Talos has added and modified multiple rules in the file-multimedia, file-other, malware-cnc, malware-other, policy-other, server-apache and server-webapp rule sets to provide coverage for emerging threats from these technologies.
For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091401.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:51682 <-> DISABLED <-> SERVER-WEBAPP Apache Solr DataImportHandler arbitrary code execution attempt (server-webapp.rules) * 1:51681 <-> DISABLED <-> SERVER-WEBAPP Apache Solr DataImportHandler arbitrary code execution attempt (server-webapp.rules) * 1:51672 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Moonshine outbound connection (malware-cnc.rules) * 1:51671 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Silence variant outbound connection detected (malware-cnc.rules) * 1:51670 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Silence variant outbound connection detected (malware-cnc.rules) * 1:51669 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager download.php directory traversal attempt (server-webapp.rules) * 1:51668 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager download.php directory traversal attempt (server-webapp.rules) * 1:51667 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager download.php directory traversal attempt (server-webapp.rules) * 1:51664 <-> DISABLED <-> SERVER-WEBAPP Cesanta Mongoose buffer overflow attempt (server-webapp.rules) * 1:51663 <-> DISABLED <-> SERVER-WEBAPP WordPress plugin Grace Media Player local file inclusion attempt (server-webapp.rules) * 1:51662 <-> DISABLED <-> SERVER-APACHE Apache Qpid AMQP denial of service attempt (server-apache.rules) * 1:51661 <-> DISABLED <-> SERVER-WEBAPP Responsive FileManager directory traversal attempt (server-webapp.rules) * 1:51660 <-> DISABLED <-> SERVER-WEBAPP Responsive FileManager cross site scripting attempt (server-webapp.rules) * 1:51659 <-> DISABLED <-> SERVER-WEBAPP Responsive FileManager directory traversal attempt (server-webapp.rules) * 1:51658 <-> DISABLED <-> SERVER-WEBAPP Responsive FileManager directory traversal attempt (server-webapp.rules) * 1:51657 <-> DISABLED <-> SERVER-WEBAPP B-net Software cross site scripting attempt (server-webapp.rules) * 1:51656 <-> DISABLED <-> SERVER-WEBAPP B-net Software cross site scripting attempt (server-webapp.rules) * 1:51655 <-> DISABLED <-> SERVER-WEBAPP B-net Software cross site scripting attempt (server-webapp.rules) * 1:51654 <-> DISABLED <-> POLICY-OTHER InduSoft Web Studio MTCheckFileFunctionsTimeout remote code execution attempt (policy-other.rules) * 1:51683 <-> DISABLED <-> POLICY-OTHER Apache Solr DataImportHandler arbitrary dataConfig import attempt (policy-other.rules) * 3:51674 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2019-0912 attack attempt (file-multimedia.rules) * 3:51673 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2019-0912 attack attempt (file-multimedia.rules) * 3:51665 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2019-0913 attack attempt (file-other.rules) * 3:51666 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2019-0913 attack attempt (file-other.rules) * 3:51677 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2019-0912 attack attempt (file-multimedia.rules) * 3:51675 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2019-0912 attack attempt (file-multimedia.rules) * 3:51676 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2019-0912 attack attempt (file-multimedia.rules) * 3:51680 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2019-0912 attack attempt (file-multimedia.rules) * 3:51684 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0914 attack attempt (server-webapp.rules) * 3:51678 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2019-0912 attack attempt (file-multimedia.rules) * 3:51679 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2019-0912 attack attempt (file-multimedia.rules)
* 1:44375 <-> DISABLED <-> SERVER-OTHER Open SSL 1.0.2 DoS attempt with an invalid signature algorithm (server-other.rules) * 1:44501 <-> DISABLED <-> SERVER-OTHER Advantech WebAccess buffer overflow attempt (server-other.rules) * 1:41802 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager Fastback buffer overflow attempt (server-other.rules) * 1:44742 <-> DISABLED <-> SERVER-OTHER Novell GroupWise HTTP interface arbitrary file retrieval attempt (server-other.rules) * 1:36816 <-> ENABLED <-> SERVER-OTHER MIT Kerberos 5 IAKERB outbound token detected (server-other.rules) * 1:49670 <-> ENABLED <-> SERVER-OTHER Hashicorp Consul services API remote code execution attempt (server-other.rules) * 1:41801 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager Fastback buffer overflow attempt (server-other.rules) * 1:36814 <-> DISABLED <-> SERVER-OTHER MIT Kerberos 5 SPNEGO acceptor acc_ctx_cont denial of service attempt (server-other.rules) * 1:43602 <-> DISABLED <-> SERVER-OTHER Wireshark ENTTEC DMX RLE buffer overflow attempt (server-other.rules) * 1:44326 <-> DISABLED <-> SERVER-OTHER Novell iPrint Client buffer overflow attempt (server-other.rules) * 1:38246 <-> DISABLED <-> SERVER-OTHER Flexera FlexNet Publisher stack buffer overflow attempt (server-other.rules) * 1:38247 <-> DISABLED <-> SERVER-OTHER Flexera FlexNet Publisher stack buffer overflow attempt (server-other.rules) * 1:48121 <-> DISABLED <-> SERVER-OTHER LSIS wXP Denial of Service attempt (server-other.rules) * 1:40845 <-> DISABLED <-> SERVER-OTHER OpenSSL Invalid CMS structure null pointer dereference attempt (server-other.rules) * 1:49968 <-> DISABLED <-> SERVER-OTHER Flexera FlexNet Publisher stack buffer overflow attempt (server-other.rules) * 1:47265 <-> ENABLED <-> MALWARE-CNC Win.Trojan.ICLoader outbound connection (malware-cnc.rules) * 1:51526 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Crysis malicious executable download attempt (malware-other.rules) * 1:51522 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Crysis malicious executable download attempt (malware-other.rules) * 1:44741 <-> DISABLED <-> SERVER-OTHER Novell GroupWise HTTP interface arbitrary file