Talos has added and modified multiple rules in the file-image, indicator-shellcode and os-windows rule sets to provide coverage for emerging threats from these technologies.
For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091801.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:58155 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound beacon (malware-cnc.rules) * 3:58157 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1371 attack attempt (file-image.rules) * 3:58156 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1371 attack attempt (file-image.rules) * 3:58158 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1371 attack attempt (file-image.rules) * 3:58159 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1371 attack attempt (file-image.rules)
* 1:57605 <-> DISABLED <-> OS-WINDOWS Microsoft Windows HTTP protocol stack remote code execution attempt (os-windows.rules) * 1:46937 <-> ENABLED <-> INDICATOR-SHELLCODE ysoserial Java object deserialization exploit attempt (indicator-shellcode.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091800.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:58155 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound beacon (malware-cnc.rules) * 3:58156 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1371 attack attempt (file-image.rules) * 3:58157 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1371 attack attempt (file-image.rules) * 3:58159 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1371 attack attempt (file-image.rules) * 3:58158 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1371 attack attempt (file-image.rules)
* 1:57605 <-> DISABLED <-> OS-WINDOWS Microsoft Windows HTTP protocol stack remote code execution attempt (os-windows.rules) * 1:46937 <-> ENABLED <-> INDICATOR-SHELLCODE ysoserial Java object deserialization exploit attempt (indicator-shellcode.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091701.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:58155 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound beacon (malware-cnc.rules) * 3:58156 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1371 attack attempt (file-image.rules) * 3:58159 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1371 attack attempt (file-image.rules) * 3:58158 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1371 attack attempt (file-image.rules) * 3:58157 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1371 attack attempt (file-image.rules)
* 1:57605 <-> DISABLED <-> OS-WINDOWS Microsoft Windows HTTP protocol stack remote code execution attempt (os-windows.rules) * 1:46937 <-> ENABLED <-> INDICATOR-SHELLCODE ysoserial Java object deserialization exploit attempt (indicator-shellcode.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091700.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:58155 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound beacon (malware-cnc.rules) * 3:58156 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1371 attack attempt (file-image.rules) * 3:58158 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1371 attack attempt (file-image.rules) * 3:58159 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1371 attack attempt (file-image.rules) * 3:58157 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1371 attack attempt (file-image.rules)
* 1:46937 <-> ENABLED <-> INDICATOR-SHELLCODE ysoserial Java object deserialization exploit attempt (indicator-shellcode.rules) * 1:57605 <-> DISABLED <-> OS-WINDOWS Microsoft Windows HTTP protocol stack remote code execution attempt (os-windows.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091601.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:58155 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound beacon (malware-cnc.rules) * 3:58159 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1371 attack attempt (file-image.rules) * 3:58156 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1371 attack attempt (file-image.rules) * 3:58158 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1371 attack attempt (file-image.rules) * 3:58157 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1371 attack attempt (file-image.rules)
* 1:57605 <-> DISABLED <-> OS-WINDOWS Microsoft Windows HTTP protocol stack remote code execution attempt (os-windows.rules) * 1:46937 <-> ENABLED <-> INDICATOR-SHELLCODE ysoserial Java object deserialization exploit attempt (indicator-shellcode.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091600.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:58155 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound beacon (malware-cnc.rules) * 3:58156 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1371 attack attempt (file-image.rules) * 3:58158 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1371 attack attempt (file-image.rules) * 3:58157 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1371 attack attempt (file-image.rules) * 3:58159 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1371 attack attempt (file-image.rules)
* 1:57605 <-> DISABLED <-> OS-WINDOWS Microsoft Windows HTTP protocol stack remote code execution attempt (os-windows.rules) * 1:46937 <-> ENABLED <-> INDICATOR-SHELLCODE ysoserial Java object deserialization exploit attempt (indicator-shellcode.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091501.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:58155 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound beacon (malware-cnc.rules) * 3:58157 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1371 attack attempt (file-image.rules) * 3:58159 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1371 attack attempt (file-image.rules) * 3:58158 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1371 attack attempt (file-image.rules) * 3:58156 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1371 attack attempt (file-image.rules)
