Talos has added and modified multiple rules in the file-other, malware-cnc, malware-other, policy-other, protocol-other and server-webapp rule sets to provide coverage for emerging threats from these technologies.
For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2092000.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:64884 <-> DISABLED <-> SERVER-WEBAPP PRTG Network Monitor command injection attempt (server-webapp.rules) * 1:64885 <-> DISABLED <-> SERVER-WEBAPP PRTG Network Monitor command injection attempt (server-webapp.rules) * 1:64886 <-> DISABLED <-> SERVER-WEBAPP PRTG Network Monitor command injection attempt (server-webapp.rules) * 1:64887 <-> DISABLED <-> SERVER-WEBAPP PRTG Network Monitor command injection attempt (server-webapp.rules) * 1:64888 <-> DISABLED <-> SERVER-OTHER Netwrix Auditor insecure object deserialization attempt (server-other.rules) * 1:64889 <-> DISABLED <-> POLICY-OTHER Microsoft Windows HTML Application download detected (policy-other.rules) * 1:64890 <-> DISABLED <-> MALWARE-OTHER Unix.Backdoor.SpawnMole download attempt (malware-other.rules) * 1:64891 <-> DISABLED <-> MALWARE-OTHER Unix.Backdoor.SpawnMole download attempt (malware-other.rules) * 1:64892 <-> DISABLED <-> MALWARE-CNC Unix.Backdoor.SpawnMole outbound connection attempt (malware-cnc.rules) * 1:64893 <-> DISABLED <-> MALWARE-CNC Unix.Backdoor.SpawnMole outbound connection attempt (malware-cnc.rules) * 1:64894 <-> DISABLED <-> MALWARE-CNC Unix.Backdoor.SpawnMole outbound connection attempt (malware-cnc.rules) * 1:64895 <-> ENABLED <-> SERVER-WEBAPP Langflow code validator remote code execution attempt (server-webapp.rules) * 1:64896 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.CyberLock variant outbound communication attempt (malware-other.rules) * 1:64897 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.CyberLock variant download attempt (malware-other.rules) * 1:64898 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.CyberLock variant download attempt (malware-other.rules) * 1:64899 <-> DISABLED <-> MALWARE-OTHER Win.Loader.Lucky_Ghost variant download attempt (malware-other.rules) * 1:64900 <-> DISABLED <-> MALWARE-OTHER Win.Loader.Lucky_Ghost variant download attempt (malware-other.rules) * 1:64901 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Lucky_Ghost variant download attempt (malware-other.rules) * 1:64902 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Lucky_Ghost variant download attempt (malware-other.rules) * 3:64903 <-> ENABLED <-> PROTOCOL-OTHER TRUFFLEHUNTER TALOS-2025-2184 attack attempt (protocol-other.rules) * 3:64905 <-> ENABLED <-> PROTOCOL-OTHER TRUFFLEHUNTER TALOS-2025-2185 attack attempt (protocol-other.rules) * 3:64904 <-> ENABLED <-> PROTOCOL-OTHER TRUFFLEHUNTER TALOS-2025-2184 attack attempt (protocol-other.rules)
* 1:62584 <-> DISABLED <-> FILE-OTHER Mozilla Thunderbird calendar property type confusion attempt (file-other.rules) * 1:62585 <-> DISABLED <-> FILE-OTHER Mozilla Thunderbird calendar property type confusion attempt (file-other.rules)
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2091900.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:64899 <-> DISABLED <-> MALWARE-OTHER Win.Loader.Lucky_Ghost variant download attempt (malware-other.rules) * 1:64900 <-> DISABLED <-> MALWARE-OTHER Win.Loader.Lucky_Ghost variant download attempt (malware-other.rules) * 1:64888 <-> DISABLED <-> SERVER-OTHER Netwrix Auditor insecure object deserialization attempt (server-other.rules) * 1:64887 <-> DISABLED <-> SERVER-WEBAPP PRTG Network Monitor command injection attempt (server-webapp.rules) * 1:64884 <-> DISABLED <-> SERVER-WEBAPP PRTG Network Monitor command injection attempt (server-webapp.rules) * 1:64885 <-> DISABLED <-> SERVER-WEBAPP PRTG Network Monitor command injection attempt (server-webapp.rules) * 1:64889 <-> DISABLED <-> POLICY-OTHER Microsoft Windows HTML Application download detected (policy-other.rules) * 1:64890 <-> DISABLED <-> MALWARE-OTHER Unix.Backdoor.SpawnMole download attempt (malware-other.rules) * 1:64891 <-> DISABLED <-> MALWARE-OTHER Unix.Backdoor.SpawnMole download attempt (malware-other.rules) * 1:64886 <-> DISABLED <-> SERVER-WEBAPP PRTG Network Monitor command injection attempt (server-webapp.rules) * 1:64892 <-> DISABLED <-> MALWARE-CNC Unix.Backdoor.SpawnMole outbound connection attempt (malware-cnc.rules) * 1:64893 <-> DISABLED <-> MALWARE-CNC Unix.Backdoor.SpawnMole outbound connection attempt (malware-cnc.rules) * 1:64894 <-> DISABLED <-> MALWARE-CNC Unix.Backdoor.SpawnMole outbound connection attempt (malware-cnc.rules) * 1:64895 <-> ENABLED <-> SERVER-WEBAPP Langflow code validator remote code execution attempt (server-webapp.rules) * 1:64896 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.CyberLock variant outbound communication attempt (malware-other.rules) * 1:64897 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.CyberLock variant download attempt (malware-other.rules) * 1:64902 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Lucky_Ghost variant download attempt (malware-other.rules) * 1:64901 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Lucky_Ghost variant download attempt (malware-other.rules) * 1:64898 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.CyberLock variant download attempt (malware-other.rules) * 3:64904 <-> ENABLED <-> PROTOCOL-OTHER TRUFFLEHUNTER TALOS-2025-2184 attack attempt (protocol-other.rules) * 3:64903 <-> ENABLED <-> PROTOCOL-OTHER TRUFFLEHUNTER TALOS-2025-2184 attack attempt (protocol-other.rules) * 3:64905 <-> ENABLED <-> PROTOCOL-OTHER TRUFFLEHUNTER TALOS-2025-2185 attack attempt (protocol-other.rules)
* 1:62584 <-> DISABLED <-> FILE-OTHER Mozilla Thunderbird calendar property type confusion attempt (file-other.rules) * 1:62585 <-> DISABLED <-> FILE-OTHER Mozilla Thunderbird calendar property type confusion attempt (file-other.rules)
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2091801.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:64899 <-> DISABLED <-> MALWARE-OTHER Win.Loader.Lucky_Ghost variant download attempt (malware-other.rules) * 1:64902 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Lucky_Ghost variant download attempt (malware-other.rules) * 1:64890 <-> DISABLED <-> MALWARE-OTHER Unix.Backdoor.SpawnMole download attempt (malware-other.rules) * 1:64897 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.CyberLock variant download attempt (malware-other.rules) * 1:64898 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.CyberLock variant download attempt (malware-other.rules) * 1:64900 <-> DISABLED <-> MALWARE-OTHER Win.Loader.Lucky_Ghost variant download attempt (malware-other.rules) * 1:64901 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Lucky_Ghost variant download attempt (malware-other.rules) * 1:64886 <-> DISABLED <-> SERVER-WEBAPP PRTG Network Monitor command injection attempt (server-webapp.rules) * 1:64885 <-> DISABLED <-> SERVER-WEBAPP PRTG Network Monitor command injection attempt (server-webapp.rules) * 1:64896 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.CyberLock variant outbound communication attempt (malware-other.rules) * 1:64895 <-> ENABLED <-> SERVER-WEBAPP Langflow code validator remote code execution attempt (server-webapp.rules) * 1:64887 <-> DISABLED <-> SERVER-WEBAPP PRTG Network Monitor command injection attempt (server-webapp.rules) * 1:64884 <-> DISABLED <-> SERVER-WEBAPP PRTG Network Monitor command injection attempt (server-webapp.rules) * 1:64888 <-> DISABLED <-> SERVER-OTHER Netwrix Auditor insecure object deserialization attempt (server-other.rules) * 1:64889 <-> DISABLED <-> POLICY-OTHER Microsoft Windows HTML Application download detected (policy-other.rules) * 1:64891 <-> DISABLED <-> MALWARE-OTHER Unix.Backdoor.SpawnMole download attempt (malware-other.rules) * 1:64893 <-> DISABLED <-> MALWARE-CNC Unix.Backdoor.SpawnMole outbound connection attempt (malware-cnc.rules) * 1:64892 <-> DISABLED <-> MALWARE-CNC Unix.Backdoor.SpawnMole outbound connection attempt (malware-cnc.rules) * 1:64894 <-> DISABLED <-> MALWARE-CNC Unix.Backdoor.SpawnMole outbound connection attempt (malware-cnc.rules) * 3:64903 <-> ENABLED <-> PROTOCOL-OTHER TRUFFLEHUNTER TALOS-2025-2184 attack attempt (protocol-other.rules) * 3:64905 <-> ENABLED <-> PROTOCOL-OTHER TRUFFLEHUNTER TALOS-2025-2185 attack attempt (protocol-other.rules) * 3:64904 <-> ENABLED <-> PROTOCOL-OTHER TRUFFLEHUNTER TALOS-2025-2184 attack attempt (protocol-other.rules)
* 1:62584 <-> DISABLED <-> FILE-OTHER Mozilla Thunderbird calendar property type confusion attempt (file-other.rules) * 1:62585 <-> DISABLED <-> FILE-OTHER Mozilla Thunderbird calendar property type confusion attempt (file-other.rules)