retrieval attempt (server-other.rules) * 1:44740 <-> DISABLED <-> SERVER-OTHER Novell GroupWise HTTP interface arbitrary file retrieval attempt (server-other.rules) * 1:44502 <-> DISABLED <-> SERVER-OTHER Advantech WebAccess buffer overflow attempt (server-other.rules) * 1:44739 <-> DISABLED <-> SERVER-OTHER Novell GroupWise HTTP interface arbitrary file retrieval attempt (server-other.rules) * 1:39910 <-> DISABLED <-> SERVER-OTHER Flexera FlexNet Publisher stack buffer overflow attempt (server-other.rules) * 1:49195 <-> DISABLED <-> SERVER-OTHER Multiple products runc arbitrary code execution attempt (server-other.rules) * 1:41799 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager Fastback buffer overflow attempt (server-other.rules) * 1:41800 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager Fastback buffer overflow attempt (server-other.rules) * 1:44374 <-> DISABLED <-> SERVER-OTHER Open SSL 1.0.2 DoS attempt with an invalid hash algorithm (server-other.rules) * 1:36815 <-> ENABLED <-> SERVER-OTHER MIT Kerberos 5 SPNEGO incoming token detected (server-other.rules) * 1:1762 <-> DISABLED <-> SERVER-WEBAPP phf arbitrary command execution attempt (server-webapp.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091300.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:51682 <-> DISABLED <-> SERVER-WEBAPP Apache Solr DataImportHandler arbitrary code execution attempt (server-webapp.rules) * 1:51681 <-> DISABLED <-> SERVER-WEBAPP Apache Solr DataImportHandler arbitrary code execution attempt (server-webapp.rules) * 1:51659 <-> DISABLED <-> SERVER-WEBAPP Responsive FileManager directory traversal attempt (server-webapp.rules) * 1:51670 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Silence variant outbound connection detected (malware-cnc.rules) * 1:51671 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Silence variant outbound connection detected (malware-cnc.rules) * 1:51654 <-> DISABLED <-> POLICY-OTHER InduSoft Web Studio MTCheckFileFunctionsTimeout remote code execution attempt (policy-other.rules) * 1:51657 <-> DISABLED <-> SERVER-WEBAPP B-net Software cross site scripting attempt (server-webapp.rules) * 1:51683 <-> DISABLED <-> POLICY-OTHER Apache Solr DataImportHandler arbitrary dataConfig import attempt (policy-other.rules) * 1:51658 <-> DISABLED <-> SERVER-WEBAPP Responsive FileManager directory traversal attempt (server-webapp.rules) * 1:51663 <-> DISABLED <-> SERVER-WEBAPP WordPress plugin Grace Media Player local file inclusion attempt (server-webapp.rules) * 1:51667 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager download.php directory traversal attempt (server-webapp.rules) * 1:51656 <-> DISABLED <-> SERVER-WEBAPP B-net Software cross site scripting attempt (server-webapp.rules) * 1:51668 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager download.php directory traversal attempt (server-webapp.rules) * 1:51669 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager download.php directory traversal attempt (server-webapp.rules) * 1:51664 <-> DISABLED <-> SERVER-WEBAPP Cesanta Mongoose buffer overflow attempt (server-webapp.rules) * 1:51655 <-> DISABLED <-> SERVER-WEBAPP B-net Software cross site scripting attempt (server-webapp.rules) * 1:51672 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Moonshine outbound connection (malware-cnc.rules) * 1:51660 <-> DISABLED <-> SERVER-WEBAPP Responsive FileManager cross site scripting attempt (server-webapp.rules) * 1:51662 <-> DISABLED <-> SERVER-APACHE Apache Qpid AMQP denial of service attempt (server-apache.rules) * 1:51661 <-> DISABLED <-> SERVER-WEBAPP Responsive FileManager directory traversal attempt (server-webapp.rules) * 3:51666 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2019-0913 attack attempt (file-other.rules) * 3:51678 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2019-0912 attack attempt (file-multimedia.rules) * 3:51673 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2019-0912 attack attempt (file-multimedia.rules) * 3:51675 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2019-0912 attack attempt (file-multimedia.rules) * 3:51676 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2019-0912 attack attempt (file-multimedia.rules) * 3:51684 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0914 attack attempt (server-webapp.rules) * 3:51677 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2019-0912 attack attempt (file-multimedia.rules) * 3:51679 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2019-0912 attack attempt (file-multimedia.rules) * 3:51680 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2019-0912 attack attempt (file-multimedia.rules) * 3:51665 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2019-0913 attack attempt (file-other.rules) * 3:51674 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2019-0912 attack attempt (file-multimedia.rules)
* 1:41801 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager Fastback buffer overflow attempt (server-other.rules) * 1:36814 <-> DISABLED <-> SERVER-OTHER MIT Kerberos 5 SPNEGO acceptor acc_ctx_cont denial of service attempt (server-other.rules) * 1:44742 <-> DISABLED <-> SERVER-OTHER Novell GroupWise HTTP interface arbitrary file retrieval attempt (server-other.rules) * 1:44501 <-> DISABLED <-> SERVER-OTHER Advantech WebAccess buffer overflow attempt (server-other.rules) * 1:44375 <-> DISABLED <-> SERVER-OTHER Open SSL 1.0.2 DoS attempt with an invalid signature algorithm (server-other.rules) * 1:44502 <-> DISABLED <-> SERVER-OTHER Advantech WebAccess buffer overflow attempt (server-other.rules) * 1:51526 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Crysis malicious executable download attempt (malware-other.rules) * 1:47265 <-> ENABLED <-> MALWARE-CNC Win.Trojan.ICLoader outbound connection (malware-cnc.rules) * 1:41799 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager Fastback buffer overflow attempt (server-other.rules) * 1:48121 <-> DISABLED <-> SERVER-OTHER LSIS wXP Denial of Service attempt (server-other.rules) * 1:43602 <-> DISABLED <-> SERVER-OTHER Wireshark ENTTEC DMX RLE buffer overflow attempt (server-other.rules) * 1:36815 <-> ENABLED <-> SERVER-OTHER MIT Kerberos 5 SPNEGO incoming token detected (server-other.rules) * 1:38246 <-> DISABLED <-> SERVER-OTHER Flexera FlexNet Publisher stack buffer overflow attempt (server-other.rules) * 1:41800 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager Fastback buffer overflow attempt (server-other.rules) * 1:36816 <-> ENABLED <-> SERVER-OTHER MIT Kerberos 5 IAKERB outbound token detected (server-other.rules) * 1:1762 <-> DISABLED <-> SERVER-WEBAPP phf arbitrary command execution attempt (server-webapp.rules) * 1:44374 <-> DISABLED <-> SERVER-OTHER Open SSL 1.0.2 DoS attempt with an invalid hash algorithm (server-other.rules) * 1:44326 <-> DISABLED <-> SERVER-OTHER Novell iPrint Client buffer overflow attempt (server-other.rules) * 1:40845 <-> DISABLED <-> SERVER-OTHER OpenSSL Invalid CMS structure null pointer dereference attempt (server-other.rules) * 1:44739 <-> DISABLED <-> SERVER-OTHER Novell GroupWise HTTP interface arbitrary file retrieval attempt (server-other.rules) * 1:38247 <-> DISABLED <-> SERVER-OTHER Flexera FlexNet Publisher stack buffer overflow attempt (server-other.rules) * 1:44740 <-> DISABLED <-> SERVER-OTHER Novell GroupWise HTTP interface arbitrary file retrieval attempt (server-other.rules) * 1:44741 <-> DISABLED <-> SERVER-OTHER Novell GroupWise HTTP interface arbitrary file retrieval attempt (server-other.rules) * 1:39910 <-> DISABLED <-> SERVER-OTHER Flexera FlexNet Publisher stack buffer overflow attempt (server-other.rules) * 1:49968 <-> DISABLED <-> SERVER-OTHER Flexera FlexNet Publisher stack buffer overflow attempt (server-other.rules) * 1:49670 <-> ENABLED <-> SERVER-OTHER Hashicorp Consul services API remote code execution attempt (server-other.rules) * 1:49195 <-> DISABLED <-> SERVER-OTHER Multiple products runc arbitrary code execution attempt (server-other.rules) * 1:51522 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Crysis malicious executable download attempt (malware-other.rules) * 1:41802 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager Fastback buffer overflow attempt (server-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091200.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:51683 <-> DISABLED <-> POLICY-OTHER Apache Solr DataImportHandler arbitrary dataConfig import attempt (policy-other.rules) * 1:51668 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager download.php directory traversal attempt (server-webapp.rules) * 1:51682 <-> DISABLED <-> SERVER-WEBAPP Apache Solr DataImportHandler arbitrary code execution attempt (server-webapp.rules) * 1:51654 <-> DISABLED <-> POLICY-OTHER InduSoft Web Studio MTCheckFileFunctionsTimeout remote code execution attempt (policy-other.rules) * 1:51660 <-> DISABLED <-> SERVER-WEBAPP Responsive FileManager cross site scripting attempt (server-webapp.rules) * 1:51664 <-> DISABLED <-> SERVER-WEBAPP Cesanta Mongoose buffer overflow attempt (server-webapp.rules) * 1:51659 <-> DISABLED <-> SERVER-WEBAPP Responsive FileManager directory traversal attempt (server-webapp.rules) * 1:51662 <-> DISABLED <-> SERVER-APACHE Apache Qpid AMQP denial of service attempt (server-apache.rules) * 1:51669 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager download.php directory traversal attempt (server-webapp.rules) * 1:51657 <-> DISABLED <-> SERVER-WEBAPP B-net Software cross site scripting attempt (server-webapp.rules) * 1:51656 <-> DISABLED <-> SERVER-WEBAPP B-net Software cross site scripting attempt (server-webapp.rules) * 1:51658 <-> DISABLED <-> SERVER-WEBAPP Responsive FileManager directory traversal attempt (server-webapp.rules) * 1:51663 <-> DISABLED <-> SERVER-WEBAPP WordPress plugin Grace Media Player local file inclusion attempt (server-webapp.rules) * 1:51672 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Moonshine outbound connection (malware-cnc.rules) * 1:51670 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Silence variant outbound connection detected (malware-cnc.rules) * 1:51661 <-> DISABLED <-> SERVER-WEBAPP Responsive FileManager directory traversal attempt (server-webapp.rules) * 1:51681 <-> DISABLED <-> SERVER-WEBAPP Apache Solr DataImportHandler arbitrary code execution attempt (server-webapp.rules) * 1:51671 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Silence variant outbound connection detected (malware-cnc.rules) * 1:51655 <-> DISABLED <-> SERVER-WEBAPP B-net Software cross site scripting attempt (server-webapp.rules) * 1:51667 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager download.php directory traversal attempt (server-webapp.rules) * 3:51680 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2019-0912 attack attempt (file-multimedia.rules) * 3:51675 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2019-0912 attack attempt (file-multimedia.rules) * 3:51684 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0914 attack attempt (server-webapp.rules) * 3:51679 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2019-0912 attack attempt (file-multimedia.rules) * 3:51666 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2019-0913 attack attempt (file-other.rules) * 3:51674 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2019-0912 attack attempt (file-multimedia.rules) * 3:51673 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2019-0912 attack attempt (file-multimedia.rules) * 3:51665 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2019-0913 attack attempt (file-other.rules) * 3:51676 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2019-0912 attack attempt (file-multimedia.rules) * 3:51678 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2019-0912 attack attempt (file-multimedia.rules) * 3:51677 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2019-0912 attack attempt (file-multimedia.rules)
* 1:36816 <-> ENABLED <-> SERVER-OTHER MIT Kerberos 5 IAKERB outbound token detected (server-other.rules) * 1:39910 <-> DISABLED <-> SERVER-OTHER Flexera FlexNet Publisher stack buffer overflow attempt (server-other.rules) * 1:44375 <-> DISABLED <-> SERVER-OTHER Open SSL 1.0.2 DoS attempt with an invalid signature algorithm (server-other.rules) * 1:36814 <-> DISABLED <-> SERVER-OTHER MIT Kerberos 5 SPNEGO acceptor acc_ctx_cont denial of service attempt (server-other.rules) * 1:44501 <-> DISABLED <-> SERVER-OTHER Advantech WebAccess buffer overflow attempt (server-other.rules) * 1:41802 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager Fastback buffer overflow attempt (server-other.rules) * 1:48121 <-> DISABLED <-> SERVER-OTHER LSIS wXP Denial of Service attempt (server-other.rules) * 1:51522 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Crysis malicious executable download attempt (malware-other.rules) * 1:51526 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Crysis malicious executable download attempt (malware-other.rules) * 1:44742 <-> DISABLED <-> SERVER-OTHER Novell GroupWise HTTP interface arbitrary file retrieval attempt (server-other.rules) * 1:44326 <-> DISABLED <-> SERVER-OTHER Novell iPrint Client buffer overflow attempt (server-other.rules) * 1:40845 <-> DISABLED <-> SERVER-OTHER OpenSSL Invalid CMS structure null pointer dereference attempt (server-other.rules) * 1:49670 <-> ENABLED <-> SERVER-OTHER Hashicorp Consul services API remote code execution attempt (server-other.rules) * 1:47265 <-> ENABLED <-> MALWARE-CNC Win.Trojan.ICLoader outbound connection (malware-cnc.rules) * 1:44374 <-> DISABLED <-> SERVER-OTHER Open SSL 1.0.2 DoS attempt with an invalid hash algorithm (server-other.rules) * 1:49968 <-> DISABLED <-> SERVER-OTHER Flexera FlexNet Publisher stack buffer overflow attempt (server-other.rules) * 1:44740 <-> DISABLED <-> SERVER-OTHER Novell GroupWise HTTP interface arbitrary file retrieval attempt (server-other.rules) * 1:1762 <-> DISABLED <-> SERVER-WEBAPP phf arbitrary command execution attempt (server-webapp.rules) * 1:38246 <-> DISABLED <-> SERVER-OTHER Flexera FlexNet Publisher stack buffer overflow attempt (server-other.rules) * 1:49195 <-> DISABLED <-> SERVER-OTHER Multiple products runc arbitrary code execution attempt (server-other.rules) * 1:41800 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager Fastback buffer overflow attempt (server-other.rules) * 1:38247 <-> DISABLED <-> SERVER-OTHER Flexera FlexNet Publisher stack buffer overflow attempt (server-other.rules) * 1:36815 <-> ENABLED <-> SERVER-OTHER MIT Kerberos 5 SPNEGO incoming token detected (server-other.rules) * 1:41801 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager Fastback buffer overflow attempt (server-other.rules) * 1:43602 <-> DISABLED <-> SERVER-OTHER Wireshark ENTTEC DMX RLE buffer overflow attempt (server-other.rules) * 1:44502 <-> DISABLED <-> SERVER-OTHER Advantech WebAccess buffer overflow attempt (server-other.rules) * 1:44741 <-> DISABLED <-> SERVER-OTHER Novell GroupWise HTTP interface arbitrary file retrieval attempt (server-other.rules) * 1:44739 <-> DISABLED <-> SERVER-OTHER Novell GroupWise HTTP interface arbitrary file retrieval attempt (server-other.rules) * 1:41799 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager Fastback buffer overflow attempt (server-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091101.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:51683 <-> DISABLED <-> POLICY-OTHER Apache Solr DataImportHandler arbitrary dataConfig import attempt (policy-other.rules) * 1:51664 <-> DISABLED <-> SERVER-WEBAPP Cesanta Mongoose buffer overflow attempt (server-webapp.rules) * 1:51667 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager download.php directory traversal attempt (server-webapp.rules) * 1:51668 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager download.php directory traversal attempt (server-webapp.rules) * 1:51662 <-> DISABLED <-> SERVER-APACHE Apache Qpid AMQP denial of service attempt (server-apache.rules) * 1:51672 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Moonshine outbound connection (malware-cnc.rules) * 1:51671 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Silence variant outbound connection detected (malware-cnc.rules) * 1:51658 <-> DISABLED <-> SERVER-WEBAPP Responsive FileManager directory traversal attempt (server-webapp.rules) * 1:51660 <-> DISABLED <-> SERVER-WEBAPP Responsive FileManager cross site scripting attempt (server-webapp.rules) * 1:51661 <-> DISABLED <-> SERVER-WEBAPP Responsive FileManager directory traversal attempt (server-webapp.rules) * 1:51659 <-> DISABLED <-> SERVER-WEBAPP Responsive FileManager directory traversal attempt (server-webapp.rules) * 1:51657 <-> DISABLED <-> SERVER-WEBAPP B-net Software cross site scripting attempt (server-webapp.rules) * 1:51655 <-> DISABLED <-> SERVER-WEBAPP B-net Software cross site scripting attempt (server-webapp.rules) * 1:51669 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager download.php directory traversal attempt (server-webapp.rules) * 1:51670 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Silence variant outbound connection detected (malware-cnc.rules) * 1:51681 <-> DISABLED <-> SERVER-WEBAPP Apache Solr DataImportHandler arbitrary code execution attempt (server-webapp.rules) * 1:51682 <-> DISABLED <-> SERVER-WEBAPP Apache Solr DataImportHandler arbitrary code execution attempt (server-webapp.rules) * 1:51656 <-> DISABLED <-> SERVER-WEBAPP B-net Software cross site scripting attempt (server-webapp.rules) * 1:51663 <-> DISABLED <-> SERVER-WEBAPP WordPress plugin Grace Media Player local file inclusion attempt (server-webapp.rules) * 1:51654 <-> DISABLED <-> POLICY-OTHER InduSoft Web Studio MTCheckFileFunctionsTimeout remote code execution attempt (policy-other.rules) * 3:51674 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2019-0912 attack attempt (file-multimedia.rules) * 3:51665 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2019-0913 attack attempt (file-other.rules) * 3:51679 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2019-0912 attack attempt (file-multimedia.rules) * 3:51676 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2019-0912 attack attempt (file-multimedia.rules) * 3:51678 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2019-0912 attack attempt (file-multimedia.rules) * 3:51673 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2019-0912 attack attempt (file-multimedia.rules) * 3:51680 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2019-0912 attack attempt (file-multimedia.rules) * 3:51675 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2019-0912 attack attempt (file-multimedia.rules) * 3:51684 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0914 attack attempt (server-webapp.rules) * 3:51677 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2019-0912 attack attempt (file-multimedia.rules) * 3:51666 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2019-0913 attack attempt (file-other.rules)
