Talos has added and modified multiple rules in the browser-firefox, file-identify, file-multimedia, file-pdf, malware-other, protocol-tftp, protocol-voip and server-webapp rule sets to provide coverage for emerging threats from these technologies.
For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091501.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:53581 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox potential use after free attempt (browser-firefox.rules) * 1:53580 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox potential use after free attempt (browser-firefox.rules) * 1:53579 <-> DISABLED <-> PROTOCOL-VOIP Asterisk Manager Interface Originate action arbitrary command execution attempt (protocol-voip.rules) * 1:53570 <-> ENABLED <-> FILE-IDENTIFY BIMx file magic detected (file-identify.rules) * 1:53569 <-> ENABLED <-> FILE-IDENTIFY BIMx file magic detected (file-identify.rules) * 1:53568 <-> DISABLED <-> SERVER-WEBAPP WordPress Plugin ThemeREX PHP code injection attempt (server-webapp.rules) * 1:53567 <-> DISABLED <-> SERVER-WEBAPP WordPress Plugin ThemeREX PHP code injection attempt (server-webapp.rules) * 1:53566 <-> DISABLED <-> SERVER-WEBAPP WordPress Plugin ThemeREX PHP code injection attempt (server-webapp.rules) * 1:53561 <-> DISABLED <-> SERVER-WEBAPP Wordpress GDPR Cookie Consent plugin cross-site scripting attempt (server-webapp.rules) * 1:53560 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generickdz-7648973-0 download attempt (malware-other.rules) * 1:53559 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generickdz-7648973-0 download attempt (malware-other.rules) * 1:53558 <-> ENABLED <-> SERVER-WEBAPP Codesys V3 WebVisu remote heap overflow attempt (server-webapp.rules) * 1:53557 <-> DISABLED <-> SERVER-OTHER Codesys V3 Gateway denial of service attempt (server-other.rules) * 1:53556 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Zbot-7647437-0 download attempt (malware-other.rules) * 1:53555 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Zbot-7647437-0 download attempt (malware-other.rules) * 3:53577 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2020-1032 attack attempt (file-multimedia.rules) * 3:53578 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2020-1032 attack attempt (file-multimedia.rules) * 3:53562 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2020-1030 attack attempt (server-other.rules) * 3:53563 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1031 attack attempt (file-pdf.rules) * 3:53575 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2020-1032 attack attempt (file-multimedia.rules) * 3:53576 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2020-1032 attack attempt (file-multimedia.rules) * 3:53573 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2020-1032 attack attempt (file-multimedia.rules) * 3:53574 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2020-1032 attack attempt (file-multimedia.rules) * 3:53571 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2020-1032 attack attempt (file-multimedia.rules) * 3:53572 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2020-1032 attack attempt (file-multimedia.rules) * 3:53564 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1031 attack attempt (file-pdf.rules) * 3:53565 <-> ENABLED <-> PROTOCOL-TFTP TRUFFLEHUNTER TALOS-2020-1029 attack attempt (protocol-tftp.rules)
* 1:53505 <-> DISABLED <-> SERVER-WEBAPP Horde Groupware Webmail data import PHP code injection attempt (server-webapp.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091500.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:53580 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox potential use after free attempt (browser-firefox.rules) * 1:53558 <-> ENABLED <-> SERVER-WEBAPP Codesys V3 WebVisu remote heap overflow attempt (server-webapp.rules) * 1:53581 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox potential use after free attempt (browser-firefox.rules) * 1:53567 <-> DISABLED <-> SERVER-WEBAPP WordPress Plugin ThemeREX PHP code injection attempt (server-webapp.rules) * 1:53568 <-> DISABLED <-> SERVER-WEBAPP WordPress Plugin ThemeREX PHP code injection attempt (server-webapp.rules) * 1:53569 <-> ENABLED <-> FILE-IDENTIFY BIMx file magic detected (file-identify.rules) * 1:53555 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Zbot-7647437-0 download attempt (malware-other.rules) * 1:53557 <-> DISABLED <-> SERVER-OTHER Codesys V3 Gateway denial of service attempt (server-other.rules) * 1:53556 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Zbot-7647437-0 download attempt (malware-other.rules) * 1:53560 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generickdz-7648973-0 download attempt (malware-other.rules) * 1:53561 <-> DISABLED <-> SERVER-WEBAPP Wordpress GDPR Cookie Consent plugin cross-site scripting attempt (server-webapp.rules) * 1:53566 <-> DISABLED <-> SERVER-WEBAPP WordPress Plugin ThemeREX PHP code injection attempt (server-webapp.rules) * 1:53559 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generickdz-7648973-0 download attempt (malware-other.rules) * 1:53579 <-> DISABLED <-> PROTOCOL-VOIP Asterisk Manager Interface Originate action arbitrary command execution attempt (protocol-voip.rules) * 1:53570 <-> ENABLED <-> FILE-IDENTIFY BIMx file magic detected (file-identify.rules) * 3:53577 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2020-1032 attack attempt (file-multimedia.rules) * 3:53578 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2020-1032 attack attempt (file-multimedia.rules) * 3:53572 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2020-1032 attack attempt (file-multimedia.rules) * 3:53571 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2020-1032 attack attempt (file-multimedia.rules) * 3:53564 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1031 attack attempt (file-pdf.rules) * 3:53565 <-> ENABLED <-> PROTOCOL-TFTP TRUFFLEHUNTER TALOS-2020-1029 attack attempt (protocol-tftp.rules) * 3:53562 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2020-1030 attack attempt (server-other.rules) * 3:53563 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1031 attack attempt (file-pdf.rules) * 3:53575 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2020-1032 attack attempt (file-multimedia.rules) * 3:53576 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2020-1032 attack attempt (file-multimedia.rules) * 3:53573 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2020-1032 attack attempt (file-multimedia.rules) * 3:53574 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2020-1032 attack attempt (file-multimedia.rules)
* 1:53505 <-> DISABLED <-> SERVER-WEBAPP Horde Groupware Webmail data import PHP code injection attempt (server-webapp.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091401.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:53560 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generickdz-7648973-0 download attempt (malware-other.rules) * 1:53569 <-> ENABLED <-> FILE-IDENTIFY BIMx file magic detected (file-identify.rules) * 1:53581 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox potential use after free attempt (browser-firefox.rules) * 1:53566 <-> DISABLED <-> SERVER-WEBAPP WordPress Plugin ThemeREX PHP code injection attempt (server-webapp.rules) * 1:53567 <-> DISABLED <-> SERVER-WEBAPP WordPress Plugin ThemeREX PHP code injection attempt (server-webapp.rules) * 1:53556 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Zbot-7647437-0 download attempt (malware-other.rules) * 1:53555 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Zbot-7647437-0 download attempt (malware-other.rules) * 1:53570 <-> ENABLED <-> FILE-IDENTIFY BIMx file magic detected (file-identify.rules) * 1:53558 <-> ENABLED <-> SERVER-WEBAPP Codesys V3 WebVisu remote heap overflow attempt (server-webapp.rules) * 1:53557 <-> DISABLED <-> SERVER-OTHER Codesys V3 Gateway denial of service attempt (server-other.rules) * 1:53568 <-> DISABLED <-> SERVER-WEBAPP WordPress Plugin ThemeREX PHP code injection attempt (server-webapp.rules) * 1:53579 <-> DISABLED <-> PROTOCOL-VOIP Asterisk Manager Interface Originate action arbitrary command execution attempt (protocol-voip.rules) * 1:53559 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generickdz-7648973-0 download attempt (malware-other.rules) * 1:53580 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox potential use after free attempt (browser-firefox.rules) * 1:53561 <-> DISABLED <-> SERVER-WEBAPP Wordpress GDPR Cookie Consent plugin cross-site scripting attempt (server-webapp.rules) * 3:53578 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2020-1032 attack attempt (file-multimedia.rules) * 3:53577 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2020-1032 