Snort - Network Intrusion Detection & Prevention System

Talos Rules 2019-12-05

This release adds and modifies rules in several categories.

Talos has added and modified multiple rules in the browser-chrome, file-image, file-office, file-other, malware-other, malware-tools, os-windows, protocol-scada, server-mysql and server-webapp rule sets to provide coverage for emerging threats from these technologies.

For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.

Change logs

29150

2019-12-05 13:56:03 UTC

Snort Subscriber Rules Update

Date: 2019-12-05

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091500.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:52380 <-> DISABLED <-> MALWARE-TOOLS Win.Downloader.Get2 download attempt (malware-tools.rules)
 * 1:52361 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Agent variant payload download attempt (malware-other.rules)
 * 1:52360 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Agent variant payload download attempt (malware-other.rules)
 * 1:52359 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word invalid sprmTDefTable length stack buffer overflow attempt (file-office.rules)
 * 1:52358 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word invalid sprmTDefTable length stack buffer overflow attempt (file-office.rules)
 * 1:52357 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word invalid sprmTDefTable length stack buffer overflow attempt (file-office.rules)
 * 1:52356 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word invalid sprmTDefTable length stack buffer overflow attempt (file-office.rules)
 * 1:52355 <-> DISABLED <-> SERVER-WEBAPP rConfig ajaxServerSettingsChk.php command injection attempt (server-webapp.rules)
 * 1:52354 <-> DISABLED <-> SERVER-WEBAPP rConfig ajaxServerSettingsChk.php command injection attempt (server-webapp.rules)
 * 1:52353 <-> DISABLED <-> SERVER-WEBAPP rConfig ajaxServerSettingsChk.php command injection attempt (server-webapp.rules)
 * 1:52352 <-> DISABLED <-> SERVER-WEBAPP Wordpress Plainview Activity Monitor activities_overview.php command injection attempt (server-webapp.rules)
 * 1:52351 <-> DISABLED <-> SERVER-WEBAPP Wordpress Plainview Activity Monitor activities_overview.php command injection attempt (server-webapp.rules)
 * 1:52350 <-> DISABLED <-> SERVER-WEBAPP Wordpress Plainview Activity Monitor activities_overview.php command injection attempt (server-webapp.rules)
 * 1:52379 <-> DISABLED <-> MALWARE-TOOLS Win.Downloader.Get2 download attempt (malware-tools.rules)
 * 1:52378 <-> DISABLED <-> MALWARE-TOOLS Win.Downloader.Get2 download attempt (malware-tools.rules)
 * 1:52377 <-> DISABLED <-> MALWARE-TOOLS Win.Downloader.Get2 download attempt (malware-tools.rules)
 * 1:52376 <-> DISABLED <-> MALWARE-TOOLS Win.Downloader.Get2 download attempt (malware-tools.rules)
 * 1:52375 <-> DISABLED <-> MALWARE-TOOLS Win.Downloader.Get2 download attempt (malware-tools.rules)
 * 1:52374 <-> DISABLED <-> MALWARE-OTHER Winnti Group VMProtected launcher variant download attempt (malware-other.rules)
 * 1:52373 <-> DISABLED <-> MALWARE-OTHER Winnti Group VMProtected launcher variant download attempt (malware-other.rules)
 * 1:52372 <-> DISABLED <-> SERVER-OTHER Alt-N MDaemon default credentials login attempt (server-other.rules)
 * 1:52371 <-> DISABLED <-> PROTOCOL-SCADA Siemens SIMATIC WinCC flexible runtime stack buffer overflow attempt (protocol-scada.rules)
 * 1:52370 <-> DISABLED <-> PROTOCOL-SCADA Siemens SIMATIC WinCC flexible runtime stack buffer overflow attempt (protocol-scada.rules)
 * 1:52369 <-> DISABLED <-> OS-WINDOWS Microsoft Windows and Server malformed header denial of service attempt (os-windows.rules)
 * 1:52366 <-> DISABLED <-> SERVER-MYSQL yaSSL SSL Hello Message buffer overflow attempt (server-mysql.rules)
 * 1:52365 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Agent variant payload download attempt (malware-other.rules)
 * 1:52364 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Agent variant payload download attempt (malware-other.rules)
 * 1:52363 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Agent variant payload download attempt (malware-other.rules)
 * 1:52362 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Agent variant payload download attempt (malware-other.rules)
 * 1:52386 <-> DISABLED <-> SERVER-OTHER MIT Kerberos 5 krb5_read_message klogin ksh kprop protocols bad app version length denial of service attempt (server-other.rules)
 * 1:52383 <-> DISABLED <-> FILE-OTHER Adobe Acrobat and Reader crafted .joboptions file download attempt (file-other.rules)
 * 1:52382 <-> DISABLED <-> MALWARE-TOOLS Win.Downloader.Get2 download attempt (malware-tools.rules)
 * 1:52381 <-> DISABLED <-> MALWARE-TOOLS Win.Downloader.Get2 download attempt (malware-tools.rules)
 * 1:52385 <-> DISABLED <-> SERVER-OTHER MIT Kerberos 5 krb5_read_message klogin protocol bad sendauth or app version length denial of service attempt (server-other.rules)
 * 1:52384 <-> DISABLED <-> SERVER-OTHER MIT Kerberos 5 krb5_read_message klogin ksh kprop protocols bad sendauth version string denial of service attempt (server-other.rules)
 * 1:52387 <-> DISABLED <-> SERVER-OTHER MIT Kerberos 5 krb5_read_message kprop protocol bad sendauth version length denial of service attempt (server-other.rules)
 * 1:52390 <-> DISABLED <-> SERVER-OTHER MIT Kerberos 5 krb5_read_message klogin ksh kprop protocols bad app version string denial of service attempt (server-other.rules)
 * 1:52389 <-> DISABLED <-> SERVER-OTHER MIT Kerberos 5 krb5_read_message klogin ksh kprop protocols bad app version string denial of service attempt (server-other.rules)
 * 1:52388 <-> DISABLED <-> SERVER-OTHER MIT Kerberos 5 krb5_read_message klogin ksh kprop protocols bad sendauth version string denial of service attempt (server-other.rules)
 * 1:52392 <-> DISABLED <-> SERVER-OTHER MIT Kerberos 5 krb5_read_message ksh protocol bad sendauth version length denial of service attempt (server-other.rules)
 * 1:52391 <-> DISABLED <-> SERVER-OTHER MIT Kerberos 5 krb5_read_message ksh protocol bad sendauth version length denial of service attempt (server-other.rules)
 * 1:52393 <-> DISABLED <-> SERVER-OTHER LibVNCServer file transfer extension heap buffer overflow attempt (server-other.rules)
 * 1:52401 <-> ENABLED <-> BROWSER-CHROME V8 JavaScript engine Out-of-Memory denial of service attempt (browser-chrome.rules)
 * 1:52400 <-> ENABLED <-> BROWSER-CHROME V8 JavaScript engine Out-of-Memory denial of service attempt (browser-chrome.rules)
 * 1:52399 <-> DISABLED <-> FILE-IMAGE Foxit Reader malformed GIF LZW minimum code size memory corruption attempt (file-image.rules)
 * 1:52398 <-> DISABLED <-> FILE-IMAGE Foxit Reader malformed GIF LZW minimum code size memory corruption attempt (file-image.rules)
 * 1:52397 <-> DISABLED <-> SERVER-OTHER LibVNCServer file transfer extension heap buffer overflow attempt (server-other.rules)
 * 1:52396 <-> DISABLED <-> SERVER-OTHER LibVNCServer file transfer extension heap buffer overflow attempt (server-other.rules)
 * 1:52395 <-> DISABLED <-> SERVER-OTHER LibVNCServer file transfer extension heap buffer overflow attempt (server-other.rules)
 * 1:52394 <-> DISABLED <-> SERVER-OTHER LibVNCServer file transfer extension heap buffer overflow attempt (server-other.rules)
 * 3:52368 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2019-0964 attack attempt (file-other.rules)
 * 3:52367 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2019-0964 attack attempt (file-other.rules)

Modified Rules:


 * 1:23267 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word invalid sprmTDefTable length stack buffer overflow attempt (file-office.rules)
 * 1:23266 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word invalid sprmTDefTable length stack buffer overflow attempt (file-office.rules)
 * 1:31082 <-> DISABLED <-> SERVER-OTHER Vino VNC multiple client authentication denial of service attempt (server-other.rules)
 * 1:23268 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word invalid sprmTDefTable length stack buffer overflow attempt (file-office.rules)
 * 1:34709 <-> DISABLED <-> SERVER-OTHER MIT Kerberos 5 krb5_read_message denial of service attempt (server-other.rules)
 * 1:47896 <-> DISABLED <-> SERVER-OTHER Alt-N MDaemon buffer overflow attempt (server-other.rules)
 * 1:47897 <-> DISABLED <-> SERVER-OTHER Alt-N MDaemon buffer overflow attempt (server-other.rules)
 * 1:17591 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word invalid sprmTDefTable length stack buffer overflow attempt (file-office.rules)

