Talos Rules 2022-07-12
Talos is aware of vulnerabilities affecting products from Microsoft Corporation.

Microsoft Vulnerability CVE-2022-22034: A coding deficiency exists in Microsoft Graphics Component that may lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with: Snort2: GID 1, SIDs 60206 through 60207, Snort3: GID 1, SID 300215.

Microsoft Vulnerability CVE-2022-22047: A coding deficiency exists in Microsoft Windows CSRSS that may lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with: Snort2: GID 1, SIDs 60213 through 60214, Snort3: GID 1, SID 300216.

Microsoft Vulnerability CVE-2022-30202: A coding deficiency exists in Microsoft Windows Advanced Local Procedure Call that may lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with: Snort2: GID 1, SIDs 60198 through 60199, Snort3: GID 1, SIDs 60198 through 60199.

Microsoft Vulnerability CVE-2022-30216: A coding deficiency exists in Microsoft Windows Server Service that may lead to tampering.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with: Snort2: GID 1, SIDs 60201 through 60202, Snort3: GID 1, SIDs 60201 through 60202.

Microsoft Vulnerability CVE-2022-30220: A coding deficiency exists in Microsoft Windows Common Log File System driver that may lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with: Snort2: GID 1, SIDs 60191 through 60192, Snort3: GID 1, SIDs 60191 through 60192.

Talos also has added and modified multiple rules in the browser-chrome, file-image, file-other, malware-cnc, os-windows, policy-other and server-webapp rule sets to provide coverage for emerging threats from these technologies.

For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.

Change logs

2022-07-12 17:23:53 UTC

Snort Subscriber Rules Update

Date: 2022-07-12

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2092000.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:60181 <-> ENABLED <-> MALWARE-CNC Win.Trojan.CrimsonRAT outbound communication attempt (malware-cnc.rules)
 * 1:60182 <-> ENABLED <-> MALWARE-CNC Win.Trojan.CrimsonRAT outbound communication attempt (malware-cnc.rules)
 * 1:60183 <-> ENABLED <-> MALWARE-CNC Win.Trojan.CrimsonRAT outbound communication attempt (malware-cnc.rules)
 * 1:60184 <-> DISABLED <-> SERVER-WEBAPP Oracle ADF RemoteApplicationResourceLoader potential unsafe deserialization attempt (server-webapp.rules)
 * 1:60185 <-> DISABLED <-> FILE-OTHER Wecon LeviStudioU DataLogTool history curve set stack-based buffer overflow attempt (file-other.rules)
 * 1:60186 <-> DISABLED <-> FILE-OTHER Wecon LeviStudioU DataLogTool history curve set stack-based buffer overflow attempt (file-other.rules)
 * 1:60187 <-> DISABLED <-> FILE-OTHER Wecon LeviStudioU DataLogTool history curve set stack-based buffer overflow attempt (file-other.rules)
 * 1:60188 <-> DISABLED <-> FILE-OTHER Wecon LeviStudioU DataLogTool history curve set stack-based buffer overflow attempt (file-other.rules)
 * 1:60189 <-> DISABLED <-> FILE-OTHER Wecon LeviStudioU DataLogTool history curve set stack-based buffer overflow attempt (file-other.rules)
 * 1:60190 <-> DISABLED <-> FILE-OTHER Wecon LeviStudioU DataLogTool history curve set stack-based buffer overflow attempt (file-other.rules)
 * 1:60191 <-> DISABLED <-> OS-WINDOWS Microsoft Windows storage elevation of privilege attempt (os-windows.rules)
 * 1:60192 <-> DISABLED <-> OS-WINDOWS Microsoft Windows storage elevation of privilege attempt (os-windows.rules)
 * 1:60193 <-> DISABLED <-> SERVER-WEBAPP Tenda Router SetIPv6Status command injection attempt (server-webapp.rules)
 * 1:60194 <-> DISABLED <-> SERVER-WEBAPP Tenda Router SetIPv6Status command injection attempt (server-webapp.rules)
 * 1:60195 <-> DISABLED <-> SERVER-WEBAPP Tenda Router SetIPv6Status command injection attempt (server-webapp.rules)
 * 1:60196 <-> DISABLED <-> SERVER-WEBAPP Tenda Router SetIPv6Status command injection attempt (server-webapp.rules)
 * 1:60197 <-> DISABLED <-> SERVER-WEBAPP D-Link SetNTPserverSeting command injection attempt (server-webapp.rules)
 * 1:60198 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Advanced Local Procedure Call elevation of privilege attempt (os-windows.rules)
 * 1:60199 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Advanced Local Procedure Call elevation of privilege attempt (os-windows.rules)
 * 1:60200 <-> DISABLED <-> SERVER-OTHER IBM TM1 Planning Analytics unauthenticated remote code execution attempt (server-other.rules)
 * 1:60201 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Server Service tampering attempt (os-windows.rules)
 * 1:60202 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Server Service tampering attempt (os-windows.rules)
 * 1:60203 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SRVSVC bind detected (os-windows.rules)
 * 1:60206 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Graphics Component elevation of privilege attempt (os-windows.rules)
 * 1:60207 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Graphics Component elevation of privilege attempt (os-windows.rules)
 * 1:60213 <-> DISABLED <-> OS-WINDOWS Microsoft Windows CSRS subsytem elevation of privilege attempt (os-windows.rules)
 * 1:60214 <-> DISABLED <-> OS-WINDOWS Microsoft Windows CSRS subsytem elevation of privilege attempt (os-windows.rules)
 * 1:60220 <-> DISABLED <-> BROWSER-CHROME Chrome IPC domDistiller sandbox escape attempt (browser-chrome.rules)
 * 1:60221 <-> DISABLED <-> BROWSER-CHROME Chrome IPC domDistiller sandbox escape attempt (browser-chrome.rules)
 * 1:60222 <-> DISABLED <-> BROWSER-CHROME V8 WebAssembly remote code execution attempt (browser-chrome.rules)
 * 1:60223 <-> DISABLED <-> BROWSER-CHROME V8 WebAssembly remote code execution attempt (browser-chrome.rules)
 * 1:60227 <-> DISABLED <-> SERVER-WEBAPP Apache httpd mod_lua req_parsebody denial of service attempt (server-webapp.rules)
 * 3:60204 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1549 attack attempt (server-webapp.rules)
 * 3:60205 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1549 attack attempt (server-webapp.rules)
 * 3:60208 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1550 attack attempt (server-webapp.rules)
 * 3:60209 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1571 attack attempt (server-webapp.rules)
 * 3:60210 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1571 attack attempt (server-webapp.rules)
 * 3:60211 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1571 attack attempt (server-webapp.rules)
 * 3:60212 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1552 attack attempt (policy-other.rules)
 * 3:60215 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1553 attack attempt (policy-other.rules)
 * 3:60216 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1553 attack attempt (policy-other.rules)
 * 3:60217 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1554 attack attempt (server-webapp.rules)
 * 3:60218 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1564 attack attempt (server-webapp.rules)
 * 3:60219 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1530 attack attempt (server-webapp.rules)
 * 3:60224 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1565 attack attempt (server-webapp.rules)
 * 3:60225 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2022-1544 attack attempt (file-image.rules)
 * 3:60226 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2022-1544 attack attempt (file-image.rules)
 * 3:60228 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2022-1526 attack attempt (file-image.rules)
 * 3:60229 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2022-1526 attack attempt (file-image.rules)

Modified Rules:



2022-07-12 17:23:53 UTC

Snort Subscriber Rules Update

Date: 2022-07-12

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091900.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:60222 <-> DISABLED <-> BROWSER-CHROME V8 WebAssembly remote code execution attempt (browser-chrome.rules)
 * 1:60223 <-> DISABLED <-> BROWSER-CHROME V8 WebAssembly remote code execution attempt (browser-chrome.rules)
 * 1:60181 <-> ENABLED <-> MALWARE-CNC Win.Trojan.CrimsonRAT outbound communication attempt (malware-cnc.rules)
 * 1:60182 <-> ENABLED <-> MALWARE-CNC Win.Trojan.CrimsonRAT outbound communication attempt (malware-cnc.rules)
 * 1:60183 <-> ENABLED <-> MALWARE-CNC Win.Trojan.CrimsonRAT outbound communication attempt (malware-cnc.rules)
 * 1:60191 <-> DISABLED <-> OS-WINDOWS Microsoft Windows storage elevation of privilege attempt (os-windows.rules)
 * 1:60186 <-> DISABLED <-> FILE-OTHER Wecon LeviStudioU DataLogTool history curve set stack-based buffer overflow attempt (file-other.rules)
 * 1:60187 <-> DISABLED <-> FILE-OTHER Wecon LeviStudioU DataLogTool history curve set stack-based buffer overflow attempt (file-other.rules)
 * 1:60188 <-> DISABLED <-> FILE-OTHER Wecon LeviStudioU DataLogTool history curve set stack-based buffer overflow attempt (file-other.rules)
 * 1:60185 <-> DISABLED <-> FILE-OTHER Wecon LeviStudioU DataLogTool history curve set stack-based buffer overflow attempt (file-other.rules)
 * 1:60202 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Server Service tampering attempt (os-windows.rules)
 * 1:60189 <-> DISABLED <-> FILE-OTHER Wecon LeviStudioU DataLogTool history curve set stack-based buffer overflow attempt (file-other.rules)
 * 1:60203 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SRVSVC bind detected (os-windows.rules)
 * 1:60206 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Graphics Component elevation of privilege attempt (os-windows.rules)
 * 1:60207 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Graphics Component elevation of privilege attempt (os-windows.rules)
 * 1:60192 <-> DISABLED <-> OS-WINDOWS Microsoft Windows storage elevation of privilege attempt (os-windows.rules)
 * 1:60196 <-> DISABLED <-> SERVER-WEBAPP Tenda Router SetIPv6Status command injection attempt (server-webapp.rules)
 * 1:60193 <-> DISABLED <-> SERVER-WEBAPP Tenda Router SetIPv6Status command injection attempt (server-webapp.rules)
 * 1:60194 <-> DISABLED <-> SERVER-WEBAPP Tenda Router SetIPv6Status command injection attempt (server-webapp.rules)
 * 1:60227 <-> DISABLED <-> SERVER-WEBAPP Apache httpd mod_lua req_parsebody denial of service attempt (server-webapp.rules)
 * 1:60195 <-> DISABLED <-> SERVER-WEBAPP Tenda Router SetIPv6Status command injection attempt (server-webapp.rules)
 * 1:60197 <-> DISABLED <-> SERVER-WEBAPP D-Link SetNTPserverSeting command injection attempt (server-webapp.rules)
 * 1:60190 <-> DISABLED <-> FILE-OTHER Wecon LeviStudioU DataLogTool history curve set stack-based buffer overflow attempt (file-other.rules)
 * 1:60199 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Advanced Local Procedure Call elevation of privilege attempt (os-windows.rules)
 * 1:60198 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Advanced Local Procedure Call elevation of privilege attempt (os-windows.rules)
 * 1:60201 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Server Service tampering attempt (os-windows.rules)
 * 1:60200 <-> DISABLED <-> SERVER-OTHER IBM TM1 Planning Analytics unauthenticated remote code execution attempt (server-other.rules)
 * 1:60213 <-> DISABLED <-> OS-WINDOWS Microsoft Windows CSRS subsytem elevation of privilege attempt (os-windows.rules)
 * 1:60214 <-> DISABLED <-> OS-WINDOWS Microsoft Windows CSRS subsytem elevation of privilege attempt (os-windows.rules)
 * 1:60221 <-> DISABLED <-> BROWSER-CHROME Chrome IPC domDistiller sandbox escape attempt (browser-chrome.rules)
 * 1:60220 <-> DISABLED <-> BROWSER-CHROME Chrome IPC domDistiller sandbox escape attempt (browser-chrome.rules)
 * 1:60184 <-> DISABLED <-> SERVER-WEBAPP Oracle ADF RemoteApplicationResourceLoader potential unsafe deserialization attempt (server-webapp.rules)
 * 3:60204 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1549 attack attempt (server-webapp.rules)
 * 3:60208 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1550 attack attempt (server-webapp.rules)
 * 3:60205 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1549 attack attempt (server-webapp.rules)
 * 3:60210 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1571 attack attempt (server-webapp.rules)
 * 3:60209 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1571 attack attempt (server-webapp.rules)
 * 3:60212 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1552 attack attempt (policy-other.rules)
 * 3:60211 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1571 attack attempt (server-webapp.rules)
 * 3:60215 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1553 attack attempt (policy-other.rules)
 * 3:60216 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1553 attack attempt (policy-other.rules)
 * 3:60218 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1564 attack attempt (server-webapp.rules)
 * 3:60217 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1554 attack attempt (server-webapp.rules)
 * 3:60224 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1565 attack attempt (server-webapp.rules)
 * 3:60219 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1530 attack attempt (server-webapp.rules)
 * 3:60226 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2022-1544 attack attempt (file-image.rules)
 * 3:60225 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2022-1544 attack attempt (file-image.rules)
 * 3:60229 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2022-1526 attack attempt (file-image.rules)
 * 3:60228 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2022-1526 attack attempt (file-image.rules)

Modified Rules:



2022-07-12 17:23:53 UTC

Snort Subscriber Rules Update

Date: 2022-07-12

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091801.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:60206 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Graphics Component elevation of privilege attempt (os-windows.rules)
 * 1:60188 <-> DISABLED <-> FILE-OTHER Wecon LeviStudioU DataLogTool history curve set stack-based buffer overflow attempt (file-other.rules)
 * 1:60198 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Advanced Local Procedure Call elevation of privilege attempt (os-windows.rules)
 * 1:60214 <-> DISABLED <-> OS-WINDOWS Microsoft Windows CSRS subsytem elevation of privilege attempt (os-windows.rules)
 * 1:60213 <-> DISABLED <-> OS-WINDOWS Microsoft Windows CSRS subsytem elevation of privilege attempt (os-windows.rules)
 * 1:60192 <-> DISABLED <-> OS-WINDOWS Microsoft Windows storage elevation of privilege attempt (os-windows.rules)
 * 1:60186 <-> DISABLED <-> FILE-OTHER Wecon LeviStudioU DataLogTool history curve set stack-based buffer overflow attempt (file-other.rules)
 * 1:60202 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Server Service tampering attempt (os-windows.rules)
 * 1:60199 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Advanced Local Procedure Call elevation of privilege attempt (os-windows.rules)
 * 1:60195 <-> DISABLED <-> SERVER-WEBAPP Tenda Router SetIPv6Status command injection attempt (server-webapp.rules)
 * 1:60196 <-> DISABLED <-> SERVER-WEBAPP Tenda Router SetIPv6Status command injection attempt (server-webapp.rules)
 * 1:60197 <-> DISABLED <-> SERVER-WEBAPP D-Link SetNTPserverSeting command injection attempt (server-webapp.rules)
 * 1:60190 <-> DISABLED <-> FILE-OTHER Wecon LeviStudioU DataLogTool history curve set stack-based buffer overflow attempt (file-other.rules)
 * 1:60200 <-> DISABLED <-> SERVER-OTHER IBM TM1 Planning Analytics unauthenticated remote code execution attempt (server-other.rules)
 * 1:60183 <-> ENABLED <-> MALWARE-CNC Win.Trojan.CrimsonRAT outbound communication attempt (malware-cnc.rules)
 * 1:60182 <-> ENABLED <-> MALWARE-CNC Win.Trojan.CrimsonRAT outbound communication attempt (malware-cnc.rules)
 * 1:60184 <-> DISABLED <-> SERVER-WEBAPP Oracle ADF RemoteApplicationResourceLoader potential unsafe deserialization attempt (server-webapp.rules)
 * 1:60187 <-> DISABLED <-> FILE-OTHER Wecon LeviStudioU DataLogTool history curve set stack-based buffer overflow attempt (file-other.rules)
 * 1:60203 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SRVSVC bind detected (os-windows.rules)
 * 1:60207 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Graphics Component elevation of privilege attempt (os-windows.rules)
 * 1:60220 <-> DISABLED <-> BROWSER-CHROME Chrome IPC domDistiller sandbox escape attempt (browser-chrome.rules)
 * 1:60201 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Server Service tampering attempt (os-windows.rules)
 * 1:60185 <-> DISABLED <-> FILE-OTHER Wecon LeviStudioU DataLogTool history curve set stack-based buffer overflow attempt (file-other.rules)
 * 1:60221 <-> DISABLED <-> BROWSER-CHROME Chrome IPC domDistiller sandbox escape attempt (browser-chrome.rules)
 * 1:60193 <-> DISABLED <-> SERVER-WEBAPP Tenda Router SetIPv6Status command injection attempt (server-webapp.rules)
 * 1:60222 <-> DISABLED <-> BROWSER-CHROME V8 WebAssembly remote code execution attempt (browser-chrome.rules)
 * 1:60223 <-> DISABLED <-> BROWSER-CHROME V8 WebAssembly remote code execution attempt (browser-chrome.rules)
 * 1:60227 <-> DISABLED <-> SERVER-WEBAPP Apache httpd mod_lua req_parsebody denial of service attempt (server-webapp.rules)
 * 1:60189 <-> DISABLED <-> FILE-OTHER Wecon LeviStudioU DataLogTool history curve set stack-based buffer overflow attempt (file-other.rules)
 * 1:60191 <-> DISABLED <-> OS-WINDOWS Microsoft Windows storage elevation of privilege attempt (os-windows.rules)
 * 1:60181 <-> ENABLED <-> MALWARE-CNC Win.Trojan.CrimsonRAT outbound communication attempt (malware-cnc.rules)
 * 1:60194 <-> DISABLED <-> SERVER-WEBAPP Tenda Router SetIPv6Status command injection attempt (server-webapp.rules)
 * 3:60204 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1549 attack attempt (server-webapp.rules)
 * 3:60205 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1549 attack attempt (server-webapp.rules)
 * 3:60208 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1550 attack attempt (server-webapp.rules)
 * 3:60209 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1571 attack attempt (server-webapp.rules)
 * 3:60210 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1571 attack attempt (server-webapp.rules)
 * 3:60211 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1571 attack attempt (server-webapp.rules)
 * 3:60212 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1552 attack attempt (policy-other.rules)
 * 3:60215 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1553 attack attempt (policy-other.rules)
 * 3:60216 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1553 attack attempt (policy-other.rules)
 * 3:60217 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1554 attack attempt (server-webapp.rules)
 * 3:60218 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1564 attack attempt (server-webapp.rules)
 * 3:60219 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1530 attack attempt (server-webapp.rules)
 * 3:60224 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1565 attack attempt (server-webapp.rules)
 * 3:60225 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2022-1544 attack attempt (file-image.rules)
 * 3:60226 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2022-1544 attack attempt (file-image.rules)
 * 3:60228 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2022-1526 attack attempt (file-image.rules)
 * 3:60229 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2022-1526 attack attempt (file-image.rules)

Modified Rules:



2022-07-12 17:23:53 UTC

Snort Subscriber Rules Update

Date: 2022-07-12

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091701.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:60223 <-> DISABLED <-> BROWSER-CHROME V8 WebAssembly remote code execution attempt (browser-chrome.rules)
 * 1:60193 <-> DISABLED <-> SERVER-WEBAPP Tenda Router SetIPv6Status command injection attempt (server-webapp.rules)
 * 1:60200 <-> DISABLED <-> SERVER-OTHER IBM TM1 Planning Analytics unauthenticated remote code execution attempt (server-other.rules)
 * 1:60202 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Server Service tampering attempt (os-windows.rules)
 * 1:60192 <-> DISABLED <-> OS-WINDOWS Microsoft Windows storage elevation of privilege attempt (os-windows.rules)
 * 1:60199 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Advanced Local Procedure Call elevation of privilege attempt (os-windows.rules)
 * 1:60221 <-> DISABLED <-> BROWSER-CHROME Chrome IPC domDistiller sandbox escape attempt (browser-chrome.rules)
 * 1:60220 <-> DISABLED <-> BROWSER-CHROME Chrome IPC domDistiller sandbox escape attempt (browser-chrome.rules)
 * 1:60196 <-> DISABLED <-> SERVER-WEBAPP Tenda Router SetIPv6Status command injection attempt (server-webapp.rules)
 * 1:60222 <-> DISABLED <-> BROWSER-CHROME V8 WebAssembly remote code execution attempt (browser-chrome.rules)
 * 1:60207 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Graphics Component elevation of privilege attempt (os-windows.rules)
 * 1:60181 <-> ENABLED <-> MALWARE-CNC Win.Trojan.CrimsonRAT outbound communication attempt (malware-cnc.rules)
 * 1:60214 <-> DISABLED <-> OS-WINDOWS Microsoft Windows CSRS subsytem elevation of privilege attempt (os-windows.rules)
 * 1:60182 <-> ENABLED <-> MALWARE-CNC Win.Trojan.CrimsonRAT outbound communication attempt (malware-cnc.rules)
 * 1:60183 <-> ENABLED <-> MALWARE-CNC Win.Trojan.CrimsonRAT outbound communication attempt (malware-cnc.rules)
 * 1:60184 <-> DISABLED <-> SERVER-WEBAPP Oracle ADF RemoteApplicationResourceLoader potential unsafe deserialization attempt (server-webapp.rules)
 * 1:60185 <-> DISABLED <-> FILE-OTHER Wecon LeviStudioU DataLogTool history curve set stack-based buffer overflow attempt (file-other.rules)
 * 1:60186 <-> DISABLED <-> FILE-OTHER Wecon LeviStudioU DataLogTool history curve set stack-based buffer overflow attempt (file-other.rules)
 * 1:60187 <-> DISABLED <-> FILE-OTHER Wecon LeviStudioU DataLogTool history curve set stack-based buffer overflow attempt (file-other.rules)
 * 1:60188 <-> DISABLED <-> FILE-OTHER Wecon LeviStudioU DataLogTool history curve set stack-based buffer overflow attempt (file-other.rules)
 * 1:60189 <-> DISABLED <-> FILE-OTHER Wecon LeviStudioU DataLogTool history curve set stack-based buffer overflow attempt (file-other.rules)
 * 1:60190 <-> DISABLED <-> FILE-OTHER Wecon LeviStudioU DataLogTool history curve set stack-based buffer overflow attempt (file-other.rules)
 * 1:60191 <-> DISABLED <-> OS-WINDOWS Microsoft Windows storage elevation of privilege attempt (os-windows.rules)
 * 1:60203 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SRVSVC bind detected (os-windows.rules)
 * 1:60197 <-> DISABLED <-> SERVER-WEBAPP D-Link SetNTPserverSeting command injection attempt (server-webapp.rules)
 * 1:60198 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Advanced Local Procedure Call elevation of privilege attempt (os-windows.rules)
 * 1:60206 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Graphics Component elevation of privilege attempt (os-windows.rules)
 * 1:60195 <-> DISABLED <-> SERVER-WEBAPP Tenda Router SetIPv6Status command injection attempt (server-webapp.rules)
 * 1:60213 <-> DISABLED <-> OS-WINDOWS Microsoft Windows CSRS subsytem elevation of privilege attempt (os-windows.rules)
 * 1:60227 <-> DISABLED <-> SERVER-WEBAPP Apache httpd mod_lua req_parsebody denial of service attempt (server-webapp.rules)
 * 1:60201 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Server Service tampering attempt (os-windows.rules)
 * 1:60194 <-> DISABLED <-> SERVER-WEBAPP Tenda Router SetIPv6Status command injection attempt (server-webapp.rules)
 * 3:60204 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1549 attack attempt (server-webapp.rules)
 * 3:60205 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1549 attack attempt (server-webapp.rules)
 * 3:60208 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1550 attack attempt (server-webapp.rules)
 * 3:60209 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1571 attack attempt (server-webapp.rules)
 * 3:60210 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1571 attack attempt (server-webapp.rules)
 * 3:60211 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1571 attack attempt (server-webapp.rules)
 * 3:60212 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1552 attack attempt (policy-other.rules)
 * 3:60215 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1553 attack attempt (policy-other.rules)
 * 3:60216 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1553 attack attempt (policy-other.rules)
 * 3:60217 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1554 attack attempt (server-webapp.rules)
 * 3:60218 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1564 attack attempt (server-webapp.rules)
 * 3:60219 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1530 attack attempt (server-webapp.rules)
 * 3:60224 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1565 attack attempt (server-webapp.rules)
 * 3:60225 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2022-1544 attack attempt (file-image.rules)
 * 3:60226 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2022-1544 attack attempt (file-image.rules)
 * 3:60228 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2022-1526 attack attempt (file-image.rules)
 * 3:60229 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2022-1526 attack attempt (file-image.rules)

Modified Rules:



2022-07-12 17:23:53 UTC

Snort Subscriber Rules Update

Date: 2022-07-12

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091700.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:60227 <-> DISABLED <-> SERVER-WEBAPP Apache httpd mod_lua req_parsebody denial of service attempt (server-webapp.rules)
 * 1:60193 <-> DISABLED <-> SERVER-WEBAPP Tenda Router SetIPv6Status command injection attempt (server-webapp.rules)
 * 1:60196 <-> DISABLED <-> SERVER-WEBAPP Tenda Router SetIPv6Status command injection attempt (server-webapp.rules)
 * 1:60194 <-> DISABLED <-> SERVER-WEBAPP Tenda Router SetIPv6Status command injection attempt (server-webapp.rules)
 * 1:60197 <-> DISABLED <-> SERVER-WEBAPP D-Link SetNTPserverSeting command injection attempt (server-webapp.rules)
 * 1:60198 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Advanced Local Procedure Call elevation of privilege attempt (os-windows.rules)
 * 1:60195 <-> DISABLED <-> SERVER-WEBAPP Tenda Router SetIPv6Status command injection attempt (server-webapp.rules)
 * 1:60192 <-> DISABLED <-> OS-WINDOWS Microsoft Windows storage elevation of privilege attempt (os-windows.rules)
 * 1:60201 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Server Service tampering attempt (os-windows.rules)
 * 1:60200 <-> DISABLED <-> SERVER-OTHER IBM TM1 Planning Analytics unauthenticated remote code execution attempt (server-other.rules)
 * 1:60199 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Advanced Local Procedure Call elevation of privilege attempt (os-windows.rules)
 * 1:60202 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Server Service tampering attempt (os-windows.rules)
 * 1:60203 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SRVSVC bind detected (os-windows.rules)
 * 1:60182 <-> ENABLED <-> MALWARE-CNC Win.Trojan.CrimsonRAT outbound communication attempt (malware-cnc.rules)
 * 1:60183 <-> ENABLED <-> MALWARE-CNC Win.Trojan.CrimsonRAT outbound communication attempt (malware-cnc.rules)
 * 1:60181 <-> ENABLED <-> MALWARE-CNC Win.Trojan.CrimsonRAT outbound communication attempt (malware-cnc.rules)
 * 1:60187 <-> DISABLED <-> FILE-OTHER Wecon LeviStudioU DataLogTool history curve set stack-based buffer overflow attempt (file-other.rules)
 * 1:60186 <-> DISABLED <-> FILE-OTHER Wecon LeviStudioU DataLogTool history curve set stack-based buffer overflow attempt (file-other.rules)
 * 1:60185 <-> DISABLED <-> FILE-OTHER Wecon LeviStudioU DataLogTool history curve set stack-based buffer overflow attempt (file-other.rules)
 * 1:60184 <-> DISABLED <-> SERVER-WEBAPP Oracle ADF RemoteApplicationResourceLoader potential unsafe deserialization attempt (server-webapp.rules)
 * 1:60191 <-> DISABLED <-> OS-WINDOWS Microsoft Windows storage elevation of privilege attempt (os-windows.rules)
 * 1:60190 <-> DISABLED <-> FILE-OTHER Wecon LeviStudioU DataLogTool history curve set stack-based buffer overflow attempt (file-other.rules)
 * 1:60189 <-> DISABLED <-> FILE-OTHER Wecon LeviStudioU DataLogTool history curve set stack-based buffer overflow attempt (file-other.rules)
 * 1:60188 <-> DISABLED <-> FILE-OTHER Wecon LeviStudioU DataLogTool history curve set stack-based buffer overflow attempt (file-other.rules)
 * 1:60220 <-> DISABLED <-> BROWSER-CHROME Chrome IPC domDistiller sandbox escape attempt (browser-chrome.rules)
 * 1:60214 <-> DISABLED <-> OS-WINDOWS Microsoft Windows CSRS subsytem elevation of privilege attempt (os-windows.rules)
 * 1:60222 <-> DISABLED <-> BROWSER-CHROME V8 WebAssembly remote code execution attempt (browser-chrome.rules)
 * 1:60223 <-> DISABLED <-> BROWSER-CHROME V8 WebAssembly remote code execution attempt (browser-chrome.rules)
 * 1:60221 <-> DISABLED <-> BROWSER-CHROME Chrome IPC domDistiller sandbox escape attempt (browser-chrome.rules)
 * 1:60213 <-> DISABLED <-> OS-WINDOWS Microsoft Windows CSRS subsytem elevation of privilege attempt (os-windows.rules)
 * 1:60206 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Graphics Component elevation of privilege attempt (os-windows.rules)
 * 1:60207 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Graphics Component elevation of privilege attempt (os-windows.rules)
 * 3:60204 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1549 attack attempt (server-webapp.rules)
 * 3:60205 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1549 attack attempt (server-webapp.rules)
 * 3:60208 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1550 attack attempt (server-webapp.rules)
 * 3:60209 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1571 attack attempt (server-webapp.rules)
 * 3:60212 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1552 attack attempt (policy-other.rules)
 * 3:60211 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1571 attack attempt (server-webapp.rules)
 * 3:60210 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1571 attack attempt (server-webapp.rules)
 * 3:60215 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1553 attack attempt (policy-other.rules)
 * 3:60218 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1564 attack attempt (server-webapp.rules)
 * 3:60217 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1554 attack attempt (server-webapp.rules)
 * 3:60216 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1553 attack attempt (policy-other.rules)
 * 3:60219 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1530 attack attempt (server-webapp.rules)
 * 3:60226 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2022-1544 attack attempt (file-image.rules)
 * 3:60225 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2022-1544 attack attempt (file-image.rules)
 * 3:60224 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1565 attack attempt (server-webapp.rules)
 * 3:60228 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2022-1526 attack attempt (file-image.rules)
 * 3:60229 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2022-1526 attack attempt (file-image.rules)

Modified Rules:



2022-07-12 17:23:53 UTC

Snort Subscriber Rules Update

Date: 2022-07-12

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091601.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:60223 <-> DISABLED <-> BROWSER-CHROME V8 WebAssembly remote code execution attempt (browser-chrome.rules)
 * 1:60213 <-> DISABLED <-> OS-WINDOWS Microsoft Windows CSRS subsytem elevation of privilege attempt (os-windows.rules)
 * 1:60186 <-> DISABLED <-> FILE-OTHER Wecon LeviStudioU DataLogTool history curve set stack-based buffer overflow attempt (file-other.rules)
 * 1:60221 <-> DISABLED <-> BROWSER-CHROME Chrome IPC domDistiller sandbox escape attempt (browser-chrome.rules)
 * 1:60222 <-> DISABLED <-> BROWSER-CHROME V8 WebAssembly remote code execution attempt (browser-chrome.rules)
 * 1:60196 <-> DISABLED <-> SERVER-WEBAPP Tenda Router SetIPv6Status command injection attempt (server-webapp.rules)
 * 1:60190 <-> DISABLED <-> FILE-OTHER Wecon LeviStudioU DataLogTool history curve set stack-based buffer overflow attempt (file-other.rules)
 * 1:60227 <-> DISABLED <-> SERVER-WEBAPP Apache httpd mod_lua req_parsebody denial of service attempt (server-webapp.rules)
 * 1:60188 <-> DISABLED <-> FILE-OTHER Wecon LeviStudioU DataLogTool history curve set stack-based buffer overflow attempt (file-other.rules)
 * 1:60195 <-> DISABLED <-> SERVER-WEBAPP Tenda Router SetIPv6Status command injection attempt (server-webapp.rules)
 * 1:60189 <-> DISABLED <-> FILE-OTHER Wecon LeviStudioU DataLogTool history curve set stack-based buffer overflow attempt (file-other.rules)
 * 1:60184 <-> DISABLED <-> SERVER-WEBAPP Oracle ADF RemoteApplicationResourceLoader potential unsafe deserialization attempt (server-webapp.rules)
 * 1:60187 <-> DISABLED <-> FILE-OTHER Wecon LeviStudioU DataLogTool history curve set stack-based buffer overflow attempt (file-other.rules)
 * 1:60182 <-> ENABLED <-> MALWARE-CNC Win.Trojan.CrimsonRAT outbound communication attempt (malware-cnc.rules)
 * 1:60198 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Advanced Local Procedure Call elevation of privilege attempt (os-windows.rules)
 * 1:60207 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Graphics Component elevation of privilege attempt (os-windows.rules)
 * 1:60191 <-> DISABLED <-> OS-WINDOWS Microsoft Windows storage elevation of privilege attempt (os-windows.rules)
 * 1:60194 <-> DISABLED <-> SERVER-WEBAPP Tenda Router SetIPv6Status command injection attempt (server-webapp.rules)
 * 1:60192 <-> DISABLED <-> OS-WINDOWS Microsoft Windows storage elevation of privilege attempt (os-windows.rules)
 * 1:60202 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Server Service tampering attempt (os-windows.rules)
 * 1:60203 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SRVSVC bind detected (os-windows.rules)
 * 1:60206 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Graphics Component elevation of privilege attempt (os-windows.rules)
 * 1:60199 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Advanced Local Procedure Call elevation of privilege attempt (os-windows.rules)
 * 1:60197 <-> DISABLED <-> SERVER-WEBAPP D-Link SetNTPserverSeting command injection attempt (server-webapp.rules)
 * 1:60200 <-> DISABLED <-> SERVER-OTHER IBM TM1 Planning Analytics unauthenticated remote code execution attempt (server-other.rules)
 * 1:60193 <-> DISABLED <-> SERVER-WEBAPP Tenda Router SetIPv6Status command injection attempt (server-webapp.rules)
 * 1:60214 <-> DISABLED <-> OS-WINDOWS Microsoft Windows CSRS subsytem elevation of privilege attempt (os-windows.rules)
 * 1:60181 <-> ENABLED <-> MALWARE-CNC Win.Trojan.CrimsonRAT outbound communication attempt (malware-cnc.rules)
 * 1:60185 <-> DISABLED <-> FILE-OTHER Wecon LeviStudioU DataLogTool history curve set stack-based buffer overflow attempt (file-other.rules)
 * 1:60183 <-> ENABLED <-> MALWARE-CNC Win.Trojan.CrimsonRAT outbound communication attempt (malware-cnc.rules)
 * 1:60201 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Server Service tampering attempt (os-windows.rules)
 * 1:60220 <-> DISABLED <-> BROWSER-CHROME Chrome IPC domDistiller sandbox escape attempt (browser-chrome.rules)
 * 3:60204 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1549 attack attempt (server-webapp.rules)
 * 3:60212 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1552 attack attempt (policy-other.rules)
 * 3:60211 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1571 attack attempt (server-webapp.rules)
 * 3:60209 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1571 attack attempt (server-webapp.rules)
 * 3:60217 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1554 attack attempt (server-webapp.rules)
 * 3:60215 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1553 attack attempt (policy-other.rules)
 * 3:60210 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1571 attack attempt (server-webapp.rules)
 * 3:60225 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2022-1544 attack attempt (file-image.rules)
 * 3:60218 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1564 attack attempt (server-webapp.rules)
 * 3:60208 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1550 attack attempt (server-webapp.rules)
 * 3:60219 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1530 attack attempt (server-webapp.rules)
 * 3:60216 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1553 attack attempt (policy-other.rules)
 * 3:60226 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2022-1544 attack attempt (file-image.rules)
 * 3:60228 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2022-1526 attack attempt (file-image.rules)
 * 3:60224 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1565 attack attempt (server-webapp.rules)
 * 3:60229 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2022-1526 attack attempt (file-image.rules)
 * 3:60205 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1549 attack attempt (server-webapp.rules)

Modified Rules:



2022-07-12 17:23:53 UTC

Snort Subscriber Rules Update

Date: 2022-07-12

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091600.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:60214 <-> DISABLED <-> OS-WINDOWS Microsoft Windows CSRS subsytem elevation of privilege attempt (os-windows.rules)
 * 1:60185 <-> DISABLED <-> FILE-OTHER Wecon LeviStudioU DataLogTool history curve set stack-based buffer overflow attempt (file-other.rules)
 * 1:60213 <-> DISABLED <-> OS-WINDOWS Microsoft Windows CSRS subsytem elevation of privilege attempt (os-windows.rules)
 * 1:60227 <-> DISABLED <-> SERVER-WEBAPP Apache httpd mod_lua req_parsebody denial of service attempt (server-webapp.rules)
 * 1:60197 <-> DISABLED <-> SERVER-WEBAPP D-Link SetNTPserverSeting command injection attempt (server-webapp.rules)
 * 1:60221 <-> DISABLED <-> BROWSER-CHROME Chrome IPC domDistiller sandbox escape attempt (browser-chrome.rules)
 * 1:60202 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Server Service tampering attempt (os-windows.rules)
 * 1:60182 <-> ENABLED <-> MALWARE-CNC Win.Trojan.CrimsonRAT outbound communication attempt (malware-cnc.rules)
 * 1:60193 <-> DISABLED <-> SERVER-WEBAPP Tenda Router SetIPv6Status command injection attempt (server-webapp.rules)
 * 1:60220 <-> DISABLED <-> BROWSER-CHROME Chrome IPC domDistiller sandbox escape attempt (browser-chrome.rules)
 * 1:60186 <-> DISABLED <-> FILE-OTHER Wecon LeviStudioU DataLogTool history curve set stack-based buffer overflow attempt (file-other.rules)
 * 1:60222 <-> DISABLED <-> BROWSER-CHROME V8 WebAssembly remote code execution attempt (browser-chrome.rules)
 * 1:60189 <-> DISABLED <-> FILE-OTHER Wecon LeviStudioU DataLogTool history curve set stack-based buffer overflow attempt (file-other.rules)
 * 1:60223 <-> DISABLED <-> BROWSER-CHROME V8 WebAssembly remote code execution attempt (browser-chrome.rules)
 * 1:60188 <-> DISABLED <-> FILE-OTHER Wecon LeviStudioU DataLogTool history curve set stack-based buffer overflow attempt (file-other.rules)
 * 1:60191 <-> DISABLED <-> OS-WINDOWS Microsoft Windows storage elevation of privilege attempt (os-windows.rules)
 * 1:60199 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Advanced Local Procedure Call elevation of privilege attempt (os-windows.rules)
 * 1:60200 <-> DISABLED <-> SERVER-OTHER IBM TM1 Planning Analytics unauthenticated remote code execution attempt (server-other.rules)
 * 1:60187 <-> DISABLED <-> FILE-OTHER Wecon LeviStudioU DataLogTool history curve set stack-based buffer overflow attempt (file-other.rules)
 * 1:60206 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Graphics Component elevation of privilege attempt (os-windows.rules)
 * 1:60203 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SRVSVC bind detected (os-windows.rules)
 * 1:60195 <-> DISABLED <-> SERVER-WEBAPP Tenda Router SetIPv6Status command injection attempt (server-webapp.rules)
 * 1:60196 <-> DISABLED <-> SERVER-WEBAPP Tenda Router SetIPv6Status command injection attempt (server-webapp.rules)
 * 1:60190 <-> DISABLED <-> FILE-OTHER Wecon LeviStudioU DataLogTool history curve set stack-based buffer overflow attempt (file-other.rules)
 * 1:60207 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Graphics Component elevation of privilege attempt (os-windows.rules)
 * 1:60201 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Server Service tampering attempt (os-windows.rules)
 * 1:60183 <-> ENABLED <-> MALWARE-CNC Win.Trojan.CrimsonRAT outbound communication attempt (malware-cnc.rules)
 * 1:60184 <-> DISABLED <-> SERVER-WEBAPP Oracle ADF RemoteApplicationResourceLoader potential unsafe deserialization attempt (server-webapp.rules)
 * 1:60181 <-> ENABLED <-> MALWARE-CNC Win.Trojan.CrimsonRAT outbound communication attempt (malware-cnc.rules)
 * 1:60198 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Advanced Local Procedure Call elevation of privilege attempt (os-windows.rules)
 * 1:60194 <-> DISABLED <-> SERVER-WEBAPP Tenda Router SetIPv6Status command injection attempt (server-webapp.rules)
 * 1:60192 <-> DISABLED <-> OS-WINDOWS Microsoft Windows storage elevation of privilege attempt (os-windows.rules)
 * 3:60204 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1549 attack attempt (server-webapp.rules)
 * 3:60205 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1549 attack attempt (server-webapp.rules)
 * 3:60208 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1550 attack attempt (server-webapp.rules)
 * 3:60209 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1571 attack attempt (server-webapp.rules)
 * 3:60210 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1571 attack attempt (server-webapp.rules)
 * 3:60211 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1571 attack attempt (server-webapp.rules)
 * 3:60212 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1552 attack attempt (policy-other.rules)
 * 3:60215 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1553 attack attempt (policy-other.rules)
 * 3:60216 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1553 attack attempt (policy-other.rules)
 * 3:60217 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1554 attack attempt (server-webapp.rules)
 * 3:60218 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1564 attack attempt (server-webapp.rules)
 * 3:60219 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1530 attack attempt (server-webapp.rules)
 * 3:60224 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1565 attack attempt (server-webapp.rules)
 * 3:60225 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2022-1544 attack attempt (file-image.rules)
 * 3:60226 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2022-1544 attack attempt (file-image.rules)
 * 3:60228 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2022-1526 attack attempt (file-image.rules)
 * 3:60229 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2022-1526 attack attempt (file-image.rules)

Modified Rules:



2022-07-12 17:23:53 UTC

Snort Subscriber Rules Update

Date: 2022-07-12

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091501.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:60186 <-> DISABLED <-> FILE-OTHER Wecon LeviStudioU DataLogTool history curve set stack-based buffer overflow attempt (file-other.rules)
 * 1:60193 <-> DISABLED <-> SERVER-WEBAPP Tenda Router SetIPv6Status command injection attempt (server-webapp.rules)
 * 1:60220 <-> DISABLED <-> BROWSER-CHROME Chrome IPC domDistiller sandbox escape attempt (browser-chrome.rules)
 * 1:60182 <-> ENABLED <-> MALWARE-CNC Win.Trojan.CrimsonRAT outbound communication attempt (malware-cnc.rules)
 * 1:60189 <-> DISABLED <-> FILE-OTHER Wecon LeviStudioU DataLogTool history curve set stack-based buffer overflow attempt (file-other.rules)
 * 1:60221 <-> DISABLED <-> BROWSER-CHROME Chrome IPC domDistiller sandbox escape attempt (browser-chrome.rules)
 * 1:60190 <-> DISABLED <-> FILE-OTHER Wecon LeviStudioU DataLogTool history curve set stack-based buffer overflow attempt (file-other.rules)
 * 1:60203 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SRVSVC bind detected (os-windows.rules)
 * 1:60200 <-> DISABLED <-> SERVER-OTHER IBM TM1 Planning Analytics unauthenticated remote code execution attempt (server-other.rules)
 * 1:60214 <-> DISABLED <-> OS-WINDOWS Microsoft Windows CSRS subsytem elevation of privilege attempt (os-windows.rules)
 * 1:60201 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Server Service tampering attempt (os-windows.rules)
 * 1:60181 <-> ENABLED <-> MALWARE-CNC Win.Trojan.CrimsonRAT outbound communication attempt (malware-cnc.rules)
 * 1:60199 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Advanced Local Procedure Call elevation of privilege attempt (os-windows.rules)
 * 1:60197 <-> DISABLED <-> SERVER-WEBAPP D-Link SetNTPserverSeting command injection attempt (server-webapp.rules)
 * 1:60184 <-> DISABLED <-> SERVER-WEBAPP Oracle ADF RemoteApplicationResourceLoader potential unsafe deserialization attempt (server-webapp.rules)
 * 1:60206 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Graphics Component elevation of privilege attempt (os-windows.rules)
 * 1:60198 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Advanced Local Procedure Call elevation of privilege attempt (os-windows.rules)
 * 1:60196 <-> DISABLED <-> SERVER-WEBAPP Tenda Router SetIPv6Status command injection attempt (server-webapp.rules)
 * 1:60185 <-> DISABLED <-> FILE-OTHER Wecon LeviStudioU DataLogTool history curve set stack-based buffer overflow attempt (file-other.rules)
 * 1:60213 <-> DISABLED <-> OS-WINDOWS Microsoft Windows CSRS subsytem elevation of privilege attempt (os-windows.rules)
 * 1:60191 <-> DISABLED <-> OS-WINDOWS Microsoft Windows storage elevation of privilege attempt (os-windows.rules)
 * 1:60195 <-> DISABLED <-> SERVER-WEBAPP Tenda Router SetIPv6Status command injection attempt (server-webapp.rules)
 * 1:60192 <-> DISABLED <-> OS-WINDOWS Microsoft Windows storage elevation of privilege attempt (os-windows.rules)
 * 1:60194 <-> DISABLED <-> SERVER-WEBAPP Tenda Router SetIPv6Status command injection attempt (server-webapp.rules)
 * 1:60227 <-> DISABLED <-> SERVER-WEBAPP Apache httpd mod_lua req_parsebody denial of service attempt (server-webapp.rules)
 * 1:60207 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Graphics Component elevation of privilege attempt (os-windows.rules)
 * 1:60183 <-> ENABLED <-> MALWARE-CNC Win.Trojan.CrimsonRAT outbound communication attempt (malware-cnc.rules)
 * 1:60222 <-> DISABLED <-> BROWSER-CHROME V8 WebAssembly remote code execution attempt (browser-chrome.rules)
 * 1:60202 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Server Service tampering attempt (os-windows.rules)
 * 1:60188 <-> DISABLED <-> FILE-OTHER Wecon LeviStudioU DataLogTool history curve set stack-based buffer overflow attempt (file-other.rules)
 * 1:60187 <-> DISABLED <-> FILE-OTHER Wecon LeviStudioU DataLogTool history curve set stack-based buffer overflow attempt (file-other.rules)
 * 1:60223 <-> DISABLED <-> BROWSER-CHROME V8 WebAssembly remote code execution attempt (browser-chrome.rules)
 * 3:60204 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1549 attack attempt (server-webapp.rules)
 * 3:60205 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1549 attack attempt (server-webapp.rules)
 * 3:60208 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1550 attack attempt (server-webapp.rules)
 * 3:60209 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1571 attack attempt (server-webapp.rules)
 * 3:60210 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1571 attack attempt (server-webapp.rules)
 * 3:60211 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1571 attack attempt (server-webapp.rules)
 * 3:60212 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1552 attack attempt (policy-other.rules)
 * 3:60215 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1553 attack attempt (policy-other.rules)
 * 3:60216 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1553 attack attempt (policy-other.rules)
 * 3:60217 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1554 attack attempt (server-webapp.rules)
 * 3:60218 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1564 attack attempt (server-webapp.rules)
 * 3:60219 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1530 attack attempt (server-webapp.rules)
 * 3:60224 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1565 attack attempt (server-webapp.rules)
 * 3:60225 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2022-1544 attack attempt (file-image.rules)
 * 3:60226 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2022-1544 attack attempt (file-image.rules)
 * 3:60228 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2022-1526 attack attempt (file-image.rules)
 * 3:60229 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2022-1526 attack attempt (file-image.rules)

Modified Rules:



2022-07-12 17:23:53 UTC

Snort Subscriber Rules Update

Date: 2022-07-12

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091401.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:60201 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Server Service tampering attempt (os-windows.rules)
 * 1:60200 <-> DISABLED <-> SERVER-OTHER IBM TM1 Planning Analytics unauthenticated remote code execution attempt (server-other.rules)
 * 1:60207 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Graphics Component elevation of privilege attempt (os-windows.rules)
 * 1:60222 <-> DISABLED <-> BROWSER-CHROME V8 WebAssembly remote code execution attempt (browser-chrome.rules)
 * 1:60195 <-> DISABLED <-> SERVER-WEBAPP Tenda Router SetIPv6Status command injection attempt (server-webapp.rules)
 * 1:60197 <-> DISABLED <-> SERVER-WEBAPP D-Link SetNTPserverSeting command injection attempt (server-webapp.rules)
 * 1:60190 <-> DISABLED <-> FILE-OTHER Wecon LeviStudioU DataLogTool history curve set stack-based buffer overflow attempt (file-other.rules)
 * 1:60227 <-> DISABLED <-> SERVER-WEBAPP Apache httpd mod_lua req_parsebody denial of service attempt (server-webapp.rules)
 * 1:60193 <-> DISABLED <-> SERVER-WEBAPP Tenda Router SetIPv6Status command injection attempt (server-webapp.rules)
 * 1:60198 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Advanced Local Procedure Call elevation of privilege attempt (os-windows.rules)
 * 1:60186 <-> DISABLED <-> FILE-OTHER Wecon LeviStudioU DataLogTool history curve set stack-based buffer overflow attempt (file-other.rules)
 * 1:60213 <-> DISABLED <-> OS-WINDOWS Microsoft Windows CSRS subsytem elevation of privilege attempt (os-windows.rules)
 * 1:60221 <-> DISABLED <-> BROWSER-CHROME Chrome IPC domDistiller sandbox escape attempt (browser-chrome.rules)
 * 1:60223 <-> DISABLED <-> BROWSER-CHROME V8 WebAssembly remote code execution attempt (browser-chrome.rules)
 * 1:60199 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Advanced Local Procedure Call elevation of privilege attempt (os-windows.rules)
 * 1:60187 <-> DISABLED <-> FILE-OTHER Wecon LeviStudioU DataLogTool history curve set stack-based buffer overflow attempt (file-other.rules)
 * 1:60184 <-> DISABLED <-> SERVER-WEBAPP Oracle ADF RemoteApplicationResourceLoader potential unsafe deserialization attempt (server-webapp.rules)
 * 1:60183 <-> ENABLED <-> MALWARE-CNC Win.Trojan.CrimsonRAT outbound communication attempt (malware-cnc.rules)
 * 1:60188 <-> DISABLED <-> FILE-OTHER Wecon LeviStudioU DataLogTool history curve set stack-based buffer overflow attempt (file-other.rules)
 * 1:60203 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SRVSVC bind detected (os-windows.rules)
 * 1:60185 <-> DISABLED <-> FILE-OTHER Wecon LeviStudioU DataLogTool history curve set stack-based buffer overflow attempt (file-other.rules)
 * 1:60220 <-> DISABLED <-> BROWSER-CHROME Chrome IPC domDistiller sandbox escape attempt (browser-chrome.rules)
 * 1:60214 <-> DISABLED <-> OS-WINDOWS Microsoft Windows CSRS subsytem elevation of privilege attempt (os-windows.rules)
 * 1:60202 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Server Service tampering attempt (os-windows.rules)
 * 1:60192 <-> DISABLED <-> OS-WINDOWS Microsoft Windows storage elevation of privilege attempt (os-windows.rules)
 * 1:60194 <-> DISABLED <-> SERVER-WEBAPP Tenda Router SetIPv6Status command injection attempt (server-webapp.rules)
 * 1:60206 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Graphics Component elevation of privilege attempt (os-windows.rules)
 * 1:60196 <-> DISABLED <-> SERVER-WEBAPP Tenda Router SetIPv6Status command injection attempt (server-webapp.rules)
 * 1:60181 <-> ENABLED <-> MALWARE-CNC Win.Trojan.CrimsonRAT outbound communication attempt (malware-cnc.rules)
 * 1:60191 <-> DISABLED <-> OS-WINDOWS Microsoft Windows storage elevation of privilege attempt (os-windows.rules)
 * 1:60182 <-> ENABLED <-> MALWARE-CNC Win.Trojan.CrimsonRAT outbound communication attempt (malware-cnc.rules)
 * 1:60189 <-> DISABLED <-> FILE-OTHER Wecon LeviStudioU DataLogTool history curve set stack-based buffer overflow attempt (file-other.rules)
 * 3:60217 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1554 attack attempt (server-webapp.rules)
 * 3:60215 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1553 attack attempt (policy-other.rules)
 * 3:60218 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1564 attack attempt (server-webapp.rules)
 * 3:60210 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1571 attack attempt (server-webapp.rules)
 * 3:60228 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2022-1526 attack attempt (file-image.rules)
 * 3:60224 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1565 attack attempt (server-webapp.rules)
 * 3:60219 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1530 attack attempt (server-webapp.rules)
 * 3:60208 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1550 attack attempt (server-webapp.rules)
 * 3:60205 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1549 attack attempt (server-webapp.rules)
 * 3:60216 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1553 attack attempt (policy-other.rules)
 * 3:60226 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2022-1544 attack attempt (file-image.rules)
 * 3:60211 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1571 attack attempt (server-webapp.rules)
 * 3:60225 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2022-1544 attack attempt (file-image.rules)
 * 3:60204 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1549 attack attempt (server-webapp.rules)
 * 3:60212 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1552 attack attempt (policy-other.rules)
 * 3:60209 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1571 attack attempt (server-webapp.rules)
 * 3:60229 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2022-1526 attack attempt (file-image.rules)

Modified Rules:



2022-07-12 17:23:53 UTC

Snort Subscriber Rules Update

Date: 2022-07-12

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091300.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:60188 <-> DISABLED <-> FILE-OTHER Wecon LeviStudioU DataLogTool history curve set stack-based buffer overflow attempt (file-other.rules)
 * 1:60187 <-> DISABLED <-> FILE-OTHER Wecon LeviStudioU DataLogTool history curve set stack-based buffer overflow attempt (file-other.rules)
 * 1:60199 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Advanced Local Procedure Call elevation of privilege attempt (os-windows.rules)
 * 1:60201 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Server Service tampering attempt (os-windows.rules)
 * 1:60221 <-> DISABLED <-> BROWSER-CHROME Chrome IPC domDistiller sandbox escape attempt (browser-chrome.rules)
 * 1:60189 <-> DISABLED <-> FILE-OTHER Wecon LeviStudioU DataLogTool history curve set stack-based buffer overflow attempt (file-other.rules)
 * 1:60207 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Graphics Component elevation of privilege attempt (os-windows.rules)
 * 1:60186 <-> DISABLED <-> FILE-OTHER Wecon LeviStudioU DataLogTool history curve set stack-based buffer overflow attempt (file-other.rules)
 * 1:60183 <-> ENABLED <-> MALWARE-CNC Win.Trojan.CrimsonRAT outbound communication attempt (malware-cnc.rules)
 * 1:60191 <-> DISABLED <-> OS-WINDOWS Microsoft Windows storage elevation of privilege attempt (os-windows.rules)
 * 1:60214 <-> DISABLED <-> OS-WINDOWS Microsoft Windows CSRS subsytem elevation of privilege attempt (os-windows.rules)
 * 1:60196 <-> DISABLED <-> SERVER-WEBAPP Tenda Router SetIPv6Status command injection attempt (server-webapp.rules)
 * 1:60192 <-> DISABLED <-> OS-WINDOWS Microsoft Windows storage elevation of privilege attempt (os-windows.rules)
 * 1:60202 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Server Service tampering attempt (os-windows.rules)
 * 1:60194 <-> DISABLED <-> SERVER-WEBAPP Tenda Router SetIPv6Status command injection attempt (server-webapp.rules)
 * 1:60203 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SRVSVC bind detected (os-windows.rules)
 * 1:60213 <-> DISABLED <-> OS-WINDOWS Microsoft Windows CSRS subsytem elevation of privilege attempt (os-windows.rules)
 * 1:60220 <-> DISABLED <-> BROWSER-CHROME Chrome IPC domDistiller sandbox escape attempt (browser-chrome.rules)
 * 1:60193 <-> DISABLED <-> SERVER-WEBAPP Tenda Router SetIPv6Status command injection attempt (server-webapp.rules)
 * 1:60206 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Graphics Component elevation of privilege attempt (os-windows.rules)
 * 1:60184 <-> DISABLED <-> SERVER-WEBAPP Oracle ADF RemoteApplicationResourceLoader potential unsafe deserialization attempt (server-webapp.rules)
 * 1:60227 <-> DISABLED <-> SERVER-WEBAPP Apache httpd mod_lua req_parsebody denial of service attempt (server-webapp.rules)
 * 1:60190 <-> DISABLED <-> FILE-OTHER Wecon LeviStudioU DataLogTool history curve set stack-based buffer overflow attempt (file-other.rules)
 * 1:60182 <-> ENABLED <-> MALWARE-CNC Win.Trojan.CrimsonRAT outbound communication attempt (malware-cnc.rules)
 * 1:60223 <-> DISABLED <-> BROWSER-CHROME V8 WebAssembly remote code execution attempt (browser-chrome.rules)
 * 1:60222 <-> DISABLED <-> BROWSER-CHROME V8 WebAssembly remote code execution attempt (browser-chrome.rules)
 * 1:60181 <-> ENABLED <-> MALWARE-CNC Win.Trojan.CrimsonRAT outbound communication attempt (malware-cnc.rules)
 * 1:60195 <-> DISABLED <-> SERVER-WEBAPP Tenda Router SetIPv6Status command injection attempt (server-webapp.rules)
 * 1:60198 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Advanced Local Procedure Call elevation of privilege attempt (os-windows.rules)
 * 1:60197 <-> DISABLED <-> SERVER-WEBAPP D-Link SetNTPserverSeting command injection attempt (server-webapp.rules)
 * 1:60200 <-> DISABLED <-> SERVER-OTHER IBM TM1 Planning Analytics unauthenticated remote code execution attempt (server-other.rules)
 * 1:60185 <-> DISABLED <-> FILE-OTHER Wecon LeviStudioU DataLogTool history curve set stack-based buffer overflow attempt (file-other.rules)
 * 3:60204 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1549 attack attempt (server-webapp.rules)
 * 3:60205 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1549 attack attempt (server-webapp.rules)
 * 3:60208 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1550 attack attempt (server-webapp.rules)
 * 3:60209 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1571 attack attempt (server-webapp.rules)
 * 3:60210 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1571 attack attempt (server-webapp.rules)
 * 3:60211 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1571 attack attempt (server-webapp.rules)
 * 3:60212 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1552 attack attempt (policy-other.rules)
 * 3:60215 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1553 attack attempt (policy-other.rules)
 * 3:60216 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1553 attack attempt (policy-other.rules)
 * 3:60217 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1554 attack attempt (server-webapp.rules)
 * 3:60218 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1564 attack attempt (server-webapp.rules)
 * 3:60219 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1530 attack attempt (server-webapp.rules)
 * 3:60224 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1565 attack attempt (server-webapp.rules)
 * 3:60225 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2022-1544 attack attempt (file-image.rules)
 * 3:60226 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2022-1544 attack attempt (file-image.rules)
 * 3:60228 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2022-1526 attack attempt (file-image.rules)
 * 3:60229 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2022-1526 attack attempt (file-image.rules)

Modified Rules:



2022-07-12 17:23:53 UTC

Snort Subscriber Rules Update

Date: 2022-07-12

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091101.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:60185 <-> DISABLED <-> FILE-OTHER Wecon LeviStudioU DataLogTool history curve set stack-based buffer overflow attempt (file-other.rules)
 * 1:60227 <-> DISABLED <-> SERVER-WEBAPP Apache httpd mod_lua req_parsebody denial of service attempt (server-webapp.rules)
 * 1:60203 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SRVSVC bind detected (os-windows.rules)
 * 1:60221 <-> DISABLED <-> BROWSER-CHROME Chrome IPC domDistiller sandbox escape attempt (browser-chrome.rules)
 * 1:60192 <-> DISABLED <-> OS-WINDOWS Microsoft Windows storage elevation of privilege attempt (os-windows.rules)
 * 1:60206 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Graphics Component elevation of privilege attempt (os-windows.rules)
 * 1:60201 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Server Service tampering attempt (os-windows.rules)
 * 1:60182 <-> ENABLED <-> MALWARE-CNC Win.Trojan.CrimsonRAT outbound communication attempt (malware-cnc.rules)
 * 1:60183 <-> ENABLED <-> MALWARE-CNC Win.Trojan.CrimsonRAT outbound communication attempt (malware-cnc.rules)
 * 1:60187 <-> DISABLED <-> FILE-OTHER Wecon LeviStudioU DataLogTool history curve set stack-based buffer overflow attempt (file-other.rules)
 * 1:60186 <-> DISABLED <-> FILE-OTHER Wecon LeviStudioU DataLogTool history curve set stack-based buffer overflow attempt (file-other.rules)
 * 1:60188 <-> DISABLED <-> FILE-OTHER Wecon LeviStudioU DataLogTool history curve set stack-based buffer overflow attempt (file-other.rules)
 * 1:60190 <-> DISABLED <-> FILE-OTHER Wecon LeviStudioU DataLogTool history curve set stack-based buffer overflow attempt (file-other.rules)
 * 1:60214 <-> DISABLED <-> OS-WINDOWS Microsoft Windows CSRS subsytem elevation of privilege attempt (os-windows.rules)
 * 1:60223 <-> DISABLED <-> BROWSER-CHROME V8 WebAssembly remote code execution attempt (browser-chrome.rules)
 * 1:60199 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Advanced Local Procedure Call elevation of privilege attempt (os-windows.rules)
 * 1:60194 <-> DISABLED <-> SERVER-WEBAPP Tenda Router SetIPv6Status command injection attempt (server-webapp.rules)
 * 1:60189 <-> DISABLED <-> FILE-OTHER Wecon LeviStudioU DataLogTool history curve set stack-based buffer overflow attempt (file-other.rules)
 * 1:60184 <-> DISABLED <-> SERVER-WEBAPP Oracle ADF RemoteApplicationResourceLoader potential unsafe deserialization attempt (server-webapp.rules)
 * 1:60198 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Advanced Local Procedure Call elevation of privilege attempt (os-windows.rules)
 * 1:60181 <-> ENABLED <-> MALWARE-CNC Win.Trojan.CrimsonRAT outbound communication attempt (malware-cnc.rules)
 * 1:60197 <-> DISABLED <-> SERVER-WEBAPP D-Link SetNTPserverSeting command injection attempt (server-webapp.rules)
 * 1:60196 <-> DISABLED <-> SERVER-WEBAPP Tenda Router SetIPv6Status command injection attempt (server-webapp.rules)
 * 1:60191 <-> DISABLED <-> OS-WINDOWS Microsoft Windows storage elevation of privilege attempt (os-windows.rules)
 * 1:60200 <-> DISABLED <-> SERVER-OTHER IBM TM1 Planning Analytics unauthenticated remote code execution attempt (server-other.rules)
 * 1:60220 <-> DISABLED <-> BROWSER-CHROME Chrome IPC domDistiller sandbox escape attempt (browser-chrome.rules)
 * 1:60222 <-> DISABLED <-> BROWSER-CHROME V8 WebAssembly remote code execution attempt (browser-chrome.rules)
 * 1:60213 <-> DISABLED <-> OS-WINDOWS Microsoft Windows CSRS subsytem elevation of privilege attempt (os-windows.rules)
 * 1:60207 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Graphics Component elevation of privilege attempt (os-windows.rules)
 * 1:60202 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Server Service tampering attempt (os-windows.rules)
 * 1:60195 <-> DISABLED <-> SERVER-WEBAPP Tenda Router SetIPv6Status command injection attempt (server-webapp.rules)
 * 1:60193 <-> DISABLED <-> SERVER-WEBAPP Tenda Router SetIPv6Status command injection attempt (server-webapp.rules)
 * 3:60204 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1549 attack attempt (server-webapp.rules)
 * 3:60205 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1549 attack attempt (server-webapp.rules)
 * 3:60208 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1550 attack attempt (server-webapp.rules)
 * 3:60209 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1571 attack attempt (server-webapp.rules)
 * 3:60210 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1571 attack attempt (server-webapp.rules)
 * 3:60211 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1571 attack attempt (server-webapp.rules)
 * 3:60212 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1552 attack attempt (policy-other.rules)
 * 3:60215 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1553 attack attempt (policy-other.rules)
 * 3:60216 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1553 attack attempt (policy-other.rules)
 * 3:60217 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1554 attack attempt (server-webapp.rules)
 * 3:60218 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1564 attack attempt (server-webapp.rules)
 * 3:60219 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1530 attack attempt (server-webapp.rules)
 * 3:60224 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1565 attack attempt (server-webapp.rules)
 * 3:60225 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2022-1544 attack attempt (file-image.rules)
 * 3:60226 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2022-1544 attack attempt (file-image.rules)
 * 3:60228 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2022-1526 attack attempt (file-image.rules)
 * 3:60229 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2022-1526 attack attempt (file-image.rules)

