Talos has added and modified multiple rules in the file-office, malware-cnc, malware-other and server-webapp rule sets to provide coverage for emerging threats from these technologies.
For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2092000.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:61075 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Agenda variant binary download attempt (malware-other.rules) * 1:61076 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Agenda variant binary download attempt (malware-other.rules) * 1:61081 <-> DISABLED <-> SERVER-WEBAPP mojoPortal Forums txtTitle cross site scripting attempt (server-webapp.rules) * 1:61082 <-> DISABLED <-> SERVER-WEBAPP mojoPortal Forums txtTitle cross site scripting attempt (server-webapp.rules) * 1:61083 <-> ENABLED <-> MALWARE-CNC Php.Webshell.IronShell outbound connection (malware-cnc.rules) * 1:61084 <-> ENABLED <-> MALWARE-CNC Php.Webshell.IronShell inbound connection (malware-cnc.rules) * 1:61085 <-> ENABLED <-> MALWARE-OTHER HTML.Exploit.C99 suspicious file upload (malware-other.rules) * 3:61087 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules) * 3:61086 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules) * 3:61080 <-> ENABLED <-> SERVER-WEBAPP Cisco BroadWorks Application Delivery Platform denial of service attempt (server-webapp.rules) * 3:61088 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules) * 3:61077 <-> ENABLED <-> SERVER-WEBAPP Cisco IP Phone web interface authentication bypass attempt (server-webapp.rules) * 3:61089 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules) * 3:61078 <-> ENABLED <-> SERVER-WEBAPP Cisco Industrial Network Director cross site scripting attempt (server-webapp.rules) * 3:61090 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers authentication bypass attempt (server-webapp.rules) * 3:61091 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2022-1684 attack attempt (file-office.rules) * 3:61092 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2022-1684 attack attempt (file-office.rules) * 3:61093 <-> ENABLED <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2022-1674 attack attempt (protocol-scada.rules) * 3:61079 <-> ENABLED <-> SERVER-WEBAPP Cisco BroadWorks Application Delivery Platform denial of service attempt (server-webapp.rules)
* 1:60256 <-> DISABLED <-> SERVER-WEBAPP Nexus Repository Manager Java EL Injection RCE attempt (server-webapp.rules) * 1:60793 <-> ENABLED <-> SERVER-WEBAPP VMware Cloud Foundation NSX Manager XStream remote code execution attempt (server-webapp.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091900.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:61081 <-> DISABLED <-> SERVER-WEBAPP mojoPortal Forums txtTitle cross site scripting attempt (server-webapp.rules) * 1:61082 <-> DISABLED <-> SERVER-WEBAPP mojoPortal Forums txtTitle cross site scripting attempt (server-webapp.rules) * 1:61085 <-> ENABLED <-> MALWARE-OTHER HTML.Exploit.C99 suspicious file upload (malware-other.rules) * 1:61084 <-> ENABLED <-> MALWARE-CNC Php.Webshell.IronShell inbound connection (malware-cnc.rules) * 1:61075 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Agenda variant binary download attempt (malware-other.rules) * 1:61076 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Agenda variant binary download attempt (malware-other.rules) * 1:61083 <-> ENABLED <-> MALWARE-CNC Php.Webshell.IronShell outbound connection (malware-cnc.rules) * 3:61079 <-> ENABLED <-> SERVER-WEBAPP Cisco BroadWorks Application Delivery Platform denial of service attempt (server-webapp.rules) * 3:61080 <-> ENABLED <-> SERVER-WEBAPP Cisco BroadWorks Application Delivery Platform denial of service attempt (server-webapp.rules) * 3:61086 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules) * 3:61087 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules) * 3:61093 <-> ENABLED <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2022-1674 attack attempt (protocol-scada.rules) * 3:61092 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2022-1684 attack attempt (file-office.rules) * 3:61091 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2022-1684 attack attempt (file-office.rules) * 3:61088 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules) * 3:61090 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers authentication bypass attempt (server-webapp.rules) * 3:61077 <-> ENABLED <-> SERVER-WEBAPP Cisco IP Phone web interface authentication bypass attempt (server-webapp.rules) * 3:61078 <-> ENABLED <-> SERVER-WEBAPP Cisco Industrial Network Director cross site scripting attempt (server-webapp.rules) * 3:61089 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules)
* 1:60256 <-> DISABLED <-> SERVER-WEBAPP Nexus Repository Manager Java EL Injection RCE attempt (server-webapp.rules) * 1:60793 <-> ENABLED <-> SERVER-WEBAPP VMware Cloud Foundation NSX Manager XStream remote code execution attempt (server-webapp.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091801.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:61075 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Agenda variant binary download attempt (malware-other.rules) * 1:61084 <-> ENABLED <-> MALWARE-CNC Php.Webshell.IronShell inbound connection (malware-cnc.rules) * 1:61081 <-> DISABLED <-> SERVER-WEBAPP mojoPortal Forums txtTitle cross site scripting attempt (server-webapp.rules) * 1:61083 <-> ENABLED <-> MALWARE-CNC Php.Webshell.IronShell outbound connection (malware-cnc.rules) * 1:61085 <-> ENABLED <-> MALWARE-OTHER HTML.Exploit.C99 suspicious file upload (malware-other.rules) * 1:61076 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Agenda variant binary download attempt (malware-other.rules) * 1:61082 <-> DISABLED <-> SERVER-WEBAPP mojoPortal Forums txtTitle cross site scripting attempt (server-webapp.rules) * 3:61093 <-> ENABLED <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2022-1674 attack attempt (protocol-scada.rules) * 3:61088 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules) * 3:61080 <-> ENABLED <-> SERVER-WEBAPP Cisco BroadWorks Application Delivery Platform denial of service attempt (server-webapp.rules) * 3:61079 <-> ENABLED <-> SERVER-WEBAPP Cisco BroadWorks Application Delivery Platform denial of service attempt (server-webapp.rules) * 3:61077 <-> ENABLED <-> SERVER-WEBAPP Cisco IP Phone web interface authentication bypass attempt (server-webapp.rules) * 3:61078 <-> ENABLED <-> SERVER-WEBAPP Cisco Industrial Network Director cross site scripting attempt (server-webapp.rules) * 3:61087 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules) * 3:61089 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules) * 3:61091 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2022-1684 attack attempt (file-office.rules) * 3:61090 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers authentication bypass attempt (server-webapp.rules) * 3:61086 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules) * 3:61092 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2022-1684 attack attempt (file-office.rules)
* 1:60793 <-> ENABLED <-> SERVER-WEBAPP VMware Cloud Foundation NSX Manager XStream remote code execution attempt (server-webapp.rules) * 1:60256 <-> DISABLED <-> SERVER-WEBAPP Nexus Repository Manager Java EL Injection RCE attempt (server-webapp.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091701.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:61075 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Agenda variant binary download attempt (malware-other.rules) * 1:61076 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Agenda variant binary download attempt (malware-other.rules) * 1:61081 <-> DISABLED <-> SERVER-WEBAPP mojoPortal Forums txtTitle cross site scripting attempt (server-webapp.rules) * 1:61084 <-> ENABLED <-> MALWARE-CNC Php.Webshell.IronShell inbound connection (malware-cnc.rules) * 1:61082 <-> DISABLED <-> SERVER-WEBAPP mojoPortal Forums txtTitle cross site scripting attempt (server-webapp.rules) * 1:61083 <-> ENABLED <-> MALWARE-CNC Php.Webshell.IronShell outbound connection (malware-cnc.rules) * 1:61085 <-> ENABLED <-> MALWARE-OTHER HTML.Exploit.C99 suspicious file upload (malware-other.rules) * 3:61091 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2022-1684 attack attempt (file-office.rules) * 3:61093 <-> ENABLED <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2022-1674 attack attempt (protocol-scada.rules) * 3:61088 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules) * 3:61089 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules) * 3:61080 <-> ENABLED <-> SERVER-WEBAPP Cisco BroadWorks Application Delivery Platform denial of service attempt (server-webapp.rules) * 3:61079 <-> ENABLED <-> SERVER-WEBAPP Cisco BroadWorks Application Delivery Platform denial of service attempt (server-webapp.rules) * 3:61090 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers authentication bypass attempt (server-webapp.rules) * 3:61077 <-> ENABLED <-> SERVER-WEBAPP Cisco IP Phone web interface authentication bypass attempt (server-webapp.rules) * 3:61078 <-> ENABLED <-> SERVER-WEBAPP Cisco Industrial Network Director cross site scripting attempt (server-webapp.rules) * 3:61086 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules) * 3:61092 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2022-1684 attack attempt (file-office.rules) * 3:61087 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules)
* 1:60256 <-> DISABLED <-> SERVER-WEBAPP Nexus Repository Manager Java EL Injection RCE attempt (server-webapp.rules) * 1:60793 <-> ENABLED <-> SERVER-WEBAPP VMware Cloud Foundation NSX Manager XStream remote code execution attempt (server-webapp.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091700.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:61084 <-> ENABLED <-> MALWARE-CNC Php.Webshell.IronShell inbound connection (malware-cnc.rules) * 1:61075 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Agenda variant binary download attempt (malware-other.rules) * 1:61076 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Agenda variant binary download attempt (malware-other.rules) * 1:61083 <-> ENABLED <-> MALWARE-CNC Php.Webshell.IronShell outbound connection (malware-cnc.rules) * 1:61082 <-> DISABLED <-> SERVER-WEBAPP mojoPortal Forums txtTitle cross site scripting attempt (server-webapp.rules) * 1:61081 <-> DISABLED <-> SERVER-WEBAPP mojoPortal Forums txtTitle cross site scripting attempt (server-webapp.rules) * 1:61085 <-> ENABLED <-> MALWARE-OTHER HTML.Exploit.C99 suspicious file upload (malware-other.rules) * 3:61080 <-> ENABLED <-> SERVER-WEBAPP Cisco BroadWorks Application Delivery Platform denial of service attempt (server-webapp.rules) * 3:61092 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2022-1684 attack attempt (file-office.rules) * 3:61090 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers authentication bypass attempt (server-webapp.rules) * 3:61089 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules) * 3:61088 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules) * 3:61091 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2022-1684 attack attempt (file-office.rules) * 3:61079 <-> ENABLED <-> SERVER-WEBAPP Cisco BroadWorks Application Delivery Platform denial of service attempt (server-webapp.rules) * 3:61087 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules) * 3:61077 <-> ENABLED <-> SERVER-WEBAPP Cisco IP Phone web interface authentication bypass attempt (server-webapp.rules) * 3:61078 <-> ENABLED <-> SERVER-WEBAPP Cisco Industrial Network Director cross site scripting attempt (server-webapp.rules) * 3:61093 <-> ENABLED <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2022-1674 attack attempt (protocol-scada.rules) * 3:61086 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules)
* 1:60256 <-> DISABLED <-> SERVER-WEBAPP Nexus Repository Manager Java EL Injection RCE attempt (server-webapp.rules) * 1:60793 <-> ENABLED <-> SERVER-WEBAPP VMware Cloud Foundation NSX Manager XStream remote code execution attempt (server-webapp.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091601.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:61081 <-> DISABLED <-> SERVER-WEBAPP mojoPortal Forums txtTitle cross site scripting attempt (server-webapp.rules) * 1:61076 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Agenda variant binary download attempt (malware-other.rules) * 1:61083 <-> ENABLED <-> MALWARE-CNC Php.Webshell.IronShell outbound connection (malware-cnc.rules) * 1:61084 <-> ENABLED <-> MALWARE-CNC Php.Webshell.IronShell inbound connection (malware-cnc.rules) * 1:61085 <-> ENABLED <-> MALWARE-OTHER HTML.Exploit.C99 suspicious file upload (malware-other.rules) * 1:61075 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Agenda variant binary download attempt (malware-other.rules) * 1:61082 <-> DISABLED <-> SERVER-WEBAPP mojoPortal Forums txtTitle cross site scripting attempt (server-webapp.rules) * 3:61089 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules) * 3:61079 <-> ENABLED <-> SERVER-WEBAPP Cisco BroadWorks Application Delivery Platform denial of service attempt (server-webapp.rules) * 3:61080 <-> ENABLED <-> SERVER-WEBAPP Cisco BroadWorks Application Delivery Platform denial of service attempt (server-webapp.rules) * 3:61091 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2022-1684 attack attempt (file-office.rules) * 3:61092 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2022-1684 attack attempt (file-office.rules) * 3:61090 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers authentication bypass attempt (server-webapp.rules) * 3:61087 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules) * 3:61077 <-> ENABLED <-> SERVER-WEBAPP Cisco IP Phone web interface authentication bypass attempt (server-webapp.rules) * 3:61093 <-> ENABLED <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2022-1674 attack attempt (protocol-scada.rules) * 3:61088 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules) * 3:61078 <-> ENABLED <-> SERVER-WEBAPP Cisco Industrial Network Director cross site scripting attempt (server-webapp.rules) * 3:61086 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules)
