Talos has added and modified multiple rules in the app-detect, file-pdf, malware-cnc, malware-other, malware-tools, server-mail and server-webapp rule sets to provide coverage for emerging threats from these technologies.
For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2092000.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:64963 <-> DISABLED <-> MALWARE-OTHER Backdoor.VBS.Janicab.A download attempt (malware-other.rules) * 1:64964 <-> DISABLED <-> MALWARE-OTHER Backdoor.VBS.Janicab.A download attempt (malware-other.rules) * 1:64965 <-> DISABLED <-> SERVER-MAIL Synacor Zimbra Collaboration Suite webmail classic stored cross-site scripting attempt (server-mail.rules) * 1:64966 <-> DISABLED <-> MALWARE-OTHER Trojan.Java.Jussuc.A download attempt (malware-other.rules) * 1:64967 <-> DISABLED <-> MALWARE-OTHER Trojan.Java.Jussuc.A download attempt (malware-other.rules) * 1:64968 <-> DISABLED <-> MALWARE-OTHER Backdoor.Java.Adwind.A download attempt (malware-other.rules) * 1:64969 <-> DISABLED <-> MALWARE-OTHER Backdoor.Java.Adwind.A download attempt (malware-other.rules) * 1:64970 <-> DISABLED <-> MALWARE-OTHER Worm.JS.Proslikefan.K download attempt (malware-other.rules) * 1:64971 <-> DISABLED <-> MALWARE-OTHER Worm.JS.Proslikefan.K download attempt (malware-other.rules) * 1:64972 <-> DISABLED <-> MALWARE-OTHER Trojan.Win32.Bancyn.o download attempt (malware-other.rules) * 1:64973 <-> DISABLED <-> MALWARE-OTHER Trojan.Win32.Bancyn.o download attempt (malware-other.rules) * 1:64974 <-> DISABLED <-> MALWARE-OTHER Trojan.MacOS.Kitmos.A download attempt (malware-other.rules) * 1:64975 <-> DISABLED <-> MALWARE-OTHER Trojan.MacOS.Kitmos.A download attempt (malware-other.rules) * 1:64976 <-> DISABLED <-> MALWARE-OTHER Backdoor.Java.Icefog.A download attempt (malware-other.rules) * 1:64977 <-> DISABLED <-> MALWARE-OTHER Backdoor.Java.Icefog.A download attempt (malware-other.rules) * 1:64978 <-> DISABLED <-> MALWARE-OTHER Backdoor.Java.Adwind.C download attempt (malware-other.rules) * 1:64979 <-> DISABLED <-> MALWARE-OTHER Backdoor.Java.Adwind.C download attempt (malware-other.rules) * 1:64980 <-> DISABLED <-> MALWARE-OTHER Trojan.MacOS.LaoShu.A download attempt (malware-other.rules) * 1:64981 <-> DISABLED <-> MALWARE-OTHER Trojan.MacOS.LaoShu.A download attempt (malware-other.rules) * 1:64982 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt (malware-cnc.rules) * 1:64983 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt (malware-cnc.rules) * 1:64984 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt (malware-cnc.rules) * 1:64985 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt (malware-cnc.rules) * 1:64986 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt (malware-cnc.rules) * 1:64987 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt (malware-cnc.rules) * 1:64988 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt (malware-cnc.rules) * 1:64989 <-> DISABLED <-> MALWARE-OTHER Win.Loader.Stealc variant download attempt (malware-other.rules) * 1:64990 <-> DISABLED <-> MALWARE-OTHER Win.Loader.Stealc variant download attempt (malware-other.rules) * 1:64991 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Stealc variant outbound connection attempt (malware-cnc.rules) * 1:64992 <-> DISABLED <-> MALWARE-OTHER Backdoor.PHP.Pbot.A download attempt (malware-other.rules) * 1:64993 <-> DISABLED <-> MALWARE-OTHER Backdoor.PHP.Pbot.A download attempt (malware-other.rules) * 1:64994 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt (malware-cnc.rules) * 1:64995 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt (malware-cnc.rules) * 1:64996 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt (malware-cnc.rules) * 1:64997 <-> DISABLED <-> MALWARE-OTHER Trojan.Shell.Popkiomth.A download attempt (malware-other.rules) * 1:64998 <-> DISABLED <-> MALWARE-OTHER Trojan.Shell.Popkiomth.A download attempt (malware-other.rules) * 1:64999 <-> DISABLED <-> MALWARE-OTHER Worm.VBS.Iniduoh.B download attempt (malware-other.rules) * 1:65000 <-> DISABLED <-> MALWARE-OTHER Worm.VBS.Iniduoh.B download attempt (malware-other.rules) * 1:65001 <-> DISABLED <-> MALWARE-OTHER Backdoor.Shell.Sharpstats.A download attempt (malware-other.rules) * 1:65002 <-> DISABLED <-> MALWARE-OTHER Backdoor.Shell.Sharpstats.A download attempt (malware-other.rules) * 1:65003 <-> DISABLED <-> MALWARE-OTHER Trojan-Downloader.JS.Ofauthin.A download attempt (malware-other.rules) * 1:65004 <-> DISABLED <-> MALWARE-OTHER Trojan-Downloader.JS.Ofauthin.A download attempt (malware-other.rules) * 1:65005 <-> DISABLED <-> MALWARE-OTHER Trojan.Shell.Rennosmud.A download attempt (malware-other.rules) * 1:65006 <-> DISABLED <-> MALWARE-OTHER Trojan.Shell.Rennosmud.A download attempt (malware-other.rules) * 1:65007 <-> DISABLED <-> MALWARE-OTHER Trojan.Shell.Powerstats.A download attempt (malware-other.rules) * 1:65008 <-> DISABLED <-> MALWARE-OTHER Trojan.Shell.Powerstats.A download attempt (malware-other.rules) * 1:65009 <-> DISABLED <-> MALWARE-OTHER Trojan.Win32.LockScreen.apr download attempt (malware-other.rules) * 1:65010 <-> DISABLED <-> MALWARE-OTHER Trojan.Win32.LockScreen.apr download attempt (malware-other.rules) * 3:65011 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2025-2202 attack attempt (file-pdf.rules) * 3:65012 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2025-2202 attack attempt (file-pdf.rules) * 3:65013 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2025-2193 attack attempt (server-webapp.rules)
* 1:60114 <-> DISABLED <-> SERVER-WEBAPP SAP NetWeaver directory traversal attempt (server-webapp.rules) * 1:64788 <-> ENABLED <-> SERVER-OTHER Erlang/OTP SSH potential remote code execution attempt (server-other.rules) * 1:50479 <-> ENABLED <-> MALWARE-TOOLS Win.Trojan.CoinMiner dropper transfer attempt (malware-tools.rules) * 1:64941 <-> DISABLED <-> SERVER-WEBAPP Yiiframework Yii 2 arbitrary behavior injection attempt (server-webapp.rules) * 1:50478 <-> ENABLED <-> MALWARE-TOOLS Win.Trojan.CoinMiner dropper transfer attempt (malware-tools.rules) * 1:60112 <-> DISABLED <-> SERVER-WEBAPP SAP NetWeaver directory traversal attempt (server-webapp.rules) * 1:64789 <-> DISABLED <-> APP-DETECT Erlang/OTP SSH server detected (app-detect.rules)
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2091900.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:65009 <-> DISABLED <-> MALWARE-OTHER Trojan.Win32.LockScreen.apr download attempt (malware-other.rules) * 1:65008 <-> DISABLED <-> MALWARE-OTHER Trojan.Shell.Powerstats.A download attempt (malware-other.rules) * 1:65010 <-> DISABLED <-> MALWARE-OTHER Trojan.Win32.LockScreen.apr download attempt (malware-other.rules) * 1:64969 <-> DISABLED <-> MALWARE-OTHER Backdoor.Java.Adwind.A download attempt (malware-other.rules) * 1:64970 <-> DISABLED <-> MALWARE-OTHER Worm.JS.Proslikefan.K download attempt (malware-other.rules) * 1:64971 <-> DISABLED <-> MALWARE-OTHER Worm.JS.Proslikefan.K download attempt (malware-other.rules) * 1:64972 <-> DISABLED <-> MALWARE-OTHER Trojan.Win32.Bancyn.o download attempt (malware-other.rules) * 1:64973 <-> DISABLED <-> MALWARE-OTHER Trojan.Win32.Bancyn.o download attempt (malware-other.rules) * 1:64974 <-> DISABLED <-> MALWARE-OTHER Trojan.MacOS.Kitmos.A download attempt (malware-other.rules) * 1:64975 <-> DISABLED <-> MALWARE-OTHER Trojan.MacOS.Kitmos.A download attempt (malware-other.rules) * 1:64976 <-> DISABLED <-> MALWARE-OTHER Backdoor.Java.Icefog.A download attempt (malware-other.rules) * 1:64977 <-> DISABLED <-> MALWARE-OTHER Backdoor.Java.Icefog.A download attempt (malware-other.rules) * 1:64978 <-> DISABLED <-> MALWARE-OTHER Backdoor.Java.Adwind.C download attempt (malware-other.rules) * 1:64979 <-> DISABLED <-> MALWARE-OTHER Backdoor.Java.Adwind.C download attempt (malware-other.rules) * 1:64980 <-> DISABLED <-> MALWARE-OTHER Trojan.MacOS.LaoShu.A download attempt (malware-other.rules) * 1:64981 <-> DISABLED <-> MALWARE-OTHER Trojan.MacOS.LaoShu.A download attempt (malware-other.rules) * 1:64982 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt (malware-cnc.rules) * 1:64983 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt (malware-cnc.rules) * 1:64984 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt (malware-cnc.rules) * 1:64985 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt (malware-cnc.rules) * 1:64986 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt (malware-cnc.rules) * 1:64987 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt (malware-cnc.rules) * 1:64988 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt (malware-cnc.rules) * 1:64989 <-> DISABLED <-> MALWARE-OTHER Win.Loader.Stealc variant download attempt (malware-other.rules) * 1:64990 <-> DISABLED <-> MALWARE-OTHER Win.Loader.Stealc variant download attempt (malware-other.rules) * 1:64991 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Stealc variant outbound connection attempt (malware-cnc.rules) * 1:64992 <-> DISABLED <-> MALWARE-OTHER Backdoor.PHP.Pbot.A download attempt (malware-other.rules) * 1:64993 <-> DISABLED <-> MALWARE-OTHER Backdoor.PHP.Pbot.A download attempt (malware-other.rules) * 1:64994 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt (malware-cnc.rules) * 1:64995 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt (malware-cnc.rules) * 1:64999 <-> DISABLED <-> MALWARE-OTHER Worm.VBS.Iniduoh.B download attempt (malware-other.rules) * 1:64998 <-> DISABLED <-> MALWARE-OTHER Trojan.Shell.Popkiomth.A download attempt (malware-other.rules) * 1:65000 <-> DISABLED <-> MALWARE-OTHER Worm.VBS.Iniduoh.B download attempt (malware-other.rules) * 1:65001 <-> DISABLED <-> MALWARE-OTHER Backdoor.Shell.Sharpstats.A download attempt (malware-other.rules) * 1:65002 <-> DISABLED <-> MALWARE-OTHER Backdoor.Shell.Sharpstats.A download attempt (malware-other.rules) * 1:65003 <-> DISABLED <-> MALWARE-OTHER Trojan-Downloader.JS.Ofauthin.A download attempt (malware-other.rules) * 1:65004 <-> DISABLED <-> MALWARE-OTHER Trojan-Downloader.JS.Ofauthin.A download attempt (malware-other.rules) * 1:65005 <-> DISABLED <-> MALWARE-OTHER Trojan.Shell.Rennosmud.A download attempt (malware-other.rules) * 1:65006 <-> DISABLED <-> MALWARE-OTHER Trojan.Shell.Rennosmud.A download attempt (malware-other.rules) * 1:65007 <-> DISABLED <-> MALWARE-OTHER Trojan.Shell.Powerstats.A download attempt (malware-other.rules) * 1:64997 <-> DISABLED <-> MALWARE-OTHER Trojan.Shell.Popkiomth.A download attempt (malware-other.rules) * 1:64963 <-> DISABLED <-> MALWARE-OTHER Backdoor.VBS.Janicab.A download attempt (malware-other.rules) * 1:64964 <-> DISABLED <-> MALWARE-OTHER Backdoor.VBS.Janicab.A download attempt (malware-other.rules) * 1:64966 <-> DISABLED <-> MALWARE-OTHER Trojan.Java.Jussuc.A download attempt (malware-other.rules) * 1:64965 <-> DISABLED <-> SERVER-MAIL Synacor Zimbra Collaboration Suite webmail classic stored cross-site scripting attempt (server-mail.rules) * 1:64968 <-> DISABLED <-> MALWARE-OTHER Backdoor.Java.Adwind.A download attempt (malware-other.rules) * 1:64967 <-> DISABLED <-> MALWARE-OTHER Trojan.Java.Jussuc.A download attempt (malware-other.rules) * 1:64996 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt (malware-cnc.rules) * 3:65011 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2025-2202 attack attempt (file-pdf.rules) * 3:65012 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2025-2202 attack attempt (file-pdf.rules) * 3:65013 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2025-2193 attack attempt (server-webapp.rules)
* 1:60114 <-> DISABLED <-> SERVER-WEBAPP SAP NetWeaver directory traversal attempt (server-webapp.rules) * 1:60112 <-> DISABLED <-> SERVER-WEBAPP SAP NetWeaver directory traversal attempt (server-webapp.rules) * 1:64789 <-> DISABLED <-> APP-DETECT Erlang/OTP SSH server detected (app-detect.rules) * 1:50479 <-> ENABLED <-> MALWARE-TOOLS Win.Trojan.CoinMiner dropper transfer attempt (malware-tools.rules) * 1:64941 <-> DISABLED <-> SERVER-WEBAPP Yiiframework Yii 2 arbitrary behavior injection attempt (server-webapp.rules) * 1:50478 <-> ENABLED <-> MALWARE-TOOLS Win.Trojan.CoinMiner dropper transfer attempt (malware-tools.rules) * 1:64788 <-> ENABLED <-> SERVER-OTHER Erlang/OTP SSH potential remote code execution attempt (server-other.rules)
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2091801.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:64967 <-> DISABLED <-> MALWARE-OTHER Trojan.Java.Jussuc.A download attempt (malware-other.rules) * 1:64995 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt (malware-cnc.rules) * 1:64966 <-> DISABLED <-> MALWARE-OTHER Trojan.Java.Jussuc.A download attempt (malware-other.rules) * 1:65003 <-> DISABLED <-> MALWARE-OTHER Trojan-Downloader.JS.Ofauthin.A download attempt (malware-other.rules) * 1:65004 <-> DISABLED <-> MALWARE-OTHER Trojan-Downloader.JS.Ofauthin.A download attempt (malware-other.rules) * 1:65005 <-> DISABLED <-> MALWARE-OTHER Trojan.Shell.Rennosmud.A download attempt (malware-other.rules) * 1:65006 <-> DISABLED <-> MALWARE-OTHER Trojan.Shell.Rennosmud.A download attempt (malware-other.rules) * 1:65007 <-> DISABLED <-> MALWARE-OTHER Trojan.Shell.Powerstats.A download attempt (malware-other.rules) * 1:65008 <-> DISABLED <-> MALWARE-OTHER Trojan.Shell.Powerstats.A download attempt (malware-other.rules) * 1:65009 <-> DISABLED <-> MALWARE-OTHER Trojan.Win32.LockScreen.apr download attempt (malware-other.rules) * 1:65010 <-> DISABLED <-> MALWARE-OTHER Trojan.Win32.LockScreen.apr download attempt (malware-other.rules) * 1:64996 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt (malware-cnc.rules) * 1:64997 <-> DISABLED <-> MALWARE-OTHER Trojan.Shell.Popkiomth.A download attempt (malware-other.rules) * 1:64999 <-> DISABLED <-> MALWARE-OTHER Worm.VBS.Iniduoh.B download attempt (malware-other.rules) * 1:64998 <-> DISABLED <-> MALWARE-OTHER Trojan.Shell.Popkiomth.A download attempt (malware-other.rules) * 1:65000 <-> DISABLED <-> MALWARE-OTHER Worm.VBS.Iniduoh.B download attempt (malware-other.rules) * 1:65002 <-> DISABLED <-> MALWARE-OTHER Backdoor.Shell.Sharpstats.A download attempt (malware-other.rules) * 1:64964 <-> DISABLED <-> MALWARE-OTHER Backdoor.VBS.Janicab.A download attempt (malware-other.rules) * 1:64985 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt (malware-cnc.rules) * 1:64987 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt (malware-cnc.rules) * 1:64986 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt (malware-cnc.rules) * 1:64988 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt (malware-cnc.rules) * 1:64989 <-> DISABLED <-> MALWARE-OTHER Win.Loader.Stealc variant download attempt (malware-other.rules) * 1:64990 <-> DISABLED <-> MALWARE-OTHER Win.Loader.Stealc variant download attempt (malware-other.rules) * 1:64991 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Stealc variant outbound connection attempt (malware-cnc.rules) * 1:64992 <-> DISABLED <-> MALWARE-OTHER Backdoor.PHP.Pbot.A download attempt (malware-other.rules) * 1:64993 <-> DISABLED <-> MALWARE-OTHER Backdoor.PHP.Pbot.A download attempt (malware-other.rules) * 1:64994 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt (malware-cnc.rules) * 1:64963 <-> DISABLED <-> MALWARE-OTHER Backdoor.VBS.Janicab.A download attempt (malware-other.rules) * 1:64968 <-> DISABLED <-> MALWARE-OTHER Backdoor.Java.Adwind.A download attempt (malware-other.rules) * 1:64970 <-> DISABLED <-> MALWARE-OTHER Worm.JS.Proslikefan.K download attempt (malware-other.rules) * 1:64969 <-> DISABLED <-> MALWARE-OTHER Backdoor.Java.Adwind.A download attempt (malware-other.rules) * 1:64972 <-> DISABLED <-> MALWARE-OTHER Trojan.Win32.Bancyn.o download attempt (malware-other.rules) * 1:64971 <-> DISABLED <-> MALWARE-OTHER Worm.JS.Proslikefan.K download attempt (malware-other.rules) * 1:64973 <-> DISABLED <-> MALWARE-OTHER Trojan.Win32.Bancyn.o download attempt (malware-other.rules) * 1:64965 <-> DISABLED <-> SERVER-MAIL Synacor Zimbra Collaboration Suite webmail classic stored cross-site scripting attempt (server-mail.rules) * 1:64975 <-> DISABLED <-> MALWARE-OTHER Trojan.MacOS.Kitmos.A download attempt (malware-other.rules) * 1:64974 <-> DISABLED <-> MALWARE-OTHER Trojan.MacOS.Kitmos.A download attempt (malware-other.rules) * 1:64977 <-> DISABLED <-> MALWARE-OTHER Backdoor.Java.Icefog.A download attempt (malware-other.rules) * 1:64976 <-> DISABLED <-> MALWARE-OTHER Backdoor.Java.Icefog.A download attempt (malware-other.rules) * 1:64979 <-> DISABLED <-> MALWARE-OTHER Backdoor.Java.Adwind.C download attempt (malware-other.rules) * 1:64978 <-> DISABLED <-> MALWARE-OTHER Backdoor.Java.Adwind.C download attempt (malware-other.rules) * 1:64981 <-> DISABLED <-> MALWARE-OTHER Trojan.MacOS.LaoShu.A download attempt (malware-other.rules) * 1:64980 <-> DISABLED <-> MALWARE-OTHER Trojan.MacOS.LaoShu.A download attempt (malware-other.rules) * 1:64983 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt (malware-cnc.rules) * 1:64982 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt (malware-cnc.rules) * 1:64984 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt (malware-cnc.rules) * 1:65001 <-> DISABLED <-> MALWARE-OTHER Backdoor.Shell.Sharpstats.A download attempt (malware-other.rules) * 3:65011 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2025-2202 attack attempt (file-pdf.rules) * 3:65012 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2025-2202 attack attempt (file-pdf.rules) * 3:65013 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2025-2193 attack attempt (server-webapp.rules)
* 1:60112 <-> DISABLED <-> SERVER-WEBAPP SAP NetWeaver directory traversal attempt (server-webapp.rules) * 1:50479 <-> ENABLED <-> MALWARE-TOOLS Win.Trojan.CoinMiner dropper transfer attempt (malware-tools.rules) * 1:64788 <-> ENABLED <-> SERVER-OTHER Erlang/OTP SSH potential remote code execution attempt (server-other.rules) * 1:60114 <-> DISABLED <-> SERVER-WEBAPP SAP NetWeaver directory traversal attempt (server-webapp.rules) * 1:64941 <-> DISABLED <-> SERVER-WEBAPP Yiiframework Yii 2 arbitrary behavior injection attempt (server-webapp.rules) * 1:64789 <-> DISABLED <-> APP-DETECT Erlang/OTP SSH server detected (app-detect.rules) * 1:50478 <-> ENABLED <-> MALWARE-TOOLS Win.Trojan.CoinMiner dropper transfer attempt (malware-tools.rules)
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2091701.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:65005 <-> DISABLED <-> MALWARE-OTHER Trojan.Shell.Rennosmud.A download attempt (malware-other.rules) * 1:65010 <-> DISABLED <-> MALWARE-OTHER Trojan.Win32.LockScreen.apr download attempt (malware-other.rules) * 1:64999 <-> DISABLED <-> MALWARE-OTHER Worm.VBS.Iniduoh.B download attempt (malware-other.rules) * 1:64970 <-> DISABLED <-> MALWARE-OTHER Worm.JS.Proslikefan.K download attempt (malware-other.rules) * 1:64998 <-> DISABLED <-> MALWARE-OTHER Trojan.Shell.Popkiomth.A download attempt (malware-other.rules) * 1:65007 <-> DISABLED <-> MALWARE-OTHER Trojan.Shell.Powerstats.A download attempt (malware-other.rules) * 1:64964 <-> DISABLED <-> MALWARE-OTHER Backdoor.VBS.Janicab.A download attempt (malware-other.rules) * 1:65003 <-> DISABLED <-> MALWARE-OTHER Trojan-Downloader.JS.Ofauthin.A download attempt (malware-other.rules) * 1:65001 <-> DISABLED <-> MALWARE-OTHER Backdoor.Shell.Sharpstats.A download attempt (malware-other.rules) * 1:65006 <-> DISABLED <-> MALWARE-OTHER Trojan.Shell.Rennosmud.A download attempt (malware-other.rules) * 1:65009 <-> DISABLED <-> MALWARE-OTHER Trojan.Win32.LockScreen.apr download attempt (malware-other.rules) * 1:65008 <-> DISABLED <-> MALWARE-OTHER Trojan.Shell.Powerstats.A download attempt (malware-other.rules) * 1:65000 <-> DISABLED <-> MALWARE-OTHER Worm.VBS.Iniduoh.B download attempt (malware-other.rules) * 1:65002 <-> DISABLED <-> MALWARE-OTHER Backdoor.Shell.Sharpstats.A download attempt (malware-other.rules) * 1:65004 <-> DISABLED <-> MALWARE-OTHER Trojan-Downloader.JS.Ofauthin.A download attempt (malware-other.rules) * 1:64963 <-> DISABLED <-> MALWARE-OTHER Backdoor.VBS.Janicab.A download attempt (malware-other.rules) * 1:64972 <-> DISABLED <-> MALWARE-OTHER Trojan.Win32.Bancyn.o download attempt (malware-other.rules) * 1:64974 <-> DISABLED <-> MALWARE-OTHER Trojan.MacOS.Kitmos.A download attempt (malware-other.rules) * 1:64971 <-> DISABLED <-> MALWARE-OTHER Worm.JS.Proslikefan.K download attempt (malware-other.rules) * 1:64975 <-> DISABLED <-> MALWARE-OTHER Trojan.MacOS.Kitmos.A download attempt (malware-other.rules) * 1:64973 <-> DISABLED <-> MALWARE-OTHER Trojan.Win32.Bancyn.o download attempt (malware-other.rules) * 1:64976 <-> DISABLED <-> MALWARE-OTHER Backdoor.Java.Icefog.A download attempt (malware-other.rules) * 1:64979 <-> DISABLED <-> MALWARE-OTHER Backdoor.Java.Adwind.C download attempt (malware-other.rules) * 1:64978 <-> DISABLED <-> MALWARE-OTHER Backdoor.Java.Adwind.C download attempt (malware-other.rules) * 1:64977 <-> DISABLED <-> MALWARE-OTHER Backdoor.Java.Icefog.A download attempt (malware-other.rules) * 1:64980 <-> DISABLED <-> MALWARE-OTHER Trojan.MacOS.LaoShu.A download attempt (malware-other.rules) * 1:64983 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt (malware-cnc.rules) * 1:64982 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt (malware-cnc.rules) * 1:64984 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt (malware-cnc.rules) * 1:64986 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt (malware-cnc.rules) * 1:64981 <-> DISABLED <-> MALWARE-OTHER Trojan.MacOS.LaoShu.A download attempt (malware-other.rules) * 1:64988 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt (malware-cnc.rules) * 1:64987 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt (malware-cnc.rules) * 1:64990 <-> DISABLED <-> MALWARE-OTHER Win.Loader.Stealc variant download attempt (malware-other.rules) * 1:64985 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt (malware-cnc.rules) * 1:64992 <-> DISABLED <-> MALWARE-OTHER Backdoor.PHP.Pbot.A download attempt (malware-other.rules) * 1:64991 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Stealc variant outbound connection attempt (malware-cnc.rules) * 1:64989 <-> DISABLED <-> MALWARE-OTHER Win.Loader.Stealc variant download attempt (malware-other.rules) * 1:64994 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt (malware-cnc.rules) * 1:64993 <-> DISABLED <-> MALWARE-OTHER Backdoor.PHP.Pbot.A download attempt (malware-other.rules) * 1:64996 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt (malware-cnc.rules) * 1:64995 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt (malware-cnc.rules) * 1:64997 <-> DISABLED <-> MALWARE-OTHER Trojan.Shell.Popkiomth.A download attempt (malware-other.rules) * 1:64966 <-> DISABLED <-> MALWARE-OTHER Trojan.Java.Jussuc.A download attempt (malware-other.rules) * 1:64965 <-> DISABLED <-> SERVER-MAIL Synacor Zimbra Collaboration Suite webmail classic stored cross-site scripting attempt (server-mail.rules) * 1:64967 <-> DISABLED <-> MALWARE-OTHER Trojan.Java.Jussuc.A download attempt (malware-other.rules) * 1:64968 <-> DISABLED <-> MALWARE-OTHER Backdoor.Java.Adwind.A download attempt (malware-other.rules) * 1:64969 <-> DISABLED <-> MALWARE-OTHER Backdoor.Java.Adwind.A download attempt (malware-other.rules) * 3:65011 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2025-2202 attack attempt (file-pdf.rules) * 3:65012 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2025-2202 attack attempt (file-pdf.rules) * 3:65013 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2025-2193 attack attempt (server-webapp.rules)
* 1:50479 <-> ENABLED <-> MALWARE-TOOLS Win.Trojan.CoinMiner dropper transfer attempt (malware-tools.rules) * 1:64788 <-> ENABLED <-> SERVER-OTHER Erlang/OTP SSH potential remote code execution attempt (server-other.rules) * 1:60112 <-> DISABLED <-> SERVER-WEBAPP SAP NetWeaver directory traversal attempt (server-webapp.rules) * 1:60114 <-> DISABLED <-> SERVER-WEBAPP SAP NetWeaver directory traversal attempt (server-webapp.rules) * 1:64941 <-> DISABLED <-> SERVER-WEBAPP Yiiframework Yii 2 arbitrary behavior injection attempt (server-webapp.rules) * 1:64789 <-> DISABLED <-> APP-DETECT Erlang/OTP SSH server detected (app-detect.rules) * 1:50478 <-> ENABLED <-> MALWARE-TOOLS Win.Trojan.CoinMiner dropper transfer attempt (malware-tools.rules)
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2091700.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:65002 <-> DISABLED <-> MALWARE-OTHER Backdoor.Shell.Sharpstats.A download attempt (malware-other.rules) * 1:64969 <-> DISABLED <-> MALWARE-OTHER Backdoor.Java.Adwind.A download attempt (malware-other.rules) * 1:65008 <-> DISABLED <-> MALWARE-OTHER Trojan.Shell.Powerstats.A download attempt (malware-other.rules) * 1:64967 <-> DISABLED <-> MALWARE-OTHER Trojan.Java.Jussuc.A download attempt (malware-other.rules) * 1:65004 <-> DISABLED <-> MALWARE-OTHER Trojan-Downloader.JS.Ofauthin.A download attempt (malware-other.rules) * 1:65001 <-> DISABLED <-> MALWARE-OTHER Backdoor.Shell.Sharpstats.A download attempt (malware-other.rules) * 1:65000 <-> DISABLED <-> MALWARE-OTHER Worm.VBS.Iniduoh.B download attempt (malware-other.rules) * 1:65010 <-> DISABLED <-> MALWARE-OTHER Trojan.Win32.LockScreen.apr download attempt (malware-other.rules) * 1:64966 <-> DISABLED <-> MALWARE-OTHER Trojan.Java.Jussuc.A download attempt (malware-other.rules) * 1:64970 <-> DISABLED <-> MALWARE-OTHER Worm.JS.Proslikefan.K download attempt (malware-other.rules) * 1:64968 <-> DISABLED <-> MALWARE-OTHER Backdoor.Java.Adwind.A download attempt (malware-other.rules) * 1:64963 <-> DISABLED <-> MALWARE-OTHER Backdoor.VBS.Janicab.A download attempt (malware-other.rules) * 1:65005 <-> DISABLED <-> MALWARE-OTHER Trojan.Shell.Rennosmud.A download attempt (malware-other.rules) * 1:65003 <-> DISABLED <-> MALWARE-OTHER Trojan-Downloader.JS.Ofauthin.A download attempt (malware-other.rules) * 1:65006 <-> DISABLED <-> MALWARE-OTHER Trojan.Shell.Rennosmud.A download attempt (malware-other.rules) * 1:64971 <-> DISABLED <-> MALWARE-OTHER Worm.JS.Proslikefan.K download attempt (malware-other.rules) * 1:64965 <-> DISABLED <-> SERVER-MAIL Synacor Zimbra Collaboration Suite webmail classic stored cross-site scripting attempt (server-mail.rules) * 1:64964 <-> DISABLED <-> MALWARE-OTHER Backdoor.VBS.Janicab.A download attempt (malware-other.rules) * 1:64972 <-> DISABLED <-> MALWARE-OTHER Trojan.Win32.Bancyn.o download attempt (malware-other.rules) * 1:64973 <-> DISABLED <-> MALWARE-OTHER Trojan.Win32.Bancyn.o download attempt (malware-other.rules) * 1:64974 <-> DISABLED <-> MALWARE-OTHER Trojan.MacOS.Kitmos.A download attempt (malware-other.rules) * 1:64975 <-> DISABLED <-> MALWARE-OTHER Trojan.MacOS.Kitmos.A download attempt (malware-other.rules) * 1:64976 <-> DISABLED <-> MALWARE-OTHER Backdoor.Java.Icefog.A download attempt (malware-other.rules) * 1:64977 <-> DISABLED <-> MALWARE-OTHER Backdoor.Java.Icefog.A download attempt (malware-other.rules) * 1:64978 <-> DISABLED <-> MALWARE-OTHER Backdoor.Java.Adwind.C download attempt (malware-other.rules) * 1:64979 <-> DISABLED <-> MALWARE-OTHER Backdoor.Java.Adwind.C download attempt (malware-other.rules) * 1:64980 <-> DISABLED <-> MALWARE-OTHER Trojan.MacOS.LaoShu.A download attempt (malware-other.rules) * 1:64981 <-> DISABLED <-> MALWARE-OTHER Trojan.MacOS.LaoShu.A download attempt (malware-other.rules) * 1:64982 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt (malware-cnc.rules) * 1:64983 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt (malware-cnc.rules) * 1:64984 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt (malware-cnc.rules) * 1:64985 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt (malware-cnc.rules) * 1:64986 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt (malware-cnc.rules) * 1:64987 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt (malware-cnc.rules) * 1:64988 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt (malware-cnc.rules) * 1:64989 <-> DISABLED <-> MALWARE-OTHER Win.Loader.Stealc variant download attempt (malware-other.rules) * 1:64990 <-> DISABLED <-> MALWARE-OTHER Win.Loader.Stealc variant download attempt (malware-other.rules) * 1:64991 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Stealc variant outbound connection attempt (malware-cnc.rules) * 1:64992 <-> DISABLED <-> MALWARE-OTHER Backdoor.PHP.Pbot.A download attempt (malware-other.rules) * 1:64993 <-> DISABLED <-> MALWARE-OTHER Backdoor.PHP.Pbot.A download attempt (malware-other.rules) * 1:64994 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt (malware-cnc.rules) * 1:64995 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt (malware-cnc.rules) * 1:64999 <-> DISABLED <-> MALWARE-OTHER Worm.VBS.Iniduoh.B download attempt (malware-other.rules) * 1:65009 <-> DISABLED <-> MALWARE-OTHER Trojan.Win32.LockScreen.apr download attempt (malware-other.rules) * 1:65007 <-> DISABLED <-> MALWARE-OTHER Trojan.Shell.Powerstats.A download attempt (malware-other.rules) * 1:64996 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt (malware-cnc.rules) * 1:64997 <-> DISABLED <-> MALWARE-OTHER Trojan.Shell.Popkiomth.A download attempt (malware-other.rules) * 1:64998 <-> DISABLED <-> MALWARE-OTHER Trojan.Shell.Popkiomth.A download attempt (malware-other.rules) * 3:65011 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2025-2202 attack attempt (file-pdf.rules) * 3:65012 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2025-2202 attack attempt (file-pdf.rules) * 3:65013 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2025-2193 attack attempt (server-webapp.rules)
