Snort - Network Intrusion Detection & Prevention System

Talos Rules 2025-03-04

This release adds and modifies rules in several categories.

Talos has added and modified multiple rules in the file-image, file-multimedia, file-office, indicator-obfuscation, malware-cnc, malware-other and server-webapp rule sets to provide coverage for emerging threats from these technologies.

For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.

Change logs

29200

2025-03-04 14:23:07 UTC

Snort Subscriber Rules Update

Date: 2025-03-04

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2092000.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:64622 <-> DISABLED <-> INDICATOR-OBFUSCATION JavaScript exploit obfuscation attempt (indicator-obfuscation.rules)
 * 1:64623 <-> DISABLED <-> FILE-OFFICE Microsoft Outlook nested S/MIME messages memory corruption attempt (file-office.rules)
 * 1:64624 <-> DISABLED <-> MALWARE-CNC Win.Trojan.I2PRAT variant outbound connection attempt (malware-cnc.rules)
 * 1:64625 <-> DISABLED <-> FILE-OFFICE Delta Electronics DOPSoft 2 input validation bypass attempt (file-office.rules)
 * 1:64626 <-> DISABLED <-> FILE-OFFICE Delta Electronics DOPSoft 2 input validation bypass attempt (file-office.rules)
 * 1:64627 <-> ENABLED <-> SERVER-WEBAPP Ivanti Cloud Services Appliance SQL injection attempt (server-webapp.rules)
 * 1:64628 <-> ENABLED <-> SERVER-WEBAPP Ivanti Cloud Services Appliance SQL injection attempt (server-webapp.rules)
 * 1:64629 <-> ENABLED <-> SERVER-WEBAPP Ivanti Cloud Services Appliance SQL injection attempt (server-webapp.rules)
 * 1:64630 <-> DISABLED <-> MALWARE-OTHER Ps1.Loader.Agent variant download attempt (malware-other.rules)
 * 1:64631 <-> DISABLED <-> MALWARE-OTHER Ps1.Loader.Agent variant download attempt (malware-other.rules)
 * 1:64632 <-> DISABLED <-> MALWARE-OTHER Ps1.Loader.Agent variant download attempt (malware-other.rules)
 * 1:64633 <-> DISABLED <-> MALWARE-OTHER Ps1.Loader.Agent variant download attempt (malware-other.rules)
 * 3:64634 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2024-2063 attack attempt (file-multimedia.rules)
 * 3:64635 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2024-2063 attack attempt (file-multimedia.rules)

Modified Rules:


 * 1:62789 <-> ENABLED <-> SERVER-WEBAPP Apache Struts file upload directory traversal attempt (server-webapp.rules)
 * 1:58241 <-> DISABLED <-> SERVER-OTHER OpenSSL TLS large handshake out of bounds read attempt (server-other.rules)
 * 1:58240 <-> DISABLED <-> SERVER-OTHER OpenSSL TLS large handshake out of bounds read attempt (server-other.rules)
 * 1:59715 <-> DISABLED <-> FILE-IMAGE Directshow GIF logical height overflow attempt (file-image.rules)
 * 1:59716 <-> DISABLED <-> FILE-IMAGE Directshow GIF logical width overflow attempt (file-image.rules)
 * 1:59717 <-> DISABLED <-> FILE-IMAGE Directshow GIF logical width overflow attempt (file-image.rules)
 * 1:58239 <-> DISABLED <-> SERVER-OTHER OpenSSL TLS large handshake out of bounds read attempt (server-other.rules)
 * 1:59714 <-> DISABLED <-> FILE-IMAGE Directshow GIF logical height overflow attempt (file-image.rules)

29190

2025-03-04 14:23:07 UTC

Snort Subscriber Rules Update

Date: 2025-03-04

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2091900.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:64632 <-> DISABLED <-> MALWARE-OTHER Ps1.Loader.Agent variant download attempt (malware-other.rules)
 * 1:64633 <-> DISABLED <-> MALWARE-OTHER Ps1.Loader.Agent variant download attempt (malware-other.rules)
 * 1:64629 <-> ENABLED <-> SERVER-WEBAPP Ivanti Cloud Services Appliance SQL injection attempt (server-webapp.rules)
 * 1:64627 <-> ENABLED <-> SERVER-WEBAPP Ivanti Cloud Services Appliance SQL injection attempt (server-webapp.rules)
 * 1:64631 <-> DISABLED <-> MALWARE-OTHER Ps1.Loader.Agent variant download attempt (malware-other.rules)
 * 1:64626 <-> DISABLED <-> FILE-OFFICE Delta Electronics DOPSoft 2 input validation bypass attempt (file-office.rules)
 * 1:64630 <-> DISABLED <-> MALWARE-OTHER Ps1.Loader.Agent variant download attempt (malware-other.rules)
 * 1:64623 <-> DISABLED <-> FILE-OFFICE Microsoft Outlook nested S/MIME messages memory corruption attempt (file-office.rules)
 * 1:64624 <-> DISABLED <-> MALWARE-CNC Win.Trojan.I2PRAT variant outbound connection attempt (malware-cnc.rules)
 * 1:64622 <-> DISABLED <-> INDICATOR-OBFUSCATION JavaScript exploit obfuscation attempt (indicator-obfuscation.rules)
 * 1:64628 <-> ENABLED <-> SERVER-WEBAPP Ivanti Cloud Services Appliance SQL injection attempt (server-webapp.rules)
 * 1:64625 <-> DISABLED <-> FILE-OFFICE Delta Electronics DOPSoft 2 input validation bypass attempt (file-office.rules)
 * 3:64634 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2024-2063 attack attempt (file-multimedia.rules)
 * 3:64635 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2024-2063 attack attempt (file-multimedia.rules)

Modified Rules:


 * 1:58241 <-> DISABLED <-> SERVER-OTHER OpenSSL TLS large handshake out of bounds read attempt (server-other.rules)
 * 1:62789 <-> ENABLED <-> SERVER-WEBAPP Apache Struts file upload directory traversal attempt (server-webapp.rules)
 * 1:59716 <-> DISABLED <-> FILE-IMAGE Directshow GIF logical width overflow attempt (file-image.rules)
 * 1:59717 <-> DISABLED <-> FILE-IMAGE Directshow GIF logical width overflow attempt (file-image.rules)
 * 1:59715 <-> DISABLED <-> FILE-IMAGE Directshow GIF logical height overflow attempt (file-image.rules)
 * 1:58239 <-> DISABLED <-> SERVER-OTHER OpenSSL TLS large handshake out of bounds read attempt (server-other.rules)
 * 1:58240 <-> DISABLED <-> SERVER-OTHER OpenSSL TLS large handshake out of bounds read attempt (server-other.rules)
 * 1:59714 <-> DISABLED <-> FILE-IMAGE Directshow GIF logical height overflow attempt (file-image.rules)

29181

2025-03-04 14:23:07 UTC

Snort Subscriber Rules Update

Date: 2025-03-04

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2091801.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:64625 <-> DISABLED <-> FILE-OFFICE Delta Electronics DOPSoft 2 input validation bypass attempt (file-office.rules)
 * 1:64630 <-> DISABLED <-> MALWARE-OTHER Ps1.Loader.Agent variant download attempt (malware-other.rules)
 * 1:64628 <-> ENABLED <-> SERVER-WEBAPP Ivanti Cloud Services Appliance SQL injection attempt (server-webapp.rules)
 * 1:64631 <-> DISABLED <-> MALWARE-OTHER Ps1.Loader.Agent variant download attempt (malware-other.rules)
 * 1:64624 <-> DISABLED <-> MALWARE-CNC Win.Trojan.I2PRAT variant outbound connection attempt (malware-cnc.rules)
 * 1:64629 <-> ENABLED <-> SERVER-WEBAPP Ivanti Cloud Services Appliance SQL injection attempt (server-webapp.rules)
 * 1:64632 <-> DISABLED <-> MALWARE-OTHER Ps1.Loader.Agent variant download attempt (malware-other.rules)
 * 1:64623 <-> DISABLED <-> FILE-OFFICE Microsoft Outlook nested S/MIME messages memory corruption attempt (file-office.rules)
 * 1:64626 <-> DISABLED <-> FILE-OFFICE Delta Electronics DOPSoft 2 input validation bypass attempt (file-office.rules)
 * 1:64633 <-> DISABLED <-> MALWARE-OTHER Ps1.Loader.Agent variant download attempt (malware-other.rules)
 * 1:64627 <-> ENABLED <-> SERVER-WEBAPP Ivanti Cloud Services Appliance SQL injection attempt (server-webapp.rules)
 * 1:64622 <-> DISABLED <-> INDICATOR-OBFUSCATION JavaScript exploit obfuscation attempt (indicator-obfuscation.rules)
 * 3:64635 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2024-2063 attack attempt (file-multimedia.rules)
 * 3:64634 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2024-2063 attack attempt (file-multimedia.rules)

