Talos has added and modified multiple rules in the browser-chrome, file-multimedia, file-other, malware-cnc, malware-other, os-other, os-windows, protocol-scada, server-apache and server-webapp rule sets to provide coverage for emerging threats from these technologies.
For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091900.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:59417 <-> DISABLED <-> SERVER-OTHER Git HTTP server submodule potential remote code execution attempt (server-other.rules) * 1:59418 <-> DISABLED <-> SERVER-OTHER Git HTTP server submodule potential remote code execution attempt (server-other.rules) * 1:59419 <-> DISABLED <-> SERVER-OTHER Git HTTP server submodule potential remote code execution attempt (server-other.rules) * 1:59420 <-> ENABLED <-> MALWARE-CNC Win.Trojan.GraphSteel outbound connection (malware-cnc.rules) * 1:59421 <-> ENABLED <-> MALWARE-CNC Win.Infostealer.MarsStealer outbound connection (malware-cnc.rules) * 1:59422 <-> DISABLED <-> FILE-OTHER LAquis SCADA LGX report file parsing out-of-bounds write attempt (file-other.rules) * 1:59423 <-> DISABLED <-> FILE-OTHER LAquis SCADA LGX report file parsing out-of-bounds write attempt (file-other.rules) * 1:59424 <-> DISABLED <-> FILE-OTHER LAquis SCADA LGX report arbitrary file write attempt (file-other.rules) * 1:59425 <-> DISABLED <-> FILE-OTHER LAquis SCADA LGX report arbitrary file write attempt (file-other.rules) * 1:59426 <-> DISABLED <-> SERVER-WEBAPP Red Hat JBoss BPM Suite Tasks List cross site scripting attempt (server-webapp.rules) * 1:59428 <-> DISABLED <-> FILE-OTHER OMRON CX-One CX-Protocol CSCU type confusion attempt (file-other.rules) * 1:59427 <-> DISABLED <-> SERVER-WEBAPP Red Hat JBoss BPM Suite Tasks List cross site scripting attempt (server-webapp.rules) * 1:59429 <-> DISABLED <-> FILE-OTHER OMRON CX-One CX-Protocol CSCU type confusion attempt (file-other.rules) * 1:59430 <-> DISABLED <-> MALWARE-OTHER Unix.Malware.B1txor20 download attempt (malware-other.rules) * 1:59431 <-> DISABLED <-> MALWARE-OTHER Unix.Malware.B1txor20 download attempt (malware-other.rules) * 1:59432 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Password command injection attempt (server-webapp.rules) * 1:59433 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Password command injection attempt (server-webapp.rules) * 1:59434 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Password command injection attempt (server-webapp.rules) * 1:59435 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Password command injection attempt (server-webapp.rules) * 1:59436 <-> DISABLED <-> SERVER-WEBAPP Advantech WISE-PaaS RMM SQLMgmt qryData SQL injection attempt (server-webapp.rules) * 1:59437 <-> DISABLED <-> SERVER-WEBAPP Microsoft Sharepoint cross site scripting attempt (server-webapp.rules) * 1:59438 <-> DISABLED <-> SERVER-WEBAPP Microsoft Sharepoint cross site scripting attempt (server-webapp.rules) * 1:59439 <-> DISABLED <-> SERVER-WEBAPP Microsoft Sharepoint cross site scripting attempt (server-webapp.rules) * 1:59440 <-> DISABLED <-> SERVER-APACHE Apache mod_http2 NULL pointer dereference attempt (server-apache.rules) * 1:59441 <-> DISABLED <-> SERVER-OTHER OpenSLP slp_process.c heap overflow attempt (server-other.rules) * 1:59442 <-> DISABLED <-> SERVER-OTHER OpenSLP slp_process.c heap overflow attempt (server-other.rules) * 1:59443 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Interscan MailNotification buffer overflow attempt (server-webapp.rules) * 1:59444 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Interscan MailNotification buffer overflow attempt (server-webapp.rules) * 1:59445 <-> ENABLED <-> MALWARE-CNC Java.Trojan.Verblecon variant outbound connection (malware-cnc.rules) * 1:59446 <-> ENABLED <-> MALWARE-CNC Java.Trojan.Verblecon variant outbound connection (malware-cnc.rules) * 1:59447 <-> DISABLED <-> PROTOCOL-SCADA WeCon LeviStudioU HFT font buffer overflow attempt (protocol-scada.rules) * 3:59448 <-> ENABLED <-> BROWSER-CHROME TRUFFLEHUNTER TALOS-2022-1508 attack attempt (browser-chrome.rules) * 3:59449 <-> ENABLED <-> BROWSER-CHROME TRUFFLEHUNTER TALOS-2022-1508 attack attempt (browser-chrome.rules) * 3:59450 <-> ENABLED <-> OS-OTHER TRUFFLEHUNTER TALOS-2022-1497 attack attempt (os-other.rules) * 3:59451 <-> ENABLED <-> OS-OTHER TRUFFLEHUNTER TALOS-2022-1497 attack attempt (os-other.rules)
* 1:30793 <-> ENABLED <-> SERVER-WEBAPP Java ClassLoader access attempt (server-webapp.rules) * 1:30951 <-> DISABLED <-> SERVER-WEBAPP Microsoft Sharepoint cross site scripting attempt (server-webapp.rules) * 1:38125 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows Transport Stream Program Map Table Heap overflow attempt (file-multimedia.rules) * 1:49964 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DHCP client domain search integer underflow attempt (os-windows.rules) * 1:51159 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DHCP client Domain Search response memory corruption attempt (os-windows.rules) * 1:30790 <-> ENABLED <-> SERVER-WEBAPP Java ClassLoader access attempt (server-webapp.rules) * 1:30791 <-> ENABLED <-> SERVER-WEBAPP Java ClassLoader access attempt (server-webapp.rules) * 1:30792 <-> ENABLED <-> SERVER-WEBAPP Java ClassLoader access attempt (server-webapp.rules) * 1:38124 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows Transport Stream Program Map Table Heap overflow attempt (file-multimedia.rules) * 1:59416 <-> ENABLED <-> SERVER-WEBAPP Java getRuntime remote code execution attempt (server-webapp.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091801.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:59438 <-> DISABLED <-> SERVER-WEBAPP Microsoft Sharepoint cross site scripting attempt (server-webapp.rules) * 1:59446 <-> ENABLED <-> MALWARE-CNC Java.Trojan.Verblecon variant outbound connection (malware-cnc.rules) * 1:59445 <-> ENABLED <-> MALWARE-CNC Java.Trojan.Verblecon variant outbound connection (malware-cnc.rules) * 1:59447 <-> DISABLED <-> PROTOCOL-SCADA WeCon LeviStudioU HFT font buffer overflow attempt (protocol-scada.rules) * 1:59417 <-> DISABLED <-> SERVER-OTHER Git HTTP server submodule potential remote code execution attempt (server-other.rules) * 1:59425 <-> DISABLED <-> FILE-OTHER LAquis SCADA LGX report arbitrary file write attempt (file-other.rules) * 1:59424 <-> DISABLED <-> FILE-OTHER LAquis SCADA LGX report arbitrary file write attempt (file-other.rules) * 1:59426 <-> DISABLED <-> SERVER-WEBAPP Red Hat JBoss BPM Suite Tasks List cross site scripting attempt (server-webapp.rules) * 1:59421 <-> ENABLED <-> MALWARE-CNC Win.Infostealer.MarsStealer outbound connection (malware-cnc.rules) * 1:59423 <-> DISABLED <-> FILE-OTHER LAquis SCADA LGX report file parsing out-of-bounds write attempt (file-other.rules) * 1:59418 <-> DISABLED <-> SERVER-OTHER Git HTTP server submodule potential remote code execution attempt (server-other.rules) * 1:59420 <-> ENABLED <-> MALWARE-CNC Win.Trojan.GraphSteel outbound connection (malware-cnc.rules) * 1:59419 <-> DISABLED <-> SERVER-OTHER Git HTTP server submodule potential remote code execution attempt (server-other.rules) * 1:59427 <-> DISABLED <-> SERVER-WEBAPP Red Hat JBoss BPM Suite Tasks List cross site scripting attempt (server-webapp.rules) * 1:59428 <-> DISABLED <-> FILE-OTHER OMRON CX-One CX-Protocol CSCU type confusion attempt (file-other.rules) * 1:59429 <-> DISABLED <-> FILE-OTHER OMRON CX-One CX-Protocol CSCU type confusion attempt (file-other.rules) * 1:59430 <-> DISABLED <-> MALWARE-OTHER Unix.Malware.B1txor20 download attempt (malware-other.rules) * 1:59431 <-> DISABLED <-> MALWARE-OTHER Unix.Malware.B1txor20 download attempt (malware-other.rules) * 1:59432 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Password command injection attempt (server-webapp.rules) * 1:59433 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Password command injection attempt (server-webapp.rules) * 1:59434 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Password command injection attempt (server-webapp.rules) * 1:59435 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Password command injection attempt (server-webapp.rules) * 1:59436 <-> DISABLED <-> SERVER-WEBAPP Advantech WISE-PaaS RMM SQLMgmt qryData SQL injection attempt (server-webapp.rules) * 1:59439 <-> DISABLED <-> SERVER-WEBAPP Microsoft Sharepoint cross site scripting attempt (server-webapp.rules) * 1:59440 <-> DISABLED <-> SERVER-APACHE Apache mod_http2 NULL pointer dereference attempt (server-apache.rules) * 1:59441 <-> DISABLED <-> SERVER-OTHER OpenSLP slp_process.c heap overflow attempt (server-other.rules) * 1:59443 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Interscan MailNotification buffer overflow attempt (server-webapp.rules) * 1:59442 <-> DISABLED <-> SERVER-OTHER OpenSLP slp_process.c heap overflow attempt (server-other.rules) * 1:59444 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Interscan MailNotification buffer overflow attempt (server-webapp.rules) * 1:59422 <-> DISABLED <-> FILE-OTHER LAquis SCADA LGX report file parsing out-of-bounds write attempt (file-other.rules) * 1:59437 <-> DISABLED <-> SERVER-WEBAPP Microsoft Sharepoint cross site scripting attempt (server-webapp.rules) * 3:59449 <-> ENABLED <-> BROWSER-CHROME TRUFFLEHUNTER TALOS-2022-1508 attack attempt (browser-chrome.rules) * 3:59448 <-> ENABLED <-> BROWSER-CHROME TRUFFLEHUNTER TALOS-2022-1508 attack attempt (browser-chrome.rules) * 3:59450 <-> ENABLED <-> OS-OTHER TRUFFLEHUNTER TALOS-2022-1497 attack attempt (os-other.rules) * 3:59451 <-> ENABLED <-> OS-OTHER TRUFFLEHUNTER TALOS-2022-1497 attack attempt (os-other.rules)
* 1:51159 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DHCP client Domain Search response memory corruption attempt (os-windows.rules) * 1:30793 <-> ENABLED <-> SERVER-WEBAPP Java ClassLoader access attempt (server-webapp.rules) * 1:49964 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DHCP client domain search integer underflow attempt (os-windows.rules) * 1:38125 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows Transport Stream Program Map Table Heap overflow attempt (file-multimedia.rules) * 1:30792 <-> ENABLED <-> SERVER-WEBAPP Java ClassLoader access attempt (server-webapp.rules) * 1:38124 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows Transport Stream Program Map Table Heap overflow attempt (file-multimedia.rules) * 1:59416 <-> ENABLED <-> SERVER-WEBAPP Java getRuntime remote code execution attempt (server-webapp.rules) * 1:30951 <-> DISABLED <-> SERVER-WEBAPP Microsoft Sharepoint cross site scripting attempt (server-webapp.rules) * 1:30790 <-> ENABLED <-> SERVER-WEBAPP Java ClassLoader access attempt (server-webapp.rules) * 1:30791 <-> ENABLED <-> SERVER-WEBAPP Java ClassLoader access attempt (server-webapp.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091701.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:59419 <-> DISABLED <-> SERVER-OTHER Git HTTP server submodule potential remote code execution attempt (server-other.rules) * 1:59442 <-> DISABLED <-> SERVER-OTHER OpenSLP slp_process.c heap overflow attempt (server-other.rules) * 1:59441 <-> DISABLED <-> SERVER-OTHER OpenSLP slp_process.c heap overflow attempt (server-other.rules) * 1:59421 <-> ENABLED <-> MALWARE-CNC Win.Infostealer.MarsStealer outbound connection (malware-cnc.rules) * 1:59427 <-> DISABLED <-> SERVER-WEBAPP Red Hat JBoss BPM Suite Tasks List cross site scripting attempt (server-webapp.rules) * 1:59429 <-> DISABLED <-> FILE-OTHER OMRON CX-One CX-Protocol CSCU type confusion attempt (file-other.rules) * 1:59420 <-> ENABLED <-> MALWARE-CNC Win.Trojan.GraphSteel outbound connection (malware-cnc.rules) * 1:59444 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Interscan MailNotification buffer overflow attempt (server-webapp.rules) * 1:59445 <-> ENABLED <-> MALWARE-CNC Java.Trojan.Verblecon variant outbound connection (malware-cnc.rules) * 1:59443 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Interscan MailNotification buffer overflow attempt (server-webapp.rules) * 1:59425 <-> DISABLED <-> FILE-OTHER LAquis SCADA LGX report arbitrary file write attempt (file-other.rules) * 1:59446 <-> ENABLED <-> MALWARE-CNC Java.Trojan.Verblecon variant outbound connection (malware-cnc.rules) * 1:59447 <-> DISABLED <-> PROTOCOL-SCADA WeCon LeviStudioU HFT font buffer overflow attempt (protocol-scada.rules) * 1:59424 <-> DISABLED <-> FILE-OTHER LAquis SCADA LGX report arbitrary file write attempt (file-other.rules) * 1:59439 <-> DISABLED <-> SERVER-WEBAPP Microsoft Sharepoint cross site scripting attempt (server-webapp.rules) * 1:59438 <-> DISABLED <-> SERVER-WEBAPP Microsoft Sharepoint cross site scripting attempt (server-webapp.rules) * 1:59430 <-> DISABLED <-> MALWARE-OTHER Unix.Malware.B1txor20 download attempt (malware-other.rules) * 1:59428 <-> DISABLED <-> FILE-OTHER OMRON CX-One CX-Protocol CSCU type confusion attempt (file-other.rules) * 1:59417 <-> DISABLED <-> SERVER-OTHER Git HTTP server submodule potential remote code execution attempt (server-other.rules) * 1:59426 <-> DISABLED <-> SERVER-WEBAPP Red Hat JBoss BPM Suite Tasks List cross site scripting attempt (server-webapp.rules) * 1:59422 <-> DISABLED <-> FILE-OTHER LAquis SCADA LGX report file parsing out-of-bounds write attempt (file-other.rules) * 1:59418 <-> DISABLED <-> SERVER-OTHER Git HTTP server submodule potential remote code execution attempt (server-other.rules) * 1:59423 <-> DISABLED <-> FILE-OTHER LAquis SCADA LGX report file parsing out-of-bounds write attempt (file-other.rules) * 1:59431 <-> DISABLED <-> MALWARE-OTHER Unix.Malware.B1txor20 download attempt (malware-other.rules) * 1:59433 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Password command injection attempt (server-webapp.rules) * 1:59432 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Password command injection attempt (server-webapp.rules) * 1:59434 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Password command injection attempt (server-webapp.rules) * 1:59435 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Password command injection attempt (server-webapp.rules) * 1:59437 <-> DISABLED <-> SERVER-WEBAPP Microsoft Sharepoint cross site scripting attempt (server-webapp.rules) * 1:59436 <-> DISABLED <-> SERVER-WEBAPP Advantech WISE-PaaS RMM SQLMgmt qryData SQL injection attempt (server-webapp.rules) * 1:59440 <-> DISABLED <-> SERVER-APACHE Apache mod_http2 NULL pointer dereference attempt (server-apache.rules) * 3:59449 <-> ENABLED <-> BROWSER-CHROME TRUFFLEHUNTER TALOS-2022-1508 attack attempt (browser-chrome.rules) * 3:59448 <-> ENABLED <-> BROWSER-CHROME TRUFFLEHUNTER TALOS-2022-1508 attack attempt (browser-chrome.rules) * 3:59450 <-> ENABLED <-> OS-OTHER TRUFFLEHUNTER TALOS-2022-1497 attack attempt (os-other.rules) * 3:59451 <-> ENABLED <-> OS-OTHER TRUFFLEHUNTER TALOS-2022-1497 attack attempt (os-other.rules)
* 1:30951 <-> DISABLED <-> SERVER-WEBAPP Microsoft Sharepoint cross site scripting attempt (server-webapp.rules) * 1:38125 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows Transport Stream Program Map Table Heap overflow attempt (file-multimedia.rules) * 1:51159 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DHCP client Domain Search response memory corruption attempt (os-windows.rules) * 1:49964 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DHCP client domain search integer underflow attempt (os-windows.rules) * 1:30791 <-> ENABLED <-> SERVER-WEBAPP Java ClassLoader access attempt (server-webapp.rules) * 1:30792 <-> ENABLED <-> SERVER-WEBAPP Java ClassLoader access attempt (server-webapp.rules) * 1:38124 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows Transport Stream Program Map Table Heap overflow attempt (file-multimedia.rules) * 1:59416 <-> ENABLED <-> SERVER-WEBAPP Java getRuntime remote code execution attempt (server-webapp.rules) * 1:30793 <-> ENABLED <-> SERVER-WEBAPP Java ClassLoader access attempt (server-webapp.rules) * 1:30790 <-> ENABLED <-> SERVER-WEBAPP Java ClassLoader access attempt (server-webapp.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091700.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:59441 <-> DISABLED <-> SERVER-OTHER OpenSLP slp_process.c heap overflow attempt (server-other.rules) * 1:59442 <-> DISABLED <-> SERVER-OTHER OpenSLP slp_process.c heap overflow attempt (server-other.rules) * 1:59427 <-> DISABLED <-> SERVER-WEBAPP Red Hat JBoss BPM Suite Tasks List cross site scripting attempt (server-webapp.rules) * 1:59429 <-> DISABLED <-> FILE-OTHER OMRON CX-One CX-Protocol CSCU type confusion attempt (file-other.rules) * 1:59444 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Interscan MailNotification buffer overflow attempt (server-webapp.rules) * 1:59420 <-> ENABLED <-> MALWARE-CNC Win.Trojan.GraphSteel outbound connection (malware-cnc.rules) * 1:59439 <-> DISABLED <-> SERVER-WEBAPP Microsoft Sharepoint cross site scripting attempt (server-webapp.rules) * 1:59438 <-> DISABLED <-> SERVER-WEBAPP Microsoft Sharepoint cross site scripting attempt (server-webapp.rules) * 1:59443 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Interscan MailNotification buffer overflow attempt (server-webapp.rules) * 1:59425 <-> DISABLED <-> FILE-OTHER LAquis SCADA LGX report arbitrary file write attempt (file-other.rules) * 1:59419 <-> DISABLED <-> SERVER-OTHER Git HTTP server submodule potential remote code execution attempt (server-other.rules) * 1:59423 <-> DISABLED <-> FILE-OTHER LAquis SCADA LGX report file parsing out-of-bounds write attempt (file-other.rules) * 1:59417 <-> DISABLED <-> SERVER-OTHER Git HTTP server submodule potential remote code execution attempt (server-other.rules) * 1:59430 <-> DISABLED <-> MALWARE-OTHER Unix.Malware.B1txor20 download attempt (malware-other.rules) * 1:59428 <-> DISABLED <-> FILE-OTHER OMRON CX-One CX-Protocol CSCU type confusion attempt (file-other.rules) * 1:59418 <-> DISABLED <-> SERVER-OTHER Git HTTP server submodule potential remote code execution attempt (server-other.rules) * 1:59426 <-> DISABLED <-> SERVER-WEBAPP Red Hat JBoss BPM Suite Tasks List cross site scripting attempt (server-webapp.rules) * 1:59422 <-> DISABLED <-> FILE-OTHER LAquis SCADA LGX report file parsing out-of-bounds write attempt (file-other.rules) * 1:59431 <-> DISABLED <-> MALWARE-OTHER Unix.Malware.B1txor20 download attempt (malware-other.rules) * 1:59433 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Password command injection attempt (server-webapp.rules) * 1:59432 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Password command injection attempt (server-webapp.rules) * 1:59435 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Password command injection attempt (server-webapp.rules) * 1:59434 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Password command injection attempt (server-webapp.rules) * 1:59437 <-> DISABLED <-> SERVER-WEBAPP Microsoft Sharepoint cross site scripting attempt (server-webapp.rules) * 1:59436 <-> DISABLED <-> SERVER-WEBAPP Advantech WISE-PaaS RMM SQLMgmt qryData SQL injection attempt (server-webapp.rules) * 1:59440 <-> DISABLED <-> SERVER-APACHE Apache mod_http2 NULL pointer dereference attempt (server-apache.rules) * 1:59447 <-> DISABLED <-> PROTOCOL-SCADA WeCon LeviStudioU HFT font buffer overflow attempt (protocol-scada.rules) * 1:59446 <-> ENABLED <-> MALWARE-CNC Java.Trojan.Verblecon variant outbound connection (malware-cnc.rules) * 1:59445 <-> ENABLED <-> MALWARE-CNC Java.Trojan.Verblecon variant outbound connection (malware-cnc.rules) * 1:59424 <-> DISABLED <-> FILE-OTHER LAquis SCADA LGX report arbitrary file write attempt (file-other.rules) * 1:59421 <-> ENABLED <-> MALWARE-CNC Win.Infostealer.MarsStealer outbound connection (malware-cnc.rules) * 3:59451 <-> ENABLED <-> OS-OTHER TRUFFLEHUNTER TALOS-2022-1497 attack attempt (os-other.rules) * 3:59449 <-> ENABLED <-> BROWSER-CHROME TRUFFLEHUNTER TALOS-2022-1508 attack attempt (browser-chrome.rules) * 3:59448 <-> ENABLED <-> BROWSER-CHROME TRUFFLEHUNTER TALOS-2022-1508 attack attempt (browser-chrome.rules) * 3:59450 <-> ENABLED <-> OS-OTHER TRUFFLEHUNTER TALOS-2022-1497 attack attempt (os-other.rules)
* 1:30793 <-> ENABLED <-> SERVER-WEBAPP Java ClassLoader access attempt (server-webapp.rules) * 1:51159 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DHCP client Domain Search response memory corruption attempt (os-windows.rules) * 1:49964 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DHCP client domain search integer underflow attempt (os-windows.rules) * 1:30791 <-> ENABLED <-> SERVER-WEBAPP Java ClassLoader access attempt (server-webapp.rules) * 1:30792 <-> ENABLED <-> SERVER-WEBAPP Java ClassLoader access attempt (server-webapp.rules) * 1:38124 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows Transport Stream Program Map Table Heap overflow attempt (file-multimedia.rules) * 1:59416 <-> ENABLED <-> SERVER-WEBAPP Java getRuntime remote code execution attempt (server-webapp.rules) * 1:38125 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows Transport Stream Program Map Table Heap overflow attempt (file-multimedia.rules) * 1:30951 <-> DISABLED <-> SERVER-WEBAPP Microsoft Sharepoint cross site scripting attempt (server-webapp.rules) * 1:30790 <-> ENABLED <-> SERVER-WEBAPP Java ClassLoader access attempt (server-webapp.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091601.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:59435 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Password command injection attempt (server-webapp.rules) * 1:59446 <-> ENABLED <-> MALWARE-CNC Java.Trojan.Verblecon variant outbound connection (malware-cnc.rules) * 1:59422 <-> DISABLED <-> FILE-OTHER LAquis SCADA LGX report file parsing out-of-bounds write attempt (file-other.rules) * 1:59444 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Interscan MailNotification buffer overflow attempt (server-webapp.rules) * 1:59421 <-> ENABLED <-> MALWARE-CNC Win.Infostealer.MarsStealer outbound connection (malware-cnc.rules) * 1:59443 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Interscan MailNotification buffer overflow attempt (server-webapp.rules) * 1:59427 <-> DISABLED <-> SERVER-WEBAPP Red Hat JBoss BPM Suite Tasks List cross site scripting attempt (server-webapp.rules) * 1:59428 <-> DISABLED <-> FILE-OTHER OMRON CX-One CX-Protocol CSCU type confusion attempt (file-other.rules) * 1:59434 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Password command injection attempt (server-webapp.rules) * 1:59442 <-> DISABLED <-> SERVER-OTHER OpenSLP slp_process.c heap overflow attempt (server-other.rules) * 1:59423 <-> DISABLED <-> FILE-OTHER LAquis SCADA LGX report file parsing out-of-bounds write attempt (file-other.rules) * 1:59420 <-> ENABLED <-> MALWARE-CNC Win.Trojan.GraphSteel outbound connection (malware-cnc.rules) * 1:59417 <-> DISABLED <-> SERVER-OTHER Git HTTP server submodule potential remote code execution attempt (server-other.rules) * 1:59432 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Password command injection attempt (server-webapp.rules) * 1:59430 <-> DISABLED <-> MALWARE-OTHER Unix.Malware.B1txor20 download attempt (malware-other.rules) * 1:59447 <-> DISABLED <-> PROTOCOL-SCADA WeCon LeviStudioU HFT font buffer overflow attempt (protocol-scada.rules) * 1:59445 <-> ENABLED <-> MALWARE-CNC Java.Trojan.Verblecon variant outbound connection (malware-cnc.rules) * 1:59433 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Password command injection attempt (server-webapp.rules) * 1:59437 <-> DISABLED <-> SERVER-WEBAPP Microsoft Sharepoint cross site scripting attempt (server-webapp.rules) * 1:59429 <-> DISABLED <-> FILE-OTHER OMRON CX-One CX-Protocol CSCU type confusion attempt (file-other.rules) * 1:59425 <-> DISABLED <-> FILE-OTHER LAquis SCADA LGX report arbitrary file write attempt (file-other.rules) * 1:59418 <-> DISABLED <-> SERVER-OTHER Git HTTP server submodule potential remote code execution attempt (server-other.rules) * 1:59424 <-> DISABLED <-> FILE-OTHER LAquis SCADA LGX report arbitrary file write attempt (file-other.rules) * 1:59439 <-> DISABLED <-> SERVER-WEBAPP Microsoft Sharepoint cross site scripting attempt (server-webapp.rules) * 1:59440 <-> DISABLED <-> SERVER-APACHE Apache mod_http2 NULL pointer dereference attempt (server-apache.rules) * 1:59436 <-> DISABLED <-> SERVER-WEBAPP Advantech WISE-PaaS RMM SQLMgmt qryData SQL injection attempt (server-webapp.rules) * 1:59441 <-> DISABLED <-> SERVER-OTHER OpenSLP slp_process.c heap overflow attempt (server-other.rules) * 1:59431 <-> DISABLED <-> MALWARE-OTHER Unix.Malware.B1txor20 download attempt (malware-other.rules) * 1:59419 <-> DISABLED <-> SERVER-OTHER Git HTTP server submodule potential remote code execution attempt (server-other.rules) * 1:59438 <-> DISABLED <-> SERVER-WEBAPP Microsoft Sharepoint cross site scripting attempt (server-webapp.rules) * 1:59426 <-> DISABLED <-> SERVER-WEBAPP Red Hat JBoss BPM Suite Tasks List cross site scripting attempt (server-webapp.rules) * 3:59451 <-> ENABLED <-> OS-OTHER TRUFFLEHUNTER TALOS-2022-1497 attack attempt (os-other.rules) * 3:59450 <-> ENABLED <-> OS-OTHER TRUFFLEHUNTER TALOS-2022-1497 attack attempt (os-other.rules) * 3:59448 <-> ENABLED <-> BROWSER-CHROME TRUFFLEHUNTER TALOS-2022-1508 attack attempt (browser-chrome.rules) * 3:59449 <-> ENABLED <-> BROWSER-CHROME TRUFFLEHUNTER TALOS-2022-1508 attack attempt (browser-chrome.rules)
* 1:38125 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows Transport Stream Program Map Table Heap overflow attempt (file-multimedia.rules) * 1:30791 <-> ENABLED <-> SERVER-WEBAPP Java ClassLoader access attempt (server-webapp.rules) * 1:51159 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DHCP client Domain Search response memory corruption attempt (os-windows.rules) * 1:30792 <-> ENABLED <-> SERVER-WEBAPP Java ClassLoader access attempt (server-webapp.rules) * 1:38124 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows Transport Stream Program Map Table Heap overflow attempt (file-multimedia.rules) * 1:59416 <-> ENABLED <-> SERVER-WEBAPP Java getRuntime remote code execution attempt (server-webapp.rules) * 1:30951 <-> DISABLED <-> SERVER-WEBAPP Microsoft Sharepoint cross site scripting attempt (server-webapp.rules) * 1:49964 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DHCP client domain search integer underflow attempt (os-windows.rules) * 1:30793 <-> ENABLED <-> SERVER-WEBAPP Java ClassLoader access attempt (server-webapp.rules) * 1:30790 <-> ENABLED <-> SERVER-WEBAPP Java ClassLoader access attempt (server-webapp.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091600.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:59446 <-> ENABLED <-> MALWARE-CNC Java.Trojan.Verblecon variant outbound connection (malware-cnc.rules) * 1:59447 <-> DISABLED <-> PROTOCOL-SCADA WeCon LeviStudioU HFT font buffer overflow attempt (protocol-scada.rules) * 1:59441 <-> DISABLED <-> SERVER-OTHER OpenSLP slp_process.c heap overflow attempt (server-other.rules) * 1:59445 <-> ENABLED <-> MALWARE-CNC Java.Trojan.Verblecon variant outbound connection (malware-cnc.rules) * 1:59419 <-> DISABLED <-> SERVER-OTHER Git HTTP server submodule potential remote code execution attempt (server-other.rules) * 1:59444 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Interscan MailNotification buffer overflow attempt (server-webapp.rules) * 1:59431 <-> DISABLED <-> MALWARE-OTHER Unix.Malware.B1txor20 download attempt (malware-other.rules) * 1:59418 <-> DISABLED <-> SERVER-OTHER Git HTTP server submodule potential remote code execution attempt (server-other.rules) * 1:59428 <-> DISABLED <-> FILE-OTHER OMRON CX-One CX-Protocol CSCU type confusion attempt (file-other.rules) * 1:59443 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Interscan MailNotification buffer overflow attempt (server-webapp.rules) * 1:59423 <-> DISABLED <-> FILE-OTHER LAquis SCADA LGX report file parsing out-of-bounds write attempt (file-other.rules) * 1:59425 <-> DISABLED <-> FILE-OTHER LAquis SCADA LGX report arbitrary file write attempt (file-other.rules) * 1:59432 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Password command injection attempt (server-webapp.rules) * 1:59433 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Password command injection attempt (server-webapp.rules) * 1:59434 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Password command injection attempt (server-webapp.rules) * 1:59417 <-> DISABLED <-> SERVER-OTHER Git HTTP server submodule potential remote code execution attempt (server-other.rules) * 1:59427 <-> DISABLED <-> SERVER-WEBAPP Red Hat JBoss BPM Suite Tasks List cross site scripting attempt (server-webapp.rules) * 1:59420 <-> ENABLED <-> MALWARE-CNC Win.Trojan.GraphSteel outbound connection (malware-cnc.rules) * 1:59421 <-> ENABLED <-> MALWARE-CNC Win.Infostealer.MarsStealer outbound connection (malware-cnc.rules) * 1:59442 <-> DISABLED <-> SERVER-OTHER OpenSLP slp_process.c heap overflow attempt (server-other.rules) * 1:59435 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Password command injection attempt (server-webapp.rules) * 1:59436 <-> DISABLED <-> SERVER-WEBAPP Advantech WISE-PaaS RMM SQLMgmt qryData SQL injection attempt (server-webapp.rules) * 1:59440 <-> DISABLED <-> SERVER-APACHE Apache mod_http2 NULL pointer dereference attempt (server-apache.rules) * 1:59437 <-> DISABLED <-> SERVER-WEBAPP Microsoft Sharepoint cross site scripting attempt (server-webapp.rules) * 1:59438 <-> DISABLED <-> SERVER-WEBAPP Microsoft Sharepoint cross site scripting attempt (server-webapp.rules) * 1:59424 <-> DISABLED <-> FILE-OTHER LAquis SCADA LGX report arbitrary file write attempt (file-other.rules) * 1:59422 <-> DISABLED <-> FILE-OTHER LAquis SCADA LGX report file parsing out-of-bounds write attempt (file-other.rules) * 1:59439 <-> DISABLED <-> SERVER-WEBAPP Microsoft Sharepoint cross site scripting attempt (server-webapp.rules) * 1:59430 <-> DISABLED <-> MALWARE-OTHER Unix.Malware.B1txor20 download attempt (malware-other.rules) * 1:59429 <-> DISABLED <-> FILE-OTHER OMRON CX-One CX-Protocol CSCU type confusion attempt (file-other.rules) * 1:59426 <-> DISABLED <-> SERVER-WEBAPP Red Hat JBoss BPM Suite Tasks List cross site scripting attempt (server-webapp.rules) * 3:59450 <-> ENABLED <-> OS-OTHER TRUFFLEHUNTER TALOS-2022-1497 attack attempt (os-other.rules) * 3:59448 <-> ENABLED <-> BROWSER-CHROME TRUFFLEHUNTER TALOS-2022-1508 attack attempt (browser-chrome.rules) * 3:59449 <-> ENABLED <-> BROWSER-CHROME TRUFFLEHUNTER TALOS-2022-1508 attack attempt (browser-chrome.rules) * 3:59451 <-> ENABLED <-> OS-OTHER TRUFFLEHUNTER TALOS-2022-1497 attack attempt (os-other.rules)
* 1:51159 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DHCP client Domain Search response memory corruption attempt (os-windows.rules) * 1:49964 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DHCP client domain search integer underflow attempt (os-windows.rules) * 1:30951 <-> DISABLED <-> SERVER-WEBAPP Microsoft Sharepoint cross site scripting attempt (server-webapp.rules) * 1:30792 <-> ENABLED <-> SERVER-WEBAPP Java ClassLoader access attempt (server-webapp.rules) * 1:30793 <-> ENABLED <-> SERVER-WEBAPP Java ClassLoader access attempt (server-webapp.rules) * 1:59416 <-> ENABLED <-> SERVER-WEBAPP Java getRuntime remote code execution attempt (server-webapp.rules) * 1:30791 <-> ENABLED <-> SERVER-WEBAPP Java ClassLoader access attempt (server-webapp.rules) * 1:38125 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows Transport Stream Program Map Table Heap overflow attempt (file-multimedia.rules) * 1:30790 <-> ENABLED <-> SERVER-WEBAPP Java ClassLoader access attempt (server-webapp.rules) * 1:38124 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows Transport Stream Program Map Table Heap overflow attempt (file-multimedia.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091501.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:59431 <-> DISABLED <-> MALWARE-OTHER Unix.Malware.B1txor20 download attempt (malware-other.rules) * 1:59444 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Interscan MailNotification buffer overflow attempt (server-webapp.rules) * 1:59446 <-> ENABLED <-> MALWARE-CNC Java.Trojan.Verblecon variant outbound connection (malware-cnc.rules) * 1:59441 <-> DISABLED <-> SERVER-OTHER OpenSLP slp_process.c heap overflow attempt (server-other.rules) * 1:59442 <-> DISABLED <-> SERVER-OTHER OpenSLP slp_process.c heap overflow attempt (server-other.rules) * 1:59425 <-> DISABLED <-> FILE-OTHER LAquis SCADA LGX report arbitrary file write attempt (file-other.rules) * 1:59445 <-> ENABLED <-> MALWARE-CNC Java.Trojan.Verblecon variant outbound connection (malware-cnc.rules) * 1:59427 <-> DISABLED <-> SERVER-WEBAPP Red Hat JBoss BPM Suite Tasks List cross site scripting attempt (server-webapp.rules) * 1:59443 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Interscan MailNotification buffer overflow attempt (server-webapp.rules) * 1:59433 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Password command injection attempt (server-webapp.rules) * 1:59421 <-> ENABLED <-> MALWARE-CNC Win.Infostealer.MarsStealer outbound connection (malware-cnc.rules) * 1:59424 <-> DISABLED <-> FILE-OTHER LAquis SCADA LGX report arbitrary file write attempt (file-other.rules) * 1:59435 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Password command injection attempt (server-webapp.rules) * 1:59437 <-> DISABLED <-> SERVER-WEBAPP Microsoft Sharepoint cross site scripting attempt (server-webapp.rules) * 1:59432 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Password command injection attempt (server-webapp.rules) * 1:59434 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Password command injection attempt (server-webapp.rules) * 1:59430 <-> DISABLED <-> MALWARE-OTHER Unix.Malware.B1txor20 download attempt (malware-other.rules) * 1:59436 <-> DISABLED <-> SERVER-WEBAPP Advantech WISE-PaaS RMM SQLMgmt qryData SQL injection attempt (server-webapp.rules) * 1:59440 <-> DISABLED <-> SERVER-APACHE Apache mod_http2 NULL pointer dereference attempt (server-apache.rules) * 1:59447 <-> DISABLED <-> PROTOCOL-SCADA WeCon LeviStudioU HFT font buffer overflow attempt (protocol-scada.rules) * 1:59439 <-> DISABLED <-> SERVER-WEBAPP Microsoft Sharepoint cross site scripting attempt (server-webapp.rules) * 1:59422 <-> DISABLED <-> FILE-OTHER LAquis SCADA LGX report file parsing out-of-bounds write attempt (file-other.rules) * 1:59426 <-> DISABLED <-> SERVER-WEBAPP Red Hat JBoss BPM Suite Tasks List cross site scripting attempt (server-webapp.rules) * 1:59417 <-> DISABLED <-> SERVER-OTHER Git HTTP server submodule potential remote code execution attempt (server-other.rules) * 1:59420 <-> ENABLED <-> MALWARE-CNC Win.Trojan.GraphSteel outbound connection (malware-cnc.rules) * 1:59418 <-> DISABLED <-> SERVER-OTHER Git HTTP server submodule potential remote code execution attempt (server-other.rules) * 1:59423 <-> DISABLED <-> FILE-OTHER LAquis SCADA LGX report file parsing out-of-bounds write attempt (file-other.rules) * 1:59438 <-> DISABLED <-> SERVER-WEBAPP Microsoft Sharepoint cross site scripting attempt (server-webapp.rules) * 1:59419 <-> DISABLED <-> SERVER-OTHER Git HTTP server submodule potential remote code execution attempt (server-other.rules) * 1:59429 <-> DISABLED <-> FILE-OTHER OMRON CX-One CX-Protocol CSCU type confusion attempt (file-other.rules) * 1:59428 <-> DISABLED <-> FILE-OTHER OMRON CX-One CX-Protocol CSCU type confusion attempt (file-other.rules) * 3:59450 <-> ENABLED <-> OS-OTHER TRUFFLEHUNTER TALOS-2022-1497 attack attempt (os-other.rules) * 3:59448 <-> ENABLED <-> BROWSER-CHROME TRUFFLEHUNTER TALOS-2022-1508 attack attempt (browser-chrome.rules) * 3:59451 <-> ENABLED <-> OS-OTHER TRUFFLEHUNTER TALOS-2022-1497 attack attempt (os-other.rules) * 3:59449 <-> ENABLED <-> BROWSER-CHROME TRUFFLEHUNTER TALOS-2022-1508 attack attempt (browser-chrome.rules)
* 1:51159 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DHCP client Domain Search response memory corruption attempt (os-windows.rules) * 1:30793 <-> ENABLED <-> SERVER-WEBAPP Java ClassLoader access attempt (server-webapp.rules) * 1:38125 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows Transport Stream Program Map Table Heap overflow attempt (file-multimedia.rules) * 1:30792 <-> ENABLED <-> SERVER-WEBAPP Java ClassLoader access attempt (server-webapp.rules) * 1:38124 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows Transport Stream Program Map Table Heap overflow attempt (file-multimedia.rules) * 1:59416 <-> ENABLED <-> SERVER-WEBAPP Java getRuntime remote code execution attempt (server-webapp.rules) * 1:30791 <-> ENABLED <-> SERVER-WEBAPP Java ClassLoader access attempt (server-webapp.rules) * 1:30951 <-> DISABLED <-> SERVER-WEBAPP Microsoft Sharepoint cross site scripting attempt (server-webapp.rules) * 1:30790 <-> ENABLED <-> SERVER-WEBAPP Java ClassLoader access attempt (server-webapp.rules) * 1:49964 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DHCP client domain search integer underflow attempt (os-windows.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091401.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:59442 <-> DISABLED <-> SERVER-OTHER OpenSLP slp_process.c heap overflow attempt (server-other.rules) * 1:59440 <-> DISABLED <-> SERVER-APACHE Apache mod_http2 NULL pointer dereference attempt (server-apache.rules) * 1:59417 <-> DISABLED <-> SERVER-OTHER Git HTTP server submodule potential remote code execution attempt (server-other.rules) * 1:59447 <-> DISABLED <-> PROTOCOL-SCADA WeCon LeviStudioU HFT font buffer overflow attempt (protocol-scada.rules) * 1:59427 <-> DISABLED <-> SERVER-WEBAPP Red Hat JBoss BPM Suite Tasks List cross site scripting attempt (server-webapp.rules) * 1:59419 <-> DISABLED <-> SERVER-OTHER Git HTTP server submodule potential remote code execution attempt (server-other.rules) * 1:59425 <-> DISABLED <-> FILE-OTHER LAquis SCADA LGX report arbitrary file write attempt (file-other.rules) * 1:59420 <-> ENABLED <-> MALWARE-CNC Win.Trojan.GraphSteel outbound connection (malware-cnc.rules) * 1:59418 <-> DISABLED <-> SERVER-OTHER Git HTTP server submodule potential remote code execution attempt (server-other.rules) * 1:59422 <-> DISABLED <-> FILE-OTHER LAquis SCADA LGX report file parsing out-of-bounds write attempt (file-other.rules) * 1:59443 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Interscan MailNotification buffer overflow attempt (server-webapp.rules) * 1:59429 <-> DISABLED <-> FILE-OTHER OMRON CX-One CX-Protocol CSCU type confusion attempt (file-other.rules) * 1:59430 <-> DISABLED <-> MALWARE-OTHER Unix.Malware.B1txor20 download attempt (malware-other.rules) * 1:59431 <-> DISABLED <-> MALWARE-OTHER Unix.Malware.B1txor20 download attempt (malware-other.rules) * 1:59424 <-> DISABLED <-> FILE-OTHER LAquis SCADA LGX report arbitrary file write attempt (file-other.rules) * 1:59438 <-> DISABLED <-> SERVER-WEBAPP Microsoft Sharepoint cross site scripting attempt (server-webapp.rules) * 1:59432 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Password command injection attempt (server-webapp.rules) * 1:59433 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Password command injection attempt (server-webapp.rules) * 1:59439 <-> DISABLED <-> SERVER-WEBAPP Microsoft Sharepoint cross site scripting attempt (server-webapp.rules) * 1:59434 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Password command injection attempt (server-webapp.rules) * 1:59437 <-> DISABLED <-> SERVER-WEBAPP Microsoft Sharepoint cross site scripting attempt (server-webapp.rules) * 1:59435 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Password command injection attempt (server-webapp.rules) * 1:59436 <-> DISABLED <-> SERVER-WEBAPP Advantech WISE-PaaS RMM SQLMgmt qryData SQL injection attempt (server-webapp.rules) * 1:59444 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Interscan MailNotification buffer overflow attempt (server-webapp.rules) * 1:59446 <-> ENABLED <-> MALWARE-CNC Java.Trojan.Verblecon variant outbound connection (malware-cnc.rules) * 1:59423 <-> DISABLED <-> FILE-OTHER LAquis SCADA LGX report file parsing out-of-bounds write attempt (file-other.rules) * 1:59421 <-> ENABLED <-> MALWARE-CNC Win.Infostealer.MarsStealer outbound connection (malware-cnc.rules) * 1:59441 <-> DISABLED <-> SERVER-OTHER OpenSLP slp_process.c heap overflow attempt (server-other.rules) * 1:59445 <-> ENABLED <-> MALWARE-CNC Java.Trojan.Verblecon variant outbound connection (malware-cnc.rules) * 1:59426 <-> DISABLED <-> SERVER-WEBAPP Red Hat JBoss BPM Suite Tasks List cross site scripting attempt (server-webapp.rules) * 1:59428 <-> DISABLED <-> FILE-OTHER OMRON CX-One CX-Protocol CSCU type confusion attempt (file-other.rules) * 3:59448 <-> ENABLED <-> BROWSER-CHROME TRUFFLEHUNTER TALOS-2022-1508 attack attempt (browser-chrome.rules) * 3:59450 <-> ENABLED <-> OS-OTHER TRUFFLEHUNTER TALOS-2022-1497 attack attempt (os-other.rules) * 3:59449 <-> ENABLED <-> BROWSER-CHROME TRUFFLEHUNTER TALOS-2022-1508 attack attempt (browser-chrome.rules) * 3:59451 <-> ENABLED <-> OS-OTHER TRUFFLEHUNTER TALOS-2022-1497 attack attempt (os-other.rules)
* 1:38125 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows Transport Stream Program Map Table Heap overflow attempt (file-multimedia.rules) * 1:49964 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DHCP client domain search integer underflow attempt (os-windows.rules) * 1:30951 <-> DISABLED <-> SERVER-WEBAPP Microsoft Sharepoint cross site scripting attempt (server-webapp.rules) * 1:51159 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DHCP client Domain Search response memory corruption attempt (os-windows.rules) * 1:59416 <-> ENABLED <-> SERVER-WEBAPP Java getRuntime remote code execution attempt (server-webapp.rules) * 1:30792 <-> ENABLED <-> SERVER-WEBAPP Java ClassLoader access attempt (server-webapp.rules) * 1:30791 <-> ENABLED <-> SERVER-WEBAPP Java ClassLoader access attempt (server-webapp.rules) * 1:30793 <-> ENABLED <-> SERVER-WEBAPP Java ClassLoader access attempt (server-webapp.rules) * 1:30790 <-> ENABLED <-> SERVER-WEBAPP Java ClassLoader access attempt (server-webapp.rules) * 1:38124 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows Transport Stream Program Map Table Heap overflow attempt (file-multimedia.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091300.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:59443 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Interscan MailNotification buffer overflow attempt (server-webapp.rules) * 1:59442 <-> DISABLED <-> SERVER-OTHER OpenSLP slp_process.c heap overflow attempt (server-other.rules) * 1:59417 <-> DISABLED <-> SERVER-OTHER Git HTTP server submodule potential remote code execution attempt (server-other.rules) * 1:59423 <-> DISABLED <-> FILE-OTHER LAquis SCADA LGX report file parsing out-of-bounds write attempt (file-other.rules) * 1:59421 <-> ENABLED <-> MALWARE-CNC Win.Infostealer.MarsStealer outbound connection (malware-cnc.rules) * 1:59437 <-> DISABLED <-> SERVER-WEBAPP Microsoft Sharepoint cross site scripting attempt (server-webapp.rules) * 1:59431 <-> DISABLED <-> MALWARE-OTHER Unix.Malware.B1txor20 download attempt (malware-other.rules) * 1:59433 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Password command injection attempt (server-webapp.rules) * 1:59426 <-> DISABLED <-> SERVER-WEBAPP Red Hat JBoss BPM Suite Tasks List cross site scripting attempt (server-webapp.rules) * 1:59445 <-> ENABLED <-> MALWARE-CNC Java.Trojan.Verblecon variant outbound connection (malware-cnc.rules) * 1:59427 <-> DISABLED <-> SERVER-WEBAPP Red Hat JBoss BPM Suite Tasks List cross site scripting attempt (server-webapp.rules) * 1:59432 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Password command injection attempt (server-webapp.rules) * 1:59430 <-> DISABLED <-> MALWARE-OTHER Unix.Malware.B1txor20 download attempt (malware-other.rules) * 1:59418 <-> DISABLED <-> SERVER-OTHER Git HTTP server submodule potential remote code execution attempt (server-other.rules) * 1:59424 <-> DISABLED <-> FILE-OTHER LAquis SCADA LGX report arbitrary file write attempt (file-other.rules) * 1:59447 <-> DISABLED <-> PROTOCOL-SCADA WeCon LeviStudioU HFT font buffer overflow attempt (protocol-scada.rules) * 1:59435 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Password command injection attempt (server-webapp.rules) * 1:59439 <-> DISABLED <-> SERVER-WEBAPP Microsoft Sharepoint cross site scripting attempt (server-webapp.rules) * 1:59428 <-> DISABLED <-> FILE-OTHER OMRON CX-One CX-Protocol CSCU type confusion attempt (file-other.rules) * 1:59440 <-> DISABLED <-> SERVER-APACHE Apache mod_http2 NULL pointer dereference attempt (server-apache.rules) * 1:59420 <-> ENABLED <-> MALWARE-CNC Win.Trojan.GraphSteel outbound connection (malware-cnc.rules) * 1:59441 <-> DISABLED <-> SERVER-OTHER OpenSLP slp_process.c heap overflow attempt (server-other.rules) * 1:59438 <-> DISABLED <-> SERVER-WEBAPP Microsoft Sharepoint cross site scripting attempt (server-webapp.rules) * 1:59425 <-> DISABLED <-> FILE-OTHER LAquis SCADA LGX report arbitrary file write attempt (file-other.rules) * 1:59422 <-> DISABLED <-> FILE-OTHER LAquis SCADA LGX report file parsing out-of-bounds write attempt (file-other.rules) * 1:59446 <-> ENABLED <-> MALWARE-CNC Java.Trojan.Verblecon variant outbound connection (malware-cnc.rules) * 1:59419 <-> DISABLED <-> SERVER-OTHER Git HTTP server submodule potential remote code execution attempt (server-other.rules) * 1:59434 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Password command injection attempt (server-webapp.rules) * 1:59429 <-> DISABLED <-> FILE-OTHER OMRON CX-One CX-Protocol CSCU type confusion attempt (file-other.rules) * 1:59444 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Interscan MailNotification buffer overflow attempt (server-webapp.rules) * 1:59436 <-> DISABLED <-> SERVER-WEBAPP Advantech WISE-PaaS RMM SQLMgmt qryData SQL injection attempt (server-webapp.rules) * 3:59449 <-> ENABLED <-> BROWSER-CHROME TRUFFLEHUNTER TALOS-2022-1508 attack attempt (browser-chrome.rules) * 3:59450 <-> ENABLED <-> OS-OTHER TRUFFLEHUNTER TALOS-2022-1497 attack attempt (os-other.rules) * 3:59448 <-> ENABLED <-> BROWSER-CHROME TRUFFLEHUNTER TALOS-2022-1508 attack attempt (browser-chrome.rules) * 3:59451 <-> ENABLED <-> OS-OTHER TRUFFLEHUNTER TALOS-2022-1497 attack attempt (os-other.rules)
* 1:51159 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DHCP client Domain Search response memory corruption attempt (os-windows.rules) * 1:30791 <-> ENABLED <-> SERVER-WEBAPP Java ClassLoader access attempt (server-webapp.rules) * 1:30793 <-> ENABLED <-> SERVER-WEBAPP Java ClassLoader access attempt (server-webapp.rules) * 1:30951 <-> DISABLED <-> SERVER-WEBAPP Microsoft Sharepoint cross site scripting attempt (server-webapp.rules) * 1:38125 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows Transport Stream Program Map Table Heap overflow attempt (file-multimedia.rules) * 1:30792 <-> ENABLED <-> SERVER-WEBAPP Java ClassLoader access attempt (server-webapp.rules) * 1:38124 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows Transport Stream Program Map Table Heap overflow attempt (file-multimedia.rules) * 1:59416 <-> ENABLED <-> SERVER-WEBAPP Java getRuntime remote code execution attempt (server-webapp.rules) * 1:49964 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DHCP client domain search integer underflow attempt (os-windows.rules) * 1:30790 <-> ENABLED <-> SERVER-WEBAPP Java ClassLoader access attempt (server-webapp.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091101.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:59441 <-> DISABLED <-> SERVER-OTHER OpenSLP slp_process.c heap overflow attempt (server-other.rules) * 1:59432 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Password command injection attempt (server-webapp.rules) * 1:59430 <-> DISABLED <-> MALWARE-OTHER Unix.Malware.B1txor20 download attempt (malware-other.rules) * 1:59429 <-> DISABLED <-> FILE-OTHER OMRON CX-One CX-Protocol CSCU type confusion attempt (file-other.rules) * 1:59442 <-> DISABLED <-> SERVER-OTHER OpenSLP slp_process.c heap overflow attempt (server-other.rules) * 1:59427 <-> DISABLED <-> SERVER-WEBAPP Red Hat JBoss BPM Suite Tasks List cross site scripting attempt (server-webapp.rules) * 1:59426 <-> DISABLED <-> SERVER-WEBAPP Red Hat JBoss BPM Suite Tasks List cross site scripting attempt (server-webapp.rules) * 1:59433 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Password command injection attempt (server-webapp.rules) * 1:59443 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Interscan MailNotification buffer overflow attempt (server-webapp.rules) * 1:59439 <-> DISABLED <-> SERVER-WEBAPP Microsoft Sharepoint cross site scripting attempt (server-webapp.rules) * 1:59434 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Password command injection attempt (server-webapp.rules) * 1:59446 <-> ENABLED <-> MALWARE-CNC Java.Trojan.Verblecon variant outbound connection (malware-cnc.rules) * 1:59440 <-> DISABLED <-> SERVER-APACHE Apache mod_http2 NULL pointer dereference attempt (server-apache.rules) * 1:59421 <-> ENABLED <-> MALWARE-CNC Win.Infostealer.MarsStealer outbound connection (malware-cnc.rules) * 1:59447 <-> DISABLED <-> PROTOCOL-SCADA WeCon LeviStudioU HFT font buffer overflow attempt (protocol-scada.rules) * 1:59444 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Interscan MailNotification buffer overflow attempt (server-webapp.rules) * 1:59438 <-> DISABLED <-> SERVER-WEBAPP Microsoft Sharepoint cross site scripting attempt (server-webapp.rules) * 1:59420 <-> ENABLED <-> MALWARE-CNC Win.Trojan.GraphSteel outbound connection (malware-cnc.rules) * 1:59424 <-> DISABLED <-> FILE-OTHER LAquis SCADA LGX report arbitrary file write attempt (file-other.rules) * 1:59425 <-> DISABLED <-> FILE-OTHER LAquis SCADA LGX report arbitrary file write attempt (file-other.rules) * 1:59437 <-> DISABLED <-> SERVER-WEBAPP Microsoft Sharepoint cross site scripting attempt (server-webapp.rules) * 1:59422 <-> DISABLED <-> FILE-OTHER LAquis SCADA LGX report file parsing out-of-bounds write attempt (file-other.rules) * 1:59417 <-> DISABLED <-> SERVER-OTHER Git HTTP server submodule potential remote code execution attempt (server-other.rules) * 1:59428 <-> DISABLED <-> FILE-OTHER OMRON CX-One CX-Protocol CSCU type confusion attempt (file-other.rules) * 1:59445 <-> ENABLED <-> MALWARE-CNC Java.Trojan.Verblecon variant outbound connection (malware-cnc.rules) * 1:59419 <-> DISABLED <-> SERVER-OTHER Git HTTP server submodule potential remote code execution attempt (server-other.rules) * 1:59435 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Password command injection attempt (server-webapp.rules) * 1:59431 <-> DISABLED <-> MALWARE-OTHER Unix.Malware.B1txor20 download attempt (malware-other.rules) * 1:59418 <-> DISABLED <-> SERVER-OTHER Git HTTP server submodule potential remote code execution attempt (server-other.rules) * 1:59423 <-> DISABLED <-> FILE-OTHER LAquis SCADA LGX report file parsing out-of-bounds write attempt (file-other.rules) * 1:59436 <-> DISABLED <-> SERVER-WEBAPP Advantech WISE-PaaS RMM SQLMgmt qryData SQL injection attempt (server-webapp.rules) * 3:59449 <-> ENABLED <-> BROWSER-CHROME TRUFFLEHUNTER TALOS-2022-1508 attack attempt (browser-chrome.rules) * 3:59451 <-> ENABLED <-> OS-OTHER TRUFFLEHUNTER TALOS-2022-1497 attack attempt (os-other.rules) * 3:59448 <-> ENABLED <-> BROWSER-CHROME TRUFFLEHUNTER TALOS-2022-1508 attack attempt (browser-chrome.rules) * 3:59450 <-> ENABLED <-> OS-OTHER TRUFFLEHUNTER TALOS-2022-1497 attack attempt (os-other.rules)
* 1:30792 <-> ENABLED <-> SERVER-WEBAPP Java ClassLoader access attempt (server-webapp.rules) * 1:38124 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows Transport Stream Program Map Table Heap overflow attempt (file-multimedia.rules) * 1:30793 <-> ENABLED <-> SERVER-WEBAPP Java ClassLoader access attempt (server-webapp.rules) * 1:38125 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows Transport Stream Program Map Table Heap overflow attempt (file-multimedia.rules) * 1:51159 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DHCP client Domain Search response memory corruption attempt (os-windows.rules) * 1:59416 <-> ENABLED <-> SERVER-WEBAPP Java getRuntime remote code execution attempt (server-webapp.rules) * 1:49964 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DHCP client domain search integer underflow attempt (os-windows.rules) * 1:30791 <-> ENABLED <-> SERVER-WEBAPP Java ClassLoader access attempt (server-webapp.rules) * 1:30951 <-> DISABLED <-> SERVER-WEBAPP Microsoft Sharepoint cross site scripting attempt (server-webapp.rules) * 1:30790 <-> ENABLED <-> SERVER-WEBAPP Java ClassLoader access attempt (server-webapp.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3000.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:59427 <-> DISABLED <-> SERVER-WEBAPP Red Hat JBoss BPM Suite Tasks List cross site scripting attempt (snort3-server-webapp.rules) * 1:59447 <-> DISABLED <-> PROTOCOL-SCADA WeCon LeviStudioU HFT font buffer overflow attempt (snort3-protocol-scada.rules) * 1:59422 <-> DISABLED <-> FILE-OTHER LAquis SCADA LGX report file parsing out-of-bounds write attempt (snort3-file-other.rules) * 1:59429 <-> DISABLED <-> FILE-OTHER OMRON CX-One CX-Protocol CSCU type confusion attempt (snort3-file-other.rules) * 1:59443 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Interscan MailNotification buffer overflow attempt (snort3-server-webapp.rules) * 1:59428 <-> DISABLED <-> FILE-OTHER OMRON CX-One CX-Protocol CSCU type confusion attempt (snort3-file-other.rules) * 1:59431 <-> DISABLED <-> MALWARE-OTHER Unix.Malware.B1txor20 download attempt (snort3-malware-other.rules) * 1:59434 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Password command injection attempt (snort3-server-webapp.rules) * 1:59435 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Password command injection attempt (snort3-server-webapp.rules) * 1:59439 <-> DISABLED <-> SERVER-WEBAPP Microsoft Sharepoint cross site scripting attempt (snort3-server-webapp.rules) * 1:59445 <-> ENABLED <-> MALWARE-CNC Java.Trojan.Verblecon variant outbound connection (snort3-malware-cnc.rules) * 1:59425 <-> DISABLED <-> FILE-OTHER LAquis SCADA LGX report arbitrary file write attempt (snort3-file-other.rules) * 1:59430 <-> DISABLED <-> MALWARE-OTHER Unix.Malware.B1txor20 download attempt (snort3-malware-other.rules) * 1:59444 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Interscan MailNotification buffer overflow attempt (snort3-server-webapp.rules) * 1:59433 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Password command injection attempt (snort3-server-webapp.rules) * 1:59418 <-> DISABLED <-> SERVER-OTHER Git HTTP server submodule potential remote code execution attempt (snort3-server-other.rules) * 1:59437 <-> DISABLED <-> SERVER-WEBAPP Microsoft Sharepoint cross site scripting attempt (snort3-server-webapp.rules) * 1:59417 <-> DISABLED <-> SERVER-OTHER Git HTTP server submodule potential remote code execution attempt (snort3-server-other.rules) * 1:59426 <-> DISABLED <-> SERVER-WEBAPP Red Hat JBoss BPM Suite Tasks List cross site scripting attempt (snort3-server-webapp.rules) * 1:59419 <-> DISABLED <-> SERVER-OTHER Git HTTP server submodule potential remote code execution attempt (snort3-server-other.rules) * 1:59436 <-> DISABLED <-> SERVER-WEBAPP Advantech WISE-PaaS RMM SQLMgmt qryData SQL injection attempt (snort3-server-webapp.rules) * 1:59432 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Password command injection attempt (snort3-server-webapp.rules) * 1:59440 <-> DISABLED <-> SERVER-APACHE Apache mod_http2 NULL pointer dereference attempt (snort3-server-apache.rules) * 1:59441 <-> DISABLED <-> SERVER-OTHER OpenSLP slp_process.c heap overflow attempt (snort3-server-other.rules) * 1:59442 <-> DISABLED <-> SERVER-OTHER OpenSLP slp_process.c heap overflow attempt (snort3-server-other.rules) * 1:59446 <-> ENABLED <-> MALWARE-CNC Java.Trojan.Verblecon variant outbound connection (snort3-malware-cnc.rules) * 1:59423 <-> DISABLED <-> FILE-OTHER LAquis SCADA LGX report file parsing out-of-bounds write attempt (snort3-file-other.rules) * 1:59420 <-> ENABLED <-> MALWARE-CNC Win.Trojan.GraphSteel outbound connection (snort3-malware-cnc.rules) * 1:59438 <-> DISABLED <-> SERVER-WEBAPP Microsoft Sharepoint cross site scripting attempt (snort3-server-webapp.rules) * 1:59424 <-> DISABLED <-> FILE-OTHER LAquis SCADA LGX report arbitrary file write attempt (snort3-file-other.rules) * 1:59421 <-> ENABLED <-> MALWARE-CNC Win.Infostealer.MarsStealer outbound connection (snort3-malware-cnc.rules)
* 1:30790 <-> ENABLED <-> SERVER-WEBAPP Java ClassLoader access attempt (snort3-server-webapp.rules) * 1:30791 <-> ENABLED <-> SERVER-WEBAPP Java ClassLoader access attempt (snort3-server-webapp.rules) * 1:30792 <-> ENABLED <-> SERVER-WEBAPP Java ClassLoader access attempt (snort3-server-webapp.rules) * 1:30793 <-> ENABLED <-> SERVER-WEBAPP Java ClassLoader access attempt (snort3-server-webapp.rules) * 1:30951 <-> DISABLED <-> SERVER-WEBAPP Microsoft Sharepoint cross site scripting attempt (snort3-server-webapp.rules) * 1:38124 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows Transport Stream Program Map Table Heap overflow attempt (snort3-file-multimedia.rules) * 1:38125 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows Transport Stream Program Map Table Heap overflow attempt (snort3-file-multimedia.rules) * 1:49964 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DHCP client domain search integer underflow attempt (snort3-os-windows.rules) * 1:51159 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DHCP client Domain Search response memory corruption attempt (snort3-os-windows.rules) * 1:59416 <-> ENABLED <-> SERVER-WEBAPP Java getRuntime remote code execution attempt (snort3-server-webapp.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:59418 <-> DISABLED <-> SERVER-OTHER Git HTTP server submodule potential remote code execution attempt (server-other.rules) * 1:59446 <-> ENABLED <-> MALWARE-CNC Java.Trojan.Verblecon variant outbound connection (malware-cnc.rules) * 1:59441 <-> DISABLED <-> SERVER-OTHER OpenSLP slp_process.c heap overflow attempt (server-other.rules) * 1:59444 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Interscan MailNotification buffer overflow attempt (server-webapp.rules) * 1:59429 <-> DISABLED <-> FILE-OTHER OMRON CX-One CX-Protocol CSCU type confusion attempt (file-other.rules) * 1:59426 <-> DISABLED <-> SERVER-WEBAPP Red Hat JBoss BPM Suite Tasks List cross site scripting attempt (server-webapp.rules) * 1:59438 <-> DISABLED <-> SERVER-WEBAPP Microsoft Sharepoint cross site scripting attempt (server-webapp.rules) * 1:59445 <-> ENABLED <-> MALWARE-CNC Java.Trojan.Verblecon variant outbound connection (malware-cnc.rules) * 1:59420 <-> ENABLED <-> MALWARE-CNC Win.Trojan.GraphSteel outbound connection (malware-cnc.rules) * 1:59443 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Interscan MailNotification buffer overflow attempt (server-webapp.rules) * 1:59425 <-> DISABLED <-> FILE-OTHER LAquis SCADA LGX report arbitrary file write attempt (file-other.rules) * 1:59417 <-> DISABLED <-> SERVER-OTHER Git HTTP server submodule potential remote code execution attempt (server-other.rules) * 1:59427 <-> DISABLED <-> SERVER-WEBAPP Red Hat JBoss BPM Suite Tasks List cross site scripting attempt (server-webapp.rules) * 1:59428 <-> DISABLED <-> FILE-OTHER OMRON CX-One CX-Protocol CSCU type confusion attempt (file-other.rules) * 1:59447 <-> DISABLED <-> PROTOCOL-SCADA WeCon LeviStudioU HFT font buffer overflow attempt (protocol-scada.rules) * 1:59442 <-> DISABLED <-> SERVER-OTHER OpenSLP slp_process.c heap overflow attempt (server-other.rules) * 1:59421 <-> ENABLED <-> MALWARE-CNC Win.Infostealer.MarsStealer outbound connection (malware-cnc.rules) * 1:59423 <-> DISABLED <-> FILE-OTHER LAquis SCADA LGX report file parsing out-of-bounds write attempt (file-other.rules) * 1:59430 <-> DISABLED <-> MALWARE-OTHER Unix.Malware.B1txor20 download attempt (malware-other.rules) * 1:59431 <-> DISABLED <-> MALWARE-OTHER Unix.Malware.B1txor20 download attempt (malware-other.rules) * 1:59432 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Password command injection attempt (server-webapp.rules) * 1:59424 <-> DISABLED <-> FILE-OTHER LAquis SCADA LGX report arbitrary file write attempt (file-other.rules) * 1:59433 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Password command injection attempt (server-webapp.rules) * 1:59434 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Password command injection attempt (server-webapp.rules) * 1:59419 <-> DISABLED <-> SERVER-OTHER Git HTTP server submodule potential remote code execution attempt (server-other.rules) * 1:59435 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Password command injection attempt (server-webapp.rules) * 1:59422 <-> DISABLED <-> FILE-OTHER LAquis SCADA LGX report file parsing out-of-bounds write attempt (file-other.rules) * 1:59436 <-> DISABLED <-> SERVER-WEBAPP Advantech WISE-PaaS RMM SQLMgmt qryData SQL injection attempt (server-webapp.rules) * 1:59440 <-> DISABLED <-> SERVER-APACHE Apache mod_http2 NULL pointer dereference attempt (server-apache.rules) * 1:59437 <-> DISABLED <-> SERVER-WEBAPP Microsoft Sharepoint cross site scripting attempt (server-webapp.rules) * 1:59439 <-> DISABLED <-> SERVER-WEBAPP Microsoft Sharepoint cross site scripting attempt (server-webapp.rules)
* 1:30792 <-> ENABLED <-> SERVER-WEBAPP Java ClassLoader access attempt (server-webapp.rules) * 1:30790 <-> ENABLED <-> SERVER-WEBAPP Java ClassLoader access attempt (server-webapp.rules) * 1:59416 <-> ENABLED <-> SERVER-WEBAPP Java getRuntime remote code execution attempt (server-webapp.rules) * 1:49964 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DHCP client domain search integer underflow attempt (os-windows.rules) * 1:30951 <-> DISABLED <-> SERVER-WEBAPP Microsoft Sharepoint cross site scripting attempt (server-webapp.rules) * 1:30793 <-> ENABLED <-> SERVER-WEBAPP Java ClassLoader access attempt (server-webapp.rules) * 1:51159 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DHCP client Domain Search response memory corruption attempt (os-windows.rules) * 1:30791 <-> ENABLED <-> SERVER-WEBAPP Java ClassLoader access attempt (server-webapp.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.0.3.1.
The format of the file is:
gid:sid <-> Message
* 1:300063 <-> FILE-OTHER LibreOffice office document arbitrary script execution attempt * 1:59417 <-> SERVER-OTHER Git HTTP server submodule potential remote code execution attempt * 1:59418 <-> SERVER-OTHER Git HTTP server submodule potential remote code execution attempt * 1:59419 <-> SERVER-OTHER Git HTTP server submodule potential remote code execution attempt * 1:59420 <-> MALWARE-CNC Win.Trojan.GraphSteel outbound connection * 1:59421 <-> MALWARE-CNC Win.Infostealer.MarsStealer outbound connection * 1:59422 <-> FILE-OTHER LAquis SCADA LGX report file parsing out-of-bounds write attempt * 1:59423 <-> FILE-OTHER LAquis SCADA LGX report file parsing out-of-bounds write attempt * 1:59424 <-> FILE-OTHER LAquis SCADA LGX report arbitrary file write attempt * 1:59425 <-> FILE-OTHER LAquis SCADA LGX report arbitrary file write attempt * 1:59426 <-> SERVER-WEBAPP Red Hat JBoss BPM Suite Tasks List cross site scripting attempt * 1:59427 <-> SERVER-WEBAPP Red Hat JBoss BPM Suite Tasks List cross site scripting attempt * 1:59428 <-> FILE-OTHER OMRON CX-One CX-Protocol CSCU type confusion attempt * 1:59429 <-> FILE-OTHER OMRON CX-One CX-Protocol CSCU type confusion attempt * 1:59430 <-> MALWARE-OTHER Unix.Malware.B1txor20 download attempt * 1:59431 <-> MALWARE-OTHER Unix.Malware.B1txor20 download attempt * 1:59432 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Password command injection attempt * 1:59433 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Password command injection attempt * 1:59434 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Password command injection attempt * 1:59435 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Password command injection attempt * 1:59436 <-> SERVER-WEBAPP Advantech WISE-PaaS RMM SQLMgmt qryData SQL injection attempt * 1:59437 <-> SERVER-WEBAPP Microsoft Sharepoint cross site scripting attempt * 1:59438 <-> SERVER-WEBAPP Microsoft Sharepoint cross site scripting attempt * 1:59439 <-> SERVER-WEBAPP Microsoft Sharepoint cross site scripting attempt * 1:59440 <-> SERVER-APACHE Apache mod_http2 NULL pointer dereference attempt * 1:59441 <-> SERVER-OTHER OpenSLP slp_process.c heap overflow attempt * 1:59442 <-> SERVER-OTHER OpenSLP slp_process.c heap overflow attempt * 1:59443 <-> SERVER-WEBAPP Trend Micro Interscan MailNotification buffer overflow attempt * 1:59444 <-> SERVER-WEBAPP Trend Micro Interscan MailNotification buffer overflow attempt * 1:59445 <-> MALWARE-CNC Java.Trojan.Verblecon variant outbound connection * 1:59446 <-> MALWARE-CNC Java.Trojan.Verblecon variant outbound connection * 1:59447 <-> PROTOCOL-SCADA WeCon LeviStudioU HFT font buffer overflow attempt * 3:59448 <-> BROWSER-CHROME TRUFFLEHUNTER TALOS-2022-1508 attack attempt * 3:59449 <-> BROWSER-CHROME TRUFFLEHUNTER TALOS-2022-1508 attack attempt * 3:59450 <-> OS-OTHER TRUFFLEHUNTER TALOS-2022-1497 attack attempt * 3:59451 <-> OS-OTHER TRUFFLEHUNTER TALOS-2022-1497 attack attempt
* 1:30790 <-> SERVER-WEBAPP Java ClassLoader access attempt * 1:30791 <-> SERVER-WEBAPP Java ClassLoader access attempt * 1:30792 <-> SERVER-WEBAPP Java ClassLoader access attempt * 1:30793 <-> SERVER-WEBAPP Java ClassLoader access attempt * 1:30951 <-> SERVER-WEBAPP Microsoft Sharepoint cross site scripting attempt * 1:38124 <-> FILE-MULTIMEDIA Microsoft Windows Transport Stream Program Map Table Heap overflow attempt * 1:38125 <-> FILE-MULTIMEDIA Microsoft Windows Transport Stream Program Map Table Heap overflow attempt * 1:49964 <-> OS-WINDOWS Microsoft Windows DHCP client domain search integer underflow attempt * 1:51159 <-> OS-WINDOWS Microsoft Windows DHCP client Domain Search response memory corruption attempt * 1:59416 <-> SERVER-WEBAPP Java getRuntime remote code execution attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.0.3.4.
The format of the file is:
gid:sid <-> Message
* 1:300063 <-> FILE-OTHER LibreOffice office document arbitrary script execution attempt * 1:59417 <-> SERVER-OTHER Git HTTP server submodule potential remote code execution attempt * 1:59418 <-> SERVER-OTHER Git HTTP server submodule potential remote code execution attempt * 1:59419 <-> SERVER-OTHER Git HTTP server submodule potential remote code execution attempt * 1:59420 <-> MALWARE-CNC Win.Trojan.GraphSteel outbound connection * 1:59421 <-> MALWARE-CNC Win.Infostealer.MarsStealer outbound connection * 1:59422 <-> FILE-OTHER LAquis SCADA LGX report file parsing out-of-bounds write attempt * 1:59423 <-> FILE-OTHER LAquis SCADA LGX report file parsing out-of-bounds write attempt * 1:59424 <-> FILE-OTHER LAquis SCADA LGX report arbitrary file write attempt * 1:59425 <-> FILE-OTHER LAquis SCADA LGX report arbitrary file write attempt * 1:59426 <-> SERVER-WEBAPP Red Hat JBoss BPM Suite Tasks List cross site scripting attempt * 1:59427 <-> SERVER-WEBAPP Red Hat JBoss BPM Suite Tasks List cross site scripting attempt * 1:59428 <-> FILE-OTHER OMRON CX-One CX-Protocol CSCU type confusion attempt * 1:59429 <-> FILE-OTHER OMRON CX-One CX-Protocol CSCU type confusion attempt * 1:59430 <-> MALWARE-OTHER Unix.Malware.B1txor20 download attempt * 1:59431 <-> MALWARE-OTHER Unix.Malware.B1txor20 download attempt * 1:59432 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Password command injection attempt * 1:59433 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Password command injection attempt * 1:59434 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Password command injection attempt * 1:59435 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Password command injection attempt * 1:59436 <-> SERVER-WEBAPP Advantech WISE-PaaS RMM SQLMgmt qryData SQL injection attempt * 1:59437 <-> SERVER-WEBAPP Microsoft Sharepoint cross site scripting attempt * 1:59438 <-> SERVER-WEBAPP Microsoft Sharepoint cross site scripting attempt * 1:59439 <-> SERVER-WEBAPP Microsoft Sharepoint cross site scripting attempt * 1:59440 <-> SERVER-APACHE Apache mod_http2 NULL pointer dereference attempt * 1:59441 <-> SERVER-OTHER OpenSLP slp_process.c heap overflow attempt * 1:59442 <-> SERVER-OTHER OpenSLP slp_process.c heap overflow attempt * 1:59443 <-> SERVER-WEBAPP Trend Micro Interscan MailNotification buffer overflow attempt * 1:59444 <-> SERVER-WEBAPP Trend Micro Interscan MailNotification buffer overflow attempt * 1:59445 <-> MALWARE-CNC Java.Trojan.Verblecon variant outbound connection * 1:59446 <-> MALWARE-CNC Java.Trojan.Verblecon variant outbound connection * 1:59447 <-> PROTOCOL-SCADA WeCon LeviStudioU HFT font buffer overflow attempt * 3:59448 <-> BROWSER-CHROME TRUFFLEHUNTER TALOS-2022-1508 attack attempt * 3:59449 <-> BROWSER-CHROME TRUFFLEHUNTER TALOS-2022-1508 attack attempt * 3:59450 <-> OS-OTHER TRUFFLEHUNTER TALOS-2022-1497 attack attempt * 3:59451 <-> OS-OTHER TRUFFLEHUNTER TALOS-2022-1497 attack attempt
* 1:30790 <-> SERVER-WEBAPP Java ClassLoader access attempt * 1:30791 <-> SERVER-WEBAPP Java ClassLoader access attempt * 1:30792 <-> SERVER-WEBAPP Java ClassLoader access attempt * 1:30793 <-> SERVER-WEBAPP Java ClassLoader access attempt * 1:30951 <-> SERVER-WEBAPP Microsoft Sharepoint cross site scripting attempt * 1:38124 <-> FILE-MULTIMEDIA Microsoft Windows Transport Stream Program Map Table Heap overflow attempt * 1:38125 <-> FILE-MULTIMEDIA Microsoft Windows Transport Stream Program Map Table Heap overflow attempt * 1:49964 <-> OS-WINDOWS Microsoft Windows DHCP client domain search integer underflow attempt * 1:51159 <-> OS-WINDOWS Microsoft Windows DHCP client Domain Search response memory corruption attempt * 1:59416 <-> SERVER-WEBAPP Java getRuntime remote code execution attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.0.0.
The format of the file is:
gid:sid <-> Message
* 1:300063 <-> FILE-OTHER LibreOffice office document arbitrary script execution attempt * 1:59417 <-> SERVER-OTHER Git HTTP server submodule potential remote code execution attempt * 1:59418 <-> SERVER-OTHER Git HTTP server submodule potential remote code execution attempt * 1:59419 <-> SERVER-OTHER Git HTTP server submodule potential remote code execution attempt * 1:59420 <-> MALWARE-CNC Win.Trojan.GraphSteel outbound connection * 1:59421 <-> MALWARE-CNC Win.Infostealer.MarsStealer outbound connection * 1:59422 <-> FILE-OTHER LAquis SCADA LGX report file parsing out-of-bounds write attempt * 1:59423 <-> FILE-OTHER LAquis SCADA LGX report file parsing out-of-bounds write attempt * 1:59424 <-> FILE-OTHER LAquis SCADA LGX report arbitrary file write attempt * 1:59425 <-> FILE-OTHER LAquis SCADA LGX report arbitrary file write attempt * 1:59426 <-> SERVER-WEBAPP Red Hat JBoss BPM Suite Tasks List cross site scripting attempt * 1:59427 <-> SERVER-WEBAPP Red Hat JBoss BPM Suite Tasks List cross site scripting attempt * 1:59428 <-> FILE-OTHER OMRON CX-One CX-Protocol CSCU type confusion attempt * 1:59429 <-> FILE-OTHER OMRON CX-One CX-Protocol CSCU type confusion attempt * 1:59430 <-> MALWARE-OTHER Unix.Malware.B1txor20 download attempt * 1:59431 <-> MALWARE-OTHER Unix.Malware.B1txor20 download attempt * 1:59432 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Password command injection attempt * 1:59433 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Password command injection attempt * 1:59434 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Password command injection attempt * 1:59435 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Password command injection attempt * 1:59436 <-> SERVER-WEBAPP Advantech WISE-PaaS RMM SQLMgmt qryData SQL injection attempt * 1:59437 <-> SERVER-WEBAPP Microsoft Sharepoint cross site scripting attempt * 1:59438 <-> SERVER-WEBAPP Microsoft Sharepoint cross site scripting attempt * 1:59439 <-> SERVER-WEBAPP Microsoft Sharepoint cross site scripting attempt * 1:59440 <-> SERVER-APACHE Apache mod_http2 NULL pointer dereference attempt * 1:59441 <-> SERVER-OTHER OpenSLP slp_process.c heap overflow attempt * 1:59442 <-> SERVER-OTHER OpenSLP slp_process.c heap overflow attempt * 1:59443 <-> SERVER-WEBAPP Trend Micro Interscan MailNotification buffer overflow attempt * 1:59444 <-> SERVER-WEBAPP Trend Micro Interscan MailNotification buffer overflow attempt * 1:59445 <-> MALWARE-CNC Java.Trojan.Verblecon variant outbound connection * 1:59446 <-> MALWARE-CNC Java.Trojan.Verblecon variant outbound connection * 1:59447 <-> PROTOCOL-SCADA WeCon LeviStudioU HFT font buffer overflow attempt * 3:59448 <-> BROWSER-CHROME TRUFFLEHUNTER TALOS-2022-1508 attack attempt * 3:59449 <-> BROWSER-CHROME TRUFFLEHUNTER TALOS-2022-1508 attack attempt * 3:59450 <-> OS-OTHER TRUFFLEHUNTER TALOS-2022-1497 attack attempt * 3:59451 <-> OS-OTHER TRUFFLEHUNTER TALOS-2022-1497 attack attempt
* 1:30790 <-> SERVER-WEBAPP Java ClassLoader access attempt * 1:30791 <-> SERVER-WEBAPP Java ClassLoader access attempt * 1:30792 <-> SERVER-WEBAPP Java ClassLoader access attempt * 1:30793 <-> SERVER-WEBAPP Java ClassLoader access attempt * 1:30951 <-> SERVER-WEBAPP Microsoft Sharepoint cross site scripting attempt * 1:38124 <-> FILE-MULTIMEDIA Microsoft Windows Transport Stream Program Map Table Heap overflow attempt * 1:38125 <-> FILE-MULTIMEDIA Microsoft Windows Transport Stream Program Map Table Heap overflow attempt * 1:49964 <-> OS-WINDOWS Microsoft Windows DHCP client domain search integer underflow attempt * 1:51159 <-> OS-WINDOWS Microsoft Windows DHCP client Domain Search response memory corruption attempt * 1:59416 <-> SERVER-WEBAPP Java getRuntime remote code execution attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.0.1.
The format of the file is:
gid:sid <-> Message
* 1:300063 <-> FILE-OTHER LibreOffice office document arbitrary script execution attempt * 1:59417 <-> SERVER-OTHER Git HTTP server submodule potential remote code execution attempt * 1:59418 <-> SERVER-OTHER Git HTTP server submodule potential remote code execution attempt * 1:59419 <-> SERVER-OTHER Git HTTP server submodule potential remote code execution attempt * 1:59420 <-> MALWARE-CNC Win.Trojan.GraphSteel outbound connection * 1:59421 <-> MALWARE-CNC Win.Infostealer.MarsStealer outbound connection * 1:59422 <-> FILE-OTHER LAquis SCADA LGX report file parsing out-of-bounds write attempt * 1:59423 <-> FILE-OTHER LAquis SCADA LGX report file parsing out-of-bounds write attempt * 1:59424 <-> FILE-OTHER LAquis SCADA LGX report arbitrary file write attempt * 1:59425 <-> FILE-OTHER LAquis SCADA LGX report arbitrary file write attempt * 1:59426 <-> SERVER-WEBAPP Red Hat JBoss BPM Suite Tasks List cross site scripting attempt * 1:59427 <-> SERVER-WEBAPP Red Hat JBoss BPM Suite Tasks List cross site scripting attempt * 1:59428 <-> FILE-OTHER OMRON CX-One CX-Protocol CSCU type confusion attempt * 1:59429 <-> FILE-OTHER OMRON CX-One CX-Protocol CSCU type confusion attempt * 1:59430 <-> MALWARE-OTHER Unix.Malware.B1txor20 download attempt * 1:59431 <-> MALWARE-OTHER Unix.Malware.B1txor20 download attempt * 1:59432 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Password command injection attempt * 1:59433 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Password command injection attempt * 1:59434 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Password command injection attempt * 1:59435 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Password command injection attempt * 1:59436 <-> SERVER-WEBAPP Advantech WISE-PaaS RMM SQLMgmt qryData SQL injection attempt * 1:59437 <-> SERVER-WEBAPP Microsoft Sharepoint cross site scripting attempt * 1:59438 <-> SERVER-WEBAPP Microsoft Sharepoint cross site scripting attempt * 1:59439 <-> SERVER-WEBAPP Microsoft Sharepoint cross site scripting attempt * 1:59440 <-> SERVER-APACHE Apache mod_http2 NULL pointer dereference attempt * 1:59441 <-> SERVER-OTHER OpenSLP slp_process.c heap overflow attempt * 1:59442 <-> SERVER-OTHER OpenSLP slp_process.c heap overflow attempt * 1:59443 <-> SERVER-WEBAPP Trend Micro Interscan MailNotification buffer overflow attempt * 1:59444 <-> SERVER-WEBAPP Trend Micro Interscan MailNotification buffer overflow attempt * 1:59445 <-> MALWARE-CNC Java.Trojan.Verblecon variant outbound connection * 1:59446 <-> MALWARE-CNC Java.Trojan.Verblecon variant outbound connection * 1:59447 <-> PROTOCOL-SCADA WeCon LeviStudioU HFT font buffer overflow attempt * 3:59448 <-> BROWSER-CHROME TRUFFLEHUNTER TALOS-2022-1508 attack attempt * 3:59449 <-> BROWSER-CHROME TRUFFLEHUNTER TALOS-2022-1508 attack attempt * 3:59450 <-> OS-OTHER TRUFFLEHUNTER TALOS-2022-1497 attack attempt * 3:59451 <-> OS-OTHER TRUFFLEHUNTER TALOS-2022-1497 attack attempt
* 1:30790 <-> SERVER-WEBAPP Java ClassLoader access attempt * 1:30791 <-> SERVER-WEBAPP Java ClassLoader access attempt * 1:30792 <-> SERVER-WEBAPP Java ClassLoader access attempt * 1:30793 <-> SERVER-WEBAPP Java ClassLoader access attempt * 1:30951 <-> SERVER-WEBAPP Microsoft Sharepoint cross site scripting attempt * 1:38124 <-> FILE-MULTIMEDIA Microsoft Windows Transport Stream Program Map Table Heap overflow attempt * 1:38125 <-> FILE-MULTIMEDIA Microsoft Windows Transport Stream Program Map Table Heap overflow attempt * 1:49964 <-> OS-WINDOWS Microsoft Windows DHCP client domain search integer underflow attempt * 1:51159 <-> OS-WINDOWS Microsoft Windows DHCP client Domain Search response memory corruption attempt * 1:59416 <-> SERVER-WEBAPP Java getRuntime remote code execution attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.1.0.
