Talos has added and modified multiple rules in the browser-ie, file-java, file-other, malware-cnc, policy-other and server-webapp rule sets to provide coverage for emerging threats from these technologies.
For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091701.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:51924 <-> DISABLED <-> SERVER-WEBAPP YouPHPTube getImage.php command injection attempt (server-webapp.rules) * 1:51925 <-> DISABLED <-> SERVER-WEBAPP YouPHPTube getImageMP4.php command injection attempt (server-webapp.rules) * 1:51926 <-> DISABLED <-> SERVER-WEBAPP YouPHPTube getSpiritsFromVideo.php command injection attempt (server-webapp.rules) * 1:51927 <-> DISABLED <-> SERVER-WEBAPP YouPHPTube getSpiritsFromVideo.php command injection attempt (server-webapp.rules) * 1:51928 <-> DISABLED <-> SERVER-WEBAPP YouPHPTube getSpiritsFromVideo.php command injection attempt (server-webapp.rules) * 1:57570 <-> DISABLED <-> SERVER-WEBAPP WordPRess DZS Video Gallery directory traversal attempt (server-webapp.rules) * 1:57571 <-> DISABLED <-> SERVER-WEBAPP WordPRess DZS Video Gallery directory traversal attempt (server-webapp.rules) * 1:57572 <-> DISABLED <-> SERVER-WEBAPP WordPRess DZS Video Gallery directory traversal attempt (server-webapp.rules) * 1:57573 <-> DISABLED <-> SERVER-WEBAPP WordPress DZS Video Gallery remote file include attempt (server-webapp.rules) * 1:57574 <-> DISABLED <-> SERVER-WEBAPP WordPress DZS Video Gallery remote file include attempt (server-webapp.rules) * 1:57575 <-> DISABLED <-> POLICY-OTHER SSL certificate upload attempt (policy-other.rules) * 1:57577 <-> DISABLED <-> MALWARE-CNC Win.Trojan.IcedID outbound connection attempt (malware-cnc.rules) * 1:57578 <-> DISABLED <-> SERVER-OTHER PHP DateTime object timezone type confusion attempt (server-other.rules) * 3:57576 <-> ENABLED <-> SERVER-WEBAPP Cisco Elastic Services Controller authentication bypass attempt (server-webapp.rules)
* 1:49116 <-> DISABLED <-> FILE-JAVA Oracle Java JPEGImageWriter memory corruption attempt (file-java.rules) * 1:45907 <-> ENABLED <-> MALWARE-CNC Cobalt Strike DNS beacon outbound TXT record (malware-cnc.rules) * 1:51724 <-> DISABLED <-> SERVER-OTHER Novell Remote Manager off-by-one denial of service attempt (server-other.rules) * 1:49117 <-> DISABLED <-> FILE-JAVA Oracle Java JPEGImageWriter memory corruption attempt (file-java.rules) * 1:17365 <-> DISABLED <-> FILE-OTHER Microsoft Windows Help Workshop CNT Help contents buffer overflow attempt (file-other.rules) * 1:53347 <-> ENABLED <-> SERVER-WEBAPP Microsoft Exchange Control Panel remote code execution attempt (server-webapp.rules) * 1:53349 <-> ENABLED <-> SERVER-WEBAPP Microsoft Exchange Control Panel remote code execution attempt (server-webapp.rules) * 1:53351 <-> ENABLED <-> SERVER-WEBAPP Microsoft Exchange Control Panel remote code execution attempt (server-webapp.rules) * 1:53380 <-> ENABLED <-> SERVER-WEBAPP Microsoft Exchange Control Panel remote code execution attempt (server-webapp.rules) * 1:29215 <-> DISABLED <-> FILE-JAVA Oracle Java sun.awt.image.ImageRepresentation.setPixels integer overflow attempt (file-java.rules) * 1:29973 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bublik.Zusy runtime detection (malware-cnc.rules) * 1:31200 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer summary node swap use after free attempt (browser-ie.rules) * 1:31201 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer summary node swap use after free attempt (browser-ie.rules) * 1:53971 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Andariel outbound connection attempt (malware-cnc.rules) * 1:34951 <-> DISABLED <-> SERVER-OTHER PHP DateTime object timezone type confusion attempt (server-other.rules) * 1:50459 <-> DISABLED <-> FILE-JAVA Oracle Java AtomicReferenceFieldUpdater remote code execution attempt (file-java.rules) * 1:50460 <-> DISABLED <-> FILE-JAVA Oracle Java AtomicReferenceFieldUpdater remote code execution attempt (file-java.rules) * 3:50117 <-> ENABLED <-> SERVER-WEBAPP Cisco IOS XE Web UI command injection attempt (server-webapp.rules) * 3:50037 <-> ENABLED <-> SERVER-WEBAPP Cisco Elastic Services Controller authentication bypass attempt (server-webapp.rules) * 3:50320 <-> ENABLED <-> SERVER-OTHER Cisco Unified Communications Manager denial of service attempt (server-other.rules) * 3:55833 <-> ENABLED <-> POLICY-OTHER Cisco IOS XE WebUI restricted character in authentication detected (policy-other.rules) * 3:49363 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0786 attack attempt (server-webapp.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091700.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:51928 <-> DISABLED <-> SERVER-WEBAPP YouPHPTube getSpiritsFromVideo.php command injection attempt (server-webapp.rules) * 1:57578 <-> DISABLED <-> SERVER-OTHER PHP DateTime object timezone type confusion attempt (server-other.rules) * 1:51927 <-> DISABLED <-> SERVER-WEBAPP YouPHPTube getSpiritsFromVideo.php command injection attempt (server-webapp.rules) * 1:51924 <-> DISABLED <-> SERVER-WEBAPP YouPHPTube getImage.php command injection attempt (server-webapp.rules) * 1:51925 <-> DISABLED <-> SERVER-WEBAPP YouPHPTube getImageMP4.php command injection attempt (server-webapp.rules) * 1:57571 <-> DISABLED <-> SERVER-WEBAPP WordPRess DZS Video Gallery directory traversal attempt (server-webapp.rules) * 1:57572 <-> DISABLED <-> SERVER-WEBAPP WordPRess DZS Video Gallery directory traversal attempt (server-webapp.rules) * 1:57573 <-> DISABLED <-> SERVER-WEBAPP WordPress DZS Video Gallery remote file include attempt (server-webapp.rules) * 1:51926 <-> DISABLED <-> SERVER-WEBAPP YouPHPTube getSpiritsFromVideo.php command injection attempt (server-webapp.rules) * 1:57574 <-> DISABLED <-> SERVER-WEBAPP WordPress DZS Video Gallery remote file include attempt (server-webapp.rules) * 1:57575 <-> DISABLED <-> POLICY-OTHER SSL certificate upload attempt (policy-other.rules) * 1:57570 <-> DISABLED <-> SERVER-WEBAPP WordPRess DZS Video Gallery directory traversal attempt (server-webapp.rules) * 1:57577 <-> DISABLED <-> MALWARE-CNC Win.Trojan.IcedID outbound connection attempt (malware-cnc.rules) * 3:57576 <-> ENABLED <-> SERVER-WEBAPP Cisco Elastic Services Controller authentication bypass attempt (server-webapp.rules)
* 1:53349 <-> ENABLED <-> SERVER-WEBAPP Microsoft Exchange Control Panel remote code execution attempt (server-webapp.rules) * 1:17365 <-> DISABLED <-> FILE-OTHER Microsoft Windows Help Workshop CNT Help contents buffer overflow attempt (file-other.rules) * 1:45907 <-> ENABLED <-> MALWARE-CNC Cobalt Strike DNS beacon outbound TXT record (malware-cnc.rules) * 1:49117 <-> DISABLED <-> FILE-JAVA Oracle Java JPEGImageWriter memory corruption attempt (file-java.rules) * 1:53347 <-> ENABLED <-> SERVER-WEBAPP Microsoft Exchange Control Panel remote code execution attempt (server-webapp.rules) * 1:29973 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bublik.Zusy runtime detection (malware-cnc.rules) * 1:29215 <-> DISABLED <-> FILE-JAVA Oracle Java sun.awt.image.ImageRepresentation.setPixels integer overflow attempt (file-java.rules) * 1:31200 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer summary node swap use after free attempt (browser-ie.rules) * 1:31201 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer summary node swap use after free attempt (browser-ie.rules) * 1:51724 <-> DISABLED <-> SERVER-OTHER Novell Remote Manager off-by-one denial of service attempt (server-other.rules) * 1:49116 <-> DISABLED <-> FILE-JAVA Oracle Java JPEGImageWriter memory corruption attempt (file-java.rules) * 1:50459 <-> DISABLED <-> FILE-JAVA Oracle Java AtomicReferenceFieldUpdater remote code execution attempt (file-java.rules) * 1:50460 <-> DISABLED <-> FILE-JAVA Oracle Java AtomicReferenceFieldUpdater remote code execution attempt (file-java.rules) * 1:34951 <-> DISABLED <-> SERVER-OTHER PHP DateTime object timezone type confusion attempt (server-other.rules) * 1:53351 <-> ENABLED <-> SERVER-WEBAPP Microsoft Exchange Control Panel remote code execution attempt (server-webapp.rules) * 1:53380 <-> ENABLED <-> SERVER-WEBAPP Microsoft Exchange Control Panel remote code execution attempt (server-webapp.rules) * 1:53971 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Andariel outbound connection attempt (malware-cnc.rules) * 3:50037 <-> ENABLED <-> SERVER-WEBAPP Cisco Elastic Services Controller authentication bypass attempt (server-webapp.rules) * 3:50320 <-> ENABLED <-> SERVER-OTHER Cisco Unified Communications Manager denial of service attempt (server-other.rules) * 3:55833 <-> ENABLED <-> POLICY-OTHER Cisco IOS XE WebUI restricted character in authentication detected (policy-other.rules) * 3:50117 <-> ENABLED <-> SERVER-WEBAPP Cisco IOS XE Web UI command injection attempt (server-webapp.rules) * 3:49363 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0786 attack attempt (server-webapp.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091601.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:57573 <-> DISABLED <-> SERVER-WEBAPP WordPress DZS Video Gallery remote file include attempt (server-webapp.rules) * 1:57574 <-> DISABLED <-> SERVER-WEBAPP WordPress DZS Video Gallery remote file include attempt (server-webapp.rules) * 1:57570 <-> DISABLED <-> SERVER-WEBAPP WordPRess DZS Video Gallery directory traversal attempt (server-webapp.rules) * 1:57571 <-> DISABLED <-> SERVER-WEBAPP WordPRess DZS Video Gallery directory traversal attempt (server-webapp.rules) * 1:51924 <-> DISABLED <-> SERVER-WEBAPP YouPHPTube getImage.php command injection attempt (server-webapp.rules) * 1:57575 <-> DISABLED <-> POLICY-OTHER SSL certificate upload attempt (policy-other.rules) * 1:57577 <-> DISABLED <-> MALWARE-CNC Win.Trojan.IcedID outbound connection attempt (malware-cnc.rules) * 1:57578 <-> DISABLED <-> SERVER-OTHER PHP DateTime object timezone type confusion attempt (server-other.rules) * 1:57572 <-> DISABLED <-> SERVER-WEBAPP WordPRess DZS Video Gallery directory traversal attempt (server-webapp.rules) * 1:51928 <-> DISABLED <-> SERVER-WEBAPP YouPHPTube getSpiritsFromVideo.php command injection attempt (server-webapp.rules) * 1:51925 <-> DISABLED <-> SERVER-WEBAPP YouPHPTube getImageMP4.php command injection attempt (server-webapp.rules) * 1:51926 <-> DISABLED <-> SERVER-WEBAPP YouPHPTube getSpiritsFromVideo.php command injection attempt (server-webapp.rules) * 1:51927 <-> DISABLED <-> SERVER-WEBAPP YouPHPTube getSpiritsFromVideo.php command injection attempt (server-webapp.rules) * 3:57576 <-> ENABLED <-> SERVER-WEBAPP Cisco Elastic Services Controller authentication bypass attempt (server-webapp.rules)
* 1:45907 <-> ENABLED <-> MALWARE-CNC Cobalt Strike DNS beacon outbound TXT record (malware-cnc.rules) * 1:31200 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer summary node swap use after free attempt (browser-ie.rules) * 1:29973 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bublik.Zusy runtime detection (malware-cnc.rules) * 1:51724 <-> DISABLED <-> SERVER-OTHER Novell Remote Manager off-by-one denial of service attempt (server-other.rules) * 1:49117 <-> DISABLED <-> FILE-JAVA Oracle Java JPEGImageWriter memory corruption attempt (file-java.rules) * 1:53380 <-> ENABLED <-> SERVER-WEBAPP Microsoft Exchange Control Panel remote code execution attempt (server-webapp.rules) * 1:49116 <-> DISABLED <-> FILE-JAVA Oracle Java JPEGImageWriter memory corruption attempt (file-java.rules) * 1:29215 <-> DISABLED <-> FILE-JAVA Oracle Java sun.awt.image.ImageRepresentation.setPixels integer overflow attempt (file-java.rules) * 1:53971 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Andariel outbound connection attempt (malware-cnc.rules) * 1:53347 <-> ENABLED <-> SERVER-WEBAPP Microsoft Exchange Control Panel remote code execution attempt (server-webapp.rules) * 1:50459 <-> DISABLED <-> FILE-JAVA Oracle Java AtomicReferenceFieldUpdater remote