©2026 Cisco and/or its affiliates. Snort, the Snort and Pig logo are registered trademarks of Cisco. All rights reserved.
Talos has added and modified multiple rules in the malware-cnc, malware-other and server-webapp rule sets to provide coverage for emerging threats from these technologies.
For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2092000.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:66210 <-> DISABLED <-> SERVER-WEBAPP Zyxel ATP command injection attempt (server-webapp.rules) * 1:66211 <-> DISABLED <-> SERVER-WEBAPP Zyxel ATP command injection attempt (server-webapp.rules) * 1:66212 <-> DISABLED <-> SERVER-WEBAPP Zyxel ATP command injection attempt (server-webapp.rules) * 1:66213 <-> DISABLED <-> SERVER-WEBAPP Zyxel ATP command injection attempt (server-webapp.rules) * 1:66214 <-> DISABLED <-> SERVER-WEBAPP Laravel Livewire insecure deserialization attempt (server-webapp.rules) * 1:66215 <-> DISABLED <-> MALWARE-TOOLS Js.Exploit.DarkSword variant download attempt (malware-tools.rules) * 1:66216 <-> DISABLED <-> MALWARE-TOOLS Js.Exploit.DarkSword variant download attempt (malware-tools.rules) * 1:66218 <-> DISABLED <-> MALWARE-CNC Multios.Trojan.SILKBELL variant communication (malware-cnc.rules) * 1:66219 <-> DISABLED <-> MALWARE-CNC Multios.Trojan.WAVESHAPER variant communication (malware-cnc.rules) * 1:66220 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Agent download attempt (malware-other.rules) * 1:66221 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Agent download attempt (malware-other.rules) * 1:66222 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant CNC outbound connection (malware-cnc.rules) * 1:66223 <-> ENABLED <-> SERVER-WEBAPP Progress ShareFile authentication bypass attempt (server-webapp.rules) * 1:66224 <-> ENABLED <-> MALWARE-CNC Py.Trojan.TPCPSTEAL variant communication (malware-cnc.rules) * 1:66225 <-> ENABLED <-> MALWARE-CNC Py.Trojan.TPCPSTEAL variant communication (malware-cnc.rules) * 3:66217 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2026-2327 attack attempt (server-webapp.rules)
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2091801.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:66211 <-> DISABLED <-> SERVER-WEBAPP Zyxel ATP command injection attempt (server-webapp.rules) * 1:66224 <-> ENABLED <-> MALWARE-CNC Py.Trojan.TPCPSTEAL variant communication (malware-cnc.rules) * 1:66222 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant CNC outbound connection (malware-cnc.rules) * 1:66221 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Agent download attempt (malware-other.rules) * 1:66212 <-> DISABLED <-> SERVER-WEBAPP Zyxel ATP command injection attempt (server-webapp.rules) * 1:66213 <-> DISABLED <-> SERVER-WEBAPP Zyxel ATP command injection attempt (server-webapp.rules) * 1:66214 <-> DISABLED <-> SERVER-WEBAPP Laravel Livewire insecure deserialization attempt (server-webapp.rules) * 1:66215 <-> DISABLED <-> MALWARE-TOOLS Js.Exploit.DarkSword variant download attempt (malware-tools.rules) * 1:66216 <-> DISABLED <-> MALWARE-TOOLS Js.Exploit.DarkSword variant download attempt (malware-tools.rules) * 1:66218 <-> DISABLED <-> MALWARE-CNC Multios.Trojan.SILKBELL variant communication (malware-cnc.rules) * 1:66219 <-> DISABLED <-> MALWARE-CNC Multios.Trojan.WAVESHAPER variant communication (malware-cnc.rules) * 1:66223 <-> ENABLED <-> SERVER-WEBAPP Progress ShareFile authentication bypass attempt (server-webapp.rules) * 1:66225 <-> ENABLED <-> MALWARE-CNC Py.Trojan.TPCPSTEAL variant communication (malware-cnc.rules) * 1:66210 <-> DISABLED <-> SERVER-WEBAPP Zyxel ATP command injection attempt (server-webapp.rules) * 1:66220 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Agent download attempt (malware-other.rules) * 3:66217 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2026-2327 attack attempt (server-webapp.rules)
