Talos has added and modified multiple rules in the blacklist, browser-firefox, browser-ie, browser-plugins, deleted, exploit-kit, file-flash, file-identify, file-office, file-other, indicator-compromise, malware-cnc, malware-other, policy-other, policy-social, protocol-dns, protocol-snmp and server-webapp rule sets to provide coverage for emerging threats from these technologies.
For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2976.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:40007 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Nemim outbound connection detected (malware-cnc.rules) * 1:39946 <-> DISABLED <-> PROTOCOL-DNS PowerDNS TKEY query denial of service attempt (protocol-dns.rules) * 1:39950 <-> DISABLED <-> PROTOCOL-DNS PowerDNS TCP TSIG query denial of service attempt (protocol-dns.rules) * 1:40019 <-> ENABLED <-> FILE-IDENTIFY Hierarchal Data Format file attachment detected (file-identify.rules) * 1:39957 <-> ENABLED <-> FILE-FLASH Adobe Flash Player FileReference type confusion attempt (file-flash.rules) * 1:39952 <-> DISABLED <-> PROTOCOL-DNS PowerDNS TSIG query denial of service attempt (protocol-dns.rules) * 1:39961 <-> DISABLED <-> BROWSER-PLUGINS AdvantechNVS VideoDAQ ActiveX clsid access attempt (browser-plugins.rules) * 1:40029 <-> DISABLED <-> POLICY-OTHER AutoItv3 Aut2Exe interpreter - compiled script (policy-other.rules) * 1:40027 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Shakti variant outbound connection (malware-cnc.rules) * 1:40028 <-> DISABLED <-> POLICY-OTHER AutoItv3 Aut2Exe interpreter - compiled script (policy-other.rules) * 1:40025 <-> ENABLED <-> BLACKLIST DNS request for known malware domain securedesignus.com - Win.Trojan.Shakti (blacklist.rules) * 1:40026 <-> ENABLED <-> BLACKLIST DNS request for known malware domain web4solution.net - Win.Trojan.Shakti (blacklist.rules) * 1:39966 <-> DISABLED <-> BROWSER-PLUGINS Moxa VPort SDK PLUS ActiveX clsid access attempt (browser-plugins.rules) * 1:39956 <-> ENABLED <-> FILE-FLASH Adobe Flash Player FileReference type confusion attempt (file-flash.rules) * 1:39967 <-> ENABLED <-> BLACKLIST DNS request for known malware domain bettitotuld.com - Donoff (blacklist.rules) * 1:39968 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Donoff outbound connection detected (malware-cnc.rules) * 1:39969 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Donoff outbound connection detected (malware-cnc.rules) * 1:39970 <-> DISABLED <-> BROWSER-PLUGINS UCanCode Visualization Enterprise Suite ActiveX clsid access attempt (browser-plugins.rules) * 1:39971 <-> DISABLED <-> BROWSER-PLUGINS UCanCode Visualization Enterprise Suite ActiveX clsid access attempt (browser-plugins.rules) * 1:39972 <-> DISABLED <-> BROWSER-PLUGINS UCanCode Visualization Enterprise Suite ActiveX clsid access attempt (browser-plugins.rules) * 1:39973 <-> DISABLED <-> BROWSER-PLUGINS UCanCode Visualization Enterprise Suite ActiveX clsid access attempt (browser-plugins.rules) * 1:39974 <-> ENABLED <-> MALWARE-OTHER Andr.Trojan.KungFu variant download (malware-other.rules) * 1:40018 <-> ENABLED <-> FILE-IDENTIFY Hierarchal Data Format file attachment detected (file-identify.rules) * 1:39975 <-> ENABLED <-> MALWARE-OTHER Andr.Trojan.KungFu variant download (malware-other.rules) * 1:39976 <-> DISABLED <-> SERVER-OTHER BGP bad marker strings (server-other.rules) * 1:39977 <-> DISABLED <-> SERVER-OTHER BGP invalid length (server-other.rules) * 1:40022 <-> DISABLED <-> BROWSER-PLUGINS AcroPDF.PDF ActiveX clsid access attempt (browser-plugins.rules) * 1:40024 <-> ENABLED <-> BLACKLIST DNS request for known malware domain securedesignuk.com - Win.Trojan.Shakti (blacklist.rules) * 1:39978 <-> DISABLED <-> SERVER-WEBAPP Netgear ReadyNAS Surveillance cgi_main command injection attempt (server-webapp.rules) * 1:39979 <-> DISABLED <-> SERVER-WEBAPP Netgear ReadyNAS Surveillance cgi_main command injection attempt (server-webapp.rules) * 1:39980 <-> DISABLED <-> SERVER-WEBAPP Netgear ReadyNAS Surveillance cgi_main command injection attempt (server-webapp.rules) * 1:39981 <-> DISABLED <-> SERVER-WEBAPP Netgear ReadyNAS Surveillance cgi_main stack buffer overflow attempt (server-webapp.rules) * 1:39982 <-> DISABLED <-> SERVER-WEBAPP Netgear ReadyNAS Surveillance cgi_main stack buffer overflow attempt (server-webapp.rules) * 1:39983 <-> DISABLED <-> INDICATOR-COMPROMISE Cisco IOS commandline overflow attempt (indicator-compromise.rules) * 1:39965 <-> DISABLED <-> BROWSER-PLUGINS Moxa VPort SDK PLUS ActiveX clsid access attempt (browser-plugins.rules) * 1:39984 <-> DISABLED <-> INDICATOR-COMPROMISE Cisco IOS commandline overflow attempt. (indicator-compromise.rules) * 1:39964 <-> DISABLED <-> BROWSER-PLUGINS Moxa VPort SDK PLUS ActiveX clsid access attempt (browser-plugins.rules) * 1:39963 <-> DISABLED <-> BROWSER-PLUGINS Moxa VPort SDK PLUS ActiveX clsid access attempt (browser-plugins.rules) * 1:39962 <-> DISABLED <-> BROWSER-PLUGINS