Talos has added and modified multiple rules in the browser-ie, browser-other, browser-plugins, file-flash, file-multimedia, file-office, file-other, malware-cnc, malware-other, policy-other and server-webapp rule sets to provide coverage for emerging threats from these technologies.
For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091501.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:52990 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.VBGeneric-7565256-0 download attempt (malware-other.rules) * 1:52989 <-> ENABLED <-> BROWSER-IE Microsoft Edge scripting engine memory corruption attempt (browser-ie.rules) * 1:52988 <-> DISABLED <-> BROWSER-IE Microsoft Edge scripting engine memory corruption attempt (browser-ie.rules) * 1:52987 <-> ENABLED <-> BROWSER-IE Microsoft Edge scripting engine memory corruption attempt (browser-ie.rules) * 1:52986 <-> DISABLED <-> BROWSER-IE Microsoft Edge scripting engine memory corruption attempt (browser-ie.rules) * 1:52985 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer improper copy buffer access information disclosure attempt (browser-ie.rules) * 1:52984 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer improper copy buffer access information disclosure attempt (browser-ie.rules) * 1:52983 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Hyperbro variant payload download attempt (malware-other.rules) * 1:52982 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Hyperbro variant payload download attempt (malware-other.rules) * 1:52981 <-> DISABLED <-> FILE-MULTIMEDIA WM Downloader malformed .m3u file buffer overflow attempt (file-multimedia.rules) * 1:52999 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Agen-7564625-0 download attempt (malware-other.rules) * 1:52992 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Ponystealer-7564561-0 download attempt (malware-other.rules) * 1:52991 <-> DISABLED <-> BROWSER-OTHER Multiple products Content-Type HTTP header buffer overflow attempt (browser-other.rules) * 3:52993 <-> ENABLED <-> POLICY-OTHER Cisco Small Business Series Switches admin settings page access detected (policy-other.rules) * 3:52994 <-> ENABLED <-> POLICY-OTHER Cisco Small Business Series Switches device configuration page access detected (policy-other.rules) * 3:52995 <-> ENABLED <-> POLICY-OTHER Cisco Small Business Series Switches device configuration page access detected (policy-other.rules) * 3:52996 <-> ENABLED <-> SERVER-WEBAPP Cisco Small Business Series Switches information disclosure attempt (server-webapp.rules) * 3:52997 <-> ENABLED <-> SERVER-WEBAPP Cisco Small Business Series Switches cross site scripting attempt (server-webapp.rules) * 3:52998 <-> ENABLED <-> SERVER-WEBAPP Cisco Small Business Series Switches denial of service attempt (server-webapp.rules) * 3:53000 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-0983 attack attempt (file-other.rules) * 3:53001 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-0983 attack attempt (file-other.rules)
* 1:19066 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel with embedded Flash file attachment attempt (file-office.rules) * 1:37628 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt (file-flash.rules) * 1:35265 <-> DISABLED <-> FILE-FLASH Adobe Flash Player remote code execution attempt (file-flash.rules) * 1:19067 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel with embedded Flash file attachment attempt (file-office.rules) * 1:11824 <-> DISABLED <-> BROWSER-PLUGINS Yahoo Webcam Upload ActiveX function call access (browser-plugins.rules) * 1:19065 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel with embedded Flash file attachment attempt (file-office.rules) * 1:48770 <-> ENABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules) * 1:25240 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Menti variant inbound connection (malware-cnc.rules) * 1:35262 <-> DISABLED <-> FILE-FLASH Adobe Flash Player remote code execution attempt (file-flash.rules) * 1:19070 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel with embedded Flash file attachment attempt (file-office.rules) * 1:35261 <-> DISABLED <-> FILE-FLASH Adobe Flash Player remote code execution attempt (file-flash.rules) * 1:19069 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel with embedded Flash file attachment attempt (file-office.rules) * 1:37627 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt (file-flash.rules) * 1:19068 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel with embedded Flash file attachment attempt (file-office.rules) * 1:17328 <-> DISABLED <-> SERVER-MAIL Qualcomm WorldMail IMAP Literal Token Parsing Buffer Overflow (server-mail.rules) * 1:43543 <-> DISABLED <-> FILE-OTHER multiple vulnerabilities malformed .m3u file buffer overflow attempt (file-other.rules) * 1:11822 <-> DISABLED <-> BROWSER-PLUGINS Yahoo Webcam Upload ActiveX clsid access (browser-plugins.rules) * 1:35264 <-> DISABLED <-> FILE-FLASH Adobe Flash Player remote code execution attempt (file-flash.rules) * 1:48771 <-> ENABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091500.