Modified Rules:



2022-07-12 17:23:53 UTC

Snort Subscriber Rules Update

Date: 2022-07-12

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3000.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:60183 <-> ENABLED <-> MALWARE-CNC Win.Trojan.CrimsonRAT outbound communication attempt (snort3-malware-cnc.rules)
 * 1:60221 <-> ENABLED <-> BROWSER-CHROME Chrome IPC domDistiller sandbox escape attempt (snort3-browser-chrome.rules)
 * 1:60191 <-> ENABLED <-> OS-WINDOWS Microsoft Windows storage elevation of privilege attempt (snort3-os-windows.rules)
 * 1:60194 <-> ENABLED <-> SERVER-WEBAPP Tenda Router SetIPv6Status command injection attempt (snort3-server-webapp.rules)
 * 1:60223 <-> ENABLED <-> BROWSER-CHROME V8 WebAssembly remote code execution attempt (snort3-browser-chrome.rules)
 * 1:60181 <-> ENABLED <-> MALWARE-CNC Win.Trojan.CrimsonRAT outbound communication attempt (snort3-malware-cnc.rules)
 * 1:60197 <-> ENABLED <-> SERVER-WEBAPP D-Link SetNTPserverSeting command injection attempt (snort3-server-webapp.rules)
 * 1:60193 <-> ENABLED <-> SERVER-WEBAPP Tenda Router SetIPv6Status command injection attempt (snort3-server-webapp.rules)
 * 1:60184 <-> ENABLED <-> SERVER-WEBAPP Oracle ADF RemoteApplicationResourceLoader potential unsafe deserialization attempt (snort3-server-webapp.rules)
 * 1:60182 <-> ENABLED <-> MALWARE-CNC Win.Trojan.CrimsonRAT outbound communication attempt (snort3-malware-cnc.rules)
 * 1:60200 <-> ENABLED <-> SERVER-OTHER IBM TM1 Planning Analytics unauthenticated remote code execution attempt (snort3-server-other.rules)
 * 1:60199 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Advanced Local Procedure Call elevation of privilege attempt (snort3-os-windows.rules)
 * 1:60196 <-> ENABLED <-> SERVER-WEBAPP Tenda Router SetIPv6Status command injection attempt (snort3-server-webapp.rules)
 * 1:60222 <-> ENABLED <-> BROWSER-CHROME V8 WebAssembly remote code execution attempt (snort3-browser-chrome.rules)
 * 1:60195 <-> ENABLED <-> SERVER-WEBAPP Tenda Router SetIPv6Status command injection attempt (snort3-server-webapp.rules)
 * 1:60201 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Server Service tampering attempt (snort3-os-windows.rules)
 * 1:60203 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SRVSVC bind detected (snort3-os-windows.rules)
 * 1:60220 <-> ENABLED <-> BROWSER-CHROME Chrome IPC domDistiller sandbox escape attempt (snort3-browser-chrome.rules)
 * 1:60192 <-> ENABLED <-> OS-WINDOWS Microsoft Windows storage elevation of privilege attempt (snort3-os-windows.rules)
 * 1:60198 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Advanced Local Procedure Call elevation of privilege attempt (snort3-os-windows.rules)
 * 1:60202 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Server Service tampering attempt (snort3-os-windows.rules)

Modified Rules:



2022-07-12 17:23:53 UTC

Snort Subscriber Rules Update

Date: 2022-07-12

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:60187 <-> DISABLED <-> FILE-OTHER Wecon LeviStudioU DataLogTool history curve set stack-based buffer overflow attempt (file-other.rules)
 * 1:60206 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Graphics Component elevation of privilege attempt (os-windows.rules)
 * 1:60198 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Advanced Local Procedure Call elevation of privilege attempt (os-windows.rules)
 * 1:60227 <-> DISABLED <-> SERVER-WEBAPP Apache httpd mod_lua req_parsebody denial of service attempt (server-webapp.rules)
 * 1:60199 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Advanced Local Procedure Call elevation of privilege attempt (os-windows.rules)
 * 1:60213 <-> DISABLED <-> OS-WINDOWS Microsoft Windows CSRS subsytem elevation of privilege attempt (os-windows.rules)
 * 1:60201 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Server Service tampering attempt (os-windows.rules)
 * 1:60192 <-> DISABLED <-> OS-WINDOWS Microsoft Windows storage elevation of privilege attempt (os-windows.rules)
 * 1:60200 <-> DISABLED <-> SERVER-OTHER IBM TM1 Planning Analytics unauthenticated remote code execution attempt (server-other.rules)
 * 1:60195 <-> DISABLED <-> SERVER-WEBAPP Tenda Router SetIPv6Status command injection attempt (server-webapp.rules)
 * 1:60197 <-> DISABLED <-> SERVER-WEBAPP D-Link SetNTPserverSeting command injection attempt (server-webapp.rules)
 * 1:60202 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Server Service tampering attempt (os-windows.rules)
 * 1:60189 <-> DISABLED <-> FILE-OTHER Wecon LeviStudioU DataLogTool history curve set stack-based buffer overflow attempt (file-other.rules)
 * 1:60220 <-> DISABLED <-> BROWSER-CHROME Chrome IPC domDistiller sandbox escape attempt (browser-chrome.rules)
 * 1:60221 <-> DISABLED <-> BROWSER-CHROME Chrome IPC domDistiller sandbox escape attempt (browser-chrome.rules)
 * 1:60190 <-> DISABLED <-> FILE-OTHER Wecon LeviStudioU DataLogTool history curve set stack-based buffer overflow attempt (file-other.rules)
 * 1:60196 <-> DISABLED <-> SERVER-WEBAPP Tenda Router SetIPv6Status command injection attempt (server-webapp.rules)
 * 1:60193 <-> DISABLED <-> SERVER-WEBAPP Tenda Router SetIPv6Status command injection attempt (server-webapp.rules)
 * 1:60203 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SRVSVC bind detected (os-windows.rules)
 * 1:60194 <-> DISABLED <-> SERVER-WEBAPP Tenda Router SetIPv6Status command injection attempt (server-webapp.rules)
 * 1:60207 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Graphics Component elevation of privilege attempt (os-windows.rules)
 * 1:60186 <-> DISABLED <-> FILE-OTHER Wecon LeviStudioU DataLogTool history curve set stack-based buffer overflow attempt (file-other.rules)
 * 1:60188 <-> DISABLED <-> FILE-OTHER Wecon LeviStudioU DataLogTool history curve set stack-based buffer overflow attempt (file-other.rules)
 * 1:60214 <-> DISABLED <-> OS-WINDOWS Microsoft Windows CSRS subsytem elevation of privilege attempt (os-windows.rules)
 * 1:60181 <-> ENABLED <-> MALWARE-CNC Win.Trojan.CrimsonRAT outbound communication attempt (malware-cnc.rules)
 * 1:60185 <-> DISABLED <-> FILE-OTHER Wecon LeviStudioU DataLogTool history curve set stack-based buffer overflow attempt (file-other.rules)
 * 1:60182 <-> ENABLED <-> MALWARE-CNC Win.Trojan.CrimsonRAT outbound communication attempt (malware-cnc.rules)
 * 1:60191 <-> DISABLED <-> OS-WINDOWS Microsoft Windows storage elevation of privilege attempt (os-windows.rules)
 * 1:60183 <-> ENABLED <-> MALWARE-CNC Win.Trojan.CrimsonRAT outbound communication attempt (malware-cnc.rules)
 * 1:60222 <-> DISABLED <-> BROWSER-CHROME V8 WebAssembly remote code execution attempt (browser-chrome.rules)
 * 1:60184 <-> DISABLED <-> SERVER-WEBAPP Oracle ADF RemoteApplicationResourceLoader potential unsafe deserialization attempt (server-webapp.rules)
 * 1:60223 <-> DISABLED <-> BROWSER-CHROME V8 WebAssembly remote code execution attempt (browser-chrome.rules)

Modified Rules:



2022-07-12 17:25:57 UTC

Snort Subscriber Rules Update

Date: 2022-07-11-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.0.3.1.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:300212 <-> FILE-OTHER Wecon LeviStudioU DataLogTool history curve set stack-based buffer overflow attempt
* 1:300213 <-> FILE-OTHER Wecon LeviStudioU DataLogTool history curve set stack-based buffer overflow attempt
* 1:300214 <-> FILE-OTHER Wecon LeviStudioU DataLogTool history curve set stack-based buffer overflow attempt
* 1:300215 <-> OS-WINDOWS Microsoft Windows Graphics Component elevation of privilege attempt
* 1:300216 <-> OS-WINDOWS Microsoft Windows CSRS subsytem elevation of privilege attempt
* 1:60181 <-> MALWARE-CNC Win.Trojan.CrimsonRAT outbound communication attempt
* 1:60182 <-> MALWARE-CNC Win.Trojan.CrimsonRAT outbound communication attempt
* 1:60183 <-> MALWARE-CNC Win.Trojan.CrimsonRAT outbound communication attempt
* 1:60184 <-> SERVER-WEBAPP Oracle ADF RemoteApplicationResourceLoader potential unsafe deserialization attempt
* 1:60191 <-> OS-WINDOWS Microsoft Windows storage elevation of privilege attempt
* 1:60192 <-> OS-WINDOWS Microsoft Windows storage elevation of privilege attempt
* 1:60193 <-> SERVER-WEBAPP Tenda Router SetIPv6Status command injection attempt
* 1:60194 <-> SERVER-WEBAPP Tenda Router SetIPv6Status command injection attempt
* 1:60195 <-> SERVER-WEBAPP Tenda Router SetIPv6Status command injection attempt
* 1:60196 <-> SERVER-WEBAPP Tenda Router SetIPv6Status command injection attempt
* 1:60197 <-> SERVER-WEBAPP D-Link SetNTPserverSeting command injection attempt
* 1:60198 <-> OS-WINDOWS Microsoft Windows Advanced Local Procedure Call elevation of privilege attempt
* 1:60199 <-> OS-WINDOWS Microsoft Windows Advanced Local Procedure Call elevation of privilege attempt
* 1:60200 <-> SERVER-OTHER IBM TM1 Planning Analytics unauthenticated remote code execution attempt
* 1:60201 <-> OS-WINDOWS Microsoft Windows Server Service tampering attempt
* 1:60202 <-> OS-WINDOWS Microsoft Windows Server Service tampering attempt
* 1:60203 <-> OS-WINDOWS Microsoft Windows SRVSVC bind detected
* 3:60204 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1549 attack attempt
* 3:60205 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1549 attack attempt
* 3:60208 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1550 attack attempt
* 3:60209 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1571 attack attempt
* 3:60210 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1571 attack attempt
* 3:60211 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1571 attack attempt
* 3:60212 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1552 attack attempt
* 3:60215 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1553 attack attempt
* 3:60216 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1553 attack attempt
* 3:60217 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1554 attack attempt
* 3:60218 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1564 attack attempt
* 3:60219 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1530 attack attempt
* 1:60220 <-> BROWSER-CHROME Chrome IPC domDistiller sandbox escape attempt
* 1:60221 <-> BROWSER-CHROME Chrome IPC domDistiller sandbox escape attempt
* 1:60222 <-> BROWSER-CHROME V8 WebAssembly remote code execution attempt
* 1:60223 <-> BROWSER-CHROME V8 WebAssembly remote code execution attempt
* 3:60224 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1565 attack attempt
* 3:60225 <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2022-1544 attack attempt
* 3:60226 <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2022-1544 attack attempt
* 1:60227 <-> SERVER-WEBAPP Apache httpd mod_lua req_parsebody denial of service attempt
* 3:60228 <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2022-1526 attack attempt
* 3:60229 <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2022-1526 attack attempt

Modified Rules:



2022-07-12 17:25:57 UTC

Snort Subscriber Rules Update

Date: 2022-07-11-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.0.3.4.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:300212 <-> FILE-OTHER Wecon LeviStudioU DataLogTool history curve set stack-based buffer overflow attempt
* 1:300213 <-> FILE-OTHER Wecon LeviStudioU DataLogTool history curve set stack-based buffer overflow attempt
* 1:300214 <-> FILE-OTHER Wecon LeviStudioU DataLogTool history curve set stack-based buffer overflow attempt
* 1:300215 <-> OS-WINDOWS Microsoft Windows Graphics Component elevation of privilege attempt
* 1:300216 <-> OS-WINDOWS Microsoft Windows CSRS subsytem elevation of privilege attempt
* 1:60181 <-> MALWARE-CNC Win.Trojan.CrimsonRAT outbound communication attempt
* 1:60182 <-> MALWARE-CNC Win.Trojan.CrimsonRAT outbound communication attempt
* 1:60183 <-> MALWARE-CNC Win.Trojan.CrimsonRAT outbound communication attempt
* 1:60184 <-> SERVER-WEBAPP Oracle ADF RemoteApplicationResourceLoader potential unsafe deserialization attempt
* 1:60191 <-> OS-WINDOWS Microsoft Windows storage elevation of privilege attempt
* 1:60192 <-> OS-WINDOWS Microsoft Windows storage elevation of privilege attempt
* 1:60193 <-> SERVER-WEBAPP Tenda Router SetIPv6Status command injection attempt
* 1:60194 <-> SERVER-WEBAPP Tenda Router SetIPv6Status command injection attempt
* 1:60195 <-> SERVER-WEBAPP Tenda Router SetIPv6Status command injection attempt
* 1:60196 <-> SERVER-WEBAPP Tenda Router SetIPv6Status command injection attempt
* 1:60197 <-> SERVER-WEBAPP D-Link SetNTPserverSeting command injection attempt
* 1:60198 <-> OS-WINDOWS Microsoft Windows Advanced Local Procedure Call elevation of privilege attempt
* 1:60199 <-> OS-WINDOWS Microsoft Windows Advanced Local Procedure Call elevation of privilege attempt
* 1:60200 <-> SERVER-OTHER IBM TM1 Planning Analytics unauthenticated remote code execution attempt
* 1:60201 <-> OS-WINDOWS Microsoft Windows Server Service tampering attempt
* 1:60202 <-> OS-WINDOWS Microsoft Windows Server Service tampering attempt
* 1:60203 <-> OS-WINDOWS Microsoft Windows SRVSVC bind detected
* 3:60204 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1549 attack attempt
* 3:60205 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1549 attack attempt
* 3:60208 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1550 attack attempt
* 3:60209 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1571 attack attempt
* 3:60210 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1571 attack attempt
* 3:60211 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1571 attack attempt
* 3:60212 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1552 attack attempt
* 3:60215 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1553 attack attempt
* 3:60216 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1553 attack attempt
* 3:60217 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1554 attack attempt
* 3:60218 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1564 attack attempt
* 3:60219 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1530 attack attempt
* 1:60220 <-> BROWSER-CHROME Chrome IPC domDistiller sandbox escape attempt
* 1:60221 <-> BROWSER-CHROME Chrome IPC domDistiller sandbox escape attempt
* 1:60222 <-> BROWSER-CHROME V8 WebAssembly remote code execution attempt
* 1:60223 <-> BROWSER-CHROME V8 WebAssembly remote code execution attempt
* 3:60224 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1565 attack attempt
* 3:60225 <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2022-1544 attack attempt
* 3:60226 <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2022-1544 attack attempt
* 1:60227 <-> SERVER-WEBAPP Apache httpd mod_lua req_parsebody denial of service attempt
* 3:60228 <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2022-1526 attack attempt
* 3:60229 <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2022-1526 attack attempt

Modified Rules:



2022-07-12 17:25:57 UTC

Snort Subscriber Rules Update

Date: 2022-07-11-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.0.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:300212 <-> FILE-OTHER Wecon LeviStudioU DataLogTool history curve set stack-based buffer overflow attempt
* 1:300213 <-> FILE-OTHER Wecon LeviStudioU DataLogTool history curve set stack-based buffer overflow attempt
* 1:300214 <-> FILE-OTHER Wecon LeviStudioU DataLogTool history curve set stack-based buffer overflow attempt
* 1:300215 <-> OS-WINDOWS Microsoft Windows Graphics Component elevation of privilege attempt
* 1:300216 <-> OS-WINDOWS Microsoft Windows CSRS subsytem elevation of privilege attempt
* 1:60181 <-> MALWARE-CNC Win.Trojan.CrimsonRAT outbound communication attempt
* 1:60182 <-> MALWARE-CNC Win.Trojan.CrimsonRAT outbound communication attempt
* 1:60183 <-> MALWARE-CNC Win.Trojan.CrimsonRAT outbound communication attempt
* 1:60184 <-> SERVER-WEBAPP Oracle ADF RemoteApplicationResourceLoader potential unsafe deserialization attempt
* 1:60191 <-> OS-WINDOWS Microsoft Windows storage elevation of privilege attempt
* 1:60192 <-> OS-WINDOWS Microsoft Windows storage elevation of privilege attempt
* 1:60193 <-> SERVER-WEBAPP Tenda Router SetIPv6Status command injection attempt
* 1:60194 <-> SERVER-WEBAPP Tenda Router SetIPv6Status command injection attempt
* 1:60195 <-> SERVER-WEBAPP Tenda Router SetIPv6Status command injection attempt
* 1:60196 <-> SERVER-WEBAPP Tenda Router SetIPv6Status command injection attempt
* 1:60197 <-> SERVER-WEBAPP D-Link SetNTPserverSeting command injection attempt
* 1:60198 <-> OS-WINDOWS Microsoft Windows Advanced Local Procedure Call elevation of privilege attempt
* 1:60199 <-> OS-WINDOWS Microsoft Windows Advanced Local Procedure Call elevation of privilege attempt
* 1:60200 <-> SERVER-OTHER IBM TM1 Planning Analytics unauthenticated remote code execution attempt
* 1:60201 <-> OS-WINDOWS Microsoft Windows Server Service tampering attempt
* 1:60202 <-> OS-WINDOWS Microsoft Windows Server Service tampering attempt
* 1:60203 <-> OS-WINDOWS Microsoft Windows SRVSVC bind detected
* 3:60204 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1549 attack attempt
* 3:60205 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1549 attack attempt
* 3:60208 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1550 attack attempt
* 3:60209 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1571 attack attempt
* 3:60210 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1571 attack attempt
* 3:60211 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1571 attack attempt
* 3:60212 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1552 attack attempt
* 3:60215 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1553 attack attempt
* 3:60216 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1553 attack attempt
* 3:60217 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1554 attack attempt
* 3:60218 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1564 attack attempt
* 3:60219 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1530 attack attempt
* 1:60220 <-> BROWSER-CHROME Chrome IPC domDistiller sandbox escape attempt
* 1:60221 <-> BROWSER-CHROME Chrome IPC domDistiller sandbox escape attempt
* 1:60222 <-> BROWSER-CHROME V8 WebAssembly remote code execution attempt
* 1:60223 <-> BROWSER-CHROME V8 WebAssembly remote code execution attempt
* 3:60224 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1565 attack attempt
* 3:60225 <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2022-1544 attack attempt
* 3:60226 <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2022-1544 attack attempt
* 1:60227 <-> SERVER-WEBAPP Apache httpd mod_lua req_parsebody denial of service attempt
* 3:60228 <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2022-1526 attack attempt
* 3:60229 <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2022-1526 attack attempt

Modified Rules:



2022-07-12 17:25:57 UTC

Snort Subscriber Rules Update

Date: 2022-07-11-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.0.1.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:300212 <-> FILE-OTHER Wecon LeviStudioU DataLogTool history curve set stack-based buffer overflow attempt
* 1:300213 <-> FILE-OTHER Wecon LeviStudioU DataLogTool history curve set stack-based buffer overflow attempt
* 1:300214 <-> FILE-OTHER Wecon LeviStudioU DataLogTool history curve set stack-based buffer overflow attempt
* 1:300215 <-> OS-WINDOWS Microsoft Windows Graphics Component elevation of privilege attempt
* 1:300216 <-> OS-WINDOWS Microsoft Windows CSRS subsytem elevation of privilege attempt
* 1:60181 <-> MALWARE-CNC Win.Trojan.CrimsonRAT outbound communication attempt
* 1:60182 <-> MALWARE-CNC Win.Trojan.CrimsonRAT outbound communication attempt
* 1:60183 <-> MALWARE-CNC Win.Trojan.CrimsonRAT outbound communication attempt
* 1:60184 <-> SERVER-WEBAPP Oracle ADF RemoteApplicationResourceLoader potential unsafe deserialization attempt
* 1:60191 <-> OS-WINDOWS Microsoft Windows storage elevation of privilege attempt
* 1:60192 <-> OS-WINDOWS Microsoft Windows storage elevation of privilege attempt
* 1:60193 <-> SERVER-WEBAPP Tenda Router SetIPv6Status command injection attempt
* 1:60194 <-> SERVER-WEBAPP Tenda Router SetIPv6Status command injection attempt
* 1:60195 <-> SERVER-WEBAPP Tenda Router SetIPv6Status command injection attempt
* 1:60196 <-> SERVER-WEBAPP Tenda Router SetIPv6Status command injection attempt
* 1:60197 <-> SERVER-WEBAPP D-Link SetNTPserverSeting command injection attempt
* 1:60198 <-> OS-WINDOWS Microsoft Windows Advanced Local Procedure Call elevation of privilege attempt
* 1:60199 <-> OS-WINDOWS Microsoft Windows Advanced Local Procedure Call elevation of privilege attempt
* 1:60200 <-> SERVER-OTHER IBM TM1 Planning Analytics unauthenticated remote code execution attempt
* 1:60201 <-> OS-WINDOWS Microsoft Windows Server Service tampering attempt
* 1:60202 <-> OS-WINDOWS Microsoft Windows Server Service tampering attempt
* 1:60203 <-> OS-WINDOWS Microsoft Windows SRVSVC bind detected
* 3:60204 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1549 attack attempt
* 3:60205 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1549 attack attempt
* 3:60208 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1550 attack attempt
* 3:60209 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1571 attack attempt
* 3:60210 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1571 attack attempt
* 3:60211 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1571 attack attempt
* 3:60212 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1552 attack attempt
* 3:60215 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1553 attack attempt
* 3:60216 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1553 attack attempt
* 3:60217 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1554 attack attempt
* 3:60218 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1564 attack attempt
* 3:60219 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1530 attack attempt
* 1:60220 <-> BROWSER-CHROME Chrome IPC domDistiller sandbox escape attempt
* 1:60221 <-> BROWSER-CHROME Chrome IPC domDistiller sandbox escape attempt
* 1:60222 <-> BROWSER-CHROME V8 WebAssembly remote code execution attempt
* 1:60223 <-> BROWSER-CHROME V8 WebAssembly remote code execution attempt
* 3:60224 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1565 attack attempt
* 3:60225 <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2022-1544 attack attempt
* 3:60226 <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2022-1544 attack attempt
* 1:60227 <-> SERVER-WEBAPP Apache httpd mod_lua req_parsebody denial of service attempt
* 3:60228 <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2022-1526 attack attempt
* 3:60229 <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2022-1526 attack attempt

Modified Rules:



2022-07-12 17:25:57 UTC

Snort Subscriber Rules Update

Date: 2022-07-11-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.1.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:300212 <-> FILE-OTHER Wecon LeviStudioU DataLogTool history curve set stack-based buffer overflow attempt
* 1:300213 <-> FILE-OTHER Wecon LeviStudioU DataLogTool history curve set stack-based buffer overflow attempt
* 1:300214 <-> FILE-OTHER Wecon LeviStudioU DataLogTool history curve set stack-based buffer overflow attempt
* 1:300215 <-> OS-WINDOWS Microsoft Windows Graphics Component elevation of privilege attempt
* 1:300216 <-> OS-WINDOWS Microsoft Windows CSRS subsytem elevation of privilege attempt
* 1:60181 <-> MALWARE-CNC Win.Trojan.CrimsonRAT outbound communication attempt
* 1:60182 <-> MALWARE-CNC Win.Trojan.CrimsonRAT outbound communication attempt
* 1:60183 <-> MALWARE-CNC Win.Trojan.CrimsonRAT outbound communication attempt
* 1:60184 <-> SERVER-WEBAPP Oracle ADF RemoteApplicationResourceLoader potential unsafe deserialization attempt
* 1:60191 <-> OS-WINDOWS Microsoft Windows storage elevation of privilege attempt
* 1:60192 <-> OS-WINDOWS Microsoft Windows storage elevation of privilege attempt
* 1:60193 <-> SERVER-WEBAPP Tenda Router SetIPv6Status command injection attempt
* 1:60194 <-> SERVER-WEBAPP Tenda Router SetIPv6Status command injection attempt
* 1:60195 <-> SERVER-WEBAPP Tenda Router SetIPv6Status command injection attempt
* 1:60196 <-> SERVER-WEBAPP Tenda Router SetIPv6Status command injection attempt
* 1:60197 <-> SERVER-WEBAPP D-Link SetNTPserverSeting command injection attempt
* 1:60198 <-> OS-WINDOWS Microsoft Windows Advanced Local Procedure Call elevation of privilege attempt
* 1:60199 <-> OS-WINDOWS Microsoft Windows Advanced Local Procedure Call elevation of privilege attempt
* 1:60200 <-> SERVER-OTHER IBM TM1 Planning Analytics unauthenticated remote code execution attempt
* 1:60201 <-> OS-WINDOWS Microsoft Windows Server Service tampering attempt
* 1:60202 <-> OS-WINDOWS Microsoft Windows Server Service tampering attempt
* 1:60203 <-> OS-WINDOWS Microsoft Windows SRVSVC bind detected
* 3:60204 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1549 attack attempt
* 3:60205 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1549 attack attempt
* 3:60208 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1550 attack attempt
* 3:60209 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1571 attack attempt
* 3:60210 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1571 attack attempt
* 3:60211 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1571 attack attempt
* 3:60212 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1552 attack attempt
* 3:60215 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1553 attack attempt
* 3:60216 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1553 attack attempt
* 3:60217 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1554 attack attempt
* 3:60218 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1564 attack attempt
* 3:60219 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1530 attack attempt
* 1:60220 <-> BROWSER-CHROME Chrome IPC domDistiller sandbox escape attempt
* 1:60221 <-> BROWSER-CHROME Chrome IPC domDistiller sandbox escape attempt
* 1:60222 <-> BROWSER-CHROME V8 WebAssembly remote code execution attempt
* 1:60223 <-> BROWSER-CHROME V8 WebAssembly remote code execution attempt
* 3:60224 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1565 attack attempt
* 3:60225 <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2022-1544 attack attempt
* 3:60226 <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2022-1544 attack attempt
* 1:60227 <-> SERVER-WEBAPP Apache httpd mod_lua req_parsebody denial of service attempt
* 3:60228 <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2022-1526 attack attempt
* 3:60229 <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2022-1526 attack attempt

Modified Rules:



2022-07-12 17:25:57 UTC

Snort Subscriber Rules Update

Date: 2022-07-11-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.3.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:300212 <-> FILE-OTHER Wecon LeviStudioU DataLogTool history curve set stack-based buffer overflow attempt
* 1:300213 <-> FILE-OTHER Wecon LeviStudioU DataLogTool history curve set stack-based buffer overflow attempt
* 1:300214 <-> FILE-OTHER Wecon LeviStudioU DataLogTool history curve set stack-based buffer overflow attempt
* 1:300215 <-> OS-WINDOWS Microsoft Windows Graphics Component elevation of privilege attempt
* 1:300216 <-> OS-WINDOWS Microsoft Windows CSRS subsytem elevation of privilege attempt
* 1:60181 <-> MALWARE-CNC Win.Trojan.CrimsonRAT outbound communication attempt
* 1:60182 <-> MALWARE-CNC Win.Trojan.CrimsonRAT outbound communication attempt
* 1:60183 <-> MALWARE-CNC Win.Trojan.CrimsonRAT outbound communication attempt
* 1:60184 <-> SERVER-WEBAPP Oracle ADF RemoteApplicationResourceLoader potential unsafe deserialization attempt
* 1:60191 <-> OS-WINDOWS Microsoft Windows storage elevation of privilege attempt
* 1:60192 <-> OS-WINDOWS Microsoft Windows storage elevation of privilege attempt
* 1:60193 <-> SERVER-WEBAPP Tenda Router SetIPv6Status command injection attempt
* 1:60194 <-> SERVER-WEBAPP Tenda Router SetIPv6Status command injection attempt
* 1:60195 <-> SERVER-WEBAPP Tenda Router SetIPv6Status command injection attempt
* 1:60196 <-> SERVER-WEBAPP Tenda Router SetIPv6Status command injection attempt
* 1:60197 <-> SERVER-WEBAPP D-Link SetNTPserverSeting command injection attempt
* 1:60198 <-> OS-WINDOWS Microsoft Windows Advanced Local Procedure Call elevation of privilege attempt
* 1:60199 <-> OS-WINDOWS Microsoft Windows Advanced Local Procedure Call elevation of privilege attempt
* 1:60200 <-> SERVER-OTHER IBM TM1 Planning Analytics unauthenticated remote code execution attempt
* 1:60201 <-> OS-WINDOWS Microsoft Windows Server Service tampering attempt
* 1:60202 <-> OS-WINDOWS Microsoft Windows Server Service tampering attempt
* 1:60203 <-> OS-WINDOWS Microsoft Windows SRVSVC bind detected
* 3:60204 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1549 attack attempt
* 3:60205 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1549 attack attempt
* 3:60208 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1550 attack attempt
* 3:60209 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1571 attack attempt
* 3:60210 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1571 attack attempt
* 3:60211 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1571 attack attempt
* 3:60212 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1552 attack attempt
* 3:60215 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1553 attack attempt
* 3:60216 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1553 attack attempt
* 3:60217 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1554 attack attempt
* 3:60218 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1564 attack attempt
* 3:60219 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1530 attack attempt
* 1:60220 <-> BROWSER-CHROME Chrome IPC domDistiller sandbox escape attempt
* 1:60221 <-> BROWSER-CHROME Chrome IPC domDistiller sandbox escape attempt
* 1:60222 <-> BROWSER-CHROME V8 WebAssembly remote code execution attempt
* 1:60223 <-> BROWSER-CHROME V8 WebAssembly remote code execution attempt
* 3:60224 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1565 attack attempt
* 3:60225 <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2022-1544 attack attempt
* 3:60226 <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2022-1544 attack attempt
* 1:60227 <-> SERVER-WEBAPP Apache httpd mod_lua req_parsebody denial of service attempt
* 3:60228 <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2022-1526 attack attempt
* 3:60229 <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2022-1526 attack attempt

Modified Rules:



2022-07-12 17:25:57 UTC

Snort Subscriber Rules Update

Date: 2022-07-11-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.4.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:300212 <-> FILE-OTHER Wecon LeviStudioU DataLogTool history curve set stack-based buffer overflow attempt
* 1:300213 <-> FILE-OTHER Wecon LeviStudioU DataLogTool history curve set stack-based buffer overflow attempt
* 1:300214 <-> FILE-OTHER Wecon LeviStudioU DataLogTool history curve set stack-based buffer overflow attempt
* 1:300215 <-> OS-WINDOWS Microsoft Windows Graphics Component elevation of privilege attempt
* 1:300216 <-> OS-WINDOWS Microsoft Windows CSRS subsytem elevation of privilege attempt
* 1:60181 <-> MALWARE-CNC Win.Trojan.CrimsonRAT outbound communication attempt
* 1:60182 <-> MALWARE-CNC Win.Trojan.CrimsonRAT outbound communication attempt
* 1:60183 <-> MALWARE-CNC Win.Trojan.CrimsonRAT outbound communication attempt
* 1:60184 <-> SERVER-WEBAPP Oracle ADF RemoteApplicationResourceLoader potential unsafe deserialization attempt
* 1:60191 <-> OS-WINDOWS Microsoft Windows storage elevation of privilege attempt
* 1:60192 <-> OS-WINDOWS Microsoft Windows storage elevation of privilege attempt
* 1:60193 <-> SERVER-WEBAPP Tenda Router SetIPv6Status command injection attempt
* 1:60194 <-> SERVER-WEBAPP Tenda Router SetIPv6Status command injection attempt
* 1:60195 <-> SERVER-WEBAPP Tenda Router SetIPv6Status command injection attempt
* 1:60196 <-> SERVER-WEBAPP Tenda Router SetIPv6Status command injection attempt
* 1:60197 <-> SERVER-WEBAPP D-Link SetNTPserverSeting command injection attempt
* 1:60198 <-> OS-WINDOWS Microsoft Windows Advanced Local Procedure Call elevation of privilege attempt
* 1:60199 <-> OS-WINDOWS Microsoft Windows Advanced Local Procedure Call elevation of privilege attempt
* 1:60200 <-> SERVER-OTHER IBM TM1 Planning Analytics unauthenticated remote code execution attempt
* 1:60201 <-> OS-WINDOWS Microsoft Windows Server Service tampering attempt
* 1:60202 <-> OS-WINDOWS Microsoft Windows Server Service tampering attempt
* 1:60203 <-> OS-WINDOWS Microsoft Windows SRVSVC bind detected
* 3:60204 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1549 attack attempt
* 3:60205 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1549 attack attempt
* 3:60208 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1550 attack attempt
* 3:60209 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1571 attack attempt
* 3:60210 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1571 attack attempt
* 3:60211 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1571 attack attempt
* 3:60212 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1552 attack attempt
* 3:60215 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1553 attack attempt
* 3:60216 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1553 attack attempt
* 3:60217 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1554 attack attempt
* 3:60218 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1564 attack attempt
* 3:60219 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1530 attack attempt
* 1:60220 <-> BROWSER-CHROME Chrome IPC domDistiller sandbox escape attempt
* 1:60221 <-> BROWSER-CHROME Chrome IPC domDistiller sandbox escape attempt
* 1:60222 <-> BROWSER-CHROME V8 WebAssembly remote code execution attempt
* 1:60223 <-> BROWSER-CHROME V8 WebAssembly remote code execution attempt
* 3:60224 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1565 attack attempt
* 3:60225 <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2022-1544 attack attempt
* 3:60226 <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2022-1544 attack attempt
* 1:60227 <-> SERVER-WEBAPP Apache httpd mod_lua req_parsebody denial of service attempt
* 3:60228 <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2022-1526 attack attempt
* 3:60229 <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2022-1526 attack attempt

Modified Rules:



2022-07-12 17:25:57 UTC

Snort Subscriber Rules Update

Date: 2022-07-11-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.5.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:300212 <-> FILE-OTHER Wecon LeviStudioU DataLogTool history curve set stack-based buffer overflow attempt
* 1:300213 <-> FILE-OTHER Wecon LeviStudioU DataLogTool history curve set stack-based buffer overflow attempt
* 1:300214 <-> FILE-OTHER Wecon LeviStudioU DataLogTool history curve set stack-based buffer overflow attempt
* 1:300215 <-> OS-WINDOWS Microsoft Windows Graphics Component elevation of privilege attempt
* 1:300216 <-> OS-WINDOWS Microsoft Windows CSRS subsytem elevation of privilege attempt
* 1:60181 <-> MALWARE-CNC Win.Trojan.CrimsonRAT outbound communication attempt
* 1:60182 <-> MALWARE-CNC Win.Trojan.CrimsonRAT outbound communication attempt
* 1:60183 <-> MALWARE-CNC Win.Trojan.CrimsonRAT outbound communication attempt
* 1:60184 <-> SERVER-WEBAPP Oracle ADF RemoteApplicationResourceLoader potential unsafe deserialization attempt
* 1:60191 <-> OS-WINDOWS Microsoft Windows storage elevation of privilege attempt
* 1:60192 <-> OS-WINDOWS Microsoft Windows storage elevation of privilege attempt
* 1:60193 <-> SERVER-WEBAPP Tenda Router SetIPv6Status command injection attempt
* 1:60194 <-> SERVER-WEBAPP Tenda Router SetIPv6Status command injection attempt
* 1:60195 <-> SERVER-WEBAPP Tenda Router SetIPv6Status command injection attempt
* 1:60196 <-> SERVER-WEBAPP Tenda Router SetIPv6Status command injection attempt
* 1:60197 <-> SERVER-WEBAPP D-Link SetNTPserverSeting command injection attempt
* 1:60198 <-> OS-WINDOWS Microsoft Windows Advanced Local Procedure Call elevation of privilege attempt
* 1:60199 <-> OS-WINDOWS Microsoft Windows Advanced Local Procedure Call elevation of privilege attempt
* 1:60200 <-> SERVER-OTHER IBM TM1 Planning Analytics unauthenticated remote code execution attempt
* 1:60201 <-> OS-WINDOWS Microsoft Windows Server Service tampering attempt
* 1:60202 <-> OS-WINDOWS Microsoft Windows Server Service tampering attempt
* 1:60203 <-> OS-WINDOWS Microsoft Windows SRVSVC bind detected
* 3:60204 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1549 attack attempt
* 3:60205 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1549 attack attempt
* 3:60208 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1550 attack attempt
* 3:60209 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1571 attack attempt
* 3:60210 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1571 attack attempt
* 3:60211 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1571 attack attempt
* 3:60212 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1552 attack attempt
* 3:60215 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1553 attack attempt
* 3:60216 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1553 attack attempt
* 3:60217 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1554 attack attempt
* 3:60218 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1564 attack attempt
* 3:60219 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1530 attack attempt
* 1:60220 <-> BROWSER-CHROME Chrome IPC domDistiller sandbox escape attempt
* 1:60221 <-> BROWSER-CHROME Chrome IPC domDistiller sandbox escape attempt
* 1:60222 <-> BROWSER-CHROME V8 WebAssembly remote code execution attempt
* 1:60223 <-> BROWSER-CHROME V8 WebAssembly remote code execution attempt
* 3:60224 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1565 attack attempt
* 3:60225 <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2022-1544 attack attempt
* 3:60226 <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2022-1544 attack attempt
* 1:60227 <-> SERVER-WEBAPP Apache httpd mod_lua req_parsebody denial of service attempt
* 3:60228 <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2022-1526 attack attempt
* 3:60229 <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2022-1526 attack attempt

Modified Rules:



2022-07-12 17:25:57 UTC

Snort Subscriber Rules Update

Date: 2022-07-11-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.7.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:300212 <-> FILE-OTHER Wecon LeviStudioU DataLogTool history curve set stack-based buffer overflow attempt
* 1:300213 <-> FILE-OTHER Wecon LeviStudioU DataLogTool history curve set stack-based buffer overflow attempt
* 1:300214 <-> FILE-OTHER Wecon LeviStudioU DataLogTool history curve set stack-based buffer overflow attempt
* 1:300215 <-> OS-WINDOWS Microsoft Windows Graphics Component elevation of privilege attempt
* 1:300216 <-> OS-WINDOWS Microsoft Windows CSRS subsytem elevation of privilege attempt
* 1:60181 <-> MALWARE-CNC Win.Trojan.CrimsonRAT outbound communication attempt
* 1:60182 <-> MALWARE-CNC Win.Trojan.CrimsonRAT outbound communication attempt
* 1:60183 <-> MALWARE-CNC Win.Trojan.CrimsonRAT outbound communication attempt
* 1:60184 <-> SERVER-WEBAPP Oracle ADF RemoteApplicationResourceLoader potential unsafe deserialization attempt
* 1:60191 <-> OS-WINDOWS Microsoft Windows storage elevation of privilege attempt
* 1:60192 <-> OS-WINDOWS Microsoft Windows storage elevation of privilege attempt
* 1:60193 <-> SERVER-WEBAPP Tenda Router SetIPv6Status command injection attempt
* 1:60194 <-> SERVER-WEBAPP Tenda Router SetIPv6Status command injection attempt
* 1:60195 <-> SERVER-WEBAPP Tenda Router SetIPv6Status command injection attempt
* 1:60196 <-> SERVER-WEBAPP Tenda Router SetIPv6Status command injection attempt
* 1:60197 <-> SERVER-WEBAPP D-Link SetNTPserverSeting command injection attempt
* 1:60198 <-> OS-WINDOWS Microsoft Windows Advanced Local Procedure Call elevation of privilege attempt
* 1:60199 <-> OS-WINDOWS Microsoft Windows Advanced Local Procedure Call elevation of privilege attempt
* 1:60200 <-> SERVER-OTHER IBM TM1 Planning Analytics unauthenticated remote code execution attempt
* 1:60201 <-> OS-WINDOWS Microsoft Windows Server Service tampering attempt
* 1:60202 <-> OS-WINDOWS Microsoft Windows Server Service tampering attempt
* 1:60203 <-> OS-WINDOWS Microsoft Windows SRVSVC bind detected
* 3:60204 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1549 attack attempt
* 3:60205 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1549 attack attempt
* 3:60208 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1550 attack attempt
* 3:60209 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1571 attack attempt
* 3:60210 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1571 attack attempt
* 3:60211 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1571 attack attempt
* 3:60212 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1552 attack attempt
* 3:60215 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1553 attack attempt
* 3:60216 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1553 attack attempt
* 3:60217 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1554 attack attempt
* 3:60218 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1564 attack attempt
* 3:60219 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1530 attack attempt
* 1:60220 <-> BROWSER-CHROME Chrome IPC domDistiller sandbox escape attempt
* 1:60221 <-> BROWSER-CHROME Chrome IPC domDistiller sandbox escape attempt
* 1:60222 <-> BROWSER-CHROME V8 WebAssembly remote code execution attempt
* 1:60223 <-> BROWSER-CHROME V8 WebAssembly remote code execution attempt
* 3:60224 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1565 attack attempt
* 3:60225 <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2022-1544 attack attempt
* 3:60226 <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2022-1544 attack attempt
* 1:60227 <-> SERVER-WEBAPP Apache httpd mod_lua req_parsebody denial of service attempt
* 3:60228 <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2022-1526 attack attempt
* 3:60229 <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2022-1526 attack attempt

Modified Rules:



2022-07-12 17:25:57 UTC

Snort Subscriber Rules Update

Date: 2022-07-11-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.9.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:300212 <-> FILE-OTHER Wecon LeviStudioU DataLogTool history curve set stack-based buffer overflow attempt
* 1:300213 <-> FILE-OTHER Wecon LeviStudioU DataLogTool history curve set stack-based buffer overflow attempt
* 1:300214 <-> FILE-OTHER Wecon LeviStudioU DataLogTool history curve set stack-based buffer overflow attempt
* 1:300215 <-> OS-WINDOWS Microsoft Windows Graphics Component elevation of privilege attempt
* 1:300216 <-> OS-WINDOWS Microsoft Windows CSRS subsytem elevation of privilege attempt
* 1:60181 <-> MALWARE-CNC Win.Trojan.CrimsonRAT outbound communication attempt
* 1:60182 <-> MALWARE-CNC Win.Trojan.CrimsonRAT outbound communication attempt
* 1:60183 <-> MALWARE-CNC Win.Trojan.CrimsonRAT outbound communication attempt
* 1:60184 <-> SERVER-WEBAPP Oracle ADF RemoteApplicationResourceLoader potential unsafe deserialization attempt
* 1:60191 <-> OS-WINDOWS Microsoft Windows storage elevation of privilege attempt
* 1:60192 <-> OS-WINDOWS Microsoft Windows storage elevation of privilege attempt
* 1:60193 <-> SERVER-WEBAPP Tenda Router SetIPv6Status command injection attempt
* 1:60194 <-> SERVER-WEBAPP Tenda Router SetIPv6Status command injection attempt
* 1:60195 <-> SERVER-WEBAPP Tenda Router SetIPv6Status command injection attempt
* 1:60196 <-> SERVER-WEBAPP Tenda Router SetIPv6Status command injection attempt
* 1:60197 <-> SERVER-WEBAPP D-Link SetNTPserverSeting command injection attempt
* 1:60198 <-> OS-WINDOWS Microsoft Windows Advanced Local Procedure Call elevation of privilege attempt
* 1:60199 <-> OS-WINDOWS Microsoft Windows Advanced Local Procedure Call elevation of privilege attempt
* 1:60200 <-> SERVER-OTHER IBM TM1 Planning Analytics unauthenticated remote code execution attempt
* 1:60201 <-> OS-WINDOWS Microsoft Windows Server Service tampering attempt
* 1:60202 <-> OS-WINDOWS Microsoft Windows Server Service tampering attempt
* 1:60203 <-> OS-WINDOWS Microsoft Windows SRVSVC bind detected
* 3:60204 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1549 attack attempt
* 3:60205 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1549 attack attempt
* 3:60208 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1550 attack attempt
* 3:60209 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1571 attack attempt
* 3:60210 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1571 attack attempt
* 3:60211 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1571 attack attempt
* 3:60212 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1552 attack attempt
* 3:60215 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1553 attack attempt
* 3:60216 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1553 attack attempt
* 3:60217 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1554 attack attempt
* 3:60218 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1564 attack attempt
* 3:60219 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1530 attack attempt
* 1:60220 <-> BROWSER-CHROME Chrome IPC domDistiller sandbox escape attempt
* 1:60221 <-> BROWSER-CHROME Chrome IPC domDistiller sandbox escape attempt
* 1:60222 <-> BROWSER-CHROME V8 WebAssembly remote code execution attempt
* 1:60223 <-> BROWSER-CHROME V8 WebAssembly remote code execution attempt
* 3:60224 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1565 attack attempt
* 3:60225 <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2022-1544 attack attempt
* 3:60226 <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2022-1544 attack attempt
* 1:60227 <-> SERVER-WEBAPP Apache httpd mod_lua req_parsebody denial of service attempt
* 3:60228 <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2022-1526 attack attempt
* 3:60229 <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2022-1526 attack attempt

Modified Rules:



2022-07-12 17:25:57 UTC

Snort Subscriber Rules Update

Date: 2022-07-11-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.11.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:300212 <-> FILE-OTHER Wecon LeviStudioU DataLogTool history curve set stack-based buffer overflow attempt
* 1:300213 <-> FILE-OTHER Wecon LeviStudioU DataLogTool history curve set stack-based buffer overflow attempt
* 1:300214 <-> FILE-OTHER Wecon LeviStudioU DataLogTool history curve set stack-based buffer overflow attempt
* 1:300215 <-> OS-WINDOWS Microsoft Windows Graphics Component elevation of privilege attempt
* 1:300216 <-> OS-WINDOWS Microsoft Windows CSRS subsytem elevation of privilege attempt
* 1:60181 <-> MALWARE-CNC Win.Trojan.CrimsonRAT outbound communication attempt
* 1:60182 <-> MALWARE-CNC Win.Trojan.CrimsonRAT outbound communication attempt
* 1:60183 <-> MALWARE-CNC Win.Trojan.CrimsonRAT outbound communication attempt
* 1:60184 <-> SERVER-WEBAPP Oracle ADF RemoteApplicationResourceLoader potential unsafe deserialization attempt
* 1:60191 <-> OS-WINDOWS Microsoft Windows storage elevation of privilege attempt
* 1:60192 <-> OS-WINDOWS Microsoft Windows storage elevation of privilege attempt
* 1:60193 <-> SERVER-WEBAPP Tenda Router SetIPv6Status command injection attempt
* 1:60194 <-> SERVER-WEBAPP Tenda Router SetIPv6Status command injection attempt
* 1:60195 <-> SERVER-WEBAPP Tenda Router SetIPv6Status command injection attempt
* 1:60196 <-> SERVER-WEBAPP Tenda Router SetIPv6Status command injection attempt
* 1:60197 <-> SERVER-WEBAPP D-Link SetNTPserverSeting command injection attempt
* 1:60198 <-> OS-WINDOWS Microsoft Windows Advanced Local Procedure Call elevation of privilege attempt
* 1:60199 <-> OS-WINDOWS Microsoft Windows Advanced Local Procedure Call elevation of privilege attempt
* 1:60200 <-> SERVER-OTHER IBM TM1 Planning Analytics unauthenticated remote code execution attempt
* 1:60201 <-> OS-WINDOWS Microsoft Windows Server Service tampering attempt
* 1:60202 <-> OS-WINDOWS Microsoft Windows Server Service tampering attempt
* 1:60203 <-> OS-WINDOWS Microsoft Windows SRVSVC bind detected
* 3:60204 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1549 attack attempt
* 3:60205 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1549 attack attempt
* 3:60208 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1550 attack attempt
* 3:60209 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1571 attack attempt
* 3:60210 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1571 attack attempt
* 3:60211 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1571 attack attempt
* 3:60212 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1552 attack attempt
* 3:60215 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1553 attack attempt
* 3:60216 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1553 attack attempt
* 3:60217 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1554 attack attempt
* 3:60218 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1564 attack attempt
* 3:60219 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1530 attack attempt
* 1:60220 <-> BROWSER-CHROME Chrome IPC domDistiller sandbox escape attempt
* 1:60221 <-> BROWSER-CHROME Chrome IPC domDistiller sandbox escape attempt
* 1:60222 <-> BROWSER-CHROME V8 WebAssembly remote code execution attempt
* 1:60223 <-> BROWSER-CHROME V8 WebAssembly remote code execution attempt
* 3:60224 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1565 attack attempt
* 3:60225 <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2022-1544 attack attempt
* 3:60226 <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2022-1544 attack attempt
* 1:60227 <-> SERVER-WEBAPP Apache httpd mod_lua req_parsebody denial of service attempt
* 3:60228 <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2022-1526 attack attempt
* 3:60229 <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2022-1526 attack attempt

