Snort - Network Intrusion Detection & Prevention System

Talos Rules 2025-06-03

This release adds and modifies rules in several categories.

Talos has added and modified multiple rules in the app-detect, file-pdf, malware-cnc, malware-other, malware-tools, server-mail and server-webapp rule sets to provide coverage for emerging threats from these technologies.

For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.

Change logs

29200

2025-06-03 13:16:01 UTC

Snort Subscriber Rules Update

Date: 2025-06-03

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2092000.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:64963 <-> DISABLED <-> MALWARE-OTHER Backdoor.VBS.Janicab.A download attempt (malware-other.rules)
 * 1:64964 <-> DISABLED <-> MALWARE-OTHER Backdoor.VBS.Janicab.A download attempt (malware-other.rules)
 * 1:64965 <-> DISABLED <-> SERVER-MAIL Synacor Zimbra Collaboration Suite webmail classic stored cross-site scripting attempt (server-mail.rules)
 * 1:64966 <-> DISABLED <-> MALWARE-OTHER Trojan.Java.Jussuc.A download attempt (malware-other.rules)
 * 1:64967 <-> DISABLED <-> MALWARE-OTHER Trojan.Java.Jussuc.A download attempt (malware-other.rules)
 * 1:64968 <-> DISABLED <-> MALWARE-OTHER Backdoor.Java.Adwind.A download attempt (malware-other.rules)
 * 1:64969 <-> DISABLED <-> MALWARE-OTHER Backdoor.Java.Adwind.A download attempt (malware-other.rules)
 * 1:64970 <-> DISABLED <-> MALWARE-OTHER Worm.JS.Proslikefan.K download attempt (malware-other.rules)
 * 1:64971 <-> DISABLED <-> MALWARE-OTHER Worm.JS.Proslikefan.K download attempt (malware-other.rules)
 * 1:64972 <-> DISABLED <-> MALWARE-OTHER Trojan.Win32.Bancyn.o download attempt (malware-other.rules)
 * 1:64973 <-> DISABLED <-> MALWARE-OTHER Trojan.Win32.Bancyn.o download attempt (malware-other.rules)
 * 1:64974 <-> DISABLED <-> MALWARE-OTHER Trojan.MacOS.Kitmos.A download attempt (malware-other.rules)
 * 1:64975 <-> DISABLED <-> MALWARE-OTHER Trojan.MacOS.Kitmos.A download attempt (malware-other.rules)
 * 1:64976 <-> DISABLED <-> MALWARE-OTHER Backdoor.Java.Icefog.A download attempt (malware-other.rules)
 * 1:64977 <-> DISABLED <-> MALWARE-OTHER Backdoor.Java.Icefog.A download attempt (malware-other.rules)
 * 1:64978 <-> DISABLED <-> MALWARE-OTHER Backdoor.Java.Adwind.C download attempt (malware-other.rules)
 * 1:64979 <-> DISABLED <-> MALWARE-OTHER Backdoor.Java.Adwind.C download attempt (malware-other.rules)
 * 1:64980 <-> DISABLED <-> MALWARE-OTHER Trojan.MacOS.LaoShu.A download attempt (malware-other.rules)
 * 1:64981 <-> DISABLED <-> MALWARE-OTHER Trojan.MacOS.LaoShu.A download attempt (malware-other.rules)
 * 1:64982 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt (malware-cnc.rules)
 * 1:64983 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt (malware-cnc.rules)
 * 1:64984 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt (malware-cnc.rules)
 * 1:64985 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt (malware-cnc.rules)
 * 1:64986 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt (malware-cnc.rules)
 * 1:64987 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt (malware-cnc.rules)
 * 1:64988 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt (malware-cnc.rules)
 * 1:64989 <-> DISABLED <-> MALWARE-OTHER Win.Loader.Stealc variant download attempt (malware-other.rules)
 * 1:64990 <-> DISABLED <-> MALWARE-OTHER Win.Loader.Stealc variant download attempt (malware-other.rules)
 * 1:64991 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Stealc variant outbound connection attempt (malware-cnc.rules)
 * 1:64992 <-> DISABLED <-> MALWARE-OTHER Backdoor.PHP.Pbot.A download attempt (malware-other.rules)
 * 1:64993 <-> DISABLED <-> MALWARE-OTHER Backdoor.PHP.Pbot.A download attempt (malware-other.rules)
 * 1:64994 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt (malware-cnc.rules)
 * 1:64995 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt (malware-cnc.rules)
 * 1:64996 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt (malware-cnc.rules)
 * 1:64997 <-> DISABLED <-> MALWARE-OTHER Trojan.Shell.Popkiomth.A download attempt (malware-other.rules)
 * 1:64998 <-> DISABLED <-> MALWARE-OTHER Trojan.Shell.Popkiomth.A download attempt (malware-other.rules)
 * 1:64999 <-> DISABLED <-> MALWARE-OTHER Worm.VBS.Iniduoh.B download attempt (malware-other.rules)
 * 1:65000 <-> DISABLED <-> MALWARE-OTHER Worm.VBS.Iniduoh.B download attempt (malware-other.rules)
 * 1:65001 <-> DISABLED <-> MALWARE-OTHER Backdoor.Shell.Sharpstats.A download attempt (malware-other.rules)
 * 1:65002 <-> DISABLED <-> MALWARE-OTHER Backdoor.Shell.Sharpstats.A download attempt (malware-other.rules)
 * 1:65003 <-> DISABLED <-> MALWARE-OTHER Trojan-Downloader.JS.Ofauthin.A download attempt (malware-other.rules)
 * 1:65004 <-> DISABLED <-> MALWARE-OTHER Trojan-Downloader.JS.Ofauthin.A download attempt (malware-other.rules)
 * 1:65005 <-> DISABLED <-> MALWARE-OTHER Trojan.Shell.Rennosmud.A download attempt (malware-other.rules)
 * 1:65006 <-> DISABLED <-> MALWARE-OTHER Trojan.Shell.Rennosmud.A download attempt (malware-other.rules)
 * 1:65007 <-> DISABLED <-> MALWARE-OTHER Trojan.Shell.Powerstats.A download attempt (malware-other.rules)
 * 1:65008 <-> DISABLED <-> MALWARE-OTHER Trojan.Shell.Powerstats.A download attempt (malware-other.rules)
 * 1:65009 <-> DISABLED <-> MALWARE-OTHER Trojan.Win32.LockScreen.apr download attempt (malware-other.rules)
 * 1:65010 <-> DISABLED <-> MALWARE-OTHER Trojan.Win32.LockScreen.apr download attempt (malware-other.rules)
 * 3:65011 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2025-2202 attack attempt (file-pdf.rules)
 * 3:65012 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2025-2202 attack attempt (file-pdf.rules)
 * 3:65013 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2025-2193 attack attempt (server-webapp.rules)

Modified Rules:


 * 1:60114 <-> DISABLED <-> SERVER-WEBAPP SAP NetWeaver directory traversal attempt (server-webapp.rules)
 * 1:64788 <-> ENABLED <-> SERVER-OTHER Erlang/OTP SSH potential remote code execution attempt (server-other.rules)
 * 1:50479 <-> ENABLED <-> MALWARE-TOOLS Win.Trojan.CoinMiner dropper transfer attempt (malware-tools.rules)
 * 1:64941 <-> DISABLED <-> SERVER-WEBAPP Yiiframework Yii 2 arbitrary behavior injection attempt (server-webapp.rules)
 * 1:50478 <-> ENABLED <-> MALWARE-TOOLS Win.Trojan.CoinMiner dropper transfer attempt (malware-tools.rules)
 * 1:60112 <-> DISABLED <-> SERVER-WEBAPP SAP NetWeaver directory traversal attempt (server-webapp.rules)
 * 1:64789 <-> DISABLED <-> APP-DETECT Erlang/OTP SSH server detected (app-detect.rules)

29190

2025-06-03 13:16:01 UTC

Snort Subscriber Rules Update

Date: 2025-06-03

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2091900.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:65009 <-> DISABLED <-> MALWARE-OTHER Trojan.Win32.LockScreen.apr download attempt (malware-other.rules)
 * 1:65008 <-> DISABLED <-> MALWARE-OTHER Trojan.Shell.Powerstats.A download attempt (malware-other.rules)
 * 1:65010 <-> DISABLED <-> MALWARE-OTHER Trojan.Win32.LockScreen.apr download attempt (malware-other.rules)
 * 1:64969 <-> DISABLED <-> MALWARE-OTHER Backdoor.Java.Adwind.A download attempt (malware-other.rules)
 * 1:64970 <-> DISABLED <-> MALWARE-OTHER Worm.JS.Proslikefan.K download attempt (malware-other.rules)
 * 1:64971 <-> DISABLED <-> MALWARE-OTHER Worm.JS.Proslikefan.K download attempt (malware-other.rules)
 * 1:64972 <-> DISABLED <-> MALWARE-OTHER Trojan.Win32.Bancyn.o download attempt (malware-other.rules)
 * 1:64973 <-> DISABLED <-> MALWARE-OTHER Trojan.Win32.Bancyn.o download attempt (malware-other.rules)
 * 1:64974 <-> DISABLED <-> MALWARE-OTHER Trojan.MacOS.Kitmos.A download attempt (malware-other.rules)
 * 1:64975 <-> DISABLED <-> MALWARE-OTHER Trojan.MacOS.Kitmos.A download attempt (malware-other.rules)
 * 1:64976 <-> DISABLED <-> MALWARE-OTHER Backdoor.Java.Icefog.A download attempt (malware-other.rules)
 * 1:64977 <-> DISABLED <-> MALWARE-OTHER Backdoor.Java.Icefog.A download attempt (malware-other.rules)
 * 1:64978 <-> DISABLED <-> MALWARE-OTHER Backdoor.Java.Adwind.C download attempt (malware-other.rules)
 * 1:64979 <-> DISABLED <-> MALWARE-OTHER Backdoor.Java.Adwind.C download attempt (malware-other.rules)
 * 1:64980 <-> DISABLED <-> MALWARE-OTHER Trojan.MacOS.LaoShu.A download attempt (malware-other.rules)
 * 1:64981 <-> DISABLED <-> MALWARE-OTHER Trojan.MacOS.LaoShu.A download attempt (malware-other.rules)
 * 1:64982 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt (malware-cnc.rules)
 * 1:64983 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt (malware-cnc.rules)
 * 1:64984 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt (malware-cnc.rules)
 * 1:64985 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt (malware-cnc.rules)
 * 1:64986 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt (malware-cnc.rules)
 * 1:64987 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt (malware-cnc.rules)
 * 1:64988 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt (malware-cnc.rules)
 * 1:64989 <-> DISABLED <-> MALWARE-OTHER Win.Loader.Stealc variant download attempt (malware-other.rules)
 * 1:64990 <-> DISABLED <-> MALWARE-OTHER Win.Loader.Stealc variant download attempt (malware-other.rules)
 * 1:64991 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Stealc variant outbound connection attempt (malware-cnc.rules)
 * 1:64992 <-> DISABLED <-> MALWARE-OTHER Backdoor.PHP.Pbot.A download attempt (malware-other.rules)
 * 1:64993 <-> DISABLED <-> MALWARE-OTHER Backdoor.PHP.Pbot.A download attempt (malware-other.rules)
 * 1:64994 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt (malware-cnc.rules)
 * 1:64995 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt (malware-cnc.rules)
 * 1:64999 <-> DISABLED <-> MALWARE-OTHER Worm.VBS.Iniduoh.B download attempt (malware-other.rules)
 * 1:64998 <-> DISABLED <-> MALWARE-OTHER Trojan.Shell.Popkiomth.A download attempt (malware-other.rules)
 * 1:65000 <-> DISABLED <-> MALWARE-OTHER Worm.VBS.Iniduoh.B download attempt (malware-other.rules)
 * 1:65001 <-> DISABLED <-> MALWARE-OTHER Backdoor.Shell.Sharpstats.A download attempt (malware-other.rules)
 * 1:65002 <-> DISABLED <-> MALWARE-OTHER Backdoor.Shell.Sharpstats.A download attempt (malware-other.rules)
 * 1:65003 <-> DISABLED <-> MALWARE-OTHER Trojan-Downloader.JS.Ofauthin.A download attempt (malware-other.rules)
 * 1:65004 <-> DISABLED <-> MALWARE-OTHER Trojan-Downloader.JS.Ofauthin.A download attempt (malware-other.rules)
 * 1:65005 <-> DISABLED <-> MALWARE-OTHER Trojan.Shell.Rennosmud.A download attempt (malware-other.rules)
 * 1:65006 <-> DISABLED <-> MALWARE-OTHER Trojan.Shell.Rennosmud.A download attempt (malware-other.rules)
 * 1:65007 <-> DISABLED <-> MALWARE-OTHER Trojan.Shell.Powerstats.A download attempt (malware-other.rules)
 * 1:64997 <-> DISABLED <-> MALWARE-OTHER Trojan.Shell.Popkiomth.A download attempt (malware-other.rules)
 * 1:64963 <-> DISABLED <-> MALWARE-OTHER Backdoor.VBS.Janicab.A download attempt (malware-other.rules)
 * 1:64964 <-> DISABLED <-> MALWARE-OTHER Backdoor.VBS.Janicab.A download attempt (malware-other.rules)
 * 1:64966 <-> DISABLED <-> MALWARE-OTHER Trojan.Java.Jussuc.A download attempt (malware-other.rules)
 * 1:64965 <-> DISABLED <-> SERVER-MAIL Synacor Zimbra Collaboration Suite webmail classic stored cross-site scripting attempt (server-mail.rules)
 * 1:64968 <-> DISABLED <-> MALWARE-OTHER Backdoor.Java.Adwind.A download attempt (malware-other.rules)
 * 1:64967 <-> DISABLED <-> MALWARE-OTHER Trojan.Java.Jussuc.A download attempt (malware-other.rules)
 * 1:64996 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt (malware-cnc.rules)
 * 3:65011 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2025-2202 attack attempt (file-pdf.rules)
 * 3:65012 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2025-2202 attack attempt (file-pdf.rules)
 * 3:65013 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2025-2193 attack attempt (server-webapp.rules)

Modified Rules:


 * 1:60114 <-> DISABLED <-> SERVER-WEBAPP SAP NetWeaver directory traversal attempt (server-webapp.rules)
 * 1:60112 <-> DISABLED <-> SERVER-WEBAPP SAP NetWeaver directory traversal attempt (server-webapp.rules)
 * 1:64789 <-> DISABLED <-> APP-DETECT Erlang/OTP SSH server detected (app-detect.rules)
 * 1:50479 <-> ENABLED <-> MALWARE-TOOLS Win.Trojan.CoinMiner dropper transfer attempt (malware-tools.rules)
 * 1:64941 <-> DISABLED <-> SERVER-WEBAPP Yiiframework Yii 2 arbitrary behavior injection attempt (server-webapp.rules)
 * 1:50478 <-> ENABLED <-> MALWARE-TOOLS Win.Trojan.CoinMiner dropper transfer attempt (malware-tools.rules)
 * 1:64788 <-> ENABLED <-> SERVER-OTHER Erlang/OTP SSH potential remote code execution attempt (server-other.rules)

29181

2025-06-03 13:16:01 UTC

Snort Subscriber Rules Update

Date: 2025-06-03

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2091801.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:64967 <-> DISABLED <-> MALWARE-OTHER Trojan.Java.Jussuc.A download attempt (malware-other.rules)
 * 1:64995 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt (malware-cnc.rules)
 * 1:64966 <-> DISABLED <-> MALWARE-OTHER Trojan.Java.Jussuc.A download attempt (malware-other.rules)
 * 1:65003 <-> DISABLED <-> MALWARE-OTHER Trojan-Downloader.JS.Ofauthin.A download attempt (malware-other.rules)
 * 1:65004 <-> DISABLED <-> MALWARE-OTHER Trojan-Downloader.JS.Ofauthin.A download attempt (malware-other.rules)
 * 1:65005 <-> DISABLED <-> MALWARE-OTHER Trojan.Shell.Rennosmud.A download attempt (malware-other.rules)
 * 1:65006 <-> DISABLED <-> MALWARE-OTHER Trojan.Shell.Rennosmud.A download attempt (malware-other.rules)
 * 1:65007 <-> DISABLED <-> MALWARE-OTHER Trojan.Shell.Powerstats.A download attempt (malware-other.rules)
 * 1:65008 <-> DISABLED <-> MALWARE-OTHER Trojan.Shell.Powerstats.A download attempt (malware-other.rules)
 * 1:65009 <-> DISABLED <-> MALWARE-OTHER Trojan.Win32.LockScreen.apr download attempt (malware-other.rules)
 * 1:65010 <-> DISABLED <-> MALWARE-OTHER Trojan.Win32.LockScreen.apr download attempt (malware-other.rules)
 * 1:64996 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt (malware-cnc.rules)
 * 1:64997 <-> DISABLED <-> MALWARE-OTHER Trojan.Shell.Popkiomth.A download attempt (malware-other.rules)
 * 1:64999 <-> DISABLED <-> MALWARE-OTHER Worm.VBS.Iniduoh.B download attempt (malware-other.rules)
 * 1:64998 <-> DISABLED <-> MALWARE-OTHER Trojan.Shell.Popkiomth.A download attempt (malware-other.rules)
 * 1:65000 <-> DISABLED <-> MALWARE-OTHER Worm.VBS.Iniduoh.B download attempt (malware-other.rules)
 * 1:65002 <-> DISABLED <-> MALWARE-OTHER Backdoor.Shell.Sharpstats.A download attempt (malware-other.rules)
 * 1:64964 <-> DISABLED <-> MALWARE-OTHER Backdoor.VBS.Janicab.A download attempt (malware-other.rules)
 * 1:64985 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt (malware-cnc.rules)
 * 1:64987 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt (malware-cnc.rules)
 * 1:64986 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt (malware-cnc.rules)
 * 1:64988 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt (malware-cnc.rules)
 * 1:64989 <-> DISABLED <-> MALWARE-OTHER Win.Loader.Stealc variant download attempt (malware-other.rules)
 * 1:64990 <-> DISABLED <-> MALWARE-OTHER Win.Loader.Stealc variant download attempt (malware-other.rules)
 * 1:64991 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Stealc variant outbound connection attempt (malware-cnc.rules)
 * 1:64992 <-> DISABLED <-> MALWARE-OTHER Backdoor.PHP.Pbot.A download attempt (malware-other.rules)
 * 1:64993 <-> DISABLED <-> MALWARE-OTHER Backdoor.PHP.Pbot.A download attempt (malware-other.rules)
 * 1:64994 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt (malware-cnc.rules)
 * 1:64963 <-> DISABLED <-> MALWARE-OTHER Backdoor.VBS.Janicab.A download attempt (malware-other.rules)
 * 1:64968 <-> DISABLED <-> MALWARE-OTHER Backdoor.Java.Adwind.A download attempt (malware-other.rules)
 * 1:64970 <-> DISABLED <-> MALWARE-OTHER Worm.JS.Proslikefan.K download attempt (malware-other.rules)
 * 1:64969 <-> DISABLED <-> MALWARE-OTHER Backdoor.Java.Adwind.A download attempt (malware-other.rules)
 * 1:64972 <-> DISABLED <-> MALWARE-OTHER Trojan.Win32.Bancyn.o download attempt (malware-other.rules)
 * 1:64971 <-> DISABLED <-> MALWARE-OTHER Worm.JS.Proslikefan.K download attempt (malware-other.rules)
 * 1:64973 <-> DISABLED <-> MALWARE-OTHER Trojan.Win32.Bancyn.o download attempt (malware-other.rules)
 * 1:64965 <-> DISABLED <-> SERVER-MAIL Synacor Zimbra Collaboration Suite webmail classic stored cross-site scripting attempt (server-mail.rules)
 * 1:64975 <-> DISABLED <-> MALWARE-OTHER Trojan.MacOS.Kitmos.A download attempt (malware-other.rules)
 * 1:64974 <-> DISABLED <-> MALWARE-OTHER Trojan.MacOS.Kitmos.A download attempt (malware-other.rules)
 * 1:64977 <-> DISABLED <-> MALWARE-OTHER Backdoor.Java.Icefog.A download attempt (malware-other.rules)
 * 1:64976 <-> DISABLED <-> MALWARE-OTHER Backdoor.Java.Icefog.A download attempt (malware-other.rules)
 * 1:64979 <-> DISABLED <-> MALWARE-OTHER Backdoor.Java.Adwind.C download attempt (malware-other.rules)
 * 1:64978 <-> DISABLED <-> MALWARE-OTHER Backdoor.Java.Adwind.C download attempt (malware-other.rules)
 * 1:64981 <-> DISABLED <-> MALWARE-OTHER Trojan.MacOS.LaoShu.A download attempt (malware-other.rules)
 * 1:64980 <-> DISABLED <-> MALWARE-OTHER Trojan.MacOS.LaoShu.A download attempt (malware-other.rules)
 * 1:64983 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt (malware-cnc.rules)
 * 1:64982 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt (malware-cnc.rules)
 * 1:64984 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt (malware-cnc.rules)
 * 1:65001 <-> DISABLED <-> MALWARE-OTHER Backdoor.Shell.Sharpstats.A download attempt (malware-other.rules)
 * 3:65011 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2025-2202 attack attempt (file-pdf.rules)
 * 3:65012 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2025-2202 attack attempt (file-pdf.rules)
 * 3:65013 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2025-2193 attack attempt (server-webapp.rules)

Modified Rules:


 * 1:60112 <-> DISABLED <-> SERVER-WEBAPP SAP NetWeaver directory traversal attempt (server-webapp.rules)
 * 1:50479 <-> ENABLED <-> MALWARE-TOOLS Win.Trojan.CoinMiner dropper transfer attempt (malware-tools.rules)
 * 1:64788 <-> ENABLED <-> SERVER-OTHER Erlang/OTP SSH potential remote code execution attempt (server-other.rules)
 * 1:60114 <-> DISABLED <-> SERVER-WEBAPP SAP NetWeaver directory traversal attempt (server-webapp.rules)
 * 1:64941 <-> DISABLED <-> SERVER-WEBAPP Yiiframework Yii 2 arbitrary behavior injection attempt (server-webapp.rules)
 * 1:64789 <-> DISABLED <-> APP-DETECT Erlang/OTP SSH server detected (app-detect.rules)
 * 1:50478 <-> ENABLED <-> MALWARE-TOOLS Win.Trojan.CoinMiner dropper transfer attempt (malware-tools.rules)

29171

2025-06-03 13:16:01 UTC

Snort Subscriber Rules Update

Date: 2025-06-03

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2091701.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:65005 <-> DISABLED <-> MALWARE-OTHER Trojan.Shell.Rennosmud.A download attempt (malware-other.rules)
 * 1:65010 <-> DISABLED <-> MALWARE-OTHER Trojan.Win32.LockScreen.apr download attempt (malware-other.rules)
 * 1:64999 <-> DISABLED <-> MALWARE-OTHER Worm.VBS.Iniduoh.B download attempt (malware-other.rules)
 * 1:64970 <-> DISABLED <-> MALWARE-OTHER Worm.JS.Proslikefan.K download attempt (malware-other.rules)
 * 1:64998 <-> DISABLED <-> MALWARE-OTHER Trojan.Shell.Popkiomth.A download attempt (malware-other.rules)
 * 1:65007 <-> DISABLED <-> MALWARE-OTHER Trojan.Shell.Powerstats.A download attempt (malware-other.rules)
 * 1:64964 <-> DISABLED <-> MALWARE-OTHER Backdoor.VBS.Janicab.A download attempt (malware-other.rules)
 * 1:65003 <-> DISABLED <-> MALWARE-OTHER Trojan-Downloader.JS.Ofauthin.A download attempt (malware-other.rules)
 * 1:65001 <-> DISABLED <-> MALWARE-OTHER Backdoor.Shell.Sharpstats.A download attempt (malware-other.rules)
 * 1:65006 <-> DISABLED <-> MALWARE-OTHER Trojan.Shell.Rennosmud.A download attempt (malware-other.rules)
 * 1:65009 <-> DISABLED <-> MALWARE-OTHER Trojan.Win32.LockScreen.apr download attempt (malware-other.rules)
 * 1:65008 <-> DISABLED <-> MALWARE-OTHER Trojan.Shell.Powerstats.A download attempt (malware-other.rules)
 * 1:65000 <-> DISABLED <-> MALWARE-OTHER Worm.VBS.Iniduoh.B download attempt (malware-other.rules)
 * 1:65002 <-> DISABLED <-> MALWARE-OTHER Backdoor.Shell.Sharpstats.A download attempt (malware-other.rules)
 * 1:65004 <-> DISABLED <-> MALWARE-OTHER Trojan-Downloader.JS.Ofauthin.A download attempt (malware-other.rules)
 * 1:64963 <-> DISABLED <-> MALWARE-OTHER Backdoor.VBS.Janicab.A download attempt (malware-other.rules)
 * 1:64972 <-> DISABLED <-> MALWARE-OTHER Trojan.Win32.Bancyn.o download attempt (malware-other.rules)
 * 1:64974 <-> DISABLED <-> MALWARE-OTHER Trojan.MacOS.Kitmos.A download attempt (malware-other.rules)
 * 1:64971 <-> DISABLED <-> MALWARE-OTHER Worm.JS.Proslikefan.K download attempt (malware-other.rules)
 * 1:64975 <-> DISABLED <-> MALWARE-OTHER Trojan.MacOS.Kitmos.A download attempt (malware-other.rules)
 * 1:64973 <-> DISABLED <-> MALWARE-OTHER Trojan.Win32.Bancyn.o download attempt (malware-other.rules)
 * 1:64976 <-> DISABLED <-> MALWARE-OTHER Backdoor.Java.Icefog.A download attempt (malware-other.rules)
 * 1:64979 <-> DISABLED <-> MALWARE-OTHER Backdoor.Java.Adwind.C download attempt (malware-other.rules)
 * 1:64978 <-> DISABLED <-> MALWARE-OTHER Backdoor.Java.Adwind.C download attempt (malware-other.rules)
 * 1:64977 <-> DISABLED <-> MALWARE-OTHER Backdoor.Java.Icefog.A download attempt (malware-other.rules)
 * 1:64980 <-> DISABLED <-> MALWARE-OTHER Trojan.MacOS.LaoShu.A download attempt (malware-other.rules)
 * 1:64983 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt (malware-cnc.rules)
 * 1:64982 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt (malware-cnc.rules)
 * 1:64984 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt (malware-cnc.rules)
 * 1:64986 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt (malware-cnc.rules)
 * 1:64981 <-> DISABLED <-> MALWARE-OTHER Trojan.MacOS.LaoShu.A download attempt (malware-other.rules)
 * 1:64988 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt (malware-cnc.rules)
 * 1:64987 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt (malware-cnc.rules)
 * 1:64990 <-> DISABLED <-> MALWARE-OTHER Win.Loader.Stealc variant download attempt (malware-other.rules)
 * 1:64985 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt (malware-cnc.rules)
 * 1:64992 <-> DISABLED <-> MALWARE-OTHER Backdoor.PHP.Pbot.A download attempt (malware-other.rules)
 * 1:64991 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Stealc variant outbound connection attempt (malware-cnc.rules)
 * 1:64989 <-> DISABLED <-> MALWARE-OTHER Win.Loader.Stealc variant download attempt (malware-other.rules)
 * 1:64994 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt (malware-cnc.rules)
 * 1:64993 <-> DISABLED <-> MALWARE-OTHER Backdoor.PHP.Pbot.A download attempt (malware-other.rules)
 * 1:64996 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt (malware-cnc.rules)
 * 1:64995 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt (malware-cnc.rules)
 * 1:64997 <-> DISABLED <-> MALWARE-OTHER Trojan.Shell.Popkiomth.A download attempt (malware-other.rules)
 * 1:64966 <-> DISABLED <-> MALWARE-OTHER Trojan.Java.Jussuc.A download attempt (malware-other.rules)
 * 1:64965 <-> DISABLED <-> SERVER-MAIL Synacor Zimbra Collaboration Suite webmail classic stored cross-site scripting attempt (server-mail.rules)
 * 1:64967 <-> DISABLED <-> MALWARE-OTHER Trojan.Java.Jussuc.A download attempt (malware-other.rules)
 * 1:64968 <-> DISABLED <-> MALWARE-OTHER Backdoor.Java.Adwind.A download attempt (malware-other.rules)
 * 1:64969 <-> DISABLED <-> MALWARE-OTHER Backdoor.Java.Adwind.A download attempt (malware-other.rules)
 * 3:65011 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2025-2202 attack attempt (file-pdf.rules)
 * 3:65012 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2025-2202 attack attempt (file-pdf.rules)
 * 3:65013 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2025-2193 attack attempt (server-webapp.rules)

Modified Rules:


 * 1:50479 <-> ENABLED <-> MALWARE-TOOLS Win.Trojan.CoinMiner dropper transfer attempt (malware-tools.rules)
 * 1:64788 <-> ENABLED <-> SERVER-OTHER Erlang/OTP SSH potential remote code execution attempt (server-other.rules)
 * 1:60112 <-> DISABLED <-> SERVER-WEBAPP SAP NetWeaver directory traversal attempt (server-webapp.rules)
 * 1:60114 <-> DISABLED <-> SERVER-WEBAPP SAP NetWeaver directory traversal attempt (server-webapp.rules)
 * 1:64941 <-> DISABLED <-> SERVER-WEBAPP Yiiframework Yii 2 arbitrary behavior injection attempt (server-webapp.rules)
 * 1:64789 <-> DISABLED <-> APP-DETECT Erlang/OTP SSH server detected (app-detect.rules)
 * 1:50478 <-> ENABLED <-> MALWARE-TOOLS Win.Trojan.CoinMiner dropper transfer attempt (malware-tools.rules)

29170

2025-06-03 13:16:01 UTC

Snort Subscriber Rules Update

Date: 2025-06-03

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2091700.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:65002 <-> DISABLED <-> MALWARE-OTHER Backdoor.Shell.Sharpstats.A download attempt (malware-other.rules)
 * 1:64969 <-> DISABLED <-> MALWARE-OTHER Backdoor.Java.Adwind.A download attempt (malware-other.rules)
 * 1:65008 <-> DISABLED <-> MALWARE-OTHER Trojan.Shell.Powerstats.A download attempt (malware-other.rules)
 * 1:64967 <-> DISABLED <-> MALWARE-OTHER Trojan.Java.Jussuc.A download attempt (malware-other.rules)
 * 1:65004 <-> DISABLED <-> MALWARE-OTHER Trojan-Downloader.JS.Ofauthin.A download attempt (malware-other.rules)
 * 1:65001 <-> DISABLED <-> MALWARE-OTHER Backdoor.Shell.Sharpstats.A download attempt (malware-other.rules)
 * 1:65000 <-> DISABLED <-> MALWARE-OTHER Worm.VBS.Iniduoh.B download attempt (malware-other.rules)
 * 1:65010 <-> DISABLED <-> MALWARE-OTHER Trojan.Win32.LockScreen.apr download attempt (malware-other.rules)
 * 1:64966 <-> DISABLED <-> MALWARE-OTHER Trojan.Java.Jussuc.A download attempt (malware-other.rules)
 * 1:64970 <-> DISABLED <-> MALWARE-OTHER Worm.JS.Proslikefan.K download attempt (malware-other.rules)
 * 1:64968 <-> DISABLED <-> MALWARE-OTHER Backdoor.Java.Adwind.A download attempt (malware-other.rules)
 * 1:64963 <-> DISABLED <-> MALWARE-OTHER Backdoor.VBS.Janicab.A download attempt (malware-other.rules)
 * 1:65005 <-> DISABLED <-> MALWARE-OTHER Trojan.Shell.Rennosmud.A download attempt (malware-other.rules)
 * 1:65003 <-> DISABLED <-> MALWARE-OTHER Trojan-Downloader.JS.Ofauthin.A download attempt (malware-other.rules)
 * 1:65006 <-> DISABLED <-> MALWARE-OTHER Trojan.Shell.Rennosmud.A download attempt (malware-other.rules)
 * 1:64971 <-> DISABLED <-> MALWARE-OTHER Worm.JS.Proslikefan.K download attempt (malware-other.rules)
 * 1:64965 <-> DISABLED <-> SERVER-MAIL Synacor Zimbra Collaboration Suite webmail classic stored cross-site scripting attempt (server-mail.rules)
 * 1:64964 <-> DISABLED <-> MALWARE-OTHER Backdoor.VBS.Janicab.A download attempt (malware-other.rules)
 * 1:64972 <-> DISABLED <-> MALWARE-OTHER Trojan.Win32.Bancyn.o download attempt (malware-other.rules)
 * 1:64973 <-> DISABLED <-> MALWARE-OTHER Trojan.Win32.Bancyn.o download attempt (malware-other.rules)
 * 1:64974 <-> DISABLED <-> MALWARE-OTHER Trojan.MacOS.Kitmos.A download attempt (malware-other.rules)
 * 1:64975 <-> DISABLED <-> MALWARE-OTHER Trojan.MacOS.Kitmos.A download attempt (malware-other.rules)
 * 1:64976 <-> DISABLED <-> MALWARE-OTHER Backdoor.Java.Icefog.A download attempt (malware-other.rules)
 * 1:64977 <-> DISABLED <-> MALWARE-OTHER Backdoor.Java.Icefog.A download attempt (malware-other.rules)
 * 1:64978 <-> DISABLED <-> MALWARE-OTHER Backdoor.Java.Adwind.C download attempt (malware-other.rules)
 * 1:64979 <-> DISABLED <-> MALWARE-OTHER Backdoor.Java.Adwind.C download attempt (malware-other.rules)
 * 1:64980 <-> DISABLED <-> MALWARE-OTHER Trojan.MacOS.LaoShu.A download attempt (malware-other.rules)
 * 1:64981 <-> DISABLED <-> MALWARE-OTHER Trojan.MacOS.LaoShu.A download attempt (malware-other.rules)
 * 1:64982 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt (malware-cnc.rules)
 * 1:64983 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt (malware-cnc.rules)
 * 1:64984 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt (malware-cnc.rules)
 * 1:64985 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt (malware-cnc.rules)
 * 1:64986 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt (malware-cnc.rules)
 * 1:64987 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt (malware-cnc.rules)
 * 1:64988 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt (malware-cnc.rules)
 * 1:64989 <-> DISABLED <-> MALWARE-OTHER Win.Loader.Stealc variant download attempt (malware-other.rules)
 * 1:64990 <-> DISABLED <-> MALWARE-OTHER Win.Loader.Stealc variant download attempt (malware-other.rules)
 * 1:64991 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Stealc variant outbound connection attempt (malware-cnc.rules)
 * 1:64992 <-> DISABLED <-> MALWARE-OTHER Backdoor.PHP.Pbot.A download attempt (malware-other.rules)
 * 1:64993 <-> DISABLED <-> MALWARE-OTHER Backdoor.PHP.Pbot.A download attempt (malware-other.rules)
 * 1:64994 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt (malware-cnc.rules)
 * 1:64995 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt (malware-cnc.rules)
 * 1:64999 <-> DISABLED <-> MALWARE-OTHER Worm.VBS.Iniduoh.B download attempt (malware-other.rules)
 * 1:65009 <-> DISABLED <-> MALWARE-OTHER Trojan.Win32.LockScreen.apr download attempt (malware-other.rules)
 * 1:65007 <-> DISABLED <-> MALWARE-OTHER Trojan.Shell.Powerstats.A download attempt (malware-other.rules)
 * 1:64996 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt (malware-cnc.rules)
 * 1:64997 <-> DISABLED <-> MALWARE-OTHER Trojan.Shell.Popkiomth.A download attempt (malware-other.rules)
 * 1:64998 <-> DISABLED <-> MALWARE-OTHER Trojan.Shell.Popkiomth.A download attempt (malware-other.rules)
 * 3:65011 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2025-2202 attack attempt (file-pdf.rules)
 * 3:65012 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2025-2202 attack attempt (file-pdf.rules)
 * 3:65013 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2025-2193 attack attempt (server-webapp.rules)

Modified Rules:


 * 1:50479 <-> ENABLED <-> MALWARE-TOOLS Win.Trojan.CoinMiner dropper transfer attempt (malware-tools.rules)
 * 1:60114 <-> DISABLED <-> SERVER-WEBAPP SAP NetWeaver directory traversal attempt (server-webapp.rules)
 * 1:64789 <-> DISABLED <-> APP-DETECT Erlang/OTP SSH server detected (app-detect.rules)
 * 1:64788 <-> ENABLED <-> SERVER-OTHER Erlang/OTP SSH potential remote code execution attempt (server-other.rules)
 * 1:60112 <-> DISABLED <-> SERVER-WEBAPP SAP NetWeaver directory traversal attempt (server-webapp.rules)
 * 1:64941 <-> DISABLED <-> SERVER-WEBAPP Yiiframework Yii 2 arbitrary behavior injection attempt (server-webapp.rules)
 * 1:50478 <-> ENABLED <-> MALWARE-TOOLS Win.Trojan.CoinMiner dropper transfer attempt (malware-tools.rules)

29161

2025-06-03 13:16:02 UTC

Snort Subscriber Rules Update

Date: 2025-06-03

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2091601.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:64971 <-> DISABLED <-> MALWARE-OTHER Worm.JS.Proslikefan.K download attempt (malware-other.rules)
 * 1:65009 <-> DISABLED <-> MALWARE-OTHER Trojan.Win32.LockScreen.apr download attempt (malware-other.rules)
 * 1:65003 <-> DISABLED <-> MALWARE-OTHER Trojan-Downloader.JS.Ofauthin.A download attempt (malware-other.rules)
 * 1:64970 <-> DISABLED <-> MALWARE-OTHER Worm.JS.Proslikefan.K download attempt (malware-other.rules)
 * 1:65008 <-> DISABLED <-> MALWARE-OTHER Trojan.Shell.Powerstats.A download attempt (malware-other.rules)
 * 1:64963 <-> DISABLED <-> MALWARE-OTHER Backdoor.VBS.Janicab.A download attempt (malware-other.rules)
 * 1:64966 <-> DISABLED <-> MALWARE-OTHER Trojan.Java.Jussuc.A download attempt (malware-other.rules)
 * 1:64965 <-> DISABLED <-> SERVER-MAIL Synacor Zimbra Collaboration Suite webmail classic stored cross-site scripting attempt (server-mail.rules)
 * 1:64964 <-> DISABLED <-> MALWARE-OTHER Backdoor.VBS.Janicab.A download attempt (malware-other.rules)
 * 1:65004 <-> DISABLED <-> MALWARE-OTHER Trojan-Downloader.JS.Ofauthin.A download attempt (malware-other.rules)
 * 1:64969 <-> DISABLED <-> MALWARE-OTHER Backdoor.Java.Adwind.A download attempt (malware-other.rules)
 * 1:65006 <-> DISABLED <-> MALWARE-OTHER Trojan.Shell.Rennosmud.A download attempt (malware-other.rules)
 * 1:64968 <-> DISABLED <-> MALWARE-OTHER Backdoor.Java.Adwind.A download attempt (malware-other.rules)
 * 1:64967 <-> DISABLED <-> MALWARE-OTHER Trojan.Java.Jussuc.A download attempt (malware-other.rules)
 * 1:65002 <-> DISABLED <-> MALWARE-OTHER Backdoor.Shell.Sharpstats.A download attempt (malware-other.rules)
 * 1:64975 <-> DISABLED <-> MALWARE-OTHER Trojan.MacOS.Kitmos.A download attempt (malware-other.rules)
 * 1:65010 <-> DISABLED <-> MALWARE-OTHER Trojan.Win32.LockScreen.apr download attempt (malware-other.rules)
 * 1:65005 <-> DISABLED <-> MALWARE-OTHER Trojan.Shell.Rennosmud.A download attempt (malware-other.rules)
 * 1:64976 <-> DISABLED <-> MALWARE-OTHER Backdoor.Java.Icefog.A download attempt (malware-other.rules)
 * 1:64977 <-> DISABLED <-> MALWARE-OTHER Backdoor.Java.Icefog.A download attempt (malware-other.rules)
 * 1:64978 <-> DISABLED <-> MALWARE-OTHER Backdoor.Java.Adwind.C download attempt (malware-other.rules)
 * 1:64979 <-> DISABLED <-> MALWARE-OTHER Backdoor.Java.Adwind.C download attempt (malware-other.rules)
 * 1:64980 <-> DISABLED <-> MALWARE-OTHER Trojan.MacOS.LaoShu.A download attempt (malware-other.rules)
 * 1:64981 <-> DISABLED <-> MALWARE-OTHER Trojan.MacOS.LaoShu.A download attempt (malware-other.rules)
 * 1:64982 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt (malware-cnc.rules)
 * 1:64983 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt (malware-cnc.rules)
 * 1:64984 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt (malware-cnc.rules)
 * 1:64985 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt (malware-cnc.rules)
 * 1:64986 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt (malware-cnc.rules)
 * 1:64987 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt (malware-cnc.rules)
 * 1:64988 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt (malware-cnc.rules)
 * 1:64989 <-> DISABLED <-> MALWARE-OTHER Win.Loader.Stealc variant download attempt (malware-other.rules)
 * 1:64990 <-> DISABLED <-> MALWARE-OTHER Win.Loader.Stealc variant download attempt (malware-other.rules)
 * 1:64991 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Stealc variant outbound connection attempt (malware-cnc.rules)
 * 1:65007 <-> DISABLED <-> MALWARE-OTHER Trojan.Shell.Powerstats.A download attempt (malware-other.rules)
 * 1:64992 <-> DISABLED <-> MALWARE-OTHER Backdoor.PHP.Pbot.A download attempt (malware-other.rules)
 * 1:64993 <-> DISABLED <-> MALWARE-OTHER Backdoor.PHP.Pbot.A download attempt (malware-other.rules)
 * 1:64994 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt (malware-cnc.rules)
 * 1:64995 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt (malware-cnc.rules)
 * 1:64996 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt (malware-cnc.rules)
 * 1:64997 <-> DISABLED <-> MALWARE-OTHER Trojan.Shell.Popkiomth.A download attempt (malware-other.rules)
 * 1:64998 <-> DISABLED <-> MALWARE-OTHER Trojan.Shell.Popkiomth.A download attempt (malware-other.rules)
 * 1:64999 <-> DISABLED <-> MALWARE-OTHER Worm.VBS.Iniduoh.B download attempt (malware-other.rules)
 * 1:64974 <-> DISABLED <-> MALWARE-OTHER Trojan.MacOS.Kitmos.A download attempt (malware-other.rules)
 * 1:65000 <-> DISABLED <-> MALWARE-OTHER Worm.VBS.Iniduoh.B download attempt (malware-other.rules)
 * 1:64972 <-> DISABLED <-> MALWARE-OTHER Trojan.Win32.Bancyn.o download attempt (malware-other.rules)
 * 1:64973 <-> DISABLED <-> MALWARE-OTHER Trojan.Win32.Bancyn.o download attempt (malware-other.rules)
 * 1:65001 <-> DISABLED <-> MALWARE-OTHER Backdoor.Shell.Sharpstats.A download attempt (malware-other.rules)
 * 3:65011 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2025-2202 attack attempt (file-pdf.rules)
 * 3:65012 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2025-2202 attack attempt (file-pdf.rules)
 * 3:65013 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2025-2193 attack attempt (server-webapp.rules)

Modified Rules:


 * 1:64789 <-> DISABLED <-> APP-DETECT Erlang/OTP SSH server detected (app-detect.rules)
 * 1:64941 <-> DISABLED <-> SERVER-WEBAPP Yiiframework Yii 2 arbitrary behavior injection attempt (server-webapp.rules)
 * 1:50479 <-> ENABLED <-> MALWARE-TOOLS Win.Trojan.CoinMiner dropper transfer attempt (malware-tools.rules)
 * 1:64788 <-> ENABLED <-> SERVER-OTHER Erlang/OTP SSH potential remote code execution attempt (server-other.rules)
 * 1:60114 <-> DISABLED <-> SERVER-WEBAPP SAP NetWeaver directory traversal attempt (server-webapp.rules)
 * 1:60112 <-> DISABLED <-> SERVER-WEBAPP SAP NetWeaver directory traversal attempt (server-webapp.rules)
 * 1:50478 <-> ENABLED <-> MALWARE-TOOLS Win.Trojan.CoinMiner dropper transfer attempt (malware-tools.rules)

29160

2025-06-03 13:16:02 UTC

Snort Subscriber Rules Update

Date: 2025-06-03

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2091600.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:64966 <-> DISABLED <-> MALWARE-OTHER Trojan.Java.Jussuc.A download attempt (malware-other.rules)
 * 1:65001 <-> DISABLED <-> MALWARE-OTHER Backdoor.Shell.Sharpstats.A download attempt (malware-other.rules)
 * 1:65010 <-> DISABLED <-> MALWARE-OTHER Trojan.Win32.LockScreen.apr download attempt (malware-other.rules)
 * 1:65009 <-> DISABLED <-> MALWARE-OTHER Trojan.Win32.LockScreen.apr download attempt (malware-other.rules)
 * 1:64997 <-> DISABLED <-> MALWARE-OTHER Trojan.Shell.Popkiomth.A download attempt (malware-other.rules)
 * 1:64963 <-> DISABLED <-> MALWARE-OTHER Backdoor.VBS.Janicab.A download attempt (malware-other.rules)
 * 1:64968 <-> DISABLED <-> MALWARE-OTHER Backdoor.Java.Adwind.A download attempt (malware-other.rules)
 * 1:65000 <-> DISABLED <-> MALWARE-OTHER Worm.VBS.Iniduoh.B download attempt (malware-other.rules)
 * 1:64996 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt (malware-cnc.rules)
 * 1:64999 <-> DISABLED <-> MALWARE-OTHER Worm.VBS.Iniduoh.B download attempt (malware-other.rules)
 * 1:64964 <-> DISABLED <-> MALWARE-OTHER Backdoor.VBS.Janicab.A download attempt (malware-other.rules)
 * 1:65008 <-> DISABLED <-> MALWARE-OTHER Trojan.Shell.Powerstats.A download attempt (malware-other.rules)
 * 1:65006 <-> DISABLED <-> MALWARE-OTHER Trojan.Shell.Rennosmud.A download attempt (malware-other.rules)
 * 1:64967 <-> DISABLED <-> MALWARE-OTHER Trojan.Java.Jussuc.A download attempt (malware-other.rules)
 * 1:65007 <-> DISABLED <-> MALWARE-OTHER Trojan.Shell.Powerstats.A download attempt (malware-other.rules)
 * 1:65003 <-> DISABLED <-> MALWARE-OTHER Trojan-Downloader.JS.Ofauthin.A download attempt (malware-other.rules)
 * 1:64965 <-> DISABLED <-> SERVER-MAIL Synacor Zimbra Collaboration Suite webmail classic stored cross-site scripting attempt (server-mail.rules)
 * 1:65002 <-> DISABLED <-> MALWARE-OTHER Backdoor.Shell.Sharpstats.A download attempt (malware-other.rules)
 * 1:64998 <-> DISABLED <-> MALWARE-OTHER Trojan.Shell.Popkiomth.A download attempt (malware-other.rules)
 * 1:64969 <-> DISABLED <-> MALWARE-OTHER Backdoor.Java.Adwind.A download attempt (malware-other.rules)
 * 1:64970 <-> DISABLED <-> MALWARE-OTHER Worm.JS.Proslikefan.K download attempt (malware-other.rules)
 * 1:65004 <-> DISABLED <-> MALWARE-OTHER Trojan-Downloader.JS.Ofauthin.A download attempt (malware-other.rules)
 * 1:64971 <-> DISABLED <-> MALWARE-OTHER Worm.JS.Proslikefan.K download attempt (malware-other.rules)
 * 1:64972 <-> DISABLED <-> MALWARE-OTHER Trojan.Win32.Bancyn.o download attempt (malware-other.rules)
 * 1:64973 <-> DISABLED <-> MALWARE-OTHER Trojan.Win32.Bancyn.o download attempt (malware-other.rules)
 * 1:64974 <-> DISABLED <-> MALWARE-OTHER Trojan.MacOS.Kitmos.A download attempt (malware-other.rules)
 * 1:64975 <-> DISABLED <-> MALWARE-OTHER Trojan.MacOS.Kitmos.A download attempt (malware-other.rules)
 * 1:64976 <-> DISABLED <-> MALWARE-OTHER Backdoor.Java.Icefog.A download attempt (malware-other.rules)
 * 1:64977 <-> DISABLED <-> MALWARE-OTHER Backdoor.Java.Icefog.A download attempt (malware-other.rules)
 * 1:64978 <-> DISABLED <-> MALWARE-OTHER Backdoor.Java.Adwind.C download attempt (malware-other.rules)
 * 1:64979 <-> DISABLED <-> MALWARE-OTHER Backdoor.Java.Adwind.C download attempt (malware-other.rules)
 * 1:64980 <-> DISABLED <-> MALWARE-OTHER Trojan.MacOS.LaoShu.A download attempt (malware-other.rules)
 * 1:64981 <-> DISABLED <-> MALWARE-OTHER Trojan.MacOS.LaoShu.A download attempt (malware-other.rules)
 * 1:64982 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt (malware-cnc.rules)
 * 1:64983 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt (malware-cnc.rules)
 * 1:64984 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt (malware-cnc.rules)
 * 1:64985 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt (malware-cnc.rules)
 * 1:64986 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt (malware-cnc.rules)
 * 1:64987 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt (malware-cnc.rules)
 * 1:64988 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt (malware-cnc.rules)
 * 1:64989 <-> DISABLED <-> MALWARE-OTHER Win.Loader.Stealc variant download attempt (malware-other.rules)
 * 1:64990 <-> DISABLED <-> MALWARE-OTHER Win.Loader.Stealc variant download attempt (malware-other.rules)
 * 1:64991 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Stealc variant outbound connection attempt (malware-cnc.rules)
 * 1:64992 <-> DISABLED <-> MALWARE-OTHER Backdoor.PHP.Pbot.A download attempt (malware-other.rules)
 * 1:64993 <-> DISABLED <-> MALWARE-OTHER Backdoor.PHP.Pbot.A download attempt (malware-other.rules)
 * 1:64994 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt (malware-cnc.rules)
 * 1:64995 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt (malware-cnc.rules)
 * 1:65005 <-> DISABLED <-> MALWARE-OTHER Trojan.Shell.Rennosmud.A download attempt (malware-other.rules)
 * 3:65011 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2025-2202 attack attempt (file-pdf.rules)
 * 3:65012 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2025-2202 attack attempt (file-pdf.rules)
 * 3:65013 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2025-2193 attack attempt (server-webapp.rules)

Modified Rules:


 * 1:64789 <-> DISABLED <-> APP-DETECT Erlang/OTP SSH server detected (app-detect.rules)
 * 1:50479 <-> ENABLED <-> MALWARE-TOOLS Win.Trojan.CoinMiner dropper transfer attempt (malware-tools.rules)
 * 1:60114 <-> DISABLED <-> SERVER-WEBAPP SAP NetWeaver directory traversal attempt (server-webapp.rules)
 * 1:60112 <-> DISABLED <-> SERVER-WEBAPP SAP NetWeaver directory traversal attempt (server-webapp.rules)
 * 1:64788 <-> ENABLED <-> SERVER-OTHER Erlang/OTP SSH potential remote code execution attempt (server-other.rules)
 * 1:64941 <-> DISABLED <-> SERVER-WEBAPP Yiiframework Yii 2 arbitrary behavior injection attempt (server-webapp.rules)
 * 1:50478 <-> ENABLED <-> MALWARE-TOOLS Win.Trojan.CoinMiner dropper transfer attempt (malware-tools.rules)

29151

2025-06-03 13:16:02 UTC

Snort Subscriber Rules Update

Date: 2025-06-03

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2091501.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:64964 <-> DISABLED <-> MALWARE-OTHER Backdoor.VBS.Janicab.A download attempt (malware-other.rules)
 * 1:65003 <-> DISABLED <-> MALWARE-OTHER Trojan-Downloader.JS.Ofauthin.A download attempt (malware-other.rules)
 * 1:65005 <-> DISABLED <-> MALWARE-OTHER Trojan.Shell.Rennosmud.A download attempt (malware-other.rules)
 * 1:65010 <-> DISABLED <-> MALWARE-OTHER Trojan.Win32.LockScreen.apr download attempt (malware-other.rules)
 * 1:64966 <-> DISABLED <-> MALWARE-OTHER Trojan.Java.Jussuc.A download attempt (malware-other.rules)
 * 1:64974 <-> DISABLED <-> MALWARE-OTHER Trojan.MacOS.Kitmos.A download attempt (malware-other.rules)
 * 1:64965 <-> DISABLED <-> SERVER-MAIL Synacor Zimbra Collaboration Suite webmail classic stored cross-site scripting attempt (server-mail.rules)
 * 1:64967 <-> DISABLED <-> MALWARE-OTHER Trojan.Java.Jussuc.A download attempt (malware-other.rules)
 * 1:64976 <-> DISABLED <-> MALWARE-OTHER Backdoor.Java.Icefog.A download attempt (malware-other.rules)
 * 1:65007 <-> DISABLED <-> MALWARE-OTHER Trojan.Shell.Powerstats.A download attempt (malware-other.rules)
 * 1:64970 <-> DISABLED <-> MALWARE-OTHER Worm.JS.Proslikefan.K download attempt (malware-other.rules)
 * 1:65008 <-> DISABLED <-> MALWARE-OTHER Trojan.Shell.Powerstats.A download attempt (malware-other.rules)
 * 1:64969 <-> DISABLED <-> MALWARE-OTHER Backdoor.Java.Adwind.A download attempt (malware-other.rules)
 * 1:64963 <-> DISABLED <-> MALWARE-OTHER Backdoor.VBS.Janicab.A download attempt (malware-other.rules)
 * 1:64972 <-> DISABLED <-> MALWARE-OTHER Trojan.Win32.Bancyn.o download attempt (malware-other.rules)
 * 1:64973 <-> DISABLED <-> MALWARE-OTHER Trojan.Win32.Bancyn.o download attempt (malware-other.rules)
 * 1:64971 <-> DISABLED <-> MALWARE-OTHER Worm.JS.Proslikefan.K download attempt (malware-other.rules)
 * 1:64990 <-> DISABLED <-> MALWARE-OTHER Win.Loader.Stealc variant download attempt (malware-other.rules)
 * 1:65002 <-> DISABLED <-> MALWARE-OTHER Backdoor.Shell.Sharpstats.A download attempt (malware-other.rules)
 * 1:65001 <-> DISABLED <-> MALWARE-OTHER Backdoor.Shell.Sharpstats.A download attempt (malware-other.rules)
 * 1:64980 <-> DISABLED <-> MALWARE-OTHER Trojan.MacOS.LaoShu.A download attempt (malware-other.rules)
 * 1:64978 <-> DISABLED <-> MALWARE-OTHER Backdoor.Java.Adwind.C download attempt (malware-other.rules)
 * 1:64977 <-> DISABLED <-> MALWARE-OTHER Backdoor.Java.Icefog.A download attempt (malware-other.rules)
 * 1:64984 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt (malware-cnc.rules)
 * 1:64979 <-> DISABLED <-> MALWARE-OTHER Backdoor.Java.Adwind.C download attempt (malware-other.rules)
 * 1:64982 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt (malware-cnc.rules)
 * 1:64981 <-> DISABLED <-> MALWARE-OTHER Trojan.MacOS.LaoShu.A download attempt (malware-other.rules)
 * 1:64983 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt (malware-cnc.rules)
 * 1:64985 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt (malware-cnc.rules)
 * 1:64988 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt (malware-cnc.rules)
 * 1:64987 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt (malware-cnc.rules)
 * 1:64986 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt (malware-cnc.rules)
 * 1:64993 <-> DISABLED <-> MALWARE-OTHER Backdoor.PHP.Pbot.A download attempt (malware-other.rules)
 * 1:64989 <-> DISABLED <-> MALWARE-OTHER Win.Loader.Stealc variant download attempt (malware-other.rules)
 * 1:64992 <-> DISABLED <-> MALWARE-OTHER Backdoor.PHP.Pbot.A download attempt (malware-other.rules)
 * 1:64991 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Stealc variant outbound connection attempt (malware-cnc.rules)
 * 1:64994 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt (malware-cnc.rules)
 * 1:64997 <-> DISABLED <-> MALWARE-OTHER Trojan.Shell.Popkiomth.A download attempt (malware-other.rules)
 * 1:64996 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt (malware-cnc.rules)
 * 1:64995 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt (malware-cnc.rules)
 * 1:65000 <-> DISABLED <-> MALWARE-OTHER Worm.VBS.Iniduoh.B download attempt (malware-other.rules)
 * 1:64998 <-> DISABLED <-> MALWARE-OTHER Trojan.Shell.Popkiomth.A download attempt (malware-other.rules)
 * 1:65006 <-> DISABLED <-> MALWARE-OTHER Trojan.Shell.Rennosmud.A download attempt (malware-other.rules)
 * 1:65004 <-> DISABLED <-> MALWARE-OTHER Trojan-Downloader.JS.Ofauthin.A download attempt (malware-other.rules)
 * 1:64975 <-> DISABLED <-> MALWARE-OTHER Trojan.MacOS.Kitmos.A download attempt (malware-other.rules)
 * 1:65009 <-> DISABLED <-> MALWARE-OTHER Trojan.Win32.LockScreen.apr download attempt (malware-other.rules)
 * 1:64999 <-> DISABLED <-> MALWARE-OTHER Worm.VBS.Iniduoh.B download attempt (malware-other.rules)
 * 1:64968 <-> DISABLED <-> MALWARE-OTHER Backdoor.Java.Adwind.A download attempt (malware-other.rules)
 * 3:65011 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2025-2202 attack attempt (file-pdf.rules)
 * 3:65012 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2025-2202 attack attempt (file-pdf.rules)
 * 3:65013 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2025-2193 attack attempt (server-webapp.rules)

Modified Rules:


 * 1:64941 <-> DISABLED <-> SERVER-WEBAPP Yiiframework Yii 2 arbitrary behavior injection attempt (server-webapp.rules)
 * 1:50479 <-> ENABLED <-> MALWARE-TOOLS Win.Trojan.CoinMiner dropper transfer attempt (malware-tools.rules)
 * 1:60114 <-> DISABLED <-> SERVER-WEBAPP SAP NetWeaver directory traversal attempt (server-webapp.rules)
 * 1:60112 <-> DISABLED <-> SERVER-WEBAPP SAP NetWeaver directory traversal attempt (server-webapp.rules)
 * 1:64788 <-> ENABLED <-> SERVER-OTHER Erlang/OTP SSH potential remote code execution attempt (server-other.rules)
 * 1:64789 <-> DISABLED <-> APP-DETECT Erlang/OTP SSH server detected (app-detect.rules)
 * 1:50478 <-> ENABLED <-> MALWARE-TOOLS Win.Trojan.CoinMiner dropper transfer attempt (malware-tools.rules)

29141

2025-06-03 13:16:02 UTC

Snort Subscriber Rules Update

Date: 2025-06-03

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2091401.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:64999 <-> DISABLED <-> MALWARE-OTHER Worm.VBS.Iniduoh.B download attempt (malware-other.rules)
 * 1:65010 <-> DISABLED <-> MALWARE-OTHER Trojan.Win32.LockScreen.apr download attempt (malware-other.rules)
 * 1:65006 <-> DISABLED <-> MALWARE-OTHER Trojan.Shell.Rennosmud.A download attempt (malware-other.rules)
 * 1:64989 <-> DISABLED <-> MALWARE-OTHER Win.Loader.Stealc variant download attempt (malware-other.rules)
 * 1:64998 <-> DISABLED <-> MALWARE-OTHER Trojan.Shell.Popkiomth.A download attempt (malware-other.rules)
 * 1:64996 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt (malware-cnc.rules)
 * 1:65005 <-> DISABLED <-> MALWARE-OTHER Trojan.Shell.Rennosmud.A download attempt (malware-other.rules)
 * 1:65007 <-> DISABLED <-> MALWARE-OTHER Trojan.Shell.Powerstats.A download attempt (malware-other.rules)
 * 1:64995 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt (malware-cnc.rules)
 * 1:64964 <-> DISABLED <-> MALWARE-OTHER Backdoor.VBS.Janicab.A download attempt (malware-other.rules)
 * 1:64997 <-> DISABLED <-> MALWARE-OTHER Trojan.Shell.Popkiomth.A download attempt (malware-other.rules)
 * 1:65004 <-> DISABLED <-> MALWARE-OTHER Trojan-Downloader.JS.Ofauthin.A download attempt (malware-other.rules)
 * 1:64966 <-> DISABLED <-> MALWARE-OTHER Trojan.Java.Jussuc.A download attempt (malware-other.rules)
 * 1:65009 <-> DISABLED <-> MALWARE-OTHER Trojan.Win32.LockScreen.apr download attempt (malware-other.rules)
 * 1:64987 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt (malware-cnc.rules)
 * 1:64992 <-> DISABLED <-> MALWARE-OTHER Backdoor.PHP.Pbot.A download attempt (malware-other.rules)
 * 1:64993 <-> DISABLED <-> MALWARE-OTHER Backdoor.PHP.Pbot.A download attempt (malware-other.rules)
 * 1:64991 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Stealc variant outbound connection attempt (malware-cnc.rules)
 * 1:64967 <-> DISABLED <-> MALWARE-OTHER Trojan.Java.Jussuc.A download attempt (malware-other.rules)
 * 1:64971 <-> DISABLED <-> MALWARE-OTHER Worm.JS.Proslikefan.K download attempt (malware-other.rules)
 * 1:65008 <-> DISABLED <-> MALWARE-OTHER Trojan.Shell.Powerstats.A download attempt (malware-other.rules)
 * 1:64972 <-> DISABLED <-> MALWARE-OTHER Trojan.Win32.Bancyn.o download attempt (malware-other.rules)
 * 1:64973 <-> DISABLED <-> MALWARE-OTHER Trojan.Win32.Bancyn.o download attempt (malware-other.rules)
 * 1:64978 <-> DISABLED <-> MALWARE-OTHER Backdoor.Java.Adwind.C download attempt (malware-other.rules)
 * 1:64976 <-> DISABLED <-> MALWARE-OTHER Backdoor.Java.Icefog.A download attempt (malware-other.rules)
 * 1:64977 <-> DISABLED <-> MALWARE-OTHER Backdoor.Java.Icefog.A download attempt (malware-other.rules)
 * 1:64982 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt (malware-cnc.rules)
 * 1:64994 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt (malware-cnc.rules)
 * 1:64981 <-> DISABLED <-> MALWARE-OTHER Trojan.MacOS.LaoShu.A download attempt (malware-other.rules)
 * 1:64980 <-> DISABLED <-> MALWARE-OTHER Trojan.MacOS.LaoShu.A download attempt (malware-other.rules)
 * 1:64986 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt (malware-cnc.rules)
 * 1:64979 <-> DISABLED <-> MALWARE-OTHER Backdoor.Java.Adwind.C download attempt (malware-other.rules)
 * 1:64984 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt (malware-cnc.rules)
 * 1:64985 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt (malware-cnc.rules)
 * 1:64990 <-> DISABLED <-> MALWARE-OTHER Win.Loader.Stealc variant download attempt (malware-other.rules)
 * 1:64983 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt (malware-cnc.rules)
 * 1:64988 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt (malware-cnc.rules)
 * 1:64965 <-> DISABLED <-> SERVER-MAIL Synacor Zimbra Collaboration Suite webmail classic stored cross-site scripting attempt (server-mail.rules)
 * 1:65003 <-> DISABLED <-> MALWARE-OTHER Trojan-Downloader.JS.Ofauthin.A download attempt (malware-other.rules)
 * 1:64969 <-> DISABLED <-> MALWARE-OTHER Backdoor.Java.Adwind.A download attempt (malware-other.rules)
 * 1:65002 <-> DISABLED <-> MALWARE-OTHER Backdoor.Shell.Sharpstats.A download attempt (malware-other.rules)
 * 1:65000 <-> DISABLED <-> MALWARE-OTHER Worm.VBS.Iniduoh.B download attempt (malware-other.rules)
 * 1:64963 <-> DISABLED <-> MALWARE-OTHER Backdoor.VBS.Janicab.A download attempt (malware-other.rules)
 * 1:64974 <-> DISABLED <-> MALWARE-OTHER Trojan.MacOS.Kitmos.A download attempt (malware-other.rules)
 * 1:64968 <-> DISABLED <-> MALWARE-OTHER Backdoor.Java.Adwind.A download attempt (malware-other.rules)
 * 1:64975 <-> DISABLED <-> MALWARE-OTHER Trojan.MacOS.Kitmos.A download attempt (malware-other.rules)
 * 1:64970 <-> DISABLED <-> MALWARE-OTHER Worm.JS.Proslikefan.K download attempt (malware-other.rules)
 * 1:65001 <-> DISABLED <-> MALWARE-OTHER Backdoor.Shell.Sharpstats.A download attempt (malware-other.rules)
 * 3:65011 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2025-2202 attack attempt (file-pdf.rules)
 * 3:65012 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2025-2202 attack attempt (file-pdf.rules)
 * 3:65013 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2025-2193 attack attempt (server-webapp.rules)

Modified Rules:


 * 1:50479 <-> ENABLED <-> MALWARE-TOOLS Win.Trojan.CoinMiner dropper transfer attempt (malware-tools.rules)
 * 1:60114 <-> DISABLED <-> SERVER-WEBAPP SAP NetWeaver directory traversal attempt (server-webapp.rules)
 * 1:60112 <-> DISABLED <-> SERVER-WEBAPP SAP NetWeaver directory traversal attempt (server-webapp.rules)
 * 1:64789 <-> DISABLED <-> APP-DETECT Erlang/OTP SSH server detected (app-detect.rules)
 * 1:64788 <-> ENABLED <-> SERVER-OTHER Erlang/OTP SSH potential remote code execution attempt (server-other.rules)
 * 1:64941 <-> DISABLED <-> SERVER-WEBAPP Yiiframework Yii 2 arbitrary behavior injection attempt (server-webapp.rules)
 * 1:50478 <-> ENABLED <-> MALWARE-TOOLS Win.Trojan.CoinMiner dropper transfer attempt (malware-tools.rules)

29130

2025-06-03 13:16:02 UTC

Snort Subscriber Rules Update

Date: 2025-06-03

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2091300.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:65008 <-> DISABLED <-> MALWARE-OTHER Trojan.Shell.Powerstats.A download attempt (malware-other.rules)
 * 1:65010 <-> DISABLED <-> MALWARE-OTHER Trojan.Win32.LockScreen.apr download attempt (malware-other.rules)
 * 1:65003 <-> DISABLED <-> MALWARE-OTHER Trojan-Downloader.JS.Ofauthin.A download attempt (malware-other.rules)
 * 1:64971 <-> DISABLED <-> MALWARE-OTHER Worm.JS.Proslikefan.K download attempt (malware-other.rules)
 * 1:65004 <-> DISABLED <-> MALWARE-OTHER Trojan-Downloader.JS.Ofauthin.A download attempt (malware-other.rules)
 * 1:65006 <-> DISABLED <-> MALWARE-OTHER Trojan.Shell.Rennosmud.A download attempt (malware-other.rules)
 * 1:65000 <-> DISABLED <-> MALWARE-OTHER Worm.VBS.Iniduoh.B download attempt (malware-other.rules)
 * 1:64963 <-> DISABLED <-> MALWARE-OTHER Backdoor.VBS.Janicab.A download attempt (malware-other.rules)
 * 1:65002 <-> DISABLED <-> MALWARE-OTHER Backdoor.Shell.Sharpstats.A download attempt (malware-other.rules)
 * 1:64968 <-> DISABLED <-> MALWARE-OTHER Backdoor.Java.Adwind.A download attempt (malware-other.rules)
 * 1:64972 <-> DISABLED <-> MALWARE-OTHER Trojan.Win32.Bancyn.o download attempt (malware-other.rules)
 * 1:64973 <-> DISABLED <-> MALWARE-OTHER Trojan.Win32.Bancyn.o download attempt (malware-other.rules)
 * 1:64967 <-> DISABLED <-> MALWARE-OTHER Trojan.Java.Jussuc.A download attempt (malware-other.rules)
 * 1:65001 <-> DISABLED <-> MALWARE-OTHER Backdoor.Shell.Sharpstats.A download attempt (malware-other.rules)
 * 1:65007 <-> DISABLED <-> MALWARE-OTHER Trojan.Shell.Powerstats.A download attempt (malware-other.rules)
 * 1:64974 <-> DISABLED <-> MALWARE-OTHER Trojan.MacOS.Kitmos.A download attempt (malware-other.rules)
 * 1:64975 <-> DISABLED <-> MALWARE-OTHER Trojan.MacOS.Kitmos.A download attempt (malware-other.rules)
 * 1:64976 <-> DISABLED <-> MALWARE-OTHER Backdoor.Java.Icefog.A download attempt (malware-other.rules)
 * 1:64977 <-> DISABLED <-> MALWARE-OTHER Backdoor.Java.Icefog.A download attempt (malware-other.rules)
 * 1:64978 <-> DISABLED <-> MALWARE-OTHER Backdoor.Java.Adwind.C download attempt (malware-other.rules)
 * 1:64979 <-> DISABLED <-> MALWARE-OTHER Backdoor.Java.Adwind.C download attempt (malware-other.rules)
 * 1:64999 <-> DISABLED <-> MALWARE-OTHER Worm.VBS.Iniduoh.B download attempt (malware-other.rules)
 * 1:64980 <-> DISABLED <-> MALWARE-OTHER Trojan.MacOS.LaoShu.A download attempt (malware-other.rules)
 * 1:64981 <-> DISABLED <-> MALWARE-OTHER Trojan.MacOS.LaoShu.A download attempt (malware-other.rules)
 * 1:64982 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt (malware-cnc.rules)
 * 1:64983 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt (malware-cnc.rules)
 * 1:64984 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt (malware-cnc.rules)
 * 1:64985 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt (malware-cnc.rules)
 * 1:64986 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt (malware-cnc.rules)
 * 1:64987 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt (malware-cnc.rules)
 * 1:64988 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt (malware-cnc.rules)
 * 1:64989 <-> DISABLED <-> MALWARE-OTHER Win.Loader.Stealc variant download attempt (malware-other.rules)
 * 1:64990 <-> DISABLED <-> MALWARE-OTHER Win.Loader.Stealc variant download attempt (malware-other.rules)
 * 1:64991 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Stealc variant outbound connection attempt (malware-cnc.rules)
 * 1:64992 <-> DISABLED <-> MALWARE-OTHER Backdoor.PHP.Pbot.A download attempt (malware-other.rules)
 * 1:64993 <-> DISABLED <-> MALWARE-OTHER Backdoor.PHP.Pbot.A download attempt (malware-other.rules)
 * 1:64994 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt (malware-cnc.rules)
 * 1:64966 <-> DISABLED <-> MALWARE-OTHER Trojan.Java.Jussuc.A download attempt (malware-other.rules)
 * 1:64995 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt (malware-cnc.rules)
 * 1:64969 <-> DISABLED <-> MALWARE-OTHER Backdoor.Java.Adwind.A download attempt (malware-other.rules)
 * 1:64996 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt (malware-cnc.rules)
 * 1:64970 <-> DISABLED <-> MALWARE-OTHER Worm.JS.Proslikefan.K download attempt (malware-other.rules)
 * 1:65005 <-> DISABLED <-> MALWARE-OTHER Trojan.Shell.Rennosmud.A download attempt (malware-other.rules)
 * 1:64997 <-> DISABLED <-> MALWARE-OTHER Trojan.Shell.Popkiomth.A download attempt (malware-other.rules)
 * 1:64965 <-> DISABLED <-> SERVER-MAIL Synacor Zimbra Collaboration Suite webmail classic stored cross-site scripting attempt (server-mail.rules)
 * 1:64964 <-> DISABLED <-> MALWARE-OTHER Backdoor.VBS.Janicab.A download attempt (malware-other.rules)
 * 1:64998 <-> DISABLED <-> MALWARE-OTHER Trojan.Shell.Popkiomth.A download attempt (malware-other.rules)
 * 1:65009 <-> DISABLED <-> MALWARE-OTHER Trojan.Win32.LockScreen.apr download attempt (malware-other.rules)
 * 3:65011 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2025-2202 attack attempt (file-pdf.rules)
 * 3:65012 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2025-2202 attack attempt (file-pdf.rules)
 * 3:65013 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2025-2193 attack attempt (server-webapp.rules)

Modified Rules:


 * 1:60112 <-> DISABLED <-> SERVER-WEBAPP SAP NetWeaver directory traversal attempt (server-webapp.rules)
 * 1:50479 <-> ENABLED <-> MALWARE-TOOLS Win.Trojan.CoinMiner dropper transfer attempt (malware-tools.rules)
 * 1:64788 <-> ENABLED <-> SERVER-OTHER Erlang/OTP SSH potential remote code execution attempt (server-other.rules)
 * 1:64789 <-> DISABLED <-> APP-DETECT Erlang/OTP SSH server detected (app-detect.rules)
 * 1:60114 <-> DISABLED <-> SERVER-WEBAPP SAP NetWeaver directory traversal attempt (server-webapp.rules)
 * 1:64941 <-> DISABLED <-> SERVER-WEBAPP Yiiframework Yii 2 arbitrary behavior injection attempt (server-webapp.rules)
 * 1:50478 <-> ENABLED <-> MALWARE-TOOLS Win.Trojan.CoinMiner dropper transfer attempt (malware-tools.rules)

29111

2025-06-03 13:16:02 UTC

Snort Subscriber Rules Update

Date: 2025-06-03

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2091101.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:65007 <-> DISABLED <-> MALWARE-OTHER Trojan.Shell.Powerstats.A download attempt (malware-other.rules)
 * 1:65004 <-> DISABLED <-> MALWARE-OTHER Trojan-Downloader.JS.Ofauthin.A download attempt (malware-other.rules)
 * 1:65009 <-> DISABLED <-> MALWARE-OTHER Trojan.Win32.LockScreen.apr download attempt (malware-other.rules)
 * 1:65000 <-> DISABLED <-> MALWARE-OTHER Worm.VBS.Iniduoh.B download attempt (malware-other.rules)
 * 1:64965 <-> DISABLED <-> SERVER-MAIL Synacor Zimbra Collaboration Suite webmail classic stored cross-site scripting attempt (server-mail.rules)
 * 1:65001 <-> DISABLED <-> MALWARE-OTHER Backdoor.Shell.Sharpstats.A download attempt (malware-other.rules)
 * 1:64963 <-> DISABLED <-> MALWARE-OTHER Backdoor.VBS.Janicab.A download attempt (malware-other.rules)
 * 1:64968 <-> DISABLED <-> MALWARE-OTHER Backdoor.Java.Adwind.A download attempt (malware-other.rules)
 * 1:65008 <-> DISABLED <-> MALWARE-OTHER Trojan.Shell.Powerstats.A download attempt (malware-other.rules)
 * 1:64964 <-> DISABLED <-> MALWARE-OTHER Backdoor.VBS.Janicab.A download attempt (malware-other.rules)
 * 1:64999 <-> DISABLED <-> MALWARE-OTHER Worm.VBS.Iniduoh.B download attempt (malware-other.rules)
 * 1:64967 <-> DISABLED <-> MALWARE-OTHER Trojan.Java.Jussuc.A download attempt (malware-other.rules)
 * 1:65002 <-> DISABLED <-> MALWARE-OTHER Backdoor.Shell.Sharpstats.A download attempt (malware-other.rules)
 * 1:64972 <-> DISABLED <-> MALWARE-OTHER Trojan.Win32.Bancyn.o download attempt (malware-other.rules)
 * 1:64973 <-> DISABLED <-> MALWARE-OTHER Trojan.Win32.Bancyn.o download attempt (malware-other.rules)
 * 1:64974 <-> DISABLED <-> MALWARE-OTHER Trojan.MacOS.Kitmos.A download attempt (malware-other.rules)
 * 1:64975 <-> DISABLED <-> MALWARE-OTHER Trojan.MacOS.Kitmos.A download attempt (malware-other.rules)
 * 1:64976 <-> DISABLED <-> MALWARE-OTHER Backdoor.Java.Icefog.A download attempt (malware-other.rules)
 * 1:64977 <-> DISABLED <-> MALWARE-OTHER Backdoor.Java.Icefog.A download attempt (malware-other.rules)
 * 1:64978 <-> DISABLED <-> MALWARE-OTHER Backdoor.Java.Adwind.C download attempt (malware-other.rules)
 * 1:64979 <-> DISABLED <-> MALWARE-OTHER Backdoor.Java.Adwind.C download attempt (malware-other.rules)
 * 1:64980 <-> DISABLED <-> MALWARE-OTHER Trojan.MacOS.LaoShu.A download attempt (malware-other.rules)
 * 1:64981 <-> DISABLED <-> MALWARE-OTHER Trojan.MacOS.LaoShu.A download attempt (malware-other.rules)
 * 1:64982 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt (malware-cnc.rules)
 * 1:64983 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt (malware-cnc.rules)
 * 1:64966 <-> DISABLED <-> MALWARE-OTHER Trojan.Java.Jussuc.A download attempt (malware-other.rules)
 * 1:64984 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt (malware-cnc.rules)
 * 1:64970 <-> DISABLED <-> MALWARE-OTHER Worm.JS.Proslikefan.K download attempt (malware-other.rules)
 * 1:64985 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt (malware-cnc.rules)
 * 1:65005 <-> DISABLED <-> MALWARE-OTHER Trojan.Shell.Rennosmud.A download attempt (malware-other.rules)
 * 1:65003 <-> DISABLED <-> MALWARE-OTHER Trojan-Downloader.JS.Ofauthin.A download attempt (malware-other.rules)
 * 1:64986 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt (malware-cnc.rules)
 * 1:65006 <-> DISABLED <-> MALWARE-OTHER Trojan.Shell.Rennosmud.A download attempt (malware-other.rules)
 * 1:64987 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt (malware-cnc.rules)
 * 1:64988 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt (malware-cnc.rules)
 * 1:64989 <-> DISABLED <-> MALWARE-OTHER Win.Loader.Stealc variant download attempt (malware-other.rules)
 * 1:64990 <-> DISABLED <-> MALWARE-OTHER Win.Loader.Stealc variant download attempt (malware-other.rules)
 * 1:64969 <-> DISABLED <-> MALWARE-OTHER Backdoor.Java.Adwind.A download attempt (malware-other.rules)
 * 1:64991 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Stealc variant outbound connection attempt (malware-cnc.rules)
 * 1:64992 <-> DISABLED <-> MALWARE-OTHER Backdoor.PHP.Pbot.A download attempt (malware-other.rules)
 * 1:64971 <-> DISABLED <-> MALWARE-OTHER Worm.JS.Proslikefan.K download attempt (malware-other.rules)
 * 1:64993 <-> DISABLED <-> MALWARE-OTHER Backdoor.PHP.Pbot.A download attempt (malware-other.rules)
 * 1:64994 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt (malware-cnc.rules)
 * 1:65010 <-> DISABLED <-> MALWARE-OTHER Trojan.Win32.LockScreen.apr download attempt (malware-other.rules)
 * 1:64995 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt (malware-cnc.rules)
 * 1:64996 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt (malware-cnc.rules)
 * 1:64997 <-> DISABLED <-> MALWARE-OTHER Trojan.Shell.Popkiomth.A download attempt (malware-other.rules)
 * 1:64998 <-> DISABLED <-> MALWARE-OTHER Trojan.Shell.Popkiomth.A download attempt (malware-other.rules)
 * 3:65011 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2025-2202 attack attempt (file-pdf.rules)
 * 3:65012 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2025-2202 attack attempt (file-pdf.rules)
 * 3:65013 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2025-2193 attack attempt (server-webapp.rules)

Modified Rules:


 * 1:64788 <-> ENABLED <-> SERVER-OTHER Erlang/OTP SSH potential remote code execution attempt (server-other.rules)
 * 1:50479 <-> ENABLED <-> MALWARE-TOOLS Win.Trojan.CoinMiner dropper transfer attempt (malware-tools.rules)
 * 1:60114 <-> DISABLED <-> SERVER-WEBAPP SAP NetWeaver directory traversal attempt (server-webapp.rules)
 * 1:60112 <-> DISABLED <-> SERVER-WEBAPP SAP NetWeaver directory traversal attempt (server-webapp.rules)
 * 1:64789 <-> DISABLED <-> APP-DETECT Erlang/OTP SSH server detected (app-detect.rules)
 * 1:64941 <-> DISABLED <-> SERVER-WEBAPP Yiiframework Yii 2 arbitrary behavior injection attempt (server-webapp.rules)
 * 1:50478 <-> ENABLED <-> MALWARE-TOOLS Win.Trojan.CoinMiner dropper transfer attempt (malware-tools.rules)

3000

2025-06-03 13:18:56 UTC

Snort Subscriber Rules Update

Date: 2025-06-02-002

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.0.0.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:301225 <-> MALWARE-OTHER Backdoor.VBS.Janicab.A download attempt
* 1:301226 <-> MALWARE-OTHER Trojan.Java.Jussuc.A download attempt
* 1:301227 <-> MALWARE-OTHER Backdoor.Java.Adwind.A download attempt
* 1:301228 <-> MALWARE-OTHER Worm.JS.Proslikefan.K download attempt
* 1:301229 <-> MALWARE-OTHER Trojan.Win32.Bancyn.o download attempt
* 1:301230 <-> FILE-OFFICE Microsoft Office Excel ddeService command execution attempt
* 1:301231 <-> MALWARE-OTHER Trojan.MacOS.Kitmos.A download attempt
* 1:301232 <-> MALWARE-OTHER Backdoor.Java.Icefog.A download attempt
* 1:301233 <-> MALWARE-OTHER Backdoor.Java.Adwind.C download attempt
* 1:301234 <-> MALWARE-OTHER Trojan.MacOS.LaoShu.A download attempt
* 1:301235 <-> MALWARE-OTHER Win.Loader.Stealc variant download attempt
* 1:301236 <-> MALWARE-OTHER Backdoor.PHP.Pbot.A download attempt
* 1:301237 <-> MALWARE-OTHER Trojan.Shell.Popkiomth.A download attempt
* 1:301238 <-> MALWARE-OTHER Worm.VBS.Iniduoh.B download attempt
* 1:301239 <-> MALWARE-OTHER Backdoor.Shell.Sharpstats.A download attempt
* 1:301240 <-> MALWARE-OTHER Trojan-Downloader.JS.Ofauthin.A download attempt
* 1:301241 <-> MALWARE-OTHER Trojan.Shell.Rennosmud.A download attempt
* 1:301242 <-> MALWARE-OTHER Trojan.Shell.Powerstats.A download attempt
* 1:301243 <-> MALWARE-OTHER Trojan.Win32.LockScreen.apr download attempt
* 1:64965 <-> SERVER-MAIL Synacor Zimbra Collaboration Suite webmail classic stored cross-site scripting attempt
* 1:64982 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64983 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64984 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64985 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64986 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64987 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64988 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64991 <-> MALWARE-CNC Win.InfoStealer.Stealc variant outbound connection attempt
* 1:64994 <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt
* 1:64995 <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt
* 1:64996 <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt
* 3:65011 <-> FILE-PDF TRUFFLEHUNTER TALOS-2025-2202 attack attempt
* 3:65012 <-> FILE-PDF TRUFFLEHUNTER TALOS-2025-2202 attack attempt
* 3:65013 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2025-2193 attack attempt

Modified Rules:

* 1:50478 <-> MALWARE-TOOLS Win.Trojan.CoinMiner dropper transfer attempt
* 1:50479 <-> MALWARE-TOOLS Win.Trojan.CoinMiner dropper transfer attempt
* 1:64941 <-> SERVER-WEBAPP Yiiframework Yii 2 arbitrary PHP code injection attempt

3031

2025-06-03 13:18:56 UTC

Snort Subscriber Rules Update

Date: 2025-06-02-002

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.0.3.1.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:301225 <-> MALWARE-OTHER Backdoor.VBS.Janicab.A download attempt
* 1:301226 <-> MALWARE-OTHER Trojan.Java.Jussuc.A download attempt
* 1:301227 <-> MALWARE-OTHER Backdoor.Java.Adwind.A download attempt
* 1:301228 <-> MALWARE-OTHER Worm.JS.Proslikefan.K download attempt
* 1:301229 <-> MALWARE-OTHER Trojan.Win32.Bancyn.o download attempt
* 1:301230 <-> FILE-OFFICE Microsoft Office Excel ddeService command execution attempt
* 1:301231 <-> MALWARE-OTHER Trojan.MacOS.Kitmos.A download attempt
* 1:301232 <-> MALWARE-OTHER Backdoor.Java.Icefog.A download attempt
* 1:301233 <-> MALWARE-OTHER Backdoor.Java.Adwind.C download attempt
* 1:301234 <-> MALWARE-OTHER Trojan.MacOS.LaoShu.A download attempt
* 1:301235 <-> MALWARE-OTHER Win.Loader.Stealc variant download attempt
* 1:301236 <-> MALWARE-OTHER Backdoor.PHP.Pbot.A download attempt
* 1:301237 <-> MALWARE-OTHER Trojan.Shell.Popkiomth.A download attempt
* 1:301238 <-> MALWARE-OTHER Worm.VBS.Iniduoh.B download attempt
* 1:301239 <-> MALWARE-OTHER Backdoor.Shell.Sharpstats.A download attempt
* 1:301240 <-> MALWARE-OTHER Trojan-Downloader.JS.Ofauthin.A download attempt
* 1:301241 <-> MALWARE-OTHER Trojan.Shell.Rennosmud.A download attempt
* 1:301242 <-> MALWARE-OTHER Trojan.Shell.Powerstats.A download attempt
* 1:301243 <-> MALWARE-OTHER Trojan.Win32.LockScreen.apr download attempt
* 1:64965 <-> SERVER-MAIL Synacor Zimbra Collaboration Suite webmail classic stored cross-site scripting attempt
* 1:64982 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64983 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64984 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64985 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64986 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64987 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64988 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64991 <-> MALWARE-CNC Win.InfoStealer.Stealc variant outbound connection attempt
* 1:64994 <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt
* 1:64995 <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt
* 1:64996 <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt
* 3:65011 <-> FILE-PDF TRUFFLEHUNTER TALOS-2025-2202 attack attempt
* 3:65012 <-> FILE-PDF TRUFFLEHUNTER TALOS-2025-2202 attack attempt
* 3:65013 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2025-2193 attack attempt

Modified Rules:

* 1:50478 <-> MALWARE-TOOLS Win.Trojan.CoinMiner dropper transfer attempt
* 1:50479 <-> MALWARE-TOOLS Win.Trojan.CoinMiner dropper transfer attempt
* 1:64941 <-> SERVER-WEBAPP Yiiframework Yii 2 arbitrary PHP code injection attempt

3034

2025-06-03 13:18:56 UTC

Snort Subscriber Rules Update

Date: 2025-06-02-002

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.0.3.4.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:301225 <-> MALWARE-OTHER Backdoor.VBS.Janicab.A download attempt
* 1:301226 <-> MALWARE-OTHER Trojan.Java.Jussuc.A download attempt
* 1:301227 <-> MALWARE-OTHER Backdoor.Java.Adwind.A download attempt
* 1:301228 <-> MALWARE-OTHER Worm.JS.Proslikefan.K download attempt
* 1:301229 <-> MALWARE-OTHER Trojan.Win32.Bancyn.o download attempt
* 1:301230 <-> FILE-OFFICE Microsoft Office Excel ddeService command execution attempt
* 1:301231 <-> MALWARE-OTHER Trojan.MacOS.Kitmos.A download attempt
* 1:301232 <-> MALWARE-OTHER Backdoor.Java.Icefog.A download attempt
* 1:301233 <-> MALWARE-OTHER Backdoor.Java.Adwind.C download attempt
* 1:301234 <-> MALWARE-OTHER Trojan.MacOS.LaoShu.A download attempt
* 1:301235 <-> MALWARE-OTHER Win.Loader.Stealc variant download attempt
* 1:301236 <-> MALWARE-OTHER Backdoor.PHP.Pbot.A download attempt
* 1:301237 <-> MALWARE-OTHER Trojan.Shell.Popkiomth.A download attempt
* 1:301238 <-> MALWARE-OTHER Worm.VBS.Iniduoh.B download attempt
* 1:301239 <-> MALWARE-OTHER Backdoor.Shell.Sharpstats.A download attempt
* 1:301240 <-> MALWARE-OTHER Trojan-Downloader.JS.Ofauthin.A download attempt
* 1:301241 <-> MALWARE-OTHER Trojan.Shell.Rennosmud.A download attempt
* 1:301242 <-> MALWARE-OTHER Trojan.Shell.Powerstats.A download attempt
* 1:301243 <-> MALWARE-OTHER Trojan.Win32.LockScreen.apr download attempt
* 1:64965 <-> SERVER-MAIL Synacor Zimbra Collaboration Suite webmail classic stored cross-site scripting attempt
* 1:64982 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64983 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64984 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64985 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64986 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64987 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64988 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64991 <-> MALWARE-CNC Win.InfoStealer.Stealc variant outbound connection attempt
* 1:64994 <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt
* 1:64995 <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt
* 1:64996 <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt
* 3:65011 <-> FILE-PDF TRUFFLEHUNTER TALOS-2025-2202 attack attempt
* 3:65012 <-> FILE-PDF TRUFFLEHUNTER TALOS-2025-2202 attack attempt
* 3:65013 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2025-2193 attack attempt

Modified Rules:

* 1:50478 <-> MALWARE-TOOLS Win.Trojan.CoinMiner dropper transfer attempt
* 1:50479 <-> MALWARE-TOOLS Win.Trojan.CoinMiner dropper transfer attempt
* 1:64941 <-> SERVER-WEBAPP Yiiframework Yii 2 arbitrary PHP code injection attempt

3100

2025-06-03 13:18:56 UTC

Snort Subscriber Rules Update

Date: 2025-06-02-002

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.0.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:301225 <-> MALWARE-OTHER Backdoor.VBS.Janicab.A download attempt
* 1:301226 <-> MALWARE-OTHER Trojan.Java.Jussuc.A download attempt
* 1:301227 <-> MALWARE-OTHER Backdoor.Java.Adwind.A download attempt
* 1:301228 <-> MALWARE-OTHER Worm.JS.Proslikefan.K download attempt
* 1:301229 <-> MALWARE-OTHER Trojan.Win32.Bancyn.o download attempt
* 1:301230 <-> FILE-OFFICE Microsoft Office Excel ddeService command execution attempt
* 1:301231 <-> MALWARE-OTHER Trojan.MacOS.Kitmos.A download attempt
* 1:301232 <-> MALWARE-OTHER Backdoor.Java.Icefog.A download attempt
* 1:301233 <-> MALWARE-OTHER Backdoor.Java.Adwind.C download attempt
* 1:301234 <-> MALWARE-OTHER Trojan.MacOS.LaoShu.A download attempt
* 1:301235 <-> MALWARE-OTHER Win.Loader.Stealc variant download attempt
* 1:301236 <-> MALWARE-OTHER Backdoor.PHP.Pbot.A download attempt
* 1:301237 <-> MALWARE-OTHER Trojan.Shell.Popkiomth.A download attempt
* 1:301238 <-> MALWARE-OTHER Worm.VBS.Iniduoh.B download attempt
* 1:301239 <-> MALWARE-OTHER Backdoor.Shell.Sharpstats.A download attempt
* 1:301240 <-> MALWARE-OTHER Trojan-Downloader.JS.Ofauthin.A download attempt
* 1:301241 <-> MALWARE-OTHER Trojan.Shell.Rennosmud.A download attempt
* 1:301242 <-> MALWARE-OTHER Trojan.Shell.Powerstats.A download attempt
* 1:301243 <-> MALWARE-OTHER Trojan.Win32.LockScreen.apr download attempt
* 1:64965 <-> SERVER-MAIL Synacor Zimbra Collaboration Suite webmail classic stored cross-site scripting attempt
* 1:64982 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64983 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64984 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64985 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64986 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64987 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64988 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64991 <-> MALWARE-CNC Win.InfoStealer.Stealc variant outbound connection attempt
* 1:64994 <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt
* 1:64995 <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt
* 1:64996 <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt
* 3:65011 <-> FILE-PDF TRUFFLEHUNTER TALOS-2025-2202 attack attempt
* 3:65012 <-> FILE-PDF TRUFFLEHUNTER TALOS-2025-2202 attack attempt
* 3:65013 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2025-2193 attack attempt

Modified Rules:

* 1:50478 <-> MALWARE-TOOLS Win.Trojan.CoinMiner dropper transfer attempt
* 1:50479 <-> MALWARE-TOOLS Win.Trojan.CoinMiner dropper transfer attempt
* 1:64941 <-> SERVER-WEBAPP Yiiframework Yii 2 arbitrary PHP code injection attempt

3101

2025-06-03 13:18:56 UTC

Snort Subscriber Rules Update

Date: 2025-06-02-002

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.0.1.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:301225 <-> MALWARE-OTHER Backdoor.VBS.Janicab.A download attempt
* 1:301226 <-> MALWARE-OTHER Trojan.Java.Jussuc.A download attempt
* 1:301227 <-> MALWARE-OTHER Backdoor.Java.Adwind.A download attempt
* 1:301228 <-> MALWARE-OTHER Worm.JS.Proslikefan.K download attempt
* 1:301229 <-> MALWARE-OTHER Trojan.Win32.Bancyn.o download attempt
* 1:301230 <-> FILE-OFFICE Microsoft Office Excel ddeService command execution attempt
* 1:301231 <-> MALWARE-OTHER Trojan.MacOS.Kitmos.A download attempt
* 1:301232 <-> MALWARE-OTHER Backdoor.Java.Icefog.A download attempt
* 1:301233 <-> MALWARE-OTHER Backdoor.Java.Adwind.C download attempt
* 1:301234 <-> MALWARE-OTHER Trojan.MacOS.LaoShu.A download attempt
* 1:301235 <-> MALWARE-OTHER Win.Loader.Stealc variant download attempt
* 1:301236 <-> MALWARE-OTHER Backdoor.PHP.Pbot.A download attempt
* 1:301237 <-> MALWARE-OTHER Trojan.Shell.Popkiomth.A download attempt
* 1:301238 <-> MALWARE-OTHER Worm.VBS.Iniduoh.B download attempt
* 1:301239 <-> MALWARE-OTHER Backdoor.Shell.Sharpstats.A download attempt
* 1:301240 <-> MALWARE-OTHER Trojan-Downloader.JS.Ofauthin.A download attempt
* 1:301241 <-> MALWARE-OTHER Trojan.Shell.Rennosmud.A download attempt
* 1:301242 <-> MALWARE-OTHER Trojan.Shell.Powerstats.A download attempt
* 1:301243 <-> MALWARE-OTHER Trojan.Win32.LockScreen.apr download attempt
* 1:64965 <-> SERVER-MAIL Synacor Zimbra Collaboration Suite webmail classic stored cross-site scripting attempt
* 1:64982 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64983 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64984 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64985 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64986 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64987 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64988 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64991 <-> MALWARE-CNC Win.InfoStealer.Stealc variant outbound connection attempt
* 1:64994 <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt
* 1:64995 <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt
* 1:64996 <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt
* 3:65011 <-> FILE-PDF TRUFFLEHUNTER TALOS-2025-2202 attack attempt
* 3:65012 <-> FILE-PDF TRUFFLEHUNTER TALOS-2025-2202 attack attempt
* 3:65013 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2025-2193 attack attempt

Modified Rules:

* 1:50478 <-> MALWARE-TOOLS Win.Trojan.CoinMiner dropper transfer attempt
* 1:50479 <-> MALWARE-TOOLS Win.Trojan.CoinMiner dropper transfer attempt
* 1:64941 <-> SERVER-WEBAPP Yiiframework Yii 2 arbitrary PHP code injection attempt

3110

2025-06-03 13:18:56 UTC

Snort Subscriber Rules Update

Date: 2025-06-02-002

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.1.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:301225 <-> MALWARE-OTHER Backdoor.VBS.Janicab.A download attempt
* 1:301226 <-> MALWARE-OTHER Trojan.Java.Jussuc.A download attempt
* 1:301227 <-> MALWARE-OTHER Backdoor.Java.Adwind.A download attempt
* 1:301228 <-> MALWARE-OTHER Worm.JS.Proslikefan.K download attempt
* 1:301229 <-> MALWARE-OTHER Trojan.Win32.Bancyn.o download attempt
* 1:301230 <-> FILE-OFFICE Microsoft Office Excel ddeService command execution attempt
* 1:301231 <-> MALWARE-OTHER Trojan.MacOS.Kitmos.A download attempt
* 1:301232 <-> MALWARE-OTHER Backdoor.Java.Icefog.A download attempt
* 1:301233 <-> MALWARE-OTHER Backdoor.Java.Adwind.C download attempt
* 1:301234 <-> MALWARE-OTHER Trojan.MacOS.LaoShu.A download attempt
* 1:301235 <-> MALWARE-OTHER Win.Loader.Stealc variant download attempt
* 1:301236 <-> MALWARE-OTHER Backdoor.PHP.Pbot.A download attempt
* 1:301237 <-> MALWARE-OTHER Trojan.Shell.Popkiomth.A download attempt
* 1:301238 <-> MALWARE-OTHER Worm.VBS.Iniduoh.B download attempt
* 1:301239 <-> MALWARE-OTHER Backdoor.Shell.Sharpstats.A download attempt
* 1:301240 <-> MALWARE-OTHER Trojan-Downloader.JS.Ofauthin.A download attempt
* 1:301241 <-> MALWARE-OTHER Trojan.Shell.Rennosmud.A download attempt
* 1:301242 <-> MALWARE-OTHER Trojan.Shell.Powerstats.A download attempt
* 1:301243 <-> MALWARE-OTHER Trojan.Win32.LockScreen.apr download attempt
* 1:64965 <-> SERVER-MAIL Synacor Zimbra Collaboration Suite webmail classic stored cross-site scripting attempt
* 1:64982 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64983 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64984 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64985 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64986 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64987 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64988 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64991 <-> MALWARE-CNC Win.InfoStealer.Stealc variant outbound connection attempt
* 1:64994 <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt
* 1:64995 <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt
* 1:64996 <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt
* 3:65011 <-> FILE-PDF TRUFFLEHUNTER TALOS-2025-2202 attack attempt
* 3:65012 <-> FILE-PDF TRUFFLEHUNTER TALOS-2025-2202 attack attempt
* 3:65013 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2025-2193 attack attempt

Modified Rules:

* 1:50478 <-> MALWARE-TOOLS Win.Trojan.CoinMiner dropper transfer attempt
* 1:50479 <-> MALWARE-TOOLS Win.Trojan.CoinMiner dropper transfer attempt
* 1:64941 <-> SERVER-WEBAPP Yiiframework Yii 2 arbitrary PHP code injection attempt

3130

2025-06-03 13:18:56 UTC

Snort Subscriber Rules Update

Date: 2025-06-02-002

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.3.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:301225 <-> MALWARE-OTHER Backdoor.VBS.Janicab.A download attempt
* 1:301226 <-> MALWARE-OTHER Trojan.Java.Jussuc.A download attempt
* 1:301227 <-> MALWARE-OTHER Backdoor.Java.Adwind.A download attempt
* 1:301228 <-> MALWARE-OTHER Worm.JS.Proslikefan.K download attempt
* 1:301229 <-> MALWARE-OTHER Trojan.Win32.Bancyn.o download attempt
* 1:301230 <-> FILE-OFFICE Microsoft Office Excel ddeService command execution attempt
* 1:301231 <-> MALWARE-OTHER Trojan.MacOS.Kitmos.A download attempt
* 1:301232 <-> MALWARE-OTHER Backdoor.Java.Icefog.A download attempt
* 1:301233 <-> MALWARE-OTHER Backdoor.Java.Adwind.C download attempt
* 1:301234 <-> MALWARE-OTHER Trojan.MacOS.LaoShu.A download attempt
* 1:301235 <-> MALWARE-OTHER Win.Loader.Stealc variant download attempt
* 1:301236 <-> MALWARE-OTHER Backdoor.PHP.Pbot.A download attempt
* 1:301237 <-> MALWARE-OTHER Trojan.Shell.Popkiomth.A download attempt
* 1:301238 <-> MALWARE-OTHER Worm.VBS.Iniduoh.B download attempt
* 1:301239 <-> MALWARE-OTHER Backdoor.Shell.Sharpstats.A download attempt
* 1:301240 <-> MALWARE-OTHER Trojan-Downloader.JS.Ofauthin.A download attempt
* 1:301241 <-> MALWARE-OTHER Trojan.Shell.Rennosmud.A download attempt
* 1:301242 <-> MALWARE-OTHER Trojan.Shell.Powerstats.A download attempt
* 1:301243 <-> MALWARE-OTHER Trojan.Win32.LockScreen.apr download attempt
* 1:64965 <-> SERVER-MAIL Synacor Zimbra Collaboration Suite webmail classic stored cross-site scripting attempt
* 1:64982 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64983 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64984 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64985 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64986 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64987 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64988 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64991 <-> MALWARE-CNC Win.InfoStealer.Stealc variant outbound connection attempt
* 1:64994 <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt
* 1:64995 <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt
* 1:64996 <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt
* 3:65011 <-> FILE-PDF TRUFFLEHUNTER TALOS-2025-2202 attack attempt
* 3:65012 <-> FILE-PDF TRUFFLEHUNTER TALOS-2025-2202 attack attempt
* 3:65013 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2025-2193 attack attempt

Modified Rules:

* 1:50478 <-> MALWARE-TOOLS Win.Trojan.CoinMiner dropper transfer attempt
* 1:50479 <-> MALWARE-TOOLS Win.Trojan.CoinMiner dropper transfer attempt
* 1:64941 <-> SERVER-WEBAPP Yiiframework Yii 2 arbitrary PHP code injection attempt

3140

2025-06-03 13:18:56 UTC

Snort Subscriber Rules Update

Date: 2025-06-02-002

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.4.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:301225 <-> MALWARE-OTHER Backdoor.VBS.Janicab.A download attempt
* 1:301226 <-> MALWARE-OTHER Trojan.Java.Jussuc.A download attempt
* 1:301227 <-> MALWARE-OTHER Backdoor.Java.Adwind.A download attempt
* 1:301228 <-> MALWARE-OTHER Worm.JS.Proslikefan.K download attempt
* 1:301229 <-> MALWARE-OTHER Trojan.Win32.Bancyn.o download attempt
* 1:301230 <-> FILE-OFFICE Microsoft Office Excel ddeService command execution attempt
* 1:301231 <-> MALWARE-OTHER Trojan.MacOS.Kitmos.A download attempt
* 1:301232 <-> MALWARE-OTHER Backdoor.Java.Icefog.A download attempt
* 1:301233 <-> MALWARE-OTHER Backdoor.Java.Adwind.C download attempt
* 1:301234 <-> MALWARE-OTHER Trojan.MacOS.LaoShu.A download attempt
* 1:301235 <-> MALWARE-OTHER Win.Loader.Stealc variant download attempt
* 1:301236 <-> MALWARE-OTHER Backdoor.PHP.Pbot.A download attempt
* 1:301237 <-> MALWARE-OTHER Trojan.Shell.Popkiomth.A download attempt
* 1:301238 <-> MALWARE-OTHER Worm.VBS.Iniduoh.B download attempt
* 1:301239 <-> MALWARE-OTHER Backdoor.Shell.Sharpstats.A download attempt
* 1:301240 <-> MALWARE-OTHER Trojan-Downloader.JS.Ofauthin.A download attempt
* 1:301241 <-> MALWARE-OTHER Trojan.Shell.Rennosmud.A download attempt
* 1:301242 <-> MALWARE-OTHER Trojan.Shell.Powerstats.A download attempt
* 1:301243 <-> MALWARE-OTHER Trojan.Win32.LockScreen.apr download attempt
* 1:64965 <-> SERVER-MAIL Synacor Zimbra Collaboration Suite webmail classic stored cross-site scripting attempt
* 1:64982 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64983 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64984 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64985 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64986 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64987 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64988 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64991 <-> MALWARE-CNC Win.InfoStealer.Stealc variant outbound connection attempt
* 1:64994 <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt
* 1:64995 <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt
* 1:64996 <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt
* 3:65011 <-> FILE-PDF TRUFFLEHUNTER TALOS-2025-2202 attack attempt
* 3:65012 <-> FILE-PDF TRUFFLEHUNTER TALOS-2025-2202 attack attempt
* 3:65013 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2025-2193 attack attempt

Modified Rules:

* 1:50478 <-> MALWARE-TOOLS Win.Trojan.CoinMiner dropper transfer attempt
* 1:50479 <-> MALWARE-TOOLS Win.Trojan.CoinMiner dropper transfer attempt
* 1:64941 <-> SERVER-WEBAPP Yiiframework Yii 2 arbitrary PHP code injection attempt

3150

2025-06-03 13:18:57 UTC

Snort Subscriber Rules Update

Date: 2025-06-02-002

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.5.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:301225 <-> MALWARE-OTHER Backdoor.VBS.Janicab.A download attempt
* 1:301226 <-> MALWARE-OTHER Trojan.Java.Jussuc.A download attempt
* 1:301227 <-> MALWARE-OTHER Backdoor.Java.Adwind.A download attempt
* 1:301228 <-> MALWARE-OTHER Worm.JS.Proslikefan.K download attempt
* 1:301229 <-> MALWARE-OTHER Trojan.Win32.Bancyn.o download attempt
* 1:301230 <-> FILE-OFFICE Microsoft Office Excel ddeService command execution attempt
* 1:301231 <-> MALWARE-OTHER Trojan.MacOS.Kitmos.A download attempt
* 1:301232 <-> MALWARE-OTHER Backdoor.Java.Icefog.A download attempt
* 1:301233 <-> MALWARE-OTHER Backdoor.Java.Adwind.C download attempt
* 1:301234 <-> MALWARE-OTHER Trojan.MacOS.LaoShu.A download attempt
* 1:301235 <-> MALWARE-OTHER Win.Loader.Stealc variant download attempt
* 1:301236 <-> MALWARE-OTHER Backdoor.PHP.Pbot.A download attempt
* 1:301237 <-> MALWARE-OTHER Trojan.Shell.Popkiomth.A download attempt
* 1:301238 <-> MALWARE-OTHER Worm.VBS.Iniduoh.B download attempt
* 1:301239 <-> MALWARE-OTHER Backdoor.Shell.Sharpstats.A download attempt
* 1:301240 <-> MALWARE-OTHER Trojan-Downloader.JS.Ofauthin.A download attempt
* 1:301241 <-> MALWARE-OTHER Trojan.Shell.Rennosmud.A download attempt
* 1:301242 <-> MALWARE-OTHER Trojan.Shell.Powerstats.A download attempt
* 1:301243 <-> MALWARE-OTHER Trojan.Win32.LockScreen.apr download attempt
* 1:64965 <-> SERVER-MAIL Synacor Zimbra Collaboration Suite webmail classic stored cross-site scripting attempt
* 1:64982 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64983 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64984 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64985 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64986 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64987 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64988 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64991 <-> MALWARE-CNC Win.InfoStealer.Stealc variant outbound connection attempt
* 1:64994 <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt
* 1:64995 <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt
* 1:64996 <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt
* 3:65011 <-> FILE-PDF TRUFFLEHUNTER TALOS-2025-2202 attack attempt
* 3:65012 <-> FILE-PDF TRUFFLEHUNTER TALOS-2025-2202 attack attempt
* 3:65013 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2025-2193 attack attempt

Modified Rules:

* 1:50478 <-> MALWARE-TOOLS Win.Trojan.CoinMiner dropper transfer attempt
* 1:50479 <-> MALWARE-TOOLS Win.Trojan.CoinMiner dropper transfer attempt
* 1:64941 <-> SERVER-WEBAPP Yiiframework Yii 2 arbitrary PHP code injection attempt

3170

2025-06-03 13:18:57 UTC

Snort Subscriber Rules Update

Date: 2025-06-02-002

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.7.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:301225 <-> MALWARE-OTHER Backdoor.VBS.Janicab.A download attempt
* 1:301226 <-> MALWARE-OTHER Trojan.Java.Jussuc.A download attempt
* 1:301227 <-> MALWARE-OTHER Backdoor.Java.Adwind.A download attempt
* 1:301228 <-> MALWARE-OTHER Worm.JS.Proslikefan.K download attempt
* 1:301229 <-> MALWARE-OTHER Trojan.Win32.Bancyn.o download attempt
* 1:301230 <-> FILE-OFFICE Microsoft Office Excel ddeService command execution attempt
* 1:301231 <-> MALWARE-OTHER Trojan.MacOS.Kitmos.A download attempt
* 1:301232 <-> MALWARE-OTHER Backdoor.Java.Icefog.A download attempt
* 1:301233 <-> MALWARE-OTHER Backdoor.Java.Adwind.C download attempt
* 1:301234 <-> MALWARE-OTHER Trojan.MacOS.LaoShu.A download attempt
* 1:301235 <-> MALWARE-OTHER Win.Loader.Stealc variant download attempt
* 1:301236 <-> MALWARE-OTHER Backdoor.PHP.Pbot.A download attempt
* 1:301237 <-> MALWARE-OTHER Trojan.Shell.Popkiomth.A download attempt
* 1:301238 <-> MALWARE-OTHER Worm.VBS.Iniduoh.B download attempt
* 1:301239 <-> MALWARE-OTHER Backdoor.Shell.Sharpstats.A download attempt
* 1:301240 <-> MALWARE-OTHER Trojan-Downloader.JS.Ofauthin.A download attempt
* 1:301241 <-> MALWARE-OTHER Trojan.Shell.Rennosmud.A download attempt
* 1:301242 <-> MALWARE-OTHER Trojan.Shell.Powerstats.A download attempt
* 1:301243 <-> MALWARE-OTHER Trojan.Win32.LockScreen.apr download attempt
* 1:64965 <-> SERVER-MAIL Synacor Zimbra Collaboration Suite webmail classic stored cross-site scripting attempt
* 1:64982 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64983 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64984 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64985 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64986 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64987 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64988 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64991 <-> MALWARE-CNC Win.InfoStealer.Stealc variant outbound connection attempt
* 1:64994 <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt
* 1:64995 <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt
* 1:64996 <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt
* 3:65011 <-> FILE-PDF TRUFFLEHUNTER TALOS-2025-2202 attack attempt
* 3:65012 <-> FILE-PDF TRUFFLEHUNTER TALOS-2025-2202 attack attempt
* 3:65013 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2025-2193 attack attempt

Modified Rules:

* 1:50478 <-> MALWARE-TOOLS Win.Trojan.CoinMiner dropper transfer attempt
* 1:50479 <-> MALWARE-TOOLS Win.Trojan.CoinMiner dropper transfer attempt
* 1:64941 <-> SERVER-WEBAPP Yiiframework Yii 2 arbitrary PHP code injection attempt

3190

2025-06-03 13:18:57 UTC

Snort Subscriber Rules Update

Date: 2025-06-02-002

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.9.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:301225 <-> MALWARE-OTHER Backdoor.VBS.Janicab.A download attempt
* 1:301226 <-> MALWARE-OTHER Trojan.Java.Jussuc.A download attempt
* 1:301227 <-> MALWARE-OTHER Backdoor.Java.Adwind.A download attempt
* 1:301228 <-> MALWARE-OTHER Worm.JS.Proslikefan.K download attempt
* 1:301229 <-> MALWARE-OTHER Trojan.Win32.Bancyn.o download attempt
* 1:301230 <-> FILE-OFFICE Microsoft Office Excel ddeService command execution attempt
* 1:301231 <-> MALWARE-OTHER Trojan.MacOS.Kitmos.A download attempt
* 1:301232 <-> MALWARE-OTHER Backdoor.Java.Icefog.A download attempt
* 1:301233 <-> MALWARE-OTHER Backdoor.Java.Adwind.C download attempt
* 1:301234 <-> MALWARE-OTHER Trojan.MacOS.LaoShu.A download attempt
* 1:301235 <-> MALWARE-OTHER Win.Loader.Stealc variant download attempt
* 1:301236 <-> MALWARE-OTHER Backdoor.PHP.Pbot.A download attempt
* 1:301237 <-> MALWARE-OTHER Trojan.Shell.Popkiomth.A download attempt
* 1:301238 <-> MALWARE-OTHER Worm.VBS.Iniduoh.B download attempt
* 1:301239 <-> MALWARE-OTHER Backdoor.Shell.Sharpstats.A download attempt
* 1:301240 <-> MALWARE-OTHER Trojan-Downloader.JS.Ofauthin.A download attempt
* 1:301241 <-> MALWARE-OTHER Trojan.Shell.Rennosmud.A download attempt
* 1:301242 <-> MALWARE-OTHER Trojan.Shell.Powerstats.A download attempt
* 1:301243 <-> MALWARE-OTHER Trojan.Win32.LockScreen.apr download attempt
* 1:64965 <-> SERVER-MAIL Synacor Zimbra Collaboration Suite webmail classic stored cross-site scripting attempt
* 1:64982 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64983 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64984 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64985 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64986 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64987 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64988 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64991 <-> MALWARE-CNC Win.InfoStealer.Stealc variant outbound connection attempt
* 1:64994 <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt
* 1:64995 <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt
* 1:64996 <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt
* 3:65011 <-> FILE-PDF TRUFFLEHUNTER TALOS-2025-2202 attack attempt
* 3:65012 <-> FILE-PDF TRUFFLEHUNTER TALOS-2025-2202 attack attempt
* 3:65013 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2025-2193 attack attempt

Modified Rules:

* 1:50478 <-> MALWARE-TOOLS Win.Trojan.CoinMiner dropper transfer attempt
* 1:50479 <-> MALWARE-TOOLS Win.Trojan.CoinMiner dropper transfer attempt
* 1:64941 <-> SERVER-WEBAPP Yiiframework Yii 2 arbitrary PHP code injection attempt

3200

2025-06-03 13:18:57 UTC

Snort Subscriber Rules Update

Date: 2025-06-02-002

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.2.0.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:301225 <-> MALWARE-OTHER Backdoor.VBS.Janicab.A download attempt
* 1:301226 <-> MALWARE-OTHER Trojan.Java.Jussuc.A download attempt
* 1:301227 <-> MALWARE-OTHER Backdoor.Java.Adwind.A download attempt
* 1:301228 <-> MALWARE-OTHER Worm.JS.Proslikefan.K download attempt
* 1:301229 <-> MALWARE-OTHER Trojan.Win32.Bancyn.o download attempt
* 1:301230 <-> FILE-OFFICE Microsoft Office Excel ddeService command execution attempt
* 1:301231 <-> MALWARE-OTHER Trojan.MacOS.Kitmos.A download attempt
* 1:301232 <-> MALWARE-OTHER Backdoor.Java.Icefog.A download attempt
* 1:301233 <-> MALWARE-OTHER Backdoor.Java.Adwind.C download attempt
* 1:301234 <-> MALWARE-OTHER Trojan.MacOS.LaoShu.A download attempt
* 1:301235 <-> MALWARE-OTHER Win.Loader.Stealc variant download attempt
* 1:301236 <-> MALWARE-OTHER Backdoor.PHP.Pbot.A download attempt
* 1:301237 <-> MALWARE-OTHER Trojan.Shell.Popkiomth.A download attempt
* 1:301238 <-> MALWARE-OTHER Worm.VBS.Iniduoh.B download attempt
* 1:301239 <-> MALWARE-OTHER Backdoor.Shell.Sharpstats.A download attempt
* 1:301240 <-> MALWARE-OTHER Trojan-Downloader.JS.Ofauthin.A download attempt
* 1:301241 <-> MALWARE-OTHER Trojan.Shell.Rennosmud.A download attempt
* 1:301242 <-> MALWARE-OTHER Trojan.Shell.Powerstats.A download attempt
* 1:301243 <-> MALWARE-OTHER Trojan.Win32.LockScreen.apr download attempt
* 1:64965 <-> SERVER-MAIL Synacor Zimbra Collaboration Suite webmail classic stored cross-site scripting attempt
* 1:64982 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64983 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64984 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64985 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64986 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64987 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64988 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64991 <-> MALWARE-CNC Win.InfoStealer.Stealc variant outbound connection attempt
* 1:64994 <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt
* 1:64995 <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt
* 1:64996 <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt
* 3:65011 <-> FILE-PDF TRUFFLEHUNTER TALOS-2025-2202 attack attempt
* 3:65012 <-> FILE-PDF TRUFFLEHUNTER TALOS-2025-2202 attack attempt
* 3:65013 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2025-2193 attack attempt

Modified Rules:

* 1:50478 <-> MALWARE-TOOLS Win.Trojan.CoinMiner dropper transfer attempt
* 1:50479 <-> MALWARE-TOOLS Win.Trojan.CoinMiner dropper transfer attempt
* 1:64941 <-> SERVER-WEBAPP Yiiframework Yii 2 arbitrary PHP code injection attempt

3700

2025-06-03 13:18:57 UTC

Snort Subscriber Rules Update

Date: 2025-06-02-002

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.7.0.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:301225 <-> MALWARE-OTHER Backdoor.VBS.Janicab.A download attempt
* 1:301226 <-> MALWARE-OTHER Trojan.Java.Jussuc.A download attempt
* 1:301227 <-> MALWARE-OTHER Backdoor.Java.Adwind.A download attempt
* 1:301228 <-> MALWARE-OTHER Worm.JS.Proslikefan.K download attempt
* 1:301229 <-> MALWARE-OTHER Trojan.Win32.Bancyn.o download attempt
* 1:301230 <-> FILE-OFFICE Microsoft Office Excel ddeService command execution attempt
* 1:301231 <-> MALWARE-OTHER Trojan.MacOS.Kitmos.A download attempt
* 1:301232 <-> MALWARE-OTHER Backdoor.Java.Icefog.A download attempt
* 1:301233 <-> MALWARE-OTHER Backdoor.Java.Adwind.C download attempt
* 1:301234 <-> MALWARE-OTHER Trojan.MacOS.LaoShu.A download attempt
* 1:301235 <-> MALWARE-OTHER Win.Loader.Stealc variant download attempt
* 1:301236 <-> MALWARE-OTHER Backdoor.PHP.Pbot.A download attempt
* 1:301237 <-> MALWARE-OTHER Trojan.Shell.Popkiomth.A download attempt
* 1:301238 <-> MALWARE-OTHER Worm.VBS.Iniduoh.B download attempt
* 1:301239 <-> MALWARE-OTHER Backdoor.Shell.Sharpstats.A download attempt
* 1:301240 <-> MALWARE-OTHER Trojan-Downloader.JS.Ofauthin.A download attempt
* 1:301241 <-> MALWARE-OTHER Trojan.Shell.Rennosmud.A download attempt
* 1:301242 <-> MALWARE-OTHER Trojan.Shell.Powerstats.A download attempt
* 1:301243 <-> MALWARE-OTHER Trojan.Win32.LockScreen.apr download attempt
* 1:64965 <-> SERVER-MAIL Synacor Zimbra Collaboration Suite webmail classic stored cross-site scripting attempt
* 1:64982 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64983 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64984 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64985 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64986 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64987 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64988 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64991 <-> MALWARE-CNC Win.InfoStealer.Stealc variant outbound connection attempt
* 1:64994 <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt
* 1:64995 <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt
* 1:64996 <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt
* 3:65011 <-> FILE-PDF TRUFFLEHUNTER TALOS-2025-2202 attack attempt
* 3:65012 <-> FILE-PDF TRUFFLEHUNTER TALOS-2025-2202 attack attempt
* 3:65013 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2025-2193 attack attempt

Modified Rules:

* 1:50478 <-> MALWARE-TOOLS Win.Trojan.CoinMiner dropper transfer attempt
* 1:50479 <-> MALWARE-TOOLS Win.Trojan.CoinMiner dropper transfer attempt
* 1:64941 <-> SERVER-WEBAPP Yiiframework Yii 2 arbitrary PHP code injection attempt

31110

2025-06-03 13:18:57 UTC

Snort Subscriber Rules Update

Date: 2025-06-02-002

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.11.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:301225 <-> MALWARE-OTHER Backdoor.VBS.Janicab.A download attempt
* 1:301226 <-> MALWARE-OTHER Trojan.Java.Jussuc.A download attempt
* 1:301227 <-> MALWARE-OTHER Backdoor.Java.Adwind.A download attempt
* 1:301228 <-> MALWARE-OTHER Worm.JS.Proslikefan.K download attempt
* 1:301229 <-> MALWARE-OTHER Trojan.Win32.Bancyn.o download attempt
* 1:301230 <-> FILE-OFFICE Microsoft Office Excel ddeService command execution attempt
* 1:301231 <-> MALWARE-OTHER Trojan.MacOS.Kitmos.A download attempt
* 1:301232 <-> MALWARE-OTHER Backdoor.Java.Icefog.A download attempt
* 1:301233 <-> MALWARE-OTHER Backdoor.Java.Adwind.C download attempt
* 1:301234 <-> MALWARE-OTHER Trojan.MacOS.LaoShu.A download attempt
* 1:301235 <-> MALWARE-OTHER Win.Loader.Stealc variant download attempt
* 1:301236 <-> MALWARE-OTHER Backdoor.PHP.Pbot.A download attempt
* 1:301237 <-> MALWARE-OTHER Trojan.Shell.Popkiomth.A download attempt
* 1:301238 <-> MALWARE-OTHER Worm.VBS.Iniduoh.B download attempt
* 1:301239 <-> MALWARE-OTHER Backdoor.Shell.Sharpstats.A download attempt
* 1:301240 <-> MALWARE-OTHER Trojan-Downloader.JS.Ofauthin.A download attempt
* 1:301241 <-> MALWARE-OTHER Trojan.Shell.Rennosmud.A download attempt
* 1:301242 <-> MALWARE-OTHER Trojan.Shell.Powerstats.A download attempt
* 1:301243 <-> MALWARE-OTHER Trojan.Win32.LockScreen.apr download attempt
* 1:64965 <-> SERVER-MAIL Synacor Zimbra Collaboration Suite webmail classic stored cross-site scripting attempt
* 1:64982 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64983 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64984 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64985 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64986 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64987 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64988 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64991 <-> MALWARE-CNC Win.InfoStealer.Stealc variant outbound connection attempt
* 1:64994 <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt
* 1:64995 <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt
* 1:64996 <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt
* 3:65011 <-> FILE-PDF TRUFFLEHUNTER TALOS-2025-2202 attack attempt
* 3:65012 <-> FILE-PDF TRUFFLEHUNTER TALOS-2025-2202 attack attempt
* 3:65013 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2025-2193 attack attempt

Modified Rules:

* 1:50478 <-> MALWARE-TOOLS Win.Trojan.CoinMiner dropper transfer attempt
* 1:50479 <-> MALWARE-TOOLS Win.Trojan.CoinMiner dropper transfer attempt
* 1:64941 <-> SERVER-WEBAPP Yiiframework Yii 2 arbitrary PHP code injection attempt

31150

2025-06-03 13:18:57 UTC

Snort Subscriber Rules Update

Date: 2025-06-02-002

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.15.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:301225 <-> MALWARE-OTHER Backdoor.VBS.Janicab.A download attempt
* 1:301226 <-> MALWARE-OTHER Trojan.Java.Jussuc.A download attempt
* 1:301227 <-> MALWARE-OTHER Backdoor.Java.Adwind.A download attempt
* 1:301228 <-> MALWARE-OTHER Worm.JS.Proslikefan.K download attempt
* 1:301229 <-> MALWARE-OTHER Trojan.Win32.Bancyn.o download attempt
* 1:301230 <-> FILE-OFFICE Microsoft Office Excel ddeService command execution attempt
* 1:301231 <-> MALWARE-OTHER Trojan.MacOS.Kitmos.A download attempt
* 1:301232 <-> MALWARE-OTHER Backdoor.Java.Icefog.A download attempt
* 1:301233 <-> MALWARE-OTHER Backdoor.Java.Adwind.C download attempt
* 1:301234 <-> MALWARE-OTHER Trojan.MacOS.LaoShu.A download attempt
* 1:301235 <-> MALWARE-OTHER Win.Loader.Stealc variant download attempt
* 1:301236 <-> MALWARE-OTHER Backdoor.PHP.Pbot.A download attempt
* 1:301237 <-> MALWARE-OTHER Trojan.Shell.Popkiomth.A download attempt
* 1:301238 <-> MALWARE-OTHER Worm.VBS.Iniduoh.B download attempt
* 1:301239 <-> MALWARE-OTHER Backdoor.Shell.Sharpstats.A download attempt
* 1:301240 <-> MALWARE-OTHER Trojan-Downloader.JS.Ofauthin.A download attempt
* 1:301241 <-> MALWARE-OTHER Trojan.Shell.Rennosmud.A download attempt
* 1:301242 <-> MALWARE-OTHER Trojan.Shell.Powerstats.A download attempt
* 1:301243 <-> MALWARE-OTHER Trojan.Win32.LockScreen.apr download attempt
* 1:64965 <-> SERVER-MAIL Synacor Zimbra Collaboration Suite webmail classic stored cross-site scripting attempt
* 1:64982 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64983 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64984 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64985 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64986 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64987 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64988 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64991 <-> MALWARE-CNC Win.InfoStealer.Stealc variant outbound connection attempt
* 1:64994 <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt
* 1:64995 <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt
* 1:64996 <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt
* 3:65011 <-> FILE-PDF TRUFFLEHUNTER TALOS-2025-2202 attack attempt
* 3:65012 <-> FILE-PDF TRUFFLEHUNTER TALOS-2025-2202 attack attempt
* 3:65013 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2025-2193 attack attempt

Modified Rules:

* 1:50478 <-> MALWARE-TOOLS Win.Trojan.CoinMiner dropper transfer attempt
* 1:50479 <-> MALWARE-TOOLS Win.Trojan.CoinMiner dropper transfer attempt
* 1:64941 <-> SERVER-WEBAPP Yiiframework Yii 2 arbitrary PHP code injection attempt

