A new SNORTⓇ rule release is available this morning, courtesy of Cisco Talos. Here's an overview at this rule set:
.tg {border-collapse:collapse;border-spacing:0;} .tg td{border-color:black;border-style:solid;border-width:1px;font-family:Arial, sans-serif;font-size:14px; overflow:hidden;padding:10px 5px;word-break:normal;} .tg th{border-color:black;border-style:solid;border-width:1px;font-family:Arial, sans-serif;font-size:14px; font-weight:normal;overflow:hidden;padding:10px 5px;word-break:normal;} .tg .tg-6p4y{border-color:#efefef;font-weight:bold;text-align:left;vertical-align:top} .tg .tg-li6d{border-color:#efefef;text-align:center;vertical-align:top}
| Shared object rules | Modified shared object rules | New rules | Modified rules |
|---|---|---|---|
| 0 | 0 | 5 | 501 |
Thursday's release provides a few new rules protecting against the Emotet botnet. Everyone already knows about Emotet, but it continues to grow, most recently targeting state and other local government agencies, according to a recent advisory from the U.S. Cybersecurity and Infrastructure Security Agency.
There were no changes made to the snort.conf in this release.
Talos's rule release: Talos has added and modified multiple rules in the malware-cnc and server-other rule sets to provide coverage for emerging threats from these technologies. You can subscribe to Talos' newest rule detection functionality for as low as $29 a year with a personal account. Be sure and see our business pricing as well here. Make sure and stay up to date to catch the most emerging threats.
