Snort - Network Intrusion Detection & Prevention System

Talos Rules 2021-10-28

This release adds and modifies rules in several categories.

Talos has added and modified multiple rules in the file-multimedia, indicator-scan, malware-cnc, malware-other, server-apache and server-webapp rule sets to provide coverage for emerging threats from these technologies.

For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.

Change logs

29181

2021-10-28 12:40:05 UTC

Snort Subscriber Rules Update

Date: 2021-10-28

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091801.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:58418 <-> DISABLED <-> SERVER-WEBAPP ReadyDesk 9.1 OpenAttach2 directory traversal attempt (server-webapp.rules)
 * 1:58419 <-> DISABLED <-> SERVER-WEBAPP ReadyDesk 9.1 OpenAttach2 directory traversal attempt (server-webapp.rules)
 * 1:58420 <-> DISABLED <-> SERVER-WEBAPP ReadyDesk 9.1 OpenAttach2 directory traversal attempt (server-webapp.rules)
 * 1:58421 <-> DISABLED <-> SERVER-WEBAPP BillQuick Web Suite SQL injection attempt (server-webapp.rules)
 * 1:58422 <-> DISABLED <-> SERVER-WEBAPP BillQuick Web Suite SQL injection attempt (server-webapp.rules)
 * 1:58423 <-> DISABLED <-> SERVER-WEBAPP BillQuick Web Suite SQL injection attempt (server-webapp.rules)
 * 1:58424 <-> DISABLED <-> SERVER-WEBAPP Schneider Electric Umotion Builder Virtual Appliance Css directory traversal attempt (server-webapp.rules)
 * 1:58425 <-> DISABLED <-> SERVER-WEBAPP Schneider Electric Umotion Builder Virtual Appliance Css directory traversal attempt (server-webapp.rules)
 * 1:58426 <-> DISABLED <-> SERVER-WEBAPP Schneider Electric Umotion Builder Virtual Appliance Css directory traversal attempt (server-webapp.rules)
 * 1:58427 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager widget_old_SP1 dlp_policy directory traversal attempt (server-webapp.rules)
 * 1:58428 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager Widget modDLPViolationCntdrildown.php directory traversal attempt (server-webapp.rules)
 * 1:58429 <-> ENABLED <-> MALWARE-CNC Win.Trojan.MirrorBlast outbound connection (malware-cnc.rules)
 * 1:58430 <-> ENABLED <-> MALWARE-CNC Win.Trojan.MirrorBlast outbound connection (malware-cnc.rules)
 * 1:58431 <-> ENABLED <-> MALWARE-CNC Win.Trojan.MirrorBlast outbound connection (malware-cnc.rules)
 * 1:58432 <-> ENABLED <-> MALWARE-CNC Win.Trojan.MirrorBlast outbound connection (malware-cnc.rules)
 * 1:58433 <-> ENABLED <-> MALWARE-CNC Win.Trojan.MirrorBlast outbound connection (malware-cnc.rules)
 * 1:58434 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Generic download attempt (malware-other.rules)
 * 1:58435 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Generic upload attempt (malware-other.rules)
 * 1:58436 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Generic upload attempt (malware-other.rules)
 * 1:58437 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Generic download attempt (malware-other.rules)
 * 1:58438 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Generic upload attempt (malware-other.rules)
 * 1:58439 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Generic download attempt (malware-other.rules)
 * 1:58447 <-> DISABLED <-> SERVER-APACHE Apache Druid remote code execution attempt (server-apache.rules)
 * 3:58441 <-> ENABLED <-> SERVER-WEBAPP Cisco ASA and FTD web services denial of service attempt (server-webapp.rules)
 * 3:58440 <-> ENABLED <-> SERVER-WEBAPP Cisco ASA and FTD web services stack buffer overflow attempt (server-webapp.rules)
 * 3:58442 <-> ENABLED <-> SERVER-OTHER Cisco ASA and FTD denial of service attempt (server-other.rules)
 * 3:58443 <-> ENABLED <-> SERVER-WEBAPP Cisco ASA and FTD web services denial of service attempt (server-webapp.rules)
 * 3:58445 <-> ENABLED <-> SERVER-WEBAPP Cisco ASA and FTD web services denial of service attempt (server-webapp.rules)
 * 3:58444 <-> ENABLED <-> SERVER-WEBAPP Cisco ASA and FTD web services denial of service attempt (server-webapp.rules)
 * 3:58446 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center directory traversal attempt (server-webapp.rules)

Modified Rules:


 * 1:19559 <-> DISABLED <-> INDICATOR-SCAN SSH brute force login attempt (indicator-scan.rules)
 * 1:35714 <-> DISABLED <-> FILE-MULTIMEDIA Apple Quicktime invalid dref atom out of bounds read attempt (file-multimedia.rules)
 * 1:35711 <-> DISABLED <-> FILE-MULTIMEDIA Apple Quicktime invalid alis atom out of bounds read attempt (file-multimedia.rules)
 * 1:35712 <-> DISABLED <-> FILE-MULTIMEDIA Apple Quicktime invalid alis atom out of bounds read attempt (file-multimedia.rules)
 * 1:35713 <-> DISABLED <-> FILE-MULTIMEDIA Apple Quicktime invalid dref atom out of bounds read attempt (file-multimedia.rules)
 * 1:35626 <-> DISABLED <-> FILE-MULTIMEDIA Apple Quicktime invalid samr atom out of bounds read attempt (file-multimedia.rules)
 * 1:35625 <-> DISABLED <-> FILE-MULTIMEDIA Apple Quicktime invalid samr atom out of bounds read attempt (file-multimedia.rules)
 * 1:35627 <-> DISABLED <-> FILE-MULTIMEDIA Apple Quicktime invalid samr atom out of bounds read attempt (file-multimedia.rules)
 * 1:55829 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet multiple functions SQL injection attempt (server-webapp.rules)
 * 1:55828 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet multiple functions SQL injection attempt (server-webapp.rules)
 * 1:12710 <-> DISABLED <-> SERVER-OTHER ASN.1 constructed bit string (server-other.rules)
 * 1:35624 <-> DISABLED <-> FILE-MULTIMEDIA Apple Quicktime invalid samr atom out of bounds read attempt (file-multimedia.rules)
 * 1:35716 <-> ENABLED <-> FILE-MULTIMEDIA Apple QuickTime mdat atom corruption out of bounds read attempt (file-multimedia.rules)
 * 1:35715 <-> ENABLED <-> FILE-MULTIMEDIA Apple QuickTime mdat atom corruption out of bounds read attempt (file-multimedia.rules)
 * 1:35717 <-> ENABLED <-> FILE-MULTIMEDIA Apple QuickTime mdat atom corruption out of bounds read attempt (file-multimedia.rules)
 * 1:55827 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet multiple functions SQL injection attempt (server-webapp.rules)
 * 1:35718 <-> ENABLED <-> FILE-MULTIMEDIA Apple QuickTime mdat atom corruption out of bounds read attempt (file-multimedia.rules)

29180

2021-10-28 12:40:05 UTC

Snort Subscriber Rules Update

Date: 2021-10-28

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091800.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:58434 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Generic download attempt (malware-other.rules)
 * 1:58431 <-> ENABLED <-> MALWARE-CNC Win.Trojan.MirrorBlast outbound connection (malware-cnc.rules)
 * 1:58430 <-> ENABLED <-> MALWARE-CNC Win.Trojan.MirrorBlast outbound connection (malware-cnc.rules)
 * 1:58433 <-> ENABLED <-> MALWARE-CNC Win.Trojan.MirrorBlast outbound connection (malware-cnc.rules)
 * 1:58432 <-> ENABLED <-> MALWARE-CNC Win.Trojan.MirrorBlast outbound connection (malware-cnc.rules)
 * 1:58437 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Generic download attempt (malware-other.rules)
 * 1:58438 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Generic upload attempt (malware-other.rules)
 * 1:58439 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Generic download attempt (malware-other.rules)
 * 1:58436 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Generic upload attempt (malware-other.rules)
 * 1:58435 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Generic upload attempt (malware-other.rules)
 * 1:58429 <-> ENABLED <-> MALWARE-CNC Win.Trojan.MirrorBlast outbound connection (malware-cnc.rules)
 * 1:58419 <-> DISABLED <-> SERVER-WEBAPP ReadyDesk 9.1 OpenAttach2 directory traversal attempt (server-webapp.rules)
 * 1:58421 <-> DISABLED <-> SERVER-WEBAPP BillQuick Web Suite SQL injection attempt (server-webapp.rules)
 * 1:58420 <-> DISABLED <-> SERVER-WEBAPP ReadyDesk 9.1 OpenAttach2 directory traversal attempt (server-webapp.rules)
 * 1:58423 <-> DISABLED <-> SERVER-WEBAPP BillQuick Web Suite SQL injection attempt (server-webapp.rules)
 * 1:58418 <-> DISABLED <-> SERVER-WEBAPP ReadyDesk 9.1 OpenAttach2 directory traversal attempt (server-webapp.rules)
 * 1:58425 <-> DISABLED <-> SERVER-WEBAPP Schneider Electric Umotion Builder Virtual Appliance Css directory traversal attempt (server-webapp.rules)
 * 1:58424 <-> DISABLED <-> SERVER-WEBAPP Schneider Electric Umotion Builder Virtual Appliance Css directory traversal attempt (server-webapp.rules)
 * 1:58427 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager widget_old_SP1 dlp_policy directory traversal attempt (server-webapp.rules)
 * 1:58422 <-> DISABLED <-> SERVER-WEBAPP BillQuick Web Suite SQL injection attempt (server-webapp.rules)
 * 1:58428 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager Widget modDLPViolationCntdrildown.php directory traversal attempt (server-webapp.rules)
 * 1:58426 <-> DISABLED <-> SERVER-WEBAPP Schneider Electric Umotion Builder Virtual Appliance Css directory traversal attempt (server-webapp.rules)
 * 1:58447 <-> DISABLED <-> SERVER-APACHE Apache Druid remote code execution attempt (server-apache.rules)
 * 3:58441 <-> ENABLED <-> SERVER-WEBAPP Cisco ASA and FTD web services denial of service attempt (server-webapp.rules)
 * 3:58440 <-> ENABLED <-> SERVER-WEBAPP Cisco ASA and FTD web services stack buffer overflow attempt (server-webapp.rules)
 * 3:58442 <-> ENABLED <-> SERVER-OTHER Cisco ASA and FTD denial of service attempt (server-other.rules)
 * 3:58444 <-> ENABLED <-> SERVER-WEBAPP Cisco ASA and FTD web services denial of service attempt (server-webapp.rules)
 * 3:58443 <-> ENABLED <-> SERVER-WEBAPP Cisco ASA and FTD web services denial of service attempt (server-webapp.rules)
 * 3:58446 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center directory traversal attempt (server-webapp.rules)
 * 3:58445 <-> ENABLED <-> SERVER-WEBAPP Cisco ASA and FTD web services denial of service attempt (server-webapp.rules)

Modified Rules:


 * 1:35711 <-> DISABLED <-> FILE-MULTIMEDIA Apple Quicktime invalid alis atom out of bounds read attempt (file-multimedia.rules)
 * 1:35625 <-> DISABLED <-> FILE-MULTIMEDIA Apple Quicktime invalid samr atom out of bounds read attempt (file-multimedia.rules)
 * 1:35714 <-> DISABLED <-> FILE-MULTIMEDIA Apple Quicktime invalid dref atom out of bounds read attempt (file-multimedia.rules)
 * 1:55829 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet multiple functions SQL injection attempt (server-webapp.rules)
 * 1:35627 <-> DISABLED <-> FILE-MULTIMEDIA Apple Quicktime invalid samr atom out of bounds read attempt (file-multimedia.rules)
 * 1:35712 <-> DISABLED <-> FILE-MULTIMEDIA Apple Quicktime invalid alis atom out of bounds read attempt (file-multimedia.rules)
 * 1:35713 <-> DISABLED <-> FILE-MULTIMEDIA Apple Quicktime invalid dref atom out of bounds read attempt (file-multimedia.rules)
 * 1:19559 <-> DISABLED <-> INDICATOR-SCAN SSH brute force login attempt (indicator-scan.rules)
 * 1:12710 <-> DISABLED <-> SERVER-OTHER ASN.1 constructed bit string (server-other.rules)
 * 1:35624 <-> DISABLED <-> FILE-MULTIMEDIA Apple Quicktime invalid samr atom out of bounds read attempt (file-multimedia.rules)
 * 1:35716 <-> ENABLED <-> FILE-MULTIMEDIA Apple QuickTime mdat atom corruption out of bounds read attempt (file-multimedia.rules)
 * 1:35715 <-> ENABLED <-> FILE-MULTIMEDIA Apple QuickTime mdat atom corruption out of bounds read attempt (file-multimedia.rules)
 * 1:35718 <-> ENABLED <-> FILE-MULTIMEDIA Apple QuickTime mdat atom corruption out of bounds read attempt (file-multimedia.rules)
 * 1:35717 <-> ENABLED <-> FILE-MULTIMEDIA Apple QuickTime mdat atom corruption out of bounds read attempt (file-multimedia.rules)
 * 1:55827 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet multiple functions SQL injection attempt (server-webapp.rules)
 * 1:35626 <-> DISABLED <-> FILE-MULTIMEDIA Apple Quicktime invalid samr atom out of bounds read attempt (file-multimedia.rules)
 * 1:55828 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet multiple functions SQL injection attempt (server-webapp.rules)

29171

2021-10-28 12:40:05 UTC

Snort Subscriber Rules Update

Date: 2021-10-28

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091701.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:58430 <-> ENABLED <-> MALWARE-CNC Win.Trojan.MirrorBlast outbound connection (malware-cnc.rules)
 * 1:58437 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Generic download attempt (malware-other.rules)
 * 1:58435 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Generic upload attempt (malware-other.rules)
 * 1:58429 <-> ENABLED <-> MALWARE-CNC Win.Trojan.MirrorBlast outbound connection (malware-cnc.rules)
 * 1:58427 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager widget_old_SP1 dlp_policy directory traversal attempt (server-webapp.rules)
 * 1:58436 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Generic upload attempt (malware-other.rules)
 * 1:58434 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Generic download attempt (malware-other.rules)
 * 1:58433 <-> ENABLED <-> MALWARE-CNC Win.Trojan.MirrorBlast outbound connection (malware-cnc.rules)
 * 1:58423 <-> DISABLED <-> SERVER-WEBAPP BillQuick Web Suite SQL injection attempt (server-webapp.rules)
 * 1:58422 <-> DISABLED <-> SERVER-WEBAPP BillQuick Web Suite SQL injection attempt (server-webapp.rules)
 * 1:58420 <-> DISABLED <-> SERVER-WEBAPP ReadyDesk 9.1 OpenAttach2 directory traversal attempt (server-webapp.rules)
 * 1:58438 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Generic upload attempt (malware-other.rules)
 * 1:58432 <-> ENABLED <-> MALWARE-CNC Win.Trojan.MirrorBlast outbound connection (malware-cnc.rules)
 * 1:58431 <-> ENABLED <-> MALWARE-CNC Win.Trojan.MirrorBlast outbound connection (malware-cnc.rules)
 * 1:58447 <-> DISABLED <-> SERVER-APACHE Apache Druid remote code execution attempt (server-apache.rules)
 * 1:58426 <-> DISABLED <-> SERVER-WEBAPP Schneider Electric Umotion Builder Virtual Appliance Css directory traversal attempt (server-webapp.rules)
 * 1:58425 <-> DISABLED <-> SERVER-WEBAPP Schneider Electric Umotion Builder Virtual Appliance Css directory traversal attempt (server-webapp.rules)
 * 1:58424 <-> DISABLED <-> SERVER-WEBAPP Schneider Electric Umotion Builder Virtual Appliance Css directory traversal attempt (server-webapp.rules)
 * 1:58419 <-> DISABLED <-> SERVER-WEBAPP ReadyDesk 9.1 OpenAttach2 directory traversal attempt (server-webapp.rules)
 * 1:58418 <-> DISABLED <-> SERVER-WEBAPP ReadyDesk 9.1 OpenAttach2 directory traversal attempt (server-webapp.rules)
 * 1:58439 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Generic download attempt (malware-other.rules)
 * 1:58428 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager Widget modDLPViolationCntdrildown.php directory traversal attempt (server-webapp.rules)
 * 1:58421 <-> DISABLED <-> SERVER-WEBAPP BillQuick Web Suite SQL injection attempt (server-webapp.rules)
 * 3:58441 <-> ENABLED <-> SERVER-WEBAPP Cisco ASA and FTD web services denial of service attempt (server-webapp.rules)
 * 3:58440 <-> ENABLED <-> SERVER-WEBAPP Cisco ASA and FTD web services stack buffer overflow attempt (server-webapp.rules)
 * 3:58443 <-> ENABLED <-> SERVER-WEBAPP Cisco ASA and FTD web services denial of service attempt (server-webapp.rules)
 * 3:58445 <-> ENABLED <-> SERVER-WEBAPP Cisco ASA and FTD web services denial of service attempt (server-webapp.rules)
 * 3:58444 <-> ENABLED <-> SERVER-WEBAPP Cisco ASA and FTD web services denial of service attempt (server-webapp.rules)
 * 3:58442 <-> ENABLED <-> SERVER-OTHER Cisco ASA and FTD denial of service attempt (server-other.rules)
 * 3:58446 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center directory traversal attempt (server-webapp.rules)