* 1:57605 <-> DISABLED <-> OS-WINDOWS Microsoft Windows HTTP protocol stack remote code execution attempt (os-windows.rules) * 1:46937 <-> ENABLED <-> INDICATOR-SHELLCODE ysoserial Java object deserialization exploit attempt (indicator-shellcode.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091401.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:58155 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound beacon (malware-cnc.rules) * 3:58158 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1371 attack attempt (file-image.rules) * 3:58157 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1371 attack attempt (file-image.rules) * 3:58159 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1371 attack attempt (file-image.rules) * 3:58156 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1371 attack attempt (file-image.rules)
* 1:46937 <-> ENABLED <-> INDICATOR-SHELLCODE ysoserial Java object deserialization exploit attempt (indicator-shellcode.rules) * 1:57605 <-> DISABLED <-> OS-WINDOWS Microsoft Windows HTTP protocol stack remote code execution attempt (os-windows.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091300.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:58155 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound beacon (malware-cnc.rules) * 3:58156 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1371 attack attempt (file-image.rules) * 3:58159 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1371 attack attempt (file-image.rules) * 3:58157 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1371 attack attempt (file-image.rules) * 3:58158 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1371 attack attempt (file-image.rules)
* 1:46937 <-> ENABLED <-> INDICATOR-SHELLCODE ysoserial Java object deserialization exploit attempt (indicator-shellcode.rules) * 1:57605 <-> DISABLED <-> OS-WINDOWS Microsoft Windows HTTP protocol stack remote code execution attempt (os-windows.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091101.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:58155 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound beacon (malware-cnc.rules) * 3:58158 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1371 attack attempt (file-image.rules) * 3:58159 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1371 attack attempt (file-image.rules) * 3:58156 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1371 attack attempt (file-image.rules) * 3:58157 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1371 attack attempt (file-image.rules)
* 1:57605 <-> DISABLED <-> OS-WINDOWS Microsoft Windows HTTP protocol stack remote code execution attempt (os-windows.rules) * 1:46937 <-> ENABLED <-> INDICATOR-SHELLCODE ysoserial Java object deserialization exploit attempt (indicator-shellcode.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3000.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:58155 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound beacon (snort3-malware-cnc.rules)
* 1:46937 <-> ENABLED <-> INDICATOR-SHELLCODE ysoserial Java object deserialization exploit attempt (snort3-indicator-shellcode.rules) * 1:57605 <-> DISABLED <-> OS-WINDOWS Microsoft Windows HTTP protocol stack remote code execution attempt (snort3-os-windows.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:58155 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound beacon (malware-cnc.rules)
* 1:57605 <-> DISABLED <-> OS-WINDOWS Microsoft Windows HTTP protocol stack remote code execution attempt (os-windows.rules) * 1:46937 <-> ENABLED <-> INDICATOR-SHELLCODE ysoserial Java object deserialization exploit attempt (indicator-shellcode.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.0.3.1.
The format of the file is:
gid:sid <-> Message
* 1:300050 <-> SERVER-OTHER Apache CouchDB remote privilege escalation attempt * 1:300051 <-> SERVER-WEBAPP Webmin show.cgi arbitrary command injection attempt * 1:58136 <-> OS-WINDOWS Microsoft Windows Win32k kernel driver privilege escalation attempt * 1:58137 <-> OS-WINDOWS Microsoft Windows Win32k kernel driver privilege escalation attempt * 1:58138 <-> MALWARE-OTHER Php.Webshell.R57 download attempt * 1:58139 <-> MALWARE-OTHER Php.Webshell.R57 upload attempt * 1:58140 <-> OS-WINDOWS Microsoft Windows CLFS local privilege escalation attempt * 1:58141 <-> OS-WINDOWS Microsoft Windows CLFS local privilege escalation attempt * 1:58142 <-> MALWARE-OTHER Php.Webshell.WorseLinux upload attempt * 1:58143 <-> MALWARE-OTHER Php.Webshell.WorseLinux download attempt * 1:58144 <-> MALWARE-OTHER Php.Webshell.WorseLinux download attempt * 1:58145 <-> MALWARE-OTHER Php.Webshell.WorseLinux upload attempt * 1:58146 <-> SERVER-OTHER Realtek Wifi Simple Config UPnP SUBSCRIBE callback buffer overflow attempt * 1:58147 <-> MALWARE-OTHER ASP.Webshell.RemExp download attempt * 1:58148 <-> MALWARE-OTHER ASP.Webshell.RemExp upload attempt * 1:58149 <-> MALWARE-OTHER Php.Webshell.Ayyildiz upload attempt * 1:58150 <-> MALWARE-OTHER Php.Webshell.Ayyildiz download attempt * 1:58151 <-> MALWARE-OTHER Php.Webshell.Ayyildiz upload attempt * 1:58152 <-> MALWARE-OTHER Php.Webshell.Ayyildiz download attempt * 3:58153 <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1373 attack attempt * 3:58154 <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1373 attack attempt
* 1:40689 <-> FILE-OTHER Microsoft Windows BLF file local privilege escalation attempt * 1:40690 <-> FILE-OTHER Microsoft Windows BLF file local privilege escalation attempt * 1:49191 <-> SERVER-WEBAPP Dell EMC Virtual Appliance Manager undocumented credential use attempt * 1:52243 <-> SERVER-WEBAPP D-Link DNS-320 ShareCenter command injection attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.0.3.4.
