Talos has added and modified multiple rules in the browser-webkit, file-image, file-pdf, malware-cnc, malware-other, netbios, os-other and server-webapp rule sets to provide coverage for emerging threats from these technologies.
For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091700.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:57129 <-> DISABLED <-> SERVER-OTHER ElasticSearch information disclosure attempt (server-other.rules) * 1:57130 <-> DISABLED <-> SERVER-OTHER ElasticSearch information disclosure attempt (server-other.rules) * 1:57131 <-> DISABLED <-> SERVER-OTHER ElasticSearch information disclosure attempt (server-other.rules) * 1:57132 <-> DISABLED <-> SERVER-WEBAPP Barcodes Generator cross site scripting attempt (server-webapp.rules) * 1:57133 <-> DISABLED <-> SERVER-WEBAPP Barcodes Generator cross site scripting attempt (server-webapp.rules) * 1:57137 <-> ENABLED <-> FILE-PDF Adobe Acrobat heap buffer overflow attempt (file-pdf.rules) * 1:57138 <-> ENABLED <-> FILE-PDF Adobe Acrobat heap buffer overflow attempt (file-pdf.rules) * 1:57141 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Masslogger variant E binary download attempt (malware-other.rules) * 1:57142 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Masslogger variant F binary download attempt (malware-other.rules) * 1:57143 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Masslogger variant F binary download attempt (malware-other.rules) * 1:57144 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Masslogger variant C binary download attempt (malware-other.rules) * 1:57145 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Masslogger variant G binary download attempt (malware-other.rules) * 1:57146 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Masslogger variant D binary download attempt (malware-other.rules) * 1:57147 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Masslogger variant A binary download attempt (malware-other.rules) * 1:57148 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Masslogger variant G binary download attempt (malware-other.rules) * 1:57149 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Masslogger variant E binary download attempt (malware-other.rules) * 1:57150 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Masslogger variant D binary download attempt (malware-other.rules) * 1:57151 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Masslogger variant C binary download attempt (malware-other.rules) * 1:57152 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Masslogger variant B binary download attempt (malware-other.rules) * 1:57153 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Masslogger variant B binary download attempt (malware-other.rules) * 1:57154 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Masslogger download request attempt (malware-other.rules) * 3:57134 <-> ENABLED <-> BROWSER-WEBKIT TRUFFLEHUNTER TALOS-2021-1238 attack attempt (browser-webkit.rules) * 3:57135 <-> ENABLED <-> BROWSER-WEBKIT TRUFFLEHUNTER TALOS-2021-1238 attack attempt (browser-webkit.rules) * 3:57136 <-> ENABLED <-> NETBIOS TRUFFLEHUNTER TALOS-2021-1246 attack attempt (netbios.rules) * 3:57139 <-> ENABLED <-> OS-OTHER TRUFFLEHUNTER TALOS-2021-1247 attack attempt (os-other.rules) * 3:57140 <-> ENABLED <-> OS-OTHER TRUFFLEHUNTER TALOS-2021-1247 attack attempt (os-other.rules)
* 1:40850 <-> DISABLED <-> SERVER-WEBAPP VTSCADA WAP information disclosure attempt (server-webapp.rules) * 1:40852 <-> DISABLED <-> SERVER-WEBAPP VTSCADA WAP information disclosure attempt (server-webapp.rules) * 1:33830 <-> DISABLED <-> SERVER-OTHER ElasticSearch script remote code execution attempt (server-other.rules) * 1:44690 <-> DISABLED <-> SERVER-OTHER ElasticSearch script remote code execution attempt (server-other.rules) * 1:54650 <-> DISABLED <-> SERVER-WEBAPP Apache Kylin REST API migrate command injection attempt (server-webapp.rules) * 1:54801 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Taidoor variant outbound connection (malware-cnc.rules) * 1:40851 <-> DISABLED <-> SERVER-WEBAPP VTSCADA WAP information disclosure attempt (server-webapp.rules) * 1:21378 <-> DISABLED <-> SERVER-OTHER Novell iPrint attributes-natural-language buffer overflow attempt (server-other.rules) * 1:40853 <-> DISABLED <-> SERVER-WEBAPP VTSCADA WAP information disclosure attempt (server-webapp.rules) * 1:40854 <-> DISABLED <-> SERVER-WEBAPP VTSCADA WAP information disclosure attempt (server-webapp.rules) * 1:42464 <-> DISABLED <-> FILE-IMAGE Foxit Reader malformed DataSubBlock size attempt (file-image.rules) * 1:43577 <-> DISABLED <-> SERVER-WEBAPP Oracle BPEL Process Manager directory traversal attempt (server-webapp.rules) * 1:51287 <-> DISABLED <-> SERVER-WEBAPP Apache CouchDB _config command injection attempt (server-webapp.rules) * 1:52236 <-> ENABLED <-> SERVER-OTHER Solarwinds Dameware Mini Remote Control agent access attempt (server-other.rules) * 1:54649 <-> DISABLED <-> SERVER-WEBAPP Apache Kylin REST API migrate command injection attempt (server-webapp.rules) * 1:36256 <-> DISABLED <-> SERVER-OTHER ElasticSearch information disclosure attempt (server-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091601.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:57131 <-> DISABLED <-> SERVER-OTHER ElasticSearch information disclosure attempt (server-other.rules) * 1:57132 <-> DISABLED <-> SERVER-WEBAPP Barcodes Generator cross site scripting attempt (server-webapp.rules) * 1:57137 <-> ENABLED <-> FILE-PDF Adobe Acrobat heap buffer overflow attempt (file-pdf.rules) * 1:57133 <-> DISABLED <-> SERVER-WEBAPP Barcodes Generator cross site scripting attempt (server-webapp.rules) * 1:57138 <-> ENABLED <-> FILE-PDF Adobe Acrobat heap buffer overflow attempt (file-pdf.rules) * 1:57141 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Masslogger variant E binary download attempt (malware-other.rules) * 1:57143 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Masslogger variant F binary download attempt (malware-other.rules) * 1:57142 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Masslogger variant F binary download attempt (malware-other.rules) * 