Modified Rules:


 * 1:19559 <-> DISABLED <-> INDICATOR-SCAN SSH brute force login attempt (indicator-scan.rules)
 * 1:35714 <-> DISABLED <-> FILE-MULTIMEDIA Apple Quicktime invalid dref atom out of bounds read attempt (file-multimedia.rules)
 * 1:35712 <-> DISABLED <-> FILE-MULTIMEDIA Apple Quicktime invalid alis atom out of bounds read attempt (file-multimedia.rules)
 * 1:35713 <-> DISABLED <-> FILE-MULTIMEDIA Apple Quicktime invalid dref atom out of bounds read attempt (file-multimedia.rules)
 * 1:35627 <-> DISABLED <-> FILE-MULTIMEDIA Apple Quicktime invalid samr atom out of bounds read attempt (file-multimedia.rules)
 * 1:35626 <-> DISABLED <-> FILE-MULTIMEDIA Apple Quicktime invalid samr atom out of bounds read attempt (file-multimedia.rules)
 * 1:35711 <-> DISABLED <-> FILE-MULTIMEDIA Apple Quicktime invalid alis atom out of bounds read attempt (file-multimedia.rules)
 * 1:55828 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet multiple functions SQL injection attempt (server-webapp.rules)
 * 1:12710 <-> DISABLED <-> SERVER-OTHER ASN.1 constructed bit string (server-other.rules)
 * 1:35624 <-> DISABLED <-> FILE-MULTIMEDIA Apple Quicktime invalid samr atom out of bounds read attempt (file-multimedia.rules)
 * 1:35625 <-> DISABLED <-> FILE-MULTIMEDIA Apple Quicktime invalid samr atom out of bounds read attempt (file-multimedia.rules)
 * 1:55829 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet multiple functions SQL injection attempt (server-webapp.rules)
 * 1:35715 <-> ENABLED <-> FILE-MULTIMEDIA Apple QuickTime mdat atom corruption out of bounds read attempt (file-multimedia.rules)
 * 1:35717 <-> ENABLED <-> FILE-MULTIMEDIA Apple QuickTime mdat atom corruption out of bounds read attempt (file-multimedia.rules)
 * 1:35716 <-> ENABLED <-> FILE-MULTIMEDIA Apple QuickTime mdat atom corruption out of bounds read attempt (file-multimedia.rules)
 * 1:55827 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet multiple functions SQL injection attempt (server-webapp.rules)
 * 1:35718 <-> ENABLED <-> FILE-MULTIMEDIA Apple QuickTime mdat atom corruption out of bounds read attempt (file-multimedia.rules)

29170

2021-10-28 12:40:05 UTC

Snort Subscriber Rules Update

Date: 2021-10-28

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091700.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:58434 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Generic download attempt (malware-other.rules)
 * 1:58431 <-> ENABLED <-> MALWARE-CNC Win.Trojan.MirrorBlast outbound connection (malware-cnc.rules)
 * 1:58419 <-> DISABLED <-> SERVER-WEBAPP ReadyDesk 9.1 OpenAttach2 directory traversal attempt (server-webapp.rules)
 * 1:58436 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Generic upload attempt (malware-other.rules)
 * 1:58435 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Generic upload attempt (malware-other.rules)
 * 1:58424 <-> DISABLED <-> SERVER-WEBAPP Schneider Electric Umotion Builder Virtual Appliance Css directory traversal attempt (server-webapp.rules)
 * 1:58425 <-> DISABLED <-> SERVER-WEBAPP Schneider Electric Umotion Builder Virtual Appliance Css directory traversal attempt (server-webapp.rules)
 * 1:58437 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Generic download attempt (malware-other.rules)
 * 1:58429 <-> ENABLED <-> MALWARE-CNC Win.Trojan.MirrorBlast outbound connection (malware-cnc.rules)
 * 1:58418 <-> DISABLED <-> SERVER-WEBAPP ReadyDesk 9.1 OpenAttach2 directory traversal attempt (server-webapp.rules)
 * 1:58427 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager widget_old_SP1 dlp_policy directory traversal attempt (server-webapp.rules)
 * 1:58432 <-> ENABLED <-> MALWARE-CNC Win.Trojan.MirrorBlast outbound connection (malware-cnc.rules)
 * 1:58433 <-> ENABLED <-> MALWARE-CNC Win.Trojan.MirrorBlast outbound connection (malware-cnc.rules)
 * 1:58422 <-> DISABLED <-> SERVER-WEBAPP BillQuick Web Suite SQL injection attempt (server-webapp.rules)
 * 1:58447 <-> DISABLED <-> SERVER-APACHE Apache Druid remote code execution attempt (server-apache.rules)
 * 1:58430 <-> ENABLED <-> MALWARE-CNC Win.Trojan.MirrorBlast outbound connection (malware-cnc.rules)
 * 1:58420 <-> DISABLED <-> SERVER-WEBAPP ReadyDesk 9.1 OpenAttach2 directory traversal attempt (server-webapp.rules)
 * 1:58438 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Generic upload attempt (malware-other.rules)
 * 1:58439 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Generic download attempt (malware-other.rules)
 * 1:58426 <-> DISABLED <-> SERVER-WEBAPP Schneider Electric Umotion Builder Virtual Appliance Css directory traversal attempt (server-webapp.rules)
 * 1:58423 <-> DISABLED <-> SERVER-WEBAPP BillQuick Web Suite SQL injection attempt (server-webapp.rules)
 * 1:58421 <-> DISABLED <-> SERVER-WEBAPP BillQuick Web Suite SQL injection attempt (server-webapp.rules)
 * 1:58428 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager Widget modDLPViolationCntdrildown.php directory traversal attempt (server-webapp.rules)
 * 3:58440 <-> ENABLED <-> SERVER-WEBAPP Cisco ASA and FTD web services stack buffer overflow attempt (server-webapp.rules)
 * 3:58441 <-> ENABLED <-> SERVER-WEBAPP Cisco ASA and FTD web services denial of service attempt (server-webapp.rules)
 * 3:58443 <-> ENABLED <-> SERVER-WEBAPP Cisco ASA and FTD web services denial of service attempt (server-webapp.rules)
 * 3:58442 <-> ENABLED <-> SERVER-OTHER Cisco ASA and FTD denial of service attempt (server-other.rules)
 * 3:58445 <-> ENABLED <-> SERVER-WEBAPP Cisco ASA and FTD web services denial of service attempt (server-webapp.rules)
 * 3:58444 <-> ENABLED <-> SERVER-WEBAPP Cisco ASA and FTD web services denial of service attempt (server-webapp.rules)
 * 3:58446 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center directory traversal attempt (server-webapp.rules)

Modified Rules:


 * 1:35625 <-> DISABLED <-> FILE-MULTIMEDIA Apple Quicktime invalid samr atom out of bounds read attempt (file-multimedia.rules)
 * 1:35714 <-> DISABLED <-> FILE-MULTIMEDIA Apple Quicktime invalid dref atom out of bounds read attempt (file-multimedia.rules)
 * 1:35712 <-> DISABLED <-> FILE-MULTIMEDIA Apple Quicktime invalid alis atom out of bounds read attempt (file-multimedia.rules)
 * 1:19559 <-> DISABLED <-> INDICATOR-SCAN SSH brute force login attempt (indicator-scan.rules)
 * 1:35713 <-> DISABLED <-> FILE-MULTIMEDIA Apple Quicktime invalid dref atom out of bounds read attempt (file-multimedia.rules)
 * 1:35626 <-> DISABLED <-> FILE-MULTIMEDIA Apple Quicktime invalid samr atom out of bounds read attempt (file-multimedia.rules)
 * 1:12710 <-> DISABLED <-> SERVER-OTHER ASN.1 constructed bit string (server-other.rules)
 * 1:35627 <-> DISABLED <-> FILE-MULTIMEDIA Apple Quicktime invalid samr atom out of bounds read attempt (file-multimedia.rules)
 * 1:35624 <-> DISABLED <-> FILE-MULTIMEDIA Apple Quicktime invalid samr atom out of bounds read attempt (file-multimedia.rules)
 * 1:35717 <-> ENABLED <-> FILE-MULTIMEDIA Apple QuickTime mdat atom corruption out of bounds read attempt (file-multimedia.rules)
 * 1:35716 <-> ENABLED <-> FILE-MULTIMEDIA Apple QuickTime mdat atom corruption out of bounds read attempt (file-multimedia.rules)
 * 1:35715 <-> ENABLED <-> FILE-MULTIMEDIA Apple QuickTime mdat atom corruption out of bounds read attempt (file-multimedia.rules)
 * 1:35718 <-> ENABLED <-> FILE-MULTIMEDIA Apple QuickTime mdat atom corruption out of bounds read attempt (file-multimedia.rules)
 * 1:55827 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet multiple functions SQL injection attempt (server-webapp.rules)
 * 1:55829 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet multiple functions SQL injection attempt (server-webapp.rules)
 * 1:35711 <-> DISABLED <-> FILE-MULTIMEDIA Apple Quicktime invalid alis atom out of bounds read attempt (file-multimedia.rules)
 * 1:55828 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet multiple functions SQL injection attempt (server-webapp.rules)

29161

2021-10-28 12:40:05 UTC

Snort Subscriber Rules Update

Date: 2021-10-28

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091601.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:58433 <-> ENABLED <-> MALWARE-CNC Win.Trojan.MirrorBlast outbound connection (malware-cnc.rules)
 * 1:58424 <-> DISABLED <-> SERVER-WEBAPP Schneider Electric Umotion Builder Virtual Appliance Css directory traversal attempt (server-webapp.rules)
 * 1:58421 <-> DISABLED <-> SERVER-WEBAPP BillQuick Web Suite SQL injection attempt (server-webapp.rules)
 * 1:58435 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Generic upload attempt (malware-other.rules)
 * 1:58428 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager Widget modDLPViolationCntdrildown.php directory traversal attempt (server-webapp.rules)
 * 1:58437 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Generic download attempt (malware-other.rules)
 * 1:58438 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Generic upload attempt (malware-other.rules)
 * 1:58431 <-> ENABLED <-> MALWARE-CNC Win.Trojan.MirrorBlast outbound connection (malware-cnc.rules)
 * 1:58434 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Generic download attempt (malware-other.rules)
 * 1:58422 <-> DISABLED <-> SERVER-WEBAPP BillQuick Web Suite SQL injection attempt (server-webapp.rules)
 * 1:58427 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager widget_old_SP1 dlp_policy directory traversal attempt (server-webapp.rules)
 * 1:58432 <-> ENABLED <-> MALWARE-CNC Win.Trojan.MirrorBlast outbound connection (malware-cnc.rules)
 * 1:58423 <-> DISABLED <-> SERVER-WEBAPP BillQuick Web Suite SQL injection attempt (server-webapp.rules)
 * 1:58419 <-> DISABLED <-> SERVER-WEBAPP ReadyDesk 9.1 OpenAttach2 directory traversal attempt (server-webapp.rules)
 * 1:58429 <-> ENABLED <-> MALWARE-CNC Win.Trojan.MirrorBlast outbound connection (malware-cnc.rules)
 * 1:58420 <-> DISABLED <-> SERVER-WEBAPP ReadyDesk 9.1 OpenAttach2 directory traversal attempt (server-webapp.rules)
 * 1:58425 <-> DISABLED <-> SERVER-WEBAPP Schneider Electric Umotion Builder Virtual Appliance Css directory traversal attempt (server-webapp.rules)
 * 1:58447 <-> DISABLED <-> SERVER-APACHE Apache Druid remote code execution attempt (server-apache.rules)
 * 1:58436 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Generic upload attempt (malware-other.rules)
 * 1:58418 <-> DISABLED <-> SERVER-WEBAPP ReadyDesk 9.1 OpenAttach2 directory traversal attempt (server-webapp.rules)
 * 1:58426 <-> DISABLED <-> SERVER-WEBAPP Schneider Electric Umotion Builder Virtual Appliance Css directory traversal attempt (server-webapp.rules)
 * 1:58430 <-> ENABLED <-> MALWARE-CNC Win.Trojan.MirrorBlast outbound connection (malware-cnc.rules)
 * 1:58439 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Generic download attempt (malware-other.rules)
 * 3:58440 <-> ENABLED <-> SERVER-WEBAPP Cisco ASA and FTD web services stack buffer overflow attempt (server-webapp.rules)
 * 3:58442 <-> ENABLED <-> SERVER-OTHER Cisco ASA and FTD denial of service attempt (server-other.rules)
 * 3:58444 <-> ENABLED <-> SERVER-WEBAPP Cisco ASA and FTD web services denial of service attempt (server-webapp.rules)
 * 3:58441 <-> ENABLED <-> SERVER-WEBAPP Cisco ASA and FTD web services denial of service attempt (server-webapp.rules)
 * 3:58445 <-> ENABLED <-> SERVER-WEBAPP Cisco ASA and FTD web services denial of service attempt (server-webapp.rules)
 * 3:58446 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center directory traversal attempt (server-webapp.rules)
 * 3:58443 <-> ENABLED <-> SERVER-WEBAPP Cisco ASA and FTD web services denial of service attempt (server-webapp.rules)

Modified Rules:


 * 1:35626 <-> DISABLED <-> FILE-MULTIMEDIA Apple Quicktime invalid samr atom out of bounds read attempt (file-multimedia.rules)
 * 1:35625 <-> DISABLED <-> FILE-MULTIMEDIA Apple Quicktime invalid samr atom out of bounds read attempt (file-multimedia.rules)
 * 1:12710 <-> DISABLED <-> SERVER-OTHER ASN.1 constructed bit string (server-other.rules)
 * 1:35624 <-> DISABLED <-> FILE-MULTIMEDIA Apple Quicktime invalid samr atom out of bounds read attempt (file-multimedia.rules)
 * 1:55828 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet multiple functions SQL injection attempt (server-webapp.rules)
 * 1:35714 <-> DISABLED <-> FILE-MULTIMEDIA Apple Quicktime invalid dref atom out of bounds read attempt (file-multimedia.rules)
 * 1:35712 <-> DISABLED <-> FILE-MULTIMEDIA Apple Quicktime invalid alis atom out of bounds read attempt (file-multimedia.rules)
 * 1:35627 <-> DISABLED <-> FILE-MULTIMEDIA Apple Quicktime invalid samr atom out of bounds read attempt (file-multimedia.rules)
 * 1:35715 <-> ENABLED <-> FILE-MULTIMEDIA Apple QuickTime mdat atom corruption out of bounds read attempt (file-multimedia.rules)
 * 1:35717 <-> ENABLED <-> FILE-MULTIMEDIA Apple QuickTime mdat atom corruption out of bounds read attempt (file-multimedia.rules)
 * 1:55829 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet multiple functions SQL injection attempt (server-webapp.rules)
 * 1:35713 <-> DISABLED <-> FILE-MULTIMEDIA Apple Quicktime invalid dref atom out of bounds read attempt (file-multimedia.rules)
 * 1:55827 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet multiple functions SQL injection attempt (server-webapp.rules)
 * 1:35716 <-> ENABLED <-> FILE-MULTIMEDIA Apple QuickTime mdat atom corruption out of bounds read attempt (file-multimedia.rules)
 * 1:35718 <-> ENABLED <-> FILE-MULTIMEDIA Apple QuickTime mdat atom corruption out of bounds read attempt (file-multimedia.rules)
 * 1:19559 <-> DISABLED <-> INDICATOR-SCAN SSH brute force login attempt (indicator-scan.rules)
 * 1:35711 <-> DISABLED <-> FILE-MULTIMEDIA Apple Quicktime invalid alis atom out of bounds read attempt (file-multimedia.rules)

