Talos has added and modified multiple rules in the file-other, indicator-obfuscation, malware-cnc, protocol-voip and server-webapp rule sets to provide coverage for emerging threats from these technologies.
For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:48350 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48351 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48345 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48346 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48353 <-> DISABLED <-> SERVER-WEBAPP Quest DR Series Disk Backup DnsService.pm command injection attempt (server-webapp.rules) * 1:48354 <-> DISABLED <-> SERVER-WEBAPP CVE PHP infinite loop from use of stream filter and convert.iconv file upload attempt (server-webapp.rules) * 1:48352 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48327 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48333 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48334 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48337 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48349 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48305 <-> ENABLED <-> INDICATOR-OBFUSCATION RTF file objdata hlsrc obfuscation attempt (indicator-obfuscation.rules) * 1:48300 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Telebot variant outbound connection (malware-cnc.rules) * 1:48296 <-> DISABLED <-> FILE-OTHER out-of-bounds write attempt with malicious MAR file detected (file-other.rules) * 1:48303 <-> ENABLED <-> INDICATOR-OBFUSCATION RTF file objdata hex-escape obfuscation attempt (indicator-obfuscation.rules) * 1:48343 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48344 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48342 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48301 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Telebot variant outbound connection (malware-cnc.rules) * 1:48299 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Telebot variant outbound connection (malware-cnc.rules) * 1:48295 <-> DISABLED <-> FILE-OTHER out-of-bounds write attempt with malicious MAR file detected (file-other.rules) * 1:48355 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Banking download attempt initiated (malware-cnc.rules) * 1:48348 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48341 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48336 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48356 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Banking download attempt initiated (malware-cnc.rules) * 1:48332 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48330 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48339 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48326 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48335 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48324 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48331 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48322 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48329 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48320 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48325 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48318 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48323 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48316 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48321 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48314 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48319 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48312 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48317 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48310 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48315 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48308 <-> ENABLED <-> MALWARE-CNC Win.Doc.GrayEnergy malicious document download attempt (malware-cnc.rules) * 1:48313 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48306 <-> ENABLED <-> INDICATOR-OBFUSCATION RTF file objdata hlsrc obfuscation attempt (indicator-obfuscation.rules) * 1:48311 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48304 <-> ENABLED <-> INDICATOR-OBFUSCATION RTF file objdata hex-escape obfuscation attempt (indicator-obfuscation.rules) * 1:48309 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48302 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Telebot variant outbound connection (malware-cnc.rules) * 1:48307 <-> ENABLED <-> MALWARE-CNC Win.Doc.GrayEnergy malicious document download attempt (malware-cnc.rules) * 1:48340 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48338 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48347 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48328 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 3:48297 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2018-0705 attack attempt (file-other.rules) * 3:48298 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2018-0705 attack attempt (file-other.rules) * 3:48357 <-> ENABLED <-> SERVER-WEBAPP Cisco Energy Management Suite external executeScript attempt (server-webapp.rules) * 3:48358 <-> ENABLED <-> SERVER-WEBAPP Cisco Stealthwatch Management Console authentication bypass attempt (server-webapp.rules)
* 1:48265 <-> DISABLED <-> PROTOCOL-VOIP SIP wildcard VIA address flood attempt (protocol-voip.rules) * 1:48264 <-> DISABLED <-> PROTOCOL-VOIP SIP wildcard VIA address flood attempt (protocol-voip.rules) * 1:36826 <-> ENABLED <-> SERVER-OTHER Java Library CommonsCollection unauthorized serialized object attempt (server-other.rules) * 3:47426 <-> ENABLED <-> PROTOCOL-VOIP Cisco SPA514G SDP field processing denial of service attempt (protocol-voip.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2990.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:48341 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48352 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48350 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48344 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48342 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48343 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48351 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48354 <-> DISABLED <-> SERVER-WEBAPP CVE PHP infinite loop from use of stream filter and convert.iconv file upload attempt (server-webapp.rules) * 1:48353 <-> DISABLED <-> SERVER-WEBAPP Quest DR Series Disk Backup DnsService.pm command injection attempt (server-webapp.rules) * 1:48347 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48295 <-> DISABLED <-> FILE-OTHER out-of-bounds write attempt with malicious MAR file detected (file-other.rules) * 1:48296 <-> DISABLED <-> FILE-OTHER out-of-bounds write attempt with malicious MAR file detected (file-other.rules) * 1:48299 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Telebot variant outbound connection (malware-cnc.rules) * 1:48300 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Telebot variant outbound connection (malware-cnc.rules) * 1:48301 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Telebot variant outbound connection (malware-cnc.rules) * 1:48302 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Telebot variant outbound connection (malware-cnc.rules) * 1:48303 <-> ENABLED <-> INDICATOR-OBFUSCATION RTF file objdata hex-escape obfuscation attempt (indicator-obfuscation.rules) * 1:48304 <-> ENABLED <-> INDICATOR-OBFUSCATION RTF file objdata hex-escape obfuscation attempt (indicator-obfuscation.rules) * 1:48305 <-> ENABLED <-> INDICATOR-OBFUSCATION RTF file objdata hlsrc obfuscation attempt (indicator-obfuscation.rules) * 1:48306 <-> ENABLED <-> INDICATOR-OBFUSCATION RTF file objdata hlsrc obfuscation attempt (indicator-obfuscation.rules) * 1:48307 <-> ENABLED <-> MALWARE-CNC Win.Doc.GrayEnergy malicious document download attempt (malware-cnc.rules) * 1:48308 <-> ENABLED <-> MALWARE-CNC Win.Doc.GrayEnergy malicious document download attempt (malware-cnc.rules) * 1:48309 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48310 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48311 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48312 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48313 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48314 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48315 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48316 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48317 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48318 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48319 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48320 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48321 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48322 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48323 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48324 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48325 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48326 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48327 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48328 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48329 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48345 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48340 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48330 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48331 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48332 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48333 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48348 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48356 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Banking download attempt initiated (malware-cnc.rules) * 1:48334 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48335 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48346 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48349 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48336 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48339 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48337 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48355 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Banking download attempt initiated (malware-cnc.rules) * 1:48338 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 3:48297 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2018-0705 attack attempt (file-other.rules) * 3:48298 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2018-0705 attack attempt (file-other.rules) * 3:48357 <-> ENABLED <-> SERVER-WEBAPP Cisco Energy Management Suite external executeScript attempt (server-webapp.rules) * 3:48358 <-> ENABLED <-> SERVER-WEBAPP Cisco Stealthwatch Management Console authentication bypass attempt (server-webapp.rules)
* 1:48264 <-> DISABLED <-> PROTOCOL-VOIP SIP wildcard VIA address flood attempt (protocol-voip.rules) * 1:48265 <-> DISABLED <-> PROTOCOL-VOIP SIP wildcard VIA address flood attempt (protocol-voip.rules) * 1:36826 <-> ENABLED <-> SERVER-OTHER Java Library CommonsCollection unauthorized serialized object attempt (server-other.rules) * 3:47426 <-> ENABLED <-> PROTOCOL-VOIP Cisco SPA514G SDP field processing denial of service attempt (protocol-voip.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3000.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:48351 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (snort3-protocol-voip.rules) * 1:48296 <-> DISABLED <-> FILE-OTHER out-of-bounds write attempt with malicious MAR file detected (snort3-file-other.rules) * 1:48295 <-> DISABLED <-> FILE-OTHER out-of-bounds write attempt with malicious MAR file detected (snort3-file-other.rules) * 1:48349 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (snort3-protocol-voip.rules) * 1:48350 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (snort3-protocol-voip.rules) * 1:48353 <-> DISABLED <-> SERVER-WEBAPP Quest DR Series Disk Backup DnsService.pm command injection attempt (snort3-server-webapp.rules) * 1:48355 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Banking download attempt initiated (snort3-malware-cnc.rules) * 1:48300 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Telebot variant outbound connection (snort3-malware-cnc.rules) * 1:48301 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Telebot variant outbound connection (snort3-malware-cnc.rules) * 1:48302 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Telebot variant outbound connection (snort3-malware-cnc.rules) * 1:48303 <-> ENABLED <-> INDICATOR-OBFUSCATION RTF file objdata hex-escape obfuscation attempt (snort3-indicator-obfuscation.rules) * 1:48304 <-> ENABLED <-> INDICATOR-OBFUSCATION RTF file objdata hex-escape obfuscation attempt (snort3-indicator-obfuscation.rules) * 1:48305 <-> ENABLED <-> INDICATOR-OBFUSCATION RTF file objdata hlsrc obfuscation attempt (snort3-indicator-obfuscation.rules) * 1:48306 <-> ENABLED <-> INDICATOR-OBFUSCATION RTF file objdata hlsrc obfuscation attempt (snort3-indicator-obfuscation.rules) * 1:48307 <-> ENABLED <-> MALWARE-CNC Win.Doc.GrayEnergy malicious document download attempt (snort3-malware-cnc.rules) * 1:48308 <-> ENABLED <-> MALWARE-CNC Win.Doc.GrayEnergy malicious document download attempt (snort3-malware-cnc.rules) * 1:48309 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (snort3-protocol-voip.rules) * 1:48310 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (snort3-protocol-voip.rules) * 1:48311 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (snort3-protocol-voip.rules) * 1:48312 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (snort3-protocol-voip.rules) * 1:48313 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (snort3-protocol-voip.rules) * 1:48314 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (snort3-protocol-voip.rules) * 1:48315 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (snort3-protocol-voip.rules) * 1:48316 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (snort3-protocol-voip.rules) * 1:48317 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (snort3-protocol-voip.rules) * 1:48318 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (snort3-protocol-voip.rules) * 1:48319 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (snort3-protocol-voip.rules) * 1:48320 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (snort3-protocol-voip.rules) * 1:48321 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (snort3-protocol-voip.rules) * 1:48322 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (snort3-protocol-voip.rules) * 1:48323 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (snort3-protocol-voip.rules) * 1:48324 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (snort3-protocol-voip.rules) * 1:48325 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (snort3-protocol-voip.rules) * 1:48326 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (snort3-protocol-voip.rules) * 1:48327 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (snort3-protocol-voip.rules) * 1:48328 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (snort3-protocol-voip.rules) * 1:48329 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (snort3-protocol-voip.rules) * 1:48330 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (snort3-protocol-voip.rules) * 1:48331 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (snort3-protocol-voip.rules) * 1:48332 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (snort3-protocol-voip.rules) * 1:48333 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (snort3-protocol-voip.rules) * 1:48334 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (snort3-protocol-voip.rules) * 1:48354 <-> DISABLED <-> SERVER-WEBAPP CVE PHP infinite loop from use of stream filter and convert.iconv file upload attempt (snort3-server-webapp.rules) * 1:48335 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (snort3-protocol-voip.rules) * 1:48336 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (snort3-protocol-voip.rules) * 1:48345 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (snort3-protocol-voip.rules) * 1:48337 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (snort3-protocol-voip.rules) * 1:48338 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (snort3-protocol-voip.rules) * 1:48339 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (snort3-protocol-voip.rules) * 1:48340 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (snort3-protocol-voip.rules) * 1:48347 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (snort3-protocol-voip.rules) * 1:48346 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (snort3-protocol-voip.rules) * 1:48341 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (snort3-protocol-voip.rules) * 1:48348 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (snort3-protocol-voip.rules) * 1:48342 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (snort3-protocol-voip.rules) * 1:48343 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (snort3-protocol-voip.rules) * 1:48299 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Telebot variant outbound connection (snort3-malware-cnc.rules) * 1:48344 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (snort3-protocol-voip.rules) * 1:48356 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Banking download attempt initiated (snort3-malware-cnc.rules) * 1:48352 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (snort3-protocol-voip.rules)
* 1:36826 <-> ENABLED <-> SERVER-OTHER Java Library CommonsCollection unauthorized serialized object attempt (snort3-server-other.rules) * 1:48265 <-> DISABLED <-> PROTOCOL-VOIP SIP wildcard VIA address flood attempt (snort3-protocol-voip.rules) * 1:48264 <-> DISABLED <-> PROTOCOL-VOIP SIP wildcard VIA address flood attempt (snort3-protocol-voip.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091100.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:48356 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Banking download attempt initiated (malware-cnc.rules) * 1:48355 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Banking download attempt initiated (malware-cnc.rules) * 1:48354 <-> DISABLED <-> SERVER-WEBAPP CVE PHP infinite loop from use of stream filter and convert.iconv file upload attempt (server-webapp.rules) * 1:48353 <-> DISABLED <-> SERVER-WEBAPP Quest DR Series Disk Backup DnsService.pm command injection attempt (server-webapp.rules) * 1:48352 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48351 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48350 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48349 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48347 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48348 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48346 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48345 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48295 <-> DISABLED <-> FILE-OTHER out-of-bounds write attempt with malicious MAR file detected (file-other.rules) * 1:48299 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Telebot variant outbound connection (malware-cnc.rules) * 1:48296 <-> DISABLED <-> FILE-OTHER out-of-bounds write attempt with malicious MAR file detected (file-other.rules) * 1:48300 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Telebot variant outbound connection (malware-cnc.rules) * 1:48301 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Telebot variant outbound connection (malware-cnc.rules) * 1:48305 <-> ENABLED <-> INDICATOR-OBFUSCATION RTF file objdata hlsrc obfuscation attempt (indicator-obfuscation.rules) * 1:48303 <-> ENABLED <-> INDICATOR-OBFUSCATION RTF file objdata hex-escape obfuscation attempt (indicator-obfuscation.rules) * 1:48302 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Telebot variant outbound connection (malware-cnc.rules) * 1:48339 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48307 <-> ENABLED <-> MALWARE-CNC Win.Doc.GrayEnergy malicious document download attempt (malware-cnc.rules) * 1:48308 <-> ENABLED <-> MALWARE-CNC Win.Doc.GrayEnergy malicious document download attempt (malware-cnc.rules) * 1:48309 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48310 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48311 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48312 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48313 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48314 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48315 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48316 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48317 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48318 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48319 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48320 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48321 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48322 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48323 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48324 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48325 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48304 <-> ENABLED <-> INDICATOR-OBFUSCATION RTF file objdata hex-escape obfuscation attempt (indicator-obfuscation.rules) * 1:48328 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48329 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48330 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48331 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48332 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48333 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48335 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48334 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48336 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48340 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48326 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48337 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48327 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48338 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48341 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48344 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48343 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48342 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48306 <-> ENABLED <-> INDICATOR-OBFUSCATION RTF file objdata hlsrc obfuscation attempt (indicator-obfuscation.rules) * 3:48297 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2018-0705 attack attempt (file-other.rules) * 3:48298 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2018-0705 attack attempt (file-other.rules) * 3:48357 <-> ENABLED <-> SERVER-WEBAPP Cisco Energy Management Suite external executeScript attempt (server-webapp.rules) * 3:48358 <-> ENABLED <-> SERVER-WEBAPP Cisco Stealthwatch Management Console authentication bypass attempt (server-webapp.rules)
* 1:48265 <-> DISABLED <-> PROTOCOL-VOIP SIP wildcard VIA address flood attempt (protocol-voip.rules) * 1:48264 <-> DISABLED <-> PROTOCOL-VOIP SIP wildcard VIA address flood attempt (protocol-voip.rules) * 1:36826 <-> ENABLED <-> SERVER-OTHER Java Library CommonsCollection unauthorized serialized object attempt (server-other.rules) * 3:47426 <-> ENABLED <-> PROTOCOL-VOIP Cisco SPA514G SDP field processing denial of service attempt (protocol-voip.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091101.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:48342 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48295 <-> DISABLED <-> FILE-OTHER out-of-bounds write attempt with malicious MAR file detected (file-other.rules) * 1:48296 <-> DISABLED <-> FILE-OTHER out-of-bounds write attempt with malicious MAR file detected (file-other.rules) * 1:48299 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Telebot variant outbound connection (malware-cnc.rules) * 1:48300 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Telebot variant outbound connection (malware-cnc.rules) * 1:48301 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Telebot variant outbound connection (malware-cnc.rules) * 1:48302 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Telebot variant outbound connection (malware-cnc.rules) * 1:48303 <-> ENABLED <-> INDICATOR-OBFUSCATION RTF file objdata hex-escape obfuscation attempt (indicator-obfuscation.rules) * 1:48304 <-> ENABLED <-> INDICATOR-OBFUSCATION RTF file objdata hex-escape obfuscation attempt (indicator-obfuscation.rules) * 1:48306 <-> ENABLED <-> INDICATOR-OBFUSCATION RTF file objdata hlsrc obfuscation attempt (indicator-obfuscation.rules) * 1:48307 <-> ENABLED <-> MALWARE-CNC Win.Doc.GrayEnergy malicious document download attempt (malware-cnc.rules) * 1:48309 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48310 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48305 <-> ENABLED <-> INDICATOR-OBFUSCATION RTF file objdata hlsrc obfuscation attempt (indicator-obfuscation.rules) * 1:48311 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48308 <-> ENABLED <-> MALWARE-CNC Win.Doc.GrayEnergy malicious document download attempt (malware-cnc.rules) * 1:48312 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48313 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48314 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48316 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48317 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48315 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48354 <-> DISABLED <-> SERVER-WEBAPP CVE PHP infinite loop from use of stream filter and convert.iconv file upload attempt (server-webapp.rules) * 1:48320 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48321 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48322 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48323 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48324 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48325 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48326 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48327 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48328 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48329 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48330 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48331 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48332 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48333 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48334 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48335 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48336 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48337 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48338 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48339 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48318 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48353 <-> DISABLED <-> SERVER-WEBAPP Quest DR Series Disk Backup DnsService.pm command injection attempt (server-webapp.rules) * 1:48352 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48351 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48350 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48349 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48348 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48347 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48346 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48345 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48340 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48341 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48319 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48344 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48343 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48356 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Banking download attempt initiated (malware-cnc.rules) * 1:48355 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Banking download attempt initiated (malware-cnc.rules) * 3:48297 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2018-0705 attack attempt (file-other.rules) * 3:48298 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2018-0705 attack attempt (file-other.rules) * 3:48357 <-> ENABLED <-> SERVER-WEBAPP Cisco Energy Management Suite external executeScript attempt (server-webapp.rules) * 3:48358 <-> ENABLED <-> SERVER-WEBAPP Cisco Stealthwatch Management Console authentication bypass attempt (server-webapp.rules)
* 1:48264 <-> DISABLED <-> PROTOCOL-VOIP SIP wildcard VIA address flood attempt (protocol-voip.rules) * 1:48265 <-> DISABLED <-> PROTOCOL-VOIP SIP wildcard VIA address flood attempt (protocol-voip.rules) * 1:36826 <-> ENABLED <-> SERVER-OTHER Java Library CommonsCollection unauthorized serialized object attempt (server-other.rules) * 3:47426 <-> ENABLED <-> PROTOCOL-VOIP Cisco SPA514G SDP field processing denial of service attempt (protocol-voip.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091200.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:48302 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Telebot variant outbound connection (malware-cnc.rules) * 1:48301 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Telebot variant outbound connection (malware-cnc.rules) * 1:48300 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Telebot variant outbound connection (malware-cnc.rules) * 1:48299 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Telebot variant outbound connection (malware-cnc.rules) * 1:48296 <-> DISABLED <-> FILE-OTHER out-of-bounds write attempt with malicious MAR file detected (file-other.rules) * 1:48295 <-> DISABLED <-> FILE-OTHER out-of-bounds write attempt with malicious MAR file detected (file-other.rules) * 1:48318 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48317 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48316 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48315 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48314 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48313 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48312 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48311 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48310 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48309 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48308 <-> ENABLED <-> MALWARE-CNC Win.Doc.GrayEnergy malicious document download attempt (malware-cnc.rules) * 1:48307 <-> ENABLED <-> MALWARE-CNC Win.Doc.GrayEnergy malicious document download attempt (malware-cnc.rules) * 1:48306 <-> ENABLED <-> INDICATOR-OBFUSCATION RTF file objdata hlsrc obfuscation attempt (indicator-obfuscation.rules) * 1:48305 <-> ENABLED <-> INDICATOR-OBFUSCATION RTF file objdata hlsrc obfuscation attempt (indicator-obfuscation.rules) * 1:48304 <-> ENABLED <-> INDICATOR-OBFUSCATION RTF file objdata hex-escape obfuscation attempt (indicator-obfuscation.rules) * 1:48303 <-> ENABLED <-> INDICATOR-OBFUSCATION RTF file objdata hex-escape obfuscation attempt (indicator-obfuscation.rules) * 1:48321 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48320 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48319 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48324 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48323 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48322 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48325 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48328 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48327 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48326 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48331 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48330 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48329 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48332 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48353 <-> DISABLED <-> SERVER-WEBAPP Quest DR Series Disk Backup DnsService.pm command injection attempt (server-webapp.rules) * 1:48352 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48351 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48350 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48349 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48348 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48347 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48346 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48345 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48344 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48343 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48342 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48341 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48340 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48339 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48338 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48337 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48336 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48335 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48334 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48333 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48356 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Banking download attempt initiated (malware-cnc.rules) * 1:48355 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Banking download attempt initiated (malware-cnc.rules) * 1:48354 <-> DISABLED <-> SERVER-WEBAPP CVE PHP infinite loop from use of stream filter and convert.iconv file upload attempt (server-webapp.rules) * 3:48297 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2018-0705 attack attempt (file-other.rules) * 3:48298 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2018-0705 attack attempt (file-other.rules) * 3:48357 <-> ENABLED <-> SERVER-WEBAPP Cisco Energy Management Suite external executeScript attempt (server-webapp.rules) * 3:48358 <-> ENABLED <-> SERVER-WEBAPP Cisco Stealthwatch Management Console authentication bypass attempt (server-webapp.rules)
* 1:48265 <-> DISABLED <-> PROTOCOL-VOIP SIP wildcard VIA address flood attempt (protocol-voip.rules) * 1:48264 <-> DISABLED <-> PROTOCOL-VOIP SIP wildcard VIA address flood attempt (protocol-voip.rules) * 1:36826 <-> ENABLED <-> SERVER-OTHER Java Library CommonsCollection unauthorized serialized object attempt (server-other.rules) * 3:47426 <-> ENABLED <-> PROTOCOL-VOIP Cisco SPA514G SDP field processing denial of service attempt (protocol-voip.rules)
©2024 Cisco and/or its affiliates. Snort, the Snort and Pig logo are registered trademarks of Cisco. All rights reserved.
