Talos has added and modified multiple rules in the browser-ie, exploit-kit, file-image, file-other, file-pdf, malware-cnc, malware-other, os-other, policy-other and server-other rule sets to provide coverage for emerging threats from these technologies.
For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:47280 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (file-other.rules) * 1:47292 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CTreePos type confusion attempt (browser-ie.rules) * 1:47279 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (file-other.rules) * 1:47259 <-> DISABLED <-> FILE-OTHER Microsoft Excel malicious CSV code execution attempt (file-other.rules) * 1:47256 <-> DISABLED <-> FILE-OTHER Microsoft Excel malicious CSV code execution attempt (file-other.rules) * 1:47237 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro XPS out-of-bounds read attempt (file-other.rules) * 1:47243 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Mylobot inbound connection (malware-cnc.rules) * 1:47239 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader U3D data stream heap overflow attempt (file-pdf.rules) * 1:47248 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro crafted GIF file out-of-bounds read attempt (file-image.rules) * 1:47258 <-> DISABLED <-> FILE-OTHER Microsoft Excel malicious CSV code execution attempt (file-other.rules) * 1:47289 <-> DISABLED <-> FILE-PDF Adobe Reader JavaScript exportAsFDFStr out-of-bounds write attempt (file-pdf.rules) * 1:47238 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro XPS out-of-bounds read attempt (file-other.rules) * 1:47283 <-> DISABLED <-> FILE-OTHER Adobe Reader HTML to PDF conversion getMatchedCSSRules use-after-free attempt (file-other.rules) * 1:47287 <-> DISABLED <-> FILE-PDF Adobe Reader JavaScript XSLT parsing out-of-bounds read attempt (file-pdf.rules) * 1:47284 <-> DISABLED <-> FILE-OTHER Adobe Reader HTML to PDF conversion getMatchedCSSRules use-after-free attempt (file-other.rules) * 1:47278 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Gandcrab variant network share encryption attempt (malware-other.rules) * 1:47242 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Mylobot additional payload download (malware-cnc.rules) * 1:47257 <-> DISABLED <-> FILE-OTHER Microsoft Excel malicious CSV code execution attempt (file-other.rules) * 1:47277 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file PPDoc out-of-bounds read attempt (file-other.rules) * 1:47275 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (file-other.rules) * 1:47276 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file PPDoc out-of-bounds read attempt (file-other.rules) * 1:47260 <-> DISABLED <-> FILE-OTHER Microsoft Excel malicious CSV code execution attempt (file-other.rules) * 1:47261 <-> DISABLED <-> FILE-OTHER Microsoft Excel malicious CSV code execution attempt (file-other.rules) * 1:47236 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Prowli variant outbound connection (malware-cnc.rules) * 1:47240 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader U3D data stream heap overflow attempt (file-pdf.rules) * 1:47255 <-> DISABLED <-> FILE-OTHER Microsoft Excel malicious CSV code execution attempt (file-other.rules) * 1:47291 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CTreePos type confusion attempt (browser-ie.rules) * 1:47293 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CTreePos type confusion attempt (browser-ie.rules) * 1:47268 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (file-other.rules) * 1:47246 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS TTF out-of-bounds read attempt (file-other.rules) * 1:47247 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro crafted GIF file out-of-bounds read attempt (file-image.rules) * 1:47244 <-> ENABLED <-> MALWARE-CNC Win.Malware.Ramnit outbound REGISTER_BOT beacon (malware-cnc.rules) * 1:47267 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (file-other.rules) * 1:47269 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (file-other.rules) * 1:47270 <-> DISABLED <-> FILE-PDF Adobe Reader JavaScript XSL value-of select transformation out-of-bounds write attempt (file-pdf.rules) * 1:47271 <-> DISABLED <-> FILE-PDF Adobe Reader JavaScript XSL value-of select transformation