Talos has added and modified multiple rules in the app-detect, browser-chrome, browser-other, file-multimedia, file-other, indicator-compromise, indicator-shellcode, malware-backdoor, malware-cnc, malware-other, malware-tools, os-linux, policy-other, protocol-dns, protocol-other and server-webapp rule sets to provide coverage for emerging threats from these technologies.
For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091601.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:55809 <-> DISABLED <-> BROWSER-CHROME Google Chrome AudioArray memory corruption attempt (browser-chrome.rules) * 1:55810 <-> DISABLED <-> BROWSER-CHROME Google Chrome AudioArray memory corruption attempt (browser-chrome.rules) * 1:55811 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Mekotio variant second stage dropper download attempt (malware-other.rules) * 1:55812 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Mekotio variant second stage dropper download attempt (malware-other.rules) * 1:55813 <-> DISABLED <-> SERVER-OTHER Symantec Endpoint Protection tamper protection bypass attempt (server-other.rules) * 1:55814 <-> DISABLED <-> SERVER-OTHER Symantec Endpoint Protection tamper protection bypass attempt (server-other.rules) * 1:55821 <-> DISABLED <-> SERVER-WEBAPP Ruby on Rails command injection attempt (server-webapp.rules) * 1:55823 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet CnCContactAlertResult SQL injection attempt (server-webapp.rules) * 1:55824 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet CnCContactAlertResult SQL injection attempt (server-webapp.rules) * 1:55825 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet CnCContactAlertResult SQL injection attempt (server-webapp.rules) * 1:55826 <-> DISABLED <-> SERVER-WEBAPP Microsoft Exchange Server DlpUtils remote code execution attempt (server-webapp.rules) * 1:55827 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet multiple functions SQL injection attempt (server-webapp.rules) * 1:55828 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet multiple functions SQL injection attempt (server-webapp.rules) * 1:55829 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet multiple functions SQL injection attempt (server-webapp.rules) * 3:55833 <-> ENABLED <-> POLICY-OTHER Cisco IOS XE WebUI restricted character in authentication detected (policy-other.rules) * 3:55820 <-> ENABLED <-> PROTOCOL-OTHER Cisco IOS XE Flexible NetFlow denial of service attempt (protocol-other.rules) * 3:55830 <-> ENABLED <-> SERVER-OTHER Cisco Wireless LAN Controller CAPWAP denial of service attempt (server-other.rules) * 3:55822 <-> ENABLED <-> PROTOCOL-DNS Cisco IOS XE Umbrella Connector denial of service attempt (protocol-dns.rules) * 3:55806 <-> ENABLED <-> SERVER-OTHER Cisco Wireless LAN Controller CAPWAP denial of service attempt (server-other.rules) * 3:55807 <-> ENABLED <-> SERVER-OTHER Cisco Wireless LAN Controller CAPWAP denial of service attempt (server-other.rules) * 3:55808 <-> ENABLED <-> POLICY-OTHER Cisco IOS Software VLPWA file read detected (policy-other.rules) * 3:55815 <-> ENABLED <-> POLICY-OTHER Cisco IOS XE WebUI administrative access detected (policy-other.rules) * 3:55816 <-> ENABLED <-> POLICY-OTHER Cisco IOS XE WebUI administrative access detected (policy-other.rules) * 3:55817 <-> ENABLED <-> POLICY-OTHER Cisco IOS XE WebUI administrative access detected (policy-other.rules) * 3:55818 <-> ENABLED <-> POLICY-OTHER Cisco IOS XE WebUI administrative access detected (policy-other.rules) * 3:55819 <-> ENABLED <-> SERVER-OTHER Cisco IOS Common Open Policy Service denial of service attempt (server-other.rules) * 3:55831 <-> ENABLED <-> SERVER-OTHER Cisco Wireless LAN Controller CAPWAP denial of service attempt (server-other.rules) * 3:55832 <-> ENABLED <-> SERVER-OTHER Cisco IOS XE mDNS denial of service attempt (server-other.rules)
* 1:37298 <-> DISABLED <-> APP-DETECT Hola VPN installation attempt (app-detect.rules) * 1:37299 <-> DISABLED <-> APP-DETECT Hola VPN installation attempt (app-detect.rules) * 1:37300 <-> DISABLED <-> APP-DETECT Hola VPN startup attempt (app-detect.rules) * 1:37301 <-> DISABLED <-> APP-DETECT Hola VPN startup attempt (app-detect.rules) * 1:37303 <-> DISABLED <-> APP-DETECT Hola VPN X-Hola-Version header attempt (app-detect.rules) * 1:37306 <-> DISABLED <-> APP-DETECT Hola VPN startup attempt (app-detect.rules) * 1:37370 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Trochulis variant outbound connection (malware-cnc.rules) * 1:37524 <-> DISABLED <-> FILE-OTHER ReGet Deluxe wjr file buffer overflow attempt (file-other.rules) * 1:37814 <-> DISABLED <-> POLICY-OTHER Polycom Botnet inbound connection attempt (policy-other.rules) * 1:37815 <-> DISABLED <-> POLICY-OTHER Polycom Botnet inbound connection attempt (policy-other.rules) * 1:38528 <-> DISABLED <-> MALWARE-CNC XBot Command Request get_action (malware-cnc.rules) * 1:39893 <-> ENABLED <-> OS-LINUX Linux Kernel USBIP out of bounds write attempt (os-linux.rules) * 1:32950 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bladabindi variant outbound connection (malware-cnc.rules) * 1:34224 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_unix_reverse_perl (indicator-shellcode.rules) * 1:35101 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex variant outbound connection (malware-cnc.rules) * 1:39894 <-> ENABLED <-> OS-LINUX Linux Kernel USBIP out of bounds write attempt (os-linux.rules) * 1:41162 <-> ENABLED <-> MALWARE-CNC Js.Trojan.Nemucod variant (malware-cnc.rules) * 1:41784 <-> DISABLED <-> INDICATOR-COMPROMISE clorius controls information gathering attempt (indicator-compromise.rules) * 1:42067 <-> DISABLED <-> POLICY-OTHER Aviosys IP Power 9258 W2 management.asp information disclosure (policy-other.rules) * 1:42068 <-> DISABLED <-> POLICY-OTHER Aviosys IP Power 9258 W2 default login attempt (policy-other.rules) * 1:44876 <-> ENABLED <-> MALWARE-CNC Malicious VBA Dropper outbound connection detected (malware-cnc.rules) * 1:46960 <-> DISABLED <-> FILE-OTHER Adobe Flash Player AMF0 Shared Object integer overflow attempt (file-other.rules) * 1:47525 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Grobios outbound connection (malware-cnc.rules) * 1:47526 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Grobios C2 inbound server command (malware-cnc.rules) * 1:48146 <-> DISABLED <-> MALWARE-BACKDOOR Rebhip variant runtime detection (malware-backdoor.rules) * 1:48569 <-> DISABLED <-> MALWARE-TOOLS JexBoss webshell download (malware-tools.rules) * 1:48570 <-> DISABLED <-> MALWARE-TOOLS JexBoss webshell commands sent in X-JEX headers (malware-tools.rules) * 1:48571 <-> DISABLED <-> MALWARE-TOOLS JexBoss User-Agent detected (malware-tools.rules) * 1:50734 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Anubis variant outbound connection (malware-cnc.rules) * 1:50735 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Anubis variant outbound connection (malware-cnc.rules) * 1:50736 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Anubis variant outbound connection (malware-cnc.rules) * 1:50737 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Anubis variant outbound connection (malware-cnc.rules) * 1:51911 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (malware-cnc.rules) * 1:52290 <-> ENABLED <-> MALWARE-OTHER Win.Backdoor.Agent malicious DLL loader download attempt (malware-other.rules) * 1:53632 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Panda malicious DLL loader attempt (malware-other.rules) * 1:53633 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Panda malicious loader and decryptor attempt (malware-other.rules) * 1:53635 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Panda malicious loader and decryptor attempt (malware-other.rules) * 1:53643 <-> DISABLED <-> MALWARE-TOOLS Win.Trojan.Panda file loader and decryptor attempt (malware-tools.rules) * 1:53645 <-> DISABLED <-> MALWARE-TOOLS Win.Trojan.Panda file loader and decryptor attempt (malware-tools.rules) * 1:27933 <-> DISABLED <-> APP-DETECT Splashtop streamer download attempt (app-detect.rules) * 1:20673 <-> DISABLED <-> FILE-MULTIMEDIA invalid VLC media player SMB URI download attempt (file-multimedia.rules) * 1:36628 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Recodler variant outbound connection (malware-cnc.rules) * 1:19950 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Defsel inbound connection (malware-cnc.rules) * 1:27934 <-> DISABLED <-> APP-DETECT Splashtop personal download attempt (app-detect.rules) * 1:31633 <-> DISABLED <-> MALWARE-CNC Noniem.A outbound connection (malware-cnc.rules) * 1:32029 <-> DISABLED <-> BROWSER-OTHER Android WebView same origin policy bypass attempt (browser-other.rules) * 1:32505 <-> ENABLED <-> MALWARE-CNC Linux.Backdoor.Kiler attempted outbound connection (malware-cnc.rules) * 1:31433 <-> DISABLED <-> MALWARE-CNC MSIL Worm command and control connection (malware-cnc.rules) * 1:30000 <-> DISABLED <-> MALWARE-BACKDOOR FireCrotch exploit kit backdoor attempt (malware-backdoor.rules) * 1:36610 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Panskeg outbound connection (malware-cnc.rules) * 1:36541 <-> DISABLED <-> POLICY-OTHER Polycom Botnet inbound connection attempt (policy-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091600.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:55810 <-> DISABLED <-> BROWSER-CHROME Google Chrome AudioArray memory corruption attempt (browser-chrome.rules) * 1:55809 <-> DISABLED <-> BROWSER-CHROME Google Chrome AudioArray memory corruption attempt (browser-chrome.rules) * 1:55812 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Mekotio variant second stage dropper download attempt (malware-other.rules) * 1:55811 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Mekotio variant second stage dropper download attempt (malware-other.rules) * 1:55814 <-> DISABLED <-> SERVER-OTHER Symantec Endpoint Protection tamper protection bypass attempt (server-other.rules) * 1:55813 <-> DISABLED <-> SERVER-OTHER Symantec Endpoint Protection tamper protection bypass attempt (server-other.rules) * 1:55824 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet CnCContactAlertResult SQL injection attempt (server-webapp.rules) * 1:55821 <-> DISABLED <-> SERVER-WEBAPP Ruby on Rails command injection attempt (server-webapp.rules) * 1:55823 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet CnCContactAlertResult SQL injection attempt (server-webapp.rules) * 1:55826 <-> DISABLED <-> SERVER-WEBAPP Microsoft Exchange Server DlpUtils remote code execution attempt (server-webapp.rules) * 1:55825 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet CnCContactAlertResult SQL injection attempt (server-webapp.rules) * 1:55828 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet multiple functions SQL injection attempt (server-webapp.rules) * 1:55827 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet multiple functions SQL injection attempt (server-webapp.rules) * 1:55829 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet multiple functions SQL injection attempt (server-webapp.rules) * 3:55820 <-> ENABLED <-> PROTOCOL-OTHER Cisco IOS XE Flexible NetFlow denial of service attempt (protocol-other.rules) * 3:55831 <-> ENABLED <-> SERVER-OTHER Cisco Wireless LAN Controller CAPWAP denial of service attempt (server-other.rules) * 3:55832 <-> ENABLED <-> SERVER-OTHER Cisco IOS XE mDNS denial of service attempt (server-other.rules) * 3:55833 <-> ENABLED <-> POLICY-OTHER Cisco IOS XE WebUI restricted character in authentication detected (policy-other.rules) * 3:55806 <-> ENABLED <-> SERVER-OTHER Cisco Wireless LAN Controller CAPWAP denial of service attempt (server-other.rules) * 3:55808 <-> ENABLED <-> POLICY-OTHER Cisco IOS Software VLPWA file read detected (policy-other.rules) * 3:55816 <-> ENABLED <-> POLICY-OTHER Cisco IOS XE WebUI administrative access detected (policy-other.rules) * 3:55815 <-> ENABLED <-> POLICY-OTHER Cisco IOS XE WebUI administrative access detected (policy-other.rules) * 3:55807 <-> ENABLED <-> SERVER-OTHER Cisco Wireless LAN Controller CAPWAP denial of service attempt (server-other.rules) * 3:55817 <-> ENABLED <-> POLICY-OTHER Cisco IOS XE WebUI administrative access detected (policy-other.rules) * 3:55830 <-> ENABLED <-> SERVER-OTHER Cisco Wireless LAN Controller CAPWAP denial of service attempt (server-other.rules) * 3:55818 <-> ENABLED <-> POLICY-OTHER Cisco IOS XE WebUI administrative access detected (policy-other.rules) * 3:55822 <-> ENABLED <-> PROTOCOL-DNS Cisco IOS XE Umbrella Connector denial of service attempt (protocol-dns.rules) * 3:55819 <-> ENABLED <-> SERVER-OTHER Cisco IOS Common Open Policy Service denial of service attempt (server-other.rules)
* 1:27934 <-> DISABLED <-> APP-DETECT Splashtop personal download attempt (app-detect.rules) * 1:31433 <-> DISABLED <-> MALWARE-CNC MSIL Worm command and control connection (malware-cnc.rules) * 1:30000 <-> DISABLED <-> MALWARE-BACKDOOR FireCrotch exploit kit backdoor attempt (malware-backdoor.rules) * 1:36610 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Panskeg outbound connection (malware-cnc.rules) * 1:48569 <-> DISABLED <-> MALWARE-TOOLS JexBoss webshell download (malware-tools.rules) * 1:36628 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Recodler variant outbound connection (malware-cnc.rules) * 1:36541 <-> DISABLED <-> POLICY-OTHER Polycom Botnet inbound connection attempt (policy-other.rules) * 1:37815 <-> DISABLED <-> POLICY-OTHER Polycom Botnet inbound connection attempt (policy-other.rules) * 1:32029 <-> DISABLED <-> BROWSER-OTHER Android WebView same origin policy bypass attempt (browser-other.rules) * 1:19950 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Defsel inbound connection (malware-cnc.rules) * 1:32505 <-> ENABLED <-> MALWARE-CNC Linux.Backdoor.Kiler attempted outbound connection (malware-cnc.rules) * 1:48570 <-> DISABLED <-> MALWARE-TOOLS JexBoss webshell commands sent in X-JEX headers (malware-tools.rules) * 1:50734 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Anubis variant outbound connection (malware-cnc.rules) * 1:50735 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Anubis variant outbound connection (malware-cnc.rules) * 1:20673 <-> DISABLED <-> FILE-MULTIMEDIA invalid VLC media player SMB URI download attempt (file-multimedia.rules) * 1:50736 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Anubis variant outbound connection (malware-cnc.rules) * 1:50737 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Anubis variant outbound connection (malware-cnc.rules) * 1:51911 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (malware-cnc.rules) * 1:52290 <-> ENABLED <-> MALWARE-OTHER Win.Backdoor.Agent malicious DLL loader download attempt (malware-other.rules) * 1:53632 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Panda malicious DLL loader attempt (malware-other.rules) * 1:53633 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Panda malicious loader and decryptor attempt (malware-other.rules) * 1:53635 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Panda malicious loader and decryptor attempt (malware-other.rules) * 1:53643 <-> DISABLED <-> MALWARE-TOOLS Win.Trojan.Panda file loader and decryptor attempt (malware-tools.rules) * 1:53645 <-> DISABLED <-> MALWARE-TOOLS Win.Trojan.Panda file loader and decryptor attempt (malware-tools.rules) * 1:32950 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bladabindi variant outbound connection (malware-cnc.rules) * 1:34224 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_unix_reverse_perl (indicator-shellcode.rules) * 1:37298 <-> DISABLED <-> APP-DETECT Hola VPN installation attempt (app-detect.rules) * 1:37300 <-> DISABLED <-> APP-DETECT Hola VPN startup attempt (app-detect.rules) * 1:37299 <-> DISABLED <-> APP-DETECT Hola VPN installation attempt (app-detect.rules) * 1:37303 <-> DISABLED <-> APP-DETECT Hola VPN X-Hola-Version header attempt (app-detect.rules) * 1:37301 <-> DISABLED <-> APP-DETECT Hola VPN startup attempt (app-detect.rules) * 1:37370 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Trochulis variant outbound connection (malware-cnc.rules) * 1:37306 <-> DISABLED <-> APP-DETECT Hola VPN startup attempt (app-detect.rules) * 1:37814 <-> DISABLED <-> POLICY-OTHER Polycom Botnet inbound connection attempt (policy-other.rules) * 1:37524 <-> DISABLED <-> FILE-OTHER ReGet Deluxe wjr file buffer overflow attempt (file-other.rules) * 1:39893 <-> ENABLED <-> OS-LINUX Linux Kernel USBIP out of bounds write attempt (os-linux.rules) * 1:38528 <-> DISABLED <-> MALWARE-CNC XBot Command Request get_action (malware-cnc.rules) * 1:31633 <-> DISABLED <-> MALWARE-CNC Noniem.A outbound connection (malware-cnc.rules) * 1:48146 <-> DISABLED <-> MALWARE-BACKDOOR Rebhip variant runtime detection (malware-backdoor.rules) * 1:27933 <-> DISABLED <-> APP-DETECT Splashtop streamer download attempt (app-detect.rules) * 1:47526 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Grobios C2 inbound server command (malware-cnc.rules) * 1:46960 <-> DISABLED <-> FILE-OTHER Adobe Flash Player AMF0 Shared Object integer overflow attempt (file-other.rules) * 1:35101 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex variant outbound connection (malware-cnc.rules) * 1:39894 <-> ENABLED <-> OS-LINUX Linux Kernel USBIP out of bounds write attempt (os-linux.rules) * 1:41162 <-> ENABLED <-> MALWARE-CNC Js.Trojan.Nemucod variant (malware-cnc.rules) * 1:44876 <-> ENABLED <-> MALWARE-CNC Malicious VBA Dropper outbound connection detected (malware-cnc.rules) * 1:41784 <-> DISABLED <-> INDICATOR-COMPROMISE clorius controls information gathering attempt (indicator-compromise.rules) * 1:42067 <-> DISABLED <-> POLICY-OTHER Aviosys IP Power 9258 W2 management.asp information disclosure (policy-other.rules) * 1:42068 <-> DISABLED <-> POLICY-OTHER Aviosys IP Power 9258 W2 default login attempt (policy-other.rules) * 1:48571 <-> DISABLED <-> MALWARE-TOOLS JexBoss User-Agent detected (malware-tools.rules) * 1:47525 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Grobios outbound connection (malware-cnc.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091501.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:55821 <-> DISABLED <-> SERVER-WEBAPP Ruby on Rails command injection attempt (server-webapp.rules) * 1:55823 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet CnCContactAlertResult SQL injection attempt (server-webapp.rules) * 1:55814 <-> DISABLED <-> SERVER-OTHER Symantec Endpoint Protection tamper protection bypass attempt (server-other.rules) * 1:55812 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Mekotio variant second stage dropper download attempt (malware-other.rules) * 1:55827 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet multiple functions SQL injection attempt (server-webapp.rules) * 1:55809 <-> DISABLED <-> BROWSER-CHROME Google Chrome AudioArray memory corruption attempt (browser-chrome.rules) * 1:55811 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Mekotio variant second stage dropper download attempt (malware-other.rules) * 1:55825 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet CnCContactAlertResult SQL injection attempt (server-webapp.rules) * 1:55824 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet CnCContactAlertResult SQL injection attempt (server-webapp.rules) * 1:55826 <-> DISABLED <-> SERVER-WEBAPP Microsoft Exchange Server DlpUtils remote code execution attempt (server-webapp.rules) * 1:55828 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet multiple functions SQL injection attempt (server-webapp.rules) * 1:55829 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet multiple functions SQL injection attempt (server-webapp.rules) * 1:55813 <-> DISABLED <-> SERVER-OTHER