Talos Rules 2022-05-24
This release adds and modifies rules in several categories.

Talos has added and modified multiple rules in the file-image, file-multimedia, file-other, malware-cnc, os-linux, os-windows, policy-other, protocol-dns, server-mail, server-oracle and server-webapp rule sets to provide coverage for emerging threats from these technologies.

For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.

Change logs

2022-05-24 21:19:42 UTC

Snort Subscriber Rules Update

Date: 2022-05-24

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091900.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:59825 <-> DISABLED <-> SERVER-OTHER OpenVPN read_key buffer overflow attempt (server-other.rules)
 * 1:59826 <-> DISABLED <-> FILE-OTHER Adobe Acrobat malicious joboptions file download attempt (file-other.rules)
 * 1:59827 <-> DISABLED <-> FILE-OTHER Adobe Acrobat malicious joboptions file download attempt (file-other.rules)
 * 1:59828 <-> DISABLED <-> FILE-IMAGE Microsoft Windows DirectShow JPEG double free attempt (file-image.rules)
 * 1:59829 <-> DISABLED <-> FILE-IMAGE Microsoft Windows DirectShow JPEG double free attempt (file-image.rules)
 * 1:59830 <-> DISABLED <-> FILE-IMAGE Microsoft Windows DirectShow JPEG double free attempt (file-image.rules)
 * 1:59831 <-> DISABLED <-> FILE-IMAGE Microsoft Windows DirectShow JPEG double free attempt (file-image.rules)
 * 1:59832 <-> DISABLED <-> SERVER-OTHER WatchGuard Firebox and XTM remote code execution attempt (server-other.rules)
 * 1:59833 <-> DISABLED <-> SERVER-MAIL Dovecot denial of service attempt (server-mail.rules)
 * 1:59834 <-> DISABLED <-> SERVER-MAIL Dovecot denial of service attempt (server-mail.rules)
 * 1:59835 <-> DISABLED <-> SERVER-MAIL Dovecot denial of service attempt (server-mail.rules)
 * 1:59836 <-> DISABLED <-> SERVER-WEBAPP Jenkins Pipeline Groovy plugin Java expression language injection attempt (server-webapp.rules)
 * 1:59837 <-> DISABLED <-> SERVER-WEBAPP Jenkins Pipeline Groovy plugin Java expression language injection attempt (server-webapp.rules)
 * 1:59838 <-> DISABLED <-> POLICY-OTHER WordPress Plugin WPGraphQL potential denial of service attempt (policy-other.rules)
 * 1:59839 <-> DISABLED <-> POLICY-OTHER WordPress Plugin WPGraphQL potential denial of service attempt (policy-other.rules)
 * 1:59840 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file PPDoc out-of-bounds read attempt (file-other.rules)
 * 1:59841 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file PPDoc out-of-bounds read attempt (file-other.rules)
 * 1:59842 <-> DISABLED <-> SERVER-OTHER ISC BIND rndc control channel denial of service attempt (server-other.rules)
 * 1:59843 <-> DISABLED <-> POLICY-OTHER Microsoft Exchange Export-ExchangeCertificate SOAP API call detected (policy-other.rules)
 * 1:59844 <-> DISABLED <-> POLICY-OTHER Microsoft Exchange New-ExchangeCertificate SOAP API call detected (policy-other.rules)
 * 1:59845 <-> DISABLED <-> POLICY-OTHER Microsoft Exchange Import-TransportRuleCollection SOAP request detected (policy-other.rules)
 * 1:59846 <-> DISABLED <-> SERVER-OTHER HP LoadRunner mxdr_string heap buffer overflow attempt (server-other.rules)
 * 1:59847 <-> DISABLED <-> FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor DPB GIFFILE stack buffer overflow attempt (file-other.rules)
 * 1:59848 <-> DISABLED <-> FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor DPB GIFFILE stack buffer overflow attempt (file-other.rules)
 * 1:59849 <-> DISABLED <-> OS-LINUX Linux Kernel ipv4_pktinfo_prepare denial of service attempt (os-linux.rules)
 * 1:59850 <-> DISABLED <-> FILE-OTHER Eaton HMiSoft VU3 GIFFILE stack buffer overflow attempt (file-other.rules)
 * 1:59851 <-> DISABLED <-> FILE-OTHER Eaton HMiSoft VU3 GIFFILE stack buffer overflow attempt (file-other.rules)
 * 1:59852 <-> DISABLED <-> SERVER-ORACLE Oracle WebLogic Server IIOP JNDI injection attempt (server-oracle.rules)
 * 1:59853 <-> DISABLED <-> OS-WINDOWS Microsoft Windows LNK file remote code execution attempt (os-windows.rules)
 * 1:59854 <-> DISABLED <-> OS-WINDOWS Microsoft Windows LNK file remote code execution attempt (os-windows.rules)
 * 1:59855 <-> DISABLED <-> FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor stack buffer overflow attempt (file-other.rules)
 * 1:59856 <-> DISABLED <-> FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor stack buffer overflow attempt (file-other.rules)
 * 1:59857 <-> DISABLED <-> FILE-OTHER Omron CX-One CX-Programmer malicious cxp file download attempt (file-other.rules)
 * 1:59858 <-> DISABLED <-> FILE-OTHER Omron CX-One CX-Programmer malicious cxp file download attempt (file-other.rules)
 * 1:59859 <-> DISABLED <-> PROTOCOL-DNS PHP dns_get_record out of bounds read attempt (protocol-dns.rules)
 * 1:59860 <-> DISABLED <-> FILE-MULTIMEDIA AVI file chunk length integer overflow attempt (file-multimedia.rules)
 * 1:59861 <-> DISABLED <-> FILE-MULTIMEDIA AVI file chunk length integer overflow attempt (file-multimedia.rules)
 * 1:59862 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file malformed Source attribute buffer overflow attempt (file-other.rules)
 * 1:59863 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file malformed Source attribute buffer overflow attempt (file-other.rules)
 * 1:59864 <-> DISABLED <-> OS-WINDOWS DHCP failover invalid length remote code execution attempt (os-windows.rules)
 * 1:59865 <-> DISABLED <-> SERVER-ORACLE Oracle WebLogic Coherence library remote code execution attempt (server-oracle.rules)
 * 1:59866 <-> DISABLED <-> SERVER-OTHER Debian Redis Lua sandbox escape attempt (server-other.rules)
 * 1:59867 <-> DISABLED <-> SERVER-OTHER Debian Redis Lua sandbox escape attempt (server-other.rules)
 * 1:59868 <-> DISABLED <-> OS-WINDOWS DHCP failover relationship name denial of service attempt (os-windows.rules)

Modified Rules:


 * 1:41206 <-> DISABLED <-> SERVER-OTHER Aerospike Database Server index name buffer overflow attempt (server-other.rules)
 * 1:41209 <-> DISABLED <-> SERVER-OTHER Aerospike Database Server Fabric particle_vtable out of bounds read attempt (server-other.rules)
 * 1:47276 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file PPDoc out-of-bounds read attempt (file-other.rules)
 * 1:47277 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file PPDoc out-of-bounds read attempt (file-other.rules)
 * 1:58679 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt (server-webapp.rules)
 * 1:58680 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt (server-webapp.rules)
 * 1:58681 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt (server-webapp.rules)
 * 1:58682 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt (server-webapp.rules)
 * 1:59509 <-> DISABLED <-> FILE-OTHER ClamAV OLE2 uniq_add out of bounds write attempt (file-other.rules)
 * 1:59510 <-> DISABLED <-> FILE-OTHER ClamAV OLE2 uniq_add out of bounds write attempt (file-other.rules)
 * 1:7707 <-> DISABLED <-> MALWARE-CNC omniquad instant remote control runtime detection - file transfer setup (malware-cnc.rules)
 * 3:44498 <-> ENABLED <-> SERVER-WEBAPP Cisco License Manager ReportCSV directory traversal attempt (server-webapp.rules)
 * 3:44499 <-> ENABLED <-> SERVER-WEBAPP Cisco License Manager ReportCSV directory traversal attempt (server-webapp.rules)
 * 3:44500 <-> ENABLED <-> SERVER-WEBAPP Cisco License Manager ReportCSV directory traversal attempt (server-webapp.rules)

2022-05-24 21:19:42 UTC

Snort Subscriber Rules Update

Date: 2022-05-24

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091801.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:59832 <-> DISABLED <-> SERVER-OTHER WatchGuard Firebox and XTM remote code execution attempt (server-other.rules)
 * 1:59833 <-> DISABLED <-> SERVER-MAIL Dovecot denial of service attempt (server-mail.rules)
 * 1:59857 <-> DISABLED <-> FILE-OTHER Omron CX-One CX-Programmer malicious cxp file download attempt (file-other.rules)
 * 1:59867 <-> DISABLED <-> SERVER-OTHER Debian Redis Lua sandbox escape attempt (server-other.rules)
 * 1:59868 <-> DISABLED <-> OS-WINDOWS DHCP failover relationship name denial of service attempt (os-windows.rules)
 * 1:59830 <-> DISABLED <-> FILE-IMAGE Microsoft Windows DirectShow JPEG double free attempt (file-image.rules)
 * 1:59831 <-> DISABLED <-> FILE-IMAGE Microsoft Windows DirectShow JPEG double free attempt (file-image.rules)
 * 1:59825 <-> DISABLED <-> SERVER-OTHER OpenVPN read_key buffer overflow attempt (server-other.rules)
 * 1:59827 <-> DISABLED <-> FILE-OTHER Adobe Acrobat malicious joboptions file download attempt (file-other.rules)
 * 1:59829 <-> DISABLED <-> FILE-IMAGE Microsoft Windows DirectShow JPEG double free attempt (file-image.rules)
 * 1:59834 <-> DISABLED <-> SERVER-MAIL Dovecot denial of service attempt (server-mail.rules)
 * 1:59835 <-> DISABLED <-> SERVER-MAIL Dovecot denial of service attempt (server-mail.rules)
 * 1:59836 <-> DISABLED <-> SERVER-WEBAPP Jenkins Pipeline Groovy plugin Java expression language injection attempt (server-webapp.rules)
 * 1:59837 <-> DISABLED <-> SERVER-WEBAPP Jenkins Pipeline Groovy plugin Java expression language injection attempt (server-webapp.rules)
 * 1:59838 <-> DISABLED <-> POLICY-OTHER WordPress Plugin WPGraphQL potential denial of service attempt (policy-other.rules)
 * 1:59839 <-> DISABLED <-> POLICY-OTHER WordPress Plugin WPGraphQL potential denial of service attempt (policy-other.rules)
 * 1:59840 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file PPDoc out-of-bounds read attempt (file-other.rules)
 * 1:59841 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file PPDoc out-of-bounds read attempt (file-other.rules)
 * 1:59842 <-> DISABLED <-> SERVER-OTHER ISC BIND rndc control channel denial of service attempt (server-other.rules)
 * 1:59843 <-> DISABLED <-> POLICY-OTHER Microsoft Exchange Export-ExchangeCertificate SOAP API call detected (policy-other.rules)
 * 1:59844 <-> DISABLED <-> POLICY-OTHER Microsoft Exchange New-ExchangeCertificate SOAP API call detected (policy-other.rules)
 * 1:59845 <-> DISABLED <-> POLICY-OTHER Microsoft Exchange Import-TransportRuleCollection SOAP request detected (policy-other.rules)
 * 1:59846 <-> DISABLED <-> SERVER-OTHER HP LoadRunner mxdr_string heap buffer overflow attempt (server-other.rules)
 * 1:59847 <-> DISABLED <-> FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor DPB GIFFILE stack buffer overflow attempt (file-other.rules)
 * 1:59848 <-> DISABLED <-> FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor DPB GIFFILE stack buffer overflow attempt (file-other.rules)
 * 1:59849 <-> DISABLED <-> OS-LINUX Linux Kernel ipv4_pktinfo_prepare denial of service attempt (os-linux.rules)
 * 1:59850 <-> DISABLED <-> FILE-OTHER Eaton HMiSoft VU3 GIFFILE stack buffer overflow attempt (file-other.rules)
 * 1:59851 <-> DISABLED <-> FILE-OTHER Eaton HMiSoft VU3 GIFFILE stack buffer overflow attempt (file-other.rules)
 * 1:59852 <-> DISABLED <-> SERVER-ORACLE Oracle WebLogic Server IIOP JNDI injection attempt (server-oracle.rules)
 * 1:59853 <-> DISABLED <-> OS-WINDOWS Microsoft Windows LNK file remote code execution attempt (os-windows.rules)
 * 1:59854 <-> DISABLED <-> OS-WINDOWS Microsoft Windows LNK file remote code execution attempt (os-windows.rules)
 * 1:59855 <-> DISABLED <-> FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor stack buffer overflow attempt (file-other.rules)
 * 1:59856 <-> DISABLED <-> FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor stack buffer overflow attempt (file-other.rules)
 * 1:59826 <-> DISABLED <-> FILE-OTHER Adobe Acrobat malicious joboptions file download attempt (file-other.rules)
 * 1:59858 <-> DISABLED <-> FILE-OTHER Omron CX-One CX-Programmer malicious cxp file download attempt (file-other.rules)
 * 1:59860 <-> DISABLED <-> FILE-MULTIMEDIA AVI file chunk length integer overflow attempt (file-multimedia.rules)
 * 1:59859 <-> DISABLED <-> PROTOCOL-DNS PHP dns_get_record out of bounds read attempt (protocol-dns.rules)
 * 1:59828 <-> DISABLED <-> FILE-IMAGE Microsoft Windows DirectShow JPEG double free attempt (file-image.rules)
 * 1:59861 <-> DISABLED <-> FILE-MULTIMEDIA AVI file chunk length integer overflow attempt (file-multimedia.rules)
 * 1:59862 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file malformed Source attribute buffer overflow attempt (file-other.rules)
 * 1:59863 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file malformed Source attribute buffer overflow attempt (file-other.rules)
 * 1:59864 <-> DISABLED <-> OS-WINDOWS DHCP failover invalid length remote code execution attempt (os-windows.rules)
 * 1:59865 <-> DISABLED <-> SERVER-ORACLE Oracle WebLogic Coherence library remote code execution attempt (server-oracle.rules)
 * 1:59866 <-> DISABLED <-> SERVER-OTHER Debian Redis Lua sandbox escape attempt (server-other.rules)

Modified Rules:

 * 1:7707 <-> DISABLED <-> MALWARE-CNC omniquad instant remote control runtime detection - file transfer setup (malware-cnc.rules)
 * 1:41206 <-> DISABLED <-> SERVER-OTHER Aerospike Database Server index name buffer overflow attempt (server-other.rules)
 * 1:58681 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt (server-webapp.rules)
 * 1:41209 <-> DISABLED <-> SERVER-OTHER Aerospike Database Server Fabric particle_vtable out of bounds read attempt (server-other.rules)
 * 1:47276 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file PPDoc out-of-bounds read attempt (file-other.rules)
 * 1:58682 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt (server-webapp.rules)
 * 1:47277 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file PPDoc out-of-bounds read attempt (file-other.rules)
 * 1:58680 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt (server-webapp.rules)
 * 1:59510 <-> DISABLED <-> FILE-OTHER ClamAV OLE2 uniq_add out of bounds write attempt (file-other.rules)
 * 1:58679 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt (server-webapp.rules)
 * 1:59509 <-> DISABLED <-> FILE-OTHER ClamAV OLE2 uniq_add out of bounds write attempt (file-other.rules)
 * 3:44499 <-> ENABLED <-> SERVER-WEBAPP Cisco License Manager ReportCSV directory traversal attempt (server-webapp.rules)
 * 3:44500 <-> ENABLED <-> SERVER-WEBAPP Cisco License Manager ReportCSV directory traversal attempt (server-webapp.rules)
 * 3:44498 <-> ENABLED <-> SERVER-WEBAPP Cisco License Manager ReportCSV directory traversal attempt (server-webapp.rules)

2022-05-24 21:19:42 UTC

Snort Subscriber Rules Update

Date: 2022-05-24

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091701.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:59830 <-> DISABLED <-> FILE-IMAGE Microsoft Windows DirectShow JPEG double free attempt (file-image.rules)
 * 1:59831 <-> DISABLED <-> FILE-IMAGE Microsoft Windows DirectShow JPEG double free attempt (file-image.rules)
 * 1:59849 <-> DISABLED <-> OS-LINUX Linux Kernel ipv4_pktinfo_prepare denial of service attempt (os-linux.rules)
 * 1:59853 <-> DISABLED <-> OS-WINDOWS Microsoft Windows LNK file remote code execution attempt (os-windows.rules)
 * 1:59828 <-> DISABLED <-> FILE-IMAGE Microsoft Windows DirectShow JPEG double free attempt (file-image.rules)
 * 1:59826 <-> DISABLED <-> FILE-OTHER Adobe Acrobat malicious joboptions file download attempt (file-other.rules)
 * 1:59848 <-> DISABLED <-> FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor DPB GIFFILE stack buffer overflow attempt (file-other.rules)
 * 1:59825 <-> DISABLED <-> SERVER-OTHER OpenVPN read_key buffer overflow attempt (server-other.rules)
 * 1:59832 <-> DISABLED <-> SERVER-OTHER WatchGuard Firebox and XTM remote code execution attempt (server-other.rules)
 * 1:59858 <-> DISABLED <-> FILE-OTHER Omron CX-One CX-Programmer malicious cxp file download attempt (file-other.rules)
 * 1:59833 <-> DISABLED <-> SERVER-MAIL Dovecot denial of service attempt (server-mail.rules)
 * 1:59859 <-> DISABLED <-> PROTOCOL-DNS PHP dns_get_record out of bounds read attempt (protocol-dns.rules)
 * 1:59860 <-> DISABLED <-> FILE-MULTIMEDIA AVI file chunk length integer overflow attempt (file-multimedia.rules)
 * 1:59861 <-> DISABLED <-> FILE-MULTIMEDIA AVI file chunk length integer overflow attempt (file-multimedia.rules)
 * 1:59862 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file malformed Source attribute buffer overflow attempt (file-other.rules)
 * 1:59863 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file malformed Source attribute buffer overflow attempt (file-other.rules)
 * 1:59864 <-> DISABLED <-> OS-WINDOWS DHCP failover invalid length remote code execution attempt (os-windows.rules)
 * 1:59865 <-> DISABLED <-> SERVER-ORACLE Oracle WebLogic Coherence library remote code execution attempt (server-oracle.rules)
 * 1:59866 <-> DISABLED <-> SERVER-OTHER Debian Redis Lua sandbox escape attempt (server-other.rules)
 * 1:59867 <-> DISABLED <-> SERVER-OTHER Debian Redis Lua sandbox escape attempt (server-other.rules)
 * 1:59868 <-> DISABLED <-> OS-WINDOWS DHCP failover relationship name denial of service attempt (os-windows.rules)
 * 1:59834 <-> DISABLED <-> SERVER-MAIL Dovecot denial of service attempt (server-mail.rules)
 * 1:59835 <-> DISABLED <-> SERVER-MAIL Dovecot denial of service attempt (server-mail.rules)
 * 1:59836 <-> DISABLED <-> SERVER-WEBAPP Jenkins Pipeline Groovy plugin Java expression language injection attempt (server-webapp.rules)
 * 1:59837 <-> DISABLED <-> SERVER-WEBAPP Jenkins Pipeline Groovy plugin Java expression language injection attempt (server-webapp.rules)
 * 1:59838 <-> DISABLED <-> POLICY-OTHER WordPress Plugin WPGraphQL potential denial of service attempt (policy-other.rules)
 * 1:59839 <-> DISABLED <-> POLICY-OTHER WordPress Plugin WPGraphQL potential denial of service attempt (policy-other.rules)
 * 1:59840 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file PPDoc out-of-bounds read attempt (file-other.rules)
 * 1:59841 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file PPDoc out-of-bounds read attempt (file-other.rules)
 * 1:59842 <-> DISABLED <-> SERVER-OTHER ISC BIND rndc control channel denial of service attempt (server-other.rules)
 * 1:59843 <-> DISABLED <-> POLICY-OTHER Microsoft Exchange Export-ExchangeCertificate SOAP API call detected (policy-other.rules)
 * 1:59845 <-> DISABLED <-> POLICY-OTHER Microsoft Exchange Import-TransportRuleCollection SOAP request detected (policy-other.rules)
 * 1:59844 <-> DISABLED <-> POLICY-OTHER Microsoft Exchange New-ExchangeCertificate SOAP API call detected (policy-other.rules)
 * 1:59846 <-> DISABLED <-> SERVER-OTHER HP LoadRunner mxdr_string heap buffer overflow attempt (server-other.rules)
 * 1:59847 <-> DISABLED <-> FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor DPB GIFFILE stack buffer overflow attempt (file-other.rules)
 * 1:59850 <-> DISABLED <-> FILE-OTHER Eaton HMiSoft VU3 GIFFILE stack buffer overflow attempt (file-other.rules)
 * 1:59851 <-> DISABLED <-> FILE-OTHER Eaton HMiSoft VU3 GIFFILE stack buffer overflow attempt (file-other.rules)
 * 1:59852 <-> DISABLED <-> SERVER-ORACLE Oracle WebLogic Server IIOP JNDI injection attempt (server-oracle.rules)
 * 1:59854 <-> DISABLED <-> OS-WINDOWS Microsoft Windows LNK file remote code execution attempt (os-windows.rules)
 * 1:59855 <-> DISABLED <-> FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor stack buffer overflow attempt (file-other.rules)
 * 1:59856 <-> DISABLED <-> FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor stack buffer overflow attempt (file-other.rules)
 * 1:59857 <-> DISABLED <-> FILE-OTHER Omron CX-One CX-Programmer malicious cxp file download attempt (file-other.rules)
 * 1:59827 <-> DISABLED <-> FILE-OTHER Adobe Acrobat malicious joboptions file download attempt (file-other.rules)
 * 1:59829 <-> DISABLED <-> FILE-IMAGE Microsoft Windows DirectShow JPEG double free attempt (file-image.rules)

