Talos has added and modified multiple rules in the browser-ie, file-other, malware-cnc, malware-other, os-other, os-windows and server-other rule sets to provide coverage for emerging threats from these technologies.
For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091801.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:58174 <-> ENABLED <-> MALWARE-OTHER Asp.Webshell.Cmd download attempt (malware-other.rules) * 1:58175 <-> ENABLED <-> MALWARE-OTHER Asp.Webshell.Cmd download attempt (malware-other.rules) * 1:58177 <-> ENABLED <-> MALWARE-OTHER Asp.Webshell.Cmd upload attempt (malware-other.rules) * 1:58176 <-> ENABLED <-> MALWARE-OTHER Asp.Webshell.Cmd upload attempt (malware-other.rules) * 1:58178 <-> DISABLED <-> MALWARE-OTHER Asp.Webshell.Cmd download attempt (malware-other.rules) * 1:58179 <-> ENABLED <-> MALWARE-OTHER Asp.Webshell.Cmd upload attempt (malware-other.rules) * 1:58180 <-> DISABLED <-> MALWARE-OTHER Jsp.Webshell.Hsxa download attempt (malware-other.rules) * 1:58181 <-> ENABLED <-> MALWARE-OTHER Jsp.Webshell.Hsxa upload attempt (malware-other.rules) * 1:58183 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer MSHTML CTreePos remote code execution attempt (browser-ie.rules) * 1:58184 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer MSHTML CTreePos remote code execution attempt (browser-ie.rules) * 1:58185 <-> DISABLED <-> FILE-OTHER Imagemagick Ghostscript 9.50 remote code execution attempt (file-other.rules) * 1:58186 <-> DISABLED <-> FILE-OTHER Imagemagick Ghostscript 9.50 remote code execution attempt (file-other.rules) * 1:58192 <-> ENABLED <-> OS-OTHER Apple macOS Finder remote code execution inetloc file download attempt (os-other.rules) * 1:58193 <-> ENABLED <-> OS-OTHER Apple macOS Finder remote code execution inetloc file download attempt (os-other.rules) * 1:58194 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Bandidos inbound delivery attempt (malware-other.rules) * 1:58195 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Bandidos inbound delivery attempt (malware-other.rules) * 1:58196 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Common Log File System Driver privilege escalation attempt (os-windows.rules) * 1:58197 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Common Log File System Driver privilege escalation attempt (os-windows.rules) * 1:58198 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Common Log File System Driver privilege escalation attempt (os-windows.rules) * 1:58199 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Common Log File System Driver privilege escalation attempt (os-windows.rules) * 3:58182 <-> ENABLED <-> SERVER-OTHER Cisco IOS XE Software for CBR8 COPS denial of service attempt (server-other.rules) * 3:58187 <-> ENABLED <-> SERVER-OTHER Cisco IOS XE Wireless Controller Software CAPWAP denial of service attempt (server-other.rules) * 3:58188 <-> ENABLED <-> SERVER-OTHER Cisco IOS XE Wireless Controller Software CAPWAP denial of service attempt (server-other.rules) * 3:58189 <-> ENABLED <-> POLICY-OTHER Cisco IOS and IOS XE TrustSec deprecated API access detected (policy-other.rules) * 3:58191 <-> ENABLED <-> SERVER-OTHER Cisco IOS XE Wireless Controller Software CAPWAP denial of service attempt (server-other.rules) * 3:58190 <-> ENABLED <-> POLICY-OTHER Cisco IOS and IOS XE TrustSec deprecated API access detected (policy-other.rules)
* 1:57991 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Bandidos outbound connection attempt (malware-cnc.rules) * 3:58110 <-> ENABLED <-> POLICY-OTHER Cisco BroadWorks administrator account modification detected (policy-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091800.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:58175 <-> ENABLED <-> MALWARE-OTHER Asp.Webshell.Cmd download attempt (malware-other.rules) * 1:58196 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Common Log File System Driver privilege escalation attempt (os-windows.rules) * 1:58197 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Common Log File System Driver privilege escalation attempt (os-windows.rules) * 1:58181 <-> ENABLED <-> MALWARE-OTHER Jsp.Webshell.Hsxa upload attempt (malware-other.rules) * 1:58177 <-> ENABLED <-> MALWARE-OTHER Asp.Webshell.Cmd upload attempt (malware-other.rules) * 1:58176 <-> ENABLED <-> MALWARE-OTHER Asp.Webshell.Cmd upload attempt (malware-other.rules) * 1:58180 <-> DISABLED <-> MALWARE-OTHER Jsp.Webshell.Hsxa download attempt (malware-other.rules) * 1:58183 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer MSHTML CTreePos remote code execution attempt (browser-ie.rules) * 1:58179 <-> ENABLED <-> MALWARE-OTHER Asp.Webshell.Cmd upload attempt (malware-other.rules) * 1:58184 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer MSHTML CTreePos remote code execution attempt (browser-ie.rules) * 1:58185 <-> DISABLED <-> FILE-OTHER Imagemagick Ghostscript 9.50 remote code execution attempt (file-other.rules) * 1:58186 <-> DISABLED <-> FILE-OTHER Imagemagick Ghostscript 9.50 remote code execution attempt (file-other.rules) * 1:58192 <-> ENABLED <-> OS-OTHER Apple macOS Finder remote code execution inetloc file download attempt (os-other.rules) * 1:58193 <-> ENABLED <-> OS-OTHER Apple macOS Finder remote code execution inetloc file download attempt (os-other.rules) * 1:58178 <-> DISABLED <-> MALWARE-OTHER Asp.Webshell.Cmd download attempt (malware-other.rules) * 1:58174 <-> ENABLED <-> MALWARE-OTHER Asp.Webshell.Cmd download attempt (malware-other.rules) * 1:58198 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Common Log File System Driver privilege escalation attempt (os-windows.rules) * 1:58199 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Common Log File System Driver privilege escalation attempt (os-windows.rules) * 1:58194 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Bandidos inbound delivery attempt (malware-other.rules) * 1:58195 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Bandidos inbound delivery attempt (malware-other.rules) * 3:58182 <-> ENABLED <-> SERVER-OTHER Cisco IOS XE Software for CBR8 COPS denial of service attempt (server-other.rules) * 3:58188 <-> ENABLED <-> SERVER-OTHER Cisco IOS XE Wireless Controller Software CAPWAP denial of service attempt (server-other.rules) * 3:58187 <-> ENABLED <-> SERVER-OTHER Cisco IOS XE Wireless Controller Software CAPWAP denial of service attempt (server-other.rules) * 3:58190 <-> ENABLED <-> POLICY-OTHER Cisco IOS and IOS XE TrustSec deprecated API access detected (policy-other.rules) * 3:58189 <-> ENABLED <-> POLICY-OTHER Cisco IOS and IOS XE TrustSec deprecated API access detected (policy-other.rules) * 3:58191 <-> ENABLED <-> SERVER-OTHER Cisco IOS XE Wireless Controller Software CAPWAP denial of service attempt (server-other.rules)
* 1:57991 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Bandidos outbound connection attempt (malware-cnc.rules) * 3:58110 <-> ENABLED <-> POLICY-OTHER Cisco BroadWorks administrator account modification detected (policy-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091701.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:58196 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Common Log File System Driver privilege escalation attempt (os-windows.rules) * 1:58195 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Bandidos inbound delivery attempt (malware-other.rules) * 1:58180 <-> DISABLED <-> MALWARE-OTHER Jsp.Webshell.Hsxa download attempt (malware-other.rules) * 1:58174 <-> ENABLED <-> MALWARE-OTHER Asp.Webshell.Cmd download attempt (malware-other.rules) * 1:58176 <-> ENABLED <-> MALWARE-OTHER Asp.Webshell.Cmd upload attempt (malware-other.rules) * 1:58175 <-> ENABLED <-> MALWARE-OTHER Asp.Webshell.Cmd download attempt (malware-other.rules) * 1:58194 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Bandidos inbound delivery attempt (malware-other.rules) * 1:58198 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Common Log File System Driver privilege escalation attempt (os-windows.rules) * 1:58199 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Common Log File System Driver privilege escalation attempt (os-windows.rules) * 1:58181 <-> ENABLED <-> MALWARE-OTHER Jsp.Webshell.Hsxa upload attempt (malware-other.rules) * 1:58183 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer MSHTML CTreePos remote code execution attempt (browser-ie.rules) * 1:58184 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer MSHTML CTreePos remote code execution attempt (browser-ie.rules) * 1:58185 <-> DISABLED <-> FILE-OTHER Imagemagick Ghostscript 9.50 remote code execution attempt (file-other.rules) * 1:58186 <-> DISABLED <-> FILE-OTHER Imagemagick Ghostscript 9.50 remote code execution attempt (file-other.rules) * 1:58192 <-> ENABLED <-> OS-OTHER Apple macOS Finder remote code execution inetloc file download attempt (os-other.rules) * 1:58178 <-> DISABLED <-> MALWARE-OTHER Asp.Webshell.Cmd download attempt (malware-other.rules) * 1:58193 <-> ENABLED <-> OS-OTHER Apple macOS Finder remote code execution inetloc file download attempt (os-other.rules) * 1:58197 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Common Log File System Driver privilege escalation attempt (os-windows.rules) * 1:58179 <-> ENABLED <-> MALWARE-OTHER Asp.Webshell.Cmd upload attempt (malware-other.rules) * 1:58177 <-> ENABLED <-> MALWARE-OTHER Asp.Webshell.Cmd upload attempt (malware-other.rules) * 3:58182 <-> ENABLED <-> SERVER-OTHER Cisco IOS XE Software for CBR8 COPS denial of service attempt (server-other.rules) * 3:58188 <-> ENABLED <-> SERVER-OTHER Cisco IOS XE Wireless Controller Software CAPWAP denial of service attempt (server-other.rules) * 3:58190 <-> ENABLED <-> POLICY-OTHER Cisco IOS and IOS XE TrustSec deprecated API access detected (policy-other.rules) * 3:58189 <-> ENABLED <-> POLICY-OTHER Cisco IOS and IOS XE TrustSec deprecated API access detected (policy-other.rules) * 3:58187 <-> ENABLED <-> SERVER-OTHER Cisco IOS XE Wireless Controller Software CAPWAP denial of service attempt (server-other.rules) * 3:58191 <-> ENABLED <-> SERVER-OTHER Cisco IOS XE Wireless Controller Software CAPWAP denial of service attempt (server-other.rules)
* 1:57991 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Bandidos outbound connection attempt (malware-cnc.rules) * 3:58110 <-> ENABLED <-> POLICY-OTHER Cisco BroadWorks administrator account modification detected (policy-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091700.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:58180 <-> DISABLED <-> MALWARE-OTHER Jsp.Webshell.Hsxa download attempt (malware-other.rules) * 1:58193 <-> ENABLED <-> OS-OTHER Apple macOS Finder remote code execution inetloc file download attempt (os-other.rules) * 1:58181 <-> ENABLED <-> MALWARE-OTHER Jsp.Webshell.Hsxa upload attempt (malware-other.rules) * 1:58199 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Common Log File System Driver privilege escalation attempt (os-windows.rules) * 1:58178 <-> DISABLED <-> MALWARE-OTHER Asp.Webshell.Cmd download attempt (malware-other.rules) * 1:58174 <-> ENABLED <-> MALWARE-OTHER Asp.Webshell.Cmd download attempt (malware-other.rules) * 1:58198 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Common Log File System Driver privilege escalation attempt (os-windows.rules) * 1:58197 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Common Log File System Driver privilege escalation attempt (os-windows.rules) * 1:58194 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Bandidos inbound delivery attempt (malware-other.rules) * 1:58183 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer MSHTML CTreePos remote code execution attempt (browser-ie.rules) * 1:58184 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer MSHTML CTreePos remote code execution attempt (browser-ie.rules) * 1:58185 <-> DISABLED <-> FILE-OTHER Imagemagick Ghostscript 9.50 remote code execution attempt (file-other.rules) * 1:58186 <-> DISABLED <-> FILE-OTHER Imagemagick Ghostscript 9.50 remote code execution attempt (file-other.rules) * 1:58175 <-> ENABLED <-> MALWARE-OTHER Asp.Webshell.Cmd download attempt (malware-other.rules) * 1:58192 <-> ENABLED <-> OS-OTHER Apple macOS Finder remote code execution inetloc file download attempt (os-other.rules) * 1:58179 <-> ENABLED <-> MALWARE-OTHER Asp.Webshell.Cmd upload attempt (malware-other.rules) * 1:58177 <-> ENABLED <-> MALWARE-OTHER Asp.Webshell.Cmd upload attempt (malware-other.rules) * 1:58196 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Common Log File System Driver privilege escalation attempt (os-windows.rules) * 1:58176 <-> ENABLED <-> MALWARE-OTHER Asp.Webshell.Cmd upload attempt (malware-other.rules) * 1:58195 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Bandidos inbound delivery attempt (malware-other.rules) * 3:58182 <-> ENABLED <-> SERVER-OTHER Cisco IOS XE Software for CBR8 COPS denial of service attempt (server-other.rules) * 3:58188 <-> ENABLED <-> SERVER-OTHER Cisco IOS XE Wireless Controller Software CAPWAP denial of service attempt (server-other.rules) * 3:58190 <-> ENABLED <-> POLICY-OTHER Cisco IOS and IOS XE TrustSec deprecated API access detected (policy-other.rules) * 3:58187 <-> ENABLED <-> SERVER-OTHER Cisco IOS XE Wireless Controller Software CAPWAP denial of service attempt (server-other.rules) * 3:58189 <-> ENABLED <-> POLICY-OTHER Cisco IOS and IOS XE TrustSec deprecated API access detected (policy-other.rules) * 3:58191 <-> ENABLED <-> SERVER-OTHER Cisco IOS XE Wireless Controller Software CAPWAP denial of service attempt (server-other.rules)
* 1:57991 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Bandidos outbound connection attempt (malware-cnc.rules) * 3:58110 <-> ENABLED <-> POLICY-OTHER Cisco BroadWorks administrator account modification detected (policy-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091601.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:58184 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer MSHTML CTreePos remote code execution attempt (browser-ie.rules) * 1:58174 <-> ENABLED <-> MALWARE-OTHER Asp.Webshell.Cmd download attempt (malware-other.rules) * 1:58177 <-> ENABLED <-> MALWARE-OTHER Asp.Webshell.Cmd upload attempt (malware-other.rules) * 1:58199 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Common Log File System Driver privilege escalation attempt (os-windows.rules) * 1:58179 <-> ENABLED <-> MALWARE-OTHER Asp.Webshell.Cmd upload attempt (malware-other.rules) * 1:58181 <-> ENABLED <-> MALWARE-OTHER Jsp.Webshell.Hsxa upload attempt (malware-other.rules) * 1:58196 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Common Log File System Driver privilege escalation attempt (os-windows.rules) * 1:58185 <-> DISABLED <-> FILE-OTHER Imagemagick Ghostscript 9.50 remote code execution attempt (file-other.rules) * 1:58186 <-> DISABLED <-> FILE-OTHER Imagemagick Ghostscript 9.50 remote code execution attempt (file-other.rules) * 1:58192 <-> ENABLED <-> OS-OTHER Apple macOS Finder remote code execution inetloc file download attempt (os-other.rules) * 1:58193 <-> ENABLED <-> OS-OTHER Apple macOS Finder remote code execution inetloc file download attempt (os-other.rules) * 1:58183 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer MSHTML CTreePos remote code execution attempt (browser-ie.rules) * 1:58194 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Bandidos inbound delivery attempt (malware-other.rules) * 1:58197 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Common Log File System Driver privilege escalation attempt (os-windows.rules) * 1:58175 <-> ENABLED <-> MALWARE-OTHER Asp.Webshell.Cmd download attempt (malware-other.rules) * 1:58195 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Bandidos inbound delivery attempt (malware-other.rules) * 1:58180 <-> DISABLED <-> MALWARE-OTHER Jsp.Webshell.Hsxa download attempt (malware-other.rules) * 1:58178 <-> DISABLED <-> MALWARE-OTHER Asp.Webshell.Cmd download attempt (malware-other.rules) * 1:58176 <-> ENABLED <-> MALWARE-OTHER Asp.Webshell.Cmd upload attempt (malware-other.rules) * 1:58198 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Common Log File System Driver privilege escalation attempt (os-windows.rules) * 3:58188 <-> ENABLED <-> SERVER-OTHER Cisco IOS XE Wireless Controller Software CAPWAP denial of service attempt (server-other.rules) * 3:58182 <-> ENABLED <-> SERVER-OTHER Cisco IOS XE Software for CBR8 COPS denial of service attempt (server-other.rules) * 3:58190 <-> ENABLED <-> POLICY-OTHER Cisco IOS and IOS XE TrustSec deprecated API access detected (policy-other.rules) * 3:58187 <-> ENABLED <-> SERVER-OTHER Cisco IOS XE Wireless Controller Software CAPWAP denial of service attempt (server-other.rules) * 3:58189 <-> ENABLED <-> POLICY-OTHER Cisco IOS and IOS XE TrustSec deprecated API access detected (policy-other.rules) * 3:58191 <-> ENABLED <-> SERVER-OTHER Cisco IOS XE Wireless Controller Software CAPWAP denial of service attempt (server-other.rules)
