Talos Rules 2024-10-08
Talos is aware of vulnerabilities affecting products from Microsoft Corporation.

Microsoft Vulnerability CVE-2024-43502: A coding deficiency exists in Microsoft Windows Kernel that may lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with: Snort 2: GID 1, SIDs 64083 through 64084, Snort 3: GID 1, SID 301034.

Microsoft Vulnerability CVE-2024-43560: A coding deficiency exists in Microsoft Windows Storage Port Driver that may lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with: Snort 2: GID 1, SIDs 64111 through 64112, Snort 3: GID 1, SID 301041.

Microsoft Vulnerability CVE-2024-43572: A coding deficiency exists in Microsoft Management Console that may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with: Snort 2: GID 1, SIDs 64085 through 64086, Snort 3: GID 1, SID 301035.

Microsoft Vulnerability CVE-2024-43573: A coding deficiency exists in Microsoft Windows MSHTML Platform that may lead to spoofing.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with: Snort 2: GID 1, SIDs 64089 through 64090, Snort 3: GID 1, SID 301036.

Talos has added and modified multiple rules in the malware-other, os-other, os-windows and server-webapp rule sets to provide coverage for emerging threats from these technologies.

For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.

Change logs

2024-10-08 18:24:34 UTC

Snort Subscriber Rules Update

Date: 2024-10-08

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2092000.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:64080 <-> DISABLED <-> SERVER-WEBAPP Alteneregy Power Control Software command injection attempt (server-webapp.rules)
 * 1:64081 <-> DISABLED <-> SERVER-WEBAPP Alteneregy Power Control Software command injection attempt (server-webapp.rules)
 * 1:64082 <-> DISABLED <-> POLICY-OTHER Inductive Automation Ignition project listing request detected (policy-other.rules)
 * 1:64083 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt (os-windows.rules)
 * 1:64084 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt (os-windows.rules)
 * 1:64085 <-> DISABLED <-> OS-WINDOWS Microsoft Management Console remote code execution attempt (os-windows.rules)
 * 1:64086 <-> DISABLED <-> OS-WINDOWS Microsoft Management Console remote code execution attempt (os-windows.rules)
 * 1:64089 <-> DISABLED <-> OS-WINDOWS Microsoft Windows MSHTML platform spoofing attempt (os-windows.rules)
 * 1:64090 <-> DISABLED <-> OS-WINDOWS Microsoft Windows MSHTML platform spoofing attempt (os-windows.rules)
 * 1:64091 <-> DISABLED <-> SERVER-WEBAPP Ivanti Endpoint Manager EPM SQL injection attempt (server-webapp.rules)
 * 1:64092 <-> DISABLED <-> MALWARE-OTHER Win.Loader.PUBLOAD variant download attempt (malware-other.rules)
 * 1:64093 <-> DISABLED <-> MALWARE-OTHER Win.Loader.PUBLOAD variant download attempt (malware-other.rules)
 * 1:64094 <-> DISABLED <-> MALWARE-OTHER Win.Loader.PUBLOAD variant download attempt (malware-other.rules)
 * 1:64095 <-> DISABLED <-> MALWARE-OTHER Win.Loader.PUBLOAD variant download attempt (malware-other.rules)
 * 1:64096 <-> DISABLED <-> MALWARE-OTHER Win.Stealer.FDMTP variant download attempt (malware-other.rules)
 * 1:64097 <-> DISABLED <-> MALWARE-OTHER Win.Stealer.FDMTP variant download attempt (malware-other.rules)
 * 1:64098 <-> DISABLED <-> MALWARE-OTHER Win.Stealer.FDMTP variant download attempt (malware-other.rules)
 * 1:64099 <-> DISABLED <-> MALWARE-OTHER Win.Stealer.FDMTP variant download attempt (malware-other.rules)
 * 1:64100 <-> DISABLED <-> SERVER-WEBAPP D-Link DIR-820 Router OS command injection attempt (server-webapp.rules)
 * 1:64101 <-> DISABLED <-> SERVER-WEBAPP D-Link DIR-820 Router OS command injection attempt (server-webapp.rules)
 * 1:64102 <-> DISABLED <-> SERVER-WEBAPP D-Link DIR-820 Router OS command injection attempt (server-webapp.rules)
 * 1:64103 <-> DISABLED <-> SERVER-WEBAPP D-Link DIR-820 Router OS command injection attempt (server-webapp.rules)
 * 1:64104 <-> DISABLED <-> MALWARE-OTHER Win.Exploit.ElevationStation download attempt (malware-other.rules)
 * 1:64105 <-> DISABLED <-> MALWARE-OTHER Win.Exploit.ElevationStation download attempt (malware-other.rules)
 * 1:64106 <-> DISABLED <-> MALWARE-OTHER Win.Exploit.BypassUAC download attempt (malware-other.rules)
 * 1:64107 <-> DISABLED <-> MALWARE-OTHER Win.Loader.InSwor shellcode download attempt (malware-other.rules)
 * 1:64108 <-> DISABLED <-> MALWARE-OTHER Win.Loader.InSwor shellcode download attempt (malware-other.rules)
 * 1:64109 <-> DISABLED <-> MALWARE-OTHER Win.Loader.InSwor download attempt (malware-other.rules)
 * 1:64110 <-> DISABLED <-> MALWARE-OTHER Win.Loader.InSwor download attempt (malware-other.rules)
 * 1:64111 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Storage Port Driver elevation of privilege attempt (os-windows.rules)
 * 1:64112 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Storage Port Driver elevation of privilege attempt (os-windows.rules)
 * 3:64087 <-> ENABLED <-> OS-OTHER TRUFFLEHUNTER TALOS-2024-2081 attack attempt (os-other.rules)
 * 3:64088 <-> ENABLED <-> OS-OTHER TRUFFLEHUNTER TALOS-2024-2081 attack attempt (os-other.rules)

Modified Rules:



2024-10-08 18:24:34 UTC

Snort Subscriber Rules Update

Date: 2024-10-08

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2091900.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:64105 <-> DISABLED <-> MALWARE-OTHER Win.Exploit.ElevationStation download attempt (malware-other.rules)
 * 1:64111 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Storage Port Driver elevation of privilege attempt (os-windows.rules)
 * 1:64104 <-> DISABLED <-> MALWARE-OTHER Win.Exploit.ElevationStation download attempt (malware-other.rules)
 * 1:64112 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Storage Port Driver elevation of privilege attempt (os-windows.rules)
 * 1:64080 <-> DISABLED <-> SERVER-WEBAPP Alteneregy Power Control Software command injection attempt (server-webapp.rules)
 * 1:64081 <-> DISABLED <-> SERVER-WEBAPP Alteneregy Power Control Software command injection attempt (server-webapp.rules)
 * 1:64082 <-> DISABLED <-> POLICY-OTHER Inductive Automation Ignition project listing request detected (policy-other.rules)
 * 1:64083 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt (os-windows.rules)
 * 1:64084 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt (os-windows.rules)
 * 1:64085 <-> DISABLED <-> OS-WINDOWS Microsoft Management Console remote code execution attempt (os-windows.rules)
 * 1:64086 <-> DISABLED <-> OS-WINDOWS Microsoft Management Console remote code execution attempt (os-windows.rules)
 * 1:64089 <-> DISABLED <-> OS-WINDOWS Microsoft Windows MSHTML platform spoofing attempt (os-windows.rules)
 * 1:64090 <-> DISABLED <-> OS-WINDOWS Microsoft Windows MSHTML platform spoofing attempt (os-windows.rules)
 * 1:64091 <-> DISABLED <-> SERVER-WEBAPP Ivanti Endpoint Manager EPM SQL injection attempt (server-webapp.rules)
 * 1:64092 <-> DISABLED <-> MALWARE-OTHER Win.Loader.PUBLOAD variant download attempt (malware-other.rules)
 * 1:64093 <-> DISABLED <-> MALWARE-OTHER Win.Loader.PUBLOAD variant download attempt (malware-other.rules)
 * 1:64094 <-> DISABLED <-> MALWARE-OTHER Win.Loader.PUBLOAD variant download attempt (malware-other.rules)
 * 1:64095 <-> DISABLED <-> MALWARE-OTHER Win.Loader.PUBLOAD variant download attempt (malware-other.rules)
 * 1:64096 <-> DISABLED <-> MALWARE-OTHER Win.Stealer.FDMTP variant download attempt (malware-other.rules)
 * 1:64097 <-> DISABLED <-> MALWARE-OTHER Win.Stealer.FDMTP variant download attempt (malware-other.rules)
 * 1:64098 <-> DISABLED <-> MALWARE-OTHER Win.Stealer.FDMTP variant download attempt (malware-other.rules)
 * 1:64099 <-> DISABLED <-> MALWARE-OTHER Win.Stealer.FDMTP variant download attempt (malware-other.rules)
 * 1:64100 <-> DISABLED <-> SERVER-WEBAPP D-Link DIR-820 Router OS command injection attempt (server-webapp.rules)
 * 1:64101 <-> DISABLED <-> SERVER-WEBAPP D-Link DIR-820 Router OS command injection attempt (server-webapp.rules)
 * 1:64102 <-> DISABLED <-> SERVER-WEBAPP D-Link DIR-820 Router OS command injection attempt (server-webapp.rules)
 * 1:64107 <-> DISABLED <-> MALWARE-OTHER Win.Loader.InSwor shellcode download attempt (malware-other.rules)
 * 1:64108 <-> DISABLED <-> MALWARE-OTHER Win.Loader.InSwor shellcode download attempt (malware-other.rules)
 * 1:64106 <-> DISABLED <-> MALWARE-OTHER Win.Exploit.BypassUAC download attempt (malware-other.rules)
 * 1:64109 <-> DISABLED <-> MALWARE-OTHER Win.Loader.InSwor download attempt (malware-other.rules)
 * 1:64110 <-> DISABLED <-> MALWARE-OTHER Win.Loader.InSwor download attempt (malware-other.rules)
 * 1:64103 <-> DISABLED <-> SERVER-WEBAPP D-Link DIR-820 Router OS command injection attempt (server-webapp.rules)
 * 3:64087 <-> ENABLED <-> OS-OTHER TRUFFLEHUNTER TALOS-2024-2081 attack attempt (os-other.rules)
 * 3:64088 <-> ENABLED <-> OS-OTHER TRUFFLEHUNTER TALOS-2024-2081 attack attempt (os-other.rules)

Modified Rules:



2024-10-08 18:24:34 UTC

Snort Subscriber Rules Update

Date: 2024-10-08

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2091801.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:64106 <-> DISABLED <-> MALWARE-OTHER Win.Exploit.BypassUAC download attempt (malware-other.rules)
 * 1:64110 <-> DISABLED <-> MALWARE-OTHER Win.Loader.InSwor download attempt (malware-other.rules)
 * 1:64109 <-> DISABLED <-> MALWARE-OTHER Win.Loader.InSwor download attempt (malware-other.rules)
 * 1:64108 <-> DISABLED <-> MALWARE-OTHER Win.Loader.InSwor shellcode download attempt (malware-other.rules)
 * 1:64111 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Storage Port Driver elevation of privilege attempt (os-windows.rules)
 * 1:64112 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Storage Port Driver elevation of privilege attempt (os-windows.rules)
 * 1:64107 <-> DISABLED <-> MALWARE-OTHER Win.Loader.InSwor shellcode download attempt (malware-other.rules)
 * 1:64080 <-> DISABLED <-> SERVER-WEBAPP Alteneregy Power Control Software command injection attempt (server-webapp.rules)
 * 1:64081 <-> DISABLED <-> SERVER-WEBAPP Alteneregy Power Control Software command injection attempt (server-webapp.rules)
 * 1:64102 <-> DISABLED <-> SERVER-WEBAPP D-Link DIR-820 Router OS command injection attempt (server-webapp.rules)
 * 1:64104 <-> DISABLED <-> MALWARE-OTHER Win.Exploit.ElevationStation download attempt (malware-other.rules)
 * 1:64103 <-> DISABLED <-> SERVER-WEBAPP D-Link DIR-820 Router OS command injection attempt (server-webapp.rules)
 * 1:64105 <-> DISABLED <-> MALWARE-OTHER Win.Exploit.ElevationStation download attempt (malware-other.rules)
 * 1:64083 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt (os-windows.rules)
 * 1:64082 <-> DISABLED <-> POLICY-OTHER Inductive Automation Ignition project listing request detected (policy-other.rules)
 * 1:64085 <-> DISABLED <-> OS-WINDOWS Microsoft Management Console remote code execution attempt (os-windows.rules)
 * 1:64084 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt (os-windows.rules)
 * 1:64089 <-> DISABLED <-> OS-WINDOWS Microsoft Windows MSHTML platform spoofing attempt (os-windows.rules)
 * 1:64086 <-> DISABLED <-> OS-WINDOWS Microsoft Management Console remote code execution attempt (os-windows.rules)
 * 1:64091 <-> DISABLED <-> SERVER-WEBAPP Ivanti Endpoint Manager EPM SQL injection attempt (server-webapp.rules)
 * 1:64090 <-> DISABLED <-> OS-WINDOWS Microsoft Windows MSHTML platform spoofing attempt (os-windows.rules)
 * 1:64092 <-> DISABLED <-> MALWARE-OTHER Win.Loader.PUBLOAD variant download attempt (malware-other.rules)
 * 1:64094 <-> DISABLED <-> MALWARE-OTHER Win.Loader.PUBLOAD variant download attempt (malware-other.rules)
 * 1:64093 <-> DISABLED <-> MALWARE-OTHER Win.Loader.PUBLOAD variant download attempt (malware-other.rules)
 * 1:64096 <-> DISABLED <-> MALWARE-OTHER Win.Stealer.FDMTP variant download attempt (malware-other.rules)
 * 1:64095 <-> DISABLED <-> MALWARE-OTHER Win.Loader.PUBLOAD variant download attempt (malware-other.rules)
 * 1:64097 <-> DISABLED <-> MALWARE-OTHER Win.Stealer.FDMTP variant download attempt (malware-other.rules)
 * 1:64099 <-> DISABLED <-> MALWARE-OTHER Win.Stealer.FDMTP variant download attempt (malware-other.rules)
 * 1:64098 <-> DISABLED <-> MALWARE-OTHER Win.Stealer.FDMTP variant download attempt (malware-other.rules)
 * 1:64101 <-> DISABLED <-> SERVER-WEBAPP D-Link DIR-820 Router OS command injection attempt (server-webapp.rules)
 * 1:64100 <-> DISABLED <-> SERVER-WEBAPP D-Link DIR-820 Router OS command injection attempt (server-webapp.rules)
 * 3:64087 <-> ENABLED <-> OS-OTHER TRUFFLEHUNTER TALOS-2024-2081 attack attempt (os-other.rules)
 * 3:64088 <-> ENABLED <-> OS-OTHER TRUFFLEHUNTER TALOS-2024-2081 attack attempt (os-other.rules)

Modified Rules:



2024-10-08 18:24:34 UTC

Snort Subscriber Rules Update

Date: 2024-10-08

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2091701.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:64109 <-> DISABLED <-> MALWARE-OTHER Win.Loader.InSwor download attempt (malware-other.rules)
 * 1:64105 <-> DISABLED <-> MALWARE-OTHER Win.Exploit.ElevationStation download attempt (malware-other.rules)
 * 1:64110 <-> DISABLED <-> MALWARE-OTHER Win.Loader.InSwor download attempt (malware-other.rules)
 * 1:64111 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Storage Port Driver elevation of privilege attempt (os-windows.rules)
 * 1:64112 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Storage Port Driver elevation of privilege attempt (os-windows.rules)
 * 1:64080 <-> DISABLED <-> SERVER-WEBAPP Alteneregy Power Control Software command injection attempt (server-webapp.rules)
 * 1:64107 <-> DISABLED <-> MALWARE-OTHER Win.Loader.InSwor shellcode download attempt (malware-other.rules)
 * 1:64108 <-> DISABLED <-> MALWARE-OTHER Win.Loader.InSwor shellcode download attempt (malware-other.rules)
 * 1:64082 <-> DISABLED <-> POLICY-OTHER Inductive Automation Ignition project listing request detected (policy-other.rules)
 * 1:64090 <-> DISABLED <-> OS-WINDOWS Microsoft Windows MSHTML platform spoofing attempt (os-windows.rules)
 * 1:64089 <-> DISABLED <-> OS-WINDOWS Microsoft Windows MSHTML platform spoofing attempt (os-windows.rules)
 * 1:64092 <-> DISABLED <-> MALWARE-OTHER Win.Loader.PUBLOAD variant download attempt (malware-other.rules)
 * 1:64091 <-> DISABLED <-> SERVER-WEBAPP Ivanti Endpoint Manager EPM SQL injection attempt (server-webapp.rules)
 * 1:64094 <-> DISABLED <-> MALWARE-OTHER Win.Loader.PUBLOAD variant download attempt (malware-other.rules)
 * 1:64093 <-> DISABLED <-> MALWARE-OTHER Win.Loader.PUBLOAD variant download attempt (malware-other.rules)
 * 1:64096 <-> DISABLED <-> MALWARE-OTHER Win.Stealer.FDMTP variant download attempt (malware-other.rules)
 * 1:64095 <-> DISABLED <-> MALWARE-OTHER Win.Loader.PUBLOAD variant download attempt (malware-other.rules)
 * 1:64097 <-> DISABLED <-> MALWARE-OTHER Win.Stealer.FDMTP variant download attempt (malware-other.rules)
 * 1:64099 <-> DISABLED <-> MALWARE-OTHER Win.Stealer.FDMTP variant download attempt (malware-other.rules)
 * 1:64098 <-> DISABLED <-> MALWARE-OTHER Win.Stealer.FDMTP variant download attempt (malware-other.rules)
 * 1:64101 <-> DISABLED <-> SERVER-WEBAPP D-Link DIR-820 Router OS command injection attempt (server-webapp.rules)
 * 1:64100 <-> DISABLED <-> SERVER-WEBAPP D-Link DIR-820 Router OS command injection attempt (server-webapp.rules)
 * 1:64102 <-> DISABLED <-> SERVER-WEBAPP D-Link DIR-820 Router OS command injection attempt (server-webapp.rules)
 * 1:64104 <-> DISABLED <-> MALWARE-OTHER Win.Exploit.ElevationStation download attempt (malware-other.rules)
 * 1:64103 <-> DISABLED <-> SERVER-WEBAPP D-Link DIR-820 Router OS command injection attempt (server-webapp.rules)
 * 1:64085 <-> DISABLED <-> OS-WINDOWS Microsoft Management Console remote code execution attempt (os-windows.rules)
 * 1:64083 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt (os-windows.rules)
 * 1:64084 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt (os-windows.rules)
 * 1:64106 <-> DISABLED <-> MALWARE-OTHER Win.Exploit.BypassUAC download attempt (malware-other.rules)
 * 1:64081 <-> DISABLED <-> SERVER-WEBAPP Alteneregy Power Control Software command injection attempt (server-webapp.rules)
 * 1:64086 <-> DISABLED <-> OS-WINDOWS Microsoft Management Console remote code execution attempt (os-windows.rules)
 * 3:64087 <-> ENABLED <-> OS-OTHER TRUFFLEHUNTER TALOS-2024-2081 attack attempt (os-other.rules)
 * 3:64088 <-> ENABLED <-> OS-OTHER TRUFFLEHUNTER TALOS-2024-2081 attack attempt (os-other.rules)

Modified Rules:



2024-10-08 18:24:34 UTC

Snort Subscriber Rules Update

Date: 2024-10-08

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2091700.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:64103 <-> DISABLED <-> SERVER-WEBAPP D-Link DIR-820 Router OS command injection attempt (server-webapp.rules)
 * 1:64105 <-> DISABLED <-> MALWARE-OTHER Win.Exploit.ElevationStation download attempt (malware-other.rules)
 * 1:64080 <-> DISABLED <-> SERVER-WEBAPP Alteneregy Power Control Software command injection attempt (server-webapp.rules)
 * 1:64109 <-> DISABLED <-> MALWARE-OTHER Win.Loader.InSwor download attempt (malware-other.rules)
 * 1:64106 <-> DISABLED <-> MALWARE-OTHER Win.Exploit.BypassUAC download attempt (malware-other.rules)
 * 1:64112 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Storage Port Driver elevation of privilege attempt (os-windows.rules)
 * 1:64081 <-> DISABLED <-> SERVER-WEBAPP Alteneregy Power Control Software command injection attempt (server-webapp.rules)
 * 1:64101 <-> DISABLED <-> SERVER-WEBAPP D-Link DIR-820 Router OS command injection attempt (server-webapp.rules)
 * 1:64102 <-> DISABLED <-> SERVER-WEBAPP D-Link DIR-820 Router OS command injection attempt (server-webapp.rules)
 * 1:64100 <-> DISABLED <-> SERVER-WEBAPP D-Link DIR-820 Router OS command injection attempt (server-webapp.rules)
 * 1:64098 <-> DISABLED <-> MALWARE-OTHER Win.Stealer.FDMTP variant download attempt (malware-other.rules)
 * 1:64104 <-> DISABLED <-> MALWARE-OTHER Win.Exploit.ElevationStation download attempt (malware-other.rules)
 * 1:64110 <-> DISABLED <-> MALWARE-OTHER Win.Loader.InSwor download attempt (malware-other.rules)
 * 1:64108 <-> DISABLED <-> MALWARE-OTHER Win.Loader.InSwor shellcode download attempt (malware-other.rules)
 * 1:64107 <-> DISABLED <-> MALWARE-OTHER Win.Loader.InSwor shellcode download attempt (malware-other.rules)
 * 1:64111 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Storage Port Driver elevation of privilege attempt (os-windows.rules)
 * 1:64083 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt (os-windows.rules)
 * 1:64082 <-> DISABLED <-> POLICY-OTHER Inductive Automation Ignition project listing request detected (policy-other.rules)
 * 1:64085 <-> DISABLED <-> OS-WINDOWS Microsoft Management Console remote code execution attempt (os-windows.rules)
 * 1:64084 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt (os-windows.rules)
 * 1:64089 <-> DISABLED <-> OS-WINDOWS Microsoft Windows MSHTML platform spoofing attempt (os-windows.rules)
 * 1:64086 <-> DISABLED <-> OS-WINDOWS Microsoft Management Console remote code execution attempt (os-windows.rules)
 * 1:64091 <-> DISABLED <-> SERVER-WEBAPP Ivanti Endpoint Manager EPM SQL injection attempt (server-webapp.rules)
 * 1:64090 <-> DISABLED <-> OS-WINDOWS Microsoft Windows MSHTML platform spoofing attempt (os-windows.rules)
 * 1:64092 <-> DISABLED <-> MALWARE-OTHER Win.Loader.PUBLOAD variant download attempt (malware-other.rules)
 * 1:64094 <-> DISABLED <-> MALWARE-OTHER Win.Loader.PUBLOAD variant download attempt (malware-other.rules)
 * 1:64093 <-> DISABLED <-> MALWARE-OTHER Win.Loader.PUBLOAD variant download attempt (malware-other.rules)
 * 1:64096 <-> DISABLED <-> MALWARE-OTHER Win.Stealer.FDMTP variant download attempt (malware-other.rules)
 * 1:64095 <-> DISABLED <-> MALWARE-OTHER Win.Loader.PUBLOAD variant download attempt (malware-other.rules)
 * 1:64097 <-> DISABLED <-> MALWARE-OTHER Win.Stealer.FDMTP variant download attempt (malware-other.rules)
 * 1:64099 <-> DISABLED <-> MALWARE-OTHER Win.Stealer.FDMTP variant download attempt (malware-other.rules)
 * 3:64087 <-> ENABLED <-> OS-OTHER TRUFFLEHUNTER TALOS-2024-2081 attack attempt (os-other.rules)
 * 3:64088 <-> ENABLED <-> OS-OTHER TRUFFLEHUNTER TALOS-2024-2081 attack attempt (os-other.rules)

Modified Rules:



2024-10-08 18:24:34 UTC

Snort Subscriber Rules Update

Date: 2024-10-08

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2091601.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:64090 <-> DISABLED <-> OS-WINDOWS Microsoft Windows MSHTML platform spoofing attempt (os-windows.rules)
 * 1:64110 <-> DISABLED <-> MALWARE-OTHER Win.Loader.InSwor download attempt (malware-other.rules)
 * 1:64089 <-> DISABLED <-> OS-WINDOWS Microsoft Windows MSHTML platform spoofing attempt (os-windows.rules)
 * 1:64082 <-> DISABLED <-> POLICY-OTHER Inductive Automation Ignition project listing request detected (policy-other.rules)
 * 1:64081 <-> DISABLED <-> SERVER-WEBAPP Alteneregy Power Control Software command injection attempt (server-webapp.rules)
 * 1:64112 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Storage Port Driver elevation of privilege attempt (os-windows.rules)
 * 1:64108 <-> DISABLED <-> MALWARE-OTHER Win.Loader.InSwor shellcode download attempt (malware-other.rules)
 * 1:64092 <-> DISABLED <-> MALWARE-OTHER Win.Loader.PUBLOAD variant download attempt (malware-other.rules)
 * 1:64093 <-> DISABLED <-> MALWARE-OTHER Win.Loader.PUBLOAD variant download attempt (malware-other.rules)
 * 1:64097 <-> DISABLED <-> MALWARE-OTHER Win.Stealer.FDMTP variant download attempt (malware-other.rules)
 * 1:64094 <-> DISABLED <-> MALWARE-OTHER Win.Loader.PUBLOAD variant download attempt (malware-other.rules)
 * 1:64095 <-> DISABLED <-> MALWARE-OTHER Win.Loader.PUBLOAD variant download attempt (malware-other.rules)
 * 1:64101 <-> DISABLED <-> SERVER-WEBAPP D-Link DIR-820 Router OS command injection attempt (server-webapp.rules)
 * 1:64098 <-> DISABLED <-> MALWARE-OTHER Win.Stealer.FDMTP variant download attempt (malware-other.rules)
 * 1:64099 <-> DISABLED <-> MALWARE-OTHER Win.Stealer.FDMTP variant download attempt (malware-other.rules)
 * 1:64096 <-> DISABLED <-> MALWARE-OTHER Win.Stealer.FDMTP variant download attempt (malware-other.rules)
 * 1:64103 <-> DISABLED <-> SERVER-WEBAPP D-Link DIR-820 Router OS command injection attempt (server-webapp.rules)
 * 1:64104 <-> DISABLED <-> MALWARE-OTHER Win.Exploit.ElevationStation download attempt (malware-other.rules)
 * 1:64102 <-> DISABLED <-> SERVER-WEBAPP D-Link DIR-820 Router OS command injection attempt (server-webapp.rules)
 * 1:64100 <-> DISABLED <-> SERVER-WEBAPP D-Link DIR-820 Router OS command injection attempt (server-webapp.rules)
 * 1:64086 <-> DISABLED <-> OS-WINDOWS Microsoft Management Console remote code execution attempt (os-windows.rules)
 * 1:64105 <-> DISABLED <-> MALWARE-OTHER Win.Exploit.ElevationStation download attempt (malware-other.rules)
 * 1:64106 <-> DISABLED <-> MALWARE-OTHER Win.Exploit.BypassUAC download attempt (malware-other.rules)
 * 1:64084 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt (os-windows.rules)
 * 1:64083 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt (os-windows.rules)
 * 1:64085 <-> DISABLED <-> OS-WINDOWS Microsoft Management Console remote code execution attempt (os-windows.rules)
 * 1:64080 <-> DISABLED <-> SERVER-WEBAPP Alteneregy Power Control Software command injection attempt (server-webapp.rules)
 * 1:64111 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Storage Port Driver elevation of privilege attempt (os-windows.rules)
 * 1:64091 <-> DISABLED <-> SERVER-WEBAPP Ivanti Endpoint Manager EPM SQL injection attempt (server-webapp.rules)
 * 1:64109 <-> DISABLED <-> MALWARE-OTHER Win.Loader.InSwor download attempt (malware-other.rules)
 * 1:64107 <-> DISABLED <-> MALWARE-OTHER Win.Loader.InSwor shellcode download attempt (malware-other.rules)
 * 3:64087 <-> ENABLED <-> OS-OTHER TRUFFLEHUNTER TALOS-2024-2081 attack attempt (os-other.rules)
 * 3:64088 <-> ENABLED <-> OS-OTHER TRUFFLEHUNTER TALOS-2024-2081 attack attempt (os-other.rules)

Modified Rules:



2024-10-08 18:24:34 UTC

Snort Subscriber Rules Update

Date: 2024-10-08

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2091600.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:64081 <-> DISABLED <-> SERVER-WEBAPP Alteneregy Power Control Software command injection attempt (server-webapp.rules)
 * 1:64110 <-> DISABLED <-> MALWARE-OTHER Win.Loader.InSwor download attempt (malware-other.rules)
 * 1:64112 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Storage Port Driver elevation of privilege attempt (os-windows.rules)
 * 1:64105 <-> DISABLED <-> MALWARE-OTHER Win.Exploit.ElevationStation download attempt (malware-other.rules)
 * 1:64106 <-> DISABLED <-> MALWARE-OTHER Win.Exploit.BypassUAC download attempt (malware-other.rules)
 * 1:64109 <-> DISABLED <-> MALWARE-OTHER Win.Loader.InSwor download attempt (malware-other.rules)
 * 1:64111 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Storage Port Driver elevation of privilege attempt (os-windows.rules)
 * 1:64082 <-> DISABLED <-> POLICY-OTHER Inductive Automation Ignition project listing request detected (policy-other.rules)
 * 1:64104 <-> DISABLED <-> MALWARE-OTHER Win.Exploit.ElevationStation download attempt (malware-other.rules)
 * 1:64107 <-> DISABLED <-> MALWARE-OTHER Win.Loader.InSwor shellcode download attempt (malware-other.rules)
 * 1:64085 <-> DISABLED <-> OS-WINDOWS Microsoft Management Console remote code execution attempt (os-windows.rules)
 * 1:64086 <-> DISABLED <-> OS-WINDOWS Microsoft Management Console remote code execution attempt (os-windows.rules)
 * 1:64083 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt (os-windows.rules)
 * 1:64091 <-> DISABLED <-> SERVER-WEBAPP Ivanti Endpoint Manager EPM SQL injection attempt (server-webapp.rules)
 * 1:64092 <-> DISABLED <-> MALWARE-OTHER Win.Loader.PUBLOAD variant download attempt (malware-other.rules)
 * 1:64089 <-> DISABLED <-> OS-WINDOWS Microsoft Windows MSHTML platform spoofing attempt (os-windows.rules)
 * 1:64095 <-> DISABLED <-> MALWARE-OTHER Win.Loader.PUBLOAD variant download attempt (malware-other.rules)
 * 1:64096 <-> DISABLED <-> MALWARE-OTHER Win.Stealer.FDMTP variant download attempt (malware-other.rules)
 * 1:64093 <-> DISABLED <-> MALWARE-OTHER Win.Loader.PUBLOAD variant download attempt (malware-other.rules)
 * 1:64084 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt (os-windows.rules)
 * 1:64099 <-> DISABLED <-> MALWARE-OTHER Win.Stealer.FDMTP variant download attempt (malware-other.rules)
 * 1:64100 <-> DISABLED <-> SERVER-WEBAPP D-Link DIR-820 Router OS command injection attempt (server-webapp.rules)
 * 1:64097 <-> DISABLED <-> MALWARE-OTHER Win.Stealer.FDMTP variant download attempt (malware-other.rules)
 * 1:64090 <-> DISABLED <-> OS-WINDOWS Microsoft Windows MSHTML platform spoofing attempt (os-windows.rules)
 * 1:64103 <-> DISABLED <-> SERVER-WEBAPP D-Link DIR-820 Router OS command injection attempt (server-webapp.rules)
 * 1:64101 <-> DISABLED <-> SERVER-WEBAPP D-Link DIR-820 Router OS command injection attempt (server-webapp.rules)
 * 1:64094 <-> DISABLED <-> MALWARE-OTHER Win.Loader.PUBLOAD variant download attempt (malware-other.rules)
 * 1:64080 <-> DISABLED <-> SERVER-WEBAPP Alteneregy Power Control Software command injection attempt (server-webapp.rules)
 * 1:64098 <-> DISABLED <-> MALWARE-OTHER Win.Stealer.FDMTP variant download attempt (malware-other.rules)
 * 1:64102 <-> DISABLED <-> SERVER-WEBAPP D-Link DIR-820 Router OS command injection attempt (server-webapp.rules)
 * 1:64108 <-> DISABLED <-> MALWARE-OTHER Win.Loader.InSwor shellcode download attempt (malware-other.rules)
 * 3:64087 <-> ENABLED <-> OS-OTHER TRUFFLEHUNTER TALOS-2024-2081 attack attempt (os-other.rules)
 * 3:64088 <-> ENABLED <-> OS-OTHER TRUFFLEHUNTER TALOS-2024-2081 attack attempt (os-other.rules)

Modified Rules:



2024-10-08 18:24:34 UTC

Snort Subscriber Rules Update

Date: 2024-10-08

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2091501.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:64106 <-> DISABLED <-> MALWARE-OTHER Win.Exploit.BypassUAC download attempt (malware-other.rules)
 * 1:64111 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Storage Port Driver elevation of privilege attempt (os-windows.rules)
 * 1:64107 <-> DISABLED <-> MALWARE-OTHER Win.Loader.InSwor shellcode download attempt (malware-other.rules)
 * 1:64080 <-> DISABLED <-> SERVER-WEBAPP Alteneregy Power Control Software command injection attempt (server-webapp.rules)
 * 1:64082 <-> DISABLED <-> POLICY-OTHER Inductive Automation Ignition project listing request detected (policy-other.rules)
 * 1:64083 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt (os-windows.rules)
 * 1:64084 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt (os-windows.rules)
 * 1:64085 <-> DISABLED <-> OS-WINDOWS Microsoft Management Console remote code execution attempt (os-windows.rules)
 * 1:64081 <-> DISABLED <-> SERVER-WEBAPP Alteneregy Power Control Software command injection attempt (server-webapp.rules)
 * 1:64086 <-> DISABLED <-> OS-WINDOWS Microsoft Management Console remote code execution attempt (os-windows.rules)
 * 1:64089 <-> DISABLED <-> OS-WINDOWS Microsoft Windows MSHTML platform spoofing attempt (os-windows.rules)
 * 1:64090 <-> DISABLED <-> OS-WINDOWS Microsoft Windows MSHTML platform spoofing attempt (os-windows.rules)
 * 1:64091 <-> DISABLED <-> SERVER-WEBAPP Ivanti Endpoint Manager EPM SQL injection attempt (server-webapp.rules)
 * 1:64092 <-> DISABLED <-> MALWARE-OTHER Win.Loader.PUBLOAD variant download attempt (malware-other.rules)
 * 1:64093 <-> DISABLED <-> MALWARE-OTHER Win.Loader.PUBLOAD variant download attempt (malware-other.rules)
 * 1:64094 <-> DISABLED <-> MALWARE-OTHER Win.Loader.PUBLOAD variant download attempt (malware-other.rules)
 * 1:64095 <-> DISABLED <-> MALWARE-OTHER Win.Loader.PUBLOAD variant download attempt (malware-other.rules)
 * 1:64096 <-> DISABLED <-> MALWARE-OTHER Win.Stealer.FDMTP variant download attempt (malware-other.rules)
 * 1:64097 <-> DISABLED <-> MALWARE-OTHER Win.Stealer.FDMTP variant download attempt (malware-other.rules)
 * 1:64098 <-> DISABLED <-> MALWARE-OTHER Win.Stealer.FDMTP variant download attempt (malware-other.rules)
 * 1:64099 <-> DISABLED <-> MALWARE-OTHER Win.Stealer.FDMTP variant download attempt (malware-other.rules)
 * 1:64100 <-> DISABLED <-> SERVER-WEBAPP D-Link DIR-820 Router OS command injection attempt (server-webapp.rules)
 * 1:64101 <-> DISABLED <-> SERVER-WEBAPP D-Link DIR-820 Router OS command injection attempt (server-webapp.rules)
 * 1:64102 <-> DISABLED <-> SERVER-WEBAPP D-Link DIR-820 Router OS command injection attempt (server-webapp.rules)
 * 1:64103 <-> DISABLED <-> SERVER-WEBAPP D-Link DIR-820 Router OS command injection attempt (server-webapp.rules)
 * 1:64104 <-> DISABLED <-> MALWARE-OTHER Win.Exploit.ElevationStation download attempt (malware-other.rules)
 * 1:64105 <-> DISABLED <-> MALWARE-OTHER Win.Exploit.ElevationStation download attempt (malware-other.rules)
 * 1:64112 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Storage Port Driver elevation of privilege attempt (os-windows.rules)
 * 1:64108 <-> DISABLED <-> MALWARE-OTHER Win.Loader.InSwor shellcode download attempt (malware-other.rules)
 * 1:64109 <-> DISABLED <-> MALWARE-OTHER Win.Loader.InSwor download attempt (malware-other.rules)
 * 1:64110 <-> DISABLED <-> MALWARE-OTHER Win.Loader.InSwor download attempt (malware-other.rules)
 * 3:64087 <-> ENABLED <-> OS-OTHER TRUFFLEHUNTER TALOS-2024-2081 attack attempt (os-other.rules)
 * 3:64088 <-> ENABLED <-> OS-OTHER TRUFFLEHUNTER TALOS-2024-2081 attack attempt (os-other.rules)

Modified Rules:



2024-10-08 18:24:34 UTC

Snort Subscriber Rules Update

Date: 2024-10-08

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2091401.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:64110 <-> DISABLED <-> MALWARE-OTHER Win.Loader.InSwor download attempt (malware-other.rules)
 * 1:64109 <-> DISABLED <-> MALWARE-OTHER Win.Loader.InSwor download attempt (malware-other.rules)
 * 1:64080 <-> DISABLED <-> SERVER-WEBAPP Alteneregy Power Control Software command injection attempt (server-webapp.rules)
 * 1:64112 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Storage Port Driver elevation of privilege attempt (os-windows.rules)
 * 1:64111 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Storage Port Driver elevation of privilege attempt (os-windows.rules)
 * 1:64083 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt (os-windows.rules)
 * 1:64108 <-> DISABLED <-> MALWARE-OTHER Win.Loader.InSwor shellcode download attempt (malware-other.rules)
 * 1:64081 <-> DISABLED <-> SERVER-WEBAPP Alteneregy Power Control Software command injection attempt (server-webapp.rules)
 * 1:64082 <-> DISABLED <-> POLICY-OTHER Inductive Automation Ignition project listing request detected (policy-other.rules)
 * 1:64085 <-> DISABLED <-> OS-WINDOWS Microsoft Management Console remote code execution attempt (os-windows.rules)
 * 1:64086 <-> DISABLED <-> OS-WINDOWS Microsoft Management Console remote code execution attempt (os-windows.rules)
 * 1:64089 <-> DISABLED <-> OS-WINDOWS Microsoft Windows MSHTML platform spoofing attempt (os-windows.rules)
 * 1:64090 <-> DISABLED <-> OS-WINDOWS Microsoft Windows MSHTML platform spoofing attempt (os-windows.rules)
 * 1:64091 <-> DISABLED <-> SERVER-WEBAPP Ivanti Endpoint Manager EPM SQL injection attempt (server-webapp.rules)
 * 1:64092 <-> DISABLED <-> MALWARE-OTHER Win.Loader.PUBLOAD variant download attempt (malware-other.rules)
 * 1:64093 <-> DISABLED <-> MALWARE-OTHER Win.Loader.PUBLOAD variant download attempt (malware-other.rules)
 * 1:64094 <-> DISABLED <-> MALWARE-OTHER Win.Loader.PUBLOAD variant download attempt (malware-other.rules)
 * 1:64095 <-> DISABLED <-> MALWARE-OTHER Win.Loader.PUBLOAD variant download attempt (malware-other.rules)
 * 1:64096 <-> DISABLED <-> MALWARE-OTHER Win.Stealer.FDMTP variant download attempt (malware-other.rules)
 * 1:64097 <-> DISABLED <-> MALWARE-OTHER Win.Stealer.FDMTP variant download attempt (malware-other.rules)
 * 1:64098 <-> DISABLED <-> MALWARE-OTHER Win.Stealer.FDMTP variant download attempt (malware-other.rules)
 * 1:64099 <-> DISABLED <-> MALWARE-OTHER Win.Stealer.FDMTP variant download attempt (malware-other.rules)
 * 1:64100 <-> DISABLED <-> SERVER-WEBAPP D-Link DIR-820 Router OS command injection attempt (server-webapp.rules)
 * 1:64101 <-> DISABLED <-> SERVER-WEBAPP D-Link DIR-820 Router OS command injection attempt (server-webapp.rules)
 * 1:64102 <-> DISABLED <-> SERVER-WEBAPP D-Link DIR-820 Router OS command injection attempt (server-webapp.rules)
 * 1:64103 <-> DISABLED <-> SERVER-WEBAPP D-Link DIR-820 Router OS command injection attempt (server-webapp.rules)
 * 1:64104 <-> DISABLED <-> MALWARE-OTHER Win.Exploit.ElevationStation download attempt (malware-other.rules)
 * 1:64105 <-> DISABLED <-> MALWARE-OTHER Win.Exploit.ElevationStation download attempt (malware-other.rules)
 * 1:64106 <-> DISABLED <-> MALWARE-OTHER Win.Exploit.BypassUAC download attempt (malware-other.rules)
 * 1:64107 <-> DISABLED <-> MALWARE-OTHER Win.Loader.InSwor shellcode download attempt (malware-other.rules)
 * 1:64084 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt (os-windows.rules)
 * 3:64087 <-> ENABLED <-> OS-OTHER TRUFFLEHUNTER TALOS-2024-2081 attack attempt (os-other.rules)
 * 3:64088 <-> ENABLED <-> OS-OTHER TRUFFLEHUNTER TALOS-2024-2081 attack attempt (os-other.rules)

Modified Rules:



2024-10-08 18:24:34 UTC

Snort Subscriber Rules Update

Date: 2024-10-08

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2091300.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:64108 <-> DISABLED <-> MALWARE-OTHER Win.Loader.InSwor shellcode download attempt (malware-other.rules)
 * 1:64080 <-> DISABLED <-> SERVER-WEBAPP Alteneregy Power Control Software command injection attempt (server-webapp.rules)
 * 1:64112 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Storage Port Driver elevation of privilege attempt (os-windows.rules)
 * 1:64111 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Storage Port Driver elevation of privilege attempt (os-windows.rules)
 * 1:64107 <-> DISABLED <-> MALWARE-OTHER Win.Loader.InSwor shellcode download attempt (malware-other.rules)
 * 1:64110 <-> DISABLED <-> MALWARE-OTHER Win.Loader.InSwor download attempt (malware-other.rules)
 * 1:64082 <-> DISABLED <-> POLICY-OTHER Inductive Automation Ignition project listing request detected (policy-other.rules)
 * 1:64083 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt (os-windows.rules)
 * 1:64084 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt (os-windows.rules)
 * 1:64085 <-> DISABLED <-> OS-WINDOWS Microsoft Management Console remote code execution attempt (os-windows.rules)
 * 1:64086 <-> DISABLED <-> OS-WINDOWS Microsoft Management Console remote code execution attempt (os-windows.rules)
 * 1:64089 <-> DISABLED <-> OS-WINDOWS Microsoft Windows MSHTML platform spoofing attempt (os-windows.rules)
 * 1:64090 <-> DISABLED <-> OS-WINDOWS Microsoft Windows MSHTML platform spoofing attempt (os-windows.rules)
 * 1:64091 <-> DISABLED <-> SERVER-WEBAPP Ivanti Endpoint Manager EPM SQL injection attempt (server-webapp.rules)
 * 1:64092 <-> DISABLED <-> MALWARE-OTHER Win.Loader.PUBLOAD variant download attempt (malware-other.rules)
 * 1:64093 <-> DISABLED <-> MALWARE-OTHER Win.Loader.PUBLOAD variant download attempt (malware-other.rules)
 * 1:64094 <-> DISABLED <-> MALWARE-OTHER Win.Loader.PUBLOAD variant download attempt (malware-other.rules)
 * 1:64095 <-> DISABLED <-> MALWARE-OTHER Win.Loader.PUBLOAD variant download attempt (malware-other.rules)
 * 1:64096 <-> DISABLED <-> MALWARE-OTHER Win.Stealer.FDMTP variant download attempt (malware-other.rules)
 * 1:64097 <-> DISABLED <-> MALWARE-OTHER Win.Stealer.FDMTP variant download attempt (malware-other.rules)
 * 1:64106 <-> DISABLED <-> MALWARE-OTHER Win.Exploit.BypassUAC download attempt (malware-other.rules)
 * 1:64098 <-> DISABLED <-> MALWARE-OTHER Win.Stealer.FDMTP variant download attempt (malware-other.rules)
 * 1:64099 <-> DISABLED <-> MALWARE-OTHER Win.Stealer.FDMTP variant download attempt (malware-other.rules)
 * 1:64100 <-> DISABLED <-> SERVER-WEBAPP D-Link DIR-820 Router OS command injection attempt (server-webapp.rules)
 * 1:64101 <-> DISABLED <-> SERVER-WEBAPP D-Link DIR-820 Router OS command injection attempt (server-webapp.rules)
 * 1:64081 <-> DISABLED <-> SERVER-WEBAPP Alteneregy Power Control Software command injection attempt (server-webapp.rules)
 * 1:64102 <-> DISABLED <-> SERVER-WEBAPP D-Link DIR-820 Router OS command injection attempt (server-webapp.rules)
 * 1:64103 <-> DISABLED <-> SERVER-WEBAPP D-Link DIR-820 Router OS command injection attempt (server-webapp.rules)
 * 1:64104 <-> DISABLED <-> MALWARE-OTHER Win.Exploit.ElevationStation download attempt (malware-other.rules)
 * 1:64109 <-> DISABLED <-> MALWARE-OTHER Win.Loader.InSwor download attempt (malware-other.rules)
 * 1:64105 <-> DISABLED <-> MALWARE-OTHER Win.Exploit.ElevationStation download attempt (malware-other.rules)
 * 3:64087 <-> ENABLED <-> OS-OTHER TRUFFLEHUNTER TALOS-2024-2081 attack attempt (os-other.rules)
 * 3:64088 <-> ENABLED <-> OS-OTHER TRUFFLEHUNTER TALOS-2024-2081 attack attempt (os-other.rules)

Modified Rules:



2024-10-08 18:24:34 UTC

Snort Subscriber Rules Update

Date: 2024-10-08

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2091101.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:64109 <-> DISABLED <-> MALWARE-OTHER Win.Loader.InSwor download attempt (malware-other.rules)
 * 1:64108 <-> DISABLED <-> MALWARE-OTHER Win.Loader.InSwor shellcode download attempt (malware-other.rules)
 * 1:64112 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Storage Port Driver elevation of privilege attempt (os-windows.rules)
 * 1:64105 <-> DISABLED <-> MALWARE-OTHER Win.Exploit.ElevationStation download attempt (malware-other.rules)
 * 1:64111 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Storage Port Driver elevation of privilege attempt (os-windows.rules)
 * 1:64104 <-> DISABLED <-> MALWARE-OTHER Win.Exploit.ElevationStation download attempt (malware-other.rules)
 * 1:64103 <-> DISABLED <-> SERVER-WEBAPP D-Link DIR-820 Router OS command injection attempt (server-webapp.rules)
 * 1:64110 <-> DISABLED <-> MALWARE-OTHER Win.Loader.InSwor download attempt (malware-other.rules)
 * 1:64080 <-> DISABLED <-> SERVER-WEBAPP Alteneregy Power Control Software command injection attempt (server-webapp.rules)
 * 1:64081 <-> DISABLED <-> SERVER-WEBAPP Alteneregy Power Control Software command injection attempt (server-webapp.rules)
 * 1:64082 <-> DISABLED <-> POLICY-OTHER Inductive Automation Ignition project listing request detected (policy-other.rules)
 * 1:64083 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt (os-windows.rules)
 * 1:64084 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt (os-windows.rules)
 * 1:64085 <-> DISABLED <-> OS-WINDOWS Microsoft Management Console remote code execution attempt (os-windows.rules)
 * 1:64086 <-> DISABLED <-> OS-WINDOWS Microsoft Management Console remote code execution attempt (os-windows.rules)
 * 1:64089 <-> DISABLED <-> OS-WINDOWS Microsoft Windows MSHTML platform spoofing attempt (os-windows.rules)
 * 1:64090 <-> DISABLED <-> OS-WINDOWS Microsoft Windows MSHTML platform spoofing attempt (os-windows.rules)
 * 1:64102 <-> DISABLED <-> SERVER-WEBAPP D-Link DIR-820 Router OS command injection attempt (server-webapp.rules)
 * 1:64091 <-> DISABLED <-> SERVER-WEBAPP Ivanti Endpoint Manager EPM SQL injection attempt (server-webapp.rules)
 * 1:64092 <-> DISABLED <-> MALWARE-OTHER Win.Loader.PUBLOAD variant download attempt (malware-other.rules)
 * 1:64093 <-> DISABLED <-> MALWARE-OTHER Win.Loader.PUBLOAD variant download attempt (malware-other.rules)
 * 1:64094 <-> DISABLED <-> MALWARE-OTHER Win.Loader.PUBLOAD variant download attempt (malware-other.rules)
 * 1:64107 <-> DISABLED <-> MALWARE-OTHER Win.Loader.InSwor shellcode download attempt (malware-other.rules)
 * 1:64095 <-> DISABLED <-> MALWARE-OTHER Win.Loader.PUBLOAD variant download attempt (malware-other.rules)
 * 1:64096 <-> DISABLED <-> MALWARE-OTHER Win.Stealer.FDMTP variant download attempt (malware-other.rules)
 * 1:64097 <-> DISABLED <-> MALWARE-OTHER Win.Stealer.FDMTP variant download attempt (malware-other.rules)
 * 1:64098 <-> DISABLED <-> MALWARE-OTHER Win.Stealer.FDMTP variant download attempt (malware-other.rules)
 * 1:64099 <-> DISABLED <-> MALWARE-OTHER Win.Stealer.FDMTP variant download attempt (malware-other.rules)
 * 1:64100 <-> DISABLED <-> SERVER-WEBAPP D-Link DIR-820 Router OS command injection attempt (server-webapp.rules)
 * 1:64101 <-> DISABLED <-> SERVER-WEBAPP D-Link DIR-820 Router OS command injection attempt (server-webapp.rules)
 * 1:64106 <-> DISABLED <-> MALWARE-OTHER Win.Exploit.BypassUAC download attempt (malware-other.rules)
 * 3:64087 <-> ENABLED <-> OS-OTHER TRUFFLEHUNTER TALOS-2024-2081 attack attempt (os-other.rules)
 * 3:64088 <-> ENABLED <-> OS-OTHER TRUFFLEHUNTER TALOS-2024-2081 attack attempt (os-other.rules)

Modified Rules:



2024-10-08 18:27:08 UTC

Snort Subscriber Rules Update

Date: 2024-10-07-001

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.0.0.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:301034 <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt
* 1:301035 <-> OS-WINDOWS Microsoft Management Console remote code execution attempt
* 1:301036 <-> OS-WINDOWS Microsoft Windows MSHTML platform spoofing attempt
* 1:301037 <-> MALWARE-OTHER Win.Loader.PUBLOAD variant download attempt
* 1:301038 <-> MALWARE-OTHER Win.Loader.PUBLOAD variant download attempt
* 1:301039 <-> MALWARE-OTHER Win.Stealer.FDMTP variant download attempt
* 1:301040 <-> MALWARE-OTHER Win.Stealer.FDMTP variant download attempt
* 1:301041 <-> OS-WINDOWS Microsoft Windows Storage Port Driver elevation of privilege attempt
* 1:64080 <-> SERVER-WEBAPP Alteneregy Power Control Software command injection attempt
* 1:64081 <-> SERVER-WEBAPP Alteneregy Power Control Software command injection attempt
* 1:64082 <-> POLICY-OTHER Inductive Automation Ignition project listing request detected
* 3:64087 <-> OS-OTHER TRUFFLEHUNTER TALOS-2024-2081 attack attempt
* 3:64088 <-> OS-OTHER TRUFFLEHUNTER TALOS-2024-2081 attack attempt
* 1:64091 <-> SERVER-WEBAPP Ivanti Endpoint Manager EPM SQL injection attempt
* 1:64100 <-> SERVER-WEBAPP D-Link DIR-820 Router OS command injection attempt
* 1:64101 <-> SERVER-WEBAPP D-Link DIR-820 Router OS command injection attempt
* 1:64102 <-> SERVER-WEBAPP D-Link DIR-820 Router OS command injection attempt
* 1:64103 <-> SERVER-WEBAPP D-Link DIR-820 Router OS command injection attempt
* 1:64104 <-> MALWARE-OTHER Win.Exploit.ElevationStation download attempt
* 1:64105 <-> MALWARE-OTHER Win.Exploit.ElevationStation download attempt
* 1:64106 <-> MALWARE-OTHER Win.Exploit.BypassUAC download attempt
* 1:64107 <-> MALWARE-OTHER Win.Loader.InSwor shellcode download attempt
* 1:64108 <-> MALWARE-OTHER Win.Loader.InSwor shellcode download attempt
* 1:64109 <-> MALWARE-OTHER Win.Loader.InSwor download attempt
* 1:64110 <-> MALWARE-OTHER Win.Loader.InSwor download attempt

Modified Rules:



2024-10-08 18:27:08 UTC

Snort Subscriber Rules Update

Date: 2024-10-07-001

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.0.3.1.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:301034 <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt
* 1:301035 <-> OS-WINDOWS Microsoft Management Console remote code execution attempt
* 1:301036 <-> OS-WINDOWS Microsoft Windows MSHTML platform spoofing attempt
* 1:301037 <-> MALWARE-OTHER Win.Loader.PUBLOAD variant download attempt
* 1:301038 <-> MALWARE-OTHER Win.Loader.PUBLOAD variant download attempt
* 1:301039 <-> MALWARE-OTHER Win.Stealer.FDMTP variant download attempt
* 1:301040 <-> MALWARE-OTHER Win.Stealer.FDMTP variant download attempt
* 1:301041 <-> OS-WINDOWS Microsoft Windows Storage Port Driver elevation of privilege attempt
* 1:64080 <-> SERVER-WEBAPP Alteneregy Power Control Software command injection attempt
* 1:64081 <-> SERVER-WEBAPP Alteneregy Power Control Software command injection attempt
* 1:64082 <-> POLICY-OTHER Inductive Automation Ignition project listing request detected
* 3:64087 <-> OS-OTHER TRUFFLEHUNTER TALOS-2024-2081 attack attempt
* 3:64088 <-> OS-OTHER TRUFFLEHUNTER TALOS-2024-2081 attack attempt
* 1:64091 <-> SERVER-WEBAPP Ivanti Endpoint Manager EPM SQL injection attempt
* 1:64100 <-> SERVER-WEBAPP D-Link DIR-820 Router OS command injection attempt
* 1:64101 <-> SERVER-WEBAPP D-Link DIR-820 Router OS command injection attempt
* 1:64102 <-> SERVER-WEBAPP D-Link DIR-820 Router OS command injection attempt
* 1:64103 <-> SERVER-WEBAPP D-Link DIR-820 Router OS command injection attempt
* 1:64104 <-> MALWARE-OTHER Win.Exploit.ElevationStation download attempt
* 1:64105 <-> MALWARE-OTHER Win.Exploit.ElevationStation download attempt
* 1:64106 <-> MALWARE-OTHER Win.Exploit.BypassUAC download attempt
* 1:64107 <-> MALWARE-OTHER Win.Loader.InSwor shellcode download attempt
* 1:64108 <-> MALWARE-OTHER Win.Loader.InSwor shellcode download attempt
* 1:64109 <-> MALWARE-OTHER Win.Loader.InSwor download attempt
* 1:64110 <-> MALWARE-OTHER Win.Loader.InSwor download attempt

Modified Rules:



2024-10-08 18:27:08 UTC

Snort Subscriber Rules Update

Date: 2024-10-07-001

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.0.3.4.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:301034 <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt
* 1:301035 <-> OS-WINDOWS Microsoft Management Console remote code execution attempt
* 1:301036 <-> OS-WINDOWS Microsoft Windows MSHTML platform spoofing attempt
* 1:301037 <-> MALWARE-OTHER Win.Loader.PUBLOAD variant download attempt
* 1:301038 <-> MALWARE-OTHER Win.Loader.PUBLOAD variant download attempt
* 1:301039 <-> MALWARE-OTHER Win.Stealer.FDMTP variant download attempt
* 1:301040 <-> MALWARE-OTHER Win.Stealer.FDMTP variant download attempt
* 1:301041 <-> OS-WINDOWS Microsoft Windows Storage Port Driver elevation of privilege attempt
* 1:64080 <-> SERVER-WEBAPP Alteneregy Power Control Software command injection attempt
* 1:64081 <-> SERVER-WEBAPP Alteneregy Power Control Software command injection attempt
* 1:64082 <-> POLICY-OTHER Inductive Automation Ignition project listing request detected
* 3:64087 <-> OS-OTHER TRUFFLEHUNTER TALOS-2024-2081 attack attempt
* 3:64088 <-> OS-OTHER TRUFFLEHUNTER TALOS-2024-2081 attack attempt
* 1:64091 <-> SERVER-WEBAPP Ivanti Endpoint Manager EPM SQL injection attempt
* 1:64100 <-> SERVER-WEBAPP D-Link DIR-820 Router OS command injection attempt
* 1:64101 <-> SERVER-WEBAPP D-Link DIR-820 Router OS command injection attempt
* 1:64102 <-> SERVER-WEBAPP D-Link DIR-820 Router OS command injection attempt
* 1:64103 <-> SERVER-WEBAPP D-Link DIR-820 Router OS command injection attempt
* 1:64104 <-> MALWARE-OTHER Win.Exploit.ElevationStation download attempt
* 1:64105 <-> MALWARE-OTHER Win.Exploit.ElevationStation download attempt
* 1:64106 <-> MALWARE-OTHER Win.Exploit.BypassUAC download attempt
* 1:64107 <-> MALWARE-OTHER Win.Loader.InSwor shellcode download attempt
* 1:64108 <-> MALWARE-OTHER Win.Loader.InSwor shellcode download attempt
* 1:64109 <-> MALWARE-OTHER Win.Loader.InSwor download attempt
* 1:64110 <-> MALWARE-OTHER Win.Loader.InSwor download attempt

Modified Rules:



2024-10-08 18:27:08 UTC

Snort Subscriber Rules Update

Date: 2024-10-07-001

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.0.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:301034 <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt
* 1:301035 <-> OS-WINDOWS Microsoft Management Console remote code execution attempt
* 1:301036 <-> OS-WINDOWS Microsoft Windows MSHTML platform spoofing attempt
* 1:301037 <-> MALWARE-OTHER Win.Loader.PUBLOAD variant download attempt
* 1:301038 <-> MALWARE-OTHER Win.Loader.PUBLOAD variant download attempt
* 1:301039 <-> MALWARE-OTHER Win.Stealer.FDMTP variant download attempt
* 1:301040 <-> MALWARE-OTHER Win.Stealer.FDMTP variant download attempt
* 1:301041 <-> OS-WINDOWS Microsoft Windows Storage Port Driver elevation of privilege attempt
* 1:64080 <-> SERVER-WEBAPP Alteneregy Power Control Software command injection attempt
* 1:64081 <-> SERVER-WEBAPP Alteneregy Power Control Software command injection attempt
* 1:64082 <-> POLICY-OTHER Inductive Automation Ignition project listing request detected
* 3:64087 <-> OS-OTHER TRUFFLEHUNTER TALOS-2024-2081 attack attempt
* 3:64088 <-> OS-OTHER TRUFFLEHUNTER TALOS-2024-2081 attack attempt
* 1:64091 <-> SERVER-WEBAPP Ivanti Endpoint Manager EPM SQL injection attempt
* 1:64100 <-> SERVER-WEBAPP D-Link DIR-820 Router OS command injection attempt
* 1:64101 <-> SERVER-WEBAPP D-Link DIR-820 Router OS command injection attempt
* 1:64102 <-> SERVER-WEBAPP D-Link DIR-820 Router OS command injection attempt
* 1:64103 <-> SERVER-WEBAPP D-Link DIR-820 Router OS command injection attempt
* 1:64104 <-> MALWARE-OTHER Win.Exploit.ElevationStation download attempt
* 1:64105 <-> MALWARE-OTHER Win.Exploit.ElevationStation download attempt
* 1:64106 <-> MALWARE-OTHER Win.Exploit.BypassUAC download attempt
* 1:64107 <-> MALWARE-OTHER Win.Loader.InSwor shellcode download attempt
* 1:64108 <-> MALWARE-OTHER Win.Loader.InSwor shellcode download attempt
* 1:64109 <-> MALWARE-OTHER Win.Loader.InSwor download attempt
* 1:64110 <-> MALWARE-OTHER Win.Loader.InSwor download attempt

Modified Rules:



2024-10-08 18:27:08 UTC

Snort Subscriber Rules Update

Date: 2024-10-07-001

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.0.1.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:301034 <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt
* 1:301035 <-> OS-WINDOWS Microsoft Management Console remote code execution attempt
* 1:301036 <-> OS-WINDOWS Microsoft Windows MSHTML platform spoofing attempt
* 1:301037 <-> MALWARE-OTHER Win.Loader.PUBLOAD variant download attempt
* 1:301038 <-> MALWARE-OTHER Win.Loader.PUBLOAD variant download attempt
* 1:301039 <-> MALWARE-OTHER Win.Stealer.FDMTP variant download attempt
* 1:301040 <-> MALWARE-OTHER Win.Stealer.FDMTP variant download attempt
* 1:301041 <-> OS-WINDOWS Microsoft Windows Storage Port Driver elevation of privilege attempt
* 1:64080 <-> SERVER-WEBAPP Alteneregy Power Control Software command injection attempt
* 1:64081 <-> SERVER-WEBAPP Alteneregy Power Control Software command injection attempt
* 1:64082 <-> POLICY-OTHER Inductive Automation Ignition project listing request detected
* 3:64087 <-> OS-OTHER TRUFFLEHUNTER TALOS-2024-2081 attack attempt
* 3:64088 <-> OS-OTHER TRUFFLEHUNTER TALOS-2024-2081 attack attempt
* 1:64091 <-> SERVER-WEBAPP Ivanti Endpoint Manager EPM SQL injection attempt
* 1:64100 <-> SERVER-WEBAPP D-Link DIR-820 Router OS command injection attempt
* 1:64101 <-> SERVER-WEBAPP D-Link DIR-820 Router OS command injection attempt
* 1:64102 <-> SERVER-WEBAPP D-Link DIR-820 Router OS command injection attempt
* 1:64103 <-> SERVER-WEBAPP D-Link DIR-820 Router OS command injection attempt
* 1:64104 <-> MALWARE-OTHER Win.Exploit.ElevationStation download attempt
* 1:64105 <-> MALWARE-OTHER Win.Exploit.ElevationStation download attempt
* 1:64106 <-> MALWARE-OTHER Win.Exploit.BypassUAC download attempt
* 1:64107 <-> MALWARE-OTHER Win.Loader.InSwor shellcode download attempt
* 1:64108 <-> MALWARE-OTHER Win.Loader.InSwor shellcode download attempt
* 1:64109 <-> MALWARE-OTHER Win.Loader.InSwor download attempt
* 1:64110 <-> MALWARE-OTHER Win.Loader.InSwor download attempt

Modified Rules:



2024-10-08 18:27:08 UTC

Snort Subscriber Rules Update

Date: 2024-10-07-001

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.1.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:301034 <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt
* 1:301035 <-> OS-WINDOWS Microsoft Management Console remote code execution attempt
* 1:301036 <-> OS-WINDOWS Microsoft Windows MSHTML platform spoofing attempt
* 1:301037 <-> MALWARE-OTHER Win.Loader.PUBLOAD variant download attempt
* 1:301038 <-> MALWARE-OTHER Win.Loader.PUBLOAD variant download attempt
* 1:301039 <-> MALWARE-OTHER Win.Stealer.FDMTP variant download attempt
* 1:301040 <-> MALWARE-OTHER Win.Stealer.FDMTP variant download attempt
* 1:301041 <-> OS-WINDOWS Microsoft Windows Storage Port Driver elevation of privilege attempt
* 1:64080 <-> SERVER-WEBAPP Alteneregy Power Control Software command injection attempt
* 1:64081 <-> SERVER-WEBAPP Alteneregy Power Control Software command injection attempt
* 1:64082 <-> POLICY-OTHER Inductive Automation Ignition project listing request detected
* 3:64087 <-> OS-OTHER TRUFFLEHUNTER TALOS-2024-2081 attack attempt
* 3:64088 <-> OS-OTHER TRUFFLEHUNTER TALOS-2024-2081 attack attempt
* 1:64091 <-> SERVER-WEBAPP Ivanti Endpoint Manager EPM SQL injection attempt
* 1:64100 <-> SERVER-WEBAPP D-Link DIR-820 Router OS command injection attempt
* 1:64101 <-> SERVER-WEBAPP D-Link DIR-820 Router OS command injection attempt
* 1:64102 <-> SERVER-WEBAPP D-Link DIR-820 Router OS command injection attempt
* 1:64103 <-> SERVER-WEBAPP D-Link DIR-820 Router OS command injection attempt
* 1:64104 <-> MALWARE-OTHER Win.Exploit.ElevationStation download attempt
* 1:64105 <-> MALWARE-OTHER Win.Exploit.ElevationStation download attempt
* 1:64106 <-> MALWARE-OTHER Win.Exploit.BypassUAC download attempt
* 1:64107 <-> MALWARE-OTHER Win.Loader.InSwor shellcode download attempt
* 1:64108 <-> MALWARE-OTHER Win.Loader.InSwor shellcode download attempt
* 1:64109 <-> MALWARE-OTHER Win.Loader.InSwor download attempt
* 1:64110 <-> MALWARE-OTHER Win.Loader.InSwor download attempt

Modified Rules:



2024-10-08 18:27:08 UTC

Snort Subscriber Rules Update

Date: 2024-10-07-001

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.3.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:301034 <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt
* 1:301035 <-> OS-WINDOWS Microsoft Management Console remote code execution attempt
* 1:301036 <-> OS-WINDOWS Microsoft Windows MSHTML platform spoofing attempt
* 1:301037 <-> MALWARE-OTHER Win.Loader.PUBLOAD variant download attempt
* 1:301038 <-> MALWARE-OTHER Win.Loader.PUBLOAD variant download attempt
* 1:301039 <-> MALWARE-OTHER Win.Stealer.FDMTP variant download attempt
* 1:301040 <-> MALWARE-OTHER Win.Stealer.FDMTP variant download attempt
* 1:301041 <-> OS-WINDOWS Microsoft Windows Storage Port Driver elevation of privilege attempt
* 1:64080 <-> SERVER-WEBAPP Alteneregy Power Control Software command injection attempt
* 1:64081 <-> SERVER-WEBAPP Alteneregy Power Control Software command injection attempt
* 1:64082 <-> POLICY-OTHER Inductive Automation Ignition project listing request detected
* 3:64087 <-> OS-OTHER TRUFFLEHUNTER TALOS-2024-2081 attack attempt
* 3:64088 <-> OS-OTHER TRUFFLEHUNTER TALOS-2024-2081 attack attempt
* 1:64091 <-> SERVER-WEBAPP Ivanti Endpoint Manager EPM SQL injection attempt
* 1:64100 <-> SERVER-WEBAPP D-Link DIR-820 Router OS command injection attempt
* 1:64101 <-> SERVER-WEBAPP D-Link DIR-820 Router OS command injection attempt
* 1:64102 <-> SERVER-WEBAPP D-Link DIR-820 Router OS command injection attempt
* 1:64103 <-> SERVER-WEBAPP D-Link DIR-820 Router OS command injection attempt
* 1:64104 <-> MALWARE-OTHER Win.Exploit.ElevationStation download attempt
* 1:64105 <-> MALWARE-OTHER Win.Exploit.ElevationStation download attempt
* 1:64106 <-> MALWARE-OTHER Win.Exploit.BypassUAC download attempt
* 1:64107 <-> MALWARE-OTHER Win.Loader.InSwor shellcode download attempt
* 1:64108 <-> MALWARE-OTHER Win.Loader.InSwor shellcode download attempt
* 1:64109 <-> MALWARE-OTHER Win.Loader.InSwor download attempt
* 1:64110 <-> MALWARE-OTHER Win.Loader.InSwor download attempt

Modified Rules:



2024-10-08 18:27:08 UTC

Snort Subscriber Rules Update

Date: 2024-10-07-001

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.4.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:301034 <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt
* 1:301035 <-> OS-WINDOWS Microsoft Management Console remote code execution attempt
* 1:301036 <-> OS-WINDOWS Microsoft Windows MSHTML platform spoofing attempt
* 1:301037 <-> MALWARE-OTHER Win.Loader.PUBLOAD variant download attempt
* 1:301038 <-> MALWARE-OTHER Win.Loader.PUBLOAD variant download attempt
* 1:301039 <-> MALWARE-OTHER Win.Stealer.FDMTP variant download attempt
* 1:301040 <-> MALWARE-OTHER Win.Stealer.FDMTP variant download attempt
* 1:301041 <-> OS-WINDOWS Microsoft Windows Storage Port Driver elevation of privilege attempt
* 1:64080 <-> SERVER-WEBAPP Alteneregy Power Control Software command injection attempt
* 1:64081 <-> SERVER-WEBAPP Alteneregy Power Control Software command injection attempt
* 1:64082 <-> POLICY-OTHER Inductive Automation Ignition project listing request detected
* 3:64087 <-> OS-OTHER TRUFFLEHUNTER TALOS-2024-2081 attack attempt
* 3:64088 <-> OS-OTHER TRUFFLEHUNTER TALOS-2024-2081 attack attempt
* 1:64091 <-> SERVER-WEBAPP Ivanti Endpoint Manager EPM SQL injection attempt
* 1:64100 <-> SERVER-WEBAPP D-Link DIR-820 Router OS command injection attempt
* 1:64101 <-> SERVER-WEBAPP D-Link DIR-820 Router OS command injection attempt
* 1:64102 <-> SERVER-WEBAPP D-Link DIR-820 Router OS command injection attempt
* 1:64103 <-> SERVER-WEBAPP D-Link DIR-820 Router OS command injection attempt
* 1:64104 <-> MALWARE-OTHER Win.Exploit.ElevationStation download attempt
* 1:64105 <-> MALWARE-OTHER Win.Exploit.ElevationStation download attempt
* 1:64106 <-> MALWARE-OTHER Win.Exploit.BypassUAC download attempt
* 1:64107 <-> MALWARE-OTHER Win.Loader.InSwor shellcode download attempt
* 1:64108 <-> MALWARE-OTHER Win.Loader.InSwor shellcode download attempt
* 1:64109 <-> MALWARE-OTHER Win.Loader.InSwor download attempt
* 1:64110 <-> MALWARE-OTHER Win.Loader.InSwor download attempt

Modified Rules:



2024-10-08 18:27:08 UTC

Snort Subscriber Rules Update

Date: 2024-10-07-001

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.5.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:301034 <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt
* 1:301035 <-> OS-WINDOWS Microsoft Management Console remote code execution attempt
* 1:301036 <-> OS-WINDOWS Microsoft Windows MSHTML platform spoofing attempt
* 1:301037 <-> MALWARE-OTHER Win.Loader.PUBLOAD variant download attempt
* 1:301038 <-> MALWARE-OTHER Win.Loader.PUBLOAD variant download attempt
* 1:301039 <-> MALWARE-OTHER Win.Stealer.FDMTP variant download attempt
* 1:301040 <-> MALWARE-OTHER Win.Stealer.FDMTP variant download attempt
* 1:301041 <-> OS-WINDOWS Microsoft Windows Storage Port Driver elevation of privilege attempt
* 1:64080 <-> SERVER-WEBAPP Alteneregy Power Control Software command injection attempt
* 1:64081 <-> SERVER-WEBAPP Alteneregy Power Control Software command injection attempt
* 1:64082 <-> POLICY-OTHER Inductive Automation Ignition project listing request detected
* 3:64087 <-> OS-OTHER TRUFFLEHUNTER TALOS-2024-2081 attack attempt
* 3:64088 <-> OS-OTHER TRUFFLEHUNTER TALOS-2024-2081 attack attempt
* 1:64091 <-> SERVER-WEBAPP Ivanti Endpoint Manager EPM SQL injection attempt
* 1:64100 <-> SERVER-WEBAPP D-Link DIR-820 Router OS command injection attempt
* 1:64101 <-> SERVER-WEBAPP D-Link DIR-820 Router OS command injection attempt
* 1:64102 <-> SERVER-WEBAPP D-Link DIR-820 Router OS command injection attempt
* 1:64103 <-> SERVER-WEBAPP D-Link DIR-820 Router OS command injection attempt
* 1:64104 <-> MALWARE-OTHER Win.Exploit.ElevationStation download attempt
* 1:64105 <-> MALWARE-OTHER Win.Exploit.ElevationStation download attempt
* 1:64106 <-> MALWARE-OTHER Win.Exploit.BypassUAC download attempt
* 1:64107 <-> MALWARE-OTHER Win.Loader.InSwor shellcode download attempt
* 1:64108 <-> MALWARE-OTHER Win.Loader.InSwor shellcode download attempt
* 1:64109 <-> MALWARE-OTHER Win.Loader.InSwor download attempt
* 1:64110 <-> MALWARE-OTHER Win.Loader.InSwor download attempt

Modified Rules:



2024-10-08 18:27:08 UTC

Snort Subscriber Rules Update

Date: 2024-10-07-001

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.7.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:301034 <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt
* 1:301035 <-> OS-WINDOWS Microsoft Management Console remote code execution attempt
* 1:301036 <-> OS-WINDOWS Microsoft Windows MSHTML platform spoofing attempt
* 1:301037 <-> MALWARE-OTHER Win.Loader.PUBLOAD variant download attempt
* 1:301038 <-> MALWARE-OTHER Win.Loader.PUBLOAD variant download attempt
* 1:301039 <-> MALWARE-OTHER Win.Stealer.FDMTP variant download attempt
* 1:301040 <-> MALWARE-OTHER Win.Stealer.FDMTP variant download attempt
* 1:301041 <-> OS-WINDOWS Microsoft Windows Storage Port Driver elevation of privilege attempt
* 1:64080 <-> SERVER-WEBAPP Alteneregy Power Control Software command injection attempt
* 1:64081 <-> SERVER-WEBAPP Alteneregy Power Control Software command injection attempt
* 1:64082 <-> POLICY-OTHER Inductive Automation Ignition project listing request detected
* 3:64087 <-> OS-OTHER TRUFFLEHUNTER TALOS-2024-2081 attack attempt
* 3:64088 <-> OS-OTHER TRUFFLEHUNTER TALOS-2024-2081 attack attempt
* 1:64091 <-> SERVER-WEBAPP Ivanti Endpoint Manager EPM SQL injection attempt
* 1:64100 <-> SERVER-WEBAPP D-Link DIR-820 Router OS command injection attempt
* 1:64101 <-> SERVER-WEBAPP D-Link DIR-820 Router OS command injection attempt
* 1:64102 <-> SERVER-WEBAPP D-Link DIR-820 Router OS command injection attempt
* 1:64103 <-> SERVER-WEBAPP D-Link DIR-820 Router OS command injection attempt
* 1:64104 <-> MALWARE-OTHER Win.Exploit.ElevationStation download attempt
* 1:64105 <-> MALWARE-OTHER Win.Exploit.ElevationStation download attempt
* 1:64106 <-> MALWARE-OTHER Win.Exploit.BypassUAC download attempt
* 1:64107 <-> MALWARE-OTHER Win.Loader.InSwor shellcode download attempt
* 1:64108 <-> MALWARE-OTHER Win.Loader.InSwor shellcode download attempt
* 1:64109 <-> MALWARE-OTHER Win.Loader.InSwor download attempt
* 1:64110 <-> MALWARE-OTHER Win.Loader.InSwor download attempt

