Talos Rules 2022-01-06
This release adds and modifies rules in several categories.

References to CVE 2021-44832 have been added to all existing log4j rules for ease of reference for users. Coverage was not updated as there was no need.

Talos has added and modified multiple rules in the file-multimedia, indicator-compromise, malware-cnc, malware-other, policy-other, protocol-other and server-webapp rule sets to provide coverage for emerging threats from these technologies.

Change logs

2022-01-06 22:07:17 UTC

Snort Subscriber Rules Update

Date: 2022-01-06

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091900.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:58838 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center Index Java expression language injection attempt (server-webapp.rules)
 * 1:58839 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center Index Java expression language injection attempt (server-webapp.rules)
 * 1:58840 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager AdHocQuery_Result XML external entity injection attempt (server-webapp.rules)
 * 1:58841 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Java expression language injection attempt (server-webapp.rules)
 * 1:58842 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Java expression language injection attempt (server-webapp.rules)
 * 1:58843 <-> DISABLED <-> SERVER-WEBAPP FUEL CMS col SQL injection attempt (server-webapp.rules)
 * 1:58844 <-> DISABLED <-> SERVER-WEBAPP FUEL CMS col SQL injection attempt (server-webapp.rules)
 * 1:58845 <-> DISABLED <-> SERVER-WEBAPP FUEL CMS col SQL injection attempt (server-webapp.rules)
 * 1:58846 <-> DISABLED <-> PROTOCOL-OTHER libcurl mqtt use after free attempt (protocol-other.rules)
 * 1:58847 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway requestDomains hidDomains SQL injection attempt (server-webapp.rules)
 * 1:58848 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway requestDomains hidDomains SQL injection attempt (server-webapp.rules)
 * 1:58849 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway requestDomains hidDomains SQL injection attempt (server-webapp.rules)
 * 1:58850 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Rollcoast download attempt (malware-other.rules)
 * 1:58851 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Rollcoast download attempt (malware-other.rules)
 * 1:58852 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BazarLoader outbound connection (malware-cnc.rules)
 * 1:58853 <-> ENABLED <-> SERVER-OTHER RealTek UDPServer command injection attempt (server-other.rules)
 * 3:58836 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1434 attack attempt (file-multimedia.rules)
 * 3:58837 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1434 attack attempt (file-multimedia.rules)

Modified Rules:


 * 1:58727 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58728 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58732 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58733 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58734 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58735 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58736 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58722 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58723 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58737 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58724 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58725 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58729 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58731 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58730 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58738 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58739 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58740 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58741 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58742 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58743 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58744 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58751 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58784 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58785 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58786 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58787 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58788 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58789 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58790 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58795 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58801 <-> DISABLED <-> INDICATOR-COMPROMISE JNDI LDAP searchResEntry dynamic code download attempt (indicator-compromise.rules)
 * 1:58726 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58811 <-> ENABLED <-> SERVER-OTHER VMWare vSphere log4shell exploit attempt (server-other.rules)
 * 1:58812 <-> ENABLED <-> SERVER-OTHER VMWare vSphere log4shell exploit attempt (server-other.rules)
 * 1:58813 <-> ENABLED <-> SERVER-OTHER VMWare vSphere log4shell exploit attempt (server-other.rules)
 * 1:58814 <-> DISABLED <-> POLICY-OTHER Java User-Agent remote class download attempt (policy-other.rules)
 * 3:58802 <-> ENABLED <-> SERVER-WEBAPP Apache Log4j logging remote code execution attempt (server-webapp.rules)
 * 3:58803 <-> ENABLED <-> SERVER-WEBAPP Apache Log4j logging remote code execution attempt (server-webapp.rules)
 * 3:58804 <-> ENABLED <-> SERVER-WEBAPP Apache Log4j logging remote code execution attempt (server-webapp.rules)
 * 3:58805 <-> ENABLED <-> SERVER-WEBAPP Apache Log4j logging remote code execution attempt (server-webapp.rules)
 * 3:58806 <-> ENABLED <-> SERVER-WEBAPP Apache Log4j logging remote code execution attempt (server-webapp.rules)
 * 3:58807 <-> ENABLED <-> SERVER-WEBAPP Apache Log4j logging remote code execution attempt (server-webapp.rules)
 * 3:58808 <-> ENABLED <-> SERVER-WEBAPP Apache Log4j logging remote code execution attempt (server-webapp.rules)
 * 3:58809 <-> ENABLED <-> SERVER-WEBAPP Apache Log4j logging remote code execution attempt (server-webapp.rules)
 * 3:58810 <-> ENABLED <-> SERVER-WEBAPP Apache Log4j logging remote code execution attempt (server-webapp.rules)

2022-01-06 22:07:17 UTC

Snort Subscriber Rules Update

Date: 2022-01-06

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091801.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:58850 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Rollcoast download attempt (malware-other.rules)
 * 1:58844 <-> DISABLED <-> SERVER-WEBAPP FUEL CMS col SQL injection attempt (server-webapp.rules)
 * 1:58851 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Rollcoast download attempt (malware-other.rules)
 * 1:58849 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway requestDomains hidDomains SQL injection attempt (server-webapp.rules)
 * 1:58841 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Java expression language injection attempt (server-webapp.rules)
 * 1:58852 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BazarLoader outbound connection (malware-cnc.rules)
 * 1:58845 <-> DISABLED <-> SERVER-WEBAPP FUEL CMS col SQL injection attempt (server-webapp.rules)
 * 1:58848 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway requestDomains hidDomains SQL injection attempt (server-webapp.rules)
 * 1:58846 <-> DISABLED <-> PROTOCOL-OTHER libcurl mqtt use after free attempt (protocol-other.rules)
 * 1:58853 <-> ENABLED <-> SERVER-OTHER RealTek UDPServer command injection attempt (server-other.rules)
 * 1:58847 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway requestDomains hidDomains SQL injection attempt (server-webapp.rules)
 * 1:58839 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center Index Java expression language injection attempt (server-webapp.rules)
 * 1:58838 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center Index Java expression language injection attempt (server-webapp.rules)
 * 1:58843 <-> DISABLED <-> SERVER-WEBAPP FUEL CMS col SQL injection attempt (server-webapp.rules)
 * 1:58840 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager AdHocQuery_Result XML external entity injection attempt (server-webapp.rules)
 * 1:58842 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Java expression language injection attempt (server-webapp.rules)
 * 3:58837 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1434 attack attempt (file-multimedia.rules)
 * 3:58836 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1434 attack attempt (file-multimedia.rules)

Modified Rules:


 * 1:58728 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58732 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58727 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58787 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58737 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58795 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58735 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58739 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58729 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58731 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58740 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58741 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58742 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58736 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58751 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58784 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58785 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58786 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58801 <-> DISABLED <-> INDICATOR-COMPROMISE JNDI LDAP searchResEntry dynamic code download attempt (indicator-compromise.rules)
 * 1:58788 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58789 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58811 <-> ENABLED <-> SERVER-OTHER VMWare vSphere log4shell exploit attempt (server-other.rules)
 * 1:58726 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58812 <-> ENABLED <-> SERVER-OTHER VMWare vSphere log4shell exploit attempt (server-other.rules)
 * 1:58813 <-> ENABLED <-> SERVER-OTHER VMWare vSphere log4shell exploit attempt (server-other.rules)
 * 1:58814 <-> DISABLED <-> POLICY-OTHER Java User-Agent remote class download attempt (policy-other.rules)
 * 1:58734 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58733 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58722 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58723 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58724 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58725 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58738 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58730 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58744 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58743 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58790 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 3:58802 <-> ENABLED <-> SERVER-WEBAPP Apache Log4j logging remote code execution attempt (server-webapp.rules)
 * 3:58803 <-> ENABLED <-> SERVER-WEBAPP Apache Log4j logging remote code execution attempt (server-webapp.rules)
 * 3:58804 <-> ENABLED <-> SERVER-WEBAPP Apache Log4j logging remote code execution attempt (server-webapp.rules)
 * 3:58805 <-> ENABLED <-> SERVER-WEBAPP Apache Log4j logging remote code execution attempt (server-webapp.rules)
 * 3:58806 <-> ENABLED <-> SERVER-WEBAPP Apache Log4j logging remote code execution attempt (server-webapp.rules)
 * 3:58807 <-> ENABLED <-> SERVER-WEBAPP Apache Log4j logging remote code execution attempt (server-webapp.rules)
 * 3:58808 <-> ENABLED <-> SERVER-WEBAPP Apache Log4j logging remote code execution attempt (server-webapp.rules)
 * 3:58809 <-> ENABLED <-> SERVER-WEBAPP Apache Log4j logging remote code execution attempt (server-webapp.rules)
 * 3:58810 <-> ENABLED <-> SERVER-WEBAPP Apache Log4j logging remote code execution attempt (server-webapp.rules)

2022-01-06 22:07:17 UTC

Snort Subscriber Rules Update

Date: 2022-01-06

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091701.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:58842 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Java expression language injection attempt (server-webapp.rules)
 * 1:58845 <-> DISABLED <-> SERVER-WEBAPP FUEL CMS col SQL injection attempt (server-webapp.rules)
 * 1:58838 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center Index Java expression language injection attempt (server-webapp.rules)
 * 1:58851 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Rollcoast download attempt (malware-other.rules)
 * 1:58839 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center Index Java expression language injection attempt (server-webapp.rules)
 * 1:58850 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Rollcoast download attempt (malware-other.rules)
 * 1:58843 <-> DISABLED <-> SERVER-WEBAPP FUEL CMS col SQL injection attempt (server-webapp.rules)
 * 1:58849 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway requestDomains hidDomains SQL injection attempt (server-webapp.rules)
 * 1:58848 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway requestDomains hidDomains SQL injection attempt (server-webapp.rules)
 * 1:58847 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway requestDomains hidDomains SQL injection attempt (server-webapp.rules)
 * 1:58846 <-> DISABLED <-> PROTOCOL-OTHER libcurl mqtt use after free attempt (protocol-other.rules)
 * 1:58852 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BazarLoader outbound connection (malware-cnc.rules)
 * 1:58853 <-> ENABLED <-> SERVER-OTHER RealTek UDPServer command injection attempt (server-other.rules)
 * 1:58840 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager AdHocQuery_Result XML external entity injection attempt (server-webapp.rules)
 * 1:58841 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Java expression language injection attempt (server-webapp.rules)
 * 1:58844 <-> DISABLED <-> SERVER-WEBAPP FUEL CMS col SQL injection attempt (server-webapp.rules)
 * 3:58837 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1434 attack attempt (file-multimedia.rules)
 * 3:58836 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1434 attack attempt (file-multimedia.rules)

Modified Rules:


 * 1:58727 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58743 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58738 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58732 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58728 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58789 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58744 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58812 <-> ENABLED <-> SERVER-OTHER VMWare vSphere log4shell exploit attempt (server-other.rules)
 * 1:58813 <-> ENABLED <-> SERVER-OTHER VMWare vSphere log4shell exploit attempt (server-other.rules)
 * 1:58814 <-> DISABLED <-> POLICY-OTHER Java User-Agent remote class download attempt (policy-other.rules)
 * 1:58726 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58790 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58736 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58733 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58788 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58787 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58739 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58730 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58737 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58784 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58751 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58740 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58741 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58795 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58811 <-> ENABLED <-> SERVER-OTHER VMWare vSphere log4shell exploit attempt (server-other.rules)
 * 1:58801 <-> DISABLED <-> INDICATOR-COMPROMISE JNDI LDAP searchResEntry dynamic code download attempt (indicator-compromise.rules)
 * 1:58735 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58722 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58723 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58729 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58742 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58724 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58785 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58725 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58786 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58734 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58731 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 3:58802 <-> ENABLED <-> SERVER-WEBAPP Apache Log4j logging remote code execution attempt (server-webapp.rules)
 * 3:58803 <-> ENABLED <-> SERVER-WEBAPP Apache Log4j logging remote code execution attempt (server-webapp.rules)
 * 3:58804 <-> ENABLED <-> SERVER-WEBAPP Apache Log4j logging remote code execution attempt (server-webapp.rules)
 * 3:58805 <-> ENABLED <-> SERVER-WEBAPP Apache Log4j logging remote code execution attempt (server-webapp.rules)
 * 3:58806 <-> ENABLED <-> SERVER-WEBAPP Apache Log4j logging remote code execution attempt (server-webapp.rules)
 * 3:58807 <-> ENABLED <-> SERVER-WEBAPP Apache Log4j logging remote code execution attempt (server-webapp.rules)
 * 3:58808 <-> ENABLED <-> SERVER-WEBAPP Apache Log4j logging remote code execution attempt (server-webapp.rules)
 * 3:58809 <-> ENABLED <-> SERVER-WEBAPP Apache Log4j logging remote code execution attempt (server-webapp.rules)
 * 3:58810 <-> ENABLED <-> SERVER-WEBAPP Apache Log4j logging remote code execution attempt (server-webapp.rules)

2022-01-06 22:07:17 UTC

Snort Subscriber Rules Update

Date: 2022-01-06

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091700.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:58844 <-> DISABLED <-> SERVER-WEBAPP FUEL CMS col SQL injection attempt (server-webapp.rules)
 * 1:58849 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway requestDomains hidDomains SQL injection attempt (server-webapp.rules)
 * 1:58842 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Java expression language injection attempt (server-webapp.rules)
 * 1:58853 <-> ENABLED <-> SERVER-OTHER RealTek UDPServer command injection attempt (server-other.rules)
 * 1:58850 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Rollcoast download attempt (malware-other.rules)
 * 1:58847 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway requestDomains hidDomains SQL injection attempt (server-webapp.rules)
 * 1:58840 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager AdHocQuery_Result XML external entity injection attempt (server-webapp.rules)
 * 1:58852 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BazarLoader outbound connection (malware-cnc.rules)
 * 1:58846 <-> DISABLED <-> PROTOCOL-OTHER libcurl mqtt use after free attempt (protocol-other.rules)
 * 1:58839 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center Index Java expression language injection attempt (server-webapp.rules)
 * 1:58838 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center Index Java expression language injection attempt (server-webapp.rules)
 * 1:58841 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Java expression language injection attempt (server-webapp.rules)
 * 1:58843 <-> DISABLED <-> SERVER-WEBAPP FUEL CMS col SQL injection attempt (server-webapp.rules)
 * 1:58848 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway requestDomains hidDomains SQL injection attempt (server-webapp.rules)
 * 1:58851 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Rollcoast download attempt (malware-other.rules)
 * 1:58845 <-> DISABLED <-> SERVER-WEBAPP FUEL CMS col SQL injection attempt (server-webapp.rules)
 * 3:58837 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1434 attack attempt (file-multimedia.rules)
 * 3:58836 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1434 attack attempt (file-multimedia.rules)

Modified Rules:


 * 1:58737 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58812 <-> ENABLED <-> SERVER-OTHER VMWare vSphere log4shell exploit attempt (server-other.rules)
 * 1:58727 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58739 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58732 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58728 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58813 <-> ENABLED <-> SERVER-OTHER VMWare vSphere log4shell exploit attempt (server-other.rules)
 * 1:58733 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58726 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58734 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58735 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58743 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58744 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58811 <-> ENABLED <-> SERVER-OTHER VMWare vSphere log4shell exploit attempt (server-other.rules)
 * 1:58790 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58795 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58801 <-> DISABLED <-> INDICATOR-COMPROMISE JNDI LDAP searchResEntry dynamic code download attempt (indicator-compromise.rules)
 * 1:58738 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58814 <-> DISABLED <-> POLICY-OTHER Java User-Agent remote class download attempt (policy-other.rules)
 * 1:58740 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58741 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58742 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58736 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58722 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58723 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58724 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58731 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58725 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58751 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58784 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58729 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58785 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58786 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58787 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58788 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58789 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58730 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 3:58802 <-> ENABLED <-> SERVER-WEBAPP Apache Log4j logging remote code execution attempt (server-webapp.rules)
 * 3:58803 <-> ENABLED <-> SERVER-WEBAPP Apache Log4j logging remote code execution attempt (server-webapp.rules)
 * 3:58804 <-> ENABLED <-> SERVER-WEBAPP Apache Log4j logging remote code execution attempt (server-webapp.rules)
 * 3:58805 <-> ENABLED <-> SERVER-WEBAPP Apache Log4j logging remote code execution attempt (server-webapp.rules)
 * 3:58806 <-> ENABLED <-> SERVER-WEBAPP Apache Log4j logging remote code execution attempt (server-webapp.rules)
 * 3:58807 <-> ENABLED <-> SERVER-WEBAPP Apache Log4j logging remote code execution attempt (server-webapp.rules)
 * 3:58808 <-> ENABLED <-> SERVER-WEBAPP Apache Log4j logging remote code execution attempt (server-webapp.rules)
 * 3:58809 <-> ENABLED <-> SERVER-WEBAPP Apache Log4j logging remote code execution attempt (server-webapp.rules)
 * 3:58810 <-> ENABLED <-> SERVER-WEBAPP Apache Log4j logging remote code execution attempt (server-webapp.rules)

2022-01-06 22:07:17 UTC

Snort Subscriber Rules Update

Date: 2022-01-06

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091601.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:58845 <-> DISABLED <-> SERVER-WEBAPP FUEL CMS col SQL injection attempt (server-webapp.rules)
 * 1:58842 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Java expression language injection attempt (server-webapp.rules)
 * 1:58853 <-> ENABLED <-> SERVER-OTHER RealTek UDPServer command injection attempt (server-other.rules)
 * 1:58846 <-> DISABLED <-> PROTOCOL-OTHER libcurl mqtt use after free attempt (protocol-other.rules)
 * 1:58852 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BazarLoader outbound connection (malware-cnc.rules)
 * 1:58851 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Rollcoast download attempt (malware-other.rules)
 * 1:58850 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Rollcoast download attempt (malware-other.rules)
 * 1:58849 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway requestDomains hidDomains SQL injection attempt (server-webapp.rules)
 * 1:58839 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center Index Java expression language injection attempt (server-webapp.rules)
 * 1:58843 <-> DISABLED <-> SERVER-WEBAPP FUEL CMS col SQL injection attempt (server-webapp.rules)
 * 1:58840 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager AdHocQuery_Result XML external entity injection attempt (server-webapp.rules)
 * 1:58844 <-> DISABLED <-> SERVER-WEBAPP FUEL CMS col SQL injection attempt (server-webapp.rules)
 * 1:58848 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway requestDomains hidDomains SQL injection attempt (server-webapp.rules)
 * 1:58838 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center Index Java expression language injection attempt (server-webapp.rules)
 * 1:58841 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Java expression language injection attempt (server-webapp.rules)
 * 1:58847 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway requestDomains hidDomains SQL injection attempt (server-webapp.rules)
 * 3:58836 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1434 attack attempt (file-multimedia.rules)
 * 3:58837 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1434 attack attempt (file-multimedia.rules)

Modified Rules:


 * 1:58727 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58728 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58731 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58735 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58736 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58801 <-> DISABLED <-> INDICATOR-COMPROMISE JNDI LDAP searchResEntry dynamic code download attempt (indicator-compromise.rules)
 * 1:58737 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58813 <-> ENABLED <-> SERVER-OTHER VMWare vSphere log4shell exploit attempt (server-other.rules)
 * 1:58741 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58814 <-> DISABLED <-> POLICY-OTHER Java User-Agent remote class download attempt (policy-other.rules)
 * 1:58738 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58812 <-> ENABLED <-> SERVER-OTHER VMWare vSphere log4shell exploit attempt (server-other.rules)
 * 1:58739 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58787 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58785 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58730 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58740 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58733 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58732 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58734 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58811 <-> ENABLED <-> SERVER-OTHER VMWare vSphere log4shell exploit attempt (server-other.rules)
 * 1:58729 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58751 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58795 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58726 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58743 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58744 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58742 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58786 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58784 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58722 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58788 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58723 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58724 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58725 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58790 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58789 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 3:58802 <-> ENABLED <-> SERVER-WEBAPP Apache Log4j logging remote code execution attempt (server-webapp.rules)
 * 3:58803 <-> ENABLED <-> SERVER-WEBAPP Apache Log4j logging remote code execution attempt (server-webapp.rules)
 * 3:58804 <-> ENABLED <-> SERVER-WEBAPP Apache Log4j logging remote code execution attempt (server-webapp.rules)
 * 3:58805 <-> ENABLED <-> SERVER-WEBAPP Apache Log4j logging remote code execution attempt (server-webapp.rules)
 * 3:58806 <-> ENABLED <-> SERVER-WEBAPP Apache Log4j logging remote code execution attempt (server-webapp.rules)
 * 3:58807 <-> ENABLED <-> SERVER-WEBAPP Apache Log4j logging remote code execution attempt (server-webapp.rules)
 * 3:58808 <-> ENABLED <-> SERVER-WEBAPP Apache Log4j logging remote code execution attempt (server-webapp.rules)
 * 3:58809 <-> ENABLED <-> SERVER-WEBAPP Apache Log4j logging remote code execution attempt (server-webapp.rules)
 * 3:58810 <-> ENABLED <-> SERVER-WEBAPP Apache Log4j logging remote code execution attempt (server-webapp.rules)

2022-01-06 22:07:17 UTC

Snort Subscriber Rules Update

Date: 2022-01-06

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091600.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:58843 <-> DISABLED <-> SERVER-WEBAPP FUEL CMS col SQL injection attempt (server-webapp.rules)
 * 1:58841 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Java expression language injection attempt (server-webapp.rules)
 * 1:58849 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway requestDomains hidDomains SQL injection attempt (server-webapp.rules)
 * 1:58852 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BazarLoader outbound connection (malware-cnc.rules)
 * 1:58850 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Rollcoast download attempt (malware-other.rules)
 * 1:58848 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway requestDomains hidDomains SQL injection attempt (server-webapp.rules)
 * 1:58838 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center Index Java expression language injection attempt (server-webapp.rules)
 * 1:58845 <-> DISABLED <-> SERVER-WEBAPP FUEL CMS col SQL injection attempt (server-webapp.rules)
 * 1:58840 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager AdHocQuery_Result XML external entity injection attempt (server-webapp.rules)
 * 1:58851 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Rollcoast download attempt (malware-other.rules)
 * 1:58853 <-> ENABLED <-> SERVER-OTHER RealTek UDPServer command injection attempt (server-other.rules)
 * 1:58844 <-> DISABLED <-> SERVER-WEBAPP FUEL CMS col SQL injection attempt (server-webapp.rules)
 * 1:58846 <-> DISABLED <-> PROTOCOL-OTHER libcurl mqtt use after free attempt (protocol-other.rules)
 * 1:58847 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway requestDomains hidDomains SQL injection attempt (server-webapp.rules)
 * 1:58839 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center Index Java expression language injection attempt (server-webapp.rules)
 * 1:58842 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Java expression language injection attempt (server-webapp.rules)
 * 3:58836 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1434 attack attempt (file-multimedia.rules)
 * 3:58837 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1434 attack attempt (file-multimedia.rules)

Modified Rules:


 * 1:58790 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58727 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58733 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58784 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58812 <-> ENABLED <-> SERVER-OTHER VMWare vSphere log4shell exploit attempt (server-other.rules)
 * 1:58788 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58728 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58786 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58801 <-> DISABLED <-> INDICATOR-COMPROMISE JNDI LDAP searchResEntry dynamic code download attempt (indicator-compromise.rules)
 * 1:58738 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58734 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58735 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58811 <-> ENABLED <-> SERVER-OTHER VMWare vSphere log4shell exploit attempt (server-other.rules)
 * 1:58789 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58737 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58736 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58731 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58813 <-> ENABLED <-> SERVER-OTHER VMWare vSphere log4shell exploit attempt (server-other.rules)
 * 1:58743 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58742 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58730 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58787 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58722 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58723 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58732 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58740 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58739 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58724 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58726 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58741 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58725 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58751 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58814 <-> DISABLED <-> POLICY-OTHER Java User-Agent remote class download attempt (policy-other.rules)
 * 1:58744 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58729 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58785 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58795 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 3:58802 <-> ENABLED <-> SERVER-WEBAPP Apache Log4j logging remote code execution attempt (server-webapp.rules)
 * 3:58803 <-> ENABLED <-> SERVER-WEBAPP Apache Log4j logging remote code execution attempt (server-webapp.rules)
 * 3:58804 <-> ENABLED <-> SERVER-WEBAPP Apache Log4j logging remote code execution attempt (server-webapp.rules)
 * 3:58805 <-> ENABLED <-> SERVER-WEBAPP Apache Log4j logging remote code execution attempt (server-webapp.rules)
 * 3:58806 <-> ENABLED <-> SERVER-WEBAPP Apache Log4j logging remote code execution attempt (server-webapp.rules)
 * 3:58807 <-> ENABLED <-> SERVER-WEBAPP Apache Log4j logging remote code execution attempt (server-webapp.rules)
 * 3:58808 <-> ENABLED <-> SERVER-WEBAPP Apache Log4j logging remote code execution attempt (server-webapp.rules)
 * 3:58809 <-> ENABLED <-> SERVER-WEBAPP Apache Log4j logging remote code execution attempt (server-webapp.rules)
 * 3:58810 <-> ENABLED <-> SERVER-WEBAPP Apache Log4j logging remote code execution attempt (server-webapp.rules)

