Talos has added and modified multiple rules in the file-executable, file-flash, file-pdf, malware-cnc, pua-adware and server-webapp rule sets to provide coverage for emerging threats from these technologies.
For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2976.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:39474 <-> DISABLED <-> SERVER-WEBAPP Riverbed SteelCentral NetProfiler REST API login SQL injection attempt (server-webapp.rules) * 1:39465 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Unlock92 outbound connection attempt (malware-cnc.rules) * 1:39458 <-> ENABLED <-> FILE-FLASH Adobe Flash Player integer underflow attempt (file-flash.rules) * 1:39477 <-> DISABLED <-> SERVER-WEBAPP Riverbed SteelCentral NetProfiler port_config SQL injection attempt (server-webapp.rules) * 1:39468 <-> DISABLED <-> SERVER-WEBAPP ACTi ASOC command injection attempt (server-webapp.rules) * 1:39462 <-> DISABLED <-> SERVER-WEBAPP Oracle E-Business Suite SQL injection attempt (server-webapp.rules) * 1:39461 <-> DISABLED <-> SERVER-WEBAPP Oracle E-Business Suite SQL injection attempt (server-webapp.rules) * 1:39460 <-> DISABLED <-> SERVER-WEBAPP Oracle E-Business Suite SQL injection attempt (server-webapp.rules) * 1:39459 <-> DISABLED <-> SERVER-WEBAPP Oracle Web Cache HTTP header null byte injection attempt (server-webapp.rules) * 1:39455 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader U3D e3_bone object out of bounds memory access attempt (file-pdf.rules) * 1:39456 <-> DISABLED <-> SERVER-WEBAPP NAS4Free txtPHPCommand remote code execution attempt (server-webapp.rules) * 1:39475 <-> DISABLED <-> SERVER-WEBAPP Riverbed SteelCentral NetProfiler algorithm_settings SQL injection attempt (server-webapp.rules) * 1:39463 <-> ENABLED <-> FILE-EXECUTABLE McAfee LiveSafe malformed executable denial of service attempt (file-executable.rules) * 1:39464 <-> ENABLED <-> FILE-EXECUTABLE McAfee LiveSafe malformed executable denial of service attempt (file-executable.rules) * 1:39476 <-> DISABLED <-> SERVER-WEBAPP Riverbed SteelCentral NetProfiler export_report SQL injection attempt (server-webapp.rules) * 1:39469 <-> DISABLED <-> SERVER-WEBAPP ACTi ASOC command injection attempt (server-webapp.rules) * 1:39470 <-> DISABLED <-> SERVER-WEBAPP ACTi ASOC command injection attempt (server-webapp.rules) * 1:39472 <-> DISABLED <-> SERVER-OTHER Jenkins server auto-discovery attempt (server-other.rules) * 1:39471 <-> DISABLED <-> SERVER-WEBAPP ACTi ASOC command injection attempt (server-webapp.rules) * 1:39454 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader U3D e3_bone object out of bounds memory access attempt (file-pdf.rules) * 1:39453 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector arbitrary command execution attempt (server-other.rules) * 1:39457 <-> ENABLED <-> FILE-FLASH Adobe Flash Player integer underflow attempt (file-flash.rules) * 1:39473 <-> DISABLED <-> SERVER-WEBAPP Shopware getTemplateName directory traversal attempt (server-webapp.rules) * 3:39466 <-> ENABLED <-> FILE-EXECUTABLE TRUFFLEHUNTER TALOS-CAN-0182 attack attempt (file-executable.rules) * 3:39467 <-> ENABLED <-> FILE-EXECUTABLE TRUFFLEHUNTER TALOS-CAN-0182 attack attempt (file-executable.rules)