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2091701.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:64887 <-> DISABLED <-> SERVER-WEBAPP PRTG Network Monitor command injection attempt (server-webapp.rules) * 1:64898 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.CyberLock variant download attempt (malware-other.rules) * 1:64884 <-> DISABLED <-> SERVER-WEBAPP PRTG Network Monitor command injection attempt (server-webapp.rules) * 1:64900 <-> DISABLED <-> MALWARE-OTHER Win.Loader.Lucky_Ghost variant download attempt (malware-other.rules) * 1:64899 <-> DISABLED <-> MALWARE-OTHER Win.Loader.Lucky_Ghost variant download attempt (malware-other.rules) * 1:64902 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Lucky_Ghost variant download attempt (malware-other.rules) * 1:64888 <-> DISABLED <-> SERVER-OTHER Netwrix Auditor insecure object deserialization attempt (server-other.rules) * 1:64890 <-> DISABLED <-> MALWARE-OTHER Unix.Backdoor.SpawnMole download attempt (malware-other.rules) * 1:64885 <-> DISABLED <-> SERVER-WEBAPP PRTG Network Monitor command injection attempt (server-webapp.rules) * 1:64891 <-> DISABLED <-> MALWARE-OTHER Unix.Backdoor.SpawnMole download attempt (malware-other.rules) * 1:64892 <-> DISABLED <-> MALWARE-CNC Unix.Backdoor.SpawnMole outbound connection attempt (malware-cnc.rules) * 1:64893 <-> DISABLED <-> MALWARE-CNC Unix.Backdoor.SpawnMole outbound connection attempt (malware-cnc.rules) * 1:64886 <-> DISABLED <-> SERVER-WEBAPP PRTG Network Monitor command injection attempt (server-webapp.rules) * 1:64901 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Lucky_Ghost variant download attempt (malware-other.rules) * 1:64889 <-> DISABLED <-> POLICY-OTHER Microsoft Windows HTML Application download detected (policy-other.rules) * 1:64894 <-> DISABLED <-> MALWARE-CNC Unix.Backdoor.SpawnMole outbound connection attempt (malware-cnc.rules) * 1:64895 <-> ENABLED <-> SERVER-WEBAPP Langflow code validator remote code execution attempt (server-webapp.rules) * 1:64896 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.CyberLock variant outbound communication attempt (malware-other.rules) * 1:64897 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.CyberLock variant download attempt (malware-other.rules) * 3:64903 <-> ENABLED <-> PROTOCOL-OTHER TRUFFLEHUNTER TALOS-2025-2184 attack attempt (protocol-other.rules) * 3:64904 <-> ENABLED <-> PROTOCOL-OTHER TRUFFLEHUNTER TALOS-2025-2184 attack attempt (protocol-other.rules) * 3:64905 <-> ENABLED <-> PROTOCOL-OTHER TRUFFLEHUNTER TALOS-2025-2185 attack attempt (protocol-other.rules)
* 1:62584 <-> DISABLED <-> FILE-OTHER Mozilla Thunderbird calendar property type confusion attempt (file-other.rules) * 1:62585 <-> DISABLED <-> FILE-OTHER Mozilla Thunderbird calendar property type confusion attempt (file-other.rules)
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2091700.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:64897 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.CyberLock variant download attempt (malware-other.rules) * 1:64887 <-> DISABLED <-> SERVER-WEBAPP PRTG Network Monitor command injection attempt (server-webapp.rules) * 1:64898 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.CyberLock variant download attempt (malware-other.rules) * 1:64886 <-> DISABLED <-> SERVER-WEBAPP PRTG Network Monitor command injection attempt (server-webapp.rules) * 1:64900 <-> DISABLED <-> MALWARE-OTHER Win.Loader.Lucky_Ghost variant download attempt (malware-other.rules) * 1:64885 <-> DISABLED <-> SERVER-WEBAPP PRTG Network Monitor command injection attempt (server-webapp.rules) * 1:64896 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.CyberLock variant outbound communication attempt (malware-other.rules) * 1:64884 <-> DISABLED <-> SERVER-WEBAPP PRTG Network Monitor command injection attempt (server-webapp.rules) * 1:64890 <-> DISABLED <-> MALWARE-OTHER Unix.Backdoor.SpawnMole download attempt (malware-other.rules) * 1:64889 <-> DISABLED <-> POLICY-OTHER Microsoft Windows HTML Application download detected (policy-other.rules) * 1:64894 <-> DISABLED <-> MALWARE-CNC Unix.Backdoor.SpawnMole outbound connection attempt (malware-cnc.rules) * 1:64893 <-> DISABLED <-> MALWARE-CNC Unix.Backdoor.SpawnMole outbound connection attempt (malware-cnc.rules) * 1:64891 <-> DISABLED <-> MALWARE-OTHER Unix.Backdoor.SpawnMole download attempt (malware-other.rules) * 1:64892 <-> DISABLED <-> MALWARE-CNC Unix.Backdoor.SpawnMole outbound connection attempt (malware-cnc.rules) * 1:64895 <-> ENABLED <-> SERVER-WEBAPP Langflow code validator remote code execution attempt (server-webapp.rules) * 1:64888 <-> DISABLED <-> SERVER-OTHER Netwrix Auditor insecure object deserialization attempt (server-other.rules) * 1:64902 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Lucky_Ghost variant download attempt (malware-other.rules) * 1:64901 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Lucky_Ghost variant download attempt (malware-other.rules) * 1:64899 <-> DISABLED <-> MALWARE-OTHER Win.Loader.Lucky_Ghost variant download attempt (malware-other.rules) * 3:64904 <-> ENABLED <-> PROTOCOL-OTHER TRUFFLEHUNTER TALOS-2025-2184 attack attempt (protocol-other.rules) * 3:64905 <-> ENABLED <-> PROTOCOL-OTHER TRUFFLEHUNTER TALOS-2025-2185 attack attempt (protocol-other.rules) * 3:64903 <-> ENABLED <-> PROTOCOL-OTHER TRUFFLEHUNTER TALOS-2025-2184 attack attempt (protocol-other.rules)
* 1:62584 <-> DISABLED <-> FILE-OTHER Mozilla Thunderbird calendar property type confusion attempt (file-other.rules) * 1:62585 <-> DISABLED <-> FILE-OTHER Mozilla Thunderbird calendar property type confusion attempt (file-other.rules)
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2091601.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:64902 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Lucky_Ghost variant download attempt (malware-other.rules) * 1:64889 <-> DISABLED <-> POLICY-OTHER Microsoft Windows HTML Application download detected (policy-other.rules) * 1:64901 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Lucky_Ghost variant download attempt (malware-other.rules) * 1:64900 <-> DISABLED <-> MALWARE-OTHER Win.Loader.Lucky_Ghost variant download attempt (malware-other.rules) * 1:64899 <-> DISABLED <-> MALWARE-OTHER Win.Loader.Lucky_Ghost variant download attempt (malware-other.rules) * 1:64888 <-> DISABLED <-> SERVER-OTHER Netwrix Auditor insecure object deserialization attempt (server-other.rules) * 1:64898 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.CyberLock variant download attempt (malware-other.rules) * 1:64885 <-> DISABLED <-> SERVER-WEBAPP PRTG Network Monitor command injection attempt (server-webapp.rules) * 1:64894 <-> DISABLED <-> MALWARE-CNC Unix.Backdoor.SpawnMole outbound connection attempt (malware-cnc.rules) * 1:64893 <-> DISABLED <-> MALWARE-CNC Unix.Backdoor.SpawnMole outbound connection attempt (malware-cnc.rules) * 1:64897 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.CyberLock variant download attempt (malware-other.rules) * 1:64887 <-> DISABLED <-> SERVER-WEBAPP PRTG Network Monitor command injection attempt (server-webapp.rules) * 1:64886 <-> DISABLED <-> SERVER-WEBAPP PRTG Network Monitor command injection attempt (server-webapp.rules) * 1:64890 <-> DISABLED <-> MALWARE-OTHER Unix.Backdoor.SpawnMole download attempt (malware-other.rules) * 1:64884 <-> DISABLED <-> SERVER-WEBAPP PRTG Network Monitor command injection attempt (server-webapp.rules) * 1:64891 <-> DISABLED <-> MALWARE-OTHER Unix.Backdoor.SpawnMole download attempt (malware-other.rules) * 1:64896 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.CyberLock variant outbound communication attempt (malware-other.rules) * 1:64892 <-> DISABLED <-> MALWARE-CNC Unix.Backdoor.SpawnMole outbound connection attempt (malware-cnc.rules) * 1:64895 <-> ENABLED <-> SERVER-WEBAPP Langflow code validator remote code execution attempt (server-webapp.rules) * 3:64903 <-> ENABLED <-> PROTOCOL-OTHER TRUFFLEHUNTER TALOS-2025-2184 attack attempt (protocol-other.rules) * 3:64905 <-> ENABLED <-> PROTOCOL-OTHER TRUFFLEHUNTER TALOS-2025-2185 attack attempt (protocol-other.rules) * 3:64904 <-> ENABLED <-> PROTOCOL-OTHER TRUFFLEHUNTER TALOS-2025-2184 attack attempt (protocol-other.rules)
* 1:62584 <-> DISABLED <-> FILE-OTHER Mozilla Thunderbird calendar property type confusion attempt (file-other.rules) * 1:62585 <-> DISABLED <-> FILE-OTHER Mozilla Thunderbird calendar property type confusion attempt (file-other.rules)
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2091600.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:64900 <-> DISABLED <-> MALWARE-OTHER Win.Loader.Lucky_Ghost variant download attempt (malware-other.rules) * 1:64886 <-> DISABLED <-> SERVER-WEBAPP PRTG Network Monitor command injection attempt (server-webapp.rules) * 1:64899 <-> DISABLED <-> MALWARE-OTHER Win.Loader.Lucky_Ghost variant download attempt (malware-other.rules) * 1:64898 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.CyberLock variant download attempt (malware-other.rules) * 1:64884 <-> DISABLED <-> SERVER-WEBAPP PRTG Network Monitor command injection attempt (server-webapp.rules) * 1:64890 <-> DISABLED <-> MALWARE-OTHER Unix.Backdoor.SpawnMole download attempt (malware-other.rules) * 1:64893 <-> DISABLED <-> MALWARE-CNC Unix.Backdoor.SpawnMole outbound connection attempt (malware-cnc.rules) * 1:64894 <-> DISABLED <-> MALWARE-CNC Unix.Backdoor.SpawnMole outbound connection attempt (malware-cnc.rules) * 1:64891 <-> DISABLED <-> MALWARE-OTHER Unix.Backdoor.SpawnMole download attempt (malware-other.rules) * 1:64895 <-> ENABLED <-> SERVER-WEBAPP Langflow code validator remote code execution attempt (server-webapp.rules) * 1:64889 <-> DISABLED <-> POLICY-OTHER Microsoft Windows HTML Application download detected (policy-other.rules) * 1:64892 <-> DISABLED <-> MALWARE-CNC Unix.Backdoor.SpawnMole outbound connection attempt (malware-cnc.rules) * 1:64896 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.CyberLock variant outbound communication attempt (malware-other.rules) * 1:64902 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Lucky_Ghost variant download attempt (malware-other.rules) * 1:64901 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Lucky_Ghost variant download attempt (malware-other.rules) * 1:64888 <-> DISABLED <-> SERVER-OTHER Netwrix Auditor insecure object deserialization attempt (server-other.rules) * 1:64885 <-> DISABLED <-> SERVER-WEBAPP PRTG Network Monitor command injection attempt (server-webapp.rules) * 1:64897 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.CyberLock variant download attempt (malware-other.rules) * 1:64887 <-> DISABLED <-> SERVER-WEBAPP PRTG Network Monitor command injection attempt (server-webapp.rules) * 3:64905 <-> ENABLED <-> PROTOCOL-OTHER TRUFFLEHUNTER TALOS-2025-2185 attack attempt (protocol-other.rules) * 3:64904 <-> ENABLED <-> PROTOCOL-OTHER TRUFFLEHUNTER TALOS-2025-2184 attack attempt (protocol-other.rules) * 3:64903 <-> ENABLED <-> PROTOCOL-OTHER TRUFFLEHUNTER TALOS-2025-2184 attack attempt (protocol-other.rules)
* 1:62585 <-> DISABLED <-> FILE-OTHER Mozilla Thunderbird calendar property type confusion attempt (file-other.rules) * 1:62584 <-> DISABLED <-> FILE-OTHER Mozilla Thunderbird calendar property type confusion attempt (file-other.rules)
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2091501.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:64886 <-> DISABLED <-> SERVER-WEBAPP PRTG Network Monitor command injection attempt (server-webapp.rules) * 1:64896 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.CyberLock variant outbound communication attempt (malware-other.rules) * 1:64902 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Lucky_Ghost variant download attempt (malware-other.rules) * 1:64899 <-> DISABLED <-> MALWARE-OTHER Win.Loader.Lucky_Ghost variant download attempt (malware-other.rules) * 1:64888 <-> DISABLED <-> SERVER-OTHER Netwrix Auditor insecure object deserialization attempt (server-other.rules) * 1:64900 <-> DISABLED <-> MALWARE-OTHER Win.Loader.Lucky_Ghost variant download attempt (malware-other.rules) * 1:64898 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.CyberLock variant download attempt (malware-other.rules) * 1:64884 <-> DISABLED <-> SERVER-WEBAPP PRTG Network Monitor command injection attempt (server-webapp.rules) * 1:64892 <-> DISABLED <-> MALWARE-CNC Unix.Backdoor.SpawnMole outbound connection attempt (malware-cnc.rules) * 1:64887 <-> DISABLED <-> SERVER-WEBAPP PRTG Network Monitor command injection attempt (server-webapp.rules) * 1:64889 <-> DISABLED <-> POLICY-OTHER Microsoft Windows HTML Application download detected (policy-other.rules) * 1:64893 <-> DISABLED <-> MALWARE-CNC Unix.Backdoor.SpawnMole outbound connection attempt (malware-cnc.rules) * 1:64890 <-> DISABLED <-> MALWARE-OTHER Unix.Backdoor.SpawnMole download attempt (malware-other.rules) * 1:64885 <-> DISABLED <-> SERVER-WEBAPP PRTG Network Monitor command injection attempt (server-webapp.rules) * 1:64891 <-> DISABLED <-> MALWARE-OTHER Unix.Backdoor.SpawnMole download attempt (malware-other.rules) * 1:64894 <-> DISABLED <-> MALWARE-CNC Unix.Backdoor.SpawnMole outbound connection attempt (malware-cnc.rules) * 1:64895 <-> ENABLED <-> SERVER-WEBAPP Langflow code validator remote code execution attempt (server-webapp.rules) * 1:64901 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Lucky_Ghost variant download attempt (malware-other.rules) * 1:64897 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.CyberLock variant download attempt (malware-other.rules) * 3:64903 <-> ENABLED <-> PROTOCOL-OTHER TRUFFLEHUNTER TALOS-2025-2184 attack attempt (protocol-other.rules) * 3:64905 <-> ENABLED <-> PROTOCOL-OTHER TRUFFLEHUNTER TALOS-2025-2185 attack attempt (protocol-other.rules) * 3:64904 <-> ENABLED <-> PROTOCOL-OTHER TRUFFLEHUNTER TALOS-2025-2184 attack attempt (protocol-other.rules)
* 1:62584 <-> DISABLED <-> FILE-OTHER Mozilla Thunderbird calendar property type confusion attempt (file-other.rules) * 1:62585 <-> DISABLED <-> FILE-OTHER Mozilla Thunderbird calendar property type confusion attempt (file-other.rules)
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2091401.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:64896 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.CyberLock variant outbound communication attempt (malware-other.rules) * 1:64890 <-> DISABLED <-> MALWARE-OTHER Unix.Backdoor.SpawnMole download attempt (malware-other.rules) * 1:64889 <-> DISABLED <-> POLICY-OTHER Microsoft Windows HTML Application download detected (policy-other.rules) * 1:64901 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Lucky_Ghost variant download attempt (malware-other.rules) * 1:64902 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Lucky_Ghost variant download attempt (malware-other.rules) * 1:64895 <-> ENABLED <-> SERVER-WEBAPP Langflow code validator remote code execution attempt (server-webapp.rules) * 1:64894 <-> DISABLED <-> MALWARE-CNC Unix.Backdoor.SpawnMole outbound connection attempt (malware-cnc.rules) * 1:64899 <-> DISABLED <-> MALWARE-OTHER Win.Loader.Lucky_Ghost variant download attempt (malware-other.rules) * 1:64886 <-> DISABLED <-> SERVER-WEBAPP PRTG Network Monitor command injection attempt (server-webapp.rules) * 1:64887 <-> DISABLED <-> SERVER-WEBAPP PRTG Network Monitor command injection attempt (server-webapp.rules) * 1:64888 <-> DISABLED <-> SERVER-OTHER Netwrix Auditor insecure object deserialization attempt (server-other.rules) * 1:64898 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.CyberLock variant download attempt (malware-other.rules) * 1:64884 <-> DISABLED <-> SERVER-WEBAPP PRTG Network Monitor command injection attempt (server-webapp.rules) * 1:64892 <-> DISABLED <-> MALWARE-CNC Unix.Backdoor.SpawnMole outbound connection attempt (malware-cnc.rules) * 1:64893 <-> DISABLED <-> MALWARE-CNC Unix.Backdoor.SpawnMole outbound connection attempt (malware-cnc.rules) * 1:64885 <-> DISABLED <-> SERVER-WEBAPP PRTG Network Monitor command injection attempt (server-webapp.rules) * 1:64897 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.CyberLock variant download attempt (malware-other.rules) * 1:64891 <-> DISABLED <-> MALWARE-OTHER Unix.Backdoor.SpawnMole download attempt (malware-other.rules) * 1:64900 <-> DISABLED <-> MALWARE-OTHER Win.Loader.Lucky_Ghost variant download attempt (malware-other.rules) * 3:64905 <-> ENABLED <-> PROTOCOL-OTHER TRUFFLEHUNTER TALOS-2025-2185 attack attempt (protocol-other.rules) * 3:64903 <-> ENABLED <-> PROTOCOL-OTHER TRUFFLEHUNTER TALOS-2025-2184 attack attempt (protocol-other.rules) * 3:64904 <-> ENABLED <-> PROTOCOL-OTHER TRUFFLEHUNTER TALOS-2025-2184 attack attempt (protocol-other.rules)
* 1:62585 <-> DISABLED <-> FILE-OTHER Mozilla Thunderbird calendar property type confusion attempt (file-other.rules) * 1:62584 <-> DISABLED <-> FILE-OTHER Mozilla Thunderbird calendar property type confusion attempt (file-other.rules)