Modified Rules:


 * 1:62789 <-> ENABLED <-> SERVER-WEBAPP Apache Struts file upload directory traversal attempt (server-webapp.rules)
 * 1:59717 <-> DISABLED <-> FILE-IMAGE Directshow GIF logical width overflow attempt (file-image.rules)
 * 1:58241 <-> DISABLED <-> SERVER-OTHER OpenSSL TLS large handshake out of bounds read attempt (server-other.rules)
 * 1:59715 <-> DISABLED <-> FILE-IMAGE Directshow GIF logical height overflow attempt (file-image.rules)
 * 1:59716 <-> DISABLED <-> FILE-IMAGE Directshow GIF logical width overflow attempt (file-image.rules)
 * 1:58240 <-> DISABLED <-> SERVER-OTHER OpenSSL TLS large handshake out of bounds read attempt (server-other.rules)
 * 1:59714 <-> DISABLED <-> FILE-IMAGE Directshow GIF logical height overflow attempt (file-image.rules)
 * 1:58239 <-> DISABLED <-> SERVER-OTHER OpenSSL TLS large handshake out of bounds read attempt (server-other.rules)

29171

2025-03-04 14:23:07 UTC

Snort Subscriber Rules Update

Date: 2025-03-04

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2091701.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:64627 <-> ENABLED <-> SERVER-WEBAPP Ivanti Cloud Services Appliance SQL injection attempt (server-webapp.rules)
 * 1:64629 <-> ENABLED <-> SERVER-WEBAPP Ivanti Cloud Services Appliance SQL injection attempt (server-webapp.rules)
 * 1:64632 <-> DISABLED <-> MALWARE-OTHER Ps1.Loader.Agent variant download attempt (malware-other.rules)
 * 1:64625 <-> DISABLED <-> FILE-OFFICE Delta Electronics DOPSoft 2 input validation bypass attempt (file-office.rules)
 * 1:64631 <-> DISABLED <-> MALWARE-OTHER Ps1.Loader.Agent variant download attempt (malware-other.rules)
 * 1:64626 <-> DISABLED <-> FILE-OFFICE Delta Electronics DOPSoft 2 input validation bypass attempt (file-office.rules)
 * 1:64628 <-> ENABLED <-> SERVER-WEBAPP Ivanti Cloud Services Appliance SQL injection attempt (server-webapp.rules)
 * 1:64624 <-> DISABLED <-> MALWARE-CNC Win.Trojan.I2PRAT variant outbound connection attempt (malware-cnc.rules)
 * 1:64633 <-> DISABLED <-> MALWARE-OTHER Ps1.Loader.Agent variant download attempt (malware-other.rules)
 * 1:64623 <-> DISABLED <-> FILE-OFFICE Microsoft Outlook nested S/MIME messages memory corruption attempt (file-office.rules)
 * 1:64630 <-> DISABLED <-> MALWARE-OTHER Ps1.Loader.Agent variant download attempt (malware-other.rules)
 * 1:64622 <-> DISABLED <-> INDICATOR-OBFUSCATION JavaScript exploit obfuscation attempt (indicator-obfuscation.rules)
 * 3:64635 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2024-2063 attack attempt (file-multimedia.rules)
 * 3:64634 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2024-2063 attack attempt (file-multimedia.rules)

Modified Rules:


 * 1:62789 <-> ENABLED <-> SERVER-WEBAPP Apache Struts file upload directory traversal attempt (server-webapp.rules)
 * 1:59716 <-> DISABLED <-> FILE-IMAGE Directshow GIF logical width overflow attempt (file-image.rules)
 * 1:59715 <-> DISABLED <-> FILE-IMAGE Directshow GIF logical height overflow attempt (file-image.rules)
 * 1:58240 <-> DISABLED <-> SERVER-OTHER OpenSSL TLS large handshake out of bounds read attempt (server-other.rules)
 * 1:58239 <-> DISABLED <-> SERVER-OTHER OpenSSL TLS large handshake out of bounds read attempt (server-other.rules)
 * 1:59714 <-> DISABLED <-> FILE-IMAGE Directshow GIF logical height overflow attempt (file-image.rules)
 * 1:58241 <-> DISABLED <-> SERVER-OTHER OpenSSL TLS large handshake out of bounds read attempt (server-other.rules)
 * 1:59717 <-> DISABLED <-> FILE-IMAGE Directshow GIF logical width overflow attempt (file-image.rules)

29170

2025-03-04 14:23:07 UTC

Snort Subscriber Rules Update

Date: 2025-03-04

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2091700.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:64633 <-> DISABLED <-> MALWARE-OTHER Ps1.Loader.Agent variant download attempt (malware-other.rules)
 * 1:64631 <-> DISABLED <-> MALWARE-OTHER Ps1.Loader.Agent variant download attempt (malware-other.rules)
 * 1:64628 <-> ENABLED <-> SERVER-WEBAPP Ivanti Cloud Services Appliance SQL injection attempt (server-webapp.rules)
 * 1:64629 <-> ENABLED <-> SERVER-WEBAPP Ivanti Cloud Services Appliance SQL injection attempt (server-webapp.rules)
 * 1:64630 <-> DISABLED <-> MALWARE-OTHER Ps1.Loader.Agent variant download attempt (malware-other.rules)
 * 1:64632 <-> DISABLED <-> MALWARE-OTHER Ps1.Loader.Agent variant download attempt (malware-other.rules)
 * 1:64622 <-> DISABLED <-> INDICATOR-OBFUSCATION JavaScript exploit obfuscation attempt (indicator-obfuscation.rules)
 * 1:64626 <-> DISABLED <-> FILE-OFFICE Delta Electronics DOPSoft 2 input validation bypass attempt (file-office.rules)
 * 1:64627 <-> ENABLED <-> SERVER-WEBAPP Ivanti Cloud Services Appliance SQL injection attempt (server-webapp.rules)
 * 1:64623 <-> DISABLED <-> FILE-OFFICE Microsoft Outlook nested S/MIME messages memory corruption attempt (file-office.rules)
 * 1:64624 <-> DISABLED <-> MALWARE-CNC Win.Trojan.I2PRAT variant outbound connection attempt (malware-cnc.rules)
 * 1:64625 <-> DISABLED <-> FILE-OFFICE Delta Electronics DOPSoft 2 input validation bypass attempt (file-office.rules)
 * 3:64634 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2024-2063 attack attempt (file-multimedia.rules)
 * 3:64635 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2024-2063 attack attempt (file-multimedia.rules)

Modified Rules:


 * 1:62789 <-> ENABLED <-> SERVER-WEBAPP Apache Struts file upload directory traversal attempt (server-webapp.rules)
 * 1:59716 <-> DISABLED <-> FILE-IMAGE Directshow GIF logical width overflow attempt (file-image.rules)
 * 1:59715 <-> DISABLED <-> FILE-IMAGE Directshow GIF logical height overflow attempt (file-image.rules)
 * 1:59714 <-> DISABLED <-> FILE-IMAGE Directshow GIF logical height overflow attempt (file-image.rules)
 * 1:59717 <-> DISABLED <-> FILE-IMAGE Directshow GIF logical width overflow attempt (file-image.rules)
 * 1:58240 <-> DISABLED <-> SERVER-OTHER OpenSSL TLS large handshake out of bounds read attempt (server-other.rules)
 * 1:58241 <-> DISABLED <-> SERVER-OTHER OpenSSL TLS large handshake out of bounds read attempt (server-other.rules)
 * 1:58239 <-> DISABLED <-> SERVER-OTHER OpenSSL TLS large handshake out of bounds read attempt (server-other.rules)

29161

2025-03-04 14:23:07 UTC

Snort Subscriber Rules Update

Date: 2025-03-04

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2091601.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:64627 <-> ENABLED <-> SERVER-WEBAPP Ivanti Cloud Services Appliance SQL injection attempt (server-webapp.rules)
 * 1:64628 <-> ENABLED <-> SERVER-WEBAPP Ivanti Cloud Services Appliance SQL injection attempt (server-webapp.rules)
 * 1:64629 <-> ENABLED <-> SERVER-WEBAPP Ivanti Cloud Services Appliance SQL injection attempt (server-webapp.rules)
 * 1:64631 <-> DISABLED <-> MALWARE-OTHER Ps1.Loader.Agent variant download attempt (malware-other.rules)
 * 1:64632 <-> DISABLED <-> MALWARE-OTHER Ps1.Loader.Agent variant download attempt (malware-other.rules)
 * 1:64626 <-> DISABLED <-> FILE-OFFICE Delta Electronics DOPSoft 2 input validation bypass attempt (file-office.rules)
 * 1:64622 <-> DISABLED <-> INDICATOR-OBFUSCATION JavaScript exploit obfuscation attempt (indicator-obfuscation.rules)
 * 1:64623 <-> DISABLED <-> FILE-OFFICE Microsoft Outlook nested S/MIME messages memory corruption attempt (file-office.rules)
 * 1:64624 <-> DISABLED <-> MALWARE-CNC Win.Trojan.I2PRAT variant outbound connection attempt (malware-cnc.rules)
 * 1:64625 <-> DISABLED <-> FILE-OFFICE Delta Electronics DOPSoft 2 input validation bypass attempt (file-office.rules)
 * 1:64633 <-> DISABLED <-> MALWARE-OTHER Ps1.Loader.Agent variant download attempt (malware-other.rules)
 * 1:64630 <-> DISABLED <-> MALWARE-OTHER Ps1.Loader.Agent variant download attempt (malware-other.rules)
 * 3:64635 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2024-2063 attack attempt (file-multimedia.rules)
 * 3:64634 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2024-2063 attack attempt (file-multimedia.rules)

Modified Rules:


 * 1:59717 <-> DISABLED <-> FILE-IMAGE Directshow GIF logical width overflow attempt (file-image.rules)
 * 1:59714 <-> DISABLED <-> FILE-IMAGE Directshow GIF logical height overflow attempt (file-image.rules)
 * 1:58239 <-> DISABLED <-> SERVER-OTHER OpenSSL TLS large handshake out of bounds read attempt (server-other.rules)
 * 1:62789 <-> ENABLED <-> SERVER-WEBAPP Apache Struts file upload directory traversal attempt (server-webapp.rules)
 * 1:59715 <-> DISABLED <-> FILE-IMAGE Directshow GIF logical height overflow attempt (file-image.rules)
 * 1:58240 <-> DISABLED <-> SERVER-OTHER OpenSSL TLS large handshake out of bounds read attempt (server-other.rules)
 * 1:58241 <-> DISABLED <-> SERVER-OTHER OpenSSL TLS large handshake out of bounds read attempt (server-other.rules)
 * 1:59716 <-> DISABLED <-> FILE-IMAGE Directshow GIF logical width overflow attempt (file-image.rules)

29160

2025-03-04 14:23:07 UTC

Snort Subscriber Rules Update

Date: 2025-03-04

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2091600.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:64631 <-> DISABLED <-> MALWARE-OTHER Ps1.Loader.Agent variant download attempt (malware-other.rules)
 * 1:64633 <-> DISABLED <-> MALWARE-OTHER Ps1.Loader.Agent variant download attempt (malware-other.rules)
 * 1:64623 <-> DISABLED <-> FILE-OFFICE Microsoft Outlook nested S/MIME messages memory corruption attempt (file-office.rules)
 * 1:64629 <-> ENABLED <-> SERVER-WEBAPP Ivanti Cloud Services Appliance SQL injection attempt (server-webapp.rules)
 * 1:64625 <-> DISABLED <-> FILE-OFFICE Delta Electronics DOPSoft 2 input validation bypass attempt (file-office.rules)
 * 1:64630 <-> DISABLED <-> MALWARE-OTHER Ps1.Loader.Agent variant download attempt (malware-other.rules)
 * 1:64626 <-> DISABLED <-> FILE-OFFICE Delta Electronics DOPSoft 2 input validation bypass attempt (file-office.rules)
 * 1:64622 <-> DISABLED <-> INDICATOR-OBFUSCATION JavaScript exploit obfuscation attempt (indicator-obfuscation.rules)
 * 1:64624 <-> DISABLED <-> MALWARE-CNC Win.Trojan.I2PRAT variant outbound connection attempt (malware-cnc.rules)
 * 1:64627 <-> ENABLED <-> SERVER-WEBAPP Ivanti Cloud Services Appliance SQL injection attempt (server-webapp.rules)
 * 1:64632 <-> DISABLED <-> MALWARE-OTHER Ps1.Loader.Agent variant download attempt (malware-other.rules)
 * 1:64628 <-> ENABLED <-> SERVER-WEBAPP Ivanti Cloud Services Appliance SQL injection attempt (server-webapp.rules)
 * 3:64635 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2024-2063 attack attempt (file-multimedia.rules)
 * 3:64634 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2024-2063 attack attempt (file-multimedia.rules)

Modified Rules:


 * 1:59717 <-> DISABLED <-> FILE-IMAGE Directshow GIF logical width overflow attempt (file-image.rules)
 * 1:58240 <-> DISABLED <-> SERVER-OTHER OpenSSL TLS large handshake out of bounds read attempt (server-other.rules)
 * 1:58239 <-> DISABLED <-> SERVER-OTHER OpenSSL TLS large handshake out of bounds read attempt (server-other.rules)
 * 1:62789 <-> ENABLED <-> SERVER-WEBAPP Apache Struts file upload directory traversal attempt (server-webapp.rules)
 * 1:58241 <-> DISABLED <-> SERVER-OTHER OpenSSL TLS large handshake out of bounds read attempt (server-other.rules)
 * 1:59716 <-> DISABLED <-> FILE-IMAGE Directshow GIF logical width overflow attempt (file-image.rules)
 * 1:59714 <-> DISABLED <-> FILE-IMAGE Directshow GIF logical height overflow attempt (file-image.rules)
 * 1:59715 <-> DISABLED <-> FILE-IMAGE Directshow GIF logical height overflow attempt (file-image.rules)

29151

2025-03-04 14:23:07 UTC

Snort Subscriber Rules Update

Date: 2025-03-04

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2091501.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:64633 <-> DISABLED <-> MALWARE-OTHER Ps1.Loader.Agent variant download attempt (malware-other.rules)
 * 1:64630 <-> DISABLED <-> MALWARE-OTHER Ps1.Loader.Agent variant download attempt (malware-other.rules)
 * 1:64631 <-> DISABLED <-> MALWARE-OTHER Ps1.Loader.Agent variant download attempt (malware-other.rules)
 * 1:64629 <-> ENABLED <-> SERVER-WEBAPP Ivanti Cloud Services Appliance SQL injection attempt (server-webapp.rules)
 * 1:64622 <-> DISABLED <-> INDICATOR-OBFUSCATION JavaScript exploit obfuscation attempt (indicator-obfuscation.rules)
 * 1:64623 <-> DISABLED <-> FILE-OFFICE Microsoft Outlook nested S/MIME messages memory corruption attempt (file-office.rules)
 * 1:64624 <-> DISABLED <-> MALWARE-CNC Win.Trojan.I2PRAT variant outbound connection attempt (malware-cnc.rules)
 * 1:64628 <-> ENABLED <-> SERVER-WEBAPP Ivanti Cloud Services Appliance SQL injection attempt (server-webapp.rules)
 * 1:64626 <-> DISABLED <-> FILE-OFFICE Delta Electronics DOPSoft 2 input validation bypass attempt (file-office.rules)
 * 1:64625 <-> DISABLED <-> FILE-OFFICE Delta Electronics DOPSoft 2 input validation bypass attempt (file-office.rules)
 * 1:64627 <-> ENABLED <-> SERVER-WEBAPP Ivanti Cloud Services Appliance SQL injection attempt (server-webapp.rules)
 * 1:64632 <-> DISABLED <-> MALWARE-OTHER Ps1.Loader.Agent variant download attempt (malware-other.rules)
 * 3:64634 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2024-2063 attack attempt (file-multimedia.rules)
 * 3:64635 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2024-2063 attack attempt (file-multimedia.rules)

Modified Rules:


 * 1:62789 <-> ENABLED <-> SERVER-WEBAPP Apache Struts file upload directory traversal attempt (server-webapp.rules)
 * 1:58241 <-> DISABLED <-> SERVER-OTHER OpenSSL TLS large handshake out of bounds read attempt (server-other.rules)
 * 1:59717 <-> DISABLED <-> FILE-IMAGE Directshow GIF logical width overflow attempt (file-image.rules)
 * 1:58239 <-> DISABLED <-> SERVER-OTHER OpenSSL TLS large handshake out of bounds read attempt (server-other.rules)
 * 1:59715 <-> DISABLED <-> FILE-IMAGE Directshow GIF logical height overflow attempt (file-image.rules)
 * 1:59716 <-> DISABLED <-> FILE-IMAGE Directshow GIF logical width overflow attempt (file-image.rules)
 * 1:59714 <-> DISABLED <-> FILE-IMAGE Directshow GIF logical height overflow attempt (file-image.rules)
 * 1:58240 <-> DISABLED <-> SERVER-OTHER OpenSSL TLS large handshake out of bounds read attempt (server-other.rules)

29141

2025-03-04 14:23:07 UTC

Snort Subscriber Rules Update

Date: 2025-03-04

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2091401.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:64629 <-> ENABLED <-> SERVER-WEBAPP Ivanti Cloud Services Appliance SQL injection attempt (server-webapp.rules)
 * 1:64631 <-> DISABLED <-> MALWARE-OTHER Ps1.Loader.Agent variant download attempt (malware-other.rules)
 * 1:64622 <-> DISABLED <-> INDICATOR-OBFUSCATION JavaScript exploit obfuscation attempt (indicator-obfuscation.rules)
 * 1:64626 <-> DISABLED <-> FILE-OFFICE Delta Electronics DOPSoft 2 input validation bypass attempt (file-office.rules)
 * 1:64623 <-> DISABLED <-> FILE-OFFICE Microsoft Outlook nested S/MIME messages memory corruption attempt (file-office.rules)
 * 1:64627 <-> ENABLED <-> SERVER-WEBAPP Ivanti Cloud Services Appliance SQL injection attempt (server-webapp.rules)
 * 1:64628 <-> ENABLED <-> SERVER-WEBAPP Ivanti Cloud Services Appliance SQL injection attempt (server-webapp.rules)
 * 1:64624 <-> DISABLED <-> MALWARE-CNC Win.Trojan.I2PRAT variant outbound connection attempt (malware-cnc.rules)
 * 1:64625 <-> DISABLED <-> FILE-OFFICE Delta Electronics DOPSoft 2 input validation bypass attempt (file-office.rules)
 * 1:64630 <-> DISABLED <-> MALWARE-OTHER Ps1.Loader.Agent variant download attempt (malware-other.rules)
 * 1:64632 <-> DISABLED <-> MALWARE-OTHER Ps1.Loader.Agent variant download attempt (malware-other.rules)
 * 1:64633 <-> DISABLED <-> MALWARE-OTHER Ps1.Loader.Agent variant download attempt (malware-other.rules)
 * 3:64635 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2024-2063 attack attempt (file-multimedia.rules)
 * 3:64634 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2024-2063 attack attempt (file-multimedia.rules)

Modified Rules:


 * 1:59717 <-> DISABLED <-> FILE-IMAGE Directshow GIF logical width overflow attempt (file-image.rules)
 * 1:59716 <-> DISABLED <-> FILE-IMAGE Directshow GIF logical width overflow attempt (file-image.rules)
 * 1:58240 <-> DISABLED <-> SERVER-OTHER OpenSSL TLS large handshake out of bounds read attempt (server-other.rules)
 * 1:58241 <-> DISABLED <-> SERVER-OTHER OpenSSL TLS large handshake out of bounds read attempt (server-other.rules)
 * 1:58239 <-> DISABLED <-> SERVER-OTHER OpenSSL TLS large handshake out of bounds read attempt (server-other.rules)
 * 1:59715 <-> DISABLED <-> FILE-IMAGE Directshow GIF logical height overflow attempt (file-image.rules)
 * 1:62789 <-> ENABLED <-> SERVER-WEBAPP Apache Struts file upload directory traversal attempt (server-webapp.rules)
 * 1:59714 <-> DISABLED <-> FILE-IMAGE Directshow GIF logical height overflow attempt (file-image.rules)

29130

2025-03-04 14:23:07 UTC

Snort Subscriber Rules Update

Date: 2025-03-04

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2091300.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:64626 <-> DISABLED <-> FILE-OFFICE Delta Electronics DOPSoft 2 input validation bypass attempt (file-office.rules)
 * 1:64632 <-> DISABLED <-> MALWARE-OTHER Ps1.Loader.Agent variant download attempt (malware-other.rules)
 * 1:64629 <-> ENABLED <-> SERVER-WEBAPP Ivanti Cloud Services Appliance SQL injection attempt (server-webapp.rules)
 * 1:64628 <-> ENABLED <-> SERVER-WEBAPP Ivanti Cloud Services Appliance SQL injection attempt (server-webapp.rules)
 * 1:64631 <-> DISABLED <-> MALWARE-OTHER Ps1.Loader.Agent variant download attempt (malware-other.rules)
 * 1:64627 <-> ENABLED <-> SERVER-WEBAPP Ivanti Cloud Services Appliance SQL injection attempt (server-webapp.rules)
 * 1:64622 <-> DISABLED <-> INDICATOR-OBFUSCATION JavaScript exploit obfuscation attempt (indicator-obfuscation.rules)
 * 1:64623 <-> DISABLED <-> FILE-OFFICE Microsoft Outlook nested S/MIME messages memory corruption attempt (file-office.rules)
 * 1:64630 <-> DISABLED <-> MALWARE-OTHER Ps1.Loader.Agent variant download attempt (malware-other.rules)
 * 1:64624 <-> DISABLED <-> MALWARE-CNC Win.Trojan.I2PRAT variant outbound connection attempt (malware-cnc.rules)
 * 1:64625 <-> DISABLED <-> FILE-OFFICE Delta Electronics DOPSoft 2 input validation bypass attempt (file-office.rules)
 * 1:64633 <-> DISABLED <-> MALWARE-OTHER Ps1.Loader.Agent variant download attempt (malware-other.rules)
 * 3:64635 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2024-2063 attack attempt (file-multimedia.rules)
 * 3:64634 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2024-2063 attack attempt (file-multimedia.rules)

Modified Rules:


 * 1:58240 <-> DISABLED <-> SERVER-OTHER OpenSSL TLS large handshake out of bounds read attempt (server-other.rules)
 * 1:62789 <-> ENABLED <-> SERVER-WEBAPP Apache Struts file upload directory traversal attempt (server-webapp.rules)
 * 1:58239 <-> DISABLED <-> SERVER-OTHER OpenSSL TLS large handshake out of bounds read attempt (server-other.rules)
 * 1:58241 <-> DISABLED <-> SERVER-OTHER OpenSSL TLS large handshake out of bounds read attempt (server-other.rules)
 * 1:59715 <-> DISABLED <-> FILE-IMAGE Directshow GIF logical height overflow attempt (file-image.rules)
 * 1:59716 <-> DISABLED <-> FILE-IMAGE Directshow GIF logical width overflow attempt (file-image.rules)
 * 1:59717 <-> DISABLED <-> FILE-IMAGE Directshow GIF logical width overflow attempt (file-image.rules)
 * 1:59714 <-> DISABLED <-> FILE-IMAGE Directshow GIF logical height overflow attempt (file-image.rules)

29111

2025-03-04 14:23:07 UTC

Snort Subscriber Rules Update

Date: 2025-03-04

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2091101.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:64631 <-> DISABLED <-> MALWARE-OTHER Ps1.Loader.Agent variant download attempt (malware-other.rules)
 * 1:64632 <-> DISABLED <-> MALWARE-OTHER Ps1.Loader.Agent variant download attempt (malware-other.rules)
 * 1:64625 <-> DISABLED <-> FILE-OFFICE Delta Electronics DOPSoft 2 input validation bypass attempt (file-office.rules)
 * 1:64629 <-> ENABLED <-> SERVER-WEBAPP Ivanti Cloud Services Appliance SQL injection attempt (server-webapp.rules)
 * 1:64630 <-> DISABLED <-> MALWARE-OTHER Ps1.Loader.Agent variant download attempt (malware-other.rules)
 * 1:64628 <-> ENABLED <-> SERVER-WEBAPP Ivanti Cloud Services Appliance SQL injection attempt (server-webapp.rules)
 * 1:64626 <-> DISABLED <-> FILE-OFFICE Delta Electronics DOPSoft 2 input validation bypass attempt (file-office.rules)
 * 1:64627 <-> ENABLED <-> SERVER-WEBAPP Ivanti Cloud Services Appliance SQL injection attempt (server-webapp.rules)
 * 1:64633 <-> DISABLED <-> MALWARE-OTHER Ps1.Loader.Agent variant download attempt (malware-other.rules)
 * 1:64623 <-> DISABLED <-> FILE-OFFICE Microsoft Outlook nested S/MIME messages memory corruption attempt (file-office.rules)
 * 1:64622 <-> DISABLED <-> INDICATOR-OBFUSCATION JavaScript exploit obfuscation attempt (indicator-obfuscation.rules)
 * 1:64624 <-> DISABLED <-> MALWARE-CNC Win.Trojan.I2PRAT variant outbound connection attempt (malware-cnc.rules)
 * 3:64634 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2024-2063 attack attempt (file-multimedia.rules)
 * 3:64635 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2024-2063 attack attempt (file-multimedia.rules)

Modified Rules:


 * 1:59716 <-> DISABLED <-> FILE-IMAGE Directshow GIF logical width overflow attempt (file-image.rules)
 * 1:58240 <-> DISABLED <-> SERVER-OTHER OpenSSL TLS large handshake out of bounds read attempt (server-other.rules)
 * 1:59715 <-> DISABLED <-> FILE-IMAGE Directshow GIF logical height overflow attempt (file-image.rules)
 * 1:59717 <-> DISABLED <-> FILE-IMAGE Directshow GIF logical width overflow attempt (file-image.rules)
 * 1:58241 <-> DISABLED <-> SERVER-OTHER OpenSSL TLS large handshake out of bounds read attempt (server-other.rules)
 * 1:62789 <-> ENABLED <-> SERVER-WEBAPP Apache Struts file upload directory traversal attempt (server-webapp.rules)
 * 1:59714 <-> DISABLED <-> FILE-IMAGE Directshow GIF logical height overflow attempt (file-image.rules)
 * 1:58239 <-> DISABLED <-> SERVER-OTHER OpenSSL TLS large handshake out of bounds read attempt (server-other.rules)

3000

2025-03-04 14:28:42 UTC

Snort Subscriber Rules Update

Date: 2025-03-03-001

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.0.0.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:301155 <-> FILE-OFFICE Delta Electronics DOPSoft 2 input validation bypass attempt
* 1:301156 <-> MALWARE-OTHER Ps1.Loader.Agent variant download attempt
* 1:301157 <-> MALWARE-OTHER Ps1.Loader.Agent variant download attempt
* 1:64622 <-> INDICATOR-OBFUSCATION JavaScript exploit obfuscation attempt
* 1:64623 <-> FILE-OFFICE Microsoft Outlook nested S/MIME messages memory corruption attempt
* 1:64624 <-> MALWARE-CNC Win.Trojan.I2PRAT variant outbound connection attempt
* 1:64627 <-> SERVER-WEBAPP Ivanti Cloud Services Appliance SQL injection attempt
* 1:64628 <-> SERVER-WEBAPP Ivanti Cloud Services Appliance SQL injection attempt
* 1:64629 <-> SERVER-WEBAPP Ivanti Cloud Services Appliance SQL injection attempt
* 3:64634 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2024-2063 attack attempt
* 3:64635 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2024-2063 attack attempt

Modified Rules:

* 1:300115 <-> FILE-IMAGE Directshow GIF logical height overflow attempt
* 1:300116 <-> FILE-IMAGE Directshow GIF logical width overflow attempt
* 1:62789 <-> SERVER-WEBAPP Apache Struts file upload directory traversal attempt

3031

2025-03-04 14:28:42 UTC

Snort Subscriber Rules Update

Date: 2025-03-03-001

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.0.3.1.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:301155 <-> FILE-OFFICE Delta Electronics DOPSoft 2 input validation bypass attempt
* 1:301156 <-> MALWARE-OTHER Ps1.Loader.Agent variant download attempt
* 1:301157 <-> MALWARE-OTHER Ps1.Loader.Agent variant download attempt
* 1:64622 <-> INDICATOR-OBFUSCATION JavaScript exploit obfuscation attempt
* 1:64623 <-> FILE-OFFICE Microsoft Outlook nested S/MIME messages memory corruption attempt
* 1:64624 <-> MALWARE-CNC Win.Trojan.I2PRAT variant outbound connection attempt
* 1:64627 <-> SERVER-WEBAPP Ivanti Cloud Services Appliance SQL injection attempt
* 1:64628 <-> SERVER-WEBAPP Ivanti Cloud Services Appliance SQL injection attempt
* 1:64629 <-> SERVER-WEBAPP Ivanti Cloud Services Appliance SQL injection attempt
* 3:64634 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2024-2063 attack attempt
* 3:64635 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2024-2063 attack attempt

Modified Rules:

* 1:300115 <-> FILE-IMAGE Directshow GIF logical height overflow attempt
* 1:300116 <-> FILE-IMAGE Directshow GIF logical width overflow attempt
* 1:62789 <-> SERVER-WEBAPP Apache Struts file upload directory traversal attempt

3034

2025-03-04 14:28:42 UTC

Snort Subscriber Rules Update

Date: 2025-03-03-001

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.0.3.4.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:301155 <-> FILE-OFFICE Delta Electronics DOPSoft 2 input validation bypass attempt
* 1:301156 <-> MALWARE-OTHER Ps1.Loader.Agent variant download attempt
* 1:301157 <-> MALWARE-OTHER Ps1.Loader.Agent variant download attempt
* 1:64622 <-> INDICATOR-OBFUSCATION JavaScript exploit obfuscation attempt
* 1:64623 <-> FILE-OFFICE Microsoft Outlook nested S/MIME messages memory corruption attempt
* 1:64624 <-> MALWARE-CNC Win.Trojan.I2PRAT variant outbound connection attempt
* 1:64627 <-> SERVER-WEBAPP Ivanti Cloud Services Appliance SQL injection attempt
* 1:64628 <-> SERVER-WEBAPP Ivanti Cloud Services Appliance SQL injection attempt
* 1:64629 <-> SERVER-WEBAPP Ivanti Cloud Services Appliance SQL injection attempt
* 3:64634 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2024-2063 attack attempt
* 3:64635 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2024-2063 attack attempt

Modified Rules:

* 1:300115 <-> FILE-IMAGE Directshow GIF logical height overflow attempt
* 1:300116 <-> FILE-IMAGE Directshow GIF logical width overflow attempt
* 1:62789 <-> SERVER-WEBAPP Apache Struts file upload directory traversal attempt

3100

2025-03-04 14:28:43 UTC

Snort Subscriber Rules Update

Date: 2025-03-03-001

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.0.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:301155 <-> FILE-OFFICE Delta Electronics DOPSoft 2 input validation bypass attempt
* 1:301156 <-> MALWARE-OTHER Ps1.Loader.Agent variant download attempt
* 1:301157 <-> MALWARE-OTHER Ps1.Loader.Agent variant download attempt
* 1:64622 <-> INDICATOR-OBFUSCATION JavaScript exploit obfuscation attempt
* 1:64623 <-> FILE-OFFICE Microsoft Outlook nested S/MIME messages memory corruption attempt
* 1:64624 <-> MALWARE-CNC Win.Trojan.I2PRAT variant outbound connection attempt
* 1:64627 <-> SERVER-WEBAPP Ivanti Cloud Services Appliance SQL injection attempt
* 1:64628 <-> SERVER-WEBAPP Ivanti Cloud Services Appliance SQL injection attempt
* 1:64629 <-> SERVER-WEBAPP Ivanti Cloud Services Appliance SQL injection attempt
* 3:64634 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2024-2063 attack attempt
* 3:64635 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2024-2063 attack attempt

Modified Rules:

* 1:300115 <-> FILE-IMAGE Directshow GIF logical height overflow attempt
* 1:300116 <-> FILE-IMAGE Directshow GIF logical width overflow attempt
* 1:62789 <-> SERVER-WEBAPP Apache Struts file upload directory traversal attempt

3101

2025-03-04 14:28:43 UTC

Snort Subscriber Rules Update

Date: 2025-03-03-001

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.0.1.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:301155 <-> FILE-OFFICE Delta Electronics DOPSoft 2 input validation bypass attempt
* 1:301156 <-> MALWARE-OTHER Ps1.Loader.Agent variant download attempt
* 1:301157 <-> MALWARE-OTHER Ps1.Loader.Agent variant download attempt
* 1:64622 <-> INDICATOR-OBFUSCATION JavaScript exploit obfuscation attempt
* 1:64623 <-> FILE-OFFICE Microsoft Outlook nested S/MIME messages memory corruption attempt
* 1:64624 <-> MALWARE-CNC Win.Trojan.I2PRAT variant outbound connection attempt
* 1:64627 <-> SERVER-WEBAPP Ivanti Cloud Services Appliance SQL injection attempt
* 1:64628 <-> SERVER-WEBAPP Ivanti Cloud Services Appliance SQL injection attempt
* 1:64629 <-> SERVER-WEBAPP Ivanti Cloud Services Appliance SQL injection attempt
* 3:64634 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2024-2063 attack attempt
* 3:64635 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2024-2063 attack attempt

Modified Rules:

* 1:300115 <-> FILE-IMAGE Directshow GIF logical height overflow attempt
* 1:300116 <-> FILE-IMAGE Directshow GIF logical width overflow attempt
* 1:62789 <-> SERVER-WEBAPP Apache Struts file upload directory traversal attempt

3110

2025-03-04 14:28:43 UTC

Snort Subscriber Rules Update

Date: 2025-03-03-001

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.1.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:301155 <-> FILE-OFFICE Delta Electronics DOPSoft 2 input validation bypass attempt
* 1:301156 <-> MALWARE-OTHER Ps1.Loader.Agent variant download attempt
* 1:301157 <-> MALWARE-OTHER Ps1.Loader.Agent variant download attempt
* 1:64622 <-> INDICATOR-OBFUSCATION JavaScript exploit obfuscation attempt
* 1:64623 <-> FILE-OFFICE Microsoft Outlook nested S/MIME messages memory corruption attempt
* 1:64624 <-> MALWARE-CNC Win.Trojan.I2PRAT variant outbound connection attempt
* 1:64627 <-> SERVER-WEBAPP Ivanti Cloud Services Appliance SQL injection attempt
* 1:64628 <-> SERVER-WEBAPP Ivanti Cloud Services Appliance SQL injection attempt
* 1:64629 <-> SERVER-WEBAPP Ivanti Cloud Services Appliance SQL injection attempt
* 3:64634 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2024-2063 attack attempt
* 3:64635 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2024-2063 attack attempt

Modified Rules:

* 1:300115 <-> FILE-IMAGE Directshow GIF logical height overflow attempt
* 1:300116 <-> FILE-IMAGE Directshow GIF logical width overflow attempt
* 1:62789 <-> SERVER-WEBAPP Apache Struts file upload directory traversal attempt

3130

2025-03-04 14:28:43 UTC

Snort Subscriber Rules Update

Date: 2025-03-03-001

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.3.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:301155 <-> FILE-OFFICE Delta Electronics DOPSoft 2 input validation bypass attempt
* 1:301156 <-> MALWARE-OTHER Ps1.Loader.Agent variant download attempt
* 1:301157 <-> MALWARE-OTHER Ps1.Loader.Agent variant download attempt
* 1:64622 <-> INDICATOR-OBFUSCATION JavaScript exploit obfuscation attempt
* 1:64623 <-> FILE-OFFICE Microsoft Outlook nested S/MIME messages memory corruption attempt
* 1:64624 <-> MALWARE-CNC Win.Trojan.I2PRAT variant outbound connection attempt
* 1:64627 <-> SERVER-WEBAPP Ivanti Cloud Services Appliance SQL injection attempt
* 1:64628 <-> SERVER-WEBAPP Ivanti Cloud Services Appliance SQL injection attempt
* 1:64629 <-> SERVER-WEBAPP Ivanti Cloud Services Appliance SQL injection attempt
* 3:64634 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2024-2063 attack attempt
* 3:64635 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2024-2063 attack attempt

Modified Rules:

* 1:300115 <-> FILE-IMAGE Directshow GIF logical height overflow attempt
* 1:300116 <-> FILE-IMAGE Directshow GIF logical width overflow attempt
* 1:62789 <-> SERVER-WEBAPP Apache Struts file upload directory traversal attempt

3140

2025-03-04 14:28:43 UTC

Snort Subscriber Rules Update

Date: 2025-03-03-001

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.4.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:301155 <-> FILE-OFFICE Delta Electronics DOPSoft 2 input validation bypass attempt
* 1:301156 <-> MALWARE-OTHER Ps1.Loader.Agent variant download attempt
* 1:301157 <-> MALWARE-OTHER Ps1.Loader.Agent variant download attempt
* 1:64622 <-> INDICATOR-OBFUSCATION JavaScript exploit obfuscation attempt
* 1:64623 <-> FILE-OFFICE Microsoft Outlook nested S/MIME messages memory corruption attempt
* 1:64624 <-> MALWARE-CNC Win.Trojan.I2PRAT variant outbound connection attempt
* 1:64627 <-> SERVER-WEBAPP Ivanti Cloud Services Appliance SQL injection attempt
* 1:64628 <-> SERVER-WEBAPP Ivanti Cloud Services Appliance SQL injection attempt
* 1:64629 <-> SERVER-WEBAPP Ivanti Cloud Services Appliance SQL injection attempt
* 3:64634 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2024-2063 attack attempt
* 3:64635 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2024-2063 attack attempt

Modified Rules:

* 1:300115 <-> FILE-IMAGE Directshow GIF logical height overflow attempt
* 1:300116 <-> FILE-IMAGE Directshow GIF logical width overflow attempt
* 1:62789 <-> SERVER-WEBAPP Apache Struts file upload directory traversal attempt

3150

2025-03-04 14:28:43 UTC

Snort Subscriber Rules Update

Date: 2025-03-03-001

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.5.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:301155 <-> FILE-OFFICE Delta Electronics DOPSoft 2 input validation bypass attempt
* 1:301156 <-> MALWARE-OTHER Ps1.Loader.Agent variant download attempt
* 1:301157 <-> MALWARE-OTHER Ps1.Loader.Agent variant download attempt
* 1:64622 <-> INDICATOR-OBFUSCATION JavaScript exploit obfuscation attempt
* 1:64623 <-> FILE-OFFICE Microsoft Outlook nested S/MIME messages memory corruption attempt
* 1:64624 <-> MALWARE-CNC Win.Trojan.I2PRAT variant outbound connection attempt
* 1:64627 <-> SERVER-WEBAPP Ivanti Cloud Services Appliance SQL injection attempt
* 1:64628 <-> SERVER-WEBAPP Ivanti Cloud Services Appliance SQL injection attempt
* 1:64629 <-> SERVER-WEBAPP Ivanti Cloud Services Appliance SQL injection attempt
* 3:64634 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2024-2063 attack attempt
* 3:64635 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2024-2063 attack attempt

Modified Rules:

* 1:300115 <-> FILE-IMAGE Directshow GIF logical height overflow attempt
* 1:300116 <-> FILE-IMAGE Directshow GIF logical width overflow attempt
* 1:62789 <-> SERVER-WEBAPP Apache Struts file upload directory traversal attempt

3170

2025-03-04 14:28:43 UTC

Snort Subscriber Rules Update

Date: 2025-03-03-001

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.7.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:301155 <-> FILE-OFFICE Delta Electronics DOPSoft 2 input validation bypass attempt
* 1:301156 <-> MALWARE-OTHER Ps1.Loader.Agent variant download attempt
* 1:301157 <-> MALWARE-OTHER Ps1.Loader.Agent variant download attempt
* 1:64622 <-> INDICATOR-OBFUSCATION JavaScript exploit obfuscation attempt
* 1:64623 <-> FILE-OFFICE Microsoft Outlook nested S/MIME messages memory corruption attempt
* 1:64624 <-> MALWARE-CNC Win.Trojan.I2PRAT variant outbound connection attempt
* 1:64627 <-> SERVER-WEBAPP Ivanti Cloud Services Appliance SQL injection attempt
* 1:64628 <-> SERVER-WEBAPP Ivanti Cloud Services Appliance SQL injection attempt
* 1:64629 <-> SERVER-WEBAPP Ivanti Cloud Services Appliance SQL injection attempt
* 3:64634 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2024-2063 attack attempt
* 3:64635 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2024-2063 attack attempt

Modified Rules:

* 1:300115 <-> FILE-IMAGE Directshow GIF logical height overflow attempt
* 1:300116 <-> FILE-IMAGE Directshow GIF logical width overflow attempt
* 1:62789 <-> SERVER-WEBAPP Apache Struts file upload directory traversal attempt

3190

2025-03-04 14:28:43 UTC

Snort Subscriber Rules Update

Date: 2025-03-03-001

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.9.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:301155 <-> FILE-OFFICE Delta Electronics DOPSoft 2 input validation bypass attempt
* 1:301156 <-> MALWARE-OTHER Ps1.Loader.Agent variant download attempt
* 1:301157 <-> MALWARE-OTHER Ps1.Loader.Agent variant download attempt
* 1:64622 <-> INDICATOR-OBFUSCATION JavaScript exploit obfuscation attempt
* 1:64623 <-> FILE-OFFICE Microsoft Outlook nested S/MIME messages memory corruption attempt
* 1:64624 <-> MALWARE-CNC Win.Trojan.I2PRAT variant outbound connection attempt
* 1:64627 <-> SERVER-WEBAPP Ivanti Cloud Services Appliance SQL injection attempt
* 1:64628 <-> SERVER-WEBAPP Ivanti Cloud Services Appliance SQL injection attempt
* 1:64629 <-> SERVER-WEBAPP Ivanti Cloud Services Appliance SQL injection attempt
* 3:64634 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2024-2063 attack attempt
* 3:64635 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2024-2063 attack attempt

Modified Rules:

* 1:300115 <-> FILE-IMAGE Directshow GIF logical height overflow attempt
* 1:300116 <-> FILE-IMAGE Directshow GIF logical width overflow attempt
* 1:62789 <-> SERVER-WEBAPP Apache Struts file upload directory traversal attempt

3200

2025-03-04 14:28:43 UTC

Snort Subscriber Rules Update

Date: 2025-03-03-001

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.2.0.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:301155 <-> FILE-OFFICE Delta Electronics DOPSoft 2 input validation bypass attempt
* 1:301156 <-> MALWARE-OTHER Ps1.Loader.Agent variant download attempt
* 1:301157 <-> MALWARE-OTHER Ps1.Loader.Agent variant download attempt
* 1:64622 <-> INDICATOR-OBFUSCATION JavaScript exploit obfuscation attempt
* 1:64623 <-> FILE-OFFICE Microsoft Outlook nested S/MIME messages memory corruption attempt
* 1:64624 <-> MALWARE-CNC Win.Trojan.I2PRAT variant outbound connection attempt
* 1:64627 <-> SERVER-WEBAPP Ivanti Cloud Services Appliance SQL injection attempt
* 1:64628 <-> SERVER-WEBAPP Ivanti Cloud Services Appliance SQL injection attempt
* 1:64629 <-> SERVER-WEBAPP Ivanti Cloud Services Appliance SQL injection attempt
* 3:64634 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2024-2063 attack attempt
* 3:64635 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2024-2063 attack attempt

Modified Rules:

* 1:300115 <-> FILE-IMAGE Directshow GIF logical height overflow attempt
* 1:300116 <-> FILE-IMAGE Directshow GIF logical width overflow attempt
* 1:62789 <-> SERVER-WEBAPP Apache Struts file upload directory traversal attempt

3700

2025-03-04 14:28:43 UTC

Snort Subscriber Rules Update

Date: 2025-03-03-001

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.7.0.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:301155 <-> FILE-OFFICE Delta Electronics DOPSoft 2 input validation bypass attempt
* 1:301156 <-> MALWARE-OTHER Ps1.Loader.Agent variant download attempt
* 1:301157 <-> MALWARE-OTHER Ps1.Loader.Agent variant download attempt
* 1:64622 <-> INDICATOR-OBFUSCATION JavaScript exploit obfuscation attempt
* 1:64623 <-> FILE-OFFICE Microsoft Outlook nested S/MIME messages memory corruption attempt
* 1:64624 <-> MALWARE-CNC Win.Trojan.I2PRAT variant outbound connection attempt
* 1:64627 <-> SERVER-WEBAPP Ivanti Cloud Services Appliance SQL injection attempt
* 1:64628 <-> SERVER-WEBAPP Ivanti Cloud Services Appliance SQL injection attempt
* 1:64629 <-> SERVER-WEBAPP Ivanti Cloud Services Appliance SQL injection attempt
* 3:64634 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2024-2063 attack attempt
* 3:64635 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2024-2063 attack attempt

Modified Rules:

* 1:300115 <-> FILE-IMAGE Directshow GIF logical height overflow attempt
* 1:300116 <-> FILE-IMAGE Directshow GIF logical width overflow attempt
* 1:62789 <-> SERVER-WEBAPP Apache Struts file upload directory traversal attempt

31110

2025-03-04 14:28:43 UTC

Snort Subscriber Rules Update

Date: 2025-03-03-001

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.11.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:301155 <-> FILE-OFFICE Delta Electronics DOPSoft 2 input validation bypass attempt
* 1:301156 <-> MALWARE-OTHER Ps1.Loader.Agent variant download attempt
* 1:301157 <-> MALWARE-OTHER Ps1.Loader.Agent variant download attempt
* 1:64622 <-> INDICATOR-OBFUSCATION JavaScript exploit obfuscation attempt
* 1:64623 <-> FILE-OFFICE Microsoft Outlook nested S/MIME messages memory corruption attempt
* 1:64624 <-> MALWARE-CNC Win.Trojan.I2PRAT variant outbound connection attempt
* 1:64627 <-> SERVER-WEBAPP Ivanti Cloud Services Appliance SQL injection attempt
* 1:64628 <-> SERVER-WEBAPP Ivanti Cloud Services Appliance SQL injection attempt
* 1:64629 <-> SERVER-WEBAPP Ivanti Cloud Services Appliance SQL injection attempt
* 3:64634 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2024-2063 attack attempt
* 3:64635 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2024-2063 attack attempt

Modified Rules:

* 1:300115 <-> FILE-IMAGE Directshow GIF logical height overflow attempt
* 1:300116 <-> FILE-IMAGE Directshow GIF logical width overflow attempt
* 1:62789 <-> SERVER-WEBAPP Apache Struts file upload directory traversal attempt

31150

2025-03-04 14:28:43 UTC

Snort Subscriber Rules Update

Date: 2025-03-03-001

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.15.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:301155 <-> FILE-OFFICE Delta Electronics DOPSoft 2 input validation bypass attempt
* 1:301156 <-> MALWARE-OTHER Ps1.Loader.Agent variant download attempt
* 1:301157 <-> MALWARE-OTHER Ps1.Loader.Agent variant download attempt
* 1:64622 <-> INDICATOR-OBFUSCATION JavaScript exploit obfuscation attempt
* 1:64623 <-> FILE-OFFICE Microsoft Outlook nested S/MIME messages memory corruption attempt
* 1:64624 <-> MALWARE-CNC Win.Trojan.I2PRAT variant outbound connection attempt
* 1:64627 <-> SERVER-WEBAPP Ivanti Cloud Services Appliance SQL injection attempt
* 1:64628 <-> SERVER-WEBAPP Ivanti Cloud Services Appliance SQL injection attempt
* 1:64629 <-> SERVER-WEBAPP Ivanti Cloud Services Appliance SQL injection attempt
* 3:64634 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2024-2063 attack attempt
* 3:64635 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2024-2063 attack attempt

Modified Rules:

* 1:300115 <-> FILE-IMAGE Directshow GIF logical height overflow attempt
* 1:300116 <-> FILE-IMAGE Directshow GIF logical width overflow attempt
* 1:62789 <-> SERVER-WEBAPP Apache Struts file upload directory traversal attempt