AdvantechNVS VideoDAQ ActiveX clsid access attempt (browser-plugins.rules) * 1:39960 <-> DISABLED <-> BROWSER-PLUGINS AdvantechNVS VideoDAQ ActiveX clsid access attempt (browser-plugins.rules) * 1:39954 <-> DISABLED <-> FILE-FLASH Adobe Flash Player attachMovie use after free attempt (file-flash.rules) * 1:39958 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Folyris outbound connection detected (malware-cnc.rules) * 1:39953 <-> DISABLED <-> PROTOCOL-DNS PowerDNS TSIG query denial of service attempt (protocol-dns.rules) * 1:39959 <-> DISABLED <-> BROWSER-PLUGINS AdvantechNVS VideoDAQ ActiveX clsid access attempt (browser-plugins.rules) * 1:39985 <-> DISABLED <-> INDICATOR-COMPROMISE Cisco IOS commandline overflow attempt. (indicator-compromise.rules) * 1:39986 <-> DISABLED <-> INDICATOR-COMPROMISE Cisco IOS commandline overflow attempt (indicator-compromise.rules) * 1:39987 <-> DISABLED <-> INDICATOR-COMPROMISE Cisco IOS commandline overflow attempt. (indicator-compromise.rules) * 1:39988 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel 2007 invalid comments.xml uninitialized pointer access attempt (file-office.rules) * 1:39989 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel 2007 invalid comments.xml uninitialized pointer access attempt (file-office.rules) * 1:39990 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel 2007 invalid comments.xml uninitialized pointer access attempt (file-office.rules) * 1:40021 <-> ENABLED <-> FILE-IDENTIFY Hierarchal Data Format file magic detected (file-identify.rules) * 1:40020 <-> ENABLED <-> FILE-IDENTIFY Hierarchal Data Format file magic detected (file-identify.rules) * 1:40023 <-> DISABLED <-> BROWSER-PLUGINS AcroPDF.PDF ActiveX clsid access attempt (browser-plugins.rules) * 1:39991 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel 2007 invalid comments.xml uninitialized pointer access attempt (file-office.rules) * 1:39992 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel 2007 invalid comments.xml uninitialized pointer access attempt (file-office.rules) * 1:39993 <-> DISABLED <-> SERVER-OTHER Netcore router backdoor access attempt (server-other.rules) * 1:39995 <-> DISABLED <-> POLICY-SOCIAL IRC server connection (policy-social.rules) * 1:39996 <-> DISABLED <-> DELETED this is a place holder 1XX (deleted.rules) * 1:39997 <-> DISABLED <-> DELETED this is a place holder 2XXX (deleted.rules) * 1:39998 <-> DISABLED <-> DELETED this is a place holder 3XXX (deleted.rules) * 1:39999 <-> DISABLED <-> DELETED this is a place holder 4XXX (deleted.rules) * 1:40000 <-> DISABLED <-> DELETED this is a place holder 5XXX (deleted.rules) * 1:40001 <-> DISABLED <-> DELETED this is a place holder 6XXX (deleted.rules) * 1:40002 <-> DISABLED <-> DELETED this is a place holder 7XXX (deleted.rules) * 1:40003 <-> DISABLED <-> DELETED this is a place holder 8XXX (deleted.rules) * 1:40004 <-> DISABLED <-> DELETED this is a place holder 9XXX (deleted.rules) * 1:40005 <-> DISABLED <-> DELETED this is a place holder 10XXX (deleted.rules) * 1:39947 <-> DISABLED <-> PROTOCOL-DNS PowerDNS TKEY query denial of service attempt (protocol-dns.rules) * 1:39949 <-> DISABLED <-> PROTOCOL-DNS PowerDNS TCP TKEY query denial of service attempt (protocol-dns.rules) * 1:39948 <-> DISABLED <-> PROTOCOL-DNS PowerDNS TCP TKEY query denial of service attempt (protocol-dns.rules) * 1:40015 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox about field spoofing attempt (browser-firefox.rules) * 1:40017 <-> ENABLED <-> FILE-IDENTIFY Hierarchal Data Format file download request (file-identify.rules) * 1:39955 <-> DISABLED <-> FILE-FLASH Adobe Flash Player attachMovie use after free attempt (file-flash.rules) * 1:40008 <-> DISABLED <-> SERVER-OTHER Advantech WebAccess DCERPC buffer overflow attempt (server-other.rules) * 1:40011 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Locky variant outbound connection (malware-cnc.rules) * 1:40010 <-> ENABLED <-> FILE-FLASH Adobe Flash Player atomicCompareAndSwapLength integer overflow attempt (file-flash.rules) * 1:39951 <-> DISABLED <-> PROTOCOL-DNS PowerDNS TCP TSIG query denial of service attempt (protocol-dns.rules) * 1:40012 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string DetoxCrypto2 (blacklist.rules) * 1:40009 <-> ENABLED <-> FILE-FLASH Adobe Flash Player atomicCompareAndSwapLength integer overflow attempt (file-flash.rules) * 1:40016 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Madeba outbound connection detected (malware-cnc.rules) * 3:39994 <-> ENABLED <-> PROTOCOL-SNMP Cisco SG200 Series SNMP request via undocumented community string attempt (protocol-snmp.rules) * 3:40006 <-> ENABLED <-> SERVER-OTHER Cisco Small Business SPA3x/5x series denial of service attempt (server-other.rules) * 3:40013 <-> ENABLED <-> FILE-OTHER Cisco WebEx Meetings Player arbitrary code execution attempt (file-other.rules) * 3:40014 <-> ENABLED <-> FILE-OTHER Cisco WebEx Meetings Player arbitrary code execution attempt (file-other.rules)
* 1:9626 <-> DISABLED <-> BROWSER-PLUGINS AcroPDF.PDF ActiveX clsid access attempt (browser-plugins.rules) * 1:39806 <-> ENABLED <-> MALWARE-OTHER Win.Adware.Dlhelper outbound connection detected (malware-other.rules) * 1:39745 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.FakeRean outbound connection detection (malware-other.rules) * 1:38785 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel BOF memory disclosure attempt (file-office.rules) * 1:35073 <-> ENABLED <-> BROWSER-FIREFOX Mozilla Firefox DOMSVGLength insertItemBefore use after free attempt (browser-firefox.rules) * 1:35071 <-> ENABLED <-> BROWSER-FIREFOX Mozilla Firefox DOMSVGLength replaceItem use after free attempt (browser-firefox.rules) * 1:35070 <-> ENABLED <-> BROWSER-FIREFOX Mozilla Firefox DOMSVGLength insertItemBefore use after free attempt (browser-firefox.rules) * 1:29587 <-> DISABLED <-> SERVER-OTHER Symantec Veritas Enterprise Administrator service vxsvc type 6 buffer overflow attempt (server-other.rules) * 1:29589 <-> DISABLED <-> SERVER-OTHER Symantec Veritas Enterprise Administrator service vxsvc type 7 buffer overflow attempt (server-other.rules) * 1:18541 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel 2007 invalid comments.xml uninitialized pointer access attempt (file-office.rules) * 1:16468 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel 2007 invalid comments.xml uninitialized pointer access attempt (file-office.rules) * 1:39242 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer Typed Array use after free attempt (browser-ie.rules) * 1:38552 <-> DISABLED <-> EXPLOIT-KIT Angler landing page detected (exploit-kit.rules) * 1:35072 <-> ENABLED <-> BROWSER-FIREFOX Mozilla Firefox DOMSVGLength initialize use after free attempt (browser-firefox.rules) * 1:35074 <-> ENABLED <-> BROWSER-FIREFOX Mozilla Firefox DOMSVGLength replaceItem use after free attempt (browser-firefox.rules) * 1:38553 <-> DISABLED <-> EXPLOIT-KIT Angler landing page detected (exploit-kit.rules) * 1:38786 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel BOF memory disclosure attempt (file-office.rules) * 1:39243 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer Typed Array use after free attempt (browser-ie.rules) * 1:39803 <-> ENABLED <-> MALWARE-OTHER Win.Adware.Dlhelper outbound connection detected (malware-other.rules) * 1:39804 <-> ENABLED <-> MALWARE-OTHER Win.Adware.Dlhelper outbound connection detected (malware-other.rules) * 1:39805 <-> ENABLED <-> MALWARE-OTHER Win.Adware.Dlhelper outbound connection detected (malware-other.rules) * 1:39882 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Vibro outbound connection detected (malware-cnc.rules) * 1:35075 <-> ENABLED <-> BROWSER-FIREFOX Mozilla Firefox DOMSVGLength initialize use after free attempt (browser-firefox.rules) * 1:13913 <-> DISABLED <-> BROWSER-PLUGINS AcroPDF.PDF ActiveX clsid access attempt (browser-plugins.rules) * 1:16467 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel 2007 invalid comments.xml uninitialized pointer access attempt (file-office.rules) * 3:38293 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-CAN-0094 attack attempt (file-other.rules) * 3:38294 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-CAN-0094 attack attempt (file-other.rules) * 3:38295 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-CAN-0094 attack attempt (file-other.rules) * 3:38296 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-CAN-0094 attack attempt (file-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2982.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:40007 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Nemim outbound connection detected (malware-cnc.rules) * 1:39998 <-> DISABLED <-> DELETED this is a place holder 3XXX (deleted.rules) * 1:39996 <-> DISABLED <-> DELETED this is a place holder 1XX (deleted.rules) * 1:39997 <-> DISABLED <-> DELETED this is a place holder 2XXX (deleted.rules) * 1:39993 <-> DISABLED <-> SERVER-OTHER Netcore router backdoor access attempt (server-other.rules) * 1:39995 <-> DISABLED <-> POLICY-SOCIAL IRC server connection (policy-social.rules) * 1:39991 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel 2007 invalid comments.xml uninitialized pointer access attempt (file-office.rules) * 1:39992 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel 2007 invalid comments.xml uninitialized pointer access attempt (file-office.rules) * 1:39989 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel 2007 invalid comments.xml uninitialized pointer access attempt (file-office.rules) * 1:39990 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel 2007 invalid comments.xml uninitialized pointer access attempt (file-office.rules) * 1:39987 <-> DISABLED <-> INDICATOR-COMPROMISE Cisco IOS commandline overflow attempt. (indicator-compromise.rules) * 1:39988 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel 2007 invalid comments.xml uninitialized pointer access attempt (file-office.rules) * 1:39985 <-> DISABLED <-> INDICATOR-COMPROMISE Cisco IOS commandline overflow attempt. (indicator-compromise.rules) * 1:39986 <-> DISABLED <-> INDICATOR-COMPROMISE Cisco IOS commandline overflow attempt (indicator-compromise.rules) * 1:39983 <-> DISABLED <-> INDICATOR-COMPROMISE Cisco IOS commandline overflow attempt (indicator-compromise.rules) * 1:39984 <-> DISABLED <-> INDICATOR-COMPROMISE Cisco IOS commandline overflow attempt. (indicator-compromise.rules) * 1:39981 <-> DISABLED <-> SERVER-WEBAPP Netgear ReadyNAS Surveillance cgi_main stack buffer overflow attempt (server-webapp.rules) * 1:39982 <-> DISABLED <-> SERVER-WEBAPP Netgear ReadyNAS Surveillance cgi_main stack buffer overflow attempt (server-webapp.rules) * 1:39979 <-> DISABLED <-> SERVER-WEBAPP Netgear ReadyNAS Surveillance cgi_main command injection attempt (server-webapp.rules) * 1:39980 <-> DISABLED <-> SERVER-WEBAPP Netgear ReadyNAS Surveillance cgi_main command injection attempt (server-webapp.rules) * 1:39977 <-> DISABLED <-> SERVER-OTHER BGP invalid length (server-other.rules) * 1:39978 <-> DISABLED <-> SERVER-WEBAPP Netgear ReadyNAS Surveillance cgi_main command injection attempt (server-webapp.rules) * 1:39975 <-> ENABLED <-> MALWARE-OTHER Andr.Trojan.KungFu variant download (malware-other.rules) * 1:39976 <-> DISABLED <-> SERVER-OTHER BGP bad marker strings (server-other.rules) * 1:39973 <-> DISABLED <-> BROWSER-PLUGINS UCanCode Visualization Enterprise Suite ActiveX clsid access attempt (browser-plugins.rules) * 1:39974 <-> ENABLED <-> MALWARE-OTHER Andr.Trojan.KungFu variant download (malware-other.rules) * 1:39971 <-> DISABLED <-> BROWSER-PLUGINS UCanCode Visualization Enterprise Suite ActiveX clsid access attempt (browser-plugins.rules) * 1:39969 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Donoff outbound connection detected (malware-cnc.rules) * 1:39970 <-> DISABLED <-> BROWSER-PLUGINS UCanCode Visualization Enterprise Suite ActiveX clsid access attempt (browser-plugins.rules) * 1:39967 <-> ENABLED <-> BLACKLIST DNS request for known malware domain bettitotuld.com - Donoff (blacklist.rules) * 1:39968 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Donoff outbound connection detected (malware-cnc.rules) * 1:39966 <-> DISABLED <-> BROWSER-PLUGINS Moxa VPort SDK PLUS ActiveX clsid access attempt (browser-plugins.rules) * 1:39949 <-> DISABLED <-> PROTOCOL-DNS PowerDNS TCP TKEY query denial of service attempt (protocol-dns.rules) * 1:39952 <-> DISABLED <-> PROTOCOL-DNS PowerDNS TSIG query denial of service attempt (protocol-dns.rules) * 1:39954 <-> DISABLED <-> FILE-FLASH Adobe Flash Player attachMovie use after free attempt (file-flash.rules) * 1:39953 <-> DISABLED <-> PROTOCOL-DNS PowerDNS TSIG query denial of service attempt (protocol-dns.rules) * 1:39959 <-> DISABLED <-> BROWSER-PLUGINS AdvantechNVS VideoDAQ ActiveX clsid access attempt (browser-plugins.rules) * 1:39950 <-> DISABLED <-> PROTOCOL-DNS PowerDNS TCP TSIG query denial of service attempt (protocol-dns.rules) * 1:39951 <-> DISABLED <-> PROTOCOL-DNS PowerDNS TCP TSIG query denial of service attempt (protocol-dns.rules) * 1:39956 <-> ENABLED <-> FILE-FLASH Adobe Flash Player FileReference type confusion attempt (file-flash.rules) * 1:39958 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Folyris outbound connection detected (malware-cnc.rules) * 1:39960 <-> DISABLED <-> BROWSER-PLUGINS AdvantechNVS VideoDAQ ActiveX clsid access attempt (browser-plugins.rules) * 1:39961 <-> DISABLED <-> BROWSER-PLUGINS AdvantechNVS VideoDAQ ActiveX clsid access attempt (browser-plugins.rules) * 1:39955 <-> DISABLED <-> FILE-FLASH Adobe Flash Player attachMovie use after free attempt (file-flash.rules) * 1:39962 <-> DISABLED <-> BROWSER-PLUGINS AdvantechNVS VideoDAQ ActiveX clsid access attempt (browser-plugins.rules) * 1:39963 <-> DISABLED <-> BROWSER-PLUGINS Moxa VPort SDK PLUS ActiveX clsid access attempt (browser-plugins.rules) * 1:39964 <-> DISABLED <-> BROWSER-PLUGINS Moxa VPort SDK PLUS ActiveX clsid access attempt (browser-plugins.rules) * 1:39946 <-> DISABLED <-> PROTOCOL-DNS PowerDNS TKEY query denial of service attempt (protocol-dns.rules) * 1:39965 <-> DISABLED <-> BROWSER-PLUGINS Moxa VPort SDK PLUS ActiveX clsid access attempt (browser-plugins.rules) * 1:39947 <-> DISABLED <-> PROTOCOL-DNS PowerDNS TKEY query denial of service attempt (protocol-dns.rules) * 1:39948 <-> DISABLED <-> PROTOCOL-DNS PowerDNS TCP TKEY query denial of service attempt (protocol-dns.rules) * 1:39972 <-> DISABLED <-> BROWSER-PLUGINS UCanCode Visualization Enterprise Suite ActiveX clsid access attempt (browser-plugins.rules) * 1:39999 <-> DISABLED <-> DELETED this is a place holder 4XXX (deleted.rules) * 1:40000 <-> DISABLED <-> DELETED this is a place holder 5XXX (deleted.rules) * 1:40001 <-> DISABLED <-> DELETED this is a place holder 6XXX (deleted.rules) * 1:40002 <-> DISABLED <-> DELETED this is a place holder 7XXX (deleted.rules) * 1:40003 <-> DISABLED <-> DELETED this is a place holder 8XXX (deleted.rules) * 1:40004 <-> DISABLED <-> DELETED this is a place holder 9XXX (deleted.rules) * 1:40005 <-> DISABLED <-> DELETED this is a place holder 10XXX (deleted.rules) * 1:40029 <-> DISABLED <-> POLICY-OTHER AutoItv3 Aut2Exe interpreter - compiled script (policy-other.rules) * 1:39957 <-> ENABLED <-> FILE-FLASH Adobe Flash Player FileReference type confusion attempt (file-flash.rules) * 1:40028 <-> DISABLED <-> POLICY-OTHER AutoItv3 Aut2Exe interpreter - compiled script (policy-other.rules) * 1:40027 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Shakti variant outbound connection (malware-cnc.rules) * 1:40026 <-> ENABLED <-> BLACKLIST DNS request for known malware domain web4solution.net - Win.Trojan.Shakti (blacklist.rules) * 1:40025 <-> ENABLED <-> BLACKLIST DNS request for known malware domain securedesignus.com - Win.Trojan.Shakti (blacklist.rules) * 1:40024 <-> ENABLED <-> BLACKLIST DNS request for known malware domain securedesignuk.com - Win.Trojan.Shakti (blacklist.rules) * 1:40023 <-> DISABLED <-> BROWSER-PLUGINS AcroPDF.PDF ActiveX clsid access attempt (browser-plugins.rules) * 1:40022 <-> DISABLED <-> BROWSER-PLUGINS AcroPDF.PDF ActiveX clsid access attempt (browser-plugins.rules) * 1:40021 <-> ENABLED <-> FILE-IDENTIFY Hierarchal Data Format file magic detected (file-identify.rules) * 1:40020 <-> ENABLED <-> FILE-IDENTIFY Hierarchal Data Format file magic detected (file-identify.rules) * 1:40019 <-> ENABLED <-> FILE-IDENTIFY Hierarchal Data Format file attachment detected (file-identify.rules) * 1:40018 <-> ENABLED <-> FILE-IDENTIFY Hierarchal Data Format file attachment detected (file-identify.rules) * 1:40017 <-> ENABLED <-> FILE-IDENTIFY Hierarchal Data Format file download request (file-identify.rules) * 1:40016 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Madeba outbound connection detected (malware-cnc.rules) * 1:40015 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox about field spoofing attempt (browser-firefox.rules) * 1:40010 <-> ENABLED <-> FILE-FLASH Adobe Flash Player atomicCompareAndSwapLength integer overflow attempt (file-flash.rules) * 1:40012 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string DetoxCrypto2 (blacklist.rules) * 1:40011 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Locky variant outbound connection (malware-cnc.rules) * 1:40009 <-> ENABLED <-> FILE-FLASH Adobe Flash Player atomicCompareAndSwapLength integer overflow attempt (file-flash.rules) * 1:40008 <-> DISABLED <-> SERVER-OTHER Advantech WebAccess DCERPC buffer overflow attempt (server-other.rules) * 3:39994 <-> ENABLED <-> PROTOCOL-SNMP Cisco SG200 Series SNMP request via undocumented community string attempt (protocol-snmp.rules) * 3:40006 <-> ENABLED <-> SERVER-OTHER Cisco Small Business SPA3x/5x series denial of service attempt (server-other.rules) * 3:40013 <-> ENABLED <-> FILE-OTHER Cisco WebEx Meetings Player arbitrary code execution attempt (file-other.rules) * 3:40014 <-> ENABLED <-> FILE-OTHER Cisco WebEx Meetings Player arbitrary code execution attempt (file-other.rules)
* 1:35070 <-> ENABLED <-> BROWSER-FIREFOX Mozilla Firefox DOMSVGLength insertItemBefore use after free attempt (browser-firefox.rules) * 1:29589 <-> DISABLED <-> SERVER-OTHER Symantec Veritas Enterprise Administrator service vxsvc type 7 buffer overflow attempt (server-other.rules) * 1:18541 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel 2007 invalid comments.xml uninitialized pointer access attempt (file-office.rules) * 1:29587 <-> DISABLED <-> SERVER-OTHER Symantec Veritas Enterprise Administrator service vxsvc type 6 buffer overflow attempt (server-other.rules) * 1:16468 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel 2007 invalid comments.xml uninitialized pointer access attempt (file-office.rules) * 1:39882 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Vibro outbound connection detected (malware-cnc.rules) * 1:39805 <-> ENABLED <-> MALWARE-OTHER Win.Adware.Dlhelper outbound connection detected (malware-other.rules) * 1:39806 <-> ENABLED <-> MALWARE-OTHER Win.Adware.Dlhelper outbound connection detected (malware-other.rules) * 1:39803 <-> ENABLED <-> MALWARE-OTHER Win.Adware.Dlhelper outbound connection detected (malware-other.rules) * 1:39804 <-> ENABLED <-> MALWARE-OTHER Win.Adware.Dlhelper outbound connection detected (malware-other.rules) * 1:39745 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.FakeRean outbound connection detection (malware-other.rules) * 1:39242 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer Typed Array use after free attempt (browser-ie.rules) * 1:39243 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer Typed Array use after free attempt (browser-ie.rules) * 1:38785 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel BOF memory disclosure attempt (file-office.rules) * 1:38786 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel BOF memory disclosure attempt (file-office.rules) * 1:38552 <-> DISABLED <-> EXPLOIT-KIT Angler landing page detected (exploit-kit.rules) * 1:38553 <-> DISABLED <-> EXPLOIT-KIT Angler landing page detected (exploit-kit.rules) * 1:35074 <-> ENABLED <-> BROWSER-FIREFOX Mozilla Firefox DOMSVGLength replaceItem use after free attempt (browser-firefox.rules) * 1:35075 <-> ENABLED <-> BROWSER-FIREFOX Mozilla Firefox DOMSVGLength initialize use after free attempt (browser-firefox.rules) * 1:35072 <-> ENABLED <-> BROWSER-FIREFOX Mozilla Firefox DOMSVGLength initialize use after free attempt (browser-firefox.rules) * 1:35073 <-> ENABLED <-> BROWSER-FIREFOX Mozilla Firefox DOMSVGLength insertItemBefore use after free attempt (browser-firefox.rules) * 1:35071 <-> ENABLED <-> BROWSER-FIREFOX Mozilla Firefox DOMSVGLength replaceItem use after free attempt (browser-firefox.rules) * 1:9626 <-> DISABLED <-> BROWSER-PLUGINS AcroPDF.PDF ActiveX clsid access attempt (browser-plugins.rules) * 1:16467 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel 2007 invalid comments.xml uninitialized pointer access attempt (file-office.rules) * 1:13913 <-> DISABLED <-> BROWSER-PLUGINS AcroPDF.PDF ActiveX clsid access attempt (browser-plugins.rules) * 3:38293 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-CAN-0094 attack attempt (file-other.rules) * 3:38294 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-CAN-0094 attack attempt (file-other.rules) * 3:38295 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-CAN-0094 attack attempt (file-other.rules) * 3:38296 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-CAN-0094 attack attempt (file-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:40029 <-> DISABLED <-> POLICY-OTHER AutoItv3 Aut2Exe interpreter - compiled script (policy-other.rules) * 1:40028 <-> DISABLED <-> POLICY-OTHER AutoItv3 Aut2Exe interpreter - compiled script (policy-other.rules) * 1:40027 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Shakti variant outbound connection (malware-cnc.rules) * 1:40026 <-> ENABLED <-> BLACKLIST DNS request for known malware domain web4solution.net - Win.Trojan.Shakti (blacklist.rules) * 1:40025 <-> ENABLED <-> BLACKLIST DNS request for known malware domain securedesignus.com - Win.Trojan.Shakti (blacklist.rules) * 1:40024 <-> ENABLED <-> BLACKLIST DNS request for known malware domain securedesignuk.com - Win.Trojan.Shakti (blacklist.rules) * 1:40023 <-> DISABLED <-> BROWSER-PLUGINS AcroPDF.PDF ActiveX clsid access attempt (browser-plugins.rules) * 1:40022 <-> DISABLED <-> BROWSER-PLUGINS AcroPDF.PDF ActiveX clsid access attempt (browser-plugins.rules) * 1:40021 <-> ENABLED <-> FILE-IDENTIFY Hierarchal Data Format file magic detected (file-identify.rules) * 1:40020 <-> ENABLED <-> FILE-IDENTIFY Hierarchal Data Format file magic detected (file-identify.rules) * 1:40019 <-> ENABLED <-> FILE-IDENTIFY Hierarchal Data Format file attachment detected (file-identify.rules) * 1:40018 <-> ENABLED <-> FILE-IDENTIFY Hierarchal Data Format file attachment detected (file-identify.rules) * 1:40017 <-> ENABLED <-> FILE-IDENTIFY Hierarchal Data Format file download request (file-identify.rules) * 1:40016 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Madeba outbound connection detected (malware-cnc.rules) * 1:40015 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox about field spoofing attempt (browser-firefox.rules) * 1:40012 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string DetoxCrypto2 (blacklist.rules) * 1:40011 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Locky variant outbound connection (malware-cnc.rules) * 1:40010 <-> ENABLED <-> FILE-FLASH Adobe Flash Player atomicCompareAndSwapLength integer overflow attempt (file-flash.rules) * 1:40009 <-> ENABLED <-> FILE-FLASH Adobe Flash Player atomicCompareAndSwapLength integer overflow attempt (file-flash.rules) * 1:40008 <-> DISABLED <-> SERVER-OTHER Advantech WebAccess DCERPC buffer overflow attempt (server-other.rules) * 1:40007 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Nemim outbound connection detected (malware-cnc.rules) * 1:40005 <-> DISABLED <-> DELETED this is a place holder 10XXX (deleted.rules) * 1:40004 <-> DISABLED <-> DELETED this is a place holder 9XXX (deleted.rules) * 1:40003 <-> DISABLED <-> DELETED this is a place holder 8XXX (deleted.rules) * 1:40002 <-> DISABLED <-> DELETED this is a place holder 7XXX (deleted.rules) * 1:40001 <-> DISABLED <-> DELETED this is a place holder 6XXX (deleted.rules) * 1:40000 <-> DISABLED <-> DELETED this is a place holder 5XXX (deleted.rules) * 1:39999 <-> DISABLED <-> DELETED this is a place holder 4XXX (deleted.rules) * 1:39998 <-> DISABLED <-> DELETED this is a place holder 3XXX (deleted.rules) * 1:39997 <-> DISABLED <-> DELETED this is a place holder 2XXX (deleted.rules) * 1:39996 <-> DISABLED <-> DELETED this is a place holder 