out-of-bounds write attempt (file-pdf.rules) * 1:47274 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (file-other.rules) * 1:47252 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro use after free attempt (file-other.rules) * 1:47251 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro use after free attempt (file-other.rules) * 1:47262 <-> DISABLED <-> FILE-OTHER Microsoft Excel malicious CSV code execution attempt (file-other.rules) * 1:47253 <-> ENABLED <-> POLICY-OTHER cryptomining javascript client detected (policy-other.rules) * 1:47263 <-> DISABLED <-> FILE-OTHER Microsoft Excel malicious CSV code execution attempt (file-other.rules) * 1:47264 <-> ENABLED <-> MALWARE-CNC Win.Trojan.ICLoader outbound connection (malware-cnc.rules) * 1:47265 <-> ENABLED <-> MALWARE-CNC Win.Trojan.ICLoader outbound connection (malware-cnc.rules) * 1:47266 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (file-other.rules) * 1:47254 <-> DISABLED <-> FILE-OTHER Microsoft Excel malicious CSV code execution attempt (file-other.rules) * 1:47241 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Mylobot additional payload download (malware-cnc.rules) * 1:47290 <-> DISABLED <-> FILE-PDF Adobe Reader JavaScript exportAsFDFStr out-of-bounds write attempt (file-pdf.rules) * 1:47288 <-> DISABLED <-> FILE-PDF Adobe Reader JavaScript XSLT parsing out-of-bounds read attempt (file-pdf.rules) * 1:47294 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CTreePos type confusion attempt (browser-ie.rules) * 1:47245 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS TTF out-of-bounds read attempt (file-other.rules) * 1:47249 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS out-of-bounds read attempt (file-other.rules) * 1:47250 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS out-of-bounds read attempt (file-other.rules) * 3:47281 <-> ENABLED <-> SERVER-OTHER Cisco SD-WAN Solution default login attempt (server-other.rules) * 3:47273 <-> ENABLED <-> OS-OTHER DHCPv6 flood denial of service attempt (os-other.rules) * 3:47272 <-> ENABLED <-> OS-OTHER DHCPv6 flood denial of service attempt (os-other.rules) * 3:47286 <-> ENABLED <-> SERVER-OTHER Cisco Policy Suite interface unauthenticated access attempt (server-other.rules) * 3:47282 <-> ENABLED <-> SERVER-OTHER Cisco SD-WAN Solution default login attempt (server-other.rules) * 3:47285 <-> ENABLED <-> SERVER-OTHER Cisco Policy Suite interface unauthenticated access attempt (server-other.rules)
* 1:44738 <-> DISABLED <-> EXPLOIT-KIT Sundown/Terror/Grandsoft/Magnitude exploit kit landing page detected (exploit-kit.rules) * 1:45549 <-> ENABLED <-> PUA-OTHER XMRig cryptocurrency mining pool connection attempt (pua-other.rules) * 3:31983 <-> ENABLED <-> OS-OTHER DHCPv6 flood denial of service attempt (os-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2990.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:47293 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CTreePos type confusion attempt (browser-ie.rules) * 1:47294 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CTreePos type confusion attempt (browser-ie.rules) * 1:47275 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (file-other.rules) * 1:47287 <-> DISABLED <-> FILE-PDF Adobe Reader JavaScript XSLT parsing out-of-bounds read attempt (file-pdf.rules) * 1:47292 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CTreePos type confusion attempt (browser-ie.rules) * 1:47290 <-> DISABLED <-> FILE-PDF Adobe Reader JavaScript exportAsFDFStr out-of-bounds write attempt (file-pdf.rules) * 1:47289 <-> DISABLED <-> FILE-PDF Adobe Reader JavaScript exportAsFDFStr out-of-bounds write attempt (file-pdf.rules) * 1:47283 <-> DISABLED <-> FILE-OTHER Adobe Reader HTML to PDF conversion getMatchedCSSRules use-after-free attempt (file-other.rules) * 1:47284 <-> DISABLED <-> FILE-OTHER Adobe Reader HTML to PDF conversion getMatchedCSSRules use-after-free attempt (file-other.rules) * 1:47280 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (file-other.rules) * 1:47278 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Gandcrab variant network share encryption attempt (malware-other.rules) * 1:47277 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file PPDoc out-of-bounds read attempt (file-other.rules) * 1:47279 