Symantec Endpoint Protection tamper protection bypass attempt (server-other.rules) * 1:55810 <-> DISABLED <-> BROWSER-CHROME Google Chrome AudioArray memory corruption attempt (browser-chrome.rules) * 3:55822 <-> ENABLED <-> PROTOCOL-DNS Cisco IOS XE Umbrella Connector denial of service attempt (protocol-dns.rules) * 3:55806 <-> ENABLED <-> SERVER-OTHER Cisco Wireless LAN Controller CAPWAP denial of service attempt (server-other.rules) * 3:55807 <-> ENABLED <-> SERVER-OTHER Cisco Wireless LAN Controller CAPWAP denial of service attempt (server-other.rules) * 3:55819 <-> ENABLED <-> SERVER-OTHER Cisco IOS Common Open Policy Service denial of service attempt (server-other.rules) * 3:55815 <-> ENABLED <-> POLICY-OTHER Cisco IOS XE WebUI administrative access detected (policy-other.rules) * 3:55808 <-> ENABLED <-> POLICY-OTHER Cisco IOS Software VLPWA file read detected (policy-other.rules) * 3:55816 <-> ENABLED <-> POLICY-OTHER Cisco IOS XE WebUI administrative access detected (policy-other.rules) * 3:55817 <-> ENABLED <-> POLICY-OTHER Cisco IOS XE WebUI administrative access detected (policy-other.rules) * 3:55818 <-> ENABLED <-> POLICY-OTHER Cisco IOS XE WebUI administrative access detected (policy-other.rules) * 3:55831 <-> ENABLED <-> SERVER-OTHER Cisco Wireless LAN Controller CAPWAP denial of service attempt (server-other.rules) * 3:55832 <-> ENABLED <-> SERVER-OTHER Cisco IOS XE mDNS denial of service attempt (server-other.rules) * 3:55833 <-> ENABLED <-> POLICY-OTHER Cisco IOS XE WebUI restricted character in authentication detected (policy-other.rules) * 3:55830 <-> ENABLED <-> SERVER-OTHER Cisco Wireless LAN Controller CAPWAP denial of service attempt (server-other.rules) * 3:55820 <-> ENABLED <-> PROTOCOL-OTHER Cisco IOS XE Flexible NetFlow denial of service attempt (protocol-other.rules)
* 1:27933 <-> DISABLED <-> APP-DETECT Splashtop streamer download attempt (app-detect.rules) * 1:50736 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Anubis variant outbound connection (malware-cnc.rules) * 1:32950 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bladabindi variant outbound connection (malware-cnc.rules) * 1:48146 <-> DISABLED <-> MALWARE-BACKDOOR Rebhip variant runtime detection (malware-backdoor.rules) * 1:51911 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (malware-cnc.rules) * 1:50737 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Anubis variant outbound connection (malware-cnc.rules) * 1:53632 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Panda malicious DLL loader attempt (malware-other.rules) * 1:52290 <-> ENABLED <-> MALWARE-OTHER Win.Backdoor.Agent malicious DLL loader download attempt (malware-other.rules) * 1:53635 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Panda malicious loader and decryptor attempt (malware-other.rules) * 1:53633 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Panda malicious loader and decryptor attempt (malware-other.rules) * 1:53643 <-> DISABLED <-> MALWARE-TOOLS Win.Trojan.Panda file loader and decryptor attempt (malware-tools.rules) * 1:53645 <-> DISABLED <-> MALWARE-TOOLS Win.Trojan.Panda file loader and decryptor attempt (malware-tools.rules) * 1:20673 <-> DISABLED <-> FILE-MULTIMEDIA invalid VLC media player SMB URI download attempt (file-multimedia.rules) * 1:37306 <-> DISABLED <-> APP-DETECT Hola VPN startup attempt (app-detect.rules) * 1:37524 <-> DISABLED <-> FILE-OTHER ReGet Deluxe wjr file buffer overflow attempt (file-other.rules) * 1:37370 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Trochulis variant outbound connection (malware-cnc.rules) * 1:37814 <-> DISABLED <-> POLICY-OTHER Polycom Botnet inbound connection attempt (policy-other.rules) * 1:38528 <-> DISABLED <-> MALWARE-CNC XBot Command Request get_action (malware-cnc.rules) * 1:32029 <-> DISABLED <-> BROWSER-OTHER Android WebView same origin policy bypass attempt (browser-other.rules) * 1:31633 <-> DISABLED <-> MALWARE-CNC Noniem.A outbound connection (malware-cnc.rules) * 1:19950 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Defsel inbound connection (malware-cnc.rules) * 1:32505 <-> ENABLED <-> MALWARE-CNC Linux.Backdoor.Kiler attempted outbound connection (malware-cnc.rules) * 1:36541 <-> DISABLED <-> POLICY-OTHER Polycom Botnet inbound connection attempt (policy-other.rules) * 1:37298 <-> DISABLED <-> APP-DETECT Hola VPN installation attempt (app-detect.rules) * 1:37299 <-> DISABLED <-> APP-DETECT Hola VPN installation attempt (app-detect.rules) * 1:37300 <-> DISABLED <-> APP-DETECT Hola VPN startup attempt (app-detect.rules) * 1:48570 <-> DISABLED <-> MALWARE-TOOLS JexBoss webshell commands sent in X-JEX headers (malware-tools.rules) * 1:47526 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Grobios C2 inbound server command (malware-cnc.rules) * 1:27934 <-> DISABLED <-> APP-DETECT Splashtop personal download attempt (app-detect.rules) * 1:30000 <-> DISABLED <-> MALWARE-BACKDOOR FireCrotch exploit kit backdoor attempt (malware-backdoor.rules) * 1:31433 <-> DISABLED <-> MALWARE-CNC MSIL Worm command and control connection (malware-cnc.rules) * 1:36610 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Panskeg outbound connection (malware-cnc.rules) * 1:36628 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Recodler variant outbound connection (malware-cnc.rules) * 1:37301 <-> DISABLED <-> APP-DETECT Hola VPN startup attempt (app-detect.rules) * 1:37815 <-> DISABLED <-> POLICY-OTHER Polycom Botnet inbound connection attempt (policy-other.rules) * 1:39893 <-> ENABLED <-> OS-LINUX Linux Kernel USBIP out of bounds write attempt (os-linux.rules) * 1:48569 <-> DISABLED <-> MALWARE-TOOLS JexBoss webshell download (malware-tools.rules) * 1:37303 <-> DISABLED <-> APP-DETECT Hola VPN X-Hola-Version header attempt (app-detect.rules) * 1:50734 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Anubis variant outbound connection (malware-cnc.rules) * 1:48571 <-> DISABLED <-> MALWARE-TOOLS JexBoss User-Agent detected (malware-tools.rules) * 1:34224 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_unix_reverse_perl (indicator-shellcode.rules) * 1:35101 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex variant outbound connection (malware-cnc.rules) * 1:50735 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Anubis variant outbound connection (malware-cnc.rules) * 1:39894 <-> ENABLED <-> OS-LINUX Linux Kernel USBIP out of bounds write attempt (os-linux.rules) * 1:41162 <-> ENABLED <-> MALWARE-CNC Js.Trojan.Nemucod variant (malware-cnc.rules) * 1:41784 <-> DISABLED <-> INDICATOR-COMPROMISE clorius controls information gathering attempt (indicator-compromise.rules) * 1:42067 <-> DISABLED <-> POLICY-OTHER Aviosys IP Power 9258 W2 management.asp information disclosure (policy-other.rules) * 1:42068 <-> DISABLED <-> POLICY-OTHER Aviosys IP Power 9258 W2 default login attempt (policy-other.rules) * 1:44876 <-> ENABLED <-> MALWARE-CNC Malicious VBA Dropper outbound connection detected (malware-cnc.rules) * 1:46960 <-> DISABLED <-> FILE-OTHER Adobe Flash Player AMF0 Shared Object integer overflow attempt (file-other.rules) * 1:47525 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Grobios outbound connection (malware-cnc.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091500.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:55824 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet CnCContactAlertResult SQL injection attempt (server-webapp.rules) * 1:55825 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet CnCContactAlertResult SQL injection attempt (server-webapp.rules) * 1:55809 <-> DISABLED <-> BROWSER-CHROME Google Chrome AudioArray memory corruption attempt (browser-chrome.rules) * 1:55829 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet multiple functions SQL injection attempt (server-webapp.rules) * 1:55826 <-> DISABLED <-> SERVER-WEBAPP Microsoft Exchange Server DlpUtils remote code execution attempt (server-webapp.rules) * 1:55828 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet multiple functions SQL injection attempt (server-webapp.rules) * 1:55827 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet multiple functions SQL injection attempt (server-webapp.rules) * 1:55814 <-> DISABLED <-> SERVER-OTHER Symantec Endpoint Protection tamper protection bypass attempt (server-other.rules) * 1:55811 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Mekotio variant second stage dropper download attempt (malware-other.rules) * 1:55810 <-> DISABLED <-> BROWSER-CHROME Google Chrome AudioArray memory corruption attempt (browser-chrome.rules) * 1:55813 <-> DISABLED <-> SERVER-OTHER Symantec Endpoint Protection tamper protection bypass attempt (server-other.rules) * 1:55812 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Mekotio variant second stage dropper download attempt (malware-other.rules) * 1:55821 <-> DISABLED <-> SERVER-WEBAPP Ruby on Rails command injection attempt (server-webapp.rules) * 1:55823 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet CnCContactAlertResult SQL injection attempt (server-webapp.rules) * 3:55822 <-> ENABLED <-> PROTOCOL-DNS Cisco IOS XE Umbrella Connector denial of service attempt (protocol-dns.rules) * 3:55817 <-> ENABLED <-> POLICY-OTHER Cisco IOS XE WebUI administrative access detected (policy-other.rules) * 3:55806 <-> ENABLED <-> SERVER-OTHER Cisco Wireless LAN Controller CAPWAP denial of service attempt (server-other.rules) * 3:55831 <-> ENABLED <-> SERVER-OTHER Cisco Wireless LAN Controller CAPWAP denial of service attempt (server-other.rules) * 3:55832 <-> ENABLED <-> SERVER-OTHER Cisco IOS XE mDNS denial of service attempt (server-other.rules) * 3:55833 <-> ENABLED <-> POLICY-OTHER Cisco IOS XE WebUI restricted character in authentication detected (policy-other.rules) * 3:55808 <-> ENABLED <-> POLICY-OTHER Cisco IOS Software VLPWA file read detected (policy-other.rules) * 3:55818 <-> ENABLED <-> POLICY-OTHER Cisco IOS XE WebUI administrative access detected (policy-other.rules) * 3:55807 <-> ENABLED <-> SERVER-OTHER Cisco Wireless LAN Controller CAPWAP denial of service attempt (server-other.rules) * 3:55815 <-> ENABLED <-> POLICY-OTHER Cisco IOS XE WebUI administrative access detected (policy-other.rules) * 3:55819 <-> ENABLED <-> SERVER-OTHER Cisco IOS Common Open Policy Service denial of service attempt (server-other.rules) * 3:55820 <-> ENABLED <-> PROTOCOL-OTHER Cisco IOS XE Flexible NetFlow denial of service attempt (protocol-other.rules) * 3:55830 <-> ENABLED <-> SERVER-OTHER Cisco Wireless LAN Controller CAPWAP denial of service attempt (server-other.rules) * 3:55816 <-> ENABLED <-> POLICY-OTHER Cisco IOS XE WebUI administrative access detected (policy-other.rules)
* 1:50735 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Anubis variant outbound connection (malware-cnc.rules) * 1:53643 <-> DISABLED <-> MALWARE-TOOLS Win.Trojan.Panda file loader and decryptor attempt (malware-tools.rules) * 1:53645 <-> DISABLED <-> MALWARE-TOOLS Win.Trojan.Panda file loader and decryptor attempt (malware-tools.rules) * 1:50734 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Anubis variant outbound connection (malware-cnc.rules) * 1:37524 <-> DISABLED <-> FILE-OTHER ReGet Deluxe wjr file buffer overflow attempt (file-other.rules) * 1:37298 <-> DISABLED <-> APP-DETECT Hola VPN installation attempt (app-detect.rules) * 1:36541 <-> DISABLED <-> POLICY-OTHER Polycom Botnet inbound connection attempt (policy-other.rules) * 1:50737 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Anubis variant outbound connection (malware-cnc.rules) * 1:31633 <-> DISABLED <-> MALWARE-CNC Noniem.A outbound connection (malware-cnc.rules) * 1:48146 <-> DISABLED <-> MALWARE-BACKDOOR Rebhip variant runtime detection (malware-backdoor.rules) * 1:20673 <-> DISABLED <-> FILE-MULTIMEDIA invalid VLC media player SMB URI download attempt (file-multimedia.rules) * 1:38528 <-> DISABLED <-> MALWARE-CNC XBot Command Request get_action (malware-cnc.rules) * 1:27934 <-> DISABLED <-> APP-DETECT Splashtop personal download attempt (app-detect.rules) * 1:31433 <-> DISABLED <-> MALWARE-CNC MSIL Worm command and control connection (malware-cnc.rules) * 1:30000 <-> DISABLED <-> MALWARE-BACKDOOR FireCrotch exploit kit backdoor attempt (malware-backdoor.rules) * 1:36610 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Panskeg outbound connection (malware-cnc.rules) * 1:36628 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Recodler variant outbound connection (malware-cnc.rules) * 1:32029 <-> DISABLED <-> BROWSER-OTHER Android WebView same origin policy bypass attempt (browser-other.rules) * 1:47526 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Grobios C2 inbound server command (malware-cnc.rules) * 1:50736 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Anubis variant outbound connection (malware-cnc.rules) * 1:37814 <-> DISABLED <-> POLICY-OTHER Polycom Botnet inbound connection attempt (policy-other.rules) * 1:37815 <-> DISABLED <-> POLICY-OTHER Polycom Botnet inbound connection attempt (policy-other.rules) * 1:37299 <-> DISABLED <-> APP-DETECT Hola VPN installation attempt (app-detect.rules) * 1:37300 <-> DISABLED <-> APP-DETECT Hola VPN startup attempt (app-detect.rules) * 1:37301 <-> DISABLED <-> APP-DETECT Hola VPN startup attempt (app-detect.rules) * 1:37370 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Trochulis variant outbound connection (malware-cnc.rules) * 1:37303 <-> DISABLED <-> APP-DETECT Hola VPN X-Hola-Version header attempt (app-detect.rules) * 1:39893 <-> ENABLED <-> OS-LINUX Linux Kernel USBIP out of bounds write attempt (os-linux.rules) * 1:19950 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Defsel inbound connection (malware-cnc.rules) * 1:53633 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Panda malicious loader and decryptor attempt (malware-other.rules) * 1:48569 <-> DISABLED <-> MALWARE-TOOLS JexBoss webshell download (malware-tools.rules) * 1:32505 <-> ENABLED <-> MALWARE-CNC Linux.Backdoor.Kiler attempted outbound connection (malware-cnc.rules) * 1:32950 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bladabindi variant outbound connection (malware-cnc.rules) * 1:35101 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex variant outbound connection (malware-cnc.rules) * 1:27933 <-> DISABLED <-> APP-DETECT Splashtop streamer download attempt (app-detect.rules) * 1:48571 <-> DISABLED <-> MALWARE-TOOLS JexBoss User-Agent detected (malware-tools.rules) * 1:37306 <-> DISABLED <-> APP-DETECT Hola VPN startup attempt (app-detect.rules) * 1:39894 <-> ENABLED <-> OS-LINUX Linux Kernel USBIP out of bounds write attempt (os-linux.rules) * 1:51911 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (malware-cnc.rules) * 1:41162 <-> ENABLED <-> MALWARE-CNC Js.Trojan.Nemucod variant (malware-cnc.rules) * 1:53635 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Panda malicious loader and decryptor attempt (malware-other.rules) * 1:41784 <-> DISABLED <-> INDICATOR-COMPROMISE clorius controls information gathering attempt (indicator-compromise.rules) * 1:42067 <-> DISABLED <-> POLICY-OTHER Aviosys IP Power 9258 W2 management.asp information disclosure (policy-other.rules) * 1:42068 <-> DISABLED <-> POLICY-OTHER Aviosys IP Power 9258 W2 default login attempt (policy-other.rules) * 1:44876 <-> ENABLED <-> MALWARE-CNC Malicious VBA Dropper outbound connection detected (malware-cnc.rules) * 1:46960 <-> DISABLED <-> FILE-OTHER Adobe Flash Player AMF0 Shared Object integer overflow attempt (file-other.rules) * 1:47525 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Grobios outbound connection (malware-cnc.rules) * 1:34224 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_unix_reverse_perl (indicator-shellcode.rules) * 1:53632 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Panda malicious DLL loader attempt (malware-other.rules) * 1:48570 <-> DISABLED <-> MALWARE-TOOLS JexBoss webshell commands sent in X-JEX headers (malware-tools.rules) * 1:52290 <-> ENABLED <-> MALWARE-OTHER Win.Backdoor.Agent malicious DLL loader download attempt (malware-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091401.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:55813 <-> DISABLED <-> SERVER-OTHER Symantec Endpoint Protection tamper protection bypass attempt (server-other.rules) * 1:55823 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet CnCContactAlertResult SQL injection attempt (server-webapp.rules) * 1:55814 <-> DISABLED <-> SERVER-OTHER Symantec Endpoint Protection tamper protection bypass attempt (server-other.rules) * 1:55809 <-> DISABLED <-> BROWSER-CHROME Google Chrome AudioArray memory corruption attempt (browser-chrome.rules) * 1:55828 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet multiple functions SQL injection attempt (server-webapp.rules) * 1:55829 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet multiple functions SQL injection attempt (server-webapp.rules) * 1:55811 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Mekotio variant second stage dropper download attempt (malware-other.rules) * 1:55827 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet multiple functions SQL injection attempt (server-webapp.rules) * 1:55812 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Mekotio variant second stage dropper download attempt (malware-other.rules) * 1:55810 <-> DISABLED <-> BROWSER-CHROME Google Chrome AudioArray memory corruption attempt (browser-chrome.rules) * 1:55824 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet CnCContactAlertResult SQL injection attempt (server-webapp.rules) * 1:55821 <-> DISABLED <-> SERVER-WEBAPP Ruby on Rails command injection attempt (server-webapp.rules) * 1:55825 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet CnCContactAlertResult SQL injection attempt (server-webapp.rules) * 1:55826 <-> DISABLED <-> SERVER-WEBAPP Microsoft Exchange Server DlpUtils remote code execution attempt (server-webapp.rules) * 3:55833 <-> ENABLED <-> POLICY-OTHER Cisco IOS XE WebUI restricted character in authentication detected (policy-other.rules) * 3:55832 <-> ENABLED <-> SERVER-OTHER Cisco IOS XE mDNS denial of service attempt (server-other.rules) * 3:55831 <-> ENABLED <-> SERVER-OTHER Cisco Wireless LAN Controller CAPWAP denial of service attempt (server-other.rules) * 3:55818 <-> ENABLED <-> POLICY-OTHER Cisco IOS XE WebUI administrative access detected (policy-other.rules) * 3:55808 <-> ENABLED <-> POLICY-OTHER Cisco IOS Software VLPWA file read detected (policy-other.rules) * 3:55806 <-> ENABLED <-> SERVER-OTHER Cisco Wireless LAN Controller CAPWAP denial of service attempt (server-other.rules) * 3:55807 <-> ENABLED <-> SERVER-OTHER Cisco Wireless LAN Controller CAPWAP denial of service attempt (server-other.rules) * 3:55830 <-> ENABLED <-> SERVER-OTHER Cisco Wireless LAN Controller CAPWAP denial of service attempt (server-other.rules) * 3:55822 <-> ENABLED <-> PROTOCOL-DNS Cisco IOS XE Umbrella Connector denial of service attempt (protocol-dns.rules) * 3:55820 <-> ENABLED <-> PROTOCOL-OTHER Cisco IOS XE Flexible NetFlow denial of service attempt (protocol-other.rules) * 3:55816 <-> ENABLED <-> POLICY-OTHER Cisco IOS XE WebUI administrative access detected (policy-other.rules) * 3:55815 <-> ENABLED <-> POLICY-OTHER Cisco IOS XE WebUI administrative access detected (policy-other.rules) * 3:55819 <-> ENABLED <-> SERVER-OTHER Cisco IOS Common Open Policy Service denial of service attempt (server-other.rules) * 3:55817 <-> ENABLED <-> POLICY-OTHER Cisco IOS XE WebUI administrative access detected (policy-other.rules)
* 1:50735 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Anubis variant outbound connection (malware-cnc.rules) * 1:48146 <-> DISABLED <-> MALWARE-BACKDOOR Rebhip variant runtime detection (malware-backdoor.rules) * 1:48570 <-> DISABLED <-> MALWARE-TOOLS JexBoss webshell commands sent in X-JEX headers (malware-tools.rules) * 1:36541 <-> DISABLED <-> POLICY-OTHER Polycom Botnet inbound connection attempt (policy-other.rules) * 1:48571 <-> DISABLED <-> MALWARE-TOOLS JexBoss User-Agent detected (malware-tools.rules) * 1:37524 <-> DISABLED <-> FILE-OTHER ReGet Deluxe wjr file buffer overflow attempt (file-other.rules) * 1:48569 <-> DISABLED <-> MALWARE-TOOLS JexBoss webshell download (malware-tools.rules) * 1:50737 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Anubis variant outbound connection (malware-cnc.rules) * 1:20673 <-> DISABLED <-> FILE-MULTIMEDIA invalid VLC media player SMB URI download attempt (file-multimedia.rules) * 1:51911 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (malware-cnc.rules) * 1:52290 <-> ENABLED <-> MALWARE-OTHER Win.Backdoor.Agent malicious DLL loader download attempt (malware-other.rules) * 1:53633 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Panda malicious loader and decryptor attempt (malware-other.rules) * 1:53645 <-> DISABLED <-> MALWARE-TOOLS Win.Trojan.Panda file loader and decryptor attempt (malware-tools.rules) * 1:53635 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Panda malicious loader and decryptor attempt (malware-other.rules) * 1:37298 <-> DISABLED <-> APP-DETECT Hola VPN installation attempt (app-detect.rules) * 1:37299 <-> DISABLED <-> APP-DETECT Hola VPN installation attempt (app-detect.rules) * 1:37300 <-> DISABLED <-> APP-DETECT Hola VPN startup attempt (app-detect.rules) * 1:27934 <-> DISABLED <-> APP-DETECT Splashtop personal download attempt (app-detect.rules) * 1:30000 <-> DISABLED <-> MALWARE-BACKDOOR FireCrotch exploit kit backdoor attempt (malware-backdoor.rules) * 1:31433 <-> DISABLED <-> MALWARE-CNC MSIL Worm command and control connection (malware-cnc.rules) * 1:36610 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Panskeg outbound connection (malware-cnc.rules) * 1:36628 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Recodler variant outbound connection (malware-cnc.rules) * 1:32029 <-> DISABLED <-> BROWSER-OTHER Android WebView same origin policy bypass attempt (browser-other.rules) * 1:47526 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Grobios C2 inbound server command (malware-cnc.rules) * 1:50736 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Anubis variant outbound connection (malware-cnc.rules) * 1:32950 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bladabindi variant outbound connection (malware-cnc.rules) * 1:35101 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex variant outbound connection (malware-cnc.rules) * 1:37301 <-> DISABLED <-> APP-DETECT Hola VPN startup attempt (app-detect.rules) * 1:37306 <-> DISABLED <-> APP-DETECT Hola VPN startup attempt (app-detect.rules) * 1:31633 <-> DISABLED <-> MALWARE-CNC Noniem.A outbound connection (malware-cnc.rules) * 1:37303 <-> DISABLED <-> APP-DETECT Hola VPN X-Hola-Version header attempt (app-detect.rules) * 1:34224 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_unix_reverse_perl (indicator-shellcode.rules) * 1:37814 <-> DISABLED <-> POLICY-OTHER Polycom Botnet inbound connection attempt (policy-other.rules) * 1:37370 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Trochulis variant outbound connection (malware-cnc.rules) * 1:53632 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Panda malicious DLL loader attempt (malware-other.rules) * 1:53643 <-> DISABLED <-> MALWARE-TOOLS Win.Trojan.Panda file loader and decryptor attempt (malware-tools.rules) * 1:50734 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Anubis variant outbound connection (malware-cnc.rules) * 1:37815 <-> DISABLED <-> POLICY-OTHER Polycom Botnet inbound connection attempt (policy-other.rules) * 1:19950 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Defsel inbound connection (malware-cnc.rules) * 1:39893 <-> ENABLED <-> OS-LINUX Linux Kernel USBIP out of bounds write attempt (os-linux.rules) * 1:32505 <-> ENABLED <-> MALWARE-CNC Linux.Backdoor.Kiler attempted outbound connection (malware-cnc.rules) * 1:27933 <-> DISABLED <-> APP-DETECT Splashtop streamer download attempt (app-detect.rules) * 1:39894 <-> ENABLED <-> OS-LINUX Linux Kernel USBIP out of bounds write attempt (os-linux.rules) * 1:41162 <-> ENABLED <-> MALWARE-CNC Js.Trojan.Nemucod variant (malware-cnc.rules) * 1:41784 <-> DISABLED <-> INDICATOR-COMPROMISE clorius controls information gathering attempt (indicator-compromise.rules) * 1:42067 <-> DISABLED <-> POLICY-OTHER Aviosys IP Power 9258 W2 management.asp information disclosure (policy-other.rules) * 1:42068 <-> DISABLED <-> POLICY-OTHER Aviosys IP Power 9258 W2 default login attempt (policy-other.rules) * 1:44876 <-> ENABLED <-> MALWARE-CNC Malicious VBA Dropper outbound connection detected (malware-cnc.rules) * 1:38528 <-> DISABLED <-> MALWARE-CNC XBot Command Request get_action (malware-cnc.rules) * 1:46960 <-> DISABLED <-> FILE-OTHER Adobe Flash Player AMF0 Shared Object integer overflow attempt (file-other.rules) * 1:47525 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Grobios outbound connection (malware-cnc.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091300.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:55823 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet CnCContactAlertResult SQL injection attempt (server-webapp.rules) * 1:55811 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Mekotio variant second stage dropper download attempt (malware-other.rules) * 1:55810 <-> DISABLED <-> BROWSER-CHROME Google Chrome AudioArray memory corruption attempt (browser-chrome.rules) * 1:55813 <-> DISABLED <-> SERVER-OTHER Symantec Endpoint Protection tamper protection bypass attempt (server-other.rules) * 1:55821 <-> DISABLED <-> SERVER-WEBAPP Ruby on Rails command injection attempt (server-webapp.rules) * 1:55824 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet CnCContactAlertResult SQL injection attempt (server-webapp.rules) * 1:55827 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet multiple functions SQL injection attempt (server-webapp.rules) * 1:55809 <-> DISABLED <-> BROWSER-CHROME Google Chrome AudioArray memory corruption attempt (browser-chrome.rules) * 1:55828 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet multiple functions SQL injection attempt (server-webapp.rules) * 1:55814 <-> DISABLED <-> SERVER-OTHER Symantec Endpoint Protection tamper protection bypass attempt (server-other.rules) * 1:55812 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Mekotio variant second stage dropper download attempt (malware-other.rules) * 1:55825 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet CnCContactAlertResult SQL injection attempt (server-webapp.rules) * 1:55826 <-> DISABLED <-> SERVER-WEBAPP Microsoft Exchange Server DlpUtils remote code execution attempt (server-webapp.rules) * 1:55829 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet multiple functions SQL injection attempt (server-webapp.rules) * 3:55817 <-> ENABLED <-> POLICY-OTHER Cisco IOS XE WebUI administrative access detected (policy-other.rules) * 3:55808 <-> ENABLED <-> POLICY-OTHER Cisco IOS Software VLPWA file read detected (policy-other.rules) * 3:55816 <-> ENABLED <-> POLICY-OTHER Cisco IOS XE WebUI administrative access detected (policy-other.rules) * 3:55806 <-> ENABLED <-> SERVER-OTHER Cisco Wireless LAN Controller CAPWAP denial of service attempt (server-other.rules) * 3:55807 <-> ENABLED <-> SERVER-OTHER Cisco Wireless LAN Controller CAPWAP denial of service attempt (server-other.rules) * 3:55819 <-> ENABLED <-> SERVER-OTHER Cisco IOS Common Open Policy Service denial of service attempt (server-other.rules) * 3:55818 <-> ENABLED <-> POLICY-OTHER Cisco IOS XE WebUI administrative access detected (policy-other.rules) * 3:55815 <-> ENABLED <-> POLICY-OTHER Cisco IOS XE WebUI administrative access detected (policy-other.rules) * 3:55831 <-> ENABLED <-> SERVER-OTHER Cisco Wireless LAN Controller CAPWAP denial of service attempt (server-other.rules) * 3:55833 <-> ENABLED <-> POLICY-OTHER Cisco IOS XE WebUI restricted character in authentication detected (policy-other.rules) * 3:55832 <-> ENABLED <-> SERVER-OTHER Cisco IOS XE mDNS denial of service attempt (server-other.rules) * 3:55822 <-> ENABLED <-> PROTOCOL-DNS Cisco IOS XE Umbrella Connector denial of service attempt (protocol-dns.rules) * 3:55820 <-> ENABLED <-> PROTOCOL-OTHER Cisco IOS XE Flexible NetFlow denial of service attempt (protocol-other.rules) * 3:55830 <-> ENABLED <-> SERVER-OTHER Cisco Wireless LAN Controller CAPWAP denial of service attempt (server-other.rules)
* 1:48570 <-> DISABLED <-> MALWARE-TOOLS JexBoss webshell commands sent in X-JEX headers (malware-tools.rules) * 1:50734 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Anubis variant outbound connection (malware-cnc.rules) * 1:37300 <-> DISABLED <-> APP-DETECT Hola VPN startup attempt (app-detect.rules) * 1:48569 <-> DISABLED <-> MALWARE-TOOLS JexBoss webshell download (malware-tools.rules) * 1:37814 <-> DISABLED <-> POLICY-OTHER Polycom Botnet inbound connection attempt (policy-other.rules) * 1:39893 <-> ENABLED <-> OS-LINUX Linux Kernel USBIP out of bounds write attempt (os-linux.rules) * 1:37306 <-> DISABLED <-> APP-DETECT Hola VPN startup attempt (app-detect.rules) * 1:37524 <-> DISABLED <-> FILE-OTHER ReGet Deluxe wjr file buffer overflow attempt (file-other.rules) * 1:30000 <-> DISABLED <-> MALWARE-BACKDOOR FireCrotch exploit kit backdoor attempt (malware-backdoor.rules) * 1:36610 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Panskeg outbound connection (malware-cnc.rules) * 1:53645 <-> DISABLED <-> MALWARE-TOOLS Win.Trojan.Panda file loader and decryptor attempt (malware-tools.rules) * 1:48571 <-> DISABLED <-> MALWARE-TOOLS JexBoss User-Agent detected (malware-tools.rules) * 1:31633 <-> DISABLED <-> MALWARE-CNC Noniem.A outbound connection (malware-cnc.rules) * 1:32029 <-> DISABLED <-> BROWSER-OTHER Android WebView same origin policy bypass attempt (browser-other.rules) * 1:19950 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Defsel inbound connection (malware-cnc.rules) * 1:32505 <-> ENABLED <-> MALWARE-CNC Linux.Backdoor.Kiler attempted outbound connection (malware-cnc.rules) * 1:37815 <-> DISABLED <-> POLICY-OTHER Polycom Botnet inbound connection attempt (policy-other.rules) * 1:35101 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex variant outbound connection (malware-cnc.rules) * 1:34224 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_unix_reverse_perl (indicator-shellcode.rules) * 1:41162 <-> ENABLED <-> MALWARE-CNC Js.Trojan.Nemucod variant (malware-cnc.rules) * 1:39894 <-> ENABLED <-> OS-LINUX Linux Kernel USBIP out of bounds write attempt (os-linux.rules) * 1:41784 <-> DISABLED <-> INDICATOR-COMPROMISE clorius controls information gathering attempt (indicator-compromise.rules) * 1:44876 <-> ENABLED <-> MALWARE-CNC Malicious VBA Dropper outbound connection detected (malware-cnc.rules) * 1:42068 <-> DISABLED <-> POLICY-OTHER Aviosys IP Power 9258 W2 default login attempt (policy-other.rules) * 1:42067 <-> DISABLED <-> POLICY-OTHER Aviosys IP Power 9258 W2 management.asp information disclosure (policy-other.rules) * 1:46960 <-> DISABLED <-> FILE-OTHER Adobe Flash Player AMF0 Shared Object integer overflow attempt (file-other.rules) * 1:47526 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Grobios C2 inbound server command (malware-cnc.rules) * 1:47525 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Grobios outbound connection (malware-cnc.rules) * 1:37298 <-> DISABLED <-> APP-DETECT Hola VPN installation attempt (app-detect.rules) * 1:50736 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Anubis variant outbound connection (malware-cnc.rules) * 1:36541 <-> DISABLED <-> POLICY-OTHER Polycom Botnet inbound connection attempt (policy-other.rules) * 1:32950 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bladabindi variant outbound connection (malware-cnc.rules) * 1:38528 <-> DISABLED <-> MALWARE-CNC XBot Command Request get_action (malware-cnc.rules) * 1:37299 <-> DISABLED <-> APP-DETECT Hola VPN installation attempt (app-detect.rules) * 1:37303 <-> DISABLED <-> APP-DETECT Hola VPN X-Hola-Version header attempt (app-detect.rules) * 1:48146 <-> DISABLED <-> MALWARE-BACKDOOR Rebhip variant runtime detection (malware-backdoor.rules) * 1:51911 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (malware-cnc.rules) * 1:53635 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Panda malicious loader and decryptor attempt (malware-other.rules) * 1:50737 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Anubis variant outbound connection (malware-cnc.rules) * 1:37370 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Trochulis variant outbound connection (malware-cnc.rules) * 1:20673 <-> DISABLED <-> FILE-MULTIMEDIA invalid VLC media player SMB URI download attempt (file-multimedia.rules) * 1:53632 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Panda malicious DLL loader attempt (malware-other.rules) * 1:36628 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Recodler variant outbound connection (malware-cnc.rules) * 1:50735 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Anubis variant outbound connection (malware-cnc.rules) * 1:53633 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Panda malicious loader and decryptor attempt (malware-other.rules) * 1:52290 <-> ENABLED <-> MALWARE-OTHER Win.Backdoor.Agent malicious DLL loader download attempt (malware-other.rules) * 1:53643 <-> DISABLED <-> MALWARE-TOOLS Win.Trojan.Panda file loader and decryptor attempt (malware-tools.rules) * 1:27934 <-> DISABLED <-> APP-DETECT Splashtop personal download attempt (app-detect.rules) * 1:27933 <-> DISABLED <-> APP-DETECT Splashtop streamer download attempt (app-detect.rules) * 1:37301 <-> DISABLED <-> APP-DETECT Hola VPN startup attempt (app-detect.rules) * 1:31433 <-> DISABLED <-> MALWARE-CNC MSIL Worm command and control connection (malware-cnc.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091101.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:55823 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet CnCContactAlertResult SQL injection attempt (server-webapp.rules) * 1:55824 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet CnCContactAlertResult SQL injection attempt (server-webapp.rules) * 1:55825 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet CnCContactAlertResult SQL injection attempt (server-webapp.rules) * 1:55826 <-> DISABLED <-> SERVER-WEBAPP Microsoft Exchange Server DlpUtils remote code execution attempt (server-webapp.rules) * 1:55828 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet multiple functions SQL injection attempt (server-webapp.rules) * 1:55827 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet multiple functions SQL injection attempt (server-webapp.rules) * 1:55821 <-> DISABLED <-> SERVER-WEBAPP Ruby on Rails command injection attempt (server-webapp.rules) * 1:55813 <-> DISABLED <-> SERVER-OTHER Symantec Endpoint Protection tamper protection bypass attempt (server-other.rules) * 1:55812 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Mekotio variant second stage dropper download attempt (malware-other.rules) * 1:55811 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Mekotio variant second stage dropper download attempt (malware-other.rules) * 1:55809 <-> DISABLED <-> BROWSER-CHROME Google Chrome AudioArray memory corruption attempt (browser-chrome.rules) * 1:55814 <-> DISABLED <-> SERVER-OTHER Symantec Endpoint Protection tamper protection bypass attempt (server-other.rules) * 1:55810 <-> DISABLED <-> BROWSER-CHROME Google Chrome AudioArray memory corruption attempt (browser-chrome.rules) * 1:55829 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet multiple functions SQL injection attempt (server-webapp.rules) * 3:55817 <-> ENABLED <-> POLICY-OTHER Cisco IOS XE WebUI administrative access detected (policy-other.rules) * 3:55818 <-> ENABLED <-> POLICY-OTHER Cisco IOS XE WebUI administrative access detected (policy-other.rules) * 3:55808 <-> ENABLED <-> POLICY-OTHER Cisco IOS Software VLPWA file read detected (policy-other.rules) * 3:55815 <-> ENABLED <-> POLICY-OTHER Cisco IOS XE WebUI administrative access detected (policy-other.rules) * 3:55819 <-> ENABLED <-> SERVER-OTHER Cisco IOS Common Open Policy Service denial of service attempt (server-other.rules) * 3:55806 <-> ENABLED <-> SERVER-OTHER Cisco Wireless LAN Controller CAPWAP denial of service attempt (server-other.rules) * 3:55822 <-> ENABLED <-> PROTOCOL-DNS Cisco IOS XE Umbrella Connector denial of service attempt (protocol-dns.rules) * 3:55807 <-> ENABLED <-> SERVER-OTHER Cisco Wireless LAN Controller CAPWAP denial of service attempt (server-other.rules) * 3:55830 <-> ENABLED <-> SERVER-OTHER Cisco Wireless LAN Controller CAPWAP denial of service attempt (server-other.rules) * 3:55816 <-> ENABLED <-> POLICY-OTHER Cisco IOS XE WebUI administrative access detected (policy-other.rules) * 3:55831 <-> ENABLED <-> SERVER-OTHER Cisco Wireless LAN Controller CAPWAP denial of service attempt (server-other.rules) * 3:55820 <-> ENABLED <-> PROTOCOL-OTHER Cisco IOS XE Flexible NetFlow denial of service attempt (protocol-other.rules) * 3:55832 <-> ENABLED <-> SERVER-OTHER Cisco IOS XE mDNS denial of service attempt (server-other.rules) * 3:55833 <-> ENABLED <-> POLICY-OTHER Cisco IOS XE WebUI restricted character in authentication detected (policy-other.rules)
* 1:37814 <-> DISABLED <-> POLICY-OTHER Polycom Botnet inbound connection attempt (policy-other.rules) * 1:50734 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Anubis variant outbound connection (malware-cnc.rules) * 1:31633 <-> DISABLED <-> MALWARE-CNC Noniem.A outbound connection (malware-cnc.rules) * 1:36628 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Recodler variant outbound connection (malware-cnc.rules) * 1:32029 <-> DISABLED <-> BROWSER-OTHER Android WebView same origin policy bypass attempt (browser-other.rules) * 1:53633 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Panda malicious loader and decryptor attempt (malware-other.rules) * 1:53632 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Panda malicious DLL loader attempt (malware-other.rules) * 1:48570 <-> DISABLED <-> MALWARE-TOOLS JexBoss webshell commands sent in X-JEX headers (malware-tools.rules) * 1:48146 <-> DISABLED <-> MALWARE-BACKDOOR Rebhip variant runtime detection (malware-backdoor.rules) * 1:47526 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Grobios C2 inbound server command (malware-cnc.rules) * 1:48571 <-> DISABLED <-> MALWARE-TOOLS JexBoss User-Agent detected (malware-tools.rules) * 1:31433 <-> DISABLED <-> MALWARE-CNC MSIL Worm command and control connection (malware-cnc.rules) * 1:20673 <-> DISABLED <-> FILE-MULTIMEDIA invalid VLC media player SMB URI download attempt (file-multimedia.rules) * 1:37524 <-> DISABLED <-> FILE-OTHER ReGet Deluxe wjr file buffer overflow attempt (file-other.rules) * 1:39893 <-> ENABLED <-> OS-LINUX Linux Kernel USBIP out of bounds write attempt (os-linux.rules) * 1:32950 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bladabindi variant outbound connection (malware-cnc.rules) * 1:34224 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_unix_reverse_perl (indicator-shellcode.rules) * 1:38528 <-> DISABLED <-> MALWARE-CNC XBot Command Request get_action (malware-cnc.rules) * 1:37815 <-> DISABLED <-> POLICY-OTHER Polycom Botnet inbound connection attempt (policy-other.rules) * 1:53635 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Panda malicious loader and decryptor attempt (malware-other.rules) * 1:51911 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (malware-cnc.rules) * 