29160

2021-10-28 12:40:05 UTC

Snort Subscriber Rules Update

Date: 2021-10-28

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091600.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:58432 <-> ENABLED <-> MALWARE-CNC Win.Trojan.MirrorBlast outbound connection (malware-cnc.rules)
 * 1:58433 <-> ENABLED <-> MALWARE-CNC Win.Trojan.MirrorBlast outbound connection (malware-cnc.rules)
 * 1:58427 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager widget_old_SP1 dlp_policy directory traversal attempt (server-webapp.rules)
 * 1:58430 <-> ENABLED <-> MALWARE-CNC Win.Trojan.MirrorBlast outbound connection (malware-cnc.rules)
 * 1:58431 <-> ENABLED <-> MALWARE-CNC Win.Trojan.MirrorBlast outbound connection (malware-cnc.rules)
 * 1:58435 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Generic upload attempt (malware-other.rules)
 * 1:58447 <-> DISABLED <-> SERVER-APACHE Apache Druid remote code execution attempt (server-apache.rules)
 * 1:58424 <-> DISABLED <-> SERVER-WEBAPP Schneider Electric Umotion Builder Virtual Appliance Css directory traversal attempt (server-webapp.rules)
 * 1:58428 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager Widget modDLPViolationCntdrildown.php directory traversal attempt (server-webapp.rules)
 * 1:58426 <-> DISABLED <-> SERVER-WEBAPP Schneider Electric Umotion Builder Virtual Appliance Css directory traversal attempt (server-webapp.rules)
 * 1:58437 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Generic download attempt (malware-other.rules)
 * 1:58429 <-> ENABLED <-> MALWARE-CNC Win.Trojan.MirrorBlast outbound connection (malware-cnc.rules)
 * 1:58419 <-> DISABLED <-> SERVER-WEBAPP ReadyDesk 9.1 OpenAttach2 directory traversal attempt (server-webapp.rules)
 * 1:58421 <-> DISABLED <-> SERVER-WEBAPP BillQuick Web Suite SQL injection attempt (server-webapp.rules)
 * 1:58439 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Generic download attempt (malware-other.rules)
 * 1:58422 <-> DISABLED <-> SERVER-WEBAPP BillQuick Web Suite SQL injection attempt (server-webapp.rules)
 * 1:58438 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Generic upload attempt (malware-other.rules)
 * 1:58434 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Generic download attempt (malware-other.rules)
 * 1:58418 <-> DISABLED <-> SERVER-WEBAPP ReadyDesk 9.1 OpenAttach2 directory traversal attempt (server-webapp.rules)
 * 1:58425 <-> DISABLED <-> SERVER-WEBAPP Schneider Electric Umotion Builder Virtual Appliance Css directory traversal attempt (server-webapp.rules)
 * 1:58423 <-> DISABLED <-> SERVER-WEBAPP BillQuick Web Suite SQL injection attempt (server-webapp.rules)
 * 1:58436 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Generic upload attempt (malware-other.rules)
 * 1:58420 <-> DISABLED <-> SERVER-WEBAPP ReadyDesk 9.1 OpenAttach2 directory traversal attempt (server-webapp.rules)
 * 3:58443 <-> ENABLED <-> SERVER-WEBAPP Cisco ASA and FTD web services denial of service attempt (server-webapp.rules)
 * 3:58441 <-> ENABLED <-> SERVER-WEBAPP Cisco ASA and FTD web services denial of service attempt (server-webapp.rules)
 * 3:58444 <-> ENABLED <-> SERVER-WEBAPP Cisco ASA and FTD web services denial of service attempt (server-webapp.rules)
 * 3:58440 <-> ENABLED <-> SERVER-WEBAPP Cisco ASA and FTD web services stack buffer overflow attempt (server-webapp.rules)
 * 3:58445 <-> ENABLED <-> SERVER-WEBAPP Cisco ASA and FTD web services denial of service attempt (server-webapp.rules)
 * 3:58442 <-> ENABLED <-> SERVER-OTHER Cisco ASA and FTD denial of service attempt (server-other.rules)
 * 3:58446 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center directory traversal attempt (server-webapp.rules)

Modified Rules:


 * 1:35714 <-> DISABLED <-> FILE-MULTIMEDIA Apple Quicktime invalid dref atom out of bounds read attempt (file-multimedia.rules)
 * 1:35712 <-> DISABLED <-> FILE-MULTIMEDIA Apple Quicktime invalid alis atom out of bounds read attempt (file-multimedia.rules)
 * 1:35713 <-> DISABLED <-> FILE-MULTIMEDIA Apple Quicktime invalid dref atom out of bounds read attempt (file-multimedia.rules)
 * 1:35715 <-> ENABLED <-> FILE-MULTIMEDIA Apple QuickTime mdat atom corruption out of bounds read attempt (file-multimedia.rules)
 * 1:55827 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet multiple functions SQL injection attempt (server-webapp.rules)
 * 1:55829 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet multiple functions SQL injection attempt (server-webapp.rules)
 * 1:19559 <-> DISABLED <-> INDICATOR-SCAN SSH brute force login attempt (indicator-scan.rules)
 * 1:35718 <-> ENABLED <-> FILE-MULTIMEDIA Apple QuickTime mdat atom corruption out of bounds read attempt (file-multimedia.rules)
 * 1:35624 <-> DISABLED <-> FILE-MULTIMEDIA Apple Quicktime invalid samr atom out of bounds read attempt (file-multimedia.rules)
 * 1:35626 <-> DISABLED <-> FILE-MULTIMEDIA Apple Quicktime invalid samr atom out of bounds read attempt (file-multimedia.rules)
 * 1:35711 <-> DISABLED <-> FILE-MULTIMEDIA Apple Quicktime invalid alis atom out of bounds read attempt (file-multimedia.rules)
 * 1:35625 <-> DISABLED <-> FILE-MULTIMEDIA Apple Quicktime invalid samr atom out of bounds read attempt (file-multimedia.rules)
 * 1:12710 <-> DISABLED <-> SERVER-OTHER ASN.1 constructed bit string (server-other.rules)
 * 1:35627 <-> DISABLED <-> FILE-MULTIMEDIA Apple Quicktime invalid samr atom out of bounds read attempt (file-multimedia.rules)
 * 1:55828 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet multiple functions SQL injection attempt (server-webapp.rules)
 * 1:35716 <-> ENABLED <-> FILE-MULTIMEDIA Apple QuickTime mdat atom corruption out of bounds read attempt (file-multimedia.rules)
 * 1:35717 <-> ENABLED <-> FILE-MULTIMEDIA Apple QuickTime mdat atom corruption out of bounds read attempt (file-multimedia.rules)

29151

2021-10-28 12:40:05 UTC

Snort Subscriber Rules Update

Date: 2021-10-28

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091501.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:58429 <-> ENABLED <-> MALWARE-CNC Win.Trojan.MirrorBlast outbound connection (malware-cnc.rules)
 * 1:58419 <-> DISABLED <-> SERVER-WEBAPP ReadyDesk 9.1 OpenAttach2 directory traversal attempt (server-webapp.rules)
 * 1:58439 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Generic download attempt (malware-other.rules)
 * 1:58418 <-> DISABLED <-> SERVER-WEBAPP ReadyDesk 9.1 OpenAttach2 directory traversal attempt (server-webapp.rules)
 * 1:58438 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Generic upload attempt (malware-other.rules)
 * 1:58437 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Generic download attempt (malware-other.rules)
 * 1:58420 <-> DISABLED <-> SERVER-WEBAPP ReadyDesk 9.1 OpenAttach2 directory traversal attempt (server-webapp.rules)
 * 1:58426 <-> DISABLED <-> SERVER-WEBAPP Schneider Electric Umotion Builder Virtual Appliance Css directory traversal attempt (server-webapp.rules)
 * 1:58430 <-> ENABLED <-> MALWARE-CNC Win.Trojan.MirrorBlast outbound connection (malware-cnc.rules)
 * 1:58447 <-> DISABLED <-> SERVER-APACHE Apache Druid remote code execution attempt (server-apache.rules)
 * 1:58435 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Generic upload attempt (malware-other.rules)
 * 1:58436 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Generic upload attempt (malware-other.rules)
 * 1:58422 <-> DISABLED <-> SERVER-WEBAPP BillQuick Web Suite SQL injection attempt (server-webapp.rules)
 * 1:58431 <-> ENABLED <-> MALWARE-CNC Win.Trojan.MirrorBlast outbound connection (malware-cnc.rules)
 * 1:58434 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Generic download attempt (malware-other.rules)
 * 1:58424 <-> DISABLED <-> SERVER-WEBAPP Schneider Electric Umotion Builder Virtual Appliance Css directory traversal attempt (server-webapp.rules)
 * 1:58433 <-> ENABLED <-> MALWARE-CNC Win.Trojan.MirrorBlast outbound connection (malware-cnc.rules)
 * 1:58432 <-> ENABLED <-> MALWARE-CNC Win.Trojan.MirrorBlast outbound connection (malware-cnc.rules)
 * 1:58428 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager Widget modDLPViolationCntdrildown.php directory traversal attempt (server-webapp.rules)
 * 1:58423 <-> DISABLED <-> SERVER-WEBAPP BillQuick Web Suite SQL injection attempt (server-webapp.rules)
 * 1:58427 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager widget_old_SP1 dlp_policy directory traversal attempt (server-webapp.rules)
 * 1:58425 <-> DISABLED <-> SERVER-WEBAPP Schneider Electric Umotion Builder Virtual Appliance Css directory traversal attempt (server-webapp.rules)
 * 1:58421 <-> DISABLED <-> SERVER-WEBAPP BillQuick Web Suite SQL injection attempt (server-webapp.rules)
 * 3:58445 <-> ENABLED <-> SERVER-WEBAPP Cisco ASA and FTD web services denial of service attempt (server-webapp.rules)
 * 3:58446 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center directory traversal attempt (server-webapp.rules)
 * 3:58443 <-> ENABLED <-> SERVER-WEBAPP Cisco ASA and FTD web services denial of service attempt (server-webapp.rules)
 * 3:58440 <-> ENABLED <-> SERVER-WEBAPP Cisco ASA and FTD web services stack buffer overflow attempt (server-webapp.rules)
 * 3:58444 <-> ENABLED <-> SERVER-WEBAPP Cisco ASA and FTD web services denial of service attempt (server-webapp.rules)
 * 3:58442 <-> ENABLED <-> SERVER-OTHER Cisco ASA and FTD denial of service attempt (server-other.rules)
 * 3:58441 <-> ENABLED <-> SERVER-WEBAPP Cisco ASA and FTD web services denial of service attempt (server-webapp.rules)

Modified Rules:


 * 1:35715 <-> ENABLED <-> FILE-MULTIMEDIA Apple QuickTime mdat atom corruption out of bounds read attempt (file-multimedia.rules)
 * 1:35714 <-> DISABLED <-> FILE-MULTIMEDIA Apple Quicktime invalid dref atom out of bounds read attempt (file-multimedia.rules)
 * 1:35712 <-> DISABLED <-> FILE-MULTIMEDIA Apple Quicktime invalid alis atom out of bounds read attempt (file-multimedia.rules)
 * 1:35624 <-> DISABLED <-> FILE-MULTIMEDIA Apple Quicktime invalid samr atom out of bounds read attempt (file-multimedia.rules)
 * 1:35711 <-> DISABLED <-> FILE-MULTIMEDIA Apple Quicktime invalid alis atom out of bounds read attempt (file-multimedia.rules)
 * 1:35713 <-> DISABLED <-> FILE-MULTIMEDIA Apple Quicktime invalid dref atom out of bounds read attempt (file-multimedia.rules)
 * 1:35626 <-> DISABLED <-> FILE-MULTIMEDIA Apple Quicktime invalid samr atom out of bounds read attempt (file-multimedia.rules)
 * 1:35716 <-> ENABLED <-> FILE-MULTIMEDIA Apple QuickTime mdat atom corruption out of bounds read attempt (file-multimedia.rules)
 * 1:55827 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet multiple functions SQL injection attempt (server-webapp.rules)
 * 1:35717 <-> ENABLED <-> FILE-MULTIMEDIA Apple QuickTime mdat atom corruption out of bounds read attempt (file-multimedia.rules)
 * 1:35627 <-> DISABLED <-> FILE-MULTIMEDIA Apple Quicktime invalid samr atom out of bounds read attempt (file-multimedia.rules)
 * 1:35718 <-> ENABLED <-> FILE-MULTIMEDIA Apple QuickTime mdat atom corruption out of bounds read attempt (file-multimedia.rules)
 * 1:55828 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet multiple functions SQL injection attempt (server-webapp.rules)
 * 1:55829 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet multiple functions SQL injection attempt (server-webapp.rules)
 * 1:35625 <-> DISABLED <-> FILE-MULTIMEDIA Apple Quicktime invalid samr atom out of bounds read attempt (file-multimedia.rules)
 * 1:12710 <-> DISABLED <-> SERVER-OTHER ASN.1 constructed bit string (server-other.rules)
 * 1:19559 <-> DISABLED <-> INDICATOR-SCAN SSH brute force login attempt (indicator-scan.rules)

29141

2021-10-28 12:40:05 UTC

Snort Subscriber Rules Update

Date: 2021-10-28

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091401.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:58426 <-> DISABLED <-> SERVER-WEBAPP Schneider Electric Umotion Builder Virtual Appliance Css directory traversal attempt (server-webapp.rules)
 * 1:58428 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager Widget modDLPViolationCntdrildown.php directory traversal attempt (server-webapp.rules)
 * 1:58438 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Generic upload attempt (malware-other.rules)
 * 1:58435 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Generic upload attempt (malware-other.rules)
 * 1:58423 <-> DISABLED <-> SERVER-WEBAPP BillQuick Web Suite SQL injection attempt (server-webapp.rules)
 * 1:58418 <-> DISABLED <-> SERVER-WEBAPP ReadyDesk 9.1 OpenAttach2 directory traversal attempt (server-webapp.rules)
 * 1:58433 <-> ENABLED <-> MALWARE-CNC Win.Trojan.MirrorBlast outbound connection (malware-cnc.rules)
 * 1:58420 <-> DISABLED <-> SERVER-WEBAPP ReadyDesk 9.1 OpenAttach2 directory traversal attempt (server-webapp.rules)
 * 1:58447 <-> DISABLED <-> SERVER-APACHE Apache Druid remote code execution attempt (server-apache.rules)
 * 1:58421 <-> DISABLED <-> SERVER-WEBAPP BillQuick Web Suite SQL injection attempt (server-webapp.rules)
 * 1:58427 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager widget_old_SP1 dlp_policy directory traversal attempt (server-webapp.rules)
 * 1:58419 <-> DISABLED <-> SERVER-WEBAPP ReadyDesk 9.1 OpenAttach2 directory traversal attempt (server-webapp.rules)
 * 1:58436 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Generic upload attempt (malware-other.rules)
 * 1:58439 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Generic download attempt (malware-other.rules)
 * 1:58430 <-> ENABLED <-> MALWARE-CNC Win.Trojan.MirrorBlast outbound connection (malware-cnc.rules)
 * 1:58432 <-> ENABLED <-> MALWARE-CNC Win.Trojan.MirrorBlast outbound connection (malware-cnc.rules)
 * 1:58422 <-> DISABLED <-> SERVER-WEBAPP BillQuick Web Suite SQL injection attempt (server-webapp.rules)
 * 1:58431 <-> ENABLED <-> MALWARE-CNC Win.Trojan.MirrorBlast outbound connection (malware-cnc.rules)
 * 1:58437 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Generic download attempt (malware-other.rules)
 * 1:58424 <-> DISABLED <-> SERVER-WEBAPP Schneider Electric Umotion Builder Virtual Appliance Css directory traversal attempt (server-webapp.rules)
 * 1:58434 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Generic download attempt (malware-other.rules)
 * 1:58425 <-> DISABLED <-> SERVER-WEBAPP Schneider Electric Umotion Builder Virtual Appliance Css directory traversal attempt (server-webapp.rules)
 * 1:58429 <-> ENABLED <-> MALWARE-CNC Win.Trojan.MirrorBlast outbound connection (malware-cnc.rules)
 * 3:58446 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center directory traversal attempt (server-webapp.rules)
 * 3:58440 <-> ENABLED <-> SERVER-WEBAPP Cisco ASA and FTD web services stack buffer overflow attempt (server-webapp.rules)
 * 3:58442 <-> ENABLED <-> SERVER-OTHER Cisco ASA and FTD denial of service attempt (server-other.rules)
 * 3:58443 <-> ENABLED <-> SERVER-WEBAPP Cisco ASA and FTD web services denial of service attempt (server-webapp.rules)
 * 3:58441 <-> ENABLED <-> SERVER-WEBAPP Cisco ASA and FTD web services denial of service attempt (server-webapp.rules)
 * 3:58445 <-> ENABLED <-> SERVER-WEBAPP Cisco ASA and FTD web services denial of service attempt (server-webapp.rules)
 * 3:58444 <-> ENABLED <-> SERVER-WEBAPP Cisco ASA and FTD web services denial of service attempt (server-webapp.rules)

