Snort - Network Intrusion Detection & Prevention System

Talos Rules 2021-06-29

This release adds and modifies rules in several categories.

Talos has added and modified multiple rules in the browser-chrome, exploit-kit, malware-cnc and server-webapp rule sets to provide coverage for emerging threats from these technologies.

For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.

Change logs

29180

2021-06-29 13:54:30 UTC

Snort Subscriber Rules Update

Date: 2021-06-29

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091800.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:57835 <-> DISABLED <-> SERVER-WEBAPP Nagios XI command injection attempt (server-webapp.rules)
 * 1:57836 <-> DISABLED <-> SERVER-WEBAPP Nagios XI command injection attempt (server-webapp.rules)
 * 1:57837 <-> DISABLED <-> BROWSER-CHROME Google Chrome NewFixedDoubleArray memory corruption attempt (browser-chrome.rules)
 * 1:57838 <-> DISABLED <-> BROWSER-CHROME Google Chrome NewFixedDoubleArray memory corruption attempt (browser-chrome.rules)
 * 1:57839 <-> DISABLED <-> BROWSER-CHROME Google Chrome NewFixedDoubleArray memory corruption attempt (browser-chrome.rules)
 * 1:57840 <-> DISABLED <-> BROWSER-CHROME Google Chrome NewFixedDoubleArray memory corruption attempt (browser-chrome.rules)
 * 1:57841 <-> DISABLED <-> SERVER-WEBAPP Nagios Fusion command injection attempt (server-webapp.rules)
 * 1:57842 <-> ENABLED <-> MALWARE-CNC Win.Trojan.ActionRAT variant outbound connection (malware-cnc.rules)
 * 1:57843 <-> ENABLED <-> MALWARE-CNC Win.Trojan.ActionRAT variant outbound connection (malware-cnc.rules)
 * 1:57844 <-> ENABLED <-> MALWARE-CNC Win.Trojan.ActionRAT variant outbound connection (malware-cnc.rules)
 * 1:57845 <-> ENABLED <-> MALWARE-CNC Win.Trojan.ActionRAT variant outbound connection (malware-cnc.rules)
 * 1:57846 <-> ENABLED <-> MALWARE-CNC Win.Trojan.ActionRAT variant outbound connection (malware-cnc.rules)
 * 1:57847 <-> ENABLED <-> MALWARE-CNC Win.Trojan.CetaRAT variant outbound connection (malware-cnc.rules)
 * 1:57848 <-> ENABLED <-> MALWARE-CNC Win.Trojan.CetaRAT variant outbound connection (malware-cnc.rules)
 * 1:57849 <-> ENABLED <-> MALWARE-CNC Win.Trojan.CetaRAT variant outbound connection (malware-cnc.rules)
 * 1:57850 <-> DISABLED <-> MALWARE-OTHER Win.Backdoor.VictoryDll variant download attempt (malware-other.rules)
 * 1:57851 <-> DISABLED <-> MALWARE-OTHER Doc.Dropper.RoyalRoadRTF variant download attempt (malware-other.rules)
 * 1:57852 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.VictoryDll variant download attempt (malware-other.rules)
 * 1:57853 <-> DISABLED <-> MALWARE-OTHER Win.Backdoor.VictoryDll variant download attempt (malware-other.rules)
 * 1:57854 <-> DISABLED <-> MALWARE-OTHER Doc.Dropper.RoyalRoadRTF variant download attempt (malware-other.rules)
 * 1:57855 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.VictoryDll variant download attempt (malware-other.rules)
 * 1:57856 <-> ENABLED <-> SERVER-WEBAPP Cisco ASA cross site scripting attempt (server-webapp.rules)
 * 1:57857 <-> ENABLED <-> SERVER-WEBAPP Cisco ASA cross site scripting attempt (server-webapp.rules)
 * 1:57858 <-> ENABLED <-> MALWARE-CNC Win.Downloader.VictoryDll outbound connection attempt (malware-cnc.rules)
 * 1:57859 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.BazaCall variant phishing e-mail detected (malware-other.rules)
 * 1:57860 <-> DISABLED <-> SERVER-WEBAPP Trend Micro SafeSync for Enterprise command injection attempt (server-webapp.rules)
 * 1:57861 <-> DISABLED <-> SERVER-WEBAPP Trend Micro SafeSync for Enterprise command injection attempt (server-webapp.rules)
 * 1:57862 <-> DISABLED <-> SERVER-WEBAPP Trend Micro SafeSync for Enterprise command injection attempt (server-webapp.rules)
 * 1:57863 <-> DISABLED <-> SERVER-WEBAPP Trend Micro SafeSync for Enterprise command injection attempt (server-webapp.rules)
 * 1:57864 <-> ENABLED <-> MALWARE-CNC Netfilter rootkit outbound connection attempt (malware-cnc.rules)
 * 1:57865 <-> ENABLED <-> MALWARE-CNC Netfilter rootkit download attempt (malware-cnc.rules)
 * 1:57866 <-> ENABLED <-> MALWARE-CNC Netfilter rootkit outbound connection attempt (malware-cnc.rules)
 * 1:57867 <-> ENABLED <-> MALWARE-CNC Netfilter rootkit download attempt (malware-cnc.rules)
 * 1:57868 <-> ENABLED <-> MALWARE-CNC Netfilter rootkit outbound connection attempt (malware-cnc.rules)
 * 1:57869 <-> ENABLED <-> MALWARE-CNC Netfilter rootkit outbound connection attempt (malware-cnc.rules)
 * 1:57870 <-> ENABLED <-> MALWARE-CNC Netfilter rootkit outbound connection attempt (malware-cnc.rules)
 * 1:57871 <-> ENABLED <-> MALWARE-CNC Netfilter rootkit download attempt (malware-cnc.rules)

Modified Rules:


 * 1:26527 <-> DISABLED <-> EXPLOIT-KIT Unix.Backdoor.Cdorked possible blackhole request attempt (exploit-kit.rules)
 * 3:57783 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1324 attack attempt (server-webapp.rules)
 * 3:57784 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1324 attack attempt (server-webapp.rules)

29171

2021-06-29 13:54:30 UTC

Snort Subscriber Rules Update

Date: 2021-06-29

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091701.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:57866 <-> ENABLED <-> MALWARE-CNC Netfilter rootkit outbound connection attempt (malware-cnc.rules)
 * 1:57865 <-> ENABLED <-> MALWARE-CNC Netfilter rootkit download attempt (malware-cnc.rules)
 * 1:57867 <-> ENABLED <-> MALWARE-CNC Netfilter rootkit download attempt (malware-cnc.rules)
 * 1:57836 <-> DISABLED <-> SERVER-WEBAPP Nagios XI command injection attempt (server-webapp.rules)
 * 1:57838 <-> DISABLED <-> BROWSER-CHROME Google Chrome NewFixedDoubleArray memory corruption attempt (browser-chrome.rules)
 * 1:57839 <-> DISABLED <-> BROWSER-CHROME Google Chrome NewFixedDoubleArray memory corruption attempt (browser-chrome.rules)
 * 1:57840 <-> DISABLED <-> BROWSER-CHROME Google Chrome NewFixedDoubleArray memory corruption attempt (browser-chrome.rules)
 * 1:57841 <-> DISABLED <-> SERVER-WEBAPP Nagios Fusion command injection attempt (server-webapp.rules)
 * 1:57842 <-> ENABLED <-> MALWARE-CNC Win.Trojan.ActionRAT variant outbound connection (malware-cnc.rules)
 * 1:57843 <-> ENABLED <-> MALWARE-CNC Win.Trojan.ActionRAT variant outbound connection (malware-cnc.rules)
 * 1:57844 <-> ENABLED <-> MALWARE-CNC Win.Trojan.ActionRAT variant outbound connection (malware-cnc.rules)
 * 1:57845 <-> ENABLED <-> MALWARE-CNC Win.Trojan.ActionRAT variant outbound connection (malware-cnc.rules)
 * 1:57846 <-> ENABLED <-> MALWARE-CNC Win.Trojan.ActionRAT variant outbound connection (malware-cnc.rules)
 * 1:57847 <-> ENABLED <-> MALWARE-CNC Win.Trojan.CetaRAT variant outbound connection (malware-cnc.rules)
 * 1:57848 <-> ENABLED <-> MALWARE-CNC Win.Trojan.CetaRAT variant outbound connection (malware-cnc.rules)
 * 1:57849 <-> ENABLED <-> MALWARE-CNC Win.Trojan.CetaRAT variant outbound connection (malware-cnc.rules)
 * 1:57850 <-> DISABLED <-> MALWARE-OTHER Win.Backdoor.VictoryDll variant download attempt (malware-other.rules)
 * 1:57851 <-> DISABLED <-> MALWARE-OTHER Doc.Dropper.RoyalRoadRTF variant download attempt (malware-other.rules)
 * 1:57852 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.VictoryDll variant download attempt (malware-other.rules)
 * 1:57853 <-> DISABLED <-> MALWARE-OTHER Win.Backdoor.VictoryDll variant download attempt (malware-other.rules)
 * 1:57854 <-> DISABLED <-> MALWARE-OTHER Doc.Dropper.RoyalRoadRTF variant download attempt (malware-other.rules)
 * 1:57855 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.VictoryDll variant download attempt (malware-other.rules)
 * 1:57856 <-> ENABLED <-> SERVER-WEBAPP Cisco ASA cross site scripting attempt (server-webapp.rules)
 * 1:57857 <-> ENABLED <-> SERVER-WEBAPP Cisco ASA cross site scripting attempt (server-webapp.rules)
 * 1:57858 <-> ENABLED <-> MALWARE-CNC Win.Downloader.VictoryDll outbound connection attempt (malware-cnc.rules)
 * 1:57859 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.BazaCall variant phishing e-mail detected (malware-other.rules)
 * 1:57860 <-> DISABLED <-> SERVER-WEBAPP Trend Micro SafeSync for Enterprise command injection attempt (server-webapp.rules)
 * 1:57861 <-> DISABLED <-> SERVER-WEBAPP Trend Micro SafeSync for Enterprise command injection attempt (server-webapp.rules)
 * 1:57862 <-> DISABLED <-> SERVER-WEBAPP Trend Micro SafeSync for Enterprise command injection attempt (server-webapp.rules)
 * 1:57863 <-> DISABLED <-> SERVER-WEBAPP Trend Micro SafeSync for Enterprise command injection attempt (server-webapp.rules)
 * 1:57864 <-> ENABLED <-> MALWARE-CNC Netfilter rootkit outbound connection attempt (malware-cnc.rules)
 * 1:57835 <-> DISABLED <-> SERVER-WEBAPP Nagios XI command injection attempt (server-webapp.rules)
 * 1:57868 <-> ENABLED <-> MALWARE-CNC Netfilter rootkit outbound connection attempt (malware-cnc.rules)
 * 1:57869 <-> ENABLED <-> MALWARE-CNC Netfilter rootkit outbound connection attempt (malware-cnc.rules)
 * 1:57870 <-> ENABLED <-> MALWARE-CNC Netfilter rootkit outbound connection attempt (malware-cnc.rules)
 * 1:57871 <-> ENABLED <-> MALWARE-CNC Netfilter rootkit download attempt (malware-cnc.rules)
 * 1:57837 <-> DISABLED <-> BROWSER-CHROME Google Chrome NewFixedDoubleArray memory corruption attempt (browser-chrome.rules)

Modified Rules:


 * 1:26527 <-> DISABLED <-> EXPLOIT-KIT Unix.Backdoor.Cdorked possible blackhole request attempt (exploit-kit.rules)
 * 3:57783 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1324 attack attempt (server-webapp.rules)
 * 3:57784 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1324 attack attempt (server-webapp.rules)

29170

2021-06-29 13:54:30 UTC

Snort Subscriber Rules Update

Date: 2021-06-29

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091700.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:57859 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.BazaCall variant phishing e-mail detected (malware-other.rules)
 * 1:57860 <-> DISABLED <-> SERVER-WEBAPP Trend Micro SafeSync for Enterprise command injection attempt (server-webapp.rules)
 * 1:57870 <-> ENABLED <-> MALWARE-CNC Netfilter rootkit outbound connection attempt (malware-cnc.rules)
 * 1:57871 <-> ENABLED <-> MALWARE-CNC Netfilter rootkit download attempt (malware-cnc.rules)
 * 1:57861 <-> DISABLED <-> SERVER-WEBAPP Trend Micro SafeSync for Enterprise command injection attempt (server-webapp.rules)
 * 1:57865 <-> ENABLED <-> MALWARE-CNC Netfilter rootkit download attempt (malware-cnc.rules)
 * 1:57866 <-> ENABLED <-> MALWARE-CNC Netfilter rootkit outbound connection attempt (malware-cnc.rules)
 * 1:57867 <-> ENABLED <-> MALWARE-CNC Netfilter rootkit download attempt (malware-cnc.rules)
 * 1:57868 <-> ENABLED <-> MALWARE-CNC Netfilter rootkit outbound connection attempt (malware-cnc.rules)
 * 1:57869 <-> ENABLED <-> MALWARE-CNC Netfilter rootkit outbound connection attempt (malware-cnc.rules)
 * 1:57854 <-> DISABLED <-> MALWARE-OTHER Doc.Dropper.RoyalRoadRTF variant download attempt (malware-other.rules)
 * 1:57835 <-> DISABLED <-> SERVER-WEBAPP Nagios XI command injection attempt (server-webapp.rules)
 * 1:57836 <-> DISABLED <-> SERVER-WEBAPP Nagios XI command injection attempt (server-webapp.rules)
 * 1:57837 <-> DISABLED <-> BROWSER-CHROME Google Chrome NewFixedDoubleArray memory corruption attempt (browser-chrome.rules)
 * 1:57838 <-> DISABLED <-> BROWSER-CHROME Google Chrome NewFixedDoubleArray memory corruption attempt (browser-chrome.rules)
 * 1:57839 <-> DISABLED <-> BROWSER-CHROME Google Chrome NewFixedDoubleArray memory corruption attempt (browser-chrome.rules)
 * 1:57840 <-> DISABLED <-> BROWSER-CHROME Google Chrome NewFixedDoubleArray memory corruption attempt (browser-chrome.rules)
 * 1:57841 <-> DISABLED <-> SERVER-WEBAPP Nagios Fusion command injection attempt (server-webapp.rules)
 * 1:57842 <-> ENABLED <-> MALWARE-CNC Win.Trojan.ActionRAT variant outbound connection (malware-cnc.rules)
 * 1:57843 <-> ENABLED <-> MALWARE-CNC Win.Trojan.ActionRAT variant outbound connection (malware-cnc.rules)
 * 1:57844 <-> ENABLED <-> MALWARE-CNC Win.Trojan.ActionRAT variant outbound connection (malware-cnc.rules)
 * 1:57845 <-> ENABLED <-> MALWARE-CNC Win.Trojan.ActionRAT variant outbound connection (malware-cnc.rules)
 * 1:57846 <-> ENABLED <-> MALWARE-CNC Win.Trojan.ActionRAT variant outbound connection (malware-cnc.rules)
 * 1:57847 <-> ENABLED <-> MALWARE-CNC Win.Trojan.CetaRAT variant outbound connection (malware-cnc.rules)
 * 1:57848 <-> ENABLED <-> MALWARE-CNC Win.Trojan.CetaRAT variant outbound connection (malware-cnc.rules)
 * 1:57849 <-> ENABLED <-> MALWARE-CNC Win.Trojan.CetaRAT variant outbound connection (malware-cnc.rules)
 * 1:57850 <-> DISABLED <-> MALWARE-OTHER Win.Backdoor.VictoryDll variant download attempt (malware-other.rules)
 * 1:57851 <-> DISABLED <-> MALWARE-OTHER Doc.Dropper.RoyalRoadRTF variant download attempt (malware-other.rules)
 * 1:57852 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.VictoryDll variant download attempt (malware-other.rules)
 * 1:57855 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.VictoryDll variant download attempt (malware-other.rules)
 * 1:57856 <-> ENABLED <-> SERVER-WEBAPP Cisco ASA cross site scripting attempt (server-webapp.rules)
 * 1:57857 <-> ENABLED <-> SERVER-WEBAPP Cisco ASA cross site scripting attempt (server-webapp.rules)
 * 1:57858 <-> ENABLED <-> MALWARE-CNC Win.Downloader.VictoryDll outbound connection attempt (malware-cnc.rules)
 * 1:57863 <-> DISABLED <-> SERVER-WEBAPP Trend Micro SafeSync for Enterprise command injection attempt (server-webapp.rules)
 * 1:57864 <-> ENABLED <-> MALWARE-CNC Netfilter rootkit outbound connection attempt (malware-cnc.rules)
 * 1:57862 <-> DISABLED <-> SERVER-WEBAPP Trend Micro SafeSync for Enterprise command injection attempt (server-webapp.rules)
 * 1:57853 <-> DISABLED <-> MALWARE-OTHER Win.Backdoor.VictoryDll variant download attempt (malware-other.rules)

Modified Rules:


 * 1:26527 <-> DISABLED <-> EXPLOIT-KIT Unix.Backdoor.Cdorked possible blackhole request attempt (exploit-kit.rules)
 * 3:57783 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1324 attack attempt (server-webapp.rules)
 * 3:57784 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1324 attack attempt (server-webapp.rules)

29161

2021-06-29 13:54:30 UTC

Snort Subscriber Rules Update

Date: 2021-06-29

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091601.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:57859 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.BazaCall variant phishing e-mail detected (malware-other.rules)
 * 1:57860 <-> DISABLED <-> SERVER-WEBAPP Trend Micro SafeSync for Enterprise command injection attempt (server-webapp.rules)
 * 1:57863 <-> DISABLED <-> SERVER-WEBAPP Trend Micro SafeSync for Enterprise command injection attempt (server-webapp.rules)
 * 1:57864 <-> ENABLED <-> MALWARE-CNC Netfilter rootkit outbound connection attempt (malware-cnc.rules)
 * 1:57861 <-> DISABLED <-> SERVER-WEBAPP Trend Micro SafeSync for Enterprise command injection attempt (server-webapp.rules)
 * 1:57835 <-> DISABLED <-> SERVER-WEBAPP Nagios XI command injection attempt (server-webapp.rules)
 * 1:57867 <-> ENABLED <-> MALWARE-CNC Netfilter rootkit download attempt (malware-cnc.rules)
 * 1:57870 <-> ENABLED <-> MALWARE-CNC Netfilter rootkit outbound connection attempt (malware-cnc.rules)
 * 1:57868 <-> ENABLED <-> MALWARE-CNC Netfilter rootkit outbound connection attempt (malware-cnc.rules)
 * 1:57865 <-> ENABLED <-> MALWARE-CNC Netfilter rootkit download attempt (malware-cnc.rules)
 * 1:57866 <-> ENABLED <-> MALWARE-CNC Netfilter rootkit outbound connection attempt (malware-cnc.rules)
 * 1:57869 <-> ENABLED <-> MALWARE-CNC Netfilter rootkit outbound connection attempt (malware-cnc.rules)
 * 1:57862 <-> DISABLED <-> SERVER-WEBAPP Trend Micro SafeSync for Enterprise command injection attempt (server-webapp.rules)
 * 1:57871 <-> ENABLED <-> MALWARE-CNC Netfilter rootkit download attempt (malware-cnc.rules)
 * 1:57837 <-> DISABLED <-> BROWSER-CHROME Google Chrome NewFixedDoubleArray memory corruption attempt (browser-chrome.rules)
 * 1:57839 <-> DISABLED <-> BROWSER-CHROME Google Chrome NewFixedDoubleArray memory corruption attempt (browser-chrome.rules)
 * 1:57838 <-> DISABLED <-> BROWSER-CHROME Google Chrome NewFixedDoubleArray memory corruption attempt (browser-chrome.rules)
 * 1:57841 <-> DISABLED <-> SERVER-WEBAPP Nagios Fusion command injection attempt (server-webapp.rules)
 * 1:57840 <-> DISABLED <-> BROWSER-CHROME Google Chrome NewFixedDoubleArray memory corruption attempt (browser-chrome.rules)
 * 1:57843 <-> ENABLED <-> MALWARE-CNC Win.Trojan.ActionRAT variant outbound connection (malware-cnc.rules)
 * 1:57842 <-> ENABLED <-> MALWARE-CNC Win.Trojan.ActionRAT variant outbound connection (malware-cnc.rules)
 * 1:57845 <-> ENABLED <-> MALWARE-CNC Win.Trojan.ActionRAT variant outbound connection (malware-cnc.rules)
 * 1:57844 <-> ENABLED <-> MALWARE-CNC Win.Trojan.ActionRAT variant outbound connection (malware-cnc.rules)
 * 1:57847 <-> ENABLED <-> MALWARE-CNC Win.Trojan.CetaRAT variant outbound connection (malware-cnc.rules)
 * 1:57846 <-> ENABLED <-> MALWARE-CNC Win.Trojan.ActionRAT variant outbound connection (malware-cnc.rules)
 * 1:57849 <-> ENABLED <-> MALWARE-CNC Win.Trojan.CetaRAT variant outbound connection (malware-cnc.rules)
 * 1:57848 <-> ENABLED <-> MALWARE-CNC Win.Trojan.CetaRAT variant outbound connection (malware-cnc.rules)
 * 1:57851 <-> DISABLED <-> MALWARE-OTHER Doc.Dropper.RoyalRoadRTF variant download attempt (malware-other.rules)
 * 1:57850 <-> DISABLED <-> MALWARE-OTHER Win.Backdoor.VictoryDll variant download attempt (malware-other.rules)
 * 1:57852 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.VictoryDll variant download attempt (malware-other.rules)
 * 1:57854 <-> DISABLED <-> MALWARE-OTHER Doc.Dropper.RoyalRoadRTF variant download attempt (malware-other.rules)
 * 1:57853 <-> DISABLED <-> MALWARE-OTHER Win.Backdoor.VictoryDll variant download attempt (malware-other.rules)
 * 1:57836 <-> DISABLED <-> SERVER-WEBAPP Nagios XI command injection attempt (server-webapp.rules)
 * 1:57856 <-> ENABLED <-> SERVER-WEBAPP Cisco ASA cross site scripting attempt (server-webapp.rules)
 * 1:57855 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.VictoryDll variant download attempt (malware-other.rules)
 * 1:57858 <-> ENABLED <-> MALWARE-CNC Win.Downloader.VictoryDll outbound connection attempt (malware-cnc.rules)
 * 1:57857 <-> ENABLED <-> SERVER-WEBAPP Cisco ASA cross site scripting attempt (server-webapp.rules)

Modified Rules:


 * 1:26527 <-> DISABLED <-> EXPLOIT-KIT Unix.Backdoor.Cdorked possible blackhole request attempt (exploit-kit.rules)
 * 3:57783 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1324 attack attempt (server-webapp.rules)
 * 3:57784 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1324 attack attempt (server-webapp.rules)