* 1:50479 <-> ENABLED <-> MALWARE-TOOLS Win.Trojan.CoinMiner dropper transfer attempt (malware-tools.rules) * 1:60114 <-> DISABLED <-> SERVER-WEBAPP SAP NetWeaver directory traversal attempt (server-webapp.rules) * 1:64789 <-> DISABLED <-> APP-DETECT Erlang/OTP SSH server detected (app-detect.rules) * 1:64788 <-> ENABLED <-> SERVER-OTHER Erlang/OTP SSH potential remote code execution attempt (server-other.rules) * 1:60112 <-> DISABLED <-> SERVER-WEBAPP SAP NetWeaver directory traversal attempt (server-webapp.rules) * 1:64941 <-> DISABLED <-> SERVER-WEBAPP Yiiframework Yii 2 arbitrary behavior injection attempt (server-webapp.rules) * 1:50478 <-> ENABLED <-> MALWARE-TOOLS Win.Trojan.CoinMiner dropper transfer attempt (malware-tools.rules)
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2091601.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:64971 <-> DISABLED <-> MALWARE-OTHER Worm.JS.Proslikefan.K download attempt (malware-other.rules) * 1:65009 <-> DISABLED <-> MALWARE-OTHER Trojan.Win32.LockScreen.apr download attempt (malware-other.rules) * 1:65003 <-> DISABLED <-> MALWARE-OTHER Trojan-Downloader.JS.Ofauthin.A download attempt (malware-other.rules) * 1:64970 <-> DISABLED <-> MALWARE-OTHER Worm.JS.Proslikefan.K download attempt (malware-other.rules) * 1:65008 <-> DISABLED <-> MALWARE-OTHER Trojan.Shell.Powerstats.A download attempt (malware-other.rules) * 1:64963 <-> DISABLED <-> MALWARE-OTHER Backdoor.VBS.Janicab.A download attempt (malware-other.rules) * 1:64966 <-> DISABLED <-> MALWARE-OTHER Trojan.Java.Jussuc.A download attempt (malware-other.rules) * 1:64965 <-> DISABLED <-> SERVER-MAIL Synacor Zimbra Collaboration Suite webmail classic stored cross-site scripting attempt (server-mail.rules) * 1:64964 <-> DISABLED <-> MALWARE-OTHER Backdoor.VBS.Janicab.A download attempt (malware-other.rules) * 1:65004 <-> DISABLED <-> MALWARE-OTHER Trojan-Downloader.JS.Ofauthin.A download attempt (malware-other.rules) * 1:64969 <-> DISABLED <-> MALWARE-OTHER Backdoor.Java.Adwind.A download attempt (malware-other.rules) * 1:65006 <-> DISABLED <-> MALWARE-OTHER Trojan.Shell.Rennosmud.A download attempt (malware-other.rules) * 1:64968 <-> DISABLED <-> MALWARE-OTHER Backdoor.Java.Adwind.A download attempt (malware-other.rules) * 1:64967 <-> DISABLED <-> MALWARE-OTHER Trojan.Java.Jussuc.A download attempt (malware-other.rules) * 1:65002 <-> DISABLED <-> MALWARE-OTHER Backdoor.Shell.Sharpstats.A download attempt (malware-other.rules) * 1:64975 <-> DISABLED <-> MALWARE-OTHER Trojan.MacOS.Kitmos.A download attempt (malware-other.rules) * 1:65010 <-> DISABLED <-> MALWARE-OTHER Trojan.Win32.LockScreen.apr download attempt (malware-other.rules) * 1:65005 <-> DISABLED <-> MALWARE-OTHER Trojan.Shell.Rennosmud.A download attempt (malware-other.rules) * 1:64976 <-> DISABLED <-> MALWARE-OTHER Backdoor.Java.Icefog.A download attempt (malware-other.rules) * 1:64977 <-> DISABLED <-> MALWARE-OTHER Backdoor.Java.Icefog.A download attempt (malware-other.rules) * 1:64978 <-> DISABLED <-> MALWARE-OTHER Backdoor.Java.Adwind.C download attempt (malware-other.rules) * 1:64979 <-> DISABLED <-> MALWARE-OTHER Backdoor.Java.Adwind.C download attempt (malware-other.rules) * 1:64980 <-> DISABLED <-> MALWARE-OTHER Trojan.MacOS.LaoShu.A download attempt (malware-other.rules) * 1:64981 <-> DISABLED <-> MALWARE-OTHER Trojan.MacOS.LaoShu.A download attempt (malware-other.rules) * 1:64982 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt (malware-cnc.rules) * 1:64983 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt (malware-cnc.rules) * 1:64984 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt (malware-cnc.rules) * 1:64985 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt (malware-cnc.rules) * 1:64986 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt (malware-cnc.rules) * 1:64987 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt (malware-cnc.rules) * 1:64988 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt (malware-cnc.rules) * 1:64989 <-> DISABLED <-> MALWARE-OTHER Win.Loader.Stealc variant download attempt (malware-other.rules) * 1:64990 <-> DISABLED <-> MALWARE-OTHER Win.Loader.Stealc variant download attempt (malware-other.rules) * 1:64991 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Stealc variant outbound connection attempt (malware-cnc.rules) * 1:65007 <-> DISABLED <-> MALWARE-OTHER Trojan.Shell.Powerstats.A download attempt (malware-other.rules) * 1:64992 <-> DISABLED <-> MALWARE-OTHER Backdoor.PHP.Pbot.A download attempt (malware-other.rules) * 1:64993 <-> DISABLED <-> MALWARE-OTHER Backdoor.PHP.Pbot.A download attempt (malware-other.rules) * 1:64994 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt (malware-cnc.rules) * 1:64995 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt (malware-cnc.rules) * 1:64996 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt (malware-cnc.rules) * 1:64997 <-> DISABLED <-> MALWARE-OTHER Trojan.Shell.Popkiomth.A download attempt (malware-other.rules) * 1:64998 <-> DISABLED <-> MALWARE-OTHER Trojan.Shell.Popkiomth.A download attempt (malware-other.rules) * 1:64999 <-> DISABLED <-> MALWARE-OTHER Worm.VBS.Iniduoh.B download attempt (malware-other.rules) * 1:64974 <-> DISABLED <-> MALWARE-OTHER Trojan.MacOS.Kitmos.A download attempt (malware-other.rules) * 1:65000 <-> DISABLED <-> MALWARE-OTHER Worm.VBS.Iniduoh.B download attempt (malware-other.rules) * 1:64972 <-> DISABLED <-> MALWARE-OTHER Trojan.Win32.Bancyn.o download attempt (malware-other.rules) * 1:64973 <-> DISABLED <-> MALWARE-OTHER Trojan.Win32.Bancyn.o download attempt (malware-other.rules) * 1:65001 <-> DISABLED <-> MALWARE-OTHER Backdoor.Shell.Sharpstats.A download attempt (malware-other.rules) * 3:65011 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2025-2202 attack attempt (file-pdf.rules) * 3:65012 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2025-2202 attack attempt (file-pdf.rules) * 3:65013 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2025-2193 attack attempt (server-webapp.rules)
* 1:64789 <-> DISABLED <-> APP-DETECT Erlang/OTP SSH server detected (app-detect.rules) * 1:64941 <-> DISABLED <-> SERVER-WEBAPP Yiiframework Yii 2 arbitrary behavior injection attempt (server-webapp.rules) * 1:50479 <-> ENABLED <-> MALWARE-TOOLS Win.Trojan.CoinMiner dropper transfer attempt (malware-tools.rules) * 1:64788 <-> ENABLED <-> SERVER-OTHER Erlang/OTP SSH potential remote code execution attempt (server-other.rules) * 1:60114 <-> DISABLED <-> SERVER-WEBAPP SAP NetWeaver directory traversal attempt (server-webapp.rules) * 1:60112 <-> DISABLED <-> SERVER-WEBAPP SAP NetWeaver directory traversal attempt (server-webapp.rules) * 1:50478 <-> ENABLED <-> MALWARE-TOOLS Win.Trojan.CoinMiner dropper transfer attempt (malware-tools.rules)
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2091600.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:64966 <-> DISABLED <-> MALWARE-OTHER Trojan.Java.Jussuc.A download attempt (malware-other.rules) * 1:65001 <-> DISABLED <-> MALWARE-OTHER Backdoor.Shell.Sharpstats.A download attempt (malware-other.rules) * 1:65010 <-> DISABLED <-> MALWARE-OTHER Trojan.Win32.LockScreen.apr download attempt (malware-other.rules) * 1:65009 <-> DISABLED <-> MALWARE-OTHER Trojan.Win32.LockScreen.apr download attempt (malware-other.rules) * 1:64997 <-> DISABLED <-> MALWARE-OTHER Trojan.Shell.Popkiomth.A download attempt (malware-other.rules) * 1:64963 <-> DISABLED <-> MALWARE-OTHER Backdoor.VBS.Janicab.A download attempt (malware-other.rules) * 1:64968 <-> DISABLED <-> MALWARE-OTHER Backdoor.Java.Adwind.A download attempt (malware-other.rules) * 1:65000 <-> DISABLED <-> MALWARE-OTHER Worm.VBS.Iniduoh.B download attempt (malware-other.rules) * 1:64996 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt (malware-cnc.rules) * 1:64999 <-> DISABLED <-> MALWARE-OTHER Worm.VBS.Iniduoh.B download attempt (malware-other.rules) * 1:64964 <-> DISABLED <-> MALWARE-OTHER Backdoor.VBS.Janicab.A download attempt (malware-other.rules) * 1:65008 <-> DISABLED <-> MALWARE-OTHER Trojan.Shell.Powerstats.A download attempt (malware-other.rules) * 1:65006 <-> DISABLED <-> MALWARE-OTHER Trojan.Shell.Rennosmud.A download attempt (malware-other.rules) * 1:64967 <-> DISABLED <-> MALWARE-OTHER Trojan.Java.Jussuc.A download attempt (malware-other.rules) * 1:65007 <-> DISABLED <-> MALWARE-OTHER Trojan.Shell.Powerstats.A download attempt (malware-other.rules) * 1:65003 <-> DISABLED <-> MALWARE-OTHER Trojan-Downloader.JS.Ofauthin.A download attempt (malware-other.rules) * 1:64965 <-> DISABLED <-> SERVER-MAIL Synacor Zimbra Collaboration Suite webmail classic stored cross-site scripting attempt (server-mail.rules) * 1:65002 <-> DISABLED <-> MALWARE-OTHER Backdoor.Shell.Sharpstats.A download attempt (malware-other.rules) * 1:64998 <-> DISABLED <-> MALWARE-OTHER Trojan.Shell.Popkiomth.A download attempt (malware-other.rules) * 1:64969 <-> DISABLED <-> MALWARE-OTHER Backdoor.Java.Adwind.A download attempt (malware-other.rules) * 1:64970 <-> DISABLED <-> MALWARE-OTHER Worm.JS.Proslikefan.K download attempt (malware-other.rules) * 1:65004 <-> DISABLED <-> MALWARE-OTHER Trojan-Downloader.JS.Ofauthin.A download attempt (malware-other.rules) * 1:64971 <-> DISABLED <-> MALWARE-OTHER Worm.JS.Proslikefan.K download attempt (malware-other.rules) * 1:64972 <-> DISABLED <-> MALWARE-OTHER Trojan.Win32.Bancyn.o download attempt (malware-other.rules) * 1:64973 <-> DISABLED <-> MALWARE-OTHER Trojan.Win32.Bancyn.o download attempt (malware-other.rules) * 1:64974 <-> DISABLED <-> MALWARE-OTHER Trojan.MacOS.Kitmos.A download attempt (malware-other.rules) * 1:64975 <-> DISABLED <-> MALWARE-OTHER Trojan.MacOS.Kitmos.A download attempt (malware-other.rules) * 1:64976 <-> DISABLED <-> MALWARE-OTHER Backdoor.Java.Icefog.A download attempt (malware-other.rules) * 1:64977 <-> DISABLED <-> MALWARE-OTHER Backdoor.Java.Icefog.A download attempt (malware-other.rules) * 1:64978 <-> DISABLED <-> MALWARE-OTHER Backdoor.Java.Adwind.C download attempt (malware-other.rules) * 1:64979 <-> DISABLED <-> MALWARE-OTHER Backdoor.Java.Adwind.C download attempt (malware-other.rules) * 1:64980 <-> DISABLED <-> MALWARE-OTHER Trojan.MacOS.LaoShu.A download attempt (malware-other.rules) * 1:64981 <-> DISABLED <-> MALWARE-OTHER Trojan.MacOS.LaoShu.A download attempt (malware-other.rules) * 1:64982 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt (malware-cnc.rules) * 1:64983 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt (malware-cnc.rules) * 1:64984 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt (malware-cnc.rules) * 1:64985 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt (malware-cnc.rules) * 1:64986 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt (malware-cnc.rules) * 1:64987 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt (malware-cnc.rules) * 1:64988 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt (malware-cnc.rules) * 1:64989 <-> DISABLED <-> MALWARE-OTHER Win.Loader.Stealc variant download attempt (malware-other.rules) * 1:64990 <-> DISABLED <-> MALWARE-OTHER Win.Loader.Stealc variant download attempt (malware-other.rules) * 1:64991 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Stealc variant outbound connection attempt (malware-cnc.rules) * 1:64992 <-> DISABLED <-> MALWARE-OTHER Backdoor.PHP.Pbot.A download attempt (malware-other.rules) * 1:64993 <-> DISABLED <-> MALWARE-OTHER Backdoor.PHP.Pbot.A download attempt (malware-other.rules) * 1:64994 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt (malware-cnc.rules) * 1:64995 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt (malware-cnc.rules) * 1:65005 <-> DISABLED <-> MALWARE-OTHER Trojan.Shell.Rennosmud.A download attempt (malware-other.rules) * 3:65011 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2025-2202 attack attempt (file-pdf.rules) * 3:65012 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2025-2202 attack attempt (file-pdf.rules) * 3:65013 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2025-2193 attack attempt (server-webapp.rules)
* 1:64789 <-> DISABLED <-> APP-DETECT Erlang/OTP SSH server detected (app-detect.rules) * 1:50479 <-> ENABLED <-> MALWARE-TOOLS Win.Trojan.CoinMiner dropper transfer attempt (malware-tools.rules) * 1:60114 <-> DISABLED <-> SERVER-WEBAPP SAP NetWeaver directory traversal attempt (server-webapp.rules) * 1:60112 <-> DISABLED <-> SERVER-WEBAPP SAP NetWeaver directory traversal attempt (server-webapp.rules) * 1:64788 <-> ENABLED <-> SERVER-OTHER Erlang/OTP SSH potential remote code execution attempt (server-other.rules) * 1:64941 <-> DISABLED <-> SERVER-WEBAPP Yiiframework Yii 2 arbitrary behavior injection attempt (server-webapp.rules) * 1:50478 <-> ENABLED <-> MALWARE-TOOLS Win.Trojan.CoinMiner dropper transfer attempt (malware-tools.rules)
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2091501.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:64964 <-> DISABLED <-> MALWARE-OTHER Backdoor.VBS.Janicab.A download attempt (malware-other.rules) * 1:65003 <-> DISABLED <-> MALWARE-OTHER Trojan-Downloader.JS.Ofauthin.A download attempt (malware-other.rules) * 1:65005 <-> DISABLED <-> MALWARE-OTHER Trojan.Shell.Rennosmud.A download attempt (malware-other.rules) * 1:65010 <-> DISABLED <-> MALWARE-OTHER Trojan.Win32.LockScreen.apr download attempt (malware-other.rules) * 1:64966 <-> DISABLED <-> MALWARE-OTHER Trojan.Java.Jussuc.A download attempt (malware-other.rules) * 1:64974 <-> DISABLED <-> MALWARE-OTHER Trojan.MacOS.Kitmos.A download attempt (malware-other.rules) * 1:64965 <-> DISABLED <-> SERVER-MAIL Synacor Zimbra Collaboration Suite webmail classic stored cross-site scripting attempt (server-mail.rules) * 1:64967 <-> DISABLED <-> MALWARE-OTHER Trojan.Java.Jussuc.A download attempt (malware-other.rules) * 1:64976 <-> DISABLED <-> MALWARE-OTHER Backdoor.Java.Icefog.A download attempt (malware-other.rules) * 1:65007 <-> DISABLED <-> MALWARE-OTHER Trojan.Shell.Powerstats.A download attempt (malware-other.rules) * 1:64970 <-> DISABLED <-> MALWARE-OTHER Worm.JS.Proslikefan.K download attempt (malware-other.rules) * 1:65008 <-> DISABLED <-> MALWARE-OTHER Trojan.Shell.Powerstats.A download attempt (malware-other.rules) * 1:64969 <-> DISABLED <-> MALWARE-OTHER Backdoor.Java.Adwind.A download attempt (malware-other.rules) * 1:64963 <-> DISABLED <-> MALWARE-OTHER Backdoor.VBS.Janicab.A download attempt (malware-other.rules) * 1:64972 <-> DISABLED <-> MALWARE-OTHER Trojan.Win32.Bancyn.o download attempt (malware-other.rules) * 1:64973 <-> DISABLED <-> MALWARE-OTHER Trojan.Win32.Bancyn.o download attempt (malware-other.rules) * 1:64971 <-> DISABLED <-> MALWARE-OTHER Worm.JS.Proslikefan.K download attempt (malware-other.rules) * 1:64990 <-> DISABLED <-> MALWARE-OTHER Win.Loader.Stealc variant download attempt (malware-other.rules) * 1:65002 <-> DISABLED <-> MALWARE-OTHER Backdoor.Shell.Sharpstats.A download attempt (malware-other.rules) * 1:65001 <-> DISABLED <-> MALWARE-OTHER Backdoor.Shell.Sharpstats.A download attempt (malware-other.rules) * 1:64980 <-> DISABLED <-> MALWARE-OTHER Trojan.MacOS.LaoShu.A download attempt (malware-other.rules) * 1:64978 <-> DISABLED <-> MALWARE-OTHER Backdoor.Java.Adwind.C download attempt (malware-other.rules) * 1:64977 <-> DISABLED <-> MALWARE-OTHER Backdoor.Java.Icefog.A download attempt (malware-other.rules) * 1:64984 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt (malware-cnc.rules) * 1:64979 <-> DISABLED <-> MALWARE-OTHER Backdoor.Java.Adwind.C download attempt (malware-other.rules) * 1:64982 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt (malware-cnc.rules) * 1:64981 <-> DISABLED <-> MALWARE-OTHER Trojan.MacOS.LaoShu.A download attempt (malware-other.rules) * 1:64983 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt (malware-cnc.rules) * 1:64985 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt (malware-cnc.rules) * 1:64988 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt (malware-cnc.rules) * 1:64987 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt (malware-cnc.rules) * 1:64986 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt (malware-cnc.rules) * 1:64993 <-> DISABLED <-> MALWARE-OTHER Backdoor.PHP.Pbot.A download attempt (malware-other.rules) * 1:64989 <-> DISABLED <-> MALWARE-OTHER Win.Loader.Stealc variant download attempt (malware-other.rules) * 1:64992 <-> DISABLED <-> MALWARE-OTHER Backdoor.PHP.Pbot.A download attempt (malware-other.rules) * 1:64991 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Stealc variant outbound connection attempt (malware-cnc.rules) * 1:64994 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt (malware-cnc.rules) * 1:64997 <-> DISABLED <-> MALWARE-OTHER Trojan.Shell.Popkiomth.A download attempt (malware-other.rules) * 1:64996 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt (malware-cnc.rules) * 1:64995 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt (malware-cnc.rules) * 1:65000 <-> DISABLED <-> MALWARE-OTHER Worm.VBS.Iniduoh.B download attempt (malware-other.rules) * 1:64998 <-> DISABLED <-> MALWARE-OTHER Trojan.Shell.Popkiomth.A download attempt (malware-other.rules) * 1:65006 <-> DISABLED <-> MALWARE-OTHER Trojan.Shell.Rennosmud.A download attempt (malware-other.rules) * 1:65004 <-> DISABLED <-> MALWARE-OTHER Trojan-Downloader.JS.Ofauthin.A download attempt (malware-other.rules) * 1:64975 <-> DISABLED <-> MALWARE-OTHER Trojan.MacOS.Kitmos.A download attempt (malware-other.rules) * 1:65009 <-> DISABLED <-> MALWARE-OTHER Trojan.Win32.LockScreen.apr download attempt (malware-other.rules) * 1:64999 <-> DISABLED <-> MALWARE-OTHER Worm.VBS.Iniduoh.B download attempt (malware-other.rules) * 1:64968 <-> DISABLED <-> MALWARE-OTHER Backdoor.Java.Adwind.A download attempt (malware-other.rules) * 3:65011 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2025-2202 attack attempt (file-pdf.rules) * 3:65012 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2025-2202 attack attempt (file-pdf.rules) * 3:65013 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2025-2193 attack attempt (server-webapp.rules)
* 1:64941 <-> DISABLED <-> SERVER-WEBAPP Yiiframework Yii 2 arbitrary behavior injection attempt (server-webapp.rules) * 1:50479 <-> ENABLED <-> MALWARE-TOOLS Win.Trojan.CoinMiner dropper transfer attempt (malware-tools.rules) * 1:60114 <-> DISABLED <-> SERVER-WEBAPP SAP NetWeaver directory traversal attempt (server-webapp.rules) * 1:60112 <-> DISABLED <-> SERVER-WEBAPP SAP NetWeaver directory traversal attempt (server-webapp.rules) * 1:64788 <-> ENABLED <-> SERVER-OTHER Erlang/OTP SSH potential remote code execution attempt (server-other.rules) * 1:64789 <-> DISABLED <-> APP-DETECT Erlang/OTP SSH server detected (app-detect.rules) * 1:50478 <-> ENABLED <-> MALWARE-TOOLS Win.Trojan.CoinMiner dropper transfer attempt (malware-tools.rules)
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2091401.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:64999 <-> DISABLED <-> MALWARE-OTHER Worm.VBS.Iniduoh.B download attempt (malware-other.rules) * 1:65010 <-> DISABLED <-> MALWARE-OTHER Trojan.Win32.LockScreen.apr download attempt (malware-other.rules) * 1:65006 <-> DISABLED <-> MALWARE-OTHER Trojan.Shell.Rennosmud.A download attempt (malware-other.rules) * 1:64989 <-> DISABLED <-> MALWARE-OTHER Win.Loader.Stealc variant download attempt (malware-other.rules) * 1:64998 <-> DISABLED <-> MALWARE-OTHER Trojan.Shell.Popkiomth.A download attempt (malware-other.rules) * 1:64996 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt (malware-cnc.rules) * 1:65005 <-> DISABLED <-> MALWARE-OTHER Trojan.Shell.Rennosmud.A download attempt (malware-other.rules) * 1:65007 <-> DISABLED <-> MALWARE-OTHER Trojan.Shell.Powerstats.A download attempt (malware-other.rules) * 1:64995 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt (malware-cnc.rules) * 1:64964 <-> DISABLED <-> MALWARE-OTHER Backdoor.VBS.Janicab.A download attempt (malware-other.rules) * 1:64997 <-> DISABLED <-> MALWARE-OTHER Trojan.Shell.Popkiomth.A download attempt (malware-other.rules) * 1:65004 <-> DISABLED <-> MALWARE-OTHER Trojan-Downloader.JS.Ofauthin.A download attempt (malware-other.rules) * 1:64966 <-> DISABLED <-> MALWARE-OTHER Trojan.Java.Jussuc.A download attempt (malware-other.rules) * 1:65009 <-> DISABLED <-> MALWARE-OTHER Trojan.Win32.LockScreen.apr download attempt (malware-other.rules) * 1:64987 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt (malware-cnc.rules) * 1:64992 <-> DISABLED <-> MALWARE-OTHER Backdoor.PHP.Pbot.A download attempt (malware-other.rules) * 1:64993 <-> DISABLED <-> MALWARE-OTHER Backdoor.PHP.Pbot.A download attempt (malware-other.rules) * 1:64991 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Stealc variant outbound connection attempt (malware-cnc.rules) * 1:64967 <-> DISABLED <-> MALWARE-OTHER Trojan.Java.Jussuc.A download attempt (malware-other.rules) * 1:64971 <-> DISABLED <-> MALWARE-OTHER Worm.JS.Proslikefan.K download attempt (malware-other.rules) * 1:65008 <-> DISABLED <-> MALWARE-OTHER Trojan.Shell.Powerstats.A download attempt (malware-other.rules) * 1:64972 <-> DISABLED <-> MALWARE-OTHER Trojan.Win32.Bancyn.o download attempt (malware-other.rules) * 1:64973 <-> DISABLED <-> MALWARE-OTHER Trojan.Win32.Bancyn.o download attempt (malware-other.rules) * 1:64978 <-> DISABLED <-> MALWARE-OTHER Backdoor.Java.Adwind.C download attempt (malware-other.rules) * 1:64976 <-> DISABLED <-> MALWARE-OTHER Backdoor.Java.Icefog.A download attempt (malware-other.rules) * 1:64977 <-> DISABLED <-> MALWARE-OTHER Backdoor.Java.Icefog.A download attempt (malware-other.rules) * 1:64982 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt (malware-cnc.rules) * 1:64994 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt (malware-cnc.rules) * 1:64981 <-> DISABLED <-> MALWARE-OTHER Trojan.MacOS.LaoShu.A download attempt (malware-other.rules) * 1:64980 <-> DISABLED <-> MALWARE-OTHER Trojan.MacOS.LaoShu.A download attempt (malware-other.rules) * 1:64986 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt (malware-cnc.rules) * 1:64979 <-> DISABLED <-> MALWARE-OTHER Backdoor.Java.Adwind.C download attempt (malware-other.rules) * 1:64984 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt (malware-cnc.rules) * 1:64985 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt (malware-cnc.rules) * 1:64990 <-> DISABLED <-> MALWARE-OTHER Win.Loader.Stealc variant download attempt (malware-other.rules) * 1:64983 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt (malware-cnc.rules) * 1:64988 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt (malware-cnc.rules) * 1:64965 <-> DISABLED <-> SERVER-MAIL Synacor Zimbra Collaboration Suite webmail classic stored cross-site scripting attempt (server-mail.rules) * 1:65003 <-> DISABLED <-> MALWARE-OTHER Trojan-Downloader.JS.Ofauthin.A download attempt (malware-other.rules) * 1:64969 <-> DISABLED <-> MALWARE-OTHER Backdoor.Java.Adwind.A download attempt (malware-other.rules) * 1:65002 <-> DISABLED <-> MALWARE-OTHER Backdoor.Shell.Sharpstats.A download attempt (malware-other.rules) * 1:65000 <-> DISABLED <-> MALWARE-OTHER Worm.VBS.Iniduoh.B download attempt (malware-other.rules) * 1:64963 <-> DISABLED <-> MALWARE-OTHER Backdoor.VBS.Janicab.A download attempt (malware-other.rules) * 1:64974 <-> DISABLED <-> MALWARE-OTHER Trojan.MacOS.Kitmos.A download attempt (malware-other.rules) * 1:64968 <-> DISABLED <-> MALWARE-OTHER Backdoor.Java.Adwind.A download attempt (malware-other.rules) * 1:64975 <-> DISABLED <-> MALWARE-OTHER Trojan.MacOS.Kitmos.A download attempt (malware-other.rules) * 1:64970 <-> DISABLED <-> MALWARE-OTHER Worm.JS.Proslikefan.K download attempt (malware-other.rules) * 1:65001 <-> DISABLED <-> MALWARE-OTHER Backdoor.Shell.Sharpstats.A download attempt (malware-other.rules) * 3:65011 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2025-2202 attack attempt (file-pdf.rules) * 3:65012 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2025-2202 attack attempt (file-pdf.rules) * 3:65013 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2025-2193 attack attempt (server-webapp.rules)
* 1:50479 <-> ENABLED <-> MALWARE-TOOLS Win.Trojan.CoinMiner dropper transfer attempt (malware-tools.rules) * 1:60114 <-> DISABLED <-> SERVER-WEBAPP SAP NetWeaver directory traversal attempt (server-webapp.rules) * 1:60112 <-> DISABLED <-> SERVER-WEBAPP SAP NetWeaver directory traversal attempt (server-webapp.rules) * 1:64789 <-> DISABLED <-> APP-DETECT Erlang/OTP SSH server detected (app-detect.rules) * 1:64788 <-> ENABLED <-> SERVER-OTHER Erlang/OTP SSH potential remote code execution attempt (server-other.rules) * 1:64941 <-> DISABLED <-> SERVER-WEBAPP Yiiframework Yii 2 arbitrary behavior injection attempt (server-webapp.rules) * 1:50478 <-> ENABLED <-> MALWARE-TOOLS Win.Trojan.CoinMiner dropper transfer attempt (malware-tools.rules)
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2091300.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:65008 <-> DISABLED <-> MALWARE-OTHER Trojan.Shell.Powerstats.A download attempt (malware-other.rules) * 1:65010 <-> DISABLED <-> MALWARE-OTHER Trojan.Win32.LockScreen.apr download attempt (malware-other.rules) * 1:65003 <-> DISABLED <-> MALWARE-OTHER Trojan-Downloader.JS.Ofauthin.A download attempt (malware-other.rules) * 1:64971 <-> DISABLED <-> MALWARE-OTHER Worm.JS.Proslikefan.K download attempt (malware-other.rules) * 1:65004 <-> DISABLED <-> MALWARE-OTHER Trojan-Downloader.JS.Ofauthin.A download attempt (malware-other.rules) * 1:65006 <-> DISABLED <-> MALWARE-OTHER Trojan.Shell.Rennosmud.A download attempt (malware-other.rules) * 1:65000 <-> DISABLED <-> MALWARE-OTHER Worm.VBS.Iniduoh.B download attempt (malware-other.rules) * 1:64963 <-> DISABLED <-> MALWARE-OTHER Backdoor.VBS.Janicab.A download attempt (malware-other.rules) * 1:65002 <-> DISABLED <-> MALWARE-OTHER Backdoor.Shell.Sharpstats.A download attempt (malware-other.rules) * 1:64968 <-> DISABLED <-> MALWARE-OTHER Backdoor.Java.Adwind.A download attempt (malware-other.rules) * 1:64972 <-> DISABLED <-> MALWARE-OTHER Trojan.Win32.Bancyn.o download attempt (malware-other.rules) * 1:64973 <-> DISABLED <-> MALWARE-OTHER Trojan.Win32.Bancyn.o download attempt (malware-other.rules) * 1:64967 <-> DISABLED <-> MALWARE-OTHER Trojan.Java.Jussuc.A download attempt (malware-other.rules) * 1:65001 <-> DISABLED <-> MALWARE-OTHER Backdoor.Shell.Sharpstats.A download attempt (malware-other.rules) * 1:65007 <-> DISABLED <-> MALWARE-OTHER Trojan.Shell.Powerstats.A download attempt (malware-other.rules) * 1:64974 <-> DISABLED <-> MALWARE-OTHER Trojan.MacOS.Kitmos.A download attempt (malware-other.rules) * 1:64975 <-> DISABLED <-> MALWARE-OTHER Trojan.MacOS.Kitmos.A download attempt (malware-other.rules) * 1:64976 <-> DISABLED <-> MALWARE-OTHER Backdoor.Java.Icefog.A download attempt (malware-other.rules) * 1:64977 <-> DISABLED <-> MALWARE-OTHER Backdoor.Java.Icefog.A download attempt (malware-other.rules) * 1:64978 <-> DISABLED <-> MALWARE-OTHER Backdoor.Java.Adwind.C download attempt (malware-other.rules) * 1:64979 <-> DISABLED <-> MALWARE-OTHER Backdoor.Java.Adwind.C download attempt (malware-other.rules) * 1:64999 <-> DISABLED <-> MALWARE-OTHER Worm.VBS.Iniduoh.B download attempt (malware-other.rules) * 1:64980 <-> DISABLED <-> MALWARE-OTHER Trojan.MacOS.LaoShu.A download attempt (malware-other.rules) * 1:64981 <-> DISABLED <-> MALWARE-OTHER Trojan.MacOS.LaoShu.A download attempt (malware-other.rules) * 1:64982 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt (malware-cnc.rules) * 1:64983 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt (malware-cnc.rules) * 1:64984 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt (malware-cnc.rules) * 1:64985 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt (malware-cnc.rules) * 1:64986 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt (malware-cnc.rules) * 1:64987 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt (malware-cnc.rules) * 1:64988 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt (malware-cnc.rules) * 1:64989 <-> DISABLED <-> MALWARE-OTHER Win.Loader.Stealc variant download attempt (malware-other.rules) * 1:64990 <-> DISABLED <-> MALWARE-OTHER Win.Loader.Stealc variant download attempt (malware-other.rules) * 1:64991 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Stealc variant outbound connection attempt (malware-cnc.rules) * 1:64992 <-> DISABLED <-> MALWARE-OTHER Backdoor.PHP.Pbot.A download attempt (malware-other.rules) * 1:64993 <-> DISABLED <-> MALWARE-OTHER Backdoor.PHP.Pbot.A download attempt (malware-other.rules) * 1:64994 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt (malware-cnc.rules) * 1:64966 <-> DISABLED <-> MALWARE-OTHER Trojan.Java.Jussuc.A download attempt (malware-other.rules) * 1:64995 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt (malware-cnc.rules) * 1:64969 <-> DISABLED <-> MALWARE-OTHER Backdoor.Java.Adwind.A download attempt (malware-other.rules) * 1:64996 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt (malware-cnc.rules) * 1:64970 <-> DISABLED <-> MALWARE-OTHER Worm.JS.Proslikefan.K download attempt (malware-other.rules) * 1:65005 <-> DISABLED <-> MALWARE-OTHER Trojan.Shell.Rennosmud.A download attempt (malware-other.rules) * 1:64997 <-> DISABLED <-> MALWARE-OTHER Trojan.Shell.Popkiomth.A download attempt (malware-other.rules) * 1:64965 <-> DISABLED <-> SERVER-MAIL Synacor Zimbra Collaboration Suite webmail classic stored cross-site scripting attempt (server-mail.rules) * 1:64964 <-> DISABLED <-> MALWARE-OTHER Backdoor.VBS.Janicab.A download attempt (malware-other.rules) * 1:64998 <-> DISABLED <-> MALWARE-OTHER Trojan.Shell.Popkiomth.A download attempt (malware-other.rules) * 1:65009 <-> DISABLED <-> MALWARE-OTHER Trojan.Win32.LockScreen.apr download attempt (malware-other.rules) * 3:65011 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2025-2202 attack attempt (file-pdf.rules) * 3:65012 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2025-2202 attack attempt (file-pdf.rules) * 3:65013 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2025-2193 attack attempt (server-webapp.rules)
* 1:60112 <-> DISABLED <-> SERVER-WEBAPP SAP NetWeaver directory traversal attempt (server-webapp.rules) * 1:50479 <-> ENABLED <-> MALWARE-TOOLS Win.Trojan.CoinMiner dropper transfer attempt (malware-tools.rules) * 1:64788 <-> ENABLED <-> SERVER-OTHER Erlang/OTP SSH potential remote code execution attempt (server-other.rules) * 1:64789 <-> DISABLED <-> APP-DETECT Erlang/OTP SSH server detected (app-detect.rules) * 1:60114 <-> DISABLED <-> SERVER-WEBAPP SAP NetWeaver directory traversal attempt (server-webapp.rules) * 1:64941 <-> DISABLED <-> SERVER-WEBAPP Yiiframework Yii 2 arbitrary behavior injection attempt (server-webapp.rules) * 1:50478 <-> ENABLED <-> MALWARE-TOOLS Win.Trojan.CoinMiner dropper transfer attempt (malware-tools.rules)
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2091101.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:65007 <-> DISABLED <-> MALWARE-OTHER Trojan.Shell.Powerstats.A download attempt (malware-other.rules) * 1:65004 <-> DISABLED <-> MALWARE-OTHER Trojan-Downloader.JS.Ofauthin.A download attempt (malware-other.rules) * 1:65009 <-> DISABLED <-> MALWARE-OTHER Trojan.Win32.LockScreen.apr download attempt (malware-other.rules) * 1:65000 <-> DISABLED <-> MALWARE-OTHER Worm.VBS.Iniduoh.B download attempt (malware-other.rules) * 1:64965 <-> DISABLED <-> SERVER-MAIL Synacor Zimbra Collaboration Suite webmail classic stored cross-site scripting attempt (server-mail.rules) * 1:65001 <-> DISABLED <-> MALWARE-OTHER Backdoor.Shell.Sharpstats.A download attempt (malware-other.rules) * 1:64963 <-> DISABLED <-> MALWARE-OTHER Backdoor.VBS.Janicab.A download attempt (malware-other.rules) * 1:64968 <-> DISABLED <-> MALWARE-OTHER Backdoor.Java.Adwind.A download attempt (malware-other.rules) * 1:65008 <-> DISABLED <-> MALWARE-OTHER Trojan.Shell.Powerstats.A download attempt (malware-other.rules) * 1:64964 <-> DISABLED <-> MALWARE-OTHER Backdoor.VBS.Janicab.A download attempt (malware-other.rules) * 1:64999 <-> DISABLED <-> MALWARE-OTHER Worm.VBS.Iniduoh.B download attempt (malware-other.rules) * 1:64967 <-> DISABLED <-> MALWARE-OTHER Trojan.Java.Jussuc.A download attempt (malware-other.rules) * 1:65002 <-> DISABLED <-> MALWARE-OTHER Backdoor.Shell.Sharpstats.A download attempt (malware-other.rules) * 1:64972 <-> DISABLED <-> MALWARE-OTHER Trojan.Win32.Bancyn.o download attempt (malware-other.rules) * 1:64973 <-> DISABLED <-> MALWARE-OTHER Trojan.Win32.Bancyn.o download attempt (malware-other.rules) * 1:64974 <-> DISABLED <-> MALWARE-OTHER Trojan.MacOS.Kitmos.A download attempt (malware-other.rules) * 1:64975 <-> DISABLED <-> MALWARE-OTHER Trojan.MacOS.Kitmos.A download attempt (malware-other.rules) * 1:64976 <-> DISABLED <-> MALWARE-OTHER Backdoor.Java.Icefog.A download attempt (malware-other.rules) * 1:64977 <-> DISABLED <-> MALWARE-OTHER Backdoor.Java.Icefog.A download attempt (malware-other.rules) * 1:64978 <-> DISABLED <-> MALWARE-OTHER Backdoor.Java.Adwind.C download attempt (malware-other.rules) * 1:64979 <-> DISABLED <-> MALWARE-OTHER Backdoor.Java.Adwind.C download attempt (malware-other.rules) * 1:64980 <-> DISABLED <-> MALWARE-OTHER Trojan.MacOS.LaoShu.A download attempt (malware-other.rules) * 1:64981 <-> DISABLED <-> MALWARE-OTHER Trojan.MacOS.LaoShu.A download attempt (malware-other.rules) * 1:64982 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt (malware-cnc.rules) * 1:64983 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt (malware-cnc.rules) * 1:64966 <-> DISABLED <-> MALWARE-OTHER Trojan.Java.Jussuc.A download attempt (malware-other.rules) * 1:64984 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt (malware-cnc.rules) * 1:64970 <-> DISABLED <-> MALWARE-OTHER Worm.JS.Proslikefan.K download attempt (malware-other.rules) * 1:64985 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt (malware-cnc.rules) * 1:65005 <-> DISABLED <-> MALWARE-OTHER Trojan.Shell.Rennosmud.A download attempt (malware-other.rules) * 1:65003 <-> DISABLED <-> MALWARE-OTHER Trojan-Downloader.JS.Ofauthin.A download attempt (malware-other.rules) * 1:64986 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt (malware-cnc.rules) * 1:65006 <-> DISABLED <-> MALWARE-OTHER Trojan.Shell.Rennosmud.A download attempt (malware-other.rules) * 1:64987 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt (malware-cnc.rules) * 1:64988 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt (malware-cnc.rules) * 1:64989 <-> DISABLED <-> MALWARE-OTHER Win.Loader.Stealc variant download attempt (malware-other.rules) * 1:64990 <-> DISABLED <-> MALWARE-OTHER Win.Loader.Stealc variant download attempt (malware-other.rules) * 1:64969 <-> DISABLED <-> MALWARE-OTHER Backdoor.Java.Adwind.A download attempt (malware-other.rules) * 1:64991 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Stealc variant outbound connection attempt (malware-cnc.rules) * 1:64992 <-> DISABLED <-> MALWARE-OTHER Backdoor.PHP.Pbot.A download attempt (malware-other.rules) * 1:64971 <-> DISABLED <-> MALWARE-OTHER Worm.JS.Proslikefan.K download attempt (malware-other.rules) * 1:64993 <-> DISABLED <-> MALWARE-OTHER Backdoor.PHP.Pbot.A download attempt (malware-other.rules) * 1:64994 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt (malware-cnc.rules) * 1:65010 <-> DISABLED <-> MALWARE-OTHER Trojan.Win32.LockScreen.apr download attempt (malware-other.rules) * 1:64995 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt (malware-cnc.rules) * 1:64996 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt (malware-cnc.rules) * 1:64997 <-> DISABLED <-> MALWARE-OTHER Trojan.Shell.Popkiomth.A download attempt (malware-other.rules) * 1:64998 <-> DISABLED <-> MALWARE-OTHER Trojan.Shell.Popkiomth.A download attempt (malware-other.rules) * 3:65011 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2025-2202 attack attempt (file-pdf.rules) * 3:65012 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2025-2202 attack attempt (file-pdf.rules) * 3:65013 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2025-2193 attack attempt (server-webapp.rules)
* 1:64788 <-> ENABLED <-> SERVER-OTHER Erlang/OTP SSH potential remote code execution attempt (server-other.rules) * 1:50479 <-> ENABLED <-> MALWARE-TOOLS Win.Trojan.CoinMiner dropper transfer attempt (malware-tools.rules) * 1:60114 <-> DISABLED <-> SERVER-WEBAPP SAP NetWeaver directory traversal attempt (server-webapp.rules) * 1:60112 <-> DISABLED <-> SERVER-WEBAPP SAP NetWeaver directory traversal attempt (server-webapp.rules) * 1:64789 <-> DISABLED <-> APP-DETECT Erlang/OTP SSH server detected (app-detect.rules) * 1:64941 <-> DISABLED <-> SERVER-WEBAPP Yiiframework Yii 2 arbitrary behavior injection attempt (server-webapp.rules) * 1:50478 <-> ENABLED <-> MALWARE-TOOLS Win.Trojan.CoinMiner dropper transfer attempt (malware-tools.rules)
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.0.0.0.
The format of the file is:
gid:sid <-> Message
* 1:301225 <-> MALWARE-OTHER Backdoor.VBS.Janicab.A download attempt * 1:301226 <-> MALWARE-OTHER Trojan.Java.Jussuc.A download attempt * 1:301227 <-> MALWARE-OTHER Backdoor.Java.Adwind.A download attempt * 1:301228 <-> MALWARE-OTHER Worm.JS.Proslikefan.K download attempt * 1:301229 <-> MALWARE-OTHER Trojan.Win32.Bancyn.o download attempt * 1:301230 <-> FILE-OFFICE Microsoft Office Excel ddeService command execution attempt * 1:301231 <-> MALWARE-OTHER Trojan.MacOS.Kitmos.A download attempt * 1:301232 <-> MALWARE-OTHER Backdoor.Java.Icefog.A download attempt * 1:301233 <-> MALWARE-OTHER Backdoor.Java.Adwind.C download attempt * 1:301234 <-> MALWARE-OTHER Trojan.MacOS.LaoShu.A download attempt * 1:301235 <-> MALWARE-OTHER Win.Loader.Stealc variant download attempt * 1:301236 <-> MALWARE-OTHER Backdoor.PHP.Pbot.A download attempt * 1:301237 <-> MALWARE-OTHER Trojan.Shell.Popkiomth.A download attempt * 1:301238 <-> MALWARE-OTHER Worm.VBS.Iniduoh.B download attempt * 1:301239 <-> MALWARE-OTHER Backdoor.Shell.Sharpstats.A download attempt * 1:301240 <-> MALWARE-OTHER Trojan-Downloader.JS.Ofauthin.A download attempt * 1:301241 <-> MALWARE-OTHER Trojan.Shell.Rennosmud.A download attempt * 1:301242 <-> MALWARE-OTHER Trojan.Shell.Powerstats.A download attempt * 1:301243 <-> MALWARE-OTHER Trojan.Win32.LockScreen.apr download attempt * 1:64965 <-> SERVER-MAIL Synacor Zimbra Collaboration Suite webmail classic stored cross-site scripting attempt * 1:64982 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt * 1:64983 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt * 1:64984 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt * 1:64985 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt * 1:64986 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt * 1:64987 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt * 1:64988 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt * 1:64991 <-> MALWARE-CNC Win.InfoStealer.Stealc variant outbound connection attempt * 1:64994 <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt * 1:64995 <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt * 1:64996 <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt * 3:65011 <-> FILE-PDF TRUFFLEHUNTER TALOS-2025-2202 attack attempt * 3:65012 <-> FILE-PDF TRUFFLEHUNTER TALOS-2025-2202 attack attempt * 3:65013 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2025-2193 attack attempt
* 1:50478 <-> MALWARE-TOOLS Win.Trojan.CoinMiner dropper transfer attempt * 1:50479 <-> MALWARE-TOOLS Win.Trojan.CoinMiner dropper transfer attempt * 1:64941 <-> SERVER-WEBAPP Yiiframework Yii 2 arbitrary PHP code injection attempt
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.0.3.1.
The format of the file is:
gid:sid <-> Message
* 1:301225 <-> MALWARE-OTHER Backdoor.VBS.Janicab.A download attempt * 1:301226 <-> MALWARE-OTHER Trojan.Java.Jussuc.A download attempt * 1:301227 <-> MALWARE-OTHER Backdoor.Java.Adwind.A download attempt * 1:301228 <-> MALWARE-OTHER Worm.JS.Proslikefan.K download attempt * 1:301229 <-> MALWARE-OTHER Trojan.Win32.Bancyn.o download attempt * 1:301230 <-> FILE-OFFICE Microsoft Office Excel ddeService command execution attempt * 1:301231 <-> MALWARE-OTHER Trojan.MacOS.Kitmos.A download attempt * 1:301232 <-> MALWARE-OTHER Backdoor.Java.Icefog.A download attempt * 1:301233 <-> MALWARE-OTHER Backdoor.Java.Adwind.C download attempt * 1:301234 <-> MALWARE-OTHER Trojan.MacOS.LaoShu.A download attempt * 1:301235 <-> MALWARE-OTHER Win.Loader.Stealc variant download attempt * 1:301236 <-> MALWARE-OTHER Backdoor.PHP.Pbot.A download attempt * 1:301237 <-> MALWARE-OTHER Trojan.Shell.Popkiomth.A download attempt * 1:301238 <-> MALWARE-OTHER Worm.VBS.Iniduoh.B download attempt * 1:301239 <-> MALWARE-OTHER Backdoor.Shell.Sharpstats.A download attempt * 1:301240 <-> MALWARE-OTHER Trojan-Downloader.JS.Ofauthin.A download attempt * 1:301241 <-> MALWARE-OTHER Trojan.Shell.Rennosmud.A download attempt * 1:301242 <-> MALWARE-OTHER Trojan.Shell.Powerstats.A download attempt * 1:301243 <-> MALWARE-OTHER Trojan.Win32.LockScreen.apr download attempt * 1:64965 <-> SERVER-MAIL Synacor Zimbra Collaboration Suite webmail classic stored cross-site scripting attempt * 1:64982 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt * 1:64983 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt * 1:64984 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt * 1:64985 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt * 1:64986 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt * 1:64987 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt * 1:64988 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt * 1:64991 <-> MALWARE-CNC Win.InfoStealer.Stealc variant outbound connection attempt * 1:64994 <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt * 1:64995 <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt * 1:64996 <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt * 3:65011 <-> FILE-PDF TRUFFLEHUNTER TALOS-2025-2202 attack attempt * 3:65012 <-> FILE-PDF TRUFFLEHUNTER TALOS-2025-2202 attack attempt * 3:65013 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2025-2193 attack attempt
* 1:50478 <-> MALWARE-TOOLS Win.Trojan.CoinMiner dropper transfer attempt * 1:50479 <-> MALWARE-TOOLS Win.Trojan.CoinMiner dropper transfer attempt * 1:64941 <-> SERVER-WEBAPP Yiiframework Yii 2 arbitrary PHP code injection attempt
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.0.3.4.
The format of the file is:
gid:sid <-> Message
* 1:301225 <-> MALWARE-OTHER Backdoor.VBS.Janicab.A download attempt * 1:301226 <-> MALWARE-OTHER Trojan.Java.Jussuc.A download attempt * 1:301227 <-> MALWARE-OTHER Backdoor.Java.Adwind.A download attempt * 1:301228 <-> MALWARE-OTHER Worm.JS.Proslikefan.K download attempt * 1:301229 <-> MALWARE-OTHER Trojan.Win32.Bancyn.o download attempt * 1:301230 <-> FILE-OFFICE Microsoft Office Excel ddeService command execution attempt * 1:301231 <-> MALWARE-OTHER Trojan.MacOS.Kitmos.A download attempt * 1:301232 <-> MALWARE-OTHER Backdoor.Java.Icefog.A download attempt * 1:301233 <-> MALWARE-OTHER Backdoor.Java.Adwind.C download attempt * 1:301234 <-> MALWARE-OTHER Trojan.MacOS.LaoShu.A download attempt * 1:301235 <-> MALWARE-OTHER Win.Loader.Stealc variant download attempt * 1:301236 <-> MALWARE-OTHER Backdoor.PHP.Pbot.A download attempt * 1:301237 <-> MALWARE-OTHER Trojan.Shell.Popkiomth.A download attempt * 1:301238 <-> MALWARE-OTHER Worm.VBS.Iniduoh.B download attempt * 1:301239 <-> MALWARE-OTHER Backdoor.Shell.Sharpstats.A download attempt * 1:301240 <-> MALWARE-OTHER Trojan-Downloader.JS.Ofauthin.A download attempt * 1:301241 <-> MALWARE-OTHER Trojan.Shell.Rennosmud.A download attempt * 1:301242 <-> MALWARE-OTHER Trojan.Shell.Powerstats.A download attempt * 1:301243 <-> MALWARE-OTHER Trojan.Win32.LockScreen.apr download attempt * 1:64965 <-> SERVER-MAIL Synacor Zimbra Collaboration Suite webmail classic stored cross-site scripting attempt * 1:64982 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt * 1:64983 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt * 1:64984 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt * 1:64985 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt * 1:64986 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt * 1:64987 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt * 1:64988 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt * 1:64991 <-> MALWARE-CNC Win.InfoStealer.Stealc variant outbound connection attempt * 1:64994 <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt * 1:64995 <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt * 1:64996 <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt * 3:65011 <-> FILE-PDF TRUFFLEHUNTER TALOS-2025-2202 attack attempt * 3:65012 <-> FILE-PDF TRUFFLEHUNTER TALOS-2025-2202 attack attempt * 3:65013 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2025-2193 attack attempt
* 1:50478 <-> MALWARE-TOOLS Win.Trojan.CoinMiner dropper transfer attempt * 1:50479 <-> MALWARE-TOOLS Win.Trojan.CoinMiner dropper transfer attempt * 1:64941 <-> SERVER-WEBAPP Yiiframework Yii 2 arbitrary PHP code injection attempt
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.0.0.
The format of the file is:
gid:sid <-> Message
* 1:301225 <-> MALWARE-OTHER Backdoor.VBS.Janicab.A download attempt * 1:301226 <-> MALWARE-OTHER Trojan.Java.Jussuc.A download attempt * 1:301227 <-> MALWARE-OTHER Backdoor.Java.Adwind.A download attempt * 1:301228 <-> MALWARE-OTHER Worm.JS.Proslikefan.K download attempt * 1:301229 <-> MALWARE-OTHER Trojan.Win32.Bancyn.o download attempt * 1:301230 <-> FILE-OFFICE Microsoft Office Excel ddeService command execution attempt * 1:301231 <-> MALWARE-OTHER Trojan.MacOS.Kitmos.A download attempt * 1:301232 <-> MALWARE-OTHER Backdoor.Java.Icefog.A download attempt * 1:301233 <-> MALWARE-OTHER Backdoor.Java.Adwind.C download attempt * 1:301234 <-> MALWARE-OTHER Trojan.MacOS.LaoShu.A download attempt * 1:301235 <-> MALWARE-OTHER Win.Loader.Stealc variant download attempt * 1:301236 <-> MALWARE-OTHER Backdoor.PHP.Pbot.A download attempt * 1:301237 <-> MALWARE-OTHER Trojan.Shell.Popkiomth.A download attempt * 1:301238 <-> MALWARE-OTHER Worm.VBS.Iniduoh.B download attempt * 1:301239 <-> MALWARE-OTHER Backdoor.Shell.Sharpstats.A download attempt * 1:301240 <-> MALWARE-OTHER Trojan-Downloader.JS.Ofauthin.A download attempt * 1:301241 <-> MALWARE-OTHER Trojan.Shell.Rennosmud.A download attempt * 1:301242 <-> MALWARE-OTHER Trojan.Shell.Powerstats.A download attempt * 1:301243 <-> MALWARE-OTHER Trojan.Win32.LockScreen.apr download attempt * 1:64965 <-> SERVER-MAIL Synacor Zimbra Collaboration Suite webmail classic stored cross-site scripting attempt * 1:64982 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt * 1:64983 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt * 1:64984 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt * 1:64985 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt * 1:64986 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt * 1:64987 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt * 1:64988 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt * 1:64991 <-> MALWARE-CNC Win.InfoStealer.Stealc variant outbound connection attempt * 1:64994 <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt * 1:64995 <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt * 1:64996 <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt * 3:65011 <-> FILE-PDF TRUFFLEHUNTER TALOS-2025-2202 attack attempt * 3:65012 <-> FILE-PDF TRUFFLEHUNTER TALOS-2025-2202 attack attempt * 3:65013 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2025-2193 attack attempt
* 1:50478 <-> MALWARE-TOOLS Win.Trojan.CoinMiner dropper transfer attempt * 1:50479 <-> MALWARE-TOOLS Win.Trojan.CoinMiner dropper transfer attempt * 1:64941 <-> SERVER-WEBAPP Yiiframework Yii 2 arbitrary PHP code injection attempt
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.0.1.
The format of the file is:
gid:sid <-> Message
* 1:301225 <-> MALWARE-OTHER Backdoor.VBS.Janicab.A download attempt * 1:301226 <-> MALWARE-OTHER Trojan.Java.Jussuc.A download attempt * 1:301227 <-> MALWARE-OTHER Backdoor.Java.Adwind.A download attempt * 1:301228 <-> MALWARE-OTHER Worm.JS.Proslikefan.K download attempt * 1:301229 <-> MALWARE-OTHER Trojan.Win32.Bancyn.o download attempt * 1:301230 <-> FILE-OFFICE Microsoft Office Excel ddeService command execution attempt * 1:301231 <-> MALWARE-OTHER Trojan.MacOS.Kitmos.A download attempt * 1:301232 <-> MALWARE-OTHER Backdoor.Java.Icefog.A download attempt * 1:301233 <-> MALWARE-OTHER Backdoor.Java.Adwind.C download attempt * 1:301234 <-> MALWARE-OTHER Trojan.MacOS.LaoShu.A download attempt * 1:301235 <-> MALWARE-OTHER Win.Loader.Stealc variant download attempt * 1:301236 <-> MALWARE-OTHER Backdoor.PHP.Pbot.A download attempt * 1:301237 <-> MALWARE-OTHER Trojan.Shell.Popkiomth.A download attempt * 1:301238 <-> MALWARE-OTHER Worm.VBS.Iniduoh.B download attempt * 1:301239 <-> MALWARE-OTHER Backdoor.Shell.Sharpstats.A download attempt * 1:301240 <-> MALWARE-OTHER Trojan-Downloader.JS.Ofauthin.A download attempt * 1:301241 <-> MALWARE-OTHER Trojan.Shell.Rennosmud.A download attempt * 1:301242 <-> MALWARE-OTHER Trojan.Shell.Powerstats.A download attempt * 1:301243 <-> MALWARE-OTHER Trojan.Win32.LockScreen.apr download attempt * 1:64965 <-> SERVER-MAIL Synacor Zimbra Collaboration Suite webmail classic stored cross-site scripting attempt * 1:64982 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt * 1:64983 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt * 1:64984 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt * 1:64985 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt * 1:64986 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt * 1:64987 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt * 1:64988 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt * 1:64991 <-> MALWARE-CNC Win.InfoStealer.Stealc variant outbound connection attempt * 1:64994 <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt * 1:64995 <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt * 1:64996 <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt * 3:65011 <-> FILE-PDF TRUFFLEHUNTER TALOS-2025-2202 attack attempt * 3:65012 <-> FILE-PDF TRUFFLEHUNTER TALOS-2025-2202 attack attempt * 3:65013 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2025-2193 attack attempt
* 1:50478 <-> MALWARE-TOOLS Win.Trojan.CoinMiner dropper transfer attempt * 1:50479 <-> MALWARE-TOOLS Win.Trojan.CoinMiner dropper transfer attempt * 1:64941 <-> SERVER-WEBAPP Yiiframework Yii 2 arbitrary PHP code injection attempt
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.1.0.
The format of the file is:
gid:sid <-> Message
* 1:301225 <-> MALWARE-OTHER Backdoor.VBS.Janicab.A download attempt * 1:301226 <-> MALWARE-OTHER Trojan.Java.Jussuc.A download attempt * 1:301227 <-> MALWARE-OTHER Backdoor.Java.Adwind.A download attempt * 1:301228 <-> MALWARE-OTHER Worm.JS.Proslikefan.K download attempt * 1:301229 <-> MALWARE-OTHER Trojan.Win32.Bancyn.o download attempt * 1:301230 <-> FILE-OFFICE Microsoft Office Excel ddeService command execution attempt * 1:301231 <-> MALWARE-OTHER Trojan.MacOS.Kitmos.A download attempt * 1:301232 <-> MALWARE-OTHER Backdoor.Java.Icefog.A download attempt * 1:301233 <-> MALWARE-OTHER Backdoor.Java.Adwind.C download attempt * 1:301234 <-> MALWARE-OTHER Trojan.MacOS.LaoShu.A download attempt * 1:301235 <-> MALWARE-OTHER Win.Loader.Stealc variant download attempt * 1:301236 <-> MALWARE-OTHER Backdoor.PHP.Pbot.A download attempt * 1:301237 <-> MALWARE-OTHER Trojan.Shell.Popkiomth.A download attempt * 1:301238 <-> MALWARE-OTHER Worm.VBS.Iniduoh.B download attempt * 1:301239 <-> MALWARE-OTHER Backdoor.Shell.Sharpstats.A download attempt * 1:301240 <-> MALWARE-OTHER Trojan-Downloader.JS.Ofauthin.A download attempt * 1:301241 <-> MALWARE-OTHER Trojan.Shell.Rennosmud.A download attempt * 1:301242 <-> MALWARE-OTHER Trojan.Shell.Powerstats.A download attempt * 1:301243 <-> MALWARE-OTHER Trojan.Win32.LockScreen.apr download attempt * 1:64965 <-> SERVER-MAIL Synacor Zimbra Collaboration Suite webmail classic stored cross-site scripting attempt * 1:64982 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt * 1:64983 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt * 1:64984 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt * 1:64985 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt * 1:64986 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt * 1:64987 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt * 1:64988 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt * 1:64991 <-> MALWARE-CNC Win.InfoStealer.Stealc variant outbound connection attempt * 1:64994 <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt * 1:64995 <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt * 1:64996 <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt * 3:65011 <-> FILE-PDF TRUFFLEHUNTER TALOS-2025-2202 attack attempt * 3:65012 <-> FILE-PDF TRUFFLEHUNTER TALOS-2025-2202 attack attempt * 3:65013 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2025-2193 attack attempt
* 1:50478 <-> MALWARE-TOOLS Win.Trojan.CoinMiner dropper transfer attempt * 1:50479 <-> MALWARE-TOOLS Win.Trojan.CoinMiner dropper transfer attempt * 1:64941 <-> SERVER-WEBAPP Yiiframework Yii 2 arbitrary PHP code injection attempt
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.3.0.
The format of the file is:
gid:sid <-> Message
* 1:301225 <-> MALWARE-OTHER Backdoor.VBS.Janicab.A download attempt * 1:301226 <-> MALWARE-OTHER Trojan.Java.Jussuc.A download attempt * 1:301227 <-> MALWARE-OTHER Backdoor.Java.Adwind.A download attempt * 1:301228 <-> MALWARE-OTHER Worm.JS.Proslikefan.K download attempt * 1:301229 <-> MALWARE-OTHER Trojan.Win32.Bancyn.o download attempt * 1:301230 <-> FILE-OFFICE Microsoft Office Excel ddeService command execution attempt * 1:301231 <-> MALWARE-OTHER Trojan.MacOS.Kitmos.A download attempt * 1:301232 <-> MALWARE-OTHER Backdoor.Java.Icefog.A download attempt * 1:301233 <-> MALWARE-OTHER Backdoor.Java.Adwind.C download attempt * 1:301234 <-> MALWARE-OTHER Trojan.MacOS.LaoShu.A download attempt * 1:301235 <-> MALWARE-OTHER Win.Loader.Stealc variant download attempt * 1:301236 <-> MALWARE-OTHER Backdoor.PHP.Pbot.A download attempt * 1:301237 <-> MALWARE-OTHER Trojan.Shell.Popkiomth.A download attempt * 1:301238 <-> MALWARE-OTHER Worm.VBS.Iniduoh.B download attempt * 1:301239 <-> MALWARE-OTHER Backdoor.Shell.Sharpstats.A download attempt * 1:301240 <-> MALWARE-OTHER Trojan-Downloader.JS.Ofauthin.A download attempt * 1:301241 <-> MALWARE-OTHER Trojan.Shell.Rennosmud.A download attempt * 1:301242 <-> MALWARE-OTHER Trojan.Shell.Powerstats.A download attempt * 1:301243 <-> MALWARE-OTHER Trojan.Win32.LockScreen.apr download attempt * 1:64965 <-> SERVER-MAIL Synacor Zimbra Collaboration Suite webmail classic stored cross-site scripting attempt * 1:64982 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt * 1:64983 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt * 1:64984 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt * 1:64985 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt * 1:64986 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt * 1:64987 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt * 1:64988 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt * 1:64991 <-> MALWARE-CNC Win.InfoStealer.Stealc variant outbound connection attempt * 1:64994 <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt * 1:64995 <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt * 1:64996 <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt * 3:65011 <-> FILE-PDF TRUFFLEHUNTER TALOS-2025-2202 attack attempt * 3:65012 <-> FILE-PDF TRUFFLEHUNTER TALOS-2025-2202 attack attempt * 3:65013 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2025-2193 attack attempt
* 1:50478 <-> MALWARE-TOOLS Win.Trojan.CoinMiner dropper transfer attempt * 1:50479 <-> MALWARE-TOOLS Win.Trojan.CoinMiner dropper transfer attempt * 1:64941 <-> SERVER-WEBAPP Yiiframework Yii 2 arbitrary PHP code injection attempt
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.4.0.
The format of the file is:
gid:sid <-> Message
* 1:301225 <-> MALWARE-OTHER Backdoor.VBS.Janicab.A download attempt * 1:301226 <-> MALWARE-OTHER Trojan.Java.Jussuc.A download attempt * 1:301227 <-> MALWARE-OTHER Backdoor.Java.Adwind.A download attempt * 1:301228 <-> MALWARE-OTHER Worm.JS.Proslikefan.K download attempt * 1:301229 <-> MALWARE-OTHER Trojan.Win32.Bancyn.o download attempt * 1:301230 <-> FILE-OFFICE Microsoft Office Excel ddeService command execution attempt * 1:301231 <-> MALWARE-OTHER Trojan.MacOS.Kitmos.A download attempt * 1:301232 <-> MALWARE-OTHER Backdoor.Java.Icefog.A download attempt * 1:301233 <-> MALWARE-OTHER Backdoor.Java.Adwind.C download attempt * 1:301234 <-> MALWARE-OTHER Trojan.MacOS.LaoShu.A download attempt * 1:301235 <-> MALWARE-OTHER Win.Loader.Stealc variant download attempt * 1:301236 <-> MALWARE-OTHER Backdoor.PHP.Pbot.A download attempt * 1:301237 <-> MALWARE-OTHER Trojan.Shell.Popkiomth.A download attempt * 1:301238 <-> MALWARE-OTHER Worm.VBS.Iniduoh.B download attempt * 1:301239 <-> MALWARE-OTHER Backdoor.Shell.Sharpstats.A download attempt * 1:301240 <-> MALWARE-OTHER Trojan-Downloader.JS.Ofauthin.A download attempt * 1:301241 <-> MALWARE-OTHER Trojan.Shell.Rennosmud.A download attempt * 1:301242 <-> MALWARE-OTHER Trojan.Shell.Powerstats.A download attempt * 1:301243 <-> MALWARE-OTHER Trojan.Win32.LockScreen.apr download attempt * 1:64965 <-> SERVER-MAIL Synacor Zimbra Collaboration Suite webmail classic stored cross-site scripting attempt * 1:64982 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt * 1:64983 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt * 1:64984 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt * 1:64985 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt * 1:64986 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt * 1:64987 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt * 1:64988 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt * 1:64991 <-> MALWARE-CNC Win.InfoStealer.Stealc variant outbound connection attempt * 1:64994 <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt * 1:64995 <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt * 1:64996 <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt * 3:65011 <-> FILE-PDF TRUFFLEHUNTER TALOS-2025-2202 attack attempt * 3:65012 <-> FILE-PDF TRUFFLEHUNTER TALOS-2025-2202 attack attempt * 3:65013 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2025-2193 attack attempt
* 1:50478 <-> MALWARE-TOOLS Win.Trojan.CoinMiner dropper transfer attempt * 1:50479 <-> MALWARE-TOOLS Win.Trojan.CoinMiner dropper transfer attempt * 1:64941 <-> SERVER-WEBAPP Yiiframework Yii 2 arbitrary PHP code injection attempt
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.5.0.
The format of the file is:
gid:sid <-> Message
* 1:301225 <-> MALWARE-OTHER Backdoor.VBS.Janicab.A download attempt * 1:301226 <-> MALWARE-OTHER Trojan.Java.Jussuc.A download attempt * 1:301227 <-> MALWARE-OTHER Backdoor.Java.Adwind.A download attempt * 1:301228 <-> MALWARE-OTHER Worm.JS.Proslikefan.K download attempt * 1:301229 <-> MALWARE-OTHER Trojan.Win32.Bancyn.o download attempt * 1:301230 <-> FILE-OFFICE Microsoft Office Excel ddeService command execution attempt * 1:301231 <-> MALWARE-OTHER Trojan.MacOS.Kitmos.A download attempt * 1:301232 <-> MALWARE-OTHER Backdoor.Java.Icefog.A download attempt * 1:301233 <-> MALWARE-OTHER Backdoor.Java.Adwind.C download attempt * 1:301234 <-> MALWARE-OTHER Trojan.MacOS.LaoShu.A download attempt * 1:301235 <-> MALWARE-OTHER Win.Loader.Stealc variant download attempt * 1:301236 <-> MALWARE-OTHER Backdoor.PHP.Pbot.A download attempt * 1:301237 <-> MALWARE-OTHER Trojan.Shell.Popkiomth.A download attempt * 1:301238 <-> MALWARE-OTHER Worm.VBS.Iniduoh.B download attempt * 1:301239 <-> MALWARE-OTHER Backdoor.Shell.Sharpstats.A download attempt * 1:301240 <-> MALWARE-OTHER Trojan-Downloader.JS.Ofauthin.A download attempt * 1:301241 <-> MALWARE-OTHER Trojan.Shell.Rennosmud.A download attempt * 1:301242 <-> MALWARE-OTHER Trojan.Shell.Powerstats.A download attempt * 1:301243 <-> MALWARE-OTHER Trojan.Win32.LockScreen.apr download attempt * 1:64965 <-> SERVER-MAIL Synacor Zimbra Collaboration Suite webmail classic stored cross-site scripting attempt * 1:64982 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt * 1:64983 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt * 1:64984 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt * 1:64985 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt * 1:64986 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt * 1:64987 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt * 1:64988 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt * 1:64991 <-> MALWARE-CNC Win.InfoStealer.Stealc variant outbound connection attempt * 1:64994 <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt * 1:64995 <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt * 1:64996 <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt * 3:65011 <-> FILE-PDF TRUFFLEHUNTER TALOS-2025-2202 attack attempt * 3:65012 <-> FILE-PDF TRUFFLEHUNTER TALOS-2025-2202 attack attempt * 3:65013 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2025-2193 attack attempt
* 1:50478 <-> MALWARE-TOOLS Win.Trojan.CoinMiner dropper transfer attempt * 1:50479 <-> MALWARE-TOOLS Win.Trojan.CoinMiner dropper transfer attempt * 1:64941 <-> SERVER-WEBAPP Yiiframework Yii 2 arbitrary PHP code injection attempt
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.7.0.
The format of the file is:
gid:sid <-> Message
* 1:301225 <-> MALWARE-OTHER Backdoor.VBS.Janicab.A download attempt * 1:301226 <-> MALWARE-OTHER Trojan.Java.Jussuc.A download attempt * 1:301227 <-> MALWARE-OTHER Backdoor.Java.Adwind.A download attempt * 1:301228 <-> MALWARE-OTHER Worm.JS.Proslikefan.K download attempt * 1:301229 <-> MALWARE-OTHER Trojan.Win32.Bancyn.o download attempt * 1:301230 <-> FILE-OFFICE Microsoft Office Excel ddeService command execution attempt * 1:301231 <-> MALWARE-OTHER Trojan.MacOS.Kitmos.A download attempt * 1:301232 <-> MALWARE-OTHER Backdoor.Java.Icefog.A download attempt * 1:301233 <-> MALWARE-OTHER Backdoor.Java.Adwind.C download attempt * 1:301234 <-> MALWARE-OTHER Trojan.MacOS.LaoShu.A download attempt * 1:301235 <-> MALWARE-OTHER Win.Loader.Stealc variant download attempt * 1:301236 <-> MALWARE-OTHER Backdoor.PHP.Pbot.A download attempt * 1:301237 <-> MALWARE-OTHER Trojan.Shell.Popkiomth.A download attempt * 1:301238 <-> MALWARE-OTHER Worm.VBS.Iniduoh.B download attempt * 1:301239 <-> MALWARE-OTHER Backdoor.Shell.Sharpstats.A download attempt * 1:301240 <-> MALWARE-OTHER Trojan-Downloader.JS.Ofauthin.A download attempt * 1:301241 <-> MALWARE-OTHER Trojan.Shell.Rennosmud.A download attempt * 1:301242 <-> MALWARE-OTHER Trojan.Shell.Powerstats.A download attempt * 1:301243 <-> MALWARE-OTHER Trojan.Win32.LockScreen.apr download attempt * 1:64965 <-> SERVER-MAIL Synacor Zimbra Collaboration Suite webmail classic stored cross-site scripting attempt * 1:64982 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt * 1:64983 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt * 1:64984 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt * 1:64985 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt * 1:64986 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt * 1:64987 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt * 1:64988 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt * 1:64991 <-> MALWARE-CNC Win.InfoStealer.Stealc variant outbound connection attempt * 1:64994 <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt * 1:64995 <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt * 1:64996 <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt * 3:65011 <-> FILE-PDF TRUFFLEHUNTER TALOS-2025-2202 attack attempt * 3:65012 <-> FILE-PDF TRUFFLEHUNTER TALOS-2025-2202 attack attempt * 3:65013 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2025-2193 attack attempt
* 1:50478 <-> MALWARE-TOOLS Win.Trojan.CoinMiner dropper transfer attempt * 1:50479 <-> MALWARE-TOOLS Win.Trojan.CoinMiner dropper transfer attempt * 1:64941 <-> SERVER-WEBAPP Yiiframework Yii 2 arbitrary PHP code injection attempt
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.9.0.
The format of the file is:
gid:sid <-> Message
* 1:301225 <-> MALWARE-OTHER Backdoor.VBS.Janicab.A download attempt * 1:301226 <-> MALWARE-OTHER Trojan.Java.Jussuc.A download attempt * 1:301227 <-> MALWARE-OTHER Backdoor.Java.Adwind.A download attempt * 1:301228 <-> MALWARE-OTHER Worm.JS.Proslikefan.K download attempt * 1:301229 <-> MALWARE-OTHER Trojan.Win32.Bancyn.o download attempt * 1:301230 <-> FILE-OFFICE Microsoft Office Excel ddeService command execution attempt * 1:301231 <-> MALWARE-OTHER Trojan.MacOS.Kitmos.A download attempt * 1:301232 <-> MALWARE-OTHER Backdoor.Java.Icefog.A download attempt * 1:301233 <-> MALWARE-OTHER Backdoor.Java.Adwind.C download attempt * 1:301234 <-> MALWARE-OTHER Trojan.MacOS.LaoShu.A download attempt * 1:301235 <-> MALWARE-OTHER Win.Loader.Stealc variant download attempt * 1:301236 <-> MALWARE-OTHER Backdoor.PHP.Pbot.A download attempt * 1:301237 <-> MALWARE-OTHER Trojan.Shell.Popkiomth.A download attempt * 1:301238 <-> MALWARE-OTHER Worm.VBS.Iniduoh.B download attempt * 1:301239 <-> MALWARE-OTHER Backdoor.Shell.Sharpstats.A download attempt * 1:301240 <-> MALWARE-OTHER Trojan-Downloader.JS.Ofauthin.A download attempt * 1:301241 <-> MALWARE-OTHER Trojan.Shell.Rennosmud.A download attempt * 1:301242 <-> MALWARE-OTHER Trojan.Shell.Powerstats.A download attempt * 1:301243 <-> MALWARE-OTHER Trojan.Win32.LockScreen.apr download attempt * 1:64965 <-> SERVER-MAIL Synacor Zimbra Collaboration Suite webmail classic stored cross-site scripting attempt * 1:64982 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt * 1:64983 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt * 1:64984 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt * 1:64985 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt * 1:64986 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt * 1:64987 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt * 1:64988 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt * 1:64991 <-> MALWARE-CNC Win.InfoStealer.Stealc variant outbound connection attempt * 1:64994 <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt * 1:64995 <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt * 1:64996 <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt * 3:65011 <-> FILE-PDF TRUFFLEHUNTER TALOS-2025-2202 attack attempt * 3:65012 <-> FILE-PDF TRUFFLEHUNTER TALOS-2025-2202 attack attempt * 3:65013 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2025-2193 attack attempt
* 1:50478 <-> MALWARE-TOOLS Win.Trojan.CoinMiner dropper transfer attempt * 1:50479 <-> MALWARE-TOOLS Win.Trojan.CoinMiner dropper transfer attempt * 1:64941 <-> SERVER-WEBAPP Yiiframework Yii 2 arbitrary PHP code injection attempt
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.2.0.0.
The format of the file is:
gid:sid <-> Message
* 1:301225 <-> MALWARE-OTHER Backdoor.VBS.Janicab.A download attempt * 1:301226 <-> MALWARE-OTHER Trojan.Java.Jussuc.A download attempt * 1:301227 <-> MALWARE-OTHER Backdoor.Java.Adwind.A download attempt * 1:301228 <-> MALWARE-OTHER Worm.JS.Proslikefan.K download attempt * 1:301229 <-> MALWARE-OTHER Trojan.Win32.Bancyn.o download attempt * 1:301230 <-> FILE-OFFICE Microsoft Office Excel ddeService command execution attempt * 1:301231 <-> MALWARE-OTHER Trojan.MacOS.Kitmos.A download attempt * 1:301232 <-> MALWARE-OTHER Backdoor.Java.Icefog.A download attempt * 1:301233 <-> MALWARE-OTHER Backdoor.Java.Adwind.C download attempt * 1:301234 <-> MALWARE-OTHER Trojan.MacOS.LaoShu.A download attempt * 1:301235 <-> MALWARE-OTHER Win.Loader.Stealc variant download attempt * 1:301236 <-> MALWARE-OTHER Backdoor.PHP.Pbot.A download attempt * 1:301237 <-> MALWARE-OTHER Trojan.Shell.Popkiomth.A download attempt * 1:301238 <-> MALWARE-OTHER Worm.VBS.Iniduoh.B download attempt * 1:301239 <-> MALWARE-OTHER Backdoor.Shell.Sharpstats.A download attempt * 1:301240 <-> MALWARE-OTHER Trojan-Downloader.JS.Ofauthin.A download attempt * 1:301241 <-> MALWARE-OTHER Trojan.Shell.Rennosmud.A download attempt * 1:301242 <-> MALWARE-OTHER Trojan.Shell.Powerstats.A download attempt * 1:301243 <-> MALWARE-OTHER Trojan.Win32.LockScreen.apr download attempt * 1:64965 <-> SERVER-MAIL Synacor Zimbra Collaboration Suite webmail classic stored cross-site scripting attempt * 1:64982 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt * 1:64983 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt * 1:64984 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt * 1:64985 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt * 1:64986 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt * 1:64987 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt * 1:64988 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt * 1:64991 <-> MALWARE-CNC Win.InfoStealer.Stealc variant outbound connection attempt * 1:64994 <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt * 1:64995 <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt * 1:64996 <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt * 3:65011 <-> FILE-PDF TRUFFLEHUNTER TALOS-2025-2202 attack attempt * 3:65012 <-> FILE-PDF TRUFFLEHUNTER TALOS-2025-2202 attack attempt * 3:65013 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2025-2193 attack attempt
* 1:50478 <-> MALWARE-TOOLS Win.Trojan.CoinMiner dropper transfer attempt * 1:50479 <-> MALWARE-TOOLS Win.Trojan.CoinMiner dropper transfer attempt * 1:64941 <-> SERVER-WEBAPP Yiiframework Yii 2 arbitrary PHP code injection attempt
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.7.0.0.
The format of the file is:
gid:sid <-> Message
* 1:301225 <-> MALWARE-OTHER Backdoor.VBS.Janicab.A download attempt * 1:301226 <-> MALWARE-OTHER Trojan.Java.Jussuc.A download attempt * 1:301227 <-> MALWARE-OTHER Backdoor.Java.Adwind.A download attempt * 1:301228 <-> MALWARE-OTHER Worm.JS.Proslikefan.K download attempt * 1:301229 <-> MALWARE-OTHER Trojan.Win32.Bancyn.o download attempt * 1:301230 <-> FILE-OFFICE Microsoft Office Excel ddeService command execution attempt * 1:301231 <-> MALWARE-OTHER Trojan.MacOS.Kitmos.A download attempt * 1:301232 <-> MALWARE-OTHER Backdoor.Java.Icefog.A download attempt * 1:301233 <-> MALWARE-OTHER Backdoor.Java.Adwind.C download attempt * 1:301234 <-> MALWARE-OTHER Trojan.MacOS.LaoShu.A download attempt * 1:301235 <-> MALWARE-OTHER Win.Loader.Stealc variant download attempt * 1:301236 <-> MALWARE-OTHER Backdoor.PHP.Pbot.A download attempt * 1:301237 <-> MALWARE-OTHER Trojan.Shell.Popkiomth.A download attempt * 1:301238 <-> MALWARE-OTHER Worm.VBS.Iniduoh.B download attempt * 1:301239 <-> MALWARE-OTHER Backdoor.Shell.Sharpstats.A download attempt * 1:301240 <-> MALWARE-OTHER Trojan-Downloader.JS.Ofauthin.A download attempt * 1:301241 <-> MALWARE-OTHER Trojan.Shell.Rennosmud.A download attempt * 1:301242 <-> MALWARE-OTHER Trojan.Shell.Powerstats.A download attempt * 1:301243 <-> MALWARE-OTHER Trojan.Win32.LockScreen.apr download attempt * 1:64965 <-> SERVER-MAIL Synacor Zimbra Collaboration Suite webmail classic stored cross-site scripting attempt * 1:64982 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt * 1:64983 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt * 1:64984 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt * 1:64985 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt * 1:64986 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt * 1:64987 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt * 1:64988 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt * 1:64991 <-> MALWARE-CNC Win.InfoStealer.Stealc variant outbound connection attempt * 1:64994 <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt * 1:64995 <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt * 1:64996 <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt * 3:65011 <-> FILE-PDF TRUFFLEHUNTER TALOS-2025-2202 attack attempt * 3:65012 <-> FILE-PDF TRUFFLEHUNTER TALOS-2025-2202 attack attempt * 3:65013 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2025-2193 attack attempt
* 1:50478 <-> MALWARE-TOOLS Win.Trojan.CoinMiner dropper transfer attempt * 1:50479 <-> MALWARE-TOOLS Win.Trojan.CoinMiner dropper transfer attempt * 1:64941 <-> SERVER-WEBAPP Yiiframework Yii 2 arbitrary PHP code injection attempt
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.11.0.
The format of the file is:
gid:sid <-> Message
* 1:301225 <-> MALWARE-OTHER Backdoor.VBS.Janicab.A download attempt * 1:301226 <-> MALWARE-OTHER Trojan.Java.Jussuc.A download attempt * 1:301227 <-> MALWARE-OTHER Backdoor.Java.Adwind.A download attempt * 1:301228 <-> MALWARE-OTHER Worm.JS.Proslikefan.K download attempt * 1:301229 <-> MALWARE-OTHER Trojan.Win32.Bancyn.o download attempt * 1:301230 <-> FILE-OFFICE Microsoft Office Excel ddeService command execution attempt * 1:301231 <-> MALWARE-OTHER Trojan.MacOS.Kitmos.A download attempt * 1:301232 <-> MALWARE-OTHER Backdoor.Java.Icefog.A download attempt * 1:301233 <-> MALWARE-OTHER Backdoor.Java.Adwind.C download attempt * 1:301234 <-> MALWARE-OTHER Trojan.MacOS.LaoShu.A download attempt * 1:301235 <-> MALWARE-OTHER Win.Loader.Stealc variant download attempt * 1:301236 <-> MALWARE-OTHER Backdoor.PHP.Pbot.A download attempt * 1:301237 <-> MALWARE-OTHER Trojan.Shell.Popkiomth.A download attempt * 1:301238 <-> MALWARE-OTHER Worm.VBS.Iniduoh.B download attempt * 1:301239 <-> MALWARE-OTHER Backdoor.Shell.Sharpstats.A download attempt * 1:301240 <-> MALWARE-OTHER Trojan-Downloader.JS.Ofauthin.A download attempt * 1:301241 <-> MALWARE-OTHER Trojan.Shell.Rennosmud.A download attempt * 1:301242 <-> MALWARE-OTHER Trojan.Shell.Powerstats.A download attempt * 1:301243 <-> MALWARE-OTHER Trojan.Win32.LockScreen.apr download attempt * 1:64965 <-> SERVER-MAIL Synacor Zimbra Collaboration Suite webmail classic stored cross-site scripting attempt * 1:64982 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt * 1:64983 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt * 1:64984 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt * 1:64985 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt * 1:64986 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt * 1:64987 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt * 1:64988 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt * 1:64991 <-> MALWARE-CNC Win.InfoStealer.Stealc variant outbound connection attempt * 1:64994 <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt * 1:64995 <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt * 1:64996 <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt * 3:65011 <-> FILE-PDF TRUFFLEHUNTER TALOS-2025-2202 attack attempt * 3:65012 <-> FILE-PDF TRUFFLEHUNTER TALOS-2025-2202 attack attempt * 3:65013 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2025-2193 attack attempt
* 1:50478 <-> MALWARE-TOOLS Win.Trojan.CoinMiner dropper transfer attempt * 1:50479 <-> MALWARE-TOOLS Win.Trojan.CoinMiner dropper transfer attempt * 1:64941 <-> SERVER-WEBAPP Yiiframework Yii 2 arbitrary PHP code injection attempt
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.15.0.
The format of the file is:
gid:sid <-> Message
* 1:301225 <-> MALWARE-OTHER Backdoor.VBS.Janicab.A download attempt * 1:301226 <-> MALWARE-OTHER Trojan.Java.Jussuc.A download attempt * 1:301227 <-> MALWARE-OTHER Backdoor.Java.Adwind.A download attempt * 1:301228 <-> MALWARE-OTHER Worm.JS.Proslikefan.K download attempt * 1:301229 <-> MALWARE-OTHER Trojan.Win32.Bancyn.o download attempt * 1:301230 <-> FILE-OFFICE Microsoft Office Excel ddeService command execution attempt * 1:301231 <-> MALWARE-OTHER Trojan.MacOS.Kitmos.A download attempt * 1:301232 <-> MALWARE-OTHER Backdoor.Java.Icefog.A download attempt * 1:301233 <-> MALWARE-OTHER Backdoor.Java.Adwind.C download attempt * 1:301234 <-> MALWARE-OTHER Trojan.MacOS.LaoShu.A download attempt * 1:301235 <-> MALWARE-OTHER Win.Loader.Stealc variant download attempt * 1:301236 <-> MALWARE-OTHER Backdoor.PHP.Pbot.A download attempt * 1:301237 <-> MALWARE-OTHER Trojan.Shell.Popkiomth.A download attempt * 1:301238 <-> MALWARE-OTHER Worm.VBS.Iniduoh.B download attempt * 1:301239 <-> MALWARE-OTHER Backdoor.Shell.Sharpstats.A download attempt * 1:301240 <-> MALWARE-OTHER Trojan-Downloader.JS.Ofauthin.A download attempt * 1:301241 <-> MALWARE-OTHER Trojan.Shell.Rennosmud.A download attempt * 1:301242 <-> MALWARE-OTHER Trojan.Shell.Powerstats.A download attempt * 1:301243 <-> MALWARE-OTHER Trojan.Win32.LockScreen.apr download attempt * 1:64965 <-> SERVER-MAIL Synacor Zimbra Collaboration Suite webmail classic stored cross-site scripting attempt * 1:64982 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt * 1:64983 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt * 1:64984 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt * 1:64985 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt * 1:64986 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt * 1:64987 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt * 1:64988 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt * 1:64991 <-> MALWARE-CNC Win.InfoStealer.Stealc variant outbound connection attempt * 1:64994 <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt * 1:64995 <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt * 1:64996 <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt * 3:65011 <-> FILE-PDF TRUFFLEHUNTER TALOS-2025-2202 attack attempt * 3:65012 <-> FILE-PDF TRUFFLEHUNTER TALOS-2025-2202 attack attempt * 3:65013 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2025-2193 attack attempt
* 1:50478 <-> MALWARE-TOOLS Win.Trojan.CoinMiner dropper transfer attempt * 1:50479 <-> MALWARE-TOOLS Win.Trojan.CoinMiner dropper transfer attempt * 1:64941 <-> SERVER-WEBAPP Yiiframework Yii 2 arbitrary PHP code injection attempt
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.18.0.
