Talos Rules 2019-12-05
This release adds and modifies rules in several categories.

Talos has added and modified multiple rules in the browser-chrome, file-image, file-office, file-other, malware-other, malware-tools, os-windows, protocol-scada, server-mysql and server-webapp rule sets to provide coverage for emerging threats from these technologies.

Change logs

2019-12-05 13:56:03 UTC

Snort Subscriber Rules Update

Date: 2019-12-05

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091500.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:52380 <-> DISABLED <-> MALWARE-TOOLS Win.Downloader.Get2 download attempt (malware-tools.rules)
 * 1:52361 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Agent variant payload download attempt (malware-other.rules)
 * 1:52360 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Agent variant payload download attempt (malware-other.rules)
 * 1:52359 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word invalid sprmTDefTable length stack buffer overflow attempt (file-office.rules)
 * 1:52358 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word invalid sprmTDefTable length stack buffer overflow attempt (file-office.rules)
 * 1:52357 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word invalid sprmTDefTable length stack buffer overflow attempt (file-office.rules)
 * 1:52356 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word invalid sprmTDefTable length stack buffer overflow attempt (file-office.rules)
 * 1:52355 <-> DISABLED <-> SERVER-WEBAPP rConfig ajaxServerSettingsChk.php command injection attempt (server-webapp.rules)
 * 1:52354 <-> DISABLED <-> SERVER-WEBAPP rConfig ajaxServerSettingsChk.php command injection attempt (server-webapp.rules)
 * 1:52353 <-> DISABLED <-> SERVER-WEBAPP rConfig ajaxServerSettingsChk.php command injection attempt (server-webapp.rules)
 * 1:52352 <-> DISABLED <-> SERVER-WEBAPP Wordpress Plainview Activity Monitor activities_overview.php command injection attempt (server-webapp.rules)
 * 1:52351 <-> DISABLED <-> SERVER-WEBAPP Wordpress Plainview Activity Monitor activities_overview.php command injection attempt (server-webapp.rules)
 * 1:52350 <-> DISABLED <-> SERVER-WEBAPP Wordpress Plainview Activity Monitor activities_overview.php command injection attempt (server-webapp.rules)
 * 1:52379 <-> DISABLED <-> MALWARE-TOOLS Win.Downloader.Get2 download attempt (malware-tools.rules)
 * 1:52378 <-> DISABLED <-> MALWARE-TOOLS Win.Downloader.Get2 download attempt (malware-tools.rules)
 * 1:52377 <-> DISABLED <-> MALWARE-TOOLS Win.Downloader.Get2 download attempt (malware-tools.rules)
 * 1:52376 <-> DISABLED <-> MALWARE-TOOLS Win.Downloader.Get2 download attempt (malware-tools.rules)
 * 1:52375 <-> DISABLED <-> MALWARE-TOOLS Win.Downloader.Get2 download attempt (malware-tools.rules)
 * 1:52374 <-> DISABLED <-> MALWARE-OTHER Winnti Group VMProtected launcher variant download attempt (malware-other.rules)
 * 1:52373 <-> DISABLED <-> MALWARE-OTHER Winnti Group VMProtected launcher variant download attempt (malware-other.rules)
 * 1:52372 <-> DISABLED <-> SERVER-OTHER Alt-N MDaemon default credentials login attempt (server-other.rules)
 * 1:52371 <-> DISABLED <-> PROTOCOL-SCADA Siemens SIMATIC WinCC flexible runtime stack buffer overflow attempt (protocol-scada.rules)
 * 1:52370 <-> DISABLED <-> PROTOCOL-SCADA Siemens SIMATIC WinCC flexible runtime stack buffer overflow attempt (protocol-scada.rules)
 * 1:52369 <-> DISABLED <-> OS-WINDOWS Microsoft Windows and Server malformed header denial of service attempt (os-windows.rules)
 * 1:52366 <-> DISABLED <-> SERVER-MYSQL yaSSL SSL Hello Message buffer overflow attempt (server-mysql.rules)
 * 1:52365 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Agent variant payload download attempt (malware-other.rules)
 * 1:52364 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Agent variant payload download attempt (malware-other.rules)
 * 1:52363 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Agent variant payload download attempt (malware-other.rules)
 * 1:52362 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Agent variant payload download attempt (malware-other.rules)
 * 1:52386 <-> DISABLED <-> SERVER-OTHER MIT Kerberos 5 krb5_read_message klogin ksh kprop protocols bad app version length denial of service attempt (server-other.rules)
 * 1:52383 <-> DISABLED <-> FILE-OTHER Adobe Acrobat and Reader crafted .joboptions file download attempt (file-other.rules)
 * 1:52382 <-> DISABLED <-> MALWARE-TOOLS Win.Downloader.Get2 download attempt (malware-tools.rules)
 * 1:52381 <-> DISABLED <-> MALWARE-TOOLS Win.Downloader.Get2 download attempt (malware-tools.rules)
 * 1:52385 <-> DISABLED <-> SERVER-OTHER MIT Kerberos 5 krb5_read_message klogin protocol bad sendauth or app version length denial of service attempt (server-other.rules)
 * 1:52384 <-> DISABLED <-> SERVER-OTHER MIT Kerberos 5 krb5_read_message klogin ksh kprop protocols bad sendauth version string denial of service attempt (server-other.rules)
 * 1:52387 <-> DISABLED <-> SERVER-OTHER MIT Kerberos 5 krb5_read_message kprop protocol bad sendauth version length denial of service attempt (server-other.rules)
 * 1:52390 <-> DISABLED <-> SERVER-OTHER MIT Kerberos 5 krb5_read_message klogin ksh kprop protocols bad app version string denial of service attempt (server-other.rules)
 * 1:52389 <-> DISABLED <-> SERVER-OTHER MIT Kerberos 5 krb5_read_message klogin ksh kprop protocols bad app version string denial of service attempt (server-other.rules)
 * 1:52388 <-> DISABLED <-> SERVER-OTHER MIT Kerberos 5 krb5_read_message klogin ksh kprop protocols bad sendauth version string denial of service attempt (server-other.rules)
 * 1:52392 <-> DISABLED <-> SERVER-OTHER MIT Kerberos 5 krb5_read_message ksh protocol bad sendauth version length denial of service attempt (server-other.rules)
 * 1:52391 <-> DISABLED <-> SERVER-OTHER MIT Kerberos 5 krb5_read_message ksh protocol bad sendauth version length denial of service attempt (server-other.rules)
 * 1:52393 <-> DISABLED <-> SERVER-OTHER LibVNCServer file transfer extension heap buffer overflow attempt (server-other.rules)
 * 1:52401 <-> ENABLED <-> BROWSER-CHROME V8 JavaScript engine Out-of-Memory denial of service attempt (browser-chrome.rules)
 * 1:52400 <-> ENABLED <-> BROWSER-CHROME V8 JavaScript engine Out-of-Memory denial of service attempt (browser-chrome.rules)
 * 1:52399 <-> DISABLED <-> FILE-IMAGE Foxit Reader malformed GIF LZW minimum code size memory corruption attempt (file-image.rules)
 * 1:52398 <-> DISABLED <-> FILE-IMAGE Foxit Reader malformed GIF LZW minimum code size memory corruption attempt (file-image.rules)
 * 1:52397 <-> DISABLED <-> SERVER-OTHER LibVNCServer file transfer extension heap buffer overflow attempt (server-other.rules)
 * 1:52396 <-> DISABLED <-> SERVER-OTHER LibVNCServer file transfer extension heap buffer overflow attempt (server-other.rules)
 * 1:52395 <-> DISABLED <-> SERVER-OTHER LibVNCServer file transfer extension heap buffer overflow attempt (server-other.rules)
 * 1:52394 <-> DISABLED <-> SERVER-OTHER LibVNCServer file transfer extension heap buffer overflow attempt (server-other.rules)
 * 3:52368 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2019-0964 attack attempt (file-other.rules)
 * 3:52367 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2019-0964 attack attempt (file-other.rules)

Modified Rules:


 * 1:23267 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word invalid sprmTDefTable length stack buffer overflow attempt (file-office.rules)
 * 1:23266 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word invalid sprmTDefTable length stack buffer overflow attempt (file-office.rules)
 * 1:31082 <-> DISABLED <-> SERVER-OTHER Vino VNC multiple client authentication denial of service attempt (server-other.rules)
 * 1:23268 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word invalid sprmTDefTable length stack buffer overflow attempt (file-office.rules)
 * 1:34709 <-> DISABLED <-> SERVER-OTHER MIT Kerberos 5 krb5_read_message denial of service attempt (server-other.rules)
 * 1:47896 <-> DISABLED <-> SERVER-OTHER Alt-N MDaemon buffer overflow attempt (server-other.rules)
 * 1:47897 <-> DISABLED <-> SERVER-OTHER Alt-N MDaemon buffer overflow attempt (server-other.rules)
 * 1:17591 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word invalid sprmTDefTable length stack buffer overflow attempt (file-office.rules)

