Talos has added and modified multiple rules in the malware-backdoor, os-other, server-apache, server-other and sql rule sets to provide coverage for emerging threats from these technologies.
For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091800.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:57918 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center MibFileServlet File Deletion directory traversal attempt (server-webapp.rules)
* 1:108 <-> DISABLED <-> MALWARE-BACKDOOR QAZ Worm Client Login access (malware-backdoor.rules) * 1:13990 <-> DISABLED <-> SQL union select - possible sql injection attempt - GET parameter (sql.rules) * 1:16426 <-> DISABLED <-> SERVER-WEBAPP Oracle Java System Web Server 7.0 WebDAV format string exploit attempt - PROPFIND method (server-webapp.rules) * 1:195 <-> DISABLED <-> MALWARE-BACKDOOR DeepThroat 3.1 Server Response (malware-backdoor.rules) * 1:1980 <-> DISABLED <-> MALWARE-BACKDOOR DeepThroat 3.1 Connection (malware-backdoor.rules) * 1:1981 <-> DISABLED <-> MALWARE-BACKDOOR DeepThroat 3.1 Connection attempt on port 3150 (malware-backdoor.rules) * 1:1982 <-> DISABLED <-> MALWARE-BACKDOOR DeepThroat 3.1 Server Response on port 3150 (malware-backdoor.rules) * 1:1983 <-> DISABLED <-> MALWARE-BACKDOOR DeepThroat 3.1 Connection attempt on port 4120 (malware-backdoor.rules) * 1:1984 <-> DISABLED <-> MALWARE-BACKDOOR DeepThroat 3.1 Server Response on port 4120 (malware-backdoor.rules) * 1:2100 <-> DISABLED <-> MALWARE-BACKDOOR SubSeven 2.1 Gold server connection response (malware-backdoor.rules) * 1:44328 <-> DISABLED <-> SERVER-APACHE Apache Struts freemarker tag OGNL expression injection attempt (server-apache.rules) * 1:45499 <-> DISABLED <-> SERVER-OTHER ISC DHCPD remote denial of service attempt (server-other.rules) * 3:57745 <-> ENABLED <-> OS-OTHER TRUFFLEHUNTER TALOS-2021-1309 attack attempt (os-other.rules) * 3:57746 <-> ENABLED <-> OS-OTHER TRUFFLEHUNTER TALOS-2021-1309 attack attempt (os-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091701.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:57918 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center MibFileServlet File Deletion directory traversal attempt (server-webapp.rules)
* 1:195 <-> DISABLED <-> MALWARE-BACKDOOR DeepThroat 3.1 Server Response (malware-backdoor.rules) * 1:44328 <-> DISABLED <-> SERVER-APACHE Apache Struts freemarker tag OGNL expression injection attempt (server-apache.rules) * 1:1980 <-> DISABLED <-> MALWARE-BACKDOOR DeepThroat 3.1 Connection (malware-backdoor.rules) * 1:16426 <-> DISABLED <-> SERVER-WEBAPP Oracle Java System Web Server 7.0 WebDAV format string exploit attempt - PROPFIND method (server-webapp.rules) * 1:1981 <-> DISABLED <-> MALWARE-BACKDOOR DeepThroat 3.1 Connection attempt on port 3150 (malware-backdoor.rules) * 1:108 <-> DISABLED <-> MALWARE-BACKDOOR QAZ Worm Client Login access (malware-backdoor.rules) * 1:1982 <-> DISABLED <-> MALWARE-BACKDOOR DeepThroat 3.1 Server Response on port 3150 (malware-backdoor.rules) * 1:1983 <-> DISABLED <-> MALWARE-BACKDOOR DeepThroat 3.1 Connection attempt on port 4120 (malware-backdoor.rules) * 1:1984 <-> DISABLED <-> MALWARE-BACKDOOR DeepThroat 3.1 Server Response on port 4120 (malware-backdoor.rules) * 1:45499 <-> DISABLED <-> SERVER-OTHER ISC DHCPD remote denial of service attempt (server-other.rules) * 1:13990 <-> DISABLED <-> SQL union select - possible sql injection attempt - GET parameter (sql.rules) * 1:2100 <-> DISABLED <-> MALWARE-BACKDOOR SubSeven 2.1 Gold server connection response (malware-backdoor.rules) * 3:57745 <-> ENABLED <-> OS-OTHER TRUFFLEHUNTER TALOS-2021-1309 attack attempt (os-other.rules) * 3:57746 <-> ENABLED <-> OS-OTHER TRUFFLEHUNTER TALOS-2021-1309 attack attempt (os-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091700.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:57918 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center MibFileServlet File Deletion directory traversal attempt (server-webapp.rules)
* 1:1982 <-> DISABLED <-> MALWARE-BACKDOOR DeepThroat 3.1 Server Response on port 3150 (malware-backdoor.rules) * 1:1984 <-> DISABLED <-> MALWARE-BACKDOOR DeepThroat 3.1 Server Response on port 4120 (malware-backdoor.rules) * 1:1983 <-> DISABLED <-> MALWARE-BACKDOOR DeepThroat 3.1 Connection attempt on port 4120 (malware-backdoor.rules) * 1:45499 <-> DISABLED <-> SERVER-OTHER ISC DHCPD remote denial of service attempt (server-other.rules) * 1:1981 <-> DISABLED <-> MALWARE-BACKDOOR DeepThroat 3.1 Connection attempt on port 3150 (malware-backdoor.rules) * 1:2100 <-> DISABLED <-> MALWARE-BACKDOOR SubSeven 2.1 Gold server connection response (malware-backdoor.rules) * 1:1980 <-> DISABLED <-> MALWARE-BACKDOOR DeepThroat 3.1 Connection (malware-backdoor.rules) * 1:44328 <-> DISABLED <-> SERVER-APACHE Apache Struts freemarker tag OGNL expression injection attempt (server-apache.rules) * 1:13990 <-> DISABLED <-> SQL union select - possible sql injection attempt - GET parameter (sql.rules) * 1:16426 <-> DISABLED <-> SERVER-WEBAPP Oracle Java System Web Server 7.0 WebDAV format string exploit attempt - PROPFIND method (server-webapp.rules) * 1:108 <-> DISABLED <-> MALWARE-BACKDOOR QAZ Worm Client Login access (malware-backdoor.rules) * 1:195 <-> DISABLED <-> MALWARE-BACKDOOR DeepThroat 3.1 Server Response (malware-backdoor.rules) * 3:57745 <-> ENABLED <-> OS-OTHER TRUFFLEHUNTER TALOS-2021-1309 attack attempt (os-other.rules) * 3:57746 <-> ENABLED <-> OS-OTHER TRUFFLEHUNTER TALOS-2021-1309 attack attempt (os-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091601.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:57918 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center MibFileServlet File Deletion directory traversal attempt (server-webapp.rules)
* 1:2100 <-> DISABLED <-> MALWARE-BACKDOOR SubSeven 2.1 Gold server connection response (malware-backdoor.rules) * 1:45499 <-> DISABLED <-> SERVER-OTHER ISC DHCPD remote denial of service attempt (server-other.rules) * 1:1983 <-> DISABLED <-> MALWARE-BACKDOOR DeepThroat 3.1 Connection attempt on port 4120 (malware-backdoor.rules) * 1:1984 <-> DISABLED <-> MALWARE-BACKDOOR DeepThroat 3.1 Server Response on port 4120 (malware-backdoor.rules) * 1:1982 <-> DISABLED <-> MALWARE-BACKDOOR DeepThroat 3.1 Server Response on port 3150 (malware-backdoor.rules) * 1:1980 <-> DISABLED <-> MALWARE-BACKDOOR DeepThroat 3.1 Connection (malware-backdoor.rules) * 1:1981 <-> DISABLED <-> MALWARE-BACKDOOR DeepThroat 3.1 Connection attempt on port 3150 (malware-backdoor.rules) * 1:13990 <-> DISABLED <-> SQL union select - possible sql injection attempt - GET parameter (sql.rules) * 1:195 <-> DISABLED <-> MALWARE-BACKDOOR DeepThroat 3.1 Server Response (malware-backdoor.rules) * 1:108 <-> DISABLED <-> MALWARE-BACKDOOR QAZ Worm Client Login access (malware-backdoor.rules) * 1:16426 <-> DISABLED <-> SERVER-WEBAPP Oracle Java System Web Server 7.0 WebDAV format string exploit attempt - PROPFIND method (server-webapp.rules) * 1:44328 <-> DISABLED <-> SERVER-APACHE Apache Struts freemarker tag OGNL expression injection attempt (server-apache.rules) * 3:57746 <-> ENABLED <-> OS-OTHER TRUFFLEHUNTER TALOS-2021-1309 attack attempt (os-other.rules) * 3:57745 <-> ENABLED <-> OS-OTHER TRUFFLEHUNTER TALOS-2021-1309 attack attempt (os-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091600.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:57918 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center MibFileServlet File Deletion directory traversal attempt (server-webapp.rules)
* 1:108 <-> DISABLED <-> MALWARE-BACKDOOR QAZ Worm Client Login access (malware-backdoor.rules) * 1:2100 <-> DISABLED <-> MALWARE-BACKDOOR SubSeven 2.1 Gold server connection response (malware-backdoor.rules) * 1:1984 <-> DISABLED <-> MALWARE-BACKDOOR DeepThroat 3.1 Server Response on port 4120 (malware-backdoor.rules) * 1:44328 <-> DISABLED <-> SERVER-APACHE Apache Struts freemarker tag OGNL expression injection attempt (server-apache.rules) * 1:45499 <-> DISABLED <-> SERVER-OTHER ISC DHCPD remote denial of service attempt (server-other.rules) * 1:195 <-> DISABLED <-> MALWARE-BACKDOOR DeepThroat 3.1 Server Response (malware-backdoor.rules) * 1:1981 <-> DISABLED <-> MALWARE-BACKDOOR DeepThroat 3.1 Connection attempt on port 3150 (malware-backdoor.rules) * 1:16426 <-> DISABLED <-> SERVER-WEBAPP Oracle Java System Web Server 7.0 WebDAV format string exploit attempt - PROPFIND method (server-webapp.rules) * 1:1983 <-> DISABLED <-> MALWARE-BACKDOOR DeepThroat 3.1 Connection attempt on port 4120 (malware-backdoor.rules) * 1:1982 <-> DISABLED <-> MALWARE-BACKDOOR DeepThroat 3.1 Server Response on port 3150 (malware-backdoor.rules) * 1:13990 <-> DISABLED <-> SQL union select - possible sql injection attempt - GET parameter (sql.rules) * 1:1980 <-> DISABLED <-> MALWARE-BACKDOOR DeepThroat 3.1 Connection (malware-backdoor.rules) * 3:57745 <-> ENABLED <-> OS-OTHER TRUFFLEHUNTER TALOS-2021-1309 attack attempt (os-other.rules) * 3:57746 <-> ENABLED <-> OS-OTHER TRUFFLEHUNTER TALOS-2021-1309 attack attempt (os-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091501.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:57918 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center MibFileServlet File Deletion directory traversal attempt (server-webapp.rules)
