Cisco Talos released the newest rule set for SNORTⓇ this morning.
Tuesday's release includes several new rules relating to a recent wiper malware campaign that disguises itself as ransomware. These rules prevent the trojan used in this campaign from downloading a payload and also detects the open-source ASPXSpy malware which this adversary uses.
Here's a full breakdown of this release:
| Shared object rules | Modified shared object rules | New rules | Modified rules |
|---|---|---|---|
| 11 | 0 | 21 | 2 |
There were no changes made to the snort.conf in this release.
Talos' rule release:
Talos has added and modified multiple rules in the browser-chrome, file-pdf, malware-cnc, malware-other, policy-other and server-webapp rule sets to provide coverage for emerging threats from these technologies.