* 1:44375 <-> DISABLED <-> SERVER-OTHER Open SSL 1.0.2 DoS attempt with an invalid signature algorithm (server-other.rules) * 1:36816 <-> ENABLED <-> SERVER-OTHER MIT Kerberos 5 IAKERB outbound token detected (server-other.rules) * 1:44501 <-> DISABLED <-> SERVER-OTHER Advantech WebAccess buffer overflow attempt (server-other.rules) * 1:36814 <-> DISABLED <-> SERVER-OTHER MIT Kerberos 5 SPNEGO acceptor acc_ctx_cont denial of service attempt (server-other.rules) * 1:44326 <-> DISABLED <-> SERVER-OTHER Novell iPrint Client buffer overflow attempt (server-other.rules) * 1:47265 <-> ENABLED <-> MALWARE-CNC Win.Trojan.ICLoader outbound connection (malware-cnc.rules) * 1:40845 <-> DISABLED <-> SERVER-OTHER OpenSSL Invalid CMS structure null pointer dereference attempt (server-other.rules) * 1:43602 <-> DISABLED <-> SERVER-OTHER Wireshark ENTTEC DMX RLE buffer overflow attempt (server-other.rules) * 1:44374 <-> DISABLED <-> SERVER-OTHER Open SSL 1.0.2 DoS attempt with an invalid hash algorithm (server-other.rules) * 1:1762 <-> DISABLED <-> SERVER-WEBAPP phf arbitrary command execution attempt (server-webapp.rules) * 1:41799 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager Fastback buffer overflow attempt (server-other.rules) * 1:48121 <-> DISABLED <-> SERVER-OTHER LSIS wXP Denial of Service attempt (server-other.rules) * 1:38246 <-> DISABLED <-> SERVER-OTHER Flexera FlexNet Publisher stack buffer overflow attempt (server-other.rules) * 1:51526 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Crysis malicious executable download attempt (malware-other.rules) * 1:41800 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager Fastback buffer overflow attempt (server-other.rules) * 1:38247 <-> DISABLED <-> SERVER-OTHER Flexera FlexNet Publisher stack buffer overflow attempt (server-other.rules) * 1:44741 <-> DISABLED <-> SERVER-OTHER Novell GroupWise HTTP interface arbitrary file retrieval attempt (server-other.rules) * 1:44740 <-> DISABLED <-> SERVER-OTHER Novell GroupWise HTTP interface arbitrary file retrieval attempt (server-other.rules) * 1:39910 <-> DISABLED <-> SERVER-OTHER Flexera FlexNet Publisher stack buffer overflow attempt (server-other.rules) * 1:49968 <-> DISABLED <-> SERVER-OTHER Flexera FlexNet Publisher stack buffer overflow attempt (server-other.rules) * 1:49670 <-> ENABLED <-> SERVER-OTHER Hashicorp Consul services API remote code execution attempt (server-other.rules) * 1:51522 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Crysis malicious executable download attempt (malware-other.rules) * 1:49195 <-> DISABLED <-> SERVER-OTHER Multiple products runc arbitrary code execution attempt (server-other.rules) * 1:44742 <-> DISABLED <-> SERVER-OTHER Novell GroupWise HTTP interface arbitrary file retrieval attempt (server-other.rules) * 1:41802 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager Fastback buffer overflow attempt (server-other.rules) * 1:41801 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager Fastback buffer overflow attempt (server-other.rules) * 1:36815 <-> ENABLED <-> SERVER-OTHER MIT Kerberos 5 SPNEGO incoming token detected (server-other.rules) * 1:44502 <-> DISABLED <-> SERVER-OTHER Advantech WebAccess buffer overflow attempt (server-other.rules) * 1:44739 <-> DISABLED <-> SERVER-OTHER Novell GroupWise HTTP interface arbitrary file retrieval attempt (server-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3000.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:51657 <-> DISABLED <-> SERVER-WEBAPP B-net Software cross site scripting attempt (snort3-server-webapp.rules) * 1:51656 <-> DISABLED <-> SERVER-WEBAPP B-net Software cross site scripting attempt (snort3-server-webapp.rules) * 1:51682 <-> DISABLED <-> SERVER-WEBAPP Apache Solr DataImportHandler arbitrary code execution attempt (snort3-server-webapp.rules) * 1:51667 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager download.php directory traversal attempt (snort3-server-webapp.rules) * 1:51668 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager download.php directory traversal attempt (snort3-server-webapp.rules) * 1:51669 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager download.php directory traversal attempt (snort3-server-webapp.rules) * 1:51670 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Silence variant outbound connection detected (snort3-malware-cnc.rules) * 1:51661 <-> DISABLED <-> SERVER-WEBAPP Responsive FileManager directory traversal attempt (snort3-server-webapp.rules) * 1:51662 <-> DISABLED <-> SERVER-APACHE Apache Qpid AMQP denial of service attempt (snort3-server-apache.rules) * 1:51663 <-> DISABLED <-> SERVER-WEBAPP WordPress plugin Grace Media Player local file inclusion attempt (snort3-server-webapp.rules) * 1:51664 <-> DISABLED <-> SERVER-WEBAPP Cesanta Mongoose buffer overflow attempt (snort3-server-webapp.rules) * 1:51658 <-> DISABLED <-> SERVER-WEBAPP Responsive FileManager directory traversal attempt (snort3-server-webapp.rules) * 1:51655 <-> DISABLED <-> SERVER-WEBAPP B-net Software cross site scripting attempt (snort3-server-webapp.rules) * 1:51660 <-> DISABLED <-> SERVER-WEBAPP Responsive FileManager cross site scripting attempt (snort3-server-webapp.rules) * 1:51659 <-> DISABLED <-> SERVER-WEBAPP Responsive FileManager directory traversal attempt (snort3-server-webapp.rules) * 1:51681 <-> DISABLED <-> SERVER-WEBAPP Apache Solr DataImportHandler arbitrary code execution attempt (snort3-server-webapp.rules) * 1:51654 <-> DISABLED <-> POLICY-OTHER InduSoft Web Studio MTCheckFileFunctionsTimeout remote code execution attempt (snort3-policy-other.rules) * 1:51683 <-> DISABLED <-> POLICY-OTHER Apache Solr DataImportHandler arbitrary dataConfig import attempt (snort3-policy-other.rules) * 1:51671 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Silence variant outbound connection detected (snort3-malware-cnc.rules) * 1:51672 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Moonshine outbound connection (snort3-malware-cnc.rules)
* 1:44740 <-> DISABLED <-> SERVER-OTHER Novell GroupWise HTTP interface arbitrary file retrieval attempt (snort3-server-other.rules) * 1:44739 <-> DISABLED <-> SERVER-OTHER Novell GroupWise HTTP interface arbitrary file retrieval attempt (snort3-server-other.rules) * 1:36816 <-> ENABLED <-> SERVER-OTHER MIT Kerberos 5 IAKERB outbound token detected (snort3-server-other.rules) * 1:51522 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Crysis malicious executable download attempt (snort3-malware-other.rules) * 1:48121 <-> DISABLED <-> SERVER-OTHER LSIS wXP Denial of Service attempt (snort3-server-other.rules) * 1:43602 <-> DISABLED <-> SERVER-OTHER Wireshark ENTTEC DMX RLE buffer overflow attempt (snort3-server-other.rules) * 1:36814 <-> DISABLED <-> SERVER-OTHER MIT Kerberos 5 SPNEGO acceptor acc_ctx_cont denial of service attempt (snort3-server-other.rules) * 1:49195 <-> DISABLED <-> SERVER-OTHER Multiple products runc arbitrary code execution attempt (snort3-server-other.rules) * 1:44741 <-> DISABLED <-> SERVER-OTHER Novell GroupWise HTTP interface arbitrary file retrieval attempt (snort3-server-other.rules) * 1:44742 <-> DISABLED <-> SERVER-OTHER Novell GroupWise HTTP interface arbitrary file retrieval attempt (snort3-server-other.rules) * 1:41801 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager Fastback buffer overflow attempt (snort3-server-other.rules) * 1:40845 <-> DISABLED <-> SERVER-OTHER OpenSSL Invalid CMS structure null pointer dereference attempt (snort3-server-other.rules) * 1:1762 <-> DISABLED <-> SERVER-WEBAPP phf arbitrary command execution attempt (snort3-server-webapp.rules) * 1:38246 <-> DISABLED <-> SERVER-OTHER Flexera FlexNet Publisher stack buffer overflow attempt (snort3-server-other.rules) * 1:41799 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager Fastback buffer overflow attempt (snort3-server-other.rules) * 1:49670 <-> ENABLED <-> SERVER-OTHER Hashicorp Consul services API remote code execution attempt (snort3-server-other.rules) * 1:41800 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager Fastback buffer overflow attempt (snort3-server-other.rules) * 1:47265 <-> ENABLED <-> MALWARE-CNC Win.Trojan.ICLoader outbound connection (snort3-malware-cnc.rules) * 1:36815 <-> ENABLED <-> SERVER-OTHER MIT Kerberos 5 SPNEGO incoming token detected (snort3-server-other.rules) * 1:49968 <-> DISABLED <-> SERVER-OTHER Flexera FlexNet Publisher stack buffer overflow attempt (snort3-server-other.rules) * 1:44501 <-> DISABLED <-> SERVER-OTHER Advantech WebAccess buffer overflow attempt (snort3-server-other.rules) * 1:44374 <-> DISABLED <-> SERVER-OTHER Open SSL 1.0.2 DoS attempt with an invalid hash algorithm (snort3-server-other.rules) * 1:39910 <-> DISABLED <-> SERVER-OTHER Flexera FlexNet Publisher stack buffer overflow attempt (snort3-server-other.rules) * 1:44375 <-> DISABLED <-> SERVER-OTHER Open SSL 1.0.2 DoS attempt with an invalid signature algorithm (snort3-server-other.rules) * 1:41802 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager Fastback buffer overflow attempt (snort3-server-other.rules) * 1:44326 <-> DISABLED <-> SERVER-OTHER Novell iPrint Client buffer overflow attempt (snort3-server-other.rules) * 1:51526 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Crysis malicious executable download attempt (snort3-malware-other.rules) * 1:38247 <-> DISABLED <-> SERVER-OTHER Flexera FlexNet Publisher stack buffer overflow attempt (snort3-server-other.rules) * 1:44502 <-> DISABLED <-> SERVER-OTHER Advantech WebAccess buffer overflow attempt (snort3-server-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2990.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:51654 <-> DISABLED <-> POLICY-OTHER InduSoft Web Studio MTCheckFileFunctionsTimeout remote code execution attempt (policy-other.rules) * 1:51659 <-> DISABLED <-> SERVER-WEBAPP Responsive FileManager directory traversal attempt (server-webapp.rules) * 1:51661 <-> DISABLED <-> SERVER-WEBAPP Responsive FileManager directory traversal attempt (server-webapp.rules) * 1:51662 <-> DISABLED <-> SERVER-APACHE Apache Qpid AMQP denial of service attempt (server-apache.rules) * 1:51667 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager download.php directory traversal attempt (server-webapp.rules) * 1:51668 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager download.php directory traversal attempt (server-webapp.rules) * 1:51658 <-> DISABLED <-> SERVER-WEBAPP Responsive FileManager directory traversal attempt (server-webapp.rules) * 1:51663 <-> DISABLED <-> SERVER-WEBAPP WordPress plugin Grace Media Player local file inclusion attempt (server-webapp.rules) * 1:51683 <-> DISABLED <-> POLICY-OTHER Apache Solr DataImportHandler arbitrary dataConfig import attempt (policy-other.rules) * 1:51655 <-> DISABLED <-> SERVER-WEBAPP B-net Software cross site scripting attempt (server-webapp.rules) * 1:51669 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager download.php directory traversal attempt (server-webapp.rules) * 1:51682 <-> DISABLED <-> SERVER-WEBAPP Apache Solr DataImportHandler arbitrary code execution attempt (server-webapp.rules) * 1:51657 <-> DISABLED <-> SERVER-WEBAPP B-net Software cross site scripting attempt (server-webapp.rules) * 1:51672 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Moonshine outbound connection (malware-cnc.rules) * 1:51660 <-> DISABLED <-> SERVER-WEBAPP Responsive FileManager cross site scripting attempt (server-webapp.rules) * 1:51664 <-> DISABLED <-> SERVER-WEBAPP Cesanta Mongoose buffer overflow