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:52984 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer improper copy buffer access information disclosure attempt (browser-ie.rules) * 1:52983 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Hyperbro variant payload download attempt (malware-other.rules) * 1:52981 <-> DISABLED <-> FILE-MULTIMEDIA WM Downloader malformed .m3u file buffer overflow attempt (file-multimedia.rules) * 1:52982 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Hyperbro variant payload download attempt (malware-other.rules) * 1:52999 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Agen-7564625-0 download attempt (malware-other.rules) * 1:52991 <-> DISABLED <-> BROWSER-OTHER Multiple products Content-Type HTTP header buffer overflow attempt (browser-other.rules) * 1:52992 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Ponystealer-7564561-0 download attempt (malware-other.rules) * 1:52989 <-> ENABLED <-> BROWSER-IE Microsoft Edge scripting engine memory corruption attempt (browser-ie.rules) * 1:52990 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.VBGeneric-7565256-0 download attempt (malware-other.rules) * 1:52987 <-> ENABLED <-> BROWSER-IE Microsoft Edge scripting engine memory corruption attempt (browser-ie.rules) * 1:52988 <-> DISABLED <-> BROWSER-IE Microsoft Edge scripting engine memory corruption attempt (browser-ie.rules) * 1:52985 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer improper copy buffer access information disclosure attempt (browser-ie.rules) * 1:52986 <-> DISABLED <-> BROWSER-IE Microsoft Edge scripting engine memory corruption attempt (browser-ie.rules) * 3:52993 <-> ENABLED <-> POLICY-OTHER Cisco Small Business Series Switches admin settings page access detected (policy-other.rules) * 3:52994 <-> ENABLED <-> POLICY-OTHER Cisco Small Business Series Switches device configuration page access detected (policy-other.rules) * 3:52995 <-> ENABLED <-> POLICY-OTHER Cisco Small Business Series Switches device configuration page access detected (policy-other.rules) * 3:52996 <-> ENABLED <-> SERVER-WEBAPP Cisco Small Business Series Switches information disclosure attempt (server-webapp.rules) * 3:52997 <-> ENABLED <-> SERVER-WEBAPP Cisco Small Business Series Switches cross site scripting attempt (server-webapp.rules) * 3:52998 <-> ENABLED <-> SERVER-WEBAPP Cisco Small Business Series Switches denial of service attempt (server-webapp.rules) * 3:53000 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-0983 attack attempt (file-other.rules) * 3:53001 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-0983 attack attempt (file-other.rules)
* 1:19067 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel with embedded Flash file attachment attempt (file-office.rules) * 1:37628 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt (file-flash.rules) * 1:17328 <-> DISABLED <-> SERVER-MAIL Qualcomm WorldMail IMAP Literal Token Parsing Buffer Overflow (server-mail.rules) * 1:19066 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel with embedded Flash file attachment attempt (file-office.rules) * 1:48770 <-> ENABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules) * 1:35262 <-> DISABLED <-> FILE-FLASH Adobe Flash Player remote code execution attempt (file-flash.rules) * 1:48771 <-> ENABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules) * 1:35261 <-> DISABLED <-> FILE-FLASH Adobe Flash Player remote code execution attempt (file-flash.rules) * 1:25240 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Menti variant inbound connection (malware-cnc.rules) * 1:19070 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel with embedded Flash file attachment attempt (file-office.rules) * 1:19068 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel with embedded Flash file attachment attempt (file-office.rules) * 1:11822 <-> DISABLED <-> BROWSER-PLUGINS Yahoo Webcam Upload ActiveX clsid access (browser-plugins.rules) * 1:11824 <-> DISABLED <-> BROWSER-PLUGINS Yahoo Webcam Upload ActiveX function call access (browser-plugins.rules) * 1:43543 <-> DISABLED <-> FILE-OTHER multiple vulnerabilities malformed .m3u file buffer overflow attempt (file-other.rules) * 1:35265 <-> DISABLED <-> FILE-FLASH Adobe Flash Player remote code execution attempt (file-flash.rules) * 1:19069 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel with embedded Flash file attachment attempt (file-office.rules) * 1:35264 <-> DISABLED <-> FILE-FLASH Adobe Flash Player remote code execution attempt (file-flash.rules) * 1:19065 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel with embedded Flash file attachment attempt (file-office.rules) * 1:37627 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt (file-flash.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091401.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:52992 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Ponystealer-7564561-0 download attempt (malware-other.rules) * 1:52991 <-> DISABLED <-> BROWSER-OTHER Multiple products Content-Type HTTP header buffer overflow attempt (browser-other.rules) * 1:52989 <-> ENABLED <-> BROWSER-IE Microsoft Edge scripting engine memory corruption attempt (browser-ie.rules) * 1:52990 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.VBGeneric-7565256-0 download attempt (malware-other.rules) * 1:52987 <-> ENABLED <-> BROWSER-IE Microsoft Edge scripting engine memory corruption attempt (browser-ie.rules) * 1:52988 <-> DISABLED <-> BROWSER-IE Microsoft Edge scripting engine memory corruption attempt (browser-ie.rules) * 1:52985 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer improper copy buffer access information disclosure attempt (browser-ie.rules) * 1:52986 <-> DISABLED <-> BROWSER-IE Microsoft Edge scripting engine memory corruption attempt (browser-ie.rules) * 1:52983 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Hyperbro variant payload download attempt (malware-other.rules) * 1:52984 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer improper copy buffer access information disclosure attempt (browser-ie.rules) * 1:52981 <-> DISABLED <-> FILE-MULTIMEDIA WM Downloader malformed .m3u file buffer overflow attempt (file-multimedia.rules) * 1:52982 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Hyperbro variant payload download attempt (malware-other.rules) * 1:52999 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Agen-7564625-0 download attempt (malware-other.rules) * 3:52993 <-> ENABLED <-> POLICY-OTHER Cisco Small Business Series Switches admin settings page access detected (policy-other.rules) * 3:52994 <-> ENABLED <-> POLICY-OTHER Cisco Small Business Series Switches device configuration page access detected (policy-other.rules) * 3:52995 <-> ENABLED <-> POLICY-OTHER Cisco Small Business Series Switches device configuration page access detected (policy-other.rules) * 3:52996 <-> ENABLED <-> SERVER-WEBAPP Cisco Small Business Series Switches information disclosure attempt (server-webapp.rules) * 3:52997 <-> ENABLED <-> SERVER-WEBAPP Cisco Small Business Series Switches cross site scripting attempt (server-webapp.rules) * 3:52998 <-> ENABLED <-> SERVER-WEBAPP Cisco Small Business Series Switches denial of service attempt (server-webapp.rules) * 3:53000 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-0983 attack attempt (file-other.rules) * 3:53001 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-0983 attack attempt (file-other.rules)
* 1:37628 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt (file-flash.rules) * 1:19067 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel with embedded Flash file attachment attempt (file-office.rules) * 1:19068 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel with embedded Flash file attachment attempt (file-office.rules) * 1:19070 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel with embedded Flash file attachment attempt (file-office.rules) * 1:19066 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel with embedded Flash file attachment attempt (file-office.rules) * 1:43543 <-> DISABLED <-> FILE-OTHER multiple vulnerabilities malformed .m3u file buffer overflow attempt (file-other.rules) * 1:11824 <-> DISABLED <-> BROWSER-PLUGINS Yahoo Webcam Upload ActiveX function call access (browser-plugins.rules) * 1:35262 <-> DISABLED <-> FILE-FLASH Adobe Flash Player remote code execution attempt (file-flash.rules) * 1:48770 <-> ENABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules) * 1:17328 <-> DISABLED <-> SERVER-MAIL Qualcomm WorldMail IMAP Literal Token Parsing Buffer Overflow (server-mail.rules) * 1:48771 <-> ENABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules) * 1:11822 <-> DISABLED <-> BROWSER-PLUGINS Yahoo Webcam Upload ActiveX clsid access (browser-plugins.rules) * 1:19069 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel with embedded Flash file attachment attempt (file-office.rules) * 1:19065 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel with embedded Flash file attachment attempt (file-office.rules) * 1:35265 <-> DISABLED <-> FILE-FLASH Adobe Flash Player remote code execution attempt (file-flash.rules) * 1:37627 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt (file-flash.rules) * 1:35264 <-> DISABLED <-> FILE-FLASH Adobe Flash Player remote code execution attempt (file-flash.rules) * 1:35261 <-> DISABLED <-> FILE-FLASH Adobe Flash Player remote code execution attempt (file-flash.rules) * 1:25240 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Menti variant inbound connection (malware-cnc.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091300.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:52991 <-> DISABLED <-> BROWSER-OTHER Multiple products Content-Type HTTP header buffer overflow attempt (browser-other.rules) * 1:52992 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Ponystealer-7564561-0 download attempt (malware-other.rules) * 1:52999 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Agen-7564625-0 download attempt (malware-other.rules) * 1:52990 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.VBGeneric-7565256-0 download attempt (malware-other.rules) * 1:52987 <-> ENABLED <-> BROWSER-IE Microsoft Edge scripting engine memory corruption attempt (browser-ie.rules) * 1:52988 <-> DISABLED <-> BROWSER-IE Microsoft Edge scripting engine memory corruption attempt (browser-ie.rules) * 1:52989 <-> ENABLED <-> BROWSER-IE Microsoft Edge scripting engine memory corruption attempt (browser-ie.rules) * 1:52986 <-> DISABLED <-> BROWSER-IE Microsoft Edge scripting engine memory corruption attempt (browser-ie.rules) * 1:52983 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Hyperbro variant payload download attempt (malware-other.rules) * 1:52984 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer improper copy buffer access information disclosure attempt (browser-ie.rules) * 1:52985 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer improper copy buffer access information disclosure attempt (browser-ie.rules) * 1:52982 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Hyperbro variant payload download attempt (malware-other.rules) * 1:52981 <-> DISABLED <-> FILE-MULTIMEDIA WM Downloader malformed .m3u file buffer overflow attempt (file-multimedia.rules) * 3:52993 <-> ENABLED <-> POLICY-OTHER Cisco Small Business Series Switches admin settings page access detected (policy-other.rules) * 3:52994 <-> ENABLED <-> POLICY-OTHER Cisco Small Business Series Switches device configuration page access detected (policy-other.rules) * 3:52995 <-> ENABLED <-> POLICY-OTHER Cisco Small Business Series Switches device configuration page access detected (policy-other.rules) * 3:52996 <-> ENABLED <-> SERVER-WEBAPP Cisco Small Business Series Switches information disclosure attempt (server-webapp.rules) * 3:52997 <-> ENABLED <-> SERVER-WEBAPP Cisco Small Business Series Switches cross site scripting attempt (server-webapp.rules) * 3:52998 <-> ENABLED <-> SERVER-WEBAPP Cisco Small Business Series Switches denial of service attempt (server-webapp.rules) * 3:53000 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-0983 attack attempt (file-other.rules) * 3:53001 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-0983 attack attempt (file-other.rules)
* 1:37628 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt (file-flash.rules) * 1:11824 <-> DISABLED <-> BROWSER-PLUGINS Yahoo Webcam Upload ActiveX function call access (browser-plugins.rules) * 1:17328 <-> DISABLED <-> SERVER-MAIL Qualcomm WorldMail IMAP Literal Token Parsing Buffer Overflow (server-mail.rules) * 1:19067 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel with embedded Flash file attachment attempt (file-office.rules) * 1:48770 <-> ENABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules) * 1:19068 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel with embedded Flash file attachment attempt (file-office.rules) * 1:19070 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel with embedded Flash file attachment attempt (file-office.rules) * 1:19069 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel with embedded Flash file attachment attempt (file-office.rules) * 1:48771 <-> ENABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules) * 1:35262 <-> DISABLED <-> FILE-FLASH Adobe Flash Player remote code execution attempt (file-flash.rules) * 1:19066 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel with embedded Flash file attachment attempt (file-office.rules) * 1:11822 <-> DISABLED <-> BROWSER-PLUGINS Yahoo Webcam Upload ActiveX clsid access (browser-plugins.rules) * 1:43543 <-> DISABLED <-> FILE-OTHER multiple vulnerabilities malformed .m3u file buffer overflow attempt (file-other.rules) * 1:25240 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Menti variant inbound connection (malware-cnc.rules) * 1:35264 <-> DISABLED <-> FILE-FLASH Adobe Flash Player remote code execution attempt (file-flash.rules) * 1:37627 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt (file-flash.rules) * 1:19065 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel with embedded Flash file attachment attempt (file-office.rules) * 1:35261 <-> DISABLED <-> FILE-FLASH Adobe Flash Player remote code execution attempt (file-flash.rules) * 1:35265 <-> DISABLED <-> FILE-FLASH Adobe Flash Player remote code execution attempt (file-flash.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091101.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:52984 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer improper copy buffer access information disclosure attempt (browser-ie.rules) * 1:52983 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Hyperbro variant payload download attempt (malware-other.rules) * 1:52985 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer improper copy buffer access information disclosure attempt (browser-ie.rules) * 1:52986 <-> DISABLED <-> BROWSER-IE Microsoft Edge scripting engine memory corruption attempt (browser-ie.rules) * 1:52981 <-> DISABLED <-> FILE-MULTIMEDIA WM Downloader malformed .m3u file buffer overflow attempt (file-multimedia.rules) * 1:52982 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Hyperbro variant payload download attempt (malware-other.rules) * 1:52991 <-> DISABLED <-> BROWSER-OTHER Multiple products Content-Type HTTP header buffer overflow attempt (browser-other.rules) * 1:52992 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Ponystealer-7564561-0 download attempt (malware-other.rules) * 1:52999 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Agen-7564625-0 download attempt (malware-other.rules) * 1:52987 <-> ENABLED <-> BROWSER-IE Microsoft Edge scripting engine memory corruption attempt (browser-ie.rules) * 1:52988 <-> DISABLED <-> BROWSER-IE Microsoft Edge scripting engine memory corruption attempt (browser-ie.rules) * 1:52989 <-> ENABLED <-> BROWSER-IE Microsoft Edge scripting engine memory corruption attempt (browser-ie.rules) * 1:52990 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.VBGeneric-7565256-0 download attempt (malware-other.rules) * 3:52993 <-> ENABLED <-> POLICY-OTHER Cisco Small Business Series Switches admin settings page access detected (policy-other.rules) * 3:52994 <-> ENABLED <-> POLICY-OTHER Cisco Small Business Series Switches device configuration page access detected (policy-other.rules) * 3:52995 <-> ENABLED <-> POLICY-OTHER Cisco Small Business Series Switches device configuration page access detected (policy-other.rules) * 3:52996 <-> ENABLED <-> SERVER-WEBAPP Cisco Small Business Series Switches information disclosure attempt (server-webapp.rules) * 3:52997 <-> ENABLED <-> SERVER-WEBAPP Cisco Small Business Series Switches cross site scripting attempt (server-webapp.rules) * 3:52998 <-> ENABLED <-> SERVER-WEBAPP Cisco Small Business Series Switches denial of service attempt (server-webapp.rules) * 3:53000 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-0983 attack attempt (file-other.rules) * 3:53001 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-0983 attack attempt (file-other.rules)
* 1:37628 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt (file-flash.rules) * 1:19068 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel with embedded Flash file attachment attempt (file-office.rules) * 1:19069 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel with embedded Flash file attachment attempt (file-office.rules) * 1:19066 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel with embedded Flash file attachment attempt (file-office.rules) * 1:19067 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel with embedded Flash file attachment attempt (file-office.rules) * 1:48770 <-> ENABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules) * 1:19070 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel with embedded Flash file attachment attempt (file-office.rules) * 1:11824 <-> DISABLED <-> BROWSER-PLUGINS Yahoo Webcam Upload ActiveX function call access (browser-plugins.rules) * 1:19065 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel with embedded Flash file attachment attempt (file-office.rules) * 1:35262 <-> DISABLED <-> FILE-FLASH Adobe Flash Player remote code execution attempt (file-flash.rules) * 1:48771 <-> ENABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules) * 1:11822 <-> DISABLED <-> BROWSER-PLUGINS Yahoo Webcam Upload ActiveX clsid access (browser-plugins.rules) * 1:17328 <-> DISABLED <-> SERVER-MAIL Qualcomm WorldMail IMAP Literal Token Parsing Buffer Overflow (server-mail.rules) * 1:43543 <-> DISABLED <-> FILE-OTHER multiple vulnerabilities malformed .m3u file buffer overflow attempt (file-other.rules) * 1:25240 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Menti variant inbound connection (malware-cnc.rules) * 1:35264 <-> DISABLED <-> FILE-FLASH Adobe Flash Player remote code execution attempt (file-flash.rules) * 1:37627 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt (file-flash.rules) * 1:35265 <-> DISABLED <-> FILE-FLASH Adobe Flash Player remote code execution attempt (file-flash.rules) * 1:35261 <-> DISABLED <-> FILE-FLASH Adobe Flash Player remote code execution attempt (file-flash.