Modified Rules:


 * 1:59509 <-> DISABLED <-> FILE-OTHER ClamAV OLE2 uniq_add out of bounds write attempt (file-other.rules)
 * 1:58680 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt (server-webapp.rules)
 * 1:59510 <-> DISABLED <-> FILE-OTHER ClamAV OLE2 uniq_add out of bounds write attempt (file-other.rules)
 * 1:7707 <-> DISABLED <-> MALWARE-CNC omniquad instant remote control runtime detection - file transfer setup (malware-cnc.rules)
 * 1:58682 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt (server-webapp.rules)
 * 1:58681 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt (server-webapp.rules)
 * 1:58679 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt (server-webapp.rules)
 * 1:47276 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file PPDoc out-of-bounds read attempt (file-other.rules)
 * 1:41206 <-> DISABLED <-> SERVER-OTHER Aerospike Database Server index name buffer overflow attempt (server-other.rules)
 * 1:41209 <-> DISABLED <-> SERVER-OTHER Aerospike Database Server Fabric particle_vtable out of bounds read attempt (server-other.rules)
 * 1:47277 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file PPDoc out-of-bounds read attempt (file-other.rules)
 * 3:44498 <-> ENABLED <-> SERVER-WEBAPP Cisco License Manager ReportCSV directory traversal attempt (server-webapp.rules)
 * 3:44499 <-> ENABLED <-> SERVER-WEBAPP Cisco License Manager ReportCSV directory traversal attempt (server-webapp.rules)
 * 3:44500 <-> ENABLED <-> SERVER-WEBAPP Cisco License Manager ReportCSV directory traversal attempt (server-webapp.rules)

2022-05-24 21:19:42 UTC

Snort Subscriber Rules Update

Date: 2022-05-24

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091700.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:59825 <-> DISABLED <-> SERVER-OTHER OpenVPN read_key buffer overflow attempt (server-other.rules)
 * 1:59858 <-> DISABLED <-> FILE-OTHER Omron CX-One CX-Programmer malicious cxp file download attempt (file-other.rules)
 * 1:59859 <-> DISABLED <-> PROTOCOL-DNS PHP dns_get_record out of bounds read attempt (protocol-dns.rules)
 * 1:59860 <-> DISABLED <-> FILE-MULTIMEDIA AVI file chunk length integer overflow attempt (file-multimedia.rules)
 * 1:59865 <-> DISABLED <-> SERVER-ORACLE Oracle WebLogic Coherence library remote code execution attempt (server-oracle.rules)
 * 1:59868 <-> DISABLED <-> OS-WINDOWS DHCP failover relationship name denial of service attempt (os-windows.rules)
 * 1:59835 <-> DISABLED <-> SERVER-MAIL Dovecot denial of service attempt (server-mail.rules)
 * 1:59827 <-> DISABLED <-> FILE-OTHER Adobe Acrobat malicious joboptions file download attempt (file-other.rules)
 * 1:59829 <-> DISABLED <-> FILE-IMAGE Microsoft Windows DirectShow JPEG double free attempt (file-image.rules)
 * 1:59831 <-> DISABLED <-> FILE-IMAGE Microsoft Windows DirectShow JPEG double free attempt (file-image.rules)
 * 1:59830 <-> DISABLED <-> FILE-IMAGE Microsoft Windows DirectShow JPEG double free attempt (file-image.rules)
 * 1:59863 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file malformed Source attribute buffer overflow attempt (file-other.rules)
 * 1:59866 <-> DISABLED <-> SERVER-OTHER Debian Redis Lua sandbox escape attempt (server-other.rules)
 * 1:59867 <-> DISABLED <-> SERVER-OTHER Debian Redis Lua sandbox escape attempt (server-other.rules)
 * 1:59834 <-> DISABLED <-> SERVER-MAIL Dovecot denial of service attempt (server-mail.rules)
 * 1:59828 <-> DISABLED <-> FILE-IMAGE Microsoft Windows DirectShow JPEG double free attempt (file-image.rules)
 * 1:59847 <-> DISABLED <-> FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor DPB GIFFILE stack buffer overflow attempt (file-other.rules)
 * 1:59845 <-> DISABLED <-> POLICY-OTHER Microsoft Exchange Import-TransportRuleCollection SOAP request detected (policy-other.rules)
 * 1:59862 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file malformed Source attribute buffer overflow attempt (file-other.rules)
 * 1:59826 <-> DISABLED <-> FILE-OTHER Adobe Acrobat malicious joboptions file download attempt (file-other.rules)
 * 1:59849 <-> DISABLED <-> OS-LINUX Linux Kernel ipv4_pktinfo_prepare denial of service attempt (os-linux.rules)
 * 1:59848 <-> DISABLED <-> FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor DPB GIFFILE stack buffer overflow attempt (file-other.rules)
 * 1:59851 <-> DISABLED <-> FILE-OTHER Eaton HMiSoft VU3 GIFFILE stack buffer overflow attempt (file-other.rules)
 * 1:59850 <-> DISABLED <-> FILE-OTHER Eaton HMiSoft VU3 GIFFILE stack buffer overflow attempt (file-other.rules)
 * 1:59864 <-> DISABLED <-> OS-WINDOWS DHCP failover invalid length remote code execution attempt (os-windows.rules)
 * 1:59853 <-> DISABLED <-> OS-WINDOWS Microsoft Windows LNK file remote code execution attempt (os-windows.rules)
 * 1:59852 <-> DISABLED <-> SERVER-ORACLE Oracle WebLogic Server IIOP JNDI injection attempt (server-oracle.rules)
 * 1:59854 <-> DISABLED <-> OS-WINDOWS Microsoft Windows LNK file remote code execution attempt (os-windows.rules)
 * 1:59855 <-> DISABLED <-> FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor stack buffer overflow attempt (file-other.rules)
 * 1:59856 <-> DISABLED <-> FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor stack buffer overflow attempt (file-other.rules)
 * 1:59857 <-> DISABLED <-> FILE-OTHER Omron CX-One CX-Programmer malicious cxp file download attempt (file-other.rules)
 * 1:59861 <-> DISABLED <-> FILE-MULTIMEDIA AVI file chunk length integer overflow attempt (file-multimedia.rules)
 * 1:59832 <-> DISABLED <-> SERVER-OTHER WatchGuard Firebox and XTM remote code execution attempt (server-other.rules)
 * 1:59833 <-> DISABLED <-> SERVER-MAIL Dovecot denial of service attempt (server-mail.rules)
 * 1:59836 <-> DISABLED <-> SERVER-WEBAPP Jenkins Pipeline Groovy plugin Java expression language injection attempt (server-webapp.rules)
 * 1:59837 <-> DISABLED <-> SERVER-WEBAPP Jenkins Pipeline Groovy plugin Java expression language injection attempt (server-webapp.rules)
 * 1:59840 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file PPDoc out-of-bounds read attempt (file-other.rules)
 * 1:59839 <-> DISABLED <-> POLICY-OTHER WordPress Plugin WPGraphQL potential denial of service attempt (policy-other.rules)
 * 1:59838 <-> DISABLED <-> POLICY-OTHER WordPress Plugin WPGraphQL potential denial of service attempt (policy-other.rules)
 * 1:59841 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file PPDoc out-of-bounds read attempt (file-other.rules)
 * 1:59844 <-> DISABLED <-> POLICY-OTHER Microsoft Exchange New-ExchangeCertificate SOAP API call detected (policy-other.rules)
 * 1:59843 <-> DISABLED <-> POLICY-OTHER Microsoft Exchange Export-ExchangeCertificate SOAP API call detected (policy-other.rules)
 * 1:59842 <-> DISABLED <-> SERVER-OTHER ISC BIND rndc control channel denial of service attempt (server-other.rules)
 * 1:59846 <-> DISABLED <-> SERVER-OTHER HP LoadRunner mxdr_string heap buffer overflow attempt (server-other.rules)

Modified Rules:


 * 1:7707 <-> DISABLED <-> MALWARE-CNC omniquad instant remote control runtime detection - file transfer setup (malware-cnc.rules)
 * 1:47277 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file PPDoc out-of-bounds read attempt (file-other.rules)
 * 1:41206 <-> DISABLED <-> SERVER-OTHER Aerospike Database Server index name buffer overflow attempt (server-other.rules)
 * 1:59509 <-> DISABLED <-> FILE-OTHER ClamAV OLE2 uniq_add out of bounds write attempt (file-other.rules)
 * 1:41209 <-> DISABLED <-> SERVER-OTHER Aerospike Database Server Fabric particle_vtable out of bounds read attempt (server-other.rules)
 * 1:59510 <-> DISABLED <-> FILE-OTHER ClamAV OLE2 uniq_add out of bounds write attempt (file-other.rules)
 * 1:47276 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file PPDoc out-of-bounds read attempt (file-other.rules)
 * 1:58681 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt (server-webapp.rules)
 * 1:58680 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt (server-webapp.rules)
 * 1:58679 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt (server-webapp.rules)
 * 1:58682 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt (server-webapp.rules)
 * 3:44500 <-> ENABLED <-> SERVER-WEBAPP Cisco License Manager ReportCSV directory traversal attempt (server-webapp.rules)
 * 3:44498 <-> ENABLED <-> SERVER-WEBAPP Cisco License Manager ReportCSV directory traversal attempt (server-webapp.rules)
 * 3:44499 <-> ENABLED <-> SERVER-WEBAPP Cisco License Manager ReportCSV directory traversal attempt (server-webapp.rules)

2022-05-24 21:19:42 UTC

Snort Subscriber Rules Update

Date: 2022-05-24

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091601.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:59830 <-> DISABLED <-> FILE-IMAGE Microsoft Windows DirectShow JPEG double free attempt (file-image.rules)
 * 1:59858 <-> DISABLED <-> FILE-OTHER Omron CX-One CX-Programmer malicious cxp file download attempt (file-other.rules)
 * 1:59835 <-> DISABLED <-> SERVER-MAIL Dovecot denial of service attempt (server-mail.rules)
 * 1:59827 <-> DISABLED <-> FILE-OTHER Adobe Acrobat malicious joboptions file download attempt (file-other.rules)
 * 1:59855 <-> DISABLED <-> FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor stack buffer overflow attempt (file-other.rules)
 * 1:59862 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file malformed Source attribute buffer overflow attempt (file-other.rules)
 * 1:59826 <-> DISABLED <-> FILE-OTHER Adobe Acrobat malicious joboptions file download attempt (file-other.rules)
 * 1:59867 <-> DISABLED <-> SERVER-OTHER Debian Redis Lua sandbox escape attempt (server-other.rules)
 * 1:59864 <-> DISABLED <-> OS-WINDOWS DHCP failover invalid length remote code execution attempt (os-windows.rules)
 * 1:59829 <-> DISABLED <-> FILE-IMAGE Microsoft Windows DirectShow JPEG double free attempt (file-image.rules)
 * 1:59825 <-> DISABLED <-> SERVER-OTHER OpenVPN read_key buffer overflow attempt (server-other.rules)
 * 1:59852 <-> DISABLED <-> SERVER-ORACLE Oracle WebLogic Server IIOP JNDI injection attempt (server-oracle.rules)
 * 1:59854 <-> DISABLED <-> OS-WINDOWS Microsoft Windows LNK file remote code execution attempt (os-windows.rules)
 * 1:59853 <-> DISABLED <-> OS-WINDOWS Microsoft Windows LNK file remote code execution attempt (os-windows.rules)
 * 1:59861 <-> DISABLED <-> FILE-MULTIMEDIA AVI file chunk length integer overflow attempt (file-multimedia.rules)
 * 1:59848 <-> DISABLED <-> FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor DPB GIFFILE stack buffer overflow attempt (file-other.rules)
 * 1:59831 <-> DISABLED <-> FILE-IMAGE Microsoft Windows DirectShow JPEG double free attempt (file-image.rules)
 * 1:59828 <-> DISABLED <-> FILE-IMAGE Microsoft Windows DirectShow JPEG double free attempt (file-image.rules)
 * 1:59868 <-> DISABLED <-> OS-WINDOWS DHCP failover relationship name denial of service attempt (os-windows.rules)
 * 1:59860 <-> DISABLED <-> FILE-MULTIMEDIA AVI file chunk length integer overflow attempt (file-multimedia.rules)
 * 1:59846 <-> DISABLED <-> SERVER-OTHER HP LoadRunner mxdr_string heap buffer overflow attempt (server-other.rules)
 * 1:59847 <-> DISABLED <-> FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor DPB GIFFILE stack buffer overflow attempt (file-other.rules)
 * 1:59851 <-> DISABLED <-> FILE-OTHER Eaton HMiSoft VU3 GIFFILE stack buffer overflow attempt (file-other.rules)
 * 1:59850 <-> DISABLED <-> FILE-OTHER Eaton HMiSoft VU3 GIFFILE stack buffer overflow attempt (file-other.rules)
 * 1:59865 <-> DISABLED <-> SERVER-ORACLE Oracle WebLogic Coherence library remote code execution attempt (server-oracle.rules)
 * 1:59832 <-> DISABLED <-> SERVER-OTHER WatchGuard Firebox and XTM remote code execution attempt (server-other.rules)
 * 1:59833 <-> DISABLED <-> SERVER-MAIL Dovecot denial of service attempt (server-mail.rules)
 * 1:59836 <-> DISABLED <-> SERVER-WEBAPP Jenkins Pipeline Groovy plugin Java expression language injection attempt (server-webapp.rules)
 * 1:59838 <-> DISABLED <-> POLICY-OTHER WordPress Plugin WPGraphQL potential denial of service attempt (policy-other.rules)
 * 1:59840 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file PPDoc out-of-bounds read attempt (file-other.rules)
 * 1:59839 <-> DISABLED <-> POLICY-OTHER WordPress Plugin WPGraphQL potential denial of service attempt (policy-other.rules)
 * 1:59842 <-> DISABLED <-> SERVER-OTHER ISC BIND rndc control channel denial of service attempt (server-other.rules)
 * 1:59844 <-> DISABLED <-> POLICY-OTHER Microsoft Exchange New-ExchangeCertificate SOAP API call detected (policy-other.rules)
 * 1:59843 <-> DISABLED <-> POLICY-OTHER Microsoft Exchange Export-ExchangeCertificate SOAP API call detected (policy-other.rules)
 * 1:59837 <-> DISABLED <-> SERVER-WEBAPP Jenkins Pipeline Groovy plugin Java expression language injection attempt (server-webapp.rules)
 * 1:59841 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file PPDoc out-of-bounds read attempt (file-other.rules)
 * 1:59859 <-> DISABLED <-> PROTOCOL-DNS PHP dns_get_record out of bounds read attempt (protocol-dns.rules)
 * 1:59834 <-> DISABLED <-> SERVER-MAIL Dovecot denial of service attempt (server-mail.rules)
 * 1:59845 <-> DISABLED <-> POLICY-OTHER Microsoft Exchange Import-TransportRuleCollection SOAP request detected (policy-other.rules)
 * 1:59849 <-> DISABLED <-> OS-LINUX Linux Kernel ipv4_pktinfo_prepare denial of service attempt (os-linux.rules)
 * 1:59866 <-> DISABLED <-> SERVER-OTHER Debian Redis Lua sandbox escape attempt (server-other.rules)
 * 1:59856 <-> DISABLED <-> FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor stack buffer overflow attempt (file-other.rules)
 * 1:59857 <-> DISABLED <-> FILE-OTHER Omron CX-One CX-Programmer malicious cxp file download attempt (file-other.rules)
 * 1:59863 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file malformed Source attribute buffer overflow attempt (file-other.rules)

Modified Rules:


 * 1:47277 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file PPDoc out-of-bounds read attempt (file-other.rules)
 * 1:58680 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt (server-webapp.rules)
 * 1:58682 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt (server-webapp.rules)
 * 1:58679 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt (server-webapp.rules)
 * 1:58681 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt (server-webapp.rules)
 * 1:59509 <-> DISABLED <-> FILE-OTHER ClamAV OLE2 uniq_add out of bounds write attempt (file-other.rules)
 * 1:41209 <-> DISABLED <-> SERVER-OTHER Aerospike Database Server Fabric particle_vtable out of bounds read attempt (server-other.rules)
 * 1:47276 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file PPDoc out-of-bounds read attempt (file-other.rules)
 * 1:7707 <-> DISABLED <-> MALWARE-CNC omniquad instant remote control runtime detection - file transfer setup (malware-cnc.rules)
 * 1:59510 <-> DISABLED <-> FILE-OTHER ClamAV OLE2 uniq_add out of bounds write attempt (file-other.rules)
 * 1:41206 <-> DISABLED <-> SERVER-OTHER Aerospike Database Server index name buffer overflow attempt (server-other.rules)
 * 3:44499 <-> ENABLED <-> SERVER-WEBAPP Cisco License Manager ReportCSV directory traversal attempt (server-webapp.rules)
 * 3:44500 <-> ENABLED <-> SERVER-WEBAPP Cisco License Manager ReportCSV directory traversal attempt (server-webapp.rules)
 * 3:44498 <-> ENABLED <-> SERVER-WEBAPP Cisco License Manager ReportCSV directory traversal attempt (server-webapp.rules)

2022-05-24 21:19:42 UTC

Snort Subscriber Rules Update

Date: 2022-05-24

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091600.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:59865 <-> DISABLED <-> SERVER-ORACLE Oracle WebLogic Coherence library remote code execution attempt (server-oracle.rules)
 * 1:59862 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file malformed Source attribute buffer overflow attempt (file-other.rules)
 * 1:59832 <-> DISABLED <-> SERVER-OTHER WatchGuard Firebox and XTM remote code execution attempt (server-other.rules)
 * 1:59861 <-> DISABLED <-> FILE-MULTIMEDIA AVI file chunk length integer overflow attempt (file-multimedia.rules)
 * 1:59831 <-> DISABLED <-> FILE-IMAGE Microsoft Windows DirectShow JPEG double free attempt (file-image.rules)
 * 1:59828 <-> DISABLED <-> FILE-IMAGE Microsoft Windows DirectShow JPEG double free attempt (file-image.rules)
 * 1:59846 <-> DISABLED <-> SERVER-OTHER HP LoadRunner mxdr_string heap buffer overflow attempt (server-other.rules)
 * 1:59866 <-> DISABLED <-> SERVER-OTHER Debian Redis Lua sandbox escape attempt (server-other.rules)
 * 1:59840 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file PPDoc out-of-bounds read attempt (file-other.rules)
 * 1:59830 <-> DISABLED <-> FILE-IMAGE Microsoft Windows DirectShow JPEG double free attempt (file-image.rules)
 * 1:59868 <-> DISABLED <-> OS-WINDOWS DHCP failover relationship name denial of service attempt (os-windows.rules)
 * 1:59839 <-> DISABLED <-> POLICY-OTHER WordPress Plugin WPGraphQL potential denial of service attempt (policy-other.rules)
 * 1:59827 <-> DISABLED <-> FILE-OTHER Adobe Acrobat malicious joboptions file download attempt (file-other.rules)
 * 1:59843 <-> DISABLED <-> POLICY-OTHER Microsoft Exchange Export-ExchangeCertificate SOAP API call detected (policy-other.rules)
 * 1:59842 <-> DISABLED <-> SERVER-OTHER ISC BIND rndc control channel denial of service attempt (server-other.rules)
 * 1:59836 <-> DISABLED <-> SERVER-WEBAPP Jenkins Pipeline Groovy plugin Java expression language injection attempt (server-webapp.rules)
 * 1:59829 <-> DISABLED <-> FILE-IMAGE Microsoft Windows DirectShow JPEG double free attempt (file-image.rules)
 * 1:59837 <-> DISABLED <-> SERVER-WEBAPP Jenkins Pipeline Groovy plugin Java expression language injection attempt (server-webapp.rules)
 * 1:59838 <-> DISABLED <-> POLICY-OTHER WordPress Plugin WPGraphQL potential denial of service attempt (policy-other.rules)
 * 1:59847 <-> DISABLED <-> FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor DPB GIFFILE stack buffer overflow attempt (file-other.rules)
 * 1:59849 <-> DISABLED <-> OS-LINUX Linux Kernel ipv4_pktinfo_prepare denial of service attempt (os-linux.rules)
 * 1:59850 <-> DISABLED <-> FILE-OTHER Eaton HMiSoft VU3 GIFFILE stack buffer overflow attempt (file-other.rules)
 * 1:59848 <-> DISABLED <-> FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor DPB GIFFILE stack buffer overflow attempt (file-other.rules)
 * 1:59852 <-> DISABLED <-> SERVER-ORACLE Oracle WebLogic Server IIOP JNDI injection attempt (server-oracle.rules)
 * 1:59854 <-> DISABLED <-> OS-WINDOWS Microsoft Windows LNK file remote code execution attempt (os-windows.rules)
 * 1:59856 <-> DISABLED <-> FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor stack buffer overflow attempt (file-other.rules)
 * 1:59858 <-> DISABLED <-> FILE-OTHER Omron CX-One CX-Programmer malicious cxp file download attempt (file-other.rules)
 * 1:59853 <-> DISABLED <-> OS-WINDOWS Microsoft Windows LNK file remote code execution attempt (os-windows.rules)
 * 1:59860 <-> DISABLED <-> FILE-MULTIMEDIA AVI file chunk length integer overflow attempt (file-multimedia.rules)
 * 1:59851 <-> DISABLED <-> FILE-OTHER Eaton HMiSoft VU3 GIFFILE stack buffer overflow attempt (file-other.rules)
 * 1:59857 <-> DISABLED <-> FILE-OTHER Omron CX-One CX-Programmer malicious cxp file download attempt (file-other.rules)
 * 1:59855 <-> DISABLED <-> FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor stack buffer overflow attempt (file-other.rules)
 * 1:59859 <-> DISABLED <-> PROTOCOL-DNS PHP dns_get_record out of bounds read attempt (protocol-dns.rules)
 * 1:59825 <-> DISABLED <-> SERVER-OTHER OpenVPN read_key buffer overflow attempt (server-other.rules)
 * 1:59833 <-> DISABLED <-> SERVER-MAIL Dovecot denial of service attempt (server-mail.rules)
 * 1:59826 <-> DISABLED <-> FILE-OTHER Adobe Acrobat malicious joboptions file download attempt (file-other.rules)
 * 1:59844 <-> DISABLED <-> POLICY-OTHER Microsoft Exchange New-ExchangeCertificate SOAP API call detected (policy-other.rules)
 * 1:59834 <-> DISABLED <-> SERVER-MAIL Dovecot denial of service attempt (server-mail.rules)
 * 1:59863 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file malformed Source attribute buffer overflow attempt (file-other.rules)
 * 1:59867 <-> DISABLED <-> SERVER-OTHER Debian Redis Lua sandbox escape attempt (server-other.rules)
 * 1:59864 <-> DISABLED <-> OS-WINDOWS DHCP failover invalid length remote code execution attempt (os-windows.rules)
 * 1:59845 <-> DISABLED <-> POLICY-OTHER Microsoft Exchange Import-TransportRuleCollection SOAP request detected (policy-other.rules)
 * 1:59835 <-> DISABLED <-> SERVER-MAIL Dovecot denial of service attempt (server-mail.rules)
 * 1:59841 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file PPDoc out-of-bounds read attempt (file-other.rules)

Modified Rules:


 * 1:58680 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt (server-webapp.rules)
 * 1:47276 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file PPDoc out-of-bounds read attempt (file-other.rules)
 * 1:41206 <-> DISABLED <-> SERVER-OTHER Aerospike Database Server index name buffer overflow attempt (server-other.rules)
 * 1:59510 <-> DISABLED <-> FILE-OTHER ClamAV OLE2 uniq_add out of bounds write attempt (file-other.rules)
 * 1:58681 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt (server-webapp.rules)
 * 1:58679 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt (server-webapp.rules)
 * 1:7707 <-> DISABLED <-> MALWARE-CNC omniquad instant remote control runtime detection - file transfer setup (malware-cnc.rules)
 * 1:47277 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file PPDoc out-of-bounds read attempt (file-other.rules)
 * 1:58682 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt (server-webapp.rules)
 * 1:59509 <-> DISABLED <-> FILE-OTHER ClamAV OLE2 uniq_add out of bounds write attempt (file-other.rules)
 * 1:41209 <-> DISABLED <-> SERVER-OTHER Aerospike Database Server Fabric particle_vtable out of bounds read attempt (server-other.rules)
 * 3:44499 <-> ENABLED <-> SERVER-WEBAPP Cisco License Manager ReportCSV directory traversal attempt (server-webapp.rules)
 * 3:44500 <-> ENABLED <-> SERVER-WEBAPP Cisco License Manager ReportCSV directory traversal attempt (server-webapp.rules)
 * 3:44498 <-> ENABLED <-> SERVER-WEBAPP Cisco License Manager ReportCSV directory traversal attempt (server-webapp.rules)

2022-05-24 21:19:42 UTC

Snort Subscriber Rules Update

Date: 2022-05-24

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091501.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:59857 <-> DISABLED <-> FILE-OTHER Omron CX-One CX-Programmer malicious cxp file download attempt (file-other.rules)
 * 1:59855 <-> DISABLED <-> FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor stack buffer overflow attempt (file-other.rules)
 * 1:59828 <-> DISABLED <-> FILE-IMAGE Microsoft Windows DirectShow JPEG double free attempt (file-image.rules)
 * 1:59836 <-> DISABLED <-> SERVER-WEBAPP Jenkins Pipeline Groovy plugin Java expression language injection attempt (server-webapp.rules)
 * 1:59853 <-> DISABLED <-> OS-WINDOWS Microsoft Windows LNK file remote code execution attempt (os-windows.rules)
 * 1:59861 <-> DISABLED <-> FILE-MULTIMEDIA AVI file chunk length integer overflow attempt (file-multimedia.rules)
 * 1:59849 <-> DISABLED <-> OS-LINUX Linux Kernel ipv4_pktinfo_prepare denial of service attempt (os-linux.rules)
 * 1:59847 <-> DISABLED <-> FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor DPB GIFFILE stack buffer overflow attempt (file-other.rules)
 * 1:59866 <-> DISABLED <-> SERVER-OTHER Debian Redis Lua sandbox escape attempt (server-other.rules)
 * 1:59863 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file malformed Source attribute buffer overflow attempt (file-other.rules)
 * 1:59856 <-> DISABLED <-> FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor stack buffer overflow attempt (file-other.rules)
 * 1:59837 <-> DISABLED <-> SERVER-WEBAPP Jenkins Pipeline Groovy plugin Java expression language injection attempt (server-webapp.rules)
 * 1:59841 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file PPDoc out-of-bounds read attempt (file-other.rules)
 * 1:59838 <-> DISABLED <-> POLICY-OTHER WordPress Plugin WPGraphQL potential denial of service attempt (policy-other.rules)
 * 1:59839 <-> DISABLED <-> POLICY-OTHER WordPress Plugin WPGraphQL potential denial of service attempt (policy-other.rules)
 * 1:59830 <-> DISABLED <-> FILE-IMAGE Microsoft Windows DirectShow JPEG double free attempt (file-image.rules)
 * 1:59845 <-> DISABLED <-> POLICY-OTHER Microsoft Exchange Import-TransportRuleCollection SOAP request detected (policy-other.rules)
 * 1:59842 <-> DISABLED <-> SERVER-OTHER ISC BIND rndc control channel denial of service attempt (server-other.rules)
 * 1:59843 <-> DISABLED <-> POLICY-OTHER Microsoft Exchange Export-ExchangeCertificate SOAP API call detected (policy-other.rules)
 * 1:59840 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file PPDoc out-of-bounds read attempt (file-other.rules)
 * 1:59846 <-> DISABLED <-> SERVER-OTHER HP LoadRunner mxdr_string heap buffer overflow attempt (server-other.rules)
 * 1:59844 <-> DISABLED <-> POLICY-OTHER Microsoft Exchange New-ExchangeCertificate SOAP API call detected (policy-other.rules)
 * 1:59864 <-> DISABLED <-> OS-WINDOWS DHCP failover invalid length remote code execution attempt (os-windows.rules)
 * 1:59867 <-> DISABLED <-> SERVER-OTHER Debian Redis Lua sandbox escape attempt (server-other.rules)
 * 1:59860 <-> DISABLED <-> FILE-MULTIMEDIA AVI file chunk length integer overflow attempt (file-multimedia.rules)
 * 1:59834 <-> DISABLED <-> SERVER-MAIL Dovecot denial of service attempt (server-mail.rules)
 * 1:59868 <-> DISABLED <-> OS-WINDOWS DHCP failover relationship name denial of service attempt (os-windows.rules)
 * 1:59833 <-> DISABLED <-> SERVER-MAIL Dovecot denial of service attempt (server-mail.rules)
 * 1:59858 <-> DISABLED <-> FILE-OTHER Omron CX-One CX-Programmer malicious cxp file download attempt (file-other.rules)
 * 1:59852 <-> DISABLED <-> SERVER-ORACLE Oracle WebLogic Server IIOP JNDI injection attempt (server-oracle.rules)
 * 1:59829 <-> DISABLED <-> FILE-IMAGE Microsoft Windows DirectShow JPEG double free attempt (file-image.rules)
 * 1:59832 <-> DISABLED <-> SERVER-OTHER WatchGuard Firebox and XTM remote code execution attempt (server-other.rules)
 * 1:59826 <-> DISABLED <-> FILE-OTHER Adobe Acrobat malicious joboptions file download attempt (file-other.rules)
 * 1:59854 <-> DISABLED <-> OS-WINDOWS Microsoft Windows LNK file remote code execution attempt (os-windows.rules)
 * 1:59851 <-> DISABLED <-> FILE-OTHER Eaton HMiSoft VU3 GIFFILE stack buffer overflow attempt (file-other.rules)
 * 1:59831 <-> DISABLED <-> FILE-IMAGE Microsoft Windows DirectShow JPEG double free attempt (file-image.rules)
 * 1:59835 <-> DISABLED <-> SERVER-MAIL Dovecot denial of service attempt (server-mail.rules)
 * 1:59859 <-> DISABLED <-> PROTOCOL-DNS PHP dns_get_record out of bounds read attempt (protocol-dns.rules)
 * 1:59865 <-> DISABLED <-> SERVER-ORACLE Oracle WebLogic Coherence library remote code execution attempt (server-oracle.rules)
 * 1:59862 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file malformed Source attribute buffer overflow attempt (file-other.rules)
 * 1:59827 <-> DISABLED <-> FILE-OTHER Adobe Acrobat malicious joboptions file download attempt (file-other.rules)
 * 1:59850 <-> DISABLED <-> FILE-OTHER Eaton HMiSoft VU3 GIFFILE stack buffer overflow attempt (file-other.rules)
 * 1:59825 <-> DISABLED <-> SERVER-OTHER OpenVPN read_key buffer overflow attempt (server-other.rules)
 * 1:59848 <-> DISABLED <-> FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor DPB GIFFILE stack buffer overflow attempt (file-other.rules)

Modified Rules:


 * 1:58682 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt (server-webapp.rules)
 * 1:41209 <-> DISABLED <-> SERVER-OTHER Aerospike Database Server Fabric particle_vtable out of bounds read attempt (server-other.rules)
 * 1:59510 <-> DISABLED <-> FILE-OTHER ClamAV OLE2 uniq_add out of bounds write attempt (file-other.rules)
 * 1:47277 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file PPDoc out-of-bounds read attempt (file-other.rules)
 * 1:58679 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt (server-webapp.rules)
 * 1:58680 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt (server-webapp.rules)
 * 1:7707 <-> DISABLED <-> MALWARE-CNC omniquad instant remote control runtime detection - file transfer setup (malware-cnc.rules)
 * 1:41206 <-> DISABLED <-> SERVER-OTHER Aerospike Database Server index name buffer overflow attempt (server-other.rules)
 * 1:47276 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file PPDoc out-of-bounds read attempt (file-other.rules)
 * 1:59509 <-> DISABLED <-> FILE-OTHER ClamAV OLE2 uniq_add out of bounds write attempt (file-other.rules)
 * 1:58681 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt (server-webapp.rules)
 * 3:44499 <-> ENABLED <-> SERVER-WEBAPP Cisco License Manager ReportCSV directory traversal attempt (server-webapp.rules)
 * 3:44498 <-> ENABLED <-> SERVER-WEBAPP Cisco License Manager ReportCSV directory traversal attempt (server-webapp.rules)
 * 3:44500 <-> ENABLED <-> SERVER-WEBAPP Cisco License Manager ReportCSV directory traversal attempt (server-webapp.rules)

2022-05-24 21:19:42 UTC

Snort Subscriber Rules Update

Date: 2022-05-24

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091401.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:59835 <-> DISABLED <-> SERVER-MAIL Dovecot denial of service attempt (server-mail.rules)
 * 1:59845 <-> DISABLED <-> POLICY-OTHER Microsoft Exchange Import-TransportRuleCollection SOAP request detected (policy-other.rules)
 * 1:59856 <-> DISABLED <-> FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor stack buffer overflow attempt (file-other.rules)
 * 1:59829 <-> DISABLED <-> FILE-IMAGE Microsoft Windows DirectShow JPEG double free attempt (file-image.rules)
 * 1:59860 <-> DISABLED <-> FILE-MULTIMEDIA AVI file chunk length integer overflow attempt (file-multimedia.rules)
 * 1:59846 <-> DISABLED <-> SERVER-OTHER HP LoadRunner mxdr_string heap buffer overflow attempt (server-other.rules)
 * 1:59861 <-> DISABLED <-> FILE-MULTIMEDIA AVI file chunk length integer overflow attempt (file-multimedia.rules)
 * 1:59866 <-> DISABLED <-> SERVER-OTHER Debian Redis Lua sandbox escape attempt (server-other.rules)
 * 1:59865 <-> DISABLED <-> SERVER-ORACLE Oracle WebLogic Coherence library remote code execution attempt (server-oracle.rules)
 * 1:59833 <-> DISABLED <-> SERVER-MAIL Dovecot denial of service attempt (server-mail.rules)
 * 1:59834 <-> DISABLED <-> SERVER-MAIL Dovecot denial of service attempt (server-mail.rules)
 * 1:59840 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file PPDoc out-of-bounds read attempt (file-other.rules)
 * 1:59863 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file malformed Source attribute buffer overflow attempt (file-other.rules)
 * 1:59862 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file malformed Source attribute buffer overflow attempt (file-other.rules)
 * 1:59857 <-> DISABLED <-> FILE-OTHER Omron CX-One CX-Programmer malicious cxp file download attempt (file-other.rules)
 * 1:59836 <-> DISABLED <-> SERVER-WEBAPP Jenkins Pipeline Groovy plugin Java expression language injection attempt (server-webapp.rules)
 * 1:59854 <-> DISABLED <-> OS-WINDOWS Microsoft Windows LNK file remote code execution attempt (os-windows.rules)
 * 1:59850 <-> DISABLED <-> FILE-OTHER Eaton HMiSoft VU3 GIFFILE stack buffer overflow attempt (file-other.rules)
 * 1:59849 <-> DISABLED <-> OS-LINUX Linux Kernel ipv4_pktinfo_prepare denial of service attempt (os-linux.rules)
 * 1:59853 <-> DISABLED <-> OS-WINDOWS Microsoft Windows LNK file remote code execution attempt (os-windows.rules)
 * 1:59841 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file PPDoc out-of-bounds read attempt (file-other.rules)
 * 1:59839 <-> DISABLED <-> POLICY-OTHER WordPress Plugin WPGraphQL potential denial of service attempt (policy-other.rules)
 * 1:59828 <-> DISABLED <-> FILE-IMAGE Microsoft Windows DirectShow JPEG double free attempt (file-image.rules)
 * 1:59842 <-> DISABLED <-> SERVER-OTHER ISC BIND rndc control channel denial of service attempt (server-other.rules)
 * 1:59825 <-> DISABLED <-> SERVER-OTHER OpenVPN read_key buffer overflow attempt (server-other.rules)
 * 1:59864 <-> DISABLED <-> OS-WINDOWS DHCP failover invalid length remote code execution attempt (os-windows.rules)
 * 1:59847 <-> DISABLED <-> FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor DPB GIFFILE stack buffer overflow attempt (file-other.rules)
 * 1:59868 <-> DISABLED <-> OS-WINDOWS DHCP failover relationship name denial of service attempt (os-windows.rules)
 * 1:59826 <-> DISABLED <-> FILE-OTHER Adobe Acrobat malicious joboptions file download attempt (file-other.rules)
 * 1:59858 <-> DISABLED <-> FILE-OTHER Omron CX-One CX-Programmer malicious cxp file download attempt (file-other.rules)
 * 1:59832 <-> DISABLED <-> SERVER-OTHER WatchGuard Firebox and XTM remote code execution attempt (server-other.rules)
 * 1:59843 <-> DISABLED <-> POLICY-OTHER Microsoft Exchange Export-ExchangeCertificate SOAP API call detected (policy-other.rules)
 * 1:59851 <-> DISABLED <-> FILE-OTHER Eaton HMiSoft VU3 GIFFILE stack buffer overflow attempt (file-other.rules)
 * 1:59831 <-> DISABLED <-> FILE-IMAGE Microsoft Windows DirectShow JPEG double free attempt (file-image.rules)
 * 1:59855 <-> DISABLED <-> FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor stack buffer overflow attempt (file-other.rules)
 * 1:59852 <-> DISABLED <-> SERVER-ORACLE Oracle WebLogic Server IIOP JNDI injection attempt (server-oracle.rules)
 * 1:59848 <-> DISABLED <-> FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor DPB GIFFILE stack buffer overflow attempt (file-other.rules)
 * 1:59827 <-> DISABLED <-> FILE-OTHER Adobe Acrobat malicious joboptions file download attempt (file-other.rules)
 * 1:59844 <-> DISABLED <-> POLICY-OTHER Microsoft Exchange New-ExchangeCertificate SOAP API call detected (policy-other.rules)
 * 1:59830 <-> DISABLED <-> FILE-IMAGE Microsoft Windows DirectShow JPEG double free attempt (file-image.rules)
 * 1:59859 <-> DISABLED <-> PROTOCOL-DNS PHP dns_get_record out of bounds read attempt (protocol-dns.rules)
 * 1:59867 <-> DISABLED <-> SERVER-OTHER Debian Redis Lua sandbox escape attempt (server-other.rules)
 * 1:59837 <-> DISABLED <-> SERVER-WEBAPP Jenkins Pipeline Groovy plugin Java expression language injection attempt (server-webapp.rules)
 * 1:59838 <-> DISABLED <-> POLICY-OTHER WordPress Plugin WPGraphQL potential denial of service attempt (policy-other.rules)

Modified Rules:


 * 1:58679 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt (server-webapp.rules)
 * 1:58681 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt (server-webapp.rules)
 * 1:7707 <-> DISABLED <-> MALWARE-CNC omniquad instant remote control runtime detection - file transfer setup (malware-cnc.rules)
 * 1:41206 <-> DISABLED <-> SERVER-OTHER Aerospike Database Server index name buffer overflow attempt (server-other.rules)
 * 1:47276 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file PPDoc out-of-bounds read attempt (file-other.rules)
 * 1:59510 <-> DISABLED <-> FILE-OTHER ClamAV OLE2 uniq_add out of bounds write attempt (file-other.rules)
 * 1:58680 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt (server-webapp.rules)
 * 1:58682 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt (server-webapp.rules)
 * 1:59509 <-> DISABLED <-> FILE-OTHER ClamAV OLE2 uniq_add out of bounds write attempt (file-other.rules)
 * 1:47277 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file PPDoc out-of-bounds read attempt (file-other.rules)
 * 1:41209 <-> DISABLED <-> SERVER-OTHER Aerospike Database Server Fabric particle_vtable out of bounds read attempt (server-other.rules)
 * 3:44498 <-> ENABLED <-> SERVER-WEBAPP Cisco License Manager ReportCSV directory traversal attempt (server-webapp.rules)
 * 3:44499 <-> ENABLED <-> SERVER-WEBAPP Cisco License Manager ReportCSV directory traversal attempt (server-webapp.rules)
 * 3:44500 <-> ENABLED <-> SERVER-WEBAPP Cisco License Manager ReportCSV directory traversal attempt (server-webapp.rules)

