Talos Rules 2021-11-04
This release adds and modifies rules in several categories.

Talos has added and modified multiple rules in the browser-chrome, malware-cnc, malware-other and server-webapp rule sets to provide coverage for emerging threats from these technologies.

Change logs

2021-11-04 12:55:44 UTC

Snort Subscriber Rules Update

Date: 2021-11-04

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091801.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:58470 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Deep Discovery Email Inspector Virtual Appliance policy_setting arbitrary PHP file upload attempt (server-webapp.rules)
 * 1:58471 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet SQL injection attempt (server-webapp.rules)
 * 1:58472 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet SQL injection attempt (server-webapp.rules)
 * 1:58473 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet SQL injection attempt (server-webapp.rules)
 * 1:58474 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager TreeUserControl_process_tree_event XML external entity injection attempt (server-webapp.rules)
 * 1:58475 <-> DISABLED <-> SERVER-WEBAPP Oracle WebLogic Server DeploymentService directory traversal attempt (server-webapp.rules)
 * 1:58476 <-> DISABLED <-> SERVER-WEBAPP Oracle WebLogic Server DeploymentService directory traversal attempt (server-webapp.rules)
 * 1:58477 <-> DISABLED <-> POLICY-OTHER Quest Foglight Evolve hardcoded credentials login attempt (policy-other.rules)
 * 1:58487 <-> DISABLED <-> SERVER-WEBAPP WordPress Snap Creek Duplicator and Duplicator Pro plugins directory traversal attempt (server-webapp.rules)
 * 1:58491 <-> ENABLED <-> MALWARE-OTHER Tool.Webshell.Generic download attempt (malware-other.rules)
 * 1:58492 <-> ENABLED <-> MALWARE-OTHER Tool.Webshell.Generic upload attempt (malware-other.rules)
 * 1:58493 <-> ENABLED <-> MALWARE-OTHER Tool.Webshell.Generic upload attempt (malware-other.rules)
 * 1:58494 <-> ENABLED <-> MALWARE-OTHER Tool.Webshell.Generic download attempt (malware-other.rules)
 * 1:58495 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.Magniber variant beacon (malware-cnc.rules)
 * 3:58489 <-> ENABLED <-> BROWSER-CHROME TRUFFLEHUNTER TALOS-2021-1398 attack attempt (browser-chrome.rules)
 * 3:58478 <-> ENABLED <-> SERVER-WEBAPP Cisco Catalyst PON Series ONT command injection attempt (server-webapp.rules)
 * 3:58479 <-> ENABLED <-> SERVER-WEBAPP Cisco Catalyst PON Series ONT command injection attempt (server-webapp.rules)
 * 3:58480 <-> ENABLED <-> SERVER-WEBAPP Cisco Catalyst PON Series ONT command injection attempt (server-webapp.rules)
 * 3:58481 <-> ENABLED <-> SERVER-WEBAPP Cisco Catalyst PON Series ONT command injection attempt (server-webapp.rules)
 * 3:58482 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules)
 * 3:58483 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules)
 * 3:58484 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules)
 * 3:58485 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules)
 * 3:58486 <-> ENABLED <-> POLICY-OTHER Cisco Catalyst PON Series ONT enable telnet request detected (policy-other.rules)
 * 3:58490 <-> ENABLED <-> BROWSER-CHROME TRUFFLEHUNTER TALOS-2021-1398 attack attempt (browser-chrome.rules)
 * 3:58488 <-> ENABLED <-> POLICY-OTHER Cisco Catalyst PON Series ONT default credential login detected (policy-other.rules)

Modified Rules:


 * 1:57918 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center MibFileServlet directory traversal attempt (server-webapp.rules)

2021-11-04 12:55:44 UTC

Snort Subscriber Rules Update

Date: 2021-11-04

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091800.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:58472 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet SQL injection attempt (server-webapp.rules)
 * 1:58495 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.Magniber variant beacon (malware-cnc.rules)
 * 1:58493 <-> ENABLED <-> MALWARE-OTHER Tool.Webshell.Generic upload attempt (malware-other.rules)
 * 1:58474 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager TreeUserControl_process_tree_event XML external entity injection attempt (server-webapp.rules)
 * 1:58471 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet SQL injection attempt (server-webapp.rules)
 * 1:58473 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet SQL injection attempt (server-webapp.rules)
 * 1:58470 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Deep Discovery Email Inspector Virtual Appliance policy_setting arbitrary PHP file upload attempt (server-webapp.rules)
 * 1:58494 <-> ENABLED <-> MALWARE-OTHER Tool.Webshell.Generic download attempt (malware-other.rules)
 * 1:58492 <-> ENABLED <-> MALWARE-OTHER Tool.Webshell.Generic upload attempt (malware-other.rules)
 * 1:58475 <-> DISABLED <-> SERVER-WEBAPP Oracle WebLogic Server DeploymentService directory traversal attempt (server-webapp.rules)
 * 1:58477 <-> DISABLED <-> POLICY-OTHER Quest Foglight Evolve hardcoded credentials login attempt (policy-other.rules)
 * 1:58476 <-> DISABLED <-> SERVER-WEBAPP Oracle WebLogic Server DeploymentService directory traversal attempt (server-webapp.rules)
 * 1:58491 <-> ENABLED <-> MALWARE-OTHER Tool.Webshell.Generic download attempt (malware-other.rules)
 * 1:58487 <-> DISABLED <-> SERVER-WEBAPP WordPress Snap Creek Duplicator and Duplicator Pro plugins directory traversal attempt (server-webapp.rules)
 * 3:58489 <-> ENABLED <-> BROWSER-CHROME TRUFFLEHUNTER TALOS-2021-1398 attack attempt (browser-chrome.rules)
 * 3:58478 <-> ENABLED <-> SERVER-WEBAPP Cisco Catalyst PON Series ONT command injection attempt (server-webapp.rules)
 * 3:58490 <-> ENABLED <-> BROWSER-CHROME TRUFFLEHUNTER TALOS-2021-1398 attack attempt (browser-chrome.rules)
 * 3:58479 <-> ENABLED <-> SERVER-WEBAPP Cisco Catalyst PON Series ONT command injection attempt (server-webapp.rules)
 * 3:58480 <-> ENABLED <-> SERVER-WEBAPP Cisco Catalyst PON Series ONT command injection attempt (server-webapp.rules)
 * 3:58481 <-> ENABLED <-> SERVER-WEBAPP Cisco Catalyst PON Series ONT command injection attempt (server-webapp.rules)
 * 3:58482 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules)
 * 3:58483 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules)
 * 3:58488 <-> ENABLED <-> POLICY-OTHER Cisco Catalyst PON Series ONT default credential login detected (policy-other.rules)
 * 3:58484 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules)
 * 3:58485 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules)
 * 3:58486 <-> ENABLED <-> POLICY-OTHER Cisco Catalyst PON Series ONT enable telnet request detected (policy-other.rules)

Modified Rules:


 * 1:57918 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center MibFileServlet directory traversal attempt (server-webapp.rules)

2021-11-04 12:55:44 UTC

Snort Subscriber Rules Update

Date: 2021-11-04

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091701.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:58470 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Deep Discovery Email Inspector Virtual Appliance policy_setting arbitrary PHP file upload attempt (server-webapp.rules)
 * 1:58493 <-> ENABLED <-> MALWARE-OTHER Tool.Webshell.Generic upload attempt (malware-other.rules)
 * 1:58492 <-> ENABLED <-> MALWARE-OTHER Tool.Webshell.Generic upload attempt (malware-other.rules)
 * 1:58474 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager TreeUserControl_process_tree_event XML external entity injection attempt (server-webapp.rules)
 * 1:58495 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.Magniber variant beacon (malware-cnc.rules)
 * 1:58494 <-> ENABLED <-> MALWARE-OTHER Tool.Webshell.Generic download attempt (malware-other.rules)
 * 1:58472 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet SQL injection attempt (server-webapp.rules)
 * 1:58473 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet SQL injection attempt (server-webapp.rules)
 * 1:58477 <-> DISABLED <-> POLICY-OTHER Quest Foglight Evolve hardcoded credentials login attempt (policy-other.rules)
 * 1:58475 <-> DISABLED <-> SERVER-WEBAPP Oracle WebLogic Server DeploymentService directory traversal attempt (server-webapp.rules)
 * 1:58476 <-> DISABLED <-> SERVER-WEBAPP Oracle WebLogic Server DeploymentService directory traversal attempt (server-webapp.rules)
 * 1:58491 <-> ENABLED <-> MALWARE-OTHER Tool.Webshell.Generic download attempt (malware-other.rules)
 * 1:58487 <-> DISABLED <-> SERVER-WEBAPP WordPress Snap Creek Duplicator and Duplicator Pro plugins directory traversal attempt (server-webapp.rules)
 * 1:58471 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet SQL injection attempt (server-webapp.rules)
 * 3:58478 <-> ENABLED <-> SERVER-WEBAPP Cisco Catalyst PON Series ONT command injection attempt (server-webapp.rules)
 * 3:58479 <-> ENABLED <-> SERVER-WEBAPP Cisco Catalyst PON Series ONT command injection attempt (server-webapp.rules)
 * 3:58489 <-> ENABLED <-> BROWSER-CHROME TRUFFLEHUNTER TALOS-2021-1398 attack attempt (browser-chrome.rules)
 * 3:58480 <-> ENABLED <-> SERVER-WEBAPP Cisco Catalyst PON Series ONT command injection attempt (server-webapp.rules)
 * 3:58481 <-> ENABLED <-> SERVER-WEBAPP Cisco Catalyst PON Series ONT command injection attempt (server-webapp.rules)
 * 3:58490 <-> ENABLED <-> BROWSER-CHROME TRUFFLEHUNTER TALOS-2021-1398 attack attempt (browser-chrome.rules)
 * 3:58482 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules)
 * 3:58483 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules)
 * 3:58484 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules)
 * 3:58485 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules)
 * 3:58486 <-> ENABLED <-> POLICY-OTHER Cisco Catalyst PON Series ONT enable telnet request detected (policy-other.rules)
 * 3:58488 <-> ENABLED <-> POLICY-OTHER Cisco Catalyst PON Series ONT default credential login detected (policy-other.rules)

Modified Rules:


 * 1:57918 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center MibFileServlet directory traversal attempt (server-webapp.rules)

2021-11-04 12:55:44 UTC

Snort Subscriber Rules Update

Date: 2021-11-04

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091700.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:58472 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet SQL injection attempt (server-webapp.rules)
 * 1:58494 <-> ENABLED <-> MALWARE-OTHER Tool.Webshell.Generic download attempt (malware-other.rules)
 * 1:58487 <-> DISABLED <-> SERVER-WEBAPP WordPress Snap Creek Duplicator and Duplicator Pro plugins directory traversal attempt (server-webapp.rules)
 * 1:58475 <-> DISABLED <-> SERVER-WEBAPP Oracle WebLogic Server DeploymentService directory traversal attempt (server-webapp.rules)
 * 1:58492 <-> ENABLED <-> MALWARE-OTHER Tool.Webshell.Generic upload attempt (malware-other.rules)
 * 1:58474 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager TreeUserControl_process_tree_event XML external entity injection attempt (server-webapp.rules)
 * 1:58493 <-> ENABLED <-> MALWARE-OTHER Tool.Webshell.Generic upload attempt (malware-other.rules)
 * 1:58495 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.Magniber variant beacon (malware-cnc.rules)
 * 1:58471 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet SQL injection attempt (server-webapp.rules)
 * 1:58491 <-> ENABLED <-> MALWARE-OTHER Tool.Webshell.Generic download attempt (malware-other.rules)
 * 1:58473 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet SQL injection attempt (server-webapp.rules)
 * 1:58477 <-> DISABLED <-> POLICY-OTHER Quest Foglight Evolve hardcoded credentials login attempt (policy-other.rules)
 * 1:58476 <-> DISABLED <-> SERVER-WEBAPP Oracle WebLogic Server DeploymentService directory traversal attempt (server-webapp.rules)
 * 1:58470 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Deep Discovery Email Inspector Virtual Appliance policy_setting arbitrary PHP file upload attempt (server-webapp.rules)
 * 3:58478 <-> ENABLED <-> SERVER-WEBAPP Cisco Catalyst PON Series ONT command injection attempt (server-webapp.rules)
 * 3:58479 <-> ENABLED <-> SERVER-WEBAPP Cisco Catalyst PON Series ONT command injection attempt (server-webapp.rules)
 * 3:58489 <-> ENABLED <-> BROWSER-CHROME TRUFFLEHUNTER TALOS-2021-1398 attack attempt (browser-chrome.rules)
 * 3:58480 <-> ENABLED <-> SERVER-WEBAPP Cisco Catalyst PON Series ONT command injection attempt (server-webapp.rules)
 * 3:58481 <-> ENABLED <-> SERVER-WEBAPP Cisco Catalyst PON Series ONT command injection attempt (server-webapp.rules)
 * 3:58482 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules)
 * 3:58483 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules)
 * 3:58484 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules)
 * 3:58485 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules)
 * 3:58490 <-> ENABLED <-> BROWSER-CHROME TRUFFLEHUNTER TALOS-2021-1398 attack attempt (browser-chrome.rules)
 * 3:58488 <-> ENABLED <-> POLICY-OTHER Cisco Catalyst PON Series ONT default credential login detected (policy-other.rules)
 * 3:58486 <-> ENABLED <-> POLICY-OTHER Cisco Catalyst PON Series ONT enable telnet request detected (policy-other.rules)

Modified Rules:


 * 1:57918 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center MibFileServlet directory traversal attempt (server-webapp.rules)

2021-11-04 12:55:44 UTC

Snort Subscriber Rules Update

Date: 2021-11-04

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091601.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:58473 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet SQL injection attempt (server-webapp.rules)
 * 1:58471 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet SQL injection attempt (server-webapp.rules)
 * 1:58470 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Deep Discovery Email Inspector Virtual Appliance policy_setting arbitrary PHP file upload attempt (server-webapp.rules)
 * 1:58495 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.Magniber variant beacon (malware-cnc.rules)
 * 1:58492 <-> ENABLED <-> MALWARE-OTHER Tool.Webshell.Generic upload attempt (malware-other.rules)
 * 1:58472 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet SQL injection attempt (server-webapp.rules)
 * 1:58493 <-> ENABLED <-> MALWARE-OTHER Tool.Webshell.Generic upload attempt (malware-other.rules)
 * 1:58474 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager TreeUserControl_process_tree_event XML external entity injection attempt (server-webapp.rules)
 * 1:58476 <-> DISABLED <-> SERVER-WEBAPP Oracle WebLogic Server DeploymentService directory traversal attempt (server-webapp.rules)
 * 1:58475 <-> DISABLED <-> SERVER-WEBAPP Oracle WebLogic Server DeploymentService directory traversal attempt (server-webapp.rules)
 * 1:58477 <-> DISABLED <-> POLICY-OTHER Quest Foglight Evolve hardcoded credentials login attempt (policy-other.rules)
 * 1:58494 <-> ENABLED <-> MALWARE-OTHER Tool.Webshell.Generic download attempt (malware-other.rules)
 * 1:58487 <-> DISABLED <-> SERVER-WEBAPP WordPress Snap Creek Duplicator and Duplicator Pro plugins directory traversal attempt (server-webapp.rules)
 * 1:58491 <-> ENABLED <-> MALWARE-OTHER Tool.Webshell.Generic download attempt (malware-other.rules)
 * 3:58489 <-> ENABLED <-> BROWSER-CHROME TRUFFLEHUNTER TALOS-2021-1398 attack attempt (browser-chrome.rules)
 * 3:58478 <-> ENABLED <-> SERVER-WEBAPP Cisco Catalyst PON Series ONT command injection attempt (server-webapp.rules)
 * 3:58479 <-> ENABLED <-> SERVER-WEBAPP Cisco Catalyst PON Series ONT command injection attempt (server-webapp.rules)
 * 3:58480 <-> ENABLED <-> SERVER-WEBAPP Cisco Catalyst PON Series ONT command injection attempt (server-webapp.rules)
 * 3:58481 <-> ENABLED <-> SERVER-WEBAPP Cisco Catalyst PON Series ONT command injection attempt (server-webapp.rules)
 * 3:58482 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules)
 * 3:58483 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules)
 * 3:58484 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules)
 * 3:58488 <-> ENABLED <-> POLICY-OTHER Cisco Catalyst PON Series ONT default credential login detected (policy-other.rules)
 * 3:58485 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules)
 * 3:58490 <-> ENABLED <-> BROWSER-CHROME TRUFFLEHUNTER TALOS-2021-1398 attack attempt (browser-chrome.rules)
 * 3:58486 <-> ENABLED <-> POLICY-OTHER Cisco Catalyst PON Series ONT enable telnet request detected (policy-other.rules)

Modified Rules:


 * 1:57918 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center MibFileServlet directory traversal attempt (server-webapp.rules)

2021-11-04 12:55:44 UTC

Snort Subscriber Rules Update

Date: 2021-11-04

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091600.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:58495 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.Magniber variant beacon (malware-cnc.rules)
 * 1:58477 <-> DISABLED <-> POLICY-OTHER Quest Foglight Evolve hardcoded credentials login attempt (policy-other.rules)
 * 1:58471 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet SQL injection attempt (server-webapp.rules)
 * 1:58473 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet SQL injection attempt (server-webapp.rules)
 * 1:58493 <-> ENABLED <-> MALWARE-OTHER Tool.Webshell.Generic upload attempt (malware-other.rules)
 * 1:58470 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Deep Discovery Email Inspector Virtual Appliance policy_setting arbitrary PHP file upload attempt (server-webapp.rules)
 * 1:58472 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet SQL injection attempt (server-webapp.rules)
 * 1:58475 <-> DISABLED <-> SERVER-WEBAPP Oracle WebLogic Server DeploymentService directory traversal attempt (server-webapp.rules)
 * 1:58494 <-> ENABLED <-> MALWARE-OTHER Tool.Webshell.Generic download attempt (malware-other.rules)
 * 1:58474 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager TreeUserControl_process_tree_event XML external entity injection attempt (server-webapp.rules)
 * 1:58476 <-> DISABLED <-> SERVER-WEBAPP Oracle WebLogic Server DeploymentService directory traversal attempt (server-webapp.rules)
 * 1:58487 <-> DISABLED <-> SERVER-WEBAPP WordPress Snap Creek Duplicator and Duplicator Pro plugins directory traversal attempt (server-webapp.rules)
 * 1:58492 <-> ENABLED <-> MALWARE-OTHER Tool.Webshell.Generic upload attempt (malware-other.rules)
 * 1:58491 <-> ENABLED <-> MALWARE-OTHER Tool.Webshell.Generic download attempt (malware-other.rules)
 * 3:58489 <-> ENABLED <-> BROWSER-CHROME TRUFFLEHUNTER TALOS-2021-1398 attack attempt (browser-chrome.rules)
 * 3:58488 <-> ENABLED <-> POLICY-OTHER Cisco Catalyst PON Series ONT default credential login detected (policy-other.rules)
 * 3:58478 <-> ENABLED <-> SERVER-WEBAPP Cisco Catalyst PON Series ONT command injection attempt (server-webapp.rules)
 * 3:58479 <-> ENABLED <-> SERVER-WEBAPP Cisco Catalyst PON Series ONT command injection attempt (server-webapp.rules)
 * 3:58480 <-> ENABLED <-> SERVER-WEBAPP Cisco Catalyst PON Series ONT command injection attempt (server-webapp.rules)
 * 3:58481 <-> ENABLED <-> SERVER-WEBAPP Cisco Catalyst PON Series ONT command injection attempt (server-webapp.rules)
 * 3:58482 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules)
 * 3:58483 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules)
 * 3:58484 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules)
 * 3:58485 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules)
 * 3:58490 <-> ENABLED <-> BROWSER-CHROME TRUFFLEHUNTER TALOS-2021-1398 attack attempt (browser-chrome.rules)
 * 3:58486 <-> ENABLED <-> POLICY-OTHER Cisco Catalyst PON Series ONT enable telnet request detected (policy-other.rules)

Modified Rules:


 * 1:57918 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center MibFileServlet directory traversal attempt (server-webapp.rules)

2021-11-04 12:55:44 UTC

Snort Subscriber Rules Update

Date: 2021-11-04

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091501.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:58473 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet SQL injection attempt (server-webapp.rules)
 * 1:58487 <-> DISABLED <-> SERVER-WEBAPP WordPress Snap Creek Duplicator and Duplicator Pro plugins directory traversal attempt (server-webapp.rules)
 * 1:58470 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Deep Discovery Email Inspector Virtual Appliance policy_setting arbitrary PHP file upload attempt (server-webapp.rules)
 * 1:58471 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet SQL injection attempt (server-webapp.rules)
 * 1:58472 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet SQL injection attempt (server-webapp.rules)
 * 1:58492 <-> ENABLED <-> MALWARE-OTHER Tool.Webshell.Generic upload attempt (malware-other.rules)
 * 1:58477 <-> DISABLED <-> POLICY-OTHER Quest Foglight Evolve hardcoded credentials login attempt (policy-other.rules)
 * 1:58494 <-> ENABLED <-> MALWARE-OTHER Tool.Webshell.Generic download attempt (malware-other.rules)
 * 1:58495 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.Magniber variant beacon (malware-cnc.rules)
 * 1:58474 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager TreeUserControl_process_tree_event XML external entity injection attempt (server-webapp.rules)
 * 1:58476 <-> DISABLED <-> SERVER-WEBAPP Oracle WebLogic Server DeploymentService directory traversal attempt (server-webapp.rules)
 * 1:58493 <-> ENABLED <-> MALWARE-OTHER Tool.Webshell.Generic upload attempt (malware-other.rules)
 * 1:58491 <-> ENABLED <-> MALWARE-OTHER Tool.Webshell.Generic download attempt (malware-other.rules)
 * 1:58475 <-> DISABLED <-> SERVER-WEBAPP Oracle WebLogic Server DeploymentService directory traversal attempt (server-webapp.rules)
 * 3:58488 <-> ENABLED <-> POLICY-OTHER Cisco Catalyst PON Series ONT default credential login detected (policy-other.rules)
 * 3:58478 <-> ENABLED <-> SERVER-WEBAPP Cisco Catalyst PON Series ONT command injection attempt (server-webapp.rules)
 * 3:58479 <-> ENABLED <-> SERVER-WEBAPP Cisco Catalyst PON Series ONT command injection attempt (server-webapp.rules)
 * 3:58480 <-> ENABLED <-> SERVER-WEBAPP Cisco Catalyst PON Series ONT command injection attempt (server-webapp.rules)
 * 3:58481 <-> ENABLED <-> SERVER-WEBAPP Cisco Catalyst PON Series ONT command injection attempt (server-webapp.rules)
 * 3:58482 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules)
 * 3:58489 <-> ENABLED <-> BROWSER-CHROME TRUFFLEHUNTER TALOS-2021-1398 attack attempt (browser-chrome.rules)
 * 3:58483 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules)
 * 3:58484 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules)
 * 3:58485 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules)
 * 3:58486 <-> ENABLED <-> POLICY-OTHER Cisco Catalyst PON Series ONT enable telnet request detected (policy-other.rules)
 * 3:58490 <-> ENABLED <-> BROWSER-CHROME TRUFFLEHUNTER TALOS-2021-1398 attack attempt (browser-chrome.rules)

Modified Rules:


 * 1:57918 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center MibFileServlet directory traversal attempt (server-webapp.rules)

2021-11-04 12:55:44 UTC

Snort Subscriber Rules Update

Date: 2021-11-04

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091401.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:58493 <-> ENABLED <-> MALWARE-OTHER Tool.Webshell.Generic upload attempt (malware-other.rules)
 * 1:58495 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.Magniber variant beacon (malware-cnc.rules)
 * 1:58470 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Deep Discovery Email Inspector Virtual Appliance policy_setting arbitrary PHP file upload attempt (server-webapp.rules)
 * 1:58491 <-> ENABLED <-> MALWARE-OTHER Tool.Webshell.Generic download attempt (malware-other.rules)
 * 1:58472 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet SQL injection attempt (server-webapp.rules)
 * 1:58473 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet SQL injection attempt (server-webapp.rules)
 * 1:58474 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager TreeUserControl_process_tree_event XML external entity injection attempt (server-webapp.rules)
 * 1:58475 <-> DISABLED <-> SERVER-WEBAPP Oracle WebLogic Server DeploymentService directory traversal attempt (server-webapp.rules)
 * 1:58494 <-> ENABLED <-> MALWARE-OTHER Tool.Webshell.Generic download attempt (malware-other.rules)
 * 1:58476 <-> DISABLED <-> SERVER-WEBAPP Oracle WebLogic Server DeploymentService directory traversal attempt (server-webapp.rules)
 * 1:58477 <-> DISABLED <-> POLICY-OTHER Quest Foglight Evolve hardcoded credentials login attempt (policy-other.rules)
 * 1:58471 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet SQL injection attempt (server-webapp.rules)
 * 1:58487 <-> DISABLED <-> SERVER-WEBAPP WordPress Snap Creek Duplicator and Duplicator Pro plugins directory traversal attempt (server-webapp.rules)
 * 1:58492 <-> ENABLED <-> MALWARE-OTHER Tool.Webshell.Generic upload attempt (malware-other.rules)
 * 3:58489 <-> ENABLED <-> BROWSER-CHROME TRUFFLEHUNTER TALOS-2021-1398 attack attempt (browser-chrome.rules)
 * 3:58490 <-> ENABLED <-> BROWSER-CHROME TRUFFLEHUNTER TALOS-2021-1398 attack attempt (browser-chrome.rules)
 * 3:58478 <-> ENABLED <-> SERVER-WEBAPP Cisco Catalyst PON Series ONT command injection attempt (server-webapp.rules)
 * 3:58479 <-> ENABLED <-> SERVER-WEBAPP Cisco Catalyst PON Series ONT command injection attempt (server-webapp.rules)
 * 3:58480 <-> ENABLED <-> SERVER-WEBAPP Cisco Catalyst PON Series ONT command injection attempt (server-webapp.rules)
 * 3:58481 <-> ENABLED <-> SERVER-WEBAPP Cisco Catalyst PON Series ONT command injection attempt (server-webapp.rules)
 * 3:58482 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules)
 * 3:58483 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules)
 * 3:58484 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules)
 * 3:58485 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules)
 * 3:58486 <-> ENABLED <-> POLICY-OTHER Cisco Catalyst PON Series ONT enable telnet request detected (policy-other.rules)
 * 3:58488 <-> ENABLED <-> POLICY-OTHER Cisco Catalyst PON Series ONT default credential login detected (policy-other.rules)