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3000.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:52982 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Hyperbro variant payload download attempt (snort3-malware-other.rules) * 1:52992 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Ponystealer-7564561-0 download attempt (snort3-malware-other.rules) * 1:52991 <-> DISABLED <-> BROWSER-OTHER Multiple products Content-Type HTTP header buffer overflow attempt (snort3-browser-other.rules) * 1:52989 <-> ENABLED <-> BROWSER-IE Microsoft Edge scripting engine memory corruption attempt (snort3-browser-ie.rules) * 1:52984 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer improper copy buffer access information disclosure attempt (snort3-browser-ie.rules) * 1:52983 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Hyperbro variant payload download attempt (snort3-malware-other.rules) * 1:52985 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer improper copy buffer access information disclosure attempt (snort3-browser-ie.rules) * 1:52986 <-> DISABLED <-> BROWSER-IE Microsoft Edge scripting engine memory corruption attempt (snort3-browser-ie.rules) * 1:52987 <-> ENABLED <-> BROWSER-IE Microsoft Edge scripting engine memory corruption attempt (snort3-browser-ie.rules) * 1:52988 <-> DISABLED <-> BROWSER-IE Microsoft Edge scripting engine memory corruption attempt (snort3-browser-ie.rules) * 1:52999 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Agen-7564625-0 download attempt (snort3-malware-other.rules) * 1:52981 <-> DISABLED <-> FILE-MULTIMEDIA WM Downloader malformed .m3u file buffer overflow attempt (snort3-file-multimedia.rules) * 1:52990 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.VBGeneric-7565256-0 download attempt (snort3-malware-other.rules)
* 1:11824 <-> DISABLED <-> BROWSER-PLUGINS Yahoo Webcam Upload ActiveX function call access (snort3-browser-plugins.rules) * 1:17328 <-> DISABLED <-> SERVER-MAIL Qualcomm WorldMail IMAP Literal Token Parsing Buffer Overflow (snort3-server-mail.rules) * 1:19067 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel with embedded Flash file attachment attempt (snort3-file-office.rules) * 1:35264 <-> DISABLED <-> FILE-FLASH Adobe Flash Player remote code execution attempt (snort3-file-flash.rules) * 1:19068 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel with embedded Flash file attachment attempt (snort3-file-office.rules) * 1:37628 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt (snort3-file-flash.rules) * 1:19069 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel with embedded Flash file attachment attempt (snort3-file-office.rules) * 1:35262 <-> DISABLED <-> FILE-FLASH Adobe Flash Player remote code execution attempt (snort3-file-flash.rules) * 1:19066 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel with embedded Flash file attachment attempt (snort3-file-office.rules) * 1:19070 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel with embedded Flash file attachment attempt (snort3-file-office.rules) * 1:19065 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel with embedded Flash file attachment attempt (snort3-file-office.rules) * 1:35265 <-> DISABLED <-> FILE-FLASH Adobe Flash Player remote code execution attempt (snort3-file-flash.rules) * 1:43543 <-> DISABLED <-> FILE-OTHER multiple vulnerabilities malformed .m3u file buffer overflow attempt (snort3-file-other.rules) * 1:35261 <-> DISABLED <-> FILE-FLASH Adobe Flash Player remote code execution attempt (snort3-file-flash.rules) * 1:25240 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Menti variant inbound connection (snort3-malware-cnc.rules) * 1:37627 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt (snort3-file-flash.rules) * 1:48770 <-> ENABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (snort3-browser-ie.rules) * 1:11822 <-> DISABLED <-> BROWSER-PLUGINS Yahoo Webcam Upload ActiveX clsid access (snort3-browser-plugins.rules) * 1:48771 <-> ENABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (snort3-browser-ie.