Modified Rules:


 * 1:35718 <-> ENABLED <-> FILE-MULTIMEDIA Apple QuickTime mdat atom corruption out of bounds read attempt (file-multimedia.rules)
 * 1:35714 <-> DISABLED <-> FILE-MULTIMEDIA Apple Quicktime invalid dref atom out of bounds read attempt (file-multimedia.rules)
 * 1:35716 <-> ENABLED <-> FILE-MULTIMEDIA Apple QuickTime mdat atom corruption out of bounds read attempt (file-multimedia.rules)
 * 1:55827 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet multiple functions SQL injection attempt (server-webapp.rules)
 * 1:35711 <-> DISABLED <-> FILE-MULTIMEDIA Apple Quicktime invalid alis atom out of bounds read attempt (file-multimedia.rules)
 * 1:35712 <-> DISABLED <-> FILE-MULTIMEDIA Apple Quicktime invalid alis atom out of bounds read attempt (file-multimedia.rules)
 * 1:35624 <-> DISABLED <-> FILE-MULTIMEDIA Apple Quicktime invalid samr atom out of bounds read attempt (file-multimedia.rules)
 * 1:35713 <-> DISABLED <-> FILE-MULTIMEDIA Apple Quicktime invalid dref atom out of bounds read attempt (file-multimedia.rules)
 * 1:35625 <-> DISABLED <-> FILE-MULTIMEDIA Apple Quicktime invalid samr atom out of bounds read attempt (file-multimedia.rules)
 * 1:55829 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet multiple functions SQL injection attempt (server-webapp.rules)
 * 1:19559 <-> DISABLED <-> INDICATOR-SCAN SSH brute force login attempt (indicator-scan.rules)
 * 1:35627 <-> DISABLED <-> FILE-MULTIMEDIA Apple Quicktime invalid samr atom out of bounds read attempt (file-multimedia.rules)
 * 1:35715 <-> ENABLED <-> FILE-MULTIMEDIA Apple QuickTime mdat atom corruption out of bounds read attempt (file-multimedia.rules)
 * 1:35626 <-> DISABLED <-> FILE-MULTIMEDIA Apple Quicktime invalid samr atom out of bounds read attempt (file-multimedia.rules)
 * 1:12710 <-> DISABLED <-> SERVER-OTHER ASN.1 constructed bit string (server-other.rules)
 * 1:55828 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet multiple functions SQL injection attempt (server-webapp.rules)
 * 1:35717 <-> ENABLED <-> FILE-MULTIMEDIA Apple QuickTime mdat atom corruption out of bounds read attempt (file-multimedia.rules)

29130

2021-10-28 12:40:05 UTC

Snort Subscriber Rules Update

Date: 2021-10-28

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091300.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:58424 <-> DISABLED <-> SERVER-WEBAPP Schneider Electric Umotion Builder Virtual Appliance Css directory traversal attempt (server-webapp.rules)
 * 1:58420 <-> DISABLED <-> SERVER-WEBAPP ReadyDesk 9.1 OpenAttach2 directory traversal attempt (server-webapp.rules)
 * 1:58429 <-> ENABLED <-> MALWARE-CNC Win.Trojan.MirrorBlast outbound connection (malware-cnc.rules)
 * 1:58425 <-> DISABLED <-> SERVER-WEBAPP Schneider Electric Umotion Builder Virtual Appliance Css directory traversal attempt (server-webapp.rules)
 * 1:58422 <-> DISABLED <-> SERVER-WEBAPP BillQuick Web Suite SQL injection attempt (server-webapp.rules)
 * 1:58423 <-> DISABLED <-> SERVER-WEBAPP BillQuick Web Suite SQL injection attempt (server-webapp.rules)
 * 1:58428 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager Widget modDLPViolationCntdrildown.php directory traversal attempt (server-webapp.rules)
 * 1:58426 <-> DISABLED <-> SERVER-WEBAPP Schneider Electric Umotion Builder Virtual Appliance Css directory traversal attempt (server-webapp.rules)
 * 1:58438 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Generic upload attempt (malware-other.rules)
 * 1:58434 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Generic download attempt (malware-other.rules)
 * 1:58419 <-> DISABLED <-> SERVER-WEBAPP ReadyDesk 9.1 OpenAttach2 directory traversal attempt (server-webapp.rules)
 * 1:58432 <-> ENABLED <-> MALWARE-CNC Win.Trojan.MirrorBlast outbound connection (malware-cnc.rules)
 * 1:58421 <-> DISABLED <-> SERVER-WEBAPP BillQuick Web Suite SQL injection attempt (server-webapp.rules)
 * 1:58430 <-> ENABLED <-> MALWARE-CNC Win.Trojan.MirrorBlast outbound connection (malware-cnc.rules)
 * 1:58437 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Generic download attempt (malware-other.rules)
 * 1:58418 <-> DISABLED <-> SERVER-WEBAPP ReadyDesk 9.1 OpenAttach2 directory traversal attempt (server-webapp.rules)
 * 1:58447 <-> DISABLED <-> SERVER-APACHE Apache Druid remote code execution attempt (server-apache.rules)
 * 1:58427 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager widget_old_SP1 dlp_policy directory traversal attempt (server-webapp.rules)
 * 1:58435 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Generic upload attempt (malware-other.rules)
 * 1:58436 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Generic upload attempt (malware-other.rules)
 * 1:58439 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Generic download attempt (malware-other.rules)
 * 1:58431 <-> ENABLED <-> MALWARE-CNC Win.Trojan.MirrorBlast outbound connection (malware-cnc.rules)
 * 1:58433 <-> ENABLED <-> MALWARE-CNC Win.Trojan.MirrorBlast outbound connection (malware-cnc.rules)
 * 3:58444 <-> ENABLED <-> SERVER-WEBAPP Cisco ASA and FTD web services denial of service attempt (server-webapp.rules)
 * 3:58440 <-> ENABLED <-> SERVER-WEBAPP Cisco ASA and FTD web services stack buffer overflow attempt (server-webapp.rules)
 * 3:58441 <-> ENABLED <-> SERVER-WEBAPP Cisco ASA and FTD web services denial of service attempt (server-webapp.rules)
 * 3:58445 <-> ENABLED <-> SERVER-WEBAPP Cisco ASA and FTD web services denial of service attempt (server-webapp.rules)
 * 3:58446 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center directory traversal attempt (server-webapp.rules)
 * 3:58442 <-> ENABLED <-> SERVER-OTHER Cisco ASA and FTD denial of service attempt (server-other.rules)
 * 3:58443 <-> ENABLED <-> SERVER-WEBAPP Cisco ASA and FTD web services denial of service attempt (server-webapp.rules)

Modified Rules:


 * 1:55829 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet multiple functions SQL injection attempt (server-webapp.rules)
 * 1:55827 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet multiple functions SQL injection attempt (server-webapp.rules)
 * 1:35714 <-> DISABLED <-> FILE-MULTIMEDIA Apple Quicktime invalid dref atom out of bounds read attempt (file-multimedia.rules)
 * 1:35712 <-> DISABLED <-> FILE-MULTIMEDIA Apple Quicktime invalid alis atom out of bounds read attempt (file-multimedia.rules)
 * 1:35626 <-> DISABLED <-> FILE-MULTIMEDIA Apple Quicktime invalid samr atom out of bounds read attempt (file-multimedia.rules)
 * 1:35624 <-> DISABLED <-> FILE-MULTIMEDIA Apple Quicktime invalid samr atom out of bounds read attempt (file-multimedia.rules)
 * 1:35713 <-> DISABLED <-> FILE-MULTIMEDIA Apple Quicktime invalid dref atom out of bounds read attempt (file-multimedia.rules)
 * 1:55828 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet multiple functions SQL injection attempt (server-webapp.rules)
 * 1:12710 <-> DISABLED <-> SERVER-OTHER ASN.1 constructed bit string (server-other.rules)
 * 1:19559 <-> DISABLED <-> INDICATOR-SCAN SSH brute force login attempt (indicator-scan.rules)
 * 1:35715 <-> ENABLED <-> FILE-MULTIMEDIA Apple QuickTime mdat atom corruption out of bounds read attempt (file-multimedia.rules)
 * 1:35718 <-> ENABLED <-> FILE-MULTIMEDIA Apple QuickTime mdat atom corruption out of bounds read attempt (file-multimedia.rules)
 * 1:35716 <-> ENABLED <-> FILE-MULTIMEDIA Apple QuickTime mdat atom corruption out of bounds read attempt (file-multimedia.rules)
 * 1:35711 <-> DISABLED <-> FILE-MULTIMEDIA Apple Quicktime invalid alis atom out of bounds read attempt (file-multimedia.rules)
 * 1:35627 <-> DISABLED <-> FILE-MULTIMEDIA Apple Quicktime invalid samr atom out of bounds read attempt (file-multimedia.rules)
 * 1:35717 <-> ENABLED <-> FILE-MULTIMEDIA Apple QuickTime mdat atom corruption out of bounds read attempt (file-multimedia.rules)
 * 1:35625 <-> DISABLED <-> FILE-MULTIMEDIA Apple Quicktime invalid samr atom out of bounds read attempt (file-multimedia.rules)

29111

2021-10-28 12:40:05 UTC

Snort Subscriber Rules Update

Date: 2021-10-28

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091101.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:58437 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Generic download attempt (malware-other.rules)
 * 1:58447 <-> DISABLED <-> SERVER-APACHE Apache Druid remote code execution attempt (server-apache.rules)
 * 1:58432 <-> ENABLED <-> MALWARE-CNC Win.Trojan.MirrorBlast outbound connection (malware-cnc.rules)
 * 1:58430 <-> ENABLED <-> MALWARE-CNC Win.Trojan.MirrorBlast outbound connection (malware-cnc.rules)
 * 1:58427 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager widget_old_SP1 dlp_policy directory traversal attempt (server-webapp.rules)
 * 1:58424 <-> DISABLED <-> SERVER-WEBAPP Schneider Electric Umotion Builder Virtual Appliance Css directory traversal attempt (server-webapp.rules)
 * 1:58428 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager Widget modDLPViolationCntdrildown.php directory traversal attempt (server-webapp.rules)
 * 1:58433 <-> ENABLED <-> MALWARE-CNC Win.Trojan.MirrorBlast outbound connection (malware-cnc.rules)
 * 1:58419 <-> DISABLED <-> SERVER-WEBAPP ReadyDesk 9.1 OpenAttach2 directory traversal attempt (server-webapp.rules)
 * 1:58435 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Generic upload attempt (malware-other.rules)
 * 1:58422 <-> DISABLED <-> SERVER-WEBAPP BillQuick Web Suite SQL injection attempt (server-webapp.rules)
 * 1:58439 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Generic download attempt (malware-other.rules)
 * 1:58418 <-> DISABLED <-> SERVER-WEBAPP ReadyDesk 9.1 OpenAttach2 directory traversal attempt (server-webapp.rules)
 * 1:58426 <-> DISABLED <-> SERVER-WEBAPP Schneider Electric Umotion Builder Virtual Appliance Css directory traversal attempt (server-webapp.rules)
 * 1:58421 <-> DISABLED <-> SERVER-WEBAPP BillQuick Web Suite SQL injection attempt (server-webapp.rules)
 * 1:58425 <-> DISABLED <-> SERVER-WEBAPP Schneider Electric Umotion Builder Virtual Appliance Css directory traversal attempt (server-webapp.rules)
 * 1:58431 <-> ENABLED <-> MALWARE-CNC Win.Trojan.MirrorBlast outbound connection (malware-cnc.rules)
 * 1:58438 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Generic upload attempt (malware-other.rules)
 * 1:58420 <-> DISABLED <-> SERVER-WEBAPP ReadyDesk 9.1 OpenAttach2 directory traversal attempt (server-webapp.rules)
 * 1:58434 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Generic download attempt (malware-other.rules)
 * 1:58423 <-> DISABLED <-> SERVER-WEBAPP BillQuick Web Suite SQL injection attempt (server-webapp.rules)
 * 1:58429 <-> ENABLED <-> MALWARE-CNC Win.Trojan.MirrorBlast outbound connection (malware-cnc.rules)
 * 1:58436 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Generic upload attempt (malware-other.rules)
 * 3:58443 <-> ENABLED <-> SERVER-WEBAPP Cisco ASA and FTD web services denial of service attempt (server-webapp.rules)
 * 3:58446 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center directory traversal attempt (server-webapp.rules)
 * 3:58440 <-> ENABLED <-> SERVER-WEBAPP Cisco ASA and FTD web services stack buffer overflow attempt (server-webapp.rules)
 * 3:58445 <-> ENABLED <-> SERVER-WEBAPP Cisco ASA and FTD web services denial of service attempt (server-webapp.rules)
 * 3:58441 <-> ENABLED <-> SERVER-WEBAPP Cisco ASA and FTD web services denial of service attempt (server-webapp.rules)
 * 3:58444 <-> ENABLED <-> SERVER-WEBAPP Cisco ASA and FTD web services denial of service attempt (server-webapp.rules)
 * 3:58442 <-> ENABLED <-> SERVER-OTHER Cisco ASA and FTD denial of service attempt (server-other.rules)

Modified Rules:


 * 1:55829 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet multiple functions SQL injection attempt (server-webapp.rules)
 * 1:35626 <-> DISABLED <-> FILE-MULTIMEDIA Apple Quicktime invalid samr atom out of bounds read attempt (file-multimedia.rules)
 * 1:35714 <-> DISABLED <-> FILE-MULTIMEDIA Apple Quicktime invalid dref atom out of bounds read attempt (file-multimedia.rules)
 * 1:35712 <-> DISABLED <-> FILE-MULTIMEDIA Apple Quicktime invalid alis atom out of bounds read attempt (file-multimedia.rules)
 * 1:35715 <-> ENABLED <-> FILE-MULTIMEDIA Apple QuickTime mdat atom corruption out of bounds read attempt (file-multimedia.rules)
 * 1:35713 <-> DISABLED <-> FILE-MULTIMEDIA Apple Quicktime invalid dref atom out of bounds read attempt (file-multimedia.rules)
 * 1:35711 <-> DISABLED <-> FILE-MULTIMEDIA Apple Quicktime invalid alis atom out of bounds read attempt (file-multimedia.rules)
 * 1:35716 <-> ENABLED <-> FILE-MULTIMEDIA Apple QuickTime mdat atom corruption out of bounds read attempt (file-multimedia.rules)
 * 1:35717 <-> ENABLED <-> FILE-MULTIMEDIA Apple QuickTime mdat atom corruption out of bounds read attempt (file-multimedia.rules)
 * 1:12710 <-> DISABLED <-> SERVER-OTHER ASN.1 constructed bit string (server-other.rules)
 * 1:35624 <-> DISABLED <-> FILE-MULTIMEDIA Apple Quicktime invalid samr atom out of bounds read attempt (file-multimedia.rules)
 * 1:19559 <-> DISABLED <-> INDICATOR-SCAN SSH brute force login attempt (indicator-scan.rules)
 * 1:55828 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet multiple functions SQL injection attempt (server-webapp.rules)
 * 1:55827 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet multiple functions SQL injection attempt (server-webapp.rules)
 * 1:35625 <-> DISABLED <-> FILE-MULTIMEDIA Apple Quicktime invalid samr atom out of bounds read attempt (file-multimedia.rules)
 * 1:35627 <-> DISABLED <-> FILE-MULTIMEDIA Apple Quicktime invalid samr atom out of bounds read attempt (file-multimedia.rules)
 * 1:35718 <-> ENABLED <-> FILE-MULTIMEDIA Apple QuickTime mdat atom corruption out of bounds read attempt (file-multimedia.rules)

