Talos has added and modified multiple rules in the malware-cnc, server-apache and server-webapp rule sets to provide coverage for emerging threats from these technologies.
For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091900.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:58820 <-> ENABLED <-> SERVER-APACHE Apache HTTP server SSRF attempt (server-apache.rules) * 1:58821 <-> DISABLED <-> SERVER-WEBAPP WebSVN search command injection attempt (server-webapp.rules) * 1:58822 <-> DISABLED <-> SERVER-WEBAPP WebSVN search command injection attempt (server-webapp.rules) * 1:58823 <-> DISABLED <-> SERVER-WEBAPP WebSVN search command injection attempt (server-webapp.rules) * 1:58824 <-> DISABLED <-> SERVER-WEBAPP WebSVN search command injection attempt (server-webapp.rules) * 1:58825 <-> DISABLED <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated command injection attempt (server-webapp.rules) * 1:58826 <-> DISABLED <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated command injection attempt (server-webapp.rules) * 1:58827 <-> DISABLED <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated command injection attempt (server-webapp.rules) * 1:58828 <-> DISABLED <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated command injection attempt (server-webapp.rules) * 1:58829 <-> DISABLED <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated Config Upgrade command injection attempt (server-webapp.rules) * 1:58830 <-> DISABLED <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated Config Upgrade command injection attempt (server-webapp.rules) * 1:58831 <-> DISABLED <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated Config Upgrade command injection attempt (server-webapp.rules) * 1:58832 <-> DISABLED <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated Config Upgrade command injection attempt (server-webapp.rules) * 1:58833 <-> DISABLED <-> SERVER-WEBAPP Nagios XI remote command execution attempt (server-webapp.rules) * 1:58834 <-> DISABLED <-> SERVER-OTHER MongoDB mongo-express insecure document processing code execution attempt (server-other.rules) * 1:58835 <-> ENABLED <-> MALWARE-CNC Win.Trojan.IcedId outbound connection (malware-cnc.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091801.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:58828 <-> DISABLED <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated command injection attempt (server-webapp.rules) * 1:58830 <-> DISABLED <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated Config Upgrade command injection attempt (server-webapp.rules) * 1:58829 <-> DISABLED <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated Config Upgrade command injection attempt (server-webapp.rules) * 1:58834 <-> DISABLED <-> SERVER-OTHER MongoDB mongo-express insecure document processing code execution attempt (server-other.rules) * 1:58835 <-> ENABLED <-> MALWARE-CNC Win.Trojan.IcedId outbound connection (malware-cnc.rules) * 1:58833 <-> DISABLED <-> SERVER-WEBAPP Nagios XI remote command execution attempt (server-webapp.rules) * 1:58831 <-> DISABLED <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated Config Upgrade command injection attempt (server-webapp.rules) * 1:58832 <-> DISABLED <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated Config Upgrade command injection attempt (server-webapp.rules) * 1:58821 <-> DISABLED <-> SERVER-WEBAPP WebSVN search command injection attempt (server-webapp.rules) * 1:58820 <-> ENABLED <-> SERVER-APACHE Apache HTTP server SSRF attempt (server-apache.rules) * 1:58822 <-> DISABLED <-> SERVER-WEBAPP WebSVN search command injection attempt (server-webapp.rules) * 1:58824 <-> DISABLED <-> SERVER-WEBAPP WebSVN search command injection attempt (server-webapp.rules) * 1:58823 <-> DISABLED <-> SERVER-WEBAPP WebSVN search command injection attempt (server-webapp.rules) * 1:58826 <-> DISABLED <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated command injection attempt (server-webapp.rules) * 1:58825 <-> DISABLED <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated command injection attempt (server-webapp.rules) * 1:58827 <-> DISABLED <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated command injection attempt (server-webapp.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091701.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:58834 <-> DISABLED <-> SERVER-OTHER MongoDB mongo-express insecure document processing code execution attempt (server-other.rules) * 1:58835 <-> ENABLED <-> MALWARE-CNC Win.Trojan.IcedId outbound connection (malware-cnc.rules) * 1:58820 <-> ENABLED <-> SERVER-APACHE Apache HTTP server SSRF attempt (server-apache.rules) * 1:58822 <-> DISABLED <-> SERVER-WEBAPP WebSVN search command injection attempt (server-webapp.rules) * 1:58821 <-> DISABLED <-> SERVER-WEBAPP WebSVN search command injection attempt (server-webapp.rules) * 1:58824 <-> DISABLED <-> SERVER-WEBAPP WebSVN search command injection attempt (server-webapp.rules) * 1:58823 <-> DISABLED <-> SERVER-WEBAPP WebSVN search command injection attempt (server-webapp.rules) * 1:58826 <-> DISABLED <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated command injection attempt (server-webapp.rules) * 1:58825 <-> DISABLED <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated command injection attempt (server-webapp.rules) * 1:58828 <-> DISABLED <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated command injection attempt (server-webapp.rules) * 1:58827 <-> DISABLED <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated command injection attempt (server-webapp.rules) * 1:58830 <-> DISABLED <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated Config Upgrade command injection attempt (server-webapp.rules) * 1:58829 <-> DISABLED <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated Config Upgrade command injection attempt (server-webapp.rules) * 1:58832 <-> DISABLED <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated Config Upgrade command injection attempt (server-webapp.rules) * 1:58831 <-> DISABLED <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated Config Upgrade command injection attempt (server-webapp.rules) * 1:58833 <-> DISABLED <-> SERVER-WEBAPP Nagios XI remote command execution attempt (server-webapp.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091700.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:58832 <-> DISABLED <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated Config Upgrade command injection attempt (server-webapp.rules) * 1:58833 <-> DISABLED <-> SERVER-WEBAPP Nagios XI remote command execution attempt (server-webapp.rules) * 1:58834 <-> DISABLED <-> SERVER-OTHER MongoDB mongo-express insecure document processing code execution attempt (server-other.rules) * 1:58835 <-> ENABLED <-> MALWARE-CNC Win.Trojan.IcedId outbound connection (malware-cnc.rules) * 1:58831 <-> DISABLED <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated Config Upgrade command injection attempt (server-webapp.rules) * 1:58820 <-> ENABLED <-> SERVER-APACHE Apache HTTP server SSRF attempt (server-apache.rules) * 1:58821 <-> DISABLED <-> SERVER-WEBAPP WebSVN search command injection attempt (server-webapp.rules) * 1:58822 <-> DISABLED <-> SERVER-WEBAPP WebSVN search command injection attempt (server-webapp.rules) * 1:58823 <-> DISABLED <-> SERVER-WEBAPP WebSVN search command injection attempt (server-webapp.rules) * 1:58824 <-> DISABLED <-> SERVER-WEBAPP WebSVN search command injection attempt (server-webapp.rules) * 1:58825 <-> DISABLED <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated command injection attempt (server-webapp.rules) * 1:58826 <-> DISABLED <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated command injection attempt (server-webapp.rules) * 1:58827 <-> DISABLED <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated command injection attempt (server-webapp.rules) * 1:58828 <-> DISABLED <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated command injection attempt (server-webapp.rules) * 1:58829 <-> DISABLED <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated Config Upgrade command injection attempt (server-webapp.rules) * 1:58830 <-> DISABLED <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated Config Upgrade command injection attempt (server-webapp.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091601.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:58833 <-> DISABLED <-> SERVER-WEBAPP Nagios XI remote command execution attempt (server-webapp.rules) * 1:58820 <-> ENABLED <-> SERVER-APACHE Apache HTTP server SSRF attempt (server-apache.rules) * 1:58824 <-> DISABLED <-> SERVER-WEBAPP WebSVN search command injection attempt (server-webapp.rules) * 1:58823 <-> DISABLED <-> SERVER-WEBAPP WebSVN search command injection attempt (server-webapp.rules) * 1:58822 <-> DISABLED <-> SERVER-WEBAPP WebSVN search command injection attempt (server-webapp.rules) * 1:58821 <-> DISABLED <-> SERVER-WEBAPP WebSVN search command injection attempt (server-webapp.rules) * 1:58828 <-> DISABLED <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated command injection attempt (server-webapp.rules) * 1:58827 <-> DISABLED <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated command injection attempt (server-webapp.rules) * 1:58825 <-> DISABLED <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated command injection attempt (server-webapp.rules) * 1:58826 <-> DISABLED <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated command injection attempt (server-webapp.rules) * 1:58832 <-> DISABLED <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated Config Upgrade command injection attempt (server-webapp.rules) * 1:58831 <-> DISABLED <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated Config Upgrade command injection attempt (server-webapp.rules) * 1:58830 <-> DISABLED <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated Config Upgrade command injection attempt (server-webapp.rules) * 1:58829 <-> DISABLED <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated Config Upgrade command injection attempt (server-webapp.rules) * 1:58835 <-> ENABLED <-> MALWARE-CNC Win.Trojan.IcedId outbound connection (malware-cnc.rules) * 1:58834 <-> DISABLED <-> SERVER-OTHER MongoDB mongo-express insecure document processing code execution attempt (server-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091600.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:58835 <-> ENABLED <-> MALWARE-CNC Win.Trojan.IcedId outbound connection (malware-cnc.rules) * 1:58831 <-> DISABLED <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated Config Upgrade command injection attempt (server-webapp.rules) * 1:58830 <-> DISABLED <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated Config Upgrade command injection attempt (server-webapp.rules) * 1:58821 <-> DISABLED <-> SERVER-WEBAPP WebSVN search command injection attempt (server-webapp.rules) * 1:58825 <-> DISABLED <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated command injection attempt (server-webapp.rules) * 1:58824 <-> DISABLED <-> SERVER-WEBAPP WebSVN search command injection attempt (server-webapp.rules) * 1:58823 <-> DISABLED <-> SERVER-WEBAPP WebSVN search command injection attempt (server-webapp.rules) * 1:58820 <-> ENABLED <-> SERVER-APACHE Apache HTTP server SSRF attempt (server-apache.rules) * 1:58829 <-> DISABLED <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated Config Upgrade command injection attempt (server-webapp.rules) * 1:58828 <-> DISABLED <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated command injection attempt (server-webapp.rules) * 1:58827 <-> DISABLED <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated command injection attempt (server-webapp.rules) * 1:58822 <-> DISABLED <-> SERVER-WEBAPP WebSVN search command injection attempt (server-webapp.rules) * 1:58826 <-> DISABLED <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated command injection attempt (server-webapp.rules) * 1:58834 <-> DISABLED <-> SERVER-OTHER MongoDB mongo-express insecure document processing code execution attempt (server-other.rules) * 1:58832 <-> DISABLED <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated Config Upgrade command injection attempt (server-webapp.rules) * 1:58833 <-> DISABLED <-> SERVER-WEBAPP Nagios XI remote command execution attempt (server-webapp.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091501.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:58834 <-> DISABLED <-> SERVER-OTHER MongoDB mongo-express insecure document processing code execution attempt (server-other.rules) * 1:58835 <-> ENABLED <-> MALWARE-CNC Win.Trojan.IcedId outbound connection (malware-cnc.rules) * 1:58823 <-> DISABLED <-> SERVER-WEBAPP WebSVN search command injection attempt (server-webapp.rules) * 1:58833 <-> DISABLED <-> SERVER-WEBAPP Nagios XI remote command execution attempt (server-webapp.rules) * 1:58820 <-> ENABLED <-> SERVER-APACHE Apache HTTP server SSRF attempt (server-apache.rules) * 1:58826 <-> DISABLED <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated command injection attempt (server-webapp.rules) * 1:58832 <-> DISABLED <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated Config Upgrade command injection attempt (server-webapp.rules) * 1:58827 <-> DISABLED <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated command injection attempt (server-webapp.rules) * 1:58825 <-> DISABLED <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated command injection attempt (server-webapp.rules) * 1:58829 <-> DISABLED <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated Config Upgrade command injection attempt (server-webapp.rules) * 1:58821 <-> DISABLED <-> SERVER-WEBAPP WebSVN search command injection attempt (server-webapp.rules) * 1:58828 <-> DISABLED <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated command injection attempt (server-webapp.rules) * 1:58830 <-> DISABLED <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated Config Upgrade command injection attempt (server-webapp.rules) * 1:58822 <-> DISABLED <-> SERVER-WEBAPP WebSVN search command injection attempt (server-webapp.rules) * 1:58831 <-> DISABLED <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated Config Upgrade command injection attempt (server-webapp.rules) * 1:58824 <-> DISABLED <-> SERVER-WEBAPP WebSVN search command injection attempt (server-webapp.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091401.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:58834 <-> DISABLED <-> SERVER-OTHER MongoDB mongo-express insecure document processing code execution attempt (server-other.rules) * 1:58831 <-> DISABLED <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated Config Upgrade command injection attempt (server-webapp.rules) * 1:58830 <-> DISABLED <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated Config Upgrade command injection attempt (server-webapp.rules) * 1:58826 <-> DISABLED <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated command injection attempt (server-webapp.rules) * 1:58824 <-> DISABLED <-> SERVER-WEBAPP WebSVN search command injection attempt (server-webapp.rules) * 1:58828 <-> DISABLED <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated command injection attempt (server-webapp.rules) * 1:58825 <-> DISABLED <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated command injection attempt (server-webapp.rules) * 1:58829 <-> DISABLED <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated Config Upgrade command injection attempt (server-webapp.rules) * 1:58827 <-> DISABLED <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated command injection attempt (server-webapp.rules) * 1:58833 <-> DISABLED <-> SERVER-WEBAPP Nagios XI remote command execution attempt (server-webapp.rules) * 1:58820 <-> ENABLED <-> SERVER-APACHE Apache HTTP server SSRF attempt (server-apache.rules) * 1:58821 <-> DISABLED <-> SERVER-WEBAPP WebSVN search command injection attempt (server-webapp.rules) * 1:58823 <-> DISABLED <-> SERVER-WEBAPP WebSVN search command injection attempt (server-webapp.rules) * 1:58832 <-> DISABLED <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated Config Upgrade command injection attempt (server-webapp.rules) * 1:58835 <-> ENABLED <-> MALWARE-CNC Win.Trojan.IcedId outbound connection (malware-cnc.rules) * 1:58822 <-> DISABLED <-> SERVER-WEBAPP WebSVN search command injection attempt (server-webapp.