* 1:60793 <-> ENABLED <-> SERVER-WEBAPP VMware Cloud Foundation NSX Manager XStream remote code execution attempt (server-webapp.rules) * 1:60256 <-> DISABLED <-> SERVER-WEBAPP Nexus Repository Manager Java EL Injection RCE attempt (server-webapp.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091600.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:61075 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Agenda variant binary download attempt (malware-other.rules) * 1:61085 <-> ENABLED <-> MALWARE-OTHER HTML.Exploit.C99 suspicious file upload (malware-other.rules) * 1:61083 <-> ENABLED <-> MALWARE-CNC Php.Webshell.IronShell outbound connection (malware-cnc.rules) * 1:61081 <-> DISABLED <-> SERVER-WEBAPP mojoPortal Forums txtTitle cross site scripting attempt (server-webapp.rules) * 1:61084 <-> ENABLED <-> MALWARE-CNC Php.Webshell.IronShell inbound connection (malware-cnc.rules) * 1:61082 <-> DISABLED <-> SERVER-WEBAPP mojoPortal Forums txtTitle cross site scripting attempt (server-webapp.rules) * 1:61076 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Agenda variant binary download attempt (malware-other.rules) * 3:61080 <-> ENABLED <-> SERVER-WEBAPP Cisco BroadWorks Application Delivery Platform denial of service attempt (server-webapp.rules) * 3:61088 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules) * 3:61087 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules) * 3:61091 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2022-1684 attack attempt (file-office.rules) * 3:61092 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2022-1684 attack attempt (file-office.rules) * 3:61089 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules) * 3:61077 <-> ENABLED <-> SERVER-WEBAPP Cisco IP Phone web interface authentication bypass attempt (server-webapp.rules) * 3:61079 <-> ENABLED <-> SERVER-WEBAPP Cisco BroadWorks Application Delivery Platform denial of service attempt (server-webapp.rules) * 3:61078 <-> ENABLED <-> SERVER-WEBAPP Cisco Industrial Network Director cross site scripting attempt (server-webapp.rules) * 3:61093 <-> ENABLED <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2022-1674 attack attempt (protocol-scada.rules) * 3:61086 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules) * 3:61090 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers authentication bypass attempt (server-webapp.rules)
* 1:60256 <-> DISABLED <-> SERVER-WEBAPP Nexus Repository Manager Java EL Injection RCE attempt (server-webapp.rules) * 1:60793 <-> ENABLED <-> SERVER-WEBAPP VMware Cloud Foundation NSX Manager XStream remote code execution attempt (server-webapp.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091501.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:61075 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Agenda variant binary download attempt (malware-other.rules) * 1:61082 <-> DISABLED <-> SERVER-WEBAPP mojoPortal Forums txtTitle cross site scripting attempt (server-webapp.rules) * 1:61083 <-> ENABLED <-> MALWARE-CNC Php.Webshell.IronShell outbound connection (malware-cnc.rules) * 1:61084 <-> ENABLED <-> MALWARE-CNC Php.Webshell.IronShell inbound connection (malware-cnc.rules) * 1:61081 <-> DISABLED <-> SERVER-WEBAPP mojoPortal Forums txtTitle cross site scripting attempt (server-webapp.rules) * 1:61085 <-> ENABLED <-> MALWARE-OTHER HTML.Exploit.C99 suspicious file upload (malware-other.rules) * 1:61076 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Agenda variant binary download attempt (malware-other.rules) * 3:61091 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2022-1684 attack attempt (file-office.rules) * 3:61079 <-> ENABLED <-> SERVER-WEBAPP Cisco BroadWorks Application Delivery Platform denial of service attempt (server-webapp.rules) * 3:61088 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules) * 3:61092 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2022-1684 attack attempt (file-office.rules) * 3:61086 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules) * 3:61087 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules) * 3:61089 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules) * 3:61090 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers authentication bypass attempt (server-webapp.rules) * 3:61093 <-> ENABLED <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2022-1674 attack attempt (protocol-scada.rules) * 3:61077 <-> ENABLED <-> SERVER-WEBAPP Cisco IP Phone web interface authentication bypass attempt (server-webapp.rules) * 3:61080 <-> ENABLED <-> SERVER-WEBAPP Cisco BroadWorks Application Delivery Platform denial of service attempt (server-webapp.rules) * 3:61078 <-> ENABLED <-> SERVER-WEBAPP Cisco Industrial Network Director cross site scripting attempt (server-webapp.rules)
* 1:60793 <-> ENABLED <-> SERVER-WEBAPP VMware Cloud Foundation NSX Manager XStream remote code execution attempt (server-webapp.rules) * 1:60256 <-> DISABLED <-> SERVER-WEBAPP Nexus Repository Manager Java EL Injection RCE attempt (server-webapp.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091401.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:61081 <-> DISABLED <-> SERVER-WEBAPP mojoPortal Forums txtTitle cross site scripting attempt (server-webapp.rules) * 1:61085 <-> ENABLED <-> MALWARE-OTHER HTML.Exploit.C99 suspicious file upload (malware-other.rules) * 1:61084 <-> ENABLED <-> MALWARE-CNC Php.Webshell.IronShell inbound connection (malware-cnc.rules) * 1:61082 <-> DISABLED <-> SERVER-WEBAPP mojoPortal Forums txtTitle cross site scripting attempt (server-webapp.rules) * 1:61075 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Agenda variant binary download attempt (malware-other.rules) * 1:61076 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Agenda variant binary download attempt (malware-other.rules) * 1:61083 <-> ENABLED <-> MALWARE-CNC Php.Webshell.IronShell outbound connection (malware-cnc.rules) * 3:61090 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers authentication bypass attempt (server-webapp.rules) * 3:61086 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules) * 3:61092 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2022-1684 attack attempt (file-office.rules) * 3:61089 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules) * 3:61087 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules) * 3:61091 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2022-1684 attack attempt (file-office.rules) * 3:61077 <-> ENABLED <-> SERVER-WEBAPP Cisco IP Phone web interface authentication bypass attempt (server-webapp.rules) * 3:61093 <-> ENABLED <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2022-1674 attack attempt (protocol-scada.rules) * 3:61079 <-> ENABLED <-> SERVER-WEBAPP Cisco BroadWorks Application Delivery Platform denial of service attempt (server-webapp.rules) * 3:61078 <-> ENABLED <-> SERVER-WEBAPP Cisco Industrial Network Director cross site scripting attempt (server-webapp.rules) * 3:61080 <-> ENABLED <-> SERVER-WEBAPP Cisco BroadWorks Application Delivery Platform denial of service attempt (server-webapp.rules) * 3:61088 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules)