The format of the file is:
gid:sid <-> Message
* 1:300050 <-> SERVER-OTHER Apache CouchDB remote privilege escalation attempt * 1:300051 <-> SERVER-WEBAPP Webmin show.cgi arbitrary command injection attempt * 1:58136 <-> OS-WINDOWS Microsoft Windows Win32k kernel driver privilege escalation attempt * 1:58137 <-> OS-WINDOWS Microsoft Windows Win32k kernel driver privilege escalation attempt * 1:58138 <-> MALWARE-OTHER Php.Webshell.R57 download attempt * 1:58139 <-> MALWARE-OTHER Php.Webshell.R57 upload attempt * 1:58140 <-> OS-WINDOWS Microsoft Windows CLFS local privilege escalation attempt * 1:58141 <-> OS-WINDOWS Microsoft Windows CLFS local privilege escalation attempt * 1:58142 <-> MALWARE-OTHER Php.Webshell.WorseLinux upload attempt * 1:58143 <-> MALWARE-OTHER Php.Webshell.WorseLinux download attempt * 1:58144 <-> MALWARE-OTHER Php.Webshell.WorseLinux download attempt * 1:58145 <-> MALWARE-OTHER Php.Webshell.WorseLinux upload attempt * 1:58146 <-> SERVER-OTHER Realtek Wifi Simple Config UPnP SUBSCRIBE callback buffer overflow attempt * 1:58147 <-> MALWARE-OTHER ASP.Webshell.RemExp download attempt * 1:58148 <-> MALWARE-OTHER ASP.Webshell.RemExp upload attempt * 1:58149 <-> MALWARE-OTHER Php.Webshell.Ayyildiz upload attempt * 1:58150 <-> MALWARE-OTHER Php.Webshell.Ayyildiz download attempt * 1:58151 <-> MALWARE-OTHER Php.Webshell.Ayyildiz upload attempt * 1:58152 <-> MALWARE-OTHER Php.Webshell.Ayyildiz download attempt * 3:58153 <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1373 attack attempt * 3:58154 <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1373 attack attempt
* 1:40689 <-> FILE-OTHER Microsoft Windows BLF file local privilege escalation attempt * 1:40690 <-> FILE-OTHER Microsoft Windows BLF file local privilege escalation attempt * 1:49191 <-> SERVER-WEBAPP Dell EMC Virtual Appliance Manager undocumented credential use attempt * 1:52243 <-> SERVER-WEBAPP D-Link DNS-320 ShareCenter command injection attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.0.0.
