Microsoft Vulnerability CVE-2024-26158: A coding deficiency exists in Microsoft Install Service that may lead to an escalation of privilege.
Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with: Snort 2: GID 1, SIDs 63254 through 63255, Snort 3: GID 1, SID 300873.
Microsoft Vulnerability CVE-2024-26209: A coding deficiency exists in Microsoft Local Security Authority Subsystem Service that may lead to an information disclosure.
Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with: Snort 2: GID 1, SIDs 63263 through 63264, Snort 3: GID 1, SID 300877.
Microsoft Vulnerability CVE-2024-26211: A coding deficiency exists in Microsoft Windows Remote Access Connection Manager that may lead to an escalation of privilege.
Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with: Snort 2: GID 1, SIDs 63256 through 63257, Snort 3: GID 1, SID 300874.
Microsoft Vulnerability CVE-2024-26212: A coding deficiency exists in Microsoft DHCP Server Service that may lead to denial of service.
Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with: Snort 2: GID 1, SID 63265,
Microsoft Vulnerability CVE-2024-26218: A coding deficiency exists in Microsoft Windows Kernel that may lead to an escalation of privilege.
Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with: Snort 2: GID 1, SIDs 63266 through 63267, Snort 3: GID 1, SID 300878.
Microsoft Vulnerability CVE-2024-26230: A coding deficiency exists in Microsoft Windows Telephony Server that may lead to an escalation of privilege.
Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with: Snort 2: GID 1, SIDs 63268 through 63269, Snort 3: GID 1, SID 300879.
Microsoft Vulnerability CVE-2024-26234: A coding deficiency exists in Microsoft Proxy Driver that may lead to spoofing.
Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with: Snort 2: GID 1, SIDs 63270 through 63271, Snort 3: GID 1, SID 300880.
Microsoft Vulnerability CVE-2024-26256: A coding deficiency exists in Microsoft libarchive that may lead to remote code execution.
Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with: Snort 2: GID 1, SIDs 63274 through 63275, Snort 3: GID 1, SID 300881.
Talos also has added and modified multiple rules in the malware-other, os-windows, policy-other, pua-other and server-webapp rule sets to provide coverage for emerging threats from these technologies.
For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2092000.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:63253 <-> ENABLED <-> SERVER-WEBAPP Fortra FileCatalyst directory traversal attempt (server-webapp.rules) * 1:63254 <-> DISABLED <-> OS-WINDOWS Microsoft Install Service elevation of privilege attempt (os-windows.rules) * 1:63255 <-> DISABLED <-> OS-WINDOWS Microsoft Install Service elevation of privilege attempt (os-windows.rules) * 1:63256 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Remote Access Connection Manager elevation of privilege attempt (os-windows.rules) * 1:63257 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Remote Access Connection Manager elevation of privilege attempt (os-windows.rules) * 1:63258 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Buhti variant binary download attempt (malware-other.rules) * 1:63259 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Buhti variant binary download attempt (malware-other.rules) * 1:63260 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Buhti variant binary download attempt (malware-other.rules) * 1:63261 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Buhti variant binary download attempt (malware-other.rules) * 1:63262 <-> ENABLED <-> SERVER-WEBAPP Ivanti Endpoint Manager remote code execution attempt (server-webapp.rules) * 1:63263 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Local Security Authority Subsystem Service information disclosure attempt (os-windows.rules) * 1:63264 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Local Security Authority Subsystem Service information disclosure attempt (os-windows.rules) * 1:63265 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DHCP Server denial-of-service attempt (os-windows.rules) * 1:63266 <-> DISABLED <-> OS-WINDOWS Microsoft Windows kernel escalation of privilege attempt (os-windows.rules) * 1:63267 <-> DISABLED <-> OS-WINDOWS Microsoft Windows kernel escalation of privilege attempt (os-windows.rules) * 1:63268 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Telephony Server escalation of privilege attempt (os-windows.rules) * 1:63269 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Telephony Server escalation of privilege attempt (os-windows.rules) * 1:63270 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Proxy Driver spoofing attempt (os-windows.rules) * 1:63271 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Proxy Driver spoofing attempt (os-windows.rules) * 1:63274 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Explorer privilege escalation attempt (os-windows.rules) * 1:63275 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Explorer privilege escalation attempt (os-windows.rules) * 1:63276 <-> ENABLED <-> MALWARE-OTHER Unix.Malware.AcidPour download attempt (malware-other.rules) * 1:63277 <-> ENABLED <-> MALWARE-OTHER Unix.Malware.AcidPour download attempt (malware-other.rules) * 3:63273 <-> ENABLED <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2024-1964 attack attempt (os-windows.rules) * 3:63272 <-> ENABLED <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2024-1964 attack attempt (os-windows.rules) * 3:63278 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2024-1962 attack attempt (policy-other.rules)
* 1:13617 <-> DISABLED <-> SERVER-ORACLE Oracle database version 8 username buffer overflow attempt (server-oracle.rules) * 1:57631 <-> DISABLED <-> PUA-OTHER WeChat User-Agent string - MicroMessenger (pua-other.rules) * 1:57632 <-> DISABLED <-> PUA-OTHER Known unwanted User-Agent string - LieBaoFast (pua-other.rules) * 1:57634 <-> DISABLED <-> PUA-OTHER Known unwanted User-Agent string - PetalBot (pua-other.rules) * 1:13719 <-> DISABLED <-> SERVER-ORACLE database username buffer overflow (server-oracle.rules) * 1:57633 <-> DISABLED <-> PUA-OTHER Known unwanted User-Agent string - Mb2345Browser (pua-other.rules) * 1:13618 <-> DISABLED <-> SERVER-ORACLE Oracle database version 9 username buffer overflow attempt (server-oracle.rules)
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2091900.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:63271 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Proxy Driver spoofing attempt (os-windows.rules) * 1:63256 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Remote Access Connection Manager elevation of privilege attempt (os-windows.rules) * 1:63274 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Explorer privilege escalation attempt (os-windows.rules) * 1:63260 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Buhti variant binary download attempt (malware-other.rules) * 1:63261 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Buhti variant binary download attempt (malware-other.rules) * 1:63258 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Buhti variant binary download attempt (malware-other.rules) * 1:63263 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Local Security Authority Subsystem Service information disclosure attempt (os-windows.rules) * 1:63257 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Remote Access Connection Manager elevation of privilege attempt (os-windows.rules) * 1:63259 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Buhti variant binary download attempt (malware-other.rules) * 1:63264 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Local Security Authority Subsystem Service information disclosure attempt (os-windows.rules) * 1:63265 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DHCP Server denial-of-service attempt (os-windows.rules) * 1:63266 <-> DISABLED <-> OS-WINDOWS Microsoft Windows kernel escalation of privilege attempt (os-windows.rules) * 1:63268 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Telephony Server escalation of privilege attempt (os-windows.rules) * 1:63267 <-> DISABLED <-> OS-WINDOWS Microsoft Windows kernel escalation of privilege attempt (os-windows.rules) * 1:63269 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Telephony Server escalation of privilege attempt (os-windows.rules) * 1:63270 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Proxy Driver spoofing attempt (os-windows.rules) * 1:63262 <-> ENABLED <-> SERVER-WEBAPP Ivanti Endpoint Manager remote code execution attempt (server-webapp.rules) * 1:63276 <-> ENABLED <-> MALWARE-OTHER Unix.Malware.AcidPour download attempt (malware-other.rules) * 1:63277 <-> ENABLED <-> MALWARE-OTHER Unix.Malware.AcidPour download attempt (malware-other.rules) * 1:63275 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Explorer privilege escalation attempt (os-windows.rules) * 1:63253 <-> ENABLED <-> SERVER-WEBAPP Fortra FileCatalyst directory traversal attempt (server-webapp.rules) * 1:63255 <-> DISABLED <-> OS-WINDOWS Microsoft Install Service elevation of privilege attempt (os-windows.rules) * 1:63254 <-> DISABLED <-> OS-WINDOWS Microsoft Install Service elevation of privilege attempt (os-windows.rules) * 3:63272 <-> ENABLED <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2024-1964 attack attempt (os-windows.rules) * 3:63278 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2024-1962 attack attempt (policy-other.rules) * 3:63273 <-> ENABLED <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2024-1964 attack attempt (os-windows.rules)
* 1:57631 <-> DISABLED <-> PUA-OTHER WeChat User-Agent string - MicroMessenger (pua-other.rules) * 1:57633 <-> DISABLED <-> PUA-OTHER Known unwanted User-Agent string - Mb2345Browser (pua-other.rules) * 1:57632 <-> DISABLED <-> PUA-OTHER Known unwanted User-Agent string - LieBaoFast (pua-other.rules) * 1:13719 <-> DISABLED <-> SERVER-ORACLE database username buffer overflow (server-oracle.rules) * 1:57634 <-> DISABLED <-> PUA-OTHER Known unwanted User-Agent string - PetalBot (pua-other.rules) * 1:13617 <-> DISABLED <-> SERVER-ORACLE Oracle database version 8 username buffer overflow attempt (server-oracle.rules) * 1:13618 <-> DISABLED <-> SERVER-ORACLE Oracle database version 9 username buffer overflow attempt (server-oracle.rules)
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2091801.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:63275 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Explorer privilege escalation attempt (os-windows.rules) * 1:63274 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Explorer privilege escalation attempt (os-windows.rules) * 1:63260 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Buhti variant binary download attempt (malware-other.rules) * 1:63261 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Buhti variant binary download attempt (malware-other.rules) * 1:63276 <-> ENABLED <-> MALWARE-OTHER Unix.Malware.AcidPour download attempt (malware-other.rules) * 1:63255 <-> DISABLED <-> OS-WINDOWS Microsoft Install Service elevation of privilege attempt (os-windows.rules) * 1:63277 <-> ENABLED <-> MALWARE-OTHER Unix.Malware.AcidPour download attempt (malware-other.rules) * 1:63258 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Buhti variant binary download attempt (malware-other.rules) * 1:63267 <-> DISABLED <-> OS-WINDOWS Microsoft Windows kernel escalation of privilege attempt (os-windows.rules) * 1:63257 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Remote Access Connection Manager elevation of privilege attempt (os-windows.rules) * 1:63259 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Buhti variant binary download attempt (malware-other.rules) * 1:63264 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Local Security Authority Subsystem Service information disclosure attempt (os-windows.rules) * 1:63268 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Telephony Server escalation of privilege attempt (os-windows.rules) * 1:63269 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Telephony Server escalation of privilege attempt (os-windows.rules) * 1:63270 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Proxy Driver spoofing attempt (os-windows.rules) * 1:63266 <-> DISABLED <-> OS-WINDOWS Microsoft Windows kernel escalation of privilege attempt (os-windows.rules) * 1:63254 <-> DISABLED <-> OS-WINDOWS Microsoft Install Service elevation of privilege attempt (os-windows.rules) * 1:63253 <-> ENABLED <-> SERVER-WEBAPP Fortra FileCatalyst directory traversal attempt (server-webapp.rules) * 1:63256 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Remote Access Connection Manager elevation of privilege attempt (os-windows.rules) * 1:63263 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Local Security Authority Subsystem Service information disclosure attempt (os-windows.rules) * 1:63271 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Proxy Driver spoofing attempt (os-windows.rules) * 1:63262 <-> ENABLED <-> SERVER-WEBAPP Ivanti Endpoint Manager remote code execution attempt (server-webapp.rules) * 1:63265 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DHCP Server denial-of-service attempt (os-windows.rules) * 3:63272 <-> ENABLED <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2024-1964 attack attempt (os-windows.rules) * 3:63273 <-> ENABLED <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2024-1964 attack attempt (os-windows.rules) * 3:63278 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2024-1962 attack attempt (policy-other.rules)
* 1:57631 <-> DISABLED <-> PUA-OTHER WeChat User-Agent string - MicroMessenger (pua-other.rules) * 1:13617 <-> DISABLED <-> SERVER-ORACLE Oracle database version 8 username buffer overflow attempt (server-oracle.rules) * 1:57632 <-> DISABLED <-> PUA-OTHER Known unwanted User-Agent string - LieBaoFast (pua-other.rules) * 1:13719 <-> DISABLED <-> SERVER-ORACLE database username buffer overflow (server-oracle.rules) * 1:57633 <-> DISABLED <-> PUA-OTHER Known unwanted User-Agent string - Mb2345Browser (pua-other.rules) * 1:13618 <-> DISABLED <-> SERVER-ORACLE Oracle database version 9 username buffer overflow attempt (server-oracle.rules) * 1:57634 <-> DISABLED <-> PUA-OTHER Known unwanted User-Agent string - PetalBot (pua-other.rules)
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2091701.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:63268 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Telephony Server escalation of privilege attempt (os-windows.rules) * 1:63267 <-> DISABLED <-> OS-WINDOWS Microsoft Windows kernel escalation of privilege attempt (os-windows.rules) * 1:63258 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Buhti variant binary download attempt (malware-other.rules) * 1:63253 <-> ENABLED <-> SERVER-WEBAPP Fortra FileCatalyst directory traversal attempt (server-webapp.rules) * 1:63271 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Proxy Driver spoofing attempt (os-windows.rules) * 1:63274 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Explorer privilege escalation attempt (os-windows.rules) * 1:63276 <-> ENABLED <-> MALWARE-OTHER Unix.Malware.AcidPour download attempt (malware-other.rules) * 1:63275 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Explorer privilege escalation attempt (os-windows.rules) * 1:63277 <-> ENABLED <-> MALWARE-OTHER Unix.Malware.AcidPour download attempt (malware-other.rules) * 1:63256 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Remote Access Connection Manager elevation of privilege attempt (os-windows.rules) * 1:63266 <-> DISABLED <-> OS-WINDOWS Microsoft Windows kernel escalation of privilege attempt (os-windows.rules) * 1:63270 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Proxy Driver spoofing attempt (os-windows.rules) * 1:63260 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Buhti variant binary download attempt (malware-other.rules) * 1:63261 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Buhti variant binary download attempt (malware-other.rules) * 1:63262 <-> ENABLED <-> SERVER-WEBAPP Ivanti Endpoint Manager remote code execution attempt (server-webapp.rules) * 1:63254 <-> DISABLED <-> OS-WINDOWS Microsoft Install Service elevation of privilege attempt (os-windows.rules) * 1:63255 <-> DISABLED <-> OS-WINDOWS Microsoft Install Service elevation of privilege attempt (os-windows.rules) * 1:63263 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Local Security Authority Subsystem Service information disclosure attempt (os-windows.rules) * 1:63264 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Local Security Authority Subsystem Service information disclosure attempt (os-windows.rules) * 1:63269 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Telephony Server escalation of privilege attempt (os-windows.rules) * 1:63265 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DHCP Server denial-of-service attempt (os-windows.rules) * 1:63259 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Buhti variant binary download attempt (malware-other.rules) * 1:63257 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Remote Access Connection Manager elevation of privilege attempt (os-windows.rules) * 3:63272 <-> ENABLED <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2024-1964 attack attempt (os-windows.rules) * 3:63273 <-> ENABLED <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2024-1964 attack attempt (os-windows.rules) * 3:63278 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2024-1962 attack attempt (policy-other.rules)
* 1:57634 <-> DISABLED <-> PUA-OTHER Known unwanted User-Agent string - PetalBot (pua-other.rules) * 1:13617 <-> DISABLED <-> SERVER-ORACLE Oracle database version 8 username buffer overflow attempt (server-oracle.rules) * 1:57631 <-> DISABLED <-> PUA-OTHER WeChat User-Agent string - MicroMessenger (pua-other.rules) * 1:57632 <-> DISABLED <-> PUA-OTHER Known unwanted User-Agent string - LieBaoFast (pua-other.rules) * 1:57633 <-> DISABLED <-> PUA-OTHER Known unwanted User-Agent string - Mb2345Browser (pua-other.rules) * 1:13719 <-> DISABLED <-> SERVER-ORACLE database username buffer overflow (server-oracle.rules) * 1:13618 <-> DISABLED <-> SERVER-ORACLE Oracle database version 9 username buffer overflow attempt (server-oracle.rules)
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2091700.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:63274 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Explorer privilege escalation attempt (os-windows.rules) * 1:63255 <-> DISABLED <-> OS-WINDOWS Microsoft Install Service elevation of privilege attempt (os-windows.rules) * 1:63270 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Proxy Driver spoofing attempt (os-windows.rules) * 1:63269 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Telephony Server escalation of privilege attempt (os-windows.rules) * 1:63261 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Buhti variant binary download attempt (malware-other.rules) * 1:63253 <-> ENABLED <-> SERVER-WEBAPP Fortra FileCatalyst directory traversal attempt (server-webapp.rules) * 1:63276 <-> ENABLED <-> MALWARE-OTHER Unix.Malware.AcidPour download attempt (malware-other.rules) * 1:63271 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Proxy Driver spoofing attempt (os-windows.rules) * 1:63260 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Buhti variant binary download attempt (malware-other.rules) * 1:63256 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Remote Access Connection Manager elevation of privilege attempt (os-windows.rules) * 1:63259 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Buhti variant binary download attempt (malware-other.rules) * 1:63263 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Local Security Authority Subsystem Service information disclosure attempt (os-windows.rules) * 1:63264 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Local Security Authority Subsystem Service information disclosure attempt (os-windows.rules) * 1:63258 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Buhti variant binary download attempt (malware-other.rules) * 1:63257 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Remote Access Connection Manager elevation of privilege attempt (os-windows.rules) * 1:63265 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DHCP Server denial-of-service attempt (os-windows.rules) * 1:63266 <-> DISABLED <-> OS-WINDOWS Microsoft Windows kernel escalation of privilege attempt (os-windows.rules) * 1:63267 <-> DISABLED <-> OS-WINDOWS Microsoft Windows kernel escalation of privilege attempt (os-windows.rules) * 1:63268 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Telephony Server escalation of privilege attempt (os-windows.rules) * 1:63277 <-> ENABLED <-> MALWARE-OTHER Unix.Malware.AcidPour download attempt (malware-other.rules) * 1:63254 <-> DISABLED <-> OS-WINDOWS Microsoft Install Service elevation of privilege attempt (os-windows.rules) * 1:63275 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Explorer privilege escalation attempt (os-windows.rules) * 1:63262 <-> ENABLED <-> SERVER-WEBAPP Ivanti Endpoint Manager remote code execution attempt (server-webapp.rules) * 3:63273 <-> ENABLED <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2024-1964 attack attempt (os-windows.rules) * 3:63278 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2024-1962 attack attempt (policy-other.rules) * 3:63272 <-> ENABLED <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2024-1964 attack attempt (os-windows.rules)
* 1:13617 <-> DISABLED <-> SERVER-ORACLE Oracle database version 8 username buffer overflow attempt (server-oracle.rules) * 1:57631 <-> DISABLED <-> PUA-OTHER WeChat User-Agent string - MicroMessenger (pua-other.rules) * 1:57632 <-> DISABLED <-> PUA-OTHER Known unwanted User-Agent string - LieBaoFast (pua-other.rules) * 1:57634 <-> DISABLED <-> PUA-OTHER Known unwanted User-Agent string - PetalBot (pua-other.rules) * 1:13618 <-> DISABLED <-> SERVER-ORACLE Oracle database version 9 username buffer overflow attempt (server-oracle.rules) * 1:57633 <-> DISABLED <-> PUA-OTHER Known unwanted User-Agent string - Mb2345Browser (pua-other.rules) * 1:13719 <-> DISABLED <-> SERVER-ORACLE database username buffer overflow (server-oracle.rules)
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2091601.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:63271 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Proxy Driver spoofing attempt (os-windows.rules) * 1:63274 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Explorer privilege escalation attempt (os-windows.rules) * 1:63261 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Buhti variant binary download attempt (malware-other.rules) * 1:63256 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Remote Access Connection Manager elevation of privilege attempt (os-windows.rules) * 1:63275 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Explorer privilege escalation attempt (os-windows.rules) * 1:63277 <-> ENABLED <-> MALWARE-OTHER Unix.Malware.AcidPour download attempt (malware-other.rules) * 1:63253 <-> ENABLED <-> SERVER-WEBAPP Fortra FileCatalyst directory traversal attempt (server-webapp.rules) * 1:63259 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Buhti variant binary download attempt (malware-other.rules) * 1:63257 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Remote Access Connection Manager elevation of privilege attempt (os-windows.rules) * 1:63258 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Buhti variant binary download attempt (malware-other.rules) * 1:63254 <-> DISABLED <-> OS-WINDOWS Microsoft Install Service elevation of privilege attempt (os-windows.rules) * 1:63263 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Local Security Authority Subsystem Service information disclosure attempt (os-windows.rules) * 1:63264 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Local Security Authority Subsystem Service information disclosure attempt (os-windows.rules) * 1:63265 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DHCP Server denial-of-service attempt (os-windows.rules) * 1:63262 <-> ENABLED <-> SERVER-WEBAPP Ivanti Endpoint Manager remote code execution attempt (server-webapp.rules) * 1:63276 <-> ENABLED <-> MALWARE-OTHER Unix.Malware.AcidPour download attempt (malware-other.rules) * 1:63266 <-> DISABLED <-> OS-WINDOWS Microsoft Windows kernel escalation of privilege attempt (os-windows.rules) * 1:63270 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Proxy Driver spoofing attempt (os-windows.rules) * 1:63269 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Telephony Server escalation of privilege attempt (os-windows.rules) * 1:63260 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Buhti variant binary download attempt (malware-other.rules) * 1:63267 <-> DISABLED <-> OS-WINDOWS Microsoft Windows kernel escalation of privilege attempt (os-windows.rules) * 1:63268 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Telephony Server escalation of privilege attempt (os-windows.rules) * 1:63255 <-> DISABLED <-> OS-WINDOWS Microsoft Install Service elevation of privilege attempt (os-windows.rules) * 3:63272 <-> ENABLED <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2024-1964 attack attempt (os-windows.rules) * 3:63278 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2024-1962 attack attempt (policy-other.rules) * 3:63273 <-> ENABLED <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2024-1964 attack attempt (os-windows.rules)
* 1:13617 <-> DISABLED <-> SERVER-ORACLE Oracle database version 8 username buffer overflow attempt (server-oracle.rules) * 1:57631 <-> DISABLED <-> PUA-OTHER WeChat User-Agent string - MicroMessenger (pua-other.rules) * 1:13618 <-> DISABLED <-> SERVER-ORACLE Oracle database version 9 username buffer overflow attempt (server-oracle.rules) * 1:57632 <-> DISABLED <-> PUA-OTHER Known unwanted User-Agent string - LieBaoFast (pua-other.rules) * 1:13719 <-> DISABLED <-> SERVER-ORACLE database username buffer overflow (server-oracle.rules) * 1:57633 <-> DISABLED <-> PUA-OTHER Known unwanted User-Agent string - Mb2345Browser (pua-other.rules) * 1:57634 <-> DISABLED <-> PUA-OTHER Known unwanted User-Agent string - PetalBot (pua-other.rules)
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2091600.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:63271 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Proxy Driver spoofing attempt (os-windows.rules) * 1:63255 <-> DISABLED <-> OS-WINDOWS Microsoft Install Service elevation of privilege attempt (os-windows.rules) * 1:63277 <-> ENABLED <-> MALWARE-OTHER Unix.Malware.AcidPour download attempt (malware-other.rules) * 1:63254 <-> DISABLED <-> OS-WINDOWS Microsoft Install Service elevation of privilege attempt (os-windows.rules) * 1:63274 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Explorer privilege escalation attempt (os-windows.rules) * 1:63275 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Explorer privilege escalation attempt (os-windows.rules) * 1:63270 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Proxy Driver spoofing attempt (os-windows.rules) * 1:63260 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Buhti variant binary download attempt (malware-other.rules) * 1:63257 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Remote Access Connection Manager elevation of privilege attempt (os-windows.rules) * 1:63269 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Telephony Server escalation of privilege attempt (os-windows.rules) * 1:63256 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Remote Access Connection Manager elevation of privilege attempt (os-windows.rules) * 1:63258 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Buhti variant binary download attempt (malware-other.rules) * 1:63253 <-> ENABLED <-> SERVER-WEBAPP Fortra FileCatalyst directory traversal attempt (server-webapp.rules) * 1:63261 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Buhti variant binary download attempt (malware-other.rules) * 1:63259 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Buhti variant binary download attempt (malware-other.rules) * 1:63262 <-> ENABLED <-> SERVER-WEBAPP Ivanti Endpoint Manager remote code execution attempt (server-webapp.rules) * 1:63263 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Local Security Authority Subsystem Service information disclosure attempt (os-windows.rules) * 1:63264 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Local Security Authority Subsystem Service information disclosure attempt (os-windows.rules) * 1:63265 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DHCP Server denial-of-service attempt (os-windows.rules) * 1:63266 <-> DISABLED <-> OS-WINDOWS Microsoft Windows kernel escalation of privilege attempt (os-windows.rules) * 1:63267 <-> DISABLED <-> OS-WINDOWS Microsoft Windows kernel escalation of privilege attempt (os-windows.rules) * 1:63268 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Telephony Server escalation of privilege attempt (os-windows.rules) * 1:63276 <-> ENABLED <-> MALWARE-OTHER Unix.Malware.AcidPour download attempt (malware-other.rules) * 3:63272 <-> ENABLED <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2024-1964 attack attempt (os-windows.rules) * 3:63273 <-> ENABLED <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2024-1964 attack attempt (os-windows.rules) * 3:63278 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2024-1962 attack attempt (policy-other.rules)
* 1:57631 <-> DISABLED <-> PUA-OTHER WeChat User-Agent string - MicroMessenger (pua-other.rules) * 1:13617 <-> DISABLED <-> SERVER-ORACLE Oracle database version 8 username buffer overflow attempt (server-oracle.rules) * 1:57632 <-> DISABLED <-> PUA-OTHER Known unwanted User-Agent string - LieBaoFast (pua-other.rules) * 1:57633 <-> DISABLED <-> PUA-OTHER Known unwanted User-Agent string - Mb2345Browser (pua-other.rules) * 1:13618 <-> DISABLED <-> SERVER-ORACLE Oracle database version 9 username buffer overflow attempt (server-oracle.rules) * 1:13719 <-> DISABLED <-> SERVER-ORACLE database username buffer overflow (server-oracle.rules) * 1:57634 <-> DISABLED <-> PUA-OTHER Known unwanted User-Agent string - PetalBot (pua-other.rules)
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2091501.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:63275 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Explorer privilege escalation attempt (os-windows.rules) * 1:63257 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Remote Access Connection Manager elevation of privilege attempt (os-windows.rules) * 1:63270 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Proxy Driver spoofing attempt (os-windows.rules) * 1:63277 <-> ENABLED <-> MALWARE-OTHER Unix.Malware.AcidPour download attempt (malware-other.rules) * 1:63265 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DHCP Server denial-of-service attempt (os-windows.rules) * 1:63264 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Local Security Authority Subsystem Service information disclosure attempt (os-windows.rules) * 1:63259 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Buhti variant binary download attempt (malware-other.rules) * 1:63255 <-> DISABLED <-> OS-WINDOWS Microsoft Install Service elevation of privilege attempt (os-windows.rules) * 1:63254 <-> DISABLED <-> OS-WINDOWS Microsoft Install Service elevation of privilege attempt (os-windows.rules) * 1:63261 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Buhti variant binary download attempt (malware-other.rules) * 1:63276 <-> ENABLED <-> MALWARE-OTHER Unix.Malware.AcidPour download attempt (malware-other.rules) * 1:63269 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Telephony Server escalation of privilege attempt (os-windows.rules) * 1:63263 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Local Security Authority Subsystem Service information disclosure attempt (os-windows.rules) * 1:63262 <-> ENABLED <-> SERVER-WEBAPP Ivanti Endpoint Manager remote code execution attempt (server-webapp.rules) * 1:63258 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Buhti variant binary download attempt (malware-other.rules) * 1:63260 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Buhti variant binary download attempt (malware-other.rules) * 1:63268 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Telephony Server escalation of privilege attempt (os-windows.rules) * 1:63267 <-> DISABLED <-> OS-WINDOWS Microsoft Windows kernel escalation of privilege attempt (os-windows.rules) * 1:63266 <-> DISABLED <-> OS-WINDOWS Microsoft Windows kernel escalation of privilege attempt (os-windows.rules) * 1:63253 <-> ENABLED <-> SERVER-WEBAPP Fortra FileCatalyst directory traversal attempt (server-webapp.rules) * 1:63274 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Explorer privilege escalation attempt (os-windows.rules) * 1:63271 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Proxy Driver spoofing attempt (os-windows.rules) * 1:63256 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Remote Access Connection Manager elevation of privilege attempt (os-windows.rules) * 3:63273 <-> ENABLED <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2024-1964 attack attempt (os-windows.rules) * 3:63272 <-> ENABLED <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2024-1964 attack attempt (os-windows.rules) * 3:63278 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2024-1962 attack attempt (policy-other.rules)
* 1:57634 <-> DISABLED <-> PUA-OTHER Known unwanted User-Agent string - PetalBot (pua-other.rules) * 1:13719 <-> DISABLED <-> SERVER-ORACLE database username buffer overflow (server-oracle.rules) * 1:57631 <-> DISABLED <-> PUA-OTHER WeChat User-Agent string - MicroMessenger (pua-other.rules) * 1:57632 <-> DISABLED <-> PUA-OTHER Known unwanted User-Agent string - LieBaoFast (pua-other.rules) * 1:13617 <-> DISABLED <-> SERVER-ORACLE Oracle database version 8 username buffer overflow attempt (server-oracle.rules) * 1:57633 <-> DISABLED <-> PUA-OTHER Known unwanted User-Agent string - Mb2345Browser (pua-other.rules) * 1:13618 <-> DISABLED <-> SERVER-ORACLE Oracle database version 9 username buffer overflow attempt (server-oracle.rules)
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2091401.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:63271 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Proxy Driver spoofing attempt (os-windows.rules) * 1:63274 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Explorer privilege escalation attempt (os-windows.rules) * 1:63269 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Telephony Server escalation of privilege attempt (os-windows.rules) * 1:63257 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Remote Access Connection Manager elevation of privilege attempt (os-windows.rules) * 1:63262 <-> ENABLED <-> SERVER-WEBAPP Ivanti Endpoint Manager remote code execution attempt (server-webapp.rules) * 1:63276 <-> ENABLED <-> MALWARE-OTHER Unix.Malware.AcidPour download attempt (malware-other.rules) * 1:63258 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Buhti variant binary download attempt (malware-other.rules) * 1:63253 <-> ENABLED <-> SERVER-WEBAPP Fortra FileCatalyst directory traversal attempt (server-webapp.rules) * 1:63259 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Buhti variant binary download attempt (malware-other.rules) * 1:63254 <-> DISABLED <-> OS-WINDOWS Microsoft Install Service elevation of privilege attempt (os-windows.rules) * 1:63263 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Local Security Authority Subsystem Service information disclosure attempt (os-windows.rules) * 1:63264 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Local Security Authority Subsystem Service information disclosure attempt (os-windows.rules) * 1:63270 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Proxy Driver spoofing attempt (os-windows.rules) * 1:63265 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DHCP Server denial-of-service attempt (os-windows.rules) * 1:63266 <-> DISABLED <-> OS-WINDOWS Microsoft Windows kernel escalation of privilege attempt (os-windows.rules) * 1:63255 <-> DISABLED <-> OS-WINDOWS Microsoft Install Service elevation of privilege attempt (os-windows.rules) * 1:63260 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Buhti variant binary download attempt (malware-other.rules) * 1:63267 <-> DISABLED <-> OS-WINDOWS Microsoft Windows kernel escalation of privilege attempt (os-windows.rules) * 1:63275 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Explorer privilege escalation attempt (os-windows.rules) * 1:63277 <-> ENABLED <-> MALWARE-OTHER Unix.Malware.AcidPour download attempt (malware-other.rules) * 1:63268 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Telephony Server escalation of privilege attempt (os-windows.rules) * 1:63261 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Buhti variant binary download attempt (malware-other.rules) * 1:63256 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Remote Access Connection Manager elevation of privilege attempt (os-windows.rules) * 3:63273 <-> ENABLED <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2024-1964 attack attempt (os-windows.rules) * 3:63278 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2024-1962 attack attempt (policy-other.rules) * 3:63272 <-> ENABLED <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2024-1964 attack attempt (os-windows.rules)
* 1:57634 <-> DISABLED <-> PUA-OTHER Known unwanted User-Agent string - PetalBot (pua-other.rules) * 1:57631 <-> DISABLED <-> PUA-OTHER WeChat User-Agent string - MicroMessenger (pua-other.rules) * 1:57632 <-> DISABLED <-> PUA-OTHER Known unwanted User-Agent string - LieBaoFast (pua-other.rules) * 1:13719 <-> DISABLED <-> SERVER-ORACLE database username buffer overflow (server-oracle.rules) * 1:57633 <-> DISABLED <-> PUA-OTHER Known unwanted User-Agent string - Mb2345Browser (pua-other.rules) * 1:13618 <-> DISABLED <-> SERVER-ORACLE Oracle database version 9 username buffer overflow attempt (server-oracle.rules) * 1:13617 <-> DISABLED <-> SERVER-ORACLE Oracle database version 8 username buffer overflow attempt (server-oracle.rules)
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2091300.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:63276 <-> ENABLED <-> MALWARE-OTHER Unix.Malware.AcidPour download attempt (malware-other.rules) * 1:63274 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Explorer privilege escalation attempt (os-windows.rules) * 1:63269 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Telephony Server escalation of privilege attempt (os-windows.rules) * 1:63262 <-> ENABLED <-> SERVER-WEBAPP Ivanti Endpoint Manager remote code execution attempt (server-webapp.rules) * 1:63253 <-> ENABLED <-> SERVER-WEBAPP Fortra FileCatalyst directory traversal attempt (server-webapp.rules) * 1:63258 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Buhti variant binary download attempt (malware-other.rules) * 1:63275 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Explorer privilege escalation attempt (os-windows.rules) * 1:63254 <-> DISABLED <-> OS-WINDOWS Microsoft Install Service elevation of privilege attempt (os-windows.rules) * 1:63260 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Buhti variant binary download attempt (malware-other.rules) * 1:63255 <-> DISABLED <-> OS-WINDOWS Microsoft Install Service elevation of privilege attempt (os-windows.rules) * 1:63257 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Remote Access Connection Manager elevation of privilege attempt (os-windows.rules) * 1:63259 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Buhti variant binary download attempt (malware-other.rules) * 1:63261 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Buhti variant binary download attempt (malware-other.rules) * 1:63263 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Local Security Authority Subsystem Service information disclosure attempt (os-windows.rules) * 1:63264 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Local Security Authority Subsystem Service information disclosure attempt (os-windows.rules) * 1:63265 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DHCP Server denial-of-service attempt (os-windows.rules) * 1:63266 <-> DISABLED <-> OS-WINDOWS Microsoft Windows kernel escalation of privilege attempt (os-windows.rules) * 1:63267 <-> DISABLED <-> OS-WINDOWS Microsoft Windows kernel escalation of privilege attempt (os-windows.rules) * 1:63268 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Telephony Server escalation of privilege attempt (os-windows.rules) * 1:63277 <-> ENABLED <-> MALWARE-OTHER Unix.Malware.AcidPour download attempt (malware-other.rules) * 1:63256 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Remote Access Connection Manager elevation of privilege attempt (os-windows.rules) * 1:63270 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Proxy Driver spoofing attempt (os-windows.rules) * 1:63271 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Proxy Driver spoofing attempt (os-windows.rules) * 3:63278 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2024-1962 attack attempt (policy-other.rules) * 3:63272 <-> ENABLED <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2024-1964 attack attempt (os-windows.rules) * 3:63273 <-> ENABLED <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2024-1964 attack attempt (os-windows.rules)
* 1:13719 <-> DISABLED <-> SERVER-ORACLE database username buffer overflow (server-oracle.rules) * 1:57631 <-> DISABLED <-> PUA-OTHER WeChat User-Agent string - MicroMessenger (pua-other.rules) * 1:57632 <-> DISABLED <-> PUA-OTHER Known unwanted User-Agent string - LieBaoFast (pua-other.rules) * 1:57633 <-> DISABLED <-> PUA-OTHER Known unwanted User-Agent string - Mb2345Browser (pua-other.rules) * 1:13617 <-> DISABLED <-> SERVER-ORACLE Oracle database version 8 username buffer overflow attempt (server-oracle.rules) * 1:13618 <-> DISABLED <-> SERVER-ORACLE Oracle database version 9 username buffer overflow attempt (server-oracle.rules) * 1:57634 <-> DISABLED <-> PUA-OTHER Known unwanted User-Agent string - PetalBot (pua-other.rules)
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2091101.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:63277 <-> ENABLED <-> MALWARE-OTHER Unix.Malware.AcidPour download attempt (malware-other.rules) * 1:63275 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Explorer privilege escalation attempt (os-windows.rules) * 1:63255 <-> DISABLED <-> OS-WINDOWS Microsoft Install Service elevation of privilege attempt (os-windows.rules) * 1:63258 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Buhti variant binary download attempt (malware-other.rules) * 1:63274 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Explorer privilege escalation attempt (os-windows.rules) * 1:63269 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Telephony Server escalation of privilege attempt (os-windows.rules) * 1:63256 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Remote Access Connection Manager elevation of privilege attempt (os-windows.rules) * 1:63253 <-> ENABLED <-> SERVER-WEBAPP Fortra FileCatalyst directory traversal attempt (server-webapp.rules) * 1:63270 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Proxy Driver spoofing attempt (os-windows.rules) * 1:63260 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Buhti variant binary download attempt (malware-other.rules) * 1:63264 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Local Security Authority Subsystem Service information disclosure attempt (os-windows.rules) * 1:63267 <-> DISABLED <-> OS-WINDOWS Microsoft Windows kernel escalation of privilege attempt (os-windows.rules) * 1:63266 <-> DISABLED <-> OS-WINDOWS Microsoft Windows kernel escalation of privilege attempt (os-windows.rules) * 1:63259 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Buhti variant binary download attempt (malware-other.rules) * 1:63257 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Remote Access Connection Manager elevation of privilege attempt (os-windows.rules) * 1:63271 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Proxy Driver spoofing attempt (os-windows.rules) * 1:63263 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Local Security Authority Subsystem Service information disclosure attempt (os-windows.rules) * 1:63254 <-> DISABLED <-> OS-WINDOWS Microsoft Install Service elevation of privilege attempt (os-windows.rules) * 1:63262 <-> ENABLED <-> SERVER-WEBAPP Ivanti Endpoint Manager remote code execution attempt (server-webapp.rules) * 1:63268 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Telephony Server escalation of privilege attempt (os-windows.rules) * 1:63265 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DHCP Server denial-of-service attempt (os-windows.rules) * 1:63261 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Buhti variant binary download attempt (malware-other.rules) * 1:63276 <-> ENABLED <-> MALWARE-OTHER Unix.Malware.AcidPour download attempt (malware-other.rules) * 3:63273 <-> ENABLED <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2024-1964 attack attempt (os-windows.rules) * 3:63272 <-> ENABLED <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2024-1964 attack attempt (os-windows.rules) * 3:63278 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2024-1962 attack attempt (policy-other.rules)
* 1:57631 <-> DISABLED <-> PUA-OTHER WeChat User-Agent string - MicroMessenger (pua-other.rules) * 1:13618 <-> DISABLED <-> SERVER-ORACLE Oracle database version 9 username buffer overflow attempt (server-oracle.rules) * 1:57634 <-> DISABLED <-> PUA-OTHER Known unwanted User-Agent string - PetalBot (pua-other.rules) * 1:57632 <-> DISABLED <-> PUA-OTHER Known unwanted User-Agent string - LieBaoFast (pua-other.rules) * 1:13719 <-> DISABLED <-> SERVER-ORACLE database username buffer overflow (server-oracle.rules) * 1:13617 <-> DISABLED <-> SERVER-ORACLE Oracle database version 8 username buffer overflow attempt (server-oracle.rules) * 1:57633 <-> DISABLED <-> PUA-OTHER Known unwanted User-Agent string - Mb2345Browser (pua-other.rules)
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.0.0.0.
The format of the file is:
gid:sid <-> Message
* 1:300873 <-> OS-WINDOWS Microsoft Install Service elevation of privilege attempt * 1:300874 <-> OS-WINDOWS Microsoft Windows Remote Access Connection Manager elevation of privilege attempt * 1:300875 <-> MALWARE-OTHER Win.Ransomware.Buhti variant binary download attempt * 1:300876 <-> MALWARE-OTHER Win.Ransomware.Buhti variant binary download attempt * 1:300877 <-> OS-WINDOWS Microsoft Windows Local Security Authority Subsystem Service information disclosure attempt * 1:300878 <-> OS-WINDOWS Microsoft Windows kernel escalation of privilege attempt * 1:300879 <-> OS-WINDOWS Microsoft Windows Telephony Server escalation of privilege attempt * 1:300880 <-> OS-WINDOWS Microsoft Windows Proxy Driver spoofing attempt * 1:300881 <-> OS-WINDOWS Microsoft Windows Explorer privilege escalation attempt * 1:300882 <-> MALWARE-OTHER Unix.Malware.AcidPour download attempt * 1:63253 <-> SERVER-WEBAPP Fortra FileCatalyst directory traversal attempt * 1:63262 <-> SERVER-WEBAPP Ivanti Endpoint Manager remote code execution attempt * 1:63265 <-> OS-WINDOWS Microsoft Windows DHCP Server denial-of-service attempt * 3:63272 <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2024-1964 attack attempt * 3:63273 <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2024-1964 attack attempt * 3:63278 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2024-1962 attack attempt
* 1:13617 <-> SERVER-ORACLE Oracle database version 8 username buffer overflow attempt * 1:13618 <-> SERVER-ORACLE Oracle database version 9 username buffer overflow attempt * 1:13719 <-> SERVER-ORACLE database username buffer overflow * 1:57631 <-> PUA-OTHER WeChat User-Agent string - MicroMessenger * 1:57632 <-> PUA-OTHER Known unwanted User-Agent string - LieBaoFast * 1:57633 <-> PUA-OTHER Known unwanted User-Agent string - Mb2345Browser * 1:57634 <-> PUA-OTHER Known unwanted User-Agent string - PetalBot
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.0.3.1.
The format of the file is:
gid:sid <-> Message
* 1:300873 <-> OS-WINDOWS Microsoft Install Service elevation of privilege attempt * 1:300874 <-> OS-WINDOWS Microsoft Windows Remote Access Connection Manager elevation of privilege attempt * 1:300875 <-> MALWARE-OTHER Win.Ransomware.Buhti variant binary download attempt * 1:300876 <-> MALWARE-OTHER Win.Ransomware.Buhti variant binary download attempt * 1:300877 <-> OS-WINDOWS Microsoft Windows Local Security Authority Subsystem Service information disclosure attempt * 1:300878 <-> OS-WINDOWS Microsoft Windows kernel escalation of privilege attempt * 1:300879 <-> OS-WINDOWS Microsoft Windows Telephony Server escalation of privilege attempt * 1:300880 <-> OS-WINDOWS Microsoft Windows Proxy Driver spoofing attempt * 1:300881 <-> OS-WINDOWS Microsoft Windows Explorer privilege escalation attempt * 1:300882 <-> MALWARE-OTHER Unix.Malware.AcidPour download attempt * 1:63253 <-> SERVER-WEBAPP Fortra FileCatalyst directory traversal attempt * 1:63262 <-> SERVER-WEBAPP Ivanti Endpoint Manager remote code execution attempt * 1:63265 <-> OS-WINDOWS Microsoft Windows DHCP Server denial-of-service attempt * 3:63272 <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2024-1964 attack attempt * 3:63273 <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2024-1964 attack attempt * 3:63278 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2024-1962 attack attempt
* 1:13617 <-> SERVER-ORACLE Oracle database version 8 username buffer overflow attempt * 1:13618 <-> SERVER-ORACLE Oracle database version 9 username buffer overflow attempt * 1:13719 <-> SERVER-ORACLE database username buffer overflow * 1:57631 <-> PUA-OTHER WeChat User-Agent string - MicroMessenger * 1:57632 <-> PUA-OTHER Known unwanted User-Agent string - LieBaoFast * 1:57633 <-> PUA-OTHER Known unwanted User-Agent string - Mb2345Browser * 1:57634 <-> PUA-OTHER Known unwanted User-Agent string - PetalBot
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.0.3.4.
The format of the file is:
gid:sid <-> Message
* 1:300873 <-> OS-WINDOWS Microsoft Install Service elevation of privilege attempt * 1:300874 <-> OS-WINDOWS Microsoft Windows Remote Access Connection Manager elevation of privilege attempt * 1:300875 <-> MALWARE-OTHER Win.Ransomware.Buhti variant binary download attempt * 1:300876 <-> MALWARE-OTHER Win.Ransomware.Buhti variant binary download attempt * 1:300877 <-> OS-WINDOWS Microsoft Windows Local Security Authority Subsystem Service information disclosure attempt * 1:300878 <-> OS-WINDOWS Microsoft Windows kernel escalation of privilege attempt * 1:300879 <-> OS-WINDOWS Microsoft Windows Telephony Server escalation of privilege attempt * 1:300880 <-> OS-WINDOWS Microsoft Windows Proxy Driver spoofing attempt * 1:300881 <-> OS-WINDOWS Microsoft Windows Explorer privilege escalation attempt * 1:300882 <-> MALWARE-OTHER Unix.Malware.AcidPour download attempt * 1:63253 <-> SERVER-WEBAPP Fortra FileCatalyst directory traversal attempt * 1:63262 <-> SERVER-WEBAPP Ivanti Endpoint Manager remote code execution attempt * 1:63265 <-> OS-WINDOWS Microsoft Windows DHCP Server denial-of-service attempt * 3:63272 <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2024-1964 attack attempt * 3:63273 <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2024-1964 attack attempt * 3:63278 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2024-1962 attack attempt
* 1:13617 <-> SERVER-ORACLE Oracle database version 8 username buffer overflow attempt * 1:13618 <-> SERVER-ORACLE Oracle database version 9 username buffer overflow attempt * 1:13719 <-> SERVER-ORACLE database username buffer overflow * 1:57631 <-> PUA-OTHER WeChat User-Agent string - MicroMessenger * 1:57632 <-> PUA-OTHER Known unwanted User-Agent string - LieBaoFast * 1:57633 <-> PUA-OTHER Known unwanted User-Agent string - Mb2345Browser * 1:57634 <-> PUA-OTHER Known unwanted User-Agent string - PetalBot
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.0.0.
The format of the file is:
gid:sid <-> Message
* 1:300873 <-> OS-WINDOWS Microsoft Install Service elevation of privilege attempt * 1:300874 <-> OS-WINDOWS Microsoft Windows Remote Access Connection Manager elevation of privilege attempt * 1:300875 <-> MALWARE-OTHER Win.Ransomware.Buhti variant binary download attempt * 1:300876 <-> MALWARE-OTHER Win.Ransomware.Buhti variant binary download attempt * 1:300877 <-> OS-WINDOWS Microsoft Windows Local Security Authority Subsystem Service information disclosure attempt * 1:300878 <-> OS-WINDOWS Microsoft Windows kernel escalation of privilege attempt * 1:300879 <-> OS-WINDOWS Microsoft Windows Telephony Server escalation of privilege attempt * 1:300880 <-> OS-WINDOWS Microsoft Windows Proxy Driver spoofing attempt * 1:300881 <-> OS-WINDOWS Microsoft Windows Explorer privilege escalation attempt * 1:300882 <-> MALWARE-OTHER Unix.Malware.AcidPour download attempt * 1:63253 <-> SERVER-WEBAPP Fortra FileCatalyst directory traversal attempt * 1:63262 <-> SERVER-WEBAPP Ivanti Endpoint Manager remote code execution attempt * 1:63265 <-> OS-WINDOWS Microsoft Windows DHCP Server denial-of-service attempt * 3:63272 <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2024-1964 attack attempt * 3:63273 <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2024-1964 attack attempt * 3:63278 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2024-1962 attack attempt
* 1:13617 <-> SERVER-ORACLE Oracle database version 8 username buffer overflow attempt * 1:13618 <-> SERVER-ORACLE Oracle database version 9 username buffer overflow attempt * 1:13719 <-> SERVER-ORACLE database username buffer overflow * 1:57631 <-> PUA-OTHER WeChat User-Agent string - MicroMessenger * 1:57632 <-> PUA-OTHER Known unwanted User-Agent string - LieBaoFast * 1:57633 <-> PUA-OTHER Known unwanted User-Agent string - Mb2345Browser * 1:57634 <-> PUA-OTHER Known unwanted User-Agent string - PetalBot
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.0.1.
The format of the file is:
gid:sid <-> Message
* 1:300873 <-> OS-WINDOWS Microsoft Install Service elevation of privilege attempt * 1:300874 <-> OS-WINDOWS Microsoft Windows Remote Access Connection Manager elevation of privilege attempt * 1:300875 <-> MALWARE-OTHER Win.Ransomware.Buhti variant binary download attempt * 1:300876 <-> MALWARE-OTHER Win.Ransomware.Buhti variant binary download attempt * 1:300877 <-> OS-WINDOWS Microsoft Windows Local Security Authority Subsystem Service information disclosure attempt * 1:300878 <-> OS-WINDOWS Microsoft Windows kernel escalation of privilege attempt * 1:300879 <-> OS-WINDOWS Microsoft Windows Telephony Server escalation of privilege attempt * 1:300880 <-> OS-WINDOWS Microsoft Windows Proxy Driver spoofing attempt * 1:300881 <-> OS-WINDOWS Microsoft Windows Explorer privilege escalation attempt * 1:300882 <-> MALWARE-OTHER Unix.Malware.AcidPour download attempt * 1:63253 <-> SERVER-WEBAPP Fortra FileCatalyst directory traversal attempt * 1:63262 <-> SERVER-WEBAPP Ivanti Endpoint Manager remote code execution attempt * 1:63265 <-> OS-WINDOWS Microsoft Windows DHCP Server denial-of-service attempt * 3:63272 <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2024-1964 attack attempt * 3:63273 <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2024-1964 attack attempt * 3:63278 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2024-1962 attack attempt
* 1:13617 <-> SERVER-ORACLE Oracle database version 8 username buffer overflow attempt * 1:13618 <-> SERVER-ORACLE Oracle database version 9 username buffer overflow attempt * 1:13719 <-> SERVER-ORACLE database username buffer overflow * 1:57631 <-> PUA-OTHER WeChat User-Agent string - MicroMessenger * 1:57632 <-> PUA-OTHER Known unwanted User-Agent string - LieBaoFast * 1:57633 <-> PUA-OTHER Known unwanted User-Agent string - Mb2345Browser * 1:57634 <-> PUA-OTHER Known unwanted User-Agent string - PetalBot
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.1.0.
The format of the file is:
gid:sid <-> Message
* 1:300873 <-> OS-WINDOWS Microsoft Install Service elevation of privilege attempt * 1:300874 <-> OS-WINDOWS Microsoft Windows Remote Access Connection Manager elevation of privilege attempt * 1:300875 <-> MALWARE-OTHER Win.Ransomware.Buhti variant binary download attempt * 1:300876 <-> MALWARE-OTHER Win.Ransomware.Buhti variant binary download attempt * 1:300877 <-> OS-WINDOWS Microsoft Windows Local Security Authority Subsystem Service information disclosure attempt * 1:300878 <-> OS-WINDOWS Microsoft Windows kernel escalation of privilege attempt * 1:300879 <-> OS-WINDOWS Microsoft Windows Telephony Server escalation of privilege attempt * 1:300880 <-> OS-WINDOWS Microsoft Windows Proxy Driver spoofing attempt * 1:300881 <-> OS-WINDOWS Microsoft Windows Explorer privilege escalation attempt * 1:300882 <-> MALWARE-OTHER Unix.Malware.AcidPour download attempt * 1:63253 <-> SERVER-WEBAPP Fortra FileCatalyst directory traversal attempt * 1:63262 <-> SERVER-WEBAPP Ivanti Endpoint Manager remote code execution attempt * 1:63265 <-> OS-WINDOWS Microsoft Windows DHCP Server denial-of-service attempt * 3:63272 <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2024-1964 attack attempt * 3:63273 <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2024-1964 attack attempt * 3:63278 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2024-1962 attack attempt
* 1:13617 <-> SERVER-ORACLE Oracle database version 8 username buffer overflow attempt * 1:13618 <-> SERVER-ORACLE Oracle database version 9 username buffer overflow attempt * 1:13719 <-> SERVER-ORACLE database username buffer overflow * 1:57631 <-> PUA-OTHER WeChat User-Agent string - MicroMessenger * 1:57632 <-> PUA-OTHER Known unwanted User-Agent string - LieBaoFast * 1:57633 <-> PUA-OTHER Known unwanted User-Agent string - Mb2345Browser * 1:57634 <-> PUA-OTHER Known unwanted User-Agent string - PetalBot
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.3.0.
The format of the file is:
gid:sid <-> Message
* 1:300873 <-> OS-WINDOWS Microsoft Install Service elevation of privilege attempt * 1:300874 <-> OS-WINDOWS Microsoft Windows Remote Access Connection Manager elevation of privilege attempt * 1:300875 <-> MALWARE-OTHER Win.Ransomware.Buhti variant binary download attempt * 1:300876 <-> MALWARE-OTHER Win.Ransomware.Buhti variant binary download attempt * 1:300877 <-> OS-WINDOWS Microsoft Windows Local Security Authority Subsystem Service information disclosure attempt * 1:300878 <-> OS-WINDOWS Microsoft Windows kernel escalation of privilege attempt * 1:300879 <-> OS-WINDOWS Microsoft Windows Telephony Server escalation of privilege attempt * 1:300880 <-> OS-WINDOWS Microsoft Windows Proxy Driver spoofing attempt * 1:300881 <-> OS-WINDOWS Microsoft Windows Explorer privilege escalation attempt * 1:300882 <-> MALWARE-OTHER Unix.Malware.AcidPour download attempt * 1:63253 <-> SERVER-WEBAPP Fortra FileCatalyst directory traversal attempt * 1:63262 <-> SERVER-WEBAPP Ivanti Endpoint Manager remote code execution attempt * 1:63265 <-> OS-WINDOWS Microsoft Windows DHCP Server denial-of-service attempt * 3:63272 <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2024-1964 attack attempt * 3:63273 <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2024-1964 attack attempt * 3:63278 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2024-1962 attack attempt
* 1:13617 <-> SERVER-ORACLE Oracle database version 8 username buffer overflow attempt * 1:13618 <-> SERVER-ORACLE Oracle database version 9 username buffer overflow attempt * 1:13719 <-> SERVER-ORACLE database username buffer overflow * 1:57631 <-> PUA-OTHER WeChat User-Agent string - MicroMessenger * 1:57632 <-> PUA-OTHER Known unwanted User-Agent string - LieBaoFast * 1:57633 <-> PUA-OTHER Known unwanted User-Agent string - Mb2345Browser * 1:57634 <-> PUA-OTHER Known unwanted User-Agent string - PetalBot
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.4.0.
The format of the file is:
gid:sid <-> Message
* 1:300873 <-> OS-WINDOWS Microsoft Install Service elevation of privilege attempt * 1:300874 <-> OS-WINDOWS Microsoft Windows Remote Access Connection Manager elevation of privilege attempt * 1:300875 <-> MALWARE-OTHER Win.Ransomware.Buhti variant binary download attempt * 1:300876 <-> MALWARE-OTHER Win.Ransomware.Buhti variant binary download attempt * 1:300877 <-> OS-WINDOWS Microsoft Windows Local Security Authority Subsystem Service information disclosure attempt * 1:300878 <-> OS-WINDOWS Microsoft Windows kernel escalation of privilege attempt * 1:300879 <-> OS-WINDOWS Microsoft Windows Telephony Server escalation of privilege attempt * 1:300880 <-> OS-WINDOWS Microsoft Windows Proxy Driver spoofing attempt * 1:300881 <-> OS-WINDOWS Microsoft Windows Explorer privilege escalation attempt * 1:300882 <-> MALWARE-OTHER Unix.Malware.AcidPour download attempt * 1:63253 <-> SERVER-WEBAPP Fortra FileCatalyst directory traversal attempt * 1:63262 <-> SERVER-WEBAPP Ivanti Endpoint Manager remote code execution attempt * 1:63265 <-> OS-WINDOWS Microsoft Windows DHCP Server denial-of-service attempt * 3:63272 <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2024-1964 attack attempt * 3:63273 <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2024-1964 attack attempt * 3:63278 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2024-1962 attack attempt
* 1:13617 <-> SERVER-ORACLE Oracle database version 8 username buffer overflow attempt * 1:13618 <-> SERVER-ORACLE Oracle database version 9 username buffer overflow attempt * 1:13719 <-> SERVER-ORACLE database username buffer overflow * 1:57631 <-> PUA-OTHER WeChat User-Agent string - MicroMessenger * 1:57632 <-> PUA-OTHER Known unwanted User-Agent string - LieBaoFast * 1:57633 <-> PUA-OTHER Known unwanted User-Agent string - Mb2345Browser * 1:57634 <-> PUA-OTHER Known unwanted User-Agent string - PetalBot
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.5.0.
The format of the file is:
gid:sid <-> Message
* 1:300873 <-> OS-WINDOWS Microsoft Install Service elevation of privilege attempt * 1:300874 <-> OS-WINDOWS Microsoft Windows Remote Access Connection Manager elevation of privilege attempt * 1:300875 <-> MALWARE-OTHER Win.Ransomware.Buhti variant binary download attempt * 1:300876 <-> MALWARE-OTHER Win.Ransomware.Buhti variant binary download attempt * 1:300877 <-> OS-WINDOWS Microsoft Windows Local Security Authority Subsystem Service information disclosure attempt * 1:300878 <-> OS-WINDOWS Microsoft Windows kernel escalation of privilege attempt * 1:300879 <-> OS-WINDOWS Microsoft Windows Telephony Server escalation of privilege attempt * 1:300880 <-> OS-WINDOWS Microsoft Windows Proxy Driver spoofing attempt * 1:300881 <-> OS-WINDOWS Microsoft Windows Explorer privilege escalation attempt * 1:300882 <-> MALWARE-OTHER Unix.Malware.AcidPour download attempt * 1:63253 <-> SERVER-WEBAPP Fortra FileCatalyst directory traversal attempt * 1:63262 <-> SERVER-WEBAPP Ivanti Endpoint Manager remote code execution attempt * 1:63265 <-> OS-WINDOWS Microsoft Windows DHCP Server denial-of-service attempt * 3:63272 <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2024-1964 attack attempt * 3:63273 <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2024-1964 attack attempt * 3:63278 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2024-1962 attack attempt
* 1:13617 <-> SERVER-ORACLE Oracle database version 8 username buffer overflow attempt * 1:13618 <-> SERVER-ORACLE Oracle database version 9 username buffer overflow attempt * 1:13719 <-> SERVER-ORACLE database username buffer overflow * 1:57631 <-> PUA-OTHER WeChat User-Agent string - MicroMessenger * 1:57632 <-> PUA-OTHER Known unwanted User-Agent string - LieBaoFast * 1:57633 <-> PUA-OTHER Known unwanted User-Agent string - Mb2345Browser * 1:57634 <-> PUA-OTHER Known unwanted User-Agent string - PetalBot
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.7.0.
The format of the file is:
gid:sid <-> Message
* 1:300873 <-> OS-WINDOWS Microsoft Install Service elevation of privilege attempt * 1:300874 <-> OS-WINDOWS Microsoft Windows Remote Access Connection Manager elevation of privilege attempt * 1:300875 <-> MALWARE-OTHER Win.Ransomware.Buhti variant binary download attempt * 1:300876 <-> MALWARE-OTHER Win.Ransomware.Buhti variant binary download attempt * 1:300877 <-> OS-WINDOWS Microsoft Windows Local Security Authority Subsystem Service information disclosure attempt * 1:300878 <-> OS-WINDOWS Microsoft Windows kernel escalation of privilege attempt * 1:300879 <-> OS-WINDOWS Microsoft Windows Telephony Server escalation of privilege attempt * 1:300880 <-> OS-WINDOWS Microsoft Windows Proxy Driver spoofing attempt * 1:300881 <-> OS-WINDOWS Microsoft Windows Explorer privilege escalation attempt * 1:300882 <-> MALWARE-OTHER Unix.Malware.AcidPour download attempt * 1:63253 <-> SERVER-WEBAPP Fortra FileCatalyst directory traversal attempt * 1:63262 <-> SERVER-WEBAPP Ivanti Endpoint Manager remote code execution attempt * 1:63265 <-> OS-WINDOWS Microsoft Windows DHCP Server denial-of-service attempt * 3:63272 <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2024-1964 attack attempt * 3:63273 <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2024-1964 attack attempt * 3:63278 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2024-1962 attack attempt
* 1:13617 <-> SERVER-ORACLE Oracle database version 8 username buffer overflow attempt * 1:13618 <-> SERVER-ORACLE Oracle database version 9 username buffer overflow attempt * 1:13719 <-> SERVER-ORACLE database username buffer overflow * 1:57631 <-> PUA-OTHER WeChat User-Agent string - MicroMessenger * 1:57632 <-> PUA-OTHER Known unwanted User-Agent string - LieBaoFast * 1:57633 <-> PUA-OTHER Known unwanted User-Agent string - Mb2345Browser * 1:57634 <-> PUA-OTHER Known unwanted User-Agent string - PetalBot
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.9.0.
The format of the file is:
gid:sid <-> Message
* 1:300873 <-> OS-WINDOWS Microsoft Install Service elevation of privilege attempt * 1:300874 <-> OS-WINDOWS Microsoft Windows Remote Access Connection Manager elevation of privilege attempt * 1:300875 <-> MALWARE-OTHER Win.Ransomware.Buhti variant binary download attempt * 1:300876 <-> MALWARE-OTHER Win.Ransomware.Buhti variant binary download attempt * 1:300877 <-> OS-WINDOWS Microsoft Windows Local Security Authority Subsystem Service information disclosure attempt * 1:300878 <-> OS-WINDOWS Microsoft Windows kernel escalation of privilege attempt * 1:300879 <-> OS-WINDOWS Microsoft Windows Telephony Server escalation of privilege attempt * 1:300880 <-> OS-WINDOWS Microsoft Windows Proxy Driver spoofing attempt * 1:300881 <-> OS-WINDOWS Microsoft Windows Explorer privilege escalation attempt * 1:300882 <-> MALWARE-OTHER Unix.Malware.AcidPour download attempt * 1:63253 <-> SERVER-WEBAPP Fortra FileCatalyst directory traversal attempt * 1:63262 <-> SERVER-WEBAPP Ivanti Endpoint Manager remote code execution attempt * 1:63265 <-> OS-WINDOWS Microsoft Windows DHCP Server denial-of-service attempt * 3:63272 <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2024-1964 attack attempt * 3:63273 <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2024-1964 attack attempt * 3:63278 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2024-1962 attack attempt
* 1:13617 <-> SERVER-ORACLE Oracle database version 8 username buffer overflow attempt * 1:13618 <-> SERVER-ORACLE Oracle database version 9 username buffer overflow attempt * 1:13719 <-> SERVER-ORACLE database username buffer overflow * 1:57631 <-> PUA-OTHER WeChat User-Agent string - MicroMessenger * 1:57632 <-> PUA-OTHER Known unwanted User-Agent string - LieBaoFast * 1:57633 <-> PUA-OTHER Known unwanted User-Agent string - Mb2345Browser * 1:57634 <-> PUA-OTHER Known unwanted User-Agent string - PetalBot
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.11.0.
The format of the file is:
gid:sid <-> Message
* 1:300873 <-> OS-WINDOWS Microsoft Install Service elevation of privilege attempt * 1:300874 <-> OS-WINDOWS Microsoft Windows Remote Access Connection Manager elevation of privilege attempt * 1:300875 <-> MALWARE-OTHER Win.Ransomware.Buhti variant binary download attempt * 1:300876 <-> MALWARE-OTHER Win.Ransomware.Buhti variant binary download attempt * 1:300877 <-> OS-WINDOWS Microsoft Windows Local Security Authority Subsystem Service information disclosure attempt * 1:300878 <-> OS-WINDOWS Microsoft Windows kernel escalation of privilege attempt * 1:300879 <-> OS-WINDOWS Microsoft Windows Telephony Server escalation of privilege attempt * 1:300880 <-> OS-WINDOWS Microsoft Windows Proxy Driver spoofing attempt * 1:300881 <-> OS-WINDOWS Microsoft Windows Explorer privilege escalation attempt * 1:300882 <-> MALWARE-OTHER Unix.Malware.AcidPour download attempt * 1:63253 <-> SERVER-WEBAPP Fortra FileCatalyst directory traversal attempt * 1:63262 <-> SERVER-WEBAPP Ivanti Endpoint Manager remote code execution attempt * 1:63265 <-> OS-WINDOWS Microsoft Windows DHCP Server denial-of-service attempt * 3:63272 <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2024-1964 attack attempt * 3:63273 <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2024-1964 attack attempt * 3:63278 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2024-1962 attack attempt
* 1:13617 <-> SERVER-ORACLE Oracle database version 8 username buffer overflow attempt * 1:13618 <-> SERVER-ORACLE Oracle database version 9 username buffer overflow attempt * 1:13719 <-> SERVER-ORACLE database username buffer overflow * 1:57631 <-> PUA-OTHER WeChat User-Agent string - MicroMessenger * 1:57632 <-> PUA-OTHER Known unwanted User-Agent string - LieBaoFast * 1:57633 <-> PUA-OTHER Known unwanted User-Agent string - Mb2345Browser * 1:57634 <-> PUA-OTHER Known unwanted User-Agent string - PetalBot
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.15.0.
The format of the file is:
gid:sid <-> Message
* 1:300873 <-> OS-WINDOWS Microsoft Install Service elevation of privilege attempt * 1:300874 <-> OS-WINDOWS Microsoft Windows Remote Access Connection Manager elevation of privilege attempt * 1:300875 <-> MALWARE-OTHER Win.Ransomware.Buhti variant binary download attempt * 1:300876 <-> MALWARE-OTHER Win.Ransomware.Buhti variant binary download attempt * 1:300877 <-> OS-WINDOWS Microsoft Windows Local Security Authority Subsystem Service information disclosure attempt * 1:300878 <-> OS-WINDOWS Microsoft Windows kernel escalation of privilege attempt * 1:300879 <-> OS-WINDOWS Microsoft Windows Telephony Server escalation of privilege attempt * 1:300880 <-> OS-WINDOWS Microsoft Windows Proxy Driver spoofing attempt * 1:300881 <-> OS-WINDOWS Microsoft Windows Explorer privilege escalation attempt * 1:300882 <-> MALWARE-OTHER Unix.Malware.AcidPour download attempt * 1:63253 <-> SERVER-WEBAPP Fortra FileCatalyst directory traversal attempt * 1:63262 <-> SERVER-WEBAPP Ivanti Endpoint Manager remote code execution attempt * 1:63265 <-> OS-WINDOWS Microsoft Windows DHCP Server denial-of-service attempt * 3:63272 <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2024-1964 attack attempt * 3:63273 <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2024-1964 attack attempt * 3:63278 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2024-1962 attack attempt
* 1:13617 <-> SERVER-ORACLE Oracle database version 8 username buffer overflow attempt * 1:13618 <-> SERVER-ORACLE Oracle database version 9 username buffer overflow attempt * 1:13719 <-> SERVER-ORACLE database username buffer overflow * 1:57631 <-> PUA-OTHER WeChat User-Agent string - MicroMessenger * 1:57632 <-> PUA-OTHER Known unwanted User-Agent string - LieBaoFast * 1:57633 <-> PUA-OTHER Known unwanted User-Agent string - Mb2345Browser * 1:57634 <-> PUA-OTHER Known unwanted User-Agent string - PetalBot
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.18.0.
The format of the file is:
gid:sid <-> Message
* 1:300873 <-> OS-WINDOWS Microsoft Install Service elevation of privilege attempt * 1:300874 <-> OS-WINDOWS Microsoft Windows Remote Access Connection Manager elevation of privilege attempt * 1:300875 <-> MALWARE-OTHER Win.Ransomware.Buhti variant binary download attempt * 1:300876 <-> MALWARE-OTHER Win.Ransomware.Buhti variant binary download attempt * 1:300877 <-> OS-WINDOWS Microsoft Windows Local Security Authority Subsystem Service information disclosure attempt * 1:300878 <-> OS-WINDOWS Microsoft Windows kernel escalation of privilege attempt * 1:300879 <-> OS-WINDOWS Microsoft Windows Telephony Server escalation of privilege attempt * 1:300880 <-> OS-WINDOWS Microsoft Windows Proxy Driver spoofing attempt * 1:300881 <-> OS-WINDOWS Microsoft Windows Explorer privilege escalation attempt * 1:300882 <-> MALWARE-OTHER Unix.Malware.AcidPour download attempt * 1:63253 <-> SERVER-WEBAPP Fortra FileCatalyst directory traversal attempt * 1:63262 <-> SERVER-WEBAPP Ivanti Endpoint Manager remote code execution attempt * 1:63265 <-> OS-WINDOWS Microsoft Windows DHCP Server denial-of-service attempt * 3:63272 <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2024-1964 attack attempt * 3:63273 <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2024-1964 attack attempt * 3:63278 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2024-1962 attack attempt
* 1:13617 <-> SERVER-ORACLE Oracle database version 8 username buffer overflow attempt * 1:13618 <-> SERVER-ORACLE Oracle database version 9 username buffer overflow attempt * 1:13719 <-> SERVER-ORACLE database username buffer overflow * 1:57631 <-> PUA-OTHER WeChat User-Agent string - MicroMessenger * 1:57632 <-> PUA-OTHER Known unwanted User-Agent string - LieBaoFast * 1:57633 <-> PUA-OTHER Known unwanted User-Agent string - Mb2345Browser * 1:57634 <-> PUA-OTHER Known unwanted User-Agent string - PetalBot
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.20.0.
The format of the file is:
gid:sid <-> Message
* 1:300873 <-> OS-WINDOWS Microsoft Install Service elevation of privilege attempt * 1:300874 <-> OS-WINDOWS Microsoft Windows Remote Access Connection Manager elevation of privilege attempt * 1:300875 <-> MALWARE-OTHER Win.Ransomware.Buhti variant binary download attempt * 1:300876 <-> MALWARE-OTHER Win.Ransomware.Buhti variant binary download attempt * 1:300877 <-> OS-WINDOWS Microsoft Windows Local Security Authority Subsystem Service information disclosure attempt * 1:300878 <-> OS-WINDOWS Microsoft Windows kernel escalation of privilege attempt * 1:300879 <-> OS-WINDOWS Microsoft Windows Telephony Server escalation of privilege attempt * 1:300880 <-> OS-WINDOWS Microsoft Windows Proxy Driver spoofing attempt * 1:300881 <-> OS-WINDOWS Microsoft Windows Explorer privilege escalation attempt * 1:300882 <-> MALWARE-OTHER Unix.Malware.AcidPour download attempt * 1:63253 <-> SERVER-WEBAPP Fortra FileCatalyst directory traversal attempt * 1:63262 <-> SERVER-WEBAPP Ivanti Endpoint Manager remote code execution attempt * 1:63265 <-> OS-WINDOWS Microsoft Windows DHCP Server denial-of-service attempt * 3:63272 <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2024-1964 attack attempt * 3:63273 <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2024-1964 attack attempt * 3:63278 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2024-1962 attack attempt
* 1:13617 <-> SERVER-ORACLE Oracle database version 8 username buffer overflow attempt * 1:13618 <-> SERVER-ORACLE Oracle database version 9 username buffer overflow attempt * 1:13719 <-> SERVER-ORACLE database username buffer overflow * 1:57631 <-> PUA-OTHER WeChat User-Agent string - MicroMessenger * 1:57632 <-> PUA-OTHER Known unwanted User-Agent string - LieBaoFast * 1:57633 <-> PUA-OTHER Known unwanted User-Agent string - Mb2345Browser * 1:57634 <-> PUA-OTHER Known unwanted User-Agent string - PetalBot
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.21.0.
The format of the file is:
gid:sid <-> Message
* 1:300873 <-> OS-WINDOWS Microsoft Install Service elevation of privilege attempt * 1:300874 <-> OS-WINDOWS Microsoft Windows Remote Access Connection Manager elevation of privilege attempt * 1:300875 <-> MALWARE-OTHER Win.Ransomware.Buhti variant binary download attempt * 1:300876 <-> MALWARE-OTHER Win.Ransomware.Buhti variant binary download attempt * 1:300877 <-> OS-WINDOWS Microsoft Windows Local Security Authority Subsystem Service information disclosure attempt * 1:300878 <-> OS-WINDOWS Microsoft Windows kernel escalation of privilege attempt * 1:300879 <-> OS-WINDOWS Microsoft Windows Telephony Server escalation of privilege attempt * 1:300880 <-> OS-WINDOWS Microsoft Windows Proxy Driver spoofing attempt * 1:300881 <-> OS-WINDOWS Microsoft Windows Explorer privilege escalation attempt * 1:300882 <-> MALWARE-OTHER Unix.Malware.AcidPour download attempt * 1:63253 <-> SERVER-WEBAPP Fortra FileCatalyst directory traversal attempt * 1:63262 <-> SERVER-WEBAPP Ivanti Endpoint Manager remote code execution attempt * 1:63265 <-> OS-WINDOWS Microsoft Windows DHCP Server denial-of-service attempt * 3:63272 <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2024-1964 attack attempt * 3:63273 <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2024-1964 attack attempt * 3:63278 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2024-1962 attack attempt
* 1:13617 <-> SERVER-ORACLE Oracle database version 8 username buffer overflow attempt * 1:13618 <-> SERVER-ORACLE Oracle database version 9 username buffer overflow attempt * 1:13719 <-> SERVER-ORACLE database username buffer overflow * 1:57631 <-> PUA-OTHER WeChat User-Agent string - MicroMessenger * 1:57632 <-> PUA-OTHER Known unwanted User-Agent string - LieBaoFast * 1:57633 <-> PUA-OTHER Known unwanted User-Agent string - Mb2345Browser * 1:57634 <-> PUA-OTHER Known unwanted User-Agent string - PetalBot
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.35.0.
The format of the file is:
gid:sid <-> Message
* 1:300873 <-> OS-WINDOWS Microsoft Install Service elevation of privilege attempt * 1:300874 <-> OS-WINDOWS Microsoft Windows Remote Access Connection Manager elevation of privilege attempt * 1:300875 <-> MALWARE-OTHER Win.Ransomware.Buhti variant binary download attempt * 1:300876 <-> MALWARE-OTHER Win.Ransomware.Buhti variant binary download attempt * 1:300877 <-> OS-WINDOWS Microsoft Windows Local Security Authority Subsystem Service information disclosure attempt * 1:300878 <-> OS-WINDOWS Microsoft Windows kernel escalation of privilege attempt * 1:300879 <-> OS-WINDOWS Microsoft Windows Telephony Server escalation of privilege attempt * 1:300880 <-> OS-WINDOWS Microsoft Windows Proxy Driver spoofing attempt * 1:300881 <-> OS-WINDOWS Microsoft Windows Explorer privilege escalation attempt * 1:300882 <-> MALWARE-OTHER Unix.Malware.AcidPour download attempt * 1:63253 <-> SERVER-WEBAPP Fortra FileCatalyst directory traversal attempt * 1:63262 <-> SERVER-WEBAPP Ivanti Endpoint Manager remote code execution attempt * 1:63265 <-> OS-WINDOWS Microsoft Windows DHCP Server denial-of-service attempt * 3:63272 <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2024-1964 attack attempt * 3:63273 <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2024-1964 attack attempt * 3:63278 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2024-1962 attack attempt
* 1:13617 <-> SERVER-ORACLE Oracle database version 8 username buffer overflow attempt * 1:13618 <-> SERVER-ORACLE Oracle database version 9 username buffer overflow attempt * 1:13719 <-> SERVER-ORACLE database username buffer overflow * 1:57631 <-> PUA-OTHER WeChat User-Agent string - MicroMessenger * 1:57632 <-> PUA-OTHER Known unwanted User-Agent string - LieBaoFast * 1:57633 <-> PUA-OTHER Known unwanted User-Agent string - Mb2345Browser * 1:57634 <-> PUA-OTHER Known unwanted User-Agent string - PetalBot
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.44.0.
The format of the file is:
gid:sid <-> Message
* 1:300873 <-> OS-WINDOWS Microsoft Install Service elevation of privilege attempt * 1:300874 <-> OS-WINDOWS Microsoft Windows Remote Access Connection Manager elevation of privilege attempt * 1:300875 <-> MALWARE-OTHER Win.Ransomware.Buhti variant binary download attempt * 1:300876 <-> MALWARE-OTHER Win.Ransomware.Buhti variant binary download attempt * 1:300877 <-> OS-WINDOWS Microsoft Windows Local Security Authority Subsystem Service information disclosure attempt * 1:300878 <-> OS-WINDOWS Microsoft Windows kernel escalation of privilege attempt * 1:300879 <-> OS-WINDOWS Microsoft Windows Telephony Server escalation of privilege attempt * 1:300880 <-> OS-WINDOWS Microsoft Windows Proxy Driver spoofing attempt * 1:300881 <-> OS-WINDOWS Microsoft Windows Explorer privilege escalation attempt * 1:300882 <-> MALWARE-OTHER Unix.Malware.AcidPour download attempt * 1:63253 <-> SERVER-WEBAPP Fortra FileCatalyst directory traversal attempt * 1:63262 <-> SERVER-WEBAPP Ivanti Endpoint Manager remote code execution attempt * 1:63265 <-> OS-WINDOWS Microsoft Windows DHCP Server denial-of-service attempt * 3:63272 <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2024-1964 attack attempt * 3:63273 <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2024-1964 attack attempt * 3:63278 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2024-1962 attack attempt
* 1:13617 <-> SERVER-ORACLE Oracle database version 8 username buffer overflow attempt * 1:13618 <-> SERVER-ORACLE Oracle database version 9 username buffer overflow attempt * 1:13719 <-> SERVER-ORACLE database username buffer overflow * 1:57631 <-> PUA-OTHER WeChat User-Agent string - MicroMessenger * 1:57632 <-> PUA-OTHER Known unwanted User-Agent string - LieBaoFast * 1:57633 <-> PUA-OTHER Known unwanted User-Agent string - Mb2345Browser * 1:57634 <-> PUA-OTHER Known unwanted User-Agent string - PetalBot
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.47.0.
The format of the file is:
gid:sid <-> Message
* 1:300873 <-> OS-WINDOWS Microsoft Install Service elevation of privilege attempt * 1:300874 <-> OS-WINDOWS Microsoft Windows Remote Access Connection Manager elevation of privilege attempt * 1:300875 <-> MALWARE-OTHER Win.Ransomware.Buhti variant binary download attempt * 1:300876 <-> MALWARE-OTHER Win.Ransomware.Buhti variant binary download attempt * 1:300877 <-> OS-WINDOWS Microsoft Windows Local Security Authority Subsystem Service information disclosure attempt * 1:300878 <-> OS-WINDOWS Microsoft Windows kernel escalation of privilege attempt * 1:300879 <-> OS-WINDOWS Microsoft Windows Telephony Server escalation of privilege attempt * 1:300880 <-> OS-WINDOWS Microsoft Windows Proxy Driver spoofing attempt * 1:300881 <-> OS-WINDOWS Microsoft Windows Explorer privilege escalation attempt * 1:300882 <-> MALWARE-OTHER Unix.Malware.AcidPour download attempt * 1:63253 <-> SERVER-WEBAPP Fortra FileCatalyst directory traversal attempt * 1:63262 <-> SERVER-WEBAPP Ivanti Endpoint Manager remote code execution attempt * 1:63265 <-> OS-WINDOWS Microsoft Windows DHCP Server denial-of-service attempt * 3:63272 <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2024-1964 attack attempt * 3:63273 <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2024-1964 attack attempt * 3:63278 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2024-1962 attack attempt
* 1:13617 <-> SERVER-ORACLE Oracle database version 8 username buffer overflow attempt * 1:13618 <-> SERVER-ORACLE Oracle database version 9 username buffer overflow attempt * 1:13719 <-> SERVER-ORACLE database username buffer overflow * 1:57631 <-> PUA-OTHER WeChat User-Agent string - MicroMessenger * 1:57632 <-> PUA-OTHER Known unwanted User-Agent string - LieBaoFast * 1:57633 <-> PUA-OTHER Known unwanted User-Agent string - Mb2345Browser * 1:57634 <-> PUA-OTHER Known unwanted User-Agent string - PetalBot