Talos has added and modified multiple rules in the browser-ie, browser-other, file-multimedia, file-office, file-other, file-pdf, malware-cnc, malware-other, os-windows, policy-other, protocol-scada and server-webapp rule sets to provide coverage for emerging threats from these technologies.
For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091900.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:58709 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Email Encryption Gateway SQL injection attempt (server-webapp.rules) * 1:58710 <-> DISABLED <-> SERVER-WEBAPP GE MDS PulseNET Servlet XML external entity injection attempt (server-webapp.rules) * 1:58711 <-> ENABLED <-> MALWARE-OTHER Asp.Webshell.NewCon2 upload attempt (malware-other.rules) * 1:58712 <-> ENABLED <-> MALWARE-OTHER Asp.Webshell.NewCon2 download attempt (malware-other.rules) * 1:58713 <-> ENABLED <-> MALWARE-CNC Asp.Webshell.NewCon2 outbound connection attempt (malware-cnc.rules) * 1:58714 <-> DISABLED <-> POLICY-OTHER Zoho ManageEngine Site24x7 agent installation attempt (policy-other.rules) * 1:58715 <-> DISABLED <-> POLICY-OTHER Zoho ManageEngine Site24x7 agent installation attempt (policy-other.rules) * 3:58719 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1421 attack attempt (server-webapp.rules) * 3:58720 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1421 attack attempt (server-webapp.rules) * 3:58716 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1427 attack attempt (file-multimedia.rules) * 3:58717 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1427 attack attempt (file-multimedia.rules) * 3:58718 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1420 attack attempt (server-webapp.rules)
* 1:24425 <-> DISABLED <-> PROTOCOL-SCADA Sinapsi command injection attempt (protocol-scada.rules) * 1:24740 <-> DISABLED <-> SERVER-WEBAPP Oracle Business Transaction Management flashtunnelservice directory traversal attempt (server-webapp.rules) * 1:18066 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint integer underflow heap corruption attempt (file-office.rules) * 1:29576 <-> DISABLED <-> FILE-OTHER Oracle Outside In OS2 metafile parser stack buffer overflow attempt (file-other.rules) * 1:23385 <-> DISABLED <-> SERVER-WEBAPP Novell GroupWise Messenger nmma.exe login memory corruption attempt (server-webapp.rules) * 1:15115 <-> DISABLED <-> OS-WINDOWS Microsoft Windows WebDAV pathname buffer overflow attempt (os-windows.rules) * 1:32127 <-> DISABLED <-> SERVER-WEBAPP PineApp Mail-SeCure livelog.htmlcommand injection attempt (server-webapp.rules) * 1:18792 <-> DISABLED <-> SERVER-WEBAPP Novell ZENworks Configuration Management UploadServlet code execution attempt (server-webapp.rules) * 1:32128 <-> DISABLED <-> SERVER-WEBAPP PineApp Mail-SeCure confpremenu.php command injection attempt (server-webapp.rules) * 1:32203 <-> DISABLED <-> SERVER-WEBAPP PineApp Mail-SeCure ldapsyncnow.php command injection attempt (server-webapp.rules) * 1:32261 <-> DISABLED <-> SERVER-WEBAPP PineApp Mail-SeCure conflivelog.pl install license command injection attempt (server-webapp.rules) * 1:32269 <-> DISABLED <-> SERVER-WEBAPP PineApp Mail-SeCure confpremenu.php install license command injection attempt (server-webapp.rules) * 1:32786 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader PDF JBIG2 remote code execution attempt (file-pdf.rules) * 1:35703 <-> DISABLED <-> SERVER-WEBAPP ManageEngine OpManager agentKey SQL injection attempt (server-webapp.rules) * 1:3689 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer tRNS overflow attempt (browser-ie.rules) * 1:37870 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer tRNS overflow attempt (browser-ie.rules) * 1:39412 <-> DISABLED <-> SERVER-WEBAPP WANem WAN emulator command injection attempt (server-webapp.rules) * 1:39706 <-> DISABLED <-> BROWSER-OTHER Novell Messenger Client folder name buffer overflow attempt (browser-other.rules) * 1:41185 <-> DISABLED <-> POLICY-OTHER SunRPC Portmap GETPORT request detected (policy-other.rules) * 1:43409 <-> DISABLED <-> POLICY-OTHER MongoDB dropDatabase attempt (policy-other.rules) * 1:47794 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Email Encryption Gateway SQL injection attempt (server-webapp.rules) * 1:47795 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Email Encryption Gateway SQL injection attempt (server-webapp.rules) * 1:56550 <-> DISABLED <-> SERVER-WEBAPP Ruckus IoT Controller Web UI authentication bypass attempt (server-webapp.rules) * 1:606 <-> DISABLED <-> PROTOCOL-SERVICES rlogin root (protocol-services.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091801.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:58709 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Email Encryption Gateway SQL injection attempt (server-webapp.rules) * 1:58712 <-> ENABLED <-> MALWARE-OTHER Asp.Webshell.NewCon2 download attempt (malware-other.rules) * 1:58711 <-> ENABLED <-> MALWARE-OTHER Asp.Webshell.NewCon2 upload attempt (malware-other.rules) * 1:58710 <-> DISABLED <-> SERVER-WEBAPP GE MDS PulseNET Servlet XML external entity injection attempt (server-webapp.rules) * 1:58713 <-> ENABLED <-> MALWARE-CNC Asp.Webshell.NewCon2 outbound connection attempt (malware-cnc.rules) * 1:58714 <-> DISABLED <-> POLICY-OTHER Zoho ManageEngine Site24x7 agent installation attempt (policy-other.rules) * 1:58715 <-> DISABLED <-> POLICY-OTHER Zoho ManageEngine Site24x7 agent installation attempt (policy-other.rules) * 3:58718 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1420 attack attempt (server-webapp.rules) * 3:58719 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1421 attack attempt (server-webapp.rules) * 3:58717 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1427 attack attempt (file-multimedia.rules) * 3:58716 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1427 attack attempt (file-multimedia.rules) * 3:58720 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1421 attack attempt (server-webapp.rules)
* 1:47794 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Email Encryption Gateway SQL injection attempt (server-webapp.rules) * 1:23385 <-> DISABLED <-> SERVER-WEBAPP Novell GroupWise Messenger nmma.exe login memory corruption attempt (server-webapp.rules) * 1:41185 <-> DISABLED <-> POLICY-OTHER SunRPC Portmap GETPORT request detected (policy-other.rules) * 1:32127 <-> DISABLED <-> SERVER-WEBAPP PineApp Mail-SeCure livelog.htmlcommand injection attempt (server-webapp.rules) * 1:15115 <-> DISABLED <-> OS-WINDOWS Microsoft Windows WebDAV pathname buffer overflow attempt (os-windows.rules) * 1:29576 <-> DISABLED <-> FILE-OTHER Oracle Outside In OS2 metafile parser stack buffer overflow attempt (file-other.rules) * 1:18792 <-> DISABLED <-> SERVER-WEBAPP Novell ZENworks Configuration Management UploadServlet code execution attempt (server-webapp.rules) * 1:24740 <-> DISABLED <-> SERVER-WEBAPP Oracle Business Transaction Management flashtunnelservice directory traversal attempt (server-webapp.rules) * 1:43409 <-> DISABLED <-> POLICY-OTHER MongoDB dropDatabase attempt (policy-other.rules) * 1:32128 <-> DISABLED <-> SERVER-WEBAPP PineApp Mail-SeCure confpremenu.php command injection attempt (server-webapp.rules) * 1:47795 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Email Encryption Gateway SQL injection attempt (server-webapp.rules) * 1:32786 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader PDF JBIG2 remote code execution attempt (file-pdf.rules) * 1:32269 <-> DISABLED <-> SERVER-WEBAPP PineApp Mail-SeCure confpremenu.php install license command injection attempt (server-webapp.rules) * 1:35703 <-> DISABLED <-> SERVER-WEBAPP ManageEngine OpManager agentKey SQL injection attempt (server-webapp.rules) * 1:3689 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer tRNS overflow attempt (browser-ie.rules) * 1:37870 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer tRNS overflow attempt (browser-ie.rules) * 1:39412 <-> DISABLED <-> SERVER-WEBAPP WANem WAN emulator command injection attempt (server-webapp.rules) * 1:39706 <-> DISABLED <-> BROWSER-OTHER Novell Messenger Client folder name buffer overflow attempt (browser-other.rules) * 1:606 <-> DISABLED <-> PROTOCOL-SERVICES rlogin root (protocol-services.rules) * 1:56550 <-> DISABLED <-> SERVER-WEBAPP Ruckus IoT Controller Web UI authentication bypass attempt (server-webapp.rules) * 1:18066 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint integer underflow heap corruption attempt (file-office.rules) * 1:24425 <-> DISABLED <-> PROTOCOL-SCADA Sinapsi command injection attempt (protocol-scada.rules) * 1:32203 <-> DISABLED <-> SERVER-WEBAPP PineApp Mail-SeCure ldapsyncnow.php command injection attempt (server-webapp.rules) * 1:32261 <-> DISABLED <-> SERVER-WEBAPP PineApp Mail-SeCure conflivelog.pl install license command injection attempt (server-webapp.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091701.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:58709 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Email Encryption Gateway SQL injection attempt (server-webapp.rules) * 1:58710 <-> DISABLED <-> SERVER-WEBAPP GE MDS PulseNET Servlet XML external entity injection attempt (server-webapp.rules) * 1:58713 <-> ENABLED <-> MALWARE-CNC Asp.Webshell.NewCon2 outbound connection attempt (malware-cnc.rules) * 1:58712 <-> ENABLED <-> MALWARE-OTHER Asp.Webshell.NewCon2 download attempt (malware-other.rules) * 1:58711 <-> ENABLED <-> MALWARE-OTHER Asp.Webshell.NewCon2 upload attempt (malware-other.rules) * 1:58714 <-> DISABLED <-> POLICY-OTHER Zoho ManageEngine Site24x7 agent installation attempt (policy-other.rules) * 1:58715 <-> DISABLED <-> POLICY-OTHER Zoho ManageEngine Site24x7 agent installation attempt (policy-other.rules) * 3:58719 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1421 attack attempt (server-webapp.rules) * 3:58720 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1421 attack attempt (server-webapp.rules) * 3:58718 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1420 attack attempt (server-webapp.rules) * 3:58717 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1427 attack attempt (file-multimedia.rules) * 3:58716 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1427 attack attempt (file-multimedia.rules)
* 1:18066 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint integer underflow heap corruption attempt (file-office.rules) * 1:32127 <-> DISABLED <-> SERVER-WEBAPP PineApp Mail-SeCure livelog.htmlcommand injection attempt (server-webapp.rules) * 1:24740 <-> DISABLED <-> SERVER-WEBAPP Oracle Business Transaction Management flashtunnelservice directory traversal attempt (server-webapp.rules) * 1:3689 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer tRNS overflow attempt (browser-ie.rules) * 1:47795 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Email Encryption Gateway SQL injection attempt (server-webapp.rules) * 1:56550 <-> DISABLED <-> SERVER-WEBAPP Ruckus IoT Controller Web UI authentication bypass attempt (server-webapp.rules) * 1:39412 <-> DISABLED <-> SERVER-WEBAPP WANem WAN emulator command injection attempt (server-webapp.rules) * 1:29576 <-> DISABLED <-> FILE-OTHER Oracle Outside In OS2 metafile parser stack buffer overflow attempt (file-other.rules) * 1:18792 <-> DISABLED <-> SERVER-WEBAPP Novell ZENworks Configuration Management UploadServlet code execution attempt (server-webapp.rules) * 1:606 <-> DISABLED <-> PROTOCOL-SERVICES rlogin root (protocol-services.rules) * 1:37870 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer tRNS overflow attempt (browser-ie.rules) * 1:35703 <-> DISABLED <-> SERVER-WEBAPP ManageEngine OpManager agentKey SQL injection attempt (server-webapp.rules) * 1:47794 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Email Encryption Gateway SQL injection attempt (server-webapp.rules) * 1:32128 <-> DISABLED <-> SERVER-WEBAPP PineApp Mail-SeCure confpremenu.php command injection attempt (server-webapp.rules) * 1:39706 <-> DISABLED <-> BROWSER-OTHER Novell Messenger Client folder name buffer overflow attempt (browser-other.rules) * 1:32269 <-> DISABLED <-> SERVER-WEBAPP PineApp Mail-SeCure confpremenu.php install license command injection attempt (server-webapp.rules) * 1:43409 <-> DISABLED <-> POLICY-OTHER MongoDB dropDatabase attempt (policy-other.rules) * 1:41185 <-> DISABLED <-> POLICY-OTHER SunRPC Portmap GETPORT request detected (policy-other.rules) * 1:23385 <-> DISABLED <-> SERVER-WEBAPP Novell GroupWise Messenger nmma.exe login memory corruption attempt (server-webapp.rules) * 1:24425 <-> DISABLED <-> PROTOCOL-SCADA Sinapsi command injection attempt (protocol-scada.rules) * 1:32261 <-> DISABLED <-> SERVER-WEBAPP PineApp Mail-SeCure conflivelog.pl install license command injection attempt (server-webapp.rules) * 1:32203 <-> DISABLED <-> SERVER-WEBAPP PineApp Mail-SeCure ldapsyncnow.php command injection attempt (server-webapp.rules) * 1:15115 <-> DISABLED <-> OS-WINDOWS Microsoft Windows WebDAV pathname buffer overflow attempt (os-windows.rules) * 1:32786 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader PDF JBIG2 remote code execution attempt (file-pdf.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091700.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:58710 <-> DISABLED <-> SERVER-WEBAPP GE MDS PulseNET Servlet XML external entity injection attempt (server-webapp.rules) * 1:58709 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Email Encryption Gateway SQL injection attempt (server-webapp.rules) * 1:58715 <-> DISABLED <-> POLICY-OTHER Zoho ManageEngine Site24x7 agent installation attempt (policy-other.rules) * 1:58713 <-> ENABLED <-> MALWARE-CNC Asp.Webshell.NewCon2 outbound connection attempt (malware-cnc.rules) * 1:58712 <-> ENABLED <-> MALWARE-OTHER Asp.Webshell.NewCon2 download attempt (malware-other.rules) * 1:58711 <-> ENABLED <-> MALWARE-OTHER Asp.Webshell.NewCon2 upload attempt (malware-other.rules) * 1:58714 <-> DISABLED <-> POLICY-OTHER Zoho ManageEngine Site24x7 agent installation attempt (policy-other.rules) * 3:58720 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1421 attack attempt (server-webapp.rules) * 3:58719 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1421 attack attempt (server-webapp.rules) * 3:58718 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1420 attack attempt (server-webapp.rules) * 3:58717 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1427 attack attempt (file-multimedia.rules) * 3:58716 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1427 attack attempt (file-multimedia.rules)
