Talos has added and modified multiple rules in the file-flash, file-pdf, malware-cnc, os-windows and server-other rule sets to provide coverage for emerging threats from these technologies.
For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091900.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:59622 <-> ENABLED <-> MALWARE-CNC Win.Downloader.PlugX outbound connection (malware-cnc.rules) * 1:59623 <-> ENABLED <-> MALWARE-CNC Win.Downloader.PlugX outbound connection (malware-cnc.rules) * 1:59624 <-> ENABLED <-> MALWARE-CNC Win.Downloader.PlugX outbound connection (malware-cnc.rules) * 1:59625 <-> ENABLED <-> MALWARE-CNC Win.Downloader.PlugX download attempt (malware-cnc.rules) * 1:59626 <-> DISABLED <-> SERVER-OTHER PostgreSQL database SET ROLE security bypass attempt (server-other.rules) * 1:59627 <-> DISABLED <-> SERVER-OTHER PostgreSQL database SET ROLE security bypass attempt (server-other.rules) * 1:59628 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager Fastback remote code execution attempt (server-other.rules) * 1:59629 <-> DISABLED <-> SERVER-OTHER TurboVNC fence message stack based buffer overflow attempt (server-other.rules) * 1:59630 <-> DISABLED <-> PROTOCOL-TELNET CHIYU IoT device authentication bypass attempt (protocol-telnet.rules) * 1:59631 <-> DISABLED <-> SERVER-OTHER LibVNC LibVNCClient heap buffer overflow attempt (server-other.rules) * 1:59632 <-> DISABLED <-> FILE-FLASH Adobe Flash Player parseFloat stack overflow remote code execution attempt (file-flash.rules) * 1:59633 <-> DISABLED <-> FILE-FLASH Adobe Flash Player parseFloat stack overflow remote code execution attempt (file-flash.rules) * 1:59634 <-> DISABLED <-> SERVER-OTHER Quagga BGP daemon BGP UPDATE message out-of-bounds read attempt (server-other.rules) * 1:59635 <-> DISABLED <-> SERVER-OTHER NLNet Labs Unbound NOTIFY denial of service attempt (server-other.rules) * 1:59636 <-> DISABLED <-> SERVER-OTHER PostgreSQL database geo_ops path_in integer overflow attempt (server-other.rules) * 1:59639 <-> DISABLED <-> SERVER-OTHER Samba AD DC dns denial of service attempt (server-other.rules) * 1:59640 <-> DISABLED <-> SERVER-OTHER Kerberos 5 build_principal_va denial of service attempt (server-other.rules) * 1:59641 <-> DISABLED <-> SERVER-OTHER Kerberos 5 build_principal_va denial of service attempt (server-other.rules) * 3:59638 <-> ENABLED <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2022-1514 attack attempt (os-windows.rules) * 3:59637 <-> ENABLED <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2022-1514 attack attempt (os-windows.rules) * 3:59643 <-> ENABLED <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2022-1515 attack attempt (os-windows.rules) * 3:59642 <-> ENABLED <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2022-1515 attack attempt (os-windows.rules) * 3:59645 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2022-1516 attack attempt (file-pdf.rules) * 3:59644 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2022-1516 attack attempt (file-pdf.rules)
* 1:52450 <-> DISABLED <-> SERVER-OTHER Multiple products HTTP Host header buffer overflow attempt (server-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091801.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:59630 <-> DISABLED <-> PROTOCOL-TELNET CHIYU IoT device authentication bypass attempt (protocol-telnet.rules) * 1:59639 <-> DISABLED <-> SERVER-OTHER Samba AD DC dns denial of service attempt (server-other.rules) * 1:59629 <-> DISABLED <-> SERVER-OTHER TurboVNC fence message stack based buffer overflow attempt (server-other.rules) * 1:59625 <-> ENABLED <-> MALWARE-CNC Win.Downloader.PlugX download attempt (malware-cnc.rules) * 1:59631 <-> DISABLED <-> SERVER-OTHER LibVNC LibVNCClient heap buffer overflow attempt (server-other.rules) * 1:59622 <-> ENABLED <-> MALWARE-CNC Win.Downloader.PlugX outbound connection (malware-cnc.rules) * 1:59623 <-> ENABLED <-> MALWARE-CNC Win.Downloader.PlugX outbound connection (malware-cnc.rules) * 1:59627 <-> DISABLED <-> SERVER-OTHER PostgreSQL database SET ROLE security bypass attempt (server-other.rules) * 1:59628 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager Fastback remote code execution attempt (server-other.rules) * 1:59640 <-> DISABLED <-> SERVER-OTHER Kerberos 5 build_principal_va denial of service attempt (server-other.rules) * 1:59641 <-> DISABLED <-> SERVER-OTHER Kerberos 5 build_principal_va denial of service attempt (server-other.rules) * 1:59624 <-> ENABLED <-> MALWARE-CNC Win.Downloader.PlugX outbound connection (malware-cnc.rules) * 1:59626 <-> DISABLED <-> SERVER-OTHER PostgreSQL database SET ROLE security bypass attempt (server-other.rules) * 1:59633 <-> DISABLED <-> FILE-FLASH Adobe Flash Player parseFloat stack overflow remote code execution attempt (file-flash.rules) * 1:59632 <-> DISABLED <-> FILE-FLASH Adobe Flash Player parseFloat stack overflow remote code execution attempt (file-flash.rules) * 1:59635 <-> DISABLED <-> SERVER-OTHER NLNet Labs Unbound NOTIFY denial of service attempt (server-other.rules) * 1:59634 <-> DISABLED <-> SERVER-OTHER Quagga BGP daemon BGP UPDATE message out-of-bounds read attempt (server-other.rules) * 1:59636 <-> DISABLED <-> SERVER-OTHER PostgreSQL database geo_ops path_in integer overflow attempt (server-other.rules) * 3:59638 <-> ENABLED <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2022-1514 attack attempt (os-windows.rules) * 3:59637 <-> ENABLED <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2022-1514 attack attempt (os-windows.rules) * 3:59643 <-> ENABLED <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2022-1515 attack attempt (os-windows.rules) * 3:59642 <-> ENABLED <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2022-1515 attack attempt (os-windows.rules) * 3:59645 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2022-1516 attack attempt (file-pdf.rules) * 3:59644 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2022-1516 attack attempt (file-pdf.rules)
* 1:52450 <-> DISABLED <-> SERVER-OTHER Multiple products HTTP Host header buffer overflow attempt (server-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091701.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:59636 <-> DISABLED <-> SERVER-OTHER PostgreSQL database geo_ops path_in integer overflow attempt (server-other.rules) * 1:59634 <-> DISABLED <-> SERVER-OTHER Quagga BGP daemon BGP UPDATE message out-of-bounds read attempt (server-other.rules) * 1:59625 <-> ENABLED <-> MALWARE-CNC Win.Downloader.PlugX download attempt (malware-cnc.rules) * 1:59627 <-> DISABLED <-> SERVER-OTHER PostgreSQL database SET ROLE security bypass attempt (server-other.rules) * 1:59640 <-> DISABLED <-> SERVER-OTHER Kerberos 5 build_principal_va denial of service attempt (server-other.rules) * 1:59639 <-> DISABLED <-> SERVER-OTHER Samba AD DC dns denial of service attempt (server-other.rules) * 1:59641 <-> DISABLED <-> SERVER-OTHER Kerberos 5 build_principal_va denial of service attempt (server-other.rules) * 1:59622 <-> ENABLED <-> MALWARE-CNC Win.Downloader.PlugX outbound connection (malware-cnc.rules) * 1:59626 <-> DISABLED <-> SERVER-OTHER PostgreSQL database SET ROLE security bypass attempt (server-other.rules) * 1:59628 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager Fastback remote code execution attempt (server-other.rules) * 1:59624 <-> ENABLED <-> MALWARE-CNC Win.Downloader.PlugX outbound connection (malware-cnc.rules) * 1:59635 <-> DISABLED <-> SERVER-OTHER NLNet Labs Unbound NOTIFY denial of service attempt (server-other.rules) * 1:59623 <-> ENABLED <-> MALWARE-CNC Win.Downloader.PlugX outbound connection (malware-cnc.rules) * 1:59629 <-> DISABLED <-> SERVER-OTHER TurboVNC fence message stack based buffer overflow attempt (server-other.rules) * 1:59630 <-> DISABLED <-> PROTOCOL-TELNET CHIYU IoT device authentication bypass attempt (protocol-telnet.rules) * 1:59632 <-> DISABLED <-> FILE-FLASH Adobe Flash Player parseFloat stack overflow remote code execution attempt (file-flash.rules) * 1:59631 <-> DISABLED <-> SERVER-OTHER LibVNC LibVNCClient heap buffer overflow attempt (server-other.rules) * 1:59633 <-> DISABLED <-> FILE-FLASH Adobe Flash Player parseFloat stack overflow remote code execution attempt (file-flash.rules) * 3:59638 <-> ENABLED <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2022-1514 attack attempt (os-windows.rules) * 3:59644 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2022-1516 attack attempt (file-pdf.rules) * 3:59637 <-> ENABLED <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2022-1514 attack attempt (os-windows.rules) * 3:59642 <-> ENABLED <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2022-1515 attack attempt (os-windows.rules) * 3:59643 <-> ENABLED <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2022-1515 attack attempt (os-windows.rules) * 3:59645 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2022-1516 attack attempt (file-pdf.rules)
