The VRT has added and modified multiple rules in the blacklist, browser-firefox, deleted, file-flash, file-office, malware-cnc and server-webapp rule sets to provide coverage for emerging threats from these technologies.
For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2970.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:32597 <-> DISABLED <-> DELETED FILE-FLASH Adobe Flash Player malformed third component in color JPEG information leak attempt (deleted.rules) * 1:32596 <-> DISABLED <-> DELETED FILE-FLASH Adobe Flash Player malformed third component in color JPEG information leak attempt (deleted.rules) * 1:32595 <-> DISABLED <-> DELETED FILE-FLASH Adobe Flash Player malformed second component in color JPEG information leak attempt (deleted.rules) * 1:32594 <-> DISABLED <-> DELETED FILE-FLASH Adobe Flash Player malformed second component in color JPEG information leak attempt (deleted.rules) * 1:32593 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed JPEG information leak attempt (file-flash.rules) * 1:32592 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed JPEG information leak attempt (file-flash.rules) * 1:32591 <-> DISABLED <-> DELETED FILE-FLASH Adobe Flash Player malformed greyscale JPEG information leak attempt (deleted.rules) * 1:32590 <-> DISABLED <-> DELETED FILE-FLASH Adobe Flash Player malformed greyscale JPEG information leak attempt (deleted.rules) * 1:32589 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Selection exploit attempt (file-office.rules) * 1:32588 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Selection exploit attempt (file-office.rules) * 1:32587 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Series record exploit attempt (file-office.rules) * 1:32586 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules) * 1:32585 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules) * 1:32584 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection attempt (malware-cnc.rules) * 1:32583 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection attempt (malware-cnc.rules) * 1:32582 <-> DISABLED <-> SERVER-WEBAPP Mantis Bug Tracker XmlImportExport plugin PHP code injection attempt (server-webapp.rules) * 1:32581 <-> DISABLED <-> SERVER-WEBAPP Mantis Bug Tracker XmlImportExport plugin PHP code injection attempt (server-webapp.rules) * 1:32580 <-> DISABLED <-> SERVER-WEBAPP Reflected file download attempt (server-webapp.rules) * 1:32579 <-> DISABLED <-> SERVER-WEBAPP Reflected file download attempt (server-webapp.rules) * 1:32578 <-> ENABLED <-> PUA-OTHER Request for known malware domain pierrejb.agora.eu.org (pua-other.rules) * 1:32577 <-> ENABLED <-> BLACKLIST DNS request for known malware domain pierrejb.agora.eu.org (blacklist.rules)
* 1:17613 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox browser engine memory corruption attempt (browser-firefox.rules) * 1:19231 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Series record exploit attempt (file-office.rules) * 1:32476 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word bOffset value overflow attempt (file-office.rules) * 1:32477 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word bOffset value overflow attempt (file-office.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2956.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:32593 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed JPEG information leak attempt (file-flash.rules) * 1:32585 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules) * 1:32597 <-> DISABLED <-> DELETED FILE-FLASH Adobe Flash Player malformed third component in color JPEG information leak attempt (deleted.rules) * 1:32592 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed JPEG information leak attempt (file-flash.rules) * 1:32590 <-> DISABLED <-> DELETED FILE-FLASH Adobe Flash Player malformed greyscale JPEG information leak attempt (deleted.rules) * 1:32591 <-> DISABLED <-> DELETED FILE-FLASH Adobe Flash Player malformed greyscale JPEG information leak attempt (deleted.rules) * 1:32589 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Selection exploit attempt (file-office.rules) * 1:32581 <-> DISABLED <-> SERVER-WEBAPP Mantis Bug Tracker XmlImportExport plugin PHP code injection attempt (server-webapp.rules) * 1:32588 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Selection exploit attempt (file-office.rules) * 1:32594 <-> DISABLED <-> DELETED FILE-FLASH Adobe Flash Player malformed second component in color JPEG information leak attempt (deleted.rules) * 1:32580 <-> DISABLED <-> SERVER-WEBAPP Reflected file download attempt (server-webapp.rules) * 1:32582 <-> DISABLED <-> SERVER-WEBAPP Mantis Bug Tracker XmlImportExport plugin PHP code injection attempt (server-webapp.rules) * 1:32579 <-> DISABLED <-> SERVER-WEBAPP Reflected file download attempt (server-webapp.rules) * 1:32578 <-> ENABLED <-> PUA-OTHER Request for known malware domain pierrejb.agora.eu.org (pua-other.rules) * 1:32596 <-> DISABLED <-> DELETED FILE-FLASH Adobe Flash Player malformed third component in color JPEG information leak attempt (deleted.rules) * 1:32583 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection attempt (malware-cnc.rules) * 1:32584 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection attempt (malware-cnc.rules) * 1:32586 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules) * 1:32587 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Series record exploit attempt (file-office.rules) * 1:32595 <-> DISABLED <-> DELETED FILE-FLASH Adobe Flash Player malformed second component in color JPEG information leak attempt (deleted.rules) * 1:32577 <-> ENABLED <-> BLACKLIST DNS request for known malware domain pierrejb.agora.eu.org (blacklist.rules)
* 1:17613 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox browser engine memory corruption attempt (browser-firefox.rules) * 1:19231 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Series record exploit attempt (file-office.rules) * 1:32476 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word bOffset value overflow attempt (file-office.rules) * 1:32477 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word bOffset value overflow attempt (file-office.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2962.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:32586 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules) * 1:32584 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection attempt (malware-cnc.rules) * 1:32585 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules) * 1:32583 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection attempt (malware-cnc.rules) * 1:32580 <-> DISABLED <-> SERVER-WEBAPP Reflected file download attempt (server-webapp.rules) * 1:32579 <-> DISABLED <-> SERVER-WEBAPP Reflected file download attempt (server-webapp.rules) * 1:32582 <-> DISABLED <-> SERVER-WEBAPP Mantis Bug Tracker XmlImportExport plugin PHP code injection attempt (server-webapp.rules) * 1:32587 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Series record exploit attempt (file-office.rules) * 1:32588 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Selection exploit attempt (file-office.rules) * 1:32589 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Selection exploit attempt (file-office.rules) * 1:32590 <-> DISABLED <-> DELETED FILE-FLASH Adobe Flash Player malformed greyscale JPEG information leak attempt (deleted.rules) * 1:32591 <-> DISABLED <-> DELETED FILE-FLASH Adobe Flash Player malformed greyscale JPEG information leak attempt (deleted.rules) * 1:32592 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed JPEG information leak attempt (file-flash.rules) * 1:32578 <-> ENABLED <-> PUA-OTHER Request for known malware domain pierrejb.agora.eu.org (pua-other.rules) * 1:32581 <-> DISABLED <-> SERVER-WEBAPP Mantis Bug Tracker XmlImportExport plugin PHP code injection attempt (server-webapp.rules) * 1:32597 <-> DISABLED <-> DELETED FILE-FLASH Adobe Flash Player malformed third component in color JPEG information leak attempt (deleted.rules) * 1:32596 <-> DISABLED <-> DELETED FILE-FLASH Adobe Flash Player malformed third component in color JPEG information leak attempt (deleted.rules) * 1:32595 <-> DISABLED <-> DELETED FILE-FLASH Adobe Flash Player malformed second component in color JPEG information leak attempt (deleted.rules) * 1:32577 <-> ENABLED <-> BLACKLIST DNS request for known malware domain pierrejb.agora.eu.org (blacklist.rules) * 1:32594 <-> DISABLED <-> DELETED FILE-FLASH Adobe Flash Player malformed second component in color JPEG information leak attempt (deleted.rules) * 1:32593 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed JPEG information leak attempt (file-flash.rules)
* 1:17613 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox browser engine memory corruption attempt (browser-firefox.rules) * 1:19231 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Series record exploit attempt (file-office.rules) * 1:32476 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word bOffset value overflow attempt (file-office.rules) * 1:32477 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word bOffset value overflow attempt (file-office.rules)
©2024 Cisco and/or its affiliates. Snort, the Snort and Pig logo are registered trademarks of Cisco. All rights reserved.
