Talos has added and modified multiple rules in the malware-cnc and server-webapp rule sets to provide coverage for emerging threats from these technologies.
For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091300.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:50337 <-> ENABLED <-> SERVER-WEBAPP GoAhead IP Camera set_ftp.cgi command injection attempt (server-webapp.rules) * 1:50318 <-> DISABLED <-> SERVER-WEBAPP Asus DSL-N12E_C1 1.1.2.3_345 command injection attempt (server-webapp.rules) * 1:50317 <-> DISABLED <-> SERVER-WEBAPP Asus DSL-N12E_C1 1.1.2.3_345 command injection attempt (server-webapp.rules) * 1:50316 <-> DISABLED <-> SERVER-WEBAPP Asus DSL-N12E_C1 1.1.2.3_345 command injection attempt (server-webapp.rules) * 1:50315 <-> DISABLED <-> SERVER-WEBAPP HooToo tripMate protocol.csp mac parameter command injection attempt (server-webapp.rules) * 1:50314 <-> DISABLED <-> SERVER-WEBAPP HooToo tripMate protocol.csp mac parameter command injection attempt (server-webapp.rules) * 1:50313 <-> DISABLED <-> SERVER-WEBAPP HooToo tripMate protocol.csp mac parameter command injection attempt (server-webapp.rules) * 1:50312 <-> DISABLED <-> SERVER-WEBAPP HooToo tripMate protocol.csp mac parameter command injection attempt (server-webapp.rules) * 1:50311 <-> DISABLED <-> SERVER-WEBAPP Dell KACE K1000 command injection attempt (server-webapp.rules) * 1:50310 <-> DISABLED <-> SERVER-WEBAPP Dell KACE K1000 command injection attempt (server-webapp.rules) * 1:50309 <-> DISABLED <-> SERVER-WEBAPP Dell KACE K1000 command injection attempt (server-webapp.rules) * 1:50308 <-> DISABLED <-> SERVER-WEBAPP Dell KACE K1000 command injection attempt (server-webapp.rules) * 1:50307 <-> DISABLED <-> SERVER-WEBAPP OpenDreamBox 2.0.0 Plugin WebAdmin command injection attempt (server-webapp.rules) * 1:50306 <-> DISABLED <-> SERVER-WEBAPP OpenDreamBox 2.0.0 Plugin WebAdmin command injection attempt (server-webapp.rules) * 1:50305 <-> DISABLED <-> SERVER-WEBAPP OpenDreamBox 2.0.0 Plugin WebAdmin command injection attempt (server-webapp.rules) * 1:50304 <-> DISABLED <-> SERVER-WEBAPP OpenDreamBox 2.0.0 Plugin WebAdmin command injection attempt (server-webapp.rules) * 1:50303 <-> ENABLED <-> MALWARE-CNC Win.Trojan.TRITON attack tool outbound connection (malware-cnc.rules) * 1:50302 <-> ENABLED <-> MALWARE-CNC Win.Trojan.TRITON attack tool outbound connection (malware-cnc.rules) * 1:50301 <-> ENABLED <-> MALWARE-CNC Win.Trojan.TRITON attack tool outbound connection (malware-cnc.rules) * 1:50300 <-> ENABLED <-> MALWARE-CNC Win.Trojan.TRITON attack tool outbound connection (malware-cnc.rules) * 1:50336 <-> ENABLED <-> SERVER-WEBAPP GoAhead IP Camera set_ftp.cgi command injection attempt (server-webapp.rules) * 1:50334 <-> DISABLED <-> SERVER-WEBAPP Asustor ADM command injection attempt (server-webapp.rules) * 1:50333 <-> DISABLED <-> SERVER-WEBAPP Asustor ADM command injection attempt (server-webapp.rules) * 1:50332 <-> DISABLED <-> SERVER-WEBAPP Asustor ADM command injection attempt (server-webapp.rules) * 1:50331 <-> DISABLED <-> SERVER-WEBAPP Asustor ADM command injection attempt (server-webapp.rules) * 1:50330 <-> DISABLED <-> SERVER-WEBAPP LG SuperSignEz CMS command injection attempt (server-webapp.rules) * 1:50329 <-> DISABLED <-> SERVER-WEBAPP LG SuperSignEz CMS command injection attempt (server-webapp.rules) * 1:50328 <-> DISABLED <-> SERVER-WEBAPP LG SuperSignEz CMS command injection attempt (server-webapp.rules) * 1:50327 <-> DISABLED <-> SERVER-WEBAPP LG SuperSignEz CMS command injection attempt (server-webapp.rules) * 1:50326 <-> DISABLED <-> SERVER-WEBAPP Crestron AM platform command injection attempt (server-webapp.rules) * 1:50325 <-> DISABLED <-> SERVER-WEBAPP Crestron AM platform command injection attempt (server-webapp.rules) * 1:50324 <-> DISABLED <-> SERVER-WEBAPP Crestron AM platform command injection attempt (server-webapp.rules) * 1:50323 <-> DISABLED <-> SERVER-WEBAPP Crestron AM platform command injection attempt (server-webapp.rules) * 1:50322 <-> DISABLED <-> SERVER-WEBAPP MiCasaVerde VeraLite remote code execution attempt (server-webapp.rules) * 1:50321 <-> DISABLED <-> SERVER-WEBAPP MiCasaVerde VeraLite remote code execution attempt (server-webapp.rules) * 1:50319 <-> DISABLED <-> SERVER-WEBAPP Asus DSL-N12E_C1 1.1.2.3_345 command injection attempt (server-webapp.rules) * 1:50343 <-> DISABLED <-> SERVER-WEBAPP Schneider Electric U.Motion Builder command injection attempt (server-webapp.rules) * 1:50340 <-> DISABLED <-> SERVER-WEBAPP Schneider Electric U.Motion Builder command injection attempt (server-webapp.rules) * 1:50339 <-> ENABLED <-> SERVER-WEBAPP GoAhead IP Camera set_ftp.cgi command injection attempt (server-webapp.rules) * 1:50338 <-> ENABLED <-> SERVER-WEBAPP GoAhead IP Camera set_ftp.cgi command injection attempt (server-webapp.rules) * 1:50342 <-> DISABLED <-> SERVER-WEBAPP Schneider Electric U.Motion Builder command injection attempt (server-webapp.rules) * 1:50341 <-> DISABLED <-> SERVER-WEBAPP Schneider Electric U.Motion Builder command injection attempt (server-webapp.rules) * 1:50344 <-> ENABLED <-> SERVER-WEBAPP VMWare NSX SD-WAN Edge command injection attempt (server-webapp.rules) * 1:50347 <-> ENABLED <-> SERVER-WEBAPP VMWare NSX SD-WAN Edge command injection attempt (server-webapp.rules) * 1:50346 <-> ENABLED <-> SERVER-WEBAPP VMWare NSX SD-WAN Edge command injection attempt (server-webapp.rules) * 1:50345 <-> ENABLED <-> SERVER-WEBAPP VMWare NSX SD-WAN Edge command injection attempt (server-webapp.rules) * 3:50320 <-> ENABLED <-> SERVER-OTHER Cisco Unified Communications Manager denial of service attempt (server-other.rules) * 3:50335 <-> ENABLED <-> SERVER-WEBAPP Cisco Industrial Network Director remote code execution attempt (server-webapp.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091200.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:50337 <-> ENABLED <-> SERVER-WEBAPP GoAhead IP Camera set_ftp.cgi command injection attempt (server-webapp.rules) * 1:50338 <-> ENABLED <-> SERVER-WEBAPP GoAhead IP Camera set_ftp.cgi command injection attempt (server-webapp.rules) * 1:50300 <-> ENABLED <-> MALWARE-CNC Win.Trojan.TRITON attack tool outbound connection (malware-cnc.rules) * 1:50301 <-> ENABLED <-> MALWARE-CNC Win.Trojan.TRITON attack tool outbound connection (malware-cnc.rules) * 1:50302 <-> ENABLED <-> MALWARE-CNC Win.Trojan.TRITON attack tool outbound connection (malware-cnc.rules) * 1:50303 <-> ENABLED <-> MALWARE-CNC Win.Trojan.TRITON attack tool outbound connection (malware-cnc.rules) * 1:50304 <-> DISABLED <-> SERVER-WEBAPP OpenDreamBox 2.0.0 Plugin WebAdmin command injection attempt (server-webapp.rules) * 1:50305 <-> DISABLED <-> SERVER-WEBAPP OpenDreamBox 2.0.0 Plugin WebAdmin command injection attempt (server-webapp.rules) * 1:50306 <-> DISABLED <-> SERVER-WEBAPP OpenDreamBox 2.0.0 Plugin WebAdmin command injection attempt (server-webapp.rules) * 1:50307 <-> DISABLED <-> SERVER-WEBAPP OpenDreamBox 2.0.0 Plugin WebAdmin command injection attempt (server-webapp.rules) * 1:50308 <-> DISABLED <-> SERVER-WEBAPP Dell KACE K1000 command injection attempt (server-webapp.rules) * 1:50309 <-> DISABLED <-> SERVER-WEBAPP Dell KACE K1000 command injection attempt (server-webapp.rules) * 1:50310 <-> DISABLED <-> SERVER-WEBAPP Dell KACE K1000 command injection attempt (server-webapp.rules) * 1:50311 <-> DISABLED <-> SERVER-WEBAPP Dell KACE K1000 command injection attempt (server-webapp.rules) * 1:50312 <-> DISABLED <-> SERVER-WEBAPP HooToo tripMate protocol.csp mac parameter command injection attempt (server-webapp.rules) * 1:50313 <-> DISABLED <-> SERVER-WEBAPP HooToo tripMate protocol.csp mac parameter command injection attempt (server-webapp.rules) * 1:50314 <-> DISABLED <-> SERVER-WEBAPP HooToo tripMate protocol.csp mac parameter command injection attempt (server-webapp.rules) * 1:50315 <-> DISABLED <-> SERVER-WEBAPP HooToo tripMate protocol.csp mac parameter command injection attempt (server-webapp.rules) * 1:50316 <-> DISABLED <-> SERVER-WEBAPP Asus DSL-N12E_C1 1.1.2.3_345 command injection attempt (server-webapp.rules) * 1:50317 <-> DISABLED <-> SERVER-WEBAPP Asus DSL-N12E_C1 1.1.2.3_345 command injection attempt (server-webapp.rules) * 1:50318 <-> DISABLED <-> SERVER-WEBAPP Asus DSL-N12E_C1 1.1.2.3_345 command injection attempt (server-webapp.rules) * 1:50319 <-> DISABLED <-> SERVER-WEBAPP Asus DSL-N12E_C1 1.1.2.3_345 command injection attempt (server-webapp.rules) * 1:50321 <-> DISABLED <-> SERVER-WEBAPP MiCasaVerde VeraLite remote code execution attempt (server-webapp.rules) * 1:50322 <-> DISABLED <-> SERVER-WEBAPP MiCasaVerde VeraLite remote code execution attempt (server-webapp.rules) * 1:50323 <-> DISABLED <-> SERVER-WEBAPP Crestron AM platform command injection attempt (server-webapp.rules) * 1:50324 <-> DISABLED <-> SERVER-WEBAPP Crestron AM platform command injection attempt (server-webapp.rules) * 1:50325 <-> DISABLED <-> SERVER-WEBAPP Crestron AM platform command injection attempt (server-webapp.rules) * 1:50326 <-> DISABLED <-> SERVER-WEBAPP Crestron AM platform command injection attempt (server-webapp.rules) * 1:50327 <-> DISABLED <-> SERVER-WEBAPP LG SuperSignEz CMS command injection attempt (server-webapp.rules) * 1:50330 <-> DISABLED <-> SERVER-WEBAPP LG SuperSignEz CMS command injection attempt (server-webapp.rules) * 1:50331 <-> DISABLED <-> SERVER-WEBAPP Asustor ADM command injection attempt (server-webapp.rules) * 1:50332 <-> DISABLED <-> SERVER-WEBAPP Asustor ADM command injection attempt (server-webapp.rules) * 1:50333 <-> DISABLED <-> SERVER-WEBAPP Asustor ADM command injection attempt (server-webapp.rules) * 1:50329 <-> DISABLED <-> SERVER-WEBAPP LG SuperSignEz CMS command injection attempt (server-webapp.rules) * 1:50328 <-> DISABLED <-> SERVER-WEBAPP LG SuperSignEz CMS command injection attempt (server-webapp.rules) * 1:50334 <-> DISABLED <-> SERVER-WEBAPP Asustor ADM command injection attempt (server-webapp.rules) * 1:50336 <-> ENABLED <-> SERVER-WEBAPP GoAhead IP Camera set_ftp.cgi command injection attempt (server-webapp.rules) * 1:50347 <-> ENABLED <-> SERVER-WEBAPP VMWare NSX SD-WAN Edge command injection attempt (server-webapp.rules) * 1:50346 <-> ENABLED <-> SERVER-WEBAPP VMWare NSX SD-WAN Edge command injection attempt (server-webapp.rules) * 1:50345 <-> ENABLED <-> SERVER-WEBAPP VMWare NSX SD-WAN Edge command injection attempt (server-webapp.rules) * 1:50344 <-> ENABLED <-> SERVER-WEBAPP VMWare NSX SD-WAN Edge command injection attempt (server-webapp.rules) * 1:50343 <-> DISABLED <-> SERVER-WEBAPP Schneider Electric U.Motion Builder command injection attempt (server-webapp.rules) * 1:50342 <-> DISABLED <-> SERVER-WEBAPP Schneider Electric U.Motion Builder command injection attempt (server-webapp.rules) * 1:50340 <-> DISABLED <-> SERVER-WEBAPP Schneider Electric U.Motion Builder command injection attempt (server-webapp.rules) * 1:50339 <-> ENABLED <-> SERVER-WEBAPP GoAhead IP Camera set_ftp.cgi command injection attempt (server-webapp.rules) * 1:50341 <-> DISABLED <-> SERVER-WEBAPP Schneider Electric U.Motion Builder command injection attempt (server-webapp.rules) * 3:50320 <-> ENABLED <-> SERVER-OTHER Cisco Unified Communications Manager denial of service attempt (server-other.rules) * 3:50335 <-> ENABLED <-> SERVER-WEBAPP Cisco Industrial Network Director remote code execution attempt (server-webapp.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091101.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:50337 <-> ENABLED <-> SERVER-WEBAPP GoAhead IP Camera set_ftp.cgi command injection attempt (server-webapp.rules) * 1:50345 <-> ENABLED <-> SERVER-WEBAPP VMWare NSX SD-WAN Edge command injection attempt (server-webapp.rules) * 1:50344 <-> ENABLED <-> SERVER-WEBAPP VMWare NSX SD-WAN Edge command injection attempt (server-webapp.rules) * 1:50343 <-> DISABLED <-> SERVER-WEBAPP Schneider Electric U.Motion Builder command injection attempt (server-webapp.rules) * 1:50342 <-> DISABLED <-> SERVER-WEBAPP Schneider Electric U.Motion Builder command injection attempt (server-webapp.rules) * 1:50340 <-> DISABLED <-> SERVER-WEBAPP Schneider Electric U.Motion Builder command injection attempt (server-webapp.rules) * 1:50339 <-> ENABLED <-> SERVER-WEBAPP GoAhead IP Camera set_ftp.cgi command injection attempt (server-webapp.rules) * 1:50341 <-> DISABLED <-> SERVER-WEBAPP Schneider Electric U.Motion Builder command injection attempt (server-webapp.rules) * 1:50300 <-> ENABLED <-> MALWARE-CNC Win.Trojan.TRITON attack tool outbound connection (malware-cnc.rules) * 1:50301 <-> ENABLED <-> MALWARE-CNC Win.Trojan.TRITON attack tool outbound connection (malware-cnc.rules) * 1:50302 <-> ENABLED <-> MALWARE-CNC Win.Trojan.TRITON attack tool outbound