29141

2019-12-05 13:56:03 UTC

Snort Subscriber Rules Update

Date: 2019-12-05

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091401.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:52390 <-> DISABLED <-> SERVER-OTHER MIT Kerberos 5 krb5_read_message klogin ksh kprop protocols bad app version string denial of service attempt (server-other.rules)
 * 1:52391 <-> DISABLED <-> SERVER-OTHER MIT Kerberos 5 krb5_read_message ksh protocol bad sendauth version length denial of service attempt (server-other.rules)
 * 1:52352 <-> DISABLED <-> SERVER-WEBAPP Wordpress Plainview Activity Monitor activities_overview.php command injection attempt (server-webapp.rules)
 * 1:52355 <-> DISABLED <-> SERVER-WEBAPP rConfig ajaxServerSettingsChk.php command injection attempt (server-webapp.rules)
 * 1:52350 <-> DISABLED <-> SERVER-WEBAPP Wordpress Plainview Activity Monitor activities_overview.php command injection attempt (server-webapp.rules)
 * 1:52362 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Agent variant payload download attempt (malware-other.rules)
 * 1:52363 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Agent variant payload download attempt (malware-other.rules)
 * 1:52353 <-> DISABLED <-> SERVER-WEBAPP rConfig ajaxServerSettingsChk.php command injection attempt (server-webapp.rules)
 * 1:52364 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Agent variant payload download attempt (malware-other.rules)
 * 1:52365 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Agent variant payload download attempt (malware-other.rules)
 * 1:52366 <-> DISABLED <-> SERVER-MYSQL yaSSL SSL Hello Message buffer overflow attempt (server-mysql.rules)
 * 1:52369 <-> DISABLED <-> OS-WINDOWS Microsoft Windows and Server malformed header denial of service attempt (os-windows.rules)
 * 1:52372 <-> DISABLED <-> SERVER-OTHER Alt-N MDaemon default credentials login attempt (server-other.rules)
 * 1:52373 <-> DISABLED <-> MALWARE-OTHER Winnti Group VMProtected launcher variant download attempt (malware-other.rules)
 * 1:52374 <-> DISABLED <-> MALWARE-OTHER Winnti Group VMProtected launcher variant download attempt (malware-other.rules)
 * 1:52375 <-> DISABLED <-> MALWARE-TOOLS Win.Downloader.Get2 download attempt (malware-tools.rules)
 * 1:52371 <-> DISABLED <-> PROTOCOL-SCADA Siemens SIMATIC WinCC flexible runtime stack buffer overflow attempt (protocol-scada.rules)
 * 1:52370 <-> DISABLED <-> PROTOCOL-SCADA Siemens SIMATIC WinCC flexible runtime stack buffer overflow attempt (protocol-scada.rules)
 * 1:52378 <-> DISABLED <-> MALWARE-TOOLS Win.Downloader.Get2 download attempt (malware-tools.rules)
 * 1:52379 <-> DISABLED <-> MALWARE-TOOLS Win.Downloader.Get2 download attempt (malware-tools.rules)
 * 1:52376 <-> DISABLED <-> MALWARE-TOOLS Win.Downloader.Get2 download attempt (malware-tools.rules)
 * 1:52380 <-> DISABLED <-> MALWARE-TOOLS Win.Downloader.Get2 download attempt (malware-tools.rules)
 * 1:52381 <-> DISABLED <-> MALWARE-TOOLS Win.Downloader.Get2 download attempt (malware-tools.rules)
 * 1:52377 <-> DISABLED <-> MALWARE-TOOLS Win.Downloader.Get2 download attempt (malware-tools.rules)
 * 1:52382 <-> DISABLED <-> MALWARE-TOOLS Win.Downloader.Get2 download attempt (malware-tools.rules)
 * 1:52401 <-> ENABLED <-> BROWSER-CHROME V8 JavaScript engine Out-of-Memory denial of service attempt (browser-chrome.rules)
 * 1:52400 <-> ENABLED <-> BROWSER-CHROME V8 JavaScript engine Out-of-Memory denial of service attempt (browser-chrome.rules)
 * 1:52399 <-> DISABLED <-> FILE-IMAGE Foxit Reader malformed GIF LZW minimum code size memory corruption attempt (file-image.rules)
 * 1:52398 <-> DISABLED <-> FILE-IMAGE Foxit Reader malformed GIF LZW minimum code size memory corruption attempt (file-image.rules)
 * 1:52397 <-> DISABLED <-> SERVER-OTHER LibVNCServer file transfer extension heap buffer overflow attempt (server-other.rules)
 * 1:52396 <-> DISABLED <-> SERVER-OTHER LibVNCServer file transfer extension heap buffer overflow attempt (server-other.rules)
 * 1:52395 <-> DISABLED <-> SERVER-OTHER LibVNCServer file transfer extension heap buffer overflow attempt (server-other.rules)
 * 1:52351 <-> DISABLED <-> SERVER-WEBAPP Wordpress Plainview Activity Monitor activities_overview.php command injection attempt (server-webapp.rules)
 * 1:52394 <-> DISABLED <-> SERVER-OTHER LibVNCServer file transfer extension heap buffer overflow attempt (server-other.rules)
 * 1:52393 <-> DISABLED <-> SERVER-OTHER LibVNCServer file transfer extension heap buffer overflow attempt (server-other.rules)
 * 1:52392 <-> DISABLED <-> SERVER-OTHER MIT Kerberos 5 krb5_read_message ksh protocol bad sendauth version length denial of service attempt (server-other.rules)
 * 1:52383 <-> DISABLED <-> FILE-OTHER Adobe Acrobat and Reader crafted .joboptions file download attempt (file-other.rules)
 * 1:52384 <-> DISABLED <-> SERVER-OTHER MIT Kerberos 5 krb5_read_message klogin ksh kprop protocols bad sendauth version string denial of service attempt (server-other.rules)
 * 1:52385 <-> DISABLED <-> SERVER-OTHER MIT Kerberos 5 krb5_read_message klogin protocol bad sendauth or app version length denial of service attempt (server-other.rules)
 * 1:52386 <-> DISABLED <-> SERVER-OTHER MIT Kerberos 5 krb5_read_message klogin ksh kprop protocols bad app version length denial of service attempt (server-other.rules)
 * 1:52387 <-> DISABLED <-> SERVER-OTHER MIT Kerberos 5 krb5_read_message kprop protocol bad sendauth version length denial of service attempt (server-other.rules)
 * 1:52388 <-> DISABLED <-> SERVER-OTHER MIT Kerberos 5 krb5_read_message klogin ksh kprop protocols bad sendauth version string denial of service attempt (server-other.rules)
 * 1:52389 <-> DISABLED <-> SERVER-OTHER MIT Kerberos 5 krb5_read_message klogin ksh kprop protocols bad app version string denial of service attempt (server-other.rules)
 * 1:52357 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word invalid sprmTDefTable length stack buffer overflow attempt (file-office.rules)
 * 1:52358 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word invalid sprmTDefTable length stack buffer overflow attempt (file-office.rules)
 * 1:52356 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word invalid sprmTDefTable length stack buffer overflow attempt (file-office.rules)
 * 1:52361 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Agent variant payload download attempt (malware-other.rules)
 * 1:52354 <-> DISABLED <-> SERVER-WEBAPP rConfig ajaxServerSettingsChk.php command injection attempt (server-webapp.rules)
 * 1:52359 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word invalid sprmTDefTable length stack buffer overflow attempt (file-office.rules)
 * 1:52360 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Agent variant payload download attempt (malware-other.rules)
 * 3:52367 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2019-0964 attack attempt (file-other.rules)
 * 3:52368 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2019-0964 attack attempt (file-other.rules)

Modified Rules:


 * 1:23267 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word invalid sprmTDefTable length stack buffer overflow attempt (file-office.rules)
 * 1:23266 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word invalid sprmTDefTable length stack buffer overflow attempt (file-office.rules)
 * 1:17591 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word invalid sprmTDefTable length stack buffer overflow attempt (file-office.rules)
 * 1:31082 <-> DISABLED <-> SERVER-OTHER Vino VNC multiple client authentication denial of service attempt (server-other.rules)
 * 1:23268 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word invalid sprmTDefTable length stack buffer overflow attempt (file-office.rules)
 * 1:47897 <-> DISABLED <-> SERVER-OTHER Alt-N MDaemon buffer overflow attempt (server-other.rules)
 * 1:47896 <-> DISABLED <-> SERVER-OTHER Alt-N MDaemon buffer overflow attempt (server-other.rules)
 * 1:34709 <-> DISABLED <-> SERVER-OTHER MIT Kerberos 5 krb5_read_message denial of service attempt (server-other.rules)