1:57129 <-> DISABLED <-> SERVER-OTHER ElasticSearch information disclosure attempt (server-other.rules) * 1:57154 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Masslogger download request attempt (malware-other.rules) * 1:57144 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Masslogger variant C binary download attempt (malware-other.rules) * 1:57145 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Masslogger variant G binary download attempt (malware-other.rules) * 1:57146 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Masslogger variant D binary download attempt (malware-other.rules) * 1:57147 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Masslogger variant A binary download attempt (malware-other.rules) * 1:57152 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Masslogger variant B binary download attempt (malware-other.rules) * 1:57153 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Masslogger variant B binary download attempt (malware-other.rules) * 1:57149 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Masslogger variant E binary download attempt (malware-other.rules) * 1:57148 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Masslogger variant G binary download attempt (malware-other.rules) * 1:57150 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Masslogger variant D binary download attempt (malware-other.rules) * 1:57151 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Masslogger variant C binary download attempt (malware-other.rules) * 1:57130 <-> DISABLED <-> SERVER-OTHER ElasticSearch information disclosure attempt (server-other.rules) * 3:57139 <-> ENABLED <-> OS-OTHER TRUFFLEHUNTER TALOS-2021-1247 attack attempt (os-other.rules) * 3:57134 <-> ENABLED <-> BROWSER-WEBKIT TRUFFLEHUNTER TALOS-2021-1238 attack attempt (browser-webkit.rules) * 3:57135 <-> ENABLED <-> BROWSER-WEBKIT TRUFFLEHUNTER TALOS-2021-1238 attack attempt (browser-webkit.rules) * 3:57136 <-> ENABLED <-> NETBIOS TRUFFLEHUNTER TALOS-2021-1246 attack attempt (netbios.rules) * 3:57140 <-> ENABLED <-> OS-OTHER TRUFFLEHUNTER TALOS-2021-1247 attack attempt (os-other.rules)
* 1:40851 <-> DISABLED <-> SERVER-WEBAPP VTSCADA WAP information disclosure attempt (server-webapp.rules) * 1:54801 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Taidoor variant outbound connection (malware-cnc.rules) * 1:54650 <-> DISABLED <-> SERVER-WEBAPP Apache Kylin REST API migrate command injection attempt (server-webapp.rules) * 1:40850 <-> DISABLED <-> SERVER-WEBAPP VTSCADA WAP information disclosure attempt (server-webapp.rules) * 1:40852 <-> DISABLED <-> SERVER-WEBAPP VTSCADA WAP information disclosure attempt (server-webapp.rules) * 1:33830 <-> DISABLED <-> SERVER-OTHER ElasticSearch script remote code execution attempt (server-other.rules) * 1:44690 <-> DISABLED <-> SERVER-OTHER ElasticSearch script remote code execution attempt (server-other.rules) * 1:21378 <-> DISABLED <-> SERVER-OTHER Novell iPrint attributes-natural-language buffer overflow attempt (server-other.rules) * 1:43577 <-> DISABLED <-> SERVER-WEBAPP Oracle BPEL Process Manager directory traversal attempt (server-webapp.rules) * 1:40853 <-> DISABLED <-> SERVER-WEBAPP VTSCADA WAP information disclosure attempt (server-webapp.rules) * 1:54649 <-> DISABLED <-> SERVER-WEBAPP Apache Kylin REST API migrate command injection attempt (server-webapp.rules) * 1:42464 <-> DISABLED <-> FILE-IMAGE Foxit Reader malformed DataSubBlock size attempt (file-image.rules) * 1:36256 <-> DISABLED <-> SERVER-OTHER ElasticSearch information disclosure attempt (server-other.rules) * 1:51287 <-> DISABLED <-> SERVER-WEBAPP Apache CouchDB _config command injection attempt (server-webapp.rules) * 1:52236 <-> ENABLED <-> SERVER-OTHER Solarwinds Dameware Mini Remote Control agent access attempt (server-other.rules) * 1:40854 <-> DISABLED <-> SERVER-WEBAPP VTSCADA WAP information disclosure attempt (server-webapp.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091600.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:57152 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Masslogger variant B binary download attempt (malware-other.rules) * 1:57153 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Masslogger variant B binary download attempt (malware-other.rules) * 1:57129 <-> DISABLED <-> SERVER-OTHER ElasticSearch information disclosure attempt (server-other.rules) * 1:57143 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Masslogger variant F binary download attempt (malware-other.rules) * 1:57147 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Masslogger variant A binary download attempt (malware-other.rules) * 1:57130 <-> DISABLED <-> SERVER-OTHER ElasticSearch information disclosure attempt (server-other.rules) * 1:57146 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Masslogger variant D binary download attempt (malware-other.rules) * 1:57151 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Masslogger variant C binary download attempt (malware-other.rules) * 1:57145 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Masslogger variant G binary download attempt (malware-other.rules) * 1:57154 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Masslogger download request attempt (malware-other.rules) * 1:57131 <-> DISABLED <-> SERVER-OTHER ElasticSearch information disclosure attempt (server-other.rules) * 1:57132 <-> DISABLED <-> SERVER-WEBAPP Barcodes Generator cross site scripting attempt (server-webapp.rules) * 1:57133 <-> DISABLED <-> SERVER-WEBAPP Barcodes Generator cross site scripting attempt (server-webapp.rules) * 1:57137 <-> ENABLED <-> FILE-PDF Adobe Acrobat heap buffer overflow attempt (file-pdf.rules) * 1:57149 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Masslogger variant E binary download attempt (malware-other.rules) * 1:57148 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Masslogger variant G binary download attempt (malware-other.rules) * 1:57144 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Masslogger variant C binary download attempt (malware-other.rules) * 1:57142 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Masslogger variant F binary download attempt (malware-other.rules) * 1:57150 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Masslogger variant D binary download attempt (malware-other.rules) * 1:57138 <-> ENABLED <-> FILE-PDF Adobe Acrobat heap buffer overflow attempt (file-pdf.rules) * 1:57141 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Masslogger variant E binary download attempt (malware-other.rules) * 3:57136 <-> ENABLED <-> NETBIOS TRUFFLEHUNTER TALOS-2021-1246 attack attempt (netbios.rules) * 3:57134 <-> ENABLED <-> BROWSER-WEBKIT TRUFFLEHUNTER TALOS-2021-1238 attack attempt (browser-webkit.rules) * 3:57139 <-> ENABLED <-> OS-OTHER TRUFFLEHUNTER TALOS-2021-1247 attack attempt (os-other.rules) * 3:57135 <-> ENABLED <-> BROWSER-WEBKIT TRUFFLEHUNTER TALOS-2021-1238 attack attempt (browser-webkit.rules) * 3:57140 <-> ENABLED <-> OS-OTHER TRUFFLEHUNTER TALOS-2021-1247 attack attempt (os-other.rules)
