Tuesday, June 22, 2021

Snort rule update for June 22, 2021

Cisco Talos released the newest rule set for SNORTⓇ this morning.

Tuesday's release includes several new rules relating to a recent wiper malware campaign that disguises itself as ransomware. These rules prevent the trojan used in this campaign from downloading a payload and also detects the open-source ASPXSpy malware which this adversary uses.

Here's a full breakdown of this release:

Shared object rulesModified shared object rulesNew rulesModified rules
11 0212

There were no changes made to the snort.conf in this release.

Talos' rule release:

Talos has added and modified multiple rules in the browser-chrome, file-pdf, malware-cnc, malware-other, policy-other and server-webapp rule sets to provide coverage for emerging threats from these technologies.
You can subscribe to Talos' newest rule detection functionality for as low as $29 a year with a personal account. Be sure and see our business pricing as well here. The Snort 3 release is also here after years of development and improvements. Upgrade here.