* 1:16426 <-> DISABLED <-> SERVER-WEBAPP Oracle Java System Web Server 7.0 WebDAV format string exploit attempt - PROPFIND method (server-webapp.rules) * 1:44328 <-> DISABLED <-> SERVER-APACHE Apache Struts freemarker tag OGNL expression injection attempt (server-apache.rules) * 1:2100 <-> DISABLED <-> MALWARE-BACKDOOR SubSeven 2.1 Gold server connection response (malware-backdoor.rules) * 1:45499 <-> DISABLED <-> SERVER-OTHER ISC DHCPD remote denial of service attempt (server-other.rules) * 1:13990 <-> DISABLED <-> SQL union select - possible sql injection attempt - GET parameter (sql.rules) * 1:1984 <-> DISABLED <-> MALWARE-BACKDOOR DeepThroat 3.1 Server Response on port 4120 (malware-backdoor.rules) * 1:1980 <-> DISABLED <-> MALWARE-BACKDOOR DeepThroat 3.1 Connection (malware-backdoor.rules) * 1:108 <-> DISABLED <-> MALWARE-BACKDOOR QAZ Worm Client Login access (malware-backdoor.rules) * 1:1981 <-> DISABLED <-> MALWARE-BACKDOOR DeepThroat 3.1 Connection attempt on port 3150 (malware-backdoor.rules) * 1:1982 <-> DISABLED <-> MALWARE-BACKDOOR DeepThroat 3.1 Server Response on port 3150 (malware-backdoor.rules) * 1:195 <-> DISABLED <-> MALWARE-BACKDOOR DeepThroat 3.1 Server Response (malware-backdoor.rules) * 1:1983 <-> DISABLED <-> MALWARE-BACKDOOR DeepThroat 3.1 Connection attempt on port 4120 (malware-backdoor.rules) * 3:57745 <-> ENABLED <-> OS-OTHER TRUFFLEHUNTER TALOS-2021-1309 attack attempt (os-other.rules) * 3:57746 <-> ENABLED <-> OS-OTHER TRUFFLEHUNTER TALOS-2021-1309 attack attempt (os-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091401.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:57918 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center MibFileServlet File Deletion directory traversal attempt (server-webapp.rules)
* 1:1984 <-> DISABLED <-> MALWARE-BACKDOOR DeepThroat 3.1 Server Response on port 4120 (malware-backdoor.rules) * 1:45499 <-> DISABLED <-> SERVER-OTHER ISC DHCPD remote denial of service attempt (server-other.rules) * 1:1983 <-> DISABLED <-> MALWARE-BACKDOOR DeepThroat 3.1 Connection attempt on port 4120 (malware-backdoor.rules) * 1:44328 <-> DISABLED <-> SERVER-APACHE Apache Struts freemarker tag OGNL expression injection attempt (server-apache.rules) * 1:2100 <-> DISABLED <-> MALWARE-BACKDOOR SubSeven 2.1 Gold server connection response (malware-backdoor.rules) * 1:1982 <-> DISABLED <-> MALWARE-BACKDOOR DeepThroat 3.1 Server Response on port 3150 (malware-backdoor.rules) * 1:16426 <-> DISABLED <-> SERVER-WEBAPP Oracle Java System Web Server 7.0 WebDAV format string exploit attempt - PROPFIND method (server-webapp.rules) * 1:1981 <-> DISABLED <-> MALWARE-BACKDOOR DeepThroat 3.1 Connection attempt on port 3150 (malware-backdoor.rules) * 1:108 <-> DISABLED <-> MALWARE-BACKDOOR QAZ Worm Client Login access (malware-backdoor.rules) * 1:1980 <-> DISABLED <-> MALWARE-BACKDOOR DeepThroat 3.1 Connection (malware-backdoor.rules) * 1:195 <-> DISABLED <-> MALWARE-BACKDOOR DeepThroat 3.1 Server Response (malware-backdoor.rules) * 1:13990 <-> DISABLED <-> SQL union select - possible sql injection attempt - GET parameter (sql.rules) * 3:57745 <-> ENABLED <-> OS-OTHER TRUFFLEHUNTER TALOS-2021-1309 attack attempt (os-other.rules) * 3:57746 <-> ENABLED <-> OS-OTHER TRUFFLEHUNTER TALOS-2021-1309 attack attempt (os-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091300.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:57918 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center MibFileServlet File Deletion directory traversal attempt (server-webapp.rules)
* 1:45499 <-> DISABLED <-> SERVER-OTHER ISC DHCPD remote denial of service attempt (server-other.rules) * 1:1983 <-> DISABLED <-> MALWARE-BACKDOOR DeepThroat 3.1 Connection attempt on port 4120 (malware-backdoor.rules) * 1:1982 <-> DISABLED <-> MALWARE-BACKDOOR DeepThroat 3.1 Server Response on port 3150 (malware-backdoor.rules) * 1:108 <-> DISABLED <-> MALWARE-BACKDOOR QAZ Worm Client Login access (malware-backdoor.rules) * 1:1980 <-> DISABLED <-> MALWARE-BACKDOOR DeepThroat 3.1 Connection (malware-backdoor.rules) * 1:44328 <-> DISABLED <-> SERVER-APACHE Apache Struts freemarker tag OGNL expression injection attempt (server-apache.rules) * 1:2100 <-> DISABLED <-> MALWARE-BACKDOOR SubSeven 2.1 Gold server connection response (malware-backdoor.rules) * 1:195 <-> DISABLED <-> MALWARE-BACKDOOR DeepThroat 3.1 Server Response (malware-backdoor.rules) * 1:16426 <-> DISABLED <-> SERVER-WEBAPP Oracle Java System Web Server 7.0 WebDAV format string exploit attempt - PROPFIND method (server-webapp.rules) * 1:1984 <-> DISABLED <-> MALWARE-BACKDOOR DeepThroat 3.1 Server Response on port 4120 (malware-backdoor.rules) * 1:13990 <-> DISABLED <-> SQL union select - possible sql injection attempt - GET parameter (sql.rules) * 1:1981 <-> DISABLED <-> MALWARE-BACKDOOR DeepThroat 3.1 Connection attempt on port 3150 (malware-backdoor.rules) * 3:57745 <-> ENABLED <-> OS-OTHER TRUFFLEHUNTER TALOS-2021-1309 attack attempt (os-other.rules) * 3:57746 <-> ENABLED <-> OS-OTHER TRUFFLEHUNTER TALOS-2021-1309 attack attempt (os-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091101.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:57918 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center MibFileServlet File Deletion directory traversal attempt (server-webapp.rules)
