Talos has added and modified multiple rules in the browser-ie, file-identify, file-image, indicator-compromise, malware-tools and server-webapp rule sets to provide coverage for emerging threats from these technologies.
For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091501.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:52524 <-> DISABLED <-> PROTOCOL-DNS dnsmasq crafted OPT record denial of service attempt (protocol-dns.rules) * 1:52523 <-> DISABLED <-> BROWSER-IE Microsoft Edge Chakra ProcessLinkFailedAsmJsModule type confusion attempt (browser-ie.rules) * 1:52522 <-> DISABLED <-> BROWSER-IE Microsoft Edge Chakra ProcessLinkFailedAsmJsModule type confusion attempt (browser-ie.rules) * 1:52521 <-> DISABLED <-> BROWSER-IE Microsoft Edge Chakra ProcessLinkFailedAsmJsModule type confusion attempt (browser-ie.rules) * 1:52520 <-> DISABLED <-> BROWSER-IE Microsoft Edge Chakra ProcessLinkFailedAsmJsModule type confusion attempt (browser-ie.rules) * 1:52519 <-> ENABLED <-> MALWARE-TOOLS Win.Trojan.ReverseTcpPowershell download attempt (malware-tools.rules) * 1:52518 <-> ENABLED <-> MALWARE-TOOLS Win.Trojan.ReverseTcpPowershell download attempt (malware-tools.rules) * 1:52517 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.ReverseTcpPowershell connection attempt (indicator-compromise.rules) * 1:52516 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.ReverseTcpPowershell connection attempt (indicator-compromise.rules) * 1:52515 <-> DISABLED <-> SERVER-WEBAPP Chimera Web Portal System cross site scripting attempt (server-webapp.rules) * 1:52514 <-> DISABLED <-> SERVER-WEBAPP Chimera Web Portal System cross site scripting attempt (server-webapp.rules) * 3:52528 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager directory traversal attempt (server-webapp.rules) * 3:52531 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager directory traversal attempt (server-webapp.rules) * 3:52536 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager directory traversal attempt (server-webapp.rules) * 3:52535 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager directory traversal attempt (server-webapp.rules) * 3:52525 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager XML external entity injection attempt (server-webapp.rules) * 3:52526 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager XML external entity injection attempt (server-webapp.rules) * 3:52527 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager XML external entity injection attempt (server-webapp.rules) * 3:52533 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager directory traversal attempt (server-webapp.rules) * 3:52529 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager directory traversal attempt (server-webapp.rules) * 3:52547 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager SanWS importTS arbitrary file upload attempt (server-webapp.rules) * 3:52546 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager LanFabricImpl createLanFabric command injection attempt (server-webapp.rules) * 3:52545 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager directory traversal attempt (server-webapp.rules) * 3:52534 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager directory traversal attempt (server-webapp.rules) * 3:52544 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager SQL injection attempt (server-webapp.rules) * 3:52543 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager SQL injection attempt (server-webapp.rules) * 3:52542 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager displayServerInfos information disclosure attempt (server-webapp.rules) * 3:52541 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager directory traversal attempt (server-webapp.rules) * 3:52540 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager directory traversal attempt (server-webapp.rules) * 3:52539 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager directory traversal attempt (server-webapp.rules) * 3:52538 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager directory traversal attempt (server-webapp.rules) * 3:52530 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager directory traversal attempt (server-webapp.rules) * 3:52537 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager directory traversal attempt (server-webapp.rules) * 3:52532 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager directory traversal attempt (server-webapp.rules)
* 1:24464 <-> ENABLED <-> FILE-IDENTIFY TIFF file attachment detected (file-identify.rules) * 1:24463 <-> ENABLED <-> FILE-IDENTIFY TIFF file attachment detected (file-identify.rules) * 1:17732 <-> ENABLED <-> FILE-IDENTIFY TIFF file download request (file-identify.rules) * 1:52499 <-> DISABLED <-> FILE-IMAGE Adobe Photoshop Camera Raw plug-in TIFF image processing buffer underflow attempt (file-image.rules) * 1:52500 <-> DISABLED <-> FILE-IMAGE Adobe Photoshop Camera Raw plug-in TIFF image processing buffer underflow attempt (file-image.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091500.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:52518 <-> ENABLED <-> MALWARE-TOOLS Win.Trojan.ReverseTcpPowershell download attempt (malware-tools.rules) * 1:52517 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.ReverseTcpPowershell connection attempt (indicator-compromise.rules) * 1:52520 <-> DISABLED <-> BROWSER-IE Microsoft Edge Chakra ProcessLinkFailedAsmJsModule type confusion attempt (browser-ie.rules) * 1:52519 <-> ENABLED <-> MALWARE-TOOLS Win.Trojan.ReverseTcpPowershell download attempt (malware-tools.rules) * 1:52522 <-> DISABLED <-> BROWSER-IE Microsoft Edge Chakra ProcessLinkFailedAsmJsModule type confusion attempt (browser-ie.rules) * 1:52524 <-> DISABLED <-> PROTOCOL-DNS dnsmasq crafted OPT record denial of service attempt (protocol-dns.rules) * 1:52523 <-> DISABLED <-> BROWSER-IE Microsoft Edge Chakra ProcessLinkFailedAsmJsModule type confusion attempt (browser-ie.rules) * 1:52514 <-> DISABLED <-> SERVER-WEBAPP Chimera Web Portal System cross site scripting attempt (server-webapp.rules) * 1:52516 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.ReverseTcpPowershell connection attempt (indicator-compromise.rules) * 1:52515 <-> DISABLED <-> SERVER-WEBAPP Chimera Web Portal System cross site scripting attempt (server-webapp.rules) * 1:52521 <-> DISABLED <-> BROWSER-IE Microsoft Edge Chakra ProcessLinkFailedAsmJsModule type confusion attempt (browser-ie.rules) * 3:52526 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager XML external entity injection attempt (server-webapp.rules) * 3:52528 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager directory traversal attempt (server-webapp.rules) * 3:52525 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager XML external entity injection attempt (server-webapp.rules) * 3:52535 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager directory traversal attempt (server-webapp.rules) * 3:52532 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager directory traversal attempt (server-webapp.rules) * 3:52546 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager LanFabricImpl createLanFabric command injection attempt (server-webapp.rules) * 3:52537 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager directory traversal attempt (server-webapp.rules) * 3:52527 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager XML external entity injection attempt (server-webapp.rules) * 3:52531 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager directory traversal attempt (server-webapp.rules) * 3:52530 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager directory traversal attempt (server-webapp.rules) * 3:52538 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager directory traversal attempt (server-webapp.rules) * 3:52539 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager directory traversal attempt (server-webapp.rules) * 3:52540 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager directory traversal attempt (server-webapp.rules) * 3:52541 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager directory traversal attempt (server-webapp.rules) * 3:52542 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager displayServerInfos information disclosure attempt (server-webapp.rules) * 3:52543 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager SQL injection attempt (server-webapp.rules) * 3:52529 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager directory traversal attempt (server-webapp.rules) * 3:52547 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager SanWS importTS arbitrary file upload attempt (server-webapp.rules) * 3:52545 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager directory traversal attempt (server-webapp.rules) * 3:52533 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager directory traversal attempt (server-webapp.rules) * 3:52536 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager directory traversal attempt (server-webapp.rules) * 3:52534 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager directory traversal attempt (server-webapp.rules) * 3:52544 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager SQL injection attempt (server-webapp.rules)
* 1:52500 <-> DISABLED <-> FILE-IMAGE Adobe Photoshop Camera Raw plug-in TIFF image processing buffer underflow attempt (file-image.rules) * 1:52499 <-> DISABLED <-> FILE-IMAGE Adobe Photoshop Camera Raw plug-in TIFF image processing buffer underflow attempt (file-image.rules) * 1:24463 <-> ENABLED <-> FILE-IDENTIFY TIFF file attachment detected (file-identify.rules) * 1:17732 <-> ENABLED <-> FILE-IDENTIFY TIFF file download request (file-identify.rules) * 1:24464 <-> ENABLED <-> FILE-IDENTIFY TIFF file attachment detected (file-identify.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091401.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:52517 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.ReverseTcpPowershell connection attempt (indicator-compromise.rules) * 1:52520 <-> DISABLED <-> BROWSER-IE Microsoft Edge Chakra ProcessLinkFailedAsmJsModule type confusion attempt (browser-ie.rules) * 1:52524 <-> DISABLED <-> PROTOCOL-DNS dnsmasq crafted OPT record denial of service attempt (protocol-dns.rules) * 1:52522 <-> DISABLED <-> BROWSER-IE Microsoft Edge Chakra ProcessLinkFailedAsmJsModule type confusion attempt (browser-ie.rules) * 1:52523 <-> DISABLED <-> BROWSER-IE Microsoft Edge Chakra ProcessLinkFailedAsmJsModule type confusion attempt (browser-ie.rules) * 1:52516 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.ReverseTcpPowershell connection attempt (indicator-compromise.rules) * 1:52518 <-> ENABLED <-> MALWARE-TOOLS Win.Trojan.ReverseTcpPowershell download attempt (malware-tools.rules) * 1:52515 <-> DISABLED <-> SERVER-WEBAPP Chimera Web Portal System cross site scripting attempt (server-webapp.rules) * 1:52521 <-> DISABLED <-> BROWSER-IE Microsoft Edge Chakra ProcessLinkFailedAsmJsModule type confusion attempt (browser-ie.rules) * 1:52514 <-> DISABLED <-> SERVER-WEBAPP Chimera Web Portal System cross site scripting attempt (server-webapp.rules) * 1:52519 <-> ENABLED <-> MALWARE-TOOLS Win.Trojan.ReverseTcpPowershell download attempt (malware-tools.rules) * 3:52535 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager directory traversal attempt (server-webapp.rules) * 3:52525 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager XML external entity injection attempt (server-webapp.rules) * 3:52528 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager directory traversal attempt (server-webapp.rules) * 3:52545 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager directory traversal attempt (server-webapp.rules) * 3:52537 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager directory traversal attempt (server-webapp.rules) * 3:52529 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager directory traversal attempt (server-webapp.rules) * 3:52547 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager SanWS importTS arbitrary file upload attempt (server-webapp.rules) * 3:52546 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager LanFabricImpl createLanFabric command injection attempt (server-webapp.rules) * 3:52527 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager XML external entity injection attempt (server-webapp.rules) * 3:52531 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager directory traversal attempt (server-webapp.rules) * 3:52532 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager directory traversal attempt (server-webapp.rules) * 3:52530 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager directory traversal attempt (server-webapp.rules) * 3:52539 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager directory traversal attempt (server-webapp.rules) * 3:52540 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager directory traversal attempt (server-webapp.rules) * 3:52536 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager directory traversal attempt (server-webapp.rules) * 3:52533 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager directory traversal attempt (server-webapp.rules) * 3:52534 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager directory traversal attempt (server-webapp.rules) * 3:52541 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager directory traversal attempt (server-webapp.rules) * 3:52542 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager displayServerInfos information disclosure attempt (server-webapp.rules) * 3:52544 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager SQL injection attempt (server-webapp.rules) * 3:52543 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager SQL injection attempt (server-webapp.rules) * 3:52538 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager directory traversal attempt (server-webapp.rules) * 3:52526 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager XML external entity injection attempt (server-webapp.rules)
* 1:52500 <-> DISABLED <-> FILE-IMAGE Adobe Photoshop Camera Raw plug-in TIFF image processing buffer underflow attempt (file-image.rules) * 1:52499 <-> DISABLED <-> FILE-IMAGE Adobe Photoshop Camera Raw plug-in TIFF image processing buffer underflow attempt (file-image.rules) * 1:24463 <-> ENABLED <-> FILE-IDENTIFY TIFF file attachment detected (file-identify.rules) * 1:17732 <-> ENABLED <-> FILE-IDENTIFY TIFF file download request (file-identify.rules) * 1:24464 <-> ENABLED <-> FILE-IDENTIFY TIFF file attachment detected (file-identify.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091300.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:52514 <-> DISABLED <-> SERVER-WEBAPP Chimera Web Portal System cross site scripting attempt (server-webapp.rules) * 1:52518 <-> ENABLED <-> MALWARE-TOOLS Win.Trojan.ReverseTcpPowershell download attempt (malware-tools.rules) * 1:52522 <-> DISABLED <-> BROWSER-IE Microsoft Edge Chakra ProcessLinkFailedAsmJsModule type confusion attempt (browser-ie.rules) * 1:52517 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.ReverseTcpPowershell connection attempt (indicator-compromise.rules) * 1:52519 <-> ENABLED <-> MALWARE-TOOLS Win.Trojan.ReverseTcpPowershell download attempt (malware-tools.rules) * 1:52524 <-> DISABLED <-> PROTOCOL-DNS dnsmasq crafted OPT record denial of service attempt (protocol-dns.rules) * 1:52523 <-> DISABLED <-> BROWSER-IE Microsoft Edge Chakra ProcessLinkFailedAsmJsModule type confusion attempt (browser-ie.rules) * 1:52515 <-> DISABLED <-> SERVER-WEBAPP Chimera Web Portal System cross site scripting attempt (server-webapp.rules) * 1:52521 <-> DISABLED <-> BROWSER-IE Microsoft Edge Chakra ProcessLinkFailedAsmJsModule type confusion attempt (browser-ie.rules) * 1:52516 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.ReverseTcpPowershell connection attempt (indicator-compromise.rules) * 1:52520 <-> DISABLED <-> BROWSER-IE Microsoft Edge Chakra ProcessLinkFailedAsmJsModule type confusion attempt (browser-ie.rules) * 3:52545 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager directory traversal attempt (server-webapp.rules) * 3:52546 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager LanFabricImpl createLanFabric command injection attempt (server-webapp.rules) * 3:52530 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager directory traversal attempt (server-webapp.rules) * 3:52535 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager directory traversal attempt (server-webapp.rules) * 3:52538 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager directory traversal attempt (server-webapp.rules) * 3:52533 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager directory traversal attempt (server-webapp.rules) * 3:52529 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager directory traversal attempt (server-webapp.rules) * 3:52531 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager directory traversal attempt (server-webapp.rules) * 3:52528 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager directory traversal attempt (server-webapp.rules) * 3:52536 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager directory traversal attempt (server-webapp.rules) * 3:52534 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager directory traversal attempt (server-webapp.rules) * 3:52525 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager XML external entity injection attempt (server-webapp.rules) * 3:52537 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager directory traversal attempt (server-webapp.rules) * 3:52532 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager directory traversal attempt (server-webapp.rules) * 3:52544 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager SQL injection attempt (server-webapp.rules) * 3:52539 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager directory traversal attempt (server-webapp.rules) * 3:52526 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager XML external entity injection attempt (server-webapp.rules) * 3:52527 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager XML external entity injection attempt (server-webapp.rules) * 3:52540 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager directory traversal attempt (server-webapp.rules) * 3:52541 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager directory traversal attempt (server-webapp.rules) * 3:52542 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager displayServerInfos information disclosure attempt (server-webapp.rules) * 3:52543 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager SQL injection attempt (server-webapp.rules) * 3:52547 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager SanWS importTS arbitrary file upload attempt (server-webapp.rules)
* 1:24464 <-> ENABLED <-> FILE-IDENTIFY TIFF file attachment detected (file-identify.rules) * 1:52499 <-> DISABLED <-> FILE-IMAGE Adobe Photoshop Camera Raw plug-in TIFF image processing buffer underflow attempt (file-image.rules) * 1:52500 <-> DISABLED <-> FILE-IMAGE Adobe Photoshop Camera Raw plug-in TIFF image processing buffer underflow attempt (file-image.rules) * 1:17732 <-> ENABLED <-> FILE-IDENTIFY TIFF file download request (file-identify.rules) * 1:24463 <-> ENABLED <-> FILE-IDENTIFY TIFF file attachment detected (file-identify.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091101.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:52518 <-> ENABLED <-> MALWARE-TOOLS Win.Trojan.ReverseTcpPowershell download attempt (malware-tools.rules) * 1:52517 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.ReverseTcpPowershell connection attempt (indicator-compromise.rules) * 1:52520 <-> DISABLED <-> BROWSER-IE Microsoft Edge Chakra ProcessLinkFailedAsmJsModule type confusion attempt (browser-ie.rules) * 1:52524 <-> DISABLED <-> PROTOCOL-DNS dnsmasq crafted OPT record denial of service attempt (protocol-dns.rules) * 1:52515 <-> DISABLED <-> SERVER-WEBAPP Chimera Web Portal System cross site scripting attempt (server-webapp.rules) * 1:52521 <-> DISABLED <-> BROWSER-IE Microsoft Edge Chakra ProcessLinkFailedAsmJsModule type confusion attempt (browser-ie.rules) * 1:52523 <-> DISABLED <-> BROWSER-IE Microsoft Edge Chakra ProcessLinkFailedAsmJsModule type confusion attempt (browser-ie.rules) * 1:52514 <-> DISABLED <-> SERVER-WEBAPP Chimera Web Portal System cross site scripting attempt (server-webapp.rules) * 1:52522 <-> DISABLED <-> BROWSER-IE Microsoft Edge Chakra ProcessLinkFailedAsmJsModule type confusion attempt (browser-ie.rules) * 1:52516 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.ReverseTcpPowershell connection attempt (indicator-compromise.rules) * 1:52519 <-> ENABLED <-> MALWARE-TOOLS Win.Trojan.ReverseTcpPowershell download attempt (malware-tools.rules) * 3:52530 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager directory traversal attempt (server-webapp.rules) * 3:52535 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager directory traversal attempt (server-webapp.rules) * 3:52528 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager directory traversal attempt (server-webapp.rules) * 3:52538 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager directory traversal attempt (server-webapp.rules) * 3:52537 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager directory traversal attempt (server-webapp.rules) * 3:52532 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager directory traversal attempt (server-webapp.rules) * 3:52529 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager directory traversal attempt (server-webapp.rules) * 3:52546 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager LanFabricImpl createLanFabric command injection attempt (server-webapp.rules) * 3:52544 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager SQL injection attempt (server-webapp.rules) * 3:52533 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager directory traversal attempt (server-webapp.rules) * 3:52536 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager directory traversal attempt (server-webapp.rules) * 3:52534 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager directory traversal attempt (server-webapp.rules) * 3:52531 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager directory traversal attempt (server-webapp.rules) * 3:52525 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager XML external entity injection attempt (server-webapp.rules) * 3:52527 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager XML external entity injection attempt (server-webapp.rules) * 3:52545 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager directory traversal attempt (server-webapp.rules) * 3:52526 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager XML external entity injection attempt (server-webapp.rules) * 3:52547 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager SanWS importTS arbitrary file upload attempt (server-webapp.rules) * 3:52539 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager directory traversal attempt (server-webapp.rules) * 3:52540 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager directory traversal attempt (server-webapp.rules) * 3:52541 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager directory traversal attempt (server-webapp.rules) * 3:52542 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager displayServerInfos information disclosure attempt (server-webapp.rules) * 3:52543 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager SQL injection attempt (server-webapp.rules)
* 1:24463 <-> ENABLED <-> FILE-IDENTIFY TIFF file attachment detected (file-identify.rules) * 1:52500 <-> DISABLED <-> FILE-IMAGE Adobe Photoshop Camera Raw plug-in TIFF image processing buffer underflow attempt (file-image.rules) * 1:52499 <-> DISABLED <-> FILE-IMAGE Adobe Photoshop Camera Raw plug-in TIFF image processing buffer underflow attempt (file-image.rules) * 1:24464 <-> ENABLED <-> FILE-IDENTIFY TIFF file attachment detected (file-identify.rules) * 1:17732 <-> ENABLED <-> FILE-IDENTIFY TIFF file download request (file-identify.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3000.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:52520 <-> DISABLED <-> BROWSER-IE Microsoft Edge Chakra ProcessLinkFailedAsmJsModule type confusion attempt (snort3-browser-ie.rules) * 1:52523 <-> DISABLED <-> BROWSER-IE Microsoft Edge Chakra ProcessLinkFailedAsmJsModule type confusion attempt (snort3-browser-ie.rules) * 1:52519 <-> ENABLED <-> MALWARE-TOOLS Win.Trojan.ReverseTcpPowershell download attempt (snort3-malware-tools.rules) * 1:52515 <-> DISABLED <-> SERVER-WEBAPP Chimera Web Portal System cross site scripting attempt (snort3-server-webapp.rules) * 1:52517 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.ReverseTcpPowershell connection attempt (snort3-indicator-compromise.rules) * 1:52521 <-> DISABLED <-> BROWSER-IE Microsoft Edge Chakra ProcessLinkFailedAsmJsModule type confusion attempt (snort3-browser-ie.rules) * 1:52514 <-> DISABLED <-> SERVER-WEBAPP Chimera Web Portal System cross site scripting attempt (snort3-server-webapp.rules) * 1:52522 <-> DISABLED <-> BROWSER-IE Microsoft Edge Chakra ProcessLinkFailedAsmJsModule type confusion attempt (snort3-browser-ie.rules) * 1:52524 <-> DISABLED <-> PROTOCOL-DNS dnsmasq crafted OPT record denial of service attempt (snort3-protocol-dns.rules) * 1:52516 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.ReverseTcpPowershell connection attempt (snort3-indicator-compromise.rules) * 1:52518 <-> ENABLED <-> MALWARE-TOOLS Win.Trojan.ReverseTcpPowershell download attempt (snort3-malware-tools.rules)
