Talos has added and modified multiple rules in the file-image, file-office, file-other, file-pdf, indicator-obfuscation, indicator-shellcode, protocol-scada and server-webapp rule sets to provide coverage for emerging threats from these technologies.
For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091900.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:59452 <-> DISABLED <-> FILE-OTHER 7-Zip crafted RAR solid compression memory corruption attempt (file-other.rules) * 1:59453 <-> DISABLED <-> FILE-OTHER 7-Zip crafted RAR solid compression memory corruption attempt (file-other.rules) * 1:59454 <-> DISABLED <-> FILE-OTHER Perl archive tar arbitrary file overwrite attempt (file-other.rules) * 1:59455 <-> DISABLED <-> FILE-OTHER Perl archive tar arbitrary file overwrite attempt (file-other.rules) * 1:59456 <-> DISABLED <-> FILE-OTHER Perl archive tar arbitrary file overwrite attempt (file-other.rules) * 1:59457 <-> DISABLED <-> FILE-OTHER Perl archive tar arbitrary file overwrite attempt (file-other.rules) * 1:59458 <-> DISABLED <-> SERVER-OTHER strongSwan gmp plugin denial of service attempt (server-other.rules) * 1:59459 <-> DISABLED <-> SERVER-OTHER strongSwan x509 plugin denial of service attempt (server-other.rules) * 1:59460 <-> DISABLED <-> FILE-OTHER GNU Libextractor ZIP file comment out-of-bounds read attempt (file-other.rules) * 1:59461 <-> DISABLED <-> FILE-OTHER GNU Libextractor ZIP file comment out-of-bounds read attempt (file-other.rules) * 1:59462 <-> DISABLED <-> PROTOCOL-SCADA Rockwell Automation RSLinx Classic buffer overflow attempt (protocol-scada.rules) * 1:59463 <-> DISABLED <-> INDICATOR-SHELLCODE Java object deserialization exploit attempt (indicator-shellcode.rules) * 1:59464 <-> DISABLED <-> SERVER-OTHER Squid Proxy ESI response processing denial of service attempt (server-other.rules) * 1:59465 <-> DISABLED <-> FILE-OTHER Fuji Electric V-Server VPR heap buffer overflow attempt (file-other.rules) * 1:59466 <-> DISABLED <-> FILE-OTHER Fuji Electric V-Server VPR heap buffer overflow attempt (file-other.rules) * 1:59467 <-> DISABLED <-> FILE-PDF Foxit Reader and PhantonPDF XFA gotoURL command injection attempt (file-pdf.rules) * 1:59468 <-> DISABLED <-> FILE-PDF Foxit Reader and PhantonPDF XFA gotoURL command injection attempt (file-pdf.rules) * 1:59469 <-> DISABLED <-> FILE-IMAGE JasPer jp2_decode out of bounds read attempt (file-image.rules) * 1:59470 <-> DISABLED <-> FILE-IMAGE JasPer jp2_decode out of bounds read attempt (file-image.rules) * 1:59471 <-> DISABLED <-> SERVER-OTHER Qognify Ocularis Event Coordinator insecure deserialization attempt (server-other.rules) * 1:59472 <-> DISABLED <-> FILE-OFFICE Microsoft JET Database remote code execution attempt (file-office.rules) * 1:59473 <-> DISABLED <-> FILE-OFFICE Microsoft JET Database remote code execution attempt (file-office.rules) * 1:59474 <-> DISABLED <-> FILE-OTHER FreeBSD bspatch utility remote code execution attempt (file-other.rules) * 1:59475 <-> DISABLED <-> FILE-OTHER FreeBSD bspatch utility remote code execution attempt (file-other.rules) * 1:59476 <-> ENABLED <-> SERVER-OTHER Advantech WebAccess DCERPC stack buffer overflow attempt (server-other.rules) * 1:59477 <-> ENABLED <-> SERVER-OTHER Advantech WebAccess DCERPC stack buffer overflow attempt (server-other.rules) * 1:59478 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro embedded TIFF heap overflow attempt (file-other.rules) * 1:59479 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro embedded TIFF heap overflow attempt (file-other.rules) * 1:59480 <-> ENABLED <-> SERVER-WEBAPP Apache APISIX default admin API backdoor usage attempt (server-webapp.rules) * 1:59481 <-> ENABLED <-> SERVER-WEBAPP Apache APISIX default admin API backdoor usage attempt (server-webapp.rules)
* 1:39320 <-> DISABLED <-> INDICATOR-OBFUSCATION HTTP header invalid entry evasion attempt (indicator-obfuscation.rules) * 1:46233 <-> DISABLED <-> FILE-OFFICE Microsoft JET Database remote code execution attempt (file-office.rules) * 1:46234 <-> DISABLED <-> FILE-OFFICE Microsoft JET Database remote code execution attempt (file-office.rules) * 3:35903 <-> ENABLED <-> SERVER-OTHER IBM Tivoli Storage Manager FastBack buffer overflow attempt (server-other.rules) * 3:45222 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2017-0508 attack attempt (server-webapp.rules) * 3:50117 <-> ENABLED <-> SERVER-WEBAPP Cisco IOS XE Web UI command injection attempt (server-webapp.rules) * 3:45223 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2017-0508 attack attempt (server-webapp.rules) * 3:35902 <-> ENABLED <-> SERVER-OTHER IBM Tivoli Storage Manager FastBack command injection attempt (server-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091801.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:59477 <-> ENABLED <-> SERVER-OTHER Advantech WebAccess DCERPC stack buffer overflow attempt (server-other.rules) * 1:59457 <-> DISABLED <-> FILE-OTHER Perl archive tar arbitrary file overwrite attempt (file-other.rules) * 1:59452 <-> DISABLED <-> FILE-OTHER 7-Zip crafted RAR solid compression memory corruption attempt (file-other.rules) * 1:59455 <-> DISABLED <-> FILE-OTHER Perl archive tar arbitrary file overwrite attempt (file-other.rules) * 1:59458 <-> DISABLED <-> SERVER-OTHER strongSwan gmp plugin denial of service attempt (server-other.rules) * 1:59459 <-> DISABLED <-> SERVER-OTHER strongSwan x509 plugin denial of service attempt (server-other.rules) * 1:59454 <-> DISABLED <-> FILE-OTHER Perl archive tar arbitrary file overwrite attempt (file-other.rules) * 1:59456 <-> DISABLED <-> FILE-OTHER Perl archive tar arbitrary file overwrite attempt (file-other.rules) * 1:59460 <-> DISABLED <-> FILE-OTHER GNU Libextractor ZIP file comment out-of-bounds read attempt (file-other.rules) * 1:59461 <-> DISABLED <-> FILE-OTHER GNU Libextractor ZIP file comment out-of-bounds read attempt (file-other.rules) * 1:59462 <-> DISABLED <-> PROTOCOL-SCADA Rockwell Automation RSLinx Classic buffer overflow attempt (protocol-scada.rules) * 1:59463 <-> DISABLED <-> INDICATOR-SHELLCODE Java object deserialization exploit attempt (indicator-shellcode.rules) * 1:59464 <-> DISABLED <-> SERVER-OTHER Squid Proxy ESI response processing denial of service attempt (server-other.rules) * 1:59465 <-> DISABLED <-> FILE-OTHER Fuji Electric V-Server VPR heap buffer overflow attempt (file-other.rules) * 1:59466 <-> DISABLED <-> FILE-OTHER Fuji Electric V-Server VPR heap buffer overflow attempt (file-other.rules) * 1:59467 <-> DISABLED <-> FILE-PDF Foxit Reader and PhantonPDF XFA gotoURL command injection attempt (file-pdf.rules) * 1:59468 <-> DISABLED <-> FILE-PDF Foxit Reader and PhantonPDF XFA gotoURL command injection attempt (file-pdf.rules) * 1:59469 <-> DISABLED <-> FILE-IMAGE JasPer jp2_decode out of bounds read attempt (file-image.rules) * 1:59470 <-> DISABLED <-> FILE-IMAGE JasPer jp2_decode out of bounds read attempt (file-image.rules) * 1:59471 <-> DISABLED <-> SERVER-OTHER Qognify Ocularis Event Coordinator insecure deserialization attempt (server-other.rules) * 1:59472 <-> DISABLED <-> FILE-OFFICE Microsoft JET Database remote code execution attempt (file-office.rules) * 1:59473 <-> DISABLED <-> FILE-OFFICE Microsoft JET Database remote code execution attempt (file-office.rules) * 1:59474 <-> DISABLED <-> FILE-OTHER FreeBSD bspatch utility remote code execution attempt (file-other.rules) * 1:59475 <-> DISABLED <-> FILE-OTHER FreeBSD bspatch utility remote code execution attempt (file-other.rules) * 1:59478 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro embedded TIFF heap overflow attempt (file-other.rules) * 1:59479 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro embedded TIFF heap overflow attempt (file-other.rules) * 1:59480 <-> ENABLED <-> SERVER-WEBAPP Apache APISIX default admin API backdoor usage attempt (server-webapp.rules) * 1:59481 <-> ENABLED <-> SERVER-WEBAPP Apache APISIX default admin API backdoor usage attempt (server-webapp.rules) * 1:59453 <-> DISABLED <-> FILE-OTHER 7-Zip crafted RAR solid compression memory corruption attempt (file-other.rules) * 1:59476 <-> ENABLED <-> SERVER-OTHER Advantech WebAccess DCERPC stack buffer overflow attempt (server-other.rules)
* 1:46233 <-> DISABLED <-> FILE-OFFICE Microsoft JET Database remote code execution attempt (file-office.rules) * 1:39320 <-> DISABLED <-> INDICATOR-OBFUSCATION HTTP header invalid entry evasion attempt (indicator-obfuscation.rules) * 1:46234 <-> DISABLED <-> FILE-OFFICE Microsoft JET Database remote code execution attempt (file-office.rules) * 3:35903 <-> ENABLED <-> SERVER-OTHER IBM Tivoli Storage Manager FastBack buffer overflow attempt (server-other.rules) * 3:45222 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2017-0508 attack attempt (server-webapp.rules) * 3:50117 <-> ENABLED <-> SERVER-WEBAPP Cisco IOS XE Web UI command injection attempt (server-webapp.rules) * 3:45223 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2017-0508 attack attempt (server-webapp.rules) * 3:35902 <-> ENABLED <-> SERVER-OTHER IBM Tivoli Storage Manager FastBack command injection attempt (server-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091701.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:59478 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro embedded TIFF heap overflow attempt (file-other.rules) * 1:59477 <-> ENABLED <-> SERVER-OTHER Advantech WebAccess DCERPC stack buffer overflow attempt (server-other.rules) * 1:59476 <-> ENABLED <-> SERVER-OTHER Advantech WebAccess DCERPC stack buffer overflow attempt (server-other.rules) * 1:59479 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro embedded TIFF heap overflow attempt (file-other.rules) * 1:59480 <-> ENABLED <-> SERVER-WEBAPP Apache APISIX default admin API backdoor usage attempt (server-webapp.rules) * 1:59452 <-> DISABLED <-> FILE-OTHER 7-Zip crafted RAR solid compression memory corruption attempt (file-other.rules) * 1:59481 <-> ENABLED <-> SERVER-WEBAPP Apache APISIX default admin API backdoor usage attempt (server-webapp.rules) * 1:59457 <-> DISABLED <-> FILE-OTHER Perl archive tar arbitrary file overwrite attempt (file-other.rules) * 1:59453 <-> DISABLED <-> FILE-OTHER 7-Zip crafted RAR solid compression memory corruption attempt (file-other.rules) * 1:59455 <-> DISABLED <-> FILE-OTHER Perl archive tar arbitrary file overwrite attempt (file-other.rules) * 1:59459 <-> DISABLED <-> SERVER-OTHER strongSwan x509 plugin denial of service attempt (server-other.rules) * 1:59458 <-> DISABLED <-> SERVER-OTHER strongSwan gmp plugin denial of service attempt (server-other.rules) * 1:59460 <-> DISABLED <-> FILE-OTHER GNU Libextractor ZIP file comment out-of-bounds read attempt (file-other.rules) * 1:59462 <-> DISABLED <-> PROTOCOL-SCADA Rockwell Automation RSLinx Classic buffer overflow attempt (protocol-scada.rules) * 1:59463 <-> DISABLED <-> INDICATOR-SHELLCODE Java object deserialization exploit attempt (indicator-shellcode.rules) * 1:59464 <-> DISABLED <-> SERVER-OTHER Squid Proxy ESI response processing denial of service attempt (server-other.rules) * 1:59465 <-> DISABLED <-> FILE-OTHER Fuji Electric V-Server VPR heap buffer overflow attempt (file-other.rules) * 1:59466 <-> DISABLED <-> FILE-OTHER Fuji Electric V-Server VPR heap buffer overflow attempt (file-other.rules) * 1:59467 <-> DISABLED <-> FILE-PDF Foxit Reader and PhantonPDF XFA gotoURL command injection attempt (file-pdf.rules) * 1:59468 <-> DISABLED <-> FILE-PDF Foxit Reader and PhantonPDF XFA gotoURL command injection attempt (file-pdf.rules) * 1:59469 <-> DISABLED <-> FILE-IMAGE JasPer jp2_decode out of bounds read attempt (file-image.rules) * 1:59470 <-> DISABLED <-> FILE-IMAGE JasPer jp2_decode out of bounds read attempt (file-image.rules) * 1:59456 <-> DISABLED <-> FILE-OTHER Perl archive tar arbitrary file overwrite attempt (file-other.rules) * 1:59471 <-> DISABLED <-> SERVER-OTHER Qognify Ocularis Event Coordinator insecure deserialization attempt (server-other.rules) * 1:59472 <-> DISABLED <-> FILE-OFFICE Microsoft JET Database remote code execution attempt (file-office.rules) * 1:59473 <-> DISABLED <-> FILE-OFFICE Microsoft JET Database remote code execution attempt (file-office.rules) * 1:59474 <-> DISABLED <-> FILE-OTHER FreeBSD bspatch utility remote code execution attempt (file-other.rules) * 1:59475 <-> DISABLED <-> FILE-OTHER FreeBSD bspatch utility remote code execution attempt (file-other.rules) * 1:59454 <-> DISABLED <-> FILE-OTHER Perl archive tar arbitrary file overwrite attempt (file-other.rules) * 1:59461 <-> DISABLED <-> FILE-OTHER GNU Libextractor ZIP file comment out-of-bounds read attempt (file-other.rules)
