware-other.rules) * 1:59159 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.HermeticRansom binary download attempt (malware-other.rules) * 1:59158 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.HermeticRansom binary download attempt (malware-other.rules) * 1:59161 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.WhiteBlackCrypt variant binary download attempt (malware-other.rules) * 1:59160 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Redline variant outbound request detected (malware-cnc.rules) * 1:59163 <-> DISABLED <-> MALWARE-TOOLS Win.Malware.IsaacWiper variant download attempt (malware-tools.rules) * 1:59162 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.WhiteBlackCrypt variant binary download attempt (malware-other.rules) * 1:59165 <-> DISABLED <-> MALWARE-CNC Win.Malware.SunSeed outbound cnc connection attempt (malware-cnc.rules) * 1:59164 <-> DISABLED <-> MALWARE-TOOLS Win.Malware.IsaacWiper variant download attempt (malware-tools.rules) * 1:59167 <-> ENABLED <-> MALWARE-CNC Xls.Downloader.SunSeed payload download attempt (malware-cnc.rules) * 1:59166 <-> ENABLED <-> MALWARE-CNC Xls.Downloader.SunSeed payload download attempt (malware-cnc.rules) * 1:59169 <-> DISABLED <-> MALWARE-CNC Win.Malware.SunSeed payload download attempt attempt (malware-cnc.rules) * 1:59168 <-> DISABLED <-> MALWARE-CNC Win.Malware.SunSeed outbound cnc connection attempt (malware-cnc.rules) * 1:59171 <-> DISABLED <-> MALWARE-OTHER Xls.Downloader.SunSeed payload download attempt (malware-other.rules) * 1:59170 <-> DISABLED <-> MALWARE-CNC Win.Malware.SunSeed payload download attempt attempt (malware-cnc.rules) * 1:59173 <-> ENABLED <-> MALWARE-CNC Xls.Downloader.SunSeed payload download attempt (malware-cnc.rules) * 1:59172 <-> DISABLED <-> MALWARE-OTHER Xls.Downloader.SunSeed payload download attempt (malware-other.rules) * 1:59175 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:59174 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:59177 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:59176 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:59179 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:59178 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:59181 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate backwards DLL download attempt (malware-other.rules) * 1:59180 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate backwards DLL download attempt (malware-other.rules) * 1:59183 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:59182 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:59186 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:59184 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:59185 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:59188 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:59187 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:59190 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:59189 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:59192 <-> DISABLED <-> DELETED MALWARE-OTHER Win.Trojan.WhisperGate download attempt (deleted.rules) * 1:59191 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:59194 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:59193 <-> DISABLED <-> DELETED MALWARE-OTHER Win.Trojan.WhisperGate download attempt (deleted.rules) * 1:59196 <-> DISABLED <-> MALWARE-OTHER Win.Loader.Agent download attempt (malware-other.rules) * 1:59195 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:59197 <-> DISABLED <-> MALWARE-OTHER Win.Loader.Agent upload attempt (malware-other.rules)
* 1:57605 <-> DISABLED <-> OS-WINDOWS Microsoft Windows HTTP protocol stack remote code execution attempt (os-windows.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091601.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:59198 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Saintbot download attempt (malware-other.rules) * 1:59199 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Saintbot upload attempt (malware-other.rules) * 1:59201 <-> DISABLED <-> MALWARE-OTHER Win.Infostealer.Vidar download attempt (malware-other.rules) * 1:59203 <-> ENABLED <-> MALWARE-CNC Win.Infostealer.Vidar outbound connection attempt (malware-cnc.rules) * 1:59202 <-> ENABLED <-> MALWARE-CNC Win.Infostealer.Vidar outbound connection attempt (malware-cnc.rules) * 1:59204 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Saintbot variant binary download attempt (malware-other.rules) * 1:58990 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Saintbot variant outbound connection (malware-cnc.rules) * 1:59205 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Saintbot variant binary upload attempt (malware-other.rules) * 1:58991 <-> ENABLED <-> MALWARE-OTHER Windows Defender disable script detected (malware-other.rules) * 1:59154 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.HermeticRansom binary download attempt (malware-other.rules) * 1:59155 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.HermeticRansom binary download attempt (malware-other.rules) * 1:59156 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.HermeticRansom binary download attempt (malware-other.rules) * 1:59197 <-> DISABLED <-> MALWARE-OTHER Win.Loader.Agent upload attempt (malware-other.rules) * 1:59207 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Ursnif variant binary download attempt (malware-other.rules) * 1:59206 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Ursnif variant binary upload attempt (malware-other.rules) * 1:59209 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection (malware-cnc.rules) * 1:59208 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection (malware-cnc.rules) * 1:59157 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.HermeticRansom binary download attempt (malware-other.rules) * 1:59158 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.HermeticRansom binary download attempt (malware-other.rules) * 1:59159 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.HermeticRansom binary download attempt (malware-other.rules) * 1:59160 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Redline variant outbound request detected (malware-cnc.rules) * 1:59161 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.WhiteBlackCrypt variant binary download attempt (malware-other.rules) * 1:59162 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.WhiteBlackCrypt variant binary download attempt (malware-other.rules) * 1:59163 <-> DISABLED <-> MALWARE-TOOLS Win.Malware.IsaacWiper variant download attempt (malware-tools.rules) * 1:59164 <-> DISABLED <-> MALWARE-TOOLS Win.Malware.IsaacWiper variant download attempt (malware-tools.rules) * 1:59165 <-> DISABLED <-> MALWARE-CNC Win.Malware.SunSeed outbound cnc connection attempt (malware-cnc.rules) * 1:59166 <-> ENABLED <-> MALWARE-CNC Xls.Downloader.SunSeed payload download attempt (malware-cnc.rules) * 1:59167 <-> ENABLED <-> MALWARE-CNC Xls.Downloader.SunSeed payload download attempt (malware-cnc.rules) * 1:59168 <-> DISABLED <-> MALWARE-CNC Win.Malware.SunSeed outbound cnc connection attempt (malware-cnc.rules) * 1:59169 <-> DISABLED <-> MALWARE-CNC Win.Malware.SunSeed payload download attempt attempt (malware-cnc.rules) * 1:59170 <-> DISABLED <-> MALWARE-CNC Win.Malware.SunSeed payload download attempt attempt (malware-cnc.rules) * 1:59171 <-> DISABLED <-> MALWARE-OTHER Xls.Downloader.SunSeed payload download attempt (malware-other.rules) * 1:59172 <-> DISABLED <-> MALWARE-OTHER Xls.Downloader.SunSeed payload download attempt (malware-other.rules) * 1:59173 <-> ENABLED <-> MALWARE-CNC Xls.Downloader.SunSeed payload download attempt (malware-cnc.rules) * 1:59174 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:59175 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:59176 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:59177 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:59178 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:59179 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:59180 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate backwards DLL download attempt (malware-other.rules) * 1:59181 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate backwards DLL download attempt (malware-other.rules) * 1:59182 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:59183 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:59184 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:59185 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:59186 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:59187 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:59188 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:59189 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:59190 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:59191 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:59192 <-> DISABLED <-> DELETED MALWARE-OTHER Win.Trojan.WhisperGate download attempt (deleted.rules) * 1:59193 <-> DISABLED <-> DELETED MALWARE-OTHER Win.Trojan.WhisperGate download attempt (deleted.rules) * 1:59194 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:59195 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:59196 <-> DISABLED <-> MALWARE-OTHER Win.Loader.Agent download attempt (malware-other.rules) * 1:59200 <-> DISABLED <-> MALWARE-OTHER Win.Infostealer.Vidar download attempt (malware-other.rules)
* 1:57605 <-> DISABLED <-> OS-WINDOWS Microsoft Windows HTTP protocol stack remote code execution attempt (os-windows.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091600.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:59200 <-> DISABLED <-> MALWARE-OTHER Win.Infostealer.Vidar download attempt (malware-other.rules) * 1:59201 <-> DISABLED <-> MALWARE-OTHER Win.Infostealer.Vidar download attempt (malware-other.rules) * 1:59206 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Ursnif variant binary upload attempt (malware-other.rules) * 1:59197 <-> DISABLED <-> MALWARE-OTHER Win.Loader.Agent upload attempt (malware-other.rules) * 1:59196 <-> DISABLED <-> MALWARE-OTHER Win.Loader.Agent download attempt (malware-other.rules) * 1:59199 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Saintbot upload attempt (malware-other.rules) * 1:59158 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.HermeticRansom binary download attempt (malware-other.rules) * 1:59156 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.HermeticRansom binary download attempt (malware-other.rules) * 1:59160 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Redline variant outbound request detected (malware-cnc.rules) * 1:59157 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.HermeticRansom binary download attempt (malware-other.rules) * 1:59162 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.WhiteBlackCrypt variant binary download attempt (malware-other.rules) * 1:59159 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.HermeticRansom binary download attempt (malware-other.rules) * 1:59164 <-> DISABLED <-> MALWARE-TOOLS Win.Malware.IsaacWiper variant download attempt (malware-tools.rules) * 1:59161 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.WhiteBlackCrypt variant binary download attempt (malware-other.rules) * 1:59166 <-> ENABLED <-> MALWARE-CNC Xls.Downloader.SunSeed payload download attempt (malware-cnc.rules) * 1:59163 <-> DISABLED <-> MALWARE-TOOLS Win.Malware.IsaacWiper variant download attempt (malware-tools.rules) * 1:59168 <-> DISABLED <-> MALWARE-CNC Win.Malware.SunSeed outbound cnc connection attempt (malware-cnc.rules) * 1:59165 <-> DISABLED <-> MALWARE-CNC Win.Malware.SunSeed outbound cnc connection attempt (malware-cnc.rules) * 1:59170 <-> DISABLED <-> MALWARE-CNC Win.Malware.SunSeed payload download attempt attempt (malware-cnc.rules) * 1:59167 <-> ENABLED <-> MALWARE-CNC Xls.Downloader.SunSeed payload download attempt (malware-cnc.rules) * 1:59172 <-> DISABLED <-> MALWARE-OTHER Xls.Downloader.SunSeed payload download attempt (malware-other.rules) * 1:59169 <-> DISABLED <-> MALWARE-CNC Win.Malware.SunSeed payload download attempt attempt (malware-cnc.rules) * 1:59174 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:59171 <-> DISABLED <-> MALWARE-OTHER Xls.Downloader.SunSeed payload download attempt (malware-other.rules) * 1:59176 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:59173 <-> ENABLED <-> MALWARE-CNC Xls.Downloader.SunSeed payload download attempt (malware-cnc.rules) * 1:59178 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:59175 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:59180 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate backwards DLL download attempt (malware-other.rules) * 1:59177 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:59182 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:59179 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:59184 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:59181 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate backwards DLL download attempt (malware-other.rules) * 1:59202 <-> ENABLED <-> MALWARE-CNC Win.Infostealer.Vidar outbound connection attempt (malware-cnc.rules) * 1:58991 <-> ENABLED <-> MALWARE-OTHER Windows Defender disable script detected (malware-other.rules) * 1:58990 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Saintbot variant outbound connection (malware-cnc.rules) * 1:59155 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.HermeticRansom binary download attempt (malware-other.rules) * 1:59154 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.HermeticRansom binary download attempt (malware-other.rules) * 1:59203 <-> ENABLED <-> MALWARE-CNC Win.Infostealer.Vidar outbound connection attempt (malware-cnc.rules) * 1:59207 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Ursnif variant binary download attempt (malware-other.rules) * 1:59208 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection (malware-cnc.rules) * 1:59209 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection (malware-cnc.rules) * 1:59183 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:59185 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:59186 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:59187 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:59189 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:59191 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:59188 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:59193 <-> DISABLED <-> DELETED MALWARE-OTHER Win.Trojan.WhisperGate download attempt (deleted.rules) * 1:59190 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:59195 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:59192 <-> DISABLED <-> DELETED MALWARE-OTHER Win.Trojan.WhisperGate download attempt (deleted.rules) * 1:59194 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:59205 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Saintbot variant binary upload attempt (malware-other.rules) * 1:59198 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Saintbot download attempt (malware-other.rules) * 1:59204 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Saintbot variant binary download attempt (malware-other.rules)
* 1:57605 <-> DISABLED <-> OS-WINDOWS Microsoft Windows HTTP protocol stack remote code execution attempt (os-windows.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091501.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:59199 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Saintbot upload attempt (malware-other.rules) * 1:59194 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:59173 <-> ENABLED <-> MALWARE-CNC Xls.Downloader.SunSeed payload download attempt (malware-cnc.rules) * 1:59198 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Saintbot download attempt (malware-other.rules) * 1:59201 <-> DISABLED <-> MALWARE-OTHER Win.Infostealer.Vidar download attempt (malware-other.rules) * 1:59196 <-> DISABLED <-> MALWARE-OTHER Win.Loader.Agent download attempt (malware-other.rules) * 1:59197 <-> DISABLED <-> MALWARE-OTHER Win.Loader.Agent upload attempt (malware-other.rules) * 1:59203 <-> ENABLED <-> MALWARE-CNC Win.Infostealer.Vidar outbound connection attempt (malware-cnc.rules) * 1:59195 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:59204 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Saintbot variant binary download attempt (malware-other.rules) * 1:59175 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:59205 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Saintbot variant binary upload attempt (malware-other.rules) * 1:59178 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:59176 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:59174 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:58991 <-> ENABLED <-> MALWARE-OTHER Windows Defender disable script detected (malware-other.rules) * 1:59155 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.HermeticRansom binary download attempt (malware-other.rules) * 1:59154 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.HermeticRansom binary download attempt (malware-other.rules) * 1:59157 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.HermeticRansom binary download attempt (malware-other.rules) * 1:58990 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Saintbot variant outbound connection (malware-cnc.rules) * 1:59159 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.HermeticRansom binary download attempt (malware-other.rules) * 1:59158 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.HermeticRansom binary download attempt (malware-other.rules) * 1:59161 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.WhiteBlackCrypt variant binary download attempt (malware-other.rules) * 1:59156 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.HermeticRansom binary download attempt (malware-other.rules) * 1:59163 <-> DISABLED <-> MALWARE-TOOLS Win.Malware.IsaacWiper variant download attempt (malware-tools.rules) * 1:59162 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.WhiteBlackCrypt variant binary download attempt (malware-other.rules) * 1:59165 <-> DISABLED <-> MALWARE-CNC Win.Malware.SunSeed outbound cnc connection attempt (malware-cnc.rules) * 1:59160 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Redline variant outbound request detected (malware-cnc.rules) * 1:59167 <-> ENABLED <-> MALWARE-CNC Xls.Downloader.SunSeed payload download attempt (malware-cnc.rules) * 1:59166 <-> ENABLED <-> MALWARE-CNC Xls.Downloader.SunSeed payload download attempt (malware-cnc.rules) * 1:59169 <-> DISABLED <-> MALWARE-CNC Win.Malware.SunSeed payload download attempt attempt (malware-cnc.rules) * 1:59164 <-> DISABLED <-> MALWARE-TOOLS Win.Malware.IsaacWiper variant download attempt (malware-tools.rules) * 1:59171 <-> DISABLED <-> MALWARE-OTHER Xls.Downloader.SunSeed payload download attempt (malware-other.rules) * 1:59170 <-> DISABLED <-> MALWARE-CNC Win.Malware.SunSeed payload download attempt attempt (malware-cnc.rules) * 1:59184 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:59168 <-> DISABLED <-> MALWARE-CNC Win.Malware.SunSeed outbound cnc connection attempt (malware-cnc.rules) * 1:59182 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:59188 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:59190 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:59172 <-> DISABLED <-> MALWARE-OTHER Xls.Downloader.SunSeed payload download attempt (malware-other.rules) * 1:59192 <-> DISABLED <-> DELETED MALWARE-OTHER Win.Trojan.WhisperGate download attempt (deleted.rules) * 1:59185 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:59193 <-> DISABLED <-> DELETED MALWARE-OTHER Win.Trojan.WhisperGate download attempt (deleted.rules) * 1:59183 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:59187 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:59186 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:59191 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:59189 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:59207 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Ursnif variant binary download attempt (malware-other.rules) * 1:59209 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection (malware-cnc.rules) * 1:59206 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Ursnif variant binary upload attempt (malware-other.rules) * 1:59208 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection (malware-cnc.rules) * 1:59179 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:59180 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate backwards DLL download attempt (malware-other.rules) * 1:59181 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate backwards DLL download attempt (malware-other.rules) * 1:59177 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:59200 <-> DISABLED <-> MALWARE-OTHER Win.Infostealer.Vidar download attempt (malware-other.rules) * 1:59202 <-> ENABLED <-> MALWARE-CNC Win.Infostealer.Vidar outbound connection attempt (malware-cnc.rules)
