Talos has added and modified multiple rules in the browser-webkit, file-image, file-office, indicator-shellcode, malware-backdoor, malware-cnc, malware-other, policy-other and server-webapp rule sets to provide coverage for emerging threats from these technologies.
For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091601.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:56328 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9791863-0 download attempt (malware-other.rules) * 1:56329 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9791863-0 download attempt (malware-other.rules) * 1:56330 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Rukoma-9792185-0 download attempt (malware-other.rules) * 1:56331 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Rukoma-9792185-0 download attempt (malware-other.rules) * 1:56332 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zbot-9792718-0 download attempt (malware-other.rules) * 1:56333 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zbot-9792718-0 download attempt (malware-other.rules) * 1:56334 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Ursu-9792860-0 download attempt (malware-other.rules) * 1:56335 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Ursu-9792860-0 download attempt (malware-other.rules) * 1:56336 <-> DISABLED <-> MALWARE-OTHER PUA.Win.File.Zusy-9792896-0 download attempt (malware-other.rules) * 1:56337 <-> DISABLED <-> MALWARE-OTHER PUA.Win.File.Zusy-9792896-0 download attempt (malware-other.rules) * 1:56338 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Dagava-9793006-0 download attempt (malware-other.rules) * 1:56339 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Dagava-9793006-0 download attempt (malware-other.rules) * 1:56340 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Daws-9793378-0 download attempt (malware-other.rules) * 1:56341 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Daws-9793378-0 download attempt (malware-other.rules) * 1:56342 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9793635-0 download attempt (malware-other.rules) * 1:56343 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9793635-0 download attempt (malware-other.rules) * 1:56344 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9793638-0 download attempt (malware-other.rules) * 1:56345 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9793638-0 download attempt (malware-other.rules) * 1:56346 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Icloader-9793684-0 download attempt (malware-other.rules) * 1:56347 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Icloader-9793684-0 download attempt (malware-other.rules) * 1:56348 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Chen-9793785-0 download attempt (malware-other.rules) * 1:56349 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Chen-9793785-0 download attempt (malware-other.rules) * 1:56350 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9793863-0 download attempt (malware-other.rules) * 1:56351 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9793863-0 download attempt (malware-other.rules) * 1:56352 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9793788-0 download attempt (malware-other.rules) * 1:56353 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9793788-0 download attempt (malware-other.rules) * 1:56354 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9793953-0 download attempt (malware-other.rules) * 1:56355 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9793953-0 download attempt (malware-other.rules) * 1:56356 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9794293-0 download attempt (malware-other.rules) * 1:56357 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9794293-0 download attempt (malware-other.rules) * 1:56358 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Ulise-9794347-0 download attempt (malware-other.rules) * 1:56359 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Ulise-9794347-0 download attempt (malware-other.rules) * 1:56360 <-> DISABLED <-> MALWARE-OTHER PUA.Win.File.Playtech-9794342-0 download attempt (malware-other.rules) * 1:56361 <-> DISABLED <-> MALWARE-OTHER PUA.Win.File.Playtech-9794342-0 download attempt (malware-other.rules) * 1:56362 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Cerber-9794403-0 download attempt (malware-other.rules) * 1:56363 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Cerber-9794403-0 download attempt (malware-other.rules) * 1:56364 <-> DISABLED <-> SERVER-WEBAPP D-Link DSR-250N denial of service attempt (server-webapp.rules) * 1:56367 <-> ENABLED <-> MALWARE-CNC Win.Trojan.GlitchPOS variant outbound connection attempt (malware-cnc.rules) * 1:56368 <-> ENABLED <-> MALWARE-CNC Win.Trojan.GlitchPOS variant outbound connection attempt (malware-cnc.rules) * 1:56369 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.GlitchPOS malicious executable download attempt (malware-other.rules) * 1:56370 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.GlitchPOS malicious executable download attempt (malware-other.rules) * 1:56371 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ComRAT variant binary download attempt (malware-cnc.rules) * 1:56372 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ComRAT variant binary download attempt (malware-cnc.rules) * 1:56373 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ComRAT variant download attempt (malware-cnc.rules) * 1:56374 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ComRAT variant binary download attempt (malware-cnc.rules) * 1:56375 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ComRAT variant binary download attempt (malware-cnc.rules) * 1:56376 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ComRAT variant download attempt (malware-cnc.rules) * 1:56377 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ComRAT variant binary download attempt (malware-cnc.rules) * 1:56378 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ComRAT variant binary download attempt (malware-cnc.rules) * 1:56383 <-> DISABLED <-> PROTOCOL-SCADA Advantech DiagAnywhere remote code execution attempt (protocol-scada.rules) * 1:56384 <-> DISABLED <-> PROTOCOL-SCADA Advantech DiagAnywhere remote code execution attempt (protocol-scada.rules) * 1:56385 <-> DISABLED <-> PROTOCOL-SCADA Advantech DiagAnywhere remote code execution attempt (protocol-scada.rules) * 1:56386 <-> DISABLED <-> PROTOCOL-SCADA Advantech DiagAnywhere remote code execution attempt (protocol-scada.rules) * 1:56387 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Raccoon CNC decryption key response (malware-cnc.rules) * 1:56388 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Raccoon data exfiltration attempt (malware-cnc.rules) * 1:56391 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Racoon outbound connection attempt (malware-cnc.rules) * 1:56392 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Razy-9794567-0 download attempt (malware-other.rules) * 1:56393 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Razy-9794567-0 download attempt (malware-other.rules) * 1:56394 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ursu-9794593-0 download attempt (malware-other.rules) * 1:56395 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ursu-9794593-0 download attempt (malware-other.rules) * 1:56396 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9794604-0 download attempt (malware-other.rules) * 1:56397 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9794604-0 download attempt (malware-other.rules) * 1:56398 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Qbot-9794652-0 download attempt (malware-other.rules) * 1:56399 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Qbot-9794652-0 download attempt (malware-other.rules) * 1:56400 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Razy-9794901-0 download attempt (malware-other.rules) * 1:56401 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Razy-9794901-0 download attempt (malware-other.rules) * 1:56402 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-9795078-0 download attempt (malware-other.rules) * 1:56403 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-9795078-0 download attempt (malware-other.rules) * 1:56404 <-> ENABLED <-> SERVER-WEBAPP Cisco Security Manager XmpFileUploadServlet arbitrary JSP file upload attempt (server-webapp.rules) * 1:56405 <-> ENABLED <-> SERVER-WEBAPP Cisco Security Manager XmpFileUploadServlet directory traversal attempt (server-webapp.rules) * 1:56406 <-> ENABLED <-> INDICATOR-SHELLCODE ysoserial Java object deserialization exploit attempt (indicator-shellcode.rules) * 1:56407 <-> ENABLED <-> INDICATOR-SHELLCODE ysoserial Java object deserialization exploit attempt (indicator-shellcode.rules) * 1:56408 <-> DISABLED <-> POLICY-OTHER Cisco Security Manager vulnerable CsJaasServiceServlet access detected (policy-other.rules) * 1:56409 <-> DISABLED <-> POLICY-OTHER Cisco Security Manager vulnerable SecretService.jsp access detected (policy-other.rules) * 1:56410 <-> DISABLED <-> POLICY-OTHER Cisco Security Manager vulnerable AuthTokenServlet access detected (policy-other.rules) * 1:56411 <-> DISABLED <-> POLICY-OTHER Cisco Security Manager vulnerable ClientServicesServlet access detected (policy-other.rules) * 1:56412 <-> DISABLED <-> POLICY-OTHER Cisco Security Manager vulnerable CTMServlet access detected (policy-other.rules) * 1:56413 <-> DISABLED <-> POLICY-OTHER Cisco Security Manager vulnerable SecretServiceServlet access detected (policy-other.rules) * 1:56414 <-> ENABLED <-> SERVER-WEBAPP Cisco Security Manager XmpFileDownloadServlet directory traversal attempt (server-webapp.rules) * 1:56415 <-> ENABLED <-> SERVER-WEBAPP Cisco Security Manager XmpFileDownloadServlet directory traversal attempt (server-webapp.rules) * 1:56416 <-> ENABLED <-> SERVER-WEBAPP Cisco Security Manager XmpFileDownloadServlet directory traversal attempt (server-webapp.rules) * 1:56417 <-> ENABLED <-> SERVER-WEBAPP Cisco Security Manager SampleFileDownloadServlet directory traversal attempt (server-webapp.rules) * 1:56418 <-> ENABLED <-> SERVER-WEBAPP Cisco Security Manager SampleFileDownloadServlet directory traversal attempt (server-webapp.rules) * 1:56419 <-> ENABLED <-> SERVER-WEBAPP Cisco Security Manager SampleFileDownloadServlet directory traversal attempt (server-webapp.rules) * 1:56420 <-> ENABLED <-> SERVER-WEBAPP Cisco Security Manager resultsFrame directory traversal attempt (server-webapp.rules) * 1:56421 <-> ENABLED <-> SERVER-WEBAPP Cisco Security Manager resultsFrame directory traversal attempt (server-webapp.rules) * 1:56422 <-> ENABLED <-> SERVER-WEBAPP Cisco Security Manager resultsFrame directory traversal attempt (server-webapp.rules) * 1:56423 <-> ENABLED <-> SERVER-WEBAPP Cisco Security Manager xdmProxy directory traversal attempt (server-webapp.rules) * 3:56365 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-1183 attack attempt (file-image.rules) * 3:56366 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-1183 attack attempt (file-image.rules) * 3:56379 <-> ENABLED <-> BROWSER-WEBKIT TRUFFLEHUNTER TALOS-2020-1195 attack attempt (browser-webkit.rules) * 3:56380 <-> ENABLED <-> BROWSER-WEBKIT TRUFFLEHUNTER TALOS-2020-1195 attack attempt (browser-webkit.rules) * 3:56381 <-> ENABLED <-> BROWSER-WEBKIT TRUFFLEHUNTER TALOS-2020-1195 attack attempt (browser-webkit.rules) * 3:56382 <-> ENABLED <-> BROWSER-WEBKIT TRUFFLEHUNTER TALOS-2020-1195 attack attempt (browser-webkit.rules) * 3:56389 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2020-1197 attack attempt (file-office.rules) * 3:56390 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2020-1197 attack attempt (file-office.rules)
* 1:50475 <-> ENABLED <-> MALWARE-BACKDOOR JSP Web shell access attempt (malware-backdoor.rules) * 1:46937 <-> ENABLED <-> INDICATOR-SHELLCODE ysoserial Java object deserialization exploit attempt (indicator-shellcode.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091600.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:56328 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9791863-0 download attempt (malware-other.rules) * 1:56331 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Rukoma-9792185-0 download attempt (malware-other.rules) * 1:56332 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zbot-9792718-0 download attempt (malware-other.rules) * 1:56333 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zbot-9792718-0 download attempt (malware-other.rules) * 1:56334 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Ursu-9792860-0 download attempt (malware-other.rules) * 1:56335 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Ursu-9792860-0 download attempt (malware-other.rules) * 1:56336 <-> DISABLED <-> MALWARE-OTHER PUA.Win.File.Zusy-9792896-0 download attempt (malware-other.rules) * 1:56337 <-> DISABLED <-> MALWARE-OTHER PUA.Win.File.Zusy-9792896-0 download attempt (malware-other.rules) * 1:56338 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Dagava-9793006-0 download attempt (malware-other.rules) * 1:56339 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Dagava-9793006-0 download attempt (malware-other.rules) * 1:56340 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Daws-9793378-0 download attempt (malware-other.rules) * 1:56341 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Daws-9793378-0 download attempt (malware-other.rules) * 1:56342 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9793635-0 download attempt (malware-other.rules) * 1:56343 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9793635-0 download attempt (malware-other.rules) * 1:56344 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9793638-0 download attempt (malware-other.rules) * 1:56345 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9793638-0 download attempt (malware-other.rules) * 1:56346 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Icloader-9793684-0 download attempt (malware-other.rules) * 1:56347 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Icloader-9793684-0 download attempt (malware-other.rules) * 1:56348 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Chen-9793785-0 download attempt (malware-other.rules) * 1:56349 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Chen-9793785-0 download attempt (malware-other.rules) * 1:56350 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9793863-0 download attempt (malware-other.rules) * 1:56351 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9793863-0 download attempt (malware-other.rules) * 1:56352 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9793788-0 download attempt (malware-other.rules) * 1:56353 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9793788-0 download attempt (malware-other.rules) * 1:56354 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9793953-0 download attempt (malware-other.rules) * 1:56355 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9793953-0 download attempt (malware-other.rules) * 1:56356 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9794293-0 download attempt (malware-other.rules) * 1:56357 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9794293-0 download attempt (malware-other.rules) * 1:56358 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Ulise-9794347-0 download attempt (malware-other.rules) * 1:56359 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Ulise-9794347-0 download attempt (malware-other.rules) * 1:56360 <-> DISABLED <-> MALWARE-OTHER PUA.Win.File.Playtech-9794342-0 download attempt (malware-other.rules) * 1:56361 <-> DISABLED <-> MALWARE-OTHER PUA.Win.File.Playtech-9794342-0 download attempt (malware-other.rules) * 1:56362 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Cerber-9794403-0 download attempt (malware-other.rules) * 1:56363 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Cerber-9794403-0 download attempt (malware-other.rules) * 1:56364 <-> DISABLED <-> SERVER-WEBAPP D-Link DSR-250N denial of service attempt (server-webapp.rules) * 1:56367 <-> ENABLED <-> MALWARE-CNC Win.Trojan.GlitchPOS variant outbound connection attempt (malware-cnc.rules) * 1:56368 <-> ENABLED <-> MALWARE-CNC Win.Trojan.GlitchPOS variant outbound connection attempt (malware-cnc.rules) * 1:56369 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.GlitchPOS malicious executable download attempt (malware-other.rules) * 1:56370 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.GlitchPOS malicious executable download attempt (malware-other.rules) * 1:56371 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ComRAT variant binary download attempt (malware-cnc.rules) * 1:56372 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ComRAT variant binary download attempt (malware-cnc.rules) * 1:56373 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ComRAT variant download attempt (malware-cnc.rules) * 1:56374 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ComRAT variant binary download attempt (malware-cnc.rules) * 1:56375 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ComRAT variant binary download attempt (malware-cnc.rules) * 1:56376 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ComRAT variant download attempt (malware-cnc.rules) * 1:56377 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ComRAT variant binary download attempt (malware-cnc.rules) * 1:56378 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ComRAT variant binary download attempt (malware-cnc.rules) * 1:56383 <-> DISABLED <-> PROTOCOL-SCADA Advantech DiagAnywhere remote code execution attempt (protocol-scada.rules) * 1:56384 <-> DISABLED <-> PROTOCOL-SCADA Advantech DiagAnywhere remote code execution attempt (protocol-scada.rules) * 1:56385 <-> DISABLED <-> PROTOCOL-SCADA Advantech DiagAnywhere remote code execution attempt (protocol-scada.rules) * 1:56386 <-> DISABLED <-> PROTOCOL-SCADA Advantech DiagAnywhere remote code execution attempt (protocol-scada.rules) * 1:56387 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Raccoon CNC decryption key response (malware-cnc.rules) * 1:56388 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Raccoon data exfiltration attempt (malware-cnc.rules) * 1:56391 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Racoon outbound connection attempt (malware-cnc.rules) * 1:56392 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Razy-9794567-0 download attempt (malware-other.rules) * 1:56393 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Razy-9794567-0 download attempt (malware-other.rules) * 1:56394 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ursu-9794593-0 download attempt (malware-other.rules) * 1:56395 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ursu-9794593-0 download attempt (malware-other.rules) * 1:56396 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9794604-0 download attempt (malware-other.rules) * 1:56397 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9794604-0 download attempt (malware-other.rules) * 1:56398 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Qbot-9794652-0 download attempt (malware-other.rules) * 1:56399 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Qbot-9794652-0 download attempt (malware-other.rules) * 1:56400 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Razy-9794901-0 download attempt (malware-other.rules) * 1:56406 <-> ENABLED <-> INDICATOR-SHELLCODE ysoserial Java object deserialization exploit attempt (indicator-shellcode.rules) * 1:56404 <-> ENABLED <-> SERVER-WEBAPP Cisco Security Manager XmpFileUploadServlet arbitrary JSP file upload attempt (server-webapp.rules) * 1:56405 <-> ENABLED <-> SERVER-WEBAPP Cisco Security Manager XmpFileUploadServlet directory traversal attempt (server-webapp.rules) * 1:56407 <-> ENABLED <-> INDICATOR-SHELLCODE ysoserial Java object deserialization exploit attempt (indicator-shellcode.rules) * 1:56408 <-> DISABLED <-> POLICY-OTHER Cisco Security Manager vulnerable CsJaasServiceServlet access detected (policy-other.rules) * 1:56409 <-> DISABLED <-> POLICY-OTHER Cisco Security Manager vulnerable SecretService.jsp access detected (policy-other.rules) * 1:56410 <-> DISABLED <-> POLICY-OTHER Cisco Security Manager vulnerable AuthTokenServlet access detected (policy-other.rules) * 1:56411 <-> DISABLED <-> POLICY-OTHER Cisco Security Manager vulnerable ClientServicesServlet access detected (policy-other.rules) * 1:56412 <-> DISABLED <-> POLICY-OTHER Cisco Security Manager vulnerable CTMServlet access detected (policy-other.rules) * 1:56413 <-> DISABLED <-> POLICY-OTHER Cisco Security Manager vulnerable SecretServiceServlet access detected (policy-other.rules) * 1:56414 <-> ENABLED <-> SERVER-WEBAPP Cisco Security Manager XmpFileDownloadServlet directory traversal attempt (server-webapp.rules) * 1:56415 <-> ENABLED <-> SERVER-WEBAPP Cisco Security Manager XmpFileDownloadServlet directory traversal attempt (server-webapp.rules) * 1:56416 <-> ENABLED <-> SERVER-WEBAPP Cisco Security Manager XmpFileDownloadServlet directory traversal attempt (server-webapp.rules) * 1:56417 <-> ENABLED <-> SERVER-WEBAPP Cisco Security Manager SampleFileDownloadServlet directory traversal attempt (server-webapp.rules) * 1:56418 <-> ENABLED <-> SERVER-WEBAPP Cisco Security Manager SampleFileDownloadServlet directory traversal attempt (server-webapp.rules) * 1:56419 <-> ENABLED <-> SERVER-WEBAPP Cisco Security Manager SampleFileDownloadServlet directory traversal attempt (server-webapp.rules) * 1:56420 <-> ENABLED <-> SERVER-WEBAPP Cisco Security Manager resultsFrame directory traversal attempt (server-webapp.rules) * 1:56421 <-> ENABLED <-> SERVER-WEBAPP Cisco Security Manager resultsFrame directory traversal attempt (server-webapp.rules) * 1:56422 <-> ENABLED <-> SERVER-WEBAPP Cisco Security Manager resultsFrame directory traversal attempt (server-webapp.rules) * 1:56423 <-> ENABLED <-> SERVER-WEBAPP Cisco Security Manager xdmProxy directory traversal attempt (server-webapp.rules) * 1:56330 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Rukoma-9792185-0 download attempt (malware-other.rules) * 1:56329 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9791863-0 download attempt (malware-other.rules) * 1:56401 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Razy-9794901-0 download attempt (malware-other.rules) * 1:56402 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-9795078-0 download attempt (malware-other.rules) * 1:56403 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-9795078-0 download attempt (malware-other.rules) * 3:56365 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-1183 attack attempt (file-image.rules) * 3:56379 <-> ENABLED <-> BROWSER-WEBKIT TRUFFLEHUNTER TALOS-2020-1195 attack attempt (browser-webkit.rules) * 3:56366 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-1183 attack attempt (file-image.rules) * 3:56381 <-> ENABLED <-> BROWSER-WEBKIT TRUFFLEHUNTER TALOS-2020-1195 attack attempt (browser-webkit.rules) * 3:56380 <-> ENABLED <-> BROWSER-WEBKIT TRUFFLEHUNTER TALOS-2020-1195 attack attempt (browser-webkit.rules) * 3:56389 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2020-1197 attack attempt (file-office.rules) * 3:56382 <-> ENABLED <-> BROWSER-WEBKIT TRUFFLEHUNTER TALOS-2020-1195 attack attempt (browser-webkit.rules) * 3:56390 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2020-1197 attack attempt (file-office.rules)
* 1:46937 <-> ENABLED <-> INDICATOR-SHELLCODE ysoserial Java object deserialization exploit attempt (indicator-shellcode.rules) * 1:50475 <-> ENABLED <-> MALWARE-BACKDOOR JSP Web shell access attempt (malware-backdoor.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091501.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:56415 <-> ENABLED <-> SERVER-WEBAPP Cisco Security Manager XmpFileDownloadServlet directory traversal attempt (server-webapp.rules) * 1:56416 <-> ENABLED <-> SERVER-WEBAPP Cisco Security Manager XmpFileDownloadServlet directory traversal attempt (server-webapp.rules) * 1:56417 <-> ENABLED <-> SERVER-WEBAPP Cisco Security Manager SampleFileDownloadServlet directory traversal attempt (server-webapp.rules) * 1:56418 <-> ENABLED <-> SERVER-WEBAPP Cisco Security Manager SampleFileDownloadServlet directory traversal attempt (server-webapp.rules) * 1:56419 <-> ENABLED <-> SERVER-WEBAPP Cisco Security Manager SampleFileDownloadServlet directory traversal attempt (server-webapp.rules) * 1:56420 <-> ENABLED <-> SERVER-WEBAPP Cisco Security Manager resultsFrame directory traversal attempt (server-webapp.rules) * 1:56421 <-> ENABLED <-> SERVER-WEBAPP Cisco Security Manager resultsFrame directory traversal attempt (server-webapp.rules) * 1:56422 <-> ENABLED <-> SERVER-WEBAPP Cisco Security Manager resultsFrame directory traversal attempt (server-webapp.rules) * 1:56423 <-> ENABLED <-> SERVER-WEBAPP Cisco Security Manager xdmProxy directory traversal attempt (server-webapp.rules) * 1:56332 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zbot-9792718-0 download attempt (malware-other.rules) * 1:56333 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zbot-9792718-0 download attempt (malware-other.rules) * 1:56334 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Ursu-9792860-0 download attempt (malware-other.rules) * 1:56335 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Ursu-9792860-0 download attempt (malware-other.rules) * 1:56336 <-> DISABLED <-> MALWARE-OTHER PUA.Win.File.Zusy-9792896-0 download attempt (malware-other.rules) * 1:56337 <-> DISABLED <-> MALWARE-OTHER PUA.Win.File.Zusy-9792896-0 download attempt (malware-other.rules) * 1:56338 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Dagava-9793006-0 download attempt (malware-other.rules) * 1:56339 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Dagava-9793006-0 download attempt (malware-other.rules) * 1:56340 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Daws-9793378-0 download attempt (malware-other.rules) * 1:56341 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Daws-9793378-0 download attempt (malware-other.rules) * 1:56342 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9793635-0 download attempt (malware-other.rules) * 1:56343 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9793635-0 download attempt (malware-other.rules) * 1:56344 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9793638-0 download attempt (malware-other.rules) * 1:56345 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9793638-0 download attempt (malware-other.rules) * 1:56346 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Icloader-9793684-0 download attempt (malware-other.rules) * 1:56347 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Icloader-9793684-0 download attempt (malware-other.rules) * 1:56348 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Chen-9793785-0 download attempt (malware-other.rules) * 1:56349 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Chen-9793785-0 download attempt (malware-other.rules) * 1:56350 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9793863-0 download attempt (malware-other.rules) * 1:56351 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9793863-0 download attempt (malware-other.rules) * 1:56352 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9793788-0 download attempt (malware-other.rules) * 1:56353 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9793788-0 download attempt (malware-other.rules) * 1:56354 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9793953-0 download attempt (malware-other.rules) * 1:56355 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9793953-0 download attempt (malware-other.rules) * 1:56356 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9794293-0 download attempt (malware-other.rules) * 1:56357 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9794293-0 download attempt (malware-other.rules) * 1:56358 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Ulise-9794347-0 download attempt (malware-other.rules) * 1:56359 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Ulise-9794347-0 download attempt (malware-other.rules) * 1:56360 <-> DISABLED <-> MALWARE-OTHER PUA.Win.File.Playtech-9794342-0 download attempt (malware-other.rules) * 1:56361 <-> DISABLED <-> MALWARE-OTHER PUA.Win.File.Playtech-9794342-0 download attempt (malware-other.rules) * 1:56362 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Cerber-9794403-0 download attempt (malware-other.rules) * 1:56363 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Cerber-9794403-0 download attempt (malware-other.rules) * 1:56364 <-> DISABLED <-> SERVER-WEBAPP D-Link DSR-250N denial of service attempt (server-webapp.rules) * 1:56367 <-> ENABLED <-> MALWARE-CNC Win.Trojan.GlitchPOS variant outbound connection attempt (malware-cnc.rules) * 1:56368 <-> ENABLED <-> MALWARE-CNC Win.Trojan.GlitchPOS variant outbound connection attempt (malware-cnc.rules) * 1:56369 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.GlitchPOS malicious executable download attempt (malware-other.rules) * 1:56370 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.GlitchPOS malicious executable download attempt (malware-other.rules) * 1:56371 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ComRAT variant binary download attempt (malware-cnc.rules) * 1:56372 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ComRAT variant binary download attempt (malware-cnc.rules) * 1:56373 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ComRAT variant download attempt (malware-cnc.rules) * 1:56374 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ComRAT variant binary download attempt (malware-cnc.rules) * 1:56375 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ComRAT variant binary download attempt (malware-cnc.rules) * 1:56376 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ComRAT variant download attempt (malware-cnc.rules) * 1:56377 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ComRAT variant binary download attempt (malware-cnc.rules) * 1:56378 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ComRAT variant binary download attempt (malware-cnc.rules) * 1:56383 <-> DISABLED <-> PROTOCOL-SCADA Advantech DiagAnywhere remote code execution attempt (protocol-scada.rules) * 1:56384 <-> DISABLED <-> PROTOCOL-SCADA Advantech DiagAnywhere remote code execution attempt (protocol-scada.rules) * 1:56385 <-> DISABLED <-> PROTOCOL-SCADA Advantech DiagAnywhere remote code execution attempt (protocol-scada.rules) * 1:56386 <-> DISABLED <-> PROTOCOL-SCADA Advantech DiagAnywhere remote code execution attempt (protocol-scada.rules) * 1:56387 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Raccoon CNC decryption key response (malware-cnc.rules) * 1:56388 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Raccoon data exfiltration attempt (malware-cnc.rules) * 1:56391 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Racoon outbound connection attempt (malware-cnc.rules) * 1:56392 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Razy-9794567-0 download attempt (malware-other.rules) * 1:56393 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Razy-9794567-0 download attempt (malware-other.rules) * 1:56394 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ursu-9794593-0 download attempt (malware-other.rules) * 1:56395 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ursu-9794593-0 download attempt (malware-other.rules) * 1:56396 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9794604-0 download attempt (malware-other.rules) * 1:56397 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9794604-0 download attempt (malware-other.rules) * 1:56330 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Rukoma-9792185-0 download attempt (malware-other.rules) * 1:56331 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Rukoma-9792185-0 download attempt (malware-other.rules) * 1:56398 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Qbot-9794652-0 download attempt (malware-other.rules) * 1:56399 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Qbot-9794652-0 download attempt (malware-other.rules) * 1:56328 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9791863-0 download attempt (malware-other.rules) * 1:56329 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9791863-0 download attempt (malware-other.rules) * 1:56400 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Razy-9794901-0 download attempt (malware-other.rules) * 1:56402 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-9795078-0 download attempt (malware-other.rules) * 1:56404 <-> ENABLED <-> SERVER-WEBAPP Cisco Security Manager XmpFileUploadServlet arbitrary JSP file upload attempt (server-webapp.rules) * 1:56401 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Razy-9794901-0 download attempt (malware-other.rules) * 1:56403 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-9795078-0 download attempt (malware-other.rules) * 1:56405 <-> ENABLED <-> SERVER-WEBAPP Cisco Security Manager XmpFileUploadServlet directory traversal attempt (server-webapp.rules) * 1:56406 <-> ENABLED <-> INDICATOR-SHELLCODE ysoserial Java object deserialization exploit attempt (indicator-shellcode.rules) * 1:56408 <-> DISABLED <-> POLICY-OTHER Cisco Security Manager vulnerable CsJaasServiceServlet access detected (policy-other.rules) * 1:56407 <-> ENABLED <-> INDICATOR-SHELLCODE ysoserial Java object deserialization exploit attempt (indicator-shellcode.rules) * 1:56409 <-> DISABLED <-> POLICY-OTHER Cisco Security Manager vulnerable SecretService.jsp access detected (policy-other.rules) * 1:56410 <-> DISABLED <-> POLICY-OTHER Cisco Security Manager vulnerable AuthTokenServlet access detected (policy-other.rules) * 1:56411 <-> DISABLED <-> POLICY-OTHER Cisco Security Manager vulnerable ClientServicesServlet access detected (policy-other.rules) * 1:56412 <-> DISABLED <-> POLICY-OTHER Cisco Security Manager vulnerable CTMServlet access detected (policy-other.rules) * 1:56413 <-> DISABLED <-> POLICY-OTHER Cisco Security Manager vulnerable SecretServiceServlet access detected (policy-other.rules) * 1:56414 <-> ENABLED <-> SERVER-WEBAPP Cisco Security Manager XmpFileDownloadServlet directory traversal attempt (server-webapp.rules) * 3:56365 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-1183 attack attempt (file-image.rules) * 3:56366 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-1183 attack attempt (file-image.rules) * 3:56379 <-> ENABLED <-> BROWSER-WEBKIT TRUFFLEHUNTER TALOS-2020-1195 attack attempt (browser-webkit.rules) * 3:56380 <-> ENABLED <-> BROWSER-WEBKIT TRUFFLEHUNTER TALOS-2020-1195 attack attempt (browser-webkit.rules) * 3:56381 <-> ENABLED <-> BROWSER-WEBKIT TRUFFLEHUNTER TALOS-2020-1195 attack attempt (browser-webkit.rules) * 3:56382 <-> ENABLED <-> BROWSER-WEBKIT TRUFFLEHUNTER TALOS-2020-1195 attack attempt (browser-webkit.rules) * 3:56389 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2020-1197 attack attempt (file-office.rules) * 3:56390 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2020-1197 attack attempt (file-office.rules)
* 1:46937 <-> ENABLED <-> INDICATOR-SHELLCODE ysoserial Java object deserialization exploit attempt (indicator-shellcode.rules) * 1:50475 <-> ENABLED <-> MALWARE-BACKDOOR JSP Web shell access attempt (malware-backdoor.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091500.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:56403 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-9795078-0 download attempt (malware-other.rules) * 1:56417 <-> ENABLED <-> SERVER-WEBAPP Cisco Security Manager SampleFileDownloadServlet directory traversal attempt (server-webapp.rules) * 1:56410 <-> DISABLED <-> POLICY-OTHER Cisco Security Manager vulnerable AuthTokenServlet access detected (policy-other.rules) * 1:56415 <-> ENABLED <-> SERVER-WEBAPP Cisco Security Manager XmpFileDownloadServlet directory traversal attempt (server-webapp.rules) * 1:56419 <-> ENABLED <-> SERVER-WEBAPP Cisco Security Manager SampleFileDownloadServlet directory traversal attempt (server-webapp.rules) * 1:56420 <-> ENABLED <-> SERVER-WEBAPP Cisco Security Manager resultsFrame directory traversal attempt (server-webapp.rules) * 1:56421 <-> ENABLED <-> SERVER-WEBAPP Cisco Security Manager resultsFrame directory traversal attempt (server-webapp.rules) * 1:56422 <-> ENABLED <-> SERVER-WEBAPP Cisco Security Manager resultsFrame directory traversal attempt (server-webapp.rules) * 1:56423 <-> ENABLED <-> SERVER-WEBAPP Cisco Security Manager xdmProxy directory traversal attempt (server-webapp.rules) * 1:56332 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zbot-9792718-0 download attempt (malware-other.rules) * 1:56333 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zbot-9792718-0 download attempt (malware-other.rules) * 1:56334 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Ursu-9792860-0 download attempt (malware-other.rules) * 1:56335 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Ursu-9792860-0 download attempt (malware-other.rules) * 1:56336 <-> DISABLED <-> MALWARE-OTHER PUA.Win.File.Zusy-9792896-0 download attempt (malware-other.rules) * 1:56337 <-> DISABLED <-> MALWARE-OTHER PUA.Win.File.Zusy-9792896-0 download attempt (malware-other.rules) * 1:56338 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Dagava-9793006-0 download attempt (malware-other.rules) * 1:56339 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Dagava-9793006-0 download attempt (malware-other.rules) * 1:56340 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Daws-9793378-0 download attempt (malware-other.rules) * 1:56341 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Daws-9793378-0 download attempt (malware-other.rules) * 1:56342 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9793635-0 download attempt (malware-other.rules) * 1:56343 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9793635-0 download attempt (malware-other.rules) * 1:56344 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9793638-0 download attempt (malware-other.rules) * 1:56345 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9793638-0 download attempt (malware-other.rules) * 1:56346 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Icloader-9793684-0 download attempt (malware-other.rules) * 1:56347 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Icloader-9793684-0 download attempt (malware-other.rules) * 1:56348 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Chen-9793785-0 download attempt (malware-other.rules) * 1:56349 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Chen-9793785-0 download attempt (malware-other.rules) * 1:56350 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9793863-0 download attempt (malware-other.rules) * 1:56351 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9793863-0 download attempt (malware-other.rules) * 1:56352 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9793788-0 download attempt (malware-other.rules) * 1:56353 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9793788-0 download attempt (malware-other.rules) * 1:56413 <-> DISABLED <-> POLICY-OTHER Cisco Security Manager vulnerable SecretServiceServlet access detected (policy-other.rules) * 1:56414 <-> ENABLED <-> SERVER-WEBAPP Cisco Security Manager XmpFileDownloadServlet directory traversal attempt (server-webapp.rules) * 1:56354 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9793953-0 download attempt (malware-other.rules) * 1:56355 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9793953-0 download attempt (malware-other.rules) * 1:56356 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9794293-0 download attempt (malware-other.rules) * 1:56416 <-> ENABLED <-> SERVER-WEBAPP Cisco Security Manager XmpFileDownloadServlet directory traversal attempt (server-webapp.rules) * 1:56357 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9794293-0 download attempt (malware-other.rules) * 1:56358 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Ulise-9794347-0 download attempt (malware-other.rules) * 1:56359 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Ulise-9794347-0 download attempt (malware-other.rules) * 1:56360 <-> DISABLED <-> MALWARE-OTHER PUA.Win.File.Playtech-9794342-0 download attempt (malware-other.rules) * 1:56361 <-> DISABLED <-> MALWARE-OTHER PUA.Win.File.Playtech-9794342-0 download attempt (malware-other.rules) * 1:56362 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Cerber-9794403-0 download attempt (malware-other.rules) * 1:56363 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Cerber-9794403-0 download attempt (malware-other.rules) * 1:56364 <-> DISABLED <-> SERVER-WEBAPP D-Link DSR-250N denial of service attempt (server-webapp.rules) * 1:56367 <-> ENABLED <-> MALWARE-CNC Win.Trojan.GlitchPOS variant outbound connection attempt (malware-cnc.rules) * 1:56368 <-> ENABLED <-> MALWARE-CNC Win.Trojan.GlitchPOS variant outbound connection attempt (malware-cnc.rules) * 1:56369 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.GlitchPOS malicious executable download attempt (malware-other.rules) * 1:56370 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.GlitchPOS malicious executable download attempt (malware-other.rules) * 1:56371 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ComRAT variant binary download attempt (malware-cnc.rules) * 1:56372 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ComRAT variant binary download attempt (malware-cnc.rules) * 1:56373 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ComRAT variant download attempt (malware-cnc.rules) * 1:56374 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ComRAT variant binary download attempt (malware-cnc.rules) * 1:56375 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ComRAT variant binary download attempt (malware-cnc.rules) * 1:56331 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Rukoma-9792185-0 download attempt (malware-other.rules) * 1:56330 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Rukoma-9792185-0 download attempt (malware-other.rules) * 1:56402 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-9795078-0 download attempt (malware-other.rules) * 1:56376 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ComRAT variant download attempt (malware-cnc.rules) * 1:56377 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ComRAT variant binary download attempt (malware-cnc.rules) * 1:56328 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9791863-0 download attempt (malware-other.rules) * 1:56329 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9791863-0 download attempt (malware-other.rules) * 1:56418 <-> ENABLED <-> SERVER-WEBAPP Cisco Security Manager SampleFileDownloadServlet directory traversal attempt (server-webapp.rules) * 1:56412 <-> DISABLED <-> POLICY-OTHER Cisco Security Manager vulnerable CTMServlet access detected (policy-other.rules) * 1:56378 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ComRAT variant binary download attempt (malware-cnc.rules) * 1:56383 <-> DISABLED <-> PROTOCOL-SCADA Advantech DiagAnywhere remote code execution attempt (protocol-scada.rules) * 1:56411 <-> DISABLED <-> POLICY-OTHER Cisco Security Manager vulnerable ClientServicesServlet access detected (policy-other.rules) * 1:56384 <-> DISABLED <-> PROTOCOL-SCADA Advantech DiagAnywhere remote code execution attempt (protocol-scada.rules) * 1:56385 <-> DISABLED <-> PROTOCOL-SCADA Advantech DiagAnywhere remote code execution attempt (protocol-scada.rules) * 1:56404 <-> ENABLED <-> SERVER-WEBAPP Cisco Security Manager XmpFileUploadServlet arbitrary JSP file upload attempt (server-webapp.rules) * 1:56386 <-> DISABLED <-> PROTOCOL-SCADA Advantech DiagAnywhere remote code execution attempt (protocol-scada.rules) * 1:56387 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Raccoon CNC decryption key response (malware-cnc.rules) * 1:56388 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Raccoon data exfiltration attempt (malware-cnc.rules) * 1:56409 <-> DISABLED <-> POLICY-OTHER Cisco Security Manager vulnerable SecretService.jsp access detected (policy-other.rules) * 1:56408 <-> DISABLED <-> POLICY-OTHER Cisco Security Manager vulnerable CsJaasServiceServlet access detected (policy-other.rules) * 1:56406 <-> ENABLED <-> INDICATOR-SHELLCODE ysoserial Java object deserialization exploit attempt (indicator-shellcode.rules) * 1:56407 <-> ENABLED <-> INDICATOR-SHELLCODE ysoserial Java object deserialization exploit attempt (indicator-shellcode.rules) * 1:56405 <-> ENABLED <-> SERVER-WEBAPP Cisco Security Manager XmpFileUploadServlet directory traversal attempt (server-webapp.rules) * 1:56391 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Racoon outbound connection attempt (malware-cnc.rules) * 1:56392 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Razy-9794567-0 download attempt (malware-other.rules) * 1:56393 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Razy-9794567-0 download attempt (malware-other.rules) * 1:56394 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ursu-9794593-0 download attempt (malware-other.rules) * 1:56395 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ursu-9794593-0 download attempt (malware-other.rules) * 1:56396 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9794604-0 download attempt (malware-other.rules) * 1:56397 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9794604-0 download attempt (malware-other.rules) * 1:56398 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Qbot-9794652-0 download attempt (malware-other.rules) * 1:56399 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Qbot-9794652-0 download attempt (malware-other.rules) * 1:56400 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Razy-9794901-0 download attempt (malware-other.rules) * 1:56401 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Razy-9794901-0 download attempt (malware-other.rules) * 3:56379 <-> ENABLED <-> BROWSER-WEBKIT TRUFFLEHUNTER TALOS-2020-1195 attack attempt (browser-webkit.rules) * 3:56380 <-> ENABLED <-> BROWSER-WEBKIT TRUFFLEHUNTER TALOS-2020-1195 attack attempt (browser-webkit.rules) * 3:56381 <-> ENABLED <-> BROWSER-WEBKIT TRUFFLEHUNTER TALOS-2020-1195 attack attempt (browser-webkit.rules) * 3:56382 <-> ENABLED <-> BROWSER-WEBKIT TRUFFLEHUNTER TALOS-2020-1195 attack attempt (browser-webkit.rules) * 3:56389 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2020-1197 attack attempt (file-office.rules) * 3:56390 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2020-1197 attack attempt (file-office.rules) * 3:56365 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-1183 attack attempt (file-image.rules) * 3:56366 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-1183 attack attempt (file-image.rules)
* 1:46937 <-> ENABLED <-> INDICATOR-SHELLCODE ysoserial Java object deserialization exploit attempt (indicator-shellcode.rules) * 1:50475 <-> ENABLED <-> MALWARE-BACKDOOR JSP Web shell access attempt (malware-backdoor.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091401.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:56338 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Dagava-9793006-0 download attempt (malware-other.rules) * 1:56385 <-> DISABLED <-> PROTOCOL-SCADA Advantech DiagAnywhere remote code execution attempt (protocol-scada.rules) * 1:56404 <-> ENABLED <-> SERVER-WEBAPP Cisco Security Manager XmpFileUploadServlet arbitrary JSP file upload attempt (server-webapp.rules) * 1:56413 <-> DISABLED <-> POLICY-OTHER Cisco Security Manager vulnerable SecretServiceServlet access detected (policy-other.rules) * 1:56418 <-> ENABLED <-> SERVER-WEBAPP Cisco Security Manager SampleFileDownloadServlet directory traversal attempt (server-webapp.rules) * 1:56419 <-> ENABLED <-> SERVER-WEBAPP Cisco Security Manager SampleFileDownloadServlet directory traversal attempt (server-webapp.rules) * 1:56410 <-> DISABLED <-> POLICY-OTHER Cisco Security Manager vulnerable AuthTokenServlet access detected (policy-other.rules) * 1:56411 <-> DISABLED <-> POLICY-OTHER Cisco Security Manager vulnerable ClientServicesServlet access detected (policy-other.rules) * 1:56420 <-> ENABLED <-> SERVER-WEBAPP Cisco Security Manager resultsFrame directory traversal attempt (server-webapp.rules) * 1:56416 <-> ENABLED <-> SERVER-WEBAPP Cisco Security Manager XmpFileDownloadServlet directory traversal attempt (server-webapp.rules) * 1:56421 <-> ENABLED <-> SERVER-WEBAPP Cisco Security Manager resultsFrame directory traversal attempt (server-webapp.rules) * 1:56422 <-> ENABLED <-> SERVER-WEBAPP Cisco Security Manager resultsFrame directory traversal attempt (server-webapp.rules) * 1:56423 <-> ENABLED <-> SERVER-WEBAPP Cisco Security Manager xdmProxy directory traversal attempt (server-webapp.rules) * 1:56368 <-> ENABLED <-> MALWARE-CNC Win.Trojan.GlitchPOS variant outbound connection attempt (malware-cnc.rules) * 1:56369 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.GlitchPOS malicious executable download attempt (malware-other.rules) * 1:56362 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Cerber-9794403-0 download attempt (malware-other.rules) * 1:56328 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9791863-0 download attempt (malware-other.rules) * 1:56329 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9791863-0 download attempt (malware-other.rules) * 1:56330 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Rukoma-9792185-0 download attempt (malware-other.rules) * 1:56331 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Rukoma-9792185-0 download attempt (malware-other.rules) * 1:56371 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ComRAT variant binary download attempt (malware-cnc.rules) * 1:56361 <-> DISABLED <-> MALWARE-OTHER PUA.Win.File.Playtech-9794342-0 download attempt (malware-other.rules) * 1:56333 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zbot-9792718-0 download attempt (malware-other.rules) * 1:56332 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zbot-9792718-0 download attempt (malware-other.rules) * 1:56334 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Ursu-9792860-0 download attempt (malware-other.rules) * 1:56337 <-> DISABLED <-> MALWARE-OTHER PUA.Win.File.Zusy-9792896-0 download attempt (malware-other.rules) * 1:56336 <-> DISABLED <-> MALWARE-OTHER PUA.Win.File.Zusy-9792896-0 download attempt (malware-other.rules) * 1:56335 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Ursu-9792860-0 download attempt (malware-other.rules) * 1:56340 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Daws-9793378-0 download attempt (malware-other.rules) * 1:56344 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9793638-0 download attempt (malware-other.rules) * 1:56342 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9793635-0 download attempt (malware-other.rules) * 1:56345 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9793638-0 download attempt (malware-other.rules) * 1:56347 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Icloader-9793684-0 download attempt (malware-other.rules) * 1:56341 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Daws-9793378-0 download attempt (malware-other.rules) * 1:56349 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Chen-9793785-0 download attempt (malware-other.rules) * 1:56348 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Chen-9793785-0 download attempt (malware-other.rules) * 1:56351 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9793863-0 download attempt (malware-other.rules) * 1:56346 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Icloader-9793684-0 download attempt (malware-other.rules) * 1:56353 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9793788-0 download attempt (malware-other.rules) * 1:56352 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9793788-0 download attempt (malware-other.rules) * 1:56355 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9793953-0 download attempt (malware-other.rules) * 1:56350 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9793863-0 download attempt (malware-other.rules) * 1:56357 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9794293-0 download attempt (malware-other.rules) * 1:56356 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9794293-0 download attempt (malware-other.rules) * 1:56359 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Ulise-9794347-0 download attempt (malware-other.rules) * 1:56354 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9793953-0 download attempt (malware-other.rules) * 1:56364 <-> DISABLED <-> SERVER-WEBAPP D-Link DSR-250N denial of service attempt (server-webapp.rules) * 1:56360 <-> DISABLED <-> MALWARE-OTHER PUA.Win.File.Playtech-9794342-0 download attempt (malware-other.rules) * 1:56372 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ComRAT variant binary download attempt (malware-cnc.rules) * 1:56358 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Ulise-9794347-0 download attempt (malware-other.rules) * 1:56375 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ComRAT variant binary download attempt (malware-cnc.rules) * 1:56373 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ComRAT variant download attempt (malware-cnc.rules) * 1:56378 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ComRAT variant binary download attempt (malware-cnc.rules) * 1:56367 <-> ENABLED <-> MALWARE-CNC Win.Trojan.GlitchPOS variant outbound connection attempt (malware-cnc.rules) * 1:56384 <-> DISABLED <-> PROTOCOL-SCADA Advantech DiagAnywhere remote code execution attempt (protocol-scada.rules) * 1:56383 <-> DISABLED <-> PROTOCOL-SCADA Advantech DiagAnywhere remote code execution attempt (protocol-scada.rules) * 1:56393 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Razy-9794567-0 download attempt (malware-other.rules) * 1:56376 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ComRAT variant download attempt (malware-cnc.rules) * 1:56395 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ursu-9794593-0 download attempt (malware-other.rules) * 1:56394 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ursu-9794593-0 download attempt (malware-other.rules) * 1:56397 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9794604-0 download attempt (malware-other.rules) * 1:56392 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Razy-9794567-0 download attempt (malware-other.rules) * 1:56399 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Qbot-9794652-0 download attempt (malware-other.rules) * 1:56398 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Qbot-9794652-0 download attempt (malware-other.rules) * 1:56396 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9794604-0 download attempt (malware-other.rules) * 1:56401 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Razy-9794901-0 download attempt (malware-other.rules) * 1:56400 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Razy-9794901-0 download attempt (malware-other.rules) * 1:56412 <-> DISABLED <-> POLICY-OTHER Cisco Security Manager vulnerable CTMServlet access detected (policy-other.rules) * 1:56343 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9793635-0 download attempt (malware-other.rules) * 1:56370 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.GlitchPOS malicious executable download attempt (malware-other.rules) * 1:56339 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Dagava-9793006-0 download attempt (malware-other.rules) * 1:56417 <-> ENABLED <-> SERVER-WEBAPP Cisco Security Manager SampleFileDownloadServlet directory traversal attempt (server-webapp.rules) * 1:56415 <-> ENABLED <-> SERVER-WEBAPP Cisco Security Manager XmpFileDownloadServlet directory traversal attempt (server-webapp.rules) * 1:56414 <-> ENABLED <-> SERVER-WEBAPP Cisco Security Manager XmpFileDownloadServlet directory traversal attempt (server-webapp.rules) * 1:56363 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Cerber-9794403-0 download attempt (malware-other.rules) * 1:56406 <-> ENABLED <-> INDICATOR-SHELLCODE ysoserial Java object deserialization exploit attempt (indicator-shellcode.rules) * 1:56407 <-> ENABLED <-> INDICATOR-SHELLCODE ysoserial Java object deserialization exploit attempt (indicator-shellcode.rules) * 1:56374 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ComRAT variant binary download attempt (malware-cnc.rules) * 1:56386 <-> DISABLED <-> PROTOCOL-SCADA Advantech DiagAnywhere remote code execution attempt (protocol-scada.rules) * 1:56391 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Racoon outbound connection attempt (malware-cnc.rules) * 1:56388 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Raccoon data exfiltration attempt (malware-cnc.rules) * 1:56387 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Raccoon CNC decryption key response (malware-cnc.rules) * 1:56402 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-9795078-0 download attempt (malware-other.rules) * 1:56377 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ComRAT variant binary download attempt (malware-cnc.rules) * 1:56403 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-9795078-0 download attempt (malware-other.rules) * 1:56405 <-> ENABLED <-> SERVER-WEBAPP Cisco Security Manager XmpFileUploadServlet directory traversal attempt (server-webapp.rules) * 1:56408 <-> DISABLED <-> POLICY-OTHER Cisco Security Manager vulnerable CsJaasServiceServlet access detected (policy-other.rules) * 1:56409 <-> DISABLED <-> POLICY-OTHER Cisco Security Manager vulnerable SecretService.jsp access detected (policy-other.rules) * 3:56382 <-> ENABLED <-> BROWSER-WEBKIT TRUFFLEHUNTER TALOS-2020-1195 attack attempt (browser-webkit.rules) * 3:56379 <-> ENABLED <-> BROWSER-WEBKIT TRUFFLEHUNTER TALOS-2020-1195 attack attempt (browser-webkit.rules) * 3:56381 <-> ENABLED <-> BROWSER-WEBKIT TRUFFLEHUNTER TALOS-2020-1195 attack attempt (browser-webkit.rules) * 3:56390 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2020-1197 attack attempt (file-office.rules) * 3:56365 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-1183 attack attempt (file-image.rules) * 3:56380 <-> ENABLED <-> BROWSER-WEBKIT TRUFFLEHUNTER TALOS-2020-1195 attack attempt (browser-webkit.rules) * 3:56366 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-1183 attack attempt (file-image.rules) * 3:56389 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2020-1197 attack attempt (file-office.rules)
* 1:46937 <-> ENABLED <-> INDICATOR-SHELLCODE ysoserial Java object deserialization exploit attempt (indicator-shellcode.rules) * 1:50475 <-> ENABLED <-> MALWARE-BACKDOOR JSP Web shell access attempt (malware-backdoor.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091300.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:56408 <-> DISABLED <-> POLICY-OTHER Cisco Security Manager vulnerable CsJaasServiceServlet access detected (policy-other.rules) * 1:56413 <-> DISABLED <-> POLICY-OTHER Cisco Security Manager vulnerable SecretServiceServlet access detected (policy-other.rules) * 1:56417 <-> ENABLED <-> SERVER-WEBAPP Cisco Security Manager SampleFileDownloadServlet directory traversal attempt (server-webapp.rules) * 1:56418 <-> ENABLED <-> SERVER-WEBAPP Cisco Security Manager SampleFileDownloadServlet directory traversal attempt (server-webapp.rules) * 1:56402 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-9795078-0 download attempt (malware-other.rules) * 1:56410 <-> DISABLED <-> POLICY-OTHER Cisco Security Manager vulnerable AuthTokenServlet access detected (policy-other.rules) * 1:56419 <-> ENABLED <-> SERVER-WEBAPP Cisco Security Manager SampleFileDownloadServlet directory traversal attempt (server-webapp.rules) * 1:56411 <-> DISABLED <-> POLICY-OTHER Cisco Security Manager vulnerable ClientServicesServlet access detected (policy-other.rules) * 1:56409 <-> DISABLED <-> POLICY-OTHER Cisco Security Manager vulnerable SecretService.jsp access detected (policy-other.rules) * 1:56376 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ComRAT variant download attempt (malware-cnc.rules) * 1:56404 <-> ENABLED <-> SERVER-WEBAPP Cisco Security Manager XmpFileUploadServlet arbitrary JSP file upload attempt (server-webapp.rules) * 1:56420 <-> ENABLED <-> SERVER-WEBAPP Cisco Security Manager resultsFrame directory traversal attempt (server-webapp.rules) * 1:56416 <-> ENABLED <-> SERVER-WEBAPP Cisco Security Manager XmpFileDownloadServlet directory traversal attempt (server-webapp.rules) * 1:56421 <-> ENABLED <-> SERVER-WEBAPP Cisco Security Manager resultsFrame directory traversal attempt (server-webapp.rules) * 1:56422 <-> ENABLED <-> SERVER-WEBAPP Cisco Security Manager resultsFrame directory traversal attempt (server-webapp.rules) * 1:56423 <-> ENABLED <-> SERVER-WEBAPP Cisco Security Manager xdmProxy directory traversal attempt (server-webapp.rules) * 1:56403 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-9795078-0 download attempt (malware-other.rules) * 1:56328 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9791863-0 download attempt (malware-other.rules) * 1:56334 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Ursu-9792860-0 download attempt (malware-other.rules) * 1:56333 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zbot-9792718-0 download attempt (malware-other.rules) * 1:56332 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zbot-9792718-0 download attempt (malware-other.rules) * 1:56383 <-> DISABLED <-> PROTOCOL-SCADA Advantech DiagAnywhere remote code execution attempt (protocol-scada.rules) * 1:56335 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Ursu-9792860-0 download attempt (malware-other.rules) * 1:56340 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Daws-9793378-0 download attempt (malware-other.rules) * 1:56337 <-> DISABLED <-> MALWARE-OTHER PUA.Win.File.Zusy-9792896-0 download attempt (malware-other.rules) * 1:56377 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ComRAT variant binary download attempt (malware-cnc.rules) * 1:56336 <-> DISABLED <-> MALWARE-OTHER PUA.Win.File.Zusy-9792896-0 download attempt (malware-other.rules) * 1:56338 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Dagava-9793006-0 download attempt (malware-other.rules) * 1:56344 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9793638-0 download attempt (malware-other.rules) * 1:56339 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Dagava-9793006-0 download attempt (malware-other.rules) * 1:56342 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9793635-0 download attempt (malware-other.rules) * 1:56341 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Daws-9793378-0 download attempt (malware-other.rules) * 1:56348 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Chen-9793785-0 download attempt (malware-other.rules) * 1:56343 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9793635-0 download attempt (malware-other.rules) * 1:56346 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Icloader-9793684-0 download attempt (malware-other.rules) * 1:56345 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9793638-0 download attempt (malware-other.rules) * 1:56352 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9793788-0 download attempt (malware-other.rules) * 1:56347 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Icloader-9793684-0 download attempt (malware-other.rules) * 1:56350 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9793863-0 download attempt (malware-other.rules) * 1:56349 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Chen-9793785-0 download attempt (malware-other.rules) * 1:56356 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9794293-0 download attempt (malware-other.rules) * 1:56351 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9793863-0 download attempt (malware-other.rules) * 1:56329 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9791863-0 download attempt (malware-other.rules) * 1:56374 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ComRAT variant binary download attempt (malware-cnc.rules) * 1:56354 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9793953-0 download attempt (malware-other.rules) * 1:56412 <-> DISABLED <-> POLICY-OTHER Cisco Security Manager vulnerable CTMServlet access detected (policy-other.rules) * 1:56330 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Rukoma-9792185-0 download attempt (malware-other.rules) * 1:56331 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Rukoma-9792185-0 download attempt (malware-other.rules) * 1:56384 <-> DISABLED <-> PROTOCOL-SCADA Advantech DiagAnywhere remote code execution attempt (protocol-scada.rules) * 1:56385 <-> DISABLED <-> PROTOCOL-SCADA Advantech DiagAnywhere remote code execution attempt (protocol-scada.rules) * 1:56387 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Raccoon CNC decryption key response (malware-cnc.rules) * 1:56353 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9793788-0 download attempt (malware-other.rules) * 1:56414 <-> ENABLED <-> SERVER-WEBAPP Cisco Security Manager XmpFileDownloadServlet directory traversal attempt (server-webapp.rules) * 1:56415 <-> ENABLED <-> SERVER-WEBAPP Cisco Security Manager XmpFileDownloadServlet directory traversal attempt (server-webapp.rules) * 1:56360 <-> DISABLED <-> MALWARE-OTHER PUA.Win.File.Playtech-9794342-0 download attempt (malware-other.rules) * 1:56378 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ComRAT variant binary download attempt (malware-cnc.rules) * 1:56355 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9793953-0 download attempt (malware-other.rules) * 1:56358 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Ulise-9794347-0 download attempt (malware-other.rules) * 1:56392 