Talos has added and modified multiple rules in the browser-chrome, file-pdf, malware-cnc, malware-other, policy-other and server-webapp rule sets to provide coverage for emerging threats from these technologies.
For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091800.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:57809 <-> DISABLED <-> SERVER-WEBAPP Nagios XI autodiscovery_component_update_cron command injection attempt (server-webapp.rules) * 1:57808 <-> DISABLED <-> SERVER-OTHER Mozilla Network Security Services stack buffer overflow attempt (server-other.rules) * 1:57810 <-> DISABLED <-> SERVER-WEBAPP Nagios XI autodiscovery_component_update_cron command injection attempt (server-webapp.rules) * 1:57811 <-> DISABLED <-> SERVER-WEBAPP Nagios XI autodiscovery_component_update_cron command injection attempt (server-webapp.rules) * 1:57812 <-> DISABLED <-> SERVER-WEBAPP Nagios XI autodiscovery_component_update_cron command injection attempt (server-webapp.rules) * 1:57813 <-> DISABLED <-> SERVER-OTHER Citrix NetScaler Gateway DTLS client hello denial of service attempt (server-other.rules) * 1:57814 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Deadwood download attempt (malware-other.rules) * 1:57815 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Apostle download attempt (malware-other.rules) * 1:57816 <-> DISABLED <-> MALWARE-OTHER ASPXSpy webshell download attempt (malware-other.rules) * 1:57817 <-> DISABLED <-> MALWARE-OTHER ASPXSpy webshell upload attempt (malware-other.rules) * 1:57818 <-> DISABLED <-> MALWARE-OTHER Win.Backdoor.IPSecHelper download attempt (malware-other.rules) * 1:57819 <-> DISABLED <-> MALWARE-OTHER ASPXSpy webshell upload attempt (malware-other.rules) * 1:57820 <-> DISABLED <-> MALWARE-OTHER ASPXSpy webshell download attempt (malware-other.rules) * 1:57821 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Deadwood upload attempt (malware-other.rules) * 1:57822 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Apostle upload attempt (malware-other.rules) * 1:57823 <-> DISABLED <-> MALWARE-CNC ASPXSpy webshell outbound connection attempt (malware-cnc.rules) * 1:57824 <-> DISABLED <-> MALWARE-CNC ASPXSpy webshell outbound connection attempt (malware-cnc.rules) * 1:57825 <-> ENABLED <-> MALWARE-CNC ASPXSpy webshell inbound connection attempt (malware-cnc.rules) * 1:57826 <-> ENABLED <-> MALWARE-CNC ASPXSpy webshell inbound connection attempt (malware-cnc.rules) * 1:57827 <-> ENABLED <-> MALWARE-CNC ASPXSpy webshell inbound connection attempt (malware-cnc.rules) * 1:57828 <-> DISABLED <-> MALWARE-CNC ASPXSpy webshell outbound connection attempt (malware-cnc.rules) * 3:57800 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1331 attack attempt (server-webapp.rules) * 3:57801 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1331 attack attempt (server-webapp.rules) * 3:57802 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1317 attack attempt (server-webapp.rules) * 3:57803 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1313 attack attempt (server-webapp.rules) * 3:57804 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1334 attack attempt (server-webapp.rules) * 3:57805 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1335 attack attempt (server-webapp.rules) * 3:57806 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1333 attack attempt (server-webapp.rules) * 3:57807 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2021-1322 attack attempt (policy-other.rules) * 3:57829 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1316 attack attempt (server-webapp.rules) * 3:57830 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2021-1336 attack attempt (file-pdf.rules) * 3:57831 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2021-1336 attack attempt (file-pdf.rules)
* 1:57429 <-> DISABLED <-> BROWSER-CHROME Google Chrome Math.max memory corruption attempt (browser-chrome.rules) * 1:57430 <-> DISABLED <-> BROWSER-CHROME Google Chrome Math.max memory corruption attempt (browser-chrome.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091701.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:57827 <-> ENABLED <-> MALWARE-CNC ASPXSpy webshell inbound connection attempt (malware-cnc.rules) * 1:57825 <-> ENABLED <-> MALWARE-CNC ASPXSpy webshell inbound connection attempt (malware-cnc.rules) * 1:57826 <-> ENABLED <-> MALWARE-CNC ASPXSpy webshell inbound connection attempt (malware-cnc.rules) * 1:57813 <-> DISABLED <-> SERVER-OTHER Citrix NetScaler Gateway DTLS client hello denial of service attempt (server-other.rules) * 1:57812 <-> DISABLED <-> SERVER-WEBAPP Nagios XI autodiscovery_component_update_cron command injection attempt (server-webapp.rules) * 1:57808 <-> DISABLED <-> SERVER-OTHER Mozilla Network Security Services stack buffer overflow attempt (server-other.rules) * 1:57817 <-> DISABLED <-> MALWARE-OTHER ASPXSpy webshell upload attempt (malware-other.rules) * 1:57821 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Deadwood upload attempt (malware-other.rules) * 1:57809 <-> DISABLED <-> SERVER-WEBAPP Nagios XI autodiscovery_component_update_cron command injection attempt (server-webapp.rules) * 1:57822 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Apostle upload attempt (malware-other.rules) * 1:57823 <-> DISABLED <-> MALWARE-CNC ASPXSpy webshell outbound connection attempt (malware-cnc.rules) * 1:57816 <-> DISABLED <-> MALWARE-OTHER ASPXSpy webshell download attempt (malware-other.rules) * 1:57814 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Deadwood download attempt (malware-other.rules) * 1:57815 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Apostle download attempt (malware-other.rules) * 1:57828 <-> DISABLED <-> MALWARE-CNC ASPXSpy webshell outbound connection attempt (malware-cnc.rules) * 1:57811 <-> DISABLED <-> SERVER-WEBAPP Nagios XI autodiscovery_component_update_cron command injection attempt (server-webapp.rules) * 1:57819 <-> DISABLED <-> MALWARE-OTHER ASPXSpy webshell upload attempt (malware-other.rules) * 1:57818 <-> DISABLED <-> MALWARE-OTHER Win.Backdoor.IPSecHelper download attempt (malware-other.rules) * 1:57820 <-> DISABLED <-> MALWARE-OTHER ASPXSpy webshell download attempt (malware-other.rules) * 1:57810 <-> DISABLED <-> SERVER-WEBAPP Nagios XI autodiscovery_component_update_cron command injection attempt (server-webapp.rules) * 1:57824 <-> DISABLED <-> MALWARE-CNC ASPXSpy webshell outbound connection attempt (malware-cnc.rules) * 3:57800 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1331 attack attempt (server-webapp.rules) * 3:57801 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1331 attack attempt (server-webapp.rules) * 3:57802 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1317 attack attempt (server-webapp.rules) * 3:57803 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1313 attack attempt (server-webapp.rules) * 3:57804 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1334 attack attempt (server-webapp.rules) * 3:57805 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1335 attack attempt (server-webapp.rules) * 3:57806 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1333 attack attempt (server-webapp.rules) * 3:57807 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2021-1322 attack attempt (policy-other.rules) * 3:57829 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1316 attack attempt (server-webapp.rules) * 3:57830 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2021-1336 attack attempt (file-pdf.rules) * 3:57831 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2021-1336 attack attempt (file-pdf.rules)
* 1:57430 <-> DISABLED <-> BROWSER-CHROME Google Chrome Math.max memory corruption attempt (browser-chrome.rules) * 1:57429 <-> DISABLED <-> BROWSER-CHROME Google Chrome Math.max memory corruption attempt (browser-chrome.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091700.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:57828 <-> DISABLED <-> MALWARE-CNC ASPXSpy webshell outbound connection attempt (malware-cnc.rules) * 1:57827 <-> ENABLED <-> MALWARE-CNC ASPXSpy webshell inbound connection attempt (malware-cnc.rules) * 1:57814 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Deadwood download attempt (malware-other.rules) * 1:57815 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Apostle download attempt (malware-other.rules) * 1:57823 <-> DISABLED <-> MALWARE-CNC ASPXSpy webshell outbound connection attempt (malware-cnc.rules) * 1:57818 <-> DISABLED <-> MALWARE-OTHER Win.Backdoor.IPSecHelper download attempt (malware-other.rules) * 1:57817 <-> DISABLED <-> MALWARE-OTHER ASPXSpy webshell upload attempt (malware-other.rules) * 1:57826 <-> ENABLED <-> MALWARE-CNC ASPXSpy webshell inbound connection attempt (malware-cnc.rules) * 1:57820 <-> DISABLED <-> MALWARE-OTHER ASPXSpy webshell download attempt (malware-other.rules) * 1:57808 <-> DISABLED <-> SERVER-OTHER Mozilla Network Security Services stack buffer overflow attempt (server-other.rules) * 1:57813 <-> DISABLED <-> SERVER-OTHER Citrix NetScaler Gateway DTLS client hello denial of service attempt (server-other.rules) * 1:57821 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Deadwood upload attempt (malware-other.rules) * 1:57811 <-> DISABLED <-> SERVER-WEBAPP Nagios XI autodiscovery_component_update_cron command injection attempt (server-webapp.rules) * 1:57812 <-> DISABLED <-> SERVER-WEBAPP Nagios XI autodiscovery_component_update_cron command injection attempt (server-webapp.rules) * 1:57825 <-> ENABLED <-> MALWARE-CNC ASPXSpy webshell inbound connection attempt (malware-cnc.rules) * 1:57824 <-> DISABLED <-> MALWARE-CNC ASPXSpy webshell outbound connection attempt (malware-cnc.rules) * 1:57816 <-> DISABLED <-> MALWARE-OTHER ASPXSpy webshell download attempt (malware-other.rules) * 1:57822 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Apostle upload attempt (malware-other.rules) * 1:57810 <-> DISABLED <-> SERVER-WEBAPP Nagios XI autodiscovery_component_update_cron command injection attempt (server-webapp.rules) * 1:57809 <-> DISABLED <-> SERVER-WEBAPP Nagios XI autodiscovery_component_update_cron command injection attempt (server-webapp.rules) * 1:57819 <-> DISABLED <-> MALWARE-OTHER ASPXSpy webshell upload attempt (malware-other.rules) * 3:57800 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1331 attack attempt (server-webapp.rules) * 3:57801 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1331 attack attempt (server-webapp.rules) * 3:57802 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1317 attack attempt (server-webapp.rules) * 3:57803 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1313 attack attempt (server-webapp.rules) * 3:57804 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1334 attack attempt (server-webapp.rules) * 3:57805 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1335 attack attempt (server-webapp.rules) * 3:57806 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1333 attack attempt (server-webapp.rules) * 3:57807 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2021-1322 attack attempt (policy-other.rules) * 3:57829 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1316 attack attempt (server-webapp.rules) * 3:57830 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2021-1336 attack attempt (file-pdf.rules) * 3:57831 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2021-1336 attack attempt (file-pdf.rules)
