Talos has added and modified multiple rules in the indicator-compromise, indicator-obfuscation, malware-other and server-webapp rule sets to provide coverage for emerging threats from these technologies.
For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091801.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:58374 <-> DISABLED <-> SERVER-WEBAPP GE MDS PulseNET MagnumEmulator Servlet XML external entity injection attempt (server-webapp.rules) * 1:58375 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center iccSelectCommand expression language injection attempt (server-webapp.rules) * 1:58376 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center iccSelectCommand expression language injection attempt (server-webapp.rules) * 1:58377 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center eventInfo_content expression language injection attempt (server-webapp.rules) * 1:58378 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center eventInfo_content expression language injection attempt (server-webapp.rules) * 1:58379 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center devSoftSel Java expression language injection attempt (server-webapp.rules) * 1:58380 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center devSoftSel Java expression language injection attempt (server-webapp.rules) * 1:58381 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway formConfiguration saveValue SQL injection attempt (server-webapp.rules) * 1:58382 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway formConfiguration saveValue SQL injection attempt (server-webapp.rules) * 1:58383 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway formConfiguration saveValue SQL injection attempt (server-webapp.rules) * 1:58384 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center operationSelect Java expression language injection attempt (server-webapp.rules) * 1:58385 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center operationSelect Java expression language injection attempt (server-webapp.rules)
* 1:47847 <-> ENABLED <-> MALWARE-OTHER Win.Downloader.DDECmdExec variant download (malware-other.rules) * 1:55829 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet multiple functions SQL injection attempt (server-webapp.rules) * 1:47848 <-> ENABLED <-> MALWARE-OTHER Win.Downloader.DDECmdExec variant download (malware-other.rules) * 1:55827 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet multiple functions SQL injection attempt (server-webapp.rules) * 1:45570 <-> DISABLED <-> SERVER-WEBAPP HP Moonshot Provisioning Manager Appliance khuploadfile.cgi directory traversal attempt (server-webapp.rules) * 1:47398 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft cmd.exe outbound shell attempt (indicator-compromise.rules) * 1:47399 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft cmd.exe outbound shell attempt (indicator-compromise.rules) * 1:47400 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft powershell.exe outbound shell attempt (indicator-compromise.rules) * 1:55828 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet multiple functions SQL injection attempt (server-webapp.rules) * 1:47401 <-> DISABLED <-> INDICATOR-OBFUSCATION ICMP HTTP tunneling attempt (indicator-obfuscation.rules) * 1:47402 <-> DISABLED <-> INDICATOR-OBFUSCATION FTP file upload over non-standard port attempt (indicator-obfuscation.rules) * 1:47846 <-> ENABLED <-> MALWARE-OTHER Win.Downloader.DDECmdExec variant download (malware-other.rules) * 1:47845 <-> ENABLED <-> MALWARE-OTHER Win.Downloader.DDECmdExec variant download (malware-other.rules) * 1:47844 <-> ENABLED <-> MALWARE-OTHER Win.Downloader.DDECmdExec variant download (malware-other.rules) * 1:47849 <-> ENABLED <-> MALWARE-OTHER Win.Downloader.DDECmdExec variant download (malware-other.rules) * 1:47639 <-> DISABLED <-> INDICATOR-OBFUSCATION DNS TXT response record tunneling (indicator-obfuscation.rules) * 3:37675 <-> ENABLED <-> SERVER-OTHER Cisco IOS invalid IKE fragment length memory corruption or exhaustion attempt (server-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091800.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:58378 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center eventInfo_content expression language injection attempt (server-webapp.rules) * 1:58375 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center iccSelectCommand expression language injection attempt (server-webapp.rules) * 1:58377 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center eventInfo_content expression language injection attempt (server-webapp.rules) * 1:58382 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway formConfiguration saveValue SQL injection attempt (server-webapp.rules) * 1:58374 <-> DISABLED <-> SERVER-WEBAPP GE MDS PulseNET MagnumEmulator Servlet XML external entity injection attempt (server-webapp.rules) * 1:58376 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center iccSelectCommand expression language injection attempt (server-webapp.rules) * 1:58385 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center operationSelect Java expression language injection attempt (server-webapp.rules) * 1:58380 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center devSoftSel Java expression language injection attempt (server-webapp.rules) * 1:58379 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center devSoftSel Java expression language injection attempt (server-webapp.rules) * 1:58383 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway formConfiguration saveValue SQL injection attempt (server-webapp.rules) * 1:58381 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway formConfiguration saveValue SQL injection attempt (server-webapp.rules) * 1:58384 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center operationSelect Java expression language injection attempt (server-webapp.rules)
* 1:47844 <-> ENABLED <-> MALWARE-OTHER Win.Downloader.DDECmdExec variant download (malware-other.rules) * 1:47847 <-> ENABLED <-> MALWARE-OTHER Win.Downloader.DDECmdExec variant download (malware-other.rules) * 1:47848 <-> ENABLED <-> MALWARE-OTHER Win.Downloader.DDECmdExec variant download (malware-other.rules) * 1:47398 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft cmd.exe outbound shell attempt (indicator-compromise.rules) * 1:47401 <-> DISABLED <-> INDICATOR-OBFUSCATION ICMP HTTP tunneling attempt (indicator-obfuscation.rules) * 1:47400 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft powershell.exe outbound shell attempt (indicator-compromise.rules) * 1:47845 <-> ENABLED <-> MALWARE-OTHER Win.Downloader.DDECmdExec variant download (malware-other.rules) * 1:47399 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft cmd.exe outbound shell attempt (indicator-compromise.rules) * 1:55829 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet multiple functions SQL injection attempt (server-webapp.rules) * 1:47639 <-> DISABLED <-> INDICATOR-OBFUSCATION DNS TXT response record tunneling (indicator-obfuscation.rules) * 1:47402 <-> DISABLED <-> INDICATOR-OBFUSCATION FTP file upload over non-standard port attempt (indicator-obfuscation.rules) * 1:47849 <-> ENABLED <-> MALWARE-OTHER Win.Downloader.DDECmdExec variant download (malware-other.rules) * 1:45570 <-> DISABLED <-> SERVER-WEBAPP HP Moonshot Provisioning Manager Appliance khuploadfile.cgi directory traversal attempt (server-webapp.rules) * 1:55827 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet multiple functions SQL injection attempt (server-webapp.rules) * 1:55828 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet multiple functions SQL injection attempt (server-webapp.rules) * 1:47846 <-> ENABLED <-> MALWARE-OTHER Win.Downloader.DDECmdExec variant download (malware-other.rules) * 3:37675 <-> ENABLED <-> SERVER-OTHER Cisco IOS invalid IKE fragment length memory corruption or exhaustion attempt (server-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091701.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:58383 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway formConfiguration saveValue SQL injection attempt (server-webapp.rules) * 1:58380 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center devSoftSel Java expression language injection attempt (server-webapp.rules) * 1:58378 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center eventInfo_content expression language injection attempt (server-webapp.rules) * 1:58377 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center eventInfo_content expression language injection attempt (server-webapp.rules) * 1:58381 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway formConfiguration saveValue SQL injection attempt (server-webapp.rules) * 1:58384 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center operationSelect Java expression language injection attempt (server-webapp.rules) * 1:58379 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center devSoftSel Java expression language injection attempt (server-webapp.rules) * 1:58374 <-> DISABLED <-> SERVER-WEBAPP GE MDS PulseNET MagnumEmulator Servlet XML external entity injection attempt (server-webapp.rules) * 1:58376 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center iccSelectCommand expression language injection attempt (server-webapp.rules) * 1:58375 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center iccSelectCommand expression language injection attempt (server-webapp.rules) * 1:58385 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center operationSelect Java expression language injection attempt (server-webapp.rules) * 1:58382 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway formConfiguration saveValue SQL injection attempt (server-webapp.rules)
* 1:47402 <-> DISABLED <-> INDICATOR-OBFUSCATION FTP file upload over non-standard port attempt (indicator-obfuscation.rules) * 1:47847 <-> ENABLED <-> MALWARE-OTHER Win.Downloader.DDECmdExec variant download (malware-other.rules) * 1:47844 <-> ENABLED <-> MALWARE-OTHER Win.Downloader.DDECmdExec variant download (malware-other.rules) * 1:45570 <-> DISABLED <-> SERVER-WEBAPP HP Moonshot Provisioning Manager Appliance khuploadfile.cgi directory traversal attempt (server-webapp.rules) * 1:47639 <-> DISABLED <-> INDICATOR-OBFUSCATION DNS TXT response record tunneling (indicator-obfuscation.rules) * 1:47401 <-> DISABLED <-> INDICATOR-OBFUSCATION ICMP HTTP tunneling attempt (indicator-obfuscation.rules) * 1:55829 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet multiple functions SQL injection attempt (server-webapp.rules) * 1:47845 <-> ENABLED <-> MALWARE-OTHER Win.Downloader.DDECmdExec variant download (malware-other.rules) * 1:47398 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft cmd.exe outbound shell attempt (indicator-compromise.rules) * 1:47400 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft powershell.exe outbound shell attempt (indicator-compromise.rules) * 1:55827 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet multiple functions SQL injection attempt (server-webapp.rules) * 1:55828 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet multiple functions SQL injection attempt (server-webapp.rules) * 1:47846 <-> ENABLED <-> MALWARE-OTHER Win.Downloader.DDECmdExec variant download (malware-other.rules) * 1:47848 <-> ENABLED <-> MALWARE-OTHER Win.Downloader.DDECmdExec variant download (malware-other.rules) * 1:47849 <-> ENABLED <-> MALWARE-OTHER Win.Downloader.DDECmdExec variant download (malware-other.rules) * 1:47399 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft cmd.exe outbound shell attempt (indicator-compromise.rules) * 3:37675 <-> ENABLED <-> SERVER-OTHER Cisco IOS invalid IKE fragment length memory corruption or exhaustion attempt (server-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091700.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:58375 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center iccSelectCommand expression language injection attempt (server-webapp.rules) * 1:58385 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center operationSelect Java expression language injection attempt (server-webapp.rules) * 1:58376 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center iccSelectCommand expression language injection attempt (server-webapp.rules) * 1:58377 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center eventInfo_content expression language injection attempt (server-webapp.rules) * 1:58378 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center eventInfo_content expression language injection attempt (server-webapp.rules) * 1:58374 <-> DISABLED <-> SERVER-WEBAPP GE MDS PulseNET MagnumEmulator Servlet XML external entity injection attempt (server-webapp.rules) * 1:58379 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center devSoftSel Java expression language injection attempt (server-webapp.rules) * 1:58384 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center operationSelect Java expression language injection attempt (server-webapp.rules) * 1:58380 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center devSoftSel Java expression language injection attempt (server-webapp.rules) * 1:58381 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway formConfiguration saveValue SQL injection attempt (server-webapp.rules) * 1:58382 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway formConfiguration saveValue SQL injection attempt (server-webapp.rules) * 1:58383 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway formConfiguration saveValue SQL injection attempt (server-webapp.rules)
* 1:47848 <-> ENABLED <-> MALWARE-OTHER Win.Downloader.DDECmdExec variant download (malware-other.rules) * 1:47639 <-> DISABLED <-> INDICATOR-OBFUSCATION DNS TXT response record tunneling (indicator-obfuscation.rules) * 1:47847 <-> ENABLED <-> MALWARE-OTHER Win.Downloader.DDECmdExec variant download (malware-other.rules) * 1:47400 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft powershell.exe outbound shell attempt (indicator-compromise.rules) * 1:47846 <-> ENABLED <-> MALWARE-OTHER Win.Downloader.DDECmdExec variant download (malware-other.rules) * 1:47845 <-> ENABLED <-> MALWARE-OTHER Win.Downloader.DDECmdExec variant download (malware-other.rules) * 1:47844 <-> ENABLED <-> MALWARE-OTHER Win.Downloader.DDECmdExec variant download (malware-other.rules) * 1:47398 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft cmd.exe outbound shell attempt (indicator-compromise.rules) * 1:55829 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet multiple functions SQL injection attempt (server-webapp.rules) * 1:47849 <-> ENABLED <-> MALWARE-OTHER Win.Downloader.DDECmdExec variant download (malware-other.rules) * 1:55827 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet multiple functions SQL injection attempt (server-webapp.rules) * 1:47399 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft cmd.exe outbound shell attempt (indicator-compromise.rules) * 1:45570 <-> DISABLED <-> SERVER-WEBAPP HP Moonshot Provisioning Manager Appliance khuploadfile.cgi directory traversal attempt (server-webapp.rules) * 1:47402 <-> DISABLED <-> INDICATOR-OBFUSCATION FTP file upload over non-standard port attempt (indicator-obfuscation.rules) * 1:47401 <-> DISABLED <-> INDICATOR-OBFUSCATION ICMP HTTP tunneling attempt (indicator-obfuscation.rules) * 1:55828 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet multiple functions SQL injection attempt (server-webapp.rules) * 3:37675 <-> ENABLED <-> SERVER-OTHER Cisco IOS invalid IKE fragment length memory corruption or exhaustion attempt (server-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091601.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:58375 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center iccSelectCommand expression language injection attempt (server-webapp.rules) * 1:58376 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center iccSelectCommand expression language injection attempt (server-webapp.rules) * 1:58379 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center devSoftSel Java expression language injection attempt (server-webapp.rules) * 1:58380 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center devSoftSel Java expression language injection attempt (server-webapp.rules) * 1:58381 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway formConfiguration saveValue SQL injection attempt (server-webapp.rules) * 1:58382 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway formConfiguration saveValue SQL injection attempt (server-webapp.rules) * 1:58377 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center eventInfo_content expression language injection attempt (server-webapp.rules) * 1:58378 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center eventInfo_content expression language injection attempt (server-webapp.rules) * 1:58383 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway formConfiguration saveValue SQL injection attempt (server-webapp.rules) * 1:58374 <-> DISABLED <-> SERVER-WEBAPP GE MDS PulseNET MagnumEmulator Servlet XML external entity injection attempt (server-webapp.rules) * 1:58384 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center operationSelect Java expression language injection attempt (server-webapp.rules) * 1:58385 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center operationSelect Java expression language injection attempt (server-webapp.rules)
* 1:47849 <-> ENABLED <-> MALWARE-OTHER Win.Downloader.DDECmdExec variant download (malware-other.rules) * 1:47846 <-> ENABLED <-> MALWARE-OTHER Win.Downloader.DDECmdExec variant download (malware-other.rules) * 1:47399 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft cmd.exe outbound shell attempt (indicator-compromise.rules) * 1:47848 <-> ENABLED <-> MALWARE-OTHER Win.Downloader.DDECmdExec variant download (malware-other.rules) * 1:55827 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet multiple functions SQL injection attempt (server-webapp.rules) * 1:47639 <-> DISABLED <-> INDICATOR-OBFUSCATION DNS TXT response record tunneling (indicator-obfuscation.rules) * 1:55828 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet multiple functions SQL injection attempt (server-webapp.rules) * 1:47402 <-> DISABLED <-> INDICATOR-OBFUSCATION FTP file upload over non-standard port attempt (indicator-obfuscation.rules) * 1:47847 <-> ENABLED <-> MALWARE-OTHER Win.Downloader.DDECmdExec variant download (malware-other.rules) * 1:47844 <-> ENABLED <-> MALWARE-OTHER Win.Downloader.DDECmdExec variant download (malware-other.rules) * 1:47400 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft powershell.exe outbound shell attempt (indicator-compromise.rules) * 1:45570 <-> DISABLED <-> SERVER-WEBAPP HP Moonshot Provisioning Manager Appliance khuploadfile.cgi directory traversal attempt (server-webapp.rules) * 1:55829 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet multiple functions SQL injection attempt (server-webapp.rules) * 1:47398 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft cmd.exe outbound shell attempt (indicator-compromise.rules) * 1:47401 <-> DISABLED <-> INDICATOR-OBFUSCATION ICMP HTTP tunneling attempt (indicator-obfuscation.rules) * 1:47845 <-> ENABLED <-> MALWARE-OTHER Win.Downloader.DDECmdExec variant download (malware-other.rules) * 3:37675 <-> ENABLED <-> SERVER-OTHER Cisco IOS invalid IKE fragment length memory corruption or exhaustion attempt (server-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091600.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:58374 <-> DISABLED <-> SERVER-WEBAPP GE MDS PulseNET MagnumEmulator Servlet XML external entity injection attempt (server-webapp.rules) * 1:58379 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center devSoftSel Java expression language injection attempt (server-webapp.rules) * 1:58375 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center iccSelectCommand expression language injection attempt (server-webapp.rules) * 1:58381 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway formConfiguration saveValue SQL injection attempt (server-webapp.rules) * 1:58380 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center devSoftSel Java expression language injection attempt (server-webapp.rules) * 1:58382 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway formConfiguration saveValue SQL injection attempt (server-webapp.rules) * 1:58383 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway formConfiguration saveValue SQL injection attempt (server-webapp.rules) * 1:58384 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center operationSelect Java expression language injection attempt (server-webapp.rules) * 1:58376 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center iccSelectCommand expression language injection attempt (server-webapp.rules) * 1:58385 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center operationSelect Java expression language injection attempt (server-webapp.rules) * 1:58377 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center eventInfo_content expression language injection attempt (server-webapp.rules) * 1:58378 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center eventInfo_content expression language injection attempt (server-webapp.rules)
* 1:45570 <-> DISABLED <-> SERVER-WEBAPP HP Moonshot Provisioning Manager Appliance khuploadfile.cgi directory traversal attempt (server-webapp.rules) * 1:55828 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet multiple functions SQL injection attempt (server-webapp.rules) * 1:47847 <-> ENABLED <-> MALWARE-OTHER Win.Downloader.DDECmdExec variant download (malware-other.rules) * 1:47846 <-> ENABLED <-> MALWARE-OTHER Win.Downloader.DDECmdExec variant download (malware-other.rules) * 1:47401 <-> DISABLED <-> INDICATOR-OBFUSCATION ICMP HTTP tunneling attempt (indicator-obfuscation.rules) * 1:55827 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet multiple functions SQL injection attempt (server-webapp.rules) * 1:47849 <-> ENABLED <-> MALWARE-OTHER Win.Downloader.DDECmdExec variant download (malware-other.rules) * 1:47848 <-> ENABLED <-> MALWARE-OTHER Win.Downloader.DDECmdExec variant download (malware-other.rules) * 1:55829 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet multiple functions SQL injection attempt (server-webapp.rules) * 1:47399 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft cmd.exe outbound shell attempt (indicator-compromise.rules) * 1:47400 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft powershell.exe outbound shell attempt (indicator-compromise.rules) * 1:47844 <-> ENABLED <-> MALWARE-OTHER Win.Downloader.DDECmdExec variant download (malware-other.rules) * 1:47402 <-> DISABLED <-> INDICATOR-OBFUSCATION FTP file upload over non-standard port attempt (indicator-obfuscation.rules) * 1:47845 <-> ENABLED <-> MALWARE-OTHER Win.Downloader.DDECmdExec variant download (malware-other.rules) * 1:47639 <-> DISABLED <-> INDICATOR-OBFUSCATION DNS TXT response record tunneling (indicator-obfuscation.rules) * 1:47398 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft cmd.exe outbound shell attempt (indicator-compromise.rules) * 3:37675 <-> ENABLED <-> SERVER-OTHER Cisco IOS invalid IKE fragment length memory corruption or exhaustion attempt (server-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091501.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:58377 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center eventInfo_content expression language injection attempt (server-webapp.rules) * 1:58380 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center devSoftSel Java expression language injection attempt (server-webapp.rules) * 1:58375 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center iccSelectCommand expression language injection attempt (server-webapp.rules) * 1:58384 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center operationSelect Java expression language injection attempt (server-webapp.rules) * 1:58376 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center iccSelectCommand expression language injection attempt (server-webapp.rules) * 1:58385 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center operationSelect Java expression language injection attempt (server-webapp.rules) * 1:58381 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway formConfiguration saveValue SQL injection attempt (server-webapp.rules) * 1:58382 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway formConfiguration saveValue SQL injection attempt (server-webapp.rules) * 1:58383 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway formConfiguration saveValue SQL injection attempt (server-webapp.rules) * 1:58378 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center eventInfo_content expression language injection attempt (server-webapp.rules) * 1:58379 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center devSoftSel Java expression language injection attempt (server-webapp.rules) * 1:58374 <-> DISABLED <-> SERVER-WEBAPP GE MDS PulseNET MagnumEmulator Servlet XML external entity injection attempt (server-webapp.rules)
* 1:47844 <-> ENABLED <-> MALWARE-OTHER Win.Downloader.DDECmdExec variant download (malware-other.rules) * 1:47845 <-> ENABLED <-> MALWARE-OTHER Win.Downloader.DDECmdExec variant download (malware-other.rules) * 1:55829 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet multiple functions SQL injection attempt (server-webapp.rules) * 1:47846 <-> ENABLED <-> MALWARE-OTHER Win.Downloader.DDECmdExec variant download (malware-other.rules) * 1:47848 <-> ENABLED <-> MALWARE-OTHER Win.Downloader.DDECmdExec variant download (malware-other.rules) * 1:47847 <-> ENABLED <-> MALWARE-OTHER Win.Downloader.DDECmdExec variant download (malware-other.rules) * 1:55828 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet multiple functions SQL injection attempt (server-webapp.rules) * 1:47402 <-> DISABLED <-> INDICATOR-OBFUSCATION FTP file upload over non-standard port attempt (indicator-obfuscation.rules) * 1:47639 <-> DISABLED <-> INDICATOR-OBFUSCATION DNS TXT response record tunneling (indicator-obfuscation.rules) * 1:47399 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft cmd.exe outbound shell attempt (indicator-compromise.rules) * 1:47400 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft powershell.exe outbound shell attempt (indicator-compromise.rules) * 1:47401 <-> DISABLED <-> INDICATOR-OBFUSCATION ICMP HTTP tunneling attempt (indicator-obfuscation.rules) * 1:55827 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet multiple functions SQL injection attempt (server-webapp.rules) * 1:47849 <-> ENABLED <-> MALWARE-OTHER Win.Downloader.DDECmdExec variant download (malware-other.rules) * 1:47398 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft cmd.exe outbound shell attempt (indicator-compromise.rules) * 1:45570 <-> DISABLED <-> SERVER-WEBAPP HP Moonshot Provisioning Manager Appliance khuploadfile.cgi directory traversal attempt (server-webapp.rules) * 3:37675 <-> ENABLED <-> SERVER-OTHER Cisco IOS invalid IKE fragment length memory corruption or exhaustion attempt (server-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091401.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:58383 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway formConfiguration saveValue SQL injection attempt (server-webapp.rules) * 1:58374 <-> DISABLED <-> SERVER-WEBAPP GE MDS PulseNET MagnumEmulator Servlet XML external entity injection attempt (server-webapp.rules) * 1:58378 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center eventInfo_content expression language injection attempt (server-webapp.rules) * 1:58375 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center iccSelectCommand expression language injection attempt (server-webapp.rules) * 1:58382 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway formConfiguration saveValue SQL injection attempt (server-webapp.rules) * 1:58385 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center operationSelect Java expression language injection attempt (server-webapp.rules) * 1:58381 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway formConfiguration saveValue SQL injection attempt (server-webapp.rules) * 1:58384 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center operationSelect Java expression language injection attempt (server-webapp.rules) * 1:58380 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center devSoftSel Java expression language injection attempt (server-webapp.rules) * 1:58376 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center iccSelectCommand expression language injection attempt (server-webapp.rules) * 1:58379 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center devSoftSel Java expression language injection attempt (server-webapp.rules) * 1:58377 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center eventInfo_content expression language injection attempt (server-webapp.rules)
* 1:45570 <-> DISABLED <-> SERVER-WEBAPP HP Moonshot Provisioning Manager Appliance khuploadfile.cgi directory traversal attempt (server-webapp.rules) * 1:47639 <-> DISABLED <-> INDICATOR-OBFUSCATION DNS TXT response record tunneling (indicator-obfuscation.rules) * 1:55827 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet multiple functions SQL injection attempt (server-webapp.rules) * 1:47845 <-> ENABLED <-> MALWARE-OTHER Win.Downloader.DDECmdExec variant download (malware-other.rules) * 1:47848 <-> ENABLED <-> MALWARE-OTHER Win.Downloader.DDECmdExec variant download (malware-other.rules) * 1:47847 <-> ENABLED <-> MALWARE-OTHER Win.Downloader.DDECmdExec variant download (malware-other.rules) * 1:47844 <-> ENABLED <-> MALWARE-OTHER Win.Downloader.DDECmdExec variant download (malware-other.rules) * 1:47401 <-> DISABLED <-> INDICATOR-OBFUSCATION ICMP HTTP tunneling attempt (indicator-obfuscation.rules) * 1:47398 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft cmd.exe outbound shell attempt (indicator-compromise.rules) * 1:47399 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft cmd.exe outbound shell attempt (indicator-compromise.rules) * 1:47846 <-> ENABLED <-> MALWARE-OTHER Win.Downloader.DDECmdExec variant download (malware-other.rules) * 1:55829 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet multiple functions SQL injection attempt (server-webapp.rules) * 1:55828 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet multiple functions SQL injection attempt (server-webapp.rules) * 1:47849 <-> ENABLED <-> MALWARE-OTHER Win.Downloader.DDECmdExec variant download (malware-other.rules) * 1:47400 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft powershell.exe outbound shell attempt (indicator-compromise.rules) * 1:47402 <-> DISABLED <-> INDICATOR-OBFUSCATION FTP file upload over non-standard port attempt (indicator-obfuscation.rules) * 3:37675 <-> ENABLED <-> SERVER-OTHER Cisco IOS invalid IKE fragment length memory corruption or exhaustion attempt (server-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091300.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:58376 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center iccSelectCommand expression language injection attempt (server-webapp.rules) * 1:58382 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway formConfiguration saveValue SQL injection attempt (server-webapp.rules) * 1:58375 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center iccSelectCommand expression language injection attempt (server-webapp.rules) * 1:58377 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center eventInfo_content expression language injection attempt (server-webapp.rules) * 1:58385 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center operationSelect Java expression language injection attempt (server-webapp.rules) * 1:58378 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center eventInfo_content expression language injection attempt (server-webapp.rules) * 1:58380 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center devSoftSel Java expression language injection attempt (server-webapp.rules) * 1:58381 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway formConfiguration saveValue SQL injection attempt (server-webapp.rules) * 1:58374 <-> DISABLED <-> SERVER-WEBAPP GE MDS PulseNET MagnumEmulator Servlet XML external entity injection attempt (server-webapp.rules) * 1:58379 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center devSoftSel Java expression language injection attempt (server-webapp.rules) * 1:58384 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center operationSelect Java expression language injection attempt (server-webapp.rules) * 1:58383 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway formConfiguration saveValue SQL injection attempt (server-webapp.rules)
