Snort - Network Intrusion Detection & Prevention System

Talos Rules 2021-06-15

This release adds and modifies rules in several categories.

Talos has added and modified multiple rules in the browser-ie, deleted, file-flash, file-image, file-multimedia, file-other, indicator-compromise, malware-cnc, os-linux, os-other, os-windows, protocol-dns, protocol-icmp, protocol-other, server-other and server-webapp rule sets to provide coverage for emerging threats from these technologies.

For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.

Change logs

29180

2021-06-15 12:56:08 UTC

Snort Subscriber Rules Update

Date: 2021-06-15

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091800.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:57760 <-> DISABLED <-> OS-WINDOWS Generic HyperLink buffer overflow attempt (os-windows.rules)
 * 1:57761 <-> DISABLED <-> SERVER-WEBAPP TP-Link WiFi router authenticated PingIframeRpm stack buffer overflow attempt (server-webapp.rules)
 * 1:57762 <-> DISABLED <-> SERVER-WEBAPP TP-Link WiFi router authenticated WanStaticIpV6CfgRpm stack buffer overflow attempt (server-webapp.rules)
 * 1:57763 <-> DISABLED <-> SERVER-OTHER ElasticSearch script remote code execution attempt (server-other.rules)
 * 1:57770 <-> DISABLED <-> OS-WINDOWS Microsoft Windows UPnP notification type overflow attempt (os-windows.rules)
 * 1:57771 <-> DISABLED <-> OS-WINDOWS Microsoft Windows UPnP notification type overflow attempt (os-windows.rules)
 * 1:57772 <-> DISABLED <-> OS-WINDOWS Microsoft Windows UPnP notification type overflow attempt (os-windows.rules)
 * 1:57773 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bazaloader variant outbound request detected (malware-cnc.rules)
 * 1:57780 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.IPsecHelper outbound connection attempt (malware-cnc.rules)
 * 1:57781 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.IPsecHelper outbound connection attempt (malware-cnc.rules)
 * 1:57782 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.IPsecHelper outbound connection attempt (malware-cnc.rules)
 * 3:57777 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1328 attack attempt (server-webapp.rules)
 * 3:57776 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1326 attack attempt (server-webapp.rules)
 * 3:57774 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1326 attack attempt (server-webapp.rules)
 * 3:57775 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1326 attack attempt (server-webapp.rules)
 * 3:57769 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1325 attack attempt (server-webapp.rules)
 * 3:57779 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1328 attack attempt (server-webapp.rules)
 * 3:57783 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1324 attack attempt (server-webapp.rules)
 * 3:57764 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1315 attack attempt (server-webapp.rules)
 * 3:57765 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1315 attack attempt (server-webapp.rules)
 * 3:57766 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1315 attack attempt (server-webapp.rules)
 * 3:57784 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1324 attack attempt (server-webapp.rules)
 * 3:57767 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1325 attack attempt (server-webapp.rules)
 * 3:57768 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1325 attack attempt (server-webapp.rules)
 * 3:57778 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1328 attack attempt (server-webapp.rules)

Modified Rules:


 * 1:44686 <-> DISABLED <-> SERVER-OTHER TVMOBiLi HttpUtils.dll denial of service attempt (server-other.rules)
 * 1:57756 <-> DISABLED <-> MALWARE-CNC DNS Fast Flux attempt (malware-cnc.rules)
 * 1:47425 <-> DISABLED <-> SERVER-WEBAPP Raptr Plays.tv unauthenticated remote arbitrary file execution attempt (server-webapp.rules)
 * 1:16072 <-> DISABLED <-> SERVER-OTHER CUPS server query metacharacter buffer overflow attempt (server-other.rules)
 * 1:10475 <-> DISABLED <-> OS-WINDOWS Microsoft Windows UPnP notification type overflow attempt (os-windows.rules)
 * 1:33814 <-> DISABLED <-> SERVER-OTHER ElasticSearch script remote code execution attempt (server-other.rules)
 * 1:19245 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer redirect to cdl protocol attempt (browser-ie.rules)
 * 1:43390 <-> DISABLED <-> SERVER-WEBAPP Netgear Prosafe startup config information disclosure attempt (server-webapp.rules)
 * 1:3816 <-> DISABLED <-> SERVER-WEBAPP BadBlue ext.dll buffer overflow attempt (server-webapp.rules)
 * 1:44685 <-> DISABLED <-> SERVER-OTHER TVMOBiLi HttpUtils.dll denial of service attempt (server-other.rules)
 * 1:43595 <-> DISABLED <-> SERVER-WEBAPP Netgear Prosafe filesystem denial of service attempt (server-webapp.rules)

29171

2021-06-15 12:56:08 UTC

Snort Subscriber Rules Update

Date: 2021-06-15

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091701.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:57781 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.IPsecHelper outbound connection attempt (malware-cnc.rules)
 * 1:57782 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.IPsecHelper outbound connection attempt (malware-cnc.rules)
 * 1:57763 <-> DISABLED <-> SERVER-OTHER ElasticSearch script remote code execution attempt (server-other.rules)
 * 1:57762 <-> DISABLED <-> SERVER-WEBAPP TP-Link WiFi router authenticated WanStaticIpV6CfgRpm stack buffer overflow attempt (server-webapp.rules)
 * 1:57760 <-> DISABLED <-> OS-WINDOWS Generic HyperLink buffer overflow attempt (os-windows.rules)
 * 1:57761 <-> DISABLED <-> SERVER-WEBAPP TP-Link WiFi router authenticated PingIframeRpm stack buffer overflow attempt (server-webapp.rules)
 * 1:57770 <-> DISABLED <-> OS-WINDOWS Microsoft Windows UPnP notification type overflow attempt (os-windows.rules)
 * 1:57773 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bazaloader variant outbound request detected (malware-cnc.rules)
 * 1:57772 <-> DISABLED <-> OS-WINDOWS Microsoft Windows UPnP notification type overflow attempt (os-windows.rules)
 * 1:57771 <-> DISABLED <-> OS-WINDOWS Microsoft Windows UPnP notification type overflow attempt (os-windows.rules)
 * 1:57780 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.IPsecHelper outbound connection attempt (malware-cnc.rules)
 * 3:57775 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1326 attack attempt (server-webapp.rules)
 * 3:57766 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1315 attack attempt (server-webapp.rules)
 * 3:57769 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1325 attack attempt (server-webapp.rules)
 * 3:57774 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1326 attack attempt (server-webapp.rules)
 * 3:57779 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1328 attack attempt (server-webapp.rules)
 * 3:57767 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1325 attack attempt (server-webapp.rules)
 * 3:57777 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1328 attack attempt (server-webapp.rules)
 * 3:57776 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1326 attack attempt (server-webapp.rules)
 * 3:57778 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1328 attack attempt (server-webapp.rules)
 * 3:57768 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1325 attack attempt (server-webapp.rules)
 * 3:57764 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1315 attack attempt (server-webapp.rules)
 * 3:57784 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1324 attack attempt (server-webapp.rules)
 * 3:57765 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1315 attack attempt (server-webapp.rules)
 * 3:57783 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1324 attack attempt (server-webapp.rules)

Modified Rules:


 * 1:57756 <-> DISABLED <-> MALWARE-CNC DNS Fast Flux attempt (malware-cnc.rules)
 * 1:47425 <-> DISABLED <-> SERVER-WEBAPP Raptr Plays.tv unauthenticated remote arbitrary file execution attempt (server-webapp.rules)
 * 1:16072 <-> DISABLED <-> SERVER-OTHER CUPS server query metacharacter buffer overflow attempt (server-other.rules)
 * 1:10475 <-> DISABLED <-> OS-WINDOWS Microsoft Windows UPnP notification type overflow attempt (os-windows.rules)
 * 1:33814 <-> DISABLED <-> SERVER-OTHER ElasticSearch script remote code execution attempt (server-other.rules)
 * 1:19245 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer redirect to cdl protocol attempt (browser-ie.rules)
 * 1:43390 <-> DISABLED <-> SERVER-WEBAPP Netgear Prosafe startup config information disclosure attempt (server-webapp.rules)
 * 1:3816 <-> DISABLED <-> SERVER-WEBAPP BadBlue ext.dll buffer overflow attempt (server-webapp.rules)
 * 1:44685 <-> DISABLED <-> SERVER-OTHER TVMOBiLi HttpUtils.dll denial of service attempt (server-other.rules)
 * 1:43595 <-> DISABLED <-> SERVER-WEBAPP Netgear Prosafe filesystem denial of service attempt (server-webapp.rules)
 * 1:44686 <-> DISABLED <-> SERVER-OTHER TVMOBiLi HttpUtils.dll denial of service attempt (server-other.rules)

29170

2021-06-15 12:56:08 UTC

Snort Subscriber Rules Update

Date: 2021-06-15

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091700.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:57770 <-> DISABLED <-> OS-WINDOWS Microsoft Windows UPnP notification type overflow attempt (os-windows.rules)
 * 1:57780 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.IPsecHelper outbound connection attempt (malware-cnc.rules)
 * 1:57781 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.IPsecHelper outbound connection attempt (malware-cnc.rules)
 * 1:57763 <-> DISABLED <-> SERVER-OTHER ElasticSearch script remote code execution attempt (server-other.rules)
 * 1:57772 <-> DISABLED <-> OS-WINDOWS Microsoft Windows UPnP notification type overflow attempt (os-windows.rules)
 * 1:57773 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bazaloader variant outbound request detected (malware-cnc.rules)
 * 1:57762 <-> DISABLED <-> SERVER-WEBAPP TP-Link WiFi router authenticated WanStaticIpV6CfgRpm stack buffer overflow attempt (server-webapp.rules)
 * 1:57771 <-> DISABLED <-> OS-WINDOWS Microsoft Windows UPnP notification type overflow attempt (os-windows.rules)
 * 1:57760 <-> DISABLED <-> OS-WINDOWS Generic HyperLink buffer overflow attempt (os-windows.rules)
 * 1:57761 <-> DISABLED <-> SERVER-WEBAPP TP-Link WiFi router authenticated PingIframeRpm stack buffer overflow attempt (server-webapp.rules)
 * 1:57782 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.IPsecHelper outbound connection attempt (malware-cnc.rules)
 * 3:57775 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1326 attack attempt (server-webapp.rules)
 * 3:57769 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1325 attack attempt (server-webapp.rules)
 * 3:57774 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1326 attack attempt (server-webapp.rules)
 * 3:57777 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1328 attack attempt (server-webapp.rules)
 * 3:57779 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1328 attack attempt (server-webapp.rules)
 * 3:57776 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1326 attack attempt (server-webapp.rules)
 * 3:57767 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1325 attack attempt (server-webapp.rules)
 * 3:57783 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1324 attack attempt (server-webapp.rules)
 * 3:57784 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1324 attack attempt (server-webapp.rules)
 * 3:57768 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1325 attack attempt (server-webapp.rules)
 * 3:57765 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1315 attack attempt (server-webapp.rules)
 * 3:57766 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1315 attack attempt (server-webapp.rules)
 * 3:57764 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1315 attack attempt (server-webapp.rules)
 * 3:57778 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1328 attack attempt (server-webapp.rules)

Modified Rules:


 * 1:57756 <-> DISABLED <-> MALWARE-CNC DNS Fast Flux attempt (malware-cnc.rules)
 * 1:47425 <-> DISABLED <-> SERVER-WEBAPP Raptr Plays.tv unauthenticated remote arbitrary file execution attempt (server-webapp.rules)
 * 1:10475 <-> DISABLED <-> OS-WINDOWS Microsoft Windows UPnP notification type overflow attempt (os-windows.rules)
 * 1:16072 <-> DISABLED <-> SERVER-OTHER CUPS server query metacharacter buffer overflow attempt (server-other.rules)
 * 1:19245 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer redirect to cdl protocol attempt (browser-ie.rules)
 * 1:33814 <-> DISABLED <-> SERVER-OTHER ElasticSearch script remote code execution attempt (server-other.rules)
 * 1:43390 <-> DISABLED <-> SERVER-WEBAPP Netgear Prosafe startup config information disclosure attempt (server-webapp.rules)
 * 1:44685 <-> DISABLED <-> SERVER-OTHER TVMOBiLi HttpUtils.dll denial of service attempt (server-other.rules)
 * 1:43595 <-> DISABLED <-> SERVER-WEBAPP Netgear Prosafe filesystem denial of service attempt (server-webapp.rules)
 * 1:3816 <-> DISABLED <-> SERVER-WEBAPP BadBlue ext.dll buffer overflow attempt (server-webapp.rules)
 * 1:44686 <-> DISABLED <-> SERVER-OTHER TVMOBiLi HttpUtils.dll denial of service attempt (server-other.rules)

29161

2021-06-15 12:56:08 UTC

Snort Subscriber Rules Update

Date: 2021-06-15

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091601.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:57780 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.IPsecHelper outbound connection attempt (malware-cnc.rules)
 * 1:57760 <-> DISABLED <-> OS-WINDOWS Generic HyperLink buffer overflow attempt (os-windows.rules)
 * 1:57773 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bazaloader variant outbound request detected (malware-cnc.rules)
 * 1:57771 <-> DISABLED <-> OS-WINDOWS Microsoft Windows UPnP notification type overflow attempt (os-windows.rules)
 * 1:57781 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.IPsecHelper outbound connection attempt (malware-cnc.rules)
 * 1:57770 <-> DISABLED <-> OS-WINDOWS Microsoft Windows UPnP notification type overflow attempt (os-windows.rules)
 * 1:57762 <-> DISABLED <-> SERVER-WEBAPP TP-Link WiFi router authenticated WanStaticIpV6CfgRpm stack buffer overflow attempt (server-webapp.rules)
 * 1:57763 <-> DISABLED <-> SERVER-OTHER ElasticSearch script remote code execution attempt (server-other.rules)
 * 1:57761 <-> DISABLED <-> SERVER-WEBAPP TP-Link WiFi router authenticated PingIframeRpm stack buffer overflow attempt (server-webapp.rules)
 * 1:57772 <-> DISABLED <-> OS-WINDOWS Microsoft Windows UPnP notification type overflow attempt (os-windows.rules)
 * 1:57782 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.IPsecHelper outbound connection attempt (malware-cnc.rules)
 * 3:57769 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1325 attack attempt (server-webapp.rules)
 * 3:57775 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1326 attack attempt (server-webapp.rules)
 * 3:57774 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1326 attack attempt (server-webapp.rules)
 * 3:57784 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1324 attack attempt (server-webapp.rules)
 * 3:57783 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1324 attack attempt (server-webapp.rules)
 * 3:57777 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1328 attack attempt (server-webapp.rules)
 * 3:57776 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1326 attack attempt (server-webapp.rules)
 * 3:57779 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1328 attack attempt (server-webapp.rules)
 * 3:57767 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1325 attack attempt (server-webapp.rules)
 * 3:57765 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1315 attack attempt (server-webapp.rules)
 * 3:57766 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1315 attack attempt (server-webapp.rules)
 * 3:57764 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1315 attack attempt (server-webapp.rules)
 * 3:57768 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1325 attack attempt (server-webapp.rules)
 * 3:57778 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1328 attack attempt (server-webapp.rules)

Modified Rules:


 * 1:47425 <-> DISABLED <-> SERVER-WEBAPP Raptr Plays.tv unauthenticated remote arbitrary file execution attempt (server-webapp.rules)
 * 1:57756 <-> DISABLED <-> MALWARE-CNC DNS Fast Flux attempt (malware-cnc.rules)
 * 1:10475 <-> DISABLED <-> OS-WINDOWS Microsoft Windows UPnP notification type overflow attempt (os-windows.rules)
 * 1:16072 <-> DISABLED <-> SERVER-OTHER CUPS server query metacharacter buffer overflow attempt (server-other.rules)
 * 1:19245 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer redirect to cdl protocol attempt (browser-ie.rules)
 * 1:44686 <-> DISABLED <-> SERVER-OTHER TVMOBiLi HttpUtils.dll denial of service attempt (server-other.rules)
 * 1:33814 <-> DISABLED <-> SERVER-OTHER ElasticSearch script remote code execution attempt (server-other.rules)
 * 1:3816 <-> DISABLED <-> SERVER-WEBAPP BadBlue ext.dll buffer overflow attempt (server-webapp.rules)
 * 1:43390 <-> DISABLED <-> SERVER-WEBAPP Netgear Prosafe startup config information disclosure attempt (server-webapp.rules)
 * 1:43595 <-> DISABLED <-> SERVER-WEBAPP Netgear Prosafe filesystem denial of service attempt (server-webapp.rules)
 * 1:44685 <-> DISABLED <-> SERVER-OTHER TVMOBiLi HttpUtils.dll denial of service attempt (server-other.rules)

