Snort rule update for Dec. 17, 2019

Cisco Talos just released the latest SNORT® rule update for all users. Talos urges all users to implement these rules as soon as possible to keep their networks and machines protected.
Today's release contains 34 new rules and 22 modified rules.
This ruleset provides protection against the recently discovered Zeppelin ransomware attack, which we will highlight below.

The new Zeppelin malware is targeting health care and tech companies in the U.S. and Europe. Researchers believe Zeppelin is a variant of the ransomware-as-a-service family known as Vega. While Vega started out earlier this year targeting Russian-speaking victims, researchers believe the malware could be in a new adversaries’ hands now that they are targeting users elsewhere. Zeppelin is highly configurable and can be deployed as an EXE, DLL, or wrapped in a PowerShell loader. These rules prevent Zeppelin from making an outbound connection and also stops the malware from being downloaded.
Talos has also added and modified multiple rules in the browser-firefox, browser-ie, browser-other, browser-plugins, file-pdf, indicator-compromise, malware-backdoor, malware-cnc, malware-other, os-windows, protocol-scada, server-apache and server-webapp rule sets to provide coverage for emerging threats from these technologies.
You can subscribe to Talos' newest rule detection functionality for as low as $29 a year with a personal account. Be sure and see our business pricing as well here. Make sure and stay up to date to catch the most emerging threats.