29160

2021-06-29 13:54:30 UTC

Snort Subscriber Rules Update

Date: 2021-06-29

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091600.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:57864 <-> ENABLED <-> MALWARE-CNC Netfilter rootkit outbound connection attempt (malware-cnc.rules)
 * 1:57862 <-> DISABLED <-> SERVER-WEBAPP Trend Micro SafeSync for Enterprise command injection attempt (server-webapp.rules)
 * 1:57838 <-> DISABLED <-> BROWSER-CHROME Google Chrome NewFixedDoubleArray memory corruption attempt (browser-chrome.rules)
 * 1:57866 <-> ENABLED <-> MALWARE-CNC Netfilter rootkit outbound connection attempt (malware-cnc.rules)
 * 1:57867 <-> ENABLED <-> MALWARE-CNC Netfilter rootkit download attempt (malware-cnc.rules)
 * 1:57868 <-> ENABLED <-> MALWARE-CNC Netfilter rootkit outbound connection attempt (malware-cnc.rules)
 * 1:57869 <-> ENABLED <-> MALWARE-CNC Netfilter rootkit outbound connection attempt (malware-cnc.rules)
 * 1:57870 <-> ENABLED <-> MALWARE-CNC Netfilter rootkit outbound connection attempt (malware-cnc.rules)
 * 1:57871 <-> ENABLED <-> MALWARE-CNC Netfilter rootkit download attempt (malware-cnc.rules)
 * 1:57863 <-> DISABLED <-> SERVER-WEBAPP Trend Micro SafeSync for Enterprise command injection attempt (server-webapp.rules)
 * 1:57837 <-> DISABLED <-> BROWSER-CHROME Google Chrome NewFixedDoubleArray memory corruption attempt (browser-chrome.rules)
 * 1:57853 <-> DISABLED <-> MALWARE-OTHER Win.Backdoor.VictoryDll variant download attempt (malware-other.rules)
 * 1:57858 <-> ENABLED <-> MALWARE-CNC Win.Downloader.VictoryDll outbound connection attempt (malware-cnc.rules)
 * 1:57842 <-> ENABLED <-> MALWARE-CNC Win.Trojan.ActionRAT variant outbound connection (malware-cnc.rules)
 * 1:57844 <-> ENABLED <-> MALWARE-CNC Win.Trojan.ActionRAT variant outbound connection (malware-cnc.rules)
 * 1:57841 <-> DISABLED <-> SERVER-WEBAPP Nagios Fusion command injection attempt (server-webapp.rules)
 * 1:57846 <-> ENABLED <-> MALWARE-CNC Win.Trojan.ActionRAT variant outbound connection (malware-cnc.rules)
 * 1:57840 <-> DISABLED <-> BROWSER-CHROME Google Chrome NewFixedDoubleArray memory corruption attempt (browser-chrome.rules)
 * 1:57848 <-> ENABLED <-> MALWARE-CNC Win.Trojan.CetaRAT variant outbound connection (malware-cnc.rules)
 * 1:57845 <-> ENABLED <-> MALWARE-CNC Win.Trojan.ActionRAT variant outbound connection (malware-cnc.rules)
 * 1:57843 <-> ENABLED <-> MALWARE-CNC Win.Trojan.ActionRAT variant outbound connection (malware-cnc.rules)
 * 1:57850 <-> DISABLED <-> MALWARE-OTHER Win.Backdoor.VictoryDll variant download attempt (malware-other.rules)
 * 1:57849 <-> ENABLED <-> MALWARE-CNC Win.Trojan.CetaRAT variant outbound connection (malware-cnc.rules)
 * 1:57847 <-> ENABLED <-> MALWARE-CNC Win.Trojan.CetaRAT variant outbound connection (malware-cnc.rules)
 * 1:57852 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.VictoryDll variant download attempt (malware-other.rules)
 * 1:57854 <-> DISABLED <-> MALWARE-OTHER Doc.Dropper.RoyalRoadRTF variant download attempt (malware-other.rules)
 * 1:57851 <-> DISABLED <-> MALWARE-OTHER Doc.Dropper.RoyalRoadRTF variant download attempt (malware-other.rules)
 * 1:57865 <-> ENABLED <-> MALWARE-CNC Netfilter rootkit download attempt (malware-cnc.rules)
 * 1:57855 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.VictoryDll variant download attempt (malware-other.rules)
 * 1:57856 <-> ENABLED <-> SERVER-WEBAPP Cisco ASA cross site scripting attempt (server-webapp.rules)
 * 1:57857 <-> ENABLED <-> SERVER-WEBAPP Cisco ASA cross site scripting attempt (server-webapp.rules)
 * 1:57859 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.BazaCall variant phishing e-mail detected (malware-other.rules)
 * 1:57860 <-> DISABLED <-> SERVER-WEBAPP Trend Micro SafeSync for Enterprise command injection attempt (server-webapp.rules)
 * 1:57861 <-> DISABLED <-> SERVER-WEBAPP Trend Micro SafeSync for Enterprise command injection attempt (server-webapp.rules)
 * 1:57836 <-> DISABLED <-> SERVER-WEBAPP Nagios XI command injection attempt (server-webapp.rules)
 * 1:57835 <-> DISABLED <-> SERVER-WEBAPP Nagios XI command injection attempt (server-webapp.rules)
 * 1:57839 <-> DISABLED <-> BROWSER-CHROME Google Chrome NewFixedDoubleArray memory corruption attempt (browser-chrome.rules)

Modified Rules:


 * 1:26527 <-> DISABLED <-> EXPLOIT-KIT Unix.Backdoor.Cdorked possible blackhole request attempt (exploit-kit.rules)
 * 3:57783 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1324 attack attempt (server-webapp.rules)
 * 3:57784 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1324 attack attempt (server-webapp.rules)

29151

2021-06-29 13:54:30 UTC

Snort Subscriber Rules Update

Date: 2021-06-29

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091501.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:57853 <-> DISABLED <-> MALWARE-OTHER Win.Backdoor.VictoryDll variant download attempt (malware-other.rules)
 * 1:57863 <-> DISABLED <-> SERVER-WEBAPP Trend Micro SafeSync for Enterprise command injection attempt (server-webapp.rules)
 * 1:57835 <-> DISABLED <-> SERVER-WEBAPP Nagios XI command injection attempt (server-webapp.rules)
 * 1:57862 <-> DISABLED <-> SERVER-WEBAPP Trend Micro SafeSync for Enterprise command injection attempt (server-webapp.rules)
 * 1:57864 <-> ENABLED <-> MALWARE-CNC Netfilter rootkit outbound connection attempt (malware-cnc.rules)
 * 1:57867 <-> ENABLED <-> MALWARE-CNC Netfilter rootkit download attempt (malware-cnc.rules)
 * 1:57871 <-> ENABLED <-> MALWARE-CNC Netfilter rootkit download attempt (malware-cnc.rules)
 * 1:57865 <-> ENABLED <-> MALWARE-CNC Netfilter rootkit download attempt (malware-cnc.rules)
 * 1:57866 <-> ENABLED <-> MALWARE-CNC Netfilter rootkit outbound connection attempt (malware-cnc.rules)
 * 1:57870 <-> ENABLED <-> MALWARE-CNC Netfilter rootkit outbound connection attempt (malware-cnc.rules)
 * 1:57869 <-> ENABLED <-> MALWARE-CNC Netfilter rootkit outbound connection attempt (malware-cnc.rules)
 * 1:57861 <-> DISABLED <-> SERVER-WEBAPP Trend Micro SafeSync for Enterprise command injection attempt (server-webapp.rules)
 * 1:57860 <-> DISABLED <-> SERVER-WEBAPP Trend Micro SafeSync for Enterprise command injection attempt (server-webapp.rules)
 * 1:57843 <-> ENABLED <-> MALWARE-CNC Win.Trojan.ActionRAT variant outbound connection (malware-cnc.rules)
 * 1:57839 <-> DISABLED <-> BROWSER-CHROME Google Chrome NewFixedDoubleArray memory corruption attempt (browser-chrome.rules)
 * 1:57840 <-> DISABLED <-> BROWSER-CHROME Google Chrome NewFixedDoubleArray memory corruption attempt (browser-chrome.rules)
 * 1:57846 <-> ENABLED <-> MALWARE-CNC Win.Trojan.ActionRAT variant outbound connection (malware-cnc.rules)
 * 1:57842 <-> ENABLED <-> MALWARE-CNC Win.Trojan.ActionRAT variant outbound connection (malware-cnc.rules)
 * 1:57836 <-> DISABLED <-> SERVER-WEBAPP Nagios XI command injection attempt (server-webapp.rules)
 * 1:57844 <-> ENABLED <-> MALWARE-CNC Win.Trojan.ActionRAT variant outbound connection (malware-cnc.rules)
 * 1:57849 <-> ENABLED <-> MALWARE-CNC Win.Trojan.CetaRAT variant outbound connection (malware-cnc.rules)
 * 1:57847 <-> ENABLED <-> MALWARE-CNC Win.Trojan.CetaRAT variant outbound connection (malware-cnc.rules)
 * 1:57841 <-> DISABLED <-> SERVER-WEBAPP Nagios Fusion command injection attempt (server-webapp.rules)
 * 1:57852 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.VictoryDll variant download attempt (malware-other.rules)
 * 1:57850 <-> DISABLED <-> MALWARE-OTHER Win.Backdoor.VictoryDll variant download attempt (malware-other.rules)
 * 1:57845 <-> ENABLED <-> MALWARE-CNC Win.Trojan.ActionRAT variant outbound connection (malware-cnc.rules)
 * 1:57837 <-> DISABLED <-> BROWSER-CHROME Google Chrome NewFixedDoubleArray memory corruption attempt (browser-chrome.rules)
 * 1:57848 <-> ENABLED <-> MALWARE-CNC Win.Trojan.CetaRAT variant outbound connection (malware-cnc.rules)
 * 1:57851 <-> DISABLED <-> MALWARE-OTHER Doc.Dropper.RoyalRoadRTF variant download attempt (malware-other.rules)
 * 1:57856 <-> ENABLED <-> SERVER-WEBAPP Cisco ASA cross site scripting attempt (server-webapp.rules)
 * 1:57855 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.VictoryDll variant download attempt (malware-other.rules)
 * 1:57854 <-> DISABLED <-> MALWARE-OTHER Doc.Dropper.RoyalRoadRTF variant download attempt (malware-other.rules)
 * 1:57838 <-> DISABLED <-> BROWSER-CHROME Google Chrome NewFixedDoubleArray memory corruption attempt (browser-chrome.rules)
 * 1:57859 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.BazaCall variant phishing e-mail detected (malware-other.rules)
 * 1:57858 <-> ENABLED <-> MALWARE-CNC Win.Downloader.VictoryDll outbound connection attempt (malware-cnc.rules)
 * 1:57857 <-> ENABLED <-> SERVER-WEBAPP Cisco ASA cross site scripting attempt (server-webapp.rules)
 * 1:57868 <-> ENABLED <-> MALWARE-CNC Netfilter rootkit outbound connection attempt (malware-cnc.rules)

Modified Rules:


 * 1:26527 <-> DISABLED <-> EXPLOIT-KIT Unix.Backdoor.Cdorked possible blackhole request attempt (exploit-kit.rules)
 * 3:57783 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1324 attack attempt (server-webapp.rules)
 * 3:57784 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1324 attack attempt (server-webapp.rules)

29150

2021-06-29 13:54:30 UTC

Snort Subscriber Rules Update

Date: 2021-06-29

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091500.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:57837 <-> DISABLED <-> BROWSER-CHROME Google Chrome NewFixedDoubleArray memory corruption attempt (browser-chrome.rules)
 * 1:57867 <-> ENABLED <-> MALWARE-CNC Netfilter rootkit download attempt (malware-cnc.rules)
 * 1:57865 <-> ENABLED <-> MALWARE-CNC Netfilter rootkit download attempt (malware-cnc.rules)
 * 1:57835 <-> DISABLED <-> SERVER-WEBAPP Nagios XI command injection attempt (server-webapp.rules)
 * 1:57839 <-> DISABLED <-> BROWSER-CHROME Google Chrome NewFixedDoubleArray memory corruption attempt (browser-chrome.rules)
 * 1:57870 <-> ENABLED <-> MALWARE-CNC Netfilter rootkit outbound connection attempt (malware-cnc.rules)
 * 1:57868 <-> ENABLED <-> MALWARE-CNC Netfilter rootkit outbound connection attempt (malware-cnc.rules)
 * 1:57847 <-> ENABLED <-> MALWARE-CNC Win.Trojan.CetaRAT variant outbound connection (malware-cnc.rules)
 * 1:57861 <-> DISABLED <-> SERVER-WEBAPP Trend Micro SafeSync for Enterprise command injection attempt (server-webapp.rules)
 * 1:57843 <-> ENABLED <-> MALWARE-CNC Win.Trojan.ActionRAT variant outbound connection (malware-cnc.rules)
 * 1:57844 <-> ENABLED <-> MALWARE-CNC Win.Trojan.ActionRAT variant outbound connection (malware-cnc.rules)
 * 1:57846 <-> ENABLED <-> MALWARE-CNC Win.Trojan.ActionRAT variant outbound connection (malware-cnc.rules)
 * 1:57848 <-> ENABLED <-> MALWARE-CNC Win.Trojan.CetaRAT variant outbound connection (malware-cnc.rules)
 * 1:57842 <-> ENABLED <-> MALWARE-CNC Win.Trojan.ActionRAT variant outbound connection (malware-cnc.rules)
 * 1:57845 <-> ENABLED <-> MALWARE-CNC Win.Trojan.ActionRAT variant outbound connection (malware-cnc.rules)
 * 1:57850 <-> DISABLED <-> MALWARE-OTHER Win.Backdoor.VictoryDll variant download attempt (malware-other.rules)
 * 1:57856 <-> ENABLED <-> SERVER-WEBAPP Cisco ASA cross site scripting attempt (server-webapp.rules)
 * 1:57853 <-> DISABLED <-> MALWARE-OTHER Win.Backdoor.VictoryDll variant download attempt (malware-other.rules)
 * 1:57855 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.VictoryDll variant download attempt (malware-other.rules)
 * 1:57852 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.VictoryDll variant download attempt (malware-other.rules)
 * 1:57857 <-> ENABLED <-> SERVER-WEBAPP Cisco ASA cross site scripting attempt (server-webapp.rules)
 * 1:57860 <-> DISABLED <-> SERVER-WEBAPP Trend Micro SafeSync for Enterprise command injection attempt (server-webapp.rules)
 * 1:57851 <-> DISABLED <-> MALWARE-OTHER Doc.Dropper.RoyalRoadRTF variant download attempt (malware-other.rules)
 * 1:57858 <-> ENABLED <-> MALWARE-CNC Win.Downloader.VictoryDll outbound connection attempt (malware-cnc.rules)
 * 1:57859 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.BazaCall variant phishing e-mail detected (malware-other.rules)
 * 1:57854 <-> DISABLED <-> MALWARE-OTHER Doc.Dropper.RoyalRoadRTF variant download attempt (malware-other.rules)
 * 1:57862 <-> DISABLED <-> SERVER-WEBAPP Trend Micro SafeSync for Enterprise command injection attempt (server-webapp.rules)
 * 1:57863 <-> DISABLED <-> SERVER-WEBAPP Trend Micro SafeSync for Enterprise command injection attempt (server-webapp.rules)
 * 1:57849 <-> ENABLED <-> MALWARE-CNC Win.Trojan.CetaRAT variant outbound connection (malware-cnc.rules)
 * 1:57841 <-> DISABLED <-> SERVER-WEBAPP Nagios Fusion command injection attempt (server-webapp.rules)
 * 1:57836 <-> DISABLED <-> SERVER-WEBAPP Nagios XI command injection attempt (server-webapp.rules)
 * 1:57864 <-> ENABLED <-> MALWARE-CNC Netfilter rootkit outbound connection attempt (malware-cnc.rules)
 * 1:57871 <-> ENABLED <-> MALWARE-CNC Netfilter rootkit download attempt (malware-cnc.rules)
 * 1:57840 <-> DISABLED <-> BROWSER-CHROME Google Chrome NewFixedDoubleArray memory corruption attempt (browser-chrome.rules)
 * 1:57866 <-> ENABLED <-> MALWARE-CNC Netfilter rootkit outbound connection attempt (malware-cnc.rules)
 * 1:57838 <-> DISABLED <-> BROWSER-CHROME Google Chrome NewFixedDoubleArray memory corruption attempt (browser-chrome.rules)
 * 1:57869 <-> ENABLED <-> MALWARE-CNC Netfilter rootkit outbound connection attempt (malware-cnc.rules)

Modified Rules:


 * 1:26527 <-> DISABLED <-> EXPLOIT-KIT Unix.Backdoor.Cdorked possible blackhole request attempt (exploit-kit.rules)
 * 3:57783 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1324 attack attempt (server-webapp.rules)
 * 3:57784 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1324 attack attempt (server-webapp.rules)

29141

2021-06-29 13:54:30 UTC

Snort Subscriber Rules Update

Date: 2021-06-29

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091401.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:57860 <-> DISABLED <-> SERVER-WEBAPP Trend Micro SafeSync for Enterprise command injection attempt (server-webapp.rules)
 * 1:57862 <-> DISABLED <-> SERVER-WEBAPP Trend Micro SafeSync for Enterprise command injection attempt (server-webapp.rules)
 * 1:57864 <-> ENABLED <-> MALWARE-CNC Netfilter rootkit outbound connection attempt (malware-cnc.rules)
 * 1:57842 <-> ENABLED <-> MALWARE-CNC Win.Trojan.ActionRAT variant outbound connection (malware-cnc.rules)
 * 1:57867 <-> ENABLED <-> MALWARE-CNC Netfilter rootkit download attempt (malware-cnc.rules)
 * 1:57861 <-> DISABLED <-> SERVER-WEBAPP Trend Micro SafeSync for Enterprise command injection attempt (server-webapp.rules)
 * 1:57855 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.VictoryDll variant download attempt (malware-other.rules)
 * 1:57839 <-> DISABLED <-> BROWSER-CHROME Google Chrome NewFixedDoubleArray memory corruption attempt (browser-chrome.rules)
 * 1:57835 <-> DISABLED <-> SERVER-WEBAPP Nagios XI command injection attempt (server-webapp.rules)
 * 1:57840 <-> DISABLED <-> BROWSER-CHROME Google Chrome NewFixedDoubleArray memory corruption attempt (browser-chrome.rules)
 * 1:57837 <-> DISABLED <-> BROWSER-CHROME Google Chrome NewFixedDoubleArray memory corruption attempt (browser-chrome.rules)
 * 1:57854 <-> DISABLED <-> MALWARE-OTHER Doc.Dropper.RoyalRoadRTF variant download attempt (malware-other.rules)
 * 1:57841 <-> DISABLED <-> SERVER-WEBAPP Nagios Fusion command injection attempt (server-webapp.rules)
 * 1:57848 <-> ENABLED <-> MALWARE-CNC Win.Trojan.CetaRAT variant outbound connection (malware-cnc.rules)
 * 1:57843 <-> ENABLED <-> MALWARE-CNC Win.Trojan.ActionRAT variant outbound connection (malware-cnc.rules)
 * 1:57851 <-> DISABLED <-> MALWARE-OTHER Doc.Dropper.RoyalRoadRTF variant download attempt (malware-other.rules)
 * 1:57844 <-> ENABLED <-> MALWARE-CNC Win.Trojan.ActionRAT variant outbound connection (malware-cnc.rules)
 * 1:57859 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.BazaCall variant phishing e-mail detected (malware-other.rules)
 * 1:57846 <-> ENABLED <-> MALWARE-CNC Win.Trojan.ActionRAT variant outbound connection (malware-cnc.rules)
 * 1:57849 <-> ENABLED <-> MALWARE-CNC Win.Trojan.CetaRAT variant outbound connection (malware-cnc.rules)
 * 1:57850 <-> DISABLED <-> MALWARE-OTHER Win.Backdoor.VictoryDll variant download attempt (malware-other.rules)
 * 1:57836 <-> DISABLED <-> SERVER-WEBAPP Nagios XI command injection attempt (server-webapp.rules)
 * 1:57852 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.VictoryDll variant download attempt (malware-other.rules)
 * 1:57853 <-> DISABLED <-> MALWARE-OTHER Win.Backdoor.VictoryDll variant download attempt (malware-other.rules)
 * 1:57838 <-> DISABLED <-> BROWSER-CHROME Google Chrome NewFixedDoubleArray memory corruption attempt (browser-chrome.rules)
 * 1:57845 <-> ENABLED <-> MALWARE-CNC Win.Trojan.ActionRAT variant outbound connection (malware-cnc.rules)
 * 1:57870 <-> ENABLED <-> MALWARE-CNC Netfilter rootkit outbound connection attempt (malware-cnc.rules)
 * 1:57871 <-> ENABLED <-> MALWARE-CNC Netfilter rootkit download attempt (malware-cnc.rules)
 * 1:57847 <-> ENABLED <-> MALWARE-CNC Win.Trojan.CetaRAT variant outbound connection (malware-cnc.rules)
 * 1:57857 <-> ENABLED <-> SERVER-WEBAPP Cisco ASA cross site scripting attempt (server-webapp.rules)
 * 1:57865 <-> ENABLED <-> MALWARE-CNC Netfilter rootkit download attempt (malware-cnc.rules)
 * 1:57863 <-> DISABLED <-> SERVER-WEBAPP Trend Micro SafeSync for Enterprise command injection attempt (server-webapp.rules)
 * 1:57858 <-> ENABLED <-> MALWARE-CNC Win.Downloader.VictoryDll outbound connection attempt (malware-cnc.rules)
 * 1:57869 <-> ENABLED <-> MALWARE-CNC Netfilter rootkit outbound connection attempt (malware-cnc.rules)
 * 1:57868 <-> ENABLED <-> MALWARE-CNC Netfilter rootkit outbound connection attempt (malware-cnc.rules)
 * 1:57866 <-> ENABLED <-> MALWARE-CNC Netfilter rootkit outbound connection attempt (malware-cnc.rules)
 * 1:57856 <-> ENABLED <-> SERVER-WEBAPP Cisco ASA cross site scripting attempt (server-webapp.rules)

Modified Rules:


 * 1:26527 <-> DISABLED <-> EXPLOIT-KIT Unix.Backdoor.Cdorked possible blackhole request attempt (exploit-kit.rules)
 * 3:57783 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1324 attack attempt (server-webapp.rules)
 * 3:57784 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1324 attack attempt (server-webapp.rules)

29130

2021-06-29 13:54:30 UTC

Snort Subscriber Rules Update

Date: 2021-06-29

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091300.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:57844 <-> ENABLED <-> MALWARE-CNC Win.Trojan.ActionRAT variant outbound connection (malware-cnc.rules)
 * 1:57865 <-> ENABLED <-> MALWARE-CNC Netfilter rootkit download attempt (malware-cnc.rules)
 * 1:57862 <-> DISABLED <-> SERVER-WEBAPP Trend Micro SafeSync for Enterprise command injection attempt (server-webapp.rules)
 * 1:57854 <-> DISABLED <-> MALWARE-OTHER Doc.Dropper.RoyalRoadRTF variant download attempt (malware-other.rules)
 * 1:57860 <-> DISABLED <-> SERVER-WEBAPP Trend Micro SafeSync for Enterprise command injection attempt (server-webapp.rules)
 * 1:57859 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.BazaCall variant phishing e-mail detected (malware-other.rules)
 * 1:57853 <-> DISABLED <-> MALWARE-OTHER Win.Backdoor.VictoryDll variant download attempt (malware-other.rules)
 * 1:57839 <-> DISABLED <-> BROWSER-CHROME Google Chrome NewFixedDoubleArray memory corruption attempt (browser-chrome.rules)
 * 1:57857 <-> ENABLED <-> SERVER-WEBAPP Cisco ASA cross site scripting attempt (server-webapp.rules)
 * 1:57837 <-> DISABLED <-> BROWSER-CHROME Google Chrome NewFixedDoubleArray memory corruption attempt (browser-chrome.rules)
 * 1:57871 <-> ENABLED <-> MALWARE-CNC Netfilter rootkit download attempt (malware-cnc.rules)
 * 1:57868 <-> ENABLED <-> MALWARE-CNC Netfilter rootkit outbound connection attempt (malware-cnc.rules)
 * 1:57850 <-> DISABLED <-> MALWARE-OTHER Win.Backdoor.VictoryDll variant download attempt (malware-other.rules)
 * 1:57849 <-> ENABLED <-> MALWARE-CNC Win.Trojan.CetaRAT variant outbound connection (malware-cnc.rules)
 * 1:57867 <-> ENABLED <-> MALWARE-CNC Netfilter rootkit download attempt (malware-cnc.rules)
 * 1:57869 <-> ENABLED <-> MALWARE-CNC Netfilter rootkit outbound connection attempt (malware-cnc.rules)
 * 1:57856 <-> ENABLED <-> SERVER-WEBAPP Cisco ASA cross site scripting attempt (server-webapp.rules)
 * 1:57846 <-> ENABLED <-> MALWARE-CNC Win.Trojan.ActionRAT variant outbound connection (malware-cnc.rules)
 * 1:57870 <-> ENABLED <-> MALWARE-CNC Netfilter rootkit outbound connection attempt (malware-cnc.rules)
 * 1:57847 <-> ENABLED <-> MALWARE-CNC Win.Trojan.CetaRAT variant outbound connection (malware-cnc.rules)
 * 1:57861 <-> DISABLED <-> SERVER-WEBAPP Trend Micro SafeSync for Enterprise command injection attempt (server-webapp.rules)
 * 1:57863 <-> DISABLED <-> SERVER-WEBAPP Trend Micro SafeSync for Enterprise command injection attempt (server-webapp.rules)
 * 1:57866 <-> ENABLED <-> MALWARE-CNC Netfilter rootkit outbound connection attempt (malware-cnc.rules)
 * 1:57858 <-> ENABLED <-> MALWARE-CNC Win.Downloader.VictoryDll outbound connection attempt (malware-cnc.rules)
 * 1:57852 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.VictoryDll variant download attempt (malware-other.rules)
 * 1:57841 <-> DISABLED <-> SERVER-WEBAPP Nagios Fusion command injection attempt (server-webapp.rules)
 * 1:57836 <-> DISABLED <-> SERVER-WEBAPP Nagios XI command injection attempt (server-webapp.rules)
 * 1:57851 <-> DISABLED <-> MALWARE-OTHER Doc.Dropper.RoyalRoadRTF variant download attempt (malware-other.rules)
 * 1:57843 <-> ENABLED <-> MALWARE-CNC Win.Trojan.ActionRAT variant outbound connection (malware-cnc.rules)
 * 1:57845 <-> ENABLED <-> MALWARE-CNC Win.Trojan.ActionRAT variant outbound connection (malware-cnc.rules)
 * 1:57838 <-> DISABLED <-> BROWSER-CHROME Google Chrome NewFixedDoubleArray memory corruption attempt (browser-chrome.rules)
 * 1:57855 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.VictoryDll variant download attempt (malware-other.rules)
 * 1:57835 <-> DISABLED <-> SERVER-WEBAPP Nagios XI command injection attempt (server-webapp.rules)
 * 1:57840 <-> DISABLED <-> BROWSER-CHROME Google Chrome NewFixedDoubleArray memory corruption attempt (browser-chrome.rules)
 * 1:57848 <-> ENABLED <-> MALWARE-CNC Win.Trojan.CetaRAT variant outbound connection (malware-cnc.rules)
 * 1:57842 <-> ENABLED <-> MALWARE-CNC Win.Trojan.ActionRAT variant outbound connection (malware-cnc.rules)
 * 1:57864 <-> ENABLED <-> MALWARE-CNC Netfilter rootkit outbound connection attempt (malware-cnc.rules)

Modified Rules:


 * 1:26527 <-> DISABLED <-> EXPLOIT-KIT Unix.Backdoor.Cdorked possible blackhole request attempt (exploit-kit.rules)
 * 3:57784 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1324 attack attempt (server-webapp.rules)
 * 3:57783 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1324 attack attempt (server-webapp.rules)

29111

2021-06-29 13:54:30 UTC

Snort Subscriber Rules Update

Date: 2021-06-29

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091101.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:57865 <-> ENABLED <-> MALWARE-CNC Netfilter rootkit download attempt (malware-cnc.rules)
 * 1:57838 <-> DISABLED <-> BROWSER-CHROME Google Chrome NewFixedDoubleArray memory corruption attempt (browser-chrome.rules)
 * 1:57843 <-> ENABLED <-> MALWARE-CNC Win.Trojan.ActionRAT variant outbound connection (malware-cnc.rules)
 * 1:57837 <-> DISABLED <-> BROWSER-CHROME Google Chrome NewFixedDoubleArray memory corruption attempt (browser-chrome.rules)
 * 1:57840 <-> DISABLED <-> BROWSER-CHROME Google Chrome NewFixedDoubleArray memory corruption attempt (browser-chrome.rules)
 * 1:57849 <-> ENABLED <-> MALWARE-CNC Win.Trojan.CetaRAT variant outbound connection (malware-cnc.rules)
 * 1:57866 <-> ENABLED <-> MALWARE-CNC Netfilter rootkit outbound connection attempt (malware-cnc.rules)
 * 1:57844 <-> ENABLED <-> MALWARE-CNC Win.Trojan.ActionRAT variant outbound connection (malware-cnc.rules)
 * 1:57870 <-> ENABLED <-> MALWARE-CNC Netfilter rootkit outbound connection attempt (malware-cnc.rules)
 * 1:57839 <-> DISABLED <-> BROWSER-CHROME Google Chrome NewFixedDoubleArray memory corruption attempt (browser-chrome.rules)
 * 1:57855 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.VictoryDll variant download attempt (malware-other.rules)
 * 1:57836 <-> DISABLED <-> SERVER-WEBAPP Nagios XI command injection attempt (server-webapp.rules)
 * 1:57851 <-> DISABLED <-> MALWARE-OTHER Doc.Dropper.RoyalRoadRTF variant download attempt (malware-other.rules)
 * 1:57869 <-> ENABLED <-> MALWARE-CNC Netfilter rootkit outbound connection attempt (malware-cnc.rules)
 * 1:57861 <-> DISABLED <-> SERVER-WEBAPP Trend Micro SafeSync for Enterprise command injection attempt (server-webapp.rules)
 * 1:57850 <-> DISABLED <-> MALWARE-OTHER Win.Backdoor.VictoryDll variant download attempt (malware-other.rules)
 * 1:57857 <-> ENABLED <-> SERVER-WEBAPP Cisco ASA cross site scripting attempt (server-webapp.rules)
 * 1:57868 <-> ENABLED <-> MALWARE-CNC Netfilter rootkit outbound connection attempt (malware-cnc.rules)
 * 1:57848 <-> ENABLED <-> MALWARE-CNC Win.Trojan.CetaRAT variant outbound connection (malware-cnc.rules)
 * 1:57863 <-> DISABLED <-> SERVER-WEBAPP Trend Micro SafeSync for Enterprise command injection attempt (server-webapp.rules)
 * 1:57842 <-> ENABLED <-> MALWARE-CNC Win.Trojan.ActionRAT variant outbound connection (malware-cnc.rules)
 * 1:57856 <-> ENABLED <-> SERVER-WEBAPP Cisco ASA cross site scripting attempt (server-webapp.rules)
 * 1:57853 <-> DISABLED <-> MALWARE-OTHER Win.Backdoor.VictoryDll variant download attempt (malware-other.rules)
 * 1:57847 <-> ENABLED <-> MALWARE-CNC Win.Trojan.CetaRAT variant outbound connection (malware-cnc.rules)
 * 1:57859 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.BazaCall variant phishing e-mail detected (malware-other.rules)
 * 1:57860 <-> DISABLED <-> SERVER-WEBAPP Trend Micro SafeSync for Enterprise command injection attempt (server-webapp.rules)
 * 1:57845 <-> ENABLED <-> MALWARE-CNC Win.Trojan.ActionRAT variant outbound connection (malware-cnc.rules)
 * 1:57867 <-> ENABLED <-> MALWARE-CNC Netfilter rootkit download attempt (malware-cnc.rules)
 * 1:57864 <-> ENABLED <-> MALWARE-CNC Netfilter rootkit outbound connection attempt (malware-cnc.rules)
 * 1:57846 <-> ENABLED <-> MALWARE-CNC Win.Trojan.ActionRAT variant outbound connection (malware-cnc.rules)
 * 1:57841 <-> DISABLED <-> SERVER-WEBAPP Nagios Fusion command injection attempt (server-webapp.rules)
 * 1:57852 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.VictoryDll variant download attempt (malware-other.rules)
 * 1:57871 <-> ENABLED <-> MALWARE-CNC Netfilter rootkit download attempt (malware-cnc.rules)
 * 1:57835 <-> DISABLED <-> SERVER-WEBAPP Nagios XI command injection attempt (server-webapp.rules)
 * 1:57862 <-> DISABLED <-> SERVER-WEBAPP Trend Micro SafeSync for Enterprise command injection attempt (server-webapp.rules)
 * 1:57854 <-> DISABLED <-> MALWARE-OTHER Doc.Dropper.RoyalRoadRTF variant download attempt (malware-other.rules)
 * 1:57858 <-> ENABLED <-> MALWARE-CNC Win.Downloader.VictoryDll outbound connection attempt (malware-cnc.rules)

Modified Rules:


 * 1:26527 <-> DISABLED <-> EXPLOIT-KIT Unix.Backdoor.Cdorked possible blackhole request attempt (exploit-kit.rules)
 * 3:57783 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1324 attack attempt (server-webapp.rules)
 * 3:57784 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1324 attack attempt (server-webapp.rules)

3000

2021-06-29 13:54:30 UTC

Snort Subscriber Rules Update

Date: 2021-06-29

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3000.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:57865 <-> ENABLED <-> MALWARE-CNC Netfilter rootkit download attempt (snort3-malware-cnc.rules)
 * 1:57836 <-> DISABLED <-> SERVER-WEBAPP Nagios XI command injection attempt (snort3-server-webapp.rules)
 * 1:57837 <-> DISABLED <-> BROWSER-CHROME Google Chrome NewFixedDoubleArray memory corruption attempt (snort3-browser-chrome.rules)
 * 1:57871 <-> ENABLED <-> MALWARE-CNC Netfilter rootkit download attempt (snort3-malware-cnc.rules)
 * 1:57869 <-> ENABLED <-> MALWARE-CNC Netfilter rootkit outbound connection attempt (snort3-malware-cnc.rules)
 * 1:57870 <-> ENABLED <-> MALWARE-CNC Netfilter rootkit outbound connection attempt (snort3-malware-cnc.rules)
 * 1:57838 <-> DISABLED <-> BROWSER-CHROME Google Chrome NewFixedDoubleArray memory corruption attempt (snort3-browser-chrome.rules)
 * 1:57839 <-> DISABLED <-> BROWSER-CHROME Google Chrome NewFixedDoubleArray memory corruption attempt (snort3-browser-chrome.rules)
 * 1:57840 <-> DISABLED <-> BROWSER-CHROME Google Chrome NewFixedDoubleArray memory corruption attempt (snort3-browser-chrome.rules)
 * 1:57841 <-> DISABLED <-> SERVER-WEBAPP Nagios Fusion command injection attempt (snort3-server-webapp.rules)
 * 1:57842 <-> ENABLED <-> MALWARE-CNC Win.Trojan.ActionRAT variant outbound connection (snort3-malware-cnc.rules)
 * 1:57866 <-> ENABLED <-> MALWARE-CNC Netfilter rootkit outbound connection attempt (snort3-malware-cnc.rules)
 * 1:57843 <-> ENABLED <-> MALWARE-CNC Win.Trojan.ActionRAT variant outbound connection (snort3-malware-cnc.rules)
 * 1:57844 <-> ENABLED <-> MALWARE-CNC Win.Trojan.ActionRAT variant outbound connection (snort3-malware-cnc.rules)
 * 1:57845 <-> ENABLED <-> MALWARE-CNC Win.Trojan.ActionRAT variant outbound connection (snort3-malware-cnc.rules)
 * 1:57846 <-> ENABLED <-> MALWARE-CNC Win.Trojan.ActionRAT variant outbound connection (snort3-malware-cnc.rules)
 * 1:57847 <-> ENABLED <-> MALWARE-CNC Win.Trojan.CetaRAT variant outbound connection (snort3-malware-cnc.rules)
 * 1:57848 <-> ENABLED <-> MALWARE-CNC Win.Trojan.CetaRAT variant outbound connection (snort3-malware-cnc.rules)
 * 1:57849 <-> ENABLED <-> MALWARE-CNC Win.Trojan.CetaRAT variant outbound connection (snort3-malware-cnc.rules)
 * 1:57850 <-> DISABLED <-> MALWARE-OTHER Win.Backdoor.VictoryDll variant download attempt (snort3-malware-other.rules)
 * 1:57851 <-> DISABLED <-> MALWARE-OTHER Doc.Dropper.RoyalRoadRTF variant download attempt (snort3-malware-other.rules)
 * 1:57852 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.VictoryDll variant download attempt (snort3-malware-other.rules)
 * 1:57863 <-> DISABLED <-> SERVER-WEBAPP Trend Micro SafeSync for Enterprise command injection attempt (snort3-server-webapp.rules)
 * 1:57853 <-> DISABLED <-> MALWARE-OTHER Win.Backdoor.VictoryDll variant download attempt (snort3-malware-other.rules)
 * 1:57854 <-> DISABLED <-> MALWARE-OTHER Doc.Dropper.RoyalRoadRTF variant download attempt (snort3-malware-other.rules)
 * 1:57855 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.VictoryDll variant download attempt (snort3-malware-other.rules)
 * 1:57856 <-> ENABLED <-> SERVER-WEBAPP Cisco ASA cross site scripting attempt (snort3-server-webapp.rules)
 * 1:57857 <-> ENABLED <-> SERVER-WEBAPP Cisco ASA cross site scripting attempt (snort3-server-webapp.rules)
 * 1:57835 <-> DISABLED <-> SERVER-WEBAPP Nagios XI command injection attempt (snort3-server-webapp.rules)
 * 1:57858 <-> ENABLED <-> MALWARE-CNC Win.Downloader.VictoryDll outbound connection attempt (snort3-malware-cnc.rules)
 * 1:57859 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.BazaCall variant phishing e-mail detected (snort3-malware-other.rules)
 * 1:57868 <-> ENABLED <-> MALWARE-CNC Netfilter rootkit outbound connection attempt (snort3-malware-cnc.rules)
 * 1:57867 <-> ENABLED <-> MALWARE-CNC Netfilter rootkit download attempt (snort3-malware-cnc.rules)
 * 1:57860 <-> DISABLED <-> SERVER-WEBAPP Trend Micro SafeSync for Enterprise command injection attempt (snort3-server-webapp.rules)
 * 1:57861 <-> DISABLED <-> SERVER-WEBAPP Trend Micro SafeSync for Enterprise command injection attempt (snort3-server-webapp.rules)
 * 1:57862 <-> DISABLED <-> SERVER-WEBAPP Trend Micro SafeSync for Enterprise command injection attempt (snort3-server-webapp.rules)
 * 1:57864 <-> ENABLED <-> MALWARE-CNC Netfilter rootkit outbound connection attempt (snort3-malware-cnc.rules)

Modified Rules:


 * 1:26527 <-> DISABLED <-> EXPLOIT-KIT Unix.Backdoor.Cdorked possible blackhole request attempt (snort3-exploit-kit.rules)

2983

2021-06-29 13:54:30 UTC

Snort Subscriber Rules Update

Date: 2021-06-29

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:57864 <-> ENABLED <-> MALWARE-CNC Netfilter rootkit outbound connection attempt (malware-cnc.rules)
 * 1:57860 <-> DISABLED <-> SERVER-WEBAPP Trend Micro SafeSync for Enterprise command injection attempt (server-webapp.rules)
 * 1:57870 <-> ENABLED <-> MALWARE-CNC Netfilter rootkit outbound connection attempt (malware-cnc.rules)
 * 1:57863 <-> DISABLED <-> SERVER-WEBAPP Trend Micro SafeSync for Enterprise command injection attempt (server-webapp.rules)
 * 1:57858 <-> ENABLED <-> MALWARE-CNC Win.Downloader.VictoryDll outbound connection attempt (malware-cnc.rules)
 * 1:57857 <-> ENABLED <-> SERVER-WEBAPP Cisco ASA cross site scripting attempt (server-webapp.rules)
 * 1:57836 <-> DISABLED <-> SERVER-WEBAPP Nagios XI command injection attempt (server-webapp.rules)
 * 1:57844 <-> ENABLED <-> MALWARE-CNC Win.Trojan.ActionRAT variant outbound connection (malware-cnc.rules)
 * 1:57871 <-> ENABLED <-> MALWARE-CNC Netfilter rootkit download attempt (malware-cnc.rules)
 * 1:57843 <-> ENABLED <-> MALWARE-CNC Win.Trojan.ActionRAT variant outbound connection (malware-cnc.rules)
 * 1:57866 <-> ENABLED <-> MALWARE-CNC Netfilter rootkit outbound connection attempt (malware-cnc.rules)
 * 1:57861 <-> DISABLED <-> SERVER-WEBAPP Trend Micro SafeSync for Enterprise command injection attempt (server-webapp.rules)
 * 1:57838 <-> DISABLED <-> BROWSER-CHROME Google Chrome NewFixedDoubleArray memory corruption attempt (browser-chrome.rules)
 * 1:57859 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.BazaCall variant phishing e-mail detected (malware-other.rules)
 * 1:57839 <-> DISABLED <-> BROWSER-CHROME Google Chrome NewFixedDoubleArray memory corruption attempt (browser-chrome.rules)
 * 1:57868 <-> ENABLED <-> MALWARE-CNC Netfilter rootkit outbound connection attempt (malware-cnc.rules)
 * 1:57848 <-> ENABLED <-> MALWARE-CNC Win.Trojan.CetaRAT variant outbound connection (malware-cnc.rules)
 * 1:57847 <-> ENABLED <-> MALWARE-CNC Win.Trojan.CetaRAT variant outbound connection (malware-cnc.rules)
 * 1:57849 <-> ENABLED <-> MALWARE-CNC Win.Trojan.CetaRAT variant outbound connection (malware-cnc.rules)
 * 1:57855 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.VictoryDll variant download attempt (malware-other.rules)
 * 1:57852 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.VictoryDll variant download attempt (malware-other.rules)
 * 1:57867 <-> ENABLED <-> MALWARE-CNC Netfilter rootkit download attempt (malware-cnc.rules)
 * 1:57837 <-> DISABLED <-> BROWSER-CHROME Google Chrome NewFixedDoubleArray memory corruption attempt (browser-chrome.rules)
 * 1:57856 <-> ENABLED <-> SERVER-WEBAPP Cisco ASA cross site scripting attempt (server-webapp.rules)
 * 1:57841 <-> DISABLED <-> SERVER-WEBAPP Nagios Fusion command injection attempt (server-webapp.rules)
 * 1:57850 <-> DISABLED <-> MALWARE-OTHER Win.Backdoor.VictoryDll variant download attempt (malware-other.rules)
 * 1:57840 <-> DISABLED <-> BROWSER-CHROME Google Chrome NewFixedDoubleArray memory corruption attempt (browser-chrome.rules)
 * 1:57842 <-> ENABLED <-> MALWARE-CNC Win.Trojan.ActionRAT variant outbound connection (malware-cnc.rules)
 * 1:57846 <-> ENABLED <-> MALWARE-CNC Win.Trojan.ActionRAT variant outbound connection (malware-cnc.rules)
 * 1:57851 <-> DISABLED <-> MALWARE-OTHER Doc.Dropper.RoyalRoadRTF variant download attempt (malware-other.rules)
 * 1:57869 <-> ENABLED <-> MALWARE-CNC Netfilter rootkit outbound connection attempt (malware-cnc.rules)
 * 1:57854 <-> DISABLED <-> MALWARE-OTHER Doc.Dropper.RoyalRoadRTF variant download attempt (malware-other.rules)
 * 1:57853 <-> DISABLED <-> MALWARE-OTHER Win.Backdoor.VictoryDll variant download attempt (malware-other.rules)
 * 1:57835 <-> DISABLED <-> SERVER-WEBAPP Nagios XI command injection attempt (server-webapp.rules)
 * 1:57865 <-> ENABLED <-> MALWARE-CNC Netfilter rootkit download attempt (malware-cnc.rules)
 * 1:57845 <-> ENABLED <-> MALWARE-CNC Win.Trojan.ActionRAT variant outbound connection (malware-cnc.rules)
 * 1:57862 <-> DISABLED <-> SERVER-WEBAPP Trend Micro SafeSync for Enterprise command injection attempt (server-webapp.rules)

Modified Rules:


 * 1:26527 <-> DISABLED <-> EXPLOIT-KIT Unix.Backdoor.Cdorked possible blackhole request attempt (exploit-kit.rules)
 * 3:57783 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1324 attack attempt (server-webapp.rules)
 * 3:57784 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1324 attack attempt (server-webapp.rules)

3031

2021-06-29 13:56:18 UTC

Snort Subscriber Rules Update

Date: 2021-06-28-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.0.3.1.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:300039 <-> FILE-JAVA Oracle Java ImagingLib buffer overflow attempt
* 1:57835 <-> SERVER-WEBAPP Nagios XI command injection attempt
* 1:57836 <-> SERVER-WEBAPP Nagios XI command injection attempt
* 1:57837 <-> BROWSER-CHROME Google Chrome NewFixedDoubleArray memory corruption attempt
* 1:57838 <-> BROWSER-CHROME Google Chrome NewFixedDoubleArray memory corruption attempt
* 1:57839 <-> BROWSER-CHROME Google Chrome NewFixedDoubleArray memory corruption attempt
* 1:57840 <-> BROWSER-CHROME Google Chrome NewFixedDoubleArray memory corruption attempt
* 1:57841 <-> SERVER-WEBAPP Nagios Fusion command injection attempt
* 1:57842 <-> MALWARE-CNC Win.Trojan.ActionRAT variant outbound connection
* 1:57843 <-> MALWARE-CNC Win.Trojan.ActionRAT variant outbound connection
* 1:57844 <-> MALWARE-CNC Win.Trojan.ActionRAT variant outbound connection
* 1:57845 <-> MALWARE-CNC Win.Trojan.ActionRAT variant outbound connection
* 1:57846 <-> MALWARE-CNC Win.Trojan.ActionRAT variant outbound connection
* 1:57847 <-> MALWARE-CNC Win.Trojan.CetaRAT variant outbound connection
* 1:57848 <-> MALWARE-CNC Win.Trojan.CetaRAT variant outbound connection
* 1:57849 <-> MALWARE-CNC Win.Trojan.CetaRAT variant outbound connection
* 1:57850 <-> MALWARE-OTHER Win.Backdoor.VictoryDll variant download attempt
* 1:57851 <-> MALWARE-OTHER Doc.Dropper.RoyalRoadRTF variant download attempt
* 1:57852 <-> MALWARE-OTHER Win.Downloader.VictoryDll variant download attempt
* 1:57853 <-> MALWARE-OTHER Win.Backdoor.VictoryDll variant download attempt
* 1:57854 <-> MALWARE-OTHER Doc.Dropper.RoyalRoadRTF variant download attempt
* 1:57855 <-> MALWARE-OTHER Win.Downloader.VictoryDll variant download attempt
* 1:57856 <-> SERVER-WEBAPP Cisco ASA cross site scripting attempt
* 1:57857 <-> SERVER-WEBAPP Cisco ASA cross site scripting attempt
* 1:57858 <-> MALWARE-CNC Win.Downloader.VictoryDll outbound connection attempt
* 1:57859 <-> MALWARE-OTHER Win.Trojan.BazaCall variant phishing e-mail detected
* 1:57860 <-> SERVER-WEBAPP Trend Micro SafeSync for Enterprise command injection attempt
* 1:57861 <-> SERVER-WEBAPP Trend Micro SafeSync for Enterprise command injection attempt
* 1:57862 <-> SERVER-WEBAPP Trend Micro SafeSync for Enterprise command injection attempt
* 1:57863 <-> SERVER-WEBAPP Trend Micro SafeSync for Enterprise command injection attempt
* 1:57864 <-> MALWARE-CNC Netfilter rootkit outbound connection attempt
* 1:57865 <-> MALWARE-CNC Netfilter rootkit download attempt
* 1:57866 <-> MALWARE-CNC Netfilter rootkit outbound connection attempt
* 1:57867 <-> MALWARE-CNC Netfilter rootkit download attempt
* 1:57868 <-> MALWARE-CNC Netfilter rootkit outbound connection attempt
* 1:57869 <-> MALWARE-CNC Netfilter rootkit outbound connection attempt
* 1:57870 <-> MALWARE-CNC Netfilter rootkit outbound connection attempt
* 1:57871 <-> MALWARE-CNC Netfilter rootkit download attempt

Modified Rules:

* 1:26527 <-> EXPLOIT-KIT Unix.Backdoor.Cdorked possible blackhole request attempt

3034

2021-06-29 13:56:19 UTC

Snort Subscriber Rules Update

Date: 2021-06-28-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.0.3.4.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:300039 <-> FILE-JAVA Oracle Java ImagingLib buffer overflow attempt
* 1:57835 <-> SERVER-WEBAPP Nagios XI command injection attempt
* 1:57836 <-> SERVER-WEBAPP Nagios XI command injection attempt
* 1:57837 <-> BROWSER-CHROME Google Chrome NewFixedDoubleArray memory corruption attempt
* 1:57838 <-> BROWSER-CHROME Google Chrome NewFixedDoubleArray memory corruption attempt
* 1:57839 <-> BROWSER-CHROME Google Chrome NewFixedDoubleArray memory corruption attempt
* 1:57840 <-> BROWSER-CHROME Google Chrome NewFixedDoubleArray memory corruption attempt
* 1:57841 <-> SERVER-WEBAPP Nagios Fusion command injection attempt
* 1:57842 <-> MALWARE-CNC Win.Trojan.ActionRAT variant outbound connection
* 1:57843 <-> MALWARE-CNC Win.Trojan.ActionRAT variant outbound connection
* 1:57844 <-> MALWARE-CNC Win.Trojan.ActionRAT variant outbound connection
* 1:57845 <-> MALWARE-CNC Win.Trojan.ActionRAT variant outbound connection
* 1:57846 <-> MALWARE-CNC Win.Trojan.ActionRAT variant outbound connection
* 1:57847 <-> MALWARE-CNC Win.Trojan.CetaRAT variant outbound connection
* 1:57848 <-> MALWARE-CNC Win.Trojan.CetaRAT variant outbound connection
* 1:57849 <-> MALWARE-CNC Win.Trojan.CetaRAT variant outbound connection
* 1:57850 <-> MALWARE-OTHER Win.Backdoor.VictoryDll variant download attempt
* 1:57851 <-> MALWARE-OTHER Doc.Dropper.RoyalRoadRTF variant download attempt
* 1:57852 <-> MALWARE-OTHER Win.Downloader.VictoryDll variant download attempt
* 1:57853 <-> MALWARE-OTHER Win.Backdoor.VictoryDll variant download attempt
* 1:57854 <-> MALWARE-OTHER Doc.Dropper.RoyalRoadRTF variant download attempt
* 1:57855 <-> MALWARE-OTHER Win.Downloader.VictoryDll variant download attempt
* 1:57856 <-> SERVER-WEBAPP Cisco ASA cross site scripting attempt
* 1:57857 <-> SERVER-WEBAPP Cisco ASA cross site scripting attempt
* 1:57858 <-> MALWARE-CNC Win.Downloader.VictoryDll outbound connection attempt
* 1:57859 <-> MALWARE-OTHER Win.Trojan.BazaCall variant phishing e-mail detected
* 1:57860 <-> SERVER-WEBAPP Trend Micro SafeSync for Enterprise command injection attempt
* 1:57861 <-> SERVER-WEBAPP Trend Micro SafeSync for Enterprise command injection attempt
* 1:57862 <-> SERVER-WEBAPP Trend Micro SafeSync for Enterprise command injection attempt
* 1:57863 <-> SERVER-WEBAPP Trend Micro SafeSync for Enterprise command injection attempt
* 1:57864 <-> MALWARE-CNC Netfilter rootkit outbound connection attempt
* 1:57865 <-> MALWARE-CNC Netfilter rootkit download attempt
* 1:57866 <-> MALWARE-CNC Netfilter rootkit outbound connection attempt
* 1:57867 <-> MALWARE-CNC Netfilter rootkit download attempt
* 1:57868 <-> MALWARE-CNC Netfilter rootkit outbound connection attempt
* 1:57869 <-> MALWARE-CNC Netfilter rootkit outbound connection attempt
* 1:57870 <-> MALWARE-CNC Netfilter rootkit outbound connection attempt
* 1:57871 <-> MALWARE-CNC Netfilter rootkit download attempt

Modified Rules:

* 1:26527 <-> EXPLOIT-KIT Unix.Backdoor.Cdorked possible blackhole request attempt

3100

2021-06-29 13:56:19 UTC

Snort Subscriber Rules Update

Date: 2021-06-28-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.0.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:300039 <-> FILE-JAVA Oracle Java ImagingLib buffer overflow attempt
* 1:57835 <-> SERVER-WEBAPP Nagios XI command injection attempt
* 1:57836 <-> SERVER-WEBAPP Nagios XI command injection attempt
* 1:57837 <-> BROWSER-CHROME Google Chrome NewFixedDoubleArray memory corruption attempt
* 1:57838 <-> BROWSER-CHROME Google Chrome NewFixedDoubleArray memory corruption attempt
* 1:57839 <-> BROWSER-CHROME Google Chrome NewFixedDoubleArray memory corruption attempt
* 1:57840 <-> BROWSER-CHROME Google Chrome NewFixedDoubleArray memory corruption attempt
* 1:57841 <-> SERVER-WEBAPP Nagios Fusion command injection attempt
* 1:57842 <-> MALWARE-CNC Win.Trojan.ActionRAT variant outbound connection
* 1:57843 <-> MALWARE-CNC Win.Trojan.ActionRAT variant outbound connection
* 1:57844 <-> MALWARE-CNC Win.Trojan.ActionRAT variant outbound connection
* 1:57845 <-> MALWARE-CNC Win.Trojan.ActionRAT variant outbound connection
* 1:57846 <-> MALWARE-CNC Win.Trojan.ActionRAT variant outbound connection
* 1:57847 <-> MALWARE-CNC Win.Trojan.CetaRAT variant outbound connection
* 1:57848 <-> MALWARE-CNC Win.Trojan.CetaRAT variant outbound connection
* 1:57849 <-> MALWARE-CNC Win.Trojan.CetaRAT variant outbound connection
* 1:57850 <-> MALWARE-OTHER Win.Backdoor.VictoryDll variant download attempt
* 1:57851 <-> MALWARE-OTHER Doc.Dropper.RoyalRoadRTF variant download attempt
* 1:57852 <-> MALWARE-OTHER Win.Downloader.VictoryDll variant download attempt
* 1:57853 <-> MALWARE-OTHER Win.Backdoor.VictoryDll variant download attempt
* 1:57854 <-> MALWARE-OTHER Doc.Dropper.RoyalRoadRTF variant download attempt
* 1:57855 <-> MALWARE-OTHER Win.Downloader.VictoryDll variant download attempt
* 1:57856 <-> SERVER-WEBAPP Cisco ASA cross site scripting attempt
* 1:57857 <-> SERVER-WEBAPP Cisco ASA cross site scripting attempt
* 1:57858 <-> MALWARE-CNC Win.Downloader.VictoryDll outbound connection attempt
* 1:57859 <-> MALWARE-OTHER Win.Trojan.BazaCall variant phishing e-mail detected
* 1:57860 <-> SERVER-WEBAPP Trend Micro SafeSync for Enterprise command injection attempt
* 1:57861 <-> SERVER-WEBAPP Trend Micro SafeSync for Enterprise command injection attempt
* 1:57862 <-> SERVER-WEBAPP Trend Micro SafeSync for Enterprise command injection attempt
* 1:57863 <-> SERVER-WEBAPP Trend Micro SafeSync for Enterprise command injection attempt
* 1:57864 <-> MALWARE-CNC Netfilter rootkit outbound connection attempt
* 1:57865 <-> MALWARE-CNC Netfilter rootkit download attempt
* 1:57866 <-> MALWARE-CNC Netfilter rootkit outbound connection attempt
* 1:57867 <-> MALWARE-CNC Netfilter rootkit download attempt
* 1:57868 <-> MALWARE-CNC Netfilter rootkit outbound connection attempt
* 1:57869 <-> MALWARE-CNC Netfilter rootkit outbound connection attempt
* 1:57870 <-> MALWARE-CNC Netfilter rootkit outbound connection attempt
* 1:57871 <-> MALWARE-CNC Netfilter rootkit download attempt

Modified Rules:

* 1:26527 <-> EXPLOIT-KIT Unix.Backdoor.Cdorked possible blackhole request attempt

3101

2021-06-29 13:56:19 UTC

Snort Subscriber Rules Update

Date: 2021-06-28-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.0.1.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:300039 <-> FILE-JAVA Oracle Java ImagingLib buffer overflow attempt
* 1:57835 <-> SERVER-WEBAPP Nagios XI command injection attempt
* 1:57836 <-> SERVER-WEBAPP Nagios XI command injection attempt
* 1:57837 <-> BROWSER-CHROME Google Chrome NewFixedDoubleArray memory corruption attempt
* 1:57838 <-> BROWSER-CHROME Google Chrome NewFixedDoubleArray memory corruption attempt
* 1:57839 <-> BROWSER-CHROME Google Chrome NewFixedDoubleArray memory corruption attempt
* 1:57840 <-> BROWSER-CHROME Google Chrome NewFixedDoubleArray memory corruption attempt
* 1:57841 <-> SERVER-WEBAPP Nagios Fusion command injection attempt
* 1:57842 <-> MALWARE-CNC Win.Trojan.ActionRAT variant outbound connection
* 1:57843 <-> MALWARE-CNC Win.Trojan.ActionRAT variant outbound connection
* 1:57844 <-> MALWARE-CNC Win.Trojan.ActionRAT variant outbound connection
* 1:57845 <-> MALWARE-CNC Win.Trojan.ActionRAT variant outbound connection
* 1:57846 <-> MALWARE-CNC Win.Trojan.ActionRAT variant outbound connection
* 1:57847 <-> MALWARE-CNC Win.Trojan.CetaRAT variant outbound connection
* 1:57848 <-> MALWARE-CNC Win.Trojan.CetaRAT variant outbound connection
* 1:57849 <-> MALWARE-CNC Win.Trojan.CetaRAT variant outbound connection
* 1:57850 <-> MALWARE-OTHER Win.Backdoor.VictoryDll variant download attempt
* 1:57851 <-> MALWARE-OTHER Doc.Dropper.RoyalRoadRTF variant download attempt
* 1:57852 <-> MALWARE-OTHER Win.Downloader.VictoryDll variant download attempt
* 1:57853 <-> MALWARE-OTHER Win.Backdoor.VictoryDll variant download attempt
* 1:57854 <-> MALWARE-OTHER Doc.Dropper.RoyalRoadRTF variant download attempt
* 1:57855 <-> MALWARE-OTHER Win.Downloader.VictoryDll variant download attempt
* 1:57856 <-> SERVER-WEBAPP Cisco ASA cross site scripting attempt
* 1:57857 <-> SERVER-WEBAPP Cisco ASA cross site scripting attempt
* 1:57858 <-> MALWARE-CNC Win.Downloader.VictoryDll outbound connection attempt
* 1:57859 <-> MALWARE-OTHER Win.Trojan.BazaCall variant phishing e-mail detected
* 1:57860 <-> SERVER-WEBAPP Trend Micro SafeSync for Enterprise command injection attempt
* 1:57861 <-> SERVER-WEBAPP Trend Micro SafeSync for Enterprise command injection attempt
* 1:57862 <-> SERVER-WEBAPP Trend Micro SafeSync for Enterprise command injection attempt
* 1:57863 <-> SERVER-WEBAPP Trend Micro SafeSync for Enterprise command injection attempt
* 1:57864 <-> MALWARE-CNC Netfilter rootkit outbound connection attempt
* 1:57865 <-> MALWARE-CNC Netfilter rootkit download attempt
* 1:57866 <-> MALWARE-CNC Netfilter rootkit outbound connection attempt
* 1:57867 <-> MALWARE-CNC Netfilter rootkit download attempt
* 1:57868 <-> MALWARE-CNC Netfilter rootkit outbound connection attempt
* 1:57869 <-> MALWARE-CNC Netfilter rootkit outbound connection attempt
* 1:57870 <-> MALWARE-CNC Netfilter rootkit outbound connection attempt
* 1:57871 <-> MALWARE-CNC Netfilter rootkit download attempt

Modified Rules:

* 1:26527 <-> EXPLOIT-KIT Unix.Backdoor.Cdorked possible blackhole request attempt

3110

2021-06-29 13:56:19 UTC

Snort Subscriber Rules Update

Date: 2021-06-28-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.1.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:300039 <-> FILE-JAVA Oracle Java ImagingLib buffer overflow attempt
* 1:57835 <-> SERVER-WEBAPP Nagios XI command injection attempt
* 1:57836 <-> SERVER-WEBAPP Nagios XI command injection attempt
* 1:57837 <-> BROWSER-CHROME Google Chrome NewFixedDoubleArray memory corruption attempt
* 1:57838 <-> BROWSER-CHROME Google Chrome NewFixedDoubleArray memory corruption attempt
* 1:57839 <-> BROWSER-CHROME Google Chrome NewFixedDoubleArray memory corruption attempt
* 1:57840 <-> BROWSER-CHROME Google Chrome NewFixedDoubleArray memory corruption attempt
* 1:57841 <-> SERVER-WEBAPP Nagios Fusion command injection attempt
* 1:57842 <-> MALWARE-CNC Win.Trojan.ActionRAT variant outbound connection
* 1:57843 <-> MALWARE-CNC Win.Trojan.ActionRAT variant outbound connection
* 1:57844 <-> MALWARE-CNC Win.Trojan.ActionRAT variant outbound connection
* 1:57845 <-> MALWARE-CNC Win.Trojan.ActionRAT variant outbound connection
* 1:57846 <-> MALWARE-CNC Win.Trojan.ActionRAT variant outbound connection
* 1:57847 <-> MALWARE-CNC Win.Trojan.CetaRAT variant outbound connection
* 1:57848 <-> MALWARE-CNC Win.Trojan.CetaRAT variant outbound connection
* 1:57849 <-> MALWARE-CNC Win.Trojan.CetaRAT variant outbound connection
* 1:57850 <-> MALWARE-OTHER Win.Backdoor.VictoryDll variant download attempt
* 1:57851 <-> MALWARE-OTHER Doc.Dropper.RoyalRoadRTF variant download attempt
* 1:57852 <-> MALWARE-OTHER Win.Downloader.VictoryDll variant download attempt
* 1:57853 <-> MALWARE-OTHER Win.Backdoor.VictoryDll variant download attempt
* 1:57854 <-> MALWARE-OTHER Doc.Dropper.RoyalRoadRTF variant download attempt
* 1:57855 <-> MALWARE-OTHER Win.Downloader.VictoryDll variant download attempt
* 1:57856 <-> SERVER-WEBAPP Cisco ASA cross site scripting attempt
* 1:57857 <-> SERVER-WEBAPP Cisco ASA cross site scripting attempt
* 1:57858 <-> MALWARE-CNC Win.Downloader.VictoryDll outbound connection attempt
* 1:57859 <-> MALWARE-OTHER Win.Trojan.BazaCall variant phishing e-mail detected
* 1:57860 <-> SERVER-WEBAPP Trend Micro SafeSync for Enterprise command injection attempt
* 1:57861 <-> SERVER-WEBAPP Trend Micro SafeSync for Enterprise command injection attempt
* 1:57862 <-> SERVER-WEBAPP Trend Micro SafeSync for Enterprise command injection attempt
* 1:57863 <-> SERVER-WEBAPP Trend Micro SafeSync for Enterprise command injection attempt
* 1:57864 <-> MALWARE-CNC Netfilter rootkit outbound connection attempt
* 1:57865 <-> MALWARE-CNC Netfilter rootkit download attempt
* 1:57866 <-> MALWARE-CNC Netfilter rootkit outbound connection attempt
* 1:57867 <-> MALWARE-CNC Netfilter rootkit download attempt
* 1:57868 <-> MALWARE-CNC Netfilter rootkit outbound connection attempt
* 1:57869 <-> MALWARE-CNC Netfilter rootkit outbound connection attempt
* 1:57870 <-> MALWARE-CNC Netfilter rootkit outbound connection attempt
* 1:57871 <-> MALWARE-CNC Netfilter rootkit download attempt

Modified Rules:

* 1:26527 <-> EXPLOIT-KIT Unix.Backdoor.Cdorked possible blackhole request attempt

3130

2021-06-29 13:56:19 UTC

Snort Subscriber Rules Update

Date: 2021-06-28-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.3.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:300039 <-> FILE-JAVA Oracle Java ImagingLib buffer overflow attempt
* 1:57835 <-> SERVER-WEBAPP Nagios XI command injection attempt
* 1:57836 <-> SERVER-WEBAPP Nagios XI command injection attempt
* 1:57837 <-> BROWSER-CHROME Google Chrome NewFixedDoubleArray memory corruption attempt
* 1:57838 <-> BROWSER-CHROME Google Chrome NewFixedDoubleArray memory corruption attempt
* 1:57839 <-> BROWSER-CHROME Google Chrome NewFixedDoubleArray memory corruption attempt
* 1:57840 <-> BROWSER-CHROME Google Chrome NewFixedDoubleArray memory corruption attempt
* 1:57841 <-> SERVER-WEBAPP Nagios Fusion command injection attempt
* 1:57842 <-> MALWARE-CNC Win.Trojan.ActionRAT variant outbound connection
* 1:57843 <-> MALWARE-CNC Win.Trojan.ActionRAT variant outbound connection
* 1:57844 <-> MALWARE-CNC Win.Trojan.ActionRAT variant outbound connection
* 1:57845 <-> MALWARE-CNC Win.Trojan.ActionRAT variant outbound connection
* 1:57846 <-> MALWARE-CNC Win.Trojan.ActionRAT variant outbound connection
* 1:57847 <-> MALWARE-CNC Win.Trojan.CetaRAT variant outbound connection
* 1:57848 <-> MALWARE-CNC Win.Trojan.CetaRAT variant outbound connection
* 1:57849 <-> MALWARE-CNC Win.Trojan.CetaRAT variant outbound connection
* 1:57850 <-> MALWARE-OTHER Win.Backdoor.VictoryDll variant download attempt
* 1:57851 <-> MALWARE-OTHER Doc.Dropper.RoyalRoadRTF variant download attempt
* 1:57852 <-> MALWARE-OTHER Win.Downloader.VictoryDll variant download attempt
* 1:57853 <-> MALWARE-OTHER Win.Backdoor.VictoryDll variant download attempt
* 1:57854 <-> MALWARE-OTHER Doc.Dropper.RoyalRoadRTF variant download attempt
* 1:57855 <-> MALWARE-OTHER Win.Downloader.VictoryDll variant download attempt
* 1:57856 <-> SERVER-WEBAPP Cisco ASA cross site scripting attempt
* 1:57857 <-> SERVER-WEBAPP Cisco ASA cross site scripting attempt
* 1:57858 <-> MALWARE-CNC Win.Downloader.VictoryDll outbound connection attempt
* 1:57859 <-> MALWARE-OTHER Win.Trojan.BazaCall variant phishing e-mail detected
* 1:57860 <-> SERVER-WEBAPP Trend Micro SafeSync for Enterprise command injection attempt
* 1:57861 <-> SERVER-WEBAPP Trend Micro SafeSync for Enterprise command injection attempt
* 1:57862 <-> SERVER-WEBAPP Trend Micro SafeSync for Enterprise command injection attempt
* 1:57863 <-> SERVER-WEBAPP Trend Micro SafeSync for Enterprise command injection attempt
* 1:57864 <-> MALWARE-CNC Netfilter rootkit outbound connection attempt
* 1:57865 <-> MALWARE-CNC Netfilter rootkit download attempt
* 1:57866 <-> MALWARE-CNC Netfilter rootkit outbound connection attempt
* 1:57867 <-> MALWARE-CNC Netfilter rootkit download attempt
* 1:57868 <-> MALWARE-CNC Netfilter rootkit outbound connection attempt
* 1:57869 <-> MALWARE-CNC Netfilter rootkit outbound connection attempt
* 1:57870 <-> MALWARE-CNC Netfilter rootkit outbound connection attempt
* 1:57871 <-> MALWARE-CNC Netfilter rootkit download attempt

Modified Rules:

* 1:26527 <-> EXPLOIT-KIT Unix.Backdoor.Cdorked possible blackhole request attempt

3140

2021-06-29 13:56:19 UTC

Snort Subscriber Rules Update

Date: 2021-06-28-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.4.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:300039 <-> FILE-JAVA Oracle Java ImagingLib buffer overflow attempt
* 1:57835 <-> SERVER-WEBAPP Nagios XI command injection attempt
* 1:57836 <-> SERVER-WEBAPP Nagios XI command injection attempt
* 1:57837 <-> BROWSER-CHROME Google Chrome NewFixedDoubleArray memory corruption attempt
* 1:57838 <-> BROWSER-CHROME Google Chrome NewFixedDoubleArray memory corruption attempt
* 1:57839 <-> BROWSER-CHROME Google Chrome NewFixedDoubleArray memory corruption attempt
* 1:57840 <-> BROWSER-CHROME Google Chrome NewFixedDoubleArray memory corruption attempt
* 1:57841 <-> SERVER-WEBAPP Nagios Fusion command injection attempt
* 1:57842 <-> MALWARE-CNC Win.Trojan.ActionRAT variant outbound connection
* 1:57843 <-> MALWARE-CNC Win.Trojan.ActionRAT variant outbound connection
* 1:57844 <-> MALWARE-CNC Win.Trojan.ActionRAT variant outbound connection
* 1:57845 <-> MALWARE-CNC Win.Trojan.ActionRAT variant outbound connection
* 1:57846 <-> MALWARE-CNC Win.Trojan.ActionRAT variant outbound connection
* 1:57847 <-> MALWARE-CNC Win.Trojan.CetaRAT variant outbound connection
* 1:57848 <-> MALWARE-CNC Win.Trojan.CetaRAT variant outbound connection
* 1:57849 <-> MALWARE-CNC Win.Trojan.CetaRAT variant outbound connection
* 1:57850 <-> MALWARE-OTHER Win.Backdoor.VictoryDll variant download attempt
* 1:57851 <-> MALWARE-OTHER Doc.Dropper.RoyalRoadRTF variant download attempt
* 1:57852 <-> MALWARE-OTHER Win.Downloader.VictoryDll variant download attempt
* 1:57853 <-> MALWARE-OTHER Win.Backdoor.VictoryDll variant download attempt
* 1:57854 <-> MALWARE-OTHER Doc.Dropper.RoyalRoadRTF variant download attempt
* 1:57855 <-> MALWARE-OTHER Win.Downloader.VictoryDll variant download attempt
* 1:57856 <-> SERVER-WEBAPP Cisco ASA cross site scripting attempt
* 1:57857 <-> SERVER-WEBAPP Cisco ASA cross site scripting attempt
* 1:57858 <-> MALWARE-CNC Win.Downloader.VictoryDll outbound connection attempt
* 1:57859 <-> MALWARE-OTHER Win.Trojan.BazaCall variant phishing e-mail detected
* 1:57860 <-> SERVER-WEBAPP Trend Micro SafeSync for Enterprise command injection attempt
* 1:57861 <-> SERVER-WEBAPP Trend Micro SafeSync for Enterprise command injection attempt
* 1:57862 <-> SERVER-WEBAPP Trend Micro SafeSync for Enterprise command injection attempt
* 1:57863 <-> SERVER-WEBAPP Trend Micro SafeSync for Enterprise command injection attempt
* 1:57864 <-> MALWARE-CNC Netfilter rootkit outbound connection attempt
* 1:57865 <-> MALWARE-CNC Netfilter rootkit download attempt
* 1:57866 <-> MALWARE-CNC Netfilter rootkit outbound connection attempt
* 1:57867 <-> MALWARE-CNC Netfilter rootkit download attempt
* 1:57868 <-> MALWARE-CNC Netfilter rootkit outbound connection attempt
* 1:57869 <-> MALWARE-CNC Netfilter rootkit outbound connection attempt
* 1:57870 <-> MALWARE-CNC Netfilter rootkit outbound connection attempt
* 1:57871 <-> MALWARE-CNC Netfilter rootkit download attempt

Modified Rules:

* 1:26527 <-> EXPLOIT-KIT Unix.Backdoor.Cdorked possible blackhole request attempt

3150

2021-06-29 13:56:19 UTC

Snort Subscriber Rules Update

Date: 2021-06-28-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.5.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:300039 <-> FILE-JAVA Oracle Java ImagingLib buffer overflow attempt
* 1:57835 <-> SERVER-WEBAPP Nagios XI command injection attempt
* 1:57836 <-> SERVER-WEBAPP Nagios XI command injection attempt
* 1:57837 <-> BROWSER-CHROME Google Chrome NewFixedDoubleArray memory corruption attempt
* 1:57838 <-> BROWSER-CHROME Google Chrome NewFixedDoubleArray memory corruption attempt
* 1:57839 <-> BROWSER-CHROME Google Chrome NewFixedDoubleArray memory corruption attempt
* 1:57840 <-> BROWSER-CHROME Google Chrome NewFixedDoubleArray memory corruption attempt
* 1:57841 <-> SERVER-WEBAPP Nagios Fusion command injection attempt
* 1:57842 <-> MALWARE-CNC Win.Trojan.ActionRAT variant outbound connection
* 1:57843 <-> MALWARE-CNC Win.Trojan.ActionRAT variant outbound connection
* 1:57844 <-> MALWARE-CNC Win.Trojan.ActionRAT variant outbound connection
* 1:57845 <-> MALWARE-CNC Win.Trojan.ActionRAT variant outbound connection
* 1:57846 <-> MALWARE-CNC Win.Trojan.ActionRAT variant outbound connection
* 1:57847 <-> MALWARE-CNC Win.Trojan.CetaRAT variant outbound connection
* 1:57848 <-> MALWARE-CNC Win.Trojan.CetaRAT variant outbound connection
* 1:57849 <-> MALWARE-CNC Win.Trojan.CetaRAT variant outbound connection
* 1:57850 <-> MALWARE-OTHER Win.Backdoor.VictoryDll variant download attempt
* 1:57851 <-> MALWARE-OTHER Doc.Dropper.RoyalRoadRTF variant download attempt
* 1:57852 <-> MALWARE-OTHER Win.Downloader.VictoryDll variant download attempt
* 1:57853 <-> MALWARE-OTHER Win.Backdoor.VictoryDll variant download attempt
* 1:57854 <-> MALWARE-OTHER Doc.Dropper.RoyalRoadRTF variant download attempt
* 1:57855 <-> MALWARE-OTHER Win.Downloader.VictoryDll variant download attempt
* 1:57856 <-> SERVER-WEBAPP Cisco ASA cross site scripting attempt
* 1:57857 <-> SERVER-WEBAPP Cisco ASA cross site scripting attempt
* 1:57858 <-> MALWARE-CNC Win.Downloader.VictoryDll outbound connection attempt
* 1:57859 <-> MALWARE-OTHER Win.Trojan.BazaCall variant phishing e-mail detected
* 1:57860 <-> SERVER-WEBAPP Trend Micro SafeSync for Enterprise command injection attempt
* 1:57861 <-> SERVER-WEBAPP Trend Micro SafeSync for Enterprise command injection attempt
* 1:57862 <-> SERVER-WEBAPP Trend Micro SafeSync for Enterprise command injection attempt
* 1:57863 <-> SERVER-WEBAPP Trend Micro SafeSync for Enterprise command injection attempt
* 1:57864 <-> MALWARE-CNC Netfilter rootkit outbound connection attempt
* 1:57865 <-> MALWARE-CNC Netfilter rootkit download attempt
* 1:57866 <-> MALWARE-CNC Netfilter rootkit outbound connection attempt
* 1:57867 <-> MALWARE-CNC Netfilter rootkit download attempt
* 1:57868 <-> MALWARE-CNC Netfilter rootkit outbound connection attempt
* 1:57869 <-> MALWARE-CNC Netfilter rootkit outbound connection attempt
* 1:57870 <-> MALWARE-CNC Netfilter rootkit outbound connection attempt
* 1:57871 <-> MALWARE-CNC Netfilter rootkit download attempt

Modified Rules:

* 1:26527 <-> EXPLOIT-KIT Unix.Backdoor.Cdorked possible blackhole request attempt