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2091701.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:66210 <-> DISABLED <-> SERVER-WEBAPP Zyxel ATP command injection attempt (server-webapp.rules) * 1:66225 <-> ENABLED <-> MALWARE-CNC Py.Trojan.TPCPSTEAL variant communication (malware-cnc.rules) * 1:66214 <-> DISABLED <-> SERVER-WEBAPP Laravel Livewire insecure deserialization attempt (server-webapp.rules) * 1:66213 <-> DISABLED <-> SERVER-WEBAPP Zyxel ATP command injection attempt (server-webapp.rules) * 1:66215 <-> DISABLED <-> MALWARE-TOOLS Js.Exploit.DarkSword variant download attempt (malware-tools.rules) * 1:66211 <-> DISABLED <-> SERVER-WEBAPP Zyxel ATP command injection attempt (server-webapp.rules) * 1:66212 <-> DISABLED <-> SERVER-WEBAPP Zyxel ATP command injection attempt (server-webapp.rules) * 1:66216 <-> DISABLED <-> MALWARE-TOOLS Js.Exploit.DarkSword variant download attempt (malware-tools.rules) * 1:66219 <-> DISABLED <-> MALWARE-CNC Multios.Trojan.WAVESHAPER variant communication (malware-cnc.rules) * 1:66218 <-> DISABLED <-> MALWARE-CNC Multios.Trojan.SILKBELL variant communication (malware-cnc.rules) * 1:66221 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Agent download attempt (malware-other.rules) * 1:66220 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Agent download attempt (malware-other.rules) * 1:66223 <-> ENABLED <-> SERVER-WEBAPP Progress ShareFile authentication bypass attempt (server-webapp.rules) * 1:66222 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant CNC outbound connection (malware-cnc.rules) * 1:66224 <-> ENABLED <-> MALWARE-CNC Py.Trojan.TPCPSTEAL variant communication (malware-cnc.rules) * 3:66217 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2026-2327 attack attempt (server-webapp.rules)
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.2.0.0.
The format of the file is:
gid:sid <-> Message
* 1:301464 <-> MALWARE-TOOLS Js.Exploit.DarkSword variant download attempt * 1:301465 <-> MALWARE-OTHER Win.Dropper.Agent download attempt * 1:66210 <-> SERVER-WEBAPP Zyxel ATP command injection attempt * 1:66211 <-> SERVER-WEBAPP Zyxel ATP command injection attempt * 1:66212 <-> SERVER-WEBAPP Zyxel ATP command injection attempt * 1:66213 <-> SERVER-WEBAPP Zyxel ATP command injection attempt * 1:66214 <-> SERVER-WEBAPP Laravel Livewire insecure deserialization attempt * 1:66218 <-> MALWARE-CNC Multios.Trojan.SILKBELL variant communication * 1:66219 <-> MALWARE-CNC Multios.Trojan.WAVESHAPER variant communication * 1:66222 <-> MALWARE-CNC Win.Trojan.Agent variant CNC outbound connection * 1:66223 <-> SERVER-WEBAPP Progress ShareFile authentication bypass attempt * 1:66224 <-> MALWARE-CNC Py.Trojan.TPCPSTEAL variant communication * 1:66225 <-> MALWARE-CNC Py.Trojan.TPCPSTEAL variant communication * 3:66217 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2026-2327 attack attempt
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.3.5.1.