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:52999 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Agen-7564625-0 download attempt (malware-other.rules) * 1:52989 <-> ENABLED <-> BROWSER-IE Microsoft Edge scripting engine memory corruption attempt (browser-ie.rules) * 1:52990 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.VBGeneric-7565256-0 download attempt (malware-other.rules) * 1:52985 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer improper copy buffer access information disclosure attempt (browser-ie.rules) * 1:52981 <-> DISABLED <-> FILE-MULTIMEDIA WM Downloader malformed .m3u file buffer overflow attempt (file-multimedia.rules) * 1:52982 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Hyperbro variant payload download attempt (malware-other.rules) * 1:52987 <-> ENABLED <-> BROWSER-IE Microsoft Edge scripting engine memory corruption attempt (browser-ie.rules) * 1:52986 <-> DISABLED <-> BROWSER-IE Microsoft Edge scripting engine memory corruption attempt (browser-ie.rules) * 1:52983 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Hyperbro variant payload download attempt (malware-other.rules) * 1:52991 <-> DISABLED <-> BROWSER-OTHER Multiple products Content-Type HTTP header buffer overflow attempt (browser-other.rules) * 1:52992 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Ponystealer-7564561-0 download attempt (malware-other.rules) * 1:52984 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer improper copy buffer access information disclosure attempt (browser-ie.rules) * 1:52988 <-> DISABLED <-> BROWSER-IE Microsoft Edge scripting engine memory corruption attempt (browser-ie.rules) * 3:52993 <-> ENABLED <-> POLICY-OTHER Cisco Small Business Series Switches admin settings page access detected (policy-other.rules) * 3:52994 <-> ENABLED <-> POLICY-OTHER Cisco Small Business Series Switches device configuration page access detected (policy-other.rules) * 3:52995 <-> ENABLED <-> POLICY-OTHER Cisco Small Business Series Switches device configuration page access detected (policy-other.rules) * 3:52996 <-> ENABLED <-> SERVER-WEBAPP Cisco Small Business Series Switches information disclosure attempt (server-webapp.rules) * 3:52997 <-> ENABLED <-> SERVER-WEBAPP Cisco Small Business Series Switches cross site scripting attempt (server-webapp.rules) * 3:52998 <-> ENABLED <-> SERVER-WEBAPP Cisco Small Business Series Switches denial of service attempt (server-webapp.rules) * 3:53000 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-0983 attack attempt (file-other.rules) * 3:53001 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-0983 attack attempt (file-other.rules)
* 1:11824 <-> DISABLED <-> BROWSER-PLUGINS Yahoo Webcam Upload ActiveX function call access (browser-plugins.rules) * 1:17328 <-> DISABLED <-> SERVER-MAIL Qualcomm WorldMail IMAP Literal Token Parsing Buffer Overflow (server-mail.rules) * 1:43543 <-> DISABLED <-> FILE-OTHER multiple vulnerabilities malformed .m3u file buffer overflow attempt (file-other.rules) * 1:19068 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel with embedded Flash file attachment attempt (file-office.rules) * 1:11822 <-> DISABLED <-> BROWSER-PLUGINS Yahoo Webcam Upload ActiveX clsid access (browser-plugins.rules) * 1:19069 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel with embedded Flash file attachment attempt (file-office.rules) * 1:37627 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt (file-flash.rules) * 1:35262 <-> DISABLED <-> FILE-FLASH Adobe Flash Player remote code execution attempt (file-flash.rules) * 1:37628 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt (file-flash.rules) * 1:19065 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel with embedded Flash file attachment attempt (file-office.rules) * 1:48770 <-> ENABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules) * 1:35265 <-> DISABLED <-> FILE-FLASH Adobe Flash Player remote code execution attempt (file-flash.rules) * 1:35264 <-> DISABLED <-> FILE-FLASH Adobe Flash Player remote code execution attempt (file-flash.rules) * 1:19067 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel with embedded Flash file attachment attempt (file-office.rules) * 1:19066 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel with embedded Flash file attachment attempt (file-office.rules) * 1:25240 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Menti variant inbound connection (malware-cnc.rules) * 1:35261 <-> DISABLED <-> FILE-FLASH Adobe Flash Player remote code execution attempt (file-flash.rules) * 1:48771 <-> ENABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules) * 1:19070 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel with embedded Flash file attachment attempt (file-office.rules)
©2024 Cisco and/or its affiliates. Snort, the Snort and Pig logo are registered trademarks of Cisco. All rights reserved.