29130

2019-12-05 13:56:03 UTC

Snort Subscriber Rules Update

Date: 2019-12-05

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091300.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:52352 <-> DISABLED <-> SERVER-WEBAPP Wordpress Plainview Activity Monitor activities_overview.php command injection attempt (server-webapp.rules)
 * 1:52390 <-> DISABLED <-> SERVER-OTHER MIT Kerberos 5 krb5_read_message klogin ksh kprop protocols bad app version string denial of service attempt (server-other.rules)
 * 1:52391 <-> DISABLED <-> SERVER-OTHER MIT Kerberos 5 krb5_read_message ksh protocol bad sendauth version length denial of service attempt (server-other.rules)
 * 1:52394 <-> DISABLED <-> SERVER-OTHER LibVNCServer file transfer extension heap buffer overflow attempt (server-other.rules)
 * 1:52392 <-> DISABLED <-> SERVER-OTHER MIT Kerberos 5 krb5_read_message ksh protocol bad sendauth version length denial of service attempt (server-other.rules)
 * 1:52393 <-> DISABLED <-> SERVER-OTHER LibVNCServer file transfer extension heap buffer overflow attempt (server-other.rules)
 * 1:52373 <-> DISABLED <-> MALWARE-OTHER Winnti Group VMProtected launcher variant download attempt (malware-other.rules)
 * 1:52388 <-> DISABLED <-> SERVER-OTHER MIT Kerberos 5 krb5_read_message klogin ksh kprop protocols bad sendauth version string denial of service attempt (server-other.rules)
 * 1:52401 <-> ENABLED <-> BROWSER-CHROME V8 JavaScript engine Out-of-Memory denial of service attempt (browser-chrome.rules)
 * 1:52400 <-> ENABLED <-> BROWSER-CHROME V8 JavaScript engine Out-of-Memory denial of service attempt (browser-chrome.rules)
 * 1:52399 <-> DISABLED <-> FILE-IMAGE Foxit Reader malformed GIF LZW minimum code size memory corruption attempt (file-image.rules)
 * 1:52398 <-> DISABLED <-> FILE-IMAGE Foxit Reader malformed GIF LZW minimum code size memory corruption attempt (file-image.rules)
 * 1:52397 <-> DISABLED <-> SERVER-OTHER LibVNCServer file transfer extension heap buffer overflow attempt (server-other.rules)
 * 1:52396 <-> DISABLED <-> SERVER-OTHER LibVNCServer file transfer extension heap buffer overflow attempt (server-other.rules)
 * 1:52351 <-> DISABLED <-> SERVER-WEBAPP Wordpress Plainview Activity Monitor activities_overview.php command injection attempt (server-webapp.rules)
 * 1:52395 <-> DISABLED <-> SERVER-OTHER LibVNCServer file transfer extension heap buffer overflow attempt (server-other.rules)
 * 1:52386 <-> DISABLED <-> SERVER-OTHER MIT Kerberos 5 krb5_read_message klogin ksh kprop protocols bad app version length denial of service attempt (server-other.rules)
 * 1:52384 <-> DISABLED <-> SERVER-OTHER MIT Kerberos 5 krb5_read_message klogin ksh kprop protocols bad sendauth version string denial of service attempt (server-other.rules)
 * 1:52385 <-> DISABLED <-> SERVER-OTHER MIT Kerberos 5 krb5_read_message klogin protocol bad sendauth or app version length denial of service attempt (server-other.rules)
 * 1:52389 <-> DISABLED <-> SERVER-OTHER MIT Kerberos 5 krb5_read_message klogin ksh kprop protocols bad app version string denial of service attempt (server-other.rules)
 * 1:52387 <-> DISABLED <-> SERVER-OTHER MIT Kerberos 5 krb5_read_message kprop protocol bad sendauth version length denial of service attempt (server-other.rules)
 * 1:52355 <-> DISABLED <-> SERVER-WEBAPP rConfig ajaxServerSettingsChk.php command injection attempt (server-webapp.rules)
 * 1:52350 <-> DISABLED <-> SERVER-WEBAPP Wordpress Plainview Activity Monitor activities_overview.php command injection attempt (server-webapp.rules)
 * 1:52362 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Agent variant payload download attempt (malware-other.rules)
 * 1:52363 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Agent variant payload download attempt (malware-other.rules)
 * 1:52364 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Agent variant payload download attempt (malware-other.rules)
 * 1:52365 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Agent variant payload download attempt (malware-other.rules)
 * 1:52366 <-> DISABLED <-> SERVER-MYSQL yaSSL SSL Hello Message buffer overflow attempt (server-mysql.rules)
 * 1:52369 <-> DISABLED <-> OS-WINDOWS Microsoft Windows and Server malformed header denial of service attempt (os-windows.rules)
 * 1:52370 <-> DISABLED <-> PROTOCOL-SCADA Siemens SIMATIC WinCC flexible runtime stack buffer overflow attempt (protocol-scada.rules)
 * 1:52371 <-> DISABLED <-> PROTOCOL-SCADA Siemens SIMATIC WinCC flexible runtime stack buffer overflow attempt (protocol-scada.rules)
 * 1:52372 <-> DISABLED <-> SERVER-OTHER Alt-N MDaemon default credentials login attempt (server-other.rules)
 * 1:52374 <-> DISABLED <-> MALWARE-OTHER Winnti Group VMProtected launcher variant download attempt (malware-other.rules)
 * 1:52375 <-> DISABLED <-> MALWARE-TOOLS Win.Downloader.Get2 download attempt (malware-tools.rules)
 * 1:52376 <-> DISABLED <-> MALWARE-TOOLS Win.Downloader.Get2 download attempt (malware-tools.rules)
 * 1:52353 <-> DISABLED <-> SERVER-WEBAPP rConfig ajaxServerSettingsChk.php command injection attempt (server-webapp.rules)
 * 1:52354 <-> DISABLED <-> SERVER-WEBAPP rConfig ajaxServerSettingsChk.php command injection attempt (server-webapp.rules)
 * 1:52360 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Agent variant payload download attempt (malware-other.rules)
 * 1:52361 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Agent variant payload download attempt (malware-other.rules)
 * 1:52358 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word invalid sprmTDefTable length stack buffer overflow attempt (file-office.rules)
 * 1:52359 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word invalid sprmTDefTable length stack buffer overflow attempt (file-office.rules)
 * 1:52356 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word invalid sprmTDefTable length stack buffer overflow attempt (file-office.rules)
 * 1:52357 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word invalid sprmTDefTable length stack buffer overflow attempt (file-office.rules)
 * 1:52377 <-> DISABLED <-> MALWARE-TOOLS Win.Downloader.Get2 download attempt (malware-tools.rules)
 * 1:52378 <-> DISABLED <-> MALWARE-TOOLS Win.Downloader.Get2 download attempt (malware-tools.rules)
 * 1:52383 <-> DISABLED <-> FILE-OTHER Adobe Acrobat and Reader crafted .joboptions file download attempt (file-other.rules)
 * 1:52381 <-> DISABLED <-> MALWARE-TOOLS Win.Downloader.Get2 download attempt (malware-tools.rules)
 * 1:52382 <-> DISABLED <-> MALWARE-TOOLS Win.Downloader.Get2 download attempt (malware-tools.rules)
 * 1:52379 <-> DISABLED <-> MALWARE-TOOLS Win.Downloader.Get2 download attempt (malware-tools.rules)
 * 1:52380 <-> DISABLED <-> MALWARE-TOOLS Win.Downloader.Get2 download attempt (malware-tools.rules)
 * 3:52367 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2019-0964 attack attempt (file-other.rules)
 * 3:52368 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2019-0964 attack attempt (file-other.rules)

Modified Rules:


 * 1:23267 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word invalid sprmTDefTable length stack buffer overflow attempt (file-office.rules)
 * 1:31082 <-> DISABLED <-> SERVER-OTHER Vino VNC multiple client authentication denial of service attempt (server-other.rules)
 * 1:23266 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word invalid sprmTDefTable length stack buffer overflow attempt (file-office.rules)
 * 1:23268 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word invalid sprmTDefTable length stack buffer overflow attempt (file-office.rules)
 * 1:34709 <-> DISABLED <-> SERVER-OTHER MIT Kerberos 5 krb5_read_message denial of service attempt (server-other.rules)
 * 1:47896 <-> DISABLED <-> SERVER-OTHER Alt-N MDaemon buffer overflow attempt (server-other.rules)
 * 1:47897 <-> DISABLED <-> SERVER-OTHER Alt-N MDaemon buffer overflow attempt (server-other.rules)
 * 1:17591 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word invalid sprmTDefTable length stack buffer overflow attempt (file-office.rules)