29160

2021-06-15 12:56:08 UTC

Snort Subscriber Rules Update

Date: 2021-06-15

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091600.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:57771 <-> DISABLED <-> OS-WINDOWS Microsoft Windows UPnP notification type overflow attempt (os-windows.rules)
 * 1:57762 <-> DISABLED <-> SERVER-WEBAPP TP-Link WiFi router authenticated WanStaticIpV6CfgRpm stack buffer overflow attempt (server-webapp.rules)
 * 1:57763 <-> DISABLED <-> SERVER-OTHER ElasticSearch script remote code execution attempt (server-other.rules)
 * 1:57770 <-> DISABLED <-> OS-WINDOWS Microsoft Windows UPnP notification type overflow attempt (os-windows.rules)
 * 1:57782 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.IPsecHelper outbound connection attempt (malware-cnc.rules)
 * 1:57781 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.IPsecHelper outbound connection attempt (malware-cnc.rules)
 * 1:57760 <-> DISABLED <-> OS-WINDOWS Generic HyperLink buffer overflow attempt (os-windows.rules)
 * 1:57773 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bazaloader variant outbound request detected (malware-cnc.rules)
 * 1:57761 <-> DISABLED <-> SERVER-WEBAPP TP-Link WiFi router authenticated PingIframeRpm stack buffer overflow attempt (server-webapp.rules)
 * 1:57772 <-> DISABLED <-> OS-WINDOWS Microsoft Windows UPnP notification type overflow attempt (os-windows.rules)
 * 1:57780 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.IPsecHelper outbound connection attempt (malware-cnc.rules)
 * 3:57779 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1328 attack attempt (server-webapp.rules)
 * 3:57767 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1325 attack attempt (server-webapp.rules)
 * 3:57769 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1325 attack attempt (server-webapp.rules)
 * 3:57783 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1324 attack attempt (server-webapp.rules)
 * 3:57776 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1326 attack attempt (server-webapp.rules)
 * 3:57774 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1326 attack attempt (server-webapp.rules)
 * 3:57765 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1315 attack attempt (server-webapp.rules)
 * 3:57777 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1328 attack attempt (server-webapp.rules)
 * 3:57766 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1315 attack attempt (server-webapp.rules)
 * 3:57775 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1326 attack attempt (server-webapp.rules)
 * 3:57778 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1328 attack attempt (server-webapp.rules)
 * 3:57784 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1324 attack attempt (server-webapp.rules)
 * 3:57764 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1315 attack attempt (server-webapp.rules)
 * 3:57768 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1325 attack attempt (server-webapp.rules)

Modified Rules:


 * 1:43390 <-> DISABLED <-> SERVER-WEBAPP Netgear Prosafe startup config information disclosure attempt (server-webapp.rules)
 * 1:3816 <-> DISABLED <-> SERVER-WEBAPP BadBlue ext.dll buffer overflow attempt (server-webapp.rules)
 * 1:44685 <-> DISABLED <-> SERVER-OTHER TVMOBiLi HttpUtils.dll denial of service attempt (server-other.rules)
 * 1:43595 <-> DISABLED <-> SERVER-WEBAPP Netgear Prosafe filesystem denial of service attempt (server-webapp.rules)
 * 1:44686 <-> DISABLED <-> SERVER-OTHER TVMOBiLi HttpUtils.dll denial of service attempt (server-other.rules)
 * 1:47425 <-> DISABLED <-> SERVER-WEBAPP Raptr Plays.tv unauthenticated remote arbitrary file execution attempt (server-webapp.rules)
 * 1:57756 <-> DISABLED <-> MALWARE-CNC DNS Fast Flux attempt (malware-cnc.rules)
 * 1:33814 <-> DISABLED <-> SERVER-OTHER ElasticSearch script remote code execution attempt (server-other.rules)
 * 1:16072 <-> DISABLED <-> SERVER-OTHER CUPS server query metacharacter buffer overflow attempt (server-other.rules)
 * 1:19245 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer redirect to cdl protocol attempt (browser-ie.rules)
 * 1:10475 <-> DISABLED <-> OS-WINDOWS Microsoft Windows UPnP notification type overflow attempt (os-windows.rules)

29151

2021-06-15 12:56:08 UTC

Snort Subscriber Rules Update

Date: 2021-06-15

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091501.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:57762 <-> DISABLED <-> SERVER-WEBAPP TP-Link WiFi router authenticated WanStaticIpV6CfgRpm stack buffer overflow attempt (server-webapp.rules)
 * 1:57763 <-> DISABLED <-> SERVER-OTHER ElasticSearch script remote code execution attempt (server-other.rules)
 * 1:57770 <-> DISABLED <-> OS-WINDOWS Microsoft Windows UPnP notification type overflow attempt (os-windows.rules)
 * 1:57761 <-> DISABLED <-> SERVER-WEBAPP TP-Link WiFi router authenticated PingIframeRpm stack buffer overflow attempt (server-webapp.rules)
 * 1:57760 <-> DISABLED <-> OS-WINDOWS Generic HyperLink buffer overflow attempt (os-windows.rules)
 * 1:57771 <-> DISABLED <-> OS-WINDOWS Microsoft Windows UPnP notification type overflow attempt (os-windows.rules)
 * 1:57781 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.IPsecHelper outbound connection attempt (malware-cnc.rules)
 * 1:57782 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.IPsecHelper outbound connection attempt (malware-cnc.rules)
 * 1:57772 <-> DISABLED <-> OS-WINDOWS Microsoft Windows UPnP notification type overflow attempt (os-windows.rules)
 * 1:57773 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bazaloader variant outbound request detected (malware-cnc.rules)
 * 1:57780 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.IPsecHelper outbound connection attempt (malware-cnc.rules)
 * 3:57784 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1324 attack attempt (server-webapp.rules)
 * 3:57765 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1315 attack attempt (server-webapp.rules)
 * 3:57774 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1326 attack attempt (server-webapp.rules)
 * 3:57768 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1325 attack attempt (server-webapp.rules)
 * 3:57783 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1324 attack attempt (server-webapp.rules)
 * 3:57777 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1328 attack attempt (server-webapp.rules)
 * 3:57767 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1325 attack attempt (server-webapp.rules)
 * 3:57769 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1325 attack attempt (server-webapp.rules)
 * 3:57776 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1326 attack attempt (server-webapp.rules)
 * 3:57764 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1315 attack attempt (server-webapp.rules)
 * 3:57778 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1328 attack attempt (server-webapp.rules)
 * 3:57775 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1326 attack attempt (server-webapp.rules)
 * 3:57779 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1328 attack attempt (server-webapp.rules)
 * 3:57766 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1315 attack attempt (server-webapp.rules)

Modified Rules:


 * 1:57756 <-> DISABLED <-> MALWARE-CNC DNS Fast Flux attempt (malware-cnc.rules)
 * 1:10475 <-> DISABLED <-> OS-WINDOWS Microsoft Windows UPnP notification type overflow attempt (os-windows.rules)
 * 1:47425 <-> DISABLED <-> SERVER-WEBAPP Raptr Plays.tv unauthenticated remote arbitrary file execution attempt (server-webapp.rules)
 * 1:16072 <-> DISABLED <-> SERVER-OTHER CUPS server query metacharacter buffer overflow attempt (server-other.rules)
 * 1:44686 <-> DISABLED <-> SERVER-OTHER TVMOBiLi HttpUtils.dll denial of service attempt (server-other.rules)
 * 1:19245 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer redirect to cdl protocol attempt (browser-ie.rules)
 * 1:33814 <-> DISABLED <-> SERVER-OTHER ElasticSearch script remote code execution attempt (server-other.rules)
 * 1:3816 <-> DISABLED <-> SERVER-WEBAPP BadBlue ext.dll buffer overflow attempt (server-webapp.rules)
 * 1:43390 <-> DISABLED <-> SERVER-WEBAPP Netgear Prosafe startup config information disclosure attempt (server-webapp.rules)
 * 1:43595 <-> DISABLED <-> SERVER-WEBAPP Netgear Prosafe filesystem denial of service attempt (server-webapp.rules)
 * 1:44685 <-> DISABLED <-> SERVER-OTHER TVMOBiLi HttpUtils.dll denial of service attempt (server-other.rules)

