References to CVE 2021-44832 have been added to all existing log4j rules for ease of reference for users. Coverage was not updated as there was no need.
Talos has added and modified multiple rules in the file-multimedia, indicator-compromise, malware-cnc, malware-other, policy-other, protocol-other and server-webapp rule sets to provide coverage for emerging threats from these technologies.
For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091900.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:58838 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center Index Java expression language injection attempt (server-webapp.rules) * 1:58839 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center Index Java expression language injection attempt (server-webapp.rules) * 1:58840 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager AdHocQuery_Result XML external entity injection attempt (server-webapp.rules) * 1:58841 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Java expression language injection attempt (server-webapp.rules) * 1:58842 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Java expression language injection attempt (server-webapp.rules) * 1:58843 <-> DISABLED <-> SERVER-WEBAPP FUEL CMS col SQL injection attempt (server-webapp.rules) * 1:58844 <-> DISABLED <-> SERVER-WEBAPP FUEL CMS col SQL injection attempt (server-webapp.rules) * 1:58845 <-> DISABLED <-> SERVER-WEBAPP FUEL CMS col SQL injection attempt (server-webapp.rules) * 1:58846 <-> DISABLED <-> PROTOCOL-OTHER libcurl mqtt use after free attempt (protocol-other.rules) * 1:58847 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway requestDomains hidDomains SQL injection attempt (server-webapp.rules) * 1:58848 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway requestDomains hidDomains SQL injection attempt (server-webapp.rules) * 1:58849 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway requestDomains hidDomains SQL injection attempt (server-webapp.rules) * 1:58850 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Rollcoast download attempt (malware-other.rules) * 1:58851 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Rollcoast download attempt (malware-other.rules) * 1:58852 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BazarLoader outbound connection (malware-cnc.rules) * 1:58853 <-> ENABLED <-> SERVER-OTHER RealTek UDPServer command injection attempt (server-other.rules) * 3:58836 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1434 attack attempt (file-multimedia.rules) * 3:58837 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1434 attack attempt (file-multimedia.rules)
* 1:58727 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58728 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58732 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58733 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58734 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58735 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58736 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58722 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58723 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58737 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58724 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58725 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58729 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58731 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58730 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58738 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58739 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58740 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58741 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58742 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58743 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58744 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58751 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58784 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58785 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58786 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58787 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58788 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58789 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58790 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58795 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58801 <-> DISABLED <-> INDICATOR-COMPROMISE JNDI LDAP searchResEntry dynamic code download attempt (indicator-compromise.rules) * 1:58726 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58811 <-> ENABLED <-> SERVER-OTHER VMWare vSphere log4shell exploit attempt (server-other.rules) * 1:58812 <-> ENABLED <-> SERVER-OTHER VMWare vSphere log4shell exploit attempt (server-other.rules) * 1:58813 <-> ENABLED <-> SERVER-OTHER VMWare vSphere log4shell exploit attempt (server-other.rules) * 1:58814 <-> DISABLED <-> POLICY-OTHER Java User-Agent remote class download attempt (policy-other.rules) * 3:58802 <-> ENABLED <-> SERVER-WEBAPP Apache Log4j logging remote code execution attempt (server-webapp.rules) * 3:58803 <-> ENABLED <-> SERVER-WEBAPP Apache Log4j logging remote code execution attempt (server-webapp.rules) * 3:58804 <-> ENABLED <-> SERVER-WEBAPP Apache Log4j logging remote code execution attempt (server-webapp.rules) * 3:58805 <-> ENABLED <-> SERVER-WEBAPP Apache Log4j logging remote code execution attempt (server-webapp.rules) * 3:58806 <-> ENABLED <-> SERVER-WEBAPP Apache Log4j logging remote code execution attempt (server-webapp.rules) * 3:58807 <-> ENABLED <-> SERVER-WEBAPP Apache Log4j logging remote code execution attempt (server-webapp.rules) * 3:58808 <-> ENABLED <-> SERVER-WEBAPP Apache Log4j logging remote code execution attempt (server-webapp.rules) * 3:58809 <-> ENABLED <-> SERVER-WEBAPP Apache Log4j logging remote code execution attempt (server-webapp.rules) * 3:58810 <-> ENABLED <-> SERVER-WEBAPP Apache Log4j logging remote code execution attempt (server-webapp.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091801.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:58850 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Rollcoast download attempt (malware-other.rules) * 1:58844 <-> DISABLED <-> SERVER-WEBAPP FUEL CMS col SQL injection attempt (server-webapp.rules) * 1:58851 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Rollcoast download attempt (malware-other.rules) * 1:58849 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway requestDomains hidDomains SQL injection attempt (server-webapp.rules) * 1:58841 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Java expression language injection attempt (server-webapp.rules) * 1:58852 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BazarLoader outbound connection (malware-cnc.rules) * 1:58845 <-> DISABLED <-> SERVER-WEBAPP FUEL CMS col SQL injection attempt (server-webapp.rules) * 1:58848 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway requestDomains hidDomains SQL injection attempt (server-webapp.rules) * 1:58846 <-> DISABLED <-> PROTOCOL-OTHER libcurl mqtt use after free attempt (protocol-other.rules) * 1:58853 <-> ENABLED <-> SERVER-OTHER RealTek UDPServer command injection attempt (server-other.rules) * 1:58847 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway requestDomains hidDomains SQL injection attempt (server-webapp.rules) * 1:58839 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center Index Java expression language injection attempt (server-webapp.rules) * 1:58838 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center Index Java expression language injection attempt (server-webapp.rules) * 1:58843 <-> DISABLED <-> SERVER-WEBAPP FUEL CMS col SQL injection attempt (server-webapp.rules) * 1:58840 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager AdHocQuery_Result XML external entity injection attempt (server-webapp.rules) * 1:58842 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Java expression language injection attempt (server-webapp.rules) * 3:58837 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1434 attack attempt (file-multimedia.rules) * 3:58836 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1434 attack attempt (file-multimedia.rules)
* 1:58728 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58732 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58727 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58787 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58737 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58795 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58735 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58739 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58729 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58731 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58740 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58741 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58742 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58736 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58751 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58784 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58785 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58786 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58801 <-> DISABLED <-> INDICATOR-COMPROMISE JNDI LDAP searchResEntry dynamic code download attempt (indicator-compromise.rules) * 1:58788 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58789 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58811 <-> ENABLED <-> SERVER-OTHER VMWare vSphere log4shell exploit attempt (server-other.rules) * 1:58726 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58812 <-> ENABLED <-> SERVER-OTHER VMWare vSphere log4shell exploit attempt (server-other.rules) * 1:58813 <-> ENABLED <-> SERVER-OTHER VMWare vSphere log4shell exploit attempt (server-other.rules) * 1:58814 <-> DISABLED <-> POLICY-OTHER Java User-Agent remote class download attempt (policy-other.rules) * 1:58734 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58733 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58722 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58723 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58724 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58725 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58738 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58730 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58744 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58743 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58790 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 3:58802 <-> ENABLED <-> SERVER-WEBAPP Apache Log4j logging remote code execution attempt (server-webapp.rules) * 3:58803 <-> ENABLED <-> SERVER-WEBAPP Apache Log4j logging remote code execution attempt (server-webapp.rules) * 3:58804 <-> ENABLED <-> SERVER-WEBAPP Apache Log4j logging remote code execution attempt (server-webapp.rules) * 3:58805 <-> ENABLED <-> SERVER-WEBAPP Apache Log4j logging remote code execution attempt (server-webapp.rules) * 3:58806 <-> ENABLED <-> SERVER-WEBAPP Apache Log4j logging remote code execution attempt (server-webapp.rules) * 3:58807 <-> ENABLED <-> SERVER-WEBAPP Apache Log4j logging remote code execution attempt (server-webapp.rules) * 3:58808 <-> ENABLED <-> SERVER-WEBAPP Apache Log4j logging remote code execution attempt (server-webapp.rules) * 3:58809 <-> ENABLED <-> SERVER-WEBAPP Apache Log4j logging remote code execution attempt (server-webapp.rules) * 3:58810 <-> ENABLED <-> SERVER-WEBAPP Apache Log4j logging remote code execution attempt (server-webapp.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091701.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:58842 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Java expression language injection attempt (server-webapp.rules) * 1:58845 <-> DISABLED <-> SERVER-WEBAPP FUEL CMS col SQL injection attempt (server-webapp.rules) * 1:58838 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center Index Java expression language injection attempt (server-webapp.rules) * 1:58851 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Rollcoast download attempt (malware-other.rules) * 1:58839 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center Index Java expression language injection attempt (server-webapp.rules) * 1:58850 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Rollcoast download attempt (malware-other.rules) * 1:58843 <-> DISABLED <-> SERVER-WEBAPP FUEL CMS col SQL injection attempt (server-webapp.rules) * 1:58849 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway requestDomains hidDomains SQL injection attempt (server-webapp.rules) * 1:58848 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway requestDomains hidDomains SQL injection attempt (server-webapp.rules) * 1:58847 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway requestDomains hidDomains SQL injection attempt (server-webapp.rules) * 1:58846 <-> DISABLED <-> PROTOCOL-OTHER libcurl mqtt use after free attempt (protocol-other.rules) * 1:58852 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BazarLoader outbound connection (malware-cnc.rules) * 1:58853 <-> ENABLED <-> SERVER-OTHER RealTek UDPServer command injection attempt (server-other.rules) * 1:58840 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager AdHocQuery_Result XML external entity injection attempt (server-webapp.rules) * 1:58841 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Java expression language injection attempt (server-webapp.rules) * 1:58844 <-> DISABLED <-> SERVER-WEBAPP FUEL CMS col SQL injection attempt (server-webapp.rules) * 3:58837 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1434 attack attempt (file-multimedia.rules) * 3:58836 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1434 attack attempt (file-multimedia.rules)
* 1:58727 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58743 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58738 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58732 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58728 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58789 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58744 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58812 <-> ENABLED <-> SERVER-OTHER VMWare vSphere log4shell exploit attempt (server-other.rules) * 1:58813 <-> ENABLED <-> SERVER-OTHER VMWare vSphere log4shell exploit attempt (server-other.rules) * 1:58814 <-> DISABLED <-> POLICY-OTHER Java User-Agent remote class download attempt (policy-other.rules) * 1:58726 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58790 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58736 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58733 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58788 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58787 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58739 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58730 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58737 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58784 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58751 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58740 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58741 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58795 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58811 <-> ENABLED <-> SERVER-OTHER VMWare vSphere log4shell exploit attempt (server-other.rules) * 1:58801 <-> DISABLED <-> INDICATOR-COMPROMISE JNDI LDAP searchResEntry dynamic code download attempt (indicator-compromise.rules) * 1:58735 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58722 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58723 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58729 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58742 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58724 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58785 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58725 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58786 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58734 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58731 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 3:58802 <-> ENABLED <-> SERVER-WEBAPP Apache Log4j logging remote code execution attempt (server-webapp.rules) * 3:58803 <-> ENABLED <-> SERVER-WEBAPP Apache Log4j logging remote code execution attempt (server-webapp.rules) * 3:58804 <-> ENABLED <-> SERVER-WEBAPP Apache Log4j logging remote code execution attempt (server-webapp.rules) * 3:58805 <-> ENABLED <-> SERVER-WEBAPP Apache Log4j logging remote code execution attempt (server-webapp.rules) * 3:58806 <-> ENABLED <-> SERVER-WEBAPP Apache Log4j logging remote code execution attempt (server-webapp.rules) * 3:58807 <-> ENABLED <-> SERVER-WEBAPP Apache Log4j logging remote code execution attempt (server-webapp.rules) * 3:58808 <-> ENABLED <-> SERVER-WEBAPP Apache Log4j logging remote code execution attempt (server-webapp.rules) * 3:58809 <-> ENABLED <-> SERVER-WEBAPP Apache Log4j logging remote code execution attempt (server-webapp.rules) * 3:58810 <-> ENABLED <-> SERVER-WEBAPP Apache Log4j logging remote code execution attempt (server-webapp.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091700.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:58844 <-> DISABLED <-> SERVER-WEBAPP FUEL CMS col SQL injection attempt (server-webapp.rules) * 1:58849 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway requestDomains hidDomains SQL injection attempt (server-webapp.rules) * 1:58842 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Java expression language injection attempt (server-webapp.rules) * 1:58853 <-> ENABLED <-> SERVER-OTHER RealTek UDPServer command injection attempt (server-other.rules) * 1:58850 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Rollcoast download attempt (malware-other.rules) * 1:58847 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway requestDomains hidDomains SQL injection attempt (server-webapp.rules) * 1:58840 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager AdHocQuery_Result XML external entity injection attempt (server-webapp.rules) * 1:58852 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BazarLoader outbound connection (malware-cnc.rules) * 1:58846 <-> DISABLED <-> PROTOCOL-OTHER libcurl mqtt use after free attempt (protocol-other.rules) * 1:58839 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center Index Java expression language injection attempt (server-webapp.rules) * 1:58838 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center Index Java expression language injection attempt (server-webapp.rules) * 1:58841 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Java expression language injection attempt (server-webapp.rules) * 1:58843 <-> DISABLED <-> SERVER-WEBAPP FUEL CMS col SQL injection attempt (server-webapp.rules) * 1:58848 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway requestDomains hidDomains SQL injection attempt (server-webapp.rules) * 1:58851 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Rollcoast download attempt (malware-other.rules) * 1:58845 <-> DISABLED <-> SERVER-WEBAPP FUEL CMS col SQL injection attempt (server-webapp.rules) * 3:58837 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1434 attack attempt (file-multimedia.rules) * 3:58836 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1434 attack attempt (file-multimedia.rules)
* 1:58737 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58812 <-> ENABLED <-> SERVER-OTHER VMWare vSphere log4shell exploit attempt (server-other.rules) * 1:58727 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58739 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58732 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58728 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58813 <-> ENABLED <-> SERVER-OTHER VMWare vSphere log4shell exploit attempt (server-other.rules) * 1:58733 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58726 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58734 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58735 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58743 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58744 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58811 <-> ENABLED <-> SERVER-OTHER VMWare vSphere log4shell exploit attempt (server-other.rules) * 1:58790 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58795 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58801 <-> DISABLED <-> INDICATOR-COMPROMISE JNDI LDAP searchResEntry dynamic code download attempt (indicator-compromise.rules) * 1:58738 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58814 <-> DISABLED <-> POLICY-OTHER Java User-Agent remote class download attempt (policy-other.rules) * 1:58740 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58741 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58742 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58736 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58722 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58723 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58724 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58731 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58725 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58751 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58784 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58729 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58785 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58786 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58787 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58788 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58789 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58730 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 3:58802 <-> ENABLED <-> SERVER-WEBAPP Apache Log4j logging remote code execution attempt (server-webapp.rules) * 3:58803 <-> ENABLED <-> SERVER-WEBAPP Apache Log4j logging remote code execution attempt (server-webapp.rules) * 3:58804 <-> ENABLED <-> SERVER-WEBAPP Apache Log4j logging remote code execution attempt (server-webapp.rules) * 3:58805 <-> ENABLED <-> SERVER-WEBAPP Apache Log4j logging remote code execution attempt (server-webapp.rules) * 3:58806 <-> ENABLED <-> SERVER-WEBAPP Apache Log4j logging remote code execution attempt (server-webapp.rules) * 3:58807 <-> ENABLED <-> SERVER-WEBAPP Apache Log4j logging remote code execution attempt (server-webapp.rules) * 3:58808 <-> ENABLED <-> SERVER-WEBAPP Apache Log4j logging remote code execution attempt (server-webapp.rules) * 3:58809 <-> ENABLED <-> SERVER-WEBAPP Apache Log4j logging remote code execution attempt (server-webapp.rules) * 3:58810 <-> ENABLED <-> SERVER-WEBAPP Apache Log4j logging remote code execution attempt (server-webapp.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091601.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:58845 <-> DISABLED <-> SERVER-WEBAPP FUEL CMS col SQL injection attempt (server-webapp.rules) * 1:58842 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Java expression language injection attempt (server-webapp.rules) * 1:58853 <-> ENABLED <-> SERVER-OTHER RealTek UDPServer command injection attempt (server-other.rules) * 1:58846 <-> DISABLED <-> PROTOCOL-OTHER libcurl mqtt use after free attempt (protocol-other.rules) * 1:58852 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BazarLoader outbound connection (malware-cnc.rules) * 1:58851 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Rollcoast download attempt (malware-other.rules) * 1:58850 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Rollcoast download attempt (malware-other.rules) * 1:58849 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway requestDomains hidDomains SQL injection attempt (server-webapp.rules) * 1:58839 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center Index Java expression language injection attempt (server-webapp.rules) * 1:58843 <-> DISABLED <-> SERVER-WEBAPP FUEL CMS col SQL injection attempt (server-webapp.rules) * 1:58840 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager AdHocQuery_Result XML external entity injection attempt (server-webapp.rules) * 1:58844 <-> DISABLED <-> SERVER-WEBAPP FUEL CMS col SQL injection attempt (server-webapp.rules) * 1:58848 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway requestDomains hidDomains SQL injection attempt (server-webapp.rules) * 1:58838 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center Index Java expression language injection attempt (server-webapp.rules) * 1:58841 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Java expression language injection attempt (server-webapp.rules) * 1:58847 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway requestDomains hidDomains SQL injection attempt (server-webapp.rules) * 3:58836 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1434 attack attempt (file-multimedia.rules) * 3:58837 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1434 attack attempt (file-multimedia.rules)
* 1:58727 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58728 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58731 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58735 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58736 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58801 <-> DISABLED <-> INDICATOR-COMPROMISE JNDI LDAP searchResEntry dynamic code download attempt (indicator-compromise.rules) * 1:58737 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58813 <-> ENABLED <-> SERVER-OTHER VMWare vSphere log4shell exploit attempt (server-other.rules) * 1:58741 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58814 <-> DISABLED <-> POLICY-OTHER Java User-Agent remote class download attempt (policy-other.rules) * 1:58738 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58812 <-> ENABLED <-> SERVER-OTHER VMWare vSphere log4shell exploit attempt (server-other.rules) * 1:58739 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58787 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58785 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58730 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58740 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58733 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58732 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58734 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58811 <-> ENABLED <-> SERVER-OTHER VMWare vSphere log4shell exploit attempt (server-other.rules) * 1:58729 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58751 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58795 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58726 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58743 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58744 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58742 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58786 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58784 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58722 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58788 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58723 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58724 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58725 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58790 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58789 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 3:58802 <-> ENABLED <-> SERVER-WEBAPP Apache Log4j logging remote code execution attempt (server-webapp.rules) * 3:58803 <-> ENABLED <-> SERVER-WEBAPP Apache Log4j logging remote code execution attempt (server-webapp.rules) * 3:58804 <-> ENABLED <-> SERVER-WEBAPP Apache Log4j logging remote code execution attempt (server-webapp.rules) * 3:58805 <-> ENABLED <-> SERVER-WEBAPP Apache Log4j logging remote code execution attempt (server-webapp.rules) * 3:58806 <-> ENABLED <-> SERVER-WEBAPP Apache Log4j logging remote code execution attempt (server-webapp.rules) * 3:58807 <-> ENABLED <-> SERVER-WEBAPP Apache Log4j logging remote code execution attempt (server-webapp.rules) * 3:58808 <-> ENABLED <-> SERVER-WEBAPP Apache Log4j logging remote code execution attempt (server-webapp.rules) * 3:58809 <-> ENABLED <-> SERVER-WEBAPP Apache Log4j logging remote code execution attempt (server-webapp.rules) * 3:58810 <-> ENABLED <-> SERVER-WEBAPP Apache Log4j logging remote code execution attempt (server-webapp.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091600.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:58843 <-> DISABLED <-> SERVER-WEBAPP FUEL CMS col SQL injection attempt (server-webapp.rules) * 1:58841 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Java expression language injection attempt (server-webapp.rules) * 1:58849 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway requestDomains hidDomains SQL injection attempt (server-webapp.rules) * 1:58852 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BazarLoader outbound connection (malware-cnc.rules) * 1:58850 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Rollcoast download attempt (malware-other.rules) * 1:58848 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway requestDomains hidDomains SQL injection attempt (server-webapp.rules) * 1:58838 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center Index Java expression language injection attempt (server-webapp.rules) * 1:58845 <-> DISABLED <-> SERVER-WEBAPP FUEL CMS col SQL injection attempt (server-webapp.rules) * 1:58840 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager AdHocQuery_Result XML external entity injection attempt (server-webapp.rules) * 1:58851 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Rollcoast download attempt (malware-other.rules) * 1:58853 <-> ENABLED <-> SERVER-OTHER RealTek UDPServer command injection attempt (server-other.rules) * 1:58844 <-> DISABLED <-> SERVER-WEBAPP FUEL CMS col SQL injection attempt (server-webapp.rules) * 1:58846 <-> DISABLED <-> PROTOCOL-OTHER libcurl mqtt use after free attempt (protocol-other.rules) * 1:58847 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway requestDomains hidDomains SQL injection attempt (server-webapp.rules) * 1:58839 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center Index Java expression language injection attempt (server-webapp.rules) * 1:58842 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Java expression language injection attempt (server-webapp.rules) * 3:58836 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1434 attack attempt (file-multimedia.rules) * 3:58837 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1434 attack attempt (file-multimedia.rules)
* 1:58790 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58727 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58733 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58784 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58812 <-> ENABLED <-> SERVER-OTHER VMWare vSphere log4shell exploit attempt (server-other.rules) * 1:58788 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58728 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58786 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58801 <-> DISABLED <-> INDICATOR-COMPROMISE JNDI LDAP searchResEntry dynamic code download attempt (indicator-compromise.rules) * 1:58738 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58734 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58735 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58811 <-> ENABLED <-> SERVER-OTHER VMWare vSphere log4shell exploit attempt (server-other.rules) * 1:58789 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58737 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58736 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58731 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58813 <-> ENABLED <-> SERVER-OTHER VMWare vSphere log4shell exploit attempt (server-other.rules) * 1:58743 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58742 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58730 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58787 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58722 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58723 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58732 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58740 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58739 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58724 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58726 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58741 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58725 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58751 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58814 <-> DISABLED <-> POLICY-OTHER Java User-Agent remote class download attempt (policy-other.rules) * 1:58744 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58729 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58785 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58795 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 3:58802 <-> ENABLED <-> SERVER-WEBAPP Apache Log4j logging remote code execution attempt (server-webapp.rules) * 3:58803 <-> ENABLED <-> SERVER-WEBAPP Apache Log4j logging remote code execution attempt (server-webapp.rules) * 3:58804 <-> ENABLED <-> SERVER-WEBAPP Apache Log4j logging remote code execution attempt (server-webapp.rules) * 3:58805 <-> ENABLED <-> SERVER-WEBAPP Apache Log4j logging remote code execution attempt (server-webapp.rules) * 3:58806 <-> ENABLED <-> SERVER-WEBAPP Apache Log4j logging remote code execution attempt (server-webapp.rules) * 3:58807 <-> ENABLED <-> SERVER-WEBAPP Apache Log4j logging remote code execution attempt (server-webapp.rules) * 3:58808 <-> ENABLED <-> SERVER-WEBAPP Apache Log4j logging remote code execution attempt (server-webapp.rules) * 3:58809 <-> ENABLED <-> SERVER-WEBAPP Apache Log4j logging remote code execution attempt (server-webapp.rules) * 3:58810 <-> ENABLED <-> SERVER-WEBAPP Apache Log4j logging remote code execution attempt (server-webapp.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091501.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:58840 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager AdHocQuery_Result XML external entity injection attempt (server-webapp.rules) * 1:58853 <-> ENABLED <-> SERVER-OTHER RealTek UDPServer command injection attempt (server-other.rules) * 1:58850 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Rollcoast download attempt (malware-other.rules) * 1:58846 <-> DISABLED <-> PROTOCOL-OTHER libcurl mqtt use after free attempt (protocol-other.rules) * 1:58851 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Rollcoast download attempt (malware-other.rules) * 1:58838 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center Index Java expression language injection attempt (server-webapp.rules) * 1:58849 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway requestDomains hidDomains SQL injection attempt (server-webapp.rules) * 1:58843 <-> DISABLED <-> SERVER-WEBAPP FUEL CMS col SQL injection attempt (server-webapp.rules) * 1:58842 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Java expression language injection attempt (server-webapp.rules) * 1:58845 <-> DISABLED <-> SERVER-WEBAPP FUEL CMS col SQL injection attempt (server-webapp.rules) * 1:58839 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center Index Java expression language injection attempt (server-webapp.rules) * 1:58844 <-> DISABLED <-> SERVER-WEBAPP FUEL CMS col SQL injection attempt (server-webapp.rules) * 1:58848 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway requestDomains hidDomains SQL injection attempt (server-webapp.rules) * 1:58841 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Java expression language injection attempt (server-webapp.rules) * 1:58852 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BazarLoader outbound connection (malware-cnc.rules) * 1:58847 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway requestDomains hidDomains SQL injection attempt (server-webapp.rules) * 3:58836 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1434 attack attempt (file-multimedia.rules) * 3:58837 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1434 attack attempt (file-multimedia.rules)
* 1:58788 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58795 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58743 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58736 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58728 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58751 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58801 <-> DISABLED <-> INDICATOR-COMPROMISE JNDI LDAP searchResEntry dynamic code download attempt (indicator-compromise.rules) * 1:58741 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58813 <-> ENABLED <-> SERVER-OTHER VMWare vSphere log4shell exploit attempt (server-other.rules) * 1:58790 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58733 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58735 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58812 <-> ENABLED <-> SERVER-OTHER VMWare vSphere log4shell exploit attempt (server-other.rules) * 1:58739 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58740 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58814 <-> DISABLED <-> POLICY-OTHER Java User-Agent remote class download attempt (policy-other.rules) * 1:58742 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58734 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58732 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58727 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58789 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58722 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58737 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58787 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58784 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58729 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58785 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58738 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58731 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58723 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58726 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58811 <-> ENABLED <-> SERVER-OTHER VMWare vSphere log4shell exploit attempt (server-other.rules) * 1:58724 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58725 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58744 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58786 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58730 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 3:58802 <-> ENABLED <-> SERVER-WEBAPP Apache Log4j logging remote code execution attempt (server-webapp.rules) * 3:58803 <-> ENABLED <-> SERVER-WEBAPP Apache Log4j logging remote code execution attempt (server-webapp.rules) * 3:58804 <-> ENABLED <-> SERVER-WEBAPP Apache Log4j logging remote code execution attempt (server-webapp.rules) * 3:58805 <-> ENABLED <-> SERVER-WEBAPP Apache Log4j logging remote code execution attempt (server-webapp.rules) * 3:58806 <-> ENABLED <-> SERVER-WEBAPP Apache Log4j logging remote code execution attempt (server-webapp.rules) * 3:58807 <-> ENABLED <-> SERVER-WEBAPP Apache Log4j logging remote code execution attempt (server-webapp.rules) * 3:58808 <-> ENABLED <-> SERVER-WEBAPP Apache Log4j logging remote code execution attempt (server-webapp.rules) * 3:58809 <-> ENABLED <-> SERVER-WEBAPP Apache Log4j logging remote code execution attempt (server-webapp.rules) * 3:58810 <-> ENABLED <-> SERVER-WEBAPP Apache Log4j logging remote code execution attempt (server-webapp.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091401.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:58846 <-> DISABLED <-> PROTOCOL-OTHER libcurl mqtt use after free attempt (protocol-other.rules) * 1:58851 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Rollcoast download attempt (malware-other.rules) * 1:58838 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center Index Java expression language injection attempt (server-webapp.rules) * 1:58839 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center Index Java expression language injection attempt (server-webapp.rules) * 1:58848 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway requestDomains hidDomains SQL injection attempt (server-webapp.rules) * 1:58849 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway requestDomains hidDomains SQL injection attempt (server-webapp.rules) * 1:58847 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway requestDomains hidDomains SQL injection attempt (server-webapp.rules) * 1:58841 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Java expression language injection attempt (server-webapp.rules) * 1:58852 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BazarLoader outbound connection (malware-cnc.rules) * 1:58840 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager AdHocQuery_Result XML external entity injection attempt (server-webapp.rules) * 1:58844 <-> DISABLED <-> SERVER-WEBAPP FUEL CMS col SQL injection attempt (server-webapp.rules) * 1:58845 <-> DISABLED <-> SERVER-WEBAPP FUEL CMS col SQL injection attempt (server-webapp.rules) * 1:58842 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Java expression language injection attempt (server-webapp.rules) * 1:58850 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Rollcoast download attempt (malware-other.rules) * 1:58843 <-> DISABLED <-> SERVER-WEBAPP FUEL CMS col SQL injection attempt (server-webapp.rules) * 1:58853 <-> ENABLED <-> SERVER-OTHER RealTek UDPServer command injection attempt (server-other.rules) * 3:58836 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1434 attack attempt (file-multimedia.rules) * 3:58837 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1434 attack attempt (file-multimedia.rules)
* 1:58732 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58811 <-> ENABLED <-> SERVER-OTHER VMWare vSphere log4shell exploit attempt (server-other.rules) * 1:58727 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58785 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58789 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58787 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58813 <-> ENABLED <-> SERVER-OTHER VMWare vSphere log4shell exploit attempt (server-other.rules) * 1:58744 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58739 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58812 <-> ENABLED <-> SERVER-OTHER VMWare vSphere log4shell exploit attempt (server-other.rules) * 1:58814 <-> DISABLED <-> POLICY-OTHER Java User-Agent remote class download attempt (policy-other.rules) * 1:58731 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58740 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58730 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58784 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58733 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58722 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58723 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58751 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58734 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58742 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58726 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58735 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58728 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58736 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58724 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58737 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58729 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58788 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58790 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58795 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58801 <-> DISABLED <-> INDICATOR-COMPROMISE JNDI LDAP searchResEntry dynamic code download attempt (indicator-compromise.rules) * 1:58738 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58743 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58741 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58725 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58786 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 3:58802 <-> ENABLED <-> SERVER-WEBAPP Apache Log4j logging remote code execution attempt (server-webapp.rules) * 3:58803 <-> ENABLED <-> SERVER-WEBAPP Apache Log4j logging remote code execution attempt (server-webapp.rules) * 3:58804 <-> ENABLED <-> SERVER-WEBAPP Apache Log4j logging remote code execution attempt (server-webapp.rules) * 3:58805 <-> ENABLED <-> SERVER-WEBAPP Apache Log4j logging remote code execution attempt (server-webapp.rules) * 3:58806 <-> ENABLED <-> SERVER-WEBAPP Apache Log4j logging remote code execution attempt (server-webapp.rules) * 3:58807 <-> ENABLED <-> SERVER-WEBAPP Apache Log4j logging remote code execution attempt (server-webapp.rules) * 3:58808 <-> ENABLED <-> SERVER-WEBAPP Apache Log4j logging remote code execution attempt (server-webapp.rules) * 3:58809 <-> ENABLED <-> SERVER-WEBAPP Apache Log4j logging remote code execution attempt (server-webapp.rules) * 3:58810 <-> ENABLED <-> SERVER-WEBAPP Apache Log4j logging remote code execution attempt (server-webapp.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091300.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:58838 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center Index Java expression language injection attempt (server-webapp.rules) * 1:58839 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center Index Java expression language injection attempt (server-webapp.rules) * 1:58847 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway requestDomains hidDomains SQL injection attempt (server-webapp.rules) * 1:58852 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BazarLoader outbound connection (malware-cnc.rules) * 1:58853 <-> ENABLED <-> SERVER-OTHER RealTek UDPServer command injection attempt (server-other.rules) * 1:58850 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Rollcoast download attempt (malware-other.rules) * 1:58846 <-> DISABLED <-> PROTOCOL-OTHER libcurl mqtt use after free attempt (protocol-other.rules) * 1:58849 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway requestDomains hidDomains SQL injection attempt (server-webapp.rules) * 1:58851 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Rollcoast download attempt (malware-other.rules) * 1:58841 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Java expression language injection attempt (server-webapp.rules) * 1:58845 <-> DISABLED <-> SERVER-WEBAPP FUEL CMS col SQL injection attempt (server-webapp.rules) * 1:58844 <-> DISABLED <-> SERVER-WEBAPP FUEL CMS col SQL injection attempt (server-webapp.rules) * 1:58840 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager AdHocQuery_Result XML external entity injection attempt (server-webapp.rules) * 1:58843 <-> DISABLED <-> SERVER-WEBAPP FUEL CMS col SQL injection attempt (server-webapp.rules) * 1:58842 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Java expression language injection attempt (server-webapp.rules) * 1:58848 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway requestDomains hidDomains SQL injection attempt (server-webapp.rules) * 3:58837 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1434 attack attempt (file-multimedia.rules) * 3:58836 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1434 attack attempt (file-multimedia.rules)
* 1:58813 <-> ENABLED <-> SERVER-OTHER VMWare vSphere log4shell exploit attempt (server-other.rules) * 1:58728 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58789 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58788 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58727 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58742 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58732 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58738 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58812 <-> ENABLED <-> SERVER-OTHER VMWare vSphere log4shell exploit attempt (server-other.rules) * 1:58734 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58790 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58735 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58801 <-> DISABLED <-> INDICATOR-COMPROMISE JNDI LDAP searchResEntry dynamic code download attempt (indicator-compromise.rules) * 1:58736 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58751 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58785 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58786 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58784 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58739 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58730 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58787 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58726 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58740 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58795 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58741 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58811 <-> ENABLED <-> SERVER-OTHER VMWare vSphere log4shell exploit attempt (server-other.rules) * 1:58814 <-> DISABLED <-> POLICY-OTHER Java User-Agent remote class download attempt (policy-other.rules) * 1:58737 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58743 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58722 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58723 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58744 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58731 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58724 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58733 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58725 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58729 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 3:58802 <-> ENABLED <-> SERVER-WEBAPP Apache Log4j logging remote code execution attempt (server-webapp.rules) * 3:58803 <-> ENABLED <-> SERVER-WEBAPP Apache Log4j logging remote code execution attempt (server-webapp.rules) * 3:58804 <-> ENABLED <-> SERVER-WEBAPP Apache Log4j logging remote code execution attempt (server-webapp.rules) * 3:58805 <-> ENABLED <-> SERVER-WEBAPP Apache Log4j logging remote code execution attempt (server-webapp.rules) * 3:58806 <-> ENABLED <-> SERVER-WEBAPP Apache Log4j logging remote code execution attempt (server-webapp.rules) * 3:58807 <-> ENABLED <-> SERVER-WEBAPP Apache Log4j logging remote code execution attempt (server-webapp.rules) * 3:58808 <-> ENABLED <-> SERVER-WEBAPP Apache Log4j logging remote code execution attempt (server-webapp.rules) * 3:58809 <-> ENABLED <-> SERVER-WEBAPP Apache Log4j logging remote code execution attempt (server-webapp.rules) * 3:58810 <-> ENABLED <-> SERVER-WEBAPP Apache Log4j logging remote code execution attempt (server-webapp.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091101.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:58851 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Rollcoast download attempt (malware-other.rules) * 1:58844 <-> DISABLED <-> SERVER-WEBAPP FUEL CMS col SQL injection attempt (server-webapp.rules) * 1:58846 <-> DISABLED <-> PROTOCOL-OTHER libcurl mqtt use after free attempt (protocol-other.rules) * 1:58848 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway requestDomains hidDomains SQL injection attempt (server-webapp.rules) * 1:58840 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager AdHocQuery_Result XML external entity injection attempt (server-webapp.rules) * 1:58841 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Java expression language injection attempt (server-webapp.rules) * 1:58853 <-> ENABLED <-> SERVER-OTHER RealTek UDPServer command injection attempt (server-other.rules) * 1:58849 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway requestDomains hidDomains SQL injection attempt (server-webapp.rules) * 1:58847 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway requestDomains hidDomains SQL injection attempt (server-webapp.rules) * 1:58838 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center Index Java expression language injection attempt (server-webapp.rules) * 1:58852 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BazarLoader outbound connection (malware-cnc.rules) * 1:58839 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center Index Java expression language injection attempt (server-webapp.rules) * 1:58842 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Java expression language injection attempt (server-webapp.rules) * 1:58845 <-> DISABLED <-> SERVER-WEBAPP FUEL CMS col SQL injection attempt (server-webapp.rules) * 1:58843 <-> DISABLED <-> SERVER-WEBAPP FUEL CMS col SQL injection attempt (server-webapp.rules) * 1:58850 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Rollcoast download attempt (malware-other.rules) * 3:58836 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1434 attack attempt (file-multimedia.rules) * 3:58837 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1434 attack attempt (file-multimedia.rules)
* 1:58812 <-> ENABLED <-> SERVER-OTHER VMWare vSphere log4shell exploit attempt (server-other.rules) * 1:58737 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58732 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58795 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58728 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58727 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58733 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58734 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58726 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58735 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58813 <-> ENABLED <-> SERVER-OTHER VMWare vSphere log4shell exploit attempt (server-other.rules) * 1:58814 <-> DISABLED <-> POLICY-OTHER Java User-Agent remote class download attempt (policy-other.rules) * 1:58744 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58730 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58743 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58729 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58739 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58731 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58740 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58741 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58742 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58790 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58722 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58736 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58751 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58801 <-> DISABLED <-> INDICATOR-COMPROMISE JNDI LDAP searchResEntry dynamic code download attempt (indicator-compromise.rules) * 1:58723 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58724 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58725 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58784 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58811 <-> ENABLED <-> SERVER-OTHER VMWare vSphere log4shell exploit attempt (server-other.rules) * 1:58785 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58786 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58787 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58738 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58788 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58789 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 3:58802 <-> ENABLED <-> SERVER-WEBAPP Apache Log4j logging remote code execution attempt (server-webapp.rules) * 3:58803 <-> ENABLED <-> SERVER-WEBAPP Apache Log4j logging remote code execution attempt (server-webapp.rules) * 3:58804 <-> ENABLED <-> SERVER-WEBAPP Apache Log4j logging remote code execution attempt (server-webapp.rules) * 3:58805 <-> ENABLED <-> SERVER-WEBAPP Apache Log4j logging remote code execution attempt (server-webapp.rules) * 3:58806 <-> ENABLED <-> SERVER-WEBAPP Apache Log4j logging remote code execution attempt (server-webapp.rules) * 3:58807 <-> ENABLED <-> SERVER-WEBAPP Apache Log4j logging remote code execution attempt (server-webapp.rules) * 3:58808 <-> ENABLED <-> SERVER-WEBAPP Apache Log4j logging remote code execution attempt (server-webapp.rules) * 3:58809 <-> ENABLED <-> SERVER-WEBAPP Apache Log4j logging remote code execution attempt (server-webapp.rules) * 3:58810 <-> ENABLED <-> SERVER-WEBAPP Apache Log4j logging remote code execution attempt (server-webapp.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3000.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:58841 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Java expression language injection attempt (snort3-server-webapp.rules) * 1:58853 <-> ENABLED <-> SERVER-OTHER RealTek UDPServer command injection attempt (snort3-server-other.rules) * 1:58839 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center Index Java expression language injection attempt (snort3-server-webapp.rules) * 1:58847 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway requestDomains hidDomains SQL injection attempt (snort3-server-webapp.rules) * 1:58843 <-> DISABLED <-> SERVER-WEBAPP FUEL CMS col SQL injection attempt (snort3-server-webapp.rules) * 1:58850 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Rollcoast download attempt (snort3-malware-other.rules) * 1:58844 <-> DISABLED <-> SERVER-WEBAPP FUEL CMS col SQL injection attempt (snort3-server-webapp.rules) * 1:58845 <-> DISABLED <-> SERVER-WEBAPP FUEL CMS col SQL injection attempt (snort3-server-webapp.rules) * 1:58840 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager AdHocQuery_Result XML external entity injection attempt (snort3-server-webapp.rules) * 1:58848 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway requestDomains hidDomains SQL injection attempt (snort3-server-webapp.rules) * 1:58851 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Rollcoast download attempt (snort3-malware-other.rules) * 1:58838 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center Index Java expression language injection attempt (snort3-server-webapp.rules) * 1:58852 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BazarLoader outbound connection (snort3-malware-cnc.rules) * 1:58842 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Java expression language injection attempt (snort3-server-webapp.rules) * 1:58846 <-> DISABLED <-> PROTOCOL-OTHER libcurl mqtt use after free attempt (snort3-protocol-other.rules) * 1:58849 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway requestDomains hidDomains SQL injection attempt (snort3-server-webapp.rules)
* 1:58722 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (snort3-server-other.rules) * 1:58723 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (snort3-server-other.rules) * 1:58734 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (snort3-server-other.rules) * 1:58726 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (snort3-server-other.rules) * 1:58728 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (snort3-server-other.rules) * 1:58813 <-> ENABLED <-> SERVER-OTHER VMWare vSphere log4shell exploit attempt (snort3-server-other.rules) * 1:58731 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (snort3-server-other.rules) * 1:58725 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (snort3-server-other.rules) * 1:58784 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (snort3-server-other.rules) * 1:58790 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (snort3-server-other.rules) * 1:58732 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (snort3-server-other.rules) * 1:58735 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (snort3-server-other.rules) * 1:58742 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (snort3-server-other.rules) * 1:58814 <-> DISABLED <-> POLICY-OTHER Java User-Agent remote class download attempt (snort3-policy-other.rules) * 1:58811 <-> ENABLED <-> SERVER-OTHER VMWare vSphere log4shell exploit attempt (snort3-server-other.rules) * 1:58733 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (snort3-server-other.rules) * 1:58736 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (snort3-server-other.rules) * 1:58789 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (snort3-server-other.rules) * 1:58730 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (snort3-server-other.rules) * 1:58739 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (snort3-server-other.rules) * 1:58729 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (snort3-server-other.rules) * 1:58727 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (snort3-server-other.rules) * 1:58737 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (snort3-server-other.rules) * 1:58812 <-> ENABLED <-> SERVER-OTHER VMWare vSphere log4shell exploit attempt (snort3-server-other.rules) * 1:58795 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (snort3-server-other.rules) * 1:58788 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (snort3-server-other.rules) * 1:58743 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (snort3-server-other.rules) * 1:58740 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (snort3-server-other.rules) * 1:58741 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (snort3-server-other.rules) * 1:300055 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (snort3-native.rules) * 1:300056 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (snort3-native.rules) * 1:300057 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (snort3-native.rules) * 1:58801 <-> DISABLED <-> INDICATOR-COMPROMISE JNDI LDAP searchResEntry dynamic code download attempt (snort3-indicator-compromise.rules) * 1:58744 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (snort3-server-other.rules) * 1:58785 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (snort3-server-other.rules) * 1:58786 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (snort3-server-other.rules) * 1:58787 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (snort3-server-other.rules) * 1:58724 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (snort3-server-other.rules) * 1:58738 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (snort3-server-other.rules) * 1:58751 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (snort3-server-other.rules) * 1:300058 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (snort3-native.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:58851 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Rollcoast download attempt (malware-other.rules) * 1:58845 <-> DISABLED <-> SERVER-WEBAPP FUEL CMS col SQL injection attempt (server-webapp.rules) * 1:58850 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Rollcoast download attempt (malware-other.rules) * 1:58852 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BazarLoader outbound connection (malware-cnc.rules) * 1:58853 <-> ENABLED <-> SERVER-OTHER RealTek UDPServer command injection attempt (server-other.rules) * 1:58842 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Java expression language injection attempt (server-webapp.rules) * 1:58844 <-> DISABLED <-> SERVER-WEBAPP FUEL CMS col SQL injection attempt (server-webapp.rules) * 1:58846 <-> DISABLED <-> PROTOCOL-OTHER libcurl mqtt use after free attempt (protocol-other.rules) * 1:58848 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway requestDomains hidDomains SQL injection attempt (server-webapp.rules) * 1:58847 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway requestDomains hidDomains SQL injection attempt (server-webapp.rules) * 1:58849 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway requestDomains hidDomains SQL injection attempt (server-webapp.rules) * 1:58840 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager AdHocQuery_Result XML external entity injection attempt (server-webapp.rules) * 1:58839 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center Index Java expression language injection attempt (server-webapp.rules) * 1:58841 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Java expression language injection attempt (server-webapp.rules) * 1:58838 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center Index Java expression language injection attempt (server-webapp.rules) * 1:58843 <-> DISABLED <-> SERVER-WEBAPP FUEL CMS col SQL injection attempt (server-webapp.rules)
* 1:58733 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58734 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58736 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58735 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58812 <-> ENABLED <-> SERVER-OTHER VMWare vSphere log4shell exploit attempt (server-other.rules) * 1:58785 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58786 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58814 <-> DISABLED <-> POLICY-OTHER Java User-Agent remote class download attempt (policy-other.rules) * 1:58744 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58737 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58813 <-> ENABLED <-> SERVER-OTHER VMWare vSphere log4shell exploit attempt (server-other.rules) * 1:58738 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58732 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58751 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58740 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58727 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58726 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58787 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58741 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58739 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58731 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58730 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58784 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58728 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58722 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58742 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58723 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58724 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58725 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58743 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58788 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58789 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58729 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58790 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58795 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules) * 1:58801 <-> DISABLED <-> INDICATOR-COMPROMISE JNDI LDAP searchResEntry dynamic code download attempt (indicator-compromise.rules) * 1:58811 <-> ENABLED <-> SERVER-OTHER VMWare vSphere log4shell exploit attempt (server-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.0.3.1.
The format of the file is:
gid:sid <-> Message
* 3:58836 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1434 attack attempt * 3:58837 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1434 attack attempt * 1:58838 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center Index Java expression language injection attempt * 1:58839 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center Index Java expression language injection attempt * 1:58840 <-> SERVER-WEBAPP Trend Micro Control Manager AdHocQuery_Result XML external entity injection attempt * 1:58841 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Java expression language injection attempt * 1:58842 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Java expression language injection attempt * 1:58843 <-> SERVER-WEBAPP FUEL CMS col SQL injection attempt * 1:58844 <-> SERVER-WEBAPP FUEL CMS col SQL injection attempt * 1:58845 <-> SERVER-WEBAPP FUEL CMS col SQL injection attempt * 1:58846 <-> PROTOCOL-OTHER libcurl mqtt use after free attempt * 1:58847 <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway requestDomains hidDomains SQL injection attempt * 1:58848 <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway requestDomains hidDomains SQL injection attempt * 1:58849 <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway requestDomains hidDomains SQL injection attempt * 1:58850 <-> MALWARE-OTHER Win.Ransomware.Rollcoast download attempt * 1:58851 <-> MALWARE-OTHER Win.Ransomware.Rollcoast download attempt * 1:58852 <-> MALWARE-CNC Win.Trojan.BazarLoader outbound connection * 1:58853 <-> SERVER-OTHER RealTek UDPServer command injection attempt
* 1:300055 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:300056 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:300057 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:300058 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58722 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58723 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58724 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58725 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58726 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58727 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58728 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58729 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58730 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58731 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58732 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58733 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58734 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58735 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58736 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58737 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58738 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58739 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58740 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58741 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58742 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58743 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58744 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58751 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58784 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58785 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58786 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58787 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58788 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58789 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58790 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58795 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58801 <-> INDICATOR-COMPROMISE JNDI LDAP searchResEntry dynamic code download attempt * 1:58811 <-> SERVER-OTHER VMWare vSphere log4shell exploit attempt * 1:58812 <-> SERVER-OTHER VMWare vSphere log4shell exploit attempt * 1:58813 <-> SERVER-OTHER VMWare vSphere log4shell exploit attempt * 1:58814 <-> POLICY-OTHER Java User-Agent remote class download attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.0.3.4.
The format of the file is:
gid:sid <-> Message
* 3:58836 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1434 attack attempt * 3:58837 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1434 attack attempt * 1:58838 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center Index Java expression language injection attempt * 1:58839 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center Index Java expression language injection attempt * 1:58840 <-> SERVER-WEBAPP Trend Micro Control Manager AdHocQuery_Result XML external entity injection attempt * 1:58841 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Java expression language injection attempt * 1:58842 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Java expression language injection attempt * 1:58843 <-> SERVER-WEBAPP FUEL CMS col SQL injection attempt * 1:58844 <-> SERVER-WEBAPP FUEL CMS col SQL injection attempt * 1:58845 <-> SERVER-WEBAPP FUEL CMS col SQL injection attempt * 1:58846 <-> PROTOCOL-OTHER libcurl mqtt use after free attempt * 1:58847 <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway requestDomains hidDomains SQL injection attempt * 1:58848 <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway requestDomains hidDomains SQL injection attempt * 1:58849 <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway requestDomains hidDomains SQL injection attempt * 1:58850 <-> MALWARE-OTHER Win.Ransomware.Rollcoast download attempt * 1:58851 <-> MALWARE-OTHER Win.Ransomware.Rollcoast download attempt * 1:58852 <-> MALWARE-CNC Win.Trojan.BazarLoader outbound connection * 1:58853 <-> SERVER-OTHER RealTek UDPServer command injection attempt
* 1:300055 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:300056 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:300057 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:300058 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58722 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58723 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58724 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58725 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58726 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58727 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58728 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58729 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58730 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58731 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58732 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58733 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58734 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58735 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58736 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58737 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58738 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58739 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58740 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58741 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58742 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58743 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58744 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58751 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58784 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58785 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58786 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58787 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58788 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58789 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58790 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58795 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58801 <-> INDICATOR-COMPROMISE JNDI LDAP searchResEntry dynamic code download attempt * 1:58811 <-> SERVER-OTHER VMWare vSphere log4shell exploit attempt * 1:58812 <-> SERVER-OTHER VMWare vSphere log4shell exploit attempt * 1:58813 <-> SERVER-OTHER VMWare vSphere log4shell exploit attempt * 1:58814 <-> POLICY-OTHER Java User-Agent remote class download attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.0.1.
The format of the file is:
gid:sid <-> Message
* 3:58836 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1434 attack attempt * 3:58837 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1434 attack attempt * 1:58838 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center Index Java expression language injection attempt * 1:58839 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center Index Java expression language injection attempt * 1:58840 <-> SERVER-WEBAPP Trend Micro Control Manager AdHocQuery_Result XML external entity injection attempt * 1:58841 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Java expression language injection attempt * 1:58842 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Java expression language injection attempt * 1:58843 <-> SERVER-WEBAPP FUEL CMS col SQL injection attempt * 1:58844 <-> SERVER-WEBAPP FUEL CMS col SQL injection attempt * 1:58845 <-> SERVER-WEBAPP FUEL CMS col SQL injection attempt * 1:58846 <-> PROTOCOL-OTHER libcurl mqtt use after free attempt * 1:58847 <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway requestDomains hidDomains SQL injection attempt * 1:58848 <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway requestDomains hidDomains SQL injection attempt * 1:58849 <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway requestDomains hidDomains SQL injection attempt * 1:58850 <-> MALWARE-OTHER Win.Ransomware.Rollcoast download attempt * 1:58851 <-> MALWARE-OTHER Win.Ransomware.Rollcoast download attempt * 1:58852 <-> MALWARE-CNC Win.Trojan.BazarLoader outbound connection * 1:58853 <-> SERVER-OTHER RealTek UDPServer command injection attempt
* 1:300055 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:300056 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:300057 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:300058 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58722 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58723 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58724 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58725 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58726 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58727 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58728 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58729 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58730 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58731 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58732 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58733 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58734 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58735 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58736 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58737 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58738 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58739 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58740 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58741 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58742 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58743 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58744 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58751 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58784 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58785 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58786 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58787 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58788 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58789 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58790 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58795 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58801 <-> INDICATOR-COMPROMISE JNDI LDAP searchResEntry dynamic code download attempt * 1:58811 <-> SERVER-OTHER VMWare vSphere log4shell exploit attempt * 1:58812 <-> SERVER-OTHER VMWare vSphere log4shell exploit attempt * 1:58813 <-> SERVER-OTHER VMWare vSphere log4shell exploit attempt * 1:58814 <-> POLICY-OTHER Java User-Agent remote class download attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.1.0.
The format of the file is:
gid:sid <-> Message
* 3:58836 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1434 attack attempt * 3:58837 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1434 attack attempt * 1:58838 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center Index Java expression language injection attempt * 1:58839 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center Index Java expression language injection attempt * 1:58840 <-> SERVER-WEBAPP Trend Micro Control Manager AdHocQuery_Result XML external entity injection attempt * 1:58841 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Java expression language injection attempt * 1:58842 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Java expression language injection attempt * 1:58843 <-> SERVER-WEBAPP FUEL CMS col SQL injection attempt * 1:58844 <-> SERVER-WEBAPP FUEL CMS col SQL injection attempt * 1:58845 <-> SERVER-WEBAPP FUEL CMS col SQL injection attempt * 1:58846 <-> PROTOCOL-OTHER libcurl mqtt use after free attempt * 1:58847 <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway requestDomains hidDomains SQL injection attempt * 1:58848 <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway requestDomains hidDomains SQL injection attempt * 1:58849 <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway requestDomains hidDomains SQL injection attempt * 1:58850 <-> MALWARE-OTHER Win.Ransomware.Rollcoast download attempt * 1:58851 <-> MALWARE-OTHER Win.Ransomware.Rollcoast download attempt * 1:58852 <-> MALWARE-CNC Win.Trojan.BazarLoader outbound connection * 1:58853 <-> SERVER-OTHER RealTek UDPServer command injection attempt
* 1:300055 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:300056 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:300057 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:300058 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58722 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58723 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58724 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58725 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58726 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58727 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58728 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58729 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58730 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58731 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58732 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58733 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58734 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58735 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58736 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58737 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58738 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58739 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58740 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58741 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58742 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58743 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58744 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58751 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58784 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58785 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58786 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58787 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58788 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58789 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58790 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58795 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58801 <-> INDICATOR-COMPROMISE JNDI LDAP searchResEntry dynamic code download attempt * 1:58811 <-> SERVER-OTHER VMWare vSphere log4shell exploit attempt * 1:58812 <-> SERVER-OTHER VMWare vSphere log4shell exploit attempt * 1:58813 <-> SERVER-OTHER VMWare vSphere log4shell exploit attempt * 1:58814 <-> POLICY-OTHER Java User-Agent remote class download attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.3.0.
The format of the file is:
gid:sid <-> Message
* 3:58836 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1434 attack attempt * 3:58837 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1434 attack attempt * 1:58838 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center Index Java expression language injection attempt * 1:58839 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center Index Java expression language injection attempt * 1:58840 <-> SERVER-WEBAPP Trend Micro Control Manager AdHocQuery_Result XML external entity injection attempt * 1:58841 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Java expression language injection attempt * 1:58842 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Java expression language injection attempt * 1:58843 <-> SERVER-WEBAPP FUEL CMS col SQL injection attempt * 1:58844 <-> SERVER-WEBAPP FUEL CMS col SQL injection attempt * 1:58845 <-> SERVER-WEBAPP FUEL CMS col SQL injection attempt * 1:58846 <-> PROTOCOL-OTHER libcurl mqtt use after free attempt * 1:58847 <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway requestDomains hidDomains SQL injection attempt * 1:58848 <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway requestDomains hidDomains SQL injection attempt * 1:58849 <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway requestDomains hidDomains SQL injection attempt * 1:58850 <-> MALWARE-OTHER Win.Ransomware.Rollcoast download attempt * 1:58851 <-> MALWARE-OTHER Win.Ransomware.Rollcoast download attempt * 1:58852 <-> MALWARE-CNC Win.Trojan.BazarLoader outbound connection * 1:58853 <-> SERVER-OTHER RealTek UDPServer command injection attempt
* 1:300055 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:300056 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:300057 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:300058 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58722 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58723 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58724 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58725 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58726 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58727 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58728 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58729 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58730 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58731 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58732 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58733 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58734 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58735 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58736 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58737 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58738 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58739 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58740 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58741 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58742 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58743 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58744 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58751 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58784 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58785 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58786 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58787 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58788 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58789 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58790 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58795 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58801 <-> INDICATOR-COMPROMISE JNDI LDAP searchResEntry dynamic code download attempt * 1:58811 <-> SERVER-OTHER VMWare vSphere log4shell exploit attempt * 1:58812 <-> SERVER-OTHER VMWare vSphere log4shell exploit attempt * 1:58813 <-> SERVER-OTHER VMWare vSphere log4shell exploit attempt * 1:58814 <-> POLICY-OTHER Java User-Agent remote class download attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.5.0.
The format of the file is:
gid:sid <-> Message
* 3:58836 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1434 attack attempt * 3:58837 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1434 attack attempt * 1:58838 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center Index Java expression language injection attempt * 1:58839 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center Index Java expression language injection attempt * 1:58840 <-> SERVER-WEBAPP Trend Micro Control Manager AdHocQuery_Result XML external entity injection attempt * 1:58841 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Java expression language injection attempt * 1:58842 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Java expression language injection attempt * 1:58843 <-> SERVER-WEBAPP FUEL CMS col SQL injection attempt * 1:58844 <-> SERVER-WEBAPP FUEL CMS col SQL injection attempt * 1:58845 <-> SERVER-WEBAPP FUEL CMS col SQL injection attempt * 1:58846 <-> PROTOCOL-OTHER libcurl mqtt use after free attempt * 1:58847 <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway requestDomains hidDomains SQL injection attempt * 1:58848 <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway requestDomains hidDomains SQL injection attempt * 1:58849 <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway requestDomains hidDomains SQL injection attempt * 1:58850 <-> MALWARE-OTHER Win.Ransomware.Rollcoast download attempt * 1:58851 <-> MALWARE-OTHER Win.Ransomware.Rollcoast download attempt * 1:58852 <-> MALWARE-CNC Win.Trojan.BazarLoader outbound connection * 1:58853 <-> SERVER-OTHER RealTek UDPServer command injection attempt
* 1:300055 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:300056 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:300057 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:300058 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58722 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58723 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58724 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58725 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58726 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58727 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58728 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58729 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58730 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58731 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58732 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58733 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58734 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58735 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58736 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58737 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58738 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58739 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58740 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58741 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58742 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58743 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58744 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58751 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58784 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58785 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58786 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58787 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58788 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58789 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58790 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58795 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58801 <-> INDICATOR-COMPROMISE JNDI LDAP searchResEntry dynamic code download attempt * 1:58811 <-> SERVER-OTHER VMWare vSphere log4shell exploit attempt * 1:58812 <-> SERVER-OTHER VMWare vSphere log4shell exploit attempt * 1:58813 <-> SERVER-OTHER VMWare vSphere log4shell exploit attempt * 1:58814 <-> POLICY-OTHER Java User-Agent remote class download attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.7.0.
The format of the file is:
gid:sid <-> Message
* 3:58836 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1434 attack attempt * 3:58837 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1434 attack attempt * 1:58838 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center Index Java expression language injection attempt * 1:58839 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center Index Java expression language injection attempt * 1:58840 <-> SERVER-WEBAPP Trend Micro Control Manager AdHocQuery_Result XML external entity injection attempt * 1:58841 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Java expression language injection attempt * 1:58842 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Java expression language injection attempt * 1:58843 <-> SERVER-WEBAPP FUEL CMS col SQL injection attempt * 1:58844 <-> SERVER-WEBAPP FUEL CMS col SQL injection attempt * 1:58845 <-> SERVER-WEBAPP FUEL CMS col SQL injection attempt * 1:58846 <-> PROTOCOL-OTHER libcurl mqtt use after free attempt * 1:58847 <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway requestDomains hidDomains SQL injection attempt * 1:58848 <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway requestDomains hidDomains SQL injection attempt * 1:58849 <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway requestDomains hidDomains SQL injection attempt * 1:58850 <-> MALWARE-OTHER Win.Ransomware.Rollcoast download attempt * 1:58851 <-> MALWARE-OTHER Win.Ransomware.Rollcoast download attempt * 1:58852 <-> MALWARE-CNC Win.Trojan.BazarLoader outbound connection * 1:58853 <-> SERVER-OTHER RealTek UDPServer command injection attempt
* 1:300055 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:300056 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:300057 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:300058 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58722 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58723 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58724 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58725 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58726 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58727 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58728 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58729 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58730 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58731 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58732 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58733 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58734 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58735 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58736 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58737 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58738 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58739 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58740 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58741 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58742 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58743 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58744 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58751 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58784 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58785 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58786 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58787 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58788 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58789 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58790 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58795 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58801 <-> INDICATOR-COMPROMISE JNDI LDAP searchResEntry dynamic code download attempt * 1:58811 <-> SERVER-OTHER VMWare vSphere log4shell exploit attempt * 1:58812 <-> SERVER-OTHER VMWare vSphere log4shell exploit attempt * 1:58813 <-> SERVER-OTHER VMWare vSphere log4shell exploit attempt * 1:58814 <-> POLICY-OTHER Java User-Agent remote class download attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.15.0.
The format of the file is:
gid:sid <-> Message
* 3:58836 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1434 attack attempt * 3:58837 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1434 attack attempt * 1:58838 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center Index Java expression language injection attempt * 1:58839 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center Index Java expression language injection attempt * 1:58840 <-> SERVER-WEBAPP Trend Micro Control Manager AdHocQuery_Result XML external entity injection attempt * 1:58841 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Java expression language injection attempt * 1:58842 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Java expression language injection attempt * 1:58843 <-> SERVER-WEBAPP FUEL CMS col SQL injection attempt * 1:58844 <-> SERVER-WEBAPP FUEL CMS col SQL injection attempt * 1:58845 <-> SERVER-WEBAPP FUEL CMS col SQL injection attempt * 1:58846 <-> PROTOCOL-OTHER libcurl mqtt use after free attempt * 1:58847 <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway requestDomains hidDomains SQL injection attempt * 1:58848 <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway requestDomains hidDomains SQL injection attempt * 1:58849 <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway requestDomains hidDomains SQL injection attempt * 1:58850 <-> MALWARE-OTHER Win.Ransomware.Rollcoast download attempt * 1:58851 <-> MALWARE-OTHER Win.Ransomware.Rollcoast download attempt * 1:58852 <-> MALWARE-CNC Win.Trojan.BazarLoader outbound connection * 1:58853 <-> SERVER-OTHER RealTek UDPServer command injection attempt
* 1:300055 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:300056 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:300057 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:300058 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58722 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58723 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58724 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58725 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58726 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58727 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58728 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58729 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58730 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58731 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58732 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58733 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58734 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58735 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58736 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58737 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58738 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58739 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58740 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58741 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58742 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58743 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58744 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58751 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58784 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58785 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58786 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58787 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58788 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58789 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58790 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58795 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58801 <-> INDICATOR-COMPROMISE JNDI LDAP searchResEntry dynamic code download attempt * 1:58811 <-> SERVER-OTHER VMWare vSphere log4shell exploit attempt * 1:58812 <-> SERVER-OTHER VMWare vSphere log4shell exploit attempt * 1:58813 <-> SERVER-OTHER VMWare vSphere log4shell exploit attempt * 1:58814 <-> POLICY-OTHER Java User-Agent remote class download attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.18.0.
The format of the file is:
gid:sid <-> Message
* 3:58836 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1434 attack attempt * 3:58837 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1434 attack attempt * 1:58838 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center Index Java expression language injection attempt * 1:58839 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center Index Java expression language injection attempt * 1:58840 <-> SERVER-WEBAPP Trend Micro Control Manager AdHocQuery_Result XML external entity injection attempt * 1:58841 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Java expression language injection attempt * 1:58842 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Java expression language injection attempt * 1:58843 <-> SERVER-WEBAPP FUEL CMS col SQL injection attempt * 1:58844 <-> SERVER-WEBAPP FUEL CMS col SQL injection attempt * 1:58845 <-> SERVER-WEBAPP FUEL CMS col SQL injection attempt * 1:58846 <-> PROTOCOL-OTHER libcurl mqtt use after free attempt * 1:58847 <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway requestDomains hidDomains SQL injection attempt * 1:58848 <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway requestDomains hidDomains SQL injection attempt * 1:58849 <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway requestDomains hidDomains SQL injection attempt * 1:58850 <-> MALWARE-OTHER Win.Ransomware.Rollcoast download attempt * 1:58851 <-> MALWARE-OTHER Win.Ransomware.Rollcoast download attempt * 1:58852 <-> MALWARE-CNC Win.Trojan.BazarLoader outbound connection * 1:58853 <-> SERVER-OTHER RealTek UDPServer command injection attempt
* 1:300055 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:300056 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:300057 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:300058 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58722 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58723 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58724 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58725 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58726 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58727 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58728 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58729 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58730 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58731 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58732 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58733 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58734 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58735 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58736 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58737 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58738 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58739 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58740 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58741 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58742 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58743 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58744 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58751 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58784 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58785 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58786 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58787 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58788 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58789 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58790 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58795 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58801 <-> INDICATOR-COMPROMISE JNDI LDAP searchResEntry dynamic code download attempt * 1:58811 <-> SERVER-OTHER VMWare vSphere log4shell exploit attempt * 1:58812 <-> SERVER-OTHER VMWare vSphere log4shell exploit attempt * 1:58813 <-> SERVER-OTHER VMWare vSphere log4shell exploit attempt * 1:58814 <-> POLICY-OTHER Java User-Agent remote class download attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.0.3.1.
The format of the file is:
gid:sid <-> Message
* 3:58836 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1434 attack attempt * 3:58837 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1434 attack attempt * 1:58838 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center Index Java expression language injection attempt * 1:58839 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center Index Java expression language injection attempt * 1:58840 <-> SERVER-WEBAPP Trend Micro Control Manager AdHocQuery_Result XML external entity injection attempt * 1:58841 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Java expression language injection attempt * 1:58842 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Java expression language injection attempt * 1:58843 <-> SERVER-WEBAPP FUEL CMS col SQL injection attempt * 1:58844 <-> SERVER-WEBAPP FUEL CMS col SQL injection attempt * 1:58845 <-> SERVER-WEBAPP FUEL CMS col SQL injection attempt * 1:58846 <-> PROTOCOL-OTHER libcurl mqtt use after free attempt * 1:58847 <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway requestDomains hidDomains SQL injection attempt * 1:58848 <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway requestDomains hidDomains SQL injection attempt * 1:58849 <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway requestDomains hidDomains SQL injection attempt * 1:58850 <-> MALWARE-OTHER Win.Ransomware.Rollcoast download attempt * 1:58851 <-> MALWARE-OTHER Win.Ransomware.Rollcoast download attempt * 1:58852 <-> MALWARE-CNC Win.Trojan.BazarLoader outbound connection * 1:58853 <-> SERVER-OTHER RealTek UDPServer command injection attempt
* 1:300055 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:300056 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:300057 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:300058 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58722 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58723 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58724 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58725 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58726 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58727 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58728 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58729 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58730 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58731 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58732 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58733 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58734 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58735 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58736 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58737 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58738 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58739 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58740 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58741 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58742 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58743 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58744 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58751 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58784 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58785 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58786 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58787 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58788 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58789 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58790 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58795 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58801 <-> INDICATOR-COMPROMISE JNDI LDAP searchResEntry dynamic code download attempt * 1:58811 <-> SERVER-OTHER VMWare vSphere log4shell exploit attempt * 1:58812 <-> SERVER-OTHER VMWare vSphere log4shell exploit attempt * 1:58813 <-> SERVER-OTHER VMWare vSphere log4shell exploit attempt * 1:58814 <-> POLICY-OTHER Java User-Agent remote class download attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.0.3.4.
The format of the file is:
gid:sid <-> Message
* 3:58836 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1434 attack attempt * 3:58837 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1434 attack attempt * 1:58838 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center Index Java expression language injection attempt * 1:58839 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center Index Java expression language injection attempt * 1:58840 <-> SERVER-WEBAPP Trend Micro Control Manager AdHocQuery_Result XML external entity injection attempt * 1:58841 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Java expression language injection attempt * 1:58842 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Java expression language injection attempt * 1:58843 <-> SERVER-WEBAPP FUEL CMS col SQL injection attempt * 1:58844 <-> SERVER-WEBAPP FUEL CMS col SQL injection attempt * 1:58845 <-> SERVER-WEBAPP FUEL CMS col SQL injection attempt * 1:58846 <-> PROTOCOL-OTHER libcurl mqtt use after free attempt * 1:58847 <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway requestDomains hidDomains SQL injection attempt * 1:58848 <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway requestDomains hidDomains SQL injection attempt * 1:58849 <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway requestDomains hidDomains SQL injection attempt * 1:58850 <-> MALWARE-OTHER Win.Ransomware.Rollcoast download attempt * 1:58851 <-> MALWARE-OTHER Win.Ransomware.Rollcoast download attempt * 1:58852 <-> MALWARE-CNC Win.Trojan.BazarLoader outbound connection * 1:58853 <-> SERVER-OTHER RealTek UDPServer command injection attempt
* 1:300055 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:300056 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:300057 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:300058 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58722 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58723 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58724 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58725 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58726 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58727 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58728 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58729 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58730 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58731 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58732 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58733 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58734 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58735 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58736 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58737 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58738 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58739 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58740 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58741 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58742 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58743 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58744 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58751 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58784 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58785 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58786 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58787 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58788 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58789 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58790 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58795 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58801 <-> INDICATOR-COMPROMISE JNDI LDAP searchResEntry dynamic code download attempt * 1:58811 <-> SERVER-OTHER VMWare vSphere log4shell exploit attempt * 1:58812 <-> SERVER-OTHER VMWare vSphere log4shell exploit attempt * 1:58813 <-> SERVER-OTHER VMWare vSphere log4shell exploit attempt * 1:58814 <-> POLICY-OTHER Java User-Agent remote class download attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.0.0.
The format of the file is:
gid:sid <-> Message
* 3:58836 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1434 attack attempt * 3:58837 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1434 attack attempt * 1:58838 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center Index Java expression language injection attempt * 1:58839 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center Index Java expression language injection attempt * 1:58840 <-> SERVER-WEBAPP Trend Micro Control Manager AdHocQuery_Result XML external entity injection attempt * 1:58841 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Java expression language injection attempt * 1:58842 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Java expression language injection attempt * 1:58843 <-> SERVER-WEBAPP FUEL CMS col SQL injection attempt * 1:58844 <-> SERVER-WEBAPP FUEL CMS col SQL injection attempt * 1:58845 <-> SERVER-WEBAPP FUEL CMS col SQL injection attempt * 1:58846 <-> PROTOCOL-OTHER libcurl mqtt use after free attempt * 1:58847 <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway requestDomains hidDomains SQL injection attempt * 1:58848 <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway requestDomains hidDomains SQL injection attempt * 1:58849 <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway requestDomains hidDomains SQL injection attempt * 1:58850 <-> MALWARE-OTHER Win.Ransomware.Rollcoast download attempt * 1:58851 <-> MALWARE-OTHER Win.Ransomware.Rollcoast download attempt * 1:58852 <-> MALWARE-CNC Win.Trojan.BazarLoader outbound connection * 1:58853 <-> SERVER-OTHER RealTek UDPServer command injection attempt
* 1:300055 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:300056 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:300057 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:300058 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58722 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58723 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58724 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58725 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58726 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58727 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58728 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58729 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58730 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58731 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58732 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58733 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58734 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58735 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58736 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58737 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58738 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58739 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58740 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58741 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58742 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58743 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58744 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58751 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58784 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58785 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58786 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58787 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58788 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58789 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58790 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58795 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58801 <-> INDICATOR-COMPROMISE JNDI LDAP searchResEntry dynamic code download attempt * 1:58811 <-> SERVER-OTHER VMWare vSphere log4shell exploit attempt * 1:58812 <-> SERVER-OTHER VMWare vSphere log4shell exploit attempt * 1:58813 <-> SERVER-OTHER VMWare vSphere log4shell exploit attempt * 1:58814 <-> POLICY-OTHER Java User-Agent remote class download attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.0.1.
The format of the file is:
gid:sid <-> Message
* 3:58836 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1434 attack attempt * 3:58837 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1434 attack attempt * 1:58838 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center Index Java expression language injection attempt * 1:58839 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center Index Java expression language injection attempt * 1:58840 <-> SERVER-WEBAPP Trend Micro Control Manager AdHocQuery_Result XML external entity injection attempt * 1:58841 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Java expression language injection attempt * 1:58842 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Java expression language injection attempt * 1:58843 <-> SERVER-WEBAPP FUEL CMS col SQL injection attempt * 1:58844 <-> SERVER-WEBAPP FUEL CMS col SQL injection attempt * 1:58845 <-> SERVER-WEBAPP FUEL CMS col SQL injection attempt * 1:58846 <-> PROTOCOL-OTHER libcurl mqtt use after free attempt * 1:58847 <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway requestDomains hidDomains SQL injection attempt * 1:58848 <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway requestDomains hidDomains SQL injection attempt * 1:58849 <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway requestDomains hidDomains SQL injection attempt * 1:58850 <-> MALWARE-OTHER Win.Ransomware.Rollcoast download attempt * 1:58851 <-> MALWARE-OTHER Win.Ransomware.Rollcoast download attempt * 1:58852 <-> MALWARE-CNC Win.Trojan.BazarLoader outbound connection * 1:58853 <-> SERVER-OTHER RealTek UDPServer command injection attempt
* 1:300055 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:300056 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:300057 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:300058 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58722 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58723 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58724 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58725 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58726 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58727 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58728 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58729 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58730 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58731 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58732 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58733 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58734 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58735 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58736 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58737 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58738 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58739 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58740 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58741 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58742 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58743 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58744 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58751 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58784 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58785 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58786 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58787 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58788 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58789 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58790 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58795 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58801 <-> INDICATOR-COMPROMISE JNDI LDAP searchResEntry dynamic code download attempt * 1:58811 <-> SERVER-OTHER VMWare vSphere log4shell exploit attempt * 1:58812 <-> SERVER-OTHER VMWare vSphere log4shell exploit attempt * 1:58813 <-> SERVER-OTHER VMWare vSphere log4shell exploit attempt * 1:58814 <-> POLICY-OTHER Java User-Agent remote class download attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.1.0.
The format of the file is:
gid:sid <-> Message
* 3:58836 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1434 attack attempt * 3:58837 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1434 attack attempt * 1:58838 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center Index Java expression language injection attempt * 1:58839 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center Index Java expression language injection attempt * 1:58840 <-> SERVER-WEBAPP Trend Micro Control Manager AdHocQuery_Result XML external entity injection attempt * 1:58841 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Java expression language injection attempt * 1:58842 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Java expression language injection attempt * 1:58843 <-> SERVER-WEBAPP FUEL CMS col SQL injection attempt * 1:58844 <-> SERVER-WEBAPP FUEL CMS col SQL injection attempt * 1:58845 <-> SERVER-WEBAPP FUEL CMS col SQL injection attempt * 1:58846 <-> PROTOCOL-OTHER libcurl mqtt use after free attempt * 1:58847 <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway requestDomains hidDomains SQL injection attempt * 1:58848 <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway requestDomains hidDomains SQL injection attempt * 1:58849 <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway requestDomains hidDomains SQL injection attempt * 1:58850 <-> MALWARE-OTHER Win.Ransomware.Rollcoast download attempt * 1:58851 <-> MALWARE-OTHER Win.Ransomware.Rollcoast download attempt * 1:58852 <-> MALWARE-CNC Win.Trojan.BazarLoader outbound connection * 1:58853 <-> SERVER-OTHER RealTek UDPServer command injection attempt
* 1:300055 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:300056 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:300057 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:300058 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58722 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58723 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58724 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58725 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58726 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58727 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58728 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58729 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58730 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58731 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58732 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58733 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58734 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58735 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58736 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58737 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58738 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58739 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58740 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58741 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58742 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58743 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58744 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58751 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58784 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58785 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58786 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58787 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58788 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58789 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58790 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58795 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58801 <-> INDICATOR-COMPROMISE JNDI LDAP searchResEntry dynamic code download attempt * 1:58811 <-> SERVER-OTHER VMWare vSphere log4shell exploit attempt * 1:58812 <-> SERVER-OTHER VMWare vSphere log4shell exploit attempt * 1:58813 <-> SERVER-OTHER VMWare vSphere log4shell exploit attempt * 1:58814 <-> POLICY-OTHER Java User-Agent remote class download attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.3.0.
The format of the file is:
gid:sid <-> Message
* 3:58836 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1434 attack attempt * 3:58837 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1434 attack attempt * 1:58838 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center Index Java expression language injection attempt * 1:58839 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center Index Java expression language injection attempt * 1:58840 <-> SERVER-WEBAPP Trend Micro Control Manager AdHocQuery_Result XML external entity injection attempt * 1:58841 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Java expression language injection attempt * 1:58842 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Java expression language injection attempt * 1:58843 <-> SERVER-WEBAPP FUEL CMS col SQL injection attempt * 1:58844 <-> SERVER-WEBAPP FUEL CMS col SQL injection attempt * 1:58845 <-> SERVER-WEBAPP FUEL CMS col SQL injection attempt * 1:58846 <-> PROTOCOL-OTHER libcurl mqtt use after free attempt * 1:58847 <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway requestDomains hidDomains SQL injection attempt * 1:58848 <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway requestDomains hidDomains SQL injection attempt * 1:58849 <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway requestDomains hidDomains SQL injection attempt * 1:58850 <-> MALWARE-OTHER Win.Ransomware.Rollcoast download attempt * 1:58851 <-> MALWARE-OTHER Win.Ransomware.Rollcoast download attempt * 1:58852 <-> MALWARE-CNC Win.Trojan.BazarLoader outbound connection * 1:58853 <-> SERVER-OTHER RealTek UDPServer command injection attempt
* 1:300055 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:300056 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:300057 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:300058 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58722 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58723 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58724 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58725 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58726 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58727 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58728 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58729 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58730 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58731 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58732 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58733 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58734 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58735 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58736 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58737 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58738 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58739 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58740 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58741 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58742 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58743 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58744 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58751 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58784 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58785 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58786 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58787 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58788 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58789 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58790 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58795 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58801 <-> INDICATOR-COMPROMISE JNDI LDAP searchResEntry dynamic code download attempt * 1:58811 <-> SERVER-OTHER VMWare vSphere log4shell exploit attempt * 1:58812 <-> SERVER-OTHER VMWare vSphere log4shell exploit attempt * 1:58813 <-> SERVER-OTHER VMWare vSphere log4shell exploit attempt * 1:58814 <-> POLICY-OTHER Java User-Agent remote class download attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.4.0.
The format of the file is:
gid:sid <-> Message
* 3:58836 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1434 attack attempt * 3:58837 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1434 attack attempt * 1:58838 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center Index Java expression language injection attempt * 1:58839 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center Index Java expression language injection attempt * 1:58840 <-> SERVER-WEBAPP Trend Micro Control Manager AdHocQuery_Result XML external entity injection attempt * 1:58841 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Java expression language injection attempt * 1:58842 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Java expression language injection attempt * 1:58843 <-> SERVER-WEBAPP FUEL CMS col SQL injection attempt * 1:58844 <-> SERVER-WEBAPP FUEL CMS col SQL injection attempt * 1:58845 <-> SERVER-WEBAPP FUEL CMS col SQL injection attempt * 1:58846 <-> PROTOCOL-OTHER libcurl mqtt use after free attempt * 1:58847 <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway requestDomains hidDomains SQL injection attempt * 1:58848 <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway requestDomains hidDomains SQL injection attempt * 1:58849 <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway requestDomains hidDomains SQL injection attempt * 1:58850 <-> MALWARE-OTHER Win.Ransomware.Rollcoast download attempt * 1:58851 <-> MALWARE-OTHER Win.Ransomware.Rollcoast download attempt * 1:58852 <-> MALWARE-CNC Win.Trojan.BazarLoader outbound connection * 1:58853 <-> SERVER-OTHER RealTek UDPServer command injection attempt
* 1:300055 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:300056 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:300057 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:300058 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58722 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58723 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58724 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58725 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58726 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58727 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58728 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58729 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58730 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58731 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58732 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58733 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58734 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58735 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58736 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58737 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58738 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58739 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58740 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58741 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58742 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58743 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58744 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58751 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58784 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58785 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58786 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58787 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58788 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58789 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58790 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58795 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58801 <-> INDICATOR-COMPROMISE JNDI LDAP searchResEntry dynamic code download attempt * 1:58811 <-> SERVER-OTHER VMWare vSphere log4shell exploit attempt * 1:58812 <-> SERVER-OTHER VMWare vSphere log4shell exploit attempt * 1:58813 <-> SERVER-OTHER VMWare vSphere log4shell exploit attempt * 1:58814 <-> POLICY-OTHER Java User-Agent remote class download attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.5.0.
The format of the file is:
gid:sid <-> Message
* 3:58836 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1434 attack attempt * 3:58837 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1434 attack attempt * 1:58838 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center Index Java expression language injection attempt * 1:58839 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center Index Java expression language injection attempt * 1:58840 <-> SERVER-WEBAPP Trend Micro Control Manager AdHocQuery_Result XML external entity injection attempt * 1:58841 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Java expression language injection attempt * 1:58842 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Java expression language injection attempt * 1:58843 <-> SERVER-WEBAPP FUEL CMS col SQL injection attempt * 1:58844 <-> SERVER-WEBAPP FUEL CMS col SQL injection attempt * 1:58845 <-> SERVER-WEBAPP FUEL CMS col SQL injection attempt * 1:58846 <-> PROTOCOL-OTHER libcurl mqtt use after free attempt * 1:58847 <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway requestDomains hidDomains SQL injection attempt * 1:58848 <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway requestDomains hidDomains SQL injection attempt * 1:58849 <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway requestDomains hidDomains SQL injection attempt * 1:58850 <-> MALWARE-OTHER Win.Ransomware.Rollcoast download attempt * 1:58851 <-> MALWARE-OTHER Win.Ransomware.Rollcoast download attempt * 1:58852 <-> MALWARE-CNC Win.Trojan.BazarLoader outbound connection * 1:58853 <-> SERVER-OTHER RealTek UDPServer command injection attempt
* 1:300055 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:300056 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:300057 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:300058 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58722 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58723 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58724 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58725 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58726 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58727 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58728 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58729 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58730 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58731 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58732 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58733 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58734 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58735 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58736 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58737 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58738 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58739 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58740 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58741 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58742 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58743 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58744 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58751 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58784 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58785 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58786 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58787 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58788 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58789 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58790 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58795 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58801 <-> INDICATOR-COMPROMISE JNDI LDAP searchResEntry dynamic code download attempt * 1:58811 <-> SERVER-OTHER VMWare vSphere log4shell exploit attempt * 1:58812 <-> SERVER-OTHER VMWare vSphere log4shell exploit attempt * 1:58813 <-> SERVER-OTHER VMWare vSphere log4shell exploit attempt * 1:58814 <-> POLICY-OTHER Java User-Agent remote class download attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.7.0.
The format of the file is:
gid:sid <-> Message
* 3:58836 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1434 attack attempt * 3:58837 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1434 attack attempt * 1:58838 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center Index Java expression language injection attempt * 1:58839 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center Index Java expression language injection attempt * 1:58840 <-> SERVER-WEBAPP Trend Micro Control Manager AdHocQuery_Result XML external entity injection attempt * 1:58841 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Java expression language injection attempt * 1:58842 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Java expression language injection attempt * 1:58843 <-> SERVER-WEBAPP FUEL CMS col SQL injection attempt * 1:58844 <-> SERVER-WEBAPP FUEL CMS col SQL injection attempt * 1:58845 <-> SERVER-WEBAPP FUEL CMS col SQL injection attempt * 1:58846 <-> PROTOCOL-OTHER libcurl mqtt use after free attempt * 1:58847 <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway requestDomains hidDomains SQL injection attempt * 1:58848 <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway requestDomains hidDomains SQL injection attempt * 1:58849 <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway requestDomains hidDomains SQL injection attempt * 1:58850 <-> MALWARE-OTHER Win.Ransomware.Rollcoast download attempt * 1:58851 <-> MALWARE-OTHER Win.Ransomware.Rollcoast download attempt * 1:58852 <-> MALWARE-CNC Win.Trojan.BazarLoader outbound connection * 1:58853 <-> SERVER-OTHER RealTek UDPServer command injection attempt
* 1:300055 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:300056 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:300057 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:300058 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58722 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58723 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58724 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58725 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58726 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58727 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58728 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58729 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58730 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58731 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58732 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58733 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58734 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58735 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58736 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58737 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58738 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58739 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58740 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58741 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58742 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58743 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58744 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58751 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58784 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58785 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58786 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58787 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58788 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58789 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58790 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58795 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58801 <-> INDICATOR-COMPROMISE JNDI LDAP searchResEntry dynamic code download attempt * 1:58811 <-> SERVER-OTHER VMWare vSphere log4shell exploit attempt * 1:58812 <-> SERVER-OTHER VMWare vSphere log4shell exploit attempt * 1:58813 <-> SERVER-OTHER VMWare vSphere log4shell exploit attempt * 1:58814 <-> POLICY-OTHER Java User-Agent remote class download attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.9.0.
The format of the file is:
gid:sid <-> Message
* 3:58836 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1434 attack attempt * 3:58837 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1434 attack attempt * 1:58838 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center Index Java expression language injection attempt * 1:58839 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center Index Java expression language injection attempt * 1:58840 <-> SERVER-WEBAPP Trend Micro Control Manager AdHocQuery_Result XML external entity injection attempt * 1:58841 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Java expression language injection attempt * 1:58842 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Java expression language injection attempt * 1:58843 <-> SERVER-WEBAPP FUEL CMS col SQL injection attempt * 1:58844 <-> SERVER-WEBAPP FUEL CMS col SQL injection attempt * 1:58845 <-> SERVER-WEBAPP FUEL CMS col SQL injection attempt * 1:58846 <-> PROTOCOL-OTHER libcurl mqtt use after free attempt * 1:58847 <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway requestDomains hidDomains SQL injection attempt * 1:58848 <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway requestDomains hidDomains SQL injection attempt * 1:58849 <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway requestDomains hidDomains SQL injection attempt * 1:58850 <-> MALWARE-OTHER Win.Ransomware.Rollcoast download attempt * 1:58851 <-> MALWARE-OTHER Win.Ransomware.Rollcoast download attempt * 1:58852 <-> MALWARE-CNC Win.Trojan.BazarLoader outbound connection * 1:58853 <-> SERVER-OTHER RealTek UDPServer command injection attempt
* 1:300055 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:300056 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:300057 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:300058 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58722 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58723 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58724 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58725 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58726 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58727 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58728 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58729 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58730 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58731 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58732 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58733 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58734 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58735 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58736 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58737 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58738 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58739 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58740 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58741 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58742 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58743 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58744 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58751 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58784 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58785 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58786 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58787 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58788 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58789 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58790 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58795 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58801 <-> INDICATOR-COMPROMISE JNDI LDAP searchResEntry dynamic code download attempt * 1:58811 <-> SERVER-OTHER VMWare vSphere log4shell exploit attempt * 1:58812 <-> SERVER-OTHER VMWare vSphere log4shell exploit attempt * 1:58813 <-> SERVER-OTHER VMWare vSphere log4shell exploit attempt * 1:58814 <-> POLICY-OTHER Java User-Agent remote class download attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.11.0.
The format of the file is:
gid:sid <-> Message
* 3:58836 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1434 attack attempt * 3:58837 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1434 attack attempt * 1:58838 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center Index Java expression language injection attempt * 1:58839 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center Index Java expression language injection attempt * 1:58840 <-> SERVER-WEBAPP Trend Micro Control Manager AdHocQuery_Result XML external entity injection attempt * 1:58841 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Java expression language injection attempt * 1:58842 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Java expression language injection attempt * 1:58843 <-> SERVER-WEBAPP FUEL CMS col SQL injection attempt * 1:58844 <-> SERVER-WEBAPP FUEL CMS col SQL injection attempt * 1:58845 <-> SERVER-WEBAPP FUEL CMS col SQL injection attempt * 1:58846 <-> PROTOCOL-OTHER libcurl mqtt use after free attempt * 1:58847 <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway requestDomains hidDomains SQL injection attempt * 1:58848 <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway requestDomains hidDomains SQL injection attempt * 1:58849 <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway requestDomains hidDomains SQL injection attempt * 1:58850 <-> MALWARE-OTHER Win.Ransomware.Rollcoast download attempt * 1:58851 <-> MALWARE-OTHER Win.Ransomware.Rollcoast download attempt * 1:58852 <-> MALWARE-CNC Win.Trojan.BazarLoader outbound connection * 1:58853 <-> SERVER-OTHER RealTek UDPServer command injection attempt
* 1:300055 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:300056 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:300057 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:300058 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58722 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58723 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58724 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58725 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58726 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58727 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58728 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58729 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58730 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58731 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58732 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58733 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58734 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58735 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58736 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58737 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58738 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58739 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58740 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58741 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58742 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58743 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58744 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58751 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58784 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58785 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58786 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58787 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58788 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58789 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58790 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58795 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58801 <-> INDICATOR-COMPROMISE JNDI LDAP searchResEntry dynamic code download attempt * 1:58811 <-> SERVER-OTHER VMWare vSphere log4shell exploit attempt * 1:58812 <-> SERVER-OTHER VMWare vSphere log4shell exploit attempt * 1:58813 <-> SERVER-OTHER VMWare vSphere log4shell exploit attempt * 1:58814 <-> POLICY-OTHER Java User-Agent remote class download attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.15.0.
The format of the file is:
gid:sid <-> Message
* 3:58836 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1434 attack attempt * 3:58837 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1434 attack attempt * 1:58838 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center Index Java expression language injection attempt * 1:58839 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center Index Java expression language injection attempt * 1:58840 <-> SERVER-WEBAPP Trend Micro Control Manager AdHocQuery_Result XML external entity injection attempt * 1:58841 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Java expression language injection attempt * 1:58842 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Java expression language injection attempt * 1:58843 <-> SERVER-WEBAPP FUEL CMS col SQL injection attempt * 1:58844 <-> SERVER-WEBAPP FUEL CMS col SQL injection attempt * 1:58845 <-> SERVER-WEBAPP FUEL CMS col SQL injection attempt * 1:58846 <-> PROTOCOL-OTHER libcurl mqtt use after free attempt * 1:58847 <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway requestDomains hidDomains SQL injection attempt * 1:58848 <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway requestDomains hidDomains SQL injection attempt * 1:58849 <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway requestDomains hidDomains SQL injection attempt * 1:58850 <-> MALWARE-OTHER Win.Ransomware.Rollcoast download attempt * 1:58851 <-> MALWARE-OTHER Win.Ransomware.Rollcoast download attempt * 1:58852 <-> MALWARE-CNC Win.Trojan.BazarLoader outbound connection * 1:58853 <-> SERVER-OTHER RealTek UDPServer command injection attempt
* 1:300055 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:300056 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:300057 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:300058 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58722 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58723 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58724 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58725 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58726 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58727 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58728 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58729 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58730 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58731 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58732 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58733 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58734 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58735 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58736 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58737 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58738 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58739 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58740 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58741 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58742 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58743 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58744 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58751 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58784 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58785 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58786 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58787 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58788 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58789 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58790 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58795 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58801 <-> INDICATOR-COMPROMISE JNDI LDAP searchResEntry dynamic code download attempt * 1:58811 <-> SERVER-OTHER VMWare vSphere log4shell exploit attempt * 1:58812 <-> SERVER-OTHER VMWare vSphere log4shell exploit attempt * 1:58813 <-> SERVER-OTHER VMWare vSphere log4shell exploit attempt * 1:58814 <-> POLICY-OTHER Java User-Agent remote class download attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.18.0.
The format of the file is:
gid:sid <-> Message
* 3:58836 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1434 attack attempt * 3:58837 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1434 attack attempt * 1:58838 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center Index Java expression language injection attempt * 1:58839 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center Index Java expression language injection attempt * 1:58840 <-> SERVER-WEBAPP Trend Micro Control Manager AdHocQuery_Result XML external entity injection attempt * 1:58841 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Java expression language injection attempt * 1:58842 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Java expression language injection attempt * 1:58843 <-> SERVER-WEBAPP FUEL CMS col SQL injection attempt * 1:58844 <-> SERVER-WEBAPP FUEL CMS col SQL injection attempt * 1:58845 <-> SERVER-WEBAPP FUEL CMS col SQL injection attempt * 1:58846 <-> PROTOCOL-OTHER libcurl mqtt use after free attempt * 1:58847 <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway requestDomains hidDomains SQL injection attempt * 1:58848 <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway requestDomains hidDomains SQL injection attempt * 1:58849 <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway requestDomains hidDomains SQL injection attempt * 1:58850 <-> MALWARE-OTHER Win.Ransomware.Rollcoast download attempt * 1:58851 <-> MALWARE-OTHER Win.Ransomware.Rollcoast download attempt * 1:58852 <-> MALWARE-CNC Win.Trojan.BazarLoader outbound connection * 1:58853 <-> SERVER-OTHER RealTek UDPServer command injection attempt
* 1:300055 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:300056 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:300057 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:300058 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58722 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58723 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58724 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58725 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58726 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58727 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58728 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58729 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58730 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58731 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58732 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58733 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58734 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58735 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58736 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58737 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58738 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58739 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58740 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58741 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58742 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58743 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58744 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58751 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58784 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58785 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58786 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58787 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58788 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58789 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58790 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58795 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:58801 <-> INDICATOR-COMPROMISE JNDI LDAP searchResEntry dynamic code download attempt * 1:58811 <-> SERVER-OTHER VMWare vSphere log4shell exploit attempt * 1:58812 <-> SERVER-OTHER VMWare vSphere log4shell exploit attempt * 1:58813 <-> SERVER-OTHER VMWare vSphere log4shell exploit attempt * 1:58814 <-> POLICY-OTHER Java User-Agent remote class download attempt
©2024 Cisco and/or its affiliates. Snort, the Snort and Pig logo are registered trademarks of Cisco. All rights reserved.