* 1:47794 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Email Encryption Gateway SQL injection attempt (server-webapp.rules) * 1:39412 <-> DISABLED <-> SERVER-WEBAPP WANem WAN emulator command injection attempt (server-webapp.rules) * 1:24425 <-> DISABLED <-> PROTOCOL-SCADA Sinapsi command injection attempt (protocol-scada.rules) * 1:23385 <-> DISABLED <-> SERVER-WEBAPP Novell GroupWise Messenger nmma.exe login memory corruption attempt (server-webapp.rules) * 1:56550 <-> DISABLED <-> SERVER-WEBAPP Ruckus IoT Controller Web UI authentication bypass attempt (server-webapp.rules) * 1:15115 <-> DISABLED <-> OS-WINDOWS Microsoft Windows WebDAV pathname buffer overflow attempt (os-windows.rules) * 1:18066 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint integer underflow heap corruption attempt (file-office.rules) * 1:43409 <-> DISABLED <-> POLICY-OTHER MongoDB dropDatabase attempt (policy-other.rules) * 1:32127 <-> DISABLED <-> SERVER-WEBAPP PineApp Mail-SeCure livelog.htmlcommand injection attempt (server-webapp.rules) * 1:24740 <-> DISABLED <-> SERVER-WEBAPP Oracle Business Transaction Management flashtunnelservice directory traversal attempt (server-webapp.rules) * 1:32128 <-> DISABLED <-> SERVER-WEBAPP PineApp Mail-SeCure confpremenu.php command injection attempt (server-webapp.rules) * 1:606 <-> DISABLED <-> PROTOCOL-SERVICES rlogin root (protocol-services.rules) * 1:32203 <-> DISABLED <-> SERVER-WEBAPP PineApp Mail-SeCure ldapsyncnow.php command injection attempt (server-webapp.rules) * 1:32786 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader PDF JBIG2 remote code execution attempt (file-pdf.rules) * 1:32269 <-> DISABLED <-> SERVER-WEBAPP PineApp Mail-SeCure confpremenu.php install license command injection attempt (server-webapp.rules) * 1:18792 <-> DISABLED <-> SERVER-WEBAPP Novell ZENworks Configuration Management UploadServlet code execution attempt (server-webapp.rules) * 1:29576 <-> DISABLED <-> FILE-OTHER Oracle Outside In OS2 metafile parser stack buffer overflow attempt (file-other.rules) * 1:41185 <-> DISABLED <-> POLICY-OTHER SunRPC Portmap GETPORT request detected (policy-other.rules) * 1:35703 <-> DISABLED <-> SERVER-WEBAPP ManageEngine OpManager agentKey SQL injection attempt (server-webapp.rules) * 1:32261 <-> DISABLED <-> SERVER-WEBAPP PineApp Mail-SeCure conflivelog.pl install license command injection attempt (server-webapp.rules) * 1:37870 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer tRNS overflow attempt (browser-ie.rules) * 1:39706 <-> DISABLED <-> BROWSER-OTHER Novell Messenger Client folder name buffer overflow attempt (browser-other.rules) * 1:3689 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer tRNS overflow attempt (browser-ie.rules) * 1:47795 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Email Encryption Gateway SQL injection attempt (server-webapp.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091601.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:58709 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Email Encryption Gateway SQL injection attempt (server-webapp.rules) * 1:58713 <-> ENABLED <-> MALWARE-CNC Asp.Webshell.NewCon2 outbound connection attempt (malware-cnc.rules) * 1:58715 <-> DISABLED <-> POLICY-OTHER Zoho ManageEngine Site24x7 agent installation attempt (policy-other.rules) * 1:58710 <-> DISABLED <-> SERVER-WEBAPP GE MDS PulseNET Servlet XML external entity injection attempt (server-webapp.rules) * 1:58712 <-> ENABLED <-> MALWARE-OTHER Asp.Webshell.NewCon2 download attempt (malware-other.rules) * 1:58711 <-> ENABLED <-> MALWARE-OTHER Asp.Webshell.NewCon2 upload attempt (malware-other.rules) * 1:58714 <-> DISABLED <-> POLICY-OTHER Zoho ManageEngine Site24x7 agent installation attempt (policy-other.rules) * 3:58719 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1421 attack attempt (server-webapp.rules) * 3:58720 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1421 attack attempt (server-webapp.rules) * 3:58718 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1420 attack attempt (server-webapp.rules) * 3:58717 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1427 attack attempt (file-multimedia.rules) * 3:58716 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1427 attack attempt (file-multimedia.rules)
* 1:41185 <-> DISABLED <-> POLICY-OTHER SunRPC Portmap GETPORT request detected (policy-other.rules) * 1:32127 <-> DISABLED <-> SERVER-WEBAPP PineApp Mail-SeCure livelog.htmlcommand injection attempt (server-webapp.rules) * 1:606 <-> DISABLED <-> PROTOCOL-SERVICES rlogin root (protocol-services.rules) * 1:43409 <-> DISABLED <-> POLICY-OTHER MongoDB dropDatabase attempt (policy-other.rules) * 1:18792 <-> DISABLED <-> SERVER-WEBAPP Novell ZENworks Configuration Management UploadServlet code execution attempt (server-webapp.rules) * 1:29576 <-> DISABLED <-> FILE-OTHER Oracle Outside In OS2 metafile parser stack buffer overflow attempt (file-other.rules) * 1:23385 <-> DISABLED <-> SERVER-WEBAPP Novell GroupWise Messenger nmma.exe login memory corruption attempt (server-webapp.rules) * 1:18066 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint integer underflow heap corruption attempt (file-office.rules) * 1:15115 <-> DISABLED <-> OS-WINDOWS Microsoft Windows WebDAV pathname buffer overflow attempt (os-windows.rules) * 1:32128 <-> DISABLED <-> SERVER-WEBAPP PineApp Mail-SeCure confpremenu.php command injection attempt (server-webapp.rules) * 1:3689 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer tRNS overflow attempt (browser-ie.rules) * 1:32269 <-> DISABLED <-> SERVER-WEBAPP PineApp Mail-SeCure confpremenu.php install license command injection attempt (server-webapp.rules) * 1:39412 <-> DISABLED <-> SERVER-WEBAPP WANem WAN emulator command injection attempt (server-webapp.rules) * 1:35703 <-> DISABLED <-> SERVER-WEBAPP ManageEngine OpManager agentKey SQL injection attempt (server-webapp.rules) * 1:37870 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer tRNS overflow attempt (browser-ie.rules) * 1:56550 <-> DISABLED <-> SERVER-WEBAPP Ruckus IoT Controller Web UI authentication bypass attempt (server-webapp.rules) * 1:32786 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader PDF JBIG2 remote code execution attempt (file-pdf.rules) * 1:24425 <-> DISABLED <-> PROTOCOL-SCADA Sinapsi command injection attempt (protocol-scada.rules) * 1:32261 <-> DISABLED <-> SERVER-WEBAPP PineApp Mail-SeCure conflivelog.pl install license command injection attempt (server-webapp.rules) * 1:39706 <-> DISABLED <-> BROWSER-OTHER Novell Messenger Client folder name buffer overflow attempt (browser-other.rules) * 1:47794 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Email Encryption Gateway SQL injection attempt (server-webapp.rules) * 1:32203 <-> DISABLED <-> SERVER-WEBAPP PineApp Mail-SeCure ldapsyncnow.php command injection attempt (server-webapp.rules) * 1:24740 <-> DISABLED <-> SERVER-WEBAPP Oracle Business Transaction Management flashtunnelservice directory traversal attempt (server-webapp.rules) * 1:47795 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Email Encryption Gateway SQL injection attempt (server-webapp.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091600.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:58714 <-> DISABLED <-> POLICY-OTHER Zoho ManageEngine Site24x7 agent installation attempt (policy-other.rules) * 1:58710 <-> DISABLED <-> SERVER-WEBAPP GE MDS PulseNET Servlet XML external entity injection attempt (server-webapp.rules) * 1:58709 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Email Encryption Gateway SQL injection attempt (server-webapp.rules) * 1:58713 <-> ENABLED <-> MALWARE-CNC Asp.Webshell.NewCon2 outbound connection attempt (malware-cnc.rules) * 1:58715 <-> DISABLED <-> POLICY-OTHER Zoho ManageEngine Site24x7 agent installation attempt (policy-other.rules) * 1:58712 <-> ENABLED <-> MALWARE-OTHER Asp.Webshell.NewCon2 download attempt (malware-other.rules) * 1:58711 <-> ENABLED <-> MALWARE-OTHER Asp.Webshell.NewCon2 upload attempt (malware-other.rules) * 3:58720 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1421 attack attempt (server-webapp.rules) * 3:58719 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1421 attack attempt (server-webapp.rules) * 3:58716 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1427 attack attempt (file-multimedia.rules) * 3:58717 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1427 attack attempt (file-multimedia.rules) * 3:58718 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1420 attack attempt (server-webapp.rules)
* 1:32786 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader PDF JBIG2 remote code execution attempt (file-pdf.rules) * 1:47794 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Email Encryption Gateway SQL injection attempt (server-webapp.rules) * 1:39706 <-> DISABLED <-> BROWSER-OTHER Novell Messenger Client folder name buffer overflow attempt (browser-other.rules) * 1:606 <-> DISABLED <-> PROTOCOL-SERVICES rlogin root (protocol-services.rules) * 1:24425 <-> DISABLED <-> PROTOCOL-SCADA Sinapsi command injection attempt (protocol-scada.rules) * 1:39412 <-> DISABLED <-> SERVER-WEBAPP WANem WAN emulator command injection attempt (server-webapp.rules) * 1:32127 <-> DISABLED <-> SERVER-WEBAPP PineApp Mail-SeCure livelog.htmlcommand injection attempt (server-webapp.rules) * 1:15115 <-> DISABLED <-> OS-WINDOWS Microsoft Windows WebDAV pathname buffer overflow attempt (os-windows.rules) * 1:23385 <-> DISABLED <-> SERVER-WEBAPP Novell GroupWise Messenger nmma.exe login memory corruption attempt (server-webapp.rules) * 1:29576 <-> DISABLED <-> FILE-OTHER Oracle Outside In OS2 metafile parser stack buffer overflow attempt (file-other.rules) * 1:18066 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint integer underflow heap corruption attempt (file-office.rules) * 1:56550 <-> DISABLED <-> SERVER-WEBAPP Ruckus IoT Controller Web UI authentication bypass attempt (server-webapp.rules) * 1:18792 <-> DISABLED <-> SERVER-WEBAPP Novell ZENworks Configuration Management UploadServlet code execution attempt (server-webapp.rules) * 1:43409 <-> DISABLED <-> POLICY-OTHER MongoDB dropDatabase attempt (policy-other.rules) * 1:37870 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer tRNS overflow attempt (browser-ie.rules) * 1:24740 <-> DISABLED <-> SERVER-WEBAPP Oracle Business Transaction Management flashtunnelservice directory traversal attempt (server-webapp.rules) * 1:47795 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Email Encryption Gateway SQL injection attempt (server-webapp.rules) * 1:32128 <-> DISABLED <-> SERVER-WEBAPP PineApp Mail-SeCure confpremenu.php command injection attempt (server-webapp.rules) * 1:32269 <-> DISABLED <-> SERVER-WEBAPP PineApp Mail-SeCure confpremenu.php install license command injection attempt (server-webapp.rules) * 1:32261 <-> DISABLED <-> SERVER-WEBAPP PineApp Mail-SeCure conflivelog.pl install license command injection attempt (server-webapp.rules) * 1:41185 <-> DISABLED <-> POLICY-OTHER SunRPC Portmap GETPORT request detected (policy-other.rules) * 1:35703 <-> DISABLED <-> SERVER-WEBAPP ManageEngine OpManager agentKey SQL injection attempt (server-webapp.rules) * 1:32203 <-> DISABLED <-> SERVER-WEBAPP PineApp Mail-SeCure ldapsyncnow.php command injection attempt (server-webapp.rules) * 1:3689 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer tRNS overflow attempt (browser-ie.