code execution attempt (file-java.rules) * 1:53351 <-> ENABLED <-> SERVER-WEBAPP Microsoft Exchange Control Panel remote code execution attempt (server-webapp.rules) * 1:53349 <-> ENABLED <-> SERVER-WEBAPP Microsoft Exchange Control Panel remote code execution attempt (server-webapp.rules) * 1:31201 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer summary node swap use after free attempt (browser-ie.rules) * 1:17365 <-> DISABLED <-> FILE-OTHER Microsoft Windows Help Workshop CNT Help contents buffer overflow attempt (file-other.rules) * 1:34951 <-> DISABLED <-> SERVER-OTHER PHP DateTime object timezone type confusion attempt (server-other.rules) * 1:50460 <-> DISABLED <-> FILE-JAVA Oracle Java AtomicReferenceFieldUpdater remote code execution attempt (file-java.rules) * 3:50320 <-> ENABLED <-> SERVER-OTHER Cisco Unified Communications Manager denial of service attempt (server-other.rules) * 3:50117 <-> ENABLED <-> SERVER-WEBAPP Cisco IOS XE Web UI command injection attempt (server-webapp.rules) * 3:49363 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0786 attack attempt (server-webapp.rules) * 3:55833 <-> ENABLED <-> POLICY-OTHER Cisco IOS XE WebUI restricted character in authentication detected (policy-other.rules) * 3:50037 <-> ENABLED <-> SERVER-WEBAPP Cisco Elastic Services Controller authentication bypass attempt (server-webapp.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091600.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:57577 <-> DISABLED <-> MALWARE-CNC Win.Trojan.IcedID outbound connection attempt (malware-cnc.rules) * 1:57570 <-> DISABLED <-> SERVER-WEBAPP WordPRess DZS Video Gallery directory traversal attempt (server-webapp.rules) * 1:57578 <-> DISABLED <-> SERVER-OTHER PHP DateTime object timezone type confusion attempt (server-other.rules) * 1:51924 <-> DISABLED <-> SERVER-WEBAPP YouPHPTube getImage.php command injection attempt (server-webapp.rules) * 1:51926 <-> DISABLED <-> SERVER-WEBAPP YouPHPTube getSpiritsFromVideo.php command injection attempt (server-webapp.rules) * 1:57571 <-> DISABLED <-> SERVER-WEBAPP WordPRess DZS Video Gallery directory traversal attempt (server-webapp.rules) * 1:57572 <-> DISABLED <-> SERVER-WEBAPP WordPRess DZS Video Gallery directory traversal attempt (server-webapp.rules) * 1:57573 <-> DISABLED <-> SERVER-WEBAPP WordPress DZS Video Gallery remote file include attempt (server-webapp.rules) * 1:51925 <-> DISABLED <-> SERVER-WEBAPP YouPHPTube getImageMP4.php command injection attempt (server-webapp.rules) * 1:57574 <-> DISABLED <-> SERVER-WEBAPP WordPress DZS Video Gallery remote file include attempt (server-webapp.rules) * 1:57575 <-> DISABLED <-> POLICY-OTHER SSL certificate upload attempt (policy-other.rules) * 1:51928 <-> DISABLED <-> SERVER-WEBAPP YouPHPTube getSpiritsFromVideo.php command injection attempt (server-webapp.rules) * 1:51927 <-> DISABLED <-> SERVER-WEBAPP YouPHPTube getSpiritsFromVideo.php command injection attempt (server-webapp.rules) * 3:57576 <-> ENABLED <-> SERVER-WEBAPP Cisco Elastic Services Controller authentication bypass attempt (server-webapp.rules)
* 1:29215 <-> DISABLED <-> FILE-JAVA Oracle Java sun.awt.image.ImageRepresentation.setPixels integer overflow attempt (file-java.rules) * 1:53351 <-> ENABLED <-> SERVER-WEBAPP Microsoft Exchange Control Panel remote code execution attempt (server-webapp.rules) * 1:53380 <-> ENABLED <-> SERVER-WEBAPP Microsoft Exchange Control Panel remote code execution attempt (server-webapp.rules) * 1:17365 <-> DISABLED <-> FILE-OTHER Microsoft Windows Help Workshop CNT Help contents buffer overflow attempt (file-other.rules) * 1:29973 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bublik.Zusy runtime detection (malware-cnc.rules) * 1:45907 <-> ENABLED <-> MALWARE-CNC Cobalt Strike DNS beacon outbound TXT record (malware-cnc.rules) * 1:49117 <-> DISABLED <-> FILE-JAVA Oracle Java JPEGImageWriter memory corruption attempt (file-java.rules) * 1:53971 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Andariel outbound connection attempt (malware-cnc.rules) * 1:51724 <-> DISABLED <-> SERVER-OTHER Novell Remote Manager off-by-one denial of service attempt (server-other.rules) * 1:31201 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer summary node swap use after free attempt (browser-ie.rules) * 1:49116 <-> DISABLED <-> FILE-JAVA Oracle Java JPEGImageWriter memory corruption attempt (file-java.rules) * 1:50460 <-> DISABLED <-> FILE-JAVA Oracle Java AtomicReferenceFieldUpdater remote code execution attempt (file-java.rules) * 1:50459 <-> DISABLED <-> FILE-JAVA Oracle Java AtomicReferenceFieldUpdater remote code execution attempt (file-java.rules) * 1:31200 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer summary node swap use after free attempt (browser-ie.rules) * 1:53349 <-> ENABLED <-> SERVER-WEBAPP Microsoft Exchange Control Panel remote code execution attempt (server-webapp.rules) * 1:53347 <-> ENABLED <-> SERVER-WEBAPP Microsoft Exchange Control Panel remote code execution attempt (server-webapp.rules) * 1:34951 <-> DISABLED <-> SERVER-OTHER PHP DateTime object timezone type confusion attempt (server-other.rules) * 3:50117 <-> ENABLED <-> SERVER-WEBAPP Cisco IOS XE Web UI command injection attempt (server-webapp.rules) * 3:50320 <-> ENABLED <-> SERVER-OTHER Cisco Unified Communications Manager denial of service attempt (server-other.rules) * 3:49363 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0786 attack attempt (server-webapp.rules) * 3:50037 <-> ENABLED <-> SERVER-WEBAPP Cisco Elastic Services Controller authentication bypass attempt (server-webapp.rules) * 3:55833 <-> ENABLED <-> POLICY-OTHER Cisco IOS XE WebUI restricted character in authentication detected (policy-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091501.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:57570 <-> DISABLED <-> SERVER-WEBAPP WordPRess DZS Video Gallery directory traversal attempt (server-webapp.rules) * 1:57573 <-> DISABLED <-> SERVER-WEBAPP WordPress DZS Video Gallery remote file include attempt (server-webapp.rules) * 1:57578 <-> DISABLED <-> SERVER-OTHER PHP DateTime object timezone type confusion attempt (server-other.rules) * 1:57572 <-> DISABLED <-> SERVER-WEBAPP WordPRess DZS Video Gallery directory traversal attempt (server-webapp.rules) * 1:51927 <-> DISABLED <-> SERVER-WEBAPP YouPHPTube getSpiritsFromVideo.php command injection attempt (server-webapp.rules) * 1:57574 <-> DISABLED <-> SERVER-WEBAPP WordPress DZS Video Gallery remote file include attempt (server-webapp.rules) * 1:57577 <-> DISABLED <-> MALWARE-CNC Win.Trojan.IcedID outbound connection attempt (malware-cnc.rules) * 1:57575 <-> DISABLED <-> POLICY-OTHER SSL certificate upload attempt (policy-other.rules) * 1:51925 <-> DISABLED <-> SERVER-WEBAPP YouPHPTube getImageMP4.php command injection attempt (server-webapp.rules) * 1:51926 <-> DISABLED <-> SERVER-WEBAPP YouPHPTube getSpiritsFromVideo.php command injection attempt (server-webapp.rules) * 1:51924 <-> DISABLED <-> SERVER-WEBAPP YouPHPTube getImage.php command injection attempt (server-webapp.rules) * 1:51928 <-> DISABLED <-> SERVER-WEBAPP YouPHPTube getSpiritsFromVideo.php command injection attempt (server-webapp.rules) * 1:57571 <-> DISABLED <-> SERVER-WEBAPP WordPRess DZS Video Gallery directory traversal attempt (server-webapp.rules) * 3:57576 <-> ENABLED <-> SERVER-WEBAPP Cisco Elastic Services Controller authentication bypass attempt (server-webapp.rules)
* 1:34951 <-> DISABLED <-> SERVER-OTHER PHP DateTime object timezone type confusion attempt (server-other.rules) * 1:53347 <-> ENABLED <-> SERVER-WEBAPP Microsoft Exchange Control Panel remote code execution attempt (server-webapp.rules) * 1:29215 <-> DISABLED <-> FILE-JAVA Oracle Java sun.awt.image.ImageRepresentation.setPixels integer overflow attempt (file-java.rules) * 1:31201 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer summary node swap use after free attempt (browser-ie.rules) * 1:29973 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bublik.Zusy runtime detection (malware-cnc.rules) * 1:45907 <-> ENABLED <-> MALWARE-CNC Cobalt Strike DNS beacon outbound TXT record (malware-cnc.rules) * 1:17365 <-> DISABLED <-> FILE-OTHER Microsoft Windows Help Workshop CNT Help contents buffer overflow attempt (file-other.rules) * 1:49116 <-> DISABLED <-> FILE-JAVA Oracle Java JPEGImageWriter memory corruption attempt (file-java.rules) * 1:53349 <-> ENABLED <-> SERVER-WEBAPP Microsoft Exchange Control Panel remote code execution attempt (server-webapp.rules) * 1:51724 <-> DISABLED <-> SERVER-OTHER Novell Remote Manager off-by-one denial of service attempt (server-other.rules) * 1:31200 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer summary node swap use after free attempt (browser-ie.rules) * 1:53351 <-> ENABLED <-> SERVER-WEBAPP Microsoft Exchange Control Panel remote code execution attempt (server-webapp.rules) * 1:53971 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Andariel outbound connection attempt (malware-cnc.rules) * 1:50459 <-> DISABLED <-> FILE-JAVA Oracle Java AtomicReferenceFieldUpdater remote code execution attempt (file-java.rules) * 1:50460 <-> DISABLED <-> FILE-JAVA Oracle Java AtomicReferenceFieldUpdater remote code execution attempt (file-java.rules) * 1:53380 <-> ENABLED <-> SERVER-WEBAPP Microsoft Exchange Control Panel remote code execution attempt (server-webapp.rules) * 1:49117 <-> DISABLED <-> FILE-JAVA Oracle Java JPEGImageWriter memory corruption attempt (file-java.rules) * 3:49363 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0786 attack attempt (server-webapp.rules) * 3:50117 <-> ENABLED <-> SERVER-WEBAPP Cisco IOS XE Web UI command injection attempt (server-webapp.rules) * 3:55833 <-> ENABLED <-> POLICY-OTHER Cisco IOS XE WebUI restricted character in authentication detected (policy-other.rules) * 3:50037 <-> ENABLED <-> SERVER-WEBAPP Cisco Elastic Services Controller authentication bypass attempt (server-webapp.rules) * 3:50320 <-> ENABLED <-> SERVER-OTHER Cisco Unified Communications Manager denial of service attempt (server-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091500.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:57573 <-> DISABLED <-> SERVER-WEBAPP WordPress DZS Video Gallery remote file include attempt (server-webapp.rules) * 1:51926 <-> DISABLED <-> SERVER-WEBAPP YouPHPTube getSpiritsFromVideo.php command injection attempt (server-webapp.rules) * 1:51927 <-> DISABLED <-> SERVER-WEBAPP YouPHPTube getSpiritsFromVideo.php command injection attempt (server-webapp.rules) * 1:57572 <-> DISABLED <-> SERVER-WEBAPP WordPRess DZS Video Gallery directory traversal attempt (server-webapp.rules) * 1:51928 <-> DISABLED <-> SERVER-WEBAPP YouPHPTube getSpiritsFromVideo.php command injection attempt (server-webapp.rules) * 1:57574 <-> DISABLED <-> SERVER-WEBAPP WordPress DZS Video Gallery remote file include attempt (server-webapp.rules) * 1:57575 <-> DISABLED <-> POLICY-OTHER SSL certificate upload attempt (policy-other.rules) * 1:57577 <-> DISABLED <-> MALWARE-CNC Win.Trojan.IcedID outbound connection attempt (malware-cnc.rules) * 1:57578 <-> DISABLED <-> SERVER-OTHER PHP DateTime object timezone type confusion attempt (server-other.rules) * 1:57571 <-> DISABLED <-> SERVER-WEBAPP WordPRess DZS Video Gallery directory traversal attempt (server-webapp.rules) * 1:51925 <-> DISABLED <-> SERVER-WEBAPP YouPHPTube getImageMP4.php command injection attempt (server-webapp.rules) * 1:57570 <-> DISABLED <-> SERVER-WEBAPP WordPRess DZS Video Gallery directory traversal attempt (server-webapp.rules) * 1:51924 <-> DISABLED <-> SERVER-WEBAPP YouPHPTube getImage.php command injection attempt (server-webapp.rules) * 3:57576 <-> ENABLED <-> SERVER-WEBAPP Cisco Elastic Services Controller authentication bypass attempt (server-webapp.rules)
* 1:45907 <-> ENABLED <-> MALWARE-CNC Cobalt Strike DNS beacon outbound TXT record (malware-cnc.rules) * 1:51724 <-> DISABLED <-> SERVER-OTHER Novell Remote Manager off-by-one denial of service attempt (server-other.rules) * 1:50460 <-> DISABLED <-> FILE-JAVA Oracle Java AtomicReferenceFieldUpdater remote code execution attempt (file-java.rules) * 1:49117 <-> DISABLED <-> FILE-JAVA Oracle Java JPEGImageWriter memory corruption attempt (file-java.rules) * 1:53347 <-> ENABLED <-> SERVER-WEBAPP Microsoft Exchange Control Panel remote code execution attempt (server-webapp.rules) * 1:49116 <-> DISABLED <-> FILE-JAVA Oracle Java JPEGImageWriter memory corruption attempt (file-java.rules) * 1:53351 <-> ENABLED <-> SERVER-WEBAPP Microsoft Exchange Control Panel remote code execution attempt (server-webapp.rules) * 1:29215 <-> DISABLED <-> FILE-JAVA Oracle Java sun.awt.image.ImageRepresentation.setPixels integer overflow attempt (file-java.rules) * 1:50459 <-> DISABLED <-> FILE-JAVA Oracle Java AtomicReferenceFieldUpdater remote code execution attempt (file-java.rules) * 1:34951 <-> DISABLED <-> SERVER-OTHER PHP DateTime object timezone type confusion attempt (server-other.rules) * 1:53380 <-> ENABLED <-> SERVER-WEBAPP Microsoft Exchange Control Panel remote code execution attempt (server-webapp.rules) * 1:53349 <-> ENABLED <-> SERVER-WEBAPP Microsoft Exchange Control Panel remote code execution attempt (server-webapp.rules) * 1:53971 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Andariel outbound connection attempt (malware-cnc.rules) * 1:31201 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer summary node swap use after free attempt (browser-ie.rules) * 1:17365 <-> DISABLED <-> FILE-OTHER Microsoft Windows Help Workshop CNT Help contents buffer overflow attempt (file-other.rules) * 1:29973 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bublik.Zusy runtime detection (malware-cnc.rules) * 1:31200 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer summary node swap use after free attempt (browser-ie.rules) * 3:55833 <-> ENABLED <-> POLICY-OTHER Cisco IOS XE WebUI restricted character in authentication detected (policy-other.rules) * 3:49363 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0786 attack attempt (server-webapp.rules) * 3:50117 <-> ENABLED <-> SERVER-WEBAPP Cisco IOS XE Web UI command injection attempt (server-webapp.rules) * 3:50037 <-> ENABLED <-> SERVER-WEBAPP Cisco Elastic Services Controller authentication bypass attempt (server-webapp.rules) * 3:50320 <-> ENABLED <-> SERVER-OTHER Cisco Unified Communications Manager denial of service attempt (server-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091401.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:57577 <-> DISABLED <-> MALWARE-CNC Win.Trojan.IcedID outbound connection attempt (malware-cnc.rules) * 1:51925 <-> DISABLED <-> SERVER-WEBAPP YouPHPTube getImageMP4.php command injection attempt (server-webapp.rules) * 1:57573 <-> DISABLED <-> SERVER-WEBAPP WordPress DZS Video Gallery remote file include attempt (server-webapp.rules) * 1:57575 <-> DISABLED <-> POLICY-OTHER SSL certificate upload attempt (policy-other.rules) * 1:57574 <-> DISABLED <-> SERVER-WEBAPP WordPress DZS Video Gallery remote file include attempt (server-webapp.rules) * 1:57570 <-> DISABLED <-> SERVER-WEBAPP WordPRess DZS Video Gallery directory traversal attempt (server-webapp.rules) * 1:57572 <-> DISABLED <-> SERVER-WEBAPP WordPRess DZS Video Gallery directory traversal attempt (server-webapp.rules) * 1:51924 <-> DISABLED <-> SERVER-WEBAPP YouPHPTube getImage.php command injection attempt (server-webapp.rules) * 1:51928 <-> DISABLED <-> SERVER-WEBAPP YouPHPTube getSpiritsFromVideo.php command injection attempt (server-webapp.rules) * 1:57571 <-> DISABLED <-> SERVER-WEBAPP WordPRess DZS Video Gallery directory traversal attempt (server-webapp.rules) * 1:57578 <-> DISABLED <-> SERVER-OTHER PHP DateTime object timezone type confusion attempt (server-other.rules) * 1:51927 <-> DISABLED <-> SERVER-WEBAPP YouPHPTube getSpiritsFromVideo.php command injection attempt (server-webapp.rules) * 1:51926 <-> DISABLED <-> SERVER-WEBAPP YouPHPTube getSpiritsFromVideo.php command injection attempt (server-webapp.rules) * 3:57576 <-> ENABLED <-> SERVER-WEBAPP Cisco Elastic Services Controller authentication bypass attempt (server-webapp.rules)
* 1:50460 <-> DISABLED <-> FILE-JAVA Oracle Java AtomicReferenceFieldUpdater remote code execution attempt (file-java.rules) * 1:53380 <-> ENABLED <-> SERVER-WEBAPP Microsoft Exchange Control Panel remote code execution attempt (server-webapp.rules) * 1:49116 <-> DISABLED <-> FILE-JAVA Oracle Java JPEGImageWriter memory corruption attempt (file-java.rules) * 1:34951 <-> DISABLED <-> SERVER-OTHER PHP DateTime object timezone type confusion attempt (server-other.rules) * 1:29215 <-> DISABLED <-> FILE-JAVA Oracle Java sun.awt.image.ImageRepresentation.setPixels integer overflow attempt (file-java.rules) * 1:50459 <-> DISABLED <-> FILE-JAVA Oracle Java AtomicReferenceFieldUpdater remote code execution attempt (file-java.rules) * 1:17365 <-> DISABLED <-> FILE-OTHER Microsoft Windows Help Workshop CNT Help contents buffer overflow attempt (file-other.rules) * 1:45907 <-> ENABLED <-> MALWARE-CNC Cobalt Strike DNS beacon outbound TXT record (malware-cnc.rules) * 1:29973 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bublik.Zusy runtime detection (malware-cnc.rules) * 1:53351 <-> ENABLED <-> SERVER-WEBAPP Microsoft Exchange Control Panel remote code execution attempt (server-webapp.rules) * 1:53349 <-> ENABLED <-> SERVER-WEBAPP Microsoft Exchange Control Panel remote code execution attempt (server-webapp.rules) * 1:53347 <-> ENABLED <-> SERVER-WEBAPP Microsoft Exchange Control Panel remote code execution attempt (server-webapp.rules) * 1:31201 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer summary node swap use after free attempt (browser-ie.rules) * 1:51724 <-> DISABLED <-> SERVER-OTHER Novell Remote Manager off-by-one denial of service attempt (server-other.rules) * 1:53971 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Andariel outbound connection attempt (malware-cnc.rules) * 1:49117 <-> DISABLED <-> FILE-JAVA Oracle Java JPEGImageWriter memory corruption attempt (file-java.rules) * 1:31200 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer summary node swap use after free attempt (browser-ie.rules) * 3:55833 <-> ENABLED <-> POLICY-OTHER Cisco IOS XE WebUI restricted character in authentication detected (policy-other.rules) * 3:50117 <-> ENABLED <-> SERVER-WEBAPP Cisco IOS XE Web UI command injection attempt (server-webapp.rules) * 3:50320 <-> ENABLED <-> SERVER-OTHER Cisco Unified Communications Manager denial of service attempt (server-other.rules) * 3:50037 <-> ENABLED <-> SERVER-WEBAPP Cisco Elastic Services Controller authentication bypass attempt (server-webapp.rules) * 3:49363 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0786 attack attempt (server-webapp.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091300.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:51926 <-> DISABLED <-> SERVER-WEBAPP YouPHPTube getSpiritsFromVideo.php command injection attempt (server-webapp.rules) * 1:51925 <-> DISABLED <-> SERVER-WEBAPP YouPHPTube getImageMP4.php command injection attempt (server-webapp.rules) * 1:51928 <-> DISABLED <-> SERVER-WEBAPP YouPHPTube getSpiritsFromVideo.php command injection attempt (server-webapp.rules) * 1:57573 <-> DISABLED <-> SERVER-WEBAPP WordPress DZS Video Gallery remote file include attempt (server-webapp.rules) * 1:57570 <-> DISABLED <-> SERVER-WEBAPP WordPRess DZS Video Gallery directory traversal attempt (server-webapp.rules) * 1:57572 <-> DISABLED <-> SERVER-WEBAPP WordPRess DZS Video Gallery directory traversal attempt (server-webapp.rules) * 1:57574 <-> DISABLED <-> SERVER-WEBAPP WordPress DZS Video Gallery remote file include attempt (server-webapp.rules) * 1:57578 <-> DISABLED <-> SERVER-OTHER PHP DateTime object timezone type confusion attempt (server-other.rules) * 1:57571 <-> DISABLED <-> SERVER-WEBAPP WordPRess DZS Video Gallery directory traversal attempt (server-webapp.rules) * 1:57575 <-> DISABLED <-> POLICY-OTHER SSL certificate upload attempt (policy-other.rules) * 1:57577 <-> DISABLED <-> MALWARE-CNC Win.Trojan.IcedID outbound connection attempt (malware-cnc.rules) * 1:51927 <-> DISABLED <-> SERVER-WEBAPP YouPHPTube getSpiritsFromVideo.php command injection attempt (server-webapp.rules) * 1:51924 <-> DISABLED <-> SERVER-WEBAPP YouPHPTube getImage.php command injection attempt (server-webapp.rules) * 3:57576 <-> ENABLED <-> SERVER-WEBAPP Cisco Elastic Services Controller authentication bypass attempt (server-webapp.rules)
* 1:53347 <-> ENABLED <-> SERVER-WEBAPP Microsoft Exchange Control Panel remote code execution attempt (server-webapp.rules) * 1:49117 <-> DISABLED <-> FILE-JAVA Oracle Java JPEGImageWriter memory corruption attempt (file-java.rules) * 1:51724 <-> DISABLED <-> SERVER-OTHER Novell Remote Manager off-by-one denial of service attempt (server-other.rules) * 1:17365 <-> DISABLED <-> FILE-OTHER Microsoft Windows Help Workshop CNT Help contents buffer overflow attempt (file-other.rules) * 1:53349 <-> ENABLED <-> SERVER-WEBAPP Microsoft Exchange Control Panel remote code execution attempt (server-webapp.rules) * 1:45907 <-> ENABLED <-> MALWARE-CNC Cobalt Strike DNS beacon outbound TXT record (malware-cnc.rules) * 1:53380 <-> ENABLED <-> SERVER-WEBAPP Microsoft Exchange Control Panel remote code execution attempt (server-webapp.rules) * 1:50460 <-> DISABLED <-> FILE-JAVA Oracle Java AtomicReferenceFieldUpdater remote code execution attempt (file-java.rules) * 1:50459 <-> DISABLED <-> FILE-JAVA Oracle Java AtomicReferenceFieldUpdater remote code execution attempt (file-java.rules) * 1:29215 <-> DISABLED <-> FILE-JAVA Oracle Java sun.awt.image.ImageRepresentation.setPixels integer overflow attempt (file-java.rules) * 1:29973 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bublik.Zusy runtime detection (malware-cnc.rules) * 1:31201 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer summary node swap use after free attempt (browser-ie.rules) * 1:49116 <-> DISABLED <-> FILE-JAVA Oracle Java JPEGImageWriter memory corruption attempt (file-java.rules) * 1:53351 <-> ENABLED <-> SERVER-WEBAPP Microsoft Exchange Control Panel remote code execution attempt (server-webapp.rules) * 1:53971 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Andariel outbound connection attempt (malware-cnc.rules) * 1:34951 <-> DISABLED <-> SERVER-OTHER PHP DateTime object timezone type confusion attempt (server-other.rules) * 1:31200 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer summary node swap use after free attempt (browser-ie.rules) * 3:50117 <-> ENABLED <-> SERVER-WEBAPP Cisco IOS XE Web UI command injection attempt (server-webapp.rules) * 3:50037 <-> ENABLED <-> SERVER-WEBAPP Cisco Elastic Services Controller authentication bypass attempt (server-webapp.rules) * 3:55833 <-> ENABLED <-> POLICY-OTHER Cisco IOS XE WebUI restricted character in authentication detected (policy-other.rules) * 3:49363 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0786 attack attempt (server-webapp.rules) * 3:50320 <-> ENABLED <-> SERVER-OTHER Cisco Unified Communications Manager denial of service attempt (server-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091101.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:51926 <-> DISABLED <-> SERVER-WEBAPP YouPHPTube getSpiritsFromVideo.php command injection attempt (server-webapp.rules) * 1:57573 <-> DISABLED <-> SERVER-WEBAPP WordPress DZS Video Gallery remote file include attempt (server-webapp.rules) * 1:51925 <-> DISABLED <-> SERVER-WEBAPP YouPHPTube getImageMP4.php command injection attempt (server-webapp.rules) * 1:57571 <-> DISABLED <-> SERVER-WEBAPP WordPRess DZS Video Gallery directory traversal attempt (server-webapp.rules) * 1:51928 <-> DISABLED <-> SERVER-WEBAPP YouPHPTube getSpiritsFromVideo.php command injection attempt (server-webapp.rules) * 1:51924 <-> DISABLED <-> SERVER-WEBAPP YouPHPTube getImage.php command injection attempt (server-webapp.rules) * 1:51927 <-> DISABLED <-> SERVER-WEBAPP YouPHPTube getSpiritsFromVideo.php command injection attempt (server-webapp.rules) * 1:57570 <-> DISABLED <-> SERVER-WEBAPP WordPRess DZS Video Gallery directory traversal attempt (server-webapp.rules) * 1:57572 <-> DISABLED <-> SERVER-WEBAPP WordPRess DZS Video Gallery directory traversal attempt (server-webapp.rules) * 1:57574 <-> DISABLED <-> SERVER-WEBAPP WordPress DZS Video Gallery remote file include attempt (server-webapp.rules) * 1:57575 <-> DISABLED <-> POLICY-OTHER SSL certificate upload attempt (policy-other.rules) * 1:57577 <-> DISABLED <-> MALWARE-CNC Win.Trojan.IcedID outbound connection attempt (malware-cnc.rules) * 1:57578 <-> DISABLED <-> SERVER-OTHER PHP DateTime object timezone type confusion attempt (server-other.rules) * 3:57576 <-> ENABLED <-> SERVER-WEBAPP Cisco Elastic Services Controller authentication bypass attempt (server-webapp.rules)
* 1:51724 <-> DISABLED <-> SERVER-OTHER Novell Remote Manager off-by-one denial of service attempt (server-other.rules) * 1:29973 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bublik.Zusy runtime detection (malware-cnc.rules) * 1:53351 <-> ENABLED <-> SERVER-WEBAPP Microsoft Exchange Control Panel remote code execution attempt (server-webapp.rules) * 1:17365 <-> DISABLED <-> FILE-OTHER Microsoft Windows Help Workshop CNT Help contents buffer overflow attempt (file-other.rules) * 1:50459 <-> DISABLED <-> FILE-JAVA Oracle Java AtomicReferenceFieldUpdater remote code execution attempt (file-java.rules) * 1:53347 <-> ENABLED <-> SERVER-WEBAPP Microsoft Exchange Control Panel remote code execution attempt (server-webapp.rules) * 1:53971 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Andariel outbound connection attempt (malware-cnc.rules) * 1:49117 <-> DISABLED <-> FILE-JAVA Oracle Java JPEGImageWriter memory corruption attempt (file-java.rules) * 1:53380 <-> ENABLED <-> SERVER-WEBAPP Microsoft Exchange Control Panel remote code execution attempt (server-webapp.rules) * 1:31200 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer summary node swap use after free attempt (browser-ie.rules) * 1:50460 <-> DISABLED <-> FILE-JAVA Oracle Java AtomicReferenceFieldUpdater remote code execution attempt (file-java.rules) * 1:49116 <-> DISABLED <-> FILE-JAVA Oracle Java JPEGImageWriter memory corruption attempt (file-java.rules) * 1:31201 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer summary node swap use after free attempt (browser-ie.rules) * 1:29215 <-> DISABLED <-> FILE-JAVA Oracle Java sun.awt.image.ImageRepresentation.setPixels integer overflow attempt (file-java.rules) * 1:53349 <-> ENABLED <-> SERVER-WEBAPP Microsoft Exchange Control Panel remote code execution attempt (server-webapp.rules) * 1:45907 <-> ENABLED <-> MALWARE-CNC Cobalt Strike DNS beacon outbound TXT record (malware-cnc.rules) * 1:34951 <-> DISABLED <-> SERVER-OTHER PHP DateTime object timezone type confusion attempt (server-other.rules) * 3:50320 <-> ENABLED <-> SERVER-OTHER Cisco Unified Communications Manager denial of service attempt (server-other.rules) * 3:55833 <-> ENABLED <-> POLICY-OTHER Cisco IOS XE WebUI restricted character in authentication detected (policy-other.rules) * 3:50117 <-> ENABLED <-> SERVER-WEBAPP Cisco IOS XE Web UI command injection attempt (server-webapp.rules) * 3:49363 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0786 attack attempt (server-webapp.rules) * 3:50037 <-> ENABLED <-> SERVER-WEBAPP Cisco Elastic Services Controller authentication bypass attempt (server-webapp.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3000.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:57573 <-> DISABLED <-> SERVER-WEBAPP WordPress DZS Video Gallery remote file include attempt (snort3-server-webapp.rules) * 1:51925 <-> DISABLED <-> SERVER-WEBAPP YouPHPTube getImageMP4.php command injection attempt (snort3-server-webapp.rules) * 1:57570 <-> DISABLED <-> SERVER-WEBAPP WordPRess DZS Video Gallery directory traversal attempt (snort3-server-webapp.rules) * 1:51928 <-> DISABLED <-> SERVER-WEBAPP YouPHPTube getSpiritsFromVideo.php command injection attempt (snort3-server-webapp.rules) * 1:57578 <-> DISABLED <-> SERVER-OTHER PHP DateTime object timezone type confusion attempt (snort3-server-other.rules) * 1:51926 <-> DISABLED <-> SERVER-WEBAPP YouPHPTube getSpiritsFromVideo.php command injection attempt (snort3-server-webapp.rules) * 1:51927 <-> DISABLED <-> SERVER-WEBAPP YouPHPTube getSpiritsFromVideo.php command injection attempt (snort3-server-webapp.rules) * 1:57572 <-> DISABLED <-> SERVER-WEBAPP WordPRess DZS Video Gallery directory traversal attempt (snort3-server-webapp.rules) * 1:57575 <-> DISABLED <-> POLICY-OTHER SSL certificate upload attempt (snort3-policy-other.rules) * 1:57571 <-> DISABLED <-> SERVER-WEBAPP WordPRess DZS Video Gallery directory traversal attempt (snort3-server-webapp.rules) * 1:51924 <-> DISABLED <-> SERVER-WEBAPP YouPHPTube getImage.php command injection attempt (snort3-server-webapp.rules) * 1:57574 <-> DISABLED <-> SERVER-WEBAPP WordPress DZS Video Gallery remote file include attempt (snort3-server-webapp.rules) * 1:57577 <-> DISABLED <-> MALWARE-CNC Win.Trojan.IcedID outbound connection attempt (snort3-malware-cnc.rules)
* 1:51724 <-> DISABLED <-> SERVER-OTHER Novell Remote Manager off-by-one denial of service attempt (snort3-server-other.rules) * 1:31200 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer summary node swap use after free attempt (snort3-browser-ie.rules) * 1:45907 <-> ENABLED <-> MALWARE-CNC Cobalt Strike DNS beacon outbound TXT record (snort3-malware-cnc.rules) * 1:49117 <-> DISABLED <-> FILE-JAVA Oracle Java JPEGImageWriter memory corruption attempt (snort3-file-java.rules) * 1:29973 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bublik.Zusy runtime detection (snort3-malware-cnc.rules) * 1:53351 <-> ENABLED <-> SERVER-WEBAPP Microsoft Exchange Control Panel remote code execution attempt (snort3-server-webapp.rules) * 1:29215 <-> DISABLED <-> FILE-JAVA Oracle Java sun.awt.image.ImageRepresentation.setPixels integer overflow attempt (snort3-file-java.rules) * 1:53380 <-> ENABLED <-> SERVER-WEBAPP Microsoft Exchange Control Panel remote code execution attempt (snort3-server-webapp.rules) * 1:17365 <-> DISABLED <-> FILE-OTHER Microsoft Windows Help Workshop CNT Help contents buffer overflow attempt (snort3-file-other.rules) * 1:49116 <-> DISABLED <-> FILE-JAVA Oracle Java JPEGImageWriter memory corruption attempt (snort3-file-java.rules) * 1:31201 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer summary node swap use after free attempt (snort3-browser-ie.rules) * 1:34951 <-> DISABLED <-> SERVER-OTHER PHP DateTime object timezone type confusion attempt (snort3-server-other.rules) * 1:53349 <-> ENABLED <-> SERVER-WEBAPP Microsoft Exchange Control Panel remote code execution attempt (snort3-server-webapp.rules) * 1:50459 <-> DISABLED <-> FILE-JAVA Oracle Java AtomicReferenceFieldUpdater remote code execution attempt (snort3-file-java.rules) * 1:53971 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Andariel outbound connection attempt (snort3-malware-cnc.rules) * 1:50460 <-> DISABLED <-> FILE-JAVA Oracle Java AtomicReferenceFieldUpdater remote code execution attempt (snort3-file-java.rules) * 1:53347 <-> ENABLED <-> SERVER-WEBAPP Microsoft Exchange Control Panel remote code execution attempt (snort3-server-webapp.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:57572 <-> DISABLED <-> SERVER-WEBAPP WordPRess DZS Video Gallery directory traversal attempt (server-webapp.rules) * 1:51925 <-> DISABLED <-> SERVER-WEBAPP YouPHPTube getImageMP4.php command injection attempt (server-webapp.rules) * 1:57575 <-> DISABLED <-> POLICY-OTHER SSL certificate upload attempt (policy-other.rules) * 1:51926 <-> DISABLED <-> SERVER-WEBAPP YouPHPTube getSpiritsFromVideo.php command injection attempt (server-webapp.rules) * 1:57573 <-> DISABLED <-> SERVER-WEBAPP WordPress DZS Video Gallery remote file include attempt (server-webapp.rules) * 1:51924 <-> DISABLED <-> SERVER-WEBAPP YouPHPTube getImage.php command injection attempt (server-webapp.rules) * 1:57574 <-> DISABLED <-> SERVER-WEBAPP WordPress DZS Video Gallery remote file include attempt (server-webapp.rules) * 1:57578 <-> DISABLED <-> SERVER-OTHER PHP DateTime object timezone type confusion attempt (server-other.rules) * 1:57570 <-> DISABLED <-> SERVER-WEBAPP WordPRess DZS Video Gallery directory traversal attempt (server-webapp.rules) * 1:57571 <-> DISABLED <-> SERVER-WEBAPP WordPRess DZS Video Gallery directory traversal attempt (server-webapp.rules) * 1:57577 <-> DISABLED <-> MALWARE-CNC Win.Trojan.IcedID outbound connection attempt (malware-cnc.rules) * 1:51927 <-> DISABLED <-> SERVER-WEBAPP YouPHPTube getSpiritsFromVideo.php command injection attempt (server-webapp.rules) * 1:51928 <-> DISABLED <-> SERVER-WEBAPP YouPHPTube getSpiritsFromVideo.php command injection attempt (server-webapp.rules) * 3:57576 <-> ENABLED <-> SERVER-WEBAPP Cisco Elastic Services Controller authentication bypass attempt (server-webapp.rules)
* 1:49117 <-> DISABLED <-> FILE-JAVA Oracle Java JPEGImageWriter memory corruption attempt (file-java.rules) * 1:53380 <-> ENABLED <-> SERVER-WEBAPP Microsoft Exchange Control Panel remote code execution attempt (server-webapp.rules) * 1:53351 <-> ENABLED <-> SERVER-WEBAPP Microsoft Exchange Control Panel remote code execution attempt (server-webapp.rules) * 1:53971 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Andariel outbound connection attempt (malware-cnc.rules) * 1:50459 <-> DISABLED <-> FILE-JAVA Oracle Java AtomicReferenceFieldUpdater remote code execution attempt (file-java.rules) * 1:17365 <-> DISABLED <-> FILE-OTHER Microsoft Windows Help Workshop CNT Help contents buffer overflow attempt (file-other.rules) * 1:50460 <-> DISABLED <-> FILE-JAVA Oracle Java AtomicReferenceFieldUpdater remote code execution attempt (file-java.rules) * 1:53347 <-> ENABLED <-> SERVER-WEBAPP Microsoft Exchange Control Panel remote code execution attempt (server-webapp.rules) * 1:53349 <-> ENABLED <-> SERVER-WEBAPP Microsoft Exchange Control Panel remote code execution attempt (server-webapp.rules) * 1:51724 <-> DISABLED <-> SERVER-OTHER Novell Remote Manager off-by-one denial of service attempt (server-other.rules) * 1:29215 <-> DISABLED <-> FILE-JAVA Oracle Java sun.awt.image.ImageRepresentation.setPixels integer overflow attempt (file-java.rules) * 1:34951 <-> DISABLED <-> SERVER-OTHER PHP DateTime object timezone type confusion attempt (server-other.rules) * 1:31200 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer summary node swap use after free attempt (browser-ie.rules) * 1:45907 <-> ENABLED <-> MALWARE-CNC Cobalt Strike DNS beacon outbound TXT record (malware-cnc.rules) * 1:29973 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bublik.Zusy runtime detection (malware-cnc.rules) * 1:31201 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer summary node swap use after free attempt (browser-ie.rules) * 1:49116 <-> DISABLED <-> FILE-JAVA Oracle Java JPEGImageWriter memory corruption attempt (file-java.rules) * 3:50117 <-> ENABLED <-> SERVER-WEBAPP Cisco IOS XE Web UI command injection attempt (server-webapp.rules) * 3:50037 <-> ENABLED <-> SERVER-WEBAPP Cisco Elastic Services Controller authentication bypass attempt (server-webapp.rules) * 3:50320 <-> ENABLED <-> SERVER-OTHER Cisco Unified Communications Manager denial of service attempt (server-other.rules) * 3:55833 <-> ENABLED <-> POLICY-OTHER Cisco IOS XE WebUI restricted character in authentication detected (policy-other.rules) * 3:49363 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0786 attack attempt (server-webapp.rules)
©2024 Cisco and/or its affiliates. Snort, the Snort and Pig logo are registered trademarks of Cisco. All rights reserved.