* 1:57605 <-> DISABLED <-> OS-WINDOWS Microsoft Windows HTTP protocol stack remote code execution attempt (os-windows.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091401.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:59209 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection (malware-cnc.rules) * 1:59208 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection (malware-cnc.rules) * 1:59197 <-> DISABLED <-> MALWARE-OTHER Win.Loader.Agent upload attempt (malware-other.rules) * 1:59198 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Saintbot download attempt (malware-other.rules) * 1:59192 <-> DISABLED <-> DELETED MALWARE-OTHER Win.Trojan.WhisperGate download attempt (deleted.rules) * 1:59193 <-> DISABLED <-> DELETED MALWARE-OTHER Win.Trojan.WhisperGate download attempt (deleted.rules) * 1:59196 <-> DISABLED <-> MALWARE-OTHER Win.Loader.Agent download attempt (malware-other.rules) * 1:59195 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:59168 <-> DISABLED <-> MALWARE-CNC Win.Malware.SunSeed outbound cnc connection attempt (malware-cnc.rules) * 1:59167 <-> ENABLED <-> MALWARE-CNC Xls.Downloader.SunSeed payload download attempt (malware-cnc.rules) * 1:59194 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:59165 <-> DISABLED <-> MALWARE-CNC Win.Malware.SunSeed outbound cnc connection attempt (malware-cnc.rules) * 1:59171 <-> DISABLED <-> MALWARE-OTHER Xls.Downloader.SunSeed payload download attempt (malware-other.rules) * 1:59191 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:59184 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:59169 <-> DISABLED <-> MALWARE-CNC Win.Malware.SunSeed payload download attempt attempt (malware-cnc.rules) * 1:59187 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:59188 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:59185 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:59175 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:59190 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:59179 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:59177 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:59180 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate backwards DLL download attempt (malware-other.rules) * 1:59189 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:59183 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:59172 <-> DISABLED <-> MALWARE-OTHER Xls.Downloader.SunSeed payload download attempt (malware-other.rules) * 1:59182 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:59170 <-> DISABLED <-> MALWARE-CNC Win.Malware.SunSeed payload download attempt attempt (malware-cnc.rules) * 1:59178 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:59181 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate backwards DLL download attempt (malware-other.rules) * 1:59173 <-> ENABLED <-> MALWARE-CNC Xls.Downloader.SunSeed payload download attempt (malware-cnc.rules) * 1:59174 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:59176 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:59199 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Saintbot upload attempt (malware-other.rules) * 1:59186 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:59201 <-> DISABLED <-> MALWARE-OTHER Win.Infostealer.Vidar download attempt (malware-other.rules) * 1:59200 <-> DISABLED <-> MALWARE-OTHER Win.Infostealer.Vidar download attempt (malware-other.rules) * 1:59202 <-> ENABLED <-> MALWARE-CNC Win.Infostealer.Vidar outbound connection attempt (malware-cnc.rules) * 1:59203 <-> ENABLED <-> MALWARE-CNC Win.Infostealer.Vidar outbound connection attempt (malware-cnc.rules) * 1:59204 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Saintbot variant binary download attempt (malware-other.rules) * 1:59205 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Saintbot variant binary upload attempt (malware-other.rules) * 1:59206 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Ursnif variant binary upload attempt (malware-other.rules) * 1:58990 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Saintbot variant outbound connection (malware-cnc.rules) * 1:59156 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.HermeticRansom binary download attempt (malware-other.rules) * 1:59155 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.HermeticRansom binary download attempt (malware-other.rules) * 1:59158 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.HermeticRansom binary download attempt (malware-other.rules) * 1:58991 <-> ENABLED <-> MALWARE-OTHER Windows Defender disable script detected (malware-other.rules) * 1:59160 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Redline variant outbound request detected (malware-cnc.rules) * 1:59159 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.HermeticRansom binary download attempt (malware-other.rules) * 1:59162 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.WhiteBlackCrypt variant binary download attempt (malware-other.rules) * 1:59157 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.HermeticRansom binary download attempt (malware-other.rules) * 1:59164 <-> DISABLED <-> MALWARE-TOOLS Win.Malware.IsaacWiper variant download attempt (malware-tools.rules) * 1:59163 <-> DISABLED <-> MALWARE-TOOLS Win.Malware.IsaacWiper variant download attempt (malware-tools.rules) * 1:59166 <-> ENABLED <-> MALWARE-CNC Xls.Downloader.SunSeed payload download attempt (malware-cnc.rules) * 1:59161 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.WhiteBlackCrypt variant binary download attempt (malware-other.rules) * 1:59207 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Ursnif variant binary download attempt (malware-other.rules) * 1:59154 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.HermeticRansom binary download attempt (malware-other.rules)
* 1:57605 <-> DISABLED <-> OS-WINDOWS Microsoft Windows HTTP protocol stack remote code execution attempt (os-windows.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091300.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:59200 <-> DISABLED <-> MALWARE-OTHER Win.Infostealer.Vidar download attempt (malware-other.rules) * 1:59202 <-> ENABLED <-> MALWARE-CNC Win.Infostealer.Vidar outbound connection attempt (malware-cnc.rules) * 1:59198 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Saintbot download attempt (malware-other.rules) * 1:59203 <-> ENABLED <-> MALWARE-CNC Win.Infostealer.Vidar outbound connection attempt (malware-cnc.rules) * 1:59179 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:59187 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:59193 <-> DISABLED <-> DELETED MALWARE-OTHER Win.Trojan.WhisperGate download attempt (deleted.rules) * 1:59205 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Saintbot variant binary upload attempt (malware-other.rules) * 1:59206 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Ursnif variant binary upload attempt (malware-other.rules) * 1:59207 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Ursnif variant binary download attempt (malware-other.rules) * 1:59191 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:59208 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection (malware-cnc.rules) * 1:59185 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:59209 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection (malware-cnc.rules) * 1:59197 <-> DISABLED <-> MALWARE-OTHER Win.Loader.Agent upload attempt (malware-other.rules) * 1:59195 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:59186 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:58991 <-> ENABLED <-> MALWARE-OTHER Windows Defender disable script detected (malware-other.rules) * 1:59188 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:59190 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:59157 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.HermeticRansom binary download attempt (malware-other.rules) * 1:59192 <-> DISABLED <-> DELETED MALWARE-OTHER Win.Trojan.WhisperGate download attempt (deleted.rules) * 1:59154 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.HermeticRansom binary download attempt (malware-other.rules) * 1:59194 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:59173 <-> ENABLED <-> MALWARE-CNC Xls.Downloader.SunSeed payload download attempt (malware-cnc.rules) * 1:59196 <-> DISABLED <-> MALWARE-OTHER Win.Loader.Agent download attempt (malware-other.rules) * 1:59161 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.WhiteBlackCrypt variant binary download attempt (malware-other.rules) * 1:59164 <-> DISABLED <-> MALWARE-TOOLS Win.Malware.IsaacWiper variant download attempt (malware-tools.rules) * 1:59170 <-> DISABLED <-> MALWARE-CNC Win.Malware.SunSeed payload download attempt attempt (malware-cnc.rules) * 1:59163 <-> DISABLED <-> MALWARE-TOOLS Win.Malware.IsaacWiper variant download attempt (malware-tools.rules) * 1:59168 <-> DISABLED <-> MALWARE-CNC Win.Malware.SunSeed outbound cnc connection attempt (malware-cnc.rules) * 1:59172 <-> DISABLED <-> MALWARE-OTHER Xls.Downloader.SunSeed payload download attempt (malware-other.rules) * 1:59174 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:59162 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.WhiteBlackCrypt variant binary download attempt (malware-other.rules) * 1:59176 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:59180 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate backwards DLL download attempt (malware-other.rules) * 1:59204 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Saintbot variant binary download attempt (malware-other.rules) * 1:58990 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Saintbot variant outbound connection (malware-cnc.rules) * 1:59182 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:59181 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate backwards DLL download attempt (malware-other.rules) * 1:59183 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:59178 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:59184 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:59189 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:59167 <-> ENABLED <-> MALWARE-CNC Xls.Downloader.SunSeed payload download attempt (malware-cnc.rules) * 1:59175 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:59160 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Redline variant outbound request detected (malware-cnc.rules) * 1:59171 <-> DISABLED <-> MALWARE-OTHER Xls.Downloader.SunSeed payload download attempt (malware-other.rules) * 1:59158 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.HermeticRansom binary download attempt (malware-other.rules) * 1:59165 <-> DISABLED <-> MALWARE-CNC Win.Malware.SunSeed outbound cnc connection attempt (malware-cnc.rules) * 1:59166 <-> ENABLED <-> MALWARE-CNC Xls.Downloader.SunSeed payload download attempt (malware-cnc.rules) * 1:59169 <-> DISABLED <-> MALWARE-CNC Win.Malware.SunSeed payload download attempt attempt (malware-cnc.rules) * 1:59155 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.HermeticRansom binary download attempt (malware-other.rules) * 1:59156 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.HermeticRansom binary download attempt (malware-other.rules) * 1:59177 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:59201 <-> DISABLED <-> MALWARE-OTHER Win.Infostealer.Vidar download attempt (malware-other.rules) * 1:59199 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Saintbot upload attempt (malware-other.rules) * 1:59159 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.HermeticRansom binary download attempt (malware-other.rules)
* 1:57605 <-> DISABLED <-> OS-WINDOWS Microsoft Windows HTTP protocol stack remote code execution attempt (os-windows.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091101.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:59196 <-> DISABLED <-> MALWARE-OTHER Win.Loader.Agent download attempt (malware-other.rules) * 1:59204 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Saintbot variant binary download attempt (malware-other.rules) * 1:59201 <-> DISABLED <-> MALWARE-OTHER Win.Infostealer.Vidar download attempt (malware-other.rules) * 1:59195 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:59175 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:59207 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Ursnif variant binary download attempt (malware-other.rules) * 1:59155 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.HermeticRansom binary download attempt (malware-other.rules) * 1:59160 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Redline variant outbound request detected (malware-cnc.rules) * 1:59190 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:59191 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:59158 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.HermeticRansom binary download attempt (malware-other.rules) * 1:59186 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:59184 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:59164 <-> DISABLED <-> MALWARE-TOOLS Win.Malware.IsaacWiper variant download attempt (malware-tools.rules) * 1:59200 <-> DISABLED <-> MALWARE-OTHER Win.Infostealer.Vidar download attempt (malware-other.rules) * 1:59171 <-> DISABLED <-> MALWARE-OTHER Xls.Downloader.SunSeed payload download attempt (malware-other.rules) * 1:59167 <-> ENABLED <-> MALWARE-CNC Xls.Downloader.SunSeed payload download attempt (malware-cnc.rules) * 1:59209 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection (malware-cnc.rules) * 1:59165 <-> DISABLED <-> MALWARE-CNC Win.Malware.SunSeed outbound cnc connection attempt (malware-cnc.rules) * 1:59187 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:59188 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:59182 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:59168 <-> DISABLED <-> MALWARE-CNC Win.Malware.SunSeed outbound cnc connection attempt (malware-cnc.rules) * 1:59189 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:59166 <-> ENABLED <-> MALWARE-CNC Xls.Downloader.SunSeed payload download attempt (malware-cnc.rules) * 1:59185 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:59205 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Saintbot variant binary upload attempt (malware-other.rules) * 1:59169 <-> DISABLED <-> MALWARE-CNC Win.Malware.SunSeed payload download attempt attempt (malware-cnc.rules) * 1:59162 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.WhiteBlackCrypt variant binary download attempt (malware-other.rules) * 1:59170 <-> DISABLED <-> MALWARE-CNC Win.Malware.SunSeed payload download attempt attempt (malware-cnc.rules) * 1:59183 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:59202 <-> ENABLED <-> MALWARE-CNC Win.Infostealer.Vidar outbound connection attempt (malware-cnc.rules) * 1:59172 <-> DISABLED <-> MALWARE-OTHER Xls.Downloader.SunSeed payload download attempt (malware-other.rules) * 1:59192 <-> DISABLED <-> DELETED MALWARE-OTHER Win.Trojan.WhisperGate download attempt (deleted.rules) * 1:59174 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:59193 <-> DISABLED <-> DELETED MALWARE-OTHER Win.Trojan.WhisperGate download attempt (deleted.rules) * 1:59179 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:59194 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:59203 <-> ENABLED <-> MALWARE-CNC Win.Infostealer.Vidar outbound connection attempt (malware-cnc.rules) * 1:59173 <-> ENABLED <-> MALWARE-CNC Xls.Downloader.SunSeed payload download attempt (malware-cnc.rules) * 1:59177 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:59176 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:59178 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:59180 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate backwards DLL download attempt (malware-other.rules) * 1:59154 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.HermeticRansom binary download attempt (malware-other.rules) * 1:59156 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.HermeticRansom binary download attempt (malware-other.rules) * 1:59181 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate backwards DLL download attempt (malware-other.rules) * 1:59157 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.HermeticRansom binary download attempt (malware-other.rules) * 1:59159 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.HermeticRansom binary download attempt (malware-other.rules) * 1:59161 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.WhiteBlackCrypt variant binary download attempt (malware-other.rules) * 1:58991 <-> ENABLED <-> MALWARE-OTHER Windows Defender disable script detected (malware-other.rules) * 1:59163 <-> DISABLED <-> MALWARE-TOOLS Win.Malware.IsaacWiper variant download attempt (malware-tools.rules) * 1:58990 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Saintbot variant outbound connection (malware-cnc.rules) * 1:59206 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Ursnif variant binary upload attempt (malware-other.rules) * 1:59198 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Saintbot download attempt (malware-other.rules) * 1:59197 <-> DISABLED <-> MALWARE-OTHER Win.Loader.Agent upload attempt (malware-other.rules) * 1:59199 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Saintbot upload attempt (malware-other.rules) * 1:59208 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection (malware-cnc.rules)
* 1:57605 <-> DISABLED <-> OS-WINDOWS Microsoft Windows HTTP protocol stack remote code execution attempt (os-windows.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3000.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:59199 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Saintbot upload attempt (snort3-malware-other.rules) * 1:59200 <-> DISABLED <-> MALWARE-OTHER Win.Infostealer.Vidar download attempt (snort3-malware-other.rules) * 1:59201 <-> DISABLED <-> MALWARE-OTHER Win.Infostealer.Vidar download attempt (snort3-malware-other.rules) * 1:59202 <-> ENABLED <-> MALWARE-CNC Win.Infostealer.Vidar outbound connection attempt (snort3-malware-cnc.rules) * 1:59198 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Saintbot download attempt (snort3-malware-other.rules) * 1:59207 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Ursnif variant binary download attempt (snort3-malware-other.rules) * 1:59208 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection (snort3-malware-cnc.rules) * 1:59209 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection (snort3-malware-cnc.rules) * 1:58990 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Saintbot variant outbound connection (snort3-malware-cnc.rules) * 1:58991 <-> ENABLED <-> MALWARE-OTHER Windows Defender disable script detected (snort3-malware-other.rules) * 1:59154 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.HermeticRansom binary download attempt (snort3-malware-other.rules) * 1:59155 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.HermeticRansom binary download attempt (snort3-malware-other.rules) * 1:59156 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.HermeticRansom binary download attempt (snort3-malware-other.rules) * 1:59157 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.HermeticRansom binary download attempt (snort3-malware-other.rules) * 1:59205 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Saintbot variant binary upload attempt (snort3-malware-other.rules) * 1:59158 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.HermeticRansom binary download attempt (snort3-malware-other.rules) * 1:59206 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Ursnif variant binary upload attempt (snort3-malware-other.rules) * 1:59159 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.HermeticRansom binary download attempt (snort3-malware-other.rules) * 1:59160 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Redline variant outbound request detected (snort3-malware-cnc.rules) * 1:59161 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.WhiteBlackCrypt variant binary download attempt (snort3-malware-other.rules) * 1:59162 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.WhiteBlackCrypt variant binary download attempt (snort3-malware-other.rules) * 1:59163 <-> DISABLED <-> MALWARE-TOOLS Win.Malware.IsaacWiper variant download attempt (snort3-malware-tools.rules) * 1:59164 <-> DISABLED <-> MALWARE-TOOLS Win.Malware.IsaacWiper variant download attempt (snort3-malware-tools.rules) * 1:59165 <-> DISABLED <-> MALWARE-CNC Win.Malware.SunSeed outbound cnc connection attempt (snort3-malware-cnc.rules) * 1:59166 <-> ENABLED <-> MALWARE-CNC Xls.Downloader.SunSeed payload download attempt (snort3-malware-cnc.rules) * 1:59167 <-> ENABLED <-> MALWARE-CNC Xls.Downloader.SunSeed payload download attempt (snort3-malware-cnc.rules) * 1:59168 <-> DISABLED <-> MALWARE-CNC Win.Malware.SunSeed outbound cnc connection attempt (snort3-malware-cnc.rules) * 1:59169 <-> DISABLED <-> MALWARE-CNC Win.Malware.SunSeed payload download attempt attempt (snort3-malware-cnc.rules) * 1:59170 <-> DISABLED <-> MALWARE-CNC Win.Malware.SunSeed payload download attempt attempt (snort3-malware-cnc.rules) * 1:59171 <-> DISABLED <-> MALWARE-OTHER Xls.Downloader.SunSeed payload download attempt (snort3-malware-other.rules) * 1:59203 <-> ENABLED <-> MALWARE-CNC Win.Infostealer.Vidar outbound connection attempt (snort3-malware-cnc.rules) * 1:59197 <-> DISABLED <-> MALWARE-OTHER Win.Loader.Agent upload attempt (snort3-malware-other.rules) * 1:59172 <-> DISABLED <-> MALWARE-OTHER Xls.Downloader.SunSeed payload download attempt (snort3-malware-other.rules) * 1:59173 <-> ENABLED <-> MALWARE-CNC Xls.Downloader.SunSeed payload download attempt (snort3-malware-cnc.rules) * 1:59174 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (snort3-malware-other.rules) * 1:59175 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (snort3-malware-other.rules) * 1:59176 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (snort3-malware-other.rules) * 1:59204 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Saintbot variant binary download attempt (snort3-malware-other.rules) * 1:59177 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (snort3-malware-other.rules) * 1:59178 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (snort3-malware-other.rules) * 1:59179 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (snort3-malware-other.rules) * 1:59180 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate backwards DLL download attempt (snort3-malware-other.rules) * 1:59181 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate backwards DLL download attempt (snort3-malware-other.rules) * 1:59182 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (snort3-malware-other.rules) * 1:59183 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (snort3-malware-other.rules) * 1:59184 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (snort3-malware-other.rules) * 1:59185 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (snort3-malware-other.rules) * 1:59186 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (snort3-malware-other.rules) * 1:59187 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (snort3-malware-other.rules) * 1:59188 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (snort3-malware-other.rules) * 1:59189 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (snort3-malware-other.rules) * 1:59190 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (snort3-malware-other.rules) * 1:59191 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (snort3-malware-other.rules) * 1:59192 <-> DISABLED <-> DELETED MALWARE-OTHER Win.Trojan.WhisperGate download attempt (snort3-deleted.rules) * 1:59193 <-> DISABLED <-> DELETED MALWARE-OTHER Win.Trojan.WhisperGate download attempt (snort3-deleted.rules) * 1:59194 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (snort3-malware-other.rules) * 1:59195 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (snort3-malware-other.rules) * 1:59196 <-> DISABLED <-> MALWARE-OTHER Win.Loader.Agent download attempt (snort3-malware-other.rules)
