Talos has added and modified multiple rules in the malware-cnc, malware-other, os-other, policy-other, protocol-other, server-apache and server-webapp rule sets to provide coverage for emerging threats from these technologies.
For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2092000.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:64721 <-> ENABLED <-> SERVER-WEBAPP Edimax IC-7100 IP Camera command injection attempt (server-webapp.rules) * 1:64722 <-> ENABLED <-> SERVER-WEBAPP Edimax IC-7100 IP Camera command injection attempt (server-webapp.rules) * 1:64723 <-> ENABLED <-> SERVER-WEBAPP Edimax IC-7100 IP Camera command injection attempt (server-webapp.rules) * 1:64724 <-> ENABLED <-> SERVER-WEBAPP Edimax IC-7100 IP Camera command injection attempt (server-webapp.rules) * 1:64725 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.DarkSide phishing attempt (malware-other.rules) * 1:64726 <-> ENABLED <-> SERVER-WEBAPP NAKIVO Director arbitrary file read attempt (server-webapp.rules) * 1:64727 <-> DISABLED <-> PROTOCOL-OTHER Digium Asterisk Skinny Channel OnHook message detected (protocol-other.rules) * 1:64728 <-> DISABLED <-> PROTOCOL-OTHER Digium Asterisk Skinny Channel denial of service attempt (protocol-other.rules) * 1:64729 <-> DISABLED <-> PROTOCOL-OTHER Digium Asterisk Skinny Channel OffHook message detected (protocol-other.rules) * 1:64730 <-> DISABLED <-> SERVER-APACHE Apache Tomcat potential TOCTOU race condition trigger attempt (server-apache.rules) * 1:64731 <-> DISABLED <-> SERVER-WEBAPP Multiple products potential JSP webshell upload attempt (server-webapp.rules) * 1:64732 <-> DISABLED <-> SERVER-WEBAPP Trend Micro OfficeScan directory traversal attempt (server-webapp.rules) * 1:64733 <-> DISABLED <-> POLICY-OTHER Progress WhatsUp Gold potential credential leak attempt (policy-other.rules) * 1:64734 <-> DISABLED <-> SERVER-WEBAPP Progress WhatsUp Gold remote code execution attempt (server-webapp.rules) * 1:64735 <-> ENABLED <-> SERVER-WEBAPP SAP NetWeaver local file inclusion attempt (server-webapp.rules) * 1:64736 <-> ENABLED <-> SERVER-WEBAPP SAP NetWeaver local file inclusion attempt (server-webapp.rules) * 3:64737 <-> ENABLED <-> OS-OTHER TRUFFLEHUNTER TALOS-2025-2158 attack attempt (os-other.rules) * 3:64738 <-> ENABLED <-> OS-OTHER TRUFFLEHUNTER TALOS-2025-2158 attack attempt (os-other.rules)
* 1:48154 <-> DISABLED <-> MALWARE-CNC JS.Trojan.Generic variant outbound connection (malware-cnc.rules) * 1:48152 <-> DISABLED <-> MALWARE-CNC JS.Trojan.Generic malicious file download (malware-cnc.rules) * 1:48155 <-> DISABLED <-> MALWARE-CNC JS.Trojan.Generic variant outbound connection (malware-cnc.rules) * 1:48156 <-> DISABLED <-> MALWARE-CNC JS.Trojan.Generic variant outbound connection (malware-cnc.rules) * 1:48157 <-> DISABLED <-> MALWARE-CNC JS.Trojan.Generic variant outbound connection (malware-cnc.rules) * 1:48153 <-> DISABLED <-> MALWARE-CNC JS.Trojan.Generic variant outbound connection (malware-cnc.rules) * 1:48151 <-> DISABLED <-> MALWARE-CNC JS.Trojan.Generic malicious file download (malware-cnc.rules) * 3:50908 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2019-0885 attack attempt (server-other.rules)
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2091900.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:64734 <-> DISABLED <-> SERVER-WEBAPP Progress WhatsUp Gold remote code execution attempt (server-webapp.rules) * 1:64721 <-> ENABLED <-> SERVER-WEBAPP Edimax IC-7100 IP Camera command injection attempt (server-webapp.rules) * 1:64722 <-> ENABLED <-> SERVER-WEBAPP Edimax IC-7100 IP Camera command injection attempt (server-webapp.rules) * 1:64728 <-> DISABLED <-> PROTOCOL-OTHER Digium Asterisk Skinny Channel denial of service attempt (protocol-other.rules) * 1:64723 <-> ENABLED <-> SERVER-WEBAPP Edimax IC-7100 IP Camera command injection attempt (server-webapp.rules) * 1:64724 <-> ENABLED <-> SERVER-WEBAPP Edimax IC-7100 IP Camera command injection attempt (server-webapp.rules) * 1:64731 <-> DISABLED <-> SERVER-WEBAPP Multiple products potential JSP webshell upload attempt (server-webapp.rules) * 1:64730 <-> DISABLED <-> SERVER-APACHE Apache Tomcat potential TOCTOU race condition trigger attempt (server-apache.rules) * 1:64735 <-> ENABLED <-> SERVER-WEBAPP SAP NetWeaver local file inclusion attempt (server-webapp.rules) * 1:64736 <-> ENABLED <-> SERVER-WEBAPP SAP NetWeaver local file inclusion attempt (server-webapp.rules) * 1:64733 <-> DISABLED <-> POLICY-OTHER Progress WhatsUp Gold potential credential leak attempt (policy-other.rules) * 1:64727 <-> DISABLED <-> PROTOCOL-OTHER Digium Asterisk Skinny Channel OnHook message detected (protocol-other.rules) * 1:64729 <-> DISABLED <-> PROTOCOL-OTHER Digium Asterisk Skinny Channel OffHook message detected (protocol-other.rules) * 1:64726 <-> ENABLED <-> SERVER-WEBAPP NAKIVO Director arbitrary file read attempt (server-webapp.rules) * 1:64725 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.DarkSide phishing attempt (malware-other.rules) * 1:64732 <-> DISABLED <-> SERVER-WEBAPP Trend Micro OfficeScan directory traversal attempt (server-webapp.rules) * 3:64738 <-> ENABLED <-> OS-OTHER TRUFFLEHUNTER TALOS-2025-2158 attack attempt (os-other.rules) * 3:64737 <-> ENABLED <-> OS-OTHER TRUFFLEHUNTER TALOS-2025-2158 attack attempt (os-other.rules)
* 1:48153 <-> DISABLED <-> MALWARE-CNC JS.Trojan.Generic variant outbound connection (malware-cnc.rules) * 1:48154 <-> DISABLED <-> MALWARE-CNC JS.Trojan.Generic variant outbound connection (malware-cnc.rules) * 1:48152 <-> DISABLED <-> MALWARE-CNC JS.Trojan.Generic malicious file download (malware-cnc.rules) * 1:48156 <-> DISABLED <-> MALWARE-CNC JS.Trojan.Generic variant outbound connection (malware-cnc.rules) * 1:48157 <-> DISABLED <-> MALWARE-CNC JS.Trojan.Generic variant outbound connection (malware-cnc.rules) * 1:48155 <-> DISABLED <-> MALWARE-CNC JS.Trojan.Generic variant outbound connection (malware-cnc.rules) * 1:48151 <-> DISABLED <-> MALWARE-CNC JS.Trojan.Generic malicious file download (malware-cnc.rules) * 3:50908 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2019-0885 attack attempt (server-other.rules)
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2091801.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:64725 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.DarkSide phishing attempt (malware-other.rules) * 1:64733 <-> DISABLED <-> POLICY-OTHER Progress WhatsUp Gold potential credential leak attempt (policy-other.rules) * 1:64724 <-> ENABLED <-> SERVER-WEBAPP Edimax IC-7100 IP Camera command injection attempt (server-webapp.rules) * 1:64722 <-> ENABLED <-> SERVER-WEBAPP Edimax IC-7100 IP Camera command injection attempt (server-webapp.rules) * 1:64727 <-> DISABLED <-> PROTOCOL-OTHER Digium Asterisk Skinny Channel OnHook message detected (protocol-other.rules) * 1:64731 <-> DISABLED <-> SERVER-WEBAPP Multiple products potential JSP webshell upload attempt (server-webapp.rules) * 1:64736 <-> ENABLED <-> SERVER-WEBAPP SAP NetWeaver local file inclusion attempt (server-webapp.rules) * 1:64723 <-> ENABLED <-> SERVER-WEBAPP Edimax IC-7100 IP Camera command injection attempt (server-webapp.rules) * 1:64726 <-> ENABLED <-> SERVER-WEBAPP NAKIVO Director arbitrary file read attempt (server-webapp.rules) * 1:64730 <-> DISABLED <-> SERVER-APACHE Apache Tomcat potential TOCTOU race condition trigger attempt (server-apache.rules) * 1:64734 <-> DISABLED <-> SERVER-WEBAPP Progress WhatsUp Gold remote code execution attempt (server-webapp.rules) * 1:64732 <-> DISABLED <-> SERVER-WEBAPP Trend Micro OfficeScan directory traversal attempt (server-webapp.rules) * 1:64728 <-> DISABLED <-> PROTOCOL-OTHER Digium Asterisk Skinny Channel denial of service attempt (protocol-other.rules) * 1:64721 <-> ENABLED <-> SERVER-WEBAPP Edimax IC-7100 IP Camera command injection attempt (server-webapp.rules) * 1:64729 <-> DISABLED <-> PROTOCOL-OTHER Digium Asterisk Skinny Channel OffHook message detected (protocol-other.rules) * 1:64735 <-> ENABLED <-> SERVER-WEBAPP SAP NetWeaver local file inclusion attempt (server-webapp.rules) * 3:64737 <-> ENABLED <-> OS-OTHER TRUFFLEHUNTER TALOS-2025-2158 attack attempt (os-other.rules) * 3:64738 <-> ENABLED <-> OS-OTHER TRUFFLEHUNTER TALOS-2025-2158 attack attempt (os-other.rules)
* 1:48154 <-> DISABLED <-> MALWARE-CNC JS.Trojan.Generic variant outbound connection (malware-cnc.rules) * 1:48152 <-> DISABLED <-> MALWARE-CNC JS.Trojan.Generic malicious file download (malware-cnc.rules) * 1:48153 <-> DISABLED <-> MALWARE-CNC JS.Trojan.Generic variant outbound connection (malware-cnc.rules) * 1:48151 <-> DISABLED <-> MALWARE-CNC JS.Trojan.Generic malicious file download (malware-cnc.rules) * 1:48156 <-> DISABLED <-> MALWARE-CNC JS.Trojan.Generic variant outbound connection (malware-cnc.rules) * 1:48155 <-> DISABLED <-> MALWARE-CNC JS.Trojan.Generic variant outbound connection (malware-cnc.rules) * 1:48157 <-> DISABLED <-> MALWARE-CNC JS.Trojan.Generic variant outbound connection (malware-cnc.rules) * 3:50908 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2019-0885 attack attempt (server-other.rules)
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2091701.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:64736 <-> ENABLED <-> SERVER-WEBAPP SAP NetWeaver local file inclusion attempt (server-webapp.rules) * 1:64724 <-> ENABLED <-> SERVER-WEBAPP Edimax IC-7100 IP Camera command injection attempt (server-webapp.rules) * 1:64734 <-> DISABLED <-> SERVER-WEBAPP Progress WhatsUp Gold remote code execution attempt (server-webapp.rules) * 1:64735 <-> ENABLED <-> SERVER-WEBAPP SAP NetWeaver local file inclusion attempt (server-webapp.rules) * 1:64733 <-> DISABLED <-> POLICY-OTHER Progress WhatsUp Gold potential credential leak attempt (policy-other.rules) * 1:64722 <-> ENABLED <-> SERVER-WEBAPP Edimax IC-7100 IP Camera command injection attempt (server-webapp.rules) * 1:64732 <-> DISABLED <-> SERVER-WEBAPP Trend Micro OfficeScan directory traversal attempt (server-webapp.rules) * 1:64727 <-> DISABLED <-> PROTOCOL-OTHER Digium Asterisk Skinny Channel OnHook message detected (protocol-other.rules) * 1:64728 <-> DISABLED <-> PROTOCOL-OTHER Digium Asterisk Skinny Channel denial of service attempt (protocol-other.rules) * 1:64723 <-> ENABLED <-> SERVER-WEBAPP Edimax IC-7100 IP Camera command injection attempt (server-webapp.rules) * 1:64730 <-> DISABLED <-> SERVER-APACHE Apache Tomcat potential TOCTOU race condition trigger attempt (server-apache.rules) * 1:64721 <-> ENABLED <-> SERVER-WEBAPP Edimax IC-7100 IP Camera command injection attempt (server-webapp.rules) * 1:64731 <-> DISABLED <-> SERVER-WEBAPP Multiple products potential JSP webshell upload attempt (server-webapp.rules) * 1:64725 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.DarkSide phishing attempt (malware-other.rules) * 1:64726 <-> ENABLED <-> SERVER-WEBAPP NAKIVO Director arbitrary file read attempt (server-webapp.rules) * 1:64729 <-> DISABLED <-> PROTOCOL-OTHER Digium Asterisk Skinny Channel OffHook message detected (protocol-other.rules) * 3:64738 <-> ENABLED <-> OS-OTHER TRUFFLEHUNTER TALOS-2025-2158 attack attempt (os-other.rules) * 3:64737 <-> ENABLED <-> OS-OTHER TRUFFLEHUNTER TALOS-2025-2158 attack attempt (os-other.rules)
* 1:48153 <-> DISABLED <-> MALWARE-CNC JS.Trojan.Generic variant outbound connection (malware-cnc.rules) * 1:48152 <-> DISABLED <-> MALWARE-CNC JS.Trojan.Generic malicious file download (malware-cnc.rules) * 1:48154 <-> DISABLED <-> MALWARE-CNC JS.Trojan.Generic variant outbound connection (malware-cnc.rules) * 1:48156 <-> DISABLED <-> MALWARE-CNC JS.Trojan.Generic variant outbound connection (malware-cnc.rules) * 1:48157 <-> DISABLED <-> MALWARE-CNC JS.Trojan.Generic variant outbound connection (malware-cnc.rules) * 1:48151 <-> DISABLED <-> MALWARE-CNC JS.Trojan.Generic malicious file download (malware-cnc.rules) * 1:48155 <-> DISABLED <-> MALWARE-CNC JS.Trojan.Generic variant outbound connection (malware-cnc.rules) * 3:50908 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2019-0885 attack attempt (server-other.rules)
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2091700.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:64733 <-> DISABLED <-> POLICY-OTHER Progress WhatsUp Gold potential credential leak attempt (policy-other.rules) * 1:64726 <-> ENABLED <-> SERVER-WEBAPP NAKIVO Director arbitrary file read attempt (server-webapp.rules) * 1:64736 <-> ENABLED <-> SERVER-WEBAPP SAP NetWeaver local file inclusion attempt (server-webapp.rules) * 1:64723 <-> ENABLED <-> SERVER-WEBAPP Edimax IC-7100 IP Camera command injection attempt (server-webapp.rules) * 1:64731 <-> DISABLED <-> SERVER-WEBAPP Multiple products potential JSP webshell upload attempt (server-webapp.rules) * 1:64727 <-> DISABLED <-> PROTOCOL-OTHER Digium Asterisk Skinny Channel OnHook message detected (protocol-other.rules) * 1:64721 <-> ENABLED <-> SERVER-WEBAPP Edimax IC-7100 IP Camera command injection attempt (server-webapp.rules) * 1:64728 <-> DISABLED <-> PROTOCOL-OTHER Digium Asterisk Skinny Channel denial of service attempt (protocol-other.rules) * 1:64722 <-> ENABLED <-> SERVER-WEBAPP Edimax IC-7100 IP Camera command injection attempt (server-webapp.rules) * 1:64724 <-> ENABLED <-> SERVER-WEBAPP Edimax IC-7100 IP Camera command injection attempt (server-webapp.rules) * 1:64729 <-> DISABLED <-> PROTOCOL-OTHER Digium Asterisk Skinny Channel OffHook message detected (protocol-other.rules) * 1:64734 <-> DISABLED <-> SERVER-WEBAPP Progress WhatsUp Gold remote code execution attempt (server-webapp.rules) * 1:64725 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.DarkSide phishing attempt (malware-other.rules) * 1:64735 <-> ENABLED <-> SERVER-WEBAPP SAP NetWeaver local file inclusion attempt (server-webapp.rules) * 1:64730 <-> DISABLED <-> SERVER-APACHE Apache Tomcat potential TOCTOU race condition trigger attempt (server-apache.rules) * 1:64732 <-> DISABLED <-> SERVER-WEBAPP Trend Micro OfficeScan directory traversal attempt (server-webapp.rules) * 3:64737 <-> ENABLED <-> OS-OTHER TRUFFLEHUNTER TALOS-2025-2158 attack attempt (os-other.rules) * 3:64738 <-> ENABLED <-> OS-OTHER TRUFFLEHUNTER TALOS-2025-2158 attack attempt (os-other.rules)
* 1:48155 <-> DISABLED <-> MALWARE-CNC JS.Trojan.Generic variant outbound connection (malware-cnc.rules) * 1:48151 <-> DISABLED <-> MALWARE-CNC JS.Trojan.Generic malicious file download (malware-cnc.rules) * 1:48152 <-> DISABLED <-> MALWARE-CNC JS.Trojan.Generic malicious file download (malware-cnc.rules) * 1:48154 <-> DISABLED <-> MALWARE-CNC JS.Trojan.Generic variant outbound connection (malware-cnc.rules) * 1:48153 <-> DISABLED <-> MALWARE-CNC JS.Trojan.Generic variant outbound connection (malware-cnc.rules) * 1:48156 <-> DISABLED <-> MALWARE-CNC JS.Trojan.Generic variant outbound connection (malware-cnc.rules) * 1:48157 <-> DISABLED <-> MALWARE-CNC JS.Trojan.Generic variant outbound connection (malware-cnc.rules) * 3:50908 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2019-0885 attack attempt (server-other.rules)
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2091601.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:64730 <-> DISABLED <-> SERVER-APACHE Apache Tomcat potential TOCTOU race condition trigger attempt (server-apache.rules) * 1:64725 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.DarkSide phishing attempt (malware-other.rules) * 1:64732 <-> DISABLED <-> SERVER-WEBAPP Trend Micro OfficeScan directory traversal attempt (server-webapp.rules) * 1:64736 <-> ENABLED <-> SERVER-WEBAPP SAP NetWeaver local file inclusion attempt (server-webapp.rules) * 1:64723 <-> ENABLED <-> SERVER-WEBAPP Edimax IC-7100 IP Camera command injection attempt (server-webapp.rules) * 1:64721 <-> ENABLED <-> SERVER-WEBAPP Edimax IC-7100 IP Camera command injection attempt (server-webapp.rules) * 1:64735 <-> ENABLED <-> SERVER-WEBAPP SAP NetWeaver local file inclusion attempt (server-webapp.rules) * 1:64731 <-> DISABLED <-> SERVER-WEBAPP Multiple products potential JSP webshell upload attempt (server-webapp.rules) * 1:64722 <-> ENABLED <-> SERVER-WEBAPP Edimax IC-7100 IP Camera command injection attempt (server-webapp.rules) * 1:64733 <-> DISABLED <-> POLICY-OTHER Progress WhatsUp Gold potential credential leak attempt (policy-other.rules) * 1:64727 <-> DISABLED <-> PROTOCOL-OTHER Digium Asterisk Skinny Channel OnHook message detected (protocol-other.rules) * 1:64728 <-> DISABLED <-> PROTOCOL-OTHER Digium Asterisk Skinny Channel denial of service attempt (protocol-other.rules) * 1:64729 <-> DISABLED <-> PROTOCOL-OTHER Digium Asterisk Skinny Channel OffHook message detected (protocol-other.rules) * 1:64726 <-> ENABLED <-> SERVER-WEBAPP NAKIVO Director arbitrary file read attempt (server-webapp.rules) * 1:64734 <-> DISABLED <-> SERVER-WEBAPP Progress WhatsUp Gold remote code execution attempt (server-webapp.rules) * 1:64724 <-> ENABLED <-> SERVER-WEBAPP Edimax IC-7100 IP Camera command injection attempt (server-webapp.rules) * 3:64738 <-> ENABLED <-> OS-OTHER TRUFFLEHUNTER TALOS-2025-2158 attack attempt (os-other.rules) * 3:64737 <-> ENABLED <-> OS-OTHER TRUFFLEHUNTER TALOS-2025-2158 attack attempt (os-other.rules)
* 1:48153 <-> DISABLED <-> MALWARE-CNC JS.Trojan.Generic variant outbound connection (malware-cnc.rules) * 1:48152 <-> DISABLED <-> MALWARE-CNC JS.Trojan.Generic malicious file download (malware-cnc.rules) * 1:48151 <-> DISABLED <-> MALWARE-CNC JS.Trojan.Generic malicious file download (malware-cnc.rules) * 1:48155 <-> DISABLED <-> MALWARE-CNC JS.Trojan.Generic variant outbound connection (malware-cnc.rules) * 1:48156 <-> DISABLED <-> MALWARE-CNC JS.Trojan.Generic variant outbound connection (malware-cnc.rules) * 1:48157 <-> DISABLED <-> MALWARE-CNC JS.Trojan.Generic variant outbound connection (malware-cnc.rules) * 1:48154 <-> DISABLED <-> MALWARE-CNC JS.Trojan.Generic variant outbound connection (malware-cnc.rules) * 3:50908 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2019-0885 attack attempt (server-other.rules)
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2091600.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:64733 <-> DISABLED <-> POLICY-OTHER Progress WhatsUp Gold potential credential leak attempt (policy-other.rules) * 1:64721 <-> ENABLED <-> SERVER-WEBAPP Edimax IC-7100 IP Camera command injection attempt (server-webapp.rules) * 1:64731 <-> DISABLED <-> SERVER-WEBAPP Multiple products potential JSP webshell upload attempt (server-webapp.rules) * 1:64725 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.DarkSide phishing attempt (malware-other.rules) * 1:64734 <-> DISABLED <-> SERVER-WEBAPP Progress WhatsUp Gold remote code execution attempt (server-webapp.rules) * 1:64727 <-> DISABLED <-> PROTOCOL-OTHER Digium Asterisk Skinny Channel OnHook message detected (protocol-other.rules) * 1:64732 <-> DISABLED <-> SERVER-WEBAPP Trend Micro OfficeScan directory traversal attempt (server-webapp.rules) * 1:64724 <-> ENABLED <-> SERVER-WEBAPP Edimax IC-7100 IP Camera command injection attempt (server-webapp.rules) * 1:64735 <-> ENABLED <-> SERVER-WEBAPP SAP NetWeaver local file inclusion attempt (server-webapp.rules) * 1:64722 <-> ENABLED <-> SERVER-WEBAPP Edimax IC-7100 IP Camera command injection attempt (server-webapp.rules) * 1:64730 <-> DISABLED <-> SERVER-APACHE Apache Tomcat potential TOCTOU race condition trigger attempt (server-apache.rules) * 1:64729 <-> DISABLED <-> PROTOCOL-OTHER Digium Asterisk Skinny Channel OffHook message detected (protocol-other.rules) * 1:64723 <-> ENABLED <-> SERVER-WEBAPP Edimax IC-7100 IP Camera command injection attempt (server-webapp.rules) * 1:64728 <-> DISABLED <-> PROTOCOL-OTHER Digium Asterisk Skinny Channel denial of service attempt (protocol-other.rules) * 1:64736 <-> ENABLED <-> SERVER-WEBAPP SAP NetWeaver local file inclusion attempt (server-webapp.rules) * 1:64726 <-> ENABLED <-> SERVER-WEBAPP NAKIVO Director arbitrary file read attempt (server-webapp.rules) * 3:64737 <-> ENABLED <-> OS-OTHER TRUFFLEHUNTER TALOS-2025-2158 attack attempt (os-other.rules) * 3:64738 <-> ENABLED <-> OS-OTHER TRUFFLEHUNTER TALOS-2025-2158 attack attempt (os-other.rules)
* 1:48154 <-> DISABLED <-> MALWARE-CNC JS.Trojan.Generic variant outbound connection (malware-cnc.rules) * 1:48151 <-> DISABLED <-> MALWARE-CNC JS.Trojan.Generic malicious file download (malware-cnc.rules) * 1:48152 <-> DISABLED <-> MALWARE-CNC JS.Trojan.Generic malicious file download (malware-cnc.rules) * 1:48156 <-> DISABLED <-> MALWARE-CNC JS.Trojan.Generic variant outbound connection (malware-cnc.rules) * 1:48153 <-> DISABLED <-> MALWARE-CNC JS.Trojan.Generic variant outbound connection (malware-cnc.rules) * 1:48157 <-> DISABLED <-> MALWARE-CNC JS.Trojan.Generic variant outbound connection (malware-cnc.rules) * 1:48155 <-> DISABLED <-> MALWARE-CNC JS.Trojan.Generic variant outbound connection (malware-cnc.rules) * 3:50908 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2019-0885 attack attempt (server-other.rules)
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2091501.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:64722 <-> ENABLED <-> SERVER-WEBAPP Edimax IC-7100 IP Camera command injection attempt (server-webapp.rules) * 1:64734 <-> DISABLED <-> SERVER-WEBAPP Progress WhatsUp Gold remote code execution attempt (server-webapp.rules) * 1:64730 <-> DISABLED <-> SERVER-APACHE Apache Tomcat potential TOCTOU race condition trigger attempt (server-apache.rules) * 1:64728 <-> DISABLED <-> PROTOCOL-OTHER Digium Asterisk Skinny Channel denial of service attempt (protocol-other.rules) * 1:64733 <-> DISABLED <-> POLICY-OTHER Progress WhatsUp Gold potential credential leak attempt (policy-other.rules) * 1:64726 <-> ENABLED <-> SERVER-WEBAPP NAKIVO Director arbitrary file read attempt (server-webapp.rules) * 1:64725 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.DarkSide phishing attempt (malware-other.rules) * 1:64727 <-> DISABLED <-> PROTOCOL-OTHER Digium Asterisk Skinny Channel OnHook message detected (protocol-other.rules) * 1:64721 <-> ENABLED <-> SERVER-WEBAPP Edimax IC-7100 IP Camera command injection attempt (server-webapp.rules) * 1:64724 <-> ENABLED <-> SERVER-WEBAPP Edimax IC-7100 IP Camera command injection attempt (server-webapp.rules) * 1:64735 <-> ENABLED <-> SERVER-WEBAPP SAP NetWeaver local file inclusion attempt (server-webapp.rules) * 1:64723 <-> ENABLED <-> SERVER-WEBAPP Edimax IC-7100 IP Camera command injection attempt (server-webapp.rules) * 1:64732 <-> DISABLED <-> SERVER-WEBAPP Trend Micro OfficeScan directory traversal attempt (server-webapp.rules) * 1:64731 <-> DISABLED <-> SERVER-WEBAPP Multiple products potential JSP webshell upload attempt (server-webapp.rules) * 1:64736 <-> ENABLED <-> SERVER-WEBAPP SAP NetWeaver local file inclusion attempt (server-webapp.rules) * 1:64729 <-> DISABLED <-> PROTOCOL-OTHER Digium Asterisk Skinny Channel OffHook message detected (protocol-other.rules) * 3:64738 <-> ENABLED <-> OS-OTHER TRUFFLEHUNTER TALOS-2025-2158 attack attempt (os-other.rules) * 3:64737 <-> ENABLED <-> OS-OTHER TRUFFLEHUNTER TALOS-2025-2158 attack attempt (os-other.rules)
* 1:48152 <-> DISABLED <-> MALWARE-CNC JS.Trojan.Generic malicious file download (malware-cnc.rules) * 1:48151 <-> DISABLED <-> MALWARE-CNC JS.Trojan.Generic malicious file download (malware-cnc.rules) * 1:48155 <-> DISABLED <-> MALWARE-CNC JS.Trojan.Generic variant outbound connection (malware-cnc.rules) * 1:48156 <-> DISABLED <-> MALWARE-CNC JS.Trojan.Generic variant outbound connection (malware-cnc.rules) * 1:48157 <-> DISABLED <-> MALWARE-CNC JS.Trojan.Generic variant outbound connection (malware-cnc.rules) * 1:48154 <-> DISABLED <-> MALWARE-CNC JS.Trojan.Generic variant outbound connection (malware-cnc.rules) * 1:48153 <-> DISABLED <-> MALWARE-CNC JS.Trojan.Generic variant outbound connection (malware-cnc.rules) * 3:50908 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2019-0885 attack attempt (server-other.rules)
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2091401.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:64734 <-> DISABLED <-> SERVER-WEBAPP Progress WhatsUp Gold remote code execution attempt (server-webapp.rules) * 1:64730 <-> DISABLED <-> SERVER-APACHE Apache Tomcat potential TOCTOU race condition trigger attempt (server-apache.rules) * 1:64724 <-> ENABLED <-> SERVER-WEBAPP Edimax IC-7100 IP Camera command injection attempt (server-webapp.rules) * 1:64731 <-> DISABLED <-> SERVER-WEBAPP Multiple products potential JSP webshell upload attempt (server-webapp.rules) * 1:64735 <-> ENABLED <-> SERVER-WEBAPP SAP NetWeaver local file inclusion attempt (server-webapp.rules) * 1:64729 <-> DISABLED <-> PROTOCOL-OTHER Digium Asterisk Skinny Channel OffHook message detected (protocol-other.rules) * 1:64725 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.DarkSide phishing attempt (malware-other.rules) * 1:64728 <-> DISABLED <-> PROTOCOL-OTHER Digium Asterisk Skinny Channel denial of service attempt (protocol-other.rules) * 1:64722 <-> ENABLED <-> SERVER-WEBAPP Edimax IC-7100 IP Camera command injection attempt (server-webapp.rules) * 1:64721 <-> ENABLED <-> SERVER-WEBAPP Edimax IC-7100 IP Camera command injection attempt (server-webapp.rules) * 1:64726 <-> ENABLED <-> SERVER-WEBAPP NAKIVO Director arbitrary file read attempt (server-webapp.rules) * 1:64723 <-> ENABLED <-> SERVER-WEBAPP Edimax IC-7100 IP Camera command injection attempt (server-webapp.rules) * 1:64732 <-> DISABLED <-> SERVER-WEBAPP Trend Micro OfficeScan directory traversal attempt (server-webapp.rules) * 1:64736 <-> ENABLED <-> SERVER-WEBAPP SAP NetWeaver local file inclusion attempt (server-webapp.rules) * 1:64727 <-> DISABLED <-> PROTOCOL-OTHER Digium Asterisk Skinny Channel OnHook message detected (protocol-other.rules) * 1:64733 <-> DISABLED <-> POLICY-OTHER Progress WhatsUp Gold potential credential leak attempt (policy-other.rules) * 3:64738 <-> ENABLED <-> OS-OTHER TRUFFLEHUNTER TALOS-2025-2158 attack attempt (os-other.rules) * 3:64737 <-> ENABLED <-> OS-OTHER TRUFFLEHUNTER TALOS-2025-2158 attack attempt (os-other.rules)
* 1:48155 <-> DISABLED <-> MALWARE-CNC JS.Trojan.Generic variant outbound connection (malware-cnc.rules) * 1:48154 <-> DISABLED <-> MALWARE-CNC JS.Trojan.Generic variant outbound connection (malware-cnc.rules) * 1:48153 <-> DISABLED <-> MALWARE-CNC JS.Trojan.Generic variant outbound connection (malware-cnc.rules) * 1:48152 <-> DISABLED <-> MALWARE-CNC JS.Trojan.Generic malicious file download (malware-cnc.rules) * 1:48151 <-> DISABLED <-> MALWARE-CNC JS.Trojan.Generic malicious file download (malware-cnc.rules) * 1:48156 <-> DISABLED <-> MALWARE-CNC JS.Trojan.Generic variant outbound connection (malware-cnc.rules) * 1:48157 <-> DISABLED <-> MALWARE-CNC JS.Trojan.Generic variant outbound connection (malware-cnc.rules) * 3:50908 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2019-0885 attack attempt (server-other.rules)
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2091300.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:64731 <-> DISABLED <-> SERVER-WEBAPP Multiple products potential JSP webshell upload attempt (server-webapp.rules) * 1:64726 <-> ENABLED <-> SERVER-WEBAPP NAKIVO Director arbitrary file read attempt (server-webapp.rules) * 1:64725 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.DarkSide phishing attempt (malware-other.rules) * 1:64724 <-> ENABLED <-> SERVER-WEBAPP Edimax IC-7100 IP Camera command injection attempt (server-webapp.rules) * 1:64727 <-> DISABLED <-> PROTOCOL-OTHER Digium Asterisk Skinny Channel OnHook message detected (protocol-other.rules) * 1:64732 <-> DISABLED <-> SERVER-WEBAPP Trend Micro OfficeScan directory traversal attempt (server-webapp.rules) * 1:64728 <-> DISABLED <-> PROTOCOL-OTHER Digium Asterisk Skinny Channel denial of service attempt (protocol-other.rules) * 1:64733 <-> DISABLED <-> POLICY-OTHER Progress WhatsUp Gold potential credential leak attempt (policy-other.rules) * 1:64721 <-> ENABLED <-> SERVER-WEBAPP Edimax IC-7100 IP Camera command injection attempt (server-webapp.rules) * 1:64735 <-> ENABLED <-> SERVER-WEBAPP SAP NetWeaver local file inclusion attempt (server-webapp.rules) * 1:64730 <-> DISABLED <-> SERVER-APACHE Apache Tomcat potential TOCTOU race condition trigger attempt (server-apache.rules) * 1:64734 <-> DISABLED <-> SERVER-WEBAPP Progress WhatsUp Gold remote code execution attempt (server-webapp.rules) * 1:64736 <-> ENABLED <-> SERVER-WEBAPP SAP NetWeaver local file inclusion attempt (server-webapp.rules) * 1:64723 <-> ENABLED <-> SERVER-WEBAPP Edimax IC-7100 IP Camera command injection attempt (server-webapp.rules) * 1:64722 <-> ENABLED <-> SERVER-WEBAPP Edimax IC-7100 IP Camera command injection attempt (server-webapp.rules) * 1:64729 <-> DISABLED <-> PROTOCOL-OTHER Digium Asterisk Skinny Channel OffHook message detected (protocol-other.rules) * 3:64738 <-> ENABLED <-> OS-OTHER TRUFFLEHUNTER TALOS-2025-2158 attack attempt (os-other.rules) * 3:64737 <-> ENABLED <-> OS-OTHER TRUFFLEHUNTER TALOS-2025-2158 attack attempt (os-other.rules)
* 1:48152 <-> DISABLED <-> MALWARE-CNC JS.Trojan.Generic malicious file download (malware-cnc.rules) * 1:48155 <-> DISABLED <-> MALWARE-CNC JS.Trojan.Generic variant outbound connection (malware-cnc.rules) * 1:48156 <-> DISABLED <-> MALWARE-CNC JS.Trojan.Generic variant outbound connection (malware-cnc.rules) * 1:48157 <-> DISABLED <-> MALWARE-CNC JS.Trojan.Generic variant outbound connection (malware-cnc.rules) * 1:48154 <-> DISABLED <-> MALWARE-CNC JS.Trojan.Generic variant outbound connection (malware-cnc.rules) * 1:48151 <-> DISABLED <-> MALWARE-CNC JS.Trojan.Generic malicious file download (malware-cnc.rules) * 1:48153 <-> DISABLED <-> MALWARE-CNC JS.Trojan.Generic variant outbound connection (malware-cnc.rules) * 3:50908 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2019-0885 attack attempt (server-other.rules)
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2091101.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:64730 <-> DISABLED <-> SERVER-APACHE Apache Tomcat potential TOCTOU race condition trigger attempt (server-apache.rules) * 1:64729 <-> DISABLED <-> PROTOCOL-OTHER Digium Asterisk Skinny Channel OffHook message detected (protocol-other.rules) * 1:64734 <-> DISABLED <-> SERVER-WEBAPP Progress WhatsUp Gold remote code execution attempt (server-webapp.rules) * 1:64731 <-> DISABLED <-> SERVER-WEBAPP Multiple products potential JSP webshell upload attempt (server-webapp.rules) * 1:64723 <-> ENABLED <-> SERVER-WEBAPP Edimax IC-7100 IP Camera command injection attempt (server-webapp.rules) * 1:64725 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.DarkSide phishing attempt (malware-other.rules) * 1:64727 <-> DISABLED <-> PROTOCOL-OTHER Digium Asterisk Skinny Channel OnHook message detected (protocol-other.rules) * 1:64722 <-> ENABLED <-> SERVER-WEBAPP Edimax IC-7100 IP Camera command injection attempt (server-webapp.rules) * 1:64724 <-> ENABLED <-> SERVER-WEBAPP Edimax IC-7100 IP Camera command injection attempt (server-webapp.rules) * 1:64726 <-> ENABLED <-> SERVER-WEBAPP NAKIVO Director arbitrary file read attempt (server-webapp.rules) * 1:64732 <-> DISABLED <-> SERVER-WEBAPP Trend Micro OfficeScan directory traversal attempt (server-webapp.rules) * 1:64728 <-> DISABLED <-> PROTOCOL-OTHER Digium Asterisk Skinny Channel denial of service attempt (protocol-other.rules) * 1:64736 <-> ENABLED <-> SERVER-WEBAPP SAP NetWeaver local file inclusion attempt (server-webapp.rules) * 1:64733 <-> DISABLED <-> POLICY-OTHER Progress WhatsUp Gold potential credential leak attempt (policy-other.rules) * 1:64721 <-> ENABLED <-> SERVER-WEBAPP Edimax IC-7100 IP Camera command injection attempt (server-webapp.rules) * 1:64735 <-> ENABLED <-> SERVER-WEBAPP SAP NetWeaver local file inclusion attempt (server-webapp.rules) * 3:64737 <-> ENABLED <-> OS-OTHER TRUFFLEHUNTER TALOS-2025-2158 attack attempt (os-other.rules) * 3:64738 <-> ENABLED <-> OS-OTHER TRUFFLEHUNTER TALOS-2025-2158 attack attempt (os-other.rules)
* 1:48151 <-> DISABLED <-> MALWARE-CNC JS.Trojan.Generic malicious file download (malware-cnc.rules) * 1:48152 <-> DISABLED <-> MALWARE-CNC JS.Trojan.Generic malicious file download (malware-cnc.rules) * 1:48155 <-> DISABLED <-> MALWARE-CNC JS.Trojan.Generic variant outbound connection (malware-cnc.rules) * 1:48156 <-> DISABLED <-> MALWARE-CNC JS.Trojan.Generic variant outbound connection (malware-cnc.rules) * 1:48153 <-> DISABLED <-> MALWARE-CNC JS.Trojan.Generic variant outbound connection (malware-cnc.rules) * 1:48157 <-> DISABLED <-> MALWARE-CNC JS.Trojan.Generic variant outbound connection (malware-cnc.rules) * 1:48154 <-> DISABLED <-> MALWARE-CNC JS.Trojan.Generic variant outbound connection (malware-cnc.rules) * 3:50908 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2019-0885 attack attempt (server-other.rules)
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.0.0.0.
The format of the file is:
gid:sid <-> Message
* 1:64721 <-> SERVER-WEBAPP Edimax IC-7100 IP Camera command injection attempt * 1:64722 <-> SERVER-WEBAPP Edimax IC-7100 IP Camera command injection attempt * 1:64723 <-> SERVER-WEBAPP Edimax IC-7100 IP Camera command injection attempt * 1:64724 <-> SERVER-WEBAPP Edimax IC-7100 IP Camera command injection attempt * 1:64725 <-> MALWARE-OTHER Win.Ransomware.DarkSide phishing attempt * 1:64726 <-> SERVER-WEBAPP NAKIVO Director arbitrary file read attempt * 1:64727 <-> PROTOCOL-OTHER Digium Asterisk Skinny Channel OnHook message detected * 1:64728 <-> PROTOCOL-OTHER Digium Asterisk Skinny Channel denial of service attempt * 1:64729 <-> PROTOCOL-OTHER Digium Asterisk Skinny Channel OffHook message detected * 1:64730 <-> SERVER-APACHE Apache Tomcat potential TOCTOU race condition trigger attempt * 1:64731 <-> SERVER-WEBAPP Multiple products potential JSP webshell upload attempt * 1:64732 <-> SERVER-WEBAPP Trend Micro OfficeScan directory traversal attempt * 1:64733 <-> POLICY-OTHER Progress WhatsUp Gold potential credential leak attempt * 1:64734 <-> SERVER-WEBAPP Progress WhatsUp Gold remote code execution attempt * 1:64735 <-> SERVER-WEBAPP SAP NetWeaver local file inclusion attempt * 1:64736 <-> SERVER-WEBAPP SAP NetWeaver local file inclusion attempt * 3:64737 <-> OS-OTHER TRUFFLEHUNTER TALOS-2025-2158 attack attempt * 3:64738 <-> OS-OTHER TRUFFLEHUNTER TALOS-2025-2158 attack attempt
* 1:48151 <-> MALWARE-CNC JS.Trojan.Generic malicious file download * 1:48152 <-> MALWARE-CNC JS.Trojan.Generic malicious file download * 1:48153 <-> MALWARE-CNC JS.Trojan.Generic variant outbound connection * 1:48154 <-> MALWARE-CNC JS.Trojan.Generic variant outbound connection * 1:48155 <-> MALWARE-CNC JS.Trojan.Generic variant outbound connection * 1:48156 <-> MALWARE-CNC JS.Trojan.Generic variant outbound connection * 1:48157 <-> MALWARE-CNC JS.Trojan.Generic variant outbound connection * 3:50908 <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2019-0885 attack attempt
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.0.3.1.
The format of the file is:
gid:sid <-> Message
* 1:64721 <-> SERVER-WEBAPP Edimax IC-7100 IP Camera command injection attempt * 1:64722 <-> SERVER-WEBAPP Edimax IC-7100 IP Camera command injection attempt * 1:64723 <-> SERVER-WEBAPP Edimax IC-7100 IP Camera command injection attempt * 1:64724 <-> SERVER-WEBAPP Edimax IC-7100 IP Camera command injection attempt * 1:64725 <-> MALWARE-OTHER Win.Ransomware.DarkSide phishing attempt * 1:64726 <-> SERVER-WEBAPP NAKIVO Director arbitrary file read attempt * 1:64727 <-> PROTOCOL-OTHER Digium Asterisk Skinny Channel OnHook message detected * 1:64728 <-> PROTOCOL-OTHER Digium Asterisk Skinny Channel denial of service attempt * 1:64729 <-> PROTOCOL-OTHER Digium Asterisk Skinny Channel OffHook message detected * 1:64730 <-> SERVER-APACHE Apache Tomcat potential TOCTOU race condition trigger attempt * 1:64731 <-> SERVER-WEBAPP Multiple products potential JSP webshell upload attempt * 1:64732 <-> SERVER-WEBAPP Trend Micro OfficeScan directory traversal attempt * 1:64733 <-> POLICY-OTHER Progress WhatsUp Gold potential credential leak attempt * 1:64734 <-> SERVER-WEBAPP Progress WhatsUp Gold remote code execution attempt * 1:64735 <-> SERVER-WEBAPP SAP NetWeaver local file inclusion attempt * 1:64736 <-> SERVER-WEBAPP SAP NetWeaver local file inclusion attempt * 3:64737 <-> OS-OTHER TRUFFLEHUNTER TALOS-2025-2158 attack attempt * 3:64738 <-> OS-OTHER TRUFFLEHUNTER TALOS-2025-2158 attack attempt
* 1:48151 <-> MALWARE-CNC JS.Trojan.Generic malicious file download * 1:48152 <-> MALWARE-CNC JS.Trojan.Generic malicious file download * 1:48153 <-> MALWARE-CNC JS.Trojan.Generic variant outbound connection * 1:48154 <-> MALWARE-CNC JS.Trojan.Generic variant outbound connection * 1:48155 <-> MALWARE-CNC JS.Trojan.Generic variant outbound connection * 1:48156 <-> MALWARE-CNC JS.Trojan.Generic variant outbound connection * 1:48157 <-> MALWARE-CNC JS.Trojan.Generic variant outbound connection * 3:50908 <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2019-0885 attack attempt
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.0.3.4.
The format of the file is:
gid:sid <-> Message
* 1:64721 <-> SERVER-WEBAPP Edimax IC-7100 IP Camera command injection attempt * 1:64722 <-> SERVER-WEBAPP Edimax IC-7100 IP Camera command injection attempt * 1:64723 <-> SERVER-WEBAPP Edimax IC-7100 IP Camera command injection attempt * 1:64724 <-> SERVER-WEBAPP Edimax IC-7100 IP Camera command injection attempt * 1:64725 <-> MALWARE-OTHER Win.Ransomware.DarkSide phishing attempt * 1:64726 <-> SERVER-WEBAPP NAKIVO Director arbitrary file read attempt * 1:64727 <-> PROTOCOL-OTHER Digium Asterisk Skinny Channel OnHook message detected * 1:64728 <-> PROTOCOL-OTHER Digium Asterisk Skinny Channel denial of service attempt * 1:64729 <-> PROTOCOL-OTHER Digium Asterisk Skinny Channel OffHook message detected * 1:64730 <-> SERVER-APACHE Apache Tomcat potential TOCTOU race condition trigger attempt * 1:64731 <-> SERVER-WEBAPP Multiple products potential JSP webshell upload attempt * 1:64732 <-> SERVER-WEBAPP Trend Micro OfficeScan directory traversal attempt * 1:64733 <-> POLICY-OTHER Progress WhatsUp Gold potential credential leak attempt * 1:64734 <-> SERVER-WEBAPP Progress WhatsUp Gold remote code execution attempt * 1:64735 <-> SERVER-WEBAPP SAP NetWeaver local file inclusion attempt * 1:64736 <-> SERVER-WEBAPP SAP NetWeaver local file inclusion attempt * 3:64737 <-> OS-OTHER TRUFFLEHUNTER TALOS-2025-2158 attack attempt * 3:64738 <-> OS-OTHER TRUFFLEHUNTER TALOS-2025-2158 attack attempt
* 1:48151 <-> MALWARE-CNC JS.Trojan.Generic malicious file download * 1:48152 <-> MALWARE-CNC JS.Trojan.Generic malicious file download * 1:48153 <-> MALWARE-CNC JS.Trojan.Generic variant outbound connection * 1:48154 <-> MALWARE-CNC JS.Trojan.Generic variant outbound connection * 1:48155 <-> MALWARE-CNC JS.Trojan.Generic variant outbound connection * 1:48156 <-> MALWARE-CNC JS.Trojan.Generic variant outbound connection * 1:48157 <-> MALWARE-CNC JS.Trojan.Generic variant outbound connection * 3:50908 <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2019-0885 attack attempt
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.0.0.
The format of the file is:
gid:sid <-> Message
* 1:64721 <-> SERVER-WEBAPP Edimax IC-7100 IP Camera command injection attempt * 1:64722 <-> SERVER-WEBAPP Edimax IC-7100 IP Camera command injection attempt * 1:64723 <-> SERVER-WEBAPP Edimax IC-7100 IP Camera command injection attempt * 1:64724 <-> SERVER-WEBAPP Edimax IC-7100 IP Camera command injection attempt * 1:64725 <-> MALWARE-OTHER Win.Ransomware.DarkSide phishing attempt * 1:64726 <-> SERVER-WEBAPP NAKIVO Director arbitrary file read attempt * 1:64727 <-> PROTOCOL-OTHER Digium Asterisk Skinny Channel OnHook message detected * 1:64728 <-> PROTOCOL-OTHER Digium Asterisk Skinny Channel denial of service attempt * 1:64729 <-> PROTOCOL-OTHER Digium Asterisk Skinny Channel OffHook message detected * 1:64730 <-> SERVER-APACHE Apache Tomcat potential TOCTOU race condition trigger attempt * 1:64731 <-> SERVER-WEBAPP Multiple products potential JSP webshell upload attempt * 1:64732 <-> SERVER-WEBAPP Trend Micro OfficeScan directory traversal attempt * 1:64733 <-> POLICY-OTHER Progress WhatsUp Gold potential credential leak attempt * 1:64734 <-> SERVER-WEBAPP Progress WhatsUp Gold remote code execution attempt * 1:64735 <-> SERVER-WEBAPP SAP NetWeaver local file inclusion attempt * 1:64736 <-> SERVER-WEBAPP SAP NetWeaver local file inclusion attempt * 3:64737 <-> OS-OTHER TRUFFLEHUNTER TALOS-2025-2158 attack attempt * 3:64738 <-> OS-OTHER TRUFFLEHUNTER TALOS-2025-2158 attack attempt
* 1:48151 <-> MALWARE-CNC JS.Trojan.Generic malicious file download * 1:48152 <-> MALWARE-CNC JS.Trojan.Generic malicious file download * 1:48153 <-> MALWARE-CNC JS.Trojan.Generic variant outbound connection * 1:48154 <-> MALWARE-CNC JS.Trojan.Generic variant outbound connection * 1:48155 <-> MALWARE-CNC JS.Trojan.Generic variant outbound connection * 1:48156 <-> MALWARE-CNC JS.Trojan.Generic variant outbound connection * 1:48157 <-> MALWARE-CNC JS.Trojan.Generic variant outbound connection * 3:50908 <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2019-0885 attack attempt
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.0.1.
The format of the file is:
gid:sid <-> Message
* 1:64721 <-> SERVER-WEBAPP Edimax IC-7100 IP Camera command injection attempt * 1:64722 <-> SERVER-WEBAPP Edimax IC-7100 IP Camera command injection attempt * 1:64723 <-> SERVER-WEBAPP Edimax IC-7100 IP Camera command injection attempt * 1:64724 <-> SERVER-WEBAPP Edimax IC-7100 IP Camera command injection attempt * 1:64725 <-> MALWARE-OTHER Win.Ransomware.DarkSide phishing attempt * 1:64726 <-> SERVER-WEBAPP NAKIVO Director arbitrary file read attempt * 1:64727 <-> PROTOCOL-OTHER Digium Asterisk Skinny Channel OnHook message detected * 1:64728 <-> PROTOCOL-OTHER Digium Asterisk Skinny Channel denial of service attempt * 1:64729 <-> PROTOCOL-OTHER Digium Asterisk Skinny Channel OffHook message detected * 1:64730 <-> SERVER-APACHE Apache Tomcat potential TOCTOU race condition trigger attempt * 1:64731 <-> SERVER-WEBAPP Multiple products potential JSP webshell upload attempt * 1:64732 <-> SERVER-WEBAPP Trend Micro OfficeScan directory traversal attempt * 1:64733 <-> POLICY-OTHER Progress WhatsUp Gold potential credential leak attempt * 1:64734 <-> SERVER-WEBAPP Progress WhatsUp Gold remote code execution attempt * 1:64735 <-> SERVER-WEBAPP SAP NetWeaver local file inclusion attempt * 1:64736 <-> SERVER-WEBAPP SAP NetWeaver local file inclusion attempt * 3:64737 <-> OS-OTHER TRUFFLEHUNTER TALOS-2025-2158 attack attempt * 3:64738 <-> OS-OTHER TRUFFLEHUNTER TALOS-2025-2158 attack attempt
* 1:48151 <-> MALWARE-CNC JS.Trojan.Generic malicious file download * 1:48152 <-> MALWARE-CNC JS.Trojan.Generic malicious file download * 1:48153 <-> MALWARE-CNC JS.Trojan.Generic variant outbound connection * 1:48154 <-> MALWARE-CNC JS.Trojan.Generic variant outbound connection * 1:48155 <-> MALWARE-CNC JS.Trojan.Generic variant outbound connection * 1:48156 <-> MALWARE-CNC JS.Trojan.Generic variant outbound connection * 1:48157 <-> MALWARE-CNC JS.Trojan.Generic variant outbound connection * 3:50908 <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2019-0885 attack attempt
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.1.0.
The format of the file is:
gid:sid <-> Message
* 1:64721 <-> SERVER-WEBAPP Edimax IC-7100 IP Camera command injection attempt * 1:64722 <-> SERVER-WEBAPP Edimax IC-7100 IP Camera command injection attempt * 1:64723 <-> SERVER-WEBAPP Edimax IC-7100 IP Camera command injection attempt * 1:64724 <-> SERVER-WEBAPP Edimax IC-7100 IP Camera command injection attempt * 1:64725 <-> MALWARE-OTHER Win.Ransomware.DarkSide phishing attempt * 1:64726 <-> SERVER-WEBAPP NAKIVO Director arbitrary file read attempt * 1:64727 <-> PROTOCOL-OTHER Digium Asterisk Skinny Channel OnHook message detected * 1:64728 <-> PROTOCOL-OTHER Digium Asterisk Skinny Channel denial of service attempt * 1:64729 <-> PROTOCOL-OTHER Digium Asterisk Skinny Channel OffHook message detected * 1:64730 <-> SERVER-APACHE Apache Tomcat potential TOCTOU race condition trigger attempt * 1:64731 <-> SERVER-WEBAPP Multiple products potential JSP webshell upload attempt * 1:64732 <-> SERVER-WEBAPP Trend Micro OfficeScan directory traversal attempt * 1:64733 <-> POLICY-OTHER Progress WhatsUp Gold potential credential leak attempt * 1:64734 <-> SERVER-WEBAPP Progress WhatsUp Gold remote code execution attempt * 1:64735 <-> SERVER-WEBAPP SAP NetWeaver local file inclusion attempt * 1:64736 <-> SERVER-WEBAPP SAP NetWeaver local file inclusion attempt * 3:64737 <-> OS-OTHER TRUFFLEHUNTER TALOS-2025-2158 attack attempt * 3:64738 <-> OS-OTHER TRUFFLEHUNTER TALOS-2025-2158 attack attempt
* 1:48151 <-> MALWARE-CNC JS.Trojan.Generic malicious file download * 1:48152 <-> MALWARE-CNC JS.Trojan.Generic malicious file download * 1:48153 <-> MALWARE-CNC JS.Trojan.Generic variant outbound connection * 1:48154 <-> MALWARE-CNC JS.Trojan.Generic variant outbound connection * 1:48155 <-> MALWARE-CNC JS.Trojan.Generic variant outbound connection * 1:48156 <-> MALWARE-CNC JS.Trojan.Generic variant outbound connection * 1:48157 <-> MALWARE-CNC JS.Trojan.Generic variant outbound connection * 3:50908 <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2019-0885 attack attempt
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.3.0.
The format of the file is:
gid:sid <-> Message
* 1:64721 <-> SERVER-WEBAPP Edimax IC-7100 IP Camera command injection attempt * 1:64722 <-> SERVER-WEBAPP Edimax IC-7100 IP Camera command injection attempt * 1:64723 <-> SERVER-WEBAPP Edimax IC-7100 IP Camera command injection attempt * 1:64724 <-> SERVER-WEBAPP Edimax IC-7100 IP Camera command injection attempt * 1:64725 <-> MALWARE-OTHER Win.Ransomware.DarkSide phishing attempt * 1:64726 <-> SERVER-WEBAPP NAKIVO Director arbitrary file read attempt * 1:64727 <-> PROTOCOL-OTHER Digium Asterisk Skinny Channel OnHook message detected * 1:64728 <-> PROTOCOL-OTHER Digium Asterisk Skinny Channel denial of service attempt * 1:64729 <-> PROTOCOL-OTHER Digium Asterisk Skinny Channel OffHook message detected * 1:64730 <-> SERVER-APACHE Apache Tomcat potential TOCTOU race condition trigger attempt * 1:64731 <-> SERVER-WEBAPP Multiple products potential JSP webshell upload attempt * 1:64732 <-> SERVER-WEBAPP Trend Micro OfficeScan directory traversal attempt * 1:64733 <-> POLICY-OTHER Progress WhatsUp Gold potential credential leak attempt * 1:64734 <-> SERVER-WEBAPP Progress WhatsUp Gold remote code execution attempt * 1:64735 <-> SERVER-WEBAPP SAP NetWeaver local file inclusion attempt * 1:64736 <-> SERVER-WEBAPP SAP NetWeaver local file inclusion attempt * 3:64737 <-> OS-OTHER TRUFFLEHUNTER TALOS-2025-2158 attack attempt * 3:64738 <-> OS-OTHER TRUFFLEHUNTER TALOS-2025-2158 attack attempt
* 1:48151 <-> MALWARE-CNC JS.Trojan.Generic malicious file download * 1:48152 <-> MALWARE-CNC JS.Trojan.Generic malicious file download * 1:48153 <-> MALWARE-CNC JS.Trojan.Generic variant outbound connection * 1:48154 <-> MALWARE-CNC JS.Trojan.Generic variant outbound connection * 1:48155 <-> MALWARE-CNC JS.Trojan.Generic variant outbound connection * 1:48156 <-> MALWARE-CNC JS.Trojan.Generic variant outbound connection * 1:48157 <-> MALWARE-CNC JS.Trojan.Generic variant outbound connection * 3:50908 <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2019-0885 attack attempt
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.4.0.
The format of the file is:
gid:sid <-> Message
* 1:64721 <-> SERVER-WEBAPP Edimax IC-7100 IP Camera command injection attempt * 1:64722 <-> SERVER-WEBAPP Edimax IC-7100 IP Camera command injection attempt * 1:64723 <-> SERVER-WEBAPP Edimax IC-7100 IP Camera command injection attempt * 1:64724 <-> SERVER-WEBAPP Edimax IC-7100 IP Camera command injection attempt * 1:64725 <-> MALWARE-OTHER Win.Ransomware.DarkSide phishing attempt * 1:64726 <-> SERVER-WEBAPP NAKIVO Director arbitrary file read attempt * 1:64727 <-> PROTOCOL-OTHER Digium Asterisk Skinny Channel OnHook message detected * 1:64728 <-> PROTOCOL-OTHER Digium Asterisk Skinny Channel denial of service attempt * 1:64729 <-> PROTOCOL-OTHER Digium Asterisk Skinny Channel OffHook message detected * 1:64730 <-> SERVER-APACHE Apache Tomcat potential TOCTOU race condition trigger attempt * 1:64731 <-> SERVER-WEBAPP Multiple products potential JSP webshell upload attempt * 1:64732 <-> SERVER-WEBAPP Trend Micro OfficeScan directory traversal attempt * 1:64733 <-> POLICY-OTHER Progress WhatsUp Gold potential credential leak attempt * 1:64734 <-> SERVER-WEBAPP Progress WhatsUp Gold remote code execution attempt * 1:64735 <-> SERVER-WEBAPP SAP NetWeaver local file inclusion attempt * 1:64736 <-> SERVER-WEBAPP SAP NetWeaver local file inclusion attempt * 3:64737 <-> OS-OTHER TRUFFLEHUNTER TALOS-2025-2158 attack attempt * 3:64738 <-> OS-OTHER TRUFFLEHUNTER TALOS-2025-2158 attack attempt
* 1:48151 <-> MALWARE-CNC JS.Trojan.Generic malicious file download * 1:48152 <-> MALWARE-CNC JS.Trojan.Generic malicious file download * 1:48153 <-> MALWARE-CNC JS.Trojan.Generic variant outbound connection * 1:48154 <-> MALWARE-CNC JS.Trojan.Generic variant outbound connection * 1:48155 <-> MALWARE-CNC JS.Trojan.Generic variant outbound connection * 1:48156 <-> MALWARE-CNC JS.Trojan.Generic variant outbound connection * 1:48157 <-> MALWARE-CNC JS.Trojan.Generic variant outbound connection * 3:50908 <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2019-0885 attack attempt
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.5.0.
The format of the file is:
gid:sid <-> Message
* 1:64721 <-> SERVER-WEBAPP Edimax IC-7100 IP Camera command injection attempt * 1:64722 <-> SERVER-WEBAPP Edimax IC-7100 IP Camera command injection attempt * 1:64723 <-> SERVER-WEBAPP Edimax IC-7100 IP Camera command injection attempt * 1:64724 <-> SERVER-WEBAPP Edimax IC-7100 IP Camera command injection attempt * 1:64725 <-> MALWARE-OTHER Win.Ransomware.DarkSide phishing attempt * 1:64726 <-> SERVER-WEBAPP NAKIVO Director arbitrary file read attempt * 1:64727 <-> PROTOCOL-OTHER Digium Asterisk Skinny Channel OnHook message detected * 1:64728 <-> PROTOCOL-OTHER Digium Asterisk Skinny Channel denial of service attempt * 1:64729 <-> PROTOCOL-OTHER Digium Asterisk Skinny Channel OffHook message detected * 1:64730 <-> SERVER-APACHE Apache Tomcat potential TOCTOU race condition trigger attempt * 1:64731 <-> SERVER-WEBAPP Multiple products potential JSP webshell upload attempt * 1:64732 <-> SERVER-WEBAPP Trend Micro OfficeScan directory traversal attempt * 1:64733 <-> POLICY-OTHER Progress WhatsUp Gold potential credential leak attempt * 1:64734 <-> SERVER-WEBAPP Progress WhatsUp Gold remote code execution attempt * 1:64735 <-> SERVER-WEBAPP SAP NetWeaver local file inclusion attempt * 1:64736 <-> SERVER-WEBAPP SAP NetWeaver local file inclusion attempt * 3:64737 <-> OS-OTHER TRUFFLEHUNTER TALOS-2025-2158 attack attempt * 3:64738 <-> OS-OTHER TRUFFLEHUNTER TALOS-2025-2158 attack attempt
* 1:48151 <-> MALWARE-CNC JS.Trojan.Generic malicious file download * 1:48152 <-> MALWARE-CNC JS.Trojan.Generic malicious file download * 1:48153 <-> MALWARE-CNC JS.Trojan.Generic variant outbound connection * 1:48154 <-> MALWARE-CNC JS.Trojan.Generic variant outbound connection * 1:48155 <-> MALWARE-CNC JS.Trojan.Generic variant outbound connection * 1:48156 <-> MALWARE-CNC JS.Trojan.Generic variant outbound connection * 1:48157 <-> MALWARE-CNC JS.Trojan.Generic variant outbound connection * 3:50908 <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2019-0885 attack attempt
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.7.0.
The format of the file is:
gid:sid <-> Message
* 1:64721 <-> SERVER-WEBAPP Edimax IC-7100 IP Camera command injection attempt * 1:64722 <-> SERVER-WEBAPP Edimax IC-7100 IP Camera command injection attempt * 1:64723 <-> SERVER-WEBAPP Edimax IC-7100 IP Camera command injection attempt * 1:64724 <-> SERVER-WEBAPP Edimax IC-7100 IP Camera command injection attempt * 1:64725 <-> MALWARE-OTHER Win.Ransomware.DarkSide phishing attempt * 1:64726 <-> SERVER-WEBAPP NAKIVO Director arbitrary file read attempt * 1:64727 <-> PROTOCOL-OTHER Digium Asterisk Skinny Channel OnHook message detected * 1:64728 <-> PROTOCOL-OTHER Digium Asterisk Skinny Channel denial of service attempt * 1:64729 <-> PROTOCOL-OTHER Digium Asterisk Skinny Channel OffHook message detected * 1:64730 <-> SERVER-APACHE Apache Tomcat potential TOCTOU race condition trigger attempt * 1:64731 <-> SERVER-WEBAPP Multiple products potential JSP webshell upload attempt * 1:64732 <-> SERVER-WEBAPP Trend Micro OfficeScan directory traversal attempt * 1:64733 <-> POLICY-OTHER Progress WhatsUp Gold potential credential leak attempt * 1:64734 <-> SERVER-WEBAPP Progress WhatsUp Gold remote code execution attempt * 1:64735 <-> SERVER-WEBAPP SAP NetWeaver local file inclusion attempt * 1:64736 <-> SERVER-WEBAPP SAP NetWeaver local file inclusion attempt * 3:64737 <-> OS-OTHER TRUFFLEHUNTER TALOS-2025-2158 attack attempt * 3:64738 <-> OS-OTHER TRUFFLEHUNTER TALOS-2025-2158 attack attempt
* 1:48151 <-> MALWARE-CNC JS.Trojan.Generic malicious file download * 1:48152 <-> MALWARE-CNC JS.Trojan.Generic malicious file download * 1:48153 <-> MALWARE-CNC JS.Trojan.Generic variant outbound connection * 1:48154 <-> MALWARE-CNC JS.Trojan.Generic variant outbound connection * 1:48155 <-> MALWARE-CNC JS.Trojan.Generic variant outbound connection * 1:48156 <-> MALWARE-CNC JS.Trojan.Generic variant outbound connection * 1:48157 <-> MALWARE-CNC JS.Trojan.Generic variant outbound connection * 3:50908 <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2019-0885 attack attempt
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.9.0.
The format of the file is:
gid:sid <-> Message
* 1:64721 <-> SERVER-WEBAPP Edimax IC-7100 IP Camera command injection attempt * 1:64722 <-> SERVER-WEBAPP Edimax IC-7100 IP Camera command injection attempt * 1:64723 <-> SERVER-WEBAPP Edimax IC-7100 IP Camera command injection attempt * 1:64724 <-> SERVER-WEBAPP Edimax IC-7100 IP Camera command injection attempt * 1:64725 <-> MALWARE-OTHER Win.Ransomware.DarkSide phishing attempt * 1:64726 <-> SERVER-WEBAPP NAKIVO Director arbitrary file read attempt * 1:64727 <-> PROTOCOL-OTHER Digium Asterisk Skinny Channel OnHook message detected * 1:64728 <-> PROTOCOL-OTHER Digium Asterisk Skinny Channel denial of service attempt * 1:64729 <-> PROTOCOL-OTHER Digium Asterisk Skinny Channel OffHook message detected * 1:64730 <-> SERVER-APACHE Apache Tomcat potential TOCTOU race condition trigger attempt * 1:64731 <-> SERVER-WEBAPP Multiple products potential JSP webshell upload attempt * 1:64732 <-> SERVER-WEBAPP Trend Micro OfficeScan directory traversal attempt * 1:64733 <-> POLICY-OTHER Progress WhatsUp Gold potential credential leak attempt * 1:64734 <-> SERVER-WEBAPP Progress WhatsUp Gold remote code execution attempt * 1:64735 <-> SERVER-WEBAPP SAP NetWeaver local file inclusion attempt * 1:64736 <-> SERVER-WEBAPP SAP NetWeaver local file inclusion attempt * 3:64737 <-> OS-OTHER TRUFFLEHUNTER TALOS-2025-2158 attack attempt * 3:64738 <-> OS-OTHER TRUFFLEHUNTER TALOS-2025-2158 attack attempt
* 1:48151 <-> MALWARE-CNC JS.Trojan.Generic malicious file download * 1:48152 <-> MALWARE-CNC JS.Trojan.Generic malicious file download * 1:48153 <-> MALWARE-CNC JS.Trojan.Generic variant outbound connection * 1:48154 <-> MALWARE-CNC JS.Trojan.Generic variant outbound connection * 1:48155 <-> MALWARE-CNC JS.Trojan.Generic variant outbound connection * 1:48156 <-> MALWARE-CNC JS.Trojan.Generic variant outbound connection * 1:48157 <-> MALWARE-CNC JS.Trojan.Generic variant outbound connection * 3:50908 <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2019-0885 attack attempt
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.2.0.0.
The format of the file is:
gid:sid <-> Message
* 1:64721 <-> SERVER-WEBAPP Edimax IC-7100 IP Camera command injection attempt * 1:64722 <-> SERVER-WEBAPP Edimax IC-7100 IP Camera command injection attempt * 1:64723 <-> SERVER-WEBAPP Edimax IC-7100 IP Camera command injection attempt * 1:64724 <-> SERVER-WEBAPP Edimax IC-7100 IP Camera command injection attempt * 1:64725 <-> MALWARE-OTHER Win.Ransomware.DarkSide phishing attempt * 1:64726 <-> SERVER-WEBAPP NAKIVO Director arbitrary file read attempt * 1:64727 <-> PROTOCOL-OTHER Digium Asterisk Skinny Channel OnHook message detected * 1:64728 <-> PROTOCOL-OTHER Digium Asterisk Skinny Channel denial of service attempt * 1:64729 <-> PROTOCOL-OTHER Digium Asterisk Skinny Channel OffHook message detected * 1:64730 <-> SERVER-APACHE Apache Tomcat potential TOCTOU race condition trigger attempt * 1:64731 <-> SERVER-WEBAPP Multiple products potential JSP webshell upload attempt * 1:64732 <-> SERVER-WEBAPP Trend Micro OfficeScan directory traversal attempt * 1:64733 <-> POLICY-OTHER Progress WhatsUp Gold potential credential leak attempt * 1:64734 <-> SERVER-WEBAPP Progress WhatsUp Gold remote code execution attempt * 1:64735 <-> SERVER-WEBAPP SAP NetWeaver local file inclusion attempt * 1:64736 <-> SERVER-WEBAPP SAP NetWeaver local file inclusion attempt * 3:64737 <-> OS-OTHER TRUFFLEHUNTER TALOS-2025-2158 attack attempt * 3:64738 <-> OS-OTHER TRUFFLEHUNTER TALOS-2025-2158 attack attempt
* 1:48151 <-> MALWARE-CNC JS.Trojan.Generic malicious file download * 1:48152 <-> MALWARE-CNC JS.Trojan.Generic malicious file download * 1:48153 <-> MALWARE-CNC JS.Trojan.Generic variant outbound connection * 1:48154 <-> MALWARE-CNC JS.Trojan.Generic variant outbound connection * 1:48155 <-> MALWARE-CNC JS.Trojan.Generic variant outbound connection * 1:48156 <-> MALWARE-CNC JS.Trojan.Generic variant outbound connection * 1:48157 <-> MALWARE-CNC JS.Trojan.Generic variant outbound connection * 3:50908 <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2019-0885 attack attempt
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.7.0.0.
The format of the file is:
gid:sid <-> Message
* 1:64721 <-> SERVER-WEBAPP Edimax IC-7100 IP Camera command injection attempt * 1:64722 <-> SERVER-WEBAPP Edimax IC-7100 IP Camera command injection attempt * 1:64723 <-> SERVER-WEBAPP Edimax IC-7100 IP Camera command injection attempt * 1:64724 <-> SERVER-WEBAPP Edimax IC-7100 IP Camera command injection attempt * 1:64725 <-> MALWARE-OTHER Win.Ransomware.DarkSide phishing attempt * 1:64726 <-> SERVER-WEBAPP NAKIVO Director arbitrary file read attempt * 1:64727 <-> PROTOCOL-OTHER Digium Asterisk Skinny Channel OnHook message detected * 1:64728 <-> PROTOCOL-OTHER Digium Asterisk Skinny Channel denial of service attempt * 1:64729 <-> PROTOCOL-OTHER Digium Asterisk Skinny Channel OffHook message detected * 1:64730 <-> SERVER-APACHE Apache Tomcat potential TOCTOU race condition trigger attempt * 1:64731 <-> SERVER-WEBAPP Multiple products potential JSP webshell upload attempt * 1:64732 <-> SERVER-WEBAPP Trend Micro OfficeScan directory traversal attempt * 1:64733 <-> POLICY-OTHER Progress WhatsUp Gold potential credential leak attempt * 1:64734 <-> SERVER-WEBAPP Progress WhatsUp Gold remote code execution attempt * 1:64735 <-> SERVER-WEBAPP SAP NetWeaver local file inclusion attempt * 1:64736 <-> SERVER-WEBAPP SAP NetWeaver local file inclusion attempt * 3:64737 <-> OS-OTHER TRUFFLEHUNTER TALOS-2025-2158 attack attempt * 3:64738 <-> OS-OTHER TRUFFLEHUNTER TALOS-2025-2158 attack attempt
* 1:48151 <-> MALWARE-CNC JS.Trojan.Generic malicious file download * 1:48152 <-> MALWARE-CNC JS.Trojan.Generic malicious file download * 1:48153 <-> MALWARE-CNC JS.Trojan.Generic variant outbound connection * 1:48154 <-> MALWARE-CNC JS.Trojan.Generic variant outbound connection * 1:48155 <-> MALWARE-CNC JS.Trojan.Generic variant outbound connection * 1:48156 <-> MALWARE-CNC JS.Trojan.Generic variant outbound connection * 1:48157 <-> MALWARE-CNC JS.Trojan.Generic variant outbound connection * 3:50908 <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2019-0885 attack attempt
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.11.0.
The format of the file is:
gid:sid <-> Message
* 1:64721 <-> SERVER-WEBAPP Edimax IC-7100 IP Camera command injection attempt * 1:64722 <-> SERVER-WEBAPP Edimax IC-7100 IP Camera command injection attempt * 1:64723 <-> SERVER-WEBAPP Edimax IC-7100 IP Camera command injection attempt * 1:64724 <-> SERVER-WEBAPP Edimax IC-7100 IP Camera command injection attempt * 1:64725 <-> MALWARE-OTHER Win.Ransomware.DarkSide phishing attempt * 1:64726 <-> SERVER-WEBAPP NAKIVO Director arbitrary file read attempt * 1:64727 <-> PROTOCOL-OTHER Digium Asterisk Skinny Channel OnHook message detected * 1:64728 <-> PROTOCOL-OTHER Digium Asterisk Skinny Channel denial of service attempt * 1:64729 <-> PROTOCOL-OTHER Digium Asterisk Skinny Channel OffHook message detected * 1:64730 <-> SERVER-APACHE Apache Tomcat potential TOCTOU race condition trigger attempt * 1:64731 <-> SERVER-WEBAPP Multiple products potential JSP webshell upload attempt * 1:64732 <-> SERVER-WEBAPP Trend Micro OfficeScan directory traversal attempt * 1:64733 <-> POLICY-OTHER Progress WhatsUp Gold potential credential leak attempt * 1:64734 <-> SERVER-WEBAPP Progress WhatsUp Gold remote code execution attempt * 1:64735 <-> SERVER-WEBAPP SAP NetWeaver local file inclusion attempt * 1:64736 <-> SERVER-WEBAPP SAP NetWeaver local file inclusion attempt * 3:64737 <-> OS-OTHER TRUFFLEHUNTER TALOS-2025-2158 attack attempt * 3:64738 <-> OS-OTHER TRUFFLEHUNTER TALOS-2025-2158 attack attempt
* 1:48151 <-> MALWARE-CNC JS.Trojan.Generic malicious file download * 1:48152 <-> MALWARE-CNC JS.Trojan.Generic malicious file download * 1:48153 <-> MALWARE-CNC JS.Trojan.Generic variant outbound connection * 1:48154 <-> MALWARE-CNC JS.Trojan.Generic variant outbound connection * 1:48155 <-> MALWARE-CNC JS.Trojan.Generic variant outbound connection * 1:48156 <-> MALWARE-CNC JS.Trojan.Generic variant outbound connection * 1:48157 <-> MALWARE-CNC JS.Trojan.Generic variant outbound connection * 3:50908 <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2019-0885 attack attempt
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.15.0.
The format of the file is:
gid:sid <-> Message
* 1:64721 <-> SERVER-WEBAPP Edimax IC-7100 IP Camera command injection attempt * 1:64722 <-> SERVER-WEBAPP Edimax IC-7100 IP Camera command injection attempt * 1:64723 <-> SERVER-WEBAPP Edimax IC-7100 IP Camera command injection attempt * 1:64724 <-> SERVER-WEBAPP Edimax IC-7100 IP Camera command injection attempt * 1:64725 <-> MALWARE-OTHER Win.Ransomware.DarkSide phishing attempt * 1:64726 <-> SERVER-WEBAPP NAKIVO Director arbitrary file read attempt * 1:64727 <-> PROTOCOL-OTHER Digium Asterisk Skinny Channel OnHook message detected * 1:64728 <-> PROTOCOL-OTHER Digium Asterisk Skinny Channel denial of service attempt * 1:64729 <-> PROTOCOL-OTHER Digium Asterisk Skinny Channel OffHook message detected * 1:64730 <-> SERVER-APACHE Apache Tomcat potential TOCTOU race condition trigger attempt * 1:64731 <-> SERVER-WEBAPP Multiple products potential JSP webshell upload attempt * 1:64732 <-> SERVER-WEBAPP Trend Micro OfficeScan directory traversal attempt * 1:64733 <-> POLICY-OTHER Progress WhatsUp Gold potential credential leak attempt * 1:64734 <-> SERVER-WEBAPP Progress WhatsUp Gold remote code execution attempt * 1:64735 <-> SERVER-WEBAPP SAP NetWeaver local file inclusion attempt * 1:64736 <-> SERVER-WEBAPP SAP NetWeaver local file inclusion attempt * 3:64737 <-> OS-OTHER TRUFFLEHUNTER TALOS-2025-2158 attack attempt * 3:64738 <-> OS-OTHER TRUFFLEHUNTER TALOS-2025-2158 attack attempt
* 1:48151 <-> MALWARE-CNC JS.Trojan.Generic malicious file download * 1:48152 <-> MALWARE-CNC JS.Trojan.Generic malicious file download * 1:48153 <-> MALWARE-CNC JS.Trojan.Generic variant outbound connection * 1:48154 <-> MALWARE-CNC JS.Trojan.Generic variant outbound connection * 1:48155 <-> MALWARE-CNC JS.Trojan.Generic variant outbound connection * 1:48156 <-> MALWARE-CNC JS.Trojan.Generic variant outbound connection * 1:48157 <-> MALWARE-CNC JS.Trojan.Generic variant outbound connection * 3:50908 <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2019-0885 attack attempt
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.18.0.
The format of the file is:
gid:sid <-> Message
* 1:64721 <-> SERVER-WEBAPP Edimax IC-7100 IP Camera command injection attempt * 1:64722 <-> SERVER-WEBAPP Edimax IC-7100 IP Camera command injection attempt * 1:64723 <-> SERVER-WEBAPP Edimax IC-7100 IP Camera command injection attempt * 1:64724 <-> SERVER-WEBAPP Edimax IC-7100 IP Camera command injection attempt * 1:64725 <-> MALWARE-OTHER Win.Ransomware.DarkSide phishing attempt * 1:64726 <-> SERVER-WEBAPP NAKIVO Director arbitrary file read attempt * 1:64727 <-> PROTOCOL-OTHER Digium Asterisk Skinny Channel OnHook message detected * 1:64728 <-> PROTOCOL-OTHER Digium Asterisk Skinny Channel denial of service attempt * 1:64729 <-> PROTOCOL-OTHER Digium Asterisk Skinny Channel OffHook message detected * 1:64730 <-> SERVER-APACHE Apache Tomcat potential TOCTOU race condition trigger attempt * 1:64731 <-> SERVER-WEBAPP Multiple products potential JSP webshell upload attempt * 1:64732 <-> SERVER-WEBAPP Trend Micro OfficeScan directory traversal attempt * 1:64733 <-> POLICY-OTHER Progress WhatsUp Gold potential credential leak attempt * 1:64734 <-> SERVER-WEBAPP Progress WhatsUp Gold remote code execution attempt * 1:64735 <-> SERVER-WEBAPP SAP NetWeaver local file inclusion attempt * 1:64736 <-> SERVER-WEBAPP SAP NetWeaver local file inclusion attempt * 3:64737 <-> OS-OTHER TRUFFLEHUNTER TALOS-2025-2158 attack attempt * 3:64738 <-> OS-OTHER TRUFFLEHUNTER TALOS-2025-2158 attack attempt
* 1:48151 <-> MALWARE-CNC JS.Trojan.Generic malicious file download * 1:48152 <-> MALWARE-CNC JS.Trojan.Generic malicious file download * 1:48153 <-> MALWARE-CNC JS.Trojan.Generic variant outbound connection * 1:48154 <-> MALWARE-CNC JS.Trojan.Generic variant outbound connection * 1:48155 <-> MALWARE-CNC JS.Trojan.Generic variant outbound connection * 1:48156 <-> MALWARE-CNC JS.Trojan.Generic variant outbound connection * 1:48157 <-> MALWARE-CNC JS.Trojan.Generic variant outbound connection * 3:50908 <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2019-0885 attack attempt
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.20.0.
The format of the file is:
gid:sid <-> Message
* 1:64721 <-> SERVER-WEBAPP Edimax IC-7100 IP Camera command injection attempt * 1:64722 <-> SERVER-WEBAPP Edimax IC-7100 IP Camera command injection attempt * 1:64723 <-> SERVER-WEBAPP Edimax IC-7100 IP Camera command injection attempt * 1:64724 <-> SERVER-WEBAPP Edimax IC-7100 IP Camera command injection attempt * 1:64725 <-> MALWARE-OTHER Win.Ransomware.DarkSide phishing attempt * 1:64726 <-> SERVER-WEBAPP NAKIVO Director arbitrary file read attempt * 1:64727 <-> PROTOCOL-OTHER Digium Asterisk Skinny Channel OnHook message detected * 1:64728 <-> PROTOCOL-OTHER Digium Asterisk Skinny Channel denial of service attempt * 1:64729 <-> PROTOCOL-OTHER Digium Asterisk Skinny Channel OffHook message detected * 1:64730 <-> SERVER-APACHE Apache Tomcat potential TOCTOU race condition trigger attempt * 1:64731 <-> SERVER-WEBAPP Multiple products potential JSP webshell upload attempt * 1:64732 <-> SERVER-WEBAPP Trend Micro OfficeScan directory traversal attempt * 1:64733 <-> POLICY-OTHER Progress WhatsUp Gold potential credential leak attempt * 1:64734 <-> SERVER-WEBAPP Progress WhatsUp Gold remote code execution attempt * 1:64735 <-> SERVER-WEBAPP SAP NetWeaver local file inclusion attempt * 1:64736 <-> SERVER-WEBAPP SAP NetWeaver local file inclusion attempt * 3:64737 <-> OS-OTHER TRUFFLEHUNTER TALOS-2025-2158 attack attempt * 3:64738 <-> OS-OTHER TRUFFLEHUNTER TALOS-2025-2158 attack attempt
* 1:48151 <-> MALWARE-CNC JS.Trojan.Generic malicious file download * 1:48152 <-> MALWARE-CNC JS.Trojan.Generic malicious file download * 1:48153 <-> MALWARE-CNC JS.Trojan.Generic variant outbound connection * 1:48154 <-> MALWARE-CNC JS.Trojan.Generic variant outbound connection * 1:48155 <-> MALWARE-CNC JS.Trojan.Generic variant outbound connection * 1:48156 <-> MALWARE-CNC JS.Trojan.Generic variant outbound connection * 1:48157 <-> MALWARE-CNC JS.Trojan.Generic variant outbound connection * 3:50908 <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2019-0885 attack attempt
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.21.0.
The format of the file is:
gid:sid <-> Message
* 1:64721 <-> SERVER-WEBAPP Edimax IC-7100 IP Camera command injection attempt * 1:64722 <-> SERVER-WEBAPP Edimax IC-7100 IP Camera command injection attempt * 1:64723 <-> SERVER-WEBAPP Edimax IC-7100 IP Camera command injection attempt * 1:64724 <-> SERVER-WEBAPP Edimax IC-7100 IP Camera command injection attempt * 1:64725 <-> MALWARE-OTHER Win.Ransomware.DarkSide phishing attempt * 1:64726 <-> SERVER-WEBAPP NAKIVO Director arbitrary file read attempt * 1:64727 <-> PROTOCOL-OTHER Digium Asterisk Skinny Channel OnHook message detected * 1:64728 <-> PROTOCOL-OTHER Digium Asterisk Skinny Channel denial of service attempt * 1:64729 <-> PROTOCOL-OTHER Digium Asterisk Skinny Channel OffHook message detected * 1:64730 <-> SERVER-APACHE Apache Tomcat potential TOCTOU race condition trigger attempt * 1:64731 <-> SERVER-WEBAPP Multiple products potential JSP webshell upload attempt * 1:64732 <-> SERVER-WEBAPP Trend Micro OfficeScan directory traversal attempt * 1:64733 <-> POLICY-OTHER Progress WhatsUp Gold potential credential leak attempt * 1:64734 <-> SERVER-WEBAPP Progress WhatsUp Gold remote code execution attempt * 1:64735 <-> SERVER-WEBAPP SAP NetWeaver local file inclusion attempt * 1:64736 <-> SERVER-WEBAPP SAP NetWeaver local file inclusion attempt * 3:64737 <-> OS-OTHER TRUFFLEHUNTER TALOS-2025-2158 attack attempt * 3:64738 <-> OS-OTHER TRUFFLEHUNTER TALOS-2025-2158 attack attempt
* 1:48151 <-> MALWARE-CNC JS.Trojan.Generic malicious file download * 1:48152 <-> MALWARE-CNC JS.Trojan.Generic malicious file download * 1:48153 <-> MALWARE-CNC JS.Trojan.Generic variant outbound connection * 1:48154 <-> MALWARE-CNC JS.Trojan.Generic variant outbound connection * 1:48155 <-> MALWARE-CNC JS.Trojan.Generic variant outbound connection * 1:48156 <-> MALWARE-CNC JS.Trojan.Generic variant outbound connection * 1:48157 <-> MALWARE-CNC JS.Trojan.Generic variant outbound connection * 3:50908 <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2019-0885 attack attempt
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.35.0.
The format of the file is:
gid:sid <-> Message
* 1:64721 <-> SERVER-WEBAPP Edimax IC-7100 IP Camera command injection attempt * 1:64722 <-> SERVER-WEBAPP Edimax IC-7100 IP Camera command injection attempt * 1:64723 <-> SERVER-WEBAPP Edimax IC-7100 IP Camera command injection attempt * 1:64724 <-> SERVER-WEBAPP Edimax IC-7100 IP Camera command injection attempt * 1:64725 <-> MALWARE-OTHER Win.Ransomware.DarkSide phishing attempt * 1:64726 <-> SERVER-WEBAPP NAKIVO Director arbitrary file read attempt * 1:64727 <-> PROTOCOL-OTHER Digium Asterisk Skinny Channel OnHook message detected * 1:64728 <-> PROTOCOL-OTHER Digium Asterisk Skinny Channel denial of service attempt * 1:64729 <-> PROTOCOL-OTHER Digium Asterisk Skinny Channel OffHook message detected * 1:64730 <-> SERVER-APACHE Apache Tomcat potential TOCTOU race condition trigger attempt * 1:64731 <-> SERVER-WEBAPP Multiple products potential JSP webshell upload attempt * 1:64732 <-> SERVER-WEBAPP Trend Micro OfficeScan directory traversal attempt * 1:64733 <-> POLICY-OTHER Progress WhatsUp Gold potential credential leak attempt * 1:64734 <-> SERVER-WEBAPP Progress WhatsUp Gold remote code execution attempt * 1:64735 <-> SERVER-WEBAPP SAP NetWeaver local file inclusion attempt * 1:64736 <-> SERVER-WEBAPP SAP NetWeaver local file inclusion attempt * 3:64737 <-> OS-OTHER TRUFFLEHUNTER TALOS-2025-2158 attack attempt * 3:64738 <-> OS-OTHER TRUFFLEHUNTER TALOS-2025-2158 attack attempt
* 1:48151 <-> MALWARE-CNC JS.Trojan.Generic malicious file download * 1:48152 <-> MALWARE-CNC JS.Trojan.Generic malicious file download * 1:48153 <-> MALWARE-CNC JS.Trojan.Generic variant outbound connection * 1:48154 <-> MALWARE-CNC JS.Trojan.Generic variant outbound connection * 1:48155 <-> MALWARE-CNC JS.Trojan.Generic variant outbound connection * 1:48156 <-> MALWARE-CNC JS.Trojan.Generic variant outbound connection * 1:48157 <-> MALWARE-CNC JS.Trojan.Generic variant outbound connection * 3:50908 <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2019-0885 attack attempt
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.44.0.
The format of the file is:
gid:sid <-> Message
* 1:64721 <-> SERVER-WEBAPP Edimax IC-7100 IP Camera command injection attempt * 1:64722 <-> SERVER-WEBAPP Edimax IC-7100 IP Camera command injection attempt * 1:64723 <-> SERVER-WEBAPP Edimax IC-7100 IP Camera command injection attempt * 1:64724 <-> SERVER-WEBAPP Edimax IC-7100 IP Camera command injection attempt * 1:64725 <-> MALWARE-OTHER Win.Ransomware.DarkSide phishing attempt * 1:64726 <-> SERVER-WEBAPP NAKIVO Director arbitrary file read attempt * 1:64727 <-> PROTOCOL-OTHER Digium Asterisk Skinny Channel OnHook message detected * 1:64728 <-> PROTOCOL-OTHER Digium Asterisk Skinny Channel denial of service attempt * 1:64729 <-> PROTOCOL-OTHER Digium Asterisk Skinny Channel OffHook message detected * 1:64730 <-> SERVER-APACHE Apache Tomcat potential TOCTOU race condition trigger attempt * 1:64731 <-> SERVER-WEBAPP Multiple products potential JSP webshell upload attempt * 1:64732 <-> SERVER-WEBAPP Trend Micro OfficeScan directory traversal attempt * 1:64733 <-> POLICY-OTHER Progress WhatsUp Gold potential credential leak attempt * 1:64734 <-> SERVER-WEBAPP Progress WhatsUp Gold remote code execution attempt * 1:64735 <-> SERVER-WEBAPP SAP NetWeaver local file inclusion attempt * 1:64736 <-> SERVER-WEBAPP SAP NetWeaver local file inclusion attempt * 3:64737 <-> OS-OTHER TRUFFLEHUNTER TALOS-2025-2158 attack attempt * 3:64738 <-> OS-OTHER TRUFFLEHUNTER TALOS-2025-2158 attack attempt
* 1:48151 <-> MALWARE-CNC JS.Trojan.Generic malicious file download * 1:48152 <-> MALWARE-CNC JS.Trojan.Generic malicious file download * 1:48153 <-> MALWARE-CNC JS.Trojan.Generic variant outbound connection * 1:48154 <-> MALWARE-CNC JS.Trojan.Generic variant outbound connection * 1:48155 <-> MALWARE-CNC JS.Trojan.Generic variant outbound connection * 1:48156 <-> MALWARE-CNC JS.Trojan.Generic variant outbound connection * 1:48157 <-> MALWARE-CNC JS.Trojan.Generic variant outbound connection * 3:50908 <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2019-0885 attack attempt
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.47.0.
The format of the file is:
gid:sid <-> Message
* 1:64721 <-> SERVER-WEBAPP Edimax IC-7100 IP Camera command injection attempt * 1:64722 <-> SERVER-WEBAPP Edimax IC-7100 IP Camera command injection attempt * 1:64723 <-> SERVER-WEBAPP Edimax IC-7100 IP Camera command injection attempt * 1:64724 <-> SERVER-WEBAPP Edimax IC-7100 IP Camera command injection attempt * 1:64725 <-> MALWARE-OTHER Win.Ransomware.DarkSide phishing attempt * 1:64726 <-> SERVER-WEBAPP NAKIVO Director arbitrary file read attempt * 1:64727 <-> PROTOCOL-OTHER Digium Asterisk Skinny Channel OnHook message detected * 1:64728 <-> PROTOCOL-OTHER Digium Asterisk Skinny Channel denial of service attempt * 1:64729 <-> PROTOCOL-OTHER Digium Asterisk Skinny Channel OffHook message detected * 1:64730 <-> SERVER-APACHE Apache Tomcat potential TOCTOU race condition trigger attempt * 1:64731 <-> SERVER-WEBAPP Multiple products potential JSP webshell upload attempt * 1:64732 <-> SERVER-WEBAPP Trend Micro OfficeScan directory traversal attempt * 1:64733 <-> POLICY-OTHER Progress WhatsUp Gold potential credential leak attempt * 1:64734 <-> SERVER-WEBAPP Progress WhatsUp Gold remote code execution attempt * 1:64735 <-> SERVER-WEBAPP SAP NetWeaver local file inclusion attempt * 1:64736 <-> SERVER-WEBAPP SAP NetWeaver local file inclusion attempt * 3:64737 <-> OS-OTHER TRUFFLEHUNTER TALOS-2025-2158 attack attempt * 3:64738 <-> OS-OTHER TRUFFLEHUNTER TALOS-2025-2158 attack attempt
* 1:48151 <-> MALWARE-CNC JS.Trojan.Generic malicious file download * 1:48152 <-> MALWARE-CNC JS.Trojan.Generic malicious file download * 1:48153 <-> MALWARE-CNC JS.Trojan.Generic variant outbound connection * 1:48154 <-> MALWARE-CNC JS.Trojan.Generic variant outbound connection * 1:48155 <-> MALWARE-CNC JS.Trojan.Generic variant outbound connection * 1:48156 <-> MALWARE-CNC JS.Trojan.Generic variant outbound connection * 1:48157 <-> MALWARE-CNC JS.Trojan.Generic variant outbound connection * 3:50908 <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2019-0885 attack attempt