2022-05-24 21:19:42 UTC

Snort Subscriber Rules Update

Date: 2022-05-24

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091300.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:59835 <-> DISABLED <-> SERVER-MAIL Dovecot denial of service attempt (server-mail.rules)
 * 1:59852 <-> DISABLED <-> SERVER-ORACLE Oracle WebLogic Server IIOP JNDI injection attempt (server-oracle.rules)
 * 1:59836 <-> DISABLED <-> SERVER-WEBAPP Jenkins Pipeline Groovy plugin Java expression language injection attempt (server-webapp.rules)
 * 1:59854 <-> DISABLED <-> OS-WINDOWS Microsoft Windows LNK file remote code execution attempt (os-windows.rules)
 * 1:59834 <-> DISABLED <-> SERVER-MAIL Dovecot denial of service attempt (server-mail.rules)
 * 1:59867 <-> DISABLED <-> SERVER-OTHER Debian Redis Lua sandbox escape attempt (server-other.rules)
 * 1:59826 <-> DISABLED <-> FILE-OTHER Adobe Acrobat malicious joboptions file download attempt (file-other.rules)
 * 1:59864 <-> DISABLED <-> OS-WINDOWS DHCP failover invalid length remote code execution attempt (os-windows.rules)
 * 1:59829 <-> DISABLED <-> FILE-IMAGE Microsoft Windows DirectShow JPEG double free attempt (file-image.rules)
 * 1:59862 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file malformed Source attribute buffer overflow attempt (file-other.rules)
 * 1:59857 <-> DISABLED <-> FILE-OTHER Omron CX-One CX-Programmer malicious cxp file download attempt (file-other.rules)
 * 1:59859 <-> DISABLED <-> PROTOCOL-DNS PHP dns_get_record out of bounds read attempt (protocol-dns.rules)
 * 1:59839 <-> DISABLED <-> POLICY-OTHER WordPress Plugin WPGraphQL potential denial of service attempt (policy-other.rules)
 * 1:59840 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file PPDoc out-of-bounds read attempt (file-other.rules)
 * 1:59841 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file PPDoc out-of-bounds read attempt (file-other.rules)
 * 1:59827 <-> DISABLED <-> FILE-OTHER Adobe Acrobat malicious joboptions file download attempt (file-other.rules)
 * 1:59842 <-> DISABLED <-> SERVER-OTHER ISC BIND rndc control channel denial of service attempt (server-other.rules)
 * 1:59853 <-> DISABLED <-> OS-WINDOWS Microsoft Windows LNK file remote code execution attempt (os-windows.rules)
 * 1:59843 <-> DISABLED <-> POLICY-OTHER Microsoft Exchange Export-ExchangeCertificate SOAP API call detected (policy-other.rules)
 * 1:59844 <-> DISABLED <-> POLICY-OTHER Microsoft Exchange New-ExchangeCertificate SOAP API call detected (policy-other.rules)
 * 1:59850 <-> DISABLED <-> FILE-OTHER Eaton HMiSoft VU3 GIFFILE stack buffer overflow attempt (file-other.rules)
 * 1:59851 <-> DISABLED <-> FILE-OTHER Eaton HMiSoft VU3 GIFFILE stack buffer overflow attempt (file-other.rules)
 * 1:59845 <-> DISABLED <-> POLICY-OTHER Microsoft Exchange Import-TransportRuleCollection SOAP request detected (policy-other.rules)
 * 1:59846 <-> DISABLED <-> SERVER-OTHER HP LoadRunner mxdr_string heap buffer overflow attempt (server-other.rules)
 * 1:59847 <-> DISABLED <-> FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor DPB GIFFILE stack buffer overflow attempt (file-other.rules)
 * 1:59833 <-> DISABLED <-> SERVER-MAIL Dovecot denial of service attempt (server-mail.rules)
 * 1:59866 <-> DISABLED <-> SERVER-OTHER Debian Redis Lua sandbox escape attempt (server-other.rules)
 * 1:59858 <-> DISABLED <-> FILE-OTHER Omron CX-One CX-Programmer malicious cxp file download attempt (file-other.rules)
 * 1:59828 <-> DISABLED <-> FILE-IMAGE Microsoft Windows DirectShow JPEG double free attempt (file-image.rules)
 * 1:59863 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file malformed Source attribute buffer overflow attempt (file-other.rules)
 * 1:59868 <-> DISABLED <-> OS-WINDOWS DHCP failover relationship name denial of service attempt (os-windows.rules)
 * 1:59849 <-> DISABLED <-> OS-LINUX Linux Kernel ipv4_pktinfo_prepare denial of service attempt (os-linux.rules)
 * 1:59856 <-> DISABLED <-> FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor stack buffer overflow attempt (file-other.rules)
 * 1:59855 <-> DISABLED <-> FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor stack buffer overflow attempt (file-other.rules)
 * 1:59848 <-> DISABLED <-> FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor DPB GIFFILE stack buffer overflow attempt (file-other.rules)
 * 1:59832 <-> DISABLED <-> SERVER-OTHER WatchGuard Firebox and XTM remote code execution attempt (server-other.rules)
 * 1:59830 <-> DISABLED <-> FILE-IMAGE Microsoft Windows DirectShow JPEG double free attempt (file-image.rules)
 * 1:59831 <-> DISABLED <-> FILE-IMAGE Microsoft Windows DirectShow JPEG double free attempt (file-image.rules)
 * 1:59865 <-> DISABLED <-> SERVER-ORACLE Oracle WebLogic Coherence library remote code execution attempt (server-oracle.rules)
 * 1:59861 <-> DISABLED <-> FILE-MULTIMEDIA AVI file chunk length integer overflow attempt (file-multimedia.rules)
 * 1:59825 <-> DISABLED <-> SERVER-OTHER OpenVPN read_key buffer overflow attempt (server-other.rules)
 * 1:59838 <-> DISABLED <-> POLICY-OTHER WordPress Plugin WPGraphQL potential denial of service attempt (policy-other.rules)
 * 1:59860 <-> DISABLED <-> FILE-MULTIMEDIA AVI file chunk length integer overflow attempt (file-multimedia.rules)
 * 1:59837 <-> DISABLED <-> SERVER-WEBAPP Jenkins Pipeline Groovy plugin Java expression language injection attempt (server-webapp.rules)

Modified Rules:


 * 1:58681 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt (server-webapp.rules)
 * 1:47276 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file PPDoc out-of-bounds read attempt (file-other.rules)
 * 1:58682 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt (server-webapp.rules)
 * 1:7707 <-> DISABLED <-> MALWARE-CNC omniquad instant remote control runtime detection - file transfer setup (malware-cnc.rules)
 * 1:41206 <-> DISABLED <-> SERVER-OTHER Aerospike Database Server index name buffer overflow attempt (server-other.rules)
 * 1:58680 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt (server-webapp.rules)
 * 1:41209 <-> DISABLED <-> SERVER-OTHER Aerospike Database Server Fabric particle_vtable out of bounds read attempt (server-other.rules)
 * 1:47277 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file PPDoc out-of-bounds read attempt (file-other.rules)
 * 1:59509 <-> DISABLED <-> FILE-OTHER ClamAV OLE2 uniq_add out of bounds write attempt (file-other.rules)
 * 1:59510 <-> DISABLED <-> FILE-OTHER ClamAV OLE2 uniq_add out of bounds write attempt (file-other.rules)
 * 1:58679 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt (server-webapp.rules)
 * 3:44498 <-> ENABLED <-> SERVER-WEBAPP Cisco License Manager ReportCSV directory traversal attempt (server-webapp.rules)
 * 3:44499 <-> ENABLED <-> SERVER-WEBAPP Cisco License Manager ReportCSV directory traversal attempt (server-webapp.rules)
 * 3:44500 <-> ENABLED <-> SERVER-WEBAPP Cisco License Manager ReportCSV directory traversal attempt (server-webapp.rules)

2022-05-24 21:19:42 UTC

Snort Subscriber Rules Update

Date: 2022-05-24

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091101.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:59851 <-> DISABLED <-> FILE-OTHER Eaton HMiSoft VU3 GIFFILE stack buffer overflow attempt (file-other.rules)
 * 1:59852 <-> DISABLED <-> SERVER-ORACLE Oracle WebLogic Server IIOP JNDI injection attempt (server-oracle.rules)
 * 1:59832 <-> DISABLED <-> SERVER-OTHER WatchGuard Firebox and XTM remote code execution attempt (server-other.rules)
 * 1:59833 <-> DISABLED <-> SERVER-MAIL Dovecot denial of service attempt (server-mail.rules)
 * 1:59850 <-> DISABLED <-> FILE-OTHER Eaton HMiSoft VU3 GIFFILE stack buffer overflow attempt (file-other.rules)
 * 1:59867 <-> DISABLED <-> SERVER-OTHER Debian Redis Lua sandbox escape attempt (server-other.rules)
 * 1:59825 <-> DISABLED <-> SERVER-OTHER OpenVPN read_key buffer overflow attempt (server-other.rules)
 * 1:59835 <-> DISABLED <-> SERVER-MAIL Dovecot denial of service attempt (server-mail.rules)
 * 1:59862 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file malformed Source attribute buffer overflow attempt (file-other.rules)
 * 1:59826 <-> DISABLED <-> FILE-OTHER Adobe Acrobat malicious joboptions file download attempt (file-other.rules)
 * 1:59858 <-> DISABLED <-> FILE-OTHER Omron CX-One CX-Programmer malicious cxp file download attempt (file-other.rules)
 * 1:59834 <-> DISABLED <-> SERVER-MAIL Dovecot denial of service attempt (server-mail.rules)
 * 1:59853 <-> DISABLED <-> OS-WINDOWS Microsoft Windows LNK file remote code execution attempt (os-windows.rules)
 * 1:59859 <-> DISABLED <-> PROTOCOL-DNS PHP dns_get_record out of bounds read attempt (protocol-dns.rules)
 * 1:59866 <-> DISABLED <-> SERVER-OTHER Debian Redis Lua sandbox escape attempt (server-other.rules)
 * 1:59860 <-> DISABLED <-> FILE-MULTIMEDIA AVI file chunk length integer overflow attempt (file-multimedia.rules)
 * 1:59836 <-> DISABLED <-> SERVER-WEBAPP Jenkins Pipeline Groovy plugin Java expression language injection attempt (server-webapp.rules)
 * 1:59837 <-> DISABLED <-> SERVER-WEBAPP Jenkins Pipeline Groovy plugin Java expression language injection attempt (server-webapp.rules)
 * 1:59838 <-> DISABLED <-> POLICY-OTHER WordPress Plugin WPGraphQL potential denial of service attempt (policy-other.rules)
 * 1:59839 <-> DISABLED <-> POLICY-OTHER WordPress Plugin WPGraphQL potential denial of service attempt (policy-other.rules)
 * 1:59840 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file PPDoc out-of-bounds read attempt (file-other.rules)
 * 1:59841 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file PPDoc out-of-bounds read attempt (file-other.rules)
 * 1:59842 <-> DISABLED <-> SERVER-OTHER ISC BIND rndc control channel denial of service attempt (server-other.rules)
 * 1:59845 <-> DISABLED <-> POLICY-OTHER Microsoft Exchange Import-TransportRuleCollection SOAP request detected (policy-other.rules)
 * 1:59854 <-> DISABLED <-> OS-WINDOWS Microsoft Windows LNK file remote code execution attempt (os-windows.rules)
 * 1:59843 <-> DISABLED <-> POLICY-OTHER Microsoft Exchange Export-ExchangeCertificate SOAP API call detected (policy-other.rules)
 * 1:59844 <-> DISABLED <-> POLICY-OTHER Microsoft Exchange New-ExchangeCertificate SOAP API call detected (policy-other.rules)
 * 1:59863 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file malformed Source attribute buffer overflow attempt (file-other.rules)
 * 1:59828 <-> DISABLED <-> FILE-IMAGE Microsoft Windows DirectShow JPEG double free attempt (file-image.rules)
 * 1:59848 <-> DISABLED <-> FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor DPB GIFFILE stack buffer overflow attempt (file-other.rules)
 * 1:59856 <-> DISABLED <-> FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor stack buffer overflow attempt (file-other.rules)
 * 1:59861 <-> DISABLED <-> FILE-MULTIMEDIA AVI file chunk length integer overflow attempt (file-multimedia.rules)
 * 1:59857 <-> DISABLED <-> FILE-OTHER Omron CX-One CX-Programmer malicious cxp file download attempt (file-other.rules)
 * 1:59827 <-> DISABLED <-> FILE-OTHER Adobe Acrobat malicious joboptions file download attempt (file-other.rules)
 * 1:59831 <-> DISABLED <-> FILE-IMAGE Microsoft Windows DirectShow JPEG double free attempt (file-image.rules)
 * 1:59830 <-> DISABLED <-> FILE-IMAGE Microsoft Windows DirectShow JPEG double free attempt (file-image.rules)
 * 1:59855 <-> DISABLED <-> FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor stack buffer overflow attempt (file-other.rules)
 * 1:59846 <-> DISABLED <-> SERVER-OTHER HP LoadRunner mxdr_string heap buffer overflow attempt (server-other.rules)
 * 1:59865 <-> DISABLED <-> SERVER-ORACLE Oracle WebLogic Coherence library remote code execution attempt (server-oracle.rules)
 * 1:59849 <-> DISABLED <-> OS-LINUX Linux Kernel ipv4_pktinfo_prepare denial of service attempt (os-linux.rules)
 * 1:59868 <-> DISABLED <-> OS-WINDOWS DHCP failover relationship name denial of service attempt (os-windows.rules)
 * 1:59864 <-> DISABLED <-> OS-WINDOWS DHCP failover invalid length remote code execution attempt (os-windows.rules)
 * 1:59847 <-> DISABLED <-> FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor DPB GIFFILE stack buffer overflow attempt (file-other.rules)
 * 1:59829 <-> DISABLED <-> FILE-IMAGE Microsoft Windows DirectShow JPEG double free attempt (file-image.rules)

Modified Rules:


 * 1:47277 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file PPDoc out-of-bounds read attempt (file-other.rules)
 * 1:58679 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt (server-webapp.rules)
 * 1:58682 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt (server-webapp.rules)
 * 1:41206 <-> DISABLED <-> SERVER-OTHER Aerospike Database Server index name buffer overflow attempt (server-other.rules)
 * 1:59509 <-> DISABLED <-> FILE-OTHER ClamAV OLE2 uniq_add out of bounds write attempt (file-other.rules)
 * 1:58680 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt (server-webapp.rules)
 * 1:58681 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt (server-webapp.rules)
 * 1:41209 <-> DISABLED <-> SERVER-OTHER Aerospike Database Server Fabric particle_vtable out of bounds read attempt (server-other.rules)
 * 1:47276 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file PPDoc out-of-bounds read attempt (file-other.rules)
 * 1:7707 <-> DISABLED <-> MALWARE-CNC omniquad instant remote control runtime detection - file transfer setup (malware-cnc.rules)
 * 1:59510 <-> DISABLED <-> FILE-OTHER ClamAV OLE2 uniq_add out of bounds write attempt (file-other.rules)
 * 3:44500 <-> ENABLED <-> SERVER-WEBAPP Cisco License Manager ReportCSV directory traversal attempt (server-webapp.rules)
 * 3:44498 <-> ENABLED <-> SERVER-WEBAPP Cisco License Manager ReportCSV directory traversal attempt (server-webapp.rules)
 * 3:44499 <-> ENABLED <-> SERVER-WEBAPP Cisco License Manager ReportCSV directory traversal attempt (server-webapp.rules)

2022-05-24 21:19:42 UTC

Snort Subscriber Rules Update

Date: 2022-05-24

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3000.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:59852 <-> ENABLED <-> SERVER-ORACLE Oracle WebLogic Server IIOP JNDI injection attempt (snort3-server-oracle.rules)
 * 1:59835 <-> ENABLED <-> SERVER-MAIL Dovecot denial of service attempt (snort3-server-mail.rules)
 * 1:59843 <-> ENABLED <-> POLICY-OTHER Microsoft Exchange Export-ExchangeCertificate SOAP API call detected (snort3-policy-other.rules)
 * 1:59825 <-> ENABLED <-> SERVER-OTHER OpenVPN read_key buffer overflow attempt (snort3-server-other.rules)
 * 1:59834 <-> ENABLED <-> SERVER-MAIL Dovecot denial of service attempt (snort3-server-mail.rules)
 * 1:59830 <-> ENABLED <-> FILE-IMAGE Microsoft Windows DirectShow JPEG double free attempt (snort3-file-image.rules)
 * 1:59846 <-> ENABLED <-> SERVER-OTHER HP LoadRunner mxdr_string heap buffer overflow attempt (snort3-server-other.rules)
 * 1:59864 <-> ENABLED <-> OS-WINDOWS DHCP failover invalid length remote code execution attempt (snort3-os-windows.rules)
 * 1:59838 <-> ENABLED <-> POLICY-OTHER WordPress Plugin WPGraphQL potential denial of service attempt (snort3-policy-other.rules)
 * 1:59828 <-> ENABLED <-> FILE-IMAGE Microsoft Windows DirectShow JPEG double free attempt (snort3-file-image.rules)
 * 1:59849 <-> ENABLED <-> OS-LINUX Linux Kernel ipv4_pktinfo_prepare denial of service attempt (snort3-os-linux.rules)
 * 1:59868 <-> ENABLED <-> OS-WINDOWS DHCP failover relationship name denial of service attempt (snort3-os-windows.rules)
 * 1:59865 <-> ENABLED <-> SERVER-ORACLE Oracle WebLogic Coherence library remote code execution attempt (snort3-server-oracle.rules)
 * 1:59866 <-> ENABLED <-> SERVER-OTHER Debian Redis Lua sandbox escape attempt (snort3-server-other.rules)
 * 1:59837 <-> ENABLED <-> SERVER-WEBAPP Jenkins Pipeline Groovy plugin Java expression language injection attempt (snort3-server-webapp.rules)
 * 1:59831 <-> ENABLED <-> FILE-IMAGE Microsoft Windows DirectShow JPEG double free attempt (snort3-file-image.rules)
 * 1:59836 <-> ENABLED <-> SERVER-WEBAPP Jenkins Pipeline Groovy plugin Java expression language injection attempt (snort3-server-webapp.rules)
 * 1:59829 <-> ENABLED <-> FILE-IMAGE Microsoft Windows DirectShow JPEG double free attempt (snort3-file-image.rules)
 * 1:59867 <-> ENABLED <-> SERVER-OTHER Debian Redis Lua sandbox escape attempt (snort3-server-other.rules)
 * 1:59839 <-> ENABLED <-> POLICY-OTHER WordPress Plugin WPGraphQL potential denial of service attempt (snort3-policy-other.rules)
 * 1:59832 <-> ENABLED <-> SERVER-OTHER WatchGuard Firebox and XTM remote code execution attempt (snort3-server-other.rules)
 * 1:59842 <-> ENABLED <-> SERVER-OTHER ISC BIND rndc control channel denial of service attempt (snort3-server-other.rules)
 * 1:59859 <-> ENABLED <-> PROTOCOL-DNS PHP dns_get_record out of bounds read attempt (snort3-protocol-dns.rules)
 * 1:59844 <-> ENABLED <-> POLICY-OTHER Microsoft Exchange New-ExchangeCertificate SOAP API call detected (snort3-policy-other.rules)
 * 1:59833 <-> ENABLED <-> SERVER-MAIL Dovecot denial of service attempt (snort3-server-mail.rules)
 * 1:59854 <-> ENABLED <-> OS-WINDOWS Microsoft Windows LNK file remote code execution attempt (snort3-os-windows.rules)
 * 1:59845 <-> ENABLED <-> POLICY-OTHER Microsoft Exchange Import-TransportRuleCollection SOAP request detected (snort3-policy-other.rules)
 * 1:59853 <-> ENABLED <-> OS-WINDOWS Microsoft Windows LNK file remote code execution attempt (snort3-os-windows.rules)

Modified Rules:


 * 1:58681 <-> ENABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt (snort3-server-webapp.rules)
 * 1:58682 <-> ENABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt (snort3-server-webapp.rules)
 * 1:59509 <-> ENABLED <-> FILE-OTHER ClamAV OLE2 uniq_add out of bounds write attempt (snort3-file-other.rules)
 * 1:58680 <-> ENABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt (snort3-server-webapp.rules)
 * 1:47277 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file PPDoc out-of-bounds read attempt (snort3-file-other.rules)
 * 1:47276 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file PPDoc out-of-bounds read attempt (snort3-file-other.rules)
 * 1:41209 <-> ENABLED <-> SERVER-OTHER Aerospike Database Server Fabric particle_vtable out of bounds read attempt (snort3-server-other.rules)
 * 1:59510 <-> ENABLED <-> FILE-OTHER ClamAV OLE2 uniq_add out of bounds write attempt (snort3-file-other.rules)
 * 1:58679 <-> ENABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt (snort3-server-webapp.rules)
 * 1:7707 <-> ENABLED <-> MALWARE-CNC omniquad instant remote control runtime detection - file transfer setup (snort3-malware-cnc.rules)
 * 1:41206 <-> ENABLED <-> SERVER-OTHER Aerospike Database Server index name buffer overflow attempt (snort3-server-other.rules)

2022-05-24 21:19:42 UTC

Snort Subscriber Rules Update

Date: 2022-05-24

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:59853 <-> DISABLED <-> OS-WINDOWS Microsoft Windows LNK file remote code execution attempt (os-windows.rules)
 * 1:59860 <-> DISABLED <-> FILE-MULTIMEDIA AVI file chunk length integer overflow attempt (file-multimedia.rules)
 * 1:59835 <-> DISABLED <-> SERVER-MAIL Dovecot denial of service attempt (server-mail.rules)
 * 1:59863 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file malformed Source attribute buffer overflow attempt (file-other.rules)
 * 1:59844 <-> DISABLED <-> POLICY-OTHER Microsoft Exchange New-ExchangeCertificate SOAP API call detected (policy-other.rules)
 * 1:59842 <-> DISABLED <-> SERVER-OTHER ISC BIND rndc control channel denial of service attempt (server-other.rules)
 * 1:59867 <-> DISABLED <-> SERVER-OTHER Debian Redis Lua sandbox escape attempt (server-other.rules)
 * 1:59840 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file PPDoc out-of-bounds read attempt (file-other.rules)
 * 1:59849 <-> DISABLED <-> OS-LINUX Linux Kernel ipv4_pktinfo_prepare denial of service attempt (os-linux.rules)
 * 1:59847 <-> DISABLED <-> FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor DPB GIFFILE stack buffer overflow attempt (file-other.rules)
 * 1:59858 <-> DISABLED <-> FILE-OTHER Omron CX-One CX-Programmer malicious cxp file download attempt (file-other.rules)
 * 1:59850 <-> DISABLED <-> FILE-OTHER Eaton HMiSoft VU3 GIFFILE stack buffer overflow attempt (file-other.rules)
 * 1:59852 <-> DISABLED <-> SERVER-ORACLE Oracle WebLogic Server IIOP JNDI injection attempt (server-oracle.rules)
 * 1:59854 <-> DISABLED <-> OS-WINDOWS Microsoft Windows LNK file remote code execution attempt (os-windows.rules)
 * 1:59861 <-> DISABLED <-> FILE-MULTIMEDIA AVI file chunk length integer overflow attempt (file-multimedia.rules)
 * 1:59843 <-> DISABLED <-> POLICY-OTHER Microsoft Exchange Export-ExchangeCertificate SOAP API call detected (policy-other.rules)
 * 1:59851 <-> DISABLED <-> FILE-OTHER Eaton HMiSoft VU3 GIFFILE stack buffer overflow attempt (file-other.rules)
 * 1:59836 <-> DISABLED <-> SERVER-WEBAPP Jenkins Pipeline Groovy plugin Java expression language injection attempt (server-webapp.rules)
 * 1:59856 <-> DISABLED <-> FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor stack buffer overflow attempt (file-other.rules)
 * 1:59826 <-> DISABLED <-> FILE-OTHER Adobe Acrobat malicious joboptions file download attempt (file-other.rules)
 * 1:59846 <-> DISABLED <-> SERVER-OTHER HP LoadRunner mxdr_string heap buffer overflow attempt (server-other.rules)
 * 1:59865 <-> DISABLED <-> SERVER-ORACLE Oracle WebLogic Coherence library remote code execution attempt (server-oracle.rules)
 * 1:59837 <-> DISABLED <-> SERVER-WEBAPP Jenkins Pipeline Groovy plugin Java expression language injection attempt (server-webapp.rules)
 * 1:59857 <-> DISABLED <-> FILE-OTHER Omron CX-One CX-Programmer malicious cxp file download attempt (file-other.rules)
 * 1:59841 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file PPDoc out-of-bounds read attempt (file-other.rules)
 * 1:59839 <-> DISABLED <-> POLICY-OTHER WordPress Plugin WPGraphQL potential denial of service attempt (policy-other.rules)
 * 1:59827 <-> DISABLED <-> FILE-OTHER Adobe Acrobat malicious joboptions file download attempt (file-other.rules)
 * 1:59828 <-> DISABLED <-> FILE-IMAGE Microsoft Windows DirectShow JPEG double free attempt (file-image.rules)
 * 1:59838 <-> DISABLED <-> POLICY-OTHER WordPress Plugin WPGraphQL potential denial of service attempt (policy-other.rules)
 * 1:59829 <-> DISABLED <-> FILE-IMAGE Microsoft Windows DirectShow JPEG double free attempt (file-image.rules)
 * 1:59848 <-> DISABLED <-> FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor DPB GIFFILE stack buffer overflow attempt (file-other.rules)
 * 1:59830 <-> DISABLED <-> FILE-IMAGE Microsoft Windows DirectShow JPEG double free attempt (file-image.rules)
 * 1:59831 <-> DISABLED <-> FILE-IMAGE Microsoft Windows DirectShow JPEG double free attempt (file-image.rules)
 * 1:59832 <-> DISABLED <-> SERVER-OTHER WatchGuard Firebox and XTM remote code execution attempt (server-other.rules)
 * 1:59862 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file malformed Source attribute buffer overflow attempt (file-other.rules)
 * 1:59833 <-> DISABLED <-> SERVER-MAIL Dovecot denial of service attempt (server-mail.rules)
 * 1:59834 <-> DISABLED <-> SERVER-MAIL Dovecot denial of service attempt (server-mail.rules)
 * 1:59825 <-> DISABLED <-> SERVER-OTHER OpenVPN read_key buffer overflow attempt (server-other.rules)
 * 1:59866 <-> DISABLED <-> SERVER-OTHER Debian Redis Lua sandbox escape attempt (server-other.rules)
 * 1:59845 <-> DISABLED <-> POLICY-OTHER Microsoft Exchange Import-TransportRuleCollection SOAP request detected (policy-other.rules)
 * 1:59859 <-> DISABLED <-> PROTOCOL-DNS PHP dns_get_record out of bounds read attempt (protocol-dns.rules)
 * 1:59855 <-> DISABLED <-> FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor stack buffer overflow attempt (file-other.rules)
 * 1:59868 <-> DISABLED <-> OS-WINDOWS DHCP failover relationship name denial of service attempt (os-windows.rules)

Modified Rules:


 * 1:47276 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file PPDoc out-of-bounds read attempt (file-other.rules)
 * 1:7707 <-> DISABLED <-> MALWARE-CNC omniquad instant remote control runtime detection - file transfer setup (malware-cnc.rules)
 * 1:58681 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt (server-webapp.rules)
 * 1:59510 <-> DISABLED <-> FILE-OTHER ClamAV OLE2 uniq_add out of bounds write attempt (file-other.rules)
 * 1:58679 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt (server-webapp.rules)
 * 1:58680 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt (server-webapp.rules)
 * 1:58682 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt (server-webapp.rules)
 * 1:59509 <-> DISABLED <-> FILE-OTHER ClamAV OLE2 uniq_add out of bounds write attempt (file-other.rules)
 * 1:47277 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file PPDoc out-of-bounds read attempt (file-other.rules)
 * 1:41209 <-> DISABLED <-> SERVER-OTHER Aerospike Database Server Fabric particle_vtable out of bounds read attempt (server-other.rules)
 * 1:41206 <-> DISABLED <-> SERVER-OTHER Aerospike Database Server index name buffer overflow attempt (server-other.rules)

2022-05-24 21:23:17 UTC

Snort Subscriber Rules Update

Date: 2022-05-24-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.0.3.1.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:300180 <-> FILE-OTHER Adobe Acrobat malicious joboptions file download attempt
* 1:300181 <-> FILE-OTHER Adobe Acrobat Pro XPS file PPDoc out-of-bounds read attempt
* 1:300182 <-> FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor DPB GIFFILE stack buffer overflow attempt
* 1:300183 <-> FILE-OTHER Eaton HMiSoft VU3 GIFFILE stack buffer overflow attempt
* 1:300184 <-> FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor stack buffer overflow attempt
* 1:300185 <-> FILE-OTHER Omron CX-One CX-Programmer malicious cxp file download attempt
* 1:300186 <-> FILE-MULTIMEDIA AVI file chunk length integer overflow attempt
* 1:300187 <-> FILE-OTHER Adobe Acrobat Pro XPS file malformed Source attribute buffer overflow attempt
* 1:59825 <-> SERVER-OTHER OpenVPN read_key buffer overflow attempt
* 1:59828 <-> FILE-IMAGE Microsoft Windows DirectShow JPEG double free attempt
* 1:59829 <-> FILE-IMAGE Microsoft Windows DirectShow JPEG double free attempt
* 1:59830 <-> FILE-IMAGE Microsoft Windows DirectShow JPEG double free attempt
* 1:59831 <-> FILE-IMAGE Microsoft Windows DirectShow JPEG double free attempt
* 1:59832 <-> SERVER-OTHER WatchGuard Firebox and XTM remote code execution attempt
* 1:59833 <-> SERVER-MAIL Dovecot denial of service attempt
* 1:59834 <-> SERVER-MAIL Dovecot denial of service attempt
* 1:59835 <-> SERVER-MAIL Dovecot denial of service attempt
* 1:59836 <-> SERVER-WEBAPP Jenkins Pipeline Groovy plugin Java expression language injection attempt
* 1:59837 <-> SERVER-WEBAPP Jenkins Pipeline Groovy plugin Java expression language injection attempt
* 1:59838 <-> POLICY-OTHER WordPress Plugin WPGraphQL potential denial of service attempt
* 1:59839 <-> POLICY-OTHER WordPress Plugin WPGraphQL potential denial of service attempt
* 1:59842 <-> SERVER-OTHER ISC BIND rndc control channel denial of service attempt
* 1:59843 <-> POLICY-OTHER Microsoft Exchange Export-ExchangeCertificate SOAP API call detected
* 1:59844 <-> POLICY-OTHER Microsoft Exchange New-ExchangeCertificate SOAP API call detected
* 1:59845 <-> POLICY-OTHER Microsoft Exchange Import-TransportRuleCollection SOAP request detected
* 1:59846 <-> SERVER-OTHER HP LoadRunner mxdr_string heap buffer overflow attempt
* 1:59849 <-> OS-LINUX Linux Kernel ipv4_pktinfo_prepare denial of service attempt
* 1:59852 <-> SERVER-ORACLE Oracle WebLogic Server IIOP JNDI injection attempt
* 1:59853 <-> OS-WINDOWS Microsoft Windows LNK file remote code execution attempt
* 1:59854 <-> OS-WINDOWS Microsoft Windows LNK file remote code execution attempt
* 1:59859 <-> PROTOCOL-DNS PHP dns_get_record out of bounds read attempt
* 1:59864 <-> OS-WINDOWS DHCP failover invalid length remote code execution attempt
* 1:59865 <-> SERVER-ORACLE Oracle WebLogic Coherence library remote code execution attempt
* 1:59866 <-> SERVER-OTHER Debian Redis Lua sandbox escape attempt
* 1:59867 <-> SERVER-OTHER Debian Redis Lua sandbox escape attempt
* 1:59868 <-> OS-WINDOWS DHCP failover relationship name denial of service attempt

Modified Rules:

* 1:41206 <-> SERVER-OTHER Aerospike Database Server index name buffer overflow attempt
* 1:41209 <-> SERVER-OTHER Aerospike Database Server Fabric particle_vtable out of bounds read attempt
* 3:44498 <-> SERVER-WEBAPP Cisco License Manager ReportCSV directory traversal attempt
* 3:44499 <-> SERVER-WEBAPP Cisco License Manager ReportCSV directory traversal attempt
* 3:44500 <-> SERVER-WEBAPP Cisco License Manager ReportCSV directory traversal attempt
* 1:47201 <-> FILE-OFFICE Microsoft Office Excel fileVersion use-after-free attempt
* 1:47202 <-> FILE-OFFICE Microsoft Office Excel fileVersion use-after-free attempt
* 1:47276 <-> FILE-OTHER Adobe Acrobat Pro XPS file PPDoc out-of-bounds read attempt
* 1:47277 <-> FILE-OTHER Adobe Acrobat Pro XPS file PPDoc out-of-bounds read attempt
* 1:51028 <-> OS-WINDOWS Microsoft Windows Object Packager ClickOnce object remote code execution attempt
* 1:58679 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58680 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58681 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58682 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:59509 <-> FILE-OTHER ClamAV OLE2 uniq_add out of bounds write attempt
* 1:59510 <-> FILE-OTHER ClamAV OLE2 uniq_add out of bounds write attempt
* 1:7707 <-> MALWARE-CNC omniquad instant remote control runtime detection - file transfer setup


2022-05-24 21:23:17 UTC

Snort Subscriber Rules Update

Date: 2022-05-24-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.0.3.4.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:300180 <-> FILE-OTHER Adobe Acrobat malicious joboptions file download attempt
* 1:300181 <-> FILE-OTHER Adobe Acrobat Pro XPS file PPDoc out-of-bounds read attempt
* 1:300182 <-> FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor DPB GIFFILE stack buffer overflow attempt
* 1:300183 <-> FILE-OTHER Eaton HMiSoft VU3 GIFFILE stack buffer overflow attempt
* 1:300184 <-> FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor stack buffer overflow attempt
* 1:300185 <-> FILE-OTHER Omron CX-One CX-Programmer malicious cxp file download attempt
* 1:300186 <-> FILE-MULTIMEDIA AVI file chunk length integer overflow attempt
* 1:300187 <-> FILE-OTHER Adobe Acrobat Pro XPS file malformed Source attribute buffer overflow attempt
* 1:59825 <-> SERVER-OTHER OpenVPN read_key buffer overflow attempt
* 1:59828 <-> FILE-IMAGE Microsoft Windows DirectShow JPEG double free attempt
* 1:59829 <-> FILE-IMAGE Microsoft Windows DirectShow JPEG double free attempt
* 1:59830 <-> FILE-IMAGE Microsoft Windows DirectShow JPEG double free attempt
* 1:59831 <-> FILE-IMAGE Microsoft Windows DirectShow JPEG double free attempt
* 1:59832 <-> SERVER-OTHER WatchGuard Firebox and XTM remote code execution attempt
* 1:59833 <-> SERVER-MAIL Dovecot denial of service attempt
* 1:59834 <-> SERVER-MAIL Dovecot denial of service attempt
* 1:59835 <-> SERVER-MAIL Dovecot denial of service attempt
* 1:59836 <-> SERVER-WEBAPP Jenkins Pipeline Groovy plugin Java expression language injection attempt
* 1:59837 <-> SERVER-WEBAPP Jenkins Pipeline Groovy plugin Java expression language injection attempt
* 1:59838 <-> POLICY-OTHER WordPress Plugin WPGraphQL potential denial of service attempt
* 1:59839 <-> POLICY-OTHER WordPress Plugin WPGraphQL potential denial of service attempt
* 1:59842 <-> SERVER-OTHER ISC BIND rndc control channel denial of service attempt
* 1:59843 <-> POLICY-OTHER Microsoft Exchange Export-ExchangeCertificate SOAP API call detected
* 1:59844 <-> POLICY-OTHER Microsoft Exchange New-ExchangeCertificate SOAP API call detected
* 1:59845 <-> POLICY-OTHER Microsoft Exchange Import-TransportRuleCollection SOAP request detected
* 1:59846 <-> SERVER-OTHER HP LoadRunner mxdr_string heap buffer overflow attempt
* 1:59849 <-> OS-LINUX Linux Kernel ipv4_pktinfo_prepare denial of service attempt
* 1:59852 <-> SERVER-ORACLE Oracle WebLogic Server IIOP JNDI injection attempt
* 1:59853 <-> OS-WINDOWS Microsoft Windows LNK file remote code execution attempt
* 1:59854 <-> OS-WINDOWS Microsoft Windows LNK file remote code execution attempt
* 1:59859 <-> PROTOCOL-DNS PHP dns_get_record out of bounds read attempt
* 1:59864 <-> OS-WINDOWS DHCP failover invalid length remote code execution attempt
* 1:59865 <-> SERVER-ORACLE Oracle WebLogic Coherence library remote code execution attempt
* 1:59866 <-> SERVER-OTHER Debian Redis Lua sandbox escape attempt
* 1:59867 <-> SERVER-OTHER Debian Redis Lua sandbox escape attempt
* 1:59868 <-> OS-WINDOWS DHCP failover relationship name denial of service attempt

Modified Rules:

* 1:41206 <-> SERVER-OTHER Aerospike Database Server index name buffer overflow attempt
* 1:41209 <-> SERVER-OTHER Aerospike Database Server Fabric particle_vtable out of bounds read attempt
* 3:44498 <-> SERVER-WEBAPP Cisco License Manager ReportCSV directory traversal attempt
* 3:44499 <-> SERVER-WEBAPP Cisco License Manager ReportCSV directory traversal attempt
* 3:44500 <-> SERVER-WEBAPP Cisco License Manager ReportCSV directory traversal attempt
* 1:47201 <-> FILE-OFFICE Microsoft Office Excel fileVersion use-after-free attempt
* 1:47202 <-> FILE-OFFICE Microsoft Office Excel fileVersion use-after-free attempt
* 1:47276 <-> FILE-OTHER Adobe Acrobat Pro XPS file PPDoc out-of-bounds read attempt
* 1:47277 <-> FILE-OTHER Adobe Acrobat Pro XPS file PPDoc out-of-bounds read attempt
* 1:51028 <-> OS-WINDOWS Microsoft Windows Object Packager ClickOnce object remote code execution attempt
* 1:58679 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58680 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58681 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58682 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:59509 <-> FILE-OTHER ClamAV OLE2 uniq_add out of bounds write attempt
* 1:59510 <-> FILE-OTHER ClamAV OLE2 uniq_add out of bounds write attempt
* 1:7707 <-> MALWARE-CNC omniquad instant remote control runtime detection - file transfer setup


2022-05-24 21:23:17 UTC

Snort Subscriber Rules Update

Date: 2022-05-24-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.0.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:300180 <-> FILE-OTHER Adobe Acrobat malicious joboptions file download attempt
* 1:300181 <-> FILE-OTHER Adobe Acrobat Pro XPS file PPDoc out-of-bounds read attempt
* 1:300182 <-> FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor DPB GIFFILE stack buffer overflow attempt
* 1:300183 <-> FILE-OTHER Eaton HMiSoft VU3 GIFFILE stack buffer overflow attempt
* 1:300184 <-> FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor stack buffer overflow attempt
* 1:300185 <-> FILE-OTHER Omron CX-One CX-Programmer malicious cxp file download attempt
* 1:300186 <-> FILE-MULTIMEDIA AVI file chunk length integer overflow attempt
* 1:300187 <-> FILE-OTHER Adobe Acrobat Pro XPS file malformed Source attribute buffer overflow attempt
* 1:59825 <-> SERVER-OTHER OpenVPN read_key buffer overflow attempt
* 1:59828 <-> FILE-IMAGE Microsoft Windows DirectShow JPEG double free attempt
* 1:59829 <-> FILE-IMAGE Microsoft Windows DirectShow JPEG double free attempt
* 1:59830 <-> FILE-IMAGE Microsoft Windows DirectShow JPEG double free attempt
* 1:59831 <-> FILE-IMAGE Microsoft Windows DirectShow JPEG double free attempt
* 1:59832 <-> SERVER-OTHER WatchGuard Firebox and XTM remote code execution attempt
* 1:59833 <-> SERVER-MAIL Dovecot denial of service attempt
* 1:59834 <-> SERVER-MAIL Dovecot denial of service attempt
* 1:59835 <-> SERVER-MAIL Dovecot denial of service attempt
* 1:59836 <-> SERVER-WEBAPP Jenkins Pipeline Groovy plugin Java expression language injection attempt
* 1:59837 <-> SERVER-WEBAPP Jenkins Pipeline Groovy plugin Java expression language injection attempt
* 1:59838 <-> POLICY-OTHER WordPress Plugin WPGraphQL potential denial of service attempt
* 1:59839 <-> POLICY-OTHER WordPress Plugin WPGraphQL potential denial of service attempt
* 1:59842 <-> SERVER-OTHER ISC BIND rndc control channel denial of service attempt
* 1:59843 <-> POLICY-OTHER Microsoft Exchange Export-ExchangeCertificate SOAP API call detected
* 1:59844 <-> POLICY-OTHER Microsoft Exchange New-ExchangeCertificate SOAP API call detected
* 1:59845 <-> POLICY-OTHER Microsoft Exchange Import-TransportRuleCollection SOAP request detected
* 1:59846 <-> SERVER-OTHER HP LoadRunner mxdr_string heap buffer overflow attempt
* 1:59849 <-> OS-LINUX Linux Kernel ipv4_pktinfo_prepare denial of service attempt
* 1:59852 <-> SERVER-ORACLE Oracle WebLogic Server IIOP JNDI injection attempt
* 1:59853 <-> OS-WINDOWS Microsoft Windows LNK file remote code execution attempt
* 1:59854 <-> OS-WINDOWS Microsoft Windows LNK file remote code execution attempt
* 1:59859 <-> PROTOCOL-DNS PHP dns_get_record out of bounds read attempt
* 1:59864 <-> OS-WINDOWS DHCP failover invalid length remote code execution attempt
* 1:59865 <-> SERVER-ORACLE Oracle WebLogic Coherence library remote code execution attempt
* 1:59866 <-> SERVER-OTHER Debian Redis Lua sandbox escape attempt
* 1:59867 <-> SERVER-OTHER Debian Redis Lua sandbox escape attempt
* 1:59868 <-> OS-WINDOWS DHCP failover relationship name denial of service attempt

Modified Rules:

* 1:41206 <-> SERVER-OTHER Aerospike Database Server index name buffer overflow attempt
* 1:41209 <-> SERVER-OTHER Aerospike Database Server Fabric particle_vtable out of bounds read attempt
* 3:44498 <-> SERVER-WEBAPP Cisco License Manager ReportCSV directory traversal attempt
* 3:44499 <-> SERVER-WEBAPP Cisco License Manager ReportCSV directory traversal attempt
* 3:44500 <-> SERVER-WEBAPP Cisco License Manager ReportCSV directory traversal attempt
* 1:47201 <-> FILE-OFFICE Microsoft Office Excel fileVersion use-after-free attempt
* 1:47202 <-> FILE-OFFICE Microsoft Office Excel fileVersion use-after-free attempt
* 1:47276 <-> FILE-OTHER Adobe Acrobat Pro XPS file PPDoc out-of-bounds read attempt
* 1:47277 <-> FILE-OTHER Adobe Acrobat Pro XPS file PPDoc out-of-bounds read attempt
* 1:51028 <-> OS-WINDOWS Microsoft Windows Object Packager ClickOnce object remote code execution attempt
* 1:58679 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58680 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58681 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58682 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:59509 <-> FILE-OTHER ClamAV OLE2 uniq_add out of bounds write attempt
* 1:59510 <-> FILE-OTHER ClamAV OLE2 uniq_add out of bounds write attempt
* 1:7707 <-> MALWARE-CNC omniquad instant remote control runtime detection - file transfer setup


2022-05-24 21:23:17 UTC

Snort Subscriber Rules Update

Date: 2022-05-24-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.0.1.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:300180 <-> FILE-OTHER Adobe Acrobat malicious joboptions file download attempt
* 1:300181 <-> FILE-OTHER Adobe Acrobat Pro XPS file PPDoc out-of-bounds read attempt
* 1:300182 <-> FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor DPB GIFFILE stack buffer overflow attempt
* 1:300183 <-> FILE-OTHER Eaton HMiSoft VU3 GIFFILE stack buffer overflow attempt
* 1:300184 <-> FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor stack buffer overflow attempt
* 1:300185 <-> FILE-OTHER Omron CX-One CX-Programmer malicious cxp file download attempt
* 1:300186 <-> FILE-MULTIMEDIA AVI file chunk length integer overflow attempt
* 1:300187 <-> FILE-OTHER Adobe Acrobat Pro XPS file malformed Source attribute buffer overflow attempt
* 1:59825 <-> SERVER-OTHER OpenVPN read_key buffer overflow attempt
* 1:59828 <-> FILE-IMAGE Microsoft Windows DirectShow JPEG double free attempt
* 1:59829 <-> FILE-IMAGE Microsoft Windows DirectShow JPEG double free attempt
* 1:59830 <-> FILE-IMAGE Microsoft Windows DirectShow JPEG double free attempt
* 1:59831 <-> FILE-IMAGE Microsoft Windows DirectShow JPEG double free attempt
* 1:59832 <-> SERVER-OTHER WatchGuard Firebox and XTM remote code execution attempt
* 1:59833 <-> SERVER-MAIL Dovecot denial of service attempt
* 1:59834 <-> SERVER-MAIL Dovecot denial of service attempt
* 1:59835 <-> SERVER-MAIL Dovecot denial of service attempt
* 1:59836 <-> SERVER-WEBAPP Jenkins Pipeline Groovy plugin Java expression language injection attempt
* 1:59837 <-> SERVER-WEBAPP Jenkins Pipeline Groovy plugin Java expression language injection attempt
* 1:59838 <-> POLICY-OTHER WordPress Plugin WPGraphQL potential denial of service attempt
* 1:59839 <-> POLICY-OTHER WordPress Plugin WPGraphQL potential denial of service attempt
* 1:59842 <-> SERVER-OTHER ISC BIND rndc control channel denial of service attempt
* 1:59843 <-> POLICY-OTHER Microsoft Exchange Export-ExchangeCertificate SOAP API call detected
* 1:59844 <-> POLICY-OTHER Microsoft Exchange New-ExchangeCertificate SOAP API call detected
* 1:59845 <-> POLICY-OTHER Microsoft Exchange Import-TransportRuleCollection SOAP request detected
* 1:59846 <-> SERVER-OTHER HP LoadRunner mxdr_string heap buffer overflow attempt
* 1:59849 <-> OS-LINUX Linux Kernel ipv4_pktinfo_prepare denial of service attempt
* 1:59852 <-> SERVER-ORACLE Oracle WebLogic Server IIOP JNDI injection attempt
* 1:59853 <-> OS-WINDOWS Microsoft Windows LNK file remote code execution attempt
* 1:59854 <-> OS-WINDOWS Microsoft Windows LNK file remote code execution attempt
* 1:59859 <-> PROTOCOL-DNS PHP dns_get_record out of bounds read attempt
* 1:59864 <-> OS-WINDOWS DHCP failover invalid length remote code execution attempt
* 1:59865 <-> SERVER-ORACLE Oracle WebLogic Coherence library remote code execution attempt
* 1:59866 <-> SERVER-OTHER Debian Redis Lua sandbox escape attempt
* 1:59867 <-> SERVER-OTHER Debian Redis Lua sandbox escape attempt
* 1:59868 <-> OS-WINDOWS DHCP failover relationship name denial of service attempt

Modified Rules:

* 1:41206 <-> SERVER-OTHER Aerospike Database Server index name buffer overflow attempt
* 1:41209 <-> SERVER-OTHER Aerospike Database Server Fabric particle_vtable out of bounds read attempt
* 3:44498 <-> SERVER-WEBAPP Cisco License Manager ReportCSV directory traversal attempt
* 3:44499 <-> SERVER-WEBAPP Cisco License Manager ReportCSV directory traversal attempt
* 3:44500 <-> SERVER-WEBAPP Cisco License Manager ReportCSV directory traversal attempt
* 1:47201 <-> FILE-OFFICE Microsoft Office Excel fileVersion use-after-free attempt
* 1:47202 <-> FILE-OFFICE Microsoft Office Excel fileVersion use-after-free attempt
* 1:47276 <-> FILE-OTHER Adobe Acrobat Pro XPS file PPDoc out-of-bounds read attempt
* 1:47277 <-> FILE-OTHER Adobe Acrobat Pro XPS file PPDoc out-of-bounds read attempt
* 1:51028 <-> OS-WINDOWS Microsoft Windows Object Packager ClickOnce object remote code execution attempt
* 1:58679 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58680 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58681 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58682 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:59509 <-> FILE-OTHER ClamAV OLE2 uniq_add out of bounds write attempt
* 1:59510 <-> FILE-OTHER ClamAV OLE2 uniq_add out of bounds write attempt
* 1:7707 <-> MALWARE-CNC omniquad instant remote control runtime detection - file transfer setup


2022-05-24 21:23:17 UTC

Snort Subscriber Rules Update

Date: 2022-05-24-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.1.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:300180 <-> FILE-OTHER Adobe Acrobat malicious joboptions file download attempt
* 1:300181 <-> FILE-OTHER Adobe Acrobat Pro XPS file PPDoc out-of-bounds read attempt
* 1:300182 <-> FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor DPB GIFFILE stack buffer overflow attempt
* 1:300183 <-> FILE-OTHER Eaton HMiSoft VU3 GIFFILE stack buffer overflow attempt
* 1:300184 <-> FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor stack buffer overflow attempt
* 1:300185 <-> FILE-OTHER Omron CX-One CX-Programmer malicious cxp file download attempt
* 1:300186 <-> FILE-MULTIMEDIA AVI file chunk length integer overflow attempt
* 1:300187 <-> FILE-OTHER Adobe Acrobat Pro XPS file malformed Source attribute buffer overflow attempt
* 1:59825 <-> SERVER-OTHER OpenVPN read_key buffer overflow attempt
* 1:59828 <-> FILE-IMAGE Microsoft Windows DirectShow JPEG double free attempt
* 1:59829 <-> FILE-IMAGE Microsoft Windows DirectShow JPEG double free attempt
* 1:59830 <-> FILE-IMAGE Microsoft Windows DirectShow JPEG double free attempt
* 1:59831 <-> FILE-IMAGE Microsoft Windows DirectShow JPEG double free attempt
* 1:59832 <-> SERVER-OTHER WatchGuard Firebox and XTM remote code execution attempt
* 1:59833 <-> SERVER-MAIL Dovecot denial of service attempt
* 1:59834 <-> SERVER-MAIL Dovecot denial of service attempt
* 1:59835 <-> SERVER-MAIL Dovecot denial of service attempt
* 1:59836 <-> SERVER-WEBAPP Jenkins Pipeline Groovy plugin Java expression language injection attempt
* 1:59837 <-> SERVER-WEBAPP Jenkins Pipeline Groovy plugin Java expression language injection attempt
* 1:59838 <-> POLICY-OTHER WordPress Plugin WPGraphQL potential denial of service attempt
* 1:59839 <-> POLICY-OTHER WordPress Plugin WPGraphQL potential denial of service attempt
* 1:59842 <-> SERVER-OTHER ISC BIND rndc control channel denial of service attempt
* 1:59843 <-> POLICY-OTHER Microsoft Exchange Export-ExchangeCertificate SOAP API call detected
* 1:59844 <-> POLICY-OTHER Microsoft Exchange New-ExchangeCertificate SOAP API call detected
* 1:59845 <-> POLICY-OTHER Microsoft Exchange Import-TransportRuleCollection SOAP request detected
* 1:59846 <-> SERVER-OTHER HP LoadRunner mxdr_string heap buffer overflow attempt
* 1:59849 <-> OS-LINUX Linux Kernel ipv4_pktinfo_prepare denial of service attempt
* 1:59852 <-> SERVER-ORACLE Oracle WebLogic Server IIOP JNDI injection attempt
* 1:59853 <-> OS-WINDOWS Microsoft Windows LNK file remote code execution attempt
* 1:59854 <-> OS-WINDOWS Microsoft Windows LNK file remote code execution attempt
* 1:59859 <-> PROTOCOL-DNS PHP dns_get_record out of bounds read attempt
* 1:59864 <-> OS-WINDOWS DHCP failover invalid length remote code execution attempt
* 1:59865 <-> SERVER-ORACLE Oracle WebLogic Coherence library remote code execution attempt
* 1:59866 <-> SERVER-OTHER Debian Redis Lua sandbox escape attempt
* 1:59867 <-> SERVER-OTHER Debian Redis Lua sandbox escape attempt
* 1:59868 <-> OS-WINDOWS DHCP failover relationship name denial of service attempt

Modified Rules:

* 1:41206 <-> SERVER-OTHER Aerospike Database Server index name buffer overflow attempt
* 1:41209 <-> SERVER-OTHER Aerospike Database Server Fabric particle_vtable out of bounds read attempt
* 3:44498 <-> SERVER-WEBAPP Cisco License Manager ReportCSV directory traversal attempt
* 3:44499 <-> SERVER-WEBAPP Cisco License Manager ReportCSV directory traversal attempt
* 3:44500 <-> SERVER-WEBAPP Cisco License Manager ReportCSV directory traversal attempt
* 1:47201 <-> FILE-OFFICE Microsoft Office Excel fileVersion use-after-free attempt
* 1:47202 <-> FILE-OFFICE Microsoft Office Excel fileVersion use-after-free attempt
* 1:47276 <-> FILE-OTHER Adobe Acrobat Pro XPS file PPDoc out-of-bounds read attempt
* 1:47277 <-> FILE-OTHER Adobe Acrobat Pro XPS file PPDoc out-of-bounds read attempt
* 1:51028 <-> OS-WINDOWS Microsoft Windows Object Packager ClickOnce object remote code execution attempt
* 1:58679 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58680 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58681 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58682 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:59509 <-> FILE-OTHER ClamAV OLE2 uniq_add out of bounds write attempt
* 1:59510 <-> FILE-OTHER ClamAV OLE2 uniq_add out of bounds write attempt
* 1:7707 <-> MALWARE-CNC omniquad instant remote control runtime detection - file transfer setup


2022-05-24 21:23:17 UTC

Snort Subscriber Rules Update

Date: 2022-05-24-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.3.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:300180 <-> FILE-OTHER Adobe Acrobat malicious joboptions file download attempt
* 1:300181 <-> FILE-OTHER Adobe Acrobat Pro XPS file PPDoc out-of-bounds read attempt
* 1:300182 <-> FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor DPB GIFFILE stack buffer overflow attempt
* 1:300183 <-> FILE-OTHER Eaton HMiSoft VU3 GIFFILE stack buffer overflow attempt
* 1:300184 <-> FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor stack buffer overflow attempt
* 1:300185 <-> FILE-OTHER Omron CX-One CX-Programmer malicious cxp file download attempt
* 1:300186 <-> FILE-MULTIMEDIA AVI file chunk length integer overflow attempt
* 1:300187 <-> FILE-OTHER Adobe Acrobat Pro XPS file malformed Source attribute buffer overflow attempt
* 1:59825 <-> SERVER-OTHER OpenVPN read_key buffer overflow attempt
* 1:59828 <-> FILE-IMAGE Microsoft Windows DirectShow JPEG double free attempt
* 1:59829 <-> FILE-IMAGE Microsoft Windows DirectShow JPEG double free attempt
* 1:59830 <-> FILE-IMAGE Microsoft Windows DirectShow JPEG double free attempt
* 1:59831 <-> FILE-IMAGE Microsoft Windows DirectShow JPEG double free attempt
* 1:59832 <-> SERVER-OTHER WatchGuard Firebox and XTM remote code execution attempt
* 1:59833 <-> SERVER-MAIL Dovecot denial of service attempt
* 1:59834 <-> SERVER-MAIL Dovecot denial of service attempt
* 1:59835 <-> SERVER-MAIL Dovecot denial of service attempt
* 1:59836 <-> SERVER-WEBAPP Jenkins Pipeline Groovy plugin Java expression language injection attempt
* 1:59837 <-> SERVER-WEBAPP Jenkins Pipeline Groovy plugin Java expression language injection attempt
* 1:59838 <-> POLICY-OTHER WordPress Plugin WPGraphQL potential denial of service attempt
* 1:59839 <-> POLICY-OTHER WordPress Plugin WPGraphQL potential denial of service attempt
* 1:59842 <-> SERVER-OTHER ISC BIND rndc control channel denial of service attempt
* 1:59843 <-> POLICY-OTHER Microsoft Exchange Export-ExchangeCertificate SOAP API call detected
* 1:59844 <-> POLICY-OTHER Microsoft Exchange New-ExchangeCertificate SOAP API call detected
* 1:59845 <-> POLICY-OTHER Microsoft Exchange Import-TransportRuleCollection SOAP request detected
* 1:59846 <-> SERVER-OTHER HP LoadRunner mxdr_string heap buffer overflow attempt
* 1:59849 <-> OS-LINUX Linux Kernel ipv4_pktinfo_prepare denial of service attempt
* 1:59852 <-> SERVER-ORACLE Oracle WebLogic Server IIOP JNDI injection attempt
* 1:59853 <-> OS-WINDOWS Microsoft Windows LNK file remote code execution attempt
* 1:59854 <-> OS-WINDOWS Microsoft Windows LNK file remote code execution attempt
* 1:59859 <-> PROTOCOL-DNS PHP dns_get_record out of bounds read attempt
* 1:59864 <-> OS-WINDOWS DHCP failover invalid length remote code execution attempt
* 1:59865 <-> SERVER-ORACLE Oracle WebLogic Coherence library remote code execution attempt
* 1:59866 <-> SERVER-OTHER Debian Redis Lua sandbox escape attempt
* 1:59867 <-> SERVER-OTHER Debian Redis Lua sandbox escape attempt
* 1:59868 <-> OS-WINDOWS DHCP failover relationship name denial of service attempt

Modified Rules:

* 1:41206 <-> SERVER-OTHER Aerospike Database Server index name buffer overflow attempt
* 1:41209 <-> SERVER-OTHER Aerospike Database Server Fabric particle_vtable out of bounds read attempt
* 3:44498 <-> SERVER-WEBAPP Cisco License Manager ReportCSV directory traversal attempt
* 3:44499 <-> SERVER-WEBAPP Cisco License Manager ReportCSV directory traversal attempt
* 3:44500 <-> SERVER-WEBAPP Cisco License Manager ReportCSV directory traversal attempt
* 1:47201 <-> FILE-OFFICE Microsoft Office Excel fileVersion use-after-free attempt
* 1:47202 <-> FILE-OFFICE Microsoft Office Excel fileVersion use-after-free attempt
* 1:47276 <-> FILE-OTHER Adobe Acrobat Pro XPS file PPDoc out-of-bounds read attempt
* 1:47277 <-> FILE-OTHER Adobe Acrobat Pro XPS file PPDoc out-of-bounds read attempt
* 1:51028 <-> OS-WINDOWS Microsoft Windows Object Packager ClickOnce object remote code execution attempt
* 1:58679 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58680 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58681 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58682 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:59509 <-> FILE-OTHER ClamAV OLE2 uniq_add out of bounds write attempt
* 1:59510 <-> FILE-OTHER ClamAV OLE2 uniq_add out of bounds write attempt
* 1:7707 <-> MALWARE-CNC omniquad instant remote control runtime detection - file transfer setup


2022-05-24 21:23:17 UTC

Snort Subscriber Rules Update

Date: 2022-05-24-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.4.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:300180 <-> FILE-OTHER Adobe Acrobat malicious joboptions file download attempt
* 1:300181 <-> FILE-OTHER Adobe Acrobat Pro XPS file PPDoc out-of-bounds read attempt
* 1:300182 <-> FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor DPB GIFFILE stack buffer overflow attempt
* 1:300183 <-> FILE-OTHER Eaton HMiSoft VU3 GIFFILE stack buffer overflow attempt
* 1:300184 <-> FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor stack buffer overflow attempt
* 1:300185 <-> FILE-OTHER Omron CX-One CX-Programmer malicious cxp file download attempt
* 1:300186 <-> FILE-MULTIMEDIA AVI file chunk length integer overflow attempt
* 1:300187 <-> FILE-OTHER Adobe Acrobat Pro XPS file malformed Source attribute buffer overflow attempt
* 1:59825 <-> SERVER-OTHER OpenVPN read_key buffer overflow attempt
* 1:59828 <-> FILE-IMAGE Microsoft Windows DirectShow JPEG double free attempt
* 1:59829 <-> FILE-IMAGE Microsoft Windows DirectShow JPEG double free attempt
* 1:59830 <-> FILE-IMAGE Microsoft Windows DirectShow JPEG double free attempt
* 1:59831 <-> FILE-IMAGE Microsoft Windows DirectShow JPEG double free attempt
* 1:59832 <-> SERVER-OTHER WatchGuard Firebox and XTM remote code execution attempt
* 1:59833 <-> SERVER-MAIL Dovecot denial of service attempt
* 1:59834 <-> SERVER-MAIL Dovecot denial of service attempt
* 1:59835 <-> SERVER-MAIL Dovecot denial of service attempt
* 1:59836 <-> SERVER-WEBAPP Jenkins Pipeline Groovy plugin Java expression language injection attempt
* 1:59837 <-> SERVER-WEBAPP Jenkins Pipeline Groovy plugin Java expression language injection attempt
* 1:59838 <-> POLICY-OTHER WordPress Plugin WPGraphQL potential denial of service attempt
* 1:59839 <-> POLICY-OTHER WordPress Plugin WPGraphQL potential denial of service attempt
* 1:59842 <-> SERVER-OTHER ISC BIND rndc control channel denial of service attempt
* 1:59843 <-> POLICY-OTHER Microsoft Exchange Export-ExchangeCertificate SOAP API call detected
* 1:59844 <-> POLICY-OTHER Microsoft Exchange New-ExchangeCertificate SOAP API call detected
* 1:59845 <-> POLICY-OTHER Microsoft Exchange Import-TransportRuleCollection SOAP request detected
* 1:59846 <-> SERVER-OTHER HP LoadRunner mxdr_string heap buffer overflow attempt
* 1:59849 <-> OS-LINUX Linux Kernel ipv4_pktinfo_prepare denial of service attempt
* 1:59852 <-> SERVER-ORACLE Oracle WebLogic Server IIOP JNDI injection attempt
* 1:59853 <-> OS-WINDOWS Microsoft Windows LNK file remote code execution attempt
* 1:59854 <-> OS-WINDOWS Microsoft Windows LNK file remote code execution attempt
* 1:59859 <-> PROTOCOL-DNS PHP dns_get_record out of bounds read attempt
* 1:59864 <-> OS-WINDOWS DHCP failover invalid length remote code execution attempt
* 1:59865 <-> SERVER-ORACLE Oracle WebLogic Coherence library remote code execution attempt
* 1:59866 <-> SERVER-OTHER Debian Redis Lua sandbox escape attempt
* 1:59867 <-> SERVER-OTHER Debian Redis Lua sandbox escape attempt
* 1:59868 <-> OS-WINDOWS DHCP failover relationship name denial of service attempt

Modified Rules:

* 1:41206 <-> SERVER-OTHER Aerospike Database Server index name buffer overflow attempt
* 1:41209 <-> SERVER-OTHER Aerospike Database Server Fabric particle_vtable out of bounds read attempt
* 3:44498 <-> SERVER-WEBAPP Cisco License Manager ReportCSV directory traversal attempt
* 3:44499 <-> SERVER-WEBAPP Cisco License Manager ReportCSV directory traversal attempt
* 3:44500 <-> SERVER-WEBAPP Cisco License Manager ReportCSV directory traversal attempt
* 1:47201 <-> FILE-OFFICE Microsoft Office Excel fileVersion use-after-free attempt
* 1:47202 <-> FILE-OFFICE Microsoft Office Excel fileVersion use-after-free attempt
* 1:47276 <-> FILE-OTHER Adobe Acrobat Pro XPS file PPDoc out-of-bounds read attempt
* 1:47277 <-> FILE-OTHER Adobe Acrobat Pro XPS file PPDoc out-of-bounds read attempt
* 1:51028 <-> OS-WINDOWS Microsoft Windows Object Packager ClickOnce object remote code execution attempt
* 1:58679 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58680 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58681 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58682 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:59509 <-> FILE-OTHER ClamAV OLE2 uniq_add out of bounds write attempt
* 1:59510 <-> FILE-OTHER ClamAV OLE2 uniq_add out of bounds write attempt
* 1:7707 <-> MALWARE-CNC omniquad instant remote control runtime detection - file transfer setup