The format of the file is:
gid:sid <-> Message
* 1:301225 <-> MALWARE-OTHER Backdoor.VBS.Janicab.A download attempt * 1:301226 <-> MALWARE-OTHER Trojan.Java.Jussuc.A download attempt * 1:301227 <-> MALWARE-OTHER Backdoor.Java.Adwind.A download attempt * 1:301228 <-> MALWARE-OTHER Worm.JS.Proslikefan.K download attempt * 1:301229 <-> MALWARE-OTHER Trojan.Win32.Bancyn.o download attempt * 1:301230 <-> FILE-OFFICE Microsoft Office Excel ddeService command execution attempt * 1:301231 <-> MALWARE-OTHER Trojan.MacOS.Kitmos.A download attempt * 1:301232 <-> MALWARE-OTHER Backdoor.Java.Icefog.A download attempt * 1:301233 <-> MALWARE-OTHER Backdoor.Java.Adwind.C download attempt * 1:301234 <-> MALWARE-OTHER Trojan.MacOS.LaoShu.A download attempt * 1:301235 <-> MALWARE-OTHER Win.Loader.Stealc variant download attempt * 1:301236 <-> MALWARE-OTHER Backdoor.PHP.Pbot.A download attempt * 1:301237 <-> MALWARE-OTHER Trojan.Shell.Popkiomth.A download attempt * 1:301238 <-> MALWARE-OTHER Worm.VBS.Iniduoh.B download attempt * 1:301239 <-> MALWARE-OTHER Backdoor.Shell.Sharpstats.A download attempt * 1:301240 <-> MALWARE-OTHER Trojan-Downloader.JS.Ofauthin.A download attempt * 1:301241 <-> MALWARE-OTHER Trojan.Shell.Rennosmud.A download attempt * 1:301242 <-> MALWARE-OTHER Trojan.Shell.Powerstats.A download attempt * 1:301243 <-> MALWARE-OTHER Trojan.Win32.LockScreen.apr download attempt * 1:64965 <-> SERVER-MAIL Synacor Zimbra Collaboration Suite webmail classic stored cross-site scripting attempt * 1:64982 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt * 1:64983 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt * 1:64984 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt * 1:64985 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt * 1:64986 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt * 1:64987 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt * 1:64988 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt * 1:64991 <-> MALWARE-CNC Win.InfoStealer.Stealc variant outbound connection attempt * 1:64994 <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt * 1:64995 <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt * 1:64996 <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt * 3:65011 <-> FILE-PDF TRUFFLEHUNTER TALOS-2025-2202 attack attempt * 3:65012 <-> FILE-PDF TRUFFLEHUNTER TALOS-2025-2202 attack attempt * 3:65013 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2025-2193 attack attempt
* 1:50478 <-> MALWARE-TOOLS Win.Trojan.CoinMiner dropper transfer attempt * 1:50479 <-> MALWARE-TOOLS Win.Trojan.CoinMiner dropper transfer attempt * 1:64941 <-> SERVER-WEBAPP Yiiframework Yii 2 arbitrary PHP code injection attempt
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.20.0.
The format of the file is:
gid:sid <-> Message
* 1:301225 <-> MALWARE-OTHER Backdoor.VBS.Janicab.A download attempt * 1:301226 <-> MALWARE-OTHER Trojan.Java.Jussuc.A download attempt * 1:301227 <-> MALWARE-OTHER Backdoor.Java.Adwind.A download attempt * 1:301228 <-> MALWARE-OTHER Worm.JS.Proslikefan.K download attempt * 1:301229 <-> MALWARE-OTHER Trojan.Win32.Bancyn.o download attempt * 1:301230 <-> FILE-OFFICE Microsoft Office Excel ddeService command execution attempt * 1:301231 <-> MALWARE-OTHER Trojan.MacOS.Kitmos.A download attempt * 1:301232 <-> MALWARE-OTHER Backdoor.Java.Icefog.A download attempt * 1:301233 <-> MALWARE-OTHER Backdoor.Java.Adwind.C download attempt * 1:301234 <-> MALWARE-OTHER Trojan.MacOS.LaoShu.A download attempt * 1:301235 <-> MALWARE-OTHER Win.Loader.Stealc variant download attempt * 1:301236 <-> MALWARE-OTHER Backdoor.PHP.Pbot.A download attempt * 1:301237 <-> MALWARE-OTHER Trojan.Shell.Popkiomth.A download attempt * 1:301238 <-> MALWARE-OTHER Worm.VBS.Iniduoh.B download attempt * 1:301239 <-> MALWARE-OTHER Backdoor.Shell.Sharpstats.A download attempt * 1:301240 <-> MALWARE-OTHER Trojan-Downloader.JS.Ofauthin.A download attempt * 1:301241 <-> MALWARE-OTHER Trojan.Shell.Rennosmud.A download attempt * 1:301242 <-> MALWARE-OTHER Trojan.Shell.Powerstats.A download attempt * 1:301243 <-> MALWARE-OTHER Trojan.Win32.LockScreen.apr download attempt * 1:64965 <-> SERVER-MAIL Synacor Zimbra Collaboration Suite webmail classic stored cross-site scripting attempt * 1:64982 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt * 1:64983 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt * 1:64984 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt * 1:64985 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt * 1:64986 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt * 1:64987 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt * 1:64988 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt * 1:64991 <-> MALWARE-CNC Win.InfoStealer.Stealc variant outbound connection attempt * 1:64994 <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt * 1:64995 <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt * 1:64996 <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt * 3:65011 <-> FILE-PDF TRUFFLEHUNTER TALOS-2025-2202 attack attempt * 3:65012 <-> FILE-PDF TRUFFLEHUNTER TALOS-2025-2202 attack attempt * 3:65013 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2025-2193 attack attempt
* 1:50478 <-> MALWARE-TOOLS Win.Trojan.CoinMiner dropper transfer attempt * 1:50479 <-> MALWARE-TOOLS Win.Trojan.CoinMiner dropper transfer attempt * 1:64941 <-> SERVER-WEBAPP Yiiframework Yii 2 arbitrary PHP code injection attempt
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.21.0.
The format of the file is:
gid:sid <-> Message
* 1:301225 <-> MALWARE-OTHER Backdoor.VBS.Janicab.A download attempt * 1:301226 <-> MALWARE-OTHER Trojan.Java.Jussuc.A download attempt * 1:301227 <-> MALWARE-OTHER Backdoor.Java.Adwind.A download attempt * 1:301228 <-> MALWARE-OTHER Worm.JS.Proslikefan.K download attempt * 1:301229 <-> MALWARE-OTHER Trojan.Win32.Bancyn.o download attempt * 1:301230 <-> FILE-OFFICE Microsoft Office Excel ddeService command execution attempt * 1:301231 <-> MALWARE-OTHER Trojan.MacOS.Kitmos.A download attempt * 1:301232 <-> MALWARE-OTHER Backdoor.Java.Icefog.A download attempt * 1:301233 <-> MALWARE-OTHER Backdoor.Java.Adwind.C download attempt * 1:301234 <-> MALWARE-OTHER Trojan.MacOS.LaoShu.A download attempt * 1:301235 <-> MALWARE-OTHER Win.Loader.Stealc variant download attempt * 1:301236 <-> MALWARE-OTHER Backdoor.PHP.Pbot.A download attempt * 1:301237 <-> MALWARE-OTHER Trojan.Shell.Popkiomth.A download attempt * 1:301238 <-> MALWARE-OTHER Worm.VBS.Iniduoh.B download attempt * 1:301239 <-> MALWARE-OTHER Backdoor.Shell.Sharpstats.A download attempt * 1:301240 <-> MALWARE-OTHER Trojan-Downloader.JS.Ofauthin.A download attempt * 1:301241 <-> MALWARE-OTHER Trojan.Shell.Rennosmud.A download attempt * 1:301242 <-> MALWARE-OTHER Trojan.Shell.Powerstats.A download attempt * 1:301243 <-> MALWARE-OTHER Trojan.Win32.LockScreen.apr download attempt * 1:64965 <-> SERVER-MAIL Synacor Zimbra Collaboration Suite webmail classic stored cross-site scripting attempt * 1:64982 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt * 1:64983 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt * 1:64984 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt * 1:64985 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt * 1:64986 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt * 1:64987 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt * 1:64988 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt * 1:64991 <-> MALWARE-CNC Win.InfoStealer.Stealc variant outbound connection attempt * 1:64994 <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt * 1:64995 <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt * 1:64996 <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt * 3:65011 <-> FILE-PDF TRUFFLEHUNTER TALOS-2025-2202 attack attempt * 3:65012 <-> FILE-PDF TRUFFLEHUNTER TALOS-2025-2202 attack attempt * 3:65013 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2025-2193 attack attempt
* 1:50478 <-> MALWARE-TOOLS Win.Trojan.CoinMiner dropper transfer attempt * 1:50479 <-> MALWARE-TOOLS Win.Trojan.CoinMiner dropper transfer attempt * 1:64941 <-> SERVER-WEBAPP Yiiframework Yii 2 arbitrary PHP code injection attempt
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.35.0.
The format of the file is:
gid:sid <-> Message
* 1:301225 <-> MALWARE-OTHER Backdoor.VBS.Janicab.A download attempt * 1:301226 <-> MALWARE-OTHER Trojan.Java.Jussuc.A download attempt * 1:301227 <-> MALWARE-OTHER Backdoor.Java.Adwind.A download attempt * 1:301228 <-> MALWARE-OTHER Worm.JS.Proslikefan.K download attempt * 1:301229 <-> MALWARE-OTHER Trojan.Win32.Bancyn.o download attempt * 1:301230 <-> FILE-OFFICE Microsoft Office Excel ddeService command execution attempt * 1:301231 <-> MALWARE-OTHER Trojan.MacOS.Kitmos.A download attempt * 1:301232 <-> MALWARE-OTHER Backdoor.Java.Icefog.A download attempt * 1:301233 <-> MALWARE-OTHER Backdoor.Java.Adwind.C download attempt * 1:301234 <-> MALWARE-OTHER Trojan.MacOS.LaoShu.A download attempt * 1:301235 <-> MALWARE-OTHER Win.Loader.Stealc variant download attempt * 1:301236 <-> MALWARE-OTHER Backdoor.PHP.Pbot.A download attempt * 1:301237 <-> MALWARE-OTHER Trojan.Shell.Popkiomth.A download attempt * 1:301238 <-> MALWARE-OTHER Worm.VBS.Iniduoh.B download attempt * 1:301239 <-> MALWARE-OTHER Backdoor.Shell.Sharpstats.A download attempt * 1:301240 <-> MALWARE-OTHER Trojan-Downloader.JS.Ofauthin.A download attempt * 1:301241 <-> MALWARE-OTHER Trojan.Shell.Rennosmud.A download attempt * 1:301242 <-> MALWARE-OTHER Trojan.Shell.Powerstats.A download attempt * 1:301243 <-> MALWARE-OTHER Trojan.Win32.LockScreen.apr download attempt * 1:64965 <-> SERVER-MAIL Synacor Zimbra Collaboration Suite webmail classic stored cross-site scripting attempt * 1:64982 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt * 1:64983 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt * 1:64984 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt * 1:64985 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt * 1:64986 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt * 1:64987 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt * 1:64988 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt * 1:64991 <-> MALWARE-CNC Win.InfoStealer.Stealc variant outbound connection attempt * 1:64994 <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt * 1:64995 <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt * 1:64996 <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt * 3:65011 <-> FILE-PDF TRUFFLEHUNTER TALOS-2025-2202 attack attempt * 3:65012 <-> FILE-PDF TRUFFLEHUNTER TALOS-2025-2202 attack attempt * 3:65013 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2025-2193 attack attempt
* 1:50478 <-> MALWARE-TOOLS Win.Trojan.CoinMiner dropper transfer attempt * 1:50479 <-> MALWARE-TOOLS Win.Trojan.CoinMiner dropper transfer attempt * 1:64941 <-> SERVER-WEBAPP Yiiframework Yii 2 arbitrary PHP code injection attempt
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.44.0.
The format of the file is:
gid:sid <-> Message
* 1:301225 <-> MALWARE-OTHER Backdoor.VBS.Janicab.A download attempt * 1:301226 <-> MALWARE-OTHER Trojan.Java.Jussuc.A download attempt * 1:301227 <-> MALWARE-OTHER Backdoor.Java.Adwind.A download attempt * 1:301228 <-> MALWARE-OTHER Worm.JS.Proslikefan.K download attempt * 1:301229 <-> MALWARE-OTHER Trojan.Win32.Bancyn.o download attempt * 1:301230 <-> FILE-OFFICE Microsoft Office Excel ddeService command execution attempt * 1:301231 <-> MALWARE-OTHER Trojan.MacOS.Kitmos.A download attempt * 1:301232 <-> MALWARE-OTHER Backdoor.Java.Icefog.A download attempt * 1:301233 <-> MALWARE-OTHER Backdoor.Java.Adwind.C download attempt * 1:301234 <-> MALWARE-OTHER Trojan.MacOS.LaoShu.A download attempt * 1:301235 <-> MALWARE-OTHER Win.Loader.Stealc variant download attempt * 1:301236 <-> MALWARE-OTHER Backdoor.PHP.Pbot.A download attempt * 1:301237 <-> MALWARE-OTHER Trojan.Shell.Popkiomth.A download attempt * 1:301238 <-> MALWARE-OTHER Worm.VBS.Iniduoh.B download attempt * 1:301239 <-> MALWARE-OTHER Backdoor.Shell.Sharpstats.A download attempt * 1:301240 <-> MALWARE-OTHER Trojan-Downloader.JS.Ofauthin.A download attempt * 1:301241 <-> MALWARE-OTHER Trojan.Shell.Rennosmud.A download attempt * 1:301242 <-> MALWARE-OTHER Trojan.Shell.Powerstats.A download attempt * 1:301243 <-> MALWARE-OTHER Trojan.Win32.LockScreen.apr download attempt * 1:64965 <-> SERVER-MAIL Synacor Zimbra Collaboration Suite webmail classic stored cross-site scripting attempt * 1:64982 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt * 1:64983 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt * 1:64984 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt * 1:64985 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt * 1:64986 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt * 1:64987 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt * 1:64988 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt * 1:64991 <-> MALWARE-CNC Win.InfoStealer.Stealc variant outbound connection attempt * 1:64994 <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt * 1:64995 <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt * 1:64996 <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt * 3:65011 <-> FILE-PDF TRUFFLEHUNTER TALOS-2025-2202 attack attempt * 3:65012 <-> FILE-PDF TRUFFLEHUNTER TALOS-2025-2202 attack attempt * 3:65013 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2025-2193 attack attempt
* 1:50478 <-> MALWARE-TOOLS Win.Trojan.CoinMiner dropper transfer attempt * 1:50479 <-> MALWARE-TOOLS Win.Trojan.CoinMiner dropper transfer attempt * 1:64941 <-> SERVER-WEBAPP Yiiframework Yii 2 arbitrary PHP code injection attempt
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.47.0.
The format of the file is:
gid:sid <-> Message
* 1:301225 <-> MALWARE-OTHER Backdoor.VBS.Janicab.A download attempt * 1:301226 <-> MALWARE-OTHER Trojan.Java.Jussuc.A download attempt * 1:301227 <-> MALWARE-OTHER Backdoor.Java.Adwind.A download attempt * 1:301228 <-> MALWARE-OTHER Worm.JS.Proslikefan.K download attempt * 1:301229 <-> MALWARE-OTHER Trojan.Win32.Bancyn.o download attempt * 1:301230 <-> FILE-OFFICE Microsoft Office Excel ddeService command execution attempt * 1:301231 <-> MALWARE-OTHER Trojan.MacOS.Kitmos.A download attempt * 1:301232 <-> MALWARE-OTHER Backdoor.Java.Icefog.A download attempt * 1:301233 <-> MALWARE-OTHER Backdoor.Java.Adwind.C download attempt * 1:301234 <-> MALWARE-OTHER Trojan.MacOS.LaoShu.A download attempt * 1:301235 <-> MALWARE-OTHER Win.Loader.Stealc variant download attempt * 1:301236 <-> MALWARE-OTHER Backdoor.PHP.Pbot.A download attempt * 1:301237 <-> MALWARE-OTHER Trojan.Shell.Popkiomth.A download attempt * 1:301238 <-> MALWARE-OTHER Worm.VBS.Iniduoh.B download attempt * 1:301239 <-> MALWARE-OTHER Backdoor.Shell.Sharpstats.A download attempt * 1:301240 <-> MALWARE-OTHER Trojan-Downloader.JS.Ofauthin.A download attempt * 1:301241 <-> MALWARE-OTHER Trojan.Shell.Rennosmud.A download attempt * 1:301242 <-> MALWARE-OTHER Trojan.Shell.Powerstats.A download attempt * 1:301243 <-> MALWARE-OTHER Trojan.Win32.LockScreen.apr download attempt * 1:64965 <-> SERVER-MAIL Synacor Zimbra Collaboration Suite webmail classic stored cross-site scripting attempt * 1:64982 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt * 1:64983 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt * 1:64984 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt * 1:64985 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt * 1:64986 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt * 1:64987 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt * 1:64988 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt * 1:64991 <-> MALWARE-CNC Win.InfoStealer.Stealc variant outbound connection attempt * 1:64994 <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt * 1:64995 <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt * 1:64996 <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt * 3:65011 <-> FILE-PDF TRUFFLEHUNTER TALOS-2025-2202 attack attempt * 3:65012 <-> FILE-PDF TRUFFLEHUNTER TALOS-2025-2202 attack attempt * 3:65013 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2025-2193 attack attempt
* 1:50478 <-> MALWARE-TOOLS Win.Trojan.CoinMiner dropper transfer attempt * 1:50479 <-> MALWARE-TOOLS Win.Trojan.CoinMiner dropper transfer attempt * 1:64941 <-> SERVER-WEBAPP Yiiframework Yii 2 arbitrary PHP code injection attempt