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091501.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:58711 <-> ENABLED <-> MALWARE-OTHER Asp.Webshell.NewCon2 upload attempt (malware-other.rules) * 1:58714 <-> DISABLED <-> POLICY-OTHER Zoho ManageEngine Site24x7 agent installation attempt (policy-other.rules) * 1:58713 <-> ENABLED <-> MALWARE-CNC Asp.Webshell.NewCon2 outbound connection attempt (malware-cnc.rules) * 1:58710 <-> DISABLED <-> SERVER-WEBAPP GE MDS PulseNET Servlet XML external entity injection attempt (server-webapp.rules) * 1:58715 <-> DISABLED <-> POLICY-OTHER Zoho ManageEngine Site24x7 agent installation attempt (policy-other.rules) * 1:58712 <-> ENABLED <-> MALWARE-OTHER Asp.Webshell.NewCon2 download attempt (malware-other.rules) * 1:58709 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Email Encryption Gateway SQL injection attempt (server-webapp.rules) * 3:58719 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1421 attack attempt (server-webapp.rules) * 3:58720 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1421 attack attempt (server-webapp.rules) * 3:58716 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1427 attack attempt (file-multimedia.rules) * 3:58717 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1427 attack attempt (file-multimedia.rules) * 3:58718 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1420 attack attempt (server-webapp.rules)
* 1:606 <-> DISABLED <-> PROTOCOL-SERVICES rlogin root (protocol-services.rules) * 1:47795 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Email Encryption Gateway SQL injection attempt (server-webapp.rules) * 1:3689 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer tRNS overflow attempt (browser-ie.rules) * 1:32127 <-> DISABLED <-> SERVER-WEBAPP PineApp Mail-SeCure livelog.htmlcommand injection attempt (server-webapp.rules) * 1:32786 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader PDF JBIG2 remote code execution attempt (file-pdf.rules) * 1:24740 <-> DISABLED <-> SERVER-WEBAPP Oracle Business Transaction Management flashtunnelservice directory traversal attempt (server-webapp.rules) * 1:24425 <-> DISABLED <-> PROTOCOL-SCADA Sinapsi command injection attempt (protocol-scada.rules) * 1:47794 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Email Encryption Gateway SQL injection attempt (server-webapp.rules) * 1:43409 <-> DISABLED <-> POLICY-OTHER MongoDB dropDatabase attempt (policy-other.rules) * 1:32203 <-> DISABLED <-> SERVER-WEBAPP PineApp Mail-SeCure ldapsyncnow.php command injection attempt (server-webapp.rules) * 1:32261 <-> DISABLED <-> SERVER-WEBAPP PineApp Mail-SeCure conflivelog.pl install license command injection attempt (server-webapp.rules) * 1:29576 <-> DISABLED <-> FILE-OTHER Oracle Outside In OS2 metafile parser stack buffer overflow attempt (file-other.rules) * 1:18792 <-> DISABLED <-> SERVER-WEBAPP Novell ZENworks Configuration Management UploadServlet code execution attempt (server-webapp.rules) * 1:39412 <-> DISABLED <-> SERVER-WEBAPP WANem WAN emulator command injection attempt (server-webapp.rules) * 1:56550 <-> DISABLED <-> SERVER-WEBAPP Ruckus IoT Controller Web UI authentication bypass attempt (server-webapp.rules) * 1:35703 <-> DISABLED <-> SERVER-WEBAPP ManageEngine OpManager agentKey SQL injection attempt (server-webapp.rules) * 1:15115 <-> DISABLED <-> OS-WINDOWS Microsoft Windows WebDAV pathname buffer overflow attempt (os-windows.rules) * 1:39706 <-> DISABLED <-> BROWSER-OTHER Novell Messenger Client folder name buffer overflow attempt (browser-other.rules) * 1:18066 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint integer underflow heap corruption attempt (file-office.rules) * 1:32128 <-> DISABLED <-> SERVER-WEBAPP PineApp Mail-SeCure confpremenu.php command injection attempt (server-webapp.rules) * 1:23385 <-> DISABLED <-> SERVER-WEBAPP Novell GroupWise Messenger nmma.exe login memory corruption attempt (server-webapp.rules) * 1:32269 <-> DISABLED <-> SERVER-WEBAPP PineApp Mail-SeCure confpremenu.php install license command injection attempt (server-webapp.rules) * 1:37870 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer tRNS overflow attempt (browser-ie.rules) * 1:41185 <-> DISABLED <-> POLICY-OTHER SunRPC Portmap GETPORT request detected (policy-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091401.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:58711 <-> ENABLED <-> MALWARE-OTHER Asp.Webshell.NewCon2 upload attempt (malware-other.rules) * 1:58709 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Email Encryption Gateway SQL injection attempt (server-webapp.rules) * 1:58712 <-> ENABLED <-> MALWARE-OTHER Asp.Webshell.NewCon2 download attempt (malware-other.rules) * 1:58715 <-> DISABLED <-> POLICY-OTHER Zoho ManageEngine Site24x7 agent installation attempt (policy-other.rules) * 1:58714 <-> DISABLED <-> POLICY-OTHER Zoho ManageEngine Site24x7 agent installation attempt (policy-other.rules) * 1:58710 <-> DISABLED <-> SERVER-WEBAPP GE MDS PulseNET Servlet XML external entity injection attempt (server-webapp.rules) * 1:58713 <-> ENABLED <-> MALWARE-CNC Asp.Webshell.NewCon2 outbound connection attempt (malware-cnc.rules) * 3:58718 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1420 attack attempt (server-webapp.rules) * 3:58719 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1421 attack attempt (server-webapp.rules) * 3:58717 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1427 attack attempt (file-multimedia.rules) * 3:58716 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1427 attack attempt (file-multimedia.rules) * 3:58720 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1421 attack attempt (server-webapp.rules)
* 1:41185 <-> DISABLED <-> POLICY-OTHER SunRPC Portmap GETPORT request detected (policy-other.rules) * 1:29576 <-> DISABLED <-> FILE-OTHER Oracle Outside In OS2 metafile parser stack buffer overflow attempt (file-other.rules) * 1:18066 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint integer underflow heap corruption attempt (file-office.rules) * 1:37870 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer tRNS overflow attempt (browser-ie.rules) * 1:47795 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Email Encryption Gateway SQL injection attempt (server-webapp.rules) * 1:23385 <-> DISABLED <-> SERVER-WEBAPP Novell GroupWise Messenger nmma.exe login memory corruption attempt (server-webapp.rules) * 1:24740 <-> DISABLED <-> SERVER-WEBAPP Oracle Business Transaction Management flashtunnelservice directory traversal attempt (server-webapp.rules) * 1:24425 <-> DISABLED <-> PROTOCOL-SCADA Sinapsi command injection attempt (protocol-scada.rules) * 1:32127 <-> DISABLED <-> SERVER-WEBAPP PineApp Mail-SeCure livelog.htmlcommand injection attempt (server-webapp.rules) * 1:606 <-> DISABLED <-> PROTOCOL-SERVICES rlogin root (protocol-services.rules) * 1:3689 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer tRNS overflow attempt (browser-ie.rules) * 1:32128 <-> DISABLED <-> SERVER-WEBAPP PineApp Mail-SeCure confpremenu.php command injection attempt (server-webapp.rules) * 1:32269 <-> DISABLED <-> SERVER-WEBAPP PineApp Mail-SeCure confpremenu.php install license command injection attempt (server-webapp.rules) * 1:32786 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader PDF JBIG2 remote code execution attempt (file-pdf.rules) * 1:56550 <-> DISABLED <-> SERVER-WEBAPP Ruckus IoT Controller Web UI authentication bypass attempt (server-webapp.rules) * 1:35703 <-> DISABLED <-> SERVER-WEBAPP ManageEngine OpManager agentKey SQL injection attempt (server-webapp.rules) * 1:43409 <-> DISABLED <-> POLICY-OTHER MongoDB dropDatabase attempt (policy-other.rules) * 1:47794 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Email Encryption Gateway SQL injection attempt (server-webapp.rules) * 1:15115 <-> DISABLED <-> OS-WINDOWS Microsoft Windows WebDAV pathname buffer overflow attempt (os-windows.rules) * 1:32203 <-> DISABLED <-> SERVER-WEBAPP PineApp Mail-SeCure ldapsyncnow.php command injection attempt (server-webapp.rules) * 1:39412 <-> DISABLED <-> SERVER-WEBAPP WANem WAN emulator command injection attempt (server-webapp.rules) * 1:18792 <-> DISABLED <-> SERVER-WEBAPP Novell ZENworks Configuration Management UploadServlet code execution attempt (server-webapp.rules) * 1:32261 <-> DISABLED <-> SERVER-WEBAPP PineApp Mail-SeCure conflivelog.pl install license command injection attempt (server-webapp.rules) * 1:39706 <-> DISABLED <-> BROWSER-OTHER Novell Messenger Client folder name buffer overflow attempt (browser-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091300.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:58712 <-> ENABLED <-> MALWARE-OTHER Asp.Webshell.NewCon2 download attempt (malware-other.rules) * 1:58711 <-> ENABLED <-> MALWARE-OTHER Asp.Webshell.NewCon2 upload attempt (malware-other.rules) * 1:58715 <-> DISABLED <-> POLICY-OTHER Zoho ManageEngine Site24x7 agent installation attempt (policy-other.rules) * 1:58710 <-> DISABLED <-> SERVER-WEBAPP GE MDS PulseNET Servlet XML external entity injection attempt (server-webapp.rules) * 1:58714 <-> DISABLED <-> POLICY-OTHER Zoho ManageEngine Site24x7 agent installation attempt (policy-other.rules) * 1:58713 <-> ENABLED <-> MALWARE-CNC Asp.Webshell.NewCon2 outbound connection attempt (malware-cnc.rules) * 1:58709 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Email Encryption Gateway SQL injection attempt (server-webapp.rules) * 3:58719 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1421 attack attempt (server-webapp.rules) * 3:58716 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1427 attack attempt (file-multimedia.rules) * 3:58717 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1427 attack attempt (file-multimedia.rules) * 3:58720 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1421 attack attempt (server-webapp.rules) * 3:58718 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1420 attack attempt (server-webapp.rules)
* 1:32269 <-> DISABLED <-> SERVER-WEBAPP PineApp Mail-SeCure confpremenu.php install license command injection attempt (server-webapp.rules) * 1:24425 <-> DISABLED <-> PROTOCOL-SCADA Sinapsi command injection attempt (protocol-scada.rules) * 1:39706 <-> DISABLED <-> BROWSER-OTHER Novell Messenger Client folder name buffer overflow attempt (browser-other.rules) * 1:15115 <-> DISABLED <-> OS-WINDOWS Microsoft Windows WebDAV pathname buffer overflow attempt (os-windows.rules) * 1:24740 <-> DISABLED <-> SERVER-WEBAPP Oracle Business Transaction Management flashtunnelservice directory traversal attempt (server-webapp.rules) * 1:29576 <-> DISABLED <-> FILE-OTHER Oracle Outside In OS2 metafile parser stack buffer overflow attempt (file-other.rules) * 1:32127 <-> DISABLED <-> SERVER-WEBAPP PineApp Mail-SeCure livelog.htmlcommand injection attempt (server-webapp.rules) * 1:43409 <-> DISABLED <-> POLICY-OTHER MongoDB dropDatabase attempt (policy-other.rules) * 1:18792 <-> DISABLED <-> SERVER-WEBAPP Novell ZENworks Configuration Management UploadServlet code execution attempt (server-webapp.rules) * 1:41185 <-> DISABLED <-> POLICY-OTHER SunRPC Portmap GETPORT request detected (policy-other.rules) * 1:32203 <-> DISABLED <-> SERVER-WEBAPP PineApp Mail-SeCure ldapsyncnow.php command injection attempt (server-webapp.rules) * 1:606 <-> DISABLED <-> PROTOCOL-SERVICES rlogin root (protocol-services.rules) * 1:23385 <-> DISABLED <-> SERVER-WEBAPP Novell GroupWise Messenger nmma.exe login memory corruption attempt (server-webapp.rules) * 1:37870 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer tRNS overflow attempt (browser-ie.rules) * 1:35703 <-> DISABLED <-> SERVER-WEBAPP ManageEngine OpManager agentKey SQL injection attempt (server-webapp.rules) * 1:32786 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader PDF JBIG2 remote code execution attempt (file-pdf.rules) * 1:47794 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Email Encryption Gateway SQL injection attempt (server-webapp.rules) * 1:32261 <-> DISABLED <-> SERVER-WEBAPP PineApp Mail-SeCure conflivelog.pl install license command injection attempt (server-webapp.rules) * 1:32128 <-> DISABLED <-> SERVER-WEBAPP PineApp Mail-SeCure confpremenu.php command injection attempt (server-webapp.rules) * 1:39412 <-> DISABLED <-> SERVER-WEBAPP WANem WAN emulator command injection attempt (server-webapp.rules) * 1:56550 <-> DISABLED <-> SERVER-WEBAPP Ruckus IoT Controller Web UI authentication bypass attempt (server-webapp.rules) * 1:47795 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Email Encryption Gateway SQL injection attempt (server-webapp.rules) * 1:3689 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer tRNS overflow attempt (browser-ie.rules) * 1:18066 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint integer underflow heap corruption attempt (file-office.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091101.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:58714 <-> DISABLED <-> POLICY-OTHER Zoho ManageEngine Site24x7 agent installation attempt (policy-other.rules) * 1:58713 <-> ENABLED <-> MALWARE-CNC Asp.Webshell.NewCon2 outbound connection attempt (malware-cnc.rules) * 1:58715 <-> DISABLED <-> POLICY-OTHER Zoho ManageEngine Site24x7 agent installation attempt (policy-other.rules) * 1:58711 <-> ENABLED <-> MALWARE-OTHER Asp.Webshell.NewCon2 upload attempt (malware-other.rules) * 1:58712 <-> ENABLED <-> MALWARE-OTHER Asp.Webshell.NewCon2 download attempt (malware-other.rules) * 1:58709 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Email Encryption Gateway SQL injection attempt (server-webapp.rules) * 1:58710 <-> DISABLED <-> SERVER-WEBAPP GE MDS PulseNET Servlet XML external entity injection attempt (server-webapp.rules) * 3:58718 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1420 attack attempt (server-webapp.rules) * 3:58720 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1421 attack attempt (server-webapp.rules) * 3:58716 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1427 attack attempt (file-multimedia.rules) * 3:58717 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1427 attack attempt (file-multimedia.rules) * 3:58719 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1421 attack attempt (server-webapp.rules)
* 1:41185 <-> DISABLED <-> POLICY-OTHER SunRPC Portmap GETPORT request detected (policy-other.rules) * 1:24425 <-> DISABLED <-> PROTOCOL-SCADA Sinapsi command injection attempt (protocol-scada.rules) * 1:39412 <-> DISABLED <-> SERVER-WEBAPP WANem WAN emulator command injection attempt (server-webapp.rules) * 1:43409 <-> DISABLED <-> POLICY-OTHER MongoDB dropDatabase attempt (policy-other.rules) * 1:29576 <-> DISABLED <-> FILE-OTHER Oracle Outside In OS2 metafile parser stack buffer overflow attempt (file-other.rules) * 1:37870 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer tRNS overflow attempt (browser-ie.rules) * 1:606 <-> DISABLED <-> PROTOCOL-SERVICES rlogin root (protocol-services.rules) * 1:3689 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer tRNS overflow attempt (browser-ie.rules) * 1:39706 <-> DISABLED <-> BROWSER-OTHER Novell Messenger Client folder name buffer overflow attempt (browser-other.rules) * 1:32128 <-> DISABLED <-> SERVER-WEBAPP PineApp Mail-SeCure confpremenu.php command injection attempt (server-webapp.rules) * 1:47794 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Email Encryption Gateway SQL injection attempt (server-webapp.rules) * 1:47795 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Email Encryption Gateway SQL injection attempt (server-webapp.rules) * 1:18066 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint integer underflow heap corruption attempt (file-office.rules) * 1:24740 <-> DISABLED <-> SERVER-WEBAPP Oracle Business Transaction Management flashtunnelservice directory traversal attempt (server-webapp.rules) * 1:35703 <-> DISABLED <-> SERVER-WEBAPP ManageEngine OpManager agentKey SQL injection attempt (server-webapp.rules) * 1:32127 <-> DISABLED <-> SERVER-WEBAPP PineApp Mail-SeCure livelog.htmlcommand injection attempt (server-webapp.rules) * 1:32269 <-> DISABLED <-> SERVER-WEBAPP PineApp Mail-SeCure confpremenu.php install license command injection attempt (server-webapp.rules) * 1:32786 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader PDF JBIG2 remote code execution attempt (file-pdf.rules) * 1:15115 <-> DISABLED <-> OS-WINDOWS Microsoft Windows WebDAV pathname buffer overflow attempt (os-windows.rules) * 1:32261 <-> DISABLED <-> SERVER-WEBAPP PineApp Mail-SeCure conflivelog.pl install license command injection attempt (server-webapp.rules) * 1:56550 <-> DISABLED <-> SERVER-WEBAPP Ruckus IoT Controller Web UI authentication bypass attempt (server-webapp.rules) * 1:18792 <-> DISABLED <-> SERVER-WEBAPP Novell ZENworks Configuration Management UploadServlet code execution attempt (server-webapp.rules) * 1:32203 <-> DISABLED <-> SERVER-WEBAPP PineApp Mail-SeCure ldapsyncnow.php command injection attempt (server-webapp.rules) * 1:23385 <-> DISABLED <-> SERVER-WEBAPP Novell GroupWise Messenger nmma.exe login memory corruption attempt (server-webapp.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3000.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:58715 <-> DISABLED <-> POLICY-OTHER Zoho ManageEngine Site24x7 agent installation attempt (snort3-policy-other.rules) * 1:58712 <-> ENABLED <-> MALWARE-OTHER Asp.Webshell.NewCon2 download attempt (snort3-malware-other.rules) * 1:58709 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Email Encryption Gateway SQL injection attempt (snort3-server-webapp.rules) * 1:58713 <-> ENABLED <-> MALWARE-CNC Asp.Webshell.NewCon2 outbound connection attempt (snort3-malware-cnc.rules) * 1:58710 <-> DISABLED <-> SERVER-WEBAPP GE MDS PulseNET Servlet XML external entity injection attempt (snort3-server-webapp.rules) * 1:58714 <-> DISABLED <-> POLICY-OTHER Zoho ManageEngine Site24x7 agent installation attempt (snort3-policy-other.rules) * 1:58711 <-> ENABLED <-> MALWARE-OTHER Asp.Webshell.NewCon2 upload attempt (snort3-malware-other.rules)
* 1:24740 <-> DISABLED <-> SERVER-WEBAPP Oracle Business Transaction Management flashtunnelservice directory traversal attempt (snort3-server-webapp.rules) * 1:32269 <-> DISABLED <-> SERVER-WEBAPP PineApp Mail-SeCure confpremenu.php install license command injection attempt (snort3-server-webapp.rules) * 1:39706 <-> DISABLED <-> BROWSER-OTHER Novell Messenger Client folder name buffer overflow attempt (snort3-browser-other.rules) * 1:39412 <-> DISABLED <-> SERVER-WEBAPP WANem WAN emulator command injection attempt (snort3-server-webapp.rules) * 1:18066 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint integer underflow heap corruption attempt (snort3-file-office.rules) * 1:24425 <-> DISABLED <-> PROTOCOL-SCADA Sinapsi command injection attempt (snort3-protocol-scada.rules) * 1:29576 <-> DISABLED <-> FILE-OTHER Oracle Outside In OS2 metafile parser stack buffer overflow attempt (snort3-file-other.rules) * 1:43409 <-> DISABLED <-> POLICY-OTHER MongoDB dropDatabase attempt (snort3-policy-other.rules) * 1:15115 <-> DISABLED <-> OS-WINDOWS Microsoft Windows WebDAV pathname buffer overflow attempt (snort3-os-windows.rules) * 1:47794 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Email Encryption Gateway SQL injection attempt (snort3-server-webapp.rules) * 1:41185 <-> DISABLED <-> POLICY-OTHER SunRPC Portmap GETPORT request detected (snort3-policy-other.rules) * 1:23385 <-> DISABLED <-> SERVER-WEBAPP Novell GroupWise Messenger nmma.exe login memory corruption attempt (snort3-server-webapp.rules) * 1:606 <-> DISABLED <-> PROTOCOL-SERVICES rlogin root (snort3-protocol-services.rules) * 1:32127 <-> DISABLED <-> SERVER-WEBAPP PineApp Mail-SeCure livelog.htmlcommand injection attempt (snort3-server-webapp.rules) * 1:47795 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Email Encryption Gateway SQL injection attempt (snort3-server-webapp.rules) * 1:32261 <-> DISABLED <-> SERVER-WEBAPP PineApp Mail-SeCure conflivelog.pl install license command injection attempt (snort3-server-webapp.rules) * 1:32786 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader PDF JBIG2 remote code execution attempt (snort3-file-pdf.rules) * 1:18792 <-> DISABLED <-> SERVER-WEBAPP Novell ZENworks Configuration Management UploadServlet code execution attempt (snort3-server-webapp.rules) * 1:32128 <-> DISABLED <-> SERVER-WEBAPP PineApp Mail-SeCure confpremenu.php command injection attempt (snort3-server-webapp.rules) * 1:37870 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer tRNS overflow attempt (snort3-browser-ie.rules) * 1:3689 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer tRNS overflow attempt (snort3-browser-ie.rules) * 1:35703 <-> DISABLED <-> SERVER-WEBAPP ManageEngine OpManager agentKey SQL injection attempt (snort3-server-webapp.rules) * 1:32203 <-> DISABLED <-> SERVER-WEBAPP PineApp Mail-SeCure ldapsyncnow.php command injection attempt (snort3-server-webapp.rules) * 1:56550 <-> DISABLED <-> SERVER-WEBAPP Ruckus IoT Controller Web UI authentication bypass attempt (snort3-server-webapp.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:58712 <-> ENABLED <-> MALWARE-OTHER Asp.Webshell.NewCon2 download attempt (malware-other.rules) * 1:58711 <-> ENABLED <-> MALWARE-OTHER Asp.Webshell.NewCon2 upload attempt (malware-other.rules) * 1:58709 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Email Encryption Gateway SQL injection attempt (server-webapp.rules) * 1:58713 <-> ENABLED <-> MALWARE-CNC Asp.Webshell.NewCon2 outbound connection attempt (malware-cnc.rules) * 1:58710 <-> DISABLED <-> SERVER-WEBAPP GE MDS PulseNET Servlet XML external entity injection attempt (server-webapp.rules) * 1:58714 <-> DISABLED <-> POLICY-OTHER Zoho ManageEngine Site24x7 agent installation attempt (policy-other.rules) * 1:58715 <-> DISABLED <-> POLICY-OTHER Zoho ManageEngine Site24x7 agent installation attempt (policy-other.rules)
* 1:41185 <-> DISABLED <-> POLICY-OTHER SunRPC Portmap GETPORT request detected (policy-other.rules) * 1:32261 <-> DISABLED <-> SERVER-WEBAPP PineApp Mail-SeCure conflivelog.pl install license command injection attempt (server-webapp.rules) * 1:29576 <-> DISABLED <-> FILE-OTHER Oracle Outside In OS2 metafile parser stack buffer overflow attempt (file-other.rules) * 1:47794 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Email Encryption Gateway SQL injection attempt (server-webapp.rules) * 1:39412 <-> DISABLED <-> SERVER-WEBAPP WANem WAN emulator command injection attempt (server-webapp.rules) * 1:39706 <-> DISABLED <-> BROWSER-OTHER Novell Messenger Client folder name buffer overflow attempt (browser-other.rules) * 1:15115 <-> DISABLED <-> OS-WINDOWS Microsoft Windows WebDAV pathname buffer overflow attempt (os-windows.rules) * 1:32127 <-> DISABLED <-> SERVER-WEBAPP PineApp Mail-SeCure livelog.htmlcommand injection attempt (server-webapp.rules) * 1:37870 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer tRNS overflow attempt (browser-ie.rules) * 1:24740 <-> DISABLED <-> SERVER-WEBAPP Oracle Business Transaction Management flashtunnelservice directory traversal attempt (server-webapp.rules) * 1:606 <-> DISABLED <-> PROTOCOL-SERVICES rlogin root (protocol-services.rules) * 1:32128 <-> DISABLED <-> SERVER-WEBAPP PineApp Mail-SeCure confpremenu.php command injection attempt (server-webapp.rules) * 1:32786 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader PDF JBIG2 remote code execution attempt (file-pdf.rules) * 1:43409 <-> DISABLED <-> POLICY-OTHER MongoDB dropDatabase attempt (policy-other.rules) * 1:23385 <-> DISABLED <-> SERVER-WEBAPP Novell GroupWise Messenger nmma.exe login memory corruption attempt (server-webapp.rules) * 1:32203 <-> DISABLED <-> SERVER-WEBAPP PineApp Mail-SeCure ldapsyncnow.php command injection attempt (server-webapp.rules) * 1:24425 <-> DISABLED <-> PROTOCOL-SCADA Sinapsi command injection attempt (protocol-scada.rules) * 1:47795 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Email Encryption Gateway SQL injection attempt (server-webapp.rules) * 1:18066 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint integer underflow heap corruption attempt (file-office.rules) * 1:18792 <-> DISABLED <-> SERVER-WEBAPP Novell ZENworks Configuration Management UploadServlet code execution attempt (server-webapp.rules) * 1:32269 <-> DISABLED <-> SERVER-WEBAPP PineApp Mail-SeCure confpremenu.php install license command injection attempt (server-webapp.rules) * 1:35703 <-> DISABLED <-> SERVER-WEBAPP ManageEngine OpManager agentKey SQL injection attempt (server-webapp.rules) * 1:3689 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer tRNS overflow attempt (browser-ie.rules) * 1:56550 <-> DISABLED <-> SERVER-WEBAPP Ruckus IoT Controller Web UI authentication bypass attempt (server-webapp.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.0.3.1.
The format of the file is:
gid:sid <-> Message
* 1:58709 <-> SERVER-WEBAPP Trend Micro Email Encryption Gateway SQL injection attempt * 1:58710 <-> SERVER-WEBAPP GE MDS PulseNET Servlet XML external entity injection attempt * 1:58711 <-> MALWARE-OTHER Asp.Webshell.NewCon2 upload attempt * 1:58712 <-> MALWARE-OTHER Asp.Webshell.NewCon2 download attempt * 1:58713 <-> MALWARE-CNC Asp.Webshell.NewCon2 outbound connection attempt * 1:58714 <-> POLICY-OTHER Zoho ManageEngine Site24x7 agent installation attempt * 1:58715 <-> POLICY-OTHER Zoho ManageEngine Site24x7 agent installation attempt * 3:58716 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1427 attack attempt * 3:58717 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1427 attack attempt * 3:58718 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1420 attack attempt * 3:58719 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1421 attack attempt * 3:58720 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1421 attack attempt
* 1:15115 <-> OS-WINDOWS Microsoft Windows WebDAV pathname buffer overflow attempt * 1:18066 <-> FILE-OFFICE Microsoft Office PowerPoint integer underflow heap corruption attempt * 1:18792 <-> SERVER-WEBAPP Novell ZENworks Configuration Management UploadServlet code execution attempt * 1:23385 <-> SERVER-WEBAPP Novell GroupWise Messenger nmma.exe login memory corruption attempt * 1:24425 <-> PROTOCOL-SCADA Sinapsi command injection attempt * 1:24740 <-> SERVER-WEBAPP Oracle Business Transaction Management flashtunnelservice directory traversal attempt * 1:29576 <-> FILE-OTHER Oracle Outside In OS2 metafile parser stack buffer overflow attempt * 1:32127 <-> SERVER-WEBAPP PineApp Mail-SeCure livelog.htmlcommand injection attempt * 1:32128 <-> SERVER-WEBAPP PineApp Mail-SeCure confpremenu.php command injection attempt * 1:32203 <-> SERVER-WEBAPP PineApp Mail-SeCure ldapsyncnow.php command injection attempt * 1:32261 <-> SERVER-WEBAPP PineApp Mail-SeCure conflivelog.pl install license command injection attempt * 1:32269 <-> SERVER-WEBAPP PineApp Mail-SeCure confpremenu.php install license command injection attempt * 1:32786 <-> FILE-PDF Adobe Acrobat Reader PDF JBIG2 remote code execution attempt * 1:35703 <-> SERVER-WEBAPP ManageEngine OpManager agentKey SQL injection attempt * 1:3689 <-> BROWSER-IE Microsoft Internet Explorer tRNS overflow attempt * 1:37870 <-> BROWSER-IE Microsoft Internet Explorer tRNS overflow attempt * 1:39412 <-> SERVER-WEBAPP WANem WAN emulator command injection attempt * 1:39706 <-> BROWSER-OTHER Novell Messenger Client folder name buffer overflow attempt * 1:41185 <-> POLICY-OTHER SunRPC Portmap GETPORT request detected * 1:43409 <-> POLICY-OTHER MongoDB dropDatabase attempt * 1:47794 <-> SERVER-WEBAPP Trend Micro Email Encryption Gateway SQL injection attempt * 1:47795 <-> SERVER-WEBAPP Trend Micro Email Encryption Gateway SQL injection attempt * 1:56550 <-> SERVER-WEBAPP Ruckus IoT Controller Web UI authentication bypass attempt * 1:606 <-> PROTOCOL-SERVICES rlogin root
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.0.3.4.
The format of the file is:
gid:sid <-> Message
* 1:58709 <-> SERVER-WEBAPP Trend Micro Email Encryption Gateway SQL injection attempt * 1:58710 <-> SERVER-WEBAPP GE MDS PulseNET Servlet XML external entity injection attempt * 1:58711 <-> MALWARE-OTHER Asp.Webshell.NewCon2 upload attempt * 1:58712 <-> MALWARE-OTHER Asp.Webshell.NewCon2 download attempt * 1:58713 <-> MALWARE-CNC Asp.Webshell.NewCon2 outbound connection attempt * 1:58714 <-> POLICY-OTHER Zoho ManageEngine Site24x7 agent installation attempt * 1:58715 <-> POLICY-OTHER Zoho ManageEngine Site24x7 agent installation attempt * 3:58716 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1427 attack attempt * 3:58717 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1427 attack attempt * 3:58718 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1420 attack attempt * 3:58719 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1421 attack attempt * 3:58720 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1421 attack attempt
* 1:15115 <-> OS-WINDOWS Microsoft Windows WebDAV pathname buffer overflow attempt * 1:18066 <-> FILE-OFFICE Microsoft Office PowerPoint integer underflow heap corruption attempt * 1:18792 <-> SERVER-WEBAPP Novell ZENworks Configuration Management UploadServlet code execution attempt * 1:23385 <-> SERVER-WEBAPP Novell GroupWise Messenger nmma.exe login memory corruption attempt * 1:24425 <-> PROTOCOL-SCADA Sinapsi command injection attempt * 1:24740 <-> SERVER-WEBAPP Oracle Business Transaction Management flashtunnelservice directory traversal attempt * 1:29576 <-> FILE-OTHER Oracle Outside In OS2 metafile parser stack buffer overflow attempt * 1:32127 <-> SERVER-WEBAPP PineApp Mail-SeCure livelog.htmlcommand injection attempt * 1:32128 <-> SERVER-WEBAPP PineApp Mail-SeCure confpremenu.php command injection attempt * 1:32203 <-> SERVER-WEBAPP PineApp Mail-SeCure ldapsyncnow.php command injection attempt * 1:32261 <-> SERVER-WEBAPP PineApp Mail-SeCure conflivelog.pl install license command injection attempt * 1:32269 <-> SERVER-WEBAPP PineApp Mail-SeCure confpremenu.php install license command injection attempt * 1:32786 <-> FILE-PDF Adobe Acrobat Reader PDF JBIG2 remote code execution attempt * 1:35703 <-> SERVER-WEBAPP ManageEngine OpManager agentKey SQL injection attempt * 1:3689 <-> BROWSER-IE Microsoft Internet Explorer tRNS overflow attempt * 1:37870 <-> BROWSER-IE Microsoft Internet Explorer tRNS overflow attempt * 1:39412 <-> SERVER-WEBAPP WANem WAN emulator command injection attempt * 1:39706 <-> BROWSER-OTHER Novell Messenger Client folder name buffer overflow attempt * 1:41185 <-> POLICY-OTHER SunRPC Portmap GETPORT request detected * 1:43409 <-> POLICY-OTHER MongoDB dropDatabase attempt * 1:47794 <-> SERVER-WEBAPP Trend Micro Email Encryption Gateway SQL injection attempt * 1:47795 <-> SERVER-WEBAPP Trend Micro Email Encryption Gateway SQL injection attempt * 1:56550 <-> SERVER-WEBAPP Ruckus IoT Controller Web UI authentication bypass attempt * 1:606 <-> PROTOCOL-SERVICES rlogin root
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.0.0.
The format of the file is:
gid:sid <-> Message
* 1:58709 <-> SERVER-WEBAPP Trend Micro Email Encryption Gateway SQL injection attempt * 1:58710 <-> SERVER-WEBAPP GE MDS PulseNET Servlet XML external entity injection attempt * 1:58711 <-> MALWARE-OTHER Asp.Webshell.NewCon2 upload attempt * 1:58712 <-> MALWARE-OTHER Asp.Webshell.NewCon2 download attempt * 1:58713 <-> MALWARE-CNC Asp.Webshell.NewCon2 outbound connection attempt * 1:58714 <-> POLICY-OTHER Zoho ManageEngine Site24x7 agent installation attempt * 1:58715 <-> POLICY-OTHER Zoho ManageEngine Site24x7 agent installation attempt * 3:58716 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1427 attack attempt * 3:58717 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1427 attack attempt * 3:58718 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1420 attack attempt * 3:58719 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1421 attack attempt * 3:58720 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1421 attack attempt
* 1:15115 <-> OS-WINDOWS Microsoft Windows WebDAV pathname buffer overflow attempt * 1:18066 <-> FILE-OFFICE Microsoft Office PowerPoint integer underflow heap corruption attempt * 1:18792 <-> SERVER-WEBAPP Novell ZENworks Configuration Management UploadServlet code execution attempt * 1:23385 <-> SERVER-WEBAPP Novell GroupWise Messenger nmma.exe login memory corruption attempt * 1:24425 <-> PROTOCOL-SCADA Sinapsi command injection attempt * 1:24740 <-> SERVER-WEBAPP Oracle Business Transaction Management flashtunnelservice directory traversal attempt * 1:29576 <-> FILE-OTHER Oracle Outside In OS2 metafile parser stack buffer overflow attempt * 1:32127 <-> SERVER-WEBAPP PineApp Mail-SeCure livelog.htmlcommand injection attempt * 1:32128 <-> SERVER-WEBAPP PineApp Mail-SeCure confpremenu.php command injection attempt * 1:32203 <-> SERVER-WEBAPP PineApp Mail-SeCure ldapsyncnow.php command injection attempt * 1:32261 <-> SERVER-WEBAPP PineApp Mail-SeCure conflivelog.pl install license command injection attempt * 1:32269 <-> SERVER-WEBAPP PineApp Mail-SeCure confpremenu.php install license command injection attempt * 1:32786 <-> FILE-PDF Adobe Acrobat Reader PDF JBIG2 remote code execution attempt * 1:35703 <-> SERVER-WEBAPP ManageEngine OpManager agentKey SQL injection attempt * 1:3689 <-> BROWSER-IE Microsoft Internet Explorer tRNS overflow attempt * 1:37870 <-> BROWSER-IE Microsoft Internet Explorer tRNS overflow attempt * 1:39412 <-> SERVER-WEBAPP WANem WAN emulator command injection attempt * 1:39706 <-> BROWSER-OTHER Novell Messenger Client folder name buffer overflow attempt * 1:41185 <-> POLICY-OTHER SunRPC Portmap GETPORT request detected * 1:43409 <-> POLICY-OTHER MongoDB dropDatabase attempt * 1:47794 <-> SERVER-WEBAPP Trend Micro Email Encryption Gateway SQL injection attempt * 1:47795 <-> SERVER-WEBAPP Trend Micro Email Encryption Gateway SQL injection attempt * 1:56550 <-> SERVER-WEBAPP Ruckus IoT Controller Web UI authentication bypass attempt * 1:606 <-> PROTOCOL-SERVICES rlogin root
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.0.1.
The format of the file is:
gid:sid <-> Message
* 1:58709 <-> SERVER-WEBAPP Trend Micro Email Encryption Gateway SQL injection attempt * 1:58710 <-> SERVER-WEBAPP GE MDS PulseNET Servlet XML external entity injection attempt * 1:58711 <-> MALWARE-OTHER Asp.Webshell.NewCon2 upload attempt * 1:58712 <-> MALWARE-OTHER Asp.Webshell.NewCon2 download attempt * 1:58713 <-> MALWARE-CNC Asp.Webshell.NewCon2 outbound connection attempt * 1:58714 <-> POLICY-OTHER Zoho ManageEngine Site24x7 agent installation attempt * 1:58715 <-> POLICY-OTHER Zoho ManageEngine Site24x7 agent installation attempt * 3:58716 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1427 attack attempt * 3:58717 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1427 attack attempt * 3:58718 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1420 attack attempt * 3:58719 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1421 attack attempt * 3:58720 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1421 attack attempt
* 1:15115 <-> OS-WINDOWS Microsoft Windows WebDAV pathname buffer overflow attempt * 1:18066 <-> FILE-OFFICE Microsoft Office PowerPoint integer underflow heap corruption attempt * 1:18792 <-> SERVER-WEBAPP Novell ZENworks Configuration Management UploadServlet code execution attempt * 1:23385 <-> SERVER-WEBAPP Novell GroupWise Messenger nmma.exe login memory corruption attempt * 1:24425 <-> PROTOCOL-SCADA Sinapsi command injection attempt * 1:24740 <-> SERVER-WEBAPP Oracle Business Transaction Management flashtunnelservice directory traversal attempt * 1:29576 <-> FILE-OTHER Oracle Outside In OS2 metafile parser stack buffer overflow attempt * 1:32127 <-> SERVER-WEBAPP PineApp Mail-SeCure livelog.htmlcommand injection attempt * 1:32128 <-> SERVER-WEBAPP PineApp Mail-SeCure confpremenu.php command injection attempt * 1:32203 <-> SERVER-WEBAPP PineApp Mail-SeCure ldapsyncnow.php command injection attempt * 1:32261 <-> SERVER-WEBAPP PineApp Mail-SeCure conflivelog.pl install license command injection attempt * 1:32269 <-> SERVER-WEBAPP PineApp Mail-SeCure confpremenu.php install license command injection attempt * 1:32786 <-> FILE-PDF Adobe Acrobat Reader PDF JBIG2 remote code execution attempt * 1:35703 <-> SERVER-WEBAPP ManageEngine OpManager agentKey SQL injection attempt * 1:3689 <-> BROWSER-IE Microsoft Internet Explorer tRNS overflow attempt * 1:37870 <-> BROWSER-IE Microsoft Internet Explorer tRNS overflow attempt * 1:39412 <-> SERVER-WEBAPP WANem WAN emulator command injection attempt * 1:39706 <-> BROWSER-OTHER Novell Messenger Client folder name buffer overflow attempt * 1:41185 <-> POLICY-OTHER SunRPC Portmap GETPORT request detected * 1:43409 <-> POLICY-OTHER MongoDB dropDatabase attempt * 1:47794 <-> SERVER-WEBAPP Trend Micro Email Encryption Gateway SQL injection attempt * 1:47795 <-> SERVER-WEBAPP Trend Micro Email Encryption Gateway SQL injection attempt * 1:56550 <-> SERVER-WEBAPP Ruckus IoT Controller Web UI authentication bypass attempt * 1:606 <-> PROTOCOL-SERVICES rlogin root
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.1.0.
The format of the file is:
gid:sid <-> Message
* 1:58709 <-> SERVER-WEBAPP Trend Micro Email Encryption Gateway SQL injection attempt * 1:58710 <-> SERVER-WEBAPP GE MDS PulseNET Servlet XML external entity injection attempt * 1:58711 <-> MALWARE-OTHER Asp.Webshell.NewCon2 upload attempt * 1:58712 <-> MALWARE-OTHER Asp.Webshell.NewCon2 download attempt * 1:58713 <-> MALWARE-CNC Asp.Webshell.NewCon2 outbound connection attempt * 1:58714 <-> POLICY-OTHER Zoho ManageEngine Site24x7 agent installation attempt * 1:58715 <-> POLICY-OTHER Zoho ManageEngine Site24x7 agent installation attempt * 3:58716 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1427 attack attempt * 3:58717 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1427 attack attempt * 3:58718 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1420 attack attempt * 3:58719 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1421 attack attempt * 3:58720 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1421 attack attempt
* 1:15115 <-> OS-WINDOWS Microsoft Windows WebDAV pathname buffer overflow attempt * 1:18066 <-> FILE-OFFICE Microsoft Office PowerPoint integer underflow heap corruption attempt * 1:18792 <-> SERVER-WEBAPP Novell ZENworks Configuration Management UploadServlet code execution attempt * 1:23385 <-> SERVER-WEBAPP Novell GroupWise Messenger nmma.exe login memory corruption attempt * 1:24425 <-> PROTOCOL-SCADA Sinapsi command injection attempt * 1:24740 <-> SERVER-WEBAPP Oracle Business Transaction Management flashtunnelservice directory traversal attempt * 1:29576 <-> FILE-OTHER Oracle Outside In OS2 metafile parser stack buffer overflow attempt * 1:32127 <-> SERVER-WEBAPP PineApp Mail-SeCure livelog.htmlcommand injection attempt * 1:32128 <-> SERVER-WEBAPP PineApp Mail-SeCure confpremenu.php command injection attempt * 1:32203 <-> SERVER-WEBAPP PineApp Mail-SeCure ldapsyncnow.php command injection attempt * 1:32261 <-> SERVER-WEBAPP PineApp Mail-SeCure conflivelog.pl install license command injection attempt * 1:32269 <-> SERVER-WEBAPP PineApp Mail-SeCure confpremenu.php install license command injection attempt * 1:32786 <-> FILE-PDF Adobe Acrobat Reader PDF JBIG2 remote code execution attempt * 1:35703 <-> SERVER-WEBAPP ManageEngine OpManager agentKey SQL injection attempt * 1:3689 <-> BROWSER-IE Microsoft Internet Explorer tRNS overflow attempt * 1:37870 <-> BROWSER-IE Microsoft Internet Explorer tRNS overflow attempt * 1:39412 <-> SERVER-WEBAPP WANem WAN emulator command injection attempt * 1:39706 <-> BROWSER-OTHER Novell Messenger Client folder name buffer overflow attempt * 1:41185 <-> POLICY-OTHER SunRPC Portmap GETPORT request detected * 1:43409 <-> POLICY-OTHER MongoDB dropDatabase attempt * 1:47794 <-> SERVER-WEBAPP Trend Micro Email Encryption Gateway SQL injection attempt * 1:47795 <-> SERVER-WEBAPP Trend Micro Email Encryption Gateway SQL injection attempt * 1:56550 <-> SERVER-WEBAPP Ruckus IoT Controller Web UI authentication bypass attempt * 1:606 <-> PROTOCOL-SERVICES rlogin root
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.3.0.
The format of the file is:
gid:sid <-> Message
* 1:58709 <-> SERVER-WEBAPP Trend Micro Email Encryption Gateway SQL injection attempt * 1:58710 <-> SERVER-WEBAPP GE MDS PulseNET Servlet XML external entity injection attempt * 1:58711 <-> MALWARE-OTHER Asp.Webshell.NewCon2 upload attempt * 1:58712 <-> MALWARE-OTHER Asp.Webshell.NewCon2 download attempt * 1:58713 <-> MALWARE-CNC Asp.Webshell.NewCon2 outbound connection attempt * 1:58714 <-> POLICY-OTHER Zoho ManageEngine Site24x7 agent installation attempt * 1:58715 <-> POLICY-OTHER Zoho ManageEngine Site24x7 agent installation attempt * 3:58716 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1427 attack attempt * 3:58717 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1427 attack attempt * 3:58718 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1420 attack attempt * 3:58719 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1421 attack attempt * 3:58720 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1421 attack attempt
* 1:15115 <-> OS-WINDOWS Microsoft Windows WebDAV pathname buffer overflow attempt * 1:18066 <-> FILE-OFFICE Microsoft Office PowerPoint integer underflow heap corruption attempt * 1:18792 <-> SERVER-WEBAPP Novell ZENworks Configuration Management UploadServlet code execution attempt * 1:23385 <-> SERVER-WEBAPP Novell GroupWise Messenger nmma.exe login memory corruption attempt * 1:24425 <-> PROTOCOL-SCADA Sinapsi command injection attempt * 1:24740 <-> SERVER-WEBAPP Oracle Business Transaction Management flashtunnelservice directory traversal attempt * 1:29576 <-> FILE-OTHER Oracle Outside In OS2 metafile parser stack buffer overflow attempt * 1:32127 <-> SERVER-WEBAPP PineApp Mail-SeCure livelog.htmlcommand injection attempt * 1:32128 <-> SERVER-WEBAPP PineApp Mail-SeCure confpremenu.php command injection attempt * 1:32203 <-> SERVER-WEBAPP PineApp Mail-SeCure ldapsyncnow.php command injection attempt * 1:32261 <-> SERVER-WEBAPP PineApp Mail-SeCure conflivelog.pl install license command injection attempt * 1:32269 <-> SERVER-WEBAPP PineApp Mail-SeCure confpremenu.php install license command injection attempt * 1:32786 <-> FILE-PDF Adobe Acrobat Reader PDF JBIG2 remote code execution attempt * 1:35703 <-> SERVER-WEBAPP ManageEngine OpManager agentKey SQL injection attempt * 1:3689 <-> BROWSER-IE Microsoft Internet Explorer tRNS overflow attempt * 1:37870 <-> BROWSER-IE Microsoft Internet Explorer tRNS overflow attempt * 1:39412 <-> SERVER-WEBAPP WANem WAN emulator command injection attempt * 1:39706 <-> BROWSER-OTHER Novell Messenger Client folder name buffer overflow attempt * 1:41185 <-> POLICY-OTHER SunRPC Portmap GETPORT request detected * 1:43409 <-> POLICY-OTHER MongoDB dropDatabase attempt * 1:47794 <-> SERVER-WEBAPP Trend Micro Email Encryption Gateway SQL injection attempt * 1:47795 <-> SERVER-WEBAPP Trend Micro Email Encryption Gateway SQL injection attempt * 1:56550 <-> SERVER-WEBAPP Ruckus IoT Controller Web UI authentication bypass attempt * 1:606 <-> PROTOCOL-SERVICES rlogin root
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.4.0.
The format of the file is:
gid:sid <-> Message
* 1:58709 <-> SERVER-WEBAPP Trend Micro Email Encryption Gateway SQL injection attempt * 1:58710 <-> SERVER-WEBAPP GE MDS PulseNET Servlet XML external entity injection attempt * 1:58711 <-> MALWARE-OTHER Asp.Webshell.NewCon2 upload attempt * 1:58712 <-> MALWARE-OTHER Asp.Webshell.NewCon2 download attempt * 1:58713 <-> MALWARE-CNC Asp.Webshell.NewCon2 outbound connection attempt * 1:58714 <-> POLICY-OTHER Zoho ManageEngine Site24x7 agent installation attempt * 1:58715 <-> POLICY-OTHER Zoho ManageEngine Site24x7 agent installation attempt * 3:58716 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1427 attack attempt * 3:58717 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1427 attack attempt * 3:58718 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1420 attack attempt * 3:58719 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1421 attack attempt * 3:58720 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1421 attack attempt
* 1:15115 <-> OS-WINDOWS Microsoft Windows WebDAV pathname buffer overflow attempt * 1:18066 <-> FILE-OFFICE Microsoft Office PowerPoint integer underflow heap corruption attempt * 1:18792 <-> SERVER-WEBAPP Novell ZENworks Configuration Management UploadServlet code execution attempt * 1:23385 <-> SERVER-WEBAPP Novell GroupWise Messenger nmma.exe login memory corruption attempt * 1:24425 <-> PROTOCOL-SCADA Sinapsi command injection attempt * 1:24740 <-> SERVER-WEBAPP Oracle Business Transaction Management flashtunnelservice directory traversal attempt * 1:29576 <-> FILE-OTHER Oracle Outside In OS2 metafile parser stack buffer overflow attempt * 1:32127 <-> SERVER-WEBAPP PineApp Mail-SeCure livelog.htmlcommand injection attempt * 1:32128 <-> SERVER-WEBAPP PineApp Mail-SeCure confpremenu.php command injection attempt * 1:32203 <-> SERVER-WEBAPP PineApp Mail-SeCure ldapsyncnow.php command injection attempt * 1:32261 <-> SERVER-WEBAPP PineApp Mail-SeCure conflivelog.pl install license command injection attempt * 1:32269 <-> SERVER-WEBAPP PineApp Mail-SeCure confpremenu.php install license command injection attempt * 1:32786 <-> FILE-PDF Adobe Acrobat Reader PDF JBIG2 remote code execution attempt * 1:35703 <-> SERVER-WEBAPP ManageEngine OpManager agentKey SQL injection attempt * 1:3689 <-> BROWSER-IE Microsoft Internet Explorer tRNS overflow attempt * 1:37870 <-> BROWSER-IE Microsoft Internet Explorer tRNS overflow attempt * 1:39412 <-> SERVER-WEBAPP WANem WAN emulator command injection attempt * 1:39706 <-> BROWSER-OTHER Novell Messenger Client folder name buffer overflow attempt * 1:41185 <-> POLICY-OTHER SunRPC Portmap GETPORT request detected * 1:43409 <-> POLICY-OTHER MongoDB dropDatabase attempt * 1:47794 <-> SERVER-WEBAPP Trend Micro Email Encryption Gateway SQL injection attempt * 1:47795 <-> SERVER-WEBAPP Trend Micro Email Encryption Gateway SQL injection attempt * 1:56550 <-> SERVER-WEBAPP Ruckus IoT Controller Web UI authentication bypass attempt * 1:606 <-> PROTOCOL-SERVICES rlogin root
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.5.0.
The format of the file is:
gid:sid <-> Message
* 1:58709 <-> SERVER-WEBAPP Trend Micro Email Encryption Gateway SQL injection attempt * 1:58710 <-> SERVER-WEBAPP GE MDS PulseNET Servlet XML external entity injection attempt * 1:58711 <-> MALWARE-OTHER Asp.Webshell.NewCon2 upload attempt * 1:58712 <-> MALWARE-OTHER Asp.Webshell.NewCon2 download attempt * 1:58713 <-> MALWARE-CNC Asp.Webshell.NewCon2 outbound connection attempt * 1:58714 <-> POLICY-OTHER Zoho ManageEngine Site24x7 agent installation attempt * 1:58715 <-> POLICY-OTHER Zoho ManageEngine Site24x7 agent installation attempt * 3:58716 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1427 attack attempt * 3:58717 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1427 attack attempt * 3:58718 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1420 attack attempt * 3:58719 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1421 attack attempt * 3:58720 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1421 attack attempt
* 1:15115 <-> OS-WINDOWS Microsoft Windows WebDAV pathname buffer overflow attempt * 1:18066 <-> FILE-OFFICE Microsoft Office PowerPoint integer underflow heap corruption attempt * 1:18792 <-> SERVER-WEBAPP Novell ZENworks Configuration Management UploadServlet code execution attempt * 1:23385 <-> SERVER-WEBAPP Novell GroupWise Messenger nmma.exe login memory corruption attempt * 1:24425 <-> PROTOCOL-SCADA Sinapsi command injection attempt * 1:24740 <-> SERVER-WEBAPP Oracle Business Transaction Management flashtunnelservice directory traversal attempt * 1:29576 <-> FILE-OTHER Oracle Outside In OS2 metafile parser stack buffer overflow attempt * 1:32127 <-> SERVER-WEBAPP PineApp Mail-SeCure livelog.htmlcommand injection attempt * 1:32128 <-> SERVER-WEBAPP PineApp Mail-SeCure confpremenu.php command injection attempt * 1:32203 <-> SERVER-WEBAPP PineApp Mail-SeCure ldapsyncnow.php command injection attempt * 1:32261 <-> SERVER-WEBAPP PineApp Mail-SeCure conflivelog.pl install license command injection attempt * 1:32269 <-> SERVER-WEBAPP PineApp Mail-SeCure confpremenu.php install license command injection attempt * 1:32786 <-> FILE-PDF Adobe Acrobat Reader PDF JBIG2 remote code execution attempt * 1:35703 <-> SERVER-WEBAPP ManageEngine OpManager agentKey SQL injection attempt * 1:3689 <-> BROWSER-IE Microsoft Internet Explorer tRNS overflow attempt * 1:37870 <-> BROWSER-IE Microsoft Internet Explorer tRNS overflow attempt * 1:39412 <-> SERVER-WEBAPP WANem WAN emulator command injection attempt * 1:39706 <-> BROWSER-OTHER Novell Messenger Client folder name buffer overflow attempt * 1:41185 <-> POLICY-OTHER SunRPC Portmap GETPORT request detected * 1:43409 <-> POLICY-OTHER MongoDB dropDatabase attempt * 1:47794 <-> SERVER-WEBAPP Trend Micro Email Encryption Gateway SQL injection attempt * 1:47795 <-> SERVER-WEBAPP Trend Micro Email Encryption Gateway SQL injection attempt * 1:56550 <-> SERVER-WEBAPP Ruckus IoT Controller Web UI authentication bypass attempt * 1:606 <-> PROTOCOL-SERVICES rlogin root
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.7.0.
The format of the file is:
gid:sid <-> Message
* 1:58709 <-> SERVER-WEBAPP Trend Micro Email Encryption Gateway SQL injection attempt * 1:58710 <-> SERVER-WEBAPP GE MDS PulseNET Servlet XML external entity injection attempt * 1:58711 <-> MALWARE-OTHER Asp.Webshell.NewCon2 upload attempt * 1:58712 <-> MALWARE-OTHER Asp.Webshell.NewCon2 download attempt * 1:58713 <-> MALWARE-CNC Asp.Webshell.NewCon2 outbound connection attempt * 1:58714 <-> POLICY-OTHER Zoho ManageEngine Site24x7 agent installation attempt * 1:58715 <-> POLICY-OTHER Zoho ManageEngine Site24x7 agent installation attempt * 3:58716 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1427 attack attempt * 3:58717 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1427 attack attempt * 3:58718 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1420 attack attempt * 3:58719 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1421 attack attempt * 3:58720 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1421 attack attempt
* 1:15115 <-> OS-WINDOWS Microsoft Windows WebDAV pathname buffer overflow attempt * 1:18066 <-> FILE-OFFICE Microsoft Office PowerPoint integer underflow heap corruption attempt * 1:18792 <-> SERVER-WEBAPP Novell ZENworks Configuration Management UploadServlet code execution attempt * 1:23385 <-> SERVER-WEBAPP Novell GroupWise Messenger nmma.exe login memory corruption attempt * 1:24425 <-> PROTOCOL-SCADA Sinapsi command injection attempt * 1:24740 <-> SERVER-WEBAPP Oracle Business Transaction Management flashtunnelservice directory traversal attempt * 1:29576 <-> FILE-OTHER Oracle Outside In OS2 metafile parser stack buffer overflow attempt * 1:32127 <-> SERVER-WEBAPP PineApp Mail-SeCure livelog.htmlcommand injection attempt * 1:32128 <-> SERVER-WEBAPP PineApp Mail-SeCure confpremenu.php command injection attempt * 1:32203 <-> SERVER-WEBAPP PineApp Mail-SeCure ldapsyncnow.php command injection attempt * 1:32261 <-> SERVER-WEBAPP PineApp Mail-SeCure conflivelog.pl install license command injection attempt * 1:32269 <-> SERVER-WEBAPP PineApp Mail-SeCure confpremenu.php install license command injection attempt * 1:32786 <-> FILE-PDF Adobe Acrobat Reader PDF JBIG2 remote code execution attempt * 1:35703 <-> SERVER-WEBAPP ManageEngine OpManager agentKey SQL injection attempt * 1:3689 <-> BROWSER-IE Microsoft Internet Explorer tRNS overflow attempt * 1:37870 <-> BROWSER-IE Microsoft Internet Explorer tRNS overflow attempt * 1:39412 <-> SERVER-WEBAPP WANem WAN emulator command injection attempt * 1:39706 <-> BROWSER-OTHER Novell Messenger Client folder name buffer overflow attempt * 1:41185 <-> POLICY-OTHER SunRPC Portmap GETPORT request detected * 1:43409 <-> POLICY-OTHER MongoDB dropDatabase attempt * 1:47794 <-> SERVER-WEBAPP Trend Micro Email Encryption Gateway SQL injection attempt * 1:47795 <-> SERVER-WEBAPP Trend Micro Email Encryption Gateway SQL injection attempt * 1:56550 <-> SERVER-WEBAPP Ruckus IoT Controller Web UI authentication bypass attempt * 1:606 <-> PROTOCOL-SERVICES rlogin root
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.9.0.
The format of the file is:
gid:sid <-> Message
* 1:58709 <-> SERVER-WEBAPP Trend Micro Email Encryption Gateway SQL injection attempt * 1:58710 <-> SERVER-WEBAPP GE MDS PulseNET Servlet XML external entity injection attempt * 1:58711 <-> MALWARE-OTHER Asp.Webshell.NewCon2 upload attempt * 1:58712 <-> MALWARE-OTHER Asp.Webshell.NewCon2 download attempt * 1:58713 <-> MALWARE-CNC Asp.Webshell.NewCon2 outbound connection attempt * 1:58714 <-> POLICY-OTHER Zoho ManageEngine Site24x7 agent installation attempt * 1:58715 <-> POLICY-OTHER Zoho ManageEngine Site24x7 agent installation attempt * 3:58716 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1427 attack attempt * 3:58717 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1427 attack attempt * 3:58718 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1420 attack attempt * 3:58719 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1421 attack attempt * 3:58720 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1421 attack attempt
* 1:15115 <-> OS-WINDOWS Microsoft Windows WebDAV pathname buffer overflow attempt * 1:18066 <-> FILE-OFFICE Microsoft Office PowerPoint integer underflow heap corruption attempt * 1:18792 <-> SERVER-WEBAPP Novell ZENworks Configuration Management UploadServlet code execution attempt * 1:23385 <-> SERVER-WEBAPP Novell GroupWise Messenger nmma.exe login memory corruption attempt * 1:24425 <-> PROTOCOL-SCADA Sinapsi command injection attempt * 1:24740 <-> SERVER-WEBAPP Oracle Business Transaction Management flashtunnelservice directory traversal attempt * 1:29576 <-> FILE-OTHER Oracle Outside In OS2 metafile parser stack buffer overflow attempt * 1:32127 <-> SERVER-WEBAPP PineApp Mail-SeCure livelog.htmlcommand injection attempt * 1:32128 <-> SERVER-WEBAPP PineApp Mail-SeCure confpremenu.php command injection attempt * 1:32203 <-> SERVER-WEBAPP PineApp Mail-SeCure ldapsyncnow.php command injection attempt * 1:32261 <-> SERVER-WEBAPP PineApp Mail-SeCure conflivelog.pl install license command injection attempt * 1:32269 <-> SERVER-WEBAPP PineApp Mail-SeCure confpremenu.php install license command injection attempt * 1:32786 <-> FILE-PDF Adobe Acrobat Reader PDF JBIG2 remote code execution attempt * 1:35703 <-> SERVER-WEBAPP ManageEngine OpManager agentKey SQL injection attempt * 1:3689 <-> BROWSER-IE Microsoft Internet Explorer tRNS overflow attempt * 1:37870 <-> BROWSER-IE Microsoft Internet Explorer tRNS overflow attempt * 1:39412 <-> SERVER-WEBAPP WANem WAN emulator command injection attempt * 1:39706 <-> BROWSER-OTHER Novell Messenger Client folder name buffer overflow attempt * 1:41185 <-> POLICY-OTHER SunRPC Portmap GETPORT request detected * 1:43409 <-> POLICY-OTHER MongoDB dropDatabase attempt * 1:47794 <-> SERVER-WEBAPP Trend Micro Email Encryption Gateway SQL injection attempt * 1:47795 <-> SERVER-WEBAPP Trend Micro Email Encryption Gateway SQL injection attempt * 1:56550 <-> SERVER-WEBAPP Ruckus IoT Controller Web UI authentication bypass attempt * 1:606 <-> PROTOCOL-SERVICES rlogin root
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.11.0.