29120

2019-12-05 13:56:03 UTC

Snort Subscriber Rules Update

Date: 2019-12-05

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091200.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:52390 <-> DISABLED <-> SERVER-OTHER MIT Kerberos 5 krb5_read_message klogin ksh kprop protocols bad app version string denial of service attempt (server-other.rules)
 * 1:52391 <-> DISABLED <-> SERVER-OTHER MIT Kerberos 5 krb5_read_message ksh protocol bad sendauth version length denial of service attempt (server-other.rules)
 * 1:52399 <-> DISABLED <-> FILE-IMAGE Foxit Reader malformed GIF LZW minimum code size memory corruption attempt (file-image.rules)
 * 1:52352 <-> DISABLED <-> SERVER-WEBAPP Wordpress Plainview Activity Monitor activities_overview.php command injection attempt (server-webapp.rules)
 * 1:52393 <-> DISABLED <-> SERVER-OTHER LibVNCServer file transfer extension heap buffer overflow attempt (server-other.rules)
 * 1:52392 <-> DISABLED <-> SERVER-OTHER MIT Kerberos 5 krb5_read_message ksh protocol bad sendauth version length denial of service attempt (server-other.rules)
 * 1:52395 <-> DISABLED <-> SERVER-OTHER LibVNCServer file transfer extension heap buffer overflow attempt (server-other.rules)
 * 1:52355 <-> DISABLED <-> SERVER-WEBAPP rConfig ajaxServerSettingsChk.php command injection attempt (server-webapp.rules)
 * 1:52350 <-> DISABLED <-> SERVER-WEBAPP Wordpress Plainview Activity Monitor activities_overview.php command injection attempt (server-webapp.rules)
 * 1:52401 <-> ENABLED <-> BROWSER-CHROME V8 JavaScript engine Out-of-Memory denial of service attempt (browser-chrome.rules)
 * 1:52377 <-> DISABLED <-> MALWARE-TOOLS Win.Downloader.Get2 download attempt (malware-tools.rules)
 * 1:52362 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Agent variant payload download attempt (malware-other.rules)
 * 1:52363 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Agent variant payload download attempt (malware-other.rules)
 * 1:52379 <-> DISABLED <-> MALWARE-TOOLS Win.Downloader.Get2 download attempt (malware-tools.rules)
 * 1:52353 <-> DISABLED <-> SERVER-WEBAPP rConfig ajaxServerSettingsChk.php command injection attempt (server-webapp.rules)
 * 1:52394 <-> DISABLED <-> SERVER-OTHER LibVNCServer file transfer extension heap buffer overflow attempt (server-other.rules)
 * 1:52354 <-> DISABLED <-> SERVER-WEBAPP rConfig ajaxServerSettingsChk.php command injection attempt (server-webapp.rules)
 * 1:52358 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word invalid sprmTDefTable length stack buffer overflow attempt (file-office.rules)
 * 1:52360 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Agent variant payload download attempt (malware-other.rules)
 * 1:52361 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Agent variant payload download attempt (malware-other.rules)
 * 1:52359 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word invalid sprmTDefTable length stack buffer overflow attempt (file-office.rules)
 * 1:52356 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word invalid sprmTDefTable length stack buffer overflow attempt (file-office.rules)
 * 1:52357 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word invalid sprmTDefTable length stack buffer overflow attempt (file-office.rules)
 * 1:52398 <-> DISABLED <-> FILE-IMAGE Foxit Reader malformed GIF LZW minimum code size memory corruption attempt (file-image.rules)
 * 1:52396 <-> DISABLED <-> SERVER-OTHER LibVNCServer file transfer extension heap buffer overflow attempt (server-other.rules)
 * 1:52397 <-> DISABLED <-> SERVER-OTHER LibVNCServer file transfer extension heap buffer overflow attempt (server-other.rules)
 * 1:52400 <-> ENABLED <-> BROWSER-CHROME V8 JavaScript engine Out-of-Memory denial of service attempt (browser-chrome.rules)
 * 1:52388 <-> DISABLED <-> SERVER-OTHER MIT Kerberos 5 krb5_read_message klogin ksh kprop protocols bad sendauth version string denial of service attempt (server-other.rules)
 * 1:52386 <-> DISABLED <-> SERVER-OTHER MIT Kerberos 5 krb5_read_message klogin ksh kprop protocols bad app version length denial of service attempt (server-other.rules)
 * 1:52387 <-> DISABLED <-> SERVER-OTHER MIT Kerberos 5 krb5_read_message kprop protocol bad sendauth version length denial of service attempt (server-other.rules)
 * 1:52385 <-> DISABLED <-> SERVER-OTHER MIT Kerberos 5 krb5_read_message klogin protocol bad sendauth or app version length denial of service attempt (server-other.rules)
 * 1:52389 <-> DISABLED <-> SERVER-OTHER MIT Kerberos 5 krb5_read_message klogin ksh kprop protocols bad app version string denial of service attempt (server-other.rules)
 * 1:52375 <-> DISABLED <-> MALWARE-TOOLS Win.Downloader.Get2 download attempt (malware-tools.rules)
 * 1:52384 <-> DISABLED <-> SERVER-OTHER MIT Kerberos 5 krb5_read_message klogin ksh kprop protocols bad sendauth version string denial of service attempt (server-other.rules)
 * 1:52373 <-> DISABLED <-> MALWARE-OTHER Winnti Group VMProtected launcher variant download attempt (malware-other.rules)
 * 1:52374 <-> DISABLED <-> MALWARE-OTHER Winnti Group VMProtected launcher variant download attempt (malware-other.rules)
 * 1:52372 <-> DISABLED <-> SERVER-OTHER Alt-N MDaemon default credentials login attempt (server-other.rules)
 * 1:52370 <-> DISABLED <-> PROTOCOL-SCADA Siemens SIMATIC WinCC flexible runtime stack buffer overflow attempt (protocol-scada.rules)
 * 1:52371 <-> DISABLED <-> PROTOCOL-SCADA Siemens SIMATIC WinCC flexible runtime stack buffer overflow attempt (protocol-scada.rules)
 * 1:52366 <-> DISABLED <-> SERVER-MYSQL yaSSL SSL Hello Message buffer overflow attempt (server-mysql.rules)
 * 1:52369 <-> DISABLED <-> OS-WINDOWS Microsoft Windows and Server malformed header denial of service attempt (os-windows.rules)
 * 1:52364 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Agent variant payload download attempt (malware-other.rules)
 * 1:52365 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Agent variant payload download attempt (malware-other.rules)
 * 1:52376 <-> DISABLED <-> MALWARE-TOOLS Win.Downloader.Get2 download attempt (malware-tools.rules)
 * 1:52378 <-> DISABLED <-> MALWARE-TOOLS Win.Downloader.Get2 download attempt (malware-tools.rules)
 * 1:52383 <-> DISABLED <-> FILE-OTHER Adobe Acrobat and Reader crafted .joboptions file download attempt (file-other.rules)
 * 1:52382 <-> DISABLED <-> MALWARE-TOOLS Win.Downloader.Get2 download attempt (malware-tools.rules)
 * 1:52380 <-> DISABLED <-> MALWARE-TOOLS Win.Downloader.Get2 download attempt (malware-tools.rules)
 * 1:52381 <-> DISABLED <-> MALWARE-TOOLS Win.Downloader.Get2 download attempt (malware-tools.rules)
 * 1:52351 <-> DISABLED <-> SERVER-WEBAPP Wordpress Plainview Activity Monitor activities_overview.php command injection attempt (server-webapp.rules)
 * 3:52367 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2019-0964 attack attempt (file-other.rules)
 * 3:52368 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2019-0964 attack attempt (file-other.rules)

Modified Rules:


 * 1:17591 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word invalid sprmTDefTable length stack buffer overflow attempt (file-office.rules)
 * 1:23268 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word invalid sprmTDefTable length stack buffer overflow attempt (file-office.rules)
 * 1:31082 <-> DISABLED <-> SERVER-OTHER Vino VNC multiple client authentication denial of service attempt (server-other.rules)
 * 1:47896 <-> DISABLED <-> SERVER-OTHER Alt-N MDaemon buffer overflow attempt (server-other.rules)
 * 1:34709 <-> DISABLED <-> SERVER-OTHER MIT Kerberos 5 krb5_read_message denial of service attempt (server-other.rules)
 * 1:23266 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word invalid sprmTDefTable length stack buffer overflow attempt (file-office.rules)
 * 1:23267 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word invalid sprmTDefTable length stack buffer overflow attempt (file-office.rules)
 * 1:47897 <-> DISABLED <-> SERVER-OTHER Alt-N MDaemon buffer overflow attempt (server-other.rules)