3000

2021-10-28 12:40:05 UTC

Snort Subscriber Rules Update

Date: 2021-10-28

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3000.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:58422 <-> DISABLED <-> SERVER-WEBAPP BillQuick Web Suite SQL injection attempt (snort3-server-webapp.rules)
 * 1:58434 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Generic download attempt (snort3-malware-other.rules)
 * 1:58437 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Generic download attempt (snort3-malware-other.rules)
 * 1:58435 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Generic upload attempt (snort3-malware-other.rules)
 * 1:58427 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager widget_old_SP1 dlp_policy directory traversal attempt (snort3-server-webapp.rules)
 * 1:58418 <-> DISABLED <-> SERVER-WEBAPP ReadyDesk 9.1 OpenAttach2 directory traversal attempt (snort3-server-webapp.rules)
 * 1:58432 <-> ENABLED <-> MALWARE-CNC Win.Trojan.MirrorBlast outbound connection (snort3-malware-cnc.rules)
 * 1:58420 <-> DISABLED <-> SERVER-WEBAPP ReadyDesk 9.1 OpenAttach2 directory traversal attempt (snort3-server-webapp.rules)
 * 1:58428 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager Widget modDLPViolationCntdrildown.php directory traversal attempt (snort3-server-webapp.rules)
 * 1:58425 <-> DISABLED <-> SERVER-WEBAPP Schneider Electric Umotion Builder Virtual Appliance Css directory traversal attempt (snort3-server-webapp.rules)
 * 1:58436 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Generic upload attempt (snort3-malware-other.rules)
 * 1:58421 <-> DISABLED <-> SERVER-WEBAPP BillQuick Web Suite SQL injection attempt (snort3-server-webapp.rules)
 * 1:58419 <-> DISABLED <-> SERVER-WEBAPP ReadyDesk 9.1 OpenAttach2 directory traversal attempt (snort3-server-webapp.rules)
 * 1:58430 <-> ENABLED <-> MALWARE-CNC Win.Trojan.MirrorBlast outbound connection (snort3-malware-cnc.rules)
 * 1:58439 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Generic download attempt (snort3-malware-other.rules)
 * 1:58447 <-> DISABLED <-> SERVER-APACHE Apache Druid remote code execution attempt (snort3-server-apache.rules)
 * 1:58423 <-> DISABLED <-> SERVER-WEBAPP BillQuick Web Suite SQL injection attempt (snort3-server-webapp.rules)
 * 1:58433 <-> ENABLED <-> MALWARE-CNC Win.Trojan.MirrorBlast outbound connection (snort3-malware-cnc.rules)
 * 1:58424 <-> DISABLED <-> SERVER-WEBAPP Schneider Electric Umotion Builder Virtual Appliance Css directory traversal attempt (snort3-server-webapp.rules)
 * 1:58429 <-> ENABLED <-> MALWARE-CNC Win.Trojan.MirrorBlast outbound connection (snort3-malware-cnc.rules)
 * 1:58431 <-> ENABLED <-> MALWARE-CNC Win.Trojan.MirrorBlast outbound connection (snort3-malware-cnc.rules)
 * 1:58438 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Generic upload attempt (snort3-malware-other.rules)
 * 1:58426 <-> DISABLED <-> SERVER-WEBAPP Schneider Electric Umotion Builder Virtual Appliance Css directory traversal attempt (snort3-server-webapp.rules)

Modified Rules:


 * 1:55827 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet multiple functions SQL injection attempt (snort3-server-webapp.rules)
 * 1:35624 <-> DISABLED <-> FILE-MULTIMEDIA Apple Quicktime invalid samr atom out of bounds read attempt (snort3-file-multimedia.rules)
 * 1:55829 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet multiple functions SQL injection attempt (snort3-server-webapp.rules)
 * 1:35625 <-> DISABLED <-> FILE-MULTIMEDIA Apple Quicktime invalid samr atom out of bounds read attempt (snort3-file-multimedia.rules)
 * 1:35716 <-> ENABLED <-> FILE-MULTIMEDIA Apple QuickTime mdat atom corruption out of bounds read attempt (snort3-file-multimedia.rules)
 * 1:19559 <-> DISABLED <-> INDICATOR-SCAN SSH brute force login attempt (snort3-indicator-scan.rules)
 * 1:35717 <-> ENABLED <-> FILE-MULTIMEDIA Apple QuickTime mdat atom corruption out of bounds read attempt (snort3-file-multimedia.rules)
 * 1:35718 <-> ENABLED <-> FILE-MULTIMEDIA Apple QuickTime mdat atom corruption out of bounds read attempt (snort3-file-multimedia.rules)
 * 1:35713 <-> DISABLED <-> FILE-MULTIMEDIA Apple Quicktime invalid dref atom out of bounds read attempt (snort3-file-multimedia.rules)
 * 1:55828 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet multiple functions SQL injection attempt (snort3-server-webapp.rules)
 * 1:35711 <-> DISABLED <-> FILE-MULTIMEDIA Apple Quicktime invalid alis atom out of bounds read attempt (snort3-file-multimedia.rules)
 * 1:12710 <-> DISABLED <-> SERVER-OTHER ASN.1 constructed bit string (snort3-server-other.rules)
 * 1:35715 <-> ENABLED <-> FILE-MULTIMEDIA Apple QuickTime mdat atom corruption out of bounds read attempt (snort3-file-multimedia.rules)
 * 1:35626 <-> DISABLED <-> FILE-MULTIMEDIA Apple Quicktime invalid samr atom out of bounds read attempt (snort3-file-multimedia.rules)
 * 1:35627 <-> DISABLED <-> FILE-MULTIMEDIA Apple Quicktime invalid samr atom out of bounds read attempt (snort3-file-multimedia.rules)
 * 1:35714 <-> DISABLED <-> FILE-MULTIMEDIA Apple Quicktime invalid dref atom out of bounds read attempt (snort3-file-multimedia.rules)
 * 1:35712 <-> DISABLED <-> FILE-MULTIMEDIA Apple Quicktime invalid alis atom out of bounds read attempt (snort3-file-multimedia.rules)

2983

2021-10-28 12:40:05 UTC

Snort Subscriber Rules Update

Date: 2021-10-28

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:58433 <-> ENABLED <-> MALWARE-CNC Win.Trojan.MirrorBlast outbound connection (malware-cnc.rules)
 * 1:58435 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Generic upload attempt (malware-other.rules)
 * 1:58427 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager widget_old_SP1 dlp_policy directory traversal attempt (server-webapp.rules)
 * 1:58434 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Generic download attempt (malware-other.rules)
 * 1:58421 <-> DISABLED <-> SERVER-WEBAPP BillQuick Web Suite SQL injection attempt (server-webapp.rules)
 * 1:58426 <-> DISABLED <-> SERVER-WEBAPP Schneider Electric Umotion Builder Virtual Appliance Css directory traversal attempt (server-webapp.rules)
 * 1:58438 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Generic upload attempt (malware-other.rules)
 * 1:58428 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager Widget modDLPViolationCntdrildown.php directory traversal attempt (server-webapp.rules)
 * 1:58447 <-> DISABLED <-> SERVER-APACHE Apache Druid remote code execution attempt (server-apache.rules)
 * 1:58439 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Generic download attempt (malware-other.rules)
 * 1:58423 <-> DISABLED <-> SERVER-WEBAPP BillQuick Web Suite SQL injection attempt (server-webapp.rules)
 * 1:58424 <-> DISABLED <-> SERVER-WEBAPP Schneider Electric Umotion Builder Virtual Appliance Css directory traversal attempt (server-webapp.rules)
 * 1:58425 <-> DISABLED <-> SERVER-WEBAPP Schneider Electric Umotion Builder Virtual Appliance Css directory traversal attempt (server-webapp.rules)
 * 1:58418 <-> DISABLED <-> SERVER-WEBAPP ReadyDesk 9.1 OpenAttach2 directory traversal attempt (server-webapp.rules)
 * 1:58432 <-> ENABLED <-> MALWARE-CNC Win.Trojan.MirrorBlast outbound connection (malware-cnc.rules)
 * 1:58431 <-> ENABLED <-> MALWARE-CNC Win.Trojan.MirrorBlast outbound connection (malware-cnc.rules)
 * 1:58429 <-> ENABLED <-> MALWARE-CNC Win.Trojan.MirrorBlast outbound connection (malware-cnc.rules)
 * 1:58419 <-> DISABLED <-> SERVER-WEBAPP ReadyDesk 9.1 OpenAttach2 directory traversal attempt (server-webapp.rules)
 * 1:58422 <-> DISABLED <-> SERVER-WEBAPP BillQuick Web Suite SQL injection attempt (server-webapp.rules)
 * 1:58436 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Generic upload attempt (malware-other.rules)
 * 1:58420 <-> DISABLED <-> SERVER-WEBAPP ReadyDesk 9.1 OpenAttach2 directory traversal attempt (server-webapp.rules)
 * 1:58437 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.Generic download attempt (malware-other.rules)
 * 1:58430 <-> ENABLED <-> MALWARE-CNC Win.Trojan.MirrorBlast outbound connection (malware-cnc.rules)

Modified Rules:


 * 1:35625 <-> DISABLED <-> FILE-MULTIMEDIA Apple Quicktime invalid samr atom out of bounds read attempt (file-multimedia.rules)
 * 1:35715 <-> ENABLED <-> FILE-MULTIMEDIA Apple QuickTime mdat atom corruption out of bounds read attempt (file-multimedia.rules)
 * 1:12710 <-> DISABLED <-> SERVER-OTHER ASN.1 constructed bit string (server-other.rules)
 * 1:35711 <-> DISABLED <-> FILE-MULTIMEDIA Apple Quicktime invalid alis atom out of bounds read attempt (file-multimedia.rules)
 * 1:19559 <-> DISABLED <-> INDICATOR-SCAN SSH brute force login attempt (indicator-scan.rules)
 * 1:55828 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet multiple functions SQL injection attempt (server-webapp.rules)
 * 1:35718 <-> ENABLED <-> FILE-MULTIMEDIA Apple QuickTime mdat atom corruption out of bounds read attempt (file-multimedia.rules)
 * 1:35713 <-> DISABLED <-> FILE-MULTIMEDIA Apple Quicktime invalid dref atom out of bounds read attempt (file-multimedia.rules)
 * 1:35717 <-> ENABLED <-> FILE-MULTIMEDIA Apple QuickTime mdat atom corruption out of bounds read attempt (file-multimedia.rules)
 * 1:35716 <-> ENABLED <-> FILE-MULTIMEDIA Apple QuickTime mdat atom corruption out of bounds read attempt (file-multimedia.rules)
 * 1:55829 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet multiple functions SQL injection attempt (server-webapp.rules)
 * 1:35714 <-> DISABLED <-> FILE-MULTIMEDIA Apple Quicktime invalid dref atom out of bounds read attempt (file-multimedia.rules)
 * 1:35626 <-> DISABLED <-> FILE-MULTIMEDIA Apple Quicktime invalid samr atom out of bounds read attempt (file-multimedia.rules)
 * 1:35624 <-> DISABLED <-> FILE-MULTIMEDIA Apple Quicktime invalid samr atom out of bounds read attempt (file-multimedia.rules)
 * 1:35627 <-> DISABLED <-> FILE-MULTIMEDIA Apple Quicktime invalid samr atom out of bounds read attempt (file-multimedia.rules)
 * 1:55827 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet multiple functions SQL injection attempt (server-webapp.rules)
 * 1:35712 <-> DISABLED <-> FILE-MULTIMEDIA Apple Quicktime invalid alis atom out of bounds read attempt (file-multimedia.rules)

3031

2021-10-28 12:49:52 UTC

Snort Subscriber Rules Update

Date: 2021-10-27-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.0.3.1.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:58418 <-> SERVER-WEBAPP ReadyDesk 9.1 OpenAttach2 directory traversal attempt
* 1:58419 <-> SERVER-WEBAPP ReadyDesk 9.1 OpenAttach2 directory traversal attempt
* 1:58420 <-> SERVER-WEBAPP ReadyDesk 9.1 OpenAttach2 directory traversal attempt
* 1:58421 <-> SERVER-WEBAPP BillQuick Web Suite SQL injection attempt
* 1:58422 <-> SERVER-WEBAPP BillQuick Web Suite SQL injection attempt
* 1:58423 <-> SERVER-WEBAPP BillQuick Web Suite SQL injection attempt
* 1:58424 <-> SERVER-WEBAPP Schneider Electric Umotion Builder Virtual Appliance Css directory traversal attempt
* 1:58425 <-> SERVER-WEBAPP Schneider Electric Umotion Builder Virtual Appliance Css directory traversal attempt
* 1:58426 <-> SERVER-WEBAPP Schneider Electric Umotion Builder Virtual Appliance Css directory traversal attempt
* 1:58427 <-> SERVER-WEBAPP Trend Micro Control Manager widget_old_SP1 dlp_policy directory traversal attempt
* 1:58428 <-> SERVER-WEBAPP Trend Micro Control Manager Widget modDLPViolationCntdrildown.php directory traversal attempt
* 1:58429 <-> MALWARE-CNC Win.Trojan.MirrorBlast outbound connection
* 1:58430 <-> MALWARE-CNC Win.Trojan.MirrorBlast outbound connection
* 1:58431 <-> MALWARE-CNC Win.Trojan.MirrorBlast outbound connection
* 1:58432 <-> MALWARE-CNC Win.Trojan.MirrorBlast outbound connection
* 1:58433 <-> MALWARE-CNC Win.Trojan.MirrorBlast outbound connection
* 1:58434 <-> MALWARE-OTHER Php.Webshell.Generic download attempt
* 1:58435 <-> MALWARE-OTHER Php.Webshell.Generic upload attempt
* 1:58436 <-> MALWARE-OTHER Php.Webshell.Generic upload attempt
* 1:58437 <-> MALWARE-OTHER Php.Webshell.Generic download attempt
* 1:58438 <-> MALWARE-OTHER Php.Webshell.Generic upload attempt
* 1:58439 <-> MALWARE-OTHER Php.Webshell.Generic download attempt
* 3:58440 <-> SERVER-WEBAPP Cisco ASA and FTD web services stack buffer overflow attempt
* 3:58441 <-> SERVER-WEBAPP Cisco ASA and FTD web services denial of service attempt
* 3:58442 <-> SERVER-OTHER Cisco ASA and FTD denial of service attempt
* 3:58443 <-> SERVER-WEBAPP Cisco ASA and FTD web services denial of service attempt
* 3:58444 <-> SERVER-WEBAPP Cisco ASA and FTD web services denial of service attempt
* 3:58445 <-> SERVER-WEBAPP Cisco ASA and FTD web services denial of service attempt
* 3:58446 <-> SERVER-WEBAPP Cisco Firepower Management Center directory traversal attempt
* 1:58447 <-> SERVER-APACHE Apache Druid remote code execution attempt

Modified Rules:

* 1:12710 <-> SERVER-OTHER ASN.1 constructed bit string
* 1:19559 <-> INDICATOR-SCAN SSH brute force login attempt
* 1:35624 <-> FILE-MULTIMEDIA Apple Quicktime invalid samr atom out of bounds read attempt
* 1:35625 <-> FILE-MULTIMEDIA Apple Quicktime invalid samr atom out of bounds read attempt
* 1:35626 <-> FILE-MULTIMEDIA Apple Quicktime invalid samr atom out of bounds read attempt
* 1:35627 <-> FILE-MULTIMEDIA Apple Quicktime invalid samr atom out of bounds read attempt
* 1:35711 <-> FILE-MULTIMEDIA Apple Quicktime invalid alis atom out of bounds read attempt
* 1:35712 <-> FILE-MULTIMEDIA Apple Quicktime invalid alis atom out of bounds read attempt
* 1:35713 <-> FILE-MULTIMEDIA Apple Quicktime invalid dref atom out of bounds read attempt
* 1:35714 <-> FILE-MULTIMEDIA Apple Quicktime invalid dref atom out of bounds read attempt
* 1:35715 <-> FILE-MULTIMEDIA Apple QuickTime mdat atom corruption out of bounds read attempt
* 1:35716 <-> FILE-MULTIMEDIA Apple QuickTime mdat atom corruption out of bounds read attempt
* 1:35717 <-> FILE-MULTIMEDIA Apple QuickTime mdat atom corruption out of bounds read attempt
* 1:35718 <-> FILE-MULTIMEDIA Apple QuickTime mdat atom corruption out of bounds read attempt
* 1:55827 <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet multiple functions SQL injection attempt
* 1:55828 <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet multiple functions SQL injection attempt
* 1:55829 <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet multiple functions SQL injection attempt