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (file-other.rules) * 1:47236 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Prowli variant outbound connection (malware-cnc.rules) * 1:47237 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro XPS out-of-bounds read attempt (file-other.rules) * 1:47238 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro XPS out-of-bounds read attempt (file-other.rules) * 1:47239 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader U3D data stream heap overflow attempt (file-pdf.rules) * 1:47240 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader U3D data stream heap overflow attempt (file-pdf.rules) * 1:47241 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Mylobot additional payload download (malware-cnc.rules) * 1:47288 <-> DISABLED <-> FILE-PDF Adobe Reader JavaScript XSLT parsing out-of-bounds read attempt (file-pdf.rules) * 1:47242 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Mylobot additional payload download (malware-cnc.rules) * 1:47243 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Mylobot inbound connection (malware-cnc.rules) * 1:47244 <-> ENABLED <-> MALWARE-CNC Win.Malware.Ramnit outbound REGISTER_BOT beacon (malware-cnc.rules) * 1:47245 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS TTF out-of-bounds read attempt (file-other.rules) * 1:47246 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS TTF out-of-bounds read attempt (file-other.rules) * 1:47247 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro crafted GIF file out-of-bounds read attempt (file-image.rules) * 1:47248 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro crafted GIF file out-of-bounds read attempt (file-image.rules) * 1:47249 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS out-of-bounds read attempt (file-other.rules) * 1:47250 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS out-of-bounds read attempt (file-other.rules) * 1:47251 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro use after free attempt (file-other.rules) * 1:47252 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro use after free attempt (file-other.rules) * 1:47253 <-> ENABLED <-> POLICY-OTHER cryptomining javascript client detected (policy-other.rules) * 1:47274 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (file-other.rules) * 1:47254 <-> DISABLED <-> FILE-OTHER Microsoft Excel malicious CSV code execution attempt (file-other.rules) * 1:47291 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CTreePos type confusion attempt (browser-ie.rules) * 1:47276 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file PPDoc out-of-bounds read attempt (file-other.rules) * 1:47255 <-> DISABLED <-> FILE-OTHER Microsoft Excel malicious CSV code execution attempt (file-other.rules) * 1:47256 <-> DISABLED <-> FILE-OTHER Microsoft Excel malicious CSV code execution attempt (file-other.rules) * 1:47257 <-> DISABLED <-> FILE-OTHER Microsoft Excel malicious CSV code execution attempt (file-other.rules) * 1:47258 <-> DISABLED <-> FILE-OTHER Microsoft Excel malicious CSV code execution attempt (file-other.rules) * 1:47259 <-> DISABLED <-> FILE-OTHER Microsoft Excel malicious CSV code execution attempt (file-other.rules) * 1:47260 <-> DISABLED <-> FILE-OTHER Microsoft Excel malicious CSV code execution attempt (file-other.rules) * 1:47261 <-> DISABLED <-> FILE-OTHER Microsoft Excel malicious CSV code execution attempt (file-other.rules) * 1:47262 <-> DISABLED <-> FILE-OTHER Microsoft Excel malicious CSV code execution attempt (file-other.rules) * 1:47263 <-> DISABLED <-> FILE-OTHER Microsoft Excel malicious CSV code execution attempt (file-other.rules) * 1:47264 <-> ENABLED <-> MALWARE-CNC Win.Trojan.ICLoader outbound connection (malware-cnc.rules) * 1:47265 <-> ENABLED <-> MALWARE-CNC Win.Trojan.ICLoader outbound connection (malware-cnc.rules) * 1:47266 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (file-other.rules) * 1:47267 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (file-other.rules) * 1:47268 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (file-other.rules) * 1:47269 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (file-other.rules) * 1:47270 <-> DISABLED <-> FILE-PDF Adobe Reader JavaScript XSL value-of select transformation out-of-bounds write attempt (file-pdf.rules) * 1:47271 <-> DISABLED <-> FILE-PDF Adobe Reader JavaScript XSL value-of select transformation out-of-bounds write attempt (file-pdf.rules) * 3:47273 <-> ENABLED <-> OS-OTHER DHCPv6 flood denial of service attempt (os-other.rules) * 3:47272 <-> ENABLED <-> OS-OTHER DHCPv6 flood denial of service attempt (os-other.rules) * 3:47286 <-> ENABLED <-> SERVER-OTHER Cisco Policy Suite interface unauthenticated access attempt (server-other.rules) * 3:47285 <-> ENABLED <-> SERVER-OTHER Cisco Policy Suite interface unauthenticated access attempt (server-other.rules) * 3:47282 <-> ENABLED <-> SERVER-OTHER Cisco SD-WAN Solution default login attempt (server-other.rules) * 3:47281 <-> ENABLED <-> SERVER-OTHER Cisco SD-WAN Solution default login attempt (server-other.rules)
* 1:45549 <-> ENABLED <-> PUA-OTHER XMRig cryptocurrency mining pool connection attempt (pua-other.rules) * 1:44738 <-> DISABLED <-> EXPLOIT-KIT Sundown/Terror/Grandsoft/Magnitude exploit kit landing page detected (exploit-kit.rules) * 3:31983 <-> ENABLED <-> OS-OTHER DHCPv6 flood denial of service attempt (os-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3000.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:47284 <-> DISABLED <-> FILE-OTHER Adobe Reader HTML to PDF conversion getMatchedCSSRules use-after-free attempt (snort3-file-other.rules) * 1:47261 <-> DISABLED <-> FILE-OTHER Microsoft Excel malicious CSV code execution attempt (snort3-file-other.rules) * 1:47287 <-> DISABLED <-> FILE-PDF Adobe Reader JavaScript XSLT parsing out-of-bounds read attempt (snort3-file-pdf.rules) * 1:47249 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS out-of-bounds read attempt (snort3-file-other.rules) * 1:47237 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro XPS out-of-bounds read attempt (snort3-file-other.rules) * 1:47283 <-> DISABLED <-> FILE-OTHER Adobe Reader HTML to PDF conversion getMatchedCSSRules use-after-free attempt (snort3-file-other.rules) * 1:47289 <-> DISABLED <-> FILE-PDF Adobe Reader JavaScript exportAsFDFStr out-of-bounds write attempt (snort3-file-pdf.rules) * 1:47290 <-> DISABLED <-> FILE-PDF Adobe Reader JavaScript exportAsFDFStr out-of-bounds write attempt (snort3-file-pdf.rules) * 1:47294 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CTreePos type confusion attempt (snort3-browser-ie.rules) * 1:47293 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CTreePos type confusion attempt (snort3-browser-ie.rules) * 1:47292 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CTreePos type confusion attempt (snort3-browser-ie.rules) * 1:47238 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro XPS out-of-bounds read attempt (snort3-file-other.rules) * 1:47291 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CTreePos type confusion attempt (snort3-browser-ie.rules) * 1:47288 <-> DISABLED <-> FILE-PDF Adobe Reader JavaScript XSLT parsing out-of-bounds read attempt (snort3-file-pdf.rules) * 1:47255 <-> DISABLED <-> FILE-OTHER Microsoft Excel malicious CSV code execution attempt (snort3-file-other.rules) * 1:47246 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS TTF out-of-bounds read attempt (snort3-file-other.rules) * 1:47244 <-> ENABLED <-> MALWARE-CNC Win.Malware.Ramnit outbound REGISTER_BOT beacon (snort3-malware-cnc.rules) * 1:47245 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS TTF out-of-bounds read attempt (snort3-file-other.rules) * 1:47239 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader U3D data stream heap overflow attempt (snort3-file-pdf.rules) * 1:47242 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Mylobot additional payload download (snort3-malware-cnc.rules) * 1:47243 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Mylobot inbound connection (snort3-malware-cnc.rules) * 1:47241 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Mylobot additional payload download (snort3-malware-cnc.rules) * 1:47259 <-> DISABLED <-> FILE-OTHER Microsoft Excel malicious CSV code execution attempt (snort3-file-other.rules) * 1:47257 <-> DISABLED <-> FILE-OTHER Microsoft Excel malicious CSV code execution attempt (snort3-file-other.rules) * 1:47260 <-> DISABLED <-> FILE-OTHER Microsoft Excel malicious CSV code execution attempt (snort3-file-other.rules) * 1:47258 <-> DISABLED <-> FILE-OTHER Microsoft Excel malicious CSV code execution attempt (snort3-file-other.rules) * 1:47278 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Gandcrab variant network share encryption attempt (snort3-malware-other.rules) * 1:47279 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (snort3-file-other.rules) * 1:47280 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (snort3-file-other.rules) * 1:47276 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file PPDoc out-of-bounds read attempt (snort3-file-other.rules) * 1:47277 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file PPDoc out-of-bounds read attempt (snort3-file-other.rules) * 1:47274 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (snort3-file-other.rules) * 1:47236 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Prowli variant outbound connection (snort3-malware-cnc.rules) * 1:47240 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader U3D data stream heap overflow attempt (snort3-file-pdf.rules) * 1:47254 <-> DISABLED <-> FILE-OTHER Microsoft Excel malicious CSV code execution attempt (snort3-file-other.rules) * 1:47248 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro crafted GIF file out-of-bounds read attempt (snort3-file-image.rules) * 1:47247 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro crafted GIF file out-of-bounds read attempt (snort3-file-image.rules) * 1:47275 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (snort3-file-other.rules) * 1:47270 <-> DISABLED <-> FILE-PDF Adobe Reader JavaScript XSL value-of select transformation out-of-bounds write attempt (snort3-file-pdf.rules) * 1:47271 <-> DISABLED <-> FILE-PDF Adobe Reader JavaScript XSL value-of select transformation out-of-bounds write attempt (snort3-file-pdf.rules) * 1:47268 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (snort3-file-other.rules) * 1:47269 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (snort3-file-other.rules) * 1:47266 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (snort3-file-other.rules) * 1:47267 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (snort3-file-other.rules) * 1:47264 <-> ENABLED <-> MALWARE-CNC Win.Trojan.ICLoader outbound connection (snort3-malware-cnc.rules) * 1:47265 <-> ENABLED <-> MALWARE-CNC Win.Trojan.ICLoader outbound connection (snort3-malware-cnc.rules) * 1:47262 <-> DISABLED <-> FILE-OTHER Microsoft Excel malicious CSV code execution attempt (snort3-file-other.rules) * 1:47263 <-> DISABLED <-> FILE-OTHER Microsoft Excel malicious CSV code execution attempt (snort3-file-other.rules) * 1:47250 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS out-of-bounds read attempt (snort3-file-other.rules) * 1:47251 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro use after free attempt (snort3-file-other.rules) * 1:47252 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro use after free attempt (snort3-file-other.rules) * 1:47253 <-> ENABLED <-> POLICY-OTHER cryptomining javascript client detected (snort3-policy-other.rules) * 1:47256 <-> DISABLED <-> FILE-OTHER Microsoft Excel malicious CSV code execution attempt (snort3-file-other.rules)
* 1:44738 <-> DISABLED <-> EXPLOIT-KIT Sundown/Terror/Grandsoft/Magnitude exploit kit landing page detected (snort3-exploit-kit.rules) * 1:45549 <-> ENABLED <-> PUA-OTHER XMRig cryptocurrency mining pool connection attempt (snort3-pua-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091100.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:47278 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Gandcrab variant network share encryption attempt (malware-other.rules) * 1:47280 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (file-other.rules) * 1:47279 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (file-other.rules) * 1:47242 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Mylobot additional payload download (malware-cnc.rules) * 1:47289 <-> DISABLED <-> FILE-PDF Adobe Reader JavaScript exportAsFDFStr out-of-bounds write attempt (file-pdf.rules) * 1:47252 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro use after free attempt (file-other.rules) * 1:47238 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro XPS out-of-bounds read attempt (file-other.rules) * 1:47239 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader U3D data stream heap overflow attempt (file-pdf.rules) * 1:47237 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro XPS out-of-bounds read attempt (file-other.rules) * 1:47243 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Mylobot inbound connection (malware-cnc.rules) * 1:47251 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro use after free attempt (file-other.rules) * 1:47249 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS out-of-bounds read attempt (file-other.rules) * 1:47250 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS out-of-bounds read attempt (file-other.rules) * 1:47247 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro crafted GIF file out-of-bounds read attempt (file-image.rules) * 1:47248 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro crafted GIF file out-of-bounds read attempt (file-image.rules) * 1:47245 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS TTF out-of-bounds read attempt (file-other.rules) * 1:47246 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS TTF out-of-bounds read attempt (file-other.rules) * 1:47244 <-> ENABLED <-> MALWARE-CNC Win.Malware.Ramnit outbound REGISTER_BOT beacon (malware-cnc.rules) * 1:47288 <-> DISABLED <-> FILE-PDF Adobe Reader JavaScript XSLT parsing out-of-bounds read attempt (file-pdf.rules) * 1:47287 <-> DISABLED <-> FILE-PDF Adobe Reader JavaScript XSLT parsing out-of-bounds read attempt (file-pdf.rules) * 1:47283 <-> DISABLED <-> FILE-OTHER Adobe Reader HTML to PDF conversion getMatchedCSSRules use-after-free attempt (file-other.rules) * 1:47284 <-> DISABLED <-> FILE-OTHER Adobe Reader HTML to PDF conversion getMatchedCSSRules use-after-free attempt (file-other.rules) * 1:47294 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CTreePos type confusion attempt (browser-ie.rules) * 1:47293 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CTreePos type confusion attempt (browser-ie.rules) * 1:47292 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CTreePos type confusion attempt (browser-ie.rules) * 1:47291 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CTreePos type confusion attempt (browser-ie.rules) * 1:47290 <-> DISABLED <-> FILE-PDF Adobe Reader JavaScript exportAsFDFStr out-of-bounds write attempt (file-pdf.rules) * 1:47236 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Prowli variant outbound connection (malware-cnc.rules) * 1:47240 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader U3D data stream heap overflow attempt (file-pdf.rules) * 1:47241 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Mylobot additional payload download (malware-cnc.rules) * 1:47254 <-> DISABLED <-> FILE-OTHER Microsoft Excel malicious CSV code execution attempt (file-other.rules) * 1:47256 <-> DISABLED <-> FILE-OTHER Microsoft Excel malicious CSV code execution attempt (file-other.rules) * 1:47253 <-> ENABLED <-> POLICY-OTHER cryptomining javascript client detected (policy-other.rules) * 1:47255 <-> DISABLED <-> FILE-OTHER Microsoft Excel malicious CSV code execution attempt (file-other.rules) * 1:47277 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file PPDoc out-of-bounds read attempt (file-other.rules) * 1:47275 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (file-other.rules) * 1:47276 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file PPDoc out-of-bounds read attempt (file-other.rules) * 1:47271 <-> DISABLED <-> FILE-PDF Adobe Reader JavaScript XSL value-of select transformation out-of-bounds write attempt (file-pdf.rules) * 1:47274 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (file-other.rules) * 1:47269 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (file-other.rules) * 1:47270 <-> DISABLED <-> FILE-PDF Adobe Reader JavaScript XSL value-of select transformation out-of-bounds write attempt (file-pdf.rules) * 1:47267 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (file-other.rules) * 1:47268 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (file-other.rules) * 1:47265 <-> ENABLED <-> MALWARE-CNC Win.Trojan.ICLoader outbound connection (malware-cnc.rules) * 1:47266 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (file-other.rules) * 1:47263 <-> DISABLED <-> FILE-OTHER Microsoft Excel malicious CSV code execution attempt (file-other.rules) * 1:47264 <-> ENABLED <-> MALWARE-CNC Win.Trojan.ICLoader outbound connection (malware-cnc.rules) * 1:47261 <-> DISABLED <-> FILE-OTHER Microsoft Excel malicious CSV code execution attempt (file-other.rules) * 1:47262 <-> DISABLED <-> FILE-OTHER Microsoft Excel malicious CSV code execution attempt (file-other.rules) * 1:47259 <-> DISABLED <-> FILE-OTHER Microsoft Excel malicious CSV code execution attempt (file-other.rules) * 1:47260 <-> DISABLED <-> FILE-OTHER Microsoft Excel malicious CSV code execution attempt (file-other.rules) * 1:47257 <-> DISABLED <-> FILE-OTHER Microsoft Excel malicious CSV code execution attempt (file-other.rules) * 1:47258 <-> DISABLED <-> FILE-OTHER Microsoft Excel malicious CSV code execution attempt (file-other.rules) * 3:47286 <-> ENABLED <-> SERVER-OTHER Cisco Policy Suite interface unauthenticated access attempt (server-other.rules) * 3:47282 <-> ENABLED <-> SERVER-OTHER Cisco SD-WAN Solution default login attempt (server-other.rules) * 3:47285 <-> ENABLED <-> SERVER-OTHER Cisco Policy Suite interface unauthenticated access attempt (server-other.rules) * 3:47272 <-> ENABLED <-> OS-OTHER DHCPv6 flood denial of service attempt (os-other.rules) * 3:47281 <-> ENABLED <-> SERVER-OTHER Cisco SD-WAN Solution default login attempt (server-other.rules) * 3:47273 <-> ENABLED <-> OS-OTHER DHCPv6 flood denial of service attempt (os-other.rules)
* 1:45549 <-> ENABLED <-> PUA-OTHER XMRig cryptocurrency mining pool connection attempt (pua-other.rules) * 1:44738 <-> DISABLED <-> EXPLOIT-KIT Sundown/Terror/Grandsoft/Magnitude exploit kit landing page detected (exploit-kit.rules) * 3:31983 <-> ENABLED <-> OS-OTHER DHCPv6 flood denial of service attempt (os-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091101.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:47263 <-> DISABLED <-> FILE-OTHER Microsoft Excel malicious CSV code execution attempt (file-other.rules) * 1:47246 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS TTF out-of-bounds read attempt (file-other.rules) * 1:47245 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS TTF out-of-bounds read attempt (file-other.rules) * 1:47244 <-> ENABLED <-> MALWARE-CNC Win.Malware.Ramnit outbound REGISTER_BOT beacon (malware-cnc.rules) * 1:47243 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Mylobot inbound connection (malware-cnc.rules) * 1:47242 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Mylobot additional payload download (malware-cnc.rules) * 1:47241 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Mylobot additional payload download (malware-cnc.rules) * 1:47240 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader U3D data stream heap overflow attempt (file-pdf.rules) * 1:47239 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader U3D data stream heap overflow attempt (file-pdf.rules) * 1:47238 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro XPS out-of-bounds read attempt (file-other.rules) * 1:47237 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro XPS out-of-bounds read attempt (file-other.rules) * 1:47236 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Prowli variant outbound connection (malware-cnc.rules) * 1:47262 <-> DISABLED <-> FILE-OTHER Microsoft Excel malicious CSV code execution attempt (file-other.rules) * 1:47261 <-> DISABLED <-> FILE-OTHER Microsoft Excel malicious CSV code execution attempt (file-other.rules) * 1:47260 <-> DISABLED <-> FILE-OTHER Microsoft Excel malicious CSV code execution attempt (file-other.rules) * 1:47259 <-> DISABLED <-> FILE-OTHER Microsoft Excel malicious CSV code execution attempt (file-other.rules) * 1:47258 <-> DISABLED <-> FILE-OTHER Microsoft Excel malicious CSV code execution attempt (file-other.rules) * 1:47257 <-> DISABLED <-> FILE-OTHER Microsoft Excel malicious CSV code execution attempt (file-other.rules) * 1:47256 <-> DISABLED <-> FILE-OTHER Microsoft Excel malicious CSV code execution attempt (file-other.rules) * 1:47255 <-> DISABLED <-> FILE-OTHER Microsoft Excel malicious CSV code execution attempt (file-other.rules) * 1:47254 <-> DISABLED <-> FILE-OTHER Microsoft Excel malicious CSV code execution attempt (file-other.rules) * 1:47253 <-> ENABLED <-> POLICY-OTHER cryptomining javascript client detected (policy-other.rules) * 1:47252 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro use after free attempt (file-other.rules) * 1:47251 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro use after free attempt (file-other.rules) * 1:47250 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS out-of-bounds read attempt (file-other.rules) * 1:47249 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS out-of-bounds read attempt (file-other.rules) * 1:47248 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro crafted GIF file out-of-bounds read attempt (file-image.rules) * 1:47247 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro crafted GIF file out-of-bounds read attempt (file-image.rules) * 1:47269 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (file-other.rules) * 1:47266 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (file-other.rules) * 1:47265 <-> ENABLED <-> MALWARE-CNC Win.Trojan.ICLoader outbound connection (malware-cnc.rules) * 1:47264 <-> ENABLED <-> MALWARE-CNC Win.Trojan.ICLoader outbound connection (malware-cnc.rules) * 1:47268 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (file-other.rules) * 1:47267 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (file-other.rules) * 1:47270 <-> DISABLED <-> FILE-PDF Adobe Reader JavaScript XSL value-of select transformation out-of-bounds write attempt (file-pdf.rules) * 1:47275 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (file-other.rules) * 1:47274 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (file-other.rules) * 1:47271 <-> DISABLED <-> FILE-PDF Adobe Reader JavaScript XSL value-of select transformation out-of-bounds write attempt (file-pdf.rules) * 1:47277 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file PPDoc out-of-bounds read attempt (file-other.rules) * 1:47276 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file PPDoc out-of-bounds read attempt (file-other.rules) * 1:47278 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Gandcrab variant network share encryption attempt (malware-other.rules) * 1:47294 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CTreePos type confusion attempt (browser-ie.rules) * 1:47293 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CTreePos type confusion attempt (browser-ie.rules) * 1:47292 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CTreePos type confusion attempt (browser-ie.rules) * 1:47291 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CTreePos type confusion attempt (browser-ie.rules) * 1:47290 <-> DISABLED <-> FILE-PDF Adobe Reader JavaScript exportAsFDFStr out-of-bounds write attempt (file-pdf.rules) * 1:47289 <-> DISABLED <-> FILE-PDF Adobe Reader JavaScript exportAsFDFStr out-of-bounds write attempt (file-pdf.rules) * 1:47288 <-> DISABLED <-> FILE-PDF Adobe Reader JavaScript XSLT parsing out-of-bounds read attempt (file-pdf.rules) * 1:47287 <-> DISABLED <-> FILE-PDF Adobe Reader JavaScript XSLT parsing out-of-bounds read attempt (file-pdf.rules) * 1:47284 <-> DISABLED <-> FILE-OTHER Adobe Reader HTML to PDF conversion getMatchedCSSRules use-after-free attempt (file-other.rules) * 1:47283 <-> DISABLED <-> FILE-OTHER Adobe Reader HTML to PDF conversion getMatchedCSSRules use-after-free attempt (file-other.rules) * 1:47280 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (file-other.rules) * 1:47279 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (file-other.rules) * 3:47272 <-> ENABLED <-> OS-OTHER DHCPv6 flood denial of service attempt (os-other.rules) * 3:47273 <-> ENABLED <-> OS-OTHER DHCPv6 flood denial of service attempt (os-other.rules) * 3:47281 <-> ENABLED <-> SERVER-OTHER Cisco SD-WAN Solution default login attempt (server-other.rules) * 3:47282 <-> ENABLED <-> SERVER-OTHER Cisco SD-WAN Solution default login attempt (server-other.rules) * 3:47285 <-> ENABLED <-> SERVER-OTHER Cisco Policy Suite interface unauthenticated access attempt (server-other.rules) * 3:47286 <-> ENABLED <-> SERVER-OTHER Cisco Policy Suite interface unauthenticated access attempt (server-other.rules)
* 1:44738 <-> DISABLED <-> EXPLOIT-KIT Sundown/Terror/Grandsoft/Magnitude exploit kit landing page detected (exploit-kit.rules) * 1:45549 <-> ENABLED <-> PUA-OTHER XMRig cryptocurrency mining pool connection attempt (pua-other.rules) * 3:31983 <-> ENABLED <-> OS-OTHER DHCPv6 flood denial of service attempt (os-other.rules)
©2024 Cisco and/or its affiliates. Snort, the Snort and Pig logo are registered trademarks of Cisco. All rights reserved.