* 1:47846 <-> ENABLED <-> MALWARE-OTHER Win.Downloader.DDECmdExec variant download (malware-other.rules) * 1:47639 <-> DISABLED <-> INDICATOR-OBFUSCATION DNS TXT response record tunneling (indicator-obfuscation.rules) * 1:47845 <-> ENABLED <-> MALWARE-OTHER Win.Downloader.DDECmdExec variant download (malware-other.rules) * 1:47849 <-> ENABLED <-> MALWARE-OTHER Win.Downloader.DDECmdExec variant download (malware-other.rules) * 1:47398 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft cmd.exe outbound shell attempt (indicator-compromise.rules) * 1:47402 <-> DISABLED <-> INDICATOR-OBFUSCATION FTP file upload over non-standard port attempt (indicator-obfuscation.rules) * 1:47399 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft cmd.exe outbound shell attempt (indicator-compromise.rules) * 1:47400 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft powershell.exe outbound shell attempt (indicator-compromise.rules) * 1:55829 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet multiple functions SQL injection attempt (server-webapp.rules) * 1:55828 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet multiple functions SQL injection attempt (server-webapp.rules) * 1:47844 <-> ENABLED <-> MALWARE-OTHER Win.Downloader.DDECmdExec variant download (malware-other.rules) * 1:47848 <-> ENABLED <-> MALWARE-OTHER Win.Downloader.DDECmdExec variant download (malware-other.rules) * 1:47847 <-> ENABLED <-> MALWARE-OTHER Win.Downloader.DDECmdExec variant download (malware-other.rules) * 1:47401 <-> DISABLED <-> INDICATOR-OBFUSCATION ICMP HTTP tunneling attempt (indicator-obfuscation.rules) * 1:55827 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet multiple functions SQL injection attempt (server-webapp.rules) * 1:45570 <-> DISABLED <-> SERVER-WEBAPP HP Moonshot Provisioning Manager Appliance khuploadfile.cgi directory traversal attempt (server-webapp.rules) * 3:37675 <-> ENABLED <-> SERVER-OTHER Cisco IOS invalid IKE fragment length memory corruption or exhaustion attempt (server-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091101.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:58376 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center iccSelectCommand expression language injection attempt (server-webapp.rules) * 1:58379 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center devSoftSel Java expression language injection attempt (server-webapp.rules) * 1:58384 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center operationSelect Java expression language injection attempt (server-webapp.rules) * 1:58377 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center eventInfo_content expression language injection attempt (server-webapp.rules) * 1:58381 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway formConfiguration saveValue SQL injection attempt (server-webapp.rules) * 1:58382 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway formConfiguration saveValue SQL injection attempt (server-webapp.rules) * 1:58385 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center operationSelect Java expression language injection attempt (server-webapp.rules) * 1:58380 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center devSoftSel Java expression language injection attempt (server-webapp.rules) * 1:58383 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway formConfiguration saveValue SQL injection attempt (server-webapp.rules) * 1:58378 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center eventInfo_content expression language injection attempt (server-webapp.rules) * 1:58374 <-> DISABLED <-> SERVER-WEBAPP GE MDS PulseNET MagnumEmulator Servlet XML external entity injection attempt (server-webapp.rules) * 1:58375 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center iccSelectCommand expression language injection attempt (server-webapp.rules)
* 1:47400 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft powershell.exe outbound shell attempt (indicator-compromise.rules) * 1:47847 <-> ENABLED <-> MALWARE-OTHER Win.Downloader.DDECmdExec variant download (malware-other.rules) * 1:47845 <-> ENABLED <-> MALWARE-OTHER Win.Downloader.DDECmdExec variant download (malware-other.rules) * 1:47848 <-> ENABLED <-> MALWARE-OTHER Win.Downloader.DDECmdExec variant download (malware-other.rules) * 1:47639 <-> DISABLED <-> INDICATOR-OBFUSCATION DNS TXT response record tunneling (indicator-obfuscation.rules) * 1:55827 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet multiple functions SQL injection attempt (server-webapp.rules) * 1:55829 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet multiple functions SQL injection attempt (server-webapp.rules) * 1:47399 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft cmd.exe outbound shell attempt (indicator-compromise.rules) * 1:47398 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft cmd.exe outbound shell attempt (indicator-compromise.rules) * 1:47844 <-> ENABLED <-> MALWARE-OTHER Win.Downloader.DDECmdExec variant download (malware-other.rules) * 1:47846 <-> ENABLED <-> MALWARE-OTHER Win.Downloader.DDECmdExec variant download (malware-other.rules) * 1:55828 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet multiple functions SQL injection attempt (server-webapp.rules) * 1:45570 <-> DISABLED <-> SERVER-WEBAPP HP Moonshot Provisioning Manager Appliance khuploadfile.cgi directory traversal attempt (server-webapp.rules) * 1:47849 <-> ENABLED <-> MALWARE-OTHER Win.Downloader.DDECmdExec variant download (malware-other.rules) * 1:47402 <-> DISABLED <-> INDICATOR-OBFUSCATION FTP file upload over non-standard port attempt (indicator-obfuscation.rules) * 1:47401 <-> DISABLED <-> INDICATOR-OBFUSCATION ICMP HTTP tunneling attempt (indicator-obfuscation.rules) * 3:37675 <-> ENABLED <-> SERVER-OTHER Cisco IOS invalid IKE fragment length memory corruption or exhaustion attempt (server-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3000.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:58381 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway formConfiguration saveValue SQL injection attempt (snort3-server-webapp.rules) * 1:58375 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center iccSelectCommand expression language injection attempt (snort3-server-webapp.rules) * 1:58376 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center iccSelectCommand expression language injection attempt (snort3-server-webapp.rules) * 1:58374 <-> DISABLED <-> SERVER-WEBAPP GE MDS PulseNET MagnumEmulator Servlet XML external entity injection attempt (snort3-server-webapp.rules) * 1:58377 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center eventInfo_content expression language injection attempt (snort3-server-webapp.rules) * 1:58380 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center devSoftSel Java expression language injection attempt (snort3-server-webapp.rules) * 1:58382 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway formConfiguration saveValue SQL injection attempt (snort3-server-webapp.rules) * 1:58385 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center operationSelect Java expression language injection attempt (snort3-server-webapp.rules) * 1:58384 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center operationSelect Java expression language injection attempt (snort3-server-webapp.rules) * 1:58379 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center devSoftSel Java expression language injection attempt (snort3-server-webapp.rules) * 1:58383 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway formConfiguration saveValue SQL injection attempt (snort3-server-webapp.rules) * 1:58378 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center eventInfo_content expression language injection attempt (snort3-server-webapp.rules)
* 1:55828 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet multiple functions SQL injection attempt (snort3-server-webapp.rules) * 1:47848 <-> ENABLED <-> MALWARE-OTHER Win.Downloader.DDECmdExec variant download (snort3-malware-other.rules) * 1:47849 <-> ENABLED <-> MALWARE-OTHER Win.Downloader.DDECmdExec variant download (snort3-malware-other.rules) * 1:47402 <-> DISABLED <-> INDICATOR-OBFUSCATION FTP file upload over non-standard port attempt (snort3-indicator-obfuscation.rules) * 1:47639 <-> DISABLED <-> INDICATOR-OBFUSCATION DNS TXT response record tunneling (snort3-indicator-obfuscation.rules) * 1:55829 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet multiple functions SQL injection attempt (snort3-server-webapp.rules) * 1:47846 <-> ENABLED <-> MALWARE-OTHER Win.Downloader.DDECmdExec variant download (snort3-malware-other.rules) * 1:47398 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft cmd.exe outbound shell attempt (snort3-indicator-compromise.rules) * 1:47399 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft cmd.exe outbound shell attempt (snort3-indicator-compromise.rules) * 1:47401 <-> DISABLED <-> INDICATOR-OBFUSCATION ICMP HTTP tunneling attempt (snort3-indicator-obfuscation.rules) * 1:47400 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft powershell.exe outbound shell attempt (snort3-indicator-compromise.rules) * 1:47845 <-> ENABLED <-> MALWARE-OTHER Win.Downloader.DDECmdExec variant download (snort3-malware-other.rules) * 1:47847 <-> ENABLED <-> MALWARE-OTHER Win.Downloader.DDECmdExec variant download (snort3-malware-other.rules) * 1:45570 <-> DISABLED <-> SERVER-WEBAPP HP Moonshot Provisioning Manager Appliance khuploadfile.cgi directory traversal attempt (snort3-server-webapp.rules) * 1:47844 <-> ENABLED <-> MALWARE-OTHER Win.Downloader.DDECmdExec variant download (snort3-malware-other.rules) * 1:55827 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet multiple functions SQL injection attempt (snort3-server-webapp.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:58381 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway formConfiguration saveValue SQL injection attempt (server-webapp.rules) * 1:58384 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center operationSelect Java expression language injection attempt (server-webapp.rules) * 1:58379 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center devSoftSel Java expression language injection attempt (server-webapp.rules) * 1:58378 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center eventInfo_content expression language injection attempt (server-webapp.rules) * 1:58385 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center operationSelect Java expression language injection attempt (server-webapp.rules) * 1:58376 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center iccSelectCommand expression language injection attempt (server-webapp.rules) * 1:58382 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway formConfiguration saveValue SQL injection attempt (server-webapp.rules) * 1:58375 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center iccSelectCommand expression language injection attempt (server-webapp.rules) * 1:58377 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center eventInfo_content expression language injection attempt (server-webapp.rules) * 1:58383 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway formConfiguration saveValue SQL injection attempt (server-webapp.rules) * 1:58380 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center devSoftSel Java expression language injection attempt (server-webapp.rules) * 1:58374 <-> DISABLED <-> SERVER-WEBAPP GE MDS PulseNET MagnumEmulator Servlet XML external entity injection attempt (server-webapp.rules)
* 1:45570 <-> DISABLED <-> SERVER-WEBAPP HP Moonshot Provisioning Manager Appliance khuploadfile.cgi directory traversal attempt (server-webapp.rules) * 1:47402 <-> DISABLED <-> INDICATOR-OBFUSCATION FTP file upload over non-standard port attempt (indicator-obfuscation.rules) * 1:47848 <-> ENABLED <-> MALWARE-OTHER Win.Downloader.DDECmdExec variant download (malware-other.rules) * 1:47400 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft powershell.exe outbound shell attempt (indicator-compromise.rules) * 1:47847 <-> ENABLED <-> MALWARE-OTHER Win.Downloader.DDECmdExec variant download (malware-other.rules) * 1:47845 <-> ENABLED <-> MALWARE-OTHER Win.Downloader.DDECmdExec variant download (malware-other.rules) * 1:47399 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft cmd.exe outbound shell attempt (indicator-compromise.rules) * 1:47639 <-> DISABLED <-> INDICATOR-OBFUSCATION DNS TXT response record tunneling (indicator-obfuscation.rules) * 1:55827 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet multiple functions SQL injection attempt (server-webapp.rules) * 1:47844 <-> ENABLED <-> MALWARE-OTHER Win.Downloader.DDECmdExec variant download (malware-other.rules) * 1:47849 <-> ENABLED <-> MALWARE-OTHER Win.Downloader.DDECmdExec variant download (malware-other.rules) * 1:47401 <-> DISABLED <-> INDICATOR-OBFUSCATION ICMP HTTP tunneling attempt (indicator-obfuscation.rules) * 1:55828 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet multiple functions SQL injection attempt (server-webapp.rules) * 1:55829 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet multiple functions SQL injection attempt (server-webapp.rules) * 1:47846 <-> ENABLED <-> MALWARE-OTHER Win.Downloader.DDECmdExec variant download (malware-other.rules) * 1:47398 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft cmd.exe outbound shell attempt (indicator-compromise.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.0.3.1.
The format of the file is:
gid:sid <-> Message
* 1:58374 <-> SERVER-WEBAPP GE MDS PulseNET MagnumEmulator Servlet XML external entity injection attempt * 1:58375 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center iccSelectCommand expression language injection attempt * 1:58376 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center iccSelectCommand expression language injection attempt * 1:58377 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center eventInfo_content expression language injection attempt * 1:58378 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center eventInfo_content expression language injection attempt * 1:58379 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center devSoftSel Java expression language injection attempt * 1:58380 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center devSoftSel Java expression language injection attempt * 1:58381 <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway formConfiguration saveValue SQL injection attempt * 1:58382 <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway formConfiguration saveValue SQL injection attempt * 1:58383 <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway formConfiguration saveValue SQL injection attempt * 1:58384 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center operationSelect Java expression language injection attempt * 1:58385 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center operationSelect Java expression language injection attempt
* 3:37675 <-> SERVER-OTHER Cisco IOS invalid IKE fragment length memory corruption or exhaustion attempt * 1:45570 <-> SERVER-WEBAPP HP Moonshot Provisioning Manager Appliance khuploadfile.cgi directory traversal attempt * 1:47398 <-> INDICATOR-COMPROMISE Microsoft cmd.exe outbound shell attempt * 1:47399 <-> INDICATOR-COMPROMISE Microsoft cmd.exe outbound shell attempt * 1:47400 <-> INDICATOR-COMPROMISE Microsoft powershell.exe outbound shell attempt * 1:47401 <-> INDICATOR-OBFUSCATION ICMP HTTP tunneling attempt * 1:47402 <-> INDICATOR-OBFUSCATION FTP file upload over non-standard port attempt * 1:47639 <-> INDICATOR-OBFUSCATION DNS TXT response record tunneling * 1:47844 <-> MALWARE-OTHER Win.Downloader.DDECmdExec variant download * 1:47845 <-> MALWARE-OTHER Win.Downloader.DDECmdExec variant download * 1:47846 <-> MALWARE-OTHER Win.Downloader.DDECmdExec variant download * 1:47847 <-> MALWARE-OTHER Win.Downloader.DDECmdExec variant download * 1:47848 <-> MALWARE-OTHER Win.Downloader.DDECmdExec variant download * 1:47849 <-> MALWARE-OTHER Win.Downloader.DDECmdExec variant download * 1:50028 <-> PUA-ADWARE Osx.Adware.TotalAdviseSearch variant download attempt * 1:50029 <-> PUA-ADWARE Osx.Adware.TotalAdviseSearch variant download attempt * 1:53861 <-> MALWARE-CNC Win.Trojan.Astaroth outbound beacon * 1:55827 <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet multiple functions SQL injection attempt * 1:55828 <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet multiple functions SQL injection attempt * 1:55829 <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet multiple functions SQL injection attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.0.3.4.
The format of the file is:
gid:sid <-> Message
* 1:58374 <-> SERVER-WEBAPP GE MDS PulseNET MagnumEmulator Servlet XML external entity injection attempt * 1:58375 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center iccSelectCommand expression language injection attempt * 1:58376 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center iccSelectCommand expression language injection attempt * 1:58377 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center eventInfo_content expression language injection attempt * 1:58378 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center eventInfo_content expression language injection attempt * 1:58379 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center devSoftSel Java expression language injection attempt * 1:58380 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center devSoftSel Java expression language injection attempt * 1:58381 <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway formConfiguration saveValue SQL injection attempt * 1:58382 <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway formConfiguration saveValue SQL injection attempt * 1:58383 <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway formConfiguration saveValue SQL injection attempt * 1:58384 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center operationSelect Java expression language injection attempt * 1:58385 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center operationSelect Java expression language injection attempt
* 3:37675 <-> SERVER-OTHER Cisco IOS invalid IKE fragment length memory corruption or exhaustion attempt * 1:45570 <-> SERVER-WEBAPP HP Moonshot Provisioning Manager Appliance khuploadfile.cgi directory traversal attempt * 1:47398 <-> INDICATOR-COMPROMISE Microsoft cmd.exe outbound shell attempt * 1:47399 <-> INDICATOR-COMPROMISE Microsoft cmd.exe outbound shell attempt * 1:47400 <-> INDICATOR-COMPROMISE Microsoft powershell.exe outbound shell attempt * 1:47401 <-> INDICATOR-OBFUSCATION ICMP HTTP tunneling attempt * 1:47402 <-> INDICATOR-OBFUSCATION FTP file upload over non-standard port attempt * 1:47639 <-> INDICATOR-OBFUSCATION DNS TXT response record tunneling * 1:47844 <-> MALWARE-OTHER Win.Downloader.DDECmdExec variant download * 1:47845 <-> MALWARE-OTHER Win.Downloader.DDECmdExec variant download * 1:47846 <-> MALWARE-OTHER Win.Downloader.DDECmdExec variant download * 1:47847 <-> MALWARE-OTHER Win.Downloader.DDECmdExec variant download * 1:47848 <-> MALWARE-OTHER Win.Downloader.DDECmdExec variant download * 1:47849 <-> MALWARE-OTHER Win.Downloader.DDECmdExec variant download * 1:50028 <-> PUA-ADWARE Osx.Adware.TotalAdviseSearch variant download attempt * 1:50029 <-> PUA-ADWARE Osx.Adware.TotalAdviseSearch variant download attempt * 1:53861 <-> MALWARE-CNC Win.Trojan.Astaroth outbound beacon * 1:55827 <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet multiple functions SQL injection attempt * 1:55828 <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet multiple functions SQL injection attempt * 1:55829 <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet multiple functions SQL injection attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.0.0.
The format of the file is:
gid:sid <-> Message
* 1:58374 <-> SERVER-WEBAPP GE MDS PulseNET MagnumEmulator Servlet XML external entity injection attempt * 1:58375 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center iccSelectCommand expression language injection attempt * 1:58376 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center iccSelectCommand expression language injection attempt * 1:58377 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center eventInfo_content expression language injection attempt * 1:58378 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center eventInfo_content expression language injection attempt * 1:58379 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center devSoftSel Java expression language injection attempt * 1:58380 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center devSoftSel Java expression language injection attempt * 1:58381 <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway formConfiguration saveValue SQL injection attempt * 1:58382 <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway formConfiguration saveValue SQL injection attempt * 1:58383 <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway formConfiguration saveValue SQL injection attempt * 1:58384 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center operationSelect Java expression language injection attempt * 1:58385 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center operationSelect Java expression language injection attempt
* 3:37675 <-> SERVER-OTHER Cisco IOS invalid IKE fragment length memory corruption or exhaustion attempt * 1:45570 <-> SERVER-WEBAPP HP Moonshot Provisioning Manager Appliance khuploadfile.cgi directory traversal attempt * 1:47398 <-> INDICATOR-COMPROMISE Microsoft cmd.exe outbound shell attempt * 1:47399 <-> INDICATOR-COMPROMISE Microsoft cmd.exe outbound shell attempt * 1:47400 <-> INDICATOR-COMPROMISE Microsoft powershell.exe outbound shell attempt * 1:47401 <-> INDICATOR-OBFUSCATION ICMP HTTP tunneling attempt * 1:47402 <-> INDICATOR-OBFUSCATION FTP file upload over non-standard port attempt * 1:47639 <-> INDICATOR-OBFUSCATION DNS TXT response record tunneling * 1:47844 <-> MALWARE-OTHER Win.Downloader.DDECmdExec variant download * 1:47845 <-> MALWARE-OTHER Win.Downloader.DDECmdExec variant download * 1:47846 <-> MALWARE-OTHER Win.Downloader.DDECmdExec variant download * 1:47847 <-> MALWARE-OTHER Win.Downloader.DDECmdExec variant download * 1:47848 <-> MALWARE-OTHER Win.Downloader.DDECmdExec variant download * 1:47849 <-> MALWARE-OTHER Win.Downloader.DDECmdExec variant download * 1:50028 <-> PUA-ADWARE Osx.Adware.TotalAdviseSearch variant download attempt * 1:50029 <-> PUA-ADWARE Osx.Adware.TotalAdviseSearch variant download attempt * 1:53861 <-> MALWARE-CNC Win.Trojan.Astaroth outbound beacon * 1:55827 <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet multiple functions SQL injection attempt * 1:55828 <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet multiple functions SQL injection attempt * 1:55829 <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet multiple functions SQL injection attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.0.1.
The format of the file is:
gid:sid <-> Message
* 1:58374 <-> SERVER-WEBAPP GE MDS PulseNET MagnumEmulator Servlet XML external entity injection attempt * 1:58375 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center iccSelectCommand expression language injection attempt * 1:58376 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center iccSelectCommand expression language injection attempt * 1:58377 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center eventInfo_content expression language injection attempt * 1:58378 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center eventInfo_content expression language injection attempt * 1:58379 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center devSoftSel Java expression language injection attempt * 1:58380 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center devSoftSel Java expression language injection attempt * 1:58381 <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway formConfiguration saveValue SQL injection attempt * 1:58382 <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway formConfiguration saveValue SQL injection attempt * 1:58383 <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway formConfiguration saveValue SQL injection attempt * 1:58384 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center operationSelect Java expression language injection attempt * 1:58385 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center operationSelect Java expression language injection attempt
* 3:37675 <-> SERVER-OTHER Cisco IOS invalid IKE fragment length memory corruption or exhaustion attempt * 1:45570 <-> SERVER-WEBAPP HP Moonshot Provisioning Manager Appliance khuploadfile.cgi directory traversal attempt * 1:47398 <-> INDICATOR-COMPROMISE Microsoft cmd.exe outbound shell attempt * 1:47399 <-> INDICATOR-COMPROMISE Microsoft cmd.exe outbound shell attempt * 1:47400 <-> INDICATOR-COMPROMISE Microsoft powershell.exe outbound shell attempt * 1:47401 <-> INDICATOR-OBFUSCATION ICMP HTTP tunneling attempt * 1:47402 <-> INDICATOR-OBFUSCATION FTP file upload over non-standard port attempt * 1:47639 <-> INDICATOR-OBFUSCATION DNS TXT response record tunneling * 1:47844 <-> MALWARE-OTHER Win.Downloader.DDECmdExec variant download * 1:47845 <-> MALWARE-OTHER Win.Downloader.DDECmdExec variant download * 1:47846 <-> MALWARE-OTHER Win.Downloader.DDECmdExec variant download * 1:47847 <-> MALWARE-OTHER Win.Downloader.DDECmdExec variant download * 1:47848 <-> MALWARE-OTHER Win.Downloader.DDECmdExec variant download * 1:47849 <-> MALWARE-OTHER Win.Downloader.DDECmdExec variant download * 1:50028 <-> PUA-ADWARE Osx.Adware.TotalAdviseSearch variant download attempt * 1:50029 <-> PUA-ADWARE Osx.Adware.TotalAdviseSearch variant download attempt * 1:53861 <-> MALWARE-CNC Win.Trojan.Astaroth outbound beacon * 1:55827 <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet multiple functions SQL injection attempt * 1:55828 <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet multiple functions SQL injection attempt * 1:55829 <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet multiple functions SQL injection attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.1.0.
The format of the file is:
gid:sid <-> Message
* 1:58374 <-> SERVER-WEBAPP GE MDS PulseNET MagnumEmulator Servlet XML external entity injection attempt * 1:58375 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center iccSelectCommand expression language injection attempt * 1:58376 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center iccSelectCommand expression language injection attempt * 1:58377 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center eventInfo_content expression language injection attempt * 1:58378 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center eventInfo_content expression language injection attempt * 1:58379 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center devSoftSel Java expression language injection attempt * 1:58380 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center devSoftSel Java expression language injection attempt * 1:58381 <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway formConfiguration saveValue SQL injection attempt * 1:58382 <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway formConfiguration saveValue SQL injection attempt * 1:58383 <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway formConfiguration saveValue SQL injection attempt * 1:58384 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center operationSelect Java expression language injection attempt * 1:58385 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center operationSelect Java expression language injection attempt
* 3:37675 <-> SERVER-OTHER Cisco IOS invalid IKE fragment length memory corruption or exhaustion attempt * 1:45570 <-> SERVER-WEBAPP HP Moonshot Provisioning Manager Appliance khuploadfile.cgi directory traversal attempt * 1:47398 <-> INDICATOR-COMPROMISE Microsoft cmd.exe outbound shell attempt * 1:47399 <-> INDICATOR-COMPROMISE Microsoft cmd.exe outbound shell attempt * 1:47400 <-> INDICATOR-COMPROMISE Microsoft powershell.exe outbound shell attempt * 1:47401 <-> INDICATOR-OBFUSCATION ICMP HTTP tunneling attempt * 1:47402 <-> INDICATOR-OBFUSCATION FTP file upload over non-standard port attempt * 1:47639 <-> INDICATOR-OBFUSCATION DNS TXT response record tunneling * 1:47844 <-> MALWARE-OTHER Win.Downloader.DDECmdExec variant download * 1:47845 <-> MALWARE-OTHER Win.Downloader.DDECmdExec variant download * 1:47846 <-> MALWARE-OTHER Win.Downloader.DDECmdExec variant download * 1:47847 <-> MALWARE-OTHER Win.Downloader.DDECmdExec variant download * 1:47848 <-> MALWARE-OTHER Win.Downloader.DDECmdExec variant download * 1:47849 <-> MALWARE-OTHER Win.Downloader.DDECmdExec variant download * 1:50028 <-> PUA-ADWARE Osx.Adware.TotalAdviseSearch variant download attempt * 1:50029 <-> PUA-ADWARE Osx.Adware.TotalAdviseSearch variant download attempt * 1:53861 <-> MALWARE-CNC Win.Trojan.Astaroth outbound beacon * 1:55827 <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet multiple functions SQL injection attempt * 1:55828 <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet multiple functions SQL injection attempt * 1:55829 <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet multiple functions SQL injection attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.3.0.
The format of the file is:
gid:sid <-> Message
* 1:58374 <-> SERVER-WEBAPP GE MDS PulseNET MagnumEmulator Servlet XML external entity injection attempt * 1:58375 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center iccSelectCommand expression language injection attempt * 1:58376 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center iccSelectCommand expression language injection attempt * 1:58377 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center eventInfo_content expression language injection attempt * 1:58378 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center eventInfo_content expression language injection attempt * 1:58379 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center devSoftSel Java expression language injection attempt * 1:58380 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center devSoftSel Java expression language injection attempt * 1:58381 <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway formConfiguration saveValue SQL injection attempt * 1:58382 <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway formConfiguration saveValue SQL injection attempt * 1:58383 <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway formConfiguration saveValue SQL injection attempt * 1:58384 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center operationSelect Java expression language injection attempt * 1:58385 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center operationSelect Java expression language injection attempt
* 3:37675 <-> SERVER-OTHER Cisco IOS invalid IKE fragment length memory corruption or exhaustion attempt * 1:45570 <-> SERVER-WEBAPP HP Moonshot Provisioning Manager Appliance khuploadfile.cgi directory traversal attempt * 1:47398 <-> INDICATOR-COMPROMISE Microsoft cmd.exe outbound shell attempt * 1:47399 <-> INDICATOR-COMPROMISE Microsoft cmd.exe outbound shell attempt * 1:47400 <-> INDICATOR-COMPROMISE Microsoft powershell.exe outbound shell attempt * 1:47401 <-> INDICATOR-OBFUSCATION ICMP HTTP tunneling attempt * 1:47402 <-> INDICATOR-OBFUSCATION FTP file upload over non-standard port attempt * 1:47639 <-> INDICATOR-OBFUSCATION DNS TXT response record tunneling * 1:47844 <-> MALWARE-OTHER Win.Downloader.DDECmdExec variant download * 1:47845 <-> MALWARE-OTHER Win.Downloader.DDECmdExec variant download * 1:47846 <-> MALWARE-OTHER Win.Downloader.DDECmdExec variant download * 1:47847 <-> MALWARE-OTHER Win.Downloader.DDECmdExec variant download * 1:47848 <-> MALWARE-OTHER Win.Downloader.DDECmdExec variant download * 1:47849 <-> MALWARE-OTHER Win.Downloader.DDECmdExec variant download * 1:50028 <-> PUA-ADWARE Osx.Adware.TotalAdviseSearch variant download attempt * 1:50029 <-> PUA-ADWARE Osx.Adware.TotalAdviseSearch variant download attempt * 1:53861 <-> MALWARE-CNC Win.Trojan.Astaroth outbound beacon * 1:55827 <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet multiple functions SQL injection attempt * 1:55828 <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet multiple functions SQL injection attempt * 1:55829 <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet multiple functions SQL injection attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.4.0.
The format of the file is:
gid:sid <-> Message
* 1:58374 <-> SERVER-WEBAPP GE MDS PulseNET MagnumEmulator Servlet XML external entity injection attempt * 1:58375 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center iccSelectCommand expression language injection attempt * 1:58376 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center iccSelectCommand expression language injection attempt * 1:58377 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center eventInfo_content expression language injection attempt * 1:58378 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center eventInfo_content expression language injection attempt * 1:58379 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center devSoftSel Java expression language injection attempt * 1:58380 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center devSoftSel Java expression language injection attempt * 1:58381 <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway formConfiguration saveValue SQL injection attempt * 1:58382 <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway formConfiguration saveValue SQL injection attempt * 1:58383 <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway formConfiguration saveValue SQL injection attempt * 1:58384 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center operationSelect Java expression language injection attempt * 1:58385 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center operationSelect Java expression language injection attempt
* 3:37675 <-> SERVER-OTHER Cisco IOS invalid IKE fragment length memory corruption or exhaustion attempt * 1:45570 <-> SERVER-WEBAPP HP Moonshot Provisioning Manager Appliance khuploadfile.cgi directory traversal attempt * 1:47398 <-> INDICATOR-COMPROMISE Microsoft cmd.exe outbound shell attempt * 1:47399 <-> INDICATOR-COMPROMISE Microsoft cmd.exe outbound shell attempt * 1:47400 <-> INDICATOR-COMPROMISE Microsoft powershell.exe outbound shell attempt * 1:47401 <-> INDICATOR-OBFUSCATION ICMP HTTP tunneling attempt * 1:47402 <-> INDICATOR-OBFUSCATION FTP file upload over non-standard port attempt * 1:47639 <-> INDICATOR-OBFUSCATION DNS TXT response record tunneling * 1:47844 <-> MALWARE-OTHER Win.Downloader.DDECmdExec variant download * 1:47845 <-> MALWARE-OTHER Win.Downloader.DDECmdExec variant download * 1:47846 <-> MALWARE-OTHER Win.Downloader.DDECmdExec variant download * 1:47847 <-> MALWARE-OTHER Win.Downloader.DDECmdExec variant download * 1:47848 <-> MALWARE-OTHER Win.Downloader.DDECmdExec variant download * 1:47849 <-> MALWARE-OTHER Win.Downloader.DDECmdExec variant download * 1:50028 <-> PUA-ADWARE Osx.Adware.TotalAdviseSearch variant download attempt * 1:50029 <-> PUA-ADWARE Osx.Adware.TotalAdviseSearch variant download attempt * 1:53861 <-> MALWARE-CNC Win.Trojan.Astaroth outbound beacon * 1:55827 <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet multiple functions SQL injection attempt * 1:55828 <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet multiple functions SQL injection attempt * 1:55829 <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet multiple functions SQL injection attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.5.0.
The format of the file is:
gid:sid <-> Message
* 1:58374 <-> SERVER-WEBAPP GE MDS PulseNET MagnumEmulator Servlet XML external entity injection attempt * 1:58375 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center iccSelectCommand expression language injection attempt * 1:58376 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center iccSelectCommand expression language injection attempt * 1:58377 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center eventInfo_content expression language injection attempt * 1:58378 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center eventInfo_content expression language injection attempt * 1:58379 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center devSoftSel Java expression language injection attempt * 1:58380 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center devSoftSel Java expression language injection attempt * 1:58381 <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway formConfiguration saveValue SQL injection attempt * 1:58382 <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway formConfiguration saveValue SQL injection attempt * 1:58383 <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway formConfiguration saveValue SQL injection attempt * 1:58384 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center operationSelect Java expression language injection attempt * 1:58385 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center operationSelect Java expression language injection attempt
* 3:37675 <-> SERVER-OTHER Cisco IOS invalid IKE fragment length memory corruption or exhaustion attempt * 1:45570 <-> SERVER-WEBAPP HP Moonshot Provisioning Manager Appliance khuploadfile.cgi directory traversal attempt * 1:47398 <-> INDICATOR-COMPROMISE Microsoft cmd.exe outbound shell attempt * 1:47399 <-> INDICATOR-COMPROMISE Microsoft cmd.exe outbound shell attempt * 1:47400 <-> INDICATOR-COMPROMISE Microsoft powershell.exe outbound shell attempt * 1:47401 <-> INDICATOR-OBFUSCATION ICMP HTTP tunneling attempt * 1:47402 <-> INDICATOR-OBFUSCATION FTP file upload over non-standard port attempt * 1:47639 <-> INDICATOR-OBFUSCATION DNS TXT response record tunneling * 1:47844 <-> MALWARE-OTHER Win.Downloader.DDECmdExec variant download * 1:47845 <-> MALWARE-OTHER Win.Downloader.DDECmdExec variant download * 1:47846 <-> MALWARE-OTHER Win.Downloader.DDECmdExec variant download * 1:47847 <-> MALWARE-OTHER Win.Downloader.DDECmdExec variant download * 1:47848 <-> MALWARE-OTHER Win.Downloader.DDECmdExec variant download * 1:47849 <-> MALWARE-OTHER Win.Downloader.DDECmdExec variant download * 1:50028 <-> PUA-ADWARE Osx.Adware.TotalAdviseSearch variant download attempt * 1:50029 <-> PUA-ADWARE Osx.Adware.TotalAdviseSearch variant download attempt * 1:53861 <-> MALWARE-CNC Win.Trojan.Astaroth outbound beacon * 1:55827 <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet multiple functions SQL injection attempt * 1:55828 <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet multiple functions SQL injection attempt * 1:55829 <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet multiple functions SQL injection attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.7.0.