Modified Rules:



2022-07-12 17:25:57 UTC

Snort Subscriber Rules Update

Date: 2022-07-11-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.15.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:300212 <-> FILE-OTHER Wecon LeviStudioU DataLogTool history curve set stack-based buffer overflow attempt
* 1:300213 <-> FILE-OTHER Wecon LeviStudioU DataLogTool history curve set stack-based buffer overflow attempt
* 1:300214 <-> FILE-OTHER Wecon LeviStudioU DataLogTool history curve set stack-based buffer overflow attempt
* 1:300215 <-> OS-WINDOWS Microsoft Windows Graphics Component elevation of privilege attempt
* 1:300216 <-> OS-WINDOWS Microsoft Windows CSRS subsytem elevation of privilege attempt
* 1:60181 <-> MALWARE-CNC Win.Trojan.CrimsonRAT outbound communication attempt
* 1:60182 <-> MALWARE-CNC Win.Trojan.CrimsonRAT outbound communication attempt
* 1:60183 <-> MALWARE-CNC Win.Trojan.CrimsonRAT outbound communication attempt
* 1:60184 <-> SERVER-WEBAPP Oracle ADF RemoteApplicationResourceLoader potential unsafe deserialization attempt
* 1:60191 <-> OS-WINDOWS Microsoft Windows storage elevation of privilege attempt
* 1:60192 <-> OS-WINDOWS Microsoft Windows storage elevation of privilege attempt
* 1:60193 <-> SERVER-WEBAPP Tenda Router SetIPv6Status command injection attempt
* 1:60194 <-> SERVER-WEBAPP Tenda Router SetIPv6Status command injection attempt
* 1:60195 <-> SERVER-WEBAPP Tenda Router SetIPv6Status command injection attempt
* 1:60196 <-> SERVER-WEBAPP Tenda Router SetIPv6Status command injection attempt
* 1:60197 <-> SERVER-WEBAPP D-Link SetNTPserverSeting command injection attempt
* 1:60198 <-> OS-WINDOWS Microsoft Windows Advanced Local Procedure Call elevation of privilege attempt
* 1:60199 <-> OS-WINDOWS Microsoft Windows Advanced Local Procedure Call elevation of privilege attempt
* 1:60200 <-> SERVER-OTHER IBM TM1 Planning Analytics unauthenticated remote code execution attempt
* 1:60201 <-> OS-WINDOWS Microsoft Windows Server Service tampering attempt
* 1:60202 <-> OS-WINDOWS Microsoft Windows Server Service tampering attempt
* 1:60203 <-> OS-WINDOWS Microsoft Windows SRVSVC bind detected
* 3:60204 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1549 attack attempt
* 3:60205 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1549 attack attempt
* 3:60208 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1550 attack attempt
* 3:60209 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1571 attack attempt
* 3:60210 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1571 attack attempt
* 3:60211 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1571 attack attempt
* 3:60212 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1552 attack attempt
* 3:60215 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1553 attack attempt
* 3:60216 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1553 attack attempt
* 3:60217 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1554 attack attempt
* 3:60218 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1564 attack attempt
* 3:60219 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1530 attack attempt
* 1:60220 <-> BROWSER-CHROME Chrome IPC domDistiller sandbox escape attempt
* 1:60221 <-> BROWSER-CHROME Chrome IPC domDistiller sandbox escape attempt
* 1:60222 <-> BROWSER-CHROME V8 WebAssembly remote code execution attempt
* 1:60223 <-> BROWSER-CHROME V8 WebAssembly remote code execution attempt
* 3:60224 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1565 attack attempt
* 3:60225 <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2022-1544 attack attempt
* 3:60226 <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2022-1544 attack attempt
* 1:60227 <-> SERVER-WEBAPP Apache httpd mod_lua req_parsebody denial of service attempt
* 3:60228 <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2022-1526 attack attempt
* 3:60229 <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2022-1526 attack attempt

Modified Rules:



2022-07-12 17:25:57 UTC

Snort Subscriber Rules Update

Date: 2022-07-11-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.18.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:300212 <-> FILE-OTHER Wecon LeviStudioU DataLogTool history curve set stack-based buffer overflow attempt
* 1:300213 <-> FILE-OTHER Wecon LeviStudioU DataLogTool history curve set stack-based buffer overflow attempt
* 1:300214 <-> FILE-OTHER Wecon LeviStudioU DataLogTool history curve set stack-based buffer overflow attempt
* 1:300215 <-> OS-WINDOWS Microsoft Windows Graphics Component elevation of privilege attempt
* 1:300216 <-> OS-WINDOWS Microsoft Windows CSRS subsytem elevation of privilege attempt
* 1:60181 <-> MALWARE-CNC Win.Trojan.CrimsonRAT outbound communication attempt
* 1:60182 <-> MALWARE-CNC Win.Trojan.CrimsonRAT outbound communication attempt
* 1:60183 <-> MALWARE-CNC Win.Trojan.CrimsonRAT outbound communication attempt
* 1:60184 <-> SERVER-WEBAPP Oracle ADF RemoteApplicationResourceLoader potential unsafe deserialization attempt
* 1:60191 <-> OS-WINDOWS Microsoft Windows storage elevation of privilege attempt
* 1:60192 <-> OS-WINDOWS Microsoft Windows storage elevation of privilege attempt
* 1:60193 <-> SERVER-WEBAPP Tenda Router SetIPv6Status command injection attempt
* 1:60194 <-> SERVER-WEBAPP Tenda Router SetIPv6Status command injection attempt
* 1:60195 <-> SERVER-WEBAPP Tenda Router SetIPv6Status command injection attempt
* 1:60196 <-> SERVER-WEBAPP Tenda Router SetIPv6Status command injection attempt
* 1:60197 <-> SERVER-WEBAPP D-Link SetNTPserverSeting command injection attempt
* 1:60198 <-> OS-WINDOWS Microsoft Windows Advanced Local Procedure Call elevation of privilege attempt
* 1:60199 <-> OS-WINDOWS Microsoft Windows Advanced Local Procedure Call elevation of privilege attempt
* 1:60200 <-> SERVER-OTHER IBM TM1 Planning Analytics unauthenticated remote code execution attempt
* 1:60201 <-> OS-WINDOWS Microsoft Windows Server Service tampering attempt
* 1:60202 <-> OS-WINDOWS Microsoft Windows Server Service tampering attempt
* 1:60203 <-> OS-WINDOWS Microsoft Windows SRVSVC bind detected
* 3:60204 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1549 attack attempt
* 3:60205 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1549 attack attempt
* 3:60208 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1550 attack attempt
* 3:60209 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1571 attack attempt
* 3:60210 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1571 attack attempt
* 3:60211 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1571 attack attempt
* 3:60212 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1552 attack attempt
* 3:60215 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1553 attack attempt
* 3:60216 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1553 attack attempt
* 3:60217 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1554 attack attempt
* 3:60218 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1564 attack attempt
* 3:60219 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1530 attack attempt
* 1:60220 <-> BROWSER-CHROME Chrome IPC domDistiller sandbox escape attempt
* 1:60221 <-> BROWSER-CHROME Chrome IPC domDistiller sandbox escape attempt
* 1:60222 <-> BROWSER-CHROME V8 WebAssembly remote code execution attempt
* 1:60223 <-> BROWSER-CHROME V8 WebAssembly remote code execution attempt
* 3:60224 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1565 attack attempt
* 3:60225 <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2022-1544 attack attempt
* 3:60226 <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2022-1544 attack attempt
* 1:60227 <-> SERVER-WEBAPP Apache httpd mod_lua req_parsebody denial of service attempt
* 3:60228 <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2022-1526 attack attempt
* 3:60229 <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2022-1526 attack attempt

Modified Rules:



2022-07-12 17:25:57 UTC

Snort Subscriber Rules Update

Date: 2022-07-11-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.20.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:300212 <-> FILE-OTHER Wecon LeviStudioU DataLogTool history curve set stack-based buffer overflow attempt
* 1:300213 <-> FILE-OTHER Wecon LeviStudioU DataLogTool history curve set stack-based buffer overflow attempt
* 1:300214 <-> FILE-OTHER Wecon LeviStudioU DataLogTool history curve set stack-based buffer overflow attempt
* 1:300215 <-> OS-WINDOWS Microsoft Windows Graphics Component elevation of privilege attempt
* 1:300216 <-> OS-WINDOWS Microsoft Windows CSRS subsytem elevation of privilege attempt
* 1:60181 <-> MALWARE-CNC Win.Trojan.CrimsonRAT outbound communication attempt
* 1:60182 <-> MALWARE-CNC Win.Trojan.CrimsonRAT outbound communication attempt
* 1:60183 <-> MALWARE-CNC Win.Trojan.CrimsonRAT outbound communication attempt
* 1:60184 <-> SERVER-WEBAPP Oracle ADF RemoteApplicationResourceLoader potential unsafe deserialization attempt
* 1:60191 <-> OS-WINDOWS Microsoft Windows storage elevation of privilege attempt
* 1:60192 <-> OS-WINDOWS Microsoft Windows storage elevation of privilege attempt
* 1:60193 <-> SERVER-WEBAPP Tenda Router SetIPv6Status command injection attempt
* 1:60194 <-> SERVER-WEBAPP Tenda Router SetIPv6Status command injection attempt
* 1:60195 <-> SERVER-WEBAPP Tenda Router SetIPv6Status command injection attempt
* 1:60196 <-> SERVER-WEBAPP Tenda Router SetIPv6Status command injection attempt
* 1:60197 <-> SERVER-WEBAPP D-Link SetNTPserverSeting command injection attempt
* 1:60198 <-> OS-WINDOWS Microsoft Windows Advanced Local Procedure Call elevation of privilege attempt
* 1:60199 <-> OS-WINDOWS Microsoft Windows Advanced Local Procedure Call elevation of privilege attempt
* 1:60200 <-> SERVER-OTHER IBM TM1 Planning Analytics unauthenticated remote code execution attempt
* 1:60201 <-> OS-WINDOWS Microsoft Windows Server Service tampering attempt
* 1:60202 <-> OS-WINDOWS Microsoft Windows Server Service tampering attempt
* 1:60203 <-> OS-WINDOWS Microsoft Windows SRVSVC bind detected
* 3:60204 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1549 attack attempt
* 3:60205 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1549 attack attempt
* 3:60208 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1550 attack attempt
* 3:60209 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1571 attack attempt
* 3:60210 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1571 attack attempt
* 3:60211 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1571 attack attempt
* 3:60212 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1552 attack attempt
* 3:60215 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1553 attack attempt
* 3:60216 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1553 attack attempt
* 3:60217 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1554 attack attempt
* 3:60218 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1564 attack attempt
* 3:60219 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1530 attack attempt
* 1:60220 <-> BROWSER-CHROME Chrome IPC domDistiller sandbox escape attempt
* 1:60221 <-> BROWSER-CHROME Chrome IPC domDistiller sandbox escape attempt
* 1:60222 <-> BROWSER-CHROME V8 WebAssembly remote code execution attempt
* 1:60223 <-> BROWSER-CHROME V8 WebAssembly remote code execution attempt
* 3:60224 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1565 attack attempt
* 3:60225 <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2022-1544 attack attempt
* 3:60226 <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2022-1544 attack attempt
* 1:60227 <-> SERVER-WEBAPP Apache httpd mod_lua req_parsebody denial of service attempt
* 3:60228 <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2022-1526 attack attempt
* 3:60229 <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2022-1526 attack attempt

Modified Rules:



2022-07-12 17:25:57 UTC

Snort Subscriber Rules Update

Date: 2022-07-11-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.21.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:300212 <-> FILE-OTHER Wecon LeviStudioU DataLogTool history curve set stack-based buffer overflow attempt
* 1:300213 <-> FILE-OTHER Wecon LeviStudioU DataLogTool history curve set stack-based buffer overflow attempt
* 1:300214 <-> FILE-OTHER Wecon LeviStudioU DataLogTool history curve set stack-based buffer overflow attempt
* 1:300215 <-> OS-WINDOWS Microsoft Windows Graphics Component elevation of privilege attempt
* 1:300216 <-> OS-WINDOWS Microsoft Windows CSRS subsytem elevation of privilege attempt
* 1:60181 <-> MALWARE-CNC Win.Trojan.CrimsonRAT outbound communication attempt
* 1:60182 <-> MALWARE-CNC Win.Trojan.CrimsonRAT outbound communication attempt
* 1:60183 <-> MALWARE-CNC Win.Trojan.CrimsonRAT outbound communication attempt
* 1:60184 <-> SERVER-WEBAPP Oracle ADF RemoteApplicationResourceLoader potential unsafe deserialization attempt
* 1:60191 <-> OS-WINDOWS Microsoft Windows storage elevation of privilege attempt
* 1:60192 <-> OS-WINDOWS Microsoft Windows storage elevation of privilege attempt
* 1:60193 <-> SERVER-WEBAPP Tenda Router SetIPv6Status command injection attempt
* 1:60194 <-> SERVER-WEBAPP Tenda Router SetIPv6Status command injection attempt
* 1:60195 <-> SERVER-WEBAPP Tenda Router SetIPv6Status command injection attempt
* 1:60196 <-> SERVER-WEBAPP Tenda Router SetIPv6Status command injection attempt
* 1:60197 <-> SERVER-WEBAPP D-Link SetNTPserverSeting command injection attempt
* 1:60198 <-> OS-WINDOWS Microsoft Windows Advanced Local Procedure Call elevation of privilege attempt
* 1:60199 <-> OS-WINDOWS Microsoft Windows Advanced Local Procedure Call elevation of privilege attempt
* 1:60200 <-> SERVER-OTHER IBM TM1 Planning Analytics unauthenticated remote code execution attempt
* 1:60201 <-> OS-WINDOWS Microsoft Windows Server Service tampering attempt
* 1:60202 <-> OS-WINDOWS Microsoft Windows Server Service tampering attempt
* 1:60203 <-> OS-WINDOWS Microsoft Windows SRVSVC bind detected
* 3:60204 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1549 attack attempt
* 3:60205 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1549 attack attempt
* 3:60208 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1550 attack attempt
* 3:60209 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1571 attack attempt
* 3:60210 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1571 attack attempt
* 3:60211 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1571 attack attempt
* 3:60212 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1552 attack attempt
* 3:60215 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1553 attack attempt
* 3:60216 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2022-1553 attack attempt
* 3:60217 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1554 attack attempt
* 3:60218 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1564 attack attempt
* 3:60219 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1530 attack attempt
* 1:60220 <-> BROWSER-CHROME Chrome IPC domDistiller sandbox escape attempt
* 1:60221 <-> BROWSER-CHROME Chrome IPC domDistiller sandbox escape attempt
* 1:60222 <-> BROWSER-CHROME V8 WebAssembly remote code execution attempt
* 1:60223 <-> BROWSER-CHROME V8 WebAssembly remote code execution attempt
* 3:60224 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1565 attack attempt
* 3:60225 <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2022-1544 attack attempt
* 3:60226 <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2022-1544 attack attempt
* 1:60227 <-> SERVER-WEBAPP Apache httpd mod_lua req_parsebody denial of service attempt
* 3:60228 <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2022-1526 attack attempt
* 3:60229 <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2022-1526 attack attempt

Modified Rules: