Talos has added and modified multiple rules in the and server-webapp rule sets to provide coverage for emerging threats from these technologies.
For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091500.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:45444 <-> ENABLED <-> OS-OTHER Intel x64 side-channel analysis information leak attempt (os-other.rules) * 1:45443 <-> ENABLED <-> OS-OTHER Intel x64 side-channel analysis information leak attempt (os-other.rules) * 1:45394 <-> DISABLED <-> SERVER-OTHER Quest Privilege Manager pmmasterd denial of service attempt (server-other.rules) * 1:45255 <-> ENABLED <-> SERVER-SAMBA Samba tree connect andx memory corruption attempt (server-samba.rules) * 1:45074 <-> ENABLED <-> SERVER-SAMBA Samba unsigned connections attempt (server-samba.rules) * 1:44920 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EmfPlusRectF out of bounds read attempt (file-other.rules) * 1:44919 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EmfPlusRectF out of bounds read attempt (file-other.rules) * 1:44482 <-> DISABLED <-> PROTOCOL-DNS dnsmasq add_pseudoheader integer underflow attempt (protocol-dns.rules) * 1:46784 <-> DISABLED <-> SERVER-OTHER Pidgin MSN MSNP2P SLP message integer overflow attempt (server-other.rules) * 1:46619 <-> DISABLED <-> OS-LINUX Linux systemd DNS resolver denial of service attempt (os-linux.rules) * 1:46618 <-> DISABLED <-> OS-LINUX Linux systemd DNS resolver denial of service attempt (os-linux.rules) * 1:46617 <-> DISABLED <-> OS-LINUX Linux systemd DNS resolver denial of service attempt (os-linux.rules) * 1:46616 <-> DISABLED <-> OS-LINUX Linux systemd DNS resolver denial of service attempt (os-linux.rules) * 1:46615 <-> DISABLED <-> OS-LINUX Linux systemd DNS resolver denial of service attempt (os-linux.rules) * 1:46614 <-> DISABLED <-> OS-LINUX Linux systemd DNS resolver denial of service attempt (os-linux.rules) * 1:46613 <-> DISABLED <-> OS-LINUX Linux systemd DNS resolver denial of service attempt (os-linux.rules) * 1:46468 <-> ENABLED <-> SERVER-OTHER Cisco Smart Install invalid init discovery message denial of service attempt (server-other.rules) * 1:46261 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed DefineSound tag heap overflow attempt (file-flash.rules) * 1:46260 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed DefineSound tag heap overflow attempt (file-flash.rules) * 1:45839 <-> DISABLED <-> DELETED FILE-OTHER Adobe Acrobat Pro malformed cmap out of bounds read attempt (deleted.rules) * 1:45838 <-> DISABLED <-> DELETED FILE-OTHER Adobe Acrobat Pro malformed cmap out of bounds read attempt (deleted.rules) * 1:45822 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF EmfPlusDrawRects record out of bounds read attempt (file-other.rules) * 1:45821 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF EmfPlusDrawRects record out of bounds read attempt (file-other.rules) * 1:45820 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF EmfPlusDrawRects record out of bounds read attempt (file-other.rules) * 1:45819 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF EmfPlusDrawRects record out of bounds read attempt (file-other.rules) * 1:47682 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF EmfPlusRegionNodePath out of bounds read attempt (file-other.rules) * 1:47587 <-> DISABLED <-> FILE-OTHER Info-ZIP UnZip heap buffer overflow attempt (file-other.rules) * 1:47586 <-> DISABLED <-> FILE-OTHER Info-ZIP UnZip heap buffer overflow attempt (file-other.rules) * 1:47821 <-> DISABLED <-> SERVER-OTHER OpenSSL invalid Diffie-Hellman parameter NULL pointer dereference attempt (server-other.rules) * 1:47820 <-> DISABLED <-> SERVER-OTHER OpenSSL invalid Diffie-Hellman parameter NULL pointer dereference attempt (server-other.rules) * 1:47683 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF EmfPlusRegionNodePath out of bounds read attempt (file-other.rules) * 1:51181 <-> DISABLED <-> SERVER-OTHER NTPsec 1.1.2 ntp_control out-of-bounds read attempt (server-other.rules) * 1:49090 <-> ENABLED <-> SERVER-SAMBA Samba is_known_pipe arbitrary module load code execution attempt (server-samba.rules) * 1:50628 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Trans Secondary kernel address write attempt (os-windows.rules) * 1:49963 <-> DISABLED <-> FILE-IMAGE Adobe Photoshop CS5 gif file heap corruption attempt (file-image.rules) * 1:49962 <-> DISABLED <-> FILE-IMAGE Adobe Photoshop CS5 gif file heap corruption attempt (file-image.rules) * 1:50961 <-> DISABLED <-> FILE-IMAGE Adobe Photoshop CS5 gif file heap corruption attempt (file-image.rules) * 1:50960 <-> DISABLED <-> FILE-IMAGE Adobe Photoshop CS5 gif file heap corruption attempt (file-image.rules) * 1:51813 <-> DISABLED <-> SERVER-WEBAPP vBulletin SQL injection attempt (server-webapp.rules) * 1:51812 <-> DISABLED <-> SERVER-WEBAPP vBulletin SQL injection attempt (server-webapp.rules) * 1:51811 <-> DISABLED <-> SERVER-WEBAPP vBulletin SQL injection attempt (server-webapp.rules) * 1:51810 <-> DISABLED <-> SERVER-WEBAPP vBulletin SQL injection attempt (server-webapp.rules) * 1:51809 <-> DISABLED <-> SERVER-WEBAPP vBulletin SQL injection attempt (server-webapp.rules) * 1:51808 <-> DISABLED <-> SERVER-WEBAPP vBulletin SQL injection attempt (server-webapp.rules) * 1:51807 <-> DISABLED <-> SERVER-WEBAPP Wordpress Admin panel delete action cross site scripting attempt (server-webapp.rules) * 1:51806 <-> DISABLED <-> SERVER-WEBAPP Wordpress Admin panel delete action cross site scripting attempt (server-webapp.rules) * 1:51805 <-> DISABLED <-> SERVER-WEBAPP Wordpress Admin panel delete action cross site scripting attempt (server-webapp.rules) * 1:51804 <-> DISABLED <-> SERVER-WEBAPP Wordpress Admin panel delete action cross site scripting attempt (server-webapp.rules) * 1:51803 <-> DISABLED <-> SERVER-WEBAPP Dell EMC Data Protection Advisor XML external entity injection attempt (server-webapp.rules) * 1:51802 <-> DISABLED <-> SERVER-WEBAPP Dell EMC Data Protection Advisor XML external entity injection attempt (server-webapp.rules) * 1:51801 <-> ENABLED <-> MALWARE-CNC Unix.Malware.Agent outbound connection attempt (malware-cnc.rules) * 1:51800 <-> ENABLED <-> MALWARE-CNC Unix.Malware.Agent outbound connection attempt (malware-cnc.rules) * 1:51799 <-> ENABLED <-> MALWARE-CNC Unix.Malware.Agent outbound connection attempt (malware-cnc.rules) * 1:51798 <-> ENABLED <-> MALWARE-CNC Unix.Malware.Agent outbound connection attempt (malware-cnc.rules) * 1:51797 <-> ENABLED <-> MALWARE-CNC Unix.Malware.Agent outbound connection attempt (malware-cnc.rules) * 1:51796 <-> ENABLED <-> MALWARE-CNC Unix.Malware.Agent outbound connection attempt (malware-cnc.rules) * 1:51795 <-> ENABLED <-> MALWARE-CNC Unix.Malware.Agent outbound connection attempt (malware-cnc.rules) * 1:51485 <-> DISABLED <-> SERVER-OTHER Squid proxy DNS CNAME record response denial of service attempt (server-other.rules) * 1:51481 <-> DISABLED <-> OS-WINDOWS Microsoft Windows RDP client buffer overflow attempt (os-windows.rules)
* 1:38286 <-> ENABLED <-> SERVER-WEBAPP Reprise License Manager actserver stack buffer overflow attempt (server-webapp.rules) * 1:38287 <-> ENABLED <-> SERVER-WEBAPP Reprise License Manager akey stack buffer overflow attempt (server-webapp.rules) * 1:43004 <-> ENABLED <-> SERVER-SAMBA Samba is_known_pipe arbitrary module load code execution attempt (server-samba.rules) * 1:48140 <-> ENABLED <-> MALWARE-CNC Win.Downloader.XAgent variant outbound connection (malware-cnc.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091401.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:51795 <-> ENABLED <-> MALWARE-CNC Unix.Malware.Agent outbound connection attempt (malware-cnc.rules) * 1:51801 <-> ENABLED <-> MALWARE-CNC Unix.Malware.Agent outbound connection attempt (malware-cnc.rules) * 1:51808 <-> DISABLED <-> SERVER-WEBAPP vBulletin SQL injection attempt (server-webapp.rules) * 1:51805 <-> DISABLED <-> SERVER-WEBAPP Wordpress Admin panel delete action cross site scripting attempt (server-webapp.rules) * 1:51799 <-> ENABLED <-> MALWARE-CNC Unix.Malware.Agent outbound connection attempt (malware-cnc.rules) * 1:51797 <-> ENABLED <-> MALWARE-CNC Unix.Malware.Agent outbound connection attempt (malware-cnc.rules) * 1:51804 <-> DISABLED <-> SERVER-WEBAPP Wordpress Admin panel delete action cross site scripting attempt (server-webapp.rules) * 1:51800 <-> ENABLED <-> MALWARE-CNC Unix.Malware.Agent outbound connection attempt (malware-cnc.rules) * 1:51798 <-> ENABLED <-> MALWARE-CNC Unix.Malware.Agent outbound connection attempt (malware-cnc.rules) * 1:51807 <-> DISABLED <-> SERVER-WEBAPP Wordpress Admin panel delete action cross site scripting attempt (server-webapp.rules) * 1:51809 <-> DISABLED <-> SERVER-WEBAPP vBulletin SQL injection attempt (server-webapp.rules) * 1:51796 <-> ENABLED <-> MALWARE-CNC Unix.Malware.Agent outbound connection attempt (malware-cnc.rules) * 1:51803 <-> DISABLED <-> SERVER-WEBAPP Dell EMC Data Protection Advisor XML external entity injection attempt (server-webapp.rules) * 1:51810 <-> DISABLED <-> SERVER-WEBAPP vBulletin SQL injection attempt (server-webapp.rules) * 1:51812 <-> DISABLED <-> SERVER-WEBAPP vBulletin SQL injection attempt (server-webapp.rules) * 1:51813 <-> DISABLED <-> SERVER-WEBAPP vBulletin SQL injection attempt (server-webapp.rules) * 1:51811 <-> DISABLED <-> SERVER-WEBAPP vBulletin SQL injection attempt (server-webapp.rules) * 1:51802 <-> DISABLED <-> SERVER-WEBAPP Dell EMC Data Protection Advisor XML external entity injection attempt (server-webapp.rules) * 1:51806 <-> DISABLED <-> SERVER-WEBAPP Wordpress Admin panel delete action cross site scripting attempt (server-webapp.rules)
* 1:38287 <-> ENABLED <-> SERVER-WEBAPP Reprise License Manager akey stack buffer overflow attempt (server-webapp.rules) * 1:38286 <-> ENABLED <-> SERVER-WEBAPP Reprise License Manager actserver stack buffer overflow attempt (server-webapp.rules) * 1:48140 <-> ENABLED <-> MALWARE-CNC Win.Downloader.XAgent variant outbound connection (malware-cnc.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091300.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:51804 <-> DISABLED <-> SERVER-WEBAPP Wordpress Admin panel delete action cross site scripting attempt (server-webapp.rules) * 1:51802 <-> DISABLED <-> SERVER-WEBAPP Dell EMC Data Protection Advisor XML external entity injection attempt (server-webapp.rules) * 1:51799 <-> ENABLED <-> MALWARE-CNC Unix.Malware.Agent outbound connection attempt (malware-cnc.rules) * 1:51803 <-> DISABLED <-> SERVER-WEBAPP Dell EMC Data Protection Advisor XML external entity injection attempt (server-webapp.rules) * 1:51810 <-> DISABLED <-> SERVER-WEBAPP vBulletin SQL injection attempt (server-webapp.rules) * 1:51811 <-> DISABLED <-> SERVER-WEBAPP vBulletin SQL injection attempt (server-webapp.rules) * 1:51809 <-> DISABLED <-> SERVER-WEBAPP vBulletin SQL injection attempt (server-webapp.rules) * 1:51796 <-> ENABLED <-> MALWARE-CNC Unix.Malware.Agent outbound connection attempt (malware-cnc.rules) * 1:51800 <-> ENABLED <-> MALWARE-CNC Unix.Malware.Agent outbound connection attempt (malware-cnc.rules) * 1:51801 <-> ENABLED <-> MALWARE-CNC Unix.Malware.Agent outbound connection attempt (malware-cnc.rules) * 1:51798 <-> ENABLED <-> MALWARE-CNC Unix.Malware.Agent outbound connection attempt (malware-cnc.rules) * 1:51807 <-> DISABLED <-> SERVER-WEBAPP Wordpress Admin panel delete action cross site scripting attempt (server-webapp.rules) * 1:51812 <-> DISABLED <-> SERVER-WEBAPP vBulletin SQL injection attempt (server-webapp.rules) * 1:51813 <-> DISABLED <-> SERVER-WEBAPP vBulletin SQL injection attempt (server-webapp.rules) * 1:51806 <-> DISABLED <-> SERVER-WEBAPP Wordpress Admin panel delete action cross site scripting attempt (server-webapp.rules) * 1:51808 <-> DISABLED <-> SERVER-WEBAPP vBulletin SQL injection attempt (server-webapp.rules) * 1:51805 <-> DISABLED <-> SERVER-WEBAPP Wordpress Admin panel delete action cross site scripting attempt (server-webapp.rules) * 1:51795 <-> ENABLED <-> MALWARE-CNC Unix.Malware.Agent outbound connection attempt (malware-cnc.rules) * 1:51797 <-> ENABLED <-> MALWARE-CNC Unix.Malware.Agent outbound connection attempt (malware-cnc.rules)
* 1:38286 <-> ENABLED <-> SERVER-WEBAPP Reprise License Manager actserver stack buffer overflow attempt (server-webapp.rules) * 1:38287 <-> ENABLED <-> SERVER-WEBAPP Reprise License Manager akey stack buffer overflow attempt (server-webapp.rules) * 1:48140 <-> ENABLED <-> MALWARE-CNC Win.Downloader.XAgent variant outbound connection (malware-cnc.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091200.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:51812 <-> DISABLED <-> SERVER-WEBAPP vBulletin SQL injection attempt (server-webapp.rules) * 1:51808 <-> DISABLED <-> SERVER-WEBAPP vBulletin SQL injection attempt (server-webapp.rules) * 1:51811 <-> DISABLED <-> SERVER-WEBAPP vBulletin SQL injection attempt (server-webapp.rules) * 1:51810 <-> DISABLED <-> SERVER-WEBAPP vBulletin SQL injection attempt (server-webapp.rules) * 1:51798 <-> ENABLED <-> MALWARE-CNC Unix.Malware.Agent outbound connection attempt (malware-cnc.rules) * 1:51796 <-> ENABLED <-> MALWARE-CNC Unix.Malware.Agent outbound connection attempt (malware-cnc.rules) * 1:51809 <-> DISABLED <-> SERVER-WEBAPP vBulletin SQL injection attempt (server-webapp.rules) * 1:51813 <-> DISABLED <-> SERVER-WEBAPP vBulletin SQL injection attempt (server-webapp.rules) * 1:51800 <-> ENABLED <-> MALWARE-CNC Unix.Malware.Agent outbound connection attempt (malware-cnc.rules) * 1:51801 <-> ENABLED <-> MALWARE-CNC Unix.Malware.Agent outbound connection attempt (malware-cnc.rules) * 1:51797 <-> ENABLED <-> MALWARE-CNC Unix.Malware.Agent outbound connection attempt (malware-cnc.rules) * 1:51795 <-> ENABLED <-> MALWARE-CNC Unix.Malware.Agent outbound connection attempt (malware-cnc.rules) * 1:51799 <-> ENABLED <-> MALWARE-CNC Unix.Malware.Agent outbound connection attempt (malware-cnc.rules) * 1:51806 <-> DISABLED <-> SERVER-WEBAPP Wordpress Admin panel delete action cross site scripting attempt (server-webapp.rules) * 1:51805 <-> DISABLED <-> SERVER-WEBAPP Wordpress Admin panel delete action cross site scripting attempt (server-webapp.rules) * 1:51807 <-> DISABLED <-> SERVER-WEBAPP Wordpress Admin panel delete action cross site scripting attempt (server-webapp.rules) * 1:51804 <-> DISABLED <-> SERVER-WEBAPP Wordpress Admin panel delete action cross site scripting attempt (server-webapp.rules) * 1:51803 <-> DISABLED <-> SERVER-WEBAPP Dell EMC Data Protection Advisor XML external entity injection attempt (server-webapp.rules) * 1:51802 <-> DISABLED <-> SERVER-WEBAPP Dell EMC Data Protection Advisor XML external entity injection attempt (server-webapp.rules)
* 1:38287 <-> ENABLED <-> SERVER-WEBAPP Reprise License Manager akey stack buffer overflow attempt (server-webapp.rules) * 1:38286 <-> ENABLED <-> SERVER-WEBAPP Reprise License Manager actserver stack buffer overflow attempt (server-webapp.rules) * 1:48140 <-> ENABLED <-> MALWARE-CNC Win.Downloader.XAgent variant outbound connection (malware-cnc.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091101.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:51810 <-> DISABLED <-> SERVER-WEBAPP vBulletin SQL injection attempt (server-webapp.rules) * 1:51803 <-> DISABLED <-> SERVER-WEBAPP Dell EMC Data Protection Advisor XML external entity injection attempt (server-webapp.rules) * 1:51811 <-> DISABLED <-> SERVER-WEBAPP vBulletin SQL injection attempt (server-webapp.rules) * 1:51796 <-> ENABLED <-> MALWARE-CNC Unix.Malware.Agent outbound connection attempt (malware-cnc.rules) * 1:51798 <-> ENABLED <-> MALWARE-CNC Unix.Malware.Agent outbound connection attempt (malware-cnc.rules) * 1:51797 <-> ENABLED <-> MALWARE-CNC Unix.Malware.Agent outbound connection attempt (malware-cnc.rules) * 1:51809 <-> DISABLED <-> SERVER-WEBAPP vBulletin SQL injection attempt (server-webapp.rules) * 1:51800 <-> ENABLED <-> MALWARE-CNC Unix.Malware.Agent outbound connection attempt (malware-cnc.rules) * 1:51801 <-> ENABLED <-> MALWARE-CNC Unix.Malware.Agent outbound connection attempt (malware-cnc.rules) * 1:51795 <-> ENABLED <-> MALWARE-CNC Unix.Malware.Agent outbound connection attempt (malware-cnc.rules) * 1:51802 <-> DISABLED <-> SERVER-WEBAPP Dell EMC Data Protection Advisor XML external entity injection attempt (server-webapp.rules) * 1:51799 <-> ENABLED <-> MALWARE-CNC Unix.Malware.Agent outbound connection attempt (malware-cnc.rules) * 1:51805 <-> DISABLED <-> SERVER-WEBAPP Wordpress Admin panel delete action cross site scripting attempt (server-webapp.rules) * 1:51804 <-> DISABLED <-> SERVER-WEBAPP Wordpress Admin panel delete action cross site scripting attempt (server-webapp.rules) * 1:51807 <-> DISABLED <-> SERVER-WEBAPP Wordpress Admin panel delete action cross site scripting attempt (server-webapp.rules) * 1:51812 <-> DISABLED <-> SERVER-WEBAPP vBulletin SQL injection attempt (server-webapp.rules) * 1:51813 <-> DISABLED <-> SERVER-WEBAPP vBulletin SQL injection attempt (server-webapp.rules) * 1:51806 <-> DISABLED <-> SERVER-WEBAPP Wordpress Admin panel delete action cross site scripting attempt (server-webapp.rules) * 1:51808 <-> DISABLED <-> SERVER-WEBAPP vBulletin SQL injection attempt (server-webapp.rules)
* 1:38286 <-> ENABLED <-> SERVER-WEBAPP Reprise License Manager actserver stack buffer overflow attempt (server-webapp.rules) * 1:38287 <-> ENABLED <-> SERVER-WEBAPP Reprise License Manager akey stack buffer overflow attempt (server-webapp.rules) * 1:48140 <-> ENABLED <-> MALWARE-CNC Win.Downloader.XAgent variant outbound connection (malware-cnc.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3000.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:51810 <-> DISABLED <-> SERVER-WEBAPP vBulletin SQL injection attempt (snort3-server-webapp.rules) * 1:51811 <-> DISABLED <-> SERVER-WEBAPP vBulletin SQL injection attempt (snort3-server-webapp.rules) * 1:51795 <-> ENABLED <-> MALWARE-CNC Unix.Malware.Agent outbound connection attempt (snort3-malware-cnc.rules) * 1:51806 <-> DISABLED <-> SERVER-WEBAPP Wordpress Admin panel delete action cross site scripting attempt (snort3-server-webapp.rules) * 1:51809 <-> DISABLED <-> SERVER-WEBAPP vBulletin SQL injection attempt (snort3-server-webapp.rules) * 1:51797 <-> ENABLED <-> MALWARE-CNC Unix.Malware.Agent outbound connection attempt (snort3-malware-cnc.rules) * 1:51798 <-> ENABLED <-> MALWARE-CNC Unix.Malware.Agent outbound connection attempt (snort3-malware-cnc.rules) * 1:51796 <-> ENABLED <-> MALWARE-CNC Unix.Malware.Agent outbound connection attempt (snort3-malware-cnc.rules) * 1:51800 <-> ENABLED <-> MALWARE-CNC Unix.Malware.Agent outbound connection attempt (snort3-malware-cnc.rules) * 1:51801 <-> ENABLED <-> MALWARE-CNC Unix.Malware.Agent outbound connection attempt (snort3-malware-cnc.rules) * 1:51807 <-> DISABLED <-> SERVER-WEBAPP Wordpress Admin panel delete action cross site scripting attempt (snort3-server-webapp.rules) * 1:51802 <-> DISABLED <-> SERVER-WEBAPP Dell EMC Data Protection Advisor XML external entity injection attempt (snort3-server-webapp.rules) * 1:51808 <-> DISABLED <-> SERVER-WEBAPP vBulletin SQL injection attempt (snort3-server-webapp.rules) * 1:51803 <-> DISABLED <-> SERVER-WEBAPP Dell EMC Data Protection Advisor XML external entity injection attempt (snort3-server-webapp.rules) * 1:51805 <-> DISABLED <-> SERVER-WEBAPP Wordpress Admin panel delete action cross site scripting attempt (snort3-server-webapp.rules) * 1:51799 <-> ENABLED <-> MALWARE-CNC Unix.Malware.Agent outbound connection attempt (snort3-malware-cnc.rules) * 1:51812 <-> DISABLED <-> SERVER-WEBAPP vBulletin SQL injection attempt (snort3-server-webapp.rules) * 1:51813 <-> DISABLED <-> SERVER-WEBAPP vBulletin SQL injection attempt (snort3-server-webapp.rules) * 1:51804 <-> DISABLED <-> SERVER-WEBAPP Wordpress Admin panel delete action cross site scripting attempt (snort3-server-webapp.rules)
* 1:38286 <-> ENABLED <-> SERVER-WEBAPP Reprise License Manager actserver stack buffer overflow attempt (snort3-server-webapp.rules) * 1:48140 <-> ENABLED <-> MALWARE-CNC Win.Downloader.XAgent variant outbound connection (snort3-malware-cnc.rules) * 1:38287 <-> ENABLED <-> SERVER-WEBAPP Reprise License Manager akey stack buffer overflow attempt (snort3-server-webapp.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2990.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:51810 <-> DISABLED <-> SERVER-WEBAPP vBulletin SQL injection attempt (server-webapp.rules) * 1:51798 <-> ENABLED <-> MALWARE-CNC Unix.Malware.Agent outbound connection attempt (malware-cnc.rules) * 1:51807 <-> DISABLED <-> SERVER-WEBAPP Wordpress Admin panel delete action cross site scripting attempt (server-webapp.rules) * 1:51800 <-> ENABLED <-> MALWARE-CNC Unix.Malware.Agent outbound connection attempt (malware-cnc.rules) * 1:51809 <-> DISABLED <-> SERVER-WEBAPP vBulletin SQL injection attempt (server-webapp.rules) * 1:51806 <-> DISABLED <-> SERVER-WEBAPP Wordpress Admin panel delete action cross site scripting attempt (server-webapp.rules) * 1:51801 <-> ENABLED <-> MALWARE-CNC Unix.Malware.Agent outbound connection attempt (malware-cnc.rules) * 1:51808 <-> DISABLED <-> SERVER-WEBAPP vBulletin SQL injection attempt (server-webapp.rules) * 1:51795 <-> ENABLED <-> MALWARE-CNC Unix.Malware.Agent outbound connection attempt (malware-cnc.rules) * 1:51804 <-> DISABLED <-> SERVER-WEBAPP Wordpress Admin panel delete action cross site scripting attempt (server-webapp.rules) * 1:51799 <-> ENABLED <-> MALWARE-CNC Unix.Malware.Agent outbound connection attempt (malware-cnc.rules) * 1:51805 <-> DISABLED <-> SERVER-WEBAPP Wordpress Admin panel delete action cross site scripting attempt (server-webapp.rules) * 1:51796 <-> ENABLED <-> MALWARE-CNC Unix.Malware.Agent outbound connection attempt (malware-cnc.rules) * 1:51802 <-> DISABLED <-> SERVER-WEBAPP Dell EMC Data Protection Advisor XML external entity injection attempt (server-webapp.rules) * 1:51803 <-> DISABLED <-> SERVER-WEBAPP Dell EMC Data Protection Advisor XML external entity injection attempt (server-webapp.rules) * 1:51812 <-> DISABLED <-> SERVER-WEBAPP vBulletin SQL injection attempt (server-webapp.rules) * 1:51797 <-> ENABLED <-> MALWARE-CNC Unix.Malware.Agent outbound connection attempt (malware-cnc.rules) * 1:51811 <-> DISABLED <-> SERVER-WEBAPP vBulletin SQL injection attempt (server-webapp.rules) * 1:51813 <-> DISABLED <-> SERVER-WEBAPP vBulletin SQL injection attempt (server-webapp.rules)
* 1:38287 <-> ENABLED <-> SERVER-WEBAPP Reprise License Manager akey stack buffer overflow attempt (server-webapp.rules) * 1:48140 <-> ENABLED <-> MALWARE-CNC Win.Downloader.XAgent variant outbound connection (malware-cnc.rules) * 1:38286 <-> ENABLED <-> SERVER-WEBAPP Reprise License Manager actserver stack buffer overflow attempt (server-webapp.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:51795 <-> ENABLED <-> MALWARE-CNC Unix.Malware.Agent outbound connection attempt (malware-cnc.rules) * 1:51804 <-> DISABLED <-> SERVER-WEBAPP Wordpress Admin panel delete action cross site scripting attempt (server-webapp.rules) * 1:51802 <-> DISABLED <-> SERVER-WEBAPP Dell EMC Data Protection Advisor XML external entity injection attempt (server-webapp.rules) * 1:51808 <-> DISABLED <-> SERVER-WEBAPP vBulletin SQL injection attempt (server-webapp.rules) * 1:51806 <-> DISABLED <-> SERVER-WEBAPP Wordpress Admin panel delete action cross site scripting attempt (server-webapp.rules) * 1:51811 <-> DISABLED <-> SERVER-WEBAPP vBulletin SQL injection attempt (server-webapp.rules) * 1:51810 <-> DISABLED <-> SERVER-WEBAPP vBulletin SQL injection attempt (server-webapp.rules) * 1:51807 <-> DISABLED <-> SERVER-WEBAPP Wordpress Admin panel delete action cross site scripting attempt (server-webapp.rules) * 1:51809 <-> DISABLED <-> SERVER-WEBAPP vBulletin SQL injection attempt (server-webapp.rules) * 1:51800 <-> ENABLED <-> MALWARE-CNC Unix.Malware.Agent outbound connection attempt (malware-cnc.rules) * 1:51801 <-> ENABLED <-> MALWARE-CNC Unix.Malware.Agent outbound connection attempt (malware-cnc.rules) * 1:51798 <-> ENABLED <-> MALWARE-CNC Unix.Malware.Agent outbound connection attempt (malware-cnc.rules) * 1:51805 <-> DISABLED <-> SERVER-WEBAPP Wordpress Admin panel delete action cross site scripting attempt (server-webapp.rules) * 1:51812 <-> DISABLED <-> SERVER-WEBAPP vBulletin SQL injection attempt (server-webapp.rules) * 1:51803 <-> DISABLED <-> SERVER-WEBAPP Dell EMC Data Protection Advisor XML external entity injection attempt (server-webapp.rules) * 1:51797 <-> ENABLED <-> MALWARE-CNC Unix.Malware.Agent outbound connection attempt (malware-cnc.rules) * 1:51813 <-> DISABLED <-> SERVER-WEBAPP vBulletin SQL injection attempt (server-webapp.rules) * 1:51796 <-> ENABLED <-> MALWARE-CNC Unix.Malware.Agent outbound connection attempt (malware-cnc.rules) * 1:51799 <-> ENABLED <-> MALWARE-CNC Unix.Malware.Agent outbound connection attempt (malware-cnc.rules)
* 1:38287 <-> ENABLED <-> SERVER-WEBAPP Reprise License Manager akey stack buffer overflow attempt (server-webapp.rules) * 1:48140 <-> ENABLED <-> MALWARE-CNC Win.Downloader.XAgent variant outbound connection (malware-cnc.rules) * 1:38286 <-> ENABLED <-> SERVER-WEBAPP Reprise License Manager actserver stack buffer overflow attempt (server-webapp.rules)
©2024 Cisco and/or its affiliates. Snort, the Snort and Pig logo are registered trademarks of Cisco. All rights reserved.
