Talos has added and modified multiple rules in the file-flash, file-office, file-other, file-pdf, indicator-obfuscation, malware-cnc, malware-other, os-windows, protocol-other and server-webapp rule sets to provide coverage for emerging threats from these technologies.
For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:48859 <-> ENABLED <-> MALWARE-CNC MuddyWater variant malicious document download attempt (malware-cnc.rules) * 1:48860 <-> ENABLED <-> MALWARE-CNC MuddyWater variant malicious document download attempt (malware-cnc.rules) * 1:48846 <-> ENABLED <-> MALWARE-CNC Osx.Trojan.WindTail outbound connection (malware-cnc.rules) * 1:48849 <-> ENABLED <-> FILE-PDF Adobe Reader Javascript ANAuthenticateResource use-after-free attempt (file-pdf.rules) * 1:48840 <-> DISABLED <-> SERVER-WEBAPP Wifi-Soft Unibox diagnostic_tools_controller.php command injection attempt (server-webapp.rules) * 1:48856 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.L0rdix binary download attempt (malware-other.rules) * 1:48841 <-> DISABLED <-> SERVER-WEBAPP Wifi-Soft Unibox ping.php command injection attempt (server-webapp.rules) * 1:48857 <-> ENABLED <-> MALWARE-CNC Win.Trojan.L0rdix send client settings attempt (malware-cnc.rules) * 1:48842 <-> DISABLED <-> SERVER-WEBAPP Wifi-Soft Unibox ping.php command injection attempt (server-webapp.rules) * 1:48839 <-> DISABLED <-> SERVER-WEBAPP Wifi-Soft Unibox diagnostic_tools_controller.php command injection attempt (server-webapp.rules) * 1:48862 <-> DISABLED <-> INDICATOR-OBFUSCATION Potential Z-WASP malicious URL obfuscation attempt (indicator-obfuscation.rules) * 1:48843 <-> DISABLED <-> SERVER-WEBAPP Wifi-Soft Unibox ping.php command injection attempt (server-webapp.rules) * 1:48837 <-> DISABLED <-> SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt (server-webapp.rules) * 1:48848 <-> ENABLED <-> FILE-PDF Adobe Reader Javascript ANAuthenticateResource use-after-free attempt (file-pdf.rules) * 1:48861 <-> DISABLED <-> INDICATOR-OBFUSCATION Potential Z-WASP malicious URL obfuscation attempt (indicator-obfuscation.rules) * 1:48838 <-> DISABLED <-> SERVER-WEBAPP Wifi-Soft Unibox diagnostic_tools_controller.php command injection attempt (server-webapp.rules) * 1:48847 <-> ENABLED <-> MALWARE-CNC Osx.Trojan.WindTail outbound connection (malware-cnc.rules) * 1:48844 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Zebrocy variant outbound connection (malware-cnc.rules) * 1:48858 <-> ENABLED <-> MALWARE-CNC Win.Trojan.L0rdix send system log attempt (malware-cnc.rules) * 1:48845 <-> ENABLED <-> MALWARE-CNC Osx.Trojan.WindTail outbound connection (malware-cnc.rules) * 1:48864 <-> DISABLED <-> INDICATOR-OBFUSCATION Potential Z-WASP malicious URL obfuscation attempt (indicator-obfuscation.rules) * 1:48863 <-> DISABLED <-> INDICATOR-OBFUSCATION Potential Z-WASP malicious URL obfuscation attempt (indicator-obfuscation.rules) * 3:48855 <-> ENABLED <-> PROTOCOL-OTHER TRUFFLEHUNTER TALOS-2019-0758 attack attempt (protocol-other.rules) * 3:48854 <-> ENABLED <-> PROTOCOL-OTHER TRUFFLEHUNTER TALOS-2019-0758 attack attempt (protocol-other.rules) * 3:48852 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2019-0757 attack attempt (file-other.rules) * 3:48851 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2019-0760 attack attempt (file-other.rules) * 3:48850 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2019-0760 attack attempt (file-other.rules) * 3:48853 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2019-0757 attack attempt (file-other.rules)