* 1:57991 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Bandidos outbound connection attempt (malware-cnc.rules) * 3:58110 <-> ENABLED <-> POLICY-OTHER Cisco BroadWorks administrator account modification detected (policy-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091600.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:58176 <-> ENABLED <-> MALWARE-OTHER Asp.Webshell.Cmd upload attempt (malware-other.rules) * 1:58174 <-> ENABLED <-> MALWARE-OTHER Asp.Webshell.Cmd download attempt (malware-other.rules) * 1:58198 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Common Log File System Driver privilege escalation attempt (os-windows.rules) * 1:58185 <-> DISABLED <-> FILE-OTHER Imagemagick Ghostscript 9.50 remote code execution attempt (file-other.rules) * 1:58197 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Common Log File System Driver privilege escalation attempt (os-windows.rules) * 1:58192 <-> ENABLED <-> OS-OTHER Apple macOS Finder remote code execution inetloc file download attempt (os-other.rules) * 1:58193 <-> ENABLED <-> OS-OTHER Apple macOS Finder remote code execution inetloc file download attempt (os-other.rules) * 1:58199 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Common Log File System Driver privilege escalation attempt (os-windows.rules) * 1:58175 <-> ENABLED <-> MALWARE-OTHER Asp.Webshell.Cmd download attempt (malware-other.rules) * 1:58184 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer MSHTML CTreePos remote code execution attempt (browser-ie.rules) * 1:58183 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer MSHTML CTreePos remote code execution attempt (browser-ie.rules) * 1:58186 <-> DISABLED <-> FILE-OTHER Imagemagick Ghostscript 9.50 remote code execution attempt (file-other.rules) * 1:58178 <-> DISABLED <-> MALWARE-OTHER Asp.Webshell.Cmd download attempt (malware-other.rules) * 1:58196 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Common Log File System Driver privilege escalation attempt (os-windows.rules) * 1:58194 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Bandidos inbound delivery attempt (malware-other.rules) * 1:58179 <-> ENABLED <-> MALWARE-OTHER Asp.Webshell.Cmd upload attempt (malware-other.rules) * 1:58177 <-> ENABLED <-> MALWARE-OTHER Asp.Webshell.Cmd upload attempt (malware-other.rules) * 1:58181 <-> ENABLED <-> MALWARE-OTHER Jsp.Webshell.Hsxa upload attempt (malware-other.rules) * 1:58180 <-> DISABLED <-> MALWARE-OTHER Jsp.Webshell.Hsxa download attempt (malware-other.rules) * 1:58195 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Bandidos inbound delivery attempt (malware-other.rules) * 3:58187 <-> ENABLED <-> SERVER-OTHER Cisco IOS XE Wireless Controller Software CAPWAP denial of service attempt (server-other.rules) * 3:58189 <-> ENABLED <-> POLICY-OTHER Cisco IOS and IOS XE TrustSec deprecated API access detected (policy-other.rules) * 3:58191 <-> ENABLED <-> SERVER-OTHER Cisco IOS XE Wireless Controller Software CAPWAP denial of service attempt (server-other.rules) * 3:58182 <-> ENABLED <-> SERVER-OTHER Cisco IOS XE Software for CBR8 COPS denial of service attempt (server-other.rules) * 3:58188 <-> ENABLED <-> SERVER-OTHER Cisco IOS XE Wireless Controller Software CAPWAP denial of service attempt (server-other.rules) * 3:58190 <-> ENABLED <-> POLICY-OTHER Cisco IOS and IOS XE TrustSec deprecated API access detected (policy-other.rules)
* 1:57991 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Bandidos outbound connection attempt (malware-cnc.rules) * 3:58110 <-> ENABLED <-> POLICY-OTHER Cisco BroadWorks administrator account modification detected (policy-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091501.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:58195 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Bandidos inbound delivery attempt (malware-other.rules) * 1:58194 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Bandidos inbound delivery attempt (malware-other.rules) * 1:58196 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Common Log File System Driver privilege escalation attempt (os-windows.rules) * 1:58181 <-> ENABLED <-> MALWARE-OTHER Jsp.Webshell.Hsxa upload attempt (malware-other.rules) * 1:58198 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Common Log File System Driver privilege escalation attempt (os-windows.rules) * 1:58177 <-> ENABLED <-> MALWARE-OTHER Asp.Webshell.Cmd upload attempt (malware-other.rules) * 1:58183 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer MSHTML CTreePos remote code execution attempt (browser-ie.rules) * 1:58186 <-> DISABLED <-> FILE-OTHER Imagemagick Ghostscript 9.50 remote code execution attempt (file-other.rules) * 1:58193 <-> ENABLED <-> OS-OTHER Apple macOS Finder remote code execution inetloc file download attempt (os-other.rules) * 1:58185 <-> DISABLED <-> FILE-OTHER Imagemagick Ghostscript 9.50 remote code execution attempt (file-other.rules) * 1:58192 <-> ENABLED <-> OS-OTHER Apple macOS Finder remote code execution inetloc file download attempt (os-other.rules) * 1:58178 <-> DISABLED <-> MALWARE-OTHER Asp.Webshell.Cmd download attempt (malware-other.rules) * 1:58197 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Common Log File System Driver privilege escalation attempt (os-windows.rules) * 1:58175 <-> ENABLED <-> MALWARE-OTHER Asp.Webshell.Cmd download attempt (malware-other.rules) * 1:58180 <-> DISABLED <-> MALWARE-OTHER Jsp.Webshell.Hsxa download attempt (malware-other.rules) * 1:58199 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Common Log File System Driver privilege escalation attempt (os-windows.rules) * 1:58179 <-> ENABLED <-> MALWARE-OTHER Asp.Webshell.Cmd upload attempt (malware-other.rules) * 1:58176 <-> ENABLED <-> MALWARE-OTHER Asp.Webshell.Cmd upload attempt (malware-other.rules) * 1:58174 <-> ENABLED <-> MALWARE-OTHER Asp.Webshell.Cmd download attempt (malware-other.rules) * 1:58184 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer MSHTML CTreePos remote code execution attempt (browser-ie.rules) * 3:58188 <-> ENABLED <-> SERVER-OTHER Cisco IOS XE Wireless Controller Software CAPWAP denial of service attempt (server-other.rules) * 3:58182 <-> ENABLED <-> SERVER-OTHER Cisco IOS XE Software for CBR8 COPS denial of service attempt (server-other.rules) * 3:58191 <-> ENABLED <-> SERVER-OTHER Cisco IOS XE Wireless Controller Software CAPWAP denial of service attempt (server-other.rules) * 3:58187 <-> ENABLED <-> SERVER-OTHER Cisco IOS XE Wireless Controller Software CAPWAP denial of service attempt (server-other.rules) * 3:58189 <-> ENABLED <-> POLICY-OTHER Cisco IOS and IOS XE TrustSec deprecated API access detected (policy-other.rules) * 3:58190 <-> ENABLED <-> POLICY-OTHER Cisco IOS and IOS XE TrustSec deprecated API access detected (policy-other.rules)
* 1:57991 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Bandidos outbound connection attempt (malware-cnc.rules) * 3:58110 <-> ENABLED <-> POLICY-OTHER Cisco BroadWorks administrator account modification detected (policy-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091401.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:58195 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Bandidos inbound delivery attempt (malware-other.rules) * 1:58178 <-> DISABLED <-> MALWARE-OTHER Asp.Webshell.Cmd download attempt (malware-other.rules) * 1:58196 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Common Log File System Driver privilege escalation attempt (os-windows.rules) * 1:58194 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Bandidos inbound delivery attempt (malware-other.rules) * 1:58199 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Common Log File System Driver privilege escalation attempt (os-windows.rules) * 1:58180 <-> DISABLED <-> MALWARE-OTHER Jsp.Webshell.Hsxa download attempt (malware-other.rules) * 1:58181 <-> ENABLED <-> MALWARE-OTHER Jsp.Webshell.Hsxa upload attempt (malware-other.rules) * 1:58175 <-> ENABLED <-> MALWARE-OTHER Asp.Webshell.Cmd download attempt (malware-other.rules) * 1:58174 <-> ENABLED <-> MALWARE-OTHER Asp.Webshell.Cmd download attempt (malware-other.rules) * 1:58193 <-> ENABLED <-> OS-OTHER Apple macOS Finder remote code execution inetloc file download attempt (os-other.rules) * 1:58183 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer MSHTML CTreePos remote code execution attempt (browser-ie.rules) * 1:58184 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer MSHTML CTreePos remote code execution attempt (browser-ie.rules) * 1:58197 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Common Log File System Driver privilege escalation attempt (os-windows.rules) * 1:58185 <-> DISABLED <-> FILE-OTHER Imagemagick Ghostscript 9.50 remote code execution attempt (file-other.rules) * 1:58177 <-> ENABLED <-> MALWARE-OTHER Asp.Webshell.Cmd upload attempt (malware-other.rules) * 1:58186 <-> DISABLED <-> FILE-OTHER Imagemagick Ghostscript 9.50 remote code execution attempt (file-other.rules) * 1:58192 <-> ENABLED <-> OS-OTHER Apple macOS Finder remote code execution inetloc file download attempt (os-other.rules) * 1:58198 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Common Log File System Driver privilege escalation attempt (os-windows.rules) * 1:58176 <-> ENABLED <-> MALWARE-OTHER Asp.Webshell.Cmd upload attempt (malware-other.rules) * 1:58179 <-> ENABLED <-> MALWARE-OTHER Asp.Webshell.Cmd upload attempt (malware-other.rules) * 3:58188 <-> ENABLED <-> SERVER-OTHER Cisco IOS XE Wireless Controller Software CAPWAP denial of service attempt (server-other.rules) * 3:58187 <-> ENABLED <-> SERVER-OTHER Cisco IOS XE Wireless Controller Software CAPWAP denial of service attempt (server-other.rules) * 3:58191 <-> ENABLED <-> SERVER-OTHER Cisco IOS XE Wireless Controller Software CAPWAP denial of service attempt (server-other.rules) * 3:58190 <-> ENABLED <-> POLICY-OTHER Cisco IOS and IOS XE TrustSec deprecated API access detected (policy-other.rules) * 3:58189 <-> ENABLED <-> POLICY-OTHER Cisco IOS and IOS XE TrustSec deprecated API access detected (policy-other.rules) * 3:58182 <-> ENABLED <-> SERVER-OTHER Cisco IOS XE Software for CBR8 COPS denial of service attempt (server-other.rules)