* 1:46233 <-> DISABLED <-> FILE-OFFICE Microsoft JET Database remote code execution attempt (file-office.rules) * 1:39320 <-> DISABLED <-> INDICATOR-OBFUSCATION HTTP header invalid entry evasion attempt (indicator-obfuscation.rules) * 1:46234 <-> DISABLED <-> FILE-OFFICE Microsoft JET Database remote code execution attempt (file-office.rules) * 3:35903 <-> ENABLED <-> SERVER-OTHER IBM Tivoli Storage Manager FastBack buffer overflow attempt (server-other.rules) * 3:45222 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2017-0508 attack attempt (server-webapp.rules) * 3:50117 <-> ENABLED <-> SERVER-WEBAPP Cisco IOS XE Web UI command injection attempt (server-webapp.rules) * 3:35902 <-> ENABLED <-> SERVER-OTHER IBM Tivoli Storage Manager FastBack command injection attempt (server-other.rules) * 3:45223 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2017-0508 attack attempt (server-webapp.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091700.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:59476 <-> ENABLED <-> SERVER-OTHER Advantech WebAccess DCERPC stack buffer overflow attempt (server-other.rules) * 1:59475 <-> DISABLED <-> FILE-OTHER FreeBSD bspatch utility remote code execution attempt (file-other.rules) * 1:59474 <-> DISABLED <-> FILE-OTHER FreeBSD bspatch utility remote code execution attempt (file-other.rules) * 1:59452 <-> DISABLED <-> FILE-OTHER 7-Zip crafted RAR solid compression memory corruption attempt (file-other.rules) * 1:59455 <-> DISABLED <-> FILE-OTHER Perl archive tar arbitrary file overwrite attempt (file-other.rules) * 1:59477 <-> ENABLED <-> SERVER-OTHER Advantech WebAccess DCERPC stack buffer overflow attempt (server-other.rules) * 1:59453 <-> DISABLED <-> FILE-OTHER 7-Zip crafted RAR solid compression memory corruption attempt (file-other.rules) * 1:59459 <-> DISABLED <-> SERVER-OTHER strongSwan x509 plugin denial of service attempt (server-other.rules) * 1:59478 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro embedded TIFF heap overflow attempt (file-other.rules) * 1:59479 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro embedded TIFF heap overflow attempt (file-other.rules) * 1:59480 <-> ENABLED <-> SERVER-WEBAPP Apache APISIX default admin API backdoor usage attempt (server-webapp.rules) * 1:59454 <-> DISABLED <-> FILE-OTHER Perl archive tar arbitrary file overwrite attempt (file-other.rules) * 1:59456 <-> DISABLED <-> FILE-OTHER Perl archive tar arbitrary file overwrite attempt (file-other.rules) * 1:59458 <-> DISABLED <-> SERVER-OTHER strongSwan gmp plugin denial of service attempt (server-other.rules) * 1:59460 <-> DISABLED <-> FILE-OTHER GNU Libextractor ZIP file comment out-of-bounds read attempt (file-other.rules) * 1:59457 <-> DISABLED <-> FILE-OTHER Perl archive tar arbitrary file overwrite attempt (file-other.rules) * 1:59462 <-> DISABLED <-> PROTOCOL-SCADA Rockwell Automation RSLinx Classic buffer overflow attempt (protocol-scada.rules) * 1:59461 <-> DISABLED <-> FILE-OTHER GNU Libextractor ZIP file comment out-of-bounds read attempt (file-other.rules) * 1:59464 <-> DISABLED <-> SERVER-OTHER Squid Proxy ESI response processing denial of service attempt (server-other.rules) * 1:59466 <-> DISABLED <-> FILE-OTHER Fuji Electric V-Server VPR heap buffer overflow attempt (file-other.rules) * 1:59465 <-> DISABLED <-> FILE-OTHER Fuji Electric V-Server VPR heap buffer overflow attempt (file-other.rules) * 1:59463 <-> DISABLED <-> INDICATOR-SHELLCODE Java object deserialization exploit attempt (indicator-shellcode.rules) * 1:59468 <-> DISABLED <-> FILE-PDF Foxit Reader and PhantonPDF XFA gotoURL command injection attempt (file-pdf.rules) * 1:59469 <-> DISABLED <-> FILE-IMAGE JasPer jp2_decode out of bounds read attempt (file-image.rules) * 1:59467 <-> DISABLED <-> FILE-PDF Foxit Reader and PhantonPDF XFA gotoURL command injection attempt (file-pdf.rules) * 1:59470 <-> DISABLED <-> FILE-IMAGE JasPer jp2_decode out of bounds read attempt (file-image.rules) * 1:59473 <-> DISABLED <-> FILE-OFFICE Microsoft JET Database remote code execution attempt (file-office.rules) * 1:59472 <-> DISABLED <-> FILE-OFFICE Microsoft JET Database remote code execution attempt (file-office.rules) * 1:59471 <-> DISABLED <-> SERVER-OTHER Qognify Ocularis Event Coordinator insecure deserialization attempt (server-other.rules) * 1:59481 <-> ENABLED <-> SERVER-WEBAPP Apache APISIX default admin API backdoor usage attempt (server-webapp.rules)
* 1:39320 <-> DISABLED <-> INDICATOR-OBFUSCATION HTTP header invalid entry evasion attempt (indicator-obfuscation.rules) * 1:46234 <-> DISABLED <-> FILE-OFFICE Microsoft JET Database remote code execution attempt (file-office.rules) * 1:46233 <-> DISABLED <-> FILE-OFFICE Microsoft JET Database remote code execution attempt (file-office.rules) * 3:45222 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2017-0508 attack attempt (server-webapp.rules) * 3:35903 <-> ENABLED <-> SERVER-OTHER IBM Tivoli Storage Manager FastBack buffer overflow attempt (server-other.rules) * 3:35902 <-> ENABLED <-> SERVER-OTHER IBM Tivoli Storage Manager FastBack command injection attempt (server-other.rules) * 3:45223 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2017-0508 attack attempt (server-webapp.rules) * 3:50117 <-> ENABLED <-> SERVER-WEBAPP Cisco IOS XE Web UI command injection attempt (server-webapp.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091601.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:59458 <-> DISABLED <-> SERVER-OTHER strongSwan gmp plugin denial of service attempt (server-other.rules) * 1:59462 <-> DISABLED <-> PROTOCOL-SCADA Rockwell Automation RSLinx Classic buffer overflow attempt (protocol-scada.rules) * 1:59453 <-> DISABLED <-> FILE-OTHER 7-Zip crafted RAR solid compression memory corruption attempt (file-other.rules) * 1:59480 <-> ENABLED <-> SERVER-WEBAPP Apache APISIX default admin API backdoor usage attempt (server-webapp.rules) * 1:59481 <-> ENABLED <-> SERVER-WEBAPP Apache APISIX default admin API backdoor usage attempt (server-webapp.rules) * 1:59455 <-> DISABLED <-> FILE-OTHER Perl archive tar arbitrary file overwrite attempt (file-other.rules) * 1:59476 <-> ENABLED <-> SERVER-OTHER Advantech WebAccess DCERPC stack buffer overflow attempt (server-other.rules) * 1:59457 <-> DISABLED <-> FILE-OTHER Perl archive tar arbitrary file overwrite attempt (file-other.rules) * 1:59460 <-> DISABLED <-> FILE-OTHER GNU Libextractor ZIP file comment out-of-bounds read attempt (file-other.rules) * 1:59461 <-> DISABLED <-> FILE-OTHER GNU Libextractor ZIP file comment out-of-bounds read attempt (file-other.rules) * 1:59478 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro embedded TIFF heap overflow attempt (file-other.rules) * 1:59471 <-> DISABLED <-> SERVER-OTHER Qognify Ocularis Event Coordinator insecure deserialization attempt (server-other.rules) * 1:59472 <-> DISABLED <-> FILE-OFFICE Microsoft JET Database remote code execution attempt (file-office.rules) * 1:59456 <-> DISABLED <-> FILE-OTHER Perl archive tar arbitrary file overwrite attempt (file-other.rules) * 1:59474 <-> DISABLED <-> FILE-OTHER FreeBSD bspatch utility remote code execution attempt (file-other.rules) * 1:59459 <-> DISABLED <-> SERVER-OTHER strongSwan x509 plugin denial of service attempt (server-other.rules) * 1:59454 <-> DISABLED <-> FILE-OTHER Perl archive tar arbitrary file overwrite attempt (file-other.rules) * 1:59463 <-> DISABLED <-> INDICATOR-SHELLCODE Java object deserialization exploit attempt (indicator-shellcode.rules) * 1:59475 <-> DISABLED <-> FILE-OTHER FreeBSD bspatch utility remote code execution attempt (file-other.rules) * 1:59473 <-> DISABLED <-> FILE-OFFICE Microsoft JET Database remote code execution attempt (file-office.rules) * 1:59464 <-> DISABLED <-> SERVER-OTHER Squid Proxy ESI response processing denial of service attempt (server-other.rules) * 1:59479 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro embedded TIFF heap overflow attempt (file-other.rules) * 1:59452 <-> DISABLED <-> FILE-OTHER 7-Zip crafted RAR solid compression memory corruption attempt (file-other.rules) * 1:59465 <-> DISABLED <-> FILE-OTHER Fuji Electric V-Server VPR heap buffer overflow attempt (file-other.rules) * 1:59466 <-> DISABLED <-> FILE-OTHER Fuji Electric V-Server VPR heap buffer overflow attempt (file-other.rules) * 1:59467 <-> DISABLED <-> FILE-PDF Foxit Reader and PhantonPDF XFA gotoURL command injection attempt (file-pdf.rules) * 1:59470 <-> DISABLED <-> FILE-IMAGE JasPer jp2_decode out of bounds read attempt (file-image.rules) * 1:59468 <-> DISABLED <-> FILE-PDF Foxit Reader and PhantonPDF XFA gotoURL command injection attempt (file-pdf.rules) * 1:59469 <-> DISABLED <-> FILE-IMAGE JasPer jp2_decode out of bounds read attempt (file-image.rules) * 1:59477 <-> ENABLED <-> SERVER-OTHER Advantech WebAccess DCERPC stack buffer overflow attempt (server-other.rules)
* 1:46234 <-> DISABLED <-> FILE-OFFICE Microsoft JET Database remote code execution attempt (file-office.rules) * 1:46233 <-> DISABLED <-> FILE-OFFICE Microsoft JET Database remote code execution attempt (file-office.rules) * 1:39320 <-> DISABLED <-> INDICATOR-OBFUSCATION HTTP header invalid entry evasion attempt (indicator-obfuscation.rules) * 3:35903 <-> ENABLED <-> SERVER-OTHER IBM Tivoli Storage Manager FastBack buffer overflow attempt (server-other.rules) * 3:45222 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2017-0508 attack attempt (server-webapp.rules) * 3:45223 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2017-0508 attack attempt (server-webapp.rules) * 3:50117 <-> ENABLED <-> SERVER-WEBAPP Cisco IOS XE Web UI command injection attempt (server-webapp.rules) * 3:35902 <-> ENABLED <-> SERVER-OTHER IBM Tivoli Storage Manager FastBack command injection attempt (server-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091600.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:59467 <-> DISABLED <-> FILE-PDF Foxit Reader and PhantonPDF XFA gotoURL command injection attempt (file-pdf.rules) * 1:59455 <-> DISABLED <-> FILE-OTHER Perl archive tar arbitrary file overwrite attempt (file-other.rules) * 1:59452 <-> DISABLED <-> FILE-OTHER 7-Zip crafted RAR solid compression memory corruption attempt (file-other.rules) * 1:59462 <-> DISABLED <-> PROTOCOL-SCADA Rockwell Automation RSLinx Classic buffer overflow attempt (protocol-scada.rules) * 1:59475 <-> DISABLED <-> FILE-OTHER FreeBSD bspatch utility remote code execution attempt (file-other.rules) * 1:59468 <-> DISABLED <-> FILE-PDF Foxit Reader and PhantonPDF XFA gotoURL command injection attempt (file-pdf.rules) * 1:59454 <-> DISABLED <-> FILE-OTHER Perl archive tar arbitrary file overwrite attempt (file-other.rules) * 1:59453 <-> DISABLED <-> FILE-OTHER 7-Zip crafted RAR solid compression memory corruption attempt (file-other.rules) * 1:59477 <-> ENABLED <-> SERVER-OTHER Advantech WebAccess DCERPC stack buffer overflow attempt (server-other.rules) * 1:59476 <-> ENABLED <-> SERVER-OTHER Advantech WebAccess DCERPC stack buffer overflow attempt (server-other.rules) * 1:59481 <-> ENABLED <-> SERVER-WEBAPP Apache APISIX default admin API backdoor usage attempt (server-webapp.rules) * 1:59478 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro embedded TIFF heap overflow attempt (file-other.rules) * 1:59456 <-> DISABLED <-> FILE-OTHER Perl archive tar arbitrary file overwrite attempt (file-other.rules) * 1:59458 <-> DISABLED <-> SERVER-OTHER strongSwan gmp plugin denial of service attempt (server-other.rules) * 1:59480 <-> ENABLED <-> SERVER-WEBAPP Apache APISIX default admin API backdoor usage attempt (server-webapp.rules) * 1:59460 <-> DISABLED <-> FILE-OTHER GNU Libextractor ZIP file comment out-of-bounds read attempt (file-other.rules) * 1:59474 <-> DISABLED <-> FILE-OTHER FreeBSD bspatch utility remote code execution attempt (file-other.rules) * 1:59457 <-> DISABLED <-> FILE-OTHER Perl archive tar arbitrary file overwrite attempt (file-other.rules) * 1:59461 <-> DISABLED <-> FILE-OTHER GNU Libextractor ZIP file comment out-of-bounds read attempt (file-other.rules) * 1:59463 <-> DISABLED <-> INDICATOR-SHELLCODE Java object deserialization exploit attempt (indicator-shellcode.rules) * 1:59469 <-> DISABLED <-> FILE-IMAGE JasPer jp2_decode out of bounds read attempt (file-image.rules) * 1:59471 <-> DISABLED <-> SERVER-OTHER Qognify Ocularis Event Coordinator insecure deserialization attempt (server-other.rules) * 1:59466 <-> DISABLED <-> FILE-OTHER Fuji Electric V-Server VPR heap buffer overflow attempt (file-other.rules) * 1:59459 <-> DISABLED <-> SERVER-OTHER strongSwan x509 plugin denial of service attempt (server-other.rules) * 1:59470 <-> DISABLED <-> FILE-IMAGE JasPer jp2_decode out of bounds read attempt (file-image.rules) * 1:59473 <-> DISABLED <-> FILE-OFFICE Microsoft JET Database remote code execution attempt (file-office.rules) * 1:59472 <-> DISABLED <-> FILE-OFFICE Microsoft JET Database remote code execution attempt (file-office.rules) * 1:59465 <-> DISABLED <-> FILE-OTHER Fuji Electric V-Server VPR heap buffer overflow attempt (file-other.rules) * 1:59479 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro embedded TIFF heap overflow attempt (file-other.rules) * 1:59464 <-> DISABLED <-> SERVER-OTHER Squid Proxy ESI response processing denial of service attempt (server-other.rules)
* 1:46234 <-> DISABLED <-> FILE-OFFICE Microsoft JET Database remote code execution attempt (file-office.rules) * 1:39320 <-> DISABLED <-> INDICATOR-OBFUSCATION HTTP header invalid entry evasion attempt (indicator-obfuscation.rules) * 1:46233 <-> DISABLED <-> FILE-OFFICE Microsoft JET Database remote code execution attempt (file-office.rules) * 3:45222 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2017-0508 attack attempt (server-webapp.rules) * 3:45223 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2017-0508 attack attempt (server-webapp.rules) * 3:35902 <-> ENABLED <-> SERVER-OTHER IBM Tivoli Storage Manager FastBack command injection attempt (server-other.rules) * 3:35903 <-> ENABLED <-> SERVER-OTHER IBM Tivoli Storage Manager FastBack buffer overflow attempt (server-other.rules) * 3:50117 <-> ENABLED <-> SERVER-WEBAPP Cisco IOS XE Web UI command injection attempt (server-webapp.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091501.