29150

2021-06-15 12:56:08 UTC

Snort Subscriber Rules Update

Date: 2021-06-15

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091500.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:57763 <-> DISABLED <-> SERVER-OTHER ElasticSearch script remote code execution attempt (server-other.rules)
 * 1:57770 <-> DISABLED <-> OS-WINDOWS Microsoft Windows UPnP notification type overflow attempt (os-windows.rules)
 * 1:57761 <-> DISABLED <-> SERVER-WEBAPP TP-Link WiFi router authenticated PingIframeRpm stack buffer overflow attempt (server-webapp.rules)
 * 1:57782 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.IPsecHelper outbound connection attempt (malware-cnc.rules)
 * 1:57780 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.IPsecHelper outbound connection attempt (malware-cnc.rules)
 * 1:57760 <-> DISABLED <-> OS-WINDOWS Generic HyperLink buffer overflow attempt (os-windows.rules)
 * 1:57772 <-> DISABLED <-> OS-WINDOWS Microsoft Windows UPnP notification type overflow attempt (os-windows.rules)
 * 1:57781 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.IPsecHelper outbound connection attempt (malware-cnc.rules)
 * 1:57762 <-> DISABLED <-> SERVER-WEBAPP TP-Link WiFi router authenticated WanStaticIpV6CfgRpm stack buffer overflow attempt (server-webapp.rules)
 * 1:57773 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bazaloader variant outbound request detected (malware-cnc.rules)
 * 1:57771 <-> DISABLED <-> OS-WINDOWS Microsoft Windows UPnP notification type overflow attempt (os-windows.rules)
 * 3:57779 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1328 attack attempt (server-webapp.rules)
 * 3:57775 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1326 attack attempt (server-webapp.rules)
 * 3:57776 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1326 attack attempt (server-webapp.rules)
 * 3:57774 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1326 attack attempt (server-webapp.rules)
 * 3:57769 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1325 attack attempt (server-webapp.rules)
 * 3:57766 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1315 attack attempt (server-webapp.rules)
 * 3:57783 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1324 attack attempt (server-webapp.rules)
 * 3:57778 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1328 attack attempt (server-webapp.rules)
 * 3:57784 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1324 attack attempt (server-webapp.rules)
 * 3:57767 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1325 attack attempt (server-webapp.rules)
 * 3:57777 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1328 attack attempt (server-webapp.rules)
 * 3:57765 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1315 attack attempt (server-webapp.rules)
 * 3:57768 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1325 attack attempt (server-webapp.rules)
 * 3:57764 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1315 attack attempt (server-webapp.rules)

Modified Rules:


 * 1:57756 <-> DISABLED <-> MALWARE-CNC DNS Fast Flux attempt (malware-cnc.rules)
 * 1:10475 <-> DISABLED <-> OS-WINDOWS Microsoft Windows UPnP notification type overflow attempt (os-windows.rules)
 * 1:16072 <-> DISABLED <-> SERVER-OTHER CUPS server query metacharacter buffer overflow attempt (server-other.rules)
 * 1:44686 <-> DISABLED <-> SERVER-OTHER TVMOBiLi HttpUtils.dll denial of service attempt (server-other.rules)
 * 1:19245 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer redirect to cdl protocol attempt (browser-ie.rules)
 * 1:47425 <-> DISABLED <-> SERVER-WEBAPP Raptr Plays.tv unauthenticated remote arbitrary file execution attempt (server-webapp.rules)
 * 1:33814 <-> DISABLED <-> SERVER-OTHER ElasticSearch script remote code execution attempt (server-other.rules)
 * 1:3816 <-> DISABLED <-> SERVER-WEBAPP BadBlue ext.dll buffer overflow attempt (server-webapp.rules)
 * 1:43390 <-> DISABLED <-> SERVER-WEBAPP Netgear Prosafe startup config information disclosure attempt (server-webapp.rules)
 * 1:43595 <-> DISABLED <-> SERVER-WEBAPP Netgear Prosafe filesystem denial of service attempt (server-webapp.rules)
 * 1:44685 <-> DISABLED <-> SERVER-OTHER TVMOBiLi HttpUtils.dll denial of service attempt (server-other.rules)

29141

2021-06-15 12:56:08 UTC

Snort Subscriber Rules Update

Date: 2021-06-15

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091401.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:57763 <-> DISABLED <-> SERVER-OTHER ElasticSearch script remote code execution attempt (server-other.rules)
 * 1:57773 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bazaloader variant outbound request detected (malware-cnc.rules)
 * 1:57781 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.IPsecHelper outbound connection attempt (malware-cnc.rules)
 * 1:57780 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.IPsecHelper outbound connection attempt (malware-cnc.rules)
 * 1:57762 <-> DISABLED <-> SERVER-WEBAPP TP-Link WiFi router authenticated WanStaticIpV6CfgRpm stack buffer overflow attempt (server-webapp.rules)
 * 1:57770 <-> DISABLED <-> OS-WINDOWS Microsoft Windows UPnP notification type overflow attempt (os-windows.rules)
 * 1:57772 <-> DISABLED <-> OS-WINDOWS Microsoft Windows UPnP notification type overflow attempt (os-windows.rules)
 * 1:57771 <-> DISABLED <-> OS-WINDOWS Microsoft Windows UPnP notification type overflow attempt (os-windows.rules)
 * 1:57782 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.IPsecHelper outbound connection attempt (malware-cnc.rules)
 * 1:57761 <-> DISABLED <-> SERVER-WEBAPP TP-Link WiFi router authenticated PingIframeRpm stack buffer overflow attempt (server-webapp.rules)
 * 1:57760 <-> DISABLED <-> OS-WINDOWS Generic HyperLink buffer overflow attempt (os-windows.rules)
 * 3:57768 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1325 attack attempt (server-webapp.rules)
 * 3:57777 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1328 attack attempt (server-webapp.rules)
 * 3:57765 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1315 attack attempt (server-webapp.rules)
 * 3:57778 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1328 attack attempt (server-webapp.rules)
 * 3:57774 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1326 attack attempt (server-webapp.rules)
 * 3:57764 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1315 attack attempt (server-webapp.rules)
 * 3:57767 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1325 attack attempt (server-webapp.rules)
 * 3:57784 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1324 attack attempt (server-webapp.rules)
 * 3:57776 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1326 attack attempt (server-webapp.rules)
 * 3:57769 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1325 attack attempt (server-webapp.rules)
 * 3:57779 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1328 attack attempt (server-webapp.rules)
 * 3:57775 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1326 attack attempt (server-webapp.rules)
 * 3:57783 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1324 attack attempt (server-webapp.rules)
 * 3:57766 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1315 attack attempt (server-webapp.rules)

Modified Rules:


 * 1:57756 <-> DISABLED <-> MALWARE-CNC DNS Fast Flux attempt (malware-cnc.rules)
 * 1:44685 <-> DISABLED <-> SERVER-OTHER TVMOBiLi HttpUtils.dll denial of service attempt (server-other.rules)
 * 1:16072 <-> DISABLED <-> SERVER-OTHER CUPS server query metacharacter buffer overflow attempt (server-other.rules)
 * 1:19245 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer redirect to cdl protocol attempt (browser-ie.rules)
 * 1:47425 <-> DISABLED <-> SERVER-WEBAPP Raptr Plays.tv unauthenticated remote arbitrary file execution attempt (server-webapp.rules)
 * 1:3816 <-> DISABLED <-> SERVER-WEBAPP BadBlue ext.dll buffer overflow attempt (server-webapp.rules)
 * 1:43390 <-> DISABLED <-> SERVER-WEBAPP Netgear Prosafe startup config information disclosure attempt (server-webapp.rules)
 * 1:33814 <-> DISABLED <-> SERVER-OTHER ElasticSearch script remote code execution attempt (server-other.rules)
 * 1:10475 <-> DISABLED <-> OS-WINDOWS Microsoft Windows UPnP notification type overflow attempt (os-windows.rules)
 * 1:44686 <-> DISABLED <-> SERVER-OTHER TVMOBiLi HttpUtils.dll denial of service attempt (server-other.rules)
 * 1:43595 <-> DISABLED <-> SERVER-WEBAPP Netgear Prosafe filesystem denial of service attempt (server-webapp.rules)

