Talos has added and modified multiple rules in the file-other, malware-other, policy-other, pua-adware and server-webapp rule sets to provide coverage for emerging threats from these technologies.
For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091600.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:54307 <-> ENABLED <-> PUA-ADWARE Js.Adware.Agent variant redirect attempt (pua-adware.rules) * 1:54306 <-> DISABLED <-> POLICY-OTHER Novell ZENworks Configuration Management session id disclosure attempt (policy-other.rules) * 1:54305 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Nanocore-8030566-0 download attempt (malware-other.rules) * 1:54304 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Nanocore-8030566-0 download attempt (malware-other.rules) * 1:54303 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-8027829-0 download attempt (malware-other.rules) * 1:54302 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-8027829-0 download attempt (malware-other.rules) * 1:54301 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Bladabindi-8025641-0 download attempt (malware-other.rules) * 1:54300 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Bladabindi-8025641-0 download attempt (malware-other.rules) * 1:54299 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Tinba-8025802-0 download attempt (malware-other.rules) * 1:54298 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Tinba-8025802-0 download attempt (malware-other.rules) * 3:54315 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1094 attack attempt (file-other.rules) * 3:54314 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1094 attack attempt (file-other.rules) * 3:54308 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1094 attack attempt (file-other.rules) * 3:54309 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1094 attack attempt (file-other.rules) * 3:54310 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1094 attack attempt (file-other.rules) * 3:54311 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1094 attack attempt (file-other.rules) * 3:54312 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1094 attack attempt (file-other.rules) * 3:54313 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1094 attack attempt (file-other.rules)
* 1:20656 <-> DISABLED <-> SERVER-WEBAPP GestArtremote file include in aide.php3 aide (server-webapp.rules) * 1:42093 <-> DISABLED <-> POLICY-OTHER NetBiter WebSCADA ws100/ws200 file read attempt (policy-other.rules) * 1:20654 <-> DISABLED <-> SERVER-WEBAPP GrapAgenda remote file include in index.php page (server-webapp.rules) * 1:20651 <-> DISABLED <-> SERVER-WEBAPP Modernbill remote file include in config.php DIR (server-webapp.rules) * 1:46428 <-> DISABLED <-> SERVER-APACHE Apache mod_http2 NULL pointer dereference attempt (server-apache.rules) * 1:20650 <-> DISABLED <-> SERVER-WEBAPP MyNewsGroups remote file include in layersmenu.inc.php myng_root (server-webapp.rules) * 1:20663 <-> DISABLED <-> SERVER-WEBAPP Comet WebFileManager remote file include in CheckUpload.php Language (server-webapp.rules) * 1:46316 <-> ENABLED <-> SERVER-WEBAPP Drupal 8 remote code execution attempt (server-webapp.rules) * 1:20640 <-> DISABLED <-> SERVER-WEBAPP VEGO Web Forum SQL injection in login.php username attempt (server-webapp.rules) * 1:20652 <-> DISABLED <-> SERVER-WEBAPP ME Download System remote file include in header.php Vb8878b936c2bd8ae0cab (server-webapp.rules) * 1:20657 <-> DISABLED <-> SERVER-WEBAPP Free File Hosting remote file include in forgot_pass.php ad_body_temp (server-webapp.rules) * 1:42094 <-> DISABLED <-> SERVER-WEBAPP NetBiter WebSCADA ws100/ws200 information gathering attempt (server-webapp.rules) * 1:20643 <-> DISABLED <-> SERVER-WEBAPP ScozBook SQL injection in auth.php adminname attempt (server-webapp.rules) * 1:34584 <-> DISABLED <-> POLICY-OTHER Novell ZENworks Configuration Management session id disclosure attempt (policy-other.rules) * 1:42095 <-> DISABLED <-> SERVER-WEBAPP NetBiter WebSCADA ws100/ws200 directory traversal attempt (server-webapp.rules) * 1:42092 <-> DISABLED <-> POLICY-OTHER NetBiter WebSCADA ws100/ws200 logo modification attempt (policy-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091501.