The format of the file is:
gid:sid <-> Message
* 1:58709 <-> SERVER-WEBAPP Trend Micro Email Encryption Gateway SQL injection attempt * 1:58710 <-> SERVER-WEBAPP GE MDS PulseNET Servlet XML external entity injection attempt * 1:58711 <-> MALWARE-OTHER Asp.Webshell.NewCon2 upload attempt * 1:58712 <-> MALWARE-OTHER Asp.Webshell.NewCon2 download attempt * 1:58713 <-> MALWARE-CNC Asp.Webshell.NewCon2 outbound connection attempt * 1:58714 <-> POLICY-OTHER Zoho ManageEngine Site24x7 agent installation attempt * 1:58715 <-> POLICY-OTHER Zoho ManageEngine Site24x7 agent installation attempt * 3:58716 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1427 attack attempt * 3:58717 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1427 attack attempt * 3:58718 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1420 attack attempt * 3:58719 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1421 attack attempt * 3:58720 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1421 attack attempt
* 1:15115 <-> OS-WINDOWS Microsoft Windows WebDAV pathname buffer overflow attempt * 1:18066 <-> FILE-OFFICE Microsoft Office PowerPoint integer underflow heap corruption attempt * 1:18792 <-> SERVER-WEBAPP Novell ZENworks Configuration Management UploadServlet code execution attempt * 1:23385 <-> SERVER-WEBAPP Novell GroupWise Messenger nmma.exe login memory corruption attempt * 1:24425 <-> PROTOCOL-SCADA Sinapsi command injection attempt * 1:24740 <-> SERVER-WEBAPP Oracle Business Transaction Management flashtunnelservice directory traversal attempt * 1:29576 <-> FILE-OTHER Oracle Outside In OS2 metafile parser stack buffer overflow attempt * 1:32127 <-> SERVER-WEBAPP PineApp Mail-SeCure livelog.htmlcommand injection attempt * 1:32128 <-> SERVER-WEBAPP PineApp Mail-SeCure confpremenu.php command injection attempt * 1:32203 <-> SERVER-WEBAPP PineApp Mail-SeCure ldapsyncnow.php command injection attempt * 1:32261 <-> SERVER-WEBAPP PineApp Mail-SeCure conflivelog.pl install license command injection attempt * 1:32269 <-> SERVER-WEBAPP PineApp Mail-SeCure confpremenu.php install license command injection attempt * 1:32786 <-> FILE-PDF Adobe Acrobat Reader PDF JBIG2 remote code execution attempt * 1:35703 <-> SERVER-WEBAPP ManageEngine OpManager agentKey SQL injection attempt * 1:3689 <-> BROWSER-IE Microsoft Internet Explorer tRNS overflow attempt * 1:37870 <-> BROWSER-IE Microsoft Internet Explorer tRNS overflow attempt * 1:39412 <-> SERVER-WEBAPP WANem WAN emulator command injection attempt * 1:39706 <-> BROWSER-OTHER Novell Messenger Client folder name buffer overflow attempt * 1:41185 <-> POLICY-OTHER SunRPC Portmap GETPORT request detected * 1:43409 <-> POLICY-OTHER MongoDB dropDatabase attempt * 1:47794 <-> SERVER-WEBAPP Trend Micro Email Encryption Gateway SQL injection attempt * 1:47795 <-> SERVER-WEBAPP Trend Micro Email Encryption Gateway SQL injection attempt * 1:56550 <-> SERVER-WEBAPP Ruckus IoT Controller Web UI authentication bypass attempt * 1:606 <-> PROTOCOL-SERVICES rlogin root
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.15.0.
The format of the file is:
gid:sid <-> Message
* 1:58709 <-> SERVER-WEBAPP Trend Micro Email Encryption Gateway SQL injection attempt * 1:58710 <-> SERVER-WEBAPP GE MDS PulseNET Servlet XML external entity injection attempt * 1:58711 <-> MALWARE-OTHER Asp.Webshell.NewCon2 upload attempt * 1:58712 <-> MALWARE-OTHER Asp.Webshell.NewCon2 download attempt * 1:58713 <-> MALWARE-CNC Asp.Webshell.NewCon2 outbound connection attempt * 1:58714 <-> POLICY-OTHER Zoho ManageEngine Site24x7 agent installation attempt * 1:58715 <-> POLICY-OTHER Zoho ManageEngine Site24x7 agent installation attempt * 3:58716 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1427 attack attempt * 3:58717 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1427 attack attempt * 3:58718 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1420 attack attempt * 3:58719 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1421 attack attempt * 3:58720 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1421 attack attempt
* 1:15115 <-> OS-WINDOWS Microsoft Windows WebDAV pathname buffer overflow attempt * 1:18066 <-> FILE-OFFICE Microsoft Office PowerPoint integer underflow heap corruption attempt * 1:18792 <-> SERVER-WEBAPP Novell ZENworks Configuration Management UploadServlet code execution attempt * 1:23385 <-> SERVER-WEBAPP Novell GroupWise Messenger nmma.exe login memory corruption attempt * 1:24425 <-> PROTOCOL-SCADA Sinapsi command injection attempt * 1:24740 <-> SERVER-WEBAPP Oracle Business Transaction Management flashtunnelservice directory traversal attempt * 1:29576 <-> FILE-OTHER Oracle Outside In OS2 metafile parser stack buffer overflow attempt * 1:32127 <-> SERVER-WEBAPP PineApp Mail-SeCure livelog.htmlcommand injection attempt * 1:32128 <-> SERVER-WEBAPP PineApp Mail-SeCure confpremenu.php command injection attempt * 1:32203 <-> SERVER-WEBAPP PineApp Mail-SeCure ldapsyncnow.php command injection attempt * 1:32261 <-> SERVER-WEBAPP PineApp Mail-SeCure conflivelog.pl install license command injection attempt * 1:32269 <-> SERVER-WEBAPP PineApp Mail-SeCure confpremenu.php install license command injection attempt * 1:32786 <-> FILE-PDF Adobe Acrobat Reader PDF JBIG2 remote code execution attempt * 1:35703 <-> SERVER-WEBAPP ManageEngine OpManager agentKey SQL injection attempt * 1:3689 <-> BROWSER-IE Microsoft Internet Explorer tRNS overflow attempt * 1:37870 <-> BROWSER-IE Microsoft Internet Explorer tRNS overflow attempt * 1:39412 <-> SERVER-WEBAPP WANem WAN emulator command injection attempt * 1:39706 <-> BROWSER-OTHER Novell Messenger Client folder name buffer overflow attempt * 1:41185 <-> POLICY-OTHER SunRPC Portmap GETPORT request detected * 1:43409 <-> POLICY-OTHER MongoDB dropDatabase attempt * 1:47794 <-> SERVER-WEBAPP Trend Micro Email Encryption Gateway SQL injection attempt * 1:47795 <-> SERVER-WEBAPP Trend Micro Email Encryption Gateway SQL injection attempt * 1:56550 <-> SERVER-WEBAPP Ruckus IoT Controller Web UI authentication bypass attempt * 1:606 <-> PROTOCOL-SERVICES rlogin root
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.18.0.
The format of the file is:
gid:sid <-> Message
* 1:58709 <-> SERVER-WEBAPP Trend Micro Email Encryption Gateway SQL injection attempt * 1:58710 <-> SERVER-WEBAPP GE MDS PulseNET Servlet XML external entity injection attempt * 1:58711 <-> MALWARE-OTHER Asp.Webshell.NewCon2 upload attempt * 1:58712 <-> MALWARE-OTHER Asp.Webshell.NewCon2 download attempt * 1:58713 <-> MALWARE-CNC Asp.Webshell.NewCon2 outbound connection attempt * 1:58714 <-> POLICY-OTHER Zoho ManageEngine Site24x7 agent installation attempt * 1:58715 <-> POLICY-OTHER Zoho ManageEngine Site24x7 agent installation attempt * 3:58716 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1427 attack attempt * 3:58717 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1427 attack attempt * 3:58718 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1420 attack attempt * 3:58719 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1421 attack attempt * 3:58720 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1421 attack attempt
* 1:15115 <-> OS-WINDOWS Microsoft Windows WebDAV pathname buffer overflow attempt * 1:18066 <-> FILE-OFFICE Microsoft Office PowerPoint integer underflow heap corruption attempt * 1:18792 <-> SERVER-WEBAPP Novell ZENworks Configuration Management UploadServlet code execution attempt * 1:23385 <-> SERVER-WEBAPP Novell GroupWise Messenger nmma.exe login memory corruption attempt * 1:24425 <-> PROTOCOL-SCADA Sinapsi command injection attempt * 1:24740 <-> SERVER-WEBAPP Oracle Business Transaction Management flashtunnelservice directory traversal attempt * 1:29576 <-> FILE-OTHER Oracle Outside In OS2 metafile parser stack buffer overflow attempt * 1:32127 <-> SERVER-WEBAPP PineApp Mail-SeCure livelog.htmlcommand injection attempt * 1:32128 <-> SERVER-WEBAPP PineApp Mail-SeCure confpremenu.php command injection attempt * 1:32203 <-> SERVER-WEBAPP PineApp Mail-SeCure ldapsyncnow.php command injection attempt * 1:32261 <-> SERVER-WEBAPP PineApp Mail-SeCure conflivelog.pl install license command injection attempt * 1:32269 <-> SERVER-WEBAPP PineApp Mail-SeCure confpremenu.php install license command injection attempt * 1:32786 <-> FILE-PDF Adobe Acrobat Reader PDF JBIG2 remote code execution attempt * 1:35703 <-> SERVER-WEBAPP ManageEngine OpManager agentKey SQL injection attempt * 1:3689 <-> BROWSER-IE Microsoft Internet Explorer tRNS overflow attempt * 1:37870 <-> BROWSER-IE Microsoft Internet Explorer tRNS overflow attempt * 1:39412 <-> SERVER-WEBAPP WANem WAN emulator command injection attempt * 1:39706 <-> BROWSER-OTHER Novell Messenger Client folder name buffer overflow attempt * 1:41185 <-> POLICY-OTHER SunRPC Portmap GETPORT request detected * 1:43409 <-> POLICY-OTHER MongoDB dropDatabase attempt * 1:47794 <-> SERVER-WEBAPP Trend Micro Email Encryption Gateway SQL injection attempt * 1:47795 <-> SERVER-WEBAPP Trend Micro Email Encryption Gateway SQL injection attempt * 1:56550 <-> SERVER-WEBAPP Ruckus IoT Controller Web UI authentication bypass attempt * 1:606 <-> PROTOCOL-SERVICES rlogin root
©2024 Cisco and/or its affiliates. Snort, the Snort and Pig logo are registered trademarks of Cisco. All rights reserved.