29111

2019-12-05 13:56:03 UTC

Snort Subscriber Rules Update

Date: 2019-12-05

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091101.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:52393 <-> DISABLED <-> SERVER-OTHER LibVNCServer file transfer extension heap buffer overflow attempt (server-other.rules)
 * 1:52390 <-> DISABLED <-> SERVER-OTHER MIT Kerberos 5 krb5_read_message klogin ksh kprop protocols bad app version string denial of service attempt (server-other.rules)
 * 1:52392 <-> DISABLED <-> SERVER-OTHER MIT Kerberos 5 krb5_read_message ksh protocol bad sendauth version length denial of service attempt (server-other.rules)
 * 1:52391 <-> DISABLED <-> SERVER-OTHER MIT Kerberos 5 krb5_read_message ksh protocol bad sendauth version length denial of service attempt (server-other.rules)
 * 1:52351 <-> DISABLED <-> SERVER-WEBAPP Wordpress Plainview Activity Monitor activities_overview.php command injection attempt (server-webapp.rules)
 * 1:52352 <-> DISABLED <-> SERVER-WEBAPP Wordpress Plainview Activity Monitor activities_overview.php command injection attempt (server-webapp.rules)
 * 1:52400 <-> ENABLED <-> BROWSER-CHROME V8 JavaScript engine Out-of-Memory denial of service attempt (browser-chrome.rules)
 * 1:52353 <-> DISABLED <-> SERVER-WEBAPP rConfig ajaxServerSettingsChk.php command injection attempt (server-webapp.rules)
 * 1:52396 <-> DISABLED <-> SERVER-OTHER LibVNCServer file transfer extension heap buffer overflow attempt (server-other.rules)
 * 1:52394 <-> DISABLED <-> SERVER-OTHER LibVNCServer file transfer extension heap buffer overflow attempt (server-other.rules)
 * 1:52401 <-> ENABLED <-> BROWSER-CHROME V8 JavaScript engine Out-of-Memory denial of service attempt (browser-chrome.rules)
 * 1:52350 <-> DISABLED <-> SERVER-WEBAPP Wordpress Plainview Activity Monitor activities_overview.php command injection attempt (server-webapp.rules)
 * 1:52360 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Agent variant payload download attempt (malware-other.rules)
 * 1:52361 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Agent variant payload download attempt (malware-other.rules)
 * 1:52359 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word invalid sprmTDefTable length stack buffer overflow attempt (file-office.rules)
 * 1:52356 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word invalid sprmTDefTable length stack buffer overflow attempt (file-office.rules)
 * 1:52357 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word invalid sprmTDefTable length stack buffer overflow attempt (file-office.rules)
 * 1:52374 <-> DISABLED <-> MALWARE-OTHER Winnti Group VMProtected launcher variant download attempt (malware-other.rules)
 * 1:52369 <-> DISABLED <-> OS-WINDOWS Microsoft Windows and Server malformed header denial of service attempt (os-windows.rules)
 * 1:52370 <-> DISABLED <-> PROTOCOL-SCADA Siemens SIMATIC WinCC flexible runtime stack buffer overflow attempt (protocol-scada.rules)
 * 1:52388 <-> DISABLED <-> SERVER-OTHER MIT Kerberos 5 krb5_read_message klogin ksh kprop protocols bad sendauth version string denial of service attempt (server-other.rules)
 * 1:52371 <-> DISABLED <-> PROTOCOL-SCADA Siemens SIMATIC WinCC flexible runtime stack buffer overflow attempt (protocol-scada.rules)
 * 1:52384 <-> DISABLED <-> SERVER-OTHER MIT Kerberos 5 krb5_read_message klogin ksh kprop protocols bad sendauth version string denial of service attempt (server-other.rules)
 * 1:52386 <-> DISABLED <-> SERVER-OTHER MIT Kerberos 5 krb5_read_message klogin ksh kprop protocols bad app version length denial of service attempt (server-other.rules)
 * 1:52387 <-> DISABLED <-> SERVER-OTHER MIT Kerberos 5 krb5_read_message kprop protocol bad sendauth version length denial of service attempt (server-other.rules)
 * 1:52389 <-> DISABLED <-> SERVER-OTHER MIT Kerberos 5 krb5_read_message klogin ksh kprop protocols bad app version string denial of service attempt (server-other.rules)
 * 1:52385 <-> DISABLED <-> SERVER-OTHER MIT Kerberos 5 krb5_read_message klogin protocol bad sendauth or app version length denial of service attempt (server-other.rules)
 * 1:52377 <-> DISABLED <-> MALWARE-TOOLS Win.Downloader.Get2 download attempt (malware-tools.rules)
 * 1:52376 <-> DISABLED <-> MALWARE-TOOLS Win.Downloader.Get2 download attempt (malware-tools.rules)
 * 1:52373 <-> DISABLED <-> MALWARE-OTHER Winnti Group VMProtected launcher variant download attempt (malware-other.rules)
 * 1:52380 <-> DISABLED <-> MALWARE-TOOLS Win.Downloader.Get2 download attempt (malware-tools.rules)
 * 1:52375 <-> DISABLED <-> MALWARE-TOOLS Win.Downloader.Get2 download attempt (malware-tools.rules)
 * 1:52378 <-> DISABLED <-> MALWARE-TOOLS Win.Downloader.Get2 download attempt (malware-tools.rules)
 * 1:52379 <-> DISABLED <-> MALWARE-TOOLS Win.Downloader.Get2 download attempt (malware-tools.rules)
 * 1:52381 <-> DISABLED <-> MALWARE-TOOLS Win.Downloader.Get2 download attempt (malware-tools.rules)
 * 1:52382 <-> DISABLED <-> MALWARE-TOOLS Win.Downloader.Get2 download attempt (malware-tools.rules)
 * 1:52383 <-> DISABLED <-> FILE-OTHER Adobe Acrobat and Reader crafted .joboptions file download attempt (file-other.rules)
 * 1:52362 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Agent variant payload download attempt (malware-other.rules)
 * 1:52363 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Agent variant payload download attempt (malware-other.rules)
 * 1:52355 <-> DISABLED <-> SERVER-WEBAPP rConfig ajaxServerSettingsChk.php command injection attempt (server-webapp.rules)
 * 1:52354 <-> DISABLED <-> SERVER-WEBAPP rConfig ajaxServerSettingsChk.php command injection attempt (server-webapp.rules)
 * 1:52358 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word invalid sprmTDefTable length stack buffer overflow attempt (file-office.rules)
 * 1:52365 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Agent variant payload download attempt (malware-other.rules)
 * 1:52395 <-> DISABLED <-> SERVER-OTHER LibVNCServer file transfer extension heap buffer overflow attempt (server-other.rules)
 * 1:52372 <-> DISABLED <-> SERVER-OTHER Alt-N MDaemon default credentials login attempt (server-other.rules)
 * 1:52366 <-> DISABLED <-> SERVER-MYSQL yaSSL SSL Hello Message buffer overflow attempt (server-mysql.rules)
 * 1:52399 <-> DISABLED <-> FILE-IMAGE Foxit Reader malformed GIF LZW minimum code size memory corruption attempt (file-image.rules)
 * 1:52397 <-> DISABLED <-> SERVER-OTHER LibVNCServer file transfer extension heap buffer overflow attempt (server-other.rules)
 * 1:52398 <-> DISABLED <-> FILE-IMAGE Foxit Reader malformed GIF LZW minimum code size memory corruption attempt (file-image.rules)
 * 1:52364 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Agent variant payload download attempt (malware-other.rules)
 * 3:52367 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2019-0964 attack attempt (file-other.rules)
 * 3:52368 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2019-0964 attack attempt (file-other.rules)

Modified Rules:


 * 1:23267 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word invalid sprmTDefTable length stack buffer overflow attempt (file-office.rules)
 * 1:23268 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word invalid sprmTDefTable length stack buffer overflow attempt (file-office.rules)
 * 1:31082 <-> DISABLED <-> SERVER-OTHER Vino VNC multiple client authentication denial of service attempt (server-other.rules)
 * 1:47896 <-> DISABLED <-> SERVER-OTHER Alt-N MDaemon buffer overflow attempt (server-other.rules)
 * 1:23266 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word invalid sprmTDefTable length stack buffer overflow attempt (file-office.rules)
 * 1:34709 <-> DISABLED <-> SERVER-OTHER MIT Kerberos 5 krb5_read_message denial of service attempt (server-other.rules)
 * 1:17591 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word invalid sprmTDefTable length stack buffer overflow attempt (file-office.rules)
 * 1:47897 <-> DISABLED <-> SERVER-OTHER Alt-N MDaemon buffer overflow attempt (server-other.rules)

