Talos Rules 2020-06-18
This release adds and modifies rules in several categories.

Talos has added and modified multiple rules in the browser-other, malware-cnc, malware-other and server-webapp rule sets to provide coverage for emerging threats from these technologies.

Change logs

2020-06-18 11:56:42 UTC

Snort Subscriber Rules Update

Date: 2020-06-18

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091600.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:54319 <-> ENABLED <-> SERVER-WEBAPP VMWare Cloud Director Java expression language injection attempt (server-webapp.rules)
 * 1:54318 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Azorult variant outbound connection attempt (malware-cnc.rules)
 * 1:54317 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Jqht-8069377-0 download attempt (malware-other.rules)
 * 1:54316 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Jqht-8069377-0 download attempt (malware-other.rules)
 * 1:54357 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Delf variant outbound connection (malware-cnc.rules)
 * 3:54329 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules)
 * 3:54328 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules)
 * 3:54327 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules)
 * 3:54326 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules)
 * 3:54325 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules)
 * 3:54324 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules)
 * 3:54323 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules)
 * 3:54322 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules)
 * 3:54321 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules)
 * 3:54320 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules)
 * 3:54345 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules)
 * 3:54344 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules)
 * 3:54343 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules)
 * 3:54342 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules)
 * 3:54341 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules)
 * 3:54340 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules)
 * 3:54339 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules)
 * 3:54338 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules)
 * 3:54337 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules)
 * 3:54336 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules)
 * 3:54335 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules)
 * 3:54334 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules)
 * 3:54333 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules)
 * 3:54332 <-> ENABLED <-> POLICY-OTHER Cisco TelePresence API SoftwareUpgrade SystemUnit command detected (policy-other.rules)
 * 3:54331 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules)
 * 3:54330 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules)
 * 3:54348 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules)
 * 3:54347 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules)
 * 3:54346 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules)
 * 3:54351 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules)
 * 3:54350 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules)
 * 3:54349 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules)
 * 3:54352 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules)
 * 3:54355 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules)
 * 3:54354 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules)
 * 3:54353 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules)
 * 3:54359 <-> ENABLED <-> BROWSER-OTHER Cisco Webex Meetings Desktop App arbitrary program execution attempt (browser-other.rules)
 * 3:54358 <-> ENABLED <-> BROWSER-OTHER Cisco Webex Meetings Desktop App arbitrary program execution attempt (browser-other.rules)
 * 3:54356 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules)
 * 3:54360 <-> ENABLED <-> BROWSER-OTHER Cisco Webex Meetings Desktop App arbitrary program execution attempt (browser-other.rules)
 * 3:54372 <-> ENABLED <-> BROWSER-OTHER Cisco Webex Meetings Desktop App arbitrary program execution attempt (browser-other.rules)
 * 3:54371 <-> ENABLED <-> BROWSER-OTHER Cisco Webex Meetings Desktop App arbitrary program execution attempt (browser-other.rules)
 * 3:54370 <-> ENABLED <-> BROWSER-OTHER Cisco Webex Meetings Desktop App arbitrary program execution attempt (browser-other.rules)
 * 3:54369 <-> ENABLED <-> BROWSER-OTHER Cisco Webex Meetings Desktop App arbitrary program execution attempt (browser-other.rules)
 * 3:54368 <-> ENABLED <-> BROWSER-OTHER Cisco Webex Meetings Desktop App arbitrary program execution attempt (browser-other.rules)
 * 3:54367 <-> ENABLED <-> BROWSER-OTHER Cisco Webex Meetings Desktop App arbitrary program execution attempt (browser-other.rules)
 * 3:54366 <-> ENABLED <-> BROWSER-OTHER Cisco Webex Meetings Desktop App arbitrary program execution attempt (browser-other.rules)
 * 3:54365 <-> ENABLED <-> BROWSER-OTHER Cisco Webex Meetings Desktop App arbitrary program execution attempt (browser-other.rules)
 * 3:54364 <-> ENABLED <-> BROWSER-OTHER Cisco Webex Meetings Desktop App arbitrary program execution attempt (browser-other.rules)
 * 3:54363 <-> ENABLED <-> BROWSER-OTHER Cisco Webex Meetings Desktop App arbitrary program execution attempt (browser-other.rules)
 * 3:54362 <-> ENABLED <-> BROWSER-OTHER Cisco Webex Meetings Desktop App arbitrary program execution attempt (browser-other.rules)
 * 3:54361 <-> ENABLED <-> BROWSER-OTHER Cisco Webex Meetings Desktop App arbitrary program execution attempt (browser-other.rules)

Modified Rules:



2020-06-18 11:56:42 UTC

Snort Subscriber Rules Update

Date: 2020-06-18

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091501.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:54317 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Jqht-8069377-0 download attempt (malware-other.rules)
 * 1:54318 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Azorult variant outbound connection attempt (malware-cnc.rules)
 * 1:54319 <-> ENABLED <-> SERVER-WEBAPP VMWare Cloud Director Java expression language injection attempt (server-webapp.rules)
 * 1:54357 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Delf variant outbound connection (malware-cnc.rules)
 * 1:54316 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Jqht-8069377-0 download attempt (malware-other.rules)
 * 3:54358 <-> ENABLED <-> BROWSER-OTHER Cisco Webex Meetings Desktop App arbitrary program execution attempt (browser-other.rules)
 * 3:54359 <-> ENABLED <-> BROWSER-OTHER Cisco Webex Meetings Desktop App arbitrary program execution attempt (browser-other.rules)
 * 3:54362 <-> ENABLED <-> BROWSER-OTHER Cisco Webex Meetings Desktop App arbitrary program execution attempt (browser-other.rules)
 * 3:54360 <-> ENABLED <-> BROWSER-OTHER Cisco Webex Meetings Desktop App arbitrary program execution attempt (browser-other.rules)
 * 3:54320 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules)
 * 3:54321 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules)
 * 3:54322 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules)
 * 3:54323 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules)
 * 3:54324 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules)
 * 3:54325 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules)
 * 3:54326 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules)
 * 3:54327 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules)
 * 3:54328 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules)
 * 3:54329 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules)
 * 3:54330 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules)
 * 3:54331 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules)
 * 3:54332 <-> ENABLED <-> POLICY-OTHER Cisco TelePresence API SoftwareUpgrade SystemUnit command detected (policy-other.rules)
 * 3:54334 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules)
 * 3:54335 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules)
 * 3:54337 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules)
 * 3:54338 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules)
 * 3:54333 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules)
 * 3:54339 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules)
 * 3:54336 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules)
 * 3:54340 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules)
 * 3:54341 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules)
 * 3:54342 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules)
 * 3:54344 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules)
 * 3:54345 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules)
 * 3:54343 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules)
 * 3:54368 <-> ENABLED <-> BROWSER-OTHER Cisco Webex Meetings Desktop App arbitrary program execution attempt (browser-other.rules)
 * 3:54367 <-> ENABLED <-> BROWSER-OTHER Cisco Webex Meetings Desktop App arbitrary program execution attempt (browser-other.rules)
 * 3:54366 <-> ENABLED <-> BROWSER-OTHER Cisco Webex Meetings Desktop App arbitrary program execution attempt (browser-other.rules)
 * 3:54365 <-> ENABLED <-> BROWSER-OTHER Cisco Webex Meetings Desktop App arbitrary program execution attempt (browser-other.rules)
 * 3:54364 <-> ENABLED <-> BROWSER-OTHER Cisco Webex Meetings Desktop App arbitrary program execution attempt (browser-other.rules)
 * 3:54363 <-> ENABLED <-> BROWSER-OTHER Cisco Webex Meetings Desktop App arbitrary program execution attempt (browser-other.rules)
 * 3:54361 <-> ENABLED <-> BROWSER-OTHER Cisco Webex Meetings Desktop App arbitrary program execution attempt (browser-other.rules)
 * 3:54347 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules)
 * 3:54348 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules)
 * 3:54349 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules)
 * 3:54350 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules)
 * 3:54351 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules)
 * 3:54352 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules)
 * 3:54353 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules)
 * 3:54354 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules)
 * 3:54355 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules)
 * 3:54356 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules)
 * 3:54346 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules)
 * 3:54372 <-> ENABLED <-> BROWSER-OTHER Cisco Webex Meetings Desktop App arbitrary program execution attempt (browser-other.rules)
 * 3:54371 <-> ENABLED <-> BROWSER-OTHER Cisco Webex Meetings Desktop App arbitrary program execution attempt (browser-other.rules)
 * 3:54370 <-> ENABLED <-> BROWSER-OTHER Cisco Webex Meetings Desktop App arbitrary program execution attempt (browser-other.rules)
 * 3:54369 <-> ENABLED <-> BROWSER-OTHER Cisco Webex Meetings Desktop App arbitrary program execution attempt (browser-other.rules)

Modified Rules:



2020-06-18 11:56:42 UTC

Snort Subscriber Rules Update

Date: 2020-06-18

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091500.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:54317 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Jqht-8069377-0 download attempt (malware-other.rules)
 * 1:54357 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Delf variant outbound connection (malware-cnc.rules)
 * 1:54319 <-> ENABLED <-> SERVER-WEBAPP VMWare Cloud Director Java expression language injection attempt (server-webapp.rules)
 * 1:54318 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Azorult variant outbound connection attempt (malware-cnc.rules)
 * 1:54316 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Jqht-8069377-0 download attempt (malware-other.rules)
 * 3:54365 <-> ENABLED <-> BROWSER-OTHER Cisco Webex Meetings Desktop App arbitrary program execution attempt (browser-other.rules)
 * 3:54366 <-> ENABLED <-> BROWSER-OTHER Cisco Webex Meetings Desktop App arbitrary program execution attempt (browser-other.rules)
 * 3:54358 <-> ENABLED <-> BROWSER-OTHER Cisco Webex Meetings Desktop App arbitrary program execution attempt (browser-other.rules)
 * 3:54369 <-> ENABLED <-> BROWSER-OTHER Cisco Webex Meetings Desktop App arbitrary program execution attempt (browser-other.rules)
 * 3:54363 <-> ENABLED <-> BROWSER-OTHER Cisco Webex Meetings Desktop App arbitrary program execution attempt (browser-other.rules)
 * 3:54359 <-> ENABLED <-> BROWSER-OTHER Cisco Webex Meetings Desktop App arbitrary program execution attempt (browser-other.rules)
 * 3:54368 <-> ENABLED <-> BROWSER-OTHER Cisco Webex Meetings Desktop App arbitrary program execution attempt (browser-other.rules)
 * 3:54364 <-> ENABLED <-> BROWSER-OTHER Cisco Webex Meetings Desktop App arbitrary program execution attempt (browser-other.rules)
 * 3:54372 <-> ENABLED <-> BROWSER-OTHER Cisco Webex Meetings Desktop App arbitrary program execution attempt (browser-other.rules)
 * 3:54367 <-> ENABLED <-> BROWSER-OTHER Cisco Webex Meetings Desktop App arbitrary program execution attempt (browser-other.rules)
 * 3:54371 <-> ENABLED <-> BROWSER-OTHER Cisco Webex Meetings Desktop App arbitrary program execution attempt (browser-other.rules)
 * 3:54370 <-> ENABLED <-> BROWSER-OTHER Cisco Webex Meetings Desktop App arbitrary program execution attempt (browser-other.rules)
 * 3:54320 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules)
 * 3:54321 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules)
 * 3:54322 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules)
 * 3:54325 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules)
 * 3:54323 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules)
 * 3:54328 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules)
 * 3:54324 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules)
 * 3:54330 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules)
 * 3:54326 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules)
 * 3:54327 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules)
 * 3:54329 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules)
 * 3:54331 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules)
 * 3:54332 <-> ENABLED <-> POLICY-OTHER Cisco TelePresence API SoftwareUpgrade SystemUnit command detected (policy-other.rules)
 * 3:54336 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules)
 * 3:54334 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules)
 * 3:54333 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules)
 * 3:54338 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules)
 * 3:54339 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules)
 * 3:54340 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules)
 * 3:54341 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules)
 * 3:54342 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules)
 * 3:54343 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules)
 * 3:54354 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules)
 * 3:54344 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules)
 * 3:54345 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules)
 * 3:54346 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules)
 * 3:54347 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules)
 * 3:54348 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules)
 * 3:54349 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules)
 * 3:54350 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules)
 * 3:54351 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules)
 * 3:54352 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules)
 * 3:54360 <-> ENABLED <-> BROWSER-OTHER Cisco Webex Meetings Desktop App arbitrary program execution attempt (browser-other.rules)
 * 3:54335 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules)
 * 3:54361 <-> ENABLED <-> BROWSER-OTHER Cisco Webex Meetings Desktop App arbitrary program execution attempt (browser-other.rules)
 * 3:54355 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules)
 * 3:54356 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules)
 * 3:54337 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules)
 * 3:54362 <-> ENABLED <-> BROWSER-OTHER Cisco Webex Meetings Desktop App arbitrary program execution attempt (browser-other.rules)
 * 3:54353 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules)

Modified Rules:



2020-06-18 11:56:42 UTC

Snort Subscriber Rules Update

Date: 2020-06-18

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091401.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:54318 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Azorult variant outbound connection attempt (malware-cnc.rules)
 * 1:54319 <-> ENABLED <-> SERVER-WEBAPP VMWare Cloud Director Java expression language injection attempt (server-webapp.rules)
 * 1:54357 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Delf variant outbound connection (malware-cnc.rules)
 * 1:54316 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Jqht-8069377-0 download attempt (malware-other.rules)
 * 1:54317 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Jqht-8069377-0 download attempt (malware-other.rules)
 * 3:54369 <-> ENABLED <-> BROWSER-OTHER Cisco Webex Meetings Desktop App arbitrary program execution attempt (browser-other.rules)
 * 3:54366 <-> ENABLED <-> BROWSER-OTHER Cisco Webex Meetings Desktop App arbitrary program execution attempt (browser-other.rules)
 * 3:54364 <-> ENABLED <-> BROWSER-OTHER Cisco Webex Meetings Desktop App arbitrary program execution attempt (browser-other.rules)
 * 3:54351 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules)
 * 3:54353 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules)
 * 3:54365 <-> ENABLED <-> BROWSER-OTHER Cisco Webex Meetings Desktop App arbitrary program execution attempt (browser-other.rules)
 * 3:54367 <-> ENABLED <-> BROWSER-OTHER Cisco Webex Meetings Desktop App arbitrary program execution attempt (browser-other.rules)
 * 3:54370 <-> ENABLED <-> BROWSER-OTHER Cisco Webex Meetings Desktop App arbitrary program execution attempt (browser-other.rules)
 * 3:54371 <-> ENABLED <-> BROWSER-OTHER Cisco Webex Meetings Desktop App arbitrary program execution attempt (browser-other.rules)
 * 3:54372 <-> ENABLED <-> BROWSER-OTHER Cisco Webex Meetings Desktop App arbitrary program execution attempt (browser-other.rules)
 * 3:54361 <-> ENABLED <-> BROWSER-OTHER Cisco Webex Meetings Desktop App arbitrary program execution attempt (browser-other.rules)
 * 3:54368 <-> ENABLED <-> BROWSER-OTHER Cisco Webex Meetings Desktop App arbitrary program execution attempt (browser-other.rules)
 * 3:54363 <-> ENABLED <-> BROWSER-OTHER Cisco Webex Meetings Desktop App arbitrary program execution attempt (browser-other.rules)
 * 3:54320 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules)
 * 3:54321 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules)
 * 3:54323 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules)
 * 3:54325 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules)
 * 3:54322 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules)
 * 3:54327 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules)
 * 3:54328 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules)
 * 3:54324 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules)
 * 3:54329 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules)
 * 3:54326 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules)
 * 3:54330 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules)
 * 3:54331 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules)
 * 3:54334 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules)
 * 3:54333 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules)
 * 3:54352 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules)
 * 3:54332 <-> ENABLED <-> POLICY-OTHER Cisco TelePresence API SoftwareUpgrade SystemUnit command detected (policy-other.rules)
 * 3:54356 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules)
 * 3:54335 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules)
 * 3:54336 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules)
 * 3:54337 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules)
 * 3:54338 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules)
 * 3:54339 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules)
 * 3:54340 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules)
 * 3:54342 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules)
 * 3:54343 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules)
 * 3:54344 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules)
 * 3:54345 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules)
 * 3:54346 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules)
 * 3:54347 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules)
 * 3:54348 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules)
 * 3:54349 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules)
 * 3:54350 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules)
 * 3:54359 <-> ENABLED <-> BROWSER-OTHER Cisco Webex Meetings Desktop App arbitrary program execution attempt (browser-other.rules)
 * 3:54341 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules)
 * 3:54354 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules)
 * 3:54360 <-> ENABLED <-> BROWSER-OTHER Cisco Webex Meetings Desktop App arbitrary program execution attempt (browser-other.rules)
 * 3:54362 <-> ENABLED <-> BROWSER-OTHER Cisco Webex Meetings Desktop App arbitrary program execution attempt (browser-other.rules)
 * 3:54358 <-> ENABLED <-> BROWSER-OTHER Cisco Webex Meetings Desktop App arbitrary program execution attempt (browser-other.rules)
 * 3:54355 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules)

Modified Rules:



2020-06-18 11:56:42 UTC

Snort Subscriber Rules Update

Date: 2020-06-18

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091300.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:54319 <-> ENABLED <-> SERVER-WEBAPP VMWare Cloud Director Java expression language injection attempt (server-webapp.rules)
 * 1:54317 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Jqht-8069377-0 download attempt (malware-other.rules)
 * 1:54318 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Azorult variant outbound connection attempt (malware-cnc.rules)
 * 1:54357 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Delf variant outbound connection (malware-cnc.rules)
 * 1:54316 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Jqht-8069377-0 download attempt (malware-other.rules)
 * 3:54358 <-> ENABLED <-> BROWSER-OTHER Cisco Webex Meetings Desktop App arbitrary program execution attempt (browser-other.rules)
 * 3:54365 <-> ENABLED <-> BROWSER-OTHER Cisco Webex Meetings Desktop App arbitrary program execution attempt (browser-other.rules)
 * 3:54362 <-> ENABLED <-> BROWSER-OTHER Cisco Webex Meetings Desktop App arbitrary program execution attempt (browser-other.rules)
 * 3:54359 <-> ENABLED <-> BROWSER-OTHER Cisco Webex Meetings Desktop App arbitrary program execution attempt (browser-other.rules)
 * 3:54360 <-> ENABLED <-> BROWSER-OTHER Cisco Webex Meetings Desktop App arbitrary program execution attempt (browser-other.rules)
 * 3:54366 <-> ENABLED <-> BROWSER-OTHER Cisco Webex Meetings Desktop App arbitrary program execution attempt (browser-other.rules)
 * 3:54361 <-> ENABLED <-> BROWSER-OTHER Cisco Webex Meetings Desktop App arbitrary program execution attempt (browser-other.rules)
 * 3:54367 <-> ENABLED <-> BROWSER-OTHER Cisco Webex Meetings Desktop App arbitrary program execution attempt (browser-other.rules)
 * 3:54370 <-> ENABLED <-> BROWSER-OTHER Cisco Webex Meetings Desktop App arbitrary program execution attempt (browser-other.rules)
 * 3:54371 <-> ENABLED <-> BROWSER-OTHER Cisco Webex Meetings Desktop App arbitrary program execution attempt (browser-other.rules)
 * 3:54372 <-> ENABLED <-> BROWSER-OTHER Cisco Webex Meetings Desktop App arbitrary program execution attempt (browser-other.rules)
 * 3:54368 <-> ENABLED <-> BROWSER-OTHER Cisco Webex Meetings Desktop App arbitrary program execution attempt (browser-other.rules)
 * 3:54363 <-> ENABLED <-> BROWSER-OTHER Cisco Webex Meetings Desktop App arbitrary program execution attempt (browser-other.rules)
 * 3:54369 <-> ENABLED <-> BROWSER-OTHER Cisco Webex Meetings Desktop App arbitrary program execution attempt (browser-other.rules)
 * 3:54356 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules)
 * 3:54354 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules)
 * 3:54352 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules)
 * 3:54350 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules)
 * 3:54355 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules)
 * 3:54353 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules)
 * 3:54348 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules)
 * 3:54346 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules)
 * 3:54351 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules)
 * 3:54344 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules)
 * 3:54349 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules)
 * 3:54342 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules)
 * 3:54347 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules)
 * 3:54340 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules)
 * 3:54345 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules)
 * 3:54338 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules)
 * 3:54343 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules)
 * 3:54336 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules)
 * 3:54341 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules)
 * 3:54334 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules)
 * 3:54339 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules)
 * 3:54332 <-> ENABLED <-> POLICY-OTHER Cisco TelePresence API SoftwareUpgrade SystemUnit command detected (policy-other.rules)
 * 3:54337 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules)
 * 3:54330 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules)
 * 3:54335 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules)
 * 3:54328 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules)
 * 3:54333 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules)
 * 3:54326 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules)
 * 3:54331 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules)
 * 3:54324 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules)
 * 3:54329 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules)
 * 3:54322 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules)
 * 3:54327 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules)
 * 3:54320 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules)
 * 3:54325 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules)
 * 3:54323 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules)
 * 3:54321 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules)
 * 3:54364 <-> ENABLED <-> BROWSER-OTHER Cisco Webex Meetings Desktop App arbitrary program execution attempt (browser-other.rules)

Modified Rules:



2020-06-18 11:56:42 UTC

Snort Subscriber Rules Update

Date: 2020-06-18

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091101.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:54357 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Delf variant outbound connection (malware-cnc.rules)
 * 1:54318 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Azorult variant outbound connection attempt (malware-cnc.rules)
 * 1:54317 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Jqht-8069377-0 download attempt (malware-other.rules)
 * 1:54319 <-> ENABLED <-> SERVER-WEBAPP VMWare Cloud Director Java expression language injection attempt (server-webapp.rules)
 * 1:54316 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Jqht-8069377-0 download attempt (malware-other.rules)
 * 3:54371 <-> ENABLED <-> BROWSER-OTHER Cisco Webex Meetings Desktop App arbitrary program execution attempt (browser-other.rules)
 * 3:54365 <-> ENABLED <-> BROWSER-OTHER Cisco Webex Meetings Desktop App arbitrary program execution attempt (browser-other.rules)
 * 3:54321 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules)
 * 3:54358 <-> ENABLED <-> BROWSER-OTHER Cisco Webex Meetings Desktop App arbitrary program execution attempt (browser-other.rules)
 * 3:54329 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules)
 * 3:54369 <-> ENABLED <-> BROWSER-OTHER Cisco Webex Meetings Desktop App arbitrary program execution attempt (browser-other.rules)
 * 3:54362 <-> ENABLED <-> BROWSER-OTHER Cisco Webex Meetings Desktop App arbitrary program execution attempt (browser-other.rules)
 * 3:54360 <-> ENABLED <-> BROWSER-OTHER Cisco Webex Meetings Desktop App arbitrary program execution attempt (browser-other.rules)
 * 3:54367 <-> ENABLED <-> BROWSER-OTHER Cisco Webex Meetings Desktop App arbitrary program execution attempt (browser-other.rules)
 * 3:54366 <-> ENABLED <-> BROWSER-OTHER Cisco Webex Meetings Desktop App arbitrary program execution attempt (browser-other.rules)
 * 3:54322 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules)
 * 3:54372 <-> ENABLED <-> BROWSER-OTHER Cisco Webex Meetings Desktop App arbitrary program execution attempt (browser-other.rules)
 * 3:54370 <-> ENABLED <-> BROWSER-OTHER Cisco Webex Meetings Desktop App arbitrary program execution attempt (browser-other.rules)
 * 3:54325 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules)
 * 3:54320 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules)
 * 3:54361 <-> ENABLED <-> BROWSER-OTHER Cisco Webex Meetings Desktop App arbitrary program execution attempt (browser-other.rules)
 * 3:54363 <-> ENABLED <-> BROWSER-OTHER Cisco Webex Meetings Desktop App arbitrary program execution attempt (browser-other.rules)
 * 3:54364 <-> ENABLED <-> BROWSER-OTHER Cisco Webex Meetings Desktop App arbitrary program execution attempt (browser-other.rules)
 * 3:54354 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules)
 * 3:54356 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules)
 * 3:54348 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules)
 * 3:54352 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules)
 * 3:54346 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules)
 * 3:54350 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules)
 * 3:54355 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules)
 * 3:54353 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules)
 * 3:54351 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules)
 * 3:54344 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules)
 * 3:54340 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules)
 * 3:54342 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules)
 * 3:54349 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules)
 * 3:54338 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules)
 * 3:54343 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules)
 * 3:54336 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules)
 * 3:54341 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules)
 * 3:54334 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules)
 * 3:54339 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules)
 * 3:54323 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules)
 * 3:54332 <-> ENABLED <-> POLICY-OTHER Cisco TelePresence API SoftwareUpgrade SystemUnit command detected (policy-other.rules)
 * 3:54337 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules)
 * 3:54330 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules)
 * 3:54335 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules)
 * 3:54328 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules)
 * 3:54333 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules)
 * 3:54327 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules)
 * 3:54331 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules)
 * 3:54324 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules)
 * 3:54359 <-> ENABLED <-> BROWSER-OTHER Cisco Webex Meetings Desktop App arbitrary program execution attempt (browser-other.rules)
 * 3:54347 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules)
 * 3:54326 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules)
 * 3:54368 <-> ENABLED <-> BROWSER-OTHER Cisco Webex Meetings Desktop App arbitrary program execution attempt (browser-other.rules)
 * 3:54345 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules)

Modified Rules:



2020-06-18 11:56:42 UTC

Snort Subscriber Rules Update

Date: 2020-06-18

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3000.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:54318 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Azorult variant outbound connection attempt (snort3-malware-cnc.rules)
 * 1:54316 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Jqht-8069377-0 download attempt (snort3-malware-other.rules)
 * 1:54357 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Delf variant outbound connection (snort3-malware-cnc.rules)
 * 1:54317 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Jqht-8069377-0 download attempt (snort3-malware-other.rules)
 * 1:54319 <-> ENABLED <-> SERVER-WEBAPP VMWare Cloud Director Java expression language injection attempt (snort3-server-webapp.rules)

Modified Rules:



2020-06-18 11:56:42 UTC

Snort Subscriber Rules Update

Date: 2020-06-18

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:54318 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Azorult variant outbound connection attempt (malware-cnc.rules)
 * 1:54357 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Delf variant outbound connection (malware-cnc.rules)
 * 1:54316 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Jqht-8069377-0 download attempt (malware-other.rules)
 * 1:54317 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Jqht-8069377-0 download attempt (malware-other.rules)
 * 1:54319 <-> ENABLED <-> SERVER-WEBAPP VMWare Cloud Director Java expression language injection attempt (server-webapp.rules)
 * 3:54358 <-> ENABLED <-> BROWSER-OTHER Cisco Webex Meetings Desktop App arbitrary program execution attempt (browser-other.rules)
 * 3:54369 <-> ENABLED <-> BROWSER-OTHER Cisco Webex Meetings Desktop App arbitrary program execution attempt (browser-other.rules)
 * 3:54366 <-> ENABLED <-> BROWSER-OTHER Cisco Webex Meetings Desktop App arbitrary program execution attempt (browser-other.rules)
 * 3:54354 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules)
 * 3:54324 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules)
 * 3:54365 <-> ENABLED <-> BROWSER-OTHER Cisco Webex Meetings Desktop App arbitrary program execution attempt (browser-other.rules)
 * 3:54349 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules)
 * 3:54368 <-> ENABLED <-> BROWSER-OTHER Cisco Webex Meetings Desktop App arbitrary program execution attempt (browser-other.rules)
 * 3:54363 <-> ENABLED <-> BROWSER-OTHER Cisco Webex Meetings Desktop App arbitrary program execution attempt (browser-other.rules)
 * 3:54322 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules)
 * 3:54361 <-> ENABLED <-> BROWSER-OTHER Cisco Webex Meetings Desktop App arbitrary program execution attempt (browser-other.rules)
 * 3:54323 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules)
 * 3:54364 <-> ENABLED <-> BROWSER-OTHER Cisco Webex Meetings Desktop App arbitrary program execution attempt (browser-other.rules)
 * 3:54359 <-> ENABLED <-> BROWSER-OTHER Cisco Webex Meetings Desktop App arbitrary program execution attempt (browser-other.rules)
 * 3:54362 <-> ENABLED <-> BROWSER-OTHER Cisco Webex Meetings Desktop App arbitrary program execution attempt (browser-other.rules)
 * 3:54326 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules)
 * 3:54346 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules)
 * 3:54327 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules)
 * 3:54325 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules)
 * 3:54341 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules)
 * 3:54330 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules)
 * 3:54339 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules)
 * 3:54328 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules)
 * 3:54355 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules)
 * 3:54337 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules)
 * 3:54333 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules)
 * 3:54331 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules)
 * 3:54360 <-> ENABLED <-> BROWSER-OTHER Cisco Webex Meetings Desktop App arbitrary program execution attempt (browser-other.rules)
 * 3:54332 <-> ENABLED <-> POLICY-OTHER Cisco TelePresence API SoftwareUpgrade SystemUnit command detected (policy-other.rules)
 * 3:54321 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules)
 * 3:54371 <-> ENABLED <-> BROWSER-OTHER Cisco Webex Meetings Desktop App arbitrary program execution attempt (browser-other.rules)
 * 3:54372 <-> ENABLED <-> BROWSER-OTHER Cisco Webex Meetings Desktop App arbitrary program execution attempt (browser-other.rules)
 * 3:54370 <-> ENABLED <-> BROWSER-OTHER Cisco Webex Meetings Desktop App arbitrary program execution attempt (browser-other.rules)
 * 3:54334 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules)
 * 3:54329 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules)
 * 3:54320 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules)
 * 3:54356 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules)
 * 3:54344 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules)
 * 3:54347 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules)
 * 3:54351 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules)
 * 3:54345 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules)
 * 3:54338 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules)
 * 3:54342 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules)
 * 3:54352 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules)
 * 3:54340 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules)
 * 3:54336 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules)
 * 3:54335 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules)
 * 3:54350 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules)
 * 3:54343 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules)
 * 3:54348 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules)
 * 3:54367 <-> ENABLED <-> BROWSER-OTHER Cisco Webex Meetings Desktop App arbitrary program execution attempt (browser-other.rules)
 * 3:54353 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules)

Modified Rules: