Talos has added and modified multiple rules in the browser-ie, file-other, file-pdf, indicator-compromise, malware-cnc, malware-other, netbios, os-linux, os-windows, protocol-other, pua-other and server-webapp rule sets to provide coverage for emerging threats from these technologies.
For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:46785 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Zebrocy known malicious user-agent string (malware-cnc.rules) * 1:46809 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader font enumeration use after free attempt (file-pdf.rules) * 1:46791 <-> DISABLED <-> SERVER-WEBAPP Ruby Net FTP library command injection attempt (server-webapp.rules) * 1:46788 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.ZooPark outbound connection attempt (malware-cnc.rules) * 1:46786 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Zebrocy initial outbound request (malware-cnc.rules) * 1:46789 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.ZooPark outbound connection attempt (malware-cnc.rules) * 1:46794 <-> ENABLED <-> OS-WINDOWS Malicious vbscript download attempt (os-windows.rules) * 1:46797 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out of bounds read attempt (file-other.rules) * 1:46798 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out of bounds read attempt (file-other.rules) * 1:46800 <-> DISABLED <-> SERVER-WEBAPP Western Digital MyCloud snmp_mgr.cgi command injection attempt (server-webapp.rules) * 1:46801 <-> DISABLED <-> SERVER-WEBAPP Western Digital MyCloud snmp_mgr.cgi command injection attempt (server-webapp.rules) * 1:46802 <-> DISABLED <-> SERVER-WEBAPP Anti-Web directory traversal attempt (server-webapp.rules) * 1:46803 <-> DISABLED <-> SERVER-WEBAPP Anti-Web directory traversal attempt (server-webapp.rules) * 1:46804 <-> DISABLED <-> SERVER-WEBAPP Anti-Web directory traversal attempt (server-webapp.rules) * 1:46806 <-> ENABLED <-> SERVER-WEBAPP BA Systems BAS Web information disclosure attempt (server-webapp.rules) * 1:46805 <-> ENABLED <-> SERVER-WEBAPP BA Systems BAS Web information disclosure attempt (server-webapp.rules) * 1:46810 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader font enumeration use after free attempt (file-pdf.rules) * 1:46807 <-> ENABLED <-> MALWARE-OTHER DNS request for known malware domain toknowall.com - Unix.Trojan.Vpnfilter (malware-other.rules) * 1:46782 <-> DISABLED <-> MALWARE-CNC vpnfilter SSL connection attempt (malware-cnc.rules) * 1:46787 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.ZooPark outbound connection attempt (malware-cnc.rules) * 1:46808 <-> DISABLED <-> SERVER-WEBAPP PHP .phar cross site scripting attempt (server-webapp.rules) * 1:46811 <-> ENABLED <-> FILE-OTHER Microsoft Windows Host Compute Service Shim remote code execution attempt (file-other.rules) * 1:46783 <-> DISABLED <-> MALWARE-CNC vpnfilter SSL connection attempt (malware-cnc.rules) * 1:46792 <-> ENABLED <-> MALWARE-CNC Outbound malicious vbscript attempt (malware-cnc.rules) * 1:46799 <-> DISABLED <-> SERVER-WEBAPP Western Digital MyCloud snmp_mgr.cgi command injection attempt (server-webapp.rules) * 1:46790 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.ZooPark outbound connection attempt (malware-cnc.rules) * 1:46793 <-> ENABLED <-> OS-WINDOWS Malicious zip download attempt (os-windows.rules) * 1:46796 <-> ENABLED <-> MALWARE-CNC Dharma ransomware dropper outbound connection (malware-cnc.rules) * 1:46795 <-> ENABLED <-> MALWARE-CNC Dharma ransomware dropper initial outbound connection (malware-cnc.rules)
* 1:35734 <-> DISABLED <-> SERVER-WEBAPP Netgear WNDR4700 and R6200 admin interface authentication bypass attempt (server-webapp.rules) * 1:41749 <-> DISABLED <-> SERVER-WEBAPP Netgear DGN2200 dnslookup.cgi command injection attempt (server-webapp.rules) * 1:25589 <-> DISABLED <-> SERVER-OTHER libupnp command buffer overflow attempt (server-other.rules) * 1:41699 <-> DISABLED <-> SERVER-WEBAPP Netgear DGN2200 ping.cgi command injection attempt (server-webapp.rules) * 1:44687 <-> ENABLED <-> SERVER-WEBAPP Netgear DGN1000 series routers authentication bypass attempt (server-webapp.rules) * 1:37960 <-> DISABLED <-> SERVER-OTHER Pidgin MSN MSNP2P message integer overflow attempt (server-other.rules) * 1:26279 <-> DISABLED <-> SERVER-WEBAPP Linksys E1500/E2500 apply.cgi unauthenticated password reset attempt (server-webapp.rules) * 1:46312 <-> DISABLED <-> SERVER-WEBAPP Netgear WNR2000 information disclosure attempt (server-webapp.rules) * 1:26277 <-> DISABLED <-> SERVER-WEBAPP Linksys E1500/E2500 apply.cgi multiple vulnerabilities attempt (server-webapp.rules) * 1:26275 <-> DISABLED <-> SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt (server-webapp.rules) * 1:25949 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Zebrocy outbound data connection (malware-cnc.rules) * 1:46309 <-> DISABLED <-> SERVER-OTHER QNAP NVR/NAS Heap/Stack Overflow attempt (server-other.rules) * 1:41750 <-> DISABLED <-> SERVER-WEBAPP Netgear DGN2200 dnslookup.cgi command injection attempt (server-webapp.rules) * 1:41698 <-> DISABLED <-> SERVER-WEBAPP Netgear DGN2200 ping.cgi command injection attempt (server-webapp.rules) * 1:37961 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer long URL buffer overflow attempt (browser-ie.rules) * 1:44699 <-> DISABLED <-> SERVER-WEBAPP Internal field separator use in HTTP URI attempt (server-webapp.rules) * 1:44743 <-> DISABLED <-> SERVER-OTHER libupnp command buffer overflow attempt (server-other.rules) * 1:44643 <-> DISABLED <-> SERVER-OTHER Mikrotik RouterOS denial of service attempt (server-other.rules) * 1:46315 <-> DISABLED <-> SERVER-WEBAPP Joomla restore.php PHP object injection attempt (server-webapp.rules) * 1:46317 <-> DISABLED <-> SERVER-OTHER NETGEAR TelnetEnable attempt (server-other.rules) * 1:41748 <-> DISABLED <-> SERVER-WEBAPP Netgear DGN2200 dnslookup.cgi command injection attempt (server-webapp.rules) * 1:46318 <-> DISABLED <-> SERVER-OTHER NETGEAR TelnetEnable attempt (server-other.rules) * 1:46322 <-> DISABLED <-> SERVER-WEBAPP Netgear DGN2200B stored cross-site scripting attempt (server-webapp.rules) * 1:46323 <-> DISABLED <-> SERVER-WEBAPP Netgear DGN2200B stored cross-site scripting attempt (server-webapp.rules) * 1:46335 <-> DISABLED <-> SERVER-OTHER QNAP QTS hard coded credential access attempt (server-other.rules) * 1:46340 <-> DISABLED <-> SERVER-WEBAPP Akeeba Kickstart restoration.php reconnaissance attempt (server-webapp.rules) * 1:46341 <-> DISABLED <-> SERVER-WEBAPP Akeeba Kickstart cross site request forgery attempt (server-webapp.rules) * 1:46310 <-> DISABLED <-> SERVER-OTHER QNAP NVR/NAS Heap/Stack Overflow attempt (server-other.rules) * 1:45950 <-> ENABLED <-> PUA-OTHER Coinhive TLS client hello attempt (pua-other.rules) * 1:46342 <-> DISABLED <-> SERVER-OTHER QNAP QTS cross site request forgery attempt (server-other.rules) * 1:46376 <-> DISABLED <-> SERVER-OTHER libgd heap-overflow attempt (server-other.rules) * 1:46377 <-> DISABLED <-> SERVER-OTHER libgd heap-overflow attempt (server-other.rules) * 1:46410 <-> ENABLED <-> PUA-OTHER Mineralt TLS client hello attempt (pua-other.rules) * 1:46411 <-> ENABLED <-> PUA-OTHER Mineralt TLS server hello attempt (pua-other.rules) * 1:46413 <-> ENABLED <-> PUA-OTHER Mineralt JavaScript cryptocurrency mining attempt (pua-other.rules) * 1:46414 <-> ENABLED <-> PUA-OTHER Mineralt JavaScript cryptocurrency mining attempt (pua-other.rules) * 1:46124 <-> DISABLED <-> PROTOCOL-OTHER use of undocumented ScMM test interface in Cisco small business devices detected (protocol-other.rules) * 1:46076 <-> DISABLED <-> NETBIOS MikroTik RouterOS buffer overflow attempt (netbios.rules) * 1:46080 <-> DISABLED <-> SERVER-WEBAPP Linksys E-Series apply.cgi wait_time cross site scripting attempt (server-webapp.rules) * 1:46081 <-> DISABLED <-> SERVER-WEBAPP Linksys E-Series apply.cgi wait_time cross site scripting attempt (server-webapp.rules) * 1:46083 <-> DISABLED <-> SERVER-WEBAPP Linksys E-Series apply.cgi directory traversal attempt (server-webapp.rules) * 1:46086 <-> DISABLED <-> SERVER-WEBAPP Linksys E-Series apply.cgi ping function command injection attempt (server-webapp.rules) * 1:46085 <-> DISABLED <-> SERVER-WEBAPP Linksys E-Series apply.cgi ping function command injection attempt (server-webapp.rules) * 1:46084 <-> DISABLED <-> SERVER-WEBAPP Linksys E-Series apply.cgi directory traversal attempt (server-webapp.rules) * 1:41095 <-> DISABLED <-> SERVER-WEBAPP Netgear WNR2000 authentication bypass attempt (server-webapp.rules) * 1:46121 <-> DISABLED <-> PROTOCOL-OTHER use of undocumented ScMM test interface in Cisco small business devices detected (protocol-other.rules) * 1:46123 <-> DISABLED <-> PROTOCOL-OTHER use of undocumented ScMM test interface in Cisco small business devices detected (protocol-other.rules) * 1:44373 <-> DISABLED <-> SERVER-WEBAPP XStream void primitive denial of service attempt (server-webapp.rules) * 1:46287 <-> DISABLED <-> SERVER-WEBAPP Linksys E series denial of service attempt (server-webapp.rules) * 1:46297 <-> DISABLED <-> SERVER-WEBAPP QNAP VioStor NVR and QNAP NAS command injection attempt (server-webapp.rules) * 1:46298 <-> DISABLED <-> SERVER-WEBAPP QNAP VioStor NVR and QNAP NAS command injection attempt (server-webapp.rules) * 1:45157 <-> DISABLED <-> SERVER-OTHER SSDP M-SEARCH ssdp-all potential amplified distributed denial-of-service attempt (server-other.rules) * 1:46122 <-> DISABLED <-> PROTOCOL-OTHER use of undocumented ScMM test interface in Cisco small business devices detected (protocol-other.rules) * 1:45555 <-> DISABLED <-> SERVER-WEBAPP MikroTik RouterOS jsproxy readPostData memory corruption attempt (server-webapp.rules) * 1:41751 <-> DISABLED <-> SERVER-WEBAPP Netgear DGN2200 dnslookup.cgi command injection attempt (server-webapp.rules) * 1:44971 <-> DISABLED <-> SERVER-OTHER QNAP transcode server command injection attempt (server-other.rules) * 1:37963 <-> DISABLED <-> INDICATOR-COMPROMISE malicious file download attempt (indicator-compromise.rules) * 1:17494 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer long URL buffer overflow attempt (browser-ie.rules) * 1:46308 <-> DISABLED <-> SERVER-WEBAPP QNAP WTS 4.2.1 command injection attempt (server-webapp.rules) * 1:46301 <-> DISABLED <-> SERVER-OTHER QNAP QTS X-Forwarded-For buffer overflow (server-other.rules) * 1:46305 <-> DISABLED <-> SERVER-WEBAPP QNAP WTS 4.2.1 command injection attempt (server-webapp.rules) * 1:46306 <-> DISABLED <-> SERVER-WEBAPP QNAP WTS 4.2.1 command injection attempt (server-webapp.rules) * 1:46307 <-> DISABLED <-> SERVER-WEBAPP QNAP WTS 4.2.1 command injection attempt (server-webapp.rules) * 1:41700 <-> DISABLED <-> SERVER-WEBAPP Netgear DGN2200 ping.cgi command injection attempt (server-webapp.rules) * 1:46299 <-> DISABLED <-> SERVER-WEBAPP QNAP VioStor NVR and QNAP NAS command injection attempt (server-webapp.rules) * 1:46300 <-> DISABLED <-> SERVER-WEBAPP QNAP VioStor NVR and QNAP NAS command injection attempt (server-webapp.rules) * 1:40063 <-> DISABLED <-> OS-LINUX Linux Kernel Challenge ACK provocation attempt (os-linux.rules) * 1:41096 <-> DISABLED <-> SERVER-WEBAPP Netgear WNR2000 hidden_lang_avi stack buffer overflow attempt (server-webapp.rules) * 1:44688 <-> ENABLED <-> SERVER-WEBAPP Netgear DGN1000 series routers arbitrary command execution attempt (server-webapp.rules) * 1:26278 <-> DISABLED <-> SERVER-WEBAPP Linksys E1500/E2500 apply.cgi unauthenticated password reset attempt (server-webapp.rules) * 1:41504 <-> DISABLED <-> SERVER-WEBAPP Netgear passwordrecovered.cgi insecure admin password disclosure attempt (server-webapp.rules) * 1:45001 <-> DISABLED <-> SERVER-WEBAPP Netgear WNR2000 information leak attempt (server-webapp.rules) * 1:46314 <-> DISABLED <-> SERVER-WEBAPP Netgear WNR2000 information disclosure attempt (server-webapp.rules) * 1:46313 <-> DISABLED <-> SERVER-WEBAPP Netgear WNR2000 information disclosure attempt (server-webapp.rules) * 1:45952 <-> ENABLED <-> PUA-OTHER Authedmine TLS client hello attempt (pua-other.rules) * 1:46082 <-> DISABLED <-> SERVER-WEBAPP Linksys E-Series apply.cgi ping function command injection attempt (server-webapp.rules) * 1:44790 <-> DISABLED <-> SERVER-WEBAPP MikroTik RouterOS cross site request forgery attempt (server-webapp.rules) * 1:44698 <-> DISABLED <-> SERVER-WEBAPP Internal field separator use in HTTP URI attempt (server-webapp.rules) * 1:26276 <-> DISABLED <-> SERVER-WEBAPP Linksys E1500/E2500 apply.cgi multiple vulnerabilities attempt (server-webapp.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2990.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:46783 <-> DISABLED <-> MALWARE-CNC vpnfilter SSL connection attempt (malware-cnc.rules) * 1:46784 <-> DISABLED <-> SERVER-OTHER Pidgin MSN MSNP2P SLP message integer overflow attempt (server-other.rules) * 1:46786 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Zebrocy initial outbound request (malware-cnc.rules) * 1:46787 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.ZooPark outbound connection attempt (malware-cnc.rules) * 1:46788 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.ZooPark outbound connection attempt (malware-cnc.rules) * 1:46789 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.ZooPark outbound connection attempt (malware-cnc.rules) * 1:46790 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.ZooPark outbound connection attempt (malware-cnc.rules) * 1:46791 <-> DISABLED <-> SERVER-WEBAPP Ruby Net FTP library command injection attempt (server-webapp.rules) * 1:46792 <-> ENABLED <-> MALWARE-CNC Outbound malicious vbscript attempt (malware-cnc.rules) * 1:46782 <-> DISABLED <-> MALWARE-CNC vpnfilter SSL connection attempt (malware-cnc.rules) * 1:46793 <-> ENABLED <-> OS-WINDOWS Malicious zip download attempt (os-windows.rules) * 1:46794 <-> ENABLED <-> OS-WINDOWS Malicious vbscript download attempt (os-windows.rules) * 1:46795 <-> ENABLED <-> MALWARE-CNC Dharma ransomware dropper initial outbound connection (malware-cnc.rules) * 1:46796 <-> ENABLED <-> MALWARE-CNC Dharma ransomware dropper outbound connection (malware-cnc.rules) * 1:46797 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out of bounds read attempt (file-other.rules) * 1:46798 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out of bounds read attempt (file-other.rules) * 1:46799 <-> DISABLED <-> SERVER-WEBAPP Western Digital MyCloud snmp_mgr.cgi command injection attempt (server-webapp.rules) * 1:46800 <-> DISABLED <-> SERVER-WEBAPP Western Digital MyCloud snmp_mgr.cgi command injection attempt (server-webapp.rules) * 1:46801 <-> DISABLED <-> SERVER-WEBAPP Western Digital MyCloud snmp_mgr.cgi command injection attempt (server-webapp.rules) * 1:46802 <-> DISABLED <-> SERVER-WEBAPP Anti-Web directory traversal attempt (server-webapp.rules) * 1:46803 <-> DISABLED <-> SERVER-WEBAPP Anti-Web directory traversal attempt (server-webapp.rules) * 1:46804 <-> DISABLED <-> SERVER-WEBAPP Anti-Web directory traversal attempt (server-webapp.rules) * 1:46805 <-> ENABLED <-> SERVER-WEBAPP BA Systems BAS Web information disclosure attempt (server-webapp.rules) * 1:46806 <-> ENABLED <-> SERVER-WEBAPP BA Systems BAS Web information disclosure attempt (server-webapp.rules) * 1:46807 <-> ENABLED <-> MALWARE-OTHER DNS request for known malware domain toknowall.com - Unix.Trojan.Vpnfilter (malware-other.rules) * 1:46808 <-> DISABLED <-> SERVER-WEBAPP PHP .phar cross site scripting attempt (server-webapp.rules) * 1:46809 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader font enumeration use after free attempt (file-pdf.rules) * 1:46810 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader font enumeration use after free attempt (file-pdf.rules) * 1:46811 <-> ENABLED <-> FILE-OTHER Microsoft Windows Host Compute Service Shim remote code execution attempt (file-other.rules) * 1:46785 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Zebrocy known malicious user-agent string (malware-cnc.rules)
* 1:41748 <-> DISABLED <-> SERVER-WEBAPP Netgear DGN2200 dnslookup.cgi command injection attempt (server-webapp.rules) * 1:37961 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer long URL buffer overflow attempt (browser-ie.rules) * 1:46414 <-> ENABLED <-> PUA-OTHER Mineralt JavaScript cryptocurrency mining attempt (pua-other.rules) * 1:26276 <-> DISABLED <-> SERVER-WEBAPP Linksys E1500/E2500 apply.cgi multiple vulnerabilities attempt (server-webapp.rules) * 1:41751 <-> DISABLED <-> SERVER-WEBAPP Netgear DGN2200 dnslookup.cgi command injection attempt (server-webapp.rules) * 1:41699 <-> DISABLED <-> SERVER-WEBAPP Netgear DGN2200 ping.cgi command injection attempt (server-webapp.rules) * 1:41749 <-> DISABLED <-> SERVER-WEBAPP Netgear DGN2200 dnslookup.cgi command injection attempt (server-webapp.rules) * 1:41750 <-> DISABLED <-> SERVER-WEBAPP Netgear DGN2200 dnslookup.cgi command injection attempt (server-webapp.rules) * 1:37960 <-> DISABLED <-> SERVER-OTHER Pidgin MSN MSNP2P message integer overflow attempt (server-other.rules) * 1:44373 <-> DISABLED <-> SERVER-WEBAPP XStream void primitive denial of service attempt (server-webapp.rules) * 1:46410 <-> ENABLED <-> PUA-OTHER Mineralt TLS client hello attempt (pua-other.rules) * 1:41698 <-> DISABLED <-> SERVER-WEBAPP Netgear DGN2200 ping.cgi command injection attempt (server-webapp.rules) * 1:44688 <-> ENABLED <-> SERVER-WEBAPP Netgear DGN1000 series routers arbitrary command execution attempt (server-webapp.rules) * 1:35734 <-> DISABLED <-> SERVER-WEBAPP Netgear WNDR4700 and R6200 admin interface authentication bypass attempt (server-webapp.rules) * 1:41700 <-> DISABLED <-> SERVER-WEBAPP Netgear DGN2200 ping.cgi command injection attempt (server-webapp.rules) * 1:26278 <-> DISABLED <-> SERVER-WEBAPP Linksys E1500/E2500 apply.cgi unauthenticated password reset attempt (server-webapp.rules) * 1:26277 <-> DISABLED <-> SERVER-WEBAPP Linksys E1500/E2500 apply.cgi multiple vulnerabilities attempt (server-webapp.rules) * 1:46313 <-> DISABLED <-> SERVER-WEBAPP Netgear WNR2000 information disclosure attempt (server-webapp.rules) * 1:25949 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Zebrocy outbound data connection (malware-cnc.rules) * 1:25589 <-> DISABLED <-> SERVER-OTHER libupnp command buffer overflow attempt (server-other.rules) * 1:46315 <-> DISABLED <-> SERVER-WEBAPP Joomla restore.php PHP object injection attempt (server-webapp.rules) * 1:46317 <-> DISABLED <-> SERVER-OTHER NETGEAR TelnetEnable attempt (server-other.rules) * 1:17494 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer long URL buffer overflow attempt (browser-ie.rules) * 1:46318 <-> DISABLED <-> SERVER-OTHER NETGEAR TelnetEnable attempt (server-other.rules) * 1:46322 <-> DISABLED <-> SERVER-WEBAPP Netgear DGN2200B stored cross-site scripting attempt (server-webapp.rules) * 1:46323 <-> DISABLED <-> SERVER-WEBAPP Netgear DGN2200B stored cross-site scripting attempt (server-webapp.rules) * 1:46335 <-> DISABLED <-> SERVER-OTHER QNAP QTS hard coded credential access attempt (server-other.rules) * 1:46340 <-> DISABLED <-> SERVER-WEBAPP Akeeba Kickstart restoration.php reconnaissance attempt (server-webapp.rules) * 1:46341 <-> DISABLED <-> SERVER-WEBAPP Akeeba Kickstart cross site request forgery attempt (server-webapp.rules) * 1:46342 <-> DISABLED <-> SERVER-OTHER QNAP QTS cross site request forgery attempt (server-other.rules) * 1:46376 <-> DISABLED <-> SERVER-OTHER libgd heap-overflow attempt (server-other.rules) * 1:46413 <-> ENABLED <-> PUA-OTHER Mineralt JavaScript cryptocurrency mining attempt (pua-other.rules) * 1:46377 <-> DISABLED <-> SERVER-OTHER libgd heap-overflow attempt (server-other.rules) * 1:46411 <-> ENABLED <-> PUA-OTHER Mineralt TLS server hello attempt (pua-other.rules) * 1:44790 <-> DISABLED <-> SERVER-WEBAPP MikroTik RouterOS cross site request forgery attempt (server-webapp.rules) * 1:44699 <-> DISABLED <-> SERVER-WEBAPP Internal field separator use in HTTP URI attempt (server-webapp.rules) * 1:44698 <-> DISABLED <-> SERVER-WEBAPP Internal field separator use in HTTP URI attempt (server-webapp.rules) * 1:40063 <-> DISABLED <-> OS-LINUX Linux Kernel Challenge ACK provocation attempt (os-linux.rules) * 1:37963 <-> DISABLED <-> INDICATOR-COMPROMISE malicious file download attempt (indicator-compromise.rules) * 1:44971 <-> DISABLED <-> SERVER-OTHER QNAP transcode server command injection attempt (server-other.rules) * 1:44743 <-> DISABLED <-> SERVER-OTHER libupnp command buffer overflow attempt (server-other.rules) * 1:46314 <-> DISABLED <-> SERVER-WEBAPP Netgear WNR2000 information disclosure attempt (server-webapp.rules) * 1:41096 <-> DISABLED <-> SERVER-WEBAPP Netgear WNR2000 hidden_lang_avi stack buffer overflow attempt (server-webapp.rules) * 1:41504 <-> DISABLED <-> SERVER-WEBAPP Netgear passwordrecovered.cgi insecure admin password disclosure attempt (server-webapp.rules) * 1:45001 <-> DISABLED <-> SERVER-WEBAPP Netgear WNR2000 information leak attempt (server-webapp.rules) * 1:45950 <-> ENABLED <-> PUA-OTHER Coinhive TLS client hello attempt (pua-other.rules) * 1:45555 <-> DISABLED <-> SERVER-WEBAPP MikroTik RouterOS jsproxy readPostData memory corruption attempt (server-webapp.rules) * 1:46300 <-> DISABLED <-> SERVER-WEBAPP QNAP VioStor NVR and QNAP NAS command injection attempt (server-webapp.rules) * 1:44643 <-> DISABLED <-> SERVER-OTHER Mikrotik RouterOS denial of service attempt (server-other.rules) * 1:46299 <-> DISABLED <-> SERVER-WEBAPP QNAP VioStor NVR and QNAP NAS command injection attempt (server-webapp.rules) * 1:46287 <-> DISABLED <-> SERVER-WEBAPP Linksys E series denial of service attempt (server-webapp.rules) * 1:46297 <-> DISABLED <-> SERVER-WEBAPP QNAP VioStor NVR and QNAP NAS command injection attempt (server-webapp.rules) * 1:46298 <-> DISABLED <-> SERVER-WEBAPP QNAP VioStor NVR and QNAP NAS command injection attempt (server-webapp.rules) * 1:46124 <-> DISABLED <-> PROTOCOL-OTHER use of undocumented ScMM test interface in Cisco small business devices detected (protocol-other.rules) * 1:46121 <-> DISABLED <-> PROTOCOL-OTHER use of undocumented ScMM test interface in Cisco small business devices detected (protocol-other.rules) * 1:46122 <-> DISABLED <-> PROTOCOL-OTHER use of undocumented ScMM test interface in Cisco small business devices detected (protocol-other.rules) * 1:46123 <-> DISABLED <-> PROTOCOL-OTHER use of undocumented ScMM test interface in Cisco small business devices detected (protocol-other.rules) * 1:46086 <-> DISABLED <-> SERVER-WEBAPP Linksys E-Series apply.cgi ping function command injection attempt (server-webapp.rules) * 1:46083 <-> DISABLED <-> SERVER-WEBAPP Linksys E-Series apply.cgi directory traversal attempt (server-webapp.rules) * 1:46084 <-> DISABLED <-> SERVER-WEBAPP Linksys E-Series apply.cgi directory traversal attempt (server-webapp.rules) * 1:46085 <-> DISABLED <-> SERVER-WEBAPP Linksys E-Series apply.cgi ping function command injection attempt (server-webapp.rules) * 1:46082 <-> DISABLED <-> SERVER-WEBAPP Linksys E-Series apply.cgi ping function command injection attempt (server-webapp.rules) * 1:46076 <-> DISABLED <-> NETBIOS MikroTik RouterOS buffer overflow attempt (netbios.rules) * 1:46080 <-> DISABLED <-> SERVER-WEBAPP Linksys E-Series apply.cgi wait_time cross site scripting attempt (server-webapp.rules) * 1:46081 <-> DISABLED <-> SERVER-WEBAPP Linksys E-Series apply.cgi wait_time cross site scripting attempt (server-webapp.rules) * 1:45952 <-> ENABLED <-> PUA-OTHER Authedmine TLS client hello attempt (pua-other.rules) * 1:45157 <-> DISABLED <-> SERVER-OTHER SSDP M-SEARCH ssdp-all potential amplified distributed denial-of-service attempt (server-other.rules) * 1:41095 <-> DISABLED <-> SERVER-WEBAPP Netgear WNR2000 authentication bypass attempt (server-webapp.rules) * 1:46301 <-> DISABLED <-> SERVER-OTHER QNAP QTS X-Forwarded-For buffer overflow (server-other.rules) * 1:46305 <-> DISABLED <-> SERVER-WEBAPP QNAP WTS 4.2.1 command injection attempt (server-webapp.rules) * 1:46306 <-> DISABLED <-> SERVER-WEBAPP QNAP WTS 4.2.1 command injection attempt (server-webapp.rules) * 1:26275 <-> DISABLED <-> SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt (server-webapp.rules) * 1:46307 <-> DISABLED <-> SERVER-WEBAPP QNAP WTS 4.2.1 command injection attempt (server-webapp.rules) * 1:46308 <-> DISABLED <-> SERVER-WEBAPP QNAP WTS 4.2.1 command injection attempt (server-webapp.rules) * 1:46309 <-> DISABLED <-> SERVER-OTHER QNAP NVR/NAS Heap/Stack Overflow attempt (server-other.rules) * 1:46310 <-> DISABLED <-> SERVER-OTHER QNAP NVR/NAS Heap/Stack Overflow attempt (server-other.rules) * 1:44687 <-> ENABLED <-> SERVER-WEBAPP Netgear DGN1000 series routers authentication bypass attempt (server-webapp.rules) * 1:46312 <-> DISABLED <-> SERVER-WEBAPP Netgear WNR2000 information disclosure attempt (server-webapp.rules) * 1:26279 <-> DISABLED <-> SERVER-WEBAPP Linksys E1500/E2500 apply.cgi unauthenticated password reset attempt (server-webapp.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3000.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:46786 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Zebrocy initial outbound request (snort3-malware-cnc.rules) * 1:46783 <-> DISABLED <-> MALWARE-CNC vpnfilter SSL connection attempt (snort3-malware-cnc.rules) * 1:46784 <-> DISABLED <-> SERVER-OTHER Pidgin MSN MSNP2P SLP message integer overflow attempt (snort3-server-other.rules) * 1:46782 <-> DISABLED <-> MALWARE-CNC vpnfilter SSL connection attempt (snort3-malware-cnc.rules) * 1:46787 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.ZooPark outbound connection attempt (snort3-malware-cnc.rules) * 1:46788 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.ZooPark outbound connection attempt (snort3-malware-cnc.rules) * 1:46789 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.ZooPark outbound connection attempt (snort3-malware-cnc.rules) * 1:46790 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.ZooPark outbound connection attempt (snort3-malware-cnc.rules) * 1:46791 <-> DISABLED <-> SERVER-WEBAPP Ruby Net FTP library command injection attempt (snort3-server-webapp.rules) * 1:46792 <-> ENABLED <-> MALWARE-CNC Outbound malicious vbscript attempt (snort3-malware-cnc.rules) * 1:46793 <-> ENABLED <-> OS-WINDOWS Malicious zip download attempt (snort3-os-windows.rules) * 1:46794 <-> ENABLED <-> OS-WINDOWS Malicious vbscript download attempt (snort3-os-windows.rules) * 1:46795 <-> ENABLED <-> MALWARE-CNC Dharma ransomware dropper initial outbound connection (snort3-malware-cnc.rules) * 1:46796 <-> ENABLED <-> MALWARE-CNC Dharma ransomware dropper outbound connection (snort3-malware-cnc.rules) * 1:46797 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out of bounds read attempt (snort3-file-other.rules) * 1:46798 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out of bounds read attempt (snort3-file-other.rules) * 1:46799 <-> DISABLED <-> SERVER-WEBAPP Western Digital MyCloud snmp_mgr.cgi command injection attempt (snort3-server-webapp.rules) * 1:46800 <-> DISABLED <-> SERVER-WEBAPP Western Digital MyCloud snmp_mgr.cgi command injection attempt (snort3-server-webapp.rules) * 1:46801 <-> DISABLED <-> SERVER-WEBAPP Western Digital MyCloud snmp_mgr.cgi command injection attempt (snort3-server-webapp.rules) * 1:46802 <-> DISABLED <-> SERVER-WEBAPP Anti-Web directory traversal attempt (snort3-server-webapp.rules) * 1:46803 <-> DISABLED <-> SERVER-WEBAPP Anti-Web directory traversal attempt (snort3-server-webapp.rules) * 1:46804 <-> DISABLED <-> SERVER-WEBAPP Anti-Web directory traversal attempt (snort3-server-webapp.rules) * 1:46805 <-> ENABLED <-> SERVER-WEBAPP BA Systems BAS Web information disclosure attempt (snort3-server-webapp.rules) * 1:46806 <-> ENABLED <-> SERVER-WEBAPP BA Systems BAS Web information disclosure attempt (snort3-server-webapp.rules) * 1:46807 <-> ENABLED <-> MALWARE-OTHER DNS request for known malware domain toknowall.com - Unix.Trojan.Vpnfilter (snort3-malware-other.rules) * 1:46808 <-> DISABLED <-> SERVER-WEBAPP PHP .phar cross site scripting attempt (snort3-server-webapp.rules) * 1:46809 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader font enumeration use after free attempt (snort3-file-pdf.rules) * 1:46810 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader font enumeration use after free attempt (snort3-file-pdf.rules) * 1:46811 <-> ENABLED <-> FILE-OTHER Microsoft Windows Host Compute Service Shim remote code execution attempt (snort3-file-other.rules) * 1:46785 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Zebrocy known malicious user-agent string (snort3-malware-cnc.rules)
* 1:41748 <-> DISABLED <-> SERVER-WEBAPP Netgear DGN2200 dnslookup.cgi command injection attempt (snort3-server-webapp.rules) * 1:41699 <-> DISABLED <-> SERVER-WEBAPP Netgear DGN2200 ping.cgi command injection attempt (snort3-server-webapp.rules) * 1:41751 <-> DISABLED <-> SERVER-WEBAPP Netgear DGN2200 dnslookup.cgi command injection attempt (snort3-server-webapp.rules) * 1:41749 <-> DISABLED <-> SERVER-WEBAPP Netgear DGN2200 dnslookup.cgi command injection attempt (snort3-server-webapp.rules) * 1:37961 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer long URL buffer overflow attempt (snort3-browser-ie.rules) * 1:41700 <-> DISABLED <-> SERVER-WEBAPP Netgear DGN2200 ping.cgi command injection attempt (snort3-server-webapp.rules) * 1:35734 <-> DISABLED <-> SERVER-WEBAPP Netgear WNDR4700 and R6200 admin interface authentication bypass attempt (snort3-server-webapp.rules) * 1:41750 <-> DISABLED <-> SERVER-WEBAPP Netgear DGN2200 dnslookup.cgi command injection attempt (snort3-server-webapp.rules) * 1:41698 <-> DISABLED <-> SERVER-WEBAPP Netgear DGN2200 ping.cgi command injection attempt (snort3-server-webapp.rules) * 1:37960 <-> DISABLED <-> SERVER-OTHER Pidgin MSN MSNP2P message integer overflow attempt (snort3-server-other.rules) * 1:25589 <-> DISABLED <-> SERVER-OTHER libupnp command buffer overflow attempt (snort3-server-other.rules) * 1:26278 <-> DISABLED <-> SERVER-WEBAPP Linksys E1500/E2500 apply.cgi unauthenticated password reset attempt (snort3-server-webapp.rules) * 1:46314 <-> DISABLED <-> SERVER-WEBAPP Netgear WNR2000 information disclosure attempt (snort3-server-webapp.rules) * 1:46313 <-> DISABLED <-> SERVER-WEBAPP Netgear WNR2000 information disclosure attempt (snort3-server-webapp.rules) * 1:46315 <-> DISABLED <-> SERVER-WEBAPP Joomla restore.php PHP object injection attempt (snort3-server-webapp.rules) * 1:46317 <-> DISABLED <-> SERVER-OTHER NETGEAR TelnetEnable attempt (snort3-server-other.rules) * 1:46318 <-> DISABLED <-> SERVER-OTHER NETGEAR TelnetEnable attempt (snort3-server-other.rules) * 1:46322 <-> DISABLED <-> SERVER-WEBAPP Netgear DGN2200B stored cross-site scripting attempt (snort3-server-webapp.rules) * 1:46323 <-> DISABLED <-> SERVER-WEBAPP Netgear DGN2200B stored cross-site scripting attempt (snort3-server-webapp.rules) * 1:46335 <-> DISABLED <-> SERVER-OTHER QNAP QTS hard coded credential access attempt (snort3-server-other.rules) * 1:46340 <-> DISABLED <-> SERVER-WEBAPP Akeeba Kickstart restoration.php reconnaissance attempt (snort3-server-webapp.rules) * 1:46341 <-> DISABLED <-> SERVER-WEBAPP Akeeba Kickstart cross site request forgery attempt (snort3-server-webapp.rules) * 1:46342 <-> DISABLED <-> SERVER-OTHER QNAP QTS cross site request forgery attempt (snort3-server-other.rules) * 1:46376 <-> DISABLED <-> SERVER-OTHER libgd heap-overflow attempt (snort3-server-other.rules) * 1:46377 <-> DISABLED <-> SERVER-OTHER libgd heap-overflow attempt (snort3-server-other.rules) * 1:46410 <-> ENABLED <-> PUA-OTHER Mineralt TLS client hello attempt (snort3-pua-other.rules) * 1:46411 <-> ENABLED <-> PUA-OTHER Mineralt TLS server hello attempt (snort3-pua-other.rules) * 1:46413 <-> ENABLED <-> PUA-OTHER Mineralt JavaScript cryptocurrency mining attempt (snort3-pua-other.rules) * 1:46414 <-> ENABLED <-> PUA-OTHER Mineralt JavaScript cryptocurrency mining attempt (snort3-pua-other.rules) * 1:41095 <-> DISABLED <-> SERVER-WEBAPP Netgear WNR2000 authentication bypass attempt (snort3-server-webapp.rules) * 1:26276 <-> DISABLED <-> SERVER-WEBAPP Linksys E1500/E2500 apply.cgi multiple vulnerabilities attempt (snort3-server-webapp.rules) * 1:26275 <-> DISABLED <-> SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt (snort3-server-webapp.rules) * 1:44971 <-> DISABLED <-> SERVER-OTHER QNAP transcode server command injection attempt (snort3-server-other.rules) * 1:44743 <-> DISABLED <-> SERVER-OTHER libupnp command buffer overflow attempt (snort3-server-other.rules) * 1:44687 <-> ENABLED <-> SERVER-WEBAPP Netgear DGN1000 series routers authentication bypass attempt (snort3-server-webapp.rules) * 1:25949 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Zebrocy outbound data connection (snort3-malware-cnc.rules) * 1:17494 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer long URL buffer overflow attempt (snort3-browser-ie.rules) * 1:26277 <-> DISABLED <-> SERVER-WEBAPP Linksys E1500/E2500 apply.cgi multiple vulnerabilities attempt (snort3-server-webapp.rules) * 1:37963 <-> DISABLED <-> INDICATOR-COMPROMISE malicious file download attempt (snort3-indicator-compromise.rules) * 1:40063 <-> DISABLED <-> OS-LINUX Linux Kernel Challenge ACK provocation attempt (snort3-os-linux.rules) * 1:26279 <-> DISABLED <-> SERVER-WEBAPP Linksys E1500/E2500 apply.cgi unauthenticated password reset attempt (snort3-server-webapp.rules) * 1:46301 <-> DISABLED <-> SERVER-OTHER QNAP QTS X-Forwarded-For buffer overflow (snort3-server-other.rules) * 1:46305 <-> DISABLED <-> SERVER-WEBAPP QNAP WTS 4.2.1 command injection attempt (snort3-server-webapp.rules) * 1:46306 <-> DISABLED <-> SERVER-WEBAPP QNAP WTS 4.2.1 command injection attempt (snort3-server-webapp.rules) * 1:46307 <-> DISABLED <-> SERVER-WEBAPP QNAP WTS 4.2.1 command injection attempt (snort3-server-webapp.rules) * 1:46308 <-> DISABLED <-> SERVER-WEBAPP QNAP WTS 4.2.1 command injection attempt (snort3-server-webapp.rules) * 1:46300 <-> DISABLED <-> SERVER-WEBAPP QNAP VioStor NVR and QNAP NAS command injection attempt (snort3-server-webapp.rules) * 1:44643 <-> DISABLED <-> SERVER-OTHER Mikrotik RouterOS denial of service attempt (snort3-server-other.rules) * 1:46298 <-> DISABLED <-> SERVER-WEBAPP QNAP VioStor NVR and QNAP NAS command injection attempt (snort3-server-webapp.rules) * 1:46299 <-> DISABLED <-> SERVER-WEBAPP QNAP VioStor NVR and QNAP NAS command injection attempt (snort3-server-webapp.rules) * 1:46287 <-> DISABLED <-> SERVER-WEBAPP Linksys E series denial of service attempt (snort3-server-webapp.rules) * 1:46297 <-> DISABLED <-> SERVER-WEBAPP QNAP VioStor NVR and QNAP NAS command injection attempt (snort3-server-webapp.rules) * 1:46123 <-> DISABLED <-> PROTOCOL-OTHER use of undocumented ScMM test interface in Cisco small business devices detected (snort3-protocol-other.rules) * 1:46124 <-> DISABLED <-> PROTOCOL-OTHER use of undocumented ScMM test interface in Cisco small business devices detected (snort3-protocol-other.rules) * 1:46121 <-> DISABLED <-> PROTOCOL-OTHER use of undocumented ScMM test interface in Cisco small business devices detected (snort3-protocol-other.rules) * 1:46122 <-> DISABLED <-> PROTOCOL-OTHER use of undocumented ScMM test interface in Cisco small business devices detected (snort3-protocol-other.rules) * 1:46085 <-> DISABLED <-> SERVER-WEBAPP Linksys E-Series apply.cgi ping function command injection attempt (snort3-server-webapp.rules) * 1:46086 <-> DISABLED <-> SERVER-WEBAPP Linksys E-Series apply.cgi ping function command injection attempt (snort3-server-webapp.rules) * 1:46083 <-> DISABLED <-> SERVER-WEBAPP Linksys E-Series apply.cgi directory traversal attempt (snort3-server-webapp.rules) * 1:46084 <-> DISABLED <-> SERVER-WEBAPP Linksys E-Series apply.cgi directory traversal attempt (snort3-server-webapp.rules) * 1:46081 <-> DISABLED <-> SERVER-WEBAPP Linksys E-Series apply.cgi wait_time cross site scripting attempt (snort3-server-webapp.rules) * 1:46082 <-> DISABLED <-> SERVER-WEBAPP Linksys E-Series apply.cgi ping function command injection attempt (snort3-server-webapp.rules) * 1:46076 <-> DISABLED <-> NETBIOS MikroTik RouterOS buffer overflow attempt (snort3-netbios.rules) * 1:46080 <-> DISABLED <-> SERVER-WEBAPP Linksys E-Series apply.cgi wait_time cross site scripting attempt (snort3-server-webapp.rules) * 1:45950 <-> ENABLED <-> PUA-OTHER Coinhive TLS client hello attempt (snort3-pua-other.rules) * 1:45952 <-> ENABLED <-> PUA-OTHER Authedmine TLS client hello attempt (snort3-pua-other.rules) * 1:45157 <-> DISABLED <-> SERVER-OTHER SSDP M-SEARCH ssdp-all potential amplified distributed denial-of-service attempt (snort3-server-other.rules) * 1:45555 <-> DISABLED <-> SERVER-WEBAPP MikroTik RouterOS jsproxy readPostData memory corruption attempt (snort3-server-webapp.rules) * 1:45001 <-> DISABLED <-> SERVER-WEBAPP Netgear WNR2000 information leak attempt (snort3-server-webapp.rules) * 1:41096 <-> DISABLED <-> SERVER-WEBAPP Netgear WNR2000 hidden_lang_avi stack buffer overflow attempt (snort3-server-webapp.rules) * 1:41504 <-> DISABLED <-> SERVER-WEBAPP Netgear passwordrecovered.cgi insecure admin password disclosure attempt (snort3-server-webapp.rules) * 1:44790 <-> DISABLED <-> SERVER-WEBAPP MikroTik RouterOS cross site request forgery attempt (snort3-server-webapp.rules) * 1:44688 <-> ENABLED <-> SERVER-WEBAPP Netgear DGN1000 series routers arbitrary command execution attempt (snort3-server-webapp.rules) * 1:44373 <-> DISABLED <-> SERVER-WEBAPP XStream void primitive denial of service attempt (snort3-server-webapp.rules) * 1:44699 <-> DISABLED <-> SERVER-WEBAPP Internal field separator use in HTTP URI attempt (snort3-server-webapp.rules) * 1:44698 <-> DISABLED <-> SERVER-WEBAPP Internal field separator use in HTTP URI attempt (snort3-server-webapp.rules) * 1:46309 <-> DISABLED <-> SERVER-OTHER QNAP NVR/NAS Heap/Stack Overflow attempt (snort3-server-other.rules) * 1:46310 <-> DISABLED <-> SERVER-OTHER QNAP NVR/NAS Heap/Stack Overflow attempt (snort3-server-other.rules) * 1:46312 <-> DISABLED <-> SERVER-WEBAPP Netgear WNR2000 information disclosure attempt (snort3-server-webapp.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091100.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:46783 <-> DISABLED <-> MALWARE-CNC vpnfilter SSL connection attempt (malware-cnc.rules) * 1:46788 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.ZooPark outbound connection attempt (malware-cnc.rules) * 1:46785 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Zebrocy known malicious user-agent string (malware-cnc.rules) * 1:46786 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Zebrocy initial outbound request (malware-cnc.rules) * 1:46787 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.ZooPark outbound connection attempt (malware-cnc.rules) * 1:46789 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.ZooPark outbound connection attempt (malware-cnc.rules) * 1:46790 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.ZooPark outbound connection attempt (malware-cnc.rules) * 1:46791 <-> DISABLED <-> SERVER-WEBAPP Ruby Net FTP library command injection attempt (server-webapp.rules) * 1:46793 <-> ENABLED <-> OS-WINDOWS Malicious zip download attempt (os-windows.rules) * 1:46794 <-> ENABLED <-> OS-WINDOWS Malicious vbscript download attempt (os-windows.rules) * 1:46795 <-> ENABLED <-> MALWARE-CNC Dharma ransomware dropper initial outbound connection (malware-cnc.rules) * 1:46796 <-> ENABLED <-> MALWARE-CNC Dharma ransomware dropper outbound connection (malware-cnc.rules) * 1:46797 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out of bounds read attempt (file-other.rules) * 1:46798 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out of bounds read attempt (file-other.rules) * 1:46799 <-> DISABLED <-> SERVER-WEBAPP Western Digital MyCloud snmp_mgr.cgi command injection attempt (server-webapp.rules) * 1:46800 <-> DISABLED <-> SERVER-WEBAPP Western Digital MyCloud snmp_mgr.cgi command injection attempt (server-webapp.rules) * 1:46782 <-> DISABLED <-> MALWARE-CNC vpnfilter SSL connection attempt (malware-cnc.rules) * 1:46802 <-> DISABLED <-> SERVER-WEBAPP Anti-Web directory traversal attempt (server-webapp.rules) * 1:46801 <-> DISABLED <-> SERVER-WEBAPP Western Digital MyCloud snmp_mgr.cgi command injection attempt (server-webapp.rules) * 1:46784 <-> DISABLED <-> SERVER-OTHER Pidgin MSN MSNP2P SLP message integer overflow attempt (server-other.rules) * 1:46803 <-> DISABLED <-> SERVER-WEBAPP Anti-Web directory traversal attempt (server-webapp.rules) * 1:46792 <-> ENABLED <-> MALWARE-CNC Outbound malicious vbscript attempt (malware-cnc.rules) * 1:46804 <-> DISABLED <-> SERVER-WEBAPP Anti-Web directory traversal attempt (server-webapp.rules) * 1:46805 <-> ENABLED <-> SERVER-WEBAPP BA Systems BAS Web information disclosure attempt (server-webapp.rules) * 1:46806 <-> ENABLED <-> SERVER-WEBAPP BA Systems BAS Web information disclosure attempt (server-webapp.rules) * 1:46807 <-> ENABLED <-> MALWARE-OTHER DNS request for known malware domain toknowall.com - Unix.Trojan.Vpnfilter (malware-other.rules) * 1:46808 <-> DISABLED <-> SERVER-WEBAPP PHP .phar cross site scripting attempt (server-webapp.rules) * 1:46809 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader font enumeration use after free attempt (file-pdf.rules) * 1:46810 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader font enumeration use after free attempt (file-pdf.rules) * 1:46811 <-> ENABLED <-> FILE-OTHER Microsoft Windows Host Compute Service Shim remote code execution attempt (file-other.rules)
* 1:41748 <-> DISABLED <-> SERVER-WEBAPP Netgear DGN2200 dnslookup.cgi command injection attempt (server-webapp.rules) * 1:46080 <-> DISABLED <-> SERVER-WEBAPP Linksys E-Series apply.cgi wait_time cross site scripting attempt (server-webapp.rules) * 1:37961 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer long URL buffer overflow attempt (browser-ie.rules) * 1:41700 <-> DISABLED <-> SERVER-WEBAPP Netgear DGN2200 ping.cgi command injection attempt (server-webapp.rules) * 1:41749 <-> DISABLED <-> SERVER-WEBAPP Netgear DGN2200 dnslookup.cgi command injection attempt (server-webapp.rules) * 1:41750 <-> DISABLED <-> SERVER-WEBAPP Netgear DGN2200 dnslookup.cgi command injection attempt (server-webapp.rules) * 1:44971 <-> DISABLED <-> SERVER-OTHER QNAP transcode server command injection attempt (server-other.rules) * 1:41751 <-> DISABLED <-> SERVER-WEBAPP Netgear DGN2200 dnslookup.cgi command injection attempt (server-webapp.rules) * 1:41699 <-> DISABLED <-> SERVER-WEBAPP Netgear DGN2200 ping.cgi command injection attempt (server-webapp.rules) * 1:41698 <-> DISABLED <-> SERVER-WEBAPP Netgear DGN2200 ping.cgi command injection attempt (server-webapp.rules) * 1:35734 <-> DISABLED <-> SERVER-WEBAPP Netgear WNDR4700 and R6200 admin interface authentication bypass attempt (server-webapp.rules) * 1:37960 <-> DISABLED <-> SERVER-OTHER Pidgin MSN MSNP2P message integer overflow attempt (server-other.rules) * 1:46085 <-> DISABLED <-> SERVER-WEBAPP Linksys E-Series apply.cgi ping function command injection attempt (server-webapp.rules) * 1:46083 <-> DISABLED <-> SERVER-WEBAPP Linksys E-Series apply.cgi directory traversal attempt (server-webapp.rules) * 1:46084 <-> DISABLED <-> SERVER-WEBAPP Linksys E-Series apply.cgi directory traversal attempt (server-webapp.rules) * 1:46081 <-> DISABLED <-> SERVER-WEBAPP Linksys E-Series apply.cgi wait_time cross site scripting attempt (server-webapp.rules) * 1:46082 <-> DISABLED <-> SERVER-WEBAPP Linksys E-Series apply.cgi ping function command injection attempt (server-webapp.rules) * 1:46076 <-> DISABLED <-> NETBIOS MikroTik RouterOS buffer overflow attempt (netbios.rules) * 1:25589 <-> DISABLED <-> SERVER-OTHER libupnp command buffer overflow attempt (server-other.rules) * 1:25949 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Zebrocy outbound data connection (malware-cnc.rules) * 1:46086 <-> DISABLED <-> SERVER-WEBAPP Linksys E-Series apply.cgi ping function command injection attempt (server-webapp.rules) * 1:37963 <-> DISABLED <-> INDICATOR-COMPROMISE malicious file download attempt (indicator-compromise.rules) * 1:40063 <-> DISABLED <-> OS-LINUX Linux Kernel Challenge ACK provocation attempt (os-linux.rules) * 1:41095 <-> DISABLED <-> SERVER-WEBAPP Netgear WNR2000 authentication bypass attempt (server-webapp.rules) * 1:41096 <-> DISABLED <-> SERVER-WEBAPP Netgear WNR2000 hidden_lang_avi stack buffer overflow attempt (server-webapp.rules) * 1:41504 <-> DISABLED <-> SERVER-WEBAPP Netgear passwordrecovered.cgi insecure admin password disclosure attempt (server-webapp.rules) * 1:45001 <-> DISABLED <-> SERVER-WEBAPP Netgear WNR2000 information leak attempt (server-webapp.rules) * 1:45157 <-> DISABLED <-> SERVER-OTHER SSDP M-SEARCH ssdp-all potential amplified distributed denial-of-service attempt (server-other.rules) * 1:45555 <-> DISABLED <-> SERVER-WEBAPP MikroTik RouterOS jsproxy readPostData memory corruption attempt (server-webapp.rules) * 1:45950 <-> ENABLED <-> PUA-OTHER Coinhive TLS client hello attempt (pua-other.rules) * 1:45952 <-> ENABLED <-> PUA-OTHER Authedmine TLS client hello attempt (pua-other.rules) * 1:46121 <-> DISABLED <-> PROTOCOL-OTHER use of undocumented ScMM test interface in Cisco small business devices detected (protocol-other.rules) * 1:26277 <-> DISABLED <-> SERVER-WEBAPP Linksys E1500/E2500 apply.cgi multiple vulnerabilities attempt (server-webapp.rules) * 1:46122 <-> DISABLED <-> PROTOCOL-OTHER use of undocumented ScMM test interface in Cisco small business devices detected (protocol-other.rules) * 1:46123 <-> DISABLED <-> PROTOCOL-OTHER use of undocumented ScMM test interface in Cisco small business devices detected (protocol-other.rules) * 1:46124 <-> DISABLED <-> PROTOCOL-OTHER use of undocumented ScMM test interface in Cisco small business devices detected (protocol-other.rules) * 1:46287 <-> DISABLED <-> SERVER-WEBAPP Linksys E series denial of service attempt (server-webapp.rules) * 1:46297 <-> DISABLED <-> SERVER-WEBAPP QNAP VioStor NVR and QNAP NAS command injection attempt (server-webapp.rules) * 1:46298 <-> DISABLED <-> SERVER-WEBAPP QNAP VioStor NVR and QNAP NAS command injection attempt (server-webapp.rules) * 1:46299 <-> DISABLED <-> SERVER-WEBAPP QNAP VioStor NVR and QNAP NAS command injection attempt (server-webapp.rules) * 1:46313 <-> DISABLED <-> SERVER-WEBAPP Netgear WNR2000 information disclosure attempt (server-webapp.rules) * 1:44373 <-> DISABLED <-> SERVER-WEBAPP XStream void primitive denial of service attempt (server-webapp.rules) * 1:26276 <-> DISABLED <-> SERVER-WEBAPP Linksys E1500/E2500 apply.cgi multiple vulnerabilities attempt (server-webapp.rules) * 1:17494 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer long URL buffer overflow attempt (browser-ie.rules) * 1:26279 <-> DISABLED <-> SERVER-WEBAPP Linksys E1500/E2500 apply.cgi unauthenticated password reset attempt (server-webapp.rules) * 1:26278 <-> DISABLED <-> SERVER-WEBAPP Linksys E1500/E2500 apply.cgi unauthenticated password reset attempt (server-webapp.rules) * 1:26275 <-> DISABLED <-> SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt (server-webapp.rules) * 1:46300 <-> DISABLED <-> SERVER-WEBAPP QNAP VioStor NVR and QNAP NAS command injection attempt (server-webapp.rules) * 1:44643 <-> DISABLED <-> SERVER-OTHER Mikrotik RouterOS denial of service attempt (server-other.rules) * 1:46301 <-> DISABLED <-> SERVER-OTHER QNAP QTS X-Forwarded-For buffer overflow (server-other.rules) * 1:46305 <-> DISABLED <-> SERVER-WEBAPP QNAP WTS 4.2.1 command injection attempt (server-webapp.rules) * 1:46306 <-> DISABLED <-> SERVER-WEBAPP QNAP WTS 4.2.1 command injection attempt (server-webapp.rules) * 1:46307 <-> DISABLED <-> SERVER-WEBAPP QNAP WTS 4.2.1 command injection attempt (server-webapp.rules) * 1:46308 <-> DISABLED <-> SERVER-WEBAPP QNAP WTS 4.2.1 command injection attempt (server-webapp.rules) * 1:46309 <-> DISABLED <-> SERVER-OTHER QNAP NVR/NAS Heap/Stack Overflow attempt (server-other.rules) * 1:46310 <-> DISABLED <-> SERVER-OTHER QNAP NVR/NAS Heap/Stack Overflow attempt (server-other.rules) * 1:46312 <-> DISABLED <-> SERVER-WEBAPP Netgear WNR2000 information disclosure attempt (server-webapp.rules) * 1:46314 <-> DISABLED <-> SERVER-WEBAPP Netgear WNR2000 information disclosure attempt (server-webapp.rules) * 1:46317 <-> DISABLED <-> SERVER-OTHER NETGEAR TelnetEnable attempt (server-other.rules) * 1:46315 <-> DISABLED <-> SERVER-WEBAPP Joomla restore.php PHP object injection attempt (server-webapp.rules) * 1:46340 <-> DISABLED <-> SERVER-WEBAPP Akeeba Kickstart restoration.php reconnaissance attempt (server-webapp.rules) * 1:46335 <-> DISABLED <-> SERVER-OTHER QNAP QTS hard coded credential access attempt (server-other.rules) * 1:46323 <-> DISABLED <-> SERVER-WEBAPP Netgear DGN2200B stored cross-site scripting attempt (server-webapp.rules) * 1:46322 <-> DISABLED <-> SERVER-WEBAPP Netgear DGN2200B stored cross-site scripting attempt (server-webapp.rules) * 1:46318 <-> DISABLED <-> SERVER-OTHER NETGEAR TelnetEnable attempt (server-other.rules) * 1:46377 <-> DISABLED <-> SERVER-OTHER libgd heap-overflow attempt (server-other.rules) * 1:46376 <-> DISABLED <-> SERVER-OTHER libgd heap-overflow attempt (server-other.rules) * 1:46342 <-> DISABLED <-> SERVER-OTHER QNAP QTS cross site request forgery attempt (server-other.rules) * 1:46341 <-> DISABLED <-> SERVER-WEBAPP Akeeba Kickstart cross site request forgery attempt (server-webapp.rules) * 1:46410 <-> ENABLED <-> PUA-OTHER Mineralt TLS client hello attempt (pua-other.rules) * 1:46414 <-> ENABLED <-> PUA-OTHER Mineralt JavaScript cryptocurrency mining attempt (pua-other.rules) * 1:46413 <-> ENABLED <-> PUA-OTHER Mineralt JavaScript cryptocurrency mining attempt (pua-other.rules) * 1:46411 <-> ENABLED <-> PUA-OTHER Mineralt TLS server hello attempt (pua-other.rules) * 1:44790 <-> DISABLED <-> SERVER-WEBAPP MikroTik RouterOS cross site request forgery attempt (server-webapp.rules) * 1:44743 <-> DISABLED <-> SERVER-OTHER libupnp command buffer overflow attempt (server-other.rules) * 1:44699 <-> DISABLED <-> SERVER-WEBAPP Internal field separator use in HTTP URI attempt (server-webapp.rules) * 1:44698 <-> DISABLED <-> SERVER-WEBAPP Internal field separator use in HTTP URI attempt (server-webapp.rules) * 1:44688 <-> ENABLED <-> SERVER-WEBAPP Netgear DGN1000 series routers arbitrary command execution attempt (server-webapp.rules) * 1:44687 <-> ENABLED <-> SERVER-WEBAPP Netgear DGN1000 series routers authentication bypass attempt (server-webapp.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091101.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:46791 <-> DISABLED <-> SERVER-WEBAPP Ruby Net FTP library command injection attempt (server-webapp.rules) * 1:46790 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.ZooPark outbound connection attempt (malware-cnc.rules) * 1:46789 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.ZooPark outbound connection attempt (malware-cnc.rules) * 1:46788 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.ZooPark outbound connection attempt (malware-cnc.rules) * 1:46787 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.ZooPark outbound connection attempt (malware-cnc.rules) * 1:46786 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Zebrocy initial outbound request (malware-cnc.rules) * 1:46785 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Zebrocy known malicious user-agent string (malware-cnc.rules) * 1:46784 <-> DISABLED <-> SERVER-OTHER Pidgin MSN MSNP2P SLP message integer overflow attempt (server-other.rules) * 1:46783 <-> DISABLED <-> MALWARE-CNC vpnfilter SSL connection attempt (malware-cnc.rules) * 1:46782 <-> DISABLED <-> MALWARE-CNC vpnfilter SSL connection attempt (malware-cnc.rules) * 1:46794 <-> ENABLED <-> OS-WINDOWS Malicious vbscript download attempt (os-windows.rules) * 1:46793 <-> ENABLED <-> OS-WINDOWS Malicious zip download attempt (os-windows.rules) * 1:46792 <-> ENABLED <-> MALWARE-CNC Outbound malicious vbscript attempt (malware-cnc.rules) * 1:46797 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out of bounds read attempt (file-other.rules) * 1:46796 <-> ENABLED <-> MALWARE-CNC Dharma ransomware dropper outbound connection (malware-cnc.rules) * 1:46795 <-> ENABLED <-> MALWARE-CNC Dharma ransomware dropper initial outbound connection (malware-cnc.rules) * 1:46799 <-> DISABLED <-> SERVER-WEBAPP Western Digital MyCloud snmp_mgr.cgi command injection attempt (server-webapp.rules) * 1:46798 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out of bounds read attempt (file-other.rules) * 1:46802 <-> DISABLED <-> SERVER-WEBAPP Anti-Web directory traversal attempt (server-webapp.rules) * 1:46801 <-> DISABLED <-> SERVER-WEBAPP Western Digital MyCloud snmp_mgr.cgi command injection attempt (server-webapp.rules) * 1:46800 <-> DISABLED <-> SERVER-WEBAPP Western Digital MyCloud snmp_mgr.cgi command injection attempt (server-webapp.rules) * 1:46804 <-> DISABLED <-> SERVER-WEBAPP Anti-Web directory traversal attempt (server-webapp.rules) * 1:46803 <-> DISABLED <-> SERVER-WEBAPP Anti-Web directory traversal attempt (server-webapp.rules) * 1:46805 <-> ENABLED <-> SERVER-WEBAPP BA Systems BAS Web information disclosure attempt (server-webapp.rules) * 1:46811 <-> ENABLED <-> FILE-OTHER Microsoft Windows Host Compute Service Shim remote code execution attempt (file-other.rules) * 1:46810 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader font enumeration use after free attempt (file-pdf.rules) * 1:46809 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader font enumeration use after free attempt (file-pdf.rules) * 1:46808 <-> DISABLED <-> SERVER-WEBAPP PHP .phar cross site scripting attempt (server-webapp.rules) * 1:46807 <-> ENABLED <-> MALWARE-OTHER DNS request for known malware domain toknowall.com - Unix.Trojan.Vpnfilter (malware-other.rules) * 1:46806 <-> ENABLED <-> SERVER-WEBAPP BA Systems BAS Web information disclosure attempt (server-webapp.rules)
* 1:37961 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer long URL buffer overflow attempt (browser-ie.rules) * 1:35734 <-> DISABLED <-> SERVER-WEBAPP Netgear WNDR4700 and R6200 admin interface authentication bypass attempt (server-webapp.rules) * 1:41504 <-> DISABLED <-> SERVER-WEBAPP Netgear passwordrecovered.cgi insecure admin password disclosure attempt (server-webapp.rules) * 1:37960 <-> DISABLED <-> SERVER-OTHER Pidgin MSN MSNP2P message integer overflow attempt (server-other.rules) * 1:44643 <-> DISABLED <-> SERVER-OTHER Mikrotik RouterOS denial of service attempt (server-other.rules) * 1:44790 <-> DISABLED <-> SERVER-WEBAPP MikroTik RouterOS cross site request forgery attempt (server-webapp.rules) * 1:41751 <-> DISABLED <-> SERVER-WEBAPP Netgear DGN2200 dnslookup.cgi command injection attempt (server-webapp.rules) * 1:41750 <-> DISABLED <-> SERVER-WEBAPP Netgear DGN2200 dnslookup.cgi command injection attempt (server-webapp.rules) * 1:41749 <-> DISABLED <-> SERVER-WEBAPP Netgear DGN2200 dnslookup.cgi command injection attempt (server-webapp.rules) * 1:41748 <-> DISABLED <-> SERVER-WEBAPP Netgear DGN2200 dnslookup.cgi command injection attempt (server-webapp.rules) * 1:41700 <-> DISABLED <-> SERVER-WEBAPP Netgear DGN2200 ping.cgi command injection attempt (server-webapp.rules) * 1:41699 <-> DISABLED <-> SERVER-WEBAPP Netgear DGN2200 ping.cgi command injection attempt (server-webapp.rules) * 1:41698 <-> DISABLED <-> SERVER-WEBAPP Netgear DGN2200 ping.cgi command injection attempt (server-webapp.rules) * 1:44687 <-> ENABLED <-> SERVER-WEBAPP Netgear DGN1000 series routers authentication bypass attempt (server-webapp.rules) * 1:44688 <-> ENABLED <-> SERVER-WEBAPP Netgear DGN1000 series routers arbitrary command execution attempt (server-webapp.rules) * 1:44698 <-> DISABLED <-> SERVER-WEBAPP Internal field separator use in HTTP URI attempt (server-webapp.rules) * 1:44699 <-> DISABLED <-> SERVER-WEBAPP Internal field separator use in HTTP URI attempt (server-webapp.rules) * 1:44373 <-> DISABLED <-> SERVER-WEBAPP XStream void primitive denial of service attempt (server-webapp.rules) * 1:45952 <-> ENABLED <-> PUA-OTHER Authedmine TLS client hello attempt (pua-other.rules) * 1:45950 <-> ENABLED <-> PUA-OTHER Coinhive TLS client hello attempt (pua-other.rules) * 1:45555 <-> DISABLED <-> SERVER-WEBAPP MikroTik RouterOS jsproxy readPostData memory corruption attempt (server-webapp.rules) * 1:45157 <-> DISABLED <-> SERVER-OTHER SSDP M-SEARCH ssdp-all potential amplified distributed denial-of-service attempt (server-other.rules) * 1:45001 <-> DISABLED <-> SERVER-WEBAPP Netgear WNR2000 information leak attempt (server-webapp.rules) * 1:44971 <-> DISABLED <-> SERVER-OTHER QNAP transcode server command injection attempt (server-other.rules) * 1:41096 <-> DISABLED <-> SERVER-WEBAPP Netgear WNR2000 hidden_lang_avi stack buffer overflow attempt (server-webapp.rules) * 1:41095 <-> DISABLED <-> SERVER-WEBAPP Netgear WNR2000 authentication bypass attempt (server-webapp.rules) * 1:37963 <-> DISABLED <-> INDICATOR-COMPROMISE malicious file download attempt (indicator-compromise.rules) * 1:40063 <-> DISABLED <-> OS-LINUX Linux Kernel Challenge ACK provocation attempt (os-linux.rules) * 1:44743 <-> DISABLED <-> SERVER-OTHER libupnp command buffer overflow attempt (server-other.rules) * 1:46299 <-> DISABLED <-> SERVER-WEBAPP QNAP VioStor NVR and QNAP NAS command injection attempt (server-webapp.rules) * 1:46298 <-> DISABLED <-> SERVER-WEBAPP QNAP VioStor NVR and QNAP NAS command injection attempt (server-webapp.rules) * 1:46297 <-> DISABLED <-> SERVER-WEBAPP QNAP VioStor NVR and QNAP NAS command injection attempt (server-webapp.rules) * 1:46287 <-> DISABLED <-> SERVER-WEBAPP Linksys E series denial of service attempt (server-webapp.rules) * 1:46124 <-> DISABLED <-> PROTOCOL-OTHER use of undocumented ScMM test interface in Cisco small business devices detected (protocol-other.rules) * 1:46123 <-> DISABLED <-> PROTOCOL-OTHER use of undocumented ScMM test interface in Cisco small business devices detected (protocol-other.rules) * 1:46122 <-> DISABLED <-> PROTOCOL-OTHER use of undocumented ScMM test interface in Cisco small business devices detected (protocol-other.rules) * 1:46121 <-> DISABLED <-> PROTOCOL-OTHER use of undocumented ScMM test interface in Cisco small business devices detected (protocol-other.rules) * 1:46086 <-> DISABLED <-> SERVER-WEBAPP Linksys E-Series apply.cgi ping function command injection attempt (server-webapp.rules) * 1:46085 <-> DISABLED <-> SERVER-WEBAPP Linksys E-Series apply.cgi ping function command injection attempt (server-webapp.rules) * 1:46084 <-> DISABLED <-> SERVER-WEBAPP Linksys E-Series apply.cgi directory traversal attempt (server-webapp.rules) * 1:46083 <-> DISABLED <-> SERVER-WEBAPP Linksys E-Series apply.cgi directory traversal attempt (server-webapp.rules) * 1:46082 <-> DISABLED <-> SERVER-WEBAPP Linksys E-Series apply.cgi ping function command injection attempt (server-webapp.rules) * 1:46081 <-> DISABLED <-> SERVER-WEBAPP Linksys E-Series apply.cgi wait_time cross site scripting attempt (server-webapp.rules) * 1:46080 <-> DISABLED <-> SERVER-WEBAPP Linksys E-Series apply.cgi wait_time cross site scripting attempt (server-webapp.rules) * 1:46076 <-> DISABLED <-> NETBIOS MikroTik RouterOS buffer overflow attempt (netbios.rules) * 1:46318 <-> DISABLED <-> SERVER-OTHER NETGEAR TelnetEnable attempt (server-other.rules) * 1:46317 <-> DISABLED <-> SERVER-OTHER NETGEAR TelnetEnable attempt (server-other.rules) * 1:46315 <-> DISABLED <-> SERVER-WEBAPP Joomla restore.php PHP object injection attempt (server-webapp.rules) * 1:46314 <-> DISABLED <-> SERVER-WEBAPP Netgear WNR2000 information disclosure attempt (server-webapp.rules) * 1:46313 <-> DISABLED <-> SERVER-WEBAPP Netgear WNR2000 information disclosure attempt (server-webapp.rules) * 1:46312 <-> DISABLED <-> SERVER-WEBAPP Netgear WNR2000 information disclosure attempt (server-webapp.rules) * 1:26278 <-> DISABLED <-> SERVER-WEBAPP Linksys E1500/E2500 apply.cgi unauthenticated password reset attempt (server-webapp.rules) * 1:26279 <-> DISABLED <-> SERVER-WEBAPP Linksys E1500/E2500 apply.cgi unauthenticated password reset attempt (server-webapp.rules) * 1:26276 <-> DISABLED <-> SERVER-WEBAPP Linksys E1500/E2500 apply.cgi multiple vulnerabilities attempt (server-webapp.rules) * 1:26277 <-> DISABLED <-> SERVER-WEBAPP Linksys E1500/E2500 apply.cgi multiple vulnerabilities attempt (server-webapp.rules) * 1:25949 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Zebrocy outbound data connection (malware-cnc.rules) * 1:26275 <-> DISABLED <-> SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt (server-webapp.rules) * 1:17494 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer long URL buffer overflow attempt (browser-ie.rules) * 1:25589 <-> DISABLED <-> SERVER-OTHER libupnp command buffer overflow attempt (server-other.rules) * 1:46310 <-> DISABLED <-> SERVER-OTHER QNAP NVR/NAS Heap/Stack Overflow attempt (server-other.rules) * 1:46309 <-> DISABLED <-> SERVER-OTHER QNAP NVR/NAS Heap/Stack Overflow attempt (server-other.rules) * 1:46308 <-> DISABLED <-> SERVER-WEBAPP QNAP WTS 4.2.1 command injection attempt (server-webapp.rules) * 1:46307 <-> DISABLED <-> SERVER-WEBAPP QNAP WTS 4.2.1 command injection attempt (server-webapp.rules) * 1:46306 <-> DISABLED <-> SERVER-WEBAPP QNAP WTS 4.2.1 command injection attempt (server-webapp.rules) * 1:46305 <-> DISABLED <-> SERVER-WEBAPP QNAP WTS 4.2.1 command injection attempt (server-webapp.rules) * 1:46301 <-> DISABLED <-> SERVER-OTHER QNAP QTS X-Forwarded-For buffer overflow (server-other.rules) * 1:46300 <-> DISABLED <-> SERVER-WEBAPP QNAP VioStor NVR and QNAP NAS command injection attempt (server-webapp.rules) * 1:46414 <-> ENABLED <-> PUA-OTHER Mineralt JavaScript cryptocurrency mining attempt (pua-other.rules) * 1:46413 <-> ENABLED <-> PUA-OTHER Mineralt JavaScript cryptocurrency mining attempt (pua-other.rules) * 1:46411 <-> ENABLED <-> PUA-OTHER Mineralt TLS server hello attempt (pua-other.rules) * 1:46410 <-> ENABLED <-> PUA-OTHER Mineralt TLS client hello attempt (pua-other.rules) * 1:46377 <-> DISABLED <-> SERVER-OTHER libgd heap-overflow attempt (server-other.rules) * 1:46376 <-> DISABLED <-> SERVER-OTHER libgd heap-overflow attempt (server-other.rules) * 1:46342 <-> DISABLED <-> SERVER-OTHER QNAP QTS cross site request forgery attempt (server-other.rules) * 1:46341 <-> DISABLED <-> SERVER-WEBAPP Akeeba Kickstart cross site request forgery attempt (server-webapp.rules) * 1:46340 <-> DISABLED <-> SERVER-WEBAPP Akeeba Kickstart restoration.php reconnaissance attempt (server-webapp.rules) * 1:46335 <-> DISABLED <-> SERVER-OTHER QNAP QTS hard coded credential access attempt (server-other.rules) * 1:46323 <-> DISABLED <-> SERVER-WEBAPP Netgear DGN2200B stored cross-site scripting attempt (server-webapp.rules) * 1:46322 <-> DISABLED <-> SERVER-WEBAPP Netgear DGN2200B stored cross-site scripting attempt (server-webapp.rules)
©2024 Cisco and/or its affiliates. Snort, the Snort and Pig logo are registered trademarks of Cisco. All rights reserved.