* 1:44690 <-> DISABLED <-> SERVER-OTHER ElasticSearch script remote code execution attempt (server-other.rules) * 1:40850 <-> DISABLED <-> SERVER-WEBAPP VTSCADA WAP information disclosure attempt (server-webapp.rules) * 1:40852 <-> DISABLED <-> SERVER-WEBAPP VTSCADA WAP information disclosure attempt (server-webapp.rules) * 1:33830 <-> DISABLED <-> SERVER-OTHER ElasticSearch script remote code execution attempt (server-other.rules) * 1:36256 <-> DISABLED <-> SERVER-OTHER ElasticSearch information disclosure attempt (server-other.rules) * 1:51287 <-> DISABLED <-> SERVER-WEBAPP Apache CouchDB _config command injection attempt (server-webapp.rules) * 1:54650 <-> DISABLED <-> SERVER-WEBAPP Apache Kylin REST API migrate command injection attempt (server-webapp.rules) * 1:54649 <-> DISABLED <-> SERVER-WEBAPP Apache Kylin REST API migrate command injection attempt (server-webapp.rules) * 1:21378 <-> DISABLED <-> SERVER-OTHER Novell iPrint attributes-natural-language buffer overflow attempt (server-other.rules) * 1:40851 <-> DISABLED <-> SERVER-WEBAPP VTSCADA WAP information disclosure attempt (server-webapp.rules) * 1:42464 <-> DISABLED <-> FILE-IMAGE Foxit Reader malformed DataSubBlock size attempt (file-image.rules) * 1:40853 <-> DISABLED <-> SERVER-WEBAPP VTSCADA WAP information disclosure attempt (server-webapp.rules) * 1:40854 <-> DISABLED <-> SERVER-WEBAPP VTSCADA WAP information disclosure attempt (server-webapp.rules) * 1:52236 <-> ENABLED <-> SERVER-OTHER Solarwinds Dameware Mini Remote Control agent access attempt (server-other.rules) * 1:43577 <-> DISABLED <-> SERVER-WEBAPP Oracle BPEL Process Manager directory traversal attempt (server-webapp.rules) * 1:54801 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Taidoor variant outbound connection (malware-cnc.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091501.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:57148 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Masslogger variant G binary download attempt (malware-other.rules) * 1:57154 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Masslogger download request attempt (malware-other.rules) * 1:57147 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Masslogger variant A binary download attempt (malware-other.rules) * 1:57145 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Masslogger variant G binary download attempt (malware-other.rules) * 1:57131 <-> DISABLED <-> SERVER-OTHER ElasticSearch information disclosure attempt (server-other.rules) * 1:57153 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Masslogger variant B binary download attempt (malware-other.rules) * 1:57150 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Masslogger variant D binary download attempt (malware-other.rules) * 1:57132 <-> DISABLED <-> SERVER-WEBAPP Barcodes Generator cross site scripting attempt (server-webapp.rules) * 1:57144 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Masslogger variant C binary download attempt (malware-other.rules) * 1:57152 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Masslogger variant B binary download attempt (malware-other.rules) * 1:57149 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Masslogger variant E binary download attempt (malware-other.rules) * 1:57130 <-> DISABLED <-> SERVER-OTHER ElasticSearch information disclosure attempt (server-other.rules) * 1:57146 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Masslogger variant D binary download attempt (malware-other.rules) * 1:57138 <-> ENABLED <-> FILE-PDF Adobe Acrobat heap buffer overflow attempt (file-pdf.rules) * 1:57141 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Masslogger variant E binary download attempt (malware-other.rules) * 1:57137 <-> ENABLED <-> FILE-PDF Adobe Acrobat heap buffer overflow attempt (file-pdf.rules) * 1:57151 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Masslogger variant C binary download attempt (malware-other.rules) * 1:57143 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Masslogger variant F binary download attempt (malware-other.rules) * 1:57133 <-> DISABLED <-> SERVER-WEBAPP Barcodes Generator cross site scripting attempt (server-webapp.rules) * 1:57129 <-> DISABLED <-> SERVER-OTHER ElasticSearch information disclosure attempt (server-other.rules) * 1:57142 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Masslogger variant F binary download attempt (malware-other.rules) * 3:57136 <-> ENABLED <-> NETBIOS TRUFFLEHUNTER TALOS-2021-1246 attack attempt (netbios.rules) * 3:57139 <-> ENABLED <-> OS-OTHER TRUFFLEHUNTER TALOS-2021-1247 attack attempt (os-other.rules) * 3:57135 <-> ENABLED <-> BROWSER-WEBKIT TRUFFLEHUNTER TALOS-2021-1238 attack attempt (browser-webkit.rules) * 3:57140 <-> ENABLED <-> OS-OTHER TRUFFLEHUNTER TALOS-2021-1247 attack attempt (os-other.rules) * 3:57134 <-> ENABLED <-> BROWSER-WEBKIT TRUFFLEHUNTER TALOS-2021-1238 attack attempt (browser-webkit.rules)
* 1:44690 <-> DISABLED <-> SERVER-OTHER ElasticSearch script remote code execution attempt (server-other.rules) * 1:21378 <-> DISABLED <-> SERVER-OTHER Novell iPrint attributes-natural-language buffer overflow attempt (server-other.rules) * 1:42464 <-> DISABLED <-> FILE-IMAGE Foxit Reader malformed DataSubBlock size attempt (file-image.rules) * 1:51287 <-> DISABLED <-> SERVER-WEBAPP Apache CouchDB _config command injection attempt (server-webapp.rules) * 1:40851 <-> DISABLED <-> SERVER-WEBAPP VTSCADA WAP information disclosure attempt (server-webapp.rules) * 1:54801 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Taidoor variant outbound connection (malware-cnc.rules) * 1:54650 <-> DISABLED <-> SERVER-WEBAPP Apache Kylin REST API migrate command injection attempt (server-webapp.rules) * 1:54649 <-> DISABLED <-> SERVER-WEBAPP Apache Kylin REST API migrate command injection attempt (server-webapp.rules) * 1:40854 <-> DISABLED <-> SERVER-WEBAPP VTSCADA WAP information disclosure attempt (server-webapp.rules) * 1:36256 <-> DISABLED <-> SERVER-OTHER ElasticSearch information disclosure attempt (server-other.rules) * 1:40853 <-> DISABLED <-> SERVER-WEBAPP VTSCADA WAP information disclosure attempt (server-webapp.rules) * 1:52236 <-> ENABLED <-> SERVER-OTHER Solarwinds Dameware Mini Remote Control agent access attempt (server-other.rules) * 1:43577 <-> DISABLED <-> SERVER-WEBAPP Oracle BPEL Process Manager directory traversal attempt (server-webapp.rules) * 1:40850 <-> DISABLED <-> SERVER-WEBAPP VTSCADA WAP information disclosure attempt (server-webapp.rules) * 1:40852 <-> DISABLED <-> SERVER-WEBAPP VTSCADA WAP information disclosure attempt (server-webapp.rules) * 1:33830 <-> DISABLED <-> SERVER-OTHER ElasticSearch script remote code execution attempt (server-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091500.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:57129 <-> DISABLED <-> SERVER-OTHER ElasticSearch information disclosure attempt (server-other.rules) * 1:57133 <-> DISABLED <-> SERVER-WEBAPP Barcodes Generator cross site scripting attempt (server-webapp.rules) * 1:57142 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Masslogger variant F binary download attempt (malware-other.rules) * 1:57150 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Masslogger variant D binary download attempt (malware-other.rules) * 1:57152 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Masslogger variant B binary download attempt (malware-other.rules) * 1:57154 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Masslogger download request attempt (malware-other.rules) * 1:57144 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Masslogger variant C binary download attempt (malware-other.rules) * 1:57153 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Masslogger variant B binary download attempt (malware-other.rules) * 1:57149 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Masslogger variant E binary download attempt (malware-other.rules) * 1:57131 <-> DISABLED <-> SERVER-OTHER ElasticSearch information disclosure attempt (server-other.rules) * 1:57146 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Masslogger variant D binary download attempt (malware-other.rules) * 1:57132 <-> DISABLED <-> SERVER-WEBAPP Barcodes Generator cross site scripting attempt (server-webapp.rules) * 1:57151 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Masslogger variant C binary download attempt (malware-other.rules) * 1:57148 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Masslogger variant G binary download attempt (malware-other.rules) * 1:57130 <-> DISABLED <-> SERVER-OTHER ElasticSearch information disclosure attempt (server-other.rules) * 1:57147 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Masslogger variant A binary download attempt (malware-other.rules) * 1:57138 <-> ENABLED <-> FILE-PDF Adobe Acrobat heap buffer overflow attempt (file-pdf.rules) * 1:57143 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Masslogger variant F binary download attempt (malware-other.rules) * 1:57145 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Masslogger variant G binary download attempt (malware-other.rules) * 1:57137 <-> ENABLED <-> FILE-PDF Adobe Acrobat heap buffer overflow attempt (file-pdf.rules) * 1:57141 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Masslogger variant E binary download attempt (malware-other.rules) * 3:57140 <-> ENABLED <-> OS-OTHER TRUFFLEHUNTER TALOS-2021-1247 attack attempt (os-other.rules) * 3:57135 <-> ENABLED <-> BROWSER-WEBKIT TRUFFLEHUNTER TALOS-2021-1238 attack attempt (browser-webkit.rules) * 3:57136 <-> ENABLED <-> NETBIOS TRUFFLEHUNTER TALOS-2021-1246 attack attempt (netbios.rules) * 3:57134 <-> ENABLED <-> BROWSER-WEBKIT TRUFFLEHUNTER TALOS-2021-1238 attack attempt (browser-webkit.rules) * 3:57139 <-> ENABLED <-> OS-OTHER TRUFFLEHUNTER TALOS-2021-1247 attack attempt (os-other.rules)
* 1:54801 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Taidoor variant outbound connection (malware-cnc.rules) * 1:40850 <-> DISABLED <-> SERVER-WEBAPP VTSCADA WAP information disclosure attempt (server-webapp.rules) * 1:40853 <-> DISABLED <-> SERVER-WEBAPP VTSCADA WAP information disclosure attempt (server-webapp.rules) * 1:40854 <-> DISABLED <-> SERVER-WEBAPP VTSCADA WAP information disclosure attempt (server-webapp.rules) * 1:21378 <-> DISABLED <-> SERVER-OTHER Novell iPrint attributes-natural-language buffer overflow attempt (server-other.rules) * 1:42464 <-> DISABLED <-> FILE-IMAGE Foxit Reader malformed DataSubBlock size attempt (file-image.rules) * 1:40852 <-> DISABLED <-> SERVER-WEBAPP VTSCADA WAP information disclosure attempt (server-webapp.rules) * 1:33830 <-> DISABLED <-> SERVER-OTHER ElasticSearch script remote code execution attempt (server-other.rules) * 1:44690 <-> DISABLED <-> SERVER-OTHER ElasticSearch script remote code execution attempt (server-other.rules) * 1:43577 <-> DISABLED <-> SERVER-WEBAPP Oracle BPEL Process Manager directory traversal attempt (server-webapp.rules) * 1:54649 <-> DISABLED <-> SERVER-WEBAPP Apache Kylin REST API migrate command injection attempt (server-webapp.rules) * 1:52236 <-> ENABLED <-> SERVER-OTHER Solarwinds Dameware Mini Remote Control agent access attempt (server-other.rules) * 1:40851 <-> DISABLED <-> SERVER-WEBAPP VTSCADA WAP information disclosure attempt (server-webapp.rules) * 1:36256 <-> DISABLED <-> SERVER-OTHER ElasticSearch information disclosure attempt (server-other.rules) * 1:51287 <-> DISABLED <-> SERVER-WEBAPP Apache CouchDB _config command injection attempt (server-webapp.rules) * 1:54650 <-> DISABLED <-> SERVER-WEBAPP Apache Kylin REST API migrate command injection attempt (server-webapp.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091401.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:57129 <-> DISABLED <-> SERVER-OTHER ElasticSearch information disclosure attempt (server-other.rules) * 1:57154 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Masslogger download request attempt (malware-other.rules) * 1:57146 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Masslogger variant D binary download attempt (malware-other.rules) * 1:57130 <-> DISABLED <-> SERVER-OTHER ElasticSearch information disclosure attempt (server-other.rules) * 1:57147 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Masslogger variant A binary download attempt (malware-other.rules) * 1:57145 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Masslogger variant G binary download attempt (malware-other.rules) * 1:57149 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Masslogger variant E binary download attempt (malware-other.rules) * 1:57150 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Masslogger variant D binary download attempt (malware-other.rules) * 1:57131 <-> DISABLED <-> SERVER-OTHER ElasticSearch information disclosure attempt (server-other.rules) * 1:57151 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Masslogger variant C binary download attempt (malware-other.rules) * 1:57132 <-> DISABLED <-> SERVER-WEBAPP Barcodes Generator cross site scripting attempt (server-webapp.rules) * 1:57148 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Masslogger variant G binary download attempt (malware-other.rules) * 1:57152 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Masslogger variant B binary download attempt (malware-other.rules) * 1:57153 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Masslogger variant B binary download attempt (malware-other.rules) * 1:57133 <-> DISABLED <-> SERVER-WEBAPP Barcodes Generator cross site scripting attempt (server-webapp.rules) * 1:57137 <-> ENABLED <-> FILE-PDF Adobe Acrobat heap buffer overflow attempt (file-pdf.rules) * 1:57138 <-> ENABLED <-> FILE-PDF Adobe Acrobat heap buffer overflow attempt (file-pdf.rules) * 1:57141 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Masslogger variant E binary download attempt (malware-other.rules) * 1:57142 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Masslogger variant F binary download attempt (malware-other.rules) * 1:57143 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Masslogger variant F binary download attempt (malware-other.rules) * 1:57144 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Masslogger variant C binary download attempt (malware-other.rules) * 3:57139 <-> ENABLED <-> OS-OTHER TRUFFLEHUNTER TALOS-2021-1247 attack attempt (os-other.rules) * 3:57136 <-> ENABLED <-> NETBIOS TRUFFLEHUNTER TALOS-2021-1246 attack attempt (netbios.rules) * 3:57134 <-> ENABLED <-> BROWSER-WEBKIT TRUFFLEHUNTER TALOS-2021-1238 attack attempt (browser-webkit.rules) * 3:57135 <-> ENABLED <-> BROWSER-WEBKIT TRUFFLEHUNTER TALOS-2021-1238 attack attempt (browser-webkit.rules) * 3:57140 <-> ENABLED <-> OS-OTHER TRUFFLEHUNTER TALOS-2021-1247 attack attempt (os-other.rules)
* 1:54801 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Taidoor variant outbound connection (malware-cnc.rules) * 1:54649 <-> DISABLED <-> SERVER-WEBAPP Apache Kylin REST API migrate command injection attempt (server-webapp.rules) * 1:40854 <-> DISABLED <-> SERVER-WEBAPP VTSCADA WAP information disclosure attempt (server-webapp.rules) * 1:42464 <-> DISABLED <-> FILE-IMAGE Foxit Reader malformed DataSubBlock size attempt (file-image.rules) * 1:44690 <-> DISABLED <-> SERVER-OTHER ElasticSearch script remote code execution attempt (server-other.rules) * 1:52236 <-> ENABLED <-> SERVER-OTHER Solarwinds Dameware Mini Remote Control agent access attempt (server-other.rules) * 1:21378 <-> DISABLED <-> SERVER-OTHER Novell iPrint attributes-natural-language buffer overflow attempt (server-other.rules) * 1:54650 <-> DISABLED <-> SERVER-WEBAPP Apache Kylin REST API migrate command injection attempt (server-webapp.rules) * 1:40852 <-> DISABLED <-> SERVER-WEBAPP VTSCADA WAP information disclosure attempt (server-webapp.rules) * 1:36256 <-> DISABLED <-> SERVER-OTHER ElasticSearch information disclosure attempt (server-other.rules) * 1:33830 <-> DISABLED <-> SERVER-OTHER ElasticSearch script remote code execution attempt (server-other.rules) * 1:40850 <-> DISABLED <-> SERVER-WEBAPP VTSCADA WAP information disclosure attempt (server-webapp.rules) * 1:40851 <-> DISABLED <-> SERVER-WEBAPP VTSCADA WAP information disclosure attempt (server-webapp.rules) * 1:51287 <-> DISABLED <-> SERVER-WEBAPP Apache CouchDB _config command injection attempt (server-webapp.rules) * 1:43577 <-> DISABLED <-> SERVER-WEBAPP Oracle BPEL Process Manager directory traversal attempt (server-webapp.rules) * 1:40853 <-> DISABLED <-> SERVER-WEBAPP VTSCADA WAP information disclosure attempt (server-webapp.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091300.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:57146 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Masslogger variant D binary download attempt (malware-other.rules) * 1:57144 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Masslogger variant C binary download attempt (malware-other.rules) * 1:57132 <-> DISABLED <-> SERVER-WEBAPP Barcodes Generator cross site scripting attempt (server-webapp.rules) * 1:57131 <-> DISABLED <-> SERVER-OTHER ElasticSearch information disclosure attempt (server-other.rules) * 1:57148 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Masslogger variant G binary download attempt (malware-other.rules) * 1:57147 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Masslogger variant A binary download attempt (malware-other.rules) * 1:57149 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Masslogger variant E binary download attempt (malware-other.rules) * 1:57150 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Masslogger variant D binary download attempt (malware-other.rules) * 1:57142 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Masslogger variant F binary download attempt (malware-other.rules) * 1:57141 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Masslogger variant E binary download attempt (malware-other.rules) * 1:57145 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Masslogger variant G binary download attempt (malware-other.rules) * 1:57154 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Masslogger download request attempt (malware-other.rules) * 1:57129 <-> DISABLED <-> SERVER-OTHER ElasticSearch information disclosure attempt (server-other.rules) * 1:57130 <-> DISABLED <-> SERVER-OTHER ElasticSearch information disclosure attempt (server-other.rules) * 1:57143 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Masslogger variant F binary download attempt (malware-other.rules) * 1:57152 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Masslogger variant B binary download attempt (malware-other.rules) * 1:57133 <-> DISABLED <-> SERVER-WEBAPP Barcodes Generator cross site scripting attempt (server-webapp.rules) * 1:57153 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Masslogger variant B binary download attempt (malware-other.rules) * 1:57137 <-> ENABLED <-> FILE-PDF Adobe Acrobat heap buffer overflow attempt (file-pdf.rules) * 1:57138 <-> ENABLED <-> FILE-PDF Adobe Acrobat heap buffer overflow attempt (file-pdf.rules) * 1:57151 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Masslogger variant C binary download attempt (malware-other.rules) * 3:57135 <-> ENABLED <-> BROWSER-WEBKIT TRUFFLEHUNTER TALOS-2021-1238 attack attempt (browser-webkit.rules) * 3:57134 <-> ENABLED <-> BROWSER-WEBKIT TRUFFLEHUNTER TALOS-2021-1238 attack attempt (browser-webkit.rules) * 3:57140 <-> ENABLED <-> OS-OTHER TRUFFLEHUNTER TALOS-2021-1247 attack attempt (os-other.rules) * 3:57136 <-> ENABLED <-> NETBIOS TRUFFLEHUNTER TALOS-2021-1246 attack attempt (netbios.rules) * 3:57139 <-> ENABLED <-> OS-OTHER TRUFFLEHUNTER TALOS-2021-1247 attack attempt (os-other.rules)
* 1:44690 <-> DISABLED <-> SERVER-OTHER ElasticSearch script remote code execution attempt (server-other.rules) * 1:54650 <-> DISABLED <-> SERVER-WEBAPP Apache Kylin REST API migrate command injection attempt (server-webapp.rules) * 1:40854 <-> DISABLED <-> SERVER-WEBAPP VTSCADA WAP information disclosure attempt (server-webapp.rules) * 1:40851 <-> DISABLED <-> SERVER-WEBAPP VTSCADA WAP information disclosure attempt (server-webapp.rules) * 1:21378 <-> DISABLED <-> SERVER-OTHER Novell iPrint attributes-natural-language buffer overflow attempt (server-other.rules) * 1:54649 <-> DISABLED <-> SERVER-WEBAPP Apache Kylin REST API migrate command injection attempt (server-webapp.rules) * 1:42464 <-> DISABLED <-> FILE-IMAGE Foxit Reader malformed DataSubBlock size attempt (file-image.rules) * 1:36256 <-> DISABLED <-> SERVER-OTHER ElasticSearch information disclosure attempt (server-other.rules) * 1:43577 <-> DISABLED <-> SERVER-WEBAPP Oracle BPEL Process Manager directory traversal attempt (server-webapp.rules) * 1:40850 <-> DISABLED <-> SERVER-WEBAPP VTSCADA WAP information disclosure attempt (server-webapp.rules) * 1:40852 <-> DISABLED <-> SERVER-WEBAPP VTSCADA WAP information disclosure attempt (server-webapp.rules) * 1:40853 <-> DISABLED <-> SERVER-WEBAPP VTSCADA WAP information disclosure attempt (server-webapp.rules) * 1:33830 <-> DISABLED <-> SERVER-OTHER ElasticSearch script remote code execution attempt (server-other.rules) * 1:54801 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Taidoor variant outbound connection (malware-cnc.rules) * 1:52236 <-> ENABLED <-> SERVER-OTHER Solarwinds Dameware Mini Remote Control agent access attempt (server-other.rules) * 1:51287 <-> DISABLED <-> SERVER-WEBAPP Apache CouchDB _config command injection attempt (server-webapp.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091101.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:57154 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Masslogger download request attempt (malware-other.rules) * 1:57149 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Masslogger variant E binary download attempt (malware-other.rules) * 1:57131 <-> DISABLED <-> SERVER-OTHER ElasticSearch information disclosure attempt (server-other.rules) * 1:57141 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Masslogger variant E binary download attempt (malware-other.rules) * 1:57148 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Masslogger variant G binary download attempt (malware-other.rules) * 1:57144 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Masslogger variant C binary download attempt (malware-other.rules) * 1:57150 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Masslogger variant D binary download attempt (malware-other.rules) * 1:57147 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Masslogger variant A binary download attempt (malware-other.rules) * 1:57137 <-> ENABLED <-> FILE-PDF Adobe Acrobat heap buffer overflow attempt (file-pdf.rules) * 1:57129 <-> DISABLED <-> SERVER-OTHER ElasticSearch information disclosure attempt (server-other.rules) * 1:57152 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Masslogger variant B binary download attempt (malware-other.rules) * 1:57142 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Masslogger variant F binary download attempt (malware-other.rules) * 1:57153 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Masslogger variant B binary download attempt (malware-other.rules) * 1:57145 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Masslogger variant G binary download attempt (malware-other.rules) * 1:57143 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Masslogger variant F binary download attempt (malware-other.rules) * 1:57133 <-> DISABLED <-> SERVER-WEBAPP Barcodes Generator cross site scripting attempt (server-webapp.rules) * 1:57138 <-> ENABLED <-> FILE-PDF Adobe Acrobat heap buffer overflow attempt (file-pdf.rules) * 1:57130 <-> DISABLED <-> SERVER-OTHER ElasticSearch information disclosure attempt (server-other.rules) * 1:57146 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Masslogger variant D binary download attempt (malware-other.rules) * 1:57132 <-> DISABLED <-> SERVER-WEBAPP Barcodes Generator cross site scripting attempt (server-webapp.rules) * 1:57151 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Masslogger variant C binary download attempt (malware-other.rules) * 3:57140 <-> ENABLED <-> OS-OTHER TRUFFLEHUNTER TALOS-2021-1247 attack attempt (os-other.rules) * 3:57136 <-> ENABLED <-> NETBIOS TRUFFLEHUNTER TALOS-2021-1246 attack attempt (netbios.rules) * 3:57139 <-> ENABLED <-> OS-OTHER TRUFFLEHUNTER TALOS-2021-1247 attack attempt (os-other.rules) * 3:57134 <-> ENABLED <-> BROWSER-WEBKIT TRUFFLEHUNTER TALOS-2021-1238 attack attempt (browser-webkit.rules) * 3:57135 <-> ENABLED <-> BROWSER-WEBKIT TRUFFLEHUNTER TALOS-2021-1238 attack attempt (browser-webkit.rules)
* 1:40852 <-> DISABLED <-> SERVER-WEBAPP VTSCADA WAP information disclosure attempt (server-webapp.rules) * 1:44690 <-> DISABLED <-> SERVER-OTHER ElasticSearch script remote code execution attempt (server-other.rules) * 1:54650 <-> DISABLED <-> SERVER-WEBAPP Apache Kylin REST API migrate command injection attempt (server-webapp.rules) * 1:21378 <-> DISABLED <-> SERVER-OTHER Novell iPrint attributes-natural-language buffer overflow attempt (server-other.rules) * 1:51287 <-> DISABLED <-> SERVER-WEBAPP Apache CouchDB _config command injection attempt (server-webapp.rules) * 1:54649 <-> DISABLED <-> SERVER-WEBAPP Apache Kylin REST API migrate command injection attempt (server-webapp.rules) * 1:54801 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Taidoor variant outbound connection (malware-cnc.rules) * 1:40854 <-> DISABLED <-> SERVER-WEBAPP VTSCADA WAP information disclosure attempt (server-webapp.rules) * 1:40850 <-> DISABLED <-> SERVER-WEBAPP VTSCADA WAP information disclosure attempt (server-webapp.rules) * 1:52236 <-> ENABLED <-> SERVER-OTHER Solarwinds Dameware Mini Remote Control agent access attempt (server-other.rules) * 1:33830 <-> DISABLED <-> SERVER-OTHER ElasticSearch script remote code execution attempt (server-other.rules) * 1:43577 <-> DISABLED <-> SERVER-WEBAPP Oracle BPEL Process Manager directory traversal attempt (server-webapp.rules) * 1:40851 <-> DISABLED <-> SERVER-WEBAPP VTSCADA WAP information disclosure attempt (server-webapp.rules) * 1:36256 <-> DISABLED <-> SERVER-OTHER ElasticSearch information disclosure attempt (server-other.rules) * 1:40853 <-> DISABLED <-> SERVER-WEBAPP VTSCADA WAP information disclosure attempt (server-webapp.rules) * 1:42464 <-> DISABLED <-> FILE-IMAGE Foxit Reader malformed DataSubBlock size attempt (file-image.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3000.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:57148 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Masslogger variant G binary download attempt (snort3-malware-other.rules) * 1:57143 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Masslogger variant F binary download attempt (snort3-malware-other.rules) * 1:57141 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Masslogger variant E binary download attempt (snort3-malware-other.rules) * 1:57142 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Masslogger variant F binary download attempt (snort3-malware-other.rules) * 1:57131 <-> DISABLED <-> SERVER-OTHER ElasticSearch information disclosure attempt (snort3-server-other.rules) * 1:57150 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Masslogger variant D binary download attempt (snort3-malware-other.rules) * 1:57144 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Masslogger variant C binary download attempt (snort3-malware-other.rules) * 1:57147 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Masslogger variant A binary download attempt (snort3-malware-other.rules) * 1:57145 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Masslogger variant G binary download attempt (snort3-malware-other.rules) * 1:57154 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Masslogger download request attempt (snort3-malware-other.rules) * 1:57133 <-> DISABLED <-> SERVER-WEBAPP Barcodes Generator cross site scripting attempt (snort3-server-webapp.rules) * 1:57132 <-> DISABLED <-> SERVER-WEBAPP Barcodes Generator cross site scripting attempt (snort3-server-webapp.rules) * 1:57137 <-> ENABLED <-> FILE-PDF Adobe Acrobat heap buffer overflow attempt (snort3-file-pdf.rules) * 1:57129 <-> DISABLED <-> SERVER-OTHER ElasticSearch information disclosure attempt (snort3-server-other.rules) * 1:57138 <-> ENABLED <-> FILE-PDF Adobe Acrobat heap buffer overflow attempt (snort3-file-pdf.rules) * 1:57149 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Masslogger variant E binary download attempt (snort3-malware-other.rules) * 1:57130 <-> DISABLED <-> SERVER-OTHER ElasticSearch information disclosure attempt (snort3-server-other.rules) * 1:57153 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Masslogger variant B binary download attempt (snort3-malware-other.rules) * 1:57151 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Masslogger variant C binary download attempt (snort3-malware-other.rules) * 1:57146 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Masslogger variant D binary download attempt (snort3-malware-other.rules) * 1:57152 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Masslogger variant B binary download attempt (snort3-malware-other.rules)
* 1:40852 <-> DISABLED <-> SERVER-WEBAPP VTSCADA WAP information disclosure attempt (snort3-server-webapp.rules) * 1:33830 <-> DISABLED <-> SERVER-OTHER ElasticSearch script remote code execution attempt (snort3-server-other.rules) * 1:40850 <-> DISABLED <-> SERVER-WEBAPP VTSCADA WAP information disclosure attempt (snort3-server-webapp.rules) * 1:40854 <-> DISABLED <-> SERVER-WEBAPP VTSCADA WAP information disclosure attempt (snort3-server-webapp.rules) * 1:52236 <-> ENABLED <-> SERVER-OTHER Solarwinds Dameware Mini Remote Control agent access attempt (snort3-server-other.rules) * 1:54649 <-> DISABLED <-> SERVER-WEBAPP Apache Kylin REST API migrate command injection attempt (snort3-server-webapp.rules) * 1:54650 <-> DISABLED <-> SERVER-WEBAPP Apache Kylin REST API migrate command injection attempt (snort3-server-webapp.rules) * 1:54801 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Taidoor variant outbound connection (snort3-malware-cnc.rules) * 1:36256 <-> DISABLED <-> SERVER-OTHER ElasticSearch information disclosure attempt (snort3-server-other.rules) * 1:40851 <-> DISABLED <-> SERVER-WEBAPP VTSCADA WAP information disclosure attempt (snort3-server-webapp.rules) * 1:40853 <-> DISABLED <-> SERVER-WEBAPP VTSCADA WAP information disclosure attempt (snort3-server-webapp.rules) * 1:51287 <-> DISABLED <-> SERVER-WEBAPP Apache CouchDB _config command injection attempt (snort3-server-webapp.rules) * 1:43577 <-> DISABLED <-> SERVER-WEBAPP Oracle BPEL Process Manager directory traversal attempt (snort3-server-webapp.rules) * 1:44690 <-> DISABLED <-> SERVER-OTHER ElasticSearch script remote code execution attempt (snort3-server-other.rules) * 1:21378 <-> DISABLED <-> SERVER-OTHER Novell iPrint attributes-natural-language buffer overflow attempt (snort3-server-other.rules) * 1:42464 <-> DISABLED <-> FILE-IMAGE Foxit Reader malformed DataSubBlock size attempt (snort3-file-image.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:57147 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Masslogger variant A binary download attempt (malware-other.rules) * 1:57143 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Masslogger variant F binary download attempt (malware-other.rules) * 1:57151 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Masslogger variant C binary download attempt (malware-other.rules) * 1:57152 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Masslogger variant B binary download attempt (malware-other.rules) * 1:57137 <-> ENABLED <-> FILE-PDF Adobe Acrobat heap buffer overflow attempt (file-pdf.rules) * 1:57144 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Masslogger variant C binary download attempt (malware-other.rules) * 1:57138 <-> ENABLED <-> FILE-PDF Adobe Acrobat heap buffer overflow attempt (file-pdf.rules) * 1:57129 <-> DISABLED <-> SERVER-OTHER ElasticSearch information disclosure attempt (server-other.rules) * 1:57142 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Masslogger variant F binary download attempt (malware-other.rules) * 1:57130 <-> DISABLED <-> SERVER-OTHER ElasticSearch information disclosure attempt (server-other.rules) * 1:57146 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Masslogger variant D binary download attempt (malware-other.rules) * 1:57150 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Masslogger variant D binary download attempt (malware-other.rules) * 1:57145 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Masslogger variant G binary download attempt (malware-other.rules) * 1:57141 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Masslogger variant E binary download attempt (malware-other.rules) * 1:57153 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Masslogger variant B binary download attempt (malware-other.rules) * 1:57132 <-> DISABLED <-> SERVER-WEBAPP Barcodes Generator cross site scripting attempt (server-webapp.rules) * 1:57154 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Masslogger download request attempt (malware-other.rules) * 1:57133 <-> DISABLED <-> SERVER-WEBAPP Barcodes Generator cross site scripting attempt (server-webapp.rules) * 1:57131 <-> DISABLED <-> SERVER-OTHER ElasticSearch information disclosure attempt (server-other.rules) * 1:57148 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Masslogger variant G binary download attempt (malware-other.rules) * 1:57149 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Masslogger variant E binary download attempt (malware-other.rules) * 3:57136 <-> ENABLED <-> NETBIOS TRUFFLEHUNTER TALOS-2021-1246 attack attempt (netbios.rules) * 3:57139 <-> ENABLED <-> OS-OTHER TRUFFLEHUNTER TALOS-2021-1247 attack attempt (os-other.rules) * 3:57140 <-> ENABLED <-> OS-OTHER TRUFFLEHUNTER TALOS-2021-1247 attack attempt (os-other.rules) * 3:57135 <-> ENABLED <-> BROWSER-WEBKIT TRUFFLEHUNTER TALOS-2021-1238 attack attempt (browser-webkit.rules) * 3:57134 <-> ENABLED <-> BROWSER-WEBKIT TRUFFLEHUNTER TALOS-2021-1238 attack attempt (browser-webkit.rules)
* 1:40853 <-> DISABLED <-> SERVER-WEBAPP VTSCADA WAP information disclosure attempt (server-webapp.rules) * 1:36256 <-> DISABLED <-> SERVER-OTHER ElasticSearch information disclosure attempt (server-other.rules) * 1:40850 <-> DISABLED <-> SERVER-WEBAPP VTSCADA WAP information disclosure attempt (server-webapp.rules) * 1:40854 <-> DISABLED <-> SERVER-WEBAPP VTSCADA WAP information disclosure attempt (server-webapp.rules) * 1:40852 <-> DISABLED <-> SERVER-WEBAPP VTSCADA WAP information disclosure attempt (server-webapp.rules) * 1:54650 <-> DISABLED <-> SERVER-WEBAPP Apache Kylin REST API migrate command injection attempt (server-webapp.rules) * 1:44690 <-> DISABLED <-> SERVER-OTHER ElasticSearch script remote code execution attempt (server-other.rules) * 1:42464 <-> DISABLED <-> FILE-IMAGE Foxit Reader malformed DataSubBlock size attempt (file-image.rules) * 1:54801 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Taidoor variant outbound connection (malware-cnc.rules) * 1:54649 <-> DISABLED <-> SERVER-WEBAPP Apache Kylin REST API migrate command injection attempt (server-webapp.rules) * 1:21378 <-> DISABLED <-> SERVER-OTHER Novell iPrint attributes-natural-language buffer overflow attempt (server-other.rules) * 1:40851 <-> DISABLED <-> SERVER-WEBAPP VTSCADA WAP information disclosure attempt (server-webapp.rules) * 1:33830 <-> DISABLED <-> SERVER-OTHER ElasticSearch script remote code execution attempt (server-other.rules) * 1:52236 <-> ENABLED <-> SERVER-OTHER Solarwinds Dameware Mini Remote Control agent access attempt (server-other.rules) * 1:51287 <-> DISABLED <-> SERVER-WEBAPP Apache CouchDB _config command injection attempt (server-webapp.rules) * 1:43577 <-> DISABLED <-> SERVER-WEBAPP Oracle BPEL Process Manager directory traversal attempt (server-webapp.rules)
©2024 Cisco and/or its affiliates. Snort, the Snort and Pig logo are registered trademarks of Cisco. All rights reserved.