3034

2021-10-28 12:49:52 UTC

Snort Subscriber Rules Update

Date: 2021-10-27-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.0.3.4.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:58418 <-> SERVER-WEBAPP ReadyDesk 9.1 OpenAttach2 directory traversal attempt
* 1:58419 <-> SERVER-WEBAPP ReadyDesk 9.1 OpenAttach2 directory traversal attempt
* 1:58420 <-> SERVER-WEBAPP ReadyDesk 9.1 OpenAttach2 directory traversal attempt
* 1:58421 <-> SERVER-WEBAPP BillQuick Web Suite SQL injection attempt
* 1:58422 <-> SERVER-WEBAPP BillQuick Web Suite SQL injection attempt
* 1:58423 <-> SERVER-WEBAPP BillQuick Web Suite SQL injection attempt
* 1:58424 <-> SERVER-WEBAPP Schneider Electric Umotion Builder Virtual Appliance Css directory traversal attempt
* 1:58425 <-> SERVER-WEBAPP Schneider Electric Umotion Builder Virtual Appliance Css directory traversal attempt
* 1:58426 <-> SERVER-WEBAPP Schneider Electric Umotion Builder Virtual Appliance Css directory traversal attempt
* 1:58427 <-> SERVER-WEBAPP Trend Micro Control Manager widget_old_SP1 dlp_policy directory traversal attempt
* 1:58428 <-> SERVER-WEBAPP Trend Micro Control Manager Widget modDLPViolationCntdrildown.php directory traversal attempt
* 1:58429 <-> MALWARE-CNC Win.Trojan.MirrorBlast outbound connection
* 1:58430 <-> MALWARE-CNC Win.Trojan.MirrorBlast outbound connection
* 1:58431 <-> MALWARE-CNC Win.Trojan.MirrorBlast outbound connection
* 1:58432 <-> MALWARE-CNC Win.Trojan.MirrorBlast outbound connection
* 1:58433 <-> MALWARE-CNC Win.Trojan.MirrorBlast outbound connection
* 1:58434 <-> MALWARE-OTHER Php.Webshell.Generic download attempt
* 1:58435 <-> MALWARE-OTHER Php.Webshell.Generic upload attempt
* 1:58436 <-> MALWARE-OTHER Php.Webshell.Generic upload attempt
* 1:58437 <-> MALWARE-OTHER Php.Webshell.Generic download attempt
* 1:58438 <-> MALWARE-OTHER Php.Webshell.Generic upload attempt
* 1:58439 <-> MALWARE-OTHER Php.Webshell.Generic download attempt
* 3:58440 <-> SERVER-WEBAPP Cisco ASA and FTD web services stack buffer overflow attempt
* 3:58441 <-> SERVER-WEBAPP Cisco ASA and FTD web services denial of service attempt
* 3:58442 <-> SERVER-OTHER Cisco ASA and FTD denial of service attempt
* 3:58443 <-> SERVER-WEBAPP Cisco ASA and FTD web services denial of service attempt
* 3:58444 <-> SERVER-WEBAPP Cisco ASA and FTD web services denial of service attempt
* 3:58445 <-> SERVER-WEBAPP Cisco ASA and FTD web services denial of service attempt
* 3:58446 <-> SERVER-WEBAPP Cisco Firepower Management Center directory traversal attempt
* 1:58447 <-> SERVER-APACHE Apache Druid remote code execution attempt

Modified Rules:

* 1:12710 <-> SERVER-OTHER ASN.1 constructed bit string
* 1:19559 <-> INDICATOR-SCAN SSH brute force login attempt
* 1:35624 <-> FILE-MULTIMEDIA Apple Quicktime invalid samr atom out of bounds read attempt
* 1:35625 <-> FILE-MULTIMEDIA Apple Quicktime invalid samr atom out of bounds read attempt
* 1:35626 <-> FILE-MULTIMEDIA Apple Quicktime invalid samr atom out of bounds read attempt
* 1:35627 <-> FILE-MULTIMEDIA Apple Quicktime invalid samr atom out of bounds read attempt
* 1:35711 <-> FILE-MULTIMEDIA Apple Quicktime invalid alis atom out of bounds read attempt
* 1:35712 <-> FILE-MULTIMEDIA Apple Quicktime invalid alis atom out of bounds read attempt
* 1:35713 <-> FILE-MULTIMEDIA Apple Quicktime invalid dref atom out of bounds read attempt
* 1:35714 <-> FILE-MULTIMEDIA Apple Quicktime invalid dref atom out of bounds read attempt
* 1:35715 <-> FILE-MULTIMEDIA Apple QuickTime mdat atom corruption out of bounds read attempt
* 1:35716 <-> FILE-MULTIMEDIA Apple QuickTime mdat atom corruption out of bounds read attempt
* 1:35717 <-> FILE-MULTIMEDIA Apple QuickTime mdat atom corruption out of bounds read attempt
* 1:35718 <-> FILE-MULTIMEDIA Apple QuickTime mdat atom corruption out of bounds read attempt
* 1:55827 <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet multiple functions SQL injection attempt
* 1:55828 <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet multiple functions SQL injection attempt
* 1:55829 <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet multiple functions SQL injection attempt

3100

2021-10-28 12:49:52 UTC

Snort Subscriber Rules Update

Date: 2021-10-27-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.0.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:58418 <-> SERVER-WEBAPP ReadyDesk 9.1 OpenAttach2 directory traversal attempt
* 1:58419 <-> SERVER-WEBAPP ReadyDesk 9.1 OpenAttach2 directory traversal attempt
* 1:58420 <-> SERVER-WEBAPP ReadyDesk 9.1 OpenAttach2 directory traversal attempt
* 1:58421 <-> SERVER-WEBAPP BillQuick Web Suite SQL injection attempt
* 1:58422 <-> SERVER-WEBAPP BillQuick Web Suite SQL injection attempt
* 1:58423 <-> SERVER-WEBAPP BillQuick Web Suite SQL injection attempt
* 1:58424 <-> SERVER-WEBAPP Schneider Electric Umotion Builder Virtual Appliance Css directory traversal attempt
* 1:58425 <-> SERVER-WEBAPP Schneider Electric Umotion Builder Virtual Appliance Css directory traversal attempt
* 1:58426 <-> SERVER-WEBAPP Schneider Electric Umotion Builder Virtual Appliance Css directory traversal attempt
* 1:58427 <-> SERVER-WEBAPP Trend Micro Control Manager widget_old_SP1 dlp_policy directory traversal attempt
* 1:58428 <-> SERVER-WEBAPP Trend Micro Control Manager Widget modDLPViolationCntdrildown.php directory traversal attempt
* 1:58429 <-> MALWARE-CNC Win.Trojan.MirrorBlast outbound connection
* 1:58430 <-> MALWARE-CNC Win.Trojan.MirrorBlast outbound connection
* 1:58431 <-> MALWARE-CNC Win.Trojan.MirrorBlast outbound connection
* 1:58432 <-> MALWARE-CNC Win.Trojan.MirrorBlast outbound connection
* 1:58433 <-> MALWARE-CNC Win.Trojan.MirrorBlast outbound connection
* 1:58434 <-> MALWARE-OTHER Php.Webshell.Generic download attempt
* 1:58435 <-> MALWARE-OTHER Php.Webshell.Generic upload attempt
* 1:58436 <-> MALWARE-OTHER Php.Webshell.Generic upload attempt
* 1:58437 <-> MALWARE-OTHER Php.Webshell.Generic download attempt
* 1:58438 <-> MALWARE-OTHER Php.Webshell.Generic upload attempt
* 1:58439 <-> MALWARE-OTHER Php.Webshell.Generic download attempt
* 3:58440 <-> SERVER-WEBAPP Cisco ASA and FTD web services stack buffer overflow attempt
* 3:58441 <-> SERVER-WEBAPP Cisco ASA and FTD web services denial of service attempt
* 3:58442 <-> SERVER-OTHER Cisco ASA and FTD denial of service attempt
* 3:58443 <-> SERVER-WEBAPP Cisco ASA and FTD web services denial of service attempt
* 3:58444 <-> SERVER-WEBAPP Cisco ASA and FTD web services denial of service attempt
* 3:58445 <-> SERVER-WEBAPP Cisco ASA and FTD web services denial of service attempt
* 3:58446 <-> SERVER-WEBAPP Cisco Firepower Management Center directory traversal attempt
* 1:58447 <-> SERVER-APACHE Apache Druid remote code execution attempt

Modified Rules:

* 1:12710 <-> SERVER-OTHER ASN.1 constructed bit string
* 1:19559 <-> INDICATOR-SCAN SSH brute force login attempt
* 1:35624 <-> FILE-MULTIMEDIA Apple Quicktime invalid samr atom out of bounds read attempt
* 1:35625 <-> FILE-MULTIMEDIA Apple Quicktime invalid samr atom out of bounds read attempt
* 1:35626 <-> FILE-MULTIMEDIA Apple Quicktime invalid samr atom out of bounds read attempt
* 1:35627 <-> FILE-MULTIMEDIA Apple Quicktime invalid samr atom out of bounds read attempt
* 1:35711 <-> FILE-MULTIMEDIA Apple Quicktime invalid alis atom out of bounds read attempt
* 1:35712 <-> FILE-MULTIMEDIA Apple Quicktime invalid alis atom out of bounds read attempt
* 1:35713 <-> FILE-MULTIMEDIA Apple Quicktime invalid dref atom out of bounds read attempt
* 1:35714 <-> FILE-MULTIMEDIA Apple Quicktime invalid dref atom out of bounds read attempt
* 1:35715 <-> FILE-MULTIMEDIA Apple QuickTime mdat atom corruption out of bounds read attempt
* 1:35716 <-> FILE-MULTIMEDIA Apple QuickTime mdat atom corruption out of bounds read attempt
* 1:35717 <-> FILE-MULTIMEDIA Apple QuickTime mdat atom corruption out of bounds read attempt
* 1:35718 <-> FILE-MULTIMEDIA Apple QuickTime mdat atom corruption out of bounds read attempt
* 1:55827 <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet multiple functions SQL injection attempt
* 1:55828 <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet multiple functions SQL injection attempt
* 1:55829 <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet multiple functions SQL injection attempt

3101

2021-10-28 12:49:52 UTC

Snort Subscriber Rules Update

Date: 2021-10-27-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.0.1.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:58418 <-> SERVER-WEBAPP ReadyDesk 9.1 OpenAttach2 directory traversal attempt
* 1:58419 <-> SERVER-WEBAPP ReadyDesk 9.1 OpenAttach2 directory traversal attempt
* 1:58420 <-> SERVER-WEBAPP ReadyDesk 9.1 OpenAttach2 directory traversal attempt
* 1:58421 <-> SERVER-WEBAPP BillQuick Web Suite SQL injection attempt
* 1:58422 <-> SERVER-WEBAPP BillQuick Web Suite SQL injection attempt
* 1:58423 <-> SERVER-WEBAPP BillQuick Web Suite SQL injection attempt
* 1:58424 <-> SERVER-WEBAPP Schneider Electric Umotion Builder Virtual Appliance Css directory traversal attempt
* 1:58425 <-> SERVER-WEBAPP Schneider Electric Umotion Builder Virtual Appliance Css directory traversal attempt
* 1:58426 <-> SERVER-WEBAPP Schneider Electric Umotion Builder Virtual Appliance Css directory traversal attempt
* 1:58427 <-> SERVER-WEBAPP Trend Micro Control Manager widget_old_SP1 dlp_policy directory traversal attempt
* 1:58428 <-> SERVER-WEBAPP Trend Micro Control Manager Widget modDLPViolationCntdrildown.php directory traversal attempt
* 1:58429 <-> MALWARE-CNC Win.Trojan.MirrorBlast outbound connection
* 1:58430 <-> MALWARE-CNC Win.Trojan.MirrorBlast outbound connection
* 1:58431 <-> MALWARE-CNC Win.Trojan.MirrorBlast outbound connection
* 1:58432 <-> MALWARE-CNC Win.Trojan.MirrorBlast outbound connection
* 1:58433 <-> MALWARE-CNC Win.Trojan.MirrorBlast outbound connection
* 1:58434 <-> MALWARE-OTHER Php.Webshell.Generic download attempt
* 1:58435 <-> MALWARE-OTHER Php.Webshell.Generic upload attempt
* 1:58436 <-> MALWARE-OTHER Php.Webshell.Generic upload attempt
* 1:58437 <-> MALWARE-OTHER Php.Webshell.Generic download attempt
* 1:58438 <-> MALWARE-OTHER Php.Webshell.Generic upload attempt
* 1:58439 <-> MALWARE-OTHER Php.Webshell.Generic download attempt
* 3:58440 <-> SERVER-WEBAPP Cisco ASA and FTD web services stack buffer overflow attempt
* 3:58441 <-> SERVER-WEBAPP Cisco ASA and FTD web services denial of service attempt
* 3:58442 <-> SERVER-OTHER Cisco ASA and FTD denial of service attempt
* 3:58443 <-> SERVER-WEBAPP Cisco ASA and FTD web services denial of service attempt
* 3:58444 <-> SERVER-WEBAPP Cisco ASA and FTD web services denial of service attempt
* 3:58445 <-> SERVER-WEBAPP Cisco ASA and FTD web services denial of service attempt
* 3:58446 <-> SERVER-WEBAPP Cisco Firepower Management Center directory traversal attempt
* 1:58447 <-> SERVER-APACHE Apache Druid remote code execution attempt

Modified Rules:

* 1:12710 <-> SERVER-OTHER ASN.1 constructed bit string
* 1:19559 <-> INDICATOR-SCAN SSH brute force login attempt
* 1:35624 <-> FILE-MULTIMEDIA Apple Quicktime invalid samr atom out of bounds read attempt
* 1:35625 <-> FILE-MULTIMEDIA Apple Quicktime invalid samr atom out of bounds read attempt
* 1:35626 <-> FILE-MULTIMEDIA Apple Quicktime invalid samr atom out of bounds read attempt
* 1:35627 <-> FILE-MULTIMEDIA Apple Quicktime invalid samr atom out of bounds read attempt
* 1:35711 <-> FILE-MULTIMEDIA Apple Quicktime invalid alis atom out of bounds read attempt
* 1:35712 <-> FILE-MULTIMEDIA Apple Quicktime invalid alis atom out of bounds read attempt
* 1:35713 <-> FILE-MULTIMEDIA Apple Quicktime invalid dref atom out of bounds read attempt
* 1:35714 <-> FILE-MULTIMEDIA Apple Quicktime invalid dref atom out of bounds read attempt
* 1:35715 <-> FILE-MULTIMEDIA Apple QuickTime mdat atom corruption out of bounds read attempt
* 1:35716 <-> FILE-MULTIMEDIA Apple QuickTime mdat atom corruption out of bounds read attempt
* 1:35717 <-> FILE-MULTIMEDIA Apple QuickTime mdat atom corruption out of bounds read attempt
* 1:35718 <-> FILE-MULTIMEDIA Apple QuickTime mdat atom corruption out of bounds read attempt
* 1:55827 <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet multiple functions SQL injection attempt
* 1:55828 <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet multiple functions SQL injection attempt
* 1:55829 <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet multiple functions SQL injection attempt

3110

2021-10-28 12:49:52 UTC

Snort Subscriber Rules Update

Date: 2021-10-27-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.1.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:58418 <-> SERVER-WEBAPP ReadyDesk 9.1 OpenAttach2 directory traversal attempt
* 1:58419 <-> SERVER-WEBAPP ReadyDesk 9.1 OpenAttach2 directory traversal attempt
* 1:58420 <-> SERVER-WEBAPP ReadyDesk 9.1 OpenAttach2 directory traversal attempt
* 1:58421 <-> SERVER-WEBAPP BillQuick Web Suite SQL injection attempt
* 1:58422 <-> SERVER-WEBAPP BillQuick Web Suite SQL injection attempt
* 1:58423 <-> SERVER-WEBAPP BillQuick Web Suite SQL injection attempt
* 1:58424 <-> SERVER-WEBAPP Schneider Electric Umotion Builder Virtual Appliance Css directory traversal attempt
* 1:58425 <-> SERVER-WEBAPP Schneider Electric Umotion Builder Virtual Appliance Css directory traversal attempt
* 1:58426 <-> SERVER-WEBAPP Schneider Electric Umotion Builder Virtual Appliance Css directory traversal attempt
* 1:58427 <-> SERVER-WEBAPP Trend Micro Control Manager widget_old_SP1 dlp_policy directory traversal attempt
* 1:58428 <-> SERVER-WEBAPP Trend Micro Control Manager Widget modDLPViolationCntdrildown.php directory traversal attempt
* 1:58429 <-> MALWARE-CNC Win.Trojan.MirrorBlast outbound connection
* 1:58430 <-> MALWARE-CNC Win.Trojan.MirrorBlast outbound connection
* 1:58431 <-> MALWARE-CNC Win.Trojan.MirrorBlast outbound connection
* 1:58432 <-> MALWARE-CNC Win.Trojan.MirrorBlast outbound connection
* 1:58433 <-> MALWARE-CNC Win.Trojan.MirrorBlast outbound connection
* 1:58434 <-> MALWARE-OTHER Php.Webshell.Generic download attempt
* 1:58435 <-> MALWARE-OTHER Php.Webshell.Generic upload attempt
* 1:58436 <-> MALWARE-OTHER Php.Webshell.Generic upload attempt
* 1:58437 <-> MALWARE-OTHER Php.Webshell.Generic download attempt
* 1:58438 <-> MALWARE-OTHER Php.Webshell.Generic upload attempt
* 1:58439 <-> MALWARE-OTHER Php.Webshell.Generic download attempt
* 3:58440 <-> SERVER-WEBAPP Cisco ASA and FTD web services stack buffer overflow attempt
* 3:58441 <-> SERVER-WEBAPP Cisco ASA and FTD web services denial of service attempt
* 3:58442 <-> SERVER-OTHER Cisco ASA and FTD denial of service attempt
* 3:58443 <-> SERVER-WEBAPP Cisco ASA and FTD web services denial of service attempt
* 3:58444 <-> SERVER-WEBAPP Cisco ASA and FTD web services denial of service attempt
* 3:58445 <-> SERVER-WEBAPP Cisco ASA and FTD web services denial of service attempt
* 3:58446 <-> SERVER-WEBAPP Cisco Firepower Management Center directory traversal attempt
* 1:58447 <-> SERVER-APACHE Apache Druid remote code execution attempt