2019-12-05 13:56:03 UTC

Snort Subscriber Rules Update

Date: 2019-12-05

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091401.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:52390 <-> DISABLED <-> SERVER-OTHER MIT Kerberos 5 krb5_read_message klogin ksh kprop protocols bad app version string denial of service attempt (server-other.rules)
 * 1:52391 <-> DISABLED <-> SERVER-OTHER MIT Kerberos 5 krb5_read_message ksh protocol bad sendauth version length denial of service attempt (server-other.rules)
 * 1:52352 <-> DISABLED <-> SERVER-WEBAPP Wordpress Plainview Activity Monitor activities_overview.php command injection attempt (server-webapp.rules)
 * 1:52355 <-> DISABLED <-> SERVER-WEBAPP rConfig ajaxServerSettingsChk.php command injection attempt (server-webapp.rules)
 * 1:52350 <-> DISABLED <-> SERVER-WEBAPP Wordpress Plainview Activity Monitor activities_overview.php command injection attempt (server-webapp.rules)
 * 1:52362 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Agent variant payload download attempt (malware-other.rules)
 * 1:52363 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Agent variant payload download attempt (malware-other.rules)
 * 1:52353 <-> DISABLED <-> SERVER-WEBAPP rConfig ajaxServerSettingsChk.php command injection attempt (server-webapp.rules)
 * 1:52364 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Agent variant payload download attempt (malware-other.rules)
 * 1:52365 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Agent variant payload download attempt (malware-other.rules)
 * 1:52366 <-> DISABLED <-> SERVER-MYSQL yaSSL SSL Hello Message buffer overflow attempt (server-mysql.rules)
 * 1:52369 <-> DISABLED <-> OS-WINDOWS Microsoft Windows and Server malformed header denial of service attempt (os-windows.rules)
 * 1:52372 <-> DISABLED <-> SERVER-OTHER Alt-N MDaemon default credentials login attempt (server-other.rules)
 * 1:52373 <-> DISABLED <-> MALWARE-OTHER Winnti Group VMProtected launcher variant download attempt (malware-other.rules)
 * 1:52374 <-> DISABLED <-> MALWARE-OTHER Winnti Group VMProtected launcher variant download attempt (malware-other.rules)
 * 1:52375 <-> DISABLED <-> MALWARE-TOOLS Win.Downloader.Get2 download attempt (malware-tools.rules)
 * 1:52371 <-> DISABLED <-> PROTOCOL-SCADA Siemens SIMATIC WinCC flexible runtime stack buffer overflow attempt (protocol-scada.rules)
 * 1:52370 <-> DISABLED <-> PROTOCOL-SCADA Siemens SIMATIC WinCC flexible runtime stack buffer overflow attempt (protocol-scada.rules)
 * 1:52378 <-> DISABLED <-> MALWARE-TOOLS Win.Downloader.Get2 download attempt (malware-tools.rules)
 * 1:52379 <-> DISABLED <-> MALWARE-TOOLS Win.Downloader.Get2 download attempt (malware-tools.rules)
 * 1:52376 <-> DISABLED <-> MALWARE-TOOLS Win.Downloader.Get2 download attempt (malware-tools.rules)
 * 1:52380 <-> DISABLED <-> MALWARE-TOOLS Win.Downloader.Get2 download attempt (malware-tools.rules)
 * 1:52381 <-> DISABLED <-> MALWARE-TOOLS Win.Downloader.Get2 download attempt (malware-tools.rules)
 * 1:52377 <-> DISABLED <-> MALWARE-TOOLS Win.Downloader.Get2 download attempt (malware-tools.rules)
 * 1:52382 <-> DISABLED <-> MALWARE-TOOLS Win.Downloader.Get2 download attempt (malware-tools.rules)
 * 1:52401 <-> ENABLED <-> BROWSER-CHROME V8 JavaScript engine Out-of-Memory denial of service attempt (browser-chrome.rules)
 * 1:52400 <-> ENABLED <-> BROWSER-CHROME V8 JavaScript engine Out-of-Memory denial of service attempt (browser-chrome.rules)
 * 1:52399 <-> DISABLED <-> FILE-IMAGE Foxit Reader malformed GIF LZW minimum code size memory corruption attempt (file-image.rules)
 * 1:52398 <-> DISABLED <-> FILE-IMAGE Foxit Reader malformed GIF LZW minimum code size memory corruption attempt (file-image.rules)
 * 1:52397 <-> DISABLED <-> SERVER-OTHER LibVNCServer file transfer extension heap buffer overflow attempt (server-other.rules)
 * 1:52396 <-> DISABLED <-> SERVER-OTHER LibVNCServer file transfer extension heap buffer overflow attempt (server-other.rules)
 * 1:52395 <-> DISABLED <-> SERVER-OTHER LibVNCServer file transfer extension heap buffer overflow attempt (server-other.rules)
 * 1:52351 <-> DISABLED <-> SERVER-WEBAPP Wordpress Plainview Activity Monitor activities_overview.php command injection attempt (server-webapp.rules)
 * 1:52394 <-> DISABLED <-> SERVER-OTHER LibVNCServer file transfer extension heap buffer overflow attempt (server-other.rules)
 * 1:52393 <-> DISABLED <-> SERVER-OTHER LibVNCServer file transfer extension heap buffer overflow attempt (server-other.rules)
 * 1:52392 <-> DISABLED <-> SERVER-OTHER MIT Kerberos 5 krb5_read_message ksh protocol bad sendauth version length denial of service attempt (server-other.rules)
 * 1:52383 <-> DISABLED <-> FILE-OTHER Adobe Acrobat and Reader crafted .joboptions file download attempt (file-other.rules)
 * 1:52384 <-> DISABLED <-> SERVER-OTHER MIT Kerberos 5 krb5_read_message klogin ksh kprop protocols bad sendauth version string denial of service attempt (server-other.rules)
 * 1:52385 <-> DISABLED <-> SERVER-OTHER MIT Kerberos 5 krb5_read_message klogin protocol bad sendauth or app version length denial of service attempt (server-other.rules)
 * 1:52386 <-> DISABLED <-> SERVER-OTHER MIT Kerberos 5 krb5_read_message klogin ksh kprop protocols bad app version length denial of service attempt (server-other.rules)
 * 1:52387 <-> DISABLED <-> SERVER-OTHER MIT Kerberos 5 krb5_read_message kprop protocol bad sendauth version length denial of service attempt (server-other.rules)
 * 1:52388 <-> DISABLED <-> SERVER-OTHER MIT Kerberos 5 krb5_read_message klogin ksh kprop protocols bad sendauth version string denial of service attempt (server-other.rules)
 * 1:52389 <-> DISABLED <-> SERVER-OTHER MIT Kerberos 5 krb5_read_message klogin ksh kprop protocols bad app version string denial of service attempt (server-other.rules)
 * 1:52357 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word invalid sprmTDefTable length stack buffer overflow attempt (file-office.rules)
 * 1:52358 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word invalid sprmTDefTable length stack buffer overflow attempt (file-office.rules)
 * 1:52356 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word invalid sprmTDefTable length stack buffer overflow attempt (file-office.rules)
 * 1:52361 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Agent variant payload download attempt (malware-other.rules)
 * 1:52354 <-> DISABLED <-> SERVER-WEBAPP rConfig ajaxServerSettingsChk.php command injection attempt (server-webapp.rules)
 * 1:52359 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word invalid sprmTDefTable length stack buffer overflow attempt (file-office.rules)
 * 1:52360 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Agent variant payload download attempt (malware-other.rules)
 * 3:52367 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2019-0964 attack attempt (file-other.rules)
 * 3:52368 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2019-0964 attack attempt (file-other.rules)

Modified Rules:


 * 1:23267 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word invalid sprmTDefTable length stack buffer overflow attempt (file-office.rules)
 * 1:23266 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word invalid sprmTDefTable length stack buffer overflow attempt (file-office.rules)
 * 1:17591 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word invalid sprmTDefTable length stack buffer overflow attempt (file-office.rules)
 * 1:31082 <-> DISABLED <-> SERVER-OTHER Vino VNC multiple client authentication denial of service attempt (server-other.rules)
 * 1:23268 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word invalid sprmTDefTable length stack buffer overflow attempt (file-office.rules)
 * 1:47897 <-> DISABLED <-> SERVER-OTHER Alt-N MDaemon buffer overflow attempt (server-other.rules)
 * 1:47896 <-> DISABLED <-> SERVER-OTHER Alt-N MDaemon buffer overflow attempt (server-other.rules)
 * 1:34709 <-> DISABLED <-> SERVER-OTHER MIT Kerberos 5 krb5_read_message denial of service attempt (server-other.rules)

2019-12-05 13:56:03 UTC

Snort Subscriber Rules Update

Date: 2019-12-05

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091300.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:52352 <-> DISABLED <-> SERVER-WEBAPP Wordpress Plainview Activity Monitor activities_overview.php command injection attempt (server-webapp.rules)
 * 1:52390 <-> DISABLED <-> SERVER-OTHER MIT Kerberos 5 krb5_read_message klogin ksh kprop protocols bad app version string denial of service attempt (server-other.rules)
 * 1:52391 <-> DISABLED <-> SERVER-OTHER MIT Kerberos 5 krb5_read_message ksh protocol bad sendauth version length denial of service attempt (server-other.rules)
 * 1:52394 <-> DISABLED <-> SERVER-OTHER LibVNCServer file transfer extension heap buffer overflow attempt (server-other.rules)
 * 1:52392 <-> DISABLED <-> SERVER-OTHER MIT Kerberos 5 krb5_read_message ksh protocol bad sendauth version length denial of service attempt (server-other.rules)
 * 1:52393 <-> DISABLED <-> SERVER-OTHER LibVNCServer file transfer extension heap buffer overflow attempt (server-other.rules)
 * 1:52373 <-> DISABLED <-> MALWARE-OTHER Winnti Group VMProtected launcher variant download attempt (malware-other.rules)
 * 1:52388 <-> DISABLED <-> SERVER-OTHER MIT Kerberos 5 krb5_read_message klogin ksh kprop protocols bad sendauth version string denial of service attempt (server-other.rules)
 * 1:52401 <-> ENABLED <-> BROWSER-CHROME V8 JavaScript engine Out-of-Memory denial of service attempt (browser-chrome.rules)
 * 1:52400 <-> ENABLED <-> BROWSER-CHROME V8 JavaScript engine Out-of-Memory denial of service attempt (browser-chrome.rules)
 * 1:52399 <-> DISABLED <-> FILE-IMAGE Foxit Reader malformed GIF LZW minimum code size memory corruption attempt (file-image.rules)
 * 1:52398 <-> DISABLED <-> FILE-IMAGE Foxit Reader malformed GIF LZW minimum code size memory corruption attempt (file-image.rules)
 * 1:52397 <-> DISABLED <-> SERVER-OTHER LibVNCServer file transfer extension heap buffer overflow attempt (server-other.rules)
 * 1:52396 <-> DISABLED <-> SERVER-OTHER LibVNCServer file transfer extension heap buffer overflow attempt (server-other.rules)
 * 1:52351 <-> DISABLED <-> SERVER-WEBAPP Wordpress Plainview Activity Monitor activities_overview.php command injection attempt (server-webapp.rules)
 * 1:52395 <-> DISABLED <-> SERVER-OTHER LibVNCServer file transfer extension heap buffer overflow attempt (server-other.rules)
 * 1:52386 <-> DISABLED <-> SERVER-OTHER MIT Kerberos 5 krb5_read_message klogin ksh kprop protocols bad app version length denial of service attempt (server-other.rules)
 * 1:52384 <-> DISABLED <-> SERVER-OTHER MIT Kerberos 5 krb5_read_message klogin ksh kprop protocols bad sendauth version string denial of service attempt (server-other.rules)
 * 1:52385 <-> DISABLED <-> SERVER-OTHER MIT Kerberos 5 krb5_read_message klogin protocol bad sendauth or app version length denial of service attempt (server-other.rules)
 * 1:52389 <-> DISABLED <-> SERVER-OTHER MIT Kerberos 5 krb5_read_message klogin ksh kprop protocols bad app version string denial of service attempt (server-other.rules)
 * 1:52387 <-> DISABLED <-> SERVER-OTHER MIT Kerberos 5 krb5_read_message kprop protocol bad sendauth version length denial of service attempt (server-other.rules)
 * 1:52355 <-> DISABLED <-> SERVER-WEBAPP rConfig ajaxServerSettingsChk.php command injection attempt (server-webapp.rules)
 * 1:52350 <-> DISABLED <-> SERVER-WEBAPP Wordpress Plainview Activity Monitor activities_overview.php command injection attempt (server-webapp.rules)
 * 1:52362 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Agent variant payload download attempt (malware-other.rules)
 * 1:52363 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Agent variant payload download attempt (malware-other.rules)
 * 1:52364 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Agent variant payload download attempt (malware-other.rules)
 * 1:52365 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Agent variant payload download attempt (malware-other.rules)
 * 1:52366 <-> DISABLED <-> SERVER-MYSQL yaSSL SSL Hello Message buffer overflow attempt (server-mysql.rules)
 * 1:52369 <-> DISABLED <-> OS-WINDOWS Microsoft Windows and Server malformed header denial of service attempt (os-windows.rules)
 * 1:52370 <-> DISABLED <-> PROTOCOL-SCADA Siemens SIMATIC WinCC flexible runtime stack buffer overflow attempt (protocol-scada.rules)
 * 1:52371 <-> DISABLED <-> PROTOCOL-SCADA Siemens SIMATIC WinCC flexible runtime stack buffer overflow attempt (protocol-scada.rules)
 * 1:52372 <-> DISABLED <-> SERVER-OTHER Alt-N MDaemon default credentials login attempt (server-other.rules)
 * 1:52374 <-> DISABLED <-> MALWARE-OTHER Winnti Group VMProtected launcher variant download attempt (malware-other.rules)
 * 1:52375 <-> DISABLED <-> MALWARE-TOOLS Win.Downloader.Get2 download attempt (malware-tools.rules)
 * 1:52376 <-> DISABLED <-> MALWARE-TOOLS Win.Downloader.Get2 download attempt (malware-tools.rules)
 * 1:52353 <-> DISABLED <-> SERVER-WEBAPP rConfig ajaxServerSettingsChk.php command injection attempt (server-webapp.rules)
 * 1:52354 <-> DISABLED <-> SERVER-WEBAPP rConfig ajaxServerSettingsChk.php command injection attempt (server-webapp.rules)
 * 1:52360 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Agent variant payload download attempt (malware-other.rules)
 * 1:52361 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Agent variant payload download attempt (malware-other.rules)
 * 1:52358 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word invalid sprmTDefTable length stack buffer overflow attempt (file-office.rules)
 * 1:52359 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word invalid sprmTDefTable length stack buffer overflow attempt (file-office.rules)
 * 1:52356 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word invalid sprmTDefTable length stack buffer overflow attempt (file-office.rules)
 * 1:52357 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word invalid sprmTDefTable length stack buffer overflow attempt (file-office.rules)
 * 1:52377 <-> DISABLED <-> MALWARE-TOOLS Win.Downloader.Get2 download attempt (malware-tools.rules)
 * 1:52378 <-> DISABLED <-> MALWARE-TOOLS Win.Downloader.Get2 download attempt (malware-tools.rules)
 * 1:52383 <-> DISABLED <-> FILE-OTHER Adobe Acrobat and Reader crafted .joboptions file download attempt (file-other.rules)
 * 1:52381 <-> DISABLED <-> MALWARE-TOOLS Win.Downloader.Get2 download attempt (malware-tools.rules)
 * 1:52382 <-> DISABLED <-> MALWARE-TOOLS Win.Downloader.Get2 download attempt (malware-tools.rules)
 * 1:52379 <-> DISABLED <-> MALWARE-TOOLS Win.Downloader.Get2 download attempt (malware-tools.rules)
 * 1:52380 <-> DISABLED <-> MALWARE-TOOLS Win.Downloader.Get2 download attempt (malware-tools.rules)
 * 3:52367 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2019-0964 attack attempt (file-other.rules)
 * 3:52368 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2019-0964 attack attempt (file-other.rules)

Modified Rules:


 * 1:23267 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word invalid sprmTDefTable length stack buffer overflow attempt (file-office.rules)
 * 1:31082 <-> DISABLED <-> SERVER-OTHER Vino VNC multiple client authentication denial of service attempt (server-other.rules)
 * 1:23266 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word invalid sprmTDefTable length stack buffer overflow attempt (file-office.rules)
 * 1:23268 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word invalid sprmTDefTable length stack buffer overflow attempt (file-office.rules)
 * 1:34709 <-> DISABLED <-> SERVER-OTHER MIT Kerberos 5 krb5_read_message denial of service attempt (server-other.rules)
 * 1:47896 <-> DISABLED <-> SERVER-OTHER Alt-N MDaemon buffer overflow attempt (server-other.rules)
 * 1:47897 <-> DISABLED <-> SERVER-OTHER Alt-N MDaemon buffer overflow attempt (server-other.rules)
 * 1:17591 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word invalid sprmTDefTable length stack buffer overflow attempt (file-office.rules)

2019-12-05 13:56:03 UTC

Snort Subscriber Rules Update

Date: 2019-12-05

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091200.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:52390 <-> DISABLED <-> SERVER-OTHER MIT Kerberos 5 krb5_read_message klogin ksh kprop protocols bad app version string denial of service attempt (server-other.rules)
 * 1:52391 <-> DISABLED <-> SERVER-OTHER MIT Kerberos 5 krb5_read_message ksh protocol bad sendauth version length denial of service attempt (server-other.rules)
 * 1:52399 <-> DISABLED <-> FILE-IMAGE Foxit Reader malformed GIF LZW minimum code size memory corruption attempt (file-image.rules)
 * 1:52352 <-> DISABLED <-> SERVER-WEBAPP Wordpress Plainview Activity Monitor activities_overview.php command injection attempt (server-webapp.rules)
 * 1:52393 <-> DISABLED <-> SERVER-OTHER LibVNCServer file transfer extension heap buffer overflow attempt (server-other.rules)
 * 1:52392 <-> DISABLED <-> SERVER-OTHER MIT Kerberos 5 krb5_read_message ksh protocol bad sendauth version length denial of service attempt (server-other.rules)
 * 1:52395 <-> DISABLED <-> SERVER-OTHER LibVNCServer file transfer extension heap buffer overflow attempt (server-other.rules)
 * 1:52355 <-> DISABLED <-> SERVER-WEBAPP rConfig ajaxServerSettingsChk.php command injection attempt (server-webapp.rules)
 * 1:52350 <-> DISABLED <-> SERVER-WEBAPP Wordpress Plainview Activity Monitor activities_overview.php command injection attempt (server-webapp.rules)
 * 1:52401 <-> ENABLED <-> BROWSER-CHROME V8 JavaScript engine Out-of-Memory denial of service attempt (browser-chrome.rules)
 * 1:52377 <-> DISABLED <-> MALWARE-TOOLS Win.Downloader.Get2 download attempt (malware-tools.rules)
 * 1:52362 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Agent variant payload download attempt (malware-other.rules)
 * 1:52363 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Agent variant payload download attempt (malware-other.rules)
 * 1:52379 <-> DISABLED <-> MALWARE-TOOLS Win.Downloader.Get2 download attempt (malware-tools.rules)
 * 1:52353 <-> DISABLED <-> SERVER-WEBAPP rConfig ajaxServerSettingsChk.php command injection attempt (server-webapp.rules)
 * 1:52394 <-> DISABLED <-> SERVER-OTHER LibVNCServer file transfer extension heap buffer overflow attempt (server-other.rules)
 * 1:52354 <-> DISABLED <-> SERVER-WEBAPP rConfig ajaxServerSettingsChk.php command injection attempt (server-webapp.rules)
 * 1:52358 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word invalid sprmTDefTable length stack buffer overflow attempt (file-office.rules)
 * 1:52360 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Agent variant payload download attempt (malware-other.rules)
 * 1:52361 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Agent variant payload download attempt (malware-other.rules)
 * 1:52359 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word invalid sprmTDefTable length stack buffer overflow attempt (file-office.rules)
 * 1:52356 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word invalid sprmTDefTable length stack buffer overflow attempt (file-office.rules)
 * 1:52357 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word invalid sprmTDefTable length stack buffer overflow attempt (file-office.rules)
 * 1:52398 <-> DISABLED <-> FILE-IMAGE Foxit Reader malformed GIF LZW minimum code size memory corruption attempt (file-image.rules)
 * 1:52396 <-> DISABLED <-> SERVER-OTHER LibVNCServer file transfer extension heap buffer overflow attempt (server-other.rules)
 * 1:52397 <-> DISABLED <-> SERVER-OTHER LibVNCServer file transfer extension heap buffer overflow attempt (server-other.rules)
 * 1:52400 <-> ENABLED <-> BROWSER-CHROME V8 JavaScript engine Out-of-Memory denial of service attempt (browser-chrome.rules)
 * 1:52388 <-> DISABLED <-> SERVER-OTHER MIT Kerberos 5 krb5_read_message klogin ksh kprop protocols bad sendauth version string denial of service attempt (server-other.rules)
 * 1:52386 <-> DISABLED <-> SERVER-OTHER MIT Kerberos 5 krb5_read_message klogin ksh kprop protocols bad app version length denial of service attempt (server-other.rules)
 * 1:52387 <-> DISABLED <-> SERVER-OTHER MIT Kerberos 5 krb5_read_message kprop protocol bad sendauth version length denial of service attempt (server-other.rules)
 * 1:52385 <-> DISABLED <-> SERVER-OTHER MIT Kerberos 5 krb5_read_message klogin protocol bad sendauth or app version length denial of service attempt (server-other.rules)
 * 1:52389 <-> DISABLED <-> SERVER-OTHER MIT Kerberos 5 krb5_read_message klogin ksh kprop protocols bad app version string denial of service attempt (server-other.rules)
 * 1:52375 <-> DISABLED <-> MALWARE-TOOLS Win.Downloader.Get2 download attempt (malware-tools.rules)
 * 1:52384 <-> DISABLED <-> SERVER-OTHER MIT Kerberos 5 krb5_read_message klogin ksh kprop protocols bad sendauth version string denial of service attempt (server-other.rules)
 * 1:52373 <-> DISABLED <-> MALWARE-OTHER Winnti Group VMProtected launcher variant download attempt (malware-other.rules)
 * 1:52374 <-> DISABLED <-> MALWARE-OTHER Winnti Group VMProtected launcher variant download attempt (malware-other.rules)
 * 1:52372 <-> DISABLED <-> SERVER-OTHER Alt-N MDaemon default credentials login attempt (server-other.rules)
 * 1:52370 <-> DISABLED <-> PROTOCOL-SCADA Siemens SIMATIC WinCC flexible runtime stack buffer overflow attempt (protocol-scada.rules)
 * 1:52371 <-> DISABLED <-> PROTOCOL-SCADA Siemens SIMATIC WinCC flexible runtime stack buffer overflow attempt (protocol-scada.rules)
 * 1:52366 <-> DISABLED <-> SERVER-MYSQL yaSSL SSL Hello Message buffer overflow attempt (server-mysql.rules)
 * 1:52369 <-> DISABLED <-> OS-WINDOWS Microsoft Windows and Server malformed header denial of service attempt (os-windows.rules)
 * 1:52364 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Agent variant payload download attempt (malware-other.rules)
 * 1:52365 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Agent variant payload download attempt (malware-other.rules)
 * 1:52376 <-> DISABLED <-> MALWARE-TOOLS Win.Downloader.Get2 download attempt (malware-tools.rules)
 * 1:52378 <-> DISABLED <-> MALWARE-TOOLS Win.Downloader.Get2 download attempt (malware-tools.rules)
 * 1:52383 <-> DISABLED <-> FILE-OTHER Adobe Acrobat and Reader crafted .joboptions file download attempt (file-other.rules)
 * 1:52382 <-> DISABLED <-> MALWARE-TOOLS Win.Downloader.Get2 download attempt (malware-tools.rules)
 * 1:52380 <-> DISABLED <-> MALWARE-TOOLS Win.Downloader.Get2 download attempt (malware-tools.rules)
 * 1:52381 <-> DISABLED <-> MALWARE-TOOLS Win.Downloader.Get2 download attempt (malware-tools.rules)
 * 1:52351 <-> DISABLED <-> SERVER-WEBAPP Wordpress Plainview Activity Monitor activities_overview.php command injection attempt (server-webapp.rules)
 * 3:52367 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2019-0964 attack attempt (file-other.rules)
 * 3:52368 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2019-0964 attack attempt (file-other.rules)

Modified Rules:


 * 1:17591 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word invalid sprmTDefTable length stack buffer overflow attempt (file-office.rules)
 * 1:23268 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word invalid sprmTDefTable length stack buffer overflow attempt (file-office.rules)
 * 1:31082 <-> DISABLED <-> SERVER-OTHER Vino VNC multiple client authentication denial of service attempt (server-other.rules)
 * 1:47896 <-> DISABLED <-> SERVER-OTHER Alt-N MDaemon buffer overflow attempt (server-other.rules)
 * 1:34709 <-> DISABLED <-> SERVER-OTHER MIT Kerberos 5 krb5_read_message denial of service attempt (server-other.rules)
 * 1:23266 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word invalid sprmTDefTable length stack buffer overflow attempt (file-office.rules)
 * 1:23267 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word invalid sprmTDefTable length stack buffer overflow attempt (file-office.rules)
 * 1:47897 <-> DISABLED <-> SERVER-OTHER Alt-N MDaemon buffer overflow attempt (server-other.rules)

2019-12-05 13:56:03 UTC

Snort Subscriber Rules Update

Date: 2019-12-05

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091101.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:52393 <-> DISABLED <-> SERVER-OTHER LibVNCServer file transfer extension heap buffer overflow attempt (server-other.rules)
 * 1:52390 <-> DISABLED <-> SERVER-OTHER MIT Kerberos 5 krb5_read_message klogin ksh kprop protocols bad app version string denial of service attempt (server-other.rules)
 * 1:52392 <-> DISABLED <-> SERVER-OTHER MIT Kerberos 5 krb5_read_message ksh protocol bad sendauth version length denial of service attempt (server-other.rules)
 * 1:52391 <-> DISABLED <-> SERVER-OTHER MIT Kerberos 5 krb5_read_message ksh protocol bad sendauth version length denial of service attempt (server-other.rules)
 * 1:52351 <-> DISABLED <-> SERVER-WEBAPP Wordpress Plainview Activity Monitor activities_overview.php command injection attempt (server-webapp.rules)
 * 1:52352 <-> DISABLED <-> SERVER-WEBAPP Wordpress Plainview Activity Monitor activities_overview.php command injection attempt (server-webapp.rules)
 * 1:52400 <-> ENABLED <-> BROWSER-CHROME V8 JavaScript engine Out-of-Memory denial of service attempt (browser-chrome.rules)
 * 1:52353 <-> DISABLED <-> SERVER-WEBAPP rConfig ajaxServerSettingsChk.php command injection attempt (server-webapp.rules)
 * 1:52396 <-> DISABLED <-> SERVER-OTHER LibVNCServer file transfer extension heap buffer overflow attempt (server-other.rules)
 * 1:52394 <-> DISABLED <-> SERVER-OTHER LibVNCServer file transfer extension heap buffer overflow attempt (server-other.rules)
 * 1:52401 <-> ENABLED <-> BROWSER-CHROME V8 JavaScript engine Out-of-Memory denial of service attempt (browser-chrome.rules)
 * 1:52350 <-> DISABLED <-> SERVER-WEBAPP Wordpress Plainview Activity Monitor activities_overview.php command injection attempt (server-webapp.rules)
 * 1:52360 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Agent variant payload download attempt (malware-other.rules)
 * 1:52361 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Agent variant payload download attempt (malware-other.rules)
 * 1:52359 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word invalid sprmTDefTable length stack buffer overflow attempt (file-office.rules)
 * 1:52356 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word invalid sprmTDefTable length stack buffer overflow attempt (file-office.rules)
 * 1:52357 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word invalid sprmTDefTable length stack buffer overflow attempt (file-office.rules)
 * 1:52374 <-> DISABLED <-> MALWARE-OTHER Winnti Group VMProtected launcher variant download attempt (malware-other.rules)
 * 1:52369 <-> DISABLED <-> OS-WINDOWS Microsoft Windows and Server malformed header denial of service attempt (os-windows.rules)
 * 1:52370 <-> DISABLED <-> PROTOCOL-SCADA Siemens SIMATIC WinCC flexible runtime stack buffer overflow attempt (protocol-scada.rules)
 * 1:52388 <-> DISABLED <-> SERVER-OTHER MIT Kerberos 5 krb5_read_message klogin ksh kprop protocols bad sendauth version string denial of service attempt (server-other.rules)
 * 1:52371 <-> DISABLED <-> PROTOCOL-SCADA Siemens SIMATIC WinCC flexible runtime stack buffer overflow attempt (protocol-scada.rules)
 * 1:52384 <-> DISABLED <-> SERVER-OTHER MIT Kerberos 5 krb5_read_message klogin ksh kprop protocols bad sendauth version string denial of service attempt (server-other.rules)
 * 1:52386 <-> DISABLED <-> SERVER-OTHER MIT Kerberos 5 krb5_read_message klogin ksh kprop protocols bad app version length denial of service attempt (server-other.rules)
 * 1:52387 <-> DISABLED <-> SERVER-OTHER MIT Kerberos 5 krb5_read_message kprop protocol bad sendauth version length denial of service attempt (server-other.rules)
 * 1:52389 <-> DISABLED <-> SERVER-OTHER MIT Kerberos 5 krb5_read_message klogin ksh kprop protocols bad app version string denial of service attempt (server-other.rules)
 * 1:52385 <-> DISABLED <-> SERVER-OTHER MIT Kerberos 5 krb5_read_message klogin protocol bad sendauth or app version length denial of service attempt (server-other.rules)
 * 1:52377 <-> DISABLED <-> MALWARE-TOOLS Win.Downloader.Get2 download attempt (malware-tools.rules)
 * 1:52376 <-> DISABLED <-> MALWARE-TOOLS Win.Downloader.Get2 download attempt (malware-tools.rules)
 * 1:52373 <-> DISABLED <-> MALWARE-OTHER Winnti Group VMProtected launcher variant download attempt (malware-other.rules)
 * 1:52380 <-> DISABLED <-> MALWARE-TOOLS Win.Downloader.Get2 download attempt (malware-tools.rules)
 * 1:52375 <-> DISABLED <-> MALWARE-TOOLS Win.Downloader.Get2 download attempt (malware-tools.rules)
 * 1:52378 <-> DISABLED <-> MALWARE-TOOLS Win.Downloader.Get2 download attempt (malware-tools.rules)
 * 1:52379 <-> DISABLED <-> MALWARE-TOOLS Win.Downloader.Get2 download attempt (malware-tools.rules)
 * 1:52381 <-> DISABLED <-> MALWARE-TOOLS Win.Downloader.Get2 download attempt (malware-tools.rules)
 * 1:52382 <-> DISABLED <-> MALWARE-TOOLS Win.Downloader.Get2 download attempt (malware-tools.rules)
 * 1:52383 <-> DISABLED <-> FILE-OTHER Adobe Acrobat and Reader crafted .joboptions file download attempt (file-other.rules)
 * 1:52362 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Agent variant payload download attempt (malware-other.rules)
 * 1:52363 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Agent variant payload download attempt (malware-other.rules)
 * 1:52355 <-> DISABLED <-> SERVER-WEBAPP rConfig ajaxServerSettingsChk.php command injection attempt (server-webapp.rules)
 * 1:52354 <-> DISABLED <-> SERVER-WEBAPP rConfig ajaxServerSettingsChk.php command injection attempt (server-webapp.rules)
 * 1:52358 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word invalid sprmTDefTable length stack buffer overflow attempt (file-office.rules)
 * 1:52365 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Agent variant payload download attempt (malware-other.rules)
 * 1:52395 <-> DISABLED <-> SERVER-OTHER LibVNCServer file transfer extension heap buffer overflow attempt (server-other.rules)
 * 1:52372 <-> DISABLED <-> SERVER-OTHER Alt-N MDaemon default credentials login attempt (server-other.rules)
 * 1:52366 <-> DISABLED <-> SERVER-MYSQL yaSSL SSL Hello Message buffer overflow attempt (server-mysql.rules)
 * 1:52399 <-> DISABLED <-> FILE-IMAGE Foxit Reader malformed GIF LZW minimum code size memory corruption attempt (file-image.rules)
 * 1:52397 <-> DISABLED <-> SERVER-OTHER LibVNCServer file transfer extension heap buffer overflow attempt (server-other.rules)
 * 1:52398 <-> DISABLED <-> FILE-IMAGE Foxit Reader malformed GIF LZW minimum code size memory corruption attempt (file-image.rules)
 * 1:52364 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Agent variant payload download attempt (malware-other.rules)
 * 3:52367 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2019-0964 attack attempt (file-other.rules)
 * 3:52368 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2019-0964 attack attempt (file-other.rules)

Modified Rules:


 * 1:23267 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word invalid sprmTDefTable length stack buffer overflow attempt (file-office.rules)
 * 1:23268 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word invalid sprmTDefTable length stack buffer overflow attempt (file-office.rules)
 * 1:31082 <-> DISABLED <-> SERVER-OTHER Vino VNC multiple client authentication denial of service attempt (server-other.rules)
 * 1:47896 <-> DISABLED <-> SERVER-OTHER Alt-N MDaemon buffer overflow attempt (server-other.rules)
 * 1:23266 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word invalid sprmTDefTable length stack buffer overflow attempt (file-office.rules)
 * 1:34709 <-> DISABLED <-> SERVER-OTHER MIT Kerberos 5 krb5_read_message denial of service attempt (server-other.rules)
 * 1:17591 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word invalid sprmTDefTable length stack buffer overflow attempt (file-office.rules)
 * 1:47897 <-> DISABLED <-> SERVER-OTHER Alt-N MDaemon buffer overflow attempt (server-other.rules)

2019-12-05 13:56:03 UTC

Snort Subscriber Rules Update

Date: 2019-12-05

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3000.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:52392 <-> DISABLED <-> SERVER-OTHER MIT Kerberos 5 krb5_read_message ksh protocol bad sendauth version length denial of service attempt (snort3-server-other.rules)
 * 1:52394 <-> DISABLED <-> SERVER-OTHER LibVNCServer file transfer extension heap buffer overflow attempt (snort3-server-other.rules)
 * 1:52353 <-> DISABLED <-> SERVER-WEBAPP rConfig ajaxServerSettingsChk.php command injection attempt (snort3-server-webapp.rules)
 * 1:52393 <-> DISABLED <-> SERVER-OTHER LibVNCServer file transfer extension heap buffer overflow attempt (snort3-server-other.rules)
 * 1:52352 <-> DISABLED <-> SERVER-WEBAPP Wordpress Plainview Activity Monitor activities_overview.php command injection attempt (snort3-server-webapp.rules)
 * 1:52381 <-> DISABLED <-> MALWARE-TOOLS Win.Downloader.Get2 download attempt (snort3-malware-tools.rules)
 * 1:52397 <-> DISABLED <-> SERVER-OTHER LibVNCServer file transfer extension heap buffer overflow attempt (snort3-server-other.rules)
 * 1:52395 <-> DISABLED <-> SERVER-OTHER LibVNCServer file transfer extension heap buffer overflow attempt (snort3-server-other.rules)
 * 1:52398 <-> DISABLED <-> FILE-IMAGE Foxit Reader malformed GIF LZW minimum code size memory corruption attempt (snort3-file-image.rules)
 * 1:52399 <-> DISABLED <-> FILE-IMAGE Foxit Reader malformed GIF LZW minimum code size memory corruption attempt (snort3-file-image.rules)
 * 1:52388 <-> DISABLED <-> SERVER-OTHER MIT Kerberos 5 krb5_read_message klogin ksh kprop protocols bad sendauth version string denial of service attempt (snort3-server-other.rules)
 * 1:52390 <-> DISABLED <-> SERVER-OTHER MIT Kerberos 5 krb5_read_message klogin ksh kprop protocols bad app version string denial of service attempt (snort3-server-other.rules)
 * 1:52356 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word invalid sprmTDefTable length stack buffer overflow attempt (snort3-file-office.rules)
 * 1:52350 <-> DISABLED <-> SERVER-WEBAPP Wordpress Plainview Activity Monitor activities_overview.php command injection attempt (snort3-server-webapp.rules)
 * 1:52357 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word invalid sprmTDefTable length stack buffer overflow attempt (snort3-file-office.rules)
 * 1:52358 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word invalid sprmTDefTable length stack buffer overflow attempt (snort3-file-office.rules)
 * 1:52359 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word invalid sprmTDefTable length stack buffer overflow attempt (snort3-file-office.rules)
 * 1:52382 <-> DISABLED <-> MALWARE-TOOLS Win.Downloader.Get2 download attempt (snort3-malware-tools.rules)
 * 1:52354 <-> DISABLED <-> SERVER-WEBAPP rConfig ajaxServerSettingsChk.php command injection attempt (snort3-server-webapp.rules)
 * 1:52351 <-> DISABLED <-> SERVER-WEBAPP Wordpress Plainview Activity Monitor activities_overview.php command injection attempt (snort3-server-webapp.rules)
 * 1:52360 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Agent variant payload download attempt (snort3-malware-other.rules)
 * 1:52361 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Agent variant payload download attempt (snort3-malware-other.rules)
 * 1:52362 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Agent variant payload download attempt (snort3-malware-other.rules)
 * 1:52355 <-> DISABLED <-> SERVER-WEBAPP rConfig ajaxServerSettingsChk.php command injection attempt (snort3-server-webapp.rules)
 * 1:52396 <-> DISABLED <-> SERVER-OTHER LibVNCServer file transfer extension heap buffer overflow attempt (snort3-server-other.rules)
 * 1:52383 <-> DISABLED <-> FILE-OTHER Adobe Acrobat and Reader crafted .joboptions file download attempt (snort3-file-other.rules)
 * 1:52391 <-> DISABLED <-> SERVER-OTHER MIT Kerberos 5 krb5_read_message ksh protocol bad sendauth version length denial of service attempt (snort3-server-other.rules)
 * 1:52364 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Agent variant payload download attempt (snort3-malware-other.rules)
 * 1:52365 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Agent variant payload download attempt (snort3-malware-other.rules)
 * 1:52363 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Agent variant payload download attempt (snort3-malware-other.rules)
 * 1:52379 <-> DISABLED <-> MALWARE-TOOLS Win.Downloader.Get2 download attempt (snort3-malware-tools.rules)
 * 1:52380 <-> DISABLED <-> MALWARE-TOOLS Win.Downloader.Get2 download attempt (snort3-malware-tools.rules)
 * 1:52384 <-> DISABLED <-> SERVER-OTHER MIT Kerberos 5 krb5_read_message klogin ksh kprop protocols bad sendauth version string denial of service attempt (snort3-server-other.rules)
 * 1:52387 <-> DISABLED <-> SERVER-OTHER MIT Kerberos 5 krb5_read_message kprop protocol bad sendauth version length denial of service attempt (snort3-server-other.rules)
 * 1:52386 <-> DISABLED <-> SERVER-OTHER MIT Kerberos 5 krb5_read_message klogin ksh kprop protocols bad app version length denial of service attempt (snort3-server-other.rules)
 * 1:52371 <-> DISABLED <-> PROTOCOL-SCADA Siemens SIMATIC WinCC flexible runtime stack buffer overflow attempt (snort3-protocol-scada.rules)
 * 1:52373 <-> DISABLED <-> MALWARE-OTHER Winnti Group VMProtected launcher variant download attempt (snort3-malware-other.rules)
 * 1:52370 <-> DISABLED <-> PROTOCOL-SCADA Siemens SIMATIC WinCC flexible runtime stack buffer overflow attempt (snort3-protocol-scada.rules)
 * 1:52369 <-> DISABLED <-> OS-WINDOWS Microsoft Windows and Server malformed header denial of service attempt (snort3-os-windows.rules)
 * 1:52374 <-> DISABLED <-> MALWARE-OTHER Winnti Group VMProtected launcher variant download attempt (snort3-malware-other.rules)
 * 1:52375 <-> DISABLED <-> MALWARE-TOOLS Win.Downloader.Get2 download attempt (snort3-malware-tools.rules)
 * 1:52372 <-> DISABLED <-> SERVER-OTHER Alt-N MDaemon default credentials login attempt (snort3-server-other.rules)
 * 1:52376 <-> DISABLED <-> MALWARE-TOOLS Win.Downloader.Get2 download attempt (snort3-malware-tools.rules)
 * 1:52377 <-> DISABLED <-> MALWARE-TOOLS Win.Downloader.Get2 download attempt (snort3-malware-tools.rules)
 * 1:52389 <-> DISABLED <-> SERVER-OTHER MIT Kerberos 5 krb5_read_message klogin ksh kprop protocols bad app version string denial of service attempt (snort3-server-other.rules)
 * 1:52400 <-> ENABLED <-> BROWSER-CHROME V8 JavaScript engine Out-of-Memory denial of service attempt (snort3-browser-chrome.rules)
 * 1:52378 <-> DISABLED <-> MALWARE-TOOLS Win.Downloader.Get2 download attempt (snort3-malware-tools.rules)
 * 1:52385 <-> DISABLED <-> SERVER-OTHER MIT Kerberos 5 krb5_read_message klogin protocol bad sendauth or app version length denial of service attempt (snort3-server-other.rules)
 * 1:52366 <-> DISABLED <-> SERVER-MYSQL yaSSL SSL Hello Message buffer overflow attempt (snort3-server-mysql.rules)
 * 1:52401 <-> ENABLED <-> BROWSER-CHROME V8 JavaScript engine Out-of-Memory denial of service attempt (snort3-browser-chrome.rules)

Modified Rules:


 * 1:31082 <-> DISABLED <-> SERVER-OTHER Vino VNC multiple client authentication denial of service attempt (snort3-server-other.rules)
 * 1:23267 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word invalid sprmTDefTable length stack buffer overflow attempt (snort3-file-office.rules)
 * 1:47897 <-> DISABLED <-> SERVER-OTHER Alt-N MDaemon buffer overflow attempt (snort3-server-other.rules)
 * 1:47896 <-> DISABLED <-> SERVER-OTHER Alt-N MDaemon buffer overflow attempt (snort3-server-other.rules)
 * 1:34709 <-> DISABLED <-> SERVER-OTHER MIT Kerberos 5 krb5_read_message denial of service attempt (snort3-server-other.rules)
 * 1:23266 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word invalid sprmTDefTable length stack buffer overflow attempt (snort3-file-office.rules)
 * 1:23268 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word invalid sprmTDefTable length stack buffer overflow attempt (snort3-file-office.rules)
 * 1:17591 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word invalid sprmTDefTable length stack buffer overflow attempt (snort3-file-office.rules)

2019-12-05 13:56:03 UTC

Snort Subscriber Rules Update

Date: 2019-12-05

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2990.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:52364 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Agent variant payload download attempt (malware-other.rules)
 * 1:52385 <-> DISABLED <-> SERVER-OTHER MIT Kerberos 5 krb5_read_message klogin protocol bad sendauth or app version length denial of service attempt (server-other.rules)
 * 1:52393 <-> DISABLED <-> SERVER-OTHER LibVNCServer file transfer extension heap buffer overflow attempt (server-other.rules)
 * 1:52354 <-> DISABLED <-> SERVER-WEBAPP rConfig ajaxServerSettingsChk.php command injection attempt (server-webapp.rules)
 * 1:52394 <-> DISABLED <-> SERVER-OTHER LibVNCServer file transfer extension heap buffer overflow attempt (server-other.rules)
 * 1:52389 <-> DISABLED <-> SERVER-OTHER MIT Kerberos 5 krb5_read_message klogin ksh kprop protocols bad app version string denial of service attempt (server-other.rules)
 * 1:52390 <-> DISABLED <-> SERVER-OTHER MIT Kerberos 5 krb5_read_message klogin ksh kprop protocols bad app version string denial of service attempt (server-other.rules)
 * 1:52397 <-> DISABLED <-> SERVER-OTHER LibVNCServer file transfer extension heap buffer overflow attempt (server-other.rules)
 * 1:52352 <-> DISABLED <-> SERVER-WEBAPP Wordpress Plainview Activity Monitor activities_overview.php command injection attempt (server-webapp.rules)
 * 1:52391 <-> DISABLED <-> SERVER-OTHER MIT Kerberos 5 krb5_read_message ksh protocol bad sendauth version length denial of service attempt (server-other.rules)
 * 1:52398 <-> DISABLED <-> FILE-IMAGE Foxit Reader malformed GIF LZW minimum code size memory corruption attempt (file-image.rules)
 * 1:52350 <-> DISABLED <-> SERVER-WEBAPP Wordpress Plainview Activity Monitor activities_overview.php command injection attempt (server-webapp.rules)
 * 1:52386 <-> DISABLED <-> SERVER-OTHER MIT Kerberos 5 krb5_read_message klogin ksh kprop protocols bad app version length denial of service attempt (server-other.rules)
 * 1:52373 <-> DISABLED <-> MALWARE-OTHER Winnti Group VMProtected launcher variant download attempt (malware-other.rules)
 * 1:52384 <-> DISABLED <-> SERVER-OTHER MIT Kerberos 5 krb5_read_message klogin ksh kprop protocols bad sendauth version string denial of service attempt (server-other.rules)
 * 1:52351 <-> DISABLED <-> SERVER-WEBAPP Wordpress Plainview Activity Monitor activities_overview.php command injection attempt (server-webapp.rules)
 * 1:52355 <-> DISABLED <-> SERVER-WEBAPP rConfig ajaxServerSettingsChk.php command injection attempt (server-webapp.rules)
 * 1:52356 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word invalid sprmTDefTable length stack buffer overflow attempt (file-office.rules)
 * 1:52357 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word invalid sprmTDefTable length stack buffer overflow attempt (file-office.rules)
 * 1:52395 <-> DISABLED <-> SERVER-OTHER LibVNCServer file transfer extension heap buffer overflow attempt (server-other.rules)
 * 1:52396 <-> DISABLED <-> SERVER-OTHER LibVNCServer file transfer extension heap buffer overflow attempt (server-other.rules)
 * 1:52358 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word invalid sprmTDefTable length stack buffer overflow attempt (file-office.rules)
 * 1:52400 <-> ENABLED <-> BROWSER-CHROME V8 JavaScript engine Out-of-Memory denial of service attempt (browser-chrome.rules)
 * 1:52359 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word invalid sprmTDefTable length stack buffer overflow attempt (file-office.rules)
 * 1:52362 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Agent variant payload download attempt (malware-other.rules)
 * 1:52360 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Agent variant payload download attempt (malware-other.rules)
 * 1:52353 <-> DISABLED <-> SERVER-WEBAPP rConfig ajaxServerSettingsChk.php command injection attempt (server-webapp.rules)
 * 1:52369 <-> DISABLED <-> OS-WINDOWS Microsoft Windows and Server malformed header denial of service attempt (os-windows.rules)
 * 1:52392 <-> DISABLED <-> SERVER-OTHER MIT Kerberos 5 krb5_read_message ksh protocol bad sendauth version length denial of service attempt (server-other.rules)
 * 1:52375 <-> DISABLED <-> MALWARE-TOOLS Win.Downloader.Get2 download attempt (malware-tools.rules)
 * 1:52365 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Agent variant payload download attempt (malware-other.rules)
 * 1:52378 <-> DISABLED <-> MALWARE-TOOLS Win.Downloader.Get2 download attempt (malware-tools.rules)
 * 1:52366 <-> DISABLED <-> SERVER-MYSQL yaSSL SSL Hello Message buffer overflow attempt (server-mysql.rules)
 * 1:52382 <-> DISABLED <-> MALWARE-TOOLS Win.Downloader.Get2 download attempt (malware-tools.rules)
 * 1:52383 <-> DISABLED <-> FILE-OTHER Adobe Acrobat and Reader crafted .joboptions file download attempt (file-other.rules)
 * 1:52387 <-> DISABLED <-> SERVER-OTHER MIT Kerberos 5 krb5_read_message kprop protocol bad sendauth version length denial of service attempt (server-other.rules)
 * 1:52380 <-> DISABLED <-> MALWARE-TOOLS Win.Downloader.Get2 download attempt (malware-tools.rules)
 * 1:52376 <-> DISABLED <-> MALWARE-TOOLS Win.Downloader.Get2 download attempt (malware-tools.rules)
 * 1:52379 <-> DISABLED <-> MALWARE-TOOLS Win.Downloader.Get2 download attempt (malware-tools.rules)
 * 1:52374 <-> DISABLED <-> MALWARE-OTHER Winnti Group VMProtected launcher variant download attempt (malware-other.rules)
 * 1:52388 <-> DISABLED <-> SERVER-OTHER MIT Kerberos 5 krb5_read_message klogin ksh kprop protocols bad sendauth version string denial of service attempt (server-other.rules)
 * 1:52381 <-> DISABLED <-> MALWARE-TOOLS Win.Downloader.Get2 download attempt (malware-tools.rules)
 * 1:52377 <-> DISABLED <-> MALWARE-TOOLS Win.Downloader.Get2 download attempt (malware-tools.rules)
 * 1:52363 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Agent variant payload download attempt (malware-other.rules)
 * 1:52370 <-> DISABLED <-> PROTOCOL-SCADA Siemens SIMATIC WinCC flexible runtime stack buffer overflow attempt (protocol-scada.rules)
 * 1:52361 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Agent variant payload download attempt (malware-other.rules)
 * 1:52371 <-> DISABLED <-> PROTOCOL-SCADA Siemens SIMATIC WinCC flexible runtime stack buffer overflow attempt (protocol-scada.rules)
 * 1:52401 <-> ENABLED <-> BROWSER-CHROME V8 JavaScript engine Out-of-Memory denial of service attempt (browser-chrome.rules)
 * 1:52372 <-> DISABLED <-> SERVER-OTHER Alt-N MDaemon default credentials login attempt (server-other.rules)
 * 1:52399 <-> DISABLED <-> FILE-IMAGE Foxit Reader malformed GIF LZW minimum code size memory corruption attempt (file-image.rules)
 * 3:52367 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2019-0964 attack attempt (file-other.rules)
 * 3:52368 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2019-0964 attack attempt (file-other.rules)

Modified Rules:


 * 1:23268 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word invalid sprmTDefTable length stack buffer overflow attempt (file-office.rules)
 * 1:23266 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word invalid sprmTDefTable length stack buffer overflow attempt (file-office.rules)
 * 1:31082 <-> DISABLED <-> SERVER-OTHER Vino VNC multiple client authentication denial of service attempt (server-other.rules)
 * 1:47897 <-> DISABLED <-> SERVER-OTHER Alt-N MDaemon buffer overflow attempt (server-other.rules)
 * 1:34709 <-> DISABLED <-> SERVER-OTHER MIT Kerberos 5 krb5_read_message denial of service attempt (server-other.rules)
 * 1:17591 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word invalid sprmTDefTable length stack buffer overflow attempt (file-office.rules)
 * 1:23267 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word invalid sprmTDefTable length stack buffer overflow attempt (file-office.rules)
 * 1:47896 <-> DISABLED <-> SERVER-OTHER Alt-N MDaemon buffer overflow attempt (server-other.rules)

2019-12-05 13:56:03 UTC

Snort Subscriber Rules Update

Date: 2019-12-05

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:52393 <-> DISABLED <-> SERVER-OTHER LibVNCServer file transfer extension heap buffer overflow attempt (server-other.rules)
 * 1:52384 <-> DISABLED <-> SERVER-OTHER MIT Kerberos 5 krb5_read_message klogin ksh kprop protocols bad sendauth version string denial of service attempt (server-other.rules)
 * 1:52391 <-> DISABLED <-> SERVER-OTHER MIT Kerberos 5 krb5_read_message ksh protocol bad sendauth version length denial of service attempt (server-other.rules)
 * 1:52390 <-> DISABLED <-> SERVER-OTHER MIT Kerberos 5 krb5_read_message klogin ksh kprop protocols bad app version string denial of service attempt (server-other.rules)
 * 1:52400 <-> ENABLED <-> BROWSER-CHROME V8 JavaScript engine Out-of-Memory denial of service attempt (browser-chrome.rules)
 * 1:52388 <-> DISABLED <-> SERVER-OTHER MIT Kerberos 5 krb5_read_message klogin ksh kprop protocols bad sendauth version string denial of service attempt (server-other.rules)
 * 1:52362 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Agent variant payload download attempt (malware-other.rules)
 * 1:52350 <-> DISABLED <-> SERVER-WEBAPP Wordpress Plainview Activity Monitor activities_overview.php command injection attempt (server-webapp.rules)
 * 1:52355 <-> DISABLED <-> SERVER-WEBAPP rConfig ajaxServerSettingsChk.php command injection attempt (server-webapp.rules)
 * 1:52353 <-> DISABLED <-> SERVER-WEBAPP rConfig ajaxServerSettingsChk.php command injection attempt (server-webapp.rules)
 * 1:52396 <-> DISABLED <-> SERVER-OTHER LibVNCServer file transfer extension heap buffer overflow attempt (server-other.rules)
 * 1:52356 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word invalid sprmTDefTable length stack buffer overflow attempt (file-office.rules)
 * 1:52352 <-> DISABLED <-> SERVER-WEBAPP Wordpress Plainview Activity Monitor activities_overview.php command injection attempt (server-webapp.rules)
 * 1:52357 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word invalid sprmTDefTable length stack buffer overflow attempt (file-office.rules)
 * 1:52397 <-> DISABLED <-> SERVER-OTHER LibVNCServer file transfer extension heap buffer overflow attempt (server-other.rules)
 * 1:52392 <-> DISABLED <-> SERVER-OTHER MIT Kerberos 5 krb5_read_message ksh protocol bad sendauth version length denial of service attempt (server-other.rules)
 * 1:52369 <-> DISABLED <-> OS-WINDOWS Microsoft Windows and Server malformed header denial of service attempt (os-windows.rules)
 * 1:52351 <-> DISABLED <-> SERVER-WEBAPP Wordpress Plainview Activity Monitor activities_overview.php command injection attempt (server-webapp.rules)
 * 1:52358 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word invalid sprmTDefTable length stack buffer overflow attempt (file-office.rules)
 * 1:52359 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word invalid sprmTDefTable length stack buffer overflow attempt (file-office.rules)
 * 1:52360 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Agent variant payload download attempt (malware-other.rules)
 * 1:52363 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Agent variant payload download attempt (malware-other.rules)
 * 1:52361 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Agent variant payload download attempt (malware-other.rules)
 * 1:52354 <-> DISABLED <-> SERVER-WEBAPP rConfig ajaxServerSettingsChk.php command injection attempt (server-webapp.rules)
 * 1:52381 <-> DISABLED <-> MALWARE-TOOLS Win.Downloader.Get2 download attempt (malware-tools.rules)
 * 1:52373 <-> DISABLED <-> MALWARE-OTHER Winnti Group VMProtected launcher variant download attempt (malware-other.rules)
 * 1:52401 <-> ENABLED <-> BROWSER-CHROME V8 JavaScript engine Out-of-Memory denial of service attempt (browser-chrome.rules)
 * 1:52364 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Agent variant payload download attempt (malware-other.rules)
 * 1:52386 <-> DISABLED <-> SERVER-OTHER MIT Kerberos 5 krb5_read_message klogin ksh kprop protocols bad app version length denial of service attempt (server-other.rules)
 * 1:52395 <-> DISABLED <-> SERVER-OTHER LibVNCServer file transfer extension heap buffer overflow attempt (server-other.rules)
 * 1:52371 <-> DISABLED <-> PROTOCOL-SCADA Siemens SIMATIC WinCC flexible runtime stack buffer overflow attempt (protocol-scada.rules)
 * 1:52376 <-> DISABLED <-> MALWARE-TOOLS Win.Downloader.Get2 download attempt (malware-tools.rules)
 * 1:52383 <-> DISABLED <-> FILE-OTHER Adobe Acrobat and Reader crafted .joboptions file download attempt (file-other.rules)
 * 1:52378 <-> DISABLED <-> MALWARE-TOOLS Win.Downloader.Get2 download attempt (malware-tools.rules)
 * 1:52380 <-> DISABLED <-> MALWARE-TOOLS Win.Downloader.Get2 download attempt (malware-tools.rules)
 * 1:52377 <-> DISABLED <-> MALWARE-TOOLS Win.Downloader.Get2 download attempt (malware-tools.rules)
 * 1:52370 <-> DISABLED <-> PROTOCOL-SCADA Siemens SIMATIC WinCC flexible runtime stack buffer overflow attempt (protocol-scada.rules)
 * 1:52372 <-> DISABLED <-> SERVER-OTHER Alt-N MDaemon default credentials login attempt (server-other.rules)
 * 1:52379 <-> DISABLED <-> MALWARE-TOOLS Win.Downloader.Get2 download attempt (malware-tools.rules)
 * 1:52382 <-> DISABLED <-> MALWARE-TOOLS Win.Downloader.Get2 download attempt (malware-tools.rules)
 * 1:52374 <-> DISABLED <-> MALWARE-OTHER Winnti Group VMProtected launcher variant download attempt (malware-other.rules)
 * 1:52366 <-> DISABLED <-> SERVER-MYSQL yaSSL SSL Hello Message buffer overflow attempt (server-mysql.rules)
 * 1:52385 <-> DISABLED <-> SERVER-OTHER MIT Kerberos 5 krb5_read_message klogin protocol bad sendauth or app version length denial of service attempt (server-other.rules)
 * 1:52398 <-> DISABLED <-> FILE-IMAGE Foxit Reader malformed GIF LZW minimum code size memory corruption attempt (file-image.rules)
 * 1:52387 <-> DISABLED <-> SERVER-OTHER MIT Kerberos 5 krb5_read_message kprop protocol bad sendauth version length denial of service attempt (server-other.rules)
 * 1:52394 <-> DISABLED <-> SERVER-OTHER LibVNCServer file transfer extension heap buffer overflow attempt (server-other.rules)
 * 1:52365 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Agent variant payload download attempt (malware-other.rules)
 * 1:52389 <-> DISABLED <-> SERVER-OTHER MIT Kerberos 5 krb5_read_message klogin ksh kprop protocols bad app version string denial of service attempt (server-other.rules)
 * 1:52399 <-> DISABLED <-> FILE-IMAGE Foxit Reader malformed GIF LZW minimum code size memory corruption attempt (file-image.rules)
 * 1:52375 <-> DISABLED <-> MALWARE-TOOLS Win.Downloader.Get2 download attempt (malware-tools.rules)
 * 3:52367 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2019-0964 attack attempt (file-other.rules)
 * 3:52368 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2019-0964 attack attempt (file-other.rules)

Modified Rules:


 * 1:47896 <-> DISABLED <-> SERVER-OTHER Alt-N MDaemon buffer overflow attempt (server-other.rules)
 * 1:47897 <-> DISABLED <-> SERVER-OTHER Alt-N MDaemon buffer overflow attempt (server-other.rules)
 * 1:23266 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word invalid sprmTDefTable length stack buffer overflow attempt (file-office.rules)
 * 1:34709 <-> DISABLED <-> SERVER-OTHER MIT Kerberos 5 krb5_read_message denial of service attempt (server-other.rules)
 * 1:17591 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word invalid sprmTDefTable length stack buffer overflow attempt (file-office.rules)
 * 1:23267 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word invalid sprmTDefTable length stack buffer overflow attempt (file-office.rules)
 * 1:31082 <-> DISABLED <-> SERVER-OTHER Vino VNC multiple client authentication denial of service attempt (server-other.rules)
 * 1:23268 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word invalid sprmTDefTable length stack buffer overflow attempt (file-office.rules)