The format of the file is:
gid:sid <-> Message
* 1:300063 <-> FILE-OTHER LibreOffice office document arbitrary script execution attempt * 1:59417 <-> SERVER-OTHER Git HTTP server submodule potential remote code execution attempt * 1:59418 <-> SERVER-OTHER Git HTTP server submodule potential remote code execution attempt * 1:59419 <-> SERVER-OTHER Git HTTP server submodule potential remote code execution attempt * 1:59420 <-> MALWARE-CNC Win.Trojan.GraphSteel outbound connection * 1:59421 <-> MALWARE-CNC Win.Infostealer.MarsStealer outbound connection * 1:59422 <-> FILE-OTHER LAquis SCADA LGX report file parsing out-of-bounds write attempt * 1:59423 <-> FILE-OTHER LAquis SCADA LGX report file parsing out-of-bounds write attempt * 1:59424 <-> FILE-OTHER LAquis SCADA LGX report arbitrary file write attempt * 1:59425 <-> FILE-OTHER LAquis SCADA LGX report arbitrary file write attempt * 1:59426 <-> SERVER-WEBAPP Red Hat JBoss BPM Suite Tasks List cross site scripting attempt * 1:59427 <-> SERVER-WEBAPP Red Hat JBoss BPM Suite Tasks List cross site scripting attempt * 1:59428 <-> FILE-OTHER OMRON CX-One CX-Protocol CSCU type confusion attempt * 1:59429 <-> FILE-OTHER OMRON CX-One CX-Protocol CSCU type confusion attempt * 1:59430 <-> MALWARE-OTHER Unix.Malware.B1txor20 download attempt * 1:59431 <-> MALWARE-OTHER Unix.Malware.B1txor20 download attempt * 1:59432 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Password command injection attempt * 1:59433 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Password command injection attempt * 1:59434 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Password command injection attempt * 1:59435 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Password command injection attempt * 1:59436 <-> SERVER-WEBAPP Advantech WISE-PaaS RMM SQLMgmt qryData SQL injection attempt * 1:59437 <-> SERVER-WEBAPP Microsoft Sharepoint cross site scripting attempt * 1:59438 <-> SERVER-WEBAPP Microsoft Sharepoint cross site scripting attempt * 1:59439 <-> SERVER-WEBAPP Microsoft Sharepoint cross site scripting attempt * 1:59440 <-> SERVER-APACHE Apache mod_http2 NULL pointer dereference attempt * 1:59441 <-> SERVER-OTHER OpenSLP slp_process.c heap overflow attempt * 1:59442 <-> SERVER-OTHER OpenSLP slp_process.c heap overflow attempt * 1:59443 <-> SERVER-WEBAPP Trend Micro Interscan MailNotification buffer overflow attempt * 1:59444 <-> SERVER-WEBAPP Trend Micro Interscan MailNotification buffer overflow attempt * 1:59445 <-> MALWARE-CNC Java.Trojan.Verblecon variant outbound connection * 1:59446 <-> MALWARE-CNC Java.Trojan.Verblecon variant outbound connection * 1:59447 <-> PROTOCOL-SCADA WeCon LeviStudioU HFT font buffer overflow attempt * 3:59448 <-> BROWSER-CHROME TRUFFLEHUNTER TALOS-2022-1508 attack attempt * 3:59449 <-> BROWSER-CHROME TRUFFLEHUNTER TALOS-2022-1508 attack attempt * 3:59450 <-> OS-OTHER TRUFFLEHUNTER TALOS-2022-1497 attack attempt * 3:59451 <-> OS-OTHER TRUFFLEHUNTER TALOS-2022-1497 attack attempt
* 1:30790 <-> SERVER-WEBAPP Java ClassLoader access attempt * 1:30791 <-> SERVER-WEBAPP Java ClassLoader access attempt * 1:30792 <-> SERVER-WEBAPP Java ClassLoader access attempt * 1:30793 <-> SERVER-WEBAPP Java ClassLoader access attempt * 1:30951 <-> SERVER-WEBAPP Microsoft Sharepoint cross site scripting attempt * 1:38124 <-> FILE-MULTIMEDIA Microsoft Windows Transport Stream Program Map Table Heap overflow attempt * 1:38125 <-> FILE-MULTIMEDIA Microsoft Windows Transport Stream Program Map Table Heap overflow attempt * 1:49964 <-> OS-WINDOWS Microsoft Windows DHCP client domain search integer underflow attempt * 1:51159 <-> OS-WINDOWS Microsoft Windows DHCP client Domain Search response memory corruption attempt * 1:59416 <-> SERVER-WEBAPP Java getRuntime remote code execution attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.3.0.
The format of the file is:
gid:sid <-> Message
* 1:300063 <-> FILE-OTHER LibreOffice office document arbitrary script execution attempt * 1:59417 <-> SERVER-OTHER Git HTTP server submodule potential remote code execution attempt * 1:59418 <-> SERVER-OTHER Git HTTP server submodule potential remote code execution attempt * 1:59419 <-> SERVER-OTHER Git HTTP server submodule potential remote code execution attempt * 1:59420 <-> MALWARE-CNC Win.Trojan.GraphSteel outbound connection * 1:59421 <-> MALWARE-CNC Win.Infostealer.MarsStealer outbound connection * 1:59422 <-> FILE-OTHER LAquis SCADA LGX report file parsing out-of-bounds write attempt * 1:59423 <-> FILE-OTHER LAquis SCADA LGX report file parsing out-of-bounds write attempt * 1:59424 <-> FILE-OTHER LAquis SCADA LGX report arbitrary file write attempt * 1:59425 <-> FILE-OTHER LAquis SCADA LGX report arbitrary file write attempt * 1:59426 <-> SERVER-WEBAPP Red Hat JBoss BPM Suite Tasks List cross site scripting attempt * 1:59427 <-> SERVER-WEBAPP Red Hat JBoss BPM Suite Tasks List cross site scripting attempt * 1:59428 <-> FILE-OTHER OMRON CX-One CX-Protocol CSCU type confusion attempt * 1:59429 <-> FILE-OTHER OMRON CX-One CX-Protocol CSCU type confusion attempt * 1:59430 <-> MALWARE-OTHER Unix.Malware.B1txor20 download attempt * 1:59431 <-> MALWARE-OTHER Unix.Malware.B1txor20 download attempt * 1:59432 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Password command injection attempt * 1:59433 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Password command injection attempt * 1:59434 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Password command injection attempt * 1:59435 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Password command injection attempt * 1:59436 <-> SERVER-WEBAPP Advantech WISE-PaaS RMM SQLMgmt qryData SQL injection attempt * 1:59437 <-> SERVER-WEBAPP Microsoft Sharepoint cross site scripting attempt * 1:59438 <-> SERVER-WEBAPP Microsoft Sharepoint cross site scripting attempt * 1:59439 <-> SERVER-WEBAPP Microsoft Sharepoint cross site scripting attempt * 1:59440 <-> SERVER-APACHE Apache mod_http2 NULL pointer dereference attempt * 1:59441 <-> SERVER-OTHER OpenSLP slp_process.c heap overflow attempt * 1:59442 <-> SERVER-OTHER OpenSLP slp_process.c heap overflow attempt * 1:59443 <-> SERVER-WEBAPP Trend Micro Interscan MailNotification buffer overflow attempt * 1:59444 <-> SERVER-WEBAPP Trend Micro Interscan MailNotification buffer overflow attempt * 1:59445 <-> MALWARE-CNC Java.Trojan.Verblecon variant outbound connection * 1:59446 <-> MALWARE-CNC Java.Trojan.Verblecon variant outbound connection * 1:59447 <-> PROTOCOL-SCADA WeCon LeviStudioU HFT font buffer overflow attempt * 3:59448 <-> BROWSER-CHROME TRUFFLEHUNTER TALOS-2022-1508 attack attempt * 3:59449 <-> BROWSER-CHROME TRUFFLEHUNTER TALOS-2022-1508 attack attempt * 3:59450 <-> OS-OTHER TRUFFLEHUNTER TALOS-2022-1497 attack attempt * 3:59451 <-> OS-OTHER TRUFFLEHUNTER TALOS-2022-1497 attack attempt
* 1:30790 <-> SERVER-WEBAPP Java ClassLoader access attempt * 1:30791 <-> SERVER-WEBAPP Java ClassLoader access attempt * 1:30792 <-> SERVER-WEBAPP Java ClassLoader access attempt * 1:30793 <-> SERVER-WEBAPP Java ClassLoader access attempt * 1:30951 <-> SERVER-WEBAPP Microsoft Sharepoint cross site scripting attempt * 1:38124 <-> FILE-MULTIMEDIA Microsoft Windows Transport Stream Program Map Table Heap overflow attempt * 1:38125 <-> FILE-MULTIMEDIA Microsoft Windows Transport Stream Program Map Table Heap overflow attempt * 1:49964 <-> OS-WINDOWS Microsoft Windows DHCP client domain search integer underflow attempt * 1:51159 <-> OS-WINDOWS Microsoft Windows DHCP client Domain Search response memory corruption attempt * 1:59416 <-> SERVER-WEBAPP Java getRuntime remote code execution attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.4.0.
The format of the file is:
gid:sid <-> Message
* 1:300063 <-> FILE-OTHER LibreOffice office document arbitrary script execution attempt * 1:59417 <-> SERVER-OTHER Git HTTP server submodule potential remote code execution attempt * 1:59418 <-> SERVER-OTHER Git HTTP server submodule potential remote code execution attempt * 1:59419 <-> SERVER-OTHER Git HTTP server submodule potential remote code execution attempt * 1:59420 <-> MALWARE-CNC Win.Trojan.GraphSteel outbound connection * 1:59421 <-> MALWARE-CNC Win.Infostealer.MarsStealer outbound connection * 1:59422 <-> FILE-OTHER LAquis SCADA LGX report file parsing out-of-bounds write attempt * 1:59423 <-> FILE-OTHER LAquis SCADA LGX report file parsing out-of-bounds write attempt * 1:59424 <-> FILE-OTHER LAquis SCADA LGX report arbitrary file write attempt * 1:59425 <-> FILE-OTHER LAquis SCADA LGX report arbitrary file write attempt * 1:59426 <-> SERVER-WEBAPP Red Hat JBoss BPM Suite Tasks List cross site scripting attempt * 1:59427 <-> SERVER-WEBAPP Red Hat JBoss BPM Suite Tasks List cross site scripting attempt * 1:59428 <-> FILE-OTHER OMRON CX-One CX-Protocol CSCU type confusion attempt * 1:59429 <-> FILE-OTHER OMRON CX-One CX-Protocol CSCU type confusion attempt * 1:59430 <-> MALWARE-OTHER Unix.Malware.B1txor20 download attempt * 1:59431 <-> MALWARE-OTHER Unix.Malware.B1txor20 download attempt * 1:59432 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Password command injection attempt * 1:59433 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Password command injection attempt * 1:59434 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Password command injection attempt * 1:59435 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Password command injection attempt * 1:59436 <-> SERVER-WEBAPP Advantech WISE-PaaS RMM SQLMgmt qryData SQL injection attempt * 1:59437 <-> SERVER-WEBAPP Microsoft Sharepoint cross site scripting attempt * 1:59438 <-> SERVER-WEBAPP Microsoft Sharepoint cross site scripting attempt * 1:59439 <-> SERVER-WEBAPP Microsoft Sharepoint cross site scripting attempt * 1:59440 <-> SERVER-APACHE Apache mod_http2 NULL pointer dereference attempt * 1:59441 <-> SERVER-OTHER OpenSLP slp_process.c heap overflow attempt * 1:59442 <-> SERVER-OTHER OpenSLP slp_process.c heap overflow attempt * 1:59443 <-> SERVER-WEBAPP Trend Micro Interscan MailNotification buffer overflow attempt * 1:59444 <-> SERVER-WEBAPP Trend Micro Interscan MailNotification buffer overflow attempt * 1:59445 <-> MALWARE-CNC Java.Trojan.Verblecon variant outbound connection * 1:59446 <-> MALWARE-CNC Java.Trojan.Verblecon variant outbound connection * 1:59447 <-> PROTOCOL-SCADA WeCon LeviStudioU HFT font buffer overflow attempt * 3:59448 <-> BROWSER-CHROME TRUFFLEHUNTER TALOS-2022-1508 attack attempt * 3:59449 <-> BROWSER-CHROME TRUFFLEHUNTER TALOS-2022-1508 attack attempt * 3:59450 <-> OS-OTHER TRUFFLEHUNTER TALOS-2022-1497 attack attempt * 3:59451 <-> OS-OTHER TRUFFLEHUNTER TALOS-2022-1497 attack attempt
* 1:30790 <-> SERVER-WEBAPP Java ClassLoader access attempt * 1:30791 <-> SERVER-WEBAPP Java ClassLoader access attempt * 1:30792 <-> SERVER-WEBAPP Java ClassLoader access attempt * 1:30793 <-> SERVER-WEBAPP Java ClassLoader access attempt * 1:30951 <-> SERVER-WEBAPP Microsoft Sharepoint cross site scripting attempt * 1:38124 <-> FILE-MULTIMEDIA Microsoft Windows Transport Stream Program Map Table Heap overflow attempt * 1:38125 <-> FILE-MULTIMEDIA Microsoft Windows Transport Stream Program Map Table Heap overflow attempt * 1:49964 <-> OS-WINDOWS Microsoft Windows DHCP client domain search integer underflow attempt * 1:51159 <-> OS-WINDOWS Microsoft Windows DHCP client Domain Search response memory corruption attempt * 1:59416 <-> SERVER-WEBAPP Java getRuntime remote code execution attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.5.0.
The format of the file is:
gid:sid <-> Message
* 1:300063 <-> FILE-OTHER LibreOffice office document arbitrary script execution attempt * 1:59417 <-> SERVER-OTHER Git HTTP server submodule potential remote code execution attempt * 1:59418 <-> SERVER-OTHER Git HTTP server submodule potential remote code execution attempt * 1:59419 <-> SERVER-OTHER Git HTTP server submodule potential remote code execution attempt * 1:59420 <-> MALWARE-CNC Win.Trojan.GraphSteel outbound connection * 1:59421 <-> MALWARE-CNC Win.Infostealer.MarsStealer outbound connection * 1:59422 <-> FILE-OTHER LAquis SCADA LGX report file parsing out-of-bounds write attempt * 1:59423 <-> FILE-OTHER LAquis SCADA LGX report file parsing out-of-bounds write attempt * 1:59424 <-> FILE-OTHER LAquis SCADA LGX report arbitrary file write attempt * 1:59425 <-> FILE-OTHER LAquis SCADA LGX report arbitrary file write attempt * 1:59426 <-> SERVER-WEBAPP Red Hat JBoss BPM Suite Tasks List cross site scripting attempt * 1:59427 <-> SERVER-WEBAPP Red Hat JBoss BPM Suite Tasks List cross site scripting attempt * 1:59428 <-> FILE-OTHER OMRON CX-One CX-Protocol CSCU type confusion attempt * 1:59429 <-> FILE-OTHER OMRON CX-One CX-Protocol CSCU type confusion attempt * 1:59430 <-> MALWARE-OTHER Unix.Malware.B1txor20 download attempt * 1:59431 <-> MALWARE-OTHER Unix.Malware.B1txor20 download attempt * 1:59432 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Password command injection attempt * 1:59433 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Password command injection attempt * 1:59434 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Password command injection attempt * 1:59435 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Password command injection attempt * 1:59436 <-> SERVER-WEBAPP Advantech WISE-PaaS RMM SQLMgmt qryData SQL injection attempt * 1:59437 <-> SERVER-WEBAPP Microsoft Sharepoint cross site scripting attempt * 1:59438 <-> SERVER-WEBAPP Microsoft Sharepoint cross site scripting attempt * 1:59439 <-> SERVER-WEBAPP Microsoft Sharepoint cross site scripting attempt * 1:59440 <-> SERVER-APACHE Apache mod_http2 NULL pointer dereference attempt * 1:59441 <-> SERVER-OTHER OpenSLP slp_process.c heap overflow attempt * 1:59442 <-> SERVER-OTHER OpenSLP slp_process.c heap overflow attempt * 1:59443 <-> SERVER-WEBAPP Trend Micro Interscan MailNotification buffer overflow attempt * 1:59444 <-> SERVER-WEBAPP Trend Micro Interscan MailNotification buffer overflow attempt * 1:59445 <-> MALWARE-CNC Java.Trojan.Verblecon variant outbound connection * 1:59446 <-> MALWARE-CNC Java.Trojan.Verblecon variant outbound connection * 1:59447 <-> PROTOCOL-SCADA WeCon LeviStudioU HFT font buffer overflow attempt * 3:59448 <-> BROWSER-CHROME TRUFFLEHUNTER TALOS-2022-1508 attack attempt * 3:59449 <-> BROWSER-CHROME TRUFFLEHUNTER TALOS-2022-1508 attack attempt * 3:59450 <-> OS-OTHER TRUFFLEHUNTER TALOS-2022-1497 attack attempt * 3:59451 <-> OS-OTHER TRUFFLEHUNTER TALOS-2022-1497 attack attempt
* 1:30790 <-> SERVER-WEBAPP Java ClassLoader access attempt * 1:30791 <-> SERVER-WEBAPP Java ClassLoader access attempt * 1:30792 <-> SERVER-WEBAPP Java ClassLoader access attempt * 1:30793 <-> SERVER-WEBAPP Java ClassLoader access attempt * 1:30951 <-> SERVER-WEBAPP Microsoft Sharepoint cross site scripting attempt * 1:38124 <-> FILE-MULTIMEDIA Microsoft Windows Transport Stream Program Map Table Heap overflow attempt * 1:38125 <-> FILE-MULTIMEDIA Microsoft Windows Transport Stream Program Map Table Heap overflow attempt * 1:49964 <-> OS-WINDOWS Microsoft Windows DHCP client domain search integer underflow attempt * 1:51159 <-> OS-WINDOWS Microsoft Windows DHCP client Domain Search response memory corruption attempt * 1:59416 <-> SERVER-WEBAPP Java getRuntime remote code execution attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.7.0.
The format of the file is:
gid:sid <-> Message
* 1:300063 <-> FILE-OTHER LibreOffice office document arbitrary script execution attempt * 1:59417 <-> SERVER-OTHER Git HTTP server submodule potential remote code execution attempt * 1:59418 <-> SERVER-OTHER Git HTTP server submodule potential remote code execution attempt * 1:59419 <-> SERVER-OTHER Git HTTP server submodule potential remote code execution attempt * 1:59420 <-> MALWARE-CNC Win.Trojan.GraphSteel outbound connection * 1:59421 <-> MALWARE-CNC Win.Infostealer.MarsStealer outbound connection * 1:59422 <-> FILE-OTHER LAquis SCADA LGX report file parsing out-of-bounds write attempt * 1:59423 <-> FILE-OTHER LAquis SCADA LGX report file parsing out-of-bounds write attempt * 1:59424 <-> FILE-OTHER LAquis SCADA LGX report arbitrary file write attempt * 1:59425 <-> FILE-OTHER LAquis SCADA LGX report arbitrary file write attempt * 1:59426 <-> SERVER-WEBAPP Red Hat JBoss BPM Suite Tasks List cross site scripting attempt * 1:59427 <-> SERVER-WEBAPP Red Hat JBoss BPM Suite Tasks List cross site scripting attempt * 1:59428 <-> FILE-OTHER OMRON CX-One CX-Protocol CSCU type confusion attempt * 1:59429 <-> FILE-OTHER OMRON CX-One CX-Protocol CSCU type confusion attempt * 1:59430 <-> MALWARE-OTHER Unix.Malware.B1txor20 download attempt * 1:59431 <-> MALWARE-OTHER Unix.Malware.B1txor20 download attempt * 1:59432 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Password command injection attempt * 1:59433 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Password command injection attempt * 1:59434 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Password command injection attempt * 1:59435 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Password command injection attempt * 1:59436 <-> SERVER-WEBAPP Advantech WISE-PaaS RMM SQLMgmt qryData SQL injection attempt * 1:59437 <-> SERVER-WEBAPP Microsoft Sharepoint cross site scripting attempt * 1:59438 <-> SERVER-WEBAPP Microsoft Sharepoint cross site scripting attempt * 1:59439 <-> SERVER-WEBAPP Microsoft Sharepoint cross site scripting attempt * 1:59440 <-> SERVER-APACHE Apache mod_http2 NULL pointer dereference attempt * 1:59441 <-> SERVER-OTHER OpenSLP slp_process.c heap overflow attempt * 1:59442 <-> SERVER-OTHER OpenSLP slp_process.c heap overflow attempt * 1:59443 <-> SERVER-WEBAPP Trend Micro Interscan MailNotification buffer overflow attempt * 1:59444 <-> SERVER-WEBAPP Trend Micro Interscan MailNotification buffer overflow attempt * 1:59445 <-> MALWARE-CNC Java.Trojan.Verblecon variant outbound connection * 1:59446 <-> MALWARE-CNC Java.Trojan.Verblecon variant outbound connection * 1:59447 <-> PROTOCOL-SCADA WeCon LeviStudioU HFT font buffer overflow attempt * 3:59448 <-> BROWSER-CHROME TRUFFLEHUNTER TALOS-2022-1508 attack attempt * 3:59449 <-> BROWSER-CHROME TRUFFLEHUNTER TALOS-2022-1508 attack attempt * 3:59450 <-> OS-OTHER TRUFFLEHUNTER TALOS-2022-1497 attack attempt * 3:59451 <-> OS-OTHER TRUFFLEHUNTER TALOS-2022-1497 attack attempt
* 1:30790 <-> SERVER-WEBAPP Java ClassLoader access attempt * 1:30791 <-> SERVER-WEBAPP Java ClassLoader access attempt * 1:30792 <-> SERVER-WEBAPP Java ClassLoader access attempt * 1:30793 <-> SERVER-WEBAPP Java ClassLoader access attempt * 1:30951 <-> SERVER-WEBAPP Microsoft Sharepoint cross site scripting attempt * 1:38124 <-> FILE-MULTIMEDIA Microsoft Windows Transport Stream Program Map Table Heap overflow attempt * 1:38125 <-> FILE-MULTIMEDIA Microsoft Windows Transport Stream Program Map Table Heap overflow attempt * 1:49964 <-> OS-WINDOWS Microsoft Windows DHCP client domain search integer underflow attempt * 1:51159 <-> OS-WINDOWS Microsoft Windows DHCP client Domain Search response memory corruption attempt * 1:59416 <-> SERVER-WEBAPP Java getRuntime remote code execution attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.9.0.
The format of the file is:
gid:sid <-> Message
* 1:300063 <-> FILE-OTHER LibreOffice office document arbitrary script execution attempt * 1:59417 <-> SERVER-OTHER Git HTTP server submodule potential remote code execution attempt * 1:59418 <-> SERVER-OTHER Git HTTP server submodule potential remote code execution attempt * 1:59419 <-> SERVER-OTHER Git HTTP server submodule potential remote code execution attempt * 1:59420 <-> MALWARE-CNC Win.Trojan.GraphSteel outbound connection * 1:59421 <-> MALWARE-CNC Win.Infostealer.MarsStealer outbound connection * 1:59422 <-> FILE-OTHER LAquis SCADA LGX report file parsing out-of-bounds write attempt * 1:59423 <-> FILE-OTHER LAquis SCADA LGX report file parsing out-of-bounds write attempt * 1:59424 <-> FILE-OTHER LAquis SCADA LGX report arbitrary file write attempt * 1:59425 <-> FILE-OTHER LAquis SCADA LGX report arbitrary file write attempt * 1:59426 <-> SERVER-WEBAPP Red Hat JBoss BPM Suite Tasks List cross site scripting attempt * 1:59427 <-> SERVER-WEBAPP Red Hat JBoss BPM Suite Tasks List cross site scripting attempt * 1:59428 <-> FILE-OTHER OMRON CX-One CX-Protocol CSCU type confusion attempt * 1:59429 <-> FILE-OTHER OMRON CX-One CX-Protocol CSCU type confusion attempt * 1:59430 <-> MALWARE-OTHER Unix.Malware.B1txor20 download attempt * 1:59431 <-> MALWARE-OTHER Unix.Malware.B1txor20 download attempt * 1:59432 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Password command injection attempt * 1:59433 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Password command injection attempt * 1:59434 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Password command injection attempt * 1:59435 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Password command injection attempt * 1:59436 <-> SERVER-WEBAPP Advantech WISE-PaaS RMM SQLMgmt qryData SQL injection attempt * 1:59437 <-> SERVER-WEBAPP Microsoft Sharepoint cross site scripting attempt * 1:59438 <-> SERVER-WEBAPP Microsoft Sharepoint cross site scripting attempt * 1:59439 <-> SERVER-WEBAPP Microsoft Sharepoint cross site scripting attempt * 1:59440 <-> SERVER-APACHE Apache mod_http2 NULL pointer dereference attempt * 1:59441 <-> SERVER-OTHER OpenSLP slp_process.c heap overflow attempt * 1:59442 <-> SERVER-OTHER OpenSLP slp_process.c heap overflow attempt * 1:59443 <-> SERVER-WEBAPP Trend Micro Interscan MailNotification buffer overflow attempt * 1:59444 <-> SERVER-WEBAPP Trend Micro Interscan MailNotification buffer overflow attempt * 1:59445 <-> MALWARE-CNC Java.Trojan.Verblecon variant outbound connection * 1:59446 <-> MALWARE-CNC Java.Trojan.Verblecon variant outbound connection * 1:59447 <-> PROTOCOL-SCADA WeCon LeviStudioU HFT font buffer overflow attempt * 3:59448 <-> BROWSER-CHROME TRUFFLEHUNTER TALOS-2022-1508 attack attempt * 3:59449 <-> BROWSER-CHROME TRUFFLEHUNTER TALOS-2022-1508 attack attempt * 3:59450 <-> OS-OTHER TRUFFLEHUNTER TALOS-2022-1497 attack attempt * 3:59451 <-> OS-OTHER TRUFFLEHUNTER TALOS-2022-1497 attack attempt
* 1:30790 <-> SERVER-WEBAPP Java ClassLoader access attempt * 1:30791 <-> SERVER-WEBAPP Java ClassLoader access attempt * 1:30792 <-> SERVER-WEBAPP Java ClassLoader access attempt * 1:30793 <-> SERVER-WEBAPP Java ClassLoader access attempt * 1:30951 <-> SERVER-WEBAPP Microsoft Sharepoint cross site scripting attempt * 1:38124 <-> FILE-MULTIMEDIA Microsoft Windows Transport Stream Program Map Table Heap overflow attempt * 1:38125 <-> FILE-MULTIMEDIA Microsoft Windows Transport Stream Program Map Table Heap overflow attempt * 1:49964 <-> OS-WINDOWS Microsoft Windows DHCP client domain search integer underflow attempt * 1:51159 <-> OS-WINDOWS Microsoft Windows DHCP client Domain Search response memory corruption attempt * 1:59416 <-> SERVER-WEBAPP Java getRuntime remote code execution attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.11.0.
The format of the file is:
gid:sid <-> Message
* 1:300063 <-> FILE-OTHER LibreOffice office document arbitrary script execution attempt * 1:59417 <-> SERVER-OTHER Git HTTP server submodule potential remote code execution attempt * 1:59418 <-> SERVER-OTHER Git HTTP server submodule potential remote code execution attempt * 1:59419 <-> SERVER-OTHER Git HTTP server submodule potential remote code execution attempt * 1:59420 <-> MALWARE-CNC Win.Trojan.GraphSteel outbound connection * 1:59421 <-> MALWARE-CNC Win.Infostealer.MarsStealer outbound connection * 1:59422 <-> FILE-OTHER LAquis SCADA LGX report file parsing out-of-bounds write attempt * 1:59423 <-> FILE-OTHER LAquis SCADA LGX report file parsing out-of-bounds write attempt * 1:59424 <-> FILE-OTHER LAquis SCADA LGX report arbitrary file write attempt * 1:59425 <-> FILE-OTHER LAquis SCADA LGX report arbitrary file write attempt * 1:59426 <-> SERVER-WEBAPP Red Hat JBoss BPM Suite Tasks List cross site scripting attempt * 1:59427 <-> SERVER-WEBAPP Red Hat JBoss BPM Suite Tasks List cross site scripting attempt * 1:59428 <-> FILE-OTHER OMRON CX-One CX-Protocol CSCU type confusion attempt * 1:59429 <-> FILE-OTHER OMRON CX-One CX-Protocol CSCU type confusion attempt * 1:59430 <-> MALWARE-OTHER Unix.Malware.B1txor20 download attempt * 1:59431 <-> MALWARE-OTHER Unix.Malware.B1txor20 download attempt * 1:59432 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Password command injection attempt * 1:59433 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Password command injection attempt * 1:59434 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Password command injection attempt * 1:59435 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Password command injection attempt * 1:59436 <-> SERVER-WEBAPP Advantech WISE-PaaS RMM SQLMgmt qryData SQL injection attempt * 1:59437 <-> SERVER-WEBAPP Microsoft Sharepoint cross site scripting attempt * 1:59438 <-> SERVER-WEBAPP Microsoft Sharepoint cross site scripting attempt * 1:59439 <-> SERVER-WEBAPP Microsoft Sharepoint cross site scripting attempt * 1:59440 <-> SERVER-APACHE Apache mod_http2 NULL pointer dereference attempt * 1:59441 <-> SERVER-OTHER OpenSLP slp_process.c heap overflow attempt * 1:59442 <-> SERVER-OTHER OpenSLP slp_process.c heap overflow attempt * 1:59443 <-> SERVER-WEBAPP Trend Micro Interscan MailNotification buffer overflow attempt * 1:59444 <-> SERVER-WEBAPP Trend Micro Interscan MailNotification buffer overflow attempt * 1:59445 <-> MALWARE-CNC Java.Trojan.Verblecon variant outbound connection * 1:59446 <-> MALWARE-CNC Java.Trojan.Verblecon variant outbound connection * 1:59447 <-> PROTOCOL-SCADA WeCon LeviStudioU HFT font buffer overflow attempt * 3:59448 <-> BROWSER-CHROME TRUFFLEHUNTER TALOS-2022-1508 attack attempt * 3:59449 <-> BROWSER-CHROME TRUFFLEHUNTER TALOS-2022-1508 attack attempt * 3:59450 <-> OS-OTHER TRUFFLEHUNTER TALOS-2022-1497 attack attempt * 3:59451 <-> OS-OTHER TRUFFLEHUNTER TALOS-2022-1497 attack attempt
* 1:30790 <-> SERVER-WEBAPP Java ClassLoader access attempt * 1:30791 <-> SERVER-WEBAPP Java ClassLoader access attempt * 1:30792 <-> SERVER-WEBAPP Java ClassLoader access attempt * 1:30793 <-> SERVER-WEBAPP Java ClassLoader access attempt * 1:30951 <-> SERVER-WEBAPP Microsoft Sharepoint cross site scripting attempt * 1:38124 <-> FILE-MULTIMEDIA Microsoft Windows Transport Stream Program Map Table Heap overflow attempt * 1:38125 <-> FILE-MULTIMEDIA Microsoft Windows Transport Stream Program Map Table Heap overflow attempt * 1:49964 <-> OS-WINDOWS Microsoft Windows DHCP client domain search integer underflow attempt * 1:51159 <-> OS-WINDOWS Microsoft Windows DHCP client Domain Search response memory corruption attempt * 1:59416 <-> SERVER-WEBAPP Java getRuntime remote code execution attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.15.0.