* 1:57991 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Bandidos outbound connection attempt (malware-cnc.rules) * 3:58110 <-> ENABLED <-> POLICY-OTHER Cisco BroadWorks administrator account modification detected (policy-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091300.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:58192 <-> ENABLED <-> OS-OTHER Apple macOS Finder remote code execution inetloc file download attempt (os-other.rules) * 1:58176 <-> ENABLED <-> MALWARE-OTHER Asp.Webshell.Cmd upload attempt (malware-other.rules) * 1:58175 <-> ENABLED <-> MALWARE-OTHER Asp.Webshell.Cmd download attempt (malware-other.rules) * 1:58193 <-> ENABLED <-> OS-OTHER Apple macOS Finder remote code execution inetloc file download attempt (os-other.rules) * 1:58174 <-> ENABLED <-> MALWARE-OTHER Asp.Webshell.Cmd download attempt (malware-other.rules) * 1:58196 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Common Log File System Driver privilege escalation attempt (os-windows.rules) * 1:58179 <-> ENABLED <-> MALWARE-OTHER Asp.Webshell.Cmd upload attempt (malware-other.rules) * 1:58183 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer MSHTML CTreePos remote code execution attempt (browser-ie.rules) * 1:58195 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Bandidos inbound delivery attempt (malware-other.rules) * 1:58177 <-> ENABLED <-> MALWARE-OTHER Asp.Webshell.Cmd upload attempt (malware-other.rules) * 1:58181 <-> ENABLED <-> MALWARE-OTHER Jsp.Webshell.Hsxa upload attempt (malware-other.rules) * 1:58184 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer MSHTML CTreePos remote code execution attempt (browser-ie.rules) * 1:58185 <-> DISABLED <-> FILE-OTHER Imagemagick Ghostscript 9.50 remote code execution attempt (file-other.rules) * 1:58178 <-> DISABLED <-> MALWARE-OTHER Asp.Webshell.Cmd download attempt (malware-other.rules) * 1:58180 <-> DISABLED <-> MALWARE-OTHER Jsp.Webshell.Hsxa download attempt (malware-other.rules) * 1:58194 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Bandidos inbound delivery attempt (malware-other.rules) * 1:58198 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Common Log File System Driver privilege escalation attempt (os-windows.rules) * 1:58197 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Common Log File System Driver privilege escalation attempt (os-windows.rules) * 1:58186 <-> DISABLED <-> FILE-OTHER Imagemagick Ghostscript 9.50 remote code execution attempt (file-other.rules) * 1:58199 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Common Log File System Driver privilege escalation attempt (os-windows.rules) * 3:58189 <-> ENABLED <-> POLICY-OTHER Cisco IOS and IOS XE TrustSec deprecated API access detected (policy-other.rules) * 3:58188 <-> ENABLED <-> SERVER-OTHER Cisco IOS XE Wireless Controller Software CAPWAP denial of service attempt (server-other.rules) * 3:58190 <-> ENABLED <-> POLICY-OTHER Cisco IOS and IOS XE TrustSec deprecated API access detected (policy-other.rules) * 3:58191 <-> ENABLED <-> SERVER-OTHER Cisco IOS XE Wireless Controller Software CAPWAP denial of service attempt (server-other.rules) * 3:58187 <-> ENABLED <-> SERVER-OTHER Cisco IOS XE Wireless Controller Software CAPWAP denial of service attempt (server-other.rules) * 3:58182 <-> ENABLED <-> SERVER-OTHER Cisco IOS XE Software for CBR8 COPS denial of service attempt (server-other.rules)
* 1:57991 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Bandidos outbound connection attempt (malware-cnc.rules) * 3:58110 <-> ENABLED <-> POLICY-OTHER Cisco BroadWorks administrator account modification detected (policy-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091101.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:58186 <-> DISABLED <-> FILE-OTHER Imagemagick Ghostscript 9.50 remote code execution attempt (file-other.rules) * 1:58196 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Common Log File System Driver privilege escalation attempt (os-windows.rules) * 1:58176 <-> ENABLED <-> MALWARE-OTHER Asp.Webshell.Cmd upload attempt (malware-other.rules) * 1:58197 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Common Log File System Driver privilege escalation attempt (os-windows.rules) * 1:58177 <-> ENABLED <-> MALWARE-OTHER Asp.Webshell.Cmd upload attempt (malware-other.rules) * 1:58174 <-> ENABLED <-> MALWARE-OTHER Asp.Webshell.Cmd download attempt (malware-other.rules) * 1:58198 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Common Log File System Driver privilege escalation attempt (os-windows.rules) * 1:58185 <-> DISABLED <-> FILE-OTHER Imagemagick Ghostscript 9.50 remote code execution attempt (file-other.rules) * 1:58181 <-> ENABLED <-> MALWARE-OTHER Jsp.Webshell.Hsxa upload attempt (malware-other.rules) * 1:58178 <-> DISABLED <-> MALWARE-OTHER Asp.Webshell.Cmd download attempt (malware-other.rules) * 1:58184 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer MSHTML CTreePos remote code execution attempt (browser-ie.rules) * 1:58179 <-> ENABLED <-> MALWARE-OTHER Asp.Webshell.Cmd upload attempt (malware-other.rules) * 1:58192 <-> ENABLED <-> OS-OTHER Apple macOS Finder remote code execution inetloc file download attempt (os-other.rules) * 1:58194 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Bandidos inbound delivery attempt (malware-other.rules) * 1:58175 <-> ENABLED <-> MALWARE-OTHER Asp.Webshell.Cmd download attempt (malware-other.rules) * 1:58183 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer MSHTML CTreePos remote code execution attempt (browser-ie.rules) * 1:58195 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Bandidos inbound delivery attempt (malware-other.rules) * 1:58180 <-> DISABLED <-> MALWARE-OTHER Jsp.Webshell.Hsxa download attempt (malware-other.rules) * 1:58199 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Common Log File System Driver privilege escalation attempt (os-windows.rules) * 1:58193 <-> ENABLED <-> OS-OTHER Apple macOS Finder remote code execution inetloc file download attempt (os-other.rules) * 3:58191 <-> ENABLED <-> SERVER-OTHER Cisco IOS XE Wireless Controller Software CAPWAP denial of service attempt (server-other.rules) * 3:58188 <-> ENABLED <-> SERVER-OTHER Cisco IOS XE Wireless Controller Software CAPWAP denial of service attempt (server-other.rules) * 3:58182 <-> ENABLED <-> SERVER-OTHER Cisco IOS XE Software for CBR8 COPS denial of service attempt (server-other.rules) * 3:58187 <-> ENABLED <-> SERVER-OTHER Cisco IOS XE Wireless Controller Software CAPWAP denial of service attempt (server-other.rules) * 3:58190 <-> ENABLED <-> POLICY-OTHER Cisco IOS and IOS XE TrustSec deprecated API access detected (policy-other.rules) * 3:58189 <-> ENABLED <-> POLICY-OTHER Cisco IOS and IOS XE TrustSec deprecated API access detected (policy-other.rules)
* 1:57991 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Bandidos outbound connection attempt (malware-cnc.rules) * 3:58110 <-> ENABLED <-> POLICY-OTHER Cisco BroadWorks administrator account modification detected (policy-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3000.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:58180 <-> DISABLED <-> MALWARE-OTHER Jsp.Webshell.Hsxa download attempt (snort3-malware-other.rules) * 1:58184 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer MSHTML CTreePos remote code execution attempt (snort3-browser-ie.rules) * 1:58179 <-> ENABLED <-> MALWARE-OTHER Asp.Webshell.Cmd upload attempt (snort3-malware-other.rules) * 1:58176 <-> ENABLED <-> MALWARE-OTHER Asp.Webshell.Cmd upload attempt (snort3-malware-other.rules) * 1:58186 <-> DISABLED <-> FILE-OTHER Imagemagick Ghostscript 9.50 remote code execution attempt (snort3-file-other.rules) * 1:58174 <-> ENABLED <-> MALWARE-OTHER Asp.Webshell.Cmd download attempt (snort3-malware-other.rules) * 1:58192 <-> ENABLED <-> OS-OTHER Apple macOS Finder remote code execution inetloc file download attempt (snort3-os-other.rules) * 1:58193 <-> ENABLED <-> OS-OTHER Apple macOS Finder remote code execution inetloc file download attempt (snort3-os-other.rules) * 1:58183 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer MSHTML CTreePos remote code execution attempt (snort3-browser-ie.rules) * 1:58199 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Common Log File System Driver privilege escalation attempt (snort3-os-windows.rules) * 1:58198 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Common Log File System Driver privilege escalation attempt (snort3-os-windows.rules) * 1:58194 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Bandidos inbound delivery attempt (snort3-malware-other.rules) * 1:58175 <-> ENABLED <-> MALWARE-OTHER Asp.Webshell.Cmd download attempt (snort3-malware-other.rules) * 1:58181 <-> ENABLED <-> MALWARE-OTHER Jsp.Webshell.Hsxa upload attempt (snort3-malware-other.rules) * 1:58177 <-> ENABLED <-> MALWARE-OTHER Asp.Webshell.Cmd upload attempt (snort3-malware-other.rules) * 1:58195 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Bandidos inbound delivery attempt (snort3-malware-other.rules) * 1:58185 <-> DISABLED <-> FILE-OTHER Imagemagick Ghostscript 9.50 remote code execution attempt (snort3-file-other.rules) * 1:58196 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Common Log File System Driver privilege escalation attempt (snort3-os-windows.rules) * 1:58197 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Common Log File System Driver privilege escalation attempt (snort3-os-windows.rules) * 1:58178 <-> DISABLED <-> MALWARE-OTHER Asp.Webshell.Cmd download attempt (snort3-malware-other.rules)
* 1:57991 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Bandidos outbound connection attempt (snort3-malware-cnc.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:58195 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Bandidos inbound delivery attempt (malware-other.rules) * 1:58197 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Common Log File System Driver privilege escalation attempt (os-windows.rules) * 1:58175 <-> ENABLED <-> MALWARE-OTHER Asp.Webshell.Cmd download attempt (malware-other.rules) * 1:58174 <-> ENABLED <-> MALWARE-OTHER Asp.Webshell.Cmd download attempt (malware-other.rules) * 1:58176 <-> ENABLED <-> MALWARE-OTHER Asp.Webshell.Cmd upload attempt (malware-other.rules) * 1:58177 <-> ENABLED <-> MALWARE-OTHER Asp.Webshell.Cmd upload attempt (malware-other.rules) * 1:58198 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Common Log File System Driver privilege escalation attempt (os-windows.rules) * 1:58178 <-> DISABLED <-> MALWARE-OTHER Asp.Webshell.Cmd download attempt (malware-other.rules) * 1:58179 <-> ENABLED <-> MALWARE-OTHER Asp.Webshell.Cmd upload attempt (malware-other.rules) * 1:58180 <-> DISABLED <-> MALWARE-OTHER Jsp.Webshell.Hsxa download attempt (malware-other.rules) * 1:58181 <-> ENABLED <-> MALWARE-OTHER Jsp.Webshell.Hsxa upload attempt (malware-other.rules) * 1:58183 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer MSHTML CTreePos remote code execution attempt (browser-ie.rules) * 1:58184 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer MSHTML CTreePos remote code execution attempt (browser-ie.rules) * 1:58185 <-> DISABLED <-> FILE-OTHER Imagemagick Ghostscript 9.50 remote code execution attempt (file-other.rules) * 1:58194 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Bandidos inbound delivery attempt (malware-other.rules) * 1:58186 <-> DISABLED <-> FILE-OTHER Imagemagick Ghostscript 9.50 remote code execution attempt (file-other.rules) * 1:58192 <-> ENABLED <-> OS-OTHER Apple macOS Finder remote code execution inetloc file download attempt (os-other.rules) * 1:58193 <-> ENABLED <-> OS-OTHER Apple macOS Finder remote code execution inetloc file download attempt (os-other.rules) * 1:58199 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Common Log File System Driver privilege escalation attempt (os-windows.rules) * 1:58196 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Common Log File System Driver privilege escalation attempt (os-windows.rules)
* 1:57991 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Bandidos outbound connection attempt (malware-cnc.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.0.3.1.
The format of the file is:
gid:sid <-> Message
* 1:58174 <-> MALWARE-OTHER Asp.Webshell.Cmd download attempt * 1:58175 <-> MALWARE-OTHER Asp.Webshell.Cmd download attempt * 1:58176 <-> MALWARE-OTHER Asp.Webshell.Cmd upload attempt * 1:58177 <-> MALWARE-OTHER Asp.Webshell.Cmd upload attempt * 1:58178 <-> MALWARE-OTHER Asp.Webshell.Cmd download attempt * 1:58179 <-> MALWARE-OTHER Asp.Webshell.Cmd upload attempt * 1:58180 <-> MALWARE-OTHER Jsp.Webshell.Hsxa download attempt * 1:58181 <-> MALWARE-OTHER Jsp.Webshell.Hsxa upload attempt * 3:58182 <-> SERVER-OTHER Cisco IOS XE Software for CBR8 COPS denial of service attempt * 1:58183 <-> BROWSER-IE Microsoft Internet Explorer MSHTML CTreePos remote code execution attempt * 1:58184 <-> BROWSER-IE Microsoft Internet Explorer MSHTML CTreePos remote code execution attempt * 1:58185 <-> FILE-OTHER Imagemagick Ghostscript 9.50 remote code execution attempt * 1:58186 <-> FILE-OTHER Imagemagick Ghostscript 9.50 remote code execution attempt * 3:58187 <-> SERVER-OTHER Cisco IOS XE Wireless Controller Software CAPWAP denial of service attempt * 3:58188 <-> SERVER-OTHER Cisco IOS XE Wireless Controller Software CAPWAP denial of service attempt * 3:58189 <-> POLICY-OTHER Cisco IOS and IOS XE TrustSec deprecated API access detected * 3:58190 <-> POLICY-OTHER Cisco IOS and IOS XE TrustSec deprecated API access detected * 3:58191 <-> SERVER-OTHER Cisco IOS XE Wireless Controller Software CAPWAP denial of service attempt * 1:58192 <-> OS-OTHER Apple macOS Finder remote code execution inetloc file download attempt * 1:58193 <-> OS-OTHER Apple macOS Finder remote code execution inetloc file download attempt * 1:58194 <-> MALWARE-OTHER Win.Trojan.Bandidos inbound delivery attempt * 1:58195 <-> MALWARE-OTHER Win.Trojan.Bandidos inbound delivery attempt * 1:58196 <-> OS-WINDOWS Microsoft Windows Common Log File System Driver privilege escalation attempt * 1:58197 <-> OS-WINDOWS Microsoft Windows Common Log File System Driver privilege escalation attempt * 1:58198 <-> OS-WINDOWS Microsoft Windows Common Log File System Driver privilege escalation attempt * 1:58199 <-> OS-WINDOWS Microsoft Windows Common Log File System Driver privilege escalation attempt
* 1:57991 <-> MALWARE-CNC Win.Trojan.Bandidos outbound connection attempt * 3:58110 <-> POLICY-OTHER Cisco BroadWorks administrator account modification detected
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.0.3.4.
The format of the file is:
gid:sid <-> Message
* 1:58174 <-> MALWARE-OTHER Asp.Webshell.Cmd download attempt * 1:58175 <-> MALWARE-OTHER Asp.Webshell.Cmd download attempt * 1:58176 <-> MALWARE-OTHER Asp.Webshell.Cmd upload attempt * 1:58177 <-> MALWARE-OTHER Asp.Webshell.Cmd upload attempt * 1:58178 <-> MALWARE-OTHER Asp.Webshell.Cmd download attempt * 1:58179 <-> MALWARE-OTHER Asp.Webshell.Cmd upload attempt * 1:58180 <-> MALWARE-OTHER Jsp.Webshell.Hsxa download attempt * 1:58181 <-> MALWARE-OTHER Jsp.Webshell.Hsxa upload attempt * 3:58182 <-> SERVER-OTHER Cisco IOS XE Software for CBR8 COPS denial of service attempt * 1:58183 <-> BROWSER-IE Microsoft Internet Explorer MSHTML CTreePos remote code execution attempt * 1:58184 <-> BROWSER-IE Microsoft Internet Explorer MSHTML CTreePos remote code execution attempt * 1:58185 <-> FILE-OTHER Imagemagick Ghostscript 9.50 remote code execution attempt * 1:58186 <-> FILE-OTHER Imagemagick Ghostscript 9.50 remote code execution attempt * 3:58187 <-> SERVER-OTHER Cisco IOS XE Wireless Controller Software CAPWAP denial of service attempt * 3:58188 <-> SERVER-OTHER Cisco IOS XE Wireless Controller Software CAPWAP denial of service attempt * 3:58189 <-> POLICY-OTHER Cisco IOS and IOS XE TrustSec deprecated API access detected * 3:58190 <-> POLICY-OTHER Cisco IOS and IOS XE TrustSec deprecated API access detected * 3:58191 <-> SERVER-OTHER Cisco IOS XE Wireless Controller Software CAPWAP denial of service attempt * 1:58192 <-> OS-OTHER Apple macOS Finder remote code execution inetloc file download attempt * 1:58193 <-> OS-OTHER Apple macOS Finder remote code execution inetloc file download attempt * 1:58194 <-> MALWARE-OTHER Win.Trojan.Bandidos inbound delivery attempt * 1:58195 <-> MALWARE-OTHER Win.Trojan.Bandidos inbound delivery attempt * 1:58196 <-> OS-WINDOWS Microsoft Windows Common Log File System Driver privilege escalation attempt * 1:58197 <-> OS-WINDOWS Microsoft Windows Common Log File System Driver privilege escalation attempt * 1:58198 <-> OS-WINDOWS Microsoft Windows Common Log File System Driver privilege escalation attempt * 1:58199 <-> OS-WINDOWS Microsoft Windows Common Log File System Driver privilege escalation attempt
* 1:57991 <-> MALWARE-CNC Win.Trojan.Bandidos outbound connection attempt * 3:58110 <-> POLICY-OTHER Cisco BroadWorks administrator account modification detected
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.0.0.