* 1:57430 <-> DISABLED <-> BROWSER-CHROME Google Chrome Math.max memory corruption attempt (browser-chrome.rules) * 1:57429 <-> DISABLED <-> BROWSER-CHROME Google Chrome Math.max memory corruption attempt (browser-chrome.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091601.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:57828 <-> DISABLED <-> MALWARE-CNC ASPXSpy webshell outbound connection attempt (malware-cnc.rules) * 1:57827 <-> ENABLED <-> MALWARE-CNC ASPXSpy webshell inbound connection attempt (malware-cnc.rules) * 1:57811 <-> DISABLED <-> SERVER-WEBAPP Nagios XI autodiscovery_component_update_cron command injection attempt (server-webapp.rules) * 1:57822 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Apostle upload attempt (malware-other.rules) * 1:57820 <-> DISABLED <-> MALWARE-OTHER ASPXSpy webshell download attempt (malware-other.rules) * 1:57818 <-> DISABLED <-> MALWARE-OTHER Win.Backdoor.IPSecHelper download attempt (malware-other.rules) * 1:57809 <-> DISABLED <-> SERVER-WEBAPP Nagios XI autodiscovery_component_update_cron command injection attempt (server-webapp.rules) * 1:57823 <-> DISABLED <-> MALWARE-CNC ASPXSpy webshell outbound connection attempt (malware-cnc.rules) * 1:57813 <-> DISABLED <-> SERVER-OTHER Citrix NetScaler Gateway DTLS client hello denial of service attempt (server-other.rules) * 1:57824 <-> DISABLED <-> MALWARE-CNC ASPXSpy webshell outbound connection attempt (malware-cnc.rules) * 1:57816 <-> DISABLED <-> MALWARE-OTHER ASPXSpy webshell download attempt (malware-other.rules) * 1:57810 <-> DISABLED <-> SERVER-WEBAPP Nagios XI autodiscovery_component_update_cron command injection attempt (server-webapp.rules) * 1:57812 <-> DISABLED <-> SERVER-WEBAPP Nagios XI autodiscovery_component_update_cron command injection attempt (server-webapp.rules) * 1:57821 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Deadwood upload attempt (malware-other.rules) * 1:57817 <-> DISABLED <-> MALWARE-OTHER ASPXSpy webshell upload attempt (malware-other.rules) * 1:57826 <-> ENABLED <-> MALWARE-CNC ASPXSpy webshell inbound connection attempt (malware-cnc.rules) * 1:57819 <-> DISABLED <-> MALWARE-OTHER ASPXSpy webshell upload attempt (malware-other.rules) * 1:57825 <-> ENABLED <-> MALWARE-CNC ASPXSpy webshell inbound connection attempt (malware-cnc.rules) * 1:57815 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Apostle download attempt (malware-other.rules) * 1:57814 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Deadwood download attempt (malware-other.rules) * 1:57808 <-> DISABLED <-> SERVER-OTHER Mozilla Network Security Services stack buffer overflow attempt (server-other.rules) * 3:57800 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1331 attack attempt (server-webapp.rules) * 3:57801 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1331 attack attempt (server-webapp.rules) * 3:57802 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1317 attack attempt (server-webapp.rules) * 3:57803 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1313 attack attempt (server-webapp.rules) * 3:57804 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1334 attack attempt (server-webapp.rules) * 3:57805 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1335 attack attempt (server-webapp.rules) * 3:57806 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1333 attack attempt (server-webapp.rules) * 3:57807 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2021-1322 attack attempt (policy-other.rules) * 3:57829 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1316 attack attempt (server-webapp.rules) * 3:57830 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2021-1336 attack attempt (file-pdf.rules) * 3:57831 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2021-1336 attack attempt (file-pdf.rules)
* 1:57429 <-> DISABLED <-> BROWSER-CHROME Google Chrome Math.max memory corruption attempt (browser-chrome.rules) * 1:57430 <-> DISABLED <-> BROWSER-CHROME Google Chrome Math.max memory corruption attempt (browser-chrome.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091600.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:57827 <-> ENABLED <-> MALWARE-CNC ASPXSpy webshell inbound connection attempt (malware-cnc.rules) * 1:57817 <-> DISABLED <-> MALWARE-OTHER ASPXSpy webshell upload attempt (malware-other.rules) * 1:57812 <-> DISABLED <-> SERVER-WEBAPP Nagios XI autodiscovery_component_update_cron command injection attempt (server-webapp.rules) * 1:57828 <-> DISABLED <-> MALWARE-CNC ASPXSpy webshell outbound connection attempt (malware-cnc.rules) * 1:57818 <-> DISABLED <-> MALWARE-OTHER Win.Backdoor.IPSecHelper download attempt (malware-other.rules) * 1:57819 <-> DISABLED <-> MALWARE-OTHER ASPXSpy webshell upload attempt (malware-other.rules) * 1:57809 <-> DISABLED <-> SERVER-WEBAPP Nagios XI autodiscovery_component_update_cron command injection attempt (server-webapp.rules) * 1:57826 <-> ENABLED <-> MALWARE-CNC ASPXSpy webshell inbound connection attempt (malware-cnc.rules) * 1:57822 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Apostle upload attempt (malware-other.rules) * 1:57820 <-> DISABLED <-> MALWARE-OTHER ASPXSpy webshell download attempt (malware-other.rules) * 1:57811 <-> DISABLED <-> SERVER-WEBAPP Nagios XI autodiscovery_component_update_cron command injection attempt (server-webapp.rules) * 1:57823 <-> DISABLED <-> MALWARE-CNC ASPXSpy webshell outbound connection attempt (malware-cnc.rules) * 1:57815 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Apostle download attempt (malware-other.rules) * 1:57808 <-> DISABLED <-> SERVER-OTHER Mozilla Network Security Services stack buffer overflow attempt (server-other.rules) * 1:57814 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Deadwood download attempt (malware-other.rules) * 1:57816 <-> DISABLED <-> MALWARE-OTHER ASPXSpy webshell download attempt (malware-other.rules) * 1:57825 <-> ENABLED <-> MALWARE-CNC ASPXSpy webshell inbound connection attempt (malware-cnc.rules) * 1:57810 <-> DISABLED <-> SERVER-WEBAPP Nagios XI autodiscovery_component_update_cron command injection attempt (server-webapp.rules) * 1:57821 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Deadwood upload attempt (malware-other.rules) * 1:57813 <-> DISABLED <-> SERVER-OTHER Citrix NetScaler Gateway DTLS client hello denial of service attempt (server-other.rules) * 1:57824 <-> DISABLED <-> MALWARE-CNC ASPXSpy webshell outbound connection attempt (malware-cnc.rules) * 3:57800 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1331 attack attempt (server-webapp.rules) * 3:57801 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1331 attack attempt (server-webapp.rules) * 3:57802 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1317 attack attempt (server-webapp.rules) * 3:57803 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1313 attack attempt (server-webapp.rules) * 3:57804 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1334 attack attempt (server-webapp.rules) * 3:57805 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1335 attack attempt (server-webapp.rules) * 3:57806 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1333 attack attempt (server-webapp.rules) * 3:57807 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2021-1322 attack attempt (policy-other.rules) * 3:57829 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1316 attack attempt (server-webapp.rules) * 3:57830 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2021-1336 attack attempt (file-pdf.rules) * 3:57831 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2021-1336 attack attempt (file-pdf.rules)
* 1:57430 <-> DISABLED <-> BROWSER-CHROME Google Chrome Math.max memory corruption attempt (browser-chrome.rules) * 1:57429 <-> DISABLED <-> BROWSER-CHROME Google Chrome Math.max memory corruption attempt (browser-chrome.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091501.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:57817 <-> DISABLED <-> MALWARE-OTHER ASPXSpy webshell upload attempt (malware-other.rules) * 1:57816 <-> DISABLED <-> MALWARE-OTHER ASPXSpy webshell download attempt (malware-other.rules) * 1:57814 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Deadwood download attempt (malware-other.rules) * 1:57827 <-> ENABLED <-> MALWARE-CNC ASPXSpy webshell inbound connection attempt (malware-cnc.rules) * 1:57828 <-> DISABLED <-> MALWARE-CNC ASPXSpy webshell outbound connection attempt (malware-cnc.rules) * 1:57815 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Apostle download attempt (malware-other.rules) * 1:57824 <-> DISABLED <-> MALWARE-CNC ASPXSpy webshell outbound connection attempt (malware-cnc.rules) * 1:57811 <-> DISABLED <-> SERVER-WEBAPP Nagios XI autodiscovery_component_update_cron command injection attempt (server-webapp.rules) * 1:57822 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Apostle upload attempt (malware-other.rules) * 1:57813 <-> DISABLED <-> SERVER-OTHER Citrix NetScaler Gateway DTLS client hello denial of service attempt (server-other.rules) * 1:57820 <-> DISABLED <-> MALWARE-OTHER ASPXSpy webshell download attempt (malware-other.rules) * 1:57821 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Deadwood upload attempt (malware-other.rules) * 1:57809 <-> DISABLED <-> SERVER-WEBAPP Nagios XI autodiscovery_component_update_cron command injection attempt (server-webapp.rules) * 1:57808 <-> DISABLED <-> SERVER-OTHER Mozilla Network Security Services stack buffer overflow attempt (server-other.rules) * 1:57812 <-> DISABLED <-> SERVER-WEBAPP Nagios XI autodiscovery_component_update_cron command injection attempt (server-webapp.rules) * 1:57818 <-> DISABLED <-> MALWARE-OTHER Win.Backdoor.IPSecHelper download attempt (malware-other.rules) * 1:57826 <-> ENABLED <-> MALWARE-CNC ASPXSpy webshell inbound connection attempt (malware-cnc.rules) * 1:57810 <-> DISABLED <-> SERVER-WEBAPP Nagios XI autodiscovery_component_update_cron command injection attempt (server-webapp.rules) * 1:57823 <-> DISABLED <-> MALWARE-CNC ASPXSpy webshell outbound connection attempt (malware-cnc.rules) * 1:57825 <-> ENABLED <-> MALWARE-CNC ASPXSpy webshell inbound connection attempt (malware-cnc.rules) * 1:57819 <-> DISABLED <-> MALWARE-OTHER ASPXSpy webshell upload attempt (malware-other.rules) * 3:57800 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1331 attack attempt (server-webapp.rules) * 3:57801 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1331 attack attempt (server-webapp.rules) * 3:57802 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1317 attack attempt (server-webapp.rules) * 3:57803 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1313 attack attempt (server-webapp.rules) * 3:57804 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1334 attack attempt (server-webapp.rules) * 3:57805 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1335 attack attempt (server-webapp.rules) * 3:57806 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1333 attack attempt (server-webapp.rules) * 3:57807 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2021-1322 attack attempt (policy-other.rules) * 3:57829 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1316 attack attempt (server-webapp.rules) * 3:57830 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2021-1336 attack attempt (file-pdf.rules) * 3:57831 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2021-1336 attack attempt (file-pdf.rules)
* 1:57429 <-> DISABLED <-> BROWSER-CHROME Google Chrome Math.max memory corruption attempt (browser-chrome.rules) * 1:57430 <-> DISABLED <-> BROWSER-CHROME Google Chrome Math.max memory corruption attempt (browser-chrome.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091500.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:57824 <-> DISABLED <-> MALWARE-CNC ASPXSpy webshell outbound connection attempt (malware-cnc.rules) * 1:57823 <-> DISABLED <-> MALWARE-CNC ASPXSpy webshell outbound connection attempt (malware-cnc.rules) * 1:57828 <-> DISABLED <-> MALWARE-CNC ASPXSpy webshell outbound connection attempt (malware-cnc.rules) * 1:57826 <-> ENABLED <-> MALWARE-CNC ASPXSpy webshell inbound connection attempt (malware-cnc.rules) * 1:57820 <-> DISABLED <-> MALWARE-OTHER ASPXSpy webshell download attempt (malware-other.rules) * 1:57809 <-> DISABLED <-> SERVER-WEBAPP Nagios XI autodiscovery_component_update_cron command injection attempt (server-webapp.rules) * 1:57817 <-> DISABLED <-> MALWARE-OTHER ASPXSpy webshell upload attempt (malware-other.rules) * 1:57825 <-> ENABLED <-> MALWARE-CNC ASPXSpy webshell inbound connection attempt (malware-cnc.rules) * 1:57818 <-> DISABLED <-> MALWARE-OTHER Win.Backdoor.IPSecHelper download attempt (malware-other.rules) * 1:57819 <-> DISABLED <-> MALWARE-OTHER ASPXSpy webshell upload attempt (malware-other.rules) * 1:57827 <-> ENABLED <-> MALWARE-CNC ASPXSpy webshell inbound connection attempt (malware-cnc.rules) * 1:57821 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Deadwood upload attempt (malware-other.rules) * 1:57813 <-> DISABLED <-> SERVER-OTHER Citrix NetScaler Gateway DTLS client hello denial of service attempt (server-other.rules) * 1:57810 <-> DISABLED <-> SERVER-WEBAPP Nagios XI autodiscovery_component_update_cron command injection attempt (server-webapp.rules) * 1:57811 <-> DISABLED <-> SERVER-WEBAPP Nagios XI autodiscovery_component_update_cron command injection attempt (server-webapp.rules) * 1:57814 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Deadwood download attempt (malware-other.rules) * 1:57815 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Apostle download attempt (malware-other.rules) * 1:57822 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Apostle upload attempt (malware-other.rules) * 1:57808 <-> DISABLED <-> SERVER-OTHER Mozilla Network Security Services stack buffer overflow attempt (server-other.rules) * 1:57816 <-> DISABLED <-> MALWARE-OTHER ASPXSpy webshell download attempt (malware-other.rules) * 1:57812 <-> DISABLED <-> SERVER-WEBAPP Nagios XI autodiscovery_component_update_cron command injection attempt (server-webapp.rules) * 3:57800 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1331 attack attempt (server-webapp.rules) * 3:57801 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1331 attack attempt (server-webapp.rules) * 3:57802 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1317 attack attempt (server-webapp.rules) * 3:57803 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1313 attack attempt (server-webapp.rules) * 3:57804 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1334 attack attempt (server-webapp.rules) * 3:57805 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1335 attack attempt (server-webapp.rules) * 3:57806 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1333 attack attempt (server-webapp.rules) * 3:57807 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2021-1322 attack attempt (policy-other.rules) * 3:57829 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1316 attack attempt (server-webapp.rules) * 3:57830 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2021-1336 attack attempt (file-pdf.rules) * 3:57831 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2021-1336 attack attempt (file-pdf.rules)
* 1:57429 <-> DISABLED <-> BROWSER-CHROME Google Chrome Math.max memory corruption attempt (browser-chrome.rules) * 1:57430 <-> DISABLED <-> BROWSER-CHROME Google Chrome Math.max memory corruption attempt (browser-chrome.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091401.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:57820 <-> DISABLED <-> MALWARE-OTHER ASPXSpy webshell download attempt (malware-other.rules) * 1:57809 <-> DISABLED <-> SERVER-WEBAPP Nagios XI autodiscovery_component_update_cron command injection attempt (server-webapp.rules) * 1:57826 <-> ENABLED <-> MALWARE-CNC ASPXSpy webshell inbound connection attempt (malware-cnc.rules) * 1:57810 <-> DISABLED <-> SERVER-WEBAPP Nagios XI autodiscovery_component_update_cron command injection attempt (server-webapp.rules) * 1:57827 <-> ENABLED <-> MALWARE-CNC ASPXSpy webshell inbound connection attempt (malware-cnc.rules) * 1:57812 <-> DISABLED <-> SERVER-WEBAPP Nagios XI autodiscovery_component_update_cron command injection attempt (server-webapp.rules) * 1:57815 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Apostle download attempt (malware-other.rules) * 1:57822 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Apostle upload attempt (malware-other.rules) * 1:57823 <-> DISABLED <-> MALWARE-CNC ASPXSpy webshell outbound connection attempt (malware-cnc.rules) * 1:57808 <-> DISABLED <-> SERVER-OTHER Mozilla Network Security Services stack buffer overflow attempt (server-other.rules) * 1:57811 <-> DISABLED <-> SERVER-WEBAPP Nagios XI autodiscovery_component_update_cron command injection attempt (server-webapp.rules) * 1:57818 <-> DISABLED <-> MALWARE-OTHER Win.Backdoor.IPSecHelper download attempt (malware-other.rules) * 1:57821 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Deadwood upload attempt (malware-other.rules) * 1:57824 <-> DISABLED <-> MALWARE-CNC ASPXSpy webshell outbound connection attempt (malware-cnc.rules) * 1:57816 <-> DISABLED <-> MALWARE-OTHER ASPXSpy webshell download attempt (malware-other.rules) * 1:57825 <-> ENABLED <-> MALWARE-CNC ASPXSpy webshell inbound connection attempt (malware-cnc.rules) * 1:57814 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Deadwood download attempt (malware-other.rules) * 1:57817 <-> DISABLED <-> MALWARE-OTHER ASPXSpy webshell upload attempt (malware-other.rules) * 1:57819 <-> DISABLED <-> MALWARE-OTHER ASPXSpy webshell upload attempt (malware-other.rules) * 1:57828 <-> DISABLED <-> MALWARE-CNC ASPXSpy webshell outbound connection attempt (malware-cnc.rules) * 1:57813 <-> DISABLED <-> SERVER-OTHER Citrix NetScaler Gateway DTLS client hello denial of service attempt (server-other.rules) * 3:57800 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1331 attack attempt (server-webapp.rules) * 3:57801 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1331 attack attempt (server-webapp.rules) * 3:57802 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1317 attack attempt (server-webapp.rules) * 3:57803 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1313 attack attempt (server-webapp.rules) * 3:57804 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1334 attack attempt (server-webapp.rules) * 3:57805 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1335 attack attempt (server-webapp.rules) * 3:57806 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1333 attack attempt (server-webapp.rules) * 3:57807 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2021-1322 attack attempt (policy-other.rules) * 3:57829 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1316 attack attempt (server-webapp.rules) * 3:57830 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2021-1336 attack attempt (file-pdf.rules) * 3:57831 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2021-1336 attack attempt (file-pdf.rules)
* 1:57430 <-> DISABLED <-> BROWSER-CHROME Google Chrome Math.max memory corruption attempt (browser-chrome.rules) * 1:57429 <-> DISABLED <-> BROWSER-CHROME Google Chrome Math.max memory corruption attempt (browser-chrome.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091300.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:57828 <-> DISABLED <-> MALWARE-CNC ASPXSpy webshell outbound connection attempt (malware-cnc.rules) * 1:57827 <-> ENABLED <-> MALWARE-CNC ASPXSpy webshell inbound connection attempt (malware-cnc.rules) * 1:57821 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Deadwood upload attempt (malware-other.rules) * 1:57824 <-> DISABLED <-> MALWARE-CNC ASPXSpy webshell outbound connection attempt (malware-cnc.rules) * 1:57814 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Deadwood download attempt (malware-other.rules) * 1:57819 <-> DISABLED <-> MALWARE-OTHER ASPXSpy webshell upload attempt (malware-other.rules) * 1:57809 <-> DISABLED <-> SERVER-WEBAPP Nagios XI autodiscovery_component_update_cron command injection attempt (server-webapp.rules) * 1:57823 <-> DISABLED <-> MALWARE-CNC ASPXSpy webshell outbound connection attempt (malware-cnc.rules) * 1:57808 <-> DISABLED <-> SERVER-OTHER Mozilla Network Security Services stack buffer overflow attempt (server-other.rules) * 1:57826 <-> ENABLED <-> MALWARE-CNC ASPXSpy webshell inbound connection attempt (malware-cnc.rules) * 1:57815 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Apostle download attempt (malware-other.rules) * 1:57810 <-> DISABLED <-> SERVER-WEBAPP Nagios XI autodiscovery_component_update_cron command injection attempt (server-webapp.rules) * 1:57811 <-> DISABLED <-> SERVER-WEBAPP Nagios XI autodiscovery_component_update_cron command injection attempt (server-webapp.rules) * 1:57817 <-> DISABLED <-> MALWARE-OTHER ASPXSpy webshell upload attempt (malware-other.rules) * 1:57822 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Apostle upload attempt (malware-other.rules) * 1:57820 <-> DISABLED <-> MALWARE-OTHER ASPXSpy webshell download attempt (malware-other.rules) * 1:57825 <-> ENABLED <-> MALWARE-CNC ASPXSpy webshell inbound connection attempt (malware-cnc.rules) * 1:57812 <-> DISABLED <-> SERVER-WEBAPP Nagios XI autodiscovery_component_update_cron command injection attempt (server-webapp.rules) * 1:57818 <-> DISABLED <-> MALWARE-OTHER Win.Backdoor.IPSecHelper download attempt (malware-other.rules) * 1:57816 <-> DISABLED <-> MALWARE-OTHER ASPXSpy webshell download attempt (malware-other.rules) * 1:57813 <-> DISABLED <-> SERVER-OTHER Citrix NetScaler Gateway DTLS client hello denial of service attempt (server-other.rules) * 3:57800 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1331 attack attempt (server-webapp.rules) * 3:57801 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1331 attack attempt (server-webapp.rules) * 3:57802 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1317 attack attempt (server-webapp.rules) * 3:57803 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1313 attack attempt (server-webapp.rules) * 3:57804 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1334 attack attempt (server-webapp.rules) * 3:57805 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1335 attack attempt (server-webapp.rules) * 3:57806 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1333 attack attempt (server-webapp.rules) * 3:57807 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2021-1322 attack attempt (policy-other.rules) * 3:57829 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1316 attack attempt (server-webapp.rules) * 3:57830 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2021-1336 attack attempt (file-pdf.rules) * 3:57831 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2021-1336 attack attempt (file-pdf.rules)