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2091300.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:64885 <-> DISABLED <-> SERVER-WEBAPP PRTG Network Monitor command injection attempt (server-webapp.rules) * 1:64902 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Lucky_Ghost variant download attempt (malware-other.rules) * 1:64900 <-> DISABLED <-> MALWARE-OTHER Win.Loader.Lucky_Ghost variant download attempt (malware-other.rules) * 1:64898 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.CyberLock variant download attempt (malware-other.rules) * 1:64884 <-> DISABLED <-> SERVER-WEBAPP PRTG Network Monitor command injection attempt (server-webapp.rules) * 1:64897 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.CyberLock variant download attempt (malware-other.rules) * 1:64887 <-> DISABLED <-> SERVER-WEBAPP PRTG Network Monitor command injection attempt (server-webapp.rules) * 1:64894 <-> DISABLED <-> MALWARE-CNC Unix.Backdoor.SpawnMole outbound connection attempt (malware-cnc.rules) * 1:64891 <-> DISABLED <-> MALWARE-OTHER Unix.Backdoor.SpawnMole download attempt (malware-other.rules) * 1:64886 <-> DISABLED <-> SERVER-WEBAPP PRTG Network Monitor command injection attempt (server-webapp.rules) * 1:64892 <-> DISABLED <-> MALWARE-CNC Unix.Backdoor.SpawnMole outbound connection attempt (malware-cnc.rules) * 1:64888 <-> DISABLED <-> SERVER-OTHER Netwrix Auditor insecure object deserialization attempt (server-other.rules) * 1:64895 <-> ENABLED <-> SERVER-WEBAPP Langflow code validator remote code execution attempt (server-webapp.rules) * 1:64890 <-> DISABLED <-> MALWARE-OTHER Unix.Backdoor.SpawnMole download attempt (malware-other.rules) * 1:64896 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.CyberLock variant outbound communication attempt (malware-other.rules) * 1:64893 <-> DISABLED <-> MALWARE-CNC Unix.Backdoor.SpawnMole outbound connection attempt (malware-cnc.rules) * 1:64889 <-> DISABLED <-> POLICY-OTHER Microsoft Windows HTML Application download detected (policy-other.rules) * 1:64899 <-> DISABLED <-> MALWARE-OTHER Win.Loader.Lucky_Ghost variant download attempt (malware-other.rules) * 1:64901 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Lucky_Ghost variant download attempt (malware-other.rules) * 3:64905 <-> ENABLED <-> PROTOCOL-OTHER TRUFFLEHUNTER TALOS-2025-2185 attack attempt (protocol-other.rules) * 3:64903 <-> ENABLED <-> PROTOCOL-OTHER TRUFFLEHUNTER TALOS-2025-2184 attack attempt (protocol-other.rules) * 3:64904 <-> ENABLED <-> PROTOCOL-OTHER TRUFFLEHUNTER TALOS-2025-2184 attack attempt (protocol-other.rules)
* 1:62584 <-> DISABLED <-> FILE-OTHER Mozilla Thunderbird calendar property type confusion attempt (file-other.rules) * 1:62585 <-> DISABLED <-> FILE-OTHER Mozilla Thunderbird calendar property type confusion attempt (file-other.rules)
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2091101.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:64902 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Lucky_Ghost variant download attempt (malware-other.rules) * 1:64899 <-> DISABLED <-> MALWARE-OTHER Win.Loader.Lucky_Ghost variant download attempt (malware-other.rules) * 1:64896 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.CyberLock variant outbound communication attempt (malware-other.rules) * 1:64895 <-> ENABLED <-> SERVER-WEBAPP Langflow code validator remote code execution attempt (server-webapp.rules) * 1:64897 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.CyberLock variant download attempt (malware-other.rules) * 1:64893 <-> DISABLED <-> MALWARE-CNC Unix.Backdoor.SpawnMole outbound connection attempt (malware-cnc.rules) * 1:64900 <-> DISABLED <-> MALWARE-OTHER Win.Loader.Lucky_Ghost variant download attempt (malware-other.rules) * 1:64884 <-> DISABLED <-> SERVER-WEBAPP PRTG Network Monitor command injection attempt (server-webapp.rules) * 1:64885 <-> DISABLED <-> SERVER-WEBAPP PRTG Network Monitor command injection attempt (server-webapp.rules) * 1:64886 <-> DISABLED <-> SERVER-WEBAPP PRTG Network Monitor command injection attempt (server-webapp.rules) * 1:64894 <-> DISABLED <-> MALWARE-CNC Unix.Backdoor.SpawnMole outbound connection attempt (malware-cnc.rules) * 1:64898 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.CyberLock variant download attempt (malware-other.rules) * 1:64891 <-> DISABLED <-> MALWARE-OTHER Unix.Backdoor.SpawnMole download attempt (malware-other.rules) * 1:64892 <-> DISABLED <-> MALWARE-CNC Unix.Backdoor.SpawnMole outbound connection attempt (malware-cnc.rules) * 1:64901 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Lucky_Ghost variant download attempt (malware-other.rules) * 1:64888 <-> DISABLED <-> SERVER-OTHER Netwrix Auditor insecure object deserialization attempt (server-other.rules) * 1:64887 <-> DISABLED <-> SERVER-WEBAPP PRTG Network Monitor command injection attempt (server-webapp.rules) * 1:64890 <-> DISABLED <-> MALWARE-OTHER Unix.Backdoor.SpawnMole download attempt (malware-other.rules) * 1:64889 <-> DISABLED <-> POLICY-OTHER Microsoft Windows HTML Application download detected (policy-other.rules) * 3:64903 <-> ENABLED <-> PROTOCOL-OTHER TRUFFLEHUNTER TALOS-2025-2184 attack attempt (protocol-other.rules) * 3:64905 <-> ENABLED <-> PROTOCOL-OTHER TRUFFLEHUNTER TALOS-2025-2185 attack attempt (protocol-other.rules) * 3:64904 <-> ENABLED <-> PROTOCOL-OTHER TRUFFLEHUNTER TALOS-2025-2184 attack attempt (protocol-other.rules)
* 1:62585 <-> DISABLED <-> FILE-OTHER Mozilla Thunderbird calendar property type confusion attempt (file-other.rules) * 1:62584 <-> DISABLED <-> FILE-OTHER Mozilla Thunderbird calendar property type confusion attempt (file-other.rules)
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.0.0.0.
The format of the file is:
gid:sid <-> Message
* 1:301204 <-> MALWARE-OTHER Unix.Backdoor.SpawnMole download attempt * 1:301205 <-> MALWARE-OTHER Win.Ransomware.CyberLock variant download attempt * 1:301206 <-> MALWARE-OTHER Win.Loader.Lucky_Ghost variant download attempt * 1:301207 <-> MALWARE-OTHER Win.Ransomware.Lucky_Ghost variant download attempt * 1:64884 <-> SERVER-WEBAPP PRTG Network Monitor command injection attempt * 1:64885 <-> SERVER-WEBAPP PRTG Network Monitor command injection attempt * 1:64886 <-> SERVER-WEBAPP PRTG Network Monitor command injection attempt * 1:64887 <-> SERVER-WEBAPP PRTG Network Monitor command injection attempt * 1:64888 <-> SERVER-OTHER Netwrix Auditor insecure object deserialization attempt * 1:64889 <-> POLICY-OTHER Microsoft Windows HTML Application download detected * 1:64892 <-> MALWARE-CNC Unix.Backdoor.SpawnMole outbound connection attempt * 1:64893 <-> MALWARE-CNC Unix.Backdoor.SpawnMole outbound connection attempt * 1:64894 <-> MALWARE-CNC Unix.Backdoor.SpawnMole outbound connection attempt * 1:64895 <-> SERVER-WEBAPP Langflow code validator remote code execution attempt * 1:64896 <-> MALWARE-OTHER Win.Ransomware.CyberLock variant outbound communication attempt * 3:64903 <-> PROTOCOL-OTHER TRUFFLEHUNTER TALOS-2025-2184 attack attempt * 3:64904 <-> PROTOCOL-OTHER TRUFFLEHUNTER TALOS-2025-2184 attack attempt * 3:64905 <-> PROTOCOL-OTHER TRUFFLEHUNTER TALOS-2025-2185 attack attempt
* 1:300742 <-> FILE-OTHER Mozilla Thunderbird calendar property type confusion attempt
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.0.3.1.
The format of the file is:
gid:sid <-> Message
* 1:301204 <-> MALWARE-OTHER Unix.Backdoor.SpawnMole download attempt * 1:301205 <-> MALWARE-OTHER Win.Ransomware.CyberLock variant download attempt * 1:301206 <-> MALWARE-OTHER Win.Loader.Lucky_Ghost variant download attempt * 1:301207 <-> MALWARE-OTHER Win.Ransomware.Lucky_Ghost variant download attempt * 1:64884 <-> SERVER-WEBAPP PRTG Network Monitor command injection attempt * 1:64885 <-> SERVER-WEBAPP PRTG Network Monitor command injection attempt * 1:64886 <-> SERVER-WEBAPP PRTG Network Monitor command injection attempt * 1:64887 <-> SERVER-WEBAPP PRTG Network Monitor command injection attempt * 1:64888 <-> SERVER-OTHER Netwrix Auditor insecure object deserialization attempt * 1:64889 <-> POLICY-OTHER Microsoft Windows HTML Application download detected * 1:64892 <-> MALWARE-CNC Unix.Backdoor.SpawnMole outbound connection attempt * 1:64893 <-> MALWARE-CNC Unix.Backdoor.SpawnMole outbound connection attempt * 1:64894 <-> MALWARE-CNC Unix.Backdoor.SpawnMole outbound connection attempt * 1:64895 <-> SERVER-WEBAPP Langflow code validator remote code execution attempt * 1:64896 <-> MALWARE-OTHER Win.Ransomware.CyberLock variant outbound communication attempt * 3:64903 <-> PROTOCOL-OTHER TRUFFLEHUNTER TALOS-2025-2184 attack attempt * 3:64904 <-> PROTOCOL-OTHER TRUFFLEHUNTER TALOS-2025-2184 attack attempt * 3:64905 <-> PROTOCOL-OTHER TRUFFLEHUNTER TALOS-2025-2185 attack attempt
* 1:300742 <-> FILE-OTHER Mozilla Thunderbird calendar property type confusion attempt
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.0.3.4.