* 1:38310 <-> ENABLED <-> FILE-FLASH Adobe Flash Player integer underflow attempt (file-flash.rules) * 1:39443 <-> DISABLED <-> PUA-ADWARE Win.Adware.InstallFaster variant outbound connection attempt (pua-adware.rules) * 1:39399 <-> DISABLED <-> SERVER-WEBAPP Symantec open redirect in external URL .php script attempt (server-webapp.rules) * 1:39380 <-> DISABLED <-> SERVER-OTHER Symantec MIME parser updateheader heap buffer overflow attempt (server-other.rules) * 3:39161 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-CAN-0174 attack attempt (file-pdf.rules) * 3:39162 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-CAN-0174 attack attempt (file-pdf.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2982.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:39471 <-> DISABLED <-> SERVER-WEBAPP ACTi ASOC command injection attempt (server-webapp.rules) * 1:39472 <-> DISABLED <-> SERVER-OTHER Jenkins server auto-discovery attempt (server-other.rules) * 1:39469 <-> DISABLED <-> SERVER-WEBAPP ACTi ASOC command injection attempt (server-webapp.rules) * 1:39470 <-> DISABLED <-> SERVER-WEBAPP ACTi ASOC command injection attempt (server-webapp.rules) * 1:39465 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Unlock92 outbound connection attempt (malware-cnc.rules) * 1:39468 <-> DISABLED <-> SERVER-WEBAPP ACTi ASOC command injection attempt (server-webapp.rules) * 1:39464 <-> ENABLED <-> FILE-EXECUTABLE McAfee LiveSafe malformed executable denial of service attempt (file-executable.rules) * 1:39456 <-> DISABLED <-> SERVER-WEBAPP NAS4Free txtPHPCommand remote code execution attempt (server-webapp.rules) * 1:39453 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector arbitrary command execution attempt (server-other.rules) * 1:39455 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader U3D e3_bone object out of bounds memory access attempt (file-pdf.rules) * 1:39457 <-> ENABLED <-> FILE-FLASH Adobe Flash Player integer underflow attempt (file-flash.rules) * 1:39458 <-> ENABLED <-> FILE-FLASH Adobe Flash Player integer underflow attempt (file-flash.rules) * 1:39459 <-> DISABLED <-> SERVER-WEBAPP Oracle Web Cache HTTP header null byte injection attempt (server-webapp.rules) * 1:39460 <-> DISABLED <-> SERVER-WEBAPP Oracle E-Business Suite SQL injection attempt (server-webapp.rules) * 1:39461 <-> DISABLED <-> SERVER-WEBAPP Oracle E-Business Suite SQL injection attempt (server-webapp.rules) * 1:39462 <-> DISABLED <-> SERVER-WEBAPP Oracle E-Business Suite SQL injection attempt (server-webapp.rules) * 1:39463 <-> ENABLED <-> FILE-EXECUTABLE McAfee LiveSafe malformed executable denial of service attempt (file-executable.rules) * 1:39454 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader U3D e3_bone object out of bounds memory access attempt (file-pdf.rules) * 1:39477 <-> DISABLED <-> SERVER-WEBAPP Riverbed SteelCentral NetProfiler port_config SQL injection attempt (server-webapp.rules) * 1:39476 <-> DISABLED <-> SERVER-WEBAPP Riverbed SteelCentral NetProfiler export_report SQL injection attempt (server-webapp.rules) * 1:39475 <-> DISABLED <-> SERVER-WEBAPP Riverbed SteelCentral NetProfiler algorithm_settings SQL injection attempt (server-webapp.rules) * 1:39474 <-> DISABLED <-> SERVER-WEBAPP Riverbed SteelCentral NetProfiler REST API login SQL injection attempt (server-webapp.rules) * 1:39473 <-> DISABLED <-> SERVER-WEBAPP Shopware getTemplateName directory traversal attempt (server-webapp.rules) * 3:39467 <-> ENABLED <-> FILE-EXECUTABLE TRUFFLEHUNTER TALOS-CAN-0182 attack attempt (file-executable.rules) * 3:39466 <-> ENABLED <-> FILE-EXECUTABLE TRUFFLEHUNTER TALOS-CAN-0182 attack attempt (file-executable.rules)
* 1:38310 <-> ENABLED <-> FILE-FLASH Adobe Flash Player integer underflow attempt (file-flash.rules) * 1:39443 <-> DISABLED <-> PUA-ADWARE Win.Adware.InstallFaster variant outbound connection attempt (pua-adware.rules) * 1:39399 <-> DISABLED <-> SERVER-WEBAPP Symantec open redirect in external URL .php script attempt (server-webapp.rules) * 1:39380 <-> DISABLED <-> SERVER-OTHER Symantec MIME parser updateheader heap buffer overflow attempt (server-other.rules) * 3:39161 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-CAN-0174 attack attempt (file-pdf.rules) * 3:39162 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-CAN-0174 attack attempt (file-pdf.