The format of the file is:
gid:sid <-> Message
* 1:300063 <-> FILE-OTHER LibreOffice office document arbitrary script execution attempt * 1:59417 <-> SERVER-OTHER Git HTTP server submodule potential remote code execution attempt * 1:59418 <-> SERVER-OTHER Git HTTP server submodule potential remote code execution attempt * 1:59419 <-> SERVER-OTHER Git HTTP server submodule potential remote code execution attempt * 1:59420 <-> MALWARE-CNC Win.Trojan.GraphSteel outbound connection * 1:59421 <-> MALWARE-CNC Win.Infostealer.MarsStealer outbound connection * 1:59422 <-> FILE-OTHER LAquis SCADA LGX report file parsing out-of-bounds write attempt * 1:59423 <-> FILE-OTHER LAquis SCADA LGX report file parsing out-of-bounds write attempt * 1:59424 <-> FILE-OTHER LAquis SCADA LGX report arbitrary file write attempt * 1:59425 <-> FILE-OTHER LAquis SCADA LGX report arbitrary file write attempt * 1:59426 <-> SERVER-WEBAPP Red Hat JBoss BPM Suite Tasks List cross site scripting attempt * 1:59427 <-> SERVER-WEBAPP Red Hat JBoss BPM Suite Tasks List cross site scripting attempt * 1:59428 <-> FILE-OTHER OMRON CX-One CX-Protocol CSCU type confusion attempt * 1:59429 <-> FILE-OTHER OMRON CX-One CX-Protocol CSCU type confusion attempt * 1:59430 <-> MALWARE-OTHER Unix.Malware.B1txor20 download attempt * 1:59431 <-> MALWARE-OTHER Unix.Malware.B1txor20 download attempt * 1:59432 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Password command injection attempt * 1:59433 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Password command injection attempt * 1:59434 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Password command injection attempt * 1:59435 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Password command injection attempt * 1:59436 <-> SERVER-WEBAPP Advantech WISE-PaaS RMM SQLMgmt qryData SQL injection attempt * 1:59437 <-> SERVER-WEBAPP Microsoft Sharepoint cross site scripting attempt * 1:59438 <-> SERVER-WEBAPP Microsoft Sharepoint cross site scripting attempt * 1:59439 <-> SERVER-WEBAPP Microsoft Sharepoint cross site scripting attempt * 1:59440 <-> SERVER-APACHE Apache mod_http2 NULL pointer dereference attempt * 1:59441 <-> SERVER-OTHER OpenSLP slp_process.c heap overflow attempt * 1:59442 <-> SERVER-OTHER OpenSLP slp_process.c heap overflow attempt * 1:59443 <-> SERVER-WEBAPP Trend Micro Interscan MailNotification buffer overflow attempt * 1:59444 <-> SERVER-WEBAPP Trend Micro Interscan MailNotification buffer overflow attempt * 1:59445 <-> MALWARE-CNC Java.Trojan.Verblecon variant outbound connection * 1:59446 <-> MALWARE-CNC Java.Trojan.Verblecon variant outbound connection * 1:59447 <-> PROTOCOL-SCADA WeCon LeviStudioU HFT font buffer overflow attempt * 3:59448 <-> BROWSER-CHROME TRUFFLEHUNTER TALOS-2022-1508 attack attempt * 3:59449 <-> BROWSER-CHROME TRUFFLEHUNTER TALOS-2022-1508 attack attempt * 3:59450 <-> OS-OTHER TRUFFLEHUNTER TALOS-2022-1497 attack attempt * 3:59451 <-> OS-OTHER TRUFFLEHUNTER TALOS-2022-1497 attack attempt
* 1:30790 <-> SERVER-WEBAPP Java ClassLoader access attempt * 1:30791 <-> SERVER-WEBAPP Java ClassLoader access attempt * 1:30792 <-> SERVER-WEBAPP Java ClassLoader access attempt * 1:30793 <-> SERVER-WEBAPP Java ClassLoader access attempt * 1:30951 <-> SERVER-WEBAPP Microsoft Sharepoint cross site scripting attempt * 1:38124 <-> FILE-MULTIMEDIA Microsoft Windows Transport Stream Program Map Table Heap overflow attempt * 1:38125 <-> FILE-MULTIMEDIA Microsoft Windows Transport Stream Program Map Table Heap overflow attempt * 1:49964 <-> OS-WINDOWS Microsoft Windows DHCP client domain search integer underflow attempt * 1:51159 <-> OS-WINDOWS Microsoft Windows DHCP client Domain Search response memory corruption attempt * 1:59416 <-> SERVER-WEBAPP Java getRuntime remote code execution attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.18.0.
The format of the file is:
gid:sid <-> Message
* 1:300063 <-> FILE-OTHER LibreOffice office document arbitrary script execution attempt * 1:59417 <-> SERVER-OTHER Git HTTP server submodule potential remote code execution attempt * 1:59418 <-> SERVER-OTHER Git HTTP server submodule potential remote code execution attempt * 1:59419 <-> SERVER-OTHER Git HTTP server submodule potential remote code execution attempt * 1:59420 <-> MALWARE-CNC Win.Trojan.GraphSteel outbound connection * 1:59421 <-> MALWARE-CNC Win.Infostealer.MarsStealer outbound connection * 1:59422 <-> FILE-OTHER LAquis SCADA LGX report file parsing out-of-bounds write attempt * 1:59423 <-> FILE-OTHER LAquis SCADA LGX report file parsing out-of-bounds write attempt * 1:59424 <-> FILE-OTHER LAquis SCADA LGX report arbitrary file write attempt * 1:59425 <-> FILE-OTHER LAquis SCADA LGX report arbitrary file write attempt * 1:59426 <-> SERVER-WEBAPP Red Hat JBoss BPM Suite Tasks List cross site scripting attempt * 1:59427 <-> SERVER-WEBAPP Red Hat JBoss BPM Suite Tasks List cross site scripting attempt * 1:59428 <-> FILE-OTHER OMRON CX-One CX-Protocol CSCU type confusion attempt * 1:59429 <-> FILE-OTHER OMRON CX-One CX-Protocol CSCU type confusion attempt * 1:59430 <-> MALWARE-OTHER Unix.Malware.B1txor20 download attempt * 1:59431 <-> MALWARE-OTHER Unix.Malware.B1txor20 download attempt * 1:59432 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Password command injection attempt * 1:59433 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Password command injection attempt * 1:59434 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Password command injection attempt * 1:59435 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Password command injection attempt * 1:59436 <-> SERVER-WEBAPP Advantech WISE-PaaS RMM SQLMgmt qryData SQL injection attempt * 1:59437 <-> SERVER-WEBAPP Microsoft Sharepoint cross site scripting attempt * 1:59438 <-> SERVER-WEBAPP Microsoft Sharepoint cross site scripting attempt * 1:59439 <-> SERVER-WEBAPP Microsoft Sharepoint cross site scripting attempt * 1:59440 <-> SERVER-APACHE Apache mod_http2 NULL pointer dereference attempt * 1:59441 <-> SERVER-OTHER OpenSLP slp_process.c heap overflow attempt * 1:59442 <-> SERVER-OTHER OpenSLP slp_process.c heap overflow attempt * 1:59443 <-> SERVER-WEBAPP Trend Micro Interscan MailNotification buffer overflow attempt * 1:59444 <-> SERVER-WEBAPP Trend Micro Interscan MailNotification buffer overflow attempt * 1:59445 <-> MALWARE-CNC Java.Trojan.Verblecon variant outbound connection * 1:59446 <-> MALWARE-CNC Java.Trojan.Verblecon variant outbound connection * 1:59447 <-> PROTOCOL-SCADA WeCon LeviStudioU HFT font buffer overflow attempt * 3:59448 <-> BROWSER-CHROME TRUFFLEHUNTER TALOS-2022-1508 attack attempt * 3:59449 <-> BROWSER-CHROME TRUFFLEHUNTER TALOS-2022-1508 attack attempt * 3:59450 <-> OS-OTHER TRUFFLEHUNTER TALOS-2022-1497 attack attempt * 3:59451 <-> OS-OTHER TRUFFLEHUNTER TALOS-2022-1497 attack attempt
* 1:30790 <-> SERVER-WEBAPP Java ClassLoader access attempt * 1:30791 <-> SERVER-WEBAPP Java ClassLoader access attempt * 1:30792 <-> SERVER-WEBAPP Java ClassLoader access attempt * 1:30793 <-> SERVER-WEBAPP Java ClassLoader access attempt * 1:30951 <-> SERVER-WEBAPP Microsoft Sharepoint cross site scripting attempt * 1:38124 <-> FILE-MULTIMEDIA Microsoft Windows Transport Stream Program Map Table Heap overflow attempt * 1:38125 <-> FILE-MULTIMEDIA Microsoft Windows Transport Stream Program Map Table Heap overflow attempt * 1:49964 <-> OS-WINDOWS Microsoft Windows DHCP client domain search integer underflow attempt * 1:51159 <-> OS-WINDOWS Microsoft Windows DHCP client Domain Search response memory corruption attempt * 1:59416 <-> SERVER-WEBAPP Java getRuntime remote code execution attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.20.0.
The format of the file is:
gid:sid <-> Message
* 1:300063 <-> FILE-OTHER LibreOffice office document arbitrary script execution attempt * 1:59417 <-> SERVER-OTHER Git HTTP server submodule potential remote code execution attempt * 1:59418 <-> SERVER-OTHER Git HTTP server submodule potential remote code execution attempt * 1:59419 <-> SERVER-OTHER Git HTTP server submodule potential remote code execution attempt * 1:59420 <-> MALWARE-CNC Win.Trojan.GraphSteel outbound connection * 1:59421 <-> MALWARE-CNC Win.Infostealer.MarsStealer outbound connection * 1:59422 <-> FILE-OTHER LAquis SCADA LGX report file parsing out-of-bounds write attempt * 1:59423 <-> FILE-OTHER LAquis SCADA LGX report file parsing out-of-bounds write attempt * 1:59424 <-> FILE-OTHER LAquis SCADA LGX report arbitrary file write attempt * 1:59425 <-> FILE-OTHER LAquis SCADA LGX report arbitrary file write attempt * 1:59426 <-> SERVER-WEBAPP Red Hat JBoss BPM Suite Tasks List cross site scripting attempt * 1:59427 <-> SERVER-WEBAPP Red Hat JBoss BPM Suite Tasks List cross site scripting attempt * 1:59428 <-> FILE-OTHER OMRON CX-One CX-Protocol CSCU type confusion attempt * 1:59429 <-> FILE-OTHER OMRON CX-One CX-Protocol CSCU type confusion attempt * 1:59430 <-> MALWARE-OTHER Unix.Malware.B1txor20 download attempt * 1:59431 <-> MALWARE-OTHER Unix.Malware.B1txor20 download attempt * 1:59432 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Password command injection attempt * 1:59433 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Password command injection attempt * 1:59434 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Password command injection attempt * 1:59435 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Password command injection attempt * 1:59436 <-> SERVER-WEBAPP Advantech WISE-PaaS RMM SQLMgmt qryData SQL injection attempt * 1:59437 <-> SERVER-WEBAPP Microsoft Sharepoint cross site scripting attempt * 1:59438 <-> SERVER-WEBAPP Microsoft Sharepoint cross site scripting attempt * 1:59439 <-> SERVER-WEBAPP Microsoft Sharepoint cross site scripting attempt * 1:59440 <-> SERVER-APACHE Apache mod_http2 NULL pointer dereference attempt * 1:59441 <-> SERVER-OTHER OpenSLP slp_process.c heap overflow attempt * 1:59442 <-> SERVER-OTHER OpenSLP slp_process.c heap overflow attempt * 1:59443 <-> SERVER-WEBAPP Trend Micro Interscan MailNotification buffer overflow attempt * 1:59444 <-> SERVER-WEBAPP Trend Micro Interscan MailNotification buffer overflow attempt * 1:59445 <-> MALWARE-CNC Java.Trojan.Verblecon variant outbound connection * 1:59446 <-> MALWARE-CNC Java.Trojan.Verblecon variant outbound connection * 1:59447 <-> PROTOCOL-SCADA WeCon LeviStudioU HFT font buffer overflow attempt * 3:59448 <-> BROWSER-CHROME TRUFFLEHUNTER TALOS-2022-1508 attack attempt * 3:59449 <-> BROWSER-CHROME TRUFFLEHUNTER TALOS-2022-1508 attack attempt * 3:59450 <-> OS-OTHER TRUFFLEHUNTER TALOS-2022-1497 attack attempt * 3:59451 <-> OS-OTHER TRUFFLEHUNTER TALOS-2022-1497 attack attempt
* 1:30790 <-> SERVER-WEBAPP Java ClassLoader access attempt * 1:30791 <-> SERVER-WEBAPP Java ClassLoader access attempt * 1:30792 <-> SERVER-WEBAPP Java ClassLoader access attempt * 1:30793 <-> SERVER-WEBAPP Java ClassLoader access attempt * 1:30951 <-> SERVER-WEBAPP Microsoft Sharepoint cross site scripting attempt * 1:38124 <-> FILE-MULTIMEDIA Microsoft Windows Transport Stream Program Map Table Heap overflow attempt * 1:38125 <-> FILE-MULTIMEDIA Microsoft Windows Transport Stream Program Map Table Heap overflow attempt * 1:49964 <-> OS-WINDOWS Microsoft Windows DHCP client domain search integer underflow attempt * 1:51159 <-> OS-WINDOWS Microsoft Windows DHCP client Domain Search response memory corruption attempt * 1:59416 <-> SERVER-WEBAPP Java getRuntime remote code execution attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.21.0.
The format of the file is:
gid:sid <-> Message
* 1:300063 <-> FILE-OTHER LibreOffice office document arbitrary script execution attempt * 1:59417 <-> SERVER-OTHER Git HTTP server submodule potential remote code execution attempt * 1:59418 <-> SERVER-OTHER Git HTTP server submodule potential remote code execution attempt * 1:59419 <-> SERVER-OTHER Git HTTP server submodule potential remote code execution attempt * 1:59420 <-> MALWARE-CNC Win.Trojan.GraphSteel outbound connection * 1:59421 <-> MALWARE-CNC Win.Infostealer.MarsStealer outbound connection * 1:59422 <-> FILE-OTHER LAquis SCADA LGX report file parsing out-of-bounds write attempt * 1:59423 <-> FILE-OTHER LAquis SCADA LGX report file parsing out-of-bounds write attempt * 1:59424 <-> FILE-OTHER LAquis SCADA LGX report arbitrary file write attempt * 1:59425 <-> FILE-OTHER LAquis SCADA LGX report arbitrary file write attempt * 1:59426 <-> SERVER-WEBAPP Red Hat JBoss BPM Suite Tasks List cross site scripting attempt * 1:59427 <-> SERVER-WEBAPP Red Hat JBoss BPM Suite Tasks List cross site scripting attempt * 1:59428 <-> FILE-OTHER OMRON CX-One CX-Protocol CSCU type confusion attempt * 1:59429 <-> FILE-OTHER OMRON CX-One CX-Protocol CSCU type confusion attempt * 1:59430 <-> MALWARE-OTHER Unix.Malware.B1txor20 download attempt * 1:59431 <-> MALWARE-OTHER Unix.Malware.B1txor20 download attempt * 1:59432 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Password command injection attempt * 1:59433 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Password command injection attempt * 1:59434 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Password command injection attempt * 1:59435 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Password command injection attempt * 1:59436 <-> SERVER-WEBAPP Advantech WISE-PaaS RMM SQLMgmt qryData SQL injection attempt * 1:59437 <-> SERVER-WEBAPP Microsoft Sharepoint cross site scripting attempt * 1:59438 <-> SERVER-WEBAPP Microsoft Sharepoint cross site scripting attempt * 1:59439 <-> SERVER-WEBAPP Microsoft Sharepoint cross site scripting attempt * 1:59440 <-> SERVER-APACHE Apache mod_http2 NULL pointer dereference attempt * 1:59441 <-> SERVER-OTHER OpenSLP slp_process.c heap overflow attempt * 1:59442 <-> SERVER-OTHER OpenSLP slp_process.c heap overflow attempt * 1:59443 <-> SERVER-WEBAPP Trend Micro Interscan MailNotification buffer overflow attempt * 1:59444 <-> SERVER-WEBAPP Trend Micro Interscan MailNotification buffer overflow attempt * 1:59445 <-> MALWARE-CNC Java.Trojan.Verblecon variant outbound connection * 1:59446 <-> MALWARE-CNC Java.Trojan.Verblecon variant outbound connection * 1:59447 <-> PROTOCOL-SCADA WeCon LeviStudioU HFT font buffer overflow attempt * 3:59448 <-> BROWSER-CHROME TRUFFLEHUNTER TALOS-2022-1508 attack attempt * 3:59449 <-> BROWSER-CHROME TRUFFLEHUNTER TALOS-2022-1508 attack attempt * 3:59450 <-> OS-OTHER TRUFFLEHUNTER TALOS-2022-1497 attack attempt * 3:59451 <-> OS-OTHER TRUFFLEHUNTER TALOS-2022-1497 attack attempt
* 1:30790 <-> SERVER-WEBAPP Java ClassLoader access attempt * 1:30791 <-> SERVER-WEBAPP Java ClassLoader access attempt * 1:30792 <-> SERVER-WEBAPP Java ClassLoader access attempt * 1:30793 <-> SERVER-WEBAPP Java ClassLoader access attempt * 1:30951 <-> SERVER-WEBAPP Microsoft Sharepoint cross site scripting attempt * 1:38124 <-> FILE-MULTIMEDIA Microsoft Windows Transport Stream Program Map Table Heap overflow attempt * 1:38125 <-> FILE-MULTIMEDIA Microsoft Windows Transport Stream Program Map Table Heap overflow attempt * 1:49964 <-> OS-WINDOWS Microsoft Windows DHCP client domain search integer underflow attempt * 1:51159 <-> OS-WINDOWS Microsoft Windows DHCP client Domain Search response memory corruption attempt * 1:59416 <-> SERVER-WEBAPP Java getRuntime remote code execution attempt
©2024 Cisco and/or its affiliates. Snort, the Snort and Pig logo are registered trademarks of Cisco. All rights reserved.