attempt (server-webapp.rules) * 1:51670 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Silence variant outbound connection detected (malware-cnc.rules) * 1:51671 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Silence variant outbound connection detected (malware-cnc.rules) * 1:51656 <-> DISABLED <-> SERVER-WEBAPP B-net Software cross site scripting attempt (server-webapp.rules) * 1:51681 <-> DISABLED <-> SERVER-WEBAPP Apache Solr DataImportHandler arbitrary code execution attempt (server-webapp.rules) * 3:51675 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2019-0912 attack attempt (file-multimedia.rules) * 3:51666 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2019-0913 attack attempt (file-other.rules) * 3:51679 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2019-0912 attack attempt (file-multimedia.rules) * 3:51678 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2019-0912 attack attempt (file-multimedia.rules) * 3:51684 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0914 attack attempt (server-webapp.rules) * 3:51673 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2019-0912 attack attempt (file-multimedia.rules) * 3:51676 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2019-0912 attack attempt (file-multimedia.rules) * 3:51674 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2019-0912 attack attempt (file-multimedia.rules) * 3:51677 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2019-0912 attack attempt (file-multimedia.rules) * 3:51665 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2019-0913 attack attempt (file-other.rules) * 3:51680 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2019-0912 attack attempt (file-multimedia.rules)
* 1:41799 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager Fastback buffer overflow attempt (server-other.rules) * 1:44501 <-> DISABLED <-> SERVER-OTHER Advantech WebAccess buffer overflow attempt (server-other.rules) * 1:36816 <-> ENABLED <-> SERVER-OTHER MIT Kerberos 5 IAKERB outbound token detected (server-other.rules) * 1:44742 <-> DISABLED <-> SERVER-OTHER Novell GroupWise HTTP interface arbitrary file retrieval attempt (server-other.rules) * 1:47265 <-> ENABLED <-> MALWARE-CNC Win.Trojan.ICLoader outbound connection (malware-cnc.rules) * 1:36814 <-> DISABLED <-> SERVER-OTHER MIT Kerberos 5 SPNEGO acceptor acc_ctx_cont denial of service attempt (server-other.rules) * 1:1762 <-> DISABLED <-> SERVER-WEBAPP phf arbitrary command execution attempt (server-webapp.rules) * 1:44374 <-> DISABLED <-> SERVER-OTHER Open SSL 1.0.2 DoS attempt with an invalid hash algorithm (server-other.rules) * 1:41801 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager Fastback buffer overflow attempt (server-other.rules) * 1:44326 <-> DISABLED <-> SERVER-OTHER Novell iPrint Client buffer overflow attempt (server-other.rules) * 1:51522 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Crysis malicious executable download attempt (malware-other.rules) * 1:49195 <-> DISABLED <-> SERVER-OTHER Multiple products runc arbitrary code execution attempt (server-other.rules) * 1:36815 <-> ENABLED <-> SERVER-OTHER MIT Kerberos 5 SPNEGO incoming token detected (server-other.rules) * 1:40845 <-> DISABLED <-> SERVER-OTHER OpenSSL Invalid CMS structure null pointer dereference attempt (server-other.rules) * 1:51526 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Crysis malicious executable download attempt (malware-other.rules) * 1:48121 <-> DISABLED <-> SERVER-OTHER LSIS wXP Denial of Service attempt (server-other.rules) * 1:43602 <-> DISABLED <-> SERVER-OTHER Wireshark ENTTEC DMX RLE buffer overflow attempt (server-other.rules) * 1:44375 <-> DISABLED <-> SERVER-OTHER Open SSL 1.0.2 DoS attempt with an invalid signature algorithm (server-other.rules) * 1:38246 <-> DISABLED <-> SERVER-OTHER Flexera FlexNet Publisher stack buffer overflow attempt (server-other.rules) * 1:38247 <-> DISABLED <-> SERVER-OTHER Flexera FlexNet Publisher stack buffer overflow attempt (server-other.rules) * 1:49670 <-> ENABLED <-> SERVER-OTHER Hashicorp Consul services API remote code execution attempt (server-other.rules) * 1:41802 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager Fastback buffer overflow attempt (server-other.rules) * 1:44739 <-> DISABLED <-> SERVER-OTHER Novell GroupWise HTTP interface arbitrary file retrieval attempt (server-other.rules) * 1:44741 <-> DISABLED <-> SERVER-OTHER Novell GroupWise HTTP interface arbitrary file retrieval attempt (server-other.rules) * 1:49968 <-> DISABLED <-> SERVER-OTHER Flexera FlexNet Publisher stack buffer overflow attempt (server-other.rules) * 1:41800 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager Fastback buffer overflow attempt (server-other.rules) * 1:44502 <-> DISABLED <-> SERVER-OTHER Advantech WebAccess buffer overflow attempt (server-other.rules) * 1:39910 <-> DISABLED <-> SERVER-OTHER Flexera FlexNet Publisher stack buffer overflow attempt (server-other.rules) * 1:44740 <-> DISABLED <-> SERVER-OTHER Novell GroupWise HTTP interface arbitrary file retrieval attempt (server-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:51657 <-> DISABLED <-> SERVER-WEBAPP B-net Software cross site scripting attempt (server-webapp.rules) * 1:51664 <-> DISABLED <-> SERVER-WEBAPP Cesanta Mongoose buffer overflow attempt (server-webapp.rules) * 1:51663 <-> DISABLED <-> SERVER-WEBAPP WordPress plugin Grace Media Player local file inclusion attempt (server-webapp.rules) * 1:51667 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager download.php directory traversal attempt (server-webapp.rules) * 1:51660 <-> DISABLED <-> SERVER-WEBAPP Responsive FileManager cross site scripting attempt (server-webapp.rules) * 1:51670 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Silence variant outbound connection detected (malware-cnc.rules) * 1:51655 <-> DISABLED <-> SERVER-WEBAPP B-net Software cross site scripting attempt (server-webapp.rules) * 1:51668 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager download.php directory traversal attempt (server-webapp.rules) * 1:51654 <-> DISABLED <-> POLICY-OTHER InduSoft Web Studio MTCheckFileFunctionsTimeout remote code execution attempt (policy-other.rules) * 1:51659 <-> DISABLED <-> SERVER-WEBAPP Responsive FileManager directory traversal attempt (server-webapp.rules) * 1:51662 <-> DISABLED <-> SERVER-APACHE Apache Qpid AMQP denial of service attempt (server-apache.rules) * 1:51671 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Silence variant outbound connection detected (malware-cnc.rules) * 1:51681 <-> DISABLED <-> SERVER-WEBAPP Apache Solr DataImportHandler arbitrary code execution attempt (server-webapp.rules) * 1:51656 <-> DISABLED <-> SERVER-WEBAPP B-net Software cross site scripting attempt (server-webapp.rules) * 1:51661 <-> DISABLED <-> SERVER-WEBAPP Responsive FileManager directory traversal attempt (server-webapp.rules) * 1:51658 <-> DISABLED <-> SERVER-WEBAPP Responsive FileManager directory traversal attempt (server-webapp.rules) * 1:51672 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Moonshine outbound connection (malware-cnc.rules) * 1:51669 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager download.php directory traversal attempt (server-webapp.rules) * 1:51683 <-> DISABLED <-> POLICY-OTHER Apache Solr DataImportHandler arbitrary dataConfig import attempt (policy-other.rules) * 1:51682 <-> DISABLED <-> SERVER-WEBAPP Apache Solr DataImportHandler arbitrary code execution attempt (server-webapp.rules) * 3:51680 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2019-0912 attack attempt (file-multimedia.rules) * 3:51679 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2019-0912 attack attempt (file-multimedia.rules) * 3:51665 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2019-0913 attack attempt (file-other.rules) * 3:51676 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2019-0912 attack attempt (file-multimedia.rules) * 3:51684 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0914 attack attempt (server-webapp.rules) * 3:51677 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2019-0912 attack attempt (file-multimedia.rules) * 3:51674 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2019-0912 attack attempt (file-multimedia.rules) * 3:51666 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2019-0913 attack attempt (file-other.rules) * 3:51678 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2019-0912 attack attempt (file-multimedia.rules) * 3:51673 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2019-0912 attack attempt (file-multimedia.rules) * 3:51675 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2019-0912 attack attempt (file-multimedia.rules)
* 1:44375 <-> DISABLED <-> SERVER-OTHER Open SSL 1.0.2 DoS attempt with an invalid signature algorithm (server-other.rules) * 1:49968 <-> DISABLED <-> SERVER-OTHER Flexera FlexNet Publisher stack buffer overflow attempt (server-other.rules) * 1:51522 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Crysis malicious executable download attempt (malware-other.rules) * 1:44501 <-> DISABLED <-> SERVER-OTHER Advantech WebAccess buffer overflow attempt (server-other.rules) * 1:41799 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager Fastback buffer overflow attempt (server-other.rules) * 1:41800 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager Fastback buffer overflow attempt (server-other.rules) * 1:36816 <-> ENABLED <-> SERVER-OTHER MIT Kerberos 5 IAKERB outbound token detected (server-other.rules) * 1:47265 <-> ENABLED <-> MALWARE-CNC Win.Trojan.ICLoader outbound connection (malware-cnc.rules) * 1:36814 <-> DISABLED <-> SERVER-OTHER MIT Kerberos 5 SPNEGO acceptor acc_ctx_cont denial of service attempt (server-other.rules) * 1:44740 <-> DISABLED <-> SERVER-OTHER Novell GroupWise HTTP interface arbitrary file retrieval attempt (server-other.rules) * 1:1762 <-> DISABLED <-> SERVER-WEBAPP phf arbitrary command execution attempt (server-webapp.rules) * 1:44374 <-> DISABLED <-> SERVER-OTHER Open SSL 1.0.2 DoS attempt with an invalid hash algorithm (server-other.rules) * 1:41801 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager Fastback buffer overflow attempt (server-other.rules) * 1:41802 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager Fastback buffer overflow attempt (server-other.rules) * 1:51526 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Crysis malicious executable download attempt (malware-other.rules) * 1:43602 <-> DISABLED <-> SERVER-OTHER Wireshark ENTTEC DMX RLE buffer overflow attempt (server-other.rules) * 1:49195 <-> DISABLED <-> SERVER-OTHER Multiple products runc arbitrary code execution attempt (server-other.rules) * 1:49670 <-> ENABLED <-> SERVER-OTHER Hashicorp Consul services API remote code execution attempt (server-other.rules) * 1:48121 <-> DISABLED <-> SERVER-OTHER LSIS wXP Denial of Service attempt (server-other.rules) * 1:38247 <-> DISABLED <-> SERVER-OTHER Flexera FlexNet Publisher stack buffer overflow attempt (server-other.rules) * 1:44739 <-> DISABLED <-> SERVER-OTHER Novell GroupWise HTTP interface arbitrary file retrieval attempt (server-other.rules) * 1:44741 <-> DISABLED <-> SERVER-OTHER Novell GroupWise HTTP interface arbitrary file retrieval attempt (server-other.rules) * 1:36815 <-> ENABLED <-> SERVER-OTHER MIT Kerberos 5 SPNEGO incoming token detected (server-other.rules) * 1:44326 <-> DISABLED <-> SERVER-OTHER Novell iPrint Client buffer overflow attempt (server-other.rules) * 1:38246 <-> DISABLED <-> SERVER-OTHER Flexera FlexNet Publisher stack buffer overflow attempt (server-other.rules) * 1:44502 <-> DISABLED <-> SERVER-OTHER Advantech WebAccess buffer overflow attempt (server-other.rules) * 1:40845 <-> DISABLED <-> SERVER-OTHER OpenSSL Invalid CMS structure null pointer dereference attempt (server-other.rules) * 1:44742 <-> DISABLED <-> SERVER-OTHER Novell GroupWise HTTP interface arbitrary file retrieval attempt (server-other.rules) * 1:39910 <-> DISABLED <-> SERVER-OTHER Flexera FlexNet Publisher stack buffer overflow attempt (server-other.rules)
©2024 Cisco and/or its affiliates. Snort, the Snort and Pig logo are registered trademarks of Cisco. All rights reserved.