The format of the file is:
gid:sid <-> Message
* 1:301464 <-> MALWARE-TOOLS Js.Exploit.DarkSword variant download attempt * 1:301465 <-> MALWARE-OTHER Win.Dropper.Agent download attempt * 1:66210 <-> SERVER-WEBAPP Zyxel ATP command injection attempt * 1:66211 <-> SERVER-WEBAPP Zyxel ATP command injection attempt * 1:66212 <-> SERVER-WEBAPP Zyxel ATP command injection attempt * 1:66213 <-> SERVER-WEBAPP Zyxel ATP command injection attempt * 1:66214 <-> SERVER-WEBAPP Laravel Livewire insecure deserialization attempt * 1:66218 <-> MALWARE-CNC Multios.Trojan.SILKBELL variant communication * 1:66219 <-> MALWARE-CNC Multios.Trojan.WAVESHAPER variant communication * 1:66222 <-> MALWARE-CNC Win.Trojan.Agent variant CNC outbound connection * 1:66223 <-> SERVER-WEBAPP Progress ShareFile authentication bypass attempt * 1:66224 <-> MALWARE-CNC Py.Trojan.TPCPSTEAL variant communication * 1:66225 <-> MALWARE-CNC Py.Trojan.TPCPSTEAL variant communication * 3:66217 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2026-2327 attack attempt
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.3.6.0.
The format of the file is:
gid:sid <-> Message
* 1:301464 <-> MALWARE-TOOLS Js.Exploit.DarkSword variant download attempt * 1:301465 <-> MALWARE-OTHER Win.Dropper.Agent download attempt * 1:66210 <-> SERVER-WEBAPP Zyxel ATP command injection attempt * 1:66211 <-> SERVER-WEBAPP Zyxel ATP command injection attempt * 1:66212 <-> SERVER-WEBAPP Zyxel ATP command injection attempt * 1:66213 <-> SERVER-WEBAPP Zyxel ATP command injection attempt * 1:66214 <-> SERVER-WEBAPP Laravel Livewire insecure deserialization attempt * 1:66218 <-> MALWARE-CNC Multios.Trojan.SILKBELL variant communication * 1:66219 <-> MALWARE-CNC Multios.Trojan.WAVESHAPER variant communication * 1:66222 <-> MALWARE-CNC Win.Trojan.Agent variant CNC outbound connection * 1:66223 <-> SERVER-WEBAPP Progress ShareFile authentication bypass attempt * 1:66224 <-> MALWARE-CNC Py.Trojan.TPCPSTEAL variant communication * 1:66225 <-> MALWARE-CNC Py.Trojan.TPCPSTEAL variant communication * 3:66217 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2026-2327 attack attempt
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.3.7.0.
The format of the file is:
gid:sid <-> Message
* 1:301464 <-> MALWARE-TOOLS Js.Exploit.DarkSword variant download attempt * 1:301465 <-> MALWARE-OTHER Win.Dropper.Agent download attempt * 1:66210 <-> SERVER-WEBAPP Zyxel ATP command injection attempt * 1:66211 <-> SERVER-WEBAPP Zyxel ATP command injection attempt * 1:66212 <-> SERVER-WEBAPP Zyxel ATP command injection attempt * 1:66213 <-> SERVER-WEBAPP Zyxel ATP command injection attempt * 1:66214 <-> SERVER-WEBAPP Laravel Livewire insecure deserialization attempt * 1:66218 <-> MALWARE-CNC Multios.Trojan.SILKBELL variant communication * 1:66219 <-> MALWARE-CNC Multios.Trojan.WAVESHAPER variant communication * 1:66222 <-> MALWARE-CNC Win.Trojan.Agent variant CNC outbound connection * 1:66223 <-> SERVER-WEBAPP Progress ShareFile authentication bypass attempt * 1:66224 <-> MALWARE-CNC Py.Trojan.TPCPSTEAL variant communication * 1:66225 <-> MALWARE-CNC Py.Trojan.TPCPSTEAL variant communication * 3:66217 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2026-2327 attack attempt
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.7.0.0.