The format of the file is:
gid:sid <-> Message
* 1:301204 <-> MALWARE-OTHER Unix.Backdoor.SpawnMole download attempt * 1:301205 <-> MALWARE-OTHER Win.Ransomware.CyberLock variant download attempt * 1:301206 <-> MALWARE-OTHER Win.Loader.Lucky_Ghost variant download attempt * 1:301207 <-> MALWARE-OTHER Win.Ransomware.Lucky_Ghost variant download attempt * 1:64884 <-> SERVER-WEBAPP PRTG Network Monitor command injection attempt * 1:64885 <-> SERVER-WEBAPP PRTG Network Monitor command injection attempt * 1:64886 <-> SERVER-WEBAPP PRTG Network Monitor command injection attempt * 1:64887 <-> SERVER-WEBAPP PRTG Network Monitor command injection attempt * 1:64888 <-> SERVER-OTHER Netwrix Auditor insecure object deserialization attempt * 1:64889 <-> POLICY-OTHER Microsoft Windows HTML Application download detected * 1:64892 <-> MALWARE-CNC Unix.Backdoor.SpawnMole outbound connection attempt * 1:64893 <-> MALWARE-CNC Unix.Backdoor.SpawnMole outbound connection attempt * 1:64894 <-> MALWARE-CNC Unix.Backdoor.SpawnMole outbound connection attempt * 1:64895 <-> SERVER-WEBAPP Langflow code validator remote code execution attempt * 1:64896 <-> MALWARE-OTHER Win.Ransomware.CyberLock variant outbound communication attempt * 3:64903 <-> PROTOCOL-OTHER TRUFFLEHUNTER TALOS-2025-2184 attack attempt * 3:64904 <-> PROTOCOL-OTHER TRUFFLEHUNTER TALOS-2025-2184 attack attempt * 3:64905 <-> PROTOCOL-OTHER TRUFFLEHUNTER TALOS-2025-2185 attack attempt
* 1:300742 <-> FILE-OTHER Mozilla Thunderbird calendar property type confusion attempt
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.0.0.
The format of the file is:
gid:sid <-> Message
* 1:301204 <-> MALWARE-OTHER Unix.Backdoor.SpawnMole download attempt * 1:301205 <-> MALWARE-OTHER Win.Ransomware.CyberLock variant download attempt * 1:301206 <-> MALWARE-OTHER Win.Loader.Lucky_Ghost variant download attempt * 1:301207 <-> MALWARE-OTHER Win.Ransomware.Lucky_Ghost variant download attempt * 1:64884 <-> SERVER-WEBAPP PRTG Network Monitor command injection attempt * 1:64885 <-> SERVER-WEBAPP PRTG Network Monitor command injection attempt * 1:64886 <-> SERVER-WEBAPP PRTG Network Monitor command injection attempt * 1:64887 <-> SERVER-WEBAPP PRTG Network Monitor command injection attempt * 1:64888 <-> SERVER-OTHER Netwrix Auditor insecure object deserialization attempt * 1:64889 <-> POLICY-OTHER Microsoft Windows HTML Application download detected * 1:64892 <-> MALWARE-CNC Unix.Backdoor.SpawnMole outbound connection attempt * 1:64893 <-> MALWARE-CNC Unix.Backdoor.SpawnMole outbound connection attempt * 1:64894 <-> MALWARE-CNC Unix.Backdoor.SpawnMole outbound connection attempt * 1:64895 <-> SERVER-WEBAPP Langflow code validator remote code execution attempt * 1:64896 <-> MALWARE-OTHER Win.Ransomware.CyberLock variant outbound communication attempt * 3:64903 <-> PROTOCOL-OTHER TRUFFLEHUNTER TALOS-2025-2184 attack attempt * 3:64904 <-> PROTOCOL-OTHER TRUFFLEHUNTER TALOS-2025-2184 attack attempt * 3:64905 <-> PROTOCOL-OTHER TRUFFLEHUNTER TALOS-2025-2185 attack attempt
* 1:300742 <-> FILE-OTHER Mozilla Thunderbird calendar property type confusion attempt
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.0.1.
The format of the file is:
gid:sid <-> Message
* 1:301204 <-> MALWARE-OTHER Unix.Backdoor.SpawnMole download attempt * 1:301205 <-> MALWARE-OTHER Win.Ransomware.CyberLock variant download attempt * 1:301206 <-> MALWARE-OTHER Win.Loader.Lucky_Ghost variant download attempt * 1:301207 <-> MALWARE-OTHER Win.Ransomware.Lucky_Ghost variant download attempt * 1:64884 <-> SERVER-WEBAPP PRTG Network Monitor command injection attempt * 1:64885 <-> SERVER-WEBAPP PRTG Network Monitor command injection attempt * 1:64886 <-> SERVER-WEBAPP PRTG Network Monitor command injection attempt * 1:64887 <-> SERVER-WEBAPP PRTG Network Monitor command injection attempt * 1:64888 <-> SERVER-OTHER Netwrix Auditor insecure object deserialization attempt * 1:64889 <-> POLICY-OTHER Microsoft Windows HTML Application download detected * 1:64892 <-> MALWARE-CNC Unix.Backdoor.SpawnMole outbound connection attempt * 1:64893 <-> MALWARE-CNC Unix.Backdoor.SpawnMole outbound connection attempt * 1:64894 <-> MALWARE-CNC Unix.Backdoor.SpawnMole outbound connection attempt * 1:64895 <-> SERVER-WEBAPP Langflow code validator remote code execution attempt * 1:64896 <-> MALWARE-OTHER Win.Ransomware.CyberLock variant outbound communication attempt * 3:64903 <-> PROTOCOL-OTHER TRUFFLEHUNTER TALOS-2025-2184 attack attempt * 3:64904 <-> PROTOCOL-OTHER TRUFFLEHUNTER TALOS-2025-2184 attack attempt * 3:64905 <-> PROTOCOL-OTHER TRUFFLEHUNTER TALOS-2025-2185 attack attempt
* 1:300742 <-> FILE-OTHER Mozilla Thunderbird calendar property type confusion attempt
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.1.0.
The format of the file is:
gid:sid <-> Message
* 1:301204 <-> MALWARE-OTHER Unix.Backdoor.SpawnMole download attempt * 1:301205 <-> MALWARE-OTHER Win.Ransomware.CyberLock variant download attempt * 1:301206 <-> MALWARE-OTHER Win.Loader.Lucky_Ghost variant download attempt * 1:301207 <-> MALWARE-OTHER Win.Ransomware.Lucky_Ghost variant download attempt * 1:64884 <-> SERVER-WEBAPP PRTG Network Monitor command injection attempt * 1:64885 <-> SERVER-WEBAPP PRTG Network Monitor command injection attempt * 1:64886 <-> SERVER-WEBAPP PRTG Network Monitor command injection attempt * 1:64887 <-> SERVER-WEBAPP PRTG Network Monitor command injection attempt * 1:64888 <-> SERVER-OTHER Netwrix Auditor insecure object deserialization attempt * 1:64889 <-> POLICY-OTHER Microsoft Windows HTML Application download detected * 1:64892 <-> MALWARE-CNC Unix.Backdoor.SpawnMole outbound connection attempt * 1:64893 <-> MALWARE-CNC Unix.Backdoor.SpawnMole outbound connection attempt * 1:64894 <-> MALWARE-CNC Unix.Backdoor.SpawnMole outbound connection attempt * 1:64895 <-> SERVER-WEBAPP Langflow code validator remote code execution attempt * 1:64896 <-> MALWARE-OTHER Win.Ransomware.CyberLock variant outbound communication attempt * 3:64903 <-> PROTOCOL-OTHER TRUFFLEHUNTER TALOS-2025-2184 attack attempt * 3:64904 <-> PROTOCOL-OTHER TRUFFLEHUNTER TALOS-2025-2184 attack attempt * 3:64905 <-> PROTOCOL-OTHER TRUFFLEHUNTER TALOS-2025-2185 attack attempt
* 1:300742 <-> FILE-OTHER Mozilla Thunderbird calendar property type confusion attempt
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.3.0.
The format of the file is:
gid:sid <-> Message
* 1:301204 <-> MALWARE-OTHER Unix.Backdoor.SpawnMole download attempt * 1:301205 <-> MALWARE-OTHER Win.Ransomware.CyberLock variant download attempt * 1:301206 <-> MALWARE-OTHER Win.Loader.Lucky_Ghost variant download attempt * 1:301207 <-> MALWARE-OTHER Win.Ransomware.Lucky_Ghost variant download attempt * 1:64884 <-> SERVER-WEBAPP PRTG Network Monitor command injection attempt * 1:64885 <-> SERVER-WEBAPP PRTG Network Monitor command injection attempt * 1:64886 <-> SERVER-WEBAPP PRTG Network Monitor command injection attempt * 1:64887 <-> SERVER-WEBAPP PRTG Network Monitor command injection attempt * 1:64888 <-> SERVER-OTHER Netwrix Auditor insecure object deserialization attempt * 1:64889 <-> POLICY-OTHER Microsoft Windows HTML Application download detected * 1:64892 <-> MALWARE-CNC Unix.Backdoor.SpawnMole outbound connection attempt * 1:64893 <-> MALWARE-CNC Unix.Backdoor.SpawnMole outbound connection attempt * 1:64894 <-> MALWARE-CNC Unix.Backdoor.SpawnMole outbound connection attempt * 1:64895 <-> SERVER-WEBAPP Langflow code validator remote code execution attempt * 1:64896 <-> MALWARE-OTHER Win.Ransomware.CyberLock variant outbound communication attempt * 3:64903 <-> PROTOCOL-OTHER TRUFFLEHUNTER TALOS-2025-2184 attack attempt * 3:64904 <-> PROTOCOL-OTHER TRUFFLEHUNTER TALOS-2025-2184 attack attempt * 3:64905 <-> PROTOCOL-OTHER TRUFFLEHUNTER TALOS-2025-2185 attack attempt
* 1:300742 <-> FILE-OTHER Mozilla Thunderbird calendar property type confusion attempt
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.4.0.
The format of the file is:
gid:sid <-> Message
* 1:301204 <-> MALWARE-OTHER Unix.Backdoor.SpawnMole download attempt * 1:301205 <-> MALWARE-OTHER Win.Ransomware.CyberLock variant download attempt * 1:301206 <-> MALWARE-OTHER Win.Loader.Lucky_Ghost variant download attempt * 1:301207 <-> MALWARE-OTHER Win.Ransomware.Lucky_Ghost variant download attempt * 1:64884 <-> SERVER-WEBAPP PRTG Network Monitor command injection attempt * 1:64885 <-> SERVER-WEBAPP PRTG Network Monitor command injection attempt * 1:64886 <-> SERVER-WEBAPP PRTG Network Monitor command injection attempt * 1:64887 <-> SERVER-WEBAPP PRTG Network Monitor command injection attempt * 1:64888 <-> SERVER-OTHER Netwrix Auditor insecure object deserialization attempt * 1:64889 <-> POLICY-OTHER Microsoft Windows HTML Application download detected * 1:64892 <-> MALWARE-CNC Unix.Backdoor.SpawnMole outbound connection attempt * 1:64893 <-> MALWARE-CNC Unix.Backdoor.SpawnMole outbound connection attempt * 1:64894 <-> MALWARE-CNC Unix.Backdoor.SpawnMole outbound connection attempt * 1:64895 <-> SERVER-WEBAPP Langflow code validator remote code execution attempt * 1:64896 <-> MALWARE-OTHER Win.Ransomware.CyberLock variant outbound communication attempt * 3:64903 <-> PROTOCOL-OTHER TRUFFLEHUNTER TALOS-2025-2184 attack attempt * 3:64904 <-> PROTOCOL-OTHER TRUFFLEHUNTER TALOS-2025-2184 attack attempt * 3:64905 <-> PROTOCOL-OTHER TRUFFLEHUNTER TALOS-2025-2185 attack attempt
* 1:300742 <-> FILE-OTHER Mozilla Thunderbird calendar property type confusion attempt
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.5.0.
The format of the file is:
gid:sid <-> Message
* 1:301204 <-> MALWARE-OTHER Unix.Backdoor.SpawnMole download attempt * 1:301205 <-> MALWARE-OTHER Win.Ransomware.CyberLock variant download attempt * 1:301206 <-> MALWARE-OTHER Win.Loader.Lucky_Ghost variant download attempt * 1:301207 <-> MALWARE-OTHER Win.Ransomware.Lucky_Ghost variant download attempt * 1:64884 <-> SERVER-WEBAPP PRTG Network Monitor command injection attempt * 1:64885 <-> SERVER-WEBAPP PRTG Network Monitor command injection attempt * 1:64886 <-> SERVER-WEBAPP PRTG Network Monitor command injection attempt * 1:64887 <-> SERVER-WEBAPP PRTG Network Monitor command injection attempt * 1:64888 <-> SERVER-OTHER Netwrix Auditor insecure object deserialization attempt * 1:64889 <-> POLICY-OTHER Microsoft Windows HTML Application download detected * 1:64892 <-> MALWARE-CNC Unix.Backdoor.SpawnMole outbound connection attempt * 1:64893 <-> MALWARE-CNC Unix.Backdoor.SpawnMole outbound connection attempt * 1:64894 <-> MALWARE-CNC Unix.Backdoor.SpawnMole outbound connection attempt * 1:64895 <-> SERVER-WEBAPP Langflow code validator remote code execution attempt * 1:64896 <-> MALWARE-OTHER Win.Ransomware.CyberLock variant outbound communication attempt * 3:64903 <-> PROTOCOL-OTHER TRUFFLEHUNTER TALOS-2025-2184 attack attempt * 3:64904 <-> PROTOCOL-OTHER TRUFFLEHUNTER TALOS-2025-2184 attack attempt * 3:64905 <-> PROTOCOL-OTHER TRUFFLEHUNTER TALOS-2025-2185 attack attempt
* 1:300742 <-> FILE-OTHER Mozilla Thunderbird calendar property type confusion attempt
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.7.0.
The format of the file is:
gid:sid <-> Message
* 1:301204 <-> MALWARE-OTHER Unix.Backdoor.SpawnMole download attempt * 1:301205 <-> MALWARE-OTHER Win.Ransomware.CyberLock variant download attempt * 1:301206 <-> MALWARE-OTHER Win.Loader.Lucky_Ghost variant download attempt * 1:301207 <-> MALWARE-OTHER Win.Ransomware.Lucky_Ghost variant download attempt * 1:64884 <-> SERVER-WEBAPP PRTG Network Monitor command injection attempt * 1:64885 <-> SERVER-WEBAPP PRTG Network Monitor command injection attempt * 1:64886 <-> SERVER-WEBAPP PRTG Network Monitor command injection attempt * 1:64887 <-> SERVER-WEBAPP PRTG Network Monitor command injection attempt * 1:64888 <-> SERVER-OTHER Netwrix Auditor insecure object deserialization attempt * 1:64889 <-> POLICY-OTHER Microsoft Windows HTML Application download detected * 1:64892 <-> MALWARE-CNC Unix.Backdoor.SpawnMole outbound connection attempt * 1:64893 <-> MALWARE-CNC Unix.Backdoor.SpawnMole outbound connection attempt * 1:64894 <-> MALWARE-CNC Unix.Backdoor.SpawnMole outbound connection attempt * 1:64895 <-> SERVER-WEBAPP Langflow code validator remote code execution attempt * 1:64896 <-> MALWARE-OTHER Win.Ransomware.CyberLock variant outbound communication attempt * 3:64903 <-> PROTOCOL-OTHER TRUFFLEHUNTER TALOS-2025-2184 attack attempt * 3:64904 <-> PROTOCOL-OTHER TRUFFLEHUNTER TALOS-2025-2184 attack attempt * 3:64905 <-> PROTOCOL-OTHER TRUFFLEHUNTER TALOS-2025-2185 attack attempt
* 1:300742 <-> FILE-OTHER Mozilla Thunderbird calendar property type confusion attempt
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.9.0.
The format of the file is:
gid:sid <-> Message
* 1:301204 <-> MALWARE-OTHER Unix.Backdoor.SpawnMole download attempt * 1:301205 <-> MALWARE-OTHER Win.Ransomware.CyberLock variant download attempt * 1:301206 <-> MALWARE-OTHER Win.Loader.Lucky_Ghost variant download attempt * 1:301207 <-> MALWARE-OTHER Win.Ransomware.Lucky_Ghost variant download attempt * 1:64884 <-> SERVER-WEBAPP PRTG Network Monitor command injection attempt * 1:64885 <-> SERVER-WEBAPP PRTG Network Monitor command injection attempt * 1:64886 <-> SERVER-WEBAPP PRTG Network Monitor command injection attempt * 1:64887 <-> SERVER-WEBAPP PRTG Network Monitor command injection attempt * 1:64888 <-> SERVER-OTHER Netwrix Auditor insecure object deserialization attempt * 1:64889 <-> POLICY-OTHER Microsoft Windows HTML Application download detected * 1:64892 <-> MALWARE-CNC Unix.Backdoor.SpawnMole outbound connection attempt * 1:64893 <-> MALWARE-CNC Unix.Backdoor.SpawnMole outbound connection attempt * 1:64894 <-> MALWARE-CNC Unix.Backdoor.SpawnMole outbound connection attempt * 1:64895 <-> SERVER-WEBAPP Langflow code validator remote code execution attempt * 1:64896 <-> MALWARE-OTHER Win.Ransomware.CyberLock variant outbound communication attempt * 3:64903 <-> PROTOCOL-OTHER TRUFFLEHUNTER TALOS-2025-2184 attack attempt * 3:64904 <-> PROTOCOL-OTHER TRUFFLEHUNTER TALOS-2025-2184 attack attempt * 3:64905 <-> PROTOCOL-OTHER TRUFFLEHUNTER TALOS-2025-2185 attack attempt
* 1:300742 <-> FILE-OTHER Mozilla Thunderbird calendar property type confusion attempt
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.2.0.0.
The format of the file is:
gid:sid <-> Message
* 1:301204 <-> MALWARE-OTHER Unix.Backdoor.SpawnMole download attempt * 1:301205 <-> MALWARE-OTHER Win.Ransomware.CyberLock variant download attempt * 1:301206 <-> MALWARE-OTHER Win.Loader.Lucky_Ghost variant download attempt * 1:301207 <-> MALWARE-OTHER Win.Ransomware.Lucky_Ghost variant download attempt * 1:64884 <-> SERVER-WEBAPP PRTG Network Monitor command injection attempt * 1:64885 <-> SERVER-WEBAPP PRTG Network Monitor command injection attempt * 1:64886 <-> SERVER-WEBAPP PRTG Network Monitor command injection attempt * 1:64887 <-> SERVER-WEBAPP PRTG Network Monitor command injection attempt * 1:64888 <-> SERVER-OTHER Netwrix Auditor insecure object deserialization attempt * 1:64889 <-> POLICY-OTHER Microsoft Windows HTML Application download detected * 1:64892 <-> MALWARE-CNC Unix.Backdoor.SpawnMole outbound connection attempt * 1:64893 <-> MALWARE-CNC Unix.Backdoor.SpawnMole outbound connection attempt * 1:64894 <-> MALWARE-CNC Unix.Backdoor.SpawnMole outbound connection attempt * 1:64895 <-> SERVER-WEBAPP Langflow code validator remote code execution attempt * 1:64896 <-> MALWARE-OTHER Win.Ransomware.CyberLock variant outbound communication attempt * 3:64903 <-> PROTOCOL-OTHER TRUFFLEHUNTER TALOS-2025-2184 attack attempt * 3:64904 <-> PROTOCOL-OTHER TRUFFLEHUNTER TALOS-2025-2184 attack attempt * 3:64905 <-> PROTOCOL-OTHER TRUFFLEHUNTER TALOS-2025-2185 attack attempt
* 1:300742 <-> FILE-OTHER Mozilla Thunderbird calendar property type confusion attempt
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.7.0.0.
The format of the file is:
gid:sid <-> Message
* 1:301204 <-> MALWARE-OTHER Unix.Backdoor.SpawnMole download attempt * 1:301205 <-> MALWARE-OTHER Win.Ransomware.CyberLock variant download attempt * 1:301206 <-> MALWARE-OTHER Win.Loader.Lucky_Ghost variant download attempt * 1:301207 <-> MALWARE-OTHER Win.Ransomware.Lucky_Ghost variant download attempt * 1:64884 <-> SERVER-WEBAPP PRTG Network Monitor command injection attempt * 1:64885 <-> SERVER-WEBAPP PRTG Network Monitor command injection attempt * 1:64886 <-> SERVER-WEBAPP PRTG Network Monitor command injection attempt * 1:64887 <-> SERVER-WEBAPP PRTG Network Monitor command injection attempt * 1:64888 <-> SERVER-OTHER Netwrix Auditor insecure object deserialization attempt * 1:64889 <-> POLICY-OTHER Microsoft Windows HTML Application download detected * 1:64892 <-> MALWARE-CNC Unix.Backdoor.SpawnMole outbound connection attempt * 1:64893 <-> MALWARE-CNC Unix.Backdoor.SpawnMole outbound connection attempt * 1:64894 <-> MALWARE-CNC Unix.Backdoor.SpawnMole outbound connection attempt * 1:64895 <-> SERVER-WEBAPP Langflow code validator remote code execution attempt * 1:64896 <-> MALWARE-OTHER Win.Ransomware.CyberLock variant outbound communication attempt * 3:64903 <-> PROTOCOL-OTHER TRUFFLEHUNTER TALOS-2025-2184 attack attempt * 3:64904 <-> PROTOCOL-OTHER TRUFFLEHUNTER TALOS-2025-2184 attack attempt * 3:64905 <-> PROTOCOL-OTHER TRUFFLEHUNTER TALOS-2025-2185 attack attempt
* 1:300742 <-> FILE-OTHER Mozilla Thunderbird calendar property type confusion attempt
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.11.0.
The format of the file is:
gid:sid <-> Message
* 1:301204 <-> MALWARE-OTHER Unix.Backdoor.SpawnMole download attempt * 1:301205 <-> MALWARE-OTHER Win.Ransomware.CyberLock variant download attempt * 1:301206 <-> MALWARE-OTHER Win.Loader.Lucky_Ghost variant download attempt * 1:301207 <-> MALWARE-OTHER Win.Ransomware.Lucky_Ghost variant download attempt * 1:64884 <-> SERVER-WEBAPP PRTG Network Monitor command injection attempt * 1:64885 <-> SERVER-WEBAPP PRTG Network Monitor command injection attempt * 1:64886 <-> SERVER-WEBAPP PRTG Network Monitor command injection attempt * 1:64887 <-> SERVER-WEBAPP PRTG Network Monitor command injection attempt * 1:64888 <-> SERVER-OTHER Netwrix Auditor insecure object deserialization attempt * 1:64889 <-> POLICY-OTHER Microsoft Windows HTML Application download detected * 1:64892 <-> MALWARE-CNC Unix.Backdoor.SpawnMole outbound connection attempt * 1:64893 <-> MALWARE-CNC Unix.Backdoor.SpawnMole outbound connection attempt * 1:64894 <-> MALWARE-CNC Unix.Backdoor.SpawnMole outbound connection attempt * 1:64895 <-> SERVER-WEBAPP Langflow code validator remote code execution attempt * 1:64896 <-> MALWARE-OTHER Win.Ransomware.CyberLock variant outbound communication attempt * 3:64903 <-> PROTOCOL-OTHER TRUFFLEHUNTER TALOS-2025-2184 attack attempt * 3:64904 <-> PROTOCOL-OTHER TRUFFLEHUNTER TALOS-2025-2184 attack attempt * 3:64905 <-> PROTOCOL-OTHER TRUFFLEHUNTER TALOS-2025-2185 attack attempt
* 1:300742 <-> FILE-OTHER Mozilla Thunderbird calendar property type confusion attempt
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.15.0.
The format of the file is:
gid:sid <-> Message
* 1:301204 <-> MALWARE-OTHER Unix.Backdoor.SpawnMole download attempt * 1:301205 <-> MALWARE-OTHER Win.Ransomware.CyberLock variant download attempt * 1:301206 <-> MALWARE-OTHER Win.Loader.Lucky_Ghost variant download attempt * 1:301207 <-> MALWARE-OTHER Win.Ransomware.Lucky_Ghost variant download attempt * 1:64884 <-> SERVER-WEBAPP PRTG Network Monitor command injection attempt * 1:64885 <-> SERVER-WEBAPP PRTG Network Monitor command injection attempt * 1:64886 <-> SERVER-WEBAPP PRTG Network Monitor command injection attempt * 1:64887 <-> SERVER-WEBAPP PRTG Network Monitor command injection attempt * 1:64888 <-> SERVER-OTHER Netwrix Auditor insecure object deserialization attempt * 1:64889 <-> POLICY-OTHER Microsoft Windows HTML Application download detected * 1:64892 <-> MALWARE-CNC Unix.Backdoor.SpawnMole outbound connection attempt * 1:64893 <-> MALWARE-CNC Unix.Backdoor.SpawnMole outbound connection attempt * 1:64894 <-> MALWARE-CNC Unix.Backdoor.SpawnMole outbound connection attempt * 1:64895 <-> SERVER-WEBAPP Langflow code validator remote code execution attempt * 1:64896 <-> MALWARE-OTHER Win.Ransomware.CyberLock variant outbound communication attempt * 3:64903 <-> PROTOCOL-OTHER TRUFFLEHUNTER TALOS-2025-2184 attack attempt * 3:64904 <-> PROTOCOL-OTHER TRUFFLEHUNTER TALOS-2025-2184 attack attempt * 3:64905 <-> PROTOCOL-OTHER TRUFFLEHUNTER TALOS-2025-2185 attack attempt
* 1:300742 <-> FILE-OTHER Mozilla Thunderbird calendar property type confusion attempt
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.18.0.
The format of the file is:
gid:sid <-> Message
* 1:301204 <-> MALWARE-OTHER Unix.Backdoor.SpawnMole download attempt * 1:301205 <-> MALWARE-OTHER Win.Ransomware.CyberLock variant download attempt * 1:301206 <-> MALWARE-OTHER Win.Loader.Lucky_Ghost variant download attempt * 1:301207 <-> MALWARE-OTHER Win.Ransomware.Lucky_Ghost variant download attempt * 1:64884 <-> SERVER-WEBAPP PRTG Network Monitor command injection attempt * 1:64885 <-> SERVER-WEBAPP PRTG Network Monitor command injection attempt * 1:64886 <-> SERVER-WEBAPP PRTG Network Monitor command injection attempt * 1:64887 <-> SERVER-WEBAPP PRTG Network Monitor command injection attempt * 1:64888 <-> SERVER-OTHER Netwrix Auditor insecure object deserialization attempt * 1:64889 <-> POLICY-OTHER Microsoft Windows HTML Application download detected * 1:64892 <-> MALWARE-CNC Unix.Backdoor.SpawnMole outbound connection attempt * 1:64893 <-> MALWARE-CNC Unix.Backdoor.SpawnMole outbound connection attempt * 1:64894 <-> MALWARE-CNC Unix.Backdoor.SpawnMole outbound connection attempt * 1:64895 <-> SERVER-WEBAPP Langflow code validator remote code execution attempt * 1:64896 <-> MALWARE-OTHER Win.Ransomware.CyberLock variant outbound communication attempt * 3:64903 <-> PROTOCOL-OTHER TRUFFLEHUNTER TALOS-2025-2184 attack attempt * 3:64904 <-> PROTOCOL-OTHER TRUFFLEHUNTER TALOS-2025-2184 attack attempt * 3:64905 <-> PROTOCOL-OTHER TRUFFLEHUNTER TALOS-2025-2185 attack attempt
* 1:300742 <-> FILE-OTHER Mozilla Thunderbird calendar property type confusion attempt
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.20.0.
