Talos has added and modified multiple rules in the browser-firefox, exploit-kit, file-image, file-other, file-pdf, indicator-compromise and server-webapp rule sets to provide coverage for emerging threats from these technologies.
For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:48629 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file out-of-bounds read attempt (file-other.rules) * 1:48626 <-> ENABLED <-> BROWSER-FIREFOX Mozilla Firefox method array.prototype.push remote code execution attempt (browser-firefox.rules) * 1:48624 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro integer overflow vulnerability attempt (file-other.rules) * 1:48632 <-> ENABLED <-> FILE-PDF Adobe Acrobat PDF XFA node use-after-free attempt (file-pdf.rules) * 1:48631 <-> ENABLED <-> FILE-PDF Adobe Acrobat PDF XFA node use-after-free attempt (file-pdf.rules) * 1:48628 <-> ENABLED <-> FILE-PDF Adobe Acrobat integer overflow attempt (file-pdf.rules) * 1:48636 <-> ENABLED <-> FILE-PDF Adobe Acrobat out of bounds read attempt (file-pdf.rules) * 1:48634 <-> DISABLED <-> FILE-OTHER Adobe Acrobat EMF EMR_CREATEMONOBRUSH out-of-bounds write attempt (file-other.rules) * 1:48627 <-> ENABLED <-> FILE-PDF Adobe Acrobat integer overflow attempt (file-pdf.rules) * 1:48294 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader RegExp out of bounds read attempt (file-pdf.rules) * 1:48293 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader RegExp out of bounds read attempt (file-pdf.rules) * 1:48633 <-> DISABLED <-> FILE-OTHER Adobe Acrobat EMF EMR_CREATEMONOBRUSH out-of-bounds write attempt (file-other.rules) * 1:48622 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro malformed XPS JPEG out of bounds read attempt (file-other.rules) * 1:48623 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro integer overflow vulnerability attempt (file-other.rules) * 1:48637 <-> ENABLED <-> FILE-PDF Adobe Acrobat out of bounds read attempt (file-pdf.rules) * 1:48625 <-> ENABLED <-> BROWSER-FIREFOX Mozilla Firefox method array.prototype.push remote code execution attempt (browser-firefox.rules) * 1:48630 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file out-of-bounds read attempt (file-other.rules) * 3:48614 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2018-0752 attack attempt (server-webapp.rules) * 3:48615 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2018-0748 attack attempt (server-webapp.rules) * 3:48616 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2018-0748 attack attempt (server-webapp.rules) * 3:48617 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2018-0746 attack attempt (server-webapp.rules) * 3:48618 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2018-0747 attack attempt (policy-other.rules) * 3:48619 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2018-0750 attack attempt (server-webapp.rules) * 3:48620 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2018-0754 attack attempt (policy-other.rules) * 3:48621 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2018-0749 attack attempt (server-webapp.rules) * 3:48635 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2018-0753 attack attempt (server-webapp.rules)
* 1:47987 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file out-of-bounds read attempt (file-other.rules) * 1:47988 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file out-of-bounds read attempt (file-other.rules) * 1:48599 <-> DISABLED <-> FILE-PDF Adobe Acrobat index file parsing memory corruption attempt (file-pdf.rules) * 1:47963 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro WebCapture JavaScript manipulation type confusion attempt (file-other.rules) * 1:39362 <-> DISABLED <-> INDICATOR-COMPROMISE User-Agent blank user-agent string (indicator-compromise.rules) * 1:47964 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro WebCapture JavaScript manipulation type confusion attempt (file-other.rules) * 1:48043 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG APP2 marker memory corruption attempt (file-image.rules) * 1:28795 <-> ENABLED <-> EXPLOIT-KIT Goon/Infinity exploit kit payload download attempt (exploit-kit.rules) * 1:48598 <-> DISABLED <-> FILE-PDF Adobe Acrobat index file parsing memory corruption attempt (file-pdf.rules) * 1:48044 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG APP2 marker memory corruption attempt (file-image.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2990.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:48631 <-> ENABLED <-> FILE-PDF Adobe Acrobat PDF XFA node use-after-free attempt (file-pdf.rules) * 1:48623 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro integer overflow vulnerability attempt (file-other.rules) * 1:48630 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file out-of-bounds read attempt (file-other.rules) * 1:48633 <-> DISABLED <-> FILE-OTHER Adobe Acrobat EMF EMR_CREATEMONOBRUSH out-of-bounds write attempt (file-other.rules) * 1:48637 <-> ENABLED <-> FILE-PDF Adobe Acrobat out of bounds read attempt (file-pdf.rules) * 1:48629 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file out-of-bounds read attempt (file-other.rules) * 1:48628 <-> ENABLED <-> FILE-PDF Adobe Acrobat integer overflow attempt (file-pdf.rules) * 1:48624 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro integer overflow vulnerability attempt (file-other.rules) * 1:48632 <-> ENABLED <-> FILE-PDF Adobe Acrobat PDF XFA node use-after-free attempt (file-pdf.rules) * 1:48634 <-> DISABLED <-> FILE-OTHER Adobe Acrobat EMF EMR_CREATEMONOBRUSH out-of-bounds write attempt (file-other.rules) * 1:48622 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro malformed XPS JPEG out of bounds read attempt (file-other.rules) * 1:48625 <-> ENABLED <-> BROWSER-FIREFOX Mozilla Firefox method array.prototype.push remote code execution attempt (browser-firefox.rules) * 1:48636 <-> ENABLED <-> FILE-PDF Adobe Acrobat out of bounds read attempt (file-pdf.rules) * 1:48293 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader RegExp out of bounds read attempt (file-pdf.rules) * 1:48294 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader RegExp out of bounds read attempt (file-pdf.rules) * 1:48626 <-> ENABLED <-> BROWSER-FIREFOX Mozilla Firefox method array.prototype.push remote code execution attempt (browser-firefox.rules) * 1:48627 <-> ENABLED <-> FILE-PDF Adobe Acrobat integer overflow attempt (file-pdf.rules) * 3:48614 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2018-0752 attack attempt (server-webapp.rules) * 3:48615 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2018-0748 attack attempt (server-webapp.rules) * 3:48616 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2018-0748 attack attempt (server-webapp.rules) * 3:48617 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2018-0746 attack attempt (server-webapp.rules) * 3:48618 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2018-0747 attack attempt (policy-other.rules) * 3:48619 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2018-0750 attack attempt (server-webapp.rules) * 3:48620 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2018-0754 attack attempt (policy-other.rules) * 3:48621 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2018-0749 attack attempt (server-webapp.rules) * 3:48635 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2018-0753 attack attempt (server-webapp.rules)
* 1:48043 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG APP2 marker memory corruption attempt (file-image.rules) * 1:48599 <-> DISABLED <-> FILE-PDF Adobe Acrobat index file parsing memory corruption attempt (file-pdf.rules) * 1:47988 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file out-of-bounds read attempt (file-other.rules) * 1:47964 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro WebCapture JavaScript manipulation type confusion attempt (file-other.rules) * 1:47987 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file out-of-bounds read attempt (file-other.rules) * 1:28795 <-> ENABLED <-> EXPLOIT-KIT Goon/Infinity exploit kit payload download attempt (exploit-kit.rules) * 1:47963 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro WebCapture JavaScript manipulation type confusion attempt (file-other.rules) * 1:48598 <-> DISABLED <-> FILE-PDF Adobe Acrobat index file parsing memory corruption attempt (file-pdf.rules) * 1:48044 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG APP2 marker memory corruption attempt (file-image.rules) * 1:39362 <-> DISABLED <-> INDICATOR-COMPROMISE User-Agent blank user-agent string (indicator-compromise.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3000.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:48637 <-> ENABLED <-> FILE-PDF Adobe Acrobat out of bounds read attempt (snort3-file-pdf.rules) * 1:48622 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro malformed XPS JPEG out of bounds read attempt (snort3-file-other.rules) * 1:48623 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro integer overflow vulnerability attempt (snort3-file-other.rules) * 1:48624 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro integer overflow vulnerability attempt (snort3-file-other.rules) * 1:48294 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader RegExp out of bounds read attempt (snort3-file-pdf.rules) * 1:48636 <-> ENABLED <-> FILE-PDF Adobe Acrobat out of bounds read attempt (snort3-file-pdf.rules) * 1:48293 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader RegExp out of bounds read attempt (snort3-file-pdf.rules) * 1:48625 <-> ENABLED <-> BROWSER-FIREFOX Mozilla Firefox method array.prototype.push remote code execution attempt (snort3-browser-firefox.rules) * 1:48630 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file out-of-bounds read attempt (snort3-file-other.rules) * 1:48631 <-> ENABLED <-> FILE-PDF Adobe Acrobat PDF XFA node use-after-free attempt (snort3-file-pdf.rules) * 1:48626 <-> ENABLED <-> BROWSER-FIREFOX Mozilla Firefox method array.prototype.push remote code execution attempt (snort3-browser-firefox.rules) * 1:48632 <-> ENABLED <-> FILE-PDF Adobe Acrobat PDF XFA node use-after-free attempt (snort3-file-pdf.rules) * 1:48634 <-> DISABLED <-> FILE-OTHER Adobe Acrobat EMF EMR_CREATEMONOBRUSH out-of-bounds write attempt (snort3-file-other.rules) * 1:48627 <-> ENABLED <-> FILE-PDF Adobe Acrobat integer overflow attempt (snort3-file-pdf.rules) * 1:48628 <-> ENABLED <-> FILE-PDF Adobe Acrobat integer overflow attempt (snort3-file-pdf.rules) * 1:48629 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file out-of-bounds read attempt (snort3-file-other.rules) * 1:48633 <-> DISABLED <-> FILE-OTHER Adobe Acrobat EMF EMR_CREATEMONOBRUSH out-of-bounds write attempt (snort3-file-other.rules)
* 1:28795 <-> ENABLED <-> EXPLOIT-KIT Goon/Infinity exploit kit payload download attempt (snort3-exploit-kit.rules) * 1:47987 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file out-of-bounds read attempt (snort3-file-other.rules) * 1:47963 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro WebCapture JavaScript manipulation type confusion attempt (snort3-file-other.rules) * 1:39362 <-> DISABLED <-> INDICATOR-COMPROMISE User-Agent blank user-agent string (snort3-indicator-compromise.rules) * 1:47988 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file out-of-bounds read attempt (snort3-file-other.rules) * 1:48043 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG APP2 marker memory corruption attempt (snort3-file-image.rules) * 1:48599 <-> DISABLED <-> FILE-PDF Adobe Acrobat index file parsing memory corruption attempt (snort3-file-pdf.rules) * 1:48044 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG APP2 marker memory corruption attempt (snort3-file-image.rules) * 1:48598 <-> DISABLED <-> FILE-PDF Adobe Acrobat index file parsing memory corruption attempt (snort3-file-pdf.rules) * 1:47964 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro WebCapture JavaScript manipulation type confusion attempt (snort3-file-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091100.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:48637 <-> ENABLED <-> FILE-PDF Adobe Acrobat out of bounds read attempt (file-pdf.rules) * 1:48636 <-> ENABLED <-> FILE-PDF Adobe Acrobat out of bounds read attempt (file-pdf.rules) * 1:48632 <-> ENABLED <-> FILE-PDF Adobe Acrobat PDF XFA node use-after-free attempt (file-pdf.rules) * 1:48627 <-> ENABLED <-> FILE-PDF Adobe Acrobat integer overflow attempt (file-pdf.rules) * 1:48631 <-> ENABLED <-> FILE-PDF Adobe Acrobat PDF XFA node use-after-free attempt (file-pdf.rules) * 1:48293 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader RegExp out of bounds read attempt (file-pdf.rules) * 1:48294 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader RegExp out of bounds read attempt (file-pdf.rules) * 1:48630 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file out-of-bounds read attempt (file-other.rules) * 1:48633 <-> DISABLED <-> FILE-OTHER Adobe Acrobat EMF EMR_CREATEMONOBRUSH out-of-bounds write attempt (file-other.rules) * 1:48634 <-> DISABLED <-> FILE-OTHER Adobe Acrobat EMF EMR_CREATEMONOBRUSH out-of-bounds write attempt (file-other.rules) * 1:48622 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro malformed XPS JPEG out of bounds read attempt (file-other.rules) * 1:48623 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro integer overflow vulnerability attempt (file-other.rules) * 1:48624 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro integer overflow vulnerability attempt (file-other.rules) * 1:48625 <-> ENABLED <-> BROWSER-FIREFOX Mozilla Firefox method array.prototype.push remote code execution attempt (browser-firefox.rules) * 1:48629 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file out-of-bounds read attempt (file-other.rules) * 1:48628 <-> ENABLED <-> FILE-PDF Adobe Acrobat integer overflow attempt (file-pdf.rules) * 1:48626 <-> ENABLED <-> BROWSER-FIREFOX Mozilla Firefox method array.prototype.push remote code execution attempt (browser-firefox.rules) * 3:48614 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2018-0752 attack attempt (server-webapp.rules) * 3:48615 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2018-0748 attack attempt (server-webapp.rules) * 3:48616 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2018-0748 attack attempt (server-webapp.rules) * 3:48617 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2018-0746 attack attempt (server-webapp.rules) * 3:48618 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2018-0747 attack attempt (policy-other.rules) * 3:48619 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2018-0750 attack attempt (server-webapp.rules) * 3:48620 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2018-0754 attack attempt (policy-other.rules) * 3:48621 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2018-0749 attack attempt (server-webapp.rules) * 3:48635 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2018-0753 attack attempt (server-webapp.rules)
* 1:47988 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file out-of-bounds read attempt (file-other.rules) * 1:47987 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file out-of-bounds read attempt (file-other.rules) * 1:47963 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro WebCapture JavaScript manipulation type confusion attempt (file-other.rules) * 1:48043 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG APP2 marker memory corruption attempt (file-image.rules) * 1:47964 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro WebCapture JavaScript manipulation type confusion attempt (file-other.rules) * 1:39362 <-> DISABLED <-> INDICATOR-COMPROMISE User-Agent blank user-agent string (indicator-compromise.rules) * 1:48044 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG APP2 marker memory corruption attempt (file-image.rules) * 1:28795 <-> ENABLED <-> EXPLOIT-KIT Goon/Infinity exploit kit payload download attempt (exploit-kit.rules) * 1:48599 <-> DISABLED <-> FILE-PDF Adobe Acrobat index file parsing memory corruption attempt (file-pdf.rules) * 1:48598 <-> DISABLED <-> FILE-PDF Adobe Acrobat index file parsing memory corruption attempt (file-pdf.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091101.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:48631 <-> ENABLED <-> FILE-PDF Adobe Acrobat PDF XFA node use-after-free attempt (file-pdf.rules) * 1:48636 <-> ENABLED <-> FILE-PDF Adobe Acrobat out of bounds read attempt (file-pdf.rules) * 1:48629 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file out-of-bounds read attempt (file-other.rules) * 1:48630 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file out-of-bounds read attempt (file-other.rules) * 1:48632 <-> ENABLED <-> FILE-PDF Adobe Acrobat PDF XFA node use-after-free attempt (file-pdf.rules) * 1:48633 <-> DISABLED <-> FILE-OTHER Adobe Acrobat EMF EMR_CREATEMONOBRUSH out-of-bounds write attempt (file-other.rules) * 1:48293 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader RegExp out of bounds read attempt (file-pdf.rules) * 1:48294 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader RegExp out of bounds read attempt (file-pdf.rules) * 1:48634 <-> DISABLED <-> FILE-OTHER Adobe Acrobat EMF EMR_CREATEMONOBRUSH out-of-bounds write attempt (file-other.rules) * 1:48625 <-> ENABLED <-> BROWSER-FIREFOX Mozilla Firefox method array.prototype.push remote code execution attempt (browser-firefox.rules) * 1:48622 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro malformed XPS JPEG out of bounds read attempt (file-other.rules) * 1:48623 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro integer overflow vulnerability attempt (file-other.rules) * 1:48624 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro integer overflow vulnerability attempt (file-other.rules) * 1:48628 <-> ENABLED <-> FILE-PDF Adobe Acrobat integer overflow attempt (file-pdf.rules) * 1:48637 <-> ENABLED <-> FILE-PDF Adobe Acrobat out of bounds read attempt (file-pdf.rules) * 1:48627 <-> ENABLED <-> FILE-PDF Adobe Acrobat integer overflow attempt (file-pdf.rules) * 1:48626 <-> ENABLED <-> BROWSER-FIREFOX Mozilla Firefox method array.prototype.push remote code execution attempt (browser-firefox.rules) * 3:48614 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2018-0752 attack attempt (server-webapp.rules) * 3:48615 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2018-0748 attack attempt (server-webapp.rules) * 3:48616 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2018-0748 attack attempt (server-webapp.rules) * 3:48617 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2018-0746 attack attempt (server-webapp.rules) * 3:48618 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2018-0747 attack attempt (policy-other.rules) * 3:48619 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2018-0750 attack attempt (server-webapp.rules) * 3:48620 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2018-0754 attack attempt (policy-other.rules) * 3:48621 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2018-0749 attack attempt (server-webapp.rules) * 3:48635 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2018-0753 attack attempt (server-webapp.rules)
* 1:47988 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file out-of-bounds read attempt (file-other.rules) * 1:48043 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG APP2 marker memory corruption attempt (file-image.rules) * 1:47964 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro WebCapture JavaScript manipulation type confusion attempt (file-other.rules) * 1:28795 <-> ENABLED <-> EXPLOIT-KIT Goon/Infinity exploit kit payload download attempt (exploit-kit.rules) * 1:39362 <-> DISABLED <-> INDICATOR-COMPROMISE User-Agent blank user-agent string (indicator-compromise.rules) * 1:47987 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file out-of-bounds read attempt (file-other.rules) * 1:47963 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro WebCapture JavaScript manipulation type confusion attempt (file-other.rules) * 1:48599 <-> DISABLED <-> FILE-PDF Adobe Acrobat index file parsing memory corruption attempt (file-pdf.rules) * 1:48598 <-> DISABLED <-> FILE-PDF Adobe Acrobat index file parsing memory corruption attempt (file-pdf.rules) * 1:48044 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG APP2 marker memory corruption attempt (file-image.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091200.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:48630 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file out-of-bounds read attempt (file-other.rules) * 1:48629 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file out-of-bounds read attempt (file-other.rules) * 1:48628 <-> ENABLED <-> FILE-PDF Adobe Acrobat integer overflow attempt (file-pdf.rules) * 1:48627 <-> ENABLED <-> FILE-PDF Adobe Acrobat integer overflow attempt (file-pdf.rules) * 1:48626 <-> ENABLED <-> BROWSER-FIREFOX Mozilla Firefox method array.prototype.push remote code execution attempt (browser-firefox.rules) * 1:48625 <-> ENABLED <-> BROWSER-FIREFOX Mozilla Firefox method array.prototype.push remote code execution attempt (browser-firefox.rules) * 1:48624 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro integer overflow vulnerability attempt (file-other.rules) * 1:48623 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro integer overflow vulnerability attempt (file-other.rules) * 1:48622 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro malformed XPS JPEG out of bounds read attempt (file-other.rules) * 1:48294 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader RegExp out of bounds read attempt (file-pdf.rules) * 1:48293 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader RegExp out of bounds read attempt (file-pdf.rules) * 1:48637 <-> ENABLED <-> FILE-PDF Adobe Acrobat out of bounds read attempt (file-pdf.rules) * 1:48636 <-> ENABLED <-> FILE-PDF Adobe Acrobat out of bounds read attempt (file-pdf.rules) * 1:48634 <-> DISABLED <-> FILE-OTHER Adobe Acrobat EMF EMR_CREATEMONOBRUSH out-of-bounds write attempt (file-other.rules) * 1:48633 <-> DISABLED <-> FILE-OTHER Adobe Acrobat EMF EMR_CREATEMONOBRUSH out-of-bounds write attempt (file-other.rules) * 1:48632 <-> ENABLED <-> FILE-PDF Adobe Acrobat PDF XFA node use-after-free attempt (file-pdf.rules) * 1:48631 <-> ENABLED <-> FILE-PDF Adobe Acrobat PDF XFA node use-after-free attempt (file-pdf.rules) * 3:48614 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2018-0752 attack attempt (server-webapp.rules) * 3:48615 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2018-0748 attack attempt (server-webapp.rules) * 3:48616 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2018-0748 attack attempt (server-webapp.rules) * 3:48617 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2018-0746 attack attempt (server-webapp.rules) * 3:48618 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2018-0747 attack attempt (policy-other.rules) * 3:48619 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2018-0750 attack attempt (server-webapp.rules) * 3:48620 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2018-0754 attack attempt (policy-other.rules) * 3:48621 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2018-0749 attack attempt (server-webapp.rules) * 3:48635 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2018-0753 attack attempt (server-webapp.rules)
* 1:47987 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file out-of-bounds read attempt (file-other.rules) * 1:47988 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file out-of-bounds read attempt (file-other.rules) * 1:48043 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG APP2 marker memory corruption attempt (file-image.rules) * 1:28795 <-> ENABLED <-> EXPLOIT-KIT Goon/Infinity exploit kit payload download attempt (exploit-kit.rules) * 1:39362 <-> DISABLED <-> INDICATOR-COMPROMISE User-Agent blank user-agent string (indicator-compromise.rules) * 1:47963 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro WebCapture JavaScript manipulation type confusion attempt (file-other.rules) * 1:47964 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro WebCapture JavaScript manipulation type confusion attempt (file-other.rules) * 1:48599 <-> DISABLED <-> FILE-PDF Adobe Acrobat index file parsing memory corruption attempt (file-pdf.rules) * 1:48044 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG APP2 marker memory corruption attempt (file-image.rules) * 1:48598 <-> DISABLED <-> FILE-PDF Adobe Acrobat index file parsing memory corruption attempt (file-pdf.rules)
©2024 Cisco and/or its affiliates. Snort, the Snort and Pig logo are registered trademarks of Cisco. All rights reserved.