connection (malware-cnc.rules) * 1:50347 <-> ENABLED <-> SERVER-WEBAPP VMWare NSX SD-WAN Edge command injection attempt (server-webapp.rules) * 1:50346 <-> ENABLED <-> SERVER-WEBAPP VMWare NSX SD-WAN Edge command injection attempt (server-webapp.rules) * 1:50303 <-> ENABLED <-> MALWARE-CNC Win.Trojan.TRITON attack tool outbound connection (malware-cnc.rules) * 1:50304 <-> DISABLED <-> SERVER-WEBAPP OpenDreamBox 2.0.0 Plugin WebAdmin command injection attempt (server-webapp.rules) * 1:50305 <-> DISABLED <-> SERVER-WEBAPP OpenDreamBox 2.0.0 Plugin WebAdmin command injection attempt (server-webapp.rules) * 1:50306 <-> DISABLED <-> SERVER-WEBAPP OpenDreamBox 2.0.0 Plugin WebAdmin command injection attempt (server-webapp.rules) * 1:50307 <-> DISABLED <-> SERVER-WEBAPP OpenDreamBox 2.0.0 Plugin WebAdmin command injection attempt (server-webapp.rules) * 1:50308 <-> DISABLED <-> SERVER-WEBAPP Dell KACE K1000 command injection attempt (server-webapp.rules) * 1:50309 <-> DISABLED <-> SERVER-WEBAPP Dell KACE K1000 command injection attempt (server-webapp.rules) * 1:50310 <-> DISABLED <-> SERVER-WEBAPP Dell KACE K1000 command injection attempt (server-webapp.rules) * 1:50311 <-> DISABLED <-> SERVER-WEBAPP Dell KACE K1000 command injection attempt (server-webapp.rules) * 1:50312 <-> DISABLED <-> SERVER-WEBAPP HooToo tripMate protocol.csp mac parameter command injection attempt (server-webapp.rules) * 1:50313 <-> DISABLED <-> SERVER-WEBAPP HooToo tripMate protocol.csp mac parameter command injection attempt (server-webapp.rules) * 1:50314 <-> DISABLED <-> SERVER-WEBAPP HooToo tripMate protocol.csp mac parameter command injection attempt (server-webapp.rules) * 1:50315 <-> DISABLED <-> SERVER-WEBAPP HooToo tripMate protocol.csp mac parameter command injection attempt (server-webapp.rules) * 1:50316 <-> DISABLED <-> SERVER-WEBAPP Asus DSL-N12E_C1 1.1.2.3_345 command injection attempt (server-webapp.rules) * 1:50317 <-> DISABLED <-> SERVER-WEBAPP Asus DSL-N12E_C1 1.1.2.3_345 command injection attempt (server-webapp.rules) * 1:50318 <-> DISABLED <-> SERVER-WEBAPP Asus DSL-N12E_C1 1.1.2.3_345 command injection attempt (server-webapp.rules) * 1:50319 <-> DISABLED <-> SERVER-WEBAPP Asus DSL-N12E_C1 1.1.2.3_345 command injection attempt (server-webapp.rules) * 1:50326 <-> DISABLED <-> SERVER-WEBAPP Crestron AM platform command injection attempt (server-webapp.rules) * 1:50325 <-> DISABLED <-> SERVER-WEBAPP Crestron AM platform command injection attempt (server-webapp.rules) * 1:50321 <-> DISABLED <-> SERVER-WEBAPP MiCasaVerde VeraLite remote code execution attempt (server-webapp.rules) * 1:50322 <-> DISABLED <-> SERVER-WEBAPP MiCasaVerde VeraLite remote code execution attempt (server-webapp.rules) * 1:50323 <-> DISABLED <-> SERVER-WEBAPP Crestron AM platform command injection attempt (server-webapp.rules) * 1:50324 <-> DISABLED <-> SERVER-WEBAPP Crestron AM platform command injection attempt (server-webapp.rules) * 1:50327 <-> DISABLED <-> SERVER-WEBAPP LG SuperSignEz CMS command injection attempt (server-webapp.rules) * 1:50329 <-> DISABLED <-> SERVER-WEBAPP LG SuperSignEz CMS command injection attempt (server-webapp.rules) * 1:50330 <-> DISABLED <-> SERVER-WEBAPP LG SuperSignEz CMS command injection attempt (server-webapp.rules) * 1:50331 <-> DISABLED <-> SERVER-WEBAPP Asustor ADM command injection attempt (server-webapp.rules) * 1:50332 <-> DISABLED <-> SERVER-WEBAPP Asustor ADM command injection attempt (server-webapp.rules) * 1:50333 <-> DISABLED <-> SERVER-WEBAPP Asustor ADM command injection attempt (server-webapp.rules) * 1:50334 <-> DISABLED <-> SERVER-WEBAPP Asustor ADM command injection attempt (server-webapp.rules) * 1:50336 <-> ENABLED <-> SERVER-WEBAPP GoAhead IP Camera set_ftp.cgi command injection attempt (server-webapp.rules) * 1:50338 <-> ENABLED <-> SERVER-WEBAPP GoAhead IP Camera set_ftp.cgi command injection attempt (server-webapp.rules) * 1:50328 <-> DISABLED <-> SERVER-WEBAPP LG SuperSignEz CMS command injection attempt (server-webapp.rules) * 3:50320 <-> ENABLED <-> SERVER-OTHER Cisco Unified Communications Manager denial of service attempt (server-other.rules) * 3:50335 <-> ENABLED <-> SERVER-WEBAPP Cisco Industrial Network Director remote code execution attempt (server-webapp.