29130

2021-06-15 12:56:08 UTC

Snort Subscriber Rules Update

Date: 2021-06-15

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091300.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:57780 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.IPsecHelper outbound connection attempt (malware-cnc.rules)
 * 1:57770 <-> DISABLED <-> OS-WINDOWS Microsoft Windows UPnP notification type overflow attempt (os-windows.rules)
 * 1:57760 <-> DISABLED <-> OS-WINDOWS Generic HyperLink buffer overflow attempt (os-windows.rules)
 * 1:57762 <-> DISABLED <-> SERVER-WEBAPP TP-Link WiFi router authenticated WanStaticIpV6CfgRpm stack buffer overflow attempt (server-webapp.rules)
 * 1:57772 <-> DISABLED <-> OS-WINDOWS Microsoft Windows UPnP notification type overflow attempt (os-windows.rules)
 * 1:57771 <-> DISABLED <-> OS-WINDOWS Microsoft Windows UPnP notification type overflow attempt (os-windows.rules)
 * 1:57781 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.IPsecHelper outbound connection attempt (malware-cnc.rules)
 * 1:57773 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bazaloader variant outbound request detected (malware-cnc.rules)
 * 1:57763 <-> DISABLED <-> SERVER-OTHER ElasticSearch script remote code execution attempt (server-other.rules)
 * 1:57761 <-> DISABLED <-> SERVER-WEBAPP TP-Link WiFi router authenticated PingIframeRpm stack buffer overflow attempt (server-webapp.rules)
 * 1:57782 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.IPsecHelper outbound connection attempt (malware-cnc.rules)
 * 3:57766 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1315 attack attempt (server-webapp.rules)
 * 3:57767 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1325 attack attempt (server-webapp.rules)
 * 3:57769 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1325 attack attempt (server-webapp.rules)
 * 3:57774 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1326 attack attempt (server-webapp.rules)
 * 3:57768 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1325 attack attempt (server-webapp.rules)
 * 3:57784 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1324 attack attempt (server-webapp.rules)
 * 3:57775 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1326 attack attempt (server-webapp.rules)
 * 3:57777 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1328 attack attempt (server-webapp.rules)
 * 3:57778 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1328 attack attempt (server-webapp.rules)
 * 3:57783 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1324 attack attempt (server-webapp.rules)
 * 3:57776 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1326 attack attempt (server-webapp.rules)
 * 3:57765 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1315 attack attempt (server-webapp.rules)
 * 3:57779 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1328 attack attempt (server-webapp.rules)
 * 3:57764 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1315 attack attempt (server-webapp.rules)

Modified Rules:


 * 1:47425 <-> DISABLED <-> SERVER-WEBAPP Raptr Plays.tv unauthenticated remote arbitrary file execution attempt (server-webapp.rules)
 * 1:57756 <-> DISABLED <-> MALWARE-CNC DNS Fast Flux attempt (malware-cnc.rules)
 * 1:10475 <-> DISABLED <-> OS-WINDOWS Microsoft Windows UPnP notification type overflow attempt (os-windows.rules)
 * 1:16072 <-> DISABLED <-> SERVER-OTHER CUPS server query metacharacter buffer overflow attempt (server-other.rules)
 * 1:44686 <-> DISABLED <-> SERVER-OTHER TVMOBiLi HttpUtils.dll denial of service attempt (server-other.rules)
 * 1:19245 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer redirect to cdl protocol attempt (browser-ie.rules)
 * 1:33814 <-> DISABLED <-> SERVER-OTHER ElasticSearch script remote code execution attempt (server-other.rules)
 * 1:3816 <-> DISABLED <-> SERVER-WEBAPP BadBlue ext.dll buffer overflow attempt (server-webapp.rules)
 * 1:43390 <-> DISABLED <-> SERVER-WEBAPP Netgear Prosafe startup config information disclosure attempt (server-webapp.rules)
 * 1:43595 <-> DISABLED <-> SERVER-WEBAPP Netgear Prosafe filesystem denial of service attempt (server-webapp.rules)
 * 1:44685 <-> DISABLED <-> SERVER-OTHER TVMOBiLi HttpUtils.dll denial of service attempt (server-other.rules)

29111

2021-06-15 12:56:08 UTC

Snort Subscriber Rules Update

Date: 2021-06-15

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091101.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:57781 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.IPsecHelper outbound connection attempt (malware-cnc.rules)
 * 1:57773 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bazaloader variant outbound request detected (malware-cnc.rules)
 * 1:57782 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.IPsecHelper outbound connection attempt (malware-cnc.rules)
 * 1:57780 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.IPsecHelper outbound connection attempt (malware-cnc.rules)
 * 1:57760 <-> DISABLED <-> OS-WINDOWS Generic HyperLink buffer overflow attempt (os-windows.rules)
 * 1:57761 <-> DISABLED <-> SERVER-WEBAPP TP-Link WiFi router authenticated PingIframeRpm stack buffer overflow attempt (server-webapp.rules)
 * 1:57762 <-> DISABLED <-> SERVER-WEBAPP TP-Link WiFi router authenticated WanStaticIpV6CfgRpm stack buffer overflow attempt (server-webapp.rules)
 * 1:57772 <-> DISABLED <-> OS-WINDOWS Microsoft Windows UPnP notification type overflow attempt (os-windows.rules)
 * 1:57763 <-> DISABLED <-> SERVER-OTHER ElasticSearch script remote code execution attempt (server-other.rules)
 * 1:57770 <-> DISABLED <-> OS-WINDOWS Microsoft Windows UPnP notification type overflow attempt (os-windows.rules)
 * 1:57771 <-> DISABLED <-> OS-WINDOWS Microsoft Windows UPnP notification type overflow attempt (os-windows.rules)
 * 3:57775 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1326 attack attempt (server-webapp.rules)
 * 3:57776 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1326 attack attempt (server-webapp.rules)
 * 3:57764 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1315 attack attempt (server-webapp.rules)
 * 3:57777 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1328 attack attempt (server-webapp.rules)
 * 3:57778 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1328 attack attempt (server-webapp.rules)
 * 3:57783 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1324 attack attempt (server-webapp.rules)
 * 3:57774 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1326 attack attempt (server-webapp.rules)
 * 3:57768 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1325 attack attempt (server-webapp.rules)
 * 3:57766 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1315 attack attempt (server-webapp.rules)
 * 3:57779 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1328 attack attempt (server-webapp.rules)
 * 3:57767 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1325 attack attempt (server-webapp.rules)
 * 3:57784 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1324 attack attempt (server-webapp.rules)
 * 3:57765 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1315 attack attempt (server-webapp.rules)
 * 3:57769 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1325 attack attempt (server-webapp.rules)

Modified Rules:


 * 1:57756 <-> DISABLED <-> MALWARE-CNC DNS Fast Flux attempt (malware-cnc.rules)
 * 1:10475 <-> DISABLED <-> OS-WINDOWS Microsoft Windows UPnP notification type overflow attempt (os-windows.rules)
 * 1:47425 <-> DISABLED <-> SERVER-WEBAPP Raptr Plays.tv unauthenticated remote arbitrary file execution attempt (server-webapp.rules)
 * 1:16072 <-> DISABLED <-> SERVER-OTHER CUPS server query metacharacter buffer overflow attempt (server-other.rules)
 * 1:19245 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer redirect to cdl protocol attempt (browser-ie.rules)
 * 1:33814 <-> DISABLED <-> SERVER-OTHER ElasticSearch script remote code execution attempt (server-other.rules)
 * 1:3816 <-> DISABLED <-> SERVER-WEBAPP BadBlue ext.dll buffer overflow attempt (server-webapp.rules)
 * 1:43390 <-> DISABLED <-> SERVER-WEBAPP Netgear Prosafe startup config information disclosure attempt (server-webapp.rules)
 * 1:44686 <-> DISABLED <-> SERVER-OTHER TVMOBiLi HttpUtils.dll denial of service attempt (server-other.rules)
 * 1:43595 <-> DISABLED <-> SERVER-WEBAPP Netgear Prosafe filesystem denial of service attempt (server-webapp.rules)
 * 1:44685 <-> DISABLED <-> SERVER-OTHER TVMOBiLi HttpUtils.dll denial of service attempt (server-other.rules)

3000

2021-06-15 12:56:08 UTC

Snort Subscriber Rules Update

Date: 2021-06-15

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3000.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:57771 <-> DISABLED <-> OS-WINDOWS Microsoft Windows UPnP notification type overflow attempt (snort3-os-windows.rules)
 * 1:57780 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.IPsecHelper outbound connection attempt (snort3-malware-cnc.rules)
 * 1:57781 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.IPsecHelper outbound connection attempt (snort3-malware-cnc.rules)
 * 1:57761 <-> DISABLED <-> SERVER-WEBAPP TP-Link WiFi router authenticated PingIframeRpm stack buffer overflow attempt (snort3-server-webapp.rules)
 * 1:57772 <-> DISABLED <-> OS-WINDOWS Microsoft Windows UPnP notification type overflow attempt (snort3-os-windows.rules)
 * 1:57760 <-> DISABLED <-> OS-WINDOWS Generic HyperLink buffer overflow attempt (snort3-os-windows.rules)
 * 1:57762 <-> DISABLED <-> SERVER-WEBAPP TP-Link WiFi router authenticated WanStaticIpV6CfgRpm stack buffer overflow attempt (snort3-server-webapp.rules)
 * 1:57782 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.IPsecHelper outbound connection attempt (snort3-malware-cnc.rules)
 * 1:57773 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bazaloader variant outbound request detected (snort3-malware-cnc.rules)
 * 1:57763 <-> DISABLED <-> SERVER-OTHER ElasticSearch script remote code execution attempt (snort3-server-other.rules)
 * 1:57770 <-> DISABLED <-> OS-WINDOWS Microsoft Windows UPnP notification type overflow attempt (snort3-os-windows.rules)

