Talos has added and modified multiple rules in the file-office, file-pdf, malware-cnc and server-webapp rule sets to provide coverage for emerging threats from these technologies.
For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091801.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:58348 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Generic upload attempt (malware-other.rules) * 1:58347 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Generic upload attempt (malware-other.rules) * 1:58349 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Generic upload attempt (malware-other.rules) * 1:58350 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Generic upload attempt (malware-other.rules) * 1:58351 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Generic upload attempt (malware-other.rules) * 1:58352 <-> DISABLED <-> SERVER-WEBAPP GE MDS PulseNET IntegrationXMLProcessorServlet UpdateProblemTickets XML external entity injection attempt (server-webapp.rules) * 1:58353 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess Node Quality_Reg ItemIdAry SQL injection attempt (server-webapp.rules) * 1:58354 <-> DISABLED <-> SERVER-WEBAPP MailEnable Enterprise Premium unauthenticated XML external entity injection attempt (server-webapp.rules) * 1:58355 <-> DISABLED <-> SERVER-WEBAPP GE MDS PulseNET HealthCheck arbitrary Java object deserialization attempt (server-webapp.rules) * 1:58356 <-> ENABLED <-> MALWARE-CNC Win.Trojan.DCRAT variant outbound connection (malware-cnc.rules) * 1:58357 <-> ENABLED <-> MALWARE-CNC Win.Trojan.DCRAT variant outbound connection (malware-cnc.rules) * 1:58358 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Quasar variant outbound connection (malware-cnc.rules) * 1:58359 <-> ENABLED <-> MALWARE-CNC Win.Trojan.DCRAT variant outbound connection (malware-cnc.rules) * 1:58360 <-> ENABLED <-> MALWARE-OTHER Andr.Downloader.AndroSpy shell script download attempt (malware-other.rules) * 1:58361 <-> ENABLED <-> MALWARE-OTHER Andr.Downloader.AndroSpy shell script download attempt (malware-other.rules) * 1:58362 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess Node BWSCADASoap GetNodeList SQL injection attempt (server-webapp.rules) * 1:58363 <-> DISABLED <-> SERVER-WEBAPP Online Learning Management System 1.0 RCE attempt (server-webapp.rules) * 1:58364 <-> DISABLED <-> SERVER-WEBAPP Online Learning Management System 1.0 RCE attempt (server-webapp.rules) * 1:58369 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Generic download attempt (malware-other.rules) * 1:58370 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Generic download attempt (malware-other.rules) * 1:58371 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Generic download attempt (malware-other.rules) * 1:58372 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Generic download attempt (malware-other.rules) * 1:58373 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Generic download attempt (malware-other.rules) * 3:58365 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2021-1386 attack attempt (file-office.rules) * 3:58366 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2021-1386 attack attempt (file-office.rules) * 3:58367 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2021-1387 attack attempt (file-pdf.rules) * 3:58368 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2021-1387 attack attempt (file-pdf.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091800.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:58348 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Generic upload attempt (malware-other.rules) * 1:58371 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Generic download attempt (malware-other.rules) * 1:58370 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Generic download attempt (malware-other.rules) * 1:58347 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Generic upload attempt (malware-other.rules) * 1:58350 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Generic upload attempt (malware-other.rules) * 1:58351 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Generic upload attempt (malware-other.rules) * 1:58353 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess Node Quality_Reg ItemIdAry SQL injection attempt (server-webapp.rules) * 1:58354 <-> DISABLED <-> SERVER-WEBAPP MailEnable Enterprise Premium unauthenticated XML external entity injection attempt (server-webapp.rules) * 1:58355 <-> DISABLED <-> SERVER-WEBAPP GE MDS PulseNET HealthCheck arbitrary Java object deserialization attempt (server-webapp.rules) * 1:58357 <-> ENABLED <-> MALWARE-CNC Win.Trojan.DCRAT variant outbound connection (malware-cnc.rules) * 1:58358 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Quasar variant outbound connection (malware-cnc.rules) * 1:58359 <-> ENABLED <-> MALWARE-CNC Win.Trojan.DCRAT variant outbound connection (malware-cnc.rules) * 1:58360 <-> ENABLED <-> MALWARE-OTHER Andr.Downloader.AndroSpy shell script download attempt (malware-other.rules) * 1:58361 <-> ENABLED <-> MALWARE-OTHER Andr.Downloader.AndroSpy shell script download attempt (malware-other.rules) * 1:58362 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess Node BWSCADASoap GetNodeList SQL injection attempt (server-webapp.rules) * 1:58363 <-> DISABLED <-> SERVER-WEBAPP Online Learning Management System 1.0 RCE attempt (server-webapp.rules) * 1:58364 <-> DISABLED <-> SERVER-WEBAPP Online Learning Management System 1.0 RCE attempt (server-webapp.rules) * 1:58372 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Generic download attempt (malware-other.rules) * 1:58373 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Generic download attempt (malware-other.rules) * 1:58349 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Generic upload attempt (malware-other.rules) * 1:58352 <-> DISABLED <-> SERVER-WEBAPP GE MDS PulseNET IntegrationXMLProcessorServlet UpdateProblemTickets XML external entity injection attempt (server-webapp.rules) * 1:58356 <-> ENABLED <-> MALWARE-CNC Win.Trojan.DCRAT variant outbound connection (malware-cnc.rules) * 1:58369 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Generic download attempt (malware-other.rules) * 3:58366 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2021-1386 attack attempt (file-office.rules) * 3:58367 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2021-1387 attack attempt (file-pdf.rules) * 3:58365 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2021-1386 attack attempt (file-office.rules) * 3:58368 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2021-1387 attack attempt (file-pdf.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091701.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:58372 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Generic download attempt (malware-other.rules) * 1:58371 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Generic download attempt (malware-other.rules) * 1:58348 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Generic upload attempt (malware-other.rules) * 1:58369 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Generic download attempt (malware-other.rules) * 1:58373 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Generic download attempt (malware-other.rules) * 1:58370 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Generic download attempt (malware-other.rules) * 1:58363 <-> DISABLED <-> SERVER-WEBAPP Online Learning Management System 1.0 RCE attempt (server-webapp.rules) * 1:58349 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Generic upload attempt (malware-other.rules) * 1:58351 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Generic upload attempt (malware-other.rules) * 1:58364 <-> DISABLED <-> SERVER-WEBAPP Online Learning Management System 1.0 RCE attempt (server-webapp.rules) * 1:58350 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Generic upload attempt (malware-other.rules) * 1:58356 <-> ENABLED <-> MALWARE-CNC Win.Trojan.DCRAT variant outbound connection (malware-cnc.rules) * 1:58361 <-> ENABLED <-> MALWARE-OTHER Andr.Downloader.AndroSpy shell script download attempt (malware-other.rules) * 1:58362 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess Node BWSCADASoap GetNodeList SQL injection attempt (server-webapp.rules) * 1:58352 <-> DISABLED <-> SERVER-WEBAPP GE MDS PulseNET IntegrationXMLProcessorServlet UpdateProblemTickets XML external entity injection attempt (server-webapp.rules) * 1:58347 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Generic upload attempt (malware-other.rules) * 1:58354 <-> DISABLED <-> SERVER-WEBAPP MailEnable Enterprise Premium unauthenticated XML external entity injection attempt (server-webapp.rules) * 1:58353 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess Node Quality_Reg ItemIdAry SQL injection attempt (server-webapp.rules) * 1:58355 <-> DISABLED <-> SERVER-WEBAPP GE MDS PulseNET HealthCheck arbitrary Java object deserialization attempt (server-webapp.rules) * 1:58357 <-> ENABLED <-> MALWARE-CNC Win.Trojan.DCRAT variant outbound connection (malware-cnc.rules) * 1:58358 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Quasar variant outbound connection (malware-cnc.rules) * 1:58360 <-> ENABLED <-> MALWARE-OTHER Andr.Downloader.AndroSpy shell script download attempt (malware-other.rules) * 1:58359 <-> ENABLED <-> MALWARE-CNC Win.Trojan.DCRAT variant outbound connection (malware-cnc.rules) * 3:58367 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2021-1387 attack attempt (file-pdf.rules) * 3:58368 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2021-1387 attack attempt (file-pdf.rules) * 3:58365 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2021-1386 attack attempt (file-office.rules) * 3:58366 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2021-1386 attack attempt (file-office.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091700.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:58371 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Generic download attempt (malware-other.rules) * 1:58369 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Generic download attempt (malware-other.rules) * 1:58363 <-> DISABLED <-> SERVER-WEBAPP Online Learning Management System 1.0 RCE attempt (server-webapp.rules) * 1:58364 <-> DISABLED <-> SERVER-WEBAPP Online Learning Management System 1.0 RCE attempt (server-webapp.rules) * 1:58347 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Generic upload attempt (malware-other.rules) * 1:58373 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Generic download attempt (malware-other.rules) * 1:58370 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Generic download attempt (malware-other.rules) * 1:58353 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess Node Quality_Reg ItemIdAry SQL injection attempt (server-webapp.rules) * 1:58348 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Generic upload attempt (malware-other.rules) * 1:58372 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Generic download attempt (malware-other.rules) * 1:58349 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Generic upload attempt (malware-other.rules) * 1:58350 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Generic upload attempt (malware-other.rules) * 1:58351 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Generic upload attempt (malware-other.rules) * 1:58352 <-> DISABLED <-> SERVER-WEBAPP GE MDS PulseNET IntegrationXMLProcessorServlet UpdateProblemTickets XML external entity injection attempt (server-webapp.rules) * 1:58355 <-> DISABLED <-> SERVER-WEBAPP GE MDS PulseNET HealthCheck arbitrary Java object deserialization attempt (server-webapp.rules) * 1:58357 <-> ENABLED <-> MALWARE-CNC Win.Trojan.DCRAT variant outbound connection (malware-cnc.rules) * 1:58356 <-> ENABLED <-> MALWARE-CNC Win.Trojan.DCRAT variant outbound connection (malware-cnc.rules) * 1:58359 <-> ENABLED <-> MALWARE-CNC Win.Trojan.DCRAT variant outbound connection (malware-cnc.rules) * 1:58354 <-> DISABLED <-> SERVER-WEBAPP MailEnable Enterprise Premium unauthenticated XML external entity injection attempt (server-webapp.rules) * 1:58361 <-> ENABLED <-> MALWARE-OTHER Andr.Downloader.AndroSpy shell script download attempt (malware-other.rules) * 1:58360 <-> ENABLED <-> MALWARE-OTHER Andr.Downloader.AndroSpy shell script download attempt (malware-other.rules) * 1:58358 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Quasar variant outbound connection (malware-cnc.rules) * 1:58362 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess Node BWSCADASoap GetNodeList SQL injection attempt (server-webapp.rules) * 3:58367 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2021-1387 attack attempt (file-pdf.rules) * 3:58365 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2021-1386 attack attempt (file-office.rules) * 3:58366 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2021-1386 attack attempt (file-office.rules) * 3:58368 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2021-1387 attack attempt (file-pdf.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091601.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:58350 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Generic upload attempt (malware-other.rules) * 1:58370 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Generic download attempt (malware-other.rules) * 1:58353 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess Node Quality_Reg ItemIdAry SQL injection attempt (server-webapp.rules) * 1:58354 <-> DISABLED <-> SERVER-WEBAPP MailEnable Enterprise Premium unauthenticated XML external entity injection attempt (server-webapp.rules) * 1:58349 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Generic upload attempt (malware-other.rules) * 1:58369 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Generic download attempt (malware-other.rules) * 1:58347 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Generic upload attempt (malware-other.rules) * 1:58373 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Generic download attempt (malware-other.rules) * 1:58356 <-> ENABLED <-> MALWARE-CNC Win.Trojan.DCRAT variant outbound connection (malware-cnc.rules) * 1:58352 <-> DISABLED <-> SERVER-WEBAPP GE MDS PulseNET IntegrationXMLProcessorServlet UpdateProblemTickets XML external entity injection attempt (server-webapp.rules) * 1:58371 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Generic download attempt (malware-other.rules) * 1:58348 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Generic upload attempt (malware-other.rules) * 1:58351 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Generic upload attempt (malware-other.rules) * 1:58355 <-> DISABLED <-> SERVER-WEBAPP GE MDS PulseNET HealthCheck arbitrary Java object deserialization attempt (server-webapp.rules) * 1:58357 <-> ENABLED <-> MALWARE-CNC Win.Trojan.DCRAT variant outbound connection (malware-cnc.rules) * 1:58358 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Quasar variant outbound connection (malware-cnc.rules) * 1:58359 <-> ENABLED <-> MALWARE-CNC Win.Trojan.DCRAT variant outbound connection (malware-cnc.rules) * 1:58360 <-> ENABLED <-> MALWARE-OTHER Andr.Downloader.AndroSpy shell script download attempt (malware-other.rules) * 1:58361 <-> ENABLED <-> MALWARE-OTHER Andr.Downloader.AndroSpy shell script download attempt (malware-other.rules) * 1:58362 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess Node BWSCADASoap GetNodeList SQL injection attempt (server-webapp.rules) * 1:58363 <-> DISABLED <-> SERVER-WEBAPP Online Learning Management System 1.0 RCE attempt (server-webapp.rules) * 1:58372 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Generic download attempt (malware-other.rules) * 1:58364 <-> DISABLED <-> SERVER-WEBAPP Online Learning Management System 1.0 RCE attempt (server-webapp.rules) * 3:58366 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2021-1386 attack attempt (file-office.rules) * 3:58365 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2021-1386 attack attempt (file-office.rules) * 3:58367 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2021-1387 attack attempt (file-pdf.rules) * 3:58368 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2021-1387 attack attempt (file-pdf.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091600.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:58372 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Generic download attempt (malware-other.rules) * 1:58352 <-> DISABLED <-> SERVER-WEBAPP GE MDS PulseNET IntegrationXMLProcessorServlet UpdateProblemTickets XML external entity injection attempt (server-webapp.rules) * 1:58373 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Generic download attempt (malware-other.rules) * 1:58349 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Generic upload attempt (malware-other.rules) * 1:58350 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Generic upload attempt (malware-other.rules) * 1:58347 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Generic upload attempt (malware-other.rules) * 1:58354 <-> DISABLED <-> SERVER-WEBAPP MailEnable Enterprise Premium unauthenticated XML external entity injection attempt (server-webapp.rules) * 1:58351 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Generic upload attempt (malware-other.rules) * 1:58358 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Quasar variant outbound connection (malware-cnc.rules) * 1:58371 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Generic download attempt (malware-other.rules) * 1:58348 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Generic upload attempt (malware-other.rules) * 1:58359 <-> ENABLED <-> MALWARE-CNC Win.Trojan.DCRAT variant outbound connection (malware-cnc.rules) * 1:58357 <-> ENABLED <-> MALWARE-CNC Win.Trojan.DCRAT variant outbound connection (malware-cnc.rules) * 1:58356 <-> ENABLED <-> MALWARE-CNC Win.Trojan.DCRAT variant outbound connection (malware-cnc.rules) * 1:58360 <-> ENABLED <-> MALWARE-OTHER Andr.Downloader.AndroSpy shell script download attempt (malware-other.rules) * 1:58361 <-> ENABLED <-> MALWARE-OTHER Andr.Downloader.AndroSpy shell script download attempt (malware-other.rules) * 1:58362 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess Node BWSCADASoap GetNodeList SQL injection attempt (server-webapp.rules) * 1:58363 <-> DISABLED <-> SERVER-WEBAPP Online Learning Management System 1.0 RCE attempt (server-webapp.rules) * 1:58364 <-> DISABLED <-> SERVER-WEBAPP Online Learning Management System 1.0 RCE attempt (server-webapp.rules) * 1:58369 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Generic download attempt (malware-other.rules) * 1:58370 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Generic download attempt (malware-other.rules) * 1:58353 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess Node Quality_Reg ItemIdAry SQL injection attempt (server-webapp.rules) * 1:58355 <-> DISABLED <-> SERVER-WEBAPP GE MDS PulseNET HealthCheck arbitrary Java object deserialization attempt (server-webapp.rules) * 3:58368 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2021-1387 attack attempt (file-pdf.rules) * 3:58366 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2021-1386 attack attempt (file-office.rules) * 3:58365 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2021-1386 attack attempt (file-office.rules) * 3:58367 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2021-1387 attack attempt (file-pdf.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091501.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:58369 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Generic download attempt (malware-other.rules) * 1:58373 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Generic download attempt (malware-other.rules) * 1:58349 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Generic upload attempt (malware-other.rules) * 1:58354 <-> DISABLED <-> SERVER-WEBAPP MailEnable Enterprise Premium unauthenticated XML external entity injection attempt (server-webapp.rules) * 1:58353 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess Node Quality_Reg ItemIdAry SQL injection attempt (server-webapp.rules) * 1:58370 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Generic download attempt (malware-other.rules) * 1:58355 <-> DISABLED <-> SERVER-WEBAPP GE MDS PulseNET HealthCheck arbitrary Java object deserialization attempt (server-webapp.rules) * 1:58352 <-> DISABLED <-> SERVER-WEBAPP GE MDS PulseNET IntegrationXMLProcessorServlet UpdateProblemTickets XML external entity injection attempt (server-webapp.rules) * 1:58364 <-> DISABLED <-> SERVER-WEBAPP Online Learning Management System 1.0 RCE attempt (server-webapp.rules) * 1:58348 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Generic upload attempt (malware-other.rules) * 1:58351 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Generic upload attempt (malware-other.rules) * 1:58372 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Generic download attempt (malware-other.rules) * 1:58350 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Generic upload attempt (malware-other.rules) * 1:58371 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Generic download attempt (malware-other.rules) * 1:58356 <-> ENABLED <-> MALWARE-CNC Win.Trojan.DCRAT variant outbound connection (malware-cnc.rules) * 1:58357 <-> ENABLED <-> MALWARE-CNC Win.Trojan.DCRAT variant outbound connection (malware-cnc.rules) * 1:58358 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Quasar variant outbound connection (malware-cnc.rules) * 1:58359 <-> ENABLED <-> MALWARE-CNC Win.Trojan.DCRAT variant outbound connection (malware-cnc.rules) * 1:58360 <-> ENABLED <-> MALWARE-OTHER Andr.Downloader.AndroSpy shell script download attempt (malware-other.rules) * 1:58361 <-> ENABLED <-> MALWARE-OTHER Andr.Downloader.AndroSpy shell script download attempt (malware-other.rules) * 1:58362 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess Node BWSCADASoap GetNodeList SQL injection attempt (server-webapp.rules) * 1:58363 <-> DISABLED <-> SERVER-WEBAPP Online Learning Management System 1.0 RCE attempt (server-webapp.rules) * 1:58347 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Generic upload attempt (malware-other.rules) * 3:58365 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2021-1386 attack attempt (file-office.rules) * 3:58367 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2021-1387 attack attempt (file-pdf.rules) * 3:58368 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2021-1387 attack attempt (file-pdf.rules) * 3:58366 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2021-1386 attack attempt (file-office.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091401.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:58353 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess Node Quality_Reg ItemIdAry SQL injection attempt (server-webapp.rules) * 1:58370 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Generic download attempt (malware-other.rules) * 1:58364 <-> DISABLED <-> SERVER-WEBAPP Online Learning Management System 1.0 RCE attempt (server-webapp.rules) * 1:58347 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Generic upload attempt (malware-other.rules) * 1:58348 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Generic upload attempt (malware-other.rules) * 1:58352 <-> DISABLED <-> SERVER-WEBAPP GE MDS PulseNET IntegrationXMLProcessorServlet UpdateProblemTickets XML external entity injection attempt (server-webapp.rules) * 1:58369 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Generic download attempt (malware-other.rules) * 1:58349 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Generic upload attempt (malware-other.rules) * 1:58356 <-> ENABLED <-> MALWARE-CNC Win.Trojan.DCRAT variant outbound connection (malware-cnc.rules) * 1:58363 <-> DISABLED <-> SERVER-WEBAPP Online Learning Management System 1.0 RCE attempt (server-webapp.rules) * 1:58354 <-> DISABLED <-> SERVER-WEBAPP MailEnable Enterprise Premium unauthenticated XML external entity injection attempt (server-webapp.rules) * 1:58355 <-> DISABLED <-> SERVER-WEBAPP GE MDS PulseNET HealthCheck arbitrary Java object deserialization attempt (server-webapp.rules) * 1:58371 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Generic download attempt (malware-other.rules) * 1:58359 <-> ENABLED <-> MALWARE-CNC Win.Trojan.DCRAT variant outbound connection (malware-cnc.rules) * 1:58358 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Quasar variant outbound connection (malware-cnc.rules) * 1:58361 <-> ENABLED <-> MALWARE-OTHER Andr.Downloader.AndroSpy shell script download attempt (malware-other.rules) * 1:58357 <-> ENABLED <-> MALWARE-CNC Win.Trojan.DCRAT variant outbound connection (malware-cnc.rules) * 1:58360 <-> ENABLED <-> MALWARE-OTHER Andr.Downloader.AndroSpy shell script download attempt (malware-other.rules) * 1:58351 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Generic upload attempt (malware-other.rules) * 1:58362 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess Node BWSCADASoap GetNodeList SQL injection attempt (server-webapp.rules) * 1:58373 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Generic download attempt (malware-other.rules) * 1:58350 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Generic upload attempt (malware-other.rules) * 1:58372 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Generic download attempt (malware-other.rules) * 3:58368 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2021-1387 attack attempt (file-pdf.rules) * 3:58367 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2021-1387 attack attempt (file-pdf.rules) * 3:58366 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2021-1386 attack attempt (file-office.rules) * 3:58365 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2021-1386 attack attempt (file-office.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091300.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:58347 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Generic upload attempt (malware-other.rules) * 1:58355 <-> DISABLED <-> SERVER-WEBAPP GE MDS PulseNET HealthCheck arbitrary Java object deserialization attempt (server-webapp.rules) * 1:58373 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Generic download attempt (malware-other.rules) * 1:58364 <-> DISABLED <-> SERVER-WEBAPP Online Learning Management System 1.0 RCE attempt (server-webapp.rules) * 1:58371 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Generic download attempt (malware-other.rules) * 1:58349 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Generic upload attempt (malware-other.rules) * 1:58348 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Generic upload attempt (malware-other.rules) * 1:58372 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Generic download attempt (malware-other.rules) * 1:58362 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess Node BWSCADASoap GetNodeList SQL injection attempt (server-webapp.rules) * 1:58359 <-> ENABLED <-> MALWARE-CNC Win.Trojan.DCRAT variant outbound connection (malware-cnc.rules) * 1:58361 <-> ENABLED <-> MALWARE-OTHER Andr.Downloader.AndroSpy shell script download attempt (malware-other.rules) * 1:58350 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Generic upload attempt (malware-other.rules) * 1:58351 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Generic upload attempt (malware-other.rules) * 1:58370 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Generic download attempt (malware-other.rules) * 1:58363 <-> DISABLED <-> SERVER-WEBAPP Online Learning Management System 1.0 RCE attempt (server-webapp.rules) * 1:58352 <-> DISABLED <-> SERVER-WEBAPP GE MDS PulseNET IntegrationXMLProcessorServlet UpdateProblemTickets XML external entity injection attempt (server-webapp.rules) * 1:58369 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Generic download attempt (malware-other.rules) * 1:58353 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess Node Quality_Reg ItemIdAry SQL injection attempt (server-webapp.rules) * 1:58360 <-> ENABLED <-> MALWARE-OTHER Andr.Downloader.AndroSpy shell script download attempt (malware-other.rules) * 1:58357 <-> ENABLED <-> MALWARE-CNC Win.Trojan.DCRAT variant outbound connection (malware-cnc.rules) * 1:58354 <-> DISABLED <-> SERVER-WEBAPP MailEnable Enterprise Premium unauthenticated XML external entity injection attempt (server-webapp.rules) * 1:58358 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Quasar variant outbound connection (malware-cnc.rules) * 1:58356 <-> ENABLED <-> MALWARE-CNC Win.Trojan.DCRAT variant outbound connection (malware-cnc.rules) * 3:58366 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2021-1386 attack attempt (file-office.rules) * 3:58367 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2021-1387 attack attempt (file-pdf.rules) * 3:58365 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2021-1386 attack attempt (file-office.rules) * 3:58368 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2021-1387 attack attempt (file-pdf.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091101.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:58373 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Generic download attempt (malware-other.rules) * 1:58372 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Generic download attempt (malware-other.rules) * 1:58351 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Generic upload attempt (malware-other.rules) * 1:58352 <-> DISABLED <-> SERVER-WEBAPP GE MDS PulseNET IntegrationXMLProcessorServlet UpdateProblemTickets XML external entity injection attempt (server-webapp.rules) * 1:58369 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Generic download attempt (malware-other.rules) * 1:58354 <-> DISABLED <-> SERVER-WEBAPP MailEnable Enterprise Premium unauthenticated XML external entity injection attempt (server-webapp.rules) * 1:58353 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess Node Quality_Reg ItemIdAry SQL injection attempt (server-webapp.rules) * 1:58356 <-> ENABLED <-> MALWARE-CNC Win.Trojan.DCRAT variant outbound connection (malware-cnc.rules) * 1:58348 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Generic upload attempt (malware-other.rules) * 1:58364 <-> DISABLED <-> SERVER-WEBAPP Online Learning Management System 1.0 RCE attempt (server-webapp.rules) * 1:58357 <-> ENABLED <-> MALWARE-CNC Win.Trojan.DCRAT variant outbound connection (malware-cnc.rules) * 1:58358 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Quasar variant outbound connection (malware-cnc.rules) * 1:58350 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Generic upload attempt (malware-other.rules) * 1:58349 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Generic upload attempt (malware-other.rules) * 1:58359 <-> ENABLED <-> MALWARE-CNC Win.Trojan.DCRAT variant outbound connection (malware-cnc.rules) * 1:58360 <-> ENABLED <-> MALWARE-OTHER Andr.Downloader.AndroSpy shell script download attempt (malware-other.rules) * 1:58371 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Generic download attempt (malware-other.rules) * 1:58347 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Generic upload attempt (malware-other.rules) * 1:58361 <-> ENABLED <-> MALWARE-OTHER Andr.Downloader.AndroSpy shell script download attempt (malware-other.rules) * 1:58362 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess Node BWSCADASoap GetNodeList SQL injection attempt (server-webapp.rules) * 1:58363 <-> DISABLED <-> SERVER-WEBAPP Online Learning Management System 1.0 RCE attempt (server-webapp.rules) * 1:58370 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Generic download attempt (malware-other.rules) * 1:58355 <-> DISABLED <-> SERVER-WEBAPP GE MDS PulseNET HealthCheck arbitrary Java object deserialization attempt (server-webapp.rules) * 3:58365 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2021-1386 attack attempt (file-office.rules) * 3:58366 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2021-1386 attack attempt (file-office.rules) * 3:58367 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2021-1387 attack attempt (file-pdf.rules) * 3:58368 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2021-1387 attack attempt (file-pdf.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3000.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:58351 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Generic upload attempt (snort3-malware-other.rules) * 1:58356 <-> ENABLED <-> MALWARE-CNC Win.Trojan.DCRAT variant outbound connection (snort3-malware-cnc.rules) * 1:58354 <-> DISABLED <-> SERVER-WEBAPP MailEnable Enterprise Premium unauthenticated XML external entity injection attempt (snort3-server-webapp.rules) * 1:58348 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Generic upload attempt (snort3-malware-other.rules) * 1:58373 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Generic download attempt (snort3-malware-other.rules) * 1:58361 <-> ENABLED <-> MALWARE-OTHER Andr.Downloader.AndroSpy shell script download attempt (snort3-malware-other.rules) * 1:58369 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Generic download attempt (snort3-malware-other.rules) * 1:58363 <-> DISABLED <-> SERVER-WEBAPP Online Learning Management System 1.0 RCE attempt (snort3-server-webapp.rules) * 1:58370 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Generic download attempt (snort3-malware-other.rules) * 1:58357 <-> ENABLED <-> MALWARE-CNC Win.Trojan.DCRAT variant outbound connection (snort3-malware-cnc.rules) * 1:58372 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Generic download attempt (snort3-malware-other.rules) * 1:58358 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Quasar variant outbound connection (snort3-malware-cnc.rules) * 1:58359 <-> ENABLED <-> MALWARE-CNC Win.Trojan.DCRAT variant outbound connection (snort3-malware-cnc.rules) * 1:58353 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess Node Quality_Reg ItemIdAry SQL injection attempt (snort3-server-webapp.rules) * 1:58360 <-> ENABLED <-> MALWARE-OTHER Andr.Downloader.AndroSpy shell script download attempt (snort3-malware-other.rules) * 1:58349 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Generic upload attempt (snort3-malware-other.rules) * 1:58364 <-> DISABLED <-> SERVER-WEBAPP Online Learning Management System 1.0 RCE attempt (snort3-server-webapp.rules) * 1:58355 <-> DISABLED <-> SERVER-WEBAPP GE MDS PulseNET HealthCheck arbitrary Java object deserialization attempt (snort3-server-webapp.rules) * 1:58350 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Generic upload attempt (snort3-malware-other.rules) * 1:58352 <-> DISABLED <-> SERVER-WEBAPP GE MDS PulseNET IntegrationXMLProcessorServlet UpdateProblemTickets XML external entity injection attempt (snort3-server-webapp.rules) * 1:58347 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Generic upload attempt (snort3-malware-other.rules) * 1:58371 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Generic download attempt (snort3-malware-other.rules) * 1:58362 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess Node BWSCADASoap GetNodeList SQL injection attempt (snort3-server-webapp.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:58369 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Generic download attempt (malware-other.rules) * 1:58347 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Generic upload attempt (malware-other.rules) * 1:58348 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Generic upload attempt (malware-other.rules) * 1:58349 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Generic upload attempt (malware-other.rules) * 1:58350 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Generic upload attempt (malware-other.rules) * 1:58364 <-> DISABLED <-> SERVER-WEBAPP Online Learning Management System 1.0 RCE attempt (server-webapp.rules) * 1:58370 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Generic download attempt (malware-other.rules) * 1:58372 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Generic download attempt (malware-other.rules) * 1:58351 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Generic upload attempt (malware-other.rules) * 1:58352 <-> DISABLED <-> SERVER-WEBAPP GE MDS PulseNET IntegrationXMLProcessorServlet UpdateProblemTickets XML external entity injection attempt (server-webapp.rules) * 1:58353 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess Node Quality_Reg ItemIdAry SQL injection attempt (server-webapp.rules) * 1:58354 <-> DISABLED <-> SERVER-WEBAPP MailEnable Enterprise Premium unauthenticated XML external entity injection attempt (server-webapp.rules) * 1:58355 <-> DISABLED <-> SERVER-WEBAPP GE MDS PulseNET HealthCheck arbitrary Java object deserialization attempt (server-webapp.rules) * 1:58356 <-> ENABLED <-> MALWARE-CNC Win.Trojan.DCRAT variant outbound connection (malware-cnc.rules) * 1:58357 <-> ENABLED <-> MALWARE-CNC Win.Trojan.DCRAT variant outbound connection (malware-cnc.rules) * 1:58371 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Generic download attempt (malware-other.rules) * 1:58373 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Generic download attempt (malware-other.rules) * 1:58358 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Quasar variant outbound connection (malware-cnc.rules) * 1:58359 <-> ENABLED <-> MALWARE-CNC Win.Trojan.DCRAT variant outbound connection (malware-cnc.rules) * 1:58360 <-> ENABLED <-> MALWARE-OTHER Andr.Downloader.AndroSpy shell script download attempt (malware-other.rules) * 1:58361 <-> ENABLED <-> MALWARE-OTHER Andr.Downloader.AndroSpy shell script download attempt (malware-other.rules) * 1:58362 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess Node BWSCADASoap GetNodeList SQL injection attempt (server-webapp.rules) * 1:58363 <-> DISABLED <-> SERVER-WEBAPP Online Learning Management System 1.0 RCE attempt (server-webapp.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.0.3.1.
The format of the file is:
gid:sid <-> Message
* 1:58347 <-> MALWARE-OTHER Php.Webshell.Generic upload attempt * 1:58348 <-> MALWARE-OTHER Php.Webshell.Generic upload attempt * 1:58349 <-> MALWARE-OTHER Php.Webshell.Generic upload attempt * 1:58350 <-> MALWARE-OTHER Php.Webshell.Generic upload attempt * 1:58351 <-> MALWARE-OTHER Php.Webshell.Generic upload attempt * 1:58352 <-> SERVER-WEBAPP GE MDS PulseNET IntegrationXMLProcessorServlet UpdateProblemTickets XML external entity injection attempt * 1:58353 <-> SERVER-WEBAPP Advantech WebAccess Node Quality_Reg ItemIdAry SQL injection attempt * 1:58354 <-> SERVER-WEBAPP MailEnable Enterprise Premium unauthenticated XML external entity injection attempt * 1:58355 <-> SERVER-WEBAPP GE MDS PulseNET HealthCheck arbitrary Java object deserialization attempt * 1:58356 <-> MALWARE-CNC Win.Trojan.DCRAT variant outbound connection * 1:58357 <-> MALWARE-CNC Win.Trojan.DCRAT variant outbound connection * 1:58358 <-> MALWARE-CNC Win.Trojan.Quasar variant outbound connection * 1:58359 <-> MALWARE-CNC Win.Trojan.DCRAT variant outbound connection * 1:58360 <-> MALWARE-OTHER Andr.Downloader.AndroSpy shell script download attempt * 1:58361 <-> MALWARE-OTHER Andr.Downloader.AndroSpy shell script download attempt * 1:58362 <-> SERVER-WEBAPP Advantech WebAccess Node BWSCADASoap GetNodeList SQL injection attempt * 1:58363 <-> SERVER-WEBAPP Online Learning Management System 1.0 RCE attempt * 1:58364 <-> SERVER-WEBAPP Online Learning Management System 1.0 RCE attempt * 3:58365 <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2021-1386 attack attempt * 3:58366 <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2021-1386 attack attempt * 3:58367 <-> FILE-PDF TRUFFLEHUNTER TALOS-2021-1387 attack attempt * 3:58368 <-> FILE-PDF TRUFFLEHUNTER TALOS-2021-1387 attack attempt * 1:58369 <-> MALWARE-OTHER Php.Webshell.Generic download attempt * 1:58370 <-> MALWARE-OTHER Php.Webshell.Generic download attempt * 1:58371 <-> MALWARE-OTHER Php.Webshell.Generic download attempt * 1:58372 <-> MALWARE-OTHER Php.Webshell.Generic download attempt * 1:58373 <-> MALWARE-OTHER Php.Webshell.Generic download attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.0.3.4.
The format of the file is:
gid:sid <-> Message
* 1:58347 <-> MALWARE-OTHER Php.Webshell.Generic upload attempt * 1:58348 <-> MALWARE-OTHER Php.Webshell.Generic upload attempt * 1:58349 <-> MALWARE-OTHER Php.Webshell.Generic upload attempt * 1:58350 <-> MALWARE-OTHER Php.Webshell.Generic upload attempt * 1:58351 <-> MALWARE-OTHER Php.Webshell.Generic upload attempt * 1:58352 <-> SERVER-WEBAPP GE MDS PulseNET IntegrationXMLProcessorServlet UpdateProblemTickets XML external entity injection attempt * 1:58353 <-> SERVER-WEBAPP Advantech WebAccess Node Quality_Reg ItemIdAry SQL injection attempt * 1:58354 <-> SERVER-WEBAPP MailEnable Enterprise Premium unauthenticated XML external entity injection attempt * 1:58355 <-> SERVER-WEBAPP GE MDS PulseNET HealthCheck arbitrary Java object deserialization attempt * 1:58356 <-> MALWARE-CNC Win.Trojan.DCRAT variant outbound connection * 1:58357 <-> MALWARE-CNC Win.Trojan.DCRAT variant outbound connection * 1:58358 <-> MALWARE-CNC Win.Trojan.Quasar variant outbound connection * 1:58359 <-> MALWARE-CNC Win.Trojan.DCRAT variant outbound connection * 1:58360 <-> MALWARE-OTHER Andr.Downloader.AndroSpy shell script download attempt * 1:58361 <-> MALWARE-OTHER Andr.Downloader.AndroSpy shell script download attempt * 1:58362 <-> SERVER-WEBAPP Advantech WebAccess Node BWSCADASoap GetNodeList SQL injection attempt * 1:58363 <-> SERVER-WEBAPP Online Learning Management System 1.0 RCE attempt * 1:58364 <-> SERVER-WEBAPP Online Learning Management System 1.0 RCE attempt * 3:58365 <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2021-1386 attack attempt * 3:58366 <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2021-1386 attack attempt * 3:58367 <-> FILE-PDF TRUFFLEHUNTER TALOS-2021-1387 attack attempt * 3:58368 <-> FILE-PDF TRUFFLEHUNTER TALOS-2021-1387 attack attempt * 1:58369 <-> MALWARE-OTHER Php.Webshell.Generic download attempt * 1:58370 <-> MALWARE-OTHER Php.Webshell.Generic download attempt * 1:58371 <-> MALWARE-OTHER Php.Webshell.Generic download attempt * 1:58372 <-> MALWARE-OTHER Php.Webshell.Generic download attempt * 1:58373 <-> MALWARE-OTHER Php.Webshell.Generic download attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.0.0.
The format of the file is:
gid:sid <-> Message
* 1:58347 <-> MALWARE-OTHER Php.Webshell.Generic upload attempt * 1:58348 <-> MALWARE-OTHER Php.Webshell.Generic upload attempt * 1:58349 <-> MALWARE-OTHER Php.Webshell.Generic upload attempt * 1:58350 <-> MALWARE-OTHER Php.Webshell.Generic upload attempt * 1:58351 <-> MALWARE-OTHER Php.Webshell.Generic upload attempt * 1:58352 <-> SERVER-WEBAPP GE MDS PulseNET IntegrationXMLProcessorServlet UpdateProblemTickets XML external entity injection attempt * 1:58353 <-> SERVER-WEBAPP Advantech WebAccess Node Quality_Reg ItemIdAry SQL injection attempt * 1:58354 <-> SERVER-WEBAPP MailEnable Enterprise Premium unauthenticated XML external entity injection attempt * 1:58355 <-> SERVER-WEBAPP GE MDS PulseNET HealthCheck arbitrary Java object deserialization attempt * 1:58356 <-> MALWARE-CNC Win.Trojan.DCRAT variant outbound connection * 1:58357 <-> MALWARE-CNC Win.Trojan.DCRAT variant outbound connection * 1:58358 <-> MALWARE-CNC Win.Trojan.Quasar variant outbound connection * 1:58359 <-> MALWARE-CNC Win.Trojan.DCRAT variant outbound connection * 1:58360 <-> MALWARE-OTHER Andr.Downloader.AndroSpy shell script download attempt * 1:58361 <-> MALWARE-OTHER Andr.Downloader.AndroSpy shell script download attempt * 1:58362 <-> SERVER-WEBAPP Advantech WebAccess Node BWSCADASoap GetNodeList SQL injection attempt * 1:58363 <-> SERVER-WEBAPP Online Learning Management System 1.0 RCE attempt * 1:58364 <-> SERVER-WEBAPP Online Learning Management System 1.0 RCE attempt * 3:58365 <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2021-1386 attack attempt * 3:58366 <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2021-1386 attack attempt * 3:58367 <-> FILE-PDF TRUFFLEHUNTER TALOS-2021-1387 attack attempt * 3:58368 <-> FILE-PDF TRUFFLEHUNTER TALOS-2021-1387 attack attempt * 1:58369 <-> MALWARE-OTHER Php.Webshell.Generic download attempt * 1:58370 <-> MALWARE-OTHER Php.Webshell.Generic download attempt * 1:58371 <-> MALWARE-OTHER Php.Webshell.Generic download attempt * 1:58372 <-> MALWARE-OTHER Php.Webshell.Generic download attempt * 1:58373 <-> MALWARE-OTHER Php.Webshell.Generic download attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.0.1.
The format of the file is:
gid:sid <-> Message
* 1:58347 <-> MALWARE-OTHER Php.Webshell.Generic upload attempt * 1:58348 <-> MALWARE-OTHER Php.Webshell.Generic upload attempt * 1:58349 <-> MALWARE-OTHER Php.Webshell.Generic upload attempt * 1:58350 <-> MALWARE-OTHER Php.Webshell.Generic upload attempt * 1:58351 <-> MALWARE-OTHER Php.Webshell.Generic upload attempt * 1:58352 <-> SERVER-WEBAPP GE MDS PulseNET IntegrationXMLProcessorServlet UpdateProblemTickets XML external entity injection attempt * 1:58353 <-> SERVER-WEBAPP Advantech WebAccess Node Quality_Reg ItemIdAry SQL injection attempt * 1:58354 <-> SERVER-WEBAPP MailEnable Enterprise Premium unauthenticated XML external entity injection attempt * 1:58355 <-> SERVER-WEBAPP GE MDS PulseNET HealthCheck arbitrary Java object deserialization attempt * 1:58356 <-> MALWARE-CNC Win.Trojan.DCRAT variant outbound connection * 1:58357 <-> MALWARE-CNC Win.Trojan.DCRAT variant outbound connection * 1:58358 <-> MALWARE-CNC Win.Trojan.Quasar variant outbound connection * 1:58359 <-> MALWARE-CNC Win.Trojan.DCRAT variant outbound connection * 1:58360 <-> MALWARE-OTHER Andr.Downloader.AndroSpy shell script download attempt * 1:58361 <-> MALWARE-OTHER Andr.Downloader.AndroSpy shell script download attempt * 1:58362 <-> SERVER-WEBAPP Advantech WebAccess Node BWSCADASoap GetNodeList SQL injection attempt * 1:58363 <-> SERVER-WEBAPP Online Learning Management System 1.0 RCE attempt * 1:58364 <-> SERVER-WEBAPP Online Learning Management System 1.0 RCE attempt * 3:58365 <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2021-1386 attack attempt * 3:58366 <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2021-1386 attack attempt * 3:58367 <-> FILE-PDF TRUFFLEHUNTER TALOS-2021-1387 attack attempt * 3:58368 <-> FILE-PDF TRUFFLEHUNTER TALOS-2021-1387 attack attempt * 1:58369 <-> MALWARE-OTHER Php.Webshell.Generic download attempt * 1:58370 <-> MALWARE-OTHER Php.Webshell.Generic download attempt * 1:58371 <-> MALWARE-OTHER Php.Webshell.Generic download attempt * 1:58372 <-> MALWARE-OTHER Php.Webshell.Generic download attempt * 1:58373 <-> MALWARE-OTHER Php.Webshell.Generic download attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.1.0.
The format of the file is:
gid:sid <-> Message
* 1:58347 <-> MALWARE-OTHER Php.Webshell.Generic upload attempt * 1:58348 <-> MALWARE-OTHER Php.Webshell.Generic upload attempt * 1:58349 <-> MALWARE-OTHER Php.Webshell.Generic upload attempt * 1:58350 <-> MALWARE-OTHER Php.Webshell.Generic upload attempt * 1:58351 <-> MALWARE-OTHER Php.Webshell.Generic upload attempt * 1:58352 <-> SERVER-WEBAPP GE MDS PulseNET IntegrationXMLProcessorServlet UpdateProblemTickets XML external entity injection attempt * 1:58353 <-> SERVER-WEBAPP Advantech WebAccess Node Quality_Reg ItemIdAry SQL injection attempt * 1:58354 <-> SERVER-WEBAPP MailEnable Enterprise Premium unauthenticated XML external entity injection attempt * 1:58355 <-> SERVER-WEBAPP GE MDS PulseNET HealthCheck arbitrary Java object deserialization attempt * 1:58356 <-> MALWARE-CNC Win.Trojan.DCRAT variant outbound connection * 1:58357 <-> MALWARE-CNC Win.Trojan.DCRAT variant outbound connection * 1:58358 <-> MALWARE-CNC Win.Trojan.Quasar variant outbound connection * 1:58359 <-> MALWARE-CNC Win.Trojan.DCRAT variant outbound connection * 1:58360 <-> MALWARE-OTHER Andr.Downloader.AndroSpy shell script download attempt * 1:58361 <-> MALWARE-OTHER Andr.Downloader.AndroSpy shell script download attempt * 1:58362 <-> SERVER-WEBAPP Advantech WebAccess Node BWSCADASoap GetNodeList SQL injection attempt * 1:58363 <-> SERVER-WEBAPP Online Learning Management System 1.0 RCE attempt * 1:58364 <-> SERVER-WEBAPP Online Learning Management System 1.0 RCE attempt * 3:58365 <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2021-1386 attack attempt * 3:58366 <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2021-1386 attack attempt * 3:58367 <-> FILE-PDF TRUFFLEHUNTER TALOS-2021-1387 attack attempt * 3:58368 <-> FILE-PDF TRUFFLEHUNTER TALOS-2021-1387 attack attempt * 1:58369 <-> MALWARE-OTHER Php.Webshell.Generic download attempt * 1:58370 <-> MALWARE-OTHER Php.Webshell.Generic download attempt * 1:58371 <-> MALWARE-OTHER Php.Webshell.Generic download attempt * 1:58372 <-> MALWARE-OTHER Php.Webshell.Generic download attempt * 1:58373 <-> MALWARE-OTHER Php.Webshell.Generic download attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.3.0.
The format of the file is:
gid:sid <-> Message
* 1:58347 <-> MALWARE-OTHER Php.Webshell.Generic upload attempt * 1:58348 <-> MALWARE-OTHER Php.Webshell.Generic upload attempt * 1:58349 <-> MALWARE-OTHER Php.Webshell.Generic upload attempt * 1:58350 <-> MALWARE-OTHER Php.Webshell.Generic upload attempt * 1:58351 <-> MALWARE-OTHER Php.Webshell.Generic upload attempt * 1:58352 <-> SERVER-WEBAPP GE MDS PulseNET IntegrationXMLProcessorServlet UpdateProblemTickets XML external entity injection attempt * 1:58353 <-> SERVER-WEBAPP Advantech WebAccess Node Quality_Reg ItemIdAry SQL injection attempt * 1:58354 <-> SERVER-WEBAPP MailEnable Enterprise Premium unauthenticated XML external entity injection attempt * 1:58355 <-> SERVER-WEBAPP GE MDS PulseNET HealthCheck arbitrary Java object deserialization attempt * 1:58356 <-> MALWARE-CNC Win.Trojan.DCRAT variant outbound connection * 1:58357 <-> MALWARE-CNC Win.Trojan.DCRAT variant outbound connection * 1:58358 <-> MALWARE-CNC Win.Trojan.Quasar variant outbound connection * 1:58359 <-> MALWARE-CNC Win.Trojan.DCRAT variant outbound connection * 1:58360 <-> MALWARE-OTHER Andr.Downloader.AndroSpy shell script download attempt * 1:58361 <-> MALWARE-OTHER Andr.Downloader.AndroSpy shell script download attempt * 1:58362 <-> SERVER-WEBAPP Advantech WebAccess Node BWSCADASoap GetNodeList SQL injection attempt * 1:58363 <-> SERVER-WEBAPP Online Learning Management System 1.0 RCE attempt * 1:58364 <-> SERVER-WEBAPP Online Learning Management System 1.0 RCE attempt * 3:58365 <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2021-1386 attack attempt * 3:58366 <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2021-1386 attack attempt * 3:58367 <-> FILE-PDF TRUFFLEHUNTER TALOS-2021-1387 attack attempt * 3:58368 <-> FILE-PDF TRUFFLEHUNTER TALOS-2021-1387 attack attempt * 1:58369 <-> MALWARE-OTHER Php.Webshell.Generic download attempt * 1:58370 <-> MALWARE-OTHER Php.Webshell.Generic download attempt * 1:58371 <-> MALWARE-OTHER Php.Webshell.Generic download attempt * 1:58372 <-> MALWARE-OTHER Php.Webshell.Generic download attempt * 1:58373 <-> MALWARE-OTHER Php.Webshell.Generic download attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.4.0.
The format of the file is:
gid:sid <-> Message
* 1:58347 <-> MALWARE-OTHER Php.Webshell.Generic upload attempt * 1:58348 <-> MALWARE-OTHER Php.Webshell.Generic upload attempt * 1:58349 <-> MALWARE-OTHER Php.Webshell.Generic upload attempt * 1:58350 <-> MALWARE-OTHER Php.Webshell.Generic upload attempt * 1:58351 <-> MALWARE-OTHER Php.Webshell.Generic upload attempt * 1:58352 <-> SERVER-WEBAPP GE MDS PulseNET IntegrationXMLProcessorServlet UpdateProblemTickets XML external entity injection attempt * 1:58353 <-> SERVER-WEBAPP Advantech WebAccess Node Quality_Reg ItemIdAry SQL injection attempt * 1:58354 <-> SERVER-WEBAPP MailEnable Enterprise Premium unauthenticated XML external entity injection attempt * 1:58355 <-> SERVER-WEBAPP GE MDS PulseNET HealthCheck arbitrary Java object deserialization attempt * 1:58356 <-> MALWARE-CNC Win.Trojan.DCRAT variant outbound connection * 1:58357 <-> MALWARE-CNC Win.Trojan.DCRAT variant outbound connection * 1:58358 <-> MALWARE-CNC Win.Trojan.Quasar variant outbound connection * 1:58359 <-> MALWARE-CNC Win.Trojan.DCRAT variant outbound connection * 1:58360 <-> MALWARE-OTHER Andr.Downloader.AndroSpy shell script download attempt * 1:58361 <-> MALWARE-OTHER Andr.Downloader.AndroSpy shell script download attempt * 1:58362 <-> SERVER-WEBAPP Advantech WebAccess Node BWSCADASoap GetNodeList SQL injection attempt * 1:58363 <-> SERVER-WEBAPP Online Learning Management System 1.0 RCE attempt * 1:58364 <-> SERVER-WEBAPP Online Learning Management System 1.0 RCE attempt * 3:58365 <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2021-1386 attack attempt * 3:58366 <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2021-1386 attack attempt * 3:58367 <-> FILE-PDF TRUFFLEHUNTER TALOS-2021-1387 attack attempt * 3:58368 <-> FILE-PDF TRUFFLEHUNTER TALOS-2021-1387 attack attempt * 1:58369 <-> MALWARE-OTHER Php.Webshell.Generic download attempt * 1:58370 <-> MALWARE-OTHER Php.Webshell.Generic download attempt * 1:58371 <-> MALWARE-OTHER Php.Webshell.Generic download attempt * 1:58372 <-> MALWARE-OTHER Php.Webshell.Generic download attempt * 1:58373 <-> MALWARE-OTHER Php.Webshell.Generic download attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.5.0.
The format of the file is:
gid:sid <-> Message
* 1:58347 <-> MALWARE-OTHER Php.Webshell.Generic upload attempt * 1:58348 <-> MALWARE-OTHER Php.Webshell.Generic upload attempt * 1:58349 <-> MALWARE-OTHER Php.Webshell.Generic upload attempt * 1:58350 <-> MALWARE-OTHER Php.Webshell.Generic upload attempt * 1:58351 <-> MALWARE-OTHER Php.Webshell.Generic upload attempt * 1:58352 <-> SERVER-WEBAPP GE MDS PulseNET IntegrationXMLProcessorServlet UpdateProblemTickets XML external entity injection attempt * 1:58353 <-> SERVER-WEBAPP Advantech WebAccess Node Quality_Reg ItemIdAry SQL injection attempt * 1:58354 <-> SERVER-WEBAPP MailEnable Enterprise Premium unauthenticated XML external entity injection attempt * 1:58355 <-> SERVER-WEBAPP GE MDS PulseNET HealthCheck arbitrary Java object deserialization attempt * 1:58356 <-> MALWARE-CNC Win.Trojan.DCRAT variant outbound connection * 1:58357 <-> MALWARE-CNC Win.Trojan.DCRAT variant outbound connection * 1:58358 <-> MALWARE-CNC Win.Trojan.Quasar variant outbound connection * 1:58359 <-> MALWARE-CNC Win.Trojan.DCRAT variant outbound connection * 1:58360 <-> MALWARE-OTHER Andr.Downloader.AndroSpy shell script download attempt * 1:58361 <-> MALWARE-OTHER Andr.Downloader.AndroSpy shell script download attempt * 1:58362 <-> SERVER-WEBAPP Advantech WebAccess Node BWSCADASoap GetNodeList SQL injection attempt * 1:58363 <-> SERVER-WEBAPP Online Learning Management System 1.0 RCE attempt * 1:58364 <-> SERVER-WEBAPP Online Learning Management System 1.0 RCE attempt * 3:58365 <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2021-1386 attack attempt * 3:58366 <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2021-1386 attack attempt * 3:58367 <-> FILE-PDF TRUFFLEHUNTER TALOS-2021-1387 attack attempt * 3:58368 <-> FILE-PDF TRUFFLEHUNTER TALOS-2021-1387 attack attempt * 1:58369 <-> MALWARE-OTHER Php.Webshell.Generic download attempt * 1:58370 <-> MALWARE-OTHER Php.Webshell.Generic download attempt * 1:58371 <-> MALWARE-OTHER Php.Webshell.Generic download attempt * 1:58372 <-> MALWARE-OTHER Php.Webshell.Generic download attempt * 1:58373 <-> MALWARE-OTHER Php.Webshell.Generic download attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.7.0.
The format of the file is:
gid:sid <-> Message
* 1:58347 <-> MALWARE-OTHER Php.Webshell.Generic upload attempt * 1:58348 <-> MALWARE-OTHER Php.Webshell.Generic upload attempt * 1:58349 <-> MALWARE-OTHER Php.Webshell.Generic upload attempt * 1:58350 <-> MALWARE-OTHER Php.Webshell.Generic upload attempt * 1:58351 <-> MALWARE-OTHER Php.Webshell.Generic upload attempt * 1:58352 <-> SERVER-WEBAPP GE MDS PulseNET IntegrationXMLProcessorServlet UpdateProblemTickets XML external entity injection attempt * 1:58353 <-> SERVER-WEBAPP Advantech WebAccess Node Quality_Reg ItemIdAry SQL injection attempt * 1:58354 <-> SERVER-WEBAPP MailEnable Enterprise Premium unauthenticated XML external entity injection attempt * 1:58355 <-> SERVER-WEBAPP GE MDS PulseNET HealthCheck arbitrary Java object deserialization attempt * 1:58356 <-> MALWARE-CNC Win.Trojan.DCRAT variant outbound connection * 1:58357 <-> MALWARE-CNC Win.Trojan.DCRAT variant outbound connection * 1:58358 <-> MALWARE-CNC Win.Trojan.Quasar variant outbound connection * 1:58359 <-> MALWARE-CNC Win.Trojan.DCRAT variant outbound connection * 1:58360 <-> MALWARE-OTHER Andr.Downloader.AndroSpy shell script download attempt * 1:58361 <-> MALWARE-OTHER Andr.Downloader.AndroSpy shell script download attempt * 1:58362 <-> SERVER-WEBAPP Advantech WebAccess Node BWSCADASoap GetNodeList SQL injection attempt * 1:58363 <-> SERVER-WEBAPP Online Learning Management System 1.0 RCE attempt * 1:58364 <-> SERVER-WEBAPP Online Learning Management System 1.0 RCE attempt * 3:58365 <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2021-1386 attack attempt * 3:58366 <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2021-1386 attack attempt * 3:58367 <-> FILE-PDF TRUFFLEHUNTER TALOS-2021-1387 attack attempt * 3:58368 <-> FILE-PDF TRUFFLEHUNTER TALOS-2021-1387 attack attempt * 1:58369 <-> MALWARE-OTHER Php.Webshell.Generic download attempt * 1:58370 <-> MALWARE-OTHER Php.Webshell.Generic download attempt * 1:58371 <-> MALWARE-OTHER Php.Webshell.Generic download attempt * 1:58372 <-> MALWARE-OTHER Php.Webshell.Generic download attempt * 1:58373 <-> MALWARE-OTHER Php.Webshell.Generic download attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.9.0.
The format of the file is:
gid:sid <-> Message
* 1:58347 <-> MALWARE-OTHER Php.Webshell.Generic upload attempt * 1:58348 <-> MALWARE-OTHER Php.Webshell.Generic upload attempt * 1:58349 <-> MALWARE-OTHER Php.Webshell.Generic upload attempt * 1:58350 <-> MALWARE-OTHER Php.Webshell.Generic upload attempt * 1:58351 <-> MALWARE-OTHER Php.Webshell.Generic upload attempt * 1:58352 <-> SERVER-WEBAPP GE MDS PulseNET IntegrationXMLProcessorServlet UpdateProblemTickets XML external entity injection attempt * 1:58353 <-> SERVER-WEBAPP Advantech WebAccess Node Quality_Reg ItemIdAry SQL injection attempt * 1:58354 <-> SERVER-WEBAPP MailEnable Enterprise Premium unauthenticated XML external entity injection attempt * 1:58355 <-> SERVER-WEBAPP GE MDS PulseNET HealthCheck arbitrary Java object deserialization attempt * 1:58356 <-> MALWARE-CNC Win.Trojan.DCRAT variant outbound connection * 1:58357 <-> MALWARE-CNC Win.Trojan.DCRAT variant outbound connection * 1:58358 <-> MALWARE-CNC Win.Trojan.Quasar variant outbound connection * 1:58359 <-> MALWARE-CNC Win.Trojan.DCRAT variant outbound connection * 1:58360 <-> MALWARE-OTHER Andr.Downloader.AndroSpy shell script download attempt * 1:58361 <-> MALWARE-OTHER Andr.Downloader.AndroSpy shell script download attempt * 1:58362 <-> SERVER-WEBAPP Advantech WebAccess Node BWSCADASoap GetNodeList SQL injection attempt * 1:58363 <-> SERVER-WEBAPP Online Learning Management System 1.0 RCE attempt * 1:58364 <-> SERVER-WEBAPP Online Learning Management System 1.0 RCE attempt * 3:58365 <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2021-1386 attack attempt * 3:58366 <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2021-1386 attack attempt * 3:58367 <-> FILE-PDF TRUFFLEHUNTER TALOS-2021-1387 attack attempt * 3:58368 <-> FILE-PDF TRUFFLEHUNTER TALOS-2021-1387 attack attempt * 1:58369 <-> MALWARE-OTHER Php.Webshell.Generic download attempt * 1:58370 <-> MALWARE-OTHER Php.Webshell.Generic download attempt * 1:58371 <-> MALWARE-OTHER Php.Webshell.Generic download attempt * 1:58372 <-> MALWARE-OTHER Php.Webshell.Generic download attempt * 1:58373 <-> MALWARE-OTHER Php.Webshell.Generic download attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.11.0.
The format of the file is:
gid:sid <-> Message
* 1:58347 <-> MALWARE-OTHER Php.Webshell.Generic upload attempt * 1:58348 <-> MALWARE-OTHER Php.Webshell.Generic upload attempt * 1:58349 <-> MALWARE-OTHER Php.Webshell.Generic upload attempt * 1:58350 <-> MALWARE-OTHER Php.Webshell.Generic upload attempt * 1:58351 <-> MALWARE-OTHER Php.Webshell.Generic upload attempt * 1:58352 <-> SERVER-WEBAPP GE MDS PulseNET IntegrationXMLProcessorServlet UpdateProblemTickets XML external entity injection attempt * 1:58353 <-> SERVER-WEBAPP Advantech WebAccess Node Quality_Reg ItemIdAry SQL injection attempt * 1:58354 <-> SERVER-WEBAPP MailEnable Enterprise Premium unauthenticated XML external entity injection attempt * 1:58355 <-> SERVER-WEBAPP GE MDS PulseNET HealthCheck arbitrary Java object deserialization attempt * 1:58356 <-> MALWARE-CNC Win.Trojan.DCRAT variant outbound connection * 1:58357 <-> MALWARE-CNC Win.Trojan.DCRAT variant outbound connection * 1:58358 <-> MALWARE-CNC Win.Trojan.Quasar variant outbound connection * 1:58359 <-> MALWARE-CNC Win.Trojan.DCRAT variant outbound connection * 1:58360 <-> MALWARE-OTHER Andr.Downloader.AndroSpy shell script download attempt * 1:58361 <-> MALWARE-OTHER Andr.Downloader.AndroSpy shell script download attempt * 1:58362 <-> SERVER-WEBAPP Advantech WebAccess Node BWSCADASoap GetNodeList SQL injection attempt * 1:58363 <-> SERVER-WEBAPP Online Learning Management System 1.0 RCE attempt * 1:58364 <-> SERVER-WEBAPP Online Learning Management System 1.0 RCE attempt * 3:58365 <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2021-1386 attack attempt * 3:58366 <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2021-1386 attack attempt * 3:58367 <-> FILE-PDF TRUFFLEHUNTER TALOS-2021-1387 attack attempt * 3:58368 <-> FILE-PDF TRUFFLEHUNTER TALOS-2021-1387 attack attempt * 1:58369 <-> MALWARE-OTHER Php.Webshell.Generic download attempt * 1:58370 <-> MALWARE-OTHER Php.Webshell.Generic download attempt * 1:58371 <-> MALWARE-OTHER Php.Webshell.Generic download attempt * 1:58372 <-> MALWARE-OTHER Php.Webshell.Generic download attempt * 1:58373 <-> MALWARE-OTHER Php.Webshell.Generic download attempt
©2024 Cisco and/or its affiliates. Snort, the Snort and Pig logo are registered trademarks of Cisco. All rights reserved.