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3000.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:50342 <-> DISABLED <-> SERVER-WEBAPP Schneider Electric U.Motion Builder command injection attempt (snort3-server-webapp.rules) * 1:50338 <-> ENABLED <-> SERVER-WEBAPP GoAhead IP Camera set_ftp.cgi command injection attempt (snort3-server-webapp.rules) * 1:50340 <-> DISABLED <-> SERVER-WEBAPP Schneider Electric U.Motion Builder command injection attempt (snort3-server-webapp.rules) * 1:50344 <-> ENABLED <-> SERVER-WEBAPP VMWare NSX SD-WAN Edge command injection attempt (snort3-server-webapp.rules) * 1:50339 <-> ENABLED <-> SERVER-WEBAPP GoAhead IP Camera set_ftp.cgi command injection attempt (snort3-server-webapp.rules) * 1:50300 <-> ENABLED <-> MALWARE-CNC Win.Trojan.TRITON attack tool outbound connection (snort3-malware-cnc.rules) * 1:50301 <-> ENABLED <-> MALWARE-CNC Win.Trojan.TRITON attack tool outbound connection (snort3-malware-cnc.rules) * 1:50302 <-> ENABLED <-> MALWARE-CNC Win.Trojan.TRITON attack tool outbound connection (snort3-malware-cnc.rules) * 1:50303 <-> ENABLED <-> MALWARE-CNC Win.Trojan.TRITON attack tool outbound connection (snort3-malware-cnc.rules) * 1:50304 <-> DISABLED <-> SERVER-WEBAPP OpenDreamBox 2.0.0 Plugin WebAdmin command injection attempt (snort3-server-webapp.rules) * 1:50305 <-> DISABLED <-> SERVER-WEBAPP OpenDreamBox 2.0.0 Plugin WebAdmin command injection attempt (snort3-server-webapp.rules) * 1:50306 <-> DISABLED <-> SERVER-WEBAPP OpenDreamBox 2.0.0 Plugin WebAdmin command injection attempt (snort3-server-webapp.rules) * 1:50307 <-> DISABLED <-> SERVER-WEBAPP OpenDreamBox 2.0.0 Plugin WebAdmin command injection attempt (snort3-server-webapp.rules) * 1:50308 <-> DISABLED <-> SERVER-WEBAPP Dell KACE K1000 command injection attempt (snort3-server-webapp.rules) * 1:50309 <-> DISABLED <-> SERVER-WEBAPP Dell KACE K1000 command injection attempt (snort3-server-webapp.rules) * 1:50310 <-> DISABLED <-> SERVER-WEBAPP Dell KACE K1000 command injection attempt (snort3-server-webapp.rules) * 1:50311 <-> DISABLED <-> SERVER-WEBAPP Dell KACE K1000 command injection attempt (snort3-server-webapp.rules) * 1:50312 <-> DISABLED <-> SERVER-WEBAPP HooToo tripMate protocol.csp mac parameter command injection attempt (snort3-server-webapp.rules) * 1:50313 <-> DISABLED <-> SERVER-WEBAPP HooToo tripMate protocol.csp mac parameter command injection attempt (snort3-server-webapp.rules) * 1:50314 <-> DISABLED <-> SERVER-WEBAPP HooToo tripMate protocol.csp mac parameter command injection attempt (snort3-server-webapp.rules) * 1:50315 <-> DISABLED <-> SERVER-WEBAPP HooToo tripMate protocol.csp mac parameter command injection attempt (snort3-server-webapp.rules) * 1:50316 <-> DISABLED <-> SERVER-WEBAPP Asus DSL-N12E_C1 1.1.2.3_345 command injection attempt (snort3-server-webapp.rules) * 1:50317 <-> DISABLED <-> SERVER-WEBAPP Asus DSL-N12E_C1 1.1.2.3_345 command injection attempt (snort3-server-webapp.rules) * 1:50318 <-> DISABLED <-> SERVER-WEBAPP Asus DSL-N12E_C1 1.1.2.3_345 command injection attempt (snort3-server-webapp.rules) * 1:50319 <-> DISABLED <-> SERVER-WEBAPP Asus DSL-N12E_C1 1.1.2.3_345 command injection attempt (snort3-server-webapp.rules) * 1:50321 <-> DISABLED <-> SERVER-WEBAPP MiCasaVerde VeraLite remote code execution attempt (snort3-server-webapp.rules) * 1:50322 <-> DISABLED <-> SERVER-WEBAPP MiCasaVerde VeraLite remote code execution attempt (snort3-server-webapp.rules) * 1:50325 <-> DISABLED <-> SERVER-WEBAPP Crestron AM platform command injection attempt (snort3-server-webapp.rules) * 1:50326 <-> DISABLED <-> SERVER-WEBAPP Crestron AM platform command injection attempt (snort3-server-webapp.rules) * 1:50327 <-> DISABLED <-> SERVER-WEBAPP LG SuperSignEz CMS command injection attempt (snort3-server-webapp.rules) * 1:50328 <-> DISABLED <-> SERVER-WEBAPP LG SuperSignEz CMS command injection attempt (snort3-server-webapp.rules) * 1:50324 <-> DISABLED <-> SERVER-WEBAPP Crestron AM platform command injection attempt (snort3-server-webapp.rules) * 1:50341 <-> DISABLED <-> SERVER-WEBAPP Schneider Electric U.Motion Builder command injection attempt (snort3-server-webapp.rules) * 1:50343 <-> DISABLED <-> SERVER-WEBAPP Schneider Electric U.Motion Builder command injection attempt (snort3-server-webapp.rules) * 1:50323 <-> DISABLED <-> SERVER-WEBAPP Crestron AM platform command injection attempt (snort3-server-webapp.rules) * 1:50345 <-> ENABLED <-> SERVER-WEBAPP VMWare NSX SD-WAN Edge command injection attempt (snort3-server-webapp.rules) * 1:50329 <-> DISABLED <-> SERVER-WEBAPP LG SuperSignEz CMS command injection attempt (snort3-server-webapp.rules) * 1:50330 <-> DISABLED <-> SERVER-WEBAPP LG SuperSignEz CMS command injection attempt (snort3-server-webapp.rules) * 1:50331 <-> DISABLED <-> SERVER-WEBAPP Asustor ADM command injection attempt (snort3-server-webapp.rules) * 1:50332 <-> DISABLED <-> SERVER-WEBAPP Asustor ADM command injection attempt (snort3-server-webapp.rules) * 1:50333 <-> DISABLED <-> SERVER-WEBAPP Asustor ADM command injection attempt (snort3-server-webapp.rules) * 1:50334 <-> DISABLED <-> SERVER-WEBAPP Asustor ADM command injection attempt (snort3-server-webapp.rules) * 1:50346 <-> ENABLED <-> SERVER-WEBAPP VMWare NSX SD-WAN Edge command injection attempt (snort3-server-webapp.rules) * 1:50336 <-> ENABLED <-> SERVER-WEBAPP GoAhead IP Camera set_ftp.cgi command injection attempt (snort3-server-webapp.rules) * 1:50347 <-> ENABLED <-> SERVER-WEBAPP VMWare NSX SD-WAN Edge command injection attempt (snort3-server-webapp.rules) * 1:50337 <-> ENABLED <-> SERVER-WEBAPP GoAhead IP Camera set_ftp.cgi command injection attempt (snort3-server-webapp.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2990.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:50339 <-> ENABLED <-> SERVER-WEBAPP GoAhead IP Camera set_ftp.cgi command injection attempt (server-webapp.rules) * 1:50347 <-> ENABLED <-> SERVER-WEBAPP VMWare NSX SD-WAN Edge command injection attempt (server-webapp.rules) * 1:50336 <-> ENABLED <-> SERVER-WEBAPP GoAhead IP Camera set_ftp.cgi command injection attempt (server-webapp.rules) * 1:50345 <-> ENABLED <-> SERVER-WEBAPP VMWare NSX SD-WAN Edge command injection attempt (server-webapp.rules) * 1:50344 <-> ENABLED <-> SERVER-WEBAPP VMWare NSX SD-WAN Edge command injection attempt (server-webapp.rules) * 1:50326 <-> DISABLED <-> SERVER-WEBAPP Crestron AM platform command injection attempt (server-webapp.rules) * 1:50333 <-> DISABLED <-> SERVER-WEBAPP Asustor ADM command injection attempt (server-webapp.rules) * 1:50323 <-> DISABLED <-> SERVER-WEBAPP Crestron AM platform command injection attempt (server-webapp.rules) * 1:50338 <-> ENABLED <-> SERVER-WEBAPP GoAhead IP Camera set_ftp.cgi command injection attempt (server-webapp.rules) * 1:50340 <-> DISABLED <-> SERVER-WEBAPP Schneider Electric U.Motion Builder command injection attempt (server-webapp.rules) * 1:50343 <-> DISABLED <-> SERVER-WEBAPP Schneider Electric U.Motion Builder command injection attempt (server-webapp.rules) * 1:50337 <-> ENABLED <-> SERVER-WEBAPP GoAhead IP Camera set_ftp.cgi command injection attempt (server-webapp.rules) * 1:50300 <-> ENABLED <-> MALWARE-CNC Win.Trojan.TRITON attack tool outbound connection (malware-cnc.rules) * 1:50301 <-> ENABLED <-> MALWARE-CNC Win.Trojan.TRITON attack tool outbound connection (malware-cnc.rules) * 1:50302 <-> ENABLED <-> MALWARE-CNC Win.Trojan.TRITON attack tool outbound connection (malware-cnc.rules) * 1:50303 <-> ENABLED <-> MALWARE-CNC Win.Trojan.TRITON attack tool outbound connection (malware-cnc.rules) * 1:50304 <-> DISABLED <-> SERVER-WEBAPP OpenDreamBox 2.0.0 Plugin WebAdmin command injection attempt (server-webapp.rules) * 1:50305 <-> DISABLED <-> SERVER-WEBAPP OpenDreamBox 2.0.0 Plugin WebAdmin command injection attempt (server-webapp.rules) * 1:50306 <-> DISABLED <-> SERVER-WEBAPP OpenDreamBox 2.0.0 Plugin WebAdmin command injection attempt (server-webapp.rules) * 1:50307 <-> DISABLED <-> SERVER-WEBAPP OpenDreamBox 2.0.0 Plugin WebAdmin command injection attempt (server-webapp.rules) * 1:50308 <-> DISABLED <-> SERVER-WEBAPP Dell KACE K1000 command injection attempt (server-webapp.rules) * 1:50309 <-> DISABLED <-> SERVER-WEBAPP Dell KACE K1000 command injection attempt (server-webapp.rules) * 1:50310 <-> DISABLED <-> SERVER-WEBAPP Dell KACE K1000 command injection attempt (server-webapp.rules) * 1:50311 <-> DISABLED <-> SERVER-WEBAPP Dell KACE K1000 command injection attempt (server-webapp.rules) * 1:50312 <-> DISABLED <-> SERVER-WEBAPP HooToo tripMate protocol.csp mac parameter command injection attempt (server-webapp.rules) * 1:50313 <-> DISABLED <-> SERVER-WEBAPP HooToo tripMate protocol.csp mac parameter command injection attempt (server-webapp.rules) * 1:50314 <-> DISABLED <-> SERVER-WEBAPP HooToo tripMate protocol.csp mac parameter command injection attempt (server-webapp.rules) * 1:50315 <-> DISABLED <-> SERVER-WEBAPP HooToo tripMate protocol.csp mac parameter command injection attempt (server-webapp.rules) * 1:50316 <-> DISABLED <-> SERVER-WEBAPP Asus DSL-N12E_C1 1.1.2.3_345 command injection attempt (server-webapp.rules) * 1:50325 <-> DISABLED <-> SERVER-WEBAPP Crestron AM platform command injection attempt (server-webapp.rules) * 1:50322 <-> DISABLED <-> SERVER-WEBAPP MiCasaVerde VeraLite remote code execution attempt (server-webapp.rules) * 1:50317 <-> DISABLED <-> SERVER-WEBAPP Asus DSL-N12E_C1 1.1.2.3_345 command injection attempt (server-webapp.rules) * 1:50318 <-> DISABLED <-> SERVER-WEBAPP Asus DSL-N12E_C1 1.1.2.3_345 command injection attempt (server-webapp.rules) * 1:50319 <-> DISABLED <-> SERVER-WEBAPP Asus DSL-N12E_C1 1.1.2.3_345 command injection attempt (server-webapp.rules) * 1:50321 <-> DISABLED <-> SERVER-WEBAPP MiCasaVerde VeraLite remote code execution attempt (server-webapp.rules) * 1:50324 <-> DISABLED <-> SERVER-WEBAPP Crestron AM platform command injection attempt (server-webapp.rules) * 1:50327 <-> DISABLED <-> SERVER-WEBAPP LG SuperSignEz CMS command injection attempt (server-webapp.rules) * 1:50328 <-> DISABLED <-> SERVER-WEBAPP LG SuperSignEz CMS command injection attempt (server-webapp.rules) * 1:50329 <-> DISABLED <-> SERVER-WEBAPP LG SuperSignEz CMS command injection attempt (server-webapp.rules) * 1:50330 <-> DISABLED <-> SERVER-WEBAPP LG SuperSignEz CMS command injection attempt (server-webapp.rules) * 1:50331 <-> DISABLED <-> SERVER-WEBAPP Asustor ADM command injection attempt (server-webapp.rules) * 1:50332 <-> DISABLED <-> SERVER-WEBAPP Asustor ADM command injection attempt (server-webapp.rules) * 1:50342 <-> DISABLED <-> SERVER-WEBAPP Schneider Electric U.Motion Builder command injection attempt (server-webapp.rules) * 1:50334 <-> DISABLED <-> SERVER-WEBAPP Asustor ADM command injection attempt (server-webapp.rules) * 1:50341 <-> DISABLED <-> SERVER-WEBAPP Schneider Electric U.Motion Builder command injection attempt (server-webapp.rules) * 1:50346 <-> ENABLED <-> SERVER-WEBAPP VMWare NSX SD-WAN Edge command injection attempt (server-webapp.rules) * 3:50320 <-> ENABLED <-> SERVER-OTHER Cisco Unified Communications Manager denial of service attempt (server-other.rules) * 3:50335 <-> ENABLED <-> SERVER-WEBAPP Cisco Industrial Network Director remote code execution attempt (server-webapp.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:50337 <-> ENABLED <-> SERVER-WEBAPP GoAhead IP Camera set_ftp.cgi command injection attempt (server-webapp.rules) * 1:50302 <-> ENABLED <-> MALWARE-CNC Win.Trojan.TRITON attack tool outbound connection (malware-cnc.rules) * 1:50342 <-> DISABLED <-> SERVER-WEBAPP Schneider Electric U.Motion Builder command injection attempt (server-webapp.rules) * 1:50347 <-> ENABLED <-> SERVER-WEBAPP VMWare NSX SD-WAN Edge command injection attempt (server-webapp.rules) * 1:50343 <-> DISABLED <-> SERVER-WEBAPP Schneider Electric U.Motion Builder command injection attempt (server-webapp.rules) * 1:50339 <-> ENABLED <-> SERVER-WEBAPP GoAhead IP Camera set_ftp.cgi command injection attempt (server-webapp.rules) * 1:50341 <-> DISABLED <-> SERVER-WEBAPP Schneider Electric U.Motion Builder command injection attempt (server-webapp.rules) * 1:50345 <-> ENABLED <-> SERVER-WEBAPP VMWare NSX SD-WAN Edge command injection attempt (server-webapp.rules) * 1:50340 <-> DISABLED <-> SERVER-WEBAPP Schneider Electric U.Motion Builder command injection attempt (server-webapp.rules) * 1:50300 <-> ENABLED <-> MALWARE-CNC Win.Trojan.TRITON attack tool outbound connection (malware-cnc.rules) * 1:50344 <-> ENABLED <-> SERVER-WEBAPP VMWare NSX SD-WAN Edge command injection attempt (server-webapp.rules) * 1:50303 <-> ENABLED <-> MALWARE-CNC Win.Trojan.TRITON attack tool outbound connection (malware-cnc.rules) * 1:50304 <-> DISABLED <-> SERVER-WEBAPP OpenDreamBox 2.0.0 Plugin WebAdmin command injection attempt (server-webapp.rules) * 1:50305 <-> DISABLED <-> SERVER-WEBAPP OpenDreamBox 2.0.0 Plugin WebAdmin command injection attempt (server-webapp.rules) * 1:50306 <-> DISABLED <-> SERVER-WEBAPP OpenDreamBox 2.0.0 Plugin WebAdmin command injection attempt (server-webapp.rules) * 1:50307 <-> DISABLED <-> SERVER-WEBAPP OpenDreamBox 2.0.0 Plugin WebAdmin command injection attempt (server-webapp.rules) * 1:50308 <-> DISABLED <-> SERVER-WEBAPP Dell KACE K1000 command injection attempt (server-webapp.rules) * 1:50309 <-> DISABLED <-> SERVER-WEBAPP Dell KACE K1000 command injection attempt (server-webapp.rules) * 1:50310 <-> DISABLED <-> SERVER-WEBAPP Dell KACE K1000 command injection attempt (server-webapp.rules) * 1:50311 <-> DISABLED <-> SERVER-WEBAPP Dell KACE K1000 command injection attempt (server-webapp.rules) * 1:50312 <-> DISABLED <-> SERVER-WEBAPP HooToo tripMate protocol.csp mac parameter command injection attempt (server-webapp.rules) * 1:50313 <-> DISABLED <-> SERVER-WEBAPP HooToo tripMate protocol.csp mac parameter command injection attempt (server-webapp.rules) * 1:50314 <-> DISABLED <-> SERVER-WEBAPP HooToo tripMate protocol.csp mac parameter command injection attempt (server-webapp.rules) * 1:50315 <-> DISABLED <-> SERVER-WEBAPP HooToo tripMate protocol.csp mac parameter command injection attempt (server-webapp.rules) * 1:50316 <-> DISABLED <-> SERVER-WEBAPP Asus DSL-N12E_C1 1.1.2.3_345 command injection attempt (server-webapp.rules) * 1:50317 <-> DISABLED <-> SERVER-WEBAPP Asus DSL-N12E_C1 1.1.2.3_345 command injection attempt (server-webapp.rules) * 1:50318 <-> DISABLED <-> SERVER-WEBAPP Asus DSL-N12E_C1 1.1.2.3_345 command injection attempt (server-webapp.rules) * 1:50319 <-> DISABLED <-> SERVER-WEBAPP Asus DSL-N12E_C1 1.1.2.3_345 command injection attempt (server-webapp.rules) * 1:50323 <-> DISABLED <-> SERVER-WEBAPP Crestron AM platform command injection attempt (server-webapp.rules) * 1:50324 <-> DISABLED <-> SERVER-WEBAPP Crestron AM platform command injection attempt (server-webapp.rules) * 1:50325 <-> DISABLED <-> SERVER-WEBAPP Crestron AM platform command injection attempt (server-webapp.rules) * 1:50338 <-> ENABLED <-> SERVER-WEBAPP GoAhead IP Camera set_ftp.cgi command injection attempt (server-webapp.rules) * 1:50326 <-> DISABLED <-> SERVER-WEBAPP Crestron AM platform command injection attempt (server-webapp.rules) * 1:50322 <-> DISABLED <-> SERVER-WEBAPP MiCasaVerde VeraLite remote code execution attempt (server-webapp.rules) * 1:50327 <-> DISABLED <-> SERVER-WEBAPP LG SuperSignEz CMS command injection attempt (server-webapp.rules) * 1:50321 <-> DISABLED <-> SERVER-WEBAPP MiCasaVerde VeraLite remote code execution attempt (server-webapp.rules) * 1:50328 <-> DISABLED <-> SERVER-WEBAPP LG SuperSignEz CMS command injection attempt (server-webapp.rules) * 1:50329 <-> DISABLED <-> SERVER-WEBAPP LG SuperSignEz CMS command injection attempt (server-webapp.rules) * 1:50330 <-> DISABLED <-> SERVER-WEBAPP LG SuperSignEz CMS command injection attempt (server-webapp.rules) * 1:50331 <-> DISABLED <-> SERVER-WEBAPP Asustor ADM command injection attempt (server-webapp.rules) * 1:50332 <-> DISABLED <-> SERVER-WEBAPP Asustor ADM command injection attempt (server-webapp.rules) * 1:50334 <-> DISABLED <-> SERVER-WEBAPP Asustor ADM command injection attempt (server-webapp.rules) * 1:50333 <-> DISABLED <-> SERVER-WEBAPP Asustor ADM command injection attempt (server-webapp.rules) * 1:50346 <-> ENABLED <-> SERVER-WEBAPP VMWare NSX SD-WAN Edge command injection attempt (server-webapp.rules) * 1:50336 <-> ENABLED <-> SERVER-WEBAPP GoAhead IP Camera set_ftp.cgi command injection attempt (server-webapp.rules) * 1:50301 <-> ENABLED <-> MALWARE-CNC Win.Trojan.TRITON attack tool outbound connection (malware-cnc.rules) * 3:50320 <-> ENABLED <-> SERVER-OTHER Cisco Unified Communications Manager denial of service attempt (server-other.rules) * 3:50335 <-> ENABLED <-> SERVER-WEBAPP Cisco Industrial Network Director remote code execution attempt (server-webapp.rules)
©2024 Cisco and/or its affiliates. Snort, the Snort and Pig logo are registered trademarks of Cisco. All rights reserved.