* 1:52450 <-> DISABLED <-> SERVER-OTHER Multiple products HTTP Host header buffer overflow attempt (server-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091700.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:59626 <-> DISABLED <-> SERVER-OTHER PostgreSQL database SET ROLE security bypass attempt (server-other.rules) * 1:59622 <-> ENABLED <-> MALWARE-CNC Win.Downloader.PlugX outbound connection (malware-cnc.rules) * 1:59631 <-> DISABLED <-> SERVER-OTHER LibVNC LibVNCClient heap buffer overflow attempt (server-other.rules) * 1:59627 <-> DISABLED <-> SERVER-OTHER PostgreSQL database SET ROLE security bypass attempt (server-other.rules) * 1:59623 <-> ENABLED <-> MALWARE-CNC Win.Downloader.PlugX outbound connection (malware-cnc.rules) * 1:59629 <-> DISABLED <-> SERVER-OTHER TurboVNC fence message stack based buffer overflow attempt (server-other.rules) * 1:59641 <-> DISABLED <-> SERVER-OTHER Kerberos 5 build_principal_va denial of service attempt (server-other.rules) * 1:59636 <-> DISABLED <-> SERVER-OTHER PostgreSQL database geo_ops path_in integer overflow attempt (server-other.rules) * 1:59639 <-> DISABLED <-> SERVER-OTHER Samba AD DC dns denial of service attempt (server-other.rules) * 1:59635 <-> DISABLED <-> SERVER-OTHER NLNet Labs Unbound NOTIFY denial of service attempt (server-other.rules) * 1:59628 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager Fastback remote code execution attempt (server-other.rules) * 1:59634 <-> DISABLED <-> SERVER-OTHER Quagga BGP daemon BGP UPDATE message out-of-bounds read attempt (server-other.rules) * 1:59624 <-> ENABLED <-> MALWARE-CNC Win.Downloader.PlugX outbound connection (malware-cnc.rules) * 1:59633 <-> DISABLED <-> FILE-FLASH Adobe Flash Player parseFloat stack overflow remote code execution attempt (file-flash.rules) * 1:59632 <-> DISABLED <-> FILE-FLASH Adobe Flash Player parseFloat stack overflow remote code execution attempt (file-flash.rules) * 1:59625 <-> ENABLED <-> MALWARE-CNC Win.Downloader.PlugX download attempt (malware-cnc.rules) * 1:59630 <-> DISABLED <-> PROTOCOL-TELNET CHIYU IoT device authentication bypass attempt (protocol-telnet.rules) * 1:59640 <-> DISABLED <-> SERVER-OTHER Kerberos 5 build_principal_va denial of service attempt (server-other.rules) * 3:59643 <-> ENABLED <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2022-1515 attack attempt (os-windows.rules) * 3:59642 <-> ENABLED <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2022-1515 attack attempt (os-windows.rules) * 3:59638 <-> ENABLED <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2022-1514 attack attempt (os-windows.rules) * 3:59645 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2022-1516 attack attempt (file-pdf.rules) * 3:59637 <-> ENABLED <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2022-1514 attack attempt (os-windows.rules) * 3:59644 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2022-1516 attack attempt (file-pdf.rules)
* 1:52450 <-> DISABLED <-> SERVER-OTHER Multiple products HTTP Host header buffer overflow attempt (server-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091601.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:59631 <-> DISABLED <-> SERVER-OTHER LibVNC LibVNCClient heap buffer overflow attempt (server-other.rules) * 1:59624 <-> ENABLED <-> MALWARE-CNC Win.Downloader.PlugX outbound connection (malware-cnc.rules) * 1:59622 <-> ENABLED <-> MALWARE-CNC Win.Downloader.PlugX outbound connection (malware-cnc.rules) * 1:59640 <-> DISABLED <-> SERVER-OTHER Kerberos 5 build_principal_va denial of service attempt (server-other.rules) * 1:59627 <-> DISABLED <-> SERVER-OTHER PostgreSQL database SET ROLE security bypass attempt (server-other.rules) * 1:59623 <-> ENABLED <-> MALWARE-CNC Win.Downloader.PlugX outbound connection (malware-cnc.rules) * 1:59632 <-> DISABLED <-> FILE-FLASH Adobe Flash Player parseFloat stack overflow remote code execution attempt (file-flash.rules) * 1:59626 <-> DISABLED <-> SERVER-OTHER PostgreSQL database SET ROLE security bypass attempt (server-other.rules) * 1:59630 <-> DISABLED <-> PROTOCOL-TELNET CHIYU IoT device authentication bypass attempt (protocol-telnet.rules) * 1:59629 <-> DISABLED <-> SERVER-OTHER TurboVNC fence message stack based buffer overflow attempt (server-other.rules) * 1:59633 <-> DISABLED <-> FILE-FLASH Adobe Flash Player parseFloat stack overflow remote code execution attempt (file-flash.rules) * 1:59634 <-> DISABLED <-> SERVER-OTHER Quagga BGP daemon BGP UPDATE message out-of-bounds read attempt (server-other.rules) * 1:59635 <-> DISABLED <-> SERVER-OTHER NLNet Labs Unbound NOTIFY denial of service attempt (server-other.rules) * 1:59625 <-> ENABLED <-> MALWARE-CNC Win.Downloader.PlugX download attempt (malware-cnc.rules) * 1:59636 <-> DISABLED <-> SERVER-OTHER PostgreSQL database geo_ops path_in integer overflow attempt (server-other.rules) * 1:59639 <-> DISABLED <-> SERVER-OTHER Samba AD DC dns denial of service attempt (server-other.rules) * 1:59641 <-> DISABLED <-> SERVER-OTHER Kerberos 5 build_principal_va denial of service attempt (server-other.rules) * 1:59628 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager Fastback remote code execution attempt (server-other.rules) * 3:59637 <-> ENABLED <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2022-1514 attack attempt (os-windows.rules) * 3:59638 <-> ENABLED <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2022-1514 attack attempt (os-windows.rules) * 3:59643 <-> ENABLED <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2022-1515 attack attempt (os-windows.rules) * 3:59642 <-> ENABLED <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2022-1515 attack attempt (os-windows.rules) * 3:59645 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2022-1516 attack attempt (file-pdf.rules) * 3:59644 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2022-1516 attack attempt (file-pdf.rules)
* 1:52450 <-> DISABLED <-> SERVER-OTHER Multiple products HTTP Host header buffer overflow attempt (server-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091600.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:59641 <-> DISABLED <-> SERVER-OTHER Kerberos 5 build_principal_va denial of service attempt (server-other.rules) * 1:59634 <-> DISABLED <-> SERVER-OTHER Quagga BGP daemon BGP UPDATE message out-of-bounds read attempt (server-other.rules) * 1:59629 <-> DISABLED <-> SERVER-OTHER TurboVNC fence message stack based buffer overflow attempt (server-other.rules) * 1:59635 <-> DISABLED <-> SERVER-OTHER NLNet Labs Unbound NOTIFY denial of service attempt (server-other.rules) * 1:59623 <-> ENABLED <-> MALWARE-CNC Win.Downloader.PlugX outbound connection (malware-cnc.rules) * 1:59639 <-> DISABLED <-> SERVER-OTHER Samba AD DC dns denial of service attempt (server-other.rules) * 1:59628 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager Fastback remote code execution attempt (server-other.rules) * 1:59632 <-> DISABLED <-> FILE-FLASH Adobe Flash Player parseFloat stack overflow remote code execution attempt (file-flash.rules) * 1:59640 <-> DISABLED <-> SERVER-OTHER Kerberos 5 build_principal_va denial of service attempt (server-other.rules) * 1:59626 <-> DISABLED <-> SERVER-OTHER PostgreSQL database SET ROLE security bypass attempt (server-other.rules) * 1:59622 <-> ENABLED <-> MALWARE-CNC Win.Downloader.PlugX outbound connection (malware-cnc.rules) * 1:59625 <-> ENABLED <-> MALWARE-CNC Win.Downloader.PlugX download attempt (malware-cnc.rules) * 1:59624 <-> ENABLED <-> MALWARE-CNC Win.Downloader.PlugX outbound connection (malware-cnc.rules) * 1:59636 <-> DISABLED <-> SERVER-OTHER PostgreSQL database geo_ops path_in integer overflow attempt (server-other.rules) * 1:59633 <-> DISABLED <-> FILE-FLASH Adobe Flash Player parseFloat stack overflow remote code execution attempt (file-flash.rules) * 1:59631 <-> DISABLED <-> SERVER-OTHER LibVNC LibVNCClient heap buffer overflow attempt (server-other.rules) * 1:59630 <-> DISABLED <-> PROTOCOL-TELNET CHIYU IoT device authentication bypass attempt (protocol-telnet.rules) * 1:59627 <-> DISABLED <-> SERVER-OTHER PostgreSQL database SET ROLE security bypass attempt (server-other.rules) * 3:59643 <-> ENABLED <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2022-1515 attack attempt (os-windows.rules) * 3:59642 <-> ENABLED <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2022-1515 attack attempt (os-windows.rules) * 3:59638 <-> ENABLED <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2022-1514 attack attempt (os-windows.rules) * 3:59645 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2022-1516 attack attempt (file-pdf.rules) * 3:59644 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2022-1516 attack attempt (file-pdf.rules) * 3:59637 <-> ENABLED <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2022-1514 attack attempt (os-windows.rules)
