Talos has added and modified multiple rules in the browser-other, malware-other, os-windows, policy-other and server-webapp rule sets to provide coverage for emerging threats from these technologies.
For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091900.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:59032 <-> DISABLED <-> SERVER-WEBAPP Apache ActiveMQ Web Console cross site scripting attempt (server-webapp.rules) * 1:59033 <-> DISABLED <-> SERVER-WEBAPP Apache ActiveMQ Web Console cross site scripting attempt (server-webapp.rules) * 1:59034 <-> DISABLED <-> SERVER-WEBAPP HiSilicon Video Encoders unauthenticated command injection attempt (server-webapp.rules) * 1:59035 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.AK74 inbound connection attempt (malware-other.rules) * 1:59036 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.AK74 outbound connection attempt (malware-other.rules) * 1:59037 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.AK74 inbound connection attempt (malware-other.rules) * 1:59038 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.AK74 inbound connection attempt (malware-other.rules) * 1:59039 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.AK74 inbound connection attempt (malware-other.rules) * 1:59040 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.AK74 inbound connection attempt (malware-other.rules) * 1:59041 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.AK74 inbound connection attempt (malware-other.rules) * 1:59042 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.AK74 inbound connection attempt (malware-other.rules) * 1:59043 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.AK74 inbound connection attempt (malware-other.rules) * 1:59044 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.AK74 download attempt (malware-other.rules) * 1:59045 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.AK74 upload attempt (malware-other.rules) * 1:59046 <-> DISABLED <-> BROWSER-OTHER Slack command injection attempt (browser-other.rules) * 1:59047 <-> DISABLED <-> BROWSER-OTHER Slack command injection attempt (browser-other.rules) * 1:59048 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Generic outbound connection attempt (malware-other.rules) * 1:59049 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Andela inbound connection attempt (malware-other.rules) * 1:59050 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Andela download attempt (malware-other.rules) * 1:59051 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Andela upload attempt (malware-other.rules) * 1:59052 <-> DISABLED <-> OS-WINDOWS Microsoft Windows AD DS potential elevation of privilege attempt (os-windows.rules) * 1:59053 <-> DISABLED <-> POLICY-OTHER Microsoft Windows S4U2self request for administrator account attempt (policy-other.rules) * 1:59054 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Alpha inbound connection attempt (malware-other.rules) * 1:59055 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Alpha outbound connection attempt (malware-other.rules) * 1:59056 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Generic download attempt (malware-other.rules) * 1:59057 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Generic upload attempt (malware-other.rules) * 3:59058 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2022-1458 attack attempt (server-other.rules) * 3:59059 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2022-1457 attack attempt (server-other.rules) * 3:59060 <-> ENABLED <-> POLICY-OTHER Cisco RV Series Routers driver upload detected (policy-other.rules) * 3:59061 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1459 attack attempt (policy-other.rules)
* 1:58638 <-> DISABLED <-> SERVER-OTHER Microsoft Exchange Server remote code execution attempt (server-other.rules) * 1:58637 <-> DISABLED <-> SERVER-OTHER Microsoft Exchange Server remote code execution attempt (server-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091801.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:59034 <-> DISABLED <-> SERVER-WEBAPP HiSilicon Video Encoders unauthenticated command injection attempt (server-webapp.rules) * 1:59041 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.AK74 inbound connection attempt (malware-other.rules) * 1:59040 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.AK74 inbound connection attempt (malware-other.rules) * 1:59043 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.AK74 inbound connection attempt (malware-other.rules) * 1:59042 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.AK74 inbound connection attempt (malware-other.rules) * 1:59045 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.AK74 upload attempt (malware-other.rules) * 1:59044 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.AK74 download attempt (malware-other.rules) * 1:59047 <-> DISABLED <-> BROWSER-OTHER Slack command injection attempt (browser-other.rules) * 1:59046 <-> DISABLED <-> BROWSER-OTHER Slack command injection attempt (browser-other.rules) * 1:59048 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Generic outbound connection attempt (malware-other.rules) * 1:59050 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Andela download attempt (malware-other.rules) * 1:59049 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Andela inbound connection attempt (malware-other.rules) * 1:59051 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Andela upload attempt (malware-other.rules) * 1:59053 <-> DISABLED <-> POLICY-OTHER Microsoft Windows S4U2self request for administrator account attempt (policy-other.rules) * 1:59052 <-> DISABLED <-> OS-WINDOWS Microsoft Windows AD DS potential elevation of privilege attempt (os-windows.rules) * 1:59035 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.AK74 inbound connection attempt (malware-other.rules) * 1:59033 <-> DISABLED <-> SERVER-WEBAPP Apache ActiveMQ Web Console cross site scripting attempt (server-webapp.rules) * 1:59032 <-> DISABLED <-> SERVER-WEBAPP Apache ActiveMQ Web Console cross site scripting attempt (server-webapp.rules) * 1:59036 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.AK74 outbound connection attempt (malware-other.rules) * 1:59037 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.AK74 inbound connection attempt (malware-other.rules) * 1:59038 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.AK74 inbound connection attempt (malware-other.rules) * 1:59039 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.AK74 inbound connection attempt (malware-other.rules) * 1:59056 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Generic download attempt (malware-other.rules) * 1:59055 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Alpha outbound connection attempt (malware-other.rules) * 1:59054 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Alpha inbound connection attempt (malware-other.rules) * 1:59057 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Generic upload attempt (malware-other.rules) * 3:59058 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2022-1458 attack attempt (server-other.rules) * 3:59060 <-> ENABLED <-> POLICY-OTHER Cisco RV Series Routers driver upload detected (policy-other.rules) * 3:59059 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2022-1457 attack attempt (server-other.rules) * 3:59061 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1459 attack attempt (policy-other.rules)
* 1:58638 <-> DISABLED <-> SERVER-OTHER Microsoft Exchange Server remote code execution attempt (server-other.rules) * 1:58637 <-> DISABLED <-> SERVER-OTHER Microsoft Exchange Server remote code execution attempt (server-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091701.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:59033 <-> DISABLED <-> SERVER-WEBAPP Apache ActiveMQ Web Console cross site scripting attempt (server-webapp.rules) * 1:59036 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.AK74 outbound connection attempt (malware-other.rules) * 1:59041 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.AK74 inbound connection attempt (malware-other.rules) * 1:59056 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Generic download attempt (malware-other.rules) * 1:59032 <-> DISABLED <-> SERVER-WEBAPP Apache ActiveMQ Web Console cross site scripting attempt (server-webapp.rules) * 1:59042 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.AK74 inbound connection attempt (malware-other.rules) * 1:59054 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Alpha inbound connection attempt (malware-other.rules) * 1:59053 <-> DISABLED <-> POLICY-OTHER Microsoft Windows S4U2self request for administrator account attempt (policy-other.rules) * 1:59055 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Alpha outbound connection attempt (malware-other.rules) * 1:59057 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Generic upload attempt (malware-other.rules) * 1:59045 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.AK74 upload attempt (malware-other.rules) * 1:59043 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.AK74 inbound connection attempt (malware-other.rules) * 1:59044 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.AK74 download attempt (malware-other.rules) * 1:59046 <-> DISABLED <-> BROWSER-OTHER Slack command injection attempt (browser-other.rules) * 1:59047 <-> DISABLED <-> BROWSER-OTHER Slack command injection attempt (browser-other.rules) * 1:59049 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Andela inbound connection attempt (malware-other.rules) * 1:59048 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Generic outbound connection attempt (malware-other.rules) * 1:59037 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.AK74 inbound connection attempt (malware-other.rules) * 1:59034 <-> DISABLED <-> SERVER-WEBAPP HiSilicon Video Encoders unauthenticated command injection attempt (server-webapp.rules) * 1:59035 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.AK74 inbound connection attempt (malware-other.rules) * 1:59038 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.AK74 inbound connection attempt (malware-other.rules) * 1:59039 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.AK74 inbound connection attempt (malware-other.rules) * 1:59040 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.AK74 inbound connection attempt (malware-other.rules) * 1:59052 <-> DISABLED <-> OS-WINDOWS Microsoft Windows AD DS potential elevation of privilege attempt (os-windows.rules) * 1:59051 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Andela upload attempt (malware-other.rules) * 1:59050 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Andela download attempt (malware-other.rules) * 3:59061 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1459 attack attempt (policy-other.rules) * 3:59058 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2022-1458 attack attempt (server-other.rules) * 3:59059 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2022-1457 attack attempt (server-other.rules) * 3:59060 <-> ENABLED <-> POLICY-OTHER Cisco RV Series Routers driver upload detected (policy-other.rules)
* 1:58638 <-> DISABLED <-> SERVER-OTHER Microsoft Exchange Server remote code execution attempt (server-other.rules) * 1:58637 <-> DISABLED <-> SERVER-OTHER Microsoft Exchange Server remote code execution attempt (server-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091700.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:59053 <-> DISABLED <-> POLICY-OTHER Microsoft Windows S4U2self request for administrator account attempt (policy-other.rules) * 1:59033 <-> DISABLED <-> SERVER-WEBAPP Apache ActiveMQ Web Console cross site scripting attempt (server-webapp.rules) * 1:59040 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.AK74 inbound connection attempt (malware-other.rules) * 1:59042 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.AK74 inbound connection attempt (malware-other.rules) * 1:59041 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.AK74 inbound connection attempt (malware-other.rules) * 1:59044 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.AK74 download attempt (malware-other.rules) * 1:59039 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.AK74 inbound connection attempt (malware-other.rules) * 1:59046 <-> DISABLED <-> BROWSER-OTHER Slack command injection attempt (browser-other.rules) * 1:59045 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.AK74 upload attempt (malware-other.rules) * 1:59048 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Generic outbound connection attempt (malware-other.rules) * 1:59043 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.AK74 inbound connection attempt (malware-other.rules) * 1:59050 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Andela download attempt (malware-other.rules) * 1:59049 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Andela inbound connection attempt (malware-other.rules) * 1:59047 <-> DISABLED <-> BROWSER-OTHER Slack command injection attempt (browser-other.rules) * 1:59051 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Andela upload attempt (malware-other.rules) * 1:59056 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Generic download attempt (malware-other.rules) * 1:59052 <-> DISABLED <-> OS-WINDOWS Microsoft Windows AD DS potential elevation of privilege attempt (os-windows.rules) * 1:59032 <-> DISABLED <-> SERVER-WEBAPP Apache ActiveMQ Web Console cross site scripting attempt (server-webapp.rules) * 1:59035 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.AK74 inbound connection attempt (malware-other.rules) * 1:59036 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.AK74 outbound connection attempt (malware-other.rules) * 1:59054 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Alpha inbound connection attempt (malware-other.rules) * 1:59055 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Alpha outbound connection attempt (malware-other.rules) * 1:59037 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.AK74 inbound connection attempt (malware-other.rules) * 1:59057 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Generic upload attempt (malware-other.rules) * 1:59034 <-> DISABLED <-> SERVER-WEBAPP HiSilicon Video Encoders unauthenticated command injection attempt (server-webapp.rules) * 1:59038 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.AK74 inbound connection attempt (malware-other.rules) * 3:59061 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1459 attack attempt (policy-other.rules) * 3:59060 <-> ENABLED <-> POLICY-OTHER Cisco RV Series Routers driver upload detected (policy-other.rules) * 3:59058 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2022-1458 attack attempt (server-other.rules) * 3:59059 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2022-1457 attack attempt (server-other.rules)
* 1:58638 <-> DISABLED <-> SERVER-OTHER Microsoft Exchange Server remote code execution attempt (server-other.rules) * 1:58637 <-> DISABLED <-> SERVER-OTHER Microsoft Exchange Server remote code execution attempt (server-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091601.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:59033 <-> DISABLED <-> SERVER-WEBAPP Apache ActiveMQ Web Console cross site scripting attempt (server-webapp.rules) * 1:59038 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.AK74 inbound connection attempt (malware-other.rules) * 1:59037 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.AK74 inbound connection attempt (malware-other.rules) * 1:59036 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.AK74 outbound connection attempt (malware-other.rules) * 1:59034 <-> DISABLED <-> SERVER-WEBAPP HiSilicon Video Encoders unauthenticated command injection attempt (server-webapp.rules) * 1:59051 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Andela upload attempt (malware-other.rules) * 1:59046 <-> DISABLED <-> BROWSER-OTHER Slack command injection attempt (browser-other.rules) * 1:59045 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.AK74 upload attempt (malware-other.rules) * 1:59032 <-> DISABLED <-> SERVER-WEBAPP Apache ActiveMQ Web Console cross site scripting attempt (server-webapp.rules) * 1:59056 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Generic download attempt (malware-other.rules) * 1:59040 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.AK74 inbound connection attempt (malware-other.rules) * 1:59049 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Andela inbound connection attempt (malware-other.rules) * 1:59041 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.AK74 inbound connection attempt (malware-other.rules) * 1:59042 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.AK74 inbound connection attempt (malware-other.rules) * 1:59055 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Alpha outbound connection attempt (malware-other.rules) * 1:59054 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Alpha inbound connection attempt (malware-other.rules) * 1:59053 <-> DISABLED <-> POLICY-OTHER Microsoft Windows S4U2self request for administrator account attempt (policy-other.rules) * 1:59039 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.AK74 inbound connection attempt (malware-other.rules) * 1:59047 <-> DISABLED <-> BROWSER-OTHER Slack command injection attempt (browser-other.rules) * 1:59050 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Andela download attempt (malware-other.rules) * 1:59043 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.AK74 inbound connection attempt (malware-other.rules) * 1:59035 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.AK74 inbound connection attempt (malware-other.rules) * 1:59048 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Generic outbound connection attempt (malware-other.rules) * 1:59057 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Generic upload attempt (malware-other.rules) * 1:59044 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.AK74 download attempt (malware-other.rules) * 1:59052 <-> DISABLED <-> OS-WINDOWS Microsoft Windows AD DS potential elevation of privilege attempt (os-windows.rules) * 3:59061 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1459 attack attempt (policy-other.rules) * 3:59059 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2022-1457 attack attempt (server-other.rules) * 3:59060 <-> ENABLED <-> POLICY-OTHER Cisco RV Series Routers driver upload detected (policy-other.rules) * 3:59058 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2022-1458 attack attempt (server-other.rules)
* 1:58638 <-> DISABLED <-> SERVER-OTHER Microsoft Exchange Server remote code execution attempt (server-other.rules) * 1:58637 <-> DISABLED <-> SERVER-OTHER Microsoft Exchange Server remote code execution attempt (server-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091600.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:59055 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Alpha outbound connection attempt (malware-other.rules) * 1:59037 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.AK74 inbound connection attempt (malware-other.rules) * 1:59038 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.AK74 inbound connection attempt (malware-other.rules) * 1:59044 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.AK74 download attempt (malware-other.rules) * 1:59050 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Andela download attempt (malware-other.rules) * 1:59043 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.AK74 inbound connection attempt (malware-other.rules) * 1:59052 <-> DISABLED <-> OS-WINDOWS Microsoft Windows AD DS potential elevation of privilege attempt (os-windows.rules) * 1:59032 <-> DISABLED <-> SERVER-WEBAPP Apache ActiveMQ Web Console cross site scripting attempt (server-webapp.rules) * 1:59047 <-> DISABLED <-> BROWSER-OTHER Slack command injection attempt (browser-other.rules) * 1:59054 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Alpha inbound connection attempt (malware-other.rules) * 1:59041 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.AK74 inbound connection attempt (malware-other.rules) * 1:59046 <-> DISABLED <-> BROWSER-OTHER Slack command injection attempt (browser-other.rules) * 1:59035 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.AK74 inbound connection attempt (malware-other.rules) * 1:59051 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Andela upload attempt (malware-other.rules) * 1:59040 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.AK74 inbound connection attempt (malware-other.rules) * 1:59057 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Generic upload attempt (malware-other.rules) * 1:59039 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.AK74 inbound connection attempt (malware-other.rules) * 1:59049 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Andela inbound connection attempt (malware-other.rules) * 1:59045 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.AK74 upload attempt (malware-other.rules) * 1:59056 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Generic download attempt (malware-other.rules) * 1:59053 <-> DISABLED <-> POLICY-OTHER Microsoft Windows S4U2self request for administrator account attempt (policy-other.rules) * 1:59034 <-> DISABLED <-> SERVER-WEBAPP HiSilicon Video Encoders unauthenticated command injection attempt (server-webapp.rules) * 1:59042 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.AK74 inbound connection attempt (malware-other.rules) * 1:59033 <-> DISABLED <-> SERVER-WEBAPP Apache ActiveMQ Web Console cross site scripting attempt (server-webapp.rules) * 1:59048 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Generic outbound connection attempt (malware-other.rules) * 1:59036 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.AK74 outbound connection attempt (malware-other.rules) * 3:59058 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2022-1458 attack attempt (server-other.rules) * 3:59061 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1459 attack attempt (policy-other.rules) * 3:59059 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2022-1457 attack attempt (server-other.rules) * 3:59060 <-> ENABLED <-> POLICY-OTHER Cisco RV Series Routers driver upload detected (policy-other.rules)
* 1:58637 <-> DISABLED <-> SERVER-OTHER Microsoft Exchange Server remote code execution attempt (server-other.rules) * 1:58638 <-> DISABLED <-> SERVER-OTHER Microsoft Exchange Server remote code execution attempt (server-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091501.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:59055 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Alpha outbound connection attempt (malware-other.rules) * 1:59035 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.AK74 inbound connection attempt (malware-other.rules) * 1:59037 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.AK74 inbound connection attempt (malware-other.rules) * 1:59057 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Generic upload attempt (malware-other.rules) * 1:59034 <-> DISABLED <-> SERVER-WEBAPP HiSilicon Video Encoders unauthenticated command injection attempt (server-webapp.rules) * 1:59056 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Generic download attempt (malware-other.rules) * 1:59038 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.AK74 inbound connection attempt (malware-other.rules) * 1:59039 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.AK74 inbound connection attempt (malware-other.rules) * 1:59033 <-> DISABLED <-> SERVER-WEBAPP Apache ActiveMQ Web Console cross site scripting attempt (server-webapp.rules) * 1:59054 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Alpha inbound connection attempt (malware-other.rules) * 1:59036 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.AK74 outbound connection attempt (malware-other.rules) * 1:59041 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.AK74 inbound connection attempt (malware-other.rules) * 1:59032 <-> DISABLED <-> SERVER-WEBAPP Apache ActiveMQ Web Console cross site scripting attempt (server-webapp.rules) * 1:59040 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.AK74 inbound connection attempt (malware-other.rules) * 1:59053 <-> DISABLED <-> POLICY-OTHER Microsoft Windows S4U2self request for administrator account attempt (policy-other.rules) * 1:59042 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.AK74 inbound connection attempt (malware-other.rules) * 1:59046 <-> DISABLED <-> BROWSER-OTHER Slack command injection attempt (browser-other.rules) * 1:59043 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.AK74 inbound connection attempt (malware-other.rules) * 1:59044 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.AK74 download attempt (malware-other.rules) * 1:59050 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Andela download attempt (malware-other.rules) * 1:59047 <-> DISABLED <-> BROWSER-OTHER Slack command injection attempt (browser-other.rules) * 1:59048 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Generic outbound connection attempt (malware-other.rules) * 1:59045 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.AK74 upload attempt (malware-other.rules) * 1:59051 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Andela upload attempt (malware-other.rules) * 1:59052 <-> DISABLED <-> OS-WINDOWS Microsoft Windows AD DS potential elevation of privilege attempt (os-windows.rules) * 1:59049 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Andela inbound connection attempt (malware-other.rules) * 3:59059 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2022-1457 attack attempt (server-other.rules) * 3:59060 <-> ENABLED <-> POLICY-OTHER Cisco RV Series Routers driver upload detected (policy-other.rules) * 3:59061 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1459 attack attempt (policy-other.rules) * 3:59058 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2022-1458 attack attempt (server-other.rules)
* 1:58637 <-> DISABLED <-> SERVER-OTHER Microsoft Exchange Server remote code execution attempt (server-other.rules) * 1:58638 <-> DISABLED <-> SERVER-OTHER Microsoft Exchange Server remote code execution attempt (server-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091401.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:59039 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.AK74 inbound connection attempt (malware-other.rules) * 1:59048 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Generic outbound connection attempt (malware-other.rules) * 1:59043 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.AK74 inbound connection attempt (malware-other.rules) * 1:59053 <-> DISABLED <-> POLICY-OTHER Microsoft Windows S4U2self request for administrator account attempt (policy-other.rules) * 1:59052 <-> DISABLED <-> OS-WINDOWS Microsoft Windows AD DS potential elevation of privilege attempt (os-windows.rules) * 1:59040 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.AK74 inbound connection attempt (malware-other.rules) * 1:59042 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.AK74 inbound connection attempt (malware-other.rules) * 1:59055 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Alpha outbound connection attempt (malware-other.rules) * 1:59044 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.AK74 download attempt (malware-other.rules) * 1:59056 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Generic download attempt (malware-other.rules) * 1:59050 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Andela download attempt (malware-other.rules) * 1:59045 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.AK74 upload attempt (malware-other.rules) * 1:59046 <-> DISABLED <-> BROWSER-OTHER Slack command injection attempt (browser-other.rules) * 1:59038 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.AK74 inbound connection attempt (malware-other.rules) * 1:59057 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Generic upload attempt (malware-other.rules) * 1:59041 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.AK74 inbound connection attempt (malware-other.rules) * 1:59035 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.AK74 inbound connection attempt (malware-other.rules) * 1:59054 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Alpha inbound connection attempt (malware-other.rules) * 1:59036 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.AK74 outbound connection attempt (malware-other.rules) * 1:59032 <-> DISABLED <-> SERVER-WEBAPP Apache ActiveMQ Web Console cross site scripting attempt (server-webapp.rules) * 1:59033 <-> DISABLED <-> SERVER-WEBAPP Apache ActiveMQ Web Console cross site scripting attempt (server-webapp.rules) * 1:59034 <-> DISABLED <-> SERVER-WEBAPP HiSilicon Video Encoders unauthenticated command injection attempt (server-webapp.rules) * 1:59049 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Andela inbound connection attempt (malware-other.rules) * 1:59047 <-> DISABLED <-> BROWSER-OTHER Slack command injection attempt (browser-other.rules) * 1:59037 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.AK74 inbound connection attempt (malware-other.rules) * 1:59051 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Andela upload attempt (malware-other.rules) * 3:59059 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2022-1457 attack attempt (server-other.rules) * 3:59060 <-> ENABLED <-> POLICY-OTHER Cisco RV Series Routers driver upload detected (policy-other.rules) * 3:59058 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2022-1458 attack attempt (server-other.rules) * 3:59061 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1459 attack attempt (policy-other.rules)
* 1:58638 <-> DISABLED <-> SERVER-OTHER Microsoft Exchange Server remote code execution attempt (server-other.rules) * 1:58637 <-> DISABLED <-> SERVER-OTHER Microsoft Exchange Server remote code execution attempt (server-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091300.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:59041 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.AK74 inbound connection attempt (malware-other.rules) * 1:59046 <-> DISABLED <-> BROWSER-OTHER Slack command injection attempt (browser-other.rules) * 1:59047 <-> DISABLED <-> BROWSER-OTHER Slack command injection attempt (browser-other.rules) * 1:59054 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Alpha inbound connection attempt (malware-other.rules) * 1:59053 <-> DISABLED <-> POLICY-OTHER Microsoft Windows S4U2self request for administrator account attempt (policy-other.rules) * 1:59055 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Alpha outbound connection attempt (malware-other.rules) * 1:59035 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.AK74 inbound connection attempt (malware-other.rules) * 1:59036 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.AK74 outbound connection attempt (malware-other.rules) * 1:59057 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Generic upload attempt (malware-other.rules) * 1:59038 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.AK74 inbound connection attempt (malware-other.rules) * 1:59044 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.AK74 download attempt (malware-other.rules) * 1:59056 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Generic download attempt (malware-other.rules) * 1:59033 <-> DISABLED <-> SERVER-WEBAPP Apache ActiveMQ Web Console cross site scripting attempt (server-webapp.rules) * 1:59043 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.AK74 inbound connection attempt (malware-other.rules) * 1:59032 <-> DISABLED <-> SERVER-WEBAPP Apache ActiveMQ Web Console cross site scripting attempt (server-webapp.rules) * 1:59040 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.AK74 inbound connection attempt (malware-other.rules) * 1:59042 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.AK74 inbound connection attempt (malware-other.rules) * 1:59051 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Andela upload attempt (malware-other.rules) * 1:59049 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Andela inbound connection attempt (malware-other.rules) * 1:59034 <-> DISABLED <-> SERVER-WEBAPP HiSilicon Video Encoders unauthenticated command injection attempt (server-webapp.rules) * 1:59039 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.AK74 inbound connection attempt (malware-other.rules) * 1:59050 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Andela download attempt (malware-other.rules) * 1:59052 <-> DISABLED <-> OS-WINDOWS Microsoft Windows AD DS potential elevation of privilege attempt (os-windows.rules) * 1:59037 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.AK74 inbound connection attempt (malware-other.rules) * 1:59045 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.AK74 upload attempt (malware-other.rules) * 1:59048 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Generic outbound connection attempt (malware-other.rules) * 3:59059 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2022-1457 attack attempt (server-other.rules) * 3:59061 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1459 attack attempt (policy-other.rules) * 3:59060 <-> ENABLED <-> POLICY-OTHER Cisco RV Series Routers driver upload detected (policy-other.rules) * 3:59058 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2022-1458 attack attempt (server-other.rules)
* 1:58638 <-> DISABLED <-> SERVER-OTHER Microsoft Exchange Server remote code execution attempt (server-other.rules) * 1:58637 <-> DISABLED <-> SERVER-OTHER Microsoft Exchange Server remote code execution attempt (server-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091101.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:59053 <-> DISABLED <-> POLICY-OTHER Microsoft Windows S4U2self request for administrator account attempt (policy-other.rules) * 1:59039 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.AK74 inbound connection attempt (malware-other.rules) * 1:59049 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Andela inbound connection attempt (malware-other.rules) * 1:59033 <-> DISABLED <-> SERVER-WEBAPP Apache ActiveMQ Web Console cross site scripting attempt (server-webapp.rules) * 1:59034 <-> DISABLED <-> SERVER-WEBAPP HiSilicon Video Encoders unauthenticated command injection attempt (server-webapp.rules) * 1:59051 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Andela upload attempt (malware-other.rules) * 1:59035 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.AK74 inbound connection attempt (malware-other.rules) * 1:59050 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Andela download attempt (malware-other.rules) * 1:59057 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Generic upload attempt (malware-other.rules) * 1:59043 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.AK74 inbound connection attempt (malware-other.rules) * 1:59052 <-> DISABLED <-> OS-WINDOWS Microsoft Windows AD DS potential elevation of privilege attempt (os-windows.rules) * 1:59046 <-> DISABLED <-> BROWSER-OTHER Slack command injection attempt (browser-other.rules) * 1:59047 <-> DISABLED <-> BROWSER-OTHER Slack command injection attempt (browser-other.rules) * 1:59045 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.AK74 upload attempt (malware-other.rules) * 1:59055 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Alpha outbound connection attempt (malware-other.rules) * 1:59036 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.AK74 outbound connection attempt (malware-other.rules) * 1:59041 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.AK74 inbound connection attempt (malware-other.rules) * 1:59037 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.AK74 inbound connection attempt (malware-other.rules) * 1:59042 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.AK74 inbound connection attempt (malware-other.rules) * 1:59038 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.AK74 inbound connection attempt (malware-other.rules) * 1:59040 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.AK74 inbound connection attempt (malware-other.rules) * 1:59048 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Generic outbound connection attempt (malware-other.rules) * 1:59032 <-> DISABLED <-> SERVER-WEBAPP Apache ActiveMQ Web Console cross site scripting attempt (server-webapp.rules) * 1:59056 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Generic download attempt (malware-other.rules) * 1:59044 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.AK74 download attempt (malware-other.rules) * 1:59054 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Alpha inbound connection attempt (malware-other.rules) * 3:59059 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2022-1457 attack attempt (server-other.rules) * 3:59060 <-> ENABLED <-> POLICY-OTHER Cisco RV Series Routers driver upload detected (policy-other.rules) * 3:59058 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2022-1458 attack attempt (server-other.rules) * 3:59061 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1459 attack attempt (policy-other.rules)
* 1:58638 <-> DISABLED <-> SERVER-OTHER Microsoft Exchange Server remote code execution attempt (server-other.rules) * 1:58637 <-> DISABLED <-> SERVER-OTHER Microsoft Exchange Server remote code execution attempt (server-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3000.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:59049 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Andela inbound connection attempt (snort3-malware-other.rules) * 1:59037 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.AK74 inbound connection attempt (snort3-malware-other.rules) * 1:59032 <-> DISABLED <-> SERVER-WEBAPP Apache ActiveMQ Web Console cross site scripting attempt (snort3-server-webapp.rules) * 1:59034 <-> DISABLED <-> SERVER-WEBAPP HiSilicon Video Encoders unauthenticated command injection attempt (snort3-server-webapp.rules) * 1:59036 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.AK74 outbound connection attempt (snort3-malware-other.rules) * 1:59048 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Generic outbound connection attempt (snort3-malware-other.rules) * 1:59044 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.AK74 download attempt (snort3-malware-other.rules) * 1:59038 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.AK74 inbound connection attempt (snort3-malware-other.rules) * 1:59047 <-> DISABLED <-> BROWSER-OTHER Slack command injection attempt (snort3-browser-other.rules) * 1:59046 <-> DISABLED <-> BROWSER-OTHER Slack command injection attempt (snort3-browser-other.rules) * 1:59039 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.AK74 inbound connection attempt (snort3-malware-other.rules) * 1:59051 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Andela upload attempt (snort3-malware-other.rules) * 1:59041 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.AK74 inbound connection attempt (snort3-malware-other.rules) * 1:59054 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Alpha inbound connection attempt (snort3-malware-other.rules) * 1:59033 <-> DISABLED <-> SERVER-WEBAPP Apache ActiveMQ Web Console cross site scripting attempt (snort3-server-webapp.rules) * 1:59055 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Alpha outbound connection attempt (snort3-malware-other.rules) * 1:59042 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.AK74 inbound connection attempt (snort3-malware-other.rules) * 1:59056 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Generic download attempt (snort3-malware-other.rules) * 1:59043 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.AK74 inbound connection attempt (snort3-malware-other.rules) * 1:59052 <-> DISABLED <-> OS-WINDOWS Microsoft Windows AD DS potential elevation of privilege attempt (snort3-os-windows.rules) * 1:59053 <-> DISABLED <-> POLICY-OTHER Microsoft Windows S4U2self request for administrator account attempt (snort3-policy-other.rules) * 1:59045 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.AK74 upload attempt (snort3-malware-other.rules) * 1:59050 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Andela download attempt (snort3-malware-other.rules) * 1:59035 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.AK74 inbound connection attempt (snort3-malware-other.rules) * 1:59040 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.AK74 inbound connection attempt (snort3-malware-other.rules) * 1:59057 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Generic upload attempt (snort3-malware-other.rules)
* 1:58637 <-> DISABLED <-> SERVER-OTHER Microsoft Exchange Server remote code execution attempt (snort3-server-other.rules) * 1:58638 <-> DISABLED <-> SERVER-OTHER Microsoft Exchange Server remote code execution attempt (snort3-server-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:59057 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Generic upload attempt (malware-other.rules) * 1:59047 <-> DISABLED <-> BROWSER-OTHER Slack command injection attempt (browser-other.rules) * 1:59036 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.AK74 outbound connection attempt (malware-other.rules) * 1:59055 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Alpha outbound connection attempt (malware-other.rules) * 1:59056 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Generic download attempt (malware-other.rules) * 1:59051 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Andela upload attempt (malware-other.rules) * 1:59041 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.AK74 inbound connection attempt (malware-other.rules) * 1:59037 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.AK74 inbound connection attempt (malware-other.rules) * 1:59049 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Andela inbound connection attempt (malware-other.rules) * 1:59052 <-> DISABLED <-> OS-WINDOWS Microsoft Windows AD DS potential elevation of privilege attempt (os-windows.rules) * 1:59039 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.AK74 inbound connection attempt (malware-other.rules) * 1:59034 <-> DISABLED <-> SERVER-WEBAPP HiSilicon Video Encoders unauthenticated command injection attempt (server-webapp.rules) * 1:59040 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.AK74 inbound connection attempt (malware-other.rules) * 1:59042 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.AK74 inbound connection attempt (malware-other.rules) * 1:59044 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.AK74 download attempt (malware-other.rules) * 1:59038 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.AK74 inbound connection attempt (malware-other.rules) * 1:59045 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.AK74 upload attempt (malware-other.rules) * 1:59033 <-> DISABLED <-> SERVER-WEBAPP Apache ActiveMQ Web Console cross site scripting attempt (server-webapp.rules) * 1:59032 <-> DISABLED <-> SERVER-WEBAPP Apache ActiveMQ Web Console cross site scripting attempt (server-webapp.rules) * 1:59050 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Andela download attempt (malware-other.rules) * 1:59054 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Alpha inbound connection attempt (malware-other.rules) * 1:59046 <-> DISABLED <-> BROWSER-OTHER Slack command injection attempt (browser-other.rules) * 1:59053 <-> DISABLED <-> POLICY-OTHER Microsoft Windows S4U2self request for administrator account attempt (policy-other.rules) * 1:59035 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.AK74 inbound connection attempt (malware-other.rules) * 1:59043 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.AK74 inbound connection attempt (malware-other.rules) * 1:59048 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Generic outbound connection attempt (malware-other.rules)
* 1:58638 <-> DISABLED <-> SERVER-OTHER Microsoft Exchange Server remote code execution attempt (server-other.rules) * 1:58637 <-> DISABLED <-> SERVER-OTHER Microsoft Exchange Server remote code execution attempt (server-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.0.3.1.
The format of the file is:
gid:sid <-> Message
* 1:59032 <-> SERVER-WEBAPP Apache ActiveMQ Web Console cross site scripting attempt * 1:59033 <-> SERVER-WEBAPP Apache ActiveMQ Web Console cross site scripting attempt * 1:59034 <-> SERVER-WEBAPP HiSilicon Video Encoders unauthenticated command injection attempt * 1:59035 <-> MALWARE-OTHER Php.Webshell.AK74 inbound connection attempt * 1:59036 <-> MALWARE-OTHER Php.Webshell.AK74 outbound connection attempt * 1:59037 <-> MALWARE-OTHER Php.Webshell.AK74 inbound connection attempt * 1:59038 <-> MALWARE-OTHER Php.Webshell.AK74 inbound connection attempt * 1:59039 <-> MALWARE-OTHER Php.Webshell.AK74 inbound connection attempt * 1:59040 <-> MALWARE-OTHER Php.Webshell.AK74 inbound connection attempt * 1:59041 <-> MALWARE-OTHER Php.Webshell.AK74 inbound connection attempt * 1:59042 <-> MALWARE-OTHER Php.Webshell.AK74 inbound connection attempt * 1:59043 <-> MALWARE-OTHER Php.Webshell.AK74 inbound connection attempt * 1:59044 <-> MALWARE-OTHER Php.Webshell.AK74 download attempt * 1:59045 <-> MALWARE-OTHER Php.Webshell.AK74 upload attempt * 1:59046 <-> BROWSER-OTHER Slack command injection attempt * 1:59047 <-> BROWSER-OTHER Slack command injection attempt * 1:59048 <-> MALWARE-OTHER Php.Webshell.Generic outbound connection attempt * 1:59049 <-> MALWARE-OTHER Php.Webshell.Andela inbound connection attempt * 1:59050 <-> MALWARE-OTHER Php.Webshell.Andela download attempt * 1:59051 <-> MALWARE-OTHER Php.Webshell.Andela upload attempt * 1:59052 <-> OS-WINDOWS Microsoft Windows AD DS potential elevation of privilege attempt * 1:59053 <-> POLICY-OTHER Microsoft Windows S4U2self request for administrator account attempt * 1:59054 <-> MALWARE-OTHER Php.Webshell.Alpha inbound connection attempt * 1:59055 <-> MALWARE-OTHER Php.Webshell.Alpha outbound connection attempt * 1:59056 <-> MALWARE-OTHER Php.Webshell.Generic download attempt * 1:59057 <-> MALWARE-OTHER Php.Webshell.Generic upload attempt * 3:59058 <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2022-1458 attack attempt * 3:59059 <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2022-1457 attack attempt * 3:59060 <-> POLICY-OTHER Cisco RV Series Routers driver upload detected * 3:59061 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1459 attack attempt
* 1:58637 <-> SERVER-OTHER Microsoft Exchange Server remote code execution attempt * 1:58638 <-> SERVER-OTHER Microsoft Exchange Server remote code execution attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.0.3.4.
The format of the file is:
gid:sid <-> Message
* 1:59032 <-> SERVER-WEBAPP Apache ActiveMQ Web Console cross site scripting attempt * 1:59033 <-> SERVER-WEBAPP Apache ActiveMQ Web Console cross site scripting attempt * 1:59034 <-> SERVER-WEBAPP HiSilicon Video Encoders unauthenticated command injection attempt * 1:59035 <-> MALWARE-OTHER Php.Webshell.AK74 inbound connection attempt * 1:59036 <-> MALWARE-OTHER Php.Webshell.AK74 outbound connection attempt * 1:59037 <-> MALWARE-OTHER Php.Webshell.AK74 inbound connection attempt * 1:59038 <-> MALWARE-OTHER Php.Webshell.AK74 inbound connection attempt * 1:59039 <-> MALWARE-OTHER Php.Webshell.AK74 inbound connection attempt * 1:59040 <-> MALWARE-OTHER Php.Webshell.AK74 inbound connection attempt * 1:59041 <-> MALWARE-OTHER Php.Webshell.AK74 inbound connection attempt * 1:59042 <-> MALWARE-OTHER Php.Webshell.AK74 inbound connection attempt * 1:59043 <-> MALWARE-OTHER Php.Webshell.AK74 inbound connection attempt * 1:59044 <-> MALWARE-OTHER Php.Webshell.AK74 download attempt * 1:59045 <-> MALWARE-OTHER Php.Webshell.AK74 upload attempt * 1:59046 <-> BROWSER-OTHER Slack command injection attempt * 1:59047 <-> BROWSER-OTHER Slack command injection attempt * 1:59048 <-> MALWARE-OTHER Php.Webshell.Generic outbound connection attempt * 1:59049 <-> MALWARE-OTHER Php.Webshell.Andela inbound connection attempt * 1:59050 <-> MALWARE-OTHER Php.Webshell.Andela download attempt * 1:59051 <-> MALWARE-OTHER Php.Webshell.Andela upload attempt * 1:59052 <-> OS-WINDOWS Microsoft Windows AD DS potential elevation of privilege attempt * 1:59053 <-> POLICY-OTHER Microsoft Windows S4U2self request for administrator account attempt * 1:59054 <-> MALWARE-OTHER Php.Webshell.Alpha inbound connection attempt * 1:59055 <-> MALWARE-OTHER Php.Webshell.Alpha outbound connection attempt * 1:59056 <-> MALWARE-OTHER Php.Webshell.Generic download attempt * 1:59057 <-> MALWARE-OTHER Php.Webshell.Generic upload attempt * 3:59058 <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2022-1458 attack attempt * 3:59059 <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2022-1457 attack attempt * 3:59060 <-> POLICY-OTHER Cisco RV Series Routers driver upload detected * 3:59061 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1459 attack attempt
* 1:58637 <-> SERVER-OTHER Microsoft Exchange Server remote code execution attempt * 1:58638 <-> SERVER-OTHER Microsoft Exchange Server remote code execution attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.0.0.
The format of the file is:
gid:sid <-> Message
* 1:59032 <-> SERVER-WEBAPP Apache ActiveMQ Web Console cross site scripting attempt * 1:59033 <-> SERVER-WEBAPP Apache ActiveMQ Web Console cross site scripting attempt * 1:59034 <-> SERVER-WEBAPP HiSilicon Video Encoders unauthenticated command injection attempt * 1:59035 <-> MALWARE-OTHER Php.Webshell.AK74 inbound connection attempt * 1:59036 <-> MALWARE-OTHER Php.Webshell.AK74 outbound connection attempt * 1:59037 <-> MALWARE-OTHER Php.Webshell.AK74 inbound connection attempt * 1:59038 <-> MALWARE-OTHER Php.Webshell.AK74 inbound connection attempt * 1:59039 <-> MALWARE-OTHER Php.Webshell.AK74 inbound connection attempt * 1:59040 <-> MALWARE-OTHER Php.Webshell.AK74 inbound connection attempt * 1:59041 <-> MALWARE-OTHER Php.Webshell.AK74 inbound connection attempt * 1:59042 <-> MALWARE-OTHER Php.Webshell.AK74 inbound connection attempt * 1:59043 <-> MALWARE-OTHER Php.Webshell.AK74 inbound connection attempt * 1:59044 <-> MALWARE-OTHER Php.Webshell.AK74 download attempt * 1:59045 <-> MALWARE-OTHER Php.Webshell.AK74 upload attempt * 1:59046 <-> BROWSER-OTHER Slack command injection attempt * 1:59047 <-> BROWSER-OTHER Slack command injection attempt * 1:59048 <-> MALWARE-OTHER Php.Webshell.Generic outbound connection attempt * 1:59049 <-> MALWARE-OTHER Php.Webshell.Andela inbound connection attempt * 1:59050 <-> MALWARE-OTHER Php.Webshell.Andela download attempt * 1:59051 <-> MALWARE-OTHER Php.Webshell.Andela upload attempt * 1:59052 <-> OS-WINDOWS Microsoft Windows AD DS potential elevation of privilege attempt * 1:59053 <-> POLICY-OTHER Microsoft Windows S4U2self request for administrator account attempt * 1:59054 <-> MALWARE-OTHER Php.Webshell.Alpha inbound connection attempt * 1:59055 <-> MALWARE-OTHER Php.Webshell.Alpha outbound connection attempt * 1:59056 <-> MALWARE-OTHER Php.Webshell.Generic download attempt * 1:59057 <-> MALWARE-OTHER Php.Webshell.Generic upload attempt * 3:59058 <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2022-1458 attack attempt * 3:59059 <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2022-1457 attack attempt * 3:59060 <-> POLICY-OTHER Cisco RV Series Routers driver upload detected * 3:59061 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1459 attack attempt
* 1:58637 <-> SERVER-OTHER Microsoft Exchange Server remote code execution attempt * 1:58638 <-> SERVER-OTHER Microsoft Exchange Server remote code execution attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.0.1.
The format of the file is:
gid:sid <-> Message
* 1:59032 <-> SERVER-WEBAPP Apache ActiveMQ Web Console cross site scripting attempt * 1:59033 <-> SERVER-WEBAPP Apache ActiveMQ Web Console cross site scripting attempt * 1:59034 <-> SERVER-WEBAPP HiSilicon Video Encoders unauthenticated command injection attempt * 1:59035 <-> MALWARE-OTHER Php.Webshell.AK74 inbound connection attempt * 1:59036 <-> MALWARE-OTHER Php.Webshell.AK74 outbound connection attempt * 1:59037 <-> MALWARE-OTHER Php.Webshell.AK74 inbound connection attempt * 1:59038 <-> MALWARE-OTHER Php.Webshell.AK74 inbound connection attempt * 1:59039 <-> MALWARE-OTHER Php.Webshell.AK74 inbound connection attempt * 1:59040 <-> MALWARE-OTHER Php.Webshell.AK74 inbound connection attempt * 1:59041 <-> MALWARE-OTHER Php.Webshell.AK74 inbound connection attempt * 1:59042 <-> MALWARE-OTHER Php.Webshell.AK74 inbound connection attempt * 1:59043 <-> MALWARE-OTHER Php.Webshell.AK74 inbound connection attempt * 1:59044 <-> MALWARE-OTHER Php.Webshell.AK74 download attempt * 1:59045 <-> MALWARE-OTHER Php.Webshell.AK74 upload attempt * 1:59046 <-> BROWSER-OTHER Slack command injection attempt * 1:59047 <-> BROWSER-OTHER Slack command injection attempt * 1:59048 <-> MALWARE-OTHER Php.Webshell.Generic outbound connection attempt * 1:59049 <-> MALWARE-OTHER Php.Webshell.Andela inbound connection attempt * 1:59050 <-> MALWARE-OTHER Php.Webshell.Andela download attempt * 1:59051 <-> MALWARE-OTHER Php.Webshell.Andela upload attempt * 1:59052 <-> OS-WINDOWS Microsoft Windows AD DS potential elevation of privilege attempt * 1:59053 <-> POLICY-OTHER Microsoft Windows S4U2self request for administrator account attempt * 1:59054 <-> MALWARE-OTHER Php.Webshell.Alpha inbound connection attempt * 1:59055 <-> MALWARE-OTHER Php.Webshell.Alpha outbound connection attempt * 1:59056 <-> MALWARE-OTHER Php.Webshell.Generic download attempt * 1:59057 <-> MALWARE-OTHER Php.Webshell.Generic upload attempt * 3:59058 <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2022-1458 attack attempt * 3:59059 <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2022-1457 attack attempt * 3:59060 <-> POLICY-OTHER Cisco RV Series Routers driver upload detected * 3:59061 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1459 attack attempt
* 1:58637 <-> SERVER-OTHER Microsoft Exchange Server remote code execution attempt * 1:58638 <-> SERVER-OTHER Microsoft Exchange Server remote code execution attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.1.0.
The format of the file is:
gid:sid <-> Message
* 1:59032 <-> SERVER-WEBAPP Apache ActiveMQ Web Console cross site scripting attempt * 1:59033 <-> SERVER-WEBAPP Apache ActiveMQ Web Console cross site scripting attempt * 1:59034 <-> SERVER-WEBAPP HiSilicon Video Encoders unauthenticated command injection attempt * 1:59035 <-> MALWARE-OTHER Php.Webshell.AK74 inbound connection attempt * 1:59036 <-> MALWARE-OTHER Php.Webshell.AK74 outbound connection attempt * 1:59037 <-> MALWARE-OTHER Php.Webshell.AK74 inbound connection attempt * 1:59038 <-> MALWARE-OTHER Php.Webshell.AK74 inbound connection attempt * 1:59039 <-> MALWARE-OTHER Php.Webshell.AK74 inbound connection attempt * 1:59040 <-> MALWARE-OTHER Php.Webshell.AK74 inbound connection attempt * 1:59041 <-> MALWARE-OTHER Php.Webshell.AK74 inbound connection attempt * 1:59042 <-> MALWARE-OTHER Php.Webshell.AK74 inbound connection attempt * 1:59043 <-> MALWARE-OTHER Php.Webshell.AK74 inbound connection attempt * 1:59044 <-> MALWARE-OTHER Php.Webshell.AK74 download attempt * 1:59045 <-> MALWARE-OTHER Php.Webshell.AK74 upload attempt * 1:59046 <-> BROWSER-OTHER Slack command injection attempt * 1:59047 <-> BROWSER-OTHER Slack command injection attempt * 1:59048 <-> MALWARE-OTHER Php.Webshell.Generic outbound connection attempt * 1:59049 <-> MALWARE-OTHER Php.Webshell.Andela inbound connection attempt * 1:59050 <-> MALWARE-OTHER Php.Webshell.Andela download attempt * 1:59051 <-> MALWARE-OTHER Php.Webshell.Andela upload attempt * 1:59052 <-> OS-WINDOWS Microsoft Windows AD DS potential elevation of privilege attempt * 1:59053 <-> POLICY-OTHER Microsoft Windows S4U2self request for administrator account attempt * 1:59054 <-> MALWARE-OTHER Php.Webshell.Alpha inbound connection attempt * 1:59055 <-> MALWARE-OTHER Php.Webshell.Alpha outbound connection attempt * 1:59056 <-> MALWARE-OTHER Php.Webshell.Generic download attempt * 1:59057 <-> MALWARE-OTHER Php.Webshell.Generic upload attempt * 3:59058 <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2022-1458 attack attempt * 3:59059 <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2022-1457 attack attempt * 3:59060 <-> POLICY-OTHER Cisco RV Series Routers driver upload detected * 3:59061 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1459 attack attempt
* 1:58637 <-> SERVER-OTHER Microsoft Exchange Server remote code execution attempt * 1:58638 <-> SERVER-OTHER Microsoft Exchange Server remote code execution attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.3.0.
The format of the file is:
gid:sid <-> Message
* 1:59032 <-> SERVER-WEBAPP Apache ActiveMQ Web Console cross site scripting attempt * 1:59033 <-> SERVER-WEBAPP Apache ActiveMQ Web Console cross site scripting attempt * 1:59034 <-> SERVER-WEBAPP HiSilicon Video Encoders unauthenticated command injection attempt * 1:59035 <-> MALWARE-OTHER Php.Webshell.AK74 inbound connection attempt * 1:59036 <-> MALWARE-OTHER Php.Webshell.AK74 outbound connection attempt * 1:59037 <-> MALWARE-OTHER Php.Webshell.AK74 inbound connection attempt * 1:59038 <-> MALWARE-OTHER Php.Webshell.AK74 inbound connection attempt * 1:59039 <-> MALWARE-OTHER Php.Webshell.AK74 inbound connection attempt * 1:59040 <-> MALWARE-OTHER Php.Webshell.AK74 inbound connection attempt * 1:59041 <-> MALWARE-OTHER Php.Webshell.AK74 inbound connection attempt * 1:59042 <-> MALWARE-OTHER Php.Webshell.AK74 inbound connection attempt * 1:59043 <-> MALWARE-OTHER Php.Webshell.AK74 inbound connection attempt * 1:59044 <-> MALWARE-OTHER Php.Webshell.AK74 download attempt * 1:59045 <-> MALWARE-OTHER Php.Webshell.AK74 upload attempt * 1:59046 <-> BROWSER-OTHER Slack command injection attempt * 1:59047 <-> BROWSER-OTHER Slack command injection attempt * 1:59048 <-> MALWARE-OTHER Php.Webshell.Generic outbound connection attempt * 1:59049 <-> MALWARE-OTHER Php.Webshell.Andela inbound connection attempt * 1:59050 <-> MALWARE-OTHER Php.Webshell.Andela download attempt * 1:59051 <-> MALWARE-OTHER Php.Webshell.Andela upload attempt * 1:59052 <-> OS-WINDOWS Microsoft Windows AD DS potential elevation of privilege attempt * 1:59053 <-> POLICY-OTHER Microsoft Windows S4U2self request for administrator account attempt * 1:59054 <-> MALWARE-OTHER Php.Webshell.Alpha inbound connection attempt * 1:59055 <-> MALWARE-OTHER Php.Webshell.Alpha outbound connection attempt * 1:59056 <-> MALWARE-OTHER Php.Webshell.Generic download attempt * 1:59057 <-> MALWARE-OTHER Php.Webshell.Generic upload attempt * 3:59058 <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2022-1458 attack attempt * 3:59059 <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2022-1457 attack attempt * 3:59060 <-> POLICY-OTHER Cisco RV Series Routers driver upload detected * 3:59061 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1459 attack attempt
* 1:58637 <-> SERVER-OTHER Microsoft Exchange Server remote code execution attempt * 1:58638 <-> SERVER-OTHER Microsoft Exchange Server remote code execution attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.4.0.
The format of the file is:
gid:sid <-> Message
* 1:59032 <-> SERVER-WEBAPP Apache ActiveMQ Web Console cross site scripting attempt * 1:59033 <-> SERVER-WEBAPP Apache ActiveMQ Web Console cross site scripting attempt * 1:59034 <-> SERVER-WEBAPP HiSilicon Video Encoders unauthenticated command injection attempt * 1:59035 <-> MALWARE-OTHER Php.Webshell.AK74 inbound connection attempt * 1:59036 <-> MALWARE-OTHER Php.Webshell.AK74 outbound connection attempt * 1:59037 <-> MALWARE-OTHER Php.Webshell.AK74 inbound connection attempt * 1:59038 <-> MALWARE-OTHER Php.Webshell.AK74 inbound connection attempt * 1:59039 <-> MALWARE-OTHER Php.Webshell.AK74 inbound connection attempt * 1:59040 <-> MALWARE-OTHER Php.Webshell.AK74 inbound connection attempt * 1:59041 <-> MALWARE-OTHER Php.Webshell.AK74 inbound connection attempt * 1:59042 <-> MALWARE-OTHER Php.Webshell.AK74 inbound connection attempt * 1:59043 <-> MALWARE-OTHER Php.Webshell.AK74 inbound connection attempt * 1:59044 <-> MALWARE-OTHER Php.Webshell.AK74 download attempt * 1:59045 <-> MALWARE-OTHER Php.Webshell.AK74 upload attempt * 1:59046 <-> BROWSER-OTHER Slack command injection attempt * 1:59047 <-> BROWSER-OTHER Slack command injection attempt * 1:59048 <-> MALWARE-OTHER Php.Webshell.Generic outbound connection attempt * 1:59049 <-> MALWARE-OTHER Php.Webshell.Andela inbound connection attempt * 1:59050 <-> MALWARE-OTHER Php.Webshell.Andela download attempt * 1:59051 <-> MALWARE-OTHER Php.Webshell.Andela upload attempt * 1:59052 <-> OS-WINDOWS Microsoft Windows AD DS potential elevation of privilege attempt * 1:59053 <-> POLICY-OTHER Microsoft Windows S4U2self request for administrator account attempt * 1:59054 <-> MALWARE-OTHER Php.Webshell.Alpha inbound connection attempt * 1:59055 <-> MALWARE-OTHER Php.Webshell.Alpha outbound connection attempt * 1:59056 <-> MALWARE-OTHER Php.Webshell.Generic download attempt * 1:59057 <-> MALWARE-OTHER Php.Webshell.Generic upload attempt * 3:59058 <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2022-1458 attack attempt * 3:59059 <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2022-1457 attack attempt * 3:59060 <-> POLICY-OTHER Cisco RV Series Routers driver upload detected * 3:59061 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1459 attack attempt
* 1:58637 <-> SERVER-OTHER Microsoft Exchange Server remote code execution attempt * 1:58638 <-> SERVER-OTHER Microsoft Exchange Server remote code execution attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.5.0.
The format of the file is:
gid:sid <-> Message
* 1:59032 <-> SERVER-WEBAPP Apache ActiveMQ Web Console cross site scripting attempt * 1:59033 <-> SERVER-WEBAPP Apache ActiveMQ Web Console cross site scripting attempt * 1:59034 <-> SERVER-WEBAPP HiSilicon Video Encoders unauthenticated command injection attempt * 1:59035 <-> MALWARE-OTHER Php.Webshell.AK74 inbound connection attempt * 1:59036 <-> MALWARE-OTHER Php.Webshell.AK74 outbound connection attempt * 1:59037 <-> MALWARE-OTHER Php.Webshell.AK74 inbound connection attempt * 1:59038 <-> MALWARE-OTHER Php.Webshell.AK74 inbound connection attempt * 1:59039 <-> MALWARE-OTHER Php.Webshell.AK74 inbound connection attempt * 1:59040 <-> MALWARE-OTHER Php.Webshell.AK74 inbound connection attempt * 1:59041 <-> MALWARE-OTHER Php.Webshell.AK74 inbound connection attempt * 1:59042 <-> MALWARE-OTHER Php.Webshell.AK74 inbound connection attempt * 1:59043 <-> MALWARE-OTHER Php.Webshell.AK74 inbound connection attempt * 1:59044 <-> MALWARE-OTHER Php.Webshell.AK74 download attempt * 1:59045 <-> MALWARE-OTHER Php.Webshell.AK74 upload attempt * 1:59046 <-> BROWSER-OTHER Slack command injection attempt * 1:59047 <-> BROWSER-OTHER Slack command injection attempt * 1:59048 <-> MALWARE-OTHER Php.Webshell.Generic outbound connection attempt * 1:59049 <-> MALWARE-OTHER Php.Webshell.Andela inbound connection attempt * 1:59050 <-> MALWARE-OTHER Php.Webshell.Andela download attempt * 1:59051 <-> MALWARE-OTHER Php.Webshell.Andela upload attempt * 1:59052 <-> OS-WINDOWS Microsoft Windows AD DS potential elevation of privilege attempt * 1:59053 <-> POLICY-OTHER Microsoft Windows S4U2self request for administrator account attempt * 1:59054 <-> MALWARE-OTHER Php.Webshell.Alpha inbound connection attempt * 1:59055 <-> MALWARE-OTHER Php.Webshell.Alpha outbound connection attempt * 1:59056 <-> MALWARE-OTHER Php.Webshell.Generic download attempt * 1:59057 <-> MALWARE-OTHER Php.Webshell.Generic upload attempt * 3:59058 <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2022-1458 attack attempt * 3:59059 <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2022-1457 attack attempt * 3:59060 <-> POLICY-OTHER Cisco RV Series Routers driver upload detected * 3:59061 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1459 attack attempt
* 1:58637 <-> SERVER-OTHER Microsoft Exchange Server remote code execution attempt * 1:58638 <-> SERVER-OTHER Microsoft Exchange Server remote code execution attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.7.0.
The format of the file is:
gid:sid <-> Message
* 1:59032 <-> SERVER-WEBAPP Apache ActiveMQ Web Console cross site scripting attempt * 1:59033 <-> SERVER-WEBAPP Apache ActiveMQ Web Console cross site scripting attempt * 1:59034 <-> SERVER-WEBAPP HiSilicon Video Encoders unauthenticated command injection attempt * 1:59035 <-> MALWARE-OTHER Php.Webshell.AK74 inbound connection attempt * 1:59036 <-> MALWARE-OTHER Php.Webshell.AK74 outbound connection attempt * 1:59037 <-> MALWARE-OTHER Php.Webshell.AK74 inbound connection attempt * 1:59038 <-> MALWARE-OTHER Php.Webshell.AK74 inbound connection attempt * 1:59039 <-> MALWARE-OTHER Php.Webshell.AK74 inbound connection attempt * 1:59040 <-> MALWARE-OTHER Php.Webshell.AK74 inbound connection attempt * 1:59041 <-> MALWARE-OTHER Php.Webshell.AK74 inbound connection attempt * 1:59042 <-> MALWARE-OTHER Php.Webshell.AK74 inbound connection attempt * 1:59043 <-> MALWARE-OTHER Php.Webshell.AK74 inbound connection attempt * 1:59044 <-> MALWARE-OTHER Php.Webshell.AK74 download attempt * 1:59045 <-> MALWARE-OTHER Php.Webshell.AK74 upload attempt * 1:59046 <-> BROWSER-OTHER Slack command injection attempt * 1:59047 <-> BROWSER-OTHER Slack command injection attempt * 1:59048 <-> MALWARE-OTHER Php.Webshell.Generic outbound connection attempt * 1:59049 <-> MALWARE-OTHER Php.Webshell.Andela inbound connection attempt * 1:59050 <-> MALWARE-OTHER Php.Webshell.Andela download attempt * 1:59051 <-> MALWARE-OTHER Php.Webshell.Andela upload attempt * 1:59052 <-> OS-WINDOWS Microsoft Windows AD DS potential elevation of privilege attempt * 1:59053 <-> POLICY-OTHER Microsoft Windows S4U2self request for administrator account attempt * 1:59054 <-> MALWARE-OTHER Php.Webshell.Alpha inbound connection attempt * 1:59055 <-> MALWARE-OTHER Php.Webshell.Alpha outbound connection attempt * 1:59056 <-> MALWARE-OTHER Php.Webshell.Generic download attempt * 1:59057 <-> MALWARE-OTHER Php.Webshell.Generic upload attempt * 3:59058 <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2022-1458 attack attempt * 3:59059 <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2022-1457 attack attempt * 3:59060 <-> POLICY-OTHER Cisco RV Series Routers driver upload detected * 3:59061 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1459 attack attempt
* 1:58637 <-> SERVER-OTHER Microsoft Exchange Server remote code execution attempt * 1:58638 <-> SERVER-OTHER Microsoft Exchange Server remote code execution attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.9.0.
The format of the file is:
gid:sid <-> Message
* 1:59032 <-> SERVER-WEBAPP Apache ActiveMQ Web Console cross site scripting attempt * 1:59033 <-> SERVER-WEBAPP Apache ActiveMQ Web Console cross site scripting attempt * 1:59034 <-> SERVER-WEBAPP HiSilicon Video Encoders unauthenticated command injection attempt * 1:59035 <-> MALWARE-OTHER Php.Webshell.AK74 inbound connection attempt * 1:59036 <-> MALWARE-OTHER Php.Webshell.AK74 outbound connection attempt * 1:59037 <-> MALWARE-OTHER Php.Webshell.AK74 inbound connection attempt * 1:59038 <-> MALWARE-OTHER Php.Webshell.AK74 inbound connection attempt * 1:59039 <-> MALWARE-OTHER Php.Webshell.AK74 inbound connection attempt * 1:59040 <-> MALWARE-OTHER Php.Webshell.AK74 inbound connection attempt * 1:59041 <-> MALWARE-OTHER Php.Webshell.AK74 inbound connection attempt * 1:59042 <-> MALWARE-OTHER Php.Webshell.AK74 inbound connection attempt * 1:59043 <-> MALWARE-OTHER Php.Webshell.AK74 inbound connection attempt * 1:59044 <-> MALWARE-OTHER Php.Webshell.AK74 download attempt * 1:59045 <-> MALWARE-OTHER Php.Webshell.AK74 upload attempt * 1:59046 <-> BROWSER-OTHER Slack command injection attempt * 1:59047 <-> BROWSER-OTHER Slack command injection attempt * 1:59048 <-> MALWARE-OTHER Php.Webshell.Generic outbound connection attempt * 1:59049 <-> MALWARE-OTHER Php.Webshell.Andela inbound connection attempt * 1:59050 <-> MALWARE-OTHER Php.Webshell.Andela download attempt * 1:59051 <-> MALWARE-OTHER Php.Webshell.Andela upload attempt * 1:59052 <-> OS-WINDOWS Microsoft Windows AD DS potential elevation of privilege attempt * 1:59053 <-> POLICY-OTHER Microsoft Windows S4U2self request for administrator account attempt * 1:59054 <-> MALWARE-OTHER Php.Webshell.Alpha inbound connection attempt * 1:59055 <-> MALWARE-OTHER Php.Webshell.Alpha outbound connection attempt * 1:59056 <-> MALWARE-OTHER Php.Webshell.Generic download attempt * 1:59057 <-> MALWARE-OTHER Php.Webshell.Generic upload attempt * 3:59058 <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2022-1458 attack attempt * 3:59059 <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2022-1457 attack attempt * 3:59060 <-> POLICY-OTHER Cisco RV Series Routers driver upload detected * 3:59061 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1459 attack attempt
* 1:58637 <-> SERVER-OTHER Microsoft Exchange Server remote code execution attempt * 1:58638 <-> SERVER-OTHER Microsoft Exchange Server remote code execution attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.11.0.
The format of the file is:
gid:sid <-> Message
* 1:59032 <-> SERVER-WEBAPP Apache ActiveMQ Web Console cross site scripting attempt * 1:59033 <-> SERVER-WEBAPP Apache ActiveMQ Web Console cross site scripting attempt * 1:59034 <-> SERVER-WEBAPP HiSilicon Video Encoders unauthenticated command injection attempt * 1:59035 <-> MALWARE-OTHER Php.Webshell.AK74 inbound connection attempt * 1:59036 <-> MALWARE-OTHER Php.Webshell.AK74 outbound connection attempt * 1:59037 <-> MALWARE-OTHER Php.Webshell.AK74 inbound connection attempt * 1:59038 <-> MALWARE-OTHER Php.Webshell.AK74 inbound connection attempt * 1:59039 <-> MALWARE-OTHER Php.Webshell.AK74 inbound connection attempt * 1:59040 <-> MALWARE-OTHER Php.Webshell.AK74 inbound connection attempt * 1:59041 <-> MALWARE-OTHER Php.Webshell.AK74 inbound connection attempt * 1:59042 <-> MALWARE-OTHER Php.Webshell.AK74 inbound connection attempt * 1:59043 <-> MALWARE-OTHER Php.Webshell.AK74 inbound connection attempt * 1:59044 <-> MALWARE-OTHER Php.Webshell.AK74 download attempt * 1:59045 <-> MALWARE-OTHER Php.Webshell.AK74 upload attempt * 1:59046 <-> BROWSER-OTHER Slack command injection attempt * 1:59047 <-> BROWSER-OTHER Slack command injection attempt * 1:59048 <-> MALWARE-OTHER Php.Webshell.Generic outbound connection attempt * 1:59049 <-> MALWARE-OTHER Php.Webshell.Andela inbound connection attempt * 1:59050 <-> MALWARE-OTHER Php.Webshell.Andela download attempt * 1:59051 <-> MALWARE-OTHER Php.Webshell.Andela upload attempt * 1:59052 <-> OS-WINDOWS Microsoft Windows AD DS potential elevation of privilege attempt * 1:59053 <-> POLICY-OTHER Microsoft Windows S4U2self request for administrator account attempt * 1:59054 <-> MALWARE-OTHER Php.Webshell.Alpha inbound connection attempt * 1:59055 <-> MALWARE-OTHER Php.Webshell.Alpha outbound connection attempt * 1:59056 <-> MALWARE-OTHER Php.Webshell.Generic download attempt * 1:59057 <-> MALWARE-OTHER Php.Webshell.Generic upload attempt * 3:59058 <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2022-1458 attack attempt * 3:59059 <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2022-1457 attack attempt * 3:59060 <-> POLICY-OTHER Cisco RV Series Routers driver upload detected * 3:59061 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1459 attack attempt
* 1:58637 <-> SERVER-OTHER Microsoft Exchange Server remote code execution attempt * 1:58638 <-> SERVER-OTHER Microsoft Exchange Server remote code execution attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.15.0.
The format of the file is:
gid:sid <-> Message
* 1:59032 <-> SERVER-WEBAPP Apache ActiveMQ Web Console cross site scripting attempt * 1:59033 <-> SERVER-WEBAPP Apache ActiveMQ Web Console cross site scripting attempt * 1:59034 <-> SERVER-WEBAPP HiSilicon Video Encoders unauthenticated command injection attempt * 1:59035 <-> MALWARE-OTHER Php.Webshell.AK74 inbound connection attempt * 1:59036 <-> MALWARE-OTHER Php.Webshell.AK74 outbound connection attempt * 1:59037 <-> MALWARE-OTHER Php.Webshell.AK74 inbound connection attempt * 1:59038 <-> MALWARE-OTHER Php.Webshell.AK74 inbound connection attempt * 1:59039 <-> MALWARE-OTHER Php.Webshell.AK74 inbound connection attempt * 1:59040 <-> MALWARE-OTHER Php.Webshell.AK74 inbound connection attempt * 1:59041 <-> MALWARE-OTHER Php.Webshell.AK74 inbound connection attempt * 1:59042 <-> MALWARE-OTHER Php.Webshell.AK74 inbound connection attempt * 1:59043 <-> MALWARE-OTHER Php.Webshell.AK74 inbound connection attempt * 1:59044 <-> MALWARE-OTHER Php.Webshell.AK74 download attempt * 1:59045 <-> MALWARE-OTHER Php.Webshell.AK74 upload attempt * 1:59046 <-> BROWSER-OTHER Slack command injection attempt * 1:59047 <-> BROWSER-OTHER Slack command injection attempt * 1:59048 <-> MALWARE-OTHER Php.Webshell.Generic outbound connection attempt * 1:59049 <-> MALWARE-OTHER Php.Webshell.Andela inbound connection attempt * 1:59050 <-> MALWARE-OTHER Php.Webshell.Andela download attempt * 1:59051 <-> MALWARE-OTHER Php.Webshell.Andela upload attempt * 1:59052 <-> OS-WINDOWS Microsoft Windows AD DS potential elevation of privilege attempt * 1:59053 <-> POLICY-OTHER Microsoft Windows S4U2self request for administrator account attempt * 1:59054 <-> MALWARE-OTHER Php.Webshell.Alpha inbound connection attempt * 1:59055 <-> MALWARE-OTHER Php.Webshell.Alpha outbound connection attempt * 1:59056 <-> MALWARE-OTHER Php.Webshell.Generic download attempt * 1:59057 <-> MALWARE-OTHER Php.Webshell.Generic upload attempt * 3:59058 <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2022-1458 attack attempt * 3:59059 <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2022-1457 attack attempt * 3:59060 <-> POLICY-OTHER Cisco RV Series Routers driver upload detected * 3:59061 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1459 attack attempt
* 1:58637 <-> SERVER-OTHER Microsoft Exchange Server remote code execution attempt * 1:58638 <-> SERVER-OTHER Microsoft Exchange Server remote code execution attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.18.0.
The format of the file is:
gid:sid <-> Message
* 1:59032 <-> SERVER-WEBAPP Apache ActiveMQ Web Console cross site scripting attempt * 1:59033 <-> SERVER-WEBAPP Apache ActiveMQ Web Console cross site scripting attempt * 1:59034 <-> SERVER-WEBAPP HiSilicon Video Encoders unauthenticated command injection attempt * 1:59035 <-> MALWARE-OTHER Php.Webshell.AK74 inbound connection attempt * 1:59036 <-> MALWARE-OTHER Php.Webshell.AK74 outbound connection attempt * 1:59037 <-> MALWARE-OTHER Php.Webshell.AK74 inbound connection attempt * 1:59038 <-> MALWARE-OTHER Php.Webshell.AK74 inbound connection attempt * 1:59039 <-> MALWARE-OTHER Php.Webshell.AK74 inbound connection attempt * 1:59040 <-> MALWARE-OTHER Php.Webshell.AK74 inbound connection attempt * 1:59041 <-> MALWARE-OTHER Php.Webshell.AK74 inbound connection attempt * 1:59042 <-> MALWARE-OTHER Php.Webshell.AK74 inbound connection attempt * 1:59043 <-> MALWARE-OTHER Php.Webshell.AK74 inbound connection attempt * 1:59044 <-> MALWARE-OTHER Php.Webshell.AK74 download attempt * 1:59045 <-> MALWARE-OTHER Php.Webshell.AK74 upload attempt * 1:59046 <-> BROWSER-OTHER Slack command injection attempt * 1:59047 <-> BROWSER-OTHER Slack command injection attempt * 1:59048 <-> MALWARE-OTHER Php.Webshell.Generic outbound connection attempt * 1:59049 <-> MALWARE-OTHER Php.Webshell.Andela inbound connection attempt * 1:59050 <-> MALWARE-OTHER Php.Webshell.Andela download attempt * 1:59051 <-> MALWARE-OTHER Php.Webshell.Andela upload attempt * 1:59052 <-> OS-WINDOWS Microsoft Windows AD DS potential elevation of privilege attempt * 1:59053 <-> POLICY-OTHER Microsoft Windows S4U2self request for administrator account attempt * 1:59054 <-> MALWARE-OTHER Php.Webshell.Alpha inbound connection attempt * 1:59055 <-> MALWARE-OTHER Php.Webshell.Alpha outbound connection attempt * 1:59056 <-> MALWARE-OTHER Php.Webshell.Generic download attempt * 1:59057 <-> MALWARE-OTHER Php.Webshell.Generic upload attempt * 3:59058 <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2022-1458 attack attempt * 3:59059 <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2022-1457 attack attempt * 3:59060 <-> POLICY-OTHER Cisco RV Series Routers driver upload detected * 3:59061 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1459 attack attempt
* 1:58637 <-> SERVER-OTHER Microsoft Exchange Server remote code execution attempt * 1:58638 <-> SERVER-OTHER Microsoft Exchange Server remote code execution attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.20.0.
The format of the file is:
gid:sid <-> Message
* 1:59032 <-> SERVER-WEBAPP Apache ActiveMQ Web Console cross site scripting attempt * 1:59033 <-> SERVER-WEBAPP Apache ActiveMQ Web Console cross site scripting attempt * 1:59034 <-> SERVER-WEBAPP HiSilicon Video Encoders unauthenticated command injection attempt * 1:59035 <-> MALWARE-OTHER Php.Webshell.AK74 inbound connection attempt * 1:59036 <-> MALWARE-OTHER Php.Webshell.AK74 outbound connection attempt * 1:59037 <-> MALWARE-OTHER Php.Webshell.AK74 inbound connection attempt * 1:59038 <-> MALWARE-OTHER Php.Webshell.AK74 inbound connection attempt * 1:59039 <-> MALWARE-OTHER Php.Webshell.AK74 inbound connection attempt * 1:59040 <-> MALWARE-OTHER Php.Webshell.AK74 inbound connection attempt * 1:59041 <-> MALWARE-OTHER Php.Webshell.AK74 inbound connection attempt * 1:59042 <-> MALWARE-OTHER Php.Webshell.AK74 inbound connection attempt * 1:59043 <-> MALWARE-OTHER Php.Webshell.AK74 inbound connection attempt * 1:59044 <-> MALWARE-OTHER Php.Webshell.AK74 download attempt * 1:59045 <-> MALWARE-OTHER Php.Webshell.AK74 upload attempt * 1:59046 <-> BROWSER-OTHER Slack command injection attempt * 1:59047 <-> BROWSER-OTHER Slack command injection attempt * 1:59048 <-> MALWARE-OTHER Php.Webshell.Generic outbound connection attempt * 1:59049 <-> MALWARE-OTHER Php.Webshell.Andela inbound connection attempt * 1:59050 <-> MALWARE-OTHER Php.Webshell.Andela download attempt * 1:59051 <-> MALWARE-OTHER Php.Webshell.Andela upload attempt * 1:59052 <-> OS-WINDOWS Microsoft Windows AD DS potential elevation of privilege attempt * 1:59053 <-> POLICY-OTHER Microsoft Windows S4U2self request for administrator account attempt * 1:59054 <-> MALWARE-OTHER Php.Webshell.Alpha inbound connection attempt * 1:59055 <-> MALWARE-OTHER Php.Webshell.Alpha outbound connection attempt * 1:59056 <-> MALWARE-OTHER Php.Webshell.Generic download attempt * 1:59057 <-> MALWARE-OTHER Php.Webshell.Generic upload attempt * 3:59058 <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2022-1458 attack attempt * 3:59059 <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2022-1457 attack attempt * 3:59060 <-> POLICY-OTHER Cisco RV Series Routers driver upload detected * 3:59061 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1459 attack attempt
* 1:58637 <-> SERVER-OTHER Microsoft Exchange Server remote code execution attempt * 1:58638 <-> SERVER-OTHER Microsoft Exchange Server remote code execution attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.21.0.
The format of the file is:
gid:sid <-> Message
* 1:59032 <-> SERVER-WEBAPP Apache ActiveMQ Web Console cross site scripting attempt * 1:59033 <-> SERVER-WEBAPP Apache ActiveMQ Web Console cross site scripting attempt * 1:59034 <-> SERVER-WEBAPP HiSilicon Video Encoders unauthenticated command injection attempt * 1:59035 <-> MALWARE-OTHER Php.Webshell.AK74 inbound connection attempt * 1:59036 <-> MALWARE-OTHER Php.Webshell.AK74 outbound connection attempt * 1:59037 <-> MALWARE-OTHER Php.Webshell.AK74 inbound connection attempt * 1:59038 <-> MALWARE-OTHER Php.Webshell.AK74 inbound connection attempt * 1:59039 <-> MALWARE-OTHER Php.Webshell.AK74 inbound connection attempt * 1:59040 <-> MALWARE-OTHER Php.Webshell.AK74 inbound connection attempt * 1:59041 <-> MALWARE-OTHER Php.Webshell.AK74 inbound connection attempt * 1:59042 <-> MALWARE-OTHER Php.Webshell.AK74 inbound connection attempt * 1:59043 <-> MALWARE-OTHER Php.Webshell.AK74 inbound connection attempt * 1:59044 <-> MALWARE-OTHER Php.Webshell.AK74 download attempt * 1:59045 <-> MALWARE-OTHER Php.Webshell.AK74 upload attempt * 1:59046 <-> BROWSER-OTHER Slack command injection attempt * 1:59047 <-> BROWSER-OTHER Slack command injection attempt * 1:59048 <-> MALWARE-OTHER Php.Webshell.Generic outbound connection attempt * 1:59049 <-> MALWARE-OTHER Php.Webshell.Andela inbound connection attempt * 1:59050 <-> MALWARE-OTHER Php.Webshell.Andela download attempt * 1:59051 <-> MALWARE-OTHER Php.Webshell.Andela upload attempt * 1:59052 <-> OS-WINDOWS Microsoft Windows AD DS potential elevation of privilege attempt * 1:59053 <-> POLICY-OTHER Microsoft Windows S4U2self request for administrator account attempt * 1:59054 <-> MALWARE-OTHER Php.Webshell.Alpha inbound connection attempt * 1:59055 <-> MALWARE-OTHER Php.Webshell.Alpha outbound connection attempt * 1:59056 <-> MALWARE-OTHER Php.Webshell.Generic download attempt * 1:59057 <-> MALWARE-OTHER Php.Webshell.Generic upload attempt * 3:59058 <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2022-1458 attack attempt * 3:59059 <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2022-1457 attack attempt * 3:59060 <-> POLICY-OTHER Cisco RV Series Routers driver upload detected * 3:59061 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1459 attack attempt
* 1:58637 <-> SERVER-OTHER Microsoft Exchange Server remote code execution attempt * 1:58638 <-> SERVER-OTHER Microsoft Exchange Server remote code execution attempt
©2024 Cisco and/or its affiliates. Snort, the Snort and Pig logo are registered trademarks of Cisco. All rights reserved.
