Talos Rules 2019-09-05
This release adds and modifies rules in several categories.

Talos has added and modified multiple rules in the browser-chrome, browser-firefox, browser-ie, browser-other, browser-plugins, browser-webkit, malware-cnc, policy-other and server-webapp rule sets to provide coverage for emerging threats from these technologies.

Change logs

2019-09-05 11:52:59 UTC

Snort Subscriber Rules Update

Date: 2019-09-05

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091401.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:51408 <-> DISABLED <-> BROWSER-PLUGINS Lotus Domino Web Access ActiveX Controls buffer overflow attempt (browser-plugins.rules)
 * 1:51407 <-> DISABLED <-> BROWSER-PLUGINS Lotus Domino Web Access ActiveX Controls buffer overflow attempt (browser-plugins.rules)
 * 1:51406 <-> DISABLED <-> BROWSER-PLUGINS Lotus Domino Web Access ActiveX Controls buffer overflow attempt (browser-plugins.rules)
 * 1:51405 <-> DISABLED <-> SERVER-MAIL Mozilla Thunderbird input filter bypass cross site scripting attempt (server-mail.rules)
 * 1:51430 <-> DISABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules)
 * 1:51429 <-> DISABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules)
 * 1:51428 <-> DISABLED <-> BROWSER-CHROME Google Chrome V8 engine object instantiation heap corruption attempt (browser-chrome.rules)
 * 1:51427 <-> DISABLED <-> BROWSER-CHROME Google Chrome V8 engine object instantiation heap corruption attempt (browser-chrome.rules)
 * 1:51426 <-> DISABLED <-> BROWSER-IE Microsoft Edge scripting engine memory corruption attempt (browser-ie.rules)
 * 1:51425 <-> DISABLED <-> BROWSER-IE Microsoft Edge scripting engine memory corruption attempt (browser-ie.rules)
 * 1:51424 <-> DISABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules)
 * 1:51423 <-> DISABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules)
 * 1:51422 <-> ENABLED <-> BROWSER-IE Microsoft Edge Scripting Engine array memory corruption attempt (browser-ie.rules)
 * 1:51421 <-> ENABLED <-> BROWSER-IE Microsoft Edge Scripting Engine array memory corruption attempt (browser-ie.rules)
 * 1:51420 <-> ENABLED <-> BROWSER-IE Microsoft Edge Scripting Engine array memory corruption attempt (browser-ie.rules)
 * 1:51419 <-> ENABLED <-> BROWSER-IE Microsoft Edge Scripting Engine array memory corruption attempt (browser-ie.rules)
 * 1:51418 <-> DISABLED <-> SERVER-WEBAPP Telerik UI cryptographic keys disclosure attempt (server-webapp.rules)
 * 1:51417 <-> DISABLED <-> POLICY-OTHER Telerik UI cryptographic keys disclosure attempt (policy-other.rules)
 * 1:51416 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari memory corruption attempt (browser-webkit.rules)
 * 1:51415 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari memory corruption attempt (browser-webkit.rules)
 * 1:51413 <-> DISABLED <-> BROWSER-PLUGINS Lotus Domino Web Access ActiveX Controls buffer overflow attempt (browser-plugins.rules)
 * 1:51412 <-> DISABLED <-> BROWSER-PLUGINS Lotus Domino Web Access ActiveX Controls buffer overflow attempt (browser-plugins.rules)
 * 1:51411 <-> DISABLED <-> BROWSER-PLUGINS Lotus Domino Web Access ActiveX Controls buffer overflow attempt (browser-plugins.rules)
 * 1:51410 <-> DISABLED <-> BROWSER-PLUGINS Lotus Domino Web Access ActiveX Controls buffer overflow attempt (browser-plugins.rules)
 * 1:51409 <-> DISABLED <-> BROWSER-PLUGINS Lotus Domino Web Access ActiveX Controls buffer overflow attempt (browser-plugins.rules)
 * 1:51434 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer DataView use-after-free attempt (browser-ie.rules)
 * 1:51433 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer DataView use-after-free attempt (browser-ie.rules)
 * 1:51432 <-> ENABLED <-> BROWSER-IE Microsoft Edge Chakra setPrototypeOf use-after-free attempt (browser-ie.rules)
 * 1:51431 <-> ENABLED <-> BROWSER-IE Microsoft Edge Chakra setPrototypeOf use-after-free attempt (browser-ie.rules)
 * 3:51414 <-> ENABLED <-> POLICY-OTHER Cisco Industrial Network Director unauthenticated configuration request detected (policy-other.rules)

Modified Rules:


 * 1:1872 <-> DISABLED <-> SERVER-WEBAPP Oracle Dynamic Monitoring Services dms access (server-webapp.rules)
 * 1:1874 <-> DISABLED <-> SERVER-WEBAPP Oracle Java Process Manager access (server-webapp.rules)
 * 1:48625 <-> ENABLED <-> BROWSER-FIREFOX Mozilla Firefox method array.prototype.push remote code execution attempt (browser-firefox.rules)
 * 1:48626 <-> ENABLED <-> BROWSER-FIREFOX Mozilla Firefox method array.prototype.push remote code execution attempt (browser-firefox.rules)
 * 1:47480 <-> ENABLED <-> BROWSER-IE Microsoft Edge type confusion vulnerability attempt (browser-ie.rules)
 * 1:47481 <-> ENABLED <-> BROWSER-IE Microsoft Edge type confusion vulnerability attempt (browser-ie.rules)
 * 1:42038 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer DataView use-after-free attempt (browser-ie.rules)
 * 1:43578 <-> DISABLED <-> MALWARE-CNC Android.Trojan.DroidKungFu outbound connection (malware-cnc.rules)
 * 1:40656 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer Chakra.dll Array.filter type confusion attempt (browser-ie.rules)
 * 1:42033 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer DataView use-after-free attempt (browser-ie.rules)
 * 1:37969 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer DataView use-after-free attempt (browser-ie.rules)
 * 1:40655 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer Chakra.dll Array.filter type confusion attempt (browser-ie.rules)
 * 3:48960 <-> ENABLED <-> BROWSER-OTHER Cisco Webex Teams command line injection attempt (browser-other.rules)
 * 3:48961 <-> ENABLED <-> BROWSER-OTHER Cisco Webex Teams command line injection attempt (browser-other.rules)

2019-09-05 11:52:59 UTC

Snort Subscriber Rules Update

Date: 2019-09-05

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091300.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:51433 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer DataView use-after-free attempt (browser-ie.rules)
 * 1:51411 <-> DISABLED <-> BROWSER-PLUGINS Lotus Domino Web Access ActiveX Controls buffer overflow attempt (browser-plugins.rules)
 * 1:51405 <-> DISABLED <-> SERVER-MAIL Mozilla Thunderbird input filter bypass cross site scripting attempt (server-mail.rules)
 * 1:51418 <-> DISABLED <-> SERVER-WEBAPP Telerik UI cryptographic keys disclosure attempt (server-webapp.rules)
 * 1:51412 <-> DISABLED <-> BROWSER-PLUGINS Lotus Domino Web Access ActiveX Controls buffer overflow attempt (browser-plugins.rules)
 * 1:51410 <-> DISABLED <-> BROWSER-PLUGINS Lotus Domino Web Access ActiveX Controls buffer overflow attempt (browser-plugins.rules)
 * 1:51417 <-> DISABLED <-> POLICY-OTHER Telerik UI cryptographic keys disclosure attempt (policy-other.rules)
 * 1:51409 <-> DISABLED <-> BROWSER-PLUGINS Lotus Domino Web Access ActiveX Controls buffer overflow attempt (browser-plugins.rules)
 * 1:51422 <-> ENABLED <-> BROWSER-IE Microsoft Edge Scripting Engine array memory corruption attempt (browser-ie.rules)
 * 1:51408 <-> DISABLED <-> BROWSER-PLUGINS Lotus Domino Web Access ActiveX Controls buffer overflow attempt (browser-plugins.rules)
 * 1:51423 <-> DISABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules)
 * 1:51407 <-> DISABLED <-> BROWSER-PLUGINS Lotus Domino Web Access ActiveX Controls buffer overflow attempt (browser-plugins.rules)
 * 1:51413 <-> DISABLED <-> BROWSER-PLUGINS Lotus Domino Web Access ActiveX Controls buffer overflow attempt (browser-plugins.rules)
 * 1:51415 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari memory corruption attempt (browser-webkit.rules)
 * 1:51416 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari memory corruption attempt (browser-webkit.rules)
 * 1:51425 <-> DISABLED <-> BROWSER-IE Microsoft Edge scripting engine memory corruption attempt (browser-ie.rules)
 * 1:51426 <-> DISABLED <-> BROWSER-IE Microsoft Edge scripting engine memory corruption attempt (browser-ie.rules)
 * 1:51427 <-> DISABLED <-> BROWSER-CHROME Google Chrome V8 engine object instantiation heap corruption attempt (browser-chrome.rules)
 * 1:51428 <-> DISABLED <-> BROWSER-CHROME Google Chrome V8 engine object instantiation heap corruption attempt (browser-chrome.rules)
 * 1:51421 <-> ENABLED <-> BROWSER-IE Microsoft Edge Scripting Engine array memory corruption attempt (browser-ie.rules)
 * 1:51420 <-> ENABLED <-> BROWSER-IE Microsoft Edge Scripting Engine array memory corruption attempt (browser-ie.rules)
 * 1:51434 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer DataView use-after-free attempt (browser-ie.rules)
 * 1:51429 <-> DISABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules)
 * 1:51430 <-> DISABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules)
 * 1:51431 <-> ENABLED <-> BROWSER-IE Microsoft Edge Chakra setPrototypeOf use-after-free attempt (browser-ie.rules)
 * 1:51419 <-> ENABLED <-> BROWSER-IE Microsoft Edge Scripting Engine array memory corruption attempt (browser-ie.rules)
 * 1:51432 <-> ENABLED <-> BROWSER-IE Microsoft Edge Chakra setPrototypeOf use-after-free attempt (browser-ie.rules)
 * 1:51406 <-> DISABLED <-> BROWSER-PLUGINS Lotus Domino Web Access ActiveX Controls buffer overflow attempt (browser-plugins.rules)
 * 1:51424 <-> DISABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules)
 * 3:51414 <-> ENABLED <-> POLICY-OTHER Cisco Industrial Network Director unauthenticated configuration request detected (policy-other.rules)

Modified Rules:


 * 1:1874 <-> DISABLED <-> SERVER-WEBAPP Oracle Java Process Manager access (server-webapp.rules)
 * 1:1872 <-> DISABLED <-> SERVER-WEBAPP Oracle Dynamic Monitoring Services dms access (server-webapp.rules)
 * 1:48625 <-> ENABLED <-> BROWSER-FIREFOX Mozilla Firefox method array.prototype.push remote code execution attempt (browser-firefox.rules)
 * 1:48626 <-> ENABLED <-> BROWSER-FIREFOX Mozilla Firefox method array.prototype.push remote code execution attempt (browser-firefox.rules)
 * 1:47480 <-> ENABLED <-> BROWSER-IE Microsoft Edge type confusion vulnerability attempt (browser-ie.rules)
 * 1:47481 <-> ENABLED <-> BROWSER-IE Microsoft Edge type confusion vulnerability attempt (browser-ie.rules)
 * 1:42038 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer DataView use-after-free attempt (browser-ie.rules)
 * 1:43578 <-> DISABLED <-> MALWARE-CNC Android.Trojan.DroidKungFu outbound connection (malware-cnc.rules)
 * 1:37969 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer DataView use-after-free attempt (browser-ie.rules)
 * 1:42033 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer DataView use-after-free attempt (browser-ie.rules)
 * 1:40656 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer Chakra.dll Array.filter type confusion attempt (browser-ie.rules)
 * 1:40655 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer Chakra.dll Array.filter type confusion attempt (browser-ie.rules)
 * 3:48961 <-> ENABLED <-> BROWSER-OTHER Cisco Webex Teams command line injection attempt (browser-other.rules)
 * 3:48960 <-> ENABLED <-> BROWSER-OTHER Cisco Webex Teams command line injection attempt (browser-other.rules)

2019-09-05 11:52:59 UTC

Snort Subscriber Rules Update

Date: 2019-09-05

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091200.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:51410 <-> DISABLED <-> BROWSER-PLUGINS Lotus Domino Web Access ActiveX Controls buffer overflow attempt (browser-plugins.rules)
 * 1:51433 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer DataView use-after-free attempt (browser-ie.rules)
 * 1:51420 <-> ENABLED <-> BROWSER-IE Microsoft Edge Scripting Engine array memory corruption attempt (browser-ie.rules)
 * 1:51405 <-> DISABLED <-> SERVER-MAIL Mozilla Thunderbird input filter bypass cross site scripting attempt (server-mail.rules)
 * 1:51434 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer DataView use-after-free attempt (browser-ie.rules)
 * 1:51412 <-> DISABLED <-> BROWSER-PLUGINS Lotus Domino Web Access ActiveX Controls buffer overflow attempt (browser-plugins.rules)
 * 1:51409 <-> DISABLED <-> BROWSER-PLUGINS Lotus Domino Web Access ActiveX Controls buffer overflow attempt (browser-plugins.rules)
 * 1:51422 <-> ENABLED <-> BROWSER-IE Microsoft Edge Scripting Engine array memory corruption attempt (browser-ie.rules)
 * 1:51418 <-> DISABLED <-> SERVER-WEBAPP Telerik UI cryptographic keys disclosure attempt (server-webapp.rules)
 * 1:51416 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari memory corruption attempt (browser-webkit.rules)
 * 1:51408 <-> DISABLED <-> BROWSER-PLUGINS Lotus Domino Web Access ActiveX Controls buffer overflow attempt (browser-plugins.rules)
 * 1:51423 <-> DISABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules)
 * 1:51407 <-> DISABLED <-> BROWSER-PLUGINS Lotus Domino Web Access ActiveX Controls buffer overflow attempt (browser-plugins.rules)
 * 1:51413 <-> DISABLED <-> BROWSER-PLUGINS Lotus Domino Web Access ActiveX Controls buffer overflow attempt (browser-plugins.rules)
 * 1:51425 <-> DISABLED <-> BROWSER-IE Microsoft Edge scripting engine memory corruption attempt (browser-ie.rules)
 * 1:51411 <-> DISABLED <-> BROWSER-PLUGINS Lotus Domino Web Access ActiveX Controls buffer overflow attempt (browser-plugins.rules)
 * 1:51426 <-> DISABLED <-> BROWSER-IE Microsoft Edge scripting engine memory corruption attempt (browser-ie.rules)
 * 1:51427 <-> DISABLED <-> BROWSER-CHROME Google Chrome V8 engine object instantiation heap corruption attempt (browser-chrome.rules)
 * 1:51428 <-> DISABLED <-> BROWSER-CHROME Google Chrome V8 engine object instantiation heap corruption attempt (browser-chrome.rules)
 * 1:51429 <-> DISABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules)
 * 1:51432 <-> ENABLED <-> BROWSER-IE Microsoft Edge Chakra setPrototypeOf use-after-free attempt (browser-ie.rules)
 * 1:51430 <-> DISABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules)
 * 1:51415 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari memory corruption attempt (browser-webkit.rules)
 * 1:51419 <-> ENABLED <-> BROWSER-IE Microsoft Edge Scripting Engine array memory corruption attempt (browser-ie.rules)
 * 1:51431 <-> ENABLED <-> BROWSER-IE Microsoft Edge Chakra setPrototypeOf use-after-free attempt (browser-ie.rules)
 * 1:51417 <-> DISABLED <-> POLICY-OTHER Telerik UI cryptographic keys disclosure attempt (policy-other.rules)
 * 1:51406 <-> DISABLED <-> BROWSER-PLUGINS Lotus Domino Web Access ActiveX Controls buffer overflow attempt (browser-plugins.rules)
 * 1:51424 <-> DISABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules)
 * 1:51421 <-> ENABLED <-> BROWSER-IE Microsoft Edge Scripting Engine array memory corruption attempt (browser-ie.rules)
 * 3:51414 <-> ENABLED <-> POLICY-OTHER Cisco Industrial Network Director unauthenticated configuration request detected (policy-other.rules)

Modified Rules:


 * 1:1872 <-> DISABLED <-> SERVER-WEBAPP Oracle Dynamic Monitoring Services dms access (server-webapp.rules)
 * 1:1874 <-> DISABLED <-> SERVER-WEBAPP Oracle Java Process Manager access (server-webapp.rules)
 * 1:43578 <-> DISABLED <-> MALWARE-CNC Android.Trojan.DroidKungFu outbound connection (malware-cnc.rules)
 * 1:37969 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer DataView use-after-free attempt (browser-ie.rules)
 * 1:40656 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer Chakra.dll Array.filter type confusion attempt (browser-ie.rules)
 * 1:42033 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer DataView use-after-free attempt (browser-ie.rules)
 * 1:40655 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer Chakra.dll Array.filter type confusion attempt (browser-ie.rules)
 * 1:42038 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer DataView use-after-free attempt (browser-ie.rules)
 * 1:47480 <-> ENABLED <-> BROWSER-IE Microsoft Edge type confusion vulnerability attempt (browser-ie.rules)
 * 1:47481 <-> ENABLED <-> BROWSER-IE Microsoft Edge type confusion vulnerability attempt (browser-ie.rules)
 * 1:48625 <-> ENABLED <-> BROWSER-FIREFOX Mozilla Firefox method array.prototype.push remote code execution attempt (browser-firefox.rules)
 * 1:48626 <-> ENABLED <-> BROWSER-FIREFOX Mozilla Firefox method array.prototype.push remote code execution attempt (browser-firefox.rules)
 * 3:48961 <-> ENABLED <-> BROWSER-OTHER Cisco Webex Teams command line injection attempt (browser-other.rules)
 * 3:48960 <-> ENABLED <-> BROWSER-OTHER Cisco Webex Teams command line injection attempt (browser-other.rules)

2019-09-05 11:52:59 UTC

Snort Subscriber Rules Update

Date: 2019-09-05

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091101.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:51433 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer DataView use-after-free attempt (browser-ie.rules)
 * 1:51410 <-> DISABLED <-> BROWSER-PLUGINS Lotus Domino Web Access ActiveX Controls buffer overflow attempt (browser-plugins.rules)
 * 1:51418 <-> DISABLED <-> SERVER-WEBAPP Telerik UI cryptographic keys disclosure attempt (server-webapp.rules)
 * 1:51416 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari memory corruption attempt (browser-webkit.rules)
 * 1:51434 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer DataView use-after-free attempt (browser-ie.rules)
 * 1:51405 <-> DISABLED <-> SERVER-MAIL Mozilla Thunderbird input filter bypass cross site scripting attempt (server-mail.rules)
 * 1:51415 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari memory corruption attempt (browser-webkit.rules)
 * 1:51419 <-> ENABLED <-> BROWSER-IE Microsoft Edge Scripting Engine array memory corruption attempt (browser-ie.rules)
 * 1:51422 <-> ENABLED <-> BROWSER-IE Microsoft Edge Scripting Engine array memory corruption attempt (browser-ie.rules)
 * 1:51421 <-> ENABLED <-> BROWSER-IE Microsoft Edge Scripting Engine array memory corruption attempt (browser-ie.rules)
 * 1:51407 <-> DISABLED <-> BROWSER-PLUGINS Lotus Domino Web Access ActiveX Controls buffer overflow attempt (browser-plugins.rules)
 * 1:51423 <-> DISABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules)
 * 1:51417 <-> DISABLED <-> POLICY-OTHER Telerik UI cryptographic keys disclosure attempt (policy-other.rules)
 * 1:51420 <-> ENABLED <-> BROWSER-IE Microsoft Edge Scripting Engine array memory corruption attempt (browser-ie.rules)
 * 1:51409 <-> DISABLED <-> BROWSER-PLUGINS Lotus Domino Web Access ActiveX Controls buffer overflow attempt (browser-plugins.rules)
 * 1:51413 <-> DISABLED <-> BROWSER-PLUGINS Lotus Domino Web Access ActiveX Controls buffer overflow attempt (browser-plugins.rules)
 * 1:51406 <-> DISABLED <-> BROWSER-PLUGINS Lotus Domino Web Access ActiveX Controls buffer overflow attempt (browser-plugins.rules)
 * 1:51424 <-> DISABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules)
 * 1:51425 <-> DISABLED <-> BROWSER-IE Microsoft Edge scripting engine memory corruption attempt (browser-ie.rules)
 * 1:51426 <-> DISABLED <-> BROWSER-IE Microsoft Edge scripting engine memory corruption attempt (browser-ie.rules)
 * 1:51408 <-> DISABLED <-> BROWSER-PLUGINS Lotus Domino Web Access ActiveX Controls buffer overflow attempt (browser-plugins.rules)
 * 1:51427 <-> DISABLED <-> BROWSER-CHROME Google Chrome V8 engine object instantiation heap corruption attempt (browser-chrome.rules)
 * 1:51428 <-> DISABLED <-> BROWSER-CHROME Google Chrome V8 engine object instantiation heap corruption attempt (browser-chrome.rules)
 * 1:51412 <-> DISABLED <-> BROWSER-PLUGINS Lotus Domino Web Access ActiveX Controls buffer overflow attempt (browser-plugins.rules)
 * 1:51429 <-> DISABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules)
 * 1:51430 <-> DISABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules)
 * 1:51431 <-> ENABLED <-> BROWSER-IE Microsoft Edge Chakra setPrototypeOf use-after-free attempt (browser-ie.rules)
 * 1:51411 <-> DISABLED <-> BROWSER-PLUGINS Lotus Domino Web Access ActiveX Controls buffer overflow attempt (browser-plugins.rules)
 * 1:51432 <-> ENABLED <-> BROWSER-IE Microsoft Edge Chakra setPrototypeOf use-after-free attempt (browser-ie.rules)
 * 3:51414 <-> ENABLED <-> POLICY-OTHER Cisco Industrial Network Director unauthenticated configuration request detected (policy-other.rules)

Modified Rules:


 * 1:1874 <-> DISABLED <-> SERVER-WEBAPP Oracle Java Process Manager access (server-webapp.rules)
 * 1:1872 <-> DISABLED <-> SERVER-WEBAPP Oracle Dynamic Monitoring Services dms access (server-webapp.rules)
 * 1:40655 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer Chakra.dll Array.filter type confusion attempt (browser-ie.rules)
 * 1:48625 <-> ENABLED <-> BROWSER-FIREFOX Mozilla Firefox method array.prototype.push remote code execution attempt (browser-firefox.rules)
 * 1:47481 <-> ENABLED <-> BROWSER-IE Microsoft Edge type confusion vulnerability attempt (browser-ie.rules)
 * 1:42038 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer DataView use-after-free attempt (browser-ie.rules)
 * 1:48626 <-> ENABLED <-> BROWSER-FIREFOX Mozilla Firefox method array.prototype.push remote code execution attempt (browser-firefox.rules)
 * 1:47480 <-> ENABLED <-> BROWSER-IE Microsoft Edge type confusion vulnerability attempt (browser-ie.rules)
 * 1:42033 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer DataView use-after-free attempt (browser-ie.rules)
 * 1:37969 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer DataView use-after-free attempt (browser-ie.rules)
 * 1:43578 <-> DISABLED <-> MALWARE-CNC Android.Trojan.DroidKungFu outbound connection (malware-cnc.rules)
 * 1:40656 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer Chakra.dll Array.filter type confusion attempt (browser-ie.rules)
 * 3:48960 <-> ENABLED <-> BROWSER-OTHER Cisco Webex Teams command line injection attempt (browser-other.rules)
 * 3:48961 <-> ENABLED <-> BROWSER-OTHER Cisco Webex Teams command line injection attempt (browser-other.rules)

2019-09-05 11:52:59 UTC

Snort Subscriber Rules Update

Date: 2019-09-05

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3000.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:51422 <-> ENABLED <-> BROWSER-IE Microsoft Edge Scripting Engine array memory corruption attempt (snort3-browser-ie.rules)
 * 1:51408 <-> DISABLED <-> BROWSER-PLUGINS Lotus Domino Web Access ActiveX Controls buffer overflow attempt (snort3-browser-plugins.rules)
 * 1:51411 <-> DISABLED <-> BROWSER-PLUGINS Lotus Domino Web Access ActiveX Controls buffer overflow attempt (snort3-browser-plugins.rules)
 * 1:51416 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari memory corruption attempt (snort3-browser-webkit.rules)
 * 1:51419 <-> ENABLED <-> BROWSER-IE Microsoft Edge Scripting Engine array memory corruption attempt (snort3-browser-ie.rules)
 * 1:51429 <-> DISABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (snort3-browser-ie.rules)
 * 1:51421 <-> ENABLED <-> BROWSER-IE Microsoft Edge Scripting Engine array memory corruption attempt (snort3-browser-ie.rules)
 * 1:51407 <-> DISABLED <-> BROWSER-PLUGINS Lotus Domino Web Access ActiveX Controls buffer overflow attempt (snort3-browser-plugins.rules)
 * 1:51423 <-> DISABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (snort3-browser-ie.rules)
 * 1:51420 <-> ENABLED <-> BROWSER-IE Microsoft Edge Scripting Engine array memory corruption attempt (snort3-browser-ie.rules)
 * 1:51425 <-> DISABLED <-> BROWSER-IE Microsoft Edge scripting engine memory corruption attempt (snort3-browser-ie.rules)
 * 1:51424 <-> DISABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (snort3-browser-ie.rules)
 * 1:51418 <-> DISABLED <-> SERVER-WEBAPP Telerik UI cryptographic keys disclosure attempt (snort3-server-webapp.rules)
 * 1:51405 <-> DISABLED <-> SERVER-MAIL Mozilla Thunderbird input filter bypass cross site scripting attempt (snort3-server-mail.rules)
 * 1:51415 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari memory corruption attempt (snort3-browser-webkit.rules)
 * 1:51409 <-> DISABLED <-> BROWSER-PLUGINS Lotus Domino Web Access ActiveX Controls buffer overflow attempt (snort3-browser-plugins.rules)
 * 1:51410 <-> DISABLED <-> BROWSER-PLUGINS Lotus Domino Web Access ActiveX Controls buffer overflow attempt (snort3-browser-plugins.rules)
 * 1:51417 <-> DISABLED <-> POLICY-OTHER Telerik UI cryptographic keys disclosure attempt (snort3-policy-other.rules)
 * 1:51432 <-> ENABLED <-> BROWSER-IE Microsoft Edge Chakra setPrototypeOf use-after-free attempt (snort3-browser-ie.rules)
 * 1:51428 <-> DISABLED <-> BROWSER-CHROME Google Chrome V8 engine object instantiation heap corruption attempt (snort3-browser-chrome.rules)
 * 1:51433 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer DataView use-after-free attempt (snort3-browser-ie.rules)
 * 1:51412 <-> DISABLED <-> BROWSER-PLUGINS Lotus Domino Web Access ActiveX Controls buffer overflow attempt (snort3-browser-plugins.rules)
 * 1:51413 <-> DISABLED <-> BROWSER-PLUGINS Lotus Domino Web Access ActiveX Controls buffer overflow attempt (snort3-browser-plugins.rules)
 * 1:51406 <-> DISABLED <-> BROWSER-PLUGINS Lotus Domino Web Access ActiveX Controls buffer overflow attempt (snort3-browser-plugins.rules)
 * 1:51430 <-> DISABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (snort3-browser-ie.rules)
 * 1:51431 <-> ENABLED <-> BROWSER-IE Microsoft Edge Chakra setPrototypeOf use-after-free attempt (snort3-browser-ie.rules)
 * 1:51426 <-> DISABLED <-> BROWSER-IE Microsoft Edge scripting engine memory corruption attempt (snort3-browser-ie.rules)
 * 1:51427 <-> DISABLED <-> BROWSER-CHROME Google Chrome V8 engine object instantiation heap corruption attempt (snort3-browser-chrome.rules)
 * 1:51434 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer DataView use-after-free attempt (snort3-browser-ie.rules)

Modified Rules:


 * 1:40656 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer Chakra.dll Array.filter type confusion attempt (snort3-browser-ie.rules)
 * 1:40655 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer Chakra.dll Array.filter type confusion attempt (snort3-browser-ie.rules)
 * 1:37969 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer DataView use-after-free attempt (snort3-browser-ie.rules)
 * 1:42033 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer DataView use-after-free attempt (snort3-browser-ie.rules)
 * 1:1874 <-> DISABLED <-> SERVER-WEBAPP Oracle Java Process Manager access (snort3-server-webapp.rules)
 * 1:1872 <-> DISABLED <-> SERVER-WEBAPP Oracle Dynamic Monitoring Services dms access (snort3-server-webapp.rules)
 * 1:48626 <-> ENABLED <-> BROWSER-FIREFOX Mozilla Firefox method array.prototype.push remote code execution attempt (snort3-browser-firefox.rules)
 * 1:48625 <-> ENABLED <-> BROWSER-FIREFOX Mozilla Firefox method array.prototype.push remote code execution attempt (snort3-browser-firefox.rules)
 * 1:47480 <-> ENABLED <-> BROWSER-IE Microsoft Edge type confusion vulnerability attempt (snort3-browser-ie.rules)
 * 1:43578 <-> DISABLED <-> MALWARE-CNC Android.Trojan.DroidKungFu outbound connection (snort3-malware-cnc.rules)
 * 1:42038 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer DataView use-after-free attempt (snort3-browser-ie.rules)
 * 1:47481 <-> ENABLED <-> BROWSER-IE Microsoft Edge type confusion vulnerability attempt (snort3-browser-ie.rules)

2019-09-05 11:52:59 UTC

Snort Subscriber Rules Update

Date: 2019-09-05

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2990.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:51411 <-> DISABLED <-> BROWSER-PLUGINS Lotus Domino Web Access ActiveX Controls buffer overflow attempt (browser-plugins.rules)
 * 1:51422 <-> ENABLED <-> BROWSER-IE Microsoft Edge Scripting Engine array memory corruption attempt (browser-ie.rules)
 * 1:51416 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari memory corruption attempt (browser-webkit.rules)
 * 1:51429 <-> DISABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules)
 * 1:51430 <-> DISABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules)
 * 1:51413 <-> DISABLED <-> BROWSER-PLUGINS Lotus Domino Web Access ActiveX Controls buffer overflow attempt (browser-plugins.rules)
 * 1:51418 <-> DISABLED <-> SERVER-WEBAPP Telerik UI cryptographic keys disclosure attempt (server-webapp.rules)
 * 1:51431 <-> ENABLED <-> BROWSER-IE Microsoft Edge Chakra setPrototypeOf use-after-free attempt (browser-ie.rules)
 * 1:51410 <-> DISABLED <-> BROWSER-PLUGINS Lotus Domino Web Access ActiveX Controls buffer overflow attempt (browser-plugins.rules)
 * 1:51434 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer DataView use-after-free attempt (browser-ie.rules)
 * 1:51415 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari memory corruption attempt (browser-webkit.rules)
 * 1:51425 <-> DISABLED <-> BROWSER-IE Microsoft Edge scripting engine memory corruption attempt (browser-ie.rules)
 * 1:51405 <-> DISABLED <-> SERVER-MAIL Mozilla Thunderbird input filter bypass cross site scripting attempt (server-mail.rules)
 * 1:51420 <-> ENABLED <-> BROWSER-IE Microsoft Edge Scripting Engine array memory corruption attempt (browser-ie.rules)
 * 1:51406 <-> DISABLED <-> BROWSER-PLUGINS Lotus Domino Web Access ActiveX Controls buffer overflow attempt (browser-plugins.rules)
 * 1:51408 <-> DISABLED <-> BROWSER-PLUGINS Lotus Domino Web Access ActiveX Controls buffer overflow attempt (browser-plugins.rules)
 * 1:51407 <-> DISABLED <-> BROWSER-PLUGINS Lotus Domino Web Access ActiveX Controls buffer overflow attempt (browser-plugins.rules)
 * 1:51423 <-> DISABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules)
 * 1:51421 <-> ENABLED <-> BROWSER-IE Microsoft Edge Scripting Engine array memory corruption attempt (browser-ie.rules)
 * 1:51419 <-> ENABLED <-> BROWSER-IE Microsoft Edge Scripting Engine array memory corruption attempt (browser-ie.rules)
 * 1:51417 <-> DISABLED <-> POLICY-OTHER Telerik UI cryptographic keys disclosure attempt (policy-other.rules)
 * 1:51409 <-> DISABLED <-> BROWSER-PLUGINS Lotus Domino Web Access ActiveX Controls buffer overflow attempt (browser-plugins.rules)
 * 1:51428 <-> DISABLED <-> BROWSER-CHROME Google Chrome V8 engine object instantiation heap corruption attempt (browser-chrome.rules)
 * 1:51433 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer DataView use-after-free attempt (browser-ie.rules)
 * 1:51426 <-> DISABLED <-> BROWSER-IE Microsoft Edge scripting engine memory corruption attempt (browser-ie.rules)
 * 1:51432 <-> ENABLED <-> BROWSER-IE Microsoft Edge Chakra setPrototypeOf use-after-free attempt (browser-ie.rules)
 * 1:51427 <-> DISABLED <-> BROWSER-CHROME Google Chrome V8 engine object instantiation heap corruption attempt (browser-chrome.rules)
 * 1:51412 <-> DISABLED <-> BROWSER-PLUGINS Lotus Domino Web Access ActiveX Controls buffer overflow attempt (browser-plugins.rules)
 * 1:51424 <-> DISABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules)
 * 3:51414 <-> ENABLED <-> POLICY-OTHER Cisco Industrial Network Director unauthenticated configuration request detected (policy-other.rules)

Modified Rules:


 * 1:40656 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer Chakra.dll Array.filter type confusion attempt (browser-ie.rules)
 * 1:42033 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer DataView use-after-free attempt (browser-ie.rules)
 * 1:48626 <-> ENABLED <-> BROWSER-FIREFOX Mozilla Firefox method array.prototype.push remote code execution attempt (browser-firefox.rules)
 * 1:1874 <-> DISABLED <-> SERVER-WEBAPP Oracle Java Process Manager access (server-webapp.rules)
 * 1:40655 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer Chakra.dll Array.filter type confusion attempt (browser-ie.rules)
 * 1:1872 <-> DISABLED <-> SERVER-WEBAPP Oracle Dynamic Monitoring Services dms access (server-webapp.rules)
 * 1:42038 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer DataView use-after-free attempt (browser-ie.rules)
 * 1:37969 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer DataView use-after-free attempt (browser-ie.rules)
 * 1:43578 <-> DISABLED <-> MALWARE-CNC Android.Trojan.DroidKungFu outbound connection (malware-cnc.rules)
 * 1:48625 <-> ENABLED <-> BROWSER-FIREFOX Mozilla Firefox method array.prototype.push remote code execution attempt (browser-firefox.rules)
 * 1:47480 <-> ENABLED <-> BROWSER-IE Microsoft Edge type confusion vulnerability attempt (browser-ie.rules)
 * 1:47481 <-> ENABLED <-> BROWSER-IE Microsoft Edge type confusion vulnerability attempt (browser-ie.rules)
 * 3:48961 <-> ENABLED <-> BROWSER-OTHER Cisco Webex Teams command line injection attempt (browser-other.rules)
 * 3:48960 <-> ENABLED <-> BROWSER-OTHER Cisco Webex Teams command line injection attempt (browser-other.rules)

2019-09-05 11:52:59 UTC

Snort Subscriber Rules Update

Date: 2019-09-05

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:51433 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer DataView use-after-free attempt (browser-ie.rules)
 * 1:51410 <-> DISABLED <-> BROWSER-PLUGINS Lotus Domino Web Access ActiveX Controls buffer overflow attempt (browser-plugins.rules)
 * 1:51421 <-> ENABLED <-> BROWSER-IE Microsoft Edge Scripting Engine array memory corruption attempt (browser-ie.rules)
 * 1:51420 <-> ENABLED <-> BROWSER-IE Microsoft Edge Scripting Engine array memory corruption attempt (browser-ie.rules)
 * 1:51411 <-> DISABLED <-> BROWSER-PLUGINS Lotus Domino Web Access ActiveX Controls buffer overflow attempt (browser-plugins.rules)
 * 1:51419 <-> ENABLED <-> BROWSER-IE Microsoft Edge Scripting Engine array memory corruption attempt (browser-ie.rules)
 * 1:51418 <-> DISABLED <-> SERVER-WEBAPP Telerik UI cryptographic keys disclosure attempt (server-webapp.rules)
 * 1:51422 <-> ENABLED <-> BROWSER-IE Microsoft Edge Scripting Engine array memory corruption attempt (browser-ie.rules)
 * 1:51424 <-> DISABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules)
 * 1:51409 <-> DISABLED <-> BROWSER-PLUGINS Lotus Domino Web Access ActiveX Controls buffer overflow attempt (browser-plugins.rules)
 * 1:51406 <-> DISABLED <-> BROWSER-PLUGINS Lotus Domino Web Access ActiveX Controls buffer overflow attempt (browser-plugins.rules)
 * 1:51407 <-> DISABLED <-> BROWSER-PLUGINS Lotus Domino Web Access ActiveX Controls buffer overflow attempt (browser-plugins.rules)
 * 1:51423 <-> DISABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules)
 * 1:51415 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari memory corruption attempt (browser-webkit.rules)
 * 1:51413 <-> DISABLED <-> BROWSER-PLUGINS Lotus Domino Web Access ActiveX Controls buffer overflow attempt (browser-plugins.rules)
 * 1:51432 <-> ENABLED <-> BROWSER-IE Microsoft Edge Chakra setPrototypeOf use-after-free attempt (browser-ie.rules)
 * 1:51434 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer DataView use-after-free attempt (browser-ie.rules)
 * 1:51405 <-> DISABLED <-> SERVER-MAIL Mozilla Thunderbird input filter bypass cross site scripting attempt (server-mail.rules)
 * 1:51417 <-> DISABLED <-> POLICY-OTHER Telerik UI cryptographic keys disclosure attempt (policy-other.rules)
 * 1:51425 <-> DISABLED <-> BROWSER-IE Microsoft Edge scripting engine memory corruption attempt (browser-ie.rules)
 * 1:51412 <-> DISABLED <-> BROWSER-PLUGINS Lotus Domino Web Access ActiveX Controls buffer overflow attempt (browser-plugins.rules)
 * 1:51426 <-> DISABLED <-> BROWSER-IE Microsoft Edge scripting engine memory corruption attempt (browser-ie.rules)
 * 1:51427 <-> DISABLED <-> BROWSER-CHROME Google Chrome V8 engine object instantiation heap corruption attempt (browser-chrome.rules)
 * 1:51428 <-> DISABLED <-> BROWSER-CHROME Google Chrome V8 engine object instantiation heap corruption attempt (browser-chrome.rules)
 * 1:51416 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari memory corruption attempt (browser-webkit.rules)
 * 1:51429 <-> DISABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules)
 * 1:51430 <-> DISABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules)
 * 1:51431 <-> ENABLED <-> BROWSER-IE Microsoft Edge Chakra setPrototypeOf use-after-free attempt (browser-ie.rules)
 * 1:51408 <-> DISABLED <-> BROWSER-PLUGINS Lotus Domino Web Access ActiveX Controls buffer overflow attempt (browser-plugins.rules)
 * 3:51414 <-> ENABLED <-> POLICY-OTHER Cisco Industrial Network Director unauthenticated configuration request detected (policy-other.rules)

Modified Rules:


 * 1:42033 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer DataView use-after-free attempt (browser-ie.rules)
 * 1:1872 <-> DISABLED <-> SERVER-WEBAPP Oracle Dynamic Monitoring Services dms access (server-webapp.rules)
 * 1:48625 <-> ENABLED <-> BROWSER-FIREFOX Mozilla Firefox method array.prototype.push remote code execution attempt (browser-firefox.rules)
 * 1:42038 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer DataView use-after-free attempt (browser-ie.rules)
 * 1:40656 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer Chakra.dll Array.filter type confusion attempt (browser-ie.rules)
 * 1:43578 <-> DISABLED <-> MALWARE-CNC Android.Trojan.DroidKungFu outbound connection (malware-cnc.rules)
 * 1:47481 <-> ENABLED <-> BROWSER-IE Microsoft Edge type confusion vulnerability attempt (browser-ie.rules)
 * 1:37969 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer DataView use-after-free attempt (browser-ie.rules)
 * 1:47480 <-> ENABLED <-> BROWSER-IE Microsoft Edge type confusion vulnerability attempt (browser-ie.rules)
 * 1:40655 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer Chakra.dll Array.filter type confusion attempt (browser-ie.rules)
 * 1:48626 <-> ENABLED <-> BROWSER-FIREFOX Mozilla Firefox method array.prototype.push remote code execution attempt (browser-firefox.rules)
 * 1:1874 <-> DISABLED <-> SERVER-WEBAPP Oracle Java Process Manager access (server-webapp.rules)
 * 3:48960 <-> ENABLED <-> BROWSER-OTHER Cisco Webex Teams command line injection attempt (browser-other.rules)
 * 3:48961 <-> ENABLED <-> BROWSER-OTHER Cisco Webex Teams command line injection attempt (browser-other.rules)