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091300.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:58832 <-> DISABLED <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated Config Upgrade command injection attempt (server-webapp.rules) * 1:58830 <-> DISABLED <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated Config Upgrade command injection attempt (server-webapp.rules) * 1:58831 <-> DISABLED <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated Config Upgrade command injection attempt (server-webapp.rules) * 1:58826 <-> DISABLED <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated command injection attempt (server-webapp.rules) * 1:58824 <-> DISABLED <-> SERVER-WEBAPP WebSVN search command injection attempt (server-webapp.rules) * 1:58835 <-> ENABLED <-> MALWARE-CNC Win.Trojan.IcedId outbound connection (malware-cnc.rules) * 1:58821 <-> DISABLED <-> SERVER-WEBAPP WebSVN search command injection attempt (server-webapp.rules) * 1:58825 <-> DISABLED <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated command injection attempt (server-webapp.rules) * 1:58828 <-> DISABLED <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated command injection attempt (server-webapp.rules) * 1:58823 <-> DISABLED <-> SERVER-WEBAPP WebSVN search command injection attempt (server-webapp.rules) * 1:58829 <-> DISABLED <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated Config Upgrade command injection attempt (server-webapp.rules) * 1:58834 <-> DISABLED <-> SERVER-OTHER MongoDB mongo-express insecure document processing code execution attempt (server-other.rules) * 1:58820 <-> ENABLED <-> SERVER-APACHE Apache HTTP server SSRF attempt (server-apache.rules) * 1:58833 <-> DISABLED <-> SERVER-WEBAPP Nagios XI remote command execution attempt (server-webapp.rules) * 1:58822 <-> DISABLED <-> SERVER-WEBAPP WebSVN search command injection attempt (server-webapp.rules) * 1:58827 <-> DISABLED <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated command injection attempt (server-webapp.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091101.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:58833 <-> DISABLED <-> SERVER-WEBAPP Nagios XI remote command execution attempt (server-webapp.rules) * 1:58820 <-> ENABLED <-> SERVER-APACHE Apache HTTP server SSRF attempt (server-apache.rules) * 1:58834 <-> DISABLED <-> SERVER-OTHER MongoDB mongo-express insecure document processing code execution attempt (server-other.rules) * 1:58831 <-> DISABLED <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated Config Upgrade command injection attempt (server-webapp.rules) * 1:58821 <-> DISABLED <-> SERVER-WEBAPP WebSVN search command injection attempt (server-webapp.rules) * 1:58835 <-> ENABLED <-> MALWARE-CNC Win.Trojan.IcedId outbound connection (malware-cnc.rules) * 1:58822 <-> DISABLED <-> SERVER-WEBAPP WebSVN search command injection attempt (server-webapp.rules) * 1:58823 <-> DISABLED <-> SERVER-WEBAPP WebSVN search command injection attempt (server-webapp.rules) * 1:58832 <-> DISABLED <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated Config Upgrade command injection attempt (server-webapp.rules) * 1:58824 <-> DISABLED <-> SERVER-WEBAPP WebSVN search command injection attempt (server-webapp.rules) * 1:58825 <-> DISABLED <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated command injection attempt (server-webapp.rules) * 1:58826 <-> DISABLED <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated command injection attempt (server-webapp.rules) * 1:58827 <-> DISABLED <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated command injection attempt (server-webapp.rules) * 1:58828 <-> DISABLED <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated command injection attempt (server-webapp.rules) * 1:58829 <-> DISABLED <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated Config Upgrade command injection attempt (server-webapp.rules) * 1:58830 <-> DISABLED <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated Config Upgrade command injection attempt (server-webapp.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3000.