31180

2025-06-03 13:18:57 UTC

Snort Subscriber Rules Update

Date: 2025-06-02-002

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.18.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:301225 <-> MALWARE-OTHER Backdoor.VBS.Janicab.A download attempt
* 1:301226 <-> MALWARE-OTHER Trojan.Java.Jussuc.A download attempt
* 1:301227 <-> MALWARE-OTHER Backdoor.Java.Adwind.A download attempt
* 1:301228 <-> MALWARE-OTHER Worm.JS.Proslikefan.K download attempt
* 1:301229 <-> MALWARE-OTHER Trojan.Win32.Bancyn.o download attempt
* 1:301230 <-> FILE-OFFICE Microsoft Office Excel ddeService command execution attempt
* 1:301231 <-> MALWARE-OTHER Trojan.MacOS.Kitmos.A download attempt
* 1:301232 <-> MALWARE-OTHER Backdoor.Java.Icefog.A download attempt
* 1:301233 <-> MALWARE-OTHER Backdoor.Java.Adwind.C download attempt
* 1:301234 <-> MALWARE-OTHER Trojan.MacOS.LaoShu.A download attempt
* 1:301235 <-> MALWARE-OTHER Win.Loader.Stealc variant download attempt
* 1:301236 <-> MALWARE-OTHER Backdoor.PHP.Pbot.A download attempt
* 1:301237 <-> MALWARE-OTHER Trojan.Shell.Popkiomth.A download attempt
* 1:301238 <-> MALWARE-OTHER Worm.VBS.Iniduoh.B download attempt
* 1:301239 <-> MALWARE-OTHER Backdoor.Shell.Sharpstats.A download attempt
* 1:301240 <-> MALWARE-OTHER Trojan-Downloader.JS.Ofauthin.A download attempt
* 1:301241 <-> MALWARE-OTHER Trojan.Shell.Rennosmud.A download attempt
* 1:301242 <-> MALWARE-OTHER Trojan.Shell.Powerstats.A download attempt
* 1:301243 <-> MALWARE-OTHER Trojan.Win32.LockScreen.apr download attempt
* 1:64965 <-> SERVER-MAIL Synacor Zimbra Collaboration Suite webmail classic stored cross-site scripting attempt
* 1:64982 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64983 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64984 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64985 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64986 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64987 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64988 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64991 <-> MALWARE-CNC Win.InfoStealer.Stealc variant outbound connection attempt
* 1:64994 <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt
* 1:64995 <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt
* 1:64996 <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt
* 3:65011 <-> FILE-PDF TRUFFLEHUNTER TALOS-2025-2202 attack attempt
* 3:65012 <-> FILE-PDF TRUFFLEHUNTER TALOS-2025-2202 attack attempt
* 3:65013 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2025-2193 attack attempt

Modified Rules:

* 1:50478 <-> MALWARE-TOOLS Win.Trojan.CoinMiner dropper transfer attempt
* 1:50479 <-> MALWARE-TOOLS Win.Trojan.CoinMiner dropper transfer attempt
* 1:64941 <-> SERVER-WEBAPP Yiiframework Yii 2 arbitrary PHP code injection attempt

31200

2025-06-03 13:18:57 UTC

Snort Subscriber Rules Update

Date: 2025-06-02-002

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.20.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:301225 <-> MALWARE-OTHER Backdoor.VBS.Janicab.A download attempt
* 1:301226 <-> MALWARE-OTHER Trojan.Java.Jussuc.A download attempt
* 1:301227 <-> MALWARE-OTHER Backdoor.Java.Adwind.A download attempt
* 1:301228 <-> MALWARE-OTHER Worm.JS.Proslikefan.K download attempt
* 1:301229 <-> MALWARE-OTHER Trojan.Win32.Bancyn.o download attempt
* 1:301230 <-> FILE-OFFICE Microsoft Office Excel ddeService command execution attempt
* 1:301231 <-> MALWARE-OTHER Trojan.MacOS.Kitmos.A download attempt
* 1:301232 <-> MALWARE-OTHER Backdoor.Java.Icefog.A download attempt
* 1:301233 <-> MALWARE-OTHER Backdoor.Java.Adwind.C download attempt
* 1:301234 <-> MALWARE-OTHER Trojan.MacOS.LaoShu.A download attempt
* 1:301235 <-> MALWARE-OTHER Win.Loader.Stealc variant download attempt
* 1:301236 <-> MALWARE-OTHER Backdoor.PHP.Pbot.A download attempt
* 1:301237 <-> MALWARE-OTHER Trojan.Shell.Popkiomth.A download attempt
* 1:301238 <-> MALWARE-OTHER Worm.VBS.Iniduoh.B download attempt
* 1:301239 <-> MALWARE-OTHER Backdoor.Shell.Sharpstats.A download attempt
* 1:301240 <-> MALWARE-OTHER Trojan-Downloader.JS.Ofauthin.A download attempt
* 1:301241 <-> MALWARE-OTHER Trojan.Shell.Rennosmud.A download attempt
* 1:301242 <-> MALWARE-OTHER Trojan.Shell.Powerstats.A download attempt
* 1:301243 <-> MALWARE-OTHER Trojan.Win32.LockScreen.apr download attempt
* 1:64965 <-> SERVER-MAIL Synacor Zimbra Collaboration Suite webmail classic stored cross-site scripting attempt
* 1:64982 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64983 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64984 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64985 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64986 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64987 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64988 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64991 <-> MALWARE-CNC Win.InfoStealer.Stealc variant outbound connection attempt
* 1:64994 <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt
* 1:64995 <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt
* 1:64996 <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt
* 3:65011 <-> FILE-PDF TRUFFLEHUNTER TALOS-2025-2202 attack attempt
* 3:65012 <-> FILE-PDF TRUFFLEHUNTER TALOS-2025-2202 attack attempt
* 3:65013 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2025-2193 attack attempt

Modified Rules:

* 1:50478 <-> MALWARE-TOOLS Win.Trojan.CoinMiner dropper transfer attempt
* 1:50479 <-> MALWARE-TOOLS Win.Trojan.CoinMiner dropper transfer attempt
* 1:64941 <-> SERVER-WEBAPP Yiiframework Yii 2 arbitrary PHP code injection attempt

31210

2025-06-03 13:18:57 UTC

Snort Subscriber Rules Update

Date: 2025-06-02-002

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.21.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:301225 <-> MALWARE-OTHER Backdoor.VBS.Janicab.A download attempt
* 1:301226 <-> MALWARE-OTHER Trojan.Java.Jussuc.A download attempt
* 1:301227 <-> MALWARE-OTHER Backdoor.Java.Adwind.A download attempt
* 1:301228 <-> MALWARE-OTHER Worm.JS.Proslikefan.K download attempt
* 1:301229 <-> MALWARE-OTHER Trojan.Win32.Bancyn.o download attempt
* 1:301230 <-> FILE-OFFICE Microsoft Office Excel ddeService command execution attempt
* 1:301231 <-> MALWARE-OTHER Trojan.MacOS.Kitmos.A download attempt
* 1:301232 <-> MALWARE-OTHER Backdoor.Java.Icefog.A download attempt
* 1:301233 <-> MALWARE-OTHER Backdoor.Java.Adwind.C download attempt
* 1:301234 <-> MALWARE-OTHER Trojan.MacOS.LaoShu.A download attempt
* 1:301235 <-> MALWARE-OTHER Win.Loader.Stealc variant download attempt
* 1:301236 <-> MALWARE-OTHER Backdoor.PHP.Pbot.A download attempt
* 1:301237 <-> MALWARE-OTHER Trojan.Shell.Popkiomth.A download attempt
* 1:301238 <-> MALWARE-OTHER Worm.VBS.Iniduoh.B download attempt
* 1:301239 <-> MALWARE-OTHER Backdoor.Shell.Sharpstats.A download attempt
* 1:301240 <-> MALWARE-OTHER Trojan-Downloader.JS.Ofauthin.A download attempt
* 1:301241 <-> MALWARE-OTHER Trojan.Shell.Rennosmud.A download attempt
* 1:301242 <-> MALWARE-OTHER Trojan.Shell.Powerstats.A download attempt
* 1:301243 <-> MALWARE-OTHER Trojan.Win32.LockScreen.apr download attempt
* 1:64965 <-> SERVER-MAIL Synacor Zimbra Collaboration Suite webmail classic stored cross-site scripting attempt
* 1:64982 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64983 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64984 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64985 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64986 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64987 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64988 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64991 <-> MALWARE-CNC Win.InfoStealer.Stealc variant outbound connection attempt
* 1:64994 <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt
* 1:64995 <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt
* 1:64996 <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt
* 3:65011 <-> FILE-PDF TRUFFLEHUNTER TALOS-2025-2202 attack attempt
* 3:65012 <-> FILE-PDF TRUFFLEHUNTER TALOS-2025-2202 attack attempt
* 3:65013 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2025-2193 attack attempt

Modified Rules:

* 1:50478 <-> MALWARE-TOOLS Win.Trojan.CoinMiner dropper transfer attempt
* 1:50479 <-> MALWARE-TOOLS Win.Trojan.CoinMiner dropper transfer attempt
* 1:64941 <-> SERVER-WEBAPP Yiiframework Yii 2 arbitrary PHP code injection attempt

31350

2025-06-03 13:18:57 UTC

Snort Subscriber Rules Update

Date: 2025-06-02-002

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.35.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:301225 <-> MALWARE-OTHER Backdoor.VBS.Janicab.A download attempt
* 1:301226 <-> MALWARE-OTHER Trojan.Java.Jussuc.A download attempt
* 1:301227 <-> MALWARE-OTHER Backdoor.Java.Adwind.A download attempt
* 1:301228 <-> MALWARE-OTHER Worm.JS.Proslikefan.K download attempt
* 1:301229 <-> MALWARE-OTHER Trojan.Win32.Bancyn.o download attempt
* 1:301230 <-> FILE-OFFICE Microsoft Office Excel ddeService command execution attempt
* 1:301231 <-> MALWARE-OTHER Trojan.MacOS.Kitmos.A download attempt
* 1:301232 <-> MALWARE-OTHER Backdoor.Java.Icefog.A download attempt
* 1:301233 <-> MALWARE-OTHER Backdoor.Java.Adwind.C download attempt
* 1:301234 <-> MALWARE-OTHER Trojan.MacOS.LaoShu.A download attempt
* 1:301235 <-> MALWARE-OTHER Win.Loader.Stealc variant download attempt
* 1:301236 <-> MALWARE-OTHER Backdoor.PHP.Pbot.A download attempt
* 1:301237 <-> MALWARE-OTHER Trojan.Shell.Popkiomth.A download attempt
* 1:301238 <-> MALWARE-OTHER Worm.VBS.Iniduoh.B download attempt
* 1:301239 <-> MALWARE-OTHER Backdoor.Shell.Sharpstats.A download attempt
* 1:301240 <-> MALWARE-OTHER Trojan-Downloader.JS.Ofauthin.A download attempt
* 1:301241 <-> MALWARE-OTHER Trojan.Shell.Rennosmud.A download attempt
* 1:301242 <-> MALWARE-OTHER Trojan.Shell.Powerstats.A download attempt
* 1:301243 <-> MALWARE-OTHER Trojan.Win32.LockScreen.apr download attempt
* 1:64965 <-> SERVER-MAIL Synacor Zimbra Collaboration Suite webmail classic stored cross-site scripting attempt
* 1:64982 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64983 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64984 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64985 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64986 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64987 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64988 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64991 <-> MALWARE-CNC Win.InfoStealer.Stealc variant outbound connection attempt
* 1:64994 <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt
* 1:64995 <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt
* 1:64996 <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt
* 3:65011 <-> FILE-PDF TRUFFLEHUNTER TALOS-2025-2202 attack attempt
* 3:65012 <-> FILE-PDF TRUFFLEHUNTER TALOS-2025-2202 attack attempt
* 3:65013 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2025-2193 attack attempt

Modified Rules:

* 1:50478 <-> MALWARE-TOOLS Win.Trojan.CoinMiner dropper transfer attempt
* 1:50479 <-> MALWARE-TOOLS Win.Trojan.CoinMiner dropper transfer attempt
* 1:64941 <-> SERVER-WEBAPP Yiiframework Yii 2 arbitrary PHP code injection attempt

31440

2025-06-03 13:18:57 UTC

Snort Subscriber Rules Update

Date: 2025-06-02-002

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.44.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:301225 <-> MALWARE-OTHER Backdoor.VBS.Janicab.A download attempt
* 1:301226 <-> MALWARE-OTHER Trojan.Java.Jussuc.A download attempt
* 1:301227 <-> MALWARE-OTHER Backdoor.Java.Adwind.A download attempt
* 1:301228 <-> MALWARE-OTHER Worm.JS.Proslikefan.K download attempt
* 1:301229 <-> MALWARE-OTHER Trojan.Win32.Bancyn.o download attempt
* 1:301230 <-> FILE-OFFICE Microsoft Office Excel ddeService command execution attempt
* 1:301231 <-> MALWARE-OTHER Trojan.MacOS.Kitmos.A download attempt
* 1:301232 <-> MALWARE-OTHER Backdoor.Java.Icefog.A download attempt
* 1:301233 <-> MALWARE-OTHER Backdoor.Java.Adwind.C download attempt
* 1:301234 <-> MALWARE-OTHER Trojan.MacOS.LaoShu.A download attempt
* 1:301235 <-> MALWARE-OTHER Win.Loader.Stealc variant download attempt
* 1:301236 <-> MALWARE-OTHER Backdoor.PHP.Pbot.A download attempt
* 1:301237 <-> MALWARE-OTHER Trojan.Shell.Popkiomth.A download attempt
* 1:301238 <-> MALWARE-OTHER Worm.VBS.Iniduoh.B download attempt
* 1:301239 <-> MALWARE-OTHER Backdoor.Shell.Sharpstats.A download attempt
* 1:301240 <-> MALWARE-OTHER Trojan-Downloader.JS.Ofauthin.A download attempt
* 1:301241 <-> MALWARE-OTHER Trojan.Shell.Rennosmud.A download attempt
* 1:301242 <-> MALWARE-OTHER Trojan.Shell.Powerstats.A download attempt
* 1:301243 <-> MALWARE-OTHER Trojan.Win32.LockScreen.apr download attempt
* 1:64965 <-> SERVER-MAIL Synacor Zimbra Collaboration Suite webmail classic stored cross-site scripting attempt
* 1:64982 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64983 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64984 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64985 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64986 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64987 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64988 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64991 <-> MALWARE-CNC Win.InfoStealer.Stealc variant outbound connection attempt
* 1:64994 <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt
* 1:64995 <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt
* 1:64996 <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt
* 3:65011 <-> FILE-PDF TRUFFLEHUNTER TALOS-2025-2202 attack attempt
* 3:65012 <-> FILE-PDF TRUFFLEHUNTER TALOS-2025-2202 attack attempt
* 3:65013 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2025-2193 attack attempt

Modified Rules:

* 1:50478 <-> MALWARE-TOOLS Win.Trojan.CoinMiner dropper transfer attempt
* 1:50479 <-> MALWARE-TOOLS Win.Trojan.CoinMiner dropper transfer attempt
* 1:64941 <-> SERVER-WEBAPP Yiiframework Yii 2 arbitrary PHP code injection attempt

31470

2025-06-03 13:18:57 UTC

Snort Subscriber Rules Update

Date: 2025-06-02-002

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.47.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:301225 <-> MALWARE-OTHER Backdoor.VBS.Janicab.A download attempt
* 1:301226 <-> MALWARE-OTHER Trojan.Java.Jussuc.A download attempt
* 1:301227 <-> MALWARE-OTHER Backdoor.Java.Adwind.A download attempt
* 1:301228 <-> MALWARE-OTHER Worm.JS.Proslikefan.K download attempt
* 1:301229 <-> MALWARE-OTHER Trojan.Win32.Bancyn.o download attempt
* 1:301230 <-> FILE-OFFICE Microsoft Office Excel ddeService command execution attempt
* 1:301231 <-> MALWARE-OTHER Trojan.MacOS.Kitmos.A download attempt
* 1:301232 <-> MALWARE-OTHER Backdoor.Java.Icefog.A download attempt
* 1:301233 <-> MALWARE-OTHER Backdoor.Java.Adwind.C download attempt
* 1:301234 <-> MALWARE-OTHER Trojan.MacOS.LaoShu.A download attempt
* 1:301235 <-> MALWARE-OTHER Win.Loader.Stealc variant download attempt
* 1:301236 <-> MALWARE-OTHER Backdoor.PHP.Pbot.A download attempt
* 1:301237 <-> MALWARE-OTHER Trojan.Shell.Popkiomth.A download attempt
* 1:301238 <-> MALWARE-OTHER Worm.VBS.Iniduoh.B download attempt
* 1:301239 <-> MALWARE-OTHER Backdoor.Shell.Sharpstats.A download attempt
* 1:301240 <-> MALWARE-OTHER Trojan-Downloader.JS.Ofauthin.A download attempt
* 1:301241 <-> MALWARE-OTHER Trojan.Shell.Rennosmud.A download attempt
* 1:301242 <-> MALWARE-OTHER Trojan.Shell.Powerstats.A download attempt
* 1:301243 <-> MALWARE-OTHER Trojan.Win32.LockScreen.apr download attempt
* 1:64965 <-> SERVER-MAIL Synacor Zimbra Collaboration Suite webmail classic stored cross-site scripting attempt
* 1:64982 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64983 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64984 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64985 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64986 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64987 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64988 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64991 <-> MALWARE-CNC Win.InfoStealer.Stealc variant outbound connection attempt
* 1:64994 <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt
* 1:64995 <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt
* 1:64996 <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt
* 3:65011 <-> FILE-PDF TRUFFLEHUNTER TALOS-2025-2202 attack attempt
* 3:65012 <-> FILE-PDF TRUFFLEHUNTER TALOS-2025-2202 attack attempt
* 3:65013 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2025-2193 attack attempt

Modified Rules:

* 1:50478 <-> MALWARE-TOOLS Win.Trojan.CoinMiner dropper transfer attempt
* 1:50479 <-> MALWARE-TOOLS Win.Trojan.CoinMiner dropper transfer attempt
* 1:64941 <-> SERVER-WEBAPP Yiiframework Yii 2 arbitrary PHP code injection attempt