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:54300 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Bladabindi-8025641-0 download attempt (malware-other.rules) * 1:54305 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Nanocore-8030566-0 download attempt (malware-other.rules) * 1:54301 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Bladabindi-8025641-0 download attempt (malware-other.rules) * 1:54303 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-8027829-0 download attempt (malware-other.rules) * 1:54306 <-> DISABLED <-> POLICY-OTHER Novell ZENworks Configuration Management session id disclosure attempt (policy-other.rules) * 1:54298 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Tinba-8025802-0 download attempt (malware-other.rules) * 1:54302 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-8027829-0 download attempt (malware-other.rules) * 1:54299 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Tinba-8025802-0 download attempt (malware-other.rules) * 1:54304 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Nanocore-8030566-0 download attempt (malware-other.rules) * 1:54307 <-> ENABLED <-> PUA-ADWARE Js.Adware.Agent variant redirect attempt (pua-adware.rules) * 3:54314 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1094 attack attempt (file-other.rules) * 3:54315 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1094 attack attempt (file-other.rules) * 3:54308 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1094 attack attempt (file-other.rules) * 3:54309 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1094 attack attempt (file-other.rules) * 3:54310 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1094 attack attempt (file-other.rules) * 3:54313 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1094 attack attempt (file-other.rules) * 3:54311 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1094 attack attempt (file-other.rules) * 3:54312 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1094 attack attempt (file-other.rules)
* 1:20656 <-> DISABLED <-> SERVER-WEBAPP GestArtremote file include in aide.php3 aide (server-webapp.rules) * 1:42094 <-> DISABLED <-> SERVER-WEBAPP NetBiter WebSCADA ws100/ws200 information gathering attempt (server-webapp.rules) * 1:42093 <-> DISABLED <-> POLICY-OTHER NetBiter WebSCADA ws100/ws200 file read attempt (policy-other.rules) * 1:42092 <-> DISABLED <-> POLICY-OTHER NetBiter WebSCADA ws100/ws200 logo modification attempt (policy-other.rules) * 1:20650 <-> DISABLED <-> SERVER-WEBAPP MyNewsGroups remote file include in layersmenu.inc.php myng_root (server-webapp.rules) * 1:20651 <-> DISABLED <-> SERVER-WEBAPP Modernbill remote file include in config.php DIR (server-webapp.rules) * 1:20643 <-> DISABLED <-> SERVER-WEBAPP ScozBook SQL injection in auth.php adminname attempt (server-webapp.rules) * 1:46316 <-> ENABLED <-> SERVER-WEBAPP Drupal 8 remote code execution attempt (server-webapp.rules) * 1:20654 <-> DISABLED <-> SERVER-WEBAPP GrapAgenda remote file include in index.php page (server-webapp.rules) * 1:20663 <-> DISABLED <-> SERVER-WEBAPP Comet WebFileManager remote file include in CheckUpload.php Language (server-webapp.rules) * 1:42095 <-> DISABLED <-> SERVER-WEBAPP NetBiter WebSCADA ws100/ws200 directory traversal attempt (server-webapp.rules) * 1:20657 <-> DISABLED <-> SERVER-WEBAPP Free File Hosting remote file include in forgot_pass.php ad_body_temp (server-webapp.rules) * 1:20640 <-> DISABLED <-> SERVER-WEBAPP VEGO Web Forum SQL injection in login.php username attempt (server-webapp.rules) * 1:20652 <-> DISABLED <-> SERVER-WEBAPP ME Download System remote file include in header.php Vb8878b936c2bd8ae0cab (server-webapp.rules) * 1:34584 <-> DISABLED <-> POLICY-OTHER Novell ZENworks Configuration Management session id disclosure attempt (policy-other.rules) * 1:46428 <-> DISABLED <-> SERVER-APACHE Apache mod_http2 NULL pointer dereference attempt (server-apache.