The format of the file is:
gid:sid <-> Message
* 1:301204 <-> MALWARE-OTHER Unix.Backdoor.SpawnMole download attempt * 1:301205 <-> MALWARE-OTHER Win.Ransomware.CyberLock variant download attempt * 1:301206 <-> MALWARE-OTHER Win.Loader.Lucky_Ghost variant download attempt * 1:301207 <-> MALWARE-OTHER Win.Ransomware.Lucky_Ghost variant download attempt * 1:64884 <-> SERVER-WEBAPP PRTG Network Monitor command injection attempt * 1:64885 <-> SERVER-WEBAPP PRTG Network Monitor command injection attempt * 1:64886 <-> SERVER-WEBAPP PRTG Network Monitor command injection attempt * 1:64887 <-> SERVER-WEBAPP PRTG Network Monitor command injection attempt * 1:64888 <-> SERVER-OTHER Netwrix Auditor insecure object deserialization attempt * 1:64889 <-> POLICY-OTHER Microsoft Windows HTML Application download detected * 1:64892 <-> MALWARE-CNC Unix.Backdoor.SpawnMole outbound connection attempt * 1:64893 <-> MALWARE-CNC Unix.Backdoor.SpawnMole outbound connection attempt * 1:64894 <-> MALWARE-CNC Unix.Backdoor.SpawnMole outbound connection attempt * 1:64895 <-> SERVER-WEBAPP Langflow code validator remote code execution attempt * 1:64896 <-> MALWARE-OTHER Win.Ransomware.CyberLock variant outbound communication attempt * 3:64903 <-> PROTOCOL-OTHER TRUFFLEHUNTER TALOS-2025-2184 attack attempt * 3:64904 <-> PROTOCOL-OTHER TRUFFLEHUNTER TALOS-2025-2184 attack attempt * 3:64905 <-> PROTOCOL-OTHER TRUFFLEHUNTER TALOS-2025-2185 attack attempt
* 1:300742 <-> FILE-OTHER Mozilla Thunderbird calendar property type confusion attempt
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.21.0.
The format of the file is:
gid:sid <-> Message
* 1:301204 <-> MALWARE-OTHER Unix.Backdoor.SpawnMole download attempt * 1:301205 <-> MALWARE-OTHER Win.Ransomware.CyberLock variant download attempt * 1:301206 <-> MALWARE-OTHER Win.Loader.Lucky_Ghost variant download attempt * 1:301207 <-> MALWARE-OTHER Win.Ransomware.Lucky_Ghost variant download attempt * 1:64884 <-> SERVER-WEBAPP PRTG Network Monitor command injection attempt * 1:64885 <-> SERVER-WEBAPP PRTG Network Monitor command injection attempt * 1:64886 <-> SERVER-WEBAPP PRTG Network Monitor command injection attempt * 1:64887 <-> SERVER-WEBAPP PRTG Network Monitor command injection attempt * 1:64888 <-> SERVER-OTHER Netwrix Auditor insecure object deserialization attempt * 1:64889 <-> POLICY-OTHER Microsoft Windows HTML Application download detected * 1:64892 <-> MALWARE-CNC Unix.Backdoor.SpawnMole outbound connection attempt * 1:64893 <-> MALWARE-CNC Unix.Backdoor.SpawnMole outbound connection attempt * 1:64894 <-> MALWARE-CNC Unix.Backdoor.SpawnMole outbound connection attempt * 1:64895 <-> SERVER-WEBAPP Langflow code validator remote code execution attempt * 1:64896 <-> MALWARE-OTHER Win.Ransomware.CyberLock variant outbound communication attempt * 3:64903 <-> PROTOCOL-OTHER TRUFFLEHUNTER TALOS-2025-2184 attack attempt * 3:64904 <-> PROTOCOL-OTHER TRUFFLEHUNTER TALOS-2025-2184 attack attempt * 3:64905 <-> PROTOCOL-OTHER TRUFFLEHUNTER TALOS-2025-2185 attack attempt
* 1:300742 <-> FILE-OTHER Mozilla Thunderbird calendar property type confusion attempt
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.35.0.
The format of the file is:
gid:sid <-> Message
* 1:301204 <-> MALWARE-OTHER Unix.Backdoor.SpawnMole download attempt * 1:301205 <-> MALWARE-OTHER Win.Ransomware.CyberLock variant download attempt * 1:301206 <-> MALWARE-OTHER Win.Loader.Lucky_Ghost variant download attempt * 1:301207 <-> MALWARE-OTHER Win.Ransomware.Lucky_Ghost variant download attempt * 1:64884 <-> SERVER-WEBAPP PRTG Network Monitor command injection attempt * 1:64885 <-> SERVER-WEBAPP PRTG Network Monitor command injection attempt * 1:64886 <-> SERVER-WEBAPP PRTG Network Monitor command injection attempt * 1:64887 <-> SERVER-WEBAPP PRTG Network Monitor command injection attempt * 1:64888 <-> SERVER-OTHER Netwrix Auditor insecure object deserialization attempt * 1:64889 <-> POLICY-OTHER Microsoft Windows HTML Application download detected * 1:64892 <-> MALWARE-CNC Unix.Backdoor.SpawnMole outbound connection attempt * 1:64893 <-> MALWARE-CNC Unix.Backdoor.SpawnMole outbound connection attempt * 1:64894 <-> MALWARE-CNC Unix.Backdoor.SpawnMole outbound connection attempt * 1:64895 <-> SERVER-WEBAPP Langflow code validator remote code execution attempt * 1:64896 <-> MALWARE-OTHER Win.Ransomware.CyberLock variant outbound communication attempt * 3:64903 <-> PROTOCOL-OTHER TRUFFLEHUNTER TALOS-2025-2184 attack attempt * 3:64904 <-> PROTOCOL-OTHER TRUFFLEHUNTER TALOS-2025-2184 attack attempt * 3:64905 <-> PROTOCOL-OTHER TRUFFLEHUNTER TALOS-2025-2185 attack attempt
* 1:300742 <-> FILE-OTHER Mozilla Thunderbird calendar property type confusion attempt
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.44.0.
The format of the file is:
gid:sid <-> Message
* 1:301204 <-> MALWARE-OTHER Unix.Backdoor.SpawnMole download attempt * 1:301205 <-> MALWARE-OTHER Win.Ransomware.CyberLock variant download attempt * 1:301206 <-> MALWARE-OTHER Win.Loader.Lucky_Ghost variant download attempt * 1:301207 <-> MALWARE-OTHER Win.Ransomware.Lucky_Ghost variant download attempt * 1:64884 <-> SERVER-WEBAPP PRTG Network Monitor command injection attempt * 1:64885 <-> SERVER-WEBAPP PRTG Network Monitor command injection attempt * 1:64886 <-> SERVER-WEBAPP PRTG Network Monitor command injection attempt * 1:64887 <-> SERVER-WEBAPP PRTG Network Monitor command injection attempt * 1:64888 <-> SERVER-OTHER Netwrix Auditor insecure object deserialization attempt * 1:64889 <-> POLICY-OTHER Microsoft Windows HTML Application download detected * 1:64892 <-> MALWARE-CNC Unix.Backdoor.SpawnMole outbound connection attempt * 1:64893 <-> MALWARE-CNC Unix.Backdoor.SpawnMole outbound connection attempt * 1:64894 <-> MALWARE-CNC Unix.Backdoor.SpawnMole outbound connection attempt * 1:64895 <-> SERVER-WEBAPP Langflow code validator remote code execution attempt * 1:64896 <-> MALWARE-OTHER Win.Ransomware.CyberLock variant outbound communication attempt * 3:64903 <-> PROTOCOL-OTHER TRUFFLEHUNTER TALOS-2025-2184 attack attempt * 3:64904 <-> PROTOCOL-OTHER TRUFFLEHUNTER TALOS-2025-2184 attack attempt * 3:64905 <-> PROTOCOL-OTHER TRUFFLEHUNTER TALOS-2025-2185 attack attempt
* 1:300742 <-> FILE-OTHER Mozilla Thunderbird calendar property type confusion attempt
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.47.0.
The format of the file is:
gid:sid <-> Message
* 1:301204 <-> MALWARE-OTHER Unix.Backdoor.SpawnMole download attempt * 1:301205 <-> MALWARE-OTHER Win.Ransomware.CyberLock variant download attempt * 1:301206 <-> MALWARE-OTHER Win.Loader.Lucky_Ghost variant download attempt * 1:301207 <-> MALWARE-OTHER Win.Ransomware.Lucky_Ghost variant download attempt * 1:64884 <-> SERVER-WEBAPP PRTG Network Monitor command injection attempt * 1:64885 <-> SERVER-WEBAPP PRTG Network Monitor command injection attempt * 1:64886 <-> SERVER-WEBAPP PRTG Network Monitor command injection attempt * 1:64887 <-> SERVER-WEBAPP PRTG Network Monitor command injection attempt * 1:64888 <-> SERVER-OTHER Netwrix Auditor insecure object deserialization attempt * 1:64889 <-> POLICY-OTHER Microsoft Windows HTML Application download detected * 1:64892 <-> MALWARE-CNC Unix.Backdoor.SpawnMole outbound connection attempt * 1:64893 <-> MALWARE-CNC Unix.Backdoor.SpawnMole outbound connection attempt * 1:64894 <-> MALWARE-CNC Unix.Backdoor.SpawnMole outbound connection attempt * 1:64895 <-> SERVER-WEBAPP Langflow code validator remote code execution attempt * 1:64896 <-> MALWARE-OTHER Win.Ransomware.CyberLock variant outbound communication attempt * 3:64903 <-> PROTOCOL-OTHER TRUFFLEHUNTER TALOS-2025-2184 attack attempt * 3:64904 <-> PROTOCOL-OTHER TRUFFLEHUNTER TALOS-2025-2184 attack attempt * 3:64905 <-> PROTOCOL-OTHER TRUFFLEHUNTER TALOS-2025-2185 attack attempt
* 1:300742 <-> FILE-OTHER Mozilla Thunderbird calendar property type confusion attempt
©2025 Cisco and/or its affiliates. Snort, the Snort and Pig logo are registered trademarks of Cisco. All rights reserved.