* 1:57605 <-> DISABLED <-> OS-WINDOWS Microsoft Windows HTTP protocol stack remote code execution attempt (snort3-os-windows.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:59200 <-> DISABLED <-> MALWARE-OTHER Win.Infostealer.Vidar download attempt (malware-other.rules) * 1:59167 <-> ENABLED <-> MALWARE-CNC Xls.Downloader.SunSeed payload download attempt (malware-cnc.rules) * 1:59169 <-> DISABLED <-> MALWARE-CNC Win.Malware.SunSeed payload download attempt attempt (malware-cnc.rules) * 1:59193 <-> DISABLED <-> DELETED MALWARE-OTHER Win.Trojan.WhisperGate download attempt (deleted.rules) * 1:59176 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:59209 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection (malware-cnc.rules) * 1:59174 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:59171 <-> DISABLED <-> MALWARE-OTHER Xls.Downloader.SunSeed payload download attempt (malware-other.rules) * 1:59194 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:59198 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Saintbot download attempt (malware-other.rules) * 1:59165 <-> DISABLED <-> MALWARE-CNC Win.Malware.SunSeed outbound cnc connection attempt (malware-cnc.rules) * 1:59195 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:59175 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:59160 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Redline variant outbound request detected (malware-cnc.rules) * 1:59201 <-> DISABLED <-> MALWARE-OTHER Win.Infostealer.Vidar download attempt (malware-other.rules) * 1:59202 <-> ENABLED <-> MALWARE-CNC Win.Infostealer.Vidar outbound connection attempt (malware-cnc.rules) * 1:59203 <-> ENABLED <-> MALWARE-CNC Win.Infostealer.Vidar outbound connection attempt (malware-cnc.rules) * 1:59204 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Saintbot variant binary download attempt (malware-other.rules) * 1:59205 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Saintbot variant binary upload attempt (malware-other.rules) * 1:59185 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:59206 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Ursnif variant binary upload attempt (malware-other.rules) * 1:59207 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Ursnif variant binary download attempt (malware-other.rules) * 1:59164 <-> DISABLED <-> MALWARE-TOOLS Win.Malware.IsaacWiper variant download attempt (malware-tools.rules) * 1:59157 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.HermeticRansom binary download attempt (malware-other.rules) * 1:59159 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.HermeticRansom binary download attempt (malware-other.rules) * 1:59181 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate backwards DLL download attempt (malware-other.rules) * 1:59163 <-> DISABLED <-> MALWARE-TOOLS Win.Malware.IsaacWiper variant download attempt (malware-tools.rules) * 1:59184 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:59158 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.HermeticRansom binary download attempt (malware-other.rules) * 1:58991 <-> ENABLED <-> MALWARE-OTHER Windows Defender disable script detected (malware-other.rules) * 1:59188 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:59156 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.HermeticRansom binary download attempt (malware-other.rules) * 1:59183 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:59161 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.WhiteBlackCrypt variant binary download attempt (malware-other.rules) * 1:59154 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.HermeticRansom binary download attempt (malware-other.rules) * 1:59190 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:59168 <-> DISABLED <-> MALWARE-CNC Win.Malware.SunSeed outbound cnc connection attempt (malware-cnc.rules) * 1:59155 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.HermeticRansom binary download attempt (malware-other.rules) * 1:59208 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection (malware-cnc.rules) * 1:59166 <-> ENABLED <-> MALWARE-CNC Xls.Downloader.SunSeed payload download attempt (malware-cnc.rules) * 1:59199 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Saintbot upload attempt (malware-other.rules) * 1:59196 <-> DISABLED <-> MALWARE-OTHER Win.Loader.Agent download attempt (malware-other.rules) * 1:59180 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate backwards DLL download attempt (malware-other.rules) * 1:59182 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:59179 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:59186 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:59172 <-> DISABLED <-> MALWARE-OTHER Xls.Downloader.SunSeed payload download attempt (malware-other.rules) * 1:59177 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:59178 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:59173 <-> ENABLED <-> MALWARE-CNC Xls.Downloader.SunSeed payload download attempt (malware-cnc.rules) * 1:59187 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:59189 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:59162 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.WhiteBlackCrypt variant binary download attempt (malware-other.rules) * 1:58990 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Saintbot variant outbound connection (malware-cnc.rules) * 1:59197 <-> DISABLED <-> MALWARE-OTHER Win.Loader.Agent upload attempt (malware-other.rules) * 1:59191 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:59192 <-> DISABLED <-> DELETED MALWARE-OTHER Win.Trojan.WhisperGate download attempt (deleted.rules) * 1:59170 <-> DISABLED <-> MALWARE-CNC Win.Malware.SunSeed payload download attempt attempt (malware-cnc.rules)
* 1:57605 <-> DISABLED <-> OS-WINDOWS Microsoft Windows HTTP protocol stack remote code execution attempt (os-windows.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.0.3.1.
The format of the file is:
gid:sid <-> Message
* 1:58990 <-> MALWARE-CNC Win.Trojan.Saintbot variant outbound connection * 1:58991 <-> MALWARE-OTHER Windows Defender disable script detected * 3:59118 <-> SERVER-WEBAPP Cisco Expressway and TelePresence Video Communication Server directory traversal attempt * 3:59119 <-> SERVER-WEBAPP Cisco Expressway and TelePresence Video Communication Server directory traversal attempt * 3:59120 <-> SERVER-WEBAPP Cisco Expressway and TelePresence Video Communication Server directory traversal attempt * 3:59121 <-> SERVER-WEBAPP Cisco Expressway and TelePresence Video Communication Server command injection attempt * 3:59122 <-> SERVER-WEBAPP Cisco Expressway and TelePresence Video Communication Server command injection attempt * 3:59123 <-> SERVER-WEBAPP Cisco Expressway and TelePresence Video Communication Server command injection attempt * 3:59124 <-> SERVER-WEBAPP Cisco Expressway and TelePresence Video Communication Server command injection attempt * 3:59125 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1473 attack attempt * 1:59126 <-> SERVER-WEBAPP Advantech iView UserServlet SQL injection attempt * 1:59127 <-> SERVER-WEBAPP Advantech iView UserServlet SQL injection attempt * 1:59128 <-> SERVER-WEBAPP Advantech iView UserServlet SQL injection attempt * 1:59129 <-> SERVER-WEBAPP VMware vCenter Server file upload attempt * 1:59130 <-> MALWARE-TOOLS Bombardier http DoS tool * 1:59131 <-> MALWARE-OTHER Win.Trojan.Generic download attempt * 1:59132 <-> MALWARE-OTHER Win.Trojan.Generic upload attempt * 1:59133 <-> MALWARE-CNC Win.Trojan.AgentTesla outbound connection attempt * 1:59134 <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink upload attempt * 1:59135 <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink upload attempt * 1:59136 <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink download attempt * 1:59137 <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink download attempt * 1:59138 <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink download attempt * 1:59139 <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink upload attempt * 1:59140 <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink upload attempt * 1:59141 <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink upload attempt * 1:59142 <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink download attempt * 1:59143 <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink download attempt * 3:59144 <-> SERVER-OTHER Cisco Identity Services Engine RADIUS denial of service attempt * 1:59145 <-> MALWARE-OTHER Win.Trojan.Redline variant download attempt * 1:59146 <-> MALWARE-OTHER Win.Trojan.Redline variant upload attempt * 1:59147 <-> MALWARE-OTHER Win.Trojan.Redline variant download attempt * 1:59148 <-> MALWARE-OTHER Win.Trojan.Redline variant download attempt * 1:59149 <-> MALWARE-CNC Win.Trojan.Redline variant outbound request detected * 1:59150 <-> MALWARE-CNC Win.Trojan.Redline variant outbound request detected * 3:59151 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1468 attack attempt * 3:59152 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1474 attack attempt * 3:59153 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1472 attack attempt * 1:59154 <-> MALWARE-OTHER Win.Ransomware.HermeticRansom binary download attempt * 1:59155 <-> MALWARE-OTHER Win.Ransomware.HermeticRansom binary download attempt * 1:59156 <-> MALWARE-OTHER Win.Ransomware.HermeticRansom binary download attempt * 1:59157 <-> MALWARE-OTHER Win.Ransomware.HermeticRansom binary download attempt * 1:59158 <-> MALWARE-OTHER Win.Ransomware.HermeticRansom binary download attempt * 1:59159 <-> MALWARE-OTHER Win.Ransomware.HermeticRansom binary download attempt * 1:59160 <-> MALWARE-CNC Win.Trojan.Redline variant outbound request detected * 1:59161 <-> MALWARE-OTHER Win.Ransomware.WhiteBlackCrypt variant binary download attempt * 1:59162 <-> MALWARE-OTHER Win.Ransomware.WhiteBlackCrypt variant binary download attempt * 1:59163 <-> MALWARE-TOOLS Win.Malware.IsaacWiper variant download attempt * 1:59164 <-> MALWARE-TOOLS Win.Malware.IsaacWiper variant download attempt * 1:59165 <-> MALWARE-CNC Win.Malware.SunSeed outbound cnc connection attempt * 1:59166 <-> MALWARE-CNC Xls.Downloader.SunSeed payload download attempt * 1:59167 <-> MALWARE-CNC Xls.Downloader.SunSeed payload download attempt * 1:59168 <-> MALWARE-CNC Win.Malware.SunSeed outbound cnc connection attempt * 1:59169 <-> MALWARE-CNC Win.Malware.SunSeed payload download attempt attempt * 1:59170 <-> MALWARE-CNC Win.Malware.SunSeed payload download attempt attempt * 1:59171 <-> MALWARE-OTHER Xls.Downloader.SunSeed payload download attempt * 1:59172 <-> MALWARE-OTHER Xls.Downloader.SunSeed payload download attempt * 1:59173 <-> MALWARE-CNC Xls.Downloader.SunSeed payload download attempt * 1:59174 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59175 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59176 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59177 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59178 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59179 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59180 <-> MALWARE-OTHER Win.Trojan.WhisperGate backwards DLL download attempt * 1:59181 <-> MALWARE-OTHER Win.Trojan.WhisperGate backwards DLL download attempt * 1:59182 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59183 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59184 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59185 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59186 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59187 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59188 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59189 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59190 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59191 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59194 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59195 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59196 <-> MALWARE-OTHER Win.Loader.Agent download attempt * 1:59197 <-> MALWARE-OTHER Win.Loader.Agent upload attempt * 1:59198 <-> MALWARE-OTHER Win.Downloader.Saintbot download attempt * 1:59199 <-> MALWARE-OTHER Win.Downloader.Saintbot upload attempt * 1:59200 <-> MALWARE-OTHER Win.Infostealer.Vidar download attempt * 1:59201 <-> MALWARE-OTHER Win.Infostealer.Vidar download attempt * 1:59202 <-> MALWARE-CNC Win.Infostealer.Vidar outbound connection attempt * 1:59203 <-> MALWARE-CNC Win.Infostealer.Vidar outbound connection attempt * 1:59204 <-> MALWARE-OTHER Win.Trojan.Saintbot variant binary download attempt * 1:59205 <-> MALWARE-OTHER Win.Trojan.Saintbot variant binary upload attempt * 1:59206 <-> MALWARE-OTHER Win.Trojan.Ursnif variant binary upload attempt * 1:59207 <-> MALWARE-OTHER Win.Trojan.Ursnif variant binary download attempt * 1:59208 <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection * 1:59209 <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection
* 3:54028 <-> INDICATOR-SHELLCODE Java RMI deserialization exploit attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.0.3.4.
The format of the file is:
gid:sid <-> Message
* 1:58990 <-> MALWARE-CNC Win.Trojan.Saintbot variant outbound connection * 1:58991 <-> MALWARE-OTHER Windows Defender disable script detected * 3:59118 <-> SERVER-WEBAPP Cisco Expressway and TelePresence Video Communication Server directory traversal attempt * 3:59119 <-> SERVER-WEBAPP Cisco Expressway and TelePresence Video Communication Server directory traversal attempt * 3:59120 <-> SERVER-WEBAPP Cisco Expressway and TelePresence Video Communication Server directory traversal attempt * 3:59121 <-> SERVER-WEBAPP Cisco Expressway and TelePresence Video Communication Server command injection attempt * 3:59122 <-> SERVER-WEBAPP Cisco Expressway and TelePresence Video Communication Server command injection attempt * 3:59123 <-> SERVER-WEBAPP Cisco Expressway and TelePresence Video Communication Server command injection attempt * 3:59124 <-> SERVER-WEBAPP Cisco Expressway and TelePresence Video Communication Server command injection attempt * 3:59125 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1473 attack attempt * 1:59126 <-> SERVER-WEBAPP Advantech iView UserServlet SQL injection attempt * 1:59127 <-> SERVER-WEBAPP Advantech iView UserServlet SQL injection attempt * 1:59128 <-> SERVER-WEBAPP Advantech iView UserServlet SQL injection attempt * 1:59129 <-> SERVER-WEBAPP VMware vCenter Server file upload attempt * 1:59130 <-> MALWARE-TOOLS Bombardier http DoS tool * 1:59131 <-> MALWARE-OTHER Win.Trojan.Generic download attempt * 1:59132 <-> MALWARE-OTHER Win.Trojan.Generic upload attempt * 1:59133 <-> MALWARE-CNC Win.Trojan.AgentTesla outbound connection attempt * 1:59134 <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink upload attempt * 1:59135 <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink upload attempt * 1:59136 <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink download attempt * 1:59137 <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink download attempt * 1:59138 <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink download attempt * 1:59139 <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink upload attempt * 1:59140 <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink upload attempt * 1:59141 <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink upload attempt * 1:59142 <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink download attempt * 1:59143 <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink download attempt * 3:59144 <-> SERVER-OTHER Cisco Identity Services Engine RADIUS denial of service attempt * 1:59145 <-> MALWARE-OTHER Win.Trojan.Redline variant download attempt * 1:59146 <-> MALWARE-OTHER Win.Trojan.Redline variant upload attempt * 1:59147 <-> MALWARE-OTHER Win.Trojan.Redline variant download attempt * 1:59148 <-> MALWARE-OTHER Win.Trojan.Redline variant download attempt * 1:59149 <-> MALWARE-CNC Win.Trojan.Redline variant outbound request detected * 1:59150 <-> MALWARE-CNC Win.Trojan.Redline variant outbound request detected * 3:59151 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1468 attack attempt * 3:59152 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1474 attack attempt * 3:59153 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1472 attack attempt * 1:59154 <-> MALWARE-OTHER Win.Ransomware.HermeticRansom binary download attempt * 1:59155 <-> MALWARE-OTHER Win.Ransomware.HermeticRansom binary download attempt * 1:59156 <-> MALWARE-OTHER Win.Ransomware.HermeticRansom binary download attempt * 1:59157 <-> MALWARE-OTHER Win.Ransomware.HermeticRansom binary download attempt * 1:59158 <-> MALWARE-OTHER Win.Ransomware.HermeticRansom binary download attempt * 1:59159 <-> MALWARE-OTHER Win.Ransomware.HermeticRansom binary download attempt * 1:59160 <-> MALWARE-CNC Win.Trojan.Redline variant outbound request detected * 1:59161 <-> MALWARE-OTHER Win.Ransomware.WhiteBlackCrypt variant binary download attempt * 1:59162 <-> MALWARE-OTHER Win.Ransomware.WhiteBlackCrypt variant binary download attempt * 1:59163 <-> MALWARE-TOOLS Win.Malware.IsaacWiper variant download attempt * 1:59164 <-> MALWARE-TOOLS Win.Malware.IsaacWiper variant download attempt * 1:59165 <-> MALWARE-CNC Win.Malware.SunSeed outbound cnc connection attempt * 1:59166 <-> MALWARE-CNC Xls.Downloader.SunSeed payload download attempt * 1:59167 <-> MALWARE-CNC Xls.Downloader.SunSeed payload download attempt * 1:59168 <-> MALWARE-CNC Win.Malware.SunSeed outbound cnc connection attempt * 1:59169 <-> MALWARE-CNC Win.Malware.SunSeed payload download attempt attempt * 1:59170 <-> MALWARE-CNC Win.Malware.SunSeed payload download attempt attempt * 1:59171 <-> MALWARE-OTHER Xls.Downloader.SunSeed payload download attempt * 1:59172 <-> MALWARE-OTHER Xls.Downloader.SunSeed payload download attempt * 1:59173 <-> MALWARE-CNC Xls.Downloader.SunSeed payload download attempt * 1:59174 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59175 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59176 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59177 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59178 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59179 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59180 <-> MALWARE-OTHER Win.Trojan.WhisperGate backwards DLL download attempt * 1:59181 <-> MALWARE-OTHER Win.Trojan.WhisperGate backwards DLL download attempt * 1:59182 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59183 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59184 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59185 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59186 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59187 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59188 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59189 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59190 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59191 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59194 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59195 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59196 <-> MALWARE-OTHER Win.Loader.Agent download attempt * 1:59197 <-> MALWARE-OTHER Win.Loader.Agent upload attempt * 1:59198 <-> MALWARE-OTHER Win.Downloader.Saintbot download attempt * 1:59199 <-> MALWARE-OTHER Win.Downloader.Saintbot upload attempt * 1:59200 <-> MALWARE-OTHER Win.Infostealer.Vidar download attempt * 1:59201 <-> MALWARE-OTHER Win.Infostealer.Vidar download attempt * 1:59202 <-> MALWARE-CNC Win.Infostealer.Vidar outbound connection attempt * 1:59203 <-> MALWARE-CNC Win.Infostealer.Vidar outbound connection attempt * 1:59204 <-> MALWARE-OTHER Win.Trojan.Saintbot variant binary download attempt * 1:59205 <-> MALWARE-OTHER Win.Trojan.Saintbot variant binary upload attempt * 1:59206 <-> MALWARE-OTHER Win.Trojan.Ursnif variant binary upload attempt * 1:59207 <-> MALWARE-OTHER Win.Trojan.Ursnif variant binary download attempt * 1:59208 <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection * 1:59209 <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection
* 3:54028 <-> INDICATOR-SHELLCODE Java RMI deserialization exploit attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.0.0.
The format of the file is:
gid:sid <-> Message
* 1:58990 <-> MALWARE-CNC Win.Trojan.Saintbot variant outbound connection * 1:58991 <-> MALWARE-OTHER Windows Defender disable script detected * 3:59118 <-> SERVER-WEBAPP Cisco Expressway and TelePresence Video Communication Server directory traversal attempt * 3:59119 <-> SERVER-WEBAPP Cisco Expressway and TelePresence Video Communication Server directory traversal attempt * 3:59120 <-> SERVER-WEBAPP Cisco Expressway and TelePresence Video Communication Server directory traversal attempt * 3:59121 <-> SERVER-WEBAPP Cisco Expressway and TelePresence Video Communication Server command injection attempt * 3:59122 <-> SERVER-WEBAPP Cisco Expressway and TelePresence Video Communication Server command injection attempt * 3:59123 <-> SERVER-WEBAPP Cisco Expressway and TelePresence Video Communication Server command injection attempt * 3:59124 <-> SERVER-WEBAPP Cisco Expressway and TelePresence Video Communication Server command injection attempt * 3:59125 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1473 attack attempt * 1:59126 <-> SERVER-WEBAPP Advantech iView UserServlet SQL injection attempt * 1:59127 <-> SERVER-WEBAPP Advantech iView UserServlet SQL injection attempt * 1:59128 <-> SERVER-WEBAPP Advantech iView UserServlet SQL injection attempt * 1:59129 <-> SERVER-WEBAPP VMware vCenter Server file upload attempt * 1:59130 <-> MALWARE-TOOLS Bombardier http DoS tool * 1:59131 <-> MALWARE-OTHER Win.Trojan.Generic download attempt * 1:59132 <-> MALWARE-OTHER Win.Trojan.Generic upload attempt * 1:59133 <-> MALWARE-CNC Win.Trojan.AgentTesla outbound connection attempt * 1:59134 <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink upload attempt * 1:59135 <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink upload attempt * 1:59136 <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink download attempt * 1:59137 <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink download attempt * 1:59138 <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink download attempt * 1:59139 <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink upload attempt * 1:59140 <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink upload attempt * 1:59141 <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink upload attempt * 1:59142 <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink download attempt * 1:59143 <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink download attempt * 3:59144 <-> SERVER-OTHER Cisco Identity Services Engine RADIUS denial of service attempt * 1:59145 <-> MALWARE-OTHER Win.Trojan.Redline variant download attempt * 1:59146 <-> MALWARE-OTHER Win.Trojan.Redline variant upload attempt * 1:59147 <-> MALWARE-OTHER Win.Trojan.Redline variant download attempt * 1:59148 <-> MALWARE-OTHER Win.Trojan.Redline variant download attempt * 1:59149 <-> MALWARE-CNC Win.Trojan.Redline variant outbound request detected * 1:59150 <-> MALWARE-CNC Win.Trojan.Redline variant outbound request detected * 3:59151 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1468 attack attempt * 3:59152 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1474 attack attempt * 3:59153 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1472 attack attempt * 1:59154 <-> MALWARE-OTHER Win.Ransomware.HermeticRansom binary download attempt * 1:59155 <-> MALWARE-OTHER Win.Ransomware.HermeticRansom binary download attempt * 1:59156 <-> MALWARE-OTHER Win.Ransomware.HermeticRansom binary download attempt * 1:59157 <-> MALWARE-OTHER Win.Ransomware.HermeticRansom binary download attempt * 1:59158 <-> MALWARE-OTHER Win.Ransomware.HermeticRansom binary download attempt * 1:59159 <-> MALWARE-OTHER Win.Ransomware.HermeticRansom binary download attempt * 1:59160 <-> MALWARE-CNC Win.Trojan.Redline variant outbound request detected * 1:59161 <-> MALWARE-OTHER Win.Ransomware.WhiteBlackCrypt variant binary download attempt * 1:59162 <-> MALWARE-OTHER Win.Ransomware.WhiteBlackCrypt variant binary download attempt * 1:59163 <-> MALWARE-TOOLS Win.Malware.IsaacWiper variant download attempt * 1:59164 <-> MALWARE-TOOLS Win.Malware.IsaacWiper variant download attempt * 1:59165 <-> MALWARE-CNC Win.Malware.SunSeed outbound cnc connection attempt * 1:59166 <-> MALWARE-CNC Xls.Downloader.SunSeed payload download attempt * 1:59167 <-> MALWARE-CNC Xls.Downloader.SunSeed payload download attempt * 1:59168 <-> MALWARE-CNC Win.Malware.SunSeed outbound cnc connection attempt * 1:59169 <-> MALWARE-CNC Win.Malware.SunSeed payload download attempt attempt * 1:59170 <-> MALWARE-CNC Win.Malware.SunSeed payload download attempt attempt * 1:59171 <-> MALWARE-OTHER Xls.Downloader.SunSeed payload download attempt * 1:59172 <-> MALWARE-OTHER Xls.Downloader.SunSeed payload download attempt * 1:59173 <-> MALWARE-CNC Xls.Downloader.SunSeed payload download attempt * 1:59174 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59175 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59176 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59177 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59178 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59179 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59180 <-> MALWARE-OTHER Win.Trojan.WhisperGate backwards DLL download attempt * 1:59181 <-> MALWARE-OTHER Win.Trojan.WhisperGate backwards DLL download attempt * 1:59182 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59183 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59184 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59185 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59186 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59187 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59188 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59189 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59190 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59191 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59194 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59195 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59196 <-> MALWARE-OTHER Win.Loader.Agent download attempt * 1:59197 <-> MALWARE-OTHER Win.Loader.Agent upload attempt * 1:59198 <-> MALWARE-OTHER Win.Downloader.Saintbot download attempt * 1:59199 <-> MALWARE-OTHER Win.Downloader.Saintbot upload attempt * 1:59200 <-> MALWARE-OTHER Win.Infostealer.Vidar download attempt * 1:59201 <-> MALWARE-OTHER Win.Infostealer.Vidar download attempt * 1:59202 <-> MALWARE-CNC Win.Infostealer.Vidar outbound connection attempt * 1:59203 <-> MALWARE-CNC Win.Infostealer.Vidar outbound connection attempt * 1:59204 <-> MALWARE-OTHER Win.Trojan.Saintbot variant binary download attempt * 1:59205 <-> MALWARE-OTHER Win.Trojan.Saintbot variant binary upload attempt * 1:59206 <-> MALWARE-OTHER Win.Trojan.Ursnif variant binary upload attempt * 1:59207 <-> MALWARE-OTHER Win.Trojan.Ursnif variant binary download attempt * 1:59208 <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection * 1:59209 <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection
* 3:54028 <-> INDICATOR-SHELLCODE Java RMI deserialization exploit attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.0.1.
The format of the file is:
gid:sid <-> Message
* 1:58990 <-> MALWARE-CNC Win.Trojan.Saintbot variant outbound connection * 1:58991 <-> MALWARE-OTHER Windows Defender disable script detected * 3:59118 <-> SERVER-WEBAPP Cisco Expressway and TelePresence Video Communication Server directory traversal attempt * 3:59119 <-> SERVER-WEBAPP Cisco Expressway and TelePresence Video Communication Server directory traversal attempt * 3:59120 <-> SERVER-WEBAPP Cisco Expressway and TelePresence Video Communication Server directory traversal attempt * 3:59121 <-> SERVER-WEBAPP Cisco Expressway and TelePresence Video Communication Server command injection attempt * 3:59122 <-> SERVER-WEBAPP Cisco Expressway and TelePresence Video Communication Server command injection attempt * 3:59123 <-> SERVER-WEBAPP Cisco Expressway and TelePresence Video Communication Server command injection attempt * 3:59124 <-> SERVER-WEBAPP Cisco Expressway and TelePresence Video Communication Server command injection attempt * 3:59125 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1473 attack attempt * 1:59126 <-> SERVER-WEBAPP Advantech iView UserServlet SQL injection attempt * 1:59127 <-> SERVER-WEBAPP Advantech iView UserServlet SQL injection attempt * 1:59128 <-> SERVER-WEBAPP Advantech iView UserServlet SQL injection attempt * 1:59129 <-> SERVER-WEBAPP VMware vCenter Server file upload attempt * 1:59130 <-> MALWARE-TOOLS Bombardier http DoS tool * 1:59131 <-> MALWARE-OTHER Win.Trojan.Generic download attempt * 1:59132 <-> MALWARE-OTHER Win.Trojan.Generic upload attempt * 1:59133 <-> MALWARE-CNC Win.Trojan.AgentTesla outbound connection attempt * 1:59134 <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink upload attempt * 1:59135 <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink upload attempt * 1:59136 <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink download attempt * 1:59137 <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink download attempt * 1:59138 <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink download attempt * 1:59139 <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink upload attempt * 1:59140 <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink upload attempt * 1:59141 <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink upload attempt * 1:59142 <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink download attempt * 1:59143 <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink download attempt * 3:59144 <-> SERVER-OTHER Cisco Identity Services Engine RADIUS denial of service attempt * 1:59145 <-> MALWARE-OTHER Win.Trojan.Redline variant download attempt * 1:59146 <-> MALWARE-OTHER Win.Trojan.Redline variant upload attempt * 1:59147 <-> MALWARE-OTHER Win.Trojan.Redline variant download attempt * 1:59148 <-> MALWARE-OTHER Win.Trojan.Redline variant download attempt * 1:59149 <-> MALWARE-CNC Win.Trojan.Redline variant outbound request detected * 1:59150 <-> MALWARE-CNC Win.Trojan.Redline variant outbound request detected * 3:59151 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1468 attack attempt * 3:59152 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1474 attack attempt * 3:59153 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1472 attack attempt * 1:59154 <-> MALWARE-OTHER Win.Ransomware.HermeticRansom binary download attempt * 1:59155 <-> MALWARE-OTHER Win.Ransomware.HermeticRansom binary download attempt * 1:59156 <-> MALWARE-OTHER Win.Ransomware.HermeticRansom binary download attempt * 1:59157 <-> MALWARE-OTHER Win.Ransomware.HermeticRansom binary download attempt * 1:59158 <-> MALWARE-OTHER Win.Ransomware.HermeticRansom binary download attempt * 1:59159 <-> MALWARE-OTHER Win.Ransomware.HermeticRansom binary download attempt * 1:59160 <-> MALWARE-CNC Win.Trojan.Redline variant outbound request detected * 1:59161 <-> MALWARE-OTHER Win.Ransomware.WhiteBlackCrypt variant binary download attempt * 1:59162 <-> MALWARE-OTHER Win.Ransomware.WhiteBlackCrypt variant binary download attempt * 1:59163 <-> MALWARE-TOOLS Win.Malware.IsaacWiper variant download attempt * 1:59164 <-> MALWARE-TOOLS Win.Malware.IsaacWiper variant download attempt * 1:59165 <-> MALWARE-CNC Win.Malware.SunSeed outbound cnc connection attempt * 1:59166 <-> MALWARE-CNC Xls.Downloader.SunSeed payload download attempt * 1:59167 <-> MALWARE-CNC Xls.Downloader.SunSeed payload download attempt * 1:59168 <-> MALWARE-CNC Win.Malware.SunSeed outbound cnc connection attempt * 1:59169 <-> MALWARE-CNC Win.Malware.SunSeed payload download attempt attempt * 1:59170 <-> MALWARE-CNC Win.Malware.SunSeed payload download attempt attempt * 1:59171 <-> MALWARE-OTHER Xls.Downloader.SunSeed payload download attempt * 1:59172 <-> MALWARE-OTHER Xls.Downloader.SunSeed payload download attempt * 1:59173 <-> MALWARE-CNC Xls.Downloader.SunSeed payload download attempt * 1:59174 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59175 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59176 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59177 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59178 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59179 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59180 <-> MALWARE-OTHER Win.Trojan.WhisperGate backwards DLL download attempt * 1:59181 <-> MALWARE-OTHER Win.Trojan.WhisperGate backwards DLL download attempt * 1:59182 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59183 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59184 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59185 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59186 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59187 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59188 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59189 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59190 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59191 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59194 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59195 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59196 <-> MALWARE-OTHER Win.Loader.Agent download attempt * 1:59197 <-> MALWARE-OTHER Win.Loader.Agent upload attempt * 1:59198 <-> MALWARE-OTHER Win.Downloader.Saintbot download attempt * 1:59199 <-> MALWARE-OTHER Win.Downloader.Saintbot upload attempt * 1:59200 <-> MALWARE-OTHER Win.Infostealer.Vidar download attempt * 1:59201 <-> MALWARE-OTHER Win.Infostealer.Vidar download attempt * 1:59202 <-> MALWARE-CNC Win.Infostealer.Vidar outbound connection attempt * 1:59203 <-> MALWARE-CNC Win.Infostealer.Vidar outbound connection attempt * 1:59204 <-> MALWARE-OTHER Win.Trojan.Saintbot variant binary download attempt * 1:59205 <-> MALWARE-OTHER Win.Trojan.Saintbot variant binary upload attempt * 1:59206 <-> MALWARE-OTHER Win.Trojan.Ursnif variant binary upload attempt * 1:59207 <-> MALWARE-OTHER Win.Trojan.Ursnif variant binary download attempt * 1:59208 <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection * 1:59209 <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection
* 3:54028 <-> INDICATOR-SHELLCODE Java RMI deserialization exploit attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.1.0.
The format of the file is:
gid:sid <-> Message
* 1:58990 <-> MALWARE-CNC Win.Trojan.Saintbot variant outbound connection * 1:58991 <-> MALWARE-OTHER Windows Defender disable script detected * 3:59118 <-> SERVER-WEBAPP Cisco Expressway and TelePresence Video Communication Server directory traversal attempt * 3:59119 <-> SERVER-WEBAPP Cisco Expressway and TelePresence Video Communication Server directory traversal attempt * 3:59120 <-> SERVER-WEBAPP Cisco Expressway and TelePresence Video Communication Server directory traversal attempt * 3:59121 <-> SERVER-WEBAPP Cisco Expressway and TelePresence Video Communication Server command injection attempt * 3:59122 <-> SERVER-WEBAPP Cisco Expressway and TelePresence Video Communication Server command injection attempt * 3:59123 <-> SERVER-WEBAPP Cisco Expressway and TelePresence Video Communication Server command injection attempt * 3:59124 <-> SERVER-WEBAPP Cisco Expressway and TelePresence Video Communication Server command injection attempt * 3:59125 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1473 attack attempt * 1:59126 <-> SERVER-WEBAPP Advantech iView UserServlet SQL injection attempt * 1:59127 <-> SERVER-WEBAPP Advantech iView UserServlet SQL injection attempt * 1:59128 <-> SERVER-WEBAPP Advantech iView UserServlet SQL injection attempt * 1:59129 <-> SERVER-WEBAPP VMware vCenter Server file upload attempt * 1:59130 <-> MALWARE-TOOLS Bombardier http DoS tool * 1:59131 <-> MALWARE-OTHER Win.Trojan.Generic download attempt * 1:59132 <-> MALWARE-OTHER Win.Trojan.Generic upload attempt * 1:59133 <-> MALWARE-CNC Win.Trojan.AgentTesla outbound connection attempt * 1:59134 <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink upload attempt * 1:59135 <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink upload attempt * 1:59136 <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink download attempt * 1:59137 <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink download attempt * 1:59138 <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink download attempt * 1:59139 <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink upload attempt * 1:59140 <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink upload attempt * 1:59141 <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink upload attempt * 1:59142 <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink download attempt * 1:59143 <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink download attempt * 3:59144 <-> SERVER-OTHER Cisco Identity Services Engine RADIUS denial of service attempt * 1:59145 <-> MALWARE-OTHER Win.Trojan.Redline variant download attempt * 1:59146 <-> MALWARE-OTHER Win.Trojan.Redline variant upload attempt * 1:59147 <-> MALWARE-OTHER Win.Trojan.Redline variant download attempt * 1:59148 <-> MALWARE-OTHER Win.Trojan.Redline variant download attempt * 1:59149 <-> MALWARE-CNC Win.Trojan.Redline variant outbound request detected * 1:59150 <-> MALWARE-CNC Win.Trojan.Redline variant outbound request detected * 3:59151 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1468 attack attempt * 3:59152 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1474 attack attempt * 3:59153 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1472 attack attempt * 1:59154 <-> MALWARE-OTHER Win.Ransomware.HermeticRansom binary download attempt * 1:59155 <-> MALWARE-OTHER Win.Ransomware.HermeticRansom binary download attempt * 1:59156 <-> MALWARE-OTHER Win.Ransomware.HermeticRansom binary download attempt * 1:59157 <-> MALWARE-OTHER Win.Ransomware.HermeticRansom binary download attempt * 1:59158 <-> MALWARE-OTHER Win.Ransomware.HermeticRansom binary download attempt * 1:59159 <-> MALWARE-OTHER Win.Ransomware.HermeticRansom binary download attempt * 1:59160 <-> MALWARE-CNC Win.Trojan.Redline variant outbound request detected * 1:59161 <-> MALWARE-OTHER Win.Ransomware.WhiteBlackCrypt variant binary download attempt * 1:59162 <-> MALWARE-OTHER Win.Ransomware.WhiteBlackCrypt variant binary download attempt * 1:59163 <-> MALWARE-TOOLS Win.Malware.IsaacWiper variant download attempt * 1:59164 <-> MALWARE-TOOLS Win.Malware.IsaacWiper variant download attempt * 1:59165 <-> MALWARE-CNC Win.Malware.SunSeed outbound cnc connection attempt * 1:59166 <-> MALWARE-CNC Xls.Downloader.SunSeed payload download attempt * 1:59167 <-> MALWARE-CNC Xls.Downloader.SunSeed payload download attempt * 1:59168 <-> MALWARE-CNC Win.Malware.SunSeed outbound cnc connection attempt * 1:59169 <-> MALWARE-CNC Win.Malware.SunSeed payload download attempt attempt * 1:59170 <-> MALWARE-CNC Win.Malware.SunSeed payload download attempt attempt * 1:59171 <-> MALWARE-OTHER Xls.Downloader.SunSeed payload download attempt * 1:59172 <-> MALWARE-OTHER Xls.Downloader.SunSeed payload download attempt * 1:59173 <-> MALWARE-CNC Xls.Downloader.SunSeed payload download attempt * 1:59174 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59175 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59176 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59177 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59178 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59179 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59180 <-> MALWARE-OTHER Win.Trojan.WhisperGate backwards DLL download attempt * 1:59181 <-> MALWARE-OTHER Win.Trojan.WhisperGate backwards DLL download attempt * 1:59182 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59183 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59184 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59185 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59186 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59187 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59188 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59189 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59190 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59191 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59194 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59195 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59196 <-> MALWARE-OTHER Win.Loader.Agent download attempt * 1:59197 <-> MALWARE-OTHER Win.Loader.Agent upload attempt * 1:59198 <-> MALWARE-OTHER Win.Downloader.Saintbot download attempt * 1:59199 <-> MALWARE-OTHER Win.Downloader.Saintbot upload attempt * 1:59200 <-> MALWARE-OTHER Win.Infostealer.Vidar download attempt * 1:59201 <-> MALWARE-OTHER Win.Infostealer.Vidar download attempt * 1:59202 <-> MALWARE-CNC Win.Infostealer.Vidar outbound connection attempt * 1:59203 <-> MALWARE-CNC Win.Infostealer.Vidar outbound connection attempt * 1:59204 <-> MALWARE-OTHER Win.Trojan.Saintbot variant binary download attempt * 1:59205 <-> MALWARE-OTHER Win.Trojan.Saintbot variant binary upload attempt * 1:59206 <-> MALWARE-OTHER Win.Trojan.Ursnif variant binary upload attempt * 1:59207 <-> MALWARE-OTHER Win.Trojan.Ursnif variant binary download attempt * 1:59208 <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection * 1:59209 <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection
* 3:54028 <-> INDICATOR-SHELLCODE Java RMI deserialization exploit attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.3.0.
The format of the file is:
gid:sid <-> Message
* 1:58990 <-> MALWARE-CNC Win.Trojan.Saintbot variant outbound connection * 1:58991 <-> MALWARE-OTHER Windows Defender disable script detected * 3:59118 <-> SERVER-WEBAPP Cisco Expressway and TelePresence Video Communication Server directory traversal attempt * 3:59119 <-> SERVER-WEBAPP Cisco Expressway and TelePresence Video Communication Server directory traversal attempt * 3:59120 <-> SERVER-WEBAPP Cisco Expressway and TelePresence Video Communication Server directory traversal attempt * 3:59121 <-> SERVER-WEBAPP Cisco Expressway and TelePresence Video Communication Server command injection attempt * 3:59122 <-> SERVER-WEBAPP Cisco Expressway and TelePresence Video Communication Server command injection attempt * 3:59123 <-> SERVER-WEBAPP Cisco Expressway and TelePresence Video Communication Server command injection attempt * 3:59124 <-> SERVER-WEBAPP Cisco Expressway and TelePresence Video Communication Server command injection attempt * 3:59125 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1473 attack attempt * 1:59126 <-> SERVER-WEBAPP Advantech iView UserServlet SQL injection attempt * 1:59127 <-> SERVER-WEBAPP Advantech iView UserServlet SQL injection attempt * 1:59128 <-> SERVER-WEBAPP Advantech iView UserServlet SQL injection attempt * 1:59129 <-> SERVER-WEBAPP VMware vCenter Server file upload attempt * 1:59130 <-> MALWARE-TOOLS Bombardier http DoS tool * 1:59131 <-> MALWARE-OTHER Win.Trojan.Generic download attempt * 1:59132 <-> MALWARE-OTHER Win.Trojan.Generic upload attempt * 1:59133 <-> MALWARE-CNC Win.Trojan.AgentTesla outbound connection attempt * 1:59134 <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink upload attempt * 1:59135 <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink upload attempt * 1:59136 <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink download attempt * 1:59137 <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink download attempt * 1:59138 <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink download attempt * 1:59139 <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink upload attempt * 1:59140 <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink upload attempt * 1:59141 <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink upload attempt * 1:59142 <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink download attempt * 1:59143 <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink download attempt * 3:59144 <-> SERVER-OTHER Cisco Identity Services Engine RADIUS denial of service attempt * 1:59145 <-> MALWARE-OTHER Win.Trojan.Redline variant download attempt * 1:59146 <-> MALWARE-OTHER Win.Trojan.Redline variant upload attempt * 1:59147 <-> MALWARE-OTHER Win.Trojan.Redline variant download attempt * 1:59148 <-> MALWARE-OTHER Win.Trojan.Redline variant download attempt * 1:59149 <-> MALWARE-CNC Win.Trojan.Redline variant outbound request detected * 1:59150 <-> MALWARE-CNC Win.Trojan.Redline variant outbound request detected * 3:59151 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1468 attack attempt * 3:59152 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1474 attack attempt * 3:59153 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1472 attack attempt * 1:59154 <-> MALWARE-OTHER Win.Ransomware.HermeticRansom binary download attempt * 1:59155 <-> MALWARE-OTHER Win.Ransomware.HermeticRansom binary download attempt * 1:59156 <-> MALWARE-OTHER Win.Ransomware.HermeticRansom binary download attempt * 1:59157 <-> MALWARE-OTHER Win.Ransomware.HermeticRansom binary download attempt * 1:59158 <-> MALWARE-OTHER Win.Ransomware.HermeticRansom binary download attempt * 1:59159 <-> MALWARE-OTHER Win.Ransomware.HermeticRansom binary download attempt * 1:59160 <-> MALWARE-CNC Win.Trojan.Redline variant outbound request detected * 1:59161 <-> MALWARE-OTHER Win.Ransomware.WhiteBlackCrypt variant binary download attempt * 1:59162 <-> MALWARE-OTHER Win.Ransomware.WhiteBlackCrypt variant binary download attempt * 1:59163 <-> MALWARE-TOOLS Win.Malware.IsaacWiper variant download attempt * 1:59164 <-> MALWARE-TOOLS Win.Malware.IsaacWiper variant download attempt * 1:59165 <-> MALWARE-CNC Win.Malware.SunSeed outbound cnc connection attempt * 1:59166 <-> MALWARE-CNC Xls.Downloader.SunSeed payload download attempt * 1:59167 <-> MALWARE-CNC Xls.Downloader.SunSeed payload download attempt * 1:59168 <-> MALWARE-CNC Win.Malware.SunSeed outbound cnc connection attempt * 1:59169 <-> MALWARE-CNC Win.Malware.SunSeed payload download attempt attempt * 1:59170 <-> MALWARE-CNC Win.Malware.SunSeed payload download attempt attempt * 1:59171 <-> MALWARE-OTHER Xls.Downloader.SunSeed payload download attempt * 1:59172 <-> MALWARE-OTHER Xls.Downloader.SunSeed payload download attempt * 1:59173 <-> MALWARE-CNC Xls.Downloader.SunSeed payload download attempt * 1:59174 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59175 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59176 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59177 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59178 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59179 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59180 <-> MALWARE-OTHER Win.Trojan.WhisperGate backwards DLL download attempt * 1:59181 <-> MALWARE-OTHER Win.Trojan.WhisperGate backwards DLL download attempt * 1:59182 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59183 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59184 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59185 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59186 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59187 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59188 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59189 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59190 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59191 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59194 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59195 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59196 <-> MALWARE-OTHER Win.Loader.Agent download attempt * 1:59197 <-> MALWARE-OTHER Win.Loader.Agent upload attempt * 1:59198 <-> MALWARE-OTHER Win.Downloader.Saintbot download attempt * 1:59199 <-> MALWARE-OTHER Win.Downloader.Saintbot upload attempt * 1:59200 <-> MALWARE-OTHER Win.Infostealer.Vidar download attempt * 1:59201 <-> MALWARE-OTHER Win.Infostealer.Vidar download attempt * 1:59202 <-> MALWARE-CNC Win.Infostealer.Vidar outbound connection attempt * 1:59203 <-> MALWARE-CNC Win.Infostealer.Vidar outbound connection attempt * 1:59204 <-> MALWARE-OTHER Win.Trojan.Saintbot variant binary download attempt * 1:59205 <-> MALWARE-OTHER Win.Trojan.Saintbot variant binary upload attempt * 1:59206 <-> MALWARE-OTHER Win.Trojan.Ursnif variant binary upload attempt * 1:59207 <-> MALWARE-OTHER Win.Trojan.Ursnif variant binary download attempt * 1:59208 <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection * 1:59209 <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection
* 3:54028 <-> INDICATOR-SHELLCODE Java RMI deserialization exploit attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.4.0.
The format of the file is:
gid:sid <-> Message
* 1:58990 <-> MALWARE-CNC Win.Trojan.Saintbot variant outbound connection * 1:58991 <-> MALWARE-OTHER Windows Defender disable script detected * 3:59118 <-> SERVER-WEBAPP Cisco Expressway and TelePresence Video Communication Server directory traversal attempt * 3:59119 <-> SERVER-WEBAPP Cisco Expressway and TelePresence Video Communication Server directory traversal attempt * 3:59120 <-> SERVER-WEBAPP Cisco Expressway and TelePresence Video Communication Server directory traversal attempt * 3:59121 <-> SERVER-WEBAPP Cisco Expressway and TelePresence Video Communication Server command injection attempt * 3:59122 <-> SERVER-WEBAPP Cisco Expressway and TelePresence Video Communication Server command injection attempt * 3:59123 <-> SERVER-WEBAPP Cisco Expressway and TelePresence Video Communication Server command injection attempt * 3:59124 <-> SERVER-WEBAPP Cisco Expressway and TelePresence Video Communication Server command injection attempt * 3:59125 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1473 attack attempt * 1:59126 <-> SERVER-WEBAPP Advantech iView UserServlet SQL injection attempt * 1:59127 <-> SERVER-WEBAPP Advantech iView UserServlet SQL injection attempt * 1:59128 <-> SERVER-WEBAPP Advantech iView UserServlet SQL injection attempt * 1:59129 <-> SERVER-WEBAPP VMware vCenter Server file upload attempt * 1:59130 <-> MALWARE-TOOLS Bombardier http DoS tool * 1:59131 <-> MALWARE-OTHER Win.Trojan.Generic download attempt * 1:59132 <-> MALWARE-OTHER Win.Trojan.Generic upload attempt * 1:59133 <-> MALWARE-CNC Win.Trojan.AgentTesla outbound connection attempt * 1:59134 <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink upload attempt * 1:59135 <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink upload attempt * 1:59136 <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink download attempt * 1:59137 <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink download attempt * 1:59138 <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink download attempt * 1:59139 <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink upload attempt * 1:59140 <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink upload attempt * 1:59141 <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink upload attempt * 1:59142 <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink download attempt * 1:59143 <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink download attempt * 3:59144 <-> SERVER-OTHER Cisco Identity Services Engine RADIUS denial of service attempt * 1:59145 <-> MALWARE-OTHER Win.Trojan.Redline variant download attempt * 1:59146 <-> MALWARE-OTHER Win.Trojan.Redline variant upload attempt * 1:59147 <-> MALWARE-OTHER Win.Trojan.Redline variant download attempt * 1:59148 <-> MALWARE-OTHER Win.Trojan.Redline variant download attempt * 1:59149 <-> MALWARE-CNC Win.Trojan.Redline variant outbound request detected * 1:59150 <-> MALWARE-CNC Win.Trojan.Redline variant outbound request detected * 3:59151 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1468 attack attempt * 3:59152 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1474 attack attempt * 3:59153 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1472 attack attempt * 1:59154 <-> MALWARE-OTHER Win.Ransomware.HermeticRansom binary download attempt * 1:59155 <-> MALWARE-OTHER Win.Ransomware.HermeticRansom binary download attempt * 1:59156 <-> MALWARE-OTHER Win.Ransomware.HermeticRansom binary download attempt * 1:59157 <-> MALWARE-OTHER Win.Ransomware.HermeticRansom binary download attempt * 1:59158 <-> MALWARE-OTHER Win.Ransomware.HermeticRansom binary download attempt * 1:59159 <-> MALWARE-OTHER Win.Ransomware.HermeticRansom binary download attempt * 1:59160 <-> MALWARE-CNC Win.Trojan.Redline variant outbound request detected * 1:59161 <-> MALWARE-OTHER Win.Ransomware.WhiteBlackCrypt variant binary download attempt * 1:59162 <-> MALWARE-OTHER Win.Ransomware.WhiteBlackCrypt variant binary download attempt * 1:59163 <-> MALWARE-TOOLS Win.Malware.IsaacWiper variant download attempt * 1:59164 <-> MALWARE-TOOLS Win.Malware.IsaacWiper variant download attempt * 1:59165 <-> MALWARE-CNC Win.Malware.SunSeed outbound cnc connection attempt * 1:59166 <-> MALWARE-CNC Xls.Downloader.SunSeed payload download attempt * 1:59167 <-> MALWARE-CNC Xls.Downloader.SunSeed payload download attempt * 1:59168 <-> MALWARE-CNC Win.Malware.SunSeed outbound cnc connection attempt * 1:59169 <-> MALWARE-CNC Win.Malware.SunSeed payload download attempt attempt * 1:59170 <-> MALWARE-CNC Win.Malware.SunSeed payload download attempt attempt * 1:59171 <-> MALWARE-OTHER Xls.Downloader.SunSeed payload download attempt * 1:59172 <-> MALWARE-OTHER Xls.Downloader.SunSeed payload download attempt * 1:59173 <-> MALWARE-CNC Xls.Downloader.SunSeed payload download attempt * 1:59174 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59175 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59176 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59177 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59178 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59179 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59180 <-> MALWARE-OTHER Win.Trojan.WhisperGate backwards DLL download attempt * 1:59181 <-> MALWARE-OTHER Win.Trojan.WhisperGate backwards DLL download attempt * 1:59182 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59183 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59184 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59185 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59186 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59187 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59188 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59189 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59190 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59191 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59194 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59195 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59196 <-> MALWARE-OTHER Win.Loader.Agent download attempt * 1:59197 <-> MALWARE-OTHER Win.Loader.Agent upload attempt * 1:59198 <-> MALWARE-OTHER Win.Downloader.Saintbot download attempt * 1:59199 <-> MALWARE-OTHER Win.Downloader.Saintbot upload attempt * 1:59200 <-> MALWARE-OTHER Win.Infostealer.Vidar download attempt * 1:59201 <-> MALWARE-OTHER Win.Infostealer.Vidar download attempt * 1:59202 <-> MALWARE-CNC Win.Infostealer.Vidar outbound connection attempt * 1:59203 <-> MALWARE-CNC Win.Infostealer.Vidar outbound connection attempt * 1:59204 <-> MALWARE-OTHER Win.Trojan.Saintbot variant binary download attempt * 1:59205 <-> MALWARE-OTHER Win.Trojan.Saintbot variant binary upload attempt * 1:59206 <-> MALWARE-OTHER Win.Trojan.Ursnif variant binary upload attempt * 1:59207 <-> MALWARE-OTHER Win.Trojan.Ursnif variant binary download attempt * 1:59208 <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection * 1:59209 <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection
* 3:54028 <-> INDICATOR-SHELLCODE Java RMI deserialization exploit attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.5.0.
The format of the file is:
gid:sid <-> Message
* 1:58990 <-> MALWARE-CNC Win.Trojan.Saintbot variant outbound connection * 1:58991 <-> MALWARE-OTHER Windows Defender disable script detected * 3:59118 <-> SERVER-WEBAPP Cisco Expressway and TelePresence Video Communication Server directory traversal attempt * 3:59119 <-> SERVER-WEBAPP Cisco Expressway and TelePresence Video Communication Server directory traversal attempt * 3:59120 <-> SERVER-WEBAPP Cisco Expressway and TelePresence Video Communication Server directory traversal attempt * 3:59121 <-> SERVER-WEBAPP Cisco Expressway and TelePresence Video Communication Server command injection attempt * 3:59122 <-> SERVER-WEBAPP Cisco Expressway and TelePresence Video Communication Server command injection attempt * 3:59123 <-> SERVER-WEBAPP Cisco Expressway and TelePresence Video Communication Server command injection attempt * 3:59124 <-> SERVER-WEBAPP Cisco Expressway and TelePresence Video Communication Server command injection attempt * 3:59125 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1473 attack attempt * 1:59126 <-> SERVER-WEBAPP Advantech iView UserServlet SQL injection attempt * 1:59127 <-> SERVER-WEBAPP Advantech iView UserServlet SQL injection attempt * 1:59128 <-> SERVER-WEBAPP Advantech iView UserServlet SQL injection attempt * 1:59129 <-> SERVER-WEBAPP VMware vCenter Server file upload attempt * 1:59130 <-> MALWARE-TOOLS Bombardier http DoS tool * 1:59131 <-> MALWARE-OTHER Win.Trojan.Generic download attempt * 1:59132 <-> MALWARE-OTHER Win.Trojan.Generic upload attempt * 1:59133 <-> MALWARE-CNC Win.Trojan.AgentTesla outbound connection attempt * 1:59134 <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink upload attempt * 1:59135 <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink upload attempt * 1:59136 <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink download attempt * 1:59137 <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink download attempt * 1:59138 <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink download attempt * 1:59139 <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink upload attempt * 1:59140 <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink upload attempt * 1:59141 <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink upload attempt * 1:59142 <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink download attempt * 1:59143 <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink download attempt * 3:59144 <-> SERVER-OTHER Cisco Identity Services Engine RADIUS denial of service attempt * 1:59145 <-> MALWARE-OTHER Win.Trojan.Redline variant download attempt * 1:59146 <-> MALWARE-OTHER Win.Trojan.Redline variant upload attempt * 1:59147 <-> MALWARE-OTHER Win.Trojan.Redline variant download attempt * 1:59148 <-> MALWARE-OTHER Win.Trojan.Redline variant download attempt * 1:59149 <-> MALWARE-CNC Win.Trojan.Redline variant outbound request detected * 1:59150 <-> MALWARE-CNC Win.Trojan.Redline variant outbound request detected * 3:59151 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1468 attack attempt * 3:59152 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1474 attack attempt * 3:59153 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1472 attack attempt * 1:59154 <-> MALWARE-OTHER Win.Ransomware.HermeticRansom binary download attempt * 1:59155 <-> MALWARE-OTHER Win.Ransomware.HermeticRansom binary download attempt * 1:59156 <-> MALWARE-OTHER Win.Ransomware.HermeticRansom binary download attempt * 1:59157 <-> MALWARE-OTHER Win.Ransomware.HermeticRansom binary download attempt * 1:59158 <-> MALWARE-OTHER Win.Ransomware.HermeticRansom binary download attempt * 1:59159 <-> MALWARE-OTHER Win.Ransomware.HermeticRansom binary download attempt * 1:59160 <-> MALWARE-CNC Win.Trojan.Redline variant outbound request detected * 1:59161 <-> MALWARE-OTHER Win.Ransomware.WhiteBlackCrypt variant binary download attempt * 1:59162 <-> MALWARE-OTHER Win.Ransomware.WhiteBlackCrypt variant binary download attempt * 1:59163 <-> MALWARE-TOOLS Win.Malware.IsaacWiper variant download attempt * 1:59164 <-> MALWARE-TOOLS Win.Malware.IsaacWiper variant download attempt * 1:59165 <-> MALWARE-CNC Win.Malware.SunSeed outbound cnc connection attempt * 1:59166 <-> MALWARE-CNC Xls.Downloader.SunSeed payload download attempt * 1:59167 <-> MALWARE-CNC Xls.Downloader.SunSeed payload download attempt * 1:59168 <-> MALWARE-CNC Win.Malware.SunSeed outbound cnc connection attempt * 1:59169 <-> MALWARE-CNC Win.Malware.SunSeed payload download attempt attempt * 1:59170 <-> MALWARE-CNC Win.Malware.SunSeed payload download attempt attempt * 1:59171 <-> MALWARE-OTHER Xls.Downloader.SunSeed payload download attempt * 1:59172 <-> MALWARE-OTHER Xls.Downloader.SunSeed payload download attempt * 1:59173 <-> MALWARE-CNC Xls.Downloader.SunSeed payload download attempt * 1:59174 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59175 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59176 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59177 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59178 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59179 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59180 <-> MALWARE-OTHER Win.Trojan.WhisperGate backwards DLL download attempt * 1:59181 <-> MALWARE-OTHER Win.Trojan.WhisperGate backwards DLL download attempt * 1:59182 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59183 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59184 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59185 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59186 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59187 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59188 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59189 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59190 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59191 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59194 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59195 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59196 <-> MALWARE-OTHER Win.Loader.Agent download attempt * 1:59197 <-> MALWARE-OTHER Win.Loader.Agent upload attempt * 1:59198 <-> MALWARE-OTHER Win.Downloader.Saintbot download attempt * 1:59199 <-> MALWARE-OTHER Win.Downloader.Saintbot upload attempt * 1:59200 <-> MALWARE-OTHER Win.Infostealer.Vidar download attempt * 1:59201 <-> MALWARE-OTHER Win.Infostealer.Vidar download attempt * 1:59202 <-> MALWARE-CNC Win.Infostealer.Vidar outbound connection attempt * 1:59203 <-> MALWARE-CNC Win.Infostealer.Vidar outbound connection attempt * 1:59204 <-> MALWARE-OTHER Win.Trojan.Saintbot variant binary download attempt * 1:59205 <-> MALWARE-OTHER Win.Trojan.Saintbot variant binary upload attempt * 1:59206 <-> MALWARE-OTHER Win.Trojan.Ursnif variant binary upload attempt * 1:59207 <-> MALWARE-OTHER Win.Trojan.Ursnif variant binary download attempt * 1:59208 <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection * 1:59209 <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection
* 3:54028 <-> INDICATOR-SHELLCODE Java RMI deserialization exploit attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.7.0.
The format of the file is:
gid:sid <-> Message
* 1:58990 <-> MALWARE-CNC Win.Trojan.Saintbot variant outbound connection * 1:58991 <-> MALWARE-OTHER Windows Defender disable script detected * 3:59118 <-> SERVER-WEBAPP Cisco Expressway and TelePresence Video Communication Server directory traversal attempt * 3:59119 <-> SERVER-WEBAPP Cisco Expressway and TelePresence Video Communication Server directory traversal attempt * 3:59120 <-> SERVER-WEBAPP Cisco Expressway and TelePresence Video Communication Server directory traversal attempt * 3:59121 <-> SERVER-WEBAPP Cisco Expressway and TelePresence Video Communication Server command injection attempt * 3:59122 <-> SERVER-WEBAPP Cisco Expressway and TelePresence Video Communication Server command injection attempt * 3:59123 <-> SERVER-WEBAPP Cisco Expressway and TelePresence Video Communication Server command injection attempt * 3:59124 <-> SERVER-WEBAPP Cisco Expressway and TelePresence Video Communication Server command injection attempt * 3:59125 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1473 attack attempt * 1:59126 <-> SERVER-WEBAPP Advantech iView UserServlet SQL injection attempt * 1:59127 <-> SERVER-WEBAPP Advantech iView UserServlet SQL injection attempt * 1:59128 <-> SERVER-WEBAPP Advantech iView UserServlet SQL injection attempt * 1:59129 <-> SERVER-WEBAPP VMware vCenter Server file upload attempt * 1:59130 <-> MALWARE-TOOLS Bombardier http DoS tool * 1:59131 <-> MALWARE-OTHER Win.Trojan.Generic download attempt * 1:59132 <-> MALWARE-OTHER Win.Trojan.Generic upload attempt * 1:59133 <-> MALWARE-CNC Win.Trojan.AgentTesla outbound connection attempt * 1:59134 <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink upload attempt * 1:59135 <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink upload attempt * 1:59136 <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink download attempt * 1:59137 <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink download attempt * 1:59138 <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink download attempt * 1:59139 <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink upload attempt * 1:59140 <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink upload attempt * 1:59141 <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink upload attempt * 1:59142 <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink download attempt * 1:59143 <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink download attempt * 3:59144 <-> SERVER-OTHER Cisco Identity Services Engine RADIUS denial of service attempt * 1:59145 <-> MALWARE-OTHER Win.Trojan.Redline variant download attempt * 1:59146 <-> MALWARE-OTHER Win.Trojan.Redline variant upload attempt * 1:59147 <-> MALWARE-OTHER Win.Trojan.Redline variant download attempt * 1:59148 <-> MALWARE-OTHER Win.Trojan.Redline variant download attempt * 1:59149 <-> MALWARE-CNC Win.Trojan.Redline variant outbound request detected * 1:59150 <-> MALWARE-CNC Win.Trojan.Redline variant outbound request detected * 3:59151 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1468 attack attempt * 3:59152 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1474 attack attempt * 3:59153 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1472 attack attempt * 1:59154 <-> MALWARE-OTHER Win.Ransomware.HermeticRansom binary download attempt * 1:59155 <-> MALWARE-OTHER Win.Ransomware.HermeticRansom binary download attempt * 1:59156 <-> MALWARE-OTHER Win.Ransomware.HermeticRansom binary download attempt * 1:59157 <-> MALWARE-OTHER Win.Ransomware.HermeticRansom binary download attempt * 1:59158 <-> MALWARE-OTHER Win.Ransomware.HermeticRansom binary download attempt * 1:59159 <-> MALWARE-OTHER Win.Ransomware.HermeticRansom binary download attempt * 1:59160 <-> MALWARE-CNC Win.Trojan.Redline variant outbound request detected * 1:59161 <-> MALWARE-OTHER Win.Ransomware.WhiteBlackCrypt variant binary download attempt * 1:59162 <-> MALWARE-OTHER Win.Ransomware.WhiteBlackCrypt variant binary download attempt * 1:59163 <-> MALWARE-TOOLS Win.Malware.IsaacWiper variant download attempt * 1:59164 <-> MALWARE-TOOLS Win.Malware.IsaacWiper variant download attempt * 1:59165 <-> MALWARE-CNC Win.Malware.SunSeed outbound cnc connection attempt * 1:59166 <-> MALWARE-CNC Xls.Downloader.SunSeed payload download attempt * 1:59167 <-> MALWARE-CNC Xls.Downloader.SunSeed payload download attempt * 1:59168 <-> MALWARE-CNC Win.Malware.SunSeed outbound cnc connection attempt * 1:59169 <-> MALWARE-CNC Win.Malware.SunSeed payload download attempt attempt * 1:59170 <-> MALWARE-CNC Win.Malware.SunSeed payload download attempt attempt * 1:59171 <-> MALWARE-OTHER Xls.Downloader.SunSeed payload download attempt * 1:59172 <-> MALWARE-OTHER Xls.Downloader.SunSeed payload download attempt * 1:59173 <-> MALWARE-CNC Xls.Downloader.SunSeed payload download attempt * 1:59174 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59175 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59176 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59177 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59178 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59179 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59180 <-> MALWARE-OTHER Win.Trojan.WhisperGate backwards DLL download attempt * 1:59181 <-> MALWARE-OTHER Win.Trojan.WhisperGate backwards DLL download attempt * 1:59182 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59183 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59184 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59185 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59186 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59187 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59188 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59189 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59190 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59191 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59194 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59195 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59196 <-> MALWARE-OTHER Win.Loader.Agent download attempt * 1:59197 <-> MALWARE-OTHER Win.Loader.Agent upload attempt * 1:59198 <-> MALWARE-OTHER Win.Downloader.Saintbot download attempt * 1:59199 <-> MALWARE-OTHER Win.Downloader.Saintbot upload attempt * 1:59200 <-> MALWARE-OTHER Win.Infostealer.Vidar download attempt * 1:59201 <-> MALWARE-OTHER Win.Infostealer.Vidar download attempt * 1:59202 <-> MALWARE-CNC Win.Infostealer.Vidar outbound connection attempt * 1:59203 <-> MALWARE-CNC Win.Infostealer.Vidar outbound connection attempt * 1:59204 <-> MALWARE-OTHER Win.Trojan.Saintbot variant binary download attempt * 1:59205 <-> MALWARE-OTHER Win.Trojan.Saintbot variant binary upload attempt * 1:59206 <-> MALWARE-OTHER Win.Trojan.Ursnif variant binary upload attempt * 1:59207 <-> MALWARE-OTHER Win.Trojan.Ursnif variant binary download attempt * 1:59208 <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection * 1:59209 <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection
* 3:54028 <-> INDICATOR-SHELLCODE Java RMI deserialization exploit attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.9.0.
The format of the file is:
gid:sid <-> Message
* 1:58990 <-> MALWARE-CNC Win.Trojan.Saintbot variant outbound connection * 1:58991 <-> MALWARE-OTHER Windows Defender disable script detected * 3:59118 <-> SERVER-WEBAPP Cisco Expressway and TelePresence Video Communication Server directory traversal attempt * 3:59119 <-> SERVER-WEBAPP Cisco Expressway and TelePresence Video Communication Server directory traversal attempt * 3:59120 <-> SERVER-WEBAPP Cisco Expressway and TelePresence Video Communication Server directory traversal attempt * 3:59121 <-> SERVER-WEBAPP Cisco Expressway and TelePresence Video Communication Server command injection attempt * 3:59122 <-> SERVER-WEBAPP Cisco Expressway and TelePresence Video Communication Server command injection attempt * 3:59123 <-> SERVER-WEBAPP Cisco Expressway and TelePresence Video Communication Server command injection attempt * 3:59124 <-> SERVER-WEBAPP Cisco Expressway and TelePresence Video Communication Server command injection attempt * 3:59125 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1473 attack attempt * 1:59126 <-> SERVER-WEBAPP Advantech iView UserServlet SQL injection attempt * 1:59127 <-> SERVER-WEBAPP Advantech iView UserServlet SQL injection attempt * 1:59128 <-> SERVER-WEBAPP Advantech iView UserServlet SQL injection attempt * 1:59129 <-> SERVER-WEBAPP VMware vCenter Server file upload attempt * 1:59130 <-> MALWARE-TOOLS Bombardier http DoS tool * 1:59131 <-> MALWARE-OTHER Win.Trojan.Generic download attempt * 1:59132 <-> MALWARE-OTHER Win.Trojan.Generic upload attempt * 1:59133 <-> MALWARE-CNC Win.Trojan.AgentTesla outbound connection attempt * 1:59134 <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink upload attempt * 1:59135 <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink upload attempt * 1:59136 <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink download attempt * 1:59137 <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink download attempt * 1:59138 <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink download attempt * 1:59139 <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink upload attempt * 1:59140 <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink upload attempt * 1:59141 <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink upload attempt * 1:59142 <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink download attempt * 1:59143 <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink download attempt * 3:59144 <-> SERVER-OTHER Cisco Identity Services Engine RADIUS denial of service attempt * 1:59145 <-> MALWARE-OTHER Win.Trojan.Redline variant download attempt * 1:59146 <-> MALWARE-OTHER Win.Trojan.Redline variant upload attempt * 1:59147 <-> MALWARE-OTHER Win.Trojan.Redline variant download attempt * 1:59148 <-> MALWARE-OTHER Win.Trojan.Redline variant download attempt * 1:59149 <-> MALWARE-CNC Win.Trojan.Redline variant outbound request detected * 1:59150 <-> MALWARE-CNC Win.Trojan.Redline variant outbound request detected * 3:59151 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1468 attack attempt * 3:59152 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1474 attack attempt * 3:59153 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1472 attack attempt * 1:59154 <-> MALWARE-OTHER Win.Ransomware.HermeticRansom binary download attempt * 1:59155 <-> MALWARE-OTHER Win.Ransomware.HermeticRansom binary download attempt * 1:59156 <-> MALWARE-OTHER Win.Ransomware.HermeticRansom binary download attempt * 1:59157 <-> MALWARE-OTHER Win.Ransomware.HermeticRansom binary download attempt * 1:59158 <-> MALWARE-OTHER Win.Ransomware.HermeticRansom binary download attempt * 1:59159 <-> MALWARE-OTHER Win.Ransomware.HermeticRansom binary download attempt * 1:59160 <-> MALWARE-CNC Win.Trojan.Redline variant outbound request detected * 1:59161 <-> MALWARE-OTHER Win.Ransomware.WhiteBlackCrypt variant binary download attempt * 1:59162 <-> MALWARE-OTHER Win.Ransomware.WhiteBlackCrypt variant binary download attempt * 1:59163 <-> MALWARE-TOOLS Win.Malware.IsaacWiper variant download attempt * 1:59164 <-> MALWARE-TOOLS Win.Malware.IsaacWiper variant download attempt * 1:59165 <-> MALWARE-CNC Win.Malware.SunSeed outbound cnc connection attempt * 1:59166 <-> MALWARE-CNC Xls.Downloader.SunSeed payload download attempt * 1:59167 <-> MALWARE-CNC Xls.Downloader.SunSeed payload download attempt * 1:59168 <-> MALWARE-CNC Win.Malware.SunSeed outbound cnc connection attempt * 1:59169 <-> MALWARE-CNC Win.Malware.SunSeed payload download attempt attempt * 1:59170 <-> MALWARE-CNC Win.Malware.SunSeed payload download attempt attempt * 1:59171 <-> MALWARE-OTHER Xls.Downloader.SunSeed payload download attempt * 1:59172 <-> MALWARE-OTHER Xls.Downloader.SunSeed payload download attempt * 1:59173 <-> MALWARE-CNC Xls.Downloader.SunSeed payload download attempt * 1:59174 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59175 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59176 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59177 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59178 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59179 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59180 <-> MALWARE-OTHER Win.Trojan.WhisperGate backwards DLL download attempt * 1:59181 <-> MALWARE-OTHER Win.Trojan.WhisperGate backwards DLL download attempt * 1:59182 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59183 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59184 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59185 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59186 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59187 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59188 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59189 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59190 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59191 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59194 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59195 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59196 <-> MALWARE-OTHER Win.Loader.Agent download attempt * 1:59197 <-> MALWARE-OTHER Win.Loader.Agent upload attempt * 1:59198 <-> MALWARE-OTHER Win.Downloader.Saintbot download attempt * 1:59199 <-> MALWARE-OTHER Win.Downloader.Saintbot upload attempt * 1:59200 <-> MALWARE-OTHER Win.Infostealer.Vidar download attempt * 1:59201 <-> MALWARE-OTHER Win.Infostealer.Vidar download attempt * 1:59202 <-> MALWARE-CNC Win.Infostealer.Vidar outbound connection attempt * 1:59203 <-> MALWARE-CNC Win.Infostealer.Vidar outbound connection attempt * 1:59204 <-> MALWARE-OTHER Win.Trojan.Saintbot variant binary download attempt * 1:59205 <-> MALWARE-OTHER Win.Trojan.Saintbot variant binary upload attempt * 1:59206 <-> MALWARE-OTHER Win.Trojan.Ursnif variant binary upload attempt * 1:59207 <-> MALWARE-OTHER Win.Trojan.Ursnif variant binary download attempt * 1:59208 <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection * 1:59209 <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection
* 3:54028 <-> INDICATOR-SHELLCODE Java RMI deserialization exploit attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.11.0.