* 1:48735 <-> DISABLED <-> SERVER-WEBAPP MailCleaner managetracing searchAction command injection attempt (server-webapp.rules) * 1:48737 <-> DISABLED <-> SERVER-WEBAPP MailCleaner managetracing searchAction command injection attempt (server-webapp.rules) * 1:47202 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel fileVersion use-after-free attempt (file-office.rules) * 1:48624 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro integer overflow vulnerability attempt (file-other.rules) * 1:48777 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Data Sharing Service privilege escalation attempt (os-windows.rules) * 1:48736 <-> DISABLED <-> SERVER-WEBAPP MailCleaner managetracing searchAction command injection attempt (server-webapp.rules) * 1:20425 <-> DISABLED <-> PROTOCOL-VOIP Cisco 7940/7960 INVITE Remote-Party-ID header denial of service attempt (protocol-voip.rules) * 1:43455 <-> ENABLED <-> FILE-FLASH Adobe Flash Player writeExternal type confusion attempt (file-flash.rules) * 1:43454 <-> ENABLED <-> FILE-FLASH Adobe Flash Player writeExternal type confusion attempt (file-flash.rules) * 1:47201 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel fileVersion use-after-free attempt (file-office.rules) * 1:48623 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro integer overflow vulnerability attempt (file-other.rules) * 3:48297 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2018-0705 attack attempt (file-other.rules) * 3:48298 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2018-0705 attack attempt (file-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2990.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:48840 <-> DISABLED <-> SERVER-WEBAPP Wifi-Soft Unibox diagnostic_tools_controller.php command injection attempt (server-webapp.rules) * 1:48864 <-> DISABLED <-> INDICATOR-OBFUSCATION Potential Z-WASP malicious URL obfuscation attempt (indicator-obfuscation.rules) * 1:48849 <-> ENABLED <-> FILE-PDF Adobe Reader Javascript ANAuthenticateResource use-after-free attempt (file-pdf.rules) * 1:48862 <-> DISABLED <-> INDICATOR-OBFUSCATION Potential Z-WASP malicious URL obfuscation attempt (indicator-obfuscation.rules) * 1:48843 <-> DISABLED <-> SERVER-WEBAPP Wifi-Soft Unibox ping.php command injection attempt (server-webapp.rules) * 1:48841 <-> DISABLED <-> SERVER-WEBAPP Wifi-Soft Unibox ping.php command injection attempt (server-webapp.rules) * 1:48844 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Zebrocy variant outbound connection (malware-cnc.rules) * 1:48856 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.L0rdix binary download attempt (malware-other.rules) * 1:48861 <-> DISABLED <-> INDICATOR-OBFUSCATION Potential Z-WASP malicious URL obfuscation attempt (indicator-obfuscation.rules) * 1:48837 <-> DISABLED <-> SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt (server-webapp.rules) * 1:48839 <-> DISABLED <-> SERVER-WEBAPP Wifi-Soft Unibox diagnostic_tools_controller.php command injection attempt (server-webapp.rules) * 1:48846 <-> ENABLED <-> MALWARE-CNC Osx.Trojan.WindTail outbound connection (malware-cnc.rules) * 1:48838 <-> DISABLED <-> SERVER-WEBAPP Wifi-Soft Unibox diagnostic_tools_controller.php command injection attempt (server-webapp.rules) * 1:48847 <-> ENABLED <-> MALWARE-CNC Osx.Trojan.WindTail outbound connection (malware-cnc.rules) * 1:48845 <-> ENABLED <-> MALWARE-CNC Osx.Trojan.WindTail outbound connection (malware-cnc.rules) * 1:48858 <-> ENABLED <-> MALWARE-CNC Win.Trojan.L0rdix send system log attempt (malware-cnc.rules) * 1:48857 <-> ENABLED <-> MALWARE-CNC Win.Trojan.L0rdix send client settings attempt (malware-cnc.rules) * 1:48863 <-> DISABLED <-> INDICATOR-OBFUSCATION Potential Z-WASP malicious URL obfuscation attempt (indicator-obfuscation.rules) * 1:48859 <-> ENABLED <-> MALWARE-CNC MuddyWater variant malicious document download attempt (malware-cnc.rules) * 1:48842 <-> DISABLED <-> SERVER-WEBAPP Wifi-Soft Unibox ping.php command injection attempt (server-webapp.rules) * 1:48860 <-> ENABLED <-> MALWARE-CNC MuddyWater variant malicious document download attempt (malware-cnc.rules) * 1:48848 <-> ENABLED <-> FILE-PDF Adobe Reader Javascript ANAuthenticateResource use-after-free attempt (file-pdf.rules) * 3:48850 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2019-0760 attack attempt (file-other.rules) * 3:48851 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2019-0760 attack attempt (file-other.rules) * 3:48852 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2019-0757 attack attempt (file-other.rules) * 3:48853 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2019-0757 attack attempt (file-other.rules) * 3:48854 <-> ENABLED <-> PROTOCOL-OTHER TRUFFLEHUNTER TALOS-2019-0758 attack attempt (protocol-other.rules) * 3:48855 <-> ENABLED <-> PROTOCOL-OTHER TRUFFLEHUNTER TALOS-2019-0758 attack attempt (protocol-other.rules)
