Talos Rules 2020-07-23
This release adds and modifies rules in several categories.

Talos has added and modified multiple rules in the browser-chrome, file-office, file-other, malware-cnc, malware-other, protocol-dns, server-mail and server-webapp rule sets to provide coverage for emerging threats from these technologies.

Change logs

2020-07-23 12:25:21 UTC

Snort Subscriber Rules Update

Date: 2020-07-23

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091600.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:54603 <-> DISABLED <-> SERVER-WEBAPP Laravel Framework PendingCommand arbitrary command execution attempt (server-webapp.rules)
 * 1:54602 <-> DISABLED <-> SERVER-WEBAPP Laravel Framework PendingCommand arbitrary command execution attempt (server-webapp.rules)
 * 1:54597 <-> DISABLED <-> SERVER-WEBAPP WordPress bbPress plugin unauthenticated privilege escalation attempt (server-webapp.rules)
 * 1:54596 <-> DISABLED <-> SERVER-WEBAPP WordPress bbPress plugin unauthenticated privilege escalation attempt (server-webapp.rules)
 * 1:54595 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Ap0calypseRAT-8992619-0 download attempt (malware-other.rules)
 * 1:54594 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Ap0calypseRAT-8992619-0 download attempt (malware-other.rules)
 * 1:54627 <-> ENABLED <-> MALWARE-CNC Vbs.Trojan.Dridex variant payload inbound download attempt (malware-cnc.rules)
 * 1:54626 <-> ENABLED <-> MALWARE-CNC Vbs.Trojan.Dridex variant payload outbound download attempt (malware-cnc.rules)
 * 1:54625 <-> DISABLED <-> BROWSER-CHROME Google Chrome blink webaudio module use after free attempt (browser-chrome.rules)
 * 1:54624 <-> DISABLED <-> BROWSER-CHROME Google Chrome blink webaudio module use after free attempt (browser-chrome.rules)
 * 1:54623 <-> DISABLED <-> BROWSER-CHROME Google Chrome ReadableStream out of bounds read attempt (browser-chrome.rules)
 * 1:54622 <-> DISABLED <-> BROWSER-CHROME Google Chrome ReadableStream out of bounds read attempt (browser-chrome.rules)
 * 1:54621 <-> DISABLED <-> FILE-OFFICE Microsoft Office Equation Editor stack buffer overflow attempt (file-office.rules)
 * 1:54620 <-> DISABLED <-> FILE-OFFICE Microsoft Office Equation Editor stack buffer overflow attempt (file-office.rules)
 * 1:54619 <-> DISABLED <-> FILE-OTHER Microsoft .NET API XPS file parsing remote code execution attempt (file-other.rules)
 * 1:54618 <-> DISABLED <-> FILE-OTHER Microsoft .NET API XPS file parsing remote code execution attempt (file-other.rules)
 * 1:54617 <-> ENABLED <-> SERVER-WEBAPP GeoVision Door Access Control hidden url access attempt (server-webapp.rules)
 * 1:54616 <-> DISABLED <-> SERVER-OTHER Zoom client unauthorized conference termination attempt (server-other.rules)
 * 1:54615 <-> DISABLED <-> SERVER-OTHER Zoom client unauthorized screen control attempt (server-other.rules)
 * 1:54614 <-> DISABLED <-> SERVER-OTHER Zoom client unauthorized user kick attempt (server-other.rules)
 * 1:54613 <-> DISABLED <-> SERVER-OTHER Zoom client spoofed chat message attempt (server-other.rules)
 * 1:54612 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Prometei variant outbound connection (malware-cnc.rules)
 * 1:54611 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Prometei variant outbound connection (malware-cnc.rules)
 * 1:54610 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Prometei variant outbound connection (malware-cnc.rules)
 * 1:54609 <-> DISABLED <-> SERVER-OTHER Hummingbird InetD LPD buffer overflow attempt (server-other.rules)
 * 1:54605 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Dorkbot-8975168-0 download attempt (malware-other.rules)
 * 1:54604 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Dorkbot-8975168-0 download attempt (malware-other.rules)
 * 1:54630 <-> DISABLED <-> PROTOCOL-DNS BIND DNS server TSIG denial of service attempt (protocol-dns.rules)
 * 1:54629 <-> DISABLED <-> SERVER-WEBAPP Microsoft Windows .NET API XML unsafe deserialization attempt (server-webapp.rules)
 * 1:54628 <-> ENABLED <-> MALWARE-CNC Vbs.Trojan.Dridex variant payload inbound download attempt (malware-cnc.rules)
 * 3:54607 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1126 attack attempt (server-webapp.rules)
 * 3:54608 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1126 attack attempt (server-webapp.rules)
 * 3:54601 <-> ENABLED <-> SERVER-WEBAPP Cisco ASA directory traversal attempt (server-webapp.rules)
 * 3:54606 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1126 attack attempt (server-webapp.rules)
 * 3:54599 <-> ENABLED <-> SERVER-WEBAPP Cisco ASA directory traversal attempt (server-webapp.rules)
 * 3:54600 <-> ENABLED <-> SERVER-WEBAPP Cisco ASA directory traversal attempt (server-webapp.rules)
 * 3:54598 <-> ENABLED <-> SERVER-WEBAPP Cisco ASA directory traversal attempt (server-webapp.rules)

Modified Rules:


 * 1:15884 <-> DISABLED <-> SERVER-OTHER Multiple Products LPD 0x02 command buffer overflow attempt (server-other.rules)
 * 1:18768 <-> DISABLED <-> SERVER-MAIL Novell GroupWise Internet Agent RRULE parsing buffer overflow attempt (server-mail.rules)
 * 1:39735 <-> DISABLED <-> FILE-OTHER Multiple Products XML buffer overflow attempt (file-other.rules)
 * 1:39736 <-> DISABLED <-> FILE-OTHER Multiple Products XML buffer overflow attempt (file-other.rules)

2020-07-23 12:25:21 UTC

Snort Subscriber Rules Update

Date: 2020-07-23

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091501.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:54594 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Ap0calypseRAT-8992619-0 download attempt (malware-other.rules)
 * 1:54602 <-> DISABLED <-> SERVER-WEBAPP Laravel Framework PendingCommand arbitrary command execution attempt (server-webapp.rules)
 * 1:54597 <-> DISABLED <-> SERVER-WEBAPP WordPress bbPress plugin unauthenticated privilege escalation attempt (server-webapp.rules)
 * 1:54610 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Prometei variant outbound connection (malware-cnc.rules)
 * 1:54609 <-> DISABLED <-> SERVER-OTHER Hummingbird InetD LPD buffer overflow attempt (server-other.rules)
 * 1:54625 <-> DISABLED <-> BROWSER-CHROME Google Chrome blink webaudio module use after free attempt (browser-chrome.rules)
 * 1:54615 <-> DISABLED <-> SERVER-OTHER Zoom client unauthorized screen control attempt (server-other.rules)
 * 1:54616 <-> DISABLED <-> SERVER-OTHER Zoom client unauthorized conference termination attempt (server-other.rules)
 * 1:54617 <-> ENABLED <-> SERVER-WEBAPP GeoVision Door Access Control hidden url access attempt (server-webapp.rules)
 * 1:54618 <-> DISABLED <-> FILE-OTHER Microsoft .NET API XPS file parsing remote code execution attempt (file-other.rules)
 * 1:54619 <-> DISABLED <-> FILE-OTHER Microsoft .NET API XPS file parsing remote code execution attempt (file-other.rules)
 * 1:54620 <-> DISABLED <-> FILE-OFFICE Microsoft Office Equation Editor stack buffer overflow attempt (file-office.rules)
 * 1:54621 <-> DISABLED <-> FILE-OFFICE Microsoft Office Equation Editor stack buffer overflow attempt (file-office.rules)
 * 1:54605 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Dorkbot-8975168-0 download attempt (malware-other.rules)
 * 1:54622 <-> DISABLED <-> BROWSER-CHROME Google Chrome ReadableStream out of bounds read attempt (browser-chrome.rules)
 * 1:54630 <-> DISABLED <-> PROTOCOL-DNS BIND DNS server TSIG denial of service attempt (protocol-dns.rules)
 * 1:54629 <-> DISABLED <-> SERVER-WEBAPP Microsoft Windows .NET API XML unsafe deserialization attempt (server-webapp.rules)
 * 1:54627 <-> ENABLED <-> MALWARE-CNC Vbs.Trojan.Dridex variant payload inbound download attempt (malware-cnc.rules)
 * 1:54626 <-> ENABLED <-> MALWARE-CNC Vbs.Trojan.Dridex variant payload outbound download attempt (malware-cnc.rules)
 * 1:54628 <-> ENABLED <-> MALWARE-CNC Vbs.Trojan.Dridex variant payload inbound download attempt (malware-cnc.rules)
 * 1:54603 <-> DISABLED <-> SERVER-WEBAPP Laravel Framework PendingCommand arbitrary command execution attempt (server-webapp.rules)
 * 1:54595 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Ap0calypseRAT-8992619-0 download attempt (malware-other.rules)
 * 1:54623 <-> DISABLED <-> BROWSER-CHROME Google Chrome ReadableStream out of bounds read attempt (browser-chrome.rules)
 * 1:54624 <-> DISABLED <-> BROWSER-CHROME Google Chrome blink webaudio module use after free attempt (browser-chrome.rules)
 * 1:54614 <-> DISABLED <-> SERVER-OTHER Zoom client unauthorized user kick attempt (server-other.rules)
 * 1:54613 <-> DISABLED <-> SERVER-OTHER Zoom client spoofed chat message attempt (server-other.rules)
 * 1:54612 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Prometei variant outbound connection (malware-cnc.rules)
 * 1:54611 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Prometei variant outbound connection (malware-cnc.rules)
 * 1:54604 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Dorkbot-8975168-0 download attempt (malware-other.rules)
 * 1:54596 <-> DISABLED <-> SERVER-WEBAPP WordPress bbPress plugin unauthenticated privilege escalation attempt (server-webapp.rules)
 * 3:54608 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1126 attack attempt (server-webapp.rules)
 * 3:54600 <-> ENABLED <-> SERVER-WEBAPP Cisco ASA directory traversal attempt (server-webapp.rules)
 * 3:54607 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1126 attack attempt (server-webapp.rules)
 * 3:54606 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1126 attack attempt (server-webapp.rules)
 * 3:54601 <-> ENABLED <-> SERVER-WEBAPP Cisco ASA directory traversal attempt (server-webapp.rules)
 * 3:54598 <-> ENABLED <-> SERVER-WEBAPP Cisco ASA directory traversal attempt (server-webapp.rules)
 * 3:54599 <-> ENABLED <-> SERVER-WEBAPP Cisco ASA directory traversal attempt (server-webapp.rules)

Modified Rules:


 * 1:39736 <-> DISABLED <-> FILE-OTHER Multiple Products XML buffer overflow attempt (file-other.rules)
 * 1:39735 <-> DISABLED <-> FILE-OTHER Multiple Products XML buffer overflow attempt (file-other.rules)
 * 1:18768 <-> DISABLED <-> SERVER-MAIL Novell GroupWise Internet Agent RRULE parsing buffer overflow attempt (server-mail.rules)
 * 1:15884 <-> DISABLED <-> SERVER-OTHER Multiple Products LPD 0x02 command buffer overflow attempt (server-other.rules)

2020-07-23 12:25:21 UTC

Snort Subscriber Rules Update

Date: 2020-07-23

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091500.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:54603 <-> DISABLED <-> SERVER-WEBAPP Laravel Framework PendingCommand arbitrary command execution attempt (server-webapp.rules)
 * 1:54625 <-> DISABLED <-> BROWSER-CHROME Google Chrome blink webaudio module use after free attempt (browser-chrome.rules)
 * 1:54597 <-> DISABLED <-> SERVER-WEBAPP WordPress bbPress plugin unauthenticated privilege escalation attempt (server-webapp.rules)
 * 1:54610 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Prometei variant outbound connection (malware-cnc.rules)
 * 1:54595 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Ap0calypseRAT-8992619-0 download attempt (malware-other.rules)
 * 1:54630 <-> DISABLED <-> PROTOCOL-DNS BIND DNS server TSIG denial of service attempt (protocol-dns.rules)
 * 1:54629 <-> DISABLED <-> SERVER-WEBAPP Microsoft Windows .NET API XML unsafe deserialization attempt (server-webapp.rules)
 * 1:54628 <-> ENABLED <-> MALWARE-CNC Vbs.Trojan.Dridex variant payload inbound download attempt (malware-cnc.rules)
 * 1:54627 <-> ENABLED <-> MALWARE-CNC Vbs.Trojan.Dridex variant payload inbound download attempt (malware-cnc.rules)
 * 1:54626 <-> ENABLED <-> MALWARE-CNC Vbs.Trojan.Dridex variant payload outbound download attempt (malware-cnc.rules)
 * 1:54609 <-> DISABLED <-> SERVER-OTHER Hummingbird InetD LPD buffer overflow attempt (server-other.rules)
 * 1:54594 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Ap0calypseRAT-8992619-0 download attempt (malware-other.rules)
 * 1:54615 <-> DISABLED <-> SERVER-OTHER Zoom client unauthorized screen control attempt (server-other.rules)
 * 1:54616 <-> DISABLED <-> SERVER-OTHER Zoom client unauthorized conference termination attempt (server-other.rules)
 * 1:54617 <-> ENABLED <-> SERVER-WEBAPP GeoVision Door Access Control hidden url access attempt (server-webapp.rules)
 * 1:54618 <-> DISABLED <-> FILE-OTHER Microsoft .NET API XPS file parsing remote code execution attempt (file-other.rules)
 * 1:54624 <-> DISABLED <-> BROWSER-CHROME Google Chrome blink webaudio module use after free attempt (browser-chrome.rules)
 * 1:54619 <-> DISABLED <-> FILE-OTHER Microsoft .NET API XPS file parsing remote code execution attempt (file-other.rules)
 * 1:54620 <-> DISABLED <-> FILE-OFFICE Microsoft Office Equation Editor stack buffer overflow attempt (file-office.rules)
 * 1:54621 <-> DISABLED <-> FILE-OFFICE Microsoft Office Equation Editor stack buffer overflow attempt (file-office.rules)
 * 1:54622 <-> DISABLED <-> BROWSER-CHROME Google Chrome ReadableStream out of bounds read attempt (browser-chrome.rules)
 * 1:54623 <-> DISABLED <-> BROWSER-CHROME Google Chrome ReadableStream out of bounds read attempt (browser-chrome.rules)
 * 1:54605 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Dorkbot-8975168-0 download attempt (malware-other.rules)
 * 1:54602 <-> DISABLED <-> SERVER-WEBAPP Laravel Framework PendingCommand arbitrary command execution attempt (server-webapp.rules)
 * 1:54613 <-> DISABLED <-> SERVER-OTHER Zoom client spoofed chat message attempt (server-other.rules)
 * 1:54614 <-> DISABLED <-> SERVER-OTHER Zoom client unauthorized user kick attempt (server-other.rules)
 * 1:54611 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Prometei variant outbound connection (malware-cnc.rules)
 * 1:54612 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Prometei variant outbound connection (malware-cnc.rules)
 * 1:54604 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Dorkbot-8975168-0 download attempt (malware-other.rules)
 * 1:54596 <-> DISABLED <-> SERVER-WEBAPP WordPress bbPress plugin unauthenticated privilege escalation attempt (server-webapp.rules)
 * 3:54601 <-> ENABLED <-> SERVER-WEBAPP Cisco ASA directory traversal attempt (server-webapp.rules)
 * 3:54598 <-> ENABLED <-> SERVER-WEBAPP Cisco ASA directory traversal attempt (server-webapp.rules)
 * 3:54606 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1126 attack attempt (server-webapp.rules)
 * 3:54607 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1126 attack attempt (server-webapp.rules)
 * 3:54608 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1126 attack attempt (server-webapp.rules)
 * 3:54600 <-> ENABLED <-> SERVER-WEBAPP Cisco ASA directory traversal attempt (server-webapp.rules)
 * 3:54599 <-> ENABLED <-> SERVER-WEBAPP Cisco ASA directory traversal attempt (server-webapp.rules)

Modified Rules:


 * 1:15884 <-> DISABLED <-> SERVER-OTHER Multiple Products LPD 0x02 command buffer overflow attempt (server-other.rules)
 * 1:18768 <-> DISABLED <-> SERVER-MAIL Novell GroupWise Internet Agent RRULE parsing buffer overflow attempt (server-mail.rules)
 * 1:39735 <-> DISABLED <-> FILE-OTHER Multiple Products XML buffer overflow attempt (file-other.rules)
 * 1:39736 <-> DISABLED <-> FILE-OTHER Multiple Products XML buffer overflow attempt (file-other.rules)

2020-07-23 12:25:21 UTC

Snort Subscriber Rules Update

Date: 2020-07-23

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091401.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:54602 <-> DISABLED <-> SERVER-WEBAPP Laravel Framework PendingCommand arbitrary command execution attempt (server-webapp.rules)
 * 1:54630 <-> DISABLED <-> PROTOCOL-DNS BIND DNS server TSIG denial of service attempt (protocol-dns.rules)
 * 1:54625 <-> DISABLED <-> BROWSER-CHROME Google Chrome blink webaudio module use after free attempt (browser-chrome.rules)
 * 1:54626 <-> ENABLED <-> MALWARE-CNC Vbs.Trojan.Dridex variant payload outbound download attempt (malware-cnc.rules)
 * 1:54603 <-> DISABLED <-> SERVER-WEBAPP Laravel Framework PendingCommand arbitrary command execution attempt (server-webapp.rules)
 * 1:54595 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Ap0calypseRAT-8992619-0 download attempt (malware-other.rules)
 * 1:54604 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Dorkbot-8975168-0 download attempt (malware-other.rules)
 * 1:54605 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Dorkbot-8975168-0 download attempt (malware-other.rules)
 * 1:54628 <-> ENABLED <-> MALWARE-CNC Vbs.Trojan.Dridex variant payload inbound download attempt (malware-cnc.rules)
 * 1:54614 <-> DISABLED <-> SERVER-OTHER Zoom client unauthorized user kick attempt (server-other.rules)
 * 1:54612 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Prometei variant outbound connection (malware-cnc.rules)
 * 1:54611 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Prometei variant outbound connection (malware-cnc.rules)
 * 1:54597 <-> DISABLED <-> SERVER-WEBAPP WordPress bbPress plugin unauthenticated privilege escalation attempt (server-webapp.rules)
 * 1:54609 <-> DISABLED <-> SERVER-OTHER Hummingbird InetD LPD buffer overflow attempt (server-other.rules)
 * 1:54610 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Prometei variant outbound connection (malware-cnc.rules)
 * 1:54596 <-> DISABLED <-> SERVER-WEBAPP WordPress bbPress plugin unauthenticated privilege escalation attempt (server-webapp.rules)
 * 1:54629 <-> DISABLED <-> SERVER-WEBAPP Microsoft Windows .NET API XML unsafe deserialization attempt (server-webapp.rules)
 * 1:54627 <-> ENABLED <-> MALWARE-CNC Vbs.Trojan.Dridex variant payload inbound download attempt (malware-cnc.rules)
 * 1:54613 <-> DISABLED <-> SERVER-OTHER Zoom client spoofed chat message attempt (server-other.rules)
 * 1:54594 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Ap0calypseRAT-8992619-0 download attempt (malware-other.rules)
 * 1:54624 <-> DISABLED <-> BROWSER-CHROME Google Chrome blink webaudio module use after free attempt (browser-chrome.rules)
 * 1:54620 <-> DISABLED <-> FILE-OFFICE Microsoft Office Equation Editor stack buffer overflow attempt (file-office.rules)
 * 1:54622 <-> DISABLED <-> BROWSER-CHROME Google Chrome ReadableStream out of bounds read attempt (browser-chrome.rules)
 * 1:54623 <-> DISABLED <-> BROWSER-CHROME Google Chrome ReadableStream out of bounds read attempt (browser-chrome.rules)
 * 1:54621 <-> DISABLED <-> FILE-OFFICE Microsoft Office Equation Editor stack buffer overflow attempt (file-office.rules)
 * 1:54618 <-> DISABLED <-> FILE-OTHER Microsoft .NET API XPS file parsing remote code execution attempt (file-other.rules)
 * 1:54619 <-> DISABLED <-> FILE-OTHER Microsoft .NET API XPS file parsing remote code execution attempt (file-other.rules)
 * 1:54617 <-> ENABLED <-> SERVER-WEBAPP GeoVision Door Access Control hidden url access attempt (server-webapp.rules)
 * 1:54616 <-> DISABLED <-> SERVER-OTHER Zoom client unauthorized conference termination attempt (server-other.rules)
 * 1:54615 <-> DISABLED <-> SERVER-OTHER Zoom client unauthorized screen control attempt (server-other.rules)
 * 3:54607 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1126 attack attempt (server-webapp.rules)
 * 3:54606 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1126 attack attempt (server-webapp.rules)
 * 3:54601 <-> ENABLED <-> SERVER-WEBAPP Cisco ASA directory traversal attempt (server-webapp.rules)
 * 3:54598 <-> ENABLED <-> SERVER-WEBAPP Cisco ASA directory traversal attempt (server-webapp.rules)
 * 3:54599 <-> ENABLED <-> SERVER-WEBAPP Cisco ASA directory traversal attempt (server-webapp.rules)
 * 3:54608 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1126 attack attempt (server-webapp.rules)
 * 3:54600 <-> ENABLED <-> SERVER-WEBAPP Cisco ASA directory traversal attempt (server-webapp.rules)

Modified Rules:


 * 1:15884 <-> DISABLED <-> SERVER-OTHER Multiple Products LPD 0x02 command buffer overflow attempt (server-other.rules)
 * 1:18768 <-> DISABLED <-> SERVER-MAIL Novell GroupWise Internet Agent RRULE parsing buffer overflow attempt (server-mail.rules)
 * 1:39735 <-> DISABLED <-> FILE-OTHER Multiple Products XML buffer overflow attempt (file-other.rules)
 * 1:39736 <-> DISABLED <-> FILE-OTHER Multiple Products XML buffer overflow attempt (file-other.rules)

2020-07-23 12:25:21 UTC

Snort Subscriber Rules Update

Date: 2020-07-23

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091300.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:54625 <-> DISABLED <-> BROWSER-CHROME Google Chrome blink webaudio module use after free attempt (browser-chrome.rules)
 * 1:54626 <-> ENABLED <-> MALWARE-CNC Vbs.Trojan.Dridex variant payload outbound download attempt (malware-cnc.rules)
 * 1:54597 <-> DISABLED <-> SERVER-WEBAPP WordPress bbPress plugin unauthenticated privilege escalation attempt (server-webapp.rules)
 * 1:54610 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Prometei variant outbound connection (malware-cnc.rules)
 * 1:54603 <-> DISABLED <-> SERVER-WEBAPP Laravel Framework PendingCommand arbitrary command execution attempt (server-webapp.rules)
 * 1:54629 <-> DISABLED <-> SERVER-WEBAPP Microsoft Windows .NET API XML unsafe deserialization attempt (server-webapp.rules)
 * 1:54595 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Ap0calypseRAT-8992619-0 download attempt (malware-other.rules)
 * 1:54609 <-> DISABLED <-> SERVER-OTHER Hummingbird InetD LPD buffer overflow attempt (server-other.rules)
 * 1:54630 <-> DISABLED <-> PROTOCOL-DNS BIND DNS server TSIG denial of service attempt (protocol-dns.rules)
 * 1:54627 <-> ENABLED <-> MALWARE-CNC Vbs.Trojan.Dridex variant payload inbound download attempt (malware-cnc.rules)
 * 1:54596 <-> DISABLED <-> SERVER-WEBAPP WordPress bbPress plugin unauthenticated privilege escalation attempt (server-webapp.rules)
 * 1:54613 <-> DISABLED <-> SERVER-OTHER Zoom client spoofed chat message attempt (server-other.rules)
 * 1:54614 <-> DISABLED <-> SERVER-OTHER Zoom client unauthorized user kick attempt (server-other.rules)
 * 1:54612 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Prometei variant outbound connection (malware-cnc.rules)
 * 1:54604 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Dorkbot-8975168-0 download attempt (malware-other.rules)
 * 1:54611 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Prometei variant outbound connection (malware-cnc.rules)
 * 1:54624 <-> DISABLED <-> BROWSER-CHROME Google Chrome blink webaudio module use after free attempt (browser-chrome.rules)
 * 1:54605 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Dorkbot-8975168-0 download attempt (malware-other.rules)
 * 1:54628 <-> ENABLED <-> MALWARE-CNC Vbs.Trojan.Dridex variant payload inbound download attempt (malware-cnc.rules)
 * 1:54615 <-> DISABLED <-> SERVER-OTHER Zoom client unauthorized screen control attempt (server-other.rules)
 * 1:54616 <-> DISABLED <-> SERVER-OTHER Zoom client unauthorized conference termination attempt (server-other.rules)
 * 1:54602 <-> DISABLED <-> SERVER-WEBAPP Laravel Framework PendingCommand arbitrary command execution attempt (server-webapp.rules)
 * 1:54594 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Ap0calypseRAT-8992619-0 download attempt (malware-other.rules)
 * 1:54617 <-> ENABLED <-> SERVER-WEBAPP GeoVision Door Access Control hidden url access attempt (server-webapp.rules)
 * 1:54618 <-> DISABLED <-> FILE-OTHER Microsoft .NET API XPS file parsing remote code execution attempt (file-other.rules)
 * 1:54619 <-> DISABLED <-> FILE-OTHER Microsoft .NET API XPS file parsing remote code execution attempt (file-other.rules)
 * 1:54620 <-> DISABLED <-> FILE-OFFICE Microsoft Office Equation Editor stack buffer overflow attempt (file-office.rules)
 * 1:54621 <-> DISABLED <-> FILE-OFFICE Microsoft Office Equation Editor stack buffer overflow attempt (file-office.rules)
 * 1:54622 <-> DISABLED <-> BROWSER-CHROME Google Chrome ReadableStream out of bounds read attempt (browser-chrome.rules)
 * 1:54623 <-> DISABLED <-> BROWSER-CHROME Google Chrome ReadableStream out of bounds read attempt (browser-chrome.rules)
 * 3:54607 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1126 attack attempt (server-webapp.rules)
 * 3:54606 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1126 attack attempt (server-webapp.rules)
 * 3:54601 <-> ENABLED <-> SERVER-WEBAPP Cisco ASA directory traversal attempt (server-webapp.rules)
 * 3:54599 <-> ENABLED <-> SERVER-WEBAPP Cisco ASA directory traversal attempt (server-webapp.rules)
 * 3:54598 <-> ENABLED <-> SERVER-WEBAPP Cisco ASA directory traversal attempt (server-webapp.rules)
 * 3:54608 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1126 attack attempt (server-webapp.rules)
 * 3:54600 <-> ENABLED <-> SERVER-WEBAPP Cisco ASA directory traversal attempt (server-webapp.rules)

Modified Rules:


 * 1:15884 <-> DISABLED <-> SERVER-OTHER Multiple Products LPD 0x02 command buffer overflow attempt (server-other.rules)
 * 1:18768 <-> DISABLED <-> SERVER-MAIL Novell GroupWise Internet Agent RRULE parsing buffer overflow attempt (server-mail.rules)
 * 1:39735 <-> DISABLED <-> FILE-OTHER Multiple Products XML buffer overflow attempt (file-other.rules)
 * 1:39736 <-> DISABLED <-> FILE-OTHER Multiple Products XML buffer overflow attempt (file-other.rules)

2020-07-23 12:25:21 UTC

Snort Subscriber Rules Update

Date: 2020-07-23

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091101.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:54597 <-> DISABLED <-> SERVER-WEBAPP WordPress bbPress plugin unauthenticated privilege escalation attempt (server-webapp.rules)
 * 1:54605 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Dorkbot-8975168-0 download attempt (malware-other.rules)
 * 1:54610 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Prometei variant outbound connection (malware-cnc.rules)
 * 1:54594 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Ap0calypseRAT-8992619-0 download attempt (malware-other.rules)
 * 1:54625 <-> DISABLED <-> BROWSER-CHROME Google Chrome blink webaudio module use after free attempt (browser-chrome.rules)
 * 1:54609 <-> DISABLED <-> SERVER-OTHER Hummingbird InetD LPD buffer overflow attempt (server-other.rules)
 * 1:54628 <-> ENABLED <-> MALWARE-CNC Vbs.Trojan.Dridex variant payload inbound download attempt (malware-cnc.rules)
 * 1:54627 <-> ENABLED <-> MALWARE-CNC Vbs.Trojan.Dridex variant payload inbound download attempt (malware-cnc.rules)
 * 1:54603 <-> DISABLED <-> SERVER-WEBAPP Laravel Framework PendingCommand arbitrary command execution attempt (server-webapp.rules)
 * 1:54596 <-> DISABLED <-> SERVER-WEBAPP WordPress bbPress plugin unauthenticated privilege escalation attempt (server-webapp.rules)
 * 1:54595 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Ap0calypseRAT-8992619-0 download attempt (malware-other.rules)
 * 1:54624 <-> DISABLED <-> BROWSER-CHROME Google Chrome blink webaudio module use after free attempt (browser-chrome.rules)
 * 1:54611 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Prometei variant outbound connection (malware-cnc.rules)
 * 1:54613 <-> DISABLED <-> SERVER-OTHER Zoom client spoofed chat message attempt (server-other.rules)
 * 1:54614 <-> DISABLED <-> SERVER-OTHER Zoom client unauthorized user kick attempt (server-other.rules)
 * 1:54612 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Prometei variant outbound connection (malware-cnc.rules)
 * 1:54626 <-> ENABLED <-> MALWARE-CNC Vbs.Trojan.Dridex variant payload outbound download attempt (malware-cnc.rules)
 * 1:54604 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Dorkbot-8975168-0 download attempt (malware-other.rules)
 * 1:54602 <-> DISABLED <-> SERVER-WEBAPP Laravel Framework PendingCommand arbitrary command execution attempt (server-webapp.rules)
 * 1:54615 <-> DISABLED <-> SERVER-OTHER Zoom client unauthorized screen control attempt (server-other.rules)
 * 1:54629 <-> DISABLED <-> SERVER-WEBAPP Microsoft Windows .NET API XML unsafe deserialization attempt (server-webapp.rules)
 * 1:54616 <-> DISABLED <-> SERVER-OTHER Zoom client unauthorized conference termination attempt (server-other.rules)
 * 1:54630 <-> DISABLED <-> PROTOCOL-DNS BIND DNS server TSIG denial of service attempt (protocol-dns.rules)
 * 1:54617 <-> ENABLED <-> SERVER-WEBAPP GeoVision Door Access Control hidden url access attempt (server-webapp.rules)
 * 1:54618 <-> DISABLED <-> FILE-OTHER Microsoft .NET API XPS file parsing remote code execution attempt (file-other.rules)
 * 1:54619 <-> DISABLED <-> FILE-OTHER Microsoft .NET API XPS file parsing remote code execution attempt (file-other.rules)
 * 1:54620 <-> DISABLED <-> FILE-OFFICE Microsoft Office Equation Editor stack buffer overflow attempt (file-office.rules)
 * 1:54621 <-> DISABLED <-> FILE-OFFICE Microsoft Office Equation Editor stack buffer overflow attempt (file-office.rules)
 * 1:54622 <-> DISABLED <-> BROWSER-CHROME Google Chrome ReadableStream out of bounds read attempt (browser-chrome.rules)
 * 1:54623 <-> DISABLED <-> BROWSER-CHROME Google Chrome ReadableStream out of bounds read attempt (browser-chrome.rules)
 * 3:54600 <-> ENABLED <-> SERVER-WEBAPP Cisco ASA directory traversal attempt (server-webapp.rules)
 * 3:54598 <-> ENABLED <-> SERVER-WEBAPP Cisco ASA directory traversal attempt (server-webapp.rules)
 * 3:54599 <-> ENABLED <-> SERVER-WEBAPP Cisco ASA directory traversal attempt (server-webapp.rules)
 * 3:54601 <-> ENABLED <-> SERVER-WEBAPP Cisco ASA directory traversal attempt (server-webapp.rules)
 * 3:54606 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1126 attack attempt (server-webapp.rules)
 * 3:54608 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1126 attack attempt (server-webapp.rules)
 * 3:54607 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1126 attack attempt (server-webapp.rules)

Modified Rules:


 * 1:39735 <-> DISABLED <-> FILE-OTHER Multiple Products XML buffer overflow attempt (file-other.rules)
 * 1:39736 <-> DISABLED <-> FILE-OTHER Multiple Products XML buffer overflow attempt (file-other.rules)
 * 1:18768 <-> DISABLED <-> SERVER-MAIL Novell GroupWise Internet Agent RRULE parsing buffer overflow attempt (server-mail.rules)
 * 1:15884 <-> DISABLED <-> SERVER-OTHER Multiple Products LPD 0x02 command buffer overflow attempt (server-other.rules)

2020-07-23 12:25:21 UTC

Snort Subscriber Rules Update

Date: 2020-07-23

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3000.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:54630 <-> DISABLED <-> PROTOCOL-DNS BIND DNS server TSIG denial of service attempt (snort3-protocol-dns.rules)
 * 1:54628 <-> ENABLED <-> MALWARE-CNC Vbs.Trojan.Dridex variant payload inbound download attempt (snort3-malware-cnc.rules)
 * 1:54612 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Prometei variant outbound connection (snort3-malware-cnc.rules)
 * 1:54629 <-> DISABLED <-> SERVER-WEBAPP Microsoft Windows .NET API XML unsafe deserialization attempt (snort3-server-webapp.rules)
 * 1:54611 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Prometei variant outbound connection (snort3-malware-cnc.rules)
 * 1:54620 <-> DISABLED <-> FILE-OFFICE Microsoft Office Equation Editor stack buffer overflow attempt (snort3-file-office.rules)
 * 1:54594 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Ap0calypseRAT-8992619-0 download attempt (snort3-malware-other.rules)
 * 1:54621 <-> DISABLED <-> FILE-OFFICE Microsoft Office Equation Editor stack buffer overflow attempt (snort3-file-office.rules)
 * 1:54604 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Dorkbot-8975168-0 download attempt (snort3-malware-other.rules)
 * 1:54614 <-> DISABLED <-> SERVER-OTHER Zoom client unauthorized user kick attempt (snort3-server-other.rules)
 * 1:54613 <-> DISABLED <-> SERVER-OTHER Zoom client spoofed chat message attempt (snort3-server-other.rules)
 * 1:54617 <-> ENABLED <-> SERVER-WEBAPP GeoVision Door Access Control hidden url access attempt (snort3-server-webapp.rules)
 * 1:54622 <-> DISABLED <-> BROWSER-CHROME Google Chrome ReadableStream out of bounds read attempt (snort3-browser-chrome.rules)
 * 1:54597 <-> DISABLED <-> SERVER-WEBAPP WordPress bbPress plugin unauthenticated privilege escalation attempt (snort3-server-webapp.rules)
 * 1:54618 <-> DISABLED <-> FILE-OTHER Microsoft .NET API XPS file parsing remote code execution attempt (snort3-file-other.rules)
 * 1:54609 <-> DISABLED <-> SERVER-OTHER Hummingbird InetD LPD buffer overflow attempt (snort3-server-other.rules)
 * 1:54605 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Dorkbot-8975168-0 download attempt (snort3-malware-other.rules)
 * 1:54627 <-> ENABLED <-> MALWARE-CNC Vbs.Trojan.Dridex variant payload inbound download attempt (snort3-malware-cnc.rules)
 * 1:54623 <-> DISABLED <-> BROWSER-CHROME Google Chrome ReadableStream out of bounds read attempt (snort3-browser-chrome.rules)
 * 1:54603 <-> DISABLED <-> SERVER-WEBAPP Laravel Framework PendingCommand arbitrary command execution attempt (snort3-server-webapp.rules)
 * 1:54624 <-> DISABLED <-> BROWSER-CHROME Google Chrome blink webaudio module use after free attempt (snort3-browser-chrome.rules)
 * 1:54610 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Prometei variant outbound connection (snort3-malware-cnc.rules)
 * 1:54626 <-> ENABLED <-> MALWARE-CNC Vbs.Trojan.Dridex variant payload outbound download attempt (snort3-malware-cnc.rules)
 * 1:54616 <-> DISABLED <-> SERVER-OTHER Zoom client unauthorized conference termination attempt (snort3-server-other.rules)
 * 1:54595 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Ap0calypseRAT-8992619-0 download attempt (snort3-malware-other.rules)
 * 1:54596 <-> DISABLED <-> SERVER-WEBAPP WordPress bbPress plugin unauthenticated privilege escalation attempt (snort3-server-webapp.rules)
 * 1:54625 <-> DISABLED <-> BROWSER-CHROME Google Chrome blink webaudio module use after free attempt (snort3-browser-chrome.rules)
 * 1:54615 <-> DISABLED <-> SERVER-OTHER Zoom client unauthorized screen control attempt (snort3-server-other.rules)
 * 1:54602 <-> DISABLED <-> SERVER-WEBAPP Laravel Framework PendingCommand arbitrary command execution attempt (snort3-server-webapp.rules)
 * 1:54619 <-> DISABLED <-> FILE-OTHER Microsoft .NET API XPS file parsing remote code execution attempt (snort3-file-other.rules)

Modified Rules:


 * 1:18768 <-> DISABLED <-> SERVER-MAIL Novell GroupWise Internet Agent RRULE parsing buffer overflow attempt (snort3-server-mail.rules)
 * 1:39735 <-> DISABLED <-> FILE-OTHER Multiple Products XML buffer overflow attempt (snort3-file-other.rules)
 * 1:39736 <-> DISABLED <-> FILE-OTHER Multiple Products XML buffer overflow attempt (snort3-file-other.rules)
 * 1:15884 <-> DISABLED <-> SERVER-OTHER Multiple Products LPD 0x02 command buffer overflow attempt (snort3-server-other.rules)

2020-07-23 12:25:21 UTC

Snort Subscriber Rules Update

Date: 2020-07-23

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:54630 <-> DISABLED <-> PROTOCOL-DNS BIND DNS server TSIG denial of service attempt (protocol-dns.rules)
 * 1:54614 <-> DISABLED <-> SERVER-OTHER Zoom client unauthorized user kick attempt (server-other.rules)
 * 1:54609 <-> DISABLED <-> SERVER-OTHER Hummingbird InetD LPD buffer overflow attempt (server-other.rules)
 * 1:54594 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Ap0calypseRAT-8992619-0 download attempt (malware-other.rules)
 * 1:54627 <-> ENABLED <-> MALWARE-CNC Vbs.Trojan.Dridex variant payload inbound download attempt (malware-cnc.rules)
 * 1:54617 <-> ENABLED <-> SERVER-WEBAPP GeoVision Door Access Control hidden url access attempt (server-webapp.rules)
 * 1:54597 <-> DISABLED <-> SERVER-WEBAPP WordPress bbPress plugin unauthenticated privilege escalation attempt (server-webapp.rules)
 * 1:54625 <-> DISABLED <-> BROWSER-CHROME Google Chrome blink webaudio module use after free attempt (browser-chrome.rules)
 * 1:54621 <-> DISABLED <-> FILE-OFFICE Microsoft Office Equation Editor stack buffer overflow attempt (file-office.rules)
 * 1:54604 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Dorkbot-8975168-0 download attempt (malware-other.rules)
 * 1:54623 <-> DISABLED <-> BROWSER-CHROME Google Chrome ReadableStream out of bounds read attempt (browser-chrome.rules)
 * 1:54626 <-> ENABLED <-> MALWARE-CNC Vbs.Trojan.Dridex variant payload outbound download attempt (malware-cnc.rules)
 * 1:54622 <-> DISABLED <-> BROWSER-CHROME Google Chrome ReadableStream out of bounds read attempt (browser-chrome.rules)
 * 1:54610 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Prometei variant outbound connection (malware-cnc.rules)
 * 1:54605 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Dorkbot-8975168-0 download attempt (malware-other.rules)
 * 1:54619 <-> DISABLED <-> FILE-OTHER Microsoft .NET API XPS file parsing remote code execution attempt (file-other.rules)
 * 1:54611 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Prometei variant outbound connection (malware-cnc.rules)
 * 1:54595 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Ap0calypseRAT-8992619-0 download attempt (malware-other.rules)
 * 1:54616 <-> DISABLED <-> SERVER-OTHER Zoom client unauthorized conference termination attempt (server-other.rules)
 * 1:54628 <-> ENABLED <-> MALWARE-CNC Vbs.Trojan.Dridex variant payload inbound download attempt (malware-cnc.rules)
 * 1:54620 <-> DISABLED <-> FILE-OFFICE Microsoft Office Equation Editor stack buffer overflow attempt (file-office.rules)
 * 1:54618 <-> DISABLED <-> FILE-OTHER Microsoft .NET API XPS file parsing remote code execution attempt (file-other.rules)
 * 1:54613 <-> DISABLED <-> SERVER-OTHER Zoom client spoofed chat message attempt (server-other.rules)
 * 1:54624 <-> DISABLED <-> BROWSER-CHROME Google Chrome blink webaudio module use after free attempt (browser-chrome.rules)
 * 1:54596 <-> DISABLED <-> SERVER-WEBAPP WordPress bbPress plugin unauthenticated privilege escalation attempt (server-webapp.rules)
 * 1:54603 <-> DISABLED <-> SERVER-WEBAPP Laravel Framework PendingCommand arbitrary command execution attempt (server-webapp.rules)
 * 1:54612 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Prometei variant outbound connection (malware-cnc.rules)
 * 1:54602 <-> DISABLED <-> SERVER-WEBAPP Laravel Framework PendingCommand arbitrary command execution attempt (server-webapp.rules)
 * 1:54615 <-> DISABLED <-> SERVER-OTHER Zoom client unauthorized screen control attempt (server-other.rules)
 * 1:54629 <-> DISABLED <-> SERVER-WEBAPP Microsoft Windows .NET API XML unsafe deserialization attempt (server-webapp.rules)
 * 3:54600 <-> ENABLED <-> SERVER-WEBAPP Cisco ASA directory traversal attempt (server-webapp.rules)
 * 3:54608 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1126 attack attempt (server-webapp.rules)
 * 3:54598 <-> ENABLED <-> SERVER-WEBAPP Cisco ASA directory traversal attempt (server-webapp.rules)
 * 3:54599 <-> ENABLED <-> SERVER-WEBAPP Cisco ASA directory traversal attempt (server-webapp.rules)
 * 3:54601 <-> ENABLED <-> SERVER-WEBAPP Cisco ASA directory traversal attempt (server-webapp.rules)
 * 3:54606 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1126 attack attempt (server-webapp.rules)
 * 3:54607 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1126 attack attempt (server-webapp.rules)

Modified Rules:


 * 1:39736 <-> DISABLED <-> FILE-OTHER Multiple Products XML buffer overflow attempt (file-other.rules)
 * 1:18768 <-> DISABLED <-> SERVER-MAIL Novell GroupWise Internet Agent RRULE parsing buffer overflow attempt (server-mail.rules)
 * 1:39735 <-> DISABLED <-> FILE-OTHER Multiple Products XML buffer overflow attempt (file-other.rules)
 * 1:15884 <-> DISABLED <-> SERVER-OTHER Multiple Products LPD 0x02 command buffer overflow attempt (server-other.rules)