2022-01-06 22:07:17 UTC

Snort Subscriber Rules Update

Date: 2022-01-06

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091501.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:58840 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager AdHocQuery_Result XML external entity injection attempt (server-webapp.rules)
 * 1:58853 <-> ENABLED <-> SERVER-OTHER RealTek UDPServer command injection attempt (server-other.rules)
 * 1:58850 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Rollcoast download attempt (malware-other.rules)
 * 1:58846 <-> DISABLED <-> PROTOCOL-OTHER libcurl mqtt use after free attempt (protocol-other.rules)
 * 1:58851 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Rollcoast download attempt (malware-other.rules)
 * 1:58838 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center Index Java expression language injection attempt (server-webapp.rules)
 * 1:58849 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway requestDomains hidDomains SQL injection attempt (server-webapp.rules)
 * 1:58843 <-> DISABLED <-> SERVER-WEBAPP FUEL CMS col SQL injection attempt (server-webapp.rules)
 * 1:58842 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Java expression language injection attempt (server-webapp.rules)
 * 1:58845 <-> DISABLED <-> SERVER-WEBAPP FUEL CMS col SQL injection attempt (server-webapp.rules)
 * 1:58839 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center Index Java expression language injection attempt (server-webapp.rules)
 * 1:58844 <-> DISABLED <-> SERVER-WEBAPP FUEL CMS col SQL injection attempt (server-webapp.rules)
 * 1:58848 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway requestDomains hidDomains SQL injection attempt (server-webapp.rules)
 * 1:58841 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Java expression language injection attempt (server-webapp.rules)
 * 1:58852 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BazarLoader outbound connection (malware-cnc.rules)
 * 1:58847 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway requestDomains hidDomains SQL injection attempt (server-webapp.rules)
 * 3:58836 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1434 attack attempt (file-multimedia.rules)
 * 3:58837 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1434 attack attempt (file-multimedia.rules)

Modified Rules:


 * 1:58788 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58795 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58743 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58736 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58728 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58751 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58801 <-> DISABLED <-> INDICATOR-COMPROMISE JNDI LDAP searchResEntry dynamic code download attempt (indicator-compromise.rules)
 * 1:58741 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58813 <-> ENABLED <-> SERVER-OTHER VMWare vSphere log4shell exploit attempt (server-other.rules)
 * 1:58790 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58733 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58735 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58812 <-> ENABLED <-> SERVER-OTHER VMWare vSphere log4shell exploit attempt (server-other.rules)
 * 1:58739 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58740 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58814 <-> DISABLED <-> POLICY-OTHER Java User-Agent remote class download attempt (policy-other.rules)
 * 1:58742 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58734 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58732 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58727 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58789 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58722 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58737 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58787 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58784 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58729 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58785 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58738 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58731 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58723 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58726 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58811 <-> ENABLED <-> SERVER-OTHER VMWare vSphere log4shell exploit attempt (server-other.rules)
 * 1:58724 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58725 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58744 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58786 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58730 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 3:58802 <-> ENABLED <-> SERVER-WEBAPP Apache Log4j logging remote code execution attempt (server-webapp.rules)
 * 3:58803 <-> ENABLED <-> SERVER-WEBAPP Apache Log4j logging remote code execution attempt (server-webapp.rules)
 * 3:58804 <-> ENABLED <-> SERVER-WEBAPP Apache Log4j logging remote code execution attempt (server-webapp.rules)
 * 3:58805 <-> ENABLED <-> SERVER-WEBAPP Apache Log4j logging remote code execution attempt (server-webapp.rules)
 * 3:58806 <-> ENABLED <-> SERVER-WEBAPP Apache Log4j logging remote code execution attempt (server-webapp.rules)
 * 3:58807 <-> ENABLED <-> SERVER-WEBAPP Apache Log4j logging remote code execution attempt (server-webapp.rules)
 * 3:58808 <-> ENABLED <-> SERVER-WEBAPP Apache Log4j logging remote code execution attempt (server-webapp.rules)
 * 3:58809 <-> ENABLED <-> SERVER-WEBAPP Apache Log4j logging remote code execution attempt (server-webapp.rules)
 * 3:58810 <-> ENABLED <-> SERVER-WEBAPP Apache Log4j logging remote code execution attempt (server-webapp.rules)

2022-01-06 22:07:17 UTC

Snort Subscriber Rules Update

Date: 2022-01-06

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091401.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:58846 <-> DISABLED <-> PROTOCOL-OTHER libcurl mqtt use after free attempt (protocol-other.rules)
 * 1:58851 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Rollcoast download attempt (malware-other.rules)
 * 1:58838 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center Index Java expression language injection attempt (server-webapp.rules)
 * 1:58839 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center Index Java expression language injection attempt (server-webapp.rules)
 * 1:58848 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway requestDomains hidDomains SQL injection attempt (server-webapp.rules)
 * 1:58849 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway requestDomains hidDomains SQL injection attempt (server-webapp.rules)
 * 1:58847 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway requestDomains hidDomains SQL injection attempt (server-webapp.rules)
 * 1:58841 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Java expression language injection attempt (server-webapp.rules)
 * 1:58852 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BazarLoader outbound connection (malware-cnc.rules)
 * 1:58840 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager AdHocQuery_Result XML external entity injection attempt (server-webapp.rules)
 * 1:58844 <-> DISABLED <-> SERVER-WEBAPP FUEL CMS col SQL injection attempt (server-webapp.rules)
 * 1:58845 <-> DISABLED <-> SERVER-WEBAPP FUEL CMS col SQL injection attempt (server-webapp.rules)
 * 1:58842 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Java expression language injection attempt (server-webapp.rules)
 * 1:58850 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Rollcoast download attempt (malware-other.rules)
 * 1:58843 <-> DISABLED <-> SERVER-WEBAPP FUEL CMS col SQL injection attempt (server-webapp.rules)
 * 1:58853 <-> ENABLED <-> SERVER-OTHER RealTek UDPServer command injection attempt (server-other.rules)
 * 3:58836 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1434 attack attempt (file-multimedia.rules)
 * 3:58837 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1434 attack attempt (file-multimedia.rules)

Modified Rules:


 * 1:58732 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58811 <-> ENABLED <-> SERVER-OTHER VMWare vSphere log4shell exploit attempt (server-other.rules)
 * 1:58727 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58785 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58789 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58787 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58813 <-> ENABLED <-> SERVER-OTHER VMWare vSphere log4shell exploit attempt (server-other.rules)
 * 1:58744 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58739 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58812 <-> ENABLED <-> SERVER-OTHER VMWare vSphere log4shell exploit attempt (server-other.rules)
 * 1:58814 <-> DISABLED <-> POLICY-OTHER Java User-Agent remote class download attempt (policy-other.rules)
 * 1:58731 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58740 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58730 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58784 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58733 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58722 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58723 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58751 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58734 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58742 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58726 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58735 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58728 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58736 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58724 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58737 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58729 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58788 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58790 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58795 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58801 <-> DISABLED <-> INDICATOR-COMPROMISE JNDI LDAP searchResEntry dynamic code download attempt (indicator-compromise.rules)
 * 1:58738 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58743 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58741 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58725 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58786 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 3:58802 <-> ENABLED <-> SERVER-WEBAPP Apache Log4j logging remote code execution attempt (server-webapp.rules)
 * 3:58803 <-> ENABLED <-> SERVER-WEBAPP Apache Log4j logging remote code execution attempt (server-webapp.rules)
 * 3:58804 <-> ENABLED <-> SERVER-WEBAPP Apache Log4j logging remote code execution attempt (server-webapp.rules)
 * 3:58805 <-> ENABLED <-> SERVER-WEBAPP Apache Log4j logging remote code execution attempt (server-webapp.rules)
 * 3:58806 <-> ENABLED <-> SERVER-WEBAPP Apache Log4j logging remote code execution attempt (server-webapp.rules)
 * 3:58807 <-> ENABLED <-> SERVER-WEBAPP Apache Log4j logging remote code execution attempt (server-webapp.rules)
 * 3:58808 <-> ENABLED <-> SERVER-WEBAPP Apache Log4j logging remote code execution attempt (server-webapp.rules)
 * 3:58809 <-> ENABLED <-> SERVER-WEBAPP Apache Log4j logging remote code execution attempt (server-webapp.rules)
 * 3:58810 <-> ENABLED <-> SERVER-WEBAPP Apache Log4j logging remote code execution attempt (server-webapp.rules)

2022-01-06 22:07:17 UTC

Snort Subscriber Rules Update

Date: 2022-01-06

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091300.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:58838 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center Index Java expression language injection attempt (server-webapp.rules)
 * 1:58839 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center Index Java expression language injection attempt (server-webapp.rules)
 * 1:58847 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway requestDomains hidDomains SQL injection attempt (server-webapp.rules)
 * 1:58852 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BazarLoader outbound connection (malware-cnc.rules)
 * 1:58853 <-> ENABLED <-> SERVER-OTHER RealTek UDPServer command injection attempt (server-other.rules)
 * 1:58850 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Rollcoast download attempt (malware-other.rules)
 * 1:58846 <-> DISABLED <-> PROTOCOL-OTHER libcurl mqtt use after free attempt (protocol-other.rules)
 * 1:58849 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway requestDomains hidDomains SQL injection attempt (server-webapp.rules)
 * 1:58851 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Rollcoast download attempt (malware-other.rules)
 * 1:58841 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Java expression language injection attempt (server-webapp.rules)
 * 1:58845 <-> DISABLED <-> SERVER-WEBAPP FUEL CMS col SQL injection attempt (server-webapp.rules)
 * 1:58844 <-> DISABLED <-> SERVER-WEBAPP FUEL CMS col SQL injection attempt (server-webapp.rules)
 * 1:58840 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager AdHocQuery_Result XML external entity injection attempt (server-webapp.rules)
 * 1:58843 <-> DISABLED <-> SERVER-WEBAPP FUEL CMS col SQL injection attempt (server-webapp.rules)
 * 1:58842 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Java expression language injection attempt (server-webapp.rules)
 * 1:58848 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway requestDomains hidDomains SQL injection attempt (server-webapp.rules)
 * 3:58837 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1434 attack attempt (file-multimedia.rules)
 * 3:58836 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1434 attack attempt (file-multimedia.rules)

Modified Rules:


 * 1:58813 <-> ENABLED <-> SERVER-OTHER VMWare vSphere log4shell exploit attempt (server-other.rules)
 * 1:58728 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58789 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58788 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58727 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58742 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58732 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58738 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58812 <-> ENABLED <-> SERVER-OTHER VMWare vSphere log4shell exploit attempt (server-other.rules)
 * 1:58734 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58790 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58735 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58801 <-> DISABLED <-> INDICATOR-COMPROMISE JNDI LDAP searchResEntry dynamic code download attempt (indicator-compromise.rules)
 * 1:58736 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58751 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58785 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58786 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58784 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58739 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58730 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58787 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58726 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58740 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58795 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58741 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58811 <-> ENABLED <-> SERVER-OTHER VMWare vSphere log4shell exploit attempt (server-other.rules)
 * 1:58814 <-> DISABLED <-> POLICY-OTHER Java User-Agent remote class download attempt (policy-other.rules)
 * 1:58737 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58743 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58722 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58723 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58744 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58731 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58724 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58733 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58725 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58729 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 3:58802 <-> ENABLED <-> SERVER-WEBAPP Apache Log4j logging remote code execution attempt (server-webapp.rules)
 * 3:58803 <-> ENABLED <-> SERVER-WEBAPP Apache Log4j logging remote code execution attempt (server-webapp.rules)
 * 3:58804 <-> ENABLED <-> SERVER-WEBAPP Apache Log4j logging remote code execution attempt (server-webapp.rules)
 * 3:58805 <-> ENABLED <-> SERVER-WEBAPP Apache Log4j logging remote code execution attempt (server-webapp.rules)
 * 3:58806 <-> ENABLED <-> SERVER-WEBAPP Apache Log4j logging remote code execution attempt (server-webapp.rules)
 * 3:58807 <-> ENABLED <-> SERVER-WEBAPP Apache Log4j logging remote code execution attempt (server-webapp.rules)
 * 3:58808 <-> ENABLED <-> SERVER-WEBAPP Apache Log4j logging remote code execution attempt (server-webapp.rules)
 * 3:58809 <-> ENABLED <-> SERVER-WEBAPP Apache Log4j logging remote code execution attempt (server-webapp.rules)
 * 3:58810 <-> ENABLED <-> SERVER-WEBAPP Apache Log4j logging remote code execution attempt (server-webapp.rules)

2022-01-06 22:07:17 UTC

Snort Subscriber Rules Update

Date: 2022-01-06

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091101.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:58851 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Rollcoast download attempt (malware-other.rules)
 * 1:58844 <-> DISABLED <-> SERVER-WEBAPP FUEL CMS col SQL injection attempt (server-webapp.rules)
 * 1:58846 <-> DISABLED <-> PROTOCOL-OTHER libcurl mqtt use after free attempt (protocol-other.rules)
 * 1:58848 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway requestDomains hidDomains SQL injection attempt (server-webapp.rules)
 * 1:58840 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager AdHocQuery_Result XML external entity injection attempt (server-webapp.rules)
 * 1:58841 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Java expression language injection attempt (server-webapp.rules)
 * 1:58853 <-> ENABLED <-> SERVER-OTHER RealTek UDPServer command injection attempt (server-other.rules)
 * 1:58849 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway requestDomains hidDomains SQL injection attempt (server-webapp.rules)
 * 1:58847 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway requestDomains hidDomains SQL injection attempt (server-webapp.rules)
 * 1:58838 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center Index Java expression language injection attempt (server-webapp.rules)
 * 1:58852 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BazarLoader outbound connection (malware-cnc.rules)
 * 1:58839 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center Index Java expression language injection attempt (server-webapp.rules)
 * 1:58842 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Java expression language injection attempt (server-webapp.rules)
 * 1:58845 <-> DISABLED <-> SERVER-WEBAPP FUEL CMS col SQL injection attempt (server-webapp.rules)
 * 1:58843 <-> DISABLED <-> SERVER-WEBAPP FUEL CMS col SQL injection attempt (server-webapp.rules)
 * 1:58850 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Rollcoast download attempt (malware-other.rules)
 * 3:58836 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1434 attack attempt (file-multimedia.rules)
 * 3:58837 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1434 attack attempt (file-multimedia.rules)

Modified Rules:


 * 1:58812 <-> ENABLED <-> SERVER-OTHER VMWare vSphere log4shell exploit attempt (server-other.rules)
 * 1:58737 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58732 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58795 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58728 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58727 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58733 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58734 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58726 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58735 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58813 <-> ENABLED <-> SERVER-OTHER VMWare vSphere log4shell exploit attempt (server-other.rules)
 * 1:58814 <-> DISABLED <-> POLICY-OTHER Java User-Agent remote class download attempt (policy-other.rules)
 * 1:58744 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58730 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58743 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58729 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58739 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58731 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58740 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58741 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58742 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58790 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58722 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58736 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58751 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58801 <-> DISABLED <-> INDICATOR-COMPROMISE JNDI LDAP searchResEntry dynamic code download attempt (indicator-compromise.rules)
 * 1:58723 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58724 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58725 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58784 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58811 <-> ENABLED <-> SERVER-OTHER VMWare vSphere log4shell exploit attempt (server-other.rules)
 * 1:58785 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58786 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58787 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58738 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58788 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58789 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 3:58802 <-> ENABLED <-> SERVER-WEBAPP Apache Log4j logging remote code execution attempt (server-webapp.rules)
 * 3:58803 <-> ENABLED <-> SERVER-WEBAPP Apache Log4j logging remote code execution attempt (server-webapp.rules)
 * 3:58804 <-> ENABLED <-> SERVER-WEBAPP Apache Log4j logging remote code execution attempt (server-webapp.rules)
 * 3:58805 <-> ENABLED <-> SERVER-WEBAPP Apache Log4j logging remote code execution attempt (server-webapp.rules)
 * 3:58806 <-> ENABLED <-> SERVER-WEBAPP Apache Log4j logging remote code execution attempt (server-webapp.rules)
 * 3:58807 <-> ENABLED <-> SERVER-WEBAPP Apache Log4j logging remote code execution attempt (server-webapp.rules)
 * 3:58808 <-> ENABLED <-> SERVER-WEBAPP Apache Log4j logging remote code execution attempt (server-webapp.rules)
 * 3:58809 <-> ENABLED <-> SERVER-WEBAPP Apache Log4j logging remote code execution attempt (server-webapp.rules)
 * 3:58810 <-> ENABLED <-> SERVER-WEBAPP Apache Log4j logging remote code execution attempt (server-webapp.rules)

2022-01-06 22:07:17 UTC

Snort Subscriber Rules Update

Date: 2022-01-06

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3000.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:58841 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Java expression language injection attempt (snort3-server-webapp.rules)
 * 1:58853 <-> ENABLED <-> SERVER-OTHER RealTek UDPServer command injection attempt (snort3-server-other.rules)
 * 1:58839 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center Index Java expression language injection attempt (snort3-server-webapp.rules)
 * 1:58847 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway requestDomains hidDomains SQL injection attempt (snort3-server-webapp.rules)
 * 1:58843 <-> DISABLED <-> SERVER-WEBAPP FUEL CMS col SQL injection attempt (snort3-server-webapp.rules)
 * 1:58850 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Rollcoast download attempt (snort3-malware-other.rules)
 * 1:58844 <-> DISABLED <-> SERVER-WEBAPP FUEL CMS col SQL injection attempt (snort3-server-webapp.rules)
 * 1:58845 <-> DISABLED <-> SERVER-WEBAPP FUEL CMS col SQL injection attempt (snort3-server-webapp.rules)
 * 1:58840 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager AdHocQuery_Result XML external entity injection attempt (snort3-server-webapp.rules)
 * 1:58848 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway requestDomains hidDomains SQL injection attempt (snort3-server-webapp.rules)
 * 1:58851 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Rollcoast download attempt (snort3-malware-other.rules)
 * 1:58838 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center Index Java expression language injection attempt (snort3-server-webapp.rules)
 * 1:58852 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BazarLoader outbound connection (snort3-malware-cnc.rules)
 * 1:58842 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Java expression language injection attempt (snort3-server-webapp.rules)
 * 1:58846 <-> DISABLED <-> PROTOCOL-OTHER libcurl mqtt use after free attempt (snort3-protocol-other.rules)
 * 1:58849 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway requestDomains hidDomains SQL injection attempt (snort3-server-webapp.rules)

Modified Rules:


 * 1:58722 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (snort3-server-other.rules)
 * 1:58723 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (snort3-server-other.rules)
 * 1:58734 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (snort3-server-other.rules)
 * 1:58726 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (snort3-server-other.rules)
 * 1:58728 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (snort3-server-other.rules)
 * 1:58813 <-> ENABLED <-> SERVER-OTHER VMWare vSphere log4shell exploit attempt (snort3-server-other.rules)
 * 1:58731 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (snort3-server-other.rules)
 * 1:58725 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (snort3-server-other.rules)
 * 1:58784 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (snort3-server-other.rules)
 * 1:58790 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (snort3-server-other.rules)
 * 1:58732 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (snort3-server-other.rules)
 * 1:58735 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (snort3-server-other.rules)
 * 1:58742 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (snort3-server-other.rules)
 * 1:58814 <-> DISABLED <-> POLICY-OTHER Java User-Agent remote class download attempt (snort3-policy-other.rules)
 * 1:58811 <-> ENABLED <-> SERVER-OTHER VMWare vSphere log4shell exploit attempt (snort3-server-other.rules)
 * 1:58733 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (snort3-server-other.rules)
 * 1:58736 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (snort3-server-other.rules)
 * 1:58789 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (snort3-server-other.rules)
 * 1:58730 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (snort3-server-other.rules)
 * 1:58739 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (snort3-server-other.rules)
 * 1:58729 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (snort3-server-other.rules)
 * 1:58727 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (snort3-server-other.rules)
 * 1:58737 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (snort3-server-other.rules)
 * 1:58812 <-> ENABLED <-> SERVER-OTHER VMWare vSphere log4shell exploit attempt (snort3-server-other.rules)
 * 1:58795 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (snort3-server-other.rules)
 * 1:58788 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (snort3-server-other.rules)
 * 1:58743 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (snort3-server-other.rules)
 * 1:58740 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (snort3-server-other.rules)
 * 1:58741 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (snort3-server-other.rules)
 * 1:300055 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (snort3-native.rules)
 * 1:300056 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (snort3-native.rules)
 * 1:300057 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (snort3-native.rules)
 * 1:58801 <-> DISABLED <-> INDICATOR-COMPROMISE JNDI LDAP searchResEntry dynamic code download attempt (snort3-indicator-compromise.rules)
 * 1:58744 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (snort3-server-other.rules)
 * 1:58785 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (snort3-server-other.rules)
 * 1:58786 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (snort3-server-other.rules)
 * 1:58787 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (snort3-server-other.rules)
 * 1:58724 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (snort3-server-other.rules)
 * 1:58738 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (snort3-server-other.rules)
 * 1:58751 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (snort3-server-other.rules)
 * 1:300058 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (snort3-native.rules)

2022-01-06 22:07:17 UTC

Snort Subscriber Rules Update

Date: 2022-01-06

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:58851 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Rollcoast download attempt (malware-other.rules)
 * 1:58845 <-> DISABLED <-> SERVER-WEBAPP FUEL CMS col SQL injection attempt (server-webapp.rules)
 * 1:58850 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Rollcoast download attempt (malware-other.rules)
 * 1:58852 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BazarLoader outbound connection (malware-cnc.rules)
 * 1:58853 <-> ENABLED <-> SERVER-OTHER RealTek UDPServer command injection attempt (server-other.rules)
 * 1:58842 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Java expression language injection attempt (server-webapp.rules)
 * 1:58844 <-> DISABLED <-> SERVER-WEBAPP FUEL CMS col SQL injection attempt (server-webapp.rules)
 * 1:58846 <-> DISABLED <-> PROTOCOL-OTHER libcurl mqtt use after free attempt (protocol-other.rules)
 * 1:58848 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway requestDomains hidDomains SQL injection attempt (server-webapp.rules)
 * 1:58847 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway requestDomains hidDomains SQL injection attempt (server-webapp.rules)
 * 1:58849 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway requestDomains hidDomains SQL injection attempt (server-webapp.rules)
 * 1:58840 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager AdHocQuery_Result XML external entity injection attempt (server-webapp.rules)
 * 1:58839 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center Index Java expression language injection attempt (server-webapp.rules)
 * 1:58841 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Java expression language injection attempt (server-webapp.rules)
 * 1:58838 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center Index Java expression language injection attempt (server-webapp.rules)
 * 1:58843 <-> DISABLED <-> SERVER-WEBAPP FUEL CMS col SQL injection attempt (server-webapp.rules)

Modified Rules:


 * 1:58733 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58734 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58736 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58735 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58812 <-> ENABLED <-> SERVER-OTHER VMWare vSphere log4shell exploit attempt (server-other.rules)
 * 1:58785 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58786 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58814 <-> DISABLED <-> POLICY-OTHER Java User-Agent remote class download attempt (policy-other.rules)
 * 1:58744 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58737 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58813 <-> ENABLED <-> SERVER-OTHER VMWare vSphere log4shell exploit attempt (server-other.rules)
 * 1:58738 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58732 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58751 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58740 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58727 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58726 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58787 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58741 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58739 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58731 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58730 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58784 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58728 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58722 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58742 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58723 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58724 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58725 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58743 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58788 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58789 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58729 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58790 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58795 <-> ENABLED <-> SERVER-OTHER Apache Log4j logging remote code execution attempt (server-other.rules)
 * 1:58801 <-> DISABLED <-> INDICATOR-COMPROMISE JNDI LDAP searchResEntry dynamic code download attempt (indicator-compromise.rules)
 * 1:58811 <-> ENABLED <-> SERVER-OTHER VMWare vSphere log4shell exploit attempt (server-other.rules)

2022-01-06 22:09:13 UTC

Snort Subscriber Rules Update

Date: 2022-01-06-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.0.3.1.

The format of the file is:

gid:sid <-> Message

New Rules:

* 3:58836 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1434 attack attempt
* 3:58837 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1434 attack attempt
* 1:58838 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center Index Java expression language injection attempt
* 1:58839 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center Index Java expression language injection attempt
* 1:58840 <-> SERVER-WEBAPP Trend Micro Control Manager AdHocQuery_Result XML external entity injection attempt
* 1:58841 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Java expression language injection attempt
* 1:58842 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Java expression language injection attempt
* 1:58843 <-> SERVER-WEBAPP FUEL CMS col SQL injection attempt
* 1:58844 <-> SERVER-WEBAPP FUEL CMS col SQL injection attempt
* 1:58845 <-> SERVER-WEBAPP FUEL CMS col SQL injection attempt
* 1:58846 <-> PROTOCOL-OTHER libcurl mqtt use after free attempt
* 1:58847 <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway requestDomains hidDomains SQL injection attempt
* 1:58848 <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway requestDomains hidDomains SQL injection attempt
* 1:58849 <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway requestDomains hidDomains SQL injection attempt
* 1:58850 <-> MALWARE-OTHER Win.Ransomware.Rollcoast download attempt
* 1:58851 <-> MALWARE-OTHER Win.Ransomware.Rollcoast download attempt
* 1:58852 <-> MALWARE-CNC Win.Trojan.BazarLoader outbound connection
* 1:58853 <-> SERVER-OTHER RealTek UDPServer command injection attempt

Modified Rules:

* 1:300055 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:300056 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:300057 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:300058 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58722 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58723 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58724 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58725 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58726 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58727 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58728 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58729 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58730 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58731 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58732 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58733 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58734 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58735 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58736 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58737 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58738 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58739 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58740 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58741 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58742 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58743 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58744 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58751 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58784 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58785 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58786 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58787 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58788 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58789 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58790 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58795 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58801 <-> INDICATOR-COMPROMISE JNDI LDAP searchResEntry dynamic code download attempt
* 1:58811 <-> SERVER-OTHER VMWare vSphere log4shell exploit attempt
* 1:58812 <-> SERVER-OTHER VMWare vSphere log4shell exploit attempt
* 1:58813 <-> SERVER-OTHER VMWare vSphere log4shell exploit attempt
* 1:58814 <-> POLICY-OTHER Java User-Agent remote class download attempt


2022-01-06 22:09:13 UTC

Snort Subscriber Rules Update

Date: 2022-01-06-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.0.3.4.

The format of the file is:

gid:sid <-> Message

New Rules:

* 3:58836 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1434 attack attempt
* 3:58837 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1434 attack attempt
* 1:58838 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center Index Java expression language injection attempt
* 1:58839 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center Index Java expression language injection attempt
* 1:58840 <-> SERVER-WEBAPP Trend Micro Control Manager AdHocQuery_Result XML external entity injection attempt
* 1:58841 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Java expression language injection attempt
* 1:58842 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Java expression language injection attempt
* 1:58843 <-> SERVER-WEBAPP FUEL CMS col SQL injection attempt
* 1:58844 <-> SERVER-WEBAPP FUEL CMS col SQL injection attempt
* 1:58845 <-> SERVER-WEBAPP FUEL CMS col SQL injection attempt
* 1:58846 <-> PROTOCOL-OTHER libcurl mqtt use after free attempt
* 1:58847 <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway requestDomains hidDomains SQL injection attempt
* 1:58848 <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway requestDomains hidDomains SQL injection attempt
* 1:58849 <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway requestDomains hidDomains SQL injection attempt
* 1:58850 <-> MALWARE-OTHER Win.Ransomware.Rollcoast download attempt
* 1:58851 <-> MALWARE-OTHER Win.Ransomware.Rollcoast download attempt
* 1:58852 <-> MALWARE-CNC Win.Trojan.BazarLoader outbound connection
* 1:58853 <-> SERVER-OTHER RealTek UDPServer command injection attempt

Modified Rules:

* 1:300055 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:300056 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:300057 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:300058 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58722 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58723 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58724 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58725 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58726 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58727 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58728 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58729 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58730 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58731 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58732 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58733 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58734 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58735 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58736 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58737 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58738 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58739 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58740 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58741 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58742 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58743 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58744 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58751 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58784 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58785 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58786 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58787 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58788 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58789 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58790 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58795 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58801 <-> INDICATOR-COMPROMISE JNDI LDAP searchResEntry dynamic code download attempt
* 1:58811 <-> SERVER-OTHER VMWare vSphere log4shell exploit attempt
* 1:58812 <-> SERVER-OTHER VMWare vSphere log4shell exploit attempt
* 1:58813 <-> SERVER-OTHER VMWare vSphere log4shell exploit attempt
* 1:58814 <-> POLICY-OTHER Java User-Agent remote class download attempt


2022-01-06 22:09:13 UTC

Snort Subscriber Rules Update

Date: 2022-01-06-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.0.1.

The format of the file is:

gid:sid <-> Message

New Rules:

* 3:58836 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1434 attack attempt
* 3:58837 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1434 attack attempt
* 1:58838 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center Index Java expression language injection attempt
* 1:58839 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center Index Java expression language injection attempt
* 1:58840 <-> SERVER-WEBAPP Trend Micro Control Manager AdHocQuery_Result XML external entity injection attempt
* 1:58841 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Java expression language injection attempt
* 1:58842 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Java expression language injection attempt
* 1:58843 <-> SERVER-WEBAPP FUEL CMS col SQL injection attempt
* 1:58844 <-> SERVER-WEBAPP FUEL CMS col SQL injection attempt
* 1:58845 <-> SERVER-WEBAPP FUEL CMS col SQL injection attempt
* 1:58846 <-> PROTOCOL-OTHER libcurl mqtt use after free attempt
* 1:58847 <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway requestDomains hidDomains SQL injection attempt
* 1:58848 <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway requestDomains hidDomains SQL injection attempt
* 1:58849 <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway requestDomains hidDomains SQL injection attempt
* 1:58850 <-> MALWARE-OTHER Win.Ransomware.Rollcoast download attempt
* 1:58851 <-> MALWARE-OTHER Win.Ransomware.Rollcoast download attempt
* 1:58852 <-> MALWARE-CNC Win.Trojan.BazarLoader outbound connection
* 1:58853 <-> SERVER-OTHER RealTek UDPServer command injection attempt

Modified Rules:

* 1:300055 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:300056 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:300057 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:300058 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58722 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58723 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58724 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58725 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58726 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58727 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58728 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58729 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58730 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58731 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58732 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58733 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58734 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58735 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58736 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58737 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58738 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58739 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58740 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58741 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58742 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58743 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58744 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58751 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58784 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58785 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58786 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58787 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58788 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58789 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58790 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58795 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58801 <-> INDICATOR-COMPROMISE JNDI LDAP searchResEntry dynamic code download attempt
* 1:58811 <-> SERVER-OTHER VMWare vSphere log4shell exploit attempt
* 1:58812 <-> SERVER-OTHER VMWare vSphere log4shell exploit attempt
* 1:58813 <-> SERVER-OTHER VMWare vSphere log4shell exploit attempt
* 1:58814 <-> POLICY-OTHER Java User-Agent remote class download attempt


2022-01-06 22:09:13 UTC

Snort Subscriber Rules Update

Date: 2022-01-06-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.1.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 3:58836 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1434 attack attempt
* 3:58837 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1434 attack attempt
* 1:58838 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center Index Java expression language injection attempt
* 1:58839 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center Index Java expression language injection attempt
* 1:58840 <-> SERVER-WEBAPP Trend Micro Control Manager AdHocQuery_Result XML external entity injection attempt
* 1:58841 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Java expression language injection attempt
* 1:58842 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Java expression language injection attempt
* 1:58843 <-> SERVER-WEBAPP FUEL CMS col SQL injection attempt
* 1:58844 <-> SERVER-WEBAPP FUEL CMS col SQL injection attempt
* 1:58845 <-> SERVER-WEBAPP FUEL CMS col SQL injection attempt
* 1:58846 <-> PROTOCOL-OTHER libcurl mqtt use after free attempt
* 1:58847 <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway requestDomains hidDomains SQL injection attempt
* 1:58848 <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway requestDomains hidDomains SQL injection attempt
* 1:58849 <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway requestDomains hidDomains SQL injection attempt
* 1:58850 <-> MALWARE-OTHER Win.Ransomware.Rollcoast download attempt
* 1:58851 <-> MALWARE-OTHER Win.Ransomware.Rollcoast download attempt
* 1:58852 <-> MALWARE-CNC Win.Trojan.BazarLoader outbound connection
* 1:58853 <-> SERVER-OTHER RealTek UDPServer command injection attempt

Modified Rules:

* 1:300055 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:300056 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:300057 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:300058 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58722 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58723 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58724 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58725 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58726 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58727 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58728 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58729 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58730 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58731 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58732 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58733 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58734 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58735 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58736 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58737 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58738 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58739 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58740 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58741 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58742 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58743 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58744 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58751 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58784 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58785 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58786 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58787 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58788 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58789 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58790 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58795 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58801 <-> INDICATOR-COMPROMISE JNDI LDAP searchResEntry dynamic code download attempt
* 1:58811 <-> SERVER-OTHER VMWare vSphere log4shell exploit attempt
* 1:58812 <-> SERVER-OTHER VMWare vSphere log4shell exploit attempt
* 1:58813 <-> SERVER-OTHER VMWare vSphere log4shell exploit attempt
* 1:58814 <-> POLICY-OTHER Java User-Agent remote class download attempt


2022-01-06 22:09:13 UTC

Snort Subscriber Rules Update

Date: 2022-01-06-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.3.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 3:58836 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1434 attack attempt
* 3:58837 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1434 attack attempt
* 1:58838 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center Index Java expression language injection attempt
* 1:58839 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center Index Java expression language injection attempt
* 1:58840 <-> SERVER-WEBAPP Trend Micro Control Manager AdHocQuery_Result XML external entity injection attempt
* 1:58841 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Java expression language injection attempt
* 1:58842 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Java expression language injection attempt
* 1:58843 <-> SERVER-WEBAPP FUEL CMS col SQL injection attempt
* 1:58844 <-> SERVER-WEBAPP FUEL CMS col SQL injection attempt
* 1:58845 <-> SERVER-WEBAPP FUEL CMS col SQL injection attempt
* 1:58846 <-> PROTOCOL-OTHER libcurl mqtt use after free attempt
* 1:58847 <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway requestDomains hidDomains SQL injection attempt
* 1:58848 <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway requestDomains hidDomains SQL injection attempt
* 1:58849 <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway requestDomains hidDomains SQL injection attempt
* 1:58850 <-> MALWARE-OTHER Win.Ransomware.Rollcoast download attempt
* 1:58851 <-> MALWARE-OTHER Win.Ransomware.Rollcoast download attempt
* 1:58852 <-> MALWARE-CNC Win.Trojan.BazarLoader outbound connection
* 1:58853 <-> SERVER-OTHER RealTek UDPServer command injection attempt

Modified Rules:

* 1:300055 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:300056 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:300057 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:300058 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58722 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58723 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58724 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58725 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58726 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58727 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58728 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58729 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58730 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58731 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58732 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58733 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58734 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58735 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58736 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58737 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58738 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58739 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58740 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58741 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58742 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58743 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58744 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58751 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58784 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58785 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58786 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58787 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58788 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58789 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58790 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58795 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58801 <-> INDICATOR-COMPROMISE JNDI LDAP searchResEntry dynamic code download attempt
* 1:58811 <-> SERVER-OTHER VMWare vSphere log4shell exploit attempt
* 1:58812 <-> SERVER-OTHER VMWare vSphere log4shell exploit attempt
* 1:58813 <-> SERVER-OTHER VMWare vSphere log4shell exploit attempt
* 1:58814 <-> POLICY-OTHER Java User-Agent remote class download attempt


2022-01-06 22:09:13 UTC

Snort Subscriber Rules Update

Date: 2022-01-06-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.5.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 3:58836 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1434 attack attempt
* 3:58837 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1434 attack attempt
* 1:58838 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center Index Java expression language injection attempt
* 1:58839 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center Index Java expression language injection attempt
* 1:58840 <-> SERVER-WEBAPP Trend Micro Control Manager AdHocQuery_Result XML external entity injection attempt
* 1:58841 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Java expression language injection attempt
* 1:58842 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Java expression language injection attempt
* 1:58843 <-> SERVER-WEBAPP FUEL CMS col SQL injection attempt
* 1:58844 <-> SERVER-WEBAPP FUEL CMS col SQL injection attempt
* 1:58845 <-> SERVER-WEBAPP FUEL CMS col SQL injection attempt
* 1:58846 <-> PROTOCOL-OTHER libcurl mqtt use after free attempt
* 1:58847 <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway requestDomains hidDomains SQL injection attempt
* 1:58848 <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway requestDomains hidDomains SQL injection attempt
* 1:58849 <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway requestDomains hidDomains SQL injection attempt
* 1:58850 <-> MALWARE-OTHER Win.Ransomware.Rollcoast download attempt
* 1:58851 <-> MALWARE-OTHER Win.Ransomware.Rollcoast download attempt
* 1:58852 <-> MALWARE-CNC Win.Trojan.BazarLoader outbound connection
* 1:58853 <-> SERVER-OTHER RealTek UDPServer command injection attempt

Modified Rules:

* 1:300055 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:300056 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:300057 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:300058 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58722 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58723 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58724 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58725 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58726 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58727 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58728 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58729 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58730 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58731 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58732 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58733 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58734 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58735 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58736 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58737 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58738 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58739 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58740 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58741 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58742 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58743 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58744 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58751 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58784 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58785 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58786 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58787 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58788 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58789 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58790 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58795 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58801 <-> INDICATOR-COMPROMISE JNDI LDAP searchResEntry dynamic code download attempt
* 1:58811 <-> SERVER-OTHER VMWare vSphere log4shell exploit attempt
* 1:58812 <-> SERVER-OTHER VMWare vSphere log4shell exploit attempt
* 1:58813 <-> SERVER-OTHER VMWare vSphere log4shell exploit attempt
* 1:58814 <-> POLICY-OTHER Java User-Agent remote class download attempt


2022-01-06 22:09:13 UTC

Snort Subscriber Rules Update

Date: 2022-01-06-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.7.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 3:58836 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1434 attack attempt
* 3:58837 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1434 attack attempt
* 1:58838 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center Index Java expression language injection attempt
* 1:58839 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center Index Java expression language injection attempt
* 1:58840 <-> SERVER-WEBAPP Trend Micro Control Manager AdHocQuery_Result XML external entity injection attempt
* 1:58841 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Java expression language injection attempt
* 1:58842 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Java expression language injection attempt
* 1:58843 <-> SERVER-WEBAPP FUEL CMS col SQL injection attempt
* 1:58844 <-> SERVER-WEBAPP FUEL CMS col SQL injection attempt
* 1:58845 <-> SERVER-WEBAPP FUEL CMS col SQL injection attempt
* 1:58846 <-> PROTOCOL-OTHER libcurl mqtt use after free attempt
* 1:58847 <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway requestDomains hidDomains SQL injection attempt
* 1:58848 <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway requestDomains hidDomains SQL injection attempt
* 1:58849 <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway requestDomains hidDomains SQL injection attempt
* 1:58850 <-> MALWARE-OTHER Win.Ransomware.Rollcoast download attempt
* 1:58851 <-> MALWARE-OTHER Win.Ransomware.Rollcoast download attempt
* 1:58852 <-> MALWARE-CNC Win.Trojan.BazarLoader outbound connection
* 1:58853 <-> SERVER-OTHER RealTek UDPServer command injection attempt

Modified Rules:

* 1:300055 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:300056 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:300057 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:300058 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58722 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58723 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58724 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58725 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58726 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58727 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58728 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58729 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58730 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58731 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58732 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58733 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58734 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58735 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58736 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58737 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58738 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58739 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58740 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58741 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58742 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58743 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58744 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58751 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58784 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58785 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58786 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58787 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58788 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58789 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58790 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58795 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58801 <-> INDICATOR-COMPROMISE JNDI LDAP searchResEntry dynamic code download attempt
* 1:58811 <-> SERVER-OTHER VMWare vSphere log4shell exploit attempt
* 1:58812 <-> SERVER-OTHER VMWare vSphere log4shell exploit attempt
* 1:58813 <-> SERVER-OTHER VMWare vSphere log4shell exploit attempt
* 1:58814 <-> POLICY-OTHER Java User-Agent remote class download attempt


2022-01-06 22:09:13 UTC

Snort Subscriber Rules Update

Date: 2022-01-06-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.15.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 3:58836 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1434 attack attempt
* 3:58837 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1434 attack attempt
* 1:58838 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center Index Java expression language injection attempt
* 1:58839 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center Index Java expression language injection attempt
* 1:58840 <-> SERVER-WEBAPP Trend Micro Control Manager AdHocQuery_Result XML external entity injection attempt
* 1:58841 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Java expression language injection attempt
* 1:58842 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Java expression language injection attempt
* 1:58843 <-> SERVER-WEBAPP FUEL CMS col SQL injection attempt
* 1:58844 <-> SERVER-WEBAPP FUEL CMS col SQL injection attempt
* 1:58845 <-> SERVER-WEBAPP FUEL CMS col SQL injection attempt
* 1:58846 <-> PROTOCOL-OTHER libcurl mqtt use after free attempt
* 1:58847 <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway requestDomains hidDomains SQL injection attempt
* 1:58848 <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway requestDomains hidDomains SQL injection attempt
* 1:58849 <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway requestDomains hidDomains SQL injection attempt
* 1:58850 <-> MALWARE-OTHER Win.Ransomware.Rollcoast download attempt
* 1:58851 <-> MALWARE-OTHER Win.Ransomware.Rollcoast download attempt
* 1:58852 <-> MALWARE-CNC Win.Trojan.BazarLoader outbound connection
* 1:58853 <-> SERVER-OTHER RealTek UDPServer command injection attempt

Modified Rules:

* 1:300055 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:300056 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:300057 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:300058 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58722 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58723 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58724 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58725 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58726 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58727 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58728 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58729 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58730 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58731 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58732 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58733 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58734 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58735 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58736 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58737 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58738 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58739 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58740 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58741 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58742 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58743 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58744 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58751 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58784 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58785 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58786 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58787 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58788 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58789 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58790 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58795 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58801 <-> INDICATOR-COMPROMISE JNDI LDAP searchResEntry dynamic code download attempt
* 1:58811 <-> SERVER-OTHER VMWare vSphere log4shell exploit attempt
* 1:58812 <-> SERVER-OTHER VMWare vSphere log4shell exploit attempt
* 1:58813 <-> SERVER-OTHER VMWare vSphere log4shell exploit attempt
* 1:58814 <-> POLICY-OTHER Java User-Agent remote class download attempt


2022-01-06 22:09:13 UTC

Snort Subscriber Rules Update

Date: 2022-01-06-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.18.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 3:58836 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1434 attack attempt
* 3:58837 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1434 attack attempt
* 1:58838 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center Index Java expression language injection attempt
* 1:58839 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center Index Java expression language injection attempt
* 1:58840 <-> SERVER-WEBAPP Trend Micro Control Manager AdHocQuery_Result XML external entity injection attempt
* 1:58841 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Java expression language injection attempt
* 1:58842 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Java expression language injection attempt
* 1:58843 <-> SERVER-WEBAPP FUEL CMS col SQL injection attempt
* 1:58844 <-> SERVER-WEBAPP FUEL CMS col SQL injection attempt
* 1:58845 <-> SERVER-WEBAPP FUEL CMS col SQL injection attempt
* 1:58846 <-> PROTOCOL-OTHER libcurl mqtt use after free attempt
* 1:58847 <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway requestDomains hidDomains SQL injection attempt
* 1:58848 <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway requestDomains hidDomains SQL injection attempt
* 1:58849 <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway requestDomains hidDomains SQL injection attempt
* 1:58850 <-> MALWARE-OTHER Win.Ransomware.Rollcoast download attempt
* 1:58851 <-> MALWARE-OTHER Win.Ransomware.Rollcoast download attempt
* 1:58852 <-> MALWARE-CNC Win.Trojan.BazarLoader outbound connection
* 1:58853 <-> SERVER-OTHER RealTek UDPServer command injection attempt

Modified Rules:

* 1:300055 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:300056 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:300057 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:300058 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58722 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58723 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58724 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58725 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58726 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58727 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58728 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58729 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58730 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58731 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58732 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58733 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58734 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58735 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58736 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58737 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58738 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58739 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58740 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58741 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58742 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58743 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58744 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58751 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58784 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58785 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58786 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58787 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58788 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58789 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58790 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58795 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58801 <-> INDICATOR-COMPROMISE JNDI LDAP searchResEntry dynamic code download attempt
* 1:58811 <-> SERVER-OTHER VMWare vSphere log4shell exploit attempt
* 1:58812 <-> SERVER-OTHER VMWare vSphere log4shell exploit attempt
* 1:58813 <-> SERVER-OTHER VMWare vSphere log4shell exploit attempt
* 1:58814 <-> POLICY-OTHER Java User-Agent remote class download attempt


2022-01-06 22:11:25 UTC

Snort Subscriber Rules Update

Date: 2022-01-06-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.0.3.1.

The format of the file is:

gid:sid <-> Message

New Rules:

* 3:58836 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1434 attack attempt
* 3:58837 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1434 attack attempt
* 1:58838 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center Index Java expression language injection attempt
* 1:58839 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center Index Java expression language injection attempt
* 1:58840 <-> SERVER-WEBAPP Trend Micro Control Manager AdHocQuery_Result XML external entity injection attempt
* 1:58841 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Java expression language injection attempt
* 1:58842 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Java expression language injection attempt
* 1:58843 <-> SERVER-WEBAPP FUEL CMS col SQL injection attempt
* 1:58844 <-> SERVER-WEBAPP FUEL CMS col SQL injection attempt
* 1:58845 <-> SERVER-WEBAPP FUEL CMS col SQL injection attempt
* 1:58846 <-> PROTOCOL-OTHER libcurl mqtt use after free attempt
* 1:58847 <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway requestDomains hidDomains SQL injection attempt
* 1:58848 <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway requestDomains hidDomains SQL injection attempt
* 1:58849 <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway requestDomains hidDomains SQL injection attempt
* 1:58850 <-> MALWARE-OTHER Win.Ransomware.Rollcoast download attempt
* 1:58851 <-> MALWARE-OTHER Win.Ransomware.Rollcoast download attempt
* 1:58852 <-> MALWARE-CNC Win.Trojan.BazarLoader outbound connection
* 1:58853 <-> SERVER-OTHER RealTek UDPServer command injection attempt

Modified Rules:

* 1:300055 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:300056 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:300057 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:300058 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58722 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58723 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58724 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58725 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58726 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58727 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58728 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58729 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58730 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58731 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58732 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58733 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58734 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58735 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58736 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58737 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58738 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58739 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58740 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58741 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58742 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58743 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58744 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58751 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58784 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58785 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58786 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58787 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58788 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58789 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58790 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58795 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58801 <-> INDICATOR-COMPROMISE JNDI LDAP searchResEntry dynamic code download attempt
* 1:58811 <-> SERVER-OTHER VMWare vSphere log4shell exploit attempt
* 1:58812 <-> SERVER-OTHER VMWare vSphere log4shell exploit attempt
* 1:58813 <-> SERVER-OTHER VMWare vSphere log4shell exploit attempt
* 1:58814 <-> POLICY-OTHER Java User-Agent remote class download attempt


2022-01-06 22:11:25 UTC

Snort Subscriber Rules Update

Date: 2022-01-06-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.0.3.4.

The format of the file is:

gid:sid <-> Message

New Rules:

* 3:58836 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1434 attack attempt
* 3:58837 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1434 attack attempt
* 1:58838 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center Index Java expression language injection attempt
* 1:58839 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center Index Java expression language injection attempt
* 1:58840 <-> SERVER-WEBAPP Trend Micro Control Manager AdHocQuery_Result XML external entity injection attempt
* 1:58841 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Java expression language injection attempt
* 1:58842 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Java expression language injection attempt
* 1:58843 <-> SERVER-WEBAPP FUEL CMS col SQL injection attempt
* 1:58844 <-> SERVER-WEBAPP FUEL CMS col SQL injection attempt
* 1:58845 <-> SERVER-WEBAPP FUEL CMS col SQL injection attempt
* 1:58846 <-> PROTOCOL-OTHER libcurl mqtt use after free attempt
* 1:58847 <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway requestDomains hidDomains SQL injection attempt
* 1:58848 <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway requestDomains hidDomains SQL injection attempt
* 1:58849 <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway requestDomains hidDomains SQL injection attempt
* 1:58850 <-> MALWARE-OTHER Win.Ransomware.Rollcoast download attempt
* 1:58851 <-> MALWARE-OTHER Win.Ransomware.Rollcoast download attempt
* 1:58852 <-> MALWARE-CNC Win.Trojan.BazarLoader outbound connection
* 1:58853 <-> SERVER-OTHER RealTek UDPServer command injection attempt

Modified Rules:

* 1:300055 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:300056 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:300057 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:300058 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58722 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58723 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58724 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58725 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58726 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58727 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58728 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58729 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58730 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58731 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58732 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58733 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58734 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58735 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58736 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58737 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58738 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58739 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58740 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58741 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58742 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58743 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58744 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58751 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58784 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58785 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58786 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58787 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58788 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58789 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58790 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58795 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58801 <-> INDICATOR-COMPROMISE JNDI LDAP searchResEntry dynamic code download attempt
* 1:58811 <-> SERVER-OTHER VMWare vSphere log4shell exploit attempt
* 1:58812 <-> SERVER-OTHER VMWare vSphere log4shell exploit attempt
* 1:58813 <-> SERVER-OTHER VMWare vSphere log4shell exploit attempt
* 1:58814 <-> POLICY-OTHER Java User-Agent remote class download attempt


2022-01-06 22:11:25 UTC

Snort Subscriber Rules Update

Date: 2022-01-06-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.0.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 3:58836 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1434 attack attempt
* 3:58837 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1434 attack attempt
* 1:58838 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center Index Java expression language injection attempt
* 1:58839 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center Index Java expression language injection attempt
* 1:58840 <-> SERVER-WEBAPP Trend Micro Control Manager AdHocQuery_Result XML external entity injection attempt
* 1:58841 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Java expression language injection attempt
* 1:58842 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Java expression language injection attempt
* 1:58843 <-> SERVER-WEBAPP FUEL CMS col SQL injection attempt
* 1:58844 <-> SERVER-WEBAPP FUEL CMS col SQL injection attempt
* 1:58845 <-> SERVER-WEBAPP FUEL CMS col SQL injection attempt
* 1:58846 <-> PROTOCOL-OTHER libcurl mqtt use after free attempt
* 1:58847 <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway requestDomains hidDomains SQL injection attempt
* 1:58848 <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway requestDomains hidDomains SQL injection attempt
* 1:58849 <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway requestDomains hidDomains SQL injection attempt
* 1:58850 <-> MALWARE-OTHER Win.Ransomware.Rollcoast download attempt
* 1:58851 <-> MALWARE-OTHER Win.Ransomware.Rollcoast download attempt
* 1:58852 <-> MALWARE-CNC Win.Trojan.BazarLoader outbound connection
* 1:58853 <-> SERVER-OTHER RealTek UDPServer command injection attempt

Modified Rules:

* 1:300055 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:300056 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:300057 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:300058 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58722 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58723 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58724 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58725 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58726 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58727 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58728 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58729 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58730 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58731 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58732 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58733 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58734 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58735 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58736 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58737 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58738 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58739 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58740 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58741 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58742 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58743 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58744 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58751 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58784 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58785 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58786 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58787 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58788 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58789 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58790 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58795 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58801 <-> INDICATOR-COMPROMISE JNDI LDAP searchResEntry dynamic code download attempt
* 1:58811 <-> SERVER-OTHER VMWare vSphere log4shell exploit attempt
* 1:58812 <-> SERVER-OTHER VMWare vSphere log4shell exploit attempt
* 1:58813 <-> SERVER-OTHER VMWare vSphere log4shell exploit attempt
* 1:58814 <-> POLICY-OTHER Java User-Agent remote class download attempt


2022-01-06 22:11:25 UTC

Snort Subscriber Rules Update

Date: 2022-01-06-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.0.1.

The format of the file is:

gid:sid <-> Message

New Rules:

* 3:58836 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1434 attack attempt
* 3:58837 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1434 attack attempt
* 1:58838 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center Index Java expression language injection attempt
* 1:58839 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center Index Java expression language injection attempt
* 1:58840 <-> SERVER-WEBAPP Trend Micro Control Manager AdHocQuery_Result XML external entity injection attempt
* 1:58841 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Java expression language injection attempt
* 1:58842 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Java expression language injection attempt
* 1:58843 <-> SERVER-WEBAPP FUEL CMS col SQL injection attempt
* 1:58844 <-> SERVER-WEBAPP FUEL CMS col SQL injection attempt
* 1:58845 <-> SERVER-WEBAPP FUEL CMS col SQL injection attempt
* 1:58846 <-> PROTOCOL-OTHER libcurl mqtt use after free attempt
* 1:58847 <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway requestDomains hidDomains SQL injection attempt
* 1:58848 <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway requestDomains hidDomains SQL injection attempt
* 1:58849 <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway requestDomains hidDomains SQL injection attempt
* 1:58850 <-> MALWARE-OTHER Win.Ransomware.Rollcoast download attempt
* 1:58851 <-> MALWARE-OTHER Win.Ransomware.Rollcoast download attempt
* 1:58852 <-> MALWARE-CNC Win.Trojan.BazarLoader outbound connection
* 1:58853 <-> SERVER-OTHER RealTek UDPServer command injection attempt

Modified Rules:

* 1:300055 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:300056 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:300057 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:300058 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58722 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58723 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58724 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58725 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58726 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58727 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58728 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58729 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58730 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58731 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58732 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58733 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58734 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58735 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58736 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58737 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58738 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58739 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58740 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58741 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58742 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58743 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58744 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58751 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58784 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58785 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58786 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58787 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58788 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58789 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58790 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58795 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58801 <-> INDICATOR-COMPROMISE JNDI LDAP searchResEntry dynamic code download attempt
* 1:58811 <-> SERVER-OTHER VMWare vSphere log4shell exploit attempt
* 1:58812 <-> SERVER-OTHER VMWare vSphere log4shell exploit attempt
* 1:58813 <-> SERVER-OTHER VMWare vSphere log4shell exploit attempt
* 1:58814 <-> POLICY-OTHER Java User-Agent remote class download attempt


2022-01-06 22:11:26 UTC

Snort Subscriber Rules Update

Date: 2022-01-06-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.1.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 3:58836 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1434 attack attempt
* 3:58837 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1434 attack attempt
* 1:58838 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center Index Java expression language injection attempt
* 1:58839 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center Index Java expression language injection attempt
* 1:58840 <-> SERVER-WEBAPP Trend Micro Control Manager AdHocQuery_Result XML external entity injection attempt
* 1:58841 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Java expression language injection attempt
* 1:58842 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Java expression language injection attempt
* 1:58843 <-> SERVER-WEBAPP FUEL CMS col SQL injection attempt
* 1:58844 <-> SERVER-WEBAPP FUEL CMS col SQL injection attempt
* 1:58845 <-> SERVER-WEBAPP FUEL CMS col SQL injection attempt
* 1:58846 <-> PROTOCOL-OTHER libcurl mqtt use after free attempt
* 1:58847 <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway requestDomains hidDomains SQL injection attempt
* 1:58848 <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway requestDomains hidDomains SQL injection attempt
* 1:58849 <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway requestDomains hidDomains SQL injection attempt
* 1:58850 <-> MALWARE-OTHER Win.Ransomware.Rollcoast download attempt
* 1:58851 <-> MALWARE-OTHER Win.Ransomware.Rollcoast download attempt
* 1:58852 <-> MALWARE-CNC Win.Trojan.BazarLoader outbound connection
* 1:58853 <-> SERVER-OTHER RealTek UDPServer command injection attempt

Modified Rules:

* 1:300055 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:300056 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:300057 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:300058 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58722 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58723 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58724 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58725 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58726 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58727 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58728 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58729 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58730 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58731 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58732 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58733 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58734 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58735 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58736 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58737 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58738 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58739 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58740 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58741 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58742 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58743 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58744 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58751 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58784 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58785 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58786 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58787 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58788 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58789 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58790 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58795 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58801 <-> INDICATOR-COMPROMISE JNDI LDAP searchResEntry dynamic code download attempt
* 1:58811 <-> SERVER-OTHER VMWare vSphere log4shell exploit attempt
* 1:58812 <-> SERVER-OTHER VMWare vSphere log4shell exploit attempt
* 1:58813 <-> SERVER-OTHER VMWare vSphere log4shell exploit attempt
* 1:58814 <-> POLICY-OTHER Java User-Agent remote class download attempt


2022-01-06 22:11:26 UTC

Snort Subscriber Rules Update

Date: 2022-01-06-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.3.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 3:58836 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1434 attack attempt
* 3:58837 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1434 attack attempt
* 1:58838 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center Index Java expression language injection attempt
* 1:58839 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center Index Java expression language injection attempt
* 1:58840 <-> SERVER-WEBAPP Trend Micro Control Manager AdHocQuery_Result XML external entity injection attempt
* 1:58841 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Java expression language injection attempt
* 1:58842 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Java expression language injection attempt
* 1:58843 <-> SERVER-WEBAPP FUEL CMS col SQL injection attempt
* 1:58844 <-> SERVER-WEBAPP FUEL CMS col SQL injection attempt
* 1:58845 <-> SERVER-WEBAPP FUEL CMS col SQL injection attempt
* 1:58846 <-> PROTOCOL-OTHER libcurl mqtt use after free attempt
* 1:58847 <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway requestDomains hidDomains SQL injection attempt
* 1:58848 <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway requestDomains hidDomains SQL injection attempt
* 1:58849 <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway requestDomains hidDomains SQL injection attempt
* 1:58850 <-> MALWARE-OTHER Win.Ransomware.Rollcoast download attempt
* 1:58851 <-> MALWARE-OTHER Win.Ransomware.Rollcoast download attempt
* 1:58852 <-> MALWARE-CNC Win.Trojan.BazarLoader outbound connection
* 1:58853 <-> SERVER-OTHER RealTek UDPServer command injection attempt

Modified Rules:

* 1:300055 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:300056 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:300057 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:300058 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58722 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58723 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58724 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58725 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58726 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58727 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58728 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58729 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58730 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58731 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58732 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58733 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58734 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58735 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58736 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58737 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58738 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58739 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58740 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58741 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58742 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58743 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58744 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58751 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58784 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58785 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58786 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58787 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58788 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58789 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58790 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58795 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58801 <-> INDICATOR-COMPROMISE JNDI LDAP searchResEntry dynamic code download attempt
* 1:58811 <-> SERVER-OTHER VMWare vSphere log4shell exploit attempt
* 1:58812 <-> SERVER-OTHER VMWare vSphere log4shell exploit attempt
* 1:58813 <-> SERVER-OTHER VMWare vSphere log4shell exploit attempt
* 1:58814 <-> POLICY-OTHER Java User-Agent remote class download attempt


2022-01-06 22:11:26 UTC

Snort Subscriber Rules Update

Date: 2022-01-06-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.4.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 3:58836 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1434 attack attempt
* 3:58837 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1434 attack attempt
* 1:58838 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center Index Java expression language injection attempt
* 1:58839 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center Index Java expression language injection attempt
* 1:58840 <-> SERVER-WEBAPP Trend Micro Control Manager AdHocQuery_Result XML external entity injection attempt
* 1:58841 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Java expression language injection attempt
* 1:58842 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Java expression language injection attempt
* 1:58843 <-> SERVER-WEBAPP FUEL CMS col SQL injection attempt
* 1:58844 <-> SERVER-WEBAPP FUEL CMS col SQL injection attempt
* 1:58845 <-> SERVER-WEBAPP FUEL CMS col SQL injection attempt
* 1:58846 <-> PROTOCOL-OTHER libcurl mqtt use after free attempt
* 1:58847 <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway requestDomains hidDomains SQL injection attempt
* 1:58848 <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway requestDomains hidDomains SQL injection attempt
* 1:58849 <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway requestDomains hidDomains SQL injection attempt
* 1:58850 <-> MALWARE-OTHER Win.Ransomware.Rollcoast download attempt
* 1:58851 <-> MALWARE-OTHER Win.Ransomware.Rollcoast download attempt
* 1:58852 <-> MALWARE-CNC Win.Trojan.BazarLoader outbound connection
* 1:58853 <-> SERVER-OTHER RealTek UDPServer command injection attempt

Modified Rules:

* 1:300055 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:300056 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:300057 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:300058 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58722 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58723 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58724 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58725 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58726 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58727 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58728 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58729 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58730 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58731 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58732 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58733 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58734 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58735 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58736 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58737 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58738 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58739 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58740 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58741 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58742 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58743 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58744 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58751 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58784 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58785 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58786 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58787 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58788 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58789 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58790 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58795 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58801 <-> INDICATOR-COMPROMISE JNDI LDAP searchResEntry dynamic code download attempt
* 1:58811 <-> SERVER-OTHER VMWare vSphere log4shell exploit attempt
* 1:58812 <-> SERVER-OTHER VMWare vSphere log4shell exploit attempt
* 1:58813 <-> SERVER-OTHER VMWare vSphere log4shell exploit attempt
* 1:58814 <-> POLICY-OTHER Java User-Agent remote class download attempt


2022-01-06 22:11:26 UTC

Snort Subscriber Rules Update

Date: 2022-01-06-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.5.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 3:58836 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1434 attack attempt
* 3:58837 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1434 attack attempt
* 1:58838 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center Index Java expression language injection attempt
* 1:58839 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center Index Java expression language injection attempt
* 1:58840 <-> SERVER-WEBAPP Trend Micro Control Manager AdHocQuery_Result XML external entity injection attempt
* 1:58841 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Java expression language injection attempt
* 1:58842 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Java expression language injection attempt
* 1:58843 <-> SERVER-WEBAPP FUEL CMS col SQL injection attempt
* 1:58844 <-> SERVER-WEBAPP FUEL CMS col SQL injection attempt
* 1:58845 <-> SERVER-WEBAPP FUEL CMS col SQL injection attempt
* 1:58846 <-> PROTOCOL-OTHER libcurl mqtt use after free attempt
* 1:58847 <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway requestDomains hidDomains SQL injection attempt
* 1:58848 <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway requestDomains hidDomains SQL injection attempt
* 1:58849 <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway requestDomains hidDomains SQL injection attempt
* 1:58850 <-> MALWARE-OTHER Win.Ransomware.Rollcoast download attempt
* 1:58851 <-> MALWARE-OTHER Win.Ransomware.Rollcoast download attempt
* 1:58852 <-> MALWARE-CNC Win.Trojan.BazarLoader outbound connection
* 1:58853 <-> SERVER-OTHER RealTek UDPServer command injection attempt

Modified Rules:

* 1:300055 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:300056 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:300057 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:300058 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58722 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58723 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58724 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58725 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58726 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58727 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58728 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58729 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58730 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58731 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58732 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58733 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58734 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58735 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58736 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58737 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58738 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58739 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58740 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58741 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58742 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58743 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58744 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58751 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58784 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58785 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58786 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58787 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58788 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58789 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58790 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58795 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58801 <-> INDICATOR-COMPROMISE JNDI LDAP searchResEntry dynamic code download attempt
* 1:58811 <-> SERVER-OTHER VMWare vSphere log4shell exploit attempt
* 1:58812 <-> SERVER-OTHER VMWare vSphere log4shell exploit attempt
* 1:58813 <-> SERVER-OTHER VMWare vSphere log4shell exploit attempt
* 1:58814 <-> POLICY-OTHER Java User-Agent remote class download attempt


2022-01-06 22:11:26 UTC

Snort Subscriber Rules Update

Date: 2022-01-06-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.7.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 3:58836 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1434 attack attempt
* 3:58837 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1434 attack attempt
* 1:58838 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center Index Java expression language injection attempt
* 1:58839 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center Index Java expression language injection attempt
* 1:58840 <-> SERVER-WEBAPP Trend Micro Control Manager AdHocQuery_Result XML external entity injection attempt
* 1:58841 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Java expression language injection attempt
* 1:58842 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Java expression language injection attempt
* 1:58843 <-> SERVER-WEBAPP FUEL CMS col SQL injection attempt
* 1:58844 <-> SERVER-WEBAPP FUEL CMS col SQL injection attempt
* 1:58845 <-> SERVER-WEBAPP FUEL CMS col SQL injection attempt
* 1:58846 <-> PROTOCOL-OTHER libcurl mqtt use after free attempt
* 1:58847 <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway requestDomains hidDomains SQL injection attempt
* 1:58848 <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway requestDomains hidDomains SQL injection attempt
* 1:58849 <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway requestDomains hidDomains SQL injection attempt
* 1:58850 <-> MALWARE-OTHER Win.Ransomware.Rollcoast download attempt
* 1:58851 <-> MALWARE-OTHER Win.Ransomware.Rollcoast download attempt
* 1:58852 <-> MALWARE-CNC Win.Trojan.BazarLoader outbound connection
* 1:58853 <-> SERVER-OTHER RealTek UDPServer command injection attempt

Modified Rules:

* 1:300055 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:300056 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:300057 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:300058 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58722 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58723 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58724 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58725 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58726 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58727 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58728 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58729 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58730 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58731 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58732 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58733 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58734 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58735 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58736 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58737 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58738 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58739 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58740 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58741 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58742 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58743 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58744 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58751 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58784 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58785 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58786 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58787 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58788 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58789 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58790 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58795 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58801 <-> INDICATOR-COMPROMISE JNDI LDAP searchResEntry dynamic code download attempt
* 1:58811 <-> SERVER-OTHER VMWare vSphere log4shell exploit attempt
* 1:58812 <-> SERVER-OTHER VMWare vSphere log4shell exploit attempt
* 1:58813 <-> SERVER-OTHER VMWare vSphere log4shell exploit attempt
* 1:58814 <-> POLICY-OTHER Java User-Agent remote class download attempt


2022-01-06 22:11:26 UTC

Snort Subscriber Rules Update

Date: 2022-01-06-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.9.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 3:58836 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1434 attack attempt
* 3:58837 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1434 attack attempt
* 1:58838 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center Index Java expression language injection attempt
* 1:58839 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center Index Java expression language injection attempt
* 1:58840 <-> SERVER-WEBAPP Trend Micro Control Manager AdHocQuery_Result XML external entity injection attempt
* 1:58841 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Java expression language injection attempt
* 1:58842 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Java expression language injection attempt
* 1:58843 <-> SERVER-WEBAPP FUEL CMS col SQL injection attempt
* 1:58844 <-> SERVER-WEBAPP FUEL CMS col SQL injection attempt
* 1:58845 <-> SERVER-WEBAPP FUEL CMS col SQL injection attempt
* 1:58846 <-> PROTOCOL-OTHER libcurl mqtt use after free attempt
* 1:58847 <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway requestDomains hidDomains SQL injection attempt
* 1:58848 <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway requestDomains hidDomains SQL injection attempt
* 1:58849 <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway requestDomains hidDomains SQL injection attempt
* 1:58850 <-> MALWARE-OTHER Win.Ransomware.Rollcoast download attempt
* 1:58851 <-> MALWARE-OTHER Win.Ransomware.Rollcoast download attempt
* 1:58852 <-> MALWARE-CNC Win.Trojan.BazarLoader outbound connection
* 1:58853 <-> SERVER-OTHER RealTek UDPServer command injection attempt

Modified Rules:

* 1:300055 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:300056 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:300057 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:300058 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58722 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58723 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58724 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58725 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58726 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58727 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58728 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58729 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58730 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58731 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58732 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58733 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58734 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58735 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58736 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58737 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58738 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58739 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58740 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58741 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58742 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58743 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58744 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58751 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58784 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58785 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58786 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58787 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58788 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58789 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58790 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58795 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58801 <-> INDICATOR-COMPROMISE JNDI LDAP searchResEntry dynamic code download attempt
* 1:58811 <-> SERVER-OTHER VMWare vSphere log4shell exploit attempt
* 1:58812 <-> SERVER-OTHER VMWare vSphere log4shell exploit attempt
* 1:58813 <-> SERVER-OTHER VMWare vSphere log4shell exploit attempt
* 1:58814 <-> POLICY-OTHER Java User-Agent remote class download attempt


2022-01-06 22:11:26 UTC

Snort Subscriber Rules Update

Date: 2022-01-06-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.11.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 3:58836 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1434 attack attempt
* 3:58837 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1434 attack attempt
* 1:58838 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center Index Java expression language injection attempt
* 1:58839 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center Index Java expression language injection attempt
* 1:58840 <-> SERVER-WEBAPP Trend Micro Control Manager AdHocQuery_Result XML external entity injection attempt
* 1:58841 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Java expression language injection attempt
* 1:58842 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Java expression language injection attempt
* 1:58843 <-> SERVER-WEBAPP FUEL CMS col SQL injection attempt
* 1:58844 <-> SERVER-WEBAPP FUEL CMS col SQL injection attempt
* 1:58845 <-> SERVER-WEBAPP FUEL CMS col SQL injection attempt
* 1:58846 <-> PROTOCOL-OTHER libcurl mqtt use after free attempt
* 1:58847 <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway requestDomains hidDomains SQL injection attempt
* 1:58848 <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway requestDomains hidDomains SQL injection attempt
* 1:58849 <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway requestDomains hidDomains SQL injection attempt
* 1:58850 <-> MALWARE-OTHER Win.Ransomware.Rollcoast download attempt
* 1:58851 <-> MALWARE-OTHER Win.Ransomware.Rollcoast download attempt
* 1:58852 <-> MALWARE-CNC Win.Trojan.BazarLoader outbound connection
* 1:58853 <-> SERVER-OTHER RealTek UDPServer command injection attempt

Modified Rules:

* 1:300055 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:300056 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:300057 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:300058 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58722 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58723 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58724 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58725 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58726 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58727 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58728 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58729 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58730 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58731 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58732 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58733 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58734 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58735 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58736 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58737 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58738 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58739 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58740 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58741 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58742 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58743 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58744 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58751 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58784 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58785 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58786 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58787 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58788 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58789 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58790 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58795 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58801 <-> INDICATOR-COMPROMISE JNDI LDAP searchResEntry dynamic code download attempt
* 1:58811 <-> SERVER-OTHER VMWare vSphere log4shell exploit attempt
* 1:58812 <-> SERVER-OTHER VMWare vSphere log4shell exploit attempt
* 1:58813 <-> SERVER-OTHER VMWare vSphere log4shell exploit attempt
* 1:58814 <-> POLICY-OTHER Java User-Agent remote class download attempt


2022-01-06 22:11:26 UTC

Snort Subscriber Rules Update

Date: 2022-01-06-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.15.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 3:58836 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1434 attack attempt
* 3:58837 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1434 attack attempt
* 1:58838 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center Index Java expression language injection attempt
* 1:58839 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center Index Java expression language injection attempt
* 1:58840 <-> SERVER-WEBAPP Trend Micro Control Manager AdHocQuery_Result XML external entity injection attempt
* 1:58841 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Java expression language injection attempt
* 1:58842 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Java expression language injection attempt
* 1:58843 <-> SERVER-WEBAPP FUEL CMS col SQL injection attempt
* 1:58844 <-> SERVER-WEBAPP FUEL CMS col SQL injection attempt
* 1:58845 <-> SERVER-WEBAPP FUEL CMS col SQL injection attempt
* 1:58846 <-> PROTOCOL-OTHER libcurl mqtt use after free attempt
* 1:58847 <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway requestDomains hidDomains SQL injection attempt
* 1:58848 <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway requestDomains hidDomains SQL injection attempt
* 1:58849 <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway requestDomains hidDomains SQL injection attempt
* 1:58850 <-> MALWARE-OTHER Win.Ransomware.Rollcoast download attempt
* 1:58851 <-> MALWARE-OTHER Win.Ransomware.Rollcoast download attempt
* 1:58852 <-> MALWARE-CNC Win.Trojan.BazarLoader outbound connection
* 1:58853 <-> SERVER-OTHER RealTek UDPServer command injection attempt

Modified Rules:

* 1:300055 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:300056 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:300057 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:300058 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58722 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58723 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58724 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58725 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58726 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58727 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58728 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58729 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58730 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58731 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58732 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58733 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58734 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58735 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58736 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58737 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58738 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58739 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58740 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58741 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58742 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58743 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58744 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58751 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58784 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58785 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58786 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58787 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58788 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58789 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58790 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58795 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58801 <-> INDICATOR-COMPROMISE JNDI LDAP searchResEntry dynamic code download attempt
* 1:58811 <-> SERVER-OTHER VMWare vSphere log4shell exploit attempt
* 1:58812 <-> SERVER-OTHER VMWare vSphere log4shell exploit attempt
* 1:58813 <-> SERVER-OTHER VMWare vSphere log4shell exploit attempt
* 1:58814 <-> POLICY-OTHER Java User-Agent remote class download attempt


2022-01-06 22:11:26 UTC

Snort Subscriber Rules Update

Date: 2022-01-06-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.18.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 3:58836 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1434 attack attempt
* 3:58837 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2021-1434 attack attempt
* 1:58838 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center Index Java expression language injection attempt
* 1:58839 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center Index Java expression language injection attempt
* 1:58840 <-> SERVER-WEBAPP Trend Micro Control Manager AdHocQuery_Result XML external entity injection attempt
* 1:58841 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Java expression language injection attempt
* 1:58842 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Java expression language injection attempt
* 1:58843 <-> SERVER-WEBAPP FUEL CMS col SQL injection attempt
* 1:58844 <-> SERVER-WEBAPP FUEL CMS col SQL injection attempt
* 1:58845 <-> SERVER-WEBAPP FUEL CMS col SQL injection attempt
* 1:58846 <-> PROTOCOL-OTHER libcurl mqtt use after free attempt
* 1:58847 <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway requestDomains hidDomains SQL injection attempt
* 1:58848 <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway requestDomains hidDomains SQL injection attempt
* 1:58849 <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway requestDomains hidDomains SQL injection attempt
* 1:58850 <-> MALWARE-OTHER Win.Ransomware.Rollcoast download attempt
* 1:58851 <-> MALWARE-OTHER Win.Ransomware.Rollcoast download attempt
* 1:58852 <-> MALWARE-CNC Win.Trojan.BazarLoader outbound connection
* 1:58853 <-> SERVER-OTHER RealTek UDPServer command injection attempt

Modified Rules:

* 1:300055 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:300056 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:300057 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:300058 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58722 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58723 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58724 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58725 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58726 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58727 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58728 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58729 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58730 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58731 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58732 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58733 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58734 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58735 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58736 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58737 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58738 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58739 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58740 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58741 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58742 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58743 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58744 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58751 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58784 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58785 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58786 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58787 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58788 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58789 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58790 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58795 <-> SERVER-OTHER Apache Log4j logging remote code execution attempt
* 1:58801 <-> INDICATOR-COMPROMISE JNDI LDAP searchResEntry dynamic code download attempt
* 1:58811 <-> SERVER-OTHER VMWare vSphere log4shell exploit attempt
* 1:58812 <-> SERVER-OTHER VMWare vSphere log4shell exploit attempt
* 1:58813 <-> SERVER-OTHER VMWare vSphere log4shell exploit attempt
* 1:58814 <-> POLICY-OTHER Java User-Agent remote class download attempt