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091500.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:54298 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Tinba-8025802-0 download attempt (malware-other.rules) * 1:54300 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Bladabindi-8025641-0 download attempt (malware-other.rules) * 1:54302 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-8027829-0 download attempt (malware-other.rules) * 1:54306 <-> DISABLED <-> POLICY-OTHER Novell ZENworks Configuration Management session id disclosure attempt (policy-other.rules) * 1:54301 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Bladabindi-8025641-0 download attempt (malware-other.rules) * 1:54307 <-> ENABLED <-> PUA-ADWARE Js.Adware.Agent variant redirect attempt (pua-adware.rules) * 1:54299 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Tinba-8025802-0 download attempt (malware-other.rules) * 1:54303 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-8027829-0 download attempt (malware-other.rules) * 1:54305 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Nanocore-8030566-0 download attempt (malware-other.rules) * 1:54304 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Nanocore-8030566-0 download attempt (malware-other.rules) * 3:54315 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1094 attack attempt (file-other.rules) * 3:54314 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1094 attack attempt (file-other.rules) * 3:54308 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1094 attack attempt (file-other.rules) * 3:54309 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1094 attack attempt (file-other.rules) * 3:54313 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1094 attack attempt (file-other.rules) * 3:54310 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1094 attack attempt (file-other.rules) * 3:54311 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1094 attack attempt (file-other.rules) * 3:54312 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1094 attack attempt (file-other.rules)
* 1:42094 <-> DISABLED <-> SERVER-WEBAPP NetBiter WebSCADA ws100/ws200 information gathering attempt (server-webapp.rules) * 1:20650 <-> DISABLED <-> SERVER-WEBAPP MyNewsGroups remote file include in layersmenu.inc.php myng_root (server-webapp.rules) * 1:20657 <-> DISABLED <-> SERVER-WEBAPP Free File Hosting remote file include in forgot_pass.php ad_body_temp (server-webapp.rules) * 1:20643 <-> DISABLED <-> SERVER-WEBAPP ScozBook SQL injection in auth.php adminname attempt (server-webapp.rules) * 1:20654 <-> DISABLED <-> SERVER-WEBAPP GrapAgenda remote file include in index.php page (server-webapp.rules) * 1:42093 <-> DISABLED <-> POLICY-OTHER NetBiter WebSCADA ws100/ws200 file read attempt (policy-other.rules) * 1:20652 <-> DISABLED <-> SERVER-WEBAPP ME Download System remote file include in header.php Vb8878b936c2bd8ae0cab (server-webapp.rules) * 1:42095 <-> DISABLED <-> SERVER-WEBAPP NetBiter WebSCADA ws100/ws200 directory traversal attempt (server-webapp.rules) * 1:20640 <-> DISABLED <-> SERVER-WEBAPP VEGO Web Forum SQL injection in login.php username attempt (server-webapp.rules) * 1:20663 <-> DISABLED <-> SERVER-WEBAPP Comet WebFileManager remote file include in CheckUpload.php Language (server-webapp.rules) * 1:46316 <-> ENABLED <-> SERVER-WEBAPP Drupal 8 remote code execution attempt (server-webapp.rules) * 1:20656 <-> DISABLED <-> SERVER-WEBAPP GestArtremote file include in aide.php3 aide (server-webapp.rules) * 1:42092 <-> DISABLED <-> POLICY-OTHER NetBiter WebSCADA ws100/ws200 logo modification attempt (policy-other.rules) * 1:34584 <-> DISABLED <-> POLICY-OTHER Novell ZENworks Configuration Management session id disclosure attempt (policy-other.rules) * 1:46428 <-> DISABLED <-> SERVER-APACHE Apache mod_http2 NULL pointer dereference attempt (server-apache.rules) * 1:20651 <-> DISABLED <-> SERVER-WEBAPP Modernbill remote file include in config.php DIR (server-webapp.