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Razy-9794567-0 download attempt (malware-other.rules) * 1:56357 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9794293-0 download attempt (malware-other.rules) * 1:56364 <-> DISABLED <-> SERVER-WEBAPP D-Link DSR-250N denial of service attempt (server-webapp.rules) * 1:56398 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Qbot-9794652-0 download attempt (malware-other.rules) * 1:56359 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Ulise-9794347-0 download attempt (malware-other.rules) * 1:56406 <-> ENABLED <-> INDICATOR-SHELLCODE ysoserial Java object deserialization exploit attempt (indicator-shellcode.rules) * 1:56391 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Racoon outbound connection attempt (malware-cnc.rules) * 1:56362 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Cerber-9794403-0 download attempt (malware-other.rules) * 1:56361 <-> DISABLED <-> MALWARE-OTHER PUA.Win.File.Playtech-9794342-0 download attempt (malware-other.rules) * 1:56401 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Razy-9794901-0 download attempt (malware-other.rules) * 1:56393 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Razy-9794567-0 download attempt (malware-other.rules) * 1:56396 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9794604-0 download attempt (malware-other.rules) * 1:56395 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ursu-9794593-0 download attempt (malware-other.rules) * 1:56394 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ursu-9794593-0 download attempt (malware-other.rules) * 1:56407 <-> ENABLED <-> INDICATOR-SHELLCODE ysoserial Java object deserialization exploit attempt (indicator-shellcode.rules) * 1:56397 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9794604-0 download attempt (malware-other.rules) * 1:56388 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Raccoon data exfiltration attempt (malware-cnc.rules) * 1:56370 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.GlitchPOS malicious executable download attempt (malware-other.rules) * 1:56399 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Qbot-9794652-0 download attempt (malware-other.rules) * 1:56400 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Razy-9794901-0 download attempt (malware-other.rules) * 1:56405 <-> ENABLED <-> SERVER-WEBAPP Cisco Security Manager XmpFileUploadServlet directory traversal attempt (server-webapp.rules) * 1:56386 <-> DISABLED <-> PROTOCOL-SCADA Advantech DiagAnywhere remote code execution attempt (protocol-scada.rules) * 1:56363 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Cerber-9794403-0 download attempt (malware-other.rules) * 1:56368 <-> ENABLED <-> MALWARE-CNC Win.Trojan.GlitchPOS variant outbound connection attempt (malware-cnc.rules) * 1:56367 <-> ENABLED <-> MALWARE-CNC Win.Trojan.GlitchPOS variant outbound connection attempt (malware-cnc.rules) * 1:56373 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ComRAT variant download attempt (malware-cnc.rules) * 1:56369 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.GlitchPOS malicious executable download attempt (malware-other.rules) * 1:56372 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ComRAT variant binary download attempt (malware-cnc.rules) * 1:56371 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ComRAT variant binary download attempt (malware-cnc.rules) * 1:56375 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ComRAT variant binary download attempt (malware-cnc.rules) * 3:56380 <-> ENABLED <-> BROWSER-WEBKIT TRUFFLEHUNTER TALOS-2020-1195 attack attempt (browser-webkit.rules) * 3:56390 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2020-1197 attack attempt (file-office.rules) * 3:56381 <-> ENABLED <-> BROWSER-WEBKIT TRUFFLEHUNTER TALOS-2020-1195 attack attempt (browser-webkit.rules) * 3:56389 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2020-1197 attack attempt (file-office.rules) * 3:56379 <-> ENABLED <-> BROWSER-WEBKIT TRUFFLEHUNTER TALOS-2020-1195 attack attempt (browser-webkit.rules) * 3:56382 <-> ENABLED <-> BROWSER-WEBKIT TRUFFLEHUNTER TALOS-2020-1195 attack attempt (browser-webkit.rules) * 3:56365 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-1183 attack attempt (file-image.rules) * 3:56366 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-1183 attack attempt (file-image.rules)
* 1:46937 <-> ENABLED <-> INDICATOR-SHELLCODE ysoserial Java object deserialization exploit attempt (indicator-shellcode.rules) * 1:50475 <-> ENABLED <-> MALWARE-BACKDOOR JSP Web shell access attempt (malware-backdoor.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091101.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:56385 <-> DISABLED <-> PROTOCOL-SCADA Advantech DiagAnywhere remote code execution attempt (protocol-scada.rules) * 1:56359 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Ulise-9794347-0 download attempt (malware-other.rules) * 1:56402 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-9795078-0 download attempt (malware-other.rules) * 1:56408 <-> DISABLED <-> POLICY-OTHER Cisco Security Manager vulnerable CsJaasServiceServlet access detected (policy-other.rules) * 1:56413 <-> DISABLED <-> POLICY-OTHER Cisco Security Manager vulnerable SecretServiceServlet access detected (policy-other.rules) * 1:56352 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9793788-0 download attempt (malware-other.rules) * 1:56404 <-> ENABLED <-> SERVER-WEBAPP Cisco Security Manager XmpFileUploadServlet arbitrary JSP file upload attempt (server-webapp.rules) * 1:56414 <-> ENABLED <-> SERVER-WEBAPP Cisco Security Manager XmpFileDownloadServlet directory traversal attempt (server-webapp.rules) * 1:56415 <-> ENABLED <-> SERVER-WEBAPP Cisco Security Manager XmpFileDownloadServlet directory traversal attempt (server-webapp.rules) * 1:56412 <-> DISABLED <-> POLICY-OTHER Cisco Security Manager vulnerable CTMServlet access detected (policy-other.rules) * 1:56330 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Rukoma-9792185-0 download attempt (malware-other.rules) * 1:56331 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Rukoma-9792185-0 download attempt (malware-other.rules) * 1:56418 <-> ENABLED <-> SERVER-WEBAPP Cisco Security Manager SampleFileDownloadServlet directory traversal attempt (server-webapp.rules) * 1:56349 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Chen-9793785-0 download attempt (malware-other.rules) * 1:56353 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9793788-0 download attempt (malware-other.rules) * 1:56328 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9791863-0 download attempt (malware-other.rules) * 1:56329 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9791863-0 download attempt (malware-other.rules) * 1:56376 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ComRAT variant download attempt (malware-cnc.rules) * 1:56419 <-> ENABLED <-> SERVER-WEBAPP Cisco Security Manager SampleFileDownloadServlet directory traversal attempt (server-webapp.rules) * 1:56420 <-> ENABLED <-> SERVER-WEBAPP Cisco Security Manager resultsFrame directory traversal attempt (server-webapp.rules) * 1:56360 <-> DISABLED <-> MALWARE-OTHER PUA.Win.File.Playtech-9794342-0 download attempt (malware-other.rules) * 1:56411 <-> DISABLED <-> POLICY-OTHER Cisco Security Manager vulnerable ClientServicesServlet access detected (policy-other.rules) * 1:56421 <-> ENABLED <-> SERVER-WEBAPP Cisco Security Manager resultsFrame directory traversal attempt (server-webapp.rules) * 1:56416 <-> ENABLED <-> SERVER-WEBAPP Cisco Security Manager XmpFileDownloadServlet directory traversal attempt (server-webapp.rules) * 1:56422 <-> ENABLED <-> SERVER-WEBAPP Cisco Security Manager resultsFrame directory traversal attempt (server-webapp.rules) * 1:56423 <-> ENABLED <-> SERVER-WEBAPP Cisco Security Manager xdmProxy directory traversal attempt (server-webapp.rules) * 1:56403 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-9795078-0 download attempt (malware-other.rules) * 1:56354 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9793953-0 download attempt (malware-other.rules) * 1:56333 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zbot-9792718-0 download attempt (malware-other.rules) * 1:56334 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Ursu-9792860-0 download attempt (malware-other.rules) * 1:56336 <-> DISABLED <-> MALWARE-OTHER PUA.Win.File.Zusy-9792896-0 download attempt (malware-other.rules) * 1:56338 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Dagava-9793006-0 download attempt (malware-other.rules) * 1:56337 <-> DISABLED <-> MALWARE-OTHER PUA.Win.File.Zusy-9792896-0 download attempt (malware-other.rules) * 1:56340 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Daws-9793378-0 download attempt (malware-other.rules) * 1:56335 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Ursu-9792860-0 download attempt (malware-other.rules) * 1:56342 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9793635-0 download attempt (malware-other.rules) * 1:56341 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Daws-9793378-0 download attempt (malware-other.rules) * 1:56344 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9793638-0 download attempt (malware-other.rules) * 1:56339 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Dagava-9793006-0 download attempt (malware-other.rules) * 1:56346 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Icloader-9793684-0 download attempt (malware-other.rules) * 1:56345 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9793638-0 download attempt (malware-other.rules) * 1:56348 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Chen-9793785-0 download attempt (malware-other.rules) * 1:56343 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9793635-0 download attempt (malware-other.rules) * 1:56358 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Ulise-9794347-0 download attempt (malware-other.rules) * 1:56351 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9793863-0 download attempt (malware-other.rules) * 1:56363 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Cerber-9794403-0 download attempt (malware-other.rules) * 1:56347 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Icloader-9793684-0 download attempt (malware-other.rules) * 1:56368 <-> ENABLED <-> MALWARE-CNC Win.Trojan.GlitchPOS variant outbound connection attempt (malware-cnc.rules) * 1:56364 <-> DISABLED <-> SERVER-WEBAPP D-Link DSR-250N denial of service attempt (server-webapp.rules) * 1:56371 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ComRAT variant binary download attempt (malware-cnc.rules) * 1:56361 <-> DISABLED <-> MALWARE-OTHER PUA.Win.File.Playtech-9794342-0 download attempt (malware-other.rules) * 1:56375 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ComRAT variant binary download attempt (malware-cnc.rules) * 1:56374 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ComRAT variant binary download attempt (malware-cnc.rules) * 1:56395 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ursu-9794593-0 download attempt (malware-other.rules) * 1:56369 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.GlitchPOS malicious executable download attempt (malware-other.rules) * 1:56397 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9794604-0 download attempt (malware-other.rules) * 1:56396 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9794604-0 download attempt (malware-other.rules) * 1:56399 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Qbot-9794652-0 download attempt (malware-other.rules) * 1:56388 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Raccoon data exfiltration attempt (malware-cnc.rules) * 1:56401 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Razy-9794901-0 download attempt (malware-other.rules) * 1:56400 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Razy-9794901-0 download attempt (malware-other.rules) * 1:56398 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Qbot-9794652-0 download attempt (malware-other.rules) * 1:56350 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9793863-0 download attempt (malware-other.rules) * 1:56409 <-> DISABLED <-> POLICY-OTHER Cisco Security Manager vulnerable SecretService.jsp access detected (policy-other.rules) * 1:56417 <-> ENABLED <-> SERVER-WEBAPP Cisco Security Manager SampleFileDownloadServlet directory traversal attempt (server-webapp.rules) * 1:56332 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zbot-9792718-0 download attempt (malware-other.rules) * 1:56362 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Cerber-9794403-0 download attempt (malware-other.rules) * 1:56410 <-> DISABLED <-> POLICY-OTHER Cisco Security Manager vulnerable AuthTokenServlet access detected (policy-other.rules) * 1:56355 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9793953-0 download attempt (malware-other.rules) * 1:56356 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9794293-0 download attempt (malware-other.rules) * 1:56393 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Razy-9794567-0 download attempt (malware-other.rules) * 1:56394 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ursu-9794593-0 download attempt (malware-other.rules) * 1:56357 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9794293-0 download attempt (malware-other.rules) * 1:56387 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Raccoon CNC decryption key response (malware-cnc.rules) * 1:56372 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ComRAT variant binary download attempt (malware-cnc.rules) * 1:56373 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ComRAT variant download attempt (malware-cnc.rules) * 1:56367 <-> ENABLED <-> MALWARE-CNC Win.Trojan.GlitchPOS variant outbound connection attempt (malware-cnc.rules) * 1:56377 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ComRAT variant binary download attempt (malware-cnc.rules) * 1:56384 <-> DISABLED <-> PROTOCOL-SCADA Advantech DiagAnywhere remote code execution attempt (protocol-scada.rules) * 1:56383 <-> DISABLED <-> PROTOCOL-SCADA Advantech DiagAnywhere remote code execution attempt (protocol-scada.rules) * 1:56378 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ComRAT variant binary download attempt (malware-cnc.rules) * 1:56386 <-> DISABLED <-> PROTOCOL-SCADA Advantech DiagAnywhere remote code execution attempt (protocol-scada.rules) * 1:56370 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.GlitchPOS malicious executable download attempt (malware-other.rules) * 1:56406 <-> ENABLED <-> INDICATOR-SHELLCODE ysoserial Java object deserialization exploit attempt (indicator-shellcode.rules) * 1:56407 <-> ENABLED <-> INDICATOR-SHELLCODE ysoserial Java object deserialization exploit attempt (indicator-shellcode.rules) * 1:56391 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Racoon outbound connection attempt (malware-cnc.rules) * 1:56392 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Razy-9794567-0 download attempt (malware-other.rules) * 1:56405 <-> ENABLED <-> SERVER-WEBAPP Cisco Security Manager XmpFileUploadServlet directory traversal attempt (server-webapp.rules) * 3:56365 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-1183 attack attempt (file-image.rules) * 3:56379 <-> ENABLED <-> BROWSER-WEBKIT TRUFFLEHUNTER TALOS-2020-1195 attack attempt (browser-webkit.rules) * 3:56381 <-> ENABLED <-> BROWSER-WEBKIT TRUFFLEHUNTER TALOS-2020-1195 attack attempt (browser-webkit.rules) * 3:56390 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2020-1197 attack attempt (file-office.rules) * 3:56382 <-> ENABLED <-> BROWSER-WEBKIT TRUFFLEHUNTER TALOS-2020-1195 attack attempt (browser-webkit.rules) * 3:56366 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-1183 attack attempt (file-image.rules) * 3:56389 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2020-1197 attack attempt (file-office.rules) * 3:56380 <-> ENABLED <-> BROWSER-WEBKIT TRUFFLEHUNTER TALOS-2020-1195 attack attempt (browser-webkit.rules)
* 1:46937 <-> ENABLED <-> INDICATOR-SHELLCODE ysoserial Java object deserialization exploit attempt (indicator-shellcode.rules) * 1:50475 <-> ENABLED <-> MALWARE-BACKDOOR JSP Web shell access attempt (malware-backdoor.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3000.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:56330 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Rukoma-9792185-0 download attempt (snort3-malware-other.rules) * 1:56422 <-> ENABLED <-> SERVER-WEBAPP Cisco Security Manager resultsFrame directory traversal attempt (snort3-server-webapp.rules) * 1:56334 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Ursu-9792860-0 download attempt (snort3-malware-other.rules) * 1:56335 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Ursu-9792860-0 download attempt (snort3-malware-other.rules) * 1:56420 <-> ENABLED <-> SERVER-WEBAPP Cisco Security Manager resultsFrame directory traversal attempt (snort3-server-webapp.rules) * 1:56332 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zbot-9792718-0 download attempt (snort3-malware-other.rules) * 1:56333 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zbot-9792718-0 download attempt (snort3-malware-other.rules) * 1:56416 <-> ENABLED <-> SERVER-WEBAPP Cisco Security Manager XmpFileDownloadServlet directory traversal attempt (snort3-server-webapp.rules) * 1:56406 <-> ENABLED <-> INDICATOR-SHELLCODE ysoserial Java object deserialization exploit attempt (snort3-indicator-shellcode.rules) * 1:56423 <-> ENABLED <-> SERVER-WEBAPP Cisco Security Manager xdmProxy directory traversal attempt (snort3-server-webapp.rules) * 1:56417 <-> ENABLED <-> SERVER-WEBAPP Cisco Security Manager SampleFileDownloadServlet directory traversal attempt (snort3-server-webapp.rules) * 1:56415 <-> ENABLED <-> SERVER-WEBAPP Cisco Security Manager XmpFileDownloadServlet directory traversal attempt (snort3-server-webapp.rules) * 1:56414 <-> ENABLED <-> SERVER-WEBAPP Cisco Security Manager XmpFileDownloadServlet directory traversal attempt (snort3-server-webapp.rules) * 1:56336 <-> DISABLED <-> MALWARE-OTHER PUA.Win.File.Zusy-9792896-0 download attempt (snort3-malware-other.rules) * 1:56337 <-> DISABLED <-> MALWARE-OTHER PUA.Win.File.Zusy-9792896-0 download attempt (snort3-malware-other.rules) * 1:56328 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9791863-0 download attempt (snort3-malware-other.rules) * 1:56338 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Dagava-9793006-0 download attempt (snort3-malware-other.rules) * 1:56329 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9791863-0 download attempt (snort3-malware-other.rules) * 1:56339 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Dagava-9793006-0 download attempt (snort3-malware-other.rules) * 1:56340 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Daws-9793378-0 download attempt (snort3-malware-other.rules) * 1:56341 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Daws-9793378-0 download attempt (snort3-malware-other.rules) * 1:56342 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9793635-0 download attempt (snort3-malware-other.rules) * 1:56343 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9793635-0 download attempt (snort3-malware-other.rules) * 1:56344 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9793638-0 download attempt (snort3-malware-other.rules) * 1:56345 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9793638-0 download attempt (snort3-malware-other.rules) * 1:56346 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Icloader-9793684-0 download attempt (snort3-malware-other.rules) * 1:56347 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Icloader-9793684-0 download attempt (snort3-malware-other.rules) * 1:56348 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Chen-9793785-0 download attempt (snort3-malware-other.rules) * 1:56349 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Chen-9793785-0 download attempt (snort3-malware-other.rules) * 1:56350 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9793863-0 download attempt (snort3-malware-other.rules) * 1:56351 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9793863-0 download attempt (snort3-malware-other.rules) * 1:56352 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9793788-0 download attempt (snort3-malware-other.rules) * 1:56353 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9793788-0 download attempt (snort3-malware-other.rules) * 1:56354 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9793953-0 download attempt (snort3-malware-other.rules) * 1:56355 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9793953-0 download attempt (snort3-malware-other.rules) * 1:56356 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9794293-0 download attempt (snort3-malware-other.rules) * 1:56357 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9794293-0 download attempt (snort3-malware-other.rules) * 1:56358 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Ulise-9794347-0 download attempt (snort3-malware-other.rules) * 1:56359 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Ulise-9794347-0 download attempt (snort3-malware-other.rules) * 1:56360 <-> DISABLED <-> MALWARE-OTHER PUA.Win.File.Playtech-9794342-0 download attempt (snort3-malware-other.rules) * 1:56361 <-> DISABLED <-> MALWARE-OTHER PUA.Win.File.Playtech-9794342-0 download attempt (snort3-malware-other.rules) * 1:56362 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Cerber-9794403-0 download attempt (snort3-malware-other.rules) * 1:56363 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Cerber-9794403-0 download attempt (snort3-malware-other.rules) * 1:56364 <-> DISABLED <-> SERVER-WEBAPP D-Link DSR-250N denial of service attempt (snort3-server-webapp.rules) * 1:56367 <-> ENABLED <-> MALWARE-CNC Win.Trojan.GlitchPOS variant outbound connection attempt (snort3-malware-cnc.rules) * 1:56368 <-> ENABLED <-> MALWARE-CNC Win.Trojan.GlitchPOS variant outbound connection attempt (snort3-malware-cnc.rules) * 1:56369 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.GlitchPOS malicious executable download attempt (snort3-malware-other.rules) * 1:56370 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.GlitchPOS malicious executable download attempt (snort3-malware-other.rules) * 1:56371 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ComRAT variant binary download attempt (snort3-malware-cnc.rules) * 1:56372 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ComRAT variant binary download attempt (snort3-malware-cnc.rules) * 1:56373 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ComRAT variant download attempt (snort3-malware-cnc.rules) * 1:56374 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ComRAT variant binary download attempt (snort3-malware-cnc.rules) * 1:56375 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ComRAT variant binary download attempt (snort3-malware-cnc.rules) * 1:56376 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ComRAT variant download attempt (snort3-malware-cnc.rules) * 1:56377 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ComRAT variant binary download attempt (snort3-malware-cnc.rules) * 1:56378 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ComRAT variant binary download attempt (snort3-malware-cnc.rules) * 1:56383 <-> DISABLED <-> PROTOCOL-SCADA Advantech DiagAnywhere remote code execution attempt (snort3-protocol-scada.rules) * 1:56408 <-> DISABLED <-> POLICY-OTHER Cisco Security Manager vulnerable CsJaasServiceServlet access detected (snort3-policy-other.rules) * 1:56384 <-> DISABLED <-> PROTOCOL-SCADA Advantech DiagAnywhere remote code execution attempt (snort3-protocol-scada.rules) * 1:56413 <-> DISABLED <-> POLICY-OTHER Cisco Security Manager vulnerable SecretServiceServlet access detected (snort3-policy-other.rules) * 1:56385 <-> DISABLED <-> PROTOCOL-SCADA Advantech DiagAnywhere remote code execution attempt (snort3-protocol-scada.rules) * 1:56386 <-> DISABLED <-> PROTOCOL-SCADA Advantech DiagAnywhere remote code execution attempt (snort3-protocol-scada.rules) * 1:56419 <-> ENABLED <-> SERVER-WEBAPP Cisco Security Manager SampleFileDownloadServlet directory traversal attempt (snort3-server-webapp.rules) * 1:56418 <-> ENABLED <-> SERVER-WEBAPP Cisco Security Manager SampleFileDownloadServlet directory traversal attempt (snort3-server-webapp.rules) * 1:56387 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Raccoon CNC decryption key response (snort3-malware-cnc.rules) * 1:56388 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Raccoon data exfiltration attempt (snort3-malware-cnc.rules) * 1:56412 <-> DISABLED <-> POLICY-OTHER Cisco Security Manager vulnerable CTMServlet access detected (snort3-policy-other.rules) * 1:56391 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Racoon outbound connection attempt (snort3-malware-cnc.rules) * 1:56392 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Razy-9794567-0 download attempt (snort3-malware-other.rules) * 1:56393 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Razy-9794567-0 download attempt (snort3-malware-other.rules) * 1:56421 <-> ENABLED <-> SERVER-WEBAPP Cisco Security Manager resultsFrame directory traversal attempt (snort3-server-webapp.rules) * 1:56394 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ursu-9794593-0 download attempt (snort3-malware-other.rules) * 1:56395 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ursu-9794593-0 download attempt (snort3-malware-other.rules) * 1:56396 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9794604-0 download attempt (snort3-malware-other.rules) * 1:56397 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9794604-0 download attempt (snort3-malware-other.rules) * 1:56411 <-> DISABLED <-> POLICY-OTHER Cisco Security Manager vulnerable ClientServicesServlet access detected (snort3-policy-other.rules) * 1:56331 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Rukoma-9792185-0 download attempt (snort3-malware-other.rules) * 1:56398 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Qbot-9794652-0 download attempt (snort3-malware-other.rules) * 1:56399 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Qbot-9794652-0 download attempt (snort3-malware-other.rules) * 1:56400 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Razy-9794901-0 download attempt (snort3-malware-other.rules) * 1:56401 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Razy-9794901-0 download attempt (snort3-malware-other.rules) * 1:56407 <-> ENABLED <-> INDICATOR-SHELLCODE ysoserial Java object deserialization exploit attempt (snort3-indicator-shellcode.rules) * 1:56410 <-> DISABLED <-> POLICY-OTHER Cisco Security Manager vulnerable AuthTokenServlet access detected (snort3-policy-other.rules) * 1:56402 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-9795078-0 download attempt (snort3-malware-other.rules) * 1:56403 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-9795078-0 download attempt (snort3-malware-other.rules) * 1:56409 <-> DISABLED <-> POLICY-OTHER Cisco Security Manager vulnerable SecretService.jsp access detected (snort3-policy-other.rules) * 1:56404 <-> ENABLED <-> SERVER-WEBAPP Cisco Security Manager XmpFileUploadServlet arbitrary JSP file upload attempt (snort3-server-webapp.rules) * 1:56405 <-> ENABLED <-> SERVER-WEBAPP Cisco Security Manager XmpFileUploadServlet directory traversal attempt (snort3-server-webapp.rules)
* 1:46937 <-> ENABLED <-> INDICATOR-SHELLCODE ysoserial Java object deserialization exploit attempt (snort3-indicator-shellcode.rules) * 1:50475 <-> ENABLED <-> MALWARE-BACKDOOR JSP Web shell access attempt (snort3-malware-backdoor.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:56405 <-> ENABLED <-> SERVER-WEBAPP Cisco Security Manager XmpFileUploadServlet directory traversal attempt (server-webapp.rules) * 1:56412 <-> DISABLED <-> POLICY-OTHER Cisco Security Manager vulnerable CTMServlet access detected (policy-other.rules) * 1:56418 <-> ENABLED <-> SERVER-WEBAPP Cisco Security Manager SampleFileDownloadServlet directory traversal attempt (server-webapp.rules) * 1:56409 <-> DISABLED <-> POLICY-OTHER Cisco Security Manager vulnerable SecretService.jsp access detected (policy-other.rules) * 1:56410 <-> DISABLED <-> POLICY-OTHER Cisco Security Manager vulnerable AuthTokenServlet access detected (policy-other.rules) * 1:56419 <-> ENABLED <-> SERVER-WEBAPP Cisco Security Manager SampleFileDownloadServlet directory traversal attempt (server-webapp.rules) * 1:56420 <-> ENABLED <-> SERVER-WEBAPP Cisco Security Manager resultsFrame directory traversal attempt (server-webapp.rules) * 1:56398 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Qbot-9794652-0 download attempt (malware-other.rules) * 1:56368 <-> ENABLED <-> MALWARE-CNC Win.Trojan.GlitchPOS variant outbound connection attempt (malware-cnc.rules) * 1:56328 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9791863-0 download attempt (malware-other.rules) * 1:56329 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9791863-0 download attempt (malware-other.rules) * 1:56330 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Rukoma-9792185-0 download attempt (malware-other.rules) * 1:56415 <-> ENABLED <-> SERVER-WEBAPP Cisco Security Manager XmpFileDownloadServlet directory traversal attempt (server-webapp.rules) * 1:56331 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Rukoma-9792185-0 download attempt (malware-other.rules) * 1:56332 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zbot-9792718-0 download attempt (malware-other.rules) * 1:56333 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zbot-9792718-0 download attempt (malware-other.rules) * 1:56334 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Ursu-9792860-0 download attempt (malware-other.rules) * 1:56335 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Ursu-9792860-0 download attempt (malware-other.rules) * 1:56336 <-> DISABLED <-> MALWARE-OTHER PUA.Win.File.Zusy-9792896-0 download attempt (malware-other.rules) * 1:56337 <-> DISABLED <-> MALWARE-OTHER PUA.Win.File.Zusy-9792896-0 download attempt (malware-other.rules) * 1:56338 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Dagava-9793006-0 download attempt (malware-other.rules) * 1:56339 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Dagava-9793006-0 download attempt (malware-other.rules) * 1:56340 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Daws-9793378-0 download attempt (malware-other.rules) * 1:56341 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Daws-9793378-0 download attempt (malware-other.rules) * 1:56342 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9793635-0 download attempt (malware-other.rules) * 1:56343 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9793635-0 download attempt (malware-other.rules) * 1:56344 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9793638-0 download attempt (malware-other.rules) * 1:56345 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9793638-0 download attempt (malware-other.rules) * 1:56346 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Icloader-9793684-0 download attempt (malware-other.rules) * 1:56347 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Icloader-9793684-0 download attempt (malware-other.rules) * 1:56348 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Chen-9793785-0 download attempt (malware-other.rules) * 1:56349 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Chen-9793785-0 download attempt (malware-other.rules) * 1:56350 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9793863-0 download attempt (malware-other.rules) * 1:56351 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9793863-0 download attempt (malware-other.rules) * 1:56352 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9793788-0 download attempt (malware-other.rules) * 1:56353 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9793788-0 download attempt (malware-other.rules) * 1:56354 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9793953-0 download attempt (malware-other.rules) * 1:56392 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Razy-9794567-0 download attempt (malware-other.rules) * 1:56355 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9793953-0 download attempt (malware-other.rules) * 1:56356 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9794293-0 download attempt (malware-other.rules) * 1:56357 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9794293-0 download attempt (malware-other.rules) * 1:56358 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Ulise-9794347-0 download attempt (malware-other.rules) * 1:56359 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Ulise-9794347-0 download attempt (malware-other.rules) * 1:56361 <-> DISABLED <-> MALWARE-OTHER PUA.Win.File.Playtech-9794342-0 download attempt (malware-other.rules) * 1:56363 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Cerber-9794403-0 download attempt (malware-other.rules) * 1:56364 <-> DISABLED <-> SERVER-WEBAPP D-Link DSR-250N denial of service attempt (server-webapp.rules) * 1:56369 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.GlitchPOS malicious executable download attempt (malware-other.rules) * 1:56373 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ComRAT variant download attempt (malware-cnc.rules) * 1:56374 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ComRAT variant binary download attempt (malware-cnc.rules) * 1:56376 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ComRAT variant download attempt (malware-cnc.rules) * 1:56378 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ComRAT variant binary download attempt (malware-cnc.rules) * 1:56377 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ComRAT variant binary download attempt (malware-cnc.rules) * 1:56404 <-> ENABLED <-> SERVER-WEBAPP Cisco Security Manager XmpFileUploadServlet arbitrary JSP file upload attempt (server-webapp.rules) * 1:56383 <-> DISABLED <-> PROTOCOL-SCADA Advantech DiagAnywhere remote code execution attempt (protocol-scada.rules) * 1:56386 <-> DISABLED <-> PROTOCOL-SCADA Advantech DiagAnywhere remote code execution attempt (protocol-scada.rules) * 1:56387 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Raccoon CNC decryption key response (malware-cnc.rules) * 1:56388 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Raccoon data exfiltration attempt (malware-cnc.rules) * 1:56391 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Racoon outbound connection attempt (malware-cnc.rules) * 1:56394 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ursu-9794593-0 download attempt (malware-other.rules) * 1:56395 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ursu-9794593-0 download attempt (malware-other.rules) * 1:56397 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9794604-0 download attempt (malware-other.rules) * 1:56400 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Razy-9794901-0 download attempt (malware-other.rules) * 1:56375 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ComRAT variant binary download attempt (malware-cnc.rules) * 1:56367 <-> ENABLED <-> MALWARE-CNC Win.Trojan.GlitchPOS variant outbound connection attempt (malware-cnc.rules) * 1:56411 <-> DISABLED <-> POLICY-OTHER Cisco Security Manager vulnerable ClientServicesServlet access detected (policy-other.rules) * 1:56385 <-> DISABLED <-> PROTOCOL-SCADA Advantech DiagAnywhere remote code execution attempt (protocol-scada.rules) * 1:56403 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-9795078-0 download attempt (malware-other.rules) * 1:56362 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Cerber-9794403-0 download attempt (malware-other.rules) * 1:56401 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Razy-9794901-0 download attempt (malware-other.rules) * 1:56416 <-> ENABLED <-> SERVER-WEBAPP Cisco Security Manager XmpFileDownloadServlet directory traversal attempt (server-webapp.rules) * 1:56402 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-9795078-0 download attempt (malware-other.rules) * 1:56399 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Qbot-9794652-0 download attempt (malware-other.rules) * 1:56406 <-> ENABLED <-> INDICATOR-SHELLCODE ysoserial Java object deserialization exploit attempt (indicator-shellcode.rules) * 1:56370 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.GlitchPOS malicious executable download attempt (malware-other.rules) * 1:56407 <-> ENABLED <-> INDICATOR-SHELLCODE ysoserial Java object deserialization exploit attempt (indicator-shellcode.rules) * 1:56372 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ComRAT variant binary download attempt (malware-cnc.rules) * 1:56421 <-> ENABLED <-> SERVER-WEBAPP Cisco Security Manager resultsFrame directory traversal attempt (server-webapp.rules) * 1:56414 <-> ENABLED <-> SERVER-WEBAPP Cisco Security Manager XmpFileDownloadServlet directory traversal attempt (server-webapp.rules) * 1:56422 <-> ENABLED <-> SERVER-WEBAPP Cisco Security Manager resultsFrame directory traversal attempt (server-webapp.rules) * 1:56408 <-> DISABLED <-> POLICY-OTHER Cisco Security Manager vulnerable CsJaasServiceServlet access detected (policy-other.rules) * 1:56360 <-> DISABLED <-> MALWARE-OTHER PUA.Win.File.Playtech-9794342-0 download attempt (malware-other.rules) * 1:56393 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Razy-9794567-0 download attempt (malware-other.rules) * 1:56396 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9794604-0 download attempt (malware-other.rules) * 1:56384 <-> DISABLED <-> PROTOCOL-SCADA Advantech DiagAnywhere remote code execution attempt (protocol-scada.rules) * 1:56371 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ComRAT variant binary download attempt (malware-cnc.rules) * 1:56423 <-> ENABLED <-> SERVER-WEBAPP Cisco Security Manager xdmProxy directory traversal attempt (server-webapp.rules) * 1:56417 <-> ENABLED <-> SERVER-WEBAPP Cisco Security Manager SampleFileDownloadServlet directory traversal attempt (server-webapp.rules) * 1:56413 <-> DISABLED <-> POLICY-OTHER Cisco Security Manager vulnerable SecretServiceServlet access detected (policy-other.rules) * 3:56365 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-1183 attack attempt (file-image.rules) * 3:56366 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-1183 attack attempt (file-image.rules) * 3:56379 <-> ENABLED <-> BROWSER-WEBKIT TRUFFLEHUNTER TALOS-2020-1195 attack attempt (browser-webkit.rules) * 3:56381 <-> ENABLED <-> BROWSER-WEBKIT TRUFFLEHUNTER TALOS-2020-1195 attack attempt (browser-webkit.rules) * 3:56389 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2020-1197 attack attempt (file-office.rules) * 3:56390 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2020-1197 attack attempt (file-office.rules) * 3:56382 <-> ENABLED <-> BROWSER-WEBKIT TRUFFLEHUNTER TALOS-2020-1195 attack attempt (browser-webkit.rules) * 3:56380 <-> ENABLED <-> BROWSER-WEBKIT TRUFFLEHUNTER TALOS-2020-1195 attack attempt (browser-webkit.rules)
* 1:46937 <-> ENABLED <-> INDICATOR-SHELLCODE ysoserial Java object deserialization exploit attempt (indicator-shellcode.rules) * 1:50475 <-> ENABLED <-> MALWARE-BACKDOOR JSP Web shell access attempt (malware-backdoor.rules)
©2024 Cisco and/or its affiliates. Snort, the Snort and Pig logo are registered trademarks of Cisco. All rights reserved.