The format of the file is:
gid:sid <-> Message
* 1:58990 <-> MALWARE-CNC Win.Trojan.Saintbot variant outbound connection * 1:58991 <-> MALWARE-OTHER Windows Defender disable script detected * 3:59118 <-> SERVER-WEBAPP Cisco Expressway and TelePresence Video Communication Server directory traversal attempt * 3:59119 <-> SERVER-WEBAPP Cisco Expressway and TelePresence Video Communication Server directory traversal attempt * 3:59120 <-> SERVER-WEBAPP Cisco Expressway and TelePresence Video Communication Server directory traversal attempt * 3:59121 <-> SERVER-WEBAPP Cisco Expressway and TelePresence Video Communication Server command injection attempt * 3:59122 <-> SERVER-WEBAPP Cisco Expressway and TelePresence Video Communication Server command injection attempt * 3:59123 <-> SERVER-WEBAPP Cisco Expressway and TelePresence Video Communication Server command injection attempt * 3:59124 <-> SERVER-WEBAPP Cisco Expressway and TelePresence Video Communication Server command injection attempt * 3:59125 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1473 attack attempt * 1:59126 <-> SERVER-WEBAPP Advantech iView UserServlet SQL injection attempt * 1:59127 <-> SERVER-WEBAPP Advantech iView UserServlet SQL injection attempt * 1:59128 <-> SERVER-WEBAPP Advantech iView UserServlet SQL injection attempt * 1:59129 <-> SERVER-WEBAPP VMware vCenter Server file upload attempt * 1:59130 <-> MALWARE-TOOLS Bombardier http DoS tool * 1:59131 <-> MALWARE-OTHER Win.Trojan.Generic download attempt * 1:59132 <-> MALWARE-OTHER Win.Trojan.Generic upload attempt * 1:59133 <-> MALWARE-CNC Win.Trojan.AgentTesla outbound connection attempt * 1:59134 <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink upload attempt * 1:59135 <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink upload attempt * 1:59136 <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink download attempt * 1:59137 <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink download attempt * 1:59138 <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink download attempt * 1:59139 <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink upload attempt * 1:59140 <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink upload attempt * 1:59141 <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink upload attempt * 1:59142 <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink download attempt * 1:59143 <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink download attempt * 3:59144 <-> SERVER-OTHER Cisco Identity Services Engine RADIUS denial of service attempt * 1:59145 <-> MALWARE-OTHER Win.Trojan.Redline variant download attempt * 1:59146 <-> MALWARE-OTHER Win.Trojan.Redline variant upload attempt * 1:59147 <-> MALWARE-OTHER Win.Trojan.Redline variant download attempt * 1:59148 <-> MALWARE-OTHER Win.Trojan.Redline variant download attempt * 1:59149 <-> MALWARE-CNC Win.Trojan.Redline variant outbound request detected * 1:59150 <-> MALWARE-CNC Win.Trojan.Redline variant outbound request detected * 3:59151 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1468 attack attempt * 3:59152 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1474 attack attempt * 3:59153 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1472 attack attempt * 1:59154 <-> MALWARE-OTHER Win.Ransomware.HermeticRansom binary download attempt * 1:59155 <-> MALWARE-OTHER Win.Ransomware.HermeticRansom binary download attempt * 1:59156 <-> MALWARE-OTHER Win.Ransomware.HermeticRansom binary download attempt * 1:59157 <-> MALWARE-OTHER Win.Ransomware.HermeticRansom binary download attempt * 1:59158 <-> MALWARE-OTHER Win.Ransomware.HermeticRansom binary download attempt * 1:59159 <-> MALWARE-OTHER Win.Ransomware.HermeticRansom binary download attempt * 1:59160 <-> MALWARE-CNC Win.Trojan.Redline variant outbound request detected * 1:59161 <-> MALWARE-OTHER Win.Ransomware.WhiteBlackCrypt variant binary download attempt * 1:59162 <-> MALWARE-OTHER Win.Ransomware.WhiteBlackCrypt variant binary download attempt * 1:59163 <-> MALWARE-TOOLS Win.Malware.IsaacWiper variant download attempt * 1:59164 <-> MALWARE-TOOLS Win.Malware.IsaacWiper variant download attempt * 1:59165 <-> MALWARE-CNC Win.Malware.SunSeed outbound cnc connection attempt * 1:59166 <-> MALWARE-CNC Xls.Downloader.SunSeed payload download attempt * 1:59167 <-> MALWARE-CNC Xls.Downloader.SunSeed payload download attempt * 1:59168 <-> MALWARE-CNC Win.Malware.SunSeed outbound cnc connection attempt * 1:59169 <-> MALWARE-CNC Win.Malware.SunSeed payload download attempt attempt * 1:59170 <-> MALWARE-CNC Win.Malware.SunSeed payload download attempt attempt * 1:59171 <-> MALWARE-OTHER Xls.Downloader.SunSeed payload download attempt * 1:59172 <-> MALWARE-OTHER Xls.Downloader.SunSeed payload download attempt * 1:59173 <-> MALWARE-CNC Xls.Downloader.SunSeed payload download attempt * 1:59174 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59175 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59176 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59177 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59178 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59179 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59180 <-> MALWARE-OTHER Win.Trojan.WhisperGate backwards DLL download attempt * 1:59181 <-> MALWARE-OTHER Win.Trojan.WhisperGate backwards DLL download attempt * 1:59182 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59183 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59184 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59185 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59186 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59187 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59188 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59189 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59190 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59191 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59194 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59195 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59196 <-> MALWARE-OTHER Win.Loader.Agent download attempt * 1:59197 <-> MALWARE-OTHER Win.Loader.Agent upload attempt * 1:59198 <-> MALWARE-OTHER Win.Downloader.Saintbot download attempt * 1:59199 <-> MALWARE-OTHER Win.Downloader.Saintbot upload attempt * 1:59200 <-> MALWARE-OTHER Win.Infostealer.Vidar download attempt * 1:59201 <-> MALWARE-OTHER Win.Infostealer.Vidar download attempt * 1:59202 <-> MALWARE-CNC Win.Infostealer.Vidar outbound connection attempt * 1:59203 <-> MALWARE-CNC Win.Infostealer.Vidar outbound connection attempt * 1:59204 <-> MALWARE-OTHER Win.Trojan.Saintbot variant binary download attempt * 1:59205 <-> MALWARE-OTHER Win.Trojan.Saintbot variant binary upload attempt * 1:59206 <-> MALWARE-OTHER Win.Trojan.Ursnif variant binary upload attempt * 1:59207 <-> MALWARE-OTHER Win.Trojan.Ursnif variant binary download attempt * 1:59208 <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection * 1:59209 <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection
* 3:54028 <-> INDICATOR-SHELLCODE Java RMI deserialization exploit attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.15.0.
The format of the file is:
gid:sid <-> Message
* 1:58990 <-> MALWARE-CNC Win.Trojan.Saintbot variant outbound connection * 1:58991 <-> MALWARE-OTHER Windows Defender disable script detected * 3:59118 <-> SERVER-WEBAPP Cisco Expressway and TelePresence Video Communication Server directory traversal attempt * 3:59119 <-> SERVER-WEBAPP Cisco Expressway and TelePresence Video Communication Server directory traversal attempt * 3:59120 <-> SERVER-WEBAPP Cisco Expressway and TelePresence Video Communication Server directory traversal attempt * 3:59121 <-> SERVER-WEBAPP Cisco Expressway and TelePresence Video Communication Server command injection attempt * 3:59122 <-> SERVER-WEBAPP Cisco Expressway and TelePresence Video Communication Server command injection attempt * 3:59123 <-> SERVER-WEBAPP Cisco Expressway and TelePresence Video Communication Server command injection attempt * 3:59124 <-> SERVER-WEBAPP Cisco Expressway and TelePresence Video Communication Server command injection attempt * 3:59125 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1473 attack attempt * 1:59126 <-> SERVER-WEBAPP Advantech iView UserServlet SQL injection attempt * 1:59127 <-> SERVER-WEBAPP Advantech iView UserServlet SQL injection attempt * 1:59128 <-> SERVER-WEBAPP Advantech iView UserServlet SQL injection attempt * 1:59129 <-> SERVER-WEBAPP VMware vCenter Server file upload attempt * 1:59130 <-> MALWARE-TOOLS Bombardier http DoS tool * 1:59131 <-> MALWARE-OTHER Win.Trojan.Generic download attempt * 1:59132 <-> MALWARE-OTHER Win.Trojan.Generic upload attempt * 1:59133 <-> MALWARE-CNC Win.Trojan.AgentTesla outbound connection attempt * 1:59134 <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink upload attempt * 1:59135 <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink upload attempt * 1:59136 <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink download attempt * 1:59137 <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink download attempt * 1:59138 <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink download attempt * 1:59139 <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink upload attempt * 1:59140 <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink upload attempt * 1:59141 <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink upload attempt * 1:59142 <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink download attempt * 1:59143 <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink download attempt * 3:59144 <-> SERVER-OTHER Cisco Identity Services Engine RADIUS denial of service attempt * 1:59145 <-> MALWARE-OTHER Win.Trojan.Redline variant download attempt * 1:59146 <-> MALWARE-OTHER Win.Trojan.Redline variant upload attempt * 1:59147 <-> MALWARE-OTHER Win.Trojan.Redline variant download attempt * 1:59148 <-> MALWARE-OTHER Win.Trojan.Redline variant download attempt * 1:59149 <-> MALWARE-CNC Win.Trojan.Redline variant outbound request detected * 1:59150 <-> MALWARE-CNC Win.Trojan.Redline variant outbound request detected * 3:59151 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1468 attack attempt * 3:59152 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1474 attack attempt * 3:59153 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1472 attack attempt * 1:59154 <-> MALWARE-OTHER Win.Ransomware.HermeticRansom binary download attempt * 1:59155 <-> MALWARE-OTHER Win.Ransomware.HermeticRansom binary download attempt * 1:59156 <-> MALWARE-OTHER Win.Ransomware.HermeticRansom binary download attempt * 1:59157 <-> MALWARE-OTHER Win.Ransomware.HermeticRansom binary download attempt * 1:59158 <-> MALWARE-OTHER Win.Ransomware.HermeticRansom binary download attempt * 1:59159 <-> MALWARE-OTHER Win.Ransomware.HermeticRansom binary download attempt * 1:59160 <-> MALWARE-CNC Win.Trojan.Redline variant outbound request detected * 1:59161 <-> MALWARE-OTHER Win.Ransomware.WhiteBlackCrypt variant binary download attempt * 1:59162 <-> MALWARE-OTHER Win.Ransomware.WhiteBlackCrypt variant binary download attempt * 1:59163 <-> MALWARE-TOOLS Win.Malware.IsaacWiper variant download attempt * 1:59164 <-> MALWARE-TOOLS Win.Malware.IsaacWiper variant download attempt * 1:59165 <-> MALWARE-CNC Win.Malware.SunSeed outbound cnc connection attempt * 1:59166 <-> MALWARE-CNC Xls.Downloader.SunSeed payload download attempt * 1:59167 <-> MALWARE-CNC Xls.Downloader.SunSeed payload download attempt * 1:59168 <-> MALWARE-CNC Win.Malware.SunSeed outbound cnc connection attempt * 1:59169 <-> MALWARE-CNC Win.Malware.SunSeed payload download attempt attempt * 1:59170 <-> MALWARE-CNC Win.Malware.SunSeed payload download attempt attempt * 1:59171 <-> MALWARE-OTHER Xls.Downloader.SunSeed payload download attempt * 1:59172 <-> MALWARE-OTHER Xls.Downloader.SunSeed payload download attempt * 1:59173 <-> MALWARE-CNC Xls.Downloader.SunSeed payload download attempt * 1:59174 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59175 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59176 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59177 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59178 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59179 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59180 <-> MALWARE-OTHER Win.Trojan.WhisperGate backwards DLL download attempt * 1:59181 <-> MALWARE-OTHER Win.Trojan.WhisperGate backwards DLL download attempt * 1:59182 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59183 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59184 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59185 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59186 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59187 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59188 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59189 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59190 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59191 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59194 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59195 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59196 <-> MALWARE-OTHER Win.Loader.Agent download attempt * 1:59197 <-> MALWARE-OTHER Win.Loader.Agent upload attempt * 1:59198 <-> MALWARE-OTHER Win.Downloader.Saintbot download attempt * 1:59199 <-> MALWARE-OTHER Win.Downloader.Saintbot upload attempt * 1:59200 <-> MALWARE-OTHER Win.Infostealer.Vidar download attempt * 1:59201 <-> MALWARE-OTHER Win.Infostealer.Vidar download attempt * 1:59202 <-> MALWARE-CNC Win.Infostealer.Vidar outbound connection attempt * 1:59203 <-> MALWARE-CNC Win.Infostealer.Vidar outbound connection attempt * 1:59204 <-> MALWARE-OTHER Win.Trojan.Saintbot variant binary download attempt * 1:59205 <-> MALWARE-OTHER Win.Trojan.Saintbot variant binary upload attempt * 1:59206 <-> MALWARE-OTHER Win.Trojan.Ursnif variant binary upload attempt * 1:59207 <-> MALWARE-OTHER Win.Trojan.Ursnif variant binary download attempt * 1:59208 <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection * 1:59209 <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection
* 3:54028 <-> INDICATOR-SHELLCODE Java RMI deserialization exploit attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.18.0.
The format of the file is:
gid:sid <-> Message
* 1:58990 <-> MALWARE-CNC Win.Trojan.Saintbot variant outbound connection * 1:58991 <-> MALWARE-OTHER Windows Defender disable script detected * 3:59118 <-> SERVER-WEBAPP Cisco Expressway and TelePresence Video Communication Server directory traversal attempt * 3:59119 <-> SERVER-WEBAPP Cisco Expressway and TelePresence Video Communication Server directory traversal attempt * 3:59120 <-> SERVER-WEBAPP Cisco Expressway and TelePresence Video Communication Server directory traversal attempt * 3:59121 <-> SERVER-WEBAPP Cisco Expressway and TelePresence Video Communication Server command injection attempt * 3:59122 <-> SERVER-WEBAPP Cisco Expressway and TelePresence Video Communication Server command injection attempt * 3:59123 <-> SERVER-WEBAPP Cisco Expressway and TelePresence Video Communication Server command injection attempt * 3:59124 <-> SERVER-WEBAPP Cisco Expressway and TelePresence Video Communication Server command injection attempt * 3:59125 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1473 attack attempt * 1:59126 <-> SERVER-WEBAPP Advantech iView UserServlet SQL injection attempt * 1:59127 <-> SERVER-WEBAPP Advantech iView UserServlet SQL injection attempt * 1:59128 <-> SERVER-WEBAPP Advantech iView UserServlet SQL injection attempt * 1:59129 <-> SERVER-WEBAPP VMware vCenter Server file upload attempt * 1:59130 <-> MALWARE-TOOLS Bombardier http DoS tool * 1:59131 <-> MALWARE-OTHER Win.Trojan.Generic download attempt * 1:59132 <-> MALWARE-OTHER Win.Trojan.Generic upload attempt * 1:59133 <-> MALWARE-CNC Win.Trojan.AgentTesla outbound connection attempt * 1:59134 <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink upload attempt * 1:59135 <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink upload attempt * 1:59136 <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink download attempt * 1:59137 <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink download attempt * 1:59138 <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink download attempt * 1:59139 <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink upload attempt * 1:59140 <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink upload attempt * 1:59141 <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink upload attempt * 1:59142 <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink download attempt * 1:59143 <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink download attempt * 3:59144 <-> SERVER-OTHER Cisco Identity Services Engine RADIUS denial of service attempt * 1:59145 <-> MALWARE-OTHER Win.Trojan.Redline variant download attempt * 1:59146 <-> MALWARE-OTHER Win.Trojan.Redline variant upload attempt * 1:59147 <-> MALWARE-OTHER Win.Trojan.Redline variant download attempt * 1:59148 <-> MALWARE-OTHER Win.Trojan.Redline variant download attempt * 1:59149 <-> MALWARE-CNC Win.Trojan.Redline variant outbound request detected * 1:59150 <-> MALWARE-CNC Win.Trojan.Redline variant outbound request detected * 3:59151 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1468 attack attempt * 3:59152 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1474 attack attempt * 3:59153 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1472 attack attempt * 1:59154 <-> MALWARE-OTHER Win.Ransomware.HermeticRansom binary download attempt * 1:59155 <-> MALWARE-OTHER Win.Ransomware.HermeticRansom binary download attempt * 1:59156 <-> MALWARE-OTHER Win.Ransomware.HermeticRansom binary download attempt * 1:59157 <-> MALWARE-OTHER Win.Ransomware.HermeticRansom binary download attempt * 1:59158 <-> MALWARE-OTHER Win.Ransomware.HermeticRansom binary download attempt * 1:59159 <-> MALWARE-OTHER Win.Ransomware.HermeticRansom binary download attempt * 1:59160 <-> MALWARE-CNC Win.Trojan.Redline variant outbound request detected * 1:59161 <-> MALWARE-OTHER Win.Ransomware.WhiteBlackCrypt variant binary download attempt * 1:59162 <-> MALWARE-OTHER Win.Ransomware.WhiteBlackCrypt variant binary download attempt * 1:59163 <-> MALWARE-TOOLS Win.Malware.IsaacWiper variant download attempt * 1:59164 <-> MALWARE-TOOLS Win.Malware.IsaacWiper variant download attempt * 1:59165 <-> MALWARE-CNC Win.Malware.SunSeed outbound cnc connection attempt * 1:59166 <-> MALWARE-CNC Xls.Downloader.SunSeed payload download attempt * 1:59167 <-> MALWARE-CNC Xls.Downloader.SunSeed payload download attempt * 1:59168 <-> MALWARE-CNC Win.Malware.SunSeed outbound cnc connection attempt * 1:59169 <-> MALWARE-CNC Win.Malware.SunSeed payload download attempt attempt * 1:59170 <-> MALWARE-CNC Win.Malware.SunSeed payload download attempt attempt * 1:59171 <-> MALWARE-OTHER Xls.Downloader.SunSeed payload download attempt * 1:59172 <-> MALWARE-OTHER Xls.Downloader.SunSeed payload download attempt * 1:59173 <-> MALWARE-CNC Xls.Downloader.SunSeed payload download attempt * 1:59174 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59175 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59176 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59177 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59178 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59179 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59180 <-> MALWARE-OTHER Win.Trojan.WhisperGate backwards DLL download attempt * 1:59181 <-> MALWARE-OTHER Win.Trojan.WhisperGate backwards DLL download attempt * 1:59182 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59183 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59184 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59185 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59186 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59187 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59188 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59189 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59190 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59191 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59194 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59195 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59196 <-> MALWARE-OTHER Win.Loader.Agent download attempt * 1:59197 <-> MALWARE-OTHER Win.Loader.Agent upload attempt * 1:59198 <-> MALWARE-OTHER Win.Downloader.Saintbot download attempt * 1:59199 <-> MALWARE-OTHER Win.Downloader.Saintbot upload attempt * 1:59200 <-> MALWARE-OTHER Win.Infostealer.Vidar download attempt * 1:59201 <-> MALWARE-OTHER Win.Infostealer.Vidar download attempt * 1:59202 <-> MALWARE-CNC Win.Infostealer.Vidar outbound connection attempt * 1:59203 <-> MALWARE-CNC Win.Infostealer.Vidar outbound connection attempt * 1:59204 <-> MALWARE-OTHER Win.Trojan.Saintbot variant binary download attempt * 1:59205 <-> MALWARE-OTHER Win.Trojan.Saintbot variant binary upload attempt * 1:59206 <-> MALWARE-OTHER Win.Trojan.Ursnif variant binary upload attempt * 1:59207 <-> MALWARE-OTHER Win.Trojan.Ursnif variant binary download attempt * 1:59208 <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection * 1:59209 <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection
* 3:54028 <-> INDICATOR-SHELLCODE Java RMI deserialization exploit attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.20.0.
The format of the file is:
gid:sid <-> Message
* 1:58990 <-> MALWARE-CNC Win.Trojan.Saintbot variant outbound connection * 1:58991 <-> MALWARE-OTHER Windows Defender disable script detected * 3:59118 <-> SERVER-WEBAPP Cisco Expressway and TelePresence Video Communication Server directory traversal attempt * 3:59119 <-> SERVER-WEBAPP Cisco Expressway and TelePresence Video Communication Server directory traversal attempt * 3:59120 <-> SERVER-WEBAPP Cisco Expressway and TelePresence Video Communication Server directory traversal attempt * 3:59121 <-> SERVER-WEBAPP Cisco Expressway and TelePresence Video Communication Server command injection attempt * 3:59122 <-> SERVER-WEBAPP Cisco Expressway and TelePresence Video Communication Server command injection attempt * 3:59123 <-> SERVER-WEBAPP Cisco Expressway and TelePresence Video Communication Server command injection attempt * 3:59124 <-> SERVER-WEBAPP Cisco Expressway and TelePresence Video Communication Server command injection attempt * 3:59125 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1473 attack attempt * 1:59126 <-> SERVER-WEBAPP Advantech iView UserServlet SQL injection attempt * 1:59127 <-> SERVER-WEBAPP Advantech iView UserServlet SQL injection attempt * 1:59128 <-> SERVER-WEBAPP Advantech iView UserServlet SQL injection attempt * 1:59129 <-> SERVER-WEBAPP VMware vCenter Server file upload attempt * 1:59130 <-> MALWARE-TOOLS Bombardier http DoS tool * 1:59131 <-> MALWARE-OTHER Win.Trojan.Generic download attempt * 1:59132 <-> MALWARE-OTHER Win.Trojan.Generic upload attempt * 1:59133 <-> MALWARE-CNC Win.Trojan.AgentTesla outbound connection attempt * 1:59134 <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink upload attempt * 1:59135 <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink upload attempt * 1:59136 <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink download attempt * 1:59137 <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink download attempt * 1:59138 <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink download attempt * 1:59139 <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink upload attempt * 1:59140 <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink upload attempt * 1:59141 <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink upload attempt * 1:59142 <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink download attempt * 1:59143 <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink download attempt * 3:59144 <-> SERVER-OTHER Cisco Identity Services Engine RADIUS denial of service attempt * 1:59145 <-> MALWARE-OTHER Win.Trojan.Redline variant download attempt * 1:59146 <-> MALWARE-OTHER Win.Trojan.Redline variant upload attempt * 1:59147 <-> MALWARE-OTHER Win.Trojan.Redline variant download attempt * 1:59148 <-> MALWARE-OTHER Win.Trojan.Redline variant download attempt * 1:59149 <-> MALWARE-CNC Win.Trojan.Redline variant outbound request detected * 1:59150 <-> MALWARE-CNC Win.Trojan.Redline variant outbound request detected * 3:59151 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1468 attack attempt * 3:59152 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1474 attack attempt * 3:59153 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1472 attack attempt * 1:59154 <-> MALWARE-OTHER Win.Ransomware.HermeticRansom binary download attempt * 1:59155 <-> MALWARE-OTHER Win.Ransomware.HermeticRansom binary download attempt * 1:59156 <-> MALWARE-OTHER Win.Ransomware.HermeticRansom binary download attempt * 1:59157 <-> MALWARE-OTHER Win.Ransomware.HermeticRansom binary download attempt * 1:59158 <-> MALWARE-OTHER Win.Ransomware.HermeticRansom binary download attempt * 1:59159 <-> MALWARE-OTHER Win.Ransomware.HermeticRansom binary download attempt * 1:59160 <-> MALWARE-CNC Win.Trojan.Redline variant outbound request detected * 1:59161 <-> MALWARE-OTHER Win.Ransomware.WhiteBlackCrypt variant binary download attempt * 1:59162 <-> MALWARE-OTHER Win.Ransomware.WhiteBlackCrypt variant binary download attempt * 1:59163 <-> MALWARE-TOOLS Win.Malware.IsaacWiper variant download attempt * 1:59164 <-> MALWARE-TOOLS Win.Malware.IsaacWiper variant download attempt * 1:59165 <-> MALWARE-CNC Win.Malware.SunSeed outbound cnc connection attempt * 1:59166 <-> MALWARE-CNC Xls.Downloader.SunSeed payload download attempt * 1:59167 <-> MALWARE-CNC Xls.Downloader.SunSeed payload download attempt * 1:59168 <-> MALWARE-CNC Win.Malware.SunSeed outbound cnc connection attempt * 1:59169 <-> MALWARE-CNC Win.Malware.SunSeed payload download attempt attempt * 1:59170 <-> MALWARE-CNC Win.Malware.SunSeed payload download attempt attempt * 1:59171 <-> MALWARE-OTHER Xls.Downloader.SunSeed payload download attempt * 1:59172 <-> MALWARE-OTHER Xls.Downloader.SunSeed payload download attempt * 1:59173 <-> MALWARE-CNC Xls.Downloader.SunSeed payload download attempt * 1:59174 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59175 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59176 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59177 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59178 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59179 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59180 <-> MALWARE-OTHER Win.Trojan.WhisperGate backwards DLL download attempt * 1:59181 <-> MALWARE-OTHER Win.Trojan.WhisperGate backwards DLL download attempt * 1:59182 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59183 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59184 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59185 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59186 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59187 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59188 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59189 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59190 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59191 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59194 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59195 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59196 <-> MALWARE-OTHER Win.Loader.Agent download attempt * 1:59197 <-> MALWARE-OTHER Win.Loader.Agent upload attempt * 1:59198 <-> MALWARE-OTHER Win.Downloader.Saintbot download attempt * 1:59199 <-> MALWARE-OTHER Win.Downloader.Saintbot upload attempt * 1:59200 <-> MALWARE-OTHER Win.Infostealer.Vidar download attempt * 1:59201 <-> MALWARE-OTHER Win.Infostealer.Vidar download attempt * 1:59202 <-> MALWARE-CNC Win.Infostealer.Vidar outbound connection attempt * 1:59203 <-> MALWARE-CNC Win.Infostealer.Vidar outbound connection attempt * 1:59204 <-> MALWARE-OTHER Win.Trojan.Saintbot variant binary download attempt * 1:59205 <-> MALWARE-OTHER Win.Trojan.Saintbot variant binary upload attempt * 1:59206 <-> MALWARE-OTHER Win.Trojan.Ursnif variant binary upload attempt * 1:59207 <-> MALWARE-OTHER Win.Trojan.Ursnif variant binary download attempt * 1:59208 <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection * 1:59209 <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection
* 3:54028 <-> INDICATOR-SHELLCODE Java RMI deserialization exploit attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.21.0.
The format of the file is:
gid:sid <-> Message
* 1:58990 <-> MALWARE-CNC Win.Trojan.Saintbot variant outbound connection * 1:58991 <-> MALWARE-OTHER Windows Defender disable script detected * 3:59118 <-> SERVER-WEBAPP Cisco Expressway and TelePresence Video Communication Server directory traversal attempt * 3:59119 <-> SERVER-WEBAPP Cisco Expressway and TelePresence Video Communication Server directory traversal attempt * 3:59120 <-> SERVER-WEBAPP Cisco Expressway and TelePresence Video Communication Server directory traversal attempt * 3:59121 <-> SERVER-WEBAPP Cisco Expressway and TelePresence Video Communication Server command injection attempt * 3:59122 <-> SERVER-WEBAPP Cisco Expressway and TelePresence Video Communication Server command injection attempt * 3:59123 <-> SERVER-WEBAPP Cisco Expressway and TelePresence Video Communication Server command injection attempt * 3:59124 <-> SERVER-WEBAPP Cisco Expressway and TelePresence Video Communication Server command injection attempt * 3:59125 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1473 attack attempt * 1:59126 <-> SERVER-WEBAPP Advantech iView UserServlet SQL injection attempt * 1:59127 <-> SERVER-WEBAPP Advantech iView UserServlet SQL injection attempt * 1:59128 <-> SERVER-WEBAPP Advantech iView UserServlet SQL injection attempt * 1:59129 <-> SERVER-WEBAPP VMware vCenter Server file upload attempt * 1:59130 <-> MALWARE-TOOLS Bombardier http DoS tool * 1:59131 <-> MALWARE-OTHER Win.Trojan.Generic download attempt * 1:59132 <-> MALWARE-OTHER Win.Trojan.Generic upload attempt * 1:59133 <-> MALWARE-CNC Win.Trojan.AgentTesla outbound connection attempt * 1:59134 <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink upload attempt * 1:59135 <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink upload attempt * 1:59136 <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink download attempt * 1:59137 <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink download attempt * 1:59138 <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink download attempt * 1:59139 <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink upload attempt * 1:59140 <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink upload attempt * 1:59141 <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink upload attempt * 1:59142 <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink download attempt * 1:59143 <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink download attempt * 3:59144 <-> SERVER-OTHER Cisco Identity Services Engine RADIUS denial of service attempt * 1:59145 <-> MALWARE-OTHER Win.Trojan.Redline variant download attempt * 1:59146 <-> MALWARE-OTHER Win.Trojan.Redline variant upload attempt * 1:59147 <-> MALWARE-OTHER Win.Trojan.Redline variant download attempt * 1:59148 <-> MALWARE-OTHER Win.Trojan.Redline variant download attempt * 1:59149 <-> MALWARE-CNC Win.Trojan.Redline variant outbound request detected * 1:59150 <-> MALWARE-CNC Win.Trojan.Redline variant outbound request detected * 3:59151 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1468 attack attempt * 3:59152 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1474 attack attempt * 3:59153 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1472 attack attempt * 1:59154 <-> MALWARE-OTHER Win.Ransomware.HermeticRansom binary download attempt * 1:59155 <-> MALWARE-OTHER Win.Ransomware.HermeticRansom binary download attempt * 1:59156 <-> MALWARE-OTHER Win.Ransomware.HermeticRansom binary download attempt * 1:59157 <-> MALWARE-OTHER Win.Ransomware.HermeticRansom binary download attempt * 1:59158 <-> MALWARE-OTHER Win.Ransomware.HermeticRansom binary download attempt * 1:59159 <-> MALWARE-OTHER Win.Ransomware.HermeticRansom binary download attempt * 1:59160 <-> MALWARE-CNC Win.Trojan.Redline variant outbound request detected * 1:59161 <-> MALWARE-OTHER Win.Ransomware.WhiteBlackCrypt variant binary download attempt * 1:59162 <-> MALWARE-OTHER Win.Ransomware.WhiteBlackCrypt variant binary download attempt * 1:59163 <-> MALWARE-TOOLS Win.Malware.IsaacWiper variant download attempt * 1:59164 <-> MALWARE-TOOLS Win.Malware.IsaacWiper variant download attempt * 1:59165 <-> MALWARE-CNC Win.Malware.SunSeed outbound cnc connection attempt * 1:59166 <-> MALWARE-CNC Xls.Downloader.SunSeed payload download attempt * 1:59167 <-> MALWARE-CNC Xls.Downloader.SunSeed payload download attempt * 1:59168 <-> MALWARE-CNC Win.Malware.SunSeed outbound cnc connection attempt * 1:59169 <-> MALWARE-CNC Win.Malware.SunSeed payload download attempt attempt * 1:59170 <-> MALWARE-CNC Win.Malware.SunSeed payload download attempt attempt * 1:59171 <-> MALWARE-OTHER Xls.Downloader.SunSeed payload download attempt * 1:59172 <-> MALWARE-OTHER Xls.Downloader.SunSeed payload download attempt * 1:59173 <-> MALWARE-CNC Xls.Downloader.SunSeed payload download attempt * 1:59174 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59175 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59176 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59177 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59178 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59179 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59180 <-> MALWARE-OTHER Win.Trojan.WhisperGate backwards DLL download attempt * 1:59181 <-> MALWARE-OTHER Win.Trojan.WhisperGate backwards DLL download attempt * 1:59182 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59183 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59184 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59185 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59186 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59187 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59188 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59189 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59190 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59191 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59194 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59195 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:59196 <-> MALWARE-OTHER Win.Loader.Agent download attempt * 1:59197 <-> MALWARE-OTHER Win.Loader.Agent upload attempt * 1:59198 <-> MALWARE-OTHER Win.Downloader.Saintbot download attempt * 1:59199 <-> MALWARE-OTHER Win.Downloader.Saintbot upload attempt * 1:59200 <-> MALWARE-OTHER Win.Infostealer.Vidar download attempt * 1:59201 <-> MALWARE-OTHER Win.Infostealer.Vidar download attempt * 1:59202 <-> MALWARE-CNC Win.Infostealer.Vidar outbound connection attempt * 1:59203 <-> MALWARE-CNC Win.Infostealer.Vidar outbound connection attempt * 1:59204 <-> MALWARE-OTHER Win.Trojan.Saintbot variant binary download attempt * 1:59205 <-> MALWARE-OTHER Win.Trojan.Saintbot variant binary upload attempt * 1:59206 <-> MALWARE-OTHER Win.Trojan.Ursnif variant binary upload attempt * 1:59207 <-> MALWARE-OTHER Win.Trojan.Ursnif variant binary download attempt * 1:59208 <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection * 1:59209 <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection
* 3:54028 <-> INDICATOR-SHELLCODE Java RMI deserialization exploit attempt
©2024 Cisco and/or its affiliates. Snort, the Snort and Pig logo are registered trademarks of Cisco. All rights reserved.