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:58834 <-> DISABLED <-> SERVER-OTHER MongoDB mongo-express insecure document processing code execution attempt (snort3-server-other.rules) * 1:58832 <-> DISABLED <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated Config Upgrade command injection attempt (snort3-server-webapp.rules) * 1:58823 <-> DISABLED <-> SERVER-WEBAPP WebSVN search command injection attempt (snort3-server-webapp.rules) * 1:58825 <-> DISABLED <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated command injection attempt (snort3-server-webapp.rules) * 1:58828 <-> DISABLED <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated command injection attempt (snort3-server-webapp.rules) * 1:58830 <-> DISABLED <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated Config Upgrade command injection attempt (snort3-server-webapp.rules) * 1:58833 <-> DISABLED <-> SERVER-WEBAPP Nagios XI remote command execution attempt (snort3-server-webapp.rules) * 1:58827 <-> DISABLED <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated command injection attempt (snort3-server-webapp.rules) * 1:58820 <-> ENABLED <-> SERVER-APACHE Apache HTTP server SSRF attempt (snort3-server-apache.rules) * 1:58835 <-> ENABLED <-> MALWARE-CNC Win.Trojan.IcedId outbound connection (snort3-malware-cnc.rules) * 1:58829 <-> DISABLED <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated Config Upgrade command injection attempt (snort3-server-webapp.rules) * 1:58822 <-> DISABLED <-> SERVER-WEBAPP WebSVN search command injection attempt (snort3-server-webapp.rules) * 1:58831 <-> DISABLED <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated Config Upgrade command injection attempt (snort3-server-webapp.rules) * 1:58824 <-> DISABLED <-> SERVER-WEBAPP WebSVN search command injection attempt (snort3-server-webapp.rules) * 1:58826 <-> DISABLED <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated command injection attempt (snort3-server-webapp.rules) * 1:58821 <-> DISABLED <-> SERVER-WEBAPP WebSVN search command injection attempt (snort3-server-webapp.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:58823 <-> DISABLED <-> SERVER-WEBAPP WebSVN search command injection attempt (server-webapp.rules) * 1:58833 <-> DISABLED <-> SERVER-WEBAPP Nagios XI remote command execution attempt (server-webapp.rules) * 1:58822 <-> DISABLED <-> SERVER-WEBAPP WebSVN search command injection attempt (server-webapp.rules) * 1:58825 <-> DISABLED <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated command injection attempt (server-webapp.rules) * 1:58830 <-> DISABLED <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated Config Upgrade command injection attempt (server-webapp.rules) * 1:58831 <-> DISABLED <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated Config Upgrade command injection attempt (server-webapp.rules) * 1:58821 <-> DISABLED <-> SERVER-WEBAPP WebSVN search command injection attempt (server-webapp.rules) * 1:58827 <-> DISABLED <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated command injection attempt (server-webapp.rules) * 1:58820 <-> ENABLED <-> SERVER-APACHE Apache HTTP server SSRF attempt (server-apache.rules) * 1:58824 <-> DISABLED <-> SERVER-WEBAPP WebSVN search command injection attempt (server-webapp.rules) * 1:58834 <-> DISABLED <-> SERVER-OTHER MongoDB mongo-express insecure document processing code execution attempt (server-other.rules) * 1:58826 <-> DISABLED <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated command injection attempt (server-webapp.rules) * 1:58829 <-> DISABLED <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated Config Upgrade command injection attempt (server-webapp.rules) * 1:58832 <-> DISABLED <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated Config Upgrade command injection attempt (server-webapp.rules) * 1:58835 <-> ENABLED <-> MALWARE-CNC Win.Trojan.IcedId outbound connection (malware-cnc.rules) * 1:58828 <-> DISABLED <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated command injection attempt (server-webapp.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.0.3.1.
The format of the file is:
gid:sid <-> Message
* 1:58820 <-> SERVER-APACHE Apache HTTP server SSRF attempt * 1:58821 <-> SERVER-WEBAPP WebSVN search command injection attempt * 1:58822 <-> SERVER-WEBAPP WebSVN search command injection attempt * 1:58823 <-> SERVER-WEBAPP WebSVN search command injection attempt * 1:58824 <-> SERVER-WEBAPP WebSVN search command injection attempt * 1:58825 <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated command injection attempt * 1:58826 <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated command injection attempt * 1:58827 <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated command injection attempt * 1:58828 <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated command injection attempt * 1:58829 <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated Config Upgrade command injection attempt * 1:58830 <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated Config Upgrade command injection attempt * 1:58831 <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated Config Upgrade command injection attempt * 1:58832 <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated Config Upgrade command injection attempt * 1:58833 <-> SERVER-WEBAPP Nagios XI remote command execution attempt * 1:58834 <-> SERVER-OTHER MongoDB mongo-express insecure document processing code execution attempt * 1:58835 <-> MALWARE-CNC Win.Trojan.IcedId outbound connection
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.0.3.4.