The format of the file is:
gid:sid <-> Message
* 1:58174 <-> MALWARE-OTHER Asp.Webshell.Cmd download attempt * 1:58175 <-> MALWARE-OTHER Asp.Webshell.Cmd download attempt * 1:58176 <-> MALWARE-OTHER Asp.Webshell.Cmd upload attempt * 1:58177 <-> MALWARE-OTHER Asp.Webshell.Cmd upload attempt * 1:58178 <-> MALWARE-OTHER Asp.Webshell.Cmd download attempt * 1:58179 <-> MALWARE-OTHER Asp.Webshell.Cmd upload attempt * 1:58180 <-> MALWARE-OTHER Jsp.Webshell.Hsxa download attempt * 1:58181 <-> MALWARE-OTHER Jsp.Webshell.Hsxa upload attempt * 3:58182 <-> SERVER-OTHER Cisco IOS XE Software for CBR8 COPS denial of service attempt * 1:58183 <-> BROWSER-IE Microsoft Internet Explorer MSHTML CTreePos remote code execution attempt * 1:58184 <-> BROWSER-IE Microsoft Internet Explorer MSHTML CTreePos remote code execution attempt * 1:58185 <-> FILE-OTHER Imagemagick Ghostscript 9.50 remote code execution attempt * 1:58186 <-> FILE-OTHER Imagemagick Ghostscript 9.50 remote code execution attempt * 3:58187 <-> SERVER-OTHER Cisco IOS XE Wireless Controller Software CAPWAP denial of service attempt * 3:58188 <-> SERVER-OTHER Cisco IOS XE Wireless Controller Software CAPWAP denial of service attempt * 3:58189 <-> POLICY-OTHER Cisco IOS and IOS XE TrustSec deprecated API access detected * 3:58190 <-> POLICY-OTHER Cisco IOS and IOS XE TrustSec deprecated API access detected * 3:58191 <-> SERVER-OTHER Cisco IOS XE Wireless Controller Software CAPWAP denial of service attempt * 1:58192 <-> OS-OTHER Apple macOS Finder remote code execution inetloc file download attempt * 1:58193 <-> OS-OTHER Apple macOS Finder remote code execution inetloc file download attempt * 1:58194 <-> MALWARE-OTHER Win.Trojan.Bandidos inbound delivery attempt * 1:58195 <-> MALWARE-OTHER Win.Trojan.Bandidos inbound delivery attempt * 1:58196 <-> OS-WINDOWS Microsoft Windows Common Log File System Driver privilege escalation attempt * 1:58197 <-> OS-WINDOWS Microsoft Windows Common Log File System Driver privilege escalation attempt * 1:58198 <-> OS-WINDOWS Microsoft Windows Common Log File System Driver privilege escalation attempt * 1:58199 <-> OS-WINDOWS Microsoft Windows Common Log File System Driver privilege escalation attempt
* 1:57991 <-> MALWARE-CNC Win.Trojan.Bandidos outbound connection attempt * 3:58110 <-> POLICY-OTHER Cisco BroadWorks administrator account modification detected
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.0.1.
The format of the file is:
gid:sid <-> Message
* 1:58174 <-> MALWARE-OTHER Asp.Webshell.Cmd download attempt * 1:58175 <-> MALWARE-OTHER Asp.Webshell.Cmd download attempt * 1:58176 <-> MALWARE-OTHER Asp.Webshell.Cmd upload attempt * 1:58177 <-> MALWARE-OTHER Asp.Webshell.Cmd upload attempt * 1:58178 <-> MALWARE-OTHER Asp.Webshell.Cmd download attempt * 1:58179 <-> MALWARE-OTHER Asp.Webshell.Cmd upload attempt * 1:58180 <-> MALWARE-OTHER Jsp.Webshell.Hsxa download attempt * 1:58181 <-> MALWARE-OTHER Jsp.Webshell.Hsxa upload attempt * 3:58182 <-> SERVER-OTHER Cisco IOS XE Software for CBR8 COPS denial of service attempt * 1:58183 <-> BROWSER-IE Microsoft Internet Explorer MSHTML CTreePos remote code execution attempt * 1:58184 <-> BROWSER-IE Microsoft Internet Explorer MSHTML CTreePos remote code execution attempt * 1:58185 <-> FILE-OTHER Imagemagick Ghostscript 9.50 remote code execution attempt * 1:58186 <-> FILE-OTHER Imagemagick Ghostscript 9.50 remote code execution attempt * 3:58187 <-> SERVER-OTHER Cisco IOS XE Wireless Controller Software CAPWAP denial of service attempt * 3:58188 <-> SERVER-OTHER Cisco IOS XE Wireless Controller Software CAPWAP denial of service attempt * 3:58189 <-> POLICY-OTHER Cisco IOS and IOS XE TrustSec deprecated API access detected * 3:58190 <-> POLICY-OTHER Cisco IOS and IOS XE TrustSec deprecated API access detected * 3:58191 <-> SERVER-OTHER Cisco IOS XE Wireless Controller Software CAPWAP denial of service attempt * 1:58192 <-> OS-OTHER Apple macOS Finder remote code execution inetloc file download attempt * 1:58193 <-> OS-OTHER Apple macOS Finder remote code execution inetloc file download attempt * 1:58194 <-> MALWARE-OTHER Win.Trojan.Bandidos inbound delivery attempt * 1:58195 <-> MALWARE-OTHER Win.Trojan.Bandidos inbound delivery attempt * 1:58196 <-> OS-WINDOWS Microsoft Windows Common Log File System Driver privilege escalation attempt * 1:58197 <-> OS-WINDOWS Microsoft Windows Common Log File System Driver privilege escalation attempt * 1:58198 <-> OS-WINDOWS Microsoft Windows Common Log File System Driver privilege escalation attempt * 1:58199 <-> OS-WINDOWS Microsoft Windows Common Log File System Driver privilege escalation attempt
* 1:57991 <-> MALWARE-CNC Win.Trojan.Bandidos outbound connection attempt * 3:58110 <-> POLICY-OTHER Cisco BroadWorks administrator account modification detected
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.1.0.
The format of the file is:
gid:sid <-> Message
* 1:58174 <-> MALWARE-OTHER Asp.Webshell.Cmd download attempt * 1:58175 <-> MALWARE-OTHER Asp.Webshell.Cmd download attempt * 1:58176 <-> MALWARE-OTHER Asp.Webshell.Cmd upload attempt * 1:58177 <-> MALWARE-OTHER Asp.Webshell.Cmd upload attempt * 1:58178 <-> MALWARE-OTHER Asp.Webshell.Cmd download attempt * 1:58179 <-> MALWARE-OTHER Asp.Webshell.Cmd upload attempt * 1:58180 <-> MALWARE-OTHER Jsp.Webshell.Hsxa download attempt * 1:58181 <-> MALWARE-OTHER Jsp.Webshell.Hsxa upload attempt * 3:58182 <-> SERVER-OTHER Cisco IOS XE Software for CBR8 COPS denial of service attempt * 1:58183 <-> BROWSER-IE Microsoft Internet Explorer MSHTML CTreePos remote code execution attempt * 1:58184 <-> BROWSER-IE Microsoft Internet Explorer MSHTML CTreePos remote code execution attempt * 1:58185 <-> FILE-OTHER Imagemagick Ghostscript 9.50 remote code execution attempt * 1:58186 <-> FILE-OTHER Imagemagick Ghostscript 9.50 remote code execution attempt * 3:58187 <-> SERVER-OTHER Cisco IOS XE Wireless Controller Software CAPWAP denial of service attempt * 3:58188 <-> SERVER-OTHER Cisco IOS XE Wireless Controller Software CAPWAP denial of service attempt * 3:58189 <-> POLICY-OTHER Cisco IOS and IOS XE TrustSec deprecated API access detected * 3:58190 <-> POLICY-OTHER Cisco IOS and IOS XE TrustSec deprecated API access detected * 3:58191 <-> SERVER-OTHER Cisco IOS XE Wireless Controller Software CAPWAP denial of service attempt * 1:58192 <-> OS-OTHER Apple macOS Finder remote code execution inetloc file download attempt * 1:58193 <-> OS-OTHER Apple macOS Finder remote code execution inetloc file download attempt * 1:58194 <-> MALWARE-OTHER Win.Trojan.Bandidos inbound delivery attempt * 1:58195 <-> MALWARE-OTHER Win.Trojan.Bandidos inbound delivery attempt * 1:58196 <-> OS-WINDOWS Microsoft Windows Common Log File System Driver privilege escalation attempt * 1:58197 <-> OS-WINDOWS Microsoft Windows Common Log File System Driver privilege escalation attempt * 1:58198 <-> OS-WINDOWS Microsoft Windows Common Log File System Driver privilege escalation attempt * 1:58199 <-> OS-WINDOWS Microsoft Windows Common Log File System Driver privilege escalation attempt
* 1:57991 <-> MALWARE-CNC Win.Trojan.Bandidos outbound connection attempt * 3:58110 <-> POLICY-OTHER Cisco BroadWorks administrator account modification detected
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.3.0.
The format of the file is:
gid:sid <-> Message
* 1:58174 <-> MALWARE-OTHER Asp.Webshell.Cmd download attempt * 1:58175 <-> MALWARE-OTHER Asp.Webshell.Cmd download attempt * 1:58176 <-> MALWARE-OTHER Asp.Webshell.Cmd upload attempt * 1:58177 <-> MALWARE-OTHER Asp.Webshell.Cmd upload attempt * 1:58178 <-> MALWARE-OTHER Asp.Webshell.Cmd download attempt * 1:58179 <-> MALWARE-OTHER Asp.Webshell.Cmd upload attempt * 1:58180 <-> MALWARE-OTHER Jsp.Webshell.Hsxa download attempt * 1:58181 <-> MALWARE-OTHER Jsp.Webshell.Hsxa upload attempt * 3:58182 <-> SERVER-OTHER Cisco IOS XE Software for CBR8 COPS denial of service attempt * 1:58183 <-> BROWSER-IE Microsoft Internet Explorer MSHTML CTreePos remote code execution attempt * 1:58184 <-> BROWSER-IE Microsoft Internet Explorer MSHTML CTreePos remote code execution attempt * 1:58185 <-> FILE-OTHER Imagemagick Ghostscript 9.50 remote code execution attempt * 1:58186 <-> FILE-OTHER Imagemagick Ghostscript 9.50 remote code execution attempt * 3:58187 <-> SERVER-OTHER Cisco IOS XE Wireless Controller Software CAPWAP denial of service attempt * 3:58188 <-> SERVER-OTHER Cisco IOS XE Wireless Controller Software CAPWAP denial of service attempt * 3:58189 <-> POLICY-OTHER Cisco IOS and IOS XE TrustSec deprecated API access detected * 3:58190 <-> POLICY-OTHER Cisco IOS and IOS XE TrustSec deprecated API access detected * 3:58191 <-> SERVER-OTHER Cisco IOS XE Wireless Controller Software CAPWAP denial of service attempt * 1:58192 <-> OS-OTHER Apple macOS Finder remote code execution inetloc file download attempt * 1:58193 <-> OS-OTHER Apple macOS Finder remote code execution inetloc file download attempt * 1:58194 <-> MALWARE-OTHER Win.Trojan.Bandidos inbound delivery attempt * 1:58195 <-> MALWARE-OTHER Win.Trojan.Bandidos inbound delivery attempt * 1:58196 <-> OS-WINDOWS Microsoft Windows Common Log File System Driver privilege escalation attempt * 1:58197 <-> OS-WINDOWS Microsoft Windows Common Log File System Driver privilege escalation attempt * 1:58198 <-> OS-WINDOWS Microsoft Windows Common Log File System Driver privilege escalation attempt * 1:58199 <-> OS-WINDOWS Microsoft Windows Common Log File System Driver privilege escalation attempt
* 1:57991 <-> MALWARE-CNC Win.Trojan.Bandidos outbound connection attempt * 3:58110 <-> POLICY-OTHER Cisco BroadWorks administrator account modification detected
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.4.0.
The format of the file is:
gid:sid <-> Message
* 1:58174 <-> MALWARE-OTHER Asp.Webshell.Cmd download attempt * 1:58175 <-> MALWARE-OTHER Asp.Webshell.Cmd download attempt * 1:58176 <-> MALWARE-OTHER Asp.Webshell.Cmd upload attempt * 1:58177 <-> MALWARE-OTHER Asp.Webshell.Cmd upload attempt * 1:58178 <-> MALWARE-OTHER Asp.Webshell.Cmd download attempt * 1:58179 <-> MALWARE-OTHER Asp.Webshell.Cmd upload attempt * 1:58180 <-> MALWARE-OTHER Jsp.Webshell.Hsxa download attempt * 1:58181 <-> MALWARE-OTHER Jsp.Webshell.Hsxa upload attempt * 3:58182 <-> SERVER-OTHER Cisco IOS XE Software for CBR8 COPS denial of service attempt * 1:58183 <-> BROWSER-IE Microsoft Internet Explorer MSHTML CTreePos remote code execution attempt * 1:58184 <-> BROWSER-IE Microsoft Internet Explorer MSHTML CTreePos remote code execution attempt * 1:58185 <-> FILE-OTHER Imagemagick Ghostscript 9.50 remote code execution attempt * 1:58186 <-> FILE-OTHER Imagemagick Ghostscript 9.50 remote code execution attempt * 3:58187 <-> SERVER-OTHER Cisco IOS XE Wireless Controller Software CAPWAP denial of service attempt * 3:58188 <-> SERVER-OTHER Cisco IOS XE Wireless Controller Software CAPWAP denial of service attempt * 3:58189 <-> POLICY-OTHER Cisco IOS and IOS XE TrustSec deprecated API access detected * 3:58190 <-> POLICY-OTHER Cisco IOS and IOS XE TrustSec deprecated API access detected * 3:58191 <-> SERVER-OTHER Cisco IOS XE Wireless Controller Software CAPWAP denial of service attempt * 1:58192 <-> OS-OTHER Apple macOS Finder remote code execution inetloc file download attempt * 1:58193 <-> OS-OTHER Apple macOS Finder remote code execution inetloc file download attempt * 1:58194 <-> MALWARE-OTHER Win.Trojan.Bandidos inbound delivery attempt * 1:58195 <-> MALWARE-OTHER Win.Trojan.Bandidos inbound delivery attempt * 1:58196 <-> OS-WINDOWS Microsoft Windows Common Log File System Driver privilege escalation attempt * 1:58197 <-> OS-WINDOWS Microsoft Windows Common Log File System Driver privilege escalation attempt * 1:58198 <-> OS-WINDOWS Microsoft Windows Common Log File System Driver privilege escalation attempt * 1:58199 <-> OS-WINDOWS Microsoft Windows Common Log File System Driver privilege escalation attempt
* 1:57991 <-> MALWARE-CNC Win.Trojan.Bandidos outbound connection attempt * 3:58110 <-> POLICY-OTHER Cisco BroadWorks administrator account modification detected
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.5.0.
The format of the file is:
gid:sid <-> Message
* 1:58174 <-> MALWARE-OTHER Asp.Webshell.Cmd download attempt * 1:58175 <-> MALWARE-OTHER Asp.Webshell.Cmd download attempt * 1:58176 <-> MALWARE-OTHER Asp.Webshell.Cmd upload attempt * 1:58177 <-> MALWARE-OTHER Asp.Webshell.Cmd upload attempt * 1:58178 <-> MALWARE-OTHER Asp.Webshell.Cmd download attempt * 1:58179 <-> MALWARE-OTHER Asp.Webshell.Cmd upload attempt * 1:58180 <-> MALWARE-OTHER Jsp.Webshell.Hsxa download attempt * 1:58181 <-> MALWARE-OTHER Jsp.Webshell.Hsxa upload attempt * 3:58182 <-> SERVER-OTHER Cisco IOS XE Software for CBR8 COPS denial of service attempt * 1:58183 <-> BROWSER-IE Microsoft Internet Explorer MSHTML CTreePos remote code execution attempt * 1:58184 <-> BROWSER-IE Microsoft Internet Explorer MSHTML CTreePos remote code execution attempt * 1:58185 <-> FILE-OTHER Imagemagick Ghostscript 9.50 remote code execution attempt * 1:58186 <-> FILE-OTHER Imagemagick Ghostscript 9.50 remote code execution attempt * 3:58187 <-> SERVER-OTHER Cisco IOS XE Wireless Controller Software CAPWAP denial of service attempt * 3:58188 <-> SERVER-OTHER Cisco IOS XE Wireless Controller Software CAPWAP denial of service attempt * 3:58189 <-> POLICY-OTHER Cisco IOS and IOS XE TrustSec deprecated API access detected * 3:58190 <-> POLICY-OTHER Cisco IOS and IOS XE TrustSec deprecated API access detected * 3:58191 <-> SERVER-OTHER Cisco IOS XE Wireless Controller Software CAPWAP denial of service attempt * 1:58192 <-> OS-OTHER Apple macOS Finder remote code execution inetloc file download attempt * 1:58193 <-> OS-OTHER Apple macOS Finder remote code execution inetloc file download attempt * 1:58194 <-> MALWARE-OTHER Win.Trojan.Bandidos inbound delivery attempt * 1:58195 <-> MALWARE-OTHER Win.Trojan.Bandidos inbound delivery attempt * 1:58196 <-> OS-WINDOWS Microsoft Windows Common Log File System Driver privilege escalation attempt * 1:58197 <-> OS-WINDOWS Microsoft Windows Common Log File System Driver privilege escalation attempt * 1:58198 <-> OS-WINDOWS Microsoft Windows Common Log File System Driver privilege escalation attempt * 1:58199 <-> OS-WINDOWS Microsoft Windows Common Log File System Driver privilege escalation attempt
* 1:57991 <-> MALWARE-CNC Win.Trojan.Bandidos outbound connection attempt * 3:58110 <-> POLICY-OTHER Cisco BroadWorks administrator account modification detected
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.7.0.
The format of the file is:
gid:sid <-> Message
* 1:58174 <-> MALWARE-OTHER Asp.Webshell.Cmd download attempt * 1:58175 <-> MALWARE-OTHER Asp.Webshell.Cmd download attempt * 1:58176 <-> MALWARE-OTHER Asp.Webshell.Cmd upload attempt * 1:58177 <-> MALWARE-OTHER Asp.Webshell.Cmd upload attempt * 1:58178 <-> MALWARE-OTHER Asp.Webshell.Cmd download attempt * 1:58179 <-> MALWARE-OTHER Asp.Webshell.Cmd upload attempt * 1:58180 <-> MALWARE-OTHER Jsp.Webshell.Hsxa download attempt * 1:58181 <-> MALWARE-OTHER Jsp.Webshell.Hsxa upload attempt * 3:58182 <-> SERVER-OTHER Cisco IOS XE Software for CBR8 COPS denial of service attempt * 1:58183 <-> BROWSER-IE Microsoft Internet Explorer MSHTML CTreePos remote code execution attempt * 1:58184 <-> BROWSER-IE Microsoft Internet Explorer MSHTML CTreePos remote code execution attempt * 1:58185 <-> FILE-OTHER Imagemagick Ghostscript 9.50 remote code execution attempt * 1:58186 <-> FILE-OTHER Imagemagick Ghostscript 9.50 remote code execution attempt * 3:58187 <-> SERVER-OTHER Cisco IOS XE Wireless Controller Software CAPWAP denial of service attempt * 3:58188 <-> SERVER-OTHER Cisco IOS XE Wireless Controller Software CAPWAP denial of service attempt * 3:58189 <-> POLICY-OTHER Cisco IOS and IOS XE TrustSec deprecated API access detected * 3:58190 <-> POLICY-OTHER Cisco IOS and IOS XE TrustSec deprecated API access detected * 3:58191 <-> SERVER-OTHER Cisco IOS XE Wireless Controller Software CAPWAP denial of service attempt * 1:58192 <-> OS-OTHER Apple macOS Finder remote code execution inetloc file download attempt * 1:58193 <-> OS-OTHER Apple macOS Finder remote code execution inetloc file download attempt * 1:58194 <-> MALWARE-OTHER Win.Trojan.Bandidos inbound delivery attempt * 1:58195 <-> MALWARE-OTHER Win.Trojan.Bandidos inbound delivery attempt * 1:58196 <-> OS-WINDOWS Microsoft Windows Common Log File System Driver privilege escalation attempt * 1:58197 <-> OS-WINDOWS Microsoft Windows Common Log File System Driver privilege escalation attempt * 1:58198 <-> OS-WINDOWS Microsoft Windows Common Log File System Driver privilege escalation attempt * 1:58199 <-> OS-WINDOWS Microsoft Windows Common Log File System Driver privilege escalation attempt
* 1:57991 <-> MALWARE-CNC Win.Trojan.Bandidos outbound connection attempt * 3:58110 <-> POLICY-OTHER Cisco BroadWorks administrator account modification detected
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.9.0.
The format of the file is:
gid:sid <-> Message
* 1:58174 <-> MALWARE-OTHER Asp.Webshell.Cmd download attempt * 1:58175 <-> MALWARE-OTHER Asp.Webshell.Cmd download attempt * 1:58176 <-> MALWARE-OTHER Asp.Webshell.Cmd upload attempt * 1:58177 <-> MALWARE-OTHER Asp.Webshell.Cmd upload attempt * 1:58178 <-> MALWARE-OTHER Asp.Webshell.Cmd download attempt * 1:58179 <-> MALWARE-OTHER Asp.Webshell.Cmd upload attempt * 1:58180 <-> MALWARE-OTHER Jsp.Webshell.Hsxa download attempt * 1:58181 <-> MALWARE-OTHER Jsp.Webshell.Hsxa upload attempt * 3:58182 <-> SERVER-OTHER Cisco IOS XE Software for CBR8 COPS denial of service attempt * 1:58183 <-> BROWSER-IE Microsoft Internet Explorer MSHTML CTreePos remote code execution attempt * 1:58184 <-> BROWSER-IE Microsoft Internet Explorer MSHTML CTreePos remote code execution attempt * 1:58185 <-> FILE-OTHER Imagemagick Ghostscript 9.50 remote code execution attempt * 1:58186 <-> FILE-OTHER Imagemagick Ghostscript 9.50 remote code execution attempt * 3:58187 <-> SERVER-OTHER Cisco IOS XE Wireless Controller Software CAPWAP denial of service attempt * 3:58188 <-> SERVER-OTHER Cisco IOS XE Wireless Controller Software CAPWAP denial of service attempt * 3:58189 <-> POLICY-OTHER Cisco IOS and IOS XE TrustSec deprecated API access detected * 3:58190 <-> POLICY-OTHER Cisco IOS and IOS XE TrustSec deprecated API access detected * 3:58191 <-> SERVER-OTHER Cisco IOS XE Wireless Controller Software CAPWAP denial of service attempt * 1:58192 <-> OS-OTHER Apple macOS Finder remote code execution inetloc file download attempt * 1:58193 <-> OS-OTHER Apple macOS Finder remote code execution inetloc file download attempt * 1:58194 <-> MALWARE-OTHER Win.Trojan.Bandidos inbound delivery attempt * 1:58195 <-> MALWARE-OTHER Win.Trojan.Bandidos inbound delivery attempt * 1:58196 <-> OS-WINDOWS Microsoft Windows Common Log File System Driver privilege escalation attempt * 1:58197 <-> OS-WINDOWS Microsoft Windows Common Log File System Driver privilege escalation attempt * 1:58198 <-> OS-WINDOWS Microsoft Windows Common Log File System Driver privilege escalation attempt * 1:58199 <-> OS-WINDOWS Microsoft Windows Common Log File System Driver privilege escalation attempt
* 1:57991 <-> MALWARE-CNC Win.Trojan.Bandidos outbound connection attempt * 3:58110 <-> POLICY-OTHER Cisco BroadWorks administrator account modification detected
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.11.0.
The format of the file is:
gid:sid <-> Message
* 1:58174 <-> MALWARE-OTHER Asp.Webshell.Cmd download attempt * 1:58175 <-> MALWARE-OTHER Asp.Webshell.Cmd download attempt * 1:58176 <-> MALWARE-OTHER Asp.Webshell.Cmd upload attempt * 1:58177 <-> MALWARE-OTHER Asp.Webshell.Cmd upload attempt * 1:58178 <-> MALWARE-OTHER Asp.Webshell.Cmd download attempt * 1:58179 <-> MALWARE-OTHER Asp.Webshell.Cmd upload attempt * 1:58180 <-> MALWARE-OTHER Jsp.Webshell.Hsxa download attempt * 1:58181 <-> MALWARE-OTHER Jsp.Webshell.Hsxa upload attempt * 3:58182 <-> SERVER-OTHER Cisco IOS XE Software for CBR8 COPS denial of service attempt * 1:58183 <-> BROWSER-IE Microsoft Internet Explorer MSHTML CTreePos remote code execution attempt * 1:58184 <-> BROWSER-IE Microsoft Internet Explorer MSHTML CTreePos remote code execution attempt * 1:58185 <-> FILE-OTHER Imagemagick Ghostscript 9.50 remote code execution attempt * 1:58186 <-> FILE-OTHER Imagemagick Ghostscript 9.50 remote code execution attempt * 3:58187 <-> SERVER-OTHER Cisco IOS XE Wireless Controller Software CAPWAP denial of service attempt * 3:58188 <-> SERVER-OTHER Cisco IOS XE Wireless Controller Software CAPWAP denial of service attempt * 3:58189 <-> POLICY-OTHER Cisco IOS and IOS XE TrustSec deprecated API access detected * 3:58190 <-> POLICY-OTHER Cisco IOS and IOS XE TrustSec deprecated API access detected * 3:58191 <-> SERVER-OTHER Cisco IOS XE Wireless Controller Software CAPWAP denial of service attempt * 1:58192 <-> OS-OTHER Apple macOS Finder remote code execution inetloc file download attempt * 1:58193 <-> OS-OTHER Apple macOS Finder remote code execution inetloc file download attempt * 1:58194 <-> MALWARE-OTHER Win.Trojan.Bandidos inbound delivery attempt * 1:58195 <-> MALWARE-OTHER Win.Trojan.Bandidos inbound delivery attempt * 1:58196 <-> OS-WINDOWS Microsoft Windows Common Log File System Driver privilege escalation attempt * 1:58197 <-> OS-WINDOWS Microsoft Windows Common Log File System Driver privilege escalation attempt * 1:58198 <-> OS-WINDOWS Microsoft Windows Common Log File System Driver privilege escalation attempt * 1:58199 <-> OS-WINDOWS Microsoft Windows Common Log File System Driver privilege escalation attempt
* 1:57991 <-> MALWARE-CNC Win.Trojan.Bandidos outbound connection attempt * 3:58110 <-> POLICY-OTHER Cisco BroadWorks administrator account modification detected
©2024 Cisco and/or its affiliates. Snort, the Snort and Pig logo are registered trademarks of Cisco. All rights reserved.