* 1:60256 <-> DISABLED <-> SERVER-WEBAPP Nexus Repository Manager Java EL Injection RCE attempt (server-webapp.rules) * 1:60793 <-> ENABLED <-> SERVER-WEBAPP VMware Cloud Foundation NSX Manager XStream remote code execution attempt (server-webapp.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091300.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:61075 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Agenda variant binary download attempt (malware-other.rules) * 1:61082 <-> DISABLED <-> SERVER-WEBAPP mojoPortal Forums txtTitle cross site scripting attempt (server-webapp.rules) * 1:61083 <-> ENABLED <-> MALWARE-CNC Php.Webshell.IronShell outbound connection (malware-cnc.rules) * 1:61076 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Agenda variant binary download attempt (malware-other.rules) * 1:61081 <-> DISABLED <-> SERVER-WEBAPP mojoPortal Forums txtTitle cross site scripting attempt (server-webapp.rules) * 1:61084 <-> ENABLED <-> MALWARE-CNC Php.Webshell.IronShell inbound connection (malware-cnc.rules) * 1:61085 <-> ENABLED <-> MALWARE-OTHER HTML.Exploit.C99 suspicious file upload (malware-other.rules) * 3:61091 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2022-1684 attack attempt (file-office.rules) * 3:61080 <-> ENABLED <-> SERVER-WEBAPP Cisco BroadWorks Application Delivery Platform denial of service attempt (server-webapp.rules) * 3:61087 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules) * 3:61092 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2022-1684 attack attempt (file-office.rules) * 3:61089 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules) * 3:61090 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers authentication bypass attempt (server-webapp.rules) * 3:61088 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules) * 3:61079 <-> ENABLED <-> SERVER-WEBAPP Cisco BroadWorks Application Delivery Platform denial of service attempt (server-webapp.rules) * 3:61093 <-> ENABLED <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2022-1674 attack attempt (protocol-scada.rules) * 3:61077 <-> ENABLED <-> SERVER-WEBAPP Cisco IP Phone web interface authentication bypass attempt (server-webapp.rules) * 3:61078 <-> ENABLED <-> SERVER-WEBAPP Cisco Industrial Network Director cross site scripting attempt (server-webapp.rules) * 3:61086 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules)
* 1:60256 <-> DISABLED <-> SERVER-WEBAPP Nexus Repository Manager Java EL Injection RCE attempt (server-webapp.rules) * 1:60793 <-> ENABLED <-> SERVER-WEBAPP VMware Cloud Foundation NSX Manager XStream remote code execution attempt (server-webapp.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091101.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:61085 <-> ENABLED <-> MALWARE-OTHER HTML.Exploit.C99 suspicious file upload (malware-other.rules) * 1:61084 <-> ENABLED <-> MALWARE-CNC Php.Webshell.IronShell inbound connection (malware-cnc.rules) * 1:61083 <-> ENABLED <-> MALWARE-CNC Php.Webshell.IronShell outbound connection (malware-cnc.rules) * 1:61082 <-> DISABLED <-> SERVER-WEBAPP mojoPortal Forums txtTitle cross site scripting attempt (server-webapp.rules) * 1:61076 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Agenda variant binary download attempt (malware-other.rules) * 1:61081 <-> DISABLED <-> SERVER-WEBAPP mojoPortal Forums txtTitle cross site scripting attempt (server-webapp.rules) * 1:61075 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Agenda variant binary download attempt (malware-other.rules) * 3:61092 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2022-1684 attack attempt (file-office.rules) * 3:61090 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers authentication bypass attempt (server-webapp.rules) * 3:61080 <-> ENABLED <-> SERVER-WEBAPP Cisco BroadWorks Application Delivery Platform denial of service attempt (server-webapp.rules) * 3:61089 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules) * 3:61091 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2022-1684 attack attempt (file-office.rules) * 3:61087 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules) * 3:61086 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules) * 3:61093 <-> ENABLED <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2022-1674 attack attempt (protocol-scada.rules) * 3:61077 <-> ENABLED <-> SERVER-WEBAPP Cisco IP Phone web interface authentication bypass attempt (server-webapp.rules) * 3:61078 <-> ENABLED <-> SERVER-WEBAPP Cisco Industrial Network Director cross site scripting attempt (server-webapp.rules) * 3:61079 <-> ENABLED <-> SERVER-WEBAPP Cisco BroadWorks Application Delivery Platform denial of service attempt (server-webapp.rules) * 3:61088 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules)
* 1:60793 <-> ENABLED <-> SERVER-WEBAPP VMware Cloud Foundation NSX Manager XStream remote code execution attempt (server-webapp.rules) * 1:60256 <-> DISABLED <-> SERVER-WEBAPP Nexus Repository Manager Java EL Injection RCE attempt (server-webapp.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3000.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:61082 <-> ENABLED <-> SERVER-WEBAPP mojoPortal Forums txtTitle cross site scripting attempt (snort3-server-webapp.rules) * 1:61084 <-> ENABLED <-> MALWARE-CNC Php.Webshell.IronShell inbound connection (snort3-malware-cnc.rules) * 1:61083 <-> ENABLED <-> MALWARE-CNC Php.Webshell.IronShell outbound connection (snort3-malware-cnc.rules) * 1:61081 <-> ENABLED <-> SERVER-WEBAPP mojoPortal Forums txtTitle cross site scripting attempt (snort3-server-webapp.rules)
* 1:60793 <-> ENABLED <-> SERVER-WEBAPP VMware Cloud Foundation NSX Manager XStream remote code execution attempt (snort3-server-webapp.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:61082 <-> DISABLED <-> SERVER-WEBAPP mojoPortal Forums txtTitle cross site scripting attempt (server-webapp.rules) * 1:61083 <-> ENABLED <-> MALWARE-CNC Php.Webshell.IronShell outbound connection (malware-cnc.rules) * 1:61076 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Agenda variant binary download attempt (malware-other.rules) * 1:61084 <-> ENABLED <-> MALWARE-CNC Php.Webshell.IronShell inbound connection (malware-cnc.rules) * 1:61085 <-> ENABLED <-> MALWARE-OTHER HTML.Exploit.C99 suspicious file upload (malware-other.rules) * 1:61075 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Agenda variant binary download attempt (malware-other.rules) * 1:61081 <-> DISABLED <-> SERVER-WEBAPP mojoPortal Forums txtTitle cross site scripting attempt (server-webapp.rules)
* 1:60793 <-> ENABLED <-> SERVER-WEBAPP VMware Cloud Foundation NSX Manager XStream remote code execution attempt (server-webapp.rules) * 1:60256 <-> DISABLED <-> SERVER-WEBAPP Nexus Repository Manager Java EL Injection RCE attempt (server-webapp.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.0.3.1.
The format of the file is:
gid:sid <-> Message
* 1:300364 <-> MALWARE-OTHER Win.Ransomware.Agenda variant binary download attempt * 3:61077 <-> SERVER-WEBAPP Cisco IP Phone web interface authentication bypass attempt * 3:61078 <-> SERVER-WEBAPP Cisco Industrial Network Director cross site scripting attempt * 3:61079 <-> SERVER-WEBAPP Cisco BroadWorks Application Delivery Platform denial of service attempt * 3:61080 <-> SERVER-WEBAPP Cisco BroadWorks Application Delivery Platform denial of service attempt * 1:61081 <-> SERVER-WEBAPP mojoPortal Forums txtTitle cross site scripting attempt * 1:61082 <-> SERVER-WEBAPP mojoPortal Forums txtTitle cross site scripting attempt * 1:61083 <-> MALWARE-CNC Php.Webshell.IronShell outbound connection * 1:61084 <-> MALWARE-CNC Php.Webshell.IronShell inbound connection * 3:61086 <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt * 3:61087 <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt * 3:61088 <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt * 3:61089 <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt * 3:61090 <-> SERVER-WEBAPP Cisco RV Series Routers authentication bypass attempt * 3:61091 <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2022-1684 attack attempt * 3:61092 <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2022-1684 attack attempt * 3:61093 <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2022-1674 attack attempt
* 1:24727 <-> MALWARE-OTHER HTML.Exploit.C99 suspicious file download * 1:60793 <-> SERVER-WEBAPP VMware Cloud Foundation NSX Manager XStream remote code execution attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.0.3.4.
The format of the file is:
gid:sid <-> Message
* 1:300364 <-> MALWARE-OTHER Win.Ransomware.Agenda variant binary download attempt * 3:61077 <-> SERVER-WEBAPP Cisco IP Phone web interface authentication bypass attempt * 3:61078 <-> SERVER-WEBAPP Cisco Industrial Network Director cross site scripting attempt * 3:61079 <-> SERVER-WEBAPP Cisco BroadWorks Application Delivery Platform denial of service attempt * 3:61080 <-> SERVER-WEBAPP Cisco BroadWorks Application Delivery Platform denial of service attempt * 1:61081 <-> SERVER-WEBAPP mojoPortal Forums txtTitle cross site scripting attempt * 1:61082 <-> SERVER-WEBAPP mojoPortal Forums txtTitle cross site scripting attempt * 1:61083 <-> MALWARE-CNC Php.Webshell.IronShell outbound connection * 1:61084 <-> MALWARE-CNC Php.Webshell.IronShell inbound connection * 3:61086 <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt * 3:61087 <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt * 3:61088 <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt * 3:61089 <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt * 3:61090 <-> SERVER-WEBAPP Cisco RV Series Routers authentication bypass attempt * 3:61091 <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2022-1684 attack attempt * 3:61092 <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2022-1684 attack attempt * 3:61093 <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2022-1674 attack attempt
* 1:24727 <-> MALWARE-OTHER HTML.Exploit.C99 suspicious file download * 1:60793 <-> SERVER-WEBAPP VMware Cloud Foundation NSX Manager XStream remote code execution attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.0.0.
The format of the file is:
gid:sid <-> Message
* 1:300364 <-> MALWARE-OTHER Win.Ransomware.Agenda variant binary download attempt * 3:61077 <-> SERVER-WEBAPP Cisco IP Phone web interface authentication bypass attempt * 3:61078 <-> SERVER-WEBAPP Cisco Industrial Network Director cross site scripting attempt * 3:61079 <-> SERVER-WEBAPP Cisco BroadWorks Application Delivery Platform denial of service attempt * 3:61080 <-> SERVER-WEBAPP Cisco BroadWorks Application Delivery Platform denial of service attempt * 1:61081 <-> SERVER-WEBAPP mojoPortal Forums txtTitle cross site scripting attempt * 1:61082 <-> SERVER-WEBAPP mojoPortal Forums txtTitle cross site scripting attempt * 1:61083 <-> MALWARE-CNC Php.Webshell.IronShell outbound connection * 1:61084 <-> MALWARE-CNC Php.Webshell.IronShell inbound connection * 3:61086 <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt * 3:61087 <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt * 3:61088 <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt * 3:61089 <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt * 3:61090 <-> SERVER-WEBAPP Cisco RV Series Routers authentication bypass attempt * 3:61091 <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2022-1684 attack attempt * 3:61092 <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2022-1684 attack attempt * 3:61093 <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2022-1674 attack attempt
* 1:24727 <-> MALWARE-OTHER HTML.Exploit.C99 suspicious file download * 1:60793 <-> SERVER-WEBAPP VMware Cloud Foundation NSX Manager XStream remote code execution attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.0.1.
The format of the file is:
gid:sid <-> Message
* 1:300364 <-> MALWARE-OTHER Win.Ransomware.Agenda variant binary download attempt * 3:61077 <-> SERVER-WEBAPP Cisco IP Phone web interface authentication bypass attempt * 3:61078 <-> SERVER-WEBAPP Cisco Industrial Network Director cross site scripting attempt * 3:61079 <-> SERVER-WEBAPP Cisco BroadWorks Application Delivery Platform denial of service attempt * 3:61080 <-> SERVER-WEBAPP Cisco BroadWorks Application Delivery Platform denial of service attempt * 1:61081 <-> SERVER-WEBAPP mojoPortal Forums txtTitle cross site scripting attempt * 1:61082 <-> SERVER-WEBAPP mojoPortal Forums txtTitle cross site scripting attempt * 1:61083 <-> MALWARE-CNC Php.Webshell.IronShell outbound connection * 1:61084 <-> MALWARE-CNC Php.Webshell.IronShell inbound connection * 3:61086 <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt * 3:61087 <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt * 3:61088 <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt * 3:61089 <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt * 3:61090 <-> SERVER-WEBAPP Cisco RV Series Routers authentication bypass attempt * 3:61091 <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2022-1684 attack attempt * 3:61092 <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2022-1684 attack attempt * 3:61093 <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2022-1674 attack attempt
* 1:24727 <-> MALWARE-OTHER HTML.Exploit.C99 suspicious file download * 1:60793 <-> SERVER-WEBAPP VMware Cloud Foundation NSX Manager XStream remote code execution attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.1.0.
The format of the file is:
gid:sid <-> Message
* 1:300364 <-> MALWARE-OTHER Win.Ransomware.Agenda variant binary download attempt * 3:61077 <-> SERVER-WEBAPP Cisco IP Phone web interface authentication bypass attempt * 3:61078 <-> SERVER-WEBAPP Cisco Industrial Network Director cross site scripting attempt * 3:61079 <-> SERVER-WEBAPP Cisco BroadWorks Application Delivery Platform denial of service attempt * 3:61080 <-> SERVER-WEBAPP Cisco BroadWorks Application Delivery Platform denial of service attempt * 1:61081 <-> SERVER-WEBAPP mojoPortal Forums txtTitle cross site scripting attempt * 1:61082 <-> SERVER-WEBAPP mojoPortal Forums txtTitle cross site scripting attempt * 1:61083 <-> MALWARE-CNC Php.Webshell.IronShell outbound connection * 1:61084 <-> MALWARE-CNC Php.Webshell.IronShell inbound connection * 3:61086 <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt * 3:61087 <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt * 3:61088 <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt * 3:61089 <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt * 3:61090 <-> SERVER-WEBAPP Cisco RV Series Routers authentication bypass attempt * 3:61091 <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2022-1684 attack attempt * 3:61092 <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2022-1684 attack attempt * 3:61093 <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2022-1674 attack attempt
* 1:24727 <-> MALWARE-OTHER HTML.Exploit.C99 suspicious file download * 1:60793 <-> SERVER-WEBAPP VMware Cloud Foundation NSX Manager XStream remote code execution attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.3.0.
The format of the file is:
gid:sid <-> Message
* 1:300364 <-> MALWARE-OTHER Win.Ransomware.Agenda variant binary download attempt * 3:61077 <-> SERVER-WEBAPP Cisco IP Phone web interface authentication bypass attempt * 3:61078 <-> SERVER-WEBAPP Cisco Industrial Network Director cross site scripting attempt * 3:61079 <-> SERVER-WEBAPP Cisco BroadWorks Application Delivery Platform denial of service attempt * 3:61080 <-> SERVER-WEBAPP Cisco BroadWorks Application Delivery Platform denial of service attempt * 1:61081 <-> SERVER-WEBAPP mojoPortal Forums txtTitle cross site scripting attempt * 1:61082 <-> SERVER-WEBAPP mojoPortal Forums txtTitle cross site scripting attempt * 1:61083 <-> MALWARE-CNC Php.Webshell.IronShell outbound connection * 1:61084 <-> MALWARE-CNC Php.Webshell.IronShell inbound connection * 3:61086 <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt * 3:61087 <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt * 3:61088 <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt * 3:61089 <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt * 3:61090 <-> SERVER-WEBAPP Cisco RV Series Routers authentication bypass attempt * 3:61091 <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2022-1684 attack attempt * 3:61092 <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2022-1684 attack attempt * 3:61093 <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2022-1674 attack attempt
* 1:24727 <-> MALWARE-OTHER HTML.Exploit.C99 suspicious file download * 1:60793 <-> SERVER-WEBAPP VMware Cloud Foundation NSX Manager XStream remote code execution attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.4.0.
The format of the file is:
gid:sid <-> Message
* 1:300364 <-> MALWARE-OTHER Win.Ransomware.Agenda variant binary download attempt * 3:61077 <-> SERVER-WEBAPP Cisco IP Phone web interface authentication bypass attempt * 3:61078 <-> SERVER-WEBAPP Cisco Industrial Network Director cross site scripting attempt * 3:61079 <-> SERVER-WEBAPP Cisco BroadWorks Application Delivery Platform denial of service attempt * 3:61080 <-> SERVER-WEBAPP Cisco BroadWorks Application Delivery Platform denial of service attempt * 1:61081 <-> SERVER-WEBAPP mojoPortal Forums txtTitle cross site scripting attempt * 1:61082 <-> SERVER-WEBAPP mojoPortal Forums txtTitle cross site scripting attempt * 1:61083 <-> MALWARE-CNC Php.Webshell.IronShell outbound connection * 1:61084 <-> MALWARE-CNC Php.Webshell.IronShell inbound connection * 3:61086 <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt * 3:61087 <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt * 3:61088 <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt * 3:61089 <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt * 3:61090 <-> SERVER-WEBAPP Cisco RV Series Routers authentication bypass attempt * 3:61091 <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2022-1684 attack attempt * 3:61092 <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2022-1684 attack attempt * 3:61093 <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2022-1674 attack attempt
* 1:24727 <-> MALWARE-OTHER HTML.Exploit.C99 suspicious file download * 1:60793 <-> SERVER-WEBAPP VMware Cloud Foundation NSX Manager XStream remote code execution attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.5.0.
The format of the file is:
gid:sid <-> Message
* 1:300364 <-> MALWARE-OTHER Win.Ransomware.Agenda variant binary download attempt * 3:61077 <-> SERVER-WEBAPP Cisco IP Phone web interface authentication bypass attempt * 3:61078 <-> SERVER-WEBAPP Cisco Industrial Network Director cross site scripting attempt * 3:61079 <-> SERVER-WEBAPP Cisco BroadWorks Application Delivery Platform denial of service attempt * 3:61080 <-> SERVER-WEBAPP Cisco BroadWorks Application Delivery Platform denial of service attempt * 1:61081 <-> SERVER-WEBAPP mojoPortal Forums txtTitle cross site scripting attempt * 1:61082 <-> SERVER-WEBAPP mojoPortal Forums txtTitle cross site scripting attempt * 1:61083 <-> MALWARE-CNC Php.Webshell.IronShell outbound connection * 1:61084 <-> MALWARE-CNC Php.Webshell.IronShell inbound connection * 3:61086 <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt * 3:61087 <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt * 3:61088 <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt * 3:61089 <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt * 3:61090 <-> SERVER-WEBAPP Cisco RV Series Routers authentication bypass attempt * 3:61091 <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2022-1684 attack attempt * 3:61092 <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2022-1684 attack attempt * 3:61093 <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2022-1674 attack attempt
* 1:24727 <-> MALWARE-OTHER HTML.Exploit.C99 suspicious file download * 1:60793 <-> SERVER-WEBAPP VMware Cloud Foundation NSX Manager XStream remote code execution attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.7.0.
The format of the file is:
gid:sid <-> Message
* 1:300364 <-> MALWARE-OTHER Win.Ransomware.Agenda variant binary download attempt * 3:61077 <-> SERVER-WEBAPP Cisco IP Phone web interface authentication bypass attempt * 3:61078 <-> SERVER-WEBAPP Cisco Industrial Network Director cross site scripting attempt * 3:61079 <-> SERVER-WEBAPP Cisco BroadWorks Application Delivery Platform denial of service attempt * 3:61080 <-> SERVER-WEBAPP Cisco BroadWorks Application Delivery Platform denial of service attempt * 1:61081 <-> SERVER-WEBAPP mojoPortal Forums txtTitle cross site scripting attempt * 1:61082 <-> SERVER-WEBAPP mojoPortal Forums txtTitle cross site scripting attempt * 1:61083 <-> MALWARE-CNC Php.Webshell.IronShell outbound connection * 1:61084 <-> MALWARE-CNC Php.Webshell.IronShell inbound connection * 3:61086 <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt * 3:61087 <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt * 3:61088 <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt * 3:61089 <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt * 3:61090 <-> SERVER-WEBAPP Cisco RV Series Routers authentication bypass attempt * 3:61091 <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2022-1684 attack attempt * 3:61092 <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2022-1684 attack attempt * 3:61093 <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2022-1674 attack attempt
* 1:24727 <-> MALWARE-OTHER HTML.Exploit.C99 suspicious file download * 1:60793 <-> SERVER-WEBAPP VMware Cloud Foundation NSX Manager XStream remote code execution attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.9.0.
The format of the file is:
gid:sid <-> Message
* 1:300364 <-> MALWARE-OTHER Win.Ransomware.Agenda variant binary download attempt * 3:61077 <-> SERVER-WEBAPP Cisco IP Phone web interface authentication bypass attempt * 3:61078 <-> SERVER-WEBAPP Cisco Industrial Network Director cross site scripting attempt * 3:61079 <-> SERVER-WEBAPP Cisco BroadWorks Application Delivery Platform denial of service attempt * 3:61080 <-> SERVER-WEBAPP Cisco BroadWorks Application Delivery Platform denial of service attempt * 1:61081 <-> SERVER-WEBAPP mojoPortal Forums txtTitle cross site scripting attempt * 1:61082 <-> SERVER-WEBAPP mojoPortal Forums txtTitle cross site scripting attempt * 1:61083 <-> MALWARE-CNC Php.Webshell.IronShell outbound connection * 1:61084 <-> MALWARE-CNC Php.Webshell.IronShell inbound connection * 3:61086 <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt * 3:61087 <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt * 3:61088 <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt * 3:61089 <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt * 3:61090 <-> SERVER-WEBAPP Cisco RV Series Routers authentication bypass attempt * 3:61091 <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2022-1684 attack attempt * 3:61092 <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2022-1684 attack attempt * 3:61093 <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2022-1674 attack attempt
* 1:24727 <-> MALWARE-OTHER HTML.Exploit.C99 suspicious file download * 1:60793 <-> SERVER-WEBAPP VMware Cloud Foundation NSX Manager XStream remote code execution attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.11.0.
The format of the file is:
gid:sid <-> Message
* 1:300364 <-> MALWARE-OTHER Win.Ransomware.Agenda variant binary download attempt * 3:61077 <-> SERVER-WEBAPP Cisco IP Phone web interface authentication bypass attempt * 3:61078 <-> SERVER-WEBAPP Cisco Industrial Network Director cross site scripting attempt * 3:61079 <-> SERVER-WEBAPP Cisco BroadWorks Application Delivery Platform denial of service attempt * 3:61080 <-> SERVER-WEBAPP Cisco BroadWorks Application Delivery Platform denial of service attempt * 1:61081 <-> SERVER-WEBAPP mojoPortal Forums txtTitle cross site scripting attempt * 1:61082 <-> SERVER-WEBAPP mojoPortal Forums txtTitle cross site scripting attempt * 1:61083 <-> MALWARE-CNC Php.Webshell.IronShell outbound connection * 1:61084 <-> MALWARE-CNC Php.Webshell.IronShell inbound connection * 3:61086 <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt * 3:61087 <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt * 3:61088 <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt * 3:61089 <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt * 3:61090 <-> SERVER-WEBAPP Cisco RV Series Routers authentication bypass attempt * 3:61091 <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2022-1684 attack attempt * 3:61092 <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2022-1684 attack attempt * 3:61093 <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2022-1674 attack attempt
* 1:24727 <-> MALWARE-OTHER HTML.Exploit.C99 suspicious file download * 1:60793 <-> SERVER-WEBAPP VMware Cloud Foundation NSX Manager XStream remote code execution attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.15.0.
The format of the file is:
gid:sid <-> Message
* 1:300364 <-> MALWARE-OTHER Win.Ransomware.Agenda variant binary download attempt * 3:61077 <-> SERVER-WEBAPP Cisco IP Phone web interface authentication bypass attempt * 3:61078 <-> SERVER-WEBAPP Cisco Industrial Network Director cross site scripting attempt * 3:61079 <-> SERVER-WEBAPP Cisco BroadWorks Application Delivery Platform denial of service attempt * 3:61080 <-> SERVER-WEBAPP Cisco BroadWorks Application Delivery Platform denial of service attempt * 1:61081 <-> SERVER-WEBAPP mojoPortal Forums txtTitle cross site scripting attempt * 1:61082 <-> SERVER-WEBAPP mojoPortal Forums txtTitle cross site scripting attempt * 1:61083 <-> MALWARE-CNC Php.Webshell.IronShell outbound connection * 1:61084 <-> MALWARE-CNC Php.Webshell.IronShell inbound connection * 3:61086 <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt * 3:61087 <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt * 3:61088 <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt * 3:61089 <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt * 3:61090 <-> SERVER-WEBAPP Cisco RV Series Routers authentication bypass attempt * 3:61091 <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2022-1684 attack attempt * 3:61092 <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2022-1684 attack attempt * 3:61093 <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2022-1674 attack attempt
* 1:24727 <-> MALWARE-OTHER HTML.Exploit.C99 suspicious file download * 1:60793 <-> SERVER-WEBAPP VMware Cloud Foundation NSX Manager XStream remote code execution attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.18.0.
The format of the file is:
gid:sid <-> Message
* 1:300364 <-> MALWARE-OTHER Win.Ransomware.Agenda variant binary download attempt * 3:61077 <-> SERVER-WEBAPP Cisco IP Phone web interface authentication bypass attempt * 3:61078 <-> SERVER-WEBAPP Cisco Industrial Network Director cross site scripting attempt * 3:61079 <-> SERVER-WEBAPP Cisco BroadWorks Application Delivery Platform denial of service attempt * 3:61080 <-> SERVER-WEBAPP Cisco BroadWorks Application Delivery Platform denial of service attempt * 1:61081 <-> SERVER-WEBAPP mojoPortal Forums txtTitle cross site scripting attempt * 1:61082 <-> SERVER-WEBAPP mojoPortal Forums txtTitle cross site scripting attempt * 1:61083 <-> MALWARE-CNC Php.Webshell.IronShell outbound connection * 1:61084 <-> MALWARE-CNC Php.Webshell.IronShell inbound connection * 3:61086 <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt * 3:61087 <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt * 3:61088 <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt * 3:61089 <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt * 3:61090 <-> SERVER-WEBAPP Cisco RV Series Routers authentication bypass attempt * 3:61091 <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2022-1684 attack attempt * 3:61092 <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2022-1684 attack attempt * 3:61093 <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2022-1674 attack attempt
* 1:24727 <-> MALWARE-OTHER HTML.Exploit.C99 suspicious file download * 1:60793 <-> SERVER-WEBAPP VMware Cloud Foundation NSX Manager XStream remote code execution attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.20.0.
The format of the file is:
gid:sid <-> Message
* 1:300364 <-> MALWARE-OTHER Win.Ransomware.Agenda variant binary download attempt * 3:61077 <-> SERVER-WEBAPP Cisco IP Phone web interface authentication bypass attempt * 3:61078 <-> SERVER-WEBAPP Cisco Industrial Network Director cross site scripting attempt * 3:61079 <-> SERVER-WEBAPP Cisco BroadWorks Application Delivery Platform denial of service attempt * 3:61080 <-> SERVER-WEBAPP Cisco BroadWorks Application Delivery Platform denial of service attempt * 1:61081 <-> SERVER-WEBAPP mojoPortal Forums txtTitle cross site scripting attempt * 1:61082 <-> SERVER-WEBAPP mojoPortal Forums txtTitle cross site scripting attempt * 1:61083 <-> MALWARE-CNC Php.Webshell.IronShell outbound connection * 1:61084 <-> MALWARE-CNC Php.Webshell.IronShell inbound connection * 3:61086 <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt * 3:61087 <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt * 3:61088 <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt * 3:61089 <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt * 3:61090 <-> SERVER-WEBAPP Cisco RV Series Routers authentication bypass attempt * 3:61091 <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2022-1684 attack attempt * 3:61092 <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2022-1684 attack attempt * 3:61093 <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2022-1674 attack attempt
* 1:24727 <-> MALWARE-OTHER HTML.Exploit.C99 suspicious file download * 1:60793 <-> SERVER-WEBAPP VMware Cloud Foundation NSX Manager XStream remote code execution attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.21.0.
The format of the file is:
gid:sid <-> Message
* 1:300364 <-> MALWARE-OTHER Win.Ransomware.Agenda variant binary download attempt * 3:61077 <-> SERVER-WEBAPP Cisco IP Phone web interface authentication bypass attempt * 3:61078 <-> SERVER-WEBAPP Cisco Industrial Network Director cross site scripting attempt * 3:61079 <-> SERVER-WEBAPP Cisco BroadWorks Application Delivery Platform denial of service attempt * 3:61080 <-> SERVER-WEBAPP Cisco BroadWorks Application Delivery Platform denial of service attempt * 1:61081 <-> SERVER-WEBAPP mojoPortal Forums txtTitle cross site scripting attempt * 1:61082 <-> SERVER-WEBAPP mojoPortal Forums txtTitle cross site scripting attempt * 1:61083 <-> MALWARE-CNC Php.Webshell.IronShell outbound connection * 1:61084 <-> MALWARE-CNC Php.Webshell.IronShell inbound connection * 3:61086 <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt * 3:61087 <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt * 3:61088 <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt * 3:61089 <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt * 3:61090 <-> SERVER-WEBAPP Cisco RV Series Routers authentication bypass attempt * 3:61091 <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2022-1684 attack attempt * 3:61092 <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2022-1684 attack attempt * 3:61093 <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2022-1674 attack attempt
* 1:24727 <-> MALWARE-OTHER HTML.Exploit.C99 suspicious file download * 1:60793 <-> SERVER-WEBAPP VMware Cloud Foundation NSX Manager XStream remote code execution attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.35.0.
The format of the file is:
gid:sid <-> Message
* 1:300364 <-> MALWARE-OTHER Win.Ransomware.Agenda variant binary download attempt * 3:61077 <-> SERVER-WEBAPP Cisco IP Phone web interface authentication bypass attempt * 3:61078 <-> SERVER-WEBAPP Cisco Industrial Network Director cross site scripting attempt * 3:61079 <-> SERVER-WEBAPP Cisco BroadWorks Application Delivery Platform denial of service attempt * 3:61080 <-> SERVER-WEBAPP Cisco BroadWorks Application Delivery Platform denial of service attempt * 1:61081 <-> SERVER-WEBAPP mojoPortal Forums txtTitle cross site scripting attempt * 1:61082 <-> SERVER-WEBAPP mojoPortal Forums txtTitle cross site scripting attempt * 1:61083 <-> MALWARE-CNC Php.Webshell.IronShell outbound connection * 1:61084 <-> MALWARE-CNC Php.Webshell.IronShell inbound connection * 3:61086 <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt * 3:61087 <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt * 3:61088 <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt * 3:61089 <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt * 3:61090 <-> SERVER-WEBAPP Cisco RV Series Routers authentication bypass attempt * 3:61091 <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2022-1684 attack attempt * 3:61092 <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2022-1684 attack attempt * 3:61093 <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2022-1674 attack attempt
* 1:24727 <-> MALWARE-OTHER HTML.Exploit.C99 suspicious file download * 1:60793 <-> SERVER-WEBAPP VMware Cloud Foundation NSX Manager XStream remote code execution attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.44.0.
The format of the file is:
gid:sid <-> Message
* 1:300364 <-> MALWARE-OTHER Win.Ransomware.Agenda variant binary download attempt * 3:61077 <-> SERVER-WEBAPP Cisco IP Phone web interface authentication bypass attempt * 3:61078 <-> SERVER-WEBAPP Cisco Industrial Network Director cross site scripting attempt * 3:61079 <-> SERVER-WEBAPP Cisco BroadWorks Application Delivery Platform denial of service attempt * 3:61080 <-> SERVER-WEBAPP Cisco BroadWorks Application Delivery Platform denial of service attempt * 1:61081 <-> SERVER-WEBAPP mojoPortal Forums txtTitle cross site scripting attempt * 1:61082 <-> SERVER-WEBAPP mojoPortal Forums txtTitle cross site scripting attempt * 1:61083 <-> MALWARE-CNC Php.Webshell.IronShell outbound connection * 1:61084 <-> MALWARE-CNC Php.Webshell.IronShell inbound connection * 3:61086 <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt * 3:61087 <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt * 3:61088 <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt * 3:61089 <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt * 3:61090 <-> SERVER-WEBAPP Cisco RV Series Routers authentication bypass attempt * 3:61091 <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2022-1684 attack attempt * 3:61092 <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2022-1684 attack attempt * 3:61093 <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2022-1674 attack attempt
* 1:24727 <-> MALWARE-OTHER HTML.Exploit.C99 suspicious file download * 1:60793 <-> SERVER-WEBAPP VMware Cloud Foundation NSX Manager XStream remote code execution attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.47.0.
The format of the file is:
gid:sid <-> Message
* 1:300364 <-> MALWARE-OTHER Win.Ransomware.Agenda variant binary download attempt * 3:61077 <-> SERVER-WEBAPP Cisco IP Phone web interface authentication bypass attempt * 3:61078 <-> SERVER-WEBAPP Cisco Industrial Network Director cross site scripting attempt * 3:61079 <-> SERVER-WEBAPP Cisco BroadWorks Application Delivery Platform denial of service attempt * 3:61080 <-> SERVER-WEBAPP Cisco BroadWorks Application Delivery Platform denial of service attempt * 1:61081 <-> SERVER-WEBAPP mojoPortal Forums txtTitle cross site scripting attempt * 1:61082 <-> SERVER-WEBAPP mojoPortal Forums txtTitle cross site scripting attempt * 1:61083 <-> MALWARE-CNC Php.Webshell.IronShell outbound connection * 1:61084 <-> MALWARE-CNC Php.Webshell.IronShell inbound connection * 3:61086 <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt * 3:61087 <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt * 3:61088 <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt * 3:61089 <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt * 3:61090 <-> SERVER-WEBAPP Cisco RV Series Routers authentication bypass attempt * 3:61091 <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2022-1684 attack attempt * 3:61092 <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2022-1684 attack attempt * 3:61093 <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2022-1674 attack attempt
* 1:24727 <-> MALWARE-OTHER HTML.Exploit.C99 suspicious file download * 1:60793 <-> SERVER-WEBAPP VMware Cloud Foundation NSX Manager XStream remote code execution attempt
©2024 Cisco and/or its affiliates. Snort, the Snort and Pig logo are registered trademarks of Cisco. All rights reserved.