31180

2025-03-04 14:28:43 UTC

Snort Subscriber Rules Update

Date: 2025-03-03-001

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.18.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:301155 <-> FILE-OFFICE Delta Electronics DOPSoft 2 input validation bypass attempt
* 1:301156 <-> MALWARE-OTHER Ps1.Loader.Agent variant download attempt
* 1:301157 <-> MALWARE-OTHER Ps1.Loader.Agent variant download attempt
* 1:64622 <-> INDICATOR-OBFUSCATION JavaScript exploit obfuscation attempt
* 1:64623 <-> FILE-OFFICE Microsoft Outlook nested S/MIME messages memory corruption attempt
* 1:64624 <-> MALWARE-CNC Win.Trojan.I2PRAT variant outbound connection attempt
* 1:64627 <-> SERVER-WEBAPP Ivanti Cloud Services Appliance SQL injection attempt
* 1:64628 <-> SERVER-WEBAPP Ivanti Cloud Services Appliance SQL injection attempt
* 1:64629 <-> SERVER-WEBAPP Ivanti Cloud Services Appliance SQL injection attempt
* 3:64634 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2024-2063 attack attempt
* 3:64635 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2024-2063 attack attempt

Modified Rules:

* 1:300115 <-> FILE-IMAGE Directshow GIF logical height overflow attempt
* 1:300116 <-> FILE-IMAGE Directshow GIF logical width overflow attempt
* 1:62789 <-> SERVER-WEBAPP Apache Struts file upload directory traversal attempt

31200

2025-03-04 14:28:43 UTC

Snort Subscriber Rules Update

Date: 2025-03-03-001

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.20.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:301155 <-> FILE-OFFICE Delta Electronics DOPSoft 2 input validation bypass attempt
* 1:301156 <-> MALWARE-OTHER Ps1.Loader.Agent variant download attempt
* 1:301157 <-> MALWARE-OTHER Ps1.Loader.Agent variant download attempt
* 1:64622 <-> INDICATOR-OBFUSCATION JavaScript exploit obfuscation attempt
* 1:64623 <-> FILE-OFFICE Microsoft Outlook nested S/MIME messages memory corruption attempt
* 1:64624 <-> MALWARE-CNC Win.Trojan.I2PRAT variant outbound connection attempt
* 1:64627 <-> SERVER-WEBAPP Ivanti Cloud Services Appliance SQL injection attempt
* 1:64628 <-> SERVER-WEBAPP Ivanti Cloud Services Appliance SQL injection attempt
* 1:64629 <-> SERVER-WEBAPP Ivanti Cloud Services Appliance SQL injection attempt
* 3:64634 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2024-2063 attack attempt
* 3:64635 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2024-2063 attack attempt

Modified Rules:

* 1:300115 <-> FILE-IMAGE Directshow GIF logical height overflow attempt
* 1:300116 <-> FILE-IMAGE Directshow GIF logical width overflow attempt
* 1:62789 <-> SERVER-WEBAPP Apache Struts file upload directory traversal attempt

31210

2025-03-04 14:28:43 UTC

Snort Subscriber Rules Update

Date: 2025-03-03-001

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.21.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:301155 <-> FILE-OFFICE Delta Electronics DOPSoft 2 input validation bypass attempt
* 1:301156 <-> MALWARE-OTHER Ps1.Loader.Agent variant download attempt
* 1:301157 <-> MALWARE-OTHER Ps1.Loader.Agent variant download attempt
* 1:64622 <-> INDICATOR-OBFUSCATION JavaScript exploit obfuscation attempt
* 1:64623 <-> FILE-OFFICE Microsoft Outlook nested S/MIME messages memory corruption attempt
* 1:64624 <-> MALWARE-CNC Win.Trojan.I2PRAT variant outbound connection attempt
* 1:64627 <-> SERVER-WEBAPP Ivanti Cloud Services Appliance SQL injection attempt
* 1:64628 <-> SERVER-WEBAPP Ivanti Cloud Services Appliance SQL injection attempt
* 1:64629 <-> SERVER-WEBAPP Ivanti Cloud Services Appliance SQL injection attempt
* 3:64634 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2024-2063 attack attempt
* 3:64635 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2024-2063 attack attempt

Modified Rules:

* 1:300115 <-> FILE-IMAGE Directshow GIF logical height overflow attempt
* 1:300116 <-> FILE-IMAGE Directshow GIF logical width overflow attempt
* 1:62789 <-> SERVER-WEBAPP Apache Struts file upload directory traversal attempt

31350

2025-03-04 14:28:43 UTC

Snort Subscriber Rules Update

Date: 2025-03-03-001

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.35.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:301155 <-> FILE-OFFICE Delta Electronics DOPSoft 2 input validation bypass attempt
* 1:301156 <-> MALWARE-OTHER Ps1.Loader.Agent variant download attempt
* 1:301157 <-> MALWARE-OTHER Ps1.Loader.Agent variant download attempt
* 1:64622 <-> INDICATOR-OBFUSCATION JavaScript exploit obfuscation attempt
* 1:64623 <-> FILE-OFFICE Microsoft Outlook nested S/MIME messages memory corruption attempt
* 1:64624 <-> MALWARE-CNC Win.Trojan.I2PRAT variant outbound connection attempt
* 1:64627 <-> SERVER-WEBAPP Ivanti Cloud Services Appliance SQL injection attempt
* 1:64628 <-> SERVER-WEBAPP Ivanti Cloud Services Appliance SQL injection attempt
* 1:64629 <-> SERVER-WEBAPP Ivanti Cloud Services Appliance SQL injection attempt
* 3:64634 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2024-2063 attack attempt
* 3:64635 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2024-2063 attack attempt

Modified Rules:

* 1:300115 <-> FILE-IMAGE Directshow GIF logical height overflow attempt
* 1:300116 <-> FILE-IMAGE Directshow GIF logical width overflow attempt
* 1:62789 <-> SERVER-WEBAPP Apache Struts file upload directory traversal attempt

31440

2025-03-04 14:28:43 UTC

Snort Subscriber Rules Update

Date: 2025-03-03-001

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.44.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:301155 <-> FILE-OFFICE Delta Electronics DOPSoft 2 input validation bypass attempt
* 1:301156 <-> MALWARE-OTHER Ps1.Loader.Agent variant download attempt
* 1:301157 <-> MALWARE-OTHER Ps1.Loader.Agent variant download attempt
* 1:64622 <-> INDICATOR-OBFUSCATION JavaScript exploit obfuscation attempt
* 1:64623 <-> FILE-OFFICE Microsoft Outlook nested S/MIME messages memory corruption attempt
* 1:64624 <-> MALWARE-CNC Win.Trojan.I2PRAT variant outbound connection attempt
* 1:64627 <-> SERVER-WEBAPP Ivanti Cloud Services Appliance SQL injection attempt
* 1:64628 <-> SERVER-WEBAPP Ivanti Cloud Services Appliance SQL injection attempt
* 1:64629 <-> SERVER-WEBAPP Ivanti Cloud Services Appliance SQL injection attempt
* 3:64634 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2024-2063 attack attempt
* 3:64635 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2024-2063 attack attempt

Modified Rules:

* 1:300115 <-> FILE-IMAGE Directshow GIF logical height overflow attempt
* 1:300116 <-> FILE-IMAGE Directshow GIF logical width overflow attempt
* 1:62789 <-> SERVER-WEBAPP Apache Struts file upload directory traversal attempt

31470

2025-03-04 14:28:43 UTC

Snort Subscriber Rules Update

Date: 2025-03-03-001

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.47.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:301155 <-> FILE-OFFICE Delta Electronics DOPSoft 2 input validation bypass attempt
* 1:301156 <-> MALWARE-OTHER Ps1.Loader.Agent variant download attempt
* 1:301157 <-> MALWARE-OTHER Ps1.Loader.Agent variant download attempt
* 1:64622 <-> INDICATOR-OBFUSCATION JavaScript exploit obfuscation attempt
* 1:64623 <-> FILE-OFFICE Microsoft Outlook nested S/MIME messages memory corruption attempt
* 1:64624 <-> MALWARE-CNC Win.Trojan.I2PRAT variant outbound connection attempt
* 1:64627 <-> SERVER-WEBAPP Ivanti Cloud Services Appliance SQL injection attempt
* 1:64628 <-> SERVER-WEBAPP Ivanti Cloud Services Appliance SQL injection attempt
* 1:64629 <-> SERVER-WEBAPP Ivanti Cloud Services Appliance SQL injection attempt
* 3:64634 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2024-2063 attack attempt
* 3:64635 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2024-2063 attack attempt

Modified Rules:

* 1:300115 <-> FILE-IMAGE Directshow GIF logical height overflow attempt
* 1:300116 <-> FILE-IMAGE Directshow GIF logical width overflow attempt
* 1:62789 <-> SERVER-WEBAPP Apache Struts file upload directory traversal attempt