3000

2019-12-05 13:56:03 UTC

Snort Subscriber Rules Update

Date: 2019-12-05

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3000.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:52392 <-> DISABLED <-> SERVER-OTHER MIT Kerberos 5 krb5_read_message ksh protocol bad sendauth version length denial of service attempt (snort3-server-other.rules)
 * 1:52394 <-> DISABLED <-> SERVER-OTHER LibVNCServer file transfer extension heap buffer overflow attempt (snort3-server-other.rules)
 * 1:52353 <-> DISABLED <-> SERVER-WEBAPP rConfig ajaxServerSettingsChk.php command injection attempt (snort3-server-webapp.rules)
 * 1:52393 <-> DISABLED <-> SERVER-OTHER LibVNCServer file transfer extension heap buffer overflow attempt (snort3-server-other.rules)
 * 1:52352 <-> DISABLED <-> SERVER-WEBAPP Wordpress Plainview Activity Monitor activities_overview.php command injection attempt (snort3-server-webapp.rules)
 * 1:52381 <-> DISABLED <-> MALWARE-TOOLS Win.Downloader.Get2 download attempt (snort3-malware-tools.rules)
 * 1:52397 <-> DISABLED <-> SERVER-OTHER LibVNCServer file transfer extension heap buffer overflow attempt (snort3-server-other.rules)
 * 1:52395 <-> DISABLED <-> SERVER-OTHER LibVNCServer file transfer extension heap buffer overflow attempt (snort3-server-other.rules)
 * 1:52398 <-> DISABLED <-> FILE-IMAGE Foxit Reader malformed GIF LZW minimum code size memory corruption attempt (snort3-file-image.rules)
 * 1:52399 <-> DISABLED <-> FILE-IMAGE Foxit Reader malformed GIF LZW minimum code size memory corruption attempt (snort3-file-image.rules)
 * 1:52388 <-> DISABLED <-> SERVER-OTHER MIT Kerberos 5 krb5_read_message klogin ksh kprop protocols bad sendauth version string denial of service attempt (snort3-server-other.rules)
 * 1:52390 <-> DISABLED <-> SERVER-OTHER MIT Kerberos 5 krb5_read_message klogin ksh kprop protocols bad app version string denial of service attempt (snort3-server-other.rules)
 * 1:52356 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word invalid sprmTDefTable length stack buffer overflow attempt (snort3-file-office.rules)
 * 1:52350 <-> DISABLED <-> SERVER-WEBAPP Wordpress Plainview Activity Monitor activities_overview.php command injection attempt (snort3-server-webapp.rules)
 * 1:52357 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word invalid sprmTDefTable length stack buffer overflow attempt (snort3-file-office.rules)
 * 1:52358 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word invalid sprmTDefTable length stack buffer overflow attempt (snort3-file-office.rules)
 * 1:52359 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word invalid sprmTDefTable length stack buffer overflow attempt (snort3-file-office.rules)
 * 1:52382 <-> DISABLED <-> MALWARE-TOOLS Win.Downloader.Get2 download attempt (snort3-malware-tools.rules)
 * 1:52354 <-> DISABLED <-> SERVER-WEBAPP rConfig ajaxServerSettingsChk.php command injection attempt (snort3-server-webapp.rules)
 * 1:52351 <-> DISABLED <-> SERVER-WEBAPP Wordpress Plainview Activity Monitor activities_overview.php command injection attempt (snort3-server-webapp.rules)
 * 1:52360 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Agent variant payload download attempt (snort3-malware-other.rules)
 * 1:52361 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Agent variant payload download attempt (snort3-malware-other.rules)
 * 1:52362 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Agent variant payload download attempt (snort3-malware-other.rules)
 * 1:52355 <-> DISABLED <-> SERVER-WEBAPP rConfig ajaxServerSettingsChk.php command injection attempt (snort3-server-webapp.rules)
 * 1:52396 <-> DISABLED <-> SERVER-OTHER LibVNCServer file transfer extension heap buffer overflow attempt (snort3-server-other.rules)
 * 1:52383 <-> DISABLED <-> FILE-OTHER Adobe Acrobat and Reader crafted .joboptions file download attempt (snort3-file-other.rules)
 * 1:52391 <-> DISABLED <-> SERVER-OTHER MIT Kerberos 5 krb5_read_message ksh protocol bad sendauth version length denial of service attempt (snort3-server-other.rules)
 * 1:52364 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Agent variant payload download attempt (snort3-malware-other.rules)
 * 1:52365 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Agent variant payload download attempt (snort3-malware-other.rules)
 * 1:52363 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Agent variant payload download attempt (snort3-malware-other.rules)
 * 1:52379 <-> DISABLED <-> MALWARE-TOOLS Win.Downloader.Get2 download attempt (snort3-malware-tools.rules)
 * 1:52380 <-> DISABLED <-> MALWARE-TOOLS Win.Downloader.Get2 download attempt (snort3-malware-tools.rules)
 * 1:52384 <-> DISABLED <-> SERVER-OTHER MIT Kerberos 5 krb5_read_message klogin ksh kprop protocols bad sendauth version string denial of service attempt (snort3-server-other.rules)
 * 1:52387 <-> DISABLED <-> SERVER-OTHER MIT Kerberos 5 krb5_read_message kprop protocol bad sendauth version length denial of service attempt (snort3-server-other.rules)
 * 1:52386 <-> DISABLED <-> SERVER-OTHER MIT Kerberos 5 krb5_read_message klogin ksh kprop protocols bad app version length denial of service attempt (snort3-server-other.rules)
 * 1:52371 <-> DISABLED <-> PROTOCOL-SCADA Siemens SIMATIC WinCC flexible runtime stack buffer overflow attempt (snort3-protocol-scada.rules)
 * 1:52373 <-> DISABLED <-> MALWARE-OTHER Winnti Group VMProtected launcher variant download attempt (snort3-malware-other.rules)
 * 1:52370 <-> DISABLED <-> PROTOCOL-SCADA Siemens SIMATIC WinCC flexible runtime stack buffer overflow attempt (snort3-protocol-scada.rules)
 * 1:52369 <-> DISABLED <-> OS-WINDOWS Microsoft Windows and Server malformed header denial of service attempt (snort3-os-windows.rules)
 * 1:52374 <-> DISABLED <-> MALWARE-OTHER Winnti Group VMProtected launcher variant download attempt (snort3-malware-other.rules)
 * 1:52375 <-> DISABLED <-> MALWARE-TOOLS Win.Downloader.Get2 download attempt (snort3-malware-tools.rules)
 * 1:52372 <-> DISABLED <-> SERVER-OTHER Alt-N MDaemon default credentials login attempt (snort3-server-other.rules)
 * 1:52376 <-> DISABLED <-> MALWARE-TOOLS Win.Downloader.Get2 download attempt (snort3-malware-tools.rules)
 * 1:52377 <-> DISABLED <-> MALWARE-TOOLS Win.Downloader.Get2 download attempt (snort3-malware-tools.rules)
 * 1:52389 <-> DISABLED <-> SERVER-OTHER MIT Kerberos 5 krb5_read_message klogin ksh kprop protocols bad app version string denial of service attempt (snort3-server-other.rules)
 * 1:52400 <-> ENABLED <-> BROWSER-CHROME V8 JavaScript engine Out-of-Memory denial of service attempt (snort3-browser-chrome.rules)
 * 1:52378 <-> DISABLED <-> MALWARE-TOOLS Win.Downloader.Get2 download attempt (snort3-malware-tools.rules)
 * 1:52385 <-> DISABLED <-> SERVER-OTHER MIT Kerberos 5 krb5_read_message klogin protocol bad sendauth or app version length denial of service attempt (snort3-server-other.rules)
 * 1:52366 <-> DISABLED <-> SERVER-MYSQL yaSSL SSL Hello Message buffer overflow attempt (snort3-server-mysql.rules)
 * 1:52401 <-> ENABLED <-> BROWSER-CHROME V8 JavaScript engine Out-of-Memory denial of service attempt (snort3-browser-chrome.rules)

Modified Rules:


 * 1:31082 <-> DISABLED <-> SERVER-OTHER Vino VNC multiple client authentication denial of service attempt (snort3-server-other.rules)
 * 1:23267 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word invalid sprmTDefTable length stack buffer overflow attempt (snort3-file-office.rules)
 * 1:47897 <-> DISABLED <-> SERVER-OTHER Alt-N MDaemon buffer overflow attempt (snort3-server-other.rules)
 * 1:47896 <-> DISABLED <-> SERVER-OTHER Alt-N MDaemon buffer overflow attempt (snort3-server-other.rules)
 * 1:34709 <-> DISABLED <-> SERVER-OTHER MIT Kerberos 5 krb5_read_message denial of service attempt (snort3-server-other.rules)
 * 1:23266 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word invalid sprmTDefTable length stack buffer overflow attempt (snort3-file-office.rules)
 * 1:23268 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word invalid sprmTDefTable length stack buffer overflow attempt (snort3-file-office.rules)
 * 1:17591 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word invalid sprmTDefTable length stack buffer overflow attempt (snort3-file-office.rules)

2990

2019-12-05 13:56:03 UTC

Snort Subscriber Rules Update

Date: 2019-12-05

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2990.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:52364 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Agent variant payload download attempt (malware-other.rules)
 * 1:52385 <-> DISABLED <-> SERVER-OTHER MIT Kerberos 5 krb5_read_message klogin protocol bad sendauth or app version length denial of service attempt (server-other.rules)
 * 1:52393 <-> DISABLED <-> SERVER-OTHER LibVNCServer file transfer extension heap buffer overflow attempt (server-other.rules)
 * 1:52354 <-> DISABLED <-> SERVER-WEBAPP rConfig ajaxServerSettingsChk.php command injection attempt (server-webapp.rules)
 * 1:52394 <-> DISABLED <-> SERVER-OTHER LibVNCServer file transfer extension heap buffer overflow attempt (server-other.rules)
 * 1:52389 <-> DISABLED <-> SERVER-OTHER MIT Kerberos 5 krb5_read_message klogin ksh kprop protocols bad app version string denial of service attempt (server-other.rules)
 * 1:52390 <-> DISABLED <-> SERVER-OTHER MIT Kerberos 5 krb5_read_message klogin ksh kprop protocols bad app version string denial of service attempt (server-other.rules)
 * 1:52397 <-> DISABLED <-> SERVER-OTHER LibVNCServer file transfer extension heap buffer overflow attempt (server-other.rules)
 * 1:52352 <-> DISABLED <-> SERVER-WEBAPP Wordpress Plainview Activity Monitor activities_overview.php command injection attempt (server-webapp.rules)
 * 1:52391 <-> DISABLED <-> SERVER-OTHER MIT Kerberos 5 krb5_read_message ksh protocol bad sendauth version length denial of service attempt (server-other.rules)
 * 1:52398 <-> DISABLED <-> FILE-IMAGE Foxit Reader malformed GIF LZW minimum code size memory corruption attempt (file-image.rules)
 * 1:52350 <-> DISABLED <-> SERVER-WEBAPP Wordpress Plainview Activity Monitor activities_overview.php command injection attempt (server-webapp.rules)
 * 1:52386 <-> DISABLED <-> SERVER-OTHER MIT Kerberos 5 krb5_read_message klogin ksh kprop protocols bad app version length denial of service attempt (server-other.rules)
 * 1:52373 <-> DISABLED <-> MALWARE-OTHER Winnti Group VMProtected launcher variant download attempt (malware-other.rules)
 * 1:52384 <-> DISABLED <-> SERVER-OTHER MIT Kerberos 5 krb5_read_message klogin ksh kprop protocols bad sendauth version string denial of service attempt (server-other.rules)
 * 1:52351 <-> DISABLED <-> SERVER-WEBAPP Wordpress Plainview Activity Monitor activities_overview.php command injection attempt (server-webapp.rules)
 * 1:52355 <-> DISABLED <-> SERVER-WEBAPP rConfig ajaxServerSettingsChk.php command injection attempt (server-webapp.rules)
 * 1:52356 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word invalid sprmTDefTable length stack buffer overflow attempt (file-office.rules)
 * 1:52357 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word invalid sprmTDefTable length stack buffer overflow attempt (file-office.rules)
 * 1:52395 <-> DISABLED <-> SERVER-OTHER LibVNCServer file transfer extension heap buffer overflow attempt (server-other.rules)
 * 1:52396 <-> DISABLED <-> SERVER-OTHER LibVNCServer file transfer extension heap buffer overflow attempt (server-other.rules)
 * 1:52358 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word invalid sprmTDefTable length stack buffer overflow attempt (file-office.rules)
 * 1:52400 <-> ENABLED <-> BROWSER-CHROME V8 JavaScript engine Out-of-Memory denial of service attempt (browser-chrome.rules)
 * 1:52359 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word invalid sprmTDefTable length stack buffer overflow attempt (file-office.rules)
 * 1:52362 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Agent variant payload download attempt (malware-other.rules)
 * 1:52360 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Agent variant payload download attempt (malware-other.rules)
 * 1:52353 <-> DISABLED <-> SERVER-WEBAPP rConfig ajaxServerSettingsChk.php command injection attempt (server-webapp.rules)
 * 1:52369 <-> DISABLED <-> OS-WINDOWS Microsoft Windows and Server malformed header denial of service attempt (os-windows.rules)
 * 1:52392 <-> DISABLED <-> SERVER-OTHER MIT Kerberos 5 krb5_read_message ksh protocol bad sendauth version length denial of service attempt (server-other.rules)
 * 1:52375 <-> DISABLED <-> MALWARE-TOOLS Win.Downloader.Get2 download attempt (malware-tools.rules)
 * 1:52365 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Agent variant payload download attempt (malware-other.rules)
 * 1:52378 <-> DISABLED <-> MALWARE-TOOLS Win.Downloader.Get2 download attempt (malware-tools.rules)
 * 1:52366 <-> DISABLED <-> SERVER-MYSQL yaSSL SSL Hello Message buffer overflow attempt (server-mysql.rules)
 * 1:52382 <-> DISABLED <-> MALWARE-TOOLS Win.Downloader.Get2 download attempt (malware-tools.rules)
 * 1:52383 <-> DISABLED <-> FILE-OTHER Adobe Acrobat and Reader crafted .joboptions file download attempt (file-other.rules)
 * 1:52387 <-> DISABLED <-> SERVER-OTHER MIT Kerberos 5 krb5_read_message kprop protocol bad sendauth version length denial of service attempt (server-other.rules)
 * 1:52380 <-> DISABLED <-> MALWARE-TOOLS Win.Downloader.Get2 download attempt (malware-tools.rules)
 * 1:52376 <-> DISABLED <-> MALWARE-TOOLS Win.Downloader.Get2 download attempt (malware-tools.rules)
 * 1:52379 <-> DISABLED <-> MALWARE-TOOLS Win.Downloader.Get2 download attempt (malware-tools.rules)
 * 1:52374 <-> DISABLED <-> MALWARE-OTHER Winnti Group VMProtected launcher variant download attempt (malware-other.rules)
 * 1:52388 <-> DISABLED <-> SERVER-OTHER MIT Kerberos 5 krb5_read_message klogin ksh kprop protocols bad sendauth version string denial of service attempt (server-other.rules)
 * 1:52381 <-> DISABLED <-> MALWARE-TOOLS Win.Downloader.Get2 download attempt (malware-tools.rules)
 * 1:52377 <-> DISABLED <-> MALWARE-TOOLS Win.Downloader.Get2 download attempt (malware-tools.rules)
 * 1:52363 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Agent variant payload download attempt (malware-other.rules)
 * 1:52370 <-> DISABLED <-> PROTOCOL-SCADA Siemens SIMATIC WinCC flexible runtime stack buffer overflow attempt (protocol-scada.rules)
 * 1:52361 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Agent variant payload download attempt (malware-other.rules)
 * 1:52371 <-> DISABLED <-> PROTOCOL-SCADA Siemens SIMATIC WinCC flexible runtime stack buffer overflow attempt (protocol-scada.rules)
 * 1:52401 <-> ENABLED <-> BROWSER-CHROME V8 JavaScript engine Out-of-Memory denial of service attempt (browser-chrome.rules)
 * 1:52372 <-> DISABLED <-> SERVER-OTHER Alt-N MDaemon default credentials login attempt (server-other.rules)
 * 1:52399 <-> DISABLED <-> FILE-IMAGE Foxit Reader malformed GIF LZW minimum code size memory corruption attempt (file-image.rules)
 * 3:52367 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2019-0964 attack attempt (file-other.rules)
 * 3:52368 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2019-0964 attack attempt (file-other.rules)

Modified Rules:


 * 1:23268 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word invalid sprmTDefTable length stack buffer overflow attempt (file-office.rules)
 * 1:23266 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word invalid sprmTDefTable length stack buffer overflow attempt (file-office.rules)
 * 1:31082 <-> DISABLED <-> SERVER-OTHER Vino VNC multiple client authentication denial of service attempt (server-other.rules)
 * 1:47897 <-> DISABLED <-> SERVER-OTHER Alt-N MDaemon buffer overflow attempt (server-other.rules)
 * 1:34709 <-> DISABLED <-> SERVER-OTHER MIT Kerberos 5 krb5_read_message denial of service attempt (server-other.rules)
 * 1:17591 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word invalid sprmTDefTable length stack buffer overflow attempt (file-office.rules)
 * 1:23267 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word invalid sprmTDefTable length stack buffer overflow attempt (file-office.rules)
 * 1:47896 <-> DISABLED <-> SERVER-OTHER Alt-N MDaemon buffer overflow attempt (server-other.rules)

2983

2019-12-05 13:56:03 UTC

Snort Subscriber Rules Update

Date: 2019-12-05

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:52393 <-> DISABLED <-> SERVER-OTHER LibVNCServer file transfer extension heap buffer overflow attempt (server-other.rules)
 * 1:52384 <-> DISABLED <-> SERVER-OTHER MIT Kerberos 5 krb5_read_message klogin ksh kprop protocols bad sendauth version string denial of service attempt (server-other.rules)
 * 1:52391 <-> DISABLED <-> SERVER-OTHER MIT Kerberos 5 krb5_read_message ksh protocol bad sendauth version length denial of service attempt (server-other.rules)
 * 1:52390 <-> DISABLED <-> SERVER-OTHER MIT Kerberos 5 krb5_read_message klogin ksh kprop protocols bad app version string denial of service attempt (server-other.rules)
 * 1:52400 <-> ENABLED <-> BROWSER-CHROME V8 JavaScript engine Out-of-Memory denial of service attempt (browser-chrome.rules)
 * 1:52388 <-> DISABLED <-> SERVER-OTHER MIT Kerberos 5 krb5_read_message klogin ksh kprop protocols bad sendauth version string denial of service attempt (server-other.rules)
 * 1:52362 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Agent variant payload download attempt (malware-other.rules)
 * 1:52350 <-> DISABLED <-> SERVER-WEBAPP Wordpress Plainview Activity Monitor activities_overview.php command injection attempt (server-webapp.rules)
 * 1:52355 <-> DISABLED <-> SERVER-WEBAPP rConfig ajaxServerSettingsChk.php command injection attempt (server-webapp.rules)
 * 1:52353 <-> DISABLED <-> SERVER-WEBAPP rConfig ajaxServerSettingsChk.php command injection attempt (server-webapp.rules)
 * 1:52396 <-> DISABLED <-> SERVER-OTHER LibVNCServer file transfer extension heap buffer overflow attempt (server-other.rules)
 * 1:52356 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word invalid sprmTDefTable length stack buffer overflow attempt (file-office.rules)
 * 1:52352 <-> DISABLED <-> SERVER-WEBAPP Wordpress Plainview Activity Monitor activities_overview.php command injection attempt (server-webapp.rules)
 * 1:52357 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word invalid sprmTDefTable length stack buffer overflow attempt (file-office.rules)
 * 1:52397 <-> DISABLED <-> SERVER-OTHER LibVNCServer file transfer extension heap buffer overflow attempt (server-other.rules)
 * 1:52392 <-> DISABLED <-> SERVER-OTHER MIT Kerberos 5 krb5_read_message ksh protocol bad sendauth version length denial of service attempt (server-other.rules)
 * 1:52369 <-> DISABLED <-> OS-WINDOWS Microsoft Windows and Server malformed header denial of service attempt (os-windows.rules)
 * 1:52351 <-> DISABLED <-> SERVER-WEBAPP Wordpress Plainview Activity Monitor activities_overview.php command injection attempt (server-webapp.rules)
 * 1:52358 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word invalid sprmTDefTable length stack buffer overflow attempt (file-office.rules)
 * 1:52359 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word invalid sprmTDefTable length stack buffer overflow attempt (file-office.rules)
 * 1:52360 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Agent variant payload download attempt (malware-other.rules)
 * 1:52363 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Agent variant payload download attempt (malware-other.rules)
 * 1:52361 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Agent variant payload download attempt (malware-other.rules)
 * 1:52354 <-> DISABLED <-> SERVER-WEBAPP rConfig ajaxServerSettingsChk.php command injection attempt (server-webapp.rules)
 * 1:52381 <-> DISABLED <-> MALWARE-TOOLS Win.Downloader.Get2 download attempt (malware-tools.rules)
 * 1:52373 <-> DISABLED <-> MALWARE-OTHER Winnti Group VMProtected launcher variant download attempt (malware-other.rules)
 * 1:52401 <-> ENABLED <-> BROWSER-CHROME V8 JavaScript engine Out-of-Memory denial of service attempt (browser-chrome.rules)
 * 1:52364 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Agent variant payload download attempt (malware-other.rules)
 * 1:52386 <-> DISABLED <-> SERVER-OTHER MIT Kerberos 5 krb5_read_message klogin ksh kprop protocols bad app version length denial of service attempt (server-other.rules)
 * 1:52395 <-> DISABLED <-> SERVER-OTHER LibVNCServer file transfer extension heap buffer overflow attempt (server-other.rules)
 * 1:52371 <-> DISABLED <-> PROTOCOL-SCADA Siemens SIMATIC WinCC flexible runtime stack buffer overflow attempt (protocol-scada.rules)
 * 1:52376 <-> DISABLED <-> MALWARE-TOOLS Win.Downloader.Get2 download attempt (malware-tools.rules)
 * 1:52383 <-> DISABLED <-> FILE-OTHER Adobe Acrobat and Reader crafted .joboptions file download attempt (file-other.rules)
 * 1:52378 <-> DISABLED <-> MALWARE-TOOLS Win.Downloader.Get2 download attempt (malware-tools.rules)
 * 1:52380 <-> DISABLED <-> MALWARE-TOOLS Win.Downloader.Get2 download attempt (malware-tools.rules)
 * 1:52377 <-> DISABLED <-> MALWARE-TOOLS Win.Downloader.Get2 download attempt (malware-tools.rules)
 * 1:52370 <-> DISABLED <-> PROTOCOL-SCADA Siemens SIMATIC WinCC flexible runtime stack buffer overflow attempt (protocol-scada.rules)
 * 1:52372 <-> DISABLED <-> SERVER-OTHER Alt-N MDaemon default credentials login attempt (server-other.rules)
 * 1:52379 <-> DISABLED <-> MALWARE-TOOLS Win.Downloader.Get2 download attempt (malware-tools.rules)
 * 1:52382 <-> DISABLED <-> MALWARE-TOOLS Win.Downloader.Get2 download attempt (malware-tools.rules)
 * 1:52374 <-> DISABLED <-> MALWARE-OTHER Winnti Group VMProtected launcher variant download attempt (malware-other.rules)
 * 1:52366 <-> DISABLED <-> SERVER-MYSQL yaSSL SSL Hello Message buffer overflow attempt (server-mysql.rules)
 * 1:52385 <-> DISABLED <-> SERVER-OTHER MIT Kerberos 5 krb5_read_message klogin protocol bad sendauth or app version length denial of service attempt (server-other.rules)
 * 1:52398 <-> DISABLED <-> FILE-IMAGE Foxit Reader malformed GIF LZW minimum code size memory corruption attempt (file-image.rules)
 * 1:52387 <-> DISABLED <-> SERVER-OTHER MIT Kerberos 5 krb5_read_message kprop protocol bad sendauth version length denial of service attempt (server-other.rules)
 * 1:52394 <-> DISABLED <-> SERVER-OTHER LibVNCServer file transfer extension heap buffer overflow attempt (server-other.rules)
 * 1:52365 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Agent variant payload download attempt (malware-other.rules)
 * 1:52389 <-> DISABLED <-> SERVER-OTHER MIT Kerberos 5 krb5_read_message klogin ksh kprop protocols bad app version string denial of service attempt (server-other.rules)
 * 1:52399 <-> DISABLED <-> FILE-IMAGE Foxit Reader malformed GIF LZW minimum code size memory corruption attempt (file-image.rules)
 * 1:52375 <-> DISABLED <-> MALWARE-TOOLS Win.Downloader.Get2 download attempt (malware-tools.rules)
 * 3:52367 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2019-0964 attack attempt (file-other.rules)
 * 3:52368 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2019-0964 attack attempt (file-other.rules)

Modified Rules:


 * 1:47896 <-> DISABLED <-> SERVER-OTHER Alt-N MDaemon buffer overflow attempt (server-other.rules)
 * 1:47897 <-> DISABLED <-> SERVER-OTHER Alt-N MDaemon buffer overflow attempt (server-other.rules)
 * 1:23266 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word invalid sprmTDefTable length stack buffer overflow attempt (file-office.rules)
 * 1:34709 <-> DISABLED <-> SERVER-OTHER MIT Kerberos 5 krb5_read_message denial of service attempt (server-other.rules)
 * 1:17591 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word invalid sprmTDefTable length stack buffer overflow attempt (file-office.rules)
 * 1:23267 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word invalid sprmTDefTable length stack buffer overflow attempt (file-office.rules)
 * 1:31082 <-> DISABLED <-> SERVER-OTHER Vino VNC multiple client authentication denial of service attempt (server-other.rules)
 * 1:23268 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word invalid sprmTDefTable length stack buffer overflow attempt (file-office.rules)