2022-05-24 21:23:17 UTC

Snort Subscriber Rules Update

Date: 2022-05-24-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.5.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:300180 <-> FILE-OTHER Adobe Acrobat malicious joboptions file download attempt
* 1:300181 <-> FILE-OTHER Adobe Acrobat Pro XPS file PPDoc out-of-bounds read attempt
* 1:300182 <-> FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor DPB GIFFILE stack buffer overflow attempt
* 1:300183 <-> FILE-OTHER Eaton HMiSoft VU3 GIFFILE stack buffer overflow attempt
* 1:300184 <-> FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor stack buffer overflow attempt
* 1:300185 <-> FILE-OTHER Omron CX-One CX-Programmer malicious cxp file download attempt
* 1:300186 <-> FILE-MULTIMEDIA AVI file chunk length integer overflow attempt
* 1:300187 <-> FILE-OTHER Adobe Acrobat Pro XPS file malformed Source attribute buffer overflow attempt
* 1:59825 <-> SERVER-OTHER OpenVPN read_key buffer overflow attempt
* 1:59828 <-> FILE-IMAGE Microsoft Windows DirectShow JPEG double free attempt
* 1:59829 <-> FILE-IMAGE Microsoft Windows DirectShow JPEG double free attempt
* 1:59830 <-> FILE-IMAGE Microsoft Windows DirectShow JPEG double free attempt
* 1:59831 <-> FILE-IMAGE Microsoft Windows DirectShow JPEG double free attempt
* 1:59832 <-> SERVER-OTHER WatchGuard Firebox and XTM remote code execution attempt
* 1:59833 <-> SERVER-MAIL Dovecot denial of service attempt
* 1:59834 <-> SERVER-MAIL Dovecot denial of service attempt
* 1:59835 <-> SERVER-MAIL Dovecot denial of service attempt
* 1:59836 <-> SERVER-WEBAPP Jenkins Pipeline Groovy plugin Java expression language injection attempt
* 1:59837 <-> SERVER-WEBAPP Jenkins Pipeline Groovy plugin Java expression language injection attempt
* 1:59838 <-> POLICY-OTHER WordPress Plugin WPGraphQL potential denial of service attempt
* 1:59839 <-> POLICY-OTHER WordPress Plugin WPGraphQL potential denial of service attempt
* 1:59842 <-> SERVER-OTHER ISC BIND rndc control channel denial of service attempt
* 1:59843 <-> POLICY-OTHER Microsoft Exchange Export-ExchangeCertificate SOAP API call detected
* 1:59844 <-> POLICY-OTHER Microsoft Exchange New-ExchangeCertificate SOAP API call detected
* 1:59845 <-> POLICY-OTHER Microsoft Exchange Import-TransportRuleCollection SOAP request detected
* 1:59846 <-> SERVER-OTHER HP LoadRunner mxdr_string heap buffer overflow attempt
* 1:59849 <-> OS-LINUX Linux Kernel ipv4_pktinfo_prepare denial of service attempt
* 1:59852 <-> SERVER-ORACLE Oracle WebLogic Server IIOP JNDI injection attempt
* 1:59853 <-> OS-WINDOWS Microsoft Windows LNK file remote code execution attempt
* 1:59854 <-> OS-WINDOWS Microsoft Windows LNK file remote code execution attempt
* 1:59859 <-> PROTOCOL-DNS PHP dns_get_record out of bounds read attempt
* 1:59864 <-> OS-WINDOWS DHCP failover invalid length remote code execution attempt
* 1:59865 <-> SERVER-ORACLE Oracle WebLogic Coherence library remote code execution attempt
* 1:59866 <-> SERVER-OTHER Debian Redis Lua sandbox escape attempt
* 1:59867 <-> SERVER-OTHER Debian Redis Lua sandbox escape attempt
* 1:59868 <-> OS-WINDOWS DHCP failover relationship name denial of service attempt

Modified Rules:

* 1:41206 <-> SERVER-OTHER Aerospike Database Server index name buffer overflow attempt
* 1:41209 <-> SERVER-OTHER Aerospike Database Server Fabric particle_vtable out of bounds read attempt
* 3:44498 <-> SERVER-WEBAPP Cisco License Manager ReportCSV directory traversal attempt
* 3:44499 <-> SERVER-WEBAPP Cisco License Manager ReportCSV directory traversal attempt
* 3:44500 <-> SERVER-WEBAPP Cisco License Manager ReportCSV directory traversal attempt
* 1:47201 <-> FILE-OFFICE Microsoft Office Excel fileVersion use-after-free attempt
* 1:47202 <-> FILE-OFFICE Microsoft Office Excel fileVersion use-after-free attempt
* 1:47276 <-> FILE-OTHER Adobe Acrobat Pro XPS file PPDoc out-of-bounds read attempt
* 1:47277 <-> FILE-OTHER Adobe Acrobat Pro XPS file PPDoc out-of-bounds read attempt
* 1:51028 <-> OS-WINDOWS Microsoft Windows Object Packager ClickOnce object remote code execution attempt
* 1:58679 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58680 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58681 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58682 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:59509 <-> FILE-OTHER ClamAV OLE2 uniq_add out of bounds write attempt
* 1:59510 <-> FILE-OTHER ClamAV OLE2 uniq_add out of bounds write attempt
* 1:7707 <-> MALWARE-CNC omniquad instant remote control runtime detection - file transfer setup


2022-05-24 21:23:18 UTC

Snort Subscriber Rules Update

Date: 2022-05-24-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.7.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:300180 <-> FILE-OTHER Adobe Acrobat malicious joboptions file download attempt
* 1:300181 <-> FILE-OTHER Adobe Acrobat Pro XPS file PPDoc out-of-bounds read attempt
* 1:300182 <-> FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor DPB GIFFILE stack buffer overflow attempt
* 1:300183 <-> FILE-OTHER Eaton HMiSoft VU3 GIFFILE stack buffer overflow attempt
* 1:300184 <-> FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor stack buffer overflow attempt
* 1:300185 <-> FILE-OTHER Omron CX-One CX-Programmer malicious cxp file download attempt
* 1:300186 <-> FILE-MULTIMEDIA AVI file chunk length integer overflow attempt
* 1:300187 <-> FILE-OTHER Adobe Acrobat Pro XPS file malformed Source attribute buffer overflow attempt
* 1:59825 <-> SERVER-OTHER OpenVPN read_key buffer overflow attempt
* 1:59828 <-> FILE-IMAGE Microsoft Windows DirectShow JPEG double free attempt
* 1:59829 <-> FILE-IMAGE Microsoft Windows DirectShow JPEG double free attempt
* 1:59830 <-> FILE-IMAGE Microsoft Windows DirectShow JPEG double free attempt
* 1:59831 <-> FILE-IMAGE Microsoft Windows DirectShow JPEG double free attempt
* 1:59832 <-> SERVER-OTHER WatchGuard Firebox and XTM remote code execution attempt
* 1:59833 <-> SERVER-MAIL Dovecot denial of service attempt
* 1:59834 <-> SERVER-MAIL Dovecot denial of service attempt
* 1:59835 <-> SERVER-MAIL Dovecot denial of service attempt
* 1:59836 <-> SERVER-WEBAPP Jenkins Pipeline Groovy plugin Java expression language injection attempt
* 1:59837 <-> SERVER-WEBAPP Jenkins Pipeline Groovy plugin Java expression language injection attempt
* 1:59838 <-> POLICY-OTHER WordPress Plugin WPGraphQL potential denial of service attempt
* 1:59839 <-> POLICY-OTHER WordPress Plugin WPGraphQL potential denial of service attempt
* 1:59842 <-> SERVER-OTHER ISC BIND rndc control channel denial of service attempt
* 1:59843 <-> POLICY-OTHER Microsoft Exchange Export-ExchangeCertificate SOAP API call detected
* 1:59844 <-> POLICY-OTHER Microsoft Exchange New-ExchangeCertificate SOAP API call detected
* 1:59845 <-> POLICY-OTHER Microsoft Exchange Import-TransportRuleCollection SOAP request detected
* 1:59846 <-> SERVER-OTHER HP LoadRunner mxdr_string heap buffer overflow attempt
* 1:59849 <-> OS-LINUX Linux Kernel ipv4_pktinfo_prepare denial of service attempt
* 1:59852 <-> SERVER-ORACLE Oracle WebLogic Server IIOP JNDI injection attempt
* 1:59853 <-> OS-WINDOWS Microsoft Windows LNK file remote code execution attempt
* 1:59854 <-> OS-WINDOWS Microsoft Windows LNK file remote code execution attempt
* 1:59859 <-> PROTOCOL-DNS PHP dns_get_record out of bounds read attempt
* 1:59864 <-> OS-WINDOWS DHCP failover invalid length remote code execution attempt
* 1:59865 <-> SERVER-ORACLE Oracle WebLogic Coherence library remote code execution attempt
* 1:59866 <-> SERVER-OTHER Debian Redis Lua sandbox escape attempt
* 1:59867 <-> SERVER-OTHER Debian Redis Lua sandbox escape attempt
* 1:59868 <-> OS-WINDOWS DHCP failover relationship name denial of service attempt

Modified Rules:

* 1:41206 <-> SERVER-OTHER Aerospike Database Server index name buffer overflow attempt
* 1:41209 <-> SERVER-OTHER Aerospike Database Server Fabric particle_vtable out of bounds read attempt
* 3:44498 <-> SERVER-WEBAPP Cisco License Manager ReportCSV directory traversal attempt
* 3:44499 <-> SERVER-WEBAPP Cisco License Manager ReportCSV directory traversal attempt
* 3:44500 <-> SERVER-WEBAPP Cisco License Manager ReportCSV directory traversal attempt
* 1:47201 <-> FILE-OFFICE Microsoft Office Excel fileVersion use-after-free attempt
* 1:47202 <-> FILE-OFFICE Microsoft Office Excel fileVersion use-after-free attempt
* 1:47276 <-> FILE-OTHER Adobe Acrobat Pro XPS file PPDoc out-of-bounds read attempt
* 1:47277 <-> FILE-OTHER Adobe Acrobat Pro XPS file PPDoc out-of-bounds read attempt
* 1:51028 <-> OS-WINDOWS Microsoft Windows Object Packager ClickOnce object remote code execution attempt
* 1:58679 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58680 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58681 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58682 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:59509 <-> FILE-OTHER ClamAV OLE2 uniq_add out of bounds write attempt
* 1:59510 <-> FILE-OTHER ClamAV OLE2 uniq_add out of bounds write attempt
* 1:7707 <-> MALWARE-CNC omniquad instant remote control runtime detection - file transfer setup


2022-05-24 21:23:18 UTC

Snort Subscriber Rules Update

Date: 2022-05-24-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.9.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:300180 <-> FILE-OTHER Adobe Acrobat malicious joboptions file download attempt
* 1:300181 <-> FILE-OTHER Adobe Acrobat Pro XPS file PPDoc out-of-bounds read attempt
* 1:300182 <-> FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor DPB GIFFILE stack buffer overflow attempt
* 1:300183 <-> FILE-OTHER Eaton HMiSoft VU3 GIFFILE stack buffer overflow attempt
* 1:300184 <-> FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor stack buffer overflow attempt
* 1:300185 <-> FILE-OTHER Omron CX-One CX-Programmer malicious cxp file download attempt
* 1:300186 <-> FILE-MULTIMEDIA AVI file chunk length integer overflow attempt
* 1:300187 <-> FILE-OTHER Adobe Acrobat Pro XPS file malformed Source attribute buffer overflow attempt
* 1:59825 <-> SERVER-OTHER OpenVPN read_key buffer overflow attempt
* 1:59828 <-> FILE-IMAGE Microsoft Windows DirectShow JPEG double free attempt
* 1:59829 <-> FILE-IMAGE Microsoft Windows DirectShow JPEG double free attempt
* 1:59830 <-> FILE-IMAGE Microsoft Windows DirectShow JPEG double free attempt
* 1:59831 <-> FILE-IMAGE Microsoft Windows DirectShow JPEG double free attempt
* 1:59832 <-> SERVER-OTHER WatchGuard Firebox and XTM remote code execution attempt
* 1:59833 <-> SERVER-MAIL Dovecot denial of service attempt
* 1:59834 <-> SERVER-MAIL Dovecot denial of service attempt
* 1:59835 <-> SERVER-MAIL Dovecot denial of service attempt
* 1:59836 <-> SERVER-WEBAPP Jenkins Pipeline Groovy plugin Java expression language injection attempt
* 1:59837 <-> SERVER-WEBAPP Jenkins Pipeline Groovy plugin Java expression language injection attempt
* 1:59838 <-> POLICY-OTHER WordPress Plugin WPGraphQL potential denial of service attempt
* 1:59839 <-> POLICY-OTHER WordPress Plugin WPGraphQL potential denial of service attempt
* 1:59842 <-> SERVER-OTHER ISC BIND rndc control channel denial of service attempt
* 1:59843 <-> POLICY-OTHER Microsoft Exchange Export-ExchangeCertificate SOAP API call detected
* 1:59844 <-> POLICY-OTHER Microsoft Exchange New-ExchangeCertificate SOAP API call detected
* 1:59845 <-> POLICY-OTHER Microsoft Exchange Import-TransportRuleCollection SOAP request detected
* 1:59846 <-> SERVER-OTHER HP LoadRunner mxdr_string heap buffer overflow attempt
* 1:59849 <-> OS-LINUX Linux Kernel ipv4_pktinfo_prepare denial of service attempt
* 1:59852 <-> SERVER-ORACLE Oracle WebLogic Server IIOP JNDI injection attempt
* 1:59853 <-> OS-WINDOWS Microsoft Windows LNK file remote code execution attempt
* 1:59854 <-> OS-WINDOWS Microsoft Windows LNK file remote code execution attempt
* 1:59859 <-> PROTOCOL-DNS PHP dns_get_record out of bounds read attempt
* 1:59864 <-> OS-WINDOWS DHCP failover invalid length remote code execution attempt
* 1:59865 <-> SERVER-ORACLE Oracle WebLogic Coherence library remote code execution attempt
* 1:59866 <-> SERVER-OTHER Debian Redis Lua sandbox escape attempt
* 1:59867 <-> SERVER-OTHER Debian Redis Lua sandbox escape attempt
* 1:59868 <-> OS-WINDOWS DHCP failover relationship name denial of service attempt

Modified Rules:

* 1:41206 <-> SERVER-OTHER Aerospike Database Server index name buffer overflow attempt
* 1:41209 <-> SERVER-OTHER Aerospike Database Server Fabric particle_vtable out of bounds read attempt
* 3:44498 <-> SERVER-WEBAPP Cisco License Manager ReportCSV directory traversal attempt
* 3:44499 <-> SERVER-WEBAPP Cisco License Manager ReportCSV directory traversal attempt
* 3:44500 <-> SERVER-WEBAPP Cisco License Manager ReportCSV directory traversal attempt
* 1:47201 <-> FILE-OFFICE Microsoft Office Excel fileVersion use-after-free attempt
* 1:47202 <-> FILE-OFFICE Microsoft Office Excel fileVersion use-after-free attempt
* 1:47276 <-> FILE-OTHER Adobe Acrobat Pro XPS file PPDoc out-of-bounds read attempt
* 1:47277 <-> FILE-OTHER Adobe Acrobat Pro XPS file PPDoc out-of-bounds read attempt
* 1:51028 <-> OS-WINDOWS Microsoft Windows Object Packager ClickOnce object remote code execution attempt
* 1:58679 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58680 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58681 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58682 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:59509 <-> FILE-OTHER ClamAV OLE2 uniq_add out of bounds write attempt
* 1:59510 <-> FILE-OTHER ClamAV OLE2 uniq_add out of bounds write attempt
* 1:7707 <-> MALWARE-CNC omniquad instant remote control runtime detection - file transfer setup


2022-05-24 21:23:18 UTC

Snort Subscriber Rules Update

Date: 2022-05-24-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.11.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:300180 <-> FILE-OTHER Adobe Acrobat malicious joboptions file download attempt
* 1:300181 <-> FILE-OTHER Adobe Acrobat Pro XPS file PPDoc out-of-bounds read attempt
* 1:300182 <-> FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor DPB GIFFILE stack buffer overflow attempt
* 1:300183 <-> FILE-OTHER Eaton HMiSoft VU3 GIFFILE stack buffer overflow attempt
* 1:300184 <-> FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor stack buffer overflow attempt
* 1:300185 <-> FILE-OTHER Omron CX-One CX-Programmer malicious cxp file download attempt
* 1:300186 <-> FILE-MULTIMEDIA AVI file chunk length integer overflow attempt
* 1:300187 <-> FILE-OTHER Adobe Acrobat Pro XPS file malformed Source attribute buffer overflow attempt
* 1:59825 <-> SERVER-OTHER OpenVPN read_key buffer overflow attempt
* 1:59828 <-> FILE-IMAGE Microsoft Windows DirectShow JPEG double free attempt
* 1:59829 <-> FILE-IMAGE Microsoft Windows DirectShow JPEG double free attempt
* 1:59830 <-> FILE-IMAGE Microsoft Windows DirectShow JPEG double free attempt
* 1:59831 <-> FILE-IMAGE Microsoft Windows DirectShow JPEG double free attempt
* 1:59832 <-> SERVER-OTHER WatchGuard Firebox and XTM remote code execution attempt
* 1:59833 <-> SERVER-MAIL Dovecot denial of service attempt
* 1:59834 <-> SERVER-MAIL Dovecot denial of service attempt
* 1:59835 <-> SERVER-MAIL Dovecot denial of service attempt
* 1:59836 <-> SERVER-WEBAPP Jenkins Pipeline Groovy plugin Java expression language injection attempt
* 1:59837 <-> SERVER-WEBAPP Jenkins Pipeline Groovy plugin Java expression language injection attempt
* 1:59838 <-> POLICY-OTHER WordPress Plugin WPGraphQL potential denial of service attempt
* 1:59839 <-> POLICY-OTHER WordPress Plugin WPGraphQL potential denial of service attempt
* 1:59842 <-> SERVER-OTHER ISC BIND rndc control channel denial of service attempt
* 1:59843 <-> POLICY-OTHER Microsoft Exchange Export-ExchangeCertificate SOAP API call detected
* 1:59844 <-> POLICY-OTHER Microsoft Exchange New-ExchangeCertificate SOAP API call detected
* 1:59845 <-> POLICY-OTHER Microsoft Exchange Import-TransportRuleCollection SOAP request detected
* 1:59846 <-> SERVER-OTHER HP LoadRunner mxdr_string heap buffer overflow attempt
* 1:59849 <-> OS-LINUX Linux Kernel ipv4_pktinfo_prepare denial of service attempt
* 1:59852 <-> SERVER-ORACLE Oracle WebLogic Server IIOP JNDI injection attempt
* 1:59853 <-> OS-WINDOWS Microsoft Windows LNK file remote code execution attempt
* 1:59854 <-> OS-WINDOWS Microsoft Windows LNK file remote code execution attempt
* 1:59859 <-> PROTOCOL-DNS PHP dns_get_record out of bounds read attempt
* 1:59864 <-> OS-WINDOWS DHCP failover invalid length remote code execution attempt
* 1:59865 <-> SERVER-ORACLE Oracle WebLogic Coherence library remote code execution attempt
* 1:59866 <-> SERVER-OTHER Debian Redis Lua sandbox escape attempt
* 1:59867 <-> SERVER-OTHER Debian Redis Lua sandbox escape attempt
* 1:59868 <-> OS-WINDOWS DHCP failover relationship name denial of service attempt

Modified Rules:

* 1:41206 <-> SERVER-OTHER Aerospike Database Server index name buffer overflow attempt
* 1:41209 <-> SERVER-OTHER Aerospike Database Server Fabric particle_vtable out of bounds read attempt
* 3:44498 <-> SERVER-WEBAPP Cisco License Manager ReportCSV directory traversal attempt
* 3:44499 <-> SERVER-WEBAPP Cisco License Manager ReportCSV directory traversal attempt
* 3:44500 <-> SERVER-WEBAPP Cisco License Manager ReportCSV directory traversal attempt
* 1:47201 <-> FILE-OFFICE Microsoft Office Excel fileVersion use-after-free attempt
* 1:47202 <-> FILE-OFFICE Microsoft Office Excel fileVersion use-after-free attempt
* 1:47276 <-> FILE-OTHER Adobe Acrobat Pro XPS file PPDoc out-of-bounds read attempt
* 1:47277 <-> FILE-OTHER Adobe Acrobat Pro XPS file PPDoc out-of-bounds read attempt
* 1:51028 <-> OS-WINDOWS Microsoft Windows Object Packager ClickOnce object remote code execution attempt
* 1:58679 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58680 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58681 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58682 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:59509 <-> FILE-OTHER ClamAV OLE2 uniq_add out of bounds write attempt
* 1:59510 <-> FILE-OTHER ClamAV OLE2 uniq_add out of bounds write attempt
* 1:7707 <-> MALWARE-CNC omniquad instant remote control runtime detection - file transfer setup