* 1:57430 <-> DISABLED <-> BROWSER-CHROME Google Chrome Math.max memory corruption attempt (browser-chrome.rules) * 1:57429 <-> DISABLED <-> BROWSER-CHROME Google Chrome Math.max memory corruption attempt (browser-chrome.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091101.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:57822 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Apostle upload attempt (malware-other.rules) * 1:57817 <-> DISABLED <-> MALWARE-OTHER ASPXSpy webshell upload attempt (malware-other.rules) * 1:57816 <-> DISABLED <-> MALWARE-OTHER ASPXSpy webshell download attempt (malware-other.rules) * 1:57827 <-> ENABLED <-> MALWARE-CNC ASPXSpy webshell inbound connection attempt (malware-cnc.rules) * 1:57812 <-> DISABLED <-> SERVER-WEBAPP Nagios XI autodiscovery_component_update_cron command injection attempt (server-webapp.rules) * 1:57826 <-> ENABLED <-> MALWARE-CNC ASPXSpy webshell inbound connection attempt (malware-cnc.rules) * 1:57810 <-> DISABLED <-> SERVER-WEBAPP Nagios XI autodiscovery_component_update_cron command injection attempt (server-webapp.rules) * 1:57813 <-> DISABLED <-> SERVER-OTHER Citrix NetScaler Gateway DTLS client hello denial of service attempt (server-other.rules) * 1:57825 <-> ENABLED <-> MALWARE-CNC ASPXSpy webshell inbound connection attempt (malware-cnc.rules) * 1:57824 <-> DISABLED <-> MALWARE-CNC ASPXSpy webshell outbound connection attempt (malware-cnc.rules) * 1:57828 <-> DISABLED <-> MALWARE-CNC ASPXSpy webshell outbound connection attempt (malware-cnc.rules) * 1:57820 <-> DISABLED <-> MALWARE-OTHER ASPXSpy webshell download attempt (malware-other.rules) * 1:57811 <-> DISABLED <-> SERVER-WEBAPP Nagios XI autodiscovery_component_update_cron command injection attempt (server-webapp.rules) * 1:57809 <-> DISABLED <-> SERVER-WEBAPP Nagios XI autodiscovery_component_update_cron command injection attempt (server-webapp.rules) * 1:57821 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Deadwood upload attempt (malware-other.rules) * 1:57808 <-> DISABLED <-> SERVER-OTHER Mozilla Network Security Services stack buffer overflow attempt (server-other.rules) * 1:57814 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Deadwood download attempt (malware-other.rules) * 1:57818 <-> DISABLED <-> MALWARE-OTHER Win.Backdoor.IPSecHelper download attempt (malware-other.rules) * 1:57823 <-> DISABLED <-> MALWARE-CNC ASPXSpy webshell outbound connection attempt (malware-cnc.rules) * 1:57815 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Apostle download attempt (malware-other.rules) * 1:57819 <-> DISABLED <-> MALWARE-OTHER ASPXSpy webshell upload attempt (malware-other.rules) * 3:57800 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1331 attack attempt (server-webapp.rules) * 3:57801 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1331 attack attempt (server-webapp.rules) * 3:57802 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1317 attack attempt (server-webapp.rules) * 3:57803 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1313 attack attempt (server-webapp.rules) * 3:57804 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1334 attack attempt (server-webapp.rules) * 3:57805 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1335 attack attempt (server-webapp.rules) * 3:57806 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1333 attack attempt (server-webapp.rules) * 3:57807 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2021-1322 attack attempt (policy-other.rules) * 3:57829 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1316 attack attempt (server-webapp.rules) * 3:57830 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2021-1336 attack attempt (file-pdf.rules) * 3:57831 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2021-1336 attack attempt (file-pdf.rules)
* 1:57430 <-> DISABLED <-> BROWSER-CHROME Google Chrome Math.max memory corruption attempt (browser-chrome.rules) * 1:57429 <-> DISABLED <-> BROWSER-CHROME Google Chrome Math.max memory corruption attempt (browser-chrome.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3000.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:57814 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Deadwood download attempt (snort3-malware-other.rules) * 1:57812 <-> DISABLED <-> SERVER-WEBAPP Nagios XI autodiscovery_component_update_cron command injection attempt (snort3-server-webapp.rules) * 1:57809 <-> DISABLED <-> SERVER-WEBAPP Nagios XI autodiscovery_component_update_cron command injection attempt (snort3-server-webapp.rules) * 1:57823 <-> DISABLED <-> MALWARE-CNC ASPXSpy webshell outbound connection attempt (snort3-malware-cnc.rules) * 1:57808 <-> DISABLED <-> SERVER-OTHER Mozilla Network Security Services stack buffer overflow attempt (snort3-server-other.rules) * 1:57815 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Apostle download attempt (snort3-malware-other.rules) * 1:57821 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Deadwood upload attempt (snort3-malware-other.rules) * 1:57826 <-> ENABLED <-> MALWARE-CNC ASPXSpy webshell inbound connection attempt (snort3-malware-cnc.rules) * 1:57813 <-> DISABLED <-> SERVER-OTHER Citrix NetScaler Gateway DTLS client hello denial of service attempt (snort3-server-other.rules) * 1:57817 <-> DISABLED <-> MALWARE-OTHER ASPXSpy webshell upload attempt (snort3-malware-other.rules) * 1:57819 <-> DISABLED <-> MALWARE-OTHER ASPXSpy webshell upload attempt (snort3-malware-other.rules) * 1:57820 <-> DISABLED <-> MALWARE-OTHER ASPXSpy webshell download attempt (snort3-malware-other.rules) * 1:57811 <-> DISABLED <-> SERVER-WEBAPP Nagios XI autodiscovery_component_update_cron command injection attempt (snort3-server-webapp.rules) * 1:57818 <-> DISABLED <-> MALWARE-OTHER Win.Backdoor.IPSecHelper download attempt (snort3-malware-other.rules) * 1:57816 <-> DISABLED <-> MALWARE-OTHER ASPXSpy webshell download attempt (snort3-malware-other.rules) * 1:57827 <-> ENABLED <-> MALWARE-CNC ASPXSpy webshell inbound connection attempt (snort3-malware-cnc.rules) * 1:57828 <-> DISABLED <-> MALWARE-CNC ASPXSpy webshell outbound connection attempt (snort3-malware-cnc.rules) * 1:57825 <-> ENABLED <-> MALWARE-CNC ASPXSpy webshell inbound connection attempt (snort3-malware-cnc.rules) * 1:57822 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Apostle upload attempt (snort3-malware-other.rules) * 1:57824 <-> DISABLED <-> MALWARE-CNC ASPXSpy webshell outbound connection attempt (snort3-malware-cnc.rules) * 1:57810 <-> DISABLED <-> SERVER-WEBAPP Nagios XI autodiscovery_component_update_cron command injection attempt (snort3-server-webapp.rules)
* 1:57430 <-> DISABLED <-> BROWSER-CHROME Google Chrome Math.max memory corruption attempt (snort3-browser-chrome.rules) * 1:57429 <-> DISABLED <-> BROWSER-CHROME Google Chrome Math.max memory corruption attempt (snort3-browser-chrome.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:57817 <-> DISABLED <-> MALWARE-OTHER ASPXSpy webshell upload attempt (malware-other.rules) * 1:57824 <-> DISABLED <-> MALWARE-CNC ASPXSpy webshell outbound connection attempt (malware-cnc.rules) * 1:57818 <-> DISABLED <-> MALWARE-OTHER Win.Backdoor.IPSecHelper download attempt (malware-other.rules) * 1:57825 <-> ENABLED <-> MALWARE-CNC ASPXSpy webshell inbound connection attempt (malware-cnc.rules) * 1:57827 <-> ENABLED <-> MALWARE-CNC ASPXSpy webshell inbound connection attempt (malware-cnc.rules) * 1:57821 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Deadwood upload attempt (malware-other.rules) * 1:57808 <-> DISABLED <-> SERVER-OTHER Mozilla Network Security Services stack buffer overflow attempt (server-other.rules) * 1:57809 <-> DISABLED <-> SERVER-WEBAPP Nagios XI autodiscovery_component_update_cron command injection attempt (server-webapp.rules) * 1:57810 <-> DISABLED <-> SERVER-WEBAPP Nagios XI autodiscovery_component_update_cron command injection attempt (server-webapp.rules) * 1:57828 <-> DISABLED <-> MALWARE-CNC ASPXSpy webshell outbound connection attempt (malware-cnc.rules) * 1:57822 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Apostle upload attempt (malware-other.rules) * 1:57811 <-> DISABLED <-> SERVER-WEBAPP Nagios XI autodiscovery_component_update_cron command injection attempt (server-webapp.rules) * 1:57823 <-> DISABLED <-> MALWARE-CNC ASPXSpy webshell outbound connection attempt (malware-cnc.rules) * 1:57826 <-> ENABLED <-> MALWARE-CNC ASPXSpy webshell inbound connection attempt (malware-cnc.rules) * 1:57819 <-> DISABLED <-> MALWARE-OTHER ASPXSpy webshell upload attempt (malware-other.rules) * 1:57820 <-> DISABLED <-> MALWARE-OTHER ASPXSpy webshell download attempt (malware-other.rules) * 1:57812 <-> DISABLED <-> SERVER-WEBAPP Nagios XI autodiscovery_component_update_cron command injection attempt (server-webapp.rules) * 1:57813 <-> DISABLED <-> SERVER-OTHER Citrix NetScaler Gateway DTLS client hello denial of service attempt (server-other.rules) * 1:57814 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Deadwood download attempt (malware-other.rules) * 1:57815 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Apostle download attempt (malware-other.rules) * 1:57816 <-> DISABLED <-> MALWARE-OTHER ASPXSpy webshell download attempt (malware-other.rules) * 3:57800 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1331 attack attempt (server-webapp.rules) * 3:57801 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1331 attack attempt (server-webapp.rules) * 3:57802 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1317 attack attempt (server-webapp.rules) * 3:57803 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1313 attack attempt (server-webapp.rules) * 3:57804 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1334 attack attempt (server-webapp.rules) * 3:57805 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1335 attack attempt (server-webapp.rules) * 3:57806 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1333 attack attempt (server-webapp.rules) * 3:57807 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2021-1322 attack attempt (policy-other.rules) * 3:57829 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1316 attack attempt (server-webapp.rules) * 3:57830 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2021-1336 attack attempt (file-pdf.rules) * 3:57831 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2021-1336 attack attempt (file-pdf.rules)
* 1:57430 <-> DISABLED <-> BROWSER-CHROME Google Chrome Math.max memory corruption attempt (browser-chrome.rules) * 1:57429 <-> DISABLED <-> BROWSER-CHROME Google Chrome Math.max memory corruption attempt (browser-chrome.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.0.3.1.
The format of the file is:
gid:sid <-> Message
* 3:21354 <-> PROTOCOL-DNS query * 3:21355 <-> PROTOCOL-DNS cache poisoning attempt - mismatched txid * 3:57728 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1308 attack attempt * 3:57729 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1308 attack attempt * 3:57745 <-> OS-OTHER TRUFFLEHUNTER TALOS-2021-1309 attack attempt * 3:57746 <-> OS-OTHER TRUFFLEHUNTER TALOS-2021-1309 attack attempt * 3:57747 <-> OS-OTHER TRUFFLEHUNTER TALOS-2021-1311 attack attempt * 3:57748 <-> OS-OTHER TRUFFLEHUNTER TALOS-2021-1311 attack attempt * 3:57749 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1319 attack attempt * 3:57750 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1319 attack attempt * 3:57751 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1318 attack attempt * 3:57752 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1318 attack attempt * 3:57753 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1312 attack attempt * 3:57754 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1312 attack attempt * 3:57755 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1312 attack attempt * 3:57757 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1327 attack attempt * 3:57758 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1327 attack attempt * 3:57759 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1327 attack attempt * 3:57764 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1315 attack attempt * 3:57765 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1315 attack attempt * 3:57766 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1315 attack attempt * 3:57767 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1325 attack attempt * 3:57768 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1325 attack attempt * 3:57769 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1325 attack attempt * 3:57774 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1326 attack attempt * 3:57775 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1326 attack attempt * 3:57776 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1326 attack attempt * 3:57777 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1328 attack attempt * 3:57778 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1328 attack attempt * 3:57779 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1328 attack attempt * 3:57783 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1324 attack attempt * 3:57784 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1324 attack attempt * 3:57792 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1314 attack attempt * 3:57793 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1314 attack attempt * 3:57794 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1314 attack attempt * 3:57795 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1314 attack attempt * 3:57796 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1323 attack attempt * 3:57798 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1320 attack attempt * 3:57799 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1320 attack attempt * 3:57800 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1331 attack attempt * 3:57801 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1331 attack attempt * 3:57802 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1317 attack attempt * 3:57803 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1313 attack attempt * 3:57804 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1334 attack attempt * 3:57805 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1335 attack attempt * 3:57806 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1333 attack attempt * 3:57807 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2021-1322 attack attempt * 1:57808 <-> SERVER-OTHER Mozilla Network Security Services stack buffer overflow attempt * 1:57809 <-> SERVER-WEBAPP Nagios XI autodiscovery_component_update_cron command injection attempt * 1:57810 <-> SERVER-WEBAPP Nagios XI autodiscovery_component_update_cron command injection attempt * 1:57811 <-> SERVER-WEBAPP Nagios XI autodiscovery_component_update_cron command injection attempt * 1:57812 <-> SERVER-WEBAPP Nagios XI autodiscovery_component_update_cron command injection attempt * 1:57813 <-> SERVER-OTHER Citrix NetScaler Gateway DTLS client hello denial of service attempt * 1:57814 <-> MALWARE-OTHER Win.Trojan.Deadwood download attempt * 1:57815 <-> MALWARE-OTHER Win.Trojan.Apostle download attempt * 1:57816 <-> MALWARE-OTHER ASPXSpy webshell download attempt * 1:57817 <-> MALWARE-OTHER ASPXSpy webshell upload attempt * 1:57818 <-> MALWARE-OTHER Win.Backdoor.IPSecHelper download attempt * 1:57819 <-> MALWARE-OTHER ASPXSpy webshell upload attempt * 1:57820 <-> MALWARE-OTHER ASPXSpy webshell download attempt * 1:57821 <-> MALWARE-OTHER Win.Trojan.Deadwood upload attempt * 1:57822 <-> MALWARE-OTHER Win.Trojan.Apostle upload attempt * 1:57823 <-> MALWARE-CNC ASPXSpy webshell outbound connection attempt * 1:57824 <-> MALWARE-CNC ASPXSpy webshell outbound connection attempt * 1:57825 <-> MALWARE-CNC ASPXSpy webshell inbound connection attempt * 1:57826 <-> MALWARE-CNC ASPXSpy webshell inbound connection attempt * 1:57827 <-> MALWARE-CNC ASPXSpy webshell inbound connection attempt * 1:57828 <-> MALWARE-CNC ASPXSpy webshell outbound connection attempt
* 3:51306 <-> SERVER-WEBAPP Cisco 220 Series Smart Switches command injection attempt * 3:51307 <-> SERVER-WEBAPP Cisco 220 Series Smart Switches command injection attempt * 3:51308 <-> SERVER-WEBAPP Cisco 220 Series Smart Switches command injection attempt * 3:57266 <-> OS-OTHER TRUFFLEHUNTER TALOS-2021-1262 attack attempt * 3:57267 <-> OS-OTHER TRUFFLEHUNTER TALOS-2021-1262 attack attempt * 1:57429 <-> BROWSER-CHROME Google Chrome Math.max memory corruption attempt * 1:57430 <-> BROWSER-CHROME Google Chrome Math.max memory corruption attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.0.3.4.
The format of the file is:
gid:sid <-> Message
* 3:21354 <-> PROTOCOL-DNS query * 3:21355 <-> PROTOCOL-DNS cache poisoning attempt - mismatched txid * 3:57728 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1308 attack attempt * 3:57729 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1308 attack attempt * 3:57745 <-> OS-OTHER TRUFFLEHUNTER TALOS-2021-1309 attack attempt * 3:57746 <-> OS-OTHER TRUFFLEHUNTER TALOS-2021-1309 attack attempt * 3:57747 <-> OS-OTHER TRUFFLEHUNTER TALOS-2021-1311 attack attempt * 3:57748 <-> OS-OTHER TRUFFLEHUNTER TALOS-2021-1311 attack attempt * 3:57749 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1319 attack attempt * 3:57750 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1319 attack attempt * 3:57751 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1318 attack attempt * 3:57752 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1318 attack attempt * 3:57753 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1312 attack attempt * 3:57754 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1312 attack attempt * 3:57755 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1312 attack attempt * 3:57757 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1327 attack attempt * 3:57758 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1327 attack attempt * 3:57759 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1327 attack attempt * 3:57764 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1315 attack attempt * 3:57765 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1315 attack attempt * 3:57766 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1315 attack attempt * 3:57767 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1325 attack attempt * 3:57768 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1325 attack attempt * 3:57769 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1325 attack attempt * 3:57774 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1326 attack attempt * 3:57775 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1326 attack attempt * 3:57776 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1326 attack attempt * 3:57777 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1328 attack attempt * 3:57778 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1328 attack attempt * 3:57779 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1328 attack attempt * 3:57783 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1324 attack attempt * 3:57784 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1324 attack attempt * 3:57792 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1314 attack attempt * 3:57793 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1314 attack attempt * 3:57794 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1314 attack attempt * 3:57795 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1314 attack attempt * 3:57796 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1323 attack attempt * 3:57798 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1320 attack attempt * 3:57799 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1320 attack attempt * 3:57800 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1331 attack attempt * 3:57801 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1331 attack attempt * 3:57802 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1317 attack attempt * 3:57803 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1313 attack attempt * 3:57804 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1334 attack attempt * 3:57805 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1335 attack attempt * 3:57806 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1333 attack attempt * 3:57807 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2021-1322 attack attempt * 1:57808 <-> SERVER-OTHER Mozilla Network Security Services stack buffer overflow attempt * 1:57809 <-> SERVER-WEBAPP Nagios XI autodiscovery_component_update_cron command injection attempt * 1:57810 <-> SERVER-WEBAPP Nagios XI autodiscovery_component_update_cron command injection attempt * 1:57811 <-> SERVER-WEBAPP Nagios XI autodiscovery_component_update_cron command injection attempt * 1:57812 <-> SERVER-WEBAPP Nagios XI autodiscovery_component_update_cron command injection attempt * 1:57813 <-> SERVER-OTHER Citrix NetScaler Gateway DTLS client hello denial of service attempt * 1:57814 <-> MALWARE-OTHER Win.Trojan.Deadwood download attempt * 1:57815 <-> MALWARE-OTHER Win.Trojan.Apostle download attempt * 1:57816 <-> MALWARE-OTHER ASPXSpy webshell download attempt * 1:57817 <-> MALWARE-OTHER ASPXSpy webshell upload attempt * 1:57818 <-> MALWARE-OTHER Win.Backdoor.IPSecHelper download attempt * 1:57819 <-> MALWARE-OTHER ASPXSpy webshell upload attempt * 1:57820 <-> MALWARE-OTHER ASPXSpy webshell download attempt * 1:57821 <-> MALWARE-OTHER Win.Trojan.Deadwood upload attempt * 1:57822 <-> MALWARE-OTHER Win.Trojan.Apostle upload attempt * 1:57823 <-> MALWARE-CNC ASPXSpy webshell outbound connection attempt * 1:57824 <-> MALWARE-CNC ASPXSpy webshell outbound connection attempt * 1:57825 <-> MALWARE-CNC ASPXSpy webshell inbound connection attempt * 1:57826 <-> MALWARE-CNC ASPXSpy webshell inbound connection attempt * 1:57827 <-> MALWARE-CNC ASPXSpy webshell inbound connection attempt * 1:57828 <-> MALWARE-CNC ASPXSpy webshell outbound connection attempt
* 3:51306 <-> SERVER-WEBAPP Cisco 220 Series Smart Switches command injection attempt * 3:51307 <-> SERVER-WEBAPP Cisco 220 Series Smart Switches command injection attempt * 3:51308 <-> SERVER-WEBAPP Cisco 220 Series Smart Switches command injection attempt * 3:57266 <-> OS-OTHER TRUFFLEHUNTER TALOS-2021-1262 attack attempt * 3:57267 <-> OS-OTHER TRUFFLEHUNTER TALOS-2021-1262 attack attempt * 1:57429 <-> BROWSER-CHROME Google Chrome Math.max memory corruption attempt * 1:57430 <-> BROWSER-CHROME Google Chrome Math.max memory corruption attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.0.0.
The format of the file is:
gid:sid <-> Message
* 3:21354 <-> PROTOCOL-DNS query * 3:21355 <-> PROTOCOL-DNS cache poisoning attempt - mismatched txid * 3:57728 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1308 attack attempt * 3:57729 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1308 attack attempt * 3:57745 <-> OS-OTHER TRUFFLEHUNTER TALOS-2021-1309 attack attempt * 3:57746 <-> OS-OTHER TRUFFLEHUNTER TALOS-2021-1309 attack attempt * 3:57747 <-> OS-OTHER TRUFFLEHUNTER TALOS-2021-1311 attack attempt * 3:57748 <-> OS-OTHER TRUFFLEHUNTER TALOS-2021-1311 attack attempt * 3:57749 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1319 attack attempt * 3:57750 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1319 attack attempt * 3:57751 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1318 attack attempt * 3:57752 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1318 attack attempt * 3:57753 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1312 attack attempt * 3:57754 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1312 attack attempt * 3:57755 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1312 attack attempt * 3:57757 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1327 attack attempt * 3:57758 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1327 attack attempt * 3:57759 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1327 attack attempt * 3:57764 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1315 attack attempt * 3:57765 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1315 attack attempt * 3:57766 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1315 attack attempt * 3:57767 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1325 attack attempt * 3:57768 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1325 attack attempt * 3:57769 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1325 attack attempt * 3:57774 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1326 attack attempt * 3:57775 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1326 attack attempt * 3:57776 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1326 attack attempt * 3:57777 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1328 attack attempt * 3:57778 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1328 attack attempt * 3:57779 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1328 attack attempt * 3:57783 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1324 attack attempt * 3:57784 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1324 attack attempt * 3:57792 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1314 attack attempt * 3:57793 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1314 attack attempt * 3:57794 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1314 attack attempt * 3:57795 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1314 attack attempt * 3:57796 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1323 attack attempt * 3:57798 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1320 attack attempt * 3:57799 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1320 attack attempt * 3:57800 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1331 attack attempt * 3:57801 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1331 attack attempt * 3:57802 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1317 attack attempt * 3:57803 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1313 attack attempt * 3:57804 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1334 attack attempt * 3:57805 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1335 attack attempt * 3:57806 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1333 attack attempt * 3:57807 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2021-1322 attack attempt * 1:57808 <-> SERVER-OTHER Mozilla Network Security Services stack buffer overflow attempt * 1:57809 <-> SERVER-WEBAPP Nagios XI autodiscovery_component_update_cron command injection attempt * 1:57810 <-> SERVER-WEBAPP Nagios XI autodiscovery_component_update_cron command injection attempt * 1:57811 <-> SERVER-WEBAPP Nagios XI autodiscovery_component_update_cron command injection attempt * 1:57812 <-> SERVER-WEBAPP Nagios XI autodiscovery_component_update_cron command injection attempt * 1:57813 <-> SERVER-OTHER Citrix NetScaler Gateway DTLS client hello denial of service attempt * 1:57814 <-> MALWARE-OTHER Win.Trojan.Deadwood download attempt * 1:57815 <-> MALWARE-OTHER Win.Trojan.Apostle download attempt * 1:57816 <-> MALWARE-OTHER ASPXSpy webshell download attempt * 1:57817 <-> MALWARE-OTHER ASPXSpy webshell upload attempt * 1:57818 <-> MALWARE-OTHER Win.Backdoor.IPSecHelper download attempt * 1:57819 <-> MALWARE-OTHER ASPXSpy webshell upload attempt * 1:57820 <-> MALWARE-OTHER ASPXSpy webshell download attempt * 1:57821 <-> MALWARE-OTHER Win.Trojan.Deadwood upload attempt * 1:57822 <-> MALWARE-OTHER Win.Trojan.Apostle upload attempt * 1:57823 <-> MALWARE-CNC ASPXSpy webshell outbound connection attempt * 1:57824 <-> MALWARE-CNC ASPXSpy webshell outbound connection attempt * 1:57825 <-> MALWARE-CNC ASPXSpy webshell inbound connection attempt * 1:57826 <-> MALWARE-CNC ASPXSpy webshell inbound connection attempt * 1:57827 <-> MALWARE-CNC ASPXSpy webshell inbound connection attempt * 1:57828 <-> MALWARE-CNC ASPXSpy webshell outbound connection attempt
* 3:51306 <-> SERVER-WEBAPP Cisco 220 Series Smart Switches command injection attempt * 3:51307 <-> SERVER-WEBAPP Cisco 220 Series Smart Switches command injection attempt * 3:51308 <-> SERVER-WEBAPP Cisco 220 Series Smart Switches command injection attempt * 3:57266 <-> OS-OTHER TRUFFLEHUNTER TALOS-2021-1262 attack attempt * 3:57267 <-> OS-OTHER TRUFFLEHUNTER TALOS-2021-1262 attack attempt * 1:57429 <-> BROWSER-CHROME Google Chrome Math.max memory corruption attempt * 1:57430 <-> BROWSER-CHROME Google Chrome Math.max memory corruption attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.0.1.
The format of the file is:
gid:sid <-> Message
* 3:21354 <-> PROTOCOL-DNS query * 3:21355 <-> PROTOCOL-DNS cache poisoning attempt - mismatched txid * 3:57728 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1308 attack attempt * 3:57729 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1308 attack attempt * 3:57745 <-> OS-OTHER TRUFFLEHUNTER TALOS-2021-1309 attack attempt * 3:57746 <-> OS-OTHER TRUFFLEHUNTER TALOS-2021-1309 attack attempt * 3:57747 <-> OS-OTHER TRUFFLEHUNTER TALOS-2021-1311 attack attempt * 3:57748 <-> OS-OTHER TRUFFLEHUNTER TALOS-2021-1311 attack attempt * 3:57749 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1319 attack attempt * 3:57750 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1319 attack attempt * 3:57751 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1318 attack attempt * 3:57752 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1318 attack attempt * 3:57753 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1312 attack attempt * 3:57754 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1312 attack attempt * 3:57755 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1312 attack attempt * 3:57757 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1327 attack attempt * 3:57758 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1327 attack attempt * 3:57759 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1327 attack attempt * 3:57764 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1315 attack attempt * 3:57765 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1315 attack attempt * 3:57766 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1315 attack attempt * 3:57767 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1325 attack attempt * 3:57768 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1325 attack attempt * 3:57769 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1325 attack attempt * 3:57774 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1326 attack attempt * 3:57775 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1326 attack attempt * 3:57776 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1326 attack attempt * 3:57777 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1328 attack attempt * 3:57778 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1328 attack attempt * 3:57779 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1328 attack attempt * 3:57783 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1324 attack attempt * 3:57784 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1324 attack attempt * 3:57792 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1314 attack attempt * 3:57793 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1314 attack attempt * 3:57794 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1314 attack attempt * 3:57795 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1314 attack attempt * 3:57796 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1323 attack attempt * 3:57798 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1320 attack attempt * 3:57799 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1320 attack attempt * 3:57800 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1331 attack attempt * 3:57801 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1331 attack attempt * 3:57802 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1317 attack attempt * 3:57803 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1313 attack attempt * 3:57804 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1334 attack attempt * 3:57805 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1335 attack attempt * 3:57806 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1333 attack attempt * 3:57807 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2021-1322 attack attempt * 1:57808 <-> SERVER-OTHER Mozilla Network Security Services stack buffer overflow attempt * 1:57809 <-> SERVER-WEBAPP Nagios XI autodiscovery_component_update_cron command injection attempt * 1:57810 <-> SERVER-WEBAPP Nagios XI autodiscovery_component_update_cron command injection attempt * 1:57811 <-> SERVER-WEBAPP Nagios XI autodiscovery_component_update_cron command injection attempt * 1:57812 <-> SERVER-WEBAPP Nagios XI autodiscovery_component_update_cron command injection attempt * 1:57813 <-> SERVER-OTHER Citrix NetScaler Gateway DTLS client hello denial of service attempt * 1:57814 <-> MALWARE-OTHER Win.Trojan.Deadwood download attempt * 1:57815 <-> MALWARE-OTHER Win.Trojan.Apostle download attempt * 1:57816 <-> MALWARE-OTHER ASPXSpy webshell download attempt * 1:57817 <-> MALWARE-OTHER ASPXSpy webshell upload attempt * 1:57818 <-> MALWARE-OTHER Win.Backdoor.IPSecHelper download attempt * 1:57819 <-> MALWARE-OTHER ASPXSpy webshell upload attempt * 1:57820 <-> MALWARE-OTHER ASPXSpy webshell download attempt * 1:57821 <-> MALWARE-OTHER Win.Trojan.Deadwood upload attempt * 1:57822 <-> MALWARE-OTHER Win.Trojan.Apostle upload attempt * 1:57823 <-> MALWARE-CNC ASPXSpy webshell outbound connection attempt * 1:57824 <-> MALWARE-CNC ASPXSpy webshell outbound connection attempt * 1:57825 <-> MALWARE-CNC ASPXSpy webshell inbound connection attempt * 1:57826 <-> MALWARE-CNC ASPXSpy webshell inbound connection attempt * 1:57827 <-> MALWARE-CNC ASPXSpy webshell inbound connection attempt * 1:57828 <-> MALWARE-CNC ASPXSpy webshell outbound connection attempt
* 3:51306 <-> SERVER-WEBAPP Cisco 220 Series Smart Switches command injection attempt * 3:51307 <-> SERVER-WEBAPP Cisco 220 Series Smart Switches command injection attempt * 3:51308 <-> SERVER-WEBAPP Cisco 220 Series Smart Switches command injection attempt * 3:57266 <-> OS-OTHER TRUFFLEHUNTER TALOS-2021-1262 attack attempt * 3:57267 <-> OS-OTHER TRUFFLEHUNTER TALOS-2021-1262 attack attempt * 1:57429 <-> BROWSER-CHROME Google Chrome Math.max memory corruption attempt * 1:57430 <-> BROWSER-CHROME Google Chrome Math.max memory corruption attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.1.0.
The format of the file is:
gid:sid <-> Message
* 3:21354 <-> PROTOCOL-DNS query * 3:21355 <-> PROTOCOL-DNS cache poisoning attempt - mismatched txid * 3:57728 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1308 attack attempt * 3:57729 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1308 attack attempt * 3:57745 <-> OS-OTHER TRUFFLEHUNTER TALOS-2021-1309 attack attempt * 3:57746 <-> OS-OTHER TRUFFLEHUNTER TALOS-2021-1309 attack attempt * 3:57747 <-> OS-OTHER TRUFFLEHUNTER TALOS-2021-1311 attack attempt * 3:57748 <-> OS-OTHER TRUFFLEHUNTER TALOS-2021-1311 attack attempt * 3:57749 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1319 attack attempt * 3:57750 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1319 attack attempt * 3:57751 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1318 attack attempt * 3:57752 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1318 attack attempt * 3:57753 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1312 attack attempt * 3:57754 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1312 attack attempt * 3:57755 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1312 attack attempt * 3:57757 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1327 attack attempt * 3:57758 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1327 attack attempt * 3:57759 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1327 attack attempt * 3:57764 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1315 attack attempt * 3:57765 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1315 attack attempt * 3:57766 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1315 attack attempt * 3:57767 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1325 attack attempt * 3:57768 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1325 attack attempt * 3:57769 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1325 attack attempt * 3:57774 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1326 attack attempt * 3:57775 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1326 attack attempt * 3:57776 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1326 attack attempt * 3:57777 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1328 attack attempt * 3:57778 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1328 attack attempt * 3:57779 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1328 attack attempt * 3:57783 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1324 attack attempt * 3:57784 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1324 attack attempt * 3:57792 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1314 attack attempt * 3:57793 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1314 attack attempt * 3:57794 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1314 attack attempt * 3:57795 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1314 attack attempt * 3:57796 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1323 attack attempt * 3:57798 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1320 attack attempt * 3:57799 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1320 attack attempt * 3:57800 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1331 attack attempt * 3:57801 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1331 attack attempt * 3:57802 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1317 attack attempt * 3:57803 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1313 attack attempt * 3:57804 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1334 attack attempt * 3:57805 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1335 attack attempt * 3:57806 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1333 attack attempt * 3:57807 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2021-1322 attack attempt * 1:57808 <-> SERVER-OTHER Mozilla Network Security Services stack buffer overflow attempt * 1:57809 <-> SERVER-WEBAPP Nagios XI autodiscovery_component_update_cron command injection attempt * 1:57810 <-> SERVER-WEBAPP Nagios XI autodiscovery_component_update_cron command injection attempt * 1:57811 <-> SERVER-WEBAPP Nagios XI autodiscovery_component_update_cron command injection attempt * 1:57812 <-> SERVER-WEBAPP Nagios XI autodiscovery_component_update_cron command injection attempt * 1:57813 <-> SERVER-OTHER Citrix NetScaler Gateway DTLS client hello denial of service attempt * 1:57814 <-> MALWARE-OTHER Win.Trojan.Deadwood download attempt * 1:57815 <-> MALWARE-OTHER Win.Trojan.Apostle download attempt * 1:57816 <-> MALWARE-OTHER ASPXSpy webshell download attempt * 1:57817 <-> MALWARE-OTHER ASPXSpy webshell upload attempt * 1:57818 <-> MALWARE-OTHER Win.Backdoor.IPSecHelper download attempt * 1:57819 <-> MALWARE-OTHER ASPXSpy webshell upload attempt * 1:57820 <-> MALWARE-OTHER ASPXSpy webshell download attempt * 1:57821 <-> MALWARE-OTHER Win.Trojan.Deadwood upload attempt * 1:57822 <-> MALWARE-OTHER Win.Trojan.Apostle upload attempt * 1:57823 <-> MALWARE-CNC ASPXSpy webshell outbound connection attempt * 1:57824 <-> MALWARE-CNC ASPXSpy webshell outbound connection attempt * 1:57825 <-> MALWARE-CNC ASPXSpy webshell inbound connection attempt * 1:57826 <-> MALWARE-CNC ASPXSpy webshell inbound connection attempt * 1:57827 <-> MALWARE-CNC ASPXSpy webshell inbound connection attempt * 1:57828 <-> MALWARE-CNC ASPXSpy webshell outbound connection attempt
* 3:51306 <-> SERVER-WEBAPP Cisco 220 Series Smart Switches command injection attempt * 3:51307 <-> SERVER-WEBAPP Cisco 220 Series Smart Switches command injection attempt * 3:51308 <-> SERVER-WEBAPP Cisco 220 Series Smart Switches command injection attempt * 3:57266 <-> OS-OTHER TRUFFLEHUNTER TALOS-2021-1262 attack attempt * 3:57267 <-> OS-OTHER TRUFFLEHUNTER TALOS-2021-1262 attack attempt * 1:57429 <-> BROWSER-CHROME Google Chrome Math.max memory corruption attempt * 1:57430 <-> BROWSER-CHROME Google Chrome Math.max memory corruption attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.3.0.
The format of the file is:
gid:sid <-> Message
* 3:21354 <-> PROTOCOL-DNS query * 3:21355 <-> PROTOCOL-DNS cache poisoning attempt - mismatched txid * 3:57728 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1308 attack attempt * 3:57729 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1308 attack attempt * 3:57745 <-> OS-OTHER TRUFFLEHUNTER TALOS-2021-1309 attack attempt * 3:57746 <-> OS-OTHER TRUFFLEHUNTER TALOS-2021-1309 attack attempt * 3:57747 <-> OS-OTHER TRUFFLEHUNTER TALOS-2021-1311 attack attempt * 3:57748 <-> OS-OTHER TRUFFLEHUNTER TALOS-2021-1311 attack attempt * 3:57749 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1319 attack attempt * 3:57750 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1319 attack attempt * 3:57751 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1318 attack attempt * 3:57752 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1318 attack attempt * 3:57753 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1312 attack attempt * 3:57754 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1312 attack attempt * 3:57755 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1312 attack attempt * 3:57757 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1327 attack attempt * 3:57758 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1327 attack attempt * 3:57759 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1327 attack attempt * 3:57764 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1315 attack attempt * 3:57765 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1315 attack attempt * 3:57766 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1315 attack attempt * 3:57767 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1325 attack attempt * 3:57768 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1325 attack attempt * 3:57769 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1325 attack attempt * 3:57774 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1326 attack attempt * 3:57775 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1326 attack attempt * 3:57776 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1326 attack attempt * 3:57777 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1328 attack attempt * 3:57778 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1328 attack attempt * 3:57779 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1328 attack attempt * 3:57783 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1324 attack attempt * 3:57784 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1324 attack attempt * 3:57792 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1314 attack attempt * 3:57793 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1314 attack attempt * 3:57794 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1314 attack attempt * 3:57795 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1314 attack attempt * 3:57796 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1323 attack attempt * 3:57798 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1320 attack attempt * 3:57799 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1320 attack attempt * 3:57800 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1331 attack attempt * 3:57801 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1331 attack attempt * 3:57802 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1317 attack attempt * 3:57803 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1313 attack attempt * 3:57804 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1334 attack attempt * 3:57805 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1335 attack attempt * 3:57806 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1333 attack attempt * 3:57807 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2021-1322 attack attempt * 1:57808 <-> SERVER-OTHER Mozilla Network Security Services stack buffer overflow attempt * 1:57809 <-> SERVER-WEBAPP Nagios XI autodiscovery_component_update_cron command injection attempt * 1:57810 <-> SERVER-WEBAPP Nagios XI autodiscovery_component_update_cron command injection attempt * 1:57811 <-> SERVER-WEBAPP Nagios XI autodiscovery_component_update_cron command injection attempt * 1:57812 <-> SERVER-WEBAPP Nagios XI autodiscovery_component_update_cron command injection attempt * 1:57813 <-> SERVER-OTHER Citrix NetScaler Gateway DTLS client hello denial of service attempt * 1:57814 <-> MALWARE-OTHER Win.Trojan.Deadwood download attempt * 1:57815 <-> MALWARE-OTHER Win.Trojan.Apostle download attempt * 1:57816 <-> MALWARE-OTHER ASPXSpy webshell download attempt * 1:57817 <-> MALWARE-OTHER ASPXSpy webshell upload attempt * 1:57818 <-> MALWARE-OTHER Win.Backdoor.IPSecHelper download attempt * 1:57819 <-> MALWARE-OTHER ASPXSpy webshell upload attempt * 1:57820 <-> MALWARE-OTHER ASPXSpy webshell download attempt * 1:57821 <-> MALWARE-OTHER Win.Trojan.Deadwood upload attempt * 1:57822 <-> MALWARE-OTHER Win.Trojan.Apostle upload attempt * 1:57823 <-> MALWARE-CNC ASPXSpy webshell outbound connection attempt * 1:57824 <-> MALWARE-CNC ASPXSpy webshell outbound connection attempt * 1:57825 <-> MALWARE-CNC ASPXSpy webshell inbound connection attempt * 1:57826 <-> MALWARE-CNC ASPXSpy webshell inbound connection attempt * 1:57827 <-> MALWARE-CNC ASPXSpy webshell inbound connection attempt * 1:57828 <-> MALWARE-CNC ASPXSpy webshell outbound connection attempt
* 3:51306 <-> SERVER-WEBAPP Cisco 220 Series Smart Switches command injection attempt * 3:51307 <-> SERVER-WEBAPP Cisco 220 Series Smart Switches command injection attempt * 3:51308 <-> SERVER-WEBAPP Cisco 220 Series Smart Switches command injection attempt * 3:57266 <-> OS-OTHER TRUFFLEHUNTER TALOS-2021-1262 attack attempt * 3:57267 <-> OS-OTHER TRUFFLEHUNTER TALOS-2021-1262 attack attempt * 1:57429 <-> BROWSER-CHROME Google Chrome Math.max memory corruption attempt * 1:57430 <-> BROWSER-CHROME Google Chrome Math.max memory corruption attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.4.0.
The format of the file is:
gid:sid <-> Message
* 3:21354 <-> PROTOCOL-DNS query * 3:21355 <-> PROTOCOL-DNS cache poisoning attempt - mismatched txid * 3:57728 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1308 attack attempt * 3:57729 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1308 attack attempt * 3:57745 <-> OS-OTHER TRUFFLEHUNTER TALOS-2021-1309 attack attempt * 3:57746 <-> OS-OTHER TRUFFLEHUNTER TALOS-2021-1309 attack attempt * 3:57747 <-> OS-OTHER TRUFFLEHUNTER TALOS-2021-1311 attack attempt * 3:57748 <-> OS-OTHER TRUFFLEHUNTER TALOS-2021-1311 attack attempt * 3:57749 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1319 attack attempt * 3:57750 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1319 attack attempt * 3:57751 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1318 attack attempt * 3:57752 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1318 attack attempt * 3:57753 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1312 attack attempt * 3:57754 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1312 attack attempt * 3:57755 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1312 attack attempt * 3:57757 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1327 attack attempt * 3:57758 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1327 attack attempt * 3:57759 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1327 attack attempt * 3:57764 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1315 attack attempt * 3:57765 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1315 attack attempt * 3:57766 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1315 attack attempt * 3:57767 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1325 attack attempt * 3:57768 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1325 attack attempt * 3:57769 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1325 attack attempt * 3:57774 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1326 attack attempt * 3:57775 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1326 attack attempt * 3:57776 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1326 attack attempt * 3:57777 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1328 attack attempt * 3:57778 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1328 attack attempt * 3:57779 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1328 attack attempt * 3:57783 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1324 attack attempt * 3:57784 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1324 attack attempt * 3:57792 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1314 attack attempt * 3:57793 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1314 attack attempt * 3:57794 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1314 attack attempt * 3:57795 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1314 attack attempt * 3:57796 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1323 attack attempt * 3:57798 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1320 attack attempt * 3:57799 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1320 attack attempt * 3:57800 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1331 attack attempt * 3:57801 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1331 attack attempt * 3:57802 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1317 attack attempt * 3:57803 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1313 attack attempt * 3:57804 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1334 attack attempt * 3:57805 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1335 attack attempt * 3:57806 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1333 attack attempt * 3:57807 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2021-1322 attack attempt * 1:57808 <-> SERVER-OTHER Mozilla Network Security Services stack buffer overflow attempt * 1:57809 <-> SERVER-WEBAPP Nagios XI autodiscovery_component_update_cron command injection attempt * 1:57810 <-> SERVER-WEBAPP Nagios XI autodiscovery_component_update_cron command injection attempt * 1:57811 <-> SERVER-WEBAPP Nagios XI autodiscovery_component_update_cron command injection attempt * 1:57812 <-> SERVER-WEBAPP Nagios XI autodiscovery_component_update_cron command injection attempt * 1:57813 <-> SERVER-OTHER Citrix NetScaler Gateway DTLS client hello denial of service attempt * 1:57814 <-> MALWARE-OTHER Win.Trojan.Deadwood download attempt * 1:57815 <-> MALWARE-OTHER Win.Trojan.Apostle download attempt * 1:57816 <-> MALWARE-OTHER ASPXSpy webshell download attempt * 1:57817 <-> MALWARE-OTHER ASPXSpy webshell upload attempt * 1:57818 <-> MALWARE-OTHER Win.Backdoor.IPSecHelper download attempt * 1:57819 <-> MALWARE-OTHER ASPXSpy webshell upload attempt * 1:57820 <-> MALWARE-OTHER ASPXSpy webshell download attempt * 1:57821 <-> MALWARE-OTHER Win.Trojan.Deadwood upload attempt * 1:57822 <-> MALWARE-OTHER Win.Trojan.Apostle upload attempt * 1:57823 <-> MALWARE-CNC ASPXSpy webshell outbound connection attempt * 1:57824 <-> MALWARE-CNC ASPXSpy webshell outbound connection attempt * 1:57825 <-> MALWARE-CNC ASPXSpy webshell inbound connection attempt * 1:57826 <-> MALWARE-CNC ASPXSpy webshell inbound connection attempt * 1:57827 <-> MALWARE-CNC ASPXSpy webshell inbound connection attempt * 1:57828 <-> MALWARE-CNC ASPXSpy webshell outbound connection attempt
* 3:51306 <-> SERVER-WEBAPP Cisco 220 Series Smart Switches command injection attempt * 3:51307 <-> SERVER-WEBAPP Cisco 220 Series Smart Switches command injection attempt * 3:51308 <-> SERVER-WEBAPP Cisco 220 Series Smart Switches command injection attempt * 3:57266 <-> OS-OTHER TRUFFLEHUNTER TALOS-2021-1262 attack attempt * 3:57267 <-> OS-OTHER TRUFFLEHUNTER TALOS-2021-1262 attack attempt * 1:57429 <-> BROWSER-CHROME Google Chrome Math.max memory corruption attempt * 1:57430 <-> BROWSER-CHROME Google Chrome Math.max memory corruption attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.5.0.
The format of the file is:
gid:sid <-> Message
* 3:21354 <-> PROTOCOL-DNS query * 3:21355 <-> PROTOCOL-DNS cache poisoning attempt - mismatched txid * 3:57728 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1308 attack attempt * 3:57729 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1308 attack attempt * 3:57745 <-> OS-OTHER TRUFFLEHUNTER TALOS-2021-1309 attack attempt * 3:57746 <-> OS-OTHER TRUFFLEHUNTER TALOS-2021-1309 attack attempt * 3:57747 <-> OS-OTHER TRUFFLEHUNTER TALOS-2021-1311 attack attempt * 3:57748 <-> OS-OTHER TRUFFLEHUNTER TALOS-2021-1311 attack attempt * 3:57749 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1319 attack attempt * 3:57750 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1319 attack attempt * 3:57751 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1318 attack attempt * 3:57752 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1318 attack attempt * 3:57753 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1312 attack attempt * 3:57754 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1312 attack attempt * 3:57755 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1312 attack attempt * 3:57757 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1327 attack attempt * 3:57758 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1327 attack attempt * 3:57759 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1327 attack attempt * 3:57764 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1315 attack attempt * 3:57765 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1315 attack attempt * 3:57766 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1315 attack attempt * 3:57767 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1325 attack attempt * 3:57768 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1325 attack attempt * 3:57769 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1325 attack attempt * 3:57774 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1326 attack attempt * 3:57775 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1326 attack attempt * 3:57776 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1326 attack attempt * 3:57777 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1328 attack attempt * 3:57778 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1328 attack attempt * 3:57779 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1328 attack attempt * 3:57783 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1324 attack attempt * 3:57784 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1324 attack attempt * 3:57792 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1314 attack attempt * 3:57793 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1314 attack attempt * 3:57794 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1314 attack attempt * 3:57795 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1314 attack attempt * 3:57796 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1323 attack attempt * 3:57798 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1320 attack attempt * 3:57799 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1320 attack attempt * 3:57800 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1331 attack attempt * 3:57801 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1331 attack attempt * 3:57802 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1317 attack attempt * 3:57803 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1313 attack attempt * 3:57804 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1334 attack attempt * 3:57805 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1335 attack attempt * 3:57806 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1333 attack attempt * 3:57807 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2021-1322 attack attempt * 1:57808 <-> SERVER-OTHER Mozilla Network Security Services stack buffer overflow attempt * 1:57809 <-> SERVER-WEBAPP Nagios XI autodiscovery_component_update_cron command injection attempt * 1:57810 <-> SERVER-WEBAPP Nagios XI autodiscovery_component_update_cron command injection attempt * 1:57811 <-> SERVER-WEBAPP Nagios XI autodiscovery_component_update_cron command injection attempt * 1:57812 <-> SERVER-WEBAPP Nagios XI autodiscovery_component_update_cron command injection attempt * 1:57813 <-> SERVER-OTHER Citrix NetScaler Gateway DTLS client hello denial of service attempt * 1:57814 <-> MALWARE-OTHER Win.Trojan.Deadwood download attempt * 1:57815 <-> MALWARE-OTHER Win.Trojan.Apostle download attempt * 1:57816 <-> MALWARE-OTHER ASPXSpy webshell download attempt * 1:57817 <-> MALWARE-OTHER ASPXSpy webshell upload attempt * 1:57818 <-> MALWARE-OTHER Win.Backdoor.IPSecHelper download attempt * 1:57819 <-> MALWARE-OTHER ASPXSpy webshell upload attempt * 1:57820 <-> MALWARE-OTHER ASPXSpy webshell download attempt * 1:57821 <-> MALWARE-OTHER Win.Trojan.Deadwood upload attempt * 1:57822 <-> MALWARE-OTHER Win.Trojan.Apostle upload attempt * 1:57823 <-> MALWARE-CNC ASPXSpy webshell outbound connection attempt * 1:57824 <-> MALWARE-CNC ASPXSpy webshell outbound connection attempt * 1:57825 <-> MALWARE-CNC ASPXSpy webshell inbound connection attempt * 1:57826 <-> MALWARE-CNC ASPXSpy webshell inbound connection attempt * 1:57827 <-> MALWARE-CNC ASPXSpy webshell inbound connection attempt * 1:57828 <-> MALWARE-CNC ASPXSpy webshell outbound connection attempt
* 3:51306 <-> SERVER-WEBAPP Cisco 220 Series Smart Switches command injection attempt * 3:51307 <-> SERVER-WEBAPP Cisco 220 Series Smart Switches command injection attempt * 3:51308 <-> SERVER-WEBAPP Cisco 220 Series Smart Switches command injection attempt * 3:57266 <-> OS-OTHER TRUFFLEHUNTER TALOS-2021-1262 attack attempt * 3:57267 <-> OS-OTHER TRUFFLEHUNTER TALOS-2021-1262 attack attempt * 1:57429 <-> BROWSER-CHROME Google Chrome Math.max memory corruption attempt * 1:57430 <-> BROWSER-CHROME Google Chrome Math.max memory corruption attempt
©2024 Cisco and/or its affiliates. Snort, the Snort and Pig logo are registered trademarks of Cisco. All rights reserved.