1:37298 <-> DISABLED <-> APP-DETECT Hola VPN installation attempt (app-detect.rules) * 1:37370 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Trochulis variant outbound connection (malware-cnc.rules) * 1:37299 <-> DISABLED <-> APP-DETECT Hola VPN installation attempt (app-detect.rules) * 1:37300 <-> DISABLED <-> APP-DETECT Hola VPN startup attempt (app-detect.rules) * 1:37301 <-> DISABLED <-> APP-DETECT Hola VPN startup attempt (app-detect.rules) * 1:19950 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Defsel inbound connection (malware-cnc.rules) * 1:32505 <-> ENABLED <-> MALWARE-CNC Linux.Backdoor.Kiler attempted outbound connection (malware-cnc.rules) * 1:53645 <-> DISABLED <-> MALWARE-TOOLS Win.Trojan.Panda file loader and decryptor attempt (malware-tools.rules) * 1:35101 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex variant outbound connection (malware-cnc.rules) * 1:48569 <-> DISABLED <-> MALWARE-TOOLS JexBoss webshell download (malware-tools.rules) * 1:39894 <-> ENABLED <-> OS-LINUX Linux Kernel USBIP out of bounds write attempt (os-linux.rules) * 1:37303 <-> DISABLED <-> APP-DETECT Hola VPN X-Hola-Version header attempt (app-detect.rules) * 1:36541 <-> DISABLED <-> POLICY-OTHER Polycom Botnet inbound connection attempt (policy-other.rules) * 1:27934 <-> DISABLED <-> APP-DETECT Splashtop personal download attempt (app-detect.rules) * 1:50736 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Anubis variant outbound connection (malware-cnc.rules) * 1:41162 <-> ENABLED <-> MALWARE-CNC Js.Trojan.Nemucod variant (malware-cnc.rules) * 1:41784 <-> DISABLED <-> INDICATOR-COMPROMISE clorius controls information gathering attempt (indicator-compromise.rules) * 1:42067 <-> DISABLED <-> POLICY-OTHER Aviosys IP Power 9258 W2 management.asp information disclosure (policy-other.rules) * 1:42068 <-> DISABLED <-> POLICY-OTHER Aviosys IP Power 9258 W2 default login attempt (policy-other.rules) * 1:50735 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Anubis variant outbound connection (malware-cnc.rules) * 1:27933 <-> DISABLED <-> APP-DETECT Splashtop streamer download attempt (app-detect.rules) * 1:44876 <-> ENABLED <-> MALWARE-CNC Malicious VBA Dropper outbound connection detected (malware-cnc.rules) * 1:37306 <-> DISABLED <-> APP-DETECT Hola VPN startup attempt (app-detect.rules) * 1:46960 <-> DISABLED <-> FILE-OTHER Adobe Flash Player AMF0 Shared Object integer overflow attempt (file-other.rules) * 1:47525 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Grobios outbound connection (malware-cnc.rules) * 1:30000 <-> DISABLED <-> MALWARE-BACKDOOR FireCrotch exploit kit backdoor attempt (malware-backdoor.rules) * 1:52290 <-> ENABLED <-> MALWARE-OTHER Win.Backdoor.Agent malicious DLL loader download attempt (malware-other.rules) * 1:53643 <-> DISABLED <-> MALWARE-TOOLS Win.Trojan.Panda file loader and decryptor attempt (malware-tools.rules) * 1:36610 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Panskeg outbound connection (malware-cnc.rules) * 1:50737 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Anubis variant outbound connection (malware-cnc.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3000.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:55811 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Mekotio variant second stage dropper download attempt (snort3-malware-other.rules) * 1:55813 <-> DISABLED <-> SERVER-OTHER Symantec Endpoint Protection tamper protection bypass attempt (snort3-server-other.rules) * 1:55823 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet CnCContactAlertResult SQL injection attempt (snort3-server-webapp.rules) * 1:55824 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet CnCContactAlertResult SQL injection attempt (snort3-server-webapp.rules) * 1:55825 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet CnCContactAlertResult SQL injection attempt (snort3-server-webapp.rules) * 1:55826 <-> DISABLED <-> SERVER-WEBAPP Microsoft Exchange Server DlpUtils remote code execution attempt (snort3-server-webapp.rules) * 1:55821 <-> DISABLED <-> SERVER-WEBAPP Ruby on Rails command injection attempt (snort3-server-webapp.rules) * 1:55827 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet multiple functions SQL injection attempt (snort3-server-webapp.rules) * 1:55828 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet multiple functions SQL injection attempt (snort3-server-webapp.rules) * 1:55829 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet multiple functions SQL injection attempt (snort3-server-webapp.rules) * 1:55814 <-> DISABLED <-> SERVER-OTHER Symantec Endpoint Protection tamper protection bypass attempt (snort3-server-other.rules) * 1:55812 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Mekotio variant second stage dropper download attempt (snort3-malware-other.rules) * 1:55809 <-> DISABLED <-> BROWSER-CHROME Google Chrome AudioArray memory corruption attempt (snort3-browser-chrome.rules) * 1:55810 <-> DISABLED <-> BROWSER-CHROME Google Chrome AudioArray memory corruption attempt (snort3-browser-chrome.rules)
* 1:19950 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Defsel inbound connection (snort3-malware-cnc.rules) * 1:37299 <-> DISABLED <-> APP-DETECT Hola VPN installation attempt (snort3-app-detect.rules) * 1:37298 <-> DISABLED <-> APP-DETECT Hola VPN installation attempt (snort3-app-detect.rules) * 1:47526 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Grobios C2 inbound server command (snort3-malware-cnc.rules) * 1:39893 <-> ENABLED <-> OS-LINUX Linux Kernel USBIP out of bounds write attempt (snort3-os-linux.rules) * 1:42068 <-> DISABLED <-> POLICY-OTHER Aviosys IP Power 9258 W2 default login attempt (snort3-policy-other.rules) * 1:44876 <-> ENABLED <-> MALWARE-CNC Malicious VBA Dropper outbound connection detected (snort3-malware-cnc.rules) * 1:37814 <-> DISABLED <-> POLICY-OTHER Polycom Botnet inbound connection attempt (snort3-policy-other.rules) * 1:32505 <-> ENABLED <-> MALWARE-CNC Linux.Backdoor.Kiler attempted outbound connection (snort3-malware-cnc.rules) * 1:37524 <-> DISABLED <-> FILE-OTHER ReGet Deluxe wjr file buffer overflow attempt (snort3-file-other.rules) * 1:41162 <-> ENABLED <-> MALWARE-CNC Js.Trojan.Nemucod variant (snort3-malware-cnc.rules) * 1:37815 <-> DISABLED <-> POLICY-OTHER Polycom Botnet inbound connection attempt (snort3-policy-other.rules) * 1:20673 <-> DISABLED <-> FILE-MULTIMEDIA invalid VLC media player SMB URI download attempt (snort3-file-multimedia.rules) * 1:53632 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Panda malicious DLL loader attempt (snort3-malware-other.rules) * 1:53633 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Panda malicious loader and decryptor attempt (snort3-malware-other.rules) * 1:53643 <-> DISABLED <-> MALWARE-TOOLS Win.Trojan.Panda file loader and decryptor attempt (snort3-malware-tools.rules) * 1:48570 <-> DISABLED <-> MALWARE-TOOLS JexBoss webshell commands sent in X-JEX headers (snort3-malware-tools.rules) * 1:36541 <-> DISABLED <-> POLICY-OTHER Polycom Botnet inbound connection attempt (snort3-policy-other.rules) * 1:32950 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bladabindi variant outbound connection (snort3-malware-cnc.rules) * 1:53635 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Panda malicious loader and decryptor attempt (snort3-malware-other.rules) * 1:27934 <-> DISABLED <-> APP-DETECT Splashtop personal download attempt (snort3-app-detect.rules) * 1:50736 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Anubis variant outbound connection (snort3-malware-cnc.rules) * 1:38528 <-> DISABLED <-> MALWARE-CNC XBot Command Request get_action (snort3-malware-cnc.rules) * 1:48146 <-> DISABLED <-> MALWARE-BACKDOOR Rebhip variant runtime detection (snort3-malware-backdoor.rules) * 1:37303 <-> DISABLED <-> APP-DETECT Hola VPN X-Hola-Version header attempt (snort3-app-detect.rules) * 1:36628 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Recodler variant outbound connection (snort3-malware-cnc.rules) * 1:39894 <-> ENABLED <-> OS-LINUX Linux Kernel USBIP out of bounds write attempt (snort3-os-linux.rules) * 1:52290 <-> ENABLED <-> MALWARE-OTHER Win.Backdoor.Agent malicious DLL loader download attempt (snort3-malware-other.rules) * 1:34224 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_unix_reverse_perl (snort3-indicator-shellcode.rules) * 1:50737 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Anubis variant outbound connection (snort3-malware-cnc.rules) * 1:46960 <-> DISABLED <-> FILE-OTHER Adobe Flash Player AMF0 Shared Object integer overflow attempt (snort3-file-other.rules) * 1:32029 <-> DISABLED <-> BROWSER-OTHER Android WebView same origin policy bypass attempt (snort3-browser-other.rules) * 1:37370 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Trochulis variant outbound connection (snort3-malware-cnc.rules) * 1:37306 <-> DISABLED <-> APP-DETECT Hola VPN startup attempt (snort3-app-detect.rules) * 1:41784 <-> DISABLED <-> INDICATOR-COMPROMISE clorius controls information gathering attempt (snort3-indicator-compromise.rules) * 1:53645 <-> DISABLED <-> MALWARE-TOOLS Win.Trojan.Panda file loader and decryptor attempt (snort3-malware-tools.rules) * 1:30000 <-> DISABLED <-> MALWARE-BACKDOOR FireCrotch exploit kit backdoor attempt (snort3-malware-backdoor.rules) * 1:37300 <-> DISABLED <-> APP-DETECT Hola VPN startup attempt (snort3-app-detect.rules) * 1:35101 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex variant outbound connection (snort3-malware-cnc.rules) * 1:51911 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (snort3-malware-cnc.rules) * 1:50735 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Anubis variant outbound connection (snort3-malware-cnc.rules) * 1:36610 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Panskeg outbound connection (snort3-malware-cnc.rules) * 1:47525 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Grobios outbound connection (snort3-malware-cnc.rules) * 1:31433 <-> DISABLED <-> MALWARE-CNC MSIL Worm command and control connection (snort3-malware-cnc.rules) * 1:37301 <-> DISABLED <-> APP-DETECT Hola VPN startup attempt (snort3-app-detect.rules) * 1:31633 <-> DISABLED <-> MALWARE-CNC Noniem.A outbound connection (snort3-malware-cnc.rules) * 1:50734 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Anubis variant outbound connection (snort3-malware-cnc.rules) * 1:42067 <-> DISABLED <-> POLICY-OTHER Aviosys IP Power 9258 W2 management.asp information disclosure (snort3-policy-other.rules) * 1:27933 <-> DISABLED <-> APP-DETECT Splashtop streamer download attempt (snort3-app-detect.rules) * 1:48571 <-> DISABLED <-> MALWARE-TOOLS JexBoss User-Agent detected (snort3-malware-tools.rules) * 1:48569 <-> DISABLED <-> MALWARE-TOOLS JexBoss webshell download (snort3-malware-tools.