The format of the file is:
gid:sid <-> Message
* 1:301464 <-> MALWARE-TOOLS Js.Exploit.DarkSword variant download attempt * 1:301465 <-> MALWARE-OTHER Win.Dropper.Agent download attempt * 1:66210 <-> SERVER-WEBAPP Zyxel ATP command injection attempt * 1:66211 <-> SERVER-WEBAPP Zyxel ATP command injection attempt * 1:66212 <-> SERVER-WEBAPP Zyxel ATP command injection attempt * 1:66213 <-> SERVER-WEBAPP Zyxel ATP command injection attempt * 1:66214 <-> SERVER-WEBAPP Laravel Livewire insecure deserialization attempt * 1:66218 <-> MALWARE-CNC Multios.Trojan.SILKBELL variant communication * 1:66219 <-> MALWARE-CNC Multios.Trojan.WAVESHAPER variant communication * 1:66222 <-> MALWARE-CNC Win.Trojan.Agent variant CNC outbound connection * 1:66223 <-> SERVER-WEBAPP Progress ShareFile authentication bypass attempt * 1:66224 <-> MALWARE-CNC Py.Trojan.TPCPSTEAL variant communication * 1:66225 <-> MALWARE-CNC Py.Trojan.TPCPSTEAL variant communication * 3:66217 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2026-2327 attack attempt
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.9.0.0.
The format of the file is:
gid:sid <-> Message
* 1:301464 <-> MALWARE-TOOLS Js.Exploit.DarkSword variant download attempt * 1:301465 <-> MALWARE-OTHER Win.Dropper.Agent download attempt * 1:66210 <-> SERVER-WEBAPP Zyxel ATP command injection attempt * 1:66211 <-> SERVER-WEBAPP Zyxel ATP command injection attempt * 1:66212 <-> SERVER-WEBAPP Zyxel ATP command injection attempt * 1:66213 <-> SERVER-WEBAPP Zyxel ATP command injection attempt * 1:66214 <-> SERVER-WEBAPP Laravel Livewire insecure deserialization attempt * 1:66218 <-> MALWARE-CNC Multios.Trojan.SILKBELL variant communication * 1:66219 <-> MALWARE-CNC Multios.Trojan.WAVESHAPER variant communication * 1:66222 <-> MALWARE-CNC Win.Trojan.Agent variant CNC outbound connection * 1:66223 <-> SERVER-WEBAPP Progress ShareFile authentication bypass attempt * 1:66224 <-> MALWARE-CNC Py.Trojan.TPCPSTEAL variant communication * 1:66225 <-> MALWARE-CNC Py.Trojan.TPCPSTEAL variant communication * 3:66217 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2026-2327 attack attempt
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.11.0.
The format of the file is:
gid:sid <-> Message
* 1:301464 <-> MALWARE-TOOLS Js.Exploit.DarkSword variant download attempt * 1:301465 <-> MALWARE-OTHER Win.Dropper.Agent download attempt * 1:66210 <-> SERVER-WEBAPP Zyxel ATP command injection attempt * 1:66211 <-> SERVER-WEBAPP Zyxel ATP command injection attempt * 1:66212 <-> SERVER-WEBAPP Zyxel ATP command injection attempt * 1:66213 <-> SERVER-WEBAPP Zyxel ATP command injection attempt * 1:66214 <-> SERVER-WEBAPP Laravel Livewire insecure deserialization attempt * 1:66218 <-> MALWARE-CNC Multios.Trojan.SILKBELL variant communication * 1:66219 <-> MALWARE-CNC Multios.Trojan.WAVESHAPER variant communication * 1:66222 <-> MALWARE-CNC Win.Trojan.Agent variant CNC outbound connection * 1:66223 <-> SERVER-WEBAPP Progress ShareFile authentication bypass attempt * 1:66224 <-> MALWARE-CNC Py.Trojan.TPCPSTEAL variant communication * 1:66225 <-> MALWARE-CNC Py.Trojan.TPCPSTEAL variant communication * 3:66217 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2026-2327 attack attempt
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.15.0.
The format of the file is:
gid:sid <-> Message
* 1:301464 <-> MALWARE-TOOLS Js.Exploit.DarkSword variant download attempt * 1:301465 <-> MALWARE-OTHER Win.Dropper.Agent download attempt * 1:66210 <-> SERVER-WEBAPP Zyxel ATP command injection attempt * 1:66211 <-> SERVER-WEBAPP Zyxel ATP command injection attempt * 1:66212 <-> SERVER-WEBAPP Zyxel ATP command injection attempt * 1:66213 <-> SERVER-WEBAPP Zyxel ATP command injection attempt * 1:66214 <-> SERVER-WEBAPP Laravel Livewire insecure deserialization attempt * 1:66218 <-> MALWARE-CNC Multios.Trojan.SILKBELL variant communication * 1:66219 <-> MALWARE-CNC Multios.Trojan.WAVESHAPER variant communication * 1:66222 <-> MALWARE-CNC Win.Trojan.Agent variant CNC outbound connection * 1:66223 <-> SERVER-WEBAPP Progress ShareFile authentication bypass attempt * 1:66224 <-> MALWARE-CNC Py.Trojan.TPCPSTEAL variant communication * 1:66225 <-> MALWARE-CNC Py.Trojan.TPCPSTEAL variant communication * 3:66217 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2026-2327 attack attempt
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.18.0.
The format of the file is:
gid:sid <-> Message
* 1:301464 <-> MALWARE-TOOLS Js.Exploit.DarkSword variant download attempt * 1:301465 <-> MALWARE-OTHER Win.Dropper.Agent download attempt * 1:66210 <-> SERVER-WEBAPP Zyxel ATP command injection attempt * 1:66211 <-> SERVER-WEBAPP Zyxel ATP command injection attempt * 1:66212 <-> SERVER-WEBAPP Zyxel ATP command injection attempt * 1:66213 <-> SERVER-WEBAPP Zyxel ATP command injection attempt * 1:66214 <-> SERVER-WEBAPP Laravel Livewire insecure deserialization attempt * 1:66218 <-> MALWARE-CNC Multios.Trojan.SILKBELL variant communication * 1:66219 <-> MALWARE-CNC Multios.Trojan.WAVESHAPER variant communication * 1:66222 <-> MALWARE-CNC Win.Trojan.Agent variant CNC outbound connection * 1:66223 <-> SERVER-WEBAPP Progress ShareFile authentication bypass attempt * 1:66224 <-> MALWARE-CNC Py.Trojan.TPCPSTEAL variant communication * 1:66225 <-> MALWARE-CNC Py.Trojan.TPCPSTEAL variant communication * 3:66217 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2026-2327 attack attempt
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.12.0.0.
The format of the file is:
gid:sid <-> Message
* 1:301464 <-> MALWARE-TOOLS Js.Exploit.DarkSword variant download attempt * 1:301465 <-> MALWARE-OTHER Win.Dropper.Agent download attempt * 1:66210 <-> SERVER-WEBAPP Zyxel ATP command injection attempt * 1:66211 <-> SERVER-WEBAPP Zyxel ATP command injection attempt * 1:66212 <-> SERVER-WEBAPP Zyxel ATP command injection attempt * 1:66213 <-> SERVER-WEBAPP Zyxel ATP command injection attempt * 1:66214 <-> SERVER-WEBAPP Laravel Livewire insecure deserialization attempt * 1:66218 <-> MALWARE-CNC Multios.Trojan.SILKBELL variant communication * 1:66219 <-> MALWARE-CNC Multios.Trojan.WAVESHAPER variant communication * 1:66222 <-> MALWARE-CNC Win.Trojan.Agent variant CNC outbound connection * 1:66223 <-> SERVER-WEBAPP Progress ShareFile authentication bypass attempt * 1:66224 <-> MALWARE-CNC Py.Trojan.TPCPSTEAL variant communication * 1:66225 <-> MALWARE-CNC Py.Trojan.TPCPSTEAL variant communication * 3:66217 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2026-2327 attack attempt
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.21.0.
The format of the file is:
gid:sid <-> Message
* 1:301464 <-> MALWARE-TOOLS Js.Exploit.DarkSword variant download attempt * 1:301465 <-> MALWARE-OTHER Win.Dropper.Agent download attempt * 1:66210 <-> SERVER-WEBAPP Zyxel ATP command injection attempt * 1:66211 <-> SERVER-WEBAPP Zyxel ATP command injection attempt * 1:66212 <-> SERVER-WEBAPP Zyxel ATP command injection attempt * 1:66213 <-> SERVER-WEBAPP Zyxel ATP command injection attempt * 1:66214 <-> SERVER-WEBAPP Laravel Livewire insecure deserialization attempt * 1:66218 <-> MALWARE-CNC Multios.Trojan.SILKBELL variant communication * 1:66219 <-> MALWARE-CNC Multios.Trojan.WAVESHAPER variant communication * 1:66222 <-> MALWARE-CNC Win.Trojan.Agent variant CNC outbound connection * 1:66223 <-> SERVER-WEBAPP Progress ShareFile authentication bypass attempt * 1:66224 <-> MALWARE-CNC Py.Trojan.TPCPSTEAL variant communication * 1:66225 <-> MALWARE-CNC Py.Trojan.TPCPSTEAL variant communication * 3:66217 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2026-2327 attack attempt
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.35.0.
The format of the file is:
gid:sid <-> Message
* 1:301464 <-> MALWARE-TOOLS Js.Exploit.DarkSword variant download attempt * 1:301465 <-> MALWARE-OTHER Win.Dropper.Agent download attempt * 1:66210 <-> SERVER-WEBAPP Zyxel ATP command injection attempt * 1:66211 <-> SERVER-WEBAPP Zyxel ATP command injection attempt * 1:66212 <-> SERVER-WEBAPP Zyxel ATP command injection attempt * 1:66213 <-> SERVER-WEBAPP Zyxel ATP command injection attempt * 1:66214 <-> SERVER-WEBAPP Laravel Livewire insecure deserialization attempt * 1:66218 <-> MALWARE-CNC Multios.Trojan.SILKBELL variant communication * 1:66219 <-> MALWARE-CNC Multios.Trojan.WAVESHAPER variant communication * 1:66222 <-> MALWARE-CNC Win.Trojan.Agent variant CNC outbound connection * 1:66223 <-> SERVER-WEBAPP Progress ShareFile authentication bypass attempt * 1:66224 <-> MALWARE-CNC Py.Trojan.TPCPSTEAL variant communication * 1:66225 <-> MALWARE-CNC Py.Trojan.TPCPSTEAL variant communication * 3:66217 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2026-2327 attack attempt
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.44.0.
The format of the file is:
gid:sid <-> Message
* 1:301464 <-> MALWARE-TOOLS Js.Exploit.DarkSword variant download attempt * 1:301465 <-> MALWARE-OTHER Win.Dropper.Agent download attempt * 1:66210 <-> SERVER-WEBAPP Zyxel ATP command injection attempt * 1:66211 <-> SERVER-WEBAPP Zyxel ATP command injection attempt * 1:66212 <-> SERVER-WEBAPP Zyxel ATP command injection attempt * 1:66213 <-> SERVER-WEBAPP Zyxel ATP command injection attempt * 1:66214 <-> SERVER-WEBAPP Laravel Livewire insecure deserialization attempt * 1:66218 <-> MALWARE-CNC Multios.Trojan.SILKBELL variant communication * 1:66219 <-> MALWARE-CNC Multios.Trojan.WAVESHAPER variant communication * 1:66222 <-> MALWARE-CNC Win.Trojan.Agent variant CNC outbound connection * 1:66223 <-> SERVER-WEBAPP Progress ShareFile authentication bypass attempt * 1:66224 <-> MALWARE-CNC Py.Trojan.TPCPSTEAL variant communication * 1:66225 <-> MALWARE-CNC Py.Trojan.TPCPSTEAL variant communication * 3:66217 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2026-2327 attack attempt
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.47.0.
The format of the file is:
gid:sid <-> Message
* 1:301464 <-> MALWARE-TOOLS Js.Exploit.DarkSword variant download attempt * 1:301465 <-> MALWARE-OTHER Win.Dropper.Agent download attempt * 1:66210 <-> SERVER-WEBAPP Zyxel ATP command injection attempt * 1:66211 <-> SERVER-WEBAPP Zyxel ATP command injection attempt * 1:66212 <-> SERVER-WEBAPP Zyxel ATP command injection attempt * 1:66213 <-> SERVER-WEBAPP Zyxel ATP command injection attempt * 1:66214 <-> SERVER-WEBAPP Laravel Livewire insecure deserialization attempt * 1:66218 <-> MALWARE-CNC Multios.Trojan.SILKBELL variant communication * 1:66219 <-> MALWARE-CNC Multios.Trojan.WAVESHAPER variant communication * 1:66222 <-> MALWARE-CNC Win.Trojan.Agent variant CNC outbound connection * 1:66223 <-> SERVER-WEBAPP Progress ShareFile authentication bypass attempt * 1:66224 <-> MALWARE-CNC Py.Trojan.TPCPSTEAL variant communication * 1:66225 <-> MALWARE-CNC Py.Trojan.TPCPSTEAL variant communication * 3:66217 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2026-2327 attack attempt
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.11.0.0.
The format of the file is:
gid:sid <-> Message
* 1:301464 <-> MALWARE-TOOLS Js.Exploit.DarkSword variant download attempt * 1:301465 <-> MALWARE-OTHER Win.Dropper.Agent download attempt * 1:66210 <-> SERVER-WEBAPP Zyxel ATP command injection attempt * 1:66211 <-> SERVER-WEBAPP Zyxel ATP command injection attempt * 1:66212 <-> SERVER-WEBAPP Zyxel ATP command injection attempt * 1:66213 <-> SERVER-WEBAPP Zyxel ATP command injection attempt * 1:66214 <-> SERVER-WEBAPP Laravel Livewire insecure deserialization attempt * 1:66218 <-> MALWARE-CNC Multios.Trojan.SILKBELL variant communication * 1:66219 <-> MALWARE-CNC Multios.Trojan.WAVESHAPER variant communication * 1:66222 <-> MALWARE-CNC Win.Trojan.Agent variant CNC outbound connection * 1:66223 <-> SERVER-WEBAPP Progress ShareFile authentication bypass attempt * 1:66224 <-> MALWARE-CNC Py.Trojan.TPCPSTEAL variant communication * 1:66225 <-> MALWARE-CNC Py.Trojan.TPCPSTEAL variant communication * 3:66217 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2026-2327 attack attempt
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.12.0.0.
The format of the file is:
gid:sid <-> Message
* 1:301464 <-> MALWARE-TOOLS Js.Exploit.DarkSword variant download attempt * 1:301465 <-> MALWARE-OTHER Win.Dropper.Agent download attempt * 1:66210 <-> SERVER-WEBAPP Zyxel ATP command injection attempt * 1:66211 <-> SERVER-WEBAPP Zyxel ATP command injection attempt * 1:66212 <-> SERVER-WEBAPP Zyxel ATP command injection attempt * 1:66213 <-> SERVER-WEBAPP Zyxel ATP command injection attempt * 1:66214 <-> SERVER-WEBAPP Laravel Livewire insecure deserialization attempt * 1:66218 <-> MALWARE-CNC Multios.Trojan.SILKBELL variant communication * 1:66219 <-> MALWARE-CNC Multios.Trojan.WAVESHAPER variant communication * 1:66222 <-> MALWARE-CNC Win.Trojan.Agent variant CNC outbound connection * 1:66223 <-> SERVER-WEBAPP Progress ShareFile authentication bypass attempt * 1:66224 <-> MALWARE-CNC Py.Trojan.TPCPSTEAL variant communication * 1:66225 <-> MALWARE-CNC Py.Trojan.TPCPSTEAL variant communication * 3:66217 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2026-2327 attack attempt
©2026 Cisco and/or its affiliates. Snort, the Snort and Pig logo are registered trademarks of Cisco. All rights reserved.