Microsoft Vulnerability CVE-2023-21529: A coding deficiency exists in Microsoft Exchange Server that may lead to remote code execution.
A previously released rule will detect attacks targeting these vulnerabilities and has been updated with the appropriate reference information. It is included in this release and is identified with: Snort2: GID 1, SID 57907, Snort3: GID 1, SID 57907.
Microsoft Vulnerability CVE-2023-21688: A coding deficiency exists in NT OS Kernel that may lead to an escalation of privilege.
Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with: Snort2: GID 1, SIDs 61312 through 61313, Snort3: GID 1, SID 300416.
Microsoft Vulnerability CVE-2023-21689: A coding deficiency exists in Microsoft Protected Extensible Authentication Protocol (PEAP) that may lead to remote code execution.
Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with: Snort3: GID 1, SID 300438.
Microsoft Vulnerability CVE-2023-21690: A coding deficiency exists in Microsoft Protected Extensible Authentication Protocol (PEAP) that may lead to remote code execution.
Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with: Snort3: GID 1, SID 300438 through 300439.
Microsoft Vulnerability CVE-2023-21706: A coding deficiency exists in Microsoft Exchange Server that may lead to remote code execution.
A rule to detect attacks targeting this vulnerability is included in this release and is identified with: Snort2: GID 1, SID 61359, Snort3: GID 1, SID 61359.
Microsoft Vulnerability CVE-2023-21819: A coding deficiency exists in Microsoft Windows Secure Channel that may lead to a Denial of Service (DoS).
A rule to detect attacks targeting this vulnerability is included in this release and is identified with: Snort2: GID 1, SID 61357, Snort3: GID 1, SID 61357.
Microsoft Vulnerability CVE-2023-21823: A coding deficiency exists in Microsoft Graphics Component that may lead to an escalation of privilege.
Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with: Snort2: GID 1, SIDs 61314 through 61315, Snort3: GID 1, SID 300417.
Microsoft Vulnerability CVE-2023-23376: A coding deficiency exists in Microsoft Windows Common Log File System Driver that may lead to an escalation of privilege.
Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with: Snort2: GID 1, SIDs 61320 through 61321, Snort3: GID 1, SID 300420.
Talos also has added and modified multiple rules in the file-other, indicator-compromise, malware-tools, os-windows, policy-other and server-webapp rule sets to provide coverage for emerging threats from these technologies.
For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2092000.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:61312 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt (os-windows.rules) * 1:61313 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt (os-windows.rules) * 1:61314 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Graphics Component elevation of privilege attempt (os-windows.rules) * 1:61315 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Graphics Component elevation of privilege attempt (os-windows.rules) * 1:61316 <-> DISABLED <-> FILE-OTHER Visual Studio Code malicious ipynb download attempt (file-other.rules) * 1:61317 <-> DISABLED <-> FILE-OTHER Visual Studio Code malicious ipynb download attempt (file-other.rules) * 1:61318 <-> ENABLED <-> MALWARE-TOOLS Win.Tool.WinPWN toolkit download attempt (malware-tools.rules) * 1:61319 <-> ENABLED <-> MALWARE-TOOLS Win.Tool.WinPWN toolkit download attempt (malware-tools.rules) * 1:61320 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Common Log File System Driver elevation of privilege attempt (os-windows.rules) * 1:61321 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Common Log File System Driver elevation of privilege attempt (os-windows.rules) * 1:61322 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit TeamViewerDecrypt download attempt (indicator-compromise.rules) * 1:61323 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit TeamViewerDecrypt download attempt (indicator-compromise.rules) * 1:61324 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit SpoolerScan download attempt (indicator-compromise.rules) * 1:61325 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit SpoolerScan download attempt (indicator-compromise.rules) * 1:61326 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit PowerUpSQL download attempt (indicator-compromise.rules) * 1:61327 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit PowerUpSQL download attempt (indicator-compromise.rules) * 1:61328 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-Vulmap download attempt (indicator-compromise.rules) * 1:61329 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-Vulmap download attempt (indicator-compromise.rules) * 1:61330 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-SMBNegotiate download attempt (indicator-compromise.rules) * 1:61331 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-SMBNegotiate download attempt (indicator-compromise.rules) * 1:61332 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-SharpPrinter download attempt (indicator-compromise.rules) * 1:61333 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-SharpPrinter download attempt (indicator-compromise.rules) * 1:61334 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-SharpLdapRelayScan download attempt (indicator-compromise.rules) * 1:61335 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-SharpLdapRelayScan download attempt (indicator-compromise.rules) * 1:61336 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-PowerDump download attempt (indicator-compromise.rules) * 1:61337 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-PowerDump download attempt (indicator-compromise.rules) * 1:61338 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-LdapSignCheck download attempt (indicator-compromise.rules) * 1:61339 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-LdapSignCheck download attempt (indicator-compromise.rules) * 1:61340 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-HandleKatz download attempt (indicator-compromise.rules) * 1:61341 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-HandleKatz download attempt (indicator-compromise.rules) * 1:61342 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-EventLogParser download attempt (indicator-compromise.rules) * 1:61343 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-EventLogParser download attempt (indicator-compromise.rules) * 1:61344 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Get-DotNetServices download attempt (indicator-compromise.rules) * 1:61345 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Get-DotNetServices download attempt (indicator-compromise.rules) * 1:61346 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Get-ChromeDump download attempt (indicator-compromise.rules) * 1:61347 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Get-ChromeDump download attempt (indicator-compromise.rules) * 1:61348 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Find-Fruit download attempt (indicator-compromise.rules) * 1:61349 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Find-Fruit download attempt (indicator-compromise.rules) * 1:61350 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit BlueKeep scanner download attempt (indicator-compromise.rules) * 1:61351 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit BlueKeep scanner download attempt (indicator-compromise.rules) * 1:61352 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit ADRecon download attempt (indicator-compromise.rules) * 1:61353 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit ADRecon download attempt (indicator-compromise.rules) * 1:61354 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt (indicator-compromise.rules) * 1:61355 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt (indicator-compromise.rules) * 1:61356 <-> ENABLED <-> SERVER-WEBAPP Oracle E-Business Suite unauthenticated RCE attempt (server-webapp.rules) * 1:61357 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Secure Channel denial of service attempt (os-windows.rules) * 1:61358 <-> DISABLED <-> SERVER-OTHER F5 iControl SOAP format string attempt (server-other.rules) * 1:61359 <-> ENABLED <-> SERVER-WEBAPP Microsoft Exchange Server remote code execution attempt (server-webapp.rules)
* 1:42857 <-> DISABLED <-> SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (server-webapp.rules) * 1:57907 <-> ENABLED <-> SERVER-WEBAPP Microsoft Exchange autodiscover server side request forgery attempt (server-webapp.rules) * 3:61212 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2023-1698 attack attempt (policy-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091900.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:61349 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Find-Fruit download attempt (indicator-compromise.rules) * 1:61348 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Find-Fruit download attempt (indicator-compromise.rules) * 1:61312 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt (os-windows.rules) * 1:61313 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt (os-windows.rules) * 1:61314 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Graphics Component elevation of privilege attempt (os-windows.rules) * 1:61315 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Graphics Component elevation of privilege attempt (os-windows.rules) * 1:61316 <-> DISABLED <-> FILE-OTHER Visual Studio Code malicious ipynb download attempt (file-other.rules) * 1:61317 <-> DISABLED <-> FILE-OTHER Visual Studio Code malicious ipynb download attempt (file-other.rules) * 1:61318 <-> ENABLED <-> MALWARE-TOOLS Win.Tool.WinPWN toolkit download attempt (malware-tools.rules) * 1:61319 <-> ENABLED <-> MALWARE-TOOLS Win.Tool.WinPWN toolkit download attempt (malware-tools.rules) * 1:61320 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Common Log File System Driver elevation of privilege attempt (os-windows.rules) * 1:61321 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Common Log File System Driver elevation of privilege attempt (os-windows.rules) * 1:61322 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit TeamViewerDecrypt download attempt (indicator-compromise.rules) * 1:61323 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit TeamViewerDecrypt download attempt (indicator-compromise.rules) * 1:61324 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit SpoolerScan download attempt (indicator-compromise.rules) * 1:61325 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit SpoolerScan download attempt (indicator-compromise.rules) * 1:61326 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit PowerUpSQL download attempt (indicator-compromise.rules) * 1:61327 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit PowerUpSQL download attempt (indicator-compromise.rules) * 1:61328 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-Vulmap download attempt (indicator-compromise.rules) * 1:61329 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-Vulmap download attempt (indicator-compromise.rules) * 1:61330 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-SMBNegotiate download attempt (indicator-compromise.rules) * 1:61331 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-SMBNegotiate download attempt (indicator-compromise.rules) * 1:61332 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-SharpPrinter download attempt (indicator-compromise.rules) * 1:61333 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-SharpPrinter download attempt (indicator-compromise.rules) * 1:61334 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-SharpLdapRelayScan download attempt (indicator-compromise.rules) * 1:61335 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-SharpLdapRelayScan download attempt (indicator-compromise.rules) * 1:61336 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-PowerDump download attempt (indicator-compromise.rules) * 1:61337 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-PowerDump download attempt (indicator-compromise.rules) * 1:61338 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-LdapSignCheck download attempt (indicator-compromise.rules) * 1:61339 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-LdapSignCheck download attempt (indicator-compromise.rules) * 1:61340 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-HandleKatz download attempt (indicator-compromise.rules) * 1:61341 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-HandleKatz download attempt (indicator-compromise.rules) * 1:61342 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-EventLogParser download attempt (indicator-compromise.rules) * 1:61343 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-EventLogParser download attempt (indicator-compromise.rules) * 1:61344 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Get-DotNetServices download attempt (indicator-compromise.rules) * 1:61345 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Get-DotNetServices download attempt (indicator-compromise.rules) * 1:61346 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Get-ChromeDump download attempt (indicator-compromise.rules) * 1:61347 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Get-ChromeDump download attempt (indicator-compromise.rules) * 1:61351 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit BlueKeep scanner download attempt (indicator-compromise.rules) * 1:61350 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit BlueKeep scanner download attempt (indicator-compromise.rules) * 1:61352 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit ADRecon download attempt (indicator-compromise.rules) * 1:61354 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt (indicator-compromise.rules) * 1:61353 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit ADRecon download attempt (indicator-compromise.rules) * 1:61355 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt (indicator-compromise.rules) * 1:61356 <-> ENABLED <-> SERVER-WEBAPP Oracle E-Business Suite unauthenticated RCE attempt (server-webapp.rules) * 1:61357 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Secure Channel denial of service attempt (os-windows.rules) * 1:61358 <-> DISABLED <-> SERVER-OTHER F5 iControl SOAP format string attempt (server-other.rules) * 1:61359 <-> ENABLED <-> SERVER-WEBAPP Microsoft Exchange Server remote code execution attempt (server-webapp.rules)
* 1:42857 <-> DISABLED <-> SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (server-webapp.rules) * 1:57907 <-> ENABLED <-> SERVER-WEBAPP Microsoft Exchange autodiscover server side request forgery attempt (server-webapp.rules) * 3:61212 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2023-1698 attack attempt (policy-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091801.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:61350 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit BlueKeep scanner download attempt (indicator-compromise.rules) * 1:61339 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-LdapSignCheck download attempt (indicator-compromise.rules) * 1:61348 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Find-Fruit download attempt (indicator-compromise.rules) * 1:61351 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit BlueKeep scanner download attempt (indicator-compromise.rules) * 1:61352 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit ADRecon download attempt (indicator-compromise.rules) * 1:61353 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit ADRecon download attempt (indicator-compromise.rules) * 1:61354 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt (indicator-compromise.rules) * 1:61355 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt (indicator-compromise.rules) * 1:61356 <-> ENABLED <-> SERVER-WEBAPP Oracle E-Business Suite unauthenticated RCE attempt (server-webapp.rules) * 1:61357 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Secure Channel denial of service attempt (os-windows.rules) * 1:61358 <-> DISABLED <-> SERVER-OTHER F5 iControl SOAP format string attempt (server-other.rules) * 1:61359 <-> ENABLED <-> SERVER-WEBAPP Microsoft Exchange Server remote code execution attempt (server-webapp.rules) * 1:61349 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Find-Fruit download attempt (indicator-compromise.rules) * 1:61312 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt (os-windows.rules) * 1:61313 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt (os-windows.rules) * 1:61314 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Graphics Component elevation of privilege attempt (os-windows.rules) * 1:61315 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Graphics Component elevation of privilege attempt (os-windows.rules) * 1:61316 <-> DISABLED <-> FILE-OTHER Visual Studio Code malicious ipynb download attempt (file-other.rules) * 1:61317 <-> DISABLED <-> FILE-OTHER Visual Studio Code malicious ipynb download attempt (file-other.rules) * 1:61318 <-> ENABLED <-> MALWARE-TOOLS Win.Tool.WinPWN toolkit download attempt (malware-tools.rules) * 1:61319 <-> ENABLED <-> MALWARE-TOOLS Win.Tool.WinPWN toolkit download attempt (malware-tools.rules) * 1:61320 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Common Log File System Driver elevation of privilege attempt (os-windows.rules) * 1:61321 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Common Log File System Driver elevation of privilege attempt (os-windows.rules) * 1:61322 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit TeamViewerDecrypt download attempt (indicator-compromise.rules) * 1:61323 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit TeamViewerDecrypt download attempt (indicator-compromise.rules) * 1:61324 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit SpoolerScan download attempt (indicator-compromise.rules) * 1:61325 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit SpoolerScan download attempt (indicator-compromise.rules) * 1:61326 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit PowerUpSQL download attempt (indicator-compromise.rules) * 1:61327 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit PowerUpSQL download attempt (indicator-compromise.rules) * 1:61328 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-Vulmap download attempt (indicator-compromise.rules) * 1:61329 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-Vulmap download attempt (indicator-compromise.rules) * 1:61330 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-SMBNegotiate download attempt (indicator-compromise.rules) * 1:61331 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-SMBNegotiate download attempt (indicator-compromise.rules) * 1:61332 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-SharpPrinter download attempt (indicator-compromise.rules) * 1:61333 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-SharpPrinter download attempt (indicator-compromise.rules) * 1:61334 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-SharpLdapRelayScan download attempt (indicator-compromise.rules) * 1:61335 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-SharpLdapRelayScan download attempt (indicator-compromise.rules) * 1:61336 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-PowerDump download attempt (indicator-compromise.rules) * 1:61337 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-PowerDump download attempt (indicator-compromise.rules) * 1:61338 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-LdapSignCheck download attempt (indicator-compromise.rules) * 1:61340 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-HandleKatz download attempt (indicator-compromise.rules) * 1:61341 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-HandleKatz download attempt (indicator-compromise.rules) * 1:61342 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-EventLogParser download attempt (indicator-compromise.rules) * 1:61344 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Get-DotNetServices download attempt (indicator-compromise.rules) * 1:61343 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-EventLogParser download attempt (indicator-compromise.rules) * 1:61345 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Get-DotNetServices download attempt (indicator-compromise.rules) * 1:61346 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Get-ChromeDump download attempt (indicator-compromise.rules) * 1:61347 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Get-ChromeDump download attempt (indicator-compromise.rules)
* 1:42857 <-> DISABLED <-> SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (server-webapp.rules) * 1:57907 <-> ENABLED <-> SERVER-WEBAPP Microsoft Exchange autodiscover server side request forgery attempt (server-webapp.rules) * 3:61212 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2023-1698 attack attempt (policy-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091701.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:61319 <-> ENABLED <-> MALWARE-TOOLS Win.Tool.WinPWN toolkit download attempt (malware-tools.rules) * 1:61318 <-> ENABLED <-> MALWARE-TOOLS Win.Tool.WinPWN toolkit download attempt (malware-tools.rules) * 1:61321 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Common Log File System Driver elevation of privilege attempt (os-windows.rules) * 1:61320 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Common Log File System Driver elevation of privilege attempt (os-windows.rules) * 1:61323 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit TeamViewerDecrypt download attempt (indicator-compromise.rules) * 1:61322 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit TeamViewerDecrypt download attempt (indicator-compromise.rules) * 1:61325 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit SpoolerScan download attempt (indicator-compromise.rules) * 1:61324 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit SpoolerScan download attempt (indicator-compromise.rules) * 1:61327 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit PowerUpSQL download attempt (indicator-compromise.rules) * 1:61326 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit PowerUpSQL download attempt (indicator-compromise.rules) * 1:61329 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-Vulmap download attempt (indicator-compromise.rules) * 1:61328 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-Vulmap download attempt (indicator-compromise.rules) * 1:61331 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-SMBNegotiate download attempt (indicator-compromise.rules) * 1:61330 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-SMBNegotiate download attempt (indicator-compromise.rules) * 1:61333 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-SharpPrinter download attempt (indicator-compromise.rules) * 1:61332 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-SharpPrinter download attempt (indicator-compromise.rules) * 1:61335 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-SharpLdapRelayScan download attempt (indicator-compromise.rules) * 1:61334 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-SharpLdapRelayScan download attempt (indicator-compromise.rules) * 1:61337 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-PowerDump download attempt (indicator-compromise.rules) * 1:61336 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-PowerDump download attempt (indicator-compromise.rules) * 1:61338 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-LdapSignCheck download attempt (indicator-compromise.rules) * 1:61339 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-LdapSignCheck download attempt (indicator-compromise.rules) * 1:61341 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-HandleKatz download attempt (indicator-compromise.rules) * 1:61340 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-HandleKatz download attempt (indicator-compromise.rules) * 1:61343 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-EventLogParser download attempt (indicator-compromise.rules) * 1:61342 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-EventLogParser download attempt (indicator-compromise.rules) * 1:61344 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Get-DotNetServices download attempt (indicator-compromise.rules) * 1:61346 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Get-ChromeDump download attempt (indicator-compromise.rules) * 1:61345 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Get-DotNetServices download attempt (indicator-compromise.rules) * 1:61349 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Find-Fruit download attempt (indicator-compromise.rules) * 1:61347 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Get-ChromeDump download attempt (indicator-compromise.rules) * 1:61350 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit BlueKeep scanner download attempt (indicator-compromise.rules) * 1:61348 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Find-Fruit download attempt (indicator-compromise.rules) * 1:61355 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt (indicator-compromise.rules) * 1:61317 <-> DISABLED <-> FILE-OTHER Visual Studio Code malicious ipynb download attempt (file-other.rules) * 1:61356 <-> ENABLED <-> SERVER-WEBAPP Oracle E-Business Suite unauthenticated RCE attempt (server-webapp.rules) * 1:61312 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt (os-windows.rules) * 1:61313 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt (os-windows.rules) * 1:61314 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Graphics Component elevation of privilege attempt (os-windows.rules) * 1:61315 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Graphics Component elevation of privilege attempt (os-windows.rules) * 1:61316 <-> DISABLED <-> FILE-OTHER Visual Studio Code malicious ipynb download attempt (file-other.rules) * 1:61353 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit ADRecon download attempt (indicator-compromise.rules) * 1:61354 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt (indicator-compromise.rules) * 1:61358 <-> DISABLED <-> SERVER-OTHER F5 iControl SOAP format string attempt (server-other.rules) * 1:61352 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit ADRecon download attempt (indicator-compromise.rules) * 1:61357 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Secure Channel denial of service attempt (os-windows.rules) * 1:61359 <-> ENABLED <-> SERVER-WEBAPP Microsoft Exchange Server remote code execution attempt (server-webapp.rules) * 1:61351 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit BlueKeep scanner download attempt (indicator-compromise.rules)
* 1:42857 <-> DISABLED <-> SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (server-webapp.rules) * 1:57907 <-> ENABLED <-> SERVER-WEBAPP Microsoft Exchange autodiscover server side request forgery attempt (server-webapp.rules) * 3:61212 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2023-1698 attack attempt (policy-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091700.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:61357 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Secure Channel denial of service attempt (os-windows.rules) * 1:61312 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt (os-windows.rules) * 1:61313 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt (os-windows.rules) * 1:61314 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Graphics Component elevation of privilege attempt (os-windows.rules) * 1:61315 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Graphics Component elevation of privilege attempt (os-windows.rules) * 1:61316 <-> DISABLED <-> FILE-OTHER Visual Studio Code malicious ipynb download attempt (file-other.rules) * 1:61317 <-> DISABLED <-> FILE-OTHER Visual Studio Code malicious ipynb download attempt (file-other.rules) * 1:61318 <-> ENABLED <-> MALWARE-TOOLS Win.Tool.WinPWN toolkit download attempt (malware-tools.rules) * 1:61319 <-> ENABLED <-> MALWARE-TOOLS Win.Tool.WinPWN toolkit download attempt (malware-tools.rules) * 1:61320 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Common Log File System Driver elevation of privilege attempt (os-windows.rules) * 1:61321 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Common Log File System Driver elevation of privilege attempt (os-windows.rules) * 1:61322 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit TeamViewerDecrypt download attempt (indicator-compromise.rules) * 1:61323 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit TeamViewerDecrypt download attempt (indicator-compromise.rules) * 1:61324 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit SpoolerScan download attempt (indicator-compromise.rules) * 1:61325 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit SpoolerScan download attempt (indicator-compromise.rules) * 1:61326 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit PowerUpSQL download attempt (indicator-compromise.rules) * 1:61327 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit PowerUpSQL download attempt (indicator-compromise.rules) * 1:61328 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-Vulmap download attempt (indicator-compromise.rules) * 1:61329 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-Vulmap download attempt (indicator-compromise.rules) * 1:61330 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-SMBNegotiate download attempt (indicator-compromise.rules) * 1:61331 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-SMBNegotiate download attempt (indicator-compromise.rules) * 1:61332 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-SharpPrinter download attempt (indicator-compromise.rules) * 1:61333 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-SharpPrinter download attempt (indicator-compromise.rules) * 1:61352 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit ADRecon download attempt (indicator-compromise.rules) * 1:61348 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Find-Fruit download attempt (indicator-compromise.rules) * 1:61359 <-> ENABLED <-> SERVER-WEBAPP Microsoft Exchange Server remote code execution attempt (server-webapp.rules) * 1:61334 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-SharpLdapRelayScan download attempt (indicator-compromise.rules) * 1:61335 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-SharpLdapRelayScan download attempt (indicator-compromise.rules) * 1:61336 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-PowerDump download attempt (indicator-compromise.rules) * 1:61337 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-PowerDump download attempt (indicator-compromise.rules) * 1:61338 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-LdapSignCheck download attempt (indicator-compromise.rules) * 1:61339 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-LdapSignCheck download attempt (indicator-compromise.rules) * 1:61340 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-HandleKatz download attempt (indicator-compromise.rules) * 1:61341 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-HandleKatz download attempt (indicator-compromise.rules) * 1:61342 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-EventLogParser download attempt (indicator-compromise.rules) * 1:61343 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-EventLogParser download attempt (indicator-compromise.rules) * 1:61350 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit BlueKeep scanner download attempt (indicator-compromise.rules) * 1:61351 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit BlueKeep scanner download attempt (indicator-compromise.rules) * 1:61349 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Find-Fruit download attempt (indicator-compromise.rules) * 1:61344 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Get-DotNetServices download attempt (indicator-compromise.rules) * 1:61358 <-> DISABLED <-> SERVER-OTHER F5 iControl SOAP format string attempt (server-other.rules) * 1:61356 <-> ENABLED <-> SERVER-WEBAPP Oracle E-Business Suite unauthenticated RCE attempt (server-webapp.rules) * 1:61353 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit ADRecon download attempt (indicator-compromise.rules) * 1:61345 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Get-DotNetServices download attempt (indicator-compromise.rules) * 1:61355 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt (indicator-compromise.rules) * 1:61354 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt (indicator-compromise.rules) * 1:61346 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Get-ChromeDump download attempt (indicator-compromise.rules) * 1:61347 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Get-ChromeDump download attempt (indicator-compromise.rules)
* 1:42857 <-> DISABLED <-> SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (server-webapp.rules) * 1:57907 <-> ENABLED <-> SERVER-WEBAPP Microsoft Exchange autodiscover server side request forgery attempt (server-webapp.rules) * 3:61212 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2023-1698 attack attempt (policy-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091601.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:61346 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Get-ChromeDump download attempt (indicator-compromise.rules) * 1:61353 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit ADRecon download attempt (indicator-compromise.rules) * 1:61339 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-LdapSignCheck download attempt (indicator-compromise.rules) * 1:61352 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit ADRecon download attempt (indicator-compromise.rules) * 1:61350 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit BlueKeep scanner download attempt (indicator-compromise.rules) * 1:61347 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Get-ChromeDump download attempt (indicator-compromise.rules) * 1:61326 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit PowerUpSQL download attempt (indicator-compromise.rules) * 1:61349 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Find-Fruit download attempt (indicator-compromise.rules) * 1:61324 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit SpoolerScan download attempt (indicator-compromise.rules) * 1:61348 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Find-Fruit download attempt (indicator-compromise.rules) * 1:61343 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-EventLogParser download attempt (indicator-compromise.rules) * 1:61354 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt (indicator-compromise.rules) * 1:61357 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Secure Channel denial of service attempt (os-windows.rules) * 1:61342 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-EventLogParser download attempt (indicator-compromise.rules) * 1:61359 <-> ENABLED <-> SERVER-WEBAPP Microsoft Exchange Server remote code execution attempt (server-webapp.rules) * 1:61338 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-LdapSignCheck download attempt (indicator-compromise.rules) * 1:61351 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit BlueKeep scanner download attempt (indicator-compromise.rules) * 1:61325 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit SpoolerScan download attempt (indicator-compromise.rules) * 1:61337 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-PowerDump download attempt (indicator-compromise.rules) * 1:61345 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Get-DotNetServices download attempt (indicator-compromise.rules) * 1:61341 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-HandleKatz download attempt (indicator-compromise.rules) * 1:61356 <-> ENABLED <-> SERVER-WEBAPP Oracle E-Business Suite unauthenticated RCE attempt (server-webapp.rules) * 1:61314 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Graphics Component elevation of privilege attempt (os-windows.rules) * 1:61313 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt (os-windows.rules) * 1:61312 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt (os-windows.rules) * 1:61317 <-> DISABLED <-> FILE-OTHER Visual Studio Code malicious ipynb download attempt (file-other.rules) * 1:61315 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Graphics Component elevation of privilege attempt (os-windows.rules) * 1:61318 <-> ENABLED <-> MALWARE-TOOLS Win.Tool.WinPWN toolkit download attempt (malware-tools.rules) * 1:61321 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Common Log File System Driver elevation of privilege attempt (os-windows.rules) * 1:61316 <-> DISABLED <-> FILE-OTHER Visual Studio Code malicious ipynb download attempt (file-other.rules) * 1:61319 <-> ENABLED <-> MALWARE-TOOLS Win.Tool.WinPWN toolkit download attempt (malware-tools.rules) * 1:61322 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit TeamViewerDecrypt download attempt (indicator-compromise.rules) * 1:61320 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Common Log File System Driver elevation of privilege attempt (os-windows.rules) * 1:61328 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-Vulmap download attempt (indicator-compromise.rules) * 1:61323 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit TeamViewerDecrypt download attempt (indicator-compromise.rules) * 1:61329 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-Vulmap download attempt (indicator-compromise.rules) * 1:61332 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-SharpPrinter download attempt (indicator-compromise.rules) * 1:61327 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit PowerUpSQL download attempt (indicator-compromise.rules) * 1:61330 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-SMBNegotiate download attempt (indicator-compromise.rules) * 1:61333 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-SharpPrinter download attempt (indicator-compromise.rules) * 1:61336 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-PowerDump download attempt (indicator-compromise.rules) * 1:61331 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-SMBNegotiate download attempt (indicator-compromise.rules) * 1:61340 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-HandleKatz download attempt (indicator-compromise.rules) * 1:61334 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-SharpLdapRelayScan download attempt (indicator-compromise.rules) * 1:61335 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-SharpLdapRelayScan download attempt (indicator-compromise.rules) * 1:61344 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Get-DotNetServices download attempt (indicator-compromise.rules) * 1:61355 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt (indicator-compromise.rules) * 1:61358 <-> DISABLED <-> SERVER-OTHER F5 iControl SOAP format string attempt (server-other.rules)
* 1:42857 <-> DISABLED <-> SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (server-webapp.rules) * 1:57907 <-> ENABLED <-> SERVER-WEBAPP Microsoft Exchange autodiscover server side request forgery attempt (server-webapp.rules) * 3:61212 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2023-1698 attack attempt (policy-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091600.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:61353 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit ADRecon download attempt (indicator-compromise.rules) * 1:61357 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Secure Channel denial of service attempt (os-windows.rules) * 1:61356 <-> ENABLED <-> SERVER-WEBAPP Oracle E-Business Suite unauthenticated RCE attempt (server-webapp.rules) * 1:61359 <-> ENABLED <-> SERVER-WEBAPP Microsoft Exchange Server remote code execution attempt (server-webapp.rules) * 1:61329 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-Vulmap download attempt (indicator-compromise.rules) * 1:61328 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-Vulmap download attempt (indicator-compromise.rules) * 1:61327 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit PowerUpSQL download attempt (indicator-compromise.rules) * 1:61331 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-SMBNegotiate download attempt (indicator-compromise.rules) * 1:61334 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-SharpLdapRelayScan download attempt (indicator-compromise.rules) * 1:61330 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-SMBNegotiate download attempt (indicator-compromise.rules) * 1:61332 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-SharpPrinter download attempt (indicator-compromise.rules) * 1:61335 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-SharpLdapRelayScan download attempt (indicator-compromise.rules) * 1:61337 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-PowerDump download attempt (indicator-compromise.rules) * 1:61333 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-SharpPrinter download attempt (indicator-compromise.rules) * 1:61355 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt (indicator-compromise.rules) * 1:61336 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-PowerDump download attempt (indicator-compromise.rules) * 1:61339 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-LdapSignCheck download attempt (indicator-compromise.rules) * 1:61313 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt (os-windows.rules) * 1:61322 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit TeamViewerDecrypt download attempt (indicator-compromise.rules) * 1:61319 <-> ENABLED <-> MALWARE-TOOLS Win.Tool.WinPWN toolkit download attempt (malware-tools.rules) * 1:61314 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Graphics Component elevation of privilege attempt (os-windows.rules) * 1:61342 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-EventLogParser download attempt (indicator-compromise.rules) * 1:61316 <-> DISABLED <-> FILE-OTHER Visual Studio Code malicious ipynb download attempt (file-other.rules) * 1:61326 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit PowerUpSQL download attempt (indicator-compromise.rules) * 1:61317 <-> DISABLED <-> FILE-OTHER Visual Studio Code malicious ipynb download attempt (file-other.rules) * 1:61338 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-LdapSignCheck download attempt (indicator-compromise.rules) * 1:61340 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-HandleKatz download attempt (indicator-compromise.rules) * 1:61343 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-EventLogParser download attempt (indicator-compromise.rules) * 1:61346 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Get-ChromeDump download attempt (indicator-compromise.rules) * 1:61341 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-HandleKatz download attempt (indicator-compromise.rules) * 1:61344 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Get-DotNetServices download attempt (indicator-compromise.rules) * 1:61348 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Find-Fruit download attempt (indicator-compromise.rules) * 1:61349 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Find-Fruit download attempt (indicator-compromise.rules) * 1:61345 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Get-DotNetServices download attempt (indicator-compromise.rules) * 1:61323 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit TeamViewerDecrypt download attempt (indicator-compromise.rules) * 1:61320 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Common Log File System Driver elevation of privilege attempt (os-windows.rules) * 1:61347 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Get-ChromeDump download attempt (indicator-compromise.rules) * 1:61325 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit SpoolerScan download attempt (indicator-compromise.rules) * 1:61318 <-> ENABLED <-> MALWARE-TOOLS Win.Tool.WinPWN toolkit download attempt (malware-tools.rules) * 1:61354 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt (indicator-compromise.rules) * 1:61315 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Graphics Component elevation of privilege attempt (os-windows.rules) * 1:61321 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Common Log File System Driver elevation of privilege attempt (os-windows.rules) * 1:61350 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit BlueKeep scanner download attempt (indicator-compromise.rules) * 1:61324 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit SpoolerScan download attempt (indicator-compromise.rules) * 1:61358 <-> DISABLED <-> SERVER-OTHER F5 iControl SOAP format string attempt (server-other.rules) * 1:61351 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit BlueKeep scanner download attempt (indicator-compromise.rules) * 1:61312 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt (os-windows.rules) * 1:61352 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit ADRecon download attempt (indicator-compromise.rules)
* 1:42857 <-> DISABLED <-> SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (server-webapp.rules) * 1:57907 <-> ENABLED <-> SERVER-WEBAPP Microsoft Exchange autodiscover server side request forgery attempt (server-webapp.rules) * 3:61212 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2023-1698 attack attempt (policy-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091501.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:61349 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Find-Fruit download attempt (indicator-compromise.rules) * 1:61312 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt (os-windows.rules) * 1:61313 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt (os-windows.rules) * 1:61346 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Get-ChromeDump download attempt (indicator-compromise.rules) * 1:61348 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Find-Fruit download attempt (indicator-compromise.rules) * 1:61314 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Graphics Component elevation of privilege attempt (os-windows.rules) * 1:61352 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit ADRecon download attempt (indicator-compromise.rules) * 1:61315 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Graphics Component elevation of privilege attempt (os-windows.rules) * 1:61316 <-> DISABLED <-> FILE-OTHER Visual Studio Code malicious ipynb download attempt (file-other.rules) * 1:61317 <-> DISABLED <-> FILE-OTHER Visual Studio Code malicious ipynb download attempt (file-other.rules) * 1:61318 <-> ENABLED <-> MALWARE-TOOLS Win.Tool.WinPWN toolkit download attempt (malware-tools.rules) * 1:61359 <-> ENABLED <-> SERVER-WEBAPP Microsoft Exchange Server remote code execution attempt (server-webapp.rules) * 1:61319 <-> ENABLED <-> MALWARE-TOOLS Win.Tool.WinPWN toolkit download attempt (malware-tools.rules) * 1:61320 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Common Log File System Driver elevation of privilege attempt (os-windows.rules) * 1:61321 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Common Log File System Driver elevation of privilege attempt (os-windows.rules) * 1:61356 <-> ENABLED <-> SERVER-WEBAPP Oracle E-Business Suite unauthenticated RCE attempt (server-webapp.rules) * 1:61322 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit TeamViewerDecrypt download attempt (indicator-compromise.rules) * 1:61323 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit TeamViewerDecrypt download attempt (indicator-compromise.rules) * 1:61324 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit SpoolerScan download attempt (indicator-compromise.rules) * 1:61325 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit SpoolerScan download attempt (indicator-compromise.rules) * 1:61326 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit PowerUpSQL download attempt (indicator-compromise.rules) * 1:61327 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit PowerUpSQL download attempt (indicator-compromise.rules) * 1:61328 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-Vulmap download attempt (indicator-compromise.rules) * 1:61329 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-Vulmap download attempt (indicator-compromise.rules) * 1:61330 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-SMBNegotiate download attempt (indicator-compromise.rules) * 1:61331 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-SMBNegotiate download attempt (indicator-compromise.rules) * 1:61332 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-SharpPrinter download attempt (indicator-compromise.rules) * 1:61333 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-SharpPrinter download attempt (indicator-compromise.rules) * 1:61334 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-SharpLdapRelayScan download attempt (indicator-compromise.rules) * 1:61335 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-SharpLdapRelayScan download attempt (indicator-compromise.rules) * 1:61336 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-PowerDump download attempt (indicator-compromise.rules) * 1:61337 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-PowerDump download attempt (indicator-compromise.rules) * 1:61338 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-LdapSignCheck download attempt (indicator-compromise.rules) * 1:61339 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-LdapSignCheck download attempt (indicator-compromise.rules) * 1:61353 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit ADRecon download attempt (indicator-compromise.rules) * 1:61357 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Secure Channel denial of service attempt (os-windows.rules) * 1:61355 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt (indicator-compromise.rules) * 1:61340 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-HandleKatz download attempt (indicator-compromise.rules) * 1:61341 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-HandleKatz download attempt (indicator-compromise.rules) * 1:61342 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-EventLogParser download attempt (indicator-compromise.rules) * 1:61343 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-EventLogParser download attempt (indicator-compromise.rules) * 1:61358 <-> DISABLED <-> SERVER-OTHER F5 iControl SOAP format string attempt (server-other.rules) * 1:61347 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Get-ChromeDump download attempt (indicator-compromise.rules) * 1:61344 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Get-DotNetServices download attempt (indicator-compromise.rules) * 1:61354 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt (indicator-compromise.rules) * 1:61345 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Get-DotNetServices download attempt (indicator-compromise.rules) * 1:61351 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit BlueKeep scanner download attempt (indicator-compromise.rules) * 1:61350 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit BlueKeep scanner download attempt (indicator-compromise.rules)
* 1:42857 <-> DISABLED <-> SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (server-webapp.rules) * 1:57907 <-> ENABLED <-> SERVER-WEBAPP Microsoft Exchange autodiscover server side request forgery attempt (server-webapp.rules) * 3:61212 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2023-1698 attack attempt (policy-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091401.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:61344 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Get-DotNetServices download attempt (indicator-compromise.rules) * 1:61315 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Graphics Component elevation of privilege attempt (os-windows.rules) * 1:61358 <-> DISABLED <-> SERVER-OTHER F5 iControl SOAP format string attempt (server-other.rules) * 1:61353 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit ADRecon download attempt (indicator-compromise.rules) * 1:61346 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Get-ChromeDump download attempt (indicator-compromise.rules) * 1:61347 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Get-ChromeDump download attempt (indicator-compromise.rules) * 1:61345 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Get-DotNetServices download attempt (indicator-compromise.rules) * 1:61348 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Find-Fruit download attempt (indicator-compromise.rules) * 1:61351 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit BlueKeep scanner download attempt (indicator-compromise.rules) * 1:61355 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt (indicator-compromise.rules) * 1:61357 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Secure Channel denial of service attempt (os-windows.rules) * 1:61356 <-> ENABLED <-> SERVER-WEBAPP Oracle E-Business Suite unauthenticated RCE attempt (server-webapp.rules) * 1:61350 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit BlueKeep scanner download attempt (indicator-compromise.rules) * 1:61349 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Find-Fruit download attempt (indicator-compromise.rules) * 1:61354 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt (indicator-compromise.rules) * 1:61359 <-> ENABLED <-> SERVER-WEBAPP Microsoft Exchange Server remote code execution attempt (server-webapp.rules) * 1:61313 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt (os-windows.rules) * 1:61352 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit ADRecon download attempt (indicator-compromise.rules) * 1:61317 <-> DISABLED <-> FILE-OTHER Visual Studio Code malicious ipynb download attempt (file-other.rules) * 1:61312 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt (os-windows.rules) * 1:61321 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Common Log File System Driver elevation of privilege attempt (os-windows.rules) * 1:61318 <-> ENABLED <-> MALWARE-TOOLS Win.Tool.WinPWN toolkit download attempt (malware-tools.rules) * 1:61319 <-> ENABLED <-> MALWARE-TOOLS Win.Tool.WinPWN toolkit download attempt (malware-tools.rules) * 1:61316 <-> DISABLED <-> FILE-OTHER Visual Studio Code malicious ipynb download attempt (file-other.rules) * 1:61325 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit SpoolerScan download attempt (indicator-compromise.rules) * 1:61322 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit TeamViewerDecrypt download attempt (indicator-compromise.rules) * 1:61323 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit TeamViewerDecrypt download attempt (indicator-compromise.rules) * 1:61320 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Common Log File System Driver elevation of privilege attempt (os-windows.rules) * 1:61329 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-Vulmap download attempt (indicator-compromise.rules) * 1:61326 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit PowerUpSQL download attempt (indicator-compromise.rules) * 1:61327 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit PowerUpSQL download attempt (indicator-compromise.rules) * 1:61324 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit SpoolerScan download attempt (indicator-compromise.rules) * 1:61333 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-SharpPrinter download attempt (indicator-compromise.rules) * 1:61330 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-SMBNegotiate download attempt (indicator-compromise.rules) * 1:61331 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-SMBNegotiate download attempt (indicator-compromise.rules) * 1:61328 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-Vulmap download attempt (indicator-compromise.rules) * 1:61337 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-PowerDump download attempt (indicator-compromise.rules) * 1:61334 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-SharpLdapRelayScan download attempt (indicator-compromise.rules) * 1:61335 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-SharpLdapRelayScan download attempt (indicator-compromise.rules) * 1:61332 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-SharpPrinter download attempt (indicator-compromise.rules) * 1:61341 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-HandleKatz download attempt (indicator-compromise.rules) * 1:61338 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-LdapSignCheck download attempt (indicator-compromise.rules) * 1:61339 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-LdapSignCheck download attempt (indicator-compromise.rules) * 1:61336 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-PowerDump download attempt (indicator-compromise.rules) * 1:61343 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-EventLogParser download attempt (indicator-compromise.rules) * 1:61342 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-EventLogParser download attempt (indicator-compromise.rules) * 1:61340 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-HandleKatz download attempt (indicator-compromise.rules) * 1:61314 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Graphics Component elevation of privilege attempt (os-windows.rules)
* 1:42857 <-> DISABLED <-> SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (server-webapp.rules) * 1:57907 <-> ENABLED <-> SERVER-WEBAPP Microsoft Exchange autodiscover server side request forgery attempt (server-webapp.rules) * 3:61212 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2023-1698 attack attempt (policy-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091300.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:61316 <-> DISABLED <-> FILE-OTHER Visual Studio Code malicious ipynb download attempt (file-other.rules) * 1:61352 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit ADRecon download attempt (indicator-compromise.rules) * 1:61351 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit BlueKeep scanner download attempt (indicator-compromise.rules) * 1:61320 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Common Log File System Driver elevation of privilege attempt (os-windows.rules) * 1:61349 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Find-Fruit download attempt (indicator-compromise.rules) * 1:61350 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit BlueKeep scanner download attempt (indicator-compromise.rules) * 1:61313 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt (os-windows.rules) * 1:61314 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Graphics Component elevation of privilege attempt (os-windows.rules) * 1:61317 <-> DISABLED <-> FILE-OTHER Visual Studio Code malicious ipynb download attempt (file-other.rules) * 1:61340 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-HandleKatz download attempt (indicator-compromise.rules) * 1:61318 <-> ENABLED <-> MALWARE-TOOLS Win.Tool.WinPWN toolkit download attempt (malware-tools.rules) * 1:61344 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Get-DotNetServices download attempt (indicator-compromise.rules) * 1:61315 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Graphics Component elevation of privilege attempt (os-windows.rules) * 1:61323 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit TeamViewerDecrypt download attempt (indicator-compromise.rules) * 1:61329 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-Vulmap download attempt (indicator-compromise.rules) * 1:61339 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-LdapSignCheck download attempt (indicator-compromise.rules) * 1:61312 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt (os-windows.rules) * 1:61336 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-PowerDump download attempt (indicator-compromise.rules) * 1:61321 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Common Log File System Driver elevation of privilege attempt (os-windows.rules) * 1:61335 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-SharpLdapRelayScan download attempt (indicator-compromise.rules) * 1:61347 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Get-ChromeDump download attempt (indicator-compromise.rules) * 1:61359 <-> ENABLED <-> SERVER-WEBAPP Microsoft Exchange Server remote code execution attempt (server-webapp.rules) * 1:61357 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Secure Channel denial of service attempt (os-windows.rules) * 1:61358 <-> DISABLED <-> SERVER-OTHER F5 iControl SOAP format string attempt (server-other.rules) * 1:61319 <-> ENABLED <-> MALWARE-TOOLS Win.Tool.WinPWN toolkit download attempt (malware-tools.rules) * 1:61338 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-LdapSignCheck download attempt (indicator-compromise.rules) * 1:61355 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt (indicator-compromise.rules) * 1:61345 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Get-DotNetServices download attempt (indicator-compromise.rules) * 1:61348 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Find-Fruit download attempt (indicator-compromise.rules) * 1:61334 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-SharpLdapRelayScan download attempt (indicator-compromise.rules) * 1:61343 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-EventLogParser download attempt (indicator-compromise.rules) * 1:61353 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit ADRecon download attempt (indicator-compromise.rules) * 1:61354 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt (indicator-compromise.rules) * 1:61346 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Get-ChromeDump download attempt (indicator-compromise.rules) * 1:61324 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit SpoolerScan download attempt (indicator-compromise.rules) * 1:61356 <-> ENABLED <-> SERVER-WEBAPP Oracle E-Business Suite unauthenticated RCE attempt (server-webapp.rules) * 1:61322 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit TeamViewerDecrypt download attempt (indicator-compromise.rules) * 1:61327 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit PowerUpSQL download attempt (indicator-compromise.rules) * 1:61326 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit PowerUpSQL download attempt (indicator-compromise.rules) * 1:61325 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit SpoolerScan download attempt (indicator-compromise.rules) * 1:61328 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-Vulmap download attempt (indicator-compromise.rules) * 1:61331 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-SMBNegotiate download attempt (indicator-compromise.rules) * 1:61330 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-SMBNegotiate download attempt (indicator-compromise.rules) * 1:61333 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-SharpPrinter download attempt (indicator-compromise.rules) * 1:61341 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-HandleKatz download attempt (indicator-compromise.rules) * 1:61332 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-SharpPrinter download attempt (indicator-compromise.rules) * 1:61337 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-PowerDump download attempt (indicator-compromise.rules) * 1:61342 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-EventLogParser download attempt (indicator-compromise.rules)
* 1:42857 <-> DISABLED <-> SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (server-webapp.rules) * 1:57907 <-> ENABLED <-> SERVER-WEBAPP Microsoft Exchange autodiscover server side request forgery attempt (server-webapp.rules) * 3:61212 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2023-1698 attack attempt (policy-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091101.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:61358 <-> DISABLED <-> SERVER-OTHER F5 iControl SOAP format string attempt (server-other.rules) * 1:61352 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit ADRecon download attempt (indicator-compromise.rules) * 1:61357 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Secure Channel denial of service attempt (os-windows.rules) * 1:61312 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt (os-windows.rules) * 1:61313 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt (os-windows.rules) * 1:61350 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit BlueKeep scanner download attempt (indicator-compromise.rules) * 1:61314 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Graphics Component elevation of privilege attempt (os-windows.rules) * 1:61315 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Graphics Component elevation of privilege attempt (os-windows.rules) * 1:61316 <-> DISABLED <-> FILE-OTHER Visual Studio Code malicious ipynb download attempt (file-other.rules) * 1:61317 <-> DISABLED <-> FILE-OTHER Visual Studio Code malicious ipynb download attempt (file-other.rules) * 1:61359 <-> ENABLED <-> SERVER-WEBAPP Microsoft Exchange Server remote code execution attempt (server-webapp.rules) * 1:61318 <-> ENABLED <-> MALWARE-TOOLS Win.Tool.WinPWN toolkit download attempt (malware-tools.rules) * 1:61319 <-> ENABLED <-> MALWARE-TOOLS Win.Tool.WinPWN toolkit download attempt (malware-tools.rules) * 1:61320 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Common Log File System Driver elevation of privilege attempt (os-windows.rules) * 1:61321 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Common Log File System Driver elevation of privilege attempt (os-windows.rules) * 1:61322 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit TeamViewerDecrypt download attempt (indicator-compromise.rules) * 1:61323 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit TeamViewerDecrypt download attempt (indicator-compromise.rules) * 1:61324 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit SpoolerScan download attempt (indicator-compromise.rules) * 1:61325 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit SpoolerScan download attempt (indicator-compromise.rules) * 1:61326 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit PowerUpSQL download attempt (indicator-compromise.rules) * 1:61327 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit PowerUpSQL download attempt (indicator-compromise.rules) * 1:61328 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-Vulmap download attempt (indicator-compromise.rules) * 1:61329 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-Vulmap download attempt (indicator-compromise.rules) * 1:61330 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-SMBNegotiate download attempt (indicator-compromise.rules) * 1:61353 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit ADRecon download attempt (indicator-compromise.rules) * 1:61331 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-SMBNegotiate download attempt (indicator-compromise.rules) * 1:61332 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-SharpPrinter download attempt (indicator-compromise.rules) * 1:61333 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-SharpPrinter download attempt (indicator-compromise.rules) * 1:61334 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-SharpLdapRelayScan download attempt (indicator-compromise.rules) * 1:61354 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt (indicator-compromise.rules) * 1:61335 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-SharpLdapRelayScan download attempt (indicator-compromise.rules) * 1:61336 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-PowerDump download attempt (indicator-compromise.rules) * 1:61337 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-PowerDump download attempt (indicator-compromise.rules) * 1:61338 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-LdapSignCheck download attempt (indicator-compromise.rules) * 1:61339 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-LdapSignCheck download attempt (indicator-compromise.rules) * 1:61340 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-HandleKatz download attempt (indicator-compromise.rules) * 1:61341 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-HandleKatz download attempt (indicator-compromise.rules) * 1:61342 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-EventLogParser download attempt (indicator-compromise.rules) * 1:61343 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-EventLogParser download attempt (indicator-compromise.rules) * 1:61344 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Get-DotNetServices download attempt (indicator-compromise.rules) * 1:61345 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Get-DotNetServices download attempt (indicator-compromise.rules) * 1:61346 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Get-ChromeDump download attempt (indicator-compromise.rules) * 1:61347 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Get-ChromeDump download attempt (indicator-compromise.rules) * 1:61348 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Find-Fruit download attempt (indicator-compromise.rules) * 1:61349 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Find-Fruit download attempt (indicator-compromise.rules) * 1:61351 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit BlueKeep scanner download attempt (indicator-compromise.rules) * 1:61356 <-> ENABLED <-> SERVER-WEBAPP Oracle E-Business Suite unauthenticated RCE attempt (server-webapp.rules) * 1:61355 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt (indicator-compromise.rules)
* 1:42857 <-> DISABLED <-> SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (server-webapp.rules) * 1:57907 <-> ENABLED <-> SERVER-WEBAPP Microsoft Exchange autodiscover server side request forgery attempt (server-webapp.rules) * 3:61212 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2023-1698 attack attempt (policy-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3000.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:61357 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Secure Channel denial of service attempt (snort3-os-windows.rules) * 1:61359 <-> ENABLED <-> SERVER-WEBAPP Microsoft Exchange Server remote code execution attempt (snort3-server-webapp.rules) * 1:300438 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Remote Access Server Protected EAP remote code execution attempt (snort3-os-windows.rules) * 1:61358 <-> ENABLED <-> SERVER-OTHER F5 iControl SOAP format string attempt (snort3-server-other.rules) * 1:300439 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Remote Access Server Protected EAP remote code execution attempt (snort3-os-windows.rules)
* 1:42857 <-> ENABLED <-> SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (snort3-server-webapp.rules) * 1:57907 <-> ENABLED <-> SERVER-WEBAPP Microsoft Exchange autodiscover server side request forgery attempt (snort3-server-webapp.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:61350 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit BlueKeep scanner download attempt (indicator-compromise.rules) * 1:61344 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Get-DotNetServices download attempt (indicator-compromise.rules) * 1:61349 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Find-Fruit download attempt (indicator-compromise.rules) * 1:61326 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit PowerUpSQL download attempt (indicator-compromise.rules) * 1:61337 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-PowerDump download attempt (indicator-compromise.rules) * 1:61324 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit SpoolerScan download attempt (indicator-compromise.rules) * 1:61358 <-> DISABLED <-> SERVER-OTHER F5 iControl SOAP format string attempt (server-other.rules) * 1:61342 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-EventLogParser download attempt (indicator-compromise.rules) * 1:61348 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Find-Fruit download attempt (indicator-compromise.rules) * 1:61329 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-Vulmap download attempt (indicator-compromise.rules) * 1:61347 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Get-ChromeDump download attempt (indicator-compromise.rules) * 1:61345 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Get-DotNetServices download attempt (indicator-compromise.rules) * 1:61334 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-SharpLdapRelayScan download attempt (indicator-compromise.rules) * 1:61352 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit ADRecon download attempt (indicator-compromise.rules) * 1:61359 <-> ENABLED <-> SERVER-WEBAPP Microsoft Exchange Server remote code execution attempt (server-webapp.rules) * 1:61351 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit BlueKeep scanner download attempt (indicator-compromise.rules) * 1:61328 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-Vulmap download attempt (indicator-compromise.rules) * 1:61339 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-LdapSignCheck download attempt (indicator-compromise.rules) * 1:61340 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-HandleKatz download attempt (indicator-compromise.rules) * 1:61338 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-LdapSignCheck download attempt (indicator-compromise.rules) * 1:61343 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-EventLogParser download attempt (indicator-compromise.rules) * 1:61341 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-HandleKatz download attempt (indicator-compromise.rules) * 1:61356 <-> ENABLED <-> SERVER-WEBAPP Oracle E-Business Suite unauthenticated RCE attempt (server-webapp.rules) * 1:61335 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-SharpLdapRelayScan download attempt (indicator-compromise.rules) * 1:61346 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Get-ChromeDump download attempt (indicator-compromise.rules) * 1:61353 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit ADRecon download attempt (indicator-compromise.rules) * 1:61331 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-SMBNegotiate download attempt (indicator-compromise.rules) * 1:61325 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit SpoolerScan download attempt (indicator-compromise.rules) * 1:61336 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-PowerDump download attempt (indicator-compromise.rules) * 1:61332 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-SharpPrinter download attempt (indicator-compromise.rules) * 1:61330 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-SMBNegotiate download attempt (indicator-compromise.rules) * 1:61333 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-SharpPrinter download attempt (indicator-compromise.rules) * 1:61355 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt (indicator-compromise.rules) * 1:61357 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Secure Channel denial of service attempt (os-windows.rules) * 1:61314 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Graphics Component elevation of privilege attempt (os-windows.rules) * 1:61318 <-> ENABLED <-> MALWARE-TOOLS Win.Tool.WinPWN toolkit download attempt (malware-tools.rules) * 1:61315 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Graphics Component elevation of privilege attempt (os-windows.rules) * 1:61313 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt (os-windows.rules) * 1:61317 <-> DISABLED <-> FILE-OTHER Visual Studio Code malicious ipynb download attempt (file-other.rules) * 1:61316 <-> DISABLED <-> FILE-OTHER Visual Studio Code malicious ipynb download attempt (file-other.rules) * 1:61322 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit TeamViewerDecrypt download attempt (indicator-compromise.rules) * 1:61312 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt (os-windows.rules) * 1:61319 <-> ENABLED <-> MALWARE-TOOLS Win.Tool.WinPWN toolkit download attempt (malware-tools.rules) * 1:61321 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Common Log File System Driver elevation of privilege attempt (os-windows.rules) * 1:61320 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Common Log File System Driver elevation of privilege attempt (os-windows.rules) * 1:61327 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit PowerUpSQL download attempt (indicator-compromise.rules) * 1:61323 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit TeamViewerDecrypt download attempt (indicator-compromise.rules) * 1:61354 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt (indicator-compromise.rules)
* 1:42857 <-> DISABLED <-> SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (server-webapp.rules) * 1:57907 <-> ENABLED <-> SERVER-WEBAPP Microsoft Exchange autodiscover server side request forgery attempt (server-webapp.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.0.3.1.
The format of the file is:
gid:sid <-> Message
* 1:300416 <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt * 1:300417 <-> OS-WINDOWS Microsoft Windows Graphics Component elevation of privilege attempt * 1:300418 <-> FILE-OTHER Visual Studio Code malicious ipynb download attempt * 1:300419 <-> MALWARE-TOOLS Win.Tool.WinPWN toolkit download attempt * 1:300420 <-> OS-WINDOWS Microsoft Windows Common Log File System Driver elevation of privilege attempt * 1:300421 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit TeamViewerDecrypt download attempt * 1:300422 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit SpoolerScan download attempt * 1:300423 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit PowerUpSQL download attempt * 1:300424 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-Vulmap download attempt * 1:300425 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-SMBNegotiate download attempt * 1:300426 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-SharpPrinter download attempt * 1:300427 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-SharpLdapRelayScan download attempt * 1:300428 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-PowerDump download attempt * 1:300429 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-LdapSignCheck download attempt * 1:300430 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-HandleKatz download attempt * 1:300431 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-EventLogParser download attempt * 1:300432 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Get-DotNetServices download attempt * 1:300433 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Get-ChromeDump download attempt * 1:300434 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Find-Fruit download attempt * 1:300435 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit BlueKeep scanner download attempt * 1:300436 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit ADRecon download attempt * 1:300437 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt * 1:300438 <-> OS-WINDOWS Microsoft Windows Remote Access Server Protected EAP remote code execution attempt * 1:300439 <-> OS-WINDOWS Microsoft Windows Remote Access Server Protected EAP remote code execution attempt * 1:61356 <-> SERVER-WEBAPP Oracle E-Business Suite unauthenticated RCE attempt * 1:61357 <-> OS-WINDOWS Microsoft Windows Secure Channel denial of service attempt * 1:61358 <-> SERVER-OTHER F5 iControl SOAP format string attempt * 1:61359 <-> SERVER-WEBAPP Microsoft Exchange Server remote code execution attempt
* 1:42857 <-> SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt * 1:57907 <-> SERVER-WEBAPP Microsoft Exchange autodiscover server side request forgery attempt * 3:61212 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2023-1698 attack attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.0.3.4.
The format of the file is:
gid:sid <-> Message
* 1:300416 <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt * 1:300417 <-> OS-WINDOWS Microsoft Windows Graphics Component elevation of privilege attempt * 1:300418 <-> FILE-OTHER Visual Studio Code malicious ipynb download attempt * 1:300419 <-> MALWARE-TOOLS Win.Tool.WinPWN toolkit download attempt * 1:300420 <-> OS-WINDOWS Microsoft Windows Common Log File System Driver elevation of privilege attempt * 1:300421 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit TeamViewerDecrypt download attempt * 1:300422 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit SpoolerScan download attempt * 1:300423 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit PowerUpSQL download attempt * 1:300424 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-Vulmap download attempt * 1:300425 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-SMBNegotiate download attempt * 1:300426 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-SharpPrinter download attempt * 1:300427 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-SharpLdapRelayScan download attempt * 1:300428 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-PowerDump download attempt * 1:300429 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-LdapSignCheck download attempt * 1:300430 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-HandleKatz download attempt * 1:300431 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-EventLogParser download attempt * 1:300432 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Get-DotNetServices download attempt * 1:300433 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Get-ChromeDump download attempt * 1:300434 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Find-Fruit download attempt * 1:300435 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit BlueKeep scanner download attempt * 1:300436 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit ADRecon download attempt * 1:300437 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt * 1:300438 <-> OS-WINDOWS Microsoft Windows Remote Access Server Protected EAP remote code execution attempt * 1:300439 <-> OS-WINDOWS Microsoft Windows Remote Access Server Protected EAP remote code execution attempt * 1:61356 <-> SERVER-WEBAPP Oracle E-Business Suite unauthenticated RCE attempt * 1:61357 <-> OS-WINDOWS Microsoft Windows Secure Channel denial of service attempt * 1:61358 <-> SERVER-OTHER F5 iControl SOAP format string attempt * 1:61359 <-> SERVER-WEBAPP Microsoft Exchange Server remote code execution attempt
* 1:42857 <-> SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt * 1:57907 <-> SERVER-WEBAPP Microsoft Exchange autodiscover server side request forgery attempt * 3:61212 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2023-1698 attack attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.0.0.
The format of the file is:
gid:sid <-> Message
* 1:300416 <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt * 1:300417 <-> OS-WINDOWS Microsoft Windows Graphics Component elevation of privilege attempt * 1:300418 <-> FILE-OTHER Visual Studio Code malicious ipynb download attempt * 1:300419 <-> MALWARE-TOOLS Win.Tool.WinPWN toolkit download attempt * 1:300420 <-> OS-WINDOWS Microsoft Windows Common Log File System Driver elevation of privilege attempt * 1:300421 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit TeamViewerDecrypt download attempt * 1:300422 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit SpoolerScan download attempt * 1:300423 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit PowerUpSQL download attempt * 1:300424 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-Vulmap download attempt * 1:300425 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-SMBNegotiate download attempt * 1:300426 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-SharpPrinter download attempt * 1:300427 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-SharpLdapRelayScan download attempt * 1:300428 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-PowerDump download attempt * 1:300429 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-LdapSignCheck download attempt * 1:300430 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-HandleKatz download attempt * 1:300431 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-EventLogParser download attempt * 1:300432 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Get-DotNetServices download attempt * 1:300433 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Get-ChromeDump download attempt * 1:300434 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Find-Fruit download attempt * 1:300435 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit BlueKeep scanner download attempt * 1:300436 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit ADRecon download attempt * 1:300437 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt * 1:300438 <-> OS-WINDOWS Microsoft Windows Remote Access Server Protected EAP remote code execution attempt * 1:300439 <-> OS-WINDOWS Microsoft Windows Remote Access Server Protected EAP remote code execution attempt * 1:61356 <-> SERVER-WEBAPP Oracle E-Business Suite unauthenticated RCE attempt * 1:61357 <-> OS-WINDOWS Microsoft Windows Secure Channel denial of service attempt * 1:61358 <-> SERVER-OTHER F5 iControl SOAP format string attempt * 1:61359 <-> SERVER-WEBAPP Microsoft Exchange Server remote code execution attempt
* 1:42857 <-> SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt * 1:57907 <-> SERVER-WEBAPP Microsoft Exchange autodiscover server side request forgery attempt * 3:61212 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2023-1698 attack attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.0.1.
The format of the file is:
gid:sid <-> Message
* 1:300416 <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt * 1:300417 <-> OS-WINDOWS Microsoft Windows Graphics Component elevation of privilege attempt * 1:300418 <-> FILE-OTHER Visual Studio Code malicious ipynb download attempt * 1:300419 <-> MALWARE-TOOLS Win.Tool.WinPWN toolkit download attempt * 1:300420 <-> OS-WINDOWS Microsoft Windows Common Log File System Driver elevation of privilege attempt * 1:300421 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit TeamViewerDecrypt download attempt * 1:300422 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit SpoolerScan download attempt * 1:300423 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit PowerUpSQL download attempt * 1:300424 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-Vulmap download attempt * 1:300425 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-SMBNegotiate download attempt * 1:300426 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-SharpPrinter download attempt * 1:300427 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-SharpLdapRelayScan download attempt * 1:300428 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-PowerDump download attempt * 1:300429 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-LdapSignCheck download attempt * 1:300430 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-HandleKatz download attempt * 1:300431 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-EventLogParser download attempt * 1:300432 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Get-DotNetServices download attempt * 1:300433 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Get-ChromeDump download attempt * 1:300434 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Find-Fruit download attempt * 1:300435 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit BlueKeep scanner download attempt * 1:300436 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit ADRecon download attempt * 1:300437 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt * 1:300438 <-> OS-WINDOWS Microsoft Windows Remote Access Server Protected EAP remote code execution attempt * 1:300439 <-> OS-WINDOWS Microsoft Windows Remote Access Server Protected EAP remote code execution attempt * 1:61356 <-> SERVER-WEBAPP Oracle E-Business Suite unauthenticated RCE attempt * 1:61357 <-> OS-WINDOWS Microsoft Windows Secure Channel denial of service attempt * 1:61358 <-> SERVER-OTHER F5 iControl SOAP format string attempt * 1:61359 <-> SERVER-WEBAPP Microsoft Exchange Server remote code execution attempt
* 1:42857 <-> SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt * 1:57907 <-> SERVER-WEBAPP Microsoft Exchange autodiscover server side request forgery attempt * 3:61212 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2023-1698 attack attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.1.0.
The format of the file is:
gid:sid <-> Message
* 1:300416 <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt * 1:300417 <-> OS-WINDOWS Microsoft Windows Graphics Component elevation of privilege attempt * 1:300418 <-> FILE-OTHER Visual Studio Code malicious ipynb download attempt * 1:300419 <-> MALWARE-TOOLS Win.Tool.WinPWN toolkit download attempt * 1:300420 <-> OS-WINDOWS Microsoft Windows Common Log File System Driver elevation of privilege attempt * 1:300421 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit TeamViewerDecrypt download attempt * 1:300422 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit SpoolerScan download attempt * 1:300423 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit PowerUpSQL download attempt * 1:300424 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-Vulmap download attempt * 1:300425 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-SMBNegotiate download attempt * 1:300426 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-SharpPrinter download attempt * 1:300427 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-SharpLdapRelayScan download attempt * 1:300428 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-PowerDump download attempt * 1:300429 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-LdapSignCheck download attempt * 1:300430 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-HandleKatz download attempt * 1:300431 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-EventLogParser download attempt * 1:300432 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Get-DotNetServices download attempt * 1:300433 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Get-ChromeDump download attempt * 1:300434 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Find-Fruit download attempt * 1:300435 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit BlueKeep scanner download attempt * 1:300436 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit ADRecon download attempt * 1:300437 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt * 1:300438 <-> OS-WINDOWS Microsoft Windows Remote Access Server Protected EAP remote code execution attempt * 1:300439 <-> OS-WINDOWS Microsoft Windows Remote Access Server Protected EAP remote code execution attempt * 1:61356 <-> SERVER-WEBAPP Oracle E-Business Suite unauthenticated RCE attempt * 1:61357 <-> OS-WINDOWS Microsoft Windows Secure Channel denial of service attempt * 1:61358 <-> SERVER-OTHER F5 iControl SOAP format string attempt * 1:61359 <-> SERVER-WEBAPP Microsoft Exchange Server remote code execution attempt
* 1:42857 <-> SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt * 1:57907 <-> SERVER-WEBAPP Microsoft Exchange autodiscover server side request forgery attempt * 3:61212 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2023-1698 attack attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.3.0.
The format of the file is:
gid:sid <-> Message
* 1:300416 <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt * 1:300417 <-> OS-WINDOWS Microsoft Windows Graphics Component elevation of privilege attempt * 1:300418 <-> FILE-OTHER Visual Studio Code malicious ipynb download attempt * 1:300419 <-> MALWARE-TOOLS Win.Tool.WinPWN toolkit download attempt * 1:300420 <-> OS-WINDOWS Microsoft Windows Common Log File System Driver elevation of privilege attempt * 1:300421 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit TeamViewerDecrypt download attempt * 1:300422 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit SpoolerScan download attempt * 1:300423 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit PowerUpSQL download attempt * 1:300424 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-Vulmap download attempt * 1:300425 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-SMBNegotiate download attempt * 1:300426 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-SharpPrinter download attempt * 1:300427 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-SharpLdapRelayScan download attempt * 1:300428 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-PowerDump download attempt * 1:300429 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-LdapSignCheck download attempt * 1:300430 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-HandleKatz download attempt * 1:300431 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-EventLogParser download attempt * 1:300432 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Get-DotNetServices download attempt * 1:300433 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Get-ChromeDump download attempt * 1:300434 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Find-Fruit download attempt * 1:300435 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit BlueKeep scanner download attempt * 1:300436 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit ADRecon download attempt * 1:300437 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt * 1:300438 <-> OS-WINDOWS Microsoft Windows Remote Access Server Protected EAP remote code execution attempt * 1:300439 <-> OS-WINDOWS Microsoft Windows Remote Access Server Protected EAP remote code execution attempt * 1:61356 <-> SERVER-WEBAPP Oracle E-Business Suite unauthenticated RCE attempt * 1:61357 <-> OS-WINDOWS Microsoft Windows Secure Channel denial of service attempt * 1:61358 <-> SERVER-OTHER F5 iControl SOAP format string attempt * 1:61359 <-> SERVER-WEBAPP Microsoft Exchange Server remote code execution attempt
* 1:42857 <-> SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt * 1:57907 <-> SERVER-WEBAPP Microsoft Exchange autodiscover server side request forgery attempt * 3:61212 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2023-1698 attack attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.4.0.
The format of the file is:
gid:sid <-> Message
* 1:300416 <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt * 1:300417 <-> OS-WINDOWS Microsoft Windows Graphics Component elevation of privilege attempt * 1:300418 <-> FILE-OTHER Visual Studio Code malicious ipynb download attempt * 1:300419 <-> MALWARE-TOOLS Win.Tool.WinPWN toolkit download attempt * 1:300420 <-> OS-WINDOWS Microsoft Windows Common Log File System Driver elevation of privilege attempt * 1:300421 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit TeamViewerDecrypt download attempt * 1:300422 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit SpoolerScan download attempt * 1:300423 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit PowerUpSQL download attempt * 1:300424 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-Vulmap download attempt * 1:300425 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-SMBNegotiate download attempt * 1:300426 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-SharpPrinter download attempt * 1:300427 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-SharpLdapRelayScan download attempt * 1:300428 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-PowerDump download attempt * 1:300429 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-LdapSignCheck download attempt * 1:300430 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-HandleKatz download attempt * 1:300431 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-EventLogParser download attempt * 1:300432 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Get-DotNetServices download attempt * 1:300433 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Get-ChromeDump download attempt * 1:300434 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Find-Fruit download attempt * 1:300435 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit BlueKeep scanner download attempt * 1:300436 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit ADRecon download attempt * 1:300437 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt * 1:300438 <-> OS-WINDOWS Microsoft Windows Remote Access Server Protected EAP remote code execution attempt * 1:300439 <-> OS-WINDOWS Microsoft Windows Remote Access Server Protected EAP remote code execution attempt * 1:61356 <-> SERVER-WEBAPP Oracle E-Business Suite unauthenticated RCE attempt * 1:61357 <-> OS-WINDOWS Microsoft Windows Secure Channel denial of service attempt * 1:61358 <-> SERVER-OTHER F5 iControl SOAP format string attempt * 1:61359 <-> SERVER-WEBAPP Microsoft Exchange Server remote code execution attempt
* 1:42857 <-> SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt * 1:57907 <-> SERVER-WEBAPP Microsoft Exchange autodiscover server side request forgery attempt * 3:61212 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2023-1698 attack attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.5.0.
The format of the file is:
gid:sid <-> Message
* 1:300416 <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt * 1:300417 <-> OS-WINDOWS Microsoft Windows Graphics Component elevation of privilege attempt * 1:300418 <-> FILE-OTHER Visual Studio Code malicious ipynb download attempt * 1:300419 <-> MALWARE-TOOLS Win.Tool.WinPWN toolkit download attempt * 1:300420 <-> OS-WINDOWS Microsoft Windows Common Log File System Driver elevation of privilege attempt * 1:300421 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit TeamViewerDecrypt download attempt * 1:300422 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit SpoolerScan download attempt * 1:300423 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit PowerUpSQL download attempt * 1:300424 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-Vulmap download attempt * 1:300425 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-SMBNegotiate download attempt * 1:300426 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-SharpPrinter download attempt * 1:300427 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-SharpLdapRelayScan download attempt * 1:300428 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-PowerDump download attempt * 1:300429 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-LdapSignCheck download attempt * 1:300430 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-HandleKatz download attempt * 1:300431 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-EventLogParser download attempt * 1:300432 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Get-DotNetServices download attempt * 1:300433 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Get-ChromeDump download attempt * 1:300434 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Find-Fruit download attempt * 1:300435 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit BlueKeep scanner download attempt * 1:300436 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit ADRecon download attempt * 1:300437 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt * 1:300438 <-> OS-WINDOWS Microsoft Windows Remote Access Server Protected EAP remote code execution attempt * 1:300439 <-> OS-WINDOWS Microsoft Windows Remote Access Server Protected EAP remote code execution attempt * 1:61356 <-> SERVER-WEBAPP Oracle E-Business Suite unauthenticated RCE attempt * 1:61357 <-> OS-WINDOWS Microsoft Windows Secure Channel denial of service attempt * 1:61358 <-> SERVER-OTHER F5 iControl SOAP format string attempt * 1:61359 <-> SERVER-WEBAPP Microsoft Exchange Server remote code execution attempt
* 1:42857 <-> SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt * 1:57907 <-> SERVER-WEBAPP Microsoft Exchange autodiscover server side request forgery attempt * 3:61212 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2023-1698 attack attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.7.0.
The format of the file is:
gid:sid <-> Message
* 1:300416 <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt * 1:300417 <-> OS-WINDOWS Microsoft Windows Graphics Component elevation of privilege attempt * 1:300418 <-> FILE-OTHER Visual Studio Code malicious ipynb download attempt * 1:300419 <-> MALWARE-TOOLS Win.Tool.WinPWN toolkit download attempt * 1:300420 <-> OS-WINDOWS Microsoft Windows Common Log File System Driver elevation of privilege attempt * 1:300421 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit TeamViewerDecrypt download attempt * 1:300422 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit SpoolerScan download attempt * 1:300423 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit PowerUpSQL download attempt * 1:300424 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-Vulmap download attempt * 1:300425 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-SMBNegotiate download attempt * 1:300426 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-SharpPrinter download attempt * 1:300427 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-SharpLdapRelayScan download attempt * 1:300428 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-PowerDump download attempt * 1:300429 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-LdapSignCheck download attempt * 1:300430 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-HandleKatz download attempt * 1:300431 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-EventLogParser download attempt * 1:300432 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Get-DotNetServices download attempt * 1:300433 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Get-ChromeDump download attempt * 1:300434 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Find-Fruit download attempt * 1:300435 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit BlueKeep scanner download attempt * 1:300436 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit ADRecon download attempt * 1:300437 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt * 1:300438 <-> OS-WINDOWS Microsoft Windows Remote Access Server Protected EAP remote code execution attempt * 1:300439 <-> OS-WINDOWS Microsoft Windows Remote Access Server Protected EAP remote code execution attempt * 1:61356 <-> SERVER-WEBAPP Oracle E-Business Suite unauthenticated RCE attempt * 1:61357 <-> OS-WINDOWS Microsoft Windows Secure Channel denial of service attempt * 1:61358 <-> SERVER-OTHER F5 iControl SOAP format string attempt * 1:61359 <-> SERVER-WEBAPP Microsoft Exchange Server remote code execution attempt
* 1:42857 <-> SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt * 1:57907 <-> SERVER-WEBAPP Microsoft Exchange autodiscover server side request forgery attempt * 3:61212 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2023-1698 attack attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.9.0.
The format of the file is:
gid:sid <-> Message
* 1:300416 <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt * 1:300417 <-> OS-WINDOWS Microsoft Windows Graphics Component elevation of privilege attempt * 1:300418 <-> FILE-OTHER Visual Studio Code malicious ipynb download attempt * 1:300419 <-> MALWARE-TOOLS Win.Tool.WinPWN toolkit download attempt * 1:300420 <-> OS-WINDOWS Microsoft Windows Common Log File System Driver elevation of privilege attempt * 1:300421 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit TeamViewerDecrypt download attempt * 1:300422 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit SpoolerScan download attempt * 1:300423 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit PowerUpSQL download attempt * 1:300424 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-Vulmap download attempt * 1:300425 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-SMBNegotiate download attempt * 1:300426 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-SharpPrinter download attempt * 1:300427 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-SharpLdapRelayScan download attempt * 1:300428 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-PowerDump download attempt * 1:300429 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-LdapSignCheck download attempt * 1:300430 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-HandleKatz download attempt * 1:300431 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-EventLogParser download attempt * 1:300432 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Get-DotNetServices download attempt * 1:300433 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Get-ChromeDump download attempt * 1:300434 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Find-Fruit download attempt * 1:300435 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit BlueKeep scanner download attempt * 1:300436 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit ADRecon download attempt * 1:300437 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt * 1:300438 <-> OS-WINDOWS Microsoft Windows Remote Access Server Protected EAP remote code execution attempt * 1:300439 <-> OS-WINDOWS Microsoft Windows Remote Access Server Protected EAP remote code execution attempt * 1:61356 <-> SERVER-WEBAPP Oracle E-Business Suite unauthenticated RCE attempt * 1:61357 <-> OS-WINDOWS Microsoft Windows Secure Channel denial of service attempt * 1:61358 <-> SERVER-OTHER F5 iControl SOAP format string attempt * 1:61359 <-> SERVER-WEBAPP Microsoft Exchange Server remote code execution attempt
* 1:42857 <-> SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt * 1:57907 <-> SERVER-WEBAPP Microsoft Exchange autodiscover server side request forgery attempt * 3:61212 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2023-1698 attack attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.11.0.
The format of the file is:
gid:sid <-> Message
* 1:300416 <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt * 1:300417 <-> OS-WINDOWS Microsoft Windows Graphics Component elevation of privilege attempt * 1:300418 <-> FILE-OTHER Visual Studio Code malicious ipynb download attempt * 1:300419 <-> MALWARE-TOOLS Win.Tool.WinPWN toolkit download attempt * 1:300420 <-> OS-WINDOWS Microsoft Windows Common Log File System Driver elevation of privilege attempt * 1:300421 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit TeamViewerDecrypt download attempt * 1:300422 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit SpoolerScan download attempt * 1:300423 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit PowerUpSQL download attempt * 1:300424 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-Vulmap download attempt * 1:300425 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-SMBNegotiate download attempt * 1:300426 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-SharpPrinter download attempt * 1:300427 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-SharpLdapRelayScan download attempt * 1:300428 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-PowerDump download attempt * 1:300429 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-LdapSignCheck download attempt * 1:300430 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-HandleKatz download attempt * 1:300431 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-EventLogParser download attempt * 1:300432 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Get-DotNetServices download attempt * 1:300433 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Get-ChromeDump download attempt * 1:300434 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Find-Fruit download attempt * 1:300435 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit BlueKeep scanner download attempt * 1:300436 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit ADRecon download attempt * 1:300437 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt * 1:300438 <-> OS-WINDOWS Microsoft Windows Remote Access Server Protected EAP remote code execution attempt * 1:300439 <-> OS-WINDOWS Microsoft Windows Remote Access Server Protected EAP remote code execution attempt * 1:61356 <-> SERVER-WEBAPP Oracle E-Business Suite unauthenticated RCE attempt * 1:61357 <-> OS-WINDOWS Microsoft Windows Secure Channel denial of service attempt * 1:61358 <-> SERVER-OTHER F5 iControl SOAP format string attempt * 1:61359 <-> SERVER-WEBAPP Microsoft Exchange Server remote code execution attempt
* 1:42857 <-> SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt * 1:57907 <-> SERVER-WEBAPP Microsoft Exchange autodiscover server side request forgery attempt * 3:61212 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2023-1698 attack attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.15.0.
The format of the file is:
gid:sid <-> Message
* 1:300416 <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt * 1:300417 <-> OS-WINDOWS Microsoft Windows Graphics Component elevation of privilege attempt * 1:300418 <-> FILE-OTHER Visual Studio Code malicious ipynb download attempt * 1:300419 <-> MALWARE-TOOLS Win.Tool.WinPWN toolkit download attempt * 1:300420 <-> OS-WINDOWS Microsoft Windows Common Log File System Driver elevation of privilege attempt * 1:300421 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit TeamViewerDecrypt download attempt * 1:300422 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit SpoolerScan download attempt * 1:300423 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit PowerUpSQL download attempt * 1:300424 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-Vulmap download attempt * 1:300425 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-SMBNegotiate download attempt * 1:300426 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-SharpPrinter download attempt * 1:300427 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-SharpLdapRelayScan download attempt * 1:300428 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-PowerDump download attempt * 1:300429 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-LdapSignCheck download attempt * 1:300430 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-HandleKatz download attempt * 1:300431 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-EventLogParser download attempt * 1:300432 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Get-DotNetServices download attempt * 1:300433 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Get-ChromeDump download attempt * 1:300434 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Find-Fruit download attempt * 1:300435 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit BlueKeep scanner download attempt * 1:300436 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit ADRecon download attempt * 1:300437 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt * 1:300438 <-> OS-WINDOWS Microsoft Windows Remote Access Server Protected EAP remote code execution attempt * 1:300439 <-> OS-WINDOWS Microsoft Windows Remote Access Server Protected EAP remote code execution attempt * 1:61356 <-> SERVER-WEBAPP Oracle E-Business Suite unauthenticated RCE attempt * 1:61357 <-> OS-WINDOWS Microsoft Windows Secure Channel denial of service attempt * 1:61358 <-> SERVER-OTHER F5 iControl SOAP format string attempt * 1:61359 <-> SERVER-WEBAPP Microsoft Exchange Server remote code execution attempt
* 1:42857 <-> SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt * 1:57907 <-> SERVER-WEBAPP Microsoft Exchange autodiscover server side request forgery attempt * 3:61212 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2023-1698 attack attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.18.0.
The format of the file is:
gid:sid <-> Message
* 1:300416 <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt * 1:300417 <-> OS-WINDOWS Microsoft Windows Graphics Component elevation of privilege attempt * 1:300418 <-> FILE-OTHER Visual Studio Code malicious ipynb download attempt * 1:300419 <-> MALWARE-TOOLS Win.Tool.WinPWN toolkit download attempt * 1:300420 <-> OS-WINDOWS Microsoft Windows Common Log File System Driver elevation of privilege attempt * 1:300421 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit TeamViewerDecrypt download attempt * 1:300422 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit SpoolerScan download attempt * 1:300423 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit PowerUpSQL download attempt * 1:300424 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-Vulmap download attempt * 1:300425 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-SMBNegotiate download attempt * 1:300426 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-SharpPrinter download attempt * 1:300427 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-SharpLdapRelayScan download attempt * 1:300428 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-PowerDump download attempt * 1:300429 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-LdapSignCheck download attempt * 1:300430 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-HandleKatz download attempt * 1:300431 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-EventLogParser download attempt * 1:300432 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Get-DotNetServices download attempt * 1:300433 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Get-ChromeDump download attempt * 1:300434 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Find-Fruit download attempt * 1:300435 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit BlueKeep scanner download attempt * 1:300436 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit ADRecon download attempt * 1:300437 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt * 1:300438 <-> OS-WINDOWS Microsoft Windows Remote Access Server Protected EAP remote code execution attempt * 1:300439 <-> OS-WINDOWS Microsoft Windows Remote Access Server Protected EAP remote code execution attempt * 1:61356 <-> SERVER-WEBAPP Oracle E-Business Suite unauthenticated RCE attempt * 1:61357 <-> OS-WINDOWS Microsoft Windows Secure Channel denial of service attempt * 1:61358 <-> SERVER-OTHER F5 iControl SOAP format string attempt * 1:61359 <-> SERVER-WEBAPP Microsoft Exchange Server remote code execution attempt
* 1:42857 <-> SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt * 1:57907 <-> SERVER-WEBAPP Microsoft Exchange autodiscover server side request forgery attempt * 3:61212 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2023-1698 attack attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.20.0.
The format of the file is:
gid:sid <-> Message
* 1:300416 <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt * 1:300417 <-> OS-WINDOWS Microsoft Windows Graphics Component elevation of privilege attempt * 1:300418 <-> FILE-OTHER Visual Studio Code malicious ipynb download attempt * 1:300419 <-> MALWARE-TOOLS Win.Tool.WinPWN toolkit download attempt * 1:300420 <-> OS-WINDOWS Microsoft Windows Common Log File System Driver elevation of privilege attempt * 1:300421 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit TeamViewerDecrypt download attempt * 1:300422 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit SpoolerScan download attempt * 1:300423 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit PowerUpSQL download attempt * 1:300424 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-Vulmap download attempt * 1:300425 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-SMBNegotiate download attempt * 1:300426 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-SharpPrinter download attempt * 1:300427 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-SharpLdapRelayScan download attempt * 1:300428 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-PowerDump download attempt * 1:300429 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-LdapSignCheck download attempt * 1:300430 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-HandleKatz download attempt * 1:300431 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-EventLogParser download attempt * 1:300432 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Get-DotNetServices download attempt * 1:300433 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Get-ChromeDump download attempt * 1:300434 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Find-Fruit download attempt * 1:300435 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit BlueKeep scanner download attempt * 1:300436 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit ADRecon download attempt * 1:300437 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt * 1:300438 <-> OS-WINDOWS Microsoft Windows Remote Access Server Protected EAP remote code execution attempt * 1:300439 <-> OS-WINDOWS Microsoft Windows Remote Access Server Protected EAP remote code execution attempt * 1:61356 <-> SERVER-WEBAPP Oracle E-Business Suite unauthenticated RCE attempt * 1:61357 <-> OS-WINDOWS Microsoft Windows Secure Channel denial of service attempt * 1:61358 <-> SERVER-OTHER F5 iControl SOAP format string attempt * 1:61359 <-> SERVER-WEBAPP Microsoft Exchange Server remote code execution attempt
* 1:42857 <-> SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt * 1:57907 <-> SERVER-WEBAPP Microsoft Exchange autodiscover server side request forgery attempt * 3:61212 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2023-1698 attack attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.21.0.
The format of the file is:
gid:sid <-> Message
* 1:300416 <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt * 1:300417 <-> OS-WINDOWS Microsoft Windows Graphics Component elevation of privilege attempt * 1:300418 <-> FILE-OTHER Visual Studio Code malicious ipynb download attempt * 1:300419 <-> MALWARE-TOOLS Win.Tool.WinPWN toolkit download attempt * 1:300420 <-> OS-WINDOWS Microsoft Windows Common Log File System Driver elevation of privilege attempt * 1:300421 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit TeamViewerDecrypt download attempt * 1:300422 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit SpoolerScan download attempt * 1:300423 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit PowerUpSQL download attempt * 1:300424 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-Vulmap download attempt * 1:300425 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-SMBNegotiate download attempt * 1:300426 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-SharpPrinter download attempt * 1:300427 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-SharpLdapRelayScan download attempt * 1:300428 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-PowerDump download attempt * 1:300429 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-LdapSignCheck download attempt * 1:300430 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-HandleKatz download attempt * 1:300431 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-EventLogParser download attempt * 1:300432 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Get-DotNetServices download attempt * 1:300433 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Get-ChromeDump download attempt * 1:300434 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Find-Fruit download attempt * 1:300435 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit BlueKeep scanner download attempt * 1:300436 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit ADRecon download attempt * 1:300437 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt * 1:300438 <-> OS-WINDOWS Microsoft Windows Remote Access Server Protected EAP remote code execution attempt * 1:300439 <-> OS-WINDOWS Microsoft Windows Remote Access Server Protected EAP remote code execution attempt * 1:61356 <-> SERVER-WEBAPP Oracle E-Business Suite unauthenticated RCE attempt * 1:61357 <-> OS-WINDOWS Microsoft Windows Secure Channel denial of service attempt * 1:61358 <-> SERVER-OTHER F5 iControl SOAP format string attempt * 1:61359 <-> SERVER-WEBAPP Microsoft Exchange Server remote code execution attempt
* 1:42857 <-> SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt * 1:57907 <-> SERVER-WEBAPP Microsoft Exchange autodiscover server side request forgery attempt * 3:61212 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2023-1698 attack attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.35.0.
The format of the file is:
gid:sid <-> Message
* 1:300416 <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt * 1:300417 <-> OS-WINDOWS Microsoft Windows Graphics Component elevation of privilege attempt * 1:300418 <-> FILE-OTHER Visual Studio Code malicious ipynb download attempt * 1:300419 <-> MALWARE-TOOLS Win.Tool.WinPWN toolkit download attempt * 1:300420 <-> OS-WINDOWS Microsoft Windows Common Log File System Driver elevation of privilege attempt * 1:300421 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit TeamViewerDecrypt download attempt * 1:300422 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit SpoolerScan download attempt * 1:300423 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit PowerUpSQL download attempt * 1:300424 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-Vulmap download attempt * 1:300425 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-SMBNegotiate download attempt * 1:300426 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-SharpPrinter download attempt * 1:300427 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-SharpLdapRelayScan download attempt * 1:300428 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-PowerDump download attempt * 1:300429 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-LdapSignCheck download attempt * 1:300430 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-HandleKatz download attempt * 1:300431 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-EventLogParser download attempt * 1:300432 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Get-DotNetServices download attempt * 1:300433 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Get-ChromeDump download attempt * 1:300434 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Find-Fruit download attempt * 1:300435 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit BlueKeep scanner download attempt * 1:300436 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit ADRecon download attempt * 1:300437 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt * 1:300438 <-> OS-WINDOWS Microsoft Windows Remote Access Server Protected EAP remote code execution attempt * 1:300439 <-> OS-WINDOWS Microsoft Windows Remote Access Server Protected EAP remote code execution attempt * 1:61356 <-> SERVER-WEBAPP Oracle E-Business Suite unauthenticated RCE attempt * 1:61357 <-> OS-WINDOWS Microsoft Windows Secure Channel denial of service attempt * 1:61358 <-> SERVER-OTHER F5 iControl SOAP format string attempt * 1:61359 <-> SERVER-WEBAPP Microsoft Exchange Server remote code execution attempt
* 1:42857 <-> SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt * 1:57907 <-> SERVER-WEBAPP Microsoft Exchange autodiscover server side request forgery attempt * 3:61212 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2023-1698 attack attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.44.0.
The format of the file is:
gid:sid <-> Message
* 1:300416 <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt * 1:300417 <-> OS-WINDOWS Microsoft Windows Graphics Component elevation of privilege attempt * 1:300418 <-> FILE-OTHER Visual Studio Code malicious ipynb download attempt * 1:300419 <-> MALWARE-TOOLS Win.Tool.WinPWN toolkit download attempt * 1:300420 <-> OS-WINDOWS Microsoft Windows Common Log File System Driver elevation of privilege attempt * 1:300421 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit TeamViewerDecrypt download attempt * 1:300422 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit SpoolerScan download attempt * 1:300423 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit PowerUpSQL download attempt * 1:300424 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-Vulmap download attempt * 1:300425 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-SMBNegotiate download attempt * 1:300426 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-SharpPrinter download attempt * 1:300427 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-SharpLdapRelayScan download attempt * 1:300428 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-PowerDump download attempt * 1:300429 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-LdapSignCheck download attempt * 1:300430 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-HandleKatz download attempt * 1:300431 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-EventLogParser download attempt * 1:300432 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Get-DotNetServices download attempt * 1:300433 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Get-ChromeDump download attempt * 1:300434 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Find-Fruit download attempt * 1:300435 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit BlueKeep scanner download attempt * 1:300436 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit ADRecon download attempt * 1:300437 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt * 1:300438 <-> OS-WINDOWS Microsoft Windows Remote Access Server Protected EAP remote code execution attempt * 1:300439 <-> OS-WINDOWS Microsoft Windows Remote Access Server Protected EAP remote code execution attempt * 1:61356 <-> SERVER-WEBAPP Oracle E-Business Suite unauthenticated RCE attempt * 1:61357 <-> OS-WINDOWS Microsoft Windows Secure Channel denial of service attempt * 1:61358 <-> SERVER-OTHER F5 iControl SOAP format string attempt * 1:61359 <-> SERVER-WEBAPP Microsoft Exchange Server remote code execution attempt
* 1:42857 <-> SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt * 1:57907 <-> SERVER-WEBAPP Microsoft Exchange autodiscover server side request forgery attempt * 3:61212 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2023-1698 attack attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.47.0.
The format of the file is:
gid:sid <-> Message
* 1:300416 <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt * 1:300417 <-> OS-WINDOWS Microsoft Windows Graphics Component elevation of privilege attempt * 1:300418 <-> FILE-OTHER Visual Studio Code malicious ipynb download attempt * 1:300419 <-> MALWARE-TOOLS Win.Tool.WinPWN toolkit download attempt * 1:300420 <-> OS-WINDOWS Microsoft Windows Common Log File System Driver elevation of privilege attempt * 1:300421 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit TeamViewerDecrypt download attempt * 1:300422 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit SpoolerScan download attempt * 1:300423 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit PowerUpSQL download attempt * 1:300424 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-Vulmap download attempt * 1:300425 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-SMBNegotiate download attempt * 1:300426 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-SharpPrinter download attempt * 1:300427 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-SharpLdapRelayScan download attempt * 1:300428 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-PowerDump download attempt * 1:300429 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-LdapSignCheck download attempt * 1:300430 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-HandleKatz download attempt * 1:300431 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-EventLogParser download attempt * 1:300432 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Get-DotNetServices download attempt * 1:300433 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Get-ChromeDump download attempt * 1:300434 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Find-Fruit download attempt * 1:300435 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit BlueKeep scanner download attempt * 1:300436 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit ADRecon download attempt * 1:300437 <-> INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt * 1:300438 <-> OS-WINDOWS Microsoft Windows Remote Access Server Protected EAP remote code execution attempt * 1:300439 <-> OS-WINDOWS Microsoft Windows Remote Access Server Protected EAP remote code execution attempt * 1:61356 <-> SERVER-WEBAPP Oracle E-Business Suite unauthenticated RCE attempt * 1:61357 <-> OS-WINDOWS Microsoft Windows Secure Channel denial of service attempt * 1:61358 <-> SERVER-OTHER F5 iControl SOAP format string attempt * 1:61359 <-> SERVER-WEBAPP Microsoft Exchange Server remote code execution attempt
* 1:42857 <-> SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt * 1:57907 <-> SERVER-WEBAPP Microsoft Exchange autodiscover server side request forgery attempt * 3:61212 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2023-1698 attack attempt