Talos has added and modified multiple rules in the browser-webkit, file-image, file-office, file-pdf, malware-other, os-mobile, os-windows and server-webapp rule sets to provide coverage for emerging threats from these technologies.
For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091500.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:52291 <-> DISABLED <-> SERVER-WEBAPP MDaemon auto responder remote code execution attempt (server-webapp.rules) * 1:52290 <-> ENABLED <-> MALWARE-OTHER Win.Backdoor.Agent malicious DLL loader download attempt (malware-other.rules) * 1:52289 <-> DISABLED <-> OS-MOBILE Google Android libstagefright integer underflow attempt (os-mobile.rules) * 1:52288 <-> DISABLED <-> OS-MOBILE Google Android libstagefright integer underflow attempt (os-mobile.rules) * 1:52287 <-> DISABLED <-> SERVER-OTHER Hummingbird InetD LPD buffer overflow attempt (server-other.rules) * 1:52286 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel MsoDrawingGroup record remote code execution attempt (file-office.rules) * 1:52285 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel MsoDrawingGroup record remote code execution attempt (file-office.rules) * 1:52284 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel MsoDrawingGroup record remote code execution attempt (file-office.rules) * 1:52283 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel MsoDrawingGroup record remote code execution attempt (file-office.rules) * 1:52307 <-> DISABLED <-> FILE-IMAGE Mutiple products libpng extra row heap overflow attempt (file-image.rules) * 1:52306 <-> DISABLED <-> FILE-IMAGE Mutiple products libpng extra row heap overflow attempt (file-image.rules) * 1:52305 <-> DISABLED <-> SERVER-WEBAPP MDaemon auto responder remote code execution attempt (server-webapp.rules) * 1:52304 <-> DISABLED <-> SERVER-WEBAPP MDaemon auto responder remote code execution attempt (server-webapp.rules) * 1:52303 <-> DISABLED <-> SERVER-WEBAPP MDaemon auto responder remote code execution attempt (server-webapp.rules) * 1:52302 <-> DISABLED <-> SERVER-WEBAPP MDaemon auto responder remote code execution attempt (server-webapp.rules) * 1:52301 <-> DISABLED <-> SERVER-WEBAPP MDaemon auto responder remote code execution attempt (server-webapp.rules) * 1:52300 <-> DISABLED <-> SERVER-WEBAPP MDaemon auto responder remote code execution attempt (server-webapp.rules) * 1:52299 <-> DISABLED <-> SERVER-WEBAPP MDaemon auto responder remote code execution attempt (server-webapp.rules) * 1:52298 <-> DISABLED <-> SERVER-WEBAPP MDaemon auto responder remote code execution attempt (server-webapp.rules) * 1:52297 <-> DISABLED <-> SERVER-WEBAPP MDaemon auto responder remote code execution attempt (server-webapp.rules) * 1:52296 <-> DISABLED <-> SERVER-WEBAPP MDaemon auto responder remote code execution attempt (server-webapp.rules) * 1:52295 <-> DISABLED <-> SERVER-WEBAPP MDaemon auto responder remote code execution attempt (server-webapp.rules) * 1:52294 <-> DISABLED <-> SERVER-WEBAPP MDaemon auto responder remote code execution attempt (server-webapp.rules) * 1:52293 <-> DISABLED <-> SERVER-WEBAPP MDaemon auto responder remote code execution attempt (server-webapp.rules) * 1:52292 <-> DISABLED <-> SERVER-WEBAPP MDaemon auto responder remote code execution attempt (server-webapp.rules)
* 1:51415 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari memory corruption attempt (browser-webkit.rules) * 1:51416 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari memory corruption attempt (browser-webkit.rules) * 1:27234 <-> DISABLED <-> SERVER-OTHER Microsoft Active Directory LDAP search denial of service attempt (server-other.rules) * 1:33654 <-> DISABLED <-> SERVER-OTHER OpenSSH maxstartup threshold potential connection exhaustion denial of service attempt (server-other.rules) * 3:36652 <-> ENABLED <-> SERVER-OTHER Cisco ESA malformed spf TXT record anti-spam bypass attempt (server-other.rules) * 3:37506 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-CAN-0086 attack attempt (file-pdf.rules) * 3:36223 <-> ENABLED <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2015-0005 attack attempt (os-windows.rules) * 3:36222 <-> ENABLED <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2015-0005 attack attempt (os-windows.rules) * 3:36211 <-> ENABLED <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2015-0002 attack attempt (os-windows.rules) * 3:37505 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-CAN-0086 attack attempt (file-pdf.rules) * 3:36210 <-> ENABLED <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2015-0002 attack attempt (os-windows.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091401.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:52303 <-> DISABLED <-> SERVER-WEBAPP MDaemon auto responder remote code execution attempt (server-webapp.rules) * 1:52285 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel MsoDrawingGroup record remote code execution attempt (file-office.rules) * 1:52284 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel MsoDrawingGroup record remote code execution attempt (file-office.rules) * 1:52290 <-> ENABLED <-> MALWARE-OTHER Win.Backdoor.Agent malicious DLL loader download attempt (malware-other.rules) * 1:52286 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel MsoDrawingGroup record remote code execution attempt (file-office.rules) * 1:52302 <-> DISABLED <-> SERVER-WEBAPP MDaemon auto responder remote code execution attempt (server-webapp.rules) * 1:52307 <-> DISABLED <-> FILE-IMAGE Mutiple products libpng extra row heap overflow attempt (file-image.rules) * 1:52306 <-> DISABLED <-> FILE-IMAGE Mutiple products libpng extra row heap overflow attempt (file-image.rules) * 1:52305 <-> DISABLED <-> SERVER-WEBAPP MDaemon auto responder remote code execution attempt (server-webapp.rules) * 1:52304 <-> DISABLED <-> SERVER-WEBAPP MDaemon auto responder remote code execution attempt (server-webapp.rules) * 1:52293 <-> DISABLED <-> SERVER-WEBAPP MDaemon auto responder remote code execution attempt (server-webapp.rules) * 1:52294 <-> DISABLED <-> SERVER-WEBAPP MDaemon auto responder remote code execution attempt (server-webapp.rules) * 1:52298 <-> DISABLED <-> SERVER-WEBAPP MDaemon auto responder remote code execution attempt (server-webapp.rules) * 1:52299 <-> DISABLED <-> SERVER-WEBAPP MDaemon auto responder remote code execution attempt (server-webapp.rules) * 1:52283 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel MsoDrawingGroup record remote code execution attempt (file-office.rules) * 1:52300 <-> DISABLED <-> SERVER-WEBAPP MDaemon auto responder remote code execution attempt (server-webapp.rules) * 1:52292 <-> DISABLED <-> SERVER-WEBAPP MDaemon auto responder remote code execution attempt (server-webapp.rules) * 1:52287 <-> DISABLED <-> SERVER-OTHER Hummingbird InetD LPD buffer overflow attempt (server-other.rules) * 1:52288 <-> DISABLED <-> OS-MOBILE Google Android libstagefright integer underflow attempt (os-mobile.rules) * 1:52301 <-> DISABLED <-> SERVER-WEBAPP MDaemon auto responder remote code execution attempt (server-webapp.rules) * 1:52291 <-> DISABLED <-> SERVER-WEBAPP MDaemon auto responder remote code execution attempt (server-webapp.rules) * 1:52296 <-> DISABLED <-> SERVER-WEBAPP MDaemon auto responder remote code execution attempt (server-webapp.rules) * 1:52297 <-> DISABLED <-> SERVER-WEBAPP MDaemon auto responder remote code execution attempt (server-webapp.rules) * 1:52289 <-> DISABLED <-> OS-MOBILE Google Android libstagefright integer underflow attempt (os-mobile.rules) * 1:52295 <-> DISABLED <-> SERVER-WEBAPP MDaemon auto responder remote code execution attempt (server-webapp.rules)
* 1:27234 <-> DISABLED <-> SERVER-OTHER Microsoft Active Directory LDAP search denial of service attempt (server-other.rules) * 1:33654 <-> DISABLED <-> SERVER-OTHER OpenSSH maxstartup threshold potential connection exhaustion denial of service attempt (server-other.rules) * 1:51415 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari memory corruption attempt (browser-webkit.rules) * 1:51416 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari memory corruption attempt (browser-webkit.rules) * 3:36223 <-> ENABLED <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2015-0005 attack attempt (os-windows.rules) * 3:36210 <-> ENABLED <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2015-0002 attack attempt (os-windows.rules) * 3:36222 <-> ENABLED <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2015-0005 attack attempt (os-windows.rules) * 3:37505 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-CAN-0086 attack attempt (file-pdf.rules) * 3:37506 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-CAN-0086 attack attempt (file-pdf.rules) * 3:36211 <-> ENABLED <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2015-0002 attack attempt (os-windows.rules) * 3:36652 <-> ENABLED <-> SERVER-OTHER Cisco ESA malformed spf TXT record anti-spam bypass attempt (server-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091300.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:52304 <-> DISABLED <-> SERVER-WEBAPP MDaemon auto responder remote code execution attempt (server-webapp.rules) * 1:52300 <-> DISABLED <-> SERVER-WEBAPP MDaemon auto responder remote code execution attempt (server-webapp.rules) * 1:52291 <-> DISABLED <-> SERVER-WEBAPP MDaemon auto responder remote code execution attempt (server-webapp.rules) * 1:52285 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel MsoDrawingGroup record remote code execution attempt (file-office.rules) * 1:52306 <-> DISABLED <-> FILE-IMAGE Mutiple products libpng extra row heap overflow attempt (file-image.rules) * 1:52305 <-> DISABLED <-> SERVER-WEBAPP MDaemon auto responder remote code execution attempt (server-webapp.rules) * 1:52307 <-> DISABLED <-> FILE-IMAGE Mutiple products libpng extra row heap overflow attempt (file-image.rules) * 1:52293 <-> DISABLED <-> SERVER-WEBAPP MDaemon auto responder remote code execution attempt (server-webapp.rules) * 1:52288 <-> DISABLED <-> OS-MOBILE Google Android libstagefright integer underflow attempt (os-mobile.rules) * 1:52294 <-> DISABLED <-> SERVER-WEBAPP MDaemon auto responder remote code execution attempt (server-webapp.rules) * 1:52289 <-> DISABLED <-> OS-MOBILE Google Android libstagefright integer underflow attempt (os-mobile.rules) * 1:52303 <-> DISABLED <-> SERVER-WEBAPP MDaemon auto responder remote code execution attempt (server-webapp.rules) * 1:52299 <-> DISABLED <-> SERVER-WEBAPP MDaemon auto responder remote code execution attempt (server-webapp.rules) * 1:52284 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel MsoDrawingGroup record remote code execution attempt (file-office.rules) * 1:52290 <-> ENABLED <-> MALWARE-OTHER Win.Backdoor.Agent malicious DLL loader download attempt (malware-other.rules) * 1:52296 <-> DISABLED <-> SERVER-WEBAPP MDaemon auto responder remote code execution attempt (server-webapp.rules) * 1:52297 <-> DISABLED <-> SERVER-WEBAPP MDaemon auto responder remote code execution attempt (server-webapp.rules) * 1:52283 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel MsoDrawingGroup record remote code execution attempt (file-office.rules) * 1:52286 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel MsoDrawingGroup record remote code execution attempt (file-office.rules) * 1:52298 <-> DISABLED <-> SERVER-WEBAPP MDaemon auto responder remote code execution attempt (server-webapp.rules) * 1:52295 <-> DISABLED <-> SERVER-WEBAPP MDaemon auto responder remote code execution attempt (server-webapp.rules) * 1:52287 <-> DISABLED <-> SERVER-OTHER Hummingbird InetD LPD buffer overflow attempt (server-other.rules) * 1:52292 <-> DISABLED <-> SERVER-WEBAPP MDaemon auto responder remote code execution attempt (server-webapp.rules) * 1:52302 <-> DISABLED <-> SERVER-WEBAPP MDaemon auto responder remote code execution attempt (server-webapp.rules) * 1:52301 <-> DISABLED <-> SERVER-WEBAPP MDaemon auto responder remote code execution attempt (server-webapp.rules)
* 1:27234 <-> DISABLED <-> SERVER-OTHER Microsoft Active Directory LDAP search denial of service attempt (server-other.rules) * 1:33654 <-> DISABLED <-> SERVER-OTHER OpenSSH maxstartup threshold potential connection exhaustion denial of service attempt (server-other.rules) * 1:51415 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari memory corruption attempt (browser-webkit.rules) * 1:51416 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari memory corruption attempt (browser-webkit.rules) * 3:36210 <-> ENABLED <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2015-0002 attack attempt (os-windows.rules) * 3:36222 <-> ENABLED <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2015-0005 attack attempt (os-windows.rules) * 3:36211 <-> ENABLED <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2015-0002 attack attempt (os-windows.rules) * 3:36223 <-> ENABLED <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2015-0005 attack attempt (os-windows.rules) * 3:37506 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-CAN-0086 attack attempt (file-pdf.rules) * 3:37505 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-CAN-0086 attack attempt (file-pdf.rules) * 3:36652 <-> ENABLED <-> SERVER-OTHER Cisco ESA malformed spf TXT record anti-spam bypass attempt (server-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091200.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:52302 <-> DISABLED <-> SERVER-WEBAPP MDaemon auto responder remote code execution attempt (server-webapp.rules) * 1:52304 <-> DISABLED <-> SERVER-WEBAPP MDaemon auto responder remote code execution attempt (server-webapp.rules) * 1:52286 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel MsoDrawingGroup record remote code execution attempt (file-office.rules) * 1:52306 <-> DISABLED <-> FILE-IMAGE Mutiple products libpng extra row heap overflow attempt (file-image.rules) * 1:52294 <-> DISABLED <-> SERVER-WEBAPP MDaemon auto responder remote code execution attempt (server-webapp.rules) * 1:52289 <-> DISABLED <-> OS-MOBILE Google Android libstagefright integer underflow attempt (os-mobile.rules) * 1:52307 <-> DISABLED <-> FILE-IMAGE Mutiple products libpng extra row heap overflow attempt (file-image.rules) * 1:52285 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel MsoDrawingGroup record remote code execution attempt (file-office.rules) * 1:52303 <-> DISABLED <-> SERVER-WEBAPP MDaemon auto responder remote code execution attempt (server-webapp.rules) * 1:52288 <-> DISABLED <-> OS-MOBILE Google Android libstagefright integer underflow attempt (os-mobile.rules) * 1:52297 <-> DISABLED <-> SERVER-WEBAPP MDaemon auto responder remote code execution attempt (server-webapp.rules) * 1:52295 <-> DISABLED <-> SERVER-WEBAPP MDaemon auto responder remote code execution attempt (server-webapp.rules) * 1:52292 <-> DISABLED <-> SERVER-WEBAPP MDaemon auto responder remote code execution attempt (server-webapp.rules) * 1:52296 <-> DISABLED <-> SERVER-WEBAPP MDaemon auto responder remote code execution attempt (server-webapp.rules) * 1:52287 <-> DISABLED <-> SERVER-OTHER Hummingbird InetD LPD buffer overflow attempt (server-other.rules) * 1:52284 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel MsoDrawingGroup record remote code execution attempt (file-office.rules) * 1:52290 <-> ENABLED <-> MALWARE-OTHER Win.Backdoor.Agent malicious DLL loader download attempt (malware-other.rules) * 1:52283 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel MsoDrawingGroup record remote code execution attempt (file-office.rules) * 1:52298 <-> DISABLED <-> SERVER-WEBAPP MDaemon auto responder remote code execution attempt (server-webapp.rules) * 1:52301 <-> DISABLED <-> SERVER-WEBAPP MDaemon auto responder remote code execution attempt (server-webapp.rules) * 1:52305 <-> DISABLED <-> SERVER-WEBAPP MDaemon auto responder remote code execution attempt (server-webapp.rules) * 1:52293 <-> DISABLED <-> SERVER-WEBAPP MDaemon auto responder remote code execution attempt (server-webapp.rules) * 1:52300 <-> DISABLED <-> SERVER-WEBAPP MDaemon auto responder remote code execution attempt (server-webapp.rules) * 1:52299 <-> DISABLED <-> SERVER-WEBAPP MDaemon auto responder remote code execution attempt (server-webapp.rules) * 1:52291 <-> DISABLED <-> SERVER-WEBAPP MDaemon auto responder remote code execution attempt (server-webapp.rules)
* 1:27234 <-> DISABLED <-> SERVER-OTHER Microsoft Active Directory LDAP search denial of service attempt (server-other.rules) * 1:33654 <-> DISABLED <-> SERVER-OTHER OpenSSH maxstartup threshold potential connection exhaustion denial of service attempt (server-other.rules) * 1:51415 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari memory corruption attempt (browser-webkit.rules) * 1:51416 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari memory corruption attempt (browser-webkit.rules) * 3:36210 <-> ENABLED <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2015-0002 attack attempt (os-windows.rules) * 3:36223 <-> ENABLED <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2015-0005 attack attempt (os-windows.rules) * 3:36211 <-> ENABLED <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2015-0002 attack attempt (os-windows.rules) * 3:37505 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-CAN-0086 attack attempt (file-pdf.rules) * 3:36652 <-> ENABLED <-> SERVER-OTHER Cisco ESA malformed spf TXT record anti-spam bypass attempt (server-other.rules) * 3:36222 <-> ENABLED <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2015-0005 attack attempt (os-windows.rules) * 3:37506 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-CAN-0086 attack attempt (file-pdf.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091101.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:52305 <-> DISABLED <-> SERVER-WEBAPP MDaemon auto responder remote code execution attempt (server-webapp.rules) * 1:52304 <-> DISABLED <-> SERVER-WEBAPP MDaemon auto responder remote code execution attempt (server-webapp.rules) * 1:52291 <-> DISABLED <-> SERVER-WEBAPP MDaemon auto responder remote code execution attempt (server-webapp.rules) * 1:52297 <-> DISABLED <-> SERVER-WEBAPP MDaemon auto responder remote code execution attempt (server-webapp.rules) * 1:52296 <-> DISABLED <-> SERVER-WEBAPP MDaemon auto responder remote code execution attempt (server-webapp.rules) * 1:52286 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel MsoDrawingGroup record remote code execution attempt (file-office.rules) * 1:52302 <-> DISABLED <-> SERVER-WEBAPP MDaemon auto responder remote code execution attempt (server-webapp.rules) * 1:52284 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel MsoDrawingGroup record remote code execution attempt (file-office.rules) * 1:52289 <-> DISABLED <-> OS-MOBILE Google Android libstagefright integer underflow attempt (os-mobile.rules) * 1:52295 <-> DISABLED <-> SERVER-WEBAPP MDaemon auto responder remote code execution attempt (server-webapp.rules) * 1:52293 <-> DISABLED <-> SERVER-WEBAPP MDaemon auto responder remote code execution attempt (server-webapp.rules) * 1:52303 <-> DISABLED <-> SERVER-WEBAPP MDaemon auto responder remote code execution attempt (server-webapp.rules) * 1:52290 <-> ENABLED <-> MALWARE-OTHER Win.Backdoor.Agent malicious DLL loader download attempt (malware-other.rules) * 1:52294 <-> DISABLED <-> SERVER-WEBAPP MDaemon auto responder remote code execution attempt (server-webapp.rules) * 1:52292 <-> DISABLED <-> SERVER-WEBAPP MDaemon auto responder remote code execution attempt (server-webapp.rules) * 1:52283 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel MsoDrawingGroup record remote code execution attempt (file-office.rules) * 1:52300 <-> DISABLED <-> SERVER-WEBAPP MDaemon auto responder remote code execution attempt (server-webapp.rules) * 1:52301 <-> DISABLED <-> SERVER-WEBAPP MDaemon auto responder remote code execution attempt (server-webapp.rules) * 1:52298 <-> DISABLED <-> SERVER-WEBAPP MDaemon auto responder remote code execution attempt (server-webapp.rules) * 1:52299 <-> DISABLED <-> SERVER-WEBAPP MDaemon auto responder remote code execution attempt (server-webapp.rules) * 1:52287 <-> DISABLED <-> SERVER-OTHER Hummingbird InetD LPD buffer overflow attempt (server-other.rules) * 1:52307 <-> DISABLED <-> FILE-IMAGE Mutiple products libpng extra row heap overflow attempt (file-image.rules) * 1:52285 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel MsoDrawingGroup record remote code execution attempt (file-office.rules) * 1:52288 <-> DISABLED <-> OS-MOBILE Google Android libstagefright integer underflow attempt (os-mobile.rules) * 1:52306 <-> DISABLED <-> FILE-IMAGE Mutiple products libpng extra row heap overflow attempt (file-image.rules)
* 1:27234 <-> DISABLED <-> SERVER-OTHER Microsoft Active Directory LDAP search denial of service attempt (server-other.rules) * 1:33654 <-> DISABLED <-> SERVER-OTHER OpenSSH maxstartup threshold potential connection exhaustion denial of service attempt (server-other.rules) * 1:51415 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari memory corruption attempt (browser-webkit.rules) * 1:51416 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari memory corruption attempt (browser-webkit.rules) * 3:36222 <-> ENABLED <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2015-0005 attack attempt (os-windows.rules) * 3:36223 <-> ENABLED <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2015-0005 attack attempt (os-windows.rules) * 3:36210 <-> ENABLED <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2015-0002 attack attempt (os-windows.rules) * 3:36211 <-> ENABLED <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2015-0002 attack attempt (os-windows.rules) * 3:37505 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-CAN-0086 attack attempt (file-pdf.rules) * 3:36652 <-> ENABLED <-> SERVER-OTHER Cisco ESA malformed spf TXT record anti-spam bypass attempt (server-other.rules) * 3:37506 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-CAN-0086 attack attempt (file-pdf.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3000.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:52294 <-> DISABLED <-> SERVER-WEBAPP MDaemon auto responder remote code execution attempt (snort3-server-webapp.rules) * 1:52307 <-> DISABLED <-> FILE-IMAGE Mutiple products libpng extra row heap overflow attempt (snort3-file-image.rules) * 1:52306 <-> DISABLED <-> FILE-IMAGE Mutiple products libpng extra row heap overflow attempt (snort3-file-image.rules) * 1:52287 <-> DISABLED <-> SERVER-OTHER Hummingbird InetD LPD buffer overflow attempt (snort3-server-other.rules) * 1:52296 <-> DISABLED <-> SERVER-WEBAPP MDaemon auto responder remote code execution attempt (snort3-server-webapp.rules) * 1:52291 <-> DISABLED <-> SERVER-WEBAPP MDaemon auto responder remote code execution attempt (snort3-server-webapp.rules) * 1:52292 <-> DISABLED <-> SERVER-WEBAPP MDaemon auto responder remote code execution attempt (snort3-server-webapp.rules) * 1:52285 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel MsoDrawingGroup record remote code execution attempt (snort3-file-office.rules) * 1:52289 <-> DISABLED <-> OS-MOBILE Google Android libstagefright integer underflow attempt (snort3-os-mobile.rules) * 1:52283 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel MsoDrawingGroup record remote code execution attempt (snort3-file-office.rules) * 1:52286 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel MsoDrawingGroup record remote code execution attempt (snort3-file-office.rules) * 1:52304 <-> DISABLED <-> SERVER-WEBAPP MDaemon auto responder remote code execution attempt (snort3-server-webapp.rules) * 1:52288 <-> DISABLED <-> OS-MOBILE Google Android libstagefright integer underflow attempt (snort3-os-mobile.rules) * 1:52299 <-> DISABLED <-> SERVER-WEBAPP MDaemon auto responder remote code execution attempt (snort3-server-webapp.rules) * 1:52297 <-> DISABLED <-> SERVER-WEBAPP MDaemon auto responder remote code execution attempt (snort3-server-webapp.rules) * 1:52300 <-> DISABLED <-> SERVER-WEBAPP MDaemon auto responder remote code execution attempt (snort3-server-webapp.rules) * 1:52301 <-> DISABLED <-> SERVER-WEBAPP MDaemon auto responder remote code execution attempt (snort3-server-webapp.rules) * 1:52295 <-> DISABLED <-> SERVER-WEBAPP MDaemon auto responder remote code execution attempt (snort3-server-webapp.rules) * 1:52305 <-> DISABLED <-> SERVER-WEBAPP MDaemon auto responder remote code execution attempt (snort3-server-webapp.rules) * 1:52298 <-> DISABLED <-> SERVER-WEBAPP MDaemon auto responder remote code execution attempt (snort3-server-webapp.rules) * 1:52293 <-> DISABLED <-> SERVER-WEBAPP MDaemon auto responder remote code execution attempt (snort3-server-webapp.rules) * 1:52290 <-> ENABLED <-> MALWARE-OTHER Win.Backdoor.Agent malicious DLL loader download attempt (snort3-malware-other.rules) * 1:52302 <-> DISABLED <-> SERVER-WEBAPP MDaemon auto responder remote code execution attempt (snort3-server-webapp.rules) * 1:52284 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel MsoDrawingGroup record remote code execution attempt (snort3-file-office.rules) * 1:52303 <-> DISABLED <-> SERVER-WEBAPP MDaemon auto responder remote code execution attempt (snort3-server-webapp.rules)
* 1:27234 <-> DISABLED <-> SERVER-OTHER Microsoft Active Directory LDAP search denial of service attempt (snort3-server-other.rules) * 1:33654 <-> DISABLED <-> SERVER-OTHER OpenSSH maxstartup threshold potential connection exhaustion denial of service attempt (snort3-server-other.rules) * 1:51415 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari memory corruption attempt (snort3-browser-webkit.rules) * 1:51416 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari memory corruption attempt (snort3-browser-webkit.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2990.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:52289 <-> DISABLED <-> OS-MOBILE Google Android libstagefright integer underflow attempt (os-mobile.rules) * 1:52300 <-> DISABLED <-> SERVER-WEBAPP MDaemon auto responder remote code execution attempt (server-webapp.rules) * 1:52292 <-> DISABLED <-> SERVER-WEBAPP MDaemon auto responder remote code execution attempt (server-webapp.rules) * 1:52293 <-> DISABLED <-> SERVER-WEBAPP MDaemon auto responder remote code execution attempt (server-webapp.rules) * 1:52302 <-> DISABLED <-> SERVER-WEBAPP MDaemon auto responder remote code execution attempt (server-webapp.rules) * 1:52299 <-> DISABLED <-> SERVER-WEBAPP MDaemon auto responder remote code execution attempt (server-webapp.rules) * 1:52284 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel MsoDrawingGroup record remote code execution attempt (file-office.rules) * 1:52286 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel MsoDrawingGroup record remote code execution attempt (file-office.rules) * 1:52287 <-> DISABLED <-> SERVER-OTHER Hummingbird InetD LPD buffer overflow attempt (server-other.rules) * 1:52295 <-> DISABLED <-> SERVER-WEBAPP MDaemon auto responder remote code execution attempt (server-webapp.rules) * 1:52288 <-> DISABLED <-> OS-MOBILE Google Android libstagefright integer underflow attempt (os-mobile.rules) * 1:52285 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel MsoDrawingGroup record remote code execution attempt (file-office.rules) * 1:52291 <-> DISABLED <-> SERVER-WEBAPP MDaemon auto responder remote code execution attempt (server-webapp.rules) * 1:52297 <-> DISABLED <-> SERVER-WEBAPP MDaemon auto responder remote code execution attempt (server-webapp.rules) * 1:52296 <-> DISABLED <-> SERVER-WEBAPP MDaemon auto responder remote code execution attempt (server-webapp.rules) * 1:52305 <-> DISABLED <-> SERVER-WEBAPP MDaemon auto responder remote code execution attempt (server-webapp.rules) * 1:52290 <-> ENABLED <-> MALWARE-OTHER Win.Backdoor.Agent malicious DLL loader download attempt (malware-other.rules) * 1:52294 <-> DISABLED <-> SERVER-WEBAPP MDaemon auto responder remote code execution attempt (server-webapp.rules) * 1:52304 <-> DISABLED <-> SERVER-WEBAPP MDaemon auto responder remote code execution attempt (server-webapp.rules) * 1:52298 <-> DISABLED <-> SERVER-WEBAPP MDaemon auto responder remote code execution attempt (server-webapp.rules) * 1:52306 <-> DISABLED <-> FILE-IMAGE Mutiple products libpng extra row heap overflow attempt (file-image.rules) * 1:52301 <-> DISABLED <-> SERVER-WEBAPP MDaemon auto responder remote code execution attempt (server-webapp.rules) * 1:52303 <-> DISABLED <-> SERVER-WEBAPP MDaemon auto responder remote code execution attempt (server-webapp.rules) * 1:52307 <-> DISABLED <-> FILE-IMAGE Mutiple products libpng extra row heap overflow attempt (file-image.rules) * 1:52283 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel MsoDrawingGroup record remote code execution attempt (file-office.rules)
* 1:27234 <-> DISABLED <-> SERVER-OTHER Microsoft Active Directory LDAP search denial of service attempt (server-other.rules) * 1:33654 <-> DISABLED <-> SERVER-OTHER OpenSSH maxstartup threshold potential connection exhaustion denial of service attempt (server-other.rules) * 1:51415 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari memory corruption attempt (browser-webkit.rules) * 1:51416 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari memory corruption attempt (browser-webkit.rules) * 3:36210 <-> ENABLED <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2015-0002 attack attempt (os-windows.rules) * 3:36652 <-> ENABLED <-> SERVER-OTHER Cisco ESA malformed spf TXT record anti-spam bypass attempt (server-other.rules) * 3:36223 <-> ENABLED <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2015-0005 attack attempt (os-windows.rules) * 3:36211 <-> ENABLED <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2015-0002 attack attempt (os-windows.rules) * 3:37506 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-CAN-0086 attack attempt (file-pdf.rules) * 3:36222 <-> ENABLED <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2015-0005 attack attempt (os-windows.rules) * 3:37505 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-CAN-0086 attack attempt (file-pdf.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:52304 <-> DISABLED <-> SERVER-WEBAPP MDaemon auto responder remote code execution attempt (server-webapp.rules) * 1:52306 <-> DISABLED <-> FILE-IMAGE Mutiple products libpng extra row heap overflow attempt (file-image.rules) * 1:52296 <-> DISABLED <-> SERVER-WEBAPP MDaemon auto responder remote code execution attempt (server-webapp.rules) * 1:52307 <-> DISABLED <-> FILE-IMAGE Mutiple products libpng extra row heap overflow attempt (file-image.rules) * 1:52287 <-> DISABLED <-> SERVER-OTHER Hummingbird InetD LPD buffer overflow attempt (server-other.rules) * 1:52293 <-> DISABLED <-> SERVER-WEBAPP MDaemon auto responder remote code execution attempt (server-webapp.rules) * 1:52300 <-> DISABLED <-> SERVER-WEBAPP MDaemon auto responder remote code execution attempt (server-webapp.rules) * 1:52298 <-> DISABLED <-> SERVER-WEBAPP MDaemon auto responder remote code execution attempt (server-webapp.rules) * 1:52302 <-> DISABLED <-> SERVER-WEBAPP MDaemon auto responder remote code execution attempt (server-webapp.rules) * 1:52283 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel MsoDrawingGroup record remote code execution attempt (file-office.rules) * 1:52290 <-> ENABLED <-> MALWARE-OTHER Win.Backdoor.Agent malicious DLL loader download attempt (malware-other.rules) * 1:52297 <-> DISABLED <-> SERVER-WEBAPP MDaemon auto responder remote code execution attempt (server-webapp.rules) * 1:52295 <-> DISABLED <-> SERVER-WEBAPP MDaemon auto responder remote code execution attempt (server-webapp.rules) * 1:52305 <-> DISABLED <-> SERVER-WEBAPP MDaemon auto responder remote code execution attempt (server-webapp.rules) * 1:52301 <-> DISABLED <-> SERVER-WEBAPP MDaemon auto responder remote code execution attempt (server-webapp.rules) * 1:52291 <-> DISABLED <-> SERVER-WEBAPP MDaemon auto responder remote code execution attempt (server-webapp.rules) * 1:52294 <-> DISABLED <-> SERVER-WEBAPP MDaemon auto responder remote code execution attempt (server-webapp.rules) * 1:52299 <-> DISABLED <-> SERVER-WEBAPP MDaemon auto responder remote code execution attempt (server-webapp.rules) * 1:52286 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel MsoDrawingGroup record remote code execution attempt (file-office.rules) * 1:52288 <-> DISABLED <-> OS-MOBILE Google Android libstagefright integer underflow attempt (os-mobile.rules) * 1:52285 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel MsoDrawingGroup record remote code execution attempt (file-office.rules) * 1:52303 <-> DISABLED <-> SERVER-WEBAPP MDaemon auto responder remote code execution attempt (server-webapp.rules) * 1:52289 <-> DISABLED <-> OS-MOBILE Google Android libstagefright integer underflow attempt (os-mobile.rules) * 1:52284 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel MsoDrawingGroup record remote code execution attempt (file-office.rules) * 1:52292 <-> DISABLED <-> SERVER-WEBAPP MDaemon auto responder remote code execution attempt (server-webapp.rules)
* 1:27234 <-> DISABLED <-> SERVER-OTHER Microsoft Active Directory LDAP search denial of service attempt (server-other.rules) * 1:33654 <-> DISABLED <-> SERVER-OTHER OpenSSH maxstartup threshold potential connection exhaustion denial of service attempt (server-other.rules) * 1:51415 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari memory corruption attempt (browser-webkit.rules) * 1:51416 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari memory corruption attempt (browser-webkit.rules) * 3:36210 <-> ENABLED <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2015-0002 attack attempt (os-windows.rules) * 3:36211 <-> ENABLED <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2015-0002 attack attempt (os-windows.rules) * 3:36223 <-> ENABLED <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2015-0005 attack attempt (os-windows.rules) * 3:36222 <-> ENABLED <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2015-0005 attack attempt (os-windows.rules) * 3:37506 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-CAN-0086 attack attempt (file-pdf.rules) * 3:37505 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-CAN-0086 attack attempt (file-pdf.rules) * 3:36652 <-> ENABLED <-> SERVER-OTHER Cisco ESA malformed spf TXT record anti-spam bypass attempt (server-other.rules)
©2024 Cisco and/or its affiliates. Snort, the Snort and Pig logo are registered trademarks of Cisco. All rights reserved.
