Talos Rules 2025-06-03
This release adds and modifies rules in several categories.

Talos has added and modified multiple rules in the app-detect, file-pdf, malware-cnc, malware-other, malware-tools, server-mail and server-webapp rule sets to provide coverage for emerging threats from these technologies.

For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.

Change logs

2025-06-03 13:16:01 UTC

Snort Subscriber Rules Update

Date: 2025-06-03

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2092000.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:64963 <-> DISABLED <-> MALWARE-OTHER Backdoor.VBS.Janicab.A download attempt (malware-other.rules)
 * 1:64964 <-> DISABLED <-> MALWARE-OTHER Backdoor.VBS.Janicab.A download attempt (malware-other.rules)
 * 1:64965 <-> DISABLED <-> SERVER-MAIL Synacor Zimbra Collaboration Suite webmail classic stored cross-site scripting attempt (server-mail.rules)
 * 1:64966 <-> DISABLED <-> MALWARE-OTHER Trojan.Java.Jussuc.A download attempt (malware-other.rules)
 * 1:64967 <-> DISABLED <-> MALWARE-OTHER Trojan.Java.Jussuc.A download attempt (malware-other.rules)
 * 1:64968 <-> DISABLED <-> MALWARE-OTHER Backdoor.Java.Adwind.A download attempt (malware-other.rules)
 * 1:64969 <-> DISABLED <-> MALWARE-OTHER Backdoor.Java.Adwind.A download attempt (malware-other.rules)
 * 1:64970 <-> DISABLED <-> MALWARE-OTHER Worm.JS.Proslikefan.K download attempt (malware-other.rules)
 * 1:64971 <-> DISABLED <-> MALWARE-OTHER Worm.JS.Proslikefan.K download attempt (malware-other.rules)
 * 1:64972 <-> DISABLED <-> MALWARE-OTHER Trojan.Win32.Bancyn.o download attempt (malware-other.rules)
 * 1:64973 <-> DISABLED <-> MALWARE-OTHER Trojan.Win32.Bancyn.o download attempt (malware-other.rules)
 * 1:64974 <-> DISABLED <-> MALWARE-OTHER Trojan.MacOS.Kitmos.A download attempt (malware-other.rules)
 * 1:64975 <-> DISABLED <-> MALWARE-OTHER Trojan.MacOS.Kitmos.A download attempt (malware-other.rules)
 * 1:64976 <-> DISABLED <-> MALWARE-OTHER Backdoor.Java.Icefog.A download attempt (malware-other.rules)
 * 1:64977 <-> DISABLED <-> MALWARE-OTHER Backdoor.Java.Icefog.A download attempt (malware-other.rules)
 * 1:64978 <-> DISABLED <-> MALWARE-OTHER Backdoor.Java.Adwind.C download attempt (malware-other.rules)
 * 1:64979 <-> DISABLED <-> MALWARE-OTHER Backdoor.Java.Adwind.C download attempt (malware-other.rules)
 * 1:64980 <-> DISABLED <-> MALWARE-OTHER Trojan.MacOS.LaoShu.A download attempt (malware-other.rules)
 * 1:64981 <-> DISABLED <-> MALWARE-OTHER Trojan.MacOS.LaoShu.A download attempt (malware-other.rules)
 * 1:64982 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt (malware-cnc.rules)
 * 1:64983 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt (malware-cnc.rules)
 * 1:64984 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt (malware-cnc.rules)
 * 1:64985 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt (malware-cnc.rules)
 * 1:64986 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt (malware-cnc.rules)
 * 1:64987 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt (malware-cnc.rules)
 * 1:64988 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt (malware-cnc.rules)
 * 1:64989 <-> DISABLED <-> MALWARE-OTHER Win.Loader.Stealc variant download attempt (malware-other.rules)
 * 1:64990 <-> DISABLED <-> MALWARE-OTHER Win.Loader.Stealc variant download attempt (malware-other.rules)
 * 1:64991 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Stealc variant outbound connection attempt (malware-cnc.rules)
 * 1:64992 <-> DISABLED <-> MALWARE-OTHER Backdoor.PHP.Pbot.A download attempt (malware-other.rules)
 * 1:64993 <-> DISABLED <-> MALWARE-OTHER Backdoor.PHP.Pbot.A download attempt (malware-other.rules)
 * 1:64994 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt (malware-cnc.rules)
 * 1:64995 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt (malware-cnc.rules)
 * 1:64996 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt (malware-cnc.rules)
 * 1:64997 <-> DISABLED <-> MALWARE-OTHER Trojan.Shell.Popkiomth.A download attempt (malware-other.rules)
 * 1:64998 <-> DISABLED <-> MALWARE-OTHER Trojan.Shell.Popkiomth.A download attempt (malware-other.rules)
 * 1:64999 <-> DISABLED <-> MALWARE-OTHER Worm.VBS.Iniduoh.B download attempt (malware-other.rules)
 * 1:65000 <-> DISABLED <-> MALWARE-OTHER Worm.VBS.Iniduoh.B download attempt (malware-other.rules)
 * 1:65001 <-> DISABLED <-> MALWARE-OTHER Backdoor.Shell.Sharpstats.A download attempt (malware-other.rules)
 * 1:65002 <-> DISABLED <-> MALWARE-OTHER Backdoor.Shell.Sharpstats.A download attempt (malware-other.rules)
 * 1:65003 <-> DISABLED <-> MALWARE-OTHER Trojan-Downloader.JS.Ofauthin.A download attempt (malware-other.rules)
 * 1:65004 <-> DISABLED <-> MALWARE-OTHER Trojan-Downloader.JS.Ofauthin.A download attempt (malware-other.rules)
 * 1:65005 <-> DISABLED <-> MALWARE-OTHER Trojan.Shell.Rennosmud.A download attempt (malware-other.rules)
 * 1:65006 <-> DISABLED <-> MALWARE-OTHER Trojan.Shell.Rennosmud.A download attempt (malware-other.rules)
 * 1:65007 <-> DISABLED <-> MALWARE-OTHER Trojan.Shell.Powerstats.A download attempt (malware-other.rules)
 * 1:65008 <-> DISABLED <-> MALWARE-OTHER Trojan.Shell.Powerstats.A download attempt (malware-other.rules)
 * 1:65009 <-> DISABLED <-> MALWARE-OTHER Trojan.Win32.LockScreen.apr download attempt (malware-other.rules)
 * 1:65010 <-> DISABLED <-> MALWARE-OTHER Trojan.Win32.LockScreen.apr download attempt (malware-other.rules)
 * 3:65011 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2025-2202 attack attempt (file-pdf.rules)
 * 3:65012 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2025-2202 attack attempt (file-pdf.rules)
 * 3:65013 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2025-2193 attack attempt (server-webapp.rules)

Modified Rules:


 * 1:60114 <-> DISABLED <-> SERVER-WEBAPP SAP NetWeaver directory traversal attempt (server-webapp.rules)
 * 1:64788 <-> ENABLED <-> SERVER-OTHER Erlang/OTP SSH potential remote code execution attempt (server-other.rules)
 * 1:50479 <-> ENABLED <-> MALWARE-TOOLS Win.Trojan.CoinMiner dropper transfer attempt (malware-tools.rules)
 * 1:64941 <-> DISABLED <-> SERVER-WEBAPP Yiiframework Yii 2 arbitrary behavior injection attempt (server-webapp.rules)
 * 1:50478 <-> ENABLED <-> MALWARE-TOOLS Win.Trojan.CoinMiner dropper transfer attempt (malware-tools.rules)
 * 1:60112 <-> DISABLED <-> SERVER-WEBAPP SAP NetWeaver directory traversal attempt (server-webapp.rules)
 * 1:64789 <-> DISABLED <-> APP-DETECT Erlang/OTP SSH server detected (app-detect.rules)

2025-06-03 13:16:01 UTC

Snort Subscriber Rules Update

Date: 2025-06-03

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2091900.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:65009 <-> DISABLED <-> MALWARE-OTHER Trojan.Win32.LockScreen.apr download attempt (malware-other.rules)
 * 1:65008 <-> DISABLED <-> MALWARE-OTHER Trojan.Shell.Powerstats.A download attempt (malware-other.rules)
 * 1:65010 <-> DISABLED <-> MALWARE-OTHER Trojan.Win32.LockScreen.apr download attempt (malware-other.rules)
 * 1:64969 <-> DISABLED <-> MALWARE-OTHER Backdoor.Java.Adwind.A download attempt (malware-other.rules)
 * 1:64970 <-> DISABLED <-> MALWARE-OTHER Worm.JS.Proslikefan.K download attempt (malware-other.rules)
 * 1:64971 <-> DISABLED <-> MALWARE-OTHER Worm.JS.Proslikefan.K download attempt (malware-other.rules)
 * 1:64972 <-> DISABLED <-> MALWARE-OTHER Trojan.Win32.Bancyn.o download attempt (malware-other.rules)
 * 1:64973 <-> DISABLED <-> MALWARE-OTHER Trojan.Win32.Bancyn.o download attempt (malware-other.rules)
 * 1:64974 <-> DISABLED <-> MALWARE-OTHER Trojan.MacOS.Kitmos.A download attempt (malware-other.rules)
 * 1:64975 <-> DISABLED <-> MALWARE-OTHER Trojan.MacOS.Kitmos.A download attempt (malware-other.rules)
 * 1:64976 <-> DISABLED <-> MALWARE-OTHER Backdoor.Java.Icefog.A download attempt (malware-other.rules)
 * 1:64977 <-> DISABLED <-> MALWARE-OTHER Backdoor.Java.Icefog.A download attempt (malware-other.rules)
 * 1:64978 <-> DISABLED <-> MALWARE-OTHER Backdoor.Java.Adwind.C download attempt (malware-other.rules)
 * 1:64979 <-> DISABLED <-> MALWARE-OTHER Backdoor.Java.Adwind.C download attempt (malware-other.rules)
 * 1:64980 <-> DISABLED <-> MALWARE-OTHER Trojan.MacOS.LaoShu.A download attempt (malware-other.rules)
 * 1:64981 <-> DISABLED <-> MALWARE-OTHER Trojan.MacOS.LaoShu.A download attempt (malware-other.rules)
 * 1:64982 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt (malware-cnc.rules)
 * 1:64983 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt (malware-cnc.rules)
 * 1:64984 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt (malware-cnc.rules)
 * 1:64985 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt (malware-cnc.rules)
 * 1:64986 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt (malware-cnc.rules)
 * 1:64987 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt (malware-cnc.rules)
 * 1:64988 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt (malware-cnc.rules)
 * 1:64989 <-> DISABLED <-> MALWARE-OTHER Win.Loader.Stealc variant download attempt (malware-other.rules)
 * 1:64990 <-> DISABLED <-> MALWARE-OTHER Win.Loader.Stealc variant download attempt (malware-other.rules)
 * 1:64991 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Stealc variant outbound connection attempt (malware-cnc.rules)
 * 1:64992 <-> DISABLED <-> MALWARE-OTHER Backdoor.PHP.Pbot.A download attempt (malware-other.rules)
 * 1:64993 <-> DISABLED <-> MALWARE-OTHER Backdoor.PHP.Pbot.A download attempt (malware-other.rules)
 * 1:64994 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt (malware-cnc.rules)
 * 1:64995 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt (malware-cnc.rules)
 * 1:64999 <-> DISABLED <-> MALWARE-OTHER Worm.VBS.Iniduoh.B download attempt (malware-other.rules)
 * 1:64998 <-> DISABLED <-> MALWARE-OTHER Trojan.Shell.Popkiomth.A download attempt (malware-other.rules)
 * 1:65000 <-> DISABLED <-> MALWARE-OTHER Worm.VBS.Iniduoh.B download attempt (malware-other.rules)
 * 1:65001 <-> DISABLED <-> MALWARE-OTHER Backdoor.Shell.Sharpstats.A download attempt (malware-other.rules)
 * 1:65002 <-> DISABLED <-> MALWARE-OTHER Backdoor.Shell.Sharpstats.A download attempt (malware-other.rules)
 * 1:65003 <-> DISABLED <-> MALWARE-OTHER Trojan-Downloader.JS.Ofauthin.A download attempt (malware-other.rules)
 * 1:65004 <-> DISABLED <-> MALWARE-OTHER Trojan-Downloader.JS.Ofauthin.A download attempt (malware-other.rules)
 * 1:65005 <-> DISABLED <-> MALWARE-OTHER Trojan.Shell.Rennosmud.A download attempt (malware-other.rules)
 * 1:65006 <-> DISABLED <-> MALWARE-OTHER Trojan.Shell.Rennosmud.A download attempt (malware-other.rules)
 * 1:65007 <-> DISABLED <-> MALWARE-OTHER Trojan.Shell.Powerstats.A download attempt (malware-other.rules)
 * 1:64997 <-> DISABLED <-> MALWARE-OTHER Trojan.Shell.Popkiomth.A download attempt (malware-other.rules)
 * 1:64963 <-> DISABLED <-> MALWARE-OTHER Backdoor.VBS.Janicab.A download attempt (malware-other.rules)
 * 1:64964 <-> DISABLED <-> MALWARE-OTHER Backdoor.VBS.Janicab.A download attempt (malware-other.rules)
 * 1:64966 <-> DISABLED <-> MALWARE-OTHER Trojan.Java.Jussuc.A download attempt (malware-other.rules)
 * 1:64965 <-> DISABLED <-> SERVER-MAIL Synacor Zimbra Collaboration Suite webmail classic stored cross-site scripting attempt (server-mail.rules)
 * 1:64968 <-> DISABLED <-> MALWARE-OTHER Backdoor.Java.Adwind.A download attempt (malware-other.rules)
 * 1:64967 <-> DISABLED <-> MALWARE-OTHER Trojan.Java.Jussuc.A download attempt (malware-other.rules)
 * 1:64996 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt (malware-cnc.rules)
 * 3:65011 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2025-2202 attack attempt (file-pdf.rules)
 * 3:65012 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2025-2202 attack attempt (file-pdf.rules)
 * 3:65013 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2025-2193 attack attempt (server-webapp.rules)

Modified Rules:


 * 1:60114 <-> DISABLED <-> SERVER-WEBAPP SAP NetWeaver directory traversal attempt (server-webapp.rules)
 * 1:60112 <-> DISABLED <-> SERVER-WEBAPP SAP NetWeaver directory traversal attempt (server-webapp.rules)
 * 1:64789 <-> DISABLED <-> APP-DETECT Erlang/OTP SSH server detected (app-detect.rules)
 * 1:50479 <-> ENABLED <-> MALWARE-TOOLS Win.Trojan.CoinMiner dropper transfer attempt (malware-tools.rules)
 * 1:64941 <-> DISABLED <-> SERVER-WEBAPP Yiiframework Yii 2 arbitrary behavior injection attempt (server-webapp.rules)
 * 1:50478 <-> ENABLED <-> MALWARE-TOOLS Win.Trojan.CoinMiner dropper transfer attempt (malware-tools.rules)
 * 1:64788 <-> ENABLED <-> SERVER-OTHER Erlang/OTP SSH potential remote code execution attempt (server-other.rules)

2025-06-03 13:16:01 UTC

Snort Subscriber Rules Update

Date: 2025-06-03

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2091801.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:64967 <-> DISABLED <-> MALWARE-OTHER Trojan.Java.Jussuc.A download attempt (malware-other.rules)
 * 1:64995 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt (malware-cnc.rules)
 * 1:64966 <-> DISABLED <-> MALWARE-OTHER Trojan.Java.Jussuc.A download attempt (malware-other.rules)
 * 1:65003 <-> DISABLED <-> MALWARE-OTHER Trojan-Downloader.JS.Ofauthin.A download attempt (malware-other.rules)
 * 1:65004 <-> DISABLED <-> MALWARE-OTHER Trojan-Downloader.JS.Ofauthin.A download attempt (malware-other.rules)
 * 1:65005 <-> DISABLED <-> MALWARE-OTHER Trojan.Shell.Rennosmud.A download attempt (malware-other.rules)
 * 1:65006 <-> DISABLED <-> MALWARE-OTHER Trojan.Shell.Rennosmud.A download attempt (malware-other.rules)
 * 1:65007 <-> DISABLED <-> MALWARE-OTHER Trojan.Shell.Powerstats.A download attempt (malware-other.rules)
 * 1:65008 <-> DISABLED <-> MALWARE-OTHER Trojan.Shell.Powerstats.A download attempt (malware-other.rules)
 * 1:65009 <-> DISABLED <-> MALWARE-OTHER Trojan.Win32.LockScreen.apr download attempt (malware-other.rules)
 * 1:65010 <-> DISABLED <-> MALWARE-OTHER Trojan.Win32.LockScreen.apr download attempt (malware-other.rules)
 * 1:64996 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt (malware-cnc.rules)
 * 1:64997 <-> DISABLED <-> MALWARE-OTHER Trojan.Shell.Popkiomth.A download attempt (malware-other.rules)
 * 1:64999 <-> DISABLED <-> MALWARE-OTHER Worm.VBS.Iniduoh.B download attempt (malware-other.rules)
 * 1:64998 <-> DISABLED <-> MALWARE-OTHER Trojan.Shell.Popkiomth.A download attempt (malware-other.rules)
 * 1:65000 <-> DISABLED <-> MALWARE-OTHER Worm.VBS.Iniduoh.B download attempt (malware-other.rules)
 * 1:65002 <-> DISABLED <-> MALWARE-OTHER Backdoor.Shell.Sharpstats.A download attempt (malware-other.rules)
 * 1:64964 <-> DISABLED <-> MALWARE-OTHER Backdoor.VBS.Janicab.A download attempt (malware-other.rules)
 * 1:64985 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt (malware-cnc.rules)
 * 1:64987 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt (malware-cnc.rules)
 * 1:64986 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt (malware-cnc.rules)
 * 1:64988 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt (malware-cnc.rules)
 * 1:64989 <-> DISABLED <-> MALWARE-OTHER Win.Loader.Stealc variant download attempt (malware-other.rules)
 * 1:64990 <-> DISABLED <-> MALWARE-OTHER Win.Loader.Stealc variant download attempt (malware-other.rules)
 * 1:64991 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Stealc variant outbound connection attempt (malware-cnc.rules)
 * 1:64992 <-> DISABLED <-> MALWARE-OTHER Backdoor.PHP.Pbot.A download attempt (malware-other.rules)
 * 1:64993 <-> DISABLED <-> MALWARE-OTHER Backdoor.PHP.Pbot.A download attempt (malware-other.rules)
 * 1:64994 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt (malware-cnc.rules)
 * 1:64963 <-> DISABLED <-> MALWARE-OTHER Backdoor.VBS.Janicab.A download attempt (malware-other.rules)
 * 1:64968 <-> DISABLED <-> MALWARE-OTHER Backdoor.Java.Adwind.A download attempt (malware-other.rules)
 * 1:64970 <-> DISABLED <-> MALWARE-OTHER Worm.JS.Proslikefan.K download attempt (malware-other.rules)
 * 1:64969 <-> DISABLED <-> MALWARE-OTHER Backdoor.Java.Adwind.A download attempt (malware-other.rules)
 * 1:64972 <-> DISABLED <-> MALWARE-OTHER Trojan.Win32.Bancyn.o download attempt (malware-other.rules)
 * 1:64971 <-> DISABLED <-> MALWARE-OTHER Worm.JS.Proslikefan.K download attempt (malware-other.rules)
 * 1:64973 <-> DISABLED <-> MALWARE-OTHER Trojan.Win32.Bancyn.o download attempt (malware-other.rules)
 * 1:64965 <-> DISABLED <-> SERVER-MAIL Synacor Zimbra Collaboration Suite webmail classic stored cross-site scripting attempt (server-mail.rules)
 * 1:64975 <-> DISABLED <-> MALWARE-OTHER Trojan.MacOS.Kitmos.A download attempt (malware-other.rules)
 * 1:64974 <-> DISABLED <-> MALWARE-OTHER Trojan.MacOS.Kitmos.A download attempt (malware-other.rules)
 * 1:64977 <-> DISABLED <-> MALWARE-OTHER Backdoor.Java.Icefog.A download attempt (malware-other.rules)
 * 1:64976 <-> DISABLED <-> MALWARE-OTHER Backdoor.Java.Icefog.A download attempt (malware-other.rules)
 * 1:64979 <-> DISABLED <-> MALWARE-OTHER Backdoor.Java.Adwind.C download attempt (malware-other.rules)
 * 1:64978 <-> DISABLED <-> MALWARE-OTHER Backdoor.Java.Adwind.C download attempt (malware-other.rules)
 * 1:64981 <-> DISABLED <-> MALWARE-OTHER Trojan.MacOS.LaoShu.A download attempt (malware-other.rules)
 * 1:64980 <-> DISABLED <-> MALWARE-OTHER Trojan.MacOS.LaoShu.A download attempt (malware-other.rules)
 * 1:64983 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt (malware-cnc.rules)
 * 1:64982 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt (malware-cnc.rules)
 * 1:64984 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt (malware-cnc.rules)
 * 1:65001 <-> DISABLED <-> MALWARE-OTHER Backdoor.Shell.Sharpstats.A download attempt (malware-other.rules)
 * 3:65011 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2025-2202 attack attempt (file-pdf.rules)
 * 3:65012 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2025-2202 attack attempt (file-pdf.rules)
 * 3:65013 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2025-2193 attack attempt (server-webapp.rules)

Modified Rules:


 * 1:60112 <-> DISABLED <-> SERVER-WEBAPP SAP NetWeaver directory traversal attempt (server-webapp.rules)
 * 1:50479 <-> ENABLED <-> MALWARE-TOOLS Win.Trojan.CoinMiner dropper transfer attempt (malware-tools.rules)
 * 1:64788 <-> ENABLED <-> SERVER-OTHER Erlang/OTP SSH potential remote code execution attempt (server-other.rules)
 * 1:60114 <-> DISABLED <-> SERVER-WEBAPP SAP NetWeaver directory traversal attempt (server-webapp.rules)
 * 1:64941 <-> DISABLED <-> SERVER-WEBAPP Yiiframework Yii 2 arbitrary behavior injection attempt (server-webapp.rules)
 * 1:64789 <-> DISABLED <-> APP-DETECT Erlang/OTP SSH server detected (app-detect.rules)
 * 1:50478 <-> ENABLED <-> MALWARE-TOOLS Win.Trojan.CoinMiner dropper transfer attempt (malware-tools.rules)

2025-06-03 13:16:01 UTC

Snort Subscriber Rules Update

Date: 2025-06-03

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2091701.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:65005 <-> DISABLED <-> MALWARE-OTHER Trojan.Shell.Rennosmud.A download attempt (malware-other.rules)
 * 1:65010 <-> DISABLED <-> MALWARE-OTHER Trojan.Win32.LockScreen.apr download attempt (malware-other.rules)
 * 1:64999 <-> DISABLED <-> MALWARE-OTHER Worm.VBS.Iniduoh.B download attempt (malware-other.rules)
 * 1:64970 <-> DISABLED <-> MALWARE-OTHER Worm.JS.Proslikefan.K download attempt (malware-other.rules)
 * 1:64998 <-> DISABLED <-> MALWARE-OTHER Trojan.Shell.Popkiomth.A download attempt (malware-other.rules)
 * 1:65007 <-> DISABLED <-> MALWARE-OTHER Trojan.Shell.Powerstats.A download attempt (malware-other.rules)
 * 1:64964 <-> DISABLED <-> MALWARE-OTHER Backdoor.VBS.Janicab.A download attempt (malware-other.rules)
 * 1:65003 <-> DISABLED <-> MALWARE-OTHER Trojan-Downloader.JS.Ofauthin.A download attempt (malware-other.rules)
 * 1:65001 <-> DISABLED <-> MALWARE-OTHER Backdoor.Shell.Sharpstats.A download attempt (malware-other.rules)
 * 1:65006 <-> DISABLED <-> MALWARE-OTHER Trojan.Shell.Rennosmud.A download attempt (malware-other.rules)
 * 1:65009 <-> DISABLED <-> MALWARE-OTHER Trojan.Win32.LockScreen.apr download attempt (malware-other.rules)
 * 1:65008 <-> DISABLED <-> MALWARE-OTHER Trojan.Shell.Powerstats.A download attempt (malware-other.rules)
 * 1:65000 <-> DISABLED <-> MALWARE-OTHER Worm.VBS.Iniduoh.B download attempt (malware-other.rules)
 * 1:65002 <-> DISABLED <-> MALWARE-OTHER Backdoor.Shell.Sharpstats.A download attempt (malware-other.rules)
 * 1:65004 <-> DISABLED <-> MALWARE-OTHER Trojan-Downloader.JS.Ofauthin.A download attempt (malware-other.rules)
 * 1:64963 <-> DISABLED <-> MALWARE-OTHER Backdoor.VBS.Janicab.A download attempt (malware-other.rules)
 * 1:64972 <-> DISABLED <-> MALWARE-OTHER Trojan.Win32.Bancyn.o download attempt (malware-other.rules)
 * 1:64974 <-> DISABLED <-> MALWARE-OTHER Trojan.MacOS.Kitmos.A download attempt (malware-other.rules)
 * 1:64971 <-> DISABLED <-> MALWARE-OTHER Worm.JS.Proslikefan.K download attempt (malware-other.rules)
 * 1:64975 <-> DISABLED <-> MALWARE-OTHER Trojan.MacOS.Kitmos.A download attempt (malware-other.rules)
 * 1:64973 <-> DISABLED <-> MALWARE-OTHER Trojan.Win32.Bancyn.o download attempt (malware-other.rules)
 * 1:64976 <-> DISABLED <-> MALWARE-OTHER Backdoor.Java.Icefog.A download attempt (malware-other.rules)
 * 1:64979 <-> DISABLED <-> MALWARE-OTHER Backdoor.Java.Adwind.C download attempt (malware-other.rules)
 * 1:64978 <-> DISABLED <-> MALWARE-OTHER Backdoor.Java.Adwind.C download attempt (malware-other.rules)
 * 1:64977 <-> DISABLED <-> MALWARE-OTHER Backdoor.Java.Icefog.A download attempt (malware-other.rules)
 * 1:64980 <-> DISABLED <-> MALWARE-OTHER Trojan.MacOS.LaoShu.A download attempt (malware-other.rules)
 * 1:64983 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt (malware-cnc.rules)
 * 1:64982 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt (malware-cnc.rules)
 * 1:64984 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt (malware-cnc.rules)
 * 1:64986 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt (malware-cnc.rules)
 * 1:64981 <-> DISABLED <-> MALWARE-OTHER Trojan.MacOS.LaoShu.A download attempt (malware-other.rules)
 * 1:64988 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt (malware-cnc.rules)
 * 1:64987 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt (malware-cnc.rules)
 * 1:64990 <-> DISABLED <-> MALWARE-OTHER Win.Loader.Stealc variant download attempt (malware-other.rules)
 * 1:64985 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt (malware-cnc.rules)
 * 1:64992 <-> DISABLED <-> MALWARE-OTHER Backdoor.PHP.Pbot.A download attempt (malware-other.rules)
 * 1:64991 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Stealc variant outbound connection attempt (malware-cnc.rules)
 * 1:64989 <-> DISABLED <-> MALWARE-OTHER Win.Loader.Stealc variant download attempt (malware-other.rules)
 * 1:64994 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt (malware-cnc.rules)
 * 1:64993 <-> DISABLED <-> MALWARE-OTHER Backdoor.PHP.Pbot.A download attempt (malware-other.rules)
 * 1:64996 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt (malware-cnc.rules)
 * 1:64995 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt (malware-cnc.rules)
 * 1:64997 <-> DISABLED <-> MALWARE-OTHER Trojan.Shell.Popkiomth.A download attempt (malware-other.rules)
 * 1:64966 <-> DISABLED <-> MALWARE-OTHER Trojan.Java.Jussuc.A download attempt (malware-other.rules)
 * 1:64965 <-> DISABLED <-> SERVER-MAIL Synacor Zimbra Collaboration Suite webmail classic stored cross-site scripting attempt (server-mail.rules)
 * 1:64967 <-> DISABLED <-> MALWARE-OTHER Trojan.Java.Jussuc.A download attempt (malware-other.rules)
 * 1:64968 <-> DISABLED <-> MALWARE-OTHER Backdoor.Java.Adwind.A download attempt (malware-other.rules)
 * 1:64969 <-> DISABLED <-> MALWARE-OTHER Backdoor.Java.Adwind.A download attempt (malware-other.rules)
 * 3:65011 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2025-2202 attack attempt (file-pdf.rules)
 * 3:65012 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2025-2202 attack attempt (file-pdf.rules)
 * 3:65013 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2025-2193 attack attempt (server-webapp.rules)

Modified Rules:


 * 1:50479 <-> ENABLED <-> MALWARE-TOOLS Win.Trojan.CoinMiner dropper transfer attempt (malware-tools.rules)
 * 1:64788 <-> ENABLED <-> SERVER-OTHER Erlang/OTP SSH potential remote code execution attempt (server-other.rules)
 * 1:60112 <-> DISABLED <-> SERVER-WEBAPP SAP NetWeaver directory traversal attempt (server-webapp.rules)
 * 1:60114 <-> DISABLED <-> SERVER-WEBAPP SAP NetWeaver directory traversal attempt (server-webapp.rules)
 * 1:64941 <-> DISABLED <-> SERVER-WEBAPP Yiiframework Yii 2 arbitrary behavior injection attempt (server-webapp.rules)
 * 1:64789 <-> DISABLED <-> APP-DETECT Erlang/OTP SSH server detected (app-detect.rules)
 * 1:50478 <-> ENABLED <-> MALWARE-TOOLS Win.Trojan.CoinMiner dropper transfer attempt (malware-tools.rules)

2025-06-03 13:16:01 UTC

Snort Subscriber Rules Update

Date: 2025-06-03

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2091700.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:65002 <-> DISABLED <-> MALWARE-OTHER Backdoor.Shell.Sharpstats.A download attempt (malware-other.rules)
 * 1:64969 <-> DISABLED <-> MALWARE-OTHER Backdoor.Java.Adwind.A download attempt (malware-other.rules)
 * 1:65008 <-> DISABLED <-> MALWARE-OTHER Trojan.Shell.Powerstats.A download attempt (malware-other.rules)
 * 1:64967 <-> DISABLED <-> MALWARE-OTHER Trojan.Java.Jussuc.A download attempt (malware-other.rules)
 * 1:65004 <-> DISABLED <-> MALWARE-OTHER Trojan-Downloader.JS.Ofauthin.A download attempt (malware-other.rules)
 * 1:65001 <-> DISABLED <-> MALWARE-OTHER Backdoor.Shell.Sharpstats.A download attempt (malware-other.rules)
 * 1:65000 <-> DISABLED <-> MALWARE-OTHER Worm.VBS.Iniduoh.B download attempt (malware-other.rules)
 * 1:65010 <-> DISABLED <-> MALWARE-OTHER Trojan.Win32.LockScreen.apr download attempt (malware-other.rules)
 * 1:64966 <-> DISABLED <-> MALWARE-OTHER Trojan.Java.Jussuc.A download attempt (malware-other.rules)
 * 1:64970 <-> DISABLED <-> MALWARE-OTHER Worm.JS.Proslikefan.K download attempt (malware-other.rules)
 * 1:64968 <-> DISABLED <-> MALWARE-OTHER Backdoor.Java.Adwind.A download attempt (malware-other.rules)
 * 1:64963 <-> DISABLED <-> MALWARE-OTHER Backdoor.VBS.Janicab.A download attempt (malware-other.rules)
 * 1:65005 <-> DISABLED <-> MALWARE-OTHER Trojan.Shell.Rennosmud.A download attempt (malware-other.rules)
 * 1:65003 <-> DISABLED <-> MALWARE-OTHER Trojan-Downloader.JS.Ofauthin.A download attempt (malware-other.rules)
 * 1:65006 <-> DISABLED <-> MALWARE-OTHER Trojan.Shell.Rennosmud.A download attempt (malware-other.rules)
 * 1:64971 <-> DISABLED <-> MALWARE-OTHER Worm.JS.Proslikefan.K download attempt (malware-other.rules)
 * 1:64965 <-> DISABLED <-> SERVER-MAIL Synacor Zimbra Collaboration Suite webmail classic stored cross-site scripting attempt (server-mail.rules)
 * 1:64964 <-> DISABLED <-> MALWARE-OTHER Backdoor.VBS.Janicab.A download attempt (malware-other.rules)
 * 1:64972 <-> DISABLED <-> MALWARE-OTHER Trojan.Win32.Bancyn.o download attempt (malware-other.rules)
 * 1:64973 <-> DISABLED <-> MALWARE-OTHER Trojan.Win32.Bancyn.o download attempt (malware-other.rules)
 * 1:64974 <-> DISABLED <-> MALWARE-OTHER Trojan.MacOS.Kitmos.A download attempt (malware-other.rules)
 * 1:64975 <-> DISABLED <-> MALWARE-OTHER Trojan.MacOS.Kitmos.A download attempt (malware-other.rules)
 * 1:64976 <-> DISABLED <-> MALWARE-OTHER Backdoor.Java.Icefog.A download attempt (malware-other.rules)
 * 1:64977 <-> DISABLED <-> MALWARE-OTHER Backdoor.Java.Icefog.A download attempt (malware-other.rules)
 * 1:64978 <-> DISABLED <-> MALWARE-OTHER Backdoor.Java.Adwind.C download attempt (malware-other.rules)
 * 1:64979 <-> DISABLED <-> MALWARE-OTHER Backdoor.Java.Adwind.C download attempt (malware-other.rules)
 * 1:64980 <-> DISABLED <-> MALWARE-OTHER Trojan.MacOS.LaoShu.A download attempt (malware-other.rules)
 * 1:64981 <-> DISABLED <-> MALWARE-OTHER Trojan.MacOS.LaoShu.A download attempt (malware-other.rules)
 * 1:64982 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt (malware-cnc.rules)
 * 1:64983 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt (malware-cnc.rules)
 * 1:64984 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt (malware-cnc.rules)
 * 1:64985 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt (malware-cnc.rules)
 * 1:64986 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt (malware-cnc.rules)
 * 1:64987 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt (malware-cnc.rules)
 * 1:64988 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt (malware-cnc.rules)
 * 1:64989 <-> DISABLED <-> MALWARE-OTHER Win.Loader.Stealc variant download attempt (malware-other.rules)
 * 1:64990 <-> DISABLED <-> MALWARE-OTHER Win.Loader.Stealc variant download attempt (malware-other.rules)
 * 1:64991 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Stealc variant outbound connection attempt (malware-cnc.rules)
 * 1:64992 <-> DISABLED <-> MALWARE-OTHER Backdoor.PHP.Pbot.A download attempt (malware-other.rules)
 * 1:64993 <-> DISABLED <-> MALWARE-OTHER Backdoor.PHP.Pbot.A download attempt (malware-other.rules)
 * 1:64994 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt (malware-cnc.rules)
 * 1:64995 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt (malware-cnc.rules)
 * 1:64999 <-> DISABLED <-> MALWARE-OTHER Worm.VBS.Iniduoh.B download attempt (malware-other.rules)
 * 1:65009 <-> DISABLED <-> MALWARE-OTHER Trojan.Win32.LockScreen.apr download attempt (malware-other.rules)
 * 1:65007 <-> DISABLED <-> MALWARE-OTHER Trojan.Shell.Powerstats.A download attempt (malware-other.rules)
 * 1:64996 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt (malware-cnc.rules)
 * 1:64997 <-> DISABLED <-> MALWARE-OTHER Trojan.Shell.Popkiomth.A download attempt (malware-other.rules)
 * 1:64998 <-> DISABLED <-> MALWARE-OTHER Trojan.Shell.Popkiomth.A download attempt (malware-other.rules)
 * 3:65011 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2025-2202 attack attempt (file-pdf.rules)
 * 3:65012 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2025-2202 attack attempt (file-pdf.rules)
 * 3:65013 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2025-2193 attack attempt (server-webapp.rules)

Modified Rules:


 * 1:50479 <-> ENABLED <-> MALWARE-TOOLS Win.Trojan.CoinMiner dropper transfer attempt (malware-tools.rules)
 * 1:60114 <-> DISABLED <-> SERVER-WEBAPP SAP NetWeaver directory traversal attempt (server-webapp.rules)
 * 1:64789 <-> DISABLED <-> APP-DETECT Erlang/OTP SSH server detected (app-detect.rules)
 * 1:64788 <-> ENABLED <-> SERVER-OTHER Erlang/OTP SSH potential remote code execution attempt (server-other.rules)
 * 1:60112 <-> DISABLED <-> SERVER-WEBAPP SAP NetWeaver directory traversal attempt (server-webapp.rules)
 * 1:64941 <-> DISABLED <-> SERVER-WEBAPP Yiiframework Yii 2 arbitrary behavior injection attempt (server-webapp.rules)
 * 1:50478 <-> ENABLED <-> MALWARE-TOOLS Win.Trojan.CoinMiner dropper transfer attempt (malware-tools.rules)

2025-06-03 13:16:02 UTC

Snort Subscriber Rules Update

Date: 2025-06-03

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2091601.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:64971 <-> DISABLED <-> MALWARE-OTHER Worm.JS.Proslikefan.K download attempt (malware-other.rules)
 * 1:65009 <-> DISABLED <-> MALWARE-OTHER Trojan.Win32.LockScreen.apr download attempt (malware-other.rules)
 * 1:65003 <-> DISABLED <-> MALWARE-OTHER Trojan-Downloader.JS.Ofauthin.A download attempt (malware-other.rules)
 * 1:64970 <-> DISABLED <-> MALWARE-OTHER Worm.JS.Proslikefan.K download attempt (malware-other.rules)
 * 1:65008 <-> DISABLED <-> MALWARE-OTHER Trojan.Shell.Powerstats.A download attempt (malware-other.rules)
 * 1:64963 <-> DISABLED <-> MALWARE-OTHER Backdoor.VBS.Janicab.A download attempt (malware-other.rules)
 * 1:64966 <-> DISABLED <-> MALWARE-OTHER Trojan.Java.Jussuc.A download attempt (malware-other.rules)
 * 1:64965 <-> DISABLED <-> SERVER-MAIL Synacor Zimbra Collaboration Suite webmail classic stored cross-site scripting attempt (server-mail.rules)
 * 1:64964 <-> DISABLED <-> MALWARE-OTHER Backdoor.VBS.Janicab.A download attempt (malware-other.rules)
 * 1:65004 <-> DISABLED <-> MALWARE-OTHER Trojan-Downloader.JS.Ofauthin.A download attempt (malware-other.rules)
 * 1:64969 <-> DISABLED <-> MALWARE-OTHER Backdoor.Java.Adwind.A download attempt (malware-other.rules)
 * 1:65006 <-> DISABLED <-> MALWARE-OTHER Trojan.Shell.Rennosmud.A download attempt (malware-other.rules)
 * 1:64968 <-> DISABLED <-> MALWARE-OTHER Backdoor.Java.Adwind.A download attempt (malware-other.rules)
 * 1:64967 <-> DISABLED <-> MALWARE-OTHER Trojan.Java.Jussuc.A download attempt (malware-other.rules)
 * 1:65002 <-> DISABLED <-> MALWARE-OTHER Backdoor.Shell.Sharpstats.A download attempt (malware-other.rules)
 * 1:64975 <-> DISABLED <-> MALWARE-OTHER Trojan.MacOS.Kitmos.A download attempt (malware-other.rules)
 * 1:65010 <-> DISABLED <-> MALWARE-OTHER Trojan.Win32.LockScreen.apr download attempt (malware-other.rules)
 * 1:65005 <-> DISABLED <-> MALWARE-OTHER Trojan.Shell.Rennosmud.A download attempt (malware-other.rules)
 * 1:64976 <-> DISABLED <-> MALWARE-OTHER Backdoor.Java.Icefog.A download attempt (malware-other.rules)
 * 1:64977 <-> DISABLED <-> MALWARE-OTHER Backdoor.Java.Icefog.A download attempt (malware-other.rules)
 * 1:64978 <-> DISABLED <-> MALWARE-OTHER Backdoor.Java.Adwind.C download attempt (malware-other.rules)
 * 1:64979 <-> DISABLED <-> MALWARE-OTHER Backdoor.Java.Adwind.C download attempt (malware-other.rules)
 * 1:64980 <-> DISABLED <-> MALWARE-OTHER Trojan.MacOS.LaoShu.A download attempt (malware-other.rules)
 * 1:64981 <-> DISABLED <-> MALWARE-OTHER Trojan.MacOS.LaoShu.A download attempt (malware-other.rules)
 * 1:64982 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt (malware-cnc.rules)
 * 1:64983 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt (malware-cnc.rules)
 * 1:64984 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt (malware-cnc.rules)
 * 1:64985 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt (malware-cnc.rules)
 * 1:64986 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt (malware-cnc.rules)
 * 1:64987 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt (malware-cnc.rules)
 * 1:64988 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt (malware-cnc.rules)
 * 1:64989 <-> DISABLED <-> MALWARE-OTHER Win.Loader.Stealc variant download attempt (malware-other.rules)
 * 1:64990 <-> DISABLED <-> MALWARE-OTHER Win.Loader.Stealc variant download attempt (malware-other.rules)
 * 1:64991 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Stealc variant outbound connection attempt (malware-cnc.rules)
 * 1:65007 <-> DISABLED <-> MALWARE-OTHER Trojan.Shell.Powerstats.A download attempt (malware-other.rules)
 * 1:64992 <-> DISABLED <-> MALWARE-OTHER Backdoor.PHP.Pbot.A download attempt (malware-other.rules)
 * 1:64993 <-> DISABLED <-> MALWARE-OTHER Backdoor.PHP.Pbot.A download attempt (malware-other.rules)
 * 1:64994 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt (malware-cnc.rules)
 * 1:64995 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt (malware-cnc.rules)
 * 1:64996 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt (malware-cnc.rules)
 * 1:64997 <-> DISABLED <-> MALWARE-OTHER Trojan.Shell.Popkiomth.A download attempt (malware-other.rules)
 * 1:64998 <-> DISABLED <-> MALWARE-OTHER Trojan.Shell.Popkiomth.A download attempt (malware-other.rules)
 * 1:64999 <-> DISABLED <-> MALWARE-OTHER Worm.VBS.Iniduoh.B download attempt (malware-other.rules)
 * 1:64974 <-> DISABLED <-> MALWARE-OTHER Trojan.MacOS.Kitmos.A download attempt (malware-other.rules)
 * 1:65000 <-> DISABLED <-> MALWARE-OTHER Worm.VBS.Iniduoh.B download attempt (malware-other.rules)
 * 1:64972 <-> DISABLED <-> MALWARE-OTHER Trojan.Win32.Bancyn.o download attempt (malware-other.rules)
 * 1:64973 <-> DISABLED <-> MALWARE-OTHER Trojan.Win32.Bancyn.o download attempt (malware-other.rules)
 * 1:65001 <-> DISABLED <-> MALWARE-OTHER Backdoor.Shell.Sharpstats.A download attempt (malware-other.rules)
 * 3:65011 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2025-2202 attack attempt (file-pdf.rules)
 * 3:65012 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2025-2202 attack attempt (file-pdf.rules)
 * 3:65013 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2025-2193 attack attempt (server-webapp.rules)

Modified Rules:


 * 1:64789 <-> DISABLED <-> APP-DETECT Erlang/OTP SSH server detected (app-detect.rules)
 * 1:64941 <-> DISABLED <-> SERVER-WEBAPP Yiiframework Yii 2 arbitrary behavior injection attempt (server-webapp.rules)
 * 1:50479 <-> ENABLED <-> MALWARE-TOOLS Win.Trojan.CoinMiner dropper transfer attempt (malware-tools.rules)
 * 1:64788 <-> ENABLED <-> SERVER-OTHER Erlang/OTP SSH potential remote code execution attempt (server-other.rules)
 * 1:60114 <-> DISABLED <-> SERVER-WEBAPP SAP NetWeaver directory traversal attempt (server-webapp.rules)
 * 1:60112 <-> DISABLED <-> SERVER-WEBAPP SAP NetWeaver directory traversal attempt (server-webapp.rules)
 * 1:50478 <-> ENABLED <-> MALWARE-TOOLS Win.Trojan.CoinMiner dropper transfer attempt (malware-tools.rules)

2025-06-03 13:16:02 UTC

Snort Subscriber Rules Update

Date: 2025-06-03

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2091600.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:64966 <-> DISABLED <-> MALWARE-OTHER Trojan.Java.Jussuc.A download attempt (malware-other.rules)
 * 1:65001 <-> DISABLED <-> MALWARE-OTHER Backdoor.Shell.Sharpstats.A download attempt (malware-other.rules)
 * 1:65010 <-> DISABLED <-> MALWARE-OTHER Trojan.Win32.LockScreen.apr download attempt (malware-other.rules)
 * 1:65009 <-> DISABLED <-> MALWARE-OTHER Trojan.Win32.LockScreen.apr download attempt (malware-other.rules)
 * 1:64997 <-> DISABLED <-> MALWARE-OTHER Trojan.Shell.Popkiomth.A download attempt (malware-other.rules)
 * 1:64963 <-> DISABLED <-> MALWARE-OTHER Backdoor.VBS.Janicab.A download attempt (malware-other.rules)
 * 1:64968 <-> DISABLED <-> MALWARE-OTHER Backdoor.Java.Adwind.A download attempt (malware-other.rules)
 * 1:65000 <-> DISABLED <-> MALWARE-OTHER Worm.VBS.Iniduoh.B download attempt (malware-other.rules)
 * 1:64996 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt (malware-cnc.rules)
 * 1:64999 <-> DISABLED <-> MALWARE-OTHER Worm.VBS.Iniduoh.B download attempt (malware-other.rules)
 * 1:64964 <-> DISABLED <-> MALWARE-OTHER Backdoor.VBS.Janicab.A download attempt (malware-other.rules)
 * 1:65008 <-> DISABLED <-> MALWARE-OTHER Trojan.Shell.Powerstats.A download attempt (malware-other.rules)
 * 1:65006 <-> DISABLED <-> MALWARE-OTHER Trojan.Shell.Rennosmud.A download attempt (malware-other.rules)
 * 1:64967 <-> DISABLED <-> MALWARE-OTHER Trojan.Java.Jussuc.A download attempt (malware-other.rules)
 * 1:65007 <-> DISABLED <-> MALWARE-OTHER Trojan.Shell.Powerstats.A download attempt (malware-other.rules)
 * 1:65003 <-> DISABLED <-> MALWARE-OTHER Trojan-Downloader.JS.Ofauthin.A download attempt (malware-other.rules)
 * 1:64965 <-> DISABLED <-> SERVER-MAIL Synacor Zimbra Collaboration Suite webmail classic stored cross-site scripting attempt (server-mail.rules)
 * 1:65002 <-> DISABLED <-> MALWARE-OTHER Backdoor.Shell.Sharpstats.A download attempt (malware-other.rules)
 * 1:64998 <-> DISABLED <-> MALWARE-OTHER Trojan.Shell.Popkiomth.A download attempt (malware-other.rules)
 * 1:64969 <-> DISABLED <-> MALWARE-OTHER Backdoor.Java.Adwind.A download attempt (malware-other.rules)
 * 1:64970 <-> DISABLED <-> MALWARE-OTHER Worm.JS.Proslikefan.K download attempt (malware-other.rules)
 * 1:65004 <-> DISABLED <-> MALWARE-OTHER Trojan-Downloader.JS.Ofauthin.A download attempt (malware-other.rules)
 * 1:64971 <-> DISABLED <-> MALWARE-OTHER Worm.JS.Proslikefan.K download attempt (malware-other.rules)
 * 1:64972 <-> DISABLED <-> MALWARE-OTHER Trojan.Win32.Bancyn.o download attempt (malware-other.rules)
 * 1:64973 <-> DISABLED <-> MALWARE-OTHER Trojan.Win32.Bancyn.o download attempt (malware-other.rules)
 * 1:64974 <-> DISABLED <-> MALWARE-OTHER Trojan.MacOS.Kitmos.A download attempt (malware-other.rules)
 * 1:64975 <-> DISABLED <-> MALWARE-OTHER Trojan.MacOS.Kitmos.A download attempt (malware-other.rules)
 * 1:64976 <-> DISABLED <-> MALWARE-OTHER Backdoor.Java.Icefog.A download attempt (malware-other.rules)
 * 1:64977 <-> DISABLED <-> MALWARE-OTHER Backdoor.Java.Icefog.A download attempt (malware-other.rules)
 * 1:64978 <-> DISABLED <-> MALWARE-OTHER Backdoor.Java.Adwind.C download attempt (malware-other.rules)
 * 1:64979 <-> DISABLED <-> MALWARE-OTHER Backdoor.Java.Adwind.C download attempt (malware-other.rules)
 * 1:64980 <-> DISABLED <-> MALWARE-OTHER Trojan.MacOS.LaoShu.A download attempt (malware-other.rules)
 * 1:64981 <-> DISABLED <-> MALWARE-OTHER Trojan.MacOS.LaoShu.A download attempt (malware-other.rules)
 * 1:64982 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt (malware-cnc.rules)
 * 1:64983 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt (malware-cnc.rules)
 * 1:64984 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt (malware-cnc.rules)
 * 1:64985 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt (malware-cnc.rules)
 * 1:64986 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt (malware-cnc.rules)
 * 1:64987 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt (malware-cnc.rules)
 * 1:64988 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt (malware-cnc.rules)
 * 1:64989 <-> DISABLED <-> MALWARE-OTHER Win.Loader.Stealc variant download attempt (malware-other.rules)
 * 1:64990 <-> DISABLED <-> MALWARE-OTHER Win.Loader.Stealc variant download attempt (malware-other.rules)
 * 1:64991 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Stealc variant outbound connection attempt (malware-cnc.rules)
 * 1:64992 <-> DISABLED <-> MALWARE-OTHER Backdoor.PHP.Pbot.A download attempt (malware-other.rules)
 * 1:64993 <-> DISABLED <-> MALWARE-OTHER Backdoor.PHP.Pbot.A download attempt (malware-other.rules)
 * 1:64994 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt (malware-cnc.rules)
 * 1:64995 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt (malware-cnc.rules)
 * 1:65005 <-> DISABLED <-> MALWARE-OTHER Trojan.Shell.Rennosmud.A download attempt (malware-other.rules)
 * 3:65011 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2025-2202 attack attempt (file-pdf.rules)
 * 3:65012 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2025-2202 attack attempt (file-pdf.rules)
 * 3:65013 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2025-2193 attack attempt (server-webapp.rules)

Modified Rules:


 * 1:64789 <-> DISABLED <-> APP-DETECT Erlang/OTP SSH server detected (app-detect.rules)
 * 1:50479 <-> ENABLED <-> MALWARE-TOOLS Win.Trojan.CoinMiner dropper transfer attempt (malware-tools.rules)
 * 1:60114 <-> DISABLED <-> SERVER-WEBAPP SAP NetWeaver directory traversal attempt (server-webapp.rules)
 * 1:60112 <-> DISABLED <-> SERVER-WEBAPP SAP NetWeaver directory traversal attempt (server-webapp.rules)
 * 1:64788 <-> ENABLED <-> SERVER-OTHER Erlang/OTP SSH potential remote code execution attempt (server-other.rules)
 * 1:64941 <-> DISABLED <-> SERVER-WEBAPP Yiiframework Yii 2 arbitrary behavior injection attempt (server-webapp.rules)
 * 1:50478 <-> ENABLED <-> MALWARE-TOOLS Win.Trojan.CoinMiner dropper transfer attempt (malware-tools.rules)

2025-06-03 13:16:02 UTC

Snort Subscriber Rules Update

Date: 2025-06-03

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2091501.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:64964 <-> DISABLED <-> MALWARE-OTHER Backdoor.VBS.Janicab.A download attempt (malware-other.rules)
 * 1:65003 <-> DISABLED <-> MALWARE-OTHER Trojan-Downloader.JS.Ofauthin.A download attempt (malware-other.rules)
 * 1:65005 <-> DISABLED <-> MALWARE-OTHER Trojan.Shell.Rennosmud.A download attempt (malware-other.rules)
 * 1:65010 <-> DISABLED <-> MALWARE-OTHER Trojan.Win32.LockScreen.apr download attempt (malware-other.rules)
 * 1:64966 <-> DISABLED <-> MALWARE-OTHER Trojan.Java.Jussuc.A download attempt (malware-other.rules)
 * 1:64974 <-> DISABLED <-> MALWARE-OTHER Trojan.MacOS.Kitmos.A download attempt (malware-other.rules)
 * 1:64965 <-> DISABLED <-> SERVER-MAIL Synacor Zimbra Collaboration Suite webmail classic stored cross-site scripting attempt (server-mail.rules)
 * 1:64967 <-> DISABLED <-> MALWARE-OTHER Trojan.Java.Jussuc.A download attempt (malware-other.rules)
 * 1:64976 <-> DISABLED <-> MALWARE-OTHER Backdoor.Java.Icefog.A download attempt (malware-other.rules)
 * 1:65007 <-> DISABLED <-> MALWARE-OTHER Trojan.Shell.Powerstats.A download attempt (malware-other.rules)
 * 1:64970 <-> DISABLED <-> MALWARE-OTHER Worm.JS.Proslikefan.K download attempt (malware-other.rules)
 * 1:65008 <-> DISABLED <-> MALWARE-OTHER Trojan.Shell.Powerstats.A download attempt (malware-other.rules)
 * 1:64969 <-> DISABLED <-> MALWARE-OTHER Backdoor.Java.Adwind.A download attempt (malware-other.rules)
 * 1:64963 <-> DISABLED <-> MALWARE-OTHER Backdoor.VBS.Janicab.A download attempt (malware-other.rules)
 * 1:64972 <-> DISABLED <-> MALWARE-OTHER Trojan.Win32.Bancyn.o download attempt (malware-other.rules)
 * 1:64973 <-> DISABLED <-> MALWARE-OTHER Trojan.Win32.Bancyn.o download attempt (malware-other.rules)
 * 1:64971 <-> DISABLED <-> MALWARE-OTHER Worm.JS.Proslikefan.K download attempt (malware-other.rules)
 * 1:64990 <-> DISABLED <-> MALWARE-OTHER Win.Loader.Stealc variant download attempt (malware-other.rules)
 * 1:65002 <-> DISABLED <-> MALWARE-OTHER Backdoor.Shell.Sharpstats.A download attempt (malware-other.rules)
 * 1:65001 <-> DISABLED <-> MALWARE-OTHER Backdoor.Shell.Sharpstats.A download attempt (malware-other.rules)
 * 1:64980 <-> DISABLED <-> MALWARE-OTHER Trojan.MacOS.LaoShu.A download attempt (malware-other.rules)
 * 1:64978 <-> DISABLED <-> MALWARE-OTHER Backdoor.Java.Adwind.C download attempt (malware-other.rules)
 * 1:64977 <-> DISABLED <-> MALWARE-OTHER Backdoor.Java.Icefog.A download attempt (malware-other.rules)
 * 1:64984 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt (malware-cnc.rules)
 * 1:64979 <-> DISABLED <-> MALWARE-OTHER Backdoor.Java.Adwind.C download attempt (malware-other.rules)
 * 1:64982 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt (malware-cnc.rules)
 * 1:64981 <-> DISABLED <-> MALWARE-OTHER Trojan.MacOS.LaoShu.A download attempt (malware-other.rules)
 * 1:64983 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt (malware-cnc.rules)
 * 1:64985 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt (malware-cnc.rules)
 * 1:64988 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt (malware-cnc.rules)
 * 1:64987 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt (malware-cnc.rules)
 * 1:64986 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt (malware-cnc.rules)
 * 1:64993 <-> DISABLED <-> MALWARE-OTHER Backdoor.PHP.Pbot.A download attempt (malware-other.rules)
 * 1:64989 <-> DISABLED <-> MALWARE-OTHER Win.Loader.Stealc variant download attempt (malware-other.rules)
 * 1:64992 <-> DISABLED <-> MALWARE-OTHER Backdoor.PHP.Pbot.A download attempt (malware-other.rules)
 * 1:64991 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Stealc variant outbound connection attempt (malware-cnc.rules)
 * 1:64994 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt (malware-cnc.rules)
 * 1:64997 <-> DISABLED <-> MALWARE-OTHER Trojan.Shell.Popkiomth.A download attempt (malware-other.rules)
 * 1:64996 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt (malware-cnc.rules)
 * 1:64995 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt (malware-cnc.rules)
 * 1:65000 <-> DISABLED <-> MALWARE-OTHER Worm.VBS.Iniduoh.B download attempt (malware-other.rules)
 * 1:64998 <-> DISABLED <-> MALWARE-OTHER Trojan.Shell.Popkiomth.A download attempt (malware-other.rules)
 * 1:65006 <-> DISABLED <-> MALWARE-OTHER Trojan.Shell.Rennosmud.A download attempt (malware-other.rules)
 * 1:65004 <-> DISABLED <-> MALWARE-OTHER Trojan-Downloader.JS.Ofauthin.A download attempt (malware-other.rules)
 * 1:64975 <-> DISABLED <-> MALWARE-OTHER Trojan.MacOS.Kitmos.A download attempt (malware-other.rules)
 * 1:65009 <-> DISABLED <-> MALWARE-OTHER Trojan.Win32.LockScreen.apr download attempt (malware-other.rules)
 * 1:64999 <-> DISABLED <-> MALWARE-OTHER Worm.VBS.Iniduoh.B download attempt (malware-other.rules)
 * 1:64968 <-> DISABLED <-> MALWARE-OTHER Backdoor.Java.Adwind.A download attempt (malware-other.rules)
 * 3:65011 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2025-2202 attack attempt (file-pdf.rules)
 * 3:65012 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2025-2202 attack attempt (file-pdf.rules)
 * 3:65013 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2025-2193 attack attempt (server-webapp.rules)

Modified Rules:


 * 1:64941 <-> DISABLED <-> SERVER-WEBAPP Yiiframework Yii 2 arbitrary behavior injection attempt (server-webapp.rules)
 * 1:50479 <-> ENABLED <-> MALWARE-TOOLS Win.Trojan.CoinMiner dropper transfer attempt (malware-tools.rules)
 * 1:60114 <-> DISABLED <-> SERVER-WEBAPP SAP NetWeaver directory traversal attempt (server-webapp.rules)
 * 1:60112 <-> DISABLED <-> SERVER-WEBAPP SAP NetWeaver directory traversal attempt (server-webapp.rules)
 * 1:64788 <-> ENABLED <-> SERVER-OTHER Erlang/OTP SSH potential remote code execution attempt (server-other.rules)
 * 1:64789 <-> DISABLED <-> APP-DETECT Erlang/OTP SSH server detected (app-detect.rules)
 * 1:50478 <-> ENABLED <-> MALWARE-TOOLS Win.Trojan.CoinMiner dropper transfer attempt (malware-tools.rules)

2025-06-03 13:16:02 UTC

Snort Subscriber Rules Update

Date: 2025-06-03

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2091401.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:64999 <-> DISABLED <-> MALWARE-OTHER Worm.VBS.Iniduoh.B download attempt (malware-other.rules)
 * 1:65010 <-> DISABLED <-> MALWARE-OTHER Trojan.Win32.LockScreen.apr download attempt (malware-other.rules)
 * 1:65006 <-> DISABLED <-> MALWARE-OTHER Trojan.Shell.Rennosmud.A download attempt (malware-other.rules)
 * 1:64989 <-> DISABLED <-> MALWARE-OTHER Win.Loader.Stealc variant download attempt (malware-other.rules)
 * 1:64998 <-> DISABLED <-> MALWARE-OTHER Trojan.Shell.Popkiomth.A download attempt (malware-other.rules)
 * 1:64996 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt (malware-cnc.rules)
 * 1:65005 <-> DISABLED <-> MALWARE-OTHER Trojan.Shell.Rennosmud.A download attempt (malware-other.rules)
 * 1:65007 <-> DISABLED <-> MALWARE-OTHER Trojan.Shell.Powerstats.A download attempt (malware-other.rules)
 * 1:64995 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt (malware-cnc.rules)
 * 1:64964 <-> DISABLED <-> MALWARE-OTHER Backdoor.VBS.Janicab.A download attempt (malware-other.rules)
 * 1:64997 <-> DISABLED <-> MALWARE-OTHER Trojan.Shell.Popkiomth.A download attempt (malware-other.rules)
 * 1:65004 <-> DISABLED <-> MALWARE-OTHER Trojan-Downloader.JS.Ofauthin.A download attempt (malware-other.rules)
 * 1:64966 <-> DISABLED <-> MALWARE-OTHER Trojan.Java.Jussuc.A download attempt (malware-other.rules)
 * 1:65009 <-> DISABLED <-> MALWARE-OTHER Trojan.Win32.LockScreen.apr download attempt (malware-other.rules)
 * 1:64987 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt (malware-cnc.rules)
 * 1:64992 <-> DISABLED <-> MALWARE-OTHER Backdoor.PHP.Pbot.A download attempt (malware-other.rules)
 * 1:64993 <-> DISABLED <-> MALWARE-OTHER Backdoor.PHP.Pbot.A download attempt (malware-other.rules)
 * 1:64991 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Stealc variant outbound connection attempt (malware-cnc.rules)
 * 1:64967 <-> DISABLED <-> MALWARE-OTHER Trojan.Java.Jussuc.A download attempt (malware-other.rules)
 * 1:64971 <-> DISABLED <-> MALWARE-OTHER Worm.JS.Proslikefan.K download attempt (malware-other.rules)
 * 1:65008 <-> DISABLED <-> MALWARE-OTHER Trojan.Shell.Powerstats.A download attempt (malware-other.rules)
 * 1:64972 <-> DISABLED <-> MALWARE-OTHER Trojan.Win32.Bancyn.o download attempt (malware-other.rules)
 * 1:64973 <-> DISABLED <-> MALWARE-OTHER Trojan.Win32.Bancyn.o download attempt (malware-other.rules)
 * 1:64978 <-> DISABLED <-> MALWARE-OTHER Backdoor.Java.Adwind.C download attempt (malware-other.rules)
 * 1:64976 <-> DISABLED <-> MALWARE-OTHER Backdoor.Java.Icefog.A download attempt (malware-other.rules)
 * 1:64977 <-> DISABLED <-> MALWARE-OTHER Backdoor.Java.Icefog.A download attempt (malware-other.rules)
 * 1:64982 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt (malware-cnc.rules)
 * 1:64994 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt (malware-cnc.rules)
 * 1:64981 <-> DISABLED <-> MALWARE-OTHER Trojan.MacOS.LaoShu.A download attempt (malware-other.rules)
 * 1:64980 <-> DISABLED <-> MALWARE-OTHER Trojan.MacOS.LaoShu.A download attempt (malware-other.rules)
 * 1:64986 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt (malware-cnc.rules)
 * 1:64979 <-> DISABLED <-> MALWARE-OTHER Backdoor.Java.Adwind.C download attempt (malware-other.rules)
 * 1:64984 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt (malware-cnc.rules)
 * 1:64985 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt (malware-cnc.rules)
 * 1:64990 <-> DISABLED <-> MALWARE-OTHER Win.Loader.Stealc variant download attempt (malware-other.rules)
 * 1:64983 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt (malware-cnc.rules)
 * 1:64988 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt (malware-cnc.rules)
 * 1:64965 <-> DISABLED <-> SERVER-MAIL Synacor Zimbra Collaboration Suite webmail classic stored cross-site scripting attempt (server-mail.rules)
 * 1:65003 <-> DISABLED <-> MALWARE-OTHER Trojan-Downloader.JS.Ofauthin.A download attempt (malware-other.rules)
 * 1:64969 <-> DISABLED <-> MALWARE-OTHER Backdoor.Java.Adwind.A download attempt (malware-other.rules)
 * 1:65002 <-> DISABLED <-> MALWARE-OTHER Backdoor.Shell.Sharpstats.A download attempt (malware-other.rules)
 * 1:65000 <-> DISABLED <-> MALWARE-OTHER Worm.VBS.Iniduoh.B download attempt (malware-other.rules)
 * 1:64963 <-> DISABLED <-> MALWARE-OTHER Backdoor.VBS.Janicab.A download attempt (malware-other.rules)
 * 1:64974 <-> DISABLED <-> MALWARE-OTHER Trojan.MacOS.Kitmos.A download attempt (malware-other.rules)
 * 1:64968 <-> DISABLED <-> MALWARE-OTHER Backdoor.Java.Adwind.A download attempt (malware-other.rules)
 * 1:64975 <-> DISABLED <-> MALWARE-OTHER Trojan.MacOS.Kitmos.A download attempt (malware-other.rules)
 * 1:64970 <-> DISABLED <-> MALWARE-OTHER Worm.JS.Proslikefan.K download attempt (malware-other.rules)
 * 1:65001 <-> DISABLED <-> MALWARE-OTHER Backdoor.Shell.Sharpstats.A download attempt (malware-other.rules)
 * 3:65011 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2025-2202 attack attempt (file-pdf.rules)
 * 3:65012 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2025-2202 attack attempt (file-pdf.rules)
 * 3:65013 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2025-2193 attack attempt (server-webapp.rules)

Modified Rules:


 * 1:50479 <-> ENABLED <-> MALWARE-TOOLS Win.Trojan.CoinMiner dropper transfer attempt (malware-tools.rules)
 * 1:60114 <-> DISABLED <-> SERVER-WEBAPP SAP NetWeaver directory traversal attempt (server-webapp.rules)
 * 1:60112 <-> DISABLED <-> SERVER-WEBAPP SAP NetWeaver directory traversal attempt (server-webapp.rules)
 * 1:64789 <-> DISABLED <-> APP-DETECT Erlang/OTP SSH server detected (app-detect.rules)
 * 1:64788 <-> ENABLED <-> SERVER-OTHER Erlang/OTP SSH potential remote code execution attempt (server-other.rules)
 * 1:64941 <-> DISABLED <-> SERVER-WEBAPP Yiiframework Yii 2 arbitrary behavior injection attempt (server-webapp.rules)
 * 1:50478 <-> ENABLED <-> MALWARE-TOOLS Win.Trojan.CoinMiner dropper transfer attempt (malware-tools.rules)

2025-06-03 13:16:02 UTC

Snort Subscriber Rules Update

Date: 2025-06-03

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2091300.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:65008 <-> DISABLED <-> MALWARE-OTHER Trojan.Shell.Powerstats.A download attempt (malware-other.rules)
 * 1:65010 <-> DISABLED <-> MALWARE-OTHER Trojan.Win32.LockScreen.apr download attempt (malware-other.rules)
 * 1:65003 <-> DISABLED <-> MALWARE-OTHER Trojan-Downloader.JS.Ofauthin.A download attempt (malware-other.rules)
 * 1:64971 <-> DISABLED <-> MALWARE-OTHER Worm.JS.Proslikefan.K download attempt (malware-other.rules)
 * 1:65004 <-> DISABLED <-> MALWARE-OTHER Trojan-Downloader.JS.Ofauthin.A download attempt (malware-other.rules)
 * 1:65006 <-> DISABLED <-> MALWARE-OTHER Trojan.Shell.Rennosmud.A download attempt (malware-other.rules)
 * 1:65000 <-> DISABLED <-> MALWARE-OTHER Worm.VBS.Iniduoh.B download attempt (malware-other.rules)
 * 1:64963 <-> DISABLED <-> MALWARE-OTHER Backdoor.VBS.Janicab.A download attempt (malware-other.rules)
 * 1:65002 <-> DISABLED <-> MALWARE-OTHER Backdoor.Shell.Sharpstats.A download attempt (malware-other.rules)
 * 1:64968 <-> DISABLED <-> MALWARE-OTHER Backdoor.Java.Adwind.A download attempt (malware-other.rules)
 * 1:64972 <-> DISABLED <-> MALWARE-OTHER Trojan.Win32.Bancyn.o download attempt (malware-other.rules)
 * 1:64973 <-> DISABLED <-> MALWARE-OTHER Trojan.Win32.Bancyn.o download attempt (malware-other.rules)
 * 1:64967 <-> DISABLED <-> MALWARE-OTHER Trojan.Java.Jussuc.A download attempt (malware-other.rules)
 * 1:65001 <-> DISABLED <-> MALWARE-OTHER Backdoor.Shell.Sharpstats.A download attempt (malware-other.rules)
 * 1:65007 <-> DISABLED <-> MALWARE-OTHER Trojan.Shell.Powerstats.A download attempt (malware-other.rules)
 * 1:64974 <-> DISABLED <-> MALWARE-OTHER Trojan.MacOS.Kitmos.A download attempt (malware-other.rules)
 * 1:64975 <-> DISABLED <-> MALWARE-OTHER Trojan.MacOS.Kitmos.A download attempt (malware-other.rules)
 * 1:64976 <-> DISABLED <-> MALWARE-OTHER Backdoor.Java.Icefog.A download attempt (malware-other.rules)
 * 1:64977 <-> DISABLED <-> MALWARE-OTHER Backdoor.Java.Icefog.A download attempt (malware-other.rules)
 * 1:64978 <-> DISABLED <-> MALWARE-OTHER Backdoor.Java.Adwind.C download attempt (malware-other.rules)
 * 1:64979 <-> DISABLED <-> MALWARE-OTHER Backdoor.Java.Adwind.C download attempt (malware-other.rules)
 * 1:64999 <-> DISABLED <-> MALWARE-OTHER Worm.VBS.Iniduoh.B download attempt (malware-other.rules)
 * 1:64980 <-> DISABLED <-> MALWARE-OTHER Trojan.MacOS.LaoShu.A download attempt (malware-other.rules)
 * 1:64981 <-> DISABLED <-> MALWARE-OTHER Trojan.MacOS.LaoShu.A download attempt (malware-other.rules)
 * 1:64982 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt (malware-cnc.rules)
 * 1:64983 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt (malware-cnc.rules)
 * 1:64984 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt (malware-cnc.rules)
 * 1:64985 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt (malware-cnc.rules)
 * 1:64986 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt (malware-cnc.rules)
 * 1:64987 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt (malware-cnc.rules)
 * 1:64988 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt (malware-cnc.rules)
 * 1:64989 <-> DISABLED <-> MALWARE-OTHER Win.Loader.Stealc variant download attempt (malware-other.rules)
 * 1:64990 <-> DISABLED <-> MALWARE-OTHER Win.Loader.Stealc variant download attempt (malware-other.rules)
 * 1:64991 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Stealc variant outbound connection attempt (malware-cnc.rules)
 * 1:64992 <-> DISABLED <-> MALWARE-OTHER Backdoor.PHP.Pbot.A download attempt (malware-other.rules)
 * 1:64993 <-> DISABLED <-> MALWARE-OTHER Backdoor.PHP.Pbot.A download attempt (malware-other.rules)
 * 1:64994 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt (malware-cnc.rules)
 * 1:64966 <-> DISABLED <-> MALWARE-OTHER Trojan.Java.Jussuc.A download attempt (malware-other.rules)
 * 1:64995 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt (malware-cnc.rules)
 * 1:64969 <-> DISABLED <-> MALWARE-OTHER Backdoor.Java.Adwind.A download attempt (malware-other.rules)
 * 1:64996 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt (malware-cnc.rules)
 * 1:64970 <-> DISABLED <-> MALWARE-OTHER Worm.JS.Proslikefan.K download attempt (malware-other.rules)
 * 1:65005 <-> DISABLED <-> MALWARE-OTHER Trojan.Shell.Rennosmud.A download attempt (malware-other.rules)
 * 1:64997 <-> DISABLED <-> MALWARE-OTHER Trojan.Shell.Popkiomth.A download attempt (malware-other.rules)
 * 1:64965 <-> DISABLED <-> SERVER-MAIL Synacor Zimbra Collaboration Suite webmail classic stored cross-site scripting attempt (server-mail.rules)
 * 1:64964 <-> DISABLED <-> MALWARE-OTHER Backdoor.VBS.Janicab.A download attempt (malware-other.rules)
 * 1:64998 <-> DISABLED <-> MALWARE-OTHER Trojan.Shell.Popkiomth.A download attempt (malware-other.rules)
 * 1:65009 <-> DISABLED <-> MALWARE-OTHER Trojan.Win32.LockScreen.apr download attempt (malware-other.rules)
 * 3:65011 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2025-2202 attack attempt (file-pdf.rules)
 * 3:65012 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2025-2202 attack attempt (file-pdf.rules)
 * 3:65013 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2025-2193 attack attempt (server-webapp.rules)

Modified Rules:


 * 1:60112 <-> DISABLED <-> SERVER-WEBAPP SAP NetWeaver directory traversal attempt (server-webapp.rules)
 * 1:50479 <-> ENABLED <-> MALWARE-TOOLS Win.Trojan.CoinMiner dropper transfer attempt (malware-tools.rules)
 * 1:64788 <-> ENABLED <-> SERVER-OTHER Erlang/OTP SSH potential remote code execution attempt (server-other.rules)
 * 1:64789 <-> DISABLED <-> APP-DETECT Erlang/OTP SSH server detected (app-detect.rules)
 * 1:60114 <-> DISABLED <-> SERVER-WEBAPP SAP NetWeaver directory traversal attempt (server-webapp.rules)
 * 1:64941 <-> DISABLED <-> SERVER-WEBAPP Yiiframework Yii 2 arbitrary behavior injection attempt (server-webapp.rules)
 * 1:50478 <-> ENABLED <-> MALWARE-TOOLS Win.Trojan.CoinMiner dropper transfer attempt (malware-tools.rules)

2025-06-03 13:16:02 UTC

Snort Subscriber Rules Update

Date: 2025-06-03

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2091101.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:65007 <-> DISABLED <-> MALWARE-OTHER Trojan.Shell.Powerstats.A download attempt (malware-other.rules)
 * 1:65004 <-> DISABLED <-> MALWARE-OTHER Trojan-Downloader.JS.Ofauthin.A download attempt (malware-other.rules)
 * 1:65009 <-> DISABLED <-> MALWARE-OTHER Trojan.Win32.LockScreen.apr download attempt (malware-other.rules)
 * 1:65000 <-> DISABLED <-> MALWARE-OTHER Worm.VBS.Iniduoh.B download attempt (malware-other.rules)
 * 1:64965 <-> DISABLED <-> SERVER-MAIL Synacor Zimbra Collaboration Suite webmail classic stored cross-site scripting attempt (server-mail.rules)
 * 1:65001 <-> DISABLED <-> MALWARE-OTHER Backdoor.Shell.Sharpstats.A download attempt (malware-other.rules)
 * 1:64963 <-> DISABLED <-> MALWARE-OTHER Backdoor.VBS.Janicab.A download attempt (malware-other.rules)
 * 1:64968 <-> DISABLED <-> MALWARE-OTHER Backdoor.Java.Adwind.A download attempt (malware-other.rules)
 * 1:65008 <-> DISABLED <-> MALWARE-OTHER Trojan.Shell.Powerstats.A download attempt (malware-other.rules)
 * 1:64964 <-> DISABLED <-> MALWARE-OTHER Backdoor.VBS.Janicab.A download attempt (malware-other.rules)
 * 1:64999 <-> DISABLED <-> MALWARE-OTHER Worm.VBS.Iniduoh.B download attempt (malware-other.rules)
 * 1:64967 <-> DISABLED <-> MALWARE-OTHER Trojan.Java.Jussuc.A download attempt (malware-other.rules)
 * 1:65002 <-> DISABLED <-> MALWARE-OTHER Backdoor.Shell.Sharpstats.A download attempt (malware-other.rules)
 * 1:64972 <-> DISABLED <-> MALWARE-OTHER Trojan.Win32.Bancyn.o download attempt (malware-other.rules)
 * 1:64973 <-> DISABLED <-> MALWARE-OTHER Trojan.Win32.Bancyn.o download attempt (malware-other.rules)
 * 1:64974 <-> DISABLED <-> MALWARE-OTHER Trojan.MacOS.Kitmos.A download attempt (malware-other.rules)
 * 1:64975 <-> DISABLED <-> MALWARE-OTHER Trojan.MacOS.Kitmos.A download attempt (malware-other.rules)
 * 1:64976 <-> DISABLED <-> MALWARE-OTHER Backdoor.Java.Icefog.A download attempt (malware-other.rules)
 * 1:64977 <-> DISABLED <-> MALWARE-OTHER Backdoor.Java.Icefog.A download attempt (malware-other.rules)
 * 1:64978 <-> DISABLED <-> MALWARE-OTHER Backdoor.Java.Adwind.C download attempt (malware-other.rules)
 * 1:64979 <-> DISABLED <-> MALWARE-OTHER Backdoor.Java.Adwind.C download attempt (malware-other.rules)
 * 1:64980 <-> DISABLED <-> MALWARE-OTHER Trojan.MacOS.LaoShu.A download attempt (malware-other.rules)
 * 1:64981 <-> DISABLED <-> MALWARE-OTHER Trojan.MacOS.LaoShu.A download attempt (malware-other.rules)
 * 1:64982 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt (malware-cnc.rules)
 * 1:64983 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt (malware-cnc.rules)
 * 1:64966 <-> DISABLED <-> MALWARE-OTHER Trojan.Java.Jussuc.A download attempt (malware-other.rules)
 * 1:64984 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt (malware-cnc.rules)
 * 1:64970 <-> DISABLED <-> MALWARE-OTHER Worm.JS.Proslikefan.K download attempt (malware-other.rules)
 * 1:64985 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt (malware-cnc.rules)
 * 1:65005 <-> DISABLED <-> MALWARE-OTHER Trojan.Shell.Rennosmud.A download attempt (malware-other.rules)
 * 1:65003 <-> DISABLED <-> MALWARE-OTHER Trojan-Downloader.JS.Ofauthin.A download attempt (malware-other.rules)
 * 1:64986 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt (malware-cnc.rules)
 * 1:65006 <-> DISABLED <-> MALWARE-OTHER Trojan.Shell.Rennosmud.A download attempt (malware-other.rules)
 * 1:64987 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt (malware-cnc.rules)
 * 1:64988 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt (malware-cnc.rules)
 * 1:64989 <-> DISABLED <-> MALWARE-OTHER Win.Loader.Stealc variant download attempt (malware-other.rules)
 * 1:64990 <-> DISABLED <-> MALWARE-OTHER Win.Loader.Stealc variant download attempt (malware-other.rules)
 * 1:64969 <-> DISABLED <-> MALWARE-OTHER Backdoor.Java.Adwind.A download attempt (malware-other.rules)
 * 1:64991 <-> DISABLED <-> MALWARE-CNC Win.InfoStealer.Stealc variant outbound connection attempt (malware-cnc.rules)
 * 1:64992 <-> DISABLED <-> MALWARE-OTHER Backdoor.PHP.Pbot.A download attempt (malware-other.rules)
 * 1:64971 <-> DISABLED <-> MALWARE-OTHER Worm.JS.Proslikefan.K download attempt (malware-other.rules)
 * 1:64993 <-> DISABLED <-> MALWARE-OTHER Backdoor.PHP.Pbot.A download attempt (malware-other.rules)
 * 1:64994 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt (malware-cnc.rules)
 * 1:65010 <-> DISABLED <-> MALWARE-OTHER Trojan.Win32.LockScreen.apr download attempt (malware-other.rules)
 * 1:64995 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt (malware-cnc.rules)
 * 1:64996 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt (malware-cnc.rules)
 * 1:64997 <-> DISABLED <-> MALWARE-OTHER Trojan.Shell.Popkiomth.A download attempt (malware-other.rules)
 * 1:64998 <-> DISABLED <-> MALWARE-OTHER Trojan.Shell.Popkiomth.A download attempt (malware-other.rules)
 * 3:65011 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2025-2202 attack attempt (file-pdf.rules)
 * 3:65012 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2025-2202 attack attempt (file-pdf.rules)
 * 3:65013 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2025-2193 attack attempt (server-webapp.rules)

Modified Rules:


 * 1:64788 <-> ENABLED <-> SERVER-OTHER Erlang/OTP SSH potential remote code execution attempt (server-other.rules)
 * 1:50479 <-> ENABLED <-> MALWARE-TOOLS Win.Trojan.CoinMiner dropper transfer attempt (malware-tools.rules)
 * 1:60114 <-> DISABLED <-> SERVER-WEBAPP SAP NetWeaver directory traversal attempt (server-webapp.rules)
 * 1:60112 <-> DISABLED <-> SERVER-WEBAPP SAP NetWeaver directory traversal attempt (server-webapp.rules)
 * 1:64789 <-> DISABLED <-> APP-DETECT Erlang/OTP SSH server detected (app-detect.rules)
 * 1:64941 <-> DISABLED <-> SERVER-WEBAPP Yiiframework Yii 2 arbitrary behavior injection attempt (server-webapp.rules)
 * 1:50478 <-> ENABLED <-> MALWARE-TOOLS Win.Trojan.CoinMiner dropper transfer attempt (malware-tools.rules)

2025-06-03 13:18:56 UTC

Snort Subscriber Rules Update

Date: 2025-06-02-002

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.0.0.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:301225 <-> MALWARE-OTHER Backdoor.VBS.Janicab.A download attempt
* 1:301226 <-> MALWARE-OTHER Trojan.Java.Jussuc.A download attempt
* 1:301227 <-> MALWARE-OTHER Backdoor.Java.Adwind.A download attempt
* 1:301228 <-> MALWARE-OTHER Worm.JS.Proslikefan.K download attempt
* 1:301229 <-> MALWARE-OTHER Trojan.Win32.Bancyn.o download attempt
* 1:301230 <-> FILE-OFFICE Microsoft Office Excel ddeService command execution attempt
* 1:301231 <-> MALWARE-OTHER Trojan.MacOS.Kitmos.A download attempt
* 1:301232 <-> MALWARE-OTHER Backdoor.Java.Icefog.A download attempt
* 1:301233 <-> MALWARE-OTHER Backdoor.Java.Adwind.C download attempt
* 1:301234 <-> MALWARE-OTHER Trojan.MacOS.LaoShu.A download attempt
* 1:301235 <-> MALWARE-OTHER Win.Loader.Stealc variant download attempt
* 1:301236 <-> MALWARE-OTHER Backdoor.PHP.Pbot.A download attempt
* 1:301237 <-> MALWARE-OTHER Trojan.Shell.Popkiomth.A download attempt
* 1:301238 <-> MALWARE-OTHER Worm.VBS.Iniduoh.B download attempt
* 1:301239 <-> MALWARE-OTHER Backdoor.Shell.Sharpstats.A download attempt
* 1:301240 <-> MALWARE-OTHER Trojan-Downloader.JS.Ofauthin.A download attempt
* 1:301241 <-> MALWARE-OTHER Trojan.Shell.Rennosmud.A download attempt
* 1:301242 <-> MALWARE-OTHER Trojan.Shell.Powerstats.A download attempt
* 1:301243 <-> MALWARE-OTHER Trojan.Win32.LockScreen.apr download attempt
* 1:64965 <-> SERVER-MAIL Synacor Zimbra Collaboration Suite webmail classic stored cross-site scripting attempt
* 1:64982 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64983 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64984 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64985 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64986 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64987 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64988 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64991 <-> MALWARE-CNC Win.InfoStealer.Stealc variant outbound connection attempt
* 1:64994 <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt
* 1:64995 <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt
* 1:64996 <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt
* 3:65011 <-> FILE-PDF TRUFFLEHUNTER TALOS-2025-2202 attack attempt
* 3:65012 <-> FILE-PDF TRUFFLEHUNTER TALOS-2025-2202 attack attempt
* 3:65013 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2025-2193 attack attempt

Modified Rules:

* 1:50478 <-> MALWARE-TOOLS Win.Trojan.CoinMiner dropper transfer attempt
* 1:50479 <-> MALWARE-TOOLS Win.Trojan.CoinMiner dropper transfer attempt
* 1:64941 <-> SERVER-WEBAPP Yiiframework Yii 2 arbitrary PHP code injection attempt


2025-06-03 13:18:56 UTC

Snort Subscriber Rules Update

Date: 2025-06-02-002

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.0.3.1.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:301225 <-> MALWARE-OTHER Backdoor.VBS.Janicab.A download attempt
* 1:301226 <-> MALWARE-OTHER Trojan.Java.Jussuc.A download attempt
* 1:301227 <-> MALWARE-OTHER Backdoor.Java.Adwind.A download attempt
* 1:301228 <-> MALWARE-OTHER Worm.JS.Proslikefan.K download attempt
* 1:301229 <-> MALWARE-OTHER Trojan.Win32.Bancyn.o download attempt
* 1:301230 <-> FILE-OFFICE Microsoft Office Excel ddeService command execution attempt
* 1:301231 <-> MALWARE-OTHER Trojan.MacOS.Kitmos.A download attempt
* 1:301232 <-> MALWARE-OTHER Backdoor.Java.Icefog.A download attempt
* 1:301233 <-> MALWARE-OTHER Backdoor.Java.Adwind.C download attempt
* 1:301234 <-> MALWARE-OTHER Trojan.MacOS.LaoShu.A download attempt
* 1:301235 <-> MALWARE-OTHER Win.Loader.Stealc variant download attempt
* 1:301236 <-> MALWARE-OTHER Backdoor.PHP.Pbot.A download attempt
* 1:301237 <-> MALWARE-OTHER Trojan.Shell.Popkiomth.A download attempt
* 1:301238 <-> MALWARE-OTHER Worm.VBS.Iniduoh.B download attempt
* 1:301239 <-> MALWARE-OTHER Backdoor.Shell.Sharpstats.A download attempt
* 1:301240 <-> MALWARE-OTHER Trojan-Downloader.JS.Ofauthin.A download attempt
* 1:301241 <-> MALWARE-OTHER Trojan.Shell.Rennosmud.A download attempt
* 1:301242 <-> MALWARE-OTHER Trojan.Shell.Powerstats.A download attempt
* 1:301243 <-> MALWARE-OTHER Trojan.Win32.LockScreen.apr download attempt
* 1:64965 <-> SERVER-MAIL Synacor Zimbra Collaboration Suite webmail classic stored cross-site scripting attempt
* 1:64982 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64983 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64984 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64985 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64986 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64987 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64988 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64991 <-> MALWARE-CNC Win.InfoStealer.Stealc variant outbound connection attempt
* 1:64994 <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt
* 1:64995 <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt
* 1:64996 <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt
* 3:65011 <-> FILE-PDF TRUFFLEHUNTER TALOS-2025-2202 attack attempt
* 3:65012 <-> FILE-PDF TRUFFLEHUNTER TALOS-2025-2202 attack attempt
* 3:65013 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2025-2193 attack attempt

Modified Rules:

* 1:50478 <-> MALWARE-TOOLS Win.Trojan.CoinMiner dropper transfer attempt
* 1:50479 <-> MALWARE-TOOLS Win.Trojan.CoinMiner dropper transfer attempt
* 1:64941 <-> SERVER-WEBAPP Yiiframework Yii 2 arbitrary PHP code injection attempt


2025-06-03 13:18:56 UTC

Snort Subscriber Rules Update

Date: 2025-06-02-002

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.0.3.4.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:301225 <-> MALWARE-OTHER Backdoor.VBS.Janicab.A download attempt
* 1:301226 <-> MALWARE-OTHER Trojan.Java.Jussuc.A download attempt
* 1:301227 <-> MALWARE-OTHER Backdoor.Java.Adwind.A download attempt
* 1:301228 <-> MALWARE-OTHER Worm.JS.Proslikefan.K download attempt
* 1:301229 <-> MALWARE-OTHER Trojan.Win32.Bancyn.o download attempt
* 1:301230 <-> FILE-OFFICE Microsoft Office Excel ddeService command execution attempt
* 1:301231 <-> MALWARE-OTHER Trojan.MacOS.Kitmos.A download attempt
* 1:301232 <-> MALWARE-OTHER Backdoor.Java.Icefog.A download attempt
* 1:301233 <-> MALWARE-OTHER Backdoor.Java.Adwind.C download attempt
* 1:301234 <-> MALWARE-OTHER Trojan.MacOS.LaoShu.A download attempt
* 1:301235 <-> MALWARE-OTHER Win.Loader.Stealc variant download attempt
* 1:301236 <-> MALWARE-OTHER Backdoor.PHP.Pbot.A download attempt
* 1:301237 <-> MALWARE-OTHER Trojan.Shell.Popkiomth.A download attempt
* 1:301238 <-> MALWARE-OTHER Worm.VBS.Iniduoh.B download attempt
* 1:301239 <-> MALWARE-OTHER Backdoor.Shell.Sharpstats.A download attempt
* 1:301240 <-> MALWARE-OTHER Trojan-Downloader.JS.Ofauthin.A download attempt
* 1:301241 <-> MALWARE-OTHER Trojan.Shell.Rennosmud.A download attempt
* 1:301242 <-> MALWARE-OTHER Trojan.Shell.Powerstats.A download attempt
* 1:301243 <-> MALWARE-OTHER Trojan.Win32.LockScreen.apr download attempt
* 1:64965 <-> SERVER-MAIL Synacor Zimbra Collaboration Suite webmail classic stored cross-site scripting attempt
* 1:64982 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64983 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64984 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64985 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64986 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64987 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64988 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64991 <-> MALWARE-CNC Win.InfoStealer.Stealc variant outbound connection attempt
* 1:64994 <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt
* 1:64995 <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt
* 1:64996 <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt
* 3:65011 <-> FILE-PDF TRUFFLEHUNTER TALOS-2025-2202 attack attempt
* 3:65012 <-> FILE-PDF TRUFFLEHUNTER TALOS-2025-2202 attack attempt
* 3:65013 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2025-2193 attack attempt

Modified Rules:

* 1:50478 <-> MALWARE-TOOLS Win.Trojan.CoinMiner dropper transfer attempt
* 1:50479 <-> MALWARE-TOOLS Win.Trojan.CoinMiner dropper transfer attempt
* 1:64941 <-> SERVER-WEBAPP Yiiframework Yii 2 arbitrary PHP code injection attempt


2025-06-03 13:18:56 UTC

Snort Subscriber Rules Update

Date: 2025-06-02-002

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.0.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:301225 <-> MALWARE-OTHER Backdoor.VBS.Janicab.A download attempt
* 1:301226 <-> MALWARE-OTHER Trojan.Java.Jussuc.A download attempt
* 1:301227 <-> MALWARE-OTHER Backdoor.Java.Adwind.A download attempt
* 1:301228 <-> MALWARE-OTHER Worm.JS.Proslikefan.K download attempt
* 1:301229 <-> MALWARE-OTHER Trojan.Win32.Bancyn.o download attempt
* 1:301230 <-> FILE-OFFICE Microsoft Office Excel ddeService command execution attempt
* 1:301231 <-> MALWARE-OTHER Trojan.MacOS.Kitmos.A download attempt
* 1:301232 <-> MALWARE-OTHER Backdoor.Java.Icefog.A download attempt
* 1:301233 <-> MALWARE-OTHER Backdoor.Java.Adwind.C download attempt
* 1:301234 <-> MALWARE-OTHER Trojan.MacOS.LaoShu.A download attempt
* 1:301235 <-> MALWARE-OTHER Win.Loader.Stealc variant download attempt
* 1:301236 <-> MALWARE-OTHER Backdoor.PHP.Pbot.A download attempt
* 1:301237 <-> MALWARE-OTHER Trojan.Shell.Popkiomth.A download attempt
* 1:301238 <-> MALWARE-OTHER Worm.VBS.Iniduoh.B download attempt
* 1:301239 <-> MALWARE-OTHER Backdoor.Shell.Sharpstats.A download attempt
* 1:301240 <-> MALWARE-OTHER Trojan-Downloader.JS.Ofauthin.A download attempt
* 1:301241 <-> MALWARE-OTHER Trojan.Shell.Rennosmud.A download attempt
* 1:301242 <-> MALWARE-OTHER Trojan.Shell.Powerstats.A download attempt
* 1:301243 <-> MALWARE-OTHER Trojan.Win32.LockScreen.apr download attempt
* 1:64965 <-> SERVER-MAIL Synacor Zimbra Collaboration Suite webmail classic stored cross-site scripting attempt
* 1:64982 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64983 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64984 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64985 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64986 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64987 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64988 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64991 <-> MALWARE-CNC Win.InfoStealer.Stealc variant outbound connection attempt
* 1:64994 <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt
* 1:64995 <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt
* 1:64996 <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt
* 3:65011 <-> FILE-PDF TRUFFLEHUNTER TALOS-2025-2202 attack attempt
* 3:65012 <-> FILE-PDF TRUFFLEHUNTER TALOS-2025-2202 attack attempt
* 3:65013 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2025-2193 attack attempt

Modified Rules:

* 1:50478 <-> MALWARE-TOOLS Win.Trojan.CoinMiner dropper transfer attempt
* 1:50479 <-> MALWARE-TOOLS Win.Trojan.CoinMiner dropper transfer attempt
* 1:64941 <-> SERVER-WEBAPP Yiiframework Yii 2 arbitrary PHP code injection attempt


2025-06-03 13:18:56 UTC

Snort Subscriber Rules Update

Date: 2025-06-02-002

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.0.1.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:301225 <-> MALWARE-OTHER Backdoor.VBS.Janicab.A download attempt
* 1:301226 <-> MALWARE-OTHER Trojan.Java.Jussuc.A download attempt
* 1:301227 <-> MALWARE-OTHER Backdoor.Java.Adwind.A download attempt
* 1:301228 <-> MALWARE-OTHER Worm.JS.Proslikefan.K download attempt
* 1:301229 <-> MALWARE-OTHER Trojan.Win32.Bancyn.o download attempt
* 1:301230 <-> FILE-OFFICE Microsoft Office Excel ddeService command execution attempt
* 1:301231 <-> MALWARE-OTHER Trojan.MacOS.Kitmos.A download attempt
* 1:301232 <-> MALWARE-OTHER Backdoor.Java.Icefog.A download attempt
* 1:301233 <-> MALWARE-OTHER Backdoor.Java.Adwind.C download attempt
* 1:301234 <-> MALWARE-OTHER Trojan.MacOS.LaoShu.A download attempt
* 1:301235 <-> MALWARE-OTHER Win.Loader.Stealc variant download attempt
* 1:301236 <-> MALWARE-OTHER Backdoor.PHP.Pbot.A download attempt
* 1:301237 <-> MALWARE-OTHER Trojan.Shell.Popkiomth.A download attempt
* 1:301238 <-> MALWARE-OTHER Worm.VBS.Iniduoh.B download attempt
* 1:301239 <-> MALWARE-OTHER Backdoor.Shell.Sharpstats.A download attempt
* 1:301240 <-> MALWARE-OTHER Trojan-Downloader.JS.Ofauthin.A download attempt
* 1:301241 <-> MALWARE-OTHER Trojan.Shell.Rennosmud.A download attempt
* 1:301242 <-> MALWARE-OTHER Trojan.Shell.Powerstats.A download attempt
* 1:301243 <-> MALWARE-OTHER Trojan.Win32.LockScreen.apr download attempt
* 1:64965 <-> SERVER-MAIL Synacor Zimbra Collaboration Suite webmail classic stored cross-site scripting attempt
* 1:64982 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64983 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64984 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64985 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64986 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64987 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64988 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64991 <-> MALWARE-CNC Win.InfoStealer.Stealc variant outbound connection attempt
* 1:64994 <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt
* 1:64995 <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt
* 1:64996 <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt
* 3:65011 <-> FILE-PDF TRUFFLEHUNTER TALOS-2025-2202 attack attempt
* 3:65012 <-> FILE-PDF TRUFFLEHUNTER TALOS-2025-2202 attack attempt
* 3:65013 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2025-2193 attack attempt

Modified Rules:

* 1:50478 <-> MALWARE-TOOLS Win.Trojan.CoinMiner dropper transfer attempt
* 1:50479 <-> MALWARE-TOOLS Win.Trojan.CoinMiner dropper transfer attempt
* 1:64941 <-> SERVER-WEBAPP Yiiframework Yii 2 arbitrary PHP code injection attempt


2025-06-03 13:18:56 UTC

Snort Subscriber Rules Update

Date: 2025-06-02-002

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.1.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:301225 <-> MALWARE-OTHER Backdoor.VBS.Janicab.A download attempt
* 1:301226 <-> MALWARE-OTHER Trojan.Java.Jussuc.A download attempt
* 1:301227 <-> MALWARE-OTHER Backdoor.Java.Adwind.A download attempt
* 1:301228 <-> MALWARE-OTHER Worm.JS.Proslikefan.K download attempt
* 1:301229 <-> MALWARE-OTHER Trojan.Win32.Bancyn.o download attempt
* 1:301230 <-> FILE-OFFICE Microsoft Office Excel ddeService command execution attempt
* 1:301231 <-> MALWARE-OTHER Trojan.MacOS.Kitmos.A download attempt
* 1:301232 <-> MALWARE-OTHER Backdoor.Java.Icefog.A download attempt
* 1:301233 <-> MALWARE-OTHER Backdoor.Java.Adwind.C download attempt
* 1:301234 <-> MALWARE-OTHER Trojan.MacOS.LaoShu.A download attempt
* 1:301235 <-> MALWARE-OTHER Win.Loader.Stealc variant download attempt
* 1:301236 <-> MALWARE-OTHER Backdoor.PHP.Pbot.A download attempt
* 1:301237 <-> MALWARE-OTHER Trojan.Shell.Popkiomth.A download attempt
* 1:301238 <-> MALWARE-OTHER Worm.VBS.Iniduoh.B download attempt
* 1:301239 <-> MALWARE-OTHER Backdoor.Shell.Sharpstats.A download attempt
* 1:301240 <-> MALWARE-OTHER Trojan-Downloader.JS.Ofauthin.A download attempt
* 1:301241 <-> MALWARE-OTHER Trojan.Shell.Rennosmud.A download attempt
* 1:301242 <-> MALWARE-OTHER Trojan.Shell.Powerstats.A download attempt
* 1:301243 <-> MALWARE-OTHER Trojan.Win32.LockScreen.apr download attempt
* 1:64965 <-> SERVER-MAIL Synacor Zimbra Collaboration Suite webmail classic stored cross-site scripting attempt
* 1:64982 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64983 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64984 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64985 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64986 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64987 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64988 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64991 <-> MALWARE-CNC Win.InfoStealer.Stealc variant outbound connection attempt
* 1:64994 <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt
* 1:64995 <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt
* 1:64996 <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt
* 3:65011 <-> FILE-PDF TRUFFLEHUNTER TALOS-2025-2202 attack attempt
* 3:65012 <-> FILE-PDF TRUFFLEHUNTER TALOS-2025-2202 attack attempt
* 3:65013 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2025-2193 attack attempt

Modified Rules:

* 1:50478 <-> MALWARE-TOOLS Win.Trojan.CoinMiner dropper transfer attempt
* 1:50479 <-> MALWARE-TOOLS Win.Trojan.CoinMiner dropper transfer attempt
* 1:64941 <-> SERVER-WEBAPP Yiiframework Yii 2 arbitrary PHP code injection attempt


2025-06-03 13:18:56 UTC

Snort Subscriber Rules Update

Date: 2025-06-02-002

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.3.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:301225 <-> MALWARE-OTHER Backdoor.VBS.Janicab.A download attempt
* 1:301226 <-> MALWARE-OTHER Trojan.Java.Jussuc.A download attempt
* 1:301227 <-> MALWARE-OTHER Backdoor.Java.Adwind.A download attempt
* 1:301228 <-> MALWARE-OTHER Worm.JS.Proslikefan.K download attempt
* 1:301229 <-> MALWARE-OTHER Trojan.Win32.Bancyn.o download attempt
* 1:301230 <-> FILE-OFFICE Microsoft Office Excel ddeService command execution attempt
* 1:301231 <-> MALWARE-OTHER Trojan.MacOS.Kitmos.A download attempt
* 1:301232 <-> MALWARE-OTHER Backdoor.Java.Icefog.A download attempt
* 1:301233 <-> MALWARE-OTHER Backdoor.Java.Adwind.C download attempt
* 1:301234 <-> MALWARE-OTHER Trojan.MacOS.LaoShu.A download attempt
* 1:301235 <-> MALWARE-OTHER Win.Loader.Stealc variant download attempt
* 1:301236 <-> MALWARE-OTHER Backdoor.PHP.Pbot.A download attempt
* 1:301237 <-> MALWARE-OTHER Trojan.Shell.Popkiomth.A download attempt
* 1:301238 <-> MALWARE-OTHER Worm.VBS.Iniduoh.B download attempt
* 1:301239 <-> MALWARE-OTHER Backdoor.Shell.Sharpstats.A download attempt
* 1:301240 <-> MALWARE-OTHER Trojan-Downloader.JS.Ofauthin.A download attempt
* 1:301241 <-> MALWARE-OTHER Trojan.Shell.Rennosmud.A download attempt
* 1:301242 <-> MALWARE-OTHER Trojan.Shell.Powerstats.A download attempt
* 1:301243 <-> MALWARE-OTHER Trojan.Win32.LockScreen.apr download attempt
* 1:64965 <-> SERVER-MAIL Synacor Zimbra Collaboration Suite webmail classic stored cross-site scripting attempt
* 1:64982 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64983 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64984 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64985 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64986 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64987 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64988 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64991 <-> MALWARE-CNC Win.InfoStealer.Stealc variant outbound connection attempt
* 1:64994 <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt
* 1:64995 <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt
* 1:64996 <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt
* 3:65011 <-> FILE-PDF TRUFFLEHUNTER TALOS-2025-2202 attack attempt
* 3:65012 <-> FILE-PDF TRUFFLEHUNTER TALOS-2025-2202 attack attempt
* 3:65013 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2025-2193 attack attempt

Modified Rules:

* 1:50478 <-> MALWARE-TOOLS Win.Trojan.CoinMiner dropper transfer attempt
* 1:50479 <-> MALWARE-TOOLS Win.Trojan.CoinMiner dropper transfer attempt
* 1:64941 <-> SERVER-WEBAPP Yiiframework Yii 2 arbitrary PHP code injection attempt


2025-06-03 13:18:56 UTC

Snort Subscriber Rules Update

Date: 2025-06-02-002

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.4.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:301225 <-> MALWARE-OTHER Backdoor.VBS.Janicab.A download attempt
* 1:301226 <-> MALWARE-OTHER Trojan.Java.Jussuc.A download attempt
* 1:301227 <-> MALWARE-OTHER Backdoor.Java.Adwind.A download attempt
* 1:301228 <-> MALWARE-OTHER Worm.JS.Proslikefan.K download attempt
* 1:301229 <-> MALWARE-OTHER Trojan.Win32.Bancyn.o download attempt
* 1:301230 <-> FILE-OFFICE Microsoft Office Excel ddeService command execution attempt
* 1:301231 <-> MALWARE-OTHER Trojan.MacOS.Kitmos.A download attempt
* 1:301232 <-> MALWARE-OTHER Backdoor.Java.Icefog.A download attempt
* 1:301233 <-> MALWARE-OTHER Backdoor.Java.Adwind.C download attempt
* 1:301234 <-> MALWARE-OTHER Trojan.MacOS.LaoShu.A download attempt
* 1:301235 <-> MALWARE-OTHER Win.Loader.Stealc variant download attempt
* 1:301236 <-> MALWARE-OTHER Backdoor.PHP.Pbot.A download attempt
* 1:301237 <-> MALWARE-OTHER Trojan.Shell.Popkiomth.A download attempt
* 1:301238 <-> MALWARE-OTHER Worm.VBS.Iniduoh.B download attempt
* 1:301239 <-> MALWARE-OTHER Backdoor.Shell.Sharpstats.A download attempt
* 1:301240 <-> MALWARE-OTHER Trojan-Downloader.JS.Ofauthin.A download attempt
* 1:301241 <-> MALWARE-OTHER Trojan.Shell.Rennosmud.A download attempt
* 1:301242 <-> MALWARE-OTHER Trojan.Shell.Powerstats.A download attempt
* 1:301243 <-> MALWARE-OTHER Trojan.Win32.LockScreen.apr download attempt
* 1:64965 <-> SERVER-MAIL Synacor Zimbra Collaboration Suite webmail classic stored cross-site scripting attempt
* 1:64982 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64983 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64984 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64985 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64986 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64987 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64988 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64991 <-> MALWARE-CNC Win.InfoStealer.Stealc variant outbound connection attempt
* 1:64994 <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt
* 1:64995 <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt
* 1:64996 <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt
* 3:65011 <-> FILE-PDF TRUFFLEHUNTER TALOS-2025-2202 attack attempt
* 3:65012 <-> FILE-PDF TRUFFLEHUNTER TALOS-2025-2202 attack attempt
* 3:65013 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2025-2193 attack attempt

Modified Rules:

* 1:50478 <-> MALWARE-TOOLS Win.Trojan.CoinMiner dropper transfer attempt
* 1:50479 <-> MALWARE-TOOLS Win.Trojan.CoinMiner dropper transfer attempt
* 1:64941 <-> SERVER-WEBAPP Yiiframework Yii 2 arbitrary PHP code injection attempt


2025-06-03 13:18:57 UTC

Snort Subscriber Rules Update

Date: 2025-06-02-002

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.5.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:301225 <-> MALWARE-OTHER Backdoor.VBS.Janicab.A download attempt
* 1:301226 <-> MALWARE-OTHER Trojan.Java.Jussuc.A download attempt
* 1:301227 <-> MALWARE-OTHER Backdoor.Java.Adwind.A download attempt
* 1:301228 <-> MALWARE-OTHER Worm.JS.Proslikefan.K download attempt
* 1:301229 <-> MALWARE-OTHER Trojan.Win32.Bancyn.o download attempt
* 1:301230 <-> FILE-OFFICE Microsoft Office Excel ddeService command execution attempt
* 1:301231 <-> MALWARE-OTHER Trojan.MacOS.Kitmos.A download attempt
* 1:301232 <-> MALWARE-OTHER Backdoor.Java.Icefog.A download attempt
* 1:301233 <-> MALWARE-OTHER Backdoor.Java.Adwind.C download attempt
* 1:301234 <-> MALWARE-OTHER Trojan.MacOS.LaoShu.A download attempt
* 1:301235 <-> MALWARE-OTHER Win.Loader.Stealc variant download attempt
* 1:301236 <-> MALWARE-OTHER Backdoor.PHP.Pbot.A download attempt
* 1:301237 <-> MALWARE-OTHER Trojan.Shell.Popkiomth.A download attempt
* 1:301238 <-> MALWARE-OTHER Worm.VBS.Iniduoh.B download attempt
* 1:301239 <-> MALWARE-OTHER Backdoor.Shell.Sharpstats.A download attempt
* 1:301240 <-> MALWARE-OTHER Trojan-Downloader.JS.Ofauthin.A download attempt
* 1:301241 <-> MALWARE-OTHER Trojan.Shell.Rennosmud.A download attempt
* 1:301242 <-> MALWARE-OTHER Trojan.Shell.Powerstats.A download attempt
* 1:301243 <-> MALWARE-OTHER Trojan.Win32.LockScreen.apr download attempt
* 1:64965 <-> SERVER-MAIL Synacor Zimbra Collaboration Suite webmail classic stored cross-site scripting attempt
* 1:64982 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64983 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64984 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64985 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64986 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64987 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64988 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64991 <-> MALWARE-CNC Win.InfoStealer.Stealc variant outbound connection attempt
* 1:64994 <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt
* 1:64995 <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt
* 1:64996 <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt
* 3:65011 <-> FILE-PDF TRUFFLEHUNTER TALOS-2025-2202 attack attempt
* 3:65012 <-> FILE-PDF TRUFFLEHUNTER TALOS-2025-2202 attack attempt
* 3:65013 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2025-2193 attack attempt

Modified Rules:

* 1:50478 <-> MALWARE-TOOLS Win.Trojan.CoinMiner dropper transfer attempt
* 1:50479 <-> MALWARE-TOOLS Win.Trojan.CoinMiner dropper transfer attempt
* 1:64941 <-> SERVER-WEBAPP Yiiframework Yii 2 arbitrary PHP code injection attempt


2025-06-03 13:18:57 UTC

Snort Subscriber Rules Update

Date: 2025-06-02-002

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.7.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:301225 <-> MALWARE-OTHER Backdoor.VBS.Janicab.A download attempt
* 1:301226 <-> MALWARE-OTHER Trojan.Java.Jussuc.A download attempt
* 1:301227 <-> MALWARE-OTHER Backdoor.Java.Adwind.A download attempt
* 1:301228 <-> MALWARE-OTHER Worm.JS.Proslikefan.K download attempt
* 1:301229 <-> MALWARE-OTHER Trojan.Win32.Bancyn.o download attempt
* 1:301230 <-> FILE-OFFICE Microsoft Office Excel ddeService command execution attempt
* 1:301231 <-> MALWARE-OTHER Trojan.MacOS.Kitmos.A download attempt
* 1:301232 <-> MALWARE-OTHER Backdoor.Java.Icefog.A download attempt
* 1:301233 <-> MALWARE-OTHER Backdoor.Java.Adwind.C download attempt
* 1:301234 <-> MALWARE-OTHER Trojan.MacOS.LaoShu.A download attempt
* 1:301235 <-> MALWARE-OTHER Win.Loader.Stealc variant download attempt
* 1:301236 <-> MALWARE-OTHER Backdoor.PHP.Pbot.A download attempt
* 1:301237 <-> MALWARE-OTHER Trojan.Shell.Popkiomth.A download attempt
* 1:301238 <-> MALWARE-OTHER Worm.VBS.Iniduoh.B download attempt
* 1:301239 <-> MALWARE-OTHER Backdoor.Shell.Sharpstats.A download attempt
* 1:301240 <-> MALWARE-OTHER Trojan-Downloader.JS.Ofauthin.A download attempt
* 1:301241 <-> MALWARE-OTHER Trojan.Shell.Rennosmud.A download attempt
* 1:301242 <-> MALWARE-OTHER Trojan.Shell.Powerstats.A download attempt
* 1:301243 <-> MALWARE-OTHER Trojan.Win32.LockScreen.apr download attempt
* 1:64965 <-> SERVER-MAIL Synacor Zimbra Collaboration Suite webmail classic stored cross-site scripting attempt
* 1:64982 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64983 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64984 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64985 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64986 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64987 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64988 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64991 <-> MALWARE-CNC Win.InfoStealer.Stealc variant outbound connection attempt
* 1:64994 <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt
* 1:64995 <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt
* 1:64996 <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt
* 3:65011 <-> FILE-PDF TRUFFLEHUNTER TALOS-2025-2202 attack attempt
* 3:65012 <-> FILE-PDF TRUFFLEHUNTER TALOS-2025-2202 attack attempt
* 3:65013 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2025-2193 attack attempt

Modified Rules:

* 1:50478 <-> MALWARE-TOOLS Win.Trojan.CoinMiner dropper transfer attempt
* 1:50479 <-> MALWARE-TOOLS Win.Trojan.CoinMiner dropper transfer attempt
* 1:64941 <-> SERVER-WEBAPP Yiiframework Yii 2 arbitrary PHP code injection attempt


2025-06-03 13:18:57 UTC

Snort Subscriber Rules Update

Date: 2025-06-02-002

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.9.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:301225 <-> MALWARE-OTHER Backdoor.VBS.Janicab.A download attempt
* 1:301226 <-> MALWARE-OTHER Trojan.Java.Jussuc.A download attempt
* 1:301227 <-> MALWARE-OTHER Backdoor.Java.Adwind.A download attempt
* 1:301228 <-> MALWARE-OTHER Worm.JS.Proslikefan.K download attempt
* 1:301229 <-> MALWARE-OTHER Trojan.Win32.Bancyn.o download attempt
* 1:301230 <-> FILE-OFFICE Microsoft Office Excel ddeService command execution attempt
* 1:301231 <-> MALWARE-OTHER Trojan.MacOS.Kitmos.A download attempt
* 1:301232 <-> MALWARE-OTHER Backdoor.Java.Icefog.A download attempt
* 1:301233 <-> MALWARE-OTHER Backdoor.Java.Adwind.C download attempt
* 1:301234 <-> MALWARE-OTHER Trojan.MacOS.LaoShu.A download attempt
* 1:301235 <-> MALWARE-OTHER Win.Loader.Stealc variant download attempt
* 1:301236 <-> MALWARE-OTHER Backdoor.PHP.Pbot.A download attempt
* 1:301237 <-> MALWARE-OTHER Trojan.Shell.Popkiomth.A download attempt
* 1:301238 <-> MALWARE-OTHER Worm.VBS.Iniduoh.B download attempt
* 1:301239 <-> MALWARE-OTHER Backdoor.Shell.Sharpstats.A download attempt
* 1:301240 <-> MALWARE-OTHER Trojan-Downloader.JS.Ofauthin.A download attempt
* 1:301241 <-> MALWARE-OTHER Trojan.Shell.Rennosmud.A download attempt
* 1:301242 <-> MALWARE-OTHER Trojan.Shell.Powerstats.A download attempt
* 1:301243 <-> MALWARE-OTHER Trojan.Win32.LockScreen.apr download attempt
* 1:64965 <-> SERVER-MAIL Synacor Zimbra Collaboration Suite webmail classic stored cross-site scripting attempt
* 1:64982 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64983 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64984 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64985 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64986 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64987 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64988 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64991 <-> MALWARE-CNC Win.InfoStealer.Stealc variant outbound connection attempt
* 1:64994 <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt
* 1:64995 <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt
* 1:64996 <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt
* 3:65011 <-> FILE-PDF TRUFFLEHUNTER TALOS-2025-2202 attack attempt
* 3:65012 <-> FILE-PDF TRUFFLEHUNTER TALOS-2025-2202 attack attempt
* 3:65013 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2025-2193 attack attempt

Modified Rules:

* 1:50478 <-> MALWARE-TOOLS Win.Trojan.CoinMiner dropper transfer attempt
* 1:50479 <-> MALWARE-TOOLS Win.Trojan.CoinMiner dropper transfer attempt
* 1:64941 <-> SERVER-WEBAPP Yiiframework Yii 2 arbitrary PHP code injection attempt


2025-06-03 13:18:57 UTC

Snort Subscriber Rules Update

Date: 2025-06-02-002

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.2.0.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:301225 <-> MALWARE-OTHER Backdoor.VBS.Janicab.A download attempt
* 1:301226 <-> MALWARE-OTHER Trojan.Java.Jussuc.A download attempt
* 1:301227 <-> MALWARE-OTHER Backdoor.Java.Adwind.A download attempt
* 1:301228 <-> MALWARE-OTHER Worm.JS.Proslikefan.K download attempt
* 1:301229 <-> MALWARE-OTHER Trojan.Win32.Bancyn.o download attempt
* 1:301230 <-> FILE-OFFICE Microsoft Office Excel ddeService command execution attempt
* 1:301231 <-> MALWARE-OTHER Trojan.MacOS.Kitmos.A download attempt
* 1:301232 <-> MALWARE-OTHER Backdoor.Java.Icefog.A download attempt
* 1:301233 <-> MALWARE-OTHER Backdoor.Java.Adwind.C download attempt
* 1:301234 <-> MALWARE-OTHER Trojan.MacOS.LaoShu.A download attempt
* 1:301235 <-> MALWARE-OTHER Win.Loader.Stealc variant download attempt
* 1:301236 <-> MALWARE-OTHER Backdoor.PHP.Pbot.A download attempt
* 1:301237 <-> MALWARE-OTHER Trojan.Shell.Popkiomth.A download attempt
* 1:301238 <-> MALWARE-OTHER Worm.VBS.Iniduoh.B download attempt
* 1:301239 <-> MALWARE-OTHER Backdoor.Shell.Sharpstats.A download attempt
* 1:301240 <-> MALWARE-OTHER Trojan-Downloader.JS.Ofauthin.A download attempt
* 1:301241 <-> MALWARE-OTHER Trojan.Shell.Rennosmud.A download attempt
* 1:301242 <-> MALWARE-OTHER Trojan.Shell.Powerstats.A download attempt
* 1:301243 <-> MALWARE-OTHER Trojan.Win32.LockScreen.apr download attempt
* 1:64965 <-> SERVER-MAIL Synacor Zimbra Collaboration Suite webmail classic stored cross-site scripting attempt
* 1:64982 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64983 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64984 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64985 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64986 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64987 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64988 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64991 <-> MALWARE-CNC Win.InfoStealer.Stealc variant outbound connection attempt
* 1:64994 <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt
* 1:64995 <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt
* 1:64996 <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt
* 3:65011 <-> FILE-PDF TRUFFLEHUNTER TALOS-2025-2202 attack attempt
* 3:65012 <-> FILE-PDF TRUFFLEHUNTER TALOS-2025-2202 attack attempt
* 3:65013 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2025-2193 attack attempt

Modified Rules:

* 1:50478 <-> MALWARE-TOOLS Win.Trojan.CoinMiner dropper transfer attempt
* 1:50479 <-> MALWARE-TOOLS Win.Trojan.CoinMiner dropper transfer attempt
* 1:64941 <-> SERVER-WEBAPP Yiiframework Yii 2 arbitrary PHP code injection attempt


2025-06-03 13:18:57 UTC

Snort Subscriber Rules Update

Date: 2025-06-02-002

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.7.0.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:301225 <-> MALWARE-OTHER Backdoor.VBS.Janicab.A download attempt
* 1:301226 <-> MALWARE-OTHER Trojan.Java.Jussuc.A download attempt
* 1:301227 <-> MALWARE-OTHER Backdoor.Java.Adwind.A download attempt
* 1:301228 <-> MALWARE-OTHER Worm.JS.Proslikefan.K download attempt
* 1:301229 <-> MALWARE-OTHER Trojan.Win32.Bancyn.o download attempt
* 1:301230 <-> FILE-OFFICE Microsoft Office Excel ddeService command execution attempt
* 1:301231 <-> MALWARE-OTHER Trojan.MacOS.Kitmos.A download attempt
* 1:301232 <-> MALWARE-OTHER Backdoor.Java.Icefog.A download attempt
* 1:301233 <-> MALWARE-OTHER Backdoor.Java.Adwind.C download attempt
* 1:301234 <-> MALWARE-OTHER Trojan.MacOS.LaoShu.A download attempt
* 1:301235 <-> MALWARE-OTHER Win.Loader.Stealc variant download attempt
* 1:301236 <-> MALWARE-OTHER Backdoor.PHP.Pbot.A download attempt
* 1:301237 <-> MALWARE-OTHER Trojan.Shell.Popkiomth.A download attempt
* 1:301238 <-> MALWARE-OTHER Worm.VBS.Iniduoh.B download attempt
* 1:301239 <-> MALWARE-OTHER Backdoor.Shell.Sharpstats.A download attempt
* 1:301240 <-> MALWARE-OTHER Trojan-Downloader.JS.Ofauthin.A download attempt
* 1:301241 <-> MALWARE-OTHER Trojan.Shell.Rennosmud.A download attempt
* 1:301242 <-> MALWARE-OTHER Trojan.Shell.Powerstats.A download attempt
* 1:301243 <-> MALWARE-OTHER Trojan.Win32.LockScreen.apr download attempt
* 1:64965 <-> SERVER-MAIL Synacor Zimbra Collaboration Suite webmail classic stored cross-site scripting attempt
* 1:64982 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64983 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64984 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64985 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64986 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64987 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64988 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64991 <-> MALWARE-CNC Win.InfoStealer.Stealc variant outbound connection attempt
* 1:64994 <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt
* 1:64995 <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt
* 1:64996 <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt
* 3:65011 <-> FILE-PDF TRUFFLEHUNTER TALOS-2025-2202 attack attempt
* 3:65012 <-> FILE-PDF TRUFFLEHUNTER TALOS-2025-2202 attack attempt
* 3:65013 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2025-2193 attack attempt

Modified Rules:

* 1:50478 <-> MALWARE-TOOLS Win.Trojan.CoinMiner dropper transfer attempt
* 1:50479 <-> MALWARE-TOOLS Win.Trojan.CoinMiner dropper transfer attempt
* 1:64941 <-> SERVER-WEBAPP Yiiframework Yii 2 arbitrary PHP code injection attempt


2025-06-03 13:18:57 UTC

Snort Subscriber Rules Update

Date: 2025-06-02-002

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.11.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:301225 <-> MALWARE-OTHER Backdoor.VBS.Janicab.A download attempt
* 1:301226 <-> MALWARE-OTHER Trojan.Java.Jussuc.A download attempt
* 1:301227 <-> MALWARE-OTHER Backdoor.Java.Adwind.A download attempt
* 1:301228 <-> MALWARE-OTHER Worm.JS.Proslikefan.K download attempt
* 1:301229 <-> MALWARE-OTHER Trojan.Win32.Bancyn.o download attempt
* 1:301230 <-> FILE-OFFICE Microsoft Office Excel ddeService command execution attempt
* 1:301231 <-> MALWARE-OTHER Trojan.MacOS.Kitmos.A download attempt
* 1:301232 <-> MALWARE-OTHER Backdoor.Java.Icefog.A download attempt
* 1:301233 <-> MALWARE-OTHER Backdoor.Java.Adwind.C download attempt
* 1:301234 <-> MALWARE-OTHER Trojan.MacOS.LaoShu.A download attempt
* 1:301235 <-> MALWARE-OTHER Win.Loader.Stealc variant download attempt
* 1:301236 <-> MALWARE-OTHER Backdoor.PHP.Pbot.A download attempt
* 1:301237 <-> MALWARE-OTHER Trojan.Shell.Popkiomth.A download attempt
* 1:301238 <-> MALWARE-OTHER Worm.VBS.Iniduoh.B download attempt
* 1:301239 <-> MALWARE-OTHER Backdoor.Shell.Sharpstats.A download attempt
* 1:301240 <-> MALWARE-OTHER Trojan-Downloader.JS.Ofauthin.A download attempt
* 1:301241 <-> MALWARE-OTHER Trojan.Shell.Rennosmud.A download attempt
* 1:301242 <-> MALWARE-OTHER Trojan.Shell.Powerstats.A download attempt
* 1:301243 <-> MALWARE-OTHER Trojan.Win32.LockScreen.apr download attempt
* 1:64965 <-> SERVER-MAIL Synacor Zimbra Collaboration Suite webmail classic stored cross-site scripting attempt
* 1:64982 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64983 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64984 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64985 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64986 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64987 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64988 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64991 <-> MALWARE-CNC Win.InfoStealer.Stealc variant outbound connection attempt
* 1:64994 <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt
* 1:64995 <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt
* 1:64996 <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt
* 3:65011 <-> FILE-PDF TRUFFLEHUNTER TALOS-2025-2202 attack attempt
* 3:65012 <-> FILE-PDF TRUFFLEHUNTER TALOS-2025-2202 attack attempt
* 3:65013 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2025-2193 attack attempt

Modified Rules:

* 1:50478 <-> MALWARE-TOOLS Win.Trojan.CoinMiner dropper transfer attempt
* 1:50479 <-> MALWARE-TOOLS Win.Trojan.CoinMiner dropper transfer attempt
* 1:64941 <-> SERVER-WEBAPP Yiiframework Yii 2 arbitrary PHP code injection attempt


2025-06-03 13:18:57 UTC

Snort Subscriber Rules Update

Date: 2025-06-02-002

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.15.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:301225 <-> MALWARE-OTHER Backdoor.VBS.Janicab.A download attempt
* 1:301226 <-> MALWARE-OTHER Trojan.Java.Jussuc.A download attempt
* 1:301227 <-> MALWARE-OTHER Backdoor.Java.Adwind.A download attempt
* 1:301228 <-> MALWARE-OTHER Worm.JS.Proslikefan.K download attempt
* 1:301229 <-> MALWARE-OTHER Trojan.Win32.Bancyn.o download attempt
* 1:301230 <-> FILE-OFFICE Microsoft Office Excel ddeService command execution attempt
* 1:301231 <-> MALWARE-OTHER Trojan.MacOS.Kitmos.A download attempt
* 1:301232 <-> MALWARE-OTHER Backdoor.Java.Icefog.A download attempt
* 1:301233 <-> MALWARE-OTHER Backdoor.Java.Adwind.C download attempt
* 1:301234 <-> MALWARE-OTHER Trojan.MacOS.LaoShu.A download attempt
* 1:301235 <-> MALWARE-OTHER Win.Loader.Stealc variant download attempt
* 1:301236 <-> MALWARE-OTHER Backdoor.PHP.Pbot.A download attempt
* 1:301237 <-> MALWARE-OTHER Trojan.Shell.Popkiomth.A download attempt
* 1:301238 <-> MALWARE-OTHER Worm.VBS.Iniduoh.B download attempt
* 1:301239 <-> MALWARE-OTHER Backdoor.Shell.Sharpstats.A download attempt
* 1:301240 <-> MALWARE-OTHER Trojan-Downloader.JS.Ofauthin.A download attempt
* 1:301241 <-> MALWARE-OTHER Trojan.Shell.Rennosmud.A download attempt
* 1:301242 <-> MALWARE-OTHER Trojan.Shell.Powerstats.A download attempt
* 1:301243 <-> MALWARE-OTHER Trojan.Win32.LockScreen.apr download attempt
* 1:64965 <-> SERVER-MAIL Synacor Zimbra Collaboration Suite webmail classic stored cross-site scripting attempt
* 1:64982 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64983 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64984 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64985 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64986 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64987 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64988 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64991 <-> MALWARE-CNC Win.InfoStealer.Stealc variant outbound connection attempt
* 1:64994 <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt
* 1:64995 <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt
* 1:64996 <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt
* 3:65011 <-> FILE-PDF TRUFFLEHUNTER TALOS-2025-2202 attack attempt
* 3:65012 <-> FILE-PDF TRUFFLEHUNTER TALOS-2025-2202 attack attempt
* 3:65013 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2025-2193 attack attempt

Modified Rules:

* 1:50478 <-> MALWARE-TOOLS Win.Trojan.CoinMiner dropper transfer attempt
* 1:50479 <-> MALWARE-TOOLS Win.Trojan.CoinMiner dropper transfer attempt
* 1:64941 <-> SERVER-WEBAPP Yiiframework Yii 2 arbitrary PHP code injection attempt


2025-06-03 13:18:57 UTC

Snort Subscriber Rules Update

Date: 2025-06-02-002

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.18.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:301225 <-> MALWARE-OTHER Backdoor.VBS.Janicab.A download attempt
* 1:301226 <-> MALWARE-OTHER Trojan.Java.Jussuc.A download attempt
* 1:301227 <-> MALWARE-OTHER Backdoor.Java.Adwind.A download attempt
* 1:301228 <-> MALWARE-OTHER Worm.JS.Proslikefan.K download attempt
* 1:301229 <-> MALWARE-OTHER Trojan.Win32.Bancyn.o download attempt
* 1:301230 <-> FILE-OFFICE Microsoft Office Excel ddeService command execution attempt
* 1:301231 <-> MALWARE-OTHER Trojan.MacOS.Kitmos.A download attempt
* 1:301232 <-> MALWARE-OTHER Backdoor.Java.Icefog.A download attempt
* 1:301233 <-> MALWARE-OTHER Backdoor.Java.Adwind.C download attempt
* 1:301234 <-> MALWARE-OTHER Trojan.MacOS.LaoShu.A download attempt
* 1:301235 <-> MALWARE-OTHER Win.Loader.Stealc variant download attempt
* 1:301236 <-> MALWARE-OTHER Backdoor.PHP.Pbot.A download attempt
* 1:301237 <-> MALWARE-OTHER Trojan.Shell.Popkiomth.A download attempt
* 1:301238 <-> MALWARE-OTHER Worm.VBS.Iniduoh.B download attempt
* 1:301239 <-> MALWARE-OTHER Backdoor.Shell.Sharpstats.A download attempt
* 1:301240 <-> MALWARE-OTHER Trojan-Downloader.JS.Ofauthin.A download attempt
* 1:301241 <-> MALWARE-OTHER Trojan.Shell.Rennosmud.A download attempt
* 1:301242 <-> MALWARE-OTHER Trojan.Shell.Powerstats.A download attempt
* 1:301243 <-> MALWARE-OTHER Trojan.Win32.LockScreen.apr download attempt
* 1:64965 <-> SERVER-MAIL Synacor Zimbra Collaboration Suite webmail classic stored cross-site scripting attempt
* 1:64982 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64983 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64984 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64985 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64986 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64987 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64988 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64991 <-> MALWARE-CNC Win.InfoStealer.Stealc variant outbound connection attempt
* 1:64994 <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt
* 1:64995 <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt
* 1:64996 <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt
* 3:65011 <-> FILE-PDF TRUFFLEHUNTER TALOS-2025-2202 attack attempt
* 3:65012 <-> FILE-PDF TRUFFLEHUNTER TALOS-2025-2202 attack attempt
* 3:65013 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2025-2193 attack attempt

Modified Rules:

* 1:50478 <-> MALWARE-TOOLS Win.Trojan.CoinMiner dropper transfer attempt
* 1:50479 <-> MALWARE-TOOLS Win.Trojan.CoinMiner dropper transfer attempt
* 1:64941 <-> SERVER-WEBAPP Yiiframework Yii 2 arbitrary PHP code injection attempt


2025-06-03 13:18:57 UTC

Snort Subscriber Rules Update

Date: 2025-06-02-002

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.20.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:301225 <-> MALWARE-OTHER Backdoor.VBS.Janicab.A download attempt
* 1:301226 <-> MALWARE-OTHER Trojan.Java.Jussuc.A download attempt
* 1:301227 <-> MALWARE-OTHER Backdoor.Java.Adwind.A download attempt
* 1:301228 <-> MALWARE-OTHER Worm.JS.Proslikefan.K download attempt
* 1:301229 <-> MALWARE-OTHER Trojan.Win32.Bancyn.o download attempt
* 1:301230 <-> FILE-OFFICE Microsoft Office Excel ddeService command execution attempt
* 1:301231 <-> MALWARE-OTHER Trojan.MacOS.Kitmos.A download attempt
* 1:301232 <-> MALWARE-OTHER Backdoor.Java.Icefog.A download attempt
* 1:301233 <-> MALWARE-OTHER Backdoor.Java.Adwind.C download attempt
* 1:301234 <-> MALWARE-OTHER Trojan.MacOS.LaoShu.A download attempt
* 1:301235 <-> MALWARE-OTHER Win.Loader.Stealc variant download attempt
* 1:301236 <-> MALWARE-OTHER Backdoor.PHP.Pbot.A download attempt
* 1:301237 <-> MALWARE-OTHER Trojan.Shell.Popkiomth.A download attempt
* 1:301238 <-> MALWARE-OTHER Worm.VBS.Iniduoh.B download attempt
* 1:301239 <-> MALWARE-OTHER Backdoor.Shell.Sharpstats.A download attempt
* 1:301240 <-> MALWARE-OTHER Trojan-Downloader.JS.Ofauthin.A download attempt
* 1:301241 <-> MALWARE-OTHER Trojan.Shell.Rennosmud.A download attempt
* 1:301242 <-> MALWARE-OTHER Trojan.Shell.Powerstats.A download attempt
* 1:301243 <-> MALWARE-OTHER Trojan.Win32.LockScreen.apr download attempt
* 1:64965 <-> SERVER-MAIL Synacor Zimbra Collaboration Suite webmail classic stored cross-site scripting attempt
* 1:64982 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64983 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64984 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64985 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64986 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64987 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64988 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64991 <-> MALWARE-CNC Win.InfoStealer.Stealc variant outbound connection attempt
* 1:64994 <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt
* 1:64995 <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt
* 1:64996 <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt
* 3:65011 <-> FILE-PDF TRUFFLEHUNTER TALOS-2025-2202 attack attempt
* 3:65012 <-> FILE-PDF TRUFFLEHUNTER TALOS-2025-2202 attack attempt
* 3:65013 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2025-2193 attack attempt

Modified Rules:

* 1:50478 <-> MALWARE-TOOLS Win.Trojan.CoinMiner dropper transfer attempt
* 1:50479 <-> MALWARE-TOOLS Win.Trojan.CoinMiner dropper transfer attempt
* 1:64941 <-> SERVER-WEBAPP Yiiframework Yii 2 arbitrary PHP code injection attempt


2025-06-03 13:18:57 UTC

Snort Subscriber Rules Update

Date: 2025-06-02-002

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.21.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:301225 <-> MALWARE-OTHER Backdoor.VBS.Janicab.A download attempt
* 1:301226 <-> MALWARE-OTHER Trojan.Java.Jussuc.A download attempt
* 1:301227 <-> MALWARE-OTHER Backdoor.Java.Adwind.A download attempt
* 1:301228 <-> MALWARE-OTHER Worm.JS.Proslikefan.K download attempt
* 1:301229 <-> MALWARE-OTHER Trojan.Win32.Bancyn.o download attempt
* 1:301230 <-> FILE-OFFICE Microsoft Office Excel ddeService command execution attempt
* 1:301231 <-> MALWARE-OTHER Trojan.MacOS.Kitmos.A download attempt
* 1:301232 <-> MALWARE-OTHER Backdoor.Java.Icefog.A download attempt
* 1:301233 <-> MALWARE-OTHER Backdoor.Java.Adwind.C download attempt
* 1:301234 <-> MALWARE-OTHER Trojan.MacOS.LaoShu.A download attempt
* 1:301235 <-> MALWARE-OTHER Win.Loader.Stealc variant download attempt
* 1:301236 <-> MALWARE-OTHER Backdoor.PHP.Pbot.A download attempt
* 1:301237 <-> MALWARE-OTHER Trojan.Shell.Popkiomth.A download attempt
* 1:301238 <-> MALWARE-OTHER Worm.VBS.Iniduoh.B download attempt
* 1:301239 <-> MALWARE-OTHER Backdoor.Shell.Sharpstats.A download attempt
* 1:301240 <-> MALWARE-OTHER Trojan-Downloader.JS.Ofauthin.A download attempt
* 1:301241 <-> MALWARE-OTHER Trojan.Shell.Rennosmud.A download attempt
* 1:301242 <-> MALWARE-OTHER Trojan.Shell.Powerstats.A download attempt
* 1:301243 <-> MALWARE-OTHER Trojan.Win32.LockScreen.apr download attempt
* 1:64965 <-> SERVER-MAIL Synacor Zimbra Collaboration Suite webmail classic stored cross-site scripting attempt
* 1:64982 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64983 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64984 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64985 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64986 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64987 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64988 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64991 <-> MALWARE-CNC Win.InfoStealer.Stealc variant outbound connection attempt
* 1:64994 <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt
* 1:64995 <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt
* 1:64996 <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt
* 3:65011 <-> FILE-PDF TRUFFLEHUNTER TALOS-2025-2202 attack attempt
* 3:65012 <-> FILE-PDF TRUFFLEHUNTER TALOS-2025-2202 attack attempt
* 3:65013 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2025-2193 attack attempt

Modified Rules:

* 1:50478 <-> MALWARE-TOOLS Win.Trojan.CoinMiner dropper transfer attempt
* 1:50479 <-> MALWARE-TOOLS Win.Trojan.CoinMiner dropper transfer attempt
* 1:64941 <-> SERVER-WEBAPP Yiiframework Yii 2 arbitrary PHP code injection attempt


2025-06-03 13:18:57 UTC

Snort Subscriber Rules Update

Date: 2025-06-02-002

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.35.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:301225 <-> MALWARE-OTHER Backdoor.VBS.Janicab.A download attempt
* 1:301226 <-> MALWARE-OTHER Trojan.Java.Jussuc.A download attempt
* 1:301227 <-> MALWARE-OTHER Backdoor.Java.Adwind.A download attempt
* 1:301228 <-> MALWARE-OTHER Worm.JS.Proslikefan.K download attempt
* 1:301229 <-> MALWARE-OTHER Trojan.Win32.Bancyn.o download attempt
* 1:301230 <-> FILE-OFFICE Microsoft Office Excel ddeService command execution attempt
* 1:301231 <-> MALWARE-OTHER Trojan.MacOS.Kitmos.A download attempt
* 1:301232 <-> MALWARE-OTHER Backdoor.Java.Icefog.A download attempt
* 1:301233 <-> MALWARE-OTHER Backdoor.Java.Adwind.C download attempt
* 1:301234 <-> MALWARE-OTHER Trojan.MacOS.LaoShu.A download attempt
* 1:301235 <-> MALWARE-OTHER Win.Loader.Stealc variant download attempt
* 1:301236 <-> MALWARE-OTHER Backdoor.PHP.Pbot.A download attempt
* 1:301237 <-> MALWARE-OTHER Trojan.Shell.Popkiomth.A download attempt
* 1:301238 <-> MALWARE-OTHER Worm.VBS.Iniduoh.B download attempt
* 1:301239 <-> MALWARE-OTHER Backdoor.Shell.Sharpstats.A download attempt
* 1:301240 <-> MALWARE-OTHER Trojan-Downloader.JS.Ofauthin.A download attempt
* 1:301241 <-> MALWARE-OTHER Trojan.Shell.Rennosmud.A download attempt
* 1:301242 <-> MALWARE-OTHER Trojan.Shell.Powerstats.A download attempt
* 1:301243 <-> MALWARE-OTHER Trojan.Win32.LockScreen.apr download attempt
* 1:64965 <-> SERVER-MAIL Synacor Zimbra Collaboration Suite webmail classic stored cross-site scripting attempt
* 1:64982 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64983 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64984 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64985 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64986 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64987 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64988 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64991 <-> MALWARE-CNC Win.InfoStealer.Stealc variant outbound connection attempt
* 1:64994 <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt
* 1:64995 <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt
* 1:64996 <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt
* 3:65011 <-> FILE-PDF TRUFFLEHUNTER TALOS-2025-2202 attack attempt
* 3:65012 <-> FILE-PDF TRUFFLEHUNTER TALOS-2025-2202 attack attempt
* 3:65013 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2025-2193 attack attempt

Modified Rules:

* 1:50478 <-> MALWARE-TOOLS Win.Trojan.CoinMiner dropper transfer attempt
* 1:50479 <-> MALWARE-TOOLS Win.Trojan.CoinMiner dropper transfer attempt
* 1:64941 <-> SERVER-WEBAPP Yiiframework Yii 2 arbitrary PHP code injection attempt


2025-06-03 13:18:57 UTC

Snort Subscriber Rules Update

Date: 2025-06-02-002

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.44.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:301225 <-> MALWARE-OTHER Backdoor.VBS.Janicab.A download attempt
* 1:301226 <-> MALWARE-OTHER Trojan.Java.Jussuc.A download attempt
* 1:301227 <-> MALWARE-OTHER Backdoor.Java.Adwind.A download attempt
* 1:301228 <-> MALWARE-OTHER Worm.JS.Proslikefan.K download attempt
* 1:301229 <-> MALWARE-OTHER Trojan.Win32.Bancyn.o download attempt
* 1:301230 <-> FILE-OFFICE Microsoft Office Excel ddeService command execution attempt
* 1:301231 <-> MALWARE-OTHER Trojan.MacOS.Kitmos.A download attempt
* 1:301232 <-> MALWARE-OTHER Backdoor.Java.Icefog.A download attempt
* 1:301233 <-> MALWARE-OTHER Backdoor.Java.Adwind.C download attempt
* 1:301234 <-> MALWARE-OTHER Trojan.MacOS.LaoShu.A download attempt
* 1:301235 <-> MALWARE-OTHER Win.Loader.Stealc variant download attempt
* 1:301236 <-> MALWARE-OTHER Backdoor.PHP.Pbot.A download attempt
* 1:301237 <-> MALWARE-OTHER Trojan.Shell.Popkiomth.A download attempt
* 1:301238 <-> MALWARE-OTHER Worm.VBS.Iniduoh.B download attempt
* 1:301239 <-> MALWARE-OTHER Backdoor.Shell.Sharpstats.A download attempt
* 1:301240 <-> MALWARE-OTHER Trojan-Downloader.JS.Ofauthin.A download attempt
* 1:301241 <-> MALWARE-OTHER Trojan.Shell.Rennosmud.A download attempt
* 1:301242 <-> MALWARE-OTHER Trojan.Shell.Powerstats.A download attempt
* 1:301243 <-> MALWARE-OTHER Trojan.Win32.LockScreen.apr download attempt
* 1:64965 <-> SERVER-MAIL Synacor Zimbra Collaboration Suite webmail classic stored cross-site scripting attempt
* 1:64982 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64983 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64984 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64985 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64986 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64987 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64988 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64991 <-> MALWARE-CNC Win.InfoStealer.Stealc variant outbound connection attempt
* 1:64994 <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt
* 1:64995 <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt
* 1:64996 <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt
* 3:65011 <-> FILE-PDF TRUFFLEHUNTER TALOS-2025-2202 attack attempt
* 3:65012 <-> FILE-PDF TRUFFLEHUNTER TALOS-2025-2202 attack attempt
* 3:65013 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2025-2193 attack attempt

Modified Rules:

* 1:50478 <-> MALWARE-TOOLS Win.Trojan.CoinMiner dropper transfer attempt
* 1:50479 <-> MALWARE-TOOLS Win.Trojan.CoinMiner dropper transfer attempt
* 1:64941 <-> SERVER-WEBAPP Yiiframework Yii 2 arbitrary PHP code injection attempt


2025-06-03 13:18:57 UTC

Snort Subscriber Rules Update

Date: 2025-06-02-002

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.47.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:301225 <-> MALWARE-OTHER Backdoor.VBS.Janicab.A download attempt
* 1:301226 <-> MALWARE-OTHER Trojan.Java.Jussuc.A download attempt
* 1:301227 <-> MALWARE-OTHER Backdoor.Java.Adwind.A download attempt
* 1:301228 <-> MALWARE-OTHER Worm.JS.Proslikefan.K download attempt
* 1:301229 <-> MALWARE-OTHER Trojan.Win32.Bancyn.o download attempt
* 1:301230 <-> FILE-OFFICE Microsoft Office Excel ddeService command execution attempt
* 1:301231 <-> MALWARE-OTHER Trojan.MacOS.Kitmos.A download attempt
* 1:301232 <-> MALWARE-OTHER Backdoor.Java.Icefog.A download attempt
* 1:301233 <-> MALWARE-OTHER Backdoor.Java.Adwind.C download attempt
* 1:301234 <-> MALWARE-OTHER Trojan.MacOS.LaoShu.A download attempt
* 1:301235 <-> MALWARE-OTHER Win.Loader.Stealc variant download attempt
* 1:301236 <-> MALWARE-OTHER Backdoor.PHP.Pbot.A download attempt
* 1:301237 <-> MALWARE-OTHER Trojan.Shell.Popkiomth.A download attempt
* 1:301238 <-> MALWARE-OTHER Worm.VBS.Iniduoh.B download attempt
* 1:301239 <-> MALWARE-OTHER Backdoor.Shell.Sharpstats.A download attempt
* 1:301240 <-> MALWARE-OTHER Trojan-Downloader.JS.Ofauthin.A download attempt
* 1:301241 <-> MALWARE-OTHER Trojan.Shell.Rennosmud.A download attempt
* 1:301242 <-> MALWARE-OTHER Trojan.Shell.Powerstats.A download attempt
* 1:301243 <-> MALWARE-OTHER Trojan.Win32.LockScreen.apr download attempt
* 1:64965 <-> SERVER-MAIL Synacor Zimbra Collaboration Suite webmail classic stored cross-site scripting attempt
* 1:64982 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64983 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64984 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64985 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64986 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64987 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64988 <-> MALWARE-CNC Win.InfoStealer.Vidar variant outbound connection attempt
* 1:64991 <-> MALWARE-CNC Win.InfoStealer.Stealc variant outbound connection attempt
* 1:64994 <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt
* 1:64995 <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt
* 1:64996 <-> MALWARE-CNC Win.Trojan.BPFDoor variant inbound connection attempt
* 3:65011 <-> FILE-PDF TRUFFLEHUNTER TALOS-2025-2202 attack attempt
* 3:65012 <-> FILE-PDF TRUFFLEHUNTER TALOS-2025-2202 attack attempt
* 3:65013 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2025-2193 attack attempt

Modified Rules:

* 1:50478 <-> MALWARE-TOOLS Win.Trojan.CoinMiner dropper transfer attempt
* 1:50479 <-> MALWARE-TOOLS Win.Trojan.CoinMiner dropper transfer attempt
* 1:64941 <-> SERVER-WEBAPP Yiiframework Yii 2 arbitrary PHP code injection attempt