Talos has added and modified multiple rules in the file-image, file-multimedia, file-other, file-pdf, malware-other, policy-other, protocol-imap, protocol-scada, server-apache and server-webapp rule sets to provide coverage for emerging threats from these technologies.
For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091900.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:59782 <-> DISABLED <-> PROTOCOL-IMAP Dovecot Pigeonhole string parsing remote code execution attempt (protocol-imap.rules) * 1:59783 <-> DISABLED <-> FILE-PDF Adobe Acrobat DC memory corruption attempt (file-pdf.rules) * 1:59784 <-> DISABLED <-> FILE-PDF Adobe Acrobat DC memory corruption attempt (file-pdf.rules) * 1:59785 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime ftab atom buffer overflow attempt (file-multimedia.rules) * 1:59786 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime ftab atom buffer overflow attempt (file-multimedia.rules) * 1:59787 <-> DISABLED <-> PROTOCOL-SCADA VIPA Automation WinPLC7 buffer overflow attempt (protocol-scada.rules) * 1:59788 <-> DISABLED <-> FILE-OTHER ABB Panel Builder BeModBus CommandLineOptions stack-based buffer overflow attempt (file-other.rules) * 1:59789 <-> DISABLED <-> FILE-OTHER ABB Panel Builder BeModBus CommandLineOptions stack-based buffer overflow attempt (file-other.rules) * 1:59790 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:59791 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:59792 <-> DISABLED <-> SERVER-OTHER ISC BIND lightweight resolver protocol denial of service (server-other.rules) * 1:59793 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:59794 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:59795 <-> DISABLED <-> POLICY-OTHER IBM Data Risk Management administrative login attempt (policy-other.rules) * 1:59796 <-> DISABLED <-> SERVER-WEBAPP Nostromo nhttpd http_header_comp buffer overflow attempt (server-webapp.rules) * 1:59797 <-> DISABLED <-> SERVER-OTHER NetGain Enterprise Manager arbitrary RMI registry insecure deserialization attempt (server-other.rules) * 1:59798 <-> DISABLED <-> SERVER-OTHER NetGain Enterprise Manager arbitrary RMI registry insecure deserialization attempt (server-other.rules) * 1:59799 <-> DISABLED <-> SERVER-OTHER NetGain Enterprise Manager arbitrary RMI registry insecure deserialization attempt (server-other.rules) * 1:59800 <-> DISABLED <-> SERVER-OTHER Bind9 server response self-signed certificate denial of service attempt (server-other.rules) * 1:59801 <-> DISABLED <-> SERVER-OTHER Bind9 server response self-signed certificate denial of service attempt (server-other.rules)
* 1:38037 <-> DISABLED <-> POLICY-OTHER PDF containing AcroForm key download detected (policy-other.rules) * 1:38044 <-> DISABLED <-> POLICY-OTHER PDF containing AcroForm key download detected (policy-other.rules) * 1:48293 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader RegExp out of bounds read attempt (file-pdf.rules) * 1:59182 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:59183 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:59486 <-> DISABLED <-> SERVER-APACHE Spark RPC authentication bypass attempt (server-apache.rules) * 1:59548 <-> DISABLED <-> FILE-IMAGE ImageMagick GIF comment off-by-one buffer overflow attempt (file-image.rules) * 1:59549 <-> DISABLED <-> FILE-IMAGE ImageMagick GIF comment off-by-one buffer overflow attempt (file-image.rules) * 1:59615 <-> DISABLED <-> SERVER-OTHER Kerberos cross-realm referrals KDC NULL pointer dereference attempt (server-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091801.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:59801 <-> DISABLED <-> SERVER-OTHER Bind9 server response self-signed certificate denial of service attempt (server-other.rules) * 1:59798 <-> DISABLED <-> SERVER-OTHER NetGain Enterprise Manager arbitrary RMI registry insecure deserialization attempt (server-other.rules) * 1:59784 <-> DISABLED <-> FILE-PDF Adobe Acrobat DC memory corruption attempt (file-pdf.rules) * 1:59790 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:59788 <-> DISABLED <-> FILE-OTHER ABB Panel Builder BeModBus CommandLineOptions stack-based buffer overflow attempt (file-other.rules) * 1:59789 <-> DISABLED <-> FILE-OTHER ABB Panel Builder BeModBus CommandLineOptions stack-based buffer overflow attempt (file-other.rules) * 1:59791 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:59792 <-> DISABLED <-> SERVER-OTHER ISC BIND lightweight resolver protocol denial of service (server-other.rules) * 1:59786 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime ftab atom buffer overflow attempt (file-multimedia.rules) * 1:59785 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime ftab atom buffer overflow attempt (file-multimedia.rules) * 1:59793 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:59794 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:59795 <-> DISABLED <-> POLICY-OTHER IBM Data Risk Management administrative login attempt (policy-other.rules) * 1:59796 <-> DISABLED <-> SERVER-WEBAPP Nostromo nhttpd http_header_comp buffer overflow attempt (server-webapp.rules) * 1:59799 <-> DISABLED <-> SERVER-OTHER NetGain Enterprise Manager arbitrary RMI registry insecure deserialization attempt (server-other.rules) * 1:59800 <-> DISABLED <-> SERVER-OTHER Bind9 server response self-signed certificate denial of service attempt (server-other.rules) * 1:59797 <-> DISABLED <-> SERVER-OTHER NetGain Enterprise Manager arbitrary RMI registry insecure deserialization attempt (server-other.rules) * 1:59782 <-> DISABLED <-> PROTOCOL-IMAP Dovecot Pigeonhole string parsing remote code execution attempt (protocol-imap.rules) * 1:59783 <-> DISABLED <-> FILE-PDF Adobe Acrobat DC memory corruption attempt (file-pdf.rules) * 1:59787 <-> DISABLED <-> PROTOCOL-SCADA VIPA Automation WinPLC7 buffer overflow attempt (protocol-scada.rules)
* 1:38044 <-> DISABLED <-> POLICY-OTHER PDF containing AcroForm key download detected (policy-other.rules) * 1:48293 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader RegExp out of bounds read attempt (file-pdf.rules) * 1:38037 <-> DISABLED <-> POLICY-OTHER PDF containing AcroForm key download detected (policy-other.rules) * 1:59182 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:59548 <-> DISABLED <-> FILE-IMAGE ImageMagick GIF comment off-by-one buffer overflow attempt (file-image.rules) * 1:59486 <-> DISABLED <-> SERVER-APACHE Spark RPC authentication bypass attempt (server-apache.rules) * 1:59183 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:59549 <-> DISABLED <-> FILE-IMAGE ImageMagick GIF comment off-by-one buffer overflow attempt (file-image.rules) * 1:59615 <-> DISABLED <-> SERVER-OTHER Kerberos cross-realm referrals KDC NULL pointer dereference attempt (server-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091701.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:59800 <-> DISABLED <-> SERVER-OTHER Bind9 server response self-signed certificate denial of service attempt (server-other.rules) * 1:59796 <-> DISABLED <-> SERVER-WEBAPP Nostromo nhttpd http_header_comp buffer overflow attempt (server-webapp.rules) * 1:59801 <-> DISABLED <-> SERVER-OTHER Bind9 server response self-signed certificate denial of service attempt (server-other.rules) * 1:59795 <-> DISABLED <-> POLICY-OTHER IBM Data Risk Management administrative login attempt (policy-other.rules) * 1:59797 <-> DISABLED <-> SERVER-OTHER NetGain Enterprise Manager arbitrary RMI registry insecure deserialization attempt (server-other.rules) * 1:59798 <-> DISABLED <-> SERVER-OTHER NetGain Enterprise Manager arbitrary RMI registry insecure deserialization attempt (server-other.rules) * 1:59794 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:59799 <-> DISABLED <-> SERVER-OTHER NetGain Enterprise Manager arbitrary RMI registry insecure deserialization attempt (server-other.rules) * 1:59792 <-> DISABLED <-> SERVER-OTHER ISC BIND lightweight resolver protocol denial of service (server-other.rules) * 1:59791 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:59790 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:59783 <-> DISABLED <-> FILE-PDF Adobe Acrobat DC memory corruption attempt (file-pdf.rules) * 1:59782 <-> DISABLED <-> PROTOCOL-IMAP Dovecot Pigeonhole string parsing remote code execution attempt (protocol-imap.rules) * 1:59787 <-> DISABLED <-> PROTOCOL-SCADA VIPA Automation WinPLC7 buffer overflow attempt (protocol-scada.rules) * 1:59784 <-> DISABLED <-> FILE-PDF Adobe Acrobat DC memory corruption attempt (file-pdf.rules) * 1:59785 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime ftab atom buffer overflow attempt (file-multimedia.rules) * 1:59786 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime ftab atom buffer overflow attempt (file-multimedia.rules) * 1:59788 <-> DISABLED <-> FILE-OTHER ABB Panel Builder BeModBus CommandLineOptions stack-based buffer overflow attempt (file-other.rules) * 1:59793 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:59789 <-> DISABLED <-> FILE-OTHER ABB Panel Builder BeModBus CommandLineOptions stack-based buffer overflow attempt (file-other.rules)
* 1:48293 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader RegExp out of bounds read attempt (file-pdf.rules) * 1:59548 <-> DISABLED <-> FILE-IMAGE ImageMagick GIF comment off-by-one buffer overflow attempt (file-image.rules) * 1:59183 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:38037 <-> DISABLED <-> POLICY-OTHER PDF containing AcroForm key download detected (policy-other.rules) * 1:59615 <-> DISABLED <-> SERVER-OTHER Kerberos cross-realm referrals KDC NULL pointer dereference attempt (server-other.rules) * 1:38044 <-> DISABLED <-> POLICY-OTHER PDF containing AcroForm key download detected (policy-other.rules) * 1:59182 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:59486 <-> DISABLED <-> SERVER-APACHE Spark RPC authentication bypass attempt (server-apache.rules) * 1:59549 <-> DISABLED <-> FILE-IMAGE ImageMagick GIF comment off-by-one buffer overflow attempt (file-image.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091700.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:59800 <-> DISABLED <-> SERVER-OTHER Bind9 server response self-signed certificate denial of service attempt (server-other.rules) * 1:59798 <-> DISABLED <-> SERVER-OTHER NetGain Enterprise Manager arbitrary RMI registry insecure deserialization attempt (server-other.rules) * 1:59787 <-> DISABLED <-> PROTOCOL-SCADA VIPA Automation WinPLC7 buffer overflow attempt (protocol-scada.rules) * 1:59801 <-> DISABLED <-> SERVER-OTHER Bind9 server response self-signed certificate denial of service attempt (server-other.rules) * 1:59794 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:59792 <-> DISABLED <-> SERVER-OTHER ISC BIND lightweight resolver protocol denial of service (server-other.rules) * 1:59791 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:59797 <-> DISABLED <-> SERVER-OTHER NetGain Enterprise Manager arbitrary RMI registry insecure deserialization attempt (server-other.rules) * 1:59796 <-> DISABLED <-> SERVER-WEBAPP Nostromo nhttpd http_header_comp buffer overflow attempt (server-webapp.rules) * 1:59789 <-> DISABLED <-> FILE-OTHER ABB Panel Builder BeModBus CommandLineOptions stack-based buffer overflow attempt (file-other.rules) * 1:59783 <-> DISABLED <-> FILE-PDF Adobe Acrobat DC memory corruption attempt (file-pdf.rules) * 1:59790 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:59795 <-> DISABLED <-> POLICY-OTHER IBM Data Risk Management administrative login attempt (policy-other.rules) * 1:59793 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:59799 <-> DISABLED <-> SERVER-OTHER NetGain Enterprise Manager arbitrary RMI registry insecure deserialization attempt (server-other.rules) * 1:59784 <-> DISABLED <-> FILE-PDF Adobe Acrobat DC memory corruption attempt (file-pdf.rules) * 1:59785 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime ftab atom buffer overflow attempt (file-multimedia.rules) * 1:59788 <-> DISABLED <-> FILE-OTHER ABB Panel Builder BeModBus CommandLineOptions stack-based buffer overflow attempt (file-other.rules) * 1:59786 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime ftab atom buffer overflow attempt (file-multimedia.rules) * 1:59782 <-> DISABLED <-> PROTOCOL-IMAP Dovecot Pigeonhole string parsing remote code execution attempt (protocol-imap.rules)
* 1:38037 <-> DISABLED <-> POLICY-OTHER PDF containing AcroForm key download detected (policy-other.rules) * 1:38044 <-> DISABLED <-> POLICY-OTHER PDF containing AcroForm key download detected (policy-other.rules) * 1:48293 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader RegExp out of bounds read attempt (file-pdf.rules) * 1:59182 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:59183 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:59486 <-> DISABLED <-> SERVER-APACHE Spark RPC authentication bypass attempt (server-apache.rules) * 1:59548 <-> DISABLED <-> FILE-IMAGE ImageMagick GIF comment off-by-one buffer overflow attempt (file-image.rules) * 1:59549 <-> DISABLED <-> FILE-IMAGE ImageMagick GIF comment off-by-one buffer overflow attempt (file-image.rules) * 1:59615 <-> DISABLED <-> SERVER-OTHER Kerberos cross-realm referrals KDC NULL pointer dereference attempt (server-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091601.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:59800 <-> DISABLED <-> SERVER-OTHER Bind9 server response self-signed certificate denial of service attempt (server-other.rules) * 1:59790 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:59786 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime ftab atom buffer overflow attempt (file-multimedia.rules) * 1:59801 <-> DISABLED <-> SERVER-OTHER Bind9 server response self-signed certificate denial of service attempt (server-other.rules) * 1:59788 <-> DISABLED <-> FILE-OTHER ABB Panel Builder BeModBus CommandLineOptions stack-based buffer overflow attempt (file-other.rules) * 1:59793 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:59782 <-> DISABLED <-> PROTOCOL-IMAP Dovecot Pigeonhole string parsing remote code execution attempt (protocol-imap.rules) * 1:59783 <-> DISABLED <-> FILE-PDF Adobe Acrobat DC memory corruption attempt (file-pdf.rules) * 1:59784 <-> DISABLED <-> FILE-PDF Adobe Acrobat DC memory corruption attempt (file-pdf.rules) * 1:59799 <-> DISABLED <-> SERVER-OTHER NetGain Enterprise Manager arbitrary RMI registry insecure deserialization attempt (server-other.rules) * 1:59792 <-> DISABLED <-> SERVER-OTHER ISC BIND lightweight resolver protocol denial of service (server-other.rules) * 1:59791 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:59789 <-> DISABLED <-> FILE-OTHER ABB Panel Builder BeModBus CommandLineOptions stack-based buffer overflow attempt (file-other.rules) * 1:59797 <-> DISABLED <-> SERVER-OTHER NetGain Enterprise Manager arbitrary RMI registry insecure deserialization attempt (server-other.rules) * 1:59796 <-> DISABLED <-> SERVER-WEBAPP Nostromo nhttpd http_header_comp buffer overflow attempt (server-webapp.rules) * 1:59795 <-> DISABLED <-> POLICY-OTHER IBM Data Risk Management administrative login attempt (policy-other.rules) * 1:59798 <-> DISABLED <-> SERVER-OTHER NetGain Enterprise Manager arbitrary RMI registry insecure deserialization attempt (server-other.rules) * 1:59785 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime ftab atom buffer overflow attempt (file-multimedia.rules) * 1:59794 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:59787 <-> DISABLED <-> PROTOCOL-SCADA VIPA Automation WinPLC7 buffer overflow attempt (protocol-scada.rules)
* 1:38044 <-> DISABLED <-> POLICY-OTHER PDF containing AcroForm key download detected (policy-other.rules) * 1:59182 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:48293 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader RegExp out of bounds read attempt (file-pdf.rules) * 1:38037 <-> DISABLED <-> POLICY-OTHER PDF containing AcroForm key download detected (policy-other.rules) * 1:59615 <-> DISABLED <-> SERVER-OTHER Kerberos cross-realm referrals KDC NULL pointer dereference attempt (server-other.rules) * 1:59486 <-> DISABLED <-> SERVER-APACHE Spark RPC authentication bypass attempt (server-apache.rules) * 1:59548 <-> DISABLED <-> FILE-IMAGE ImageMagick GIF comment off-by-one buffer overflow attempt (file-image.rules) * 1:59183 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:59549 <-> DISABLED <-> FILE-IMAGE ImageMagick GIF comment off-by-one buffer overflow attempt (file-image.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091600.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:59798 <-> DISABLED <-> SERVER-OTHER NetGain Enterprise Manager arbitrary RMI registry insecure deserialization attempt (server-other.rules) * 1:59794 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:59790 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:59793 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:59786 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime ftab atom buffer overflow attempt (file-multimedia.rules) * 1:59784 <-> DISABLED <-> FILE-PDF Adobe Acrobat DC memory corruption attempt (file-pdf.rules) * 1:59788 <-> DISABLED <-> FILE-OTHER ABB Panel Builder BeModBus CommandLineOptions stack-based buffer overflow attempt (file-other.rules) * 1:59783 <-> DISABLED <-> FILE-PDF Adobe Acrobat DC memory corruption attempt (file-pdf.rules) * 1:59789 <-> DISABLED <-> FILE-OTHER ABB Panel Builder BeModBus CommandLineOptions stack-based buffer overflow attempt (file-other.rules) * 1:59782 <-> DISABLED <-> PROTOCOL-IMAP Dovecot Pigeonhole string parsing remote code execution attempt (protocol-imap.rules) * 1:59792 <-> DISABLED <-> SERVER-OTHER ISC BIND lightweight resolver protocol denial of service (server-other.rules) * 1:59795 <-> DISABLED <-> POLICY-OTHER IBM Data Risk Management administrative login attempt (policy-other.rules) * 1:59799 <-> DISABLED <-> SERVER-OTHER NetGain Enterprise Manager arbitrary RMI registry insecure deserialization attempt (server-other.rules) * 1:59796 <-> DISABLED <-> SERVER-WEBAPP Nostromo nhttpd http_header_comp buffer overflow attempt (server-webapp.rules) * 1:59787 <-> DISABLED <-> PROTOCOL-SCADA VIPA Automation WinPLC7 buffer overflow attempt (protocol-scada.rules) * 1:59785 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime ftab atom buffer overflow attempt (file-multimedia.rules) * 1:59791 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:59800 <-> DISABLED <-> SERVER-OTHER Bind9 server response self-signed certificate denial of service attempt (server-other.rules) * 1:59801 <-> DISABLED <-> SERVER-OTHER Bind9 server response self-signed certificate denial of service attempt (server-other.rules) * 1:59797 <-> DISABLED <-> SERVER-OTHER NetGain Enterprise Manager arbitrary RMI registry insecure deserialization attempt (server-other.rules)
* 1:59615 <-> DISABLED <-> SERVER-OTHER Kerberos cross-realm referrals KDC NULL pointer dereference attempt (server-other.rules) * 1:59183 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:59548 <-> DISABLED <-> FILE-IMAGE ImageMagick GIF comment off-by-one buffer overflow attempt (file-image.rules) * 1:38044 <-> DISABLED <-> POLICY-OTHER PDF containing AcroForm key download detected (policy-other.rules) * 1:48293 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader RegExp out of bounds read attempt (file-pdf.rules) * 1:59486 <-> DISABLED <-> SERVER-APACHE Spark RPC authentication bypass attempt (server-apache.rules) * 1:38037 <-> DISABLED <-> POLICY-OTHER PDF containing AcroForm key download detected (policy-other.rules) * 1:59182 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:59549 <-> DISABLED <-> FILE-IMAGE ImageMagick GIF comment off-by-one buffer overflow attempt (file-image.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091501.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:59790 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:59800 <-> DISABLED <-> SERVER-OTHER Bind9 server response self-signed certificate denial of service attempt (server-other.rules) * 1:59796 <-> DISABLED <-> SERVER-WEBAPP Nostromo nhttpd http_header_comp buffer overflow attempt (server-webapp.rules) * 1:59785 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime ftab atom buffer overflow attempt (file-multimedia.rules) * 1:59794 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:59789 <-> DISABLED <-> FILE-OTHER ABB Panel Builder BeModBus CommandLineOptions stack-based buffer overflow attempt (file-other.rules) * 1:59798 <-> DISABLED <-> SERVER-OTHER NetGain Enterprise Manager arbitrary RMI registry insecure deserialization attempt (server-other.rules) * 1:59799 <-> DISABLED <-> SERVER-OTHER NetGain Enterprise Manager arbitrary RMI registry insecure deserialization attempt (server-other.rules) * 1:59793 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:59782 <-> DISABLED <-> PROTOCOL-IMAP Dovecot Pigeonhole string parsing remote code execution attempt (protocol-imap.rules) * 1:59792 <-> DISABLED <-> SERVER-OTHER ISC BIND lightweight resolver protocol denial of service (server-other.rules) * 1:59797 <-> DISABLED <-> SERVER-OTHER NetGain Enterprise Manager arbitrary RMI registry insecure deserialization attempt (server-other.rules) * 1:59786 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime ftab atom buffer overflow attempt (file-multimedia.rules) * 1:59795 <-> DISABLED <-> POLICY-OTHER IBM Data Risk Management administrative login attempt (policy-other.rules) * 1:59791 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:59787 <-> DISABLED <-> PROTOCOL-SCADA VIPA Automation WinPLC7 buffer overflow attempt (protocol-scada.rules) * 1:59801 <-> DISABLED <-> SERVER-OTHER Bind9 server response self-signed certificate denial of service attempt (server-other.rules) * 1:59783 <-> DISABLED <-> FILE-PDF Adobe Acrobat DC memory corruption attempt (file-pdf.rules) * 1:59788 <-> DISABLED <-> FILE-OTHER ABB Panel Builder BeModBus CommandLineOptions stack-based buffer overflow attempt (file-other.rules) * 1:59784 <-> DISABLED <-> FILE-PDF Adobe Acrobat DC memory corruption attempt (file-pdf.rules)
* 1:59183 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:59182 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:59548 <-> DISABLED <-> FILE-IMAGE ImageMagick GIF comment off-by-one buffer overflow attempt (file-image.rules) * 1:59549 <-> DISABLED <-> FILE-IMAGE ImageMagick GIF comment off-by-one buffer overflow attempt (file-image.rules) * 1:59486 <-> DISABLED <-> SERVER-APACHE Spark RPC authentication bypass attempt (server-apache.rules) * 1:38037 <-> DISABLED <-> POLICY-OTHER PDF containing AcroForm key download detected (policy-other.rules) * 1:38044 <-> DISABLED <-> POLICY-OTHER PDF containing AcroForm key download detected (policy-other.rules) * 1:59615 <-> DISABLED <-> SERVER-OTHER Kerberos cross-realm referrals KDC NULL pointer dereference attempt (server-other.rules) * 1:48293 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader RegExp out of bounds read attempt (file-pdf.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091401.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:59783 <-> DISABLED <-> FILE-PDF Adobe Acrobat DC memory corruption attempt (file-pdf.rules) * 1:59789 <-> DISABLED <-> FILE-OTHER ABB Panel Builder BeModBus CommandLineOptions stack-based buffer overflow attempt (file-other.rules) * 1:59797 <-> DISABLED <-> SERVER-OTHER NetGain Enterprise Manager arbitrary RMI registry insecure deserialization attempt (server-other.rules) * 1:59786 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime ftab atom buffer overflow attempt (file-multimedia.rules) * 1:59798 <-> DISABLED <-> SERVER-OTHER NetGain Enterprise Manager arbitrary RMI registry insecure deserialization attempt (server-other.rules) * 1:59784 <-> DISABLED <-> FILE-PDF Adobe Acrobat DC memory corruption attempt (file-pdf.rules) * 1:59799 <-> DISABLED <-> SERVER-OTHER NetGain Enterprise Manager arbitrary RMI registry insecure deserialization attempt (server-other.rules) * 1:59790 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:59793 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:59785 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime ftab atom buffer overflow attempt (file-multimedia.rules) * 1:59800 <-> DISABLED <-> SERVER-OTHER Bind9 server response self-signed certificate denial of service attempt (server-other.rules) * 1:59788 <-> DISABLED <-> FILE-OTHER ABB Panel Builder BeModBus CommandLineOptions stack-based buffer overflow attempt (file-other.rules) * 1:59782 <-> DISABLED <-> PROTOCOL-IMAP Dovecot Pigeonhole string parsing remote code execution attempt (protocol-imap.rules) * 1:59795 <-> DISABLED <-> POLICY-OTHER IBM Data Risk Management administrative login attempt (policy-other.rules) * 1:59794 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:59787 <-> DISABLED <-> PROTOCOL-SCADA VIPA Automation WinPLC7 buffer overflow attempt (protocol-scada.rules) * 1:59801 <-> DISABLED <-> SERVER-OTHER Bind9 server response self-signed certificate denial of service attempt (server-other.rules) * 1:59792 <-> DISABLED <-> SERVER-OTHER ISC BIND lightweight resolver protocol denial of service (server-other.rules) * 1:59796 <-> DISABLED <-> SERVER-WEBAPP Nostromo nhttpd http_header_comp buffer overflow attempt (server-webapp.rules) * 1:59791 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules)
* 1:59183 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:38037 <-> DISABLED <-> POLICY-OTHER PDF containing AcroForm key download detected (policy-other.rules) * 1:59549 <-> DISABLED <-> FILE-IMAGE ImageMagick GIF comment off-by-one buffer overflow attempt (file-image.rules) * 1:59182 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:38044 <-> DISABLED <-> POLICY-OTHER PDF containing AcroForm key download detected (policy-other.rules) * 1:59615 <-> DISABLED <-> SERVER-OTHER Kerberos cross-realm referrals KDC NULL pointer dereference attempt (server-other.rules) * 1:59486 <-> DISABLED <-> SERVER-APACHE Spark RPC authentication bypass attempt (server-apache.rules) * 1:48293 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader RegExp out of bounds read attempt (file-pdf.rules) * 1:59548 <-> DISABLED <-> FILE-IMAGE ImageMagick GIF comment off-by-one buffer overflow attempt (file-image.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091300.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:59800 <-> DISABLED <-> SERVER-OTHER Bind9 server response self-signed certificate denial of service attempt (server-other.rules) * 1:59785 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime ftab atom buffer overflow attempt (file-multimedia.rules) * 1:59782 <-> DISABLED <-> PROTOCOL-IMAP Dovecot Pigeonhole string parsing remote code execution attempt (protocol-imap.rules) * 1:59786 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime ftab atom buffer overflow attempt (file-multimedia.rules) * 1:59783 <-> DISABLED <-> FILE-PDF Adobe Acrobat DC memory corruption attempt (file-pdf.rules) * 1:59784 <-> DISABLED <-> FILE-PDF Adobe Acrobat DC memory corruption attempt (file-pdf.rules) * 1:59793 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:59788 <-> DISABLED <-> FILE-OTHER ABB Panel Builder BeModBus CommandLineOptions stack-based buffer overflow attempt (file-other.rules) * 1:59791 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:59792 <-> DISABLED <-> SERVER-OTHER ISC BIND lightweight resolver protocol denial of service (server-other.rules) * 1:59787 <-> DISABLED <-> PROTOCOL-SCADA VIPA Automation WinPLC7 buffer overflow attempt (protocol-scada.rules) * 1:59799 <-> DISABLED <-> SERVER-OTHER NetGain Enterprise Manager arbitrary RMI registry insecure deserialization attempt (server-other.rules) * 1:59794 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:59789 <-> DISABLED <-> FILE-OTHER ABB Panel Builder BeModBus CommandLineOptions stack-based buffer overflow attempt (file-other.rules) * 1:59795 <-> DISABLED <-> POLICY-OTHER IBM Data Risk Management administrative login attempt (policy-other.rules) * 1:59796 <-> DISABLED <-> SERVER-WEBAPP Nostromo nhttpd http_header_comp buffer overflow attempt (server-webapp.rules) * 1:59790 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:59797 <-> DISABLED <-> SERVER-OTHER NetGain Enterprise Manager arbitrary RMI registry insecure deserialization attempt (server-other.rules) * 1:59798 <-> DISABLED <-> SERVER-OTHER NetGain Enterprise Manager arbitrary RMI registry insecure deserialization attempt (server-other.rules) * 1:59801 <-> DISABLED <-> SERVER-OTHER Bind9 server response self-signed certificate denial of service attempt (server-other.rules)
* 1:59183 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:59182 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:59549 <-> DISABLED <-> FILE-IMAGE ImageMagick GIF comment off-by-one buffer overflow attempt (file-image.rules) * 1:59615 <-> DISABLED <-> SERVER-OTHER Kerberos cross-realm referrals KDC NULL pointer dereference attempt (server-other.rules) * 1:38037 <-> DISABLED <-> POLICY-OTHER PDF containing AcroForm key download detected (policy-other.rules) * 1:38044 <-> DISABLED <-> POLICY-OTHER PDF containing AcroForm key download detected (policy-other.rules) * 1:48293 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader RegExp out of bounds read attempt (file-pdf.rules) * 1:59548 <-> DISABLED <-> FILE-IMAGE ImageMagick GIF comment off-by-one buffer overflow attempt (file-image.rules) * 1:59486 <-> DISABLED <-> SERVER-APACHE Spark RPC authentication bypass attempt (server-apache.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091101.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:59787 <-> DISABLED <-> PROTOCOL-SCADA VIPA Automation WinPLC7 buffer overflow attempt (protocol-scada.rules) * 1:59800 <-> DISABLED <-> SERVER-OTHER Bind9 server response self-signed certificate denial of service attempt (server-other.rules) * 1:59789 <-> DISABLED <-> FILE-OTHER ABB Panel Builder BeModBus CommandLineOptions stack-based buffer overflow attempt (file-other.rules) * 1:59793 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:59795 <-> DISABLED <-> POLICY-OTHER IBM Data Risk Management administrative login attempt (policy-other.rules) * 1:59790 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:59794 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:59788 <-> DISABLED <-> FILE-OTHER ABB Panel Builder BeModBus CommandLineOptions stack-based buffer overflow attempt (file-other.rules) * 1:59792 <-> DISABLED <-> SERVER-OTHER ISC BIND lightweight resolver protocol denial of service (server-other.rules) * 1:59782 <-> DISABLED <-> PROTOCOL-IMAP Dovecot Pigeonhole string parsing remote code execution attempt (protocol-imap.rules) * 1:59784 <-> DISABLED <-> FILE-PDF Adobe Acrobat DC memory corruption attempt (file-pdf.rules) * 1:59785 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime ftab atom buffer overflow attempt (file-multimedia.rules) * 1:59786 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime ftab atom buffer overflow attempt (file-multimedia.rules) * 1:59797 <-> DISABLED <-> SERVER-OTHER NetGain Enterprise Manager arbitrary RMI registry insecure deserialization attempt (server-other.rules) * 1:59791 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:59799 <-> DISABLED <-> SERVER-OTHER NetGain Enterprise Manager arbitrary RMI registry insecure deserialization attempt (server-other.rules) * 1:59798 <-> DISABLED <-> SERVER-OTHER NetGain Enterprise Manager arbitrary RMI registry insecure deserialization attempt (server-other.rules) * 1:59796 <-> DISABLED <-> SERVER-WEBAPP Nostromo nhttpd http_header_comp buffer overflow attempt (server-webapp.rules) * 1:59801 <-> DISABLED <-> SERVER-OTHER Bind9 server response self-signed certificate denial of service attempt (server-other.rules) * 1:59783 <-> DISABLED <-> FILE-PDF Adobe Acrobat DC memory corruption attempt (file-pdf.rules)
* 1:59615 <-> DISABLED <-> SERVER-OTHER Kerberos cross-realm referrals KDC NULL pointer dereference attempt (server-other.rules) * 1:48293 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader RegExp out of bounds read attempt (file-pdf.rules) * 1:59183 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:38037 <-> DISABLED <-> POLICY-OTHER PDF containing AcroForm key download detected (policy-other.rules) * 1:59548 <-> DISABLED <-> FILE-IMAGE ImageMagick GIF comment off-by-one buffer overflow attempt (file-image.rules) * 1:59486 <-> DISABLED <-> SERVER-APACHE Spark RPC authentication bypass attempt (server-apache.rules) * 1:38044 <-> DISABLED <-> POLICY-OTHER PDF containing AcroForm key download detected (policy-other.rules) * 1:59182 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:59549 <-> DISABLED <-> FILE-IMAGE ImageMagick GIF comment off-by-one buffer overflow attempt (file-image.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3000.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:300166 <-> ENABLED <-> PROTOCOL-SCADA VIPA Automation WinPLC7 buffer overflow attempt (snort3-protocol-scada.rules) * 1:300171 <-> ENABLED <-> POLICY-OTHER IBM Data Risk Management administrative login attempt (snort3-policy-other.rules) * 1:300173 <-> ENABLED <-> SERVER-OTHER NetGain Enterprise Manager arbitrary RMI registry insecure deserialization attempt (snort3-server-other.rules) * 1:300163 <-> ENABLED <-> PROTOCOL-IMAP Dovecot Pigeonhole string parsing remote code execution attempt (snort3-protocol-imap.rules) * 1:300172 <-> ENABLED <-> SERVER-WEBAPP Nostromo nhttpd http_header_comp buffer overflow attempt (snort3-server-webapp.rules) * 1:300177 <-> ENABLED <-> SERVER-OTHER Bind9 server response self-signed certificate denial of service attempt (snort3-server-other.rules) * 1:300175 <-> ENABLED <-> SERVER-OTHER NetGain Enterprise Manager arbitrary RMI registry insecure deserialization attempt (snort3-server-other.rules) * 1:300174 <-> ENABLED <-> SERVER-OTHER NetGain Enterprise Manager arbitrary RMI registry insecure deserialization attempt (snort3-server-other.rules) * 1:300169 <-> ENABLED <-> SERVER-OTHER ISC BIND lightweight resolver protocol denial of service (snort3-server-other.rules) * 1:300176 <-> ENABLED <-> SERVER-OTHER Bind9 server response self-signed certificate denial of service attempt (snort3-server-other.rules)
* 1:59486 <-> ENABLED <-> SERVER-APACHE Spark RPC authentication bypass attempt (snort3-server-apache.rules) * 1:59548 <-> ENABLED <-> FILE-IMAGE ImageMagick GIF comment off-by-one buffer overflow attempt (snort3-file-image.rules) * 1:43677 <-> ENABLED <-> FILE-PDF FreeType PostScript Type1 font parsing memory corruption attempt (snort3-file-pdf.rules) * 1:43676 <-> ENABLED <-> FILE-PDF FreeType PostScript Type1 font parsing memory corruption attempt (snort3-file-pdf.rules) * 1:59549 <-> ENABLED <-> FILE-IMAGE ImageMagick GIF comment off-by-one buffer overflow attempt (snort3-file-image.rules) * 1:59615 <-> ENABLED <-> SERVER-OTHER Kerberos cross-realm referrals KDC NULL pointer dereference attempt (snort3-server-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:59787 <-> DISABLED <-> PROTOCOL-SCADA VIPA Automation WinPLC7 buffer overflow attempt (protocol-scada.rules) * 1:59792 <-> DISABLED <-> SERVER-OTHER ISC BIND lightweight resolver protocol denial of service (server-other.rules) * 1:59788 <-> DISABLED <-> FILE-OTHER ABB Panel Builder BeModBus CommandLineOptions stack-based buffer overflow attempt (file-other.rules) * 1:59796 <-> DISABLED <-> SERVER-WEBAPP Nostromo nhttpd http_header_comp buffer overflow attempt (server-webapp.rules) * 1:59789 <-> DISABLED <-> FILE-OTHER ABB Panel Builder BeModBus CommandLineOptions stack-based buffer overflow attempt (file-other.rules) * 1:59800 <-> DISABLED <-> SERVER-OTHER Bind9 server response self-signed certificate denial of service attempt (server-other.rules) * 1:59791 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:59782 <-> DISABLED <-> PROTOCOL-IMAP Dovecot Pigeonhole string parsing remote code execution attempt (protocol-imap.rules) * 1:59795 <-> DISABLED <-> POLICY-OTHER IBM Data Risk Management administrative login attempt (policy-other.rules) * 1:59785 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime ftab atom buffer overflow attempt (file-multimedia.rules) * 1:59797 <-> DISABLED <-> SERVER-OTHER NetGain Enterprise Manager arbitrary RMI registry insecure deserialization attempt (server-other.rules) * 1:59786 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime ftab atom buffer overflow attempt (file-multimedia.rules) * 1:59798 <-> DISABLED <-> SERVER-OTHER NetGain Enterprise Manager arbitrary RMI registry insecure deserialization attempt (server-other.rules) * 1:59793 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:59799 <-> DISABLED <-> SERVER-OTHER NetGain Enterprise Manager arbitrary RMI registry insecure deserialization attempt (server-other.rules) * 1:59784 <-> DISABLED <-> FILE-PDF Adobe Acrobat DC memory corruption attempt (file-pdf.rules) * 1:59801 <-> DISABLED <-> SERVER-OTHER Bind9 server response self-signed certificate denial of service attempt (server-other.rules) * 1:59790 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:59794 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:59783 <-> DISABLED <-> FILE-PDF Adobe Acrobat DC memory corruption attempt (file-pdf.rules)
* 1:59548 <-> DISABLED <-> FILE-IMAGE ImageMagick GIF comment off-by-one buffer overflow attempt (file-image.rules) * 1:59615 <-> DISABLED <-> SERVER-OTHER Kerberos cross-realm referrals KDC NULL pointer dereference attempt (server-other.rules) * 1:59183 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:48293 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader RegExp out of bounds read attempt (file-pdf.rules) * 1:38044 <-> DISABLED <-> POLICY-OTHER PDF containing AcroForm key download detected (policy-other.rules) * 1:59182 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt (malware-other.rules) * 1:59549 <-> DISABLED <-> FILE-IMAGE ImageMagick GIF comment off-by-one buffer overflow attempt (file-image.rules) * 1:59486 <-> DISABLED <-> SERVER-APACHE Spark RPC authentication bypass attempt (server-apache.rules) * 1:38037 <-> DISABLED <-> POLICY-OTHER PDF containing AcroForm key download detected (policy-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.0.3.1.
The format of the file is:
gid:sid <-> Message
* 1:300163 <-> PROTOCOL-IMAP Dovecot Pigeonhole string parsing remote code execution attempt * 1:300164 <-> FILE-PDF Adobe Acrobat DC memory corruption attempt * 1:300165 <-> FILE-MULTIMEDIA Apple QuickTime ftab atom buffer overflow attempt * 1:300166 <-> PROTOCOL-SCADA VIPA Automation WinPLC7 buffer overflow attempt * 1:300167 <-> FILE-OTHER ABB Panel Builder BeModBus CommandLineOptions stack-based buffer overflow attempt * 1:300168 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:300169 <-> SERVER-OTHER ISC BIND lightweight resolver protocol denial of service * 1:300170 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:300171 <-> POLICY-OTHER IBM Data Risk Management administrative login attempt * 1:300172 <-> SERVER-WEBAPP Nostromo nhttpd http_header_comp buffer overflow attempt * 1:300173 <-> SERVER-OTHER NetGain Enterprise Manager arbitrary RMI registry insecure deserialization attempt * 1:300174 <-> SERVER-OTHER NetGain Enterprise Manager arbitrary RMI registry insecure deserialization attempt * 1:300175 <-> SERVER-OTHER NetGain Enterprise Manager arbitrary RMI registry insecure deserialization attempt * 1:300176 <-> SERVER-OTHER Bind9 server response self-signed certificate denial of service attempt * 1:300177 <-> SERVER-OTHER Bind9 server response self-signed certificate denial of service attempt * 3:59646 <-> SERVER-OTHER OpenSSL X509_cmp_time out of bounds read attempt
* 1:300076 <-> SERVER-OTHER EMC Data Protection Advisor default credential attempt * 1:300077 <-> SERVER-OTHER EMC Data Protection Advisor default credential attempt * 1:300078 <-> SERVER-OTHER EMC Data Protection Advisor default credential attempt * 1:43676 <-> FILE-PDF FreeType PostScript Type1 font parsing memory corruption attempt * 1:43677 <-> FILE-PDF FreeType PostScript Type1 font parsing memory corruption attempt * 1:59486 <-> SERVER-APACHE Spark RPC authentication bypass attempt * 1:59548 <-> FILE-IMAGE ImageMagick GIF comment off-by-one buffer overflow attempt * 1:59549 <-> FILE-IMAGE ImageMagick GIF comment off-by-one buffer overflow attempt * 1:59615 <-> SERVER-OTHER Kerberos cross-realm referrals KDC NULL pointer dereference attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.0.3.4.
The format of the file is:
gid:sid <-> Message
* 1:300163 <-> PROTOCOL-IMAP Dovecot Pigeonhole string parsing remote code execution attempt * 1:300164 <-> FILE-PDF Adobe Acrobat DC memory corruption attempt * 1:300165 <-> FILE-MULTIMEDIA Apple QuickTime ftab atom buffer overflow attempt * 1:300166 <-> PROTOCOL-SCADA VIPA Automation WinPLC7 buffer overflow attempt * 1:300167 <-> FILE-OTHER ABB Panel Builder BeModBus CommandLineOptions stack-based buffer overflow attempt * 1:300168 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:300169 <-> SERVER-OTHER ISC BIND lightweight resolver protocol denial of service * 1:300170 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:300171 <-> POLICY-OTHER IBM Data Risk Management administrative login attempt * 1:300172 <-> SERVER-WEBAPP Nostromo nhttpd http_header_comp buffer overflow attempt * 1:300173 <-> SERVER-OTHER NetGain Enterprise Manager arbitrary RMI registry insecure deserialization attempt * 1:300174 <-> SERVER-OTHER NetGain Enterprise Manager arbitrary RMI registry insecure deserialization attempt * 1:300175 <-> SERVER-OTHER NetGain Enterprise Manager arbitrary RMI registry insecure deserialization attempt * 1:300176 <-> SERVER-OTHER Bind9 server response self-signed certificate denial of service attempt * 1:300177 <-> SERVER-OTHER Bind9 server response self-signed certificate denial of service attempt * 3:59646 <-> SERVER-OTHER OpenSSL X509_cmp_time out of bounds read attempt
* 1:300076 <-> SERVER-OTHER EMC Data Protection Advisor default credential attempt * 1:300077 <-> SERVER-OTHER EMC Data Protection Advisor default credential attempt * 1:300078 <-> SERVER-OTHER EMC Data Protection Advisor default credential attempt * 1:43676 <-> FILE-PDF FreeType PostScript Type1 font parsing memory corruption attempt * 1:43677 <-> FILE-PDF FreeType PostScript Type1 font parsing memory corruption attempt * 1:59486 <-> SERVER-APACHE Spark RPC authentication bypass attempt * 1:59548 <-> FILE-IMAGE ImageMagick GIF comment off-by-one buffer overflow attempt * 1:59549 <-> FILE-IMAGE ImageMagick GIF comment off-by-one buffer overflow attempt * 1:59615 <-> SERVER-OTHER Kerberos cross-realm referrals KDC NULL pointer dereference attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.0.0.
The format of the file is:
gid:sid <-> Message
* 1:300163 <-> PROTOCOL-IMAP Dovecot Pigeonhole string parsing remote code execution attempt * 1:300164 <-> FILE-PDF Adobe Acrobat DC memory corruption attempt * 1:300165 <-> FILE-MULTIMEDIA Apple QuickTime ftab atom buffer overflow attempt * 1:300166 <-> PROTOCOL-SCADA VIPA Automation WinPLC7 buffer overflow attempt * 1:300167 <-> FILE-OTHER ABB Panel Builder BeModBus CommandLineOptions stack-based buffer overflow attempt * 1:300168 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:300169 <-> SERVER-OTHER ISC BIND lightweight resolver protocol denial of service * 1:300170 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:300171 <-> POLICY-OTHER IBM Data Risk Management administrative login attempt * 1:300172 <-> SERVER-WEBAPP Nostromo nhttpd http_header_comp buffer overflow attempt * 1:300173 <-> SERVER-OTHER NetGain Enterprise Manager arbitrary RMI registry insecure deserialization attempt * 1:300174 <-> SERVER-OTHER NetGain Enterprise Manager arbitrary RMI registry insecure deserialization attempt * 1:300175 <-> SERVER-OTHER NetGain Enterprise Manager arbitrary RMI registry insecure deserialization attempt * 1:300176 <-> SERVER-OTHER Bind9 server response self-signed certificate denial of service attempt * 1:300177 <-> SERVER-OTHER Bind9 server response self-signed certificate denial of service attempt * 3:59646 <-> SERVER-OTHER OpenSSL X509_cmp_time out of bounds read attempt
* 1:300076 <-> SERVER-OTHER EMC Data Protection Advisor default credential attempt * 1:300077 <-> SERVER-OTHER EMC Data Protection Advisor default credential attempt * 1:300078 <-> SERVER-OTHER EMC Data Protection Advisor default credential attempt * 1:43676 <-> FILE-PDF FreeType PostScript Type1 font parsing memory corruption attempt * 1:43677 <-> FILE-PDF FreeType PostScript Type1 font parsing memory corruption attempt * 1:59486 <-> SERVER-APACHE Spark RPC authentication bypass attempt * 1:59548 <-> FILE-IMAGE ImageMagick GIF comment off-by-one buffer overflow attempt * 1:59549 <-> FILE-IMAGE ImageMagick GIF comment off-by-one buffer overflow attempt * 1:59615 <-> SERVER-OTHER Kerberos cross-realm referrals KDC NULL pointer dereference attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.0.1.
The format of the file is:
gid:sid <-> Message
* 1:300163 <-> PROTOCOL-IMAP Dovecot Pigeonhole string parsing remote code execution attempt * 1:300164 <-> FILE-PDF Adobe Acrobat DC memory corruption attempt * 1:300165 <-> FILE-MULTIMEDIA Apple QuickTime ftab atom buffer overflow attempt * 1:300166 <-> PROTOCOL-SCADA VIPA Automation WinPLC7 buffer overflow attempt * 1:300167 <-> FILE-OTHER ABB Panel Builder BeModBus CommandLineOptions stack-based buffer overflow attempt * 1:300168 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:300169 <-> SERVER-OTHER ISC BIND lightweight resolver protocol denial of service * 1:300170 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:300171 <-> POLICY-OTHER IBM Data Risk Management administrative login attempt * 1:300172 <-> SERVER-WEBAPP Nostromo nhttpd http_header_comp buffer overflow attempt * 1:300173 <-> SERVER-OTHER NetGain Enterprise Manager arbitrary RMI registry insecure deserialization attempt * 1:300174 <-> SERVER-OTHER NetGain Enterprise Manager arbitrary RMI registry insecure deserialization attempt * 1:300175 <-> SERVER-OTHER NetGain Enterprise Manager arbitrary RMI registry insecure deserialization attempt * 1:300176 <-> SERVER-OTHER Bind9 server response self-signed certificate denial of service attempt * 1:300177 <-> SERVER-OTHER Bind9 server response self-signed certificate denial of service attempt * 3:59646 <-> SERVER-OTHER OpenSSL X509_cmp_time out of bounds read attempt
* 1:300076 <-> SERVER-OTHER EMC Data Protection Advisor default credential attempt * 1:300077 <-> SERVER-OTHER EMC Data Protection Advisor default credential attempt * 1:300078 <-> SERVER-OTHER EMC Data Protection Advisor default credential attempt * 1:43676 <-> FILE-PDF FreeType PostScript Type1 font parsing memory corruption attempt * 1:43677 <-> FILE-PDF FreeType PostScript Type1 font parsing memory corruption attempt * 1:59486 <-> SERVER-APACHE Spark RPC authentication bypass attempt * 1:59548 <-> FILE-IMAGE ImageMagick GIF comment off-by-one buffer overflow attempt * 1:59549 <-> FILE-IMAGE ImageMagick GIF comment off-by-one buffer overflow attempt * 1:59615 <-> SERVER-OTHER Kerberos cross-realm referrals KDC NULL pointer dereference attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.1.0.
The format of the file is:
gid:sid <-> Message
* 1:300163 <-> PROTOCOL-IMAP Dovecot Pigeonhole string parsing remote code execution attempt * 1:300164 <-> FILE-PDF Adobe Acrobat DC memory corruption attempt * 1:300165 <-> FILE-MULTIMEDIA Apple QuickTime ftab atom buffer overflow attempt * 1:300166 <-> PROTOCOL-SCADA VIPA Automation WinPLC7 buffer overflow attempt * 1:300167 <-> FILE-OTHER ABB Panel Builder BeModBus CommandLineOptions stack-based buffer overflow attempt * 1:300168 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:300169 <-> SERVER-OTHER ISC BIND lightweight resolver protocol denial of service * 1:300170 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:300171 <-> POLICY-OTHER IBM Data Risk Management administrative login attempt * 1:300172 <-> SERVER-WEBAPP Nostromo nhttpd http_header_comp buffer overflow attempt * 1:300173 <-> SERVER-OTHER NetGain Enterprise Manager arbitrary RMI registry insecure deserialization attempt * 1:300174 <-> SERVER-OTHER NetGain Enterprise Manager arbitrary RMI registry insecure deserialization attempt * 1:300175 <-> SERVER-OTHER NetGain Enterprise Manager arbitrary RMI registry insecure deserialization attempt * 1:300176 <-> SERVER-OTHER Bind9 server response self-signed certificate denial of service attempt * 1:300177 <-> SERVER-OTHER Bind9 server response self-signed certificate denial of service attempt * 3:59646 <-> SERVER-OTHER OpenSSL X509_cmp_time out of bounds read attempt
* 1:300076 <-> SERVER-OTHER EMC Data Protection Advisor default credential attempt * 1:300077 <-> SERVER-OTHER EMC Data Protection Advisor default credential attempt * 1:300078 <-> SERVER-OTHER EMC Data Protection Advisor default credential attempt * 1:43676 <-> FILE-PDF FreeType PostScript Type1 font parsing memory corruption attempt * 1:43677 <-> FILE-PDF FreeType PostScript Type1 font parsing memory corruption attempt * 1:59486 <-> SERVER-APACHE Spark RPC authentication bypass attempt * 1:59548 <-> FILE-IMAGE ImageMagick GIF comment off-by-one buffer overflow attempt * 1:59549 <-> FILE-IMAGE ImageMagick GIF comment off-by-one buffer overflow attempt * 1:59615 <-> SERVER-OTHER Kerberos cross-realm referrals KDC NULL pointer dereference attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.3.0.
The format of the file is:
gid:sid <-> Message
* 1:300163 <-> PROTOCOL-IMAP Dovecot Pigeonhole string parsing remote code execution attempt * 1:300164 <-> FILE-PDF Adobe Acrobat DC memory corruption attempt * 1:300165 <-> FILE-MULTIMEDIA Apple QuickTime ftab atom buffer overflow attempt * 1:300166 <-> PROTOCOL-SCADA VIPA Automation WinPLC7 buffer overflow attempt * 1:300167 <-> FILE-OTHER ABB Panel Builder BeModBus CommandLineOptions stack-based buffer overflow attempt * 1:300168 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:300169 <-> SERVER-OTHER ISC BIND lightweight resolver protocol denial of service * 1:300170 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:300171 <-> POLICY-OTHER IBM Data Risk Management administrative login attempt * 1:300172 <-> SERVER-WEBAPP Nostromo nhttpd http_header_comp buffer overflow attempt * 1:300173 <-> SERVER-OTHER NetGain Enterprise Manager arbitrary RMI registry insecure deserialization attempt * 1:300174 <-> SERVER-OTHER NetGain Enterprise Manager arbitrary RMI registry insecure deserialization attempt * 1:300175 <-> SERVER-OTHER NetGain Enterprise Manager arbitrary RMI registry insecure deserialization attempt * 1:300176 <-> SERVER-OTHER Bind9 server response self-signed certificate denial of service attempt * 1:300177 <-> SERVER-OTHER Bind9 server response self-signed certificate denial of service attempt * 3:59646 <-> SERVER-OTHER OpenSSL X509_cmp_time out of bounds read attempt
* 1:300076 <-> SERVER-OTHER EMC Data Protection Advisor default credential attempt * 1:300077 <-> SERVER-OTHER EMC Data Protection Advisor default credential attempt * 1:300078 <-> SERVER-OTHER EMC Data Protection Advisor default credential attempt * 1:43676 <-> FILE-PDF FreeType PostScript Type1 font parsing memory corruption attempt * 1:43677 <-> FILE-PDF FreeType PostScript Type1 font parsing memory corruption attempt * 1:59486 <-> SERVER-APACHE Spark RPC authentication bypass attempt * 1:59548 <-> FILE-IMAGE ImageMagick GIF comment off-by-one buffer overflow attempt * 1:59549 <-> FILE-IMAGE ImageMagick GIF comment off-by-one buffer overflow attempt * 1:59615 <-> SERVER-OTHER Kerberos cross-realm referrals KDC NULL pointer dereference attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.4.0.
The format of the file is:
gid:sid <-> Message
* 1:300163 <-> PROTOCOL-IMAP Dovecot Pigeonhole string parsing remote code execution attempt * 1:300164 <-> FILE-PDF Adobe Acrobat DC memory corruption attempt * 1:300165 <-> FILE-MULTIMEDIA Apple QuickTime ftab atom buffer overflow attempt * 1:300166 <-> PROTOCOL-SCADA VIPA Automation WinPLC7 buffer overflow attempt * 1:300167 <-> FILE-OTHER ABB Panel Builder BeModBus CommandLineOptions stack-based buffer overflow attempt * 1:300168 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:300169 <-> SERVER-OTHER ISC BIND lightweight resolver protocol denial of service * 1:300170 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:300171 <-> POLICY-OTHER IBM Data Risk Management administrative login attempt * 1:300172 <-> SERVER-WEBAPP Nostromo nhttpd http_header_comp buffer overflow attempt * 1:300173 <-> SERVER-OTHER NetGain Enterprise Manager arbitrary RMI registry insecure deserialization attempt * 1:300174 <-> SERVER-OTHER NetGain Enterprise Manager arbitrary RMI registry insecure deserialization attempt * 1:300175 <-> SERVER-OTHER NetGain Enterprise Manager arbitrary RMI registry insecure deserialization attempt * 1:300176 <-> SERVER-OTHER Bind9 server response self-signed certificate denial of service attempt * 1:300177 <-> SERVER-OTHER Bind9 server response self-signed certificate denial of service attempt * 3:59646 <-> SERVER-OTHER OpenSSL X509_cmp_time out of bounds read attempt
* 1:300076 <-> SERVER-OTHER EMC Data Protection Advisor default credential attempt * 1:300077 <-> SERVER-OTHER EMC Data Protection Advisor default credential attempt * 1:300078 <-> SERVER-OTHER EMC Data Protection Advisor default credential attempt * 1:43676 <-> FILE-PDF FreeType PostScript Type1 font parsing memory corruption attempt * 1:43677 <-> FILE-PDF FreeType PostScript Type1 font parsing memory corruption attempt * 1:59486 <-> SERVER-APACHE Spark RPC authentication bypass attempt * 1:59548 <-> FILE-IMAGE ImageMagick GIF comment off-by-one buffer overflow attempt * 1:59549 <-> FILE-IMAGE ImageMagick GIF comment off-by-one buffer overflow attempt * 1:59615 <-> SERVER-OTHER Kerberos cross-realm referrals KDC NULL pointer dereference attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.5.0.
The format of the file is:
gid:sid <-> Message
* 1:300163 <-> PROTOCOL-IMAP Dovecot Pigeonhole string parsing remote code execution attempt * 1:300164 <-> FILE-PDF Adobe Acrobat DC memory corruption attempt * 1:300165 <-> FILE-MULTIMEDIA Apple QuickTime ftab atom buffer overflow attempt * 1:300166 <-> PROTOCOL-SCADA VIPA Automation WinPLC7 buffer overflow attempt * 1:300167 <-> FILE-OTHER ABB Panel Builder BeModBus CommandLineOptions stack-based buffer overflow attempt * 1:300168 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:300169 <-> SERVER-OTHER ISC BIND lightweight resolver protocol denial of service * 1:300170 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:300171 <-> POLICY-OTHER IBM Data Risk Management administrative login attempt * 1:300172 <-> SERVER-WEBAPP Nostromo nhttpd http_header_comp buffer overflow attempt * 1:300173 <-> SERVER-OTHER NetGain Enterprise Manager arbitrary RMI registry insecure deserialization attempt * 1:300174 <-> SERVER-OTHER NetGain Enterprise Manager arbitrary RMI registry insecure deserialization attempt * 1:300175 <-> SERVER-OTHER NetGain Enterprise Manager arbitrary RMI registry insecure deserialization attempt * 1:300176 <-> SERVER-OTHER Bind9 server response self-signed certificate denial of service attempt * 1:300177 <-> SERVER-OTHER Bind9 server response self-signed certificate denial of service attempt * 3:59646 <-> SERVER-OTHER OpenSSL X509_cmp_time out of bounds read attempt
* 1:300076 <-> SERVER-OTHER EMC Data Protection Advisor default credential attempt * 1:300077 <-> SERVER-OTHER EMC Data Protection Advisor default credential attempt * 1:300078 <-> SERVER-OTHER EMC Data Protection Advisor default credential attempt * 1:43676 <-> FILE-PDF FreeType PostScript Type1 font parsing memory corruption attempt * 1:43677 <-> FILE-PDF FreeType PostScript Type1 font parsing memory corruption attempt * 1:59486 <-> SERVER-APACHE Spark RPC authentication bypass attempt * 1:59548 <-> FILE-IMAGE ImageMagick GIF comment off-by-one buffer overflow attempt * 1:59549 <-> FILE-IMAGE ImageMagick GIF comment off-by-one buffer overflow attempt * 1:59615 <-> SERVER-OTHER Kerberos cross-realm referrals KDC NULL pointer dereference attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.7.0.
The format of the file is:
gid:sid <-> Message
* 1:300163 <-> PROTOCOL-IMAP Dovecot Pigeonhole string parsing remote code execution attempt * 1:300164 <-> FILE-PDF Adobe Acrobat DC memory corruption attempt * 1:300165 <-> FILE-MULTIMEDIA Apple QuickTime ftab atom buffer overflow attempt * 1:300166 <-> PROTOCOL-SCADA VIPA Automation WinPLC7 buffer overflow attempt * 1:300167 <-> FILE-OTHER ABB Panel Builder BeModBus CommandLineOptions stack-based buffer overflow attempt * 1:300168 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:300169 <-> SERVER-OTHER ISC BIND lightweight resolver protocol denial of service * 1:300170 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:300171 <-> POLICY-OTHER IBM Data Risk Management administrative login attempt * 1:300172 <-> SERVER-WEBAPP Nostromo nhttpd http_header_comp buffer overflow attempt * 1:300173 <-> SERVER-OTHER NetGain Enterprise Manager arbitrary RMI registry insecure deserialization attempt * 1:300174 <-> SERVER-OTHER NetGain Enterprise Manager arbitrary RMI registry insecure deserialization attempt * 1:300175 <-> SERVER-OTHER NetGain Enterprise Manager arbitrary RMI registry insecure deserialization attempt * 1:300176 <-> SERVER-OTHER Bind9 server response self-signed certificate denial of service attempt * 1:300177 <-> SERVER-OTHER Bind9 server response self-signed certificate denial of service attempt * 3:59646 <-> SERVER-OTHER OpenSSL X509_cmp_time out of bounds read attempt
* 1:300076 <-> SERVER-OTHER EMC Data Protection Advisor default credential attempt * 1:300077 <-> SERVER-OTHER EMC Data Protection Advisor default credential attempt * 1:300078 <-> SERVER-OTHER EMC Data Protection Advisor default credential attempt * 1:43676 <-> FILE-PDF FreeType PostScript Type1 font parsing memory corruption attempt * 1:43677 <-> FILE-PDF FreeType PostScript Type1 font parsing memory corruption attempt * 1:59486 <-> SERVER-APACHE Spark RPC authentication bypass attempt * 1:59548 <-> FILE-IMAGE ImageMagick GIF comment off-by-one buffer overflow attempt * 1:59549 <-> FILE-IMAGE ImageMagick GIF comment off-by-one buffer overflow attempt * 1:59615 <-> SERVER-OTHER Kerberos cross-realm referrals KDC NULL pointer dereference attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.9.0.
The format of the file is:
gid:sid <-> Message
* 1:300163 <-> PROTOCOL-IMAP Dovecot Pigeonhole string parsing remote code execution attempt * 1:300164 <-> FILE-PDF Adobe Acrobat DC memory corruption attempt * 1:300165 <-> FILE-MULTIMEDIA Apple QuickTime ftab atom buffer overflow attempt * 1:300166 <-> PROTOCOL-SCADA VIPA Automation WinPLC7 buffer overflow attempt * 1:300167 <-> FILE-OTHER ABB Panel Builder BeModBus CommandLineOptions stack-based buffer overflow attempt * 1:300168 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:300169 <-> SERVER-OTHER ISC BIND lightweight resolver protocol denial of service * 1:300170 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:300171 <-> POLICY-OTHER IBM Data Risk Management administrative login attempt * 1:300172 <-> SERVER-WEBAPP Nostromo nhttpd http_header_comp buffer overflow attempt * 1:300173 <-> SERVER-OTHER NetGain Enterprise Manager arbitrary RMI registry insecure deserialization attempt * 1:300174 <-> SERVER-OTHER NetGain Enterprise Manager arbitrary RMI registry insecure deserialization attempt * 1:300175 <-> SERVER-OTHER NetGain Enterprise Manager arbitrary RMI registry insecure deserialization attempt * 1:300176 <-> SERVER-OTHER Bind9 server response self-signed certificate denial of service attempt * 1:300177 <-> SERVER-OTHER Bind9 server response self-signed certificate denial of service attempt * 3:59646 <-> SERVER-OTHER OpenSSL X509_cmp_time out of bounds read attempt
* 1:300076 <-> SERVER-OTHER EMC Data Protection Advisor default credential attempt * 1:300077 <-> SERVER-OTHER EMC Data Protection Advisor default credential attempt * 1:300078 <-> SERVER-OTHER EMC Data Protection Advisor default credential attempt * 1:43676 <-> FILE-PDF FreeType PostScript Type1 font parsing memory corruption attempt * 1:43677 <-> FILE-PDF FreeType PostScript Type1 font parsing memory corruption attempt * 1:59486 <-> SERVER-APACHE Spark RPC authentication bypass attempt * 1:59548 <-> FILE-IMAGE ImageMagick GIF comment off-by-one buffer overflow attempt * 1:59549 <-> FILE-IMAGE ImageMagick GIF comment off-by-one buffer overflow attempt * 1:59615 <-> SERVER-OTHER Kerberos cross-realm referrals KDC NULL pointer dereference attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.11.0.
The format of the file is:
gid:sid <-> Message
* 1:300163 <-> PROTOCOL-IMAP Dovecot Pigeonhole string parsing remote code execution attempt * 1:300164 <-> FILE-PDF Adobe Acrobat DC memory corruption attempt * 1:300165 <-> FILE-MULTIMEDIA Apple QuickTime ftab atom buffer overflow attempt * 1:300166 <-> PROTOCOL-SCADA VIPA Automation WinPLC7 buffer overflow attempt * 1:300167 <-> FILE-OTHER ABB Panel Builder BeModBus CommandLineOptions stack-based buffer overflow attempt * 1:300168 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:300169 <-> SERVER-OTHER ISC BIND lightweight resolver protocol denial of service * 1:300170 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:300171 <-> POLICY-OTHER IBM Data Risk Management administrative login attempt * 1:300172 <-> SERVER-WEBAPP Nostromo nhttpd http_header_comp buffer overflow attempt * 1:300173 <-> SERVER-OTHER NetGain Enterprise Manager arbitrary RMI registry insecure deserialization attempt * 1:300174 <-> SERVER-OTHER NetGain Enterprise Manager arbitrary RMI registry insecure deserialization attempt * 1:300175 <-> SERVER-OTHER NetGain Enterprise Manager arbitrary RMI registry insecure deserialization attempt * 1:300176 <-> SERVER-OTHER Bind9 server response self-signed certificate denial of service attempt * 1:300177 <-> SERVER-OTHER Bind9 server response self-signed certificate denial of service attempt * 3:59646 <-> SERVER-OTHER OpenSSL X509_cmp_time out of bounds read attempt
* 1:300076 <-> SERVER-OTHER EMC Data Protection Advisor default credential attempt * 1:300077 <-> SERVER-OTHER EMC Data Protection Advisor default credential attempt * 1:300078 <-> SERVER-OTHER EMC Data Protection Advisor default credential attempt * 1:43676 <-> FILE-PDF FreeType PostScript Type1 font parsing memory corruption attempt * 1:43677 <-> FILE-PDF FreeType PostScript Type1 font parsing memory corruption attempt * 1:59486 <-> SERVER-APACHE Spark RPC authentication bypass attempt * 1:59548 <-> FILE-IMAGE ImageMagick GIF comment off-by-one buffer overflow attempt * 1:59549 <-> FILE-IMAGE ImageMagick GIF comment off-by-one buffer overflow attempt * 1:59615 <-> SERVER-OTHER Kerberos cross-realm referrals KDC NULL pointer dereference attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.15.0.
The format of the file is:
gid:sid <-> Message
* 1:300163 <-> PROTOCOL-IMAP Dovecot Pigeonhole string parsing remote code execution attempt * 1:300164 <-> FILE-PDF Adobe Acrobat DC memory corruption attempt * 1:300165 <-> FILE-MULTIMEDIA Apple QuickTime ftab atom buffer overflow attempt * 1:300166 <-> PROTOCOL-SCADA VIPA Automation WinPLC7 buffer overflow attempt * 1:300167 <-> FILE-OTHER ABB Panel Builder BeModBus CommandLineOptions stack-based buffer overflow attempt * 1:300168 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:300169 <-> SERVER-OTHER ISC BIND lightweight resolver protocol denial of service * 1:300170 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:300171 <-> POLICY-OTHER IBM Data Risk Management administrative login attempt * 1:300172 <-> SERVER-WEBAPP Nostromo nhttpd http_header_comp buffer overflow attempt * 1:300173 <-> SERVER-OTHER NetGain Enterprise Manager arbitrary RMI registry insecure deserialization attempt * 1:300174 <-> SERVER-OTHER NetGain Enterprise Manager arbitrary RMI registry insecure deserialization attempt * 1:300175 <-> SERVER-OTHER NetGain Enterprise Manager arbitrary RMI registry insecure deserialization attempt * 1:300176 <-> SERVER-OTHER Bind9 server response self-signed certificate denial of service attempt * 1:300177 <-> SERVER-OTHER Bind9 server response self-signed certificate denial of service attempt * 3:59646 <-> SERVER-OTHER OpenSSL X509_cmp_time out of bounds read attempt
* 1:300076 <-> SERVER-OTHER EMC Data Protection Advisor default credential attempt * 1:300077 <-> SERVER-OTHER EMC Data Protection Advisor default credential attempt * 1:300078 <-> SERVER-OTHER EMC Data Protection Advisor default credential attempt * 1:43676 <-> FILE-PDF FreeType PostScript Type1 font parsing memory corruption attempt * 1:43677 <-> FILE-PDF FreeType PostScript Type1 font parsing memory corruption attempt * 1:59486 <-> SERVER-APACHE Spark RPC authentication bypass attempt * 1:59548 <-> FILE-IMAGE ImageMagick GIF comment off-by-one buffer overflow attempt * 1:59549 <-> FILE-IMAGE ImageMagick GIF comment off-by-one buffer overflow attempt * 1:59615 <-> SERVER-OTHER Kerberos cross-realm referrals KDC NULL pointer dereference attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.18.0.
The format of the file is:
gid:sid <-> Message
* 1:300163 <-> PROTOCOL-IMAP Dovecot Pigeonhole string parsing remote code execution attempt * 1:300164 <-> FILE-PDF Adobe Acrobat DC memory corruption attempt * 1:300165 <-> FILE-MULTIMEDIA Apple QuickTime ftab atom buffer overflow attempt * 1:300166 <-> PROTOCOL-SCADA VIPA Automation WinPLC7 buffer overflow attempt * 1:300167 <-> FILE-OTHER ABB Panel Builder BeModBus CommandLineOptions stack-based buffer overflow attempt * 1:300168 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:300169 <-> SERVER-OTHER ISC BIND lightweight resolver protocol denial of service * 1:300170 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:300171 <-> POLICY-OTHER IBM Data Risk Management administrative login attempt * 1:300172 <-> SERVER-WEBAPP Nostromo nhttpd http_header_comp buffer overflow attempt * 1:300173 <-> SERVER-OTHER NetGain Enterprise Manager arbitrary RMI registry insecure deserialization attempt * 1:300174 <-> SERVER-OTHER NetGain Enterprise Manager arbitrary RMI registry insecure deserialization attempt * 1:300175 <-> SERVER-OTHER NetGain Enterprise Manager arbitrary RMI registry insecure deserialization attempt * 1:300176 <-> SERVER-OTHER Bind9 server response self-signed certificate denial of service attempt * 1:300177 <-> SERVER-OTHER Bind9 server response self-signed certificate denial of service attempt * 3:59646 <-> SERVER-OTHER OpenSSL X509_cmp_time out of bounds read attempt
* 1:300076 <-> SERVER-OTHER EMC Data Protection Advisor default credential attempt * 1:300077 <-> SERVER-OTHER EMC Data Protection Advisor default credential attempt * 1:300078 <-> SERVER-OTHER EMC Data Protection Advisor default credential attempt * 1:43676 <-> FILE-PDF FreeType PostScript Type1 font parsing memory corruption attempt * 1:43677 <-> FILE-PDF FreeType PostScript Type1 font parsing memory corruption attempt * 1:59486 <-> SERVER-APACHE Spark RPC authentication bypass attempt * 1:59548 <-> FILE-IMAGE ImageMagick GIF comment off-by-one buffer overflow attempt * 1:59549 <-> FILE-IMAGE ImageMagick GIF comment off-by-one buffer overflow attempt * 1:59615 <-> SERVER-OTHER Kerberos cross-realm referrals KDC NULL pointer dereference attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.20.0.
The format of the file is:
gid:sid <-> Message
* 1:300163 <-> PROTOCOL-IMAP Dovecot Pigeonhole string parsing remote code execution attempt * 1:300164 <-> FILE-PDF Adobe Acrobat DC memory corruption attempt * 1:300165 <-> FILE-MULTIMEDIA Apple QuickTime ftab atom buffer overflow attempt * 1:300166 <-> PROTOCOL-SCADA VIPA Automation WinPLC7 buffer overflow attempt * 1:300167 <-> FILE-OTHER ABB Panel Builder BeModBus CommandLineOptions stack-based buffer overflow attempt * 1:300168 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:300169 <-> SERVER-OTHER ISC BIND lightweight resolver protocol denial of service * 1:300170 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:300171 <-> POLICY-OTHER IBM Data Risk Management administrative login attempt * 1:300172 <-> SERVER-WEBAPP Nostromo nhttpd http_header_comp buffer overflow attempt * 1:300173 <-> SERVER-OTHER NetGain Enterprise Manager arbitrary RMI registry insecure deserialization attempt * 1:300174 <-> SERVER-OTHER NetGain Enterprise Manager arbitrary RMI registry insecure deserialization attempt * 1:300175 <-> SERVER-OTHER NetGain Enterprise Manager arbitrary RMI registry insecure deserialization attempt * 1:300176 <-> SERVER-OTHER Bind9 server response self-signed certificate denial of service attempt * 1:300177 <-> SERVER-OTHER Bind9 server response self-signed certificate denial of service attempt * 3:59646 <-> SERVER-OTHER OpenSSL X509_cmp_time out of bounds read attempt
* 1:300076 <-> SERVER-OTHER EMC Data Protection Advisor default credential attempt * 1:300077 <-> SERVER-OTHER EMC Data Protection Advisor default credential attempt * 1:300078 <-> SERVER-OTHER EMC Data Protection Advisor default credential attempt * 1:43676 <-> FILE-PDF FreeType PostScript Type1 font parsing memory corruption attempt * 1:43677 <-> FILE-PDF FreeType PostScript Type1 font parsing memory corruption attempt * 1:59486 <-> SERVER-APACHE Spark RPC authentication bypass attempt * 1:59548 <-> FILE-IMAGE ImageMagick GIF comment off-by-one buffer overflow attempt * 1:59549 <-> FILE-IMAGE ImageMagick GIF comment off-by-one buffer overflow attempt * 1:59615 <-> SERVER-OTHER Kerberos cross-realm referrals KDC NULL pointer dereference attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.21.0.
The format of the file is:
gid:sid <-> Message
* 1:300163 <-> PROTOCOL-IMAP Dovecot Pigeonhole string parsing remote code execution attempt * 1:300164 <-> FILE-PDF Adobe Acrobat DC memory corruption attempt * 1:300165 <-> FILE-MULTIMEDIA Apple QuickTime ftab atom buffer overflow attempt * 1:300166 <-> PROTOCOL-SCADA VIPA Automation WinPLC7 buffer overflow attempt * 1:300167 <-> FILE-OTHER ABB Panel Builder BeModBus CommandLineOptions stack-based buffer overflow attempt * 1:300168 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:300169 <-> SERVER-OTHER ISC BIND lightweight resolver protocol denial of service * 1:300170 <-> MALWARE-OTHER Win.Trojan.WhisperGate download attempt * 1:300171 <-> POLICY-OTHER IBM Data Risk Management administrative login attempt * 1:300172 <-> SERVER-WEBAPP Nostromo nhttpd http_header_comp buffer overflow attempt * 1:300173 <-> SERVER-OTHER NetGain Enterprise Manager arbitrary RMI registry insecure deserialization attempt * 1:300174 <-> SERVER-OTHER NetGain Enterprise Manager arbitrary RMI registry insecure deserialization attempt * 1:300175 <-> SERVER-OTHER NetGain Enterprise Manager arbitrary RMI registry insecure deserialization attempt * 1:300176 <-> SERVER-OTHER Bind9 server response self-signed certificate denial of service attempt * 1:300177 <-> SERVER-OTHER Bind9 server response self-signed certificate denial of service attempt * 3:59646 <-> SERVER-OTHER OpenSSL X509_cmp_time out of bounds read attempt
* 1:300076 <-> SERVER-OTHER EMC Data Protection Advisor default credential attempt * 1:300077 <-> SERVER-OTHER EMC Data Protection Advisor default credential attempt * 1:300078 <-> SERVER-OTHER EMC Data Protection Advisor default credential attempt * 1:43676 <-> FILE-PDF FreeType PostScript Type1 font parsing memory corruption attempt * 1:43677 <-> FILE-PDF FreeType PostScript Type1 font parsing memory corruption attempt * 1:59486 <-> SERVER-APACHE Spark RPC authentication bypass attempt * 1:59548 <-> FILE-IMAGE ImageMagick GIF comment off-by-one buffer overflow attempt * 1:59549 <-> FILE-IMAGE ImageMagick GIF comment off-by-one buffer overflow attempt * 1:59615 <-> SERVER-OTHER Kerberos cross-realm referrals KDC NULL pointer dereference attempt
©2024 Cisco and/or its affiliates. Snort, the Snort and Pig logo are registered trademarks of Cisco. All rights reserved.