Modified Rules:


 * 1:16072 <-> DISABLED <-> SERVER-OTHER CUPS server query metacharacter buffer overflow attempt (snort3-server-other.rules)
 * 1:47425 <-> DISABLED <-> SERVER-WEBAPP Raptr Plays.tv unauthenticated remote arbitrary file execution attempt (snort3-server-webapp.rules)
 * 1:33814 <-> DISABLED <-> SERVER-OTHER ElasticSearch script remote code execution attempt (snort3-server-other.rules)
 * 1:43595 <-> DISABLED <-> SERVER-WEBAPP Netgear Prosafe filesystem denial of service attempt (snort3-server-webapp.rules)
 * 1:57756 <-> DISABLED <-> MALWARE-CNC DNS Fast Flux attempt (snort3-malware-cnc.rules)
 * 1:19245 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer redirect to cdl protocol attempt (snort3-browser-ie.rules)
 * 1:44685 <-> DISABLED <-> SERVER-OTHER TVMOBiLi HttpUtils.dll denial of service attempt (snort3-server-other.rules)
 * 1:3816 <-> DISABLED <-> SERVER-WEBAPP BadBlue ext.dll buffer overflow attempt (snort3-server-webapp.rules)
 * 1:44686 <-> DISABLED <-> SERVER-OTHER TVMOBiLi HttpUtils.dll denial of service attempt (snort3-server-other.rules)
 * 1:43390 <-> DISABLED <-> SERVER-WEBAPP Netgear Prosafe startup config information disclosure attempt (snort3-server-webapp.rules)
 * 1:10475 <-> DISABLED <-> OS-WINDOWS Microsoft Windows UPnP notification type overflow attempt (snort3-os-windows.rules)

2983

2021-06-15 12:56:08 UTC

Snort Subscriber Rules Update

Date: 2021-06-15

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:57772 <-> DISABLED <-> OS-WINDOWS Microsoft Windows UPnP notification type overflow attempt (os-windows.rules)
 * 1:57770 <-> DISABLED <-> OS-WINDOWS Microsoft Windows UPnP notification type overflow attempt (os-windows.rules)
 * 1:57761 <-> DISABLED <-> SERVER-WEBAPP TP-Link WiFi router authenticated PingIframeRpm stack buffer overflow attempt (server-webapp.rules)
 * 1:57763 <-> DISABLED <-> SERVER-OTHER ElasticSearch script remote code execution attempt (server-other.rules)
 * 1:57771 <-> DISABLED <-> OS-WINDOWS Microsoft Windows UPnP notification type overflow attempt (os-windows.rules)
 * 1:57773 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bazaloader variant outbound request detected (malware-cnc.rules)
 * 1:57780 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.IPsecHelper outbound connection attempt (malware-cnc.rules)
 * 1:57762 <-> DISABLED <-> SERVER-WEBAPP TP-Link WiFi router authenticated WanStaticIpV6CfgRpm stack buffer overflow attempt (server-webapp.rules)
 * 1:57781 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.IPsecHelper outbound connection attempt (malware-cnc.rules)
 * 1:57760 <-> DISABLED <-> OS-WINDOWS Generic HyperLink buffer overflow attempt (os-windows.rules)
 * 1:57782 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.IPsecHelper outbound connection attempt (malware-cnc.rules)
 * 3:57774 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1326 attack attempt (server-webapp.rules)
 * 3:57766 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1315 attack attempt (server-webapp.rules)
 * 3:57768 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1325 attack attempt (server-webapp.rules)
 * 3:57764 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1315 attack attempt (server-webapp.rules)
 * 3:57784 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1324 attack attempt (server-webapp.rules)
 * 3:57769 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1325 attack attempt (server-webapp.rules)
 * 3:57778 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1328 attack attempt (server-webapp.rules)
 * 3:57779 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1328 attack attempt (server-webapp.rules)
 * 3:57775 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1326 attack attempt (server-webapp.rules)
 * 3:57777 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1328 attack attempt (server-webapp.rules)
 * 3:57767 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1325 attack attempt (server-webapp.rules)
 * 3:57783 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1324 attack attempt (server-webapp.rules)
 * 3:57765 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1315 attack attempt (server-webapp.rules)
 * 3:57776 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1326 attack attempt (server-webapp.rules)

Modified Rules:


 * 1:33814 <-> DISABLED <-> SERVER-OTHER ElasticSearch script remote code execution attempt (server-other.rules)
 * 1:10475 <-> DISABLED <-> OS-WINDOWS Microsoft Windows UPnP notification type overflow attempt (os-windows.rules)
 * 1:43390 <-> DISABLED <-> SERVER-WEBAPP Netgear Prosafe startup config information disclosure attempt (server-webapp.rules)
 * 1:16072 <-> DISABLED <-> SERVER-OTHER CUPS server query metacharacter buffer overflow attempt (server-other.rules)
 * 1:19245 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer redirect to cdl protocol attempt (browser-ie.rules)
 * 1:44686 <-> DISABLED <-> SERVER-OTHER TVMOBiLi HttpUtils.dll denial of service attempt (server-other.rules)
 * 1:3816 <-> DISABLED <-> SERVER-WEBAPP BadBlue ext.dll buffer overflow attempt (server-webapp.rules)
 * 1:44685 <-> DISABLED <-> SERVER-OTHER TVMOBiLi HttpUtils.dll denial of service attempt (server-other.rules)
 * 1:47425 <-> DISABLED <-> SERVER-WEBAPP Raptr Plays.tv unauthenticated remote arbitrary file execution attempt (server-webapp.rules)
 * 1:43595 <-> DISABLED <-> SERVER-WEBAPP Netgear Prosafe filesystem denial of service attempt (server-webapp.rules)

3031

2021-06-15 12:59:31 UTC

Snort Subscriber Rules Update

Date: 2021-06-14-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.0.3.1.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:57760 <-> OS-WINDOWS Generic HyperLink buffer overflow attempt
* 1:57761 <-> SERVER-WEBAPP TP-Link WiFi router authenticated PingIframeRpm stack buffer overflow attempt
* 1:57762 <-> SERVER-WEBAPP TP-Link WiFi router authenticated WanStaticIpV6CfgRpm stack buffer overflow attempt
* 1:57763 <-> SERVER-OTHER ElasticSearch script remote code execution attempt
* 1:57770 <-> OS-WINDOWS Microsoft Windows UPnP notification type overflow attempt
* 1:57771 <-> OS-WINDOWS Microsoft Windows UPnP notification type overflow attempt
* 1:57772 <-> OS-WINDOWS Microsoft Windows UPnP notification type overflow attempt
* 1:57773 <-> MALWARE-CNC Win.Trojan.Bazaloader variant outbound request detected
* 1:57780 <-> MALWARE-CNC Win.Backdoor.IPsecHelper outbound connection attempt
* 1:57781 <-> MALWARE-CNC Win.Backdoor.IPsecHelper outbound connection attempt
* 1:57782 <-> MALWARE-CNC Win.Backdoor.IPsecHelper outbound connection attempt

Modified Rules:

* 1:10475 <-> OS-WINDOWS Microsoft Windows UPnP notification type overflow attempt
* 1:16072 <-> SERVER-OTHER CUPS server query metacharacter buffer overflow attempt
* 1:19245 <-> BROWSER-IE Microsoft Internet Explorer redirect to cdl protocol attempt
* 1:33814 <-> SERVER-OTHER ElasticSearch script remote code execution attempt
* 1:3816 <-> SERVER-WEBAPP BadBlue ext.dll buffer overflow attempt
* 1:43390 <-> SERVER-WEBAPP Netgear Prosafe startup config information disclosure attempt
* 1:43595 <-> SERVER-WEBAPP Netgear Prosafe filesystem denial of service attempt
* 1:44685 <-> SERVER-OTHER TVMOBiLi HttpUtils.dll denial of service attempt
* 1:44686 <-> SERVER-OTHER TVMOBiLi HttpUtils.dll denial of service attempt
* 1:47425 <-> SERVER-WEBAPP Raptr Plays.tv unauthenticated remote arbitrary file execution attempt
* 1:57756 <-> MALWARE-CNC DNS Fast Flux attempt