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:59480 <-> ENABLED <-> SERVER-WEBAPP Apache APISIX default admin API backdoor usage attempt (server-webapp.rules) * 1:59477 <-> ENABLED <-> SERVER-OTHER Advantech WebAccess DCERPC stack buffer overflow attempt (server-other.rules) * 1:59476 <-> ENABLED <-> SERVER-OTHER Advantech WebAccess DCERPC stack buffer overflow attempt (server-other.rules) * 1:59453 <-> DISABLED <-> FILE-OTHER 7-Zip crafted RAR solid compression memory corruption attempt (file-other.rules) * 1:59478 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro embedded TIFF heap overflow attempt (file-other.rules) * 1:59459 <-> DISABLED <-> SERVER-OTHER strongSwan x509 plugin denial of service attempt (server-other.rules) * 1:59457 <-> DISABLED <-> FILE-OTHER Perl archive tar arbitrary file overwrite attempt (file-other.rules) * 1:59460 <-> DISABLED <-> FILE-OTHER GNU Libextractor ZIP file comment out-of-bounds read attempt (file-other.rules) * 1:59481 <-> ENABLED <-> SERVER-WEBAPP Apache APISIX default admin API backdoor usage attempt (server-webapp.rules) * 1:59455 <-> DISABLED <-> FILE-OTHER Perl archive tar arbitrary file overwrite attempt (file-other.rules) * 1:59462 <-> DISABLED <-> PROTOCOL-SCADA Rockwell Automation RSLinx Classic buffer overflow attempt (protocol-scada.rules) * 1:59456 <-> DISABLED <-> FILE-OTHER Perl archive tar arbitrary file overwrite attempt (file-other.rules) * 1:59463 <-> DISABLED <-> INDICATOR-SHELLCODE Java object deserialization exploit attempt (indicator-shellcode.rules) * 1:59475 <-> DISABLED <-> FILE-OTHER FreeBSD bspatch utility remote code execution attempt (file-other.rules) * 1:59461 <-> DISABLED <-> FILE-OTHER GNU Libextractor ZIP file comment out-of-bounds read attempt (file-other.rules) * 1:59452 <-> DISABLED <-> FILE-OTHER 7-Zip crafted RAR solid compression memory corruption attempt (file-other.rules) * 1:59464 <-> DISABLED <-> SERVER-OTHER Squid Proxy ESI response processing denial of service attempt (server-other.rules) * 1:59465 <-> DISABLED <-> FILE-OTHER Fuji Electric V-Server VPR heap buffer overflow attempt (file-other.rules) * 1:59466 <-> DISABLED <-> FILE-OTHER Fuji Electric V-Server VPR heap buffer overflow attempt (file-other.rules) * 1:59467 <-> DISABLED <-> FILE-PDF Foxit Reader and PhantonPDF XFA gotoURL command injection attempt (file-pdf.rules) * 1:59468 <-> DISABLED <-> FILE-PDF Foxit Reader and PhantonPDF XFA gotoURL command injection attempt (file-pdf.rules) * 1:59469 <-> DISABLED <-> FILE-IMAGE JasPer jp2_decode out of bounds read attempt (file-image.rules) * 1:59470 <-> DISABLED <-> FILE-IMAGE JasPer jp2_decode out of bounds read attempt (file-image.rules) * 1:59471 <-> DISABLED <-> SERVER-OTHER Qognify Ocularis Event Coordinator insecure deserialization attempt (server-other.rules) * 1:59472 <-> DISABLED <-> FILE-OFFICE Microsoft JET Database remote code execution attempt (file-office.rules) * 1:59473 <-> DISABLED <-> FILE-OFFICE Microsoft JET Database remote code execution attempt (file-office.rules) * 1:59474 <-> DISABLED <-> FILE-OTHER FreeBSD bspatch utility remote code execution attempt (file-other.rules) * 1:59458 <-> DISABLED <-> SERVER-OTHER strongSwan gmp plugin denial of service attempt (server-other.rules) * 1:59479 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro embedded TIFF heap overflow attempt (file-other.rules) * 1:59454 <-> DISABLED <-> FILE-OTHER Perl archive tar arbitrary file overwrite attempt (file-other.rules)
* 1:46233 <-> DISABLED <-> FILE-OFFICE Microsoft JET Database remote code execution attempt (file-office.rules) * 1:39320 <-> DISABLED <-> INDICATOR-OBFUSCATION HTTP header invalid entry evasion attempt (indicator-obfuscation.rules) * 1:46234 <-> DISABLED <-> FILE-OFFICE Microsoft JET Database remote code execution attempt (file-office.rules) * 3:45222 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2017-0508 attack attempt (server-webapp.rules) * 3:50117 <-> ENABLED <-> SERVER-WEBAPP Cisco IOS XE Web UI command injection attempt (server-webapp.rules) * 3:35903 <-> ENABLED <-> SERVER-OTHER IBM Tivoli Storage Manager FastBack buffer overflow attempt (server-other.rules) * 3:45223 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2017-0508 attack attempt (server-webapp.rules) * 3:35902 <-> ENABLED <-> SERVER-OTHER IBM Tivoli Storage Manager FastBack command injection attempt (server-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091401.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:59477 <-> ENABLED <-> SERVER-OTHER Advantech WebAccess DCERPC stack buffer overflow attempt (server-other.rules) * 1:59476 <-> ENABLED <-> SERVER-OTHER Advantech WebAccess DCERPC stack buffer overflow attempt (server-other.rules) * 1:59458 <-> DISABLED <-> SERVER-OTHER strongSwan gmp plugin denial of service attempt (server-other.rules) * 1:59453 <-> DISABLED <-> FILE-OTHER 7-Zip crafted RAR solid compression memory corruption attempt (file-other.rules) * 1:59457 <-> DISABLED <-> FILE-OTHER Perl archive tar arbitrary file overwrite attempt (file-other.rules) * 1:59478 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro embedded TIFF heap overflow attempt (file-other.rules) * 1:59454 <-> DISABLED <-> FILE-OTHER Perl archive tar arbitrary file overwrite attempt (file-other.rules) * 1:59461 <-> DISABLED <-> FILE-OTHER GNU Libextractor ZIP file comment out-of-bounds read attempt (file-other.rules) * 1:59479 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro embedded TIFF heap overflow attempt (file-other.rules) * 1:59475 <-> DISABLED <-> FILE-OTHER FreeBSD bspatch utility remote code execution attempt (file-other.rules) * 1:59459 <-> DISABLED <-> SERVER-OTHER strongSwan x509 plugin denial of service attempt (server-other.rules) * 1:59460 <-> DISABLED <-> FILE-OTHER GNU Libextractor ZIP file comment out-of-bounds read attempt (file-other.rules) * 1:59462 <-> DISABLED <-> PROTOCOL-SCADA Rockwell Automation RSLinx Classic buffer overflow attempt (protocol-scada.rules) * 1:59463 <-> DISABLED <-> INDICATOR-SHELLCODE Java object deserialization exploit attempt (indicator-shellcode.rules) * 1:59464 <-> DISABLED <-> SERVER-OTHER Squid Proxy ESI response processing denial of service attempt (server-other.rules) * 1:59465 <-> DISABLED <-> FILE-OTHER Fuji Electric V-Server VPR heap buffer overflow attempt (file-other.rules) * 1:59466 <-> DISABLED <-> FILE-OTHER Fuji Electric V-Server VPR heap buffer overflow attempt (file-other.rules) * 1:59467 <-> DISABLED <-> FILE-PDF Foxit Reader and PhantonPDF XFA gotoURL command injection attempt (file-pdf.rules) * 1:59455 <-> DISABLED <-> FILE-OTHER Perl archive tar arbitrary file overwrite attempt (file-other.rules) * 1:59468 <-> DISABLED <-> FILE-PDF Foxit Reader and PhantonPDF XFA gotoURL command injection attempt (file-pdf.rules) * 1:59469 <-> DISABLED <-> FILE-IMAGE JasPer jp2_decode out of bounds read attempt (file-image.rules) * 1:59470 <-> DISABLED <-> FILE-IMAGE JasPer jp2_decode out of bounds read attempt (file-image.rules) * 1:59471 <-> DISABLED <-> SERVER-OTHER Qognify Ocularis Event Coordinator insecure deserialization attempt (server-other.rules) * 1:59472 <-> DISABLED <-> FILE-OFFICE Microsoft JET Database remote code execution attempt (file-office.rules) * 1:59456 <-> DISABLED <-> FILE-OTHER Perl archive tar arbitrary file overwrite attempt (file-other.rules) * 1:59473 <-> DISABLED <-> FILE-OFFICE Microsoft JET Database remote code execution attempt (file-office.rules) * 1:59481 <-> ENABLED <-> SERVER-WEBAPP Apache APISIX default admin API backdoor usage attempt (server-webapp.rules) * 1:59474 <-> DISABLED <-> FILE-OTHER FreeBSD bspatch utility remote code execution attempt (file-other.rules) * 1:59480 <-> ENABLED <-> SERVER-WEBAPP Apache APISIX default admin API backdoor usage attempt (server-webapp.rules) * 1:59452 <-> DISABLED <-> FILE-OTHER 7-Zip crafted RAR solid compression memory corruption attempt (file-other.rules)
* 1:46234 <-> DISABLED <-> FILE-OFFICE Microsoft JET Database remote code execution attempt (file-office.rules) * 1:46233 <-> DISABLED <-> FILE-OFFICE Microsoft JET Database remote code execution attempt (file-office.rules) * 1:39320 <-> DISABLED <-> INDICATOR-OBFUSCATION HTTP header invalid entry evasion attempt (indicator-obfuscation.rules) * 3:35902 <-> ENABLED <-> SERVER-OTHER IBM Tivoli Storage Manager FastBack command injection attempt (server-other.rules) * 3:50117 <-> ENABLED <-> SERVER-WEBAPP Cisco IOS XE Web UI command injection attempt (server-webapp.rules) * 3:45222 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2017-0508 attack attempt (server-webapp.rules) * 3:45223 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2017-0508 attack attempt (server-webapp.rules) * 3:35903 <-> ENABLED <-> SERVER-OTHER IBM Tivoli Storage Manager FastBack buffer overflow attempt (server-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091300.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:59466 <-> DISABLED <-> FILE-OTHER Fuji Electric V-Server VPR heap buffer overflow attempt (file-other.rules) * 1:59478 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro embedded TIFF heap overflow attempt (file-other.rules) * 1:59453 <-> DISABLED <-> FILE-OTHER 7-Zip crafted RAR solid compression memory corruption attempt (file-other.rules) * 1:59454 <-> DISABLED <-> FILE-OTHER Perl archive tar arbitrary file overwrite attempt (file-other.rules) * 1:59459 <-> DISABLED <-> SERVER-OTHER strongSwan x509 plugin denial of service attempt (server-other.rules) * 1:59480 <-> ENABLED <-> SERVER-WEBAPP Apache APISIX default admin API backdoor usage attempt (server-webapp.rules) * 1:59470 <-> DISABLED <-> FILE-IMAGE JasPer jp2_decode out of bounds read attempt (file-image.rules) * 1:59472 <-> DISABLED <-> FILE-OFFICE Microsoft JET Database remote code execution attempt (file-office.rules) * 1:59481 <-> ENABLED <-> SERVER-WEBAPP Apache APISIX default admin API backdoor usage attempt (server-webapp.rules) * 1:59474 <-> DISABLED <-> FILE-OTHER FreeBSD bspatch utility remote code execution attempt (file-other.rules) * 1:59452 <-> DISABLED <-> FILE-OTHER 7-Zip crafted RAR solid compression memory corruption attempt (file-other.rules) * 1:59461 <-> DISABLED <-> FILE-OTHER GNU Libextractor ZIP file comment out-of-bounds read attempt (file-other.rules) * 1:59463 <-> DISABLED <-> INDICATOR-SHELLCODE Java object deserialization exploit attempt (indicator-shellcode.rules) * 1:59460 <-> DISABLED <-> FILE-OTHER GNU Libextractor ZIP file comment out-of-bounds read attempt (file-other.rules) * 1:59465 <-> DISABLED <-> FILE-OTHER Fuji Electric V-Server VPR heap buffer overflow attempt (file-other.rules) * 1:59467 <-> DISABLED <-> FILE-PDF Foxit Reader and PhantonPDF XFA gotoURL command injection attempt (file-pdf.rules) * 1:59464 <-> DISABLED <-> SERVER-OTHER Squid Proxy ESI response processing denial of service attempt (server-other.rules) * 1:59479 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro embedded TIFF heap overflow attempt (file-other.rules) * 1:59469 <-> DISABLED <-> FILE-IMAGE JasPer jp2_decode out of bounds read attempt (file-image.rules) * 1:59455 <-> DISABLED <-> FILE-OTHER Perl archive tar arbitrary file overwrite attempt (file-other.rules) * 1:59471 <-> DISABLED <-> SERVER-OTHER Qognify Ocularis Event Coordinator insecure deserialization attempt (server-other.rules) * 1:59475 <-> DISABLED <-> FILE-OTHER FreeBSD bspatch utility remote code execution attempt (file-other.rules) * 1:59468 <-> DISABLED <-> FILE-PDF Foxit Reader and PhantonPDF XFA gotoURL command injection attempt (file-pdf.rules) * 1:59473 <-> DISABLED <-> FILE-OFFICE Microsoft JET Database remote code execution attempt (file-office.rules) * 1:59476 <-> ENABLED <-> SERVER-OTHER Advantech WebAccess DCERPC stack buffer overflow attempt (server-other.rules) * 1:59477 <-> ENABLED <-> SERVER-OTHER Advantech WebAccess DCERPC stack buffer overflow attempt (server-other.rules) * 1:59458 <-> DISABLED <-> SERVER-OTHER strongSwan gmp plugin denial of service attempt (server-other.rules) * 1:59462 <-> DISABLED <-> PROTOCOL-SCADA Rockwell Automation RSLinx Classic buffer overflow attempt (protocol-scada.rules) * 1:59457 <-> DISABLED <-> FILE-OTHER Perl archive tar arbitrary file overwrite attempt (file-other.rules) * 1:59456 <-> DISABLED <-> FILE-OTHER Perl archive tar arbitrary file overwrite attempt (file-other.rules)
* 1:46234 <-> DISABLED <-> FILE-OFFICE Microsoft JET Database remote code execution attempt (file-office.rules) * 1:46233 <-> DISABLED <-> FILE-OFFICE Microsoft JET Database remote code execution attempt (file-office.rules) * 1:39320 <-> DISABLED <-> INDICATOR-OBFUSCATION HTTP header invalid entry evasion attempt (indicator-obfuscation.rules) * 3:35903 <-> ENABLED <-> SERVER-OTHER IBM Tivoli Storage Manager FastBack buffer overflow attempt (server-other.rules) * 3:45222 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2017-0508 attack attempt (server-webapp.rules) * 3:35902 <-> ENABLED <-> SERVER-OTHER IBM Tivoli Storage Manager FastBack command injection attempt (server-other.rules) * 3:45223 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2017-0508 attack attempt (server-webapp.rules) * 3:50117 <-> ENABLED <-> SERVER-WEBAPP Cisco IOS XE Web UI command injection attempt (server-webapp.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091101.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:59458 <-> DISABLED <-> SERVER-OTHER strongSwan gmp plugin denial of service attempt (server-other.rules) * 1:59461 <-> DISABLED <-> FILE-OTHER GNU Libextractor ZIP file comment out-of-bounds read attempt (file-other.rules) * 1:59478 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro embedded TIFF heap overflow attempt (file-other.rules) * 1:59470 <-> DISABLED <-> FILE-IMAGE JasPer jp2_decode out of bounds read attempt (file-image.rules) * 1:59460 <-> DISABLED <-> FILE-OTHER GNU Libextractor ZIP file comment out-of-bounds read attempt (file-other.rules) * 1:59457 <-> DISABLED <-> FILE-OTHER Perl archive tar arbitrary file overwrite attempt (file-other.rules) * 1:59472 <-> DISABLED <-> FILE-OFFICE Microsoft JET Database remote code execution attempt (file-office.rules) * 1:59474 <-> DISABLED <-> FILE-OTHER FreeBSD bspatch utility remote code execution attempt (file-other.rules) * 1:59473 <-> DISABLED <-> FILE-OFFICE Microsoft JET Database remote code execution attempt (file-office.rules) * 1:59454 <-> DISABLED <-> FILE-OTHER Perl archive tar arbitrary file overwrite attempt (file-other.rules) * 1:59468 <-> DISABLED <-> FILE-PDF Foxit Reader and PhantonPDF XFA gotoURL command injection attempt (file-pdf.rules) * 1:59463 <-> DISABLED <-> INDICATOR-SHELLCODE Java object deserialization exploit attempt (indicator-shellcode.rules) * 1:59462 <-> DISABLED <-> PROTOCOL-SCADA Rockwell Automation RSLinx Classic buffer overflow attempt (protocol-scada.rules) * 1:59476 <-> ENABLED <-> SERVER-OTHER Advantech WebAccess DCERPC stack buffer overflow attempt (server-other.rules) * 1:59466 <-> DISABLED <-> FILE-OTHER Fuji Electric V-Server VPR heap buffer overflow attempt (file-other.rules) * 1:59465 <-> DISABLED <-> FILE-OTHER Fuji Electric V-Server VPR heap buffer overflow attempt (file-other.rules) * 1:59452 <-> DISABLED <-> FILE-OTHER 7-Zip crafted RAR solid compression memory corruption attempt (file-other.rules) * 1:59459 <-> DISABLED <-> SERVER-OTHER strongSwan x509 plugin denial of service attempt (server-other.rules) * 1:59464 <-> DISABLED <-> SERVER-OTHER Squid Proxy ESI response processing denial of service attempt (server-other.rules) * 1:59479 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro embedded TIFF heap overflow attempt (file-other.rules) * 1:59469 <-> DISABLED <-> FILE-IMAGE JasPer jp2_decode out of bounds read attempt (file-image.rules) * 1:59467 <-> DISABLED <-> FILE-PDF Foxit Reader and PhantonPDF XFA gotoURL command injection attempt (file-pdf.rules) * 1:59475 <-> DISABLED <-> FILE-OTHER FreeBSD bspatch utility remote code execution attempt (file-other.rules) * 1:59471 <-> DISABLED <-> SERVER-OTHER Qognify Ocularis Event Coordinator insecure deserialization attempt (server-other.rules) * 1:59480 <-> ENABLED <-> SERVER-WEBAPP Apache APISIX default admin API backdoor usage attempt (server-webapp.rules) * 1:59481 <-> ENABLED <-> SERVER-WEBAPP Apache APISIX default admin API backdoor usage attempt (server-webapp.rules) * 1:59456 <-> DISABLED <-> FILE-OTHER Perl archive tar arbitrary file overwrite attempt (file-other.rules) * 1:59455 <-> DISABLED <-> FILE-OTHER Perl archive tar arbitrary file overwrite attempt (file-other.rules) * 1:59453 <-> DISABLED <-> FILE-OTHER 7-Zip crafted RAR solid compression memory corruption attempt (file-other.rules) * 1:59477 <-> ENABLED <-> SERVER-OTHER Advantech WebAccess DCERPC stack buffer overflow attempt (server-other.rules)
* 1:39320 <-> DISABLED <-> INDICATOR-OBFUSCATION HTTP header invalid entry evasion attempt (indicator-obfuscation.rules) * 1:46234 <-> DISABLED <-> FILE-OFFICE Microsoft JET Database remote code execution attempt (file-office.rules) * 1:46233 <-> DISABLED <-> FILE-OFFICE Microsoft JET Database remote code execution attempt (file-office.rules) * 3:35903 <-> ENABLED <-> SERVER-OTHER IBM Tivoli Storage Manager FastBack buffer overflow attempt (server-other.rules) * 3:45222 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2017-0508 attack attempt (server-webapp.rules) * 3:45223 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2017-0508 attack attempt (server-webapp.rules) * 3:50117 <-> ENABLED <-> SERVER-WEBAPP Cisco IOS XE Web UI command injection attempt (server-webapp.rules) * 3:35902 <-> ENABLED <-> SERVER-OTHER IBM Tivoli Storage Manager FastBack command injection attempt (server-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3000.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:59455 <-> DISABLED <-> FILE-OTHER Perl archive tar arbitrary file overwrite attempt (snort3-file-other.rules) * 1:59452 <-> DISABLED <-> FILE-OTHER 7-Zip crafted RAR solid compression memory corruption attempt (snort3-file-other.rules) * 1:59456 <-> DISABLED <-> FILE-OTHER Perl archive tar arbitrary file overwrite attempt (snort3-file-other.rules) * 1:59457 <-> DISABLED <-> FILE-OTHER Perl archive tar arbitrary file overwrite attempt (snort3-file-other.rules) * 1:59453 <-> DISABLED <-> FILE-OTHER 7-Zip crafted RAR solid compression memory corruption attempt (snort3-file-other.rules) * 1:59481 <-> ENABLED <-> SERVER-WEBAPP Apache APISIX default admin API backdoor usage attempt (snort3-server-webapp.rules) * 1:59463 <-> DISABLED <-> INDICATOR-SHELLCODE Java object deserialization exploit attempt (snort3-indicator-shellcode.rules) * 1:59464 <-> DISABLED <-> SERVER-OTHER Squid Proxy ESI response processing denial of service attempt (snort3-server-other.rules) * 1:59454 <-> DISABLED <-> FILE-OTHER Perl archive tar arbitrary file overwrite attempt (snort3-file-other.rules) * 1:59466 <-> DISABLED <-> FILE-OTHER Fuji Electric V-Server VPR heap buffer overflow attempt (snort3-file-other.rules) * 1:59467 <-> DISABLED <-> FILE-PDF Foxit Reader and PhantonPDF XFA gotoURL command injection attempt (snort3-file-pdf.rules) * 1:59458 <-> DISABLED <-> SERVER-OTHER strongSwan gmp plugin denial of service attempt (snort3-server-other.rules) * 1:59468 <-> DISABLED <-> FILE-PDF Foxit Reader and PhantonPDF XFA gotoURL command injection attempt (snort3-file-pdf.rules) * 1:59469 <-> DISABLED <-> FILE-IMAGE JasPer jp2_decode out of bounds read attempt (snort3-file-image.rules) * 1:59470 <-> DISABLED <-> FILE-IMAGE JasPer jp2_decode out of bounds read attempt (snort3-file-image.rules) * 1:59471 <-> DISABLED <-> SERVER-OTHER Qognify Ocularis Event Coordinator insecure deserialization attempt (snort3-server-other.rules) * 1:59479 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro embedded TIFF heap overflow attempt (snort3-file-other.rules) * 1:59472 <-> DISABLED <-> FILE-OFFICE Microsoft JET Database remote code execution attempt (snort3-file-office.rules) * 1:59462 <-> DISABLED <-> PROTOCOL-SCADA Rockwell Automation RSLinx Classic buffer overflow attempt (snort3-protocol-scada.rules) * 1:59460 <-> DISABLED <-> FILE-OTHER GNU Libextractor ZIP file comment out-of-bounds read attempt (snort3-file-other.rules) * 1:59473 <-> DISABLED <-> FILE-OFFICE Microsoft JET Database remote code execution attempt (snort3-file-office.rules) * 1:59474 <-> DISABLED <-> FILE-OTHER FreeBSD bspatch utility remote code execution attempt (snort3-file-other.rules) * 1:59459 <-> DISABLED <-> SERVER-OTHER strongSwan x509 plugin denial of service attempt (snort3-server-other.rules) * 1:59461 <-> DISABLED <-> FILE-OTHER GNU Libextractor ZIP file comment out-of-bounds read attempt (snort3-file-other.rules) * 1:59475 <-> DISABLED <-> FILE-OTHER FreeBSD bspatch utility remote code execution attempt (snort3-file-other.rules) * 1:59480 <-> ENABLED <-> SERVER-WEBAPP Apache APISIX default admin API backdoor usage attempt (snort3-server-webapp.rules) * 1:59476 <-> ENABLED <-> SERVER-OTHER Advantech WebAccess DCERPC stack buffer overflow attempt (snort3-server-other.rules) * 1:59477 <-> ENABLED <-> SERVER-OTHER Advantech WebAccess DCERPC stack buffer overflow attempt (snort3-server-other.rules) * 1:59465 <-> DISABLED <-> FILE-OTHER Fuji Electric V-Server VPR heap buffer overflow attempt (snort3-file-other.rules) * 1:59478 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro embedded TIFF heap overflow attempt (snort3-file-other.rules)
* 1:46234 <-> DISABLED <-> FILE-OFFICE Microsoft JET Database remote code execution attempt (snort3-file-office.rules) * 1:39320 <-> DISABLED <-> INDICATOR-OBFUSCATION HTTP header invalid entry evasion attempt (snort3-indicator-obfuscation.rules) * 1:46233 <-> DISABLED <-> FILE-OFFICE Microsoft JET Database remote code execution attempt (snort3-file-office.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:59476 <-> ENABLED <-> SERVER-OTHER Advantech WebAccess DCERPC stack buffer overflow attempt (server-other.rules) * 1:59470 <-> DISABLED <-> FILE-IMAGE JasPer jp2_decode out of bounds read attempt (file-image.rules) * 1:59464 <-> DISABLED <-> SERVER-OTHER Squid Proxy ESI response processing denial of service attempt (server-other.rules) * 1:59468 <-> DISABLED <-> FILE-PDF Foxit Reader and PhantonPDF XFA gotoURL command injection attempt (file-pdf.rules) * 1:59474 <-> DISABLED <-> FILE-OTHER FreeBSD bspatch utility remote code execution attempt (file-other.rules) * 1:59457 <-> DISABLED <-> FILE-OTHER Perl archive tar arbitrary file overwrite attempt (file-other.rules) * 1:59478 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro embedded TIFF heap overflow attempt (file-other.rules) * 1:59472 <-> DISABLED <-> FILE-OFFICE Microsoft JET Database remote code execution attempt (file-office.rules) * 1:59477 <-> ENABLED <-> SERVER-OTHER Advantech WebAccess DCERPC stack buffer overflow attempt (server-other.rules) * 1:59459 <-> DISABLED <-> SERVER-OTHER strongSwan x509 plugin denial of service attempt (server-other.rules) * 1:59480 <-> ENABLED <-> SERVER-WEBAPP Apache APISIX default admin API backdoor usage attempt (server-webapp.rules) * 1:59467 <-> DISABLED <-> FILE-PDF Foxit Reader and PhantonPDF XFA gotoURL command injection attempt (file-pdf.rules) * 1:59454 <-> DISABLED <-> FILE-OTHER Perl archive tar arbitrary file overwrite attempt (file-other.rules) * 1:59466 <-> DISABLED <-> FILE-OTHER Fuji Electric V-Server VPR heap buffer overflow attempt (file-other.rules) * 1:59452 <-> DISABLED <-> FILE-OTHER 7-Zip crafted RAR solid compression memory corruption attempt (file-other.rules) * 1:59453 <-> DISABLED <-> FILE-OTHER 7-Zip crafted RAR solid compression memory corruption attempt (file-other.rules) * 1:59479 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro embedded TIFF heap overflow attempt (file-other.rules) * 1:59471 <-> DISABLED <-> SERVER-OTHER Qognify Ocularis Event Coordinator insecure deserialization attempt (server-other.rules) * 1:59455 <-> DISABLED <-> FILE-OTHER Perl archive tar arbitrary file overwrite attempt (file-other.rules) * 1:59475 <-> DISABLED <-> FILE-OTHER FreeBSD bspatch utility remote code execution attempt (file-other.rules) * 1:59462 <-> DISABLED <-> PROTOCOL-SCADA Rockwell Automation RSLinx Classic buffer overflow attempt (protocol-scada.rules) * 1:59456 <-> DISABLED <-> FILE-OTHER Perl archive tar arbitrary file overwrite attempt (file-other.rules) * 1:59469 <-> DISABLED <-> FILE-IMAGE JasPer jp2_decode out of bounds read attempt (file-image.rules) * 1:59458 <-> DISABLED <-> SERVER-OTHER strongSwan gmp plugin denial of service attempt (server-other.rules) * 1:59465 <-> DISABLED <-> FILE-OTHER Fuji Electric V-Server VPR heap buffer overflow attempt (file-other.rules) * 1:59463 <-> DISABLED <-> INDICATOR-SHELLCODE Java object deserialization exploit attempt (indicator-shellcode.rules) * 1:59473 <-> DISABLED <-> FILE-OFFICE Microsoft JET Database remote code execution attempt (file-office.rules) * 1:59481 <-> ENABLED <-> SERVER-WEBAPP Apache APISIX default admin API backdoor usage attempt (server-webapp.rules)
* 1:46233 <-> DISABLED <-> FILE-OFFICE Microsoft JET Database remote code execution attempt (file-office.rules) * 1:46234 <-> DISABLED <-> FILE-OFFICE Microsoft JET Database remote code execution attempt (file-office.rules) * 1:39320 <-> DISABLED <-> INDICATOR-OBFUSCATION HTTP header invalid entry evasion attempt (indicator-obfuscation.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.0.3.1.
The format of the file is:
gid:sid <-> Message
* 1:300063 <-> FILE-OTHER LibreOffice office document arbitrary script execution attempt * 1:59417 <-> SERVER-OTHER Git HTTP server submodule potential remote code execution attempt * 1:59418 <-> SERVER-OTHER Git HTTP server submodule potential remote code execution attempt * 1:59419 <-> SERVER-OTHER Git HTTP server submodule potential remote code execution attempt * 1:59420 <-> MALWARE-CNC Win.Trojan.GraphSteel outbound connection * 1:59421 <-> MALWARE-CNC Win.Infostealer.MarsStealer outbound connection * 1:59422 <-> FILE-OTHER LAquis SCADA LGX report file parsing out-of-bounds write attempt * 1:59423 <-> FILE-OTHER LAquis SCADA LGX report file parsing out-of-bounds write attempt * 1:59424 <-> FILE-OTHER LAquis SCADA LGX report arbitrary file write attempt * 1:59425 <-> FILE-OTHER LAquis SCADA LGX report arbitrary file write attempt * 1:59426 <-> SERVER-WEBAPP Red Hat JBoss BPM Suite Tasks List cross site scripting attempt * 1:59427 <-> SERVER-WEBAPP Red Hat JBoss BPM Suite Tasks List cross site scripting attempt * 1:59428 <-> FILE-OTHER OMRON CX-One CX-Protocol CSCU type confusion attempt * 1:59429 <-> FILE-OTHER OMRON CX-One CX-Protocol CSCU type confusion attempt * 1:59430 <-> MALWARE-OTHER Unix.Malware.B1txor20 download attempt * 1:59431 <-> MALWARE-OTHER Unix.Malware.B1txor20 download attempt * 1:59432 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Password command injection attempt * 1:59433 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Password command injection attempt * 1:59434 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Password command injection attempt * 1:59435 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Password command injection attempt * 1:59436 <-> SERVER-WEBAPP Advantech WISE-PaaS RMM SQLMgmt qryData SQL injection attempt * 1:59437 <-> SERVER-WEBAPP Microsoft Sharepoint cross site scripting attempt * 1:59438 <-> SERVER-WEBAPP Microsoft Sharepoint cross site scripting attempt * 1:59439 <-> SERVER-WEBAPP Microsoft Sharepoint cross site scripting attempt * 1:59440 <-> SERVER-APACHE Apache mod_http2 NULL pointer dereference attempt * 1:59441 <-> SERVER-OTHER OpenSLP slp_process.c heap overflow attempt * 1:59442 <-> SERVER-OTHER OpenSLP slp_process.c heap overflow attempt * 1:59443 <-> SERVER-WEBAPP Trend Micro Interscan MailNotification buffer overflow attempt * 1:59444 <-> SERVER-WEBAPP Trend Micro Interscan MailNotification buffer overflow attempt * 1:59445 <-> MALWARE-CNC Java.Trojan.Verblecon variant outbound connection * 1:59446 <-> MALWARE-CNC Java.Trojan.Verblecon variant outbound connection * 1:59447 <-> PROTOCOL-SCADA WeCon LeviStudioU HFT font buffer overflow attempt * 3:59448 <-> BROWSER-CHROME TRUFFLEHUNTER TALOS-2022-1508 attack attempt * 3:59449 <-> BROWSER-CHROME TRUFFLEHUNTER TALOS-2022-1508 attack attempt * 3:59450 <-> OS-OTHER TRUFFLEHUNTER TALOS-2022-1497 attack attempt * 3:59451 <-> OS-OTHER TRUFFLEHUNTER TALOS-2022-1497 attack attempt
* 1:30790 <-> SERVER-WEBAPP Java ClassLoader access attempt * 1:30791 <-> SERVER-WEBAPP Java ClassLoader access attempt * 1:30792 <-> SERVER-WEBAPP Java ClassLoader access attempt * 1:30793 <-> SERVER-WEBAPP Java ClassLoader access attempt * 1:30951 <-> SERVER-WEBAPP Microsoft Sharepoint cross site scripting attempt * 1:38124 <-> FILE-MULTIMEDIA Microsoft Windows Transport Stream Program Map Table Heap overflow attempt * 1:38125 <-> FILE-MULTIMEDIA Microsoft Windows Transport Stream Program Map Table Heap overflow attempt * 1:49964 <-> OS-WINDOWS Microsoft Windows DHCP client domain search integer underflow attempt * 1:51159 <-> OS-WINDOWS Microsoft Windows DHCP client Domain Search response memory corruption attempt * 1:59416 <-> SERVER-WEBAPP Java getRuntime remote code execution attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.0.3.4.
The format of the file is:
gid:sid <-> Message
* 1:300063 <-> FILE-OTHER LibreOffice office document arbitrary script execution attempt * 1:59417 <-> SERVER-OTHER Git HTTP server submodule potential remote code execution attempt * 1:59418 <-> SERVER-OTHER Git HTTP server submodule potential remote code execution attempt * 1:59419 <-> SERVER-OTHER Git HTTP server submodule potential remote code execution attempt * 1:59420 <-> MALWARE-CNC Win.Trojan.GraphSteel outbound connection * 1:59421 <-> MALWARE-CNC Win.Infostealer.MarsStealer outbound connection * 1:59422 <-> FILE-OTHER LAquis SCADA LGX report file parsing out-of-bounds write attempt * 1:59423 <-> FILE-OTHER LAquis SCADA LGX report file parsing out-of-bounds write attempt * 1:59424 <-> FILE-OTHER LAquis SCADA LGX report arbitrary file write attempt * 1:59425 <-> FILE-OTHER LAquis SCADA LGX report arbitrary file write attempt * 1:59426 <-> SERVER-WEBAPP Red Hat JBoss BPM Suite Tasks List cross site scripting attempt * 1:59427 <-> SERVER-WEBAPP Red Hat JBoss BPM Suite Tasks List cross site scripting attempt * 1:59428 <-> FILE-OTHER OMRON CX-One CX-Protocol CSCU type confusion attempt * 1:59429 <-> FILE-OTHER OMRON CX-One CX-Protocol CSCU type confusion attempt * 1:59430 <-> MALWARE-OTHER Unix.Malware.B1txor20 download attempt * 1:59431 <-> MALWARE-OTHER Unix.Malware.B1txor20 download attempt * 1:59432 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Password command injection attempt * 1:59433 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Password command injection attempt * 1:59434 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Password command injection attempt * 1:59435 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Password command injection attempt * 1:59436 <-> SERVER-WEBAPP Advantech WISE-PaaS RMM SQLMgmt qryData SQL injection attempt * 1:59437 <-> SERVER-WEBAPP Microsoft Sharepoint cross site scripting attempt * 1:59438 <-> SERVER-WEBAPP Microsoft Sharepoint cross site scripting attempt * 1:59439 <-> SERVER-WEBAPP Microsoft Sharepoint cross site scripting attempt * 1:59440 <-> SERVER-APACHE Apache mod_http2 NULL pointer dereference attempt * 1:59441 <-> SERVER-OTHER OpenSLP slp_process.c heap overflow attempt * 1:59442 <-> SERVER-OTHER OpenSLP slp_process.c heap overflow attempt * 1:59443 <-> SERVER-WEBAPP Trend Micro Interscan MailNotification buffer overflow attempt * 1:59444 <-> SERVER-WEBAPP Trend Micro Interscan MailNotification buffer overflow attempt * 1:59445 <-> MALWARE-CNC Java.Trojan.Verblecon variant outbound connection * 1:59446 <-> MALWARE-CNC Java.Trojan.Verblecon variant outbound connection * 1:59447 <-> PROTOCOL-SCADA WeCon LeviStudioU HFT font buffer overflow attempt * 3:59448 <-> BROWSER-CHROME TRUFFLEHUNTER TALOS-2022-1508 attack attempt * 3:59449 <-> BROWSER-CHROME TRUFFLEHUNTER TALOS-2022-1508 attack attempt * 3:59450 <-> OS-OTHER TRUFFLEHUNTER TALOS-2022-1497 attack attempt * 3:59451 <-> OS-OTHER TRUFFLEHUNTER TALOS-2022-1497 attack attempt
* 1:30790 <-> SERVER-WEBAPP Java ClassLoader access attempt * 1:30791 <-> SERVER-WEBAPP Java ClassLoader access attempt * 1:30792 <-> SERVER-WEBAPP Java ClassLoader access attempt * 1:30793 <-> SERVER-WEBAPP Java ClassLoader access attempt * 1:30951 <-> SERVER-WEBAPP Microsoft Sharepoint cross site scripting attempt * 1:38124 <-> FILE-MULTIMEDIA Microsoft Windows Transport Stream Program Map Table Heap overflow attempt * 1:38125 <-> FILE-MULTIMEDIA Microsoft Windows Transport Stream Program Map Table Heap overflow attempt * 1:49964 <-> OS-WINDOWS Microsoft Windows DHCP client domain search integer underflow attempt * 1:51159 <-> OS-WINDOWS Microsoft Windows DHCP client Domain Search response memory corruption attempt * 1:59416 <-> SERVER-WEBAPP Java getRuntime remote code execution attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.0.0.
The format of the file is:
gid:sid <-> Message
* 1:300063 <-> FILE-OTHER LibreOffice office document arbitrary script execution attempt * 1:59417 <-> SERVER-OTHER Git HTTP server submodule potential remote code execution attempt * 1:59418 <-> SERVER-OTHER Git HTTP server submodule potential remote code execution attempt * 1:59419 <-> SERVER-OTHER Git HTTP server submodule potential remote code execution attempt * 1:59420 <-> MALWARE-CNC Win.Trojan.GraphSteel outbound connection * 1:59421 <-> MALWARE-CNC Win.Infostealer.MarsStealer outbound connection * 1:59422 <-> FILE-OTHER LAquis SCADA LGX report file parsing out-of-bounds write attempt * 1:59423 <-> FILE-OTHER LAquis SCADA LGX report file parsing out-of-bounds write attempt * 1:59424 <-> FILE-OTHER LAquis SCADA LGX report arbitrary file write attempt * 1:59425 <-> FILE-OTHER LAquis SCADA LGX report arbitrary file write attempt * 1:59426 <-> SERVER-WEBAPP Red Hat JBoss BPM Suite Tasks List cross site scripting attempt * 1:59427 <-> SERVER-WEBAPP Red Hat JBoss BPM Suite Tasks List cross site scripting attempt * 1:59428 <-> FILE-OTHER OMRON CX-One CX-Protocol CSCU type confusion attempt * 1:59429 <-> FILE-OTHER OMRON CX-One CX-Protocol CSCU type confusion attempt * 1:59430 <-> MALWARE-OTHER Unix.Malware.B1txor20 download attempt * 1:59431 <-> MALWARE-OTHER Unix.Malware.B1txor20 download attempt * 1:59432 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Password command injection attempt * 1:59433 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Password command injection attempt * 1:59434 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Password command injection attempt * 1:59435 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Password command injection attempt * 1:59436 <-> SERVER-WEBAPP Advantech WISE-PaaS RMM SQLMgmt qryData SQL injection attempt * 1:59437 <-> SERVER-WEBAPP Microsoft Sharepoint cross site scripting attempt * 1:59438 <-> SERVER-WEBAPP Microsoft Sharepoint cross site scripting attempt * 1:59439 <-> SERVER-WEBAPP Microsoft Sharepoint cross site scripting attempt * 1:59440 <-> SERVER-APACHE Apache mod_http2 NULL pointer dereference attempt * 1:59441 <-> SERVER-OTHER OpenSLP slp_process.c heap overflow attempt * 1:59442 <-> SERVER-OTHER OpenSLP slp_process.c heap overflow attempt * 1:59443 <-> SERVER-WEBAPP Trend Micro Interscan MailNotification buffer overflow attempt * 1:59444 <-> SERVER-WEBAPP Trend Micro Interscan MailNotification buffer overflow attempt * 1:59445 <-> MALWARE-CNC Java.Trojan.Verblecon variant outbound connection * 1:59446 <-> MALWARE-CNC Java.Trojan.Verblecon variant outbound connection * 1:59447 <-> PROTOCOL-SCADA WeCon LeviStudioU HFT font buffer overflow attempt * 3:59448 <-> BROWSER-CHROME TRUFFLEHUNTER TALOS-2022-1508 attack attempt * 3:59449 <-> BROWSER-CHROME TRUFFLEHUNTER TALOS-2022-1508 attack attempt * 3:59450 <-> OS-OTHER TRUFFLEHUNTER TALOS-2022-1497 attack attempt * 3:59451 <-> OS-OTHER TRUFFLEHUNTER TALOS-2022-1497 attack attempt
* 1:30790 <-> SERVER-WEBAPP Java ClassLoader access attempt * 1:30791 <-> SERVER-WEBAPP Java ClassLoader access attempt * 1:30792 <-> SERVER-WEBAPP Java ClassLoader access attempt * 1:30793 <-> SERVER-WEBAPP Java ClassLoader access attempt * 1:30951 <-> SERVER-WEBAPP Microsoft Sharepoint cross site scripting attempt * 1:38124 <-> FILE-MULTIMEDIA Microsoft Windows Transport Stream Program Map Table Heap overflow attempt * 1:38125 <-> FILE-MULTIMEDIA Microsoft Windows Transport Stream Program Map Table Heap overflow attempt * 1:49964 <-> OS-WINDOWS Microsoft Windows DHCP client domain search integer underflow attempt * 1:51159 <-> OS-WINDOWS Microsoft Windows DHCP client Domain Search response memory corruption attempt * 1:59416 <-> SERVER-WEBAPP Java getRuntime remote code execution attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.0.1.
The format of the file is:
gid:sid <-> Message
* 1:300063 <-> FILE-OTHER LibreOffice office document arbitrary script execution attempt * 1:59417 <-> SERVER-OTHER Git HTTP server submodule potential remote code execution attempt * 1:59418 <-> SERVER-OTHER Git HTTP server submodule potential remote code execution attempt * 1:59419 <-> SERVER-OTHER Git HTTP server submodule potential remote code execution attempt * 1:59420 <-> MALWARE-CNC Win.Trojan.GraphSteel outbound connection * 1:59421 <-> MALWARE-CNC Win.Infostealer.MarsStealer outbound connection * 1:59422 <-> FILE-OTHER LAquis SCADA LGX report file parsing out-of-bounds write attempt * 1:59423 <-> FILE-OTHER LAquis SCADA LGX report file parsing out-of-bounds write attempt * 1:59424 <-> FILE-OTHER LAquis SCADA LGX report arbitrary file write attempt * 1:59425 <-> FILE-OTHER LAquis SCADA LGX report arbitrary file write attempt * 1:59426 <-> SERVER-WEBAPP Red Hat JBoss BPM Suite Tasks List cross site scripting attempt * 1:59427 <-> SERVER-WEBAPP Red Hat JBoss BPM Suite Tasks List cross site scripting attempt * 1:59428 <-> FILE-OTHER OMRON CX-One CX-Protocol CSCU type confusion attempt * 1:59429 <-> FILE-OTHER OMRON CX-One CX-Protocol CSCU type confusion attempt * 1:59430 <-> MALWARE-OTHER Unix.Malware.B1txor20 download attempt * 1:59431 <-> MALWARE-OTHER Unix.Malware.B1txor20 download attempt * 1:59432 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Password command injection attempt * 1:59433 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Password command injection attempt * 1:59434 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Password command injection attempt * 1:59435 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Password command injection attempt * 1:59436 <-> SERVER-WEBAPP Advantech WISE-PaaS RMM SQLMgmt qryData SQL injection attempt * 1:59437 <-> SERVER-WEBAPP Microsoft Sharepoint cross site scripting attempt * 1:59438 <-> SERVER-WEBAPP Microsoft Sharepoint cross site scripting attempt * 1:59439 <-> SERVER-WEBAPP Microsoft Sharepoint cross site scripting attempt * 1:59440 <-> SERVER-APACHE Apache mod_http2 NULL pointer dereference attempt * 1:59441 <-> SERVER-OTHER OpenSLP slp_process.c heap overflow attempt * 1:59442 <-> SERVER-OTHER OpenSLP slp_process.c heap overflow attempt * 1:59443 <-> SERVER-WEBAPP Trend Micro Interscan MailNotification buffer overflow attempt * 1:59444 <-> SERVER-WEBAPP Trend Micro Interscan MailNotification buffer overflow attempt * 1:59445 <-> MALWARE-CNC Java.Trojan.Verblecon variant outbound connection * 1:59446 <-> MALWARE-CNC Java.Trojan.Verblecon variant outbound connection * 1:59447 <-> PROTOCOL-SCADA WeCon LeviStudioU HFT font buffer overflow attempt * 3:59448 <-> BROWSER-CHROME TRUFFLEHUNTER TALOS-2022-1508 attack attempt * 3:59449 <-> BROWSER-CHROME TRUFFLEHUNTER TALOS-2022-1508 attack attempt * 3:59450 <-> OS-OTHER TRUFFLEHUNTER TALOS-2022-1497 attack attempt * 3:59451 <-> OS-OTHER TRUFFLEHUNTER TALOS-2022-1497 attack attempt
* 1:30790 <-> SERVER-WEBAPP Java ClassLoader access attempt * 1:30791 <-> SERVER-WEBAPP Java ClassLoader access attempt * 1:30792 <-> SERVER-WEBAPP Java ClassLoader access attempt * 1:30793 <-> SERVER-WEBAPP Java ClassLoader access attempt * 1:30951 <-> SERVER-WEBAPP Microsoft Sharepoint cross site scripting attempt * 1:38124 <-> FILE-MULTIMEDIA Microsoft Windows Transport Stream Program Map Table Heap overflow attempt * 1:38125 <-> FILE-MULTIMEDIA Microsoft Windows Transport Stream Program Map Table Heap overflow attempt * 1:49964 <-> OS-WINDOWS Microsoft Windows DHCP client domain search integer underflow attempt * 1:51159 <-> OS-WINDOWS Microsoft Windows DHCP client Domain Search response memory corruption attempt * 1:59416 <-> SERVER-WEBAPP Java getRuntime remote code execution attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.1.0.
The format of the file is:
gid:sid <-> Message
* 1:300063 <-> FILE-OTHER LibreOffice office document arbitrary script execution attempt * 1:59417 <-> SERVER-OTHER Git HTTP server submodule potential remote code execution attempt * 1:59418 <-> SERVER-OTHER Git HTTP server submodule potential remote code execution attempt * 1:59419 <-> SERVER-OTHER Git HTTP server submodule potential remote code execution attempt * 1:59420 <-> MALWARE-CNC Win.Trojan.GraphSteel outbound connection * 1:59421 <-> MALWARE-CNC Win.Infostealer.MarsStealer outbound connection * 1:59422 <-> FILE-OTHER LAquis SCADA LGX report file parsing out-of-bounds write attempt * 1:59423 <-> FILE-OTHER LAquis SCADA LGX report file parsing out-of-bounds write attempt * 1:59424 <-> FILE-OTHER LAquis SCADA LGX report arbitrary file write attempt * 1:59425 <-> FILE-OTHER LAquis SCADA LGX report arbitrary file write attempt * 1:59426 <-> SERVER-WEBAPP Red Hat JBoss BPM Suite Tasks List cross site scripting attempt * 1:59427 <-> SERVER-WEBAPP Red Hat JBoss BPM Suite Tasks List cross site scripting attempt * 1:59428 <-> FILE-OTHER OMRON CX-One CX-Protocol CSCU type confusion attempt * 1:59429 <-> FILE-OTHER OMRON CX-One CX-Protocol CSCU type confusion attempt * 1:59430 <-> MALWARE-OTHER Unix.Malware.B1txor20 download attempt * 1:59431 <-> MALWARE-OTHER Unix.Malware.B1txor20 download attempt * 1:59432 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Password command injection attempt * 1:59433 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Password command injection attempt * 1:59434 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Password command injection attempt * 1:59435 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Password command injection attempt * 1:59436 <-> SERVER-WEBAPP Advantech WISE-PaaS RMM SQLMgmt qryData SQL injection attempt * 1:59437 <-> SERVER-WEBAPP Microsoft Sharepoint cross site scripting attempt * 1:59438 <-> SERVER-WEBAPP Microsoft Sharepoint cross site scripting attempt * 1:59439 <-> SERVER-WEBAPP Microsoft Sharepoint cross site scripting attempt * 1:59440 <-> SERVER-APACHE Apache mod_http2 NULL pointer dereference attempt * 1:59441 <-> SERVER-OTHER OpenSLP slp_process.c heap overflow attempt * 1:59442 <-> SERVER-OTHER OpenSLP slp_process.c heap overflow attempt * 1:59443 <-> SERVER-WEBAPP Trend Micro Interscan MailNotification buffer overflow attempt * 1:59444 <-> SERVER-WEBAPP Trend Micro Interscan MailNotification buffer overflow attempt * 1:59445 <-> MALWARE-CNC Java.Trojan.Verblecon variant outbound connection * 1:59446 <-> MALWARE-CNC Java.Trojan.Verblecon variant outbound connection * 1:59447 <-> PROTOCOL-SCADA WeCon LeviStudioU HFT font buffer overflow attempt * 3:59448 <-> BROWSER-CHROME TRUFFLEHUNTER TALOS-2022-1508 attack attempt * 3:59449 <-> BROWSER-CHROME TRUFFLEHUNTER TALOS-2022-1508 attack attempt * 3:59450 <-> OS-OTHER TRUFFLEHUNTER TALOS-2022-1497 attack attempt * 3:59451 <-> OS-OTHER TRUFFLEHUNTER TALOS-2022-1497 attack attempt
* 1:30790 <-> SERVER-WEBAPP Java ClassLoader access attempt * 1:30791 <-> SERVER-WEBAPP Java ClassLoader access attempt * 1:30792 <-> SERVER-WEBAPP Java ClassLoader access attempt * 1:30793 <-> SERVER-WEBAPP Java ClassLoader access attempt * 1:30951 <-> SERVER-WEBAPP Microsoft Sharepoint cross site scripting attempt * 1:38124 <-> FILE-MULTIMEDIA Microsoft Windows Transport Stream Program Map Table Heap overflow attempt * 1:38125 <-> FILE-MULTIMEDIA Microsoft Windows Transport Stream Program Map Table Heap overflow attempt * 1:49964 <-> OS-WINDOWS Microsoft Windows DHCP client domain search integer underflow attempt * 1:51159 <-> OS-WINDOWS Microsoft Windows DHCP client Domain Search response memory corruption attempt * 1:59416 <-> SERVER-WEBAPP Java getRuntime remote code execution attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.3.0.
The format of the file is:
gid:sid <-> Message
* 1:300063 <-> FILE-OTHER LibreOffice office document arbitrary script execution attempt * 1:59417 <-> SERVER-OTHER Git HTTP server submodule potential remote code execution attempt * 1:59418 <-> SERVER-OTHER Git HTTP server submodule potential remote code execution attempt * 1:59419 <-> SERVER-OTHER Git HTTP server submodule potential remote code execution attempt * 1:59420 <-> MALWARE-CNC Win.Trojan.GraphSteel outbound connection * 1:59421 <-> MALWARE-CNC Win.Infostealer.MarsStealer outbound connection * 1:59422 <-> FILE-OTHER LAquis SCADA LGX report file parsing out-of-bounds write attempt * 1:59423 <-> FILE-OTHER LAquis SCADA LGX report file parsing out-of-bounds write attempt * 1:59424 <-> FILE-OTHER LAquis SCADA LGX report arbitrary file write attempt * 1:59425 <-> FILE-OTHER LAquis SCADA LGX report arbitrary file write attempt * 1:59426 <-> SERVER-WEBAPP Red Hat JBoss BPM Suite Tasks List cross site scripting attempt * 1:59427 <-> SERVER-WEBAPP Red Hat JBoss BPM Suite Tasks List cross site scripting attempt * 1:59428 <-> FILE-OTHER OMRON CX-One CX-Protocol CSCU type confusion attempt * 1:59429 <-> FILE-OTHER OMRON CX-One CX-Protocol CSCU type confusion attempt * 1:59430 <-> MALWARE-OTHER Unix.Malware.B1txor20 download attempt * 1:59431 <-> MALWARE-OTHER Unix.Malware.B1txor20 download attempt * 1:59432 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Password command injection attempt * 1:59433 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Password command injection attempt * 1:59434 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Password command injection attempt * 1:59435 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Password command injection attempt * 1:59436 <-> SERVER-WEBAPP Advantech WISE-PaaS RMM SQLMgmt qryData SQL injection attempt * 1:59437 <-> SERVER-WEBAPP Microsoft Sharepoint cross site scripting attempt * 1:59438 <-> SERVER-WEBAPP Microsoft Sharepoint cross site scripting attempt * 1:59439 <-> SERVER-WEBAPP Microsoft Sharepoint cross site scripting attempt * 1:59440 <-> SERVER-APACHE Apache mod_http2 NULL pointer dereference attempt * 1:59441 <-> SERVER-OTHER OpenSLP slp_process.c heap overflow attempt * 1:59442 <-> SERVER-OTHER OpenSLP slp_process.c heap overflow attempt * 1:59443 <-> SERVER-WEBAPP Trend Micro Interscan MailNotification buffer overflow attempt * 1:59444 <-> SERVER-WEBAPP Trend Micro Interscan MailNotification buffer overflow attempt * 1:59445 <-> MALWARE-CNC Java.Trojan.Verblecon variant outbound connection * 1:59446 <-> MALWARE-CNC Java.Trojan.Verblecon variant outbound connection * 1:59447 <-> PROTOCOL-SCADA WeCon LeviStudioU HFT font buffer overflow attempt * 3:59448 <-> BROWSER-CHROME TRUFFLEHUNTER TALOS-2022-1508 attack attempt * 3:59449 <-> BROWSER-CHROME TRUFFLEHUNTER TALOS-2022-1508 attack attempt * 3:59450 <-> OS-OTHER TRUFFLEHUNTER TALOS-2022-1497 attack attempt * 3:59451 <-> OS-OTHER TRUFFLEHUNTER TALOS-2022-1497 attack attempt
* 1:30790 <-> SERVER-WEBAPP Java ClassLoader access attempt * 1:30791 <-> SERVER-WEBAPP Java ClassLoader access attempt * 1:30792 <-> SERVER-WEBAPP Java ClassLoader access attempt * 1:30793 <-> SERVER-WEBAPP Java ClassLoader access attempt * 1:30951 <-> SERVER-WEBAPP Microsoft Sharepoint cross site scripting attempt * 1:38124 <-> FILE-MULTIMEDIA Microsoft Windows Transport Stream Program Map Table Heap overflow attempt * 1:38125 <-> FILE-MULTIMEDIA Microsoft Windows Transport Stream Program Map Table Heap overflow attempt * 1:49964 <-> OS-WINDOWS Microsoft Windows DHCP client domain search integer underflow attempt * 1:51159 <-> OS-WINDOWS Microsoft Windows DHCP client Domain Search response memory corruption attempt * 1:59416 <-> SERVER-WEBAPP Java getRuntime remote code execution attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.4.0.
The format of the file is:
gid:sid <-> Message
* 1:300063 <-> FILE-OTHER LibreOffice office document arbitrary script execution attempt * 1:59417 <-> SERVER-OTHER Git HTTP server submodule potential remote code execution attempt * 1:59418 <-> SERVER-OTHER Git HTTP server submodule potential remote code execution attempt * 1:59419 <-> SERVER-OTHER Git HTTP server submodule potential remote code execution attempt * 1:59420 <-> MALWARE-CNC Win.Trojan.GraphSteel outbound connection * 1:59421 <-> MALWARE-CNC Win.Infostealer.MarsStealer outbound connection * 1:59422 <-> FILE-OTHER LAquis SCADA LGX report file parsing out-of-bounds write attempt * 1:59423 <-> FILE-OTHER LAquis SCADA LGX report file parsing out-of-bounds write attempt * 1:59424 <-> FILE-OTHER LAquis SCADA LGX report arbitrary file write attempt * 1:59425 <-> FILE-OTHER LAquis SCADA LGX report arbitrary file write attempt * 1:59426 <-> SERVER-WEBAPP Red Hat JBoss BPM Suite Tasks List cross site scripting attempt * 1:59427 <-> SERVER-WEBAPP Red Hat JBoss BPM Suite Tasks List cross site scripting attempt * 1:59428 <-> FILE-OTHER OMRON CX-One CX-Protocol CSCU type confusion attempt * 1:59429 <-> FILE-OTHER OMRON CX-One CX-Protocol CSCU type confusion attempt * 1:59430 <-> MALWARE-OTHER Unix.Malware.B1txor20 download attempt * 1:59431 <-> MALWARE-OTHER Unix.Malware.B1txor20 download attempt * 1:59432 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Password command injection attempt * 1:59433 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Password command injection attempt * 1:59434 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Password command injection attempt * 1:59435 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Password command injection attempt * 1:59436 <-> SERVER-WEBAPP Advantech WISE-PaaS RMM SQLMgmt qryData SQL injection attempt * 1:59437 <-> SERVER-WEBAPP Microsoft Sharepoint cross site scripting attempt * 1:59438 <-> SERVER-WEBAPP Microsoft Sharepoint cross site scripting attempt * 1:59439 <-> SERVER-WEBAPP Microsoft Sharepoint cross site scripting attempt * 1:59440 <-> SERVER-APACHE Apache mod_http2 NULL pointer dereference attempt * 1:59441 <-> SERVER-OTHER OpenSLP slp_process.c heap overflow attempt * 1:59442 <-> SERVER-OTHER OpenSLP slp_process.c heap overflow attempt * 1:59443 <-> SERVER-WEBAPP Trend Micro Interscan MailNotification buffer overflow attempt * 1:59444 <-> SERVER-WEBAPP Trend Micro Interscan MailNotification buffer overflow attempt * 1:59445 <-> MALWARE-CNC Java.Trojan.Verblecon variant outbound connection * 1:59446 <-> MALWARE-CNC Java.Trojan.Verblecon variant outbound connection * 1:59447 <-> PROTOCOL-SCADA WeCon LeviStudioU HFT font buffer overflow attempt * 3:59448 <-> BROWSER-CHROME TRUFFLEHUNTER TALOS-2022-1508 attack attempt * 3:59449 <-> BROWSER-CHROME TRUFFLEHUNTER TALOS-2022-1508 attack attempt * 3:59450 <-> OS-OTHER TRUFFLEHUNTER TALOS-2022-1497 attack attempt * 3:59451 <-> OS-OTHER TRUFFLEHUNTER TALOS-2022-1497 attack attempt
* 1:30790 <-> SERVER-WEBAPP Java ClassLoader access attempt * 1:30791 <-> SERVER-WEBAPP Java ClassLoader access attempt * 1:30792 <-> SERVER-WEBAPP Java ClassLoader access attempt * 1:30793 <-> SERVER-WEBAPP Java ClassLoader access attempt * 1:30951 <-> SERVER-WEBAPP Microsoft Sharepoint cross site scripting attempt * 1:38124 <-> FILE-MULTIMEDIA Microsoft Windows Transport Stream Program Map Table Heap overflow attempt * 1:38125 <-> FILE-MULTIMEDIA Microsoft Windows Transport Stream Program Map Table Heap overflow attempt * 1:49964 <-> OS-WINDOWS Microsoft Windows DHCP client domain search integer underflow attempt * 1:51159 <-> OS-WINDOWS Microsoft Windows DHCP client Domain Search response memory corruption attempt * 1:59416 <-> SERVER-WEBAPP Java getRuntime remote code execution attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.5.0.
The format of the file is:
gid:sid <-> Message
* 1:300063 <-> FILE-OTHER LibreOffice office document arbitrary script execution attempt * 1:59417 <-> SERVER-OTHER Git HTTP server submodule potential remote code execution attempt * 1:59418 <-> SERVER-OTHER Git HTTP server submodule potential remote code execution attempt * 1:59419 <-> SERVER-OTHER Git HTTP server submodule potential remote code execution attempt * 1:59420 <-> MALWARE-CNC Win.Trojan.GraphSteel outbound connection * 1:59421 <-> MALWARE-CNC Win.Infostealer.MarsStealer outbound connection * 1:59422 <-> FILE-OTHER LAquis SCADA LGX report file parsing out-of-bounds write attempt * 1:59423 <-> FILE-OTHER LAquis SCADA LGX report file parsing out-of-bounds write attempt * 1:59424 <-> FILE-OTHER LAquis SCADA LGX report arbitrary file write attempt * 1:59425 <-> FILE-OTHER LAquis SCADA LGX report arbitrary file write attempt * 1:59426 <-> SERVER-WEBAPP Red Hat JBoss BPM Suite Tasks List cross site scripting attempt * 1:59427 <-> SERVER-WEBAPP Red Hat JBoss BPM Suite Tasks List cross site scripting attempt * 1:59428 <-> FILE-OTHER OMRON CX-One CX-Protocol CSCU type confusion attempt * 1:59429 <-> FILE-OTHER OMRON CX-One CX-Protocol CSCU type confusion attempt * 1:59430 <-> MALWARE-OTHER Unix.Malware.B1txor20 download attempt * 1:59431 <-> MALWARE-OTHER Unix.Malware.B1txor20 download attempt * 1:59432 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Password command injection attempt * 1:59433 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Password command injection attempt * 1:59434 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Password command injection attempt * 1:59435 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Password command injection attempt * 1:59436 <-> SERVER-WEBAPP Advantech WISE-PaaS RMM SQLMgmt qryData SQL injection attempt * 1:59437 <-> SERVER-WEBAPP Microsoft Sharepoint cross site scripting attempt * 1:59438 <-> SERVER-WEBAPP Microsoft Sharepoint cross site scripting attempt * 1:59439 <-> SERVER-WEBAPP Microsoft Sharepoint cross site scripting attempt * 1:59440 <-> SERVER-APACHE Apache mod_http2 NULL pointer dereference attempt * 1:59441 <-> SERVER-OTHER OpenSLP slp_process.c heap overflow attempt * 1:59442 <-> SERVER-OTHER OpenSLP slp_process.c heap overflow attempt * 1:59443 <-> SERVER-WEBAPP Trend Micro Interscan MailNotification buffer overflow attempt * 1:59444 <-> SERVER-WEBAPP Trend Micro Interscan MailNotification buffer overflow attempt * 1:59445 <-> MALWARE-CNC Java.Trojan.Verblecon variant outbound connection * 1:59446 <-> MALWARE-CNC Java.Trojan.Verblecon variant outbound connection * 1:59447 <-> PROTOCOL-SCADA WeCon LeviStudioU HFT font buffer overflow attempt * 3:59448 <-> BROWSER-CHROME TRUFFLEHUNTER TALOS-2022-1508 attack attempt * 3:59449 <-> BROWSER-CHROME TRUFFLEHUNTER TALOS-2022-1508 attack attempt * 3:59450 <-> OS-OTHER TRUFFLEHUNTER TALOS-2022-1497 attack attempt * 3:59451 <-> OS-OTHER TRUFFLEHUNTER TALOS-2022-1497 attack attempt
* 1:30790 <-> SERVER-WEBAPP Java ClassLoader access attempt * 1:30791 <-> SERVER-WEBAPP Java ClassLoader access attempt * 1:30792 <-> SERVER-WEBAPP Java ClassLoader access attempt * 1:30793 <-> SERVER-WEBAPP Java ClassLoader access attempt * 1:30951 <-> SERVER-WEBAPP Microsoft Sharepoint cross site scripting attempt * 1:38124 <-> FILE-MULTIMEDIA Microsoft Windows Transport Stream Program Map Table Heap overflow attempt * 1:38125 <-> FILE-MULTIMEDIA Microsoft Windows Transport Stream Program Map Table Heap overflow attempt * 1:49964 <-> OS-WINDOWS Microsoft Windows DHCP client domain search integer underflow attempt * 1:51159 <-> OS-WINDOWS Microsoft Windows DHCP client Domain Search response memory corruption attempt * 1:59416 <-> SERVER-WEBAPP Java getRuntime remote code execution attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.7.0.
The format of the file is:
gid:sid <-> Message
* 1:300063 <-> FILE-OTHER LibreOffice office document arbitrary script execution attempt * 1:59417 <-> SERVER-OTHER Git HTTP server submodule potential remote code execution attempt * 1:59418 <-> SERVER-OTHER Git HTTP server submodule potential remote code execution attempt * 1:59419 <-> SERVER-OTHER Git HTTP server submodule potential remote code execution attempt * 1:59420 <-> MALWARE-CNC Win.Trojan.GraphSteel outbound connection * 1:59421 <-> MALWARE-CNC Win.Infostealer.MarsStealer outbound connection * 1:59422 <-> FILE-OTHER LAquis SCADA LGX report file parsing out-of-bounds write attempt * 1:59423 <-> FILE-OTHER LAquis SCADA LGX report file parsing out-of-bounds write attempt * 1:59424 <-> FILE-OTHER LAquis SCADA LGX report arbitrary file write attempt * 1:59425 <-> FILE-OTHER LAquis SCADA LGX report arbitrary file write attempt * 1:59426 <-> SERVER-WEBAPP Red Hat JBoss BPM Suite Tasks List cross site scripting attempt * 1:59427 <-> SERVER-WEBAPP Red Hat JBoss BPM Suite Tasks List cross site scripting attempt * 1:59428 <-> FILE-OTHER OMRON CX-One CX-Protocol CSCU type confusion attempt * 1:59429 <-> FILE-OTHER OMRON CX-One CX-Protocol CSCU type confusion attempt * 1:59430 <-> MALWARE-OTHER Unix.Malware.B1txor20 download attempt * 1:59431 <-> MALWARE-OTHER Unix.Malware.B1txor20 download attempt * 1:59432 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Password command injection attempt * 1:59433 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Password command injection attempt * 1:59434 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Password command injection attempt * 1:59435 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Password command injection attempt * 1:59436 <-> SERVER-WEBAPP Advantech WISE-PaaS RMM SQLMgmt qryData SQL injection attempt * 1:59437 <-> SERVER-WEBAPP Microsoft Sharepoint cross site scripting attempt * 1:59438 <-> SERVER-WEBAPP Microsoft Sharepoint cross site scripting attempt * 1:59439 <-> SERVER-WEBAPP Microsoft Sharepoint cross site scripting attempt * 1:59440 <-> SERVER-APACHE Apache mod_http2 NULL pointer dereference attempt * 1:59441 <-> SERVER-OTHER OpenSLP slp_process.c heap overflow attempt * 1:59442 <-> SERVER-OTHER OpenSLP slp_process.c heap overflow attempt * 1:59443 <-> SERVER-WEBAPP Trend Micro Interscan MailNotification buffer overflow attempt * 1:59444 <-> SERVER-WEBAPP Trend Micro Interscan MailNotification buffer overflow attempt * 1:59445 <-> MALWARE-CNC Java.Trojan.Verblecon variant outbound connection * 1:59446 <-> MALWARE-CNC Java.Trojan.Verblecon variant outbound connection * 1:59447 <-> PROTOCOL-SCADA WeCon LeviStudioU HFT font buffer overflow attempt * 3:59448 <-> BROWSER-CHROME TRUFFLEHUNTER TALOS-2022-1508 attack attempt * 3:59449 <-> BROWSER-CHROME TRUFFLEHUNTER TALOS-2022-1508 attack attempt * 3:59450 <-> OS-OTHER TRUFFLEHUNTER TALOS-2022-1497 attack attempt * 3:59451 <-> OS-OTHER TRUFFLEHUNTER TALOS-2022-1497 attack attempt
* 1:30790 <-> SERVER-WEBAPP Java ClassLoader access attempt * 1:30791 <-> SERVER-WEBAPP Java ClassLoader access attempt * 1:30792 <-> SERVER-WEBAPP Java ClassLoader access attempt * 1:30793 <-> SERVER-WEBAPP Java ClassLoader access attempt * 1:30951 <-> SERVER-WEBAPP Microsoft Sharepoint cross site scripting attempt * 1:38124 <-> FILE-MULTIMEDIA Microsoft Windows Transport Stream Program Map Table Heap overflow attempt * 1:38125 <-> FILE-MULTIMEDIA Microsoft Windows Transport Stream Program Map Table Heap overflow attempt * 1:49964 <-> OS-WINDOWS Microsoft Windows DHCP client domain search integer underflow attempt * 1:51159 <-> OS-WINDOWS Microsoft Windows DHCP client Domain Search response memory corruption attempt * 1:59416 <-> SERVER-WEBAPP Java getRuntime remote code execution attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.9.0.
The format of the file is:
gid:sid <-> Message
* 1:300063 <-> FILE-OTHER LibreOffice office document arbitrary script execution attempt * 1:59417 <-> SERVER-OTHER Git HTTP server submodule potential remote code execution attempt * 1:59418 <-> SERVER-OTHER Git HTTP server submodule potential remote code execution attempt * 1:59419 <-> SERVER-OTHER Git HTTP server submodule potential remote code execution attempt * 1:59420 <-> MALWARE-CNC Win.Trojan.GraphSteel outbound connection * 1:59421 <-> MALWARE-CNC Win.Infostealer.MarsStealer outbound connection * 1:59422 <-> FILE-OTHER LAquis SCADA LGX report file parsing out-of-bounds write attempt * 1:59423 <-> FILE-OTHER LAquis SCADA LGX report file parsing out-of-bounds write attempt * 1:59424 <-> FILE-OTHER LAquis SCADA LGX report arbitrary file write attempt * 1:59425 <-> FILE-OTHER LAquis SCADA LGX report arbitrary file write attempt * 1:59426 <-> SERVER-WEBAPP Red Hat JBoss BPM Suite Tasks List cross site scripting attempt * 1:59427 <-> SERVER-WEBAPP Red Hat JBoss BPM Suite Tasks List cross site scripting attempt * 1:59428 <-> FILE-OTHER OMRON CX-One CX-Protocol CSCU type confusion attempt * 1:59429 <-> FILE-OTHER OMRON CX-One CX-Protocol CSCU type confusion attempt * 1:59430 <-> MALWARE-OTHER Unix.Malware.B1txor20 download attempt * 1:59431 <-> MALWARE-OTHER Unix.Malware.B1txor20 download attempt * 1:59432 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Password command injection attempt * 1:59433 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Password command injection attempt * 1:59434 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Password command injection attempt * 1:59435 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Password command injection attempt * 1:59436 <-> SERVER-WEBAPP Advantech WISE-PaaS RMM SQLMgmt qryData SQL injection attempt * 1:59437 <-> SERVER-WEBAPP Microsoft Sharepoint cross site scripting attempt * 1:59438 <-> SERVER-WEBAPP Microsoft Sharepoint cross site scripting attempt * 1:59439 <-> SERVER-WEBAPP Microsoft Sharepoint cross site scripting attempt * 1:59440 <-> SERVER-APACHE Apache mod_http2 NULL pointer dereference attempt * 1:59441 <-> SERVER-OTHER OpenSLP slp_process.c heap overflow attempt * 1:59442 <-> SERVER-OTHER OpenSLP slp_process.c heap overflow attempt * 1:59443 <-> SERVER-WEBAPP Trend Micro Interscan MailNotification buffer overflow attempt * 1:59444 <-> SERVER-WEBAPP Trend Micro Interscan MailNotification buffer overflow attempt * 1:59445 <-> MALWARE-CNC Java.Trojan.Verblecon variant outbound connection * 1:59446 <-> MALWARE-CNC Java.Trojan.Verblecon variant outbound connection * 1:59447 <-> PROTOCOL-SCADA WeCon LeviStudioU HFT font buffer overflow attempt * 3:59448 <-> BROWSER-CHROME TRUFFLEHUNTER TALOS-2022-1508 attack attempt * 3:59449 <-> BROWSER-CHROME TRUFFLEHUNTER TALOS-2022-1508 attack attempt * 3:59450 <-> OS-OTHER TRUFFLEHUNTER TALOS-2022-1497 attack attempt * 3:59451 <-> OS-OTHER TRUFFLEHUNTER TALOS-2022-1497 attack attempt
* 1:30790 <-> SERVER-WEBAPP Java ClassLoader access attempt * 1:30791 <-> SERVER-WEBAPP Java ClassLoader access attempt * 1:30792 <-> SERVER-WEBAPP Java ClassLoader access attempt * 1:30793 <-> SERVER-WEBAPP Java ClassLoader access attempt * 1:30951 <-> SERVER-WEBAPP Microsoft Sharepoint cross site scripting attempt * 1:38124 <-> FILE-MULTIMEDIA Microsoft Windows Transport Stream Program Map Table Heap overflow attempt * 1:38125 <-> FILE-MULTIMEDIA Microsoft Windows Transport Stream Program Map Table Heap overflow attempt * 1:49964 <-> OS-WINDOWS Microsoft Windows DHCP client domain search integer underflow attempt * 1:51159 <-> OS-WINDOWS Microsoft Windows DHCP client Domain Search response memory corruption attempt * 1:59416 <-> SERVER-WEBAPP Java getRuntime remote code execution attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.11.0.
The format of the file is:
gid:sid <-> Message
* 1:300063 <-> FILE-OTHER LibreOffice office document arbitrary script execution attempt * 1:59417 <-> SERVER-OTHER Git HTTP server submodule potential remote code execution attempt * 1:59418 <-> SERVER-OTHER Git HTTP server submodule potential remote code execution attempt * 1:59419 <-> SERVER-OTHER Git HTTP server submodule potential remote code execution attempt * 1:59420 <-> MALWARE-CNC Win.Trojan.GraphSteel outbound connection * 1:59421 <-> MALWARE-CNC Win.Infostealer.MarsStealer outbound connection * 1:59422 <-> FILE-OTHER LAquis SCADA LGX report file parsing out-of-bounds write attempt * 1:59423 <-> FILE-OTHER LAquis SCADA LGX report file parsing out-of-bounds write attempt * 1:59424 <-> FILE-OTHER LAquis SCADA LGX report arbitrary file write attempt * 1:59425 <-> FILE-OTHER LAquis SCADA LGX report arbitrary file write attempt * 1:59426 <-> SERVER-WEBAPP Red Hat JBoss BPM Suite Tasks List cross site scripting attempt * 1:59427 <-> SERVER-WEBAPP Red Hat JBoss BPM Suite Tasks List cross site scripting attempt * 1:59428 <-> FILE-OTHER OMRON CX-One CX-Protocol CSCU type confusion attempt * 1:59429 <-> FILE-OTHER OMRON CX-One CX-Protocol CSCU type confusion attempt * 1:59430 <-> MALWARE-OTHER Unix.Malware.B1txor20 download attempt * 1:59431 <-> MALWARE-OTHER Unix.Malware.B1txor20 download attempt * 1:59432 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Password command injection attempt * 1:59433 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Password command injection attempt * 1:59434 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Password command injection attempt * 1:59435 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Password command injection attempt * 1:59436 <-> SERVER-WEBAPP Advantech WISE-PaaS RMM SQLMgmt qryData SQL injection attempt * 1:59437 <-> SERVER-WEBAPP Microsoft Sharepoint cross site scripting attempt * 1:59438 <-> SERVER-WEBAPP Microsoft Sharepoint cross site scripting attempt * 1:59439 <-> SERVER-WEBAPP Microsoft Sharepoint cross site scripting attempt * 1:59440 <-> SERVER-APACHE Apache mod_http2 NULL pointer dereference attempt * 1:59441 <-> SERVER-OTHER OpenSLP slp_process.c heap overflow attempt * 1:59442 <-> SERVER-OTHER OpenSLP slp_process.c heap overflow attempt * 1:59443 <-> SERVER-WEBAPP Trend Micro Interscan MailNotification buffer overflow attempt * 1:59444 <-> SERVER-WEBAPP Trend Micro Interscan MailNotification buffer overflow attempt * 1:59445 <-> MALWARE-CNC Java.Trojan.Verblecon variant outbound connection * 1:59446 <-> MALWARE-CNC Java.Trojan.Verblecon variant outbound connection * 1:59447 <-> PROTOCOL-SCADA WeCon LeviStudioU HFT font buffer overflow attempt * 3:59448 <-> BROWSER-CHROME TRUFFLEHUNTER TALOS-2022-1508 attack attempt * 3:59449 <-> BROWSER-CHROME TRUFFLEHUNTER TALOS-2022-1508 attack attempt * 3:59450 <-> OS-OTHER TRUFFLEHUNTER TALOS-2022-1497 attack attempt * 3:59451 <-> OS-OTHER TRUFFLEHUNTER TALOS-2022-1497 attack attempt
* 1:30790 <-> SERVER-WEBAPP Java ClassLoader access attempt * 1:30791 <-> SERVER-WEBAPP Java ClassLoader access attempt * 1:30792 <-> SERVER-WEBAPP Java ClassLoader access attempt * 1:30793 <-> SERVER-WEBAPP Java ClassLoader access attempt * 1:30951 <-> SERVER-WEBAPP Microsoft Sharepoint cross site scripting attempt * 1:38124 <-> FILE-MULTIMEDIA Microsoft Windows Transport Stream Program Map Table Heap overflow attempt * 1:38125 <-> FILE-MULTIMEDIA Microsoft Windows Transport Stream Program Map Table Heap overflow attempt * 1:49964 <-> OS-WINDOWS Microsoft Windows DHCP client domain search integer underflow attempt * 1:51159 <-> OS-WINDOWS Microsoft Windows DHCP client Domain Search response memory corruption attempt * 1:59416 <-> SERVER-WEBAPP Java getRuntime remote code execution attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.15.0.
