Talos has added and modified multiple rules in the indicator-shellcode, malware-cnc, malware-other, malware-tools, policy-other and server-webapp rule sets to provide coverage for emerging threats from these technologies.
For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091900.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:59126 <-> DISABLED <-> SERVER-WEBAPP Advantech iView UserServlet SQL injection attempt (server-webapp.rules) * 1:59127 <-> DISABLED <-> SERVER-WEBAPP Advantech iView UserServlet SQL injection attempt (server-webapp.rules) * 1:59128 <-> DISABLED <-> SERVER-WEBAPP Advantech iView UserServlet SQL injection attempt (server-webapp.rules) * 1:59129 <-> ENABLED <-> SERVER-WEBAPP VMware vCenter Server file upload attempt (server-webapp.rules) * 1:59130 <-> DISABLED <-> MALWARE-TOOLS Bombardier http DoS tool (malware-tools.rules) * 1:59131 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generic download attempt (malware-other.rules) * 1:59132 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generic upload attempt (malware-other.rules) * 1:59133 <-> ENABLED <-> MALWARE-CNC Win.Trojan.AgentTesla outbound connection attempt (malware-cnc.rules) * 1:59134 <-> ENABLED <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink upload attempt (malware-other.rules) * 1:59135 <-> ENABLED <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink upload attempt (malware-other.rules) * 1:59136 <-> ENABLED <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink download attempt (malware-other.rules) * 1:59137 <-> ENABLED <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink download attempt (malware-other.rules) * 1:59138 <-> ENABLED <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink download attempt (malware-other.rules) * 1:59139 <-> ENABLED <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink upload attempt (malware-other.rules) * 1:59140 <-> ENABLED <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink upload attempt (malware-other.rules) * 1:59141 <-> ENABLED <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink upload attempt (malware-other.rules) * 1:59142 <-> ENABLED <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink download attempt (malware-other.rules) * 1:59143 <-> ENABLED <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink download attempt (malware-other.rules) * 1:59145 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Redline variant download attempt (malware-other.rules) * 1:59146 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Redline variant upload attempt (malware-other.rules) * 1:59147 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Redline variant download attempt (malware-other.rules) * 1:59148 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Redline variant download attempt (malware-other.rules) * 1:59149 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Redline variant outbound request detected (malware-cnc.rules) * 1:59150 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Redline variant outbound request detected (malware-cnc.rules) * 3:59118 <-> ENABLED <-> SERVER-WEBAPP Cisco Expressway and TelePresence Video Communication Server directory traversal attempt (server-webapp.rules) * 3:59120 <-> ENABLED <-> SERVER-WEBAPP Cisco Expressway and TelePresence Video Communication Server directory traversal attempt (server-webapp.rules) * 3:59119 <-> ENABLED <-> SERVER-WEBAPP Cisco Expressway and TelePresence Video Communication Server directory traversal attempt (server-webapp.rules) * 3:59121 <-> ENABLED <-> SERVER-WEBAPP Cisco Expressway and TelePresence Video Communication Server command injection attempt (server-webapp.rules) * 3:59122 <-> ENABLED <-> SERVER-WEBAPP Cisco Expressway and TelePresence Video Communication Server command injection attempt (server-webapp.rules) * 3:59124 <-> ENABLED <-> SERVER-WEBAPP Cisco Expressway and TelePresence Video Communication Server command injection attempt (server-webapp.rules) * 3:59123 <-> ENABLED <-> SERVER-WEBAPP Cisco Expressway and TelePresence Video Communication Server command injection attempt (server-webapp.rules) * 3:59144 <-> ENABLED <-> SERVER-OTHER Cisco Identity Services Engine RADIUS denial of service attempt (server-other.rules) * 3:59125 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1473 attack attempt (server-webapp.rules) * 3:59152 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1474 attack attempt (policy-other.rules) * 3:59151 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1468 attack attempt (server-webapp.rules) * 3:59153 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1472 attack attempt (policy-other.rules)
* 3:54028 <-> ENABLED <-> INDICATOR-SHELLCODE Java RMI deserialization exploit attempt (indicator-shellcode.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091801.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:59137 <-> ENABLED <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink download attempt (malware-other.rules) * 1:59138 <-> ENABLED <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink download attempt (malware-other.rules) * 1:59132 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generic upload attempt (malware-other.rules) * 1:59143 <-> ENABLED <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink download attempt (malware-other.rules) * 1:59146 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Redline variant upload attempt (malware-other.rules) * 1:59145 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Redline variant download attempt (malware-other.rules) * 1:59147 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Redline variant download attempt (malware-other.rules) * 1:59131 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generic download attempt (malware-other.rules) * 1:59130 <-> DISABLED <-> MALWARE-TOOLS Bombardier http DoS tool (malware-tools.rules) * 1:59139 <-> ENABLED <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink upload attempt (malware-other.rules) * 1:59140 <-> ENABLED <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink upload attempt (malware-other.rules) * 1:59141 <-> ENABLED <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink upload attempt (malware-other.rules) * 1:59127 <-> DISABLED <-> SERVER-WEBAPP Advantech iView UserServlet SQL injection attempt (server-webapp.rules) * 1:59126 <-> DISABLED <-> SERVER-WEBAPP Advantech iView UserServlet SQL injection attempt (server-webapp.rules) * 1:59129 <-> ENABLED <-> SERVER-WEBAPP VMware vCenter Server file upload attempt (server-webapp.rules) * 1:59128 <-> DISABLED <-> SERVER-WEBAPP Advantech iView UserServlet SQL injection attempt (server-webapp.rules) * 1:59142 <-> ENABLED <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink download attempt (malware-other.rules) * 1:59133 <-> ENABLED <-> MALWARE-CNC Win.Trojan.AgentTesla outbound connection attempt (malware-cnc.rules) * 1:59134 <-> ENABLED <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink upload attempt (malware-other.rules) * 1:59135 <-> ENABLED <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink upload attempt (malware-other.rules) * 1:59150 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Redline variant outbound request detected (malware-cnc.rules) * 1:59149 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Redline variant outbound request detected (malware-cnc.rules) * 1:59136 <-> ENABLED <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink download attempt (malware-other.rules) * 1:59148 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Redline variant download attempt (malware-other.rules) * 3:59151 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1468 attack attempt (server-webapp.rules) * 3:59118 <-> ENABLED <-> SERVER-WEBAPP Cisco Expressway and TelePresence Video Communication Server directory traversal attempt (server-webapp.rules) * 3:59120 <-> ENABLED <-> SERVER-WEBAPP Cisco Expressway and TelePresence Video Communication Server directory traversal attempt (server-webapp.rules) * 3:59119 <-> ENABLED <-> SERVER-WEBAPP Cisco Expressway and TelePresence Video Communication Server directory traversal attempt (server-webapp.rules) * 3:59122 <-> ENABLED <-> SERVER-WEBAPP Cisco Expressway and TelePresence Video Communication Server command injection attempt (server-webapp.rules) * 3:59121 <-> ENABLED <-> SERVER-WEBAPP Cisco Expressway and TelePresence Video Communication Server command injection attempt (server-webapp.rules) * 3:59123 <-> ENABLED <-> SERVER-WEBAPP Cisco Expressway and TelePresence Video Communication Server command injection attempt (server-webapp.rules) * 3:59125 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1473 attack attempt (server-webapp.rules) * 3:59124 <-> ENABLED <-> SERVER-WEBAPP Cisco Expressway and TelePresence Video Communication Server command injection attempt (server-webapp.rules) * 3:59144 <-> ENABLED <-> SERVER-OTHER Cisco Identity Services Engine RADIUS denial of service attempt (server-other.rules) * 3:59152 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1474 attack attempt (policy-other.rules) * 3:59153 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1472 attack attempt (policy-other.rules)