The format of the file is:
gid:sid <-> Message
* 1:58374 <-> SERVER-WEBAPP GE MDS PulseNET MagnumEmulator Servlet XML external entity injection attempt * 1:58375 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center iccSelectCommand expression language injection attempt * 1:58376 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center iccSelectCommand expression language injection attempt * 1:58377 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center eventInfo_content expression language injection attempt * 1:58378 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center eventInfo_content expression language injection attempt * 1:58379 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center devSoftSel Java expression language injection attempt * 1:58380 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center devSoftSel Java expression language injection attempt * 1:58381 <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway formConfiguration saveValue SQL injection attempt * 1:58382 <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway formConfiguration saveValue SQL injection attempt * 1:58383 <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway formConfiguration saveValue SQL injection attempt * 1:58384 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center operationSelect Java expression language injection attempt * 1:58385 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center operationSelect Java expression language injection attempt
* 3:37675 <-> SERVER-OTHER Cisco IOS invalid IKE fragment length memory corruption or exhaustion attempt * 1:45570 <-> SERVER-WEBAPP HP Moonshot Provisioning Manager Appliance khuploadfile.cgi directory traversal attempt * 1:47398 <-> INDICATOR-COMPROMISE Microsoft cmd.exe outbound shell attempt * 1:47399 <-> INDICATOR-COMPROMISE Microsoft cmd.exe outbound shell attempt * 1:47400 <-> INDICATOR-COMPROMISE Microsoft powershell.exe outbound shell attempt * 1:47401 <-> INDICATOR-OBFUSCATION ICMP HTTP tunneling attempt * 1:47402 <-> INDICATOR-OBFUSCATION FTP file upload over non-standard port attempt * 1:47639 <-> INDICATOR-OBFUSCATION DNS TXT response record tunneling * 1:47844 <-> MALWARE-OTHER Win.Downloader.DDECmdExec variant download * 1:47845 <-> MALWARE-OTHER Win.Downloader.DDECmdExec variant download * 1:47846 <-> MALWARE-OTHER Win.Downloader.DDECmdExec variant download * 1:47847 <-> MALWARE-OTHER Win.Downloader.DDECmdExec variant download * 1:47848 <-> MALWARE-OTHER Win.Downloader.DDECmdExec variant download * 1:47849 <-> MALWARE-OTHER Win.Downloader.DDECmdExec variant download * 1:50028 <-> PUA-ADWARE Osx.Adware.TotalAdviseSearch variant download attempt * 1:50029 <-> PUA-ADWARE Osx.Adware.TotalAdviseSearch variant download attempt * 1:53861 <-> MALWARE-CNC Win.Trojan.Astaroth outbound beacon * 1:55827 <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet multiple functions SQL injection attempt * 1:55828 <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet multiple functions SQL injection attempt * 1:55829 <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet multiple functions SQL injection attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.9.0.
The format of the file is:
gid:sid <-> Message
* 1:58374 <-> SERVER-WEBAPP GE MDS PulseNET MagnumEmulator Servlet XML external entity injection attempt * 1:58375 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center iccSelectCommand expression language injection attempt * 1:58376 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center iccSelectCommand expression language injection attempt * 1:58377 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center eventInfo_content expression language injection attempt * 1:58378 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center eventInfo_content expression language injection attempt * 1:58379 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center devSoftSel Java expression language injection attempt * 1:58380 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center devSoftSel Java expression language injection attempt * 1:58381 <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway formConfiguration saveValue SQL injection attempt * 1:58382 <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway formConfiguration saveValue SQL injection attempt * 1:58383 <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway formConfiguration saveValue SQL injection attempt * 1:58384 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center operationSelect Java expression language injection attempt * 1:58385 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center operationSelect Java expression language injection attempt
* 3:37675 <-> SERVER-OTHER Cisco IOS invalid IKE fragment length memory corruption or exhaustion attempt * 1:45570 <-> SERVER-WEBAPP HP Moonshot Provisioning Manager Appliance khuploadfile.cgi directory traversal attempt * 1:47398 <-> INDICATOR-COMPROMISE Microsoft cmd.exe outbound shell attempt * 1:47399 <-> INDICATOR-COMPROMISE Microsoft cmd.exe outbound shell attempt * 1:47400 <-> INDICATOR-COMPROMISE Microsoft powershell.exe outbound shell attempt * 1:47401 <-> INDICATOR-OBFUSCATION ICMP HTTP tunneling attempt * 1:47402 <-> INDICATOR-OBFUSCATION FTP file upload over non-standard port attempt * 1:47639 <-> INDICATOR-OBFUSCATION DNS TXT response record tunneling * 1:47844 <-> MALWARE-OTHER Win.Downloader.DDECmdExec variant download * 1:47845 <-> MALWARE-OTHER Win.Downloader.DDECmdExec variant download * 1:47846 <-> MALWARE-OTHER Win.Downloader.DDECmdExec variant download * 1:47847 <-> MALWARE-OTHER Win.Downloader.DDECmdExec variant download * 1:47848 <-> MALWARE-OTHER Win.Downloader.DDECmdExec variant download * 1:47849 <-> MALWARE-OTHER Win.Downloader.DDECmdExec variant download * 1:50028 <-> PUA-ADWARE Osx.Adware.TotalAdviseSearch variant download attempt * 1:50029 <-> PUA-ADWARE Osx.Adware.TotalAdviseSearch variant download attempt * 1:53861 <-> MALWARE-CNC Win.Trojan.Astaroth outbound beacon * 1:55827 <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet multiple functions SQL injection attempt * 1:55828 <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet multiple functions SQL injection attempt * 1:55829 <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet multiple functions SQL injection attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.11.0.
The format of the file is:
gid:sid <-> Message
* 1:58374 <-> SERVER-WEBAPP GE MDS PulseNET MagnumEmulator Servlet XML external entity injection attempt * 1:58375 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center iccSelectCommand expression language injection attempt * 1:58376 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center iccSelectCommand expression language injection attempt * 1:58377 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center eventInfo_content expression language injection attempt * 1:58378 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center eventInfo_content expression language injection attempt * 1:58379 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center devSoftSel Java expression language injection attempt * 1:58380 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center devSoftSel Java expression language injection attempt * 1:58381 <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway formConfiguration saveValue SQL injection attempt * 1:58382 <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway formConfiguration saveValue SQL injection attempt * 1:58383 <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway formConfiguration saveValue SQL injection attempt * 1:58384 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center operationSelect Java expression language injection attempt * 1:58385 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center operationSelect Java expression language injection attempt
* 3:37675 <-> SERVER-OTHER Cisco IOS invalid IKE fragment length memory corruption or exhaustion attempt * 1:45570 <-> SERVER-WEBAPP HP Moonshot Provisioning Manager Appliance khuploadfile.cgi directory traversal attempt * 1:47398 <-> INDICATOR-COMPROMISE Microsoft cmd.exe outbound shell attempt * 1:47399 <-> INDICATOR-COMPROMISE Microsoft cmd.exe outbound shell attempt * 1:47400 <-> INDICATOR-COMPROMISE Microsoft powershell.exe outbound shell attempt * 1:47401 <-> INDICATOR-OBFUSCATION ICMP HTTP tunneling attempt * 1:47402 <-> INDICATOR-OBFUSCATION FTP file upload over non-standard port attempt * 1:47639 <-> INDICATOR-OBFUSCATION DNS TXT response record tunneling * 1:47844 <-> MALWARE-OTHER Win.Downloader.DDECmdExec variant download * 1:47845 <-> MALWARE-OTHER Win.Downloader.DDECmdExec variant download * 1:47846 <-> MALWARE-OTHER Win.Downloader.DDECmdExec variant download * 1:47847 <-> MALWARE-OTHER Win.Downloader.DDECmdExec variant download * 1:47848 <-> MALWARE-OTHER Win.Downloader.DDECmdExec variant download * 1:47849 <-> MALWARE-OTHER Win.Downloader.DDECmdExec variant download * 1:50028 <-> PUA-ADWARE Osx.Adware.TotalAdviseSearch variant download attempt * 1:50029 <-> PUA-ADWARE Osx.Adware.TotalAdviseSearch variant download attempt * 1:53861 <-> MALWARE-CNC Win.Trojan.Astaroth outbound beacon * 1:55827 <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet multiple functions SQL injection attempt * 1:55828 <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet multiple functions SQL injection attempt * 1:55829 <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet multiple functions SQL injection attempt
©2024 Cisco and/or its affiliates. Snort, the Snort and Pig logo are registered trademarks of Cisco. All rights reserved.
