Talos Rules 2024-03-12
Talos is aware of vulnerabilities affecting products from Microsoft Corporation.

Microsoft Vulnerability CVE-2024-21433: A coding deficiency exists in Microsoft Windows Print Spooler that may lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with: Snort 2: GID 1, SIDs 63169 through 63170, Snort 3: GID 1, SID 300862.

Microsoft Vulnerability CVE-2024-21437: A coding deficiency exists in Microsoft Windows GDI that may lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with: Snort 2: GID 1, SIDs 63144 through 63145, Snort 3: GID 1, SID 300856.

Microsoft Vulnerability CVE-2024-26160: A coding deficiency exists in Microsoft Windows Kernel that may lead to an information disclosure.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with: Snort 2: GID 1, SIDs 63161 through 63162, Snort 3: GID 1, SID 300860.

Microsoft Vulnerability CVE-2024-26170: A coding deficiency exists in Microsoft Windows Kernel that may lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with: Snort 2: GID 1, SIDs 63152 through 63153, Snort 3: GID 1, SID 300858.

Microsoft Vulnerability CVE-2024-26182: A coding deficiency exists in Microsoft Windows Kernel that may lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with: Snort 2: GID 1, SIDs 63140 through 63141, Snort 3: GID 1, SID 300855.

Microsoft Vulnerability CVE-2024-26185: A coding deficiency exists in Microsoft Windows Compressed Folder that may lead to tampering.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with: Snort 2: GID 1, SIDs 63155 through 63156, Snort 3: GID 1, SID 300859.

Talos also has added and modified multiple rules in the file-other, malware-other, os-windows and server-webapp rule sets to provide coverage for emerging threats from these technologies.

For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.

Change logs

2024-03-12 17:16:00 UTC

Snort Subscriber Rules Update

Date: 2024-03-12

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2092000.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:63140 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt (os-windows.rules)
 * 1:63141 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt (os-windows.rules)
 * 1:63142 <-> ENABLED <-> SERVER-WEBAPP CrushFTP authentication bypass attempt (server-webapp.rules)
 * 1:63143 <-> DISABLED <-> SERVER-WEBAPP WordPress wpDiscuz plugin arbitrary PHP file upload attempt (server-webapp.rules)
 * 1:63144 <-> DISABLED <-> OS-WINDOWS Microsoft Windows GDI elevation of privilege attempt (os-windows.rules)
 * 1:63145 <-> DISABLED <-> OS-WINDOWS Microsoft Windows GDI elevation of privilege attempt (os-windows.rules)
 * 1:63146 <-> DISABLED <-> SERVER-OTHER VMware vCenter DCERPC out of bounds write attempt (server-other.rules)
 * 1:63147 <-> DISABLED <-> SERVER-OTHER VMware vCenter DCERPC out of bounds write attempt (server-other.rules)
 * 1:63148 <-> DISABLED <-> SERVER-OTHER VMware vCenter DCERPC out of bounds write attempt (server-other.rules)
 * 1:63149 <-> DISABLED <-> SERVER-OTHER VMware vCenter DCERPC out of bounds write attempt (server-other.rules)
 * 1:63150 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine OpManager FailOverHelperServlet cross site scripting attempt (server-webapp.rules)
 * 1:63151 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine OpManager FailOverHelperServlet cross site scripting attempt (server-webapp.rules)
 * 1:63152 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt (os-windows.rules)
 * 1:63153 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt (os-windows.rules)
 * 1:63154 <-> ENABLED <-> SERVER-WEBAPP JetBrains TeamCity authentication bypass attempt (server-webapp.rules)
 * 1:63155 <-> DISABLED <-> FILE-OTHER Microsoft Windows compressed folder tampering attempt (file-other.rules)
 * 1:63156 <-> DISABLED <-> FILE-OTHER Microsoft Windows compressed folder tampering attempt (file-other.rules)
 * 1:63161 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kernel information disclosure attempt (os-windows.rules)
 * 1:63162 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kernel information disclosure attempt (os-windows.rules)
 * 1:63163 <-> DISABLED <-> MALWARE-OTHER Linux.Trojan.GTPDoor download attempt (malware-other.rules)
 * 1:63164 <-> DISABLED <-> MALWARE-OTHER Linux.Trojan.GTPDoor download attempt (malware-other.rules)
 * 1:63169 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Print Spooler elevation of privileges attempt (os-windows.rules)
 * 1:63170 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Print Spooler elevation of privileges attempt (os-windows.rules)
 * 3:63180 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt (file-other.rules)
 * 3:63179 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt (file-other.rules)
 * 3:63157 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1953 attack attempt (server-webapp.rules)
 * 3:63158 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1953 attack attempt (server-webapp.rules)
 * 3:63159 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1953 attack attempt (server-webapp.rules)
 * 3:63160 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1953 attack attempt (server-webapp.rules)
 * 3:63165 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1928 attack attempt (file-other.rules)
 * 3:63166 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1928 attack attempt (file-other.rules)
 * 3:63167 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1928 attack attempt (file-other.rules)
 * 3:63168 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1928 attack attempt (file-other.rules)
 * 3:63171 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt (file-other.rules)
 * 3:63172 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt (file-other.rules)
 * 3:63173 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt (file-other.rules)
 * 3:63174 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt (file-other.rules)
 * 3:63175 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt (file-other.rules)
 * 3:63176 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt (file-other.rules)
 * 3:63177 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt (file-other.rules)
 * 3:63178 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt (file-other.rules)

Modified Rules:


 * 1:43279 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess cross site scripting attempt (server-webapp.rules)
 * 1:44667 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess cross site scripting attempt (server-webapp.rules)
 * 1:59339 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager AdHocQuery_Processor SQL injection attempt (server-webapp.rules)
 * 1:59340 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager AdHocQuery_Processor SQL injection attempt (server-webapp.rules)
 * 1:59341 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager AdHocQuery_Processor SQL injection attempt (server-webapp.rules)

2024-03-12 17:16:00 UTC

Snort Subscriber Rules Update

Date: 2024-03-12

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2091900.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:63162 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kernel information disclosure attempt (os-windows.rules)
 * 1:63141 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt (os-windows.rules)
 * 1:63152 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt (os-windows.rules)
 * 1:63142 <-> ENABLED <-> SERVER-WEBAPP CrushFTP authentication bypass attempt (server-webapp.rules)
 * 1:63144 <-> DISABLED <-> OS-WINDOWS Microsoft Windows GDI elevation of privilege attempt (os-windows.rules)
 * 1:63140 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt (os-windows.rules)
 * 1:63145 <-> DISABLED <-> OS-WINDOWS Microsoft Windows GDI elevation of privilege attempt (os-windows.rules)
 * 1:63146 <-> DISABLED <-> SERVER-OTHER VMware vCenter DCERPC out of bounds write attempt (server-other.rules)
 * 1:63147 <-> DISABLED <-> SERVER-OTHER VMware vCenter DCERPC out of bounds write attempt (server-other.rules)
 * 1:63148 <-> DISABLED <-> SERVER-OTHER VMware vCenter DCERPC out of bounds write attempt (server-other.rules)
 * 1:63149 <-> DISABLED <-> SERVER-OTHER VMware vCenter DCERPC out of bounds write attempt (server-other.rules)
 * 1:63153 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt (os-windows.rules)
 * 1:63154 <-> ENABLED <-> SERVER-WEBAPP JetBrains TeamCity authentication bypass attempt (server-webapp.rules)
 * 1:63156 <-> DISABLED <-> FILE-OTHER Microsoft Windows compressed folder tampering attempt (file-other.rules)
 * 1:63155 <-> DISABLED <-> FILE-OTHER Microsoft Windows compressed folder tampering attempt (file-other.rules)
 * 1:63143 <-> DISABLED <-> SERVER-WEBAPP WordPress wpDiscuz plugin arbitrary PHP file upload attempt (server-webapp.rules)
 * 1:63161 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kernel information disclosure attempt (os-windows.rules)
 * 1:63150 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine OpManager FailOverHelperServlet cross site scripting attempt (server-webapp.rules)
 * 1:63151 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine OpManager FailOverHelperServlet cross site scripting attempt (server-webapp.rules)
 * 1:63163 <-> DISABLED <-> MALWARE-OTHER Linux.Trojan.GTPDoor download attempt (malware-other.rules)
 * 1:63169 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Print Spooler elevation of privileges attempt (os-windows.rules)
 * 1:63164 <-> DISABLED <-> MALWARE-OTHER Linux.Trojan.GTPDoor download attempt (malware-other.rules)
 * 1:63170 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Print Spooler elevation of privileges attempt (os-windows.rules)
 * 3:63180 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt (file-other.rules)
 * 3:63179 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt (file-other.rules)
 * 3:63176 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt (file-other.rules)
 * 3:63175 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt (file-other.rules)
 * 3:63177 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt (file-other.rules)
 * 3:63178 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt (file-other.rules)
 * 3:63166 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1928 attack attempt (file-other.rules)
 * 3:63165 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1928 attack attempt (file-other.rules)
 * 3:63167 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1928 attack attempt (file-other.rules)
 * 3:63172 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt (file-other.rules)
 * 3:63168 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1928 attack attempt (file-other.rules)
 * 3:63174 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt (file-other.rules)
 * 3:63171 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt (file-other.rules)
 * 3:63160 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1953 attack attempt (server-webapp.rules)
 * 3:63159 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1953 attack attempt (server-webapp.rules)
 * 3:63173 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt (file-other.rules)
 * 3:63158 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1953 attack attempt (server-webapp.rules)
 * 3:63157 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1953 attack attempt (server-webapp.rules)

Modified Rules:


 * 1:59341 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager AdHocQuery_Processor SQL injection attempt (server-webapp.rules)
 * 1:44667 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess cross site scripting attempt (server-webapp.rules)
 * 1:43279 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess cross site scripting attempt (server-webapp.rules)
 * 1:59339 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager AdHocQuery_Processor SQL injection attempt (server-webapp.rules)
 * 1:59340 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager AdHocQuery_Processor SQL injection attempt (server-webapp.rules)

2024-03-12 17:16:00 UTC

Snort Subscriber Rules Update

Date: 2024-03-12

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2091801.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:63170 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Print Spooler elevation of privileges attempt (os-windows.rules)
 * 1:63152 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt (os-windows.rules)
 * 1:63163 <-> DISABLED <-> MALWARE-OTHER Linux.Trojan.GTPDoor download attempt (malware-other.rules)
 * 1:63147 <-> DISABLED <-> SERVER-OTHER VMware vCenter DCERPC out of bounds write attempt (server-other.rules)
 * 1:63169 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Print Spooler elevation of privileges attempt (os-windows.rules)
 * 1:63154 <-> ENABLED <-> SERVER-WEBAPP JetBrains TeamCity authentication bypass attempt (server-webapp.rules)
 * 1:63145 <-> DISABLED <-> OS-WINDOWS Microsoft Windows GDI elevation of privilege attempt (os-windows.rules)
 * 1:63140 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt (os-windows.rules)
 * 1:63164 <-> DISABLED <-> MALWARE-OTHER Linux.Trojan.GTPDoor download attempt (malware-other.rules)
 * 1:63144 <-> DISABLED <-> OS-WINDOWS Microsoft Windows GDI elevation of privilege attempt (os-windows.rules)
 * 1:63143 <-> DISABLED <-> SERVER-WEBAPP WordPress wpDiscuz plugin arbitrary PHP file upload attempt (server-webapp.rules)
 * 1:63150 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine OpManager FailOverHelperServlet cross site scripting attempt (server-webapp.rules)
 * 1:63146 <-> DISABLED <-> SERVER-OTHER VMware vCenter DCERPC out of bounds write attempt (server-other.rules)
 * 1:63142 <-> ENABLED <-> SERVER-WEBAPP CrushFTP authentication bypass attempt (server-webapp.rules)
 * 1:63148 <-> DISABLED <-> SERVER-OTHER VMware vCenter DCERPC out of bounds write attempt (server-other.rules)
 * 1:63141 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt (os-windows.rules)
 * 1:63151 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine OpManager FailOverHelperServlet cross site scripting attempt (server-webapp.rules)
 * 1:63153 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt (os-windows.rules)
 * 1:63149 <-> DISABLED <-> SERVER-OTHER VMware vCenter DCERPC out of bounds write attempt (server-other.rules)
 * 1:63155 <-> DISABLED <-> FILE-OTHER Microsoft Windows compressed folder tampering attempt (file-other.rules)
 * 1:63156 <-> DISABLED <-> FILE-OTHER Microsoft Windows compressed folder tampering attempt (file-other.rules)
 * 1:63161 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kernel information disclosure attempt (os-windows.rules)
 * 1:63162 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kernel information disclosure attempt (os-windows.rules)
 * 3:63171 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt (file-other.rules)
 * 3:63180 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt (file-other.rules)
 * 3:63159 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1953 attack attempt (server-webapp.rules)
 * 3:63165 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1928 attack attempt (file-other.rules)
 * 3:63160 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1953 attack attempt (server-webapp.rules)
 * 3:63175 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt (file-other.rules)
 * 3:63173 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt (file-other.rules)
 * 3:63179 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt (file-other.rules)
 * 3:63166 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1928 attack attempt (file-other.rules)
 * 3:63176 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt (file-other.rules)
 * 3:63168 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1928 attack attempt (file-other.rules)
 * 3:63167 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1928 attack attempt (file-other.rules)
 * 3:63174 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt (file-other.rules)
 * 3:63172 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt (file-other.rules)
 * 3:63178 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt (file-other.rules)
 * 3:63157 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1953 attack attempt (server-webapp.rules)
 * 3:63177 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt (file-other.rules)
 * 3:63158 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1953 attack attempt (server-webapp.rules)

Modified Rules:


 * 1:43279 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess cross site scripting attempt (server-webapp.rules)
 * 1:59339 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager AdHocQuery_Processor SQL injection attempt (server-webapp.rules)
 * 1:44667 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess cross site scripting attempt (server-webapp.rules)
 * 1:59341 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager AdHocQuery_Processor SQL injection attempt (server-webapp.rules)
 * 1:59340 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager AdHocQuery_Processor SQL injection attempt (server-webapp.rules)

2024-03-12 17:16:00 UTC

Snort Subscriber Rules Update

Date: 2024-03-12

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2091701.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:63154 <-> ENABLED <-> SERVER-WEBAPP JetBrains TeamCity authentication bypass attempt (server-webapp.rules)
 * 1:63169 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Print Spooler elevation of privileges attempt (os-windows.rules)
 * 1:63170 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Print Spooler elevation of privileges attempt (os-windows.rules)
 * 1:63144 <-> DISABLED <-> OS-WINDOWS Microsoft Windows GDI elevation of privilege attempt (os-windows.rules)
 * 1:63146 <-> DISABLED <-> SERVER-OTHER VMware vCenter DCERPC out of bounds write attempt (server-other.rules)
 * 1:63153 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt (os-windows.rules)
 * 1:63152 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt (os-windows.rules)
 * 1:63140 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt (os-windows.rules)
 * 1:63142 <-> ENABLED <-> SERVER-WEBAPP CrushFTP authentication bypass attempt (server-webapp.rules)
 * 1:63145 <-> DISABLED <-> OS-WINDOWS Microsoft Windows GDI elevation of privilege attempt (os-windows.rules)
 * 1:63143 <-> DISABLED <-> SERVER-WEBAPP WordPress wpDiscuz plugin arbitrary PHP file upload attempt (server-webapp.rules)
 * 1:63150 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine OpManager FailOverHelperServlet cross site scripting attempt (server-webapp.rules)
 * 1:63149 <-> DISABLED <-> SERVER-OTHER VMware vCenter DCERPC out of bounds write attempt (server-other.rules)
 * 1:63147 <-> DISABLED <-> SERVER-OTHER VMware vCenter DCERPC out of bounds write attempt (server-other.rules)
 * 1:63141 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt (os-windows.rules)
 * 1:63151 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine OpManager FailOverHelperServlet cross site scripting attempt (server-webapp.rules)
 * 1:63162 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kernel information disclosure attempt (os-windows.rules)
 * 1:63163 <-> DISABLED <-> MALWARE-OTHER Linux.Trojan.GTPDoor download attempt (malware-other.rules)
 * 1:63161 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kernel information disclosure attempt (os-windows.rules)
 * 1:63148 <-> DISABLED <-> SERVER-OTHER VMware vCenter DCERPC out of bounds write attempt (server-other.rules)
 * 1:63155 <-> DISABLED <-> FILE-OTHER Microsoft Windows compressed folder tampering attempt (file-other.rules)
 * 1:63156 <-> DISABLED <-> FILE-OTHER Microsoft Windows compressed folder tampering attempt (file-other.rules)
 * 1:63164 <-> DISABLED <-> MALWARE-OTHER Linux.Trojan.GTPDoor download attempt (malware-other.rules)
 * 3:63171 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt (file-other.rules)
 * 3:63165 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1928 attack attempt (file-other.rules)
 * 3:63177 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt (file-other.rules)
 * 3:63179 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt (file-other.rules)
 * 3:63158 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1953 attack attempt (server-webapp.rules)
 * 3:63160 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1953 attack attempt (server-webapp.rules)
 * 3:63157 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1953 attack attempt (server-webapp.rules)
 * 3:63172 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt (file-other.rules)
 * 3:63168 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1928 attack attempt (file-other.rules)
 * 3:63176 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt (file-other.rules)
 * 3:63167 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1928 attack attempt (file-other.rules)
 * 3:63166 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1928 attack attempt (file-other.rules)
 * 3:63173 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt (file-other.rules)
 * 3:63178 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt (file-other.rules)
 * 3:63175 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt (file-other.rules)
 * 3:63159 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1953 attack attempt (server-webapp.rules)
 * 3:63180 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt (file-other.rules)
 * 3:63174 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt (file-other.rules)

Modified Rules:


 * 1:59340 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager AdHocQuery_Processor SQL injection attempt (server-webapp.rules)
 * 1:44667 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess cross site scripting attempt (server-webapp.rules)
 * 1:43279 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess cross site scripting attempt (server-webapp.rules)
 * 1:59339 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager AdHocQuery_Processor SQL injection attempt (server-webapp.rules)
 * 1:59341 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager AdHocQuery_Processor SQL injection attempt (server-webapp.rules)

2024-03-12 17:16:00 UTC

Snort Subscriber Rules Update

Date: 2024-03-12

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2091700.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:63144 <-> DISABLED <-> OS-WINDOWS Microsoft Windows GDI elevation of privilege attempt (os-windows.rules)
 * 1:63155 <-> DISABLED <-> FILE-OTHER Microsoft Windows compressed folder tampering attempt (file-other.rules)
 * 1:63164 <-> DISABLED <-> MALWARE-OTHER Linux.Trojan.GTPDoor download attempt (malware-other.rules)
 * 1:63169 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Print Spooler elevation of privileges attempt (os-windows.rules)
 * 1:63154 <-> ENABLED <-> SERVER-WEBAPP JetBrains TeamCity authentication bypass attempt (server-webapp.rules)
 * 1:63140 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt (os-windows.rules)
 * 1:63162 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kernel information disclosure attempt (os-windows.rules)
 * 1:63148 <-> DISABLED <-> SERVER-OTHER VMware vCenter DCERPC out of bounds write attempt (server-other.rules)
 * 1:63153 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt (os-windows.rules)
 * 1:63161 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kernel information disclosure attempt (os-windows.rules)
 * 1:63152 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt (os-windows.rules)
 * 1:63147 <-> DISABLED <-> SERVER-OTHER VMware vCenter DCERPC out of bounds write attempt (server-other.rules)
 * 1:63143 <-> DISABLED <-> SERVER-WEBAPP WordPress wpDiscuz plugin arbitrary PHP file upload attempt (server-webapp.rules)
 * 1:63141 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt (os-windows.rules)
 * 1:63170 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Print Spooler elevation of privileges attempt (os-windows.rules)
 * 1:63156 <-> DISABLED <-> FILE-OTHER Microsoft Windows compressed folder tampering attempt (file-other.rules)
 * 1:63145 <-> DISABLED <-> OS-WINDOWS Microsoft Windows GDI elevation of privilege attempt (os-windows.rules)
 * 1:63163 <-> DISABLED <-> MALWARE-OTHER Linux.Trojan.GTPDoor download attempt (malware-other.rules)
 * 1:63142 <-> ENABLED <-> SERVER-WEBAPP CrushFTP authentication bypass attempt (server-webapp.rules)
 * 1:63146 <-> DISABLED <-> SERVER-OTHER VMware vCenter DCERPC out of bounds write attempt (server-other.rules)
 * 1:63150 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine OpManager FailOverHelperServlet cross site scripting attempt (server-webapp.rules)
 * 1:63151 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine OpManager FailOverHelperServlet cross site scripting attempt (server-webapp.rules)
 * 1:63149 <-> DISABLED <-> SERVER-OTHER VMware vCenter DCERPC out of bounds write attempt (server-other.rules)
 * 3:63178 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt (file-other.rules)
 * 3:63159 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1953 attack attempt (server-webapp.rules)
 * 3:63165 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1928 attack attempt (file-other.rules)
 * 3:63174 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt (file-other.rules)
 * 3:63175 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt (file-other.rules)
 * 3:63179 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt (file-other.rules)
 * 3:63171 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt (file-other.rules)
 * 3:63166 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1928 attack attempt (file-other.rules)
 * 3:63172 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt (file-other.rules)
 * 3:63173 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt (file-other.rules)
 * 3:63176 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt (file-other.rules)
 * 3:63177 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt (file-other.rules)
 * 3:63168 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1928 attack attempt (file-other.rules)
 * 3:63160 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1953 attack attempt (server-webapp.rules)
 * 3:63157 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1953 attack attempt (server-webapp.rules)
 * 3:63158 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1953 attack attempt (server-webapp.rules)
 * 3:63180 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt (file-other.rules)
 * 3:63167 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1928 attack attempt (file-other.rules)

Modified Rules:


 * 1:59341 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager AdHocQuery_Processor SQL injection attempt (server-webapp.rules)
 * 1:59340 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager AdHocQuery_Processor SQL injection attempt (server-webapp.rules)
 * 1:43279 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess cross site scripting attempt (server-webapp.rules)
 * 1:44667 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess cross site scripting attempt (server-webapp.rules)
 * 1:59339 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager AdHocQuery_Processor SQL injection attempt (server-webapp.rules)

2024-03-12 17:16:00 UTC

Snort Subscriber Rules Update

Date: 2024-03-12

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2091601.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:63144 <-> DISABLED <-> OS-WINDOWS Microsoft Windows GDI elevation of privilege attempt (os-windows.rules)
 * 1:63161 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kernel information disclosure attempt (os-windows.rules)
 * 1:63154 <-> ENABLED <-> SERVER-WEBAPP JetBrains TeamCity authentication bypass attempt (server-webapp.rules)
 * 1:63163 <-> DISABLED <-> MALWARE-OTHER Linux.Trojan.GTPDoor download attempt (malware-other.rules)
 * 1:63147 <-> DISABLED <-> SERVER-OTHER VMware vCenter DCERPC out of bounds write attempt (server-other.rules)
 * 1:63156 <-> DISABLED <-> FILE-OTHER Microsoft Windows compressed folder tampering attempt (file-other.rules)
 * 1:63153 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt (os-windows.rules)
 * 1:63150 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine OpManager FailOverHelperServlet cross site scripting attempt (server-webapp.rules)
 * 1:63149 <-> DISABLED <-> SERVER-OTHER VMware vCenter DCERPC out of bounds write attempt (server-other.rules)
 * 1:63169 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Print Spooler elevation of privileges attempt (os-windows.rules)
 * 1:63146 <-> DISABLED <-> SERVER-OTHER VMware vCenter DCERPC out of bounds write attempt (server-other.rules)
 * 1:63141 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt (os-windows.rules)
 * 1:63152 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt (os-windows.rules)
 * 1:63164 <-> DISABLED <-> MALWARE-OTHER Linux.Trojan.GTPDoor download attempt (malware-other.rules)
 * 1:63140 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt (os-windows.rules)
 * 1:63143 <-> DISABLED <-> SERVER-WEBAPP WordPress wpDiscuz plugin arbitrary PHP file upload attempt (server-webapp.rules)
 * 1:63162 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kernel information disclosure attempt (os-windows.rules)
 * 1:63145 <-> DISABLED <-> OS-WINDOWS Microsoft Windows GDI elevation of privilege attempt (os-windows.rules)
 * 1:63155 <-> DISABLED <-> FILE-OTHER Microsoft Windows compressed folder tampering attempt (file-other.rules)
 * 1:63142 <-> ENABLED <-> SERVER-WEBAPP CrushFTP authentication bypass attempt (server-webapp.rules)
 * 1:63151 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine OpManager FailOverHelperServlet cross site scripting attempt (server-webapp.rules)
 * 1:63148 <-> DISABLED <-> SERVER-OTHER VMware vCenter DCERPC out of bounds write attempt (server-other.rules)
 * 1:63170 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Print Spooler elevation of privileges attempt (os-windows.rules)
 * 3:63177 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt (file-other.rules)
 * 3:63176 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt (file-other.rules)
 * 3:63157 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1953 attack attempt (server-webapp.rules)
 * 3:63180 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt (file-other.rules)
 * 3:63168 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1928 attack attempt (file-other.rules)
 * 3:63167 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1928 attack attempt (file-other.rules)
 * 3:63160 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1953 attack attempt (server-webapp.rules)
 * 3:63179 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt (file-other.rules)
 * 3:63158 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1953 attack attempt (server-webapp.rules)
 * 3:63159 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1953 attack attempt (server-webapp.rules)
 * 3:63171 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt (file-other.rules)
 * 3:63175 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt (file-other.rules)
 * 3:63173 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt (file-other.rules)
 * 3:63178 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt (file-other.rules)
 * 3:63174 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt (file-other.rules)
 * 3:63172 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt (file-other.rules)
 * 3:63165 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1928 attack attempt (file-other.rules)
 * 3:63166 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1928 attack attempt (file-other.rules)

Modified Rules:


 * 1:44667 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess cross site scripting attempt (server-webapp.rules)
 * 1:43279 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess cross site scripting attempt (server-webapp.rules)
 * 1:59341 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager AdHocQuery_Processor SQL injection attempt (server-webapp.rules)
 * 1:59340 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager AdHocQuery_Processor SQL injection attempt (server-webapp.rules)
 * 1:59339 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager AdHocQuery_Processor SQL injection attempt (server-webapp.rules)

2024-03-12 17:16:00 UTC

Snort Subscriber Rules Update

Date: 2024-03-12

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2091600.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:63149 <-> DISABLED <-> SERVER-OTHER VMware vCenter DCERPC out of bounds write attempt (server-other.rules)
 * 1:63154 <-> ENABLED <-> SERVER-WEBAPP JetBrains TeamCity authentication bypass attempt (server-webapp.rules)
 * 1:63161 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kernel information disclosure attempt (os-windows.rules)
 * 1:63143 <-> DISABLED <-> SERVER-WEBAPP WordPress wpDiscuz plugin arbitrary PHP file upload attempt (server-webapp.rules)
 * 1:63156 <-> DISABLED <-> FILE-OTHER Microsoft Windows compressed folder tampering attempt (file-other.rules)
 * 1:63162 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kernel information disclosure attempt (os-windows.rules)
 * 1:63145 <-> DISABLED <-> OS-WINDOWS Microsoft Windows GDI elevation of privilege attempt (os-windows.rules)
 * 1:63144 <-> DISABLED <-> OS-WINDOWS Microsoft Windows GDI elevation of privilege attempt (os-windows.rules)
 * 1:63140 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt (os-windows.rules)
 * 1:63153 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt (os-windows.rules)
 * 1:63146 <-> DISABLED <-> SERVER-OTHER VMware vCenter DCERPC out of bounds write attempt (server-other.rules)
 * 1:63170 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Print Spooler elevation of privileges attempt (os-windows.rules)
 * 1:63148 <-> DISABLED <-> SERVER-OTHER VMware vCenter DCERPC out of bounds write attempt (server-other.rules)
 * 1:63169 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Print Spooler elevation of privileges attempt (os-windows.rules)
 * 1:63141 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt (os-windows.rules)
 * 1:63151 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine OpManager FailOverHelperServlet cross site scripting attempt (server-webapp.rules)
 * 1:63142 <-> ENABLED <-> SERVER-WEBAPP CrushFTP authentication bypass attempt (server-webapp.rules)
 * 1:63150 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine OpManager FailOverHelperServlet cross site scripting attempt (server-webapp.rules)
 * 1:63155 <-> DISABLED <-> FILE-OTHER Microsoft Windows compressed folder tampering attempt (file-other.rules)
 * 1:63164 <-> DISABLED <-> MALWARE-OTHER Linux.Trojan.GTPDoor download attempt (malware-other.rules)
 * 1:63152 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt (os-windows.rules)
 * 1:63163 <-> DISABLED <-> MALWARE-OTHER Linux.Trojan.GTPDoor download attempt (malware-other.rules)
 * 1:63147 <-> DISABLED <-> SERVER-OTHER VMware vCenter DCERPC out of bounds write attempt (server-other.rules)
 * 3:63160 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1953 attack attempt (server-webapp.rules)
 * 3:63180 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt (file-other.rules)
 * 3:63173 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt (file-other.rules)
 * 3:63158 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1953 attack attempt (server-webapp.rules)
 * 3:63177 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt (file-other.rules)
 * 3:63179 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt (file-other.rules)
 * 3:63171 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt (file-other.rules)
 * 3:63159 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1953 attack attempt (server-webapp.rules)
 * 3:63178 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt (file-other.rules)
 * 3:63174 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt (file-other.rules)
 * 3:63176 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt (file-other.rules)
 * 3:63175 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt (file-other.rules)
 * 3:63168 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1928 attack attempt (file-other.rules)
 * 3:63166 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1928 attack attempt (file-other.rules)
 * 3:63157 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1953 attack attempt (server-webapp.rules)
 * 3:63165 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1928 attack attempt (file-other.rules)
 * 3:63172 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt (file-other.rules)
 * 3:63167 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1928 attack attempt (file-other.rules)

Modified Rules:


 * 1:43279 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess cross site scripting attempt (server-webapp.rules)
 * 1:59341 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager AdHocQuery_Processor SQL injection attempt (server-webapp.rules)
 * 1:59340 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager AdHocQuery_Processor SQL injection attempt (server-webapp.rules)
 * 1:44667 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess cross site scripting attempt (server-webapp.rules)
 * 1:59339 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager AdHocQuery_Processor SQL injection attempt (server-webapp.rules)

2024-03-12 17:16:00 UTC

Snort Subscriber Rules Update

Date: 2024-03-12

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2091501.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:63141 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt (os-windows.rules)
 * 1:63143 <-> DISABLED <-> SERVER-WEBAPP WordPress wpDiscuz plugin arbitrary PHP file upload attempt (server-webapp.rules)
 * 1:63152 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt (os-windows.rules)
 * 1:63150 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine OpManager FailOverHelperServlet cross site scripting attempt (server-webapp.rules)
 * 1:63161 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kernel information disclosure attempt (os-windows.rules)
 * 1:63162 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kernel information disclosure attempt (os-windows.rules)
 * 1:63163 <-> DISABLED <-> MALWARE-OTHER Linux.Trojan.GTPDoor download attempt (malware-other.rules)
 * 1:63164 <-> DISABLED <-> MALWARE-OTHER Linux.Trojan.GTPDoor download attempt (malware-other.rules)
 * 1:63169 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Print Spooler elevation of privileges attempt (os-windows.rules)
 * 1:63170 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Print Spooler elevation of privileges attempt (os-windows.rules)
 * 1:63140 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt (os-windows.rules)
 * 1:63156 <-> DISABLED <-> FILE-OTHER Microsoft Windows compressed folder tampering attempt (file-other.rules)
 * 1:63154 <-> ENABLED <-> SERVER-WEBAPP JetBrains TeamCity authentication bypass attempt (server-webapp.rules)
 * 1:63155 <-> DISABLED <-> FILE-OTHER Microsoft Windows compressed folder tampering attempt (file-other.rules)
 * 1:63153 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt (os-windows.rules)
 * 1:63148 <-> DISABLED <-> SERVER-OTHER VMware vCenter DCERPC out of bounds write attempt (server-other.rules)
 * 1:63151 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine OpManager FailOverHelperServlet cross site scripting attempt (server-webapp.rules)
 * 1:63149 <-> DISABLED <-> SERVER-OTHER VMware vCenter DCERPC out of bounds write attempt (server-other.rules)
 * 1:63147 <-> DISABLED <-> SERVER-OTHER VMware vCenter DCERPC out of bounds write attempt (server-other.rules)
 * 1:63144 <-> DISABLED <-> OS-WINDOWS Microsoft Windows GDI elevation of privilege attempt (os-windows.rules)
 * 1:63142 <-> ENABLED <-> SERVER-WEBAPP CrushFTP authentication bypass attempt (server-webapp.rules)
 * 1:63146 <-> DISABLED <-> SERVER-OTHER VMware vCenter DCERPC out of bounds write attempt (server-other.rules)
 * 1:63145 <-> DISABLED <-> OS-WINDOWS Microsoft Windows GDI elevation of privilege attempt (os-windows.rules)
 * 3:63166 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1928 attack attempt (file-other.rules)
 * 3:63167 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1928 attack attempt (file-other.rules)
 * 3:63177 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt (file-other.rules)
 * 3:63180 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt (file-other.rules)
 * 3:63179 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt (file-other.rules)
 * 3:63159 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1953 attack attempt (server-webapp.rules)
 * 3:63176 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt (file-other.rules)
 * 3:63168 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1928 attack attempt (file-other.rules)
 * 3:63174 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt (file-other.rules)
 * 3:63178 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt (file-other.rules)
 * 3:63175 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt (file-other.rules)
 * 3:63160 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1953 attack attempt (server-webapp.rules)
 * 3:63165 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1928 attack attempt (file-other.rules)
 * 3:63172 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt (file-other.rules)
 * 3:63173 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt (file-other.rules)
 * 3:63158 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1953 attack attempt (server-webapp.rules)
 * 3:63171 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt (file-other.rules)
 * 3:63157 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1953 attack attempt (server-webapp.rules)

Modified Rules:


 * 1:59339 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager AdHocQuery_Processor SQL injection attempt (server-webapp.rules)
 * 1:59340 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager AdHocQuery_Processor SQL injection attempt (server-webapp.rules)
 * 1:59341 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager AdHocQuery_Processor SQL injection attempt (server-webapp.rules)
 * 1:44667 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess cross site scripting attempt (server-webapp.rules)
 * 1:43279 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess cross site scripting attempt (server-webapp.rules)

2024-03-12 17:16:00 UTC

Snort Subscriber Rules Update

Date: 2024-03-12

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2091401.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:63146 <-> DISABLED <-> SERVER-OTHER VMware vCenter DCERPC out of bounds write attempt (server-other.rules)
 * 1:63162 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kernel information disclosure attempt (os-windows.rules)
 * 1:63170 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Print Spooler elevation of privileges attempt (os-windows.rules)
 * 1:63147 <-> DISABLED <-> SERVER-OTHER VMware vCenter DCERPC out of bounds write attempt (server-other.rules)
 * 1:63163 <-> DISABLED <-> MALWARE-OTHER Linux.Trojan.GTPDoor download attempt (malware-other.rules)
 * 1:63169 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Print Spooler elevation of privileges attempt (os-windows.rules)
 * 1:63142 <-> ENABLED <-> SERVER-WEBAPP CrushFTP authentication bypass attempt (server-webapp.rules)
 * 1:63154 <-> ENABLED <-> SERVER-WEBAPP JetBrains TeamCity authentication bypass attempt (server-webapp.rules)
 * 1:63143 <-> DISABLED <-> SERVER-WEBAPP WordPress wpDiscuz plugin arbitrary PHP file upload attempt (server-webapp.rules)
 * 1:63164 <-> DISABLED <-> MALWARE-OTHER Linux.Trojan.GTPDoor download attempt (malware-other.rules)
 * 1:63141 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt (os-windows.rules)
 * 1:63152 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt (os-windows.rules)
 * 1:63155 <-> DISABLED <-> FILE-OTHER Microsoft Windows compressed folder tampering attempt (file-other.rules)
 * 1:63156 <-> DISABLED <-> FILE-OTHER Microsoft Windows compressed folder tampering attempt (file-other.rules)
 * 1:63144 <-> DISABLED <-> OS-WINDOWS Microsoft Windows GDI elevation of privilege attempt (os-windows.rules)
 * 1:63151 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine OpManager FailOverHelperServlet cross site scripting attempt (server-webapp.rules)
 * 1:63148 <-> DISABLED <-> SERVER-OTHER VMware vCenter DCERPC out of bounds write attempt (server-other.rules)
 * 1:63150 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine OpManager FailOverHelperServlet cross site scripting attempt (server-webapp.rules)
 * 1:63140 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt (os-windows.rules)
 * 1:63149 <-> DISABLED <-> SERVER-OTHER VMware vCenter DCERPC out of bounds write attempt (server-other.rules)
 * 1:63153 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt (os-windows.rules)
 * 1:63161 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kernel information disclosure attempt (os-windows.rules)
 * 1:63145 <-> DISABLED <-> OS-WINDOWS Microsoft Windows GDI elevation of privilege attempt (os-windows.rules)
 * 3:63178 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt (file-other.rules)
 * 3:63165 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1928 attack attempt (file-other.rules)
 * 3:63158 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1953 attack attempt (server-webapp.rules)
 * 3:63172 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt (file-other.rules)
 * 3:63180 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt (file-other.rules)
 * 3:63167 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1928 attack attempt (file-other.rules)
 * 3:63176 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt (file-other.rules)
 * 3:63157 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1953 attack attempt (server-webapp.rules)
 * 3:63159 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1953 attack attempt (server-webapp.rules)
 * 3:63168 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1928 attack attempt (file-other.rules)
 * 3:63166 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1928 attack attempt (file-other.rules)
 * 3:63174 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt (file-other.rules)
 * 3:63175 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt (file-other.rules)
 * 3:63177 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt (file-other.rules)
 * 3:63173 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt (file-other.rules)
 * 3:63171 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt (file-other.rules)
 * 3:63160 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1953 attack attempt (server-webapp.rules)
 * 3:63179 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt (file-other.rules)

Modified Rules:


 * 1:44667 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess cross site scripting attempt (server-webapp.rules)
 * 1:59341 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager AdHocQuery_Processor SQL injection attempt (server-webapp.rules)
 * 1:59339 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager AdHocQuery_Processor SQL injection attempt (server-webapp.rules)
 * 1:43279 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess cross site scripting attempt (server-webapp.rules)
 * 1:59340 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager AdHocQuery_Processor SQL injection attempt (server-webapp.rules)

2024-03-12 17:16:00 UTC

Snort Subscriber Rules Update

Date: 2024-03-12

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2091300.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:63145 <-> DISABLED <-> OS-WINDOWS Microsoft Windows GDI elevation of privilege attempt (os-windows.rules)
 * 1:63143 <-> DISABLED <-> SERVER-WEBAPP WordPress wpDiscuz plugin arbitrary PHP file upload attempt (server-webapp.rules)
 * 1:63141 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt (os-windows.rules)
 * 1:63155 <-> DISABLED <-> FILE-OTHER Microsoft Windows compressed folder tampering attempt (file-other.rules)
 * 1:63152 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt (os-windows.rules)
 * 1:63156 <-> DISABLED <-> FILE-OTHER Microsoft Windows compressed folder tampering attempt (file-other.rules)
 * 1:63164 <-> DISABLED <-> MALWARE-OTHER Linux.Trojan.GTPDoor download attempt (malware-other.rules)
 * 1:63162 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kernel information disclosure attempt (os-windows.rules)
 * 1:63161 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kernel information disclosure attempt (os-windows.rules)
 * 1:63147 <-> DISABLED <-> SERVER-OTHER VMware vCenter DCERPC out of bounds write attempt (server-other.rules)
 * 1:63148 <-> DISABLED <-> SERVER-OTHER VMware vCenter DCERPC out of bounds write attempt (server-other.rules)
 * 1:63149 <-> DISABLED <-> SERVER-OTHER VMware vCenter DCERPC out of bounds write attempt (server-other.rules)
 * 1:63151 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine OpManager FailOverHelperServlet cross site scripting attempt (server-webapp.rules)
 * 1:63150 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine OpManager FailOverHelperServlet cross site scripting attempt (server-webapp.rules)
 * 1:63169 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Print Spooler elevation of privileges attempt (os-windows.rules)
 * 1:63170 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Print Spooler elevation of privileges attempt (os-windows.rules)
 * 1:63154 <-> ENABLED <-> SERVER-WEBAPP JetBrains TeamCity authentication bypass attempt (server-webapp.rules)
 * 1:63144 <-> DISABLED <-> OS-WINDOWS Microsoft Windows GDI elevation of privilege attempt (os-windows.rules)
 * 1:63142 <-> ENABLED <-> SERVER-WEBAPP CrushFTP authentication bypass attempt (server-webapp.rules)
 * 1:63153 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt (os-windows.rules)
 * 1:63163 <-> DISABLED <-> MALWARE-OTHER Linux.Trojan.GTPDoor download attempt (malware-other.rules)
 * 1:63140 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt (os-windows.rules)
 * 1:63146 <-> DISABLED <-> SERVER-OTHER VMware vCenter DCERPC out of bounds write attempt (server-other.rules)
 * 3:63176 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt (file-other.rules)
 * 3:63175 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt (file-other.rules)
 * 3:63157 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1953 attack attempt (server-webapp.rules)
 * 3:63174 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt (file-other.rules)
 * 3:63180 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt (file-other.rules)
 * 3:63165 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1928 attack attempt (file-other.rules)
 * 3:63171 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt (file-other.rules)
 * 3:63173 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt (file-other.rules)
 * 3:63167 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1928 attack attempt (file-other.rules)
 * 3:63159 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1953 attack attempt (server-webapp.rules)
 * 3:63178 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt (file-other.rules)
 * 3:63177 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt (file-other.rules)
 * 3:63168 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1928 attack attempt (file-other.rules)
 * 3:63158 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1953 attack attempt (server-webapp.rules)
 * 3:63172 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt (file-other.rules)
 * 3:63160 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1953 attack attempt (server-webapp.rules)
 * 3:63179 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt (file-other.rules)
 * 3:63166 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1928 attack attempt (file-other.rules)

Modified Rules:


 * 1:59339 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager AdHocQuery_Processor SQL injection attempt (server-webapp.rules)
 * 1:43279 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess cross site scripting attempt (server-webapp.rules)
 * 1:59340 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager AdHocQuery_Processor SQL injection attempt (server-webapp.rules)
 * 1:59341 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager AdHocQuery_Processor SQL injection attempt (server-webapp.rules)
 * 1:44667 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess cross site scripting attempt (server-webapp.rules)

2024-03-12 17:16:00 UTC

Snort Subscriber Rules Update

Date: 2024-03-12

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2091101.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:63152 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt (os-windows.rules)
 * 1:63141 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt (os-windows.rules)
 * 1:63143 <-> DISABLED <-> SERVER-WEBAPP WordPress wpDiscuz plugin arbitrary PHP file upload attempt (server-webapp.rules)
 * 1:63162 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kernel information disclosure attempt (os-windows.rules)
 * 1:63150 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine OpManager FailOverHelperServlet cross site scripting attempt (server-webapp.rules)
 * 1:63154 <-> ENABLED <-> SERVER-WEBAPP JetBrains TeamCity authentication bypass attempt (server-webapp.rules)
 * 1:63163 <-> DISABLED <-> MALWARE-OTHER Linux.Trojan.GTPDoor download attempt (malware-other.rules)
 * 1:63164 <-> DISABLED <-> MALWARE-OTHER Linux.Trojan.GTPDoor download attempt (malware-other.rules)
 * 1:63169 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Print Spooler elevation of privileges attempt (os-windows.rules)
 * 1:63153 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt (os-windows.rules)
 * 1:63151 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine OpManager FailOverHelperServlet cross site scripting attempt (server-webapp.rules)
 * 1:63170 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Print Spooler elevation of privileges attempt (os-windows.rules)
 * 1:63145 <-> DISABLED <-> OS-WINDOWS Microsoft Windows GDI elevation of privilege attempt (os-windows.rules)
 * 1:63156 <-> DISABLED <-> FILE-OTHER Microsoft Windows compressed folder tampering attempt (file-other.rules)
 * 1:63142 <-> ENABLED <-> SERVER-WEBAPP CrushFTP authentication bypass attempt (server-webapp.rules)
 * 1:63144 <-> DISABLED <-> OS-WINDOWS Microsoft Windows GDI elevation of privilege attempt (os-windows.rules)
 * 1:63148 <-> DISABLED <-> SERVER-OTHER VMware vCenter DCERPC out of bounds write attempt (server-other.rules)
 * 1:63155 <-> DISABLED <-> FILE-OTHER Microsoft Windows compressed folder tampering attempt (file-other.rules)
 * 1:63161 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kernel information disclosure attempt (os-windows.rules)
 * 1:63140 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt (os-windows.rules)
 * 1:63147 <-> DISABLED <-> SERVER-OTHER VMware vCenter DCERPC out of bounds write attempt (server-other.rules)
 * 1:63149 <-> DISABLED <-> SERVER-OTHER VMware vCenter DCERPC out of bounds write attempt (server-other.rules)
 * 1:63146 <-> DISABLED <-> SERVER-OTHER VMware vCenter DCERPC out of bounds write attempt (server-other.rules)
 * 3:63175 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt (file-other.rules)
 * 3:63176 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt (file-other.rules)
 * 3:63180 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt (file-other.rules)
 * 3:63179 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt (file-other.rules)
 * 3:63167 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1928 attack attempt (file-other.rules)
 * 3:63157 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1953 attack attempt (server-webapp.rules)
 * 3:63174 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt (file-other.rules)
 * 3:63160 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1953 attack attempt (server-webapp.rules)
 * 3:63166 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1928 attack attempt (file-other.rules)
 * 3:63177 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt (file-other.rules)
 * 3:63165 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1928 attack attempt (file-other.rules)
 * 3:63173 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt (file-other.rules)
 * 3:63159 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1953 attack attempt (server-webapp.rules)
 * 3:63168 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1928 attack attempt (file-other.rules)
 * 3:63158 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1953 attack attempt (server-webapp.rules)
 * 3:63178 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt (file-other.rules)
 * 3:63171 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt (file-other.rules)
 * 3:63172 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt (file-other.rules)

Modified Rules:


 * 1:59340 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager AdHocQuery_Processor SQL injection attempt (server-webapp.rules)
 * 1:44667 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess cross site scripting attempt (server-webapp.rules)
 * 1:59339 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager AdHocQuery_Processor SQL injection attempt (server-webapp.rules)
 * 1:43279 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess cross site scripting attempt (server-webapp.rules)
 * 1:59341 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager AdHocQuery_Processor SQL injection attempt (server-webapp.rules)

2024-03-12 17:18:39 UTC

Snort Subscriber Rules Update

Date: 2024-03-11-001

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.0.0.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:300855 <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt
* 1:300856 <-> OS-WINDOWS Microsoft Windows GDI elevation of privilege attempt
* 1:300857 <-> SERVER-WEBAPP Zoho ManageEngine OpManager FailOverHelperServlet cross site scripting attempt
* 1:300858 <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt
* 1:300859 <-> FILE-OTHER Microsoft Windows compressed folder tampering attempt
* 1:300860 <-> OS-WINDOWS Microsoft Windows Kernel information disclosure attempt
* 1:300861 <-> MALWARE-OTHER Linux.Trojan.GTPDoor download attempt
* 1:300862 <-> OS-WINDOWS Microsoft Windows Print Spooler elevation of privileges attempt
* 1:63142 <-> SERVER-WEBAPP CrushFTP authentication bypass attempt
* 1:63143 <-> SERVER-WEBAPP WordPress wpDiscuz plugin arbitrary PHP file upload attempt
* 1:63146 <-> SERVER-OTHER VMware vCenter DCERPC out of bounds write attempt
* 1:63147 <-> SERVER-OTHER VMware vCenter DCERPC out of bounds write attempt
* 1:63148 <-> SERVER-OTHER VMware vCenter DCERPC out of bounds write attempt
* 1:63149 <-> SERVER-OTHER VMware vCenter DCERPC out of bounds write attempt
* 1:63154 <-> SERVER-WEBAPP JetBrains TeamCity authentication bypass attempt
* 3:63157 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1953 attack attempt
* 3:63158 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1953 attack attempt
* 3:63159 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1953 attack attempt
* 3:63160 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1953 attack attempt
* 3:63165 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1928 attack attempt
* 3:63166 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1928 attack attempt
* 3:63167 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1928 attack attempt
* 3:63168 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1928 attack attempt
* 3:63171 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt
* 3:63172 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt
* 3:63173 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt
* 3:63174 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt
* 3:63175 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt
* 3:63176 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt
* 3:63177 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt
* 3:63178 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt
* 3:63179 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt
* 3:63180 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt

Modified Rules:

* 1:43279 <-> SERVER-WEBAPP Advantech WebAccess cross site scripting attempt
* 1:44667 <-> SERVER-WEBAPP Advantech WebAccess cross site scripting attempt
* 1:59339 <-> SERVER-WEBAPP Trend Micro Control Manager AdHocQuery_Processor SQL injection attempt
* 1:59340 <-> SERVER-WEBAPP Trend Micro Control Manager AdHocQuery_Processor SQL injection attempt
* 1:59341 <-> SERVER-WEBAPP Trend Micro Control Manager AdHocQuery_Processor SQL injection attempt


2024-03-12 17:18:39 UTC

Snort Subscriber Rules Update

Date: 2024-03-11-001

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.0.3.1.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:300855 <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt
* 1:300856 <-> OS-WINDOWS Microsoft Windows GDI elevation of privilege attempt
* 1:300857 <-> SERVER-WEBAPP Zoho ManageEngine OpManager FailOverHelperServlet cross site scripting attempt
* 1:300858 <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt
* 1:300859 <-> FILE-OTHER Microsoft Windows compressed folder tampering attempt
* 1:300860 <-> OS-WINDOWS Microsoft Windows Kernel information disclosure attempt
* 1:300861 <-> MALWARE-OTHER Linux.Trojan.GTPDoor download attempt
* 1:300862 <-> OS-WINDOWS Microsoft Windows Print Spooler elevation of privileges attempt
* 1:63142 <-> SERVER-WEBAPP CrushFTP authentication bypass attempt
* 1:63143 <-> SERVER-WEBAPP WordPress wpDiscuz plugin arbitrary PHP file upload attempt
* 1:63146 <-> SERVER-OTHER VMware vCenter DCERPC out of bounds write attempt
* 1:63147 <-> SERVER-OTHER VMware vCenter DCERPC out of bounds write attempt
* 1:63148 <-> SERVER-OTHER VMware vCenter DCERPC out of bounds write attempt
* 1:63149 <-> SERVER-OTHER VMware vCenter DCERPC out of bounds write attempt
* 1:63154 <-> SERVER-WEBAPP JetBrains TeamCity authentication bypass attempt
* 3:63157 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1953 attack attempt
* 3:63158 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1953 attack attempt
* 3:63159 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1953 attack attempt
* 3:63160 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1953 attack attempt
* 3:63165 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1928 attack attempt
* 3:63166 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1928 attack attempt
* 3:63167 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1928 attack attempt
* 3:63168 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1928 attack attempt
* 3:63171 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt
* 3:63172 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt
* 3:63173 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt
* 3:63174 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt
* 3:63175 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt
* 3:63176 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt
* 3:63177 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt
* 3:63178 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt
* 3:63179 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt
* 3:63180 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt

Modified Rules:

* 1:43279 <-> SERVER-WEBAPP Advantech WebAccess cross site scripting attempt
* 1:44667 <-> SERVER-WEBAPP Advantech WebAccess cross site scripting attempt
* 1:59339 <-> SERVER-WEBAPP Trend Micro Control Manager AdHocQuery_Processor SQL injection attempt
* 1:59340 <-> SERVER-WEBAPP Trend Micro Control Manager AdHocQuery_Processor SQL injection attempt
* 1:59341 <-> SERVER-WEBAPP Trend Micro Control Manager AdHocQuery_Processor SQL injection attempt


2024-03-12 17:18:39 UTC

Snort Subscriber Rules Update

Date: 2024-03-11-001

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.0.3.4.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:300855 <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt
* 1:300856 <-> OS-WINDOWS Microsoft Windows GDI elevation of privilege attempt
* 1:300857 <-> SERVER-WEBAPP Zoho ManageEngine OpManager FailOverHelperServlet cross site scripting attempt
* 1:300858 <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt
* 1:300859 <-> FILE-OTHER Microsoft Windows compressed folder tampering attempt
* 1:300860 <-> OS-WINDOWS Microsoft Windows Kernel information disclosure attempt
* 1:300861 <-> MALWARE-OTHER Linux.Trojan.GTPDoor download attempt
* 1:300862 <-> OS-WINDOWS Microsoft Windows Print Spooler elevation of privileges attempt
* 1:63142 <-> SERVER-WEBAPP CrushFTP authentication bypass attempt
* 1:63143 <-> SERVER-WEBAPP WordPress wpDiscuz plugin arbitrary PHP file upload attempt
* 1:63146 <-> SERVER-OTHER VMware vCenter DCERPC out of bounds write attempt
* 1:63147 <-> SERVER-OTHER VMware vCenter DCERPC out of bounds write attempt
* 1:63148 <-> SERVER-OTHER VMware vCenter DCERPC out of bounds write attempt
* 1:63149 <-> SERVER-OTHER VMware vCenter DCERPC out of bounds write attempt
* 1:63154 <-> SERVER-WEBAPP JetBrains TeamCity authentication bypass attempt
* 3:63157 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1953 attack attempt
* 3:63158 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1953 attack attempt
* 3:63159 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1953 attack attempt
* 3:63160 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1953 attack attempt
* 3:63165 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1928 attack attempt
* 3:63166 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1928 attack attempt
* 3:63167 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1928 attack attempt
* 3:63168 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1928 attack attempt
* 3:63171 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt
* 3:63172 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt
* 3:63173 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt
* 3:63174 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt
* 3:63175 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt
* 3:63176 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt
* 3:63177 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt
* 3:63178 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt
* 3:63179 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt
* 3:63180 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt

Modified Rules:

* 1:43279 <-> SERVER-WEBAPP Advantech WebAccess cross site scripting attempt
* 1:44667 <-> SERVER-WEBAPP Advantech WebAccess cross site scripting attempt
* 1:59339 <-> SERVER-WEBAPP Trend Micro Control Manager AdHocQuery_Processor SQL injection attempt
* 1:59340 <-> SERVER-WEBAPP Trend Micro Control Manager AdHocQuery_Processor SQL injection attempt
* 1:59341 <-> SERVER-WEBAPP Trend Micro Control Manager AdHocQuery_Processor SQL injection attempt


2024-03-12 17:18:39 UTC

Snort Subscriber Rules Update

Date: 2024-03-11-001

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.0.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:300855 <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt
* 1:300856 <-> OS-WINDOWS Microsoft Windows GDI elevation of privilege attempt
* 1:300857 <-> SERVER-WEBAPP Zoho ManageEngine OpManager FailOverHelperServlet cross site scripting attempt
* 1:300858 <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt
* 1:300859 <-> FILE-OTHER Microsoft Windows compressed folder tampering attempt
* 1:300860 <-> OS-WINDOWS Microsoft Windows Kernel information disclosure attempt
* 1:300861 <-> MALWARE-OTHER Linux.Trojan.GTPDoor download attempt
* 1:300862 <-> OS-WINDOWS Microsoft Windows Print Spooler elevation of privileges attempt
* 1:63142 <-> SERVER-WEBAPP CrushFTP authentication bypass attempt
* 1:63143 <-> SERVER-WEBAPP WordPress wpDiscuz plugin arbitrary PHP file upload attempt
* 1:63146 <-> SERVER-OTHER VMware vCenter DCERPC out of bounds write attempt
* 1:63147 <-> SERVER-OTHER VMware vCenter DCERPC out of bounds write attempt
* 1:63148 <-> SERVER-OTHER VMware vCenter DCERPC out of bounds write attempt
* 1:63149 <-> SERVER-OTHER VMware vCenter DCERPC out of bounds write attempt
* 1:63154 <-> SERVER-WEBAPP JetBrains TeamCity authentication bypass attempt
* 3:63157 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1953 attack attempt
* 3:63158 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1953 attack attempt
* 3:63159 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1953 attack attempt
* 3:63160 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1953 attack attempt
* 3:63165 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1928 attack attempt
* 3:63166 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1928 attack attempt
* 3:63167 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1928 attack attempt
* 3:63168 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1928 attack attempt
* 3:63171 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt
* 3:63172 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt
* 3:63173 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt
* 3:63174 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt
* 3:63175 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt
* 3:63176 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt
* 3:63177 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt
* 3:63178 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt
* 3:63179 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt
* 3:63180 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt

Modified Rules:

* 1:43279 <-> SERVER-WEBAPP Advantech WebAccess cross site scripting attempt
* 1:44667 <-> SERVER-WEBAPP Advantech WebAccess cross site scripting attempt
* 1:59339 <-> SERVER-WEBAPP Trend Micro Control Manager AdHocQuery_Processor SQL injection attempt
* 1:59340 <-> SERVER-WEBAPP Trend Micro Control Manager AdHocQuery_Processor SQL injection attempt
* 1:59341 <-> SERVER-WEBAPP Trend Micro Control Manager AdHocQuery_Processor SQL injection attempt


2024-03-12 17:18:39 UTC

Snort Subscriber Rules Update

Date: 2024-03-11-001

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.0.1.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:300855 <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt
* 1:300856 <-> OS-WINDOWS Microsoft Windows GDI elevation of privilege attempt
* 1:300857 <-> SERVER-WEBAPP Zoho ManageEngine OpManager FailOverHelperServlet cross site scripting attempt
* 1:300858 <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt
* 1:300859 <-> FILE-OTHER Microsoft Windows compressed folder tampering attempt
* 1:300860 <-> OS-WINDOWS Microsoft Windows Kernel information disclosure attempt
* 1:300861 <-> MALWARE-OTHER Linux.Trojan.GTPDoor download attempt
* 1:300862 <-> OS-WINDOWS Microsoft Windows Print Spooler elevation of privileges attempt
* 1:63142 <-> SERVER-WEBAPP CrushFTP authentication bypass attempt
* 1:63143 <-> SERVER-WEBAPP WordPress wpDiscuz plugin arbitrary PHP file upload attempt
* 1:63146 <-> SERVER-OTHER VMware vCenter DCERPC out of bounds write attempt
* 1:63147 <-> SERVER-OTHER VMware vCenter DCERPC out of bounds write attempt
* 1:63148 <-> SERVER-OTHER VMware vCenter DCERPC out of bounds write attempt
* 1:63149 <-> SERVER-OTHER VMware vCenter DCERPC out of bounds write attempt
* 1:63154 <-> SERVER-WEBAPP JetBrains TeamCity authentication bypass attempt
* 3:63157 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1953 attack attempt
* 3:63158 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1953 attack attempt
* 3:63159 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1953 attack attempt
* 3:63160 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1953 attack attempt
* 3:63165 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1928 attack attempt
* 3:63166 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1928 attack attempt
* 3:63167 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1928 attack attempt
* 3:63168 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1928 attack attempt
* 3:63171 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt
* 3:63172 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt
* 3:63173 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt
* 3:63174 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt
* 3:63175 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt
* 3:63176 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt
* 3:63177 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt
* 3:63178 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt
* 3:63179 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt
* 3:63180 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt

Modified Rules:

* 1:43279 <-> SERVER-WEBAPP Advantech WebAccess cross site scripting attempt
* 1:44667 <-> SERVER-WEBAPP Advantech WebAccess cross site scripting attempt
* 1:59339 <-> SERVER-WEBAPP Trend Micro Control Manager AdHocQuery_Processor SQL injection attempt
* 1:59340 <-> SERVER-WEBAPP Trend Micro Control Manager AdHocQuery_Processor SQL injection attempt
* 1:59341 <-> SERVER-WEBAPP Trend Micro Control Manager AdHocQuery_Processor SQL injection attempt


2024-03-12 17:18:39 UTC

Snort Subscriber Rules Update

Date: 2024-03-11-001

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.1.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:300855 <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt
* 1:300856 <-> OS-WINDOWS Microsoft Windows GDI elevation of privilege attempt
* 1:300857 <-> SERVER-WEBAPP Zoho ManageEngine OpManager FailOverHelperServlet cross site scripting attempt
* 1:300858 <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt
* 1:300859 <-> FILE-OTHER Microsoft Windows compressed folder tampering attempt
* 1:300860 <-> OS-WINDOWS Microsoft Windows Kernel information disclosure attempt
* 1:300861 <-> MALWARE-OTHER Linux.Trojan.GTPDoor download attempt
* 1:300862 <-> OS-WINDOWS Microsoft Windows Print Spooler elevation of privileges attempt
* 1:63142 <-> SERVER-WEBAPP CrushFTP authentication bypass attempt
* 1:63143 <-> SERVER-WEBAPP WordPress wpDiscuz plugin arbitrary PHP file upload attempt
* 1:63146 <-> SERVER-OTHER VMware vCenter DCERPC out of bounds write attempt
* 1:63147 <-> SERVER-OTHER VMware vCenter DCERPC out of bounds write attempt
* 1:63148 <-> SERVER-OTHER VMware vCenter DCERPC out of bounds write attempt
* 1:63149 <-> SERVER-OTHER VMware vCenter DCERPC out of bounds write attempt
* 1:63154 <-> SERVER-WEBAPP JetBrains TeamCity authentication bypass attempt
* 3:63157 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1953 attack attempt
* 3:63158 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1953 attack attempt
* 3:63159 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1953 attack attempt
* 3:63160 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1953 attack attempt
* 3:63165 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1928 attack attempt
* 3:63166 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1928 attack attempt
* 3:63167 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1928 attack attempt
* 3:63168 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1928 attack attempt
* 3:63171 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt
* 3:63172 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt
* 3:63173 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt
* 3:63174 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt
* 3:63175 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt
* 3:63176 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt
* 3:63177 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt
* 3:63178 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt
* 3:63179 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt
* 3:63180 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt

Modified Rules:

* 1:43279 <-> SERVER-WEBAPP Advantech WebAccess cross site scripting attempt
* 1:44667 <-> SERVER-WEBAPP Advantech WebAccess cross site scripting attempt
* 1:59339 <-> SERVER-WEBAPP Trend Micro Control Manager AdHocQuery_Processor SQL injection attempt
* 1:59340 <-> SERVER-WEBAPP Trend Micro Control Manager AdHocQuery_Processor SQL injection attempt
* 1:59341 <-> SERVER-WEBAPP Trend Micro Control Manager AdHocQuery_Processor SQL injection attempt


2024-03-12 17:18:39 UTC

Snort Subscriber Rules Update

Date: 2024-03-11-001

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.3.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:300855 <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt
* 1:300856 <-> OS-WINDOWS Microsoft Windows GDI elevation of privilege attempt
* 1:300857 <-> SERVER-WEBAPP Zoho ManageEngine OpManager FailOverHelperServlet cross site scripting attempt
* 1:300858 <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt
* 1:300859 <-> FILE-OTHER Microsoft Windows compressed folder tampering attempt
* 1:300860 <-> OS-WINDOWS Microsoft Windows Kernel information disclosure attempt
* 1:300861 <-> MALWARE-OTHER Linux.Trojan.GTPDoor download attempt
* 1:300862 <-> OS-WINDOWS Microsoft Windows Print Spooler elevation of privileges attempt
* 1:63142 <-> SERVER-WEBAPP CrushFTP authentication bypass attempt
* 1:63143 <-> SERVER-WEBAPP WordPress wpDiscuz plugin arbitrary PHP file upload attempt
* 1:63146 <-> SERVER-OTHER VMware vCenter DCERPC out of bounds write attempt
* 1:63147 <-> SERVER-OTHER VMware vCenter DCERPC out of bounds write attempt
* 1:63148 <-> SERVER-OTHER VMware vCenter DCERPC out of bounds write attempt
* 1:63149 <-> SERVER-OTHER VMware vCenter DCERPC out of bounds write attempt
* 1:63154 <-> SERVER-WEBAPP JetBrains TeamCity authentication bypass attempt
* 3:63157 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1953 attack attempt
* 3:63158 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1953 attack attempt
* 3:63159 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1953 attack attempt
* 3:63160 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1953 attack attempt
* 3:63165 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1928 attack attempt
* 3:63166 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1928 attack attempt
* 3:63167 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1928 attack attempt
* 3:63168 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1928 attack attempt
* 3:63171 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt
* 3:63172 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt
* 3:63173 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt
* 3:63174 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt
* 3:63175 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt
* 3:63176 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt
* 3:63177 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt
* 3:63178 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt
* 3:63179 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt
* 3:63180 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt

Modified Rules:

* 1:43279 <-> SERVER-WEBAPP Advantech WebAccess cross site scripting attempt
* 1:44667 <-> SERVER-WEBAPP Advantech WebAccess cross site scripting attempt
* 1:59339 <-> SERVER-WEBAPP Trend Micro Control Manager AdHocQuery_Processor SQL injection attempt
* 1:59340 <-> SERVER-WEBAPP Trend Micro Control Manager AdHocQuery_Processor SQL injection attempt
* 1:59341 <-> SERVER-WEBAPP Trend Micro Control Manager AdHocQuery_Processor SQL injection attempt


2024-03-12 17:18:39 UTC

Snort Subscriber Rules Update

Date: 2024-03-11-001

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.4.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:300855 <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt
* 1:300856 <-> OS-WINDOWS Microsoft Windows GDI elevation of privilege attempt
* 1:300857 <-> SERVER-WEBAPP Zoho ManageEngine OpManager FailOverHelperServlet cross site scripting attempt
* 1:300858 <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt
* 1:300859 <-> FILE-OTHER Microsoft Windows compressed folder tampering attempt
* 1:300860 <-> OS-WINDOWS Microsoft Windows Kernel information disclosure attempt
* 1:300861 <-> MALWARE-OTHER Linux.Trojan.GTPDoor download attempt
* 1:300862 <-> OS-WINDOWS Microsoft Windows Print Spooler elevation of privileges attempt
* 1:63142 <-> SERVER-WEBAPP CrushFTP authentication bypass attempt
* 1:63143 <-> SERVER-WEBAPP WordPress wpDiscuz plugin arbitrary PHP file upload attempt
* 1:63146 <-> SERVER-OTHER VMware vCenter DCERPC out of bounds write attempt
* 1:63147 <-> SERVER-OTHER VMware vCenter DCERPC out of bounds write attempt
* 1:63148 <-> SERVER-OTHER VMware vCenter DCERPC out of bounds write attempt
* 1:63149 <-> SERVER-OTHER VMware vCenter DCERPC out of bounds write attempt
* 1:63154 <-> SERVER-WEBAPP JetBrains TeamCity authentication bypass attempt
* 3:63157 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1953 attack attempt
* 3:63158 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1953 attack attempt
* 3:63159 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1953 attack attempt
* 3:63160 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1953 attack attempt
* 3:63165 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1928 attack attempt
* 3:63166 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1928 attack attempt
* 3:63167 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1928 attack attempt
* 3:63168 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1928 attack attempt
* 3:63171 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt
* 3:63172 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt
* 3:63173 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt
* 3:63174 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt
* 3:63175 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt
* 3:63176 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt
* 3:63177 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt
* 3:63178 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt
* 3:63179 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt
* 3:63180 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt

Modified Rules:

* 1:43279 <-> SERVER-WEBAPP Advantech WebAccess cross site scripting attempt
* 1:44667 <-> SERVER-WEBAPP Advantech WebAccess cross site scripting attempt
* 1:59339 <-> SERVER-WEBAPP Trend Micro Control Manager AdHocQuery_Processor SQL injection attempt
* 1:59340 <-> SERVER-WEBAPP Trend Micro Control Manager AdHocQuery_Processor SQL injection attempt
* 1:59341 <-> SERVER-WEBAPP Trend Micro Control Manager AdHocQuery_Processor SQL injection attempt


2024-03-12 17:18:39 UTC

Snort Subscriber Rules Update

Date: 2024-03-11-001

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.5.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:300855 <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt
* 1:300856 <-> OS-WINDOWS Microsoft Windows GDI elevation of privilege attempt
* 1:300857 <-> SERVER-WEBAPP Zoho ManageEngine OpManager FailOverHelperServlet cross site scripting attempt
* 1:300858 <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt
* 1:300859 <-> FILE-OTHER Microsoft Windows compressed folder tampering attempt
* 1:300860 <-> OS-WINDOWS Microsoft Windows Kernel information disclosure attempt
* 1:300861 <-> MALWARE-OTHER Linux.Trojan.GTPDoor download attempt
* 1:300862 <-> OS-WINDOWS Microsoft Windows Print Spooler elevation of privileges attempt
* 1:63142 <-> SERVER-WEBAPP CrushFTP authentication bypass attempt
* 1:63143 <-> SERVER-WEBAPP WordPress wpDiscuz plugin arbitrary PHP file upload attempt
* 1:63146 <-> SERVER-OTHER VMware vCenter DCERPC out of bounds write attempt
* 1:63147 <-> SERVER-OTHER VMware vCenter DCERPC out of bounds write attempt
* 1:63148 <-> SERVER-OTHER VMware vCenter DCERPC out of bounds write attempt
* 1:63149 <-> SERVER-OTHER VMware vCenter DCERPC out of bounds write attempt
* 1:63154 <-> SERVER-WEBAPP JetBrains TeamCity authentication bypass attempt
* 3:63157 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1953 attack attempt
* 3:63158 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1953 attack attempt
* 3:63159 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1953 attack attempt
* 3:63160 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1953 attack attempt
* 3:63165 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1928 attack attempt
* 3:63166 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1928 attack attempt
* 3:63167 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1928 attack attempt
* 3:63168 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1928 attack attempt
* 3:63171 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt
* 3:63172 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt
* 3:63173 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt
* 3:63174 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt
* 3:63175 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt
* 3:63176 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt
* 3:63177 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt
* 3:63178 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt
* 3:63179 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt
* 3:63180 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt

Modified Rules:

* 1:43279 <-> SERVER-WEBAPP Advantech WebAccess cross site scripting attempt
* 1:44667 <-> SERVER-WEBAPP Advantech WebAccess cross site scripting attempt
* 1:59339 <-> SERVER-WEBAPP Trend Micro Control Manager AdHocQuery_Processor SQL injection attempt
* 1:59340 <-> SERVER-WEBAPP Trend Micro Control Manager AdHocQuery_Processor SQL injection attempt
* 1:59341 <-> SERVER-WEBAPP Trend Micro Control Manager AdHocQuery_Processor SQL injection attempt


2024-03-12 17:18:39 UTC

Snort Subscriber Rules Update

Date: 2024-03-11-001

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.7.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:300855 <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt
* 1:300856 <-> OS-WINDOWS Microsoft Windows GDI elevation of privilege attempt
* 1:300857 <-> SERVER-WEBAPP Zoho ManageEngine OpManager FailOverHelperServlet cross site scripting attempt
* 1:300858 <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt
* 1:300859 <-> FILE-OTHER Microsoft Windows compressed folder tampering attempt
* 1:300860 <-> OS-WINDOWS Microsoft Windows Kernel information disclosure attempt
* 1:300861 <-> MALWARE-OTHER Linux.Trojan.GTPDoor download attempt
* 1:300862 <-> OS-WINDOWS Microsoft Windows Print Spooler elevation of privileges attempt
* 1:63142 <-> SERVER-WEBAPP CrushFTP authentication bypass attempt
* 1:63143 <-> SERVER-WEBAPP WordPress wpDiscuz plugin arbitrary PHP file upload attempt
* 1:63146 <-> SERVER-OTHER VMware vCenter DCERPC out of bounds write attempt
* 1:63147 <-> SERVER-OTHER VMware vCenter DCERPC out of bounds write attempt
* 1:63148 <-> SERVER-OTHER VMware vCenter DCERPC out of bounds write attempt
* 1:63149 <-> SERVER-OTHER VMware vCenter DCERPC out of bounds write attempt
* 1:63154 <-> SERVER-WEBAPP JetBrains TeamCity authentication bypass attempt
* 3:63157 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1953 attack attempt
* 3:63158 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1953 attack attempt
* 3:63159 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1953 attack attempt
* 3:63160 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1953 attack attempt
* 3:63165 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1928 attack attempt
* 3:63166 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1928 attack attempt
* 3:63167 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1928 attack attempt
* 3:63168 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1928 attack attempt
* 3:63171 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt
* 3:63172 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt
* 3:63173 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt
* 3:63174 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt
* 3:63175 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt
* 3:63176 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt
* 3:63177 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt
* 3:63178 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt
* 3:63179 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt
* 3:63180 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt

Modified Rules:

* 1:43279 <-> SERVER-WEBAPP Advantech WebAccess cross site scripting attempt
* 1:44667 <-> SERVER-WEBAPP Advantech WebAccess cross site scripting attempt
* 1:59339 <-> SERVER-WEBAPP Trend Micro Control Manager AdHocQuery_Processor SQL injection attempt
* 1:59340 <-> SERVER-WEBAPP Trend Micro Control Manager AdHocQuery_Processor SQL injection attempt
* 1:59341 <-> SERVER-WEBAPP Trend Micro Control Manager AdHocQuery_Processor SQL injection attempt


2024-03-12 17:18:40 UTC

Snort Subscriber Rules Update

Date: 2024-03-11-001

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.9.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:300855 <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt
* 1:300856 <-> OS-WINDOWS Microsoft Windows GDI elevation of privilege attempt
* 1:300857 <-> SERVER-WEBAPP Zoho ManageEngine OpManager FailOverHelperServlet cross site scripting attempt
* 1:300858 <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt
* 1:300859 <-> FILE-OTHER Microsoft Windows compressed folder tampering attempt
* 1:300860 <-> OS-WINDOWS Microsoft Windows Kernel information disclosure attempt
* 1:300861 <-> MALWARE-OTHER Linux.Trojan.GTPDoor download attempt
* 1:300862 <-> OS-WINDOWS Microsoft Windows Print Spooler elevation of privileges attempt
* 1:63142 <-> SERVER-WEBAPP CrushFTP authentication bypass attempt
* 1:63143 <-> SERVER-WEBAPP WordPress wpDiscuz plugin arbitrary PHP file upload attempt
* 1:63146 <-> SERVER-OTHER VMware vCenter DCERPC out of bounds write attempt
* 1:63147 <-> SERVER-OTHER VMware vCenter DCERPC out of bounds write attempt
* 1:63148 <-> SERVER-OTHER VMware vCenter DCERPC out of bounds write attempt
* 1:63149 <-> SERVER-OTHER VMware vCenter DCERPC out of bounds write attempt
* 1:63154 <-> SERVER-WEBAPP JetBrains TeamCity authentication bypass attempt
* 3:63157 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1953 attack attempt
* 3:63158 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1953 attack attempt
* 3:63159 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1953 attack attempt
* 3:63160 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1953 attack attempt
* 3:63165 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1928 attack attempt
* 3:63166 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1928 attack attempt
* 3:63167 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1928 attack attempt
* 3:63168 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1928 attack attempt
* 3:63171 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt
* 3:63172 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt
* 3:63173 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt
* 3:63174 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt
* 3:63175 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt
* 3:63176 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt
* 3:63177 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt
* 3:63178 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt
* 3:63179 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt
* 3:63180 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt

Modified Rules:

* 1:43279 <-> SERVER-WEBAPP Advantech WebAccess cross site scripting attempt
* 1:44667 <-> SERVER-WEBAPP Advantech WebAccess cross site scripting attempt
* 1:59339 <-> SERVER-WEBAPP Trend Micro Control Manager AdHocQuery_Processor SQL injection attempt
* 1:59340 <-> SERVER-WEBAPP Trend Micro Control Manager AdHocQuery_Processor SQL injection attempt
* 1:59341 <-> SERVER-WEBAPP Trend Micro Control Manager AdHocQuery_Processor SQL injection attempt


2024-03-12 17:18:40 UTC

Snort Subscriber Rules Update

Date: 2024-03-11-001

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.11.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:300855 <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt
* 1:300856 <-> OS-WINDOWS Microsoft Windows GDI elevation of privilege attempt
* 1:300857 <-> SERVER-WEBAPP Zoho ManageEngine OpManager FailOverHelperServlet cross site scripting attempt
* 1:300858 <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt
* 1:300859 <-> FILE-OTHER Microsoft Windows compressed folder tampering attempt
* 1:300860 <-> OS-WINDOWS Microsoft Windows Kernel information disclosure attempt
* 1:300861 <-> MALWARE-OTHER Linux.Trojan.GTPDoor download attempt
* 1:300862 <-> OS-WINDOWS Microsoft Windows Print Spooler elevation of privileges attempt
* 1:63142 <-> SERVER-WEBAPP CrushFTP authentication bypass attempt
* 1:63143 <-> SERVER-WEBAPP WordPress wpDiscuz plugin arbitrary PHP file upload attempt
* 1:63146 <-> SERVER-OTHER VMware vCenter DCERPC out of bounds write attempt
* 1:63147 <-> SERVER-OTHER VMware vCenter DCERPC out of bounds write attempt
* 1:63148 <-> SERVER-OTHER VMware vCenter DCERPC out of bounds write attempt
* 1:63149 <-> SERVER-OTHER VMware vCenter DCERPC out of bounds write attempt
* 1:63154 <-> SERVER-WEBAPP JetBrains TeamCity authentication bypass attempt
* 3:63157 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1953 attack attempt
* 3:63158 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1953 attack attempt
* 3:63159 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1953 attack attempt
* 3:63160 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1953 attack attempt
* 3:63165 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1928 attack attempt
* 3:63166 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1928 attack attempt
* 3:63167 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1928 attack attempt
* 3:63168 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1928 attack attempt
* 3:63171 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt
* 3:63172 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt
* 3:63173 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt
* 3:63174 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt
* 3:63175 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt
* 3:63176 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt
* 3:63177 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt
* 3:63178 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt
* 3:63179 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt
* 3:63180 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt

Modified Rules:

* 1:43279 <-> SERVER-WEBAPP Advantech WebAccess cross site scripting attempt
* 1:44667 <-> SERVER-WEBAPP Advantech WebAccess cross site scripting attempt
* 1:59339 <-> SERVER-WEBAPP Trend Micro Control Manager AdHocQuery_Processor SQL injection attempt
* 1:59340 <-> SERVER-WEBAPP Trend Micro Control Manager AdHocQuery_Processor SQL injection attempt
* 1:59341 <-> SERVER-WEBAPP Trend Micro Control Manager AdHocQuery_Processor SQL injection attempt


2024-03-12 17:18:40 UTC

Snort Subscriber Rules Update

Date: 2024-03-11-001

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.15.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:300855 <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt
* 1:300856 <-> OS-WINDOWS Microsoft Windows GDI elevation of privilege attempt
* 1:300857 <-> SERVER-WEBAPP Zoho ManageEngine OpManager FailOverHelperServlet cross site scripting attempt
* 1:300858 <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt
* 1:300859 <-> FILE-OTHER Microsoft Windows compressed folder tampering attempt
* 1:300860 <-> OS-WINDOWS Microsoft Windows Kernel information disclosure attempt
* 1:300861 <-> MALWARE-OTHER Linux.Trojan.GTPDoor download attempt
* 1:300862 <-> OS-WINDOWS Microsoft Windows Print Spooler elevation of privileges attempt
* 1:63142 <-> SERVER-WEBAPP CrushFTP authentication bypass attempt
* 1:63143 <-> SERVER-WEBAPP WordPress wpDiscuz plugin arbitrary PHP file upload attempt
* 1:63146 <-> SERVER-OTHER VMware vCenter DCERPC out of bounds write attempt
* 1:63147 <-> SERVER-OTHER VMware vCenter DCERPC out of bounds write attempt
* 1:63148 <-> SERVER-OTHER VMware vCenter DCERPC out of bounds write attempt
* 1:63149 <-> SERVER-OTHER VMware vCenter DCERPC out of bounds write attempt
* 1:63154 <-> SERVER-WEBAPP JetBrains TeamCity authentication bypass attempt
* 3:63157 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1953 attack attempt
* 3:63158 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1953 attack attempt
* 3:63159 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1953 attack attempt
* 3:63160 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1953 attack attempt
* 3:63165 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1928 attack attempt
* 3:63166 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1928 attack attempt
* 3:63167 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1928 attack attempt
* 3:63168 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1928 attack attempt
* 3:63171 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt
* 3:63172 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt
* 3:63173 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt
* 3:63174 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt
* 3:63175 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt
* 3:63176 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt
* 3:63177 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt
* 3:63178 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt
* 3:63179 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt
* 3:63180 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt

Modified Rules:

* 1:43279 <-> SERVER-WEBAPP Advantech WebAccess cross site scripting attempt
* 1:44667 <-> SERVER-WEBAPP Advantech WebAccess cross site scripting attempt
* 1:59339 <-> SERVER-WEBAPP Trend Micro Control Manager AdHocQuery_Processor SQL injection attempt
* 1:59340 <-> SERVER-WEBAPP Trend Micro Control Manager AdHocQuery_Processor SQL injection attempt
* 1:59341 <-> SERVER-WEBAPP Trend Micro Control Manager AdHocQuery_Processor SQL injection attempt


2024-03-12 17:18:40 UTC

Snort Subscriber Rules Update

Date: 2024-03-11-001

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.18.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:300855 <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt
* 1:300856 <-> OS-WINDOWS Microsoft Windows GDI elevation of privilege attempt
* 1:300857 <-> SERVER-WEBAPP Zoho ManageEngine OpManager FailOverHelperServlet cross site scripting attempt
* 1:300858 <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt
* 1:300859 <-> FILE-OTHER Microsoft Windows compressed folder tampering attempt
* 1:300860 <-> OS-WINDOWS Microsoft Windows Kernel information disclosure attempt
* 1:300861 <-> MALWARE-OTHER Linux.Trojan.GTPDoor download attempt
* 1:300862 <-> OS-WINDOWS Microsoft Windows Print Spooler elevation of privileges attempt
* 1:63142 <-> SERVER-WEBAPP CrushFTP authentication bypass attempt
* 1:63143 <-> SERVER-WEBAPP WordPress wpDiscuz plugin arbitrary PHP file upload attempt
* 1:63146 <-> SERVER-OTHER VMware vCenter DCERPC out of bounds write attempt
* 1:63147 <-> SERVER-OTHER VMware vCenter DCERPC out of bounds write attempt
* 1:63148 <-> SERVER-OTHER VMware vCenter DCERPC out of bounds write attempt
* 1:63149 <-> SERVER-OTHER VMware vCenter DCERPC out of bounds write attempt
* 1:63154 <-> SERVER-WEBAPP JetBrains TeamCity authentication bypass attempt
* 3:63157 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1953 attack attempt
* 3:63158 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1953 attack attempt
* 3:63159 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1953 attack attempt
* 3:63160 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1953 attack attempt
* 3:63165 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1928 attack attempt
* 3:63166 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1928 attack attempt
* 3:63167 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1928 attack attempt
* 3:63168 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1928 attack attempt
* 3:63171 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt
* 3:63172 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt
* 3:63173 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt
* 3:63174 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt
* 3:63175 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt
* 3:63176 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt
* 3:63177 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt
* 3:63178 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt
* 3:63179 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt
* 3:63180 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt

Modified Rules:

* 1:43279 <-> SERVER-WEBAPP Advantech WebAccess cross site scripting attempt
* 1:44667 <-> SERVER-WEBAPP Advantech WebAccess cross site scripting attempt
* 1:59339 <-> SERVER-WEBAPP Trend Micro Control Manager AdHocQuery_Processor SQL injection attempt
* 1:59340 <-> SERVER-WEBAPP Trend Micro Control Manager AdHocQuery_Processor SQL injection attempt
* 1:59341 <-> SERVER-WEBAPP Trend Micro Control Manager AdHocQuery_Processor SQL injection attempt


2024-03-12 17:18:40 UTC

Snort Subscriber Rules Update

Date: 2024-03-11-001

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.20.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:300855 <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt
* 1:300856 <-> OS-WINDOWS Microsoft Windows GDI elevation of privilege attempt
* 1:300857 <-> SERVER-WEBAPP Zoho ManageEngine OpManager FailOverHelperServlet cross site scripting attempt
* 1:300858 <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt
* 1:300859 <-> FILE-OTHER Microsoft Windows compressed folder tampering attempt
* 1:300860 <-> OS-WINDOWS Microsoft Windows Kernel information disclosure attempt
* 1:300861 <-> MALWARE-OTHER Linux.Trojan.GTPDoor download attempt
* 1:300862 <-> OS-WINDOWS Microsoft Windows Print Spooler elevation of privileges attempt
* 1:63142 <-> SERVER-WEBAPP CrushFTP authentication bypass attempt
* 1:63143 <-> SERVER-WEBAPP WordPress wpDiscuz plugin arbitrary PHP file upload attempt
* 1:63146 <-> SERVER-OTHER VMware vCenter DCERPC out of bounds write attempt
* 1:63147 <-> SERVER-OTHER VMware vCenter DCERPC out of bounds write attempt
* 1:63148 <-> SERVER-OTHER VMware vCenter DCERPC out of bounds write attempt
* 1:63149 <-> SERVER-OTHER VMware vCenter DCERPC out of bounds write attempt
* 1:63154 <-> SERVER-WEBAPP JetBrains TeamCity authentication bypass attempt
* 3:63157 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1953 attack attempt
* 3:63158 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1953 attack attempt
* 3:63159 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1953 attack attempt
* 3:63160 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1953 attack attempt
* 3:63165 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1928 attack attempt
* 3:63166 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1928 attack attempt
* 3:63167 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1928 attack attempt
* 3:63168 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1928 attack attempt
* 3:63171 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt
* 3:63172 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt
* 3:63173 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt
* 3:63174 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt
* 3:63175 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt
* 3:63176 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt
* 3:63177 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt
* 3:63178 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt
* 3:63179 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt
* 3:63180 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt

Modified Rules:

* 1:43279 <-> SERVER-WEBAPP Advantech WebAccess cross site scripting attempt
* 1:44667 <-> SERVER-WEBAPP Advantech WebAccess cross site scripting attempt
* 1:59339 <-> SERVER-WEBAPP Trend Micro Control Manager AdHocQuery_Processor SQL injection attempt
* 1:59340 <-> SERVER-WEBAPP Trend Micro Control Manager AdHocQuery_Processor SQL injection attempt
* 1:59341 <-> SERVER-WEBAPP Trend Micro Control Manager AdHocQuery_Processor SQL injection attempt


2024-03-12 17:18:40 UTC

Snort Subscriber Rules Update

Date: 2024-03-11-001

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.21.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:300855 <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt
* 1:300856 <-> OS-WINDOWS Microsoft Windows GDI elevation of privilege attempt
* 1:300857 <-> SERVER-WEBAPP Zoho ManageEngine OpManager FailOverHelperServlet cross site scripting attempt
* 1:300858 <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt
* 1:300859 <-> FILE-OTHER Microsoft Windows compressed folder tampering attempt
* 1:300860 <-> OS-WINDOWS Microsoft Windows Kernel information disclosure attempt
* 1:300861 <-> MALWARE-OTHER Linux.Trojan.GTPDoor download attempt
* 1:300862 <-> OS-WINDOWS Microsoft Windows Print Spooler elevation of privileges attempt
* 1:63142 <-> SERVER-WEBAPP CrushFTP authentication bypass attempt
* 1:63143 <-> SERVER-WEBAPP WordPress wpDiscuz plugin arbitrary PHP file upload attempt
* 1:63146 <-> SERVER-OTHER VMware vCenter DCERPC out of bounds write attempt
* 1:63147 <-> SERVER-OTHER VMware vCenter DCERPC out of bounds write attempt
* 1:63148 <-> SERVER-OTHER VMware vCenter DCERPC out of bounds write attempt
* 1:63149 <-> SERVER-OTHER VMware vCenter DCERPC out of bounds write attempt
* 1:63154 <-> SERVER-WEBAPP JetBrains TeamCity authentication bypass attempt
* 3:63157 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1953 attack attempt
* 3:63158 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1953 attack attempt
* 3:63159 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1953 attack attempt
* 3:63160 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1953 attack attempt
* 3:63165 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1928 attack attempt
* 3:63166 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1928 attack attempt
* 3:63167 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1928 attack attempt
* 3:63168 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1928 attack attempt
* 3:63171 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt
* 3:63172 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt
* 3:63173 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt
* 3:63174 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt
* 3:63175 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt
* 3:63176 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt
* 3:63177 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt
* 3:63178 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt
* 3:63179 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt
* 3:63180 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt

Modified Rules:

* 1:43279 <-> SERVER-WEBAPP Advantech WebAccess cross site scripting attempt
* 1:44667 <-> SERVER-WEBAPP Advantech WebAccess cross site scripting attempt
* 1:59339 <-> SERVER-WEBAPP Trend Micro Control Manager AdHocQuery_Processor SQL injection attempt
* 1:59340 <-> SERVER-WEBAPP Trend Micro Control Manager AdHocQuery_Processor SQL injection attempt
* 1:59341 <-> SERVER-WEBAPP Trend Micro Control Manager AdHocQuery_Processor SQL injection attempt


2024-03-12 17:18:40 UTC

Snort Subscriber Rules Update

Date: 2024-03-11-001

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.35.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:300855 <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt
* 1:300856 <-> OS-WINDOWS Microsoft Windows GDI elevation of privilege attempt
* 1:300857 <-> SERVER-WEBAPP Zoho ManageEngine OpManager FailOverHelperServlet cross site scripting attempt
* 1:300858 <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt
* 1:300859 <-> FILE-OTHER Microsoft Windows compressed folder tampering attempt
* 1:300860 <-> OS-WINDOWS Microsoft Windows Kernel information disclosure attempt
* 1:300861 <-> MALWARE-OTHER Linux.Trojan.GTPDoor download attempt
* 1:300862 <-> OS-WINDOWS Microsoft Windows Print Spooler elevation of privileges attempt
* 1:63142 <-> SERVER-WEBAPP CrushFTP authentication bypass attempt
* 1:63143 <-> SERVER-WEBAPP WordPress wpDiscuz plugin arbitrary PHP file upload attempt
* 1:63146 <-> SERVER-OTHER VMware vCenter DCERPC out of bounds write attempt
* 1:63147 <-> SERVER-OTHER VMware vCenter DCERPC out of bounds write attempt
* 1:63148 <-> SERVER-OTHER VMware vCenter DCERPC out of bounds write attempt
* 1:63149 <-> SERVER-OTHER VMware vCenter DCERPC out of bounds write attempt
* 1:63154 <-> SERVER-WEBAPP JetBrains TeamCity authentication bypass attempt
* 3:63157 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1953 attack attempt
* 3:63158 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1953 attack attempt
* 3:63159 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1953 attack attempt
* 3:63160 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1953 attack attempt
* 3:63165 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1928 attack attempt
* 3:63166 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1928 attack attempt
* 3:63167 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1928 attack attempt
* 3:63168 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1928 attack attempt
* 3:63171 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt
* 3:63172 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt
* 3:63173 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt
* 3:63174 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt
* 3:63175 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt
* 3:63176 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt
* 3:63177 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt
* 3:63178 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt
* 3:63179 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt
* 3:63180 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt

Modified Rules:

* 1:43279 <-> SERVER-WEBAPP Advantech WebAccess cross site scripting attempt
* 1:44667 <-> SERVER-WEBAPP Advantech WebAccess cross site scripting attempt
* 1:59339 <-> SERVER-WEBAPP Trend Micro Control Manager AdHocQuery_Processor SQL injection attempt
* 1:59340 <-> SERVER-WEBAPP Trend Micro Control Manager AdHocQuery_Processor SQL injection attempt
* 1:59341 <-> SERVER-WEBAPP Trend Micro Control Manager AdHocQuery_Processor SQL injection attempt


2024-03-12 17:18:40 UTC

Snort Subscriber Rules Update

Date: 2024-03-11-001

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.44.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:300855 <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt
* 1:300856 <-> OS-WINDOWS Microsoft Windows GDI elevation of privilege attempt
* 1:300857 <-> SERVER-WEBAPP Zoho ManageEngine OpManager FailOverHelperServlet cross site scripting attempt
* 1:300858 <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt
* 1:300859 <-> FILE-OTHER Microsoft Windows compressed folder tampering attempt
* 1:300860 <-> OS-WINDOWS Microsoft Windows Kernel information disclosure attempt
* 1:300861 <-> MALWARE-OTHER Linux.Trojan.GTPDoor download attempt
* 1:300862 <-> OS-WINDOWS Microsoft Windows Print Spooler elevation of privileges attempt
* 1:63142 <-> SERVER-WEBAPP CrushFTP authentication bypass attempt
* 1:63143 <-> SERVER-WEBAPP WordPress wpDiscuz plugin arbitrary PHP file upload attempt
* 1:63146 <-> SERVER-OTHER VMware vCenter DCERPC out of bounds write attempt
* 1:63147 <-> SERVER-OTHER VMware vCenter DCERPC out of bounds write attempt
* 1:63148 <-> SERVER-OTHER VMware vCenter DCERPC out of bounds write attempt
* 1:63149 <-> SERVER-OTHER VMware vCenter DCERPC out of bounds write attempt
* 1:63154 <-> SERVER-WEBAPP JetBrains TeamCity authentication bypass attempt
* 3:63157 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1953 attack attempt
* 3:63158 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1953 attack attempt
* 3:63159 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1953 attack attempt
* 3:63160 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1953 attack attempt
* 3:63165 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1928 attack attempt
* 3:63166 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1928 attack attempt
* 3:63167 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1928 attack attempt
* 3:63168 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1928 attack attempt
* 3:63171 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt
* 3:63172 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt
* 3:63173 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt
* 3:63174 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt
* 3:63175 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt
* 3:63176 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt
* 3:63177 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt
* 3:63178 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt
* 3:63179 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt
* 3:63180 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt

Modified Rules:

* 1:43279 <-> SERVER-WEBAPP Advantech WebAccess cross site scripting attempt
* 1:44667 <-> SERVER-WEBAPP Advantech WebAccess cross site scripting attempt
* 1:59339 <-> SERVER-WEBAPP Trend Micro Control Manager AdHocQuery_Processor SQL injection attempt
* 1:59340 <-> SERVER-WEBAPP Trend Micro Control Manager AdHocQuery_Processor SQL injection attempt
* 1:59341 <-> SERVER-WEBAPP Trend Micro Control Manager AdHocQuery_Processor SQL injection attempt


2024-03-12 17:18:40 UTC

Snort Subscriber Rules Update

Date: 2024-03-11-001

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.47.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:300855 <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt
* 1:300856 <-> OS-WINDOWS Microsoft Windows GDI elevation of privilege attempt
* 1:300857 <-> SERVER-WEBAPP Zoho ManageEngine OpManager FailOverHelperServlet cross site scripting attempt
* 1:300858 <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt
* 1:300859 <-> FILE-OTHER Microsoft Windows compressed folder tampering attempt
* 1:300860 <-> OS-WINDOWS Microsoft Windows Kernel information disclosure attempt
* 1:300861 <-> MALWARE-OTHER Linux.Trojan.GTPDoor download attempt
* 1:300862 <-> OS-WINDOWS Microsoft Windows Print Spooler elevation of privileges attempt
* 1:63142 <-> SERVER-WEBAPP CrushFTP authentication bypass attempt
* 1:63143 <-> SERVER-WEBAPP WordPress wpDiscuz plugin arbitrary PHP file upload attempt
* 1:63146 <-> SERVER-OTHER VMware vCenter DCERPC out of bounds write attempt
* 1:63147 <-> SERVER-OTHER VMware vCenter DCERPC out of bounds write attempt
* 1:63148 <-> SERVER-OTHER VMware vCenter DCERPC out of bounds write attempt
* 1:63149 <-> SERVER-OTHER VMware vCenter DCERPC out of bounds write attempt
* 1:63154 <-> SERVER-WEBAPP JetBrains TeamCity authentication bypass attempt
* 3:63157 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1953 attack attempt
* 3:63158 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1953 attack attempt
* 3:63159 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1953 attack attempt
* 3:63160 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1953 attack attempt
* 3:63165 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1928 attack attempt
* 3:63166 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1928 attack attempt
* 3:63167 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1928 attack attempt
* 3:63168 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1928 attack attempt
* 3:63171 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt
* 3:63172 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt
* 3:63173 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt
* 3:63174 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt
* 3:63175 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt
* 3:63176 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt
* 3:63177 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt
* 3:63178 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt
* 3:63179 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt
* 3:63180 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2024-1926 attack attempt

Modified Rules:

* 1:43279 <-> SERVER-WEBAPP Advantech WebAccess cross site scripting attempt
* 1:44667 <-> SERVER-WEBAPP Advantech WebAccess cross site scripting attempt
* 1:59339 <-> SERVER-WEBAPP Trend Micro Control Manager AdHocQuery_Processor SQL injection attempt
* 1:59340 <-> SERVER-WEBAPP Trend Micro Control Manager AdHocQuery_Processor SQL injection attempt
* 1:59341 <-> SERVER-WEBAPP Trend Micro Control Manager AdHocQuery_Processor SQL injection attempt