* 1:24464 <-> ENABLED <-> FILE-IDENTIFY TIFF file attachment detected (snort3-file-identify.rules) * 1:52500 <-> DISABLED <-> FILE-IMAGE Adobe Photoshop Camera Raw plug-in TIFF image processing buffer underflow attempt (snort3-file-image.rules) * 1:17732 <-> ENABLED <-> FILE-IDENTIFY TIFF file download request (snort3-file-identify.rules) * 1:24463 <-> ENABLED <-> FILE-IDENTIFY TIFF file attachment detected (snort3-file-identify.rules) * 1:52499 <-> DISABLED <-> FILE-IMAGE Adobe Photoshop Camera Raw plug-in TIFF image processing buffer underflow attempt (snort3-file-image.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:52519 <-> ENABLED <-> MALWARE-TOOLS Win.Trojan.ReverseTcpPowershell download attempt (malware-tools.rules) * 1:52514 <-> DISABLED <-> SERVER-WEBAPP Chimera Web Portal System cross site scripting attempt (server-webapp.rules) * 1:52521 <-> DISABLED <-> BROWSER-IE Microsoft Edge Chakra ProcessLinkFailedAsmJsModule type confusion attempt (browser-ie.rules) * 1:52515 <-> DISABLED <-> SERVER-WEBAPP Chimera Web Portal System cross site scripting attempt (server-webapp.rules) * 1:52518 <-> ENABLED <-> MALWARE-TOOLS Win.Trojan.ReverseTcpPowershell download attempt (malware-tools.rules) * 1:52522 <-> DISABLED <-> BROWSER-IE Microsoft Edge Chakra ProcessLinkFailedAsmJsModule type confusion attempt (browser-ie.rules) * 1:52520 <-> DISABLED <-> BROWSER-IE Microsoft Edge Chakra ProcessLinkFailedAsmJsModule type confusion attempt (browser-ie.rules) * 1:52524 <-> DISABLED <-> PROTOCOL-DNS dnsmasq crafted OPT record denial of service attempt (protocol-dns.rules) * 1:52523 <-> DISABLED <-> BROWSER-IE Microsoft Edge Chakra ProcessLinkFailedAsmJsModule type confusion attempt (browser-ie.rules) * 1:52517 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.ReverseTcpPowershell connection attempt (indicator-compromise.rules) * 1:52516 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.ReverseTcpPowershell connection attempt (indicator-compromise.rules) * 3:52534 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager directory traversal attempt (server-webapp.rules) * 3:52535 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager directory traversal attempt (server-webapp.rules) * 3:52528 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager directory traversal attempt (server-webapp.rules) * 3:52526 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager XML external entity injection attempt (server-webapp.rules) * 3:52541 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager directory traversal attempt (server-webapp.rules) * 3:52537 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager directory traversal attempt (server-webapp.rules) * 3:52531 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager directory traversal attempt (server-webapp.rules) * 3:52533 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager directory traversal attempt (server-webapp.rules) * 3:52546 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager LanFabricImpl createLanFabric command injection attempt (server-webapp.rules) * 3:52527 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager XML external entity injection attempt (server-webapp.rules) * 3:52529 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager directory traversal attempt (server-webapp.rules) * 3:52539 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager directory traversal attempt (server-webapp.rules) * 3:52530 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager directory traversal attempt (server-webapp.rules) * 3:52545 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager directory traversal attempt (server-webapp.rules) * 3:52538 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager directory traversal attempt (server-webapp.rules) * 3:52540 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager directory traversal attempt (server-webapp.rules) * 3:52536 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager directory traversal attempt (server-webapp.rules) * 3:52544 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager SQL injection attempt (server-webapp.rules) * 3:52532 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager directory traversal attempt (server-webapp.rules) * 3:52547 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager SanWS importTS arbitrary file upload attempt (server-webapp.rules) * 3:52525 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager XML external entity injection attempt (server-webapp.rules) * 3:52542 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager displayServerInfos information disclosure attempt (server-webapp.rules) * 3:52543 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager SQL injection attempt (server-webapp.rules)
* 1:24463 <-> ENABLED <-> FILE-IDENTIFY TIFF file attachment detected (file-identify.rules) * 1:17732 <-> ENABLED <-> FILE-IDENTIFY TIFF file download request (file-identify.rules) * 1:24464 <-> ENABLED <-> FILE-IDENTIFY TIFF file attachment detected (file-identify.rules) * 1:52500 <-> DISABLED <-> FILE-IMAGE Adobe Photoshop Camera Raw plug-in TIFF image processing buffer underflow attempt (file-image.rules) * 1:52499 <-> DISABLED <-> FILE-IMAGE Adobe Photoshop Camera Raw plug-in TIFF image processing buffer underflow attempt (file-image.rules)
©2024 Cisco and/or its affiliates. Snort, the Snort and Pig logo are registered trademarks of Cisco. All rights reserved.