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:39477 <-> DISABLED <-> SERVER-WEBAPP Riverbed SteelCentral NetProfiler port_config SQL injection attempt (server-webapp.rules) * 1:39476 <-> DISABLED <-> SERVER-WEBAPP Riverbed SteelCentral NetProfiler export_report SQL injection attempt (server-webapp.rules) * 1:39475 <-> DISABLED <-> SERVER-WEBAPP Riverbed SteelCentral NetProfiler algorithm_settings SQL injection attempt (server-webapp.rules) * 1:39474 <-> DISABLED <-> SERVER-WEBAPP Riverbed SteelCentral NetProfiler REST API login SQL injection attempt (server-webapp.rules) * 1:39473 <-> DISABLED <-> SERVER-WEBAPP Shopware getTemplateName directory traversal attempt (server-webapp.rules) * 1:39472 <-> DISABLED <-> SERVER-OTHER Jenkins server auto-discovery attempt (server-other.rules) * 1:39471 <-> DISABLED <-> SERVER-WEBAPP ACTi ASOC command injection attempt (server-webapp.rules) * 1:39470 <-> DISABLED <-> SERVER-WEBAPP ACTi ASOC command injection attempt (server-webapp.rules) * 1:39469 <-> DISABLED <-> SERVER-WEBAPP ACTi ASOC command injection attempt (server-webapp.rules) * 1:39468 <-> DISABLED <-> SERVER-WEBAPP ACTi ASOC command injection attempt (server-webapp.rules) * 1:39465 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Unlock92 outbound connection attempt (malware-cnc.rules) * 1:39464 <-> ENABLED <-> FILE-EXECUTABLE McAfee LiveSafe malformed executable denial of service attempt (file-executable.rules) * 1:39463 <-> ENABLED <-> FILE-EXECUTABLE McAfee LiveSafe malformed executable denial of service attempt (file-executable.rules) * 1:39462 <-> DISABLED <-> SERVER-WEBAPP Oracle E-Business Suite SQL injection attempt (server-webapp.rules) * 1:39461 <-> DISABLED <-> SERVER-WEBAPP Oracle E-Business Suite SQL injection attempt (server-webapp.rules) * 1:39460 <-> DISABLED <-> SERVER-WEBAPP Oracle E-Business Suite SQL injection attempt (server-webapp.rules) * 1:39459 <-> DISABLED <-> SERVER-WEBAPP Oracle Web Cache HTTP header null byte injection attempt (server-webapp.rules) * 1:39458 <-> ENABLED <-> FILE-FLASH Adobe Flash Player integer underflow attempt (file-flash.rules) * 1:39457 <-> ENABLED <-> FILE-FLASH Adobe Flash Player integer underflow attempt (file-flash.rules) * 1:39456 <-> DISABLED <-> SERVER-WEBAPP NAS4Free txtPHPCommand remote code execution attempt (server-webapp.rules) * 1:39455 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader U3D e3_bone object out of bounds memory access attempt (file-pdf.rules) * 1:39454 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader U3D e3_bone object out of bounds memory access attempt (file-pdf.rules) * 1:39453 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector arbitrary command execution attempt (server-other.rules) * 3:39466 <-> ENABLED <-> FILE-EXECUTABLE TRUFFLEHUNTER TALOS-CAN-0182 attack attempt (file-executable.rules) * 3:39467 <-> ENABLED <-> FILE-EXECUTABLE TRUFFLEHUNTER TALOS-CAN-0182 attack attempt (file-executable.rules)
* 1:38310 <-> ENABLED <-> FILE-FLASH Adobe Flash Player integer underflow attempt (file-flash.rules) * 1:39399 <-> DISABLED <-> SERVER-WEBAPP Symantec open redirect in external URL .php script attempt (server-webapp.rules) * 1:39443 <-> DISABLED <-> PUA-ADWARE Win.Adware.InstallFaster variant outbound connection attempt (pua-adware.rules) * 1:39380 <-> DISABLED <-> SERVER-OTHER Symantec MIME parser updateheader heap buffer overflow attempt (server-other.rules) * 3:39161 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-CAN-0174 attack attempt (file-pdf.rules) * 3:39162 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-CAN-0174 attack attempt (file-pdf.rules)
©2024 Cisco and/or its affiliates. Snort, the Snort and Pig logo are registered trademarks of Cisco. All rights reserved.