The format of the file is:
gid:sid <-> Message
* 1:58820 <-> SERVER-APACHE Apache HTTP server SSRF attempt * 1:58821 <-> SERVER-WEBAPP WebSVN search command injection attempt * 1:58822 <-> SERVER-WEBAPP WebSVN search command injection attempt * 1:58823 <-> SERVER-WEBAPP WebSVN search command injection attempt * 1:58824 <-> SERVER-WEBAPP WebSVN search command injection attempt * 1:58825 <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated command injection attempt * 1:58826 <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated command injection attempt * 1:58827 <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated command injection attempt * 1:58828 <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated command injection attempt * 1:58829 <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated Config Upgrade command injection attempt * 1:58830 <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated Config Upgrade command injection attempt * 1:58831 <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated Config Upgrade command injection attempt * 1:58832 <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated Config Upgrade command injection attempt * 1:58833 <-> SERVER-WEBAPP Nagios XI remote command execution attempt * 1:58834 <-> SERVER-OTHER MongoDB mongo-express insecure document processing code execution attempt * 1:58835 <-> MALWARE-CNC Win.Trojan.IcedId outbound connection
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.0.0.
The format of the file is:
gid:sid <-> Message
* 1:58820 <-> SERVER-APACHE Apache HTTP server SSRF attempt * 1:58821 <-> SERVER-WEBAPP WebSVN search command injection attempt * 1:58822 <-> SERVER-WEBAPP WebSVN search command injection attempt * 1:58823 <-> SERVER-WEBAPP WebSVN search command injection attempt * 1:58824 <-> SERVER-WEBAPP WebSVN search command injection attempt * 1:58825 <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated command injection attempt * 1:58826 <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated command injection attempt * 1:58827 <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated command injection attempt * 1:58828 <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated command injection attempt * 1:58829 <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated Config Upgrade command injection attempt * 1:58830 <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated Config Upgrade command injection attempt * 1:58831 <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated Config Upgrade command injection attempt * 1:58832 <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated Config Upgrade command injection attempt * 1:58833 <-> SERVER-WEBAPP Nagios XI remote command execution attempt * 1:58834 <-> SERVER-OTHER MongoDB mongo-express insecure document processing code execution attempt * 1:58835 <-> MALWARE-CNC Win.Trojan.IcedId outbound connection
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.0.1.
The format of the file is:
gid:sid <-> Message
* 1:58820 <-> SERVER-APACHE Apache HTTP server SSRF attempt * 1:58821 <-> SERVER-WEBAPP WebSVN search command injection attempt * 1:58822 <-> SERVER-WEBAPP WebSVN search command injection attempt * 1:58823 <-> SERVER-WEBAPP WebSVN search command injection attempt * 1:58824 <-> SERVER-WEBAPP WebSVN search command injection attempt * 1:58825 <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated command injection attempt * 1:58826 <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated command injection attempt * 1:58827 <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated command injection attempt * 1:58828 <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated command injection attempt * 1:58829 <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated Config Upgrade command injection attempt * 1:58830 <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated Config Upgrade command injection attempt * 1:58831 <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated Config Upgrade command injection attempt * 1:58832 <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated Config Upgrade command injection attempt * 1:58833 <-> SERVER-WEBAPP Nagios XI remote command execution attempt * 1:58834 <-> SERVER-OTHER MongoDB mongo-express insecure document processing code execution attempt * 1:58835 <-> MALWARE-CNC Win.Trojan.IcedId outbound connection
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.1.0.
The format of the file is:
gid:sid <-> Message
* 1:58820 <-> SERVER-APACHE Apache HTTP server SSRF attempt * 1:58821 <-> SERVER-WEBAPP WebSVN search command injection attempt * 1:58822 <-> SERVER-WEBAPP WebSVN search command injection attempt * 1:58823 <-> SERVER-WEBAPP WebSVN search command injection attempt * 1:58824 <-> SERVER-WEBAPP WebSVN search command injection attempt * 1:58825 <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated command injection attempt * 1:58826 <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated command injection attempt * 1:58827 <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated command injection attempt * 1:58828 <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated command injection attempt * 1:58829 <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated Config Upgrade command injection attempt * 1:58830 <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated Config Upgrade command injection attempt * 1:58831 <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated Config Upgrade command injection attempt * 1:58832 <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated Config Upgrade command injection attempt * 1:58833 <-> SERVER-WEBAPP Nagios XI remote command execution attempt * 1:58834 <-> SERVER-OTHER MongoDB mongo-express insecure document processing code execution attempt * 1:58835 <-> MALWARE-CNC Win.Trojan.IcedId outbound connection
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.3.0.