The format of the file is:
gid:sid <-> Message
* 1:300050 <-> SERVER-OTHER Apache CouchDB remote privilege escalation attempt * 1:300051 <-> SERVER-WEBAPP Webmin show.cgi arbitrary command injection attempt * 1:58136 <-> OS-WINDOWS Microsoft Windows Win32k kernel driver privilege escalation attempt * 1:58137 <-> OS-WINDOWS Microsoft Windows Win32k kernel driver privilege escalation attempt * 1:58138 <-> MALWARE-OTHER Php.Webshell.R57 download attempt * 1:58139 <-> MALWARE-OTHER Php.Webshell.R57 upload attempt * 1:58140 <-> OS-WINDOWS Microsoft Windows CLFS local privilege escalation attempt * 1:58141 <-> OS-WINDOWS Microsoft Windows CLFS local privilege escalation attempt * 1:58142 <-> MALWARE-OTHER Php.Webshell.WorseLinux upload attempt * 1:58143 <-> MALWARE-OTHER Php.Webshell.WorseLinux download attempt * 1:58144 <-> MALWARE-OTHER Php.Webshell.WorseLinux download attempt * 1:58145 <-> MALWARE-OTHER Php.Webshell.WorseLinux upload attempt * 1:58146 <-> SERVER-OTHER Realtek Wifi Simple Config UPnP SUBSCRIBE callback buffer overflow attempt * 1:58147 <-> MALWARE-OTHER ASP.Webshell.RemExp download attempt * 1:58148 <-> MALWARE-OTHER ASP.Webshell.RemExp upload attempt * 1:58149 <-> MALWARE-OTHER Php.Webshell.Ayyildiz upload attempt * 1:58150 <-> MALWARE-OTHER Php.Webshell.Ayyildiz download attempt * 1:58151 <-> MALWARE-OTHER Php.Webshell.Ayyildiz upload attempt * 1:58152 <-> MALWARE-OTHER Php.Webshell.Ayyildiz download attempt * 3:58153 <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1373 attack attempt * 3:58154 <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1373 attack attempt
* 1:40689 <-> FILE-OTHER Microsoft Windows BLF file local privilege escalation attempt * 1:40690 <-> FILE-OTHER Microsoft Windows BLF file local privilege escalation attempt * 1:49191 <-> SERVER-WEBAPP Dell EMC Virtual Appliance Manager undocumented credential use attempt * 1:52243 <-> SERVER-WEBAPP D-Link DNS-320 ShareCenter command injection attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.0.1.
The format of the file is:
gid:sid <-> Message
* 1:300050 <-> SERVER-OTHER Apache CouchDB remote privilege escalation attempt * 1:300051 <-> SERVER-WEBAPP Webmin show.cgi arbitrary command injection attempt * 1:58136 <-> OS-WINDOWS Microsoft Windows Win32k kernel driver privilege escalation attempt * 1:58137 <-> OS-WINDOWS Microsoft Windows Win32k kernel driver privilege escalation attempt * 1:58138 <-> MALWARE-OTHER Php.Webshell.R57 download attempt * 1:58139 <-> MALWARE-OTHER Php.Webshell.R57 upload attempt * 1:58140 <-> OS-WINDOWS Microsoft Windows CLFS local privilege escalation attempt * 1:58141 <-> OS-WINDOWS Microsoft Windows CLFS local privilege escalation attempt * 1:58142 <-> MALWARE-OTHER Php.Webshell.WorseLinux upload attempt * 1:58143 <-> MALWARE-OTHER Php.Webshell.WorseLinux download attempt * 1:58144 <-> MALWARE-OTHER Php.Webshell.WorseLinux download attempt * 1:58145 <-> MALWARE-OTHER Php.Webshell.WorseLinux upload attempt * 1:58146 <-> SERVER-OTHER Realtek Wifi Simple Config UPnP SUBSCRIBE callback buffer overflow attempt * 1:58147 <-> MALWARE-OTHER ASP.Webshell.RemExp download attempt * 1:58148 <-> MALWARE-OTHER ASP.Webshell.RemExp upload attempt * 1:58149 <-> MALWARE-OTHER Php.Webshell.Ayyildiz upload attempt * 1:58150 <-> MALWARE-OTHER Php.Webshell.Ayyildiz download attempt * 1:58151 <-> MALWARE-OTHER Php.Webshell.Ayyildiz upload attempt * 1:58152 <-> MALWARE-OTHER Php.Webshell.Ayyildiz download attempt * 3:58153 <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1373 attack attempt * 3:58154 <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1373 attack attempt
* 1:40689 <-> FILE-OTHER Microsoft Windows BLF file local privilege escalation attempt * 1:40690 <-> FILE-OTHER Microsoft Windows BLF file local privilege escalation attempt * 1:49191 <-> SERVER-WEBAPP Dell EMC Virtual Appliance Manager undocumented credential use attempt * 1:52243 <-> SERVER-WEBAPP D-Link DNS-320 ShareCenter command injection attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.1.0.
The format of the file is:
gid:sid <-> Message
* 1:300050 <-> SERVER-OTHER Apache CouchDB remote privilege escalation attempt * 1:300051 <-> SERVER-WEBAPP Webmin show.cgi arbitrary command injection attempt * 1:58136 <-> OS-WINDOWS Microsoft Windows Win32k kernel driver privilege escalation attempt * 1:58137 <-> OS-WINDOWS Microsoft Windows Win32k kernel driver privilege escalation attempt * 1:58138 <-> MALWARE-OTHER Php.Webshell.R57 download attempt * 1:58139 <-> MALWARE-OTHER Php.Webshell.R57 upload attempt * 1:58140 <-> OS-WINDOWS Microsoft Windows CLFS local privilege escalation attempt * 1:58141 <-> OS-WINDOWS Microsoft Windows CLFS local privilege escalation attempt * 1:58142 <-> MALWARE-OTHER Php.Webshell.WorseLinux upload attempt * 1:58143 <-> MALWARE-OTHER Php.Webshell.WorseLinux download attempt * 1:58144 <-> MALWARE-OTHER Php.Webshell.WorseLinux download attempt * 1:58145 <-> MALWARE-OTHER Php.Webshell.WorseLinux upload attempt * 1:58146 <-> SERVER-OTHER Realtek Wifi Simple Config UPnP SUBSCRIBE callback buffer overflow attempt * 1:58147 <-> MALWARE-OTHER ASP.Webshell.RemExp download attempt * 1:58148 <-> MALWARE-OTHER ASP.Webshell.RemExp upload attempt * 1:58149 <-> MALWARE-OTHER Php.Webshell.Ayyildiz upload attempt * 1:58150 <-> MALWARE-OTHER Php.Webshell.Ayyildiz download attempt * 1:58151 <-> MALWARE-OTHER Php.Webshell.Ayyildiz upload attempt * 1:58152 <-> MALWARE-OTHER Php.Webshell.Ayyildiz download attempt * 3:58153 <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1373 attack attempt * 3:58154 <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1373 attack attempt
* 1:40689 <-> FILE-OTHER Microsoft Windows BLF file local privilege escalation attempt * 1:40690 <-> FILE-OTHER Microsoft Windows BLF file local privilege escalation attempt * 1:49191 <-> SERVER-WEBAPP Dell EMC Virtual Appliance Manager undocumented credential use attempt * 1:52243 <-> SERVER-WEBAPP D-Link DNS-320 ShareCenter command injection attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.3.0.
The format of the file is:
gid:sid <-> Message
* 1:300050 <-> SERVER-OTHER Apache CouchDB remote privilege escalation attempt * 1:300051 <-> SERVER-WEBAPP Webmin show.cgi arbitrary command injection attempt * 1:58136 <-> OS-WINDOWS Microsoft Windows Win32k kernel driver privilege escalation attempt * 1:58137 <-> OS-WINDOWS Microsoft Windows Win32k kernel driver privilege escalation attempt * 1:58138 <-> MALWARE-OTHER Php.Webshell.R57 download attempt * 1:58139 <-> MALWARE-OTHER Php.Webshell.R57 upload attempt * 1:58140 <-> OS-WINDOWS Microsoft Windows CLFS local privilege escalation attempt * 1:58141 <-> OS-WINDOWS Microsoft Windows CLFS local privilege escalation attempt * 1:58142 <-> MALWARE-OTHER Php.Webshell.WorseLinux upload attempt * 1:58143 <-> MALWARE-OTHER Php.Webshell.WorseLinux download attempt * 1:58144 <-> MALWARE-OTHER Php.Webshell.WorseLinux download attempt * 1:58145 <-> MALWARE-OTHER Php.Webshell.WorseLinux upload attempt * 1:58146 <-> SERVER-OTHER Realtek Wifi Simple Config UPnP SUBSCRIBE callback buffer overflow attempt * 1:58147 <-> MALWARE-OTHER ASP.Webshell.RemExp download attempt * 1:58148 <-> MALWARE-OTHER ASP.Webshell.RemExp upload attempt * 1:58149 <-> MALWARE-OTHER Php.Webshell.Ayyildiz upload attempt * 1:58150 <-> MALWARE-OTHER Php.Webshell.Ayyildiz download attempt * 1:58151 <-> MALWARE-OTHER Php.Webshell.Ayyildiz upload attempt * 1:58152 <-> MALWARE-OTHER Php.Webshell.Ayyildiz download attempt * 3:58153 <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1373 attack attempt * 3:58154 <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1373 attack attempt
* 1:40689 <-> FILE-OTHER Microsoft Windows BLF file local privilege escalation attempt * 1:40690 <-> FILE-OTHER Microsoft Windows BLF file local privilege escalation attempt * 1:49191 <-> SERVER-WEBAPP Dell EMC Virtual Appliance Manager undocumented credential use attempt * 1:52243 <-> SERVER-WEBAPP D-Link DNS-320 ShareCenter command injection attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.4.0.
The format of the file is:
gid:sid <-> Message
* 1:300050 <-> SERVER-OTHER Apache CouchDB remote privilege escalation attempt * 1:300051 <-> SERVER-WEBAPP Webmin show.cgi arbitrary command injection attempt * 1:58136 <-> OS-WINDOWS Microsoft Windows Win32k kernel driver privilege escalation attempt * 1:58137 <-> OS-WINDOWS Microsoft Windows Win32k kernel driver privilege escalation attempt * 1:58138 <-> MALWARE-OTHER Php.Webshell.R57 download attempt * 1:58139 <-> MALWARE-OTHER Php.Webshell.R57 upload attempt * 1:58140 <-> OS-WINDOWS Microsoft Windows CLFS local privilege escalation attempt * 1:58141 <-> OS-WINDOWS Microsoft Windows CLFS local privilege escalation attempt * 1:58142 <-> MALWARE-OTHER Php.Webshell.WorseLinux upload attempt * 1:58143 <-> MALWARE-OTHER Php.Webshell.WorseLinux download attempt * 1:58144 <-> MALWARE-OTHER Php.Webshell.WorseLinux download attempt * 1:58145 <-> MALWARE-OTHER Php.Webshell.WorseLinux upload attempt * 1:58146 <-> SERVER-OTHER Realtek Wifi Simple Config UPnP SUBSCRIBE callback buffer overflow attempt * 1:58147 <-> MALWARE-OTHER ASP.Webshell.RemExp download attempt * 1:58148 <-> MALWARE-OTHER ASP.Webshell.RemExp upload attempt * 1:58149 <-> MALWARE-OTHER Php.Webshell.Ayyildiz upload attempt * 1:58150 <-> MALWARE-OTHER Php.Webshell.Ayyildiz download attempt * 1:58151 <-> MALWARE-OTHER Php.Webshell.Ayyildiz upload attempt * 1:58152 <-> MALWARE-OTHER Php.Webshell.Ayyildiz download attempt * 3:58153 <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1373 attack attempt * 3:58154 <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1373 attack attempt
* 1:40689 <-> FILE-OTHER Microsoft Windows BLF file local privilege escalation attempt * 1:40690 <-> FILE-OTHER Microsoft Windows BLF file local privilege escalation attempt * 1:49191 <-> SERVER-WEBAPP Dell EMC Virtual Appliance Manager undocumented credential use attempt * 1:52243 <-> SERVER-WEBAPP D-Link DNS-320 ShareCenter command injection attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.5.0.
The format of the file is:
gid:sid <-> Message
* 1:300050 <-> SERVER-OTHER Apache CouchDB remote privilege escalation attempt * 1:300051 <-> SERVER-WEBAPP Webmin show.cgi arbitrary command injection attempt * 1:58136 <-> OS-WINDOWS Microsoft Windows Win32k kernel driver privilege escalation attempt * 1:58137 <-> OS-WINDOWS Microsoft Windows Win32k kernel driver privilege escalation attempt * 1:58138 <-> MALWARE-OTHER Php.Webshell.R57 download attempt * 1:58139 <-> MALWARE-OTHER Php.Webshell.R57 upload attempt * 1:58140 <-> OS-WINDOWS Microsoft Windows CLFS local privilege escalation attempt * 1:58141 <-> OS-WINDOWS Microsoft Windows CLFS local privilege escalation attempt * 1:58142 <-> MALWARE-OTHER Php.Webshell.WorseLinux upload attempt * 1:58143 <-> MALWARE-OTHER Php.Webshell.WorseLinux download attempt * 1:58144 <-> MALWARE-OTHER Php.Webshell.WorseLinux download attempt * 1:58145 <-> MALWARE-OTHER Php.Webshell.WorseLinux upload attempt * 1:58146 <-> SERVER-OTHER Realtek Wifi Simple Config UPnP SUBSCRIBE callback buffer overflow attempt * 1:58147 <-> MALWARE-OTHER ASP.Webshell.RemExp download attempt * 1:58148 <-> MALWARE-OTHER ASP.Webshell.RemExp upload attempt * 1:58149 <-> MALWARE-OTHER Php.Webshell.Ayyildiz upload attempt * 1:58150 <-> MALWARE-OTHER Php.Webshell.Ayyildiz download attempt * 1:58151 <-> MALWARE-OTHER Php.Webshell.Ayyildiz upload attempt * 1:58152 <-> MALWARE-OTHER Php.Webshell.Ayyildiz download attempt * 3:58153 <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1373 attack attempt * 3:58154 <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1373 attack attempt
* 1:40689 <-> FILE-OTHER Microsoft Windows BLF file local privilege escalation attempt * 1:40690 <-> FILE-OTHER Microsoft Windows BLF file local privilege escalation attempt * 1:49191 <-> SERVER-WEBAPP Dell EMC Virtual Appliance Manager undocumented credential use attempt * 1:52243 <-> SERVER-WEBAPP D-Link DNS-320 ShareCenter command injection attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.7.0.
The format of the file is:
gid:sid <-> Message
* 1:300050 <-> SERVER-OTHER Apache CouchDB remote privilege escalation attempt * 1:300051 <-> SERVER-WEBAPP Webmin show.cgi arbitrary command injection attempt * 1:58136 <-> OS-WINDOWS Microsoft Windows Win32k kernel driver privilege escalation attempt * 1:58137 <-> OS-WINDOWS Microsoft Windows Win32k kernel driver privilege escalation attempt * 1:58138 <-> MALWARE-OTHER Php.Webshell.R57 download attempt * 1:58139 <-> MALWARE-OTHER Php.Webshell.R57 upload attempt * 1:58140 <-> OS-WINDOWS Microsoft Windows CLFS local privilege escalation attempt * 1:58141 <-> OS-WINDOWS Microsoft Windows CLFS local privilege escalation attempt * 1:58142 <-> MALWARE-OTHER Php.Webshell.WorseLinux upload attempt * 1:58143 <-> MALWARE-OTHER Php.Webshell.WorseLinux download attempt * 1:58144 <-> MALWARE-OTHER Php.Webshell.WorseLinux download attempt * 1:58145 <-> MALWARE-OTHER Php.Webshell.WorseLinux upload attempt * 1:58146 <-> SERVER-OTHER Realtek Wifi Simple Config UPnP SUBSCRIBE callback buffer overflow attempt * 1:58147 <-> MALWARE-OTHER ASP.Webshell.RemExp download attempt * 1:58148 <-> MALWARE-OTHER ASP.Webshell.RemExp upload attempt * 1:58149 <-> MALWARE-OTHER Php.Webshell.Ayyildiz upload attempt * 1:58150 <-> MALWARE-OTHER Php.Webshell.Ayyildiz download attempt * 1:58151 <-> MALWARE-OTHER Php.Webshell.Ayyildiz upload attempt * 1:58152 <-> MALWARE-OTHER Php.Webshell.Ayyildiz download attempt * 3:58153 <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1373 attack attempt * 3:58154 <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1373 attack attempt
* 1:40689 <-> FILE-OTHER Microsoft Windows BLF file local privilege escalation attempt * 1:40690 <-> FILE-OTHER Microsoft Windows BLF file local privilege escalation attempt * 1:49191 <-> SERVER-WEBAPP Dell EMC Virtual Appliance Manager undocumented credential use attempt * 1:52243 <-> SERVER-WEBAPP D-Link DNS-320 ShareCenter command injection attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.9.0.
The format of the file is:
gid:sid <-> Message
* 1:300050 <-> SERVER-OTHER Apache CouchDB remote privilege escalation attempt * 1:300051 <-> SERVER-WEBAPP Webmin show.cgi arbitrary command injection attempt * 1:58136 <-> OS-WINDOWS Microsoft Windows Win32k kernel driver privilege escalation attempt * 1:58137 <-> OS-WINDOWS Microsoft Windows Win32k kernel driver privilege escalation attempt * 1:58138 <-> MALWARE-OTHER Php.Webshell.R57 download attempt * 1:58139 <-> MALWARE-OTHER Php.Webshell.R57 upload attempt * 1:58140 <-> OS-WINDOWS Microsoft Windows CLFS local privilege escalation attempt * 1:58141 <-> OS-WINDOWS Microsoft Windows CLFS local privilege escalation attempt * 1:58142 <-> MALWARE-OTHER Php.Webshell.WorseLinux upload attempt * 1:58143 <-> MALWARE-OTHER Php.Webshell.WorseLinux download attempt * 1:58144 <-> MALWARE-OTHER Php.Webshell.WorseLinux download attempt * 1:58145 <-> MALWARE-OTHER Php.Webshell.WorseLinux upload attempt * 1:58146 <-> SERVER-OTHER Realtek Wifi Simple Config UPnP SUBSCRIBE callback buffer overflow attempt * 1:58147 <-> MALWARE-OTHER ASP.Webshell.RemExp download attempt * 1:58148 <-> MALWARE-OTHER ASP.Webshell.RemExp upload attempt * 1:58149 <-> MALWARE-OTHER Php.Webshell.Ayyildiz upload attempt * 1:58150 <-> MALWARE-OTHER Php.Webshell.Ayyildiz download attempt * 1:58151 <-> MALWARE-OTHER Php.Webshell.Ayyildiz upload attempt * 1:58152 <-> MALWARE-OTHER Php.Webshell.Ayyildiz download attempt * 3:58153 <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1373 attack attempt * 3:58154 <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1373 attack attempt
* 1:40689 <-> FILE-OTHER Microsoft Windows BLF file local privilege escalation attempt * 1:40690 <-> FILE-OTHER Microsoft Windows BLF file local privilege escalation attempt * 1:49191 <-> SERVER-WEBAPP Dell EMC Virtual Appliance Manager undocumented credential use attempt * 1:52243 <-> SERVER-WEBAPP D-Link DNS-320 ShareCenter command injection attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.11.0.
The format of the file is:
gid:sid <-> Message
* 1:300050 <-> SERVER-OTHER Apache CouchDB remote privilege escalation attempt * 1:300051 <-> SERVER-WEBAPP Webmin show.cgi arbitrary command injection attempt * 1:58136 <-> OS-WINDOWS Microsoft Windows Win32k kernel driver privilege escalation attempt * 1:58137 <-> OS-WINDOWS Microsoft Windows Win32k kernel driver privilege escalation attempt * 1:58138 <-> MALWARE-OTHER Php.Webshell.R57 download attempt * 1:58139 <-> MALWARE-OTHER Php.Webshell.R57 upload attempt * 1:58140 <-> OS-WINDOWS Microsoft Windows CLFS local privilege escalation attempt * 1:58141 <-> OS-WINDOWS Microsoft Windows CLFS local privilege escalation attempt * 1:58142 <-> MALWARE-OTHER Php.Webshell.WorseLinux upload attempt * 1:58143 <-> MALWARE-OTHER Php.Webshell.WorseLinux download attempt * 1:58144 <-> MALWARE-OTHER Php.Webshell.WorseLinux download attempt * 1:58145 <-> MALWARE-OTHER Php.Webshell.WorseLinux upload attempt * 1:58146 <-> SERVER-OTHER Realtek Wifi Simple Config UPnP SUBSCRIBE callback buffer overflow attempt * 1:58147 <-> MALWARE-OTHER ASP.Webshell.RemExp download attempt * 1:58148 <-> MALWARE-OTHER ASP.Webshell.RemExp upload attempt * 1:58149 <-> MALWARE-OTHER Php.Webshell.Ayyildiz upload attempt * 1:58150 <-> MALWARE-OTHER Php.Webshell.Ayyildiz download attempt * 1:58151 <-> MALWARE-OTHER Php.Webshell.Ayyildiz upload attempt * 1:58152 <-> MALWARE-OTHER Php.Webshell.Ayyildiz download attempt * 3:58153 <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1373 attack attempt * 3:58154 <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1373 attack attempt
* 1:40689 <-> FILE-OTHER Microsoft Windows BLF file local privilege escalation attempt * 1:40690 <-> FILE-OTHER Microsoft Windows BLF file local privilege escalation attempt * 1:49191 <-> SERVER-WEBAPP Dell EMC Virtual Appliance Manager undocumented credential use attempt * 1:52243 <-> SERVER-WEBAPP D-Link DNS-320 ShareCenter command injection attempt
©2024 Cisco and/or its affiliates. Snort, the Snort and Pig logo are registered trademarks of Cisco. All rights reserved.