attack attempt (file-multimedia.rules) * 3:53571 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2020-1032 attack attempt (file-multimedia.rules) * 3:53575 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2020-1032 attack attempt (file-multimedia.rules) * 3:53576 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2020-1032 attack attempt (file-multimedia.rules) * 3:53574 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2020-1032 attack attempt (file-multimedia.rules) * 3:53572 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2020-1032 attack attempt (file-multimedia.rules) * 3:53573 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2020-1032 attack attempt (file-multimedia.rules) * 3:53563 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1031 attack attempt (file-pdf.rules) * 3:53564 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1031 attack attempt (file-pdf.rules) * 3:53565 <-> ENABLED <-> PROTOCOL-TFTP TRUFFLEHUNTER TALOS-2020-1029 attack attempt (protocol-tftp.rules) * 3:53562 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2020-1030 attack attempt (server-other.rules)
* 1:53505 <-> DISABLED <-> SERVER-WEBAPP Horde Groupware Webmail data import PHP code injection attempt (server-webapp.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091300.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:53558 <-> ENABLED <-> SERVER-WEBAPP Codesys V3 WebVisu remote heap overflow attempt (server-webapp.rules) * 1:53581 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox potential use after free attempt (browser-firefox.rules) * 1:53568 <-> DISABLED <-> SERVER-WEBAPP WordPress Plugin ThemeREX PHP code injection attempt (server-webapp.rules) * 1:53580 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox potential use after free attempt (browser-firefox.rules) * 1:53579 <-> DISABLED <-> PROTOCOL-VOIP Asterisk Manager Interface Originate action arbitrary command execution attempt (protocol-voip.rules) * 1:53559 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generickdz-7648973-0 download attempt (malware-other.rules) * 1:53560 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generickdz-7648973-0 download attempt (malware-other.rules) * 1:53561 <-> DISABLED <-> SERVER-WEBAPP Wordpress GDPR Cookie Consent plugin cross-site scripting attempt (server-webapp.rules) * 1:53566 <-> DISABLED <-> SERVER-WEBAPP WordPress Plugin ThemeREX PHP code injection attempt (server-webapp.rules) * 1:53556 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Zbot-7647437-0 download attempt (malware-other.rules) * 1:53569 <-> ENABLED <-> FILE-IDENTIFY BIMx file magic detected (file-identify.rules) * 1:53567 <-> DISABLED <-> SERVER-WEBAPP WordPress Plugin ThemeREX PHP code injection attempt (server-webapp.rules) * 1:53570 <-> ENABLED <-> FILE-IDENTIFY BIMx file magic detected (file-identify.rules) * 1:53555 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Zbot-7647437-0 download attempt (malware-other.rules) * 1:53557 <-> DISABLED <-> SERVER-OTHER Codesys V3 Gateway denial of service attempt (server-other.rules) * 3:53577 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2020-1032 attack attempt (file-multimedia.rules) * 3:53578 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2020-1032 attack attempt (file-multimedia.rules) * 3:53562 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2020-1030 attack attempt (server-other.rules) * 3:53563 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1031 attack attempt (file-pdf.rules) * 3:53564 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1031 attack attempt (file-pdf.rules) * 3:53565 <-> ENABLED <-> PROTOCOL-TFTP TRUFFLEHUNTER TALOS-2020-1029 attack attempt (protocol-tftp.rules) * 3:53576 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2020-1032 attack attempt (file-multimedia.rules) * 3:53571 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2020-1032 attack attempt (file-multimedia.rules) * 3:53572 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2020-1032 attack attempt (file-multimedia.rules) * 3:53573 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2020-1032 attack attempt (file-multimedia.rules) * 3:53574 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2020-1032 attack attempt (file-multimedia.rules) * 3:53575 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2020-1032 attack attempt (file-multimedia.rules)
* 1:53505 <-> DISABLED <-> SERVER-WEBAPP Horde Groupware Webmail data import PHP code injection attempt (server-webapp.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091101.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:53569 <-> ENABLED <-> FILE-IDENTIFY BIMx file magic detected (file-identify.rules) * 1:53579 <-> DISABLED <-> PROTOCOL-VOIP Asterisk Manager Interface Originate action arbitrary command execution attempt (protocol-voip.rules) * 1:53570 <-> ENABLED <-> FILE-IDENTIFY BIMx file magic detected (file-identify.rules) * 1:53568 <-> DISABLED <-> SERVER-WEBAPP WordPress Plugin ThemeREX PHP code injection attempt (server-webapp.rules) * 1:53558 <-> ENABLED <-> SERVER-WEBAPP Codesys V3 WebVisu remote heap overflow attempt (server-webapp.rules) * 1:53567 <-> DISABLED <-> SERVER-WEBAPP WordPress Plugin ThemeREX PHP code injection attempt (server-webapp.rules) * 1:53581 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox potential use after free attempt (browser-firefox.rules) * 1:53559 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generickdz-7648973-0 download attempt (malware-other.rules) * 1:53560 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generickdz-7648973-0 download attempt (malware-other.rules) * 1:53555 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Zbot-7647437-0 download attempt (malware-other.rules) * 1:53557 <-> DISABLED <-> SERVER-OTHER Codesys V3 Gateway denial of service attempt (server-other.rules) * 1:53561 <-> DISABLED <-> SERVER-WEBAPP Wordpress GDPR Cookie Consent plugin cross-site scripting attempt (server-webapp.rules) * 1:53566 <-> DISABLED <-> SERVER-WEBAPP WordPress Plugin ThemeREX PHP code injection attempt (server-webapp.rules) * 1:53580 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox potential use after free attempt (browser-firefox.rules) * 1:53556 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Zbot-7647437-0 download attempt (malware-other.rules) * 3:53578 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2020-1032 attack attempt (file-multimedia.rules) * 3:53575 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2020-1032 attack attempt (file-multimedia.rules) * 3:53577 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2020-1032 attack attempt (file-multimedia.rules) * 3:53572 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2020-1032 attack attempt (file-multimedia.rules) * 3:53574 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2020-1032 attack attempt (file-multimedia.rules) * 3:53571 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2020-1032 attack attempt (file-multimedia.rules) * 3:53576 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2020-1032 attack attempt (file-multimedia.rules) * 3:53565 <-> ENABLED <-> PROTOCOL-TFTP TRUFFLEHUNTER TALOS-2020-1029 attack attempt (protocol-tftp.rules) * 3:53562 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2020-1030 attack attempt (server-other.rules) * 3:53573 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2020-1032 attack attempt (file-multimedia.rules) * 3:53563 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1031 attack attempt (file-pdf.rules) * 3:53564 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1031 attack attempt (file-pdf.rules)
* 1:53505 <-> DISABLED <-> SERVER-WEBAPP Horde Groupware Webmail data import PHP code injection attempt (server-webapp.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3000.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:53557 <-> DISABLED <-> SERVER-OTHER Codesys V3 Gateway denial of service attempt (snort3-server-other.rules) * 1:53570 <-> ENABLED <-> FILE-IDENTIFY BIMx file magic detected (snort3-file-identify.rules) * 1:53556 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Zbot-7647437-0 download attempt (snort3-malware-other.rules) * 1:53566 <-> DISABLED <-> SERVER-WEBAPP WordPress Plugin ThemeREX PHP code injection attempt (snort3-server-webapp.rules) * 1:53580 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox potential use after free attempt (snort3-browser-firefox.rules) * 1:53581 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox potential use after free attempt (snort3-browser-firefox.rules) * 1:53561 <-> DISABLED <-> SERVER-WEBAPP Wordpress GDPR Cookie Consent plugin cross-site scripting attempt (snort3-server-webapp.rules) * 1:53567 <-> DISABLED <-> SERVER-WEBAPP WordPress Plugin ThemeREX PHP code injection attempt (snort3-server-webapp.rules) * 1:53560 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generickdz-7648973-0 download attempt (snort3-malware-other.rules) * 1:53569 <-> ENABLED <-> FILE-IDENTIFY BIMx file magic detected (snort3-file-identify.rules) * 1:53555 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Zbot-7647437-0 download attempt (snort3-malware-other.rules) * 1:53568 <-> DISABLED <-> SERVER-WEBAPP WordPress Plugin ThemeREX PHP code injection attempt (snort3-server-webapp.rules) * 1:53559 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generickdz-7648973-0 download attempt (snort3-malware-other.rules) * 1:53558 <-> ENABLED <-> SERVER-WEBAPP Codesys V3 WebVisu remote heap overflow attempt (snort3-server-webapp.rules) * 1:53579 <-> DISABLED <-> PROTOCOL-VOIP Asterisk Manager Interface Originate action arbitrary command execution attempt (snort3-protocol-voip.rules)
* 1:53505 <-> DISABLED <-> SERVER-WEBAPP Horde Groupware Webmail data import PHP code injection attempt (snort3-server-webapp.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:53570 <-> ENABLED <-> FILE-IDENTIFY BIMx file magic detected (file-identify.rules) * 1:53580 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox potential use after free attempt (browser-firefox.rules) * 1:53579 <-> DISABLED <-> PROTOCOL-VOIP Asterisk Manager Interface Originate action arbitrary command execution attempt (protocol-voip.rules) * 1:53560 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generickdz-7648973-0 download attempt (malware-other.rules) * 1:53569 <-> ENABLED <-> FILE-IDENTIFY BIMx file magic detected (file-identify.rules) * 1:53566 <-> DISABLED <-> SERVER-WEBAPP WordPress Plugin ThemeREX PHP code injection attempt (server-webapp.rules) * 1:53581 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox potential use after free attempt (browser-firefox.rules) * 1:53561 <-> DISABLED <-> SERVER-WEBAPP Wordpress GDPR Cookie Consent plugin cross-site scripting attempt (server-webapp.rules) * 1:53568 <-> DISABLED <-> SERVER-WEBAPP WordPress Plugin ThemeREX PHP code injection attempt (server-webapp.rules) * 1:53555 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Zbot-7647437-0 download attempt (malware-other.rules) * 1:53556 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Zbot-7647437-0 download attempt (malware-other.rules) * 1:53557 <-> DISABLED <-> SERVER-OTHER Codesys V3 Gateway denial of service attempt (server-other.rules) * 1:53558 <-> ENABLED <-> SERVER-WEBAPP Codesys V3 WebVisu remote heap overflow attempt (server-webapp.rules) * 1:53567 <-> DISABLED <-> SERVER-WEBAPP WordPress Plugin ThemeREX PHP code injection attempt (server-webapp.rules) * 1:53559 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generickdz-7648973-0 download attempt (malware-other.rules) * 3:53577 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2020-1032 attack attempt (file-multimedia.rules) * 3:53578 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2020-1032 attack attempt (file-multimedia.rules) * 3:53562 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2020-1030 attack attempt (server-other.rules) * 3:53563 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1031 attack attempt (file-pdf.rules) * 3:53564 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1031 attack attempt (file-pdf.rules) * 3:53565 <-> ENABLED <-> PROTOCOL-TFTP TRUFFLEHUNTER TALOS-2020-1029 attack attempt (protocol-tftp.rules) * 3:53571 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2020-1032 attack attempt (file-multimedia.rules) * 3:53576 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2020-1032 attack attempt (file-multimedia.rules) * 3:53572 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2020-1032 attack attempt (file-multimedia.rules) * 3:53573 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2020-1032 attack attempt (file-multimedia.rules) * 3:53574 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2020-1032 attack attempt (file-multimedia.rules) * 3:53575 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2020-1032 attack attempt (file-multimedia.rules)
* 1:53505 <-> DISABLED <-> SERVER-WEBAPP Horde Groupware Webmail data import PHP code injection attempt (server-webapp.rules)
©2024 Cisco and/or its affiliates. Snort, the Snort and Pig logo are registered trademarks of Cisco. All rights reserved.