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:55823 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet CnCContactAlertResult SQL injection attempt (server-webapp.rules) * 1:55810 <-> DISABLED <-> BROWSER-CHROME Google Chrome AudioArray memory corruption attempt (browser-chrome.rules) * 1:55827 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet multiple functions SQL injection attempt (server-webapp.rules) * 1:55814 <-> DISABLED <-> SERVER-OTHER Symantec Endpoint Protection tamper protection bypass attempt (server-other.rules) * 1:55825 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet CnCContactAlertResult SQL injection attempt (server-webapp.rules) * 1:55811 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Mekotio variant second stage dropper download attempt (malware-other.rules) * 1:55813 <-> DISABLED <-> SERVER-OTHER Symantec Endpoint Protection tamper protection bypass attempt (server-other.rules) * 1:55826 <-> DISABLED <-> SERVER-WEBAPP Microsoft Exchange Server DlpUtils remote code execution attempt (server-webapp.rules) * 1:55824 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet CnCContactAlertResult SQL injection attempt (server-webapp.rules) * 1:55828 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet multiple functions SQL injection attempt (server-webapp.rules) * 1:55809 <-> DISABLED <-> BROWSER-CHROME Google Chrome AudioArray memory corruption attempt (browser-chrome.rules) * 1:55812 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Mekotio variant second stage dropper download attempt (malware-other.rules) * 1:55829 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet multiple functions SQL injection attempt (server-webapp.rules) * 1:55821 <-> DISABLED <-> SERVER-WEBAPP Ruby on Rails command injection attempt (server-webapp.rules) * 3:55820 <-> ENABLED <-> PROTOCOL-OTHER Cisco IOS XE Flexible NetFlow denial of service attempt (protocol-other.rules) * 3:55817 <-> ENABLED <-> POLICY-OTHER Cisco IOS XE WebUI administrative access detected (policy-other.rules) * 3:55807 <-> ENABLED <-> SERVER-OTHER Cisco Wireless LAN Controller CAPWAP denial of service attempt (server-other.rules) * 3:55818 <-> ENABLED <-> POLICY-OTHER Cisco IOS XE WebUI administrative access detected (policy-other.rules) * 3:55806 <-> ENABLED <-> SERVER-OTHER Cisco Wireless LAN Controller CAPWAP denial of service attempt (server-other.rules) * 3:55808 <-> ENABLED <-> POLICY-OTHER Cisco IOS Software VLPWA file read detected (policy-other.rules) * 3:55830 <-> ENABLED <-> SERVER-OTHER Cisco Wireless LAN Controller CAPWAP denial of service attempt (server-other.rules) * 3:55833 <-> ENABLED <-> POLICY-OTHER Cisco IOS XE WebUI restricted character in authentication detected (policy-other.rules) * 3:55832 <-> ENABLED <-> SERVER-OTHER Cisco IOS XE mDNS denial of service attempt (server-other.rules) * 3:55815 <-> ENABLED <-> POLICY-OTHER Cisco IOS XE WebUI administrative access detected (policy-other.rules) * 3:55819 <-> ENABLED <-> SERVER-OTHER Cisco IOS Common Open Policy Service denial of service attempt (server-other.rules) * 3:55816 <-> ENABLED <-> POLICY-OTHER Cisco IOS XE WebUI administrative access detected (policy-other.rules) * 3:55831 <-> ENABLED <-> SERVER-OTHER Cisco Wireless LAN Controller CAPWAP denial of service attempt (server-other.rules) * 3:55822 <-> ENABLED <-> PROTOCOL-DNS Cisco IOS XE Umbrella Connector denial of service attempt (protocol-dns.rules)
* 1:44876 <-> ENABLED <-> MALWARE-CNC Malicious VBA Dropper outbound connection detected (malware-cnc.rules) * 1:38528 <-> DISABLED <-> MALWARE-CNC XBot Command Request get_action (malware-cnc.rules) * 1:51911 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (malware-cnc.rules) * 1:48146 <-> DISABLED <-> MALWARE-BACKDOOR Rebhip variant runtime detection (malware-backdoor.rules) * 1:37306 <-> DISABLED <-> APP-DETECT Hola VPN startup attempt (app-detect.rules) * 1:53643 <-> DISABLED <-> MALWARE-TOOLS Win.Trojan.Panda file loader and decryptor attempt (malware-tools.rules) * 1:27933 <-> DISABLED <-> APP-DETECT Splashtop streamer download attempt (app-detect.rules) * 1:48571 <-> DISABLED <-> MALWARE-TOOLS JexBoss User-Agent detected (malware-tools.rules) * 1:46960 <-> DISABLED <-> FILE-OTHER Adobe Flash Player AMF0 Shared Object integer overflow attempt (file-other.rules) * 1:47525 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Grobios outbound connection (malware-cnc.rules) * 1:32950 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bladabindi variant outbound connection (malware-cnc.rules) * 1:48569 <-> DISABLED <-> MALWARE-TOOLS JexBoss webshell download (malware-tools.rules) * 1:52290 <-> ENABLED <-> MALWARE-OTHER Win.Backdoor.Agent malicious DLL loader download attempt (malware-other.rules) * 1:37814 <-> DISABLED <-> POLICY-OTHER Polycom Botnet inbound connection attempt (policy-other.rules) * 1:50736 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Anubis variant outbound connection (malware-cnc.rules) * 1:53633 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Panda malicious loader and decryptor attempt (malware-other.rules) * 1:27934 <-> DISABLED <-> APP-DETECT Splashtop personal download attempt (app-detect.rules) * 1:31433 <-> DISABLED <-> MALWARE-CNC MSIL Worm command and control connection (malware-cnc.rules) * 1:50734 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Anubis variant outbound connection (malware-cnc.rules) * 1:47526 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Grobios C2 inbound server command (malware-cnc.rules) * 1:37298 <-> DISABLED <-> APP-DETECT Hola VPN installation attempt (app-detect.rules) * 1:53645 <-> DISABLED <-> MALWARE-TOOLS Win.Trojan.Panda file loader and decryptor attempt (malware-tools.rules) * 1:41162 <-> ENABLED <-> MALWARE-CNC Js.Trojan.Nemucod variant (malware-cnc.rules) * 1:36610 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Panskeg outbound connection (malware-cnc.rules) * 1:36628 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Recodler variant outbound connection (malware-cnc.rules) * 1:42068 <-> DISABLED <-> POLICY-OTHER Aviosys IP Power 9258 W2 default login attempt (policy-other.rules) * 1:37524 <-> DISABLED <-> FILE-OTHER ReGet Deluxe wjr file buffer overflow attempt (file-other.rules) * 1:36541 <-> DISABLED <-> POLICY-OTHER Polycom Botnet inbound connection attempt (policy-other.rules) * 1:50737 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Anubis variant outbound connection (malware-cnc.rules) * 1:34224 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_unix_reverse_perl (indicator-shellcode.rules) * 1:37301 <-> DISABLED <-> APP-DETECT Hola VPN startup attempt (app-detect.rules) * 1:32029 <-> DISABLED <-> BROWSER-OTHER Android WebView same origin policy bypass attempt (browser-other.rules) * 1:37370 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Trochulis variant outbound connection (malware-cnc.rules) * 1:37299 <-> DISABLED <-> APP-DETECT Hola VPN installation attempt (app-detect.rules) * 1:37815 <-> DISABLED <-> POLICY-OTHER Polycom Botnet inbound connection attempt (policy-other.rules) * 1:37303 <-> DISABLED <-> APP-DETECT Hola VPN X-Hola-Version header attempt (app-detect.rules) * 1:35101 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex variant outbound connection (malware-cnc.rules) * 1:50735 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Anubis variant outbound connection (malware-cnc.rules) * 1:30000 <-> DISABLED <-> MALWARE-BACKDOOR FireCrotch exploit kit backdoor attempt (malware-backdoor.rules) * 1:19950 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Defsel inbound connection (malware-cnc.rules) * 1:32505 <-> ENABLED <-> MALWARE-CNC Linux.Backdoor.Kiler attempted outbound connection (malware-cnc.rules) * 1:37300 <-> DISABLED <-> APP-DETECT Hola VPN startup attempt (app-detect.rules) * 1:42067 <-> DISABLED <-> POLICY-OTHER Aviosys IP Power 9258 W2 management.asp information disclosure (policy-other.rules) * 1:53632 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Panda malicious DLL loader attempt (malware-other.rules) * 1:31633 <-> DISABLED <-> MALWARE-CNC Noniem.A outbound connection (malware-cnc.rules) * 1:41784 <-> DISABLED <-> INDICATOR-COMPROMISE clorius controls information gathering attempt (indicator-compromise.rules) * 1:48570 <-> DISABLED <-> MALWARE-TOOLS JexBoss webshell commands sent in X-JEX headers (malware-tools.rules) * 1:53635 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Panda malicious loader and decryptor attempt (malware-other.rules) * 1:39893 <-> ENABLED <-> OS-LINUX Linux Kernel USBIP out of bounds write attempt (os-linux.rules) * 1:20673 <-> DISABLED <-> FILE-MULTIMEDIA invalid VLC media player SMB URI download attempt (file-multimedia.rules) * 1:39894 <-> ENABLED <-> OS-LINUX Linux Kernel USBIP out of bounds write attempt (os-linux.rules)
©2024 Cisco and/or its affiliates. Snort, the Snort and Pig logo are registered trademarks of Cisco. All rights reserved.