Modified Rules:



2024-10-08 18:27:08 UTC

Snort Subscriber Rules Update

Date: 2024-10-07-001

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.9.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:301034 <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt
* 1:301035 <-> OS-WINDOWS Microsoft Management Console remote code execution attempt
* 1:301036 <-> OS-WINDOWS Microsoft Windows MSHTML platform spoofing attempt
* 1:301037 <-> MALWARE-OTHER Win.Loader.PUBLOAD variant download attempt
* 1:301038 <-> MALWARE-OTHER Win.Loader.PUBLOAD variant download attempt
* 1:301039 <-> MALWARE-OTHER Win.Stealer.FDMTP variant download attempt
* 1:301040 <-> MALWARE-OTHER Win.Stealer.FDMTP variant download attempt
* 1:301041 <-> OS-WINDOWS Microsoft Windows Storage Port Driver elevation of privilege attempt
* 1:64080 <-> SERVER-WEBAPP Alteneregy Power Control Software command injection attempt
* 1:64081 <-> SERVER-WEBAPP Alteneregy Power Control Software command injection attempt
* 1:64082 <-> POLICY-OTHER Inductive Automation Ignition project listing request detected
* 3:64087 <-> OS-OTHER TRUFFLEHUNTER TALOS-2024-2081 attack attempt
* 3:64088 <-> OS-OTHER TRUFFLEHUNTER TALOS-2024-2081 attack attempt
* 1:64091 <-> SERVER-WEBAPP Ivanti Endpoint Manager EPM SQL injection attempt
* 1:64100 <-> SERVER-WEBAPP D-Link DIR-820 Router OS command injection attempt
* 1:64101 <-> SERVER-WEBAPP D-Link DIR-820 Router OS command injection attempt
* 1:64102 <-> SERVER-WEBAPP D-Link DIR-820 Router OS command injection attempt
* 1:64103 <-> SERVER-WEBAPP D-Link DIR-820 Router OS command injection attempt
* 1:64104 <-> MALWARE-OTHER Win.Exploit.ElevationStation download attempt
* 1:64105 <-> MALWARE-OTHER Win.Exploit.ElevationStation download attempt
* 1:64106 <-> MALWARE-OTHER Win.Exploit.BypassUAC download attempt
* 1:64107 <-> MALWARE-OTHER Win.Loader.InSwor shellcode download attempt
* 1:64108 <-> MALWARE-OTHER Win.Loader.InSwor shellcode download attempt
* 1:64109 <-> MALWARE-OTHER Win.Loader.InSwor download attempt
* 1:64110 <-> MALWARE-OTHER Win.Loader.InSwor download attempt

Modified Rules:



2024-10-08 18:27:08 UTC

Snort Subscriber Rules Update

Date: 2024-10-07-001

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.2.0.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:301034 <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt
* 1:301035 <-> OS-WINDOWS Microsoft Management Console remote code execution attempt
* 1:301036 <-> OS-WINDOWS Microsoft Windows MSHTML platform spoofing attempt
* 1:301037 <-> MALWARE-OTHER Win.Loader.PUBLOAD variant download attempt
* 1:301038 <-> MALWARE-OTHER Win.Loader.PUBLOAD variant download attempt
* 1:301039 <-> MALWARE-OTHER Win.Stealer.FDMTP variant download attempt
* 1:301040 <-> MALWARE-OTHER Win.Stealer.FDMTP variant download attempt
* 1:301041 <-> OS-WINDOWS Microsoft Windows Storage Port Driver elevation of privilege attempt
* 1:64080 <-> SERVER-WEBAPP Alteneregy Power Control Software command injection attempt
* 1:64081 <-> SERVER-WEBAPP Alteneregy Power Control Software command injection attempt
* 1:64082 <-> POLICY-OTHER Inductive Automation Ignition project listing request detected
* 3:64087 <-> OS-OTHER TRUFFLEHUNTER TALOS-2024-2081 attack attempt
* 3:64088 <-> OS-OTHER TRUFFLEHUNTER TALOS-2024-2081 attack attempt
* 1:64091 <-> SERVER-WEBAPP Ivanti Endpoint Manager EPM SQL injection attempt
* 1:64100 <-> SERVER-WEBAPP D-Link DIR-820 Router OS command injection attempt
* 1:64101 <-> SERVER-WEBAPP D-Link DIR-820 Router OS command injection attempt
* 1:64102 <-> SERVER-WEBAPP D-Link DIR-820 Router OS command injection attempt
* 1:64103 <-> SERVER-WEBAPP D-Link DIR-820 Router OS command injection attempt
* 1:64104 <-> MALWARE-OTHER Win.Exploit.ElevationStation download attempt
* 1:64105 <-> MALWARE-OTHER Win.Exploit.ElevationStation download attempt
* 1:64106 <-> MALWARE-OTHER Win.Exploit.BypassUAC download attempt
* 1:64107 <-> MALWARE-OTHER Win.Loader.InSwor shellcode download attempt
* 1:64108 <-> MALWARE-OTHER Win.Loader.InSwor shellcode download attempt
* 1:64109 <-> MALWARE-OTHER Win.Loader.InSwor download attempt
* 1:64110 <-> MALWARE-OTHER Win.Loader.InSwor download attempt

Modified Rules:



2024-10-08 18:27:08 UTC

Snort Subscriber Rules Update

Date: 2024-10-07-001

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.11.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:301034 <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt
* 1:301035 <-> OS-WINDOWS Microsoft Management Console remote code execution attempt
* 1:301036 <-> OS-WINDOWS Microsoft Windows MSHTML platform spoofing attempt
* 1:301037 <-> MALWARE-OTHER Win.Loader.PUBLOAD variant download attempt
* 1:301038 <-> MALWARE-OTHER Win.Loader.PUBLOAD variant download attempt
* 1:301039 <-> MALWARE-OTHER Win.Stealer.FDMTP variant download attempt
* 1:301040 <-> MALWARE-OTHER Win.Stealer.FDMTP variant download attempt
* 1:301041 <-> OS-WINDOWS Microsoft Windows Storage Port Driver elevation of privilege attempt
* 1:64080 <-> SERVER-WEBAPP Alteneregy Power Control Software command injection attempt
* 1:64081 <-> SERVER-WEBAPP Alteneregy Power Control Software command injection attempt
* 1:64082 <-> POLICY-OTHER Inductive Automation Ignition project listing request detected
* 3:64087 <-> OS-OTHER TRUFFLEHUNTER TALOS-2024-2081 attack attempt
* 3:64088 <-> OS-OTHER TRUFFLEHUNTER TALOS-2024-2081 attack attempt
* 1:64091 <-> SERVER-WEBAPP Ivanti Endpoint Manager EPM SQL injection attempt
* 1:64100 <-> SERVER-WEBAPP D-Link DIR-820 Router OS command injection attempt
* 1:64101 <-> SERVER-WEBAPP D-Link DIR-820 Router OS command injection attempt
* 1:64102 <-> SERVER-WEBAPP D-Link DIR-820 Router OS command injection attempt
* 1:64103 <-> SERVER-WEBAPP D-Link DIR-820 Router OS command injection attempt
* 1:64104 <-> MALWARE-OTHER Win.Exploit.ElevationStation download attempt
* 1:64105 <-> MALWARE-OTHER Win.Exploit.ElevationStation download attempt
* 1:64106 <-> MALWARE-OTHER Win.Exploit.BypassUAC download attempt
* 1:64107 <-> MALWARE-OTHER Win.Loader.InSwor shellcode download attempt
* 1:64108 <-> MALWARE-OTHER Win.Loader.InSwor shellcode download attempt
* 1:64109 <-> MALWARE-OTHER Win.Loader.InSwor download attempt
* 1:64110 <-> MALWARE-OTHER Win.Loader.InSwor download attempt

Modified Rules:



2024-10-08 18:27:08 UTC

Snort Subscriber Rules Update

Date: 2024-10-07-001

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.15.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:301034 <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt
* 1:301035 <-> OS-WINDOWS Microsoft Management Console remote code execution attempt
* 1:301036 <-> OS-WINDOWS Microsoft Windows MSHTML platform spoofing attempt
* 1:301037 <-> MALWARE-OTHER Win.Loader.PUBLOAD variant download attempt
* 1:301038 <-> MALWARE-OTHER Win.Loader.PUBLOAD variant download attempt
* 1:301039 <-> MALWARE-OTHER Win.Stealer.FDMTP variant download attempt
* 1:301040 <-> MALWARE-OTHER Win.Stealer.FDMTP variant download attempt
* 1:301041 <-> OS-WINDOWS Microsoft Windows Storage Port Driver elevation of privilege attempt
* 1:64080 <-> SERVER-WEBAPP Alteneregy Power Control Software command injection attempt
* 1:64081 <-> SERVER-WEBAPP Alteneregy Power Control Software command injection attempt
* 1:64082 <-> POLICY-OTHER Inductive Automation Ignition project listing request detected
* 3:64087 <-> OS-OTHER TRUFFLEHUNTER TALOS-2024-2081 attack attempt
* 3:64088 <-> OS-OTHER TRUFFLEHUNTER TALOS-2024-2081 attack attempt
* 1:64091 <-> SERVER-WEBAPP Ivanti Endpoint Manager EPM SQL injection attempt
* 1:64100 <-> SERVER-WEBAPP D-Link DIR-820 Router OS command injection attempt
* 1:64101 <-> SERVER-WEBAPP D-Link DIR-820 Router OS command injection attempt
* 1:64102 <-> SERVER-WEBAPP D-Link DIR-820 Router OS command injection attempt
* 1:64103 <-> SERVER-WEBAPP D-Link DIR-820 Router OS command injection attempt
* 1:64104 <-> MALWARE-OTHER Win.Exploit.ElevationStation download attempt
* 1:64105 <-> MALWARE-OTHER Win.Exploit.ElevationStation download attempt
* 1:64106 <-> MALWARE-OTHER Win.Exploit.BypassUAC download attempt
* 1:64107 <-> MALWARE-OTHER Win.Loader.InSwor shellcode download attempt
* 1:64108 <-> MALWARE-OTHER Win.Loader.InSwor shellcode download attempt
* 1:64109 <-> MALWARE-OTHER Win.Loader.InSwor download attempt
* 1:64110 <-> MALWARE-OTHER Win.Loader.InSwor download attempt

Modified Rules:



2024-10-08 18:27:08 UTC

Snort Subscriber Rules Update

Date: 2024-10-07-001

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.18.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:301034 <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt
* 1:301035 <-> OS-WINDOWS Microsoft Management Console remote code execution attempt
* 1:301036 <-> OS-WINDOWS Microsoft Windows MSHTML platform spoofing attempt
* 1:301037 <-> MALWARE-OTHER Win.Loader.PUBLOAD variant download attempt
* 1:301038 <-> MALWARE-OTHER Win.Loader.PUBLOAD variant download attempt
* 1:301039 <-> MALWARE-OTHER Win.Stealer.FDMTP variant download attempt
* 1:301040 <-> MALWARE-OTHER Win.Stealer.FDMTP variant download attempt
* 1:301041 <-> OS-WINDOWS Microsoft Windows Storage Port Driver elevation of privilege attempt
* 1:64080 <-> SERVER-WEBAPP Alteneregy Power Control Software command injection attempt
* 1:64081 <-> SERVER-WEBAPP Alteneregy Power Control Software command injection attempt
* 1:64082 <-> POLICY-OTHER Inductive Automation Ignition project listing request detected
* 3:64087 <-> OS-OTHER TRUFFLEHUNTER TALOS-2024-2081 attack attempt
* 3:64088 <-> OS-OTHER TRUFFLEHUNTER TALOS-2024-2081 attack attempt
* 1:64091 <-> SERVER-WEBAPP Ivanti Endpoint Manager EPM SQL injection attempt
* 1:64100 <-> SERVER-WEBAPP D-Link DIR-820 Router OS command injection attempt
* 1:64101 <-> SERVER-WEBAPP D-Link DIR-820 Router OS command injection attempt
* 1:64102 <-> SERVER-WEBAPP D-Link DIR-820 Router OS command injection attempt
* 1:64103 <-> SERVER-WEBAPP D-Link DIR-820 Router OS command injection attempt
* 1:64104 <-> MALWARE-OTHER Win.Exploit.ElevationStation download attempt
* 1:64105 <-> MALWARE-OTHER Win.Exploit.ElevationStation download attempt
* 1:64106 <-> MALWARE-OTHER Win.Exploit.BypassUAC download attempt
* 1:64107 <-> MALWARE-OTHER Win.Loader.InSwor shellcode download attempt
* 1:64108 <-> MALWARE-OTHER Win.Loader.InSwor shellcode download attempt
* 1:64109 <-> MALWARE-OTHER Win.Loader.InSwor download attempt
* 1:64110 <-> MALWARE-OTHER Win.Loader.InSwor download attempt

Modified Rules:



2024-10-08 18:27:08 UTC

Snort Subscriber Rules Update

Date: 2024-10-07-001

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.20.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:301034 <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt
* 1:301035 <-> OS-WINDOWS Microsoft Management Console remote code execution attempt
* 1:301036 <-> OS-WINDOWS Microsoft Windows MSHTML platform spoofing attempt
* 1:301037 <-> MALWARE-OTHER Win.Loader.PUBLOAD variant download attempt
* 1:301038 <-> MALWARE-OTHER Win.Loader.PUBLOAD variant download attempt
* 1:301039 <-> MALWARE-OTHER Win.Stealer.FDMTP variant download attempt
* 1:301040 <-> MALWARE-OTHER Win.Stealer.FDMTP variant download attempt
* 1:301041 <-> OS-WINDOWS Microsoft Windows Storage Port Driver elevation of privilege attempt
* 1:64080 <-> SERVER-WEBAPP Alteneregy Power Control Software command injection attempt
* 1:64081 <-> SERVER-WEBAPP Alteneregy Power Control Software command injection attempt
* 1:64082 <-> POLICY-OTHER Inductive Automation Ignition project listing request detected
* 3:64087 <-> OS-OTHER TRUFFLEHUNTER TALOS-2024-2081 attack attempt
* 3:64088 <-> OS-OTHER TRUFFLEHUNTER TALOS-2024-2081 attack attempt
* 1:64091 <-> SERVER-WEBAPP Ivanti Endpoint Manager EPM SQL injection attempt
* 1:64100 <-> SERVER-WEBAPP D-Link DIR-820 Router OS command injection attempt
* 1:64101 <-> SERVER-WEBAPP D-Link DIR-820 Router OS command injection attempt
* 1:64102 <-> SERVER-WEBAPP D-Link DIR-820 Router OS command injection attempt
* 1:64103 <-> SERVER-WEBAPP D-Link DIR-820 Router OS command injection attempt
* 1:64104 <-> MALWARE-OTHER Win.Exploit.ElevationStation download attempt
* 1:64105 <-> MALWARE-OTHER Win.Exploit.ElevationStation download attempt
* 1:64106 <-> MALWARE-OTHER Win.Exploit.BypassUAC download attempt
* 1:64107 <-> MALWARE-OTHER Win.Loader.InSwor shellcode download attempt
* 1:64108 <-> MALWARE-OTHER Win.Loader.InSwor shellcode download attempt
* 1:64109 <-> MALWARE-OTHER Win.Loader.InSwor download attempt
* 1:64110 <-> MALWARE-OTHER Win.Loader.InSwor download attempt

Modified Rules:



2024-10-08 18:27:08 UTC

Snort Subscriber Rules Update

Date: 2024-10-07-001

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.21.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:301034 <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt
* 1:301035 <-> OS-WINDOWS Microsoft Management Console remote code execution attempt
* 1:301036 <-> OS-WINDOWS Microsoft Windows MSHTML platform spoofing attempt
* 1:301037 <-> MALWARE-OTHER Win.Loader.PUBLOAD variant download attempt
* 1:301038 <-> MALWARE-OTHER Win.Loader.PUBLOAD variant download attempt
* 1:301039 <-> MALWARE-OTHER Win.Stealer.FDMTP variant download attempt
* 1:301040 <-> MALWARE-OTHER Win.Stealer.FDMTP variant download attempt
* 1:301041 <-> OS-WINDOWS Microsoft Windows Storage Port Driver elevation of privilege attempt
* 1:64080 <-> SERVER-WEBAPP Alteneregy Power Control Software command injection attempt
* 1:64081 <-> SERVER-WEBAPP Alteneregy Power Control Software command injection attempt
* 1:64082 <-> POLICY-OTHER Inductive Automation Ignition project listing request detected
* 3:64087 <-> OS-OTHER TRUFFLEHUNTER TALOS-2024-2081 attack attempt
* 3:64088 <-> OS-OTHER TRUFFLEHUNTER TALOS-2024-2081 attack attempt
* 1:64091 <-> SERVER-WEBAPP Ivanti Endpoint Manager EPM SQL injection attempt
* 1:64100 <-> SERVER-WEBAPP D-Link DIR-820 Router OS command injection attempt
* 1:64101 <-> SERVER-WEBAPP D-Link DIR-820 Router OS command injection attempt
* 1:64102 <-> SERVER-WEBAPP D-Link DIR-820 Router OS command injection attempt
* 1:64103 <-> SERVER-WEBAPP D-Link DIR-820 Router OS command injection attempt
* 1:64104 <-> MALWARE-OTHER Win.Exploit.ElevationStation download attempt
* 1:64105 <-> MALWARE-OTHER Win.Exploit.ElevationStation download attempt
* 1:64106 <-> MALWARE-OTHER Win.Exploit.BypassUAC download attempt
* 1:64107 <-> MALWARE-OTHER Win.Loader.InSwor shellcode download attempt
* 1:64108 <-> MALWARE-OTHER Win.Loader.InSwor shellcode download attempt
* 1:64109 <-> MALWARE-OTHER Win.Loader.InSwor download attempt
* 1:64110 <-> MALWARE-OTHER Win.Loader.InSwor download attempt

Modified Rules:



2024-10-08 18:27:08 UTC

Snort Subscriber Rules Update

Date: 2024-10-07-001

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.35.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:301034 <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt
* 1:301035 <-> OS-WINDOWS Microsoft Management Console remote code execution attempt
* 1:301036 <-> OS-WINDOWS Microsoft Windows MSHTML platform spoofing attempt
* 1:301037 <-> MALWARE-OTHER Win.Loader.PUBLOAD variant download attempt
* 1:301038 <-> MALWARE-OTHER Win.Loader.PUBLOAD variant download attempt
* 1:301039 <-> MALWARE-OTHER Win.Stealer.FDMTP variant download attempt
* 1:301040 <-> MALWARE-OTHER Win.Stealer.FDMTP variant download attempt
* 1:301041 <-> OS-WINDOWS Microsoft Windows Storage Port Driver elevation of privilege attempt
* 1:64080 <-> SERVER-WEBAPP Alteneregy Power Control Software command injection attempt
* 1:64081 <-> SERVER-WEBAPP Alteneregy Power Control Software command injection attempt
* 1:64082 <-> POLICY-OTHER Inductive Automation Ignition project listing request detected
* 3:64087 <-> OS-OTHER TRUFFLEHUNTER TALOS-2024-2081 attack attempt
* 3:64088 <-> OS-OTHER TRUFFLEHUNTER TALOS-2024-2081 attack attempt
* 1:64091 <-> SERVER-WEBAPP Ivanti Endpoint Manager EPM SQL injection attempt
* 1:64100 <-> SERVER-WEBAPP D-Link DIR-820 Router OS command injection attempt
* 1:64101 <-> SERVER-WEBAPP D-Link DIR-820 Router OS command injection attempt
* 1:64102 <-> SERVER-WEBAPP D-Link DIR-820 Router OS command injection attempt
* 1:64103 <-> SERVER-WEBAPP D-Link DIR-820 Router OS command injection attempt
* 1:64104 <-> MALWARE-OTHER Win.Exploit.ElevationStation download attempt
* 1:64105 <-> MALWARE-OTHER Win.Exploit.ElevationStation download attempt
* 1:64106 <-> MALWARE-OTHER Win.Exploit.BypassUAC download attempt
* 1:64107 <-> MALWARE-OTHER Win.Loader.InSwor shellcode download attempt
* 1:64108 <-> MALWARE-OTHER Win.Loader.InSwor shellcode download attempt
* 1:64109 <-> MALWARE-OTHER Win.Loader.InSwor download attempt
* 1:64110 <-> MALWARE-OTHER Win.Loader.InSwor download attempt

Modified Rules:



2024-10-08 18:27:08 UTC

Snort Subscriber Rules Update

Date: 2024-10-07-001

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.44.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:301034 <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt
* 1:301035 <-> OS-WINDOWS Microsoft Management Console remote code execution attempt
* 1:301036 <-> OS-WINDOWS Microsoft Windows MSHTML platform spoofing attempt
* 1:301037 <-> MALWARE-OTHER Win.Loader.PUBLOAD variant download attempt
* 1:301038 <-> MALWARE-OTHER Win.Loader.PUBLOAD variant download attempt
* 1:301039 <-> MALWARE-OTHER Win.Stealer.FDMTP variant download attempt
* 1:301040 <-> MALWARE-OTHER Win.Stealer.FDMTP variant download attempt
* 1:301041 <-> OS-WINDOWS Microsoft Windows Storage Port Driver elevation of privilege attempt
* 1:64080 <-> SERVER-WEBAPP Alteneregy Power Control Software command injection attempt
* 1:64081 <-> SERVER-WEBAPP Alteneregy Power Control Software command injection attempt
* 1:64082 <-> POLICY-OTHER Inductive Automation Ignition project listing request detected
* 3:64087 <-> OS-OTHER TRUFFLEHUNTER TALOS-2024-2081 attack attempt
* 3:64088 <-> OS-OTHER TRUFFLEHUNTER TALOS-2024-2081 attack attempt
* 1:64091 <-> SERVER-WEBAPP Ivanti Endpoint Manager EPM SQL injection attempt
* 1:64100 <-> SERVER-WEBAPP D-Link DIR-820 Router OS command injection attempt
* 1:64101 <-> SERVER-WEBAPP D-Link DIR-820 Router OS command injection attempt
* 1:64102 <-> SERVER-WEBAPP D-Link DIR-820 Router OS command injection attempt
* 1:64103 <-> SERVER-WEBAPP D-Link DIR-820 Router OS command injection attempt
* 1:64104 <-> MALWARE-OTHER Win.Exploit.ElevationStation download attempt
* 1:64105 <-> MALWARE-OTHER Win.Exploit.ElevationStation download attempt
* 1:64106 <-> MALWARE-OTHER Win.Exploit.BypassUAC download attempt
* 1:64107 <-> MALWARE-OTHER Win.Loader.InSwor shellcode download attempt
* 1:64108 <-> MALWARE-OTHER Win.Loader.InSwor shellcode download attempt
* 1:64109 <-> MALWARE-OTHER Win.Loader.InSwor download attempt
* 1:64110 <-> MALWARE-OTHER Win.Loader.InSwor download attempt

Modified Rules:



2024-10-08 18:27:08 UTC

Snort Subscriber Rules Update

Date: 2024-10-07-001

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.47.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:301034 <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt
* 1:301035 <-> OS-WINDOWS Microsoft Management Console remote code execution attempt
* 1:301036 <-> OS-WINDOWS Microsoft Windows MSHTML platform spoofing attempt
* 1:301037 <-> MALWARE-OTHER Win.Loader.PUBLOAD variant download attempt
* 1:301038 <-> MALWARE-OTHER Win.Loader.PUBLOAD variant download attempt
* 1:301039 <-> MALWARE-OTHER Win.Stealer.FDMTP variant download attempt
* 1:301040 <-> MALWARE-OTHER Win.Stealer.FDMTP variant download attempt
* 1:301041 <-> OS-WINDOWS Microsoft Windows Storage Port Driver elevation of privilege attempt
* 1:64080 <-> SERVER-WEBAPP Alteneregy Power Control Software command injection attempt
* 1:64081 <-> SERVER-WEBAPP Alteneregy Power Control Software command injection attempt
* 1:64082 <-> POLICY-OTHER Inductive Automation Ignition project listing request detected
* 3:64087 <-> OS-OTHER TRUFFLEHUNTER TALOS-2024-2081 attack attempt
* 3:64088 <-> OS-OTHER TRUFFLEHUNTER TALOS-2024-2081 attack attempt
* 1:64091 <-> SERVER-WEBAPP Ivanti Endpoint Manager EPM SQL injection attempt
* 1:64100 <-> SERVER-WEBAPP D-Link DIR-820 Router OS command injection attempt
* 1:64101 <-> SERVER-WEBAPP D-Link DIR-820 Router OS command injection attempt
* 1:64102 <-> SERVER-WEBAPP D-Link DIR-820 Router OS command injection attempt
* 1:64103 <-> SERVER-WEBAPP D-Link DIR-820 Router OS command injection attempt
* 1:64104 <-> MALWARE-OTHER Win.Exploit.ElevationStation download attempt
* 1:64105 <-> MALWARE-OTHER Win.Exploit.ElevationStation download attempt
* 1:64106 <-> MALWARE-OTHER Win.Exploit.BypassUAC download attempt
* 1:64107 <-> MALWARE-OTHER Win.Loader.InSwor shellcode download attempt
* 1:64108 <-> MALWARE-OTHER Win.Loader.InSwor shellcode download attempt
* 1:64109 <-> MALWARE-OTHER Win.Loader.InSwor download attempt
* 1:64110 <-> MALWARE-OTHER Win.Loader.InSwor download attempt

Modified Rules: