Talos has added and modified multiple rules in the deleted, file-other, malware-cnc and server-webapp rule sets to provide coverage for emerging threats from these technologies.
For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091900.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:52556 <-> DISABLED <-> DELETED nk4QVYks91p2vHgjSTEIot6KfueaxuZp (deleted.rules) * 1:52557 <-> DISABLED <-> DELETED SY6yij2M2yi7yMYfyoPZPMmBTSF1HTcg (deleted.rules) * 1:52558 <-> DISABLED <-> DELETED GILQjk154yUXoDzOngvdKhJdt9Aglcbw (deleted.rules) * 1:59062 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Messaging Security Suite DetailReportAction directory traversal attempt (server-webapp.rules) * 1:59063 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Messaging Security Suite DetailReportAction directory traversal attempt (server-webapp.rules) * 1:59064 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Messaging Security Suite DetailReportAction directory traversal attempt (server-webapp.rules) * 1:59065 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Deep Discovery Email Inspector Virtual Appliance command injection attempt (server-webapp.rules) * 1:59066 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Deep Discovery Email Inspector Virtual Appliance command injection attempt (server-webapp.rules) * 1:59067 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Deep Discovery Email Inspector Virtual Appliance command injection attempt (server-webapp.rules) * 1:59068 <-> DISABLED <-> SERVER-WEBAPP Trend Micro SafeSync for Enterprise discovery_iscsi_device command injection attempt (server-webapp.rules) * 1:59069 <-> DISABLED <-> SERVER-WEBAPP Trend Micro SafeSync for Enterprise discovery_iscsi_device command injection attempt (server-webapp.rules) * 1:59070 <-> DISABLED <-> SERVER-WEBAPP Trend Micro SafeSync for Enterprise get_device_info SQL injection attempt (server-webapp.rules) * 1:59071 <-> DISABLED <-> SERVER-WEBAPP Trend Micro SafeSync for Enterprise license command injection attempt (server-webapp.rules) * 1:59072 <-> DISABLED <-> SERVER-WEBAPP D-Link Routers command injection attempt (server-webapp.rules) * 1:59073 <-> DISABLED <-> SERVER-WEBAPP D-Link Routers command injection attempt (server-webapp.rules) * 1:59074 <-> DISABLED <-> SERVER-WEBAPP D-Link Routers command injection attempt (server-webapp.rules) * 1:59075 <-> DISABLED <-> SERVER-WEBAPP D-Link Routers command injection attempt (server-webapp.rules) * 1:59077 <-> ENABLED <-> SERVER-OTHER SAP Internet Communication Manager HTTP request smuggling attempt (server-other.rules) * 3:59076 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2022-1466 attack attempt (server-other.rules)
* 3:38755 <-> ENABLED <-> MALWARE-CNC PlugX outbound connection attempt (malware-cnc.rules) * 3:30902 <-> ENABLED <-> FILE-OTHER Cisco Webex WRF heap corruption attempt (file-other.rules) * 3:30932 <-> ENABLED <-> FILE-OTHER Cisco WebEx WRF heap corruption attempt (file-other.rules) * 3:38756 <-> ENABLED <-> MALWARE-CNC PlugX outbound communication attempt (malware-cnc.rules) * 3:30903 <-> ENABLED <-> FILE-OTHER Cisco Webex WRF heap corruption attempt (file-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091801.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:59069 <-> DISABLED <-> SERVER-WEBAPP Trend Micro SafeSync for Enterprise discovery_iscsi_device command injection attempt (server-webapp.rules) * 1:59071 <-> DISABLED <-> SERVER-WEBAPP Trend Micro SafeSync for Enterprise license command injection attempt (server-webapp.rules) * 1:59064 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Messaging Security Suite DetailReportAction directory traversal attempt (server-webapp.rules) * 1:59077 <-> ENABLED <-> SERVER-OTHER SAP Internet Communication Manager HTTP request smuggling attempt (server-other.rules) * 1:59072 <-> DISABLED <-> SERVER-WEBAPP D-Link Routers command injection attempt (server-webapp.rules) * 1:52556 <-> DISABLED <-> DELETED nk4QVYks91p2vHgjSTEIot6KfueaxuZp (deleted.rules) * 1:59063 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Messaging Security Suite DetailReportAction directory traversal attempt (server-webapp.rules) * 1:59062 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Messaging Security Suite DetailReportAction directory traversal attempt (server-webapp.rules) * 1:59065 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Deep Discovery Email Inspector Virtual Appliance command injection attempt (server-webapp.rules) * 1:59066 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Deep Discovery Email Inspector Virtual Appliance command injection attempt (server-webapp.rules) * 1:59067 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Deep Discovery Email Inspector Virtual Appliance command injection attempt (server-webapp.rules) * 1:59068 <-> DISABLED <-> SERVER-WEBAPP Trend Micro SafeSync for Enterprise discovery_iscsi_device command injection attempt (server-webapp.rules) * 1:59070 <-> DISABLED <-> SERVER-WEBAPP Trend Micro SafeSync for Enterprise get_device_info SQL injection attempt (server-webapp.rules) * 1:52558 <-> DISABLED <-> DELETED GILQjk154yUXoDzOngvdKhJdt9Aglcbw (deleted.rules) * 1:59075 <-> DISABLED <-> SERVER-WEBAPP D-Link Routers command injection attempt (server-webapp.rules) * 1:59073 <-> DISABLED <-> SERVER-WEBAPP D-Link Routers command injection attempt (server-webapp.rules) * 1:59074 <-> DISABLED <-> SERVER-WEBAPP D-Link Routers command injection attempt (server-webapp.rules) * 1:52557 <-> DISABLED <-> DELETED SY6yij2M2yi7yMYfyoPZPMmBTSF1HTcg (deleted.rules) * 3:59076 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2022-1466 attack attempt (server-other.rules)
* 3:38755 <-> ENABLED <-> MALWARE-CNC PlugX outbound connection attempt (malware-cnc.rules) * 3:38756 <-> ENABLED <-> MALWARE-CNC PlugX outbound communication attempt (malware-cnc.rules) * 3:30903 <-> ENABLED <-> FILE-OTHER Cisco Webex WRF heap corruption attempt (file-other.rules) * 3:30932 <-> ENABLED <-> FILE-OTHER Cisco WebEx WRF heap corruption attempt (file-other.rules) * 3:30902 <-> ENABLED <-> FILE-OTHER Cisco Webex WRF heap corruption attempt (file-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091701.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:59071 <-> DISABLED <-> SERVER-WEBAPP Trend Micro SafeSync for Enterprise license command injection attempt (server-webapp.rules) * 1:59073 <-> DISABLED <-> SERVER-WEBAPP D-Link Routers command injection attempt (server-webapp.rules) * 1:52556 <-> DISABLED <-> DELETED nk4QVYks91p2vHgjSTEIot6KfueaxuZp (deleted.rules) * 1:59074 <-> DISABLED <-> SERVER-WEBAPP D-Link Routers command injection attempt (server-webapp.rules) * 1:59075 <-> DISABLED <-> SERVER-WEBAPP D-Link Routers command injection attempt (server-webapp.rules) * 1:59066 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Deep Discovery Email Inspector Virtual Appliance command injection attempt (server-webapp.rules) * 1:59062 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Messaging Security Suite DetailReportAction directory traversal attempt (server-webapp.rules) * 1:59077 <-> ENABLED <-> SERVER-OTHER SAP Internet Communication Manager HTTP request smuggling attempt (server-other.rules) * 1:52558 <-> DISABLED <-> DELETED GILQjk154yUXoDzOngvdKhJdt9Aglcbw (deleted.rules) * 1:59064 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Messaging Security Suite DetailReportAction directory traversal attempt (server-webapp.rules) * 1:59067 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Deep Discovery Email Inspector Virtual Appliance command injection attempt (server-webapp.rules) * 1:59068 <-> DISABLED <-> SERVER-WEBAPP Trend Micro SafeSync for Enterprise discovery_iscsi_device command injection attempt (server-webapp.rules) * 1:59069 <-> DISABLED <-> SERVER-WEBAPP Trend Micro SafeSync for Enterprise discovery_iscsi_device command injection attempt (server-webapp.rules) * 1:59070 <-> DISABLED <-> SERVER-WEBAPP Trend Micro SafeSync for Enterprise get_device_info SQL injection attempt (server-webapp.rules) * 1:59065 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Deep Discovery Email Inspector Virtual Appliance command injection attempt (server-webapp.rules) * 1:59072 <-> DISABLED <-> SERVER-WEBAPP D-Link Routers command injection attempt (server-webapp.rules) * 1:59063 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Messaging Security Suite DetailReportAction directory traversal attempt (server-webapp.rules) * 1:52557 <-> DISABLED <-> DELETED SY6yij2M2yi7yMYfyoPZPMmBTSF1HTcg (deleted.rules) * 3:59076 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2022-1466 attack attempt (server-other.rules)
* 3:38755 <-> ENABLED <-> MALWARE-CNC PlugX outbound connection attempt (malware-cnc.rules) * 3:30902 <-> ENABLED <-> FILE-OTHER Cisco Webex WRF heap corruption attempt (file-other.rules) * 3:30932 <-> ENABLED <-> FILE-OTHER Cisco WebEx WRF heap corruption attempt (file-other.rules) * 3:30903 <-> ENABLED <-> FILE-OTHER Cisco Webex WRF heap corruption attempt (file-other.rules) * 3:38756 <-> ENABLED <-> MALWARE-CNC PlugX outbound communication attempt (malware-cnc.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091700.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:59072 <-> DISABLED <-> SERVER-WEBAPP D-Link Routers command injection attempt (server-webapp.rules) * 1:52557 <-> DISABLED <-> DELETED SY6yij2M2yi7yMYfyoPZPMmBTSF1HTcg (deleted.rules) * 1:59066 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Deep Discovery Email Inspector Virtual Appliance command injection attempt (server-webapp.rules) * 1:59069 <-> DISABLED <-> SERVER-WEBAPP Trend Micro SafeSync for Enterprise discovery_iscsi_device command injection attempt (server-webapp.rules) * 1:59068 <-> DISABLED <-> SERVER-WEBAPP Trend Micro SafeSync for Enterprise discovery_iscsi_device command injection attempt (server-webapp.rules) * 1:59071 <-> DISABLED <-> SERVER-WEBAPP Trend Micro SafeSync for Enterprise license command injection attempt (server-webapp.rules) * 1:59073 <-> DISABLED <-> SERVER-WEBAPP D-Link Routers command injection attempt (server-webapp.rules) * 1:52556 <-> DISABLED <-> DELETED nk4QVYks91p2vHgjSTEIot6KfueaxuZp (deleted.rules) * 1:59067 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Deep Discovery Email Inspector Virtual Appliance command injection attempt (server-webapp.rules) * 1:59064 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Messaging Security Suite DetailReportAction directory traversal attempt (server-webapp.rules) * 1:52558 <-> DISABLED <-> DELETED GILQjk154yUXoDzOngvdKhJdt9Aglcbw (deleted.rules) * 1:59062 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Messaging Security Suite DetailReportAction directory traversal attempt (server-webapp.rules) * 1:59070 <-> DISABLED <-> SERVER-WEBAPP Trend Micro SafeSync for Enterprise get_device_info SQL injection attempt (server-webapp.rules) * 1:59077 <-> ENABLED <-> SERVER-OTHER SAP Internet Communication Manager HTTP request smuggling attempt (server-other.rules) * 1:59074 <-> DISABLED <-> SERVER-WEBAPP D-Link Routers command injection attempt (server-webapp.rules) * 1:59075 <-> DISABLED <-> SERVER-WEBAPP D-Link Routers command injection attempt (server-webapp.rules) * 1:59063 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Messaging Security Suite DetailReportAction directory traversal attempt (server-webapp.rules) * 1:59065 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Deep Discovery Email Inspector Virtual Appliance command injection attempt (server-webapp.rules) * 3:59076 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2022-1466 attack attempt (server-other.rules)
* 3:38756 <-> ENABLED <-> MALWARE-CNC PlugX outbound communication attempt (malware-cnc.rules) * 3:30903 <-> ENABLED <-> FILE-OTHER Cisco Webex WRF heap corruption attempt (file-other.rules) * 3:30932 <-> ENABLED <-> FILE-OTHER Cisco WebEx WRF heap corruption attempt (file-other.rules) * 3:30902 <-> ENABLED <-> FILE-OTHER Cisco Webex WRF heap corruption attempt (file-other.rules) * 3:38755 <-> ENABLED <-> MALWARE-CNC PlugX outbound connection attempt (malware-cnc.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091601.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:52557 <-> DISABLED <-> DELETED SY6yij2M2yi7yMYfyoPZPMmBTSF1HTcg (deleted.rules) * 1:59067 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Deep Discovery Email Inspector Virtual Appliance command injection attempt (server-webapp.rules) * 1:59071 <-> DISABLED <-> SERVER-WEBAPP Trend Micro SafeSync for Enterprise license command injection attempt (server-webapp.rules) * 1:59075 <-> DISABLED <-> SERVER-WEBAPP D-Link Routers command injection attempt (server-webapp.rules) * 1:59063 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Messaging Security Suite DetailReportAction directory traversal attempt (server-webapp.rules) * 1:59070 <-> DISABLED <-> SERVER-WEBAPP Trend Micro SafeSync for Enterprise get_device_info SQL injection attempt (server-webapp.rules) * 1:59074 <-> DISABLED <-> SERVER-WEBAPP D-Link Routers command injection attempt (server-webapp.rules) * 1:59062 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Messaging Security Suite DetailReportAction directory traversal attempt (server-webapp.rules) * 1:59069 <-> DISABLED <-> SERVER-WEBAPP Trend Micro SafeSync for Enterprise discovery_iscsi_device command injection attempt (server-webapp.rules) * 1:52558 <-> DISABLED <-> DELETED GILQjk154yUXoDzOngvdKhJdt9Aglcbw (deleted.rules) * 1:59072 <-> DISABLED <-> SERVER-WEBAPP D-Link Routers command injection attempt (server-webapp.rules) * 1:59064 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Messaging Security Suite DetailReportAction directory traversal attempt (server-webapp.rules) * 1:59065 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Deep Discovery Email Inspector Virtual Appliance command injection attempt (server-webapp.rules) * 1:59073 <-> DISABLED <-> SERVER-WEBAPP D-Link Routers command injection attempt (server-webapp.rules) * 1:59066 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Deep Discovery Email Inspector Virtual Appliance command injection attempt (server-webapp.rules) * 1:52556 <-> DISABLED <-> DELETED nk4QVYks91p2vHgjSTEIot6KfueaxuZp (deleted.rules) * 1:59068 <-> DISABLED <-> SERVER-WEBAPP Trend Micro SafeSync for Enterprise discovery_iscsi_device command injection attempt (server-webapp.rules) * 1:59077 <-> ENABLED <-> SERVER-OTHER SAP Internet Communication Manager HTTP request smuggling attempt (server-other.rules) * 3:59076 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2022-1466 attack attempt (server-other.rules)
* 3:38755 <-> ENABLED <-> MALWARE-CNC PlugX outbound connection attempt (malware-cnc.rules) * 3:30903 <-> ENABLED <-> FILE-OTHER Cisco Webex WRF heap corruption attempt (file-other.rules) * 3:38756 <-> ENABLED <-> MALWARE-CNC PlugX outbound communication attempt (malware-cnc.rules) * 3:30932 <-> ENABLED <-> FILE-OTHER Cisco WebEx WRF heap corruption attempt (file-other.rules) * 3:30902 <-> ENABLED <-> FILE-OTHER Cisco Webex WRF heap corruption attempt (file-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091600.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:52557 <-> DISABLED <-> DELETED SY6yij2M2yi7yMYfyoPZPMmBTSF1HTcg (deleted.rules) * 1:59064 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Messaging Security Suite DetailReportAction directory traversal attempt (server-webapp.rules) * 1:59077 <-> ENABLED <-> SERVER-OTHER SAP Internet Communication Manager HTTP request smuggling attempt (server-other.rules) * 1:59062 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Messaging Security Suite DetailReportAction directory traversal attempt (server-webapp.rules) * 1:59063 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Messaging Security Suite DetailReportAction directory traversal attempt (server-webapp.rules) * 1:59072 <-> DISABLED <-> SERVER-WEBAPP D-Link Routers command injection attempt (server-webapp.rules) * 1:59069 <-> DISABLED <-> SERVER-WEBAPP Trend Micro SafeSync for Enterprise discovery_iscsi_device command injection attempt (server-webapp.rules) * 1:59073 <-> DISABLED <-> SERVER-WEBAPP D-Link Routers command injection attempt (server-webapp.rules) * 1:59075 <-> DISABLED <-> SERVER-WEBAPP D-Link Routers command injection attempt (server-webapp.rules) * 1:52558 <-> DISABLED <-> DELETED GILQjk154yUXoDzOngvdKhJdt9Aglcbw (deleted.rules) * 1:59066 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Deep Discovery Email Inspector Virtual Appliance command injection attempt (server-webapp.rules) * 1:59065 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Deep Discovery Email Inspector Virtual Appliance command injection attempt (server-webapp.rules) * 1:59068 <-> DISABLED <-> SERVER-WEBAPP Trend Micro SafeSync for Enterprise discovery_iscsi_device command injection attempt (server-webapp.rules) * 1:59067 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Deep Discovery Email Inspector Virtual Appliance command injection attempt (server-webapp.rules) * 1:59070 <-> DISABLED <-> SERVER-WEBAPP Trend Micro SafeSync for Enterprise get_device_info SQL injection attempt (server-webapp.rules) * 1:59071 <-> DISABLED <-> SERVER-WEBAPP Trend Micro SafeSync for Enterprise license command injection attempt (server-webapp.rules) * 1:52556 <-> DISABLED <-> DELETED nk4QVYks91p2vHgjSTEIot6KfueaxuZp (deleted.rules) * 1:59074 <-> DISABLED <-> SERVER-WEBAPP D-Link Routers command injection attempt (server-webapp.rules) * 3:59076 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2022-1466 attack attempt (server-other.rules)
* 3:30932 <-> ENABLED <-> FILE-OTHER Cisco WebEx WRF heap corruption attempt (file-other.rules) * 3:38756 <-> ENABLED <-> MALWARE-CNC PlugX outbound communication attempt (malware-cnc.rules) * 3:30902 <-> ENABLED <-> FILE-OTHER Cisco Webex WRF heap corruption attempt (file-other.rules) * 3:30903 <-> ENABLED <-> FILE-OTHER Cisco Webex WRF heap corruption attempt (file-other.rules) * 3:38755 <-> ENABLED <-> MALWARE-CNC PlugX outbound connection attempt (malware-cnc.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091501.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:59075 <-> DISABLED <-> SERVER-WEBAPP D-Link Routers command injection attempt (server-webapp.rules) * 1:59066 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Deep Discovery Email Inspector Virtual Appliance command injection attempt (server-webapp.rules) * 1:52558 <-> DISABLED <-> DELETED GILQjk154yUXoDzOngvdKhJdt9Aglcbw (deleted.rules) * 1:59063 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Messaging Security Suite DetailReportAction directory traversal attempt (server-webapp.rules) * 1:59074 <-> DISABLED <-> SERVER-WEBAPP D-Link Routers command injection attempt (server-webapp.rules) * 1:59064 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Messaging Security Suite DetailReportAction directory traversal attempt (server-webapp.rules) * 1:52556 <-> DISABLED <-> DELETED nk4QVYks91p2vHgjSTEIot6KfueaxuZp (deleted.rules) * 1:59077 <-> ENABLED <-> SERVER-OTHER SAP Internet Communication Manager HTTP request smuggling attempt (server-other.rules) * 1:59067 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Deep Discovery Email Inspector Virtual Appliance command injection attempt (server-webapp.rules) * 1:59068 <-> DISABLED <-> SERVER-WEBAPP Trend Micro SafeSync for Enterprise discovery_iscsi_device command injection attempt (server-webapp.rules) * 1:59069 <-> DISABLED <-> SERVER-WEBAPP Trend Micro SafeSync for Enterprise discovery_iscsi_device command injection attempt (server-webapp.rules) * 1:59070 <-> DISABLED <-> SERVER-WEBAPP Trend Micro SafeSync for Enterprise get_device_info SQL injection attempt (server-webapp.rules) * 1:59062 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Messaging Security Suite DetailReportAction directory traversal attempt (server-webapp.rules) * 1:52557 <-> DISABLED <-> DELETED SY6yij2M2yi7yMYfyoPZPMmBTSF1HTcg (deleted.rules) * 1:59072 <-> DISABLED <-> SERVER-WEBAPP D-Link Routers command injection attempt (server-webapp.rules) * 1:59073 <-> DISABLED <-> SERVER-WEBAPP D-Link Routers command injection attempt (server-webapp.rules) * 1:59071 <-> DISABLED <-> SERVER-WEBAPP Trend Micro SafeSync for Enterprise license command injection attempt (server-webapp.rules) * 1:59065 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Deep Discovery Email Inspector Virtual Appliance command injection attempt (server-webapp.rules) * 3:59076 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2022-1466 attack attempt (server-other.rules)
* 3:38755 <-> ENABLED <-> MALWARE-CNC PlugX outbound connection attempt (malware-cnc.rules) * 3:38756 <-> ENABLED <-> MALWARE-CNC PlugX outbound communication attempt (malware-cnc.rules) * 3:30903 <-> ENABLED <-> FILE-OTHER Cisco Webex WRF heap corruption attempt (file-other.rules) * 3:30932 <-> ENABLED <-> FILE-OTHER Cisco WebEx WRF heap corruption attempt (file-other.rules) * 3:30902 <-> ENABLED <-> FILE-OTHER Cisco Webex WRF heap corruption attempt (file-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091401.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:59077 <-> ENABLED <-> SERVER-OTHER SAP Internet Communication Manager HTTP request smuggling attempt (server-other.rules) * 1:59066 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Deep Discovery Email Inspector Virtual Appliance command injection attempt (server-webapp.rules) * 1:52557 <-> DISABLED <-> DELETED SY6yij2M2yi7yMYfyoPZPMmBTSF1HTcg (deleted.rules) * 1:59069 <-> DISABLED <-> SERVER-WEBAPP Trend Micro SafeSync for Enterprise discovery_iscsi_device command injection attempt (server-webapp.rules) * 1:52558 <-> DISABLED <-> DELETED GILQjk154yUXoDzOngvdKhJdt9Aglcbw (deleted.rules) * 1:59062 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Messaging Security Suite DetailReportAction directory traversal attempt (server-webapp.rules) * 1:52556 <-> DISABLED <-> DELETED nk4QVYks91p2vHgjSTEIot6KfueaxuZp (deleted.rules) * 1:59074 <-> DISABLED <-> SERVER-WEBAPP D-Link Routers command injection attempt (server-webapp.rules) * 1:59067 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Deep Discovery Email Inspector Virtual Appliance command injection attempt (server-webapp.rules) * 1:59070 <-> DISABLED <-> SERVER-WEBAPP Trend Micro SafeSync for Enterprise get_device_info SQL injection attempt (server-webapp.rules) * 1:59071 <-> DISABLED <-> SERVER-WEBAPP Trend Micro SafeSync for Enterprise license command injection attempt (server-webapp.rules) * 1:59072 <-> DISABLED <-> SERVER-WEBAPP D-Link Routers command injection attempt (server-webapp.rules) * 1:59073 <-> DISABLED <-> SERVER-WEBAPP D-Link Routers command injection attempt (server-webapp.rules) * 1:59065 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Deep Discovery Email Inspector Virtual Appliance command injection attempt (server-webapp.rules) * 1:59063 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Messaging Security Suite DetailReportAction directory traversal attempt (server-webapp.rules) * 1:59075 <-> DISABLED <-> SERVER-WEBAPP D-Link Routers command injection attempt (server-webapp.rules) * 1:59068 <-> DISABLED <-> SERVER-WEBAPP Trend Micro SafeSync for Enterprise discovery_iscsi_device command injection attempt (server-webapp.rules) * 1:59064 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Messaging Security Suite DetailReportAction directory traversal attempt (server-webapp.rules) * 3:59076 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2022-1466 attack attempt (server-other.rules)
* 3:30903 <-> ENABLED <-> FILE-OTHER Cisco Webex WRF heap corruption attempt (file-other.rules) * 3:38755 <-> ENABLED <-> MALWARE-CNC PlugX outbound connection attempt (malware-cnc.rules) * 3:30902 <-> ENABLED <-> FILE-OTHER Cisco Webex WRF heap corruption attempt (file-other.rules) * 3:30932 <-> ENABLED <-> FILE-OTHER Cisco WebEx WRF heap corruption attempt (file-other.rules) * 3:38756 <-> ENABLED <-> MALWARE-CNC PlugX outbound communication attempt (malware-cnc.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091300.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:59062 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Messaging Security Suite DetailReportAction directory traversal attempt (server-webapp.rules) * 1:59071 <-> DISABLED <-> SERVER-WEBAPP Trend Micro SafeSync for Enterprise license command injection attempt (server-webapp.rules) * 1:59063 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Messaging Security Suite DetailReportAction directory traversal attempt (server-webapp.rules) * 1:59069 <-> DISABLED <-> SERVER-WEBAPP Trend Micro SafeSync for Enterprise discovery_iscsi_device command injection attempt (server-webapp.rules) * 1:59073 <-> DISABLED <-> SERVER-WEBAPP D-Link Routers command injection attempt (server-webapp.rules) * 1:59072 <-> DISABLED <-> SERVER-WEBAPP D-Link Routers command injection attempt (server-webapp.rules) * 1:59077 <-> ENABLED <-> SERVER-OTHER SAP Internet Communication Manager HTTP request smuggling attempt (server-other.rules) * 1:52557 <-> DISABLED <-> DELETED SY6yij2M2yi7yMYfyoPZPMmBTSF1HTcg (deleted.rules) * 1:59070 <-> DISABLED <-> SERVER-WEBAPP Trend Micro SafeSync for Enterprise get_device_info SQL injection attempt (server-webapp.rules) * 1:59068 <-> DISABLED <-> SERVER-WEBAPP Trend Micro SafeSync for Enterprise discovery_iscsi_device command injection attempt (server-webapp.rules) * 1:59074 <-> DISABLED <-> SERVER-WEBAPP D-Link Routers command injection attempt (server-webapp.rules) * 1:59064 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Messaging Security Suite DetailReportAction directory traversal attempt (server-webapp.rules) * 1:52558 <-> DISABLED <-> DELETED GILQjk154yUXoDzOngvdKhJdt9Aglcbw (deleted.rules) * 1:59066 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Deep Discovery Email Inspector Virtual Appliance command injection attempt (server-webapp.rules) * 1:59065 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Deep Discovery Email Inspector Virtual Appliance command injection attempt (server-webapp.rules) * 1:59075 <-> DISABLED <-> SERVER-WEBAPP D-Link Routers command injection attempt (server-webapp.rules) * 1:59067 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Deep Discovery Email Inspector Virtual Appliance command injection attempt (server-webapp.rules) * 1:52556 <-> DISABLED <-> DELETED nk4QVYks91p2vHgjSTEIot6KfueaxuZp (deleted.rules) * 3:59076 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2022-1466 attack attempt (server-other.rules)
* 3:38756 <-> ENABLED <-> MALWARE-CNC PlugX outbound communication attempt (malware-cnc.rules) * 3:30902 <-> ENABLED <-> FILE-OTHER Cisco Webex WRF heap corruption attempt (file-other.rules) * 3:38755 <-> ENABLED <-> MALWARE-CNC PlugX outbound connection attempt (malware-cnc.rules) * 3:30932 <-> ENABLED <-> FILE-OTHER Cisco WebEx WRF heap corruption attempt (file-other.rules) * 3:30903 <-> ENABLED <-> FILE-OTHER Cisco Webex WRF heap corruption attempt (file-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091101.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:59074 <-> DISABLED <-> SERVER-WEBAPP D-Link Routers command injection attempt (server-webapp.rules) * 1:59073 <-> DISABLED <-> SERVER-WEBAPP D-Link Routers command injection attempt (server-webapp.rules) * 1:59067 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Deep Discovery Email Inspector Virtual Appliance command injection attempt (server-webapp.rules) * 1:59075 <-> DISABLED <-> SERVER-WEBAPP D-Link Routers command injection attempt (server-webapp.rules) * 1:59068 <-> DISABLED <-> SERVER-WEBAPP Trend Micro SafeSync for Enterprise discovery_iscsi_device command injection attempt (server-webapp.rules) * 1:59063 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Messaging Security Suite DetailReportAction directory traversal attempt (server-webapp.rules) * 1:59072 <-> DISABLED <-> SERVER-WEBAPP D-Link Routers command injection attempt (server-webapp.rules) * 1:59064 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Messaging Security Suite DetailReportAction directory traversal attempt (server-webapp.rules) * 1:52556 <-> DISABLED <-> DELETED nk4QVYks91p2vHgjSTEIot6KfueaxuZp (deleted.rules) * 1:59071 <-> DISABLED <-> SERVER-WEBAPP Trend Micro SafeSync for Enterprise license command injection attempt (server-webapp.rules) * 1:59066 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Deep Discovery Email Inspector Virtual Appliance command injection attempt (server-webapp.rules) * 1:59069 <-> DISABLED <-> SERVER-WEBAPP Trend Micro SafeSync for Enterprise discovery_iscsi_device command injection attempt (server-webapp.rules) * 1:59065 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Deep Discovery Email Inspector Virtual Appliance command injection attempt (server-webapp.rules) * 1:52557 <-> DISABLED <-> DELETED SY6yij2M2yi7yMYfyoPZPMmBTSF1HTcg (deleted.rules) * 1:52558 <-> DISABLED <-> DELETED GILQjk154yUXoDzOngvdKhJdt9Aglcbw (deleted.rules) * 1:59077 <-> ENABLED <-> SERVER-OTHER SAP Internet Communication Manager HTTP request smuggling attempt (server-other.rules) * 1:59062 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Messaging Security Suite DetailReportAction directory traversal attempt (server-webapp.rules) * 1:59070 <-> DISABLED <-> SERVER-WEBAPP Trend Micro SafeSync for Enterprise get_device_info SQL injection attempt (server-webapp.rules) * 3:59076 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2022-1466 attack attempt (server-other.rules)
* 3:38755 <-> ENABLED <-> MALWARE-CNC PlugX outbound connection attempt (malware-cnc.rules) * 3:30932 <-> ENABLED <-> FILE-OTHER Cisco WebEx WRF heap corruption attempt (file-other.rules) * 3:38756 <-> ENABLED <-> MALWARE-CNC PlugX outbound communication attempt (malware-cnc.rules) * 3:30902 <-> ENABLED <-> FILE-OTHER Cisco Webex WRF heap corruption attempt (file-other.rules) * 3:30903 <-> ENABLED <-> FILE-OTHER Cisco Webex WRF heap corruption attempt (file-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3000.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:52557 <-> DISABLED <-> DELETED SY6yij2M2yi7yMYfyoPZPMmBTSF1HTcg (snort3-deleted.rules) * 1:59070 <-> DISABLED <-> SERVER-WEBAPP Trend Micro SafeSync for Enterprise get_device_info SQL injection attempt (snort3-server-webapp.rules) * 1:59077 <-> ENABLED <-> SERVER-OTHER SAP Internet Communication Manager HTTP request smuggling attempt (snort3-server-other.rules) * 1:59062 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Messaging Security Suite DetailReportAction directory traversal attempt (snort3-server-webapp.rules) * 1:59063 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Messaging Security Suite DetailReportAction directory traversal attempt (snort3-server-webapp.rules) * 1:59068 <-> DISABLED <-> SERVER-WEBAPP Trend Micro SafeSync for Enterprise discovery_iscsi_device command injection attempt (snort3-server-webapp.rules) * 1:59067 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Deep Discovery Email Inspector Virtual Appliance command injection attempt (snort3-server-webapp.rules) * 1:59064 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Messaging Security Suite DetailReportAction directory traversal attempt (snort3-server-webapp.rules) * 1:59069 <-> DISABLED <-> SERVER-WEBAPP Trend Micro SafeSync for Enterprise discovery_iscsi_device command injection attempt (snort3-server-webapp.rules) * 1:59072 <-> DISABLED <-> SERVER-WEBAPP D-Link Routers command injection attempt (snort3-server-webapp.rules) * 1:59073 <-> DISABLED <-> SERVER-WEBAPP D-Link Routers command injection attempt (snort3-server-webapp.rules) * 1:59074 <-> DISABLED <-> SERVER-WEBAPP D-Link Routers command injection attempt (snort3-server-webapp.rules) * 1:59075 <-> DISABLED <-> SERVER-WEBAPP D-Link Routers command injection attempt (snort3-server-webapp.rules) * 1:59071 <-> DISABLED <-> SERVER-WEBAPP Trend Micro SafeSync for Enterprise license command injection attempt (snort3-server-webapp.rules) * 1:52558 <-> DISABLED <-> DELETED GILQjk154yUXoDzOngvdKhJdt9Aglcbw (snort3-deleted.rules) * 1:59065 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Deep Discovery Email Inspector Virtual Appliance command injection attempt (snort3-server-webapp.rules) * 1:52556 <-> DISABLED <-> DELETED nk4QVYks91p2vHgjSTEIot6KfueaxuZp (snort3-deleted.rules) * 1:59066 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Deep Discovery Email Inspector Virtual Appliance command injection attempt (snort3-server-webapp.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:59068 <-> DISABLED <-> SERVER-WEBAPP Trend Micro SafeSync for Enterprise discovery_iscsi_device command injection attempt (server-webapp.rules) * 1:59070 <-> DISABLED <-> SERVER-WEBAPP Trend Micro SafeSync for Enterprise get_device_info SQL injection attempt (server-webapp.rules) * 1:52557 <-> DISABLED <-> DELETED SY6yij2M2yi7yMYfyoPZPMmBTSF1HTcg (deleted.rules) * 1:59067 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Deep Discovery Email Inspector Virtual Appliance command injection attempt (server-webapp.rules) * 1:52558 <-> DISABLED <-> DELETED GILQjk154yUXoDzOngvdKhJdt9Aglcbw (deleted.rules) * 1:52556 <-> DISABLED <-> DELETED nk4QVYks91p2vHgjSTEIot6KfueaxuZp (deleted.rules) * 1:59075 <-> DISABLED <-> SERVER-WEBAPP D-Link Routers command injection attempt (server-webapp.rules) * 1:59064 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Messaging Security Suite DetailReportAction directory traversal attempt (server-webapp.rules) * 1:59063 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Messaging Security Suite DetailReportAction directory traversal attempt (server-webapp.rules) * 1:59069 <-> DISABLED <-> SERVER-WEBAPP Trend Micro SafeSync for Enterprise discovery_iscsi_device command injection attempt (server-webapp.rules) * 1:59072 <-> DISABLED <-> SERVER-WEBAPP D-Link Routers command injection attempt (server-webapp.rules) * 1:59074 <-> DISABLED <-> SERVER-WEBAPP D-Link Routers command injection attempt (server-webapp.rules) * 1:59073 <-> DISABLED <-> SERVER-WEBAPP D-Link Routers command injection attempt (server-webapp.rules) * 1:59065 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Deep Discovery Email Inspector Virtual Appliance command injection attempt (server-webapp.rules) * 1:59066 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Deep Discovery Email Inspector Virtual Appliance command injection attempt (server-webapp.rules) * 1:59071 <-> DISABLED <-> SERVER-WEBAPP Trend Micro SafeSync for Enterprise license command injection attempt (server-webapp.rules) * 1:59062 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Messaging Security Suite DetailReportAction directory traversal attempt (server-webapp.rules) * 1:59077 <-> ENABLED <-> SERVER-OTHER SAP Internet Communication Manager HTTP request smuggling attempt (server-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.0.3.1.
The format of the file is:
gid:sid <-> Message
* 1:59062 <-> SERVER-WEBAPP Trend Micro InterScan Messaging Security Suite DetailReportAction directory traversal attempt * 1:59063 <-> SERVER-WEBAPP Trend Micro InterScan Messaging Security Suite DetailReportAction directory traversal attempt * 1:59064 <-> SERVER-WEBAPP Trend Micro InterScan Messaging Security Suite DetailReportAction directory traversal attempt * 1:59065 <-> SERVER-WEBAPP Trend Micro Deep Discovery Email Inspector Virtual Appliance command injection attempt * 1:59066 <-> SERVER-WEBAPP Trend Micro Deep Discovery Email Inspector Virtual Appliance command injection attempt * 1:59067 <-> SERVER-WEBAPP Trend Micro Deep Discovery Email Inspector Virtual Appliance command injection attempt * 1:59068 <-> SERVER-WEBAPP Trend Micro SafeSync for Enterprise discovery_iscsi_device command injection attempt * 1:59069 <-> SERVER-WEBAPP Trend Micro SafeSync for Enterprise discovery_iscsi_device command injection attempt * 1:59070 <-> SERVER-WEBAPP Trend Micro SafeSync for Enterprise get_device_info SQL injection attempt * 1:59071 <-> SERVER-WEBAPP Trend Micro SafeSync for Enterprise license command injection attempt * 1:59072 <-> SERVER-WEBAPP D-Link Routers command injection attempt * 1:59073 <-> SERVER-WEBAPP D-Link Routers command injection attempt * 1:59074 <-> SERVER-WEBAPP D-Link Routers command injection attempt * 1:59075 <-> SERVER-WEBAPP D-Link Routers command injection attempt * 3:59076 <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2022-1466 attack attempt * 1:59077 <-> SERVER-OTHER SAP Internet Communication Manager HTTP request smuggling attempt
* 3:30902 <-> FILE-OTHER Cisco Webex WRF heap corruption attempt * 3:30903 <-> FILE-OTHER Cisco Webex WRF heap corruption attempt * 3:30932 <-> FILE-OTHER Cisco WebEx WRF heap corruption attempt * 3:38755 <-> MALWARE-CNC PlugX outbound connection attempt * 3:38756 <-> MALWARE-CNC PlugX outbound communication attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.0.3.4.
The format of the file is:
gid:sid <-> Message
* 1:59062 <-> SERVER-WEBAPP Trend Micro InterScan Messaging Security Suite DetailReportAction directory traversal attempt * 1:59063 <-> SERVER-WEBAPP Trend Micro InterScan Messaging Security Suite DetailReportAction directory traversal attempt * 1:59064 <-> SERVER-WEBAPP Trend Micro InterScan Messaging Security Suite DetailReportAction directory traversal attempt * 1:59065 <-> SERVER-WEBAPP Trend Micro Deep Discovery Email Inspector Virtual Appliance command injection attempt * 1:59066 <-> SERVER-WEBAPP Trend Micro Deep Discovery Email Inspector Virtual Appliance command injection attempt * 1:59067 <-> SERVER-WEBAPP Trend Micro Deep Discovery Email Inspector Virtual Appliance command injection attempt * 1:59068 <-> SERVER-WEBAPP Trend Micro SafeSync for Enterprise discovery_iscsi_device command injection attempt * 1:59069 <-> SERVER-WEBAPP Trend Micro SafeSync for Enterprise discovery_iscsi_device command injection attempt * 1:59070 <-> SERVER-WEBAPP Trend Micro SafeSync for Enterprise get_device_info SQL injection attempt * 1:59071 <-> SERVER-WEBAPP Trend Micro SafeSync for Enterprise license command injection attempt * 1:59072 <-> SERVER-WEBAPP D-Link Routers command injection attempt * 1:59073 <-> SERVER-WEBAPP D-Link Routers command injection attempt * 1:59074 <-> SERVER-WEBAPP D-Link Routers command injection attempt * 1:59075 <-> SERVER-WEBAPP D-Link Routers command injection attempt * 3:59076 <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2022-1466 attack attempt * 1:59077 <-> SERVER-OTHER SAP Internet Communication Manager HTTP request smuggling attempt
* 3:30902 <-> FILE-OTHER Cisco Webex WRF heap corruption attempt * 3:30903 <-> FILE-OTHER Cisco Webex WRF heap corruption attempt * 3:30932 <-> FILE-OTHER Cisco WebEx WRF heap corruption attempt * 3:38755 <-> MALWARE-CNC PlugX outbound connection attempt * 3:38756 <-> MALWARE-CNC PlugX outbound communication attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.0.0.
The format of the file is:
gid:sid <-> Message
* 1:59062 <-> SERVER-WEBAPP Trend Micro InterScan Messaging Security Suite DetailReportAction directory traversal attempt * 1:59063 <-> SERVER-WEBAPP Trend Micro InterScan Messaging Security Suite DetailReportAction directory traversal attempt * 1:59064 <-> SERVER-WEBAPP Trend Micro InterScan Messaging Security Suite DetailReportAction directory traversal attempt * 1:59065 <-> SERVER-WEBAPP Trend Micro Deep Discovery Email Inspector Virtual Appliance command injection attempt * 1:59066 <-> SERVER-WEBAPP Trend Micro Deep Discovery Email Inspector Virtual Appliance command injection attempt * 1:59067 <-> SERVER-WEBAPP Trend Micro Deep Discovery Email Inspector Virtual Appliance command injection attempt * 1:59068 <-> SERVER-WEBAPP Trend Micro SafeSync for Enterprise discovery_iscsi_device command injection attempt * 1:59069 <-> SERVER-WEBAPP Trend Micro SafeSync for Enterprise discovery_iscsi_device command injection attempt * 1:59070 <-> SERVER-WEBAPP Trend Micro SafeSync for Enterprise get_device_info SQL injection attempt * 1:59071 <-> SERVER-WEBAPP Trend Micro SafeSync for Enterprise license command injection attempt * 1:59072 <-> SERVER-WEBAPP D-Link Routers command injection attempt * 1:59073 <-> SERVER-WEBAPP D-Link Routers command injection attempt * 1:59074 <-> SERVER-WEBAPP D-Link Routers command injection attempt * 1:59075 <-> SERVER-WEBAPP D-Link Routers command injection attempt * 3:59076 <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2022-1466 attack attempt * 1:59077 <-> SERVER-OTHER SAP Internet Communication Manager HTTP request smuggling attempt
* 3:30902 <-> FILE-OTHER Cisco Webex WRF heap corruption attempt * 3:30903 <-> FILE-OTHER Cisco Webex WRF heap corruption attempt * 3:30932 <-> FILE-OTHER Cisco WebEx WRF heap corruption attempt * 3:38755 <-> MALWARE-CNC PlugX outbound connection attempt * 3:38756 <-> MALWARE-CNC PlugX outbound communication attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.0.1.
The format of the file is:
gid:sid <-> Message
* 1:59062 <-> SERVER-WEBAPP Trend Micro InterScan Messaging Security Suite DetailReportAction directory traversal attempt * 1:59063 <-> SERVER-WEBAPP Trend Micro InterScan Messaging Security Suite DetailReportAction directory traversal attempt * 1:59064 <-> SERVER-WEBAPP Trend Micro InterScan Messaging Security Suite DetailReportAction directory traversal attempt * 1:59065 <-> SERVER-WEBAPP Trend Micro Deep Discovery Email Inspector Virtual Appliance command injection attempt * 1:59066 <-> SERVER-WEBAPP Trend Micro Deep Discovery Email Inspector Virtual Appliance command injection attempt * 1:59067 <-> SERVER-WEBAPP Trend Micro Deep Discovery Email Inspector Virtual Appliance command injection attempt * 1:59068 <-> SERVER-WEBAPP Trend Micro SafeSync for Enterprise discovery_iscsi_device command injection attempt * 1:59069 <-> SERVER-WEBAPP Trend Micro SafeSync for Enterprise discovery_iscsi_device command injection attempt * 1:59070 <-> SERVER-WEBAPP Trend Micro SafeSync for Enterprise get_device_info SQL injection attempt * 1:59071 <-> SERVER-WEBAPP Trend Micro SafeSync for Enterprise license command injection attempt * 1:59072 <-> SERVER-WEBAPP D-Link Routers command injection attempt * 1:59073 <-> SERVER-WEBAPP D-Link Routers command injection attempt * 1:59074 <-> SERVER-WEBAPP D-Link Routers command injection attempt * 1:59075 <-> SERVER-WEBAPP D-Link Routers command injection attempt * 3:59076 <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2022-1466 attack attempt * 1:59077 <-> SERVER-OTHER SAP Internet Communication Manager HTTP request smuggling attempt
* 3:30902 <-> FILE-OTHER Cisco Webex WRF heap corruption attempt * 3:30903 <-> FILE-OTHER Cisco Webex WRF heap corruption attempt * 3:30932 <-> FILE-OTHER Cisco WebEx WRF heap corruption attempt * 3:38755 <-> MALWARE-CNC PlugX outbound connection attempt * 3:38756 <-> MALWARE-CNC PlugX outbound communication attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.1.0.
The format of the file is:
gid:sid <-> Message
* 1:59062 <-> SERVER-WEBAPP Trend Micro InterScan Messaging Security Suite DetailReportAction directory traversal attempt * 1:59063 <-> SERVER-WEBAPP Trend Micro InterScan Messaging Security Suite DetailReportAction directory traversal attempt * 1:59064 <-> SERVER-WEBAPP Trend Micro InterScan Messaging Security Suite DetailReportAction directory traversal attempt * 1:59065 <-> SERVER-WEBAPP Trend Micro Deep Discovery Email Inspector Virtual Appliance command injection attempt * 1:59066 <-> SERVER-WEBAPP Trend Micro Deep Discovery Email Inspector Virtual Appliance command injection attempt * 1:59067 <-> SERVER-WEBAPP Trend Micro Deep Discovery Email Inspector Virtual Appliance command injection attempt * 1:59068 <-> SERVER-WEBAPP Trend Micro SafeSync for Enterprise discovery_iscsi_device command injection attempt * 1:59069 <-> SERVER-WEBAPP Trend Micro SafeSync for Enterprise discovery_iscsi_device command injection attempt * 1:59070 <-> SERVER-WEBAPP Trend Micro SafeSync for Enterprise get_device_info SQL injection attempt * 1:59071 <-> SERVER-WEBAPP Trend Micro SafeSync for Enterprise license command injection attempt * 1:59072 <-> SERVER-WEBAPP D-Link Routers command injection attempt * 1:59073 <-> SERVER-WEBAPP D-Link Routers command injection attempt * 1:59074 <-> SERVER-WEBAPP D-Link Routers command injection attempt * 1:59075 <-> SERVER-WEBAPP D-Link Routers command injection attempt * 3:59076 <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2022-1466 attack attempt * 1:59077 <-> SERVER-OTHER SAP Internet Communication Manager HTTP request smuggling attempt
* 3:30902 <-> FILE-OTHER Cisco Webex WRF heap corruption attempt * 3:30903 <-> FILE-OTHER Cisco Webex WRF heap corruption attempt * 3:30932 <-> FILE-OTHER Cisco WebEx WRF heap corruption attempt * 3:38755 <-> MALWARE-CNC PlugX outbound connection attempt * 3:38756 <-> MALWARE-CNC PlugX outbound communication attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.3.0.
The format of the file is:
gid:sid <-> Message
* 1:59062 <-> SERVER-WEBAPP Trend Micro InterScan Messaging Security Suite DetailReportAction directory traversal attempt * 1:59063 <-> SERVER-WEBAPP Trend Micro InterScan Messaging Security Suite DetailReportAction directory traversal attempt * 1:59064 <-> SERVER-WEBAPP Trend Micro InterScan Messaging Security Suite DetailReportAction directory traversal attempt * 1:59065 <-> SERVER-WEBAPP Trend Micro Deep Discovery Email Inspector Virtual Appliance command injection attempt * 1:59066 <-> SERVER-WEBAPP Trend Micro Deep Discovery Email Inspector Virtual Appliance command injection attempt * 1:59067 <-> SERVER-WEBAPP Trend Micro Deep Discovery Email Inspector Virtual Appliance command injection attempt * 1:59068 <-> SERVER-WEBAPP Trend Micro SafeSync for Enterprise discovery_iscsi_device command injection attempt * 1:59069 <-> SERVER-WEBAPP Trend Micro SafeSync for Enterprise discovery_iscsi_device command injection attempt * 1:59070 <-> SERVER-WEBAPP Trend Micro SafeSync for Enterprise get_device_info SQL injection attempt * 1:59071 <-> SERVER-WEBAPP Trend Micro SafeSync for Enterprise license command injection attempt * 1:59072 <-> SERVER-WEBAPP D-Link Routers command injection attempt * 1:59073 <-> SERVER-WEBAPP D-Link Routers command injection attempt * 1:59074 <-> SERVER-WEBAPP D-Link Routers command injection attempt * 1:59075 <-> SERVER-WEBAPP D-Link Routers command injection attempt * 3:59076 <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2022-1466 attack attempt * 1:59077 <-> SERVER-OTHER SAP Internet Communication Manager HTTP request smuggling attempt
* 3:30902 <-> FILE-OTHER Cisco Webex WRF heap corruption attempt * 3:30903 <-> FILE-OTHER Cisco Webex WRF heap corruption attempt * 3:30932 <-> FILE-OTHER Cisco WebEx WRF heap corruption attempt * 3:38755 <-> MALWARE-CNC PlugX outbound connection attempt * 3:38756 <-> MALWARE-CNC PlugX outbound communication attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.4.0.
The format of the file is:
gid:sid <-> Message
* 1:59062 <-> SERVER-WEBAPP Trend Micro InterScan Messaging Security Suite DetailReportAction directory traversal attempt * 1:59063 <-> SERVER-WEBAPP Trend Micro InterScan Messaging Security Suite DetailReportAction directory traversal attempt * 1:59064 <-> SERVER-WEBAPP Trend Micro InterScan Messaging Security Suite DetailReportAction directory traversal attempt * 1:59065 <-> SERVER-WEBAPP Trend Micro Deep Discovery Email Inspector Virtual Appliance command injection attempt * 1:59066 <-> SERVER-WEBAPP Trend Micro Deep Discovery Email Inspector Virtual Appliance command injection attempt * 1:59067 <-> SERVER-WEBAPP Trend Micro Deep Discovery Email Inspector Virtual Appliance command injection attempt * 1:59068 <-> SERVER-WEBAPP Trend Micro SafeSync for Enterprise discovery_iscsi_device command injection attempt * 1:59069 <-> SERVER-WEBAPP Trend Micro SafeSync for Enterprise discovery_iscsi_device command injection attempt * 1:59070 <-> SERVER-WEBAPP Trend Micro SafeSync for Enterprise get_device_info SQL injection attempt * 1:59071 <-> SERVER-WEBAPP Trend Micro SafeSync for Enterprise license command injection attempt * 1:59072 <-> SERVER-WEBAPP D-Link Routers command injection attempt * 1:59073 <-> SERVER-WEBAPP D-Link Routers command injection attempt * 1:59074 <-> SERVER-WEBAPP D-Link Routers command injection attempt * 1:59075 <-> SERVER-WEBAPP D-Link Routers command injection attempt * 3:59076 <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2022-1466 attack attempt * 1:59077 <-> SERVER-OTHER SAP Internet Communication Manager HTTP request smuggling attempt
* 3:30902 <-> FILE-OTHER Cisco Webex WRF heap corruption attempt * 3:30903 <-> FILE-OTHER Cisco Webex WRF heap corruption attempt * 3:30932 <-> FILE-OTHER Cisco WebEx WRF heap corruption attempt * 3:38755 <-> MALWARE-CNC PlugX outbound connection attempt * 3:38756 <-> MALWARE-CNC PlugX outbound communication attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.5.0.
The format of the file is:
gid:sid <-> Message
* 1:59062 <-> SERVER-WEBAPP Trend Micro InterScan Messaging Security Suite DetailReportAction directory traversal attempt * 1:59063 <-> SERVER-WEBAPP Trend Micro InterScan Messaging Security Suite DetailReportAction directory traversal attempt * 1:59064 <-> SERVER-WEBAPP Trend Micro InterScan Messaging Security Suite DetailReportAction directory traversal attempt * 1:59065 <-> SERVER-WEBAPP Trend Micro Deep Discovery Email Inspector Virtual Appliance command injection attempt * 1:59066 <-> SERVER-WEBAPP Trend Micro Deep Discovery Email Inspector Virtual Appliance command injection attempt * 1:59067 <-> SERVER-WEBAPP Trend Micro Deep Discovery Email Inspector Virtual Appliance command injection attempt * 1:59068 <-> SERVER-WEBAPP Trend Micro SafeSync for Enterprise discovery_iscsi_device command injection attempt * 1:59069 <-> SERVER-WEBAPP Trend Micro SafeSync for Enterprise discovery_iscsi_device command injection attempt * 1:59070 <-> SERVER-WEBAPP Trend Micro SafeSync for Enterprise get_device_info SQL injection attempt * 1:59071 <-> SERVER-WEBAPP Trend Micro SafeSync for Enterprise license command injection attempt * 1:59072 <-> SERVER-WEBAPP D-Link Routers command injection attempt * 1:59073 <-> SERVER-WEBAPP D-Link Routers command injection attempt * 1:59074 <-> SERVER-WEBAPP D-Link Routers command injection attempt * 1:59075 <-> SERVER-WEBAPP D-Link Routers command injection attempt * 3:59076 <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2022-1466 attack attempt * 1:59077 <-> SERVER-OTHER SAP Internet Communication Manager HTTP request smuggling attempt
* 3:30902 <-> FILE-OTHER Cisco Webex WRF heap corruption attempt * 3:30903 <-> FILE-OTHER Cisco Webex WRF heap corruption attempt * 3:30932 <-> FILE-OTHER Cisco WebEx WRF heap corruption attempt * 3:38755 <-> MALWARE-CNC PlugX outbound connection attempt * 3:38756 <-> MALWARE-CNC PlugX outbound communication attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.7.0.
The format of the file is:
gid:sid <-> Message
* 1:59062 <-> SERVER-WEBAPP Trend Micro InterScan Messaging Security Suite DetailReportAction directory traversal attempt * 1:59063 <-> SERVER-WEBAPP Trend Micro InterScan Messaging Security Suite DetailReportAction directory traversal attempt * 1:59064 <-> SERVER-WEBAPP Trend Micro InterScan Messaging Security Suite DetailReportAction directory traversal attempt * 1:59065 <-> SERVER-WEBAPP Trend Micro Deep Discovery Email Inspector Virtual Appliance command injection attempt * 1:59066 <-> SERVER-WEBAPP Trend Micro Deep Discovery Email Inspector Virtual Appliance command injection attempt * 1:59067 <-> SERVER-WEBAPP Trend Micro Deep Discovery Email Inspector Virtual Appliance command injection attempt * 1:59068 <-> SERVER-WEBAPP Trend Micro SafeSync for Enterprise discovery_iscsi_device command injection attempt * 1:59069 <-> SERVER-WEBAPP Trend Micro SafeSync for Enterprise discovery_iscsi_device command injection attempt * 1:59070 <-> SERVER-WEBAPP Trend Micro SafeSync for Enterprise get_device_info SQL injection attempt * 1:59071 <-> SERVER-WEBAPP Trend Micro SafeSync for Enterprise license command injection attempt * 1:59072 <-> SERVER-WEBAPP D-Link Routers command injection attempt * 1:59073 <-> SERVER-WEBAPP D-Link Routers command injection attempt * 1:59074 <-> SERVER-WEBAPP D-Link Routers command injection attempt * 1:59075 <-> SERVER-WEBAPP D-Link Routers command injection attempt * 3:59076 <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2022-1466 attack attempt * 1:59077 <-> SERVER-OTHER SAP Internet Communication Manager HTTP request smuggling attempt
* 3:30902 <-> FILE-OTHER Cisco Webex WRF heap corruption attempt * 3:30903 <-> FILE-OTHER Cisco Webex WRF heap corruption attempt * 3:30932 <-> FILE-OTHER Cisco WebEx WRF heap corruption attempt * 3:38755 <-> MALWARE-CNC PlugX outbound connection attempt * 3:38756 <-> MALWARE-CNC PlugX outbound communication attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.9.0.
The format of the file is:
gid:sid <-> Message
* 1:59062 <-> SERVER-WEBAPP Trend Micro InterScan Messaging Security Suite DetailReportAction directory traversal attempt * 1:59063 <-> SERVER-WEBAPP Trend Micro InterScan Messaging Security Suite DetailReportAction directory traversal attempt * 1:59064 <-> SERVER-WEBAPP Trend Micro InterScan Messaging Security Suite DetailReportAction directory traversal attempt * 1:59065 <-> SERVER-WEBAPP Trend Micro Deep Discovery Email Inspector Virtual Appliance command injection attempt * 1:59066 <-> SERVER-WEBAPP Trend Micro Deep Discovery Email Inspector Virtual Appliance command injection attempt * 1:59067 <-> SERVER-WEBAPP Trend Micro Deep Discovery Email Inspector Virtual Appliance command injection attempt * 1:59068 <-> SERVER-WEBAPP Trend Micro SafeSync for Enterprise discovery_iscsi_device command injection attempt * 1:59069 <-> SERVER-WEBAPP Trend Micro SafeSync for Enterprise discovery_iscsi_device command injection attempt * 1:59070 <-> SERVER-WEBAPP Trend Micro SafeSync for Enterprise get_device_info SQL injection attempt * 1:59071 <-> SERVER-WEBAPP Trend Micro SafeSync for Enterprise license command injection attempt * 1:59072 <-> SERVER-WEBAPP D-Link Routers command injection attempt * 1:59073 <-> SERVER-WEBAPP D-Link Routers command injection attempt * 1:59074 <-> SERVER-WEBAPP D-Link Routers command injection attempt * 1:59075 <-> SERVER-WEBAPP D-Link Routers command injection attempt * 3:59076 <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2022-1466 attack attempt * 1:59077 <-> SERVER-OTHER SAP Internet Communication Manager HTTP request smuggling attempt
* 3:30902 <-> FILE-OTHER Cisco Webex WRF heap corruption attempt * 3:30903 <-> FILE-OTHER Cisco Webex WRF heap corruption attempt * 3:30932 <-> FILE-OTHER Cisco WebEx WRF heap corruption attempt * 3:38755 <-> MALWARE-CNC PlugX outbound connection attempt * 3:38756 <-> MALWARE-CNC PlugX outbound communication attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.11.0.
The format of the file is:
gid:sid <-> Message
* 1:59062 <-> SERVER-WEBAPP Trend Micro InterScan Messaging Security Suite DetailReportAction directory traversal attempt * 1:59063 <-> SERVER-WEBAPP Trend Micro InterScan Messaging Security Suite DetailReportAction directory traversal attempt * 1:59064 <-> SERVER-WEBAPP Trend Micro InterScan Messaging Security Suite DetailReportAction directory traversal attempt * 1:59065 <-> SERVER-WEBAPP Trend Micro Deep Discovery Email Inspector Virtual Appliance command injection attempt * 1:59066 <-> SERVER-WEBAPP Trend Micro Deep Discovery Email Inspector Virtual Appliance command injection attempt * 1:59067 <-> SERVER-WEBAPP Trend Micro Deep Discovery Email Inspector Virtual Appliance command injection attempt * 1:59068 <-> SERVER-WEBAPP Trend Micro SafeSync for Enterprise discovery_iscsi_device command injection attempt * 1:59069 <-> SERVER-WEBAPP Trend Micro SafeSync for Enterprise discovery_iscsi_device command injection attempt * 1:59070 <-> SERVER-WEBAPP Trend Micro SafeSync for Enterprise get_device_info SQL injection attempt * 1:59071 <-> SERVER-WEBAPP Trend Micro SafeSync for Enterprise license command injection attempt * 1:59072 <-> SERVER-WEBAPP D-Link Routers command injection attempt * 1:59073 <-> SERVER-WEBAPP D-Link Routers command injection attempt * 1:59074 <-> SERVER-WEBAPP D-Link Routers command injection attempt * 1:59075 <-> SERVER-WEBAPP D-Link Routers command injection attempt * 3:59076 <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2022-1466 attack attempt * 1:59077 <-> SERVER-OTHER SAP Internet Communication Manager HTTP request smuggling attempt
* 3:30902 <-> FILE-OTHER Cisco Webex WRF heap corruption attempt * 3:30903 <-> FILE-OTHER Cisco Webex WRF heap corruption attempt * 3:30932 <-> FILE-OTHER Cisco WebEx WRF heap corruption attempt * 3:38755 <-> MALWARE-CNC PlugX outbound connection attempt * 3:38756 <-> MALWARE-CNC PlugX outbound communication attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.15.0.
The format of the file is:
gid:sid <-> Message
* 1:59062 <-> SERVER-WEBAPP Trend Micro InterScan Messaging Security Suite DetailReportAction directory traversal attempt * 1:59063 <-> SERVER-WEBAPP Trend Micro InterScan Messaging Security Suite DetailReportAction directory traversal attempt * 1:59064 <-> SERVER-WEBAPP Trend Micro InterScan Messaging Security Suite DetailReportAction directory traversal attempt * 1:59065 <-> SERVER-WEBAPP Trend Micro Deep Discovery Email Inspector Virtual Appliance command injection attempt * 1:59066 <-> SERVER-WEBAPP Trend Micro Deep Discovery Email Inspector Virtual Appliance command injection attempt * 1:59067 <-> SERVER-WEBAPP Trend Micro Deep Discovery Email Inspector Virtual Appliance command injection attempt * 1:59068 <-> SERVER-WEBAPP Trend Micro SafeSync for Enterprise discovery_iscsi_device command injection attempt * 1:59069 <-> SERVER-WEBAPP Trend Micro SafeSync for Enterprise discovery_iscsi_device command injection attempt * 1:59070 <-> SERVER-WEBAPP Trend Micro SafeSync for Enterprise get_device_info SQL injection attempt * 1:59071 <-> SERVER-WEBAPP Trend Micro SafeSync for Enterprise license command injection attempt * 1:59072 <-> SERVER-WEBAPP D-Link Routers command injection attempt * 1:59073 <-> SERVER-WEBAPP D-Link Routers command injection attempt * 1:59074 <-> SERVER-WEBAPP D-Link Routers command injection attempt * 1:59075 <-> SERVER-WEBAPP D-Link Routers command injection attempt * 3:59076 <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2022-1466 attack attempt * 1:59077 <-> SERVER-OTHER SAP Internet Communication Manager HTTP request smuggling attempt
* 3:30902 <-> FILE-OTHER Cisco Webex WRF heap corruption attempt * 3:30903 <-> FILE-OTHER Cisco Webex WRF heap corruption attempt * 3:30932 <-> FILE-OTHER Cisco WebEx WRF heap corruption attempt * 3:38755 <-> MALWARE-CNC PlugX outbound connection attempt * 3:38756 <-> MALWARE-CNC PlugX outbound communication attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.18.0.
The format of the file is:
gid:sid <-> Message
* 1:59062 <-> SERVER-WEBAPP Trend Micro InterScan Messaging Security Suite DetailReportAction directory traversal attempt * 1:59063 <-> SERVER-WEBAPP Trend Micro InterScan Messaging Security Suite DetailReportAction directory traversal attempt * 1:59064 <-> SERVER-WEBAPP Trend Micro InterScan Messaging Security Suite DetailReportAction directory traversal attempt * 1:59065 <-> SERVER-WEBAPP Trend Micro Deep Discovery Email Inspector Virtual Appliance command injection attempt * 1:59066 <-> SERVER-WEBAPP Trend Micro Deep Discovery Email Inspector Virtual Appliance command injection attempt * 1:59067 <-> SERVER-WEBAPP Trend Micro Deep Discovery Email Inspector Virtual Appliance command injection attempt * 1:59068 <-> SERVER-WEBAPP Trend Micro SafeSync for Enterprise discovery_iscsi_device command injection attempt * 1:59069 <-> SERVER-WEBAPP Trend Micro SafeSync for Enterprise discovery_iscsi_device command injection attempt * 1:59070 <-> SERVER-WEBAPP Trend Micro SafeSync for Enterprise get_device_info SQL injection attempt * 1:59071 <-> SERVER-WEBAPP Trend Micro SafeSync for Enterprise license command injection attempt * 1:59072 <-> SERVER-WEBAPP D-Link Routers command injection attempt * 1:59073 <-> SERVER-WEBAPP D-Link Routers command injection attempt * 1:59074 <-> SERVER-WEBAPP D-Link Routers command injection attempt * 1:59075 <-> SERVER-WEBAPP D-Link Routers command injection attempt * 3:59076 <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2022-1466 attack attempt * 1:59077 <-> SERVER-OTHER SAP Internet Communication Manager HTTP request smuggling attempt
* 3:30902 <-> FILE-OTHER Cisco Webex WRF heap corruption attempt * 3:30903 <-> FILE-OTHER Cisco Webex WRF heap corruption attempt * 3:30932 <-> FILE-OTHER Cisco WebEx WRF heap corruption attempt * 3:38755 <-> MALWARE-CNC PlugX outbound connection attempt * 3:38756 <-> MALWARE-CNC PlugX outbound communication attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.20.0.
The format of the file is:
gid:sid <-> Message
* 1:59062 <-> SERVER-WEBAPP Trend Micro InterScan Messaging Security Suite DetailReportAction directory traversal attempt * 1:59063 <-> SERVER-WEBAPP Trend Micro InterScan Messaging Security Suite DetailReportAction directory traversal attempt * 1:59064 <-> SERVER-WEBAPP Trend Micro InterScan Messaging Security Suite DetailReportAction directory traversal attempt * 1:59065 <-> SERVER-WEBAPP Trend Micro Deep Discovery Email Inspector Virtual Appliance command injection attempt * 1:59066 <-> SERVER-WEBAPP Trend Micro Deep Discovery Email Inspector Virtual Appliance command injection attempt * 1:59067 <-> SERVER-WEBAPP Trend Micro Deep Discovery Email Inspector Virtual Appliance command injection attempt * 1:59068 <-> SERVER-WEBAPP Trend Micro SafeSync for Enterprise discovery_iscsi_device command injection attempt * 1:59069 <-> SERVER-WEBAPP Trend Micro SafeSync for Enterprise discovery_iscsi_device command injection attempt * 1:59070 <-> SERVER-WEBAPP Trend Micro SafeSync for Enterprise get_device_info SQL injection attempt * 1:59071 <-> SERVER-WEBAPP Trend Micro SafeSync for Enterprise license command injection attempt * 1:59072 <-> SERVER-WEBAPP D-Link Routers command injection attempt * 1:59073 <-> SERVER-WEBAPP D-Link Routers command injection attempt * 1:59074 <-> SERVER-WEBAPP D-Link Routers command injection attempt * 1:59075 <-> SERVER-WEBAPP D-Link Routers command injection attempt * 3:59076 <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2022-1466 attack attempt * 1:59077 <-> SERVER-OTHER SAP Internet Communication Manager HTTP request smuggling attempt
* 3:30902 <-> FILE-OTHER Cisco Webex WRF heap corruption attempt * 3:30903 <-> FILE-OTHER Cisco Webex WRF heap corruption attempt * 3:30932 <-> FILE-OTHER Cisco WebEx WRF heap corruption attempt * 3:38755 <-> MALWARE-CNC PlugX outbound connection attempt * 3:38756 <-> MALWARE-CNC PlugX outbound communication attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.21.0.
The format of the file is:
gid:sid <-> Message
* 1:59062 <-> SERVER-WEBAPP Trend Micro InterScan Messaging Security Suite DetailReportAction directory traversal attempt * 1:59063 <-> SERVER-WEBAPP Trend Micro InterScan Messaging Security Suite DetailReportAction directory traversal attempt * 1:59064 <-> SERVER-WEBAPP Trend Micro InterScan Messaging Security Suite DetailReportAction directory traversal attempt * 1:59065 <-> SERVER-WEBAPP Trend Micro Deep Discovery Email Inspector Virtual Appliance command injection attempt * 1:59066 <-> SERVER-WEBAPP Trend Micro Deep Discovery Email Inspector Virtual Appliance command injection attempt * 1:59067 <-> SERVER-WEBAPP Trend Micro Deep Discovery Email Inspector Virtual Appliance command injection attempt * 1:59068 <-> SERVER-WEBAPP Trend Micro SafeSync for Enterprise discovery_iscsi_device command injection attempt * 1:59069 <-> SERVER-WEBAPP Trend Micro SafeSync for Enterprise discovery_iscsi_device command injection attempt * 1:59070 <-> SERVER-WEBAPP Trend Micro SafeSync for Enterprise get_device_info SQL injection attempt * 1:59071 <-> SERVER-WEBAPP Trend Micro SafeSync for Enterprise license command injection attempt * 1:59072 <-> SERVER-WEBAPP D-Link Routers command injection attempt * 1:59073 <-> SERVER-WEBAPP D-Link Routers command injection attempt * 1:59074 <-> SERVER-WEBAPP D-Link Routers command injection attempt * 1:59075 <-> SERVER-WEBAPP D-Link Routers command injection attempt * 3:59076 <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2022-1466 attack attempt * 1:59077 <-> SERVER-OTHER SAP Internet Communication Manager HTTP request smuggling attempt
* 3:30902 <-> FILE-OTHER Cisco Webex WRF heap corruption attempt * 3:30903 <-> FILE-OTHER Cisco Webex WRF heap corruption attempt * 3:30932 <-> FILE-OTHER Cisco WebEx WRF heap corruption attempt * 3:38755 <-> MALWARE-CNC PlugX outbound connection attempt * 3:38756 <-> MALWARE-CNC PlugX outbound communication attempt
©2024 Cisco and/or its affiliates. Snort, the Snort and Pig logo are registered trademarks of Cisco. All rights reserved.