* 1:48624 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro integer overflow vulnerability attempt (file-other.rules) * 1:43454 <-> ENABLED <-> FILE-FLASH Adobe Flash Player writeExternal type confusion attempt (file-flash.rules) * 1:48777 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Data Sharing Service privilege escalation attempt (os-windows.rules) * 1:20425 <-> DISABLED <-> PROTOCOL-VOIP Cisco 7940/7960 INVITE Remote-Party-ID header denial of service attempt (protocol-voip.rules) * 1:47202 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel fileVersion use-after-free attempt (file-office.rules) * 1:47201 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel fileVersion use-after-free attempt (file-office.rules) * 1:48736 <-> DISABLED <-> SERVER-WEBAPP MailCleaner managetracing searchAction command injection attempt (server-webapp.rules) * 1:43455 <-> ENABLED <-> FILE-FLASH Adobe Flash Player writeExternal type confusion attempt (file-flash.rules) * 1:48735 <-> DISABLED <-> SERVER-WEBAPP MailCleaner managetracing searchAction command injection attempt (server-webapp.rules) * 1:48737 <-> DISABLED <-> SERVER-WEBAPP MailCleaner managetracing searchAction command injection attempt (server-webapp.rules) * 1:48623 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro integer overflow vulnerability attempt (file-other.rules) * 3:48298 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2018-0705 attack attempt (file-other.rules) * 3:48297 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2018-0705 attack attempt (file-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3000.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:48847 <-> ENABLED <-> MALWARE-CNC Osx.Trojan.WindTail outbound connection (snort3-malware-cnc.rules) * 1:48859 <-> ENABLED <-> MALWARE-CNC MuddyWater variant malicious document download attempt (snort3-malware-cnc.rules) * 1:48860 <-> ENABLED <-> MALWARE-CNC MuddyWater variant malicious document download attempt (snort3-malware-cnc.rules) * 1:48861 <-> DISABLED <-> INDICATOR-OBFUSCATION Potential Z-WASP malicious URL obfuscation attempt (snort3-indicator-obfuscation.rules) * 1:48848 <-> ENABLED <-> FILE-PDF Adobe Reader Javascript ANAuthenticateResource use-after-free attempt (snort3-file-pdf.rules) * 1:48864 <-> DISABLED <-> INDICATOR-OBFUSCATION Potential Z-WASP malicious URL obfuscation attempt (snort3-indicator-obfuscation.rules) * 1:48841 <-> DISABLED <-> SERVER-WEBAPP Wifi-Soft Unibox ping.php command injection attempt (snort3-server-webapp.rules) * 1:48862 <-> DISABLED <-> INDICATOR-OBFUSCATION Potential Z-WASP malicious URL obfuscation attempt (snort3-indicator-obfuscation.rules) * 1:48857 <-> ENABLED <-> MALWARE-CNC Win.Trojan.L0rdix send client settings attempt (snort3-malware-cnc.rules) * 1:48840 <-> DISABLED <-> SERVER-WEBAPP Wifi-Soft Unibox diagnostic_tools_controller.php command injection attempt (snort3-server-webapp.rules) * 1:48843 <-> DISABLED <-> SERVER-WEBAPP Wifi-Soft Unibox ping.php command injection attempt (snort3-server-webapp.rules) * 1:48858 <-> ENABLED <-> MALWARE-CNC Win.Trojan.L0rdix send system log attempt (snort3-malware-cnc.rules) * 1:48863 <-> DISABLED <-> INDICATOR-OBFUSCATION Potential Z-WASP malicious URL obfuscation attempt (snort3-indicator-obfuscation.rules) * 1:48838 <-> DISABLED <-> SERVER-WEBAPP Wifi-Soft Unibox diagnostic_tools_controller.php command injection attempt (snort3-server-webapp.rules) * 1:48846 <-> ENABLED <-> MALWARE-CNC Osx.Trojan.WindTail outbound connection (snort3-malware-cnc.rules) * 1:48849 <-> ENABLED <-> FILE-PDF Adobe Reader Javascript ANAuthenticateResource use-after-free attempt (snort3-file-pdf.rules) * 1:48856 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.L0rdix binary download attempt (snort3-malware-other.rules) * 1:48842 <-> DISABLED <-> SERVER-WEBAPP Wifi-Soft Unibox ping.php command injection attempt (snort3-server-webapp.rules) * 1:48837 <-> DISABLED <-> SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt (snort3-server-webapp.rules) * 1:48839 <-> DISABLED <-> SERVER-WEBAPP Wifi-Soft Unibox diagnostic_tools_controller.php command injection attempt (snort3-server-webapp.rules) * 1:48844 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Zebrocy variant outbound connection (snort3-malware-cnc.rules) * 1:48845 <-> ENABLED <-> MALWARE-CNC Osx.Trojan.WindTail outbound connection (snort3-malware-cnc.rules)
* 1:20425 <-> DISABLED <-> PROTOCOL-VOIP Cisco 7940/7960 INVITE Remote-Party-ID header denial of service attempt (snort3-protocol-voip.rules) * 1:43454 <-> ENABLED <-> FILE-FLASH Adobe Flash Player writeExternal type confusion attempt (snort3-file-flash.rules) * 1:43455 <-> ENABLED <-> FILE-FLASH Adobe Flash Player writeExternal type confusion attempt (snort3-file-flash.rules) * 1:47201 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel fileVersion use-after-free attempt (snort3-file-office.rules) * 1:47202 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel fileVersion use-after-free attempt (snort3-file-office.rules) * 1:48623 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro integer overflow vulnerability attempt (snort3-file-other.rules) * 1:48624 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro integer overflow vulnerability attempt (snort3-file-other.rules) * 1:48735 <-> DISABLED <-> SERVER-WEBAPP MailCleaner managetracing searchAction command injection attempt (snort3-server-webapp.rules) * 1:48736 <-> DISABLED <-> SERVER-WEBAPP MailCleaner managetracing searchAction command injection attempt (snort3-server-webapp.rules) * 1:48737 <-> DISABLED <-> SERVER-WEBAPP MailCleaner managetracing searchAction command injection attempt (snort3-server-webapp.rules) * 1:48777 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Data Sharing Service privilege escalation attempt (snort3-os-windows.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091101.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:48858 <-> ENABLED <-> MALWARE-CNC Win.Trojan.L0rdix send system log attempt (malware-cnc.rules) * 1:48838 <-> DISABLED <-> SERVER-WEBAPP Wifi-Soft Unibox diagnostic_tools_controller.php command injection attempt (server-webapp.rules) * 1:48843 <-> DISABLED <-> SERVER-WEBAPP Wifi-Soft Unibox ping.php command injection attempt (server-webapp.rules) * 1:48849 <-> ENABLED <-> FILE-PDF Adobe Reader Javascript ANAuthenticateResource use-after-free attempt (file-pdf.rules) * 1:48856 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.L0rdix binary download attempt (malware-other.rules) * 1:48862 <-> DISABLED <-> INDICATOR-OBFUSCATION Potential Z-WASP malicious URL obfuscation attempt (indicator-obfuscation.rules) * 1:48857 <-> ENABLED <-> MALWARE-CNC Win.Trojan.L0rdix send client settings attempt (malware-cnc.rules) * 1:48839 <-> DISABLED <-> SERVER-WEBAPP Wifi-Soft Unibox diagnostic_tools_controller.php command injection attempt (server-webapp.rules) * 1:48845 <-> ENABLED <-> MALWARE-CNC Osx.Trojan.WindTail outbound connection (malware-cnc.rules) * 1:48847 <-> ENABLED <-> MALWARE-CNC Osx.Trojan.WindTail outbound connection (malware-cnc.rules) * 1:48848 <-> ENABLED <-> FILE-PDF Adobe Reader Javascript ANAuthenticateResource use-after-free attempt (file-pdf.rules) * 1:48837 <-> DISABLED <-> SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt (server-webapp.rules) * 1:48860 <-> ENABLED <-> MALWARE-CNC MuddyWater variant malicious document download attempt (malware-cnc.rules) * 1:48863 <-> DISABLED <-> INDICATOR-OBFUSCATION Potential Z-WASP malicious URL obfuscation attempt (indicator-obfuscation.rules) * 1:48864 <-> DISABLED <-> INDICATOR-OBFUSCATION Potential Z-WASP malicious URL obfuscation attempt (indicator-obfuscation.rules) * 1:48859 <-> ENABLED <-> MALWARE-CNC MuddyWater variant malicious document download attempt (malware-cnc.rules) * 1:48844 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Zebrocy variant outbound connection (malware-cnc.rules) * 1:48841 <-> DISABLED <-> SERVER-WEBAPP Wifi-Soft Unibox ping.php command injection attempt (server-webapp.rules) * 1:48861 <-> DISABLED <-> INDICATOR-OBFUSCATION Potential Z-WASP malicious URL obfuscation attempt (indicator-obfuscation.rules) * 1:48840 <-> DISABLED <-> SERVER-WEBAPP Wifi-Soft Unibox diagnostic_tools_controller.php command injection attempt (server-webapp.rules) * 1:48842 <-> DISABLED <-> SERVER-WEBAPP Wifi-Soft Unibox ping.php command injection attempt (server-webapp.rules) * 1:48846 <-> ENABLED <-> MALWARE-CNC Osx.Trojan.WindTail outbound connection (malware-cnc.rules) * 3:48850 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2019-0760 attack attempt (file-other.rules) * 3:48851 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2019-0760 attack attempt (file-other.rules) * 3:48852 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2019-0757 attack attempt (file-other.rules) * 3:48853 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2019-0757 attack attempt (file-other.rules) * 3:48854 <-> ENABLED <-> PROTOCOL-OTHER TRUFFLEHUNTER TALOS-2019-0758 attack attempt (protocol-other.rules) * 3:48855 <-> ENABLED <-> PROTOCOL-OTHER TRUFFLEHUNTER TALOS-2019-0758 attack attempt (protocol-other.rules)
* 1:48623 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro integer overflow vulnerability attempt (file-other.rules) * 1:48735 <-> DISABLED <-> SERVER-WEBAPP MailCleaner managetracing searchAction command injection attempt (server-webapp.rules) * 1:48624 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro integer overflow vulnerability attempt (file-other.rules) * 1:47202 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel fileVersion use-after-free attempt (file-office.rules) * 1:48777 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Data Sharing Service privilege escalation attempt (os-windows.rules) * 1:43454 <-> ENABLED <-> FILE-FLASH Adobe Flash Player writeExternal type confusion attempt (file-flash.rules) * 1:43455 <-> ENABLED <-> FILE-FLASH Adobe Flash Player writeExternal type confusion attempt (file-flash.rules) * 1:47201 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel fileVersion use-after-free attempt (file-office.rules) * 1:20425 <-> DISABLED <-> PROTOCOL-VOIP Cisco 7940/7960 INVITE Remote-Party-ID header denial of service attempt (protocol-voip.rules) * 1:48737 <-> DISABLED <-> SERVER-WEBAPP MailCleaner managetracing searchAction command injection attempt (server-webapp.rules) * 1:48736 <-> DISABLED <-> SERVER-WEBAPP MailCleaner managetracing searchAction command injection attempt (server-webapp.rules) * 3:48297 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2018-0705 attack attempt (file-other.rules) * 3:48298 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2018-0705 attack attempt (file-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091200.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:48844 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Zebrocy variant outbound connection (malware-cnc.rules) * 1:48843 <-> DISABLED <-> SERVER-WEBAPP Wifi-Soft Unibox ping.php command injection attempt (server-webapp.rules) * 1:48842 <-> DISABLED <-> SERVER-WEBAPP Wifi-Soft Unibox ping.php command injection attempt (server-webapp.rules) * 1:48841 <-> DISABLED <-> SERVER-WEBAPP Wifi-Soft Unibox ping.php command injection attempt (server-webapp.rules) * 1:48840 <-> DISABLED <-> SERVER-WEBAPP Wifi-Soft Unibox diagnostic_tools_controller.php command injection attempt (server-webapp.rules) * 1:48839 <-> DISABLED <-> SERVER-WEBAPP Wifi-Soft Unibox diagnostic_tools_controller.php command injection attempt (server-webapp.rules) * 1:48838 <-> DISABLED <-> SERVER-WEBAPP Wifi-Soft Unibox diagnostic_tools_controller.php command injection attempt (server-webapp.rules) * 1:48837 <-> DISABLED <-> SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt (server-webapp.rules) * 1:48864 <-> DISABLED <-> INDICATOR-OBFUSCATION Potential Z-WASP malicious URL obfuscation attempt (indicator-obfuscation.rules) * 1:48863 <-> DISABLED <-> INDICATOR-OBFUSCATION Potential Z-WASP malicious URL obfuscation attempt (indicator-obfuscation.rules) * 1:48862 <-> DISABLED <-> INDICATOR-OBFUSCATION Potential Z-WASP malicious URL obfuscation attempt (indicator-obfuscation.rules) * 1:48861 <-> DISABLED <-> INDICATOR-OBFUSCATION Potential Z-WASP malicious URL obfuscation attempt (indicator-obfuscation.rules) * 1:48860 <-> ENABLED <-> MALWARE-CNC MuddyWater variant malicious document download attempt (malware-cnc.rules) * 1:48859 <-> ENABLED <-> MALWARE-CNC MuddyWater variant malicious document download attempt (malware-cnc.rules) * 1:48858 <-> ENABLED <-> MALWARE-CNC Win.Trojan.L0rdix send system log attempt (malware-cnc.rules) * 1:48857 <-> ENABLED <-> MALWARE-CNC Win.Trojan.L0rdix send client settings attempt (malware-cnc.rules) * 1:48856 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.L0rdix binary download attempt (malware-other.rules) * 1:48849 <-> ENABLED <-> FILE-PDF Adobe Reader Javascript ANAuthenticateResource use-after-free attempt (file-pdf.rules) * 1:48848 <-> ENABLED <-> FILE-PDF Adobe Reader Javascript ANAuthenticateResource use-after-free attempt (file-pdf.rules) * 1:48847 <-> ENABLED <-> MALWARE-CNC Osx.Trojan.WindTail outbound connection (malware-cnc.rules) * 1:48846 <-> ENABLED <-> MALWARE-CNC Osx.Trojan.WindTail outbound connection (malware-cnc.rules) * 1:48845 <-> ENABLED <-> MALWARE-CNC Osx.Trojan.WindTail outbound connection (malware-cnc.rules) * 3:48850 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2019-0760 attack attempt (file-other.rules) * 3:48851 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2019-0760 attack attempt (file-other.rules) * 3:48852 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2019-0757 attack attempt (file-other.rules) * 3:48853 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2019-0757 attack attempt (file-other.rules) * 3:48854 <-> ENABLED <-> PROTOCOL-OTHER TRUFFLEHUNTER TALOS-2019-0758 attack attempt (protocol-other.rules) * 3:48855 <-> ENABLED <-> PROTOCOL-OTHER TRUFFLEHUNTER TALOS-2019-0758 attack attempt (protocol-other.rules)
* 1:48735 <-> DISABLED <-> SERVER-WEBAPP MailCleaner managetracing searchAction command injection attempt (server-webapp.rules) * 1:20425 <-> DISABLED <-> PROTOCOL-VOIP Cisco 7940/7960 INVITE Remote-Party-ID header denial of service attempt (protocol-voip.rules) * 1:43454 <-> ENABLED <-> FILE-FLASH Adobe Flash Player writeExternal type confusion attempt (file-flash.rules) * 1:48737 <-> DISABLED <-> SERVER-WEBAPP MailCleaner managetracing searchAction command injection attempt (server-webapp.rules) * 1:47202 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel fileVersion use-after-free attempt (file-office.rules) * 1:48624 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro integer overflow vulnerability attempt (file-other.rules) * 1:48623 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro integer overflow vulnerability attempt (file-other.rules) * 1:48777 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Data Sharing Service privilege escalation attempt (os-windows.rules) * 1:48736 <-> DISABLED <-> SERVER-WEBAPP MailCleaner managetracing searchAction command injection attempt (server-webapp.rules) * 1:43455 <-> ENABLED <-> FILE-FLASH Adobe Flash Player writeExternal type confusion attempt (file-flash.rules) * 1:47201 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel fileVersion use-after-free attempt (file-office.rules) * 3:48297 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2018-0705 attack attempt (file-other.rules) * 3:48298 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2018-0705 attack attempt (file-other.rules)
©2024 Cisco and/or its affiliates. Snort, the Snort and Pig logo are registered trademarks of Cisco. All rights reserved.
