Talos has added and modified multiple rules in the file-image, file-other, malware-backdoor, malware-other and server-webapp rule sets to provide coverage for emerging threats from these technologies.
For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2092000.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:61360 <-> ENABLED <-> SERVER-WEBAPP Microsoft Exchange Server remote code execution attempt (server-webapp.rules) * 1:61361 <-> DISABLED <-> MALWARE-BACKDOOR FoggyWeb Exchange backdoor access attempt (malware-backdoor.rules) * 1:61362 <-> DISABLED <-> MALWARE-BACKDOOR FoggyWeb Exchange backdoor access attempt (malware-backdoor.rules) * 1:61363 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Agent payload download attempt (malware-other.rules) * 1:61364 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Agent payload download attempt (malware-other.rules) * 1:61365 <-> DISABLED <-> MALWARE-OTHER Doc.Dropper.Agent payload download attempt (malware-other.rules) * 1:61366 <-> DISABLED <-> MALWARE-OTHER Doc.Dropper.Agent payload download attempt (malware-other.rules) * 1:61370 <-> DISABLED <-> SERVER-WEBAPP TerraMaster TOS unauthenticated command injection attempt (server-webapp.rules) * 1:61371 <-> DISABLED <-> SERVER-WEBAPP TerraMaster TOS unauthenticated command injection attempt (server-webapp.rules) * 1:61372 <-> DISABLED <-> SERVER-WEBAPP Forta GoAnywhere MFT remote code execution attempt (server-webapp.rules) * 1:61373 <-> DISABLED <-> SERVER-WEBAPP Forta GoAnywhere MFT remote code execution attempt (server-webapp.rules) * 1:61374 <-> DISABLED <-> SERVER-WEBAPP Forta GoAnywhere MFT remote code execution attempt (server-webapp.rules) * 1:61375 <-> DISABLED <-> SERVER-WEBAPP Forta GoAnywhere MFT remote code execution attempt (server-webapp.rules) * 1:61376 <-> DISABLED <-> POLICY-OTHER Forta GoAnywhere MFT potential remote code execution attempt (policy-other.rules) * 1:61377 <-> DISABLED <-> POLICY-OTHER Forta GoAnywhere MFT potential remote code execution attempt (policy-other.rules) * 1:61378 <-> DISABLED <-> FILE-OTHER Intel Network Adapter Diagnostic Driver exploitation attempt (file-other.rules) * 1:61379 <-> DISABLED <-> FILE-OTHER Intel Network Adapter Diagnostic Driver exploitation attempt (file-other.rules) * 1:61380 <-> DISABLED <-> FILE-OTHER Intel Network Adapter Diagnostic Driver exploitation attempt (file-other.rules) * 1:61381 <-> DISABLED <-> FILE-OTHER Intel Network Adapter Diagnostic Driver exploitation attempt (file-other.rules) * 1:61382 <-> DISABLED <-> FILE-OTHER Intel Network Adapter Diagnostic Driver exploitation attempt (file-other.rules) * 1:61383 <-> DISABLED <-> FILE-OTHER Intel Network Adapter Diagnostic Driver exploitation attempt (file-other.rules) * 3:61367 <-> ENABLED <-> SERVER-WEBAPP Cisco Email Security Appliance arbitrary code execution attempt (server-webapp.rules) * 3:61368 <-> ENABLED <-> FILE-OTHER ClamAV HFS+ partition scanning buffer overflow attempt (file-other.rules) * 3:61369 <-> ENABLED <-> FILE-OTHER ClamAV HFS+ partition scanning buffer overflow attempt (file-other.rules) * 3:61384 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2023-1708 attack attempt (file-image.rules) * 3:61385 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2023-1708 attack attempt (file-image.rules) * 3:61386 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2023-1719 attack attempt (file-other.rules) * 3:61387 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2023-1719 attack attempt (file-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091900.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:61382 <-> DISABLED <-> FILE-OTHER Intel Network Adapter Diagnostic Driver exploitation attempt (file-other.rules) * 1:61381 <-> DISABLED <-> FILE-OTHER Intel Network Adapter Diagnostic Driver exploitation attempt (file-other.rules) * 1:61383 <-> DISABLED <-> FILE-OTHER Intel Network Adapter Diagnostic Driver exploitation attempt (file-other.rules) * 1:61363 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Agent payload download attempt (malware-other.rules) * 1:61364 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Agent payload download attempt (malware-other.rules) * 1:61360 <-> ENABLED <-> SERVER-WEBAPP Microsoft Exchange Server remote code execution attempt (server-webapp.rules) * 1:61366 <-> DISABLED <-> MALWARE-OTHER Doc.Dropper.Agent payload download attempt (malware-other.rules) * 1:61370 <-> DISABLED <-> SERVER-WEBAPP TerraMaster TOS unauthenticated command injection attempt (server-webapp.rules) * 1:61371 <-> DISABLED <-> SERVER-WEBAPP TerraMaster TOS unauthenticated command injection attempt (server-webapp.rules) * 1:61372 <-> DISABLED <-> SERVER-WEBAPP Forta GoAnywhere MFT remote code execution attempt (server-webapp.rules) * 1:61373 <-> DISABLED <-> SERVER-WEBAPP Forta GoAnywhere MFT remote code execution attempt (server-webapp.rules) * 1:61374 <-> DISABLED <-> SERVER-WEBAPP Forta GoAnywhere MFT remote code execution attempt (server-webapp.rules) * 1:61375 <-> DISABLED <-> SERVER-WEBAPP Forta GoAnywhere MFT remote code execution attempt (server-webapp.rules) * 1:61376 <-> DISABLED <-> POLICY-OTHER Forta GoAnywhere MFT potential remote code execution attempt (policy-other.rules) * 1:61361 <-> DISABLED <-> MALWARE-BACKDOOR FoggyWeb Exchange backdoor access attempt (malware-backdoor.rules) * 1:61377 <-> DISABLED <-> POLICY-OTHER Forta GoAnywhere MFT potential remote code execution attempt (policy-other.rules) * 1:61378 <-> DISABLED <-> FILE-OTHER Intel Network Adapter Diagnostic Driver exploitation attempt (file-other.rules) * 1:61379 <-> DISABLED <-> FILE-OTHER Intel Network Adapter Diagnostic Driver exploitation attempt (file-other.rules) * 1:61380 <-> DISABLED <-> FILE-OTHER Intel Network Adapter Diagnostic Driver exploitation attempt (file-other.rules) * 1:61365 <-> DISABLED <-> MALWARE-OTHER Doc.Dropper.Agent payload download attempt (malware-other.rules) * 1:61362 <-> DISABLED <-> MALWARE-BACKDOOR FoggyWeb Exchange backdoor access attempt (malware-backdoor.rules) * 3:61368 <-> ENABLED <-> FILE-OTHER ClamAV HFS+ partition scanning buffer overflow attempt (file-other.rules) * 3:61367 <-> ENABLED <-> SERVER-WEBAPP Cisco Email Security Appliance arbitrary code execution attempt (server-webapp.rules) * 3:61369 <-> ENABLED <-> FILE-OTHER ClamAV HFS+ partition scanning buffer overflow attempt (file-other.rules) * 3:61385 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2023-1708 attack attempt (file-image.rules) * 3:61384 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2023-1708 attack attempt (file-image.rules) * 3:61387 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2023-1719 attack attempt (file-other.rules) * 3:61386 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2023-1719 attack attempt (file-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091801.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:61365 <-> DISABLED <-> MALWARE-OTHER Doc.Dropper.Agent payload download attempt (malware-other.rules) * 1:61366 <-> DISABLED <-> MALWARE-OTHER Doc.Dropper.Agent payload download attempt (malware-other.rules) * 1:61375 <-> DISABLED <-> SERVER-WEBAPP Forta GoAnywhere MFT remote code execution attempt (server-webapp.rules) * 1:61371 <-> DISABLED <-> SERVER-WEBAPP TerraMaster TOS unauthenticated command injection attempt (server-webapp.rules) * 1:61360 <-> ENABLED <-> SERVER-WEBAPP Microsoft Exchange Server remote code execution attempt (server-webapp.rules) * 1:61361 <-> DISABLED <-> MALWARE-BACKDOOR FoggyWeb Exchange backdoor access attempt (malware-backdoor.rules) * 1:61363 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Agent payload download attempt (malware-other.rules) * 1:61374 <-> DISABLED <-> SERVER-WEBAPP Forta GoAnywhere MFT remote code execution attempt (server-webapp.rules) * 1:61362 <-> DISABLED <-> MALWARE-BACKDOOR FoggyWeb Exchange backdoor access attempt (malware-backdoor.rules) * 1:61364 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Agent payload download attempt (malware-other.rules) * 1:61370 <-> DISABLED <-> SERVER-WEBAPP TerraMaster TOS unauthenticated command injection attempt (server-webapp.rules) * 1:61373 <-> DISABLED <-> SERVER-WEBAPP Forta GoAnywhere MFT remote code execution attempt (server-webapp.rules) * 1:61383 <-> DISABLED <-> FILE-OTHER Intel Network Adapter Diagnostic Driver exploitation attempt (file-other.rules) * 1:61372 <-> DISABLED <-> SERVER-WEBAPP Forta GoAnywhere MFT remote code execution attempt (server-webapp.rules) * 1:61376 <-> DISABLED <-> POLICY-OTHER Forta GoAnywhere MFT potential remote code execution attempt (policy-other.rules) * 1:61377 <-> DISABLED <-> POLICY-OTHER Forta GoAnywhere MFT potential remote code execution attempt (policy-other.rules) * 1:61379 <-> DISABLED <-> FILE-OTHER Intel Network Adapter Diagnostic Driver exploitation attempt (file-other.rules) * 1:61378 <-> DISABLED <-> FILE-OTHER Intel Network Adapter Diagnostic Driver exploitation attempt (file-other.rules) * 1:61381 <-> DISABLED <-> FILE-OTHER Intel Network Adapter Diagnostic Driver exploitation attempt (file-other.rules) * 1:61380 <-> DISABLED <-> FILE-OTHER Intel Network Adapter Diagnostic Driver exploitation attempt (file-other.rules) * 1:61382 <-> DISABLED <-> FILE-OTHER Intel Network Adapter Diagnostic Driver exploitation attempt (file-other.rules) * 3:61368 <-> ENABLED <-> FILE-OTHER ClamAV HFS+ partition scanning buffer overflow attempt (file-other.rules) * 3:61369 <-> ENABLED <-> FILE-OTHER ClamAV HFS+ partition scanning buffer overflow attempt (file-other.rules) * 3:61384 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2023-1708 attack attempt (file-image.rules) * 3:61387 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2023-1719 attack attempt (file-other.rules) * 3:61385 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2023-1708 attack attempt (file-image.rules) * 3:61386 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2023-1719 attack attempt (file-other.rules) * 3:61367 <-> ENABLED <-> SERVER-WEBAPP Cisco Email Security Appliance arbitrary code execution attempt (server-webapp.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091701.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:61381 <-> DISABLED <-> FILE-OTHER Intel Network Adapter Diagnostic Driver exploitation attempt (file-other.rules) * 1:61379 <-> DISABLED <-> FILE-OTHER Intel Network Adapter Diagnostic Driver exploitation attempt (file-other.rules) * 1:61383 <-> DISABLED <-> FILE-OTHER Intel Network Adapter Diagnostic Driver exploitation attempt (file-other.rules) * 1:61382 <-> DISABLED <-> FILE-OTHER Intel Network Adapter Diagnostic Driver exploitation attempt (file-other.rules) * 1:61378 <-> DISABLED <-> FILE-OTHER Intel Network Adapter Diagnostic Driver exploitation attempt (file-other.rules) * 1:61380 <-> DISABLED <-> FILE-OTHER Intel Network Adapter Diagnostic Driver exploitation attempt (file-other.rules) * 1:61374 <-> DISABLED <-> SERVER-WEBAPP Forta GoAnywhere MFT remote code execution attempt (server-webapp.rules) * 1:61372 <-> DISABLED <-> SERVER-WEBAPP Forta GoAnywhere MFT remote code execution attempt (server-webapp.rules) * 1:61375 <-> DISABLED <-> SERVER-WEBAPP Forta GoAnywhere MFT remote code execution attempt (server-webapp.rules) * 1:61360 <-> ENABLED <-> SERVER-WEBAPP Microsoft Exchange Server remote code execution attempt (server-webapp.rules) * 1:61364 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Agent payload download attempt (malware-other.rules) * 1:61366 <-> DISABLED <-> MALWARE-OTHER Doc.Dropper.Agent payload download attempt (malware-other.rules) * 1:61370 <-> DISABLED <-> SERVER-WEBAPP TerraMaster TOS unauthenticated command injection attempt (server-webapp.rules) * 1:61361 <-> DISABLED <-> MALWARE-BACKDOOR FoggyWeb Exchange backdoor access attempt (malware-backdoor.rules) * 1:61376 <-> DISABLED <-> POLICY-OTHER Forta GoAnywhere MFT potential remote code execution attempt (policy-other.rules) * 1:61377 <-> DISABLED <-> POLICY-OTHER Forta GoAnywhere MFT potential remote code execution attempt (policy-other.rules) * 1:61363 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Agent payload download attempt (malware-other.rules) * 1:61362 <-> DISABLED <-> MALWARE-BACKDOOR FoggyWeb Exchange backdoor access attempt (malware-backdoor.rules) * 1:61365 <-> DISABLED <-> MALWARE-OTHER Doc.Dropper.Agent payload download attempt (malware-other.rules) * 1:61373 <-> DISABLED <-> SERVER-WEBAPP Forta GoAnywhere MFT remote code execution attempt (server-webapp.rules) * 1:61371 <-> DISABLED <-> SERVER-WEBAPP TerraMaster TOS unauthenticated command injection attempt (server-webapp.rules) * 3:61367 <-> ENABLED <-> SERVER-WEBAPP Cisco Email Security Appliance arbitrary code execution attempt (server-webapp.rules) * 3:61368 <-> ENABLED <-> FILE-OTHER ClamAV HFS+ partition scanning buffer overflow attempt (file-other.rules) * 3:61369 <-> ENABLED <-> FILE-OTHER ClamAV HFS+ partition scanning buffer overflow attempt (file-other.rules) * 3:61384 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2023-1708 attack attempt (file-image.rules) * 3:61387 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2023-1719 attack attempt (file-other.rules) * 3:61386 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2023-1719 attack attempt (file-other.rules) * 3:61385 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2023-1708 attack attempt (file-image.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091700.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:61382 <-> DISABLED <-> FILE-OTHER Intel Network Adapter Diagnostic Driver exploitation attempt (file-other.rules) * 1:61363 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Agent payload download attempt (malware-other.rules) * 1:61365 <-> DISABLED <-> MALWARE-OTHER Doc.Dropper.Agent payload download attempt (malware-other.rules) * 1:61362 <-> DISABLED <-> MALWARE-BACKDOOR FoggyWeb Exchange backdoor access attempt (malware-backdoor.rules) * 1:61372 <-> DISABLED <-> SERVER-WEBAPP Forta GoAnywhere MFT remote code execution attempt (server-webapp.rules) * 1:61371 <-> DISABLED <-> SERVER-WEBAPP TerraMaster TOS unauthenticated command injection attempt (server-webapp.rules) * 1:61360 <-> ENABLED <-> SERVER-WEBAPP Microsoft Exchange Server remote code execution attempt (server-webapp.rules) * 1:61364 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Agent payload download attempt (malware-other.rules) * 1:61373 <-> DISABLED <-> SERVER-WEBAPP Forta GoAnywhere MFT remote code execution attempt (server-webapp.rules) * 1:61374 <-> DISABLED <-> SERVER-WEBAPP Forta GoAnywhere MFT remote code execution attempt (server-webapp.rules) * 1:61381 <-> DISABLED <-> FILE-OTHER Intel Network Adapter Diagnostic Driver exploitation attempt (file-other.rules) * 1:61380 <-> DISABLED <-> FILE-OTHER Intel Network Adapter Diagnostic Driver exploitation attempt (file-other.rules) * 1:61366 <-> DISABLED <-> MALWARE-OTHER Doc.Dropper.Agent payload download attempt (malware-other.rules) * 1:61375 <-> DISABLED <-> SERVER-WEBAPP Forta GoAnywhere MFT remote code execution attempt (server-webapp.rules) * 1:61376 <-> DISABLED <-> POLICY-OTHER Forta GoAnywhere MFT potential remote code execution attempt (policy-other.rules) * 1:61361 <-> DISABLED <-> MALWARE-BACKDOOR FoggyWeb Exchange backdoor access attempt (malware-backdoor.rules) * 1:61377 <-> DISABLED <-> POLICY-OTHER Forta GoAnywhere MFT potential remote code execution attempt (policy-other.rules) * 1:61370 <-> DISABLED <-> SERVER-WEBAPP TerraMaster TOS unauthenticated command injection attempt (server-webapp.rules) * 1:61378 <-> DISABLED <-> FILE-OTHER Intel Network Adapter Diagnostic Driver exploitation attempt (file-other.rules) * 1:61379 <-> DISABLED <-> FILE-OTHER Intel Network Adapter Diagnostic Driver exploitation attempt (file-other.rules) * 1:61383 <-> DISABLED <-> FILE-OTHER Intel Network Adapter Diagnostic Driver exploitation attempt (file-other.rules) * 3:61368 <-> ENABLED <-> FILE-OTHER ClamAV HFS+ partition scanning buffer overflow attempt (file-other.rules) * 3:61367 <-> ENABLED <-> SERVER-WEBAPP Cisco Email Security Appliance arbitrary code execution attempt (server-webapp.rules) * 3:61369 <-> ENABLED <-> FILE-OTHER ClamAV HFS+ partition scanning buffer overflow attempt (file-other.rules) * 3:61384 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2023-1708 attack attempt (file-image.rules) * 3:61386 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2023-1719 attack attempt (file-other.rules) * 3:61387 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2023-1719 attack attempt (file-other.rules) * 3:61385 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2023-1708 attack attempt (file-image.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091601.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:61363 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Agent payload download attempt (malware-other.rules) * 1:61364 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Agent payload download attempt (malware-other.rules) * 1:61372 <-> DISABLED <-> SERVER-WEBAPP Forta GoAnywhere MFT remote code execution attempt (server-webapp.rules) * 1:61365 <-> DISABLED <-> MALWARE-OTHER Doc.Dropper.Agent payload download attempt (malware-other.rules) * 1:61371 <-> DISABLED <-> SERVER-WEBAPP TerraMaster TOS unauthenticated command injection attempt (server-webapp.rules) * 1:61360 <-> ENABLED <-> SERVER-WEBAPP Microsoft Exchange Server remote code execution attempt (server-webapp.rules) * 1:61382 <-> DISABLED <-> FILE-OTHER Intel Network Adapter Diagnostic Driver exploitation attempt (file-other.rules) * 1:61383 <-> DISABLED <-> FILE-OTHER Intel Network Adapter Diagnostic Driver exploitation attempt (file-other.rules) * 1:61361 <-> DISABLED <-> MALWARE-BACKDOOR FoggyWeb Exchange backdoor access attempt (malware-backdoor.rules) * 1:61375 <-> DISABLED <-> SERVER-WEBAPP Forta GoAnywhere MFT remote code execution attempt (server-webapp.rules) * 1:61373 <-> DISABLED <-> SERVER-WEBAPP Forta GoAnywhere MFT remote code execution attempt (server-webapp.rules) * 1:61374 <-> DISABLED <-> SERVER-WEBAPP Forta GoAnywhere MFT remote code execution attempt (server-webapp.rules) * 1:61380 <-> DISABLED <-> FILE-OTHER Intel Network Adapter Diagnostic Driver exploitation attempt (file-other.rules) * 1:61362 <-> DISABLED <-> MALWARE-BACKDOOR FoggyWeb Exchange backdoor access attempt (malware-backdoor.rules) * 1:61378 <-> DISABLED <-> FILE-OTHER Intel Network Adapter Diagnostic Driver exploitation attempt (file-other.rules) * 1:61366 <-> DISABLED <-> MALWARE-OTHER Doc.Dropper.Agent payload download attempt (malware-other.rules) * 1:61377 <-> DISABLED <-> POLICY-OTHER Forta GoAnywhere MFT potential remote code execution attempt (policy-other.rules) * 1:61376 <-> DISABLED <-> POLICY-OTHER Forta GoAnywhere MFT potential remote code execution attempt (policy-other.rules) * 1:61379 <-> DISABLED <-> FILE-OTHER Intel Network Adapter Diagnostic Driver exploitation attempt (file-other.rules) * 1:61381 <-> DISABLED <-> FILE-OTHER Intel Network Adapter Diagnostic Driver exploitation attempt (file-other.rules) * 1:61370 <-> DISABLED <-> SERVER-WEBAPP TerraMaster TOS unauthenticated command injection attempt (server-webapp.rules) * 3:61369 <-> ENABLED <-> FILE-OTHER ClamAV HFS+ partition scanning buffer overflow attempt (file-other.rules) * 3:61384 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2023-1708 attack attempt (file-image.rules) * 3:61385 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2023-1708 attack attempt (file-image.rules) * 3:61386 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2023-1719 attack attempt (file-other.rules) * 3:61368 <-> ENABLED <-> FILE-OTHER ClamAV HFS+ partition scanning buffer overflow attempt (file-other.rules) * 3:61367 <-> ENABLED <-> SERVER-WEBAPP Cisco Email Security Appliance arbitrary code execution attempt (server-webapp.rules) * 3:61387 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2023-1719 attack attempt (file-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091600.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:61361 <-> DISABLED <-> MALWARE-BACKDOOR FoggyWeb Exchange backdoor access attempt (malware-backdoor.rules) * 1:61382 <-> DISABLED <-> FILE-OTHER Intel Network Adapter Diagnostic Driver exploitation attempt (file-other.rules) * 1:61381 <-> DISABLED <-> FILE-OTHER Intel Network Adapter Diagnostic Driver exploitation attempt (file-other.rules) * 1:61360 <-> ENABLED <-> SERVER-WEBAPP Microsoft Exchange Server remote code execution attempt (server-webapp.rules) * 1:61373 <-> DISABLED <-> SERVER-WEBAPP Forta GoAnywhere MFT remote code execution attempt (server-webapp.rules) * 1:61371 <-> DISABLED <-> SERVER-WEBAPP TerraMaster TOS unauthenticated command injection attempt (server-webapp.rules) * 1:61366 <-> DISABLED <-> MALWARE-OTHER Doc.Dropper.Agent payload download attempt (malware-other.rules) * 1:61376 <-> DISABLED <-> POLICY-OTHER Forta GoAnywhere MFT potential remote code execution attempt (policy-other.rules) * 1:61380 <-> DISABLED <-> FILE-OTHER Intel Network Adapter Diagnostic Driver exploitation attempt (file-other.rules) * 1:61375 <-> DISABLED <-> SERVER-WEBAPP Forta GoAnywhere MFT remote code execution attempt (server-webapp.rules) * 1:61383 <-> DISABLED <-> FILE-OTHER Intel Network Adapter Diagnostic Driver exploitation attempt (file-other.rules) * 1:61374 <-> DISABLED <-> SERVER-WEBAPP Forta GoAnywhere MFT remote code execution attempt (server-webapp.rules) * 1:61362 <-> DISABLED <-> MALWARE-BACKDOOR FoggyWeb Exchange backdoor access attempt (malware-backdoor.rules) * 1:61363 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Agent payload download attempt (malware-other.rules) * 1:61364 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Agent payload download attempt (malware-other.rules) * 1:61365 <-> DISABLED <-> MALWARE-OTHER Doc.Dropper.Agent payload download attempt (malware-other.rules) * 1:61379 <-> DISABLED <-> FILE-OTHER Intel Network Adapter Diagnostic Driver exploitation attempt (file-other.rules) * 1:61372 <-> DISABLED <-> SERVER-WEBAPP Forta GoAnywhere MFT remote code execution attempt (server-webapp.rules) * 1:61370 <-> DISABLED <-> SERVER-WEBAPP TerraMaster TOS unauthenticated command injection attempt (server-webapp.rules) * 1:61378 <-> DISABLED <-> FILE-OTHER Intel Network Adapter Diagnostic Driver exploitation attempt (file-other.rules) * 1:61377 <-> DISABLED <-> POLICY-OTHER Forta GoAnywhere MFT potential remote code execution attempt (policy-other.rules) * 3:61367 <-> ENABLED <-> SERVER-WEBAPP Cisco Email Security Appliance arbitrary code execution attempt (server-webapp.rules) * 3:61368 <-> ENABLED <-> FILE-OTHER ClamAV HFS+ partition scanning buffer overflow attempt (file-other.rules) * 3:61385 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2023-1708 attack attempt (file-image.rules) * 3:61387 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2023-1719 attack attempt (file-other.rules) * 3:61386 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2023-1719 attack attempt (file-other.rules) * 3:61369 <-> ENABLED <-> FILE-OTHER ClamAV HFS+ partition scanning buffer overflow attempt (file-other.rules) * 3:61384 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2023-1708 attack attempt (file-image.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091501.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:61373 <-> DISABLED <-> SERVER-WEBAPP Forta GoAnywhere MFT remote code execution attempt (server-webapp.rules) * 1:61377 <-> DISABLED <-> POLICY-OTHER Forta GoAnywhere MFT potential remote code execution attempt (policy-other.rules) * 1:61376 <-> DISABLED <-> POLICY-OTHER Forta GoAnywhere MFT potential remote code execution attempt (policy-other.rules) * 1:61365 <-> DISABLED <-> MALWARE-OTHER Doc.Dropper.Agent payload download attempt (malware-other.rules) * 1:61364 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Agent payload download attempt (malware-other.rules) * 1:61371 <-> DISABLED <-> SERVER-WEBAPP TerraMaster TOS unauthenticated command injection attempt (server-webapp.rules) * 1:61382 <-> DISABLED <-> FILE-OTHER Intel Network Adapter Diagnostic Driver exploitation attempt (file-other.rules) * 1:61372 <-> DISABLED <-> SERVER-WEBAPP Forta GoAnywhere MFT remote code execution attempt (server-webapp.rules) * 1:61370 <-> DISABLED <-> SERVER-WEBAPP TerraMaster TOS unauthenticated command injection attempt (server-webapp.rules) * 1:61361 <-> DISABLED <-> MALWARE-BACKDOOR FoggyWeb Exchange backdoor access attempt (malware-backdoor.rules) * 1:61379 <-> DISABLED <-> FILE-OTHER Intel Network Adapter Diagnostic Driver exploitation attempt (file-other.rules) * 1:61381 <-> DISABLED <-> FILE-OTHER Intel Network Adapter Diagnostic Driver exploitation attempt (file-other.rules) * 1:61366 <-> DISABLED <-> MALWARE-OTHER Doc.Dropper.Agent payload download attempt (malware-other.rules) * 1:61363 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Agent payload download attempt (malware-other.rules) * 1:61374 <-> DISABLED <-> SERVER-WEBAPP Forta GoAnywhere MFT remote code execution attempt (server-webapp.rules) * 1:61380 <-> DISABLED <-> FILE-OTHER Intel Network Adapter Diagnostic Driver exploitation attempt (file-other.rules) * 1:61375 <-> DISABLED <-> SERVER-WEBAPP Forta GoAnywhere MFT remote code execution attempt (server-webapp.rules) * 1:61383 <-> DISABLED <-> FILE-OTHER Intel Network Adapter Diagnostic Driver exploitation attempt (file-other.rules) * 1:61362 <-> DISABLED <-> MALWARE-BACKDOOR FoggyWeb Exchange backdoor access attempt (malware-backdoor.rules) * 1:61360 <-> ENABLED <-> SERVER-WEBAPP Microsoft Exchange Server remote code execution attempt (server-webapp.rules) * 1:61378 <-> DISABLED <-> FILE-OTHER Intel Network Adapter Diagnostic Driver exploitation attempt (file-other.rules) * 3:61369 <-> ENABLED <-> FILE-OTHER ClamAV HFS+ partition scanning buffer overflow attempt (file-other.rules) * 3:61386 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2023-1719 attack attempt (file-other.rules) * 3:61384 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2023-1708 attack attempt (file-image.rules) * 3:61387 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2023-1719 attack attempt (file-other.rules) * 3:61367 <-> ENABLED <-> SERVER-WEBAPP Cisco Email Security Appliance arbitrary code execution attempt (server-webapp.rules) * 3:61385 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2023-1708 attack attempt (file-image.rules) * 3:61368 <-> ENABLED <-> FILE-OTHER ClamAV HFS+ partition scanning buffer overflow attempt (file-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091401.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:61382 <-> DISABLED <-> FILE-OTHER Intel Network Adapter Diagnostic Driver exploitation attempt (file-other.rules) * 1:61380 <-> DISABLED <-> FILE-OTHER Intel Network Adapter Diagnostic Driver exploitation attempt (file-other.rules) * 1:61361 <-> DISABLED <-> MALWARE-BACKDOOR FoggyWeb Exchange backdoor access attempt (malware-backdoor.rules) * 1:61373 <-> DISABLED <-> SERVER-WEBAPP Forta GoAnywhere MFT remote code execution attempt (server-webapp.rules) * 1:61360 <-> ENABLED <-> SERVER-WEBAPP Microsoft Exchange Server remote code execution attempt (server-webapp.rules) * 1:61365 <-> DISABLED <-> MALWARE-OTHER Doc.Dropper.Agent payload download attempt (malware-other.rules) * 1:61370 <-> DISABLED <-> SERVER-WEBAPP TerraMaster TOS unauthenticated command injection attempt (server-webapp.rules) * 1:61383 <-> DISABLED <-> FILE-OTHER Intel Network Adapter Diagnostic Driver exploitation attempt (file-other.rules) * 1:61366 <-> DISABLED <-> MALWARE-OTHER Doc.Dropper.Agent payload download attempt (malware-other.rules) * 1:61374 <-> DISABLED <-> SERVER-WEBAPP Forta GoAnywhere MFT remote code execution attempt (server-webapp.rules) * 1:61375 <-> DISABLED <-> SERVER-WEBAPP Forta GoAnywhere MFT remote code execution attempt (server-webapp.rules) * 1:61376 <-> DISABLED <-> POLICY-OTHER Forta GoAnywhere MFT potential remote code execution attempt (policy-other.rules) * 1:61377 <-> DISABLED <-> POLICY-OTHER Forta GoAnywhere MFT potential remote code execution attempt (policy-other.rules) * 1:61381 <-> DISABLED <-> FILE-OTHER Intel Network Adapter Diagnostic Driver exploitation attempt (file-other.rules) * 1:61378 <-> DISABLED <-> FILE-OTHER Intel Network Adapter Diagnostic Driver exploitation attempt (file-other.rules) * 1:61371 <-> DISABLED <-> SERVER-WEBAPP TerraMaster TOS unauthenticated command injection attempt (server-webapp.rules) * 1:61362 <-> DISABLED <-> MALWARE-BACKDOOR FoggyWeb Exchange backdoor access attempt (malware-backdoor.rules) * 1:61372 <-> DISABLED <-> SERVER-WEBAPP Forta GoAnywhere MFT remote code execution attempt (server-webapp.rules) * 1:61363 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Agent payload download attempt (malware-other.rules) * 1:61379 <-> DISABLED <-> FILE-OTHER Intel Network Adapter Diagnostic Driver exploitation attempt (file-other.rules) * 1:61364 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Agent payload download attempt (malware-other.rules) * 3:61369 <-> ENABLED <-> FILE-OTHER ClamAV HFS+ partition scanning buffer overflow attempt (file-other.rules) * 3:61367 <-> ENABLED <-> SERVER-WEBAPP Cisco Email Security Appliance arbitrary code execution attempt (server-webapp.rules) * 3:61368 <-> ENABLED <-> FILE-OTHER ClamAV HFS+ partition scanning buffer overflow attempt (file-other.rules) * 3:61386 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2023-1719 attack attempt (file-other.rules) * 3:61385 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2023-1708 attack attempt (file-image.rules) * 3:61384 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2023-1708 attack attempt (file-image.rules) * 3:61387 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2023-1719 attack attempt (file-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091300.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:61381 <-> DISABLED <-> FILE-OTHER Intel Network Adapter Diagnostic Driver exploitation attempt (file-other.rules) * 1:61379 <-> DISABLED <-> FILE-OTHER Intel Network Adapter Diagnostic Driver exploitation attempt (file-other.rules) * 1:61362 <-> DISABLED <-> MALWARE-BACKDOOR FoggyWeb Exchange backdoor access attempt (malware-backdoor.rules) * 1:61372 <-> DISABLED <-> SERVER-WEBAPP Forta GoAnywhere MFT remote code execution attempt (server-webapp.rules) * 1:61374 <-> DISABLED <-> SERVER-WEBAPP Forta GoAnywhere MFT remote code execution attempt (server-webapp.rules) * 1:61378 <-> DISABLED <-> FILE-OTHER Intel Network Adapter Diagnostic Driver exploitation attempt (file-other.rules) * 1:61370 <-> DISABLED <-> SERVER-WEBAPP TerraMaster TOS unauthenticated command injection attempt (server-webapp.rules) * 1:61382 <-> DISABLED <-> FILE-OTHER Intel Network Adapter Diagnostic Driver exploitation attempt (file-other.rules) * 1:61360 <-> ENABLED <-> SERVER-WEBAPP Microsoft Exchange Server remote code execution attempt (server-webapp.rules) * 1:61365 <-> DISABLED <-> MALWARE-OTHER Doc.Dropper.Agent payload download attempt (malware-other.rules) * 1:61380 <-> DISABLED <-> FILE-OTHER Intel Network Adapter Diagnostic Driver exploitation attempt (file-other.rules) * 1:61383 <-> DISABLED <-> FILE-OTHER Intel Network Adapter Diagnostic Driver exploitation attempt (file-other.rules) * 1:61363 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Agent payload download attempt (malware-other.rules) * 1:61364 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Agent payload download attempt (malware-other.rules) * 1:61361 <-> DISABLED <-> MALWARE-BACKDOOR FoggyWeb Exchange backdoor access attempt (malware-backdoor.rules) * 1:61371 <-> DISABLED <-> SERVER-WEBAPP TerraMaster TOS unauthenticated command injection attempt (server-webapp.rules) * 1:61373 <-> DISABLED <-> SERVER-WEBAPP Forta GoAnywhere MFT remote code execution attempt (server-webapp.rules) * 1:61377 <-> DISABLED <-> POLICY-OTHER Forta GoAnywhere MFT potential remote code execution attempt (policy-other.rules) * 1:61366 <-> DISABLED <-> MALWARE-OTHER Doc.Dropper.Agent payload download attempt (malware-other.rules) * 1:61375 <-> DISABLED <-> SERVER-WEBAPP Forta GoAnywhere MFT remote code execution attempt (server-webapp.rules) * 1:61376 <-> DISABLED <-> POLICY-OTHER Forta GoAnywhere MFT potential remote code execution attempt (policy-other.rules) * 3:61367 <-> ENABLED <-> SERVER-WEBAPP Cisco Email Security Appliance arbitrary code execution attempt (server-webapp.rules) * 3:61387 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2023-1719 attack attempt (file-other.rules) * 3:61384 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2023-1708 attack attempt (file-image.rules) * 3:61385 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2023-1708 attack attempt (file-image.rules) * 3:61368 <-> ENABLED <-> FILE-OTHER ClamAV HFS+ partition scanning buffer overflow attempt (file-other.rules) * 3:61369 <-> ENABLED <-> FILE-OTHER ClamAV HFS+ partition scanning buffer overflow attempt (file-other.rules) * 3:61386 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2023-1719 attack attempt (file-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091101.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:61373 <-> DISABLED <-> SERVER-WEBAPP Forta GoAnywhere MFT remote code execution attempt (server-webapp.rules) * 1:61363 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Agent payload download attempt (malware-other.rules) * 1:61378 <-> DISABLED <-> FILE-OTHER Intel Network Adapter Diagnostic Driver exploitation attempt (file-other.rules) * 1:61371 <-> DISABLED <-> SERVER-WEBAPP TerraMaster TOS unauthenticated command injection attempt (server-webapp.rules) * 1:61361 <-> DISABLED <-> MALWARE-BACKDOOR FoggyWeb Exchange backdoor access attempt (malware-backdoor.rules) * 1:61362 <-> DISABLED <-> MALWARE-BACKDOOR FoggyWeb Exchange backdoor access attempt (malware-backdoor.rules) * 1:61370 <-> DISABLED <-> SERVER-WEBAPP TerraMaster TOS unauthenticated command injection attempt (server-webapp.rules) * 1:61360 <-> ENABLED <-> SERVER-WEBAPP Microsoft Exchange Server remote code execution attempt (server-webapp.rules) * 1:61366 <-> DISABLED <-> MALWARE-OTHER Doc.Dropper.Agent payload download attempt (malware-other.rules) * 1:61379 <-> DISABLED <-> FILE-OTHER Intel Network Adapter Diagnostic Driver exploitation attempt (file-other.rules) * 1:61381 <-> DISABLED <-> FILE-OTHER Intel Network Adapter Diagnostic Driver exploitation attempt (file-other.rules) * 1:61372 <-> DISABLED <-> SERVER-WEBAPP Forta GoAnywhere MFT remote code execution attempt (server-webapp.rules) * 1:61383 <-> DISABLED <-> FILE-OTHER Intel Network Adapter Diagnostic Driver exploitation attempt (file-other.rules) * 1:61382 <-> DISABLED <-> FILE-OTHER Intel Network Adapter Diagnostic Driver exploitation attempt (file-other.rules) * 1:61376 <-> DISABLED <-> POLICY-OTHER Forta GoAnywhere MFT potential remote code execution attempt (policy-other.rules) * 1:61364 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Agent payload download attempt (malware-other.rules) * 1:61375 <-> DISABLED <-> SERVER-WEBAPP Forta GoAnywhere MFT remote code execution attempt (server-webapp.rules) * 1:61380 <-> DISABLED <-> FILE-OTHER Intel Network Adapter Diagnostic Driver exploitation attempt (file-other.rules) * 1:61377 <-> DISABLED <-> POLICY-OTHER Forta GoAnywhere MFT potential remote code execution attempt (policy-other.rules) * 1:61374 <-> DISABLED <-> SERVER-WEBAPP Forta GoAnywhere MFT remote code execution attempt (server-webapp.rules) * 1:61365 <-> DISABLED <-> MALWARE-OTHER Doc.Dropper.Agent payload download attempt (malware-other.rules) * 3:61385 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2023-1708 attack attempt (file-image.rules) * 3:61368 <-> ENABLED <-> FILE-OTHER ClamAV HFS+ partition scanning buffer overflow attempt (file-other.rules) * 3:61369 <-> ENABLED <-> FILE-OTHER ClamAV HFS+ partition scanning buffer overflow attempt (file-other.rules) * 3:61386 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2023-1719 attack attempt (file-other.rules) * 3:61367 <-> ENABLED <-> SERVER-WEBAPP Cisco Email Security Appliance arbitrary code execution attempt (server-webapp.rules) * 3:61387 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2023-1719 attack attempt (file-other.rules) * 3:61384 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2023-1708 attack attempt (file-image.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3000.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:61360 <-> ENABLED <-> SERVER-WEBAPP Microsoft Exchange Server remote code execution attempt (snort3-server-webapp.rules) * 1:61361 <-> ENABLED <-> MALWARE-BACKDOOR FoggyWeb Exchange backdoor access attempt (snort3-malware-backdoor.rules) * 1:61362 <-> ENABLED <-> MALWARE-BACKDOOR FoggyWeb Exchange backdoor access attempt (snort3-malware-backdoor.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:61364 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Agent payload download attempt (malware-other.rules) * 1:61374 <-> DISABLED <-> SERVER-WEBAPP Forta GoAnywhere MFT remote code execution attempt (server-webapp.rules) * 1:61362 <-> DISABLED <-> MALWARE-BACKDOOR FoggyWeb Exchange backdoor access attempt (malware-backdoor.rules) * 1:61382 <-> DISABLED <-> FILE-OTHER Intel Network Adapter Diagnostic Driver exploitation attempt (file-other.rules) * 1:61371 <-> DISABLED <-> SERVER-WEBAPP TerraMaster TOS unauthenticated command injection attempt (server-webapp.rules) * 1:61372 <-> DISABLED <-> SERVER-WEBAPP Forta GoAnywhere MFT remote code execution attempt (server-webapp.rules) * 1:61373 <-> DISABLED <-> SERVER-WEBAPP Forta GoAnywhere MFT remote code execution attempt (server-webapp.rules) * 1:61360 <-> ENABLED <-> SERVER-WEBAPP Microsoft Exchange Server remote code execution attempt (server-webapp.rules) * 1:61383 <-> DISABLED <-> FILE-OTHER Intel Network Adapter Diagnostic Driver exploitation attempt (file-other.rules) * 1:61363 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Agent payload download attempt (malware-other.rules) * 1:61366 <-> DISABLED <-> MALWARE-OTHER Doc.Dropper.Agent payload download attempt (malware-other.rules) * 1:61365 <-> DISABLED <-> MALWARE-OTHER Doc.Dropper.Agent payload download attempt (malware-other.rules) * 1:61379 <-> DISABLED <-> FILE-OTHER Intel Network Adapter Diagnostic Driver exploitation attempt (file-other.rules) * 1:61381 <-> DISABLED <-> FILE-OTHER Intel Network Adapter Diagnostic Driver exploitation attempt (file-other.rules) * 1:61376 <-> DISABLED <-> POLICY-OTHER Forta GoAnywhere MFT potential remote code execution attempt (policy-other.rules) * 1:61377 <-> DISABLED <-> POLICY-OTHER Forta GoAnywhere MFT potential remote code execution attempt (policy-other.rules) * 1:61361 <-> DISABLED <-> MALWARE-BACKDOOR FoggyWeb Exchange backdoor access attempt (malware-backdoor.rules) * 1:61378 <-> DISABLED <-> FILE-OTHER Intel Network Adapter Diagnostic Driver exploitation attempt (file-other.rules) * 1:61380 <-> DISABLED <-> FILE-OTHER Intel Network Adapter Diagnostic Driver exploitation attempt (file-other.rules) * 1:61370 <-> DISABLED <-> SERVER-WEBAPP TerraMaster TOS unauthenticated command injection attempt (server-webapp.rules) * 1:61375 <-> DISABLED <-> SERVER-WEBAPP Forta GoAnywhere MFT remote code execution attempt (server-webapp.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.0.3.1.
The format of the file is:
gid:sid <-> Message
* 1:300440 <-> MALWARE-OTHER Win.Trojan.Agent payload download attempt * 1:300441 <-> MALWARE-OTHER Doc.Dropper.Agent payload download attempt * 1:300442 <-> SERVER-WEBAPP Forta GoAnywhere MFT remote code execution attempt * 1:300443 <-> SERVER-WEBAPP Forta GoAnywhere MFT remote code execution attempt * 1:300444 <-> POLICY-OTHER Forta GoAnywhere MFT potential remote code execution attempt * 1:300445 <-> FILE-OTHER Intel Network Adapter Diagnostic Driver exploitation attempt * 1:300446 <-> FILE-OTHER Intel Network Adapter Diagnostic Driver exploitation attempt * 1:300447 <-> FILE-OTHER Intel Network Adapter Diagnostic Driver exploitation attempt * 1:61360 <-> SERVER-WEBAPP Microsoft Exchange Server remote code execution attempt * 1:61361 <-> MALWARE-BACKDOOR FoggyWeb Exchange backdoor access attempt * 1:61362 <-> MALWARE-BACKDOOR FoggyWeb Exchange backdoor access attempt * 3:61367 <-> SERVER-WEBAPP Cisco Email Security Appliance arbitrary code execution attempt * 3:61368 <-> FILE-OTHER ClamAV HFS+ partition scanning buffer overflow attempt * 3:61369 <-> FILE-OTHER ClamAV HFS+ partition scanning buffer overflow attempt * 1:61370 <-> SERVER-WEBAPP TerraMaster TOS unauthenticated command injection attempt * 1:61371 <-> SERVER-WEBAPP TerraMaster TOS unauthenticated command injection attempt * 3:61384 <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2023-1708 attack attempt * 3:61385 <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2023-1708 attack attempt * 3:61386 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2023-1719 attack attempt * 3:61387 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2023-1719 attack attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.0.3.4.
The format of the file is:
gid:sid <-> Message
* 1:300440 <-> MALWARE-OTHER Win.Trojan.Agent payload download attempt * 1:300441 <-> MALWARE-OTHER Doc.Dropper.Agent payload download attempt * 1:300442 <-> SERVER-WEBAPP Forta GoAnywhere MFT remote code execution attempt * 1:300443 <-> SERVER-WEBAPP Forta GoAnywhere MFT remote code execution attempt * 1:300444 <-> POLICY-OTHER Forta GoAnywhere MFT potential remote code execution attempt * 1:300445 <-> FILE-OTHER Intel Network Adapter Diagnostic Driver exploitation attempt * 1:300446 <-> FILE-OTHER Intel Network Adapter Diagnostic Driver exploitation attempt * 1:300447 <-> FILE-OTHER Intel Network Adapter Diagnostic Driver exploitation attempt * 1:61360 <-> SERVER-WEBAPP Microsoft Exchange Server remote code execution attempt * 1:61361 <-> MALWARE-BACKDOOR FoggyWeb Exchange backdoor access attempt * 1:61362 <-> MALWARE-BACKDOOR FoggyWeb Exchange backdoor access attempt * 3:61367 <-> SERVER-WEBAPP Cisco Email Security Appliance arbitrary code execution attempt * 3:61368 <-> FILE-OTHER ClamAV HFS+ partition scanning buffer overflow attempt * 3:61369 <-> FILE-OTHER ClamAV HFS+ partition scanning buffer overflow attempt * 1:61370 <-> SERVER-WEBAPP TerraMaster TOS unauthenticated command injection attempt * 1:61371 <-> SERVER-WEBAPP TerraMaster TOS unauthenticated command injection attempt * 3:61384 <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2023-1708 attack attempt * 3:61385 <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2023-1708 attack attempt * 3:61386 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2023-1719 attack attempt * 3:61387 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2023-1719 attack attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.0.0.
The format of the file is:
gid:sid <-> Message
* 1:300440 <-> MALWARE-OTHER Win.Trojan.Agent payload download attempt * 1:300441 <-> MALWARE-OTHER Doc.Dropper.Agent payload download attempt * 1:300442 <-> SERVER-WEBAPP Forta GoAnywhere MFT remote code execution attempt * 1:300443 <-> SERVER-WEBAPP Forta GoAnywhere MFT remote code execution attempt * 1:300444 <-> POLICY-OTHER Forta GoAnywhere MFT potential remote code execution attempt * 1:300445 <-> FILE-OTHER Intel Network Adapter Diagnostic Driver exploitation attempt * 1:300446 <-> FILE-OTHER Intel Network Adapter Diagnostic Driver exploitation attempt * 1:300447 <-> FILE-OTHER Intel Network Adapter Diagnostic Driver exploitation attempt * 1:61360 <-> SERVER-WEBAPP Microsoft Exchange Server remote code execution attempt * 1:61361 <-> MALWARE-BACKDOOR FoggyWeb Exchange backdoor access attempt * 1:61362 <-> MALWARE-BACKDOOR FoggyWeb Exchange backdoor access attempt * 3:61367 <-> SERVER-WEBAPP Cisco Email Security Appliance arbitrary code execution attempt * 3:61368 <-> FILE-OTHER ClamAV HFS+ partition scanning buffer overflow attempt * 3:61369 <-> FILE-OTHER ClamAV HFS+ partition scanning buffer overflow attempt * 1:61370 <-> SERVER-WEBAPP TerraMaster TOS unauthenticated command injection attempt * 1:61371 <-> SERVER-WEBAPP TerraMaster TOS unauthenticated command injection attempt * 3:61384 <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2023-1708 attack attempt * 3:61385 <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2023-1708 attack attempt * 3:61386 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2023-1719 attack attempt * 3:61387 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2023-1719 attack attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.0.1.
The format of the file is:
gid:sid <-> Message
* 1:300440 <-> MALWARE-OTHER Win.Trojan.Agent payload download attempt * 1:300441 <-> MALWARE-OTHER Doc.Dropper.Agent payload download attempt * 1:300442 <-> SERVER-WEBAPP Forta GoAnywhere MFT remote code execution attempt * 1:300443 <-> SERVER-WEBAPP Forta GoAnywhere MFT remote code execution attempt * 1:300444 <-> POLICY-OTHER Forta GoAnywhere MFT potential remote code execution attempt * 1:300445 <-> FILE-OTHER Intel Network Adapter Diagnostic Driver exploitation attempt * 1:300446 <-> FILE-OTHER Intel Network Adapter Diagnostic Driver exploitation attempt * 1:300447 <-> FILE-OTHER Intel Network Adapter Diagnostic Driver exploitation attempt * 1:61360 <-> SERVER-WEBAPP Microsoft Exchange Server remote code execution attempt * 1:61361 <-> MALWARE-BACKDOOR FoggyWeb Exchange backdoor access attempt * 1:61362 <-> MALWARE-BACKDOOR FoggyWeb Exchange backdoor access attempt * 3:61367 <-> SERVER-WEBAPP Cisco Email Security Appliance arbitrary code execution attempt * 3:61368 <-> FILE-OTHER ClamAV HFS+ partition scanning buffer overflow attempt * 3:61369 <-> FILE-OTHER ClamAV HFS+ partition scanning buffer overflow attempt * 1:61370 <-> SERVER-WEBAPP TerraMaster TOS unauthenticated command injection attempt * 1:61371 <-> SERVER-WEBAPP TerraMaster TOS unauthenticated command injection attempt * 3:61384 <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2023-1708 attack attempt * 3:61385 <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2023-1708 attack attempt * 3:61386 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2023-1719 attack attempt * 3:61387 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2023-1719 attack attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.1.0.
The format of the file is:
gid:sid <-> Message
* 1:300440 <-> MALWARE-OTHER Win.Trojan.Agent payload download attempt * 1:300441 <-> MALWARE-OTHER Doc.Dropper.Agent payload download attempt * 1:300442 <-> SERVER-WEBAPP Forta GoAnywhere MFT remote code execution attempt * 1:300443 <-> SERVER-WEBAPP Forta GoAnywhere MFT remote code execution attempt * 1:300444 <-> POLICY-OTHER Forta GoAnywhere MFT potential remote code execution attempt * 1:300445 <-> FILE-OTHER Intel Network Adapter Diagnostic Driver exploitation attempt * 1:300446 <-> FILE-OTHER Intel Network Adapter Diagnostic Driver exploitation attempt * 1:300447 <-> FILE-OTHER Intel Network Adapter Diagnostic Driver exploitation attempt * 1:61360 <-> SERVER-WEBAPP Microsoft Exchange Server remote code execution attempt * 1:61361 <-> MALWARE-BACKDOOR FoggyWeb Exchange backdoor access attempt * 1:61362 <-> MALWARE-BACKDOOR FoggyWeb Exchange backdoor access attempt * 3:61367 <-> SERVER-WEBAPP Cisco Email Security Appliance arbitrary code execution attempt * 3:61368 <-> FILE-OTHER ClamAV HFS+ partition scanning buffer overflow attempt * 3:61369 <-> FILE-OTHER ClamAV HFS+ partition scanning buffer overflow attempt * 1:61370 <-> SERVER-WEBAPP TerraMaster TOS unauthenticated command injection attempt * 1:61371 <-> SERVER-WEBAPP TerraMaster TOS unauthenticated command injection attempt * 3:61384 <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2023-1708 attack attempt * 3:61385 <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2023-1708 attack attempt * 3:61386 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2023-1719 attack attempt * 3:61387 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2023-1719 attack attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.3.0.
The format of the file is:
gid:sid <-> Message
* 1:300440 <-> MALWARE-OTHER Win.Trojan.Agent payload download attempt * 1:300441 <-> MALWARE-OTHER Doc.Dropper.Agent payload download attempt * 1:300442 <-> SERVER-WEBAPP Forta GoAnywhere MFT remote code execution attempt * 1:300443 <-> SERVER-WEBAPP Forta GoAnywhere MFT remote code execution attempt * 1:300444 <-> POLICY-OTHER Forta GoAnywhere MFT potential remote code execution attempt * 1:300445 <-> FILE-OTHER Intel Network Adapter Diagnostic Driver exploitation attempt * 1:300446 <-> FILE-OTHER Intel Network Adapter Diagnostic Driver exploitation attempt * 1:300447 <-> FILE-OTHER Intel Network Adapter Diagnostic Driver exploitation attempt * 1:61360 <-> SERVER-WEBAPP Microsoft Exchange Server remote code execution attempt * 1:61361 <-> MALWARE-BACKDOOR FoggyWeb Exchange backdoor access attempt * 1:61362 <-> MALWARE-BACKDOOR FoggyWeb Exchange backdoor access attempt * 3:61367 <-> SERVER-WEBAPP Cisco Email Security Appliance arbitrary code execution attempt * 3:61368 <-> FILE-OTHER ClamAV HFS+ partition scanning buffer overflow attempt * 3:61369 <-> FILE-OTHER ClamAV HFS+ partition scanning buffer overflow attempt * 1:61370 <-> SERVER-WEBAPP TerraMaster TOS unauthenticated command injection attempt * 1:61371 <-> SERVER-WEBAPP TerraMaster TOS unauthenticated command injection attempt * 3:61384 <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2023-1708 attack attempt * 3:61385 <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2023-1708 attack attempt * 3:61386 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2023-1719 attack attempt * 3:61387 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2023-1719 attack attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.4.0.
The format of the file is:
gid:sid <-> Message
* 1:300440 <-> MALWARE-OTHER Win.Trojan.Agent payload download attempt * 1:300441 <-> MALWARE-OTHER Doc.Dropper.Agent payload download attempt * 1:300442 <-> SERVER-WEBAPP Forta GoAnywhere MFT remote code execution attempt * 1:300443 <-> SERVER-WEBAPP Forta GoAnywhere MFT remote code execution attempt * 1:300444 <-> POLICY-OTHER Forta GoAnywhere MFT potential remote code execution attempt * 1:300445 <-> FILE-OTHER Intel Network Adapter Diagnostic Driver exploitation attempt * 1:300446 <-> FILE-OTHER Intel Network Adapter Diagnostic Driver exploitation attempt * 1:300447 <-> FILE-OTHER Intel Network Adapter Diagnostic Driver exploitation attempt * 1:61360 <-> SERVER-WEBAPP Microsoft Exchange Server remote code execution attempt * 1:61361 <-> MALWARE-BACKDOOR FoggyWeb Exchange backdoor access attempt * 1:61362 <-> MALWARE-BACKDOOR FoggyWeb Exchange backdoor access attempt * 3:61367 <-> SERVER-WEBAPP Cisco Email Security Appliance arbitrary code execution attempt * 3:61368 <-> FILE-OTHER ClamAV HFS+ partition scanning buffer overflow attempt * 3:61369 <-> FILE-OTHER ClamAV HFS+ partition scanning buffer overflow attempt * 1:61370 <-> SERVER-WEBAPP TerraMaster TOS unauthenticated command injection attempt * 1:61371 <-> SERVER-WEBAPP TerraMaster TOS unauthenticated command injection attempt * 3:61384 <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2023-1708 attack attempt * 3:61385 <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2023-1708 attack attempt * 3:61386 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2023-1719 attack attempt * 3:61387 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2023-1719 attack attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.5.0.
The format of the file is:
gid:sid <-> Message
* 1:300440 <-> MALWARE-OTHER Win.Trojan.Agent payload download attempt * 1:300441 <-> MALWARE-OTHER Doc.Dropper.Agent payload download attempt * 1:300442 <-> SERVER-WEBAPP Forta GoAnywhere MFT remote code execution attempt * 1:300443 <-> SERVER-WEBAPP Forta GoAnywhere MFT remote code execution attempt * 1:300444 <-> POLICY-OTHER Forta GoAnywhere MFT potential remote code execution attempt * 1:300445 <-> FILE-OTHER Intel Network Adapter Diagnostic Driver exploitation attempt * 1:300446 <-> FILE-OTHER Intel Network Adapter Diagnostic Driver exploitation attempt * 1:300447 <-> FILE-OTHER Intel Network Adapter Diagnostic Driver exploitation attempt * 1:61360 <-> SERVER-WEBAPP Microsoft Exchange Server remote code execution attempt * 1:61361 <-> MALWARE-BACKDOOR FoggyWeb Exchange backdoor access attempt * 1:61362 <-> MALWARE-BACKDOOR FoggyWeb Exchange backdoor access attempt * 3:61367 <-> SERVER-WEBAPP Cisco Email Security Appliance arbitrary code execution attempt * 3:61368 <-> FILE-OTHER ClamAV HFS+ partition scanning buffer overflow attempt * 3:61369 <-> FILE-OTHER ClamAV HFS+ partition scanning buffer overflow attempt * 1:61370 <-> SERVER-WEBAPP TerraMaster TOS unauthenticated command injection attempt * 1:61371 <-> SERVER-WEBAPP TerraMaster TOS unauthenticated command injection attempt * 3:61384 <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2023-1708 attack attempt * 3:61385 <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2023-1708 attack attempt * 3:61386 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2023-1719 attack attempt * 3:61387 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2023-1719 attack attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.7.0.
The format of the file is:
gid:sid <-> Message
* 1:300440 <-> MALWARE-OTHER Win.Trojan.Agent payload download attempt * 1:300441 <-> MALWARE-OTHER Doc.Dropper.Agent payload download attempt * 1:300442 <-> SERVER-WEBAPP Forta GoAnywhere MFT remote code execution attempt * 1:300443 <-> SERVER-WEBAPP Forta GoAnywhere MFT remote code execution attempt * 1:300444 <-> POLICY-OTHER Forta GoAnywhere MFT potential remote code execution attempt * 1:300445 <-> FILE-OTHER Intel Network Adapter Diagnostic Driver exploitation attempt * 1:300446 <-> FILE-OTHER Intel Network Adapter Diagnostic Driver exploitation attempt * 1:300447 <-> FILE-OTHER Intel Network Adapter Diagnostic Driver exploitation attempt * 1:61360 <-> SERVER-WEBAPP Microsoft Exchange Server remote code execution attempt * 1:61361 <-> MALWARE-BACKDOOR FoggyWeb Exchange backdoor access attempt * 1:61362 <-> MALWARE-BACKDOOR FoggyWeb Exchange backdoor access attempt * 3:61367 <-> SERVER-WEBAPP Cisco Email Security Appliance arbitrary code execution attempt * 3:61368 <-> FILE-OTHER ClamAV HFS+ partition scanning buffer overflow attempt * 3:61369 <-> FILE-OTHER ClamAV HFS+ partition scanning buffer overflow attempt * 1:61370 <-> SERVER-WEBAPP TerraMaster TOS unauthenticated command injection attempt * 1:61371 <-> SERVER-WEBAPP TerraMaster TOS unauthenticated command injection attempt * 3:61384 <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2023-1708 attack attempt * 3:61385 <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2023-1708 attack attempt * 3:61386 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2023-1719 attack attempt * 3:61387 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2023-1719 attack attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.9.0.
The format of the file is:
gid:sid <-> Message
* 1:300440 <-> MALWARE-OTHER Win.Trojan.Agent payload download attempt * 1:300441 <-> MALWARE-OTHER Doc.Dropper.Agent payload download attempt * 1:300442 <-> SERVER-WEBAPP Forta GoAnywhere MFT remote code execution attempt * 1:300443 <-> SERVER-WEBAPP Forta GoAnywhere MFT remote code execution attempt * 1:300444 <-> POLICY-OTHER Forta GoAnywhere MFT potential remote code execution attempt * 1:300445 <-> FILE-OTHER Intel Network Adapter Diagnostic Driver exploitation attempt * 1:300446 <-> FILE-OTHER Intel Network Adapter Diagnostic Driver exploitation attempt * 1:300447 <-> FILE-OTHER Intel Network Adapter Diagnostic Driver exploitation attempt * 1:61360 <-> SERVER-WEBAPP Microsoft Exchange Server remote code execution attempt * 1:61361 <-> MALWARE-BACKDOOR FoggyWeb Exchange backdoor access attempt * 1:61362 <-> MALWARE-BACKDOOR FoggyWeb Exchange backdoor access attempt * 3:61367 <-> SERVER-WEBAPP Cisco Email Security Appliance arbitrary code execution attempt * 3:61368 <-> FILE-OTHER ClamAV HFS+ partition scanning buffer overflow attempt * 3:61369 <-> FILE-OTHER ClamAV HFS+ partition scanning buffer overflow attempt * 1:61370 <-> SERVER-WEBAPP TerraMaster TOS unauthenticated command injection attempt * 1:61371 <-> SERVER-WEBAPP TerraMaster TOS unauthenticated command injection attempt * 3:61384 <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2023-1708 attack attempt * 3:61385 <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2023-1708 attack attempt * 3:61386 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2023-1719 attack attempt * 3:61387 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2023-1719 attack attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.11.0.
The format of the file is:
gid:sid <-> Message
* 1:300440 <-> MALWARE-OTHER Win.Trojan.Agent payload download attempt * 1:300441 <-> MALWARE-OTHER Doc.Dropper.Agent payload download attempt * 1:300442 <-> SERVER-WEBAPP Forta GoAnywhere MFT remote code execution attempt * 1:300443 <-> SERVER-WEBAPP Forta GoAnywhere MFT remote code execution attempt * 1:300444 <-> POLICY-OTHER Forta GoAnywhere MFT potential remote code execution attempt * 1:300445 <-> FILE-OTHER Intel Network Adapter Diagnostic Driver exploitation attempt * 1:300446 <-> FILE-OTHER Intel Network Adapter Diagnostic Driver exploitation attempt * 1:300447 <-> FILE-OTHER Intel Network Adapter Diagnostic Driver exploitation attempt * 1:61360 <-> SERVER-WEBAPP Microsoft Exchange Server remote code execution attempt * 1:61361 <-> MALWARE-BACKDOOR FoggyWeb Exchange backdoor access attempt * 1:61362 <-> MALWARE-BACKDOOR FoggyWeb Exchange backdoor access attempt * 3:61367 <-> SERVER-WEBAPP Cisco Email Security Appliance arbitrary code execution attempt * 3:61368 <-> FILE-OTHER ClamAV HFS+ partition scanning buffer overflow attempt * 3:61369 <-> FILE-OTHER ClamAV HFS+ partition scanning buffer overflow attempt * 1:61370 <-> SERVER-WEBAPP TerraMaster TOS unauthenticated command injection attempt * 1:61371 <-> SERVER-WEBAPP TerraMaster TOS unauthenticated command injection attempt * 3:61384 <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2023-1708 attack attempt * 3:61385 <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2023-1708 attack attempt * 3:61386 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2023-1719 attack attempt * 3:61387 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2023-1719 attack attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.15.0.
The format of the file is:
gid:sid <-> Message
* 1:300440 <-> MALWARE-OTHER Win.Trojan.Agent payload download attempt * 1:300441 <-> MALWARE-OTHER Doc.Dropper.Agent payload download attempt * 1:300442 <-> SERVER-WEBAPP Forta GoAnywhere MFT remote code execution attempt * 1:300443 <-> SERVER-WEBAPP Forta GoAnywhere MFT remote code execution attempt * 1:300444 <-> POLICY-OTHER Forta GoAnywhere MFT potential remote code execution attempt * 1:300445 <-> FILE-OTHER Intel Network Adapter Diagnostic Driver exploitation attempt * 1:300446 <-> FILE-OTHER Intel Network Adapter Diagnostic Driver exploitation attempt * 1:300447 <-> FILE-OTHER Intel Network Adapter Diagnostic Driver exploitation attempt * 1:61360 <-> SERVER-WEBAPP Microsoft Exchange Server remote code execution attempt * 1:61361 <-> MALWARE-BACKDOOR FoggyWeb Exchange backdoor access attempt * 1:61362 <-> MALWARE-BACKDOOR FoggyWeb Exchange backdoor access attempt * 3:61367 <-> SERVER-WEBAPP Cisco Email Security Appliance arbitrary code execution attempt * 3:61368 <-> FILE-OTHER ClamAV HFS+ partition scanning buffer overflow attempt * 3:61369 <-> FILE-OTHER ClamAV HFS+ partition scanning buffer overflow attempt * 1:61370 <-> SERVER-WEBAPP TerraMaster TOS unauthenticated command injection attempt * 1:61371 <-> SERVER-WEBAPP TerraMaster TOS unauthenticated command injection attempt * 3:61384 <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2023-1708 attack attempt * 3:61385 <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2023-1708 attack attempt * 3:61386 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2023-1719 attack attempt * 3:61387 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2023-1719 attack attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.18.0.
The format of the file is:
gid:sid <-> Message
* 1:300440 <-> MALWARE-OTHER Win.Trojan.Agent payload download attempt * 1:300441 <-> MALWARE-OTHER Doc.Dropper.Agent payload download attempt * 1:300442 <-> SERVER-WEBAPP Forta GoAnywhere MFT remote code execution attempt * 1:300443 <-> SERVER-WEBAPP Forta GoAnywhere MFT remote code execution attempt * 1:300444 <-> POLICY-OTHER Forta GoAnywhere MFT potential remote code execution attempt * 1:300445 <-> FILE-OTHER Intel Network Adapter Diagnostic Driver exploitation attempt * 1:300446 <-> FILE-OTHER Intel Network Adapter Diagnostic Driver exploitation attempt * 1:300447 <-> FILE-OTHER Intel Network Adapter Diagnostic Driver exploitation attempt * 1:61360 <-> SERVER-WEBAPP Microsoft Exchange Server remote code execution attempt * 1:61361 <-> MALWARE-BACKDOOR FoggyWeb Exchange backdoor access attempt * 1:61362 <-> MALWARE-BACKDOOR FoggyWeb Exchange backdoor access attempt * 3:61367 <-> SERVER-WEBAPP Cisco Email Security Appliance arbitrary code execution attempt * 3:61368 <-> FILE-OTHER ClamAV HFS+ partition scanning buffer overflow attempt * 3:61369 <-> FILE-OTHER ClamAV HFS+ partition scanning buffer overflow attempt * 1:61370 <-> SERVER-WEBAPP TerraMaster TOS unauthenticated command injection attempt * 1:61371 <-> SERVER-WEBAPP TerraMaster TOS unauthenticated command injection attempt * 3:61384 <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2023-1708 attack attempt * 3:61385 <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2023-1708 attack attempt * 3:61386 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2023-1719 attack attempt * 3:61387 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2023-1719 attack attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.20.0.
The format of the file is:
gid:sid <-> Message
* 1:300440 <-> MALWARE-OTHER Win.Trojan.Agent payload download attempt * 1:300441 <-> MALWARE-OTHER Doc.Dropper.Agent payload download attempt * 1:300442 <-> SERVER-WEBAPP Forta GoAnywhere MFT remote code execution attempt * 1:300443 <-> SERVER-WEBAPP Forta GoAnywhere MFT remote code execution attempt * 1:300444 <-> POLICY-OTHER Forta GoAnywhere MFT potential remote code execution attempt * 1:300445 <-> FILE-OTHER Intel Network Adapter Diagnostic Driver exploitation attempt * 1:300446 <-> FILE-OTHER Intel Network Adapter Diagnostic Driver exploitation attempt * 1:300447 <-> FILE-OTHER Intel Network Adapter Diagnostic Driver exploitation attempt * 1:61360 <-> SERVER-WEBAPP Microsoft Exchange Server remote code execution attempt * 1:61361 <-> MALWARE-BACKDOOR FoggyWeb Exchange backdoor access attempt * 1:61362 <-> MALWARE-BACKDOOR FoggyWeb Exchange backdoor access attempt * 3:61367 <-> SERVER-WEBAPP Cisco Email Security Appliance arbitrary code execution attempt * 3:61368 <-> FILE-OTHER ClamAV HFS+ partition scanning buffer overflow attempt * 3:61369 <-> FILE-OTHER ClamAV HFS+ partition scanning buffer overflow attempt * 1:61370 <-> SERVER-WEBAPP TerraMaster TOS unauthenticated command injection attempt * 1:61371 <-> SERVER-WEBAPP TerraMaster TOS unauthenticated command injection attempt * 3:61384 <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2023-1708 attack attempt * 3:61385 <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2023-1708 attack attempt * 3:61386 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2023-1719 attack attempt * 3:61387 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2023-1719 attack attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.21.0.
The format of the file is:
gid:sid <-> Message
* 1:300440 <-> MALWARE-OTHER Win.Trojan.Agent payload download attempt * 1:300441 <-> MALWARE-OTHER Doc.Dropper.Agent payload download attempt * 1:300442 <-> SERVER-WEBAPP Forta GoAnywhere MFT remote code execution attempt * 1:300443 <-> SERVER-WEBAPP Forta GoAnywhere MFT remote code execution attempt * 1:300444 <-> POLICY-OTHER Forta GoAnywhere MFT potential remote code execution attempt * 1:300445 <-> FILE-OTHER Intel Network Adapter Diagnostic Driver exploitation attempt * 1:300446 <-> FILE-OTHER Intel Network Adapter Diagnostic Driver exploitation attempt * 1:300447 <-> FILE-OTHER Intel Network Adapter Diagnostic Driver exploitation attempt * 1:61360 <-> SERVER-WEBAPP Microsoft Exchange Server remote code execution attempt * 1:61361 <-> MALWARE-BACKDOOR FoggyWeb Exchange backdoor access attempt * 1:61362 <-> MALWARE-BACKDOOR FoggyWeb Exchange backdoor access attempt * 3:61367 <-> SERVER-WEBAPP Cisco Email Security Appliance arbitrary code execution attempt * 3:61368 <-> FILE-OTHER ClamAV HFS+ partition scanning buffer overflow attempt * 3:61369 <-> FILE-OTHER ClamAV HFS+ partition scanning buffer overflow attempt * 1:61370 <-> SERVER-WEBAPP TerraMaster TOS unauthenticated command injection attempt * 1:61371 <-> SERVER-WEBAPP TerraMaster TOS unauthenticated command injection attempt * 3:61384 <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2023-1708 attack attempt * 3:61385 <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2023-1708 attack attempt * 3:61386 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2023-1719 attack attempt * 3:61387 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2023-1719 attack attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.35.0.
The format of the file is:
gid:sid <-> Message
* 1:300440 <-> MALWARE-OTHER Win.Trojan.Agent payload download attempt * 1:300441 <-> MALWARE-OTHER Doc.Dropper.Agent payload download attempt * 1:300442 <-> SERVER-WEBAPP Forta GoAnywhere MFT remote code execution attempt * 1:300443 <-> SERVER-WEBAPP Forta GoAnywhere MFT remote code execution attempt * 1:300444 <-> POLICY-OTHER Forta GoAnywhere MFT potential remote code execution attempt * 1:300445 <-> FILE-OTHER Intel Network Adapter Diagnostic Driver exploitation attempt * 1:300446 <-> FILE-OTHER Intel Network Adapter Diagnostic Driver exploitation attempt * 1:300447 <-> FILE-OTHER Intel Network Adapter Diagnostic Driver exploitation attempt * 1:61360 <-> SERVER-WEBAPP Microsoft Exchange Server remote code execution attempt * 1:61361 <-> MALWARE-BACKDOOR FoggyWeb Exchange backdoor access attempt * 1:61362 <-> MALWARE-BACKDOOR FoggyWeb Exchange backdoor access attempt * 3:61367 <-> SERVER-WEBAPP Cisco Email Security Appliance arbitrary code execution attempt * 3:61368 <-> FILE-OTHER ClamAV HFS+ partition scanning buffer overflow attempt * 3:61369 <-> FILE-OTHER ClamAV HFS+ partition scanning buffer overflow attempt * 1:61370 <-> SERVER-WEBAPP TerraMaster TOS unauthenticated command injection attempt * 1:61371 <-> SERVER-WEBAPP TerraMaster TOS unauthenticated command injection attempt * 3:61384 <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2023-1708 attack attempt * 3:61385 <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2023-1708 attack attempt * 3:61386 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2023-1719 attack attempt * 3:61387 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2023-1719 attack attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.44.0.
The format of the file is:
gid:sid <-> Message
* 1:300440 <-> MALWARE-OTHER Win.Trojan.Agent payload download attempt * 1:300441 <-> MALWARE-OTHER Doc.Dropper.Agent payload download attempt * 1:300442 <-> SERVER-WEBAPP Forta GoAnywhere MFT remote code execution attempt * 1:300443 <-> SERVER-WEBAPP Forta GoAnywhere MFT remote code execution attempt * 1:300444 <-> POLICY-OTHER Forta GoAnywhere MFT potential remote code execution attempt * 1:300445 <-> FILE-OTHER Intel Network Adapter Diagnostic Driver exploitation attempt * 1:300446 <-> FILE-OTHER Intel Network Adapter Diagnostic Driver exploitation attempt * 1:300447 <-> FILE-OTHER Intel Network Adapter Diagnostic Driver exploitation attempt * 1:61360 <-> SERVER-WEBAPP Microsoft Exchange Server remote code execution attempt * 1:61361 <-> MALWARE-BACKDOOR FoggyWeb Exchange backdoor access attempt * 1:61362 <-> MALWARE-BACKDOOR FoggyWeb Exchange backdoor access attempt * 3:61367 <-> SERVER-WEBAPP Cisco Email Security Appliance arbitrary code execution attempt * 3:61368 <-> FILE-OTHER ClamAV HFS+ partition scanning buffer overflow attempt * 3:61369 <-> FILE-OTHER ClamAV HFS+ partition scanning buffer overflow attempt * 1:61370 <-> SERVER-WEBAPP TerraMaster TOS unauthenticated command injection attempt * 1:61371 <-> SERVER-WEBAPP TerraMaster TOS unauthenticated command injection attempt * 3:61384 <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2023-1708 attack attempt * 3:61385 <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2023-1708 attack attempt * 3:61386 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2023-1719 attack attempt * 3:61387 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2023-1719 attack attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.47.0.
The format of the file is:
gid:sid <-> Message
* 1:300440 <-> MALWARE-OTHER Win.Trojan.Agent payload download attempt * 1:300441 <-> MALWARE-OTHER Doc.Dropper.Agent payload download attempt * 1:300442 <-> SERVER-WEBAPP Forta GoAnywhere MFT remote code execution attempt * 1:300443 <-> SERVER-WEBAPP Forta GoAnywhere MFT remote code execution attempt * 1:300444 <-> POLICY-OTHER Forta GoAnywhere MFT potential remote code execution attempt * 1:300445 <-> FILE-OTHER Intel Network Adapter Diagnostic Driver exploitation attempt * 1:300446 <-> FILE-OTHER Intel Network Adapter Diagnostic Driver exploitation attempt * 1:300447 <-> FILE-OTHER Intel Network Adapter Diagnostic Driver exploitation attempt * 1:61360 <-> SERVER-WEBAPP Microsoft Exchange Server remote code execution attempt * 1:61361 <-> MALWARE-BACKDOOR FoggyWeb Exchange backdoor access attempt * 1:61362 <-> MALWARE-BACKDOOR FoggyWeb Exchange backdoor access attempt * 3:61367 <-> SERVER-WEBAPP Cisco Email Security Appliance arbitrary code execution attempt * 3:61368 <-> FILE-OTHER ClamAV HFS+ partition scanning buffer overflow attempt * 3:61369 <-> FILE-OTHER ClamAV HFS+ partition scanning buffer overflow attempt * 1:61370 <-> SERVER-WEBAPP TerraMaster TOS unauthenticated command injection attempt * 1:61371 <-> SERVER-WEBAPP TerraMaster TOS unauthenticated command injection attempt * 3:61384 <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2023-1708 attack attempt * 3:61385 <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2023-1708 attack attempt * 3:61386 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2023-1719 attack attempt * 3:61387 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2023-1719 attack attempt
©2024 Cisco and/or its affiliates. Snort, the Snort and Pig logo are registered trademarks of Cisco. All rights reserved.
