Talos has added and modified multiple rules in the exploit-kit, file-flash, file-pdf, malware-cnc, os-windows and server-webapp rule sets to provide coverage for emerging threats from these technologies.
For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2976.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:40753 <-> ENABLED <-> EXPLOIT-KIT Rig exploit kit outbound communication (exploit-kit.rules) * 1:40751 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Autoit-73 configuration file download attempt (malware-cnc.rules) * 1:40752 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Autoit-73 configuration file download attempt (malware-cnc.rules) * 1:40750 <-> ENABLED <-> SERVER-WEBAPP D-Link DIR Series Routers HNAP stack buffer overflow attempt (server-webapp.rules) * 1:40754 <-> DISABLED <-> SERVER-WEBAPP Alienvault OSSIM gauge.php value SQL injection attempt (server-webapp.rules) * 1:40755 <-> ENABLED <-> FILE-FLASH Adobe Flash EnableDebugger2 obfuscation attempt (file-flash.rules) * 3:40758 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-CAN-0231 attack attempt (server-other.rules) * 3:40756 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-CAN-0224 attack attempt (file-pdf.rules) * 3:40757 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-CAN-0224 attack attempt (file-pdf.rules)
* 1:39550 <-> ENABLED <-> FILE-FLASH Adobe Flash Player MovieClip method loop use-after-free attempt (file-flash.rules) * 1:39551 <-> ENABLED <-> FILE-FLASH Adobe Flash Player MovieClip method loop use-after-free attempt (file-flash.rules) * 3:26877 <-> ENABLED <-> OS-WINDOWS Microsoft Windows TCPRecomputeMss denial of service attempt (os-windows.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:40755 <-> ENABLED <-> FILE-FLASH Adobe Flash EnableDebugger2 obfuscation attempt (file-flash.rules) * 1:40754 <-> DISABLED <-> SERVER-WEBAPP Alienvault OSSIM gauge.php value SQL injection attempt (server-webapp.rules) * 1:40753 <-> ENABLED <-> EXPLOIT-KIT Rig exploit kit outbound communication (exploit-kit.rules) * 1:40752 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Autoit-73 configuration file download attempt (malware-cnc.rules) * 1:40751 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Autoit-73 configuration file download attempt (malware-cnc.rules) * 1:40750 <-> ENABLED <-> SERVER-WEBAPP D-Link DIR Series Routers HNAP stack buffer overflow attempt (server-webapp.rules) * 3:40758 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-CAN-0231 attack attempt (server-other.rules) * 3:40756 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-CAN-0224 attack attempt (file-pdf.rules) * 3:40757 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-CAN-0224 attack attempt (file-pdf.rules)
* 1:39550 <-> ENABLED <-> FILE-FLASH Adobe Flash Player MovieClip method loop use-after-free attempt (file-flash.rules) * 1:39551 <-> ENABLED <-> FILE-FLASH Adobe Flash Player MovieClip method loop use-after-free attempt (file-flash.rules) * 3:26877 <-> ENABLED <-> OS-WINDOWS Microsoft Windows TCPRecomputeMss denial of service attempt (os-windows.rules)
©2024 Cisco and/or its affiliates. Snort, the Snort and Pig logo are registered trademarks of Cisco. All rights reserved.