* 1:52450 <-> DISABLED <-> SERVER-OTHER Multiple products HTTP Host header buffer overflow attempt (server-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091501.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:59625 <-> ENABLED <-> MALWARE-CNC Win.Downloader.PlugX download attempt (malware-cnc.rules) * 1:59622 <-> ENABLED <-> MALWARE-CNC Win.Downloader.PlugX outbound connection (malware-cnc.rules) * 1:59628 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager Fastback remote code execution attempt (server-other.rules) * 1:59632 <-> DISABLED <-> FILE-FLASH Adobe Flash Player parseFloat stack overflow remote code execution attempt (file-flash.rules) * 1:59626 <-> DISABLED <-> SERVER-OTHER PostgreSQL database SET ROLE security bypass attempt (server-other.rules) * 1:59639 <-> DISABLED <-> SERVER-OTHER Samba AD DC dns denial of service attempt (server-other.rules) * 1:59640 <-> DISABLED <-> SERVER-OTHER Kerberos 5 build_principal_va denial of service attempt (server-other.rules) * 1:59623 <-> ENABLED <-> MALWARE-CNC Win.Downloader.PlugX outbound connection (malware-cnc.rules) * 1:59629 <-> DISABLED <-> SERVER-OTHER TurboVNC fence message stack based buffer overflow attempt (server-other.rules) * 1:59624 <-> ENABLED <-> MALWARE-CNC Win.Downloader.PlugX outbound connection (malware-cnc.rules) * 1:59631 <-> DISABLED <-> SERVER-OTHER LibVNC LibVNCClient heap buffer overflow attempt (server-other.rules) * 1:59635 <-> DISABLED <-> SERVER-OTHER NLNet Labs Unbound NOTIFY denial of service attempt (server-other.rules) * 1:59630 <-> DISABLED <-> PROTOCOL-TELNET CHIYU IoT device authentication bypass attempt (protocol-telnet.rules) * 1:59636 <-> DISABLED <-> SERVER-OTHER PostgreSQL database geo_ops path_in integer overflow attempt (server-other.rules) * 1:59641 <-> DISABLED <-> SERVER-OTHER Kerberos 5 build_principal_va denial of service attempt (server-other.rules) * 1:59627 <-> DISABLED <-> SERVER-OTHER PostgreSQL database SET ROLE security bypass attempt (server-other.rules) * 1:59634 <-> DISABLED <-> SERVER-OTHER Quagga BGP daemon BGP UPDATE message out-of-bounds read attempt (server-other.rules) * 1:59633 <-> DISABLED <-> FILE-FLASH Adobe Flash Player parseFloat stack overflow remote code execution attempt (file-flash.rules) * 3:59644 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2022-1516 attack attempt (file-pdf.rules) * 3:59638 <-> ENABLED <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2022-1514 attack attempt (os-windows.rules) * 3:59642 <-> ENABLED <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2022-1515 attack attempt (os-windows.rules) * 3:59637 <-> ENABLED <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2022-1514 attack attempt (os-windows.rules) * 3:59645 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2022-1516 attack attempt (file-pdf.rules) * 3:59643 <-> ENABLED <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2022-1515 attack attempt (os-windows.rules)
* 1:52450 <-> DISABLED <-> SERVER-OTHER Multiple products HTTP Host header buffer overflow attempt (server-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091401.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:59627 <-> DISABLED <-> SERVER-OTHER PostgreSQL database SET ROLE security bypass attempt (server-other.rules) * 1:59630 <-> DISABLED <-> PROTOCOL-TELNET CHIYU IoT device authentication bypass attempt (protocol-telnet.rules) * 1:59625 <-> ENABLED <-> MALWARE-CNC Win.Downloader.PlugX download attempt (malware-cnc.rules) * 1:59629 <-> DISABLED <-> SERVER-OTHER TurboVNC fence message stack based buffer overflow attempt (server-other.rules) * 1:59639 <-> DISABLED <-> SERVER-OTHER Samba AD DC dns denial of service attempt (server-other.rules) * 1:59640 <-> DISABLED <-> SERVER-OTHER Kerberos 5 build_principal_va denial of service attempt (server-other.rules) * 1:59626 <-> DISABLED <-> SERVER-OTHER PostgreSQL database SET ROLE security bypass attempt (server-other.rules) * 1:59636 <-> DISABLED <-> SERVER-OTHER PostgreSQL database geo_ops path_in integer overflow attempt (server-other.rules) * 1:59628 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager Fastback remote code execution attempt (server-other.rules) * 1:59631 <-> DISABLED <-> SERVER-OTHER LibVNC LibVNCClient heap buffer overflow attempt (server-other.rules) * 1:59622 <-> ENABLED <-> MALWARE-CNC Win.Downloader.PlugX outbound connection (malware-cnc.rules) * 1:59641 <-> DISABLED <-> SERVER-OTHER Kerberos 5 build_principal_va denial of service attempt (server-other.rules) * 1:59632 <-> DISABLED <-> FILE-FLASH Adobe Flash Player parseFloat stack overflow remote code execution attempt (file-flash.rules) * 1:59633 <-> DISABLED <-> FILE-FLASH Adobe Flash Player parseFloat stack overflow remote code execution attempt (file-flash.rules) * 1:59634 <-> DISABLED <-> SERVER-OTHER Quagga BGP daemon BGP UPDATE message out-of-bounds read attempt (server-other.rules) * 1:59635 <-> DISABLED <-> SERVER-OTHER NLNet Labs Unbound NOTIFY denial of service attempt (server-other.rules) * 1:59623 <-> ENABLED <-> MALWARE-CNC Win.Downloader.PlugX outbound connection (malware-cnc.rules) * 1:59624 <-> ENABLED <-> MALWARE-CNC Win.Downloader.PlugX outbound connection (malware-cnc.rules) * 3:59644 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2022-1516 attack attempt (file-pdf.rules) * 3:59637 <-> ENABLED <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2022-1514 attack attempt (os-windows.rules) * 3:59638 <-> ENABLED <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2022-1514 attack attempt (os-windows.rules) * 3:59643 <-> ENABLED <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2022-1515 attack attempt (os-windows.rules) * 3:59645 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2022-1516 attack attempt (file-pdf.rules) * 3:59642 <-> ENABLED <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2022-1515 attack attempt (os-windows.rules)
* 1:52450 <-> DISABLED <-> SERVER-OTHER Multiple products HTTP Host header buffer overflow attempt (server-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091300.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:59640 <-> DISABLED <-> SERVER-OTHER Kerberos 5 build_principal_va denial of service attempt (server-other.rules) * 1:59627 <-> DISABLED <-> SERVER-OTHER PostgreSQL database SET ROLE security bypass attempt (server-other.rules) * 1:59631 <-> DISABLED <-> SERVER-OTHER LibVNC LibVNCClient heap buffer overflow attempt (server-other.rules) * 1:59630 <-> DISABLED <-> PROTOCOL-TELNET CHIYU IoT device authentication bypass attempt (protocol-telnet.rules) * 1:59624 <-> ENABLED <-> MALWARE-CNC Win.Downloader.PlugX outbound connection (malware-cnc.rules) * 1:59622 <-> ENABLED <-> MALWARE-CNC Win.Downloader.PlugX outbound connection (malware-cnc.rules) * 1:59641 <-> DISABLED <-> SERVER-OTHER Kerberos 5 build_principal_va denial of service attempt (server-other.rules) * 1:59632 <-> DISABLED <-> FILE-FLASH Adobe Flash Player parseFloat stack overflow remote code execution attempt (file-flash.rules) * 1:59623 <-> ENABLED <-> MALWARE-CNC Win.Downloader.PlugX outbound connection (malware-cnc.rules) * 1:59633 <-> DISABLED <-> FILE-FLASH Adobe Flash Player parseFloat stack overflow remote code execution attempt (file-flash.rules) * 1:59634 <-> DISABLED <-> SERVER-OTHER Quagga BGP daemon BGP UPDATE message out-of-bounds read attempt (server-other.rules) * 1:59635 <-> DISABLED <-> SERVER-OTHER NLNet Labs Unbound NOTIFY denial of service attempt (server-other.rules) * 1:59629 <-> DISABLED <-> SERVER-OTHER TurboVNC fence message stack based buffer overflow attempt (server-other.rules) * 1:59636 <-> DISABLED <-> SERVER-OTHER PostgreSQL database geo_ops path_in integer overflow attempt (server-other.rules) * 1:59639 <-> DISABLED <-> SERVER-OTHER Samba AD DC dns denial of service attempt (server-other.rules) * 1:59626 <-> DISABLED <-> SERVER-OTHER PostgreSQL database SET ROLE security bypass attempt (server-other.rules) * 1:59628 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager Fastback remote code execution attempt (server-other.rules) * 1:59625 <-> ENABLED <-> MALWARE-CNC Win.Downloader.PlugX download attempt (malware-cnc.rules) * 3:59645 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2022-1516 attack attempt (file-pdf.rules) * 3:59638 <-> ENABLED <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2022-1514 attack attempt (os-windows.rules) * 3:59642 <-> ENABLED <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2022-1515 attack attempt (os-windows.rules) * 3:59644 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2022-1516 attack attempt (file-pdf.rules) * 3:59643 <-> ENABLED <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2022-1515 attack attempt (os-windows.rules) * 3:59637 <-> ENABLED <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2022-1514 attack attempt (os-windows.rules)
* 1:52450 <-> DISABLED <-> SERVER-OTHER Multiple products HTTP Host header buffer overflow attempt (server-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091101.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:59625 <-> ENABLED <-> MALWARE-CNC Win.Downloader.PlugX download attempt (malware-cnc.rules) * 1:59641 <-> DISABLED <-> SERVER-OTHER Kerberos 5 build_principal_va denial of service attempt (server-other.rules) * 1:59623 <-> ENABLED <-> MALWARE-CNC Win.Downloader.PlugX outbound connection (malware-cnc.rules) * 1:59636 <-> DISABLED <-> SERVER-OTHER PostgreSQL database geo_ops path_in integer overflow attempt (server-other.rules) * 1:59639 <-> DISABLED <-> SERVER-OTHER Samba AD DC dns denial of service attempt (server-other.rules) * 1:59629 <-> DISABLED <-> SERVER-OTHER TurboVNC fence message stack based buffer overflow attempt (server-other.rules) * 1:59624 <-> ENABLED <-> MALWARE-CNC Win.Downloader.PlugX outbound connection (malware-cnc.rules) * 1:59630 <-> DISABLED <-> PROTOCOL-TELNET CHIYU IoT device authentication bypass attempt (protocol-telnet.rules) * 1:59628 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager Fastback remote code execution attempt (server-other.rules) * 1:59627 <-> DISABLED <-> SERVER-OTHER PostgreSQL database SET ROLE security bypass attempt (server-other.rules) * 1:59631 <-> DISABLED <-> SERVER-OTHER LibVNC LibVNCClient heap buffer overflow attempt (server-other.rules) * 1:59632 <-> DISABLED <-> FILE-FLASH Adobe Flash Player parseFloat stack overflow remote code execution attempt (file-flash.rules) * 1:59640 <-> DISABLED <-> SERVER-OTHER Kerberos 5 build_principal_va denial of service attempt (server-other.rules) * 1:59626 <-> DISABLED <-> SERVER-OTHER PostgreSQL database SET ROLE security bypass attempt (server-other.rules) * 1:59633 <-> DISABLED <-> FILE-FLASH Adobe Flash Player parseFloat stack overflow remote code execution attempt (file-flash.rules) * 1:59634 <-> DISABLED <-> SERVER-OTHER Quagga BGP daemon BGP UPDATE message out-of-bounds read attempt (server-other.rules) * 1:59622 <-> ENABLED <-> MALWARE-CNC Win.Downloader.PlugX outbound connection (malware-cnc.rules) * 1:59635 <-> DISABLED <-> SERVER-OTHER NLNet Labs Unbound NOTIFY denial of service attempt (server-other.rules) * 3:59643 <-> ENABLED <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2022-1515 attack attempt (os-windows.rules) * 3:59644 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2022-1516 attack attempt (file-pdf.rules) * 3:59645 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2022-1516 attack attempt (file-pdf.rules) * 3:59638 <-> ENABLED <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2022-1514 attack attempt (os-windows.rules) * 3:59637 <-> ENABLED <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2022-1514 attack attempt (os-windows.rules) * 3:59642 <-> ENABLED <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2022-1515 attack attempt (os-windows.rules)
* 1:52450 <-> DISABLED <-> SERVER-OTHER Multiple products HTTP Host header buffer overflow attempt (server-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3000.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:59624 <-> ENABLED <-> MALWARE-CNC Win.Downloader.PlugX outbound connection (snort3-malware-cnc.rules) * 1:59633 <-> DISABLED <-> FILE-FLASH Adobe Flash Player parseFloat stack overflow remote code execution attempt (snort3-file-flash.rules) * 1:59634 <-> DISABLED <-> SERVER-OTHER Quagga BGP daemon BGP UPDATE message out-of-bounds read attempt (snort3-server-other.rules) * 1:59622 <-> ENABLED <-> MALWARE-CNC Win.Downloader.PlugX outbound connection (snort3-malware-cnc.rules) * 1:59623 <-> ENABLED <-> MALWARE-CNC Win.Downloader.PlugX outbound connection (snort3-malware-cnc.rules) * 1:59625 <-> ENABLED <-> MALWARE-CNC Win.Downloader.PlugX download attempt (snort3-malware-cnc.rules) * 1:59631 <-> DISABLED <-> SERVER-OTHER LibVNC LibVNCClient heap buffer overflow attempt (snort3-server-other.rules) * 1:59630 <-> DISABLED <-> PROTOCOL-TELNET CHIYU IoT device authentication bypass attempt (snort3-protocol-telnet.rules) * 1:59632 <-> DISABLED <-> FILE-FLASH Adobe Flash Player parseFloat stack overflow remote code execution attempt (snort3-file-flash.rules) * 1:59626 <-> DISABLED <-> SERVER-OTHER PostgreSQL database SET ROLE security bypass attempt (snort3-server-other.rules) * 1:59629 <-> DISABLED <-> SERVER-OTHER TurboVNC fence message stack based buffer overflow attempt (snort3-server-other.rules) * 1:59627 <-> DISABLED <-> SERVER-OTHER PostgreSQL database SET ROLE security bypass attempt (snort3-server-other.rules) * 1:59635 <-> DISABLED <-> SERVER-OTHER NLNet Labs Unbound NOTIFY denial of service attempt (snort3-server-other.rules) * 1:59636 <-> DISABLED <-> SERVER-OTHER PostgreSQL database geo_ops path_in integer overflow attempt (snort3-server-other.rules) * 1:59639 <-> DISABLED <-> SERVER-OTHER Samba AD DC dns denial of service attempt (snort3-server-other.rules) * 1:59628 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager Fastback remote code execution attempt (snort3-server-other.rules) * 1:59640 <-> DISABLED <-> SERVER-OTHER Kerberos 5 build_principal_va denial of service attempt (snort3-server-other.rules) * 1:59641 <-> DISABLED <-> SERVER-OTHER Kerberos 5 build_principal_va denial of service attempt (snort3-server-other.rules)
* 1:52450 <-> DISABLED <-> SERVER-OTHER Multiple products HTTP Host header buffer overflow attempt (snort3-server-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:59633 <-> DISABLED <-> FILE-FLASH Adobe Flash Player parseFloat stack overflow remote code execution attempt (file-flash.rules) * 1:59640 <-> DISABLED <-> SERVER-OTHER Kerberos 5 build_principal_va denial of service attempt (server-other.rules) * 1:59627 <-> DISABLED <-> SERVER-OTHER PostgreSQL database SET ROLE security bypass attempt (server-other.rules) * 1:59641 <-> DISABLED <-> SERVER-OTHER Kerberos 5 build_principal_va denial of service attempt (server-other.rules) * 1:59626 <-> DISABLED <-> SERVER-OTHER PostgreSQL database SET ROLE security bypass attempt (server-other.rules) * 1:59630 <-> DISABLED <-> PROTOCOL-TELNET CHIYU IoT device authentication bypass attempt (protocol-telnet.rules) * 1:59622 <-> ENABLED <-> MALWARE-CNC Win.Downloader.PlugX outbound connection (malware-cnc.rules) * 1:59634 <-> DISABLED <-> SERVER-OTHER Quagga BGP daemon BGP UPDATE message out-of-bounds read attempt (server-other.rules) * 1:59628 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager Fastback remote code execution attempt (server-other.rules) * 1:59624 <-> ENABLED <-> MALWARE-CNC Win.Downloader.PlugX outbound connection (malware-cnc.rules) * 1:59632 <-> DISABLED <-> FILE-FLASH Adobe Flash Player parseFloat stack overflow remote code execution attempt (file-flash.rules) * 1:59625 <-> ENABLED <-> MALWARE-CNC Win.Downloader.PlugX download attempt (malware-cnc.rules) * 1:59636 <-> DISABLED <-> SERVER-OTHER PostgreSQL database geo_ops path_in integer overflow attempt (server-other.rules) * 1:59629 <-> DISABLED <-> SERVER-OTHER TurboVNC fence message stack based buffer overflow attempt (server-other.rules) * 1:59639 <-> DISABLED <-> SERVER-OTHER Samba AD DC dns denial of service attempt (server-other.rules) * 1:59631 <-> DISABLED <-> SERVER-OTHER LibVNC LibVNCClient heap buffer overflow attempt (server-other.rules) * 1:59623 <-> ENABLED <-> MALWARE-CNC Win.Downloader.PlugX outbound connection (malware-cnc.rules)
* 1:52450 <-> DISABLED <-> SERVER-OTHER Multiple products HTTP Host header buffer overflow attempt (server-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.0.3.1.
The format of the file is:
gid:sid <-> Message
* 1:300073 <-> FILE-OFFICE Microsoft Office XPS file parsing remote code execution attempt * 1:59622 <-> MALWARE-CNC Win.Downloader.PlugX outbound connection * 1:59623 <-> MALWARE-CNC Win.Downloader.PlugX outbound connection * 1:59624 <-> MALWARE-CNC Win.Downloader.PlugX outbound connection * 1:59625 <-> MALWARE-CNC Win.Downloader.PlugX download attempt * 1:59626 <-> SERVER-OTHER PostgreSQL database SET ROLE security bypass attempt * 1:59627 <-> SERVER-OTHER PostgreSQL database SET ROLE security bypass attempt * 1:59628 <-> SERVER-OTHER IBM Tivoli Storage Manager Fastback remote code execution attempt * 1:59629 <-> SERVER-OTHER TurboVNC fence message stack based buffer overflow attempt * 1:59630 <-> PROTOCOL-TELNET CHIYU IoT device authentication bypass attempt * 1:59631 <-> SERVER-OTHER LibVNC LibVNCClient heap buffer overflow attempt * 1:59632 <-> FILE-FLASH Adobe Flash Player parseFloat stack overflow remote code execution attempt * 1:59633 <-> FILE-FLASH Adobe Flash Player parseFloat stack overflow remote code execution attempt * 1:59634 <-> SERVER-OTHER Quagga BGP daemon BGP UPDATE message out-of-bounds read attempt * 1:59635 <-> SERVER-OTHER NLNet Labs Unbound NOTIFY denial of service attempt * 1:59636 <-> SERVER-OTHER PostgreSQL database geo_ops path_in integer overflow attempt * 3:59637 <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2022-1514 attack attempt * 3:59638 <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2022-1514 attack attempt * 1:59639 <-> SERVER-OTHER Samba AD DC dns denial of service attempt * 1:59640 <-> SERVER-OTHER Kerberos 5 build_principal_va denial of service attempt * 1:59641 <-> SERVER-OTHER Kerberos 5 build_principal_va denial of service attempt * 3:59642 <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2022-1515 attack attempt * 3:59643 <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2022-1515 attack attempt * 3:59644 <-> FILE-PDF TRUFFLEHUNTER TALOS-2022-1516 attack attempt * 3:59645 <-> FILE-PDF TRUFFLEHUNTER TALOS-2022-1516 attack attempt
* 1:52450 <-> SERVER-OTHER Multiple products HTTP Host header buffer overflow attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.0.3.4.
The format of the file is:
gid:sid <-> Message
* 1:300073 <-> FILE-OFFICE Microsoft Office XPS file parsing remote code execution attempt * 1:59622 <-> MALWARE-CNC Win.Downloader.PlugX outbound connection * 1:59623 <-> MALWARE-CNC Win.Downloader.PlugX outbound connection * 1:59624 <-> MALWARE-CNC Win.Downloader.PlugX outbound connection * 1:59625 <-> MALWARE-CNC Win.Downloader.PlugX download attempt * 1:59626 <-> SERVER-OTHER PostgreSQL database SET ROLE security bypass attempt * 1:59627 <-> SERVER-OTHER PostgreSQL database SET ROLE security bypass attempt * 1:59628 <-> SERVER-OTHER IBM Tivoli Storage Manager Fastback remote code execution attempt * 1:59629 <-> SERVER-OTHER TurboVNC fence message stack based buffer overflow attempt * 1:59630 <-> PROTOCOL-TELNET CHIYU IoT device authentication bypass attempt * 1:59631 <-> SERVER-OTHER LibVNC LibVNCClient heap buffer overflow attempt * 1:59632 <-> FILE-FLASH Adobe Flash Player parseFloat stack overflow remote code execution attempt * 1:59633 <-> FILE-FLASH Adobe Flash Player parseFloat stack overflow remote code execution attempt * 1:59634 <-> SERVER-OTHER Quagga BGP daemon BGP UPDATE message out-of-bounds read attempt * 1:59635 <-> SERVER-OTHER NLNet Labs Unbound NOTIFY denial of service attempt * 1:59636 <-> SERVER-OTHER PostgreSQL database geo_ops path_in integer overflow attempt * 3:59637 <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2022-1514 attack attempt * 3:59638 <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2022-1514 attack attempt * 1:59639 <-> SERVER-OTHER Samba AD DC dns denial of service attempt * 1:59640 <-> SERVER-OTHER Kerberos 5 build_principal_va denial of service attempt * 1:59641 <-> SERVER-OTHER Kerberos 5 build_principal_va denial of service attempt * 3:59642 <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2022-1515 attack attempt * 3:59643 <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2022-1515 attack attempt * 3:59644 <-> FILE-PDF TRUFFLEHUNTER TALOS-2022-1516 attack attempt * 3:59645 <-> FILE-PDF TRUFFLEHUNTER TALOS-2022-1516 attack attempt
* 1:52450 <-> SERVER-OTHER Multiple products HTTP Host header buffer overflow attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.0.0.
The format of the file is:
gid:sid <-> Message
* 1:300073 <-> FILE-OFFICE Microsoft Office XPS file parsing remote code execution attempt * 1:59622 <-> MALWARE-CNC Win.Downloader.PlugX outbound connection * 1:59623 <-> MALWARE-CNC Win.Downloader.PlugX outbound connection * 1:59624 <-> MALWARE-CNC Win.Downloader.PlugX outbound connection * 1:59625 <-> MALWARE-CNC Win.Downloader.PlugX download attempt * 1:59626 <-> SERVER-OTHER PostgreSQL database SET ROLE security bypass attempt * 1:59627 <-> SERVER-OTHER PostgreSQL database SET ROLE security bypass attempt * 1:59628 <-> SERVER-OTHER IBM Tivoli Storage Manager Fastback remote code execution attempt * 1:59629 <-> SERVER-OTHER TurboVNC fence message stack based buffer overflow attempt * 1:59630 <-> PROTOCOL-TELNET CHIYU IoT device authentication bypass attempt * 1:59631 <-> SERVER-OTHER LibVNC LibVNCClient heap buffer overflow attempt * 1:59632 <-> FILE-FLASH Adobe Flash Player parseFloat stack overflow remote code execution attempt * 1:59633 <-> FILE-FLASH Adobe Flash Player parseFloat stack overflow remote code execution attempt * 1:59634 <-> SERVER-OTHER Quagga BGP daemon BGP UPDATE message out-of-bounds read attempt * 1:59635 <-> SERVER-OTHER NLNet Labs Unbound NOTIFY denial of service attempt * 1:59636 <-> SERVER-OTHER PostgreSQL database geo_ops path_in integer overflow attempt * 3:59637 <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2022-1514 attack attempt * 3:59638 <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2022-1514 attack attempt * 1:59639 <-> SERVER-OTHER Samba AD DC dns denial of service attempt * 1:59640 <-> SERVER-OTHER Kerberos 5 build_principal_va denial of service attempt * 1:59641 <-> SERVER-OTHER Kerberos 5 build_principal_va denial of service attempt * 3:59642 <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2022-1515 attack attempt * 3:59643 <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2022-1515 attack attempt * 3:59644 <-> FILE-PDF TRUFFLEHUNTER TALOS-2022-1516 attack attempt * 3:59645 <-> FILE-PDF TRUFFLEHUNTER TALOS-2022-1516 attack attempt
* 1:52450 <-> SERVER-OTHER Multiple products HTTP Host header buffer overflow attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.0.1.
The format of the file is:
gid:sid <-> Message
* 1:300073 <-> FILE-OFFICE Microsoft Office XPS file parsing remote code execution attempt * 1:59622 <-> MALWARE-CNC Win.Downloader.PlugX outbound connection * 1:59623 <-> MALWARE-CNC Win.Downloader.PlugX outbound connection * 1:59624 <-> MALWARE-CNC Win.Downloader.PlugX outbound connection * 1:59625 <-> MALWARE-CNC Win.Downloader.PlugX download attempt * 1:59626 <-> SERVER-OTHER PostgreSQL database SET ROLE security bypass attempt * 1:59627 <-> SERVER-OTHER PostgreSQL database SET ROLE security bypass attempt * 1:59628 <-> SERVER-OTHER IBM Tivoli Storage Manager Fastback remote code execution attempt * 1:59629 <-> SERVER-OTHER TurboVNC fence message stack based buffer overflow attempt * 1:59630 <-> PROTOCOL-TELNET CHIYU IoT device authentication bypass attempt * 1:59631 <-> SERVER-OTHER LibVNC LibVNCClient heap buffer overflow attempt * 1:59632 <-> FILE-FLASH Adobe Flash Player parseFloat stack overflow remote code execution attempt * 1:59633 <-> FILE-FLASH Adobe Flash Player parseFloat stack overflow remote code execution attempt * 1:59634 <-> SERVER-OTHER Quagga BGP daemon BGP UPDATE message out-of-bounds read attempt * 1:59635 <-> SERVER-OTHER NLNet Labs Unbound NOTIFY denial of service attempt * 1:59636 <-> SERVER-OTHER PostgreSQL database geo_ops path_in integer overflow attempt * 3:59637 <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2022-1514 attack attempt * 3:59638 <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2022-1514 attack attempt * 1:59639 <-> SERVER-OTHER Samba AD DC dns denial of service attempt * 1:59640 <-> SERVER-OTHER Kerberos 5 build_principal_va denial of service attempt * 1:59641 <-> SERVER-OTHER Kerberos 5 build_principal_va denial of service attempt * 3:59642 <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2022-1515 attack attempt * 3:59643 <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2022-1515 attack attempt * 3:59644 <-> FILE-PDF TRUFFLEHUNTER TALOS-2022-1516 attack attempt * 3:59645 <-> FILE-PDF TRUFFLEHUNTER TALOS-2022-1516 attack attempt
* 1:52450 <-> SERVER-OTHER Multiple products HTTP Host header buffer overflow attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.1.0.
The format of the file is:
gid:sid <-> Message
* 1:300073 <-> FILE-OFFICE Microsoft Office XPS file parsing remote code execution attempt * 1:59622 <-> MALWARE-CNC Win.Downloader.PlugX outbound connection * 1:59623 <-> MALWARE-CNC Win.Downloader.PlugX outbound connection * 1:59624 <-> MALWARE-CNC Win.Downloader.PlugX outbound connection * 1:59625 <-> MALWARE-CNC Win.Downloader.PlugX download attempt * 1:59626 <-> SERVER-OTHER PostgreSQL database SET ROLE security bypass attempt * 1:59627 <-> SERVER-OTHER PostgreSQL database SET ROLE security bypass attempt * 1:59628 <-> SERVER-OTHER IBM Tivoli Storage Manager Fastback remote code execution attempt * 1:59629 <-> SERVER-OTHER TurboVNC fence message stack based buffer overflow attempt * 1:59630 <-> PROTOCOL-TELNET CHIYU IoT device authentication bypass attempt * 1:59631 <-> SERVER-OTHER LibVNC LibVNCClient heap buffer overflow attempt * 1:59632 <-> FILE-FLASH Adobe Flash Player parseFloat stack overflow remote code execution attempt * 1:59633 <-> FILE-FLASH Adobe Flash Player parseFloat stack overflow remote code execution attempt * 1:59634 <-> SERVER-OTHER Quagga BGP daemon BGP UPDATE message out-of-bounds read attempt * 1:59635 <-> SERVER-OTHER NLNet Labs Unbound NOTIFY denial of service attempt * 1:59636 <-> SERVER-OTHER PostgreSQL database geo_ops path_in integer overflow attempt * 3:59637 <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2022-1514 attack attempt * 3:59638 <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2022-1514 attack attempt * 1:59639 <-> SERVER-OTHER Samba AD DC dns denial of service attempt * 1:59640 <-> SERVER-OTHER Kerberos 5 build_principal_va denial of service attempt * 1:59641 <-> SERVER-OTHER Kerberos 5 build_principal_va denial of service attempt * 3:59642 <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2022-1515 attack attempt * 3:59643 <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2022-1515 attack attempt * 3:59644 <-> FILE-PDF TRUFFLEHUNTER TALOS-2022-1516 attack attempt * 3:59645 <-> FILE-PDF TRUFFLEHUNTER TALOS-2022-1516 attack attempt
* 1:52450 <-> SERVER-OTHER Multiple products HTTP Host header buffer overflow attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.3.0.
The format of the file is:
gid:sid <-> Message
* 1:300073 <-> FILE-OFFICE Microsoft Office XPS file parsing remote code execution attempt * 1:59622 <-> MALWARE-CNC Win.Downloader.PlugX outbound connection * 1:59623 <-> MALWARE-CNC Win.Downloader.PlugX outbound connection * 1:59624 <-> MALWARE-CNC Win.Downloader.PlugX outbound connection * 1:59625 <-> MALWARE-CNC Win.Downloader.PlugX download attempt * 1:59626 <-> SERVER-OTHER PostgreSQL database SET ROLE security bypass attempt * 1:59627 <-> SERVER-OTHER PostgreSQL database SET ROLE security bypass attempt * 1:59628 <-> SERVER-OTHER IBM Tivoli Storage Manager Fastback remote code execution attempt * 1:59629 <-> SERVER-OTHER TurboVNC fence message stack based buffer overflow attempt * 1:59630 <-> PROTOCOL-TELNET CHIYU IoT device authentication bypass attempt * 1:59631 <-> SERVER-OTHER LibVNC LibVNCClient heap buffer overflow attempt * 1:59632 <-> FILE-FLASH Adobe Flash Player parseFloat stack overflow remote code execution attempt * 1:59633 <-> FILE-FLASH Adobe Flash Player parseFloat stack overflow remote code execution attempt * 1:59634 <-> SERVER-OTHER Quagga BGP daemon BGP UPDATE message out-of-bounds read attempt * 1:59635 <-> SERVER-OTHER NLNet Labs Unbound NOTIFY denial of service attempt * 1:59636 <-> SERVER-OTHER PostgreSQL database geo_ops path_in integer overflow attempt * 3:59637 <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2022-1514 attack attempt * 3:59638 <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2022-1514 attack attempt * 1:59639 <-> SERVER-OTHER Samba AD DC dns denial of service attempt * 1:59640 <-> SERVER-OTHER Kerberos 5 build_principal_va denial of service attempt * 1:59641 <-> SERVER-OTHER Kerberos 5 build_principal_va denial of service attempt * 3:59642 <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2022-1515 attack attempt * 3:59643 <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2022-1515 attack attempt * 3:59644 <-> FILE-PDF TRUFFLEHUNTER TALOS-2022-1516 attack attempt * 3:59645 <-> FILE-PDF TRUFFLEHUNTER TALOS-2022-1516 attack attempt
* 1:52450 <-> SERVER-OTHER Multiple products HTTP Host header buffer overflow attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.4.0.
The format of the file is:
gid:sid <-> Message
* 1:300073 <-> FILE-OFFICE Microsoft Office XPS file parsing remote code execution attempt * 1:59622 <-> MALWARE-CNC Win.Downloader.PlugX outbound connection * 1:59623 <-> MALWARE-CNC Win.Downloader.PlugX outbound connection * 1:59624 <-> MALWARE-CNC Win.Downloader.PlugX outbound connection * 1:59625 <-> MALWARE-CNC Win.Downloader.PlugX download attempt * 1:59626 <-> SERVER-OTHER PostgreSQL database SET ROLE security bypass attempt * 1:59627 <-> SERVER-OTHER PostgreSQL database SET ROLE security bypass attempt * 1:59628 <-> SERVER-OTHER IBM Tivoli Storage Manager Fastback remote code execution attempt * 1:59629 <-> SERVER-OTHER TurboVNC fence message stack based buffer overflow attempt * 1:59630 <-> PROTOCOL-TELNET CHIYU IoT device authentication bypass attempt * 1:59631 <-> SERVER-OTHER LibVNC LibVNCClient heap buffer overflow attempt * 1:59632 <-> FILE-FLASH Adobe Flash Player parseFloat stack overflow remote code execution attempt * 1:59633 <-> FILE-FLASH Adobe Flash Player parseFloat stack overflow remote code execution attempt * 1:59634 <-> SERVER-OTHER Quagga BGP daemon BGP UPDATE message out-of-bounds read attempt * 1:59635 <-> SERVER-OTHER NLNet Labs Unbound NOTIFY denial of service attempt * 1:59636 <-> SERVER-OTHER PostgreSQL database geo_ops path_in integer overflow attempt * 3:59637 <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2022-1514 attack attempt * 3:59638 <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2022-1514 attack attempt * 1:59639 <-> SERVER-OTHER Samba AD DC dns denial of service attempt * 1:59640 <-> SERVER-OTHER Kerberos 5 build_principal_va denial of service attempt * 1:59641 <-> SERVER-OTHER Kerberos 5 build_principal_va denial of service attempt * 3:59642 <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2022-1515 attack attempt * 3:59643 <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2022-1515 attack attempt * 3:59644 <-> FILE-PDF TRUFFLEHUNTER TALOS-2022-1516 attack attempt * 3:59645 <-> FILE-PDF TRUFFLEHUNTER TALOS-2022-1516 attack attempt
* 1:52450 <-> SERVER-OTHER Multiple products HTTP Host header buffer overflow attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.5.0.
The format of the file is:
gid:sid <-> Message
* 1:300073 <-> FILE-OFFICE Microsoft Office XPS file parsing remote code execution attempt * 1:59622 <-> MALWARE-CNC Win.Downloader.PlugX outbound connection * 1:59623 <-> MALWARE-CNC Win.Downloader.PlugX outbound connection * 1:59624 <-> MALWARE-CNC Win.Downloader.PlugX outbound connection * 1:59625 <-> MALWARE-CNC Win.Downloader.PlugX download attempt * 1:59626 <-> SERVER-OTHER PostgreSQL database SET ROLE security bypass attempt * 1:59627 <-> SERVER-OTHER PostgreSQL database SET ROLE security bypass attempt * 1:59628 <-> SERVER-OTHER IBM Tivoli Storage Manager Fastback remote code execution attempt * 1:59629 <-> SERVER-OTHER TurboVNC fence message stack based buffer overflow attempt * 1:59630 <-> PROTOCOL-TELNET CHIYU IoT device authentication bypass attempt * 1:59631 <-> SERVER-OTHER LibVNC LibVNCClient heap buffer overflow attempt * 1:59632 <-> FILE-FLASH Adobe Flash Player parseFloat stack overflow remote code execution attempt * 1:59633 <-> FILE-FLASH Adobe Flash Player parseFloat stack overflow remote code execution attempt * 1:59634 <-> SERVER-OTHER Quagga BGP daemon BGP UPDATE message out-of-bounds read attempt * 1:59635 <-> SERVER-OTHER NLNet Labs Unbound NOTIFY denial of service attempt * 1:59636 <-> SERVER-OTHER PostgreSQL database geo_ops path_in integer overflow attempt * 3:59637 <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2022-1514 attack attempt * 3:59638 <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2022-1514 attack attempt * 1:59639 <-> SERVER-OTHER Samba AD DC dns denial of service attempt * 1:59640 <-> SERVER-OTHER Kerberos 5 build_principal_va denial of service attempt * 1:59641 <-> SERVER-OTHER Kerberos 5 build_principal_va denial of service attempt * 3:59642 <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2022-1515 attack attempt * 3:59643 <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2022-1515 attack attempt * 3:59644 <-> FILE-PDF TRUFFLEHUNTER TALOS-2022-1516 attack attempt * 3:59645 <-> FILE-PDF TRUFFLEHUNTER TALOS-2022-1516 attack attempt
* 1:52450 <-> SERVER-OTHER Multiple products HTTP Host header buffer overflow attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.7.0.
The format of the file is:
gid:sid <-> Message
* 1:300073 <-> FILE-OFFICE Microsoft Office XPS file parsing remote code execution attempt * 1:59622 <-> MALWARE-CNC Win.Downloader.PlugX outbound connection * 1:59623 <-> MALWARE-CNC Win.Downloader.PlugX outbound connection * 1:59624 <-> MALWARE-CNC Win.Downloader.PlugX outbound connection * 1:59625 <-> MALWARE-CNC Win.Downloader.PlugX download attempt * 1:59626 <-> SERVER-OTHER PostgreSQL database SET ROLE security bypass attempt * 1:59627 <-> SERVER-OTHER PostgreSQL database SET ROLE security bypass attempt * 1:59628 <-> SERVER-OTHER IBM Tivoli Storage Manager Fastback remote code execution attempt * 1:59629 <-> SERVER-OTHER TurboVNC fence message stack based buffer overflow attempt * 1:59630 <-> PROTOCOL-TELNET CHIYU IoT device authentication bypass attempt * 1:59631 <-> SERVER-OTHER LibVNC LibVNCClient heap buffer overflow attempt * 1:59632 <-> FILE-FLASH Adobe Flash Player parseFloat stack overflow remote code execution attempt * 1:59633 <-> FILE-FLASH Adobe Flash Player parseFloat stack overflow remote code execution attempt * 1:59634 <-> SERVER-OTHER Quagga BGP daemon BGP UPDATE message out-of-bounds read attempt * 1:59635 <-> SERVER-OTHER NLNet Labs Unbound NOTIFY denial of service attempt * 1:59636 <-> SERVER-OTHER PostgreSQL database geo_ops path_in integer overflow attempt * 3:59637 <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2022-1514 attack attempt * 3:59638 <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2022-1514 attack attempt * 1:59639 <-> SERVER-OTHER Samba AD DC dns denial of service attempt * 1:59640 <-> SERVER-OTHER Kerberos 5 build_principal_va denial of service attempt * 1:59641 <-> SERVER-OTHER Kerberos 5 build_principal_va denial of service attempt * 3:59642 <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2022-1515 attack attempt * 3:59643 <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2022-1515 attack attempt * 3:59644 <-> FILE-PDF TRUFFLEHUNTER TALOS-2022-1516 attack attempt * 3:59645 <-> FILE-PDF TRUFFLEHUNTER TALOS-2022-1516 attack attempt
* 1:52450 <-> SERVER-OTHER Multiple products HTTP Host header buffer overflow attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.9.0.
The format of the file is:
gid:sid <-> Message
* 1:300073 <-> FILE-OFFICE Microsoft Office XPS file parsing remote code execution attempt * 1:59622 <-> MALWARE-CNC Win.Downloader.PlugX outbound connection * 1:59623 <-> MALWARE-CNC Win.Downloader.PlugX outbound connection * 1:59624 <-> MALWARE-CNC Win.Downloader.PlugX outbound connection * 1:59625 <-> MALWARE-CNC Win.Downloader.PlugX download attempt * 1:59626 <-> SERVER-OTHER PostgreSQL database SET ROLE security bypass attempt * 1:59627 <-> SERVER-OTHER PostgreSQL database SET ROLE security bypass attempt * 1:59628 <-> SERVER-OTHER IBM Tivoli Storage Manager Fastback remote code execution attempt * 1:59629 <-> SERVER-OTHER TurboVNC fence message stack based buffer overflow attempt * 1:59630 <-> PROTOCOL-TELNET CHIYU IoT device authentication bypass attempt * 1:59631 <-> SERVER-OTHER LibVNC LibVNCClient heap buffer overflow attempt * 1:59632 <-> FILE-FLASH Adobe Flash Player parseFloat stack overflow remote code execution attempt * 1:59633 <-> FILE-FLASH Adobe Flash Player parseFloat stack overflow remote code execution attempt * 1:59634 <-> SERVER-OTHER Quagga BGP daemon BGP UPDATE message out-of-bounds read attempt * 1:59635 <-> SERVER-OTHER NLNet Labs Unbound NOTIFY denial of service attempt * 1:59636 <-> SERVER-OTHER PostgreSQL database geo_ops path_in integer overflow attempt * 3:59637 <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2022-1514 attack attempt * 3:59638 <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2022-1514 attack attempt * 1:59639 <-> SERVER-OTHER Samba AD DC dns denial of service attempt * 1:59640 <-> SERVER-OTHER Kerberos 5 build_principal_va denial of service attempt * 1:59641 <-> SERVER-OTHER Kerberos 5 build_principal_va denial of service attempt * 3:59642 <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2022-1515 attack attempt * 3:59643 <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2022-1515 attack attempt * 3:59644 <-> FILE-PDF TRUFFLEHUNTER TALOS-2022-1516 attack attempt * 3:59645 <-> FILE-PDF TRUFFLEHUNTER TALOS-2022-1516 attack attempt
* 1:52450 <-> SERVER-OTHER Multiple products HTTP Host header buffer overflow attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.11.0.
The format of the file is:
gid:sid <-> Message
* 1:300073 <-> FILE-OFFICE Microsoft Office XPS file parsing remote code execution attempt * 1:59622 <-> MALWARE-CNC Win.Downloader.PlugX outbound connection * 1:59623 <-> MALWARE-CNC Win.Downloader.PlugX outbound connection * 1:59624 <-> MALWARE-CNC Win.Downloader.PlugX outbound connection * 1:59625 <-> MALWARE-CNC Win.Downloader.PlugX download attempt * 1:59626 <-> SERVER-OTHER PostgreSQL database SET ROLE security bypass attempt * 1:59627 <-> SERVER-OTHER PostgreSQL database SET ROLE security bypass attempt * 1:59628 <-> SERVER-OTHER IBM Tivoli Storage Manager Fastback remote code execution attempt * 1:59629 <-> SERVER-OTHER TurboVNC fence message stack based buffer overflow attempt * 1:59630 <-> PROTOCOL-TELNET CHIYU IoT device authentication bypass attempt * 1:59631 <-> SERVER-OTHER LibVNC LibVNCClient heap buffer overflow attempt * 1:59632 <-> FILE-FLASH Adobe Flash Player parseFloat stack overflow remote code execution attempt * 1:59633 <-> FILE-FLASH Adobe Flash Player parseFloat stack overflow remote code execution attempt * 1:59634 <-> SERVER-OTHER Quagga BGP daemon BGP UPDATE message out-of-bounds read attempt * 1:59635 <-> SERVER-OTHER NLNet Labs Unbound NOTIFY denial of service attempt * 1:59636 <-> SERVER-OTHER PostgreSQL database geo_ops path_in integer overflow attempt * 3:59637 <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2022-1514 attack attempt * 3:59638 <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2022-1514 attack attempt * 1:59639 <-> SERVER-OTHER Samba AD DC dns denial of service attempt * 1:59640 <-> SERVER-OTHER Kerberos 5 build_principal_va denial of service attempt * 1:59641 <-> SERVER-OTHER Kerberos 5 build_principal_va denial of service attempt * 3:59642 <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2022-1515 attack attempt * 3:59643 <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2022-1515 attack attempt * 3:59644 <-> FILE-PDF TRUFFLEHUNTER TALOS-2022-1516 attack attempt * 3:59645 <-> FILE-PDF TRUFFLEHUNTER TALOS-2022-1516 attack attempt
* 1:52450 <-> SERVER-OTHER Multiple products HTTP Host header buffer overflow attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.15.0.
The format of the file is:
gid:sid <-> Message
* 1:300073 <-> FILE-OFFICE Microsoft Office XPS file parsing remote code execution attempt * 1:59622 <-> MALWARE-CNC Win.Downloader.PlugX outbound connection * 1:59623 <-> MALWARE-CNC Win.Downloader.PlugX outbound connection * 1:59624 <-> MALWARE-CNC Win.Downloader.PlugX outbound connection * 1:59625 <-> MALWARE-CNC Win.Downloader.PlugX download attempt * 1:59626 <-> SERVER-OTHER PostgreSQL database SET ROLE security bypass attempt * 1:59627 <-> SERVER-OTHER PostgreSQL database SET ROLE security bypass attempt * 1:59628 <-> SERVER-OTHER IBM Tivoli Storage Manager Fastback remote code execution attempt * 1:59629 <-> SERVER-OTHER TurboVNC fence message stack based buffer overflow attempt * 1:59630 <-> PROTOCOL-TELNET CHIYU IoT device authentication bypass attempt * 1:59631 <-> SERVER-OTHER LibVNC LibVNCClient heap buffer overflow attempt * 1:59632 <-> FILE-FLASH Adobe Flash Player parseFloat stack overflow remote code execution attempt * 1:59633 <-> FILE-FLASH Adobe Flash Player parseFloat stack overflow remote code execution attempt * 1:59634 <-> SERVER-OTHER Quagga BGP daemon BGP UPDATE message out-of-bounds read attempt * 1:59635 <-> SERVER-OTHER NLNet Labs Unbound NOTIFY denial of service attempt * 1:59636 <-> SERVER-OTHER PostgreSQL database geo_ops path_in integer overflow attempt * 3:59637 <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2022-1514 attack attempt * 3:59638 <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2022-1514 attack attempt * 1:59639 <-> SERVER-OTHER Samba AD DC dns denial of service attempt * 1:59640 <-> SERVER-OTHER Kerberos 5 build_principal_va denial of service attempt * 1:59641 <-> SERVER-OTHER Kerberos 5 build_principal_va denial of service attempt * 3:59642 <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2022-1515 attack attempt * 3:59643 <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2022-1515 attack attempt * 3:59644 <-> FILE-PDF TRUFFLEHUNTER TALOS-2022-1516 attack attempt * 3:59645 <-> FILE-PDF TRUFFLEHUNTER TALOS-2022-1516 attack attempt
* 1:52450 <-> SERVER-OTHER Multiple products HTTP Host header buffer overflow attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.18.0.
The format of the file is:
gid:sid <-> Message
* 1:300073 <-> FILE-OFFICE Microsoft Office XPS file parsing remote code execution attempt * 1:59622 <-> MALWARE-CNC Win.Downloader.PlugX outbound connection * 1:59623 <-> MALWARE-CNC Win.Downloader.PlugX outbound connection * 1:59624 <-> MALWARE-CNC Win.Downloader.PlugX outbound connection * 1:59625 <-> MALWARE-CNC Win.Downloader.PlugX download attempt * 1:59626 <-> SERVER-OTHER PostgreSQL database SET ROLE security bypass attempt * 1:59627 <-> SERVER-OTHER PostgreSQL database SET ROLE security bypass attempt * 1:59628 <-> SERVER-OTHER IBM Tivoli Storage Manager Fastback remote code execution attempt * 1:59629 <-> SERVER-OTHER TurboVNC fence message stack based buffer overflow attempt * 1:59630 <-> PROTOCOL-TELNET CHIYU IoT device authentication bypass attempt * 1:59631 <-> SERVER-OTHER LibVNC LibVNCClient heap buffer overflow attempt * 1:59632 <-> FILE-FLASH Adobe Flash Player parseFloat stack overflow remote code execution attempt * 1:59633 <-> FILE-FLASH Adobe Flash Player parseFloat stack overflow remote code execution attempt * 1:59634 <-> SERVER-OTHER Quagga BGP daemon BGP UPDATE message out-of-bounds read attempt * 1:59635 <-> SERVER-OTHER NLNet Labs Unbound NOTIFY denial of service attempt * 1:59636 <-> SERVER-OTHER PostgreSQL database geo_ops path_in integer overflow attempt * 3:59637 <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2022-1514 attack attempt * 3:59638 <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2022-1514 attack attempt * 1:59639 <-> SERVER-OTHER Samba AD DC dns denial of service attempt * 1:59640 <-> SERVER-OTHER Kerberos 5 build_principal_va denial of service attempt * 1:59641 <-> SERVER-OTHER Kerberos 5 build_principal_va denial of service attempt * 3:59642 <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2022-1515 attack attempt * 3:59643 <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2022-1515 attack attempt * 3:59644 <-> FILE-PDF TRUFFLEHUNTER TALOS-2022-1516 attack attempt * 3:59645 <-> FILE-PDF TRUFFLEHUNTER TALOS-2022-1516 attack attempt
* 1:52450 <-> SERVER-OTHER Multiple products HTTP Host header buffer overflow attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.20.0.
The format of the file is:
gid:sid <-> Message
* 1:300073 <-> FILE-OFFICE Microsoft Office XPS file parsing remote code execution attempt * 1:59622 <-> MALWARE-CNC Win.Downloader.PlugX outbound connection * 1:59623 <-> MALWARE-CNC Win.Downloader.PlugX outbound connection * 1:59624 <-> MALWARE-CNC Win.Downloader.PlugX outbound connection * 1:59625 <-> MALWARE-CNC Win.Downloader.PlugX download attempt * 1:59626 <-> SERVER-OTHER PostgreSQL database SET ROLE security bypass attempt * 1:59627 <-> SERVER-OTHER PostgreSQL database SET ROLE security bypass attempt * 1:59628 <-> SERVER-OTHER IBM Tivoli Storage Manager Fastback remote code execution attempt * 1:59629 <-> SERVER-OTHER TurboVNC fence message stack based buffer overflow attempt * 1:59630 <-> PROTOCOL-TELNET CHIYU IoT device authentication bypass attempt * 1:59631 <-> SERVER-OTHER LibVNC LibVNCClient heap buffer overflow attempt * 1:59632 <-> FILE-FLASH Adobe Flash Player parseFloat stack overflow remote code execution attempt * 1:59633 <-> FILE-FLASH Adobe Flash Player parseFloat stack overflow remote code execution attempt * 1:59634 <-> SERVER-OTHER Quagga BGP daemon BGP UPDATE message out-of-bounds read attempt * 1:59635 <-> SERVER-OTHER NLNet Labs Unbound NOTIFY denial of service attempt * 1:59636 <-> SERVER-OTHER PostgreSQL database geo_ops path_in integer overflow attempt * 3:59637 <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2022-1514 attack attempt * 3:59638 <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2022-1514 attack attempt * 1:59639 <-> SERVER-OTHER Samba AD DC dns denial of service attempt * 1:59640 <-> SERVER-OTHER Kerberos 5 build_principal_va denial of service attempt * 1:59641 <-> SERVER-OTHER Kerberos 5 build_principal_va denial of service attempt * 3:59642 <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2022-1515 attack attempt * 3:59643 <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2022-1515 attack attempt * 3:59644 <-> FILE-PDF TRUFFLEHUNTER TALOS-2022-1516 attack attempt * 3:59645 <-> FILE-PDF TRUFFLEHUNTER TALOS-2022-1516 attack attempt
* 1:52450 <-> SERVER-OTHER Multiple products HTTP Host header buffer overflow attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.21.0.
The format of the file is:
gid:sid <-> Message
* 1:300073 <-> FILE-OFFICE Microsoft Office XPS file parsing remote code execution attempt * 1:59622 <-> MALWARE-CNC Win.Downloader.PlugX outbound connection * 1:59623 <-> MALWARE-CNC Win.Downloader.PlugX outbound connection * 1:59624 <-> MALWARE-CNC Win.Downloader.PlugX outbound connection * 1:59625 <-> MALWARE-CNC Win.Downloader.PlugX download attempt * 1:59626 <-> SERVER-OTHER PostgreSQL database SET ROLE security bypass attempt * 1:59627 <-> SERVER-OTHER PostgreSQL database SET ROLE security bypass attempt * 1:59628 <-> SERVER-OTHER IBM Tivoli Storage Manager Fastback remote code execution attempt * 1:59629 <-> SERVER-OTHER TurboVNC fence message stack based buffer overflow attempt * 1:59630 <-> PROTOCOL-TELNET CHIYU IoT device authentication bypass attempt * 1:59631 <-> SERVER-OTHER LibVNC LibVNCClient heap buffer overflow attempt * 1:59632 <-> FILE-FLASH Adobe Flash Player parseFloat stack overflow remote code execution attempt * 1:59633 <-> FILE-FLASH Adobe Flash Player parseFloat stack overflow remote code execution attempt * 1:59634 <-> SERVER-OTHER Quagga BGP daemon BGP UPDATE message out-of-bounds read attempt * 1:59635 <-> SERVER-OTHER NLNet Labs Unbound NOTIFY denial of service attempt * 1:59636 <-> SERVER-OTHER PostgreSQL database geo_ops path_in integer overflow attempt * 3:59637 <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2022-1514 attack attempt * 3:59638 <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2022-1514 attack attempt * 1:59639 <-> SERVER-OTHER Samba AD DC dns denial of service attempt * 1:59640 <-> SERVER-OTHER Kerberos 5 build_principal_va denial of service attempt * 1:59641 <-> SERVER-OTHER Kerberos 5 build_principal_va denial of service attempt * 3:59642 <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2022-1515 attack attempt * 3:59643 <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2022-1515 attack attempt * 3:59644 <-> FILE-PDF TRUFFLEHUNTER TALOS-2022-1516 attack attempt * 3:59645 <-> FILE-PDF TRUFFLEHUNTER TALOS-2022-1516 attack attempt
* 1:52450 <-> SERVER-OTHER Multiple products HTTP Host header buffer overflow attempt
©2024 Cisco and/or its affiliates. Snort, the Snort and Pig logo are registered trademarks of Cisco. All rights reserved.