Modified Rules:


 * 1:57918 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center MibFileServlet directory traversal attempt (server-webapp.rules)

2021-11-04 12:55:44 UTC

Snort Subscriber Rules Update

Date: 2021-11-04

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091300.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:58495 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.Magniber variant beacon (malware-cnc.rules)
 * 1:58494 <-> ENABLED <-> MALWARE-OTHER Tool.Webshell.Generic download attempt (malware-other.rules)
 * 1:58475 <-> DISABLED <-> SERVER-WEBAPP Oracle WebLogic Server DeploymentService directory traversal attempt (server-webapp.rules)
 * 1:58492 <-> ENABLED <-> MALWARE-OTHER Tool.Webshell.Generic upload attempt (malware-other.rules)
 * 1:58491 <-> ENABLED <-> MALWARE-OTHER Tool.Webshell.Generic download attempt (malware-other.rules)
 * 1:58477 <-> DISABLED <-> POLICY-OTHER Quest Foglight Evolve hardcoded credentials login attempt (policy-other.rules)
 * 1:58472 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet SQL injection attempt (server-webapp.rules)
 * 1:58474 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager TreeUserControl_process_tree_event XML external entity injection attempt (server-webapp.rules)
 * 1:58487 <-> DISABLED <-> SERVER-WEBAPP WordPress Snap Creek Duplicator and Duplicator Pro plugins directory traversal attempt (server-webapp.rules)
 * 1:58493 <-> ENABLED <-> MALWARE-OTHER Tool.Webshell.Generic upload attempt (malware-other.rules)
 * 1:58476 <-> DISABLED <-> SERVER-WEBAPP Oracle WebLogic Server DeploymentService directory traversal attempt (server-webapp.rules)
 * 1:58473 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet SQL injection attempt (server-webapp.rules)
 * 1:58470 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Deep Discovery Email Inspector Virtual Appliance policy_setting arbitrary PHP file upload attempt (server-webapp.rules)
 * 1:58471 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet SQL injection attempt (server-webapp.rules)
 * 3:58489 <-> ENABLED <-> BROWSER-CHROME TRUFFLEHUNTER TALOS-2021-1398 attack attempt (browser-chrome.rules)
 * 3:58478 <-> ENABLED <-> SERVER-WEBAPP Cisco Catalyst PON Series ONT command injection attempt (server-webapp.rules)
 * 3:58479 <-> ENABLED <-> SERVER-WEBAPP Cisco Catalyst PON Series ONT command injection attempt (server-webapp.rules)
 * 3:58480 <-> ENABLED <-> SERVER-WEBAPP Cisco Catalyst PON Series ONT command injection attempt (server-webapp.rules)
 * 3:58481 <-> ENABLED <-> SERVER-WEBAPP Cisco Catalyst PON Series ONT command injection attempt (server-webapp.rules)
 * 3:58482 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules)
 * 3:58483 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules)
 * 3:58484 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules)
 * 3:58485 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules)
 * 3:58490 <-> ENABLED <-> BROWSER-CHROME TRUFFLEHUNTER TALOS-2021-1398 attack attempt (browser-chrome.rules)
 * 3:58486 <-> ENABLED <-> POLICY-OTHER Cisco Catalyst PON Series ONT enable telnet request detected (policy-other.rules)
 * 3:58488 <-> ENABLED <-> POLICY-OTHER Cisco Catalyst PON Series ONT default credential login detected (policy-other.rules)

Modified Rules:


 * 1:57918 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center MibFileServlet directory traversal attempt (server-webapp.rules)

2021-11-04 12:55:44 UTC

Snort Subscriber Rules Update

Date: 2021-11-04

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091101.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:58471 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet SQL injection attempt (server-webapp.rules)
 * 1:58492 <-> ENABLED <-> MALWARE-OTHER Tool.Webshell.Generic upload attempt (malware-other.rules)
 * 1:58495 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.Magniber variant beacon (malware-cnc.rules)
 * 1:58473 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet SQL injection attempt (server-webapp.rules)
 * 1:58491 <-> ENABLED <-> MALWARE-OTHER Tool.Webshell.Generic download attempt (malware-other.rules)
 * 1:58472 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet SQL injection attempt (server-webapp.rules)
 * 1:58493 <-> ENABLED <-> MALWARE-OTHER Tool.Webshell.Generic upload attempt (malware-other.rules)
 * 1:58475 <-> DISABLED <-> SERVER-WEBAPP Oracle WebLogic Server DeploymentService directory traversal attempt (server-webapp.rules)
 * 1:58477 <-> DISABLED <-> POLICY-OTHER Quest Foglight Evolve hardcoded credentials login attempt (policy-other.rules)
 * 1:58494 <-> ENABLED <-> MALWARE-OTHER Tool.Webshell.Generic download attempt (malware-other.rules)
 * 1:58470 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Deep Discovery Email Inspector Virtual Appliance policy_setting arbitrary PHP file upload attempt (server-webapp.rules)
 * 1:58474 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager TreeUserControl_process_tree_event XML external entity injection attempt (server-webapp.rules)
 * 1:58476 <-> DISABLED <-> SERVER-WEBAPP Oracle WebLogic Server DeploymentService directory traversal attempt (server-webapp.rules)
 * 1:58487 <-> DISABLED <-> SERVER-WEBAPP WordPress Snap Creek Duplicator and Duplicator Pro plugins directory traversal attempt (server-webapp.rules)
 * 3:58488 <-> ENABLED <-> POLICY-OTHER Cisco Catalyst PON Series ONT default credential login detected (policy-other.rules)
 * 3:58489 <-> ENABLED <-> BROWSER-CHROME TRUFFLEHUNTER TALOS-2021-1398 attack attempt (browser-chrome.rules)
 * 3:58478 <-> ENABLED <-> SERVER-WEBAPP Cisco Catalyst PON Series ONT command injection attempt (server-webapp.rules)
 * 3:58479 <-> ENABLED <-> SERVER-WEBAPP Cisco Catalyst PON Series ONT command injection attempt (server-webapp.rules)
 * 3:58480 <-> ENABLED <-> SERVER-WEBAPP Cisco Catalyst PON Series ONT command injection attempt (server-webapp.rules)
 * 3:58481 <-> ENABLED <-> SERVER-WEBAPP Cisco Catalyst PON Series ONT command injection attempt (server-webapp.rules)
 * 3:58482 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules)
 * 3:58483 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules)
 * 3:58484 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules)
 * 3:58485 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules)
 * 3:58490 <-> ENABLED <-> BROWSER-CHROME TRUFFLEHUNTER TALOS-2021-1398 attack attempt (browser-chrome.rules)
 * 3:58486 <-> ENABLED <-> POLICY-OTHER Cisco Catalyst PON Series ONT enable telnet request detected (policy-other.rules)

Modified Rules:


 * 1:57918 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center MibFileServlet directory traversal attempt (server-webapp.rules)

2021-11-04 12:55:44 UTC

Snort Subscriber Rules Update

Date: 2021-11-04

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3000.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:58473 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet SQL injection attempt (snort3-server-webapp.rules)
 * 1:58487 <-> DISABLED <-> SERVER-WEBAPP WordPress Snap Creek Duplicator and Duplicator Pro plugins directory traversal attempt (snort3-server-webapp.rules)
 * 1:58492 <-> ENABLED <-> MALWARE-OTHER Tool.Webshell.Generic upload attempt (snort3-malware-other.rules)
 * 1:58491 <-> ENABLED <-> MALWARE-OTHER Tool.Webshell.Generic download attempt (snort3-malware-other.rules)
 * 1:58471 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet SQL injection attempt (snort3-server-webapp.rules)
 * 1:58495 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.Magniber variant beacon (snort3-malware-cnc.rules)
 * 1:58475 <-> DISABLED <-> SERVER-WEBAPP Oracle WebLogic Server DeploymentService directory traversal attempt (snort3-server-webapp.rules)
 * 1:58472 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet SQL injection attempt (snort3-server-webapp.rules)
 * 1:58477 <-> DISABLED <-> POLICY-OTHER Quest Foglight Evolve hardcoded credentials login attempt (snort3-policy-other.rules)
 * 1:58494 <-> ENABLED <-> MALWARE-OTHER Tool.Webshell.Generic download attempt (snort3-malware-other.rules)
 * 1:58474 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager TreeUserControl_process_tree_event XML external entity injection attempt (snort3-server-webapp.rules)
 * 1:58493 <-> ENABLED <-> MALWARE-OTHER Tool.Webshell.Generic upload attempt (snort3-malware-other.rules)
 * 1:58476 <-> DISABLED <-> SERVER-WEBAPP Oracle WebLogic Server DeploymentService directory traversal attempt (snort3-server-webapp.rules)
 * 1:58470 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Deep Discovery Email Inspector Virtual Appliance policy_setting arbitrary PHP file upload attempt (snort3-server-webapp.rules)

Modified Rules:


 * 1:57918 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center MibFileServlet directory traversal attempt (snort3-server-webapp.rules)

2021-11-04 12:55:44 UTC

Snort Subscriber Rules Update

Date: 2021-11-04

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:58470 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Deep Discovery Email Inspector Virtual Appliance policy_setting arbitrary PHP file upload attempt (server-webapp.rules)
 * 1:58474 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager TreeUserControl_process_tree_event XML external entity injection attempt (server-webapp.rules)
 * 1:58491 <-> ENABLED <-> MALWARE-OTHER Tool.Webshell.Generic download attempt (malware-other.rules)
 * 1:58493 <-> ENABLED <-> MALWARE-OTHER Tool.Webshell.Generic upload attempt (malware-other.rules)
 * 1:58495 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.Magniber variant beacon (malware-cnc.rules)
 * 1:58492 <-> ENABLED <-> MALWARE-OTHER Tool.Webshell.Generic upload attempt (malware-other.rules)
 * 1:58477 <-> DISABLED <-> POLICY-OTHER Quest Foglight Evolve hardcoded credentials login attempt (policy-other.rules)
 * 1:58475 <-> DISABLED <-> SERVER-WEBAPP Oracle WebLogic Server DeploymentService directory traversal attempt (server-webapp.rules)
 * 1:58471 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet SQL injection attempt (server-webapp.rules)
 * 1:58487 <-> DISABLED <-> SERVER-WEBAPP WordPress Snap Creek Duplicator and Duplicator Pro plugins directory traversal attempt (server-webapp.rules)
 * 1:58476 <-> DISABLED <-> SERVER-WEBAPP Oracle WebLogic Server DeploymentService directory traversal attempt (server-webapp.rules)
 * 1:58473 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet SQL injection attempt (server-webapp.rules)
 * 1:58472 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet SQL injection attempt (server-webapp.rules)
 * 1:58494 <-> ENABLED <-> MALWARE-OTHER Tool.Webshell.Generic download attempt (malware-other.rules)

Modified Rules:


 * 1:57918 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center MibFileServlet directory traversal attempt (server-webapp.rules)

2021-11-04 13:06:49 UTC

Snort Subscriber Rules Update

Date: 2021-11-03-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.0.3.1.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:58470 <-> SERVER-WEBAPP Trend Micro Deep Discovery Email Inspector Virtual Appliance policy_setting arbitrary PHP file upload attempt
* 1:58471 <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet SQL injection attempt
* 1:58472 <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet SQL injection attempt
* 1:58473 <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet SQL injection attempt
* 1:58474 <-> SERVER-WEBAPP Trend Micro Control Manager TreeUserControl_process_tree_event XML external entity injection attempt
* 1:58475 <-> SERVER-WEBAPP Oracle WebLogic Server DeploymentService directory traversal attempt
* 1:58476 <-> SERVER-WEBAPP Oracle WebLogic Server DeploymentService directory traversal attempt
* 1:58477 <-> POLICY-OTHER Quest Foglight Evolve hardcoded credentials login attempt
* 3:58478 <-> SERVER-WEBAPP Cisco Catalyst PON Series ONT command injection attempt
* 3:58479 <-> SERVER-WEBAPP Cisco Catalyst PON Series ONT command injection attempt
* 3:58480 <-> SERVER-WEBAPP Cisco Catalyst PON Series ONT command injection attempt
* 3:58481 <-> SERVER-WEBAPP Cisco Catalyst PON Series ONT command injection attempt
* 3:58482 <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt
* 3:58483 <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt
* 3:58484 <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt
* 3:58485 <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt
* 3:58486 <-> POLICY-OTHER Cisco Catalyst PON Series ONT enable telnet request detected
* 1:58487 <-> SERVER-WEBAPP WordPress Snap Creek Duplicator and Duplicator Pro plugins directory traversal attempt
* 3:58488 <-> POLICY-OTHER Cisco Catalyst PON Series ONT default credential login detected
* 3:58489 <-> BROWSER-CHROME TRUFFLEHUNTER TALOS-2021-1398 attack attempt
* 3:58490 <-> BROWSER-CHROME TRUFFLEHUNTER TALOS-2021-1398 attack attempt
* 1:58491 <-> MALWARE-OTHER Tool.Webshell.Generic download attempt
* 1:58492 <-> MALWARE-OTHER Tool.Webshell.Generic upload attempt
* 1:58493 <-> MALWARE-OTHER Tool.Webshell.Generic upload attempt
* 1:58494 <-> MALWARE-OTHER Tool.Webshell.Generic download attempt
* 1:58495 <-> MALWARE-CNC Win.Ransomware.Magniber variant beacon

Modified Rules:

* 1:57918 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center MibFileServlet directory traversal attempt


2021-11-04 13:06:49 UTC

Snort Subscriber Rules Update

Date: 2021-11-03-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.0.3.4.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:58470 <-> SERVER-WEBAPP Trend Micro Deep Discovery Email Inspector Virtual Appliance policy_setting arbitrary PHP file upload attempt
* 1:58471 <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet SQL injection attempt
* 1:58472 <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet SQL injection attempt
* 1:58473 <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet SQL injection attempt
* 1:58474 <-> SERVER-WEBAPP Trend Micro Control Manager TreeUserControl_process_tree_event XML external entity injection attempt
* 1:58475 <-> SERVER-WEBAPP Oracle WebLogic Server DeploymentService directory traversal attempt
* 1:58476 <-> SERVER-WEBAPP Oracle WebLogic Server DeploymentService directory traversal attempt
* 1:58477 <-> POLICY-OTHER Quest Foglight Evolve hardcoded credentials login attempt
* 3:58478 <-> SERVER-WEBAPP Cisco Catalyst PON Series ONT command injection attempt
* 3:58479 <-> SERVER-WEBAPP Cisco Catalyst PON Series ONT command injection attempt
* 3:58480 <-> SERVER-WEBAPP Cisco Catalyst PON Series ONT command injection attempt
* 3:58481 <-> SERVER-WEBAPP Cisco Catalyst PON Series ONT command injection attempt
* 3:58482 <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt
* 3:58483 <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt
* 3:58484 <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt
* 3:58485 <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt
* 3:58486 <-> POLICY-OTHER Cisco Catalyst PON Series ONT enable telnet request detected
* 1:58487 <-> SERVER-WEBAPP WordPress Snap Creek Duplicator and Duplicator Pro plugins directory traversal attempt
* 3:58488 <-> POLICY-OTHER Cisco Catalyst PON Series ONT default credential login detected
* 3:58489 <-> BROWSER-CHROME TRUFFLEHUNTER TALOS-2021-1398 attack attempt
* 3:58490 <-> BROWSER-CHROME TRUFFLEHUNTER TALOS-2021-1398 attack attempt
* 1:58491 <-> MALWARE-OTHER Tool.Webshell.Generic download attempt
* 1:58492 <-> MALWARE-OTHER Tool.Webshell.Generic upload attempt
* 1:58493 <-> MALWARE-OTHER Tool.Webshell.Generic upload attempt
* 1:58494 <-> MALWARE-OTHER Tool.Webshell.Generic download attempt
* 1:58495 <-> MALWARE-CNC Win.Ransomware.Magniber variant beacon

Modified Rules:

* 1:57918 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center MibFileServlet directory traversal attempt


2021-11-04 13:06:49 UTC

Snort Subscriber Rules Update

Date: 2021-11-03-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.0.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:58470 <-> SERVER-WEBAPP Trend Micro Deep Discovery Email Inspector Virtual Appliance policy_setting arbitrary PHP file upload attempt
* 1:58471 <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet SQL injection attempt
* 1:58472 <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet SQL injection attempt
* 1:58473 <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet SQL injection attempt
* 1:58474 <-> SERVER-WEBAPP Trend Micro Control Manager TreeUserControl_process_tree_event XML external entity injection attempt
* 1:58475 <-> SERVER-WEBAPP Oracle WebLogic Server DeploymentService directory traversal attempt
* 1:58476 <-> SERVER-WEBAPP Oracle WebLogic Server DeploymentService directory traversal attempt
* 1:58477 <-> POLICY-OTHER Quest Foglight Evolve hardcoded credentials login attempt
* 3:58478 <-> SERVER-WEBAPP Cisco Catalyst PON Series ONT command injection attempt
* 3:58479 <-> SERVER-WEBAPP Cisco Catalyst PON Series ONT command injection attempt
* 3:58480 <-> SERVER-WEBAPP Cisco Catalyst PON Series ONT command injection attempt
* 3:58481 <-> SERVER-WEBAPP Cisco Catalyst PON Series ONT command injection attempt
* 3:58482 <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt
* 3:58483 <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt
* 3:58484 <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt
* 3:58485 <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt
* 3:58486 <-> POLICY-OTHER Cisco Catalyst PON Series ONT enable telnet request detected
* 1:58487 <-> SERVER-WEBAPP WordPress Snap Creek Duplicator and Duplicator Pro plugins directory traversal attempt
* 3:58488 <-> POLICY-OTHER Cisco Catalyst PON Series ONT default credential login detected
* 3:58489 <-> BROWSER-CHROME TRUFFLEHUNTER TALOS-2021-1398 attack attempt
* 3:58490 <-> BROWSER-CHROME TRUFFLEHUNTER TALOS-2021-1398 attack attempt
* 1:58491 <-> MALWARE-OTHER Tool.Webshell.Generic download attempt
* 1:58492 <-> MALWARE-OTHER Tool.Webshell.Generic upload attempt
* 1:58493 <-> MALWARE-OTHER Tool.Webshell.Generic upload attempt
* 1:58494 <-> MALWARE-OTHER Tool.Webshell.Generic download attempt
* 1:58495 <-> MALWARE-CNC Win.Ransomware.Magniber variant beacon

Modified Rules:

* 1:57918 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center MibFileServlet directory traversal attempt


2021-11-04 13:06:49 UTC

Snort Subscriber Rules Update

Date: 2021-11-03-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.0.1.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:58470 <-> SERVER-WEBAPP Trend Micro Deep Discovery Email Inspector Virtual Appliance policy_setting arbitrary PHP file upload attempt
* 1:58471 <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet SQL injection attempt
* 1:58472 <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet SQL injection attempt
* 1:58473 <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet SQL injection attempt
* 1:58474 <-> SERVER-WEBAPP Trend Micro Control Manager TreeUserControl_process_tree_event XML external entity injection attempt
* 1:58475 <-> SERVER-WEBAPP Oracle WebLogic Server DeploymentService directory traversal attempt
* 1:58476 <-> SERVER-WEBAPP Oracle WebLogic Server DeploymentService directory traversal attempt
* 1:58477 <-> POLICY-OTHER Quest Foglight Evolve hardcoded credentials login attempt
* 3:58478 <-> SERVER-WEBAPP Cisco Catalyst PON Series ONT command injection attempt
* 3:58479 <-> SERVER-WEBAPP Cisco Catalyst PON Series ONT command injection attempt
* 3:58480 <-> SERVER-WEBAPP Cisco Catalyst PON Series ONT command injection attempt
* 3:58481 <-> SERVER-WEBAPP Cisco Catalyst PON Series ONT command injection attempt
* 3:58482 <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt
* 3:58483 <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt
* 3:58484 <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt
* 3:58485 <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt
* 3:58486 <-> POLICY-OTHER Cisco Catalyst PON Series ONT enable telnet request detected
* 1:58487 <-> SERVER-WEBAPP WordPress Snap Creek Duplicator and Duplicator Pro plugins directory traversal attempt
* 3:58488 <-> POLICY-OTHER Cisco Catalyst PON Series ONT default credential login detected
* 3:58489 <-> BROWSER-CHROME TRUFFLEHUNTER TALOS-2021-1398 attack attempt
* 3:58490 <-> BROWSER-CHROME TRUFFLEHUNTER TALOS-2021-1398 attack attempt
* 1:58491 <-> MALWARE-OTHER Tool.Webshell.Generic download attempt
* 1:58492 <-> MALWARE-OTHER Tool.Webshell.Generic upload attempt
* 1:58493 <-> MALWARE-OTHER Tool.Webshell.Generic upload attempt
* 1:58494 <-> MALWARE-OTHER Tool.Webshell.Generic download attempt
* 1:58495 <-> MALWARE-CNC Win.Ransomware.Magniber variant beacon

Modified Rules:

* 1:57918 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center MibFileServlet directory traversal attempt


2021-11-04 13:06:49 UTC

Snort Subscriber Rules Update

Date: 2021-11-03-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.1.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:58470 <-> SERVER-WEBAPP Trend Micro Deep Discovery Email Inspector Virtual Appliance policy_setting arbitrary PHP file upload attempt
* 1:58471 <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet SQL injection attempt
* 1:58472 <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet SQL injection attempt
* 1:58473 <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet SQL injection attempt
* 1:58474 <-> SERVER-WEBAPP Trend Micro Control Manager TreeUserControl_process_tree_event XML external entity injection attempt
* 1:58475 <-> SERVER-WEBAPP Oracle WebLogic Server DeploymentService directory traversal attempt
* 1:58476 <-> SERVER-WEBAPP Oracle WebLogic Server DeploymentService directory traversal attempt
* 1:58477 <-> POLICY-OTHER Quest Foglight Evolve hardcoded credentials login attempt
* 3:58478 <-> SERVER-WEBAPP Cisco Catalyst PON Series ONT command injection attempt
* 3:58479 <-> SERVER-WEBAPP Cisco Catalyst PON Series ONT command injection attempt
* 3:58480 <-> SERVER-WEBAPP Cisco Catalyst PON Series ONT command injection attempt
* 3:58481 <-> SERVER-WEBAPP Cisco Catalyst PON Series ONT command injection attempt
* 3:58482 <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt
* 3:58483 <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt
* 3:58484 <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt
* 3:58485 <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt
* 3:58486 <-> POLICY-OTHER Cisco Catalyst PON Series ONT enable telnet request detected
* 1:58487 <-> SERVER-WEBAPP WordPress Snap Creek Duplicator and Duplicator Pro plugins directory traversal attempt
* 3:58488 <-> POLICY-OTHER Cisco Catalyst PON Series ONT default credential login detected
* 3:58489 <-> BROWSER-CHROME TRUFFLEHUNTER TALOS-2021-1398 attack attempt
* 3:58490 <-> BROWSER-CHROME TRUFFLEHUNTER TALOS-2021-1398 attack attempt
* 1:58491 <-> MALWARE-OTHER Tool.Webshell.Generic download attempt
* 1:58492 <-> MALWARE-OTHER Tool.Webshell.Generic upload attempt
* 1:58493 <-> MALWARE-OTHER Tool.Webshell.Generic upload attempt
* 1:58494 <-> MALWARE-OTHER Tool.Webshell.Generic download attempt
* 1:58495 <-> MALWARE-CNC Win.Ransomware.Magniber variant beacon

Modified Rules:

* 1:57918 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center MibFileServlet directory traversal attempt


2021-11-04 13:06:49 UTC

Snort Subscriber Rules Update

Date: 2021-11-03-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.3.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:58470 <-> SERVER-WEBAPP Trend Micro Deep Discovery Email Inspector Virtual Appliance policy_setting arbitrary PHP file upload attempt
* 1:58471 <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet SQL injection attempt
* 1:58472 <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet SQL injection attempt
* 1:58473 <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet SQL injection attempt
* 1:58474 <-> SERVER-WEBAPP Trend Micro Control Manager TreeUserControl_process_tree_event XML external entity injection attempt
* 1:58475 <-> SERVER-WEBAPP Oracle WebLogic Server DeploymentService directory traversal attempt
* 1:58476 <-> SERVER-WEBAPP Oracle WebLogic Server DeploymentService directory traversal attempt
* 1:58477 <-> POLICY-OTHER Quest Foglight Evolve hardcoded credentials login attempt
* 3:58478 <-> SERVER-WEBAPP Cisco Catalyst PON Series ONT command injection attempt
* 3:58479 <-> SERVER-WEBAPP Cisco Catalyst PON Series ONT command injection attempt
* 3:58480 <-> SERVER-WEBAPP Cisco Catalyst PON Series ONT command injection attempt
* 3:58481 <-> SERVER-WEBAPP Cisco Catalyst PON Series ONT command injection attempt
* 3:58482 <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt
* 3:58483 <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt
* 3:58484 <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt
* 3:58485 <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt
* 3:58486 <-> POLICY-OTHER Cisco Catalyst PON Series ONT enable telnet request detected
* 1:58487 <-> SERVER-WEBAPP WordPress Snap Creek Duplicator and Duplicator Pro plugins directory traversal attempt
* 3:58488 <-> POLICY-OTHER Cisco Catalyst PON Series ONT default credential login detected
* 3:58489 <-> BROWSER-CHROME TRUFFLEHUNTER TALOS-2021-1398 attack attempt
* 3:58490 <-> BROWSER-CHROME TRUFFLEHUNTER TALOS-2021-1398 attack attempt
* 1:58491 <-> MALWARE-OTHER Tool.Webshell.Generic download attempt
* 1:58492 <-> MALWARE-OTHER Tool.Webshell.Generic upload attempt
* 1:58493 <-> MALWARE-OTHER Tool.Webshell.Generic upload attempt
* 1:58494 <-> MALWARE-OTHER Tool.Webshell.Generic download attempt
* 1:58495 <-> MALWARE-CNC Win.Ransomware.Magniber variant beacon

Modified Rules:

* 1:57918 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center MibFileServlet directory traversal attempt


2021-11-04 13:06:49 UTC

Snort Subscriber Rules Update

Date: 2021-11-03-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.4.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:58470 <-> SERVER-WEBAPP Trend Micro Deep Discovery Email Inspector Virtual Appliance policy_setting arbitrary PHP file upload attempt
* 1:58471 <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet SQL injection attempt
* 1:58472 <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet SQL injection attempt
* 1:58473 <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet SQL injection attempt
* 1:58474 <-> SERVER-WEBAPP Trend Micro Control Manager TreeUserControl_process_tree_event XML external entity injection attempt
* 1:58475 <-> SERVER-WEBAPP Oracle WebLogic Server DeploymentService directory traversal attempt
* 1:58476 <-> SERVER-WEBAPP Oracle WebLogic Server DeploymentService directory traversal attempt
* 1:58477 <-> POLICY-OTHER Quest Foglight Evolve hardcoded credentials login attempt
* 3:58478 <-> SERVER-WEBAPP Cisco Catalyst PON Series ONT command injection attempt
* 3:58479 <-> SERVER-WEBAPP Cisco Catalyst PON Series ONT command injection attempt
* 3:58480 <-> SERVER-WEBAPP Cisco Catalyst PON Series ONT command injection attempt
* 3:58481 <-> SERVER-WEBAPP Cisco Catalyst PON Series ONT command injection attempt
* 3:58482 <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt
* 3:58483 <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt
* 3:58484 <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt
* 3:58485 <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt
* 3:58486 <-> POLICY-OTHER Cisco Catalyst PON Series ONT enable telnet request detected
* 1:58487 <-> SERVER-WEBAPP WordPress Snap Creek Duplicator and Duplicator Pro plugins directory traversal attempt
* 3:58488 <-> POLICY-OTHER Cisco Catalyst PON Series ONT default credential login detected
* 3:58489 <-> BROWSER-CHROME TRUFFLEHUNTER TALOS-2021-1398 attack attempt
* 3:58490 <-> BROWSER-CHROME TRUFFLEHUNTER TALOS-2021-1398 attack attempt
* 1:58491 <-> MALWARE-OTHER Tool.Webshell.Generic download attempt
* 1:58492 <-> MALWARE-OTHER Tool.Webshell.Generic upload attempt
* 1:58493 <-> MALWARE-OTHER Tool.Webshell.Generic upload attempt
* 1:58494 <-> MALWARE-OTHER Tool.Webshell.Generic download attempt
* 1:58495 <-> MALWARE-CNC Win.Ransomware.Magniber variant beacon

Modified Rules:

* 1:57918 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center MibFileServlet directory traversal attempt


2021-11-04 13:06:56 UTC

Snort Subscriber Rules Update

Date: 2021-11-03-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.5.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:58470 <-> SERVER-WEBAPP Trend Micro Deep Discovery Email Inspector Virtual Appliance policy_setting arbitrary PHP file upload attempt
* 1:58471 <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet SQL injection attempt
* 1:58472 <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet SQL injection attempt
* 1:58473 <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet SQL injection attempt
* 1:58474 <-> SERVER-WEBAPP Trend Micro Control Manager TreeUserControl_process_tree_event XML external entity injection attempt
* 1:58475 <-> SERVER-WEBAPP Oracle WebLogic Server DeploymentService directory traversal attempt
* 1:58476 <-> SERVER-WEBAPP Oracle WebLogic Server DeploymentService directory traversal attempt
* 1:58477 <-> POLICY-OTHER Quest Foglight Evolve hardcoded credentials login attempt
* 3:58478 <-> SERVER-WEBAPP Cisco Catalyst PON Series ONT command injection attempt
* 3:58479 <-> SERVER-WEBAPP Cisco Catalyst PON Series ONT command injection attempt
* 3:58480 <-> SERVER-WEBAPP Cisco Catalyst PON Series ONT command injection attempt
* 3:58481 <-> SERVER-WEBAPP Cisco Catalyst PON Series ONT command injection attempt
* 3:58482 <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt
* 3:58483 <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt
* 3:58484 <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt
* 3:58485 <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt
* 3:58486 <-> POLICY-OTHER Cisco Catalyst PON Series ONT enable telnet request detected
* 1:58487 <-> SERVER-WEBAPP WordPress Snap Creek Duplicator and Duplicator Pro plugins directory traversal attempt
* 3:58488 <-> POLICY-OTHER Cisco Catalyst PON Series ONT default credential login detected
* 3:58489 <-> BROWSER-CHROME TRUFFLEHUNTER TALOS-2021-1398 attack attempt
* 3:58490 <-> BROWSER-CHROME TRUFFLEHUNTER TALOS-2021-1398 attack attempt
* 1:58491 <-> MALWARE-OTHER Tool.Webshell.Generic download attempt
* 1:58492 <-> MALWARE-OTHER Tool.Webshell.Generic upload attempt
* 1:58493 <-> MALWARE-OTHER Tool.Webshell.Generic upload attempt
* 1:58494 <-> MALWARE-OTHER Tool.Webshell.Generic download attempt
* 1:58495 <-> MALWARE-CNC Win.Ransomware.Magniber variant beacon

Modified Rules:

* 1:57918 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center MibFileServlet directory traversal attempt


2021-11-04 13:06:56 UTC

Snort Subscriber Rules Update

Date: 2021-11-03-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.7.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:58470 <-> SERVER-WEBAPP Trend Micro Deep Discovery Email Inspector Virtual Appliance policy_setting arbitrary PHP file upload attempt
* 1:58471 <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet SQL injection attempt
* 1:58472 <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet SQL injection attempt
* 1:58473 <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet SQL injection attempt
* 1:58474 <-> SERVER-WEBAPP Trend Micro Control Manager TreeUserControl_process_tree_event XML external entity injection attempt
* 1:58475 <-> SERVER-WEBAPP Oracle WebLogic Server DeploymentService directory traversal attempt
* 1:58476 <-> SERVER-WEBAPP Oracle WebLogic Server DeploymentService directory traversal attempt
* 1:58477 <-> POLICY-OTHER Quest Foglight Evolve hardcoded credentials login attempt
* 3:58478 <-> SERVER-WEBAPP Cisco Catalyst PON Series ONT command injection attempt
* 3:58479 <-> SERVER-WEBAPP Cisco Catalyst PON Series ONT command injection attempt
* 3:58480 <-> SERVER-WEBAPP Cisco Catalyst PON Series ONT command injection attempt
* 3:58481 <-> SERVER-WEBAPP Cisco Catalyst PON Series ONT command injection attempt
* 3:58482 <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt
* 3:58483 <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt
* 3:58484 <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt
* 3:58485 <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt
* 3:58486 <-> POLICY-OTHER Cisco Catalyst PON Series ONT enable telnet request detected
* 1:58487 <-> SERVER-WEBAPP WordPress Snap Creek Duplicator and Duplicator Pro plugins directory traversal attempt
* 3:58488 <-> POLICY-OTHER Cisco Catalyst PON Series ONT default credential login detected
* 3:58489 <-> BROWSER-CHROME TRUFFLEHUNTER TALOS-2021-1398 attack attempt
* 3:58490 <-> BROWSER-CHROME TRUFFLEHUNTER TALOS-2021-1398 attack attempt
* 1:58491 <-> MALWARE-OTHER Tool.Webshell.Generic download attempt
* 1:58492 <-> MALWARE-OTHER Tool.Webshell.Generic upload attempt
* 1:58493 <-> MALWARE-OTHER Tool.Webshell.Generic upload attempt
* 1:58494 <-> MALWARE-OTHER Tool.Webshell.Generic download attempt
* 1:58495 <-> MALWARE-CNC Win.Ransomware.Magniber variant beacon

Modified Rules:

* 1:57918 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center MibFileServlet directory traversal attempt


2021-11-04 13:06:56 UTC

Snort Subscriber Rules Update

Date: 2021-11-03-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.9.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:58470 <-> SERVER-WEBAPP Trend Micro Deep Discovery Email Inspector Virtual Appliance policy_setting arbitrary PHP file upload attempt
* 1:58471 <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet SQL injection attempt
* 1:58472 <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet SQL injection attempt
* 1:58473 <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet SQL injection attempt
* 1:58474 <-> SERVER-WEBAPP Trend Micro Control Manager TreeUserControl_process_tree_event XML external entity injection attempt
* 1:58475 <-> SERVER-WEBAPP Oracle WebLogic Server DeploymentService directory traversal attempt
* 1:58476 <-> SERVER-WEBAPP Oracle WebLogic Server DeploymentService directory traversal attempt
* 1:58477 <-> POLICY-OTHER Quest Foglight Evolve hardcoded credentials login attempt
* 3:58478 <-> SERVER-WEBAPP Cisco Catalyst PON Series ONT command injection attempt
* 3:58479 <-> SERVER-WEBAPP Cisco Catalyst PON Series ONT command injection attempt
* 3:58480 <-> SERVER-WEBAPP Cisco Catalyst PON Series ONT command injection attempt
* 3:58481 <-> SERVER-WEBAPP Cisco Catalyst PON Series ONT command injection attempt
* 3:58482 <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt
* 3:58483 <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt
* 3:58484 <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt
* 3:58485 <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt
* 3:58486 <-> POLICY-OTHER Cisco Catalyst PON Series ONT enable telnet request detected
* 1:58487 <-> SERVER-WEBAPP WordPress Snap Creek Duplicator and Duplicator Pro plugins directory traversal attempt
* 3:58488 <-> POLICY-OTHER Cisco Catalyst PON Series ONT default credential login detected
* 3:58489 <-> BROWSER-CHROME TRUFFLEHUNTER TALOS-2021-1398 attack attempt
* 3:58490 <-> BROWSER-CHROME TRUFFLEHUNTER TALOS-2021-1398 attack attempt
* 1:58491 <-> MALWARE-OTHER Tool.Webshell.Generic download attempt
* 1:58492 <-> MALWARE-OTHER Tool.Webshell.Generic upload attempt
* 1:58493 <-> MALWARE-OTHER Tool.Webshell.Generic upload attempt
* 1:58494 <-> MALWARE-OTHER Tool.Webshell.Generic download attempt
* 1:58495 <-> MALWARE-CNC Win.Ransomware.Magniber variant beacon

Modified Rules:

* 1:57918 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center MibFileServlet directory traversal attempt


2021-11-04 13:06:56 UTC

Snort Subscriber Rules Update

Date: 2021-11-03-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.11.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:58470 <-> SERVER-WEBAPP Trend Micro Deep Discovery Email Inspector Virtual Appliance policy_setting arbitrary PHP file upload attempt
* 1:58471 <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet SQL injection attempt
* 1:58472 <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet SQL injection attempt
* 1:58473 <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet SQL injection attempt
* 1:58474 <-> SERVER-WEBAPP Trend Micro Control Manager TreeUserControl_process_tree_event XML external entity injection attempt
* 1:58475 <-> SERVER-WEBAPP Oracle WebLogic Server DeploymentService directory traversal attempt
* 1:58476 <-> SERVER-WEBAPP Oracle WebLogic Server DeploymentService directory traversal attempt
* 1:58477 <-> POLICY-OTHER Quest Foglight Evolve hardcoded credentials login attempt
* 3:58478 <-> SERVER-WEBAPP Cisco Catalyst PON Series ONT command injection attempt
* 3:58479 <-> SERVER-WEBAPP Cisco Catalyst PON Series ONT command injection attempt
* 3:58480 <-> SERVER-WEBAPP Cisco Catalyst PON Series ONT command injection attempt
* 3:58481 <-> SERVER-WEBAPP Cisco Catalyst PON Series ONT command injection attempt
* 3:58482 <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt
* 3:58483 <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt
* 3:58484 <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt
* 3:58485 <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt
* 3:58486 <-> POLICY-OTHER Cisco Catalyst PON Series ONT enable telnet request detected
* 1:58487 <-> SERVER-WEBAPP WordPress Snap Creek Duplicator and Duplicator Pro plugins directory traversal attempt
* 3:58488 <-> POLICY-OTHER Cisco Catalyst PON Series ONT default credential login detected
* 3:58489 <-> BROWSER-CHROME TRUFFLEHUNTER TALOS-2021-1398 attack attempt
* 3:58490 <-> BROWSER-CHROME TRUFFLEHUNTER TALOS-2021-1398 attack attempt
* 1:58491 <-> MALWARE-OTHER Tool.Webshell.Generic download attempt
* 1:58492 <-> MALWARE-OTHER Tool.Webshell.Generic upload attempt
* 1:58493 <-> MALWARE-OTHER Tool.Webshell.Generic upload attempt
* 1:58494 <-> MALWARE-OTHER Tool.Webshell.Generic download attempt
* 1:58495 <-> MALWARE-CNC Win.Ransomware.Magniber variant beacon

Modified Rules:

* 1:57918 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center MibFileServlet directory traversal attempt


2021-11-04 13:06:56 UTC

Snort Subscriber Rules Update

Date: 2021-11-03-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.15.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:58470 <-> SERVER-WEBAPP Trend Micro Deep Discovery Email Inspector Virtual Appliance policy_setting arbitrary PHP file upload attempt
* 1:58471 <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet SQL injection attempt
* 1:58472 <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet SQL injection attempt
* 1:58473 <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet SQL injection attempt
* 1:58474 <-> SERVER-WEBAPP Trend Micro Control Manager TreeUserControl_process_tree_event XML external entity injection attempt
* 1:58475 <-> SERVER-WEBAPP Oracle WebLogic Server DeploymentService directory traversal attempt
* 1:58476 <-> SERVER-WEBAPP Oracle WebLogic Server DeploymentService directory traversal attempt
* 1:58477 <-> POLICY-OTHER Quest Foglight Evolve hardcoded credentials login attempt
* 3:58478 <-> SERVER-WEBAPP Cisco Catalyst PON Series ONT command injection attempt
* 3:58479 <-> SERVER-WEBAPP Cisco Catalyst PON Series ONT command injection attempt
* 3:58480 <-> SERVER-WEBAPP Cisco Catalyst PON Series ONT command injection attempt
* 3:58481 <-> SERVER-WEBAPP Cisco Catalyst PON Series ONT command injection attempt
* 3:58482 <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt
* 3:58483 <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt
* 3:58484 <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt
* 3:58485 <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt
* 3:58486 <-> POLICY-OTHER Cisco Catalyst PON Series ONT enable telnet request detected
* 1:58487 <-> SERVER-WEBAPP WordPress Snap Creek Duplicator and Duplicator Pro plugins directory traversal attempt
* 3:58488 <-> POLICY-OTHER Cisco Catalyst PON Series ONT default credential login detected
* 3:58489 <-> BROWSER-CHROME TRUFFLEHUNTER TALOS-2021-1398 attack attempt
* 3:58490 <-> BROWSER-CHROME TRUFFLEHUNTER TALOS-2021-1398 attack attempt
* 1:58491 <-> MALWARE-OTHER Tool.Webshell.Generic download attempt
* 1:58492 <-> MALWARE-OTHER Tool.Webshell.Generic upload attempt
* 1:58493 <-> MALWARE-OTHER Tool.Webshell.Generic upload attempt
* 1:58494 <-> MALWARE-OTHER Tool.Webshell.Generic download attempt
* 1:58495 <-> MALWARE-CNC Win.Ransomware.Magniber variant beacon

Modified Rules:

* 1:57918 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center MibFileServlet directory traversal attempt