3034

2021-06-15 12:59:31 UTC

Snort Subscriber Rules Update

Date: 2021-06-14-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.0.3.4.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:57760 <-> OS-WINDOWS Generic HyperLink buffer overflow attempt
* 1:57761 <-> SERVER-WEBAPP TP-Link WiFi router authenticated PingIframeRpm stack buffer overflow attempt
* 1:57762 <-> SERVER-WEBAPP TP-Link WiFi router authenticated WanStaticIpV6CfgRpm stack buffer overflow attempt
* 1:57763 <-> SERVER-OTHER ElasticSearch script remote code execution attempt
* 1:57770 <-> OS-WINDOWS Microsoft Windows UPnP notification type overflow attempt
* 1:57771 <-> OS-WINDOWS Microsoft Windows UPnP notification type overflow attempt
* 1:57772 <-> OS-WINDOWS Microsoft Windows UPnP notification type overflow attempt
* 1:57773 <-> MALWARE-CNC Win.Trojan.Bazaloader variant outbound request detected
* 1:57780 <-> MALWARE-CNC Win.Backdoor.IPsecHelper outbound connection attempt
* 1:57781 <-> MALWARE-CNC Win.Backdoor.IPsecHelper outbound connection attempt
* 1:57782 <-> MALWARE-CNC Win.Backdoor.IPsecHelper outbound connection attempt

Modified Rules:

* 1:10475 <-> OS-WINDOWS Microsoft Windows UPnP notification type overflow attempt
* 1:16072 <-> SERVER-OTHER CUPS server query metacharacter buffer overflow attempt
* 1:19245 <-> BROWSER-IE Microsoft Internet Explorer redirect to cdl protocol attempt
* 1:33814 <-> SERVER-OTHER ElasticSearch script remote code execution attempt
* 1:3816 <-> SERVER-WEBAPP BadBlue ext.dll buffer overflow attempt
* 1:43390 <-> SERVER-WEBAPP Netgear Prosafe startup config information disclosure attempt
* 1:43595 <-> SERVER-WEBAPP Netgear Prosafe filesystem denial of service attempt
* 1:44685 <-> SERVER-OTHER TVMOBiLi HttpUtils.dll denial of service attempt
* 1:44686 <-> SERVER-OTHER TVMOBiLi HttpUtils.dll denial of service attempt
* 1:47425 <-> SERVER-WEBAPP Raptr Plays.tv unauthenticated remote arbitrary file execution attempt
* 1:57756 <-> MALWARE-CNC DNS Fast Flux attempt

3100

2021-06-15 12:59:31 UTC

Snort Subscriber Rules Update

Date: 2021-06-14-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.0.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:57760 <-> OS-WINDOWS Generic HyperLink buffer overflow attempt
* 1:57761 <-> SERVER-WEBAPP TP-Link WiFi router authenticated PingIframeRpm stack buffer overflow attempt
* 1:57762 <-> SERVER-WEBAPP TP-Link WiFi router authenticated WanStaticIpV6CfgRpm stack buffer overflow attempt
* 1:57763 <-> SERVER-OTHER ElasticSearch script remote code execution attempt
* 1:57770 <-> OS-WINDOWS Microsoft Windows UPnP notification type overflow attempt
* 1:57771 <-> OS-WINDOWS Microsoft Windows UPnP notification type overflow attempt
* 1:57772 <-> OS-WINDOWS Microsoft Windows UPnP notification type overflow attempt
* 1:57773 <-> MALWARE-CNC Win.Trojan.Bazaloader variant outbound request detected
* 1:57780 <-> MALWARE-CNC Win.Backdoor.IPsecHelper outbound connection attempt
* 1:57781 <-> MALWARE-CNC Win.Backdoor.IPsecHelper outbound connection attempt
* 1:57782 <-> MALWARE-CNC Win.Backdoor.IPsecHelper outbound connection attempt

Modified Rules:

* 1:10475 <-> OS-WINDOWS Microsoft Windows UPnP notification type overflow attempt
* 1:16072 <-> SERVER-OTHER CUPS server query metacharacter buffer overflow attempt
* 1:19245 <-> BROWSER-IE Microsoft Internet Explorer redirect to cdl protocol attempt
* 1:33814 <-> SERVER-OTHER ElasticSearch script remote code execution attempt
* 1:3816 <-> SERVER-WEBAPP BadBlue ext.dll buffer overflow attempt
* 1:43390 <-> SERVER-WEBAPP Netgear Prosafe startup config information disclosure attempt
* 1:43595 <-> SERVER-WEBAPP Netgear Prosafe filesystem denial of service attempt
* 1:44685 <-> SERVER-OTHER TVMOBiLi HttpUtils.dll denial of service attempt
* 1:44686 <-> SERVER-OTHER TVMOBiLi HttpUtils.dll denial of service attempt
* 1:47425 <-> SERVER-WEBAPP Raptr Plays.tv unauthenticated remote arbitrary file execution attempt
* 1:57756 <-> MALWARE-CNC DNS Fast Flux attempt

3101

2021-06-15 12:59:31 UTC

Snort Subscriber Rules Update

Date: 2021-06-14-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.0.1.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:57760 <-> OS-WINDOWS Generic HyperLink buffer overflow attempt
* 1:57761 <-> SERVER-WEBAPP TP-Link WiFi router authenticated PingIframeRpm stack buffer overflow attempt
* 1:57762 <-> SERVER-WEBAPP TP-Link WiFi router authenticated WanStaticIpV6CfgRpm stack buffer overflow attempt
* 1:57763 <-> SERVER-OTHER ElasticSearch script remote code execution attempt
* 1:57770 <-> OS-WINDOWS Microsoft Windows UPnP notification type overflow attempt
* 1:57771 <-> OS-WINDOWS Microsoft Windows UPnP notification type overflow attempt
* 1:57772 <-> OS-WINDOWS Microsoft Windows UPnP notification type overflow attempt
* 1:57773 <-> MALWARE-CNC Win.Trojan.Bazaloader variant outbound request detected
* 1:57780 <-> MALWARE-CNC Win.Backdoor.IPsecHelper outbound connection attempt
* 1:57781 <-> MALWARE-CNC Win.Backdoor.IPsecHelper outbound connection attempt
* 1:57782 <-> MALWARE-CNC Win.Backdoor.IPsecHelper outbound connection attempt

Modified Rules:

* 1:10475 <-> OS-WINDOWS Microsoft Windows UPnP notification type overflow attempt
* 1:16072 <-> SERVER-OTHER CUPS server query metacharacter buffer overflow attempt
* 1:19245 <-> BROWSER-IE Microsoft Internet Explorer redirect to cdl protocol attempt
* 1:33814 <-> SERVER-OTHER ElasticSearch script remote code execution attempt
* 1:3816 <-> SERVER-WEBAPP BadBlue ext.dll buffer overflow attempt
* 1:43390 <-> SERVER-WEBAPP Netgear Prosafe startup config information disclosure attempt
* 1:43595 <-> SERVER-WEBAPP Netgear Prosafe filesystem denial of service attempt
* 1:44685 <-> SERVER-OTHER TVMOBiLi HttpUtils.dll denial of service attempt
* 1:44686 <-> SERVER-OTHER TVMOBiLi HttpUtils.dll denial of service attempt
* 1:47425 <-> SERVER-WEBAPP Raptr Plays.tv unauthenticated remote arbitrary file execution attempt
* 1:57756 <-> MALWARE-CNC DNS Fast Flux attempt

3110

2021-06-15 12:59:32 UTC

Snort Subscriber Rules Update

Date: 2021-06-14-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.1.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:57760 <-> OS-WINDOWS Generic HyperLink buffer overflow attempt
* 1:57761 <-> SERVER-WEBAPP TP-Link WiFi router authenticated PingIframeRpm stack buffer overflow attempt
* 1:57762 <-> SERVER-WEBAPP TP-Link WiFi router authenticated WanStaticIpV6CfgRpm stack buffer overflow attempt
* 1:57763 <-> SERVER-OTHER ElasticSearch script remote code execution attempt
* 1:57770 <-> OS-WINDOWS Microsoft Windows UPnP notification type overflow attempt
* 1:57771 <-> OS-WINDOWS Microsoft Windows UPnP notification type overflow attempt
* 1:57772 <-> OS-WINDOWS Microsoft Windows UPnP notification type overflow attempt
* 1:57773 <-> MALWARE-CNC Win.Trojan.Bazaloader variant outbound request detected
* 1:57780 <-> MALWARE-CNC Win.Backdoor.IPsecHelper outbound connection attempt
* 1:57781 <-> MALWARE-CNC Win.Backdoor.IPsecHelper outbound connection attempt
* 1:57782 <-> MALWARE-CNC Win.Backdoor.IPsecHelper outbound connection attempt

Modified Rules:

* 1:10475 <-> OS-WINDOWS Microsoft Windows UPnP notification type overflow attempt
* 1:16072 <-> SERVER-OTHER CUPS server query metacharacter buffer overflow attempt
* 1:19245 <-> BROWSER-IE Microsoft Internet Explorer redirect to cdl protocol attempt
* 1:33814 <-> SERVER-OTHER ElasticSearch script remote code execution attempt
* 1:3816 <-> SERVER-WEBAPP BadBlue ext.dll buffer overflow attempt
* 1:43390 <-> SERVER-WEBAPP Netgear Prosafe startup config information disclosure attempt
* 1:43595 <-> SERVER-WEBAPP Netgear Prosafe filesystem denial of service attempt
* 1:44685 <-> SERVER-OTHER TVMOBiLi HttpUtils.dll denial of service attempt
* 1:44686 <-> SERVER-OTHER TVMOBiLi HttpUtils.dll denial of service attempt
* 1:47425 <-> SERVER-WEBAPP Raptr Plays.tv unauthenticated remote arbitrary file execution attempt
* 1:57756 <-> MALWARE-CNC DNS Fast Flux attempt

3130

2021-06-15 12:59:32 UTC

Snort Subscriber Rules Update

Date: 2021-06-14-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.3.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:57760 <-> OS-WINDOWS Generic HyperLink buffer overflow attempt
* 1:57761 <-> SERVER-WEBAPP TP-Link WiFi router authenticated PingIframeRpm stack buffer overflow attempt
* 1:57762 <-> SERVER-WEBAPP TP-Link WiFi router authenticated WanStaticIpV6CfgRpm stack buffer overflow attempt
* 1:57763 <-> SERVER-OTHER ElasticSearch script remote code execution attempt
* 1:57770 <-> OS-WINDOWS Microsoft Windows UPnP notification type overflow attempt
* 1:57771 <-> OS-WINDOWS Microsoft Windows UPnP notification type overflow attempt
* 1:57772 <-> OS-WINDOWS Microsoft Windows UPnP notification type overflow attempt
* 1:57773 <-> MALWARE-CNC Win.Trojan.Bazaloader variant outbound request detected
* 1:57780 <-> MALWARE-CNC Win.Backdoor.IPsecHelper outbound connection attempt
* 1:57781 <-> MALWARE-CNC Win.Backdoor.IPsecHelper outbound connection attempt
* 1:57782 <-> MALWARE-CNC Win.Backdoor.IPsecHelper outbound connection attempt

Modified Rules:

* 1:10475 <-> OS-WINDOWS Microsoft Windows UPnP notification type overflow attempt
* 1:16072 <-> SERVER-OTHER CUPS server query metacharacter buffer overflow attempt
* 1:19245 <-> BROWSER-IE Microsoft Internet Explorer redirect to cdl protocol attempt
* 1:33814 <-> SERVER-OTHER ElasticSearch script remote code execution attempt
* 1:3816 <-> SERVER-WEBAPP BadBlue ext.dll buffer overflow attempt
* 1:43390 <-> SERVER-WEBAPP Netgear Prosafe startup config information disclosure attempt
* 1:43595 <-> SERVER-WEBAPP Netgear Prosafe filesystem denial of service attempt
* 1:44685 <-> SERVER-OTHER TVMOBiLi HttpUtils.dll denial of service attempt
* 1:44686 <-> SERVER-OTHER TVMOBiLi HttpUtils.dll denial of service attempt
* 1:47425 <-> SERVER-WEBAPP Raptr Plays.tv unauthenticated remote arbitrary file execution attempt
* 1:57756 <-> MALWARE-CNC DNS Fast Flux attempt

3140

2021-06-15 12:59:32 UTC

Snort Subscriber Rules Update

Date: 2021-06-14-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.4.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:57760 <-> OS-WINDOWS Generic HyperLink buffer overflow attempt
* 1:57761 <-> SERVER-WEBAPP TP-Link WiFi router authenticated PingIframeRpm stack buffer overflow attempt
* 1:57762 <-> SERVER-WEBAPP TP-Link WiFi router authenticated WanStaticIpV6CfgRpm stack buffer overflow attempt
* 1:57763 <-> SERVER-OTHER ElasticSearch script remote code execution attempt
* 1:57770 <-> OS-WINDOWS Microsoft Windows UPnP notification type overflow attempt
* 1:57771 <-> OS-WINDOWS Microsoft Windows UPnP notification type overflow attempt
* 1:57772 <-> OS-WINDOWS Microsoft Windows UPnP notification type overflow attempt
* 1:57773 <-> MALWARE-CNC Win.Trojan.Bazaloader variant outbound request detected
* 1:57780 <-> MALWARE-CNC Win.Backdoor.IPsecHelper outbound connection attempt
* 1:57781 <-> MALWARE-CNC Win.Backdoor.IPsecHelper outbound connection attempt
* 1:57782 <-> MALWARE-CNC Win.Backdoor.IPsecHelper outbound connection attempt

Modified Rules:

* 1:10475 <-> OS-WINDOWS Microsoft Windows UPnP notification type overflow attempt
* 1:16072 <-> SERVER-OTHER CUPS server query metacharacter buffer overflow attempt
* 1:19245 <-> BROWSER-IE Microsoft Internet Explorer redirect to cdl protocol attempt
* 1:33814 <-> SERVER-OTHER ElasticSearch script remote code execution attempt
* 1:3816 <-> SERVER-WEBAPP BadBlue ext.dll buffer overflow attempt
* 1:43390 <-> SERVER-WEBAPP Netgear Prosafe startup config information disclosure attempt
* 1:43595 <-> SERVER-WEBAPP Netgear Prosafe filesystem denial of service attempt
* 1:44685 <-> SERVER-OTHER TVMOBiLi HttpUtils.dll denial of service attempt
* 1:44686 <-> SERVER-OTHER TVMOBiLi HttpUtils.dll denial of service attempt
* 1:47425 <-> SERVER-WEBAPP Raptr Plays.tv unauthenticated remote arbitrary file execution attempt
* 1:57756 <-> MALWARE-CNC DNS Fast Flux attempt

3150

2021-06-15 12:59:32 UTC

Snort Subscriber Rules Update

Date: 2021-06-14-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.5.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:57760 <-> OS-WINDOWS Generic HyperLink buffer overflow attempt
* 1:57761 <-> SERVER-WEBAPP TP-Link WiFi router authenticated PingIframeRpm stack buffer overflow attempt
* 1:57762 <-> SERVER-WEBAPP TP-Link WiFi router authenticated WanStaticIpV6CfgRpm stack buffer overflow attempt
* 1:57763 <-> SERVER-OTHER ElasticSearch script remote code execution attempt
* 1:57770 <-> OS-WINDOWS Microsoft Windows UPnP notification type overflow attempt
* 1:57771 <-> OS-WINDOWS Microsoft Windows UPnP notification type overflow attempt
* 1:57772 <-> OS-WINDOWS Microsoft Windows UPnP notification type overflow attempt
* 1:57773 <-> MALWARE-CNC Win.Trojan.Bazaloader variant outbound request detected
* 1:57780 <-> MALWARE-CNC Win.Backdoor.IPsecHelper outbound connection attempt
* 1:57781 <-> MALWARE-CNC Win.Backdoor.IPsecHelper outbound connection attempt
* 1:57782 <-> MALWARE-CNC Win.Backdoor.IPsecHelper outbound connection attempt

Modified Rules:

* 1:10475 <-> OS-WINDOWS Microsoft Windows UPnP notification type overflow attempt
* 1:16072 <-> SERVER-OTHER CUPS server query metacharacter buffer overflow attempt
* 1:19245 <-> BROWSER-IE Microsoft Internet Explorer redirect to cdl protocol attempt
* 1:33814 <-> SERVER-OTHER ElasticSearch script remote code execution attempt
* 1:3816 <-> SERVER-WEBAPP BadBlue ext.dll buffer overflow attempt
* 1:43390 <-> SERVER-WEBAPP Netgear Prosafe startup config information disclosure attempt
* 1:43595 <-> SERVER-WEBAPP Netgear Prosafe filesystem denial of service attempt
* 1:44685 <-> SERVER-OTHER TVMOBiLi HttpUtils.dll denial of service attempt
* 1:44686 <-> SERVER-OTHER TVMOBiLi HttpUtils.dll denial of service attempt
* 1:47425 <-> SERVER-WEBAPP Raptr Plays.tv unauthenticated remote arbitrary file execution attempt
* 1:57756 <-> MALWARE-CNC DNS Fast Flux attempt