Talos Rules 2021-11-30
This release adds and modifies rules in several categories.

Talos has added and modified multiple rules in the file-other, file-pdf, malware-cnc, os-windows and server-webapp rule sets to provide coverage for emerging threats from these technologies.

For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.

Change logs

2021-11-30 14:24:38 UTC

Snort Subscriber Rules Update

Date: 2021-11-30

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091801.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:58640 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader DC memory corruption attempt (file-pdf.rules)
 * 1:58641 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader DC memory corruption attempt (file-pdf.rules)
 * 1:58642 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader DC memory corruption attempt (file-pdf.rules)
 * 1:58643 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader DC memory corruption attempt (file-pdf.rules)
 * 1:58644 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader DC memory corruption attempt (file-pdf.rules)
 * 1:58645 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader DC memory corruption attempt (file-pdf.rules)
 * 1:58646 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt (server-webapp.rules)
 * 1:58647 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt (server-webapp.rules)
 * 1:58648 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt (server-webapp.rules)
 * 1:58649 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt (server-webapp.rules)
 * 1:58650 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.Magnat outbound connection (malware-cnc.rules)
 * 1:58651 <-> ENABLED <-> MALWARE-CNC Win.Trojan.MagnatExtension outbound connection (malware-cnc.rules)
 * 1:58652 <-> DISABLED <-> SERVER-WEBAPP Schneider Electric Umotion Builder Virtual Appliance Editscript PHP code injection attempt (server-webapp.rules)
 * 1:58653 <-> DISABLED <-> SERVER-WEBAPP Schneider Electric Umotion Builder Virtual Appliance Editscript PHP code injection attempt (server-webapp.rules)
 * 1:58654 <-> DISABLED <-> OS-WINDOWS Microsoft Windows file signature spoofing attempt (os-windows.rules)
 * 1:58655 <-> DISABLED <-> OS-WINDOWS Microsoft Windows file signature spoofing attempt (os-windows.rules)
 * 1:58656 <-> DISABLED <-> SERVER-OTHER OpenLDAP slap_parse_user denial of service attempt (server-other.rules)
 * 1:58657 <-> DISABLED <-> SERVER-OTHER OpenLDAP slap_parse_user denial of service attempt (server-other.rules)
 * 1:58658 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DarkSide outbound connection attempt (malware-cnc.rules)
 * 3:58659 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1417 attack attempt (file-other.rules)
 * 3:58660 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1417 attack attempt (file-other.rules)
 * 3:58661 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1417 attack attempt (file-other.rules)
 * 3:58662 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1417 attack attempt (file-other.rules)
 * 3:58663 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1417 attack attempt (file-other.rules)
 * 3:58664 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1417 attack attempt (file-other.rules)
 * 3:58665 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1415 attack attempt (file-other.rules)
 * 3:58666 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1415 attack attempt (file-other.rules)
 * 3:58667 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1415 attack attempt (file-other.rules)
 * 3:58668 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1415 attack attempt (file-other.rules)

Modified Rules:


 * 1:45201 <-> DISABLED <-> SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (server-other.rules)
 * 1:45892 <-> DISABLED <-> FILE-OTHER ZIP file directory traversal attempt (file-other.rules)
 * 1:45893 <-> DISABLED <-> FILE-OTHER ZIP file directory traversal attempt (file-other.rules)
 * 1:45894 <-> DISABLED <-> FILE-OTHER ZIP file directory traversal attempt (file-other.rules)
 * 1:45895 <-> DISABLED <-> FILE-OTHER ZIP file directory traversal attempt (file-other.rules)

2021-11-30 14:24:38 UTC

Snort Subscriber Rules Update

Date: 2021-11-30

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091800.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:58656 <-> DISABLED <-> SERVER-OTHER OpenLDAP slap_parse_user denial of service attempt (server-other.rules)
 * 1:58646 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt (server-webapp.rules)
 * 1:58650 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.Magnat outbound connection (malware-cnc.rules)
 * 1:58652 <-> DISABLED <-> SERVER-WEBAPP Schneider Electric Umotion Builder Virtual Appliance Editscript PHP code injection attempt (server-webapp.rules)
 * 1:58651 <-> ENABLED <-> MALWARE-CNC Win.Trojan.MagnatExtension outbound connection (malware-cnc.rules)
 * 1:58645 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader DC memory corruption attempt (file-pdf.rules)
 * 1:58653 <-> DISABLED <-> SERVER-WEBAPP Schneider Electric Umotion Builder Virtual Appliance Editscript PHP code injection attempt (server-webapp.rules)
 * 1:58641 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader DC memory corruption attempt (file-pdf.rules)
 * 1:58649 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt (server-webapp.rules)
 * 1:58643 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader DC memory corruption attempt (file-pdf.rules)
 * 1:58654 <-> DISABLED <-> OS-WINDOWS Microsoft Windows file signature spoofing attempt (os-windows.rules)
 * 1:58655 <-> DISABLED <-> OS-WINDOWS Microsoft Windows file signature spoofing attempt (os-windows.rules)
 * 1:58647 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt (server-webapp.rules)
 * 1:58657 <-> DISABLED <-> SERVER-OTHER OpenLDAP slap_parse_user denial of service attempt (server-other.rules)
 * 1:58658 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DarkSide outbound connection attempt (malware-cnc.rules)
 * 1:58642 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader DC memory corruption attempt (file-pdf.rules)
 * 1:58644 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader DC memory corruption attempt (file-pdf.rules)
 * 1:58640 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader DC memory corruption attempt (file-pdf.rules)
 * 1:58648 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt (server-webapp.rules)
 * 3:58665 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1415 attack attempt (file-other.rules)
 * 3:58659 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1417 attack attempt (file-other.rules)
 * 3:58663 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1417 attack attempt (file-other.rules)
 * 3:58664 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1417 attack attempt (file-other.rules)
 * 3:58661 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1417 attack attempt (file-other.rules)
 * 3:58662 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1417 attack attempt (file-other.rules)
 * 3:58660 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1417 attack attempt (file-other.rules)
 * 3:58667 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1415 attack attempt (file-other.rules)
 * 3:58666 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1415 attack attempt (file-other.rules)
 * 3:58668 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1415 attack attempt (file-other.rules)

Modified Rules:


 * 1:45201 <-> DISABLED <-> SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (server-other.rules)
 * 1:45892 <-> DISABLED <-> FILE-OTHER ZIP file directory traversal attempt (file-other.rules)
 * 1:45893 <-> DISABLED <-> FILE-OTHER ZIP file directory traversal attempt (file-other.rules)
 * 1:45894 <-> DISABLED <-> FILE-OTHER ZIP file directory traversal attempt (file-other.rules)
 * 1:45895 <-> DISABLED <-> FILE-OTHER ZIP file directory traversal attempt (file-other.rules)

2021-11-30 14:24:38 UTC

Snort Subscriber Rules Update

Date: 2021-11-30

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091701.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:58657 <-> DISABLED <-> SERVER-OTHER OpenLDAP slap_parse_user denial of service attempt (server-other.rules)
 * 1:58645 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader DC memory corruption attempt (file-pdf.rules)
 * 1:58651 <-> ENABLED <-> MALWARE-CNC Win.Trojan.MagnatExtension outbound connection (malware-cnc.rules)
 * 1:58648 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt (server-webapp.rules)
 * 1:58643 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader DC memory corruption attempt (file-pdf.rules)
 * 1:58658 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DarkSide outbound connection attempt (malware-cnc.rules)
 * 1:58647 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt (server-webapp.rules)
 * 1:58653 <-> DISABLED <-> SERVER-WEBAPP Schneider Electric Umotion Builder Virtual Appliance Editscript PHP code injection attempt (server-webapp.rules)
 * 1:58642 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader DC memory corruption attempt (file-pdf.rules)
 * 1:58649 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt (server-webapp.rules)
 * 1:58644 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader DC memory corruption attempt (file-pdf.rules)
 * 1:58641 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader DC memory corruption attempt (file-pdf.rules)
 * 1:58650 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.Magnat outbound connection (malware-cnc.rules)
 * 1:58652 <-> DISABLED <-> SERVER-WEBAPP Schneider Electric Umotion Builder Virtual Appliance Editscript PHP code injection attempt (server-webapp.rules)
 * 1:58640 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader DC memory corruption attempt (file-pdf.rules)
 * 1:58646 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt (server-webapp.rules)
 * 1:58654 <-> DISABLED <-> OS-WINDOWS Microsoft Windows file signature spoofing attempt (os-windows.rules)
 * 1:58656 <-> DISABLED <-> SERVER-OTHER OpenLDAP slap_parse_user denial of service attempt (server-other.rules)
 * 1:58655 <-> DISABLED <-> OS-WINDOWS Microsoft Windows file signature spoofing attempt (os-windows.rules)
 * 3:58661 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1417 attack attempt (file-other.rules)
 * 3:58668 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1415 attack attempt (file-other.rules)
 * 3:58664 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1417 attack attempt (file-other.rules)
 * 3:58660 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1417 attack attempt (file-other.rules)
 * 3:58663 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1417 attack attempt (file-other.rules)
 * 3:58666 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1415 attack attempt (file-other.rules)
 * 3:58659 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1417 attack attempt (file-other.rules)
 * 3:58662 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1417 attack attempt (file-other.rules)
 * 3:58667 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1415 attack attempt (file-other.rules)
 * 3:58665 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1415 attack attempt (file-other.rules)

Modified Rules:


 * 1:45201 <-> DISABLED <-> SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (server-other.rules)
 * 1:45892 <-> DISABLED <-> FILE-OTHER ZIP file directory traversal attempt (file-other.rules)
 * 1:45893 <-> DISABLED <-> FILE-OTHER ZIP file directory traversal attempt (file-other.rules)
 * 1:45894 <-> DISABLED <-> FILE-OTHER ZIP file directory traversal attempt (file-other.rules)
 * 1:45895 <-> DISABLED <-> FILE-OTHER ZIP file directory traversal attempt (file-other.rules)

2021-11-30 14:24:38 UTC

Snort Subscriber Rules Update

Date: 2021-11-30

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091700.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:58641 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader DC memory corruption attempt (file-pdf.rules)
 * 1:58649 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt (server-webapp.rules)
 * 1:58653 <-> DISABLED <-> SERVER-WEBAPP Schneider Electric Umotion Builder Virtual Appliance Editscript PHP code injection attempt (server-webapp.rules)
 * 1:58640 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader DC memory corruption attempt (file-pdf.rules)
 * 1:58656 <-> DISABLED <-> SERVER-OTHER OpenLDAP slap_parse_user denial of service attempt (server-other.rules)
 * 1:58642 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader DC memory corruption attempt (file-pdf.rules)
 * 1:58655 <-> DISABLED <-> OS-WINDOWS Microsoft Windows file signature spoofing attempt (os-windows.rules)
 * 1:58645 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader DC memory corruption attempt (file-pdf.rules)
 * 1:58652 <-> DISABLED <-> SERVER-WEBAPP Schneider Electric Umotion Builder Virtual Appliance Editscript PHP code injection attempt (server-webapp.rules)
 * 1:58646 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt (server-webapp.rules)
 * 1:58643 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader DC memory corruption attempt (file-pdf.rules)
 * 1:58647 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt (server-webapp.rules)
 * 1:58651 <-> ENABLED <-> MALWARE-CNC Win.Trojan.MagnatExtension outbound connection (malware-cnc.rules)
 * 1:58644 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader DC memory corruption attempt (file-pdf.rules)
 * 1:58650 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.Magnat outbound connection (malware-cnc.rules)
 * 1:58648 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt (server-webapp.rules)
 * 1:58657 <-> DISABLED <-> SERVER-OTHER OpenLDAP slap_parse_user denial of service attempt (server-other.rules)
 * 1:58654 <-> DISABLED <-> OS-WINDOWS Microsoft Windows file signature spoofing attempt (os-windows.rules)
 * 1:58658 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DarkSide outbound connection attempt (malware-cnc.rules)
 * 3:58660 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1417 attack attempt (file-other.rules)
 * 3:58661 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1417 attack attempt (file-other.rules)
 * 3:58667 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1415 attack attempt (file-other.rules)
 * 3:58664 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1417 attack attempt (file-other.rules)
 * 3:58659 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1417 attack attempt (file-other.rules)
 * 3:58663 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1417 attack attempt (file-other.rules)
 * 3:58662 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1417 attack attempt (file-other.rules)
 * 3:58666 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1415 attack attempt (file-other.rules)
 * 3:58665 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1415 attack attempt (file-other.rules)
 * 3:58668 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1415 attack attempt (file-other.rules)

Modified Rules:


 * 1:45201 <-> DISABLED <-> SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (server-other.rules)
 * 1:45892 <-> DISABLED <-> FILE-OTHER ZIP file directory traversal attempt (file-other.rules)
 * 1:45893 <-> DISABLED <-> FILE-OTHER ZIP file directory traversal attempt (file-other.rules)
 * 1:45894 <-> DISABLED <-> FILE-OTHER ZIP file directory traversal attempt (file-other.rules)
 * 1:45895 <-> DISABLED <-> FILE-OTHER ZIP file directory traversal attempt (file-other.rules)

2021-11-30 14:24:38 UTC

Snort Subscriber Rules Update

Date: 2021-11-30

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091601.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:58648 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt (server-webapp.rules)
 * 1:58641 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader DC memory corruption attempt (file-pdf.rules)
 * 1:58652 <-> DISABLED <-> SERVER-WEBAPP Schneider Electric Umotion Builder Virtual Appliance Editscript PHP code injection attempt (server-webapp.rules)
 * 1:58645 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader DC memory corruption attempt (file-pdf.rules)
 * 1:58653 <-> DISABLED <-> SERVER-WEBAPP Schneider Electric Umotion Builder Virtual Appliance Editscript PHP code injection attempt (server-webapp.rules)
 * 1:58649 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt (server-webapp.rules)
 * 1:58656 <-> DISABLED <-> SERVER-OTHER OpenLDAP slap_parse_user denial of service attempt (server-other.rules)
 * 1:58640 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader DC memory corruption attempt (file-pdf.rules)
 * 1:58646 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt (server-webapp.rules)
 * 1:58647 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt (server-webapp.rules)
 * 1:58643 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader DC memory corruption attempt (file-pdf.rules)
 * 1:58651 <-> ENABLED <-> MALWARE-CNC Win.Trojan.MagnatExtension outbound connection (malware-cnc.rules)
 * 1:58658 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DarkSide outbound connection attempt (malware-cnc.rules)
 * 1:58642 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader DC memory corruption attempt (file-pdf.rules)
 * 1:58654 <-> DISABLED <-> OS-WINDOWS Microsoft Windows file signature spoofing attempt (os-windows.rules)
 * 1:58655 <-> DISABLED <-> OS-WINDOWS Microsoft Windows file signature spoofing attempt (os-windows.rules)
 * 1:58644 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader DC memory corruption attempt (file-pdf.rules)
 * 1:58650 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.Magnat outbound connection (malware-cnc.rules)
 * 1:58657 <-> DISABLED <-> SERVER-OTHER OpenLDAP slap_parse_user denial of service attempt (server-other.rules)
 * 3:58662 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1417 attack attempt (file-other.rules)
 * 3:58660 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1417 attack attempt (file-other.rules)
 * 3:58664 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1417 attack attempt (file-other.rules)
 * 3:58663 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1417 attack attempt (file-other.rules)
 * 3:58666 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1415 attack attempt (file-other.rules)
 * 3:58661 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1417 attack attempt (file-other.rules)
 * 3:58665 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1415 attack attempt (file-other.rules)
 * 3:58668 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1415 attack attempt (file-other.rules)
 * 3:58667 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1415 attack attempt (file-other.rules)
 * 3:58659 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1417 attack attempt (file-other.rules)

Modified Rules:


 * 1:45201 <-> DISABLED <-> SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (server-other.rules)
 * 1:45892 <-> DISABLED <-> FILE-OTHER ZIP file directory traversal attempt (file-other.rules)
 * 1:45893 <-> DISABLED <-> FILE-OTHER ZIP file directory traversal attempt (file-other.rules)
 * 1:45894 <-> DISABLED <-> FILE-OTHER ZIP file directory traversal attempt (file-other.rules)
 * 1:45895 <-> DISABLED <-> FILE-OTHER ZIP file directory traversal attempt (file-other.rules)

2021-11-30 14:24:38 UTC

Snort Subscriber Rules Update

Date: 2021-11-30

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091600.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:58646 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt (server-webapp.rules)
 * 1:58649 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt (server-webapp.rules)
 * 1:58648 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt (server-webapp.rules)
 * 1:58650 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.Magnat outbound connection (malware-cnc.rules)
 * 1:58656 <-> DISABLED <-> SERVER-OTHER OpenLDAP slap_parse_user denial of service attempt (server-other.rules)
 * 1:58658 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DarkSide outbound connection attempt (malware-cnc.rules)
 * 1:58641 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader DC memory corruption attempt (file-pdf.rules)
 * 1:58640 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader DC memory corruption attempt (file-pdf.rules)
 * 1:58654 <-> DISABLED <-> OS-WINDOWS Microsoft Windows file signature spoofing attempt (os-windows.rules)
 * 1:58655 <-> DISABLED <-> OS-WINDOWS Microsoft Windows file signature spoofing attempt (os-windows.rules)
 * 1:58642 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader DC memory corruption attempt (file-pdf.rules)
 * 1:58651 <-> ENABLED <-> MALWARE-CNC Win.Trojan.MagnatExtension outbound connection (malware-cnc.rules)
 * 1:58647 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt (server-webapp.rules)
 * 1:58645 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader DC memory corruption attempt (file-pdf.rules)
 * 1:58652 <-> DISABLED <-> SERVER-WEBAPP Schneider Electric Umotion Builder Virtual Appliance Editscript PHP code injection attempt (server-webapp.rules)
 * 1:58644 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader DC memory corruption attempt (file-pdf.rules)
 * 1:58653 <-> DISABLED <-> SERVER-WEBAPP Schneider Electric Umotion Builder Virtual Appliance Editscript PHP code injection attempt (server-webapp.rules)
 * 1:58657 <-> DISABLED <-> SERVER-OTHER OpenLDAP slap_parse_user denial of service attempt (server-other.rules)
 * 1:58643 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader DC memory corruption attempt (file-pdf.rules)
 * 3:58661 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1417 attack attempt (file-other.rules)
 * 3:58660 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1417 attack attempt (file-other.rules)
 * 3:58664 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1417 attack attempt (file-other.rules)
 * 3:58663 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1417 attack attempt (file-other.rules)
 * 3:58667 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1415 attack attempt (file-other.rules)
 * 3:58665 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1415 attack attempt (file-other.rules)
 * 3:58659 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1417 attack attempt (file-other.rules)
 * 3:58662 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1417 attack attempt (file-other.rules)
 * 3:58666 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1415 attack attempt (file-other.rules)
 * 3:58668 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1415 attack attempt (file-other.rules)

Modified Rules:


 * 1:45201 <-> DISABLED <-> SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (server-other.rules)
 * 1:45892 <-> DISABLED <-> FILE-OTHER ZIP file directory traversal attempt (file-other.rules)
 * 1:45893 <-> DISABLED <-> FILE-OTHER ZIP file directory traversal attempt (file-other.rules)
 * 1:45894 <-> DISABLED <-> FILE-OTHER ZIP file directory traversal attempt (file-other.rules)
 * 1:45895 <-> DISABLED <-> FILE-OTHER ZIP file directory traversal attempt (file-other.rules)

2021-11-30 14:24:38 UTC

Snort Subscriber Rules Update

Date: 2021-11-30

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091501.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:58657 <-> DISABLED <-> SERVER-OTHER OpenLDAP slap_parse_user denial of service attempt (server-other.rules)
 * 1:58650 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.Magnat outbound connection (malware-cnc.rules)
 * 1:58644 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader DC memory corruption attempt (file-pdf.rules)
 * 1:58646 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt (server-webapp.rules)
 * 1:58641 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader DC memory corruption attempt (file-pdf.rules)
 * 1:58655 <-> DISABLED <-> OS-WINDOWS Microsoft Windows file signature spoofing attempt (os-windows.rules)
 * 1:58654 <-> DISABLED <-> OS-WINDOWS Microsoft Windows file signature spoofing attempt (os-windows.rules)
 * 1:58640 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader DC memory corruption attempt (file-pdf.rules)
 * 1:58642 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader DC memory corruption attempt (file-pdf.rules)
 * 1:58645 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader DC memory corruption attempt (file-pdf.rules)
 * 1:58651 <-> ENABLED <-> MALWARE-CNC Win.Trojan.MagnatExtension outbound connection (malware-cnc.rules)
 * 1:58647 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt (server-webapp.rules)
 * 1:58658 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DarkSide outbound connection attempt (malware-cnc.rules)
 * 1:58643 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader DC memory corruption attempt (file-pdf.rules)
 * 1:58652 <-> DISABLED <-> SERVER-WEBAPP Schneider Electric Umotion Builder Virtual Appliance Editscript PHP code injection attempt (server-webapp.rules)
 * 1:58648 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt (server-webapp.rules)
 * 1:58653 <-> DISABLED <-> SERVER-WEBAPP Schneider Electric Umotion Builder Virtual Appliance Editscript PHP code injection attempt (server-webapp.rules)
 * 1:58649 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt (server-webapp.rules)
 * 1:58656 <-> DISABLED <-> SERVER-OTHER OpenLDAP slap_parse_user denial of service attempt (server-other.rules)
 * 3:58662 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1417 attack attempt (file-other.rules)
 * 3:58665 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1415 attack attempt (file-other.rules)
 * 3:58666 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1415 attack attempt (file-other.rules)
 * 3:58661 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1417 attack attempt (file-other.rules)
 * 3:58668 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1415 attack attempt (file-other.rules)
 * 3:58664 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1417 attack attempt (file-other.rules)
 * 3:58663 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1417 attack attempt (file-other.rules)
 * 3:58659 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1417 attack attempt (file-other.rules)
 * 3:58660 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1417 attack attempt (file-other.rules)
 * 3:58667 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1415 attack attempt (file-other.rules)

Modified Rules:


 * 1:45201 <-> DISABLED <-> SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (server-other.rules)
 * 1:45892 <-> DISABLED <-> FILE-OTHER ZIP file directory traversal attempt (file-other.rules)
 * 1:45893 <-> DISABLED <-> FILE-OTHER ZIP file directory traversal attempt (file-other.rules)
 * 1:45894 <-> DISABLED <-> FILE-OTHER ZIP file directory traversal attempt (file-other.rules)
 * 1:45895 <-> DISABLED <-> FILE-OTHER ZIP file directory traversal attempt (file-other.rules)

2021-11-30 14:24:38 UTC

Snort Subscriber Rules Update

Date: 2021-11-30

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091401.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:58644 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader DC memory corruption attempt (file-pdf.rules)
 * 1:58656 <-> DISABLED <-> SERVER-OTHER OpenLDAP slap_parse_user denial of service attempt (server-other.rules)
 * 1:58640 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader DC memory corruption attempt (file-pdf.rules)
 * 1:58643 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader DC memory corruption attempt (file-pdf.rules)
 * 1:58650 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.Magnat outbound connection (malware-cnc.rules)
 * 1:58651 <-> ENABLED <-> MALWARE-CNC Win.Trojan.MagnatExtension outbound connection (malware-cnc.rules)
 * 1:58649 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt (server-webapp.rules)
 * 1:58647 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt (server-webapp.rules)
 * 1:58641 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader DC memory corruption attempt (file-pdf.rules)
 * 1:58642 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader DC memory corruption attempt (file-pdf.rules)
 * 1:58646 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt (server-webapp.rules)
 * 1:58655 <-> DISABLED <-> OS-WINDOWS Microsoft Windows file signature spoofing attempt (os-windows.rules)
 * 1:58658 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DarkSide outbound connection attempt (malware-cnc.rules)
 * 1:58654 <-> DISABLED <-> OS-WINDOWS Microsoft Windows file signature spoofing attempt (os-windows.rules)
 * 1:58657 <-> DISABLED <-> SERVER-OTHER OpenLDAP slap_parse_user denial of service attempt (server-other.rules)
 * 1:58653 <-> DISABLED <-> SERVER-WEBAPP Schneider Electric Umotion Builder Virtual Appliance Editscript PHP code injection attempt (server-webapp.rules)
 * 1:58645 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader DC memory corruption attempt (file-pdf.rules)
 * 1:58652 <-> DISABLED <-> SERVER-WEBAPP Schneider Electric Umotion Builder Virtual Appliance Editscript PHP code injection attempt (server-webapp.rules)
 * 1:58648 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt (server-webapp.rules)
 * 3:58659 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1417 attack attempt (file-other.rules)
 * 3:58662 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1417 attack attempt (file-other.rules)
 * 3:58661 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1417 attack attempt (file-other.rules)
 * 3:58664 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1417 attack attempt (file-other.rules)
 * 3:58668 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1415 attack attempt (file-other.rules)
 * 3:58667 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1415 attack attempt (file-other.rules)
 * 3:58666 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1415 attack attempt (file-other.rules)
 * 3:58660 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1417 attack attempt (file-other.rules)
 * 3:58665 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1415 attack attempt (file-other.rules)
 * 3:58663 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1417 attack attempt (file-other.rules)

Modified Rules:


 * 1:45201 <-> DISABLED <-> SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (server-other.rules)
 * 1:45892 <-> DISABLED <-> FILE-OTHER ZIP file directory traversal attempt (file-other.rules)
 * 1:45893 <-> DISABLED <-> FILE-OTHER ZIP file directory traversal attempt (file-other.rules)
 * 1:45894 <-> DISABLED <-> FILE-OTHER ZIP file directory traversal attempt (file-other.rules)
 * 1:45895 <-> DISABLED <-> FILE-OTHER ZIP file directory traversal attempt (file-other.rules)

2021-11-30 14:24:38 UTC

Snort Subscriber Rules Update

Date: 2021-11-30

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091300.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:58646 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt (server-webapp.rules)
 * 1:58653 <-> DISABLED <-> SERVER-WEBAPP Schneider Electric Umotion Builder Virtual Appliance Editscript PHP code injection attempt (server-webapp.rules)
 * 1:58657 <-> DISABLED <-> SERVER-OTHER OpenLDAP slap_parse_user denial of service attempt (server-other.rules)
 * 1:58650 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.Magnat outbound connection (malware-cnc.rules)
 * 1:58652 <-> DISABLED <-> SERVER-WEBAPP Schneider Electric Umotion Builder Virtual Appliance Editscript PHP code injection attempt (server-webapp.rules)
 * 1:58656 <-> DISABLED <-> SERVER-OTHER OpenLDAP slap_parse_user denial of service attempt (server-other.rules)
 * 1:58649 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt (server-webapp.rules)
 * 1:58648 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt (server-webapp.rules)
 * 1:58655 <-> DISABLED <-> OS-WINDOWS Microsoft Windows file signature spoofing attempt (os-windows.rules)
 * 1:58640 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader DC memory corruption attempt (file-pdf.rules)
 * 1:58651 <-> ENABLED <-> MALWARE-CNC Win.Trojan.MagnatExtension outbound connection (malware-cnc.rules)
 * 1:58643 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader DC memory corruption attempt (file-pdf.rules)
 * 1:58658 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DarkSide outbound connection attempt (malware-cnc.rules)
 * 1:58645 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader DC memory corruption attempt (file-pdf.rules)
 * 1:58644 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader DC memory corruption attempt (file-pdf.rules)
 * 1:58647 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt (server-webapp.rules)
 * 1:58641 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader DC memory corruption attempt (file-pdf.rules)
 * 1:58654 <-> DISABLED <-> OS-WINDOWS Microsoft Windows file signature spoofing attempt (os-windows.rules)
 * 1:58642 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader DC memory corruption attempt (file-pdf.rules)
 * 3:58664 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1417 attack attempt (file-other.rules)
 * 3:58665 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1415 attack attempt (file-other.rules)
 * 3:58666 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1415 attack attempt (file-other.rules)
 * 3:58663 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1417 attack attempt (file-other.rules)
 * 3:58668 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1415 attack attempt (file-other.rules)
 * 3:58667 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1415 attack attempt (file-other.rules)
 * 3:58662 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1417 attack attempt (file-other.rules)
 * 3:58659 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1417 attack attempt (file-other.rules)
 * 3:58660 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1417 attack attempt (file-other.rules)
 * 3:58661 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1417 attack attempt (file-other.rules)

Modified Rules:


 * 1:45201 <-> DISABLED <-> SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (server-other.rules)
 * 1:45892 <-> DISABLED <-> FILE-OTHER ZIP file directory traversal attempt (file-other.rules)
 * 1:45893 <-> DISABLED <-> FILE-OTHER ZIP file directory traversal attempt (file-other.rules)
 * 1:45894 <-> DISABLED <-> FILE-OTHER ZIP file directory traversal attempt (file-other.rules)
 * 1:45895 <-> DISABLED <-> FILE-OTHER ZIP file directory traversal attempt (file-other.rules)

2021-11-30 14:24:38 UTC

Snort Subscriber Rules Update

Date: 2021-11-30

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091101.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:58652 <-> DISABLED <-> SERVER-WEBAPP Schneider Electric Umotion Builder Virtual Appliance Editscript PHP code injection attempt (server-webapp.rules)
 * 1:58641 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader DC memory corruption attempt (file-pdf.rules)
 * 1:58647 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt (server-webapp.rules)
 * 1:58653 <-> DISABLED <-> SERVER-WEBAPP Schneider Electric Umotion Builder Virtual Appliance Editscript PHP code injection attempt (server-webapp.rules)
 * 1:58643 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader DC memory corruption attempt (file-pdf.rules)
 * 1:58655 <-> DISABLED <-> OS-WINDOWS Microsoft Windows file signature spoofing attempt (os-windows.rules)
 * 1:58654 <-> DISABLED <-> OS-WINDOWS Microsoft Windows file signature spoofing attempt (os-windows.rules)
 * 1:58656 <-> DISABLED <-> SERVER-OTHER OpenLDAP slap_parse_user denial of service attempt (server-other.rules)
 * 1:58640 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader DC memory corruption attempt (file-pdf.rules)
 * 1:58642 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader DC memory corruption attempt (file-pdf.rules)
 * 1:58650 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.Magnat outbound connection (malware-cnc.rules)
 * 1:58657 <-> DISABLED <-> SERVER-OTHER OpenLDAP slap_parse_user denial of service attempt (server-other.rules)
 * 1:58644 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader DC memory corruption attempt (file-pdf.rules)
 * 1:58649 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt (server-webapp.rules)
 * 1:58645 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader DC memory corruption attempt (file-pdf.rules)
 * 1:58646 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt (server-webapp.rules)
 * 1:58651 <-> ENABLED <-> MALWARE-CNC Win.Trojan.MagnatExtension outbound connection (malware-cnc.rules)
 * 1:58648 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt (server-webapp.rules)
 * 1:58658 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DarkSide outbound connection attempt (malware-cnc.rules)
 * 3:58661 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1417 attack attempt (file-other.rules)
 * 3:58662 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1417 attack attempt (file-other.rules)
 * 3:58667 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1415 attack attempt (file-other.rules)
 * 3:58666 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1415 attack attempt (file-other.rules)
 * 3:58660 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1417 attack attempt (file-other.rules)
 * 3:58664 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1417 attack attempt (file-other.rules)
 * 3:58668 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1415 attack attempt (file-other.rules)
 * 3:58659 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1417 attack attempt (file-other.rules)
 * 3:58665 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1415 attack attempt (file-other.rules)
 * 3:58663 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1417 attack attempt (file-other.rules)

Modified Rules:


 * 1:45201 <-> DISABLED <-> SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (server-other.rules)
 * 1:45892 <-> DISABLED <-> FILE-OTHER ZIP file directory traversal attempt (file-other.rules)
 * 1:45893 <-> DISABLED <-> FILE-OTHER ZIP file directory traversal attempt (file-other.rules)
 * 1:45894 <-> DISABLED <-> FILE-OTHER ZIP file directory traversal attempt (file-other.rules)
 * 1:45895 <-> DISABLED <-> FILE-OTHER ZIP file directory traversal attempt (file-other.rules)

2021-11-30 14:24:38 UTC

Snort Subscriber Rules Update

Date: 2021-11-30

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3000.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:58641 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader DC memory corruption attempt (snort3-file-pdf.rules)
 * 1:58645 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader DC memory corruption attempt (snort3-file-pdf.rules)
 * 1:58642 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader DC memory corruption attempt (snort3-file-pdf.rules)
 * 1:58649 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt (snort3-server-webapp.rules)
 * 1:58650 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.Magnat outbound connection (snort3-malware-cnc.rules)
 * 1:58657 <-> DISABLED <-> SERVER-OTHER OpenLDAP slap_parse_user denial of service attempt (snort3-server-other.rules)
 * 1:58646 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt (snort3-server-webapp.rules)
 * 1:58647 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt (snort3-server-webapp.rules)
 * 1:58652 <-> DISABLED <-> SERVER-WEBAPP Schneider Electric Umotion Builder Virtual Appliance Editscript PHP code injection attempt (snort3-server-webapp.rules)
 * 1:58654 <-> DISABLED <-> OS-WINDOWS Microsoft Windows file signature spoofing attempt (snort3-os-windows.rules)
 * 1:58640 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader DC memory corruption attempt (snort3-file-pdf.rules)
 * 1:58648 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt (snort3-server-webapp.rules)
 * 1:58643 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader DC memory corruption attempt (snort3-file-pdf.rules)
 * 1:58658 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DarkSide outbound connection attempt (snort3-malware-cnc.rules)
 * 1:58651 <-> ENABLED <-> MALWARE-CNC Win.Trojan.MagnatExtension outbound connection (snort3-malware-cnc.rules)
 * 1:58653 <-> DISABLED <-> SERVER-WEBAPP Schneider Electric Umotion Builder Virtual Appliance Editscript PHP code injection attempt (snort3-server-webapp.rules)
 * 1:58656 <-> DISABLED <-> SERVER-OTHER OpenLDAP slap_parse_user denial of service attempt (snort3-server-other.rules)
 * 1:58655 <-> DISABLED <-> OS-WINDOWS Microsoft Windows file signature spoofing attempt (snort3-os-windows.rules)
 * 1:58644 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader DC memory corruption attempt (snort3-file-pdf.rules)

Modified Rules:


 * 1:45201 <-> DISABLED <-> SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (snort3-server-other.rules)
 * 1:45892 <-> DISABLED <-> FILE-OTHER ZIP file directory traversal attempt (snort3-file-other.rules)
 * 1:45893 <-> DISABLED <-> FILE-OTHER ZIP file directory traversal attempt (snort3-file-other.rules)
 * 1:45894 <-> DISABLED <-> FILE-OTHER ZIP file directory traversal attempt (snort3-file-other.rules)
 * 1:45895 <-> DISABLED <-> FILE-OTHER ZIP file directory traversal attempt (snort3-file-other.rules)

2021-11-30 14:24:38 UTC

Snort Subscriber Rules Update

Date: 2021-11-30

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:58646 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt (server-webapp.rules)
 * 1:58652 <-> DISABLED <-> SERVER-WEBAPP Schneider Electric Umotion Builder Virtual Appliance Editscript PHP code injection attempt (server-webapp.rules)
 * 1:58645 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader DC memory corruption attempt (file-pdf.rules)
 * 1:58657 <-> DISABLED <-> SERVER-OTHER OpenLDAP slap_parse_user denial of service attempt (server-other.rules)
 * 1:58653 <-> DISABLED <-> SERVER-WEBAPP Schneider Electric Umotion Builder Virtual Appliance Editscript PHP code injection attempt (server-webapp.rules)
 * 1:58642 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader DC memory corruption attempt (file-pdf.rules)
 * 1:58654 <-> DISABLED <-> OS-WINDOWS Microsoft Windows file signature spoofing attempt (os-windows.rules)
 * 1:58648 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt (server-webapp.rules)
 * 1:58640 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader DC memory corruption attempt (file-pdf.rules)
 * 1:58655 <-> DISABLED <-> OS-WINDOWS Microsoft Windows file signature spoofing attempt (os-windows.rules)
 * 1:58651 <-> ENABLED <-> MALWARE-CNC Win.Trojan.MagnatExtension outbound connection (malware-cnc.rules)
 * 1:58644 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader DC memory corruption attempt (file-pdf.rules)
 * 1:58649 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt (server-webapp.rules)
 * 1:58656 <-> DISABLED <-> SERVER-OTHER OpenLDAP slap_parse_user denial of service attempt (server-other.rules)
 * 1:58647 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt (server-webapp.rules)
 * 1:58641 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader DC memory corruption attempt (file-pdf.rules)
 * 1:58658 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DarkSide outbound connection attempt (malware-cnc.rules)
 * 1:58650 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.Magnat outbound connection (malware-cnc.rules)
 * 1:58643 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader DC memory corruption attempt (file-pdf.rules)

Modified Rules:


 * 1:45201 <-> DISABLED <-> SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (server-other.rules)
 * 1:45892 <-> DISABLED <-> FILE-OTHER ZIP file directory traversal attempt (file-other.rules)
 * 1:45893 <-> DISABLED <-> FILE-OTHER ZIP file directory traversal attempt (file-other.rules)
 * 1:45894 <-> DISABLED <-> FILE-OTHER ZIP file directory traversal attempt (file-other.rules)
 * 1:45895 <-> DISABLED <-> FILE-OTHER ZIP file directory traversal attempt (file-other.rules)

2021-11-30 14:30:02 UTC

Snort Subscriber Rules Update

Date: 2021-11-29-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.0.3.1.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:58640 <-> FILE-PDF Adobe Acrobat Reader DC memory corruption attempt
* 1:58641 <-> FILE-PDF Adobe Acrobat Reader DC memory corruption attempt
* 1:58642 <-> FILE-PDF Adobe Acrobat Reader DC memory corruption attempt
* 1:58643 <-> FILE-PDF Adobe Acrobat Reader DC memory corruption attempt
* 1:58644 <-> FILE-PDF Adobe Acrobat Reader DC memory corruption attempt
* 1:58645 <-> FILE-PDF Adobe Acrobat Reader DC memory corruption attempt
* 1:58646 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58647 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58648 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58649 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58650 <-> MALWARE-CNC Win.Backdoor.Magnat outbound connection
* 1:58651 <-> MALWARE-CNC Win.Trojan.MagnatExtension outbound connection
* 1:58652 <-> SERVER-WEBAPP Schneider Electric Umotion Builder Virtual Appliance Editscript PHP code injection attempt
* 1:58653 <-> SERVER-WEBAPP Schneider Electric Umotion Builder Virtual Appliance Editscript PHP code injection attempt
* 1:58654 <-> OS-WINDOWS Microsoft Windows file signature spoofing attempt
* 1:58655 <-> OS-WINDOWS Microsoft Windows file signature spoofing attempt
* 1:58656 <-> SERVER-OTHER OpenLDAP slap_parse_user denial of service attempt
* 1:58657 <-> SERVER-OTHER OpenLDAP slap_parse_user denial of service attempt
* 1:58658 <-> MALWARE-CNC Win.Trojan.DarkSide outbound connection attempt
* 3:58659 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1417 attack attempt
* 3:58660 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1417 attack attempt
* 3:58661 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1417 attack attempt
* 3:58662 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1417 attack attempt
* 3:58663 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1417 attack attempt
* 3:58664 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1417 attack attempt
* 3:58665 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1415 attack attempt
* 3:58666 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1415 attack attempt
* 3:58667 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1415 attack attempt
* 3:58668 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1415 attack attempt

Modified Rules:

* 1:45201 <-> SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt
* 1:45892 <-> FILE-OTHER ZIP file directory traversal attempt
* 1:45893 <-> FILE-OTHER ZIP file directory traversal attempt
* 1:45894 <-> FILE-OTHER ZIP file directory traversal attempt
* 1:45895 <-> FILE-OTHER ZIP file directory traversal attempt


2021-11-30 14:30:02 UTC

Snort Subscriber Rules Update

Date: 2021-11-29-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.0.3.4.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:58640 <-> FILE-PDF Adobe Acrobat Reader DC memory corruption attempt
* 1:58641 <-> FILE-PDF Adobe Acrobat Reader DC memory corruption attempt
* 1:58642 <-> FILE-PDF Adobe Acrobat Reader DC memory corruption attempt
* 1:58643 <-> FILE-PDF Adobe Acrobat Reader DC memory corruption attempt
* 1:58644 <-> FILE-PDF Adobe Acrobat Reader DC memory corruption attempt
* 1:58645 <-> FILE-PDF Adobe Acrobat Reader DC memory corruption attempt
* 1:58646 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58647 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58648 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58649 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58650 <-> MALWARE-CNC Win.Backdoor.Magnat outbound connection
* 1:58651 <-> MALWARE-CNC Win.Trojan.MagnatExtension outbound connection
* 1:58652 <-> SERVER-WEBAPP Schneider Electric Umotion Builder Virtual Appliance Editscript PHP code injection attempt
* 1:58653 <-> SERVER-WEBAPP Schneider Electric Umotion Builder Virtual Appliance Editscript PHP code injection attempt
* 1:58654 <-> OS-WINDOWS Microsoft Windows file signature spoofing attempt
* 1:58655 <-> OS-WINDOWS Microsoft Windows file signature spoofing attempt
* 1:58656 <-> SERVER-OTHER OpenLDAP slap_parse_user denial of service attempt
* 1:58657 <-> SERVER-OTHER OpenLDAP slap_parse_user denial of service attempt
* 1:58658 <-> MALWARE-CNC Win.Trojan.DarkSide outbound connection attempt
* 3:58659 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1417 attack attempt
* 3:58660 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1417 attack attempt
* 3:58661 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1417 attack attempt
* 3:58662 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1417 attack attempt
* 3:58663 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1417 attack attempt
* 3:58664 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1417 attack attempt
* 3:58665 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1415 attack attempt
* 3:58666 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1415 attack attempt
* 3:58667 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1415 attack attempt
* 3:58668 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1415 attack attempt

Modified Rules:

* 1:45201 <-> SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt
* 1:45892 <-> FILE-OTHER ZIP file directory traversal attempt
* 1:45893 <-> FILE-OTHER ZIP file directory traversal attempt
* 1:45894 <-> FILE-OTHER ZIP file directory traversal attempt
* 1:45895 <-> FILE-OTHER ZIP file directory traversal attempt


2021-11-30 14:30:02 UTC

Snort Subscriber Rules Update

Date: 2021-11-29-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.0.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:58640 <-> FILE-PDF Adobe Acrobat Reader DC memory corruption attempt
* 1:58641 <-> FILE-PDF Adobe Acrobat Reader DC memory corruption attempt
* 1:58642 <-> FILE-PDF Adobe Acrobat Reader DC memory corruption attempt
* 1:58643 <-> FILE-PDF Adobe Acrobat Reader DC memory corruption attempt
* 1:58644 <-> FILE-PDF Adobe Acrobat Reader DC memory corruption attempt
* 1:58645 <-> FILE-PDF Adobe Acrobat Reader DC memory corruption attempt
* 1:58646 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58647 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58648 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58649 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58650 <-> MALWARE-CNC Win.Backdoor.Magnat outbound connection
* 1:58651 <-> MALWARE-CNC Win.Trojan.MagnatExtension outbound connection
* 1:58652 <-> SERVER-WEBAPP Schneider Electric Umotion Builder Virtual Appliance Editscript PHP code injection attempt
* 1:58653 <-> SERVER-WEBAPP Schneider Electric Umotion Builder Virtual Appliance Editscript PHP code injection attempt
* 1:58654 <-> OS-WINDOWS Microsoft Windows file signature spoofing attempt
* 1:58655 <-> OS-WINDOWS Microsoft Windows file signature spoofing attempt
* 1:58656 <-> SERVER-OTHER OpenLDAP slap_parse_user denial of service attempt
* 1:58657 <-> SERVER-OTHER OpenLDAP slap_parse_user denial of service attempt
* 1:58658 <-> MALWARE-CNC Win.Trojan.DarkSide outbound connection attempt
* 3:58659 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1417 attack attempt
* 3:58660 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1417 attack attempt
* 3:58661 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1417 attack attempt
* 3:58662 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1417 attack attempt
* 3:58663 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1417 attack attempt
* 3:58664 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1417 attack attempt
* 3:58665 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1415 attack attempt
* 3:58666 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1415 attack attempt
* 3:58667 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1415 attack attempt
* 3:58668 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1415 attack attempt

Modified Rules:

* 1:45201 <-> SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt
* 1:45892 <-> FILE-OTHER ZIP file directory traversal attempt
* 1:45893 <-> FILE-OTHER ZIP file directory traversal attempt
* 1:45894 <-> FILE-OTHER ZIP file directory traversal attempt
* 1:45895 <-> FILE-OTHER ZIP file directory traversal attempt


2021-11-30 14:30:02 UTC

Snort Subscriber Rules Update

Date: 2021-11-29-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.0.1.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:58640 <-> FILE-PDF Adobe Acrobat Reader DC memory corruption attempt
* 1:58641 <-> FILE-PDF Adobe Acrobat Reader DC memory corruption attempt
* 1:58642 <-> FILE-PDF Adobe Acrobat Reader DC memory corruption attempt
* 1:58643 <-> FILE-PDF Adobe Acrobat Reader DC memory corruption attempt
* 1:58644 <-> FILE-PDF Adobe Acrobat Reader DC memory corruption attempt
* 1:58645 <-> FILE-PDF Adobe Acrobat Reader DC memory corruption attempt
* 1:58646 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58647 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58648 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58649 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58650 <-> MALWARE-CNC Win.Backdoor.Magnat outbound connection
* 1:58651 <-> MALWARE-CNC Win.Trojan.MagnatExtension outbound connection
* 1:58652 <-> SERVER-WEBAPP Schneider Electric Umotion Builder Virtual Appliance Editscript PHP code injection attempt
* 1:58653 <-> SERVER-WEBAPP Schneider Electric Umotion Builder Virtual Appliance Editscript PHP code injection attempt
* 1:58654 <-> OS-WINDOWS Microsoft Windows file signature spoofing attempt
* 1:58655 <-> OS-WINDOWS Microsoft Windows file signature spoofing attempt
* 1:58656 <-> SERVER-OTHER OpenLDAP slap_parse_user denial of service attempt
* 1:58657 <-> SERVER-OTHER OpenLDAP slap_parse_user denial of service attempt
* 1:58658 <-> MALWARE-CNC Win.Trojan.DarkSide outbound connection attempt
* 3:58659 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1417 attack attempt
* 3:58660 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1417 attack attempt
* 3:58661 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1417 attack attempt
* 3:58662 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1417 attack attempt
* 3:58663 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1417 attack attempt
* 3:58664 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1417 attack attempt
* 3:58665 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1415 attack attempt
* 3:58666 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1415 attack attempt
* 3:58667 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1415 attack attempt
* 3:58668 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1415 attack attempt

Modified Rules:

* 1:45201 <-> SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt
* 1:45892 <-> FILE-OTHER ZIP file directory traversal attempt
* 1:45893 <-> FILE-OTHER ZIP file directory traversal attempt
* 1:45894 <-> FILE-OTHER ZIP file directory traversal attempt
* 1:45895 <-> FILE-OTHER ZIP file directory traversal attempt


2021-11-30 14:30:02 UTC

Snort Subscriber Rules Update

Date: 2021-11-29-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.1.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:58640 <-> FILE-PDF Adobe Acrobat Reader DC memory corruption attempt
* 1:58641 <-> FILE-PDF Adobe Acrobat Reader DC memory corruption attempt
* 1:58642 <-> FILE-PDF Adobe Acrobat Reader DC memory corruption attempt
* 1:58643 <-> FILE-PDF Adobe Acrobat Reader DC memory corruption attempt
* 1:58644 <-> FILE-PDF Adobe Acrobat Reader DC memory corruption attempt
* 1:58645 <-> FILE-PDF Adobe Acrobat Reader DC memory corruption attempt
* 1:58646 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58647 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58648 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58649 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58650 <-> MALWARE-CNC Win.Backdoor.Magnat outbound connection
* 1:58651 <-> MALWARE-CNC Win.Trojan.MagnatExtension outbound connection
* 1:58652 <-> SERVER-WEBAPP Schneider Electric Umotion Builder Virtual Appliance Editscript PHP code injection attempt
* 1:58653 <-> SERVER-WEBAPP Schneider Electric Umotion Builder Virtual Appliance Editscript PHP code injection attempt
* 1:58654 <-> OS-WINDOWS Microsoft Windows file signature spoofing attempt
* 1:58655 <-> OS-WINDOWS Microsoft Windows file signature spoofing attempt
* 1:58656 <-> SERVER-OTHER OpenLDAP slap_parse_user denial of service attempt
* 1:58657 <-> SERVER-OTHER OpenLDAP slap_parse_user denial of service attempt
* 1:58658 <-> MALWARE-CNC Win.Trojan.DarkSide outbound connection attempt
* 3:58659 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1417 attack attempt
* 3:58660 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1417 attack attempt
* 3:58661 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1417 attack attempt
* 3:58662 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1417 attack attempt
* 3:58663 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1417 attack attempt
* 3:58664 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1417 attack attempt
* 3:58665 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1415 attack attempt
* 3:58666 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1415 attack attempt
* 3:58667 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1415 attack attempt
* 3:58668 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1415 attack attempt

Modified Rules:

* 1:45201 <-> SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt
* 1:45892 <-> FILE-OTHER ZIP file directory traversal attempt
* 1:45893 <-> FILE-OTHER ZIP file directory traversal attempt
* 1:45894 <-> FILE-OTHER ZIP file directory traversal attempt
* 1:45895 <-> FILE-OTHER ZIP file directory traversal attempt


2021-11-30 14:30:02 UTC

Snort Subscriber Rules Update

Date: 2021-11-29-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.3.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:58640 <-> FILE-PDF Adobe Acrobat Reader DC memory corruption attempt
* 1:58641 <-> FILE-PDF Adobe Acrobat Reader DC memory corruption attempt
* 1:58642 <-> FILE-PDF Adobe Acrobat Reader DC memory corruption attempt
* 1:58643 <-> FILE-PDF Adobe Acrobat Reader DC memory corruption attempt
* 1:58644 <-> FILE-PDF Adobe Acrobat Reader DC memory corruption attempt
* 1:58645 <-> FILE-PDF Adobe Acrobat Reader DC memory corruption attempt
* 1:58646 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58647 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58648 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58649 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58650 <-> MALWARE-CNC Win.Backdoor.Magnat outbound connection
* 1:58651 <-> MALWARE-CNC Win.Trojan.MagnatExtension outbound connection
* 1:58652 <-> SERVER-WEBAPP Schneider Electric Umotion Builder Virtual Appliance Editscript PHP code injection attempt
* 1:58653 <-> SERVER-WEBAPP Schneider Electric Umotion Builder Virtual Appliance Editscript PHP code injection attempt
* 1:58654 <-> OS-WINDOWS Microsoft Windows file signature spoofing attempt
* 1:58655 <-> OS-WINDOWS Microsoft Windows file signature spoofing attempt
* 1:58656 <-> SERVER-OTHER OpenLDAP slap_parse_user denial of service attempt
* 1:58657 <-> SERVER-OTHER OpenLDAP slap_parse_user denial of service attempt
* 1:58658 <-> MALWARE-CNC Win.Trojan.DarkSide outbound connection attempt
* 3:58659 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1417 attack attempt
* 3:58660 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1417 attack attempt
* 3:58661 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1417 attack attempt
* 3:58662 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1417 attack attempt
* 3:58663 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1417 attack attempt
* 3:58664 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1417 attack attempt
* 3:58665 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1415 attack attempt
* 3:58666 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1415 attack attempt
* 3:58667 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1415 attack attempt
* 3:58668 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1415 attack attempt

Modified Rules:

* 1:45201 <-> SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt
* 1:45892 <-> FILE-OTHER ZIP file directory traversal attempt
* 1:45893 <-> FILE-OTHER ZIP file directory traversal attempt
* 1:45894 <-> FILE-OTHER ZIP file directory traversal attempt
* 1:45895 <-> FILE-OTHER ZIP file directory traversal attempt


2021-11-30 14:30:03 UTC

Snort Subscriber Rules Update

Date: 2021-11-29-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.4.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:58640 <-> FILE-PDF Adobe Acrobat Reader DC memory corruption attempt
* 1:58641 <-> FILE-PDF Adobe Acrobat Reader DC memory corruption attempt
* 1:58642 <-> FILE-PDF Adobe Acrobat Reader DC memory corruption attempt
* 1:58643 <-> FILE-PDF Adobe Acrobat Reader DC memory corruption attempt
* 1:58644 <-> FILE-PDF Adobe Acrobat Reader DC memory corruption attempt
* 1:58645 <-> FILE-PDF Adobe Acrobat Reader DC memory corruption attempt
* 1:58646 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58647 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58648 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58649 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58650 <-> MALWARE-CNC Win.Backdoor.Magnat outbound connection
* 1:58651 <-> MALWARE-CNC Win.Trojan.MagnatExtension outbound connection
* 1:58652 <-> SERVER-WEBAPP Schneider Electric Umotion Builder Virtual Appliance Editscript PHP code injection attempt
* 1:58653 <-> SERVER-WEBAPP Schneider Electric Umotion Builder Virtual Appliance Editscript PHP code injection attempt
* 1:58654 <-> OS-WINDOWS Microsoft Windows file signature spoofing attempt
* 1:58655 <-> OS-WINDOWS Microsoft Windows file signature spoofing attempt
* 1:58656 <-> SERVER-OTHER OpenLDAP slap_parse_user denial of service attempt
* 1:58657 <-> SERVER-OTHER OpenLDAP slap_parse_user denial of service attempt
* 1:58658 <-> MALWARE-CNC Win.Trojan.DarkSide outbound connection attempt
* 3:58659 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1417 attack attempt
* 3:58660 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1417 attack attempt
* 3:58661 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1417 attack attempt
* 3:58662 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1417 attack attempt
* 3:58663 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1417 attack attempt
* 3:58664 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1417 attack attempt
* 3:58665 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1415 attack attempt
* 3:58666 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1415 attack attempt
* 3:58667 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1415 attack attempt
* 3:58668 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1415 attack attempt

Modified Rules:

* 1:45201 <-> SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt
* 1:45892 <-> FILE-OTHER ZIP file directory traversal attempt
* 1:45893 <-> FILE-OTHER ZIP file directory traversal attempt
* 1:45894 <-> FILE-OTHER ZIP file directory traversal attempt
* 1:45895 <-> FILE-OTHER ZIP file directory traversal attempt


2021-11-30 14:30:03 UTC

Snort Subscriber Rules Update

Date: 2021-11-29-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.5.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:58640 <-> FILE-PDF Adobe Acrobat Reader DC memory corruption attempt
* 1:58641 <-> FILE-PDF Adobe Acrobat Reader DC memory corruption attempt
* 1:58642 <-> FILE-PDF Adobe Acrobat Reader DC memory corruption attempt
* 1:58643 <-> FILE-PDF Adobe Acrobat Reader DC memory corruption attempt
* 1:58644 <-> FILE-PDF Adobe Acrobat Reader DC memory corruption attempt
* 1:58645 <-> FILE-PDF Adobe Acrobat Reader DC memory corruption attempt
* 1:58646 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58647 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58648 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58649 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58650 <-> MALWARE-CNC Win.Backdoor.Magnat outbound connection
* 1:58651 <-> MALWARE-CNC Win.Trojan.MagnatExtension outbound connection
* 1:58652 <-> SERVER-WEBAPP Schneider Electric Umotion Builder Virtual Appliance Editscript PHP code injection attempt
* 1:58653 <-> SERVER-WEBAPP Schneider Electric Umotion Builder Virtual Appliance Editscript PHP code injection attempt
* 1:58654 <-> OS-WINDOWS Microsoft Windows file signature spoofing attempt
* 1:58655 <-> OS-WINDOWS Microsoft Windows file signature spoofing attempt
* 1:58656 <-> SERVER-OTHER OpenLDAP slap_parse_user denial of service attempt
* 1:58657 <-> SERVER-OTHER OpenLDAP slap_parse_user denial of service attempt
* 1:58658 <-> MALWARE-CNC Win.Trojan.DarkSide outbound connection attempt
* 3:58659 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1417 attack attempt
* 3:58660 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1417 attack attempt
* 3:58661 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1417 attack attempt
* 3:58662 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1417 attack attempt
* 3:58663 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1417 attack attempt
* 3:58664 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1417 attack attempt
* 3:58665 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1415 attack attempt
* 3:58666 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1415 attack attempt
* 3:58667 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1415 attack attempt
* 3:58668 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1415 attack attempt

Modified Rules:

* 1:45201 <-> SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt
* 1:45892 <-> FILE-OTHER ZIP file directory traversal attempt
* 1:45893 <-> FILE-OTHER ZIP file directory traversal attempt
* 1:45894 <-> FILE-OTHER ZIP file directory traversal attempt
* 1:45895 <-> FILE-OTHER ZIP file directory traversal attempt


2021-11-30 14:30:03 UTC

Snort Subscriber Rules Update

Date: 2021-11-29-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.7.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:58640 <-> FILE-PDF Adobe Acrobat Reader DC memory corruption attempt
* 1:58641 <-> FILE-PDF Adobe Acrobat Reader DC memory corruption attempt
* 1:58642 <-> FILE-PDF Adobe Acrobat Reader DC memory corruption attempt
* 1:58643 <-> FILE-PDF Adobe Acrobat Reader DC memory corruption attempt
* 1:58644 <-> FILE-PDF Adobe Acrobat Reader DC memory corruption attempt
* 1:58645 <-> FILE-PDF Adobe Acrobat Reader DC memory corruption attempt
* 1:58646 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58647 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58648 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58649 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58650 <-> MALWARE-CNC Win.Backdoor.Magnat outbound connection
* 1:58651 <-> MALWARE-CNC Win.Trojan.MagnatExtension outbound connection
* 1:58652 <-> SERVER-WEBAPP Schneider Electric Umotion Builder Virtual Appliance Editscript PHP code injection attempt
* 1:58653 <-> SERVER-WEBAPP Schneider Electric Umotion Builder Virtual Appliance Editscript PHP code injection attempt
* 1:58654 <-> OS-WINDOWS Microsoft Windows file signature spoofing attempt
* 1:58655 <-> OS-WINDOWS Microsoft Windows file signature spoofing attempt
* 1:58656 <-> SERVER-OTHER OpenLDAP slap_parse_user denial of service attempt
* 1:58657 <-> SERVER-OTHER OpenLDAP slap_parse_user denial of service attempt
* 1:58658 <-> MALWARE-CNC Win.Trojan.DarkSide outbound connection attempt
* 3:58659 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1417 attack attempt
* 3:58660 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1417 attack attempt
* 3:58661 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1417 attack attempt
* 3:58662 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1417 attack attempt
* 3:58663 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1417 attack attempt
* 3:58664 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1417 attack attempt
* 3:58665 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1415 attack attempt
* 3:58666 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1415 attack attempt
* 3:58667 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1415 attack attempt
* 3:58668 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1415 attack attempt

Modified Rules:

* 1:45201 <-> SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt
* 1:45892 <-> FILE-OTHER ZIP file directory traversal attempt
* 1:45893 <-> FILE-OTHER ZIP file directory traversal attempt
* 1:45894 <-> FILE-OTHER ZIP file directory traversal attempt
* 1:45895 <-> FILE-OTHER ZIP file directory traversal attempt


2021-11-30 14:30:03 UTC

Snort Subscriber Rules Update

Date: 2021-11-29-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.9.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:58640 <-> FILE-PDF Adobe Acrobat Reader DC memory corruption attempt
* 1:58641 <-> FILE-PDF Adobe Acrobat Reader DC memory corruption attempt
* 1:58642 <-> FILE-PDF Adobe Acrobat Reader DC memory corruption attempt
* 1:58643 <-> FILE-PDF Adobe Acrobat Reader DC memory corruption attempt
* 1:58644 <-> FILE-PDF Adobe Acrobat Reader DC memory corruption attempt
* 1:58645 <-> FILE-PDF Adobe Acrobat Reader DC memory corruption attempt
* 1:58646 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58647 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58648 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58649 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58650 <-> MALWARE-CNC Win.Backdoor.Magnat outbound connection
* 1:58651 <-> MALWARE-CNC Win.Trojan.MagnatExtension outbound connection
* 1:58652 <-> SERVER-WEBAPP Schneider Electric Umotion Builder Virtual Appliance Editscript PHP code injection attempt
* 1:58653 <-> SERVER-WEBAPP Schneider Electric Umotion Builder Virtual Appliance Editscript PHP code injection attempt
* 1:58654 <-> OS-WINDOWS Microsoft Windows file signature spoofing attempt
* 1:58655 <-> OS-WINDOWS Microsoft Windows file signature spoofing attempt
* 1:58656 <-> SERVER-OTHER OpenLDAP slap_parse_user denial of service attempt
* 1:58657 <-> SERVER-OTHER OpenLDAP slap_parse_user denial of service attempt
* 1:58658 <-> MALWARE-CNC Win.Trojan.DarkSide outbound connection attempt
* 3:58659 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1417 attack attempt
* 3:58660 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1417 attack attempt
* 3:58661 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1417 attack attempt
* 3:58662 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1417 attack attempt
* 3:58663 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1417 attack attempt
* 3:58664 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1417 attack attempt
* 3:58665 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1415 attack attempt
* 3:58666 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1415 attack attempt
* 3:58667 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1415 attack attempt
* 3:58668 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1415 attack attempt

Modified Rules:

* 1:45201 <-> SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt
* 1:45892 <-> FILE-OTHER ZIP file directory traversal attempt
* 1:45893 <-> FILE-OTHER ZIP file directory traversal attempt
* 1:45894 <-> FILE-OTHER ZIP file directory traversal attempt
* 1:45895 <-> FILE-OTHER ZIP file directory traversal attempt


2021-11-30 14:30:03 UTC

Snort Subscriber Rules Update

Date: 2021-11-29-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.11.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:58640 <-> FILE-PDF Adobe Acrobat Reader DC memory corruption attempt
* 1:58641 <-> FILE-PDF Adobe Acrobat Reader DC memory corruption attempt
* 1:58642 <-> FILE-PDF Adobe Acrobat Reader DC memory corruption attempt
* 1:58643 <-> FILE-PDF Adobe Acrobat Reader DC memory corruption attempt
* 1:58644 <-> FILE-PDF Adobe Acrobat Reader DC memory corruption attempt
* 1:58645 <-> FILE-PDF Adobe Acrobat Reader DC memory corruption attempt
* 1:58646 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58647 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58648 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58649 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58650 <-> MALWARE-CNC Win.Backdoor.Magnat outbound connection
* 1:58651 <-> MALWARE-CNC Win.Trojan.MagnatExtension outbound connection
* 1:58652 <-> SERVER-WEBAPP Schneider Electric Umotion Builder Virtual Appliance Editscript PHP code injection attempt
* 1:58653 <-> SERVER-WEBAPP Schneider Electric Umotion Builder Virtual Appliance Editscript PHP code injection attempt
* 1:58654 <-> OS-WINDOWS Microsoft Windows file signature spoofing attempt
* 1:58655 <-> OS-WINDOWS Microsoft Windows file signature spoofing attempt
* 1:58656 <-> SERVER-OTHER OpenLDAP slap_parse_user denial of service attempt
* 1:58657 <-> SERVER-OTHER OpenLDAP slap_parse_user denial of service attempt
* 1:58658 <-> MALWARE-CNC Win.Trojan.DarkSide outbound connection attempt
* 3:58659 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1417 attack attempt
* 3:58660 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1417 attack attempt
* 3:58661 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1417 attack attempt
* 3:58662 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1417 attack attempt
* 3:58663 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1417 attack attempt
* 3:58664 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1417 attack attempt
* 3:58665 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1415 attack attempt
* 3:58666 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1415 attack attempt
* 3:58667 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1415 attack attempt
* 3:58668 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1415 attack attempt

Modified Rules:

* 1:45201 <-> SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt
* 1:45892 <-> FILE-OTHER ZIP file directory traversal attempt
* 1:45893 <-> FILE-OTHER ZIP file directory traversal attempt
* 1:45894 <-> FILE-OTHER ZIP file directory traversal attempt
* 1:45895 <-> FILE-OTHER ZIP file directory traversal attempt


2021-11-30 14:30:03 UTC

Snort Subscriber Rules Update

Date: 2021-11-29-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.15.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:58640 <-> FILE-PDF Adobe Acrobat Reader DC memory corruption attempt
* 1:58641 <-> FILE-PDF Adobe Acrobat Reader DC memory corruption attempt
* 1:58642 <-> FILE-PDF Adobe Acrobat Reader DC memory corruption attempt
* 1:58643 <-> FILE-PDF Adobe Acrobat Reader DC memory corruption attempt
* 1:58644 <-> FILE-PDF Adobe Acrobat Reader DC memory corruption attempt
* 1:58645 <-> FILE-PDF Adobe Acrobat Reader DC memory corruption attempt
* 1:58646 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58647 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58648 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58649 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58650 <-> MALWARE-CNC Win.Backdoor.Magnat outbound connection
* 1:58651 <-> MALWARE-CNC Win.Trojan.MagnatExtension outbound connection
* 1:58652 <-> SERVER-WEBAPP Schneider Electric Umotion Builder Virtual Appliance Editscript PHP code injection attempt
* 1:58653 <-> SERVER-WEBAPP Schneider Electric Umotion Builder Virtual Appliance Editscript PHP code injection attempt
* 1:58654 <-> OS-WINDOWS Microsoft Windows file signature spoofing attempt
* 1:58655 <-> OS-WINDOWS Microsoft Windows file signature spoofing attempt
* 1:58656 <-> SERVER-OTHER OpenLDAP slap_parse_user denial of service attempt
* 1:58657 <-> SERVER-OTHER OpenLDAP slap_parse_user denial of service attempt
* 1:58658 <-> MALWARE-CNC Win.Trojan.DarkSide outbound connection attempt
* 3:58659 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1417 attack attempt
* 3:58660 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1417 attack attempt
* 3:58661 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1417 attack attempt
* 3:58662 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1417 attack attempt
* 3:58663 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1417 attack attempt
* 3:58664 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1417 attack attempt
* 3:58665 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1415 attack attempt
* 3:58666 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1415 attack attempt
* 3:58667 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1415 attack attempt
* 3:58668 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1415 attack attempt

Modified Rules:

* 1:45201 <-> SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt
* 1:45892 <-> FILE-OTHER ZIP file directory traversal attempt
* 1:45893 <-> FILE-OTHER ZIP file directory traversal attempt
* 1:45894 <-> FILE-OTHER ZIP file directory traversal attempt
* 1:45895 <-> FILE-OTHER ZIP file directory traversal attempt