Talos has added and modified multiple rules in the browser-ie, malware-cnc, os-other, policy-other, protocol-scada and server-webapp rule sets to provide coverage for emerging threats from these technologies.
For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:45449 <-> DISABLED <-> SERVER-WEBAPP Linksys WVBR0-25 Wireless Video Bridge command injection attempt (server-webapp.rules) * 1:45447 <-> DISABLED <-> SERVER-WEBAPP Linksys WVBR0-25 Wireless Video Bridge command injection attempt (server-webapp.rules) * 1:45448 <-> DISABLED <-> SERVER-WEBAPP Linksys WVBR0-25 Wireless Video Bridge command injection attempt (server-webapp.rules) * 1:45426 <-> DISABLED <-> PROTOCOL-SCADA MMS UnconfirmedPDU (protocol-scada.rules) * 1:45429 <-> DISABLED <-> PROTOCOL-SCADA MMS Cancel-ResponsePDU (protocol-scada.rules) * 1:45445 <-> ENABLED <-> BROWSER-IE Microsoft Edge scripting engine ArrayBuffer memory corruption attempt (browser-ie.rules) * 1:45428 <-> DISABLED <-> PROTOCOL-SCADA MMS Cancel-RequestPDU (protocol-scada.rules) * 1:45446 <-> ENABLED <-> BROWSER-IE Microsoft Edge scripting engine ArrayBuffer memory corruption attempt (browser-ie.rules) * 1:45439 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ramnit outbound connection attempt (malware-cnc.rules) * 1:45442 <-> DISABLED <-> SERVER-OTHER Hewlett Packard Enterprise Intelligent Management Center FileDownloadServlet information disclosure attempt (server-other.rules) * 1:45438 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ramnit outbound connection attempt (malware-cnc.rules) * 1:45437 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ramnit outbound connection attempt (malware-cnc.rules) * 1:45435 <-> DISABLED <-> PROTOCOL-SCADA MMS Conclude-ResponsePDU (protocol-scada.rules) * 1:45436 <-> DISABLED <-> PROTOCOL-SCADA MMS Conclude-ErrorPDU (protocol-scada.rules) * 1:45434 <-> DISABLED <-> PROTOCOL-SCADA MMS Conclude-RequestPDU (protocol-scada.rules) * 1:45431 <-> DISABLED <-> PROTOCOL-SCADA MMS Initiate-RequestPDU (protocol-scada.rules) * 1:45450 <-> DISABLED <-> SERVER-WEBAPP Linksys WVBR0-25 Wireless Video Bridge command injection attempt (server-webapp.rules) * 1:45453 <-> DISABLED <-> SERVER-WEBAPP Linksys WVBR0-25 Wireless Video Bridge command injection attempt (server-webapp.rules) * 1:45418 <-> DISABLED <-> OS-OTHER Apple macOS IOHIDeous exploit download attempt (os-other.rules) * 1:45430 <-> DISABLED <-> PROTOCOL-SCADA MMS Cancel-ErrorPDU (protocol-scada.rules) * 1:45420 <-> DISABLED <-> SERVER-WEBAPP Drupal HTTP Strict Transport Security module security bypass attempt (server-webapp.rules) * 1:45419 <-> DISABLED <-> OS-OTHER Apple macOS IOHIDeous exploit download attempt (os-other.rules) * 1:45424 <-> DISABLED <-> PROTOCOL-SCADA MMS Confirmed-ResponsePDU (protocol-scada.rules) * 1:45421 <-> DISABLED <-> SERVER-WEBAPP PhpCollab editclient.php arbitrary PHP file upload attempt (server-webapp.rules) * 1:45423 <-> DISABLED <-> PROTOCOL-SCADA MMS Confirmed-RequestPDU (protocol-scada.rules) * 1:45440 <-> DISABLED <-> SERVER-OTHER HP LoadRunner remote command execution attempt (server-other.rules) * 1:45433 <-> DISABLED <-> PROTOCOL-SCADA MMS Initiate-ErrorPDU (protocol-scada.rules) * 1:45451 <-> DISABLED <-> SERVER-WEBAPP Linksys WVBR0-25 Wireless Video Bridge command injection attempt (server-webapp.rules) * 1:45427 <-> DISABLED <-> PROTOCOL-SCADA MMS RejectPDU (protocol-scada.rules) * 1:45454 <-> DISABLED <-> SERVER-WEBAPP PostfixAdmin protected alias deletion attempt (server-webapp.rules) * 1:45452 <-> DISABLED <-> SERVER-WEBAPP Linksys WVBR0-25 Wireless Video Bridge command injection attempt (server-webapp.rules) * 1:45425 <-> DISABLED <-> PROTOCOL-SCADA MMS Confirmed-ErrorPDU (protocol-scada.rules) * 1:45432 <-> DISABLED <-> PROTOCOL-SCADA MMS Initiate-ResponsePDU (protocol-scada.rules) * 3:45441 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2018-0511 attack attempt (server-webapp.rules) * 3:45422 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2018-0512 attack attempt (policy-other.rules)
* 1:45325 <-> DISABLED <-> SERVER-WEBAPP Dahua DVR DDNS configuration download attempt (server-webapp.rules) * 1:45321 <-> DISABLED <-> SERVER-WEBAPP Dahua DVR firmware version query attempt (server-webapp.rules) * 1:45329 <-> DISABLED <-> SERVER-WEBAPP Dahua DVR clear logs request attempt (server-webapp.rules) * 1:17058 <-> DISABLED <-> MALWARE-CNC Trojan-Downloader.JS.Agent.ewh Javascript download (malware-cnc.rules) * 1:42110 <-> DISABLED <-> SERVER-WEBAPP Microsoft IIS ScStoragePathFromUrl function buffer overflow attempt (server-webapp.rules) * 1:45320 <-> DISABLED <-> SERVER-WEBAPP Dahua DVR serial number query attempt (server-webapp.rules) * 1:45328 <-> DISABLED <-> SERVER-WEBAPP Dahua DVR admin password reset attempt (server-webapp.rules) * 1:45326 <-> DISABLED <-> SERVER-WEBAPP Dahua DVR user group information query attempt (server-webapp.rules) * 1:45327 <-> DISABLED <-> SERVER-WEBAPP Dahua DVR NAS configuration download attempt (server-webapp.rules) * 1:45324 <-> DISABLED <-> SERVER-WEBAPP Dahua DVR user password hash query attempt (server-webapp.rules) * 1:45322 <-> DISABLED <-> SERVER-WEBAPP Dahua DVR channel information query attempt (server-webapp.rules) * 1:45323 <-> DISABLED <-> SERVER-WEBAPP Dahua DVR email configuration download attempt (server-webapp.rules) * 1:45412 <-> DISABLED <-> SERVER-WEBAPP Asus RT-AC88U deleteOfflineClients memory corruption attempt (server-webapp.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2990.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:45450 <-> DISABLED <-> SERVER-WEBAPP Linksys WVBR0-25 Wireless Video Bridge command injection attempt (server-webapp.rules) * 1:45436 <-> DISABLED <-> PROTOCOL-SCADA MMS Conclude-ErrorPDU (protocol-scada.rules) * 1:45420 <-> DISABLED <-> SERVER-WEBAPP Drupal HTTP Strict Transport Security module security bypass attempt (server-webapp.rules) * 1:45453 <-> DISABLED <-> SERVER-WEBAPP Linksys WVBR0-25 Wireless Video Bridge command injection attempt (server-webapp.rules) * 1:45452 <-> DISABLED <-> SERVER-WEBAPP Linksys WVBR0-25 Wireless Video Bridge command injection attempt (server-webapp.rules) * 1:45432 <-> DISABLED <-> PROTOCOL-SCADA MMS Initiate-ResponsePDU (protocol-scada.rules) * 1:45431 <-> DISABLED <-> PROTOCOL-SCADA MMS Initiate-RequestPDU (protocol-scada.rules) * 1:45430 <-> DISABLED <-> PROTOCOL-SCADA MMS Cancel-ErrorPDU (protocol-scada.rules) * 1:45428 <-> DISABLED <-> PROTOCOL-SCADA MMS Cancel-RequestPDU (protocol-scada.rules) * 1:45424 <-> DISABLED <-> PROTOCOL-SCADA MMS Confirmed-ResponsePDU (protocol-scada.rules) * 1:45423 <-> DISABLED <-> PROTOCOL-SCADA MMS Confirmed-RequestPDU (protocol-scada.rules) * 1:45418 <-> DISABLED <-> OS-OTHER Apple macOS IOHIDeous exploit download attempt (os-other.rules) * 1:45419 <-> DISABLED <-> OS-OTHER Apple macOS IOHIDeous exploit download attempt (os-other.rules) * 1:45425 <-> DISABLED <-> PROTOCOL-SCADA MMS Confirmed-ErrorPDU (protocol-scada.rules) * 1:45433 <-> DISABLED <-> PROTOCOL-SCADA MMS Initiate-ErrorPDU (protocol-scada.rules) * 1:45434 <-> DISABLED <-> PROTOCOL-SCADA MMS Conclude-RequestPDU (protocol-scada.rules) * 1:45435 <-> DISABLED <-> PROTOCOL-SCADA MMS Conclude-ResponsePDU (protocol-scada.rules) * 1:45437 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ramnit outbound connection attempt (malware-cnc.rules) * 1:45438 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ramnit outbound connection attempt (malware-cnc.rules) * 1:45439 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ramnit outbound connection attempt (malware-cnc.rules) * 1:45440 <-> DISABLED <-> SERVER-OTHER HP LoadRunner remote command execution attempt (server-other.rules) * 1:45442 <-> DISABLED <-> SERVER-OTHER Hewlett Packard Enterprise Intelligent Management Center FileDownloadServlet information disclosure attempt (server-other.rules) * 1:45443 <-> ENABLED <-> OS-OTHER Intel x64 side-channel analysis information leak attempt (os-other.rules) * 1:45444 <-> ENABLED <-> OS-OTHER Intel x64 side-channel analysis information leak attempt (os-other.rules) * 1:45421 <-> DISABLED <-> SERVER-WEBAPP PhpCollab editclient.php arbitrary PHP file upload attempt (server-webapp.rules) * 1:45445 <-> ENABLED <-> BROWSER-IE Microsoft Edge scripting engine ArrayBuffer memory corruption attempt (browser-ie.rules) * 1:45454 <-> DISABLED <-> SERVER-WEBAPP PostfixAdmin protected alias deletion attempt (server-webapp.rules) * 1:45446 <-> ENABLED <-> BROWSER-IE Microsoft Edge scripting engine ArrayBuffer memory corruption attempt (browser-ie.rules) * 1:45447 <-> DISABLED <-> SERVER-WEBAPP Linksys WVBR0-25 Wireless Video Bridge command injection attempt (server-webapp.rules) * 1:45448 <-> DISABLED <-> SERVER-WEBAPP Linksys WVBR0-25 Wireless Video Bridge command injection attempt (server-webapp.rules) * 1:45449 <-> DISABLED <-> SERVER-WEBAPP Linksys WVBR0-25 Wireless Video Bridge command injection attempt (server-webapp.rules) * 1:45429 <-> DISABLED <-> PROTOCOL-SCADA MMS Cancel-ResponsePDU (protocol-scada.rules) * 1:45427 <-> DISABLED <-> PROTOCOL-SCADA MMS RejectPDU (protocol-scada.rules) * 1:45451 <-> DISABLED <-> SERVER-WEBAPP Linksys WVBR0-25 Wireless Video Bridge command injection attempt (server-webapp.rules) * 1:45426 <-> DISABLED <-> PROTOCOL-SCADA MMS UnconfirmedPDU (protocol-scada.rules) * 3:45441 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2018-0511 attack attempt (server-webapp.rules) * 3:45422 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2018-0512 attack attempt (policy-other.rules)
* 1:45327 <-> DISABLED <-> SERVER-WEBAPP Dahua DVR NAS configuration download attempt (server-webapp.rules) * 1:45329 <-> DISABLED <-> SERVER-WEBAPP Dahua DVR clear logs request attempt (server-webapp.rules) * 1:45412 <-> DISABLED <-> SERVER-WEBAPP Asus RT-AC88U deleteOfflineClients memory corruption attempt (server-webapp.rules) * 1:45328 <-> DISABLED <-> SERVER-WEBAPP Dahua DVR admin password reset attempt (server-webapp.rules) * 1:45321 <-> DISABLED <-> SERVER-WEBAPP Dahua DVR firmware version query attempt (server-webapp.rules) * 1:45320 <-> DISABLED <-> SERVER-WEBAPP Dahua DVR serial number query attempt (server-webapp.rules) * 1:42110 <-> DISABLED <-> SERVER-WEBAPP Microsoft IIS ScStoragePathFromUrl function buffer overflow attempt (server-webapp.rules) * 1:45323 <-> DISABLED <-> SERVER-WEBAPP Dahua DVR email configuration download attempt (server-webapp.rules) * 1:45322 <-> DISABLED <-> SERVER-WEBAPP Dahua DVR channel information query attempt (server-webapp.rules) * 1:45325 <-> DISABLED <-> SERVER-WEBAPP Dahua DVR DDNS configuration download attempt (server-webapp.rules) * 1:45326 <-> DISABLED <-> SERVER-WEBAPP Dahua DVR user group information query attempt (server-webapp.rules) * 1:45324 <-> DISABLED <-> SERVER-WEBAPP Dahua DVR user password hash query attempt (server-webapp.rules) * 1:17058 <-> DISABLED <-> MALWARE-CNC Trojan-Downloader.JS.Agent.ewh Javascript download (malware-cnc.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091100.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:45450 <-> DISABLED <-> SERVER-WEBAPP Linksys WVBR0-25 Wireless Video Bridge command injection attempt (server-webapp.rules) * 1:45432 <-> DISABLED <-> PROTOCOL-SCADA MMS Initiate-ResponsePDU (protocol-scada.rules) * 1:45429 <-> DISABLED <-> PROTOCOL-SCADA MMS Cancel-ResponsePDU (protocol-scada.rules) * 1:45427 <-> DISABLED <-> PROTOCOL-SCADA MMS RejectPDU (protocol-scada.rules) * 1:45426 <-> DISABLED <-> PROTOCOL-SCADA MMS UnconfirmedPDU (protocol-scada.rules) * 1:45430 <-> DISABLED <-> PROTOCOL-SCADA MMS Cancel-ErrorPDU (protocol-scada.rules) * 1:45418 <-> DISABLED <-> OS-OTHER Apple macOS IOHIDeous exploit download attempt (os-other.rules) * 1:45431 <-> DISABLED <-> PROTOCOL-SCADA MMS Initiate-RequestPDU (protocol-scada.rules) * 1:45419 <-> DISABLED <-> OS-OTHER Apple macOS IOHIDeous exploit download attempt (os-other.rules) * 1:45420 <-> DISABLED <-> SERVER-WEBAPP Drupal HTTP Strict Transport Security module security bypass attempt (server-webapp.rules) * 1:45421 <-> DISABLED <-> SERVER-WEBAPP PhpCollab editclient.php arbitrary PHP file upload attempt (server-webapp.rules) * 1:45433 <-> DISABLED <-> PROTOCOL-SCADA MMS Initiate-ErrorPDU (protocol-scada.rules) * 1:45434 <-> DISABLED <-> PROTOCOL-SCADA MMS Conclude-RequestPDU (protocol-scada.rules) * 1:45435 <-> DISABLED <-> PROTOCOL-SCADA MMS Conclude-ResponsePDU (protocol-scada.rules) * 1:45436 <-> DISABLED <-> PROTOCOL-SCADA MMS Conclude-ErrorPDU (protocol-scada.rules) * 1:45437 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ramnit outbound connection attempt (malware-cnc.rules) * 1:45438 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ramnit outbound connection attempt (malware-cnc.rules) * 1:45439 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ramnit outbound connection attempt (malware-cnc.rules) * 1:45440 <-> DISABLED <-> SERVER-OTHER HP LoadRunner remote command execution attempt (server-other.rules) * 1:45442 <-> DISABLED <-> SERVER-OTHER Hewlett Packard Enterprise Intelligent Management Center FileDownloadServlet information disclosure attempt (server-other.rules) * 1:45443 <-> ENABLED <-> OS-OTHER Intel x64 side-channel analysis information leak attempt (os-other.rules) * 1:45444 <-> ENABLED <-> OS-OTHER Intel x64 side-channel analysis information leak attempt (os-other.rules) * 1:45445 <-> ENABLED <-> BROWSER-IE Microsoft Edge scripting engine ArrayBuffer memory corruption attempt (browser-ie.rules) * 1:45446 <-> ENABLED <-> BROWSER-IE Microsoft Edge scripting engine ArrayBuffer memory corruption attempt (browser-ie.rules) * 1:45447 <-> DISABLED <-> SERVER-WEBAPP Linksys WVBR0-25 Wireless Video Bridge command injection attempt (server-webapp.rules) * 1:45448 <-> DISABLED <-> SERVER-WEBAPP Linksys WVBR0-25 Wireless Video Bridge command injection attempt (server-webapp.rules) * 1:45449 <-> DISABLED <-> SERVER-WEBAPP Linksys WVBR0-25 Wireless Video Bridge command injection attempt (server-webapp.rules) * 1:45454 <-> DISABLED <-> SERVER-WEBAPP PostfixAdmin protected alias deletion attempt (server-webapp.rules) * 1:45423 <-> DISABLED <-> PROTOCOL-SCADA MMS Confirmed-RequestPDU (protocol-scada.rules) * 1:45428 <-> DISABLED <-> PROTOCOL-SCADA MMS Cancel-RequestPDU (protocol-scada.rules) * 1:45453 <-> DISABLED <-> SERVER-WEBAPP Linksys WVBR0-25 Wireless Video Bridge command injection attempt (server-webapp.rules) * 1:45452 <-> DISABLED <-> SERVER-WEBAPP Linksys WVBR0-25 Wireless Video Bridge command injection attempt (server-webapp.rules) * 1:45424 <-> DISABLED <-> PROTOCOL-SCADA MMS Confirmed-ResponsePDU (protocol-scada.rules) * 1:45451 <-> DISABLED <-> SERVER-WEBAPP Linksys WVBR0-25 Wireless Video Bridge command injection attempt (server-webapp.rules) * 1:45425 <-> DISABLED <-> PROTOCOL-SCADA MMS Confirmed-ErrorPDU (protocol-scada.rules) * 3:45441 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2018-0511 attack attempt (server-webapp.rules) * 3:45422 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2018-0512 attack attempt (policy-other.rules)
* 1:45323 <-> DISABLED <-> SERVER-WEBAPP Dahua DVR email configuration download attempt (server-webapp.rules) * 1:45324 <-> DISABLED <-> SERVER-WEBAPP Dahua DVR user password hash query attempt (server-webapp.rules) * 1:45321 <-> DISABLED <-> SERVER-WEBAPP Dahua DVR firmware version query attempt (server-webapp.rules) * 1:45322 <-> DISABLED <-> SERVER-WEBAPP Dahua DVR channel information query attempt (server-webapp.rules) * 1:17058 <-> DISABLED <-> MALWARE-CNC Trojan-Downloader.JS.Agent.ewh Javascript download (malware-cnc.rules) * 1:42110 <-> DISABLED <-> SERVER-WEBAPP Microsoft IIS ScStoragePathFromUrl function buffer overflow attempt (server-webapp.rules) * 1:45320 <-> DISABLED <-> SERVER-WEBAPP Dahua DVR serial number query attempt (server-webapp.rules) * 1:45325 <-> DISABLED <-> SERVER-WEBAPP Dahua DVR DDNS configuration download attempt (server-webapp.rules) * 1:45326 <-> DISABLED <-> SERVER-WEBAPP Dahua DVR user group information query attempt (server-webapp.rules) * 1:45327 <-> DISABLED <-> SERVER-WEBAPP Dahua DVR NAS configuration download attempt (server-webapp.rules) * 1:45328 <-> DISABLED <-> SERVER-WEBAPP Dahua DVR admin password reset attempt (server-webapp.rules) * 1:45329 <-> DISABLED <-> SERVER-WEBAPP Dahua DVR clear logs request attempt (server-webapp.rules) * 1:45412 <-> DISABLED <-> SERVER-WEBAPP Asus RT-AC88U deleteOfflineClients memory corruption attempt (server-webapp.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091101.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:45454 <-> DISABLED <-> SERVER-WEBAPP PostfixAdmin protected alias deletion attempt (server-webapp.rules) * 1:45453 <-> DISABLED <-> SERVER-WEBAPP Linksys WVBR0-25 Wireless Video Bridge command injection attempt (server-webapp.rules) * 1:45452 <-> DISABLED <-> SERVER-WEBAPP Linksys WVBR0-25 Wireless Video Bridge command injection attempt (server-webapp.rules) * 1:45451 <-> DISABLED <-> SERVER-WEBAPP Linksys WVBR0-25 Wireless Video Bridge command injection attempt (server-webapp.rules) * 1:45450 <-> DISABLED <-> SERVER-WEBAPP Linksys WVBR0-25 Wireless Video Bridge command injection attempt (server-webapp.rules) * 1:45449 <-> DISABLED <-> SERVER-WEBAPP Linksys WVBR0-25 Wireless Video Bridge command injection attempt (server-webapp.rules) * 1:45448 <-> DISABLED <-> SERVER-WEBAPP Linksys WVBR0-25 Wireless Video Bridge command injection attempt (server-webapp.rules) * 1:45447 <-> DISABLED <-> SERVER-WEBAPP Linksys WVBR0-25 Wireless Video Bridge command injection attempt (server-webapp.rules) * 1:45446 <-> ENABLED <-> BROWSER-IE Microsoft Edge scripting engine ArrayBuffer memory corruption attempt (browser-ie.rules) * 1:45445 <-> ENABLED <-> BROWSER-IE Microsoft Edge scripting engine ArrayBuffer memory corruption attempt (browser-ie.rules) * 1:45444 <-> ENABLED <-> OS-OTHER Intel x64 side-channel analysis information leak attempt (os-other.rules) * 1:45443 <-> ENABLED <-> OS-OTHER Intel x64 side-channel analysis information leak attempt (os-other.rules) * 1:45442 <-> DISABLED <-> SERVER-OTHER Hewlett Packard Enterprise Intelligent Management Center FileDownloadServlet information disclosure attempt (server-other.rules) * 1:45440 <-> DISABLED <-> SERVER-OTHER HP LoadRunner remote command execution attempt (server-other.rules) * 1:45439 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ramnit outbound connection attempt (malware-cnc.rules) * 1:45438 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ramnit outbound connection attempt (malware-cnc.rules) * 1:45437 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ramnit outbound connection attempt (malware-cnc.rules) * 1:45436 <-> DISABLED <-> PROTOCOL-SCADA MMS Conclude-ErrorPDU (protocol-scada.rules) * 1:45435 <-> DISABLED <-> PROTOCOL-SCADA MMS Conclude-ResponsePDU (protocol-scada.rules) * 1:45434 <-> DISABLED <-> PROTOCOL-SCADA MMS Conclude-RequestPDU (protocol-scada.rules) * 1:45433 <-> DISABLED <-> PROTOCOL-SCADA MMS Initiate-ErrorPDU (protocol-scada.rules) * 1:45432 <-> DISABLED <-> PROTOCOL-SCADA MMS Initiate-ResponsePDU (protocol-scada.rules) * 1:45431 <-> DISABLED <-> PROTOCOL-SCADA MMS Initiate-RequestPDU (protocol-scada.rules) * 1:45430 <-> DISABLED <-> PROTOCOL-SCADA MMS Cancel-ErrorPDU (protocol-scada.rules) * 1:45429 <-> DISABLED <-> PROTOCOL-SCADA MMS Cancel-ResponsePDU (protocol-scada.rules) * 1:45428 <-> DISABLED <-> PROTOCOL-SCADA MMS Cancel-RequestPDU (protocol-scada.rules) * 1:45427 <-> DISABLED <-> PROTOCOL-SCADA MMS RejectPDU (protocol-scada.rules) * 1:45426 <-> DISABLED <-> PROTOCOL-SCADA MMS UnconfirmedPDU (protocol-scada.rules) * 1:45425 <-> DISABLED <-> PROTOCOL-SCADA MMS Confirmed-ErrorPDU (protocol-scada.rules) * 1:45424 <-> DISABLED <-> PROTOCOL-SCADA MMS Confirmed-ResponsePDU (protocol-scada.rules) * 1:45423 <-> DISABLED <-> PROTOCOL-SCADA MMS Confirmed-RequestPDU (protocol-scada.rules) * 1:45421 <-> DISABLED <-> SERVER-WEBAPP PhpCollab editclient.php arbitrary PHP file upload attempt (server-webapp.rules) * 1:45420 <-> DISABLED <-> SERVER-WEBAPP Drupal HTTP Strict Transport Security module security bypass attempt (server-webapp.rules) * 1:45419 <-> DISABLED <-> OS-OTHER Apple macOS IOHIDeous exploit download attempt (os-other.rules) * 1:45418 <-> DISABLED <-> OS-OTHER Apple macOS IOHIDeous exploit download attempt (os-other.rules) * 3:45422 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2018-0512 attack attempt (policy-other.rules) * 3:45441 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2018-0511 attack attempt (server-webapp.rules)
* 1:45320 <-> DISABLED <-> SERVER-WEBAPP Dahua DVR serial number query attempt (server-webapp.rules) * 1:42110 <-> DISABLED <-> SERVER-WEBAPP Microsoft IIS ScStoragePathFromUrl function buffer overflow attempt (server-webapp.rules) * 1:17058 <-> DISABLED <-> MALWARE-CNC Trojan-Downloader.JS.Agent.ewh Javascript download (malware-cnc.rules) * 1:45321 <-> DISABLED <-> SERVER-WEBAPP Dahua DVR firmware version query attempt (server-webapp.rules) * 1:45322 <-> DISABLED <-> SERVER-WEBAPP Dahua DVR channel information query attempt (server-webapp.rules) * 1:45323 <-> DISABLED <-> SERVER-WEBAPP Dahua DVR email configuration download attempt (server-webapp.rules) * 1:45324 <-> DISABLED <-> SERVER-WEBAPP Dahua DVR user password hash query attempt (server-webapp.rules) * 1:45325 <-> DISABLED <-> SERVER-WEBAPP Dahua DVR DDNS configuration download attempt (server-webapp.rules) * 1:45326 <-> DISABLED <-> SERVER-WEBAPP Dahua DVR user group information query attempt (server-webapp.rules) * 1:45327 <-> DISABLED <-> SERVER-WEBAPP Dahua DVR NAS configuration download attempt (server-webapp.rules) * 1:45328 <-> DISABLED <-> SERVER-WEBAPP Dahua DVR admin password reset attempt (server-webapp.rules) * 1:45329 <-> DISABLED <-> SERVER-WEBAPP Dahua DVR clear logs request attempt (server-webapp.rules) * 1:45412 <-> DISABLED <-> SERVER-WEBAPP Asus RT-AC88U deleteOfflineClients memory corruption attempt (server-webapp.rules)
©2024 Cisco and/or its affiliates. Snort, the Snort and Pig logo are registered trademarks of Cisco. All rights reserved.