1XX (deleted.rules) * 1:39995 <-> DISABLED <-> POLICY-SOCIAL IRC server connection (policy-social.rules) * 1:39993 <-> DISABLED <-> SERVER-OTHER Netcore router backdoor access attempt (server-other.rules) * 1:39992 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel 2007 invalid comments.xml uninitialized pointer access attempt (file-office.rules) * 1:39991 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel 2007 invalid comments.xml uninitialized pointer access attempt (file-office.rules) * 1:39990 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel 2007 invalid comments.xml uninitialized pointer access attempt (file-office.rules) * 1:39989 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel 2007 invalid comments.xml uninitialized pointer access attempt (file-office.rules) * 1:39988 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel 2007 invalid comments.xml uninitialized pointer access attempt (file-office.rules) * 1:39987 <-> DISABLED <-> INDICATOR-COMPROMISE Cisco IOS commandline overflow attempt. (indicator-compromise.rules) * 1:39986 <-> DISABLED <-> INDICATOR-COMPROMISE Cisco IOS commandline overflow attempt (indicator-compromise.rules) * 1:39985 <-> DISABLED <-> INDICATOR-COMPROMISE Cisco IOS commandline overflow attempt. (indicator-compromise.rules) * 1:39984 <-> DISABLED <-> INDICATOR-COMPROMISE Cisco IOS commandline overflow attempt. (indicator-compromise.rules) * 1:39983 <-> DISABLED <-> INDICATOR-COMPROMISE Cisco IOS commandline overflow attempt (indicator-compromise.rules) * 1:39982 <-> DISABLED <-> SERVER-WEBAPP Netgear ReadyNAS Surveillance cgi_main stack buffer overflow attempt (server-webapp.rules) * 1:39981 <-> DISABLED <-> SERVER-WEBAPP Netgear ReadyNAS Surveillance cgi_main stack buffer overflow attempt (server-webapp.rules) * 1:39980 <-> DISABLED <-> SERVER-WEBAPP Netgear ReadyNAS Surveillance cgi_main command injection attempt (server-webapp.rules) * 1:39979 <-> DISABLED <-> SERVER-WEBAPP Netgear ReadyNAS Surveillance cgi_main command injection attempt (server-webapp.rules) * 1:39978 <-> DISABLED <-> SERVER-WEBAPP Netgear ReadyNAS Surveillance cgi_main command injection attempt (server-webapp.rules) * 1:39977 <-> DISABLED <-> SERVER-OTHER BGP invalid length (server-other.rules) * 1:39976 <-> DISABLED <-> SERVER-OTHER BGP bad marker strings (server-other.rules) * 1:39975 <-> ENABLED <-> MALWARE-OTHER Andr.Trojan.KungFu variant download (malware-other.rules) * 1:39974 <-> ENABLED <-> MALWARE-OTHER Andr.Trojan.KungFu variant download (malware-other.rules) * 1:39973 <-> DISABLED <-> BROWSER-PLUGINS UCanCode Visualization Enterprise Suite ActiveX clsid access attempt (browser-plugins.rules) * 1:39972 <-> DISABLED <-> BROWSER-PLUGINS UCanCode Visualization Enterprise Suite ActiveX clsid access attempt (browser-plugins.rules) * 1:39971 <-> DISABLED <-> BROWSER-PLUGINS UCanCode Visualization Enterprise Suite ActiveX clsid access attempt (browser-plugins.rules) * 1:39970 <-> DISABLED <-> BROWSER-PLUGINS UCanCode Visualization Enterprise Suite ActiveX clsid access attempt (browser-plugins.rules) * 1:39969 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Donoff outbound connection detected (malware-cnc.rules) * 1:39968 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Donoff outbound connection detected (malware-cnc.rules) * 1:39967 <-> ENABLED <-> BLACKLIST DNS request for known malware domain bettitotuld.com - Donoff (blacklist.rules) * 1:39966 <-> DISABLED <-> BROWSER-PLUGINS Moxa VPort SDK PLUS ActiveX clsid access attempt (browser-plugins.rules) * 1:39965 <-> DISABLED <-> BROWSER-PLUGINS Moxa VPort SDK PLUS ActiveX clsid access attempt (browser-plugins.rules) * 1:39964 <-> DISABLED <-> BROWSER-PLUGINS Moxa VPort SDK PLUS ActiveX clsid access attempt (browser-plugins.rules) * 1:39963 <-> DISABLED <-> BROWSER-PLUGINS Moxa VPort SDK PLUS ActiveX clsid access attempt (browser-plugins.rules) * 1:39962 <-> DISABLED <-> BROWSER-PLUGINS AdvantechNVS VideoDAQ ActiveX clsid access attempt (browser-plugins.rules) * 1:39961 <-> DISABLED <-> BROWSER-PLUGINS AdvantechNVS VideoDAQ ActiveX clsid access attempt (browser-plugins.rules) * 1:39960 <-> DISABLED <-> BROWSER-PLUGINS AdvantechNVS VideoDAQ ActiveX clsid access attempt (browser-plugins.rules) * 1:39959 <-> DISABLED <-> BROWSER-PLUGINS AdvantechNVS VideoDAQ ActiveX clsid access attempt (browser-plugins.rules) * 1:39958 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Folyris outbound connection detected (malware-cnc.rules) * 1:39957 <-> ENABLED <-> FILE-FLASH Adobe Flash Player FileReference type confusion attempt (file-flash.rules) * 1:39956 <-> ENABLED <-> FILE-FLASH Adobe Flash Player FileReference type confusion attempt (file-flash.rules) * 1:39955 <-> DISABLED <-> FILE-FLASH Adobe Flash Player attachMovie use after free attempt (file-flash.rules) * 1:39954 <-> DISABLED <-> FILE-FLASH Adobe Flash Player attachMovie use after free attempt (file-flash.rules) * 1:39953 <-> DISABLED <-> PROTOCOL-DNS PowerDNS TSIG query denial of service attempt (protocol-dns.rules) * 1:39952 <-> DISABLED <-> PROTOCOL-DNS PowerDNS TSIG query denial of service attempt (protocol-dns.rules) * 1:39951 <-> DISABLED <-> PROTOCOL-DNS PowerDNS TCP TSIG query denial of service attempt (protocol-dns.rules) * 1:39950 <-> DISABLED <-> PROTOCOL-DNS PowerDNS TCP TSIG query denial of service attempt (protocol-dns.rules) * 1:39949 <-> DISABLED <-> PROTOCOL-DNS PowerDNS TCP TKEY query denial of service attempt (protocol-dns.rules) * 1:39948 <-> DISABLED <-> PROTOCOL-DNS PowerDNS TCP TKEY query denial of service attempt (protocol-dns.rules) * 1:39947 <-> DISABLED <-> PROTOCOL-DNS PowerDNS TKEY query denial of service attempt (protocol-dns.rules) * 1:39946 <-> DISABLED <-> PROTOCOL-DNS PowerDNS TKEY query denial of service attempt (protocol-dns.rules) * 3:39994 <-> ENABLED <-> PROTOCOL-SNMP Cisco SG200 Series SNMP request via undocumented community string attempt (protocol-snmp.rules) * 3:40006 <-> ENABLED <-> SERVER-OTHER Cisco Small Business SPA3x/5x series denial of service attempt (server-other.rules) * 3:40013 <-> ENABLED <-> FILE-OTHER Cisco WebEx Meetings Player arbitrary code execution attempt (file-other.rules) * 3:40014 <-> ENABLED <-> FILE-OTHER Cisco WebEx Meetings Player arbitrary code execution attempt (file-other.rules)
* 1:29587 <-> DISABLED <-> SERVER-OTHER Symantec Veritas Enterprise Administrator service vxsvc type 6 buffer overflow attempt (server-other.rules) * 1:29589 <-> DISABLED <-> SERVER-OTHER Symantec Veritas Enterprise Administrator service vxsvc type 7 buffer overflow attempt (server-other.rules) * 1:16468 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel 2007 invalid comments.xml uninitialized pointer access attempt (file-office.rules) * 1:18541 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel 2007 invalid comments.xml uninitialized pointer access attempt (file-office.rules) * 1:35070 <-> ENABLED <-> BROWSER-FIREFOX Mozilla Firefox DOMSVGLength insertItemBefore use after free attempt (browser-firefox.rules) * 1:35071 <-> ENABLED <-> BROWSER-FIREFOX Mozilla Firefox DOMSVGLength replaceItem use after free attempt (browser-firefox.rules) * 1:35072 <-> ENABLED <-> BROWSER-FIREFOX Mozilla Firefox DOMSVGLength initialize use after free attempt (browser-firefox.rules) * 1:35073 <-> ENABLED <-> BROWSER-FIREFOX Mozilla Firefox DOMSVGLength insertItemBefore use after free attempt (browser-firefox.rules) * 1:35074 <-> ENABLED <-> BROWSER-FIREFOX Mozilla Firefox DOMSVGLength replaceItem use after free attempt (browser-firefox.rules) * 1:35075 <-> ENABLED <-> BROWSER-FIREFOX Mozilla Firefox DOMSVGLength initialize use after free attempt (browser-firefox.rules) * 1:38552 <-> DISABLED <-> EXPLOIT-KIT Angler landing page detected (exploit-kit.rules) * 1:38553 <-> DISABLED <-> EXPLOIT-KIT Angler landing page detected (exploit-kit.rules) * 1:38785 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel BOF memory disclosure attempt (file-office.rules) * 1:38786 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel BOF memory disclosure attempt (file-office.rules) * 1:39242 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer Typed Array use after free attempt (browser-ie.rules) * 1:39243 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer Typed Array use after free attempt (browser-ie.rules) * 1:39745 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.FakeRean outbound connection detection (malware-other.rules) * 1:39803 <-> ENABLED <-> MALWARE-OTHER Win.Adware.Dlhelper outbound connection detected (malware-other.rules) * 1:39804 <-> ENABLED <-> MALWARE-OTHER Win.Adware.Dlhelper outbound connection detected (malware-other.rules) * 1:39805 <-> ENABLED <-> MALWARE-OTHER Win.Adware.Dlhelper outbound connection detected (malware-other.rules) * 1:39806 <-> ENABLED <-> MALWARE-OTHER Win.Adware.Dlhelper outbound connection detected (malware-other.rules) * 1:39882 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Vibro outbound connection detected (malware-cnc.rules) * 1:9626 <-> DISABLED <-> BROWSER-PLUGINS AcroPDF.PDF ActiveX clsid access attempt (browser-plugins.rules) * 1:16467 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel 2007 invalid comments.xml uninitialized pointer access attempt (file-office.rules) * 1:13913 <-> DISABLED <-> BROWSER-PLUGINS AcroPDF.PDF ActiveX clsid access attempt (browser-plugins.rules) * 3:38293 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-CAN-0094 attack attempt (file-other.rules) * 3:38294 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-CAN-0094 attack attempt (file-other.rules) * 3:38295 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-CAN-0094 attack attempt (file-other.rules) * 3:38296 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-CAN-0094 attack attempt (file-other.rules)
©2024 Cisco and/or its affiliates. Snort, the Snort and Pig logo are registered trademarks of Cisco. All rights reserved.