Modified Rules:

* 1:12710 <-> SERVER-OTHER ASN.1 constructed bit string
* 1:19559 <-> INDICATOR-SCAN SSH brute force login attempt
* 1:35624 <-> FILE-MULTIMEDIA Apple Quicktime invalid samr atom out of bounds read attempt
* 1:35625 <-> FILE-MULTIMEDIA Apple Quicktime invalid samr atom out of bounds read attempt
* 1:35626 <-> FILE-MULTIMEDIA Apple Quicktime invalid samr atom out of bounds read attempt
* 1:35627 <-> FILE-MULTIMEDIA Apple Quicktime invalid samr atom out of bounds read attempt
* 1:35711 <-> FILE-MULTIMEDIA Apple Quicktime invalid alis atom out of bounds read attempt
* 1:35712 <-> FILE-MULTIMEDIA Apple Quicktime invalid alis atom out of bounds read attempt
* 1:35713 <-> FILE-MULTIMEDIA Apple Quicktime invalid dref atom out of bounds read attempt
* 1:35714 <-> FILE-MULTIMEDIA Apple Quicktime invalid dref atom out of bounds read attempt
* 1:35715 <-> FILE-MULTIMEDIA Apple QuickTime mdat atom corruption out of bounds read attempt
* 1:35716 <-> FILE-MULTIMEDIA Apple QuickTime mdat atom corruption out of bounds read attempt
* 1:35717 <-> FILE-MULTIMEDIA Apple QuickTime mdat atom corruption out of bounds read attempt
* 1:35718 <-> FILE-MULTIMEDIA Apple QuickTime mdat atom corruption out of bounds read attempt
* 1:55827 <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet multiple functions SQL injection attempt
* 1:55828 <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet multiple functions SQL injection attempt
* 1:55829 <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet multiple functions SQL injection attempt

3130

2021-10-28 12:49:52 UTC

Snort Subscriber Rules Update

Date: 2021-10-27-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.3.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:58418 <-> SERVER-WEBAPP ReadyDesk 9.1 OpenAttach2 directory traversal attempt
* 1:58419 <-> SERVER-WEBAPP ReadyDesk 9.1 OpenAttach2 directory traversal attempt
* 1:58420 <-> SERVER-WEBAPP ReadyDesk 9.1 OpenAttach2 directory traversal attempt
* 1:58421 <-> SERVER-WEBAPP BillQuick Web Suite SQL injection attempt
* 1:58422 <-> SERVER-WEBAPP BillQuick Web Suite SQL injection attempt
* 1:58423 <-> SERVER-WEBAPP BillQuick Web Suite SQL injection attempt
* 1:58424 <-> SERVER-WEBAPP Schneider Electric Umotion Builder Virtual Appliance Css directory traversal attempt
* 1:58425 <-> SERVER-WEBAPP Schneider Electric Umotion Builder Virtual Appliance Css directory traversal attempt
* 1:58426 <-> SERVER-WEBAPP Schneider Electric Umotion Builder Virtual Appliance Css directory traversal attempt
* 1:58427 <-> SERVER-WEBAPP Trend Micro Control Manager widget_old_SP1 dlp_policy directory traversal attempt
* 1:58428 <-> SERVER-WEBAPP Trend Micro Control Manager Widget modDLPViolationCntdrildown.php directory traversal attempt
* 1:58429 <-> MALWARE-CNC Win.Trojan.MirrorBlast outbound connection
* 1:58430 <-> MALWARE-CNC Win.Trojan.MirrorBlast outbound connection
* 1:58431 <-> MALWARE-CNC Win.Trojan.MirrorBlast outbound connection
* 1:58432 <-> MALWARE-CNC Win.Trojan.MirrorBlast outbound connection
* 1:58433 <-> MALWARE-CNC Win.Trojan.MirrorBlast outbound connection
* 1:58434 <-> MALWARE-OTHER Php.Webshell.Generic download attempt
* 1:58435 <-> MALWARE-OTHER Php.Webshell.Generic upload attempt
* 1:58436 <-> MALWARE-OTHER Php.Webshell.Generic upload attempt
* 1:58437 <-> MALWARE-OTHER Php.Webshell.Generic download attempt
* 1:58438 <-> MALWARE-OTHER Php.Webshell.Generic upload attempt
* 1:58439 <-> MALWARE-OTHER Php.Webshell.Generic download attempt
* 3:58440 <-> SERVER-WEBAPP Cisco ASA and FTD web services stack buffer overflow attempt
* 3:58441 <-> SERVER-WEBAPP Cisco ASA and FTD web services denial of service attempt
* 3:58442 <-> SERVER-OTHER Cisco ASA and FTD denial of service attempt
* 3:58443 <-> SERVER-WEBAPP Cisco ASA and FTD web services denial of service attempt
* 3:58444 <-> SERVER-WEBAPP Cisco ASA and FTD web services denial of service attempt
* 3:58445 <-> SERVER-WEBAPP Cisco ASA and FTD web services denial of service attempt
* 3:58446 <-> SERVER-WEBAPP Cisco Firepower Management Center directory traversal attempt
* 1:58447 <-> SERVER-APACHE Apache Druid remote code execution attempt

Modified Rules:

* 1:12710 <-> SERVER-OTHER ASN.1 constructed bit string
* 1:19559 <-> INDICATOR-SCAN SSH brute force login attempt
* 1:35624 <-> FILE-MULTIMEDIA Apple Quicktime invalid samr atom out of bounds read attempt
* 1:35625 <-> FILE-MULTIMEDIA Apple Quicktime invalid samr atom out of bounds read attempt
* 1:35626 <-> FILE-MULTIMEDIA Apple Quicktime invalid samr atom out of bounds read attempt
* 1:35627 <-> FILE-MULTIMEDIA Apple Quicktime invalid samr atom out of bounds read attempt
* 1:35711 <-> FILE-MULTIMEDIA Apple Quicktime invalid alis atom out of bounds read attempt
* 1:35712 <-> FILE-MULTIMEDIA Apple Quicktime invalid alis atom out of bounds read attempt
* 1:35713 <-> FILE-MULTIMEDIA Apple Quicktime invalid dref atom out of bounds read attempt
* 1:35714 <-> FILE-MULTIMEDIA Apple Quicktime invalid dref atom out of bounds read attempt
* 1:35715 <-> FILE-MULTIMEDIA Apple QuickTime mdat atom corruption out of bounds read attempt
* 1:35716 <-> FILE-MULTIMEDIA Apple QuickTime mdat atom corruption out of bounds read attempt
* 1:35717 <-> FILE-MULTIMEDIA Apple QuickTime mdat atom corruption out of bounds read attempt
* 1:35718 <-> FILE-MULTIMEDIA Apple QuickTime mdat atom corruption out of bounds read attempt
* 1:55827 <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet multiple functions SQL injection attempt
* 1:55828 <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet multiple functions SQL injection attempt
* 1:55829 <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet multiple functions SQL injection attempt

3140

2021-10-28 12:49:53 UTC

Snort Subscriber Rules Update

Date: 2021-10-27-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.4.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:58418 <-> SERVER-WEBAPP ReadyDesk 9.1 OpenAttach2 directory traversal attempt
* 1:58419 <-> SERVER-WEBAPP ReadyDesk 9.1 OpenAttach2 directory traversal attempt
* 1:58420 <-> SERVER-WEBAPP ReadyDesk 9.1 OpenAttach2 directory traversal attempt
* 1:58421 <-> SERVER-WEBAPP BillQuick Web Suite SQL injection attempt
* 1:58422 <-> SERVER-WEBAPP BillQuick Web Suite SQL injection attempt
* 1:58423 <-> SERVER-WEBAPP BillQuick Web Suite SQL injection attempt
* 1:58424 <-> SERVER-WEBAPP Schneider Electric Umotion Builder Virtual Appliance Css directory traversal attempt
* 1:58425 <-> SERVER-WEBAPP Schneider Electric Umotion Builder Virtual Appliance Css directory traversal attempt
* 1:58426 <-> SERVER-WEBAPP Schneider Electric Umotion Builder Virtual Appliance Css directory traversal attempt
* 1:58427 <-> SERVER-WEBAPP Trend Micro Control Manager widget_old_SP1 dlp_policy directory traversal attempt
* 1:58428 <-> SERVER-WEBAPP Trend Micro Control Manager Widget modDLPViolationCntdrildown.php directory traversal attempt
* 1:58429 <-> MALWARE-CNC Win.Trojan.MirrorBlast outbound connection
* 1:58430 <-> MALWARE-CNC Win.Trojan.MirrorBlast outbound connection
* 1:58431 <-> MALWARE-CNC Win.Trojan.MirrorBlast outbound connection
* 1:58432 <-> MALWARE-CNC Win.Trojan.MirrorBlast outbound connection
* 1:58433 <-> MALWARE-CNC Win.Trojan.MirrorBlast outbound connection
* 1:58434 <-> MALWARE-OTHER Php.Webshell.Generic download attempt
* 1:58435 <-> MALWARE-OTHER Php.Webshell.Generic upload attempt
* 1:58436 <-> MALWARE-OTHER Php.Webshell.Generic upload attempt
* 1:58437 <-> MALWARE-OTHER Php.Webshell.Generic download attempt
* 1:58438 <-> MALWARE-OTHER Php.Webshell.Generic upload attempt
* 1:58439 <-> MALWARE-OTHER Php.Webshell.Generic download attempt
* 3:58440 <-> SERVER-WEBAPP Cisco ASA and FTD web services stack buffer overflow attempt
* 3:58441 <-> SERVER-WEBAPP Cisco ASA and FTD web services denial of service attempt
* 3:58442 <-> SERVER-OTHER Cisco ASA and FTD denial of service attempt
* 3:58443 <-> SERVER-WEBAPP Cisco ASA and FTD web services denial of service attempt
* 3:58444 <-> SERVER-WEBAPP Cisco ASA and FTD web services denial of service attempt
* 3:58445 <-> SERVER-WEBAPP Cisco ASA and FTD web services denial of service attempt
* 3:58446 <-> SERVER-WEBAPP Cisco Firepower Management Center directory traversal attempt
* 1:58447 <-> SERVER-APACHE Apache Druid remote code execution attempt

Modified Rules:

* 1:12710 <-> SERVER-OTHER ASN.1 constructed bit string
* 1:19559 <-> INDICATOR-SCAN SSH brute force login attempt
* 1:35624 <-> FILE-MULTIMEDIA Apple Quicktime invalid samr atom out of bounds read attempt
* 1:35625 <-> FILE-MULTIMEDIA Apple Quicktime invalid samr atom out of bounds read attempt
* 1:35626 <-> FILE-MULTIMEDIA Apple Quicktime invalid samr atom out of bounds read attempt
* 1:35627 <-> FILE-MULTIMEDIA Apple Quicktime invalid samr atom out of bounds read attempt
* 1:35711 <-> FILE-MULTIMEDIA Apple Quicktime invalid alis atom out of bounds read attempt
* 1:35712 <-> FILE-MULTIMEDIA Apple Quicktime invalid alis atom out of bounds read attempt
* 1:35713 <-> FILE-MULTIMEDIA Apple Quicktime invalid dref atom out of bounds read attempt
* 1:35714 <-> FILE-MULTIMEDIA Apple Quicktime invalid dref atom out of bounds read attempt
* 1:35715 <-> FILE-MULTIMEDIA Apple QuickTime mdat atom corruption out of bounds read attempt
* 1:35716 <-> FILE-MULTIMEDIA Apple QuickTime mdat atom corruption out of bounds read attempt
* 1:35717 <-> FILE-MULTIMEDIA Apple QuickTime mdat atom corruption out of bounds read attempt
* 1:35718 <-> FILE-MULTIMEDIA Apple QuickTime mdat atom corruption out of bounds read attempt
* 1:55827 <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet multiple functions SQL injection attempt
* 1:55828 <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet multiple functions SQL injection attempt
* 1:55829 <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet multiple functions SQL injection attempt

3150

2021-10-28 12:49:53 UTC

Snort Subscriber Rules Update

Date: 2021-10-27-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.5.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:58418 <-> SERVER-WEBAPP ReadyDesk 9.1 OpenAttach2 directory traversal attempt
* 1:58419 <-> SERVER-WEBAPP ReadyDesk 9.1 OpenAttach2 directory traversal attempt
* 1:58420 <-> SERVER-WEBAPP ReadyDesk 9.1 OpenAttach2 directory traversal attempt
* 1:58421 <-> SERVER-WEBAPP BillQuick Web Suite SQL injection attempt
* 1:58422 <-> SERVER-WEBAPP BillQuick Web Suite SQL injection attempt
* 1:58423 <-> SERVER-WEBAPP BillQuick Web Suite SQL injection attempt
* 1:58424 <-> SERVER-WEBAPP Schneider Electric Umotion Builder Virtual Appliance Css directory traversal attempt
* 1:58425 <-> SERVER-WEBAPP Schneider Electric Umotion Builder Virtual Appliance Css directory traversal attempt
* 1:58426 <-> SERVER-WEBAPP Schneider Electric Umotion Builder Virtual Appliance Css directory traversal attempt
* 1:58427 <-> SERVER-WEBAPP Trend Micro Control Manager widget_old_SP1 dlp_policy directory traversal attempt
* 1:58428 <-> SERVER-WEBAPP Trend Micro Control Manager Widget modDLPViolationCntdrildown.php directory traversal attempt
* 1:58429 <-> MALWARE-CNC Win.Trojan.MirrorBlast outbound connection
* 1:58430 <-> MALWARE-CNC Win.Trojan.MirrorBlast outbound connection
* 1:58431 <-> MALWARE-CNC Win.Trojan.MirrorBlast outbound connection
* 1:58432 <-> MALWARE-CNC Win.Trojan.MirrorBlast outbound connection
* 1:58433 <-> MALWARE-CNC Win.Trojan.MirrorBlast outbound connection
* 1:58434 <-> MALWARE-OTHER Php.Webshell.Generic download attempt
* 1:58435 <-> MALWARE-OTHER Php.Webshell.Generic upload attempt
* 1:58436 <-> MALWARE-OTHER Php.Webshell.Generic upload attempt
* 1:58437 <-> MALWARE-OTHER Php.Webshell.Generic download attempt
* 1:58438 <-> MALWARE-OTHER Php.Webshell.Generic upload attempt
* 1:58439 <-> MALWARE-OTHER Php.Webshell.Generic download attempt
* 3:58440 <-> SERVER-WEBAPP Cisco ASA and FTD web services stack buffer overflow attempt
* 3:58441 <-> SERVER-WEBAPP Cisco ASA and FTD web services denial of service attempt
* 3:58442 <-> SERVER-OTHER Cisco ASA and FTD denial of service attempt
* 3:58443 <-> SERVER-WEBAPP Cisco ASA and FTD web services denial of service attempt
* 3:58444 <-> SERVER-WEBAPP Cisco ASA and FTD web services denial of service attempt
* 3:58445 <-> SERVER-WEBAPP Cisco ASA and FTD web services denial of service attempt
* 3:58446 <-> SERVER-WEBAPP Cisco Firepower Management Center directory traversal attempt
* 1:58447 <-> SERVER-APACHE Apache Druid remote code execution attempt

Modified Rules:

* 1:12710 <-> SERVER-OTHER ASN.1 constructed bit string
* 1:19559 <-> INDICATOR-SCAN SSH brute force login attempt
* 1:35624 <-> FILE-MULTIMEDIA Apple Quicktime invalid samr atom out of bounds read attempt
* 1:35625 <-> FILE-MULTIMEDIA Apple Quicktime invalid samr atom out of bounds read attempt
* 1:35626 <-> FILE-MULTIMEDIA Apple Quicktime invalid samr atom out of bounds read attempt
* 1:35627 <-> FILE-MULTIMEDIA Apple Quicktime invalid samr atom out of bounds read attempt
* 1:35711 <-> FILE-MULTIMEDIA Apple Quicktime invalid alis atom out of bounds read attempt
* 1:35712 <-> FILE-MULTIMEDIA Apple Quicktime invalid alis atom out of bounds read attempt
* 1:35713 <-> FILE-MULTIMEDIA Apple Quicktime invalid dref atom out of bounds read attempt
* 1:35714 <-> FILE-MULTIMEDIA Apple Quicktime invalid dref atom out of bounds read attempt
* 1:35715 <-> FILE-MULTIMEDIA Apple QuickTime mdat atom corruption out of bounds read attempt
* 1:35716 <-> FILE-MULTIMEDIA Apple QuickTime mdat atom corruption out of bounds read attempt
* 1:35717 <-> FILE-MULTIMEDIA Apple QuickTime mdat atom corruption out of bounds read attempt
* 1:35718 <-> FILE-MULTIMEDIA Apple QuickTime mdat atom corruption out of bounds read attempt
* 1:55827 <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet multiple functions SQL injection attempt
* 1:55828 <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet multiple functions SQL injection attempt
* 1:55829 <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet multiple functions SQL injection attempt

3170

2021-10-28 12:49:53 UTC

Snort Subscriber Rules Update

Date: 2021-10-27-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.7.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:58418 <-> SERVER-WEBAPP ReadyDesk 9.1 OpenAttach2 directory traversal attempt
* 1:58419 <-> SERVER-WEBAPP ReadyDesk 9.1 OpenAttach2 directory traversal attempt
* 1:58420 <-> SERVER-WEBAPP ReadyDesk 9.1 OpenAttach2 directory traversal attempt
* 1:58421 <-> SERVER-WEBAPP BillQuick Web Suite SQL injection attempt
* 1:58422 <-> SERVER-WEBAPP BillQuick Web Suite SQL injection attempt
* 1:58423 <-> SERVER-WEBAPP BillQuick Web Suite SQL injection attempt
* 1:58424 <-> SERVER-WEBAPP Schneider Electric Umotion Builder Virtual Appliance Css directory traversal attempt
* 1:58425 <-> SERVER-WEBAPP Schneider Electric Umotion Builder Virtual Appliance Css directory traversal attempt
* 1:58426 <-> SERVER-WEBAPP Schneider Electric Umotion Builder Virtual Appliance Css directory traversal attempt
* 1:58427 <-> SERVER-WEBAPP Trend Micro Control Manager widget_old_SP1 dlp_policy directory traversal attempt
* 1:58428 <-> SERVER-WEBAPP Trend Micro Control Manager Widget modDLPViolationCntdrildown.php directory traversal attempt
* 1:58429 <-> MALWARE-CNC Win.Trojan.MirrorBlast outbound connection
* 1:58430 <-> MALWARE-CNC Win.Trojan.MirrorBlast outbound connection
* 1:58431 <-> MALWARE-CNC Win.Trojan.MirrorBlast outbound connection
* 1:58432 <-> MALWARE-CNC Win.Trojan.MirrorBlast outbound connection
* 1:58433 <-> MALWARE-CNC Win.Trojan.MirrorBlast outbound connection
* 1:58434 <-> MALWARE-OTHER Php.Webshell.Generic download attempt
* 1:58435 <-> MALWARE-OTHER Php.Webshell.Generic upload attempt
* 1:58436 <-> MALWARE-OTHER Php.Webshell.Generic upload attempt
* 1:58437 <-> MALWARE-OTHER Php.Webshell.Generic download attempt
* 1:58438 <-> MALWARE-OTHER Php.Webshell.Generic upload attempt
* 1:58439 <-> MALWARE-OTHER Php.Webshell.Generic download attempt
* 3:58440 <-> SERVER-WEBAPP Cisco ASA and FTD web services stack buffer overflow attempt
* 3:58441 <-> SERVER-WEBAPP Cisco ASA and FTD web services denial of service attempt
* 3:58442 <-> SERVER-OTHER Cisco ASA and FTD denial of service attempt
* 3:58443 <-> SERVER-WEBAPP Cisco ASA and FTD web services denial of service attempt
* 3:58444 <-> SERVER-WEBAPP Cisco ASA and FTD web services denial of service attempt
* 3:58445 <-> SERVER-WEBAPP Cisco ASA and FTD web services denial of service attempt
* 3:58446 <-> SERVER-WEBAPP Cisco Firepower Management Center directory traversal attempt
* 1:58447 <-> SERVER-APACHE Apache Druid remote code execution attempt

Modified Rules:

* 1:12710 <-> SERVER-OTHER ASN.1 constructed bit string
* 1:19559 <-> INDICATOR-SCAN SSH brute force login attempt
* 1:35624 <-> FILE-MULTIMEDIA Apple Quicktime invalid samr atom out of bounds read attempt
* 1:35625 <-> FILE-MULTIMEDIA Apple Quicktime invalid samr atom out of bounds read attempt
* 1:35626 <-> FILE-MULTIMEDIA Apple Quicktime invalid samr atom out of bounds read attempt
* 1:35627 <-> FILE-MULTIMEDIA Apple Quicktime invalid samr atom out of bounds read attempt
* 1:35711 <-> FILE-MULTIMEDIA Apple Quicktime invalid alis atom out of bounds read attempt
* 1:35712 <-> FILE-MULTIMEDIA Apple Quicktime invalid alis atom out of bounds read attempt
* 1:35713 <-> FILE-MULTIMEDIA Apple Quicktime invalid dref atom out of bounds read attempt
* 1:35714 <-> FILE-MULTIMEDIA Apple Quicktime invalid dref atom out of bounds read attempt
* 1:35715 <-> FILE-MULTIMEDIA Apple QuickTime mdat atom corruption out of bounds read attempt
* 1:35716 <-> FILE-MULTIMEDIA Apple QuickTime mdat atom corruption out of bounds read attempt
* 1:35717 <-> FILE-MULTIMEDIA Apple QuickTime mdat atom corruption out of bounds read attempt
* 1:35718 <-> FILE-MULTIMEDIA Apple QuickTime mdat atom corruption out of bounds read attempt
* 1:55827 <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet multiple functions SQL injection attempt
* 1:55828 <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet multiple functions SQL injection attempt
* 1:55829 <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet multiple functions SQL injection attempt

3190

2021-10-28 12:49:53 UTC

Snort Subscriber Rules Update

Date: 2021-10-27-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.9.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:58418 <-> SERVER-WEBAPP ReadyDesk 9.1 OpenAttach2 directory traversal attempt
* 1:58419 <-> SERVER-WEBAPP ReadyDesk 9.1 OpenAttach2 directory traversal attempt
* 1:58420 <-> SERVER-WEBAPP ReadyDesk 9.1 OpenAttach2 directory traversal attempt
* 1:58421 <-> SERVER-WEBAPP BillQuick Web Suite SQL injection attempt
* 1:58422 <-> SERVER-WEBAPP BillQuick Web Suite SQL injection attempt
* 1:58423 <-> SERVER-WEBAPP BillQuick Web Suite SQL injection attempt
* 1:58424 <-> SERVER-WEBAPP Schneider Electric Umotion Builder Virtual Appliance Css directory traversal attempt
* 1:58425 <-> SERVER-WEBAPP Schneider Electric Umotion Builder Virtual Appliance Css directory traversal attempt
* 1:58426 <-> SERVER-WEBAPP Schneider Electric Umotion Builder Virtual Appliance Css directory traversal attempt
* 1:58427 <-> SERVER-WEBAPP Trend Micro Control Manager widget_old_SP1 dlp_policy directory traversal attempt
* 1:58428 <-> SERVER-WEBAPP Trend Micro Control Manager Widget modDLPViolationCntdrildown.php directory traversal attempt
* 1:58429 <-> MALWARE-CNC Win.Trojan.MirrorBlast outbound connection
* 1:58430 <-> MALWARE-CNC Win.Trojan.MirrorBlast outbound connection
* 1:58431 <-> MALWARE-CNC Win.Trojan.MirrorBlast outbound connection
* 1:58432 <-> MALWARE-CNC Win.Trojan.MirrorBlast outbound connection
* 1:58433 <-> MALWARE-CNC Win.Trojan.MirrorBlast outbound connection
* 1:58434 <-> MALWARE-OTHER Php.Webshell.Generic download attempt
* 1:58435 <-> MALWARE-OTHER Php.Webshell.Generic upload attempt
* 1:58436 <-> MALWARE-OTHER Php.Webshell.Generic upload attempt
* 1:58437 <-> MALWARE-OTHER Php.Webshell.Generic download attempt
* 1:58438 <-> MALWARE-OTHER Php.Webshell.Generic upload attempt
* 1:58439 <-> MALWARE-OTHER Php.Webshell.Generic download attempt
* 3:58440 <-> SERVER-WEBAPP Cisco ASA and FTD web services stack buffer overflow attempt
* 3:58441 <-> SERVER-WEBAPP Cisco ASA and FTD web services denial of service attempt
* 3:58442 <-> SERVER-OTHER Cisco ASA and FTD denial of service attempt
* 3:58443 <-> SERVER-WEBAPP Cisco ASA and FTD web services denial of service attempt
* 3:58444 <-> SERVER-WEBAPP Cisco ASA and FTD web services denial of service attempt
* 3:58445 <-> SERVER-WEBAPP Cisco ASA and FTD web services denial of service attempt
* 3:58446 <-> SERVER-WEBAPP Cisco Firepower Management Center directory traversal attempt
* 1:58447 <-> SERVER-APACHE Apache Druid remote code execution attempt

Modified Rules:

* 1:12710 <-> SERVER-OTHER ASN.1 constructed bit string
* 1:19559 <-> INDICATOR-SCAN SSH brute force login attempt
* 1:35624 <-> FILE-MULTIMEDIA Apple Quicktime invalid samr atom out of bounds read attempt
* 1:35625 <-> FILE-MULTIMEDIA Apple Quicktime invalid samr atom out of bounds read attempt
* 1:35626 <-> FILE-MULTIMEDIA Apple Quicktime invalid samr atom out of bounds read attempt
* 1:35627 <-> FILE-MULTIMEDIA Apple Quicktime invalid samr atom out of bounds read attempt
* 1:35711 <-> FILE-MULTIMEDIA Apple Quicktime invalid alis atom out of bounds read attempt
* 1:35712 <-> FILE-MULTIMEDIA Apple Quicktime invalid alis atom out of bounds read attempt
* 1:35713 <-> FILE-MULTIMEDIA Apple Quicktime invalid dref atom out of bounds read attempt
* 1:35714 <-> FILE-MULTIMEDIA Apple Quicktime invalid dref atom out of bounds read attempt
* 1:35715 <-> FILE-MULTIMEDIA Apple QuickTime mdat atom corruption out of bounds read attempt
* 1:35716 <-> FILE-MULTIMEDIA Apple QuickTime mdat atom corruption out of bounds read attempt
* 1:35717 <-> FILE-MULTIMEDIA Apple QuickTime mdat atom corruption out of bounds read attempt
* 1:35718 <-> FILE-MULTIMEDIA Apple QuickTime mdat atom corruption out of bounds read attempt
* 1:55827 <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet multiple functions SQL injection attempt
* 1:55828 <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet multiple functions SQL injection attempt
* 1:55829 <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet multiple functions SQL injection attempt

31110

2021-10-28 12:49:53 UTC

Snort Subscriber Rules Update

Date: 2021-10-27-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.11.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:58418 <-> SERVER-WEBAPP ReadyDesk 9.1 OpenAttach2 directory traversal attempt
* 1:58419 <-> SERVER-WEBAPP ReadyDesk 9.1 OpenAttach2 directory traversal attempt
* 1:58420 <-> SERVER-WEBAPP ReadyDesk 9.1 OpenAttach2 directory traversal attempt
* 1:58421 <-> SERVER-WEBAPP BillQuick Web Suite SQL injection attempt
* 1:58422 <-> SERVER-WEBAPP BillQuick Web Suite SQL injection attempt
* 1:58423 <-> SERVER-WEBAPP BillQuick Web Suite SQL injection attempt
* 1:58424 <-> SERVER-WEBAPP Schneider Electric Umotion Builder Virtual Appliance Css directory traversal attempt
* 1:58425 <-> SERVER-WEBAPP Schneider Electric Umotion Builder Virtual Appliance Css directory traversal attempt
* 1:58426 <-> SERVER-WEBAPP Schneider Electric Umotion Builder Virtual Appliance Css directory traversal attempt
* 1:58427 <-> SERVER-WEBAPP Trend Micro Control Manager widget_old_SP1 dlp_policy directory traversal attempt
* 1:58428 <-> SERVER-WEBAPP Trend Micro Control Manager Widget modDLPViolationCntdrildown.php directory traversal attempt
* 1:58429 <-> MALWARE-CNC Win.Trojan.MirrorBlast outbound connection
* 1:58430 <-> MALWARE-CNC Win.Trojan.MirrorBlast outbound connection
* 1:58431 <-> MALWARE-CNC Win.Trojan.MirrorBlast outbound connection
* 1:58432 <-> MALWARE-CNC Win.Trojan.MirrorBlast outbound connection
* 1:58433 <-> MALWARE-CNC Win.Trojan.MirrorBlast outbound connection
* 1:58434 <-> MALWARE-OTHER Php.Webshell.Generic download attempt
* 1:58435 <-> MALWARE-OTHER Php.Webshell.Generic upload attempt
* 1:58436 <-> MALWARE-OTHER Php.Webshell.Generic upload attempt
* 1:58437 <-> MALWARE-OTHER Php.Webshell.Generic download attempt
* 1:58438 <-> MALWARE-OTHER Php.Webshell.Generic upload attempt
* 1:58439 <-> MALWARE-OTHER Php.Webshell.Generic download attempt
* 3:58440 <-> SERVER-WEBAPP Cisco ASA and FTD web services stack buffer overflow attempt
* 3:58441 <-> SERVER-WEBAPP Cisco ASA and FTD web services denial of service attempt
* 3:58442 <-> SERVER-OTHER Cisco ASA and FTD denial of service attempt
* 3:58443 <-> SERVER-WEBAPP Cisco ASA and FTD web services denial of service attempt
* 3:58444 <-> SERVER-WEBAPP Cisco ASA and FTD web services denial of service attempt
* 3:58445 <-> SERVER-WEBAPP Cisco ASA and FTD web services denial of service attempt
* 3:58446 <-> SERVER-WEBAPP Cisco Firepower Management Center directory traversal attempt
* 1:58447 <-> SERVER-APACHE Apache Druid remote code execution attempt

Modified Rules:

* 1:12710 <-> SERVER-OTHER ASN.1 constructed bit string
* 1:19559 <-> INDICATOR-SCAN SSH brute force login attempt
* 1:35624 <-> FILE-MULTIMEDIA Apple Quicktime invalid samr atom out of bounds read attempt
* 1:35625 <-> FILE-MULTIMEDIA Apple Quicktime invalid samr atom out of bounds read attempt
* 1:35626 <-> FILE-MULTIMEDIA Apple Quicktime invalid samr atom out of bounds read attempt
* 1:35627 <-> FILE-MULTIMEDIA Apple Quicktime invalid samr atom out of bounds read attempt
* 1:35711 <-> FILE-MULTIMEDIA Apple Quicktime invalid alis atom out of bounds read attempt
* 1:35712 <-> FILE-MULTIMEDIA Apple Quicktime invalid alis atom out of bounds read attempt
* 1:35713 <-> FILE-MULTIMEDIA Apple Quicktime invalid dref atom out of bounds read attempt
* 1:35714 <-> FILE-MULTIMEDIA Apple Quicktime invalid dref atom out of bounds read attempt
* 1:35715 <-> FILE-MULTIMEDIA Apple QuickTime mdat atom corruption out of bounds read attempt
* 1:35716 <-> FILE-MULTIMEDIA Apple QuickTime mdat atom corruption out of bounds read attempt
* 1:35717 <-> FILE-MULTIMEDIA Apple QuickTime mdat atom corruption out of bounds read attempt
* 1:35718 <-> FILE-MULTIMEDIA Apple QuickTime mdat atom corruption out of bounds read attempt
* 1:55827 <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet multiple functions SQL injection attempt
* 1:55828 <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet multiple functions SQL injection attempt
* 1:55829 <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet multiple functions SQL injection attempt