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091401.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:54299 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Tinba-8025802-0 download attempt (malware-other.rules) * 1:54300 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Bladabindi-8025641-0 download attempt (malware-other.rules) * 1:54301 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Bladabindi-8025641-0 download attempt (malware-other.rules) * 1:54302 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-8027829-0 download attempt (malware-other.rules) * 1:54303 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-8027829-0 download attempt (malware-other.rules) * 1:54298 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Tinba-8025802-0 download attempt (malware-other.rules) * 1:54304 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Nanocore-8030566-0 download attempt (malware-other.rules) * 1:54305 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Nanocore-8030566-0 download attempt (malware-other.rules) * 1:54306 <-> DISABLED <-> POLICY-OTHER Novell ZENworks Configuration Management session id disclosure attempt (policy-other.rules) * 1:54307 <-> ENABLED <-> PUA-ADWARE Js.Adware.Agent variant redirect attempt (pua-adware.rules) * 3:54314 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1094 attack attempt (file-other.rules) * 3:54315 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1094 attack attempt (file-other.rules) * 3:54308 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1094 attack attempt (file-other.rules) * 3:54309 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1094 attack attempt (file-other.rules) * 3:54313 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1094 attack attempt (file-other.rules) * 3:54310 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1094 attack attempt (file-other.rules) * 3:54311 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1094 attack attempt (file-other.rules) * 3:54312 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1094 attack attempt (file-other.rules)
* 1:20643 <-> DISABLED <-> SERVER-WEBAPP ScozBook SQL injection in auth.php adminname attempt (server-webapp.rules) * 1:20656 <-> DISABLED <-> SERVER-WEBAPP GestArtremote file include in aide.php3 aide (server-webapp.rules) * 1:20657 <-> DISABLED <-> SERVER-WEBAPP Free File Hosting remote file include in forgot_pass.php ad_body_temp (server-webapp.rules) * 1:20663 <-> DISABLED <-> SERVER-WEBAPP Comet WebFileManager remote file include in CheckUpload.php Language (server-webapp.rules) * 1:34584 <-> DISABLED <-> POLICY-OTHER Novell ZENworks Configuration Management session id disclosure attempt (policy-other.rules) * 1:20650 <-> DISABLED <-> SERVER-WEBAPP MyNewsGroups remote file include in layersmenu.inc.php myng_root (server-webapp.rules) * 1:46428 <-> DISABLED <-> SERVER-APACHE Apache mod_http2 NULL pointer dereference attempt (server-apache.rules) * 1:46316 <-> ENABLED <-> SERVER-WEBAPP Drupal 8 remote code execution attempt (server-webapp.rules) * 1:42093 <-> DISABLED <-> POLICY-OTHER NetBiter WebSCADA ws100/ws200 file read attempt (policy-other.rules) * 1:20651 <-> DISABLED <-> SERVER-WEBAPP Modernbill remote file include in config.php DIR (server-webapp.rules) * 1:20640 <-> DISABLED <-> SERVER-WEBAPP VEGO Web Forum SQL injection in login.php username attempt (server-webapp.rules) * 1:42095 <-> DISABLED <-> SERVER-WEBAPP NetBiter WebSCADA ws100/ws200 directory traversal attempt (server-webapp.rules) * 1:42094 <-> DISABLED <-> SERVER-WEBAPP NetBiter WebSCADA ws100/ws200 information gathering attempt (server-webapp.rules) * 1:42092 <-> DISABLED <-> POLICY-OTHER NetBiter WebSCADA ws100/ws200 logo modification attempt (policy-other.rules) * 1:20654 <-> DISABLED <-> SERVER-WEBAPP GrapAgenda remote file include in index.php page (server-webapp.rules) * 1:20652 <-> DISABLED <-> SERVER-WEBAPP ME Download System remote file include in header.php Vb8878b936c2bd8ae0cab (server-webapp.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091300.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:54299 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Tinba-8025802-0 download attempt (malware-other.rules) * 1:54300 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Bladabindi-8025641-0 download attempt (malware-other.rules) * 1:54301 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Bladabindi-8025641-0 download attempt (malware-other.rules) * 1:54302 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-8027829-0 download attempt (malware-other.rules) * 1:54303 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-8027829-0 download attempt (malware-other.rules) * 1:54304 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Nanocore-8030566-0 download attempt (malware-other.rules) * 1:54305 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Nanocore-8030566-0 download attempt (malware-other.rules) * 1:54298 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Tinba-8025802-0 download attempt (malware-other.rules) * 1:54306 <-> DISABLED <-> POLICY-OTHER Novell ZENworks Configuration Management session id disclosure attempt (policy-other.rules) * 1:54307 <-> ENABLED <-> PUA-ADWARE Js.Adware.Agent variant redirect attempt (pua-adware.rules) * 3:54314 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1094 attack attempt (file-other.rules) * 3:54315 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1094 attack attempt (file-other.rules) * 3:54313 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1094 attack attempt (file-other.rules) * 3:54308 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1094 attack attempt (file-other.rules) * 3:54309 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1094 attack attempt (file-other.rules) * 3:54310 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1094 attack attempt (file-other.rules) * 3:54311 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1094 attack attempt (file-other.rules) * 3:54312 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1094 attack attempt (file-other.rules)
* 1:20657 <-> DISABLED <-> SERVER-WEBAPP Free File Hosting remote file include in forgot_pass.php ad_body_temp (server-webapp.rules) * 1:20643 <-> DISABLED <-> SERVER-WEBAPP ScozBook SQL injection in auth.php adminname attempt (server-webapp.rules) * 1:20656 <-> DISABLED <-> SERVER-WEBAPP GestArtremote file include in aide.php3 aide (server-webapp.rules) * 1:20650 <-> DISABLED <-> SERVER-WEBAPP MyNewsGroups remote file include in layersmenu.inc.php myng_root (server-webapp.rules) * 1:42092 <-> DISABLED <-> POLICY-OTHER NetBiter WebSCADA ws100/ws200 logo modification attempt (policy-other.rules) * 1:20651 <-> DISABLED <-> SERVER-WEBAPP Modernbill remote file include in config.php DIR (server-webapp.rules) * 1:20663 <-> DISABLED <-> SERVER-WEBAPP Comet WebFileManager remote file include in CheckUpload.php Language (server-webapp.rules) * 1:46316 <-> ENABLED <-> SERVER-WEBAPP Drupal 8 remote code execution attempt (server-webapp.rules) * 1:34584 <-> DISABLED <-> POLICY-OTHER Novell ZENworks Configuration Management session id disclosure attempt (policy-other.rules) * 1:42094 <-> DISABLED <-> SERVER-WEBAPP NetBiter WebSCADA ws100/ws200 information gathering attempt (server-webapp.rules) * 1:20654 <-> DISABLED <-> SERVER-WEBAPP GrapAgenda remote file include in index.php page (server-webapp.rules) * 1:20640 <-> DISABLED <-> SERVER-WEBAPP VEGO Web Forum SQL injection in login.php username attempt (server-webapp.rules) * 1:20652 <-> DISABLED <-> SERVER-WEBAPP ME Download System remote file include in header.php Vb8878b936c2bd8ae0cab (server-webapp.rules) * 1:46428 <-> DISABLED <-> SERVER-APACHE Apache mod_http2 NULL pointer dereference attempt (server-apache.rules) * 1:42095 <-> DISABLED <-> SERVER-WEBAPP NetBiter WebSCADA ws100/ws200 directory traversal attempt (server-webapp.rules) * 1:42093 <-> DISABLED <-> POLICY-OTHER NetBiter WebSCADA ws100/ws200 file read attempt (policy-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091101.