Snort rule update for June 22, 2021
Cisco Talos released the newest rule set for SNORTⓇ this morning.
Tuesday's release includes several new rules relating to a
recent wiper malware campaign that disguises itself as
ransomware. These rules prevent the trojan used in this campaign
from downloading a payload and also detects the open-source
ASPXSpy malware which this adversary uses.
Here's a full breakdown of this release:
.tg {border-collapse:collapse;border-spacing:0;} .tg
td{border-color:black;border-style:solid;border-width:1px;font-family:Arial,
sans-serif;font-size:14px; overflow:hidden;padding:10px
5px;word-break:normal;} .tg
th{border-color:black;border-style:solid;border-width:1px;font-family:Arial,
sans-serif;font-size:14px;
font-weight:normal;overflow:hidden;padding:10px
5px;word-break:normal;} .tg
.tg-6p4y{border-color:#efefef;font-weight:bold;text-align:left;vertical-align:top}
.tg
.tg-li6d{border-color:#efefef;text-align:center;vertical-align:top}
| Shared object rules |
Modified shared object rules |
New rules |
Modified rules |
| 11 |
0 |
21 |
2 |
There were no changes made
to the snort.conf in this
release.
Talos' rule release:
Talos has added and modified multiple rules in the browser-chrome,
file-pdf, malware-cnc, malware-other, policy-other and
server-webapp rule sets to provide coverage for emerging threats
from these technologies.
You can
subscribe to Talos' newest rule detection
functionality for as low as $29 a year with a personal account. Be
sure and see our business pricing as well
here. The Snort 3 release is also here after years of
development and improvements. Upgrade
here.