* 3:54028 <-> ENABLED <-> INDICATOR-SHELLCODE Java RMI deserialization exploit attempt (indicator-shellcode.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091701.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:59129 <-> ENABLED <-> SERVER-WEBAPP VMware vCenter Server file upload attempt (server-webapp.rules) * 1:59140 <-> ENABLED <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink upload attempt (malware-other.rules) * 1:59137 <-> ENABLED <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink download attempt (malware-other.rules) * 1:59138 <-> ENABLED <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink download attempt (malware-other.rules) * 1:59139 <-> ENABLED <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink upload attempt (malware-other.rules) * 1:59143 <-> ENABLED <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink download attempt (malware-other.rules) * 1:59135 <-> ENABLED <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink upload attempt (malware-other.rules) * 1:59147 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Redline variant download attempt (malware-other.rules) * 1:59148 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Redline variant download attempt (malware-other.rules) * 1:59149 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Redline variant outbound request detected (malware-cnc.rules) * 1:59136 <-> ENABLED <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink download attempt (malware-other.rules) * 1:59131 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generic download attempt (malware-other.rules) * 1:59141 <-> ENABLED <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink upload attempt (malware-other.rules) * 1:59126 <-> DISABLED <-> SERVER-WEBAPP Advantech iView UserServlet SQL injection attempt (server-webapp.rules) * 1:59142 <-> ENABLED <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink download attempt (malware-other.rules) * 1:59134 <-> ENABLED <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink upload attempt (malware-other.rules) * 1:59130 <-> DISABLED <-> MALWARE-TOOLS Bombardier http DoS tool (malware-tools.rules) * 1:59127 <-> DISABLED <-> SERVER-WEBAPP Advantech iView UserServlet SQL injection attempt (server-webapp.rules) * 1:59132 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generic upload attempt (malware-other.rules) * 1:59145 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Redline variant download attempt (malware-other.rules) * 1:59133 <-> ENABLED <-> MALWARE-CNC Win.Trojan.AgentTesla outbound connection attempt (malware-cnc.rules) * 1:59150 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Redline variant outbound request detected (malware-cnc.rules) * 1:59146 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Redline variant upload attempt (malware-other.rules) * 1:59128 <-> DISABLED <-> SERVER-WEBAPP Advantech iView UserServlet SQL injection attempt (server-webapp.rules) * 3:59119 <-> ENABLED <-> SERVER-WEBAPP Cisco Expressway and TelePresence Video Communication Server directory traversal attempt (server-webapp.rules) * 3:59118 <-> ENABLED <-> SERVER-WEBAPP Cisco Expressway and TelePresence Video Communication Server directory traversal attempt (server-webapp.rules) * 3:59121 <-> ENABLED <-> SERVER-WEBAPP Cisco Expressway and TelePresence Video Communication Server command injection attempt (server-webapp.rules) * 3:59123 <-> ENABLED <-> SERVER-WEBAPP Cisco Expressway and TelePresence Video Communication Server command injection attempt (server-webapp.rules) * 3:59122 <-> ENABLED <-> SERVER-WEBAPP Cisco Expressway and TelePresence Video Communication Server command injection attempt (server-webapp.rules) * 3:59120 <-> ENABLED <-> SERVER-WEBAPP Cisco Expressway and TelePresence Video Communication Server directory traversal attempt (server-webapp.rules) * 3:59125 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1473 attack attempt (server-webapp.rules) * 3:59124 <-> ENABLED <-> SERVER-WEBAPP Cisco Expressway and TelePresence Video Communication Server command injection attempt (server-webapp.rules) * 3:59144 <-> ENABLED <-> SERVER-OTHER Cisco Identity Services Engine RADIUS denial of service attempt (server-other.rules) * 3:59152 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1474 attack attempt (policy-other.rules) * 3:59151 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1468 attack attempt (server-webapp.rules) * 3:59153 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1472 attack attempt (policy-other.rules)
* 3:54028 <-> ENABLED <-> INDICATOR-SHELLCODE Java RMI deserialization exploit attempt (indicator-shellcode.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091700.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:59138 <-> ENABLED <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink download attempt (malware-other.rules) * 1:59143 <-> ENABLED <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink download attempt (malware-other.rules) * 1:59131 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generic download attempt (malware-other.rules) * 1:59135 <-> ENABLED <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink upload attempt (malware-other.rules) * 1:59140 <-> ENABLED <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink upload attempt (malware-other.rules) * 1:59141 <-> ENABLED <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink upload attempt (malware-other.rules) * 1:59133 <-> ENABLED <-> MALWARE-CNC Win.Trojan.AgentTesla outbound connection attempt (malware-cnc.rules) * 1:59142 <-> ENABLED <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink download attempt (malware-other.rules) * 1:59147 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Redline variant download attempt (malware-other.rules) * 1:59128 <-> DISABLED <-> SERVER-WEBAPP Advantech iView UserServlet SQL injection attempt (server-webapp.rules) * 1:59150 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Redline variant outbound request detected (malware-cnc.rules) * 1:59127 <-> DISABLED <-> SERVER-WEBAPP Advantech iView UserServlet SQL injection attempt (server-webapp.rules) * 1:59145 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Redline variant download attempt (malware-other.rules) * 1:59130 <-> DISABLED <-> MALWARE-TOOLS Bombardier http DoS tool (malware-tools.rules) * 1:59126 <-> DISABLED <-> SERVER-WEBAPP Advantech iView UserServlet SQL injection attempt (server-webapp.rules) * 1:59129 <-> ENABLED <-> SERVER-WEBAPP VMware vCenter Server file upload attempt (server-webapp.rules) * 1:59139 <-> ENABLED <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink upload attempt (malware-other.rules) * 1:59146 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Redline variant upload attempt (malware-other.rules) * 1:59132 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generic upload attempt (malware-other.rules) * 1:59136 <-> ENABLED <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink download attempt (malware-other.rules) * 1:59134 <-> ENABLED <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink upload attempt (malware-other.rules) * 1:59137 <-> ENABLED <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink download attempt (malware-other.rules) * 1:59148 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Redline variant download attempt (malware-other.rules) * 1:59149 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Redline variant outbound request detected (malware-cnc.rules) * 3:59119 <-> ENABLED <-> SERVER-WEBAPP Cisco Expressway and TelePresence Video Communication Server directory traversal attempt (server-webapp.rules) * 3:59118 <-> ENABLED <-> SERVER-WEBAPP Cisco Expressway and TelePresence Video Communication Server directory traversal attempt (server-webapp.rules) * 3:59121 <-> ENABLED <-> SERVER-WEBAPP Cisco Expressway and TelePresence Video Communication Server command injection attempt (server-webapp.rules) * 3:59124 <-> ENABLED <-> SERVER-WEBAPP Cisco Expressway and TelePresence Video Communication Server command injection attempt (server-webapp.rules) * 3:59123 <-> ENABLED <-> SERVER-WEBAPP Cisco Expressway and TelePresence Video Communication Server command injection attempt (server-webapp.rules) * 3:59120 <-> ENABLED <-> SERVER-WEBAPP Cisco Expressway and TelePresence Video Communication Server directory traversal attempt (server-webapp.rules) * 3:59125 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1473 attack attempt (server-webapp.rules) * 3:59152 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1474 attack attempt (policy-other.rules) * 3:59151 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1468 attack attempt (server-webapp.rules) * 3:59122 <-> ENABLED <-> SERVER-WEBAPP Cisco Expressway and TelePresence Video Communication Server command injection attempt (server-webapp.rules) * 3:59153 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1472 attack attempt (policy-other.rules) * 3:59144 <-> ENABLED <-> SERVER-OTHER Cisco Identity Services Engine RADIUS denial of service attempt (server-other.rules)
* 3:54028 <-> ENABLED <-> INDICATOR-SHELLCODE Java RMI deserialization exploit attempt (indicator-shellcode.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091601.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:59149 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Redline variant outbound request detected (malware-cnc.rules) * 1:59127 <-> DISABLED <-> SERVER-WEBAPP Advantech iView UserServlet SQL injection attempt (server-webapp.rules) * 1:59128 <-> DISABLED <-> SERVER-WEBAPP Advantech iView UserServlet SQL injection attempt (server-webapp.rules) * 1:59129 <-> ENABLED <-> SERVER-WEBAPP VMware vCenter Server file upload attempt (server-webapp.rules) * 1:59130 <-> DISABLED <-> MALWARE-TOOLS Bombardier http DoS tool (malware-tools.rules) * 1:59136 <-> ENABLED <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink download attempt (malware-other.rules) * 1:59137 <-> ENABLED <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink download attempt (malware-other.rules) * 1:59140 <-> ENABLED <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink upload attempt (malware-other.rules) * 1:59150 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Redline variant outbound request detected (malware-cnc.rules) * 1:59139 <-> ENABLED <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink upload attempt (malware-other.rules) * 1:59141 <-> ENABLED <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink upload attempt (malware-other.rules) * 1:59134 <-> ENABLED <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink upload attempt (malware-other.rules) * 1:59133 <-> ENABLED <-> MALWARE-CNC Win.Trojan.AgentTesla outbound connection attempt (malware-cnc.rules) * 1:59132 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generic upload attempt (malware-other.rules) * 1:59147 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Redline variant download attempt (malware-other.rules) * 1:59148 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Redline variant download attempt (malware-other.rules) * 1:59146 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Redline variant upload attempt (malware-other.rules) * 1:59142 <-> ENABLED <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink download attempt (malware-other.rules) * 1:59135 <-> ENABLED <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink upload attempt (malware-other.rules) * 1:59126 <-> DISABLED <-> SERVER-WEBAPP Advantech iView UserServlet SQL injection attempt (server-webapp.rules) * 1:59131 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generic download attempt (malware-other.rules) * 1:59138 <-> ENABLED <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink download attempt (malware-other.rules) * 1:59145 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Redline variant download attempt (malware-other.rules) * 1:59143 <-> ENABLED <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink download attempt (malware-other.rules) * 3:59153 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1472 attack attempt (policy-other.rules) * 3:59151 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1468 attack attempt (server-webapp.rules) * 3:59118 <-> ENABLED <-> SERVER-WEBAPP Cisco Expressway and TelePresence Video Communication Server directory traversal attempt (server-webapp.rules) * 3:59120 <-> ENABLED <-> SERVER-WEBAPP Cisco Expressway and TelePresence Video Communication Server directory traversal attempt (server-webapp.rules) * 3:59122 <-> ENABLED <-> SERVER-WEBAPP Cisco Expressway and TelePresence Video Communication Server command injection attempt (server-webapp.rules) * 3:59121 <-> ENABLED <-> SERVER-WEBAPP Cisco Expressway and TelePresence Video Communication Server command injection attempt (server-webapp.rules) * 3:59124 <-> ENABLED <-> SERVER-WEBAPP Cisco Expressway and TelePresence Video Communication Server command injection attempt (server-webapp.rules) * 3:59119 <-> ENABLED <-> SERVER-WEBAPP Cisco Expressway and TelePresence Video Communication Server directory traversal attempt (server-webapp.rules) * 3:59144 <-> ENABLED <-> SERVER-OTHER Cisco Identity Services Engine RADIUS denial of service attempt (server-other.rules) * 3:59125 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1473 attack attempt (server-webapp.rules) * 3:59152 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1474 attack attempt (policy-other.rules) * 3:59123 <-> ENABLED <-> SERVER-WEBAPP Cisco Expressway and TelePresence Video Communication Server command injection attempt (server-webapp.rules)
* 3:54028 <-> ENABLED <-> INDICATOR-SHELLCODE Java RMI deserialization exploit attempt (indicator-shellcode.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091600.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:59138 <-> ENABLED <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink download attempt (malware-other.rules) * 1:59131 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generic download attempt (malware-other.rules) * 1:59140 <-> ENABLED <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink upload attempt (malware-other.rules) * 1:59141 <-> ENABLED <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink upload attempt (malware-other.rules) * 1:59142 <-> ENABLED <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink download attempt (malware-other.rules) * 1:59147 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Redline variant download attempt (malware-other.rules) * 1:59150 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Redline variant outbound request detected (malware-cnc.rules) * 1:59133 <-> ENABLED <-> MALWARE-CNC Win.Trojan.AgentTesla outbound connection attempt (malware-cnc.rules) * 1:59134 <-> ENABLED <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink upload attempt (malware-other.rules) * 1:59145 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Redline variant download attempt (malware-other.rules) * 1:59127 <-> DISABLED <-> SERVER-WEBAPP Advantech iView UserServlet SQL injection attempt (server-webapp.rules) * 1:59136 <-> ENABLED <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink download attempt (malware-other.rules) * 1:59126 <-> DISABLED <-> SERVER-WEBAPP Advantech iView UserServlet SQL injection attempt (server-webapp.rules) * 1:59130 <-> DISABLED <-> MALWARE-TOOLS Bombardier http DoS tool (malware-tools.rules) * 1:59132 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generic upload attempt (malware-other.rules) * 1:59146 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Redline variant upload attempt (malware-other.rules) * 1:59139 <-> ENABLED <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink upload attempt (malware-other.rules) * 1:59137 <-> ENABLED <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink download attempt (malware-other.rules) * 1:59143 <-> ENABLED <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink download attempt (malware-other.rules) * 1:59128 <-> DISABLED <-> SERVER-WEBAPP Advantech iView UserServlet SQL injection attempt (server-webapp.rules) * 1:59135 <-> ENABLED <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink upload attempt (malware-other.rules) * 1:59148 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Redline variant download attempt (malware-other.rules) * 1:59149 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Redline variant outbound request detected (malware-cnc.rules) * 1:59129 <-> ENABLED <-> SERVER-WEBAPP VMware vCenter Server file upload attempt (server-webapp.rules) * 3:59121 <-> ENABLED <-> SERVER-WEBAPP Cisco Expressway and TelePresence Video Communication Server command injection attempt (server-webapp.rules) * 3:59124 <-> ENABLED <-> SERVER-WEBAPP Cisco Expressway and TelePresence Video Communication Server command injection attempt (server-webapp.rules) * 3:59119 <-> ENABLED <-> SERVER-WEBAPP Cisco Expressway and TelePresence Video Communication Server directory traversal attempt (server-webapp.rules) * 3:59152 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1474 attack attempt (policy-other.rules) * 3:59118 <-> ENABLED <-> SERVER-WEBAPP Cisco Expressway and TelePresence Video Communication Server directory traversal attempt (server-webapp.rules) * 3:59120 <-> ENABLED <-> SERVER-WEBAPP Cisco Expressway and TelePresence Video Communication Server directory traversal attempt (server-webapp.rules) * 3:59151 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1468 attack attempt (server-webapp.rules) * 3:59125 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1473 attack attempt (server-webapp.rules) * 3:59153 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1472 attack attempt (policy-other.rules) * 3:59122 <-> ENABLED <-> SERVER-WEBAPP Cisco Expressway and TelePresence Video Communication Server command injection attempt (server-webapp.rules) * 3:59144 <-> ENABLED <-> SERVER-OTHER Cisco Identity Services Engine RADIUS denial of service attempt (server-other.rules) * 3:59123 <-> ENABLED <-> SERVER-WEBAPP Cisco Expressway and TelePresence Video Communication Server command injection attempt (server-webapp.rules)
* 3:54028 <-> ENABLED <-> INDICATOR-SHELLCODE Java RMI deserialization exploit attempt (indicator-shellcode.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091501.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:59133 <-> ENABLED <-> MALWARE-CNC Win.Trojan.AgentTesla outbound connection attempt (malware-cnc.rules) * 1:59141 <-> ENABLED <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink upload attempt (malware-other.rules) * 1:59138 <-> ENABLED <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink download attempt (malware-other.rules) * 1:59142 <-> ENABLED <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink download attempt (malware-other.rules) * 1:59131 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generic download attempt (malware-other.rules) * 1:59129 <-> ENABLED <-> SERVER-WEBAPP VMware vCenter Server file upload attempt (server-webapp.rules) * 1:59136 <-> ENABLED <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink download attempt (malware-other.rules) * 1:59143 <-> ENABLED <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink download attempt (malware-other.rules) * 1:59149 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Redline variant outbound request detected (malware-cnc.rules) * 1:59130 <-> DISABLED <-> MALWARE-TOOLS Bombardier http DoS tool (malware-tools.rules) * 1:59126 <-> DISABLED <-> SERVER-WEBAPP Advantech iView UserServlet SQL injection attempt (server-webapp.rules) * 1:59145 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Redline variant download attempt (malware-other.rules) * 1:59135 <-> ENABLED <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink upload attempt (malware-other.rules) * 1:59150 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Redline variant outbound request detected (malware-cnc.rules) * 1:59139 <-> ENABLED <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink upload attempt (malware-other.rules) * 1:59132 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generic upload attempt (malware-other.rules) * 1:59134 <-> ENABLED <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink upload attempt (malware-other.rules) * 1:59127 <-> DISABLED <-> SERVER-WEBAPP Advantech iView UserServlet SQL injection attempt (server-webapp.rules) * 1:59140 <-> ENABLED <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink upload attempt (malware-other.rules) * 1:59146 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Redline variant upload attempt (malware-other.rules) * 1:59148 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Redline variant download attempt (malware-other.rules) * 1:59137 <-> ENABLED <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink download attempt (malware-other.rules) * 1:59147 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Redline variant download attempt (malware-other.rules) * 1:59128 <-> DISABLED <-> SERVER-WEBAPP Advantech iView UserServlet SQL injection attempt (server-webapp.rules) * 3:59153 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1472 attack attempt (policy-other.rules) * 3:59144 <-> ENABLED <-> SERVER-OTHER Cisco Identity Services Engine RADIUS denial of service attempt (server-other.rules) * 3:59124 <-> ENABLED <-> SERVER-WEBAPP Cisco Expressway and TelePresence Video Communication Server command injection attempt (server-webapp.rules) * 3:59151 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1468 attack attempt (server-webapp.rules) * 3:59118 <-> ENABLED <-> SERVER-WEBAPP Cisco Expressway and TelePresence Video Communication Server directory traversal attempt (server-webapp.rules) * 3:59152 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1474 attack attempt (policy-other.rules) * 3:59123 <-> ENABLED <-> SERVER-WEBAPP Cisco Expressway and TelePresence Video Communication Server command injection attempt (server-webapp.rules) * 3:59119 <-> ENABLED <-> SERVER-WEBAPP Cisco Expressway and TelePresence Video Communication Server directory traversal attempt (server-webapp.rules) * 3:59120 <-> ENABLED <-> SERVER-WEBAPP Cisco Expressway and TelePresence Video Communication Server directory traversal attempt (server-webapp.rules) * 3:59121 <-> ENABLED <-> SERVER-WEBAPP Cisco Expressway and TelePresence Video Communication Server command injection attempt (server-webapp.rules) * 3:59122 <-> ENABLED <-> SERVER-WEBAPP Cisco Expressway and TelePresence Video Communication Server command injection attempt (server-webapp.rules) * 3:59125 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1473 attack attempt (server-webapp.rules)
* 3:54028 <-> ENABLED <-> INDICATOR-SHELLCODE Java RMI deserialization exploit attempt (indicator-shellcode.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091401.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:59133 <-> ENABLED <-> MALWARE-CNC Win.Trojan.AgentTesla outbound connection attempt (malware-cnc.rules) * 1:59137 <-> ENABLED <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink download attempt (malware-other.rules) * 1:59132 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generic upload attempt (malware-other.rules) * 1:59141 <-> ENABLED <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink upload attempt (malware-other.rules) * 1:59147 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Redline variant download attempt (malware-other.rules) * 1:59140 <-> ENABLED <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink upload attempt (malware-other.rules) * 1:59148 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Redline variant download attempt (malware-other.rules) * 1:59142 <-> ENABLED <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink download attempt (malware-other.rules) * 1:59149 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Redline variant outbound request detected (malware-cnc.rules) * 1:59138 <-> ENABLED <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink download attempt (malware-other.rules) * 1:59130 <-> DISABLED <-> MALWARE-TOOLS Bombardier http DoS tool (malware-tools.rules) * 1:59150 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Redline variant outbound request detected (malware-cnc.rules) * 1:59143 <-> ENABLED <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink download attempt (malware-other.rules) * 1:59136 <-> ENABLED <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink download attempt (malware-other.rules) * 1:59134 <-> ENABLED <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink upload attempt (malware-other.rules) * 1:59145 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Redline variant download attempt (malware-other.rules) * 1:59135 <-> ENABLED <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink upload attempt (malware-other.rules) * 1:59127 <-> DISABLED <-> SERVER-WEBAPP Advantech iView UserServlet SQL injection attempt (server-webapp.rules) * 1:59128 <-> DISABLED <-> SERVER-WEBAPP Advantech iView UserServlet SQL injection attempt (server-webapp.rules) * 1:59146 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Redline variant upload attempt (malware-other.rules) * 1:59126 <-> DISABLED <-> SERVER-WEBAPP Advantech iView UserServlet SQL injection attempt (server-webapp.rules) * 1:59139 <-> ENABLED <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink upload attempt (malware-other.rules) * 1:59131 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generic download attempt (malware-other.rules) * 1:59129 <-> ENABLED <-> SERVER-WEBAPP VMware vCenter Server file upload attempt (server-webapp.rules) * 3:59119 <-> ENABLED <-> SERVER-WEBAPP Cisco Expressway and TelePresence Video Communication Server directory traversal attempt (server-webapp.rules) * 3:59124 <-> ENABLED <-> SERVER-WEBAPP Cisco Expressway and TelePresence Video Communication Server command injection attempt (server-webapp.rules) * 3:59118 <-> ENABLED <-> SERVER-WEBAPP Cisco Expressway and TelePresence Video Communication Server directory traversal attempt (server-webapp.rules) * 3:59123 <-> ENABLED <-> SERVER-WEBAPP Cisco Expressway and TelePresence Video Communication Server command injection attempt (server-webapp.rules) * 3:59151 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1468 attack attempt (server-webapp.rules) * 3:59120 <-> ENABLED <-> SERVER-WEBAPP Cisco Expressway and TelePresence Video Communication Server directory traversal attempt (server-webapp.rules) * 3:59153 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1472 attack attempt (policy-other.rules) * 3:59152 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1474 attack attempt (policy-other.rules) * 3:59144 <-> ENABLED <-> SERVER-OTHER Cisco Identity Services Engine RADIUS denial of service attempt (server-other.rules) * 3:59122 <-> ENABLED <-> SERVER-WEBAPP Cisco Expressway and TelePresence Video Communication Server command injection attempt (server-webapp.rules) * 3:59121 <-> ENABLED <-> SERVER-WEBAPP Cisco Expressway and TelePresence Video Communication Server command injection attempt (server-webapp.rules) * 3:59125 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1473 attack attempt (server-webapp.rules)
* 3:54028 <-> ENABLED <-> INDICATOR-SHELLCODE Java RMI deserialization exploit attempt (indicator-shellcode.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091300.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:59133 <-> ENABLED <-> MALWARE-CNC Win.Trojan.AgentTesla outbound connection attempt (malware-cnc.rules) * 1:59137 <-> ENABLED <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink download attempt (malware-other.rules) * 1:59126 <-> DISABLED <-> SERVER-WEBAPP Advantech iView UserServlet SQL injection attempt (server-webapp.rules) * 1:59138 <-> ENABLED <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink download attempt (malware-other.rules) * 1:59131 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generic download attempt (malware-other.rules) * 1:59139 <-> ENABLED <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink upload attempt (malware-other.rules) * 1:59143 <-> ENABLED <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink download attempt (malware-other.rules) * 1:59135 <-> ENABLED <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink upload attempt (malware-other.rules) * 1:59150 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Redline variant outbound request detected (malware-cnc.rules) * 1:59141 <-> ENABLED <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink upload attempt (malware-other.rules) * 1:59140 <-> ENABLED <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink upload attempt (malware-other.rules) * 1:59128 <-> DISABLED <-> SERVER-WEBAPP Advantech iView UserServlet SQL injection attempt (server-webapp.rules) * 1:59130 <-> DISABLED <-> MALWARE-TOOLS Bombardier http DoS tool (malware-tools.rules) * 1:59147 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Redline variant download attempt (malware-other.rules) * 1:59149 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Redline variant outbound request detected (malware-cnc.rules) * 1:59142 <-> ENABLED <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink download attempt (malware-other.rules) * 1:59129 <-> ENABLED <-> SERVER-WEBAPP VMware vCenter Server file upload attempt (server-webapp.rules) * 1:59134 <-> ENABLED <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink upload attempt (malware-other.rules) * 1:59127 <-> DISABLED <-> SERVER-WEBAPP Advantech iView UserServlet SQL injection attempt (server-webapp.rules) * 1:59132 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generic upload attempt (malware-other.rules) * 1:59145 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Redline variant download attempt (malware-other.rules) * 1:59146 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Redline variant upload attempt (malware-other.rules) * 1:59148 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Redline variant download attempt (malware-other.rules) * 1:59136 <-> ENABLED <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink download attempt (malware-other.rules) * 3:59118 <-> ENABLED <-> SERVER-WEBAPP Cisco Expressway and TelePresence Video Communication Server directory traversal attempt (server-webapp.rules) * 3:59119 <-> ENABLED <-> SERVER-WEBAPP Cisco Expressway and TelePresence Video Communication Server directory traversal attempt (server-webapp.rules) * 3:59120 <-> ENABLED <-> SERVER-WEBAPP Cisco Expressway and TelePresence Video Communication Server directory traversal attempt (server-webapp.rules) * 3:59123 <-> ENABLED <-> SERVER-WEBAPP Cisco Expressway and TelePresence Video Communication Server command injection attempt (server-webapp.rules) * 3:59124 <-> ENABLED <-> SERVER-WEBAPP Cisco Expressway and TelePresence Video Communication Server command injection attempt (server-webapp.rules) * 3:59125 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1473 attack attempt (server-webapp.rules) * 3:59144 <-> ENABLED <-> SERVER-OTHER Cisco Identity Services Engine RADIUS denial of service attempt (server-other.rules) * 3:59152 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1474 attack attempt (policy-other.rules) * 3:59153 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1472 attack attempt (policy-other.rules) * 3:59151 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1468 attack attempt (server-webapp.rules) * 3:59122 <-> ENABLED <-> SERVER-WEBAPP Cisco Expressway and TelePresence Video Communication Server command injection attempt (server-webapp.rules) * 3:59121 <-> ENABLED <-> SERVER-WEBAPP Cisco Expressway and TelePresence Video Communication Server command injection attempt (server-webapp.rules)
* 3:54028 <-> ENABLED <-> INDICATOR-SHELLCODE Java RMI deserialization exploit attempt (indicator-shellcode.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091101.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:59126 <-> DISABLED <-> SERVER-WEBAPP Advantech iView UserServlet SQL injection attempt (server-webapp.rules) * 1:59135 <-> ENABLED <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink upload attempt (malware-other.rules) * 1:59127 <-> DISABLED <-> SERVER-WEBAPP Advantech iView UserServlet SQL injection attempt (server-webapp.rules) * 1:59141 <-> ENABLED <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink upload attempt (malware-other.rules) * 1:59147 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Redline variant download attempt (malware-other.rules) * 1:59130 <-> DISABLED <-> MALWARE-TOOLS Bombardier http DoS tool (malware-tools.rules) * 1:59128 <-> DISABLED <-> SERVER-WEBAPP Advantech iView UserServlet SQL injection attempt (server-webapp.rules) * 1:59143 <-> ENABLED <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink download attempt (malware-other.rules) * 1:59138 <-> ENABLED <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink download attempt (malware-other.rules) * 1:59133 <-> ENABLED <-> MALWARE-CNC Win.Trojan.AgentTesla outbound connection attempt (malware-cnc.rules) * 1:59140 <-> ENABLED <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink upload attempt (malware-other.rules) * 1:59149 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Redline variant outbound request detected (malware-cnc.rules) * 1:59139 <-> ENABLED <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink upload attempt (malware-other.rules) * 1:59142 <-> ENABLED <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink download attempt (malware-other.rules) * 1:59145 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Redline variant download attempt (malware-other.rules) * 1:59132 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generic upload attempt (malware-other.rules) * 1:59148 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Redline variant download attempt (malware-other.rules) * 1:59146 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Redline variant upload attempt (malware-other.rules) * 1:59150 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Redline variant outbound request detected (malware-cnc.rules) * 1:59131 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generic download attempt (malware-other.rules) * 1:59129 <-> ENABLED <-> SERVER-WEBAPP VMware vCenter Server file upload attempt (server-webapp.rules) * 1:59134 <-> ENABLED <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink upload attempt (malware-other.rules) * 1:59136 <-> ENABLED <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink download attempt (malware-other.rules) * 1:59137 <-> ENABLED <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink download attempt (malware-other.rules) * 3:59120 <-> ENABLED <-> SERVER-WEBAPP Cisco Expressway and TelePresence Video Communication Server directory traversal attempt (server-webapp.rules) * 3:59119 <-> ENABLED <-> SERVER-WEBAPP Cisco Expressway and TelePresence Video Communication Server directory traversal attempt (server-webapp.rules) * 3:59151 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1468 attack attempt (server-webapp.rules) * 3:59144 <-> ENABLED <-> SERVER-OTHER Cisco Identity Services Engine RADIUS denial of service attempt (server-other.rules) * 3:59124 <-> ENABLED <-> SERVER-WEBAPP Cisco Expressway and TelePresence Video Communication Server command injection attempt (server-webapp.rules) * 3:59125 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1473 attack attempt (server-webapp.rules) * 3:59121 <-> ENABLED <-> SERVER-WEBAPP Cisco Expressway and TelePresence Video Communication Server command injection attempt (server-webapp.rules) * 3:59118 <-> ENABLED <-> SERVER-WEBAPP Cisco Expressway and TelePresence Video Communication Server directory traversal attempt (server-webapp.rules) * 3:59152 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1474 attack attempt (policy-other.rules) * 3:59122 <-> ENABLED <-> SERVER-WEBAPP Cisco Expressway and TelePresence Video Communication Server command injection attempt (server-webapp.rules) * 3:59153 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1472 attack attempt (policy-other.rules) * 3:59123 <-> ENABLED <-> SERVER-WEBAPP Cisco Expressway and TelePresence Video Communication Server command injection attempt (server-webapp.rules)
* 3:54028 <-> ENABLED <-> INDICATOR-SHELLCODE Java RMI deserialization exploit attempt (indicator-shellcode.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3000.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:59142 <-> ENABLED <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink download attempt (snort3-malware-other.rules) * 1:59133 <-> ENABLED <-> MALWARE-CNC Win.Trojan.AgentTesla outbound connection attempt (snort3-malware-cnc.rules) * 1:59146 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Redline variant upload attempt (snort3-malware-other.rules) * 1:59127 <-> DISABLED <-> SERVER-WEBAPP Advantech iView UserServlet SQL injection attempt (snort3-server-webapp.rules) * 1:59131 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generic download attempt (snort3-malware-other.rules) * 1:59147 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Redline variant download attempt (snort3-malware-other.rules) * 1:59134 <-> ENABLED <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink upload attempt (snort3-malware-other.rules) * 1:59148 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Redline variant download attempt (snort3-malware-other.rules) * 1:59141 <-> ENABLED <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink upload attempt (snort3-malware-other.rules) * 1:59135 <-> ENABLED <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink upload attempt (snort3-malware-other.rules) * 1:59150 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Redline variant outbound request detected (snort3-malware-cnc.rules) * 1:59126 <-> DISABLED <-> SERVER-WEBAPP Advantech iView UserServlet SQL injection attempt (snort3-server-webapp.rules) * 1:59130 <-> DISABLED <-> MALWARE-TOOLS Bombardier http DoS tool (snort3-malware-tools.rules) * 1:59145 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Redline variant download attempt (snort3-malware-other.rules) * 1:59149 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Redline variant outbound request detected (snort3-malware-cnc.rules) * 1:59129 <-> ENABLED <-> SERVER-WEBAPP VMware vCenter Server file upload attempt (snort3-server-webapp.rules) * 1:59139 <-> ENABLED <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink upload attempt (snort3-malware-other.rules) * 1:59128 <-> DISABLED <-> SERVER-WEBAPP Advantech iView UserServlet SQL injection attempt (snort3-server-webapp.rules) * 1:59140 <-> ENABLED <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink upload attempt (snort3-malware-other.rules) * 1:59143 <-> ENABLED <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink download attempt (snort3-malware-other.rules) * 1:59138 <-> ENABLED <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink download attempt (snort3-malware-other.rules) * 1:59136 <-> ENABLED <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink download attempt (snort3-malware-other.rules) * 1:59137 <-> ENABLED <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink download attempt (snort3-malware-other.rules) * 1:59132 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generic upload attempt (snort3-malware-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:59138 <-> ENABLED <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink download attempt (malware-other.rules) * 1:59135 <-> ENABLED <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink upload attempt (malware-other.rules) * 1:59136 <-> ENABLED <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink download attempt (malware-other.rules) * 1:59149 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Redline variant outbound request detected (malware-cnc.rules) * 1:59145 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Redline variant download attempt (malware-other.rules) * 1:59130 <-> DISABLED <-> MALWARE-TOOLS Bombardier http DoS tool (malware-tools.rules) * 1:59127 <-> DISABLED <-> SERVER-WEBAPP Advantech iView UserServlet SQL injection attempt (server-webapp.rules) * 1:59132 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generic upload attempt (malware-other.rules) * 1:59140 <-> ENABLED <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink upload attempt (malware-other.rules) * 1:59134 <-> ENABLED <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink upload attempt (malware-other.rules) * 1:59147 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Redline variant download attempt (malware-other.rules) * 1:59141 <-> ENABLED <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink upload attempt (malware-other.rules) * 1:59150 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Redline variant outbound request detected (malware-cnc.rules) * 1:59128 <-> DISABLED <-> SERVER-WEBAPP Advantech iView UserServlet SQL injection attempt (server-webapp.rules) * 1:59143 <-> ENABLED <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink download attempt (malware-other.rules) * 1:59129 <-> ENABLED <-> SERVER-WEBAPP VMware vCenter Server file upload attempt (server-webapp.rules) * 1:59142 <-> ENABLED <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink download attempt (malware-other.rules) * 1:59133 <-> ENABLED <-> MALWARE-CNC Win.Trojan.AgentTesla outbound connection attempt (malware-cnc.rules) * 1:59148 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Redline variant download attempt (malware-other.rules) * 1:59126 <-> DISABLED <-> SERVER-WEBAPP Advantech iView UserServlet SQL injection attempt (server-webapp.rules) * 1:59146 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Redline variant upload attempt (malware-other.rules) * 1:59139 <-> ENABLED <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink upload attempt (malware-other.rules) * 1:59131 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generic download attempt (malware-other.rules) * 1:59137 <-> ENABLED <-> MALWARE-OTHER Unix.Trojan.CyclopsBlink download attempt (malware-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.0.3.1.
The format of the file is:
gid:sid <-> Message
* 1:300060 <-> SERVER-APACHE Apache Shiro HTTP Cookie insecure deserialization attempt * 1:300061 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:59101 <-> FILE-PDF Adobe Acrobat PDF AcroForm addField use-after-free attempt * 1:59102 <-> FILE-PDF Adobe Acrobat PDF AcroForm addField use-after-free attempt * 1:59103 <-> SERVER-WEBAPP October CMS authentication bypass attempt * 1:59104 <-> PROTOCOL-DNS Dnsmasq PX extract_name buffer overflow attempt * 1:59105 <-> FILE-PDF Adobe Acrobat PDF thermometer use-after-free attempt * 1:59106 <-> FILE-PDF Adobe Acrobat PDF thermometer use-after-free attempt * 1:59109 <-> SERVER-WEBAPP Oracle WebLogic core server remote code execution attempt * 1:59110 <-> MALWARE-CNC Win.Trojan.Patchwork RAT variant outbound connection * 1:59111 <-> MALWARE-CNC Win.Trojan.Patchwork RAT variant outbound connection * 1:59112 <-> MALWARE-CNC Win.Trojan.Patchwork RAT variant outbound connection * 1:59113 <-> MALWARE-CNC Win.Trojan.Patchwork RAT variant outbound connection * 1:59114 <-> SERVER-APACHE Apache Druid JDBC connection remote code execution attempt * 1:59115 <-> SERVER-APACHE Apache Druid JDBC connection remote code execution attempt * 1:59116 <-> PROTOCOL-OTHER Git LFS clone arbitrary code execution attempt * 1:59117 <-> PROTOCOL-OTHER Git LFS object request detected
* 1:300053 <-> SERVER-WEBAPP Apache HTTP Server httpd directory traversal attempt * 1:59089 <-> SERVER-WEBAPP Trend Micro SafeSync for Enterprise storage API command injection attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.0.3.4.
The format of the file is:
gid:sid <-> Message
* 1:300060 <-> SERVER-APACHE Apache Shiro HTTP Cookie insecure deserialization attempt * 1:300061 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:59101 <-> FILE-PDF Adobe Acrobat PDF AcroForm addField use-after-free attempt * 1:59102 <-> FILE-PDF Adobe Acrobat PDF AcroForm addField use-after-free attempt * 1:59103 <-> SERVER-WEBAPP October CMS authentication bypass attempt * 1:59104 <-> PROTOCOL-DNS Dnsmasq PX extract_name buffer overflow attempt * 1:59105 <-> FILE-PDF Adobe Acrobat PDF thermometer use-after-free attempt * 1:59106 <-> FILE-PDF Adobe Acrobat PDF thermometer use-after-free attempt * 1:59109 <-> SERVER-WEBAPP Oracle WebLogic core server remote code execution attempt * 1:59110 <-> MALWARE-CNC Win.Trojan.Patchwork RAT variant outbound connection * 1:59111 <-> MALWARE-CNC Win.Trojan.Patchwork RAT variant outbound connection * 1:59112 <-> MALWARE-CNC Win.Trojan.Patchwork RAT variant outbound connection * 1:59113 <-> MALWARE-CNC Win.Trojan.Patchwork RAT variant outbound connection * 1:59114 <-> SERVER-APACHE Apache Druid JDBC connection remote code execution attempt * 1:59115 <-> SERVER-APACHE Apache Druid JDBC connection remote code execution attempt * 1:59116 <-> PROTOCOL-OTHER Git LFS clone arbitrary code execution attempt * 1:59117 <-> PROTOCOL-OTHER Git LFS object request detected
* 1:300053 <-> SERVER-WEBAPP Apache HTTP Server httpd directory traversal attempt * 1:59089 <-> SERVER-WEBAPP Trend Micro SafeSync for Enterprise storage API command injection attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.0.0.
The format of the file is:
gid:sid <-> Message
* 1:300060 <-> SERVER-APACHE Apache Shiro HTTP Cookie insecure deserialization attempt * 1:300061 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:59101 <-> FILE-PDF Adobe Acrobat PDF AcroForm addField use-after-free attempt * 1:59102 <-> FILE-PDF Adobe Acrobat PDF AcroForm addField use-after-free attempt * 1:59103 <-> SERVER-WEBAPP October CMS authentication bypass attempt * 1:59104 <-> PROTOCOL-DNS Dnsmasq PX extract_name buffer overflow attempt * 1:59105 <-> FILE-PDF Adobe Acrobat PDF thermometer use-after-free attempt * 1:59106 <-> FILE-PDF Adobe Acrobat PDF thermometer use-after-free attempt * 1:59109 <-> SERVER-WEBAPP Oracle WebLogic core server remote code execution attempt * 1:59110 <-> MALWARE-CNC Win.Trojan.Patchwork RAT variant outbound connection * 1:59111 <-> MALWARE-CNC Win.Trojan.Patchwork RAT variant outbound connection * 1:59112 <-> MALWARE-CNC Win.Trojan.Patchwork RAT variant outbound connection * 1:59113 <-> MALWARE-CNC Win.Trojan.Patchwork RAT variant outbound connection * 1:59114 <-> SERVER-APACHE Apache Druid JDBC connection remote code execution attempt * 1:59115 <-> SERVER-APACHE Apache Druid JDBC connection remote code execution attempt * 1:59116 <-> PROTOCOL-OTHER Git LFS clone arbitrary code execution attempt * 1:59117 <-> PROTOCOL-OTHER Git LFS object request detected
* 1:300053 <-> SERVER-WEBAPP Apache HTTP Server httpd directory traversal attempt * 1:59089 <-> SERVER-WEBAPP Trend Micro SafeSync for Enterprise storage API command injection attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.0.1.
The format of the file is:
gid:sid <-> Message
* 1:300060 <-> SERVER-APACHE Apache Shiro HTTP Cookie insecure deserialization attempt * 1:300061 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:59101 <-> FILE-PDF Adobe Acrobat PDF AcroForm addField use-after-free attempt * 1:59102 <-> FILE-PDF Adobe Acrobat PDF AcroForm addField use-after-free attempt * 1:59103 <-> SERVER-WEBAPP October CMS authentication bypass attempt * 1:59104 <-> PROTOCOL-DNS Dnsmasq PX extract_name buffer overflow attempt * 1:59105 <-> FILE-PDF Adobe Acrobat PDF thermometer use-after-free attempt * 1:59106 <-> FILE-PDF Adobe Acrobat PDF thermometer use-after-free attempt * 1:59109 <-> SERVER-WEBAPP Oracle WebLogic core server remote code execution attempt * 1:59110 <-> MALWARE-CNC Win.Trojan.Patchwork RAT variant outbound connection * 1:59111 <-> MALWARE-CNC Win.Trojan.Patchwork RAT variant outbound connection * 1:59112 <-> MALWARE-CNC Win.Trojan.Patchwork RAT variant outbound connection * 1:59113 <-> MALWARE-CNC Win.Trojan.Patchwork RAT variant outbound connection * 1:59114 <-> SERVER-APACHE Apache Druid JDBC connection remote code execution attempt * 1:59115 <-> SERVER-APACHE Apache Druid JDBC connection remote code execution attempt * 1:59116 <-> PROTOCOL-OTHER Git LFS clone arbitrary code execution attempt * 1:59117 <-> PROTOCOL-OTHER Git LFS object request detected
* 1:300053 <-> SERVER-WEBAPP Apache HTTP Server httpd directory traversal attempt * 1:59089 <-> SERVER-WEBAPP Trend Micro SafeSync for Enterprise storage API command injection attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.1.0.
The format of the file is:
gid:sid <-> Message
* 1:300060 <-> SERVER-APACHE Apache Shiro HTTP Cookie insecure deserialization attempt * 1:300061 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:59101 <-> FILE-PDF Adobe Acrobat PDF AcroForm addField use-after-free attempt * 1:59102 <-> FILE-PDF Adobe Acrobat PDF AcroForm addField use-after-free attempt * 1:59103 <-> SERVER-WEBAPP October CMS authentication bypass attempt * 1:59104 <-> PROTOCOL-DNS Dnsmasq PX extract_name buffer overflow attempt * 1:59105 <-> FILE-PDF Adobe Acrobat PDF thermometer use-after-free attempt * 1:59106 <-> FILE-PDF Adobe Acrobat PDF thermometer use-after-free attempt * 1:59109 <-> SERVER-WEBAPP Oracle WebLogic core server remote code execution attempt * 1:59110 <-> MALWARE-CNC Win.Trojan.Patchwork RAT variant outbound connection * 1:59111 <-> MALWARE-CNC Win.Trojan.Patchwork RAT variant outbound connection * 1:59112 <-> MALWARE-CNC Win.Trojan.Patchwork RAT variant outbound connection * 1:59113 <-> MALWARE-CNC Win.Trojan.Patchwork RAT variant outbound connection * 1:59114 <-> SERVER-APACHE Apache Druid JDBC connection remote code execution attempt * 1:59115 <-> SERVER-APACHE Apache Druid JDBC connection remote code execution attempt * 1:59116 <-> PROTOCOL-OTHER Git LFS clone arbitrary code execution attempt * 1:59117 <-> PROTOCOL-OTHER Git LFS object request detected
* 1:300053 <-> SERVER-WEBAPP Apache HTTP Server httpd directory traversal attempt * 1:59089 <-> SERVER-WEBAPP Trend Micro SafeSync for Enterprise storage API command injection attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.3.0.
The format of the file is:
gid:sid <-> Message
* 1:300060 <-> SERVER-APACHE Apache Shiro HTTP Cookie insecure deserialization attempt * 1:300061 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:59101 <-> FILE-PDF Adobe Acrobat PDF AcroForm addField use-after-free attempt * 1:59102 <-> FILE-PDF Adobe Acrobat PDF AcroForm addField use-after-free attempt * 1:59103 <-> SERVER-WEBAPP October CMS authentication bypass attempt * 1:59104 <-> PROTOCOL-DNS Dnsmasq PX extract_name buffer overflow attempt * 1:59105 <-> FILE-PDF Adobe Acrobat PDF thermometer use-after-free attempt * 1:59106 <-> FILE-PDF Adobe Acrobat PDF thermometer use-after-free attempt * 1:59109 <-> SERVER-WEBAPP Oracle WebLogic core server remote code execution attempt * 1:59110 <-> MALWARE-CNC Win.Trojan.Patchwork RAT variant outbound connection * 1:59111 <-> MALWARE-CNC Win.Trojan.Patchwork RAT variant outbound connection * 1:59112 <-> MALWARE-CNC Win.Trojan.Patchwork RAT variant outbound connection * 1:59113 <-> MALWARE-CNC Win.Trojan.Patchwork RAT variant outbound connection * 1:59114 <-> SERVER-APACHE Apache Druid JDBC connection remote code execution attempt * 1:59115 <-> SERVER-APACHE Apache Druid JDBC connection remote code execution attempt * 1:59116 <-> PROTOCOL-OTHER Git LFS clone arbitrary code execution attempt * 1:59117 <-> PROTOCOL-OTHER Git LFS object request detected
* 1:300053 <-> SERVER-WEBAPP Apache HTTP Server httpd directory traversal attempt * 1:59089 <-> SERVER-WEBAPP Trend Micro SafeSync for Enterprise storage API command injection attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.4.0.
The format of the file is:
gid:sid <-> Message
* 1:300060 <-> SERVER-APACHE Apache Shiro HTTP Cookie insecure deserialization attempt * 1:300061 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:59101 <-> FILE-PDF Adobe Acrobat PDF AcroForm addField use-after-free attempt * 1:59102 <-> FILE-PDF Adobe Acrobat PDF AcroForm addField use-after-free attempt * 1:59103 <-> SERVER-WEBAPP October CMS authentication bypass attempt * 1:59104 <-> PROTOCOL-DNS Dnsmasq PX extract_name buffer overflow attempt * 1:59105 <-> FILE-PDF Adobe Acrobat PDF thermometer use-after-free attempt * 1:59106 <-> FILE-PDF Adobe Acrobat PDF thermometer use-after-free attempt * 1:59109 <-> SERVER-WEBAPP Oracle WebLogic core server remote code execution attempt * 1:59110 <-> MALWARE-CNC Win.Trojan.Patchwork RAT variant outbound connection * 1:59111 <-> MALWARE-CNC Win.Trojan.Patchwork RAT variant outbound connection * 1:59112 <-> MALWARE-CNC Win.Trojan.Patchwork RAT variant outbound connection * 1:59113 <-> MALWARE-CNC Win.Trojan.Patchwork RAT variant outbound connection * 1:59114 <-> SERVER-APACHE Apache Druid JDBC connection remote code execution attempt * 1:59115 <-> SERVER-APACHE Apache Druid JDBC connection remote code execution attempt * 1:59116 <-> PROTOCOL-OTHER Git LFS clone arbitrary code execution attempt * 1:59117 <-> PROTOCOL-OTHER Git LFS object request detected
* 1:300053 <-> SERVER-WEBAPP Apache HTTP Server httpd directory traversal attempt * 1:59089 <-> SERVER-WEBAPP Trend Micro SafeSync for Enterprise storage API command injection attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.5.0.
The format of the file is:
gid:sid <-> Message
* 1:300060 <-> SERVER-APACHE Apache Shiro HTTP Cookie insecure deserialization attempt * 1:300061 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:59101 <-> FILE-PDF Adobe Acrobat PDF AcroForm addField use-after-free attempt * 1:59102 <-> FILE-PDF Adobe Acrobat PDF AcroForm addField use-after-free attempt * 1:59103 <-> SERVER-WEBAPP October CMS authentication bypass attempt * 1:59104 <-> PROTOCOL-DNS Dnsmasq PX extract_name buffer overflow attempt * 1:59105 <-> FILE-PDF Adobe Acrobat PDF thermometer use-after-free attempt * 1:59106 <-> FILE-PDF Adobe Acrobat PDF thermometer use-after-free attempt * 1:59109 <-> SERVER-WEBAPP Oracle WebLogic core server remote code execution attempt * 1:59110 <-> MALWARE-CNC Win.Trojan.Patchwork RAT variant outbound connection * 1:59111 <-> MALWARE-CNC Win.Trojan.Patchwork RAT variant outbound connection * 1:59112 <-> MALWARE-CNC Win.Trojan.Patchwork RAT variant outbound connection * 1:59113 <-> MALWARE-CNC Win.Trojan.Patchwork RAT variant outbound connection * 1:59114 <-> SERVER-APACHE Apache Druid JDBC connection remote code execution attempt * 1:59115 <-> SERVER-APACHE Apache Druid JDBC connection remote code execution attempt * 1:59116 <-> PROTOCOL-OTHER Git LFS clone arbitrary code execution attempt * 1:59117 <-> PROTOCOL-OTHER Git LFS object request detected
* 1:300053 <-> SERVER-WEBAPP Apache HTTP Server httpd directory traversal attempt * 1:59089 <-> SERVER-WEBAPP Trend Micro SafeSync for Enterprise storage API command injection attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.7.0.
The format of the file is:
gid:sid <-> Message
* 1:300060 <-> SERVER-APACHE Apache Shiro HTTP Cookie insecure deserialization attempt * 1:300061 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:59101 <-> FILE-PDF Adobe Acrobat PDF AcroForm addField use-after-free attempt * 1:59102 <-> FILE-PDF Adobe Acrobat PDF AcroForm addField use-after-free attempt * 1:59103 <-> SERVER-WEBAPP October CMS authentication bypass attempt * 1:59104 <-> PROTOCOL-DNS Dnsmasq PX extract_name buffer overflow attempt * 1:59105 <-> FILE-PDF Adobe Acrobat PDF thermometer use-after-free attempt * 1:59106 <-> FILE-PDF Adobe Acrobat PDF thermometer use-after-free attempt * 1:59109 <-> SERVER-WEBAPP Oracle WebLogic core server remote code execution attempt * 1:59110 <-> MALWARE-CNC Win.Trojan.Patchwork RAT variant outbound connection * 1:59111 <-> MALWARE-CNC Win.Trojan.Patchwork RAT variant outbound connection * 1:59112 <-> MALWARE-CNC Win.Trojan.Patchwork RAT variant outbound connection * 1:59113 <-> MALWARE-CNC Win.Trojan.Patchwork RAT variant outbound connection * 1:59114 <-> SERVER-APACHE Apache Druid JDBC connection remote code execution attempt * 1:59115 <-> SERVER-APACHE Apache Druid JDBC connection remote code execution attempt * 1:59116 <-> PROTOCOL-OTHER Git LFS clone arbitrary code execution attempt * 1:59117 <-> PROTOCOL-OTHER Git LFS object request detected
* 1:300053 <-> SERVER-WEBAPP Apache HTTP Server httpd directory traversal attempt * 1:59089 <-> SERVER-WEBAPP Trend Micro SafeSync for Enterprise storage API command injection attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.9.0.
The format of the file is:
gid:sid <-> Message
* 1:300060 <-> SERVER-APACHE Apache Shiro HTTP Cookie insecure deserialization attempt * 1:300061 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:59101 <-> FILE-PDF Adobe Acrobat PDF AcroForm addField use-after-free attempt * 1:59102 <-> FILE-PDF Adobe Acrobat PDF AcroForm addField use-after-free attempt * 1:59103 <-> SERVER-WEBAPP October CMS authentication bypass attempt * 1:59104 <-> PROTOCOL-DNS Dnsmasq PX extract_name buffer overflow attempt * 1:59105 <-> FILE-PDF Adobe Acrobat PDF thermometer use-after-free attempt * 1:59106 <-> FILE-PDF Adobe Acrobat PDF thermometer use-after-free attempt * 1:59109 <-> SERVER-WEBAPP Oracle WebLogic core server remote code execution attempt * 1:59110 <-> MALWARE-CNC Win.Trojan.Patchwork RAT variant outbound connection * 1:59111 <-> MALWARE-CNC Win.Trojan.Patchwork RAT variant outbound connection * 1:59112 <-> MALWARE-CNC Win.Trojan.Patchwork RAT variant outbound connection * 1:59113 <-> MALWARE-CNC Win.Trojan.Patchwork RAT variant outbound connection * 1:59114 <-> SERVER-APACHE Apache Druid JDBC connection remote code execution attempt * 1:59115 <-> SERVER-APACHE Apache Druid JDBC connection remote code execution attempt * 1:59116 <-> PROTOCOL-OTHER Git LFS clone arbitrary code execution attempt * 1:59117 <-> PROTOCOL-OTHER Git LFS object request detected
* 1:300053 <-> SERVER-WEBAPP Apache HTTP Server httpd directory traversal attempt * 1:59089 <-> SERVER-WEBAPP Trend Micro SafeSync for Enterprise storage API command injection attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.11.0.
The format of the file is:
gid:sid <-> Message
* 1:300060 <-> SERVER-APACHE Apache Shiro HTTP Cookie insecure deserialization attempt * 1:300061 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:59101 <-> FILE-PDF Adobe Acrobat PDF AcroForm addField use-after-free attempt * 1:59102 <-> FILE-PDF Adobe Acrobat PDF AcroForm addField use-after-free attempt * 1:59103 <-> SERVER-WEBAPP October CMS authentication bypass attempt * 1:59104 <-> PROTOCOL-DNS Dnsmasq PX extract_name buffer overflow attempt * 1:59105 <-> FILE-PDF Adobe Acrobat PDF thermometer use-after-free attempt * 1:59106 <-> FILE-PDF Adobe Acrobat PDF thermometer use-after-free attempt * 1:59109 <-> SERVER-WEBAPP Oracle WebLogic core server remote code execution attempt * 1:59110 <-> MALWARE-CNC Win.Trojan.Patchwork RAT variant outbound connection * 1:59111 <-> MALWARE-CNC Win.Trojan.Patchwork RAT variant outbound connection * 1:59112 <-> MALWARE-CNC Win.Trojan.Patchwork RAT variant outbound connection * 1:59113 <-> MALWARE-CNC Win.Trojan.Patchwork RAT variant outbound connection * 1:59114 <-> SERVER-APACHE Apache Druid JDBC connection remote code execution attempt * 1:59115 <-> SERVER-APACHE Apache Druid JDBC connection remote code execution attempt * 1:59116 <-> PROTOCOL-OTHER Git LFS clone arbitrary code execution attempt * 1:59117 <-> PROTOCOL-OTHER Git LFS object request detected
* 1:300053 <-> SERVER-WEBAPP Apache HTTP Server httpd directory traversal attempt * 1:59089 <-> SERVER-WEBAPP Trend Micro SafeSync for Enterprise storage API command injection attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.15.0.
The format of the file is:
gid:sid <-> Message
* 1:300060 <-> SERVER-APACHE Apache Shiro HTTP Cookie insecure deserialization attempt * 1:300061 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:59101 <-> FILE-PDF Adobe Acrobat PDF AcroForm addField use-after-free attempt * 1:59102 <-> FILE-PDF Adobe Acrobat PDF AcroForm addField use-after-free attempt * 1:59103 <-> SERVER-WEBAPP October CMS authentication bypass attempt * 1:59104 <-> PROTOCOL-DNS Dnsmasq PX extract_name buffer overflow attempt * 1:59105 <-> FILE-PDF Adobe Acrobat PDF thermometer use-after-free attempt * 1:59106 <-> FILE-PDF Adobe Acrobat PDF thermometer use-after-free attempt * 1:59109 <-> SERVER-WEBAPP Oracle WebLogic core server remote code execution attempt * 1:59110 <-> MALWARE-CNC Win.Trojan.Patchwork RAT variant outbound connection * 1:59111 <-> MALWARE-CNC Win.Trojan.Patchwork RAT variant outbound connection * 1:59112 <-> MALWARE-CNC Win.Trojan.Patchwork RAT variant outbound connection * 1:59113 <-> MALWARE-CNC Win.Trojan.Patchwork RAT variant outbound connection * 1:59114 <-> SERVER-APACHE Apache Druid JDBC connection remote code execution attempt * 1:59115 <-> SERVER-APACHE Apache Druid JDBC connection remote code execution attempt * 1:59116 <-> PROTOCOL-OTHER Git LFS clone arbitrary code execution attempt * 1:59117 <-> PROTOCOL-OTHER Git LFS object request detected
* 1:300053 <-> SERVER-WEBAPP Apache HTTP Server httpd directory traversal attempt * 1:59089 <-> SERVER-WEBAPP Trend Micro SafeSync for Enterprise storage API command injection attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.18.0.
The format of the file is:
gid:sid <-> Message
* 1:300060 <-> SERVER-APACHE Apache Shiro HTTP Cookie insecure deserialization attempt * 1:300061 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:59101 <-> FILE-PDF Adobe Acrobat PDF AcroForm addField use-after-free attempt * 1:59102 <-> FILE-PDF Adobe Acrobat PDF AcroForm addField use-after-free attempt * 1:59103 <-> SERVER-WEBAPP October CMS authentication bypass attempt * 1:59104 <-> PROTOCOL-DNS Dnsmasq PX extract_name buffer overflow attempt * 1:59105 <-> FILE-PDF Adobe Acrobat PDF thermometer use-after-free attempt * 1:59106 <-> FILE-PDF Adobe Acrobat PDF thermometer use-after-free attempt * 1:59109 <-> SERVER-WEBAPP Oracle WebLogic core server remote code execution attempt * 1:59110 <-> MALWARE-CNC Win.Trojan.Patchwork RAT variant outbound connection * 1:59111 <-> MALWARE-CNC Win.Trojan.Patchwork RAT variant outbound connection * 1:59112 <-> MALWARE-CNC Win.Trojan.Patchwork RAT variant outbound connection * 1:59113 <-> MALWARE-CNC Win.Trojan.Patchwork RAT variant outbound connection * 1:59114 <-> SERVER-APACHE Apache Druid JDBC connection remote code execution attempt * 1:59115 <-> SERVER-APACHE Apache Druid JDBC connection remote code execution attempt * 1:59116 <-> PROTOCOL-OTHER Git LFS clone arbitrary code execution attempt * 1:59117 <-> PROTOCOL-OTHER Git LFS object request detected
* 1:300053 <-> SERVER-WEBAPP Apache HTTP Server httpd directory traversal attempt * 1:59089 <-> SERVER-WEBAPP Trend Micro SafeSync for Enterprise storage API command injection attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.20.0.
The format of the file is:
gid:sid <-> Message
* 1:300060 <-> SERVER-APACHE Apache Shiro HTTP Cookie insecure deserialization attempt * 1:300061 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:59101 <-> FILE-PDF Adobe Acrobat PDF AcroForm addField use-after-free attempt * 1:59102 <-> FILE-PDF Adobe Acrobat PDF AcroForm addField use-after-free attempt * 1:59103 <-> SERVER-WEBAPP October CMS authentication bypass attempt * 1:59104 <-> PROTOCOL-DNS Dnsmasq PX extract_name buffer overflow attempt * 1:59105 <-> FILE-PDF Adobe Acrobat PDF thermometer use-after-free attempt * 1:59106 <-> FILE-PDF Adobe Acrobat PDF thermometer use-after-free attempt * 1:59109 <-> SERVER-WEBAPP Oracle WebLogic core server remote code execution attempt * 1:59110 <-> MALWARE-CNC Win.Trojan.Patchwork RAT variant outbound connection * 1:59111 <-> MALWARE-CNC Win.Trojan.Patchwork RAT variant outbound connection * 1:59112 <-> MALWARE-CNC Win.Trojan.Patchwork RAT variant outbound connection * 1:59113 <-> MALWARE-CNC Win.Trojan.Patchwork RAT variant outbound connection * 1:59114 <-> SERVER-APACHE Apache Druid JDBC connection remote code execution attempt * 1:59115 <-> SERVER-APACHE Apache Druid JDBC connection remote code execution attempt * 1:59116 <-> PROTOCOL-OTHER Git LFS clone arbitrary code execution attempt * 1:59117 <-> PROTOCOL-OTHER Git LFS object request detected
* 1:300053 <-> SERVER-WEBAPP Apache HTTP Server httpd directory traversal attempt * 1:59089 <-> SERVER-WEBAPP Trend Micro SafeSync for Enterprise storage API command injection attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.21.0.
The format of the file is:
gid:sid <-> Message
* 1:300060 <-> SERVER-APACHE Apache Shiro HTTP Cookie insecure deserialization attempt * 1:300061 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt * 1:59101 <-> FILE-PDF Adobe Acrobat PDF AcroForm addField use-after-free attempt * 1:59102 <-> FILE-PDF Adobe Acrobat PDF AcroForm addField use-after-free attempt * 1:59103 <-> SERVER-WEBAPP October CMS authentication bypass attempt * 1:59104 <-> PROTOCOL-DNS Dnsmasq PX extract_name buffer overflow attempt * 1:59105 <-> FILE-PDF Adobe Acrobat PDF thermometer use-after-free attempt * 1:59106 <-> FILE-PDF Adobe Acrobat PDF thermometer use-after-free attempt * 1:59109 <-> SERVER-WEBAPP Oracle WebLogic core server remote code execution attempt * 1:59110 <-> MALWARE-CNC Win.Trojan.Patchwork RAT variant outbound connection * 1:59111 <-> MALWARE-CNC Win.Trojan.Patchwork RAT variant outbound connection * 1:59112 <-> MALWARE-CNC Win.Trojan.Patchwork RAT variant outbound connection * 1:59113 <-> MALWARE-CNC Win.Trojan.Patchwork RAT variant outbound connection * 1:59114 <-> SERVER-APACHE Apache Druid JDBC connection remote code execution attempt * 1:59115 <-> SERVER-APACHE Apache Druid JDBC connection remote code execution attempt * 1:59116 <-> PROTOCOL-OTHER Git LFS clone arbitrary code execution attempt * 1:59117 <-> PROTOCOL-OTHER Git LFS object request detected
* 1:300053 <-> SERVER-WEBAPP Apache HTTP Server httpd directory traversal attempt * 1:59089 <-> SERVER-WEBAPP Trend Micro SafeSync for Enterprise storage API command injection attempt
©2024 Cisco and/or its affiliates. Snort, the Snort and Pig logo are registered trademarks of Cisco. All rights reserved.