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:54299 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Tinba-8025802-0 download attempt (malware-other.rules) * 1:54300 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Bladabindi-8025641-0 download attempt (malware-other.rules) * 1:54301 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Bladabindi-8025641-0 download attempt (malware-other.rules) * 1:54302 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-8027829-0 download attempt (malware-other.rules) * 1:54303 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-8027829-0 download attempt (malware-other.rules) * 1:54304 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Nanocore-8030566-0 download attempt (malware-other.rules) * 1:54305 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Nanocore-8030566-0 download attempt (malware-other.rules) * 1:54306 <-> DISABLED <-> POLICY-OTHER Novell ZENworks Configuration Management session id disclosure attempt (policy-other.rules) * 1:54307 <-> ENABLED <-> PUA-ADWARE Js.Adware.Agent variant redirect attempt (pua-adware.rules) * 1:54298 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Tinba-8025802-0 download attempt (malware-other.rules) * 3:54315 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1094 attack attempt (file-other.rules) * 3:54314 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1094 attack attempt (file-other.rules) * 3:54308 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1094 attack attempt (file-other.rules) * 3:54309 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1094 attack attempt (file-other.rules) * 3:54310 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1094 attack attempt (file-other.rules) * 3:54311 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1094 attack attempt (file-other.rules) * 3:54312 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1094 attack attempt (file-other.rules) * 3:54313 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1094 attack attempt (file-other.rules)
* 1:20657 <-> DISABLED <-> SERVER-WEBAPP Free File Hosting remote file include in forgot_pass.php ad_body_temp (server-webapp.rules) * 1:46316 <-> ENABLED <-> SERVER-WEBAPP Drupal 8 remote code execution attempt (server-webapp.rules) * 1:20643 <-> DISABLED <-> SERVER-WEBAPP ScozBook SQL injection in auth.php adminname attempt (server-webapp.rules) * 1:20656 <-> DISABLED <-> SERVER-WEBAPP GestArtremote file include in aide.php3 aide (server-webapp.rules) * 1:20650 <-> DISABLED <-> SERVER-WEBAPP MyNewsGroups remote file include in layersmenu.inc.php myng_root (server-webapp.rules) * 1:42095 <-> DISABLED <-> SERVER-WEBAPP NetBiter WebSCADA ws100/ws200 directory traversal attempt (server-webapp.rules) * 1:20663 <-> DISABLED <-> SERVER-WEBAPP Comet WebFileManager remote file include in CheckUpload.php Language (server-webapp.rules) * 1:34584 <-> DISABLED <-> POLICY-OTHER Novell ZENworks Configuration Management session id disclosure attempt (policy-other.rules) * 1:20654 <-> DISABLED <-> SERVER-WEBAPP GrapAgenda remote file include in index.php page (server-webapp.rules) * 1:42093 <-> DISABLED <-> POLICY-OTHER NetBiter WebSCADA ws100/ws200 file read attempt (policy-other.rules) * 1:20640 <-> DISABLED <-> SERVER-WEBAPP VEGO Web Forum SQL injection in login.php username attempt (server-webapp.rules) * 1:42094 <-> DISABLED <-> SERVER-WEBAPP NetBiter WebSCADA ws100/ws200 information gathering attempt (server-webapp.rules) * 1:42092 <-> DISABLED <-> POLICY-OTHER NetBiter WebSCADA ws100/ws200 logo modification attempt (policy-other.rules) * 1:20651 <-> DISABLED <-> SERVER-WEBAPP Modernbill remote file include in config.php DIR (server-webapp.rules) * 1:46428 <-> DISABLED <-> SERVER-APACHE Apache mod_http2 NULL pointer dereference attempt (server-apache.rules) * 1:20652 <-> DISABLED <-> SERVER-WEBAPP ME Download System remote file include in header.php Vb8878b936c2bd8ae0cab (server-webapp.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3000.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:54303 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-8027829-0 download attempt (snort3-malware-other.rules) * 1:54304 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Nanocore-8030566-0 download attempt (snort3-malware-other.rules) * 1:54305 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Nanocore-8030566-0 download attempt (snort3-malware-other.rules) * 1:54301 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Bladabindi-8025641-0 download attempt (snort3-malware-other.rules) * 1:54302 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-8027829-0 download attempt (snort3-malware-other.rules) * 1:54300 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Bladabindi-8025641-0 download attempt (snort3-malware-other.rules) * 1:54306 <-> DISABLED <-> POLICY-OTHER Novell ZENworks Configuration Management session id disclosure attempt (snort3-policy-other.rules) * 1:54307 <-> ENABLED <-> PUA-ADWARE Js.Adware.Agent variant redirect attempt (snort3-pua-adware.rules) * 1:54298 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Tinba-8025802-0 download attempt (snort3-malware-other.rules) * 1:54299 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Tinba-8025802-0 download attempt (snort3-malware-other.rules)
* 1:42092 <-> DISABLED <-> POLICY-OTHER NetBiter WebSCADA ws100/ws200 logo modification attempt (snort3-policy-other.rules) * 1:20654 <-> DISABLED <-> SERVER-WEBAPP GrapAgenda remote file include in index.php page (snort3-server-webapp.rules) * 1:20652 <-> DISABLED <-> SERVER-WEBAPP ME Download System remote file include in header.php Vb8878b936c2bd8ae0cab (snort3-server-webapp.rules) * 1:34584 <-> DISABLED <-> POLICY-OTHER Novell ZENworks Configuration Management session id disclosure attempt (snort3-policy-other.rules) * 1:20651 <-> DISABLED <-> SERVER-WEBAPP Modernbill remote file include in config.php DIR (snort3-server-webapp.rules) * 1:20657 <-> DISABLED <-> SERVER-WEBAPP Free File Hosting remote file include in forgot_pass.php ad_body_temp (snort3-server-webapp.rules) * 1:20640 <-> DISABLED <-> SERVER-WEBAPP VEGO Web Forum SQL injection in login.php username attempt (snort3-server-webapp.rules) * 1:20643 <-> DISABLED <-> SERVER-WEBAPP ScozBook SQL injection in auth.php adminname attempt (snort3-server-webapp.rules) * 1:20656 <-> DISABLED <-> SERVER-WEBAPP GestArtremote file include in aide.php3 aide (snort3-server-webapp.rules) * 1:20663 <-> DISABLED <-> SERVER-WEBAPP Comet WebFileManager remote file include in CheckUpload.php Language (snort3-server-webapp.rules) * 1:42095 <-> DISABLED <-> SERVER-WEBAPP NetBiter WebSCADA ws100/ws200 directory traversal attempt (snort3-server-webapp.rules) * 1:42093 <-> DISABLED <-> POLICY-OTHER NetBiter WebSCADA ws100/ws200 file read attempt (snort3-policy-other.rules) * 1:46316 <-> ENABLED <-> SERVER-WEBAPP Drupal 8 remote code execution attempt (snort3-server-webapp.rules) * 1:42094 <-> DISABLED <-> SERVER-WEBAPP NetBiter WebSCADA ws100/ws200 information gathering attempt (snort3-server-webapp.rules) * 1:46428 <-> DISABLED <-> SERVER-APACHE Apache mod_http2 NULL pointer dereference attempt (snort3-server-apache.rules) * 1:20650 <-> DISABLED <-> SERVER-WEBAPP MyNewsGroups remote file include in layersmenu.inc.php myng_root (snort3-server-webapp.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:54307 <-> ENABLED <-> PUA-ADWARE Js.Adware.Agent variant redirect attempt (pua-adware.rules) * 1:54298 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Tinba-8025802-0 download attempt (malware-other.rules) * 1:54299 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Tinba-8025802-0 download attempt (malware-other.rules) * 1:54300 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Bladabindi-8025641-0 download attempt (malware-other.rules) * 1:54301 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Bladabindi-8025641-0 download attempt (malware-other.rules) * 1:54302 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-8027829-0 download attempt (malware-other.rules) * 1:54303 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-8027829-0 download attempt (malware-other.rules) * 1:54304 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Nanocore-8030566-0 download attempt (malware-other.rules) * 1:54305 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Nanocore-8030566-0 download attempt (malware-other.rules) * 1:54306 <-> DISABLED <-> POLICY-OTHER Novell ZENworks Configuration Management session id disclosure attempt (policy-other.rules) * 3:54314 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1094 attack attempt (file-other.rules) * 3:54313 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1094 attack attempt (file-other.rules) * 3:54315 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1094 attack attempt (file-other.rules) * 3:54308 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1094 attack attempt (file-other.rules) * 3:54309 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1094 attack attempt (file-other.rules) * 3:54310 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1094 attack attempt (file-other.rules) * 3:54311 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1094 attack attempt (file-other.rules) * 3:54312 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1094 attack attempt (file-other.rules)
* 1:42093 <-> DISABLED <-> POLICY-OTHER NetBiter WebSCADA ws100/ws200 file read attempt (policy-other.rules) * 1:20656 <-> DISABLED <-> SERVER-WEBAPP GestArtremote file include in aide.php3 aide (server-webapp.rules) * 1:42095 <-> DISABLED <-> SERVER-WEBAPP NetBiter WebSCADA ws100/ws200 directory traversal attempt (server-webapp.rules) * 1:20650 <-> DISABLED <-> SERVER-WEBAPP MyNewsGroups remote file include in layersmenu.inc.php myng_root (server-webapp.rules) * 1:20657 <-> DISABLED <-> SERVER-WEBAPP Free File Hosting remote file include in forgot_pass.php ad_body_temp (server-webapp.rules) * 1:20654 <-> DISABLED <-> SERVER-WEBAPP GrapAgenda remote file include in index.php page (server-webapp.rules) * 1:42094 <-> DISABLED <-> SERVER-WEBAPP NetBiter WebSCADA ws100/ws200 information gathering attempt (server-webapp.rules) * 1:46316 <-> ENABLED <-> SERVER-WEBAPP Drupal 8 remote code execution attempt (server-webapp.rules) * 1:34584 <-> DISABLED <-> POLICY-OTHER Novell ZENworks Configuration Management session id disclosure attempt (policy-other.rules) * 1:20643 <-> DISABLED <-> SERVER-WEBAPP ScozBook SQL injection in auth.php adminname attempt (server-webapp.rules) * 1:20651 <-> DISABLED <-> SERVER-WEBAPP Modernbill remote file include in config.php DIR (server-webapp.rules) * 1:42092 <-> DISABLED <-> POLICY-OTHER NetBiter WebSCADA ws100/ws200 logo modification attempt (policy-other.rules) * 1:46428 <-> DISABLED <-> SERVER-APACHE Apache mod_http2 NULL pointer dereference attempt (server-apache.rules) * 1:20640 <-> DISABLED <-> SERVER-WEBAPP VEGO Web Forum SQL injection in login.php username attempt (server-webapp.rules) * 1:20663 <-> DISABLED <-> SERVER-WEBAPP Comet WebFileManager remote file include in CheckUpload.php Language (server-webapp.rules) * 1:20652 <-> DISABLED <-> SERVER-WEBAPP ME Download System remote file include in header.php Vb8878b936c2bd8ae0cab (server-webapp.rules)
©2024 Cisco and/or its affiliates. Snort, the Snort and Pig logo are registered trademarks of Cisco. All rights reserved.