The format of the file is:
gid:sid <-> Message
* 1:58820 <-> SERVER-APACHE Apache HTTP server SSRF attempt * 1:58821 <-> SERVER-WEBAPP WebSVN search command injection attempt * 1:58822 <-> SERVER-WEBAPP WebSVN search command injection attempt * 1:58823 <-> SERVER-WEBAPP WebSVN search command injection attempt * 1:58824 <-> SERVER-WEBAPP WebSVN search command injection attempt * 1:58825 <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated command injection attempt * 1:58826 <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated command injection attempt * 1:58827 <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated command injection attempt * 1:58828 <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated command injection attempt * 1:58829 <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated Config Upgrade command injection attempt * 1:58830 <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated Config Upgrade command injection attempt * 1:58831 <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated Config Upgrade command injection attempt * 1:58832 <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated Config Upgrade command injection attempt * 1:58833 <-> SERVER-WEBAPP Nagios XI remote command execution attempt * 1:58834 <-> SERVER-OTHER MongoDB mongo-express insecure document processing code execution attempt * 1:58835 <-> MALWARE-CNC Win.Trojan.IcedId outbound connection
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.4.0.
The format of the file is:
gid:sid <-> Message
* 1:58820 <-> SERVER-APACHE Apache HTTP server SSRF attempt * 1:58821 <-> SERVER-WEBAPP WebSVN search command injection attempt * 1:58822 <-> SERVER-WEBAPP WebSVN search command injection attempt * 1:58823 <-> SERVER-WEBAPP WebSVN search command injection attempt * 1:58824 <-> SERVER-WEBAPP WebSVN search command injection attempt * 1:58825 <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated command injection attempt * 1:58826 <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated command injection attempt * 1:58827 <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated command injection attempt * 1:58828 <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated command injection attempt * 1:58829 <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated Config Upgrade command injection attempt * 1:58830 <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated Config Upgrade command injection attempt * 1:58831 <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated Config Upgrade command injection attempt * 1:58832 <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated Config Upgrade command injection attempt * 1:58833 <-> SERVER-WEBAPP Nagios XI remote command execution attempt * 1:58834 <-> SERVER-OTHER MongoDB mongo-express insecure document processing code execution attempt * 1:58835 <-> MALWARE-CNC Win.Trojan.IcedId outbound connection
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.5.0.
The format of the file is:
gid:sid <-> Message
* 1:58820 <-> SERVER-APACHE Apache HTTP server SSRF attempt * 1:58821 <-> SERVER-WEBAPP WebSVN search command injection attempt * 1:58822 <-> SERVER-WEBAPP WebSVN search command injection attempt * 1:58823 <-> SERVER-WEBAPP WebSVN search command injection attempt * 1:58824 <-> SERVER-WEBAPP WebSVN search command injection attempt * 1:58825 <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated command injection attempt * 1:58826 <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated command injection attempt * 1:58827 <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated command injection attempt * 1:58828 <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated command injection attempt * 1:58829 <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated Config Upgrade command injection attempt * 1:58830 <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated Config Upgrade command injection attempt * 1:58831 <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated Config Upgrade command injection attempt * 1:58832 <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated Config Upgrade command injection attempt * 1:58833 <-> SERVER-WEBAPP Nagios XI remote command execution attempt * 1:58834 <-> SERVER-OTHER MongoDB mongo-express insecure document processing code execution attempt * 1:58835 <-> MALWARE-CNC Win.Trojan.IcedId outbound connection
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.7.0.
The format of the file is:
gid:sid <-> Message
* 1:58820 <-> SERVER-APACHE Apache HTTP server SSRF attempt * 1:58821 <-> SERVER-WEBAPP WebSVN search command injection attempt * 1:58822 <-> SERVER-WEBAPP WebSVN search command injection attempt * 1:58823 <-> SERVER-WEBAPP WebSVN search command injection attempt * 1:58824 <-> SERVER-WEBAPP WebSVN search command injection attempt * 1:58825 <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated command injection attempt * 1:58826 <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated command injection attempt * 1:58827 <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated command injection attempt * 1:58828 <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated command injection attempt * 1:58829 <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated Config Upgrade command injection attempt * 1:58830 <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated Config Upgrade command injection attempt * 1:58831 <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated Config Upgrade command injection attempt * 1:58832 <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated Config Upgrade command injection attempt * 1:58833 <-> SERVER-WEBAPP Nagios XI remote command execution attempt * 1:58834 <-> SERVER-OTHER MongoDB mongo-express insecure document processing code execution attempt * 1:58835 <-> MALWARE-CNC Win.Trojan.IcedId outbound connection
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.9.0.
The format of the file is:
gid:sid <-> Message
* 1:58820 <-> SERVER-APACHE Apache HTTP server SSRF attempt * 1:58821 <-> SERVER-WEBAPP WebSVN search command injection attempt * 1:58822 <-> SERVER-WEBAPP WebSVN search command injection attempt * 1:58823 <-> SERVER-WEBAPP WebSVN search command injection attempt * 1:58824 <-> SERVER-WEBAPP WebSVN search command injection attempt * 1:58825 <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated command injection attempt * 1:58826 <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated command injection attempt * 1:58827 <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated command injection attempt * 1:58828 <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated command injection attempt * 1:58829 <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated Config Upgrade command injection attempt * 1:58830 <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated Config Upgrade command injection attempt * 1:58831 <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated Config Upgrade command injection attempt * 1:58832 <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated Config Upgrade command injection attempt * 1:58833 <-> SERVER-WEBAPP Nagios XI remote command execution attempt * 1:58834 <-> SERVER-OTHER MongoDB mongo-express insecure document processing code execution attempt * 1:58835 <-> MALWARE-CNC Win.Trojan.IcedId outbound connection
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.11.0.
The format of the file is:
gid:sid <-> Message
* 1:58820 <-> SERVER-APACHE Apache HTTP server SSRF attempt * 1:58821 <-> SERVER-WEBAPP WebSVN search command injection attempt * 1:58822 <-> SERVER-WEBAPP WebSVN search command injection attempt * 1:58823 <-> SERVER-WEBAPP WebSVN search command injection attempt * 1:58824 <-> SERVER-WEBAPP WebSVN search command injection attempt * 1:58825 <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated command injection attempt * 1:58826 <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated command injection attempt * 1:58827 <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated command injection attempt * 1:58828 <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated command injection attempt * 1:58829 <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated Config Upgrade command injection attempt * 1:58830 <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated Config Upgrade command injection attempt * 1:58831 <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated Config Upgrade command injection attempt * 1:58832 <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated Config Upgrade command injection attempt * 1:58833 <-> SERVER-WEBAPP Nagios XI remote command execution attempt * 1:58834 <-> SERVER-OTHER MongoDB mongo-express insecure document processing code execution attempt * 1:58835 <-> MALWARE-CNC Win.Trojan.IcedId outbound connection
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.15.0.
The format of the file is:
gid:sid <-> Message
* 1:58820 <-> SERVER-APACHE Apache HTTP server SSRF attempt * 1:58821 <-> SERVER-WEBAPP WebSVN search command injection attempt * 1:58822 <-> SERVER-WEBAPP WebSVN search command injection attempt * 1:58823 <-> SERVER-WEBAPP WebSVN search command injection attempt * 1:58824 <-> SERVER-WEBAPP WebSVN search command injection attempt * 1:58825 <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated command injection attempt * 1:58826 <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated command injection attempt * 1:58827 <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated command injection attempt * 1:58828 <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated command injection attempt * 1:58829 <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated Config Upgrade command injection attempt * 1:58830 <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated Config Upgrade command injection attempt * 1:58831 <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated Config Upgrade command injection attempt * 1:58832 <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated Config Upgrade command injection attempt * 1:58833 <-> SERVER-WEBAPP Nagios XI remote command execution attempt * 1:58834 <-> SERVER-OTHER MongoDB mongo-express insecure document processing code execution attempt * 1:58835 <-> MALWARE-CNC Win.Trojan.IcedId outbound connection
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.18.0.
The format of the file is:
gid:sid <-> Message
* 1:58820 <-> SERVER-APACHE Apache HTTP server SSRF attempt * 1:58821 <-> SERVER-WEBAPP WebSVN search command injection attempt * 1:58822 <-> SERVER-WEBAPP WebSVN search command injection attempt * 1:58823 <-> SERVER-WEBAPP WebSVN search command injection attempt * 1:58824 <-> SERVER-WEBAPP WebSVN search command injection attempt * 1:58825 <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated command injection attempt * 1:58826 <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated command injection attempt * 1:58827 <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated command injection attempt * 1:58828 <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated command injection attempt * 1:58829 <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated Config Upgrade command injection attempt * 1:58830 <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated Config Upgrade command injection attempt * 1:58831 <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated Config Upgrade command injection attempt * 1:58832 <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated Config Upgrade command injection attempt * 1:58833 <-> SERVER-WEBAPP Nagios XI remote command execution attempt * 1:58834 <-> SERVER-OTHER MongoDB mongo-express insecure document processing code execution attempt * 1:58835 <-> MALWARE-CNC Win.Trojan.IcedId outbound connection
©2024 Cisco and/or its affiliates. Snort, the Snort and Pig logo are registered trademarks of Cisco. All rights reserved.
