Talos has added and modified multiple rules in the browser-firefox, browser-ie, deleted, file-office, malware-cnc, malware-other, os-windows and server-webapp rule sets to provide coverage for emerging threats from these technologies.
For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:46754 <-> ENABLED <-> OS-WINDOWS Microsoft Windows win32k NtUserSetImeInfoEx privilege escalation attempt (os-windows.rules) * 1:46777 <-> DISABLED <-> SERVER-WEBAPP Nagios XI command injection attempt (server-webapp.rules) * 1:46781 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox nsHTMLDocument SetBody use-after-free attempt (browser-firefox.rules) * 1:46751 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.SynAck download attempt (malware-other.rules) * 1:46755 <-> ENABLED <-> OS-WINDOWS Microsoft Windows win32k NtUserSetImeInfoEx privilege escalation attempt (os-windows.rules) * 1:46778 <-> DISABLED <-> SERVER-WEBAPP Nagios XI command injection attempt (server-webapp.rules) * 1:46758 <-> DISABLED <-> SERVER-WEBAPP D-Link DNS-325 ShareCenter photocenter_mgr.cgi command injection attempt (server-webapp.rules) * 1:46773 <-> DISABLED <-> SERVER-WEBAPP Nagios XI SQL injection attempt (server-webapp.rules) * 1:46764 <-> DISABLED <-> BROWSER-IE Microsoft Edge proxy object type confusion attempt (browser-ie.rules) * 1:46770 <-> DISABLED <-> DELETED asdfasdf (deleted.rules) * 1:46771 <-> DISABLED <-> DELETED asdfasdf (deleted.rules) * 1:46772 <-> DISABLED <-> DELETED asdfasdf (deleted.rules) * 1:46767 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox nsHTMLDocument SetBody use-after-free attempt (browser-firefox.rules) * 1:46766 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox nsHTMLDocument SetBody use-after-free attempt (browser-firefox.rules) * 1:46753 <-> DISABLED <-> SERVER-WEBAPP LG NAS login_check.php command injection attempt (server-webapp.rules) * 1:46763 <-> DISABLED <-> BROWSER-IE Microsoft Edge proxy object type confusion attempt (browser-ie.rules) * 1:46776 <-> DISABLED <-> SERVER-WEBAPP Nagios XI command injection attempt (server-webapp.rules) * 1:46760 <-> DISABLED <-> SERVER-WEBAPP D-Link DNS-325 ShareCenter photocenter_mgr.cgi command injection attempt (server-webapp.rules) * 1:46759 <-> DISABLED <-> SERVER-WEBAPP D-Link DNS-325 ShareCenter photocenter_mgr.cgi command injection attempt (server-webapp.rules) * 1:46774 <-> DISABLED <-> SERVER-WEBAPP NagiosXI SQL injection attempt (server-webapp.rules) * 1:46765 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox nsHTMLDocument SetBody use-after-free attempt (browser-firefox.rules) * 1:46775 <-> DISABLED <-> SERVER-WEBAPP Nagios XI command injection attempt (server-webapp.rules) * 1:46779 <-> DISABLED <-> SERVER-WEBAPP Nagios XI database settings modification attempt (server-webapp.rules) * 1:46752 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.SynAck download attempt (malware-other.rules) * 3:46762 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2018-0597 attack attempt (file-office.rules) * 3:46761 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2018-0597 attack attempt (file-office.rules) * 3:46780 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2018-0595 attack attempt (server-other.rules) * 3:46756 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2018-0596 attack attempt (file-office.rules) * 3:46768 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2018-0598 attack attempt (file-office.rules) * 3:46769 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2018-0598 attack attempt (file-office.rules) * 3:46757 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2018-0596 attack attempt (file-office.rules)
* 1:45564 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Vpnfilter variant outbound connection attempt (malware-cnc.rules) * 1:18930 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager nnmRptConfig.exe Template format string code execution attempt (server-webapp.rules) * 1:44646 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.BadRabbit propagation via SVCCTL remote service attempt (malware-other.rules) * 1:45563 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Vpnfilter variant outbound connection attempt (malware-cnc.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2990.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:46770 <-> DISABLED <-> DELETED asdfasdf (deleted.rules) * 1:46779 <-> DISABLED <-> SERVER-WEBAPP Nagios XI database settings modification attempt (server-webapp.rules) * 1:46778 <-> DISABLED <-> SERVER-WEBAPP Nagios XI command injection attempt (server-webapp.rules) * 1:46777 <-> DISABLED <-> SERVER-WEBAPP Nagios XI command injection attempt (server-webapp.rules) * 1:46760 <-> DISABLED <-> SERVER-WEBAPP D-Link DNS-325 ShareCenter photocenter_mgr.cgi command injection attempt (server-webapp.rules) * 1:46773 <-> DISABLED <-> SERVER-WEBAPP Nagios XI SQL injection attempt (server-webapp.rules) * 1:46781 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox nsHTMLDocument SetBody use-after-free attempt (browser-firefox.rules) * 1:46767 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox nsHTMLDocument SetBody use-after-free attempt (browser-firefox.rules) * 1:46764 <-> DISABLED <-> BROWSER-IE Microsoft Edge proxy object type confusion attempt (browser-ie.rules) * 1:46759 <-> DISABLED <-> SERVER-WEBAPP D-Link DNS-325 ShareCenter photocenter_mgr.cgi command injection attempt (server-webapp.rules) * 1:46775 <-> DISABLED <-> SERVER-WEBAPP Nagios XI command injection attempt (server-webapp.rules) * 1:46776 <-> DISABLED <-> SERVER-WEBAPP Nagios XI command injection attempt (server-webapp.rules) * 1:46774 <-> DISABLED <-> SERVER-WEBAPP NagiosXI SQL injection attempt (server-webapp.rules) * 1:46763 <-> DISABLED <-> BROWSER-IE Microsoft Edge proxy object type confusion attempt (browser-ie.rules) * 1:46753 <-> DISABLED <-> SERVER-WEBAPP LG NAS login_check.php command injection attempt (server-webapp.rules) * 1:46751 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.SynAck download attempt (malware-other.rules) * 1:46766 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox nsHTMLDocument SetBody use-after-free attempt (browser-firefox.rules) * 1:46754 <-> ENABLED <-> OS-WINDOWS Microsoft Windows win32k NtUserSetImeInfoEx privilege escalation attempt (os-windows.rules) * 1:46755 <-> ENABLED <-> OS-WINDOWS Microsoft Windows win32k NtUserSetImeInfoEx privilege escalation attempt (os-windows.rules) * 1:46772 <-> DISABLED <-> DELETED asdfasdf (deleted.rules) * 1:46765 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox nsHTMLDocument SetBody use-after-free attempt (browser-firefox.rules) * 1:46752 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.SynAck download attempt (malware-other.rules) * 1:46771 <-> DISABLED <-> DELETED asdfasdf (deleted.rules) * 1:46758 <-> DISABLED <-> SERVER-WEBAPP D-Link DNS-325 ShareCenter photocenter_mgr.cgi command injection attempt (server-webapp.rules) * 3:46756 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2018-0596 attack attempt (file-office.rules) * 3:46762 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2018-0597 attack attempt (file-office.rules) * 3:46768 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2018-0598 attack attempt (file-office.rules) * 3:46769 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2018-0598 attack attempt (file-office.rules) * 3:46757 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2018-0596 attack attempt (file-office.rules) * 3:46780 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2018-0595 attack attempt (server-other.rules) * 3:46761 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2018-0597 attack attempt (file-office.rules)
* 1:45563 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Vpnfilter variant outbound connection attempt (malware-cnc.rules) * 1:45564 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Vpnfilter variant outbound connection attempt (malware-cnc.rules) * 1:44646 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.BadRabbit propagation via SVCCTL remote service attempt (malware-other.rules) * 1:18930 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager nnmRptConfig.exe Template format string code execution attempt (server-webapp.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3000.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:46766 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox nsHTMLDocument SetBody use-after-free attempt (snort3-browser-firefox.rules) * 1:46760 <-> DISABLED <-> SERVER-WEBAPP D-Link DNS-325 ShareCenter photocenter_mgr.cgi command injection attempt (snort3-server-webapp.rules) * 1:46764 <-> DISABLED <-> BROWSER-IE Microsoft Edge proxy object type confusion attempt (snort3-browser-ie.rules) * 1:46751 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.SynAck download attempt (snort3-malware-other.rules) * 1:46755 <-> ENABLED <-> OS-WINDOWS Microsoft Windows win32k NtUserSetImeInfoEx privilege escalation attempt (snort3-os-windows.rules) * 1:46763 <-> DISABLED <-> BROWSER-IE Microsoft Edge proxy object type confusion attempt (snort3-browser-ie.rules) * 1:46765 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox nsHTMLDocument SetBody use-after-free attempt (snort3-browser-firefox.rules) * 1:46758 <-> DISABLED <-> SERVER-WEBAPP D-Link DNS-325 ShareCenter photocenter_mgr.cgi command injection attempt (snort3-server-webapp.rules) * 1:46754 <-> ENABLED <-> OS-WINDOWS Microsoft Windows win32k NtUserSetImeInfoEx privilege escalation attempt (snort3-os-windows.rules) * 1:46778 <-> DISABLED <-> SERVER-WEBAPP Nagios XI command injection attempt (snort3-server-webapp.rules) * 1:46774 <-> DISABLED <-> SERVER-WEBAPP NagiosXI SQL injection attempt (snort3-server-webapp.rules) * 1:46767 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox nsHTMLDocument SetBody use-after-free attempt (snort3-browser-firefox.rules) * 1:46773 <-> DISABLED <-> SERVER-WEBAPP Nagios XI SQL injection attempt (snort3-server-webapp.rules) * 1:46772 <-> DISABLED <-> DELETED asdfasdf (snort3-deleted.rules) * 1:46759 <-> DISABLED <-> SERVER-WEBAPP D-Link DNS-325 ShareCenter photocenter_mgr.cgi command injection attempt (snort3-server-webapp.rules) * 1:46752 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.SynAck download attempt (snort3-malware-other.rules) * 1:46753 <-> DISABLED <-> SERVER-WEBAPP LG NAS login_check.php command injection attempt (snort3-server-webapp.rules) * 1:46776 <-> DISABLED <-> SERVER-WEBAPP Nagios XI command injection attempt (snort3-server-webapp.rules) * 1:46775 <-> DISABLED <-> SERVER-WEBAPP Nagios XI command injection attempt (snort3-server-webapp.rules) * 1:46770 <-> DISABLED <-> DELETED asdfasdf (snort3-deleted.rules) * 1:46771 <-> DISABLED <-> DELETED asdfasdf (snort3-deleted.rules) * 1:46777 <-> DISABLED <-> SERVER-WEBAPP Nagios XI command injection attempt (snort3-server-webapp.rules) * 1:46779 <-> DISABLED <-> SERVER-WEBAPP Nagios XI database settings modification attempt (snort3-server-webapp.rules) * 1:46781 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox nsHTMLDocument SetBody use-after-free attempt (snort3-browser-firefox.rules)
* 1:18930 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager nnmRptConfig.exe Template format string code execution attempt (snort3-server-webapp.rules) * 1:45564 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Vpnfilter variant outbound connection attempt (snort3-malware-cnc.rules) * 1:45563 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Vpnfilter variant outbound connection attempt (snort3-malware-cnc.rules) * 1:44646 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.BadRabbit propagation via SVCCTL remote service attempt (snort3-malware-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091100.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:46753 <-> DISABLED <-> SERVER-WEBAPP LG NAS login_check.php command injection attempt (server-webapp.rules) * 1:46752 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.SynAck download attempt (malware-other.rules) * 1:46776 <-> DISABLED <-> SERVER-WEBAPP Nagios XI command injection attempt (server-webapp.rules) * 1:46754 <-> ENABLED <-> OS-WINDOWS Microsoft Windows win32k NtUserSetImeInfoEx privilege escalation attempt (os-windows.rules) * 1:46763 <-> DISABLED <-> BROWSER-IE Microsoft Edge proxy object type confusion attempt (browser-ie.rules) * 1:46751 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.SynAck download attempt (malware-other.rules) * 1:46760 <-> DISABLED <-> SERVER-WEBAPP D-Link DNS-325 ShareCenter photocenter_mgr.cgi command injection attempt (server-webapp.rules) * 1:46758 <-> DISABLED <-> SERVER-WEBAPP D-Link DNS-325 ShareCenter photocenter_mgr.cgi command injection attempt (server-webapp.rules) * 1:46781 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox nsHTMLDocument SetBody use-after-free attempt (browser-firefox.rules) * 1:46778 <-> DISABLED <-> SERVER-WEBAPP Nagios XI command injection attempt (server-webapp.rules) * 1:46777 <-> DISABLED <-> SERVER-WEBAPP Nagios XI command injection attempt (server-webapp.rules) * 1:46779 <-> DISABLED <-> SERVER-WEBAPP Nagios XI database settings modification attempt (server-webapp.rules) * 1:46759 <-> DISABLED <-> SERVER-WEBAPP D-Link DNS-325 ShareCenter photocenter_mgr.cgi command injection attempt (server-webapp.rules) * 1:46766 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox nsHTMLDocument SetBody use-after-free attempt (browser-firefox.rules) * 1:46767 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox nsHTMLDocument SetBody use-after-free attempt (browser-firefox.rules) * 1:46770 <-> DISABLED <-> DELETED asdfasdf (deleted.rules) * 1:46771 <-> DISABLED <-> DELETED asdfasdf (deleted.rules) * 1:46774 <-> DISABLED <-> SERVER-WEBAPP NagiosXI SQL injection attempt (server-webapp.rules) * 1:46764 <-> DISABLED <-> BROWSER-IE Microsoft Edge proxy object type confusion attempt (browser-ie.rules) * 1:46765 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox nsHTMLDocument SetBody use-after-free attempt (browser-firefox.rules) * 1:46755 <-> ENABLED <-> OS-WINDOWS Microsoft Windows win32k NtUserSetImeInfoEx privilege escalation attempt (os-windows.rules) * 1:46773 <-> DISABLED <-> SERVER-WEBAPP Nagios XI SQL injection attempt (server-webapp.rules) * 1:46772 <-> DISABLED <-> DELETED asdfasdf (deleted.rules) * 1:46775 <-> DISABLED <-> SERVER-WEBAPP Nagios XI command injection attempt (server-webapp.rules) * 3:46780 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2018-0595 attack attempt (server-other.rules) * 3:46756 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2018-0596 attack attempt (file-office.rules) * 3:46757 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2018-0596 attack attempt (file-office.rules) * 3:46769 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2018-0598 attack attempt (file-office.rules) * 3:46768 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2018-0598 attack attempt (file-office.rules) * 3:46762 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2018-0597 attack attempt (file-office.rules) * 3:46761 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2018-0597 attack attempt (file-office.rules)
* 1:45564 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Vpnfilter variant outbound connection attempt (malware-cnc.rules) * 1:45563 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Vpnfilter variant outbound connection attempt (malware-cnc.rules) * 1:18930 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager nnmRptConfig.exe Template format string code execution attempt (server-webapp.rules) * 1:44646 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.BadRabbit propagation via SVCCTL remote service attempt (malware-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091101.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:46765 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox nsHTMLDocument SetBody use-after-free attempt (browser-firefox.rules) * 1:46764 <-> DISABLED <-> BROWSER-IE Microsoft Edge proxy object type confusion attempt (browser-ie.rules) * 1:46763 <-> DISABLED <-> BROWSER-IE Microsoft Edge proxy object type confusion attempt (browser-ie.rules) * 1:46760 <-> DISABLED <-> SERVER-WEBAPP D-Link DNS-325 ShareCenter photocenter_mgr.cgi command injection attempt (server-webapp.rules) * 1:46759 <-> DISABLED <-> SERVER-WEBAPP D-Link DNS-325 ShareCenter photocenter_mgr.cgi command injection attempt (server-webapp.rules) * 1:46758 <-> DISABLED <-> SERVER-WEBAPP D-Link DNS-325 ShareCenter photocenter_mgr.cgi command injection attempt (server-webapp.rules) * 1:46755 <-> ENABLED <-> OS-WINDOWS Microsoft Windows win32k NtUserSetImeInfoEx privilege escalation attempt (os-windows.rules) * 1:46754 <-> ENABLED <-> OS-WINDOWS Microsoft Windows win32k NtUserSetImeInfoEx privilege escalation attempt (os-windows.rules) * 1:46753 <-> DISABLED <-> SERVER-WEBAPP LG NAS login_check.php command injection attempt (server-webapp.rules) * 1:46752 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.SynAck download attempt (malware-other.rules) * 1:46751 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.SynAck download attempt (malware-other.rules) * 1:46781 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox nsHTMLDocument SetBody use-after-free attempt (browser-firefox.rules) * 1:46779 <-> DISABLED <-> SERVER-WEBAPP Nagios XI database settings modification attempt (server-webapp.rules) * 1:46778 <-> DISABLED <-> SERVER-WEBAPP Nagios XI command injection attempt (server-webapp.rules) * 1:46777 <-> DISABLED <-> SERVER-WEBAPP Nagios XI command injection attempt (server-webapp.rules) * 1:46776 <-> DISABLED <-> SERVER-WEBAPP Nagios XI command injection attempt (server-webapp.rules) * 1:46775 <-> DISABLED <-> SERVER-WEBAPP Nagios XI command injection attempt (server-webapp.rules) * 1:46774 <-> DISABLED <-> SERVER-WEBAPP NagiosXI SQL injection attempt (server-webapp.rules) * 1:46773 <-> DISABLED <-> SERVER-WEBAPP Nagios XI SQL injection attempt (server-webapp.rules) * 1:46772 <-> DISABLED <-> DELETED asdfasdf (deleted.rules) * 1:46771 <-> DISABLED <-> DELETED asdfasdf (deleted.rules) * 1:46770 <-> DISABLED <-> DELETED asdfasdf (deleted.rules) * 1:46767 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox nsHTMLDocument SetBody use-after-free attempt (browser-firefox.rules) * 1:46766 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox nsHTMLDocument SetBody use-after-free attempt (browser-firefox.rules) * 3:46756 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2018-0596 attack attempt (file-office.rules) * 3:46757 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2018-0596 attack attempt (file-office.rules) * 3:46761 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2018-0597 attack attempt (file-office.rules) * 3:46762 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2018-0597 attack attempt (file-office.rules) * 3:46768 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2018-0598 attack attempt (file-office.rules) * 3:46769 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2018-0598 attack attempt (file-office.rules) * 3:46780 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2018-0595 attack attempt (server-other.rules)
* 1:45564 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Vpnfilter variant outbound connection attempt (malware-cnc.rules) * 1:45563 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Vpnfilter variant outbound connection attempt (malware-cnc.rules) * 1:44646 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.BadRabbit propagation via SVCCTL remote service attempt (malware-other.rules) * 1:18930 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager nnmRptConfig.exe Template format string code execution attempt (server-webapp.rules)
©2024 Cisco and/or its affiliates. Snort, the Snort and Pig logo are registered trademarks of Cisco. All rights reserved.