2022-05-24 21:23:18 UTC

Snort Subscriber Rules Update

Date: 2022-05-24-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.15.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:300180 <-> FILE-OTHER Adobe Acrobat malicious joboptions file download attempt
* 1:300181 <-> FILE-OTHER Adobe Acrobat Pro XPS file PPDoc out-of-bounds read attempt
* 1:300182 <-> FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor DPB GIFFILE stack buffer overflow attempt
* 1:300183 <-> FILE-OTHER Eaton HMiSoft VU3 GIFFILE stack buffer overflow attempt
* 1:300184 <-> FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor stack buffer overflow attempt
* 1:300185 <-> FILE-OTHER Omron CX-One CX-Programmer malicious cxp file download attempt
* 1:300186 <-> FILE-MULTIMEDIA AVI file chunk length integer overflow attempt
* 1:300187 <-> FILE-OTHER Adobe Acrobat Pro XPS file malformed Source attribute buffer overflow attempt
* 1:59825 <-> SERVER-OTHER OpenVPN read_key buffer overflow attempt
* 1:59828 <-> FILE-IMAGE Microsoft Windows DirectShow JPEG double free attempt
* 1:59829 <-> FILE-IMAGE Microsoft Windows DirectShow JPEG double free attempt
* 1:59830 <-> FILE-IMAGE Microsoft Windows DirectShow JPEG double free attempt
* 1:59831 <-> FILE-IMAGE Microsoft Windows DirectShow JPEG double free attempt
* 1:59832 <-> SERVER-OTHER WatchGuard Firebox and XTM remote code execution attempt
* 1:59833 <-> SERVER-MAIL Dovecot denial of service attempt
* 1:59834 <-> SERVER-MAIL Dovecot denial of service attempt
* 1:59835 <-> SERVER-MAIL Dovecot denial of service attempt
* 1:59836 <-> SERVER-WEBAPP Jenkins Pipeline Groovy plugin Java expression language injection attempt
* 1:59837 <-> SERVER-WEBAPP Jenkins Pipeline Groovy plugin Java expression language injection attempt
* 1:59838 <-> POLICY-OTHER WordPress Plugin WPGraphQL potential denial of service attempt
* 1:59839 <-> POLICY-OTHER WordPress Plugin WPGraphQL potential denial of service attempt
* 1:59842 <-> SERVER-OTHER ISC BIND rndc control channel denial of service attempt
* 1:59843 <-> POLICY-OTHER Microsoft Exchange Export-ExchangeCertificate SOAP API call detected
* 1:59844 <-> POLICY-OTHER Microsoft Exchange New-ExchangeCertificate SOAP API call detected
* 1:59845 <-> POLICY-OTHER Microsoft Exchange Import-TransportRuleCollection SOAP request detected
* 1:59846 <-> SERVER-OTHER HP LoadRunner mxdr_string heap buffer overflow attempt
* 1:59849 <-> OS-LINUX Linux Kernel ipv4_pktinfo_prepare denial of service attempt
* 1:59852 <-> SERVER-ORACLE Oracle WebLogic Server IIOP JNDI injection attempt
* 1:59853 <-> OS-WINDOWS Microsoft Windows LNK file remote code execution attempt
* 1:59854 <-> OS-WINDOWS Microsoft Windows LNK file remote code execution attempt
* 1:59859 <-> PROTOCOL-DNS PHP dns_get_record out of bounds read attempt
* 1:59864 <-> OS-WINDOWS DHCP failover invalid length remote code execution attempt
* 1:59865 <-> SERVER-ORACLE Oracle WebLogic Coherence library remote code execution attempt
* 1:59866 <-> SERVER-OTHER Debian Redis Lua sandbox escape attempt
* 1:59867 <-> SERVER-OTHER Debian Redis Lua sandbox escape attempt
* 1:59868 <-> OS-WINDOWS DHCP failover relationship name denial of service attempt

Modified Rules:

* 1:41206 <-> SERVER-OTHER Aerospike Database Server index name buffer overflow attempt
* 1:41209 <-> SERVER-OTHER Aerospike Database Server Fabric particle_vtable out of bounds read attempt
* 3:44498 <-> SERVER-WEBAPP Cisco License Manager ReportCSV directory traversal attempt
* 3:44499 <-> SERVER-WEBAPP Cisco License Manager ReportCSV directory traversal attempt
* 3:44500 <-> SERVER-WEBAPP Cisco License Manager ReportCSV directory traversal attempt
* 1:47201 <-> FILE-OFFICE Microsoft Office Excel fileVersion use-after-free attempt
* 1:47202 <-> FILE-OFFICE Microsoft Office Excel fileVersion use-after-free attempt
* 1:47276 <-> FILE-OTHER Adobe Acrobat Pro XPS file PPDoc out-of-bounds read attempt
* 1:47277 <-> FILE-OTHER Adobe Acrobat Pro XPS file PPDoc out-of-bounds read attempt
* 1:51028 <-> OS-WINDOWS Microsoft Windows Object Packager ClickOnce object remote code execution attempt
* 1:58679 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58680 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58681 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58682 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:59509 <-> FILE-OTHER ClamAV OLE2 uniq_add out of bounds write attempt
* 1:59510 <-> FILE-OTHER ClamAV OLE2 uniq_add out of bounds write attempt
* 1:7707 <-> MALWARE-CNC omniquad instant remote control runtime detection - file transfer setup


2022-05-24 21:23:18 UTC

Snort Subscriber Rules Update

Date: 2022-05-24-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.18.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:300180 <-> FILE-OTHER Adobe Acrobat malicious joboptions file download attempt
* 1:300181 <-> FILE-OTHER Adobe Acrobat Pro XPS file PPDoc out-of-bounds read attempt
* 1:300182 <-> FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor DPB GIFFILE stack buffer overflow attempt
* 1:300183 <-> FILE-OTHER Eaton HMiSoft VU3 GIFFILE stack buffer overflow attempt
* 1:300184 <-> FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor stack buffer overflow attempt
* 1:300185 <-> FILE-OTHER Omron CX-One CX-Programmer malicious cxp file download attempt
* 1:300186 <-> FILE-MULTIMEDIA AVI file chunk length integer overflow attempt
* 1:300187 <-> FILE-OTHER Adobe Acrobat Pro XPS file malformed Source attribute buffer overflow attempt
* 1:59825 <-> SERVER-OTHER OpenVPN read_key buffer overflow attempt
* 1:59828 <-> FILE-IMAGE Microsoft Windows DirectShow JPEG double free attempt
* 1:59829 <-> FILE-IMAGE Microsoft Windows DirectShow JPEG double free attempt
* 1:59830 <-> FILE-IMAGE Microsoft Windows DirectShow JPEG double free attempt
* 1:59831 <-> FILE-IMAGE Microsoft Windows DirectShow JPEG double free attempt
* 1:59832 <-> SERVER-OTHER WatchGuard Firebox and XTM remote code execution attempt
* 1:59833 <-> SERVER-MAIL Dovecot denial of service attempt
* 1:59834 <-> SERVER-MAIL Dovecot denial of service attempt
* 1:59835 <-> SERVER-MAIL Dovecot denial of service attempt
* 1:59836 <-> SERVER-WEBAPP Jenkins Pipeline Groovy plugin Java expression language injection attempt
* 1:59837 <-> SERVER-WEBAPP Jenkins Pipeline Groovy plugin Java expression language injection attempt
* 1:59838 <-> POLICY-OTHER WordPress Plugin WPGraphQL potential denial of service attempt
* 1:59839 <-> POLICY-OTHER WordPress Plugin WPGraphQL potential denial of service attempt
* 1:59842 <-> SERVER-OTHER ISC BIND rndc control channel denial of service attempt
* 1:59843 <-> POLICY-OTHER Microsoft Exchange Export-ExchangeCertificate SOAP API call detected
* 1:59844 <-> POLICY-OTHER Microsoft Exchange New-ExchangeCertificate SOAP API call detected
* 1:59845 <-> POLICY-OTHER Microsoft Exchange Import-TransportRuleCollection SOAP request detected
* 1:59846 <-> SERVER-OTHER HP LoadRunner mxdr_string heap buffer overflow attempt
* 1:59849 <-> OS-LINUX Linux Kernel ipv4_pktinfo_prepare denial of service attempt
* 1:59852 <-> SERVER-ORACLE Oracle WebLogic Server IIOP JNDI injection attempt
* 1:59853 <-> OS-WINDOWS Microsoft Windows LNK file remote code execution attempt
* 1:59854 <-> OS-WINDOWS Microsoft Windows LNK file remote code execution attempt
* 1:59859 <-> PROTOCOL-DNS PHP dns_get_record out of bounds read attempt
* 1:59864 <-> OS-WINDOWS DHCP failover invalid length remote code execution attempt
* 1:59865 <-> SERVER-ORACLE Oracle WebLogic Coherence library remote code execution attempt
* 1:59866 <-> SERVER-OTHER Debian Redis Lua sandbox escape attempt
* 1:59867 <-> SERVER-OTHER Debian Redis Lua sandbox escape attempt
* 1:59868 <-> OS-WINDOWS DHCP failover relationship name denial of service attempt

Modified Rules:

* 1:41206 <-> SERVER-OTHER Aerospike Database Server index name buffer overflow attempt
* 1:41209 <-> SERVER-OTHER Aerospike Database Server Fabric particle_vtable out of bounds read attempt
* 3:44498 <-> SERVER-WEBAPP Cisco License Manager ReportCSV directory traversal attempt
* 3:44499 <-> SERVER-WEBAPP Cisco License Manager ReportCSV directory traversal attempt
* 3:44500 <-> SERVER-WEBAPP Cisco License Manager ReportCSV directory traversal attempt
* 1:47201 <-> FILE-OFFICE Microsoft Office Excel fileVersion use-after-free attempt
* 1:47202 <-> FILE-OFFICE Microsoft Office Excel fileVersion use-after-free attempt
* 1:47276 <-> FILE-OTHER Adobe Acrobat Pro XPS file PPDoc out-of-bounds read attempt
* 1:47277 <-> FILE-OTHER Adobe Acrobat Pro XPS file PPDoc out-of-bounds read attempt
* 1:51028 <-> OS-WINDOWS Microsoft Windows Object Packager ClickOnce object remote code execution attempt
* 1:58679 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58680 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58681 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58682 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:59509 <-> FILE-OTHER ClamAV OLE2 uniq_add out of bounds write attempt
* 1:59510 <-> FILE-OTHER ClamAV OLE2 uniq_add out of bounds write attempt
* 1:7707 <-> MALWARE-CNC omniquad instant remote control runtime detection - file transfer setup


2022-05-24 21:23:18 UTC

Snort Subscriber Rules Update

Date: 2022-05-24-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.20.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:300180 <-> FILE-OTHER Adobe Acrobat malicious joboptions file download attempt
* 1:300181 <-> FILE-OTHER Adobe Acrobat Pro XPS file PPDoc out-of-bounds read attempt
* 1:300182 <-> FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor DPB GIFFILE stack buffer overflow attempt
* 1:300183 <-> FILE-OTHER Eaton HMiSoft VU3 GIFFILE stack buffer overflow attempt
* 1:300184 <-> FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor stack buffer overflow attempt
* 1:300185 <-> FILE-OTHER Omron CX-One CX-Programmer malicious cxp file download attempt
* 1:300186 <-> FILE-MULTIMEDIA AVI file chunk length integer overflow attempt
* 1:300187 <-> FILE-OTHER Adobe Acrobat Pro XPS file malformed Source attribute buffer overflow attempt
* 1:59825 <-> SERVER-OTHER OpenVPN read_key buffer overflow attempt
* 1:59828 <-> FILE-IMAGE Microsoft Windows DirectShow JPEG double free attempt
* 1:59829 <-> FILE-IMAGE Microsoft Windows DirectShow JPEG double free attempt
* 1:59830 <-> FILE-IMAGE Microsoft Windows DirectShow JPEG double free attempt
* 1:59831 <-> FILE-IMAGE Microsoft Windows DirectShow JPEG double free attempt
* 1:59832 <-> SERVER-OTHER WatchGuard Firebox and XTM remote code execution attempt
* 1:59833 <-> SERVER-MAIL Dovecot denial of service attempt
* 1:59834 <-> SERVER-MAIL Dovecot denial of service attempt
* 1:59835 <-> SERVER-MAIL Dovecot denial of service attempt
* 1:59836 <-> SERVER-WEBAPP Jenkins Pipeline Groovy plugin Java expression language injection attempt
* 1:59837 <-> SERVER-WEBAPP Jenkins Pipeline Groovy plugin Java expression language injection attempt
* 1:59838 <-> POLICY-OTHER WordPress Plugin WPGraphQL potential denial of service attempt
* 1:59839 <-> POLICY-OTHER WordPress Plugin WPGraphQL potential denial of service attempt
* 1:59842 <-> SERVER-OTHER ISC BIND rndc control channel denial of service attempt
* 1:59843 <-> POLICY-OTHER Microsoft Exchange Export-ExchangeCertificate SOAP API call detected
* 1:59844 <-> POLICY-OTHER Microsoft Exchange New-ExchangeCertificate SOAP API call detected
* 1:59845 <-> POLICY-OTHER Microsoft Exchange Import-TransportRuleCollection SOAP request detected
* 1:59846 <-> SERVER-OTHER HP LoadRunner mxdr_string heap buffer overflow attempt
* 1:59849 <-> OS-LINUX Linux Kernel ipv4_pktinfo_prepare denial of service attempt
* 1:59852 <-> SERVER-ORACLE Oracle WebLogic Server IIOP JNDI injection attempt
* 1:59853 <-> OS-WINDOWS Microsoft Windows LNK file remote code execution attempt
* 1:59854 <-> OS-WINDOWS Microsoft Windows LNK file remote code execution attempt
* 1:59859 <-> PROTOCOL-DNS PHP dns_get_record out of bounds read attempt
* 1:59864 <-> OS-WINDOWS DHCP failover invalid length remote code execution attempt
* 1:59865 <-> SERVER-ORACLE Oracle WebLogic Coherence library remote code execution attempt
* 1:59866 <-> SERVER-OTHER Debian Redis Lua sandbox escape attempt
* 1:59867 <-> SERVER-OTHER Debian Redis Lua sandbox escape attempt
* 1:59868 <-> OS-WINDOWS DHCP failover relationship name denial of service attempt

Modified Rules:

* 1:41206 <-> SERVER-OTHER Aerospike Database Server index name buffer overflow attempt
* 1:41209 <-> SERVER-OTHER Aerospike Database Server Fabric particle_vtable out of bounds read attempt
* 3:44498 <-> SERVER-WEBAPP Cisco License Manager ReportCSV directory traversal attempt
* 3:44499 <-> SERVER-WEBAPP Cisco License Manager ReportCSV directory traversal attempt
* 3:44500 <-> SERVER-WEBAPP Cisco License Manager ReportCSV directory traversal attempt
* 1:47201 <-> FILE-OFFICE Microsoft Office Excel fileVersion use-after-free attempt
* 1:47202 <-> FILE-OFFICE Microsoft Office Excel fileVersion use-after-free attempt
* 1:47276 <-> FILE-OTHER Adobe Acrobat Pro XPS file PPDoc out-of-bounds read attempt
* 1:47277 <-> FILE-OTHER Adobe Acrobat Pro XPS file PPDoc out-of-bounds read attempt
* 1:51028 <-> OS-WINDOWS Microsoft Windows Object Packager ClickOnce object remote code execution attempt
* 1:58679 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58680 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58681 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58682 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:59509 <-> FILE-OTHER ClamAV OLE2 uniq_add out of bounds write attempt
* 1:59510 <-> FILE-OTHER ClamAV OLE2 uniq_add out of bounds write attempt
* 1:7707 <-> MALWARE-CNC omniquad instant remote control runtime detection - file transfer setup


2022-05-24 21:23:18 UTC

Snort Subscriber Rules Update

Date: 2022-05-24-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.21.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:300180 <-> FILE-OTHER Adobe Acrobat malicious joboptions file download attempt
* 1:300181 <-> FILE-OTHER Adobe Acrobat Pro XPS file PPDoc out-of-bounds read attempt
* 1:300182 <-> FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor DPB GIFFILE stack buffer overflow attempt
* 1:300183 <-> FILE-OTHER Eaton HMiSoft VU3 GIFFILE stack buffer overflow attempt
* 1:300184 <-> FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor stack buffer overflow attempt
* 1:300185 <-> FILE-OTHER Omron CX-One CX-Programmer malicious cxp file download attempt
* 1:300186 <-> FILE-MULTIMEDIA AVI file chunk length integer overflow attempt
* 1:300187 <-> FILE-OTHER Adobe Acrobat Pro XPS file malformed Source attribute buffer overflow attempt
* 1:59825 <-> SERVER-OTHER OpenVPN read_key buffer overflow attempt
* 1:59828 <-> FILE-IMAGE Microsoft Windows DirectShow JPEG double free attempt
* 1:59829 <-> FILE-IMAGE Microsoft Windows DirectShow JPEG double free attempt
* 1:59830 <-> FILE-IMAGE Microsoft Windows DirectShow JPEG double free attempt
* 1:59831 <-> FILE-IMAGE Microsoft Windows DirectShow JPEG double free attempt
* 1:59832 <-> SERVER-OTHER WatchGuard Firebox and XTM remote code execution attempt
* 1:59833 <-> SERVER-MAIL Dovecot denial of service attempt
* 1:59834 <-> SERVER-MAIL Dovecot denial of service attempt
* 1:59835 <-> SERVER-MAIL Dovecot denial of service attempt
* 1:59836 <-> SERVER-WEBAPP Jenkins Pipeline Groovy plugin Java expression language injection attempt
* 1:59837 <-> SERVER-WEBAPP Jenkins Pipeline Groovy plugin Java expression language injection attempt
* 1:59838 <-> POLICY-OTHER WordPress Plugin WPGraphQL potential denial of service attempt
* 1:59839 <-> POLICY-OTHER WordPress Plugin WPGraphQL potential denial of service attempt
* 1:59842 <-> SERVER-OTHER ISC BIND rndc control channel denial of service attempt
* 1:59843 <-> POLICY-OTHER Microsoft Exchange Export-ExchangeCertificate SOAP API call detected
* 1:59844 <-> POLICY-OTHER Microsoft Exchange New-ExchangeCertificate SOAP API call detected
* 1:59845 <-> POLICY-OTHER Microsoft Exchange Import-TransportRuleCollection SOAP request detected
* 1:59846 <-> SERVER-OTHER HP LoadRunner mxdr_string heap buffer overflow attempt
* 1:59849 <-> OS-LINUX Linux Kernel ipv4_pktinfo_prepare denial of service attempt
* 1:59852 <-> SERVER-ORACLE Oracle WebLogic Server IIOP JNDI injection attempt
* 1:59853 <-> OS-WINDOWS Microsoft Windows LNK file remote code execution attempt
* 1:59854 <-> OS-WINDOWS Microsoft Windows LNK file remote code execution attempt
* 1:59859 <-> PROTOCOL-DNS PHP dns_get_record out of bounds read attempt
* 1:59864 <-> OS-WINDOWS DHCP failover invalid length remote code execution attempt
* 1:59865 <-> SERVER-ORACLE Oracle WebLogic Coherence library remote code execution attempt
* 1:59866 <-> SERVER-OTHER Debian Redis Lua sandbox escape attempt
* 1:59867 <-> SERVER-OTHER Debian Redis Lua sandbox escape attempt
* 1:59868 <-> OS-WINDOWS DHCP failover relationship name denial of service attempt

Modified Rules:

* 1:41206 <-> SERVER-OTHER Aerospike Database Server index name buffer overflow attempt
* 1:41209 <-> SERVER-OTHER Aerospike Database Server Fabric particle_vtable out of bounds read attempt
* 3:44498 <-> SERVER-WEBAPP Cisco License Manager ReportCSV directory traversal attempt
* 3:44499 <-> SERVER-WEBAPP Cisco License Manager ReportCSV directory traversal attempt
* 3:44500 <-> SERVER-WEBAPP Cisco License Manager ReportCSV directory traversal attempt
* 1:47201 <-> FILE-OFFICE Microsoft Office Excel fileVersion use-after-free attempt
* 1:47202 <-> FILE-OFFICE Microsoft Office Excel fileVersion use-after-free attempt
* 1:47276 <-> FILE-OTHER Adobe Acrobat Pro XPS file PPDoc out-of-bounds read attempt
* 1:47277 <-> FILE-OTHER Adobe Acrobat Pro XPS file PPDoc out-of-bounds read attempt
* 1:51028 <-> OS-WINDOWS Microsoft Windows Object Packager ClickOnce object remote code execution attempt
* 1:58679 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58680 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58681 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58682 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:59509 <-> FILE-OTHER ClamAV OLE2 uniq_add out of bounds write attempt
* 1:59510 <-> FILE-OTHER ClamAV OLE2 uniq_add out of bounds write attempt
* 1:7707 <-> MALWARE-CNC omniquad instant remote control runtime detection - file transfer setup