The format of the file is:
gid:sid <-> Message
* 1:300063 <-> FILE-OTHER LibreOffice office document arbitrary script execution attempt * 1:59417 <-> SERVER-OTHER Git HTTP server submodule potential remote code execution attempt * 1:59418 <-> SERVER-OTHER Git HTTP server submodule potential remote code execution attempt * 1:59419 <-> SERVER-OTHER Git HTTP server submodule potential remote code execution attempt * 1:59420 <-> MALWARE-CNC Win.Trojan.GraphSteel outbound connection * 1:59421 <-> MALWARE-CNC Win.Infostealer.MarsStealer outbound connection * 1:59422 <-> FILE-OTHER LAquis SCADA LGX report file parsing out-of-bounds write attempt * 1:59423 <-> FILE-OTHER LAquis SCADA LGX report file parsing out-of-bounds write attempt * 1:59424 <-> FILE-OTHER LAquis SCADA LGX report arbitrary file write attempt * 1:59425 <-> FILE-OTHER LAquis SCADA LGX report arbitrary file write attempt * 1:59426 <-> SERVER-WEBAPP Red Hat JBoss BPM Suite Tasks List cross site scripting attempt * 1:59427 <-> SERVER-WEBAPP Red Hat JBoss BPM Suite Tasks List cross site scripting attempt * 1:59428 <-> FILE-OTHER OMRON CX-One CX-Protocol CSCU type confusion attempt * 1:59429 <-> FILE-OTHER OMRON CX-One CX-Protocol CSCU type confusion attempt * 1:59430 <-> MALWARE-OTHER Unix.Malware.B1txor20 download attempt * 1:59431 <-> MALWARE-OTHER Unix.Malware.B1txor20 download attempt * 1:59432 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Password command injection attempt * 1:59433 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Password command injection attempt * 1:59434 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Password command injection attempt * 1:59435 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Password command injection attempt * 1:59436 <-> SERVER-WEBAPP Advantech WISE-PaaS RMM SQLMgmt qryData SQL injection attempt * 1:59437 <-> SERVER-WEBAPP Microsoft Sharepoint cross site scripting attempt * 1:59438 <-> SERVER-WEBAPP Microsoft Sharepoint cross site scripting attempt * 1:59439 <-> SERVER-WEBAPP Microsoft Sharepoint cross site scripting attempt * 1:59440 <-> SERVER-APACHE Apache mod_http2 NULL pointer dereference attempt * 1:59441 <-> SERVER-OTHER OpenSLP slp_process.c heap overflow attempt * 1:59442 <-> SERVER-OTHER OpenSLP slp_process.c heap overflow attempt * 1:59443 <-> SERVER-WEBAPP Trend Micro Interscan MailNotification buffer overflow attempt * 1:59444 <-> SERVER-WEBAPP Trend Micro Interscan MailNotification buffer overflow attempt * 1:59445 <-> MALWARE-CNC Java.Trojan.Verblecon variant outbound connection * 1:59446 <-> MALWARE-CNC Java.Trojan.Verblecon variant outbound connection * 1:59447 <-> PROTOCOL-SCADA WeCon LeviStudioU HFT font buffer overflow attempt * 3:59448 <-> BROWSER-CHROME TRUFFLEHUNTER TALOS-2022-1508 attack attempt * 3:59449 <-> BROWSER-CHROME TRUFFLEHUNTER TALOS-2022-1508 attack attempt * 3:59450 <-> OS-OTHER TRUFFLEHUNTER TALOS-2022-1497 attack attempt * 3:59451 <-> OS-OTHER TRUFFLEHUNTER TALOS-2022-1497 attack attempt
* 1:30790 <-> SERVER-WEBAPP Java ClassLoader access attempt * 1:30791 <-> SERVER-WEBAPP Java ClassLoader access attempt * 1:30792 <-> SERVER-WEBAPP Java ClassLoader access attempt * 1:30793 <-> SERVER-WEBAPP Java ClassLoader access attempt * 1:30951 <-> SERVER-WEBAPP Microsoft Sharepoint cross site scripting attempt * 1:38124 <-> FILE-MULTIMEDIA Microsoft Windows Transport Stream Program Map Table Heap overflow attempt * 1:38125 <-> FILE-MULTIMEDIA Microsoft Windows Transport Stream Program Map Table Heap overflow attempt * 1:49964 <-> OS-WINDOWS Microsoft Windows DHCP client domain search integer underflow attempt * 1:51159 <-> OS-WINDOWS Microsoft Windows DHCP client Domain Search response memory corruption attempt * 1:59416 <-> SERVER-WEBAPP Java getRuntime remote code execution attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.18.0.
The format of the file is:
gid:sid <-> Message
* 1:300063 <-> FILE-OTHER LibreOffice office document arbitrary script execution attempt * 1:59417 <-> SERVER-OTHER Git HTTP server submodule potential remote code execution attempt * 1:59418 <-> SERVER-OTHER Git HTTP server submodule potential remote code execution attempt * 1:59419 <-> SERVER-OTHER Git HTTP server submodule potential remote code execution attempt * 1:59420 <-> MALWARE-CNC Win.Trojan.GraphSteel outbound connection * 1:59421 <-> MALWARE-CNC Win.Infostealer.MarsStealer outbound connection * 1:59422 <-> FILE-OTHER LAquis SCADA LGX report file parsing out-of-bounds write attempt * 1:59423 <-> FILE-OTHER LAquis SCADA LGX report file parsing out-of-bounds write attempt * 1:59424 <-> FILE-OTHER LAquis SCADA LGX report arbitrary file write attempt * 1:59425 <-> FILE-OTHER LAquis SCADA LGX report arbitrary file write attempt * 1:59426 <-> SERVER-WEBAPP Red Hat JBoss BPM Suite Tasks List cross site scripting attempt * 1:59427 <-> SERVER-WEBAPP Red Hat JBoss BPM Suite Tasks List cross site scripting attempt * 1:59428 <-> FILE-OTHER OMRON CX-One CX-Protocol CSCU type confusion attempt * 1:59429 <-> FILE-OTHER OMRON CX-One CX-Protocol CSCU type confusion attempt * 1:59430 <-> MALWARE-OTHER Unix.Malware.B1txor20 download attempt * 1:59431 <-> MALWARE-OTHER Unix.Malware.B1txor20 download attempt * 1:59432 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Password command injection attempt * 1:59433 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Password command injection attempt * 1:59434 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Password command injection attempt * 1:59435 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Password command injection attempt * 1:59436 <-> SERVER-WEBAPP Advantech WISE-PaaS RMM SQLMgmt qryData SQL injection attempt * 1:59437 <-> SERVER-WEBAPP Microsoft Sharepoint cross site scripting attempt * 1:59438 <-> SERVER-WEBAPP Microsoft Sharepoint cross site scripting attempt * 1:59439 <-> SERVER-WEBAPP Microsoft Sharepoint cross site scripting attempt * 1:59440 <-> SERVER-APACHE Apache mod_http2 NULL pointer dereference attempt * 1:59441 <-> SERVER-OTHER OpenSLP slp_process.c heap overflow attempt * 1:59442 <-> SERVER-OTHER OpenSLP slp_process.c heap overflow attempt * 1:59443 <-> SERVER-WEBAPP Trend Micro Interscan MailNotification buffer overflow attempt * 1:59444 <-> SERVER-WEBAPP Trend Micro Interscan MailNotification buffer overflow attempt * 1:59445 <-> MALWARE-CNC Java.Trojan.Verblecon variant outbound connection * 1:59446 <-> MALWARE-CNC Java.Trojan.Verblecon variant outbound connection * 1:59447 <-> PROTOCOL-SCADA WeCon LeviStudioU HFT font buffer overflow attempt * 3:59448 <-> BROWSER-CHROME TRUFFLEHUNTER TALOS-2022-1508 attack attempt * 3:59449 <-> BROWSER-CHROME TRUFFLEHUNTER TALOS-2022-1508 attack attempt * 3:59450 <-> OS-OTHER TRUFFLEHUNTER TALOS-2022-1497 attack attempt * 3:59451 <-> OS-OTHER TRUFFLEHUNTER TALOS-2022-1497 attack attempt
* 1:30790 <-> SERVER-WEBAPP Java ClassLoader access attempt * 1:30791 <-> SERVER-WEBAPP Java ClassLoader access attempt * 1:30792 <-> SERVER-WEBAPP Java ClassLoader access attempt * 1:30793 <-> SERVER-WEBAPP Java ClassLoader access attempt * 1:30951 <-> SERVER-WEBAPP Microsoft Sharepoint cross site scripting attempt * 1:38124 <-> FILE-MULTIMEDIA Microsoft Windows Transport Stream Program Map Table Heap overflow attempt * 1:38125 <-> FILE-MULTIMEDIA Microsoft Windows Transport Stream Program Map Table Heap overflow attempt * 1:49964 <-> OS-WINDOWS Microsoft Windows DHCP client domain search integer underflow attempt * 1:51159 <-> OS-WINDOWS Microsoft Windows DHCP client Domain Search response memory corruption attempt * 1:59416 <-> SERVER-WEBAPP Java getRuntime remote code execution attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.20.0.
The format of the file is:
gid:sid <-> Message
* 1:300063 <-> FILE-OTHER LibreOffice office document arbitrary script execution attempt * 1:59417 <-> SERVER-OTHER Git HTTP server submodule potential remote code execution attempt * 1:59418 <-> SERVER-OTHER Git HTTP server submodule potential remote code execution attempt * 1:59419 <-> SERVER-OTHER Git HTTP server submodule potential remote code execution attempt * 1:59420 <-> MALWARE-CNC Win.Trojan.GraphSteel outbound connection * 1:59421 <-> MALWARE-CNC Win.Infostealer.MarsStealer outbound connection * 1:59422 <-> FILE-OTHER LAquis SCADA LGX report file parsing out-of-bounds write attempt * 1:59423 <-> FILE-OTHER LAquis SCADA LGX report file parsing out-of-bounds write attempt * 1:59424 <-> FILE-OTHER LAquis SCADA LGX report arbitrary file write attempt * 1:59425 <-> FILE-OTHER LAquis SCADA LGX report arbitrary file write attempt * 1:59426 <-> SERVER-WEBAPP Red Hat JBoss BPM Suite Tasks List cross site scripting attempt * 1:59427 <-> SERVER-WEBAPP Red Hat JBoss BPM Suite Tasks List cross site scripting attempt * 1:59428 <-> FILE-OTHER OMRON CX-One CX-Protocol CSCU type confusion attempt * 1:59429 <-> FILE-OTHER OMRON CX-One CX-Protocol CSCU type confusion attempt * 1:59430 <-> MALWARE-OTHER Unix.Malware.B1txor20 download attempt * 1:59431 <-> MALWARE-OTHER Unix.Malware.B1txor20 download attempt * 1:59432 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Password command injection attempt * 1:59433 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Password command injection attempt * 1:59434 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Password command injection attempt * 1:59435 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Password command injection attempt * 1:59436 <-> SERVER-WEBAPP Advantech WISE-PaaS RMM SQLMgmt qryData SQL injection attempt * 1:59437 <-> SERVER-WEBAPP Microsoft Sharepoint cross site scripting attempt * 1:59438 <-> SERVER-WEBAPP Microsoft Sharepoint cross site scripting attempt * 1:59439 <-> SERVER-WEBAPP Microsoft Sharepoint cross site scripting attempt * 1:59440 <-> SERVER-APACHE Apache mod_http2 NULL pointer dereference attempt * 1:59441 <-> SERVER-OTHER OpenSLP slp_process.c heap overflow attempt * 1:59442 <-> SERVER-OTHER OpenSLP slp_process.c heap overflow attempt * 1:59443 <-> SERVER-WEBAPP Trend Micro Interscan MailNotification buffer overflow attempt * 1:59444 <-> SERVER-WEBAPP Trend Micro Interscan MailNotification buffer overflow attempt * 1:59445 <-> MALWARE-CNC Java.Trojan.Verblecon variant outbound connection * 1:59446 <-> MALWARE-CNC Java.Trojan.Verblecon variant outbound connection * 1:59447 <-> PROTOCOL-SCADA WeCon LeviStudioU HFT font buffer overflow attempt * 3:59448 <-> BROWSER-CHROME TRUFFLEHUNTER TALOS-2022-1508 attack attempt * 3:59449 <-> BROWSER-CHROME TRUFFLEHUNTER TALOS-2022-1508 attack attempt * 3:59450 <-> OS-OTHER TRUFFLEHUNTER TALOS-2022-1497 attack attempt * 3:59451 <-> OS-OTHER TRUFFLEHUNTER TALOS-2022-1497 attack attempt
* 1:30790 <-> SERVER-WEBAPP Java ClassLoader access attempt * 1:30791 <-> SERVER-WEBAPP Java ClassLoader access attempt * 1:30792 <-> SERVER-WEBAPP Java ClassLoader access attempt * 1:30793 <-> SERVER-WEBAPP Java ClassLoader access attempt * 1:30951 <-> SERVER-WEBAPP Microsoft Sharepoint cross site scripting attempt * 1:38124 <-> FILE-MULTIMEDIA Microsoft Windows Transport Stream Program Map Table Heap overflow attempt * 1:38125 <-> FILE-MULTIMEDIA Microsoft Windows Transport Stream Program Map Table Heap overflow attempt * 1:49964 <-> OS-WINDOWS Microsoft Windows DHCP client domain search integer underflow attempt * 1:51159 <-> OS-WINDOWS Microsoft Windows DHCP client Domain Search response memory corruption attempt * 1:59416 <-> SERVER-WEBAPP Java getRuntime remote code execution attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.21.0.
The format of the file is:
gid:sid <-> Message
* 1:300063 <-> FILE-OTHER LibreOffice office document arbitrary script execution attempt * 1:59417 <-> SERVER-OTHER Git HTTP server submodule potential remote code execution attempt * 1:59418 <-> SERVER-OTHER Git HTTP server submodule potential remote code execution attempt * 1:59419 <-> SERVER-OTHER Git HTTP server submodule potential remote code execution attempt * 1:59420 <-> MALWARE-CNC Win.Trojan.GraphSteel outbound connection * 1:59421 <-> MALWARE-CNC Win.Infostealer.MarsStealer outbound connection * 1:59422 <-> FILE-OTHER LAquis SCADA LGX report file parsing out-of-bounds write attempt * 1:59423 <-> FILE-OTHER LAquis SCADA LGX report file parsing out-of-bounds write attempt * 1:59424 <-> FILE-OTHER LAquis SCADA LGX report arbitrary file write attempt * 1:59425 <-> FILE-OTHER LAquis SCADA LGX report arbitrary file write attempt * 1:59426 <-> SERVER-WEBAPP Red Hat JBoss BPM Suite Tasks List cross site scripting attempt * 1:59427 <-> SERVER-WEBAPP Red Hat JBoss BPM Suite Tasks List cross site scripting attempt * 1:59428 <-> FILE-OTHER OMRON CX-One CX-Protocol CSCU type confusion attempt * 1:59429 <-> FILE-OTHER OMRON CX-One CX-Protocol CSCU type confusion attempt * 1:59430 <-> MALWARE-OTHER Unix.Malware.B1txor20 download attempt * 1:59431 <-> MALWARE-OTHER Unix.Malware.B1txor20 download attempt * 1:59432 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Password command injection attempt * 1:59433 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Password command injection attempt * 1:59434 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Password command injection attempt * 1:59435 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Password command injection attempt * 1:59436 <-> SERVER-WEBAPP Advantech WISE-PaaS RMM SQLMgmt qryData SQL injection attempt * 1:59437 <-> SERVER-WEBAPP Microsoft Sharepoint cross site scripting attempt * 1:59438 <-> SERVER-WEBAPP Microsoft Sharepoint cross site scripting attempt * 1:59439 <-> SERVER-WEBAPP Microsoft Sharepoint cross site scripting attempt * 1:59440 <-> SERVER-APACHE Apache mod_http2 NULL pointer dereference attempt * 1:59441 <-> SERVER-OTHER OpenSLP slp_process.c heap overflow attempt * 1:59442 <-> SERVER-OTHER OpenSLP slp_process.c heap overflow attempt * 1:59443 <-> SERVER-WEBAPP Trend Micro Interscan MailNotification buffer overflow attempt * 1:59444 <-> SERVER-WEBAPP Trend Micro Interscan MailNotification buffer overflow attempt * 1:59445 <-> MALWARE-CNC Java.Trojan.Verblecon variant outbound connection * 1:59446 <-> MALWARE-CNC Java.Trojan.Verblecon variant outbound connection * 1:59447 <-> PROTOCOL-SCADA WeCon LeviStudioU HFT font buffer overflow attempt * 3:59448 <-> BROWSER-CHROME TRUFFLEHUNTER TALOS-2022-1508 attack attempt * 3:59449 <-> BROWSER-CHROME TRUFFLEHUNTER TALOS-2022-1508 attack attempt * 3:59450 <-> OS-OTHER TRUFFLEHUNTER TALOS-2022-1497 attack attempt * 3:59451 <-> OS-OTHER TRUFFLEHUNTER TALOS-2022-1497 attack attempt
* 1:30790 <-> SERVER-WEBAPP Java ClassLoader access attempt * 1:30791 <-> SERVER-WEBAPP Java ClassLoader access attempt * 1:30792 <-> SERVER-WEBAPP Java ClassLoader access attempt * 1:30793 <-> SERVER-WEBAPP Java ClassLoader access attempt * 1:30951 <-> SERVER-WEBAPP Microsoft Sharepoint cross site scripting attempt * 1:38124 <-> FILE-MULTIMEDIA Microsoft Windows Transport Stream Program Map Table Heap overflow attempt * 1:38125 <-> FILE-MULTIMEDIA Microsoft Windows Transport Stream Program Map Table Heap overflow attempt * 1:49964 <-> OS-WINDOWS Microsoft Windows DHCP client domain search integer underflow attempt * 1:51159 <-> OS-WINDOWS Microsoft Windows DHCP client Domain Search response memory corruption attempt * 1:59416 <-> SERVER-WEBAPP Java getRuntime remote code execution attempt
©2024 Cisco and/or its affiliates. Snort, the Snort and Pig logo are registered trademarks of Cisco. All rights reserved.