* 1:108 <-> DISABLED <-> MALWARE-BACKDOOR QAZ Worm Client Login access (malware-backdoor.rules) * 1:1980 <-> DISABLED <-> MALWARE-BACKDOOR DeepThroat 3.1 Connection (malware-backdoor.rules) * 1:45499 <-> DISABLED <-> SERVER-OTHER ISC DHCPD remote denial of service attempt (server-other.rules) * 1:195 <-> DISABLED <-> MALWARE-BACKDOOR DeepThroat 3.1 Server Response (malware-backdoor.rules) * 1:16426 <-> DISABLED <-> SERVER-WEBAPP Oracle Java System Web Server 7.0 WebDAV format string exploit attempt - PROPFIND method (server-webapp.rules) * 1:13990 <-> DISABLED <-> SQL union select - possible sql injection attempt - GET parameter (sql.rules) * 1:44328 <-> DISABLED <-> SERVER-APACHE Apache Struts freemarker tag OGNL expression injection attempt (server-apache.rules) * 1:1981 <-> DISABLED <-> MALWARE-BACKDOOR DeepThroat 3.1 Connection attempt on port 3150 (malware-backdoor.rules) * 1:1982 <-> DISABLED <-> MALWARE-BACKDOOR DeepThroat 3.1 Server Response on port 3150 (malware-backdoor.rules) * 1:1983 <-> DISABLED <-> MALWARE-BACKDOOR DeepThroat 3.1 Connection attempt on port 4120 (malware-backdoor.rules) * 1:1984 <-> DISABLED <-> MALWARE-BACKDOOR DeepThroat 3.1 Server Response on port 4120 (malware-backdoor.rules) * 1:2100 <-> DISABLED <-> MALWARE-BACKDOOR SubSeven 2.1 Gold server connection response (malware-backdoor.rules) * 3:57746 <-> ENABLED <-> OS-OTHER TRUFFLEHUNTER TALOS-2021-1309 attack attempt (os-other.rules) * 3:57745 <-> ENABLED <-> OS-OTHER TRUFFLEHUNTER TALOS-2021-1309 attack attempt (os-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3000.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:57918 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center MibFileServlet File Deletion directory traversal attempt (snort3-server-webapp.rules)
* 1:16426 <-> DISABLED <-> SERVER-WEBAPP Oracle Java System Web Server 7.0 WebDAV format string exploit attempt - PROPFIND method (snort3-server-webapp.rules) * 1:1981 <-> DISABLED <-> MALWARE-BACKDOOR DeepThroat 3.1 Connection attempt on port 3150 (snort3-malware-backdoor.rules) * 1:2100 <-> DISABLED <-> MALWARE-BACKDOOR SubSeven 2.1 Gold server connection response (snort3-malware-backdoor.rules) * 1:108 <-> DISABLED <-> MALWARE-BACKDOOR QAZ Worm Client Login access (snort3-malware-backdoor.rules) * 1:1980 <-> DISABLED <-> MALWARE-BACKDOOR DeepThroat 3.1 Connection (snort3-malware-backdoor.rules) * 1:45499 <-> DISABLED <-> SERVER-OTHER ISC DHCPD remote denial of service attempt (snort3-server-other.rules) * 1:195 <-> DISABLED <-> MALWARE-BACKDOOR DeepThroat 3.1 Server Response (snort3-malware-backdoor.rules) * 1:1984 <-> DISABLED <-> MALWARE-BACKDOOR DeepThroat 3.1 Server Response on port 4120 (snort3-malware-backdoor.rules) * 1:13990 <-> DISABLED <-> SQL union select - possible sql injection attempt - GET parameter (snort3-sql.rules) * 1:1982 <-> DISABLED <-> MALWARE-BACKDOOR DeepThroat 3.1 Server Response on port 3150 (snort3-malware-backdoor.rules) * 1:44328 <-> DISABLED <-> SERVER-APACHE Apache Struts freemarker tag OGNL expression injection attempt (snort3-server-apache.rules) * 1:1983 <-> DISABLED <-> MALWARE-BACKDOOR DeepThroat 3.1 Connection attempt on port 4120 (snort3-malware-backdoor.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:57918 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center MibFileServlet File Deletion directory traversal attempt (server-webapp.rules)
* 1:44328 <-> DISABLED <-> SERVER-APACHE Apache Struts freemarker tag OGNL expression injection attempt (server-apache.rules) * 1:1982 <-> DISABLED <-> MALWARE-BACKDOOR DeepThroat 3.1 Server Response on port 3150 (malware-backdoor.rules) * 1:1980 <-> DISABLED <-> MALWARE-BACKDOOR DeepThroat 3.1 Connection (malware-backdoor.rules) * 1:1981 <-> DISABLED <-> MALWARE-BACKDOOR DeepThroat 3.1 Connection attempt on port 3150 (malware-backdoor.rules) * 1:195 <-> DISABLED <-> MALWARE-BACKDOOR DeepThroat 3.1 Server Response (malware-backdoor.rules) * 1:13990 <-> DISABLED <-> SQL union select - possible sql injection attempt - GET parameter (sql.rules) * 1:108 <-> DISABLED <-> MALWARE-BACKDOOR QAZ Worm Client Login access (malware-backdoor.rules) * 1:1984 <-> DISABLED <-> MALWARE-BACKDOOR DeepThroat 3.1 Server Response on port 4120 (malware-backdoor.rules) * 1:45499 <-> DISABLED <-> SERVER-OTHER ISC DHCPD remote denial of service attempt (server-other.rules) * 1:16426 <-> DISABLED <-> SERVER-WEBAPP Oracle Java System Web Server 7.0 WebDAV format string exploit attempt - PROPFIND method (server-webapp.rules) * 1:1983 <-> DISABLED <-> MALWARE-BACKDOOR DeepThroat 3.1 Connection attempt on port 4120 (malware-backdoor.rules) * 1:2100 <-> DISABLED <-> MALWARE-BACKDOOR SubSeven 2.1 Gold server connection response (malware-backdoor.rules) * 3:57746 <-> ENABLED <-> OS-OTHER TRUFFLEHUNTER TALOS-2021-1309 attack attempt (os-other.rules) * 3:57745 <-> ENABLED <-> OS-OTHER TRUFFLEHUNTER TALOS-2021-1309 attack attempt (os-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.0.3.1.
The format of the file is:
gid:sid <-> Message
* 3:57829 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1316 attack attempt * 3:57830 <-> FILE-PDF TRUFFLEHUNTER TALOS-2021-1336 attack attempt * 3:57831 <-> FILE-PDF TRUFFLEHUNTER TALOS-2021-1336 attack attempt * 3:57882 <-> SERVER-WEBAPP Cisco Business Process Automation privilege escalation attempt * 3:57883 <-> SERVER-WEBAPP Cisco Business Process Automation privilege escalation attempt * 3:57884 <-> SERVER-WEBAPP Cisco Business Process Automation privilege escalation attempt * 3:57885 <-> SERVER-WEBAPP Cisco Business Process Automation privilege escalation attempt * 3:57886 <-> POLICY-OTHER Cisco Business Process Automation permissions modification detected * 3:57887 <-> SERVER-WEBAPP Cisco Web Security Appliance command injection attempt * 3:57888 <-> OS-OTHER TRUFFLEHUNTER TALOS-2021-1339 attack attempt * 3:57889 <-> OS-OTHER TRUFFLEHUNTER TALOS-2021-1339 attack attempt * 3:57899 <-> OS-OTHER TRUFFLEHUNTER TALOS-2021-1340 attack attempt * 3:57900 <-> OS-OTHER TRUFFLEHUNTER TALOS-2021-1340 attack attempt * 1:57918 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center MibFileServlet File Deletion directory traversal attempt
* 1:108 <-> MALWARE-BACKDOOR QAZ Worm Client Login access * 1:13990 <-> SQL union select - possible sql injection attempt - GET parameter * 1:16426 <-> SERVER-WEBAPP Oracle Java System Web Server 7.0 WebDAV format string exploit attempt - PROPFIND method * 1:195 <-> MALWARE-BACKDOOR DeepThroat 3.1 Server Response * 1:1980 <-> MALWARE-BACKDOOR DeepThroat 3.1 Connection * 1:1981 <-> MALWARE-BACKDOOR DeepThroat 3.1 Connection attempt on port 3150 * 1:1982 <-> MALWARE-BACKDOOR DeepThroat 3.1 Server Response on port 3150 * 1:1983 <-> MALWARE-BACKDOOR DeepThroat 3.1 Connection attempt on port 4120 * 1:1984 <-> MALWARE-BACKDOOR DeepThroat 3.1 Server Response on port 4120 * 1:2100 <-> MALWARE-BACKDOOR SubSeven 2.1 Gold server connection response * 1:44328 <-> SERVER-APACHE Apache Struts freemarker tag OGNL expression injection attempt * 1:45499 <-> SERVER-OTHER ISC DHCPD remote denial of service attempt * 3:57745 <-> OS-OTHER TRUFFLEHUNTER TALOS-2021-1309 attack attempt * 3:57746 <-> OS-OTHER TRUFFLEHUNTER TALOS-2021-1309 attack attempt * 3:57783 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1324 attack attempt * 3:57784 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1324 attack attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.0.3.4.
The format of the file is:
gid:sid <-> Message
* 3:57829 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1316 attack attempt * 3:57830 <-> FILE-PDF TRUFFLEHUNTER TALOS-2021-1336 attack attempt * 3:57831 <-> FILE-PDF TRUFFLEHUNTER TALOS-2021-1336 attack attempt * 3:57882 <-> SERVER-WEBAPP Cisco Business Process Automation privilege escalation attempt * 3:57883 <-> SERVER-WEBAPP Cisco Business Process Automation privilege escalation attempt * 3:57884 <-> SERVER-WEBAPP Cisco Business Process Automation privilege escalation attempt * 3:57885 <-> SERVER-WEBAPP Cisco Business Process Automation privilege escalation attempt * 3:57886 <-> POLICY-OTHER Cisco Business Process Automation permissions modification detected * 3:57887 <-> SERVER-WEBAPP Cisco Web Security Appliance command injection attempt * 3:57888 <-> OS-OTHER TRUFFLEHUNTER TALOS-2021-1339 attack attempt * 3:57889 <-> OS-OTHER TRUFFLEHUNTER TALOS-2021-1339 attack attempt * 3:57899 <-> OS-OTHER TRUFFLEHUNTER TALOS-2021-1340 attack attempt * 3:57900 <-> OS-OTHER TRUFFLEHUNTER TALOS-2021-1340 attack attempt * 1:57918 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center MibFileServlet File Deletion directory traversal attempt
* 1:108 <-> MALWARE-BACKDOOR QAZ Worm Client Login access * 1:13990 <-> SQL union select - possible sql injection attempt - GET parameter * 1:16426 <-> SERVER-WEBAPP Oracle Java System Web Server 7.0 WebDAV format string exploit attempt - PROPFIND method * 1:195 <-> MALWARE-BACKDOOR DeepThroat 3.1 Server Response * 1:1980 <-> MALWARE-BACKDOOR DeepThroat 3.1 Connection * 1:1981 <-> MALWARE-BACKDOOR DeepThroat 3.1 Connection attempt on port 3150 * 1:1982 <-> MALWARE-BACKDOOR DeepThroat 3.1 Server Response on port 3150 * 1:1983 <-> MALWARE-BACKDOOR DeepThroat 3.1 Connection attempt on port 4120 * 1:1984 <-> MALWARE-BACKDOOR DeepThroat 3.1 Server Response on port 4120 * 1:2100 <-> MALWARE-BACKDOOR SubSeven 2.1 Gold server connection response * 1:44328 <-> SERVER-APACHE Apache Struts freemarker tag OGNL expression injection attempt * 1:45499 <-> SERVER-OTHER ISC DHCPD remote denial of service attempt * 3:57745 <-> OS-OTHER TRUFFLEHUNTER TALOS-2021-1309 attack attempt * 3:57746 <-> OS-OTHER TRUFFLEHUNTER TALOS-2021-1309 attack attempt * 3:57783 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1324 attack attempt * 3:57784 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1324 attack attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.0.0.
The format of the file is:
gid:sid <-> Message
* 3:57829 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1316 attack attempt * 3:57830 <-> FILE-PDF TRUFFLEHUNTER TALOS-2021-1336 attack attempt * 3:57831 <-> FILE-PDF TRUFFLEHUNTER TALOS-2021-1336 attack attempt * 3:57882 <-> SERVER-WEBAPP Cisco Business Process Automation privilege escalation attempt * 3:57883 <-> SERVER-WEBAPP Cisco Business Process Automation privilege escalation attempt * 3:57884 <-> SERVER-WEBAPP Cisco Business Process Automation privilege escalation attempt * 3:57885 <-> SERVER-WEBAPP Cisco Business Process Automation privilege escalation attempt * 3:57886 <-> POLICY-OTHER Cisco Business Process Automation permissions modification detected * 3:57887 <-> SERVER-WEBAPP Cisco Web Security Appliance command injection attempt * 3:57888 <-> OS-OTHER TRUFFLEHUNTER TALOS-2021-1339 attack attempt * 3:57889 <-> OS-OTHER TRUFFLEHUNTER TALOS-2021-1339 attack attempt * 3:57899 <-> OS-OTHER TRUFFLEHUNTER TALOS-2021-1340 attack attempt * 3:57900 <-> OS-OTHER TRUFFLEHUNTER TALOS-2021-1340 attack attempt * 1:57918 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center MibFileServlet File Deletion directory traversal attempt
* 1:108 <-> MALWARE-BACKDOOR QAZ Worm Client Login access * 1:13990 <-> SQL union select - possible sql injection attempt - GET parameter * 1:16426 <-> SERVER-WEBAPP Oracle Java System Web Server 7.0 WebDAV format string exploit attempt - PROPFIND method * 1:195 <-> MALWARE-BACKDOOR DeepThroat 3.1 Server Response * 1:1980 <-> MALWARE-BACKDOOR DeepThroat 3.1 Connection * 1:1981 <-> MALWARE-BACKDOOR DeepThroat 3.1 Connection attempt on port 3150 * 1:1982 <-> MALWARE-BACKDOOR DeepThroat 3.1 Server Response on port 3150 * 1:1983 <-> MALWARE-BACKDOOR DeepThroat 3.1 Connection attempt on port 4120 * 1:1984 <-> MALWARE-BACKDOOR DeepThroat 3.1 Server Response on port 4120 * 1:2100 <-> MALWARE-BACKDOOR SubSeven 2.1 Gold server connection response * 1:44328 <-> SERVER-APACHE Apache Struts freemarker tag OGNL expression injection attempt * 1:45499 <-> SERVER-OTHER ISC DHCPD remote denial of service attempt * 3:57745 <-> OS-OTHER TRUFFLEHUNTER TALOS-2021-1309 attack attempt * 3:57746 <-> OS-OTHER TRUFFLEHUNTER TALOS-2021-1309 attack attempt * 3:57783 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1324 attack attempt * 3:57784 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1324 attack attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.0.1.
The format of the file is:
gid:sid <-> Message
* 3:57829 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1316 attack attempt * 3:57830 <-> FILE-PDF TRUFFLEHUNTER TALOS-2021-1336 attack attempt * 3:57831 <-> FILE-PDF TRUFFLEHUNTER TALOS-2021-1336 attack attempt * 3:57882 <-> SERVER-WEBAPP Cisco Business Process Automation privilege escalation attempt * 3:57883 <-> SERVER-WEBAPP Cisco Business Process Automation privilege escalation attempt * 3:57884 <-> SERVER-WEBAPP Cisco Business Process Automation privilege escalation attempt * 3:57885 <-> SERVER-WEBAPP Cisco Business Process Automation privilege escalation attempt * 3:57886 <-> POLICY-OTHER Cisco Business Process Automation permissions modification detected * 3:57887 <-> SERVER-WEBAPP Cisco Web Security Appliance command injection attempt * 3:57888 <-> OS-OTHER TRUFFLEHUNTER TALOS-2021-1339 attack attempt * 3:57889 <-> OS-OTHER TRUFFLEHUNTER TALOS-2021-1339 attack attempt * 3:57899 <-> OS-OTHER TRUFFLEHUNTER TALOS-2021-1340 attack attempt * 3:57900 <-> OS-OTHER TRUFFLEHUNTER TALOS-2021-1340 attack attempt * 1:57918 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center MibFileServlet File Deletion directory traversal attempt
* 1:108 <-> MALWARE-BACKDOOR QAZ Worm Client Login access * 1:13990 <-> SQL union select - possible sql injection attempt - GET parameter * 1:16426 <-> SERVER-WEBAPP Oracle Java System Web Server 7.0 WebDAV format string exploit attempt - PROPFIND method * 1:195 <-> MALWARE-BACKDOOR DeepThroat 3.1 Server Response * 1:1980 <-> MALWARE-BACKDOOR DeepThroat 3.1 Connection * 1:1981 <-> MALWARE-BACKDOOR DeepThroat 3.1 Connection attempt on port 3150 * 1:1982 <-> MALWARE-BACKDOOR DeepThroat 3.1 Server Response on port 3150 * 1:1983 <-> MALWARE-BACKDOOR DeepThroat 3.1 Connection attempt on port 4120 * 1:1984 <-> MALWARE-BACKDOOR DeepThroat 3.1 Server Response on port 4120 * 1:2100 <-> MALWARE-BACKDOOR SubSeven 2.1 Gold server connection response * 1:44328 <-> SERVER-APACHE Apache Struts freemarker tag OGNL expression injection attempt * 1:45499 <-> SERVER-OTHER ISC DHCPD remote denial of service attempt * 3:57745 <-> OS-OTHER TRUFFLEHUNTER TALOS-2021-1309 attack attempt * 3:57746 <-> OS-OTHER TRUFFLEHUNTER TALOS-2021-1309 attack attempt * 3:57783 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1324 attack attempt * 3:57784 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1324 attack attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.1.0.
The format of the file is:
gid:sid <-> Message
* 3:57829 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1316 attack attempt * 3:57830 <-> FILE-PDF TRUFFLEHUNTER TALOS-2021-1336 attack attempt * 3:57831 <-> FILE-PDF TRUFFLEHUNTER TALOS-2021-1336 attack attempt * 3:57882 <-> SERVER-WEBAPP Cisco Business Process Automation privilege escalation attempt * 3:57883 <-> SERVER-WEBAPP Cisco Business Process Automation privilege escalation attempt * 3:57884 <-> SERVER-WEBAPP Cisco Business Process Automation privilege escalation attempt * 3:57885 <-> SERVER-WEBAPP Cisco Business Process Automation privilege escalation attempt * 3:57886 <-> POLICY-OTHER Cisco Business Process Automation permissions modification detected * 3:57887 <-> SERVER-WEBAPP Cisco Web Security Appliance command injection attempt * 3:57888 <-> OS-OTHER TRUFFLEHUNTER TALOS-2021-1339 attack attempt * 3:57889 <-> OS-OTHER TRUFFLEHUNTER TALOS-2021-1339 attack attempt * 3:57899 <-> OS-OTHER TRUFFLEHUNTER TALOS-2021-1340 attack attempt * 3:57900 <-> OS-OTHER TRUFFLEHUNTER TALOS-2021-1340 attack attempt * 1:57918 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center MibFileServlet File Deletion directory traversal attempt
* 1:108 <-> MALWARE-BACKDOOR QAZ Worm Client Login access * 1:13990 <-> SQL union select - possible sql injection attempt - GET parameter * 1:16426 <-> SERVER-WEBAPP Oracle Java System Web Server 7.0 WebDAV format string exploit attempt - PROPFIND method * 1:195 <-> MALWARE-BACKDOOR DeepThroat 3.1 Server Response * 1:1980 <-> MALWARE-BACKDOOR DeepThroat 3.1 Connection * 1:1981 <-> MALWARE-BACKDOOR DeepThroat 3.1 Connection attempt on port 3150 * 1:1982 <-> MALWARE-BACKDOOR DeepThroat 3.1 Server Response on port 3150 * 1:1983 <-> MALWARE-BACKDOOR DeepThroat 3.1 Connection attempt on port 4120 * 1:1984 <-> MALWARE-BACKDOOR DeepThroat 3.1 Server Response on port 4120 * 1:2100 <-> MALWARE-BACKDOOR SubSeven 2.1 Gold server connection response * 1:44328 <-> SERVER-APACHE Apache Struts freemarker tag OGNL expression injection attempt * 1:45499 <-> SERVER-OTHER ISC DHCPD remote denial of service attempt * 3:57745 <-> OS-OTHER TRUFFLEHUNTER TALOS-2021-1309 attack attempt * 3:57746 <-> OS-OTHER TRUFFLEHUNTER TALOS-2021-1309 attack attempt * 3:57783 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1324 attack attempt * 3:57784 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1324 attack attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.3.0.
The format of the file is:
gid:sid <-> Message
* 3:57829 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1316 attack attempt * 3:57830 <-> FILE-PDF TRUFFLEHUNTER TALOS-2021-1336 attack attempt * 3:57831 <-> FILE-PDF TRUFFLEHUNTER TALOS-2021-1336 attack attempt * 3:57882 <-> SERVER-WEBAPP Cisco Business Process Automation privilege escalation attempt * 3:57883 <-> SERVER-WEBAPP Cisco Business Process Automation privilege escalation attempt * 3:57884 <-> SERVER-WEBAPP Cisco Business Process Automation privilege escalation attempt * 3:57885 <-> SERVER-WEBAPP Cisco Business Process Automation privilege escalation attempt * 3:57886 <-> POLICY-OTHER Cisco Business Process Automation permissions modification detected * 3:57887 <-> SERVER-WEBAPP Cisco Web Security Appliance command injection attempt * 3:57888 <-> OS-OTHER TRUFFLEHUNTER TALOS-2021-1339 attack attempt * 3:57889 <-> OS-OTHER TRUFFLEHUNTER TALOS-2021-1339 attack attempt * 3:57899 <-> OS-OTHER TRUFFLEHUNTER TALOS-2021-1340 attack attempt * 3:57900 <-> OS-OTHER TRUFFLEHUNTER TALOS-2021-1340 attack attempt * 1:57918 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center MibFileServlet File Deletion directory traversal attempt
* 1:108 <-> MALWARE-BACKDOOR QAZ Worm Client Login access * 1:13990 <-> SQL union select - possible sql injection attempt - GET parameter * 1:16426 <-> SERVER-WEBAPP Oracle Java System Web Server 7.0 WebDAV format string exploit attempt - PROPFIND method * 1:195 <-> MALWARE-BACKDOOR DeepThroat 3.1 Server Response * 1:1980 <-> MALWARE-BACKDOOR DeepThroat 3.1 Connection * 1:1981 <-> MALWARE-BACKDOOR DeepThroat 3.1 Connection attempt on port 3150 * 1:1982 <-> MALWARE-BACKDOOR DeepThroat 3.1 Server Response on port 3150 * 1:1983 <-> MALWARE-BACKDOOR DeepThroat 3.1 Connection attempt on port 4120 * 1:1984 <-> MALWARE-BACKDOOR DeepThroat 3.1 Server Response on port 4120 * 1:2100 <-> MALWARE-BACKDOOR SubSeven 2.1 Gold server connection response * 1:44328 <-> SERVER-APACHE Apache Struts freemarker tag OGNL expression injection attempt * 1:45499 <-> SERVER-OTHER ISC DHCPD remote denial of service attempt * 3:57745 <-> OS-OTHER TRUFFLEHUNTER TALOS-2021-1309 attack attempt * 3:57746 <-> OS-OTHER TRUFFLEHUNTER TALOS-2021-1309 attack attempt * 3:57783 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1324 attack attempt * 3:57784 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1324 attack attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.4.0.
The format of the file is:
gid:sid <-> Message
* 3:57829 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1316 attack attempt * 3:57830 <-> FILE-PDF TRUFFLEHUNTER TALOS-2021-1336 attack attempt * 3:57831 <-> FILE-PDF TRUFFLEHUNTER TALOS-2021-1336 attack attempt * 3:57882 <-> SERVER-WEBAPP Cisco Business Process Automation privilege escalation attempt * 3:57883 <-> SERVER-WEBAPP Cisco Business Process Automation privilege escalation attempt * 3:57884 <-> SERVER-WEBAPP Cisco Business Process Automation privilege escalation attempt * 3:57885 <-> SERVER-WEBAPP Cisco Business Process Automation privilege escalation attempt * 3:57886 <-> POLICY-OTHER Cisco Business Process Automation permissions modification detected * 3:57887 <-> SERVER-WEBAPP Cisco Web Security Appliance command injection attempt * 3:57888 <-> OS-OTHER TRUFFLEHUNTER TALOS-2021-1339 attack attempt * 3:57889 <-> OS-OTHER TRUFFLEHUNTER TALOS-2021-1339 attack attempt * 3:57899 <-> OS-OTHER TRUFFLEHUNTER TALOS-2021-1340 attack attempt * 3:57900 <-> OS-OTHER TRUFFLEHUNTER TALOS-2021-1340 attack attempt * 1:57918 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center MibFileServlet File Deletion directory traversal attempt
* 1:108 <-> MALWARE-BACKDOOR QAZ Worm Client Login access * 1:13990 <-> SQL union select - possible sql injection attempt - GET parameter * 1:16426 <-> SERVER-WEBAPP Oracle Java System Web Server 7.0 WebDAV format string exploit attempt - PROPFIND method * 1:195 <-> MALWARE-BACKDOOR DeepThroat 3.1 Server Response * 1:1980 <-> MALWARE-BACKDOOR DeepThroat 3.1 Connection * 1:1981 <-> MALWARE-BACKDOOR DeepThroat 3.1 Connection attempt on port 3150 * 1:1982 <-> MALWARE-BACKDOOR DeepThroat 3.1 Server Response on port 3150 * 1:1983 <-> MALWARE-BACKDOOR DeepThroat 3.1 Connection attempt on port 4120 * 1:1984 <-> MALWARE-BACKDOOR DeepThroat 3.1 Server Response on port 4120 * 1:2100 <-> MALWARE-BACKDOOR SubSeven 2.1 Gold server connection response * 1:44328 <-> SERVER-APACHE Apache Struts freemarker tag OGNL expression injection attempt * 1:45499 <-> SERVER-OTHER ISC DHCPD remote denial of service attempt * 3:57745 <-> OS-OTHER TRUFFLEHUNTER TALOS-2021-1309 attack attempt * 3:57746 <-> OS-OTHER TRUFFLEHUNTER TALOS-2021-1309 attack attempt * 3:57783 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1324 attack attempt * 3:57784 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1324 attack attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.5.0.
The format of the file is:
gid:sid <-> Message
* 3:57829 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1316 attack attempt * 3:57830 <-> FILE-PDF TRUFFLEHUNTER TALOS-2021-1336 attack attempt * 3:57831 <-> FILE-PDF TRUFFLEHUNTER TALOS-2021-1336 attack attempt * 3:57882 <-> SERVER-WEBAPP Cisco Business Process Automation privilege escalation attempt * 3:57883 <-> SERVER-WEBAPP Cisco Business Process Automation privilege escalation attempt * 3:57884 <-> SERVER-WEBAPP Cisco Business Process Automation privilege escalation attempt * 3:57885 <-> SERVER-WEBAPP Cisco Business Process Automation privilege escalation attempt * 3:57886 <-> POLICY-OTHER Cisco Business Process Automation permissions modification detected * 3:57887 <-> SERVER-WEBAPP Cisco Web Security Appliance command injection attempt * 3:57888 <-> OS-OTHER TRUFFLEHUNTER TALOS-2021-1339 attack attempt * 3:57889 <-> OS-OTHER TRUFFLEHUNTER TALOS-2021-1339 attack attempt * 3:57899 <-> OS-OTHER TRUFFLEHUNTER TALOS-2021-1340 attack attempt * 3:57900 <-> OS-OTHER TRUFFLEHUNTER TALOS-2021-1340 attack attempt * 1:57918 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center MibFileServlet File Deletion directory traversal attempt
* 1:108 <-> MALWARE-BACKDOOR QAZ Worm Client Login access * 1:13990 <-> SQL union select - possible sql injection attempt - GET parameter * 1:16426 <-> SERVER-WEBAPP Oracle Java System Web Server 7.0 WebDAV format string exploit attempt - PROPFIND method * 1:195 <-> MALWARE-BACKDOOR DeepThroat 3.1 Server Response * 1:1980 <-> MALWARE-BACKDOOR DeepThroat 3.1 Connection * 1:1981 <-> MALWARE-BACKDOOR DeepThroat 3.1 Connection attempt on port 3150 * 1:1982 <-> MALWARE-BACKDOOR DeepThroat 3.1 Server Response on port 3150 * 1:1983 <-> MALWARE-BACKDOOR DeepThroat 3.1 Connection attempt on port 4120 * 1:1984 <-> MALWARE-BACKDOOR DeepThroat 3.1 Server Response on port 4120 * 1:2100 <-> MALWARE-BACKDOOR SubSeven 2.1 Gold server connection response * 1:44328 <-> SERVER-APACHE Apache Struts freemarker tag OGNL expression injection attempt * 1:45499 <-> SERVER-OTHER ISC DHCPD remote denial of service attempt * 3:57745 <-> OS-OTHER TRUFFLEHUNTER TALOS-2021-1309 attack attempt * 3:57746 <-> OS-OTHER TRUFFLEHUNTER TALOS-2021-1309 attack attempt * 3:57783 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1324 attack attempt * 3:57784 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1324 attack attempt
©2024 Cisco and/or its affiliates. Snort, the Snort and Pig logo are registered trademarks of Cisco. All rights reserved.
