Talos has added and modified multiple rules in the app-detect, file-pdf, malware-cnc, malware-other, policy-other and server-webapp rule sets to provide coverage for emerging threats from these technologies.
For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2092000.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:64790 <-> DISABLED <-> POLICY-OTHER Sitecore Experience Platform vulnerable CreateNewUser endpoint access attempt (policy-other.rules) * 1:64791 <-> DISABLED <-> SERVER-WEBAPP Sitecore Experience Platform CSRF token remote code execution attempt (server-webapp.rules) * 1:64792 <-> DISABLED <-> SERVER-WEBAPP Sitecore Experience Platform CSRF token remote code execution attempt (server-webapp.rules) * 1:64793 <-> DISABLED <-> MALWARE-CNC Win.Infostealer.LummaStealer variant outbound communication attempt (malware-cnc.rules) * 1:64794 <-> DISABLED <-> MALWARE-CNC Win.Infostealer.LummaStealer variant outbound communication attempt (malware-cnc.rules) * 1:64795 <-> DISABLED <-> SERVER-OTHER Veeam Backup and Replication xp_cmdshell invocation attempt (server-other.rules) * 1:64796 <-> DISABLED <-> MALWARE-OTHER Win.InfoStealer.LummaStealer outbound communication attempt (malware-other.rules) * 1:64797 <-> ENABLED <-> MALWARE-CNC Win.InfoStealer.LummaStealer variant outbound connection attempt (malware-cnc.rules) * 1:64798 <-> ENABLED <-> MALWARE-CNC Win.InfoStealer.LummaStealer variant outbound connection attempt (malware-cnc.rules) * 1:64799 <-> ENABLED <-> MALWARE-CNC Win.InfoStealer.LummaStealer variant outbound connection attempt (malware-cnc.rules) * 1:64800 <-> ENABLED <-> MALWARE-CNC Win.InfoStealer.LummaStealer variant outbound connection attempt (malware-cnc.rules) * 1:64801 <-> ENABLED <-> MALWARE-CNC Win.InfoStealer.LummaStealer variant outbound connection attempt (malware-cnc.rules) * 3:64803 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2025-2159 attack attempt (file-pdf.rules) * 3:64802 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2025-2159 attack attempt (file-pdf.rules)
* 1:64789 <-> DISABLED <-> APP-DETECT Erlang/OTP SSH server detected (app-detect.rules)
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2091900.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:64800 <-> ENABLED <-> MALWARE-CNC Win.InfoStealer.LummaStealer variant outbound connection attempt (malware-cnc.rules) * 1:64798 <-> ENABLED <-> MALWARE-CNC Win.InfoStealer.LummaStealer variant outbound connection attempt (malware-cnc.rules) * 1:64797 <-> ENABLED <-> MALWARE-CNC Win.InfoStealer.LummaStealer variant outbound connection attempt (malware-cnc.rules) * 1:64790 <-> DISABLED <-> POLICY-OTHER Sitecore Experience Platform vulnerable CreateNewUser endpoint access attempt (policy-other.rules) * 1:64791 <-> DISABLED <-> SERVER-WEBAPP Sitecore Experience Platform CSRF token remote code execution attempt (server-webapp.rules) * 1:64794 <-> DISABLED <-> MALWARE-CNC Win.Infostealer.LummaStealer variant outbound communication attempt (malware-cnc.rules) * 1:64795 <-> DISABLED <-> SERVER-OTHER Veeam Backup and Replication xp_cmdshell invocation attempt (server-other.rules) * 1:64796 <-> DISABLED <-> MALWARE-OTHER Win.InfoStealer.LummaStealer outbound communication attempt (malware-other.rules) * 1:64799 <-> ENABLED <-> MALWARE-CNC Win.InfoStealer.LummaStealer variant outbound connection attempt (malware-cnc.rules) * 1:64801 <-> ENABLED <-> MALWARE-CNC Win.InfoStealer.LummaStealer variant outbound connection attempt (malware-cnc.rules) * 1:64792 <-> DISABLED <-> SERVER-WEBAPP Sitecore Experience Platform CSRF token remote code execution attempt (server-webapp.rules) * 1:64793 <-> DISABLED <-> MALWARE-CNC Win.Infostealer.LummaStealer variant outbound communication attempt (malware-cnc.rules) * 3:64802 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2025-2159 attack attempt (file-pdf.rules) * 3:64803 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2025-2159 attack attempt (file-pdf.rules)
* 1:64789 <-> DISABLED <-> APP-DETECT Erlang/OTP SSH server detected (app-detect.rules)
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2091801.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:64793 <-> DISABLED <-> MALWARE-CNC Win.Infostealer.LummaStealer variant outbound communication attempt (malware-cnc.rules) * 1:64791 <-> DISABLED <-> SERVER-WEBAPP Sitecore Experience Platform CSRF token remote code execution attempt (server-webapp.rules) * 1:64794 <-> DISABLED <-> MALWARE-CNC Win.Infostealer.LummaStealer variant outbound communication attempt (malware-cnc.rules) * 1:64797 <-> ENABLED <-> MALWARE-CNC Win.InfoStealer.LummaStealer variant outbound connection attempt (malware-cnc.rules) * 1:64795 <-> DISABLED <-> SERVER-OTHER Veeam Backup and Replication xp_cmdshell invocation attempt (server-other.rules) * 1:64798 <-> ENABLED <-> MALWARE-CNC Win.InfoStealer.LummaStealer variant outbound connection attempt (malware-cnc.rules) * 1:64792 <-> DISABLED <-> SERVER-WEBAPP Sitecore Experience Platform CSRF token remote code execution attempt (server-webapp.rules) * 1:64799 <-> ENABLED <-> MALWARE-CNC Win.InfoStealer.LummaStealer variant outbound connection attempt (malware-cnc.rules) * 1:64800 <-> ENABLED <-> MALWARE-CNC Win.InfoStealer.LummaStealer variant outbound connection attempt (malware-cnc.rules) * 1:64801 <-> ENABLED <-> MALWARE-CNC Win.InfoStealer.LummaStealer variant outbound connection attempt (malware-cnc.rules) * 1:64796 <-> DISABLED <-> MALWARE-OTHER Win.InfoStealer.LummaStealer outbound communication attempt (malware-other.rules) * 1:64790 <-> DISABLED <-> POLICY-OTHER Sitecore Experience Platform vulnerable CreateNewUser endpoint access attempt (policy-other.rules) * 3:64803 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2025-2159 attack attempt (file-pdf.rules) * 3:64802 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2025-2159 attack attempt (file-pdf.rules)
* 1:64789 <-> DISABLED <-> APP-DETECT Erlang/OTP SSH server detected (app-detect.rules)
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2091701.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:64800 <-> ENABLED <-> MALWARE-CNC Win.InfoStealer.LummaStealer variant outbound connection attempt (malware-cnc.rules) * 1:64797 <-> ENABLED <-> MALWARE-CNC Win.InfoStealer.LummaStealer variant outbound connection attempt (malware-cnc.rules) * 1:64790 <-> DISABLED <-> POLICY-OTHER Sitecore Experience Platform vulnerable CreateNewUser endpoint access attempt (policy-other.rules) * 1:64791 <-> DISABLED <-> SERVER-WEBAPP Sitecore Experience Platform CSRF token remote code execution attempt (server-webapp.rules) * 1:64792 <-> DISABLED <-> SERVER-WEBAPP Sitecore Experience Platform CSRF token remote code execution attempt (server-webapp.rules) * 1:64801 <-> ENABLED <-> MALWARE-CNC Win.InfoStealer.LummaStealer variant outbound connection attempt (malware-cnc.rules) * 1:64798 <-> ENABLED <-> MALWARE-CNC Win.InfoStealer.LummaStealer variant outbound connection attempt (malware-cnc.rules) * 1:64799 <-> ENABLED <-> MALWARE-CNC Win.InfoStealer.LummaStealer variant outbound connection attempt (malware-cnc.rules) * 1:64793 <-> DISABLED <-> MALWARE-CNC Win.Infostealer.LummaStealer variant outbound communication attempt (malware-cnc.rules) * 1:64795 <-> DISABLED <-> SERVER-OTHER Veeam Backup and Replication xp_cmdshell invocation attempt (server-other.rules) * 1:64796 <-> DISABLED <-> MALWARE-OTHER Win.InfoStealer.LummaStealer outbound communication attempt (malware-other.rules) * 1:64794 <-> DISABLED <-> MALWARE-CNC Win.Infostealer.LummaStealer variant outbound communication attempt (malware-cnc.rules) * 3:64802 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2025-2159 attack attempt (file-pdf.rules) * 3:64803 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2025-2159 attack attempt (file-pdf.rules)
* 1:64789 <-> DISABLED <-> APP-DETECT Erlang/OTP SSH server detected (app-detect.rules)
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2091700.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:64799 <-> ENABLED <-> MALWARE-CNC Win.InfoStealer.LummaStealer variant outbound connection attempt (malware-cnc.rules) * 1:64798 <-> ENABLED <-> MALWARE-CNC Win.InfoStealer.LummaStealer variant outbound connection attempt (malware-cnc.rules) * 1:64800 <-> ENABLED <-> MALWARE-CNC Win.InfoStealer.LummaStealer variant outbound connection attempt (malware-cnc.rules) * 1:64794 <-> DISABLED <-> MALWARE-CNC Win.Infostealer.LummaStealer variant outbound communication attempt (malware-cnc.rules) * 1:64793 <-> DISABLED <-> MALWARE-CNC Win.Infostealer.LummaStealer variant outbound communication attempt (malware-cnc.rules) * 1:64796 <-> DISABLED <-> MALWARE-OTHER Win.InfoStealer.LummaStealer outbound communication attempt (malware-other.rules) * 1:64795 <-> DISABLED <-> SERVER-OTHER Veeam Backup and Replication xp_cmdshell invocation attempt (server-other.rules) * 1:64797 <-> ENABLED <-> MALWARE-CNC Win.InfoStealer.LummaStealer variant outbound connection attempt (malware-cnc.rules) * 1:64791 <-> DISABLED <-> SERVER-WEBAPP Sitecore Experience Platform CSRF token remote code execution attempt (server-webapp.rules) * 1:64801 <-> ENABLED <-> MALWARE-CNC Win.InfoStealer.LummaStealer variant outbound connection attempt (malware-cnc.rules) * 1:64792 <-> DISABLED <-> SERVER-WEBAPP Sitecore Experience Platform CSRF token remote code execution attempt (server-webapp.rules) * 1:64790 <-> DISABLED <-> POLICY-OTHER Sitecore Experience Platform vulnerable CreateNewUser endpoint access attempt (policy-other.rules) * 3:64802 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2025-2159 attack attempt (file-pdf.rules) * 3:64803 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2025-2159 attack attempt (file-pdf.rules)
* 1:64789 <-> DISABLED <-> APP-DETECT Erlang/OTP SSH server detected (app-detect.rules)
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2091601.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:64792 <-> DISABLED <-> SERVER-WEBAPP Sitecore Experience Platform CSRF token remote code execution attempt (server-webapp.rules) * 1:64791 <-> DISABLED <-> SERVER-WEBAPP Sitecore Experience Platform CSRF token remote code execution attempt (server-webapp.rules) * 1:64798 <-> ENABLED <-> MALWARE-CNC Win.InfoStealer.LummaStealer variant outbound connection attempt (malware-cnc.rules) * 1:64800 <-> ENABLED <-> MALWARE-CNC Win.InfoStealer.LummaStealer variant outbound connection attempt (malware-cnc.rules) * 1:64797 <-> ENABLED <-> MALWARE-CNC Win.InfoStealer.LummaStealer variant outbound connection attempt (malware-cnc.rules) * 1:64794 <-> DISABLED <-> MALWARE-CNC Win.Infostealer.LummaStealer variant outbound communication attempt (malware-cnc.rules) * 1:64795 <-> DISABLED <-> SERVER-OTHER Veeam Backup and Replication xp_cmdshell invocation attempt (server-other.rules) * 1:64799 <-> ENABLED <-> MALWARE-CNC Win.InfoStealer.LummaStealer variant outbound connection attempt (malware-cnc.rules) * 1:64793 <-> DISABLED <-> MALWARE-CNC Win.Infostealer.LummaStealer variant outbound communication attempt (malware-cnc.rules) * 1:64796 <-> DISABLED <-> MALWARE-OTHER Win.InfoStealer.LummaStealer outbound communication attempt (malware-other.rules) * 1:64801 <-> ENABLED <-> MALWARE-CNC Win.InfoStealer.LummaStealer variant outbound connection attempt (malware-cnc.rules) * 1:64790 <-> DISABLED <-> POLICY-OTHER Sitecore Experience Platform vulnerable CreateNewUser endpoint access attempt (policy-other.rules) * 3:64803 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2025-2159 attack attempt (file-pdf.rules) * 3:64802 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2025-2159 attack attempt (file-pdf.rules)
* 1:64789 <-> DISABLED <-> APP-DETECT Erlang/OTP SSH server detected (app-detect.rules)
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2091600.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:64800 <-> ENABLED <-> MALWARE-CNC Win.InfoStealer.LummaStealer variant outbound connection attempt (malware-cnc.rules) * 1:64790 <-> DISABLED <-> POLICY-OTHER Sitecore Experience Platform vulnerable CreateNewUser endpoint access attempt (policy-other.rules) * 1:64794 <-> DISABLED <-> MALWARE-CNC Win.Infostealer.LummaStealer variant outbound communication attempt (malware-cnc.rules) * 1:64793 <-> DISABLED <-> MALWARE-CNC Win.Infostealer.LummaStealer variant outbound communication attempt (malware-cnc.rules) * 1:64795 <-> DISABLED <-> SERVER-OTHER Veeam Backup and Replication xp_cmdshell invocation attempt (server-other.rules) * 1:64799 <-> ENABLED <-> MALWARE-CNC Win.InfoStealer.LummaStealer variant outbound connection attempt (malware-cnc.rules) * 1:64796 <-> DISABLED <-> MALWARE-OTHER Win.InfoStealer.LummaStealer outbound communication attempt (malware-other.rules) * 1:64797 <-> ENABLED <-> MALWARE-CNC Win.InfoStealer.LummaStealer variant outbound connection attempt (malware-cnc.rules) * 1:64801 <-> ENABLED <-> MALWARE-CNC Win.InfoStealer.LummaStealer variant outbound connection attempt (malware-cnc.rules) * 1:64798 <-> ENABLED <-> MALWARE-CNC Win.InfoStealer.LummaStealer variant outbound connection attempt (malware-cnc.rules) * 1:64792 <-> DISABLED <-> SERVER-WEBAPP Sitecore Experience Platform CSRF token remote code execution attempt (server-webapp.rules) * 1:64791 <-> DISABLED <-> SERVER-WEBAPP Sitecore Experience Platform CSRF token remote code execution attempt (server-webapp.rules) * 3:64803 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2025-2159 attack attempt (file-pdf.rules) * 3:64802 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2025-2159 attack attempt (file-pdf.rules)
* 1:64789 <-> DISABLED <-> APP-DETECT Erlang/OTP SSH server detected (app-detect.rules)
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2091501.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:64800 <-> ENABLED <-> MALWARE-CNC Win.InfoStealer.LummaStealer variant outbound connection attempt (malware-cnc.rules) * 1:64799 <-> ENABLED <-> MALWARE-CNC Win.InfoStealer.LummaStealer variant outbound connection attempt (malware-cnc.rules) * 1:64790 <-> DISABLED <-> POLICY-OTHER Sitecore Experience Platform vulnerable CreateNewUser endpoint access attempt (policy-other.rules) * 1:64798 <-> ENABLED <-> MALWARE-CNC Win.InfoStealer.LummaStealer variant outbound connection attempt (malware-cnc.rules) * 1:64797 <-> ENABLED <-> MALWARE-CNC Win.InfoStealer.LummaStealer variant outbound connection attempt (malware-cnc.rules) * 1:64791 <-> DISABLED <-> SERVER-WEBAPP Sitecore Experience Platform CSRF token remote code execution attempt (server-webapp.rules) * 1:64793 <-> DISABLED <-> MALWARE-CNC Win.Infostealer.LummaStealer variant outbound communication attempt (malware-cnc.rules) * 1:64795 <-> DISABLED <-> SERVER-OTHER Veeam Backup and Replication xp_cmdshell invocation attempt (server-other.rules) * 1:64796 <-> DISABLED <-> MALWARE-OTHER Win.InfoStealer.LummaStealer outbound communication attempt (malware-other.rules) * 1:64794 <-> DISABLED <-> MALWARE-CNC Win.Infostealer.LummaStealer variant outbound communication attempt (malware-cnc.rules) * 1:64801 <-> ENABLED <-> MALWARE-CNC Win.InfoStealer.LummaStealer variant outbound connection attempt (malware-cnc.rules) * 1:64792 <-> DISABLED <-> SERVER-WEBAPP Sitecore Experience Platform CSRF token remote code execution attempt (server-webapp.rules) * 3:64803 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2025-2159 attack attempt (file-pdf.rules) * 3:64802 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2025-2159 attack attempt (file-pdf.rules)
* 1:64789 <-> DISABLED <-> APP-DETECT Erlang/OTP SSH server detected (app-detect.rules)
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2091401.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:64790 <-> DISABLED <-> POLICY-OTHER Sitecore Experience Platform vulnerable CreateNewUser endpoint access attempt (policy-other.rules) * 1:64791 <-> DISABLED <-> SERVER-WEBAPP Sitecore Experience Platform CSRF token remote code execution attempt (server-webapp.rules) * 1:64796 <-> DISABLED <-> MALWARE-OTHER Win.InfoStealer.LummaStealer outbound communication attempt (malware-other.rules) * 1:64795 <-> DISABLED <-> SERVER-OTHER Veeam Backup and Replication xp_cmdshell invocation attempt (server-other.rules) * 1:64800 <-> ENABLED <-> MALWARE-CNC Win.InfoStealer.LummaStealer variant outbound connection attempt (malware-cnc.rules) * 1:64794 <-> DISABLED <-> MALWARE-CNC Win.Infostealer.LummaStealer variant outbound communication attempt (malware-cnc.rules) * 1:64792 <-> DISABLED <-> SERVER-WEBAPP Sitecore Experience Platform CSRF token remote code execution attempt (server-webapp.rules) * 1:64799 <-> ENABLED <-> MALWARE-CNC Win.InfoStealer.LummaStealer variant outbound connection attempt (malware-cnc.rules) * 1:64797 <-> ENABLED <-> MALWARE-CNC Win.InfoStealer.LummaStealer variant outbound connection attempt (malware-cnc.rules) * 1:64798 <-> ENABLED <-> MALWARE-CNC Win.InfoStealer.LummaStealer variant outbound connection attempt (malware-cnc.rules) * 1:64793 <-> DISABLED <-> MALWARE-CNC Win.Infostealer.LummaStealer variant outbound communication attempt (malware-cnc.rules) * 1:64801 <-> ENABLED <-> MALWARE-CNC Win.InfoStealer.LummaStealer variant outbound connection attempt (malware-cnc.rules) * 3:64802 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2025-2159 attack attempt (file-pdf.rules) * 3:64803 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2025-2159 attack attempt (file-pdf.rules)
* 1:64789 <-> DISABLED <-> APP-DETECT Erlang/OTP SSH server detected (app-detect.rules)
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2091300.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:64798 <-> ENABLED <-> MALWARE-CNC Win.InfoStealer.LummaStealer variant outbound connection attempt (malware-cnc.rules) * 1:64790 <-> DISABLED <-> POLICY-OTHER Sitecore Experience Platform vulnerable CreateNewUser endpoint access attempt (policy-other.rules) * 1:64795 <-> DISABLED <-> SERVER-OTHER Veeam Backup and Replication xp_cmdshell invocation attempt (server-other.rules) * 1:64794 <-> DISABLED <-> MALWARE-CNC Win.Infostealer.LummaStealer variant outbound communication attempt (malware-cnc.rules) * 1:64799 <-> ENABLED <-> MALWARE-CNC Win.InfoStealer.LummaStealer variant outbound connection attempt (malware-cnc.rules) * 1:64801 <-> ENABLED <-> MALWARE-CNC Win.InfoStealer.LummaStealer variant outbound connection attempt (malware-cnc.rules) * 1:64793 <-> DISABLED <-> MALWARE-CNC Win.Infostealer.LummaStealer variant outbound communication attempt (malware-cnc.rules) * 1:64800 <-> ENABLED <-> MALWARE-CNC Win.InfoStealer.LummaStealer variant outbound connection attempt (malware-cnc.rules) * 1:64797 <-> ENABLED <-> MALWARE-CNC Win.InfoStealer.LummaStealer variant outbound connection attempt (malware-cnc.rules) * 1:64796 <-> DISABLED <-> MALWARE-OTHER Win.InfoStealer.LummaStealer outbound communication attempt (malware-other.rules) * 1:64791 <-> DISABLED <-> SERVER-WEBAPP Sitecore Experience Platform CSRF token remote code execution attempt (server-webapp.rules) * 1:64792 <-> DISABLED <-> SERVER-WEBAPP Sitecore Experience Platform CSRF token remote code execution attempt (server-webapp.rules) * 3:64803 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2025-2159 attack attempt (file-pdf.rules) * 3:64802 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2025-2159 attack attempt (file-pdf.rules)
* 1:64789 <-> DISABLED <-> APP-DETECT Erlang/OTP SSH server detected (app-detect.rules)
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2091101.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:64790 <-> DISABLED <-> POLICY-OTHER Sitecore Experience Platform vulnerable CreateNewUser endpoint access attempt (policy-other.rules) * 1:64793 <-> DISABLED <-> MALWARE-CNC Win.Infostealer.LummaStealer variant outbound communication attempt (malware-cnc.rules) * 1:64800 <-> ENABLED <-> MALWARE-CNC Win.InfoStealer.LummaStealer variant outbound connection attempt (malware-cnc.rules) * 1:64794 <-> DISABLED <-> MALWARE-CNC Win.Infostealer.LummaStealer variant outbound communication attempt (malware-cnc.rules) * 1:64795 <-> DISABLED <-> SERVER-OTHER Veeam Backup and Replication xp_cmdshell invocation attempt (server-other.rules) * 1:64791 <-> DISABLED <-> SERVER-WEBAPP Sitecore Experience Platform CSRF token remote code execution attempt (server-webapp.rules) * 1:64792 <-> DISABLED <-> SERVER-WEBAPP Sitecore Experience Platform CSRF token remote code execution attempt (server-webapp.rules) * 1:64796 <-> DISABLED <-> MALWARE-OTHER Win.InfoStealer.LummaStealer outbound communication attempt (malware-other.rules) * 1:64797 <-> ENABLED <-> MALWARE-CNC Win.InfoStealer.LummaStealer variant outbound connection attempt (malware-cnc.rules) * 1:64798 <-> ENABLED <-> MALWARE-CNC Win.InfoStealer.LummaStealer variant outbound connection attempt (malware-cnc.rules) * 1:64801 <-> ENABLED <-> MALWARE-CNC Win.InfoStealer.LummaStealer variant outbound connection attempt (malware-cnc.rules) * 1:64799 <-> ENABLED <-> MALWARE-CNC Win.InfoStealer.LummaStealer variant outbound connection attempt (malware-cnc.rules) * 3:64802 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2025-2159 attack attempt (file-pdf.rules) * 3:64803 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2025-2159 attack attempt (file-pdf.rules)
* 1:64789 <-> DISABLED <-> APP-DETECT Erlang/OTP SSH server detected (app-detect.rules)
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.0.0.0.
The format of the file is:
gid:sid <-> Message
* 1:301185 <-> MALWARE-CNC Win.Infostealer.LummaStealer variant outbound communication attempt * 1:64790 <-> POLICY-OTHER Sitecore Experience Platform vulnerable CreateNewUser endpoint access attempt * 1:64791 <-> SERVER-WEBAPP Sitecore Experience Platform CSRF token remote code execution attempt * 1:64792 <-> SERVER-WEBAPP Sitecore Experience Platform CSRF token remote code execution attempt * 1:64795 <-> SERVER-OTHER Veeam Backup and Replication xp_cmdshell invocation attempt * 1:64796 <-> MALWARE-OTHER Win.InfoStealer.LummaStealer outbound communication attempt * 1:64797 <-> MALWARE-CNC Win.InfoStealer.LummaStealer variant outbound connection attempt * 1:64798 <-> MALWARE-CNC Win.InfoStealer.LummaStealer variant outbound connection attempt * 1:64799 <-> MALWARE-CNC Win.InfoStealer.LummaStealer variant outbound connection attempt * 1:64800 <-> MALWARE-CNC Win.InfoStealer.LummaStealer variant outbound connection attempt * 1:64801 <-> MALWARE-CNC Win.InfoStealer.LummaStealer variant outbound connection attempt * 3:64802 <-> FILE-PDF TRUFFLEHUNTER TALOS-2025-2159 attack attempt * 3:64803 <-> FILE-PDF TRUFFLEHUNTER TALOS-2025-2159 attack attempt
* 1:64789 <-> APP-DETECT Erlang/OTP SSH server detected
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.0.3.1.
The format of the file is:
gid:sid <-> Message
* 1:301185 <-> MALWARE-CNC Win.Infostealer.LummaStealer variant outbound communication attempt * 1:64790 <-> POLICY-OTHER Sitecore Experience Platform vulnerable CreateNewUser endpoint access attempt * 1:64791 <-> SERVER-WEBAPP Sitecore Experience Platform CSRF token remote code execution attempt * 1:64792 <-> SERVER-WEBAPP Sitecore Experience Platform CSRF token remote code execution attempt * 1:64795 <-> SERVER-OTHER Veeam Backup and Replication xp_cmdshell invocation attempt * 1:64796 <-> MALWARE-OTHER Win.InfoStealer.LummaStealer outbound communication attempt * 1:64797 <-> MALWARE-CNC Win.InfoStealer.LummaStealer variant outbound connection attempt * 1:64798 <-> MALWARE-CNC Win.InfoStealer.LummaStealer variant outbound connection attempt * 1:64799 <-> MALWARE-CNC Win.InfoStealer.LummaStealer variant outbound connection attempt * 1:64800 <-> MALWARE-CNC Win.InfoStealer.LummaStealer variant outbound connection attempt * 1:64801 <-> MALWARE-CNC Win.InfoStealer.LummaStealer variant outbound connection attempt * 3:64802 <-> FILE-PDF TRUFFLEHUNTER TALOS-2025-2159 attack attempt * 3:64803 <-> FILE-PDF TRUFFLEHUNTER TALOS-2025-2159 attack attempt
* 1:64789 <-> APP-DETECT Erlang/OTP SSH server detected
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.0.3.4.
The format of the file is:
gid:sid <-> Message
* 1:301185 <-> MALWARE-CNC Win.Infostealer.LummaStealer variant outbound communication attempt * 1:64790 <-> POLICY-OTHER Sitecore Experience Platform vulnerable CreateNewUser endpoint access attempt * 1:64791 <-> SERVER-WEBAPP Sitecore Experience Platform CSRF token remote code execution attempt * 1:64792 <-> SERVER-WEBAPP Sitecore Experience Platform CSRF token remote code execution attempt * 1:64795 <-> SERVER-OTHER Veeam Backup and Replication xp_cmdshell invocation attempt * 1:64796 <-> MALWARE-OTHER Win.InfoStealer.LummaStealer outbound communication attempt * 1:64797 <-> MALWARE-CNC Win.InfoStealer.LummaStealer variant outbound connection attempt * 1:64798 <-> MALWARE-CNC Win.InfoStealer.LummaStealer variant outbound connection attempt * 1:64799 <-> MALWARE-CNC Win.InfoStealer.LummaStealer variant outbound connection attempt * 1:64800 <-> MALWARE-CNC Win.InfoStealer.LummaStealer variant outbound connection attempt * 1:64801 <-> MALWARE-CNC Win.InfoStealer.LummaStealer variant outbound connection attempt * 3:64802 <-> FILE-PDF TRUFFLEHUNTER TALOS-2025-2159 attack attempt * 3:64803 <-> FILE-PDF TRUFFLEHUNTER TALOS-2025-2159 attack attempt
* 1:64789 <-> APP-DETECT Erlang/OTP SSH server detected
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.0.0.
The format of the file is:
gid:sid <-> Message
* 1:301185 <-> MALWARE-CNC Win.Infostealer.LummaStealer variant outbound communication attempt * 1:64790 <-> POLICY-OTHER Sitecore Experience Platform vulnerable CreateNewUser endpoint access attempt * 1:64791 <-> SERVER-WEBAPP Sitecore Experience Platform CSRF token remote code execution attempt * 1:64792 <-> SERVER-WEBAPP Sitecore Experience Platform CSRF token remote code execution attempt * 1:64795 <-> SERVER-OTHER Veeam Backup and Replication xp_cmdshell invocation attempt * 1:64796 <-> MALWARE-OTHER Win.InfoStealer.LummaStealer outbound communication attempt * 1:64797 <-> MALWARE-CNC Win.InfoStealer.LummaStealer variant outbound connection attempt * 1:64798 <-> MALWARE-CNC Win.InfoStealer.LummaStealer variant outbound connection attempt * 1:64799 <-> MALWARE-CNC Win.InfoStealer.LummaStealer variant outbound connection attempt * 1:64800 <-> MALWARE-CNC Win.InfoStealer.LummaStealer variant outbound connection attempt * 1:64801 <-> MALWARE-CNC Win.InfoStealer.LummaStealer variant outbound connection attempt * 3:64802 <-> FILE-PDF TRUFFLEHUNTER TALOS-2025-2159 attack attempt * 3:64803 <-> FILE-PDF TRUFFLEHUNTER TALOS-2025-2159 attack attempt
* 1:64789 <-> APP-DETECT Erlang/OTP SSH server detected
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.0.1.
The format of the file is:
gid:sid <-> Message
* 1:301185 <-> MALWARE-CNC Win.Infostealer.LummaStealer variant outbound communication attempt * 1:64790 <-> POLICY-OTHER Sitecore Experience Platform vulnerable CreateNewUser endpoint access attempt * 1:64791 <-> SERVER-WEBAPP Sitecore Experience Platform CSRF token remote code execution attempt * 1:64792 <-> SERVER-WEBAPP Sitecore Experience Platform CSRF token remote code execution attempt * 1:64795 <-> SERVER-OTHER Veeam Backup and Replication xp_cmdshell invocation attempt * 1:64796 <-> MALWARE-OTHER Win.InfoStealer.LummaStealer outbound communication attempt * 1:64797 <-> MALWARE-CNC Win.InfoStealer.LummaStealer variant outbound connection attempt * 1:64798 <-> MALWARE-CNC Win.InfoStealer.LummaStealer variant outbound connection attempt * 1:64799 <-> MALWARE-CNC Win.InfoStealer.LummaStealer variant outbound connection attempt * 1:64800 <-> MALWARE-CNC Win.InfoStealer.LummaStealer variant outbound connection attempt * 1:64801 <-> MALWARE-CNC Win.InfoStealer.LummaStealer variant outbound connection attempt * 3:64802 <-> FILE-PDF TRUFFLEHUNTER TALOS-2025-2159 attack attempt * 3:64803 <-> FILE-PDF TRUFFLEHUNTER TALOS-2025-2159 attack attempt
* 1:64789 <-> APP-DETECT Erlang/OTP SSH server detected
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.1.0.
The format of the file is:
gid:sid <-> Message
* 1:301185 <-> MALWARE-CNC Win.Infostealer.LummaStealer variant outbound communication attempt * 1:64790 <-> POLICY-OTHER Sitecore Experience Platform vulnerable CreateNewUser endpoint access attempt * 1:64791 <-> SERVER-WEBAPP Sitecore Experience Platform CSRF token remote code execution attempt * 1:64792 <-> SERVER-WEBAPP Sitecore Experience Platform CSRF token remote code execution attempt * 1:64795 <-> SERVER-OTHER Veeam Backup and Replication xp_cmdshell invocation attempt * 1:64796 <-> MALWARE-OTHER Win.InfoStealer.LummaStealer outbound communication attempt * 1:64797 <-> MALWARE-CNC Win.InfoStealer.LummaStealer variant outbound connection attempt * 1:64798 <-> MALWARE-CNC Win.InfoStealer.LummaStealer variant outbound connection attempt * 1:64799 <-> MALWARE-CNC Win.InfoStealer.LummaStealer variant outbound connection attempt * 1:64800 <-> MALWARE-CNC Win.InfoStealer.LummaStealer variant outbound connection attempt * 1:64801 <-> MALWARE-CNC Win.InfoStealer.LummaStealer variant outbound connection attempt * 3:64802 <-> FILE-PDF TRUFFLEHUNTER TALOS-2025-2159 attack attempt * 3:64803 <-> FILE-PDF TRUFFLEHUNTER TALOS-2025-2159 attack attempt
* 1:64789 <-> APP-DETECT Erlang/OTP SSH server detected
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.3.0.
The format of the file is:
gid:sid <-> Message
* 1:301185 <-> MALWARE-CNC Win.Infostealer.LummaStealer variant outbound communication attempt * 1:64790 <-> POLICY-OTHER Sitecore Experience Platform vulnerable CreateNewUser endpoint access attempt * 1:64791 <-> SERVER-WEBAPP Sitecore Experience Platform CSRF token remote code execution attempt * 1:64792 <-> SERVER-WEBAPP Sitecore Experience Platform CSRF token remote code execution attempt * 1:64795 <-> SERVER-OTHER Veeam Backup and Replication xp_cmdshell invocation attempt * 1:64796 <-> MALWARE-OTHER Win.InfoStealer.LummaStealer outbound communication attempt * 1:64797 <-> MALWARE-CNC Win.InfoStealer.LummaStealer variant outbound connection attempt * 1:64798 <-> MALWARE-CNC Win.InfoStealer.LummaStealer variant outbound connection attempt * 1:64799 <-> MALWARE-CNC Win.InfoStealer.LummaStealer variant outbound connection attempt * 1:64800 <-> MALWARE-CNC Win.InfoStealer.LummaStealer variant outbound connection attempt * 1:64801 <-> MALWARE-CNC Win.InfoStealer.LummaStealer variant outbound connection attempt * 3:64802 <-> FILE-PDF TRUFFLEHUNTER TALOS-2025-2159 attack attempt * 3:64803 <-> FILE-PDF TRUFFLEHUNTER TALOS-2025-2159 attack attempt
* 1:64789 <-> APP-DETECT Erlang/OTP SSH server detected
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.4.0.
The format of the file is:
gid:sid <-> Message
* 1:301185 <-> MALWARE-CNC Win.Infostealer.LummaStealer variant outbound communication attempt * 1:64790 <-> POLICY-OTHER Sitecore Experience Platform vulnerable CreateNewUser endpoint access attempt * 1:64791 <-> SERVER-WEBAPP Sitecore Experience Platform CSRF token remote code execution attempt * 1:64792 <-> SERVER-WEBAPP Sitecore Experience Platform CSRF token remote code execution attempt * 1:64795 <-> SERVER-OTHER Veeam Backup and Replication xp_cmdshell invocation attempt * 1:64796 <-> MALWARE-OTHER Win.InfoStealer.LummaStealer outbound communication attempt * 1:64797 <-> MALWARE-CNC Win.InfoStealer.LummaStealer variant outbound connection attempt * 1:64798 <-> MALWARE-CNC Win.InfoStealer.LummaStealer variant outbound connection attempt * 1:64799 <-> MALWARE-CNC Win.InfoStealer.LummaStealer variant outbound connection attempt * 1:64800 <-> MALWARE-CNC Win.InfoStealer.LummaStealer variant outbound connection attempt * 1:64801 <-> MALWARE-CNC Win.InfoStealer.LummaStealer variant outbound connection attempt * 3:64802 <-> FILE-PDF TRUFFLEHUNTER TALOS-2025-2159 attack attempt * 3:64803 <-> FILE-PDF TRUFFLEHUNTER TALOS-2025-2159 attack attempt
* 1:64789 <-> APP-DETECT Erlang/OTP SSH server detected
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.5.0.
The format of the file is:
gid:sid <-> Message
* 1:301185 <-> MALWARE-CNC Win.Infostealer.LummaStealer variant outbound communication attempt * 1:64790 <-> POLICY-OTHER Sitecore Experience Platform vulnerable CreateNewUser endpoint access attempt * 1:64791 <-> SERVER-WEBAPP Sitecore Experience Platform CSRF token remote code execution attempt * 1:64792 <-> SERVER-WEBAPP Sitecore Experience Platform CSRF token remote code execution attempt * 1:64795 <-> SERVER-OTHER Veeam Backup and Replication xp_cmdshell invocation attempt * 1:64796 <-> MALWARE-OTHER Win.InfoStealer.LummaStealer outbound communication attempt * 1:64797 <-> MALWARE-CNC Win.InfoStealer.LummaStealer variant outbound connection attempt * 1:64798 <-> MALWARE-CNC Win.InfoStealer.LummaStealer variant outbound connection attempt * 1:64799 <-> MALWARE-CNC Win.InfoStealer.LummaStealer variant outbound connection attempt * 1:64800 <-> MALWARE-CNC Win.InfoStealer.LummaStealer variant outbound connection attempt * 1:64801 <-> MALWARE-CNC Win.InfoStealer.LummaStealer variant outbound connection attempt * 3:64802 <-> FILE-PDF TRUFFLEHUNTER TALOS-2025-2159 attack attempt * 3:64803 <-> FILE-PDF TRUFFLEHUNTER TALOS-2025-2159 attack attempt
* 1:64789 <-> APP-DETECT Erlang/OTP SSH server detected
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.7.0.
The format of the file is:
gid:sid <-> Message
* 1:301185 <-> MALWARE-CNC Win.Infostealer.LummaStealer variant outbound communication attempt * 1:64790 <-> POLICY-OTHER Sitecore Experience Platform vulnerable CreateNewUser endpoint access attempt * 1:64791 <-> SERVER-WEBAPP Sitecore Experience Platform CSRF token remote code execution attempt * 1:64792 <-> SERVER-WEBAPP Sitecore Experience Platform CSRF token remote code execution attempt * 1:64795 <-> SERVER-OTHER Veeam Backup and Replication xp_cmdshell invocation attempt * 1:64796 <-> MALWARE-OTHER Win.InfoStealer.LummaStealer outbound communication attempt * 1:64797 <-> MALWARE-CNC Win.InfoStealer.LummaStealer variant outbound connection attempt * 1:64798 <-> MALWARE-CNC Win.InfoStealer.LummaStealer variant outbound connection attempt * 1:64799 <-> MALWARE-CNC Win.InfoStealer.LummaStealer variant outbound connection attempt * 1:64800 <-> MALWARE-CNC Win.InfoStealer.LummaStealer variant outbound connection attempt * 1:64801 <-> MALWARE-CNC Win.InfoStealer.LummaStealer variant outbound connection attempt * 3:64802 <-> FILE-PDF TRUFFLEHUNTER TALOS-2025-2159 attack attempt * 3:64803 <-> FILE-PDF TRUFFLEHUNTER TALOS-2025-2159 attack attempt
* 1:64789 <-> APP-DETECT Erlang/OTP SSH server detected
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.9.0.
The format of the file is:
gid:sid <-> Message
* 1:301185 <-> MALWARE-CNC Win.Infostealer.LummaStealer variant outbound communication attempt * 1:64790 <-> POLICY-OTHER Sitecore Experience Platform vulnerable CreateNewUser endpoint access attempt * 1:64791 <-> SERVER-WEBAPP Sitecore Experience Platform CSRF token remote code execution attempt * 1:64792 <-> SERVER-WEBAPP Sitecore Experience Platform CSRF token remote code execution attempt * 1:64795 <-> SERVER-OTHER Veeam Backup and Replication xp_cmdshell invocation attempt * 1:64796 <-> MALWARE-OTHER Win.InfoStealer.LummaStealer outbound communication attempt * 1:64797 <-> MALWARE-CNC Win.InfoStealer.LummaStealer variant outbound connection attempt * 1:64798 <-> MALWARE-CNC Win.InfoStealer.LummaStealer variant outbound connection attempt * 1:64799 <-> MALWARE-CNC Win.InfoStealer.LummaStealer variant outbound connection attempt * 1:64800 <-> MALWARE-CNC Win.InfoStealer.LummaStealer variant outbound connection attempt * 1:64801 <-> MALWARE-CNC Win.InfoStealer.LummaStealer variant outbound connection attempt * 3:64802 <-> FILE-PDF TRUFFLEHUNTER TALOS-2025-2159 attack attempt * 3:64803 <-> FILE-PDF TRUFFLEHUNTER TALOS-2025-2159 attack attempt
* 1:64789 <-> APP-DETECT Erlang/OTP SSH server detected
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.2.0.0.
The format of the file is:
gid:sid <-> Message
* 1:301185 <-> MALWARE-CNC Win.Infostealer.LummaStealer variant outbound communication attempt * 1:64790 <-> POLICY-OTHER Sitecore Experience Platform vulnerable CreateNewUser endpoint access attempt * 1:64791 <-> SERVER-WEBAPP Sitecore Experience Platform CSRF token remote code execution attempt * 1:64792 <-> SERVER-WEBAPP Sitecore Experience Platform CSRF token remote code execution attempt * 1:64795 <-> SERVER-OTHER Veeam Backup and Replication xp_cmdshell invocation attempt * 1:64796 <-> MALWARE-OTHER Win.InfoStealer.LummaStealer outbound communication attempt * 1:64797 <-> MALWARE-CNC Win.InfoStealer.LummaStealer variant outbound connection attempt * 1:64798 <-> MALWARE-CNC Win.InfoStealer.LummaStealer variant outbound connection attempt * 1:64799 <-> MALWARE-CNC Win.InfoStealer.LummaStealer variant outbound connection attempt * 1:64800 <-> MALWARE-CNC Win.InfoStealer.LummaStealer variant outbound connection attempt * 1:64801 <-> MALWARE-CNC Win.InfoStealer.LummaStealer variant outbound connection attempt * 3:64802 <-> FILE-PDF TRUFFLEHUNTER TALOS-2025-2159 attack attempt * 3:64803 <-> FILE-PDF TRUFFLEHUNTER TALOS-2025-2159 attack attempt
* 1:64789 <-> APP-DETECT Erlang/OTP SSH server detected
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.7.0.0.
The format of the file is:
gid:sid <-> Message
* 1:301185 <-> MALWARE-CNC Win.Infostealer.LummaStealer variant outbound communication attempt * 1:64790 <-> POLICY-OTHER Sitecore Experience Platform vulnerable CreateNewUser endpoint access attempt * 1:64791 <-> SERVER-WEBAPP Sitecore Experience Platform CSRF token remote code execution attempt * 1:64792 <-> SERVER-WEBAPP Sitecore Experience Platform CSRF token remote code execution attempt * 1:64795 <-> SERVER-OTHER Veeam Backup and Replication xp_cmdshell invocation attempt * 1:64796 <-> MALWARE-OTHER Win.InfoStealer.LummaStealer outbound communication attempt * 1:64797 <-> MALWARE-CNC Win.InfoStealer.LummaStealer variant outbound connection attempt * 1:64798 <-> MALWARE-CNC Win.InfoStealer.LummaStealer variant outbound connection attempt * 1:64799 <-> MALWARE-CNC Win.InfoStealer.LummaStealer variant outbound connection attempt * 1:64800 <-> MALWARE-CNC Win.InfoStealer.LummaStealer variant outbound connection attempt * 1:64801 <-> MALWARE-CNC Win.InfoStealer.LummaStealer variant outbound connection attempt * 3:64802 <-> FILE-PDF TRUFFLEHUNTER TALOS-2025-2159 attack attempt * 3:64803 <-> FILE-PDF TRUFFLEHUNTER TALOS-2025-2159 attack attempt
* 1:64789 <-> APP-DETECT Erlang/OTP SSH server detected
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.11.0.
The format of the file is:
gid:sid <-> Message
* 1:301185 <-> MALWARE-CNC Win.Infostealer.LummaStealer variant outbound communication attempt * 1:64790 <-> POLICY-OTHER Sitecore Experience Platform vulnerable CreateNewUser endpoint access attempt * 1:64791 <-> SERVER-WEBAPP Sitecore Experience Platform CSRF token remote code execution attempt * 1:64792 <-> SERVER-WEBAPP Sitecore Experience Platform CSRF token remote code execution attempt * 1:64795 <-> SERVER-OTHER Veeam Backup and Replication xp_cmdshell invocation attempt * 1:64796 <-> MALWARE-OTHER Win.InfoStealer.LummaStealer outbound communication attempt * 1:64797 <-> MALWARE-CNC Win.InfoStealer.LummaStealer variant outbound connection attempt * 1:64798 <-> MALWARE-CNC Win.InfoStealer.LummaStealer variant outbound connection attempt * 1:64799 <-> MALWARE-CNC Win.InfoStealer.LummaStealer variant outbound connection attempt * 1:64800 <-> MALWARE-CNC Win.InfoStealer.LummaStealer variant outbound connection attempt * 1:64801 <-> MALWARE-CNC Win.InfoStealer.LummaStealer variant outbound connection attempt * 3:64802 <-> FILE-PDF TRUFFLEHUNTER TALOS-2025-2159 attack attempt * 3:64803 <-> FILE-PDF TRUFFLEHUNTER TALOS-2025-2159 attack attempt
* 1:64789 <-> APP-DETECT Erlang/OTP SSH server detected
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.15.0.
The format of the file is:
gid:sid <-> Message
* 1:301185 <-> MALWARE-CNC Win.Infostealer.LummaStealer variant outbound communication attempt * 1:64790 <-> POLICY-OTHER Sitecore Experience Platform vulnerable CreateNewUser endpoint access attempt * 1:64791 <-> SERVER-WEBAPP Sitecore Experience Platform CSRF token remote code execution attempt * 1:64792 <-> SERVER-WEBAPP Sitecore Experience Platform CSRF token remote code execution attempt * 1:64795 <-> SERVER-OTHER Veeam Backup and Replication xp_cmdshell invocation attempt * 1:64796 <-> MALWARE-OTHER Win.InfoStealer.LummaStealer outbound communication attempt * 1:64797 <-> MALWARE-CNC Win.InfoStealer.LummaStealer variant outbound connection attempt * 1:64798 <-> MALWARE-CNC Win.InfoStealer.LummaStealer variant outbound connection attempt * 1:64799 <-> MALWARE-CNC Win.InfoStealer.LummaStealer variant outbound connection attempt * 1:64800 <-> MALWARE-CNC Win.InfoStealer.LummaStealer variant outbound connection attempt * 1:64801 <-> MALWARE-CNC Win.InfoStealer.LummaStealer variant outbound connection attempt * 3:64802 <-> FILE-PDF TRUFFLEHUNTER TALOS-2025-2159 attack attempt * 3:64803 <-> FILE-PDF TRUFFLEHUNTER TALOS-2025-2159 attack attempt
* 1:64789 <-> APP-DETECT Erlang/OTP SSH server detected
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.18.0.
The format of the file is:
gid:sid <-> Message
* 1:301185 <-> MALWARE-CNC Win.Infostealer.LummaStealer variant outbound communication attempt * 1:64790 <-> POLICY-OTHER Sitecore Experience Platform vulnerable CreateNewUser endpoint access attempt * 1:64791 <-> SERVER-WEBAPP Sitecore Experience Platform CSRF token remote code execution attempt * 1:64792 <-> SERVER-WEBAPP Sitecore Experience Platform CSRF token remote code execution attempt * 1:64795 <-> SERVER-OTHER Veeam Backup and Replication xp_cmdshell invocation attempt * 1:64796 <-> MALWARE-OTHER Win.InfoStealer.LummaStealer outbound communication attempt * 1:64797 <-> MALWARE-CNC Win.InfoStealer.LummaStealer variant outbound connection attempt * 1:64798 <-> MALWARE-CNC Win.InfoStealer.LummaStealer variant outbound connection attempt * 1:64799 <-> MALWARE-CNC Win.InfoStealer.LummaStealer variant outbound connection attempt * 1:64800 <-> MALWARE-CNC Win.InfoStealer.LummaStealer variant outbound connection attempt * 1:64801 <-> MALWARE-CNC Win.InfoStealer.LummaStealer variant outbound connection attempt * 3:64802 <-> FILE-PDF TRUFFLEHUNTER TALOS-2025-2159 attack attempt * 3:64803 <-> FILE-PDF TRUFFLEHUNTER TALOS-2025-2159 attack attempt
* 1:64789 <-> APP-DETECT Erlang/OTP SSH server detected
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.20.0.
The format of the file is:
gid:sid <-> Message
* 1:301185 <-> MALWARE-CNC Win.Infostealer.LummaStealer variant outbound communication attempt * 1:64790 <-> POLICY-OTHER Sitecore Experience Platform vulnerable CreateNewUser endpoint access attempt * 1:64791 <-> SERVER-WEBAPP Sitecore Experience Platform CSRF token remote code execution attempt * 1:64792 <-> SERVER-WEBAPP Sitecore Experience Platform CSRF token remote code execution attempt * 1:64795 <-> SERVER-OTHER Veeam Backup and Replication xp_cmdshell invocation attempt * 1:64796 <-> MALWARE-OTHER Win.InfoStealer.LummaStealer outbound communication attempt * 1:64797 <-> MALWARE-CNC Win.InfoStealer.LummaStealer variant outbound connection attempt * 1:64798 <-> MALWARE-CNC Win.InfoStealer.LummaStealer variant outbound connection attempt * 1:64799 <-> MALWARE-CNC Win.InfoStealer.LummaStealer variant outbound connection attempt * 1:64800 <-> MALWARE-CNC Win.InfoStealer.LummaStealer variant outbound connection attempt * 1:64801 <-> MALWARE-CNC Win.InfoStealer.LummaStealer variant outbound connection attempt * 3:64802 <-> FILE-PDF TRUFFLEHUNTER TALOS-2025-2159 attack attempt * 3:64803 <-> FILE-PDF TRUFFLEHUNTER TALOS-2025-2159 attack attempt
* 1:64789 <-> APP-DETECT Erlang/OTP SSH server detected
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.21.0.
The format of the file is:
gid:sid <-> Message
* 1:301185 <-> MALWARE-CNC Win.Infostealer.LummaStealer variant outbound communication attempt * 1:64790 <-> POLICY-OTHER Sitecore Experience Platform vulnerable CreateNewUser endpoint access attempt * 1:64791 <-> SERVER-WEBAPP Sitecore Experience Platform CSRF token remote code execution attempt * 1:64792 <-> SERVER-WEBAPP Sitecore Experience Platform CSRF token remote code execution attempt * 1:64795 <-> SERVER-OTHER Veeam Backup and Replication xp_cmdshell invocation attempt * 1:64796 <-> MALWARE-OTHER Win.InfoStealer.LummaStealer outbound communication attempt * 1:64797 <-> MALWARE-CNC Win.InfoStealer.LummaStealer variant outbound connection attempt * 1:64798 <-> MALWARE-CNC Win.InfoStealer.LummaStealer variant outbound connection attempt * 1:64799 <-> MALWARE-CNC Win.InfoStealer.LummaStealer variant outbound connection attempt * 1:64800 <-> MALWARE-CNC Win.InfoStealer.LummaStealer variant outbound connection attempt * 1:64801 <-> MALWARE-CNC Win.InfoStealer.LummaStealer variant outbound connection attempt * 3:64802 <-> FILE-PDF TRUFFLEHUNTER TALOS-2025-2159 attack attempt * 3:64803 <-> FILE-PDF TRUFFLEHUNTER TALOS-2025-2159 attack attempt
* 1:64789 <-> APP-DETECT Erlang/OTP SSH server detected
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.35.0.
The format of the file is:
gid:sid <-> Message
* 1:301185 <-> MALWARE-CNC Win.Infostealer.LummaStealer variant outbound communication attempt * 1:64790 <-> POLICY-OTHER Sitecore Experience Platform vulnerable CreateNewUser endpoint access attempt * 1:64791 <-> SERVER-WEBAPP Sitecore Experience Platform CSRF token remote code execution attempt * 1:64792 <-> SERVER-WEBAPP Sitecore Experience Platform CSRF token remote code execution attempt * 1:64795 <-> SERVER-OTHER Veeam Backup and Replication xp_cmdshell invocation attempt * 1:64796 <-> MALWARE-OTHER Win.InfoStealer.LummaStealer outbound communication attempt * 1:64797 <-> MALWARE-CNC Win.InfoStealer.LummaStealer variant outbound connection attempt * 1:64798 <-> MALWARE-CNC Win.InfoStealer.LummaStealer variant outbound connection attempt * 1:64799 <-> MALWARE-CNC Win.InfoStealer.LummaStealer variant outbound connection attempt * 1:64800 <-> MALWARE-CNC Win.InfoStealer.LummaStealer variant outbound connection attempt * 1:64801 <-> MALWARE-CNC Win.InfoStealer.LummaStealer variant outbound connection attempt * 3:64802 <-> FILE-PDF TRUFFLEHUNTER TALOS-2025-2159 attack attempt * 3:64803 <-> FILE-PDF TRUFFLEHUNTER TALOS-2025-2159 attack attempt
* 1:64789 <-> APP-DETECT Erlang/OTP SSH server detected
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.44.0.
The format of the file is:
gid:sid <-> Message
* 1:301185 <-> MALWARE-CNC Win.Infostealer.LummaStealer variant outbound communication attempt * 1:64790 <-> POLICY-OTHER Sitecore Experience Platform vulnerable CreateNewUser endpoint access attempt * 1:64791 <-> SERVER-WEBAPP Sitecore Experience Platform CSRF token remote code execution attempt * 1:64792 <-> SERVER-WEBAPP Sitecore Experience Platform CSRF token remote code execution attempt * 1:64795 <-> SERVER-OTHER Veeam Backup and Replication xp_cmdshell invocation attempt * 1:64796 <-> MALWARE-OTHER Win.InfoStealer.LummaStealer outbound communication attempt * 1:64797 <-> MALWARE-CNC Win.InfoStealer.LummaStealer variant outbound connection attempt * 1:64798 <-> MALWARE-CNC Win.InfoStealer.LummaStealer variant outbound connection attempt * 1:64799 <-> MALWARE-CNC Win.InfoStealer.LummaStealer variant outbound connection attempt * 1:64800 <-> MALWARE-CNC Win.InfoStealer.LummaStealer variant outbound connection attempt * 1:64801 <-> MALWARE-CNC Win.InfoStealer.LummaStealer variant outbound connection attempt * 3:64802 <-> FILE-PDF TRUFFLEHUNTER TALOS-2025-2159 attack attempt * 3:64803 <-> FILE-PDF TRUFFLEHUNTER TALOS-2025-2159 attack attempt
* 1:64789 <-> APP-DETECT Erlang/OTP SSH server detected
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.47.0.
The format of the file is:
gid:sid <-> Message
* 1:301185 <-> MALWARE-CNC Win.Infostealer.LummaStealer variant outbound communication attempt * 1:64790 <-> POLICY-OTHER Sitecore Experience Platform vulnerable CreateNewUser endpoint access attempt * 1:64791 <-> SERVER-WEBAPP Sitecore Experience Platform CSRF token remote code execution attempt * 1:64792 <-> SERVER-WEBAPP Sitecore Experience Platform CSRF token remote code execution attempt * 1:64795 <-> SERVER-OTHER Veeam Backup and Replication xp_cmdshell invocation attempt * 1:64796 <-> MALWARE-OTHER Win.InfoStealer.LummaStealer outbound communication attempt * 1:64797 <-> MALWARE-CNC Win.InfoStealer.LummaStealer variant outbound connection attempt * 1:64798 <-> MALWARE-CNC Win.InfoStealer.LummaStealer variant outbound connection attempt * 1:64799 <-> MALWARE-CNC Win.InfoStealer.LummaStealer variant outbound connection attempt * 1:64800 <-> MALWARE-CNC Win.InfoStealer.LummaStealer variant outbound connection attempt * 1:64801 <-> MALWARE-CNC Win.InfoStealer.LummaStealer variant outbound connection attempt * 3:64802 <-> FILE-PDF TRUFFLEHUNTER TALOS-2025-2159 attack attempt * 3:64803 <-> FILE-PDF TRUFFLEHUNTER TALOS-2025-2159 attack attempt
* 1:64789 <-> APP-DETECT Erlang/OTP SSH server detected
©2025 Cisco and/or its affiliates